First, you'll need to run docker-compose to run both app and database:
docker-compose up
After it's finished, run on another terminal, the command to run the migrations:
docker-compose run app npm run migrate
And that's it for the setup.
It's better to see directly from the database, so it would be the same thing as a hacker would see. To connect to the database, you can run:
psql postgres://user:pass@localhost:35432/hashing-password-poc
After that, you can see how the passwords are being stored on the users table:
SELECT * FROM users;
And the result should be somehing like this:
id | email | password | salt | createdAt | updatedAt
----+----------------+----------+------+----------------------------+----------------------------
1 | email@mail.com | password | | 2021-03-21 19:32:00.808+00 | 2021-03-21 19:32:00.808+00
To save password and see how they are stored, you can make a request with the following body (simulating an user sing-in):
{
"email": "email@mail.com",
"password": "password"
}
The path will depend on which method of encryption you'll want to use:
POST /{plain | md5 | sha256 | salt | pepper}
A curl request, as an example, would be as this:
curl -X POST \
-d '{"email": "email@mail.com", "password": "password"}' \
--header "Content-Type: application/json" \
localhost:3000/pepper
NOTE: Remember to send the Content-Type: application/json header
Well... I'm sure some people have already talked about this: