Fix update user.

pages/api/auth/login.ts

@@ -45,7 +45,10 @@ export default async (
 
       const token = createSecureToken({ userId: user.id }, secret());
 
-      return ok(res, { token, user });
+      return ok(res, {
+        token,
+        user: { id: user.id, username: user.username, createdAt: user.createdAt },
+      });
     }
 
     return unauthorized(res, 'message.incorrect-username-password');

pages/api/users/[id]/index.ts

@@ -1,4 +1,4 @@
-import { NextApiRequestQueryBody, User } from 'lib/types';
+import { NextApiRequestQueryBody, Roles, User } from 'lib/types';
 import { canDeleteUser, canUpdateUser, canViewUser } from 'lib/auth';
 import { useAuth } from 'lib/middleware';
 import { NextApiResponse } from 'next';
@@ -12,6 +12,7 @@ export interface UserRequestQuery {
 export interface UserRequestBody {
   username: string;
   password: string;
+  role: Roles;
 }
 
 export default async (
@@ -40,17 +41,20 @@ export default async (
       return unauthorized(res);
     }
 
-    const { username, password } = req.body;
+    const { username, password, role } = req.body;
 
     const user = await getUser({ id });
 
     const data: any = {};
 
-    // Only admin can change these fields
-    if (password && isAdmin) {
+    if (password) {
       data.password = hashPassword(password);
     }
 
+    if (role && isAdmin) {
+      data.role = role;
+    }
+
     // Only admin can change these fields
     if (username && isAdmin) {
       data.username = username;