From f6780e7a9b153f98a02277e77ef7be3e668c0f62 Mon Sep 17 00:00:00 2001
From: Nick Krecklow <hello@github.nklow.com>
Date: Fri, 8 May 2020 16:22:24 -0500
Subject: [PATCH] prevent data leakage when sending server.data

---
 lib/app.js     |  2 +-
 lib/servers.js | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/app.js b/lib/app.js
index 22127ad..82c2b0a 100644
--- a/lib/app.js
+++ b/lib/app.js
@@ -71,7 +71,7 @@ class App {
           graphDurationLabel: config.graphDurationLabel || (Math.floor(config.graphDuration / (60 * 60 * 1000)) + 'h'),
           graphMaxLength: TimeTracker.getMaxGraphDataLength(),
           serverGraphMaxLength: TimeTracker.getMaxServerGraphDataLength(),
-          servers: this.serverRegistrations.map(serverRegistration => serverRegistration.data),
+          servers: this.serverRegistrations.map(serverRegistration => serverRegistration.getPublicData()),
           minecraftVersions: minecraftVersionNames,
           isGraphVisible: config.logToDatabase
         }
diff --git a/lib/servers.js b/lib/servers.js
index 3fd5c6f..9b1a372 100644
--- a/lib/servers.js
+++ b/lib/servers.js
@@ -303,6 +303,16 @@ class ServerRegistration {
       message: message
     }
   }
+
+  getPublicData () {
+    // Return a custom object instead of data directly to avoid data leakage
+    return {
+      name: this.data.name,
+      ip: this.data.ip,
+      type: this.data.type,
+      color: this.data.color
+    }
+  }
 }
 
 module.exports = ServerRegistration