Hashing
Introduction
Password hashing in JCC Express MVC uses bcryptjs through utility helpers:
bcrypt(plainText)-> create hashverifyHash(plainText, hash)-> compare plaintext to hash
Both are exported from jcc-express-mvc and available globally via globalHelpers.
Hash a password
TypeScript
Implementation uses:
bcryptjs.genSalt(10)bcryptjs.hash(...)
Verify a password
TypeScript
verifyHash is used by Authentication.attempt(...) during login.
Typical model/controller flow
TypeScript
Never store raw passwords in database rows.
Global helper usage
When global helpers are booted, bcrypt and verifyHash are available directly:
TypeScript
Best practices
- Hash passwords at write time (create/update).
- Always verify with constant-time compare helper (
verifyHash) rather than string compare. - Re-hash with stronger settings when migrating legacy hashes.
- Keep auth errors generic (
Invalid credentials) to avoid user enumeration.
Summary
- Use
bcrypt(...)to hash passwords. - Use
verifyHash(...)for login/credential checks. - Framework auth already integrates these helpers in
Authentication.attempt(...).