5 files changed, 17 insertions, 9 deletions

diff --git a/api/user/avatar.py b/api/user/avatar.py
index d3c86b8..b4edeed 100644
--- a/api/user/avatar.py
+++ b/api/user/avatar.py
@@ -2,6 +2,7 @@ from flask import Blueprint, request, Response
 from db import cursor
 from auth.login_token import token_login
 from user.info import valid_user_id
+from hierarchy import auth_required
 from os.path import exists
 from codecs import decode
 
@@ -25,14 +26,10 @@ def get_avatar():
     return Response(avatar or default_avatar, 200, mimetype="image/png")
 
 @avatar.route('/avatar', methods = ["POST"]) #TODO: pillow image size validation (client side resize)
-def update_avatar():
-    token = request.cookies.get("token") or ""
-    if not token: return "", 401
+@auth_required("user")
+def update_avatar(login):
     if not request.data: return "", 400
 
-    login = token_login(token) or ""
-    if not login: return "", 403
-
     open(f"database/avatars/{login}.png", "wb").write(decode(request.data, "base64"))
 
     return "", 200
diff --git a/api/user/games.py b/api/user/games.py
index 6072afa..3936566 100644
--- a/api/user/games.py
+++ b/api/user/games.py
@@ -8,6 +8,7 @@ from ruleset import resolve_ruleset
 from game.info import format_game
 import json
 
+# get total game outcome amount for user
 def sum_games(user_id): #! SANITIZE USER_ID FIRST
     wld_querys = [' '.join([
         "select count(game_id)",
@@ -28,6 +29,7 @@ def sum_games(user_id): #! SANITIZE USER_ID FIRST
 
     results = cursor.execute(big_query).fetchone()
 
+    # win and lose are calculated from user_id's perspective (player_1_id, player_2_id in db)
     return {
             "draw": results[0],
             "win": results[1] + results[4],
@@ -35,6 +37,7 @@ def sum_games(user_id): #! SANITIZE USER_ID FIRST
             "games": reduce(lambda a, b: a + b, results)
     }
 
+# get `count` games that `user_id` participated in, sorted by newest game
 def fetch_games(user_id, count):
     game_ids = cursor.execute("select game_id from games where player_1_id = ? or player_2_id = ? order by created desc", [user_id, user_id]).fetchmany(count)
     export = []
diff --git a/api/user/info.py b/api/user/info.py
index 9a48f4d..be48ef1 100644
--- a/api/user/info.py
+++ b/api/user/info.py
@@ -4,10 +4,12 @@ from auth.login_token import token_login
 from rating import get_rating
 import json
 
+# check if user_id exists in database
 def valid_user_id(user_id):
     query = cursor.execute("select user_id from users where user_id = ?", [user_id]).fetchone()
     return bool(query)
 
+# get relation to user_2_id from user_1_id's perspective
 def get_relation_to(user_1_id, user_2_id):
     relation = cursor.execute("select * from social where " + \
             "(user_1_id = ? and user_2_id = ?) or " + \
@@ -19,10 +21,12 @@ def get_relation_to(user_1_id, user_2_id):
     if relation[2] == "block" and relation[0] == user_1_id: return "blocked"
     return "none"
 
+# get users friend count
 def count_friends(user_id):
     query = cursor.execute("select type from social where (user_1_id = ? or user_2_id = ?) and type = \"friendship\"", [user_id, user_id]).fetchall()
-    return len(query)
+    return len(query) #FIXME: use SQL count() instead of python's len()
 
+# get user/info of `user_id` as `viewer` (id)
 def format_user(user_id, viewer = ''):
     user = cursor.execute("select " + ", ".join([
         "username",
@@ -38,14 +42,17 @@ def format_user(user_id, viewer = ''):
         "registered": user[3],
         "status": user[4],
         "friends": count_friends(user_id),
-        "rating": get_rating(user_id),
+        "rating": get_rating(user_id), #TODO: calculate rating based on game analysis
     }
     if viewer:
+        #FIXME: validate viewer id?
         formatted_user["relation"] = get_relation_to(viewer, user_id)
     return formatted_user
 
 info = Blueprint('info', __name__)
 
+# view own user/info if no user_id or username is provided and is logged in,
+# else view user/info of user with user_id = `user_id` or username = `username`
 @info.route('/info', methods = ['GET', 'POST'])
 def index():
     data_string = request.data or "{}"
@@ -75,7 +82,6 @@ def index():
     if user_id and not valid_user_id(user_id): return "", 403
     user = format_user(user_id, viewer)
 
-    #TODO: rating uitrekenen zodra er game functionaliteit is
     return user, 200
 
 dynamic_route = ["/user", info]
diff --git a/api/user/password.py b/api/user/password.py
index 672eda4..0c1cb70 100644
--- a/api/user/password.py
+++ b/api/user/password.py
@@ -3,6 +3,7 @@ from db import cursor
 
 password = Blueprint('password', __name__)
 
+# this endpoint is unfinished
 @password.route('/password')
 def index():
     data = request.get_json()
diff --git a/api/user/preferences.py b/api/user/preferences.py
index 9791bfe..d4e27c9 100644
--- a/api/user/preferences.py
+++ b/api/user/preferences.py
@@ -4,6 +4,7 @@ from ruleset import resolve_ruleset
 from hierarchy import auth_required
 import json
 
+# fill missing dict keys in preferences object
 def format_preferences(prefs):
     return {
             "darkMode": prefs.get("darkMode") or False,