node.js - 如何在 Feathersjs 身份验证中创建自定义 HashPassword 函数

Question

我在feathersjs文档中注意到

hashPassword This hook is used to hash plain text passwords before they are saved to the database. It uses the bcrypt algorithm by default but can be customized by passing your own options.hash function.

如何在feeas js hook、hashPassword hook中应用这个自定义函数？

const { authenticate } = require('@feathersjs/authentication').hooks;

const {
  hashPassword, protect
} = require('@feathersjs/authentication-local').hooks;


module.exports = {
  before: {
    all: [],
    find: [ authenticate('jwt') ],
    get: [ authenticate('jwt') ],
    create: [ hashPassword() ],
    update: [ hashPassword(),  authenticate('jwt') ],
    patch: [ hashPassword(),  authenticate('jwt') ],
    remove: [ authenticate('jwt') ]
  },

  after: {
    all: [ 
      // Make sure the password field is never sent to the client
      // Always must be the last hook
      protect('password')
    ],
    find: [],
    get: [],
    create: [],
    update: [],
    patch: [],
    remove: []
  },

  error: {
    all: [],
    find: [],
    get: [],
    create: [],
    update: [],
    patch: [],
    remove: []
  }
};

有人能解答吗？

谢谢

Answer 1

这似乎不起作用，至少对于 @feathersjs/authentication-local 的当前版本 1.2.9 来说是这样。

在 verifier.js 中，您将看到:

 // stuff omitted
_comparePassword (entity, password) {

 return new Promise((resolve, reject) => {
      bcrypt.compare(password, hash, function (error, result) {
        // Handle 500 server error.
        if (error) {
          return reject(error);
        }

        if (!result) {
          debug('Password incorrect');
          return reject(false); // eslint-disable-line
        }

        debug('Password correct');
        return resolve(entity);
      });
    });
  }

因此默认验证器始终使用硬编码的 bcrypt.compare 而不是任何提供的哈希函数。

我发现的唯一解决方案是扩展验证程序并覆盖 _comparePassword。然后: app.configure(local({ Verifier: MyCustomVerifier })); 将起作用。