angular security course

Author: Your Name

server/create-user.route.ts

@@ -4,6 +4,7 @@ import {db} from "./database";
 import {USERS} from "./database-data";
 import * as argon2 from 'argon2';
 import {validatePassword} from "./password-validation";
+import {randomBytes} from "./security.utils";
 
 
 
@@ -17,16 +18,32 @@ export function createUser(req: Request, res:Response) {
         res.status(400).json({errors});
     }
     else {
-        argon2.hash(credentials.password)
-            .then(passwordDigest => {
 
-                const user = db.createUser(credentials.email, passwordDigest);
+        createUserAndSession(res, credentials);
+
+    }
+
+}
+
+async function createUserAndSession(res:Response, credentials) {
+
+    const passwordDigest = await argon2.hash(credentials.password);
+
+    const user = db.createUser(credentials.email, passwordDigest);
+
+    const sessionId = await randomBytes(32).then(bytes => bytes.toString('hex'));
+
+    console.log("sessionId",sessionId );
+
+    res.status(200).json({id:user.id, email:user.email});
+
+
+}
+
+
+
+
 
-                console.log(USERS);
 
-                res.status(200).json({id:user.id, email:user.email});
 
-            });
-    }
 
-}

server/security.utils.ts

@@ -0,0 +1,6 @@
+
+const util = require('util');
+const crypto = require('crypto');
+
+
+export const randomBytes = util.promisify(crypto.randomBytes);