codimd/lib/web/userRouter.js

'use strict'

const Router = require('express').Router

const response = require('../response')
const models = require('../models')
const logger = require('../logger')
const {generateAvatar} = require('../letter-avatars')

const UserRouter = module.exports = Router()

// get me info
UserRouter.get('/me', function (req, res) {
  if (req.isAuthenticated()) {
    models.User.findOne({
      where: {
        id: req.user.id
      }
    }).then(function (user) {
      if (!user) { return response.errorNotFound(res) }
      var profile = models.User.getProfile(user)
      res.send({
        status: 'ok',
        id: req.user.id,
        name: profile.name,
        photo: profile.photo
      })
    }).catch(function (err) {
      logger.error('read me failed: ' + err)
      return response.errorInternalError(res)
    })
  } else {
    res.send({
      status: 'forbidden'
    })
  }
})

UserRouter.get('/user/:username/avatar.svg', function (req, res, next) {
  res.setHeader('Content-Type', 'image/svg+xml')
  res.setHeader('Cache-Control', 'public, max-age=86400')
  res.send(generateAvatar(req.params.username))
})
refactor(app.js): Extract /me page 2017-04-11 21:55:36 +00:00			`'use strict'`

			`const Router = require('express').Router`

			`const response = require('../response')`
			`const models = require('../models')`
			`const logger = require('../logger')`
Move letter-avatars into own request To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2018-04-12 11:14:42 +00:00			`const {generateAvatar} = require('../letter-avatars')`
refactor(app.js): Extract /me page 2017-04-11 21:55:36 +00:00
			`const UserRouter = module.exports = Router()`

			`// get me info`
			`UserRouter.get('/me', function (req, res) {`
			`if (req.isAuthenticated()) {`
			`models.User.findOne({`
			`where: {`
			`id: req.user.id`
			`}`
			`}).then(function (user) {`
			`if (!user) { return response.errorNotFound(res) }`
			`var profile = models.User.getProfile(user)`
			`res.send({`
			`status: 'ok',`
			`id: req.user.id,`
			`name: profile.name,`
			`photo: profile.photo`
			`})`
			`}).catch(function (err) {`
			`logger.error('read me failed: ' + err)`
			`return response.errorInternalError(res)`
			`})`
			`} else {`
			`res.send({`
			`status: 'forbidden'`
			`})`
			`}`
			`})`
Move letter-avatars into own request To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 2018-04-12 11:14:42 +00:00
			`UserRouter.get('/user/:username/avatar.svg', function (req, res, next) {`
			`res.setHeader('Content-Type', 'image/svg+xml')`
			`res.setHeader('Cache-Control', 'public, max-age=86400')`
			`res.send(generateAvatar(req.params.username))`
			`})`