The reason we need databases to store user data instead of our backend servers is data persistency…what is that???…

I mean data stored on the backend is non-persistent i.e. if the backend server crashes, all the data stored in memory will be lost until the server is online again. To prevent this, we will be storing all the user data in a database so that even if the server crashes at some point in time, we will not loose the user data stored in our database. The backend will simply be acting as a middleware which will handle incoming requests from the client, validate those requests, fetch the requested data from database and send that data to the client.

Database schema is the end structure of the database. MongoDB (schema less) is a NoSQL database that uses a document-oriented approach. Data is stored in flexible, JSON-like documents, which can have nested structures and varied fields.

We should store hashed passwords in database and not plain-text ones. Suppose, 2 users have the same password . so their hashed passwords in db will also be the same, which means if a hacker sees that both of them have the same hash in password in db and can figure out the password of 1 user he will get the creds of both user. That’s why we use salting i.e. add a random salt string to the user password. the salt added will be different if 2 users have same password thus generating unique hashes which leads to unique passwords in DB.

Always use user_id for JWT not email, as user might want to change their email and when changed, JWT will still be using the old email, but user_id always stays the same in DB, hence, we use the id for JWT.