Don't expose wallet address in /api/v1/accounts/{account_id} response

This commit is contained in:
silverpill 2022-05-19 23:01:12 +00:00
parent 74d5c97405
commit 5e7d3ab434
3 changed files with 2 additions and 24 deletions

View file

@ -699,7 +699,7 @@ components:
items: items:
$ref: '#/components/schemas/Field' $ref: '#/components/schemas/Field'
wallet_address: wallet_address:
description: Ethereum wallet address. description: Ethereum wallet address (visibile only to the current user).
type: string type: string
example: '0xd8da6bf...' example: '0xd8da6bf...'
Attachment: Attachment:

View file

@ -26,7 +26,6 @@ use crate::mastodon_api::statuses::types::Status;
use crate::models::posts::queries::get_posts_by_author; use crate::models::posts::queries::get_posts_by_author;
use crate::models::profiles::queries::{ use crate::models::profiles::queries::{
get_profile_by_id, get_profile_by_id,
get_wallet_address,
update_profile, update_profile,
}; };
use crate::models::profiles::types::{IdentityProof, ProfileUpdateData}; use crate::models::profiles::types::{IdentityProof, ProfileUpdateData};
@ -151,9 +150,7 @@ async fn get_account(
) -> Result<HttpResponse, HttpError> { ) -> Result<HttpResponse, HttpError> {
let db_client = &**get_database_client(&db_pool).await?; let db_client = &**get_database_client(&db_pool).await?;
let profile = get_profile_by_id(db_client, &account_id).await?; let profile = get_profile_by_id(db_client, &account_id).await?;
let maybe_wallet_address = get_wallet_address(db_client, &profile.id).await?; let account = Account::from_profile(profile, &config.instance_url());
let mut account = Account::from_profile(profile, &config.instance_url());
account.wallet_address = maybe_wallet_address;
Ok(HttpResponse::Ok().json(account)) Ok(HttpResponse::Ok().json(account))
} }

View file

@ -423,25 +423,6 @@ pub async fn search_profile_by_wallet_address(
Ok(results) Ok(results)
} }
/// Get wallet address corresponding to local profile
pub async fn get_wallet_address(
db_client: &impl GenericClient,
profile_id: &Uuid,
) -> Result<Option<String>, DatabaseError> {
let maybe_row = db_client.query_opt(
"
SELECT user_account.wallet_address
FROM actor_profile
LEFT JOIN user_account ON (actor_profile.id = user_account.id)
WHERE actor_profile.id = $1
",
&[&profile_id],
).await?;
let row = maybe_row.ok_or(DatabaseError::NotFound("profile"))?;
let wallet_address = row.try_get("wallet_address")?;
Ok(wallet_address)
}
pub async fn update_follower_count( pub async fn update_follower_count(
db_client: &impl GenericClient, db_client: &impl GenericClient,
profile_id: &Uuid, profile_id: &Uuid,