TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-15 03:12:54 +03:00
Code Issues Projects Releases Wiki Activity
4c6b324494
Ghost/core/server/middleware/index.js

326 lines
11 KiB
JavaScript
Raw Normal View History

Putting back relative redirects issue #1523 - also added some comments to indicate the difference between the two custom middleware files.
2013-11-26 00:31:18 +04:00
// # Custom Middleware
// The following custom middleware functions cannot yet be unit tested, and as such are kept separate from
// the testable custom middleware functions in middleware.js
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
var api = require('../api'),
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
bodyParser = require('body-parser'),
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
config = require('../config'),
Add distinct error classes closes #2690 - added new error classes - moved errorhandling.js to /errors/index.js - changed API errors to use new classes - updated tests
2014-05-09 14:11:29 +04:00
errors = require('../errors'),
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
express = require('express'),
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
favicon = require('static-favicon'),
Including theme partials in a way that supports symbolically linked directories closes #1937 - using fs.stat() instead of hasOwnProperty() to test for directory existence
2014-01-14 03:11:59 +04:00
fs = require('fs'),
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
hbs = require('express-hbs'),
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
logger = require('morgan'),
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
middleware = require('./middleware'),
packageInfo = require('../../../package.json'),
path = require('path'),
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
routes = require('../routes'),
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
slashes = require('connect-slashes'),
storage = require('../storage'),
url = require('url'),
_ = require('lodash'),
oAuth closes #2759 closes #3027 - added oauth2orize library for server side oAuth handling - added ember-simple-auth library for admin oAuth handling - added tables for client, accesstoken and refreshtoken - implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant - updated api tests with oAuth - removed session, authentication is now token based Known issues: - Restore spam prevention #3128 - Signin after Signup #3125 - Signin validation #3125 **Attention** - oldClient doesn't work with this PR anymore, session authentication was removed
2014-06-30 16:58:10 +04:00
passport = require('passport'),
oauth = require('./oauth'),
oauth2orize = require('oauth2orize'),
authStrategies = require('./authStrategies'),
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
expressServer,
ONE_HOUR_S = 60 * 60,
ONE_YEAR_S = 365 * 24 * ONE_HOUR_S,
ONE_HOUR_MS = ONE_HOUR_S * 1000,
ONE_YEAR_MS = 365 * 24 * ONE_HOUR_MS;
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// ##Custom Middleware
// ### GhostLocals Middleware
// Expose the standard locals that every external page should have available,
// separating between the theme and the admin
function ghostLocals(req, res, next) {
// Make sure we have a locals value.
res.locals = res.locals || {};
res.locals.version = packageInfo.version;
New URL helper - URL consistency fixes fixes #1765 fixes #1811 issue #1833 New UrlFor functions - moved body of url helper to config.path.urlFor, which can generate a URL for various scenarios - urlFor can take a string (name) or object (relativeUrl: '/') as the first argument - this is the first step towards issue #1833 - also added config.path.urlForPost which is async and handles getting permalink setting - frontend controller, ghost_head helper, cache invalidation all now use urlFor or urlForPost all urls should be correct and consistent URL Consistency Improvements - refactored invalidateCache into cacheInvalidationHeader which returns a promise so that url can be generated properly by urlForPost - moved isPost from models to schema, and refactored schema to have a tables object - deleted posts now return the whole object, not just id and slug, ensuring cache invalidation header can be set on delete - frontend controller rss and archive page redirects work properly with subdirectory - removes {{url}} helper from admin and client, and replaced with adminUrl helper which also uses urlFor - in res.locals ghostRoot becomes relativeUrl, and path is removed
2014-01-03 04:37:21 +04:00
// relative path from the URL, not including subdir
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
res.locals.relativeUrl = req.path.replace(config().paths.subdir, '');
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
oAuth closes #2759 closes #3027 - added oauth2orize library for server side oAuth handling - added ember-simple-auth library for admin oAuth handling - added tables for client, accesstoken and refreshtoken - implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant - updated api tests with oAuth - removed session, authentication is now token based Known issues: - Restore spam prevention #3128 - Signin after Signup #3125 - Signin validation #3125 **Attention** - oldClient doesn't work with this PR anymore, session authentication was removed
