do not mix multipart and json

2025-06-06 17:05:22 +02:00
parent 0f7bc9be52
commit dffa3b7986
2 changed files with 4 additions and 4 deletions
@@ -173,7 +173,7 @@ async function initializeExpressSync() {
    router.post('/api/v1/profile/fallback_email',                  json, token, authorizeUser, routes.profile.canEditProfile, routes.users.verifyPassword, routes.profile.setFallbackEmail);
    router.post('/api/v1/profile/language',                        json, token, authorizeUser, routes.profile.setLanguage);
    router.get ('/api/v1/profile/avatar/:identifier',                                          routes.profile.getAvatar); // this is not scoped so it can used directly in img tag
-    router.post('/api/v1/profile/avatar',                          json, token, authorizeUser, (req, res, next) => { return typeof req.body.avatar === 'string' ? next() : multipart(req, res, next); }, routes.profile.setAvatar); // avatar is not exposed in LDAP. so it's personal and not locked
+    router.post('/api/v1/profile/avatar',                                token, authorizeUser, multipart, routes.profile.setAvatar); // avatar is not exposed in LDAP. so it's personal and not locked
    router.get ('/api/v1/profile/background_image',                      token, authorizeUser, routes.profile.getBackgroundImage);
    router.post('/api/v1/profile/background_image',                      token, authorizeUser, multipart, routes.profile.setBackgroundImage); // backgroundImage is not exposed in LDAP. so it's personal and not locked
    router.post('/api/v1/profile/password',                        json, token, authorizeUser, routes.users.verifyPassword, routes.profile.setPassword);
@@ -298,7 +298,7 @@ async function initializeExpressSync() {
    router.get ('/api/v1/apps/:id/exec/:execId',                       token, routes.apps.load, authorizeOperator, routes.apps.getExec);
    // these two routes are wrappers on exec. It allows upload/download to anywhere in filesystem unlike the files route which is only /app/data
    router.get ('/api/v1/apps/:id/download',                           token, routes.apps.load, authorizeOperator, routes.apps.downloadFile);
-    router.post('/api/v1/apps/:id/upload',                       json, token, multipart, routes.apps.load, authorizeOperator, routes.apps.uploadFile);
+    router.post('/api/v1/apps/:id/upload',                             token, multipart, routes.apps.load, authorizeOperator, routes.apps.uploadFile);

    // websocket cannot do bearer authentication
    router.get ('/api/v1/apps/:id/exec/:execId/startws',    token, routes.apps.load, authorizeOperator, routes.apps.startExecWebSocket);
@@ -315,7 +315,7 @@ async function initializeExpressSync() {
    router.get ('/api/v1/branding/cloudron_name',         token, authorizeAdmin, routes.branding.getCloudronName);
    router.post('/api/v1/branding/cloudron_name',   json, token, authorizeAdmin, routes.branding.setCloudronName);
    router.get ('/api/v1/branding/cloudron_avatar',       token, authorizeAdmin, routes.branding.getCloudronAvatar);
-    router.post('/api/v1/branding/cloudron_avatar', json, token, authorizeAdmin, multipart, routes.branding.setCloudronAvatar);
+    router.post('/api/v1/branding/cloudron_avatar',       token, authorizeAdmin, multipart, routes.branding.setCloudronAvatar);
    router.get ('/api/v1/branding/cloudron_background',   token, authorizeAdmin, routes.branding.getCloudronBackground);
    router.post('/api/v1/branding/cloudron_background',   token, authorizeAdmin, multipart, routes.branding.setCloudronBackground);
    router.get ('/api/v1/branding/footer',                token, authorizeAdmin, routes.branding.getFooter);