admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-05-17 20:46:30 +00:00
parent 5c4aa0b5d5
commit 2292342d8e
2 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
devdocs/todo.txt
View File

@@ -1,8 +1,6 @@
PRIORITY - ALWAYS Lowest level stuff first
=-=-=-=-
todo: auth controller authenticate wont allow if old jwt sent with request, should ignore on auth
todo: API root controller
build mode and server info should be authorized shoudln't they? Unauthorized people have no need to see that stuff
todo: api / server landing page is shitty on a mobile

2
server/AyaNova/Startup.cs
View File

@@ -398,7 +398,7 @@ namespace AyaNova
context.Request.HttpContext.Items["AY_TRANSLATION_ID"] = u.translationId;
//CHECK JWT
if (!context.Request.Path.Value.EndsWith("/Auth") && u.currentAuthToken != JWT)//except "/api/v8/Auth" so user can login May need other routes later?
if (!context.Request.Path.Value.EndsWith("/auth") && u.currentAuthToken != JWT)//except "/api/v8/auth" so user can login
{
context.Response.StatusCode = 401;
context.Response.Headers.Add("X-AyaNova-Authorization-Error", "E2006 - Authorization token replaced by more recent login");