Better auth for API

This commit is contained in:
Akif9748 2022-09-21 22:42:08 +03:00
parent 0d356239e7
commit fd64ac8693
4 changed files with 12 additions and 7 deletions

View file

@ -2,13 +2,13 @@
Akf-forum has got an API for AJAX, other clients etc. Akf-forum has got an API for AJAX, other clients etc.
## Authorization ## Authorization
You need this headers for send request to API: You need this header for send request to API:
```json ```json
{ {
"username": "testUser", "authorization": "Basic <base64 encoded username:password>"
"password": "testPassword"
} }
``` ```
But in front end, the API will works with session. But in front end, the API will works with session.
## Default Limits: ## Default Limits:

View file

@ -42,13 +42,15 @@ Akf-forum has got an API for AJAX (fetch), other clients etc. And, you can learn
| To do | Is done? | | To do | Is done? |
| ----- | -------- | | ----- | -------- |
| Profile Message | ⚪ | | Profile Message | ⚪ |
| Better Auth for API way | | | Better Auth for API way | 🟢 |
| mod role, permissions | ⚪ | | mod role, permissions | ⚪ |
| upload other photos, model for it | ⚪ | | upload other photos, model for it | ⚪ |
| categories page is need a update, thread count in category | ⚪ | | categories page is need a update, thread count in category | ⚪ |
| preview for send messages in markdown format | 💚 | | preview for send messages in markdown format | 🟢 |
| DC auth will store code for taking tokens, and create secret model setting | ⚪ | | DC auth will store code for taking tokens, and create secret model setting | ⚪ |
- IF a person liked a message, view.
- Disable last seen button.
## Major Version History ## Major Version History
- V4: Caching - V4: Caching
- V3: New Theme - V3: New Theme

View file

@ -8,6 +8,7 @@ const schema = new mongoose.Schema({
threadID: String, threadID: String,
authorID: String, authorID: String,
content: { type: String, maxlength: limits.message }, content: { type: String, maxlength: limits.message },
oldContents: [{ type: String, maxlength: limits.message }],
time: { type: Date, default: Date.now }, time: { type: Date, default: Date.now },
deleted: { type: Boolean, default: false }, deleted: { type: Boolean, default: false },
edited: { type: Boolean, default: false }, edited: { type: Boolean, default: false },

View file

@ -16,7 +16,9 @@ app.use(async (req, res, next) => {
res.complate = result => res.status(200).json(result); res.complate = result => res.status(200).json(result);
if (req.user) return next(); if (req.user) return next();
const { username = null, password = null } = req.headers; const authHeader = req.headers.authorization;
if (!authHeader) return res.error(401, "No authorization header");
const [username, password] = Buffer.from(authHeader.split(' ')[1], "base64").toString().split(":");
if (!username || !password) if (!username || !password)
return res.error(401, "Authorise headers are missing") return res.error(401, "Authorise headers are missing")