Saltar navegación

Activa JavaScript para disfrutar de los vídeos de la Mediateca.

Back end vs Front end - Vídeo 10 - Contenido educativo

Ajuste de pantalla

El ajuste de pantalla se aprecia al ver el vídeo en pantalla completa. Elige la presentación que más te guste:

Subido el 11 de julio de 2024 por Mario S.

57 visualizaciones

Utilizando el módulo bcryptjs para encriptar la password que recibimos desde el Front. Enviamos un JSON a nuestro Front con los campos que nosotros queremos.

Más información Transcripción

Descargar la transcripción

well in this video we are going to continue with the json that with the document that we are 00:00:01
saving in our mongo database in the collection 00:00:12
we have already passed the fields that we had configured in our scheme that 00:00:20
then we had converted it to a model through mongoose we want to pass the username the 00:00:27
username the email the password well and everything worked for us well it registered everything well 00:00:34
then it showed us the json it is worth it we sent the json to the from and everything is 00:00:41
working well so far it is worth from the front we received from the client we also received the 00:00:54
json without problem remembering that we have to use the express point json so that it recognizes us 00:01:02
is that data format that we use the network to send from the server from the backend to the 00:01:09
the client to the front and the network is what we receive on the server from the client from the 00:01:18
front is worth a little as a recap of what we have seen so far well now what I want is to 00:01:26
encrypt the password, that is, we cannot have a password that we are also sending it by 00:01:34
the json again to the front is worth then this video I am going to do it in two videos one is going to be 00:01:42
create the password with b crip js a node module with that what we are going to do is encrypt it 00:01:50
and with jason web token what we are going to do is create a touch that we are going to send it to the front and 00:02:02
the front every time he wants to do an operation, he is going to send that touch to the backend to the server and 00:02:11
in that way we are going to know that that client has logged in and it exists, it is worth it, it does not 00:02:22
want to deceive us, it is good, the first video is how I do to encrypt it then to encrypt 00:02:31
the password then what I tell you is worth it, we are going to work with 00:02:39
with vip and crip js then what is the first thing I am going to do because as always we are going to 00:02:48
a instalar a través de npm del nou como es del nou package manager vale vamos a enviar o vamos a 00:02:56
load the module with the id bcryptjs, okay, it's already there and now we start working on this module, as 00:03:22
always, which is the first thing we do, because in this case, as we are receiving the password 00:03:40
that the user is writing from the from, we are receiving it in controller, in this case 00:03:46
in the register arrow function, which is the one that we are developing right now, we had 00:03:52
the fields on which we are going to work, which are the ones that they send us from the from, we used the 00:04:00
try catch to control the errors, we used the wait, so we also put the function as 00:04:08
asynchronous ok and from here the first thing I do is import 00:04:14
import and here we are going to put the clip 00:04:20
import of crime 00:04:30
let's see it's weird that I'm not filling it by the clip we're going to put these other people like this 00:04:37
and we're going to put the back here, there you are, okay, the first thing we do is import it, well 00:04:59
as always the technical documentation is valid from npm with the bike rips js then if you open it 00:05:08
you will find this ok here you have everything you see how important it is first that the installation of 00:05:20
by clip js that what we have done matters in this way with the require the over the variable 00:05:31
by clip the by clip js is good we have here to remember all the information that at a given moment 00:05:41
we may need ok we return to the visual studio code 00:05:49
and we are going to continue working, so what am I going to do once I have the 00:05:53
username variable, the email and the password, because the first thing I am going to do will be to take this 00:06:05
password, this is the value that is in this variable that we have received from the from and 00:06:11
encrypt it is worth then to do that within the tricat it is worth or if there is an error we are going to put 00:06:17
by click and this has a function that is hash 00:06:35
ok and we are going to pass the chain of that we want to encode that we want to encrypt in this 00:06:42
case it is the password so the first value that we pass will be password the password variable 00:06:57
and the second or it says salt number is the number of times we want it to be processed 00:07:03
that encryption, that is, an encryption that I put here a very small number 00:07:10
because the encryption is weak if you put a very large number the encryption is stronger 00:07:20
but it takes longer to do so, it is usually put a 10 an 8 is good with this 00:07:27
I would already have my password encrypted, okay, we are going to print it by console and so we see how it is 00:07:40
staying then we are going to take I am going to create a variable I am going to call it 00:07:50
use no password has to be called so or as you want and here we are going to tell the console to see it 00:07:58
it is worth it we pass the password hash point your stream here it is your stream 00:08:17
