Ghost/core/server/routes/admin.js

var admin       = require('../controllers/admin'),
    config      = require('../config'),
    middleware  = require('../middleware').middleware,

    ONE_HOUR_S  = 60 * 60,
    ONE_YEAR_S  = 365 * 24 * ONE_HOUR_S,

    adminRoutes;

adminRoutes = function (server) {
    // Have ember route look for hits first
    // to prevent conflicts with pre-existing routes
    server.get('/ghost/ember/*', middleware.redirectToSignup, admin.index);

    var subdir = config().paths.subdir;
    // ### Admin routes
    server.get('/logout/', function redirect(req, res) {
        /*jslint unparam:true*/
        res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});
        res.redirect(301, subdir + '/ghost/signout/');
    });
    server.get('/signout/', function redirect(req, res) {
        /*jslint unparam:true*/
        res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});
        res.redirect(301, subdir + '/ghost/signout/');
    });
    server.get('/signin/', function redirect(req, res) {
        /*jslint unparam:true*/
        res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});
        res.redirect(301, subdir + '/ghost/signin/');
    });
    server.get('/signup/', function redirect(req, res) {
        /*jslint unparam:true*/
        res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});
        res.redirect(301, subdir + '/ghost/signup/');
    });

    server.get('/ghost/signout/', admin.signout);
    server.post('/ghost/signout/', admin.doSignout);
    server.get('/ghost/signin/', middleware.redirectToSignup, middleware.redirectToDashboard, admin.signin);
    server.post('/ghost/signin/', admin.doSignin);
    server.get('/ghost/signup/', middleware.redirectToDashboard, admin.signup);
    server.post('/ghost/signup/', admin.doSignup);
    server.get('/ghost/forgotten/', middleware.redirectToDashboard, admin.forgotten);
    server.post('/ghost/forgotten/', admin.doForgotten);
    server.get('/ghost/reset/:token', admin.reset);
    server.post('/ghost/reset/:token', admin.doReset);
    server.post('/ghost/changepw/', admin.doChangePassword);

    server.get('/ghost/editor/:id/:action', admin.editor);
    server.get('/ghost/editor/:id/', admin.editor);
    server.get('/ghost/editor/', admin.editor);
    server.get('/ghost/content/', admin.content);
    server.get('/ghost/settings*', admin.settings);
    server.get('/ghost/debug/', admin.debug.index);

    server.get('/ghost/export/', admin.debug.exportContent);

    server.post('/ghost/upload/', middleware.busboy, admin.upload);

    // redirect to /ghost and let that do the authentication to prevent redirects to /ghost//admin etc.
    server.get(/\/((ghost-admin|admin|wp-admin|dashboard|signin)\/?)$/, function (req, res) {
        /*jslint unparam:true*/
        res.redirect(subdir + '/ghost/');
    });
    server.get(/\/ghost$/, function (req, res) {
        /*jslint unparam:true*/
        res.redirect(subdir + '/ghost/');
    });
    server.get('/ghost/', admin.indexold);
};

module.exports = adminRoutes;
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`var admin = require('../controllers/admin'),`
Update config.theme() after every settings edit fixes #1645 - removes server.get('ghost root') as it is only an alias to config.paths().path, and adds unnecessary indirection - removes config.theme().path as its just an alias to config.paths().path, updated all relevant references - update config.theme.update to only require the api/settings object, and no longer need the config object - modify api/settings.edit to call config.theme.update so that the themeObject is ready for next rendering of template 2013-12-10 08:41:58 +04:00			`config = require('../config'),`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-24 01:49:43 +04:00			`middleware = require('../middleware').middleware,`

			`ONE_HOUR_S = 60 * 60,`
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData 2014-05-08 16:41:19 +04:00			`ONE_YEAR_S = 365 * 24 * ONE_HOUR_S,`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData 2014-05-08 16:41:19 +04:00			`adminRoutes;`

