Search⌘ K
AI Features

Designing the User Model: Hashed Passwords with bcrypt

Explore how to design a User model in MongoDB that securely handles passwords. Learn to enforce unique email logins, validate inputs, and implement password hashing using bcrypt with a pre-save hook. Understand why passwords must never be stored as plain text and how to verify them securely during login. This lesson helps you build a strong foundation for authentication in MERN stack applications.

Authentication starts with one well-designed model. Every later piece, registration, login, tokens, route protection, builds on the User schema, and the single most important rule is that the database must never store a plain-text password. This lesson designs that schema using the e-commerce users shape already in the course, and wires in automatic password hashing with the middleware pattern from the schema chapter.

Note: This builds on the existing users collection (id, name, email, password). The email is the login identifier and is made unique; name is the display name. The hashing uses the pre('save') hook introduced earlier, now applied to its real purpose.

To make the model concrete, the next visual should show a plain password being hashed before it reaches the ...

A plain password hashed by a pre-save hook before storage
A plain password hashed by a pre-save hook before storage

That starts with why the ...