whitelist fields

Author: StephenGrider

server/routes/surveyRoutes.js

@@ -11,7 +11,9 @@ const Survey = mongoose.model('surveys');
 
 module.exports = app => {
   app.get('/api/surveys', requireLogin, async (req, res) => {
-    const surveys = await Survey.find({ _user: req.user.id });
+    const surveys = await Survey.find({ _user: req.user.id }).select({
+      recipients: false
+    });
 
     res.send(surveys);
   });