Stealth's on-hover text is misleading if you have not cast the Skill today and you don't have any remaining Dailies due. This is the current text:

https://github.com/HabitRPG/habitica/blob/d0bc0dbe498adbe036e01c261d8eed12a68c4dc2/website/common/locales/en/spells.json#L79

Possibly it should be changed to make it more generic so that it applies in either case. E.g., "There is no need for you t

It would be better to use bcrypt, beause its more secure as it's slower (uses more computing cycles).
Your code could also be better:

You wouldn't need salt field in User model, because it's saved into the same field as password does.

For authentication, something like:

var mongoose = require('mongoose'),
  bcrypt = require('bcryptjs');

var userSchema = mongoose.Schema({
  email: String,

Any refrence on how to enable swagger documentation on the express routes ?

I've read the docs, and it seems you can pass through knex instances, but I didn't see if it supports SQLite3 - could you clarify please?