From 79f18af7749ad1ecc3ba07cf91336fcbfe6384fa Mon Sep 17 00:00:00 2001
From: Carlos Castro <carlos.castro@mongodb.com>
Date: Wed, 31 Jul 2024 16:18:44 +0100
Subject: [PATCH 1/2] remove email from players on open APIs;

---
 rest_service/Controllers/PlayersController.cs | 26 +++++++++++++++----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/rest_service/Controllers/PlayersController.cs b/rest_service/Controllers/PlayersController.cs
index 6610c81..2aa79fb 100644
--- a/rest_service/Controllers/PlayersController.cs
+++ b/rest_service/Controllers/PlayersController.cs
@@ -1,4 +1,4 @@
-using System.Xml.Linq;
+using System.Xml.Linq;
 using Microsoft.AspNetCore.Mvc;
 using MongoDB.Bson;
 using MongoDB.Bson.Serialization;
@@ -47,23 +47,33 @@ public async Task<List<PlayerResponse>> GetPlayers([FromQuery] PlayerRequest pla
         if (!string.IsNullOrEmpty(playerRequest.Id))
             filter &= Builders<Player>.Filter.Eq("Id", playerRequest.Id);
 
+        // Projection to only include Name and Age fields
+        var projection = Builders<Player>.Projection
+                         .Exclude("Email");
+
         // If Name but no Location, then get Location from players_unique
         if (!string.IsNullOrEmpty(playerRequest.Name) && string.IsNullOrEmpty(playerRequest.Location))
         {
+
+            // Projection to only include Name and Age fields
+            var projectionUnique = Builders<PlayerUnique>.Projection
+                             .Exclude("Email");
+
             var playerUnique = _playersUniqueCollection
                 .Find(Builders<PlayerUnique>
                     .Filter.Eq(x => x.Name, playerRequest.Name))
+                .Project<PlayerUnique>(projectionUnique)
                 .FirstOrDefault<PlayerUnique>();
 
             if (playerUnique != null)
                 filter &= Builders<Player>.Filter.Eq(x => x.Location, playerUnique.Location);
         }
 
-        var players = await _playersCollection.FindAsync(filter, new FindOptions<Player,Player>() { Limit = 10 });
+        var players = await _playersCollection.FindAsync(filter, new FindOptions<Player, Player>() { Limit = 10, Projection = projection });
 
         var playersResponse =
             players.ToList().Select(player => new PlayerResponse(player)).ToList();
-            
+
         return playersResponse;
     }
 
@@ -156,7 +166,7 @@ public async Task<ActionResult<PlayerResponse>> CreatePlayer(PlayerRequest playe
             try
             {
                 await _playersCollection.InsertOneAsync(session, player);
-                
+
                 await _playersUniqueCollection.InsertOneAsync(session, playerUnique);
 
                 if (session.IsInTransaction)
@@ -205,7 +215,8 @@ public async Task<List<string>> PlayerAutoComplete([FromQuery] string Name)
             return arrMatches.GetElement("matches").Value.AsBsonArray
                              .Select(x => x.ToString())
                              .ToList();
-        } catch (Exception e)
+        }
+        catch (Exception e)
         {
             Logger.LogError("GetPlayerAutoComplete did not find matches");
             Logger.LogError(e.Message);
@@ -307,6 +318,11 @@ public async Task<List<PlayerResponse>> PlayerSearch([FromQuery] PlayerRequest p
                                         }
                                     }
                                 }
+                            }),
+                            new BsonDocument("$project", new BsonDocument
+                            {
+                                { "Email", 0 },
+
                             })
                         }
                     },

From 9ddd75eee8c28cdc078e896b695879e6a12f8c08 Mon Sep 17 00:00:00 2001
From: Carlos Castro <carlos.castro@mongodb.com>
Date: Wed, 31 Jul 2024 16:47:00 +0100
Subject: [PATCH 2/2] mask email instead of filtering it;

---
 rest_service/Controllers/PlayersController.cs | 17 +--------------
 .../Dtos/ResponseObjects/PlayerResponse.cs    | 21 ++++++++++++++++++-
 2 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/rest_service/Controllers/PlayersController.cs b/rest_service/Controllers/PlayersController.cs
index 2aa79fb..b94daec 100644
--- a/rest_service/Controllers/PlayersController.cs
+++ b/rest_service/Controllers/PlayersController.cs
@@ -47,29 +47,19 @@ public async Task<List<PlayerResponse>> GetPlayers([FromQuery] PlayerRequest pla
         if (!string.IsNullOrEmpty(playerRequest.Id))
             filter &= Builders<Player>.Filter.Eq("Id", playerRequest.Id);
 
-        // Projection to only include Name and Age fields
-        var projection = Builders<Player>.Projection
-                         .Exclude("Email");
-
         // If Name but no Location, then get Location from players_unique
         if (!string.IsNullOrEmpty(playerRequest.Name) && string.IsNullOrEmpty(playerRequest.Location))
         {
-
-            // Projection to only include Name and Age fields
-            var projectionUnique = Builders<PlayerUnique>.Projection
-                             .Exclude("Email");
-
             var playerUnique = _playersUniqueCollection
                 .Find(Builders<PlayerUnique>
                     .Filter.Eq(x => x.Name, playerRequest.Name))
-                .Project<PlayerUnique>(projectionUnique)
                 .FirstOrDefault<PlayerUnique>();
 
             if (playerUnique != null)
                 filter &= Builders<Player>.Filter.Eq(x => x.Location, playerUnique.Location);
         }
 
-        var players = await _playersCollection.FindAsync(filter, new FindOptions<Player, Player>() { Limit = 10, Projection = projection });
+        var players = await _playersCollection.FindAsync(filter, new FindOptions<Player, Player>() { Limit = 10 });
 
         var playersResponse =
             players.ToList().Select(player => new PlayerResponse(player)).ToList();
@@ -318,11 +308,6 @@ public async Task<List<PlayerResponse>> PlayerSearch([FromQuery] PlayerRequest p
                                         }
                                     }
                                 }
-                            }),
-                            new BsonDocument("$project", new BsonDocument
-                            {
-                                { "Email", 0 },
-
                             })
                         }
                     },
diff --git a/rest_service/Dtos/ResponseObjects/PlayerResponse.cs b/rest_service/Dtos/ResponseObjects/PlayerResponse.cs
index 1ec4a40..2de3d68 100644
--- a/rest_service/Dtos/ResponseObjects/PlayerResponse.cs
+++ b/rest_service/Dtos/ResponseObjects/PlayerResponse.cs
@@ -15,8 +15,27 @@ public PlayerResponse(Player player)
     {
         Id = player.Id.ToString();
         Name = player.Name;
-        Email = player.Email;
+        Email = MaskEmail(player.Email ?? string.Empty);
         Team = player.Team;
         Location = player.Location;
     }
+
+    public string MaskEmail(string email)
+    {
+        if (string.IsNullOrEmpty(email) || !email.Contains("@"))
+            return email;
+
+        string[] emailArr = email.Split('@');
+        string domainExt = Path.GetExtension(email);
+
+        string maskedEmail = string.Format("{0}****{1}@{2}****{3}{4}",
+            emailArr[0][0],
+            emailArr[0].Substring(emailArr[0].Length - 1),
+            emailArr[1][0],
+            emailArr[1].Substring(emailArr[1].Length - domainExt.Length - 1, 1),
+            domainExt
+            );
+
+        return maskedEmail;
+    }
 }
\ No newline at end of file