Ghost/core/server/services/auth/api-key/content.js

const models = require('../../../models');
const common = require('../../../lib/common');

const authenticateContentApiKey = function authenticateContentApiKey(req, res, next) {
    // allow fallthrough to other auth methods or final ensureAuthenticated check
    if (!req.query || !req.query.key) {
        return next();
    }

    let key = req.query.key;

    models.ApiKey.findOne({secret: key}).then((apiKey) => {
        if (!apiKey) {
            return next(new common.errors.UnauthorizedError({
                message: common.i18n.t('errors.middleware.auth.unknownContentApiKey'),
                code: 'UNKNOWN_CONTENT_API_KEY'
            }));
        }

        if (apiKey.get('type') !== 'content') {
            return next(new common.errors.UnauthorizedError({
                message: common.i18n.t('errors.middleware.auth.invalidApiKeyType'),
                code: 'INVALID_API_KEY_TYPE'
            }));
        }

        // authenticated OK, store the api key on the request for later checks and logging
        req.api_key = apiKey;
        next();
    }).catch((err) => {
        next(new common.errors.InternalServerError({err}));
    });
};

module.exports = {
    authenticateContentApiKey
};
Added API Key auth middleware to v2 content API (#10005) * Added API Key auth middleware to v2 content API refs #9865 - add `auth.authenticate.authenticateContentApiKey` middleware - accepts `?key=` query param, sets `req.api_key` if it's a known Content API key - add `requiresAuthorizedUserOrApiKey` authorization middleware - passes if either `req.user` or `req.api_key` exists - update `authenticatePublic` middleware stack for v2 content routes * Fixed functional content api tests no-issue This fixes the functional content api tests so they use the content api auth. * Fixed context check and removed skip * Updated cors middleware for content api * Removed client_id from frame.context no-issue The v2 api doesn't have a notion of clients as we do not use oauth for it * Fixed tests for posts input serializer 2018-10-15 12:23:34 +03:00			`const models = require('../../../models');`
			`const common = require('../../../lib/common');`

			`const authenticateContentApiKey = function authenticateContentApiKey(req, res, next) {`
			`// allow fallthrough to other auth methods or final ensureAuthenticated check`
			`if (!req.query \|\| !req.query.key) {`
			`return next();`
			`}`

			`let key = req.query.key;`

			`models.ApiKey.findOne({secret: key}).then((apiKey) => {`
			`if (!apiKey) {`
			`return next(new common.errors.UnauthorizedError({`
			`message: common.i18n.t('errors.middleware.auth.unknownContentApiKey'),`
			`code: 'UNKNOWN_CONTENT_API_KEY'`
			`}));`
			`}`

			`if (apiKey.get('type') !== 'content') {`
			`return next(new common.errors.UnauthorizedError({`
			`message: common.i18n.t('errors.middleware.auth.invalidApiKeyType'),`
			`code: 'INVALID_API_KEY_TYPE'`
			`}));`
			`}`

			`// authenticated OK, store the api key on the request for later checks and logging`
			`req.api_key = apiKey;`
			`next();`
			`}).catch((err) => {`
			`next(new common.errors.InternalServerError({err}));`
			`});`
			`};`

			`module.exports = {`
			`authenticateContentApiKey`
			`};`