2014-06-30 16:58:10 +04:00
next();
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
}
Support for urlSSL config option and forceAdminSSL 403 response closes #1838 - adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect - adding `urlSSL` option to specify SSL variant of `url` - using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified - dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data) - using `urlSSL` in a "reset password" email, if specified - adding unit tests to test `forceAdminSSL` and `urlSSL` options - created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-02-22 05:25:31 +04:00
function initThemeData(secure) {
var themeConfig = config.theme();
if (secure && config().urlSSL) {
// For secure requests override .url property with the SSL version
themeConfig = _.clone(themeConfig);
themeConfig.url = config().urlSSL.replace(/\/$/, '');
}
return themeConfig;
}
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// ### Activate Theme
// Helper for manageAdminAndTheme
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
function activateTheme(activeTheme) {
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 03:31:55 +04:00
var hbsOptions,
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
themePartials = path.join(config().paths.themePath, activeTheme, 'partials');
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// clear the view cache
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.cache = {};
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 03:31:55 +04:00
// set view engine
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
hbsOptions = { partialsDir: [ config().paths.helperTemplates ] };
Including theme partials in a way that supports symbolically linked directories closes #1937 - using fs.stat() instead of hasOwnProperty() to test for directory existence
2014-01-14 03:11:59 +04:00
fs.stat(themePartials, function (err, stats) {
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 03:31:55 +04:00
// Check that the theme has a partials directory before trying to use it
Including theme partials in a way that supports symbolically linked directories closes #1937 - using fs.stat() instead of hasOwnProperty() to test for directory existence
2014-01-14 03:11:59 +04:00
if (!err && stats && stats.isDirectory()) {
hbsOptions.partialsDir.push(themePartials);
}
});
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 03:31:55 +04:00
expressServer.set('theme view engine', hbs.express3(hbsOptions));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// Update user error template
Fixed check for a theme's custom error.hbs: Closes #2513 - Checks for property `error.hbs` on active theme - Added unit test to ensure `error` view is rendered when activeTheme has a custom error template. - Removed unused variable, `userErrorTemplatePath` from errorHandler - Refactored errorHandler.`updateActiveTheme` to take one argument, the new active theme, and to then check if the active theme has an error.hbs - Changed errorHandler unit test to use rewire for mocking config.
2014-03-27 00:43:16 +04:00
errors.updateActiveTheme(activeTheme);
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
// Set active theme variable on the express server
expressServer.set('activeTheme', activeTheme);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
}
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
// ### decideContext Middleware
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// Uses the URL to detect whether this response should be an admin response
// This is used to ensure the right content is served, and is not for security purposes
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
function decideContext(req, res, next) {
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
res.isAdmin = req.url.lastIndexOf(config().paths.subdir + '/ghost/', 0) === 0;
Install in sub-directory support. refs #527
2013-11-17 22:40:26 +04:00
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
if (res.isAdmin) {
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.enable('admin');
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
expressServer.engine('hbs', expressServer.get('admin view engine'));
expressServer.set('views', config().paths.adminViews);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
} else {
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.disable('admin');
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
var themeData = initThemeData(req.secure);
hbs.updateTemplateOptions({ data: {blog: themeData} });
expressServer.engine('hbs', expressServer.get('theme view engine'));
expressServer.set('views', path.join(config().paths.themePath, expressServer.get('activeTheme')));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
}
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
// Pass 'secure' flag to the view engine
// so that templates can choose 'url' vs 'urlSSL'
res.locals.secure = req.secure;
next();
}
// ### updateActiveTheme
// Updates the expressServer's activeTheme variable and subsequently
// activates that theme's views with the hbs templating engine if it
// is not yet activated.
