Step 11

Import the verifyPassword function to the auth.js:

const { verifyPassword } = require("../util/hashing");

Next, update the route handler for /authenticate:

  router.post("/authenticate", async (req, res) => {
    const { username, password } = req.body;

    if (!username || !password) {
      return res.status(400).json({
        message: "You must provide both username and password.",
      });
    }

    try {
      const user = await users.readOne(username);

      // Authentication!
+     const isAuthenticated = await verifyPassword(password, user ? user.password : "");
+     if (!isAuthenticated) {
-     if (!user || user.password !== password) {
        return res.status(403).json({
          message: "Wrong username or password!",
        });
      } else {
        return res.json({
          message: "Authentication successful!",
          data: user,
        });
      }
    } catch (err) {
      return res.status(err.status || 500).json({ message: err.message });
    }
  });

Save the file and try to authenticate a user again!

Notice the client provides the "plain" password during authentication!