From 4b8385419eec953c0347f6df8a49ad7656d9c228 Mon Sep 17 00:00:00 2001
From: Azalea <22280294+hykilpikonna@users.noreply.github.com>
Date: Tue, 20 Feb 2024 16:16:11 -0500
Subject: [PATCH] [O] Limit exposure of fields

---
 .../java/icu/samnyan/aqua/net/UserRegistrar.kt     | 14 +-------------
 .../java/icu/samnyan/aqua/net/db/AquaNetUser.kt    |  4 ++++
 .../icu/samnyan/aqua/sega/general/model/Card.java  |  3 +++
 3 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt b/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt
index e803321d..b511f98c 100644
--- a/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt
+++ b/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt
@@ -133,19 +133,7 @@ class UserRegistrar(
     }
 
     @API("/me")
-    suspend fun getUser(@RP token: Str) = jwt.auth(token) { u ->
-        mapOf(
-            "username" to u.username,
-            "email" to u.email,
-            "lastLogin" to u.lastLogin,
-            "regTime" to u.regTime,
-            "profileLocation" to u.profileLocation,
-            "profileBio" to u.profileBio,
-            "emailConfirmed" to u.emailConfirmed,
-            "ghostCard" to u.ghostCard.luid,
-            "cards" to u.cards.map { it.luid },
-        )
-    }
+    suspend fun getUser(@RP token: Str) = jwt.auth(token)
 
     @API("/setting")
     suspend fun setting(@RP token: Str, @RP key: Str, @RP value: Str) = jwt.auth(token) { u ->
diff --git a/src/main/java/icu/samnyan/aqua/net/db/AquaNetUser.kt b/src/main/java/icu/samnyan/aqua/net/db/AquaNetUser.kt
index cfe2a60c..ddd13de1 100644
--- a/src/main/java/icu/samnyan/aqua/net/db/AquaNetUser.kt
+++ b/src/main/java/icu/samnyan/aqua/net/db/AquaNetUser.kt
@@ -1,5 +1,6 @@
 package icu.samnyan.aqua.net.db
 
+import com.fasterxml.jackson.annotation.JsonIgnore
 import ext.Str
 import ext.isValidEmail
 import ext.minus
@@ -17,6 +18,7 @@ import kotlin.reflect.full.functions
 @Entity(name = "AquaNetUser")
 @Table(name = "aqua_net_user")
 class AquaNetUser(
+    @JsonIgnore
     @Id @GeneratedValue(strategy = GenerationType.IDENTITY)
     var auId: Long = 0,
 
@@ -26,6 +28,8 @@ class AquaNetUser(
     // Login credentials
     @Column(nullable = false, unique = true)
     var email: String = "",
+
+    @JsonIgnore
     @Column(nullable = false)
     var pwHash: String = "",
 
diff --git a/src/main/java/icu/samnyan/aqua/sega/general/model/Card.java b/src/main/java/icu/samnyan/aqua/sega/general/model/Card.java
index a4fca4a1..f0983b38 100644
--- a/src/main/java/icu/samnyan/aqua/sega/general/model/Card.java
+++ b/src/main/java/icu/samnyan/aqua/sega/general/model/Card.java
@@ -1,5 +1,6 @@
 package icu.samnyan.aqua.sega.general.model;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import icu.samnyan.aqua.net.db.AquaNetUser;
 import jakarta.persistence.*;
 import lombok.AllArgsConstructor;
@@ -29,6 +30,7 @@ public class Card implements Serializable {
 
     // A external id
     @Column(name = "ext_id", unique = true)
+    @JsonIgnore // Sensitive information
     private Long extId;
 
     // Access Code
@@ -44,5 +46,6 @@ public class Card implements Serializable {
     // Defines the AquaNet user that this card is bound to
     @ManyToOne
     @JoinColumn(name = "net_user_id")
+    @JsonIgnore
     private AquaNetUser aquaUser;
 }