function updateActiveTheme(req, res, next) {
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData
2014-05-08 16:41:19 +04:00
api.settings.read({context: {internal: true}, key: 'activeTheme'}).then(function (response) {
Settings API Primary Document refactor Closes #2606 - Refactor settings api responses to { settings: [ ] } format - Update all code using api.settings to handle new response format - Update test stubs to return new format - Update client site settings model to parse new format into one object of key/value pairs - Refactor to include all setting values - Remove unused settingsCollection method - Update settingsCache to store all attributes - Update settingsResult to send all attributes - Remove unnecessary when() wraps - Reject if editing a setting that doesn't exist - Reject earlier if setting key is empty - Update tests with new error messages - Use setting.add instead of edit that was incorrectly adding - Update importer to properly import activePlugins and installedPlugins - Update expected setting result fields - Fix a weird situation where hasOwnProperty didn't exist :shrug:
2014-04-28 03:28:50 +04:00
var activeTheme = response.settings[0];
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
// Check if the theme changed
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
if (activeTheme.value !== expressServer.get('activeTheme')) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
// Change theme
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
if (!config().paths.availableThemes.hasOwnProperty(activeTheme.value)) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
if (!res.isAdmin) {
// Throw an error if the theme is not available, but not on the admin UI
Start up safely when the activeTheme is not present fixes #2000 - resolves errors when attempting to start Ghost without the active theme present - the frontend will render a 500 error page safely - issues with themes that have an error template are resolved separately in #2018
2014-01-25 02:14:56 +04:00
return errors.throwError('The currently active theme ' + activeTheme.value + ' is missing.');
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
}
} else {
activateTheme(activeTheme.value);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
}
}
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
next();
Start up safely when the activeTheme is not present fixes #2000 - resolves errors when attempting to start Ghost without the active theme present - the frontend will render a 500 error page safely - issues with themes that have an error template are resolved separately in #2018
2014-01-25 02:14:56 +04:00
}).otherwise(function (err) {
// Trying to start up without the active theme present, setup a simple hbs instance
// and render an error page straight away.
expressServer.engine('hbs', hbs.express3());
next(err);
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
});
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
}
New setup screen for blog installation. fixes #3072 - Change router to handle /ember/setup/ - Adjust doSignup to also handle setup - Adjust tests and add new where necessary - Add setup controller, setup validation, setup route - Adjust casper emberSetup to handle new setup
2014-06-25 16:12:48 +04:00
// Redirect to setup if no user exists
function redirectToSetup(req, res, next) {
/*jslint unparam:true*/
Move setup to API closes #3136 - moved setup to authentication API - added `POST /ghost/api/v0.1/authentication/setup` to execute the setup process - added `GET /ghost/api/v0.1/authentication/setup` to check if blog is already set up (needed for #3145) - removed unused methods from api/users.js
2014-07-11 16:17:09 +04:00
api.authentication.isSetup().then(function (exists) {
if (!exists.setup[0].status && !req.path.match(/\/ghost\/setup\//)) {
Replace the old admin with the ember admin closes #3056 - Remove clientold - Remove clientold tests - Cleanup old admin helpers - Remove old routes from admin and controllers from admin controller - Comment out / remove old and broken tests - Cleanup Gruntfile.js, bower.js, package.json etc Still TODO: - cleanup / add removed tests - do we still need countable?
