Demonstrate proper security (do not use req.body directly)

[glebec]

boilermaker/server/auth/index.js

Line 24 in 43c4e85

const user = await User.create(req.body)

Whatever we show students, they inevitably emulate in future projects – even when we explicitly state that it is an antipattern, there for education. Accordingly, I think we should extract the properties we want from req.body (or blacklist sensitive properties) rather than pass it directly to .create.

[collin]

💯 ✖️ 💯