Hashing the password with pre saving middleware

Ari_Raouf · July 16, 2024, 5:20pm

i have this line of code,i just want to know if it’s good practice to hash the password with the pre-save middleware like code below.? i mean is there is a securty issue about this or put something in the .env file

 UserSchema.pre("save", async function (next) {
  try {
    const hashedhPassword = await bcrypt.hash(this.password, 10);
    this.password = hashedhPassword;
  } catch (err: any) {
    next(err);
  }
});

Vivekanandan_Sakthivelu · July 18, 2024, 9:39am

This looks simple and clean . You don’t need to pull your salt to env . I would prefer pulling salt from a secret store while bootstrapping application .

Aniket_Ghavte · December 28, 2024, 1:28pm

yeh not the bad approach to hashing the password in pre save just implement some check in the schema and don’t make it too simple for hashing