Validating User Authentication Requests Node.js
app.get('/auth', (req, res) => { | |
let username = req.query.username || ''; | |
const password = req.query.password || ''; | |
username = username.replace(/[!@#$%^&*]/g, ''); | |
if (!username || !password || !users[username]) { | |
return res.sendStatus(400); | |
} | |
const { salt, hash } = users[username]; | |
const encryptHash = crypto.pbkdf2Sync(password, salt, 10000, 512, 'sha512'); | |
if (crypto.timingSafeEqual(hash, encryptHash)) { | |
res.sendStatus(200); | |
} else { | |
res.sendStatus(401); | |
} | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment