diff options
author | Daniel Friesel <derf@finalrewind.org> | 2023-01-21 08:36:25 +0100 |
---|---|---|
committer | Daniel Friesel <derf@finalrewind.org> | 2023-01-21 08:36:25 +0100 |
commit | 3e2491a9bc6579ccf017f0dbc2573b5ab4c75613 (patch) | |
tree | fe2e0af05dacc9b51aad3ceee7121471012d8cc4 /lib/Travelynx | |
parent | 72c50a7cc8fea6942a000d3f8f40bb31ee968ba3 (diff) |
API documentation: do not perform database requests from template helpers
Diffstat (limited to 'lib/Travelynx')
-rw-r--r-- | lib/Travelynx/Controller/Account.pm | 14 | ||||
-rwxr-xr-x | lib/Travelynx/Controller/Api.pm | 11 |
2 files changed, 21 insertions, 4 deletions
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm index 4af1aa0..52850f7 100644 --- a/lib/Travelynx/Controller/Account.pm +++ b/lib/Travelynx/Controller/Account.pm @@ -389,7 +389,11 @@ sub verify { sub delete { my ($self) = @_; if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( 'account', invalid => 'csrf' ); + $self->render( + 'account', + api_token => $self->get_api_token, + invalid => 'csrf', + ); return; } @@ -401,7 +405,11 @@ sub delete { ) ) { - $self->render( 'account', invalid => 'deletion password' ); + $self->render( + 'account', + api_token => $self->get_api_token, + invalid => 'deletion password' + ); return; } $self->users->flag_deletion( uid => $self->current_user->{id} ); @@ -943,7 +951,7 @@ sub confirm_mail { sub account { my ($self) = @_; - $self->render('account'); + $self->render( 'account', api_token => $self->get_api_token ); $self->users->mark_seen( uid => $self->current_user->{id} ); } diff --git a/lib/Travelynx/Controller/Api.pm b/lib/Travelynx/Controller/Api.pm index 8c47e9f..856c477 100755 --- a/lib/Travelynx/Controller/Api.pm +++ b/lib/Travelynx/Controller/Api.pm @@ -34,7 +34,16 @@ sub sanitize { sub documentation { my ($self) = @_; - $self->render('api_documentation'); + if ( $self->is_user_authenticated ) { + $self->render( + 'api_documentation', + uid => $self->current_user->{id}, + api_token => $self->get_api_token, + ); + } + else { + $self->render('api_documentation'); + } } sub get_v1 { |