Inject auth middleware after login routes.

Routes not requiring authentication must,
self-evidently, go before the authentication
middleware.

lib/www/server/api/index.js

@@ -40,7 +40,6 @@ app.use((req, res, next) => {
 
 app.use(cookieParser());
 app.use(mw.auth.jwt);
-app.use(mw.auth.authentify);
 // app.use(mw.auth.access({path: {allow:["^/login", "^/user$"]}}));
 
 // Adds arbitrary information to the request object
@@ -63,8 +62,22 @@ const allMeta = (key, value) => {
 	return { all: [ meta(key, value) ] };
 };
 
+// These routes do not require authentication
 app.map({
 	'*': { all: [ meta() ] }, // Create the req.meta object
+	'/login': {
+		post: [ mw.user.login ]
+	},
+	'/logout': {
+		get: [ mw.user.logout ],
+		post: [ mw.user.logout ]
+	}
+});
+
+app.use(mw.auth.authentify);
+
+// We must be authenticated before we can access these
+app.map({
 	'/project': {
 		get: [ mw.project.list ],  // Get list of projects
 	},
@@ -178,13 +191,6 @@ app.map({
 // // 		delete: [ mw.user.delete ]
 // 	},
 //
-	'/login': {
-		post: [ mw.user.login ]
-	},
-	'/logout': {
-		get: [ mw.user.logout ],
-		post: [ mw.user.logout ]
-	}
 });
 
 // Generic error handler. Stops stack dumps