hide some user's properties on BE in response, edit User model

.env.example

@@ -3,5 +3,5 @@
 #
 
 APP_NAME=litter-go
-APP_VERSION=0.35.18
+APP_VERSION=0.35.19
 GOLANG_VERSION=1.22

api/swagger.json

@@ -13,7 +13,7 @@
             "name": "MIT",
             "url": "https://github.com/krustowski/litter-go/blob/master/LICENSE"
         },
-        "version": "0.35.18"
+        "version": "0.35.19"
     },
     "host": "littr.eu",
     "basePath": "/api/v1",

pkg/backend/posts/controllers.go

@@ -83,12 +83,6 @@ func getPosts(w http.ResponseWriter, r *http.Request) {
 	resp.Message = "ok, dumping posts"
 	resp.Code = http.StatusOK
 
-	// flush email addresses
-	for key, user := range uExport {
-		user.Email = ""
-		uExport[key] = user
-	}
-
 	// hack: include caller's models.User struct
 	if caller, ok := db.GetOne(db.UserCache, callerID, models.User{}); !ok {
 		resp.Message = "cannot fetch such callerID-named user"
@@ -101,6 +95,21 @@ func getPosts(w http.ResponseWriter, r *http.Request) {
 		uExport[callerID] = caller
 	}
 
+	// TODO: use DTO
+	for key, user := range uExport {
+		user.Passphrase = ""
+		user.PassphraseHex = ""
+		user.Email = ""
+
+		if user.Nickname != callerID {
+			user.FlowList = nil
+			user.ShadeList = nil
+			user.RequestList = nil
+		}
+
+		uExport[key] = user
+	}
+
 	resp.Posts = pExport
 	resp.Users = uExport
 

pkg/backend/router.go

@@ -1,5 +1,5 @@
 // @title		litter-go
-// @version	 	0.35.18
+// @version	 	0.35.19
 // @description		nanoblogging platform as PWA built on go-app framework
 // @termsOfService	https://littr.eu/tos
 

pkg/backend/users/controllers.go

@@ -47,10 +47,16 @@ func getUsers(w http.ResponseWriter, r *http.Request) {
 
 	// flush email addresses
 	for key, user := range users {
-		if key == caller {
-			continue
-		}
+		user.Passphrase = ""
+		user.PassphraseHex = ""
 		user.Email = ""
+
+		if user.Nickname != caller {
+			user.FlowList = nil
+			user.ShadeList = nil
+			user.RequestList = nil
+		}
+
 		users[key] = user
 	}
 

pkg/models/user.go

@@ -15,19 +15,19 @@ type User struct {
 	FullName string `json:"full_name"`
 
 	// Passphrase is a hashed pass phrase string (binary form).
-	Passphrase string `json:"passphrase"`
+	Passphrase string `json:"passphrase,omitempty"`
 
 	// PassphraseHex is a hashed pass phrase string (hexadecimal alphanumberic form).
-	PassphraseHex string `json:"passphrase_hex"`
+	PassphraseHex string `json:"passphrase_hex,omitempty"`
 
 	// Email is a primary user's e-mail address.
-	Email string `json:"email"`
+	Email string `json:"email,omitempty"`
 
 	// Web is user's personal homepage.
 	Web string `json:"web"`
 
 	// AvatarURL is an URL to the user's custom profile picture.
-	AvatarURL string `json:"avatar_url"`
+	AvatarURL string `json:"avatar_url,omitempty"`
 
 	// About is a description string of such user.
 	About string `json:"about"`
@@ -39,13 +39,13 @@ type User struct {
 	Private bool `json:"private"`
 
 	// FlowList is a string map of users, which posts should be added to one's flow page.
-	FlowList map[string]bool `json:"flow_list"`
+	FlowList map[string]bool `json:"flow_list,omitempty"`
 
 	// ShadeList is a map of account/users to be shaded (soft-blocked) from following.
-	ShadeList map[string]bool `json:"shade_list"`
+	ShadeList map[string]bool `json:"shade_list,omitempty"`
 
 	// RequestList is a map of account requested to add this user to their flow --- used with the Private property.
-	RequestList map[string]bool `json:"request_list"`
+	RequestList map[string]bool `json:"request_list,omitempty"`
 
 	// FlowToggle is a single implementation of FlowList.
 	FlowToggle string `json:"flow_toggle"`