Ghost/core/server/services/members/api.js

const url = require('url');
const settingsCache = require('../settings/cache');
const config = require('../../config');
const MembersApi = require('../../lib/members');
const models = require('../../models');
const mail = require('../mail');

function createMember({name, email, password}) {
    return models.Member.add({
        name,
        email,
        password
    }).then((member) => {
        return member.toJSON();
    });
}

function updateMember(member, newData) {
    return models.Member.findOne(member, {
        require: true
    }).then(({id}) => {
        return models.Member.edit(newData, {id});
    }).then((member) => {
        return member.toJSON();
    });
}

function getMember(data, options) {
    options = options || {};
    return models.Member.findOne(data, options).then((model) => {
        if (!model) {
            return null;
        }
        return model.toJSON(options);
    });
}

function listMembers(options) {
    return models.Member.findPage(options).then((models) => {
        return {
            members: models.data.map(model => model.toJSON(options)),
            meta: models.meta
        };
    });
}

function validateMember({email, password}) {
    return models.Member.findOne({email}, {
        require: true
    }).then((member) => {
        return member.comparePassword(password).then((res) => {
            if (!res) {
                throw new Error('Password is incorrect');
            }
            return member;
        });
    }).then((member) => {
        return member.toJSON();
    });
}

// @TODO this should check some config/settings and return Promise.reject by default
function validateAudience({audience, origin}) {
    if (audience === origin) {
        return Promise.resolve();
    }
    return Promise.resolve();
}

const publicKey = settingsCache.get('members_public_key');
const privateKey = settingsCache.get('members_private_key');
const sessionSecret = settingsCache.get('members_session_secret');
const passwordResetUrl = config.get('url');
const {protocol, host} = url.parse(config.get('url'));
const siteOrigin = `${protocol}//${host}`;
const issuer = siteOrigin;
const ssoOrigin = siteOrigin;
let mailer;

const membersConfig = config.get('members');

function sendEmail(member, {token}) {
    if (!(mailer instanceof mail.GhostMailer)) {
        mailer = new mail.GhostMailer();
    }
    const message = {
        to: member.email,
        subject: 'Reset password',
        html: `
        Hi ${member.name},

        To reset your password, click the following link and follow the instructions:

        ${passwordResetUrl}#reset-password?token=${token}

        If you didn't request a password change, just ignore this email.
        `
    };

    /* eslint-disable */
    // @TODO remove this
    console.log(message.html);
    /* eslint-enable */
    return mailer.send(message).catch((err) => {
        return Promise.reject(err);
    });
}

const api = MembersApi({
    authConfig: {
        issuer,
        publicKey,
        privateKey,
        sessionSecret,
        ssoOrigin
    },
    paymentConfig: {
        processors: membersConfig.paymentProcessors
    },
    validateAudience,
    createMember,
    getMember,
    listMembers,
    validateMember,
    updateMember,
    sendEmail
});

module.exports = api;
module.exports.publicKey = publicKey;
module.exports.paymentConfigured = !!membersConfig.paymentProcessors.length;
🐛 Fixed `URL is not a constructor` for Node v6 (#10289) closes #10287 2018-12-17 14:53:45 +03:00			`const url = require('url');`
Added members service to create instance of members lib (#10261) refs #10213 * Added members service to create instance of members lib 2018-12-11 10:57:01 +03:00			`const settingsCache = require('../settings/cache');`
			`const config = require('../../config');`
			`const MembersApi = require('../../lib/members');`
			`const models = require('../../models');`
			`const mail = require('../mail');`

			`function createMember({name, email, password}) {`
			`return models.Member.add({`
			`name,`
			`email,`
			`password`
			`}).then((member) => {`
			`return member.toJSON();`
			`});`
			`}`

			`function updateMember(member, newData) {`
			`return models.Member.findOne(member, {`
			`require: true`
			`}).then(({id}) => {`
			`return models.Member.edit(newData, {id});`
			`}).then((member) => {`
			`return member.toJSON();`
			`});`
			`}`

Added new admin API for members (#10435) no issue - Added read and browse admin API for members 2019-01-30 14:36:09 +03:00			`function getMember(data, options) {`
			`options = options \|\| {};`
			`return models.Member.findOne(data, options).then((model) => {`
			`if (!model) {`
			`return null;`
			`}`
			`return model.toJSON(options);`
			`});`
			`}`

			`function listMembers(options) {`
			`return models.Member.findPage(options).then((models) => {`
			`return {`
			`members: models.data.map(model => model.toJSON(options)),`
			`meta: models.meta`
			`};`
Added members service to create instance of members lib (#10261) refs #10213 * Added members service to create instance of members lib 2018-12-11 10:57:01 +03:00			`});`
			`}`

			`function validateMember({email, password}) {`
			`return models.Member.findOne({email}, {`
			`require: true`
			`}).then((member) => {`
			`return member.comparePassword(password).then((res) => {`
			`if (!res) {`
			`throw new Error('Password is incorrect');`
			`}`
			`return member;`
			`});`
			`}).then((member) => {`
			`return member.toJSON();`
			`});`
			`}`

