Basic verification
虽然对同一个密码,每次生成的hash不一样,但是hash中包含了salt(hash产生过程:先随机生成salt,salt跟password进行hash);
在下次校验时,从hash中取出salt,salt跟password进行hash;得到的结果跟保存在DB中的hash进行比对,compareSync中已经实现了这一过程:bcrypt.compareSync(password, hashFromDB);
const bcrypt = require('bcryptjs'); const password = "123"; // Step1: Generate Hash // salt is different everytime, and so is hash let salt = bcrypt.genSaltSync(10);// 10 is by default console.log(salt);//$2a$10$TnJ1bdJ3JIzGZC/jVS.v3e let hash = bcrypt.hashSync(password, salt); // salt is inclued in generated hash console.log(hash);//$2a$10$TnJ1bdJ3JIzGZC/jVS.v3eXlr3ns0hDxeRtlia0CPQfLJVaRCWJVS // Step2: Verify Password // when verify the password, get the salt from hash, and hashed again with password let saltFromHash = hash.substr(0, 29); console.log(saltFromHash);//$2a$10$TnJ1bdJ3JIzGZC/jVS.v3e let newHash = bcrypt.hashSync(password, saltFromHash); console.log(newHash);//$2a$10$TnJ1bdJ3JIzGZC/jVS.v3eXlr3ns0hDxeRtlia0CPQfLJVaRCWJVS console.log(hash === newHash); //true // back end compare console.log(bcrypt.compareSync(password, hash)); //true 加密 bcrypt.genSalt(10, function(err, salt) { bcrypt.hash(newUser.password, salt, function(err, hash) { if (err) throw err; newUser.password = hash console.log(newUser) newUser.save().then(user => { res.json(user) }) }); }); 传入的数据与加密的数据比对是否一致 bcrypt.compare(obj.oldpwd, docs.password, function(err, res) { console.log(obj.oldpwd) console.log(res) });
npm 地址:https://www.npmjs.com/package/bcryptjs
发表评论
侧栏公告
寄语
譬如朝露博客是一个分享前端知识的网站,联系方式11523518。
热评文章
标签列表
热门文章
友情链接