From 9c8f96783b0336e9195d445f4f9fdaea3dafe0e1 Mon Sep 17 00:00:00 2001 From: Sockenklaus Date: Sun, 7 Nov 2021 02:21:48 +0100 Subject: [PATCH] EmployeesController.index now support selection of specific rows and never tranfers the password(hash)! --- app/Controllers/Http/EmployeesController.ts | 12 ++++++++++++ config/cors.ts | 6 +++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/app/Controllers/Http/EmployeesController.ts b/app/Controllers/Http/EmployeesController.ts index 94c594b..5b2c24f 100644 --- a/app/Controllers/Http/EmployeesController.ts +++ b/app/Controllers/Http/EmployeesController.ts @@ -25,12 +25,14 @@ export default class EmployeesController { const limit: number = request.qs().limit ?? 10 const page: number = request.qs().page ?? 1 + const select: string[] = await this.select(request.qs().select ?? '') const sortBy = await this.sortBy(request.qs().sort_by) const simpleSearch = await this.simpleSearch(request.qs().simple_search) const employees = Database.query() employees.from('employees') + employees.select(select) if(simpleSearch) { simpleSearch.columns.forEach(column => { @@ -177,4 +179,14 @@ export default class EmployeesController { return result } + + private async select(qs: string): Promise { + const columns = await Database.connection().columnsInfo('employees') + + let arr = qs.split(',').filter(item => item !== 'password' && item !== '' && columns.hasOwnProperty(item)) + + if(arr.length === 0) arr = ['id', 'last_name', 'first_name', 'email', 'mobile', 'phone', 'role'] + + return arr + } } diff --git a/config/cors.ts b/config/cors.ts index e4c6d54..83388df 100644 --- a/config/cors.ts +++ b/config/cors.ts @@ -44,7 +44,11 @@ const corsConfig: CorsConfig = { | one of the above values. | */ - origin: 'http://localhost:3000', + origin: + [ + 'http://localhost:3000', + 'http://localhost:5000' + ], /* |--------------------------------------------------------------------------