auth on Passport.js + Mongoose 8

Question

I'm a beginner developer, trying to create a full stack application with authorization based on Passport.js and Mongoose, but I'm not sure I'm on the right path

const express = require('express');
const path = require('path');
const session = require('express-session');
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const mongoose = require('mongoose');
const Schema = mongoose.Schema;

const mongoDb = 'mongodb://localhost:27017/auth-test';
mongoose.connect(mongoDb);
const db = mongoose.connection;
db.on('error', console.error.bind(console, 'error mongo'));

const User = mongoose.model(
  'User',
  new Schema({
    username: { type: String, required: true },
    password: { type: String, required: true }
  })
);

const app = express();
app.set('views', __dirname);
app.set('view engine', 'ejs');

passport.use(
    new LocalStrategy(async (username, password, done) => {     
        try {
            let user = await User.findOne({ username: username }).exec();

            if (!user) {
            console.log("Incorrect username");
            return done(null, false);
            }
            if (user.password !== password) {
                console.log("Incorrect password");
                return done(null, false);
            }
            console.log("ACCEPTED");
            console.log(user.toObject());
            return done(null, user.toObject()); 
  // i use toObject or have 'MongooseError: Model.findById() no longer accepts a callback'
        }
        catch (err) {
            console.log(err);
            return err;
        }
    })
    
);
passport.serializeUser(function(user, done) {
    done(null, user.id);
});
  
passport.deserializeUser(function(id, done) {
    User.findById(id, function(err, user) {
      done(err, user);
    });
});
app.use(session({ secret: 'cats!@#$', resave: false, saveUninitialized: true }));
app.use(passport.initialize());
app.use(passport.session());
app.use(express.urlencoded({ extended: false }));

app.get("/log-out", (req, res) => {
    req.logout();
    res.redirect("/");
});

app.get("/", (req, res) => {
    res.render("index", { user: req.user });
});

app.get("/register", (req, res) => res.render("register"));

app.post("/register", async (req, res, next) => {
    try {
        const user = new User({
            username: req.body.username,
            password: req.body.password
        });       
        await user.save();
        res.redirect("/");
    } catch (err) {
        console.log(err);
        return next(err);
    }
});

app.post(
    "/log-in",
    passport.authenticate("local", {
      successRedirect: "/",
      failureRedirect: "/"
    })
);

app.listen(3000, () => console.log('lisenning on 3000'));

i cant pass user model to callback for LocalStrategy, now i throw

ACCEPTED
{
  _id: new ObjectId('65abe002893f59c8f9883320'),
  username: 'qwerty123',
  password: 'ASDASD',
  __v: 0
}

Error: Failed to serialize user into session, i can fix it change user.id to user._id in

passport.serializeUser(function(user, done) {
    done(null, user.id);
});

but i have new error 'MongooseError: Model.findById() no longer accepts a callback' and more, and more, and more... pls help me, i think i'm doing everything wrong.

Answer 1

I think I got this example to work

passport.serializeUser(function(user, done) {
done(null, user._id);
});

passport.deserializeUser( async function(_id, done) {
   await User.findById(_id).then((user,err)=>{
       done(err, user);
   })
});

and need fix logout route

app.get("/log-out", (req, res) => {
   req.logout(function(err) {
       if (err) { return next(err); }
   });
   res.redirect("/");
});

but it still seems to me that - I’m going in some wrong way.

1. Tell me if there are better solutions?
2. Now I’m wondering whether I should use passport-local-mongoose to hash the password or do it manually via bcrypt?
3. Also i'm going to use storage session-express, is it worth using mongoose and mongodb for this?