From 3b1c03ed5098f5828d524eb0381e12717aa790f3 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Fri, 20 Nov 2020 15:26:16 -0500 Subject: [PATCH] feat: allow ACP API access to bearer tokens closes nodebb/nodebb-plugin-write-api#132 --- src/routes/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/routes/index.js b/src/routes/index.js index faff537df5..514bcee696 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -99,7 +99,7 @@ module.exports = async function (app, middleware) { var ensureLoggedIn = require('connect-ensure-login'); router.all('(/+api|/+api/*?)', middleware.prepareAPI); - router.all('(/+api/admin|/+api/admin/*?)', middleware.admin.checkPrivileges); + router.all('(/+api/admin|/+api/admin/*?)', middleware.authenticate, middleware.admin.checkPrivileges); router.all('(/+admin|/+admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.admin.checkPrivileges); app.use(middleware.stripLeadingSlashes);