summaryrefslogtreecommitdiff
path: root/lib/web/userRouter.js (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Move note actions to their own file.David Mehren2019-10-271-11/+11
| | | | | | Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com>
* Fix eslint warningsSheogorath2019-05-311-1/+1
| | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Prevent subdirectories in user exportDaan Sprenkels2018-11-281-9/+11
| | | | | | | | | This commit also refactors the code a bit, and adds a '-' separator between a filename and its duplicate index. This commit fixes #1079. Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* Add note export functionSheogorath2018-05-261-0/+56
| | | | | | | | This function is the first step to get out data following GDPR about the transportability of data. Details: https://gdpr-info.eu/art-20-gdpr/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add token based security featureSheogorath2018-05-251-8/+12
| | | | | | | | | | | | In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add delete function for authenticated usersSheogorath2018-05-251-0/+24
| | | | | | | Allow users to delete themselbes. This is require to be GDPR compliant. See: https://gdpr-info.eu/art-17-gdpr/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Move letter-avatars into own requestSheogorath2018-04-171-0/+7
| | | | | | | | | | To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* refactor(app.js): Extract /me pageBoHong Li2017-05-081-0/+36