saltpepperpass-node
Version:
saltpepperpass-node is a Node.js package that securely hashes passwords using bcrypt with customizable salt length, pepper text, and hashing rounds. It enhances password security by salting and peppering before hashing, making it ideal for backend applica
60 lines (55 loc) • 1.75 kB
JavaScript
// src/hashing.ts
import dotenv from "dotenv";
import bcrypt from "bcrypt";
// src/salting.ts
function generateSaltingText(saltLength) {
const characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+-=[]{}|;:,.<>?";
let result = "";
const charactersLength = characters.length;
for (let i = 0; i < saltLength; i++) {
result += characters.charAt(Math.floor(Math.random() * charactersLength));
}
return result;
}
// src/hashing.ts
dotenv.config();
function generateHash(password) {
if (!process.env.PEPPER_TEXT) {
throw new Error(
"PEPPER_TEXT is not defined! Please set it in the .env file."
);
}
const saltLength = parseInt(process.env.SALTING_TEXT_LENGTH || "5", 10);
const pepperText = process.env.PEPPER_TEXT;
const hashingRounds = parseInt(process.env.HASHING_ROUNDS || "10", 10);
const salt = generateSaltingText(saltLength);
const saltedAndPepperedPassword = salt + password + pepperText;
const hash = bcrypt.hashSync(saltedAndPepperedPassword, hashingRounds);
return { hash, saltingText: salt };
}
// src/verify.ts
import dotenv2 from "dotenv";
import bcrypt2 from "bcrypt";
dotenv2.config();
function verifyHash(password, salt, hash) {
if (!process.env.PEPPER_TEXT) {
throw new Error(
"PEPPER_TEXT is not defined! Please set it in the .env file."
);
}
const pepperText = process.env.PEPPER_TEXT;
const saltedAndPepperedPassword = salt + password + pepperText;
const isVerified = bcrypt2.compareSync(saltedAndPepperedPassword, hash);
return isVerified;
}
// src/index.ts
var saltAndPepperPass = {
generateHash,
verifyHash
};
var index_default = saltAndPepperPass;
export {
index_default as default,
generateHash,
verifyHash
};