Revert "Deprecate API v2" (#7801)

2025-12-17 14:47:53 +01:00 · 2016-07-17 18:15:25 +02:00
parent 45c31a2bcf
commit 590adb3438
193 changed files with 11487 additions and 230 deletions
--- a/website/server/middlewares/auth.js
+++ b/website/server/middlewares/auth.js
@@ -1,87 +0,0 @@
-import {
-  NotAuthorized,
-} from '../libs/errors';
-import {
-  model as User,
-} from '../models/user';
-
-// Strins won't be translated here because getUserLanguage has not run yet
-
-// Authenticate a request through the x-api-user and x-api key header
-// If optional is true, don't error on missing authentication
-export function authWithHeaders (optional = false) {
-  return function authWithHeadersHandler (req, res, next) {
-    let userId = req.header('x-api-user');
-    let apiToken = req.header('x-api-key');
-
-    if (!userId || !apiToken) {
-      if (optional) return next();
-      return next(new NotAuthorized(res.t('missingAuthHeaders')));
-    }
-
-    return User.findOne({
-      _id: userId,
-      apiToken,
-    })
-    .exec()
-    .then((user) => {
-      if (!user) throw new NotAuthorized(res.t('invalidCredentials'));
-      if (user.auth.blocked) throw new NotAuthorized(res.t('accountSuspended', {userId: user._id}));
-
-      res.locals.user = user;
-
-      req.session.userId = user._id;
-      return next();
-    })
-    .catch(next);
-  };
-}
-
-// Authenticate a request through a valid session
-export function authWithSession (req, res, next) {
-  let userId = req.session.userId;
-
-  // Always allow authentication with headers
-  if (!userId) {
-    if (!req.header('x-api-user') || !req.header('x-api-key')) {
-      return next(new NotAuthorized(res.t('invalidCredentials')));
-    } else {
-      return authWithHeaders()(req, res, next);
-    }
-  }
-
-  return User.findOne({
-    _id: userId,
-  })
-  .exec()
-  .then((user) => {
-    if (!user) throw new NotAuthorized(res.t('invalidCredentials'));
-
-    res.locals.user = user;
-    return next();
-  })
-  .catch(next);
-}
-
-export function authWithUrl (req, res, next) {
-  let userId = req.query._id;
-  let apiToken = req.query.apiToken;
-
-  // Always allow authentication with headers
-  if (!userId || !apiToken) {
-    if (!req.header('x-api-user') || !req.header('x-api-key')) {
-      return next(new NotAuthorized(res.t('missingAuthParams')));
-    } else {
-      return authWithHeaders()(req, res, next);
-    }
-  }
-
-  return User.findOne({ _id: userId, apiToken }).exec()
-  .then((user) => {
-    if (!user) throw new NotAuthorized(res.t('invalidCredentials'));
-
-    res.locals.user = user;
-    return next();
-  })
-  .catch(next);
-}