From 73065f0756039f75ee517832d3864dbd92cfcd37 Mon Sep 17 00:00:00 2001
From: Matas R <matas2k@gmail.com>
Date: Wed, 14 Aug 2019 13:11:40 +0300
Subject: [PATCH] added missing alias for setup script; added user cleaner to
 remove password hashes from user object returns; fixed multiple issues with
 setup variable setting

---
 README.md                 |  4 ++--
 package.json              |  2 +-
 setup.js                  | 22 +++++++++++++---------
 src/external/utilities.js |  5 +++++
 src/server.js             |  8 ++++----
 5 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index e21931c..5d6e117 100644
--- a/README.md
+++ b/README.md
@@ -28,8 +28,8 @@ Demo website coming soon™.
 # install dependencies
 $ npm install
 
-# run config
-$ npm run config
+# run setup
+$ npm run setup
 
 # serve with hot reload at localhost:3000
 $ npm run dev
diff --git a/package.json b/package.json
index 5bffd36..b512dbe 100644
--- a/package.json
+++ b/package.json
@@ -3,7 +3,6 @@
   "version": "1.0.1",
   "description": "A vue/nuxtjs/passport/bulma boilerplate for express.",
   "author": "Scharkee",
-  "private": true,
   "scripts": {
     "dev": "node src/server.js",
     "build": "nuxt build",
@@ -13,6 +12,7 @@
     "lint": "eslint --ext .js,.vue --ignore-path .gitignore .",
     "test": "ava --serial --verbose",
     "setup": "node setup.js",
+    "config": "npm run setup",
     "setup:headless": "node setup.js --headless"
   },
   "dependencies": {
diff --git a/setup.js b/setup.js
index 58f7b9b..c59d1e9 100644
--- a/setup.js
+++ b/setup.js
@@ -6,10 +6,13 @@ let passportKeys = require("./config/passportKeysExample.json");
 
 fs.ensureDirSync("./db/");
 
-if (process.argv[2]=="--headless") {
+if (process.argv[2] == "--headless") {
   // saving defaults
-  fs.copySync('./config/configExample.json', './config/config.json')
-  fs.copySync('./config/passportKeysExample.json', './config/passportKeys.json')
+  fs.copySync("./config/configExample.json", "./config/config.json");
+  fs.copySync(
+    "./config/passportKeysExample.json",
+    "./config/passportKeys.json"
+  );
   process.exit(0);
 }
 
@@ -19,7 +22,7 @@ console.log("Starting setup...");
 config.self_hosted =
   prompt(
     "Use Auto-generated TLS? (will require ports 80 and 443) (y/N): ",
- false
+    "n"
   ).toLowerCase() == "y";
 
 if (config.self_hosted) {
@@ -28,7 +31,7 @@ if (config.self_hosted) {
   config.tls.tos =
     prompt(
       "Do you agree with the LetsEncrypt TOS? (Y/n): ",
-      true
+      "y"
     ).toLowerCase() == "y";
 
   if (!config.tls.tos) {
@@ -52,10 +55,11 @@ if (config.self_hosted) {
 
 if (!config.self_hosted) {
   config.port = ~~prompt("Enter port (7777): ", config.port);
-  config.secure_override = ~~prompt(
-    "Will you use an external HTTPS/TLS provider proxy? Secure cookies will be enabled, if yes (y/N): ",
-    false
-  );
+  config.secure_override =
+    ~~prompt(
+      "Will you use an external HTTPS/TLS provider proxy? Secure cookies will be enabled, if yes (y/N): ",
+      "n"
+    ).toLowerCase() == "y";
 }
 
 if (
diff --git a/src/external/utilities.js b/src/external/utilities.js
index bc10cda..380da51 100644
--- a/src/external/utilities.js
+++ b/src/external/utilities.js
@@ -30,6 +30,11 @@ const utilities = {
         msg: message || "An error has occured."
       }
     };
+  },
+  cleanUser: function cleanUser(user) {
+    delete user.data.password;
+    delete user._data.password;
+    return user;
   }
 };
 
diff --git a/src/server.js b/src/server.js
index 2d76b43..9112c6f 100644
--- a/src/server.js
+++ b/src/server.js
@@ -151,7 +151,7 @@ app.post("/login", (req, res) => {
         meta: {
           error: false
         },
-        user: user
+        user:  utils.cleanUser(Object.assign({}, user))
       });
     });
   })(req, res);
@@ -231,7 +231,7 @@ app.post("/register", (req, res, next) => {
               error: false,
               msg: "You have successfully registered!"
             },
-            user: newDoc
+            user: utils.cleanUser(Object.assign({}, newDoc))
           });
         }
       );
@@ -293,7 +293,7 @@ app.patch("/changePassword", (req, res) => {
     })
     .then(r => {
       return res.json({
-        user: r,
+        user: utils.cleanUser(Object.assign({}, r)),
         meta: {
           error: false,
           msg: "You have successfully changed your password!"
@@ -327,7 +327,7 @@ app.post("/unlink", (req, res) => {
 
   user.saveUser().then(r => {
     return res.json({
-      user: user,
+      user: utils.cleanUser(Object.assign({}, user)),
       meta: {
         error: false,
         msg: `You have successfully unlinked your ${req.body.toUnlink} account!`