From 1c0fd264960f238ca2b8d66113be1ac2b6327e76 Mon Sep 17 00:00:00 2001
From: Bobby <bobby@fiery.me>
Date: Sat, 16 Apr 2022 21:36:34 +0700
Subject: [PATCH] refactor: pass less data into user object

---
 controllers/tokenController.js |  2 +-
 controllers/utilsController.js | 13 ++++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/controllers/tokenController.js b/controllers/tokenController.js
index 10c74eb..dc51ddc 100644
--- a/controllers/tokenController.js
+++ b/controllers/tokenController.js
@@ -78,7 +78,7 @@ self.list = async (req, res, next) => {
 
 self.change = async (req, res, next) => {
   try {
-    const user = await utils.authorize(req)
+    const user = await utils.authorize(req, 'token')
 
     const newToken = await self.generateUniqueToken()
     if (!newToken) {
diff --git a/controllers/utilsController.js b/controllers/utilsController.js
index d5f4eae..29f3ae3 100644
--- a/controllers/utilsController.js
+++ b/controllers/utilsController.js
@@ -188,9 +188,16 @@ self.stripIndents = string => {
   return result
 }
 
-self.assertUser = async token => {
+self.assertUser = async (token, fields) => {
+  const _fields = ['id', 'username', 'enabled', 'timestamp', 'permission', 'registration']
+  if (typeof fields === 'string') fields = [fields]
+  if (Array.isArray(fields)) {
+    _fields.push(...fields)
+  }
+
   const user = await db.table('users')
     .where('token', token)
+    .select(_fields)
     .first()
   if (user) {
     if (user.enabled === false || user.enabled === 0) {
@@ -202,12 +209,12 @@ self.assertUser = async token => {
   }
 }
 
-self.authorize = async req => {
+self.authorize = async (req, fields) => {
   const token = req.headers.token
   if (token === undefined) {
     throw new ClientError('No token provided.', { statusCode: 403 })
   }
-  return self.assertUser(token)
+  return self.assertUser(token, fields)
 }
 
 self.generateThumbs = async (name, extname, force) => {