mirror of
https://github.com/Akif9748/akf-forum.git
synced 2024-11-26 21:30:42 +03:00
Better auth for API
This commit is contained in:
parent
0d356239e7
commit
fd64ac8693
4 changed files with 12 additions and 7 deletions
|
@ -2,13 +2,13 @@
|
||||||
Akf-forum has got an API for AJAX, other clients etc.
|
Akf-forum has got an API for AJAX, other clients etc.
|
||||||
|
|
||||||
## Authorization
|
## Authorization
|
||||||
You need this headers for send request to API:
|
You need this header for send request to API:
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
"username": "testUser",
|
"authorization": "Basic <base64 encoded username:password>"
|
||||||
"password": "testPassword"
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
But in front end, the API will works with session.
|
But in front end, the API will works with session.
|
||||||
|
|
||||||
## Default Limits:
|
## Default Limits:
|
||||||
|
|
|
@ -42,12 +42,14 @@ Akf-forum has got an API for AJAX (fetch), other clients etc. And, you can learn
|
||||||
| To do | Is done? |
|
| To do | Is done? |
|
||||||
| ----- | -------- |
|
| ----- | -------- |
|
||||||
| Profile Message | ⚪ |
|
| Profile Message | ⚪ |
|
||||||
| Better Auth for API way | ⚪ |
|
| Better Auth for API way | 🟢 |
|
||||||
| mod role, permissions | ⚪ |
|
| mod role, permissions | ⚪ |
|
||||||
| upload other photos, model for it | ⚪ |
|
| upload other photos, model for it | ⚪ |
|
||||||
| categories page is need a update, thread count in category | ⚪ |
|
| categories page is need a update, thread count in category | ⚪ |
|
||||||
| preview for send messages in markdown format | 💚 |
|
| preview for send messages in markdown format | 🟢 |
|
||||||
| DC auth will store code for taking tokens, and create secret model setting | ⚪ |
|
| DC auth will store code for taking tokens, and create secret model setting | ⚪ |
|
||||||
|
- IF a person liked a message, view.
|
||||||
|
- Disable last seen button.
|
||||||
|
|
||||||
## Major Version History
|
## Major Version History
|
||||||
- V4: Caching
|
- V4: Caching
|
||||||
|
|
|
@ -8,6 +8,7 @@ const schema = new mongoose.Schema({
|
||||||
threadID: String,
|
threadID: String,
|
||||||
authorID: String,
|
authorID: String,
|
||||||
content: { type: String, maxlength: limits.message },
|
content: { type: String, maxlength: limits.message },
|
||||||
|
oldContents: [{ type: String, maxlength: limits.message }],
|
||||||
time: { type: Date, default: Date.now },
|
time: { type: Date, default: Date.now },
|
||||||
deleted: { type: Boolean, default: false },
|
deleted: { type: Boolean, default: false },
|
||||||
edited: { type: Boolean, default: false },
|
edited: { type: Boolean, default: false },
|
||||||
|
|
|
@ -16,7 +16,9 @@ app.use(async (req, res, next) => {
|
||||||
res.complate = result => res.status(200).json(result);
|
res.complate = result => res.status(200).json(result);
|
||||||
|
|
||||||
if (req.user) return next();
|
if (req.user) return next();
|
||||||
const { username = null, password = null } = req.headers;
|
const authHeader = req.headers.authorization;
|
||||||
|
if (!authHeader) return res.error(401, "No authorization header");
|
||||||
|
const [username, password] = Buffer.from(authHeader.split(' ')[1], "base64").toString().split(":");
|
||||||
|
|
||||||
if (!username || !password)
|
if (!username || !password)
|
||||||
return res.error(401, "Authorise headers are missing")
|
return res.error(401, "Authorise headers are missing")
|
||||||
|
|
Loading…
Reference in a new issue