Welcome to the first lesson of the Secure Your API with Authentication and Authorization course. In this lesson, you’ll implement secure user registration in your NestJS API.

Applications that accept user accounts need to store passwords securely. Storing passwords in plain text is extremely risky. If your database is ever exposed, attackers gain direct access to all accounts.

To avoid this, we use password hashing before saving user credentials.

By the end of this lesson, you’ll have a working /auth/register endpoint that:

• Accepts a name, username, and password.
• Hashes the password securely before storing.
• Saves the new user in a mock database.
• Rejects duplicate usernames.

You’ll also get a first look at JWTs (JSON Web Tokens), which will power authentication in later lessons.

Hashing is a one-way transformation of a password into a fixed string of random-looking characters.

• It cannot be reversed back into the original password.
• It uses a salt (a random value) to ensure that even two identical passwords result in different hashes.
• It applies multiple iterations of hashing to make brute-force attacks slower.

How Do We Use It in This Project?

In our project, we use bcrypt, a library specifically designed for password hashing. The logic lives in src/utils/auth.utils.ts: