Files

Oliver Eyton-Williams ee1e8abd87 feat(curriculum): restore seed + solution to Chinese (#40683 )

* feat(tools): add seed/solution restore script

* chore(curriculum): remove empty sections' markers

* chore(curriculum): add seed + solution to Chinese

* chore: remove old formatter

* fix: update getChallenges

parse translated challenges separately, without reference to the source

* chore(curriculum): add dashedName to English

* chore(curriculum): add dashedName to Chinese

* refactor: remove unused challenge property 'name'

* fix: relax dashedName requirement

* fix: stray tag

Remove stray `pre` tag from challenge file.

Signed-off-by: nhcarrigan <nhcarrigan@gmail.com>

Co-authored-by: nhcarrigan <nhcarrigan@gmail.com>

2021-01-12 19:31:00 -07:00

2.7 KiB

Raw Blame History

id, title, challengeType, forumTopicId, dashedName

id	title	challengeType	forumTopicId	dashedName
58a25c98f9fc0f352b528e7f	哈希密码	2	301553	hashing-your-passwords

--description--

回过头来看信息安全，你也许记得在数据库中存储明文密码是绝对禁止的。现在，我们需要引入 BCrypt 来解决这个问题。

添加 BCrypt 作为依赖，并通过require添加到服务器代码中。你需要在两个步骤中使用哈希运算：注册和保存新账户，以及登录时检查密码是否正确。

目前处理注册的路由中，我们是这样把密码添加到数据库的：password: req.body.password。我们可以通过这段代码创建哈希值：var hash = bcrypt.hashSync(req.body.password, 12);，然后就可以把passsword: req.body.password替换为password: hash。

最后，在验证逻辑中，我们已经有这样一段代码执行检查：if (password !== user.password) { return done(null, false); }。但我们现在存储的密码user.password已经是哈希值了。由于目前的检测机制是密码不匹配时就返回未认证，因此修改后，用于比对用户密码哈希值的代码应该是这样：

if (!bcrypt.compareSync(password, user.password)) { 
  return done(null, false);
}

当你需要存储密码时，这样做可以有效地提升网站的安全性。

完成上述要求后，你可以在下方提交你的页面链接。如果你遇到了问题，可以参考这里的答案。

--hints--

应存在 BCrypt 依赖。

(getUserInput) =>
  $.get(getUserInput('url') + '/_api/package.json').then(
    (data) => {
      var packJson = JSON.parse(data);
      assert.property(
        packJson.dependencies,
        'bcrypt',
        'Your project should list "bcrypt" as a dependency'
      );
    },
    (xhr) => {
      throw new Error(xhr.statusText);
    }
  );

BCrypt 应正确地引入和调用。

(getUserInput) =>
  $.get(getUserInput('url') + '/_api/server.js').then(
    (data) => {
      assert.match(
        data,
        /require.*("|')bcrypt\1/gi,
        'You should have required bcrypt'
      );
      assert.match(
        data,
        /bcrypt.hashSync/gi,
        'You should use hash the password in the registration'
      );
      assert.match(
        data,
        /bcrypt.compareSync/gi,
        'You should compare the password to the hash in your strategy'
      );
    },
    (xhr) => {
      throw new Error(xhr.statusText);
    }
  );

--solutions--

/**
  Backend challenges don't need solutions, 
  because they would need to be tested against a full working project. 
  Please check our contributing guidelines to learn more.
*/

2.7 KiB Raw Blame History

--description--

--hints--

--solutions--

2.7 KiB

Raw Blame History