Do not return any keys in API

This commit is contained in:
Andrew Nicolaou 2019-05-14 12:26:25 +02:00 committed by Cassie Tarakajian
parent de5e1a9e8f
commit 7bfacf08d0
2 changed files with 11 additions and 2 deletions

View file

@ -13,7 +13,7 @@ export function createSession(req, res, next) {
email: req.user.email, email: req.user.email,
username: req.user.username, username: req.user.username,
preferences: req.user.preferences, preferences: req.user.preferences,
apiKeys: req.user.apiKeys, apiKeys: req.user.publicApiKeys,
verified: req.user.verified, verified: req.user.verified,
id: req.user._id id: req.user._id
}); });
@ -27,7 +27,7 @@ export function getSession(req, res) {
email: req.user.email, email: req.user.email,
username: req.user.username, username: req.user.username,
preferences: req.user.preferences, preferences: req.user.preferences,
apiKeys: req.user.apiKeys, apiKeys: req.user.publicApiKeys,
verified: req.user.verified, verified: req.user.verified,
id: req.user._id id: req.user._id
}); });

View file

@ -16,6 +16,10 @@ const apiKeySchema = new Schema({
hashedKey: { type: String, required: true }, hashedKey: { type: String, required: true },
}, { timestamps: true, _id: true }); }, { timestamps: true, _id: true });
apiKeySchema.virtual('publicFields').get(function publicFields() {
return { id: this.id, label: this.label, lastUsedAt: this.lastUsedAt };
});
apiKeySchema.virtual('id').get(function getApiKeyId() { apiKeySchema.virtual('id').get(function getApiKeyId() {
return this._id.toHexString(); return this._id.toHexString();
}); });
@ -95,6 +99,11 @@ userSchema.virtual('id').get(function idToString() {
return this._id.toHexString(); return this._id.toHexString();
}); });
userSchema.virtual('publicApiKeys').get(function publicApiKeys() {
return this.apiKeys.map(apiKey => apiKey.publicFields);
});
userSchema.set('toJSON', { userSchema.set('toJSON', {
virtuals: true virtuals: true
}); });