Hashing Passwords
We'll save encrypted versions of passwords inside the database. Otherwise, our user's information might be vulnerable. For example, if a malicious individual were to gain access to the database, they could gain access to a user's account.

The password will be hashed. The purpose of a hash is to make it so that reverse-engineering passwords is impossible. As a result, attackers won't be able to access a user's account, even if the database is compromised. 

In order to hash a password, we'll need to use a module called bcryptjs. As with other modules, we'll need to install it, then import it inside the project:

// controllers/users.js

const bcrypt = require('bcryptjs'); // importing bcrypt
const User = require('../models/user');
We're adding the code to hash the passwords to the user creation controller. The hash() method is responsible for this process:

// controllers/users.js

const bcrypt = require('bcryptjs'); // importing bcrypt
const User = require('../models/user');

exports.createUser = (req, res) => {
  // hashing the password
  bcrypt.hash(req.body.password, 10)
    .then(hash => User.create({
      email: req.body.email,
      password: hash, // adding the hash to the database
    }))
    .then((user) => res.send(user))
    .catch((err) => res.status(400).send(err));
};