Closed jheysen closed 7 years ago
You have a detailed report about the failure?
Sorry about the delay. Sadly nope, since my app was runing in Docker. We solved this by forking the library code, changing there the dependency from bcryptjs to bcrypt, transpiling and uploading to our fork, then redirecting our app's package.json to the fork for Feathers-Authentication. If you are curious, you'll see various reports of bcryptjs taking too long on production servers. In our case making the switch from bcryptjs to bcrypt speeded up login times from 2000ms to 150ms.
Crazy, I didn't think it would be that bad. We moved to bcryptJS because the authentication module installation was failing in many different environment due to the compilation step.
You should also be able to replace the hashing algorithm by passing the module reference into the configuration though:
const authConfig = Object.assign({}, app.get('auth'), {
bcrypt: require('bcrypt')
});
app.configure(authentication(authConfig));
I noticed that the hook uses bcryptjs in a hardcoded way though :p
Ah that is true. That should definitely be fixed but it is at least a little easier to add as your own hook using BCrypt than having to fork the entire library.
This is now possible and much more flexible with auth v1.x and it's corresponding auth providers.
You can now simply extend the verifier for feathers-authentication-local
(or any other auth provider) and implementing your own _comparePassword
function that uses any hashing function you would like.
You will also need to pass your own hash
function as an option to the hashPassword
hook.
I've been trying to change the bcrypt that feathers-authentication uses from bcryptjs to bcrypt due to scalability issues. I did try the method discussed on #146 declaring a bcrypt param on feathers-authentication config that matches the export of bcrypt module, i.e:
And my config.json
The application, however, crashes on startup when I do this telling that
crypto.genSalt
is not a function. I have added bcrypt library (https://www.npmjs.com/package/bcrypt) to my dependencies. What am I doing wrong? For reference, I need to do this since logging in a user using local strategy or reistering a new one takes more than 1 sec.