From f487a9169ca147695bdbbea312e633d90a17a9f4 Mon Sep 17 00:00:00 2001 From: Methapon2001 <61303214+Methapon2001@users.noreply.github.com> Date: Thu, 28 Aug 2025 15:01:04 +0700 Subject: [PATCH] fix: prevent line user id and otp exposes --- src/controllers/00-doc-template-controller.ts | 5 +++ .../03-customer-branch-controller.ts | 15 +++++++++ src/controllers/03-customer-controller.ts | 33 ++++++++++++++++++- 3 files changed, 52 insertions(+), 1 deletion(-) diff --git a/src/controllers/00-doc-template-controller.ts b/src/controllers/00-doc-template-controller.ts index da5dc9d..09dab18 100644 --- a/src/controllers/00-doc-template-controller.ts +++ b/src/controllers/00-doc-template-controller.ts @@ -34,6 +34,11 @@ const quotationData = (id: string) => }, }, customerBranch: { + omit: { + otpCode: true, + otpExpires: true, + userId: true, + }, include: { customer: true, businessType: true, diff --git a/src/controllers/03-customer-branch-controller.ts b/src/controllers/03-customer-branch-controller.ts index eda1546..a4d87e4 100644 --- a/src/controllers/03-customer-branch-controller.ts +++ b/src/controllers/03-customer-branch-controller.ts @@ -238,6 +238,11 @@ export class CustomerBranchController extends Controller { const [result, total] = await prisma.$transaction([ prisma.customerBranch.findMany({ orderBy: [{ code: "asc" }, { statusOrder: "asc" }, { createdAt: "asc" }], + omit: { + otpCode: true, + otpExpires: true, + userId: true, + }, include: { customer: includeCustomer, province: true, @@ -262,6 +267,11 @@ export class CustomerBranchController extends Controller { @Security("keycloak") async getById(@Path() branchId: string) { const record = await prisma.customerBranch.findFirst({ + omit: { + otpCode: true, + otpExpires: true, + userId: true, + }, include: { customer: true, province: true, @@ -352,6 +362,11 @@ export class CustomerBranchController extends Controller { include: branchRelationPermInclude(req.user), }, branch: { + omit: { + otpCode: true, + otpExpires: true, + userId: true, + }, take: 1, orderBy: { createdAt: "asc" }, }, diff --git a/src/controllers/03-customer-controller.ts b/src/controllers/03-customer-controller.ts index 7e16f2d..1854842 100644 --- a/src/controllers/03-customer-controller.ts +++ b/src/controllers/03-customer-controller.ts @@ -207,6 +207,11 @@ export class CustomerController extends Controller { district: true, subDistrict: true, }, + omit: { + otpCode: true, + otpExpires: true, + userId: true, + }, orderBy: [{ statusOrder: "asc" }, { createdAt: "asc" }], } : { @@ -215,6 +220,11 @@ export class CustomerController extends Controller { district: true, subDistrict: true, }, + omit: { + otpCode: true, + otpExpires: true, + userId: true, + }, take: 1, orderBy: { createdAt: "asc" }, }, @@ -245,6 +255,11 @@ export class CustomerController extends Controller { district: true, subDistrict: true, }, + omit: { + otpCode: true, + otpExpires: true, + userId: true, + }, orderBy: { createdAt: "asc" }, }, createdBy: true, @@ -316,6 +331,11 @@ export class CustomerController extends Controller { district: true, subDistrict: true, }, + omit: { + otpCode: true, + otpExpires: true, + userId: true, + }, }, createdBy: true, updatedBy: true, @@ -415,6 +435,11 @@ export class CustomerController extends Controller { district: true, subDistrict: true, }, + omit: { + otpCode: true, + otpExpires: true, + userId: true, + }, }, createdBy: true, updatedBy: true, @@ -453,7 +478,13 @@ export class CustomerController extends Controller { await deleteFolder(`customer/${customerId}`); const data = await tx.customer.delete({ include: { - branch: true, + branch: { + omit: { + otpCode: true, + otpExpires: true, + userId: true, + }, + }, registeredBranch: { include: { headOffice: true,