2018-10-05 13:45:17 +03:00
|
|
|
const labs = require('../labs');
|
|
|
|
const common = require('../../lib/common');
|
2016-09-30 14:45:59 +03:00
|
|
|
|
2018-10-05 13:45:17 +03:00
|
|
|
const authorize = {
|
2016-09-30 14:45:59 +03:00
|
|
|
// Workaround for missing permissions
|
|
|
|
// TODO: rework when https://github.com/TryGhost/Ghost/issues/3911 is done
|
|
|
|
requiresAuthorizedUser: function requiresAuthorizedUser(req, res, next) {
|
|
|
|
if (req.user && req.user.id) {
|
|
|
|
return next();
|
|
|
|
} else {
|
2019-01-18 19:33:36 +03:00
|
|
|
return next(new common.errors.NoPermissionError({
|
|
|
|
message: common.i18n.t('errors.middleware.auth.pleaseSignIn')
|
|
|
|
}));
|
2016-09-30 14:45:59 +03:00
|
|
|
}
|
|
|
|
},
|
|
|
|
|
|
|
|
// ### Require user depending on public API being activated.
|
|
|
|
requiresAuthorizedUserPublicAPI: function requiresAuthorizedUserPublicAPI(req, res, next) {
|
|
|
|
if (labs.isSet('publicAPI') === true) {
|
|
|
|
return next();
|
|
|
|
} else {
|
|
|
|
if (req.user && req.user.id) {
|
|
|
|
return next();
|
|
|
|
} else {
|
2019-03-06 12:38:16 +03:00
|
|
|
// CASE: has no user access and public api is disabled
|
|
|
|
if (labs.isSet('publicAPI') !== true) {
|
|
|
|
return next(new common.errors.NoPermissionError({
|
|
|
|
message: common.i18n.t('errors.middleware.auth.publicAPIDisabled.error'),
|
|
|
|
context: common.i18n.t('errors.middleware.auth.publicAPIDisabled.context'),
|
|
|
|
help: common.i18n.t('errors.middleware.auth.forInformationRead', {url: 'https://docs.ghost.org/api/content/'})
|
|
|
|
}));
|
|
|
|
}
|
|
|
|
|
2019-01-18 19:33:36 +03:00
|
|
|
return next(new common.errors.NoPermissionError({
|
|
|
|
message: common.i18n.t('errors.middleware.auth.pleaseSignIn')
|
|
|
|
}));
|
2016-09-30 14:45:59 +03:00
|
|
|
}
|
|
|
|
}
|
2017-08-22 13:15:40 +03:00
|
|
|
},
|
|
|
|
|
|
|
|
// Requires the authenticated client to match specific client
|
|
|
|
requiresAuthorizedClient: function requiresAuthorizedClient(client) {
|
|
|
|
return function doAuthorizedClient(req, res, next) {
|
2017-12-15 12:35:48 +03:00
|
|
|
if (client && (!req.client || !req.client.name || req.client.name !== client)) {
|
2019-01-18 19:33:36 +03:00
|
|
|
return next(new common.errors.NoPermissionError({
|
|
|
|
message: common.i18n.t('errors.permissions.noPermissionToAction')
|
|
|
|
}));
|
2017-08-22 13:15:40 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return next();
|
|
|
|
};
|
2018-10-05 13:45:17 +03:00
|
|
|
},
|
|
|
|
|
2018-11-07 13:29:40 +03:00
|
|
|
authorizeContentApi(req, res, next) {
|
|
|
|
const hasApiKey = req.api_key && req.api_key.id;
|
2018-11-07 13:41:49 +03:00
|
|
|
const hasMember = req.member;
|
2018-11-07 13:29:40 +03:00
|
|
|
if (hasApiKey) {
|
|
|
|
return next();
|
|
|
|
}
|
2018-11-07 13:41:49 +03:00
|
|
|
if (labs.isSet('members') && hasMember) {
|
|
|
|
return next();
|
|
|
|
}
|
2019-01-18 19:33:36 +03:00
|
|
|
return next(new common.errors.NoPermissionError({
|
2019-02-21 09:19:57 +03:00
|
|
|
message: common.i18n.t('errors.middleware.auth.authorizationFailed'),
|
|
|
|
context: common.i18n.t('errors.middleware.auth.missingContentMemberOrIntegration')
|
2019-01-18 19:33:36 +03:00
|
|
|
}));
|
2018-11-07 13:29:40 +03:00
|
|
|
},
|
|
|
|
|
2019-01-18 19:41:52 +03:00
|
|
|
authorizeAdminApi(req, res, next) {
|
2018-10-15 12:23:34 +03:00
|
|
|
const hasUser = req.user && req.user.id;
|
|
|
|
const hasApiKey = req.api_key && req.api_key.id;
|
2019-01-18 19:33:36 +03:00
|
|
|
|
2018-10-15 12:23:34 +03:00
|
|
|
if (hasUser || hasApiKey) {
|
|
|
|
return next();
|
|
|
|
} else {
|
2019-01-18 19:33:36 +03:00
|
|
|
return next(new common.errors.NoPermissionError({
|
2019-02-21 09:19:57 +03:00
|
|
|
message: common.i18n.t('errors.middleware.auth.authorizationFailed'),
|
|
|
|
context: common.i18n.t('errors.middleware.auth.missingAdminUserOrIntegration')
|
2019-01-18 19:33:36 +03:00
|
|
|
}));
|
2018-10-15 12:23:34 +03:00
|
|
|
}
|
|
|
|
}
|
2016-09-30 14:45:59 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
module.exports = authorize;
|