diff --git a/lib/cli.js b/lib/cli.js index b7a83456..74909998 100644 --- a/lib/cli.js +++ b/lib/cli.js @@ -871,22 +871,15 @@ program , 'secret (or $SECRET)' , String , process.env.SECRET) - .option('-a, --auth-url ' - , 'URL to auth client' - , String) .action(function(options) { if (!options.secret) { this.missingArgument('--secret') } - if (!options.authUrl) { - this.missingArgument('--auth-url') - } require('./units/api')({ port: options.port , ssid: options.ssid , secret: options.secret - , authUrl: options.authUrl }) }) @@ -1335,12 +1328,6 @@ program 'api' , '--port', options.apiPort , '--secret', options.authSecret - , '--auth-url', options.authUrl || util.format( - 'http://%s:%d/auth/%s/' - , options.publicIp - , options.poorxyPort - , ({oauth2: 'oauth'}[options.authType]) || options.authType - ) ]) // websocket , procutil.fork(__filename, [ diff --git a/lib/units/api/controllers/device.js b/lib/units/api/controllers/device.js index b830fd4f..16ef7555 100644 --- a/lib/units/api/controllers/device.js +++ b/lib/units/api/controllers/device.js @@ -4,12 +4,12 @@ var dbapi = require('../../../db/api') var logger = require('../../../util/logger') var datautil = require('../../../util/datautil') -var log = logger.createLogger('api:contoller:device') +var log = logger.createLogger('api:controllers:device') module.exports = { getDevices: getDevices , getDeviceBySerial: getDeviceBySerial -}; +} function getDevices(req, res) { dbapi.loadDevices() diff --git a/lib/units/api/controllers/token.js b/lib/units/api/controllers/token.js index d83dca2a..8452f84e 100644 --- a/lib/units/api/controllers/token.js +++ b/lib/units/api/controllers/token.js @@ -3,11 +3,11 @@ var Promise = require('bluebird') var dbapi = require('../../../db/api') var logger = require('../../../util/logger') -var log = logger.createLogger('api:contoller:token') +var log = logger.createLogger('api:controllers:token') module.exports = { getAccessTokens: getAccessTokens -}; +} function getAccessTokens(req, res) { dbapi.loadAccessTokens(req.user.email) diff --git a/lib/units/api/controllers/user.js b/lib/units/api/controllers/user.js index 537e0099..01a3ee52 100644 --- a/lib/units/api/controllers/user.js +++ b/lib/units/api/controllers/user.js @@ -4,12 +4,12 @@ var dbapi = require('../../../db/api') var logger = require('../../../util/logger') var datautil = require('../../../util/datautil') -var log = logger.createLogger('api:contoller:user') +var log = logger.createLogger('api:controllers:user') module.exports = { getCurrentUser: getCurrentUser , getCurrentUserGroup: getCurrentUserGroup -}; +} function getCurrentUser(req, res) { res.json({ diff --git a/lib/units/api/helpers/securityHandlers.js b/lib/units/api/helpers/securityHandlers.js index 9dee2bd9..7843ab8c 100644 --- a/lib/units/api/helpers/securityHandlers.js +++ b/lib/units/api/helpers/securityHandlers.js @@ -3,7 +3,7 @@ var urlutil = require('../../../util/urlutil') var logger = require('../../../util/logger') var dbapi = require('../../../db/api') -var log = logger.createLogger('api:auth') +var log = logger.createLogger('api:helpers:securityHandlers') module.exports = { accessTokenAuth: accessTokenAuth @@ -27,24 +27,30 @@ function accessTokenAuth(req, res, next) { next() } }) + } else { + res.json(500, { + success: false + }) } }) .catch(function(err) { log.error('Failed to load token: ', err.stack) - res.json(500, { + res.json(401, { success: false, - description: "Bad Access Token" + description: 'Bad credentials' }) }) } else { - log.error("Bad Access Token Header") - res.json(500, { + log.error('Bad Access Token Header') + res.json(401, { success: false, - description: "Bad Access Token Header" + description: 'Bad credentials' }) } } + // Request is coming from browser app // TODO: Remove this once frontend become stateless + // and start sending request without session else if (req.session && req.session.jwt) { dbapi.loadUser(req.session.jwt.email) .then(function(user) { @@ -54,17 +60,16 @@ function accessTokenAuth(req, res, next) { } else { res.json(500, { - success: false, - description: "Bad Request" + success: false }) } }) .catch(next) } else { - res.json(500, { + res.json(401, { success: false, - description: "Request does not have Authorization header" + description: 'Requires authentication' }) } }