From 25b7e723f67e15be7b1be642f01484178f020fe8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=98=99=E2=97=A6=20The=20Tablet=20=E2=9D=80=20GamerGirla?=
 =?UTF-8?q?ndCo=20=E2=97=A6=E2=9D=A7?= <i.am.the.tablet@proton.me>
Date: Tue, 9 Jul 2024 20:36:41 -0400
Subject: [PATCH] refactor(api): actually use `doNotSelect` filter when
 querying user at login

---
 server/api/auth/login.post.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/server/api/auth/login.post.ts b/server/api/auth/login.post.ts
index 2207581..a7e543c 100644
--- a/server/api/auth/login.post.ts
+++ b/server/api/auth/login.post.ts
@@ -2,11 +2,12 @@ import mongoose from "mongoose";
 import jwt from "jsonwebtoken";
 import { User } from "@models/user";
 import { log } from "@server/logger";
+import { doNotSelect } from "@server/constants";
 
 export default eventHandler(async (event) => {
 	const wrongMsg = "wrong credentials";
 	let reqbody = await readBody(event);
-	let user = await User.findOne({ username: reqbody.username }).exec();
+	let user = await User.findOne({ username: reqbody.username }).select(doNotSelect).exec();
 	// log.debug(reqbody, { label: "login/body" });
 	// log.debug("USER -> " + user, { label: "login" });
 	// log.debug("conn ->" + mongoose.connection, { label: "login" });
@@ -30,8 +31,9 @@ export default eventHandler(async (event) => {
 			}
 			let tok = user.generateRefreshToken(useRuntimeConfig().jwt);
 			// setCookie(event, "rockfic_cookie", tok);
+			const fu = user.toObject();
 			return {
-				user,
+				user: fu,
 				token: {
 					refresh: tok,
 					access: user.generateAccessToken(useRuntimeConfig().jwt),