I am using user pointer in one of my object.
I was wondering if attributes.authData
is considered as sensitive data that shouldn’t be accessible from the front end?
I am using user pointer in one of my object.
I was wondering if attributes.authData
is considered as sensitive data that shouldn’t be accessible from the front end?
I think that you should not show that info in front end
is there a way to not returned this data by default? it is annoying if i have to create cloud function for everything containing user data
how do you get that data now?
you could try to use query.select to specify what to include
how? query.find().select() ?
you can search google how to use .select .include for parse server in general, you can also find on other forum posts
I have noticed a bug:
From the browser, when i am using query.select("createdBy");
with createdBy
a pointer to User, I can see in the network the response data being sent with the objectId.
However, when debugging my app into the code, the createdBy
field is undefined. Probably the SDK is removing the data? Although I am getting it from the server perspective.
And something really weird is that it is working with live queries.
query.select("createdBy");
const subscription = await query.subscribe();
subscription.on("create", (obj) => {
const { id, attributes } = obj;
// attributes.createdBy.id exists
})
you mean that the data makes is locally from the server to the browser, but it doesn’t show it from javascript console?
the data got from the server is not shown in the JS console
if you try to use console.log(obj)
or console.log(JSON.stringify(ops))
what you get?
createdBy: {
id: "wxuefewrgwrgwOoG"
}
When the user pointer is not my user, i only get the Id
usually you don’t get other users data without using master key
there is a bug then! try with live queries, you get all users’ data
you mean that you get more than user id?
const query = new Moralis.Query("Product");
query.select("createdBy");
const subscription = await query.subscribe();
subscription.on("create", (song) => {
console.log(song.attributes.createdBy);
})
// console.log()
// attributes: Object
// ACL: ParseACL {permissionsById: {…}}
// createdAt: Fri Dec 17 2021 08:21:34 GMT+0100 (Central European Standard Time) {}
// ethAddress: "0x41e7e3fc64c31c7968e375c86182222a494ee234"
// isOnline: true
// updatedAt: Wed Jan 26 2022 23:03:58 GMT+0100 (Central European Standard Time) {}
As you can see, everything is returned. Without using master key.
@samteb, can you check again now with latest version of Moralis SDK?
It looks like it was a cacheing problem in the sdk and user data was not sent from the server in that case.
Last version of the SDK, the one using ether.js?
yes, the one using ether.js