NodeBB-S24-R3/src/routes/api.js at 7343ab417fadc407da45cac626a5058e57c97a44 · CMU-313/NodeBB-S24-R3 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
'use strict';

const db = require.main.require('./src/database');
const express = require('express');
const winston = require('winston');

const uploadsController = require('../controllers/uploads');
const helpers = require('./helpers');

module.exports = function (app, middleware, controllers) {
    const middlewares = [middleware.authenticateRequest];
    const router = express.Router();
    app.use('/api', router);

    router.get('/config', [...middlewares, middleware.applyCSRF], helpers.tryRoute(controllers.api.getConfig));

    router.get('/self', [...middlewares], helpers.tryRoute(controllers.user.getCurrentUser));
    router.get('/user/uid/:uid', [...middlewares, middleware.canViewUsers], helpers.tryRoute(controllers.user.getUserByUID));
    router.get('/user/username/:username', [...middlewares, middleware.canViewUsers], helpers.tryRoute(controllers.user.getUserByUsername));
    router.get('/user/email/:email', [...middlewares, middleware.canViewUsers], helpers.tryRoute(controllers.user.getUserByEmail));

    router.get('/user/:userslug/export/posts', [...middlewares, middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.checkAccountPermissions, middleware.exposeUid], helpers.tryRoute(controllers.user.exportPosts));
    router.get('/user/:userslug/export/uploads', [...middlewares, middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.checkAccountPermissions, middleware.exposeUid], helpers.tryRoute(controllers.user.exportUploads));
    router.get('/user/:userslug/export/profile', [...middlewares, middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.checkAccountPermissions, middleware.exposeUid], helpers.tryRoute(controllers.user.exportProfile));

    // Deprecated, remove in v1.20.0
    router.get('/user/uid/:userslug/export/:type', (req, res) => {
        winston.warn(`[router] \`/api/user/uid/${req.params.userslug}/export/${req.params.type}\` is deprecated, call it \`/api/user/${req.params.userslug}/export/${req.params.type}\`instead.`);
        res.redirect(`/api/user/${req.params.userslug}/export/${req.params.type}`);
    });

    router.get('/categories/:cid/moderators', [...middlewares], helpers.tryRoute(controllers.api.getModerators));
    router.get('/recent/posts/:term?', [...middlewares], helpers.tryRoute(controllers.posts.getRecentPosts));
    router.get('/unread/total', [...middlewares, middleware.ensureLoggedIn], helpers.tryRoute(controllers.unread.unreadTotal));
    router.get('/topic/teaser/:topic_id', [...middlewares], helpers.tryRoute(controllers.topics.teaser));
    router.get('/topic/pagination/:topic_id', [...middlewares], helpers.tryRoute(controllers.topics.pagination));

    const multipart = require('connect-multiparty');
    const multipartMiddleware = multipart();
    const postMiddlewares = [
        middleware.maintenanceMode,
        multipartMiddleware,
        middleware.validateFiles,
        middleware.uploads.ratelimit,
        middleware.applyCSRF,
    ];

    router.post('/post/upload', postMiddlewares, helpers.tryRoute(uploadsController.uploadPost));
    router.post('/user/:userslug/uploadpicture', [
        ...middlewares,
        ...postMiddlewares,
        middleware.exposeUid,
        middleware.ensureLoggedIn,
        middleware.canViewUsers,
        middleware.checkAccountPermissions,
    ], helpers.tryRoute(controllers.accounts.edit.uploadPicture));
};