Ghost/core/server/apps/private-blogging/lib/middleware.js

var _           = require('lodash'),
    fs          = require('fs'),
    session     = require('cookie-session'),
    crypto      = require('crypto'),
    path        = require('path'),
    Promise     = require('bluebird'),
    config      = require('../../../config'),
    api         = require('../../../api'),
    errors      = require('../../../errors'),
    utils       = require('../../../utils'),
    i18n        = require('../../../i18n'),
    privateRoute = '/' + config.get('routeKeywords').private + '/',
    privateBlogging;

function verifySessionHash(salt, hash) {
    if (!salt || !hash) {
        return Promise.resolve(false);
    }

    return api.settings.read({context: {internal: true}, key: 'password'}).then(function then(response) {
        var hasher = crypto.createHash('sha256');

        hasher.update(response.settings[0].value + salt, 'utf8');

        return hasher.digest('hex') === hash;
    });
}

privateBlogging = {
    checkIsPrivate: function checkIsPrivate(req, res, next) {
        return api.settings.read({context: {internal: true}, key: 'is_private'}).then(function then(response) {
            var pass = response.settings[0];

            if (_.isEmpty(pass.value) || pass.value === 'false') {
                res.isPrivateBlog = false;
                return next();
            }

            res.isPrivateBlog = true;

            return session({
                maxAge: utils.ONE_MONTH_MS,
                signed: false
            })(req, res, next);
        });
    },

    filterPrivateRoutes: function filterPrivateRoutes(req, res, next) {
        if (res.isAdmin || !res.isPrivateBlog || req.url.lastIndexOf(privateRoute, 0) === 0) {
            return next();
        }

        // take care of rss and sitemap 404s
        if (req.path.lastIndexOf('/rss/', 0) === 0 ||
            req.path.lastIndexOf('/rss/') === req.url.length - 5 ||
            (req.path.lastIndexOf('/sitemap', 0) === 0 && req.path.lastIndexOf('.xml') === req.path.length - 4)) {
            return next(new errors.NotFoundError({message: i18n.t('errors.errors.pageNotFound')}));
        } else if (req.url.lastIndexOf('/robots.txt', 0) === 0) {
            fs.readFile(path.resolve(__dirname, '../', 'robots.txt'), function readFile(err, buf) {
                if (err) {
                    return next(err);
                }

                res.writeHead(200, {
                    'Content-Type': 'text/plain',
                    'Content-Length': buf.length,
                    'Cache-Control': 'public, max-age=' + config.get('caching:robotstxt:maxAge')
                });

                res.end(buf);
            });
        } else {
            return privateBlogging.authenticatePrivateSession(req, res, next);
        }
    },

    authenticatePrivateSession: function authenticatePrivateSession(req, res, next) {
        var hash = req.session.token || '',
            salt = req.session.salt || '',
            url;

        return verifySessionHash(salt, hash).then(function then(isVerified) {
            if (isVerified) {
                return next();
            } else {
                url = utils.url.urlFor({relativeUrl: privateRoute});
                url += req.url === '/' ? '' : '?r=' + encodeURIComponent(req.url);
                return res.redirect(url);
            }
        });
    },

    // This is here so a call to /private/ after a session is verified will redirect to home;
    isPrivateSessionAuth: function isPrivateSessionAuth(req, res, next) {
        if (!res.isPrivateBlog) {
            return res.redirect(utils.url.urlFor('home', true));
        }

        var hash = req.session.token || '',
            salt = req.session.salt || '';

        return verifySessionHash(salt, hash).then(function then(isVerified) {
            if (isVerified) {
                // redirect to home if user is already authenticated
                return res.redirect(utils.url.urlFor('home', true));
            } else {
                return next();
            }
        });
    },

    authenticateProtection: function authenticateProtection(req, res, next) {
        // if errors have been generated from the previous call
        if (res.error) {
            return next();
        }

        var bodyPass = req.body.password;

