chamomind/jws-backend
chamomind/jws-backend
7
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions

fix: prevent line user id and otp exposes
All checks were successful
Spell Check / Spell Check with Typos (push) Successful in 4s
Details

Browse source
This commit is contained in:
Methapon2001 2025-08-28 15:01:04 +07:00
parent b89c68425c
commit ea8cd7cb72
3 changed files with 57 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/controllers/00-doc-template-controller.ts
View file

@ -34,6 +34,11 @@ const quotationData = (id: string) =>
},
},
customerBranch: {
omit: {
otpCode: true,
otpExpires: true,
userId: true,
},
include: {
customer: true,
businessType: true,

20
src/controllers/03-customer-branch-controller.ts
View file

@ -238,6 +238,11 @@ export class CustomerBranchController extends Controller {
const [result, total] = await prisma.$transaction([
prisma.customerBranch.findMany({
orderBy: [{ code: "asc" }, { statusOrder: "asc" }, { createdAt: "asc" }],
omit: {
otpCode: true,
otpExpires: true,
userId: true,
},
include: {
customer: includeCustomer,
province: true,
@ -262,6 +267,11 @@ export class CustomerBranchController extends Controller {
@Security("keycloak")
async getById(@Path() branchId: string) {
const record = await prisma.customerBranch.findFirst({
omit: {
otpCode: true,
otpExpires: true,
userId: true,
},
include: {
customer: true,
province: true,
@ -314,6 +324,11 @@ export class CustomerBranchController extends Controller {
const [result, total] = await prisma.$transaction([
prisma.employee.findMany({
orderBy: { createdAt: "asc" },
omit: {
otpCode: true,
otpExpires: true,
userId: true,
},
include: {
province: true,
district: true,
@ -352,6 +367,11 @@ export class CustomerBranchController extends Controller {
include: branchRelationPermInclude(req.user),
},
branch: {
omit: {
otpCode: true,
otpExpires: true,
userId: true,
},
take: 1,
orderBy: { createdAt: "asc" },
},

33
src/controllers/03-customer-controller.ts
View file

@ -207,6 +207,11 @@ export class CustomerController extends Controller {
district: true,
subDistrict: true,
},
omit: {
otpCode: true,
otpExpires: true,
userId: true,
},
orderBy: [{ statusOrder: "asc" }, { createdAt: "asc" }],
}
: {
@ -215,6 +220,11 @@ export class CustomerController extends Controller {
district: true,
subDistrict: true,
},
omit: {
otpCode: true,
otpExpires: true,
userId: true,
},
take: 1,
orderBy: { createdAt: "asc" },
},
@ -245,6 +255,11 @@ export class CustomerController extends Controller {
district: true,
subDistrict: true,
},
omit: {
otpCode: true,
otpExpires: true,
userId: true,
},
orderBy: { createdAt: "asc" },
},
createdBy: true,
@ -316,6 +331,11 @@ export class CustomerController extends Controller {
district: true,
subDistrict: true,
},
omit: {
otpCode: true,
otpExpires: true,
userId: true,
},
},
createdBy: true,
updatedBy: true,
@ -415,6 +435,11 @@ export class CustomerController extends Controller {
district: true,
subDistrict: true,
},
omit: {
otpCode: true,
otpExpires: true,
userId: true,
},
},
createdBy: true,
updatedBy: true,
@ -453,7 +478,13 @@ export class CustomerController extends Controller {
await deleteFolder(`customer/${customerId}`);
const data = await tx.customer.delete({
include: {
branch: true,
branch: {
omit: {
otpCode: true,
otpExpires: true,
userId: true,
},
},
registeredBranch: {
include: {
headOffice: true,