aboutsummaryrefslogtreecommitdiff
path: root/api/user/avatar.py
diff options
context:
space:
mode:
authorlonkaars <l.leblansch@gmail.com>2021-03-28 12:19:28 +0200
committerlonkaars <l.leblansch@gmail.com>2021-03-28 12:19:28 +0200
commit2f4536d6b08b69168ebf3e718cbd8e3002b9af5a (patch)
tree5307692fb341d7f924ee9b73f3751e7e56cfb192 /api/user/avatar.py
parent1f897d3f5ad11178cf4776ae4070c9d3e832f5f3 (diff)
added comments
Diffstat (limited to 'api/user/avatar.py')
-rw-r--r--api/user/avatar.py9
1 files changed, 3 insertions, 6 deletions
diff --git a/api/user/avatar.py b/api/user/avatar.py
index d3c86b8..b4edeed 100644
--- a/api/user/avatar.py
+++ b/api/user/avatar.py
@@ -2,6 +2,7 @@ from flask import Blueprint, request, Response
from db import cursor
from auth.login_token import token_login
from user.info import valid_user_id
+from hierarchy import auth_required
from os.path import exists
from codecs import decode
@@ -25,14 +26,10 @@ def get_avatar():
return Response(avatar or default_avatar, 200, mimetype="image/png")
@avatar.route('/avatar', methods = ["POST"]) #TODO: pillow image size validation (client side resize)
-def update_avatar():
- token = request.cookies.get("token") or ""
- if not token: return "", 401
+@auth_required("user")
+def update_avatar(login):
if not request.data: return "", 400
- login = token_login(token) or ""
- if not login: return "", 403
-
open(f"database/avatars/{login}.png", "wb").write(decode(request.data, "base64"))
return "", 200