krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-13 20:57:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove inbox from more routes (#10303)

Browse Source 
* remove inbox from some auth routes

* remove inbox from quests routes

* remove inbox from groups routes
This commit is contained in:
Matteo Pagliazzi
2018-04-30 20:36:31 +02:00
committed by GitHub
parent ca73b9af41
commit d34ec62901
3 changed files with 75 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
website/server/controllers/api-v3/auth.js
View File

@@ -388,7 +388,9 @@ api.loginSocial = {
*/ */
api.pusherAuth = { api.pusherAuth = {
method: 'POST', method: 'POST',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
url: '/user/auth/pusher', url: '/user/auth/pusher',
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -456,7 +458,9 @@ api.pusherAuth = {
**/ **/
api.updateUsername = { api.updateUsername = {
method: 'PUT', method: 'PUT',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
url: '/user/auth/update-username', url: '/user/auth/update-username',
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -510,7 +514,9 @@ api.updateUsername = {
**/ **/
api.updatePassword = { api.updatePassword = {
method: 'PUT', method: 'PUT',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
url: '/user/auth/update-password', url: '/user/auth/update-password',
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -620,7 +626,9 @@ api.resetPassword = {
*/ */
api.updateEmail = { api.updateEmail = {
method: 'PUT', method: 'PUT',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
url: '/user/auth/update-email', url: '/user/auth/update-email',
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -707,7 +715,9 @@ api.resetPasswordSetNewOne = {
api.deleteSocial = { api.deleteSocial = {
method: 'DELETE', method: 'DELETE',
url: '/user/auth/social/:network', url: '/user/auth/social/:network',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
let network = req.params.network; let network = req.params.network;

52
website/server/controllers/api-v3/groups.js
View File

@@ -109,7 +109,9 @@ let api = {};
api.createGroup = { api.createGroup = {
method: 'POST', method: 'POST',
url: '/groups', url: '/groups',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
let group = new Group(Group.sanitize(req.body)); let group = new Group(Group.sanitize(req.body));
@@ -180,7 +182,9 @@ api.createGroup = {
api.createGroupPlan = { api.createGroupPlan = {
method: 'POST', method: 'POST',
url: '/groups/create-plan', url: '/groups/create-plan',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
let group = new Group(Group.sanitize(req.body.groupToCreate)); let group = new Group(Group.sanitize(req.body.groupToCreate));
@@ -289,7 +293,9 @@ api.createGroupPlan = {
api.getGroups = { api.getGroups = {
method: 'GET', method: 'GET',
url: '/groups', url: '/groups',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -377,7 +383,9 @@ api.getGroups = {
api.getGroup = { api.getGroup = {
method: 'GET', method: 'GET',
url: '/groups/:groupId', url: '/groups/:groupId',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -435,7 +443,9 @@ api.getGroup = {
api.updateGroup = { api.updateGroup = {
method: 'PUT', method: 'PUT',
url: '/groups/:groupId', url: '/groups/:groupId',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -498,7 +508,9 @@ api.updateGroup = {
api.joinGroup = { api.joinGroup = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/join', url: '/groups/:groupId/join',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
let inviter; let inviter;
@@ -669,7 +681,9 @@ api.joinGroup = {
api.rejectGroupInvite = { api.rejectGroupInvite = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/reject-invite', url: '/groups/:groupId/reject-invite',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -744,7 +758,9 @@ function _removeMessagesFromMember (member, groupId) {
api.leaveGroup = { api.leaveGroup = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/leave', url: '/groups/:groupId/leave',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
req.checkParams('groupId', res.t('groupIdRequired')).notEmpty(); req.checkParams('groupId', res.t('groupIdRequired')).notEmpty();
@@ -831,7 +847,9 @@ function _sendMessageToRemoved (group, removedUser, message, isInGroup) {
api.removeGroupMember = { api.removeGroupMember = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/removeMember/:memberId', url: '/groups/:groupId/removeMember/:memberId',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -1149,7 +1167,9 @@ async function _inviteByEmail (invite, group, inviter, req, res) {
api.inviteToGroup = { api.inviteToGroup = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/invite', url: '/groups/:groupId/invite',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -1212,7 +1232,9 @@ api.inviteToGroup = {
api.addGroupManager = { api.addGroupManager = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/add-manager', url: '/groups/:groupId/add-manager',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
let managerId = req.body.managerId; let managerId = req.body.managerId;
@@ -1261,7 +1283,9 @@ api.addGroupManager = {
api.removeGroupManager = { api.removeGroupManager = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/remove-manager', url: '/groups/:groupId/remove-manager',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
let managerId = req.body.managerId; let managerId = req.body.managerId;
@@ -1314,7 +1338,9 @@ api.removeGroupManager = {
api.getGroupPlans = { api.getGroupPlans = {
method: 'GET', method: 'GET',
url: '/group-plans', url: '/group-plans',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;

28
website/server/controllers/api-v3/quests.js
View File

@@ -54,7 +54,9 @@ let api = {};
api.inviteToQuest = { api.inviteToQuest = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/quests/invite/:questKey', url: '/groups/:groupId/quests/invite/:questKey',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
let questKey = req.params.questKey; let questKey = req.params.questKey;
@@ -168,7 +170,9 @@ api.inviteToQuest = {
api.acceptQuest = { api.acceptQuest = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/quests/accept', url: '/groups/:groupId/quests/accept',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -227,7 +231,9 @@ api.acceptQuest = {
api.rejectQuest = { api.rejectQuest = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/quests/reject', url: '/groups/:groupId/quests/reject',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -290,7 +296,9 @@ api.rejectQuest = {
api.forceStart = { api.forceStart = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/quests/force-start', url: '/groups/:groupId/quests/force-start',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
@@ -348,7 +356,9 @@ api.forceStart = {
api.cancelQuest = { api.cancelQuest = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/quests/cancel', url: '/groups/:groupId/quests/cancel',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
// Cancel a quest BEFORE it has begun (i.e., in the invitation stage) // Cancel a quest BEFORE it has begun (i.e., in the invitation stage)
// Quest scroll has not yet left quest owner's inventory so no need to return it. // Quest scroll has not yet left quest owner's inventory so no need to return it.
@@ -402,7 +412,9 @@ api.cancelQuest = {
api.abortQuest = { api.abortQuest = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/quests/abort', url: '/groups/:groupId/quests/abort',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
// Abort a quest AFTER it has begun (see questCancel for BEFORE) // Abort a quest AFTER it has begun (see questCancel for BEFORE)
let user = res.locals.user; let user = res.locals.user;
@@ -462,7 +474,9 @@ api.abortQuest = {
api.leaveQuest = { api.leaveQuest = {
method: 'POST', method: 'POST',
url: '/groups/:groupId/quests/leave', url: '/groups/:groupId/quests/leave',
middlewares: [authWithHeaders()], middlewares: [authWithHeaders({
userFieldsToExclude: ['inbox'],
})],
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
let groupId = req.params.groupId; let groupId = req.params.groupId;