diff options
Diffstat (limited to 'src/api/structures')
| -rw-r--r-- | src/api/structures/Route.js | 15 | ||||
| -rw-r--r-- | src/api/structures/Server.js | 2 |
2 files changed, 15 insertions, 2 deletions
diff --git a/src/api/structures/Route.js b/src/api/structures/Route.js index 19d33f9..8a73454 100644 --- a/src/api/structures/Route.js +++ b/src/api/structures/Route.js @@ -13,6 +13,7 @@ const db = require('knex')({ }); const moment = require('moment'); const log = require('../utils/Log'); +const bcrypt = require('bcrypt'); class Route { constructor(path, method, options) { @@ -26,8 +27,9 @@ class Route { authorize(req, res) { if (this.options.bypassAuth) return this.run(req, res, db); - console.log(req.headers); + if (req.headers.apiKey) return this.authorizeApiKey(req, res, req.headers.apiKey); if (!req.headers.authorization) return res.status(401).json({ message: 'No authorization header provided' }); + const token = req.headers.authorization.split(' ')[1]; if (!token) return res.status(401).json({ message: 'No authorization header provided' }); @@ -49,6 +51,17 @@ class Route { }); } + authorizeApiKey(req, res, apiKey) { + if (this.options.noApiKey) return res.status(401).json({ message: 'Api Key not allowed for this resource' }); + + /* + Need to read more into how api keys work before proceeding any further + + const comparePassword = await bcrypt.compare(password, user.password); + if (!comparePassword) return res.status(401).json({ message: 'Invalid authorization.' }); + */ + } + run(req, res, db) { // eslint-disable-line no-unused-vars return; } diff --git a/src/api/structures/Server.js b/src/api/structures/Server.js index 0dd22d7..d10abc9 100644 --- a/src/api/structures/Server.js +++ b/src/api/structures/Server.js @@ -27,7 +27,7 @@ class Server { This bypasses the headers.accept for album download, since it's accesed directly through the browser. */ if (req.url.includes('/api/album/') && req.url.includes('/zip') && req.method === 'GET') return next(); - if (req.headers.accept === 'application/vnd.lolisafe.json') return next(); + if (req.headers.accept.includes('application/vnd.lolisafe.json')) return next(); return res.status(405).json({ message: 'Incorrect `Accept` header provided' }); }); this.server.use(bodyParser.urlencoded({ extended: true })); |