OpenWF/SpaceNinjaServer
21
23
Fork 24
Code Issues 24 Pull Requests 6 Actions Packages Projects Releases Activity

fix: avoid spilling new database account fields into login response #610

Merged
Sainan merged 4 commits from login-improvement into main 2024-12-22 15:40:35 -08:00
Conversation 4 Commits 4 Files Changed 4 +41 -42
Sainan commented 2024-12-22 15:10:44 -08:00
Owner
Copy Link
No description provided.
coderabbitai[bot] commented 2024-12-22 15:10:50 -08:00 (Migrated from github.com)
Author
Owner
Copy Link

Warning

Rate limit exceeded

@Sainan has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 22 minutes and 12 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 6c05e1d2af and 7e42a6237c.

📒 Files selected for processing (4)
  • src/controllers/api/loginController.ts (3 hunks)
  • src/models/loginModel.ts (3 hunks)
  • src/services/loginService.ts (2 hunks)
  • src/types/loginTypes.ts (3 hunks)

Walkthrough

The pull request introduces changes to the login-related code structure across two files: src/controllers/api/loginController.ts and src/types/loginTypes.ts.

In the login controller, the loginController function is now explicitly exported, allowing it to be imported in other modules. A new helper function, createLoginResponse, is added to streamline the response creation process by consolidating the logic for constructing the login response object. The internal logic remains unchanged, with error handling still in place to manage account creation and login attempts.

In the type definitions, a new interface, IAccountAndLoginResponseCommons, is introduced to consolidate common properties shared between account and login response interfaces. The ILoginResponse and IDatabaseAccount interfaces are updated to extend this new interface, which removes duplicate property definitions and centralizes common account-related attributes.

