merge all web routes calling seneca into a limited number of endpoints

[rjrodger]

say /api/msg, which accepts a POST of a JSON object - the seneca message this will be compatible with seneca-browser (which we will need to use) authentication and authorization to be handled by seneca plugins exposing express middleware

[rjrodger]

Actually two: /api/public - public messages - e.g search /api/account - private - requires login

use express end points for these

accept whatever JSON is sent, call seneca.act, send back response

[rjrodger]

security: seneca-browser will help - leave it for later (we will namespace and mark the messages)

[rjrodger]

errors:

• system - something broke - use HTTP codes
  • also req against /api/account with no login - 401
• business - login failed, wrong input etc, that's still 200, SJON response encodes whatever the issue