mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-03-11 02:12:21 -05:00
Added mapper for comments API
refs https://github.com/TryGhost/Team/issues/1664 - ensure that the comment API returns a minimal and clean set of data and doesn't expose member details
This commit is contained in:
Hannah Wolfe
Simon Backx
parent
a2ab9f7a20
commit
caef9d74e0
4 changed files with 40 additions and 38 deletions
|
|
@ -0,0 +1,30 @@
|
|||
const _ = require('lodash');
|
||||
|
||||
const commentFields = [
|
||||
'id',
|
||||
'status',
|
||||
'html',
|
||||
'created_at',
|
||||
'edited_at'
|
||||
];
|
||||
|
||||
const memberFields = [
|
||||
'id',
|
||||
'name',
|
||||
'bio',
|
||||
'avatar_image'
|
||||
];
|
||||
|
||||
module.exports = (model, frame) => {
|
||||
const jsonModel = model.toJSON ? model.toJSON(frame.options) : model;
|
||||
|
||||
const response = _.pick(jsonModel, commentFields);
|
||||
|
||||
if (jsonModel.member) {
|
||||
response.member = _.pick(jsonModel.member, memberFields);
|
||||
} else {
|
||||
response.member = null;
|
||||
}
|
||||
|
||||
return response;
|
||||
};
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
module.exports = {
|
||||
actions: require('./actions'),
|
||||
authors: require('./authors'),
|
||||
comments: require('./comments'),
|
||||
emails: require('./emails'),
|
||||
images: require('./images'),
|
||||
integrations: require('./integrations'),
|
||||
|
|
|
|||
|
|
@ -11,27 +11,10 @@ Object {
|
|||
"member": Object {
|
||||
"avatar_image": null,
|
||||
"bio": null,
|
||||
"created_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
|
||||
"email": "member@example.com",
|
||||
"email_count": 0,
|
||||
"email_open_rate": null,
|
||||
"email_opened_count": 0,
|
||||
"enable_comment_notifications": true,
|
||||
"geolocation": null,
|
||||
"id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
|
||||
"last_commented_at": null,
|
||||
"last_seen_at": null,
|
||||
"name": null,
|
||||
"note": null,
|
||||
"status": "free",
|
||||
"updated_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
|
||||
"uuid": StringMatching /\\[a-f0-9\\]\\{8\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{12\\}/,
|
||||
},
|
||||
"member_id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
|
||||
"parent_id": null,
|
||||
"post_id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
|
||||
"status": "published",
|
||||
"updated_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
|
||||
},
|
||||
],
|
||||
"meta": Object {
|
||||
|
|
@ -51,7 +34,7 @@ exports[`Comments API when authenticated Can browse all comments of a post 2: [h
|
|||
Object {
|
||||
"access-control-allow-origin": "*",
|
||||
"cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0",
|
||||
"content-length": "805",
|
||||
"content-length": "327",
|
||||
"content-type": "application/json; charset=utf-8",
|
||||
"etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,
|
||||
"vary": "Accept-Encoding",
|
||||
|
|
@ -67,11 +50,8 @@ Object {
|
|||
"edited_at": null,
|
||||
"html": "This is a message",
|
||||
"id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
|
||||
"member_id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
|
||||
"parent_id": null,
|
||||
"post_id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
|
||||
"member": null,
|
||||
"status": "published",
|
||||
"updated_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
|
||||
},
|
||||
],
|
||||
}
|
||||
|
|
@ -81,7 +61,7 @@ exports[`Comments API when authenticated Can comment on a post 2: [headers] 1`]
|
|||
Object {
|
||||
"access-control-allow-origin": "*",
|
||||
"cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0",
|
||||
"content-length": "286",
|
||||
"content-length": "167",
|
||||
"content-type": "application/json; charset=utf-8",
|
||||
"etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,
|
||||
"location": StringMatching /https\\?:\\\\/\\\\/\\.\\*\\?\\\\/comments\\\\/\\[a-f0-9\\]\\{24\\}\\\\//,
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ describe('Comments API', function () {
|
|||
});
|
||||
|
||||
it('Can comment on a post', async function () {
|
||||
const {body} = await membersAgent
|
||||
await membersAgent
|
||||
.post(`/api/comments/`)
|
||||
.body({comments: [{
|
||||
post_id: postId,
|
||||
|
|
@ -41,10 +41,7 @@ describe('Comments API', function () {
|
|||
.matchBodySnapshot({
|
||||
comments: [{
|
||||
id: anyObjectId,
|
||||
member_id: anyObjectId,
|
||||
post_id: anyObjectId,
|
||||
created_at: anyISODateTime,
|
||||
updated_at: anyISODateTime
|
||||
created_at: anyISODateTime
|
||||
}]
|
||||
});
|
||||
// Save for other tests
|
||||
|
|
@ -52,7 +49,7 @@ describe('Comments API', function () {
|
|||
});
|
||||
|
||||
it('Can browse all comments of a post', async function () {
|
||||
const {body} = await membersAgent
|
||||
await membersAgent
|
||||
.get(`/api/comments/?filter=post_id:${postId}&include=member`)
|
||||
.expectStatus(200)
|
||||
.matchHeaderSnapshot({
|
||||
|
|
@ -61,16 +58,10 @@ describe('Comments API', function () {
|
|||
.matchBodySnapshot({
|
||||
comments: [{
|
||||
id: anyObjectId,
|
||||
member_id: anyObjectId,
|
||||
member: {
|
||||
id: anyObjectId,
|
||||
created_at: anyISODateTime,
|
||||
updated_at: anyISODateTime,
|
||||
uuid: anyUuid
|
||||
},
|
||||
post_id: anyObjectId,
|
||||
created_at: anyISODateTime,
|
||||
updated_at: anyISODateTime
|
||||
member: {
|
||||
id: anyObjectId
|
||||
}
|
||||
}]
|
||||
});
|
||||
});
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue