Question 1 of 10Security
x

An AI coding assistant generated this Node.js endpoint. You're reviewing the PR. What's the most severe issue?

app.post("/login", async (req, res) => {
  const { email, password } = req.body;
  const user = await db.query(
    `SELECT * FROM users WHERE email = '${email}'`
  );
  if (user && await bcrypt.compare(password, user.password_hash)) {
    const token = jwt.sign({ id: user.id }, "secret123");
    return res.json({ token });
  }
  res.status(401).json({ error: "Invalid credentials" });
});
Leaning