api Controller & token

src/middleware/authenticate.ts

@@ -29,6 +29,10 @@ export default async function authenticate(req: Request, res: Response, next: Fu
     throw new InternalException("process failed");
   }
 
+  if (decoded?.sub == "api_token_retrieve") {
+    throw new BadRequestException("This token is only authorized to get temporary access tokens via GET /api/webapi");
+  }
+
   req.userId = decoded.userId;
   req.username = decoded.username;
   req.isOwner = decoded.isOwner;