			`// @TODO this should check some config/settings and return Promise.reject by default`
			`function validateAudience({audience, origin}) {`
			`if (audience === origin) {`
			`return Promise.resolve();`
			`}`
			`return Promise.resolve();`
			`}`

			`const publicKey = settingsCache.get('members_public_key');`
			`const privateKey = settingsCache.get('members_private_key');`
			`const sessionSecret = settingsCache.get('members_session_secret');`
			`const passwordResetUrl = config.get('url');`
🐛 Fixed `URL is not a constructor` for Node v6 (#10289) closes #10287 2018-12-17 14:53:45 +03:00			`const {protocol, host} = url.parse(config.get('url'));`
			const siteOrigin = `${protocol}//${host}`;
Updated member lib/auth service to use origin of site url (#10271) no-issue 2018-12-11 15:45:03 +03:00			`const issuer = siteOrigin;`
			`const ssoOrigin = siteOrigin;`
Added members service to create instance of members lib (#10261) refs #10213 * Added members service to create instance of members lib 2018-12-11 10:57:01 +03:00			`let mailer;`

Added initial subscription support with stripe to Members API (#10460) These changes introduce a new "service" to the members api, which handles getting and creating subscriptions. This is wired up to get subscription information when creating tokens, and attaching information to the token, so that the Content API can allow/deny access. Behind the subscription service we have a Stripe "payment processor", this holds the logic for creating subscriptions etc... in Stripe. The logic for getting items out of stripe uses a hash of the relevant data as the id to search for, this allows us to forgo keeping stripe data in a db, so that this feature can get out quicker. 2019-02-07 12:41:39 +03:00			`const membersConfig = config.get('members');`

Added members service to create instance of members lib (#10261) refs #10213 * Added members service to create instance of members lib 2018-12-11 10:57:01 +03:00			`function sendEmail(member, {token}) {`
			`if (!(mailer instanceof mail.GhostMailer)) {`
			`mailer = new mail.GhostMailer();`
			`}`
			`const message = {`
			`to: member.email,`
			`subject: 'Reset password',`
			html: `
			`Hi ${member.name},`

			`To reset your password, click the following link and follow the instructions:`

			`${passwordResetUrl}#reset-password?token=${token}`

			`If you didn't request a password change, just ignore this email.`
			`
			`};`

			`/* eslint-disable */`
			`// @TODO remove this`
			`console.log(message.html);`
			`/* eslint-enable */`
			`return mailer.send(message).catch((err) => {`
			`return Promise.reject(err);`
			`});`
			`}`

			`const api = MembersApi({`
Added initial subscription support with stripe to Members API (#10460) These changes introduce a new "service" to the members api, which handles getting and creating subscriptions. This is wired up to get subscription information when creating tokens, and attaching information to the token, so that the Content API can allow/deny access. Behind the subscription service we have a Stripe "payment processor", this holds the logic for creating subscriptions etc... in Stripe. The logic for getting items out of stripe uses a hash of the relevant data as the id to search for, this allows us to forgo keeping stripe data in a db, so that this feature can get out quicker. 2019-02-07 12:41:39 +03:00			`authConfig: {`
Added members service to create instance of members lib (#10261) refs #10213 * Added members service to create instance of members lib 2018-12-11 10:57:01 +03:00			`issuer,`
			`publicKey,`
			`privateKey,`
			`sessionSecret,`
			`ssoOrigin`
			`},`
Added initial subscription support with stripe to Members API (#10460) These changes introduce a new "service" to the members api, which handles getting and creating subscriptions. This is wired up to get subscription information when creating tokens, and attaching information to the token, so that the Content API can allow/deny access. Behind the subscription service we have a Stripe "payment processor", this holds the logic for creating subscriptions etc... in Stripe. The logic for getting items out of stripe uses a hash of the relevant data as the id to search for, this allows us to forgo keeping stripe data in a db, so that this feature can get out quicker. 2019-02-07 12:41:39 +03:00			`paymentConfig: {`
			`processors: membersConfig.paymentProcessors`
			`},`
Added members service to create instance of members lib (#10261) refs #10213 * Added members service to create instance of members lib 2018-12-11 10:57:01 +03:00			`validateAudience,`
			`createMember,`
			`getMember,`
Added new admin API for members (#10435) no issue - Added read and browse admin API for members 2019-01-30 14:36:09 +03:00			`listMembers,`
Added members service to create instance of members lib (#10261) refs #10213 * Added members service to create instance of members lib 2018-12-11 10:57:01 +03:00			`validateMember,`
			`updateMember,`
			`sendEmail`
			`});`

			`module.exports = api;`
			`module.exports.publicKey = publicKey;`
Updated Content API to use members plans to determine permission (#10483) no-issue * Refactored hideMembersOnlyContent to 3 "stages" * Exported paymentConfigured flag from members service * Updated Content-API to check members service for paymentConfigured * Updated members content output serializer to remove content if plan required and no plan * Updated isContentAPI method * Moved api util test 2019-02-14 20:17:02 +03:00			`module.exports.paymentConfigured = !!membersConfig.paymentProcessors.length;`