ok then this is for me to teach it by the terminal to see if it is not encrypted well or not 00:08:30
ok when we take and do this task of yours is to do it in a synchronous way especially 00:08:36
if we put a very high value as salt, then here you already know that to do it, 00:08:45
tell it to execute it in the background to white, okay, okay, and here it has written me to wait 00:08:55
like this, then we are going to try this only done then encrypt it and show it to me 00:09:06
by terminal so I'm going to come here I'm going to put jacinto 2 and jacinto 2 ok and I launch it 00:09:18
we are going to first start all our backend, okay, we already have it, we also have the databases 00:09:30
of the express and the mongo, it is worth and now if now I launch it we have all the fields that 00:09:44
I no longer visualized from the previous video and down here if you see we have that password that is 00:09:52
1 2 3 4 encoded ok it would be this string ok well then now what we have to do is 00:10:00
this string is the one we want to save in the database then we are going to that string and we are 00:10:10
going to save it or we are going to assign it to the new user before making the safe ok before the new user 00:10:18
point 6 of course it is then to assign that value this I am going to leave it commented ok we already see 00:10:28
that it does not work well so I am going to leave it commented and now here I am going to pass the 00:10:37
password field just the password hash ok we are going to pass the password hash in this way when I 00:10:41
do the new user point 6 the one that is going to save me is not the password that I have received it is the 00:10:52
encryption that we have done in this line ok then let's see it again to see it 00:10:58
I'm going to come I'm going to delete this last record that I've put in and I'll launch this one again 00:11:09
we give it to send you see and then now the password that is saving us in our database 00:11:22
is this one, it is worth if we come to mongo db to remember that this is an extension that we put the other 00:11:31
day that we could go to mongo express that we are going to go now I am also going to open it and we are going 00:11:40
3 from here we can see from mongo db we can see that he has saved the document with the encrypted password 00:11:45
is worth in addition to all the fields that we had already told him we already have to do all and if we come to 00:12:17
the mongo express and we have here it is worth jacinto 2 and here we would have that 00:12:24
that password encoded ok this is information because we have it 00:12:41
saved in our database I am going to delete it to use it here now it is a information that we 00:12:49
have in our backend but that we do not want the client to have it at all, the client is worth 00:13:03
if the from then instead of printing all the users 6 with all the fields what we are going to 00:13:17
do is only view some fields it is worth only sending a json with some of the 00:13:27
fields value key then we are going to put the red dot json here and I am going to tell him well what 00:13:34
fields I want you to send me because I want you to send me, for example, the pide 00:13:42
of this register of this user that we are doing well and that we are going to use to take that 00:13:52
value or the user safe or the new user, be careful because there is good, for example, if I was 00:13:59
taking the username it would be worth any of the two is worth in this case it is clear we take the 00:14:09
user 6 which is the values ​​that we have put in the database and they are the ones that we want the 00:14:15
client to also have in the front then here we pass the user 6 point and here we 00:14:22
appears the field that we are looking for that another field we can want because the user name 00:14:31
is worth then 6 point and another more because the email email 00:14:41
and use 6 points 00:14:51
and with these fields because in theory in our client our from would have more ok then 00:15:00
we are going to try it now we are sending it through the network so we are not doing a 00:15:10
console.log will not show them to us in the body, it will not show them to us here, it is worth and not here 00:15:16
then we have to do all we have the information when we send you see it puts us the id it puts us 00:15:26
jacinto 2 and shows us it sends us to the front the email is worth and as here we have deactivated it or we have 00:15:34
commented on the console because it does not show us the encrypted key but we already have it in our 00:15:45
database if we update here I am going to have my key updated ok in theory it is assumed 00:15:52
because they are that it works well ok but if you look at it it has vulnerabilities for example 00:16:03
after this dollar of the second dollar it always tells me the number of times that I want that I have 00:16:11
put as a jump, it is worth as a number of times that the depth of security of the key 00:16:18
is worth then well everything has a vulnerability well then so it would be our 00:16:28
register arrow function, it is worth already with the password encrypted now in the next 00:16:37
video what we are going to do is create this touch with jw tx jason web touch 00:16:45
Idioma/s:
es
Idioma/s subtítulos:
en
Autor/es:
Mario S.
Subido por:
Mario S.
Licencia:
Dominio público
Visualizaciones:
57
Fecha:
11 de julio de 2024 - 21:01
Visibilidad:
Público
Centro:
IES VILLABLANCA
Duración:
00′ 15″
Relación de aspecto:
1.78:1
Resolución:
1920x1080 píxeles
Tamaño:
42.75 MBytes

Del mismo autor…

Ver más del mismo autor

EducaMadrid, Plataforma Educativa de la Comunidad de Madrid

Plataforma Educativa EducaMadrid