changing admin API calls to return 404 if unauthenticated, and redirect user to login for regular URL. closes #1885

2025-11-05 05:25:49 +01:00 · 2014-08-31 22:43:00 -04:00
parent 7572c9a803
commit 08c9cbdf70
4 changed files with 8 additions and 3 deletions
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -163,7 +163,7 @@ module.exports = function(app, middleware) {

 	app.all(relativePath + '/api/?*', middleware.updateLastOnlineTime, middleware.prepareAPI);
 	app.all(relativePath + '/api/admin/*', middleware.admin.isAdmin, middleware.prepareAPI);
-	app.all(relativePath + '/admin/?*', middleware.admin.isAdmin);
+	app.all(relativePath + '/admin/?*', middleware.ensureLoggedIn, middleware.admin.isAdmin);

 	adminRoutes(router, middleware, controllers);
 	metaRoutes(router, middleware, controllers);