Do not leak Github API access token to client side

This commit is contained in:
Teemu Patja 2017-02-22 10:47:53 +02:00
parent 89475a9365
commit f932b3705d
No known key found for this signature in database
GPG Key ID: F5B7035E6580FD4C
1 changed files with 5 additions and 1 deletions

View File

@ -100,12 +100,15 @@
(context "/api" [] (context "/api" []
(context "/bounties" [] (context "/bounties" []
(GET "/all" [] (GET "/all" []
(log/debug "/bounties/all")
(ok (bounties-db/list-all-bounties)))) (ok (bounties-db/list-all-bounties))))
(context "/user" [] (context "/user" []
(GET "/" [] (GET "/" []
:auth-rules authenticated? :auth-rules authenticated?
:current-user user :current-user user
(ok {:user (users/get-user (:id user))})) (ok {:user (dissoc
(users/get-user (:id user))
:token)}))
(POST "/address" [] (POST "/address" []
:auth-rules authenticated? :auth-rules authenticated?
:body-params [user-id :- Long, address :- String] :body-params [user-id :- Long, address :- String]
@ -141,6 +144,7 @@
(GET "/bounties" [] (GET "/bounties" []
:auth-rules authenticated? :auth-rules authenticated?
:current-user user :current-user user
(log/debug "/user/bounties")
(ok (map #(conj % (let [balance (:balance %)] (ok (map #(conj % (let [balance (:balance %)]
{:balance-eth (eth/hex->eth balance 6)})) {:balance-eth (eth/hex->eth balance 6)}))
(bounties-db/list-owner-bounties (:id user))))) (bounties-db/list-owner-bounties (:id user)))))