diff --git a/website/server/controllers/api-v3/user.js b/website/server/controllers/api-v3/user.js index b1f51be84f..a51da7602d 100644 --- a/website/server/controllers/api-v3/user.js +++ b/website/server/controllers/api-v3/user.js @@ -125,7 +125,9 @@ api.getUser = { */ api.getBuyList = { method: 'GET', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/inventory/buy', async handler (req, res) { let list = _.cloneDeep(common.updateStore(res.locals.user)); @@ -168,7 +170,9 @@ api.getBuyList = { */ api.getInAppRewardsList = { method: 'GET', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/in-app-rewards', async handler (req, res) { let list = common.inAppRewards(res.locals.user); @@ -549,7 +553,9 @@ api.getUserAnonymized = { */ api.sleep = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/sleep', async handler (req, res) { let user = res.locals.user; @@ -593,7 +599,9 @@ const buyKnownKeys = ['armoire', 'mystery', 'potion', 'quest', 'special']; */ api.buy = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/buy/:key', async handler (req, res) { let user = res.locals.user; @@ -657,7 +665,9 @@ api.buy = { */ api.buyGear = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/buy-gear/:key', async handler (req, res) { let user = res.locals.user; @@ -697,7 +707,9 @@ api.buyGear = { */ api.buyArmoire = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/buy-armoire', async handler (req, res) { let user = res.locals.user; @@ -737,7 +749,9 @@ api.buyArmoire = { */ api.buyHealthPotion = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/buy-health-potion', async handler (req, res) { let user = res.locals.user; @@ -779,7 +793,9 @@ api.buyHealthPotion = { */ api.buyMysterySet = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/buy-mystery-set/:key', async handler (req, res) { let user = res.locals.user; @@ -820,7 +836,9 @@ api.buyMysterySet = { */ api.buyQuest = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/buy-quest/:key', async handler (req, res) { let user = res.locals.user; @@ -860,7 +878,9 @@ api.buyQuest = { */ api.buySpecialSpell = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/buy-special-spell/:key', async handler (req, res) { let user = res.locals.user; @@ -904,7 +924,9 @@ api.buySpecialSpell = { */ api.hatch = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/hatch/:egg/:hatchingPotion', async handler (req, res) { let user = res.locals.user; @@ -956,7 +978,9 @@ api.hatch = { */ api.equip = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/equip/:type/:key', async handler (req, res) { let user = res.locals.user; @@ -991,7 +1015,9 @@ api.equip = { */ api.feed = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/feed/:pet/:food', async handler (req, res) { let user = res.locals.user; @@ -1035,7 +1061,9 @@ api.feed = { */ api.changeClass = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/change-class', async handler (req, res) { let user = res.locals.user; @@ -1056,7 +1084,9 @@ api.changeClass = { */ api.disableClasses = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/disable-classes', async handler (req, res) { let user = res.locals.user; @@ -1088,7 +1118,9 @@ api.disableClasses = { */ api.purchase = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/purchase/:type/:key', async handler (req, res) { let user = res.locals.user; @@ -1135,7 +1167,9 @@ api.purchase = { */ api.userPurchaseHourglass = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/purchase-hourglass/:type/:key', async handler (req, res) { let user = res.locals.user; @@ -1187,7 +1221,9 @@ api.userPurchaseHourglass = { */ api.readCard = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/read-card/:cardType', async handler (req, res) { let user = res.locals.user; @@ -1229,7 +1265,9 @@ api.readCard = { */ api.userOpenMysteryItem = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/open-mystery-item', async handler (req, res) { let user = res.locals.user; @@ -1261,7 +1299,9 @@ api.userOpenMysteryItem = { */ api.userReleasePets = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/release-pets', async handler (req, res) { let user = res.locals.user; @@ -1310,7 +1350,9 @@ api.userReleasePets = { */ api.userReleaseBoth = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/release-both', async handler (req, res) { let user = res.locals.user; @@ -1346,7 +1388,9 @@ api.userReleaseBoth = { */ api.userReleaseMounts = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/release-mounts', async handler (req, res) { let user = res.locals.user; @@ -1376,7 +1420,9 @@ api.userReleaseMounts = { */ api.userSell = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/sell/:type/:key', async handler (req, res) { let user = res.locals.user; @@ -1419,7 +1465,9 @@ api.userSell = { */ api.userUnlock = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/unlock', async handler (req, res) { let user = res.locals.user; @@ -1445,7 +1493,9 @@ api.userUnlock = { */ api.userRevive = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/revive', async handler (req, res) { let user = res.locals.user; @@ -1485,7 +1535,9 @@ api.userRevive = { */ api.userRebirth = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/rebirth', async handler (req, res) { let user = res.locals.user; @@ -1643,7 +1695,9 @@ api.markPmsRead = { */ api.userReroll = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/reroll', async handler (req, res) { let user = res.locals.user; @@ -1687,7 +1741,9 @@ api.userReroll = { */ api.userReset = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/reset', async handler (req, res) { let user = res.locals.user; @@ -1738,7 +1794,9 @@ api.userReset = { */ api.setCustomDayStart = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/custom-day-start', async handler (req, res) { let user = res.locals.user; @@ -1776,7 +1834,9 @@ api.setCustomDayStart = { */ api.togglePinnedItem = { method: 'GET', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/toggle-pinned-item/:type/:path', async handler (req, res) { let user = res.locals.user; @@ -1814,7 +1874,9 @@ api.togglePinnedItem = { api.movePinnedItem = { method: 'POST', url: '/user/move-pinned-item/:path/move/to/:position', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('path', res.t('taskIdRequired')).notEmpty(); req.checkParams('position', res.t('positionRequired')).notEmpty().isNumeric();