resolve database pipeline freeze by implementing next() callback in user pre-save hook

[Aryan0819]

Updated pre-save hook to include next() for proper middleware flow and error handling.

Related Issue

• Closes: The Hanging Mongoose Middleware #471

---

Description

Description

🧱 The Architectural Context:
Mongoose middleware hooks (pre-save hooks) intercept data operations right before records are committed to MongoDB. In older versions of Mongoose, this relied heavily on explicitly calling a next() callback. Modern Mongoose allows you to omit next() only if the function returns a Promise that resolves naturally at the end of its block execution.

---

How Has This Been Tested?

Profile Updates: Verified via Postman that modifying only the username or email returns an instant response without hanging or timing out.

Type of Change

• [x ] Bug fix
• New feature
• Code style update
• Breaking change
• Documentation update

Summary by CodeRabbit

• Bug Fixes
  • Fixed password handling so account creation and updates reliably complete encryption and surface errors correctly.
  • Improved login/authentication reliability by ensuring user credentials are consistently loaded during sign-in.
  • Corrected session handling to gracefully handle missing or deleted user accounts during deserialization.

[netlify]

❌ Deploy Preview for github-spy failed.

Name	Link
🔨 Latest commit	9b1e0bd
🔍 Latest deploy log	https://app.netlify.com/projects/github-spy/deploys/6a130c1ded40680008b780d0

[coderabbitai]

📝 Walkthrough

Walkthrough

Fixes Mongoose pre-save password hashing middleware to use the explicit next callback and updates Passport LocalStrategy to load the password field and handle missing users during deserialization.

Changes

Authentication updates

Layer / File(s)	Summary
Password hashing middleware and model export backend/models/User.js	Reworks the pre('save') hook to accept next, return early when password is not modified, call next() after bcrypt hashing completes, and route bcrypt/encryption errors to next(err). The User model export remains unchanged.
Passport LocalStrategy and session deserialization backend/config/passportConfig.js	LocalStrategy user lookup now includes .select("+password") so the password is available for verification. deserializeUser now checks for a missing user and calls done(null, false) when none is found, otherwise done(null, user).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• GitMetricsLab/github_tracker#286: Also modified backend/models/User.js pre-save middleware and password handling, making it strongly related to these auth fixes.

Poem

🐰 I hopped through hooks and found the gap,
I taught the save to call the map.
Passport now peeks where hashes hide,
No ghost users slip inside.
Hooray — auth sings on the other side! 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly addresses the main change: fixing a database freeze by implementing the next() callback in the user pre-save hook, which aligns with the code modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The pull request description includes most required sections: Related Issue, Description, How Has This Been Tested, and Type of Change. However, the description lacks clarity on the full scope of changes, as it focuses primarily on the User.js pre-save hook but doesn't mention the related changes to passportConfig.js. Additionally, the Description section contains a duplicate heading.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🎉 Thank you @Aryan0819 for your contribution. Please make sure your PR follows https://github.com/GitMetricsLab/github_tracker/blob/main/CONTRIBUTING.md#-pull-request-guidelines

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@backend/models/User.js`:
- Around line 22-30: The pre-save hook UserSchema.pre('save', async function
(next) { ... }) should be converted to an async-only hook: remove the next
parameter and all next() calls; use early returns and thrown errors instead.
Specifically, change the hook signature to async function () { ... }, replace
"if (!this.isModified('password')) return next();" with "if
(!this.isModified('password')) return;", remove "next();" after hashing and in
the catch block rethrow the error (throw err) so Mongoose handles rejection.
This ensures the hook relies solely on promise/async completion semantics.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0e3cb256-b6d9-4a98-8b80-15ca4ee4b48d

📥 Commits

Reviewing files that changed from the base of the PR and between 6c6bc3e and 96d9b38.

📒 Files selected for processing (1)

• backend/models/User.js

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@backend/config/passportConfig.js`:
- Line 10: Remove the duplicate semicolon at the end of the User lookup
statement; in the passport config callback where you call
User.findOne({email}).select("+password");; (reference the User model and the
select("+password") call), leave a single terminating semicolon so the statement
becomes syntactically correct.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a79ce458-59e2-4cbd-a02a-6ab511890502

📥 Commits

Reviewing files that changed from the base of the PR and between 96d9b38 and 0fa4b26.

📒 Files selected for processing (1)

• backend/config/passportConfig.js

[Aryan0819]

@mehul-m-prajapati please review this

[Aryan0819]

@Srijatalamarla @ASR1015 @md-asharaf please can you reveiw these pull request

[Aryan0819]

@mehul-m-prajapati can you please merge

[Aryan0819]

@mehul-m-prajapati @Srijatalamarla @ASR1015 @md-asharaf please merge this pr