Mongoose User and Video Schema and JWT

Photo by Uriel SC on Unsplash

Mongoose User and Video Schema and JWT

Thanks again for this wonderful 9th session about Mongoose and Encrypting the password and Tokens.

I am thrilled to have learned so much from this informative video lesson. Let's dive into the key takeaways:

1) Refreshing the memory about how we create DB Schema.

When working with Mongoose, it is essential to understand how to create a DB Schema. A DB Schema is a blueprint that defines the structure of a database, including the collection, the documents it contains, and the fields within those documents. By establishing a clear Schema, we can ensure consistent data organization and reduce potential issues down the line.

2) Like any app, we also save user's information in the DB, including their password.

Storing user information in a database requires careful consideration, especially when it comes to handling sensitive data like passwords. It is crucial to employ proper security measures to protect this information from unauthorized access.

One effective approach is to encrypt passwords using a library such as BcryptJs. BcryptJs is an NPM package that provides a simple and secure way to hash passwords. By hashing the password, we convert it into a non-reversible form that cannot be easily decrypted. This adds an extra layer of protection against potential attacks.

3) BcryptJs and the importance of asynchronous operations.

Encrypting passwords is a resource-intensive task that can consume significant CPU resources. To handle this efficiently, we should use async/await functions in our code. By leveraging asynchronous programming, we can ensure that the password encryption process does not block the application's execution and allows for smooth handling of other operations.

Additionally, when writing the bcrypt password function code, it's crucial to consider the impact of any changes or updates to the user schema. We want to ensure that the password encryption process does not run unnecessarily every time a different field is saved. By carefully designing our code, we can optimize its performance and enhance the user experience.

4) Tokens and their role in app security.

Tokens play a vital role in app security, as they enable us to verify the identity of users without constantly re-authenticating them. In the video, Hitesh sir introduced us to an NPM package called JsonWebToken (JWT) that facilitates the generation and verification of tokens.

Using JWT, we can generate tokens containing specific user information, such as their user ID or role. These tokens are then sent to the client and included in subsequent requests. By validating the token on the server side, we can ensure that the user has not tampered with the information and is authorized to access protected resources.

5) Leveraging mongoose middleware.

In addition to password encryption and token generation, the video also covered the usage of mongoose middleware. Mongoose middleware provides a way to inject custom logic before or after specific actions on a model or document.

For example, we can use mongoose pre middleware functions to perform password encryption before saving a user's data to the database. This allows us to seamlessly integrate encryption into our application's workflow and ensures that password security is consistently maintained.

If you're looking to level up your React coding skills to an industry level, I highly recommend following "Chai aur Code." They provide in-depth tutorials and insights that can help you enhance your coding capabilities to meet industry standards.