From d34ec62901e4945007cdcc7441ba3bed9f7f6be5 Mon Sep 17 00:00:00 2001 From: Matteo Pagliazzi Date: Mon, 30 Apr 2018 20:36:31 +0200 Subject: [PATCH] Remove inbox from more routes (#10303) * remove inbox from some auth routes * remove inbox from quests routes * remove inbox from groups routes --- website/server/controllers/api-v3/auth.js | 20 ++++++-- website/server/controllers/api-v3/groups.js | 52 +++++++++++++++------ website/server/controllers/api-v3/quests.js | 28 ++++++++--- 3 files changed, 75 insertions(+), 25 deletions(-) diff --git a/website/server/controllers/api-v3/auth.js b/website/server/controllers/api-v3/auth.js index 5da13eedfd..3d69b05c80 100644 --- a/website/server/controllers/api-v3/auth.js +++ b/website/server/controllers/api-v3/auth.js @@ -388,7 +388,9 @@ api.loginSocial = { */ api.pusherAuth = { method: 'POST', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/auth/pusher', async handler (req, res) { let user = res.locals.user; @@ -456,7 +458,9 @@ api.pusherAuth = { **/ api.updateUsername = { method: 'PUT', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/auth/update-username', async handler (req, res) { let user = res.locals.user; @@ -510,7 +514,9 @@ api.updateUsername = { **/ api.updatePassword = { method: 'PUT', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/auth/update-password', async handler (req, res) { let user = res.locals.user; @@ -620,7 +626,9 @@ api.resetPassword = { */ api.updateEmail = { method: 'PUT', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], url: '/user/auth/update-email', async handler (req, res) { let user = res.locals.user; @@ -707,7 +715,9 @@ api.resetPasswordSetNewOne = { api.deleteSocial = { method: 'DELETE', url: '/user/auth/social/:network', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let network = req.params.network; diff --git a/website/server/controllers/api-v3/groups.js b/website/server/controllers/api-v3/groups.js index 4a5459077c..2a97fb6de2 100644 --- a/website/server/controllers/api-v3/groups.js +++ b/website/server/controllers/api-v3/groups.js @@ -109,7 +109,9 @@ let api = {}; api.createGroup = { method: 'POST', url: '/groups', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let group = new Group(Group.sanitize(req.body)); @@ -180,7 +182,9 @@ api.createGroup = { api.createGroupPlan = { method: 'POST', url: '/groups/create-plan', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let group = new Group(Group.sanitize(req.body.groupToCreate)); @@ -289,7 +293,9 @@ api.createGroupPlan = { api.getGroups = { method: 'GET', url: '/groups', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; @@ -377,7 +383,9 @@ api.getGroups = { api.getGroup = { method: 'GET', url: '/groups/:groupId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; @@ -435,7 +443,9 @@ api.getGroup = { api.updateGroup = { method: 'PUT', url: '/groups/:groupId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; @@ -498,7 +508,9 @@ api.updateGroup = { api.joinGroup = { method: 'POST', url: '/groups/:groupId/join', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let inviter; @@ -669,7 +681,9 @@ api.joinGroup = { api.rejectGroupInvite = { method: 'POST', url: '/groups/:groupId/reject-invite', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; @@ -744,7 +758,9 @@ function _removeMessagesFromMember (member, groupId) { api.leaveGroup = { method: 'POST', url: '/groups/:groupId/leave', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; req.checkParams('groupId', res.t('groupIdRequired')).notEmpty(); @@ -831,7 +847,9 @@ function _sendMessageToRemoved (group, removedUser, message, isInGroup) { api.removeGroupMember = { method: 'POST', url: '/groups/:groupId/removeMember/:memberId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; @@ -1149,7 +1167,9 @@ async function _inviteByEmail (invite, group, inviter, req, res) { api.inviteToGroup = { method: 'POST', url: '/groups/:groupId/invite', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; @@ -1212,7 +1232,9 @@ api.inviteToGroup = { api.addGroupManager = { method: 'POST', url: '/groups/:groupId/add-manager', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let managerId = req.body.managerId; @@ -1261,7 +1283,9 @@ api.addGroupManager = { api.removeGroupManager = { method: 'POST', url: '/groups/:groupId/remove-manager', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let managerId = req.body.managerId; @@ -1314,7 +1338,9 @@ api.removeGroupManager = { api.getGroupPlans = { method: 'GET', url: '/group-plans', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; diff --git a/website/server/controllers/api-v3/quests.js b/website/server/controllers/api-v3/quests.js index 57e7dcaabf..b08585e892 100644 --- a/website/server/controllers/api-v3/quests.js +++ b/website/server/controllers/api-v3/quests.js @@ -54,7 +54,9 @@ let api = {}; api.inviteToQuest = { method: 'POST', url: '/groups/:groupId/quests/invite/:questKey', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let questKey = req.params.questKey; @@ -168,7 +170,9 @@ api.inviteToQuest = { api.acceptQuest = { method: 'POST', url: '/groups/:groupId/quests/accept', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; @@ -227,7 +231,9 @@ api.acceptQuest = { api.rejectQuest = { method: 'POST', url: '/groups/:groupId/quests/reject', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; @@ -290,7 +296,9 @@ api.rejectQuest = { api.forceStart = { method: 'POST', url: '/groups/:groupId/quests/force-start', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; @@ -348,7 +356,9 @@ api.forceStart = { api.cancelQuest = { method: 'POST', url: '/groups/:groupId/quests/cancel', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { // Cancel a quest BEFORE it has begun (i.e., in the invitation stage) // Quest scroll has not yet left quest owner's inventory so no need to return it. @@ -402,7 +412,9 @@ api.cancelQuest = { api.abortQuest = { method: 'POST', url: '/groups/:groupId/quests/abort', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { // Abort a quest AFTER it has begun (see questCancel for BEFORE) let user = res.locals.user; @@ -462,7 +474,9 @@ api.abortQuest = { api.leaveQuest = { method: 'POST', url: '/groups/:groupId/quests/leave', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let groupId = req.params.groupId;