jsTest

var bcrypt = require('bcrypt');

// represents hash on server
var hashInDb;

// Client
bcrypt.hash('bacon' + 'appsalt', 10, function (err, hash) {
  console.log("bacon with appsalt: " + hash);

  // --> Send Hash to REST

  // Server
  bcrypt.hash(hashInDb + 'usersalt', 10, function (err, hash) {
    hashInDb = hash;
    login();
  });

});

// Client
var login = function () {

  console.log("in DB:" + hashInDb);

  bcrypt.compare('bacon' + 'appsalt', hashInDb, function (err, res) {
    console.log("result: " + res);
  });
}

No warranty for correctness and security :)

// represents hash on server
var hashInDb;
var userPw = 'bacon';

// Client - Executed when password is changed
bcrypt.hash(userPw + 'appsalt', 10, function (err, hash) {
  storeHashOnServer(hash)
});

// Server
var storeHashOnServer = function(hash){
  bcrypt.hash(hash + "salt", 10, function(err, hash) {
    hashInDb = hash;

    login(hash);

  })
};

// Client
var login = function (hashFromClient) {
  bcrypt.hash(hashFromClient, 10, function(err, hash) {
    bcrypt.compare(hashInDb, hash, function (err, res) {
      console.log("result: " + res);
    })
  });
};