Implement password hashing with Argon2 and updated the dependencies

.env.example

@@ -0,0 +1,8 @@
+PORT=3000
+NODE_ENV=development
+MONGODB_URI=mongodb://localhost:27017/your-database-name
+JWT_SECRET=your_JWT_secret
+JWT_EXPIRES=7d_preferencial
+JWT_ISSUER=yourname
+UPLOADS_DIR=uploads
+PUBLIC_DIR=public

controllers/auth.js

@@ -1,14 +1,23 @@
 const jwt = require('jsonwebtoken')
-
+const argon2 = require('argon2')
 const User = require('../models/user').model
 
 exports.login_post = async (req, res) => {
   const { email, password, type } = req.body
 
-  User.findOne({ email, password, type })
+  User.findOne({ email, type })
     .lean()
-    .then(user => {
+    .then(async user => {
       if (user) {
+        // Verify the password against the hash
+        const isValid = await argon2.verify(user.password, password)
+
+        if (!isValid) {
+          return res.send({
+            status: false
+          })
+        }
+
         // Create a token
         const payload = { user }
         const options = {

controllers/user.js

@@ -1,4 +1,5 @@
 const User = require('../models/user').model
+const argon2 = require('argon2')
 
 exports.list_get = (req, res) => {
   const { type } = req.query
@@ -40,13 +41,14 @@ exports.details_get = (req, res) => {
     })
 }
 
-exports.create_post = (req, res) => {
+exports.create_post = async(req, res) => {
   const { name, email, password, type } = req.body
+  const hashedPassword = await argon2.hash(password)
 
   let newUser = new User({
     name,
     email,
-    password,
+    password: hashedPassword,
     type
   })