Ghost/core/server/services/auth/members/index.js

const jwt = require('express-jwt');
const {UnauthorizedError} = require('@tryghost/errors');
const membersService = require('../../members');
const config = require('../../../../shared/config');

let UNO_MEMBERINO;

async function createMiddleware() {
    const url = require('url');
    const {protocol, host} = url.parse(config.get('url'));
    const siteOrigin = `${protocol}//${host}`;

    const membersConfig = await membersService.api.getPublicConfig();
    return jwt({
        credentialsRequired: false,
        requestProperty: 'member',
        audience: siteOrigin,
        issuer: membersConfig.issuer,
        algorithms: ['RS512'],
        secret: membersConfig.publicKey,
        getToken(req) {
            if (!req.get('authorization')) {
                return null;
            }

            const [scheme, credentials] = req.get('authorization').split(/\s+/);

            if (scheme !== 'GhostMembers') {
                return null;
            }

            return credentials;
        }
    });
}

module.exports = {
    get authenticateMembersToken() {
        return async function (req, res, next) {
            if (!UNO_MEMBERINO) {
                UNO_MEMBERINO = await createMiddleware();
            }
            try {
                const middleware = UNO_MEMBERINO;

                middleware(req, res, function (err, ...rest) {
                    if (err && err.name === 'UnauthorizedError') {
                        return next(new UnauthorizedError({err}), ...rest);
                    }
                    return next(err, ...rest);
                });
            } catch (err) {
                next(err);
            }
        };
    }
};
Wired members service up to api and app (#10262) * Updated auth service members middleware refs #10213 * Wired up members api router to the ghost api endpoints refs #10213 * Created members app for the static pages refs #10213 * Wired up the members app refs #10213 2018-12-11 11:18:07 +03:00			`const jwt = require('express-jwt');`
Fixed members auth middleware no-issue The JWT library we used does not throw an error which can be used by Ghost. So we need to catch and wrap it in our own errors from @tryghost/errors. 2021-05-24 12:42:05 +03:00			`const {UnauthorizedError} = require('@tryghost/errors');`
Wired members service up to api and app (#10262) * Updated auth service members middleware refs #10213 * Wired up members api router to the ghost api endpoints refs #10213 * Created members app for the static pages refs #10213 * Wired up the members app refs #10213 2018-12-11 11:18:07 +03:00			`const membersService = require('../../members');`
Moved config from server to shared (#11850) * moved `server/config` to `shared/config` * updated config import paths in server to use shared * updated config import paths in frontend to use shared * updated config import paths in test to use shared * updated config import paths in root to use shared * trigger regression tests * of course the rebase broke tests 2020-05-27 20:47:53 +03:00			`const config = require('../../../../shared/config');`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00
Wired members service up to api and app (#10262) * Updated auth service members middleware refs #10213 * Wired up members api router to the ghost api endpoints refs #10213 * Created members app for the static pages refs #10213 * Wired up the members app refs #10213 2018-12-11 11:18:07 +03:00			`let UNO_MEMBERINO;`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00
Moved StripeAPIService to its own service refs https://github.com/TryGhost/Team/issues/1083 The Offers service is going to need access to the StripeAPIService too, so we need to move it out of the @tryghost/members-api module and make it accessible to both. 2021-10-04 14:18:22 +03:00			`async function createMiddleware() {`
			`const url = require('url');`
			`const {protocol, host} = url.parse(config.get('url'));`
			const siteOrigin = `${protocol}//${host}`;
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00
Moved StripeAPIService to its own service refs https://github.com/TryGhost/Team/issues/1083 The Offers service is going to need access to the StripeAPIService too, so we need to move it out of the @tryghost/members-api module and make it accessible to both. 2021-10-04 14:18:22 +03:00			`const membersConfig = await membersService.api.getPublicConfig();`
			`return jwt({`
			`credentialsRequired: false,`
			`requestProperty: 'member',`
			`audience: siteOrigin,`
			`issuer: membersConfig.issuer,`
			`algorithms: ['RS512'],`
			`secret: membersConfig.publicKey,`
			`getToken(req) {`
			`if (!req.get('authorization')) {`
			`return null;`
			`}`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00
Moved StripeAPIService to its own service refs https://github.com/TryGhost/Team/issues/1083 The Offers service is going to need access to the StripeAPIService too, so we need to move it out of the @tryghost/members-api module and make it accessible to both. 2021-10-04 14:18:22 +03:00			`const [scheme, credentials] = req.get('authorization').split(/\s+/);`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00
Moved StripeAPIService to its own service refs https://github.com/TryGhost/Team/issues/1083 The Offers service is going to need access to the StripeAPIService too, so we need to move it out of the @tryghost/members-api module and make it accessible to both. 2021-10-04 14:18:22 +03:00			`if (scheme !== 'GhostMembers') {`
			`return null;`
			`}`

			`return credentials;`
Wired members service up to api and app (#10262) * Updated auth service members middleware refs #10213 * Wired up members api router to the ghost api endpoints refs #10213 * Created members app for the static pages refs #10213 * Wired up the members app refs #10213 2018-12-11 11:18:07 +03:00			`}`
Moved StripeAPIService to its own service refs https://github.com/TryGhost/Team/issues/1083 The Offers service is going to need access to the StripeAPIService too, so we need to move it out of the @tryghost/members-api module and make it accessible to both. 2021-10-04 14:18:22 +03:00			`});`
			`}`

			`module.exports = {`
			`get authenticateMembersToken() {`
Fixed members auth middleware no-issue The JWT library we used does not throw an error which can be used by Ghost. So we need to catch and wrap it in our own errors from @tryghost/errors. 2021-05-24 12:42:05 +03:00			`return async function (req, res, next) {`
Moved StripeAPIService to its own service refs https://github.com/TryGhost/Team/issues/1083 The Offers service is going to need access to the StripeAPIService too, so we need to move it out of the @tryghost/members-api module and make it accessible to both. 2021-10-04 14:18:22 +03:00			`if (!UNO_MEMBERINO) {`
			`UNO_MEMBERINO = await createMiddleware();`
			`}`
Fixed members auth middleware no-issue The JWT library we used does not throw an error which can be used by Ghost. So we need to catch and wrap it in our own errors from @tryghost/errors. 2021-05-24 12:42:05 +03:00			`try {`
Moved StripeAPIService to its own service refs https://github.com/TryGhost/Team/issues/1083 The Offers service is going to need access to the StripeAPIService too, so we need to move it out of the @tryghost/members-api module and make it accessible to both. 2021-10-04 14:18:22 +03:00			`const middleware = UNO_MEMBERINO;`
Fixed members auth middleware no-issue The JWT library we used does not throw an error which can be used by Ghost. So we need to catch and wrap it in our own errors from @tryghost/errors. 2021-05-24 12:42:05 +03:00
			`middleware(req, res, function (err, ...rest) {`
			`if (err && err.name === 'UnauthorizedError') {`
			`return next(new UnauthorizedError({err}), ...rest);`
			`}`
			`return next(err, ...rest);`
			`});`
			`} catch (err) {`
			`next(err);`
			`}`
Fixed issuer when site and api are diff domains (#10806) no-issue The issuer value is used through the members code base as the identifier for the members api. The existing code did not take into account that the domain/url for the site could be different than for the admin (and the apis). 2019-06-26 12:02:08 +03:00			`};`
Wired members service up to api and app (#10262) * Updated auth service members middleware refs #10213 * Wired up members api router to the ghost api endpoints refs #10213 * Created members app for the static pages refs #10213 * Wired up the members app refs #10213 2018-12-11 11:18:07 +03:00			`}`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00			`};`