Overall, the changes focus on improving code organization by enhancing modularity in the login controller and reducing redundancy in type definitions while maintaining the existing functional behavior of the login process.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.
<!-- This is an auto-generated comment: summarize by coderabbit.ai --> <!-- This is an auto-generated comment: rate limited by coderabbit.ai --> > [!WARNING] > ## Rate limit exceeded > > @Sainan has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait **22 minutes and 12 seconds** before requesting another review. > > <details> > <summary>⌛ How to resolve this issue?</summary> > > After the wait time has elapsed, a review can be triggered using the `@coderabbitai review` command as a PR comment. Alternatively, push new commits to this PR. > > We recommend that you space out your commits to avoid hitting the rate limit. > > </details> > > > <details> > <summary>🚦 How do rate limits work?</summary> > > CodeRabbit enforces hourly rate limits for each developer per organization. > > Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. > > Please see our [FAQ](https://docs.coderabbit.ai/faq) for further information. > > </details> > > <details> > <summary>📥 Commits</summary> > > Reviewing files that changed from the base of the PR and between 6c05e1d2af0490f582a136dfac1603f2d0ed38a8 and 7e42a6237c8e9cad8cfa741ff13ac3d46ba32116. > > </details> > > <details> > <summary>📒 Files selected for processing (4)</summary> > > * `src/controllers/api/loginController.ts` (3 hunks) > * `src/models/loginModel.ts` (3 hunks) > * `src/services/loginService.ts` (2 hunks) > * `src/types/loginTypes.ts` (3 hunks) > > </details> <!-- end of auto-generated comment: rate limited by coderabbit.ai --> <!-- walkthrough_start --> ## Walkthrough The pull request introduces changes to the login-related code structure across two files: `src/controllers/api/loginController.ts` and `src/types/loginTypes.ts`. In the login controller, the `loginController` function is now explicitly exported, allowing it to be imported in other modules. A new helper function, `createLoginResponse`, is added to streamline the response creation process by consolidating the logic for constructing the login response object. The internal logic remains unchanged, with error handling still in place to manage account creation and login attempts. In the type definitions, a new interface, `IAccountAndLoginResponseCommons`, is introduced to consolidate common properties shared between account and login response interfaces. The `ILoginResponse` and `IDatabaseAccount` interfaces are updated to extend this new interface, which removes duplicate property definitions and centralizes common account-related attributes. Overall, the changes focus on improving code organization by enhancing modularity in the login controller and reducing redundancy in type definitions while maintaining the existing functional behavior of the login process. <!-- walkthrough_end --> <!-- internal state start --> <!-- FAHghAtBAEAqAWBLAztF0CGA7TBXALgPYQDmAplmQE4b5kAm0AxoQLasX4Bc0ADldEIAjAFZkm+RADcyqIQE9mhetQxChifADoMiaFAB8wY+CjHYmgDZkeAM0QAPHhimFEjZL0SXLiLCWhKAHdoelo1DGQyTCYWXCx8aHsyS3pUPyJoS0ISP2gqWV5CLCjgADlcViFqHgA2AEYABmAAVSiqHgBlXSxsY0MTSBgKRkJbPCJSClU6RhZ2Th5+QVFxSRk5RRYVGnVNHT0B0xgEdHRsCeJyShpZpQWEnhoQ5ErWDCpFBSUdtQ1tXT6CBGQZmYDIKhMAD0LASVEIPmoyChGC8UOyuSwAGFivh4YiqFp8MguMAAEQU4AAYip0AAggBJKY3WgMaCvdgfRRjZjwbDkZDmeDReiIWzjVjKMWIWTQfDC6AAAwxfhxcIR1ioirQOEVEOhsLxGqRKLRKuxuPxmqJyG13zIDiKVEk/jlCuVOVVluNWqS8QkiGKABpMD5CEE/AFNHLCNBqmhWE67nlCPLqNBJfRcNZkFo4AqMtRepYsp6mIJxmm/VgA8VoHy5GQKPkyLYMBJCAVGJkCN5EAAvaIYQJkELCyy8dO2f2SYNKpgFVkAGU9WAASoVilFFSGgkgmPAlCU8bgJKgq+aW54t9FhGIJHnTqgCm2O1RI+y8WQMKxfJRzwqBTXiU0QLt+s44PwhBMLImyhIgBQSJYii8JEyAflW7ZxAkoThDG86LnQK6YhuwHbiGKSIKwfi0B+XbxGEOFSB8iBqNYoTiJYHy0VuWhCtEipgcuq6kUUIHatONYQWgqAqPYlDdrG+AYAA1kOuoMgAIuEQiRGQdKxIQ8T4Jp0GVJw2rYIww6KkIuDePQS5qCk2rIHiH6RHw3EcHQVDICGBT4LgVBYB5GnEX4ok3oqj6AZuIGflQp5BQUMmBOGR5uUlEhshG8p5PlqDjpOAiSbWWAhrCyAIu4tGulWQFiVEpa5OWVnQBQfI1h+2zRJm2Ysfg8h8cAACiVDwgIXX0H+AQFO8fioP6XXkPQu6aIew54vIEBMLQB5xtkTAqZg8IMW6Q6GcZzCEYGOAqkweYMuMFxYUZOHoFgqZJO91lYNZBDEEJ0noBQbEMCGw7BDE2GJOgwMQ5g/0XVeTXROg1wzGyuDofVCrQ8VU4zndsXRNNs0VjqLATWsLV5LQdCJsSR4urgsqZIFwU4FWyA/tE1CTajN6JclwVkHmADyMg0D4IZVge/KyrYZmoHWVFQVIPXKLeVAkNgA48TgeXwEZiQYJYvkYQqklhBwCTm3GZB8prnaUxeq58PCMHILmxg0vSFszHd55KQqKhMFxtzB5TDpJmyru8LgQi+OWnCaDKgrADAACyZDyso7KICQvQpdEuC8GEsw8IJW6JOaapGgSPAbgAjmzbkABJWZq2p5HqkIwt6BLIqiiDoquDdWtQNraoASYRKrHnaJFVdcT0PmrN2QbeyPgXf/T3OpKvqg/qsPppj/X6/T8SipZ9Auf59Z9AqPQ1crzd4FkBF67xc1AC80AAAUb1jI8C0jpPSBlYamSYOZBIIY7IOSctUSwPAsqRgAJRgO/lFcSh9+4Givn5c+49MSTx9DPcklIs5gmPkNScyJzSwHkAwm0pIKRkmpLSRkzIsYeDeFySmCt/CyH4vBcUOojRZm9pgEcIRCxUFfAJBkUD3r4DpP9HBv8yA4nYFuHc0A9yIAOlVGqldZTzElJBeEJVJCygKFxO4mQQE4XapeRqN5cz5jOAkagSiqaWFwCoVAyRUioFeAdTyipNIoF4FxeQZQ+YGMVDiYynwcQqGSViXwnBmGTiyfCH2AAFRxysqCsDpGGIIDBkkADFOwwWIqbAAakiO6yS6TvH7MUOkBB4CwEIGpLAHSunFA3LYIC/TBkUCyTeBIZQmwv2SbAGgx0GCdDzi6EgtpIbI0VGUYoMEYrQDEYqBkWiyJkF7r4xR7Z0aoEzNKNkmQHR0D2Soq6CQNGOREto3RVidmYGfmFJU7gJIylSEjRggUegfgdCgLZSQIVpCyIgNSSoADiZ1eCAsVAAIXsqkZBLkQyKmzvteA7wVKRgJQ5Bk9BklxNoGU1gWJNJlFxWUNcnRkmaVgEuHlpKGRrixAY9qioO4tDxcc054DlK6SiKo4y1zfL+POJYaq0By7mMUh1BwbzGBnKVV8zRvzLn/P0QFMgkpNZ42iPwMgLscbIQ4vJNkUFbEZx+gIaJsT4mJI4LMtJ8gMlXNJdkmUCQ8lhqVFiQpyASnMs7BUqpNTSX1MhF/HILS2nFBGRgbpWBenygGUM/NhbxmTNLTM8Ncz8ALIYGmpUKz2xqXoBs/AWzAXioOTWGNRjImpS+vIrAwp3x3AmWwJUHzYbfIuWjC1JRjkIAEta3QlhLJ7NQj7IInYGVIpSCi+aPR8FyoiIqz5+AxXZFdMbJGgheAQQdoqJyblv7aXkDFYwUtVCyxRsIgUiVvy/j8NEHmJ4JBi0pi4/AEAHGskYAopRcEYJwnNgOLWejrGEE9bKDIsYjWXrnWahdbAAUGM6tgJgWsVAthxmoPsQ0oXMEjpoYaxg/bcMDlHLc+Eqzh0jobVW4xF7OnjgIROydjEdQSOnURd8FkjtVXcoFL9q4zrUcRkifyyP6PwXQlhshSF+GjbmG+d8GQ3P8ehYutAoPaoQ9XUTcMrMqfOSR4WryRioAltRfAIAz0Kv0pemBcD8AhjJGu7wZJoAAB9oBkm3cgXdVB6BkgMNco+A96FGaYYZsztpoDz0VM5yRfi3Pzs8/q7z0ANPGS05FHTWHCt9wMww4zWBTOUJgJZ5TMFC62dLlqiujmF6OiXmV25/XAuQMvZlghUIcuMNXF1m+RWxtJkm/4mbF7YZ6oNagOrJqfnafNbppd+nsv5Y66t20VDOE0JBMcGTowXqA14bcNkljFj5AwC8ARnw4xbG1rsf4BwgRGGe5YzQAB9dwyAYcFE1qOBgMO3IfESAMUAQxoAAHYAAstQyD4/x2QAAHLUCnABmWw+OACc9QqdMFsLUXH9Qwi1FsAwRnABWfHZOmcYDp7UKnAAmCH2OoDQFqEwRoPOyDs9FxgWwjR6eNFsDzsnSvGe1HoK+eotRGg09F/QRoDAqdk4wGTiXkuYDQ/wHDtIiPHUymqfQGHIwIdAA= --> <!-- internal state end --> <!-- tips_start --> --- Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? <details> <summary>❤️ Share</summary> - [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code) </details> <details> <summary>🪧 Tips</summary> ### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit <commit_id>, please review it.` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` - `@coderabbitai help me debug CodeRabbit configuration file.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (Invoked using PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai generate docstrings` to [generate docstrings](https://docs.coderabbit.ai/finishing-touches/docstrings) for this PR. ([Beta](https://docs.coderabbit.ai/early-access#beta)) - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. ### Other keywords and placeholders - Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. - Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description. - Add `@coderabbitai` anywhere in the PR title to generate the title automatically. ### Documentation and Community - Visit our [Documentation](https://docs.coderabbit.ai) for detailed information on how to use CodeRabbit. - Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements. </details> <!-- tips_end -->
coderabbitai[bot] (Migrated from github.com) reviewed 2024-12-22 15:12:11 -08:00
coderabbitai[bot] (Migrated from github.com) left a comment
Author
Owner
Copy Link

Actionable comments posted: 1

🔭 Outside diff range comments (2)
src/types/loginTypes.ts (1)

Line range hint 14-23: Refactor ILoginResponse to prevent sensitive data leakage

The current extension from IAccountAndLoginResponseCommons means all account fields (including sensitive ones) will be included in the login response. This should be changed to use the proposed ILoginResponseFields interface instead.

export interface ILoginResponse extends ILoginResponseFields {
    id: string;
    Groups: IGroup[];
    BuildLabel: string;
    MatchmakingBuildId: string;
    platformCDNs: string[];
    NRS: string[];
    DTLS: number;
    IRC: string[];
    HUB: string;
}
src/controllers/api/loginController.ts (1)

Line range hint 68-90: Security issue: Sensitive account fields are being exposed in login response

The createLoginResponse function is currently copying all fields from the account document to the response, including sensitive fields like AmazonAuthToken and AmazonRefreshToken. This contradicts the PR's objective of preventing field spillage.

Consider refactoring to explicitly pick only the required fields:

const createLoginResponse = (acct: IDatabaseAccountDocument, buildLabel: string): ILoginResponse => {
    return {
        id: acct.id,
        DisplayName: acct.DisplayName,
        CountryCode: acct.CountryCode,
        ClientType: acct.ClientType,
        CrossPlatformAllowed: acct.CrossPlatformAllowed,
        ForceLogoutVersion: acct.ForceLogoutVersion,
        ConsentNeeded: acct.ConsentNeeded,
        TrackedSettings: acct.TrackedSettings,
        Nonce: acct.Nonce,
        Groups: groups,
        platformCDNs: platformCDNs,
        NRS: [config.myAddress],
        DTLS: DTLS,
        IRC: config.myIrcAddresses ?? [config.myAddress],
        HUB: HUB,
        BuildLabel: buildLabel,
        MatchmakingBuildId: buildConfig.matchmakingBuildId
    };
};
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 412de02680 and 746e44e868.

📒 Files selected for processing (2)
  • src/controllers/api/loginController.ts (3 hunks)
  • src/types/loginTypes.ts (2 hunks)
🔇 Additional comments (2)
src/types/loginTypes.ts (1)

36-39: LGTM! Verify field usage in database queries

The IDatabaseAccount interface appropriately extends IAccountAndLoginResponseCommons as these fields should be stored in the database.

Let's verify that these fields are properly handled in database queries:

Verification successful

Based on the search results, I can now generate the final response. The database queries show that sensitive fields are properly handled:

LGTM - Database queries handle sensitive fields appropriately

The database queries only expose necessary fields and handle authentication securely:

  • Login controller only queries email for initial authentication
  • Logout controller only updates the nonce field
  • No queries expose the password field directly
  • Account lookups are properly scoped by ID and other non-sensitive fields
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for database queries that might expose sensitive fields
rg -t typescript "Account\.find|Account\.findOne" -A 5

Length of output: 91

Script:

#!/bin/bash
# Search for database queries using ripgrep without file type restriction
rg "Account\.find|Account\.findOne" -A 5

Length of output: 1327

Script:

#!/bin/bash
# Search for any database-related operations involving accounts
rg "(find|select|query|fetch).*account" -i -A 5

Length of output: 6924

Script:

#!/bin/bash
# Look for files that might contain database operations
fd -e ts -e js "account|db|database" --type f

Length of output: 97

Script:

#!/bin/bash
# Search for mongoose/database schema definitions
rg "Schema|model.*Account" -A 10

Length of output: 83780

src/controllers/api/loginController.ts (1)

Line range hint 14-42: LGTM! Account creation properly handles all required fields

The account creation logic correctly includes all necessary fields that should be stored in the database.

**Actionable comments posted: 1** <details> <summary>🔭 Outside diff range comments (2)</summary><blockquote> <details> <summary>src/types/loginTypes.ts (1)</summary><blockquote> Line range hint `14-23`: **Refactor ILoginResponse to prevent sensitive data leakage** The current extension from `IAccountAndLoginResponseCommons` means all account fields (including sensitive ones) will be included in the login response. This should be changed to use the proposed `ILoginResponseFields` interface instead. ```typescript export interface ILoginResponse extends ILoginResponseFields { id: string; Groups: IGroup[]; BuildLabel: string; MatchmakingBuildId: string; platformCDNs: string[]; NRS: string[]; DTLS: number; IRC: string[]; HUB: string; } ``` </blockquote></details> <details> <summary>src/controllers/api/loginController.ts (1)</summary><blockquote> Line range hint `68-90`: **Security issue: Sensitive account fields are being exposed in login response** The `createLoginResponse` function is currently copying all fields from the account document to the response, including sensitive fields like `AmazonAuthToken` and `AmazonRefreshToken`. This contradicts the PR's objective of preventing field spillage. Consider refactoring to explicitly pick only the required fields: ```typescript const createLoginResponse = (acct: IDatabaseAccountDocument, buildLabel: string): ILoginResponse => { return { id: acct.id, DisplayName: acct.DisplayName, CountryCode: acct.CountryCode, ClientType: acct.ClientType, CrossPlatformAllowed: acct.CrossPlatformAllowed, ForceLogoutVersion: acct.ForceLogoutVersion, ConsentNeeded: acct.ConsentNeeded, TrackedSettings: acct.TrackedSettings, Nonce: acct.Nonce, Groups: groups, platformCDNs: platformCDNs, NRS: [config.myAddress], DTLS: DTLS, IRC: config.myIrcAddresses ?? [config.myAddress], HUB: HUB, BuildLabel: buildLabel, MatchmakingBuildId: buildConfig.matchmakingBuildId }; }; ``` </blockquote></details> </blockquote></details> <details> <summary>📜 Review details</summary> **Configuration used: .coderabbit.yaml** **Review profile: CHILL** **Plan: Pro** <details> <summary>📥 Commits</summary> Reviewing files that changed from the base of the PR and between 412de02680d252080bd74c51c38d6d72c161c031 and 746e44e86863f4913cf671da6fed135483ca9632. </details> <details> <summary>📒 Files selected for processing (2)</summary> * `src/controllers/api/loginController.ts` (3 hunks) * `src/types/loginTypes.ts` (2 hunks) </details> <details> <summary>🔇 Additional comments (2)</summary> <details> <summary>src/types/loginTypes.ts (1)</summary> `36-39`: **LGTM! Verify field usage in database queries** The `IDatabaseAccount` interface appropriately extends `IAccountAndLoginResponseCommons` as these fields should be stored in the database. Let's verify that these fields are properly handled in database queries: <details> <summary>✅ Verification successful</summary> Based on the search results, I can now generate the final response. The database queries show that sensitive fields are properly handled: **LGTM - Database queries handle sensitive fields appropriately** The database queries only expose necessary fields and handle authentication securely: - Login controller only queries email for initial authentication - Logout controller only updates the nonce field - No queries expose the password field directly - Account lookups are properly scoped by ID and other non-sensitive fields </details> <details> <summary>🏁 Scripts executed</summary> The following scripts were executed for the analysis: Script: ```shell #!/bin/bash # Search for database queries that might expose sensitive fields rg -t typescript "Account\.find|Account\.findOne" -A 5 ``` Length of output: 91 --- Script: ```shell #!/bin/bash # Search for database queries using ripgrep without file type restriction rg "Account\.find|Account\.findOne" -A 5 ``` Length of output: 1327 --- Script: ```shell #!/bin/bash # Search for any database-related operations involving accounts rg "(find|select|query|fetch).*account" -i -A 5 ``` Length of output: 6924 --- Script: ```shell #!/bin/bash # Look for files that might contain database operations fd -e ts -e js "account|db|database" --type f ``` Length of output: 97 --- Script: ```shell #!/bin/bash # Search for mongoose/database schema definitions rg "Schema|model.*Account" -A 10 ``` Length of output: 83780 </details> </details> <details> <summary>src/controllers/api/loginController.ts (1)</summary> Line range hint `14-42`: **LGTM! Account creation properly handles all required fields** The account creation logic correctly includes all necessary fields that should be stored in the database. </details> </details> </details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
src/types/loginTypes.ts
@ -2,0 +10,4 @@
TrackedSettings: string[];
Nonce: number;
}
coderabbitai[bot] (Migrated from github.com) commented 2024-12-22 15:12:10 -08:00
Author
Owner
Copy Link

⚠️ Potential issue

Security concern: Sensitive fields in common interface may leak into login response

The IAccountAndLoginResponseCommons interface includes potentially sensitive fields like AmazonAuthToken and AmazonRefreshToken. By making these common between account and login response, we risk exposing sensitive data in the login response, which contradicts the PR's objective of preventing field spillage.

Consider splitting this into two separate interfaces:

interface IAccountFields {
    DisplayName: string;
    CountryCode: string;
    ClientType: string;
    CrossPlatformAllowed: boolean;
    ForceLogoutVersion: number;
    AmazonAuthToken?: string;
    AmazonRefreshToken?: string;
    ConsentNeeded: boolean;
    TrackedSettings: string[];
    Nonce: number;
}

interface ILoginResponseFields {
    DisplayName: string;
    CountryCode: string;
    ClientType: string;
    CrossPlatformAllowed: boolean;
    ForceLogoutVersion: number;
    ConsentNeeded: boolean;
    TrackedSettings: string[];
    Nonce: number;
}
_:warning: Potential issue_ **Security concern: Sensitive fields in common interface may leak into login response** The `IAccountAndLoginResponseCommons` interface includes potentially sensitive fields like `AmazonAuthToken` and `AmazonRefreshToken`. By making these common between account and login response, we risk exposing sensitive data in the login response, which contradicts the PR's objective of preventing field spillage. Consider splitting this into two separate interfaces: ```typescript interface IAccountFields { DisplayName: string; CountryCode: string; ClientType: string; CrossPlatformAllowed: boolean; ForceLogoutVersion: number; AmazonAuthToken?: string; AmazonRefreshToken?: string; ConsentNeeded: boolean; TrackedSettings: string[]; Nonce: number; } interface ILoginResponseFields { DisplayName: string; CountryCode: string; ClientType: string; CrossPlatformAllowed: boolean; ForceLogoutVersion: number; ConsentNeeded: boolean; TrackedSettings: string[]; Nonce: number; } ``` <!-- This is an auto-generated comment by CodeRabbit -->
OrdisPrime (Migrated from github.com) reviewed 2024-12-22 15:31:36 -08:00
src/controllers/api/loginController.ts
OrdisPrime (Migrated from github.com) commented 2024-12-22 15:31:36 -08:00
Author
Owner
Copy Link

maybe call it account instead of acct

maybe call it account instead of acct
coderabbitai[bot] (Migrated from github.com) reviewed 2024-12-22 15:34:21 -08:00
coderabbitai[bot] (Migrated from github.com) left a comment
Author
Owner
Copy Link

Actionable comments posted: 1

🔭 Outside diff range comments (1)
src/controllers/api/loginController.ts (1)

Line range hint 68-89: Consider explicitly selecting response fields

While the helper function nicely encapsulates response creation, it might be exposing internal database fields by directly spreading account properties. This goes against the PR's objective of avoiding field spillage.

Consider explicitly selecting only the required fields for the login response. This provides better control over the API contract and prevents accidental exposure of internal fields. Example approach:

 const createLoginResponse = (account: IDatabaseAccountDocument, buildLabel: string): ILoginResponse => {
+    // Explicitly select only the fields that should be exposed in the login response
+    const allowedAccountFields = {
+        id: account.id,
+        DisplayName: account.DisplayName,
+        CountryCode: account.CountryCode,
+        // ... other required fields
+    };
+
     return {
-        id: account.id,
-        DisplayName: account.DisplayName,
-        CountryCode: account.CountryCode,
-        ClientType: account.ClientType,
-        CrossPlatformAllowed: account.CrossPlatformAllowed,
-        ForceLogoutVersion: account.ForceLogoutVersion,
-        AmazonAuthToken: account.AmazonAuthToken,
-        AmazonRefreshToken: account.AmazonRefreshToken,
-        ConsentNeeded: account.ConsentNeeded,
-        TrackedSettings: account.TrackedSettings,
-        Nonce: account.Nonce,
+        ...allowedAccountFields,
         Groups: groups,
         platformCDNs: platformCDNs,
         // ... rest of the static fields
     };
 };
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 746e44e868 and 6c05e1d2af.

📒 Files selected for processing (1)
  • src/controllers/api/loginController.ts (3 hunks)
🔇 Additional comments (3)
src/controllers/api/loginController.ts (3)

10-10: LGTM: Type imports are correctly added

The new type imports support the type safety of the refactored code.

14-14: LGTM: Controller export added

The controller is now properly exported for use in other modules.

Line range hint 68-89: Verify login response type alignment

Let's ensure the ILoginResponse type accurately reflects the intended response structure.

Verification successful

Login response type structure is correctly aligned

The verification confirms that the createLoginResponse function's implementation matches the ILoginResponse interface definition. The interface extends IAccountAndLoginResponseCommons which contains the base fields (DisplayName, CountryCode, etc.), while ILoginResponse adds the specific fields (id, Groups, BuildLabel, etc.) that are all present in the response object.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for ILoginResponse interface definition and usage
ast-grep --pattern 'interface ILoginResponse {
  $$$
}'

# Check for any other response structures that might need alignment
rg -t typescript "interface.*Response" -A 10

Length of output: 139

Script:

#!/bin/bash
# Search for ILoginResponse interface definition with .ts extension
rg "interface ILoginResponse" -A 15

# Search for type definitions related to login response
rg "type.*LoginResponse" -A 15

# Find all files that might contain the interface
fd "ILoginResponse"

Length of output: 856

Script:

#!/bin/bash
# Let's check the IAccountAndLoginResponseCommons interface since ILoginResponse extends it
rg "interface IAccountAndLoginResponseCommons" -A 15

# Also check the actual usage of createLoginResponse to ensure all fields are properly typed
rg "createLoginResponse" -A 2 -B 2

Length of output: 1866

**Actionable comments posted: 1** <details> <summary>🔭 Outside diff range comments (1)</summary><blockquote> <details> <summary>src/controllers/api/loginController.ts (1)</summary><blockquote> Line range hint `68-89`: **Consider explicitly selecting response fields** While the helper function nicely encapsulates response creation, it might be exposing internal database fields by directly spreading account properties. This goes against the PR's objective of avoiding field spillage. Consider explicitly selecting only the required fields for the login response. This provides better control over the API contract and prevents accidental exposure of internal fields. Example approach: ```diff const createLoginResponse = (account: IDatabaseAccountDocument, buildLabel: string): ILoginResponse => { + // Explicitly select only the fields that should be exposed in the login response + const allowedAccountFields = { + id: account.id, + DisplayName: account.DisplayName, + CountryCode: account.CountryCode, + // ... other required fields + }; + return { - id: account.id, - DisplayName: account.DisplayName, - CountryCode: account.CountryCode, - ClientType: account.ClientType, - CrossPlatformAllowed: account.CrossPlatformAllowed, - ForceLogoutVersion: account.ForceLogoutVersion, - AmazonAuthToken: account.AmazonAuthToken, - AmazonRefreshToken: account.AmazonRefreshToken, - ConsentNeeded: account.ConsentNeeded, - TrackedSettings: account.TrackedSettings, - Nonce: account.Nonce, + ...allowedAccountFields, Groups: groups, platformCDNs: platformCDNs, // ... rest of the static fields }; }; ``` </blockquote></details> </blockquote></details> <details> <summary>📜 Review details</summary> **Configuration used: .coderabbit.yaml** **Review profile: CHILL** **Plan: Pro** <details> <summary>📥 Commits</summary> Reviewing files that changed from the base of the PR and between 746e44e86863f4913cf671da6fed135483ca9632 and 6c05e1d2af0490f582a136dfac1603f2d0ed38a8. </details> <details> <summary>📒 Files selected for processing (1)</summary> * `src/controllers/api/loginController.ts` (3 hunks) </details> <details> <summary>🔇 Additional comments (3)</summary> <details> <summary>src/controllers/api/loginController.ts (3)</summary> `10-10`: **LGTM: Type imports are correctly added** The new type imports support the type safety of the refactored code. --- `14-14`: **LGTM: Controller export added** The controller is now properly exported for use in other modules. --- Line range hint `68-89`: **Verify login response type alignment** Let's ensure the `ILoginResponse` type accurately reflects the intended response structure. <details> <summary>✅ Verification successful</summary> **Login response type structure is correctly aligned** The verification confirms that the `createLoginResponse` function's implementation matches the `ILoginResponse` interface definition. The interface extends `IAccountAndLoginResponseCommons` which contains the base fields (DisplayName, CountryCode, etc.), while `ILoginResponse` adds the specific fields (id, Groups, BuildLabel, etc.) that are all present in the response object. </details> <details> <summary>🏁 Scripts executed</summary> The following scripts were executed for the analysis: Script: ```shell #!/bin/bash # Search for ILoginResponse interface definition and usage ast-grep --pattern 'interface ILoginResponse { $$$ }' # Check for any other response structures that might need alignment rg -t typescript "interface.*Response" -A 10 ``` Length of output: 139 --- Script: ```shell #!/bin/bash # Search for ILoginResponse interface definition with .ts extension rg "interface ILoginResponse" -A 15 # Search for type definitions related to login response rg "type.*LoginResponse" -A 15 # Find all files that might contain the interface fd "ILoginResponse" ``` Length of output: 856 --- Script: ```shell #!/bin/bash # Let's check the IAccountAndLoginResponseCommons interface since ILoginResponse extends it rg "interface IAccountAndLoginResponseCommons" -A 15 # Also check the actual usage of createLoginResponse to ensure all fields are properly typed rg "createLoginResponse" -A 2 -B 2 ``` Length of output: 1866 </details> </details> </details> </details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
src/controllers/api/loginController.ts
@ -82,0 +68,4 @@
const createLoginResponse = (account: IDatabaseAccountJson, buildLabel: string): ILoginResponse => {
return {
id: account.id,
DisplayName: account.DisplayName,
coderabbitai[bot] (Migrated from github.com) commented 2024-12-22 15:34:20 -08:00
Author
Owner
Copy Link

⚠️ Potential issue

Inconsistent usage of toJSON() method

There's an inconsistency in how the account object is passed to createLoginResponse:

  • Line 42: Passes newAccount directly
  • Line 65: Calls account.toJSON()

This could lead to type mismatches or inconsistent behavior.

Suggestion to standardize the approach:

-    response.json(createLoginResponse(newAccount, buildLabel));
+    response.json(createLoginResponse(newAccount.toJSON(), buildLabel));

Also applies to: 65-65

_:warning: Potential issue_ **Inconsistent usage of toJSON() method** There's an inconsistency in how the account object is passed to `createLoginResponse`: - Line 42: Passes `newAccount` directly - Line 65: Calls `account.toJSON()` This could lead to type mismatches or inconsistent behavior. Suggestion to standardize the approach: ```diff - response.json(createLoginResponse(newAccount, buildLabel)); + response.json(createLoginResponse(newAccount.toJSON(), buildLabel)); ``` Also applies to: 65-65 <!-- This is an auto-generated comment by CodeRabbit -->
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
An existing implemention is incorrect
dependencies
Pull requests that update a dependency file
documentation
Improvements or additions to documentation
enhancement
New feature or request specific to the emulator
help wanted
Extra attention is needed
improvement
missing data
part of more major rehaul
Can't be worked on right now without merge conflicts later
pr'd for
Soon™
question
Further information is requested
unimplemented
you can do this
Considered easy enough for someone's first PR.
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: OpenWF/SpaceNinjaServer#610
No description provided.
Delete Branch "login-improvement"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?