aboutsummaryrefslogtreecommitdiff
path: root/api/user
diff options
context:
space:
mode:
authorlonkaars <l.leblansch@gmail.com>2021-04-16 11:37:52 +0200
committerlonkaars <l.leblansch@gmail.com>2021-04-16 11:37:52 +0200
commitb9a935cf545db36d714b44fdea96f448de67271e (patch)
treea615e2a569a76c42f28f0f70b572be306b07c6c5 /api/user
parent433fbdac908ca600cf8ecc254c5a4bc17dca3477 (diff)
all login_token()'s removed in favor of @auth_required()
Diffstat (limited to 'api/user')
-rw-r--r--api/user/avatar.py20
1 files changed, 8 insertions, 12 deletions
diff --git a/api/user/avatar.py b/api/user/avatar.py
index eebe52b..f55db4a 100644
--- a/api/user/avatar.py
+++ b/api/user/avatar.py
@@ -1,6 +1,5 @@
from flask import Blueprint, request, Response
from db import cursor
-from auth.login_token import token_login
from hierarchy import auth_required
from os.path import exists
from codecs import decode
@@ -12,11 +11,9 @@ avatar = Blueprint('avatar', __name__)
@avatar.route('/avatar', methods=["GET"])
-def get_avatar():
- token = request.cookies.get("token") or ""
- login = token_login(token) or ""
-
- user_id = request.args.get("id") or login
+@auth_required("none")
+def get_avatar(token_id):
+ user_id = request.args.get("id") or token_id
if not user_id: return "", 400
if not valid.user_id(user_id): return "", 403
@@ -27,15 +24,14 @@ def get_avatar():
return Response(avatar or default_avatar, 200, mimetype="image/png")
-@avatar.route(
- '/avatar', methods=["POST"]
-) #TODO: pillow image size validation (client side resize)
+#TODO: pillow image size validation (client side resize)
+@avatar.route('/avatar', methods=["POST"])
@auth_required("user")
-def update_avatar(login):
+def update_avatar(user_id):
if not request.data: return "", 400
- open(f"database/avatars/{login}.png",
- "wb").write(decode(request.data, "base64"))
+ open(f"database/avatars/{user_id}.png", "wb") \
+ .write(decode(request.data, "base64"))
return "", 200