Now, with the better understanding of some underlying encryption concepts,

let's jump back to coding using bcrypt and Mongoose.

I'll add a method to hash the password when a user registers with our site.

To do that we'll update the user schema and use a bit of Mongoose middleware.

But first we need to install the bcrypt module.

I'll open up the terminal make sure I'm in the projects root directory,

and run NPM install bcrypt dash dash save.

So, that the module is installed and

saved as a dependency in our package dot Jayson file.

Now, to update the user module, I'll switch back to my code editor and

open the user dot js file inside the models directory.

I need to require bcrypt, And, I'll do that by assigning it to a.

And I'll do that by assigning it to a variable named bcrypt.

Now, Mongoose provides something called a pre-save hook.

That's basically a function that Mongoose runs just before saving a record to Mongo.

In this case we want to hash the password

just before we store a new user record in the database.

We do this by calling the pre-method on our schema.

The method takes two arguments.

The hook name, in this case save.

That's a special Mongoose keyword.

So, before saving the record Mongoose runs a function.

And, that's the second argument passed to the pre-method, this anonymous function.

You'll notice that the function takes next as a parameter.

Middleware, which we'll talk more about in the next section of this course,

provides a way to process input as it's passed through a chain of commands.

Next, here, represents the next piece of middleware or

the next function that runs after this one.

Express takes care of figuring out which middleware runs next.

But, in this specific case after this function runs

Mongoose saves the record to Mongo.

In the pre-save hook, Mongoose assigns the database

object it's about to insert into Mongo to the JavaScript keyword, this.

In the context of this callback function, the word, this, refers to the object

we created containing the information the user entered in the sign up form.

So, the variable user here, holds the user object and it's data.

Okay, now I'll use bcrypt.

And, bcrypt, fortunately, provides a method for creating both a hash, and

a salt, in one function call.

The hash method takes three arguments.

A plaintext password, a number, and

a callback function that's run once the hash is generated.

User contains the document that Mongoose will insert into Mongo.

And, password is the property on that object

that holds the plaintext password supplied by the user.

The second argument.

The number ten here tells bcrypt how many times to apply the encryption algorithm.

The bigger the number the slower the process, but the greater the security.

We're using ten here which provides good security

without adversely affecting our servers performance.

The third argument is a callback function.

Bcrypt runs this callback after the password is hashed.

Bcrypt passes two arguments to this callback,

an error if the hashing fails, and the hash value if it succeeds.

In this example, we'll use the callback function to replace the plain text

password with the hash password.

First I'll handle any errors.

If there is an error, I'll just pass it along, and

it'll eventually get handled by our error handler in the app dot js file.

If there is no error,

we can assign the new hashed value to the password property of the user object.

In other words,

we simply overwrite the plain text password with the new secure hash.

And lastly, we call next, which calls the next function in the middleware stack.

In this case Mongoose will save the data to Mongo.

All right, let's save this file and see how it works.

If you don't already have your application running, go to your terminal or

console program and type Nodemon.

Then open your web browser, and go to local host 3000.

Click on the sign-up link, and fill it out with some information.

Click the sign-up form to submit it.

Again, we are sent to the profile route, which we haven't yet created.

We'll do that soon.

Of course, we don't know if the application correctly hashed the password

and stored it into Mongo unless we look inside the Mongo database.

I'm going to use the Mongo shell again.

So go to Terminal, or your console program.

I'm going to open a new tab and type Mongo to enter the Mongo shell.

If you're on Windows you can launch the Mongo executable.

I'll select our bookworm database, use bookworm.

I can see if there's anything in the user's collection by typing DB

dot the collection name dot and find.

Also to make sure the output looks good in the terminal I'll call the pretty method.

There's a new document with a hash password success.

At this point our application is about halfway done and

most of the time consuming work is completed.

In the next section of this course we'll add the login feature.

See you there.