TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-15 19:52:01 +03:00
Code Issues Projects Releases Wiki Activity
1fb958834c
Ghost/core/server/middleware/index.js

377 lines
13 KiB
JavaScript
Raw Normal View History

Putting back relative redirects issue #1523 - also added some comments to indicate the difference between the two custom middleware files.
2013-11-26 00:31:18 +04:00
// # Custom Middleware
// The following custom middleware functions cannot yet be unit tested, and as such are kept separate from
// the testable custom middleware functions in middleware.js
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
var api = require('../api'),
BSStore = require('../bookshelf-session'),
config = require('../config'),
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
errors = require('../errorHandling'),
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
express = require('express'),
Including theme partials in a way that supports symbolically linked directories closes #1937 - using fs.stat() instead of hasOwnProperty() to test for directory existence
2014-01-14 03:11:59 +04:00
fs = require('fs'),
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
hbs = require('express-hbs'),
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
middleware = require('./middleware'),
packageInfo = require('../../../package.json'),
path = require('path'),
slashes = require('connect-slashes'),
storage = require('../storage'),
url = require('url'),
when = require('when'),
_ = require('lodash'),
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
expressServer,
ONE_HOUR_S = 60 * 60,
ONE_YEAR_S = 365 * 24 * ONE_HOUR_S,
ONE_HOUR_MS = ONE_HOUR_S * 1000,
ONE_YEAR_MS = 365 * 24 * ONE_HOUR_MS;
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// ##Custom Middleware
// ### GhostLocals Middleware
// Expose the standard locals that every external page should have available,
// separating between the theme and the admin
function ghostLocals(req, res, next) {
// Make sure we have a locals value.
res.locals = res.locals || {};
res.locals.version = packageInfo.version;
New URL helper - URL consistency fixes fixes #1765 fixes #1811 issue #1833 New UrlFor functions - moved body of url helper to config.path.urlFor, which can generate a URL for various scenarios - urlFor can take a string (name) or object (relativeUrl: '/') as the first argument - this is the first step towards issue #1833 - also added config.path.urlForPost which is async and handles getting permalink setting - frontend controller, ghost_head helper, cache invalidation all now use urlFor or urlForPost all urls should be correct and consistent URL Consistency Improvements - refactored invalidateCache into cacheInvalidationHeader which returns a promise so that url can be generated properly by urlForPost - moved isPost from models to schema, and refactored schema to have a tables object - deleted posts now return the whole object, not just id and slug, ensuring cache invalidation header can be set on delete - frontend controller rss and archive page redirects work properly with subdirectory - removes {{url}} helper from admin and client, and replaced with adminUrl helper which also uses urlFor - in res.locals ghostRoot becomes relativeUrl, and path is removed
2014-01-03 04:37:21 +04:00
// relative path from the URL, not including subdir
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
res.locals.relativeUrl = req.path.replace(config().paths.subdir, '');
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
if (res.isAdmin) {
Remove cookie from Frontend closes #1437 closes #1472 - changed cookie to path:'/ghost' - added conditional CSRF middleware - added redirects for signup, signin, signout to /ghost/sign*/
2013-11-26 13:38:54 +04:00
res.locals.csrfToken = req.csrfToken();
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
when.all([
Add permissions to API closes #2264 - added permissions check to db, users and posts - added register method to users - added doesUserExist method to users - added user from session to internal calls - changed permissible to overwrite canThis - removed action map and action type from permissable method
2014-04-08 17:40:33 +04:00
api.users.read.call({user: req.session.user}, {id: req.session.user}),
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
api.notifications.browse()
]).then(function (values) {
Move user API to primary document format closes #2593 - added new format to user API methods - changed all places where the user api was used - updated tests and added more coverage - little bit of cleanup in utils/api
2014-04-29 00:42:38 +04:00
var currentUser = values[0].users[0],
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
notifications = values[1].notifications;
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
_.extend(res.locals, {
currentUser: {
name: currentUser.name,
email: currentUser.email,
image: currentUser.image
},
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
messages: notifications
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
});
next();
}).otherwise(function () {
// Only show passive notifications
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
// ToDo: Remove once ember handles passive notifications.
