node-express-boilerplate
node-express-boilerplate copied to clipboard
Why doesnt the userModel contain the salt?
The user.fixture.js file includes a salt for the admin but it doesnt seem to be stored anywhere. Why not add the salt to the user model? It's solely for preventing rainbow table attacks, no issue in storing it right next to the password.
Any reason for this?
Using bcrypt
the salt is stored as part of the hashed password.
/**
* Check if password matches the user's password
* @param {string} password
* @returns {Promise<boolean>}
*/
userSchema.methods.isPasswordMatch = async function (password) {
const user = this;
return bcrypt.compare(password, user.password);
};
userSchema.pre('save', async function (next) {
const user = this;
if (user.isModified('password')) {
user.password = await bcrypt.hash(user.password, 8);
}
next();
});