diff options
-rw-r--r-- | client/components/boards/boardHeader.js | 22 | ||||
-rw-r--r-- | models/export.js | 44 |
2 files changed, 33 insertions, 33 deletions
diff --git a/client/components/boards/boardHeader.js b/client/components/boards/boardHeader.js index 10d9925a..ac5f9c33 100644 --- a/client/components/boards/boardHeader.js +++ b/client/components/boards/boardHeader.js @@ -15,17 +15,17 @@ Template.boardMenuPopup.events({ }), }); -// Template.boardMenuPopup.helpers({ -// exportUrl() { -// const boardId = Session.get('currentBoard'); -// const loginToken = Accounts._storedLoginToken(); -// return FlowRouter.url(`api/boards/${boardId}?authToken=${loginToken}`); -// }, -// exportFilename() { -// const boardId = Session.get('currentBoard'); -// return `wekan-export-board-${boardId}.json`; -// }, -// }); +Template.boardMenuPopup.helpers({ + exportUrl() { + const boardId = Session.get('currentBoard'); + const loginToken = Accounts._storedLoginToken(); + return FlowRouter.url(`api/boards/${boardId}/export?authToken=${loginToken}`); + }, + exportFilename() { + const boardId = Session.get('currentBoard'); + return `wekan-export-board-${boardId}.json`; + }, +}); Template.boardChangeTitlePopup.events({ submit(evt, tpl) { diff --git a/models/export.js b/models/export.js index 7a363dd3..7b22f45d 100644 --- a/models/export.js +++ b/models/export.js @@ -9,33 +9,33 @@ if (Meteor.isServer) { /* * This route is used to export the board FROM THE APPLICATION. * If user is already logged-in, pass loginToken as param "authToken": - * '/api/boards/:boardId?authToken=:token' + * '/api/boards/:boardId/export?authToken=:token' * * See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/ * for detailed explanations */ - // JsonRoutes.add('get', '/api/boards/:boardId', function (req, res) { - // const boardId = req.params.boardId; - // let user = null; - // // todo XXX for real API, first look for token in Authentication: header - // // then fallback to parameter - // const loginToken = req.query.authToken; - // if (loginToken) { - // const hashToken = Accounts._hashLoginToken(loginToken); - // user = Meteor.users.findOne({ - // 'services.resume.loginTokens.hashedToken': hashToken, - // }); - // } + JsonRoutes.add('get', '/api/boards/:boardId/export', function (req, res) { + const boardId = req.params.boardId; + let user = null; + // todo XXX for real API, first look for token in Authentication: header + // then fallback to parameter + const loginToken = req.query.authToken; + if (loginToken) { + const hashToken = Accounts._hashLoginToken(loginToken); + user = Meteor.users.findOne({ + 'services.resume.loginTokens.hashedToken': hashToken, + }); + } - // const exporter = new Exporter(boardId); - // if(exporter.canExport(user)) { - // JsonRoutes.sendResult(res, 200, exporter.build()); - // } else { - // // we could send an explicit error message, but on the other hand the only - // // way to get there is by hacking the UI so let's keep it raw. - // JsonRoutes.sendResult(res, 403); - // } - // }); + const exporter = new Exporter(boardId); + if(exporter.canExport(user)) { + JsonRoutes.sendResult(res, { code: 200, data: exporter.build() }); + } else { + // we could send an explicit error message, but on the other hand the only + // way to get there is by hacking the UI so let's keep it raw. + JsonRoutes.sendResult(res, 403); + } + }); } class Exporter { |