-var router = require("express").Router();
-var UserModel = require('../models/User');
-var sendEmail = require('../utils/mailer');
-var genToken = require("../utils/tokenGenerator");
-var access = require("../utils/access");
-var params = require("../config/parameters");
-var checkNameEmail = require("../data/userCheck")
+let router = require("express").Router();
+const UserModel = require('../models/User');
+const sendEmail = require('../utils/mailer');
+const genToken = require("../utils/tokenGenerator");
+const access = require("../utils/access");
+const params = require("../config/parameters");
+
+// NOTE: this method is safe because the sessionToken must be guessed
+router.get("/whoami", access.ajax, (req,res) => {
+ const callback = (user) => {
+ return res.json({
+ name: user.name,
+ email: user.email,
+ id: user.id,
+ notify: user.notify,
+ });
+ };
+ const anonymous = {name:"", email:"", id:0, notify:false};
+ if (!req.cookies.token)
+ return callback(anonymous);
+ UserModel.getOne("sessionToken", req.cookies.token, function(err, user) {
+ if (!!err || !user)
+ callback(anonymous);
+ else
+ callback(user);
+ });
+});
+
+// NOTE: this method is safe because only IDs and names are returned
+router.get("/users", access.ajax, (req,res) => {
+ const ids = req.query["ids"];
+ UserModel.getByIds(ids, (err,users) => {
+ if (!!err)
+ return res.json({errmsg: err.toString()});
+ return res.json({users:users});
+ });
+});