Ghost/core/server/services/auth/authorize.js

const labs = require('../labs');
const session = require('./session');
const common = require('../../lib/common');

const authorize = {
    // Workaround for missing permissions
    // TODO: rework when https://github.com/TryGhost/Ghost/issues/3911 is  done
    requiresAuthorizedUser: function requiresAuthorizedUser(req, res, next) {
        if (req.user && req.user.id) {
            return next();
        } else {
            return next(new common.errors.NoPermissionError({message: common.i18n.t('errors.middleware.auth.pleaseSignIn')}));
        }
    },

    // ### Require user depending on public API being activated.
    requiresAuthorizedUserPublicAPI: function requiresAuthorizedUserPublicAPI(req, res, next) {
        if (labs.isSet('publicAPI') === true) {
            return next();
        } else {
            if (req.user && req.user.id) {
                return next();
            } else {
                return next(new common.errors.NoPermissionError({message: common.i18n.t('errors.middleware.auth.pleaseSignIn')}));
            }
        }
    },

    // Requires the authenticated client to match specific client
    requiresAuthorizedClient: function requiresAuthorizedClient(client) {
        return function doAuthorizedClient(req, res, next) {
            if (client && (!req.client || !req.client.name || req.client.name !== client)) {
                return next(new common.errors.NoPermissionError({message: common.i18n.t('errors.permissions.noPermissionToAction')}));
            }

            return next();
        };
    },

    authorizeAdminAPI: [session.ensureUser]
};

module.exports = authorize;
Wired up {GET,POST,DELETE} /session to v2 admin api * Added admin specific auth{enticate,orize} middleware refs #9865 This middleware will be used by the admin api to authenticate and authorize requests * Update v2/admin to use authAdminApi middleware refs #9865 This changes thh auth middleware to use the adminApi authenticate and authorize middlewares underneath, it also renames the middleware to be consistent with the naming of the api. * Removed oauth specific endpoints from /v2/admin refs #9865 These are not to be used in v2/admin * Wired up the session controller to the admin api refs #9865 These endpoints will be used by ghost admin to login, confirm logged in status and logout 2018-10-05 13:45:17 +03:00			`const labs = require('../labs');`
			`const session = require('./session');`
			`const common = require('../../lib/common');`
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks 2016-09-30 14:45:59 +03:00
Wired up {GET,POST,DELETE} /session to v2 admin api * Added admin specific auth{enticate,orize} middleware refs #9865 This middleware will be used by the admin api to authenticate and authorize requests * Update v2/admin to use authAdminApi middleware refs #9865 This changes thh auth middleware to use the adminApi authenticate and authorize middlewares underneath, it also renames the middleware to be consistent with the naming of the api. * Removed oauth specific endpoints from /v2/admin refs #9865 These are not to be used in v2/admin * Wired up the session controller to the admin api refs #9865 These endpoints will be used by ghost admin to login, confirm logged in status and logout 2018-10-05 13:45:17 +03:00			`const authorize = {`
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks 2016-09-30 14:45:59 +03:00			`// Workaround for missing permissions`
			`// TODO: rework when https://github.com/TryGhost/Ghost/issues/3911 is done`
			`requiresAuthorizedUser: function requiresAuthorizedUser(req, res, next) {`
			`if (req.user && req.user.id) {`
			`return next();`
			`} else {`
Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file 2017-12-12 00:47:46 +03:00			`return next(new common.errors.NoPermissionError({message: common.i18n.t('errors.middleware.auth.pleaseSignIn')}));`
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks 2016-09-30 14:45:59 +03:00			`}`
			`},`

			`// ### Require user depending on public API being activated.`
			`requiresAuthorizedUserPublicAPI: function requiresAuthorizedUserPublicAPI(req, res, next) {`
			`if (labs.isSet('publicAPI') === true) {`
			`return next();`
			`} else {`
			`if (req.user && req.user.id) {`
			`return next();`
			`} else {`
Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file 2017-12-12 00:47:46 +03:00			`return next(new common.errors.NoPermissionError({message: common.i18n.t('errors.middleware.auth.pleaseSignIn')}));`
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks 2016-09-30 14:45:59 +03:00			`}`
			`}`
Add ghost-backup client to trigger export (#8911) no issue - adds a ghost-backup client - adds a client authenticated endpoint to export blog for ghost-backup client only - allows some additional overrides during import - allows for an import by file to override locking a user and double hashing the password 2017-08-22 13:15:40 +03:00			`},`

			`// Requires the authenticated client to match specific client`
			`requiresAuthorizedClient: function requiresAuthorizedClient(client) {`
			`return function doAuthorizedClient(req, res, next) {`
Ensure cors check happens for /authentication/token route (#9317) no issue - otherwise external browser clients run into cors problems 2017-12-15 12:35:48 +03:00			`if (client && (!req.client \|\| !req.client.name \|\| req.client.name !== client)) {`
Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file 2017-12-12 00:47:46 +03:00			`return next(new common.errors.NoPermissionError({message: common.i18n.t('errors.permissions.noPermissionToAction')}));`
Add ghost-backup client to trigger export (#8911) no issue - adds a ghost-backup client - adds a client authenticated endpoint to export blog for ghost-backup client only - allows some additional overrides during import - allows for an import by file to override locking a user and double hashing the password 2017-08-22 13:15:40 +03:00			`}`

			`return next();`
			`};`
Wired up {GET,POST,DELETE} /session to v2 admin api * Added admin specific auth{enticate,orize} middleware refs #9865 This middleware will be used by the admin api to authenticate and authorize requests * Update v2/admin to use authAdminApi middleware refs #9865 This changes thh auth middleware to use the adminApi authenticate and authorize middlewares underneath, it also renames the middleware to be consistent with the naming of the api. * Removed oauth specific endpoints from /v2/admin refs #9865 These are not to be used in v2/admin * Wired up the session controller to the admin api refs #9865 These endpoints will be used by ghost admin to login, confirm logged in status and logout 2018-10-05 13:45:17 +03:00			`},`

			`authorizeAdminAPI: [session.ensureUser]`
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks 2016-09-30 14:45:59 +03:00			`};`

			`module.exports = authorize;`