use API secret, not key

handlers/api.go

@@ -131,6 +131,7 @@ func sendUnauthorizedJson(w http.ResponseWriter, r *http.Request) {
 		Status: "error",
 		Error:  errors.New("not authorized").Error(),
 	}
+	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusUnauthorized)
 	returnJson(output, w, r)
 }

handlers/handlers.go

@@ -110,14 +110,14 @@ func IsReadAuthenticated(r *http.Request) bool {
 	var token string
 	query := r.URL.Query()
 	key := query.Get("api")
-	if subtle.ConstantTimeCompare([]byte(key), []byte(core.CoreApp.ApiKey)) == 1 {
+	if subtle.ConstantTimeCompare([]byte(key), []byte(core.CoreApp.ApiSecret)) == 1 {
 		return true
 	}
 	tokens, ok := r.Header["Authorization"]
 	if ok && len(tokens) >= 1 {
 		token = tokens[0]
 		token = strings.TrimPrefix(token, "Bearer ")
-		if subtle.ConstantTimeCompare([]byte(token), []byte(core.CoreApp.ApiKey)) == 1 {
+		if subtle.ConstantTimeCompare([]byte(token), []byte(core.CoreApp.ApiSecret)) == 1 {
 			return true
 		}
 	}
@@ -144,7 +144,7 @@ func IsFullAuthenticated(r *http.Request) bool {
 	if ok && len(tokens) >= 1 {
 		token = tokens[0]
 		token = strings.TrimPrefix(token, "Bearer ")
-		if subtle.ConstantTimeCompare([]byte(token), []byte(core.CoreApp.ApiKey)) == 1 {
+		if subtle.ConstantTimeCompare([]byte(token), []byte(core.CoreApp.ApiSecret)) == 1 {
 			return true
 		}
 	}

handlers/routes.go

@@ -103,14 +103,6 @@ func Router() *mux.Router {
 
 	r.Handle("/group/{id}", sendLog(groupViewHandler)).Methods("GET")
 
-	// API GROUPS Routes
-	r.Handle("/api/groups", readOnly(apiAllGroupHandler, false)).Methods("GET")
-	r.Handle("/api/groups", authenticated(apiCreateGroupHandler, false)).Methods("POST")
-	r.Handle("/api/groups/{id}", readOnly(apiGroupHandler, false)).Methods("GET")
-	r.Handle("/api/groups/{id}", authenticated(apiGroupUpdateHandler, false)).Methods("POST")
-	r.Handle("/api/groups/{id}", authenticated(apiGroupDeleteHandler, false)).Methods("DELETE")
-	r.Handle("/api/reorder/groups", authenticated(apiGroupReorderHandler, false)).Methods("POST")
-
 	// API Routes
 	r.Handle("/api", authenticated(apiIndexHandler, false))
 	r.Handle("/api/renew", authenticated(apiRenewHandler, false))
@@ -120,6 +112,14 @@ func Router() *mux.Router {
 	r.Handle("/api/integrations/{name}", authenticated(apiIntegrationHandler, false)).Methods("GET")
 	r.Handle("/api/integrations/{name}", authenticated(apiIntegrationHandler, false)).Methods("POST")
 
+	// API GROUPS Routes
+	r.Handle("/api/groups", readOnly(apiAllGroupHandler, false)).Methods("GET")
+	r.Handle("/api/groups", authenticated(apiCreateGroupHandler, false)).Methods("POST")
+	r.Handle("/api/groups/{id}", readOnly(apiGroupHandler, false)).Methods("GET")
+	r.Handle("/api/groups/{id}", authenticated(apiGroupUpdateHandler, false)).Methods("POST")
+	r.Handle("/api/groups/{id}", authenticated(apiGroupDeleteHandler, false)).Methods("DELETE")
+	r.Handle("/api/reorder/groups", authenticated(apiGroupReorderHandler, false)).Methods("POST")
+
 	// API SERVICE Routes
 	r.Handle("/api/services", readOnly(apiAllServicesHandler, false)).Methods("GET")
 	r.Handle("/api/services", authenticated(apiCreateServiceHandler, false)).Methods("POST")

source/tmpl/settings.gohtml

@@ -22,7 +22,7 @@
                     <a class="nav-link text-capitalize" id="v-pills-{{underscore .Name}}-tab" data-toggle="pill" href="#v-pills-{{underscore .Name}}" role="tab" aria-controls="v-pills-profile" aria-selected="false">{{.Name}}</a>
                 {{end}}
 
-                    <h6 class="mt-4 text-muted">Integrations</h6>
+                    <h6 class="mt-4 text-muted">Integrations (beta)</h6>
                     {{ range .Integrations }}
                         {{$i := .Get}}
                         <a class="nav-link text-capitalize" id="v-pills-integration-{{underscore $i.ShortName}}-tab" data-toggle="pill" href="#v-pills-integration-{{underscore $i.ShortName}}" role="tab" aria-controls="v-pills-integration-{{underscore $i.ShortName}}" aria-selected="false">{{safe $i.Icon}} {{$i.Name}}</a>

version.txt

@@ -1 +1 @@
-0.80.68
+0.80.69