diff options
author | lonkaars <l.leblansch@gmail.com> | 2021-03-28 12:19:28 +0200 |
---|---|---|
committer | lonkaars <l.leblansch@gmail.com> | 2021-03-28 12:19:28 +0200 |
commit | 2f4536d6b08b69168ebf3e718cbd8e3002b9af5a (patch) | |
tree | 5307692fb341d7f924ee9b73f3751e7e56cfb192 /api/user/avatar.py | |
parent | 1f897d3f5ad11178cf4776ae4070c9d3e832f5f3 (diff) |
added comments
Diffstat (limited to 'api/user/avatar.py')
-rw-r--r-- | api/user/avatar.py | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/api/user/avatar.py b/api/user/avatar.py index d3c86b8..b4edeed 100644 --- a/api/user/avatar.py +++ b/api/user/avatar.py @@ -2,6 +2,7 @@ from flask import Blueprint, request, Response from db import cursor from auth.login_token import token_login from user.info import valid_user_id +from hierarchy import auth_required from os.path import exists from codecs import decode @@ -25,14 +26,10 @@ def get_avatar(): return Response(avatar or default_avatar, 200, mimetype="image/png") @avatar.route('/avatar', methods = ["POST"]) #TODO: pillow image size validation (client side resize) -def update_avatar(): - token = request.cookies.get("token") or "" - if not token: return "", 401 +@auth_required("user") +def update_avatar(login): if not request.data: return "", 400 - login = token_login(token) or "" - if not login: return "", 403 - open(f"database/avatars/{login}.png", "wb").write(decode(request.data, "base64")) return "", 200 |