nodebb/src/routes/api.js

'use strict';

const express = require('express');

const uploadsController = require('../controllers/uploads');

module.exports = function (app, middleware, controllers) {
	const router = express.Router();
	app.use('/api', router);

	router.get('/config', middleware.applyCSRF, middleware.authenticateRequest, controllers.api.getConfig);

	router.get('/self', controllers.user.getCurrentUser);
	router.get('/user/uid/:uid', middleware.canViewUsers, controllers.user.getUserByUID);
	router.get('/user/username/:username', middleware.canViewUsers, controllers.user.getUserByUsername);
	router.get('/user/email/:email', middleware.canViewUsers, controllers.user.getUserByEmail);

	router.get('/user/uid/:userslug/export/posts', middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.checkAccountPermissions, middleware.exposeUid, controllers.user.exportPosts);
	router.get('/user/uid/:userslug/export/uploads', middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.checkAccountPermissions, middleware.exposeUid, controllers.user.exportUploads);
	router.get('/user/uid/:userslug/export/profile', middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.checkAccountPermissions, middleware.exposeUid, controllers.user.exportProfile);

	router.get('/categories/:cid/moderators', controllers.api.getModerators);
	router.get('/recent/posts/:term?', controllers.posts.getRecentPosts);
	router.get('/unread/total', middleware.authenticateRequest, middleware.ensureLoggedIn, controllers.unread.unreadTotal);
	router.get('/topic/teaser/:topic_id', controllers.topics.teaser);
	router.get('/topic/pagination/:topic_id', controllers.topics.pagination);

	const multipart = require('connect-multiparty');
	const multipartMiddleware = multipart();
	const middlewares = [
		middleware.maintenanceMode,
		multipartMiddleware,
		middleware.validateFiles,
		middleware.uploads.ratelimit,
		middleware.applyCSRF,
	];

	router.post('/post/upload', middlewares, uploadsController.uploadPost);
	router.post('/user/:userslug/uploadpicture', middlewares.concat([middleware.exposeUid, middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.canViewUsers, middleware.checkAccountPermissions]), controllers.accounts.edit.uploadPicture);
};
ESlint quotes 8 years ago			`'use strict';`
moved api-only routes into routes/api.js, cleanup & linting 11 years ago
chore: eslint no-var, vars-on-top 4 years ago			`const express = require('express');`
cleaned up requires 11 years ago
chore: eslint no-var, vars-on-top 4 years ago			`const uploadsController = require('../controllers/uploads');`
user selectable pagination 11 years ago
ESlint keyword-spacing, no-multi-spaces 8 years ago			`module.exports = function (app, middleware, controllers) {`
chore: eslint no-var, vars-on-top 4 years ago			`const router = express.Router();`
uploads controller 10 years ago			`app.use('/api', router);`
more cleanup 11 years ago
refactor: automatically authenticate all requests setup through route helpers (#9357) * refactor: automatically authenticate all requests setup through route helpers * fix: removed connect-ensure-login dependency * fix: bug with some middlewares not defined outside route helper methods 4 years ago			`router.get('/config', middleware.applyCSRF, middleware.authenticateRequest, controllers.api.getConfig);`
more cleanup 11 years ago
fix: #8656, rename /api/me to /api/self 4 years ago			`router.get('/self', controllers.user.getCurrentUser);`
fix: #6806 3 new global privileges view:users view:tags view:groups 6 years ago			`router.get('/user/uid/:uid', middleware.canViewUsers, controllers.user.getUserByUID);`
			`router.get('/user/username/:username', middleware.canViewUsers, controllers.user.getUserByUsername);`
			`router.get('/user/email/:email', middleware.canViewUsers, controllers.user.getUserByEmail);`
add api endpoints to get user by username and by email Signed-off-by: Dustin Falgout <[email protected]> 9 years ago
fix: request authentication called twice in account routes 4 years ago			`router.get('/user/uid/:userslug/export/posts', middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.checkAccountPermissions, middleware.exposeUid, controllers.user.exportPosts);`
			`router.get('/user/uid/:userslug/export/uploads', middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.checkAccountPermissions, middleware.exposeUid, controllers.user.exportUploads);`
			`router.get('/user/uid/:userslug/export/profile', middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.checkAccountPermissions, middleware.exposeUid, controllers.user.exportProfile);`
posts export endpoint for GDPR, re: #6441 7 years ago
accounts refactor #2 and various 404 fixes 10 years ago			`router.get('/categories/:cid/moderators', controllers.api.getModerators);`
more refactors 8 years ago			`router.get('/recent/posts/:term?', controllers.posts.getRecentPosts);`
refactor: automatically authenticate all requests setup through route helpers (#9357) * refactor: automatically authenticate all requests setup through route helpers * fix: removed connect-ensure-login dependency * fix: bug with some middlewares not defined outside route helper methods 4 years ago			`router.get('/unread/total', middleware.authenticateRequest, middleware.ensureLoggedIn, controllers.unread.unreadTotal);`
moved api route to api.js 10 years ago			`router.get('/topic/teaser/:topic_id', controllers.topics.teaser);`
closes #4612 9 years ago			`router.get('/topic/pagination/:topic_id', controllers.topics.pagination);`
more cleanup 11 years ago
chore: eslint no-var, vars-on-top 4 years ago			`const multipart = require('connect-multiparty');`
			`const multipartMiddleware = multipart();`
feat: rate limit file uploads 4 years ago			`const middlewares = [`
			`middleware.maintenanceMode,`
			`multipartMiddleware,`
			`middleware.validateFiles,`
test: clear cache between runs, require middleware later in helpers 4 years ago			`middleware.uploads.ratelimit,`
feat: rate limit file uploads 4 years ago			`middleware.applyCSRF,`
			`];`
fix: #8437, #8433 5 years ago
feat: rate limit file uploads 4 years ago			`router.post('/post/upload', middlewares, uploadsController.uploadPost);`
refactor: automatically authenticate all requests setup through route helpers (#9357) * refactor: automatically authenticate all requests setup through route helpers * fix: removed connect-ensure-login dependency * fix: bug with some middlewares not defined outside route helper methods 4 years ago			`router.post('/user/:userslug/uploadpicture', middlewares.concat([middleware.exposeUid, middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.canViewUsers, middleware.checkAccountPermissions]), controllers.accounts.edit.uploadPicture);`
uploads controller 10 years ago			`};`