Ghost/core/server/apps/private-blogging/lib/router.js

var path                = require('path'),
    express             = require('express'),
    middleware          = require('./middleware'),
    bodyParser          = require('body-parser'),
    templates           = require('../../../controllers/frontend/templates'),
    setResponseContext  = require('../../../controllers/frontend/context'),
    brute               = require('../../../middleware/brute'),

    privateRouter = express.Router();

function controller(req, res) {
    var templateName = 'private',
        defaultTemplate = path.resolve(__dirname, 'views', templateName + '.hbs'),
        view = templates.pickTemplate(templateName, defaultTemplate),
        data = {};

    if (res.error) {
        data.error = res.error;
    }

    setResponseContext(req, res);

    return res.render(view, data);
}

// password-protected frontend route
privateRouter.route('/')
    .get(
        middleware.isPrivateSessionAuth,
        controller
    )
    .post(
        bodyParser.urlencoded({extended: true}),
        middleware.isPrivateSessionAuth,
        brute.privateBlog,
        middleware.authenticateProtection,
        controller
    );

module.exports = privateRouter;
module.exports.controller = controller;
move private-blogging functionality into an internal app closes #5914, #6589 - moves all private-blogging related code & tests into /server/apps/private-blogging/ - rework Grunt to run private-blogging tests - modify server apps code to have a place for internal apps 2016-04-11 16:58:41 +03:00			`var path = require('path'),`
			`express = require('express'),`
			`middleware = require('./middleware'),`
🎉 Middleware refactor: Give the API its own express App (#7537) refs #4172 * 🎨 Use bodyParser only where it is needed This is a pretty extreme optimisation, however in the interests of killing middleware/index.js it seemed prudent to move towards not having in there that wasn't strictly necessary 😁 We should reassess how apps do this sort of thing, but it seems pretty sane to declare bodyParsing if and only if it is necessary. * 🎨 Move all API code to API router * 🎨 Refactor API into an App, not just a router - Apps have their own rendering engines, only the frontend & the admin panel need views - The API should be JSON only, with minimal middleware - Individual sections within the API could/should be treated as Routers * 🎨 Flatten API middleware inclusion - get rid of the weird middleware object - move the api-only middleware into the middleware/api folder 2016-10-11 11:36:00 +03:00			`bodyParser = require('body-parser'),`
move private-blogging functionality into an internal app closes #5914, #6589 - moves all private-blogging related code & tests into /server/apps/private-blogging/ - rework Grunt to run private-blogging tests - modify server apps code to have a place for internal apps 2016-04-11 16:58:41 +03:00			`templates = require('../../../controllers/frontend/templates'),`
			`setResponseContext = require('../../../controllers/frontend/context'),`
Replace memory spam prevention with brute-express (#7579) no issue - removes count from user checks model - uses brute express brute with brute-knex adaptor to store persisted data on spam prevention - implement brute force protection for password/token exchange, password resets and private blogging 2016-11-08 14:33:19 +03:00			`brute = require('../../../middleware/brute'),`
✨ Reimplement custom theme templates (#8147) closes #8082 - Update the `pickTemplate` logic to a) rely on getActive().hasTemplate() instead of being passed a list of paths b) support the concept of a fallback, which is returned if there is no theme, or if the theme doesn't have a more specific template - Update every instance of template picking, across the 3 internalApps, and render-channel, to use this new logic - update the tests 2017-03-14 02:15:50 +03:00
move private-blogging functionality into an internal app closes #5914, #6589 - moves all private-blogging related code & tests into /server/apps/private-blogging/ - rework Grunt to run private-blogging tests - modify server apps code to have a place for internal apps 2016-04-11 16:58:41 +03:00			`privateRouter = express.Router();`