2014-07-01 03:26:08 +04:00
return res.redirect(config().paths.subdir + '/ghost/setup/');
New setup screen for blog installation. fixes #3072 - Change router to handle /ember/setup/ - Adjust doSignup to also handle setup - Adjust tests and add new where necessary - Add setup controller, setup validation, setup route - Adjust casper emberSetup to handle new setup
2014-06-25 16:12:48 +04:00
}
next();
}).otherwise(function (err) {
return next(new Error(err));
});
}
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
function isSSLrequired(isAdmin) {
var forceSSL = url.parse(config().url).protocol === 'https:' ? true : false,
forceAdminSSL = (isAdmin && config().forceAdminSSL);
if (forceSSL || forceAdminSSL) {
return true;
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 23:41:19 +04:00
}
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
return false;
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 23:41:19 +04:00
}
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
// Check to see if we should use SSL
// and redirect if needed
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 23:41:19 +04:00
function checkSSL(req, res, next) {
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
if (isSSLrequired(res.isAdmin)) {
Detect SSL connection whether or not behind a proxy closes #1836 - adding server.enable('trust proxy') to let connect framework do the work of detecting X-Forwarded-Proto header - replacing explicit checking for the X-Forwarded-Proto header with just 'req.secure' boolean check
2014-01-27 02:00:50 +04:00
if (!req.secure) {
Support for urlSSL config option and forceAdminSSL 403 response closes #1838 - adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect - adding `urlSSL` option to specify SSL variant of `url` - using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified - dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data) - using `urlSSL` in a "reset password" email, if specified - adding unit tests to test `forceAdminSSL` and `urlSSL` options - created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-02-22 05:25:31 +04:00
var forceAdminSSL = config().forceAdminSSL,
redirectUrl;
// Check if forceAdminSSL: { redirect: false } is set, which means
// we should just deny non-SSL access rather than redirect
if (forceAdminSSL && forceAdminSSL.redirect !== undefined && !forceAdminSSL.redirect) {
return res.send(403);
}
redirectUrl = url.parse(config().urlSSL || config().url);
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
return res.redirect(301, url.format({
protocol: 'https:',
Support for urlSSL config option and forceAdminSSL 403 response closes #1838 - adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect - adding `urlSSL` option to specify SSL variant of `url` - using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified - dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data) - using `urlSSL` in a "reset password" email, if specified - adding unit tests to test `forceAdminSSL` and `urlSSL` options - created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-02-22 05:25:31 +04:00
hostname: redirectUrl.hostname,
port: redirectUrl.port,
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 20:05:45 +04:00
pathname: req.path,
query: req.query
}));
}
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 23:41:19 +04:00
}
next();
}
Serve default robots.txt closes #2062 - Server robots.txt from theme if available - Serve default robots.txt from /core/shared/ otherwise - Added tests for default robots.txt
2014-03-09 13:28:58 +04:00
// ### Robots Middleware
// Handle requests to robots.txt and cache file
function robots() {
var content, // file cache
filePath = path.join(config().paths.corePath, '/shared/robots.txt');
return function robots(req, res, next) {
if ('/robots.txt' === req.url) {
if (content) {
res.writeHead(200, content.headers);
res.end(content.body);
} else {
fs.readFile(filePath, function (err, buf) {
if (err) {
return next(err);
}
Move user API to primary document format closes #2593 - added new format to user API methods - changed all places where the user api was used - updated tests and added more coverage - little bit of cleanup in utils/api
2014-04-29 00:42:38 +04:00
Serve default robots.txt closes #2062 - Server robots.txt from theme if available - Serve default robots.txt from /core/shared/ otherwise - Added tests for default robots.txt
2014-03-09 13:28:58 +04:00
content = {
headers: {
'Content-Type': 'text/plain',
'Content-Length': buf.length,
'Cache-Control': 'public, max-age=' + ONE_YEAR_MS / 1000
},
body: buf
};
res.writeHead(200, content.headers);
res.end(content.body);
});
}
} else {
next();
}
};
}
oAuth closes #2759 closes #3027 - added oauth2orize library for server side oAuth handling - added ember-simple-auth library for admin oAuth handling - added tables for client, accesstoken and refreshtoken - implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant - updated api tests with oAuth - removed session, authentication is now token based Known issues: - Restore spam prevention #3128 - Signin after Signup #3125 - Signin validation #3125 **Attention** - oldClient doesn't work with this PR anymore, session authentication was removed
2014-06-30 16:58:10 +04:00
module.exports = function (server) {
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
var logging = config().logging,
