@sebastián-cisneros you'll want to use the "setupPageRoute" helper instead of defining the routes in two lines like you've done.
Check out how quickstart does it.
As for the second question, you might be able to check res.locals.isAPI
@julian Thanks for your help.
what quickstart ?
also, the res.locals.isAPI its boolean, only tells me if the request is through API, but I still don't know how to check if the request token is valid. I only want to show this page, and the API endpont json output if the token is valid (just like almost all pages on nodebb do)
again thanks for the quick reply on this matter.
@sebastián-cisneros GitHub.com/NodeBB/nodebb-plugin-quickstart
I'm not certain offhand if there is a way to ensure that the call is only made via API bearer token...
Right now the middleware.ensureLoggedIn (may be named something else... requireLoggedIn?) just checks that a valid user session is present.
@sebastián-cisneros any particular reason you don't want to allow those with a regular browser cookie to visit this page?
@julian maybe I wasn't clear. I'm cool with the logged in user to see this new custom page, as long as is logged in. The thing is that, I also need the API endpoint to be avialable for users logged in, or anyone that is not on a browser and querying this through API.
Similar as how the nodebb read / write API does, you have the endpoints, you can see the jsons in the browser if you are logged in, or you can query this endpoints with POSTMAN for example, but you need to provide a token to authenticate the API call.
My custom page API endpoint is public, and I need it not to be public. And I need to find a way that only loggedin users in the browser, or external call to the API authenticate throught tokens can see the json output.
@sebastián-cisneros Ah, then you'll just want to invoke middleware.ensureLoggedIn on that route.
@Sebastián-Cisneros were you able to solve it?
@Yve-Salazar Are you still looking to distinguish between API calls via curl?
