rsnext/examples/api-routes-apollo-server-and-client-auth/lib/user.js

import crypto from 'crypto'
import uuidv4 from 'uuid/v4'

/**
 * User methods. The example doesn't contain a DB, but for real applications you must use a
 * db here, such as MongoDB, Fauna, SQL, etc.
 */

const users = []

export async function createUser({ email, password }) {
  // Here you should create the user and save the salt and hashed password (some dbs may have
  // authentication methods that will do it for you so you don't have to worry about it):
  const salt = crypto.randomBytes(16).toString('hex')
  const hash = crypto
    .pbkdf2Sync(password, salt, 1000, 64, 'sha512')
    .toString('hex')
  const user = {
    id: uuidv4(),
    createdAt: Date.now(),
    email,
    hash,
    salt,
  }

  // This is an in memory store for users, there is no data persistence without a proper DB
  users.push(user)

  return user
}

// Here you should lookup for the user in your DB
export async function findUser({ email }) {
  // This is an in memory store for users, there is no data persistence without a proper DB
  return users.find((user) => user.email === email)
}

// Compare the password of an already fetched user (using `findUser`) and compare the
// password for a potential match
export async function validatePassword(user, inputPassword) {
  const password = crypto
    .pbkdf2Sync(user.hash, user.salt, 1000, 64, 'sha512')
    .toString('hex')
  const passwordsMatch = password === inputPassword

  return passwordsMatch
}
[Examples] Move api-routes-apollo-server-and-client-auth to SSG (#13849) Related to https://github.com/vercel/next.js/issues/11014 The authentication method has been replaced with an improved version of the passport example. 2020-06-10 05:46:11 +02:00			`import crypto from 'crypto'`
			`import uuidv4 from 'uuid/v4'`

			`/**`
			`* User methods. The example doesn't contain a DB, but for real applications you must use a`
			`* db here, such as MongoDB, Fauna, SQL, etc.`
			`*/`

			`const users = []`

			`export async function createUser({ email, password }) {`
			`// Here you should create the user and save the salt and hashed password (some dbs may have`
			`// authentication methods that will do it for you so you don't have to worry about it):`
			`const salt = crypto.randomBytes(16).toString('hex')`
			`const hash = crypto`
			`.pbkdf2Sync(password, salt, 1000, 64, 'sha512')`
			`.toString('hex')`
			`const user = {`
			`id: uuidv4(),`
			`createdAt: Date.now(),`
			`email,`
			`hash,`
			`salt,`
			`}`

			`// This is an in memory store for users, there is no data persistence without a proper DB`
			`users.push(user)`

			`return user`
			`}`

			`// Here you should lookup for the user in your DB`
			`export async function findUser({ email }) {`
			`// This is an in memory store for users, there is no data persistence without a proper DB`
			`return users.find((user) => user.email === email)`
			`}`

			// Compare the password of an already fetched user (using `findUser`) and compare the
			`// password for a potential match`
			`export async function validatePassword(user, inputPassword) {`
			`const password = crypto`
			`.pbkdf2Sync(user.hash, user.salt, 1000, 64, 'sha512')`
			`.toString('hex')`
			`const passwordsMatch = password === inputPassword`

			`return passwordsMatch`
			`}`