This plugin automatically adds automatic password hashing to your Objection.js models. This makes it super-easy to secure passwords and other sensitive data.
Under the hood, the plugin uses bcrypt for hashing.
npm i objection-password
yarn add objection-password
| Node Version | Plugin Version |
|---|---|
| < 12 | 2.x |
| >= 12 | >= 3.x |
If you're using Node 12 or greater, use version 3.x of the plugin as it contains bcrypt 5.x, which contains important security updates but is only compatible with Node 12+. It's also tested against Objection 2.x.
// import the plugin const Password = require('objection-password')(); const Model = require('objection').Model; // mixin the plugin class Person extends Password(Model) { static get tableName() { return 'person'; } } const person = await Person.query().insert({ email: 'matt@damon.com', password: 'q1w2e3r4' }); console.log(person.password); // $2a$12$sWSdI13BJ5ipPca/f8KTF.k4eFKsUtobfWdTBoQdj9g9I8JfLmZty// the password to verify const password = 'q1w2e3r4'; // fetch the person by email const person = await Person.query().first().where({ email: 'matt@damon.com'}); // verify the password is correct const passwordValid = await person.verifyPassword(password);There are a few options you can pass to customize the way the plugin works.
These options can be added when instantiating the plugin. For example:
// import the plugin const Password = require('objection-password')({ passwordField: 'hash' });Allows an empty password to be set.
Allows you to override the name of the field to be hashed.
The number of bcrypt rounds to use when hashing the data.