const genToken = require("../utils/tokenGenerator");
const access = require("../utils/access");
const params = require("../config/parameters");
+const sanitizeHtml = require('sanitize-html');
+
+router.get("/userbio", access.ajax, (req,res) => {
+ const uid = req.query["id"];
+ if (!!(uid.toString().match(/^[0-9]+$/))) {
+ UserModel.getBio(uid, (err, bio) => {
+ res.json(bio);
+ });
+ }
+});
+
+router.put('/userbio', access.logged, access.ajax, (req,res) => {
+ const bio = sanitizeHtml(req.body.bio);
+ UserModel.setBio(req.userId, bio);
+ res.json({});
+});
router.post('/register', access.unlogged, access.ajax, (req,res) => {
const name = req.body.name;
name: user.name,
email: user.email,
id: user.id,
- notify: user.notify,
- newsRead: user.newsRead
+ notify: user.notify
});
};
const anonymous = {
name: "",
email: "",
id: 0,
- notify: false,
- newsRead: 0
+ notify: false
};
if (!req.cookies.token) callback(anonymous);
else if (req.cookies.token.match(/^[a-z0-9]+$/)) {
const ids = req.query["ids"];
// NOTE: slightly too permissive RegExp
if (ids.match(/^([0-9]+,?)+$/)) {
- UserModel.getByIds(ids, (err,users) => {
- res.json({users:users});
+ UserModel.getByIds(ids, (err, users) => {
+ res.json({ users:users });
});
}
});
}
});
-// Special route to update newsRead timestamp:
-router.put('/newsread', access.logged, access.ajax, (req,res) => {
- UserModel.setNewsRead(req.userId);
- res.json({});
-});
-
// Authentication-related methods:
// to: object user (to who we send an email)
projects / vchess.git / blobdiff