notkshitij/CropCompass
1
1
Fork 0
Code Issues 8 Pull Requests Projects 1 Releases Activity

Added password policy and checking if password appeared in a breach w/ haveibeenpwed api.

Browse Source
This commit is contained in:
K
2025-07-18 01:22:01 +05:30
parent 001727ab85
commit 04e69202b6
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Backend/Controllers/user.controller.js
+17
View File
@@ -4,11 +4,28 @@ const { uploadOnCloudinary } = require("../Utils/cloudinary.js");
const sendEmail = require("../Utils/sendmail.js");
const crypto = require("crypto");
const jwt = require("jsonwebtoken");
const sha1 = require("sha1");
const axios = require("axios");
// Register or Sign up new User -- Done
const registerUser = catchAsyncErrors(async (req, res) => {
const { name, email, password, role } = req.body;
// Strong password policy
const strongPasswordRegex = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&]).{8,}$/;
if (!strongPasswordRegex.test(password)) {
return res.status(400).json({ success: false, message: "Password must be at least 8 characters long and include uppercase, lowercase, number, and special character." });
}
// Check for data breach with haveibeenpwned.com
const hashed = sha1(password).toUpperCase();
const prefix = hashed.slice(0, 5);
const suffix = hashed.slice(5);
const response = await axios.get(`https://api.pwnedpasswords.com/range/${prefix}`);
if (response.data.includes(suffix)) {
return res.status(400).json({ success: false, message: "This password has appeared in a data breach. Please choose a different one." });
}
const user = await User.create({
name,
email,