i'm creating back-end in nodejs register user hashed password save in our database. i'm using bcrypt hash password , bcrypt's comparesync when user want sign in created password.
i don't see point using passport local-strategy case since thing i'm doing in local middleware use bcrypt's comparesync see if passwords same or not, can in own middleware , write middleware include stuff want.
the passport middleware-code i'm using right is:
passport.use(new passportlocal(function (username, password, done) { r.table('user').filter({username: username}).limit(1).run() .then(function (doc) { if (doc._data && doc._data.length === 1) { var data = doc._data[0][0]; if (data.password) { if (bcrypt.comparesync(password, data.password)) { done(null, data); } else { done(null, false, {message: 'invalid username or password'}) } } else { done(null, false, {message: 'the user not exist'}); } } else { done(null, false, {message: 'invalid username or password'}) } }) .catch(function (err) { console.error(2222, err); done(err); }); })); so question if i'm missing out on security stuff passport instead of creating own middleware checks password bcrypt?
simply put passport.js makes easy integrate 3rd party logins. should use if there chance may want add 1 of these services in future.
if don't plan use 3rd party login services there may still benefit of familiarizing library has become industry standard authentication, far node.js concerned.
that said there no reason can't provide equivalent services own custom authentication script.
Comments
Post a Comment