i know compare password using bcrypt module is work too, but out of curiousity, i want to know if there is a away to using sequelize fn and postgres crypt?

i already try this :

const user = await Users.findOne({ 
  where: { 
    username: myUsername,
    password: sequelize.fn('crypt',myPassword,'password')
  } 
});

but not work because in the queries look like

SELECT "id", "username", "password", FROM "users" AS "Users" 
WHERE "Users"."username" = 'yosiazwan' AND "Users"."password" = crypt('testing', 'password');

'password' is in single quotes when it should not. if i try that queries in pgadmin, it doesn't work too. but if i remove the 'password' single quotes, like this

SELECT "id", "username", "password", FROM "users" AS "Users" 
WHERE "Users"."username" = 'yosiazwan' AND "Users"."password" = crypt('testing', password);

and that will works. is there any way to remove that single quotes in sequelize fn?

CodePudding user response：

https://sequelize.org/api/v6/class/src/sequelize.js~sequelize#static-method-fn

public static fn(fn: string, args: any): fn since v2.0.0-dev3

Creates an object representing a database function. This can be used in search queries, both in where and order parts, and as default values in column definitions. If you want to refer to columns in your function, you should use sequelize.col, so that the columns are properly interpreted as columns and not a strings.

https://sequelize.org/api/v6/class/src/sequelize.js~sequelize#static-method-col

public static col(col: string): col since v2.0.0-dev3

Creates an object which represents a column in the DB, this allows referencing another column in your query. This is often useful in conjunction with sequelize.fn, since raw string arguments to fn will be escaped.

Your code should look like

const user = await Users.findOne({ 
  where: { 
    username: myUsername,
    password: sequelize.fn('crypt',myPassword, sequelize.col('password'))
  } 
});