Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-03-11 02:12:21 -05:00
Code Issues Activity

Added mapper for comments API

Browse source 
refs https://github.com/TryGhost/Team/issues/1664

- ensure that the comment API returns a minimal and clean set of data and doesn't expose member details
This commit is contained in:
Hannah Wolfe 2022-07-06 15:25:29 +02:00 committed by Simon Backx
parent a2ab9f7a20
commit caef9d74e0
4 changed files with 40 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
core/server/api/endpoints/utils/serializers/output/mappers/comments.js Normal file
View file

@ -0,0 +1,30 @@
const _ = require('lodash');
const commentFields = [
'id',
'status',
'html',
'created_at',
'edited_at'
];
const memberFields = [
'id',
'name',
'bio',
'avatar_image'
];
module.exports = (model, frame) => {
const jsonModel = model.toJSON ? model.toJSON(frame.options) : model;
const response = _.pick(jsonModel, commentFields);
if (jsonModel.member) {
response.member = _.pick(jsonModel.member, memberFields);
} else {
response.member = null;
}
return response;
};

1
core/server/api/endpoints/utils/serializers/output/mappers/index.js
View file

@ -1,6 +1,7 @@
module.exports = { module.exports = {
actions: require('./actions'), actions: require('./actions'),
authors: require('./authors'), authors: require('./authors'),
comments: require('./comments'),
emails: require('./emails'), emails: require('./emails'),
images: require('./images'), images: require('./images'),
integrations: require('./integrations'), integrations: require('./integrations'),

26
test/e2e-api/members-comments/__snapshots__/comments.test.js.snap
View file

@ -11,27 +11,10 @@ Object {
"member": Object { "member": Object {
"avatar_image": null, "avatar_image": null,
"bio": null, "bio": null,
"created_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
"email": "member@example.com",
"email_count": 0,
"email_open_rate": null,
"email_opened_count": 0,
"enable_comment_notifications": true,
"geolocation": null,
"id": StringMatching /\\[a-f0-9\\]\\{24\\}/, "id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
"last_commented_at": null,
"last_seen_at": null,
"name": null, "name": null,
"note": null,
"status": "free",
"updated_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
"uuid": StringMatching /\\[a-f0-9\\]\\{8\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{12\\}/,
}, },
"member_id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
"parent_id": null,
"post_id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
"status": "published", "status": "published",
"updated_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
}, },
], ],
"meta": Object { "meta": Object {
@ -51,7 +34,7 @@ exports[`Comments API when authenticated Can browse all comments of a post 2: [h
Object { Object {
"access-control-allow-origin": "*", "access-control-allow-origin": "*",
"cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0", "cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0",
"content-length": "805", "content-length": "327",
"content-type": "application/json; charset=utf-8", "content-type": "application/json; charset=utf-8",
"etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/, "etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,
"vary": "Accept-Encoding", "vary": "Accept-Encoding",
@ -67,11 +50,8 @@ Object {
"edited_at": null, "edited_at": null,
"html": "This is a message", "html": "This is a message",
"id": StringMatching /\\[a-f0-9\\]\\{24\\}/, "id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
"member_id": StringMatching /\\[a-f0-9\\]\\{24\\}/, "member": null,
"parent_id": null,
"post_id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
"status": "published", "status": "published",
"updated_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
}, },
], ],
} }
@ -81,7 +61,7 @@ exports[`Comments API when authenticated Can comment on a post 2: [headers] 1`]
Object { Object {
"access-control-allow-origin": "*", "access-control-allow-origin": "*",
"cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0", "cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0",
"content-length": "286", "content-length": "167",
"content-type": "application/json; charset=utf-8", "content-type": "application/json; charset=utf-8",
"etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/, "etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,
"location": StringMatching /https\\?:\\\\/\\\\/\\.\\*\\?\\\\/comments\\\\/\\[a-f0-9\\]\\{24\\}\\\\//, "location": StringMatching /https\\?:\\\\/\\\\/\\.\\*\\?\\\\/comments\\\\/\\[a-f0-9\\]\\{24\\}\\\\//,

21
test/e2e-api/members-comments/comments.test.js
View file

@ -27,7 +27,7 @@ describe('Comments API', function () {
}); });
it('Can comment on a post', async function () { it('Can comment on a post', async function () {
const {body} = await membersAgent await membersAgent
.post(`/api/comments/`) .post(`/api/comments/`)
.body({comments: [{ .body({comments: [{
post_id: postId, post_id: postId,
@ -41,10 +41,7 @@ describe('Comments API', function () {
.matchBodySnapshot({ .matchBodySnapshot({
comments: [{ comments: [{
id: anyObjectId, id: anyObjectId,
member_id: anyObjectId, created_at: anyISODateTime
post_id: anyObjectId,
created_at: anyISODateTime,
updated_at: anyISODateTime
}] }]
}); });
// Save for other tests // Save for other tests
@ -52,7 +49,7 @@ describe('Comments API', function () {
}); });
it('Can browse all comments of a post', async function () { it('Can browse all comments of a post', async function () {
const {body} = await membersAgent await membersAgent
.get(`/api/comments/?filter=post_id:${postId}&include=member`) .get(`/api/comments/?filter=post_id:${postId}&include=member`)
.expectStatus(200) .expectStatus(200)
.matchHeaderSnapshot({ .matchHeaderSnapshot({
@ -61,16 +58,10 @@ describe('Comments API', function () {
.matchBodySnapshot({ .matchBodySnapshot({
comments: [{ comments: [{
id: anyObjectId, id: anyObjectId,
member_id: anyObjectId,
member: {
id: anyObjectId,
created_at: anyISODateTime,
updated_at: anyISODateTime,
uuid: anyUuid
},
post_id: anyObjectId,
created_at: anyISODateTime, created_at: anyISODateTime,
updated_at: anyISODateTime member: {
id: anyObjectId
}
}] }]
}); });
}); });