From e132dc47d810ce23e0920420fc86c8430e0344f6 Mon Sep 17 00:00:00 2001
From: andrewlalis <andrewlalisofficial@gmail.com>
Date: Mon, 29 Jan 2024 16:17:49 -0500
Subject: [PATCH] Fix API paths.

---
 litelist-api/source/app.d | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/litelist-api/source/app.d b/litelist-api/source/app.d
index 312a6f1..5abd85b 100644
--- a/litelist-api/source/app.d
+++ b/litelist-api/source/app.d
@@ -83,14 +83,17 @@ private HttpServer initServer() {
 	authHandler.addMapping(Method.POST, API_PATH ~ "/lists/:listId:ulong/notes", &createNote);
 	authHandler.addMapping(Method.DELETE, API_PATH ~ "/lists/:listId:ulong/notes/:noteId:ulong", &deleteNote);
 	authHandler.addMapping(Method.DELETE, API_PATH ~ "/lists/:listId:ulong/notes", &deleteAllNotes);
-	HttpRequestFilter tokenFilter = new TokenFilter(loadTokenSecret());
-	mainHandler.addMapping(API_PATH ~ "/**", new FilteredRequestHandler(authHandler, [tokenFilter]));
 
 	// Separate handler for admin paths, protected by an AdminFilter.
 	PathHandler adminHandler = new PathHandler();
 	adminHandler.addMapping(Method.GET, API_PATH ~ "/admin/users", &getAllUsers);
+	
 	HttpRequestFilter adminFilter = new AdminFilter();
+	HttpRequestFilter tokenFilter = new TokenFilter(loadTokenSecret());
+
+	// We add the admin mapping first, since the auth mapping would otherwise overshadow it.
 	mainHandler.addMapping(API_PATH ~ "/admin/**", new FilteredRequestHandler(adminHandler, [tokenFilter, adminFilter]));
+	mainHandler.addMapping(API_PATH ~ "/**", new FilteredRequestHandler(authHandler, [tokenFilter]));
 
 	return new HttpServer(mainHandler, config);
 }