Overview
src/utils/masking/ provides field masking utilities but they must be applied manually per endpoint. A new endpoint that returns a User object without applying masking will leak PII (email, phone, passwordHistory, refreshToken) to unprivileged roles.
Specifications
Features:
- Apply role-based field visibility automatically at the global serialization layer.
- Mark entity fields with visibility decorators and strip them based on the request's role.
Tasks:
- Create
@VisibleTo(...roles) decorator that annotates entity fields.
- Create a global
RoleVisibilityInterceptor that removes fields the current user's role cannot see before serialization.
- Apply
@VisibleTo(UserRole.ADMIN) to refreshToken, passwordHistory, providerAccessToken.
- Add unit tests for each role level.
Impacted Files:
src/utils/masking/role-visibility.util.tssrc/users/entities/user.entity.ts
Acceptance Criteria
- STUDENT role response never contains
refreshToken or passwordHistory.
- ADMIN role response includes all fields.
- Adding
@VisibleTo to a new field automatically enforces visibility.
Overview
src/utils/masking/provides field masking utilities but they must be applied manually per endpoint. A new endpoint that returns aUserobject without applying masking will leak PII (email, phone, passwordHistory, refreshToken) to unprivileged roles.Specifications
Features:
Tasks:
@VisibleTo(...roles)decorator that annotates entity fields.RoleVisibilityInterceptorthat removes fields the current user's role cannot see before serialization.@VisibleTo(UserRole.ADMIN)torefreshToken,passwordHistory,providerAccessToken.Impacted Files:
src/utils/masking/role-visibility.util.tssrc/users/entities/user.entity.tsAcceptance Criteria
refreshTokenorpasswordHistory.@VisibleToto a new field automatically enforces visibility.