mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-13 12:47:28 +01:00
Remove inbox from more routes (#10303)
* remove inbox from some auth routes * remove inbox from quests routes * remove inbox from groups routes
This commit is contained in:
Matteo Pagliazzi
GitHub
@@ -388,7 +388,9 @@ api.loginSocial = {
|
||||
*/
|
||||
api.pusherAuth = {
|
||||
method: 'POST',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
url: '/user/auth/pusher',
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
@@ -456,7 +458,9 @@ api.pusherAuth = {
|
||||
**/
|
||||
api.updateUsername = {
|
||||
method: 'PUT',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
url: '/user/auth/update-username',
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
@@ -510,7 +514,9 @@ api.updateUsername = {
|
||||
**/
|
||||
api.updatePassword = {
|
||||
method: 'PUT',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
url: '/user/auth/update-password',
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
@@ -620,7 +626,9 @@ api.resetPassword = {
|
||||
*/
|
||||
api.updateEmail = {
|
||||
method: 'PUT',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
url: '/user/auth/update-email',
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
@@ -707,7 +715,9 @@ api.resetPasswordSetNewOne = {
|
||||
api.deleteSocial = {
|
||||
method: 'DELETE',
|
||||
url: '/user/auth/social/:network',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
let network = req.params.network;
|
||||
|
||||
@@ -109,7 +109,9 @@ let api = {};
|
||||
api.createGroup = {
|
||||
method: 'POST',
|
||||
url: '/groups',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
let group = new Group(Group.sanitize(req.body));
|
||||
@@ -180,7 +182,9 @@ api.createGroup = {
|
||||
api.createGroupPlan = {
|
||||
method: 'POST',
|
||||
url: '/groups/create-plan',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
let group = new Group(Group.sanitize(req.body.groupToCreate));
|
||||
@@ -289,7 +293,9 @@ api.createGroupPlan = {
|
||||
api.getGroups = {
|
||||
method: 'GET',
|
||||
url: '/groups',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
|
||||
@@ -377,7 +383,9 @@ api.getGroups = {
|
||||
api.getGroup = {
|
||||
method: 'GET',
|
||||
url: '/groups/:groupId',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
|
||||
@@ -435,7 +443,9 @@ api.getGroup = {
|
||||
api.updateGroup = {
|
||||
method: 'PUT',
|
||||
url: '/groups/:groupId',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
|
||||
@@ -498,7 +508,9 @@ api.updateGroup = {
|
||||
api.joinGroup = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/join',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
let inviter;
|
||||
@@ -669,7 +681,9 @@ api.joinGroup = {
|
||||
api.rejectGroupInvite = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/reject-invite',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
|
||||
@@ -744,7 +758,9 @@ function _removeMessagesFromMember (member, groupId) {
|
||||
api.leaveGroup = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/leave',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
req.checkParams('groupId', res.t('groupIdRequired')).notEmpty();
|
||||
@@ -831,7 +847,9 @@ function _sendMessageToRemoved (group, removedUser, message, isInGroup) {
|
||||
api.removeGroupMember = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/removeMember/:memberId',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
|
||||
@@ -1149,7 +1167,9 @@ async function _inviteByEmail (invite, group, inviter, req, res) {
|
||||
api.inviteToGroup = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/invite',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
|
||||
@@ -1212,7 +1232,9 @@ api.inviteToGroup = {
|
||||
api.addGroupManager = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/add-manager',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
let managerId = req.body.managerId;
|
||||
@@ -1261,7 +1283,9 @@ api.addGroupManager = {
|
||||
api.removeGroupManager = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/remove-manager',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
let managerId = req.body.managerId;
|
||||
@@ -1314,7 +1338,9 @@ api.removeGroupManager = {
|
||||
api.getGroupPlans = {
|
||||
method: 'GET',
|
||||
url: '/group-plans',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
|
||||
|
||||
@@ -54,7 +54,9 @@ let api = {};
|
||||
api.inviteToQuest = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/quests/invite/:questKey',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
let questKey = req.params.questKey;
|
||||
@@ -168,7 +170,9 @@ api.inviteToQuest = {
|
||||
api.acceptQuest = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/quests/accept',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
|
||||
@@ -227,7 +231,9 @@ api.acceptQuest = {
|
||||
api.rejectQuest = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/quests/reject',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
|
||||
@@ -290,7 +296,9 @@ api.rejectQuest = {
|
||||
api.forceStart = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/quests/force-start',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
|
||||
@@ -348,7 +356,9 @@ api.forceStart = {
|
||||
api.cancelQuest = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/quests/cancel',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
// Cancel a quest BEFORE it has begun (i.e., in the invitation stage)
|
||||
// Quest scroll has not yet left quest owner's inventory so no need to return it.
|
||||
@@ -402,7 +412,9 @@ api.cancelQuest = {
|
||||
api.abortQuest = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/quests/abort',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
// Abort a quest AFTER it has begun (see questCancel for BEFORE)
|
||||
let user = res.locals.user;
|
||||
@@ -462,7 +474,9 @@ api.abortQuest = {
|
||||
api.leaveQuest = {
|
||||
method: 'POST',
|
||||
url: '/groups/:groupId/quests/leave',
|
||||
middlewares: [authWithHeaders()],
|
||||
middlewares: [authWithHeaders({
|
||||
userFieldsToExclude: ['inbox'],
|
||||
})],
|
||||
async handler (req, res) {
|
||||
let user = res.locals.user;
|
||||
let groupId = req.params.groupId;
|
||||
|
||||
Reference in New Issue
Block a user