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
api.notifications.browse().then(function (notifications) {
_.extend(res.locals, {
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
messages: _.reject(notifications.notifications, function (notification) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
return notification.status !== 'passive';
})
});
next();
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
});
});
} else {
next();
}
}
Support for urlSSL config option and forceAdminSSL 403 response closes #1838 - adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect - adding `urlSSL` option to specify SSL variant of `url` - using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified - dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data) - using `urlSSL` in a "reset password" email, if specified - adding unit tests to test `forceAdminSSL` and `urlSSL` options - created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-02-22 05:25:31 +04:00
function initThemeData(secure) {
var themeConfig = config.theme();
if (secure && config().urlSSL) {
// For secure requests override .url property with the SSL version
themeConfig = _.clone(themeConfig);
themeConfig.url = config().urlSSL.replace(/\/$/, '');
}
return themeConfig;
}
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// ### InitViews Middleware
// Initialise Theme or Admin Views
function initViews(req, res, next) {
/*jslint unparam:true*/
if (!res.isAdmin) {
Support for urlSSL config option and forceAdminSSL 403 response closes #1838 - adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect - adding `urlSSL` option to specify SSL variant of `url` - using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified - dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data) - using `urlSSL` in a "reset password" email, if specified - adding unit tests to test `forceAdminSSL` and `urlSSL` options - created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-02-22 05:25:31 +04:00
var themeData = initThemeData(req.secure);
hbs.updateTemplateOptions({ data: {blog: themeData} });
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 03:31:55 +04:00
expressServer.engine('hbs', expressServer.get('theme view engine'));
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
expressServer.set('views', path.join(config().paths.themePath, expressServer.get('activeTheme')));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
} else {
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 03:31:55 +04:00
expressServer.engine('hbs', expressServer.get('admin view engine'));
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
expressServer.set('views', config().paths.adminViews);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
}
Support for urlSSL config option and forceAdminSSL 403 response closes #1838 - adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect - adding `urlSSL` option to specify SSL variant of `url` - using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified - dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data) - using `urlSSL` in a "reset password" email, if specified - adding unit tests to test `forceAdminSSL` and `urlSSL` options - created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-02-22 05:25:31 +04:00
// Pass 'secure' flag to the view engine
// so that templates can choose 'url' vs 'urlSSL'
res.locals.secure = req.secure;
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
next();
}
// ### Activate Theme
// Helper for manageAdminAndTheme
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
function activateTheme(activeTheme) {
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 03:31:55 +04:00
var hbsOptions,
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
themePartials = path.join(config().paths.themePath, activeTheme, 'partials'),
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 03:31:55 +04:00
stackLocation = _.indexOf(expressServer.stack, _.find(expressServer.stack, function (stackItem) {
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
return stackItem.route === config().paths.subdir && stackItem.handle.name === 'settingEnabled';
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 03:31:55 +04:00
}));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// clear the view cache
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.cache = {};
expressServer.disable(expressServer.get('activeTheme'));
expressServer.set('activeTheme', activeTheme);
expressServer.enable(expressServer.get('activeTheme'));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
if (stackLocation) {
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.stack[stackLocation].handle = middleware.whenEnabled(expressServer.get('activeTheme'), middleware.staticTheme());
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
}
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 03:31:55 +04:00
// set view engine
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
hbsOptions = { partialsDir: [ config().paths.helperTemplates ] };
Including theme partials in a way that supports symbolically linked directories closes #1937 - using fs.stat() instead of hasOwnProperty() to test for directory existence
2014-01-14 03:11:59 +04:00
fs.stat(themePartials, function (err, stats) {
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 03:31:55 +04:00
// Check that the theme has a partials directory before trying to use it
Including theme partials in a way that supports symbolically linked directories closes #1937 - using fs.stat() instead of hasOwnProperty() to test for directory existence
2014-01-14 03:11:59 +04:00
if (!err && stats && stats.isDirectory()) {
hbsOptions.partialsDir.push(themePartials);
}
});
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 03:31:55 +04:00
expressServer.set('theme view engine', hbs.express3(hbsOptions));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// Update user error template
Fixed check for a theme's custom error.hbs: Closes #2513 - Checks for property `error.hbs` on active theme - Added unit test to ensure `error` view is rendered when activeTheme has a custom error template. - Removed unused variable, `userErrorTemplatePath` from errorHandler - Refactored errorHandler.`updateActiveTheme` to take one argument, the new active theme, and to then check if the active theme has an error.hbs - Changed errorHandler unit test to use rewire for mocking config.
