2013-12-06 12:51:35 +04:00
|
|
|
var config = require('../config'),
|
2013-09-24 14:46:30 +04:00
|
|
|
_ = require('underscore'),
|
|
|
|
path = require('path'),
|
2013-11-22 07:17:38 +04:00
|
|
|
when = require('when'),
|
2013-09-24 14:46:30 +04:00
|
|
|
api = require('../api'),
|
2013-11-28 06:45:01 +04:00
|
|
|
mailer = require('../mail'),
|
2013-09-24 14:46:30 +04:00
|
|
|
errors = require('../errorHandling'),
|
2013-11-07 20:00:39 +04:00
|
|
|
storage = require('../storage'),
|
2014-01-03 19:50:03 +04:00
|
|
|
updateCheck = require('../update-check'),
|
2013-09-24 14:46:30 +04:00
|
|
|
|
2013-06-25 15:43:15 +04:00
|
|
|
adminNavbar,
|
2013-08-22 23:48:36 +04:00
|
|
|
adminControllers,
|
|
|
|
loginSecurity = [];
|
2013-05-11 20:44:25 +04:00
|
|
|
|
2013-06-25 15:43:15 +04:00
|
|
|
// TODO: combine path/navClass to single "slug(?)" variable with no prefix
|
|
|
|
adminNavbar = {
|
|
|
|
content: {
|
|
|
|
name: 'Content',
|
|
|
|
navClass: 'content',
|
|
|
|
key: 'admin.navbar.content',
|
2013-09-11 18:38:09 +04:00
|
|
|
path: '/'
|
2013-06-25 15:43:15 +04:00
|
|
|
},
|
|
|
|
add: {
|
|
|
|
name: 'New Post',
|
|
|
|
navClass: 'editor',
|
|
|
|
key: 'admin.navbar.editor',
|
|
|
|
path: '/editor/'
|
|
|
|
},
|
|
|
|
settings: {
|
|
|
|
name: 'Settings',
|
|
|
|
navClass: 'settings',
|
|
|
|
key: 'admin.navbar.settings',
|
|
|
|
path: '/settings/'
|
|
|
|
}
|
|
|
|
};
|
2013-05-11 20:44:25 +04:00
|
|
|
|
2013-08-22 23:48:36 +04:00
|
|
|
|
2013-06-25 20:58:26 +04:00
|
|
|
// TODO: make this a util or helper
|
2013-06-25 15:43:15 +04:00
|
|
|
function setSelected(list, name) {
|
|
|
|
_.each(list, function (item, key) {
|
|
|
|
item.selected = key === name;
|
2013-05-29 04:10:39 +04:00
|
|
|
});
|
2013-06-25 15:43:15 +04:00
|
|
|
return list;
|
|
|
|
}
|
2013-05-29 04:10:39 +04:00
|
|
|
|
2013-06-25 15:43:15 +04:00
|
|
|
adminControllers = {
|
2013-08-05 21:31:29 +04:00
|
|
|
'uploader': function (req, res) {
|
2013-09-28 17:54:26 +04:00
|
|
|
var type = req.files.uploadimage.type,
|
2013-08-14 00:04:07 +04:00
|
|
|
ext = path.extname(req.files.uploadimage.name).toLowerCase(),
|
2013-11-07 20:00:39 +04:00
|
|
|
store = storage.get_storage();
|
2013-09-28 17:54:26 +04:00
|
|
|
|
2013-11-12 22:37:54 +04:00
|
|
|
if ((type !== 'image/jpeg' && type !== 'image/png' && type !== 'image/gif' && type !== 'image/svg+xml')
|
|
|
|
|| (ext !== '.jpg' && ext !== '.jpeg' && ext !== '.png' && ext !== '.gif' && ext !== '.svg' && ext !== '.svgz')) {
|
2013-09-28 17:54:26 +04:00
|
|
|
return res.send(415, 'Unsupported Media Type');
|
|
|
|
}
|
2013-08-05 21:31:29 +04:00
|
|
|
|
2013-11-07 20:00:39 +04:00
|
|
|
store
|
|
|
|
.save(req.files.uploadimage)
|
2013-09-28 17:54:26 +04:00
|
|
|
.then(function (url) {
|
2013-11-07 20:00:39 +04:00
|
|
|
return res.send(url);
|
2013-09-28 17:54:26 +04:00
|
|
|
})
|
|
|
|
.otherwise(function (e) {
|
2014-01-11 17:40:21 +04:00
|
|
|
errors.logError(e);
|
|
|
|
return res.send(500, e.message);
|
2013-08-05 21:31:29 +04:00
|
|
|
});
|
|
|
|
},
|
2013-06-25 15:43:15 +04:00
|
|
|
'login': function (req, res) {
|
2013-10-31 22:02:34 +04:00
|
|
|
/*jslint unparam:true*/
|
2013-09-12 12:59:58 +04:00
|
|
|
