This route will get email and password from the body. It will validate the email/password with what's in the db.
If there's a validation error, no matter whether it's an incorrect email OR password, we want to send back a 400 with the error message 'Incorrect username and password combination.' This is a non-input specific error message that should share the same structure as general Mongoose errors.
If it's successful, we return a 200 with the user object (don't forget to exclude the password).
Use bycrypt to hash the password that we receive from the user (confirm with whoever is working on the signup feature as that hashing algorithm needs to match) and compare that with the hashed password in the database.
This route will get email and password from the body. It will validate the email/password with what's in the db.
Use bycrypt to hash the password that we receive from the user (confirm with whoever is working on the signup feature as that hashing algorithm needs to match) and compare that with the hashed password in the database.