/user/anonymized - return user json without personal data

2025-12-19 15:48:04 +01:00 · 2015-05-08 18:52:29 +02:00
parent 4ccfaa974f
commit 1f674aab41
3 changed files with 69 additions and 0 deletions
--- a/test/api.mocha.coffee
+++ b/test/api.mocha.coffee
@@ -259,6 +259,12 @@ describe "API", ->
              expect(body.err).to.be "Task not found."
              done()

+    describe "Anonymized User", ->
+      it "/api/v2/user/anonymized", (done) ->
+        request.get(baseURL + "/user/anonymized").set("Accept", "application/json").end (res) ->
+          expect(res.statusCode).to.be 200
+          done()
+
    ###*
    GROUPS
    ###
--- a/website/src/controllers/user.js
+++ b/website/src/controllers/user.js
@@ -215,6 +215,64 @@ api.getUser = function(req, res, next) {
  return res.json(200, user);
 };

+/**
+ * Get anonymized User
+ */
+api.getUserAnonymized = function(req, res, next) {
+  var user = res.locals.user.toJSON();
+  user.stats.toNextLevel = shared.tnl(user.stats.lvl);
+  user.stats.maxHealth = 50;
+  user.stats.maxMP = res.locals.user._statsComputed.maxMP;
+  delete user.apiToken;
+  if (user.auth) {
+    delete user.auth;
+  }
+
+  delete user.webhooks;
+
+  _.forEach(user.inbox.messages, function(msg){
+    msg.text = "inbox message text";
+  });
+
+  _.forEach(user.tags, function(tag){
+    tag.name = "tag";
+    tag.challenge = "challenge";
+  });
+
+  function cleanChecklist(task){
+    var checklistIndex = 0;
+
+    _.forEach(task.checklist, function(c){
+      c.text = "item" + checklistIndex++;
+    });
+  }
+
+  _.forEach(user.habits, function(task){
+    task.text = "task text";
+    task.notes = "task notes";
+  });
+
+  _.forEach(user.rewards, function(task){
+    task.text = "task text";
+    task.notes = "task notes";
+  });
+
+  _.forEach(user.dailys, function(task){
+    task.text = "task text";
+    task.notes = "task notes";
+
+    cleanChecklist(task);
+  });
+
+  _.forEach(user.todos, function(task){
+    task.text = "task text";
+    task.notes = "task notes";
+
+    cleanChecklist(task);
+  });
+
+  return res.json(200, user);
+};

 /**
 * This tells us for which paths users can call `PUT /user` (or batch-update equiv, which use `User.set()` on our client).
--- a/website/src/routes/apiv2.coffee
+++ b/website/src/routes/apiv2.coffee
@@ -227,6 +227,11 @@ module.exports = (swagger, v2) ->
        description: "Get the full user object"
      action: user.getUser

+    "/user/anonymized":
+      spec:
+        description: "Get the user object without any personal data"
+      action: user.getUserAnonymized
+
    "/user:PUT":
      spec:
        path: '/user'