diff --git a/api.js b/api.js index 17636b0f..ea981dbb 100644 --- a/api.js +++ b/api.js @@ -250,10 +250,11 @@ server.use(async (req, res) => { let fail = () => { res.status(403); res.charSet('utf-8'); - return res.json({ + res.json({ error: 'Invalid accessToken value', code: 'InvalidToken' }); + return; }; req.validate = permission => { diff --git a/config/api.toml b/config/api.toml index 740ff3ef..ff425393 100644 --- a/config/api.toml +++ b/config/api.toml @@ -1,10 +1,10 @@ -enabled=true -port=8080 +enabled = true +port = 8080 # by default bind to localhost only -host="127.0.0.1" +host = "127.0.0.1" # Use `true` (HTTPS) for port 443 and `false` (HTTP) for 80 -secure=false +secure = false # If set requires all API calls to have accessToken query argument with that value # http://localhost:8080/users?accessToken=somesecretvalue @@ -13,11 +13,11 @@ secure=false [accessControl] # If true then require a valid access token to perform API calls # If a client provides a token then it is validated even if using a token is not required -enabled=false +enabled = false # Secret for HMAC # Changing this value invalidates all tokens -secret="a secret cat" +secret = "a secret cat" # Generated access token TTL in seconds. Token TTL gets extended by this value every time the token is used. Defaults to 14 days #tokenTTL=1209600 @@ -39,19 +39,19 @@ secret="a secret cat" # A reverse-DNS style identifier (com.example.myprofile, for example) that identifies the profile. # This string is used to determine whether a new profile should replace an existing one or should be added. Username is prepended to this value. -identifier="com.email.wildduck" +identifier = "com.email.wildduck" # A human-readable name for the profile. This value is displayed on the Detail screen. It does not have to be unique. -displayName="WildDuck Mail" +displayName = "WildDuck Mail" # A human-readable string containing the name of the organization that provided the profile. -organization="WildDuck Mail Services" +organization = "WildDuck Mail Services" # A description of the profile, shown on the Detail screen for the profile. This should be descriptive enough to help the user decide whether to install the profile. -displayDescription="Install this profile to setup {email}" +displayDescription = "Install this profile to setup {email}" # A user-visible description of the email account, shown in the Mail and Settings applications. -accountDescription="WildDuck ({email})" +accountDescription = "WildDuck ({email})" [mobileconfig.tls] # If certificate path is not defined, use global or built-in self-signed certs @@ -59,4 +59,4 @@ accountDescription="WildDuck ({email})" #cert="/path/to/server/cert.pem" [cors] -origins = ["*"] \ No newline at end of file +origins = ["*"]