summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Friesel <derf@finalrewind.org>2023-01-21 08:36:25 +0100
committerDaniel Friesel <derf@finalrewind.org>2023-01-21 08:36:25 +0100
commit3e2491a9bc6579ccf017f0dbc2573b5ab4c75613 (patch)
treefe2e0af05dacc9b51aad3ceee7121471012d8cc4
parent72c50a7cc8fea6942a000d3f8f40bb31ee968ba3 (diff)
API documentation: do not perform database requests from template helpers
-rw-r--r--lib/Travelynx/Controller/Account.pm14
-rwxr-xr-xlib/Travelynx/Controller/Api.pm11
-rw-r--r--templates/account.html.ep2
-rw-r--r--templates/api_documentation.html.ep8
4 files changed, 24 insertions, 11 deletions
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm
index 4af1aa0..52850f7 100644
--- a/lib/Travelynx/Controller/Account.pm
+++ b/lib/Travelynx/Controller/Account.pm
@@ -389,7 +389,11 @@ sub verify {
sub delete {
my ($self) = @_;
if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
- $self->render( 'account', invalid => 'csrf' );
+ $self->render(
+ 'account',
+ api_token => $self->get_api_token,
+ invalid => 'csrf',
+ );
return;
}
@@ -401,7 +405,11 @@ sub delete {
)
)
{
- $self->render( 'account', invalid => 'deletion password' );
+ $self->render(
+ 'account',
+ api_token => $self->get_api_token,
+ invalid => 'deletion password'
+ );
return;
}
$self->users->flag_deletion( uid => $self->current_user->{id} );
@@ -943,7 +951,7 @@ sub confirm_mail {
sub account {
my ($self) = @_;
- $self->render('account');
+ $self->render( 'account', api_token => $self->get_api_token );
$self->users->mark_seen( uid => $self->current_user->{id} );
}
diff --git a/lib/Travelynx/Controller/Api.pm b/lib/Travelynx/Controller/Api.pm
index 8c47e9f..856c477 100755
--- a/lib/Travelynx/Controller/Api.pm
+++ b/lib/Travelynx/Controller/Api.pm
@@ -34,7 +34,16 @@ sub sanitize {
sub documentation {
my ($self) = @_;
- $self->render('api_documentation');
+ if ( $self->is_user_authenticated ) {
+ $self->render(
+ 'api_documentation',
+ uid => $self->current_user->{id},
+ api_token => $self->get_api_token,
+ );
+ }
+ else {
+ $self->render('api_documentation');
+ }
}
sub get_v1 {
diff --git a/templates/account.html.ep b/templates/account.html.ep
index 418291c..9c5d88e 100644
--- a/templates/account.html.ep
+++ b/templates/account.html.ep
@@ -177,7 +177,7 @@
</div>
</div>
-% my $token = get_api_token();
+% my $token = stash('api_token') // {};
<div class="row">
<div class="col s12">
<h2>API</h2>
diff --git a/templates/api_documentation.html.ep b/templates/api_documentation.html.ep
index 55cd54a..c9125a2 100644
--- a/templates/api_documentation.html.ep
+++ b/templates/api_documentation.html.ep
@@ -1,10 +1,6 @@
% my $api_root = $self->url_for('/api/v1')->to_abs->scheme('https');
-% my $token = {};
-% my $uid;
-% if (is_user_authenticated()) {
- % $uid = current_user()->{id};
- % $token = get_api_token();
-% }
+% my $token = stash('api_token') // {};
+% my $uid = stash('uid') // q{};
<h1>API</h1>