Restrict data exposure on public RestAPI endpoints#1560
Conversation
…tests for schema conversion
…ved data handling
🦋 Changeset detectedLatest commit: c2bab80 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Allure Test Report for this PR:✅ Allure Report | History |
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
create-studiocms
effectify
studiocms
@studiocms/auth0
@studiocms/blog
@studiocms/cloudinary-image-service
@studiocms/devapps
@studiocms/discord
@studiocms/github
@studiocms/google
@studiocms/html
@studiocms/markdoc
@studiocms/markdown-remark
@studiocms/md
@studiocms/mdx
@studiocms/s3-storage
@studiocms/upgrade
@studiocms/wysiwyg
@withstudiocms/api-spec
@withstudiocms/auth-kit
@withstudiocms/cli-kit
@withstudiocms/component-registry
@withstudiocms/config-utils
@withstudiocms/effect
@withstudiocms/internal_helpers
@withstudiocms/kysely
@withstudiocms/sdk
@withstudiocms/template-lang
commit: |
This pull request focuses on tightening the data exposure of the public REST API endpoints to enhance privacy and security. The main change restricts the fields returned by the user schema, ensuring that sensitive and private information is not exposed.
API Data Exposure Restrictions:
UsersTableBaseschema inschemas.tsnow omits additional sensitive fields (updatedAt,createdAt,emailVerified, andnotifications) alongsideemailandpasswordfrom public API responses to prevent leaking private user information.Documentation:
@coderabbitai ignore