res.render('login', {
|
2013-06-25 15:43:15 +04:00
|
|
|
bodyClass: 'ghost-login',
|
|
|
|
hideNavbar: true,
|
|
|
|
adminNav: setSelected(adminNavbar, 'login')
|
2013-05-11 20:44:25 +04:00
|
|
|
});
|
2013-06-25 15:43:15 +04:00
|
|
|
},
|
|
|
|
'auth': function (req, res) {
|
2013-12-06 12:51:35 +04:00
|
|
|
var currentTime = process.hrtime()[0],
|
2014-01-05 06:46:15 +04:00
|
|
|
remoteAddress = req.connection.remoteAddress,
|
2013-08-22 23:48:36 +04:00
|
|
|
denied = '';
|
|
|
|
loginSecurity = _.filter(loginSecurity, function (ipTime) {
|
|
|
|
return (ipTime.time + 2 > currentTime);
|
|
|
|
});
|
|
|
|
denied = _.find(loginSecurity, function (ipTime) {
|
2014-01-05 06:46:15 +04:00
|
|
|
return (ipTime.ip === remoteAddress);
|
2013-06-25 15:43:15 +04:00
|
|
|
});
|
2013-08-22 23:48:36 +04:00
|
|
|
|
|
|
|
if (!denied) {
|
2014-01-05 06:46:15 +04:00
|
|
|
loginSecurity.push({ip: remoteAddress, time: currentTime});
|
2013-08-22 23:48:36 +04:00
|
|
|
api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) {
|
2013-11-24 18:29:36 +04:00
|
|
|
req.session.regenerate(function (err) {
|
|
|
|
if (!err) {
|
|
|
|
req.session.user = user.id;
|
2013-12-28 20:01:08 +04:00
|
|
|
var redirect = config.paths().subdir + '/ghost/';
|
2013-11-27 06:31:27 +04:00
|
|
|
if (req.body.redirect) {
|
|
|
|
redirect += decodeURIComponent(req.body.redirect);
|
|
|
|
}
|
2014-01-05 06:46:15 +04:00
|
|
|
// If this IP address successfully logins we
|
|
|
|
// can remove it from the array of failed login attempts.
|
|
|
|
loginSecurity = _.reject(loginSecurity, function (ipTime) {
|
|
|
|
return ipTime.ip === remoteAddress;
|
|
|
|
});
|
2013-11-27 06:31:27 +04:00
|
|
|
res.json(200, {redirect: redirect});
|
2013-11-24 18:29:36 +04:00
|
|
|
}
|
|
|
|
});
|
2013-08-22 23:48:36 +04:00
|
|
|
}, function (error) {
|
|
|
|
res.json(401, {error: error.message});
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
res.json(401, {error: 'Slow down, there are way too many login attempts!'});
|
|
|
|
}
|
2013-06-25 15:43:15 +04:00
|
|
|
},
|
2013-10-25 22:11:33 +04:00
|
|
|
'changepw': function (req, res) {
|
2013-11-22 07:17:38 +04:00
|
|
|
return api.users.changePassword({
|
2013-08-09 05:22:49 +04:00
|
|
|
currentUser: req.session.user,
|
2013-08-06 03:49:06 +04:00
|
|
|
oldpw: req.body.password,
|
|
|
|
newpw: req.body.newpassword,
|
|
|
|
ne2pw: req.body.ne2password
|
2013-08-20 22:52:44 +04:00
|
|
|
}).then(function () {
|
2013-08-06 03:49:06 +04:00
|
|
|
res.json(200, {msg: 'Password changed successfully'});
|
|
|
|
}, function (error) {
|
2013-08-20 22:52:44 +04:00
|
|
|
res.send(401, {error: error.message});
|
2013-08-06 03:49:06 +04:00
|
|
|
});
|
|
|
|
},
|
2013-06-25 15:43:15 +04:00
|
|
|
'signup': function (req, res) {
|
2013-10-31 22:02:34 +04:00
|
|
|
/*jslint unparam:true*/
|
2013-06-25 15:43:15 +04:00
|
|
|
res.render('signup', {
|
2013-09-12 12:59:58 +04:00
|
|
|
bodyClass: 'ghost-signup',
|
2013-06-25 15:43:15 +04:00
|
|
|
hideNavbar: true,
|
|
|
|
adminNav: setSelected(adminNavbar, 'login')
|
|
|
|
});
|
|
|
|
},
|
|
|
|
'doRegister': function (req, res) {
|
2013-12-06 12:51:35 +04:00
|
|
|
var name = req.body.name,
|
2013-09-08 23:16:40 +04:00
