api: export board: allow authentication through generic authentication

This allows to retrieve the full export of the board from the API. When the board is big, retrieving individual cards is heavy for both the server and the number of requests. Allowing the API to directly call on export and then treat the data makes the whole process smoother.
2025-04-22 04:57:07 -04:00 · 2018-07-27 07:12:29 +02:00 · 2018-07-27 07:12:29 +02:00 · 26d7ba72aa
commit 26d7ba72aa
parent 44e4df2492
1 changed files with 5 additions and 3 deletions
--- a/models/export.js
+++ b/models/export.js
@ -10,7 +10,7 @@ if (Meteor.isServer) {
   * @operation export
   * @tag Boards
   *
-   * @summary This route is used to export the board **FROM THE APPLICATION**.
+   * @summary This route is used to export the board.
   *
   * @description If user is already logged-in, pass loginToken as param
   * "authToken": '/api/boards/:boardId/export?authToken=:token'
@ -24,14 +24,16 @@ if (Meteor.isServer) {
  JsonRoutes.add('get', '/api/boards/:boardId/export', function(req, res) {
    const boardId = req.params.boardId;
    let user = null;
-    // todo XXX for real API, first look for token in Authentication: header
-    // then fallback to parameter
+
    const loginToken = req.query.authToken;
    if (loginToken) {
      const hashToken = Accounts._hashLoginToken(loginToken);
      user = Meteor.users.findOne({
        'services.resume.loginTokens.hashedToken': hashToken,
      });
+    } else {
+      Authentication.checkUserId(req.userId);
+      user = Users.findOne({ _id: req.userId, isAdmin: true });
    }

    const exporter = new Exporter(boardId);