diff --git a/src/routes/test/branding-test.js b/src/routes/test/branding-test.js index 63bd2249e..ba56d2582 100644 --- a/src/routes/test/branding-test.js +++ b/src/routes/test/branding-test.js @@ -19,7 +19,7 @@ describe('Branding API', function () { after(cleanup); describe('cloudron_name', function () { - let name = 'foobar'; + const name = 'foobar'; it('get default succeeds', async function () { const response = await superagent.get(`${serverUrl}/api/v1/branding/cloudron_name`) diff --git a/src/server.js b/src/server.js index ccac73d7e..eaf6476c7 100644 --- a/src/server.js +++ b/src/server.js @@ -173,7 +173,7 @@ async function initializeExpressSync() { router.post('/api/v1/profile/fallback_email', json, token, authorizeUser, routes.profile.canEditProfile, routes.users.verifyPassword, routes.profile.setFallbackEmail); router.post('/api/v1/profile/language', json, token, authorizeUser, routes.profile.setLanguage); router.get ('/api/v1/profile/avatar/:identifier', routes.profile.getAvatar); // this is not scoped so it can used directly in img tag - router.post('/api/v1/profile/avatar', json, token, authorizeUser, (req, res, next) => { return typeof req.body.avatar === 'string' ? next() : multipart(req, res, next); }, routes.profile.setAvatar); // avatar is not exposed in LDAP. so it's personal and not locked + router.post('/api/v1/profile/avatar', token, authorizeUser, multipart, routes.profile.setAvatar); // avatar is not exposed in LDAP. so it's personal and not locked router.get ('/api/v1/profile/background_image', token, authorizeUser, routes.profile.getBackgroundImage); router.post('/api/v1/profile/background_image', token, authorizeUser, multipart, routes.profile.setBackgroundImage); // backgroundImage is not exposed in LDAP. so it's personal and not locked router.post('/api/v1/profile/password', json, token, authorizeUser, routes.users.verifyPassword, routes.profile.setPassword); @@ -298,7 +298,7 @@ async function initializeExpressSync() { router.get ('/api/v1/apps/:id/exec/:execId', token, routes.apps.load, authorizeOperator, routes.apps.getExec); // these two routes are wrappers on exec. It allows upload/download to anywhere in filesystem unlike the files route which is only /app/data router.get ('/api/v1/apps/:id/download', token, routes.apps.load, authorizeOperator, routes.apps.downloadFile); - router.post('/api/v1/apps/:id/upload', json, token, multipart, routes.apps.load, authorizeOperator, routes.apps.uploadFile); + router.post('/api/v1/apps/:id/upload', token, multipart, routes.apps.load, authorizeOperator, routes.apps.uploadFile); // websocket cannot do bearer authentication router.get ('/api/v1/apps/:id/exec/:execId/startws', token, routes.apps.load, authorizeOperator, routes.apps.startExecWebSocket); @@ -315,7 +315,7 @@ async function initializeExpressSync() { router.get ('/api/v1/branding/cloudron_name', token, authorizeAdmin, routes.branding.getCloudronName); router.post('/api/v1/branding/cloudron_name', json, token, authorizeAdmin, routes.branding.setCloudronName); router.get ('/api/v1/branding/cloudron_avatar', token, authorizeAdmin, routes.branding.getCloudronAvatar); - router.post('/api/v1/branding/cloudron_avatar', json, token, authorizeAdmin, multipart, routes.branding.setCloudronAvatar); + router.post('/api/v1/branding/cloudron_avatar', token, authorizeAdmin, multipart, routes.branding.setCloudronAvatar); router.get ('/api/v1/branding/cloudron_background', token, authorizeAdmin, routes.branding.getCloudronBackground); router.post('/api/v1/branding/cloudron_background', token, authorizeAdmin, multipart, routes.branding.setCloudronBackground); router.get ('/api/v1/branding/footer', token, authorizeAdmin, routes.branding.getFooter);