25 lines
652 B
Ruby
25 lines
652 B
Ruby
# typed: true
|
|
class UserScriptsController < ApplicationController
|
|
skip_before_action :authenticate_user!, only: [:get]
|
|
skip_before_action :verify_authenticity_token, only: [:get]
|
|
|
|
ALLOWED_SCRIPTS = %w[object_statuses.user.js furecs.user.js].freeze
|
|
|
|
def get
|
|
expires_in 1.hour, public: true
|
|
response.cache_control[:public] = false
|
|
response.cache_control[:private] = true
|
|
|
|
script = params[:script]
|
|
unless ALLOWED_SCRIPTS.include?(script)
|
|
render status: 404, text: "not found"
|
|
return
|
|
end
|
|
|
|
send_file(
|
|
Rails.root.join("user_scripts/dist/#{script}"),
|
|
type: "application/javascript",
|
|
)
|
|
end
|
|
end
|