secure user db query

unknowncoder05 · unknowncoder05 · commit b02824a8f103 · 2021-06-15T21:09:38.000-05:00
diff --git a/src/controllers/users/users.controller.ts b/src/controllers/users/users.controller.ts
@@ -15,30 +15,30 @@ export class UsersController {
         return { msg: "created" };
     }
 
-    /*
-    @Get(":id")
+
+    /*@Get(":id")
     @HttpCode(HttpStatus.FOUND)
     async get(@Param("id", ParseIntPipe) id: number): Promise<object> {
         return { data: await this.languageService.get(id) }
-    }
-
-    @Get()
-    @HttpCode(HttpStatus.FOUND)
-    async list(@Query() params: any): Promise<object> {
-        return { data: await this.languageService.list(params) }
-    }
+    }*/
+    /*
+        @Get()
+        @HttpCode(HttpStatus.FOUND)
+        async list(@Query() params: any): Promise<object> {
+            return { data: await this.languageService.list(params) }
+        }
+        
+        @Put(":id")
+        @HttpCode(HttpStatus.ACCEPTED)
+        async update(@Param("id", ParseIntPipe) id: number, @Body(new JoiValidationPipe(createUserSchema)) payload: any): Promise<object> {
+            return { msg: "updated", data: await this.languageService.update(id, payload) }
+        }
     
-    @Put(":id")
-    @HttpCode(HttpStatus.ACCEPTED)
-    async update(@Param("id", ParseIntPipe) id: number, @Body(new JoiValidationPipe(createUserSchema)) payload: any): Promise<object> {
-        return { msg: "updated", data: await this.languageService.update(id, payload) }
-    }
-
-    @Delete(":id")
-    @HttpCode(HttpStatus.OK)
-    async delete(@Param("id", ParseIntPipe) id: number): Promise<object> {
-        let deleted = await this.languageService.delete(id)
-        return { msg: "deleted" }
-    }
-    */
+        @Delete(":id")
+        @HttpCode(HttpStatus.OK)
+        async delete(@Param("id", ParseIntPipe) id: number): Promise<object> {
+            let deleted = await this.languageService.delete(id)
+            return { msg: "deleted" }
+        }
+        */
 }
diff --git a/src/services/user/user.service.ts b/src/services/user/user.service.ts
@@ -19,8 +19,13 @@ export class UserService {
         let element = this.userRepo.create({ username, email, password: pswHash })
         await this.userRepo.save(element)
     }
-    /*async get(id: number): Promise<object> {
-        const user = await this.userRepo.findOne(id);
+    async get(id: number): Promise<object> {
+        const user = await this.userRepo.findOne(
+            {
+                where: { id },
+                select: ["username", "email", "role"]
+            }
+        );
         if (!user) {
             throw new NotFoundException(`${this.singular} with id ${id} not found`);
         }
@@ -32,7 +37,7 @@ export class UserService {
             creationDate: user.creationDate,
         }
     }
-
+    /*
 
     async list(params): Promise<object> {
         const users = await this.userRepo.find();

Original file line number	Diff line number	Diff line change
`@@ -19,8 +19,13 @@ export class UserService {`
`19`	`19`	`let element = this.userRepo.create({ username, email, password: pswHash })`
`20`	`20`	`await this.userRepo.save(element)`
`21`	`21`	`}`
`22`		`- /*async get(id: number): Promise<object> {`
`23`		`- const user = await this.userRepo.findOne(id);`
	`22`	`+ async get(id: number): Promise<object> {`
	`23`	`+ const user = await this.userRepo.findOne(`
	`24`	`+ {`
	`25`	`+ where: { id },`
	`26`	`+ select: ["username", "email", "role"]`
	`27`	`+ }`
	`28`	`+ );`
`24`	`29`	`if (!user) {`
`25`	`30`	throw new NotFoundException(`${this.singular} with id ${id} not found`);
`26`	`31`	`}`
`@@ -32,7 +37,7 @@ export class UserService {`
`32`	`37`	`creationDate: user.creationDate,`
`33`	`38`	`}`
`34`	`39`	`}`
`35`		`-`
	`40`	`+ /*`
`36`	`41`
`37`	`42`	`async list(params): Promise<object> {`
`38`	`43`	`const users = await this.userRepo.find();`