2014-03-27 00:43:16 +04:00
errors.updateActiveTheme(activeTheme);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
}
// ### ManageAdminAndTheme Middleware
// Uses the URL to detect whether this response should be an admin response
// This is used to ensure the right content is served, and is not for security purposes
function manageAdminAndTheme(req, res, next) {
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
res.isAdmin = req.url.lastIndexOf(config().paths.subdir + '/ghost/', 0) === 0;
Install in sub-directory support. refs #527
2013-11-17 22:40:26 +04:00
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
if (res.isAdmin) {
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.enable('admin');
expressServer.disable(expressServer.get('activeTheme'));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
} else {
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.enable(expressServer.get('activeTheme'));
expressServer.disable('admin');
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
}
Settings API Primary Document refactor Closes #2606 - Refactor settings api responses to { settings: [ ] } format - Update all code using api.settings to handle new response format - Update test stubs to return new format - Update client site settings model to parse new format into one object of key/value pairs - Refactor to include all setting values - Remove unused settingsCollection method - Update settingsCache to store all attributes - Update settingsResult to send all attributes - Remove unnecessary when() wraps - Reject if editing a setting that doesn't exist - Reject earlier if setting key is empty - Update tests with new error messages - Use setting.add instead of edit that was incorrectly adding - Update importer to properly import activePlugins and installedPlugins - Update expected setting result fields - Fix a weird situation where hasOwnProperty didn't exist :shrug:
2014-04-28 03:28:50 +04:00
api.settings.read('activeTheme').then(function (response) {
var activeTheme = response.settings[0];
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
// Check if the theme changed
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
if (activeTheme.value !== expressServer.get('activeTheme')) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
// Change theme
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
if (!config().paths.availableThemes.hasOwnProperty(activeTheme.value)) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
if (!res.isAdmin) {
// Throw an error if the theme is not available, but not on the admin UI
Start up safely when the activeTheme is not present fixes #2000 - resolves errors when attempting to start Ghost without the active theme present - the frontend will render a 500 error page safely - issues with themes that have an error template are resolved separately in #2018
2014-01-25 02:14:56 +04:00
return errors.throwError('The currently active theme ' + activeTheme.value + ' is missing.');
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
}
} else {
activateTheme(activeTheme.value);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
}
}
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
next();
Start up safely when the activeTheme is not present fixes #2000 - resolves errors when attempting to start Ghost without the active theme present - the frontend will render a 500 error page safely - issues with themes that have an error template are resolved separately in #2018
2014-01-25 02:14:56 +04:00
}).otherwise(function (err) {
// Trying to start up without the active theme present, setup a simple hbs instance
// and render an error page straight away.
expressServer.engine('hbs', hbs.express3());
next(err);
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
});
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
}
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
// Redirect to signup if no users are currently created
function redirectToSignup(req, res, next) {
/*jslint unparam:true*/
Add permissions to API closes #2264 - added permissions check to db, users and posts - added register method to users - added doesUserExist method to users - added user from session to internal calls - changed permissible to overwrite canThis - removed action map and action type from permissable method
2014-04-08 17:40:33 +04:00
api.users.doesUserExist().then(function (exists) {
if (!exists) {
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
return res.redirect(config().paths.subdir + '/ghost/signup/');
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
}
next();
}).otherwise(function (err) {
return next(new Error(err));
});
}
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
function isSSLrequired(isAdmin) {
var forceSSL = url.parse(config().url).protocol === 'https:' ? true : false,
forceAdminSSL = (isAdmin && config().forceAdminSSL);
if (forceSSL || forceAdminSSL) {
return true;
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 23:41:19 +04:00
}
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
return false;
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 23:41:19 +04:00
}
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
// Check to see if we should use SSL
// and redirect if needed
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 23:41:19 +04:00
function checkSSL(req, res, next) {
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
if (isSSLrequired(res.isAdmin)) {
Detect SSL connection whether or not behind a proxy closes #1836 - adding server.enable('trust proxy') to let connect framework do the work of detecting X-Forwarded-Proto header - replacing explicit checking for the X-Forwarded-Proto header with just 'req.secure' boolean check
2014-01-27 02:00:50 +04:00
if (!req.secure) {
Support for urlSSL config option and forceAdminSSL 403 response closes #1838 - adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect - adding `urlSSL` option to specify SSL variant of `url` - using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified - dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data) - using `urlSSL` in a "reset password" email, if specified - adding unit tests to test `forceAdminSSL` and `urlSSL` options - created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-02-22 05:25:31 +04:00
var forceAdminSSL = config().forceAdminSSL,
redirectUrl;
// Check if forceAdminSSL: { redirect: false } is set, which means
// we should just deny non-SSL access rather than redirect
if (forceAdminSSL && forceAdminSSL.redirect !== undefined && !forceAdminSSL.redirect) {
return res.send(403);
}
redirectUrl = url.parse(config().urlSSL || config().url);
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
return res.redirect(301, url.format({
protocol: 'https:',
Support for urlSSL config option and forceAdminSSL 403 response closes #1838 - adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect - adding `urlSSL` option to specify SSL variant of `url` - using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified - dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data) - using `urlSSL` in a "reset password" email, if specified - adding unit tests to test `forceAdminSSL` and `urlSSL` options - created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-02-22 05:25:31 +04:00
hostname: redirectUrl.hostname,
port: redirectUrl.port,
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
pathname: req.path,
query: req.query
}));
}
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 23:41:19 +04:00
}
next();
}
Serve default robots.txt closes #2062 - Server robots.txt from theme if available - Serve default robots.txt from /core/shared/ otherwise - Added tests for default robots.txt
2014-03-09 13:28:58 +04:00
// ### Robots Middleware
// Handle requests to robots.txt and cache file
function robots() {
var content, // file cache
filePath = path.join(config().paths.corePath, '/shared/robots.txt');
return function robots(req, res, next) {
if ('/robots.txt' === req.url) {
if (content) {
res.writeHead(200, content.headers);
res.end(content.body);
} else {
fs.readFile(filePath, function (err, buf) {
if (err) {
return next(err);
}
Move user API to primary document format closes #2593 - added new format to user API methods - changed all places where the user api was used - updated tests and added more coverage - little bit of cleanup in utils/api
2014-04-29 00:42:38 +04:00
Serve default robots.txt closes #2062 - Server robots.txt from theme if available - Serve default robots.txt from /core/shared/ otherwise - Added tests for default robots.txt
2014-03-09 13:28:58 +04:00
content = {
headers: {
'Content-Type': 'text/plain',
'Content-Length': buf.length,
'Cache-Control': 'public, max-age=' + ONE_YEAR_MS / 1000
},
body: buf
};
res.writeHead(200, content.headers);
res.end(content.body);
});
}
} else {
next();
}
};
}
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
module.exports = function (server, dbHash) {
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
var logging = config().logging,
subdir = config().paths.subdir,
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
corePath = config().paths.corePath,
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
cookie;
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
// Cache express server instance
expressServer = server;
middleware.cacheServer(expressServer);
Detect SSL connection whether or not behind a proxy closes #1836 - adding server.enable('trust proxy') to let connect framework do the work of detecting X-Forwarded-Proto header - replacing explicit checking for the X-Forwarded-Proto header with just 'req.secure' boolean check
2014-01-27 02:00:50 +04:00
// Make sure 'req.secure' is valid for proxied requests
// (X-Forwarded-Proto header will be checked, if present)
expressServer.enable('trust proxy');
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// Logging configuration
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
if (logging !== false) {
if (expressServer.get('env') !== 'development') {
expressServer.use(express.logger(logging || {}));
} else {
expressServer.use(express.logger(logging || 'dev'));
}
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
}
// Favicon
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client
2013-12-28 20:01:08 +04:00
expressServer.use(subdir, express.favicon(corePath + '/shared/favicon.ico'));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
// Static assets
expressServer.use(subdir + '/shared', express['static'](path.join(corePath, '/shared'), {maxAge: ONE_HOUR_MS}));
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client
2013-12-28 20:01:08 +04:00
expressServer.use(subdir + '/content/images', storage.get_storage().serve());
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
expressServer.use(subdir + '/ghost/scripts', express['static'](path.join(corePath, '/built/scripts'), {maxAge: ONE_YEAR_MS}));
Switch to bower for client assets. fixes #2272 - Remove libraries from shared/vendor - Remove libraries from client/assets/vendor - Add bower to package.json and postinstall - Add bower.json with dependencies - Add scripts from bower_components to concat/uglify - Fix tests - Serve jquery from /ghost/built/theme/
2014-03-04 01:41:34 +04:00
expressServer.use(subdir + '/public', express['static'](path.join(corePath, '/built/public'), {maxAge: ONE_YEAR_MS}));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// First determine whether we're serving admin or theme content
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.use(manageAdminAndTheme);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// Admin only config
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
expressServer.use(subdir + '/ghost', middleware.whenEnabled('admin', express['static'](path.join(corePath, '/client/assets'), {maxAge: ONE_YEAR_MS})));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Fix error page resources loading when forceAdminSSL is true closes #1837 - moved admin theme static resource service above 'checkSSL', otherwise when forceAdminSSL is true it will try to redirect them to HTTPS, and error pages will be unstyled
2014-01-27 02:21:24 +04:00
// Force SSL
// NOTE: Importantly this is _after_ the check above for admin-theme static resources,
// which do not need HTTPS. In fact, if HTTPS is forced on them, then 404 page might
// not display properly when HTTPS is not available!
