2021-06-15 19:01:22 +03:00
|
|
|
const debug = require('@tryghost/debug')('web:members:app');
|
2020-04-30 19:29:51 +03:00
|
|
|
const {URL} = require('url');
|
|
|
|
|
const cors = require('cors');
|
2020-05-20 12:07:58 +03:00
|
|
|
const bodyParser = require('body-parser');
|
2020-04-30 09:52:22 +03:00
|
|
|
const express = require('../../../shared/express');
|
2020-05-28 13:57:02 +03:00
|
|
|
const urlUtils = require('../../../shared/url-utils');
|
2020-04-30 19:29:51 +03:00
|
|
|
const membersService = require('../../services/members');
|
|
|
|
|
const middleware = membersService.middleware;
|
2020-04-30 09:52:22 +03:00
|
|
|
const shared = require('../shared');
|
|
|
|
|
|
|
|
|
|
module.exports = function setupMembersApp() {
|
2020-04-30 19:29:51 +03:00
|
|
|
debug('Members App setup start');
|
2020-05-01 21:29:42 +03:00
|
|
|
const membersApp = express('members');
|
2020-04-30 09:52:22 +03:00
|
|
|
|
2020-05-20 12:07:58 +03:00
|
|
|
// send 503 json response in case of maintenance
|
|
|
|
|
membersApp.use(shared.middlewares.maintenance);
|
|
|
|
|
|
2021-07-06 17:47:59 +03:00
|
|
|
// Members API shouldn't be cached
|
|
|
|
|
membersApp.use(shared.middlewares.cacheControl('private'));
|
|
|
|
|
|
2020-04-30 19:29:51 +03:00
|
|
|
// Support CORS for requests from the frontend
|
|
|
|
|
const siteUrl = new URL(urlUtils.getSiteUrl());
|
|
|
|
|
membersApp.use(cors(siteUrl.origin));
|
|
|
|
|
|
2020-04-30 09:52:22 +03:00
|
|
|
// Currently global handling for signing in with ?token= magiclinks
|
|
|
|
|
membersApp.use(middleware.createSessionFromMagicLink);
|
|
|
|
|
|
|
|
|
|
// Routing
|
2020-04-30 21:00:37 +03:00
|
|
|
|
|
|
|
|
// Webhooks
|
2020-04-30 21:33:09 +03:00
|
|
|
membersApp.post('/webhooks/stripe', middleware.stripeWebhooks);
|
2020-04-30 09:52:22 +03:00
|
|
|
|
2020-04-30 21:00:37 +03:00
|
|
|
// Initializes members specific routes as well as assigns members specific data to the req/res objects
|
2020-05-22 11:55:13 +03:00
|
|
|
// We don't want to add global bodyParser middleware as that interfers with stripe webhook requests on - `/webhooks`.
|
2020-04-30 21:33:09 +03:00
|
|
|
membersApp.get('/api/member', middleware.getMemberData);
|
2020-05-22 11:55:13 +03:00
|
|
|
membersApp.put('/api/member', bodyParser.json({limit: '1mb'}), middleware.updateMemberData);
|
2020-04-30 21:33:09 +03:00
|
|
|
membersApp.get('/api/session', middleware.getIdentityToken);
|
|
|
|
|
membersApp.delete('/api/session', middleware.deleteSession);
|
2020-04-30 21:50:40 +03:00
|
|
|
membersApp.get('/api/site', middleware.getMemberSiteData);
|
2020-04-30 21:00:37 +03:00
|
|
|
|
2020-04-30 19:29:51 +03:00
|
|
|
// NOTE: this is wrapped in a function to ensure we always go via the getter
|
|
|
|
|
membersApp.post('/api/send-magic-link', (req, res, next) => membersService.api.middleware.sendMagicLink(req, res, next));
|
|
|
|
|
membersApp.post('/api/create-stripe-checkout-session', (req, res, next) => membersService.api.middleware.createCheckoutSession(req, res, next));
|
2020-04-30 21:00:37 +03:00
|
|
|
membersApp.post('/api/create-stripe-update-session', (req, res, next) => membersService.api.middleware.createCheckoutSetupSession(req, res, next));
|
2020-04-30 19:29:51 +03:00
|
|
|
membersApp.put('/api/subscriptions/:id', (req, res, next) => membersService.api.middleware.updateSubscription(req, res, next));
|
|
|
|
|
|
|
|
|
|
// API error handling
|
2020-05-07 23:38:58 +03:00
|
|
|
membersApp.use('/api', shared.middlewares.errorHandler.resourceNotFound);
|
|
|
|
|
membersApp.use('/api', shared.middlewares.errorHandler.handleJSONResponseV2);
|
|
|
|
|
|
|
|
|
|
// Webhook error handling
|
|
|
|
|
membersApp.use('/webhooks', shared.middlewares.errorHandler.resourceNotFound);
|
|
|
|
|
membersApp.use('/webhooks', shared.middlewares.errorHandler.handleJSONResponseV2);
|
2020-04-30 19:29:51 +03:00
|
|
|
|
|
|
|
|
debug('Members App setup end');
|
|
|
|
|
|
2020-04-30 09:52:22 +03:00
|
|
|
return membersApp;
|
|
|
|
|
};
|