subdir = config().paths.subdir,
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
corePath = config().paths.corePath,
oAuth closes #2759 closes #3027 - added oauth2orize library for server side oAuth handling - added ember-simple-auth library for admin oAuth handling - added tables for client, accesstoken and refreshtoken - implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant - updated api tests with oAuth - removed session, authentication is now token based Known issues: - Restore spam prevention #3128 - Signin after Signup #3125 - Signin validation #3125 **Attention** - oldClient doesn't work with this PR anymore, session authentication was removed
2014-06-30 16:58:10 +04:00
oauthServer = oauth2orize.createServer();
// silence JSHint without disabling unused check for the whole file
authStrategies = authStrategies;
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
// Cache express server instance
expressServer = server;
middleware.cacheServer(expressServer);
oAuth closes #2759 closes #3027 - added oauth2orize library for server side oAuth handling - added ember-simple-auth library for admin oAuth handling - added tables for client, accesstoken and refreshtoken - implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant - updated api tests with oAuth - removed session, authentication is now token based Known issues: - Restore spam prevention #3128 - Signin after Signup #3125 - Signin validation #3125 **Attention** - oldClient doesn't work with this PR anymore, session authentication was removed
2014-06-30 16:58:10 +04:00
middleware.cacheOauthServer(oauthServer);
oauth.init(oauthServer);
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
Detect SSL connection whether or not behind a proxy closes #1836 - adding server.enable('trust proxy') to let connect framework do the work of detecting X-Forwarded-Proto header - replacing explicit checking for the X-Forwarded-Proto header with just 'req.secure' boolean check
2014-01-27 02:00:50 +04:00
// Make sure 'req.secure' is valid for proxied requests
// (X-Forwarded-Proto header will be checked, if present)
expressServer.enable('trust proxy');
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// Logging configuration
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
if (logging !== false) {
if (expressServer.get('env') !== 'development') {
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
expressServer.use(logger(logging || {}));
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
} else {
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
expressServer.use(logger(logging || 'dev'));
Add logging config option closes #2103 - Deactivate logging for testing environments - Override logging with settings from config
2014-02-11 01:07:11 +04:00
}
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
}
// Favicon
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
expressServer.use(subdir, favicon(corePath + '/shared/favicon.ico'));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
// Static assets
expressServer.use(subdir + '/shared', express['static'](path.join(corePath, '/shared'), {maxAge: ONE_HOUR_MS}));
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client
2013-12-28 20:01:08 +04:00
expressServer.use(subdir + '/content/images', storage.get_storage().serve());
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
expressServer.use(subdir + '/ghost/scripts', express['static'](path.join(corePath, '/built/scripts'), {maxAge: ONE_YEAR_MS}));
Switch to bower for client assets. fixes #2272 - Remove libraries from shared/vendor - Remove libraries from client/assets/vendor - Add bower to package.json and postinstall - Add bower.json with dependencies - Add scripts from bower_components to concat/uglify - Fix tests - Serve jquery from /ghost/built/theme/
2014-03-04 01:41:34 +04:00
expressServer.use(subdir + '/public', express['static'](path.join(corePath, '/built/public'), {maxAge: ONE_YEAR_MS}));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// First determine whether we're serving admin or theme content
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
expressServer.use(updateActiveTheme);
expressServer.use(decideContext);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// Admin only config
Replace the old admin with the ember admin closes #3056 - Remove clientold - Remove clientold tests - Cleanup old admin helpers - Remove old routes from admin and controllers from admin controller - Comment out / remove old and broken tests - Cleanup Gruntfile.js, bower.js, package.json etc Still TODO: - cleanup / add removed tests - do we still need countable?
2014-07-01 03:26:08 +04:00
expressServer.use(subdir + '/ghost', middleware.whenEnabled('admin', express['static'](path.join(corePath, '/client/assets'), {maxAge: ONE_YEAR_MS})));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Fix error page resources loading when forceAdminSSL is true closes #1837 - moved admin theme static resource service above 'checkSSL', otherwise when forceAdminSSL is true it will try to redirect them to HTTPS, and error pages will be unstyled
2014-01-27 02:21:24 +04:00
// Force SSL
// NOTE: Importantly this is _after_ the check above for admin-theme static resources,
// which do not need HTTPS. In fact, if HTTPS is forced on them, then 404 page might
// not display properly when HTTPS is not available!
