fix: avoid spilling new database account fields into login response

2024-12-23 00:09:32 +01:00 · 2024-12-23 00:09:32 +01:00 · 746e44e868
commit 746e44e868
parent 412de02680
2 changed files with 35 additions and 36 deletions
--- a/src/controllers/api/loginController.ts
+++ b/src/controllers/api/loginController.ts
@ -7,11 +7,11 @@ import buildConfig from "@/static/data/buildConfig.json";
 import { toLoginRequest } from "@/src/helpers/loginHelpers";
 import { Account } from "@/src/models/loginModel";
 import { createAccount, isCorrectPassword } from "@/src/services/loginService";
-import { ILoginResponse } from "@/src/types/loginTypes";
+import { IDatabaseAccountDocument, ILoginResponse } from "@/src/types/loginTypes";
 import { DTLS, groups, HUB, platformCDNs } from "@/static/fixed_responses/login_static";
 import { logger } from "@/src/utils/logger";

-const loginController: RequestHandler = async (request, response) => {
+export const loginController: RequestHandler = async (request, response) => {
    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-argument
    const body = JSON.parse(request.body); // parse octet stream of json data to json object
    const loginRequest = toLoginRequest(body);
@ -39,21 +39,7 @@ const loginController: RequestHandler = async (request, response) => {
                Nonce: nonce
            });
            logger.debug("created new account");
-            // eslint-disable-next-line @typescript-eslint/no-unused-vars
-            const { email, password, LastLoginDay, ...databaseAccount } = newAccount;
-            const newLoginResponse: ILoginResponse = {
-                ...databaseAccount,
-                Groups: groups,
-                platformCDNs: platformCDNs,
-                NRS: [config.myAddress],
-                DTLS: DTLS,
-                IRC: config.myIrcAddresses ?? [config.myAddress],
-                HUB: HUB,
-                BuildLabel: buildLabel,
-                MatchmakingBuildId: buildConfig.matchmakingBuildId
-            };
-
-            response.json(newLoginResponse);
+            response.json(createLoginResponse(newAccount, buildLabel));
            return;
        } catch (error: unknown) {
            if (error instanceof Error) {
@ -76,9 +62,22 @@ const loginController: RequestHandler = async (request, response) => {
    }
    await account.save();

-    const { email, password, LastLoginDay, ...databaseAccount } = account.toJSON();
-    const newLoginResponse: ILoginResponse = {
-        ...databaseAccount,
+    response.json(createLoginResponse(account.toJSON(), buildLabel));
+};
+
+const createLoginResponse = (acct: IDatabaseAccountDocument, buildLabel: string): ILoginResponse => {
+    return {
+        id: acct.id,
+        DisplayName: acct.DisplayName,
+        CountryCode: acct.CountryCode,
+        ClientType: acct.ClientType,
+        CrossPlatformAllowed: acct.CrossPlatformAllowed,
+        ForceLogoutVersion: acct.ForceLogoutVersion,
+        AmazonAuthToken: acct.AmazonAuthToken,
+        AmazonRefreshToken: acct.AmazonRefreshToken,
+        ConsentNeeded: acct.ConsentNeeded,
+        TrackedSettings: acct.TrackedSettings,
+        Nonce: acct.Nonce,
        Groups: groups,
        platformCDNs: platformCDNs,
        NRS: [config.myAddress],
@ -88,8 +87,4 @@ const loginController: RequestHandler = async (request, response) => {
        BuildLabel: buildLabel,
        MatchmakingBuildId: buildConfig.matchmakingBuildId
    };
-
-    response.json(newLoginResponse);
 };
-
-export { loginController };
--- a/src/types/loginTypes.ts
+++ b/src/types/loginTypes.ts
@ -1,4 +1,18 @@
-export interface ILoginResponse extends Omit<IDatabaseAccountDocument, "email" | "password"> {
+export interface IAccountAndLoginResponseCommons {
+    DisplayName: string;
+    CountryCode: string;
+    ClientType: string;
+    CrossPlatformAllowed: boolean;
+    ForceLogoutVersion: number;
+    AmazonAuthToken?: string;
+    AmazonRefreshToken?: string;
+    ConsentNeeded: boolean;
+    TrackedSettings: string[];
+    Nonce: number;
+}
+
+export interface ILoginResponse extends IAccountAndLoginResponseCommons {
+    id: string;
    Groups: IGroup[];
    BuildLabel: string;
    MatchmakingBuildId: string;
@ -19,19 +33,9 @@ export interface IGroup {
    experimentGroup: string;
 }

-export interface IDatabaseAccount {
+export interface IDatabaseAccount extends IAccountAndLoginResponseCommons {
    email: string;
    password: string;
-    DisplayName: string;
-    CountryCode: string;
-    ClientType: string;
-    CrossPlatformAllowed: boolean;
-    ForceLogoutVersion: number;
-    AmazonAuthToken?: string;
-    AmazonRefreshToken?: string;
-    ConsentNeeded: boolean;
-    TrackedSettings: string[];
-    Nonce: number;
    LastLoginDay?: number;
 }