diff options
author | Daniel Friesel <derf@finalrewind.org> | 2023-01-21 08:36:25 +0100 |
---|---|---|
committer | Daniel Friesel <derf@finalrewind.org> | 2023-01-21 08:36:25 +0100 |
commit | 3e2491a9bc6579ccf017f0dbc2573b5ab4c75613 (patch) | |
tree | fe2e0af05dacc9b51aad3ceee7121471012d8cc4 | |
parent | 72c50a7cc8fea6942a000d3f8f40bb31ee968ba3 (diff) |
API documentation: do not perform database requests from template helpers
-rw-r--r-- | lib/Travelynx/Controller/Account.pm | 14 | ||||
-rwxr-xr-x | lib/Travelynx/Controller/Api.pm | 11 | ||||
-rw-r--r-- | templates/account.html.ep | 2 | ||||
-rw-r--r-- | templates/api_documentation.html.ep | 8 |
4 files changed, 24 insertions, 11 deletions
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm index 4af1aa0..52850f7 100644 --- a/lib/Travelynx/Controller/Account.pm +++ b/lib/Travelynx/Controller/Account.pm @@ -389,7 +389,11 @@ sub verify { sub delete { my ($self) = @_; if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( 'account', invalid => 'csrf' ); + $self->render( + 'account', + api_token => $self->get_api_token, + invalid => 'csrf', + ); return; } @@ -401,7 +405,11 @@ sub delete { ) ) { - $self->render( 'account', invalid => 'deletion password' ); + $self->render( + 'account', + api_token => $self->get_api_token, + invalid => 'deletion password' + ); return; } $self->users->flag_deletion( uid => $self->current_user->{id} ); @@ -943,7 +951,7 @@ sub confirm_mail { sub account { my ($self) = @_; - $self->render('account'); + $self->render( 'account', api_token => $self->get_api_token ); $self->users->mark_seen( uid => $self->current_user->{id} ); } diff --git a/lib/Travelynx/Controller/Api.pm b/lib/Travelynx/Controller/Api.pm index 8c47e9f..856c477 100755 --- a/lib/Travelynx/Controller/Api.pm +++ b/lib/Travelynx/Controller/Api.pm @@ -34,7 +34,16 @@ sub sanitize { sub documentation { my ($self) = @_; - $self->render('api_documentation'); + if ( $self->is_user_authenticated ) { + $self->render( + 'api_documentation', + uid => $self->current_user->{id}, + api_token => $self->get_api_token, + ); + } + else { + $self->render('api_documentation'); + } } sub get_v1 { diff --git a/templates/account.html.ep b/templates/account.html.ep index 418291c..9c5d88e 100644 --- a/templates/account.html.ep +++ b/templates/account.html.ep @@ -177,7 +177,7 @@ </div> </div> -% my $token = get_api_token(); +% my $token = stash('api_token') // {}; <div class="row"> <div class="col s12"> <h2>API</h2> diff --git a/templates/api_documentation.html.ep b/templates/api_documentation.html.ep index 55cd54a..c9125a2 100644 --- a/templates/api_documentation.html.ep +++ b/templates/api_documentation.html.ep @@ -1,10 +1,6 @@ % my $api_root = $self->url_for('/api/v1')->to_abs->scheme('https'); -% my $token = {}; -% my $uid; -% if (is_user_authenticated()) { - % $uid = current_user()->{id}; - % $token = get_api_token(); -% } +% my $token = stash('api_token') // {}; +% my $uid = stash('uid') // q{}; <h1>API</h1> |