For privacy reasons, I want to only store the hashed-salted version of a user's email (in favor of restoring the user's password for example).
It seems one way to go about this is to hook to action:user.email.confirmed and there generate a salt, created hashed email, store hashed email and salt and remove the non-hashed email from the db.
Then I would also need to also hook somewhere in the forgot email logic.
This would also require disabling email editing for the user of course.
The downsides of the above are:
- The email is kept in the db during confirmation stage.
- Its a bit wasteful to write the non hashed email and then delete it and write the hashed one.
I'm new to NodeBB (and web development in general), and would appreciate any pointers.