mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-22 17:56:30 -05:00
69aed93282
To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
43 lines
1.1 KiB
JavaScript
43 lines
1.1 KiB
JavaScript
'use strict'
|
|
|
|
const Router = require('express').Router
|
|
|
|
const response = require('../response')
|
|
const models = require('../models')
|
|
const logger = require('../logger')
|
|
const {generateAvatar} = require('../letter-avatars')
|
|
|
|
const UserRouter = module.exports = Router()
|
|
|
|
// get me info
|
|
UserRouter.get('/me', function (req, res) {
|
|
if (req.isAuthenticated()) {
|
|
models.User.findOne({
|
|
where: {
|
|
id: req.user.id
|
|
}
|
|
}).then(function (user) {
|
|
if (!user) { return response.errorNotFound(res) }
|
|
var profile = models.User.getProfile(user)
|
|
res.send({
|
|
status: 'ok',
|
|
id: req.user.id,
|
|
name: profile.name,
|
|
photo: profile.photo
|
|
})
|
|
}).catch(function (err) {
|
|
logger.error('read me failed: ' + err)
|
|
return response.errorInternalError(res)
|
|
})
|
|
} else {
|
|
res.send({
|
|
status: 'forbidden'
|
|
})
|
|
}
|
|
})
|
|
|
|
UserRouter.get('/user/:username/avatar.svg', function (req, res, next) {
|
|
res.setHeader('Content-Type', 'image/svg+xml')
|
|
res.setHeader('Cache-Control', 'public, max-age=86400')
|
|
res.send(generateAvatar(req.params.username))
|
|
})
|