Better auth for API

2024-11-22 12:00:41 +03:00 · 2022-09-21 22:42:08 +03:00 · 2022-09-21 22:42:08 +03:00 · fd64ac8693
commit fd64ac8693
parent 0d356239e7
4 changed files with 12 additions and 7 deletions
--- a/APIDOCS.md
+++ b/APIDOCS.md
@ -2,13 +2,13 @@
 Akf-forum has got an API for AJAX, other clients etc. 

 ## Authorization
-You need this headers for send request to API:
+You need this header for send request to API:
 ```json
 {
-    "username": "testUser", 
-    "password": "testPassword"
+    "authorization": "Basic <base64 encoded username:password>"
 }
 ```
+
 But in front end, the API will works with session.

 ## Default Limits:
--- a/README.md
+++ b/README.md
@ -42,13 +42,15 @@ Akf-forum has got an API for AJAX (fetch), other clients etc. And, you can learn
 | To do | Is done? | 
 | ----- | -------- | 
 | Profile Message | ⚪ | 
-| Better Auth for API way | ⚪ | 
+| Better Auth for API way | 🟢 | 
 | mod role, permissions | ⚪ | 
 | upload other photos, model for it | ⚪ | 
 | categories page is need a update, thread count in category | ⚪ | 
-| preview for send messages in markdown format | 💚 |
+| preview for send messages in markdown format | 🟢 |
 | DC auth will store code for taking tokens, and create secret model setting | ⚪ |
-
+- IF a person liked a message, view.
+- Disable last seen button.
+ 
 ## Major Version History
 - V4: Caching
 - V3: New Theme
--- a/models/Message.js
+++ b/models/Message.js
@ -8,6 +8,7 @@ const schema = new mongoose.Schema({
    threadID: String,
    authorID: String,
    content: { type: String, maxlength: limits.message },
+    oldContents: [{ type: String, maxlength: limits.message }],
    time: { type: Date, default: Date.now },
    deleted: { type: Boolean, default: false },
    edited: { type: Boolean, default: false },
--- a/routes/api/index.js
+++ b/routes/api/index.js
@ -16,7 +16,9 @@ app.use(async (req, res, next) => {
    res.complate = result => res.status(200).json(result);

    if (req.user) return next();
-    const { username = null, password = null } = req.headers;
+    const authHeader = req.headers.authorization;
+    if (!authHeader) return res.error(401, "No authorization header");
+    const [username, password] = Buffer.from(authHeader.split(' ')[1], "base64").toString().split(":");

    if (!username || !password)
        return res.error(401, "Authorise headers are missing")