|
|
|
email = req.body.email,
|
2013-06-25 15:43:15 +04:00
|
|
|
password = req.body.password;
|
2013-05-11 20:44:25 +04:00
|
|
|
|
2013-08-19 01:50:42 +04:00
|
|
|
api.users.add({
|
2013-09-12 02:04:49 +04:00
|
|
|
name: name,
|
|
|
|
email: email,
|
2013-08-19 01:50:42 +04:00
|
|
|
password: password
|
|
|
|
}).then(function (user) {
|
2013-09-17 06:08:36 +04:00
|
|
|
api.settings.edit('email', email).then(function () {
|
2013-12-29 01:42:52 +04:00
|
|
|
var message = {
|
|
|
|
to: email,
|
|
|
|
subject: 'Your New Ghost Blog',
|
|
|
|
html: '<p><strong>Hello!</strong></p>' +
|
|
|
|
'<p>Good news! You\'ve successfully created a brand new Ghost blog over on ' + config().url + '</p>' +
|
|
|
|
'<p>You can log in to your admin account with the following details:</p>' +
|
|
|
|
'<p> Email Address: ' + email + '<br>' +
|
|
|
|
'Password: The password you chose when you signed up</p>' +
|
|
|
|
'<p>Keep this email somewhere safe for future reference, and have fun!</p>' +
|
|
|
|
'<p>xoxo</p>' +
|
|
|
|
'<p>Team Ghost<br>' +
|
|
|
|
'<a href="https://ghost.org">https://ghost.org</a></p>'
|
|
|
|
};
|
|
|
|
mailer.send(message).otherwise(function (error) {
|
|
|
|
errors.logError('Unable to send welcome email. Reason: \n' + error.message);
|
|
|
|
});
|
|
|
|
|
2013-11-24 18:29:36 +04:00
|
|
|
req.session.regenerate(function (err) {
|
|
|
|
if (!err) {
|
|
|
|
if (req.session.user === undefined) {
|
|
|
|
req.session.user = user.id;
|
|
|
|
}
|
2013-12-28 20:01:08 +04:00
|
|
|
res.json(200, {redirect: config.paths().subdir + '/ghost/'});
|
2013-11-24 18:29:36 +04:00
|
|
|
}
|
|
|
|
});
|
2013-09-17 06:08:36 +04:00
|
|
|
});
|
|
|
|
}).otherwise(function (error) {
|
2013-08-19 01:50:42 +04:00
|
|
|
res.json(401, {error: error.message});
|
|
|
|
});
|
2013-06-25 15:43:15 +04:00
|
|
|
},
|
2013-09-01 02:20:12 +04:00
|
|
|
'forgotten': function (req, res) {
|
2013-10-31 22:02:34 +04:00
|
|
|
/*jslint unparam:true*/
|
2013-09-12 12:59:58 +04:00
|
|
|
res.render('forgotten', {
|
2013-09-01 02:20:12 +04:00
|
|
|
bodyClass: 'ghost-forgotten',
|
|
|
|
hideNavbar: true,
|
|
|
|
adminNav: setSelected(adminNavbar, 'login')
|
|
|
|
});
|
|
|
|
},
|
2013-11-22 07:17:38 +04:00
|
|
|
'generateResetToken': function (req, res) {
|
2013-12-06 12:51:35 +04:00
|
|
|
var email = req.body.email;
|
2013-09-01 02:20:12 +04:00
|
|
|
|
2013-11-22 07:17:38 +04:00
|
|
|
api.users.generateResetToken(email).then(function (token) {
|
2013-11-20 17:58:52 +04:00
|
|
|
var siteLink = '<a href="' + config().url + '">' + config().url + '</a>',
|
2013-12-05 00:58:59 +04:00
|
|
|
resetUrl = config().url.replace(/\/$/, '') + '/ghost/reset/' + token + '/',
|
2013-11-22 07:17:38 +04:00
|
|
|
resetLink = '<a href="' + resetUrl + '">' + resetUrl + '</a>',
|
|
|
|
message = {
|
2013-09-01 02:20:12 +04:00
|
|
|
to: email,
|
2013-11-22 07:17:38 +04:00
|
|
|
subject: 'Reset Password',
|
|
|
|
html: '<p><strong>Hello!</strong></p>' +
|
|
|
|
'<p>A request has been made to reset the password on the site ' + siteLink + '.</p>' +
|
|
|
|
'<p>Please follow the link below to reset your password:<br><br>' + resetLink + '</p>' +
|
|
|
|
'<p>Ghost</p>'
|
