diff options
author | Xavier Priour <xavier.priour@bubblyware.com> | 2015-12-17 13:11:33 +0100 |
---|---|---|
committer | Xavier Priour <xavier.priour@bubblyware.com> | 2015-12-17 13:11:33 +0100 |
commit | a45a899137b23f95c2f58025e3e06109bdf82a94 (patch) | |
tree | a0bee44be9a0ef991f556b1830729443f37860af /models | |
parent | 43b1c4b576b8f0e4c342ec19684000a06809a253 (diff) | |
download | wekan-a45a899137b23f95c2f58025e3e06109bdf82a94.tar.gz wekan-a45a899137b23f95c2f58025e3e06109bdf82a94.tar.bz2 wekan-a45a899137b23f95c2f58025e3e06109bdf82a94.zip |
Improved doc on server-side export route
Diffstat (limited to 'models')
-rw-r--r-- | models/export.js | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/models/export.js b/models/export.js index 9fbcbcef..e250d935 100644 --- a/models/export.js +++ b/models/export.js @@ -1,5 +1,15 @@ /* global JsonRoutes */ if(Meteor.isServer) { + // todo XXX once we have a real API in place, move that route there + /* + * This route is used to export the board FROM THE APPLICATION. + * We want to identify the logged-in user without asking for password again, + * but the server-side API routing has no notion of "current user". + * So we have to pass login information (id + token) to authenticate. + * + * See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/ + * for detailed explanations + */ JsonRoutes.add('get', '/api/b/:boardId/:userId/:loginToken', function (req, res) { const { userId, loginToken, boardId } = req.params; const hashToken = Accounts._hashLoginToken(loginToken); |