expressServer.use(checkSSL);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// Theme only config
Fix live theme switching not working on subdirectories Closes #1770 - Previously, the middleware would check that the route on the stack was an empty string, which worked when there was no subdirectories - When subdirectories were added, the proper route was only set when updating the theme - Because it was only set when updating, this explains themes working on initial load, since the stack location was looking for an empty string, which is what the middleware was initialized with - However, once a new theme was set, it was still look for an empty string, which would never exist, which caused the issue - Now, the route is properly set on initialization of the middleware, and then the `config.paths().subdir` property is used for the check
2013-12-29 03:08:57 +04:00
expressServer.use(subdir, middleware.whenEnabled(expressServer.get('activeTheme'), middleware.staticTheme()));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Serve default robots.txt closes #2062 - Server robots.txt from theme if available - Serve default robots.txt from /core/shared/ otherwise - Added tests for default robots.txt
2014-03-09 13:28:58 +04:00
// Serve robots.txt if not found in theme
expressServer.use(robots());
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// Add in all trailing slashes
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
expressServer.use(slashes(true, {headers: {'Cache-Control': 'public, max-age=' + ONE_YEAR_S}}));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
// Body parsing
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.use(express.json());
expressServer.use(express.urlencoded());
Install in sub-directory support. refs #527
2013-11-17 22:40:26 +04:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
// ### Sessions
Ensure cookies are only ever set for admin fixes #1901 - Adds a trailing slash to the cookie path - Resolves random log-outs - Adds a test which proves the case
2014-01-12 21:08:12 +04:00
// we need the trailing slash in the cookie path. Session handling *must* be after the slash handling
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
cookie = {
Ensure cookies are only ever set for admin fixes #1901 - Adds a trailing slash to the cookie path - Resolves random log-outs - Adds a test which proves the case
2014-01-12 21:08:12 +04:00
path: subdir + '/ghost/',
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
maxAge: 12 * ONE_HOUR_MS
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
};
// if SSL is forced, add secure flag to cookie
// parameter is true, since cookie is used with admin only
if (isSSLrequired(true)) {
cookie.secure = true;
}
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.use(express.cookieParser());
expressServer.use(express.session({
Improvements for models #closes #1655 - removed models as parameter for bookshelf-session - changed to read permittedAttributes from schema.js - changed updateTags to be executed at saved event - added validate to execute after saving event - added test for published_at = null (see #2015) - fixed typo in general.hbs
2014-02-19 17:57:26 +04:00
store: new BSStore(),
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
proxy: true,
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
secret: dbHash,
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
cookie: cookie
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 18:29:36 +04:00
}));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Make session expiry less arsey closes #2171 - added authentication middleware - removed authentication from routes - moved authentication before CSRF validation - moved caching rules before authentication - changed/added test
2014-02-14 14:00:11 +04:00
// ### Caching
expressServer.use(middleware.cacheControl('public'));
Respect subdirectory in authenticate middleware
2014-02-20 02:53:40 +04:00
expressServer.use(subdir + '/api/', middleware.cacheControl('private'));
expressServer.use(subdir + '/ghost/', middleware.cacheControl('private'));
Make session expiry less arsey closes #2171 - added authentication middleware - removed authentication from routes - moved authentication before CSRF validation - moved caching rules before authentication - changed/added test
2014-02-14 14:00:11 +04:00
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
Make session expiry less arsey closes #2171 - added authentication middleware - removed authentication from routes - moved authentication before CSRF validation - moved caching rules before authentication - changed/added test
2014-02-14 14:00:11 +04:00
// enable authentication; has to be done before CSRF handling
expressServer.use(middleware.authenticate);
General cleanup - Cleanup some todos, comments, and unused variables
2014-01-20 01:08:39 +04:00
// enable express csrf protection
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.use(middleware.conditionalCSRF);
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// local data
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.use(ghostLocals);
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
// So on every request we actually clean out redundant passive notifications from the server side
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
// ToDo: Remove when ember handles passive notifications.
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.use(middleware.cleanNotifications);
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// Initialise the views
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.use(initViews);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
// ### Routing
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client
2013-12-28 20:01:08 +04:00
expressServer.use(subdir, expressServer.router);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// ### Error handling
// 404 Handler
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.use(errors.error404);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// 500 Handler
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.use(errors.error500);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
};
// Export middleware functions directly
Install in sub-directory support. refs #527
2013-11-17 22:40:26 +04:00
module.exports.middleware = middleware;
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
// Expose middleware functions in this file as well
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 03:31:55 +04:00
module.exports.middleware.redirectToSignup = redirectToSignup;
Reference in New Issue Copy Permalink