thowitz-work/tremor-tracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed passwordHash when returning user after login

Browse Source
This commit is contained in:
Tim Howitz 2025-05-28 21:51:54 +01:00
parent 9124274603
commit 4cdeb5525a
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/app/api/login/route.ts
View File

@ -23,8 +23,6 @@ export async function POST(req: Request) {
});
if (user && bcryptjs.compareSync(password, user.passwordHash)) {
// todo remove password from returned user
// get user and relations
user = await prisma.user.findUnique({
where: { id: user.id },
@ -42,6 +40,7 @@ export async function POST(req: Request) {
},
},
});
const { passwordHash, ...userSansHash } = user!;
const secret = new TextEncoder().encode(env.JWT_SECRET_KEY);
const token = await new SignJWT({ userId: user!.id })
@ -49,7 +48,7 @@ export async function POST(req: Request) {
.setExpirationTime("2w")
.sign(secret);
const response = NextResponse.json({ message: "Login successful!", user, token }, { status: 200 });
const response = NextResponse.json({ message: "Login successful!", user: userSansHash, token }, { status: 200 });
response.cookies.set("jwt", token, {
httpOnly: true,
secure: process.env.NODE_ENV === "production",