How to store password securely in your local/custom database in Node.js ?
The custom database signifies the local database in your file system. There are two types of database ‘SQL’ and ‘NoSQL’. In SQL database data are stored as table manner and in Nosql database data are stored independently with some particular way to identify each record independently. We can also create our own database or datastore locally in Nosql manner.
There are some steps involve in creating the local database and add records to it. These steps are as follows:
- Create package.json file in root of project directory using the following command:
npm init -y
- Install express and body-parser package using the following command
npm install express body-parser
- Create a GET route to show the form(HTML form to submit the information to the database).
- Create the subsequent post route to handle the form submission request.
- Set the server to run on a specific port(Developer’s port – 3000).
- Create a repository file and add all the logic related to creating database.
- Hashed and Salt raw password.
- Store the record along with encrypted password into the local database.
Example: This example illustrates how to store password securely (Hashed+Salt) in the local database.
Filename: index.js
const express = require( 'express' ) const bodyParser = require( 'body-parser' ) const repo = require( './repository' ) const app = express() const port = process.env.PORT || 3000 // The body-parser middleware to parse form data app.use(bodyParser.urlencoded({ extended: true })) // Get route to display HTML form app.get( '/signup' , (req, res) => { res.send(` <div> <form method= 'POST' > <div> <div> <label id= 'email' >Username</label> </div> <input type= 'text' name= 'email' placeholder= 'Email' for = 'email' > </div> <div> <div> <label id= 'password' >Password</label> </div> <input type= 'password' name= 'password' placeholder= 'Password' for = 'password' > </div> <div> <button>Sign Up</button> </div> </form> </div> `) }) // Post route to handle form submission logic // and Add data to the database app.post( '/signup' , async (req, res) => { const { email, password } = req.body const addedRecord = await repo.create({ email, password }) console.log(addedRecord) res.send( "Information added to the " + "database successfully." ) }) // Server setup app.listen(port, () => { console.log(`Server start on port ${port}`) }) |
Filename: repository.js This file contains all the logic to add new record with secure password to the database.
// Importing node.js file system, // util, crypto module const fs = require( 'fs' ) const util = require( 'util' ) const crypto = require( 'crypto' ) // Convert callback based scrypt method // to promise based method const scrypt = util.promisify(crypto.scrypt) class Repository { constructor(filename) { // The filename where datas are // going to store if (!filename) { throw new Error( 'Filename is required to create a datastore!' ) } this .filename = filename try { fs.accessSync( this .filename) } catch (err) { // If file not exist it is created // with empty array fs.writeFileSync( this .filename, '[]' ) } } // Method to fetch all records async getAllRecords() { return JSON.parse( await fs.promises.readFile( this .filename, { encoding: 'utf8' }) ) } async create(attrs) { const records = await this .getAllRecords() const { email, password } = attrs // SALT const salt = crypto.randomBytes(8).toString( 'hex' ) // HASHED buffer const hashedBuff = await scrypt(password, salt, 64) // HASHED and SALTED password const hashedSaltPassword = `${hashedBuff.toString( 'hex' )}.${salt}` // Create new record with hashed and // salted password instead of raw password const record = { ...attrs, password: hashedSaltPassword } records.push(record) // Write all records to the database await fs.promises.writeFile( this .filename, JSON.stringify(records, null , 2) ) return record } } module.exports = new Repository( 'datastore.json' ) |
Filename: Package.json file
Form to submit the responses
Note: Here two responses are submitted one after other and all the responses are stored in datastore.json file.
Redirected page after submitting the request
Run index.js file using the following command:
node index.js
Output:
Database:
Note: For the first time running the program database(datastore.json) file not exist in the project directory, it created dynamically after running the program and store the submitted response. After that, all the submitted responses are appended in the database one by one.