Storing passwords #60
Description
Just made this comment on another repo and I know you might not have covered this yet. However:
Looks like you're storing passwords in plain text and then just comparing the user input to what you have in the database when the user logs in.
This is pretty bad practice because if someone steals your database they will have all the user passwords. To prevent this you should hash and salt your passwords and never store the actual plain text password, ever.
Don't really expect you to fix this in a couple of hours code review, but maybe check out how this group did it here:
https://github.com/FAC9/the-badgerer/blob/master/src/handlers/loginHandler.js
and here:
https://github.com/FAC9/the-badgerer/blob/master/src/handlers/newUserHandler.js