From 1aca05ecc6b807901ae2598af78853a639b8af46 Mon Sep 17 00:00:00 2001
From: hunterlong <info@socialeck.com>
Date: Sun, 12 Jan 2020 18:12:50 -0800
Subject: [PATCH] use API secret, not key

---
 handlers/api.go             |  1 +
 handlers/handlers.go        |  6 +++---
 handlers/routes.go          | 16 ++++++++--------
 source/tmpl/settings.gohtml |  2 +-
 version.txt                 |  2 +-
 5 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/handlers/api.go b/handlers/api.go
index 9be32af0..a2d6e5fb 100644
--- a/handlers/api.go
+++ b/handlers/api.go
@@ -131,6 +131,7 @@ func sendUnauthorizedJson(w http.ResponseWriter, r *http.Request) {
 		Status: "error",
 		Error:  errors.New("not authorized").Error(),
 	}
+	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusUnauthorized)
 	returnJson(output, w, r)
 }
diff --git a/handlers/handlers.go b/handlers/handlers.go
index 848c2cb3..4887889f 100644
--- a/handlers/handlers.go
+++ b/handlers/handlers.go
@@ -110,14 +110,14 @@ func IsReadAuthenticated(r *http.Request) bool {
 	var token string
 	query := r.URL.Query()
 	key := query.Get("api")
-	if subtle.ConstantTimeCompare([]byte(key), []byte(core.CoreApp.ApiKey)) == 1 {
+	if subtle.ConstantTimeCompare([]byte(key), []byte(core.CoreApp.ApiSecret)) == 1 {
 		return true
 	}
 	tokens, ok := r.Header["Authorization"]
 	if ok && len(tokens) >= 1 {
 		token = tokens[0]
 		token = strings.TrimPrefix(token, "Bearer ")
-		if subtle.ConstantTimeCompare([]byte(token), []byte(core.CoreApp.ApiKey)) == 1 {
+		if subtle.ConstantTimeCompare([]byte(token), []byte(core.CoreApp.ApiSecret)) == 1 {
 			return true
 		}
 	}
@@ -144,7 +144,7 @@ func IsFullAuthenticated(r *http.Request) bool {
 	if ok && len(tokens) >= 1 {
 		token = tokens[0]
 		token = strings.TrimPrefix(token, "Bearer ")
-		if subtle.ConstantTimeCompare([]byte(token), []byte(core.CoreApp.ApiKey)) == 1 {
+		if subtle.ConstantTimeCompare([]byte(token), []byte(core.CoreApp.ApiSecret)) == 1 {
 			return true
 		}
 	}
diff --git a/handlers/routes.go b/handlers/routes.go
index c49ce59b..7770b0d6 100644
--- a/handlers/routes.go
+++ b/handlers/routes.go
@@ -103,14 +103,6 @@ func Router() *mux.Router {
 
 	r.Handle("/group/{id}", sendLog(groupViewHandler)).Methods("GET")
 
-	// API GROUPS Routes
-	r.Handle("/api/groups", readOnly(apiAllGroupHandler, false)).Methods("GET")
-	r.Handle("/api/groups", authenticated(apiCreateGroupHandler, false)).Methods("POST")
-	r.Handle("/api/groups/{id}", readOnly(apiGroupHandler, false)).Methods("GET")
-	r.Handle("/api/groups/{id}", authenticated(apiGroupUpdateHandler, false)).Methods("POST")
-	r.Handle("/api/groups/{id}", authenticated(apiGroupDeleteHandler, false)).Methods("DELETE")
-	r.Handle("/api/reorder/groups", authenticated(apiGroupReorderHandler, false)).Methods("POST")
-
 	// API Routes
 	r.Handle("/api", authenticated(apiIndexHandler, false))
 	r.Handle("/api/renew", authenticated(apiRenewHandler, false))
@@ -120,6 +112,14 @@ func Router() *mux.Router {
 	r.Handle("/api/integrations/{name}", authenticated(apiIntegrationHandler, false)).Methods("GET")
 	r.Handle("/api/integrations/{name}", authenticated(apiIntegrationHandler, false)).Methods("POST")
 
+	// API GROUPS Routes
+	r.Handle("/api/groups", readOnly(apiAllGroupHandler, false)).Methods("GET")
+	r.Handle("/api/groups", authenticated(apiCreateGroupHandler, false)).Methods("POST")
+	r.Handle("/api/groups/{id}", readOnly(apiGroupHandler, false)).Methods("GET")
+	r.Handle("/api/groups/{id}", authenticated(apiGroupUpdateHandler, false)).Methods("POST")
+	r.Handle("/api/groups/{id}", authenticated(apiGroupDeleteHandler, false)).Methods("DELETE")
+	r.Handle("/api/reorder/groups", authenticated(apiGroupReorderHandler, false)).Methods("POST")
+
 	// API SERVICE Routes
 	r.Handle("/api/services", readOnly(apiAllServicesHandler, false)).Methods("GET")
 	r.Handle("/api/services", authenticated(apiCreateServiceHandler, false)).Methods("POST")
diff --git a/source/tmpl/settings.gohtml b/source/tmpl/settings.gohtml
index 3d71df0c..0aaa2b6f 100644
--- a/source/tmpl/settings.gohtml
+++ b/source/tmpl/settings.gohtml
@@ -22,7 +22,7 @@
                     <a class="nav-link text-capitalize" id="v-pills-{{underscore .Name}}-tab" data-toggle="pill" href="#v-pills-{{underscore .Name}}" role="tab" aria-controls="v-pills-profile" aria-selected="false">{{.Name}}</a>
                 {{end}}
 
-                    <h6 class="mt-4 text-muted">Integrations</h6>
+                    <h6 class="mt-4 text-muted">Integrations (beta)</h6>
                     {{ range .Integrations }}
                         {{$i := .Get}}
                         <a class="nav-link text-capitalize" id="v-pills-integration-{{underscore $i.ShortName}}-tab" data-toggle="pill" href="#v-pills-integration-{{underscore $i.ShortName}}" role="tab" aria-controls="v-pills-integration-{{underscore $i.ShortName}}" aria-selected="false">{{safe $i.Icon}} {{$i.Name}}</a>
diff --git a/version.txt b/version.txt
index 8210f30f..996d8ee8 100644
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-0.80.68
+0.80.69