Now API doesn't return sensitive user information.

Nitro · Nitro · commit 03f1891fae34 · 2020-09-10T13:13:20.000+09:00
Excluded:
GET vote:  _id, email
GET comment: pw
diff --git a/src/database/comment.js b/src/database/comment.js
@@ -48,14 +48,13 @@ async function deleteComment(id, pw) {
 
 async function getComment(date1, date2) {
     const db = await getDB()
-    // [TODO] exclude pw
     let result = await db.collection(colName).find(
         {
             date: {
                 $gte: new Date(date1),
                 $lt: new Date(date2)
             }
-        }
+        }, { projection: { pw: 0 } }
     ).toArray()
     return result
 }
diff --git a/src/database/vote.js b/src/database/vote.js
@@ -52,14 +52,13 @@ async function updateVote(date, meal, email, rate) {
 
 async function getVote(date1, date2) {
     const db = await getDB()
-    // [TODO] exclude _id and email array from the result
     let result = await db.collection(colName).find(
         {
             date: {
                 $gte: new Date(date1),
                 $lt: new Date(date2)
             }
-        }
+        }, { projection: { _id: 0, email: 0 } }
     ).toArray()
     return result
 }
diff --git a/src/index.js b/src/index.js
@@ -93,8 +93,6 @@ app.post('/vote', async (req, res) => {
   if (r) {
     callback(res, 200, 'POST Success: User rate has been successfully reflected.'
     )
-  } else {
-    callback(res, 400, 'POST Error: Unknown Error.')
   }
 })
 
@@ -192,8 +190,6 @@ app.post('/comment', async (req, res) => {
   })
   if (r) {
     callback(res, 200, 'POST Success: Comment Added.')
-  } else {
-    callback(res, 400, 'POST Error: Unknown Error.')
   }
 })
 
@@ -221,8 +217,6 @@ app.post('/delete_comment', async (req, res) => {
   })
   if (r) {
     callback(res, 200, 'POST Success: Comment Removed.')
-  } else {
-    callback(res, 400, 'POST Error: Unknown Error.')
   }
 })
 

Original file line number	Diff line number	Diff line change
`@@ -48,14 +48,13 @@ async function deleteComment(id, pw) {`
`48`	`48`
`49`	`49`	`async function getComment(date1, date2) {`
`50`	`50`	`const db = await getDB()`
`51`		`- // [TODO] exclude pw`
`52`	`51`	`let result = await db.collection(colName).find(`
`53`	`52`	`{`
`54`	`53`	`date: {`
`55`	`54`	`$gte: new Date(date1),`
`56`	`55`	`$lt: new Date(date2)`
`57`	`56`	`}`
`58`		`- }`
	`57`	`+ }, { projection: { pw: 0 } }`
`59`	`58`	`).toArray()`
`60`	`59`	`return result`
`61`	`60`	`}`
Original file line number	Diff line number	Diff line change
`@@ -52,14 +52,13 @@ async function updateVote(date, meal, email, rate) {`
`52`	`52`
`53`	`53`	`async function getVote(date1, date2) {`
`54`	`54`	`const db = await getDB()`
`55`		`- // [TODO] exclude _id and email array from the result`
`56`	`55`	`let result = await db.collection(colName).find(`
`57`	`56`	`{`
`58`	`57`	`date: {`
`59`	`58`	`$gte: new Date(date1),`
`60`	`59`	`$lt: new Date(date2)`
`61`	`60`	`}`
`62`		`- }`
	`61`	`+ }, { projection: { _id: 0, email: 0 } }`
`63`	`62`	`).toArray()`
`64`	`63`	`return result`
`65`	`64`	`}`
Original file line number	Diff line number	Diff line change
`@@ -93,8 +93,6 @@ app.post('/vote', async (req, res) => {`
`93`	`93`	`if (r) {`
`94`	`94`	`callback(res, 200, 'POST Success: User rate has been successfully reflected.'`
`95`	`95`	`)`
`96`		`- } else {`
`97`		`- callback(res, 400, 'POST Error: Unknown Error.')`
`98`	`96`	`}`
`99`	`97`	`})`
`100`	`98`
`@@ -192,8 +190,6 @@ app.post('/comment', async (req, res) => {`
`192`	`190`	`})`
`193`	`191`	`if (r) {`
`194`	`192`	`callback(res, 200, 'POST Success: Comment Added.')`
`195`		`- } else {`
`196`		`- callback(res, 400, 'POST Error: Unknown Error.')`
`197`	`193`	`}`
`198`	`194`	`})`
`199`	`195`
`@@ -221,8 +217,6 @@ app.post('/delete_comment', async (req, res) => {`
`221`	`217`	`})`
`222`	`218`	`if (r) {`
`223`	`219`	`callback(res, 200, 'POST Success: Comment Removed.')`
`224`		`- } else {`
`225`		`- callback(res, 400, 'POST Error: Unknown Error.')`
`226`	`220`	`}`
`227`	`221`	`})`
`228`	`222`