OpenWF/SpaceNinjaServer
28
29
Fork 35
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Activity

fix: avoid spilling new database account fields into login response

Browse Source
This commit is contained in:
Sainan 2024-12-23 00:09:32 +01:00
parent 412de02680
commit 746e44e868
2 changed files with 35 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/controllers/api/loginController.ts
View File

@ -7,11 +7,11 @@ import buildConfig from "@/static/data/buildConfig.json";
import { toLoginRequest } from "@/src/helpers/loginHelpers"; import { toLoginRequest } from "@/src/helpers/loginHelpers";
import { Account } from "@/src/models/loginModel"; import { Account } from "@/src/models/loginModel";
import { createAccount, isCorrectPassword } from "@/src/services/loginService"; import { createAccount, isCorrectPassword } from "@/src/services/loginService";
import { ILoginResponse } from "@/src/types/loginTypes"; import { IDatabaseAccountDocument, ILoginResponse } from "@/src/types/loginTypes";
import { DTLS, groups, HUB, platformCDNs } from "@/static/fixed_responses/login_static"; import { DTLS, groups, HUB, platformCDNs } from "@/static/fixed_responses/login_static";
import { logger } from "@/src/utils/logger"; import { logger } from "@/src/utils/logger";
const loginController: RequestHandler = async (request, response) => { export const loginController: RequestHandler = async (request, response) => {
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-argument // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-argument
const body = JSON.parse(request.body); // parse octet stream of json data to json object const body = JSON.parse(request.body); // parse octet stream of json data to json object
const loginRequest = toLoginRequest(body); const loginRequest = toLoginRequest(body);
@ -39,21 +39,7 @@ const loginController: RequestHandler = async (request, response) => {
Nonce: nonce Nonce: nonce
}); });
logger.debug("created new account"); logger.debug("created new account");
// eslint-disable-next-line @typescript-eslint/no-unused-vars response.json(createLoginResponse(newAccount, buildLabel));
const { email, password, LastLoginDay, ...databaseAccount } = newAccount;
const newLoginResponse: ILoginResponse = {
...databaseAccount,
Groups: groups,
platformCDNs: platformCDNs,
NRS: [config.myAddress],
DTLS: DTLS,
IRC: config.myIrcAddresses ?? [config.myAddress],
HUB: HUB,
BuildLabel: buildLabel,
MatchmakingBuildId: buildConfig.matchmakingBuildId
};
response.json(newLoginResponse);
return; return;
} catch (error: unknown) { } catch (error: unknown) {
if (error instanceof Error) { if (error instanceof Error) {
@ -76,9 +62,22 @@ const loginController: RequestHandler = async (request, response) => {
} }
await account.save(); await account.save();
const { email, password, LastLoginDay, ...databaseAccount } = account.toJSON(); response.json(createLoginResponse(account.toJSON(), buildLabel));
const newLoginResponse: ILoginResponse = { };
...databaseAccount,
const createLoginResponse = (acct: IDatabaseAccountDocument, buildLabel: string): ILoginResponse => {
return {
id: acct.id,
DisplayName: acct.DisplayName,
CountryCode: acct.CountryCode,
ClientType: acct.ClientType,
CrossPlatformAllowed: acct.CrossPlatformAllowed,
ForceLogoutVersion: acct.ForceLogoutVersion,
AmazonAuthToken: acct.AmazonAuthToken,
AmazonRefreshToken: acct.AmazonRefreshToken,
ConsentNeeded: acct.ConsentNeeded,
TrackedSettings: acct.TrackedSettings,
Nonce: acct.Nonce,
Groups: groups, Groups: groups,
platformCDNs: platformCDNs, platformCDNs: platformCDNs,
NRS: [config.myAddress], NRS: [config.myAddress],
@ -88,8 +87,4 @@ const loginController: RequestHandler = async (request, response) => {
BuildLabel: buildLabel, BuildLabel: buildLabel,
MatchmakingBuildId: buildConfig.matchmakingBuildId MatchmakingBuildId: buildConfig.matchmakingBuildId
}; };
response.json(newLoginResponse);
}; };
export { loginController };

28
src/types/loginTypes.ts
View File

@ -1,4 +1,18 @@
export interface ILoginResponse extends Omit<IDatabaseAccountDocument, "email" | "password"> { export interface IAccountAndLoginResponseCommons {
DisplayName: string;
CountryCode: string;
ClientType: string;
CrossPlatformAllowed: boolean;
ForceLogoutVersion: number;
AmazonAuthToken?: string;
AmazonRefreshToken?: string;
ConsentNeeded: boolean;
TrackedSettings: string[];
Nonce: number;
}
export interface ILoginResponse extends IAccountAndLoginResponseCommons {
id: string;
Groups: IGroup[]; Groups: IGroup[];
BuildLabel: string; BuildLabel: string;
MatchmakingBuildId: string; MatchmakingBuildId: string;
@ -19,19 +33,9 @@ export interface IGroup {
experimentGroup: string; experimentGroup: string;
} }
export interface IDatabaseAccount { export interface IDatabaseAccount extends IAccountAndLoginResponseCommons {
email: string; email: string;
password: string; password: string;
DisplayName: string;
CountryCode: string;
ClientType: string;
CrossPlatformAllowed: boolean;
ForceLogoutVersion: number;
AmazonAuthToken?: string;
AmazonRefreshToken?: string;
ConsentNeeded: boolean;
TrackedSettings: string[];
Nonce: number;
LastLoginDay?: number; LastLoginDay?: number;
} }