08 博客项目安全 🔐

weikee94 / blog-api

Node.js 从零开发web server博客项目

0 stars 0 forks source link

08 博客项目安全 🔐 #5

Open weikee94 opened 4 years ago

weikee94 commented 4 years ago

通过escape 可以prevent sql 注入

const { exec, escape } = require("../db/mysql");

const login = (username, password) => {
  username = escape(username);
  password = escape(password);
  const sql = `select username, realname from users where username=${username} and password=${password}`;

  return exec(sql).then((rows) => {
    return rows[0] || {};
  });
};

module.exports = { login };

weikee94 commented 4 years ago

密码加匙 demo

const crypto = require("crypto");

// secret key
const SECRET_KEY = "Wjisla_12!";

// md5 加密
function md5(content) {
  let md5 = crypto.createHash("md5");
  return md5.update(content).digest("hex");
}

// 加密函数
function genPassword(password) {
  const str = `password=${password}&key=${SECRET_KEY}`;
  return md5(str);
}

module.exports = {
  genPassword,
};