expressServer.use(checkSSL);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// Theme only config
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
expressServer.use(subdir, middleware.staticTheme());
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Serve default robots.txt closes #2062 - Server robots.txt from theme if available - Serve default robots.txt from /core/shared/ otherwise - Added tests for default robots.txt
2014-03-09 13:28:58 +04:00
// Serve robots.txt if not found in theme
expressServer.use(robots());
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// Add in all trailing slashes
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
expressServer.use(slashes(true, {headers: {'Cache-Control': 'public, max-age=' + ONE_YEAR_S}}));
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
// Body parsing
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
expressServer.use(bodyParser.json());
expressServer.use(bodyParser.urlencoded());
Install in sub-directory support. refs #527
2013-11-17 22:40:26 +04:00
oAuth closes #2759 closes #3027 - added oauth2orize library for server side oAuth handling - added ember-simple-auth library for admin oAuth handling - added tables for client, accesstoken and refreshtoken - implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant - updated api tests with oAuth - removed session, authentication is now token based Known issues: - Restore spam prevention #3128 - Signin after Signup #3125 - Signin validation #3125 **Attention** - oldClient doesn't work with this PR anymore, session authentication was removed
2014-06-30 16:58:10 +04:00
expressServer.use(passport.initialize());
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
Make session expiry less arsey closes #2171 - added authentication middleware - removed authentication from routes - moved authentication before CSRF validation - moved caching rules before authentication - changed/added test
2014-02-14 14:00:11 +04:00
// ### Caching
expressServer.use(middleware.cacheControl('public'));
Respect subdirectory in authenticate middleware
2014-02-20 02:53:40 +04:00
expressServer.use(subdir + '/ghost/', middleware.cacheControl('private'));
Make session expiry less arsey closes #2171 - added authentication middleware - removed authentication from routes - moved authentication before CSRF validation - moved caching rules before authentication - changed/added test
2014-02-14 14:00:11 +04:00
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
oAuth closes #2759 closes #3027 - added oauth2orize library for server side oAuth handling - added ember-simple-auth library for admin oAuth handling - added tables for client, accesstoken and refreshtoken - implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant - updated api tests with oAuth - removed session, authentication is now token based Known issues: - Restore spam prevention #3128 - Signin after Signup #3125 - Signin validation #3125 **Attention** - oldClient doesn't work with this PR anymore, session authentication was removed
2014-06-30 16:58:10 +04:00
// enable authentication
Make session expiry less arsey closes #2171 - added authentication middleware - removed authentication from routes - moved authentication before CSRF validation - moved caching rules before authentication - changed/added test
2014-02-14 14:00:11 +04:00
expressServer.use(middleware.authenticate);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// local data
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.use(ghostLocals);
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
// So on every request we actually clean out redundant passive notifications from the server side
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
// ToDo: Remove when ember handles passive notifications.
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.use(middleware.cleanNotifications);
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
// ### Routing
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
// Set up API routes
Move post slug endpoint & add endpoints for users closes #3187 - move slug endpoint to post/slug/:slug - create similar slug and email endpoint for users - add/update tests
2014-07-09 02:28:31 +04:00
expressServer.use(subdir + routes.apiBaseUri, routes.api(middleware));
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance.
2014-04-12 07:46:15 +04:00
// Set up Admin routes
expressServer.use(subdir, routes.admin(middleware));
// Set up Frontend routes
expressServer.use(subdir, routes.frontend());
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// ### Error handling
// 404 Handler
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.use(errors.error404);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
// 500 Handler
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
expressServer.use(errors.error500);
Move server middleware configuration to related file
2013-11-12 10:03:25 +04:00
};
// Export middleware functions directly
Install in sub-directory support. refs #527
2013-11-17 22:40:26 +04:00
module.exports.middleware = middleware;
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 18:13:15 +04:00
// Expose middleware functions in this file as well
New setup screen for blog installation. fixes #3072 - Change router to handle /ember/setup/ - Adjust doSignup to also handle setup - Adjust tests and add new where necessary - Add setup controller, setup validation, setup route - Adjust casper emberSetup to handle new setup
2014-06-25 16:12:48 +04:00
module.exports.middleware.redirectToSetup = redirectToSetup;
Reference in New Issue Copy Permalink