        return api.settings.read({context: {internal: true}, key: 'password'}).then(function then(response) {
            var pass = response.settings[0],
                hasher = crypto.createHash('sha256'),
                salt = Date.now().toString(),
                forward = req.query && req.query.r ? req.query.r : '/';

            if (pass.value === bodyPass) {
                hasher.update(bodyPass + salt, 'utf8');
                req.session.token = hasher.digest('hex');
                req.session.salt = salt;

                return res.redirect(utils.url.urlFor({relativeUrl: decodeURIComponent(forward)}));
            } else {
                res.error = {
                    message: i18n.t('errors.middleware.privateblogging.wrongPassword')
                };
                return next();
            }
        });
    }
};

module.exports = privateBlogging;
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`var _ = require('lodash'),`
			`fs = require('fs'),`
🎨 configurable logging with bunyan (#7431) - 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w 2016-10-04 18:33:43 +03:00			`session = require('cookie-session'),`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`crypto = require('crypto'),`
			`path = require('path'),`
			`Promise = require('bluebird'),`
🎨 configurable logging with bunyan (#7431) - 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w 2016-10-04 18:33:43 +03:00			`config = require('../../../config'),`
			`api = require('../../../api'),`
move private-blogging functionality into an internal app closes #5914, #6589 - moves all private-blogging related code & tests into /server/apps/private-blogging/ - rework Grunt to run private-blogging tests - modify server apps code to have a place for internal apps 2016-04-11 16:58:41 +03:00			`errors = require('../../../errors'),`
			`utils = require('../../../utils'),`
			`i18n = require('../../../i18n'),`
🎨 change how we get and set config refs #6982 - a replace for all config usages - always use config.get or config.set - this a pure replacement, no logic has changed [ci skip] 2016-09-13 18:41:14 +03:00			`privateRoute = '/' + config.get('routeKeywords').private + '/',`
deps: grunt-jscs@2.1.0 no issue - update grunt-jscs dependency - fix deprecated `validateJSDoc` configuration - fix numerous linting errors, including: - use of future-reserved `public` and `private` variable names - use of `[]` instead of dot-notation (especially `express['static']` and `cacheRules['x']`) - extra spaces in `const { run } = Ember` style constructs One issue that did become apparent is that there are conflicting rules that prevent the use of object function shorthand such that both of these: ``` { myFunc() {} } { myFunc () {} } ``` are called out due to either the missing or the extra space before the `(` 2015-10-12 19:54:15 +03:00			`privateBlogging;`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00
			`function verifySessionHash(salt, hash) {`
			`if (!salt \|\| !hash) {`
			`return Promise.resolve(false);`
			`}`

			`return api.settings.read({context: {internal: true}, key: 'password'}).then(function then(response) {`
			`var hasher = crypto.createHash('sha256');`

			`hasher.update(response.settings[0].value + salt, 'utf8');`

			`return hasher.digest('hex') === hash;`
			`});`
			`}`

deps: grunt-jscs@2.1.0 no issue - update grunt-jscs dependency - fix deprecated `validateJSDoc` configuration - fix numerous linting errors, including: - use of future-reserved `public` and `private` variable names - use of `[]` instead of dot-notation (especially `express['static']` and `cacheRules['x']`) - extra spaces in `const { run } = Ember` style constructs One issue that did become apparent is that there are conflicting rules that prevent the use of object function shorthand such that both of these: ``` { myFunc() {} } { myFunc () {} } ``` are called out due to either the missing or the extra space before the `(` 2015-10-12 19:54:15 +03:00			`privateBlogging = {`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`checkIsPrivate: function checkIsPrivate(req, res, next) {`
🎨 settings inconsistency (#8381) no issue - replace camelCase settings keys with underscore_case for consistency - discussed here https://github.com/TryGhost/Ghost-Admin/pull/661#discussion_r112939982 2017-04-24 20:41:00 +03:00			`return api.settings.read({context: {internal: true}, key: 'is_private'}).then(function then(response) {`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`var pass = response.settings[0];`

