skip api token check for FA search_user_names

2023-08-21 10:49:39 -07:00
parent 6ec902a859
commit 93e389855a
3 changed files with 25 additions and 10 deletions
--- a/app/controllers/blobs_controller.rb
+++ b/app/controllers/blobs_controller.rb
@@ -1,4 +1,9 @@
 class BlobsController < ApplicationController
+  skip_before_action :validate_api_token,
+                     only: %i[
+                       contents
+                     ]
+
  def show
    sha256 = HexUtil.hex2bin(params[:sha256])
    @blob = BlobEntryP.ensure(sha256: sha256)
@@ -22,12 +27,12 @@ class BlobsController < ApplicationController
      if !thumb.blank? && helpers.is_thumbable_content_type?(blob_entry.content_type)
        filename = "thumb-#{thumb}-#{sha256}"
        filename = filename[..File.extname(filename).length]
-        filename += ".jpg"
-        file = Tempfile.new("thumb.jpg", binmode: true)
-        file.write(blob_entry.contents)
-        file.flush
-
-        image = Rszr::Image.load(file.path)
+        filename += ".jpeg"
+        # file = Tempfile.new("thumb.jpeg", binmode: true)
+        # file.write(blob_entry.contents)
+        # file.flush
+        # image = Rszr::Image.load(file.path)
+        image = Rszr::Image.load_data(blob_entry.contents)
        image.resize!(*thumb_params(thumb))
        resized_image_contents = image.save_data(format: :jpg)

--- a/app/controllers/domain/fa/api_controller.rb
+++ b/app/controllers/domain/fa/api_controller.rb
@@ -1,6 +1,14 @@
 class Domain::Fa::ApiController < ApplicationController
  skip_before_action :verify_authenticity_token,
-    only: %i[ enqueue_objects object_statuses ]
+                     only: %i[
+                       enqueue_objects
+                       object_statuses
+                     ]
+
+  skip_before_action :validate_api_token,
+                     only: %i[
+                       search_user_names
+                     ]

  def search_user_names
    name = params[:name]
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -16,6 +16,10 @@ Rails.application.routes.draw do
    end
  end

+  resources :blobs, only: [], slug: :sha256 do
+    get :contents, on: :member
+  end
+
  get "us/:script", to: "user_scripts#get", constraints: { script: /.*/ }

  scope constraints: VpnOnlyRouteConstraint.new do
@@ -45,9 +49,7 @@ Rails.application.routes.draw do
      end
    end

-    resources :blobs, only: [:show], slug: :sha256 do
-      get :contents, on: :member
-    end
+    resources :blobs, only: [:show], slug: :sha256

    resources :log_entries, only: [:index, :show] do
      get :stats, on: :collection