rockfic/next
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(api): actually use doNotSelect filter when querying user at login

Browse Source
This commit is contained in:
☙◦ The Tablet ❀ GamerGirlandCo ◦❧ 2024-07-09 20:36:41 -04:00
parent 609562b7fa
commit 25b7e723f6
Signed by: tablet
GPG Key ID: 924A5F6AF051E87C
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/api/auth/login.post.ts
View File

@ -2,11 +2,12 @@ import mongoose from "mongoose";
import jwt from "jsonwebtoken"; import jwt from "jsonwebtoken";
import { User } from "@models/user"; import { User } from "@models/user";
import { log } from "@server/logger"; import { log } from "@server/logger";
import { doNotSelect } from "@server/constants";
export default eventHandler(async (event) => { export default eventHandler(async (event) => {
const wrongMsg = "wrong credentials"; const wrongMsg = "wrong credentials";
let reqbody = await readBody(event); let reqbody = await readBody(event);
let user = await User.findOne({ username: reqbody.username }).exec(); let user = await User.findOne({ username: reqbody.username }).select(doNotSelect).exec();
// log.debug(reqbody, { label: "login/body" }); // log.debug(reqbody, { label: "login/body" });
// log.debug("USER -> " + user, { label: "login" }); // log.debug("USER -> " + user, { label: "login" });
// log.debug("conn ->" + mongoose.connection, { label: "login" }); // log.debug("conn ->" + mongoose.connection, { label: "login" });
@ -30,8 +31,9 @@ export default eventHandler(async (event) => {
} }
let tok = user.generateRefreshToken(useRuntimeConfig().jwt); let tok = user.generateRefreshToken(useRuntimeConfig().jwt);
// setCookie(event, "rockfic_cookie", tok); // setCookie(event, "rockfic_cookie", tok);
const fu = user.toObject();
return { return {
user, user: fu,
token: { token: {
refresh: tok, refresh: tok,
access: user.generateAccessToken(useRuntimeConfig().jwt), access: user.generateAccessToken(useRuntimeConfig().jwt),