			`if (_.isEmpty(pass.value) \|\| pass.value === 'false') {`
			`res.isPrivateBlog = false;`
			`return next();`
			`}`

			`res.isPrivateBlog = true;`

			`return session({`
			`maxAge: utils.ONE_MONTH_MS,`
			`signed: false`
			`})(req, res, next);`
			`});`
			`},`

			`filterPrivateRoutes: function filterPrivateRoutes(req, res, next) {`
move private-blogging functionality into an internal app closes #5914, #6589 - moves all private-blogging related code & tests into /server/apps/private-blogging/ - rework Grunt to run private-blogging tests - modify server apps code to have a place for internal apps 2016-04-11 16:58:41 +03:00			`if (res.isAdmin \|\| !res.isPrivateBlog \|\| req.url.lastIndexOf(privateRoute, 0) === 0) {`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`return next();`
			`}`

			`// take care of rss and sitemap 404s`
Disallow access to author/tag rss feeds if private blogging is on - Also fixes an issue where posts/tags with slugs starting with rss/sitemap became inaccessible fixes #6290 2016-01-07 17:03:39 +03:00			`if (req.path.lastIndexOf('/rss/', 0) === 0 \|\|`
			`req.path.lastIndexOf('/rss/') === req.url.length - 5 \|\|`
			`(req.path.lastIndexOf('/sitemap', 0) === 0 && req.path.lastIndexOf('.xml') === req.path.length - 4)) {`
✨ Error creation (#7477) refs #7116, refs #2001 - Changes the way Ghost errors are implemented to benefit from proper inheritance - Moves all error definitions into a single file - Changes the error constructor to take an options object, rather than needing the arguments to be passed in the correct order. - Provides a wrapper so that any errors that haven't already been converted to GhostErrors get converted before they are displayed. Summary of changes: * 🐛 set NODE_ENV in config handler * ✨ add GhostError implementation (core/server/errors.js) - register all errors in one file - inheritance from GhostError - option pattern * 🔥 remove all error files * ✨ wrap all errors into GhostError in case of HTTP * 🎨 adaptions - option pattern for errors - use GhostError when needed * 🎨 revert debug deletion and add TODO for error id's 2016-10-06 15:27:35 +03:00			`return next(new errors.NotFoundError({message: i18n.t('errors.errors.pageNotFound')}));`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`} else if (req.url.lastIndexOf('/robots.txt', 0) === 0) {`
move private-blogging functionality into an internal app closes #5914, #6589 - moves all private-blogging related code & tests into /server/apps/private-blogging/ - rework Grunt to run private-blogging tests - modify server apps code to have a place for internal apps 2016-04-11 16:58:41 +03:00			`fs.readFile(path.resolve(__dirname, '../', 'robots.txt'), function readFile(err, buf) {`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`if (err) {`
			`return next(err);`
			`}`
🎨 add cache control configurations into the default config refs #7488 - cache control can be overridden if needed 2017-05-29 23:10:32 +03:00
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`res.writeHead(200, {`
			`'Content-Type': 'text/plain',`
			`'Content-Length': buf.length,`
🎨 add cache control configurations into the default config refs #7488 - cache control can be overridden if needed 2017-05-29 23:10:32 +03:00			`'Cache-Control': 'public, max-age=' + config.get('caching:robotstxt:maxAge')`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`});`
🎨 add cache control configurations into the default config refs #7488 - cache control can be overridden if needed 2017-05-29 23:10:32 +03:00
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`res.end(buf);`
			`});`
			`} else {`
deps: grunt-jscs@2.1.0 no issue - update grunt-jscs dependency - fix deprecated `validateJSDoc` configuration - fix numerous linting errors, including: - use of future-reserved `public` and `private` variable names - use of `[]` instead of dot-notation (especially `express['static']` and `cacheRules['x']`) - extra spaces in `const { run } = Ember` style constructs One issue that did become apparent is that there are conflicting rules that prevent the use of object function shorthand such that both of these: ``` { myFunc() {} } { myFunc () {} } ``` are called out due to either the missing or the extra space before the `(` 2015-10-12 19:54:15 +03:00			`return privateBlogging.authenticatePrivateSession(req, res, next);`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`}`
			`},`

