Anonymizing response data with sibling types that doesent contain any userId

server/src/db.rs

@@ -1,4 +1,4 @@
-use crate::types::{Comment, Post, User};
+use crate::types::{Post, PublicComment, PublicPost, User};
 use argon2::{
     password_hash::{rand_core::OsRng, SaltString},
     Argon2, PasswordHasher, PasswordVerifier,
@@ -37,10 +37,10 @@ pub async fn db_get_comments(
     parent_post_id: i64,
     limit: i64,
     offset: i64,
-) -> Vec<Comment> {
+) -> Vec<PublicComment> {
     sqlx::query_as!(
-        Comment,
-        "SELECT * FROM comments WHERE parent_post_id = $1 ORDER BY created_at DESC LIMIT $2 OFFSET $3",
+        PublicComment,
+        "SELECT id, parent_post_id, parent_comment_id, upvotes, downvotes, content, created_at, updated_at FROM comments WHERE parent_post_id = $1 ORDER BY created_at DESC LIMIT $2 OFFSET $3",
         parent_post_id,
         limit,
         offset
@@ -51,10 +51,10 @@ pub async fn db_get_comments(
 }
 
 /// Gets the latest posts from the database, ordered by created_at
-pub async fn db_get_latest_posts(pool: &PgPool, limit: i64, offset: i64) -> Vec<Post> {
+pub async fn db_get_latest_posts(pool: &PgPool, limit: i64, offset: i64) -> Vec<PublicPost> {
     sqlx::query_as!(
-        Post,
-        "SELECT * FROM posts ORDER BY created_at DESC LIMIT $1 OFFSET $2",
+        PublicPost,
+        "SELECT id, content, upvotes, downvotes, created_at, updated_at FROM posts ORDER BY created_at DESC LIMIT $1 OFFSET $2",
         limit,
         offset
     )
@@ -64,11 +64,15 @@ pub async fn db_get_latest_posts(pool: &PgPool, limit: i64, offset: i64) -> Vec<
 }
 
 /// Gets the post with id from the database
-pub async fn db_get_post(id: i64, pool: &PgPool) -> Option<Post> {
-    sqlx::query_as!(Post, "SELECT * FROM posts WHERE id = $1", id)
-        .fetch_one(pool)
-        .await
-        .ok()
+pub async fn db_get_post(id: i64, pool: &PgPool) -> Option<PublicPost> {
+    sqlx::query_as!(
+        PublicPost,
+        "SELECT id, content, upvotes, downvotes, created_at, updated_at FROM posts WHERE id = $1",
+        id
+    )
+    .fetch_one(pool)
+    .await
+    .ok()
 }
 
 /// Inserts a new post to the database

server/src/types/comment.rs

@@ -10,7 +10,6 @@ pub struct NewComment {
 }
 
 /// The comment as it is stored in the database, with all the related metadata
-/// This is also the comment as it is sent to the client
 #[derive(Debug, Serialize, Deserialize, Clone, sqlx::FromRow)]
 pub struct Comment {
     pub id: i64,
@@ -24,6 +23,19 @@ pub struct Comment {
     pub updated_at: chrono::NaiveDateTime,
 }
 
+/// This is the comment as it is sent to the client, with only the public metadata
+#[derive(Debug, Serialize, Deserialize, Clone, sqlx::FromRow)]
+pub struct PublicComment {
+    pub id: i64,
+    pub parent_post_id: i64,
+    pub parent_comment_id: Option<i64>,
+    pub upvotes: i64,
+    pub downvotes: i64,
+    pub content: String,
+    pub created_at: chrono::NaiveDateTime,
+    pub updated_at: chrono::NaiveDateTime,
+}
+
 /// Query parameters for the /comments endpoint
 #[derive(Debug, Serialize, Deserialize)]
 pub struct CommentQueryParams {

server/src/types/post.rs

@@ -21,6 +21,17 @@ pub struct Post {
     pub updated_at: chrono::NaiveDateTime,
 }
 
+// The post as it is sent to the client, with only the public metadata
+#[derive(Debug, Serialize, Deserialize, Clone, FromRow)]
+pub struct PublicPost {
+    pub id: i64,
+    pub content: String,
+    pub upvotes: i64,
+    pub downvotes: i64,
+    pub created_at: chrono::NaiveDateTime,
+    pub updated_at: chrono::NaiveDateTime,
+}
+
 // These look like /posts?limit=10&offset=20 in the URL
 // Note that these are optional
 /// Query parameters for the /posts endpoint