Skip to content

README.md

Latest commit

 

History

History
132 lines (85 loc) · 1.54 KB

README.md

File metadata and controls

132 lines (85 loc) · 1.54 KB

Password Hash API

A minimal backend API demonstrating secure password hashing and verification using bcrypt.

This project focuses on one concept only: password hashing lifecycle with configurable salt rounds.

Tech Stack

  • Node.js
  • Express
  • bcrypt
  • zod (validation)

Features

  • Hash password with configurable salt rounds
  • Verify password against bcrypt hash
  • Analyze bcrypt hash (extract version and cost factor)
  • Input validation using zod
  • Clean layered project structure
  • REST Client test file support

Installation

git clone <your-repo-url>
cd password-hash-api
npm install

Create .env file:

PORT=1198 BCRYPT_SALT_ROUNDS=12

Run server:

npm run dev

API Endpoints

Health Check

GET /health

Hash Password

POST /hash

Body:

{ "password": "Hello@123", "rounds": 12 }

Response:

{ "hash": "$2b$12$...", "roundsUsed": 12 }

Verify Password

POST /verify

Body:

{ "password": "Hello@123", "hash": "$2b$12$..." }

Response:

{ "ok": true }

Analyze Hash

GET /analyze/:hash

Response:

{ "version": "2b", "rounds": 12 }

What This Project Demonstrates

  • How bcrypt embeds salt inside hash
  • Cost factor awareness
  • Safe salt round boundaries
  • Clean separation of routes, controllers, utils
  • Backend micro-service design pattern

Notes

  • This is a single-purpose backend micro project.
  • It intentionally avoids authentication systems, databases, or complex architecture to keep focus on password hashing mechanics.