From b660eec67f38c4b5e58d577cbe8ef73b70fa4ed2 Mon Sep 17 00:00:00 2001
From: psychobunny <rodrigues.andrew@gmail.com>
Date: Mon, 14 Sep 2015 15:29:26 -0400
Subject: [PATCH] closes #3608

inb4 all admin routes are publically visible
---
 src/routes/index.js | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/routes/index.js b/src/routes/index.js
index bd5be4f429..dfda79e76d 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -100,7 +100,8 @@ module.exports = function(app, middleware) {
 	var router = express.Router(),
 		pluginRouter = express.Router(),
 		authRouter = express.Router(),
-		relativePath = nconf.get('relative_path');
+		relativePath = nconf.get('relative_path'),
+		ensureLoggedIn = require('connect-ensure-login');
 
 	pluginRouter.render = function() {
 		app.render.apply(app, arguments);
@@ -112,11 +113,9 @@ module.exports = function(app, middleware) {
 
 	app.use(middleware.maintenanceMode);
 
-	app.all(relativePath + '/api/?*', middleware.prepareAPI);
-	app.all(relativePath + '/api/admin/?*', middleware.isAdmin);
-
-	var ensureLoggedIn = require('connect-ensure-login');
-	app.all(relativePath + '/admin/?*', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin);
+	app.all(relativePath + '(/api|/api/*?)', middleware.prepareAPI);
+	app.all(relativePath + '(/api/admin|/api/admin/*?)', middleware.isAdmin);
+	app.all(relativePath + '(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin);
 
 	adminRoutes(router, middleware, controllers);
 	metaRoutes(router, middleware, controllers);