2 files changed, 11 insertions, 8 deletions

diff --git a/controllers/galleryController.js b/controllers/galleryController.js
index a74dde5..39826dd 100644
--- a/controllers/galleryController.js
+++ b/controllers/galleryController.js
@@ -5,8 +5,9 @@ let galleryController = {}
 
 galleryController.list = function(req, res, next){
 	
-	if(!config.privacy.public)
-		if(!config.privacy.IPs.includes(req.ip)) return res.status(401).send('not-authorized')
+	if(config.TOKEN !== '')
+		if(req.headers.auth !== config.TOKEN)
+			return res.status(401).send('not-authorized')
 
 	db.table('gallery').select('id', 'name').then((data) => {
 		res.json({ data })
@@ -15,8 +16,9 @@ galleryController.list = function(req, res, next){
 
 galleryController.test = function(req, res, next){
 	
-	if(!config.privacy.public)
-		if(!config.privacy.IPs.includes(req.ip)) return res.status(401).send('not-authorized')
+	if(config.TOKEN !== '')
+		if(req.headers.auth !== config.TOKEN)
+			return res.status(401).send('not-authorized')
 
 	let testdata = [
 		{name: 'Test 1'},
diff --git a/controllers/uploadController.js b/controllers/uploadController.js
index 259e824..7754261 100644
--- a/controllers/uploadController.js
+++ b/controllers/uploadController.js
@@ -22,10 +22,11 @@ const upload = multer({
 
 uploadsController.upload = function(req, res, next){
 
-	let gallery = req.headers.gallery
+	if(config.TOKEN !== '')
+		if(req.headers.auth !== config.TOKEN)
+			return res.status(401).send('not-authorized')
 
-	if(!config.privacy.public)
-		if(!config.privacy.IPs.includes(req.ip)) return res.status(401).send('not-authorized')
+	let gallery = req.headers.gallery
 	
 	upload(req, res, function (err) {
 		if (err) {
@@ -38,7 +39,7 @@ uploadsController.upload = function(req, res, next){
 			galleryid: gallery
 		}).then(() => {
 			return res.json({
-				'filename': req.file.filename
+				'url': config.uploads.basedomain + req.file.filename
 			})
 		})