创建模型对象时如何在 Prisma ORM 中正确且优雅地散列密码?
我的
prisma/schema.prismagenerator client {
provider = "prisma-client-js"
}
datasource db {
provider = "mysql"
url = env("DATABASE_URL")
}
model User {
id Int @id @default(autoincrement())
name String @db.VarChar(100)
username String @db.VarChar(100) @unique
password String @db.Char(60) //<-I want this field to be hashed when created
email String @db.VarChar(100) @unique
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
@@map("users")
}
哈希和加密不一样。但是,您可能希望对密码进行哈希处理,以便可以将用户密码安全地存储在数据库中。
为此,您必须从 js 代码中对其进行哈希处理,然后必须将哈希值作为字符串发送,并且
password您的
prisma/schema.prismagenerator client {
provider = "prisma-client-js"
}
datasource db {
provider = "mysql"
url = env("DATABASE_URL")
}
model User {
id Int @id @default(autoincrement())
name String @db.VarChar(100)
username String @db.VarChar(100) @unique
password String // <- no password character limit
email String @db.VarChar(100) @unique
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
@@map("users")
}
从您的 JavaScript 代码中哈希密码您的密码。您可以使用Bcrypt。
下面给出了一个普通 Nodejs 的示例。
const bcrypt = require('bcrypt');
const {PrismaClient} = require('@prisma/client');
const prisma = new PrismaClient();
const saltRounds = 10;
const passwordToHash = 'my_password_123';
// you can use password character limit here at the time of getting the data from user
// Hash password with bcrypt and save to db
bcrypt.hash(passwordToHash, saltRounds, function(_err, hash) {
// check error here
// Then save password in DB with prisma
(async(){
prisma.user.create({
data: {
//... (give all other user data here)
password: hash
}
})
})().catch( (prismaError) => {console.log(prismaError)} )
});
要检查用户是否有效,可以使用
bcrypt.compareasync function checkUser(username, password) {
const user = await prisma.user.findUnique({
where: {
username
}
})
const match = await bcrypt.compare(password, user.password);
if(match) {
//login
}
//...
}