➕ Password field hashed on entry to db #52

dwyl · Sep 29, 2016 · 89a4a71 · 89a4a71
1 parent 229f31a
commit 89a4a71
Show file tree

Hide file tree

Showing 6 changed files with 84 additions and 36 deletions.
diff --git a/lib/create_table_map.js b/lib/create_table_map.js
@@ -4,8 +4,13 @@ var mapObj = {
   number: function (opts) {
     return opts.integer ? 'BIGINT' : 'DOUBLE PRECISION';
   },
-  string: function (opts) {
+  string: function (opts, name) {
     var length = opts.max || 80;
+    var willBeHashed = name === 'password';
+
+    if (willBeHashed) {
+      length = 60; // http://stackoverflow.com/questions/5881169/what-column-type-length-should-i-use-for-storing-a-bcrypt-hashed-password-in-a-d
+    }
 
     return 'VARCHAR(' + length + ')';
   },
@@ -20,7 +25,7 @@ var mapObj = {
 function mapper (name, type, options) {
   var opts = options || {};
 
-  return name + ' ' + mapObj[type](opts);
+  return name + ' ' + mapObj[type](opts, name);
 }
 
 module.exports = mapper;

diff --git a/lib/db.js b/lib/db.js
@@ -1,15 +1,46 @@
 'use strict';
 
+var bcrypt = require('bcrypt');
+
 var sqlGen = require('./sql_gen.js');
 var configValidator = require('./config_validator.js');
+var utils = require('./utils.js');
+
+var methods = {
+  init: function (client, config, _, cb) {
+    configValidator(config);
+
+    return client.query(sqlGen.init(config), cb);
+  },
+  insert: function (client, config, options, cb) {
+    var passwordValue = options.fields.password;
+    var saltNumber = config.salt_number || 10;
+    var tableName = config.table_name;
+    var makeQuery = function (opts) {
+      var args = sqlGen.insert(tableName, opts).concat([cb]);
+
+      return client.query.apply(client, args);
+    };
+
+    if (typeof passwordValue === 'undefined') {
+      return makeQuery(options);
+    }
+
+    return bcrypt.hash(passwordValue, saltNumber, function (err, hash) {
+      var optionsCopy = utils.shallowCopy(options);
 
-var methods = { init: function (client, config, _, cb) {
-  configValidator(config);
+      if (err) {
+        return cb(err);
+      }
+      optionsCopy.fields = utils.shallowCopy(optionsCopy.fields);
+      optionsCopy.fields.password = hash;
 
-  return client.query(sqlGen.init(config), cb);
-} };
+      return makeQuery(optionsCopy);
+    });
+  }
+};
 
-['select', 'update', 'delete', 'insert'].forEach(function (method) {
+['select', 'update', 'delete'].forEach(function (method) {
   methods[method] = function (client, config, options, cb) {
     var tableName = config.table_name;
     var args = sqlGen[method](tableName, options).concat([cb]);

diff --git a/package.json b/package.json
@@ -35,6 +35,7 @@
     "coverage"
   ],
   "dependencies": {
+    "bcrypt": "^0.8.7",
     "env2": "^2.1.1",
     "hoek": "^4.1.0",
     "joi": "^9.0.4",

diff --git a/test/db.test.js b/test/db.test.js
@@ -1,6 +1,7 @@
 'use strict';
 
 var test = require('tape');
+var bcrypt = require('bcrypt');
 
 var client = require('./test_pg_client.js');
 var db = require('../lib/db.js');
@@ -9,7 +10,8 @@ var schema = require('./example_schema.js');
 var testInsert = {
   email: '[email protected]',
   dob: '2001-09-27',
-  username: 'test'
+  username: 'test',
+  password: 'hash me'
 };
 
 test('init test client', function (t) {
@@ -39,33 +41,36 @@ test('db.init', function (t) {
 
 
 test('db.insert & default select w custom where', function (t) {
-  db.insert(client, schema, { fields: testInsert })
-    .then(function () {
-      return db.select(client, schema, { where: { dob: '2001-09-27' } });
-    })
-    .then(function (res) {
-      t.equal(
-        res.rows[0].email,
-        testInsert.email,
-        'email correct'
-      );
-      t.equal(
-        res.rows[0].username,
-        testInsert.username,
-        'username correct'
-      );
-      t.equal(
-        res.rows[0].dob.toLocaleDateString('GMT'),
-        new Date(testInsert.dob).toLocaleDateString('GMT'),
-        'get same date back, though now a date object'
-      );
-      t.end();
-    })
-    .catch(function (err) {
-      t.fail(err);
-      t.end();
-    })
-  ;
+  db.insert(client, schema, { fields: testInsert }, function () {
+    return db.select(client, schema, { where: { dob: '2001-09-27' } })
+      .then(function (res) {
+        t.equal(
+          res.rows[0].email,
+          testInsert.email,
+          'email correct'
+        );
+        t.equal(
+          res.rows[0].username,
+          testInsert.username,
+          'username correct'
+        );
+        t.ok(
+          bcrypt.compareSync(testInsert.password, res.rows[0].password),
+          'password hashed correctly'
+        );
+        t.equal(
+          res.rows[0].dob.toLocaleDateString('GMT'),
+          new Date(testInsert.dob).toLocaleDateString('GMT'),
+          'get same date back, though now a date object'
+        );
+        t.end();
+      })
+      .catch(function (err) {
+        t.fail(err);
+        t.end();
+      })
+    ;
+  });
 });
 
 test('db.update w where & custom select w default where', function (t) {

diff --git a/test/example_schema.js b/test/example_schema.js
@@ -12,6 +12,11 @@ module.exports = {
       min: 3,
       max: 20
     },
+    password: {
+      type: 'string',
+      min: 5,
+      max: 20
+    },
     dob: { type: 'date' }
   }
 };
diff --git a/test/sql_gen.test.js b/test/sql_gen.test.js
@@ -20,9 +20,10 @@ tape('::init - generate SQL to create a table if none exists', function (t) {
     'CREATE TABLE IF NOT EXISTS "user_data" ('
     + 'email VARCHAR(80), '
     + 'username VARCHAR(20), '
+    + 'password VARCHAR(60), '
     + 'dob DATE'
     + ')',
-    'Create table query generation from config object'
+    'Create table query generation from config object, pw length overwritten'
   );
   t.end();
 });