2
1
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2023-12-13 21:00:40 +01:00

API auth failures should respond with json, closes #49

This commit is contained in:
Ricardo Tomasi 2013-05-24 07:44:15 -03:00
parent bb67bcde40
commit 04c35161f8

31
app.js
View file

@ -16,6 +16,7 @@
// ## Variables
auth,
authAPI,
/**
* Create new Ghost object
@ -50,9 +51,19 @@
if (!req.session.user) {
req.flash('warn', "Please login");
res.redirect('/ghost/login/?redirect=' + encodeURIComponent(req.path));
} else {
next();
return;
}
next();
};
authAPI = function (req, res, next) {
if (!req.session.user) {
// TODO: standardize error format/codes/messages
var err = { code: 42, message: 'Please login' };
res.json(401, { error: err });
return;
}
next();
};
helpers.loadCoreHelpers(ghost);
@ -62,14 +73,14 @@
* API routes..
* @todo auth should be public auth not user auth
*/
ghost.app().get('/api/v0.1/posts', auth, api.requestHandler(api.posts.browse));
ghost.app().post('/api/v0.1/posts', auth, api.requestHandler(api.posts.add));
ghost.app().get('/api/v0.1/posts/:id', auth, api.requestHandler(api.posts.read));
ghost.app().put('/api/v0.1/posts/:id', auth, api.requestHandler(api.posts.edit));
ghost.app().del('/api/v0.1/posts/:id', auth, api.requestHandler(api.posts.destroy));
ghost.app().get('/api/v0.1/settings', auth, api.requestHandler(api.settings.browse));
ghost.app().get('/api/v0.1/settings/:key', auth, api.requestHandler(api.settings.read));
ghost.app().put('/api/v0.1/settings', auth, api.requestHandler(api.settings.edit));
ghost.app().get('/api/v0.1/posts', authAPI, api.requestHandler(api.posts.browse));
ghost.app().post('/api/v0.1/posts', authAPI, api.requestHandler(api.posts.add));
ghost.app().get('/api/v0.1/posts/:id', authAPI, api.requestHandler(api.posts.read));
ghost.app().put('/api/v0.1/posts/:id', authAPI, api.requestHandler(api.posts.edit));
ghost.app().del('/api/v0.1/posts/:id', authAPI, api.requestHandler(api.posts.destroy));
ghost.app().get('/api/v0.1/settings', authAPI, api.requestHandler(api.settings.browse));
ghost.app().get('/api/v0.1/settings/:key', authAPI, api.requestHandler(api.settings.read));
ghost.app().put('/api/v0.1/settings', authAPI, api.requestHandler(api.settings.edit));
/**
* Admin routes..