2013-09-01 02:20:12 +04:00
|
|
|
};
|
|
|
|
|
2013-11-28 06:45:01 +04:00
|
|
|
return mailer.send(message);
|
2013-09-04 17:57:41 +04:00
|
|
|
}).then(function success() {
|
|
|
|
var notification = {
|
|
|
|
type: 'success',
|
2013-11-22 07:17:38 +04:00
|
|
|
message: 'Check your email for further instructions',
|
2013-09-04 17:57:41 +04:00
|
|
|
status: 'passive',
|
|
|
|
id: 'successresetpw'
|
|
|
|
};
|
|
|
|
|
|
|
|
return api.notifications.add(notification).then(function () {
|
2013-12-28 20:01:08 +04:00
|
|
|
res.json(200, {redirect: config.paths().subdir + '/ghost/signin/'});
|
2013-09-04 17:57:41 +04:00
|
|
|
});
|
2013-09-01 02:20:12 +04:00
|
|
|
|
2013-09-04 17:57:41 +04:00
|
|
|
}, function failure(error) {
|
2013-11-22 07:17:38 +04:00
|
|
|
// TODO: This is kind of sketchy, depends on magic string error.message from Bookshelf.
|
|
|
|
// TODO: It's debatable whether we want to just tell the user we sent the email in this case or not, we are giving away sensitive info here.
|
|
|
|
if (error && error.message === 'EmptyResponse') {
|
|
|
|
error.message = "Invalid email address";
|
|
|
|
}
|
|
|
|
|
2013-09-01 02:20:12 +04:00
|
|
|
res.json(401, {error: error.message});
|
2013-11-22 07:17:38 +04:00
|
|
|
});
|
|
|
|
},
|
|
|
|
'reset': function (req, res) {
|
2013-12-06 12:51:35 +04:00
|
|
|
// Validate the request token
|
|
|
|
var token = req.params.token;
|
2013-11-22 07:17:38 +04:00
|
|
|
|
|
|
|
api.users.validateToken(token).then(function () {
|
|
|
|
// Render the reset form
|
|
|
|
res.render('reset', {
|
|
|
|
bodyClass: 'ghost-reset',
|
|
|
|
hideNavbar: true,
|
|
|
|
adminNav: setSelected(adminNavbar, 'reset')
|
|
|
|
});
|
|
|
|
}).otherwise(function (err) {
|
|
|
|
// Redirect to forgotten if invalid token
|
|
|
|
var notification = {
|
|
|
|
type: 'error',
|
|
|
|
message: 'Invalid or expired token',
|
|
|
|
status: 'persistent',
|
|
|
|
id: 'errorinvalidtoken'
|
|
|
|
};
|
|
|
|
|
|
|
|
errors.logError(err, 'admin.js', "Please check the provided token for validity and expiration.");
|
|
|
|
|
|
|
|
return api.notifications.add(notification).then(function () {
|
2013-12-28 20:01:08 +04:00
|
|
|
res.redirect(config.paths().subdir + '/ghost/forgotten');
|
2013-11-22 07:17:38 +04:00
|
|
|
});
|
|
|
|
});
|
|
|
|
},
|
|
|
|
'resetPassword': function (req, res) {
|
2013-12-06 12:51:35 +04:00
|
|
|
var token = req.params.token,
|
2013-11-22 07:17:38 +04:00
|
|
|
newPassword = req.param('newpassword'),
|
|
|
|
ne2Password = req.param('ne2password');
|
|
|
|
|
|
|
|
api.users.resetPassword(token, newPassword, ne2Password).then(function () {
|
|
|
|
var notification = {
|
|
|
|
type: 'success',
|
|
|
|
message: 'Password changed successfully.',
|
|
|
|
status: 'passive',
|
|
|
|
id: 'successresetpw'
|
|
|
|
};
|
|
|
|
|
|
|
|
return api.notifications.add(notification).then(function () {
|
2013-12-28 20:01:08 +04:00
|
|
|
res.json(200, {redirect: config.paths().subdir + '/ghost/signin/'});
|
2013-11-22 07:17:38 +04:00
|
|
|
});
|
|
|
|
}).otherwise(function (err) {
|
|
|
|
// TODO: Better error message if we can tell whether the passwords didn't match or something
|
|
|
|
res.json(401, {error: err.message});
|
|
|
|
