I'm creating a simple application using MEAN stack. My code is working fine but i want to remove one key from the response. Please look at my ocde.

models/user.js

const mongoose = require('mongoose');

const Schema = mongoose.Schema;
const userSchema = new Schema({
    firstName: String,
    lastName: String,
    email: String,
    //password: String, // <--------- commented out
    userid: String,
    skills: []
})

module.exports = mongoose.model('user', userSchema, 'users');

Notice that I've commented out password key. But I guess that's not enough. As I can still see password in response:

Postman screenshot

(Note: Email Id and encrypted Password in this image are absolutely fake and hence there's no security issue)

api.js

const User = require('../models/user');
...
router.get('/users', function (req, res) {
    console.log('Get request for all users');
    User.find({})
        .exec(function (err, user) {
            if (err) {
                console.log("Error retrieving users");
            } else {
                res.json(user);
            }
        });
});

Now tomorrow When I'll be using real email and password, though I'll encrypt the password but still i don't want to show password key whatsoever. It should not be displayed in the network tab of browser also.

Please give me some directions.

CodePudding user response：

You can use the mongoose select method to exclude certain fields. https://mongoosejs.com/docs/api.html#query_Query-select

User.find({})
        .select('-password')
        .exec(function (err, user) {
            if (err) {
                console.log("Error retrieving users");
            } else {
                res.json(user);
            }
        });

CodePudding user response：

You can try this :

const User = require('../models/user');
...
router.get('/users', function (req, res) {
    console.log('Get request for all users');
    const user = User.find({} , {password:0});

    return res.json({ user: user });
});