var access = require("../utils/access");
var params = require("../config/parameters");
+// NOTE: this method is safe because the sessionToken must be guessed
router.get("/whoami", access.ajax, (req,res) => {
const callback = (user) => {
return res.json({
});
});
+// NOTE: this method is safe because only IDs and names are returned
router.get("/users", access.ajax, (req,res) => {
const ids = req.query["ids"];
UserModel.getByIds(ids, (err,users) => {