Designing the User Model: Hashed Passwords with bcrypt
Explore how to design a User model in MongoDB that securely handles passwords. Learn to enforce unique email logins, validate inputs, and implement password hashing using bcrypt with a pre-save hook. Understand why passwords must never be stored as plain text and how to verify them securely during login. This lesson helps you build a strong foundation for authentication in MERN stack applications.
Authentication starts with one well-designed model. Every later piece, registration, login, tokens, route protection, builds on the User schema, and the single most important rule is that the database must never store a plain-text password. This lesson designs that schema using the e-commerce users shape already in the course, and wires in automatic password hashing with the middleware pattern from the schema chapter.
Note: This builds on the existing
userscollection (id,name,password). Thenameis the display name. The hashing uses thepre('save')hook introduced earlier, now applied to its real purpose.
To make the model concrete, the next visual should show a plain password being hashed before it reaches the ...
That starts with why the ...