fix: hide exact quota values from account response (#16)

Closes #1 - hide exact quota values from GET /api/account - keep only the approximate quota bucket in the public account payload - add a regression test for the public account response contract - document that completed tasks should end with a PR Co-authored-by: sirily <sirily@git.shararam.party> Reviewed-on: #16
2026-03-10 15:52:16 +03:00
parent 55472de23d
commit 431a60f9c8
7 changed files with 162 additions and 70 deletions
--- a/apps/web/src/main.ts
+++ b/apps/web/src/main.ts
@@ -18,6 +18,7 @@ import {
  createGenerationRequest,
  type CreateGenerationRequestInput,
 } from "@nproxy/domain";
+import { serializePublicAccountOverview } from "./account-response.js";

 const config = loadConfig();
 const port = Number.parseInt(process.env.PORT ?? "3000", 10);
@@ -159,7 +160,7 @@ const server = createServer(async (request, response) => {
        return;
      }

-      sendJson(response, 200, serializeAccountOverview(overview));
+      sendJson(response, 200, serializePublicAccountOverview(overview));
      return;
    }

@@ -493,63 +494,6 @@ function serializeUserSession(
  };
 }

-function serializeAccountOverview(overview: {
-  user: {
-    id: string;
-    email: string;
-    isAdmin: boolean;
-    createdAt: Date;
-  };
-    subscription: {
-      id: string;
-      status: string;
-      renewsManually: boolean;
-      activatedAt?: Date;
-    currentPeriodStart?: Date;
-    currentPeriodEnd?: Date;
-    canceledAt?: Date;
-      plan: {
-        id: string;
-        code: string;
-        displayName: string;
-        monthlyRequestLimit: number;
-        monthlyPriceUsd: number;
-        billingCurrency: string;
-        isActive: boolean;
-      };
-    } | null;
-  quota: {
-    approximateBucket: number;
-    usedSuccessfulRequests: number;
-    monthlyRequestLimit: number;
-  } | null;
-}) {
-  return {
-    user: serializeAuthenticatedUser(overview.user),
-    subscription: overview.subscription
-      ? {
-          id: overview.subscription.id,
-          status: overview.subscription.status,
-          renewsManually: overview.subscription.renewsManually,
-          ...(overview.subscription.activatedAt
-            ? { activatedAt: overview.subscription.activatedAt.toISOString() }
-            : {}),
-          ...(overview.subscription.currentPeriodStart
-            ? { currentPeriodStart: overview.subscription.currentPeriodStart.toISOString() }
-            : {}),
-          ...(overview.subscription.currentPeriodEnd
-            ? { currentPeriodEnd: overview.subscription.currentPeriodEnd.toISOString() }
-            : {}),
-          ...(overview.subscription.canceledAt
-            ? { canceledAt: overview.subscription.canceledAt.toISOString() }
-            : {}),
-          plan: overview.subscription.plan,
-        }
-      : null,
-    quota: overview.quota,
-  };
-}
-
 function serializeBillingInvoice(invoice: {
  id: string;
  subscriptionId?: string;