From e761d962b1f7b8ccd9b4d41c06e79b1de49fd8b0 Mon Sep 17 00:00:00 2001
From: luchenqun <luchenqun@qq.com>
Date: Tue, 21 Mar 2017 21:02:24 +0800
Subject: [PATCH] =?UTF-8?q?=E5=8E=BB=E6=8E=89=E4=B8=80=E4=BA=9B=E4=BF=A1?=
 =?UTF-8?q?=E6=81=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 routes/api.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/routes/api.js b/routes/api.js
index 3026cd4..ebb6cba 100644
--- a/routes/api.js
+++ b/routes/api.js
@@ -68,6 +68,7 @@ api.post('/login', function(req, res) {
                 req.session.username = ret.user.username;
                 req.session.userId = ret.user.id;
             }
+            ret.user.password = "*";
             res.json(ret);
             return ret.logined ? db.updateUserLastLogin(ret.user.id) : Promise.resolve(0);
         })
@@ -87,6 +88,7 @@ api.get('/userInfo', function(req, res) {
     db.getUser(req.session.username)
         .then((_user) => {
             user = _user
+            user.password = "*";
             if (req.session.username == 'lcq' && req.session.userId == 1) {
                 return db.getActiveUsers();
             } else {
@@ -203,6 +205,7 @@ api.get('/autoLogin', function(req, res) {
         db.getUser(req.session.user.username)
             .then((user) => {
                 if (user) {
+                    user.password = "*";
                     ret.logined = true;
                     ret.user = user;
                 }