			`function controller(req, res) {`
✨ Reimplement custom theme templates (#8147) closes #8082 - Update the `pickTemplate` logic to a) rely on getActive().hasTemplate() instead of being passed a list of paths b) support the concept of a fallback, which is returned if there is no theme, or if the theme doesn't have a more specific template - Update every instance of template picking, across the 3 internalApps, and render-channel, to use this new logic - update the tests 2017-03-14 02:15:50 +03:00			`var templateName = 'private',`
			`defaultTemplate = path.resolve(__dirname, 'views', templateName + '.hbs'),`
Misc cleanup & consistency amends (#9002) no issue - Consistent naming for postLookup - makes it easier to search and inspect the various usages - Cleanup unneeded code - Make res.render calls more consistent - add some consistency to the calls to res.render - Remove ancient reference to dataProvider - Let's call it models everywhere now... - Use consistent formatting across the API - we're no longer using alignment in vars - Misc other consistency changes in API - always refer to local utils as apiUtils - logical grouping of requires - dependencies, utils, "lib common" etc - use xAPI to refer to API endpoints, e.g. mailAPI, settingsAPI for clarity 2017-09-12 18:31:14 +03:00			`view = templates.pickTemplate(templateName, defaultTemplate),`
move private-blogging functionality into an internal app closes #5914, #6589 - moves all private-blogging related code & tests into /server/apps/private-blogging/ - rework Grunt to run private-blogging tests - modify server apps code to have a place for internal apps 2016-04-11 16:58:41 +03:00			`data = {};`

			`if (res.error) {`
			`data.error = res.error;`
			`}`

			`setResponseContext(req, res);`
✨ Reimplement custom theme templates (#8147) closes #8082 - Update the `pickTemplate` logic to a) rely on getActive().hasTemplate() instead of being passed a list of paths b) support the concept of a fallback, which is returned if there is no theme, or if the theme doesn't have a more specific template - Update every instance of template picking, across the 3 internalApps, and render-channel, to use this new logic - update the tests 2017-03-14 02:15:50 +03:00
Misc cleanup & consistency amends (#9002) no issue - Consistent naming for postLookup - makes it easier to search and inspect the various usages - Cleanup unneeded code - Make res.render calls more consistent - add some consistency to the calls to res.render - Remove ancient reference to dataProvider - Let's call it models everywhere now... - Use consistent formatting across the API - we're no longer using alignment in vars - Misc other consistency changes in API - always refer to local utils as apiUtils - logical grouping of requires - dependencies, utils, "lib common" etc - use xAPI to refer to API endpoints, e.g. mailAPI, settingsAPI for clarity 2017-09-12 18:31:14 +03:00			`return res.render(view, data);`
move private-blogging functionality into an internal app closes #5914, #6589 - moves all private-blogging related code & tests into /server/apps/private-blogging/ - rework Grunt to run private-blogging tests - modify server apps code to have a place for internal apps 2016-04-11 16:58:41 +03:00			`}`

			`// password-protected frontend route`
			`privateRouter.route('/')`
			`.get(`
			`middleware.isPrivateSessionAuth,`
			`controller`
			`)`
			`.post(`
🎉 Middleware refactor: Give the API its own express App (#7537) refs #4172 * 🎨 Use bodyParser only where it is needed This is a pretty extreme optimisation, however in the interests of killing middleware/index.js it seemed prudent to move towards not having in there that wasn't strictly necessary 😁 We should reassess how apps do this sort of thing, but it seems pretty sane to declare bodyParsing if and only if it is necessary. * 🎨 Move all API code to API router * 🎨 Refactor API into an App, not just a router - Apps have their own rendering engines, only the frontend & the admin panel need views - The API should be JSON only, with minimal middleware - Individual sections within the API could/should be treated as Routers * 🎨 Flatten API middleware inclusion - get rid of the weird middleware object - move the api-only middleware into the middleware/api folder 2016-10-11 11:36:00 +03:00			`bodyParser.urlencoded({extended: true}),`
move private-blogging functionality into an internal app closes #5914, #6589 - moves all private-blogging related code & tests into /server/apps/private-blogging/ - rework Grunt to run private-blogging tests - modify server apps code to have a place for internal apps 2016-04-11 16:58:41 +03:00			`middleware.isPrivateSessionAuth,`
Replace memory spam prevention with brute-express (#7579) no issue - removes count from user checks model - uses brute express brute with brute-knex adaptor to store persisted data on spam prevention - implement brute force protection for password/token exchange, password resets and private blogging 2016-11-08 14:33:19 +03:00			`brute.privateBlog,`
move private-blogging functionality into an internal app closes #5914, #6589 - moves all private-blogging related code & tests into /server/apps/private-blogging/ - rework Grunt to run private-blogging tests - modify server apps code to have a place for internal apps 2016-04-11 16:58:41 +03:00			`middleware.authenticateProtection,`
			`controller`
			`);`

			`module.exports = privateRouter;`
			`module.exports.controller = controller;`