Skip to content

Commit

Permalink
Limit return object of user when returned in some endpoints
Browse files Browse the repository at this point in the history
  • Loading branch information
@timothycarambat
timothycarambat committed May 22, 2024
1 parent e208074 commit 9df4521
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 13 deletions.
5 changes: 1 addition & 4 deletions server/endpoints/admin.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,7 @@ function adminEndpoints(app) {
[validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
async (_request, response) => {
try {
const users = (await User.where()).map((user) => {
const { password, ...rest } = user;
return rest;
});
const users = await User.where();
response.status(200).json({ users });
} catch (e) {
console.error(e);
Expand Down
5 changes: 1 addition & 4 deletions server/endpoints/api/admin/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,10 +73,7 @@ function apiAdminEndpoints(app) {
return;
}

const users = (await User.where()).map((user) => {
const { password, ...rest } = user;
return rest;
});
const users = await User.where();
response.status(200).json({ users });
} catch (e) {
console.error(e);
Expand Down
6 changes: 3 additions & 3 deletions server/endpoints/system.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ function systemEndpoints(app) {

if (await SystemSettings.isMultiUserMode()) {
const { username, password } = reqBody(request);
const existingUser = await User.get({ username: String(username) });
const existingUser = await User._get({ username: String(username) });

if (!existingUser) {
await EventLogs.logEvent(
Expand Down Expand Up @@ -188,7 +188,7 @@ function systemEndpoints(app) {
// Return recovery codes to frontend
response.status(200).json({
valid: true,
user: existingUser,
user: User.filterFields(existingUser),
token: makeJWT(
{ id: existingUser.id, username: existingUser.username },
"30d"
Expand All @@ -201,7 +201,7 @@ function systemEndpoints(app) {

response.status(200).json({
valid: true,
user: existingUser,
user: User.filterFields(existingUser),
token: makeJWT(
{ id: existingUser.id, username: existingUser.username },
"30d"
Expand Down
21 changes: 19 additions & 2 deletions server/models/user.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ const User = {
return String(value);
}
},

filterFields: function (user = {}) {
const { password, ...rest } = user;
return { ...rest };
},

create: async function ({ username, password, role = "default" }) {
const passwordCheck = this.checkPasswordComplexity(password);
if (!passwordCheck.checkedOK) {
Expand All @@ -35,7 +41,7 @@ const User = {
role,
},
});
return { user, error: null };
return { user: this.filterFields(user), error: null };
} catch (error) {
console.error("FAILED TO CREATE USER.", error.message);
return { user: null, error: error.message };
Expand Down Expand Up @@ -127,6 +133,17 @@ const User = {
},

get: async function (clause = {}) {
try {
const user = await prisma.users.findFirst({ where: clause });
return user ? this.filterFields({ ...user }) : null;
} catch (error) {
console.error(error.message);
return null;
}
},

// Returns user object with all fields
_get: async function (clause = {}) {
try {
const user = await prisma.users.findFirst({ where: clause });
return user ? { ...user } : null;
Expand Down Expand Up @@ -162,7 +179,7 @@ const User = {
where: clause,
...(limit !== null ? { take: limit } : {}),
});
return users;
return users.map((usr) => this.filterFields(usr));
} catch (error) {
console.error(error.message);
return [];
Expand Down

0 comments on commit 9df4521

Please sign in to comment.