From d135587c3b786d0a83b34256402ed168d34b857c Mon Sep 17 00:00:00 2001
From: lxsang <xsang.le@gmail.com>
Date: Tue, 9 Feb 2021 01:30:08 +0100
Subject: [PATCH] improve OS API

---
 os/controllers/SystemController.lua |  4 +++-
 os/libs/common.lua                  | 13 +++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/os/controllers/SystemController.lua b/os/controllers/SystemController.lua
index 7822b80..6be343e 100644
--- a/os/controllers/SystemController.lua
+++ b/os/controllers/SystemController.lua
@@ -183,7 +183,9 @@ function SystemController:apigateway(...)
                     print("Web socket is not available.")
                 end
             else
-                if REQUEST.json then
+                if REQUEST.path then
+                    exec_with_user_priv(REQUEST)
+                elseif REQUEST.json then
                     data = JSON.decodeString(REQUEST.json)
                     --std.json()
                     exec_with_user_priv(data)
diff --git a/os/libs/common.lua b/os/libs/common.lua
index 665c672..9d5bf90 100644
--- a/os/libs/common.lua
+++ b/os/libs/common.lua
@@ -26,11 +26,20 @@ function sysdb()
 end
 
 function is_auth()
-	if SESSION.sessionid == nil or SESSION.sessionid == '0' then return false end
+	local sessionid = nil
+	if SESSION.sessionid and SESSION.sessionid ~= '0' then
+		sessionid = SESSION.sessionid
+	-- should be used only by API call
+	elseif REQUEST.sessionid and REQUEST.sessionid ~= '0' then
+		sessionid = REQUEST.sessionid
+	end
+	if sessionid == nil then
+		return false
+	end
 	-- query session id from database
 	local db = sysdb()
 	if db == nil then return false end
-	local cond = {exp= {["="] = { sessionid = SESSION.sessionid }}}
+	local cond = {exp= {["="] = { sessionid = sessionid }}}
 	local data = db:find(cond)
 	--print(JSON.encode(data))
 	db:close()