			`authenticatePrivateSession: function authenticatePrivateSession(req, res, next) {`
			`var hash = req.session.token \|\| '',`
			`salt = req.session.salt \|\| '',`
			`url;`

			`return verifySessionHash(salt, hash).then(function then(isVerified) {`
			`if (isVerified) {`
			`return next();`
			`} else {`
:art: source out url utils from ConfigManager (#7347) refs #6982 2016-09-09 13:23:47 +03:00			`url = utils.url.urlFor({relativeUrl: privateRoute});`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`url += req.url === '/' ? '' : '?r=' + encodeURIComponent(req.url);`
			`return res.redirect(url);`
			`}`
			`});`
			`},`

			`// This is here so a call to /private/ after a session is verified will redirect to home;`
			`isPrivateSessionAuth: function isPrivateSessionAuth(req, res, next) {`
			`if (!res.isPrivateBlog) {`
:art: source out url utils from ConfigManager (#7347) refs #6982 2016-09-09 13:23:47 +03:00			`return res.redirect(utils.url.urlFor('home', true));`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`}`

			`var hash = req.session.token \|\| '',`
			`salt = req.session.salt \|\| '';`

			`return verifySessionHash(salt, hash).then(function then(isVerified) {`
			`if (isVerified) {`
			`// redirect to home if user is already authenticated`
:art: source out url utils from ConfigManager (#7347) refs #6982 2016-09-09 13:23:47 +03:00			`return res.redirect(utils.url.urlFor('home', true));`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`} else {`
			`return next();`
			`}`
			`});`
			`},`

			`authenticateProtection: function authenticateProtection(req, res, next) {`
			`// if errors have been generated from the previous call`
			`if (res.error) {`
			`return next();`
			`}`

			`var bodyPass = req.body.password;`

			`return api.settings.read({context: {internal: true}, key: 'password'}).then(function then(response) {`
			`var pass = response.settings[0],`
			`hasher = crypto.createHash('sha256'),`
			`salt = Date.now().toString(),`
			`forward = req.query && req.query.r ? req.query.r : '/';`

			`if (pass.value === bodyPass) {`
			`hasher.update(bodyPass + salt, 'utf8');`
			`req.session.token = hasher.digest('hex');`
			`req.session.salt = salt;`

:art: source out url utils from ConfigManager (#7347) refs #6982 2016-09-09 13:23:47 +03:00			`return res.redirect(utils.url.urlFor({relativeUrl: decodeURIComponent(forward)}));`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`} else {`
			`res.error = {`
Harvest server side strings closes #5617 - Replace all hard-coded server-side strings with i18n translations 2015-11-12 15:29:45 +03:00			`message: i18n.t('errors.middleware.privateblogging.wrongPassword')`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`};`
			`return next();`
			`}`
			`});`
			`}`
			`};`

deps: grunt-jscs@2.1.0 no issue - update grunt-jscs dependency - fix deprecated `validateJSDoc` configuration - fix numerous linting errors, including: - use of future-reserved `public` and `private` variable names - use of `[]` instead of dot-notation (especially `express['static']` and `cacheRules['x']`) - extra spaces in `const { run } = Ember` style constructs One issue that did become apparent is that there are conflicting rules that prevent the use of object function shorthand such that both of these: ``` { myFunc() {} } { myFunc () {} } ``` are called out due to either the missing or the extra space before the `(` 2015-10-12 19:54:15 +03:00			`module.exports = privateBlogging;`