It would be better to use bcrypt, beause its more secure as it's slower (uses more computing cycles).
Your code could also be better:

You wouldn't need salt field in User model, because it's saved into the same field as password does.

For authentication, something like:

var mongoose = require('mongoose'),
  bcrypt = require('bcryptjs');

var userSchema = mongoose.Schema({
  email: String,

The features section in the docs states that nodemon is available in the project, when it's clearly not. It's not added as a dependency or as a command in the project. Maybe remove this from the docs or actually add nodemon?

Sorry if this is off-topic, but I love the structure of express-es6-rest-api and I'm struggling to use it with Mongoose. If anyone can point me to an example, that'd be great.

I saw the restful-mongoose link in the README, but that's a bit too automagic to me, I need more control.

I'm not sure if this will be included when the book is finished, but getting the config values for the .env file requires getting values from a lot of different sources and different configurations. It would be helpful if there was better documentation around that process.

I would love to submit a PR for it, but I haven't been able to figure all of it out myself yet.

It looks like sendgrid is currently only used to reset user passwords. If that is the case it would be nice to have it also used to send a confirmation email upon user registration, so that it can be properly validated.

I suppose this would require the use of a unique email validation token.

The facebook page says:

App not set up: This app is still in development mode, and you don't have access to it. Switch to a registered test user or ask an app admin for permissions.

Any refrence on how to enable swagger documentation on the express routes ?

@nodkz i ask because this project is currently very mixed in this case and we should standardize it with an eslint rule to make it always surrounded or let it removed

See: https://gist.github.com/ericelliott/f3c2a53a1d4100539f71

Advantages

See: https://medium.com/javascript-scene/you-might-not-need-typescript-or-static-types-aa7cb670a77b

• autocomplete and type inference with most IDEs
• doesn't require passing Log objects for every call (although it's encouraged)
• other non-required parameters (such as query) can be omitted
• much easier to a

Discriminators need:

• better tests (because tests are examples of how to use it too)
• better / actual documentation (#16) (still needs nested discriminator docs)
• rework the already existing test(s) to be better understandable

npm install error : 依赖的包（ssh://github.com/surmon-china/mongoose-paginate.git）不存在

i@mingbai:~/node/nodepress$ npm install
npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t ssh://git@github.com/surmon-china/mongoose-paginate.git
npm ERR! 
npm ERR! Permission denied (publickey).
npm ERR! fatal: 无法读取远程仓库。
npm ERR! 
npm ERR! 请确认您有正确的访问权限并且仓库存在。
npm ERR! 
npm ERR! ex

Write unit tests for all the available commands.

• mevn init (@anooppoommen )
• mevn codesplit
• mevn generate
• mevn add
• mevn serve
• mevn dockerize
• mevn deploy
• mevn info

I've been trying to write a query to give me all the documents created in the last week but I couldn't figure out how the operator syntax works. The documentation in the README has almost no high-level explanation of how the syntax works out-of-the-box. There's some stuff in there about building support for custom relations, and some other fairly deep stuff, but nothing that shows you can simply