Password hashing in Drizzle schema
Hi everyone,
I'm looking at ways to hash the password in the "user" table and define them in the Drizzle ORM schema defining a Vercel Postgres database. I have not been able to find documentation on the topic.
Could anyone kindly provide some guidance? Any help would be greatly appreciated.
Thanks in advance!
6 Replies
Do you want to hash the password and then insert it into the db?
or hash the password that is already in the db?
Hi @Mark. Thanks for your reply.
I would like to follow best practices. From what I can gather, the flow is: 1) you generate the salt, 2) combine it with the password, 3) hash password + salt.
I would like to get guidance on this flow using Drizzle ORM.
Again, thanks for your help!
So, in summary, Option 1, " hash the password and then insert it into the db"
Many of the nextjs projects with any sort of functional login modules have the feature built in but it boils down to:
* Get a crypto module (not crypto as in that one currency thing) but something like crypto-ts.
* Use the modules to generate hashes use the hashed password in the db.
* Use crypto's built in function to verify the password is correct upon logins.
take a look at this.
https://github.com/vercel/nextjs-postgres-auth-starter/blob/main/app/auth.ts
^ postgresql next auth example, specifically how it handles checking if the user password is correct or not.
GitHub
nextjs-postgres-auth-starter/app/auth.ts at main · vercel/nextjs-po...
Next.js + Tailwind + Typescript + Drizzle + NextAuth + PostgreSQL starter template. - vercel/nextjs-postgres-auth-starter
@Mark , Thanks a bunch. Will look into it.
Cheers!
Happy to help 👍