API documentation: do not perform database requests from template helpers

This commit is contained in:
Daniel Friesel 2023-01-21 08:36:25 +01:00
parent 72c50a7cc8
commit 3e2491a9bc
No known key found for this signature in database
GPG key ID: 100D5BFB5166E005
4 changed files with 24 additions and 11 deletions

View file

@ -389,7 +389,11 @@ sub verify {
sub delete { sub delete {
my ($self) = @_; my ($self) = @_;
if ( $self->validation->csrf_protect->has_error('csrf_token') ) { if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
$self->render( 'account', invalid => 'csrf' ); $self->render(
'account',
api_token => $self->get_api_token,
invalid => 'csrf',
);
return; return;
} }
@ -401,7 +405,11 @@ sub delete {
) )
) )
{ {
$self->render( 'account', invalid => 'deletion password' ); $self->render(
'account',
api_token => $self->get_api_token,
invalid => 'deletion password'
);
return; return;
} }
$self->users->flag_deletion( uid => $self->current_user->{id} ); $self->users->flag_deletion( uid => $self->current_user->{id} );
@ -943,7 +951,7 @@ sub confirm_mail {
sub account { sub account {
my ($self) = @_; my ($self) = @_;
$self->render('account'); $self->render( 'account', api_token => $self->get_api_token );
$self->users->mark_seen( uid => $self->current_user->{id} ); $self->users->mark_seen( uid => $self->current_user->{id} );
} }

View file

@ -34,7 +34,16 @@ sub sanitize {
sub documentation { sub documentation {
my ($self) = @_; my ($self) = @_;
$self->render('api_documentation'); if ( $self->is_user_authenticated ) {
$self->render(
'api_documentation',
uid => $self->current_user->{id},
api_token => $self->get_api_token,
);
}
else {
$self->render('api_documentation');
}
} }
sub get_v1 { sub get_v1 {

View file

@ -177,7 +177,7 @@
</div> </div>
</div> </div>
% my $token = get_api_token(); % my $token = stash('api_token') // {};
<div class="row"> <div class="row">
<div class="col s12"> <div class="col s12">
<h2>API</h2> <h2>API</h2>

View file

@ -1,10 +1,6 @@
% my $api_root = $self->url_for('/api/v1')->to_abs->scheme('https'); % my $api_root = $self->url_for('/api/v1')->to_abs->scheme('https');
% my $token = {}; % my $token = stash('api_token') // {};
% my $uid; % my $uid = stash('uid') // q{};
% if (is_user_authenticated()) {
% $uid = current_user()->{id};
% $token = get_api_token();
% }
<h1>API</h1> <h1>API</h1>