Open In App

How to store password securely in your local/custom database in Node.js ?

Last Updated : 22 Jul, 2020
Comments
Improve
Suggest changes
Like Article
Like
Report

The custom database signifies the local database in your file system. There are two types of database 'SQL' and 'NoSQL'. In SQL database data are stored as table manner and in Nosql database data are stored independently with some particular way to identify each record independently. We can also create our own database or datastore locally in Nosql manner. There are some steps involve in creating the local database and add records to it. These steps are as follows:

  • Create package.json file in root of project directory using the following command: 
    npm init -y
  • Install express and body-parser package using the following command 
    npm install express body-parser
  • Create a GET route to show the form(HTML form to submit the information to the database).
  • Create the subsequent post route to handle the form submission request.
  • Set the server to run on a specific port(Developer's port - 3000).
  • Create a repository file and add all the logic related to creating database.
  • Hashed and Salt raw password.
  • Store the record along with encrypted password into the local database.
Example: This example illustrates how to store password securely (Hashed+Salt) in the local database. Filename: index.js javascript 
const express = require('express')
const bodyParser = require('body-parser')
const repo = require('./repository')

const app = express()

const port = process.env.PORT || 3000

// The body-parser middleware to parse form data
app.use(bodyParser.urlencoded({ extended: true }))

// Get route to display HTML form
app.get('/signup', (req, res) => {
    res.send(`
    <div>
      <form method='POST'>
        <div>
          <div>
            <label id='email'>Username</label>
          </div>
          <input type='text' name='email' 
            placeholder='Email' for='email'>
        </div>
        <div>
          <div>
            <label id='password'>Password</label>
          </div>
          <input type='password' name='password'
          placeholder='Password' for='password'>
        </div>
        <div>
          <button>Sign Up</button>
        </div>
      </form>
    </div>
  `)
})

// Post route to handle form submission logic
// and Add data to the database
app.post('/signup', async (req, res) => {
    const { email, password } = req.body

    const addedRecord = await 
        repo.create({ email, password })

    console.log(addedRecord)

    res.send("Information added to the "
            + "database successfully.")
})

// Server setup
app.listen(port, () => {
    console.log(`Server start on port ${port}`)
})
Filename: repository.js This file contains all the logic to add new record with secure password to the database. javascript 
// Importing node.js file system, 
// util, crypto module 
const fs = require('fs')
const util = require('util')
const crypto = require('crypto')

// Convert callback based scrypt method
// to promise based method
const scrypt = util.promisify(crypto.scrypt)

class Repository {

    constructor(filename) {

        // The filename where datas are
        // going to store
        if (!filename) {
            throw new Error(
'Filename is required to create a datastore!')
        }

        this.filename = filename

        try {
            fs.accessSync(this.filename)
        } catch (err) {

            // If file not exist it is created
            // with empty array
            fs.writeFileSync(this.filename, '[]')
        }
    }

    // Method to fetch all records
    async getAllRecords() {
        return JSON.parse(
            await fs.promises.readFile(this.filename, {
                encoding: 'utf8'
            })
        )
    }

    async create(attrs) {
        const records = await this.getAllRecords()
        const { email, password } = attrs

        // SALT
        const salt = crypto.randomBytes(8).toString('hex')

        // HASHED buffer
        const hashedBuff = await scrypt(password, salt, 64)

        // HASHED and SALTED password
        const hashedSaltPassword = 
            `${hashedBuff.toString('hex')}.${salt}`

        // Create new record with hashed and 
        // salted password instead of raw password
        const record = {
            ...attrs,
            password: hashedSaltPassword
        }

        records.push(record)

        // Write all records to the database
        await fs.promises.writeFile(
            this.filename,
            JSON.stringify(records, null, 2)
        )

        return record
    }
}

module.exports = new Repository('datastore.json')
Filename: Package.json file
package.json

Form to submit the responses  

Note: Here two responses are submitted one after other and all the responses are stored in datastore.json file.

Redirected page after submitting the request

Redirected page after submitting the form
Run index.js file using the following command: 
node index.js

Output:

Output
Database:
Database
Note: For the first time running the program database(datastore.json) file not exist in the project directory, it created dynamically after running the program and store the submitted response. After that, all the submitted responses are appended in the database one by one.

Next Article
How to store password securely in your local/custom database in Node.js ?
author
hunter__js
Improve
Article Tags :

Similar Reads

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox