fix(telemetry): remove sensitive data exposure (#1557)

Co-authored-by: Julian Arce <[email protected]>

Author: avilagaston9

telemetry_api/lib/telemetry_api_web/controllers/operator_controller.ex

@@ -34,4 +34,15 @@ defmodule TelemetryApiWeb.OperatorController do
       render(conn, :show, operator: operator)
     end
   end
+
+  def index_public(conn, _params) do
+    operators = Operators.list_operators()
+    render(conn, :index_public, operators: operators)
+  end
+
+  def show_public(conn, %{"id" => address}) do
+    with {:ok, %Operator{} = operator} <- Operators.get_operator(%{address: address}) do
+      render(conn, :show_public, operator: operator)
+    end
+  end
 end

telemetry_api/lib/telemetry_api_web/controllers/operator_json.ex

@@ -29,4 +29,28 @@ defmodule TelemetryApiWeb.OperatorJSON do
       eth_ws_url_fallback: operator.eth_ws_url_fallback
     }
   end
+
+  @doc """
+  Renders a list of operators with only public data.
+  """
+  def index_public(%{operators: operators}) do
+    for(operator <- operators, do: data_public(operator))
+  end
+
+  @doc """
+  Renders a single operator with only public data.
+  """
+  def show_public(%{operator: operator}) do
+    data_public(operator)
+  end
+
+  defp data_public(%Operator{} = operator) do
+    %{
+      address: operator.address,
+      id: operator.id,
+      stake: operator.stake,
+      name: operator.name,
+      version: operator.version
+    }
+  end
 end

telemetry_api/lib/telemetry_api_web/router.ex

@@ -29,8 +29,8 @@ defmodule TelemetryApiWeb.Router do
   scope "/versions", TelemetryApiWeb do
     pipe_through :api
 
-    get "/", OperatorController, :index
-    get "/:id", OperatorController, :show
+    get "/", OperatorController, :index_public
+    get "/:id", OperatorController, :show_public
     post "/", OperatorController, :create_or_update
   end