hapi 0.10.x

Readme.md

@@ -18,7 +18,7 @@ $ cd api
 $ cp vault.js.example vault.js
 ```
 
-Edit postmile/api/vault.js and set the values of the 'aes256Key' variables to different random secrets sufficiently long (e.g. 40 characters).
+Edit postmile/api/vault.js and set the values of the 'aes256Key' and 'passowrd' variables to different random secrets sufficiently long (e.g. 40 characters).
 
 If your MongoDB requires authentication, set the values of the database 'username' and 'password' (otherwise leave empty).
 
@@ -28,10 +28,12 @@ $ node install
 
 110827/005720.948, info, Database initialized
 110827/005720.952, info, Initial dataset created successfully
-110827/005720.952, info, >>>>> postmile.web client secret: __some__secret__
+110827/005720.952, info, >>>>> WEB client id: <id>
+110827/005720.952, info, >>>>> WEB client secret: <secret>
+110827/005720.952, info, >>>>> VIEW client id: <id>
 ```
 
-Copy the postmile.web client secret and save it for later.
+Copy the WEB client id and secret, and VIEW client id, and save them for later.
 
 ```bash
 $ cd ../web
@@ -41,7 +43,8 @@ $ cp vault.js.example vault.js
 
 Edit postmile/web/vault.js and set the values of the 'aes256Key' variables to different random secrets sufficiently long (e.g. 40 characters).
 
-Set the value of the postmileAPI 'clientSecret' variable to the client secret saved earlier.
+Set the values of the postmileAPI 'clientId' and 'clientSecret' variables to the WEB client id and secret saved earlier.
+Set the value of the 'viewClientId' variable to the VIEW client id saved earlier.
 
 Enter at least one third-party API credentials (Twitter, Facebook, or Yahoo!) as received from each provider when you registered the application.
 If asked, the callback URI is your web server configuration entered above with the path '/auth/twitter', '/auth/facebook', or '/auth/yahoo'.
@@ -53,7 +56,7 @@ $ cd ..
 ```
 
 Make sure to protect your vault.js files. If an attacker gets hold of them, you're screwed.
-If you are going to run this in a production environment, you should use TLS (HTTPS) for the web server (otherwise it's cookies and OAuth 2.0 bits are
+If you are going to run this in a production environment, you should use TLS (HTTPS) for the web server (otherwise it's cookies and Oz bits are
 pretty open for attacks). To configure TLS, set the 'process.web.tls' variable in the postmile/config.js file to point to your TLS key and certificate.
 
 # Startup

api/details.js

@@ -19,7 +19,7 @@ exports.get = {
 
     query: {
 
-        since: Hapi.Types.Number().min(0)
+        since: Hapi.types.Number().min(0)
     },
 
     handler: function (request) {
@@ -83,18 +83,15 @@ exports.get = {
 // Add task detail
 
 exports.post = {
-
-    query: {
-
-        last: Hapi.Types.Boolean()
-    },
-
-    schema: {
-
-        type: Hapi.Types.String().required().valid('text'),
-        content: Hapi.Types.String().required()
+    validate: {
+        query: {
+            last: Hapi.types.Boolean()
+        },
+        schema: {
+            type: Hapi.types.String().required().valid('text'),
+            content: Hapi.types.String().required()
+        }
     },
-
     handler: function (request) {
 
         var now = Date.now();