foreword
At the beginning of the registration function, you can see the data in the database as follows:
the password is displayed directly
, but in actual operation, we need to encrypt the user's password and then store it in the database to ensure data security.
This section will introduce how to Use md5 to encrypt and store user passwords
Import the built-in module crypto
Create a new utils folder, and create a new file md5.js in it to write the encryption method.
Here we need to use a built-in module crypto, just import it directly
const crypto = require('crypto')
use crypto
const crypto = require('crypto')
var d = crypto.createHash('md5').update('123').digest('hex')
Let's talk about the meaning of the parameters:
- Use the crypto.createHash method, the content in the brackets behind represents the encryption method used, here is md5
- The following .updata represents what content is encrypted
- .digest is the algorithm selected for encryption, here use hex
The above code is to encrypt 123, we print it out to see the result: the
above ciphertext is the result of encrypting 123, md5 encryption has a characteristic: the ciphertext result after encrypting the same value is the same, so that It will lead to brute force cracking (take the ciphertext in the library to find the corresponding plaintext). There are the following solutions to this problem;
4. Add a string prefix before the encrypted value, such as:
If you don’t know the previous What is the string, it is difficult to crack the following password
const crypto = require('crypto')
var d = crypto.createHash('md5').update('by' + '123').digest('hex')
- Double-layer encryption is to encrypt the ciphertext again after obtaining the ciphertext for the first time
export method
The use of encryption is explained above, and the method is directly exported below for easy use:
const crypto = require('crypto')
module.exports = str => {
return crypto.createHash('md5')
.update('by' + str)
.digest('hex')
}
use encryption method
The above is exported, and we can use it directly.
Here I use it directly in userModel.js, first import the method, and then use the set method in password to call the md5 encryption method we encapsulated:
password: {
type: String,
required: true,
set: value => md5(value),
select:false
},
So you're done~~ Conduct a test, send a registration request, and view the database.
The user's password in the database has been encrypted: