OpenWF/SpaceNinjaServer
21
23
Fork 24
Code Issues 23 Pull Requests 5 Actions Packages Projects Releases Activity

fix: avoid spilling new database account fields into login response #610

Merged
Sainan merged 4 commits from login-improvement into main 2024-12-22 15:40:35 -08:00
Conversation 4 Commits 4 Files Changed 4 +12 -12
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 6c05e1d2af - Show all commits

24
src/controllers/api/loginController.ts
View File

@ -65,19 +65,19 @@ export const loginController: RequestHandler = async (request, response) => {
response.json(createLoginResponse(account.toJSON(), buildLabel));
};
const createLoginResponse = (acct: IDatabaseAccountDocument, buildLabel: string): ILoginResponse => {
const createLoginResponse = (account: IDatabaseAccountDocument, buildLabel: string): ILoginResponse => {
return {
id: acct.id,
DisplayName: acct.DisplayName,
CountryCode: acct.CountryCode,
ClientType: acct.ClientType,
CrossPlatformAllowed: acct.CrossPlatformAllowed,
ForceLogoutVersion: acct.ForceLogoutVersion,
AmazonAuthToken: acct.AmazonAuthToken,
AmazonRefreshToken: acct.AmazonRefreshToken,
ConsentNeeded: acct.ConsentNeeded,
TrackedSettings: acct.TrackedSettings,
Nonce: acct.Nonce,
id: account.id,
DisplayName: account.DisplayName,
coderabbitai[bot] commented 2024-12-22 15:34:20 -08:00 (Migrated from github.com)
Review
Copy Link

⚠️ Potential issue

Inconsistent usage of toJSON() method

There's an inconsistency in how the account object is passed to createLoginResponse:

  • Line 42: Passes newAccount directly
  • Line 65: Calls account.toJSON()

This could lead to type mismatches or inconsistent behavior.

Suggestion to standardize the approach:

-    response.json(createLoginResponse(newAccount, buildLabel));
+    response.json(createLoginResponse(newAccount.toJSON(), buildLabel));

Also applies to: 65-65

_:warning: Potential issue_ **Inconsistent usage of toJSON() method** There's an inconsistency in how the account object is passed to `createLoginResponse`: - Line 42: Passes `newAccount` directly - Line 65: Calls `account.toJSON()` This could lead to type mismatches or inconsistent behavior. Suggestion to standardize the approach: ```diff - response.json(createLoginResponse(newAccount, buildLabel)); + response.json(createLoginResponse(newAccount.toJSON(), buildLabel)); ``` Also applies to: 65-65 <!-- This is an auto-generated comment by CodeRabbit -->
CountryCode: account.CountryCode,
ClientType: account.ClientType,
CrossPlatformAllowed: account.CrossPlatformAllowed,
ForceLogoutVersion: account.ForceLogoutVersion,
AmazonAuthToken: account.AmazonAuthToken,
AmazonRefreshToken: account.AmazonRefreshToken,
ConsentNeeded: account.ConsentNeeded,
TrackedSettings: account.TrackedSettings,
Nonce: account.Nonce,
Groups: groups,
platformCDNs: platformCDNs,
NRS: [config.myAddress],