			`adminRoutes = function (server) {`
Flesh out more of the Ember admin no issue - this ports over screens from old admin to allow people to begin working on aspects of the screen - All logged out screens have been imported: Signup, Signin, Forgotten password, reset password - Those screens are now ready for behavior to be ported over - This also updates templates to be more in line with how they were in the old admin - Littered through the code are @TODO comments of functionality that is missing and will need to be resolved before this is production ready - Also scaffolds out the settings screen and every tab 2014-03-10 07:44:08 +04:00			`// Have ember route look for hits first`
			`// to prevent conflicts with pre-existing routes`
Ember redirect to signup closes #2779 - adds temporary code to redirect the ember admin to signup if a user doesn't exist. - done serverside as this makes most sense? 2014-06-03 22:20:30 +04:00			`server.get('/ghost/ember/*', middleware.redirectToSignup, admin.index);`
Flesh out more of the Ember admin no issue - this ports over screens from old admin to allow people to begin working on aspects of the screen - All logged out screens have been imported: Signup, Signin, Forgotten password, reset password - Those screens are now ready for behavior to be ported over - This also updates templates to be more in line with how they were in the old admin - Littered through the code are @TODO comments of functionality that is missing and will need to be resolved before this is production ready - Also scaffolds out the settings screen and every tab 2014-03-10 07:44:08 +04:00
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js 2014-01-05 10:40:53 +04:00			`var subdir = config().paths.subdir;`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`// ### Admin routes`
Remove cookie from Frontend closes #1437 closes #1472 - changed cookie to path:'/ghost' - added conditional CSRF middleware - added redirects for signup, signin, signout to /ghost/sign*/ 2013-11-26 13:38:54 +04:00			`server.get('/logout/', function redirect(req, res) {`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`/jslint unparam:true/`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-24 01:49:43 +04:00			`res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});`
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client 2013-12-28 20:01:08 +04:00			`res.redirect(301, subdir + '/ghost/signout/');`
Remove cookie from Frontend closes #1437 closes #1472 - changed cookie to path:'/ghost' - added conditional CSRF middleware - added redirects for signup, signin, signout to /ghost/sign*/ 2013-11-26 13:38:54 +04:00			`});`
			`server.get('/signout/', function redirect(req, res) {`
			`/jslint unparam:true/`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-24 01:49:43 +04:00			`res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});`
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client 2013-12-28 20:01:08 +04:00			`res.redirect(301, subdir + '/ghost/signout/');`
Remove cookie from Frontend closes #1437 closes #1472 - changed cookie to path:'/ghost' - added conditional CSRF middleware - added redirects for signup, signin, signout to /ghost/sign*/ 2013-11-26 13:38:54 +04:00			`});`
			`server.get('/signin/', function redirect(req, res) {`
			`/jslint unparam:true/`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-24 01:49:43 +04:00			`res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});`
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client 2013-12-28 20:01:08 +04:00			`res.redirect(301, subdir + '/ghost/signin/');`
Remove cookie from Frontend closes #1437 closes #1472 - changed cookie to path:'/ghost' - added conditional CSRF middleware - added redirects for signup, signin, signout to /ghost/sign*/ 2013-11-26 13:38:54 +04:00			`});`
			`server.get('/signup/', function redirect(req, res) {`
			`/jslint unparam:true/`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-24 01:49:43 +04:00			`res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});`
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client 2013-12-28 20:01:08 +04:00			`res.redirect(301, subdir + '/ghost/signup/');`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`});`
Remove cookie from Frontend closes #1437 closes #1472 - changed cookie to path:'/ghost' - added conditional CSRF middleware - added redirects for signup, signin, signout to /ghost/sign*/ 2013-11-26 13:38:54 +04:00
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly 2014-02-25 14:51:12 +04:00			`server.get('/ghost/signout/', admin.signout);`
refreshless user logout fixes #2842 - new Ember route for signout - new API route to allow async signout 2014-06-01 23:30:50 +04:00			`server.post('/ghost/signout/', admin.doSignout);`
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly 2014-02-25 14:51:12 +04:00			`server.get('/ghost/signin/', middleware.redirectToSignup, middleware.redirectToDashboard, admin.signin);`
			`server.post('/ghost/signin/', admin.doSignin);`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`server.get('/ghost/signup/', middleware.redirectToDashboard, admin.signup);`
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly 2014-02-25 14:51:12 +04:00			`server.post('/ghost/signup/', admin.doSignup);`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`server.get('/ghost/forgotten/', middleware.redirectToDashboard, admin.forgotten);`
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly 2014-02-25 14:51:12 +04:00			`server.post('/ghost/forgotten/', admin.doForgotten);`
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods 2013-11-22 07:17:38 +04:00			`server.get('/ghost/reset/:token', admin.reset);`
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly 2014-02-25 14:51:12 +04:00			`server.post('/ghost/reset/:token', admin.doReset);`
			`server.post('/ghost/changepw/', admin.doChangePassword);`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00
Redirect from admin editor to frontend post view closes #2628 - added /view/ route to the editor. if /view/ is appended to the url of a post being edited a redirect to the frontend will occur - updated controller to check for /view/ and built the correct url for the post - added test for the new route 2014-05-01 05:50:24 +04:00			`server.get('/ghost/editor/:id/:action', admin.editor);`
			`server.get('/ghost/editor/:id/', admin.editor);`
Make session expiry less arsey closes #2171 - added authentication middleware - removed authentication from routes - moved authentication before CSRF validation - moved caching rules before authentication - changed/added test 2014-02-14 14:00:11 +04:00			`server.get('/ghost/editor/', admin.editor);`
			`server.get('/ghost/content/', admin.content);`
			`server.get('/ghost/settings*', admin.settings);`
			`server.get('/ghost/debug/', admin.debug.index);`

Remove res.redirect from db.exportContent closes #1654 - added frontend route /ghost/export/ - removed request handling from API 2014-02-27 19:48:38 +04:00			`server.get('/ghost/export/', admin.debug.exportContent);`

Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly 2014-02-25 14:51:12 +04:00			`server.post('/ghost/upload/', middleware.busboy, admin.upload);`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00
			`// redirect to /ghost and let that do the authentication to prevent redirects to /ghost//admin etc.`
Install in sub-directory support. refs #527 2013-11-17 22:40:26 +04:00			`server.get(/\/((ghost-admin\|admin\|wp-admin\|dashboard\|signin)\/?)$/, function (req, res) {`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`/jslint unparam:true/`
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client 2013-12-28 20:01:08 +04:00			`res.redirect(subdir + '/ghost/');`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`});`
Remove useless regex for redirecting /ghost -> /ghost/ 2014-02-20 02:56:06 +04:00			`server.get(/\/ghost$/, function (req, res) {`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`/jslint unparam:true/`
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client 2013-12-28 20:01:08 +04:00			`res.redirect(subdir + '/ghost/');`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`});`
Rename client -> clientold issue #2271 - should allow development of new admin UI whilst still having access to the old ui 2014-02-27 03:15:31 +04:00			`server.get('/ghost/', admin.indexold);`
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData 2014-05-08 16:41:19 +04:00			`};`

			`module.exports = adminRoutes;`