});
// NOTE: this method is safe because the sessionToken must be guessed
-router.get("/whoami", (req,res) => {
+router.get("/whoami", access.ajax, (req,res) => {
const callback = (user) => {
res.json({
name: user.name,
}
});
+// Special route to update newsRead timestamp:
+router.put('/newsread', access.logged, access.ajax, (req,res) => {
+ UserModel.setNewsRead(req.userId);
+ res.json({});
+});
+
// Authentication-related methods:
// to: object user (to who we send an email)
const token = genToken(params.token.length);
UserModel.setLoginToken(token, to.id);
const body =
- "Hello " + to.name + "!" + `
+ "Hello " + to.name + " !" + `
` +
"Access your account here: " +
params.siteURL + "/#/authenticate/" + token + `