API error reporting (#1276)

* fix env variable

* update routes

* Improve error handling for API_SECRET when testing API endpoint credentials

app/Http/Controllers/AccountApiController.php

@@ -27,11 +27,14 @@ class AccountApiController extends BaseAPIController
         $this->accountRepo = $accountRepo;
     }
 
-    public function ping()
+    public function ping(Request $request)
     {
         $headers = Utils::getApiHeaders();
 
+        if(hash_equals(env(API_SECRET),$request->api_secret))
             return Response::make(RESULT_SUCCESS, 200, $headers);
+        else
+            return $this->errorResponse(['message'=>'API Secret does not match .env variable'], 400);
     }
 
     public function register(RegisterRequest $request)

app/Http/Middleware/ApiCheck.php

@@ -38,7 +38,7 @@ class ApiCheck {
             // check API secret
             if ( ! $hasApiSecret) {
                 sleep(ERROR_DELAY);
-                return Response::json('Invalid value for API_SECRET', 403, $headers);
+                return Response::json(['message'=>'Invalid value for API_SECRET'], 403, $headers);
             }
         } else {
             // check for a valid token
@@ -50,7 +50,7 @@ class ApiCheck {
                 Session::set('token_id', $token->id);
             } else {
                 sleep(ERROR_DELAY);
-                return Response::json('Invalid token', 403, $headers);
+                return Response::json(['message'=>'Invalid token'], 403, $headers);
             }
         }
 
@@ -59,7 +59,7 @@ class ApiCheck {
         }
 
         if (!Utils::hasFeature(FEATURE_API) && !$hasApiSecret) {
-            return Response::json('API requires pro plan', 403, $headers);
+            return Response::json(['message'=>'API requires pro plan'], 403, $headers);
         } else {
             $key = Auth::check() ? Auth::user()->account->id : $request->getClientIp();