←back to thread

Poor Man's Back End-as-a-Service (BaaS), Similar to Firebase/Supabase/Pocketbase

(github.com)
200 points dcu | 1 comments | 03 Jul 25 15:35 UTC | HN request time: 0.21s | source
Show context
fkyoureadthedoc ◴[03 Jul 25 16:07 UTC] No.44456481[source]
> Another important file is _users.csv which contains user credentials and roles. It has the same format as other resources, but with a special _users collection name. There is no way to add new users via API, they must be created manually by editing this file:

    admin,1,salt,5V5R4SO4ZIFMXRZUL2EQMT2CJSREI7EMTK7AH2ND3T7BXIDLMNVQ====,"admin"
    alice,1,salt,PXHQWNPTZCBORTO5ASIJYVVAINQLQKJSOAQ4UXIAKTR55BU4HGRQ====,
> Here we have user ID which is user name, version number (always 1), salt for password hashing, and the password itself (hashed with SHA-256 and encoded as Base32). The last column is a list of roles assigned to the user.

I haven't had to handle password hashing in like a decade (thanks SSO), but isn't fast hashing like SHA-256 bad for it? Bcrypt was the standard last I did it. Or is this just an example and not what is actually used in the code?

replies(4): >>44456509 #>>44457381 #>>44457415 #>>44457642 #
1. ehutch79 ◴[03 Jul 25 17:35 UTC] No.44457381[source]
If it's in the examples, it WILL make it to someone's production code