prod setup

app/controllers/api/auth.php

@@ -24,6 +24,7 @@ class Auth extends ApiController {
         self::$tokens = new Token;
     }
 
+/**
     public function refresh() {
         $token = self::$tokens->refresh( self::$authToken->ID );
         if ( empty( $token ) ) {
@@ -35,4 +36,5 @@ class Auth extends ApiController {
         }
         Views::view( 'api.response', ['response' => json_encode( [ $responseType => $response ], true )]);
     }
+ */
 }

app/controllers/api/login.php

@@ -31,6 +31,7 @@ class Login extends ApiController {
         Template::addHeader( 'Content-Type: application/json; charset=utf-8' );
     }
 
+/**
     public function index() {
         if ( ! Forms::check( 'apiLogin' ) ) {
             $responseType = 'error';
@@ -47,4 +48,5 @@ class Login extends ApiController {
         $token = self::$tokens->findOrCreateUserToken( $user->ID, true );
         return Views::view( 'api.response', ['response' => json_encode( [ $responseType => $token ], true )]);
     }
+ */
 }

app/controllers/api/users.php

@@ -23,6 +23,13 @@ class Users extends ApiController {
         self::$user = new User;
     }
 
+    /**
+     * This is actually just for testing. It can provide attack information in the way of user count if not disabled.
+     *
+     * @param [type] $id
+     * @return void
+     */
+/**
     public function find( $id = null ) {
         $user = self::$user->get( $id );
         if ( ! $user ) {
@@ -34,4 +41,5 @@ class Users extends ApiController {
         }
         Views::view( 'api.response', ['response' => json_encode( [ $responseType => $response ], true )]);
     }
+ */
 }