src/models/User.js

// src/models/User.js
const mongoose = require('mongoose');
const bcrypt = require('bcryptjs');

const UserSchema = new mongoose.Schema({
  username: { type: String, required: true, unique: true, trim: true },
  email: { type: String, required: true, unique: true, select: false }, // Hidden by default
  password: { type: String, select: false }, // Hidden by default
  
  // The Brutale Core Logic
  honestyScore: { type: Number, default: 50, min: 0, max: 100 },
  
  stats: {
    reviewsCount: { type: Number, default: 0 },
    likesReceived: { type: Number, default: 0 }
  },
  
  role: { type: String, enum: ['user', 'admin'], default: 'user' },
  badges: [{ type: String }] // Array of badge codes like 'ELITE', 'SPICY'
}, { timestamps: true });

// Hash password before saving
UserSchema.pre('save', async function () {
  if (!this.isModified('password')) return;
  this.password = await bcrypt.hash(this.password, 10);
});


// Method to check password
UserSchema.methods.comparePassword = async function(candidatePassword) {
  return await bcrypt.compare(candidatePassword, this.password);
};

module.exports = mongoose.model('User', UserSchema);