2020-04-30 22:26:12 +03:00
|
|
|
const errors = require('@tryghost/errors');
|
2021-05-03 19:29:44 +03:00
|
|
|
const i18n = require('../../../shared/i18n');
|
2016-09-30 14:45:59 +03:00
|
|
|
|
2018-10-05 13:45:17 +03:00
|
|
|
const authorize = {
|
2018-11-07 13:29:40 +03:00
|
|
|
authorizeContentApi(req, res, next) {
|
|
|
|
const hasApiKey = req.api_key && req.api_key.id;
|
2018-11-07 13:41:49 +03:00
|
|
|
const hasMember = req.member;
|
2018-11-07 13:29:40 +03:00
|
|
|
if (hasApiKey) {
|
|
|
|
return next();
|
|
|
|
}
|
2021-01-28 21:07:45 +03:00
|
|
|
if (hasMember) {
|
2018-11-07 13:41:49 +03:00
|
|
|
return next();
|
|
|
|
}
|
2020-04-30 22:26:12 +03:00
|
|
|
return next(new errors.NoPermissionError({
|
|
|
|
message: i18n.t('errors.middleware.auth.authorizationFailed'),
|
|
|
|
context: i18n.t('errors.middleware.auth.missingContentMemberOrIntegration')
|
2019-01-18 19:33:36 +03:00
|
|
|
}));
|
2018-11-07 13:29:40 +03:00
|
|
|
},
|
|
|
|
|
2019-01-18 19:41:52 +03:00
|
|
|
authorizeAdminApi(req, res, next) {
|
2018-10-15 12:23:34 +03:00
|
|
|
const hasUser = req.user && req.user.id;
|
|
|
|
const hasApiKey = req.api_key && req.api_key.id;
|
2019-01-18 19:33:36 +03:00
|
|
|
|
2018-10-15 12:23:34 +03:00
|
|
|
if (hasUser || hasApiKey) {
|
|
|
|
return next();
|
|
|
|
} else {
|
2020-04-30 22:26:12 +03:00
|
|
|
return next(new errors.NoPermissionError({
|
|
|
|
message: i18n.t('errors.middleware.auth.authorizationFailed'),
|
|
|
|
context: i18n.t('errors.middleware.auth.missingAdminUserOrIntegration')
|
2019-01-18 19:33:36 +03:00
|
|
|
}));
|
2018-10-15 12:23:34 +03:00
|
|
|
}
|
|
|
|
}
|
2016-09-30 14:45:59 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
module.exports = authorize;
|