Ryan/Reactive-Resume
1
0
Fork 0
mirror of https://github.com/AmruthPillai/Reactive-Resume.git synced 2025-11-18 02:31:56 +10:00
Code Issues Packages Projects Releases Wiki Activity

fix security issue, with notes being visible in public api response

Browse Source
This commit is contained in:
Amruth Pillai
2025-10-01 10:07:04 +02:00
parent 04dfcae898
commit c525f8d2cc
57 changed files with 227 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/server/src/resume/resume.controller.ts
View File

@ -20,8 +20,9 @@ import {
ResumeDto,
UpdateResumeDto,
} from "@reactive-resume/dto";
import { resumeDataSchema } from "@reactive-resume/schema";
import { ResumeData, resumeDataSchema } from "@reactive-resume/schema";
import { ErrorMessage } from "@reactive-resume/utils";
import set from "lodash.set";
import { zodToJsonSchema } from "zod-to-json-schema";
import { User } from "@/server/user/decorators/user.decorator";
@ -93,12 +94,17 @@ export class ResumeController {
@Get("/public/:username/:slug")
@UseGuards(OptionalGuard)
findOneByUsernameSlug(
async findOneByUsernameSlug(
@Param("username") username: string,
@Param("slug") slug: string,
@User("id") userId: string,
) {
return this.resumeService.findOneByUsernameSlug(username, slug, userId);
const resume = await this.resumeService.findOneByUsernameSlug(username, slug, userId);
// Hide private notes from public resume API responses
set(resume.data as ResumeData, "metadata.notes", undefined);
return resume;
}
@Patch(":id")