port middlewares to authenticate users with headers and sessions

2025-12-19 15:48:04 +01:00 · 2015-11-07 15:37:38 +01:00
parent 0cf964728e
commit ac7d3e642f
3 changed files with 67 additions and 1 deletions
--- a/website/src/controllers/api-v2/auth.js
+++ b/website/src/controllers/api-v2/auth.js
@@ -53,6 +53,7 @@ api.authWithSession = function(req, res, next) { //[todo] there is probably a mo
  });
 };

+// TODO passing auth params as query params is not safe as they are logged by browser history, ...
 api.authWithUrl = function(req, res, next) {
  User.findOne({_id:req.query._id, apiToken:req.query.apiToken}, function(err,user){
    if (err) return next(err);