Strip security information from user documents

[kennsippell]

medic/cht-couch2pg#137

[mrjones-plip]

Awesome work!

Approving to unblock, but have a light suggestion for readability and parallel structure against existing code.

Deferring to @garethbowen on this point: I would really want to test this important change, but do not have time this week. I should likely have time next week and am happy to do it then.

[mrjones-plip]

I lightly would suggest parallel structure to our sanitise() call. That'd be add a function, maybe removePasswordHash() or something, that we'd call here instead of doing the declaration of isUserDoc and the delete inline within the map() call.

The main reason is that derived_key doesn't pop out why you'd delete it, but removePasswordHash makes a lot sense to be here!

[garethbowen]

In addition it's better not to define a function in a loop. Depending on the compiler it's bad for performance, but if nothing else it makes reuse somewhere else harder.

Furthermore this is a complicated line to put as an argument to a function - better to create a new variable called docs to store the map result and then invoke the format function.

// at the top of the file
      const isUserDoc = doc => doc && doc.type === 'user' && doc._id.startsWith('org.couchdb.user:');

// inline here 
      const docs = couchDbResult.rows.map(row => {
        if (isUserDoc(row.doc)) {
          delete row.doc.password_scheme;
          delete row.doc.derived_key;
          delete row.doc.salt;
        }
        return [row.doc];
      });
      var insertSql = format(INSERT_DOC_STMT, postgresTable, docs);

[kennsippell]

Thanks guys. I believe I addressed all feedback here. I'm not quite 100% sure... sorry if I missed something.
Defs more readable now.

[garethbowen]

Approved so as not to block - readability suggestion inline.

[mrjones-plip]

Thanks @kennsippell - end result looks good!