Better auth for API

This commit is contained in:
Akif9748 2022-09-21 22:42:08 +03:00
parent 0d356239e7
commit fd64ac8693
4 changed files with 12 additions and 7 deletions

View file

@ -2,13 +2,13 @@
Akf-forum has got an API for AJAX, other clients etc.
## Authorization
You need this headers for send request to API:
You need this header for send request to API:
```json
{
"username": "testUser",
"password": "testPassword"
"authorization": "Basic <base64 encoded username:password>"
}
```
But in front end, the API will works with session.
## Default Limits:

View file

@ -42,13 +42,15 @@ Akf-forum has got an API for AJAX (fetch), other clients etc. And, you can learn
| To do | Is done? |
| ----- | -------- |
| Profile Message | ⚪ |
| Better Auth for API way | |
| Better Auth for API way | 🟢 |
| mod role, permissions | ⚪ |
| upload other photos, model for it | ⚪ |
| categories page is need a update, thread count in category | ⚪ |
| preview for send messages in markdown format | 💚 |
| preview for send messages in markdown format | 🟢 |
| DC auth will store code for taking tokens, and create secret model setting | ⚪ |
- IF a person liked a message, view.
- Disable last seen button.
## Major Version History
- V4: Caching
- V3: New Theme

View file

@ -8,6 +8,7 @@ const schema = new mongoose.Schema({
threadID: String,
authorID: String,
content: { type: String, maxlength: limits.message },
oldContents: [{ type: String, maxlength: limits.message }],
time: { type: Date, default: Date.now },
deleted: { type: Boolean, default: false },
edited: { type: Boolean, default: false },

View file

@ -16,7 +16,9 @@ app.use(async (req, res, next) => {
res.complate = result => res.status(200).json(result);
if (req.user) return next();
const { username = null, password = null } = req.headers;
const authHeader = req.headers.authorization;
if (!authHeader) return res.error(401, "No authorization header");
const [username, password] = Buffer.from(authHeader.split(' ')[1], "base64").toString().split(":");
if (!username || !password)
return res.error(401, "Authorise headers are missing")