While storing user credentials for authentication in the User collection, we made sure that the original password string provided by the user is never stored directly in the database. Instead we generated a hash of the password along with a salt value using the crypto module in Node.
In user.model.js from our applications, we defined the following functions to generate the hashed password and salt value:
encryptPassword: function(password) { if (!password) return '' try { return crypto .createHmac('sha1', this.salt) .update(password) .digest('hex') } catch (err) { return '' } }, makeSalt: function() { return Math.round((new Date().valueOf() * Math.random())) + '' }
With this implementation, every time a user ...