import argon2 from 'argon2' // --- Hash a password (e.g. at signup) --- export async function hashPassword(plainPassword) { try { const hash = await argon2.hash(plainPassword, { type: argon2.argon2id, // recommended variant memoryCost: 2 ** 16, // ~64 MB timeCost: 3, // iterations parallelism: 1 // threads }) return hash // store this string in MySQL } catch (err) { console.error('Error hashing password:', err) throw err } } // --- Verify a password (e.g. at login) --- export async function verifyPassword(plainPassword, storedHash) { try { const match = await argon2.verify(storedHash, plainPassword) return match // true or false } catch (err) { console.error('Error verifying password:', err) return false } }