Add password hashing to User model

[Navashub]

Description

User passwords are currently not stored at all. Add a hashed_password field and hash passwords on creation using passlib.

What to do

• Add pip install passlib[bcrypt] to the project dependencies (update pyproject.toml or requirements.txt)
• Add hashed_password: str column to the User model in models.py
• Add password: str to UserCreate schema (the raw password coming in)
• Never include hashed_password in UserResponse — it must not be returned by any endpoint
• In crud.py, hash the password before saving: pwd_context.hash(user.password)
• Create a auth.py utility file with the CryptContext setup

Acceptance Criteria

• POST /users/ accepts a password field
• The stored value in the database is a bcrypt hash, not the plain text password
• GET /users/ and GET /users/{id} do not return hashed_password
• The /docs UI shows password as a required field on user creation

Hints

from passlib.context import CryptContext
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
hashed = pwd_context.hash("mypassword")

Difficulty

🟡 Intermediate