[O] Limit exposure of fields

2024-02-20 16:16:11 -05:00 · 2024-02-20 16:16:11 -05:00 · 4b8385419e
parent 878a543818
commit 4b8385419e
3 changed files with 8 additions and 13 deletions
--- a/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt
+++ b/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt
@ -133,19 +133,7 @@ class UserRegistrar(
    }

    @API("/me")
-    suspend fun getUser(@RP token: Str) = jwt.auth(token) { u ->
-        mapOf(
-            "username" to u.username,
-            "email" to u.email,
-            "lastLogin" to u.lastLogin,
-            "regTime" to u.regTime,
-            "profileLocation" to u.profileLocation,
-            "profileBio" to u.profileBio,
-            "emailConfirmed" to u.emailConfirmed,
-            "ghostCard" to u.ghostCard.luid,
-            "cards" to u.cards.map { it.luid },
-        )
-    }
+    suspend fun getUser(@RP token: Str) = jwt.auth(token)

    @API("/setting")
    suspend fun setting(@RP token: Str, @RP key: Str, @RP value: Str) = jwt.auth(token) { u ->
--- a/src/main/java/icu/samnyan/aqua/net/db/AquaNetUser.kt
+++ b/src/main/java/icu/samnyan/aqua/net/db/AquaNetUser.kt
@ -1,5 +1,6 @@
 package icu.samnyan.aqua.net.db

+import com.fasterxml.jackson.annotation.JsonIgnore
 import ext.Str
 import ext.isValidEmail
 import ext.minus
@ -17,6 +18,7 @@ import kotlin.reflect.full.functions
@Entity(name = "AquaNetUser")
@Table(name = "aqua_net_user")
 class AquaNetUser(
+    @JsonIgnore
    @Id @GeneratedValue(strategy = GenerationType.IDENTITY)
    var auId: Long = 0,

@ -26,6 +28,8 @@ class AquaNetUser(
    // Login credentials
    @Column(nullable = false, unique = true)
    var email: String = "",
+
+    @JsonIgnore
    @Column(nullable = false)
    var pwHash: String = "",

--- a/src/main/java/icu/samnyan/aqua/sega/general/model/Card.java
+++ b/src/main/java/icu/samnyan/aqua/sega/general/model/Card.java
@ -1,5 +1,6 @@
 package icu.samnyan.aqua.sega.general.model;

+import com.fasterxml.jackson.annotation.JsonIgnore;
 import icu.samnyan.aqua.net.db.AquaNetUser;
 import jakarta.persistence.*;
 import lombok.AllArgsConstructor;
@ -29,6 +30,7 @@ public class Card implements Serializable {

    // A external id
    @Column(name = "ext_id", unique = true)
+    @JsonIgnore // Sensitive information
    private Long extId;

    // Access Code
@ -44,5 +46,6 @@ public class Card implements Serializable {
    // Defines the AquaNet user that this card is bound to
    @ManyToOne
    @JoinColumn(name = "net_user_id")
+    @JsonIgnore
    private AquaNetUser aquaUser;
 }