changed the privacyOptions to be a whitelist instead of a blacklist to avoid accidental leak of information.

2025-03-06 10:01:40 -05:00 · 2014-09-08 13:44:49 +08:00 · 2014-09-08 13:44:49 +08:00 · 3b1b146bc7
commit 3b1b146bc7
parent 7ea30d173d
1 changed files with 25 additions and 13 deletions
--- a/lib/publications.js
+++ b/lib/publications.js
@ -1,13 +1,25 @@
-privacyOptions = { // false means private
-  secret_id: false,
-  isAdmin: false,
-  emails: false,
-  notifications: false,
-  inviteCount: false,
-  'profile.email': false,
-  'services.twitter.accessToken': false,
-  'services.twitter.accessTokenSecret': false,
-  'services.twitter.id': false,
-  'services.password': false,
-  'services.resume': false
-};
+privacyOptions = { // true means exposed
+  _id: true,
+  commentCount: true,
+  createdAt: true,
+  email_hash: true,
+  isInvited: true,
+  karma: true,
+  postCount: true,
+  slug: true,
+  username: true,
+  'profile.name': true,
+  'profile.notifications': true,
+  'profile.bio': true,
+  'profile.github': true,
+  'profile.site': true,
+  'profile.twitter': true,
+  'services.twitter.profile_image_url': true,
+  'services.facebook.id': true,
+  'services.twitter.screenName': true,
+  'services.github.screenName': true, // Github is not really used, but there are some mentions to it in the code
+  'votes.downvotedComments': true,
+  'votes.downvotedPosts': true,
+  'votes.upvotedComments': true,
+  'votes.upvotedPosts': true,
+};