feat: Filter out disabled users in search and retrieval methods in UserController

Author: fox3000foxy

dist/controllers/UserController.js

@@ -478,7 +478,12 @@ let Users = class Users {
             return this.sendError(res, 400, "Missing search query");
         }
         try {
-            const users = await this.userService.searchUsersByUsername(query);
+            // Only return non-disabled users (assume disabled is present if returned from service)
+            const usersRaw = await this.userService.searchUsersByUsername(query);
+            const users = usersRaw.filter(user => {
+                // Accept if disabled is not present or is falsy
+                return !("disabled" in user) || !user["disabled"];
+            });
             await this.createLog(req, "searchUsers", "users", 200);
             res.send(users.map((user) => this.mapUserSearch(user)));
         }
@@ -497,7 +502,8 @@ let Users = class Users {
         }
         const { userId } = req.params;
         const userWithData = await this.userService.getUserWithPublicProfile(userId);
-        if (!userWithData) {
+        // Only allow non-disabled users
+        if (!userWithData || ("disabled" in userWithData && userWithData["disabled"])) {
             await this.createLog(req, "getUser", "users", 404);
             return this.sendError(res, 404, "User not found");
         }
@@ -869,7 +875,7 @@ __decorate([
         },
         example: "GET /api/users/123",
     }),
-    (0, inversify_express_utils_1.httpGet)("/:userId"),
+    (0, inversify_express_utils_1.httpGet)(":userId"),
     __metadata("design:type", Function),
     __metadata("design:paramtypes", [Object, Object]),
     __metadata("design:returntype", Promise)

dist/interfaces/User.d.ts

@@ -50,3 +50,9 @@ export interface Oauth2User {
     discord_id?: string;
     google_id?: string;
 }
+export interface Friend {
+    user_1: string;
+    user_2: string;
+    datetime?: string;
+    status: 'pending' | 'approved';
+}

src/controllers/UserController.ts

@@ -542,7 +542,12 @@ export class Users {
 			return this.sendError(res, 400, "Missing search query");
 		}
 		try {
-			const users: PublicUser[] = await this.userService.searchUsersByUsername(query);
+			// Only return non-disabled users (assume disabled is present if returned from service)
+			const usersRaw = await this.userService.searchUsersByUsername(query);
+			const users = usersRaw.filter(user => {
+				// Accept if disabled is not present or is falsy
+				return !("disabled" in user) || !user["disabled"];
+			});
 			await this.createLog(req, "searchUsers", "users", 200);
 			res.send(users.map((user) => this.mapUserSearch(user)));
 		} catch (error) {
@@ -571,7 +576,7 @@ export class Users {
 		},
 		example: "GET /api/users/123",
 	})
-	@httpGet("/:userId")
+	@httpGet(":userId")
 	public async getUser(req: Request, res: Response) {
 		try {
 			await userIdParamValidator.validate(req.params);
@@ -581,7 +586,8 @@ export class Users {
 		}
 		const { userId } = req.params;
 		const userWithData = await this.userService.getUserWithPublicProfile(userId);
-		if (!userWithData) {
+		// Only allow non-disabled users
+		if (!userWithData || ("disabled" in userWithData && userWithData["disabled"])) {
 			await this.createLog(req, "getUser", "users", 404);
 			return this.sendError(res, 404, "User not found");
 		}