fix: security breach issue in docs api's + add: feature getALL docs

Author: Arunkoo

Client/.vite/deps/_metadata.json

@@ -0,0 +1,8 @@
+{
+  "hash": "69c67ab5",
+  "configHash": "256baf21",
+  "lockfileHash": "2bcb4725",
+  "browserHash": "03db4624",
+  "optimized": {},
+  "chunks": {}
+}

Client/.vite/deps/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}

backend/src/documents/document.controller.ts

@@ -48,6 +48,15 @@ export class DocumentController {
     );
   }
 
+  //find all....
+  @Get()
+  findAllDocs(
+    @Req() req: CustomRequest,
+    @Param('workspaceId') workspaceId: string,
+  ) {
+    return this.documentService.findAll(req.user.userId, workspaceId);
+  }
+
   @Patch(':documentId')
   updateDocs(
     @Req() req: CustomRequest,

backend/src/documents/document.service.ts

@@ -32,6 +32,12 @@ export class DocumentService {
     }
     return membership;
   }
+  private readonly safeUserSelect = {
+    id: true,
+    name: true,
+    email: true,
+    role: true,
+  };
 
   //create document under specified workspace..
   async createDocument(
@@ -48,7 +54,11 @@ export class DocumentService {
         workspace: { connect: { id: workspaceId } },
         createdBy: { connect: { id: userId } },
       },
-      include: { createdBy: true },
+      include: {
+        createdBy: {
+          select: this.safeUserSelect,
+        },
+      },
     });
   }
 
@@ -61,7 +71,7 @@ export class DocumentService {
         id: documentId,
         workspaceId: workspaceId,
       },
-      include: { createdBy: true },
+      include: { createdBy: { select: this.safeUserSelect } },
     });
 
     if (!document) {
@@ -81,7 +91,7 @@ export class DocumentService {
       orderBy: {
         updatedAt: 'desc',
       },
-      include: { createdBy: true },
+      include: { createdBy: { select: this.safeUserSelect } },
     });
   }