Password Hashing
Velox TS provides bcrypt-based password hashing with configurable strength levels, constant-time comparison to prevent timing attacks, and optional Have I Been Pwned (HIBP) breach checking.
Quick Usage
Section titled “Quick Usage”import { hashPassword, verifyPassword } from '@veloxts/auth';
// Hash passwordconst hash = await hashPassword('user-password');
// Verify passwordconst isValid = await verifyPassword('user-password', hash);Registration
Section titled “Registration”register: procedure() .input(z.object({ email: z.string().email(), password: z.string().min(8), })) .mutation(async ({ input, ctx }) => { const passwordHash = await hashPassword(input.password);
return ctx.db.user.create({ data: { email: input.email, passwordHash, }, }); }),login: procedure() .input(z.object({ email: z.string().email(), password: z.string(), })) .mutation(async ({ input, ctx }) => { const user = await ctx.db.user.findUnique({ where: { email: input.email }, });
if (!user) { throw new Error('Invalid credentials'); }
const isValid = await verifyPassword(input.password, user.passwordHash);
if (!isValid) { throw new Error('Invalid credentials'); }
// Generate tokens or create session return { user }; }),Custom Configuration
Section titled “Custom Configuration”Use passwordHasher for custom configuration:
import { passwordHasher, DEFAULT_HASH_CONFIG } from '@veloxts/auth';
// Use explicit defaultsconst hasher = passwordHasher(DEFAULT_HASH_CONFIG);
// Customize from defaultsconst strongerHasher = passwordHasher({ ...DEFAULT_HASH_CONFIG, bcryptRounds: 14, // Increase for higher security});
// Or specify algorithmconst argonHasher = passwordHasher({ algorithm: 'argon2',});
// Use the hasherconst hash = await hasher.hash('password');const isValid = await hasher.verify('password', hash);Default configuration: bcrypt with 12 rounds - a good balance between security and performance.
Algorithm
Section titled “Algorithm”Velox TS uses bcrypt by default (12 rounds). Argon2 is also supported.