Step 8: Update users route

Let's update src/routes/users.js to account for the updates made to UserDao.

Update request handler for POST:

const { name, email, password } = req.body;
const user = await userDao.create({ name, email, password });

Update request handler for PUT:

const { name, email, password } = req.body;
const user = await userDao.update({ id, name, email, password });

Hide the password from response!

It is not a good practice to show even the hashed password to clients! Let's hide the password attribute from the response. Add this helper function to src/routes/users.js:

// pre: user is a Mongoose object
const hidePassword = (user) => {
  const { password, __v, ...rest } = user._doc;
  return rest;
};

Everywhere we return user, we must hide password. Example:

res.json({
  status: 200,
  message: `Successfully retrieved ${users.length} users!`,
  data: users.map((user) => hidePassword(user)),
});

Refer to the commit history to see the changes made at this step.