function apiAbort(obj) { writeOutput(serializeJSON(obj)); abort; } // Some apps store auth in session and copy to request in page code. // Make /api resilient by copying from session if needed. if (!structKeyExists(request, "UserID") && structKeyExists(session, "UserID")) { request.UserID = Duplicate(session.UserID); } if (!structKeyExists(request, "BusinessID") && structKeyExists(session, "BusinessID")) { request.BusinessID = Duplicate(session.BusinessID); } // Enforce auth for all /api endpoints if (!structKeyExists(request, "UserID") || !isNumeric(request.UserID) || request.UserID LTE 0) { apiAbort({ OK=false, ERROR="not_logged_in" }); } if (!structKeyExists(request, "BusinessID") || !isNumeric(request.BusinessID) || request.BusinessID LTE 0) { apiAbort({ OK=false, ERROR="no_business_selected" }); }