Validating User Authentication Requests Node.js
| app.get('/auth', (req, res) => { | |
| let username = req.query.username || ''; | |
| const password = req.query.password || ''; | |
| username = username.replace(/[!@#$%^&*]/g, ''); | |
| if (!username || !password || !users[username]) { | |
| return res.sendStatus(400); | |
| } | |
| const { salt, hash } = users[username]; | |
| const encryptHash = crypto.pbkdf2Sync(password, salt, 10000, 512, 'sha512'); | |
| if (crypto.timingSafeEqual(hash, encryptHash)) { | |
| res.sendStatus(200); | |
| } else { | |
| res.sendStatus(401); | |
| } | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment