This plugin automatically adds automatic password hashing to your Objection.js models. This makes it super-easy to secure passwords and other sensitive data.
Under the hood, the plugin uses bcrypt for hashing.
npm i objection-password
yarn add objection-password
Node Version | Plugin Version |
---|---|
< 12 | 2.x |
>= 12 | >= 3.x |
If you're using Node 12 or greater, use version 3.x
of the plugin as it contains bcrypt 5.x
, which contains important security updates but is only compatible with Node 12+. It's also tested against Objection 2.x.
// import the plugin
const Password = require('objection-password')();
const Model = require('objection').Model;
// mixin the plugin
class Person extends Password(Model) {
static get tableName() {
return 'person';
}
}
const person = await Person.query().insert({
email: '[email protected]',
password: 'q1w2e3r4'
});
console.log(person.password);
// $2a$12$sWSdI13BJ5ipPca/f8KTF.k4eFKsUtobfWdTBoQdj9g9I8JfLmZty
// the password to verify
const password = 'q1w2e3r4';
// fetch the person by email
const person =
await Person.query().first().where({ email: '[email protected]'});
// verify the password is correct
const passwordValid = await person.verifyPassword(password);
There are a few options you can pass to customize the way the plugin works.
These options can be added when instantiating the plugin. For example:
// import the plugin
const Password = require('objection-password')({
passwordField: 'hash'
});
Allows an empty password to be set.
Allows you to override the name of the field to be hashed.
The number of bcrypt rounds to use when hashing the data.