});
|
2013-09-01 02:20:12 +04:00
|
|
|
},
|
2013-06-25 15:43:15 +04:00
|
|
|
'logout': function (req, res) {
|
2013-11-24 18:29:36 +04:00
|
|
|
req.session.destroy();
|
2013-11-27 06:31:27 +04:00
|
|
|
|
2013-12-06 12:51:35 +04:00
|
|
|
var notification = {
|
2013-11-27 06:31:27 +04:00
|
|
|
type: 'success',
|
|
|
|
message: 'You were successfully signed out',
|
|
|
|
status: 'passive',
|
|
|
|
id: 'successlogout'
|
|
|
|
};
|
2013-08-20 03:40:09 +04:00
|
|
|
|
2013-09-04 17:57:41 +04:00
|
|
|
return api.notifications.add(notification).then(function () {
|
2013-12-28 20:01:08 +04:00
|
|
|
res.redirect(config.paths().subdir + '/ghost/signin/');
|
2013-09-04 17:57:41 +04:00
|
|
|
});
|
2013-06-25 15:43:15 +04:00
|
|
|
},
|
|
|
|
'index': function (req, res) {
|
2013-10-31 22:02:34 +04:00
|
|
|
/*jslint unparam:true*/
|
2014-01-03 19:50:03 +04:00
|
|
|
function renderIndex() {
|
|
|
|
res.render('content', {
|
|
|
|
bodyClass: 'manage',
|
|
|
|
adminNav: setSelected(adminNavbar, 'content')
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
when.join(
|
|
|
|
updateCheck(res),
|
|
|
|
when(renderIndex())
|
|
|
|
// an error here should just get logged
|
|
|
|
).otherwise(errors.logError);
|
2013-06-25 15:43:15 +04:00
|
|
|
},
|
|
|
|
'editor': function (req, res) {
|
|
|
|
if (req.params.id !== undefined) {
|
2013-09-05 00:05:36 +04:00
|
|
|
res.render('editor', {
|
|
|
|
bodyClass: 'editor',
|
|
|
|
adminNav: setSelected(adminNavbar, 'content')
|
|
|
|
});
|
2013-06-25 15:43:15 +04:00
|
|
|
} else {
|
|
|
|
res.render('editor', {
|
|
|
|
bodyClass: 'editor',
|
|
|
|
adminNav: setSelected(adminNavbar, 'add')
|
|
|
|
});
|
|
|
|
}
|
|
|
|
},
|
|
|
|
'content': function (req, res) {
|
2013-10-31 22:02:34 +04:00
|
|
|
/*jslint unparam:true*/
|
2013-09-05 00:05:36 +04:00
|
|
|
res.render('content', {
|
|
|
|
bodyClass: 'manage',
|
|
|
|
adminNav: setSelected(adminNavbar, 'content')
|
|
|
|
});
|
2013-06-25 15:43:15 +04:00
|
|
|
},
|
2013-09-18 06:31:43 +04:00
|
|
|
'settings': function (req, res, next) {
|
|
|
|
|
|
|
|
// TODO: Centralise list/enumeration of settings panes, so we don't
|
|
|
|
// run into trouble in future.
|
2013-09-24 14:46:30 +04:00
|
|
|
var allowedSections = ['', 'general', 'user'],
|
|
|
|
section = req.url.replace(/(^\/ghost\/settings[\/]*|\/$)/ig, '');
|
2013-09-18 06:31:43 +04:00
|
|
|
|
|
|
|
if (allowedSections.indexOf(section) < 0) {
|
|
|
|
return next();
|
|
|
|
}
|
|
|
|
|
2013-09-05 00:05:36 +04:00
|
|
|
res.render('settings', {
|
|
|
|
bodyClass: 'settings',
|
|
|
|
adminNav: setSelected(adminNavbar, 'settings')
|
|
|
|
});
|
2013-06-25 15:43:15 +04:00
|
|
|
},
|
|
|
|
'debug': { /* ugly temporary stuff for managing the app before it's properly finished */
|
|
|
|
index: function (req, res) {
|
2013-10-31 22:02:34 +04:00
|
|
|
/*jslint unparam:true*/
|
2013-06-25 15:43:15 +04:00
|
|
|
res.render('debug', {
|
|
|
|
bodyClass: 'settings',
|
|
|
|
adminNav: setSelected(adminNavbar, 'settings')
|
|
|
|
});
|
2013-05-11 20:44:25 +04:00
|
|
|
}
|
2013-06-25 15:43:15 +04:00
|
|
|
}
|
|
|
|
};
|
2013-05-11 20:44:25 +04:00
|
|
|
|
2013-08-09 05:22:49 +04:00
|
|
|
module.exports = adminControllers;
|