这是indexloc提供的服务,不要输入任何密码
Skip to content

Limit return object of user when returned in some endpoints #1492

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 22, 2024
+24 −13
Merged

Limit return object of user when returned in some endpoints #1492

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 1 addition & 4 deletions server/endpoints/admin.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,7 @@ function adminEndpoints(app) {
[validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
async (_request, response) => {
try {
const users = (await User.where()).map((user) => {
const { password, ...rest } = user;
return rest;
});
const users = await User.where();
response.status(200).json({ users });
} catch (e) {
console.error(e);
Expand Down
5 changes: 1 addition & 4 deletions server/endpoints/api/admin/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,10 +73,7 @@ function apiAdminEndpoints(app) {
return;
}

const users = (await User.where()).map((user) => {
const { password, ...rest } = user;
return rest;
});
const users = await User.where();
response.status(200).json({ users });
} catch (e) {
console.error(e);
Expand Down
6 changes: 3 additions & 3 deletions server/endpoints/system.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ function systemEndpoints(app) {

if (await SystemSettings.isMultiUserMode()) {
const { username, password } = reqBody(request);
const existingUser = await User.get({ username: String(username) });
const existingUser = await User._get({ username: String(username) });

if (!existingUser) {
await EventLogs.logEvent(
Expand Down Expand Up @@ -188,7 +188,7 @@ function systemEndpoints(app) {
// Return recovery codes to frontend
response.status(200).json({
valid: true,
user: existingUser,
user: User.filterFields(existingUser),
token: makeJWT(
{ id: existingUser.id, username: existingUser.username },
"30d"
Expand All @@ -201,7 +201,7 @@ function systemEndpoints(app) {

response.status(200).json({
valid: true,
user: existingUser,
user: User.filterFields(existingUser),
token: makeJWT(
{ id: existingUser.id, username: existingUser.username },
"30d"
Expand Down
21 changes: 19 additions & 2 deletions server/models/user.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ const User = {
return String(value);
}
},

filterFields: function (user = {}) {
const { password, ...rest } = user;
return { ...rest };
},

create: async function ({ username, password, role = "default" }) {
const passwordCheck = this.checkPasswordComplexity(password);
if (!passwordCheck.checkedOK) {
Expand All @@ -35,7 +41,7 @@ const User = {
role,
},
});
return { user, error: null };
return { user: this.filterFields(user), error: null };
} catch (error) {
console.error("FAILED TO CREATE USER.", error.message);
return { user: null, error: error.message };
Expand Down Expand Up @@ -127,6 +133,17 @@ const User = {
},

get: async function (clause = {}) {
try {
const user = await prisma.users.findFirst({ where: clause });
return user ? this.filterFields({ ...user }) : null;
} catch (error) {
console.error(error.message);
return null;
}
},

// Returns user object with all fields
_get: async function (clause = {}) {
try {
const user = await prisma.users.findFirst({ where: clause });
return user ? { ...user } : null;
Expand Down Expand Up @@ -162,7 +179,7 @@ const User = {
where: clause,
...(limit !== null ? { take: limit } : {}),
});
return users;
return users.map((usr) => this.filterFields(usr));
} catch (error) {
console.error(error.message);
return [];
Expand Down