From 340b02bbf21fa663215bf15f8ef2c6dd9d962035 Mon Sep 17 00:00:00 2001
From: undefined <i@undefined.moe>
Date: Wed, 27 Jul 2022 21:40:12 +0800
Subject: [PATCH] core: limit sdoc payload

---
 .eslintrc.yaml                       | 2 +-
 packages/hydrooj/package.json        | 2 +-
 packages/hydrooj/src/handler/user.ts | 8 +-------
 packages/hydrooj/src/model/token.ts  | 7 +++++--
 4 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/.eslintrc.yaml b/.eslintrc.yaml
index 390efc8c..b6d29728 100644
--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@@ -112,7 +112,7 @@ rules:
   no-underscore-dangle: 0
   prefer-destructuring: 0
   function-paren-newline: 0
-  simple-import-sort/imports: 
+  simple-import-sort/imports:
    - warn
    - groups:
      - ["^\\u0000"]
diff --git a/packages/hydrooj/package.json b/packages/hydrooj/package.json
index 639b0672..806612be 100644
--- a/packages/hydrooj/package.json
+++ b/packages/hydrooj/package.json
@@ -1,6 +1,6 @@
 {
     "name": "hydrooj",
-    "version": "3.14.19",
+    "version": "3.14.20",
     "bin": "bin/hydrooj.js",
     "main": "src/loader",
     "module": "src/loader",
diff --git a/packages/hydrooj/src/handler/user.ts b/packages/hydrooj/src/handler/user.ts
index c4453672..bb0d7a2c 100644
--- a/packages/hydrooj/src/handler/user.ts
+++ b/packages/hydrooj/src/handler/user.ts
@@ -294,7 +294,7 @@ class UserDetailHandler extends Handler {
         const isSelfProfile = this.user._id === uid;
         const [udoc, sdoc, union] = await Promise.all([
             user.getById(domainId, uid),
-            token.getMostRecentSessionByUid(uid),
+            token.getMostRecentSessionByUid(uid, ['createAt', 'updateAt']),
             domain.getUnion(domainId),
         ]);
         if (!udoc) throw new UserNotFoundError(uid);
@@ -319,12 +319,6 @@ class UserDetailHandler extends Handler {
             }
         }
         const tags = Object.entries(acInfo).sort((a, b) => b[1] - a[1]).slice(0, 20);
-        // Remove sensitive data
-        if (!isSelfProfile && sdoc) {
-            sdoc.createIp = '';
-            sdoc.updateIp = '';
-            sdoc._id = '';
-        }
         this.response.template = 'user_detail.html';
         this.response.body = {
             isSelfProfile, udoc, sdoc, pdocs, tags,
diff --git a/packages/hydrooj/src/model/token.ts b/packages/hydrooj/src/model/token.ts
index 72847694..5beddd09 100644
--- a/packages/hydrooj/src/model/token.ts
+++ b/packages/hydrooj/src/model/token.ts
@@ -82,8 +82,11 @@ class TokenModel {
     }
 
     @ArgMethod
-    static async getMostRecentSessionByUid(uid: number) {
-        return await TokenModel.coll.findOne({ uid, tokenType: TokenModel.TYPE_SESSION }, { sort: { updateAt: -1 } });
+    static async getMostRecentSessionByUid(uid: number, projection: string[]) {
+        return await TokenModel.coll.findOne(
+            { uid, tokenType: TokenModel.TYPE_SESSION },
+            { projection: { _id: 0, ...Object.fromEntries(projection.map((i) => [i, 1])) }, sort: { updateAt: -1 } },
+        );
     }
 
     @ArgMethod