API documentation: do not perform database requests from template helpers

author: Daniel Friesel <derf@finalrewind.org> 2023-01-21 08:36:25 +0100
committer: Daniel Friesel <derf@finalrewind.org> 2023-01-21 08:36:25 +0100
commit: 3e2491a9bc6579ccf017f0dbc2573b5ab4c75613 (patch)
tree: fe2e0af05dacc9b51aad3ceee7121471012d8cc4
parent: 72c50a7cc8fea6942a000d3f8f40bb31ee968ba3 (diff)
4 files changed, 24 insertions, 11 deletions
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm
index 4af1aa0..52850f7 100644
--- a/lib/Travelynx/Controller/Account.pm
+++ b/lib/Travelynx/Controller/Account.pm
@@ -389,7 +389,11 @@ sub verify {
 sub delete {
 	my ($self) = @_;
 	if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
-		$self->render( 'account', invalid => 'csrf' );
+		$self->render(
+			'account',
+			api_token => $self->get_api_token,
+			invalid   => 'csrf',
+		);
 		return;
 	}
 
@@ -401,7 +405,11 @@ sub delete {
 			)
 		  )
 		{
-			$self->render( 'account', invalid => 'deletion password' );
+			$self->render(
+				'account',
+				api_token => $self->get_api_token,
+				invalid   => 'deletion password'
+			);
 			return;
 		}
 		$self->users->flag_deletion( uid => $self->current_user->{id} );
@@ -943,7 +951,7 @@ sub confirm_mail {
 sub account {
 	my ($self) = @_;
 
-	$self->render('account');
+	$self->render( 'account', api_token => $self->get_api_token );
 	$self->users->mark_seen( uid => $self->current_user->{id} );
 }
 
diff --git a/lib/Travelynx/Controller/Api.pm b/lib/Travelynx/Controller/Api.pm
index 8c47e9f..856c477 100755
--- a/lib/Travelynx/Controller/Api.pm
+++ b/lib/Travelynx/Controller/Api.pm
@@ -34,7 +34,16 @@ sub sanitize {
 sub documentation {
 	my ($self) = @_;
 
-	$self->render('api_documentation');
+	if ( $self->is_user_authenticated ) {
+		$self->render(
+			'api_documentation',
+			uid       => $self->current_user->{id},
+			api_token => $self->get_api_token,
+		);
+	}
+	else {
+		$self->render('api_documentation');
+	}
 }
 
 sub get_v1 {
diff --git a/templates/account.html.ep b/templates/account.html.ep
index 418291c..9c5d88e 100644
--- a/templates/account.html.ep
+++ b/templates/account.html.ep
@@ -177,7 +177,7 @@
 	</div>
 </div>
 
-% my $token = get_api_token();
+% my $token = stash('api_token') // {};
 <div class="row">
 	<div class="col s12">
 		<h2>API</h2>
diff --git a/templates/api_documentation.html.ep b/templates/api_documentation.html.ep
index 55cd54a..c9125a2 100644
--- a/templates/api_documentation.html.ep
+++ b/templates/api_documentation.html.ep
@@ -1,10 +1,6 @@
 % my $api_root = $self->url_for('/api/v1')->to_abs->scheme('https');
-% my $token = {};
-% my $uid;
-% if (is_user_authenticated()) {
-	% $uid = current_user()->{id};
-	% $token = get_api_token();
-% }
+% my $token = stash('api_token') // {};
+% my $uid = stash('uid') // q{};
 
 <h1>API</h1>
author	Daniel Friesel <derf@finalrewind.org>	2023-01-21 08:36:25 +0100
committer	Daniel Friesel <derf@finalrewind.org>	2023-01-21 08:36:25 +0100
commit	3e2491a9bc6579ccf017f0dbc2573b5ab4c75613 (patch)
tree	fe2e0af05dacc9b51aad3ceee7121471012d8cc4
parent	72c50a7cc8fea6942a000d3f8f40bb31ee968ba3 (diff)