TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-01 22:02:11 +03:00
Code Issues Projects Releases Wiki Activity
167da5addd
Ghost/core/server/web/well-known.js

24 lines
676 B
JavaScript
Raw Normal View History

Added Router etc to shared/express + use everywhere - Added a wrapper around express.Router to our shared/express util - Also export static and _express - Use this shared util everywhre, meaning express is only used directly in this one file - ATM this file is mostly an experiment / debug helper, it might be removed again later - The aim is to have a minimal framework wrapping express that allows us to: - reduce our usage of express() in favour of Router() - unify some of our duplicated logic - fix some structural issues e.g. Sentry - make it easier to understand the codebase
2020-05-01 21:29:42 +03:00
const express = require('../../shared/express');
Moved settings/cache to shared/settings-cache - This is part of the quest to separate the frontend and server & get rid of all the places where there are cross-requires - At the moment the settings cache is one big shared cache used by the frontend and server liberally - This change doesn't really solve the fundamental problems, as we still depend on events, and requires from inside frontend - However it allows us to control the misuse slightly better by getting rid of restricted requires and turning on that eslint ruleset
2021-06-30 16:56:57 +03:00
const settings = require('../../shared/settings-cache');
Implemented externally verifiable identity tokens no-issue This adds two new endpoints, one at /ghost/.well-known/jwks.json for exposing a public key, and one on the canary api /identities, which allows the Owner user to fetch a JWT. This token can then be used by external services to verify the domain * Added ghost_{public,private}_key settings This key can be used for generating tokens for communicating with external services on behalf of Ghost * Added .well-known directory to /ghost/.well-known We add a jwks.json file to the .well-known directory which exposes a public JWK which can be used to verify the signatures of JWT's created by Ghost This is added to the /ghost/ path so that it can live on the admin domain, rather than the frontend. This is because most of its uses/functions will be in relation to the admin domain. * Improved settings model tests This removes hardcoded positions in favour of testing that a particular event wasn't emitted which is less brittle and more precise about what's being tested * Fixed parent app unit tests for well-known This updates the parent app unit tests to check that the well-known route is mounted. We all change proxyquire to use `noCallThru` which ensures that the ubderlying modules are not required. This stops the initialisation logic in ./well-known erroring in tests https://github.com/thlorenz/proxyquire/issues/215 * Moved jwt signature to a separate 'token' propery This structure corresponds to other resources and allows to exptend with additional properties in future if needed
2020-01-20 14:45:58 +03:00
const jose = require('node-jose');
const dangerousPrivateKey = settings.get('ghost_private_key');
const keyStore = jose.JWK.createKeyStore();
const keyStoreReady = keyStore.add(dangerousPrivateKey, 'pem');
const getSafePublicJWKS = async () => {
await keyStoreReady;
return keyStore.toJSON();
};
module.exports = function setupWellKnownApp() {
Added Router etc to shared/express + use everywhere - Added a wrapper around express.Router to our shared/express util - Also export static and _express - Use this shared util everywhre, meaning express is only used directly in this one file - ATM this file is mostly an experiment / debug helper, it might be removed again later - The aim is to have a minimal framework wrapping express that allows us to: - reduce our usage of express() in favour of Router() - unify some of our duplicated logic - fix some structural issues e.g. Sentry - make it easier to understand the codebase
2020-05-01 21:29:42 +03:00
const wellKnownApp = express('well-known');
Implemented externally verifiable identity tokens no-issue This adds two new endpoints, one at /ghost/.well-known/jwks.json for exposing a public key, and one on the canary api /identities, which allows the Owner user to fetch a JWT. This token can then be used by external services to verify the domain * Added ghost_{public,private}_key settings This key can be used for generating tokens for communicating with external services on behalf of Ghost * Added .well-known directory to /ghost/.well-known We add a jwks.json file to the .well-known directory which exposes a public JWK which can be used to verify the signatures of JWT's created by Ghost This is added to the /ghost/ path so that it can live on the admin domain, rather than the frontend. This is because most of its uses/functions will be in relation to the admin domain. * Improved settings model tests This removes hardcoded positions in favour of testing that a particular event wasn't emitted which is less brittle and more precise about what's being tested * Fixed parent app unit tests for well-known This updates the parent app unit tests to check that the well-known route is mounted. We all change proxyquire to use `noCallThru` which ensures that the ubderlying modules are not required. This stops the initialisation logic in ./well-known erroring in tests https://github.com/thlorenz/proxyquire/issues/215 * Moved jwt signature to a separate 'token' propery This structure corresponds to other resources and allows to exptend with additional properties in future if needed
2020-01-20 14:45:58 +03:00
wellKnownApp.get('/jwks.json', async (req, res) => {
const jwks = await getSafePublicJWKS();
res.json(jwks);
});
return wellKnownApp;
};
Reference in New Issue Copy Permalink