While seemingly simple, I see this question often, so I'm sharing my auth setup here, and how you could improve on it.
There are 4 parts to this: register, login, authentication, and logout.
Your register route takes a username & password, hashes the password and stores in the db. For reference, this would be a very minimal user schema:
type Roles = "USER" | "ADMIN";