From c6246bfa5b82f911d36794c9869b325920051908 Mon Sep 17 00:00:00 2001
From: Matt Kirby <MattJKirby@outlook.com>
Date: Sun, 16 Apr 2023 15:40:29 +0100
Subject: [PATCH] Omit password and email fields

---
 .../user-service/controllers/appController.js             | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/backend-services/user-service/controllers/appController.js b/backend-services/user-service/controllers/appController.js
index dbabe14c..d453a4f7 100644
--- a/backend-services/user-service/controllers/appController.js
+++ b/backend-services/user-service/controllers/appController.js
@@ -225,7 +225,8 @@ export const GetUserList = async (req,res) => {
 }
 
 /**
- * GET /searchuser
+ * GET /search
+ * This endpoint OMITS the password and email fields
  * @param {*} req 
  * @param {*} res 
  * @returns 
@@ -239,8 +240,9 @@ export const GetUserList = async (req,res) => {
     if(query === undefined || query.length === 0){
       throw new Error("Please provide a valid query!")
     }
-    const usersWithMatchingId = await UserModel.find({"username": {"$regex": `^${query}`}})
-    const usersWithMatchingName = await UserModel.find({$or: [{"firstName": {"$regex": `^${query}`}}, {"lastName": {"$regex": `^${query}`}}]})
+
+    const usersWithMatchingId = await UserModel.find({"username": {"$regex": `^${query}`}}, {password: 0, email: 0})
+    const usersWithMatchingName = await UserModel.find({$or: [{"firstName": {"$regex": `^${query}`}}, {"lastName": {"$regex": `^${query}`}}]}, {password: 0, email: 0})
     return res.status(201).send({ usersById: usersWithMatchingId, usersByName: usersWithMatchingName});
   } catch(error){
     return res.status(401).send({ error: error.message });
-- 
GitLab