Edit in JSFiddle

// the password is sent in the body of the request as the `pass` field
app.post("/:user", (req, res) => {
    // generate the salt using the npm package 'csprng'. 
    // The first argument is the number of bits and the second is the radix (how many characters to choose from, basically)
    const salt = csprng(160, 36);
    // hash the password with the salt prepended 
    req.body.pass = hash(`${salt}${req.body.pass}`); 

    // inserts a new document on the server. make sure to store the hash and salt
      { ...req.body, user: req.params.user, salt }, // this is one object to insert. `requst.params` gets the url parameters
      (err, r) => {
        if (err) {
          res.send("An error occured.");
        } else {
          res.send("All went well.");