From fd3d65e632cf5145ee0327129850e74ead246ed2 Mon Sep 17 00:00:00 2001
From: karishmas6 <carishmashukla28@gmail.com>
Date: Tue, 24 Sep 2024 17:46:35 +0530
Subject: [PATCH] feat: exclude hashed password when return user

---
 server/src/routes/auth.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/server/src/routes/auth.ts b/server/src/routes/auth.ts
index 8ebb92a5..f645b92e 100644
--- a/server/src/routes/auth.ts
+++ b/server/src/routes/auth.ts
@@ -21,7 +21,7 @@ router.post('/register', async (req, res) => {
         const user = await User.create({ email, password });
 
         const token = jwt.sign({ id: user.id }, process.env.JWT_SECRET as string, { expiresIn: '1h' });
-        // user.password = undefined
+        user.password = undefined as unknown as string
         res.cookie('token', token, {
             httpOnly: true
         })
@@ -44,7 +44,9 @@ router.post('/login', async (req, res) => {
         const token = jwt.sign({ id: user?.id }, process.env.JWT_SECRET as string, { expiresIn: '1h' });
 
         // return user and token to client, exclude hashed password
-        // user.password = undefined
+        if (user) {
+            user.password = undefined as unknown as string;
+        }
         res.cookie('token', token, {
             httpOnly: true
         })