Hey Hassan ! i've saw your project online , i am a fan of MERN stack web , so i've review your source code , there's a lot of issues , and leak of business logic , and bugs
one of them, in this API endpoint , /api/user/edit-user , to provide the user an ability to update its profile data , in this case , you miss the proper validation of user's ID , i can bypass this and update someone else profile by getting its ID .
there's a lot of issues , i just liked your project , and decide to go along with it .