This plugin automatically adds automatic password hashing to your Objection.js models. This makes it super-easy to secure passwords and other sensitive data.
Under the hood, the plugin uses bcrypt for hashing.
npm i objection-password
yarn add objection-password
| Node Version | Plugin Version |
|---|---|
| < 12 | 2.x |
| >= 12 | >= 3.x |
If you're using Node 12 or greater, use version 3.x of the plugin as it contains bcrypt 5.x, which contains important security updates but is only compatible with Node 12+. It's also tested against Objection 2.x.
// import the plugin
const Password = require('objection-password')();
const Model = require('objection').Model;
// mixin the plugin
class Person extends Password(Model) {
static get tableName() {
return 'person';
}
}
const person = await Person.query().insert({
email: 'matt@damon.com',
password: 'q1w2e3r4'
});
console.log(person.password);
// $2a$12$sWSdI13BJ5ipPca/f8KTF.k4eFKsUtobfWdTBoQdj9g9I8JfLmZty// the password to verify
const password = 'q1w2e3r4';
// fetch the person by email
const person =
await Person.query().first().where({ email: 'matt@damon.com'});
// verify the password is correct
const passwordValid = await person.verifyPassword(password);There are a few options you can pass to customize the way the plugin works.
These options can be added when instantiating the plugin. For example:
// import the plugin
const Password = require('objection-password')({
passwordField: 'hash'
});Allows an empty password to be set.
Allows you to override the name of the field to be hashed.
The number of bcrypt rounds to use when hashing the data.