kamp/anything-llm
1
0
Fork 0
mirror of https://github.com/Mintplex-Labs/anything-llm.git synced 2024-11-10 17:00:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Limit return object of user when returned in some endpoints (#1492)

Browse Source
This commit is contained in:
Timothy Carambat 2024-05-22 12:32:39 -05:00 committed by GitHub
parent e208074ef4
commit c2d37ccce5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 24 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
server/endpoints/admin.js
View File

@ -33,10 +33,7 @@ function adminEndpoints(app) {
[validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])], [validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
async (_request, response) => { async (_request, response) => {
try { try {
const users = (await User.where()).map((user) => { const users = await User.where();
const { password, ...rest } = user;
return rest;
});
response.status(200).json({ users }); response.status(200).json({ users });
} catch (e) { } catch (e) {
console.error(e); console.error(e);

5
server/endpoints/api/admin/index.js
View File

@ -73,10 +73,7 @@ function apiAdminEndpoints(app) {
return; return;
} }
const users = (await User.where()).map((user) => { const users = await User.where();
const { password, ...rest } = user;
return rest;
});
response.status(200).json({ users }); response.status(200).json({ users });
} catch (e) { } catch (e) {
console.error(e); console.error(e);

6
server/endpoints/system.js
View File

@ -110,7 +110,7 @@ function systemEndpoints(app) {
if (await SystemSettings.isMultiUserMode()) { if (await SystemSettings.isMultiUserMode()) {
const { username, password } = reqBody(request); const { username, password } = reqBody(request);
const existingUser = await User.get({ username: String(username) }); const existingUser = await User._get({ username: String(username) });
if (!existingUser) { if (!existingUser) {
await EventLogs.logEvent( await EventLogs.logEvent(
@ -188,7 +188,7 @@ function systemEndpoints(app) {
// Return recovery codes to frontend // Return recovery codes to frontend
response.status(200).json({ response.status(200).json({
valid: true, valid: true,
user: existingUser, user: User.filterFields(existingUser),
token: makeJWT( token: makeJWT(
{ id: existingUser.id, username: existingUser.username }, { id: existingUser.id, username: existingUser.username },
"30d" "30d"
@ -201,7 +201,7 @@ function systemEndpoints(app) {
response.status(200).json({ response.status(200).json({
valid: true, valid: true,
user: existingUser, user: User.filterFields(existingUser),
token: makeJWT( token: makeJWT(
{ id: existingUser.id, username: existingUser.username }, { id: existingUser.id, username: existingUser.username },
"30d" "30d"

21
server/models/user.js
View File

@ -19,6 +19,12 @@ const User = {
return String(value); return String(value);
} }
}, },
filterFields: function (user = {}) {
const { password, ...rest } = user;
return { ...rest };
},
create: async function ({ username, password, role = "default" }) { create: async function ({ username, password, role = "default" }) {
const passwordCheck = this.checkPasswordComplexity(password); const passwordCheck = this.checkPasswordComplexity(password);
if (!passwordCheck.checkedOK) { if (!passwordCheck.checkedOK) {
@ -35,7 +41,7 @@ const User = {
role, role,
}, },
}); });
return { user, error: null }; return { user: this.filterFields(user), error: null };
} catch (error) { } catch (error) {
console.error("FAILED TO CREATE USER.", error.message); console.error("FAILED TO CREATE USER.", error.message);
return { user: null, error: error.message }; return { user: null, error: error.message };
@ -127,6 +133,17 @@ const User = {
}, },
get: async function (clause = {}) { get: async function (clause = {}) {
try {
const user = await prisma.users.findFirst({ where: clause });
return user ? this.filterFields({ ...user }) : null;
} catch (error) {
console.error(error.message);
return null;
}
},
// Returns user object with all fields
_get: async function (clause = {}) {
try { try {
const user = await prisma.users.findFirst({ where: clause }); const user = await prisma.users.findFirst({ where: clause });
return user ? { ...user } : null; return user ? { ...user } : null;
@ -162,7 +179,7 @@ const User = {
where: clause, where: clause,
...(limit !== null ? { take: limit } : {}), ...(limit !== null ? { take: limit } : {}),
}); });
return users; return users.map((usr) => this.filterFields(usr));
} catch (error) { } catch (error) {
console.error(error.message); console.error(error.message);
return []; return [];