From 2efb331370458e6ddf3789658ac67f1df1da338b Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Wed, 7 Dec 2022 17:48:46 +0100 Subject: [PATCH] Feature/improve value redaction interceptor (#1495) * Improve value redaction interceptor * Update changelog --- CHANGELOG.md | 1 + .../order/interfaces/activities.interface.ts | 1 + apps/api/src/app/order/order.controller.ts | 21 ++--------- .../redact-values-in-response.interceptor.ts | 36 +++++++++++++++++-- 4 files changed, 38 insertions(+), 21 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index df6e56450..6e96e0d34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed +- Improved the value redaction interceptor (including `comment`) - Improved the language localization for EspaƱol (`es`) - Upgraded `prisma` from version `4.6.1` to `4.7.1` diff --git a/apps/api/src/app/order/interfaces/activities.interface.ts b/apps/api/src/app/order/interfaces/activities.interface.ts index e14adce0b..31b345b46 100644 --- a/apps/api/src/app/order/interfaces/activities.interface.ts +++ b/apps/api/src/app/order/interfaces/activities.interface.ts @@ -6,5 +6,6 @@ export interface Activities { export interface Activity extends OrderWithAccount { feeInBaseCurrency: number; + value: number; valueInBaseCurrency: number; } diff --git a/apps/api/src/app/order/order.controller.ts b/apps/api/src/app/order/order.controller.ts index 5f9e1522d..5a46f0866 100644 --- a/apps/api/src/app/order/order.controller.ts +++ b/apps/api/src/app/order/order.controller.ts @@ -1,5 +1,3 @@ -import { UserService } from '@ghostfolio/api/app/user/user.service'; -import { nullifyValuesInObjects } from '@ghostfolio/api/helper/object.helper'; import { RedactValuesInResponseInterceptor } from '@ghostfolio/api/interceptors/redact-values-in-response.interceptor'; import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request.interceptor'; import { TransformDataSourceInResponseInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-response.interceptor'; @@ -39,8 +37,7 @@ export class OrderController { private readonly apiService: ApiService, private readonly impersonationService: ImpersonationService, private readonly orderService: OrderService, - @Inject(REQUEST) private readonly request: RequestWithUser, - private readonly userService: UserService + @Inject(REQUEST) private readonly request: RequestWithUser ) {} @Delete(':id') @@ -87,7 +84,7 @@ export class OrderController { ); const userCurrency = this.request.user.Settings.settings.baseCurrency; - let activities = await this.orderService.getOrders({ + const activities = await this.orderService.getOrders({ filters, userCurrency, includeDrafts: true, @@ -95,20 +92,6 @@ export class OrderController { withExcludedAccounts: true }); - if ( - impersonationUserId || - this.userService.isRestrictedView(this.request.user) - ) { - activities = nullifyValuesInObjects(activities, [ - 'fee', - 'feeInBaseCurrency', - 'quantity', - 'unitPrice', - 'value', - 'valueInBaseCurrency' - ]); - } - return { activities }; } diff --git a/apps/api/src/interceptors/redact-values-in-response.interceptor.ts b/apps/api/src/interceptors/redact-values-in-response.interceptor.ts index 4a9c5bef2..fa1b7f7f7 100644 --- a/apps/api/src/interceptors/redact-values-in-response.interceptor.ts +++ b/apps/api/src/interceptors/redact-values-in-response.interceptor.ts @@ -1,4 +1,5 @@ import { Activity } from '@ghostfolio/api/app/order/interfaces/activities.interface'; +import { UserService } from '@ghostfolio/api/app/user/user.service'; import { CallHandler, ExecutionContext, @@ -12,7 +13,7 @@ import { map } from 'rxjs/operators'; export class RedactValuesInResponseInterceptor implements NestInterceptor { - public constructor() {} + public constructor(private userService: UserService) {} public intercept( context: ExecutionContext, @@ -23,7 +24,10 @@ export class RedactValuesInResponseInterceptor const request = context.switchToHttp().getRequest(); const hasImpersonationId = !!request.headers?.['impersonation-id']; - if (hasImpersonationId) { + if ( + hasImpersonationId || + this.userService.isRestrictedView(request.user) + ) { if (data.accounts) { for (const accountId of Object.keys(data.accounts)) { if (data.accounts[accountId]?.balance !== undefined) { @@ -38,6 +42,34 @@ export class RedactValuesInResponseInterceptor activity.Account.balance = null; } + if (activity.comment !== undefined) { + activity.comment = null; + } + + if (activity.fee !== undefined) { + activity.fee = null; + } + + if (activity.feeInBaseCurrency !== undefined) { + activity.feeInBaseCurrency = null; + } + + if (activity.quantity !== undefined) { + activity.quantity = null; + } + + if (activity.unitPrice !== undefined) { + activity.unitPrice = null; + } + + if (activity.value !== undefined) { + activity.value = null; + } + + if (activity.valueInBaseCurrency !== undefined) { + activity.valueInBaseCurrency = null; + } + return activity; }); }