From b9a935cf545db36d714b44fdea96f448de67271e Mon Sep 17 00:00:00 2001 From: lonkaars Date: Fri, 16 Apr 2021 11:37:52 +0200 Subject: all login_token()'s removed in favor of @auth_required() --- api/user/avatar.py | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) (limited to 'api/user/avatar.py') diff --git a/api/user/avatar.py b/api/user/avatar.py index eebe52b..f55db4a 100644 --- a/api/user/avatar.py +++ b/api/user/avatar.py @@ -1,6 +1,5 @@ from flask import Blueprint, request, Response from db import cursor -from auth.login_token import token_login from hierarchy import auth_required from os.path import exists from codecs import decode @@ -12,11 +11,9 @@ avatar = Blueprint('avatar', __name__) @avatar.route('/avatar', methods=["GET"]) -def get_avatar(): - token = request.cookies.get("token") or "" - login = token_login(token) or "" - - user_id = request.args.get("id") or login +@auth_required("none") +def get_avatar(token_id): + user_id = request.args.get("id") or token_id if not user_id: return "", 400 if not valid.user_id(user_id): return "", 403 @@ -27,15 +24,14 @@ def get_avatar(): return Response(avatar or default_avatar, 200, mimetype="image/png") -@avatar.route( - '/avatar', methods=["POST"] -) #TODO: pillow image size validation (client side resize) +#TODO: pillow image size validation (client side resize) +@avatar.route('/avatar', methods=["POST"]) @auth_required("user") -def update_avatar(login): +def update_avatar(user_id): if not request.data: return "", 400 - open(f"database/avatars/{login}.png", - "wb").write(decode(request.data, "base64")) + open(f"database/avatars/{user_id}.png", "wb") \ + .write(decode(request.data, "base64")) return "", 200 -- cgit v1.2.3