TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-21 09:52:06 +03:00
Code Issues Projects Releases Wiki Activity
de3a45a805
Ghost/core/frontend/web/middleware/serve-public-file.js

119 lines
4.1 KiB
JavaScript
Raw Normal View History

ES6 migration: server/web/ (#9886) refs #9589
2018-09-20 16:03:33 +03:00
const crypto = require('crypto');
const fs = require('fs-extra');
const path = require('path');
Swapped common for @tryghost/errors in core/server/web - Update all references to common.errors to use @tryghost/errors - Use dereferencing to only require used bits of common in each file
2020-04-09 21:40:00 +03:00
const errors = require('@tryghost/errors');
Moved server/web/site to frontend/web - we're slowly trying to draw the lines between the backend and the frontend correctly - these files deal only with serving the frontend so they should live there - there are lots of mixed requires in these files, so having them in the right place makes that clear
2021-10-16 18:26:05 +03:00
const config = require('../../../shared/config');
const urlUtils = require('../../../shared/url-utils');
Replaced i18n.t w/ tpl helper in serve-public-file.js (#13429) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package.
2021-10-05 12:00:28 +03:00
const tpl = require('@tryghost/tpl');
const messages = {
Ensured nonexistant public files fallback to 404 - If we register the serve public file middleware for a file that doesn't exist, this will currently throw an ENOENT error - Instead, we want to fall back to a standard 404 so that this behaves normally - This will be useful for the card asset service, where the cards.min.css and cards.min.js files may or may not exist
2021-11-04 14:54:22 +03:00
imageNotFound: 'Image not found',
fileNotFound: 'File not found'
Replaced i18n.t w/ tpl helper in serve-public-file.js (#13429) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package.
2021-10-05 12:00:28 +03:00
};
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 19:01:23 +03:00
Updated servePublicFile to honor v= cache keys - Currently it's assumed that public files are 100% static - With card assets, we're using it for files that are partially static, but can change between reboots and theme changes - We already have a system for managing cache busting across theme changes and restarts - the ?v= key that is added via the asset helper - This was already in place and used, but servePublicFile's internal cache didn't honor this key, and cached for the lifetime of boot - This small change means that if a ?v= query param is present on a request for a public file, that we pay attention to it. Else we cache as before
2021-11-23 15:16:32 +03:00
/**
* If this request has a ?v= param, make sure the cache has the same key
*
* @param {Object} req
* @param {Object} cache
* @returns {boolean}
*/
function matchCacheKey(req, cache) {
if (req.query && req.query.v && cache && cache.key) {
return req.query.v === cache.key;
}
return true;
}
🐛 Fixed perms error when building public assets closes: https://github.com/TryGhost/Ghost/issues/13739 - Ghost cannot write to the core folder in correctly configured production installations - Built assets therefore need to be written to the content directory - Ghost does not overwrite anything in the content folder as part of an upgrade, therefore static files that are provided by Ghost must still live inside /core - So as a result, we now have core/frontend/public and content/public
2021-11-19 12:43:48 +03:00
function createPublicFileMiddleware(location, file, mime, maxAge) {
Updated servePublicFile to honor v= cache keys - Currently it's assumed that public files are 100% static - With card assets, we're using it for files that are partially static, but can change between reboots and theme changes - We already have a system for managing cache busting across theme changes and restarts - the ?v= key that is added via the asset helper - This was already in place and used, but servePublicFile's internal cache didn't honor this key, and cached for the lifetime of boot - This small change means that if a ?v= query param is present on a request for a public file, that we pay attention to it. Else we cache as before
2021-11-23 15:16:32 +03:00
let cache;
🐛 Fixed perms error when building public assets closes: https://github.com/TryGhost/Ghost/issues/13739 - Ghost cannot write to the core folder in correctly configured production installations - Built assets therefore need to be written to the content directory - Ghost does not overwrite anything in the content folder as part of an upgrade, therefore static files that are provided by Ghost must still live inside /core - So as a result, we now have core/frontend/public and content/public
2021-11-19 12:43:48 +03:00
// These files are provided by Ghost, and therefore live inside of the core folder
const staticFilePath = config.get('paths').publicFilePath;
// These files are built on the fly, and must be saved in the content folder
const builtFilePath = config.getContentPath('public');
let locationPath = location === 'static' ? staticFilePath : builtFilePath;
const filePath = file.match(/^public/) ? path.join(locationPath, file.replace(/^public/, '')) : path.join(locationPath, file);
ES6 migration: server/web/ (#9886) refs #9589
2018-09-20 16:03:33 +03:00
const blogRegex = /(\{\{blog-url\}\})/g;
Prep shared API URL util for use on external sites refs #5942, #6150 There were a few key problems I was looking to solve with this: - Introduce a single point of truth for what the URL for accessing the API should be - Provide a simple way to configure the utility (much like a true SDK) As of this commit, this utility is still automatically available in a Ghost theme. To use it on an external site, the code would look like: ``` <script type="text/javascript" src="http://my-ghost-blog.com/shared/ghost-url.min.js"></script> <script type="text/javascript"> ghost.init({ clientId: "<your-client-id>", clientSecret: "<your-client-secret>" }); </script> ``` To achieve this, there have been a number of changes: - A new `apiUrl` function has been added to config, which calculates the correct URL. This needs to be unified with the other url generation functions as a separate piece of work. - The serveSharedFile middleware has been updated, so that it can serve files from / or /shared and to substitute `{{api-url}}` as it does `{{blog-url}}`. - ghost-url.js and ghost-url.min.js have been updated to be served via the serveSharedFile middleware - ghost-url.js has been changed slightly, to take the url from an inline variable which is substituted the first time it is served - `{{ghost_head}}` has been updated, removing the api url handling which is now in config/url.js and removing the configuration of the utility in favour of calling `init()` after the script is required - `{{ghost_head}}` has also had the meta tags for client id and secret removed - tests have been updated
2015-12-15 13:41:53 +03:00
Fixed "no-shadow" linting error in server modules (#12287) refs 143921948de89baff21a800ae8e7dfaeef415b05 - Continuation of changes started in referenced commit
2020-10-20 02:02:56 +03:00
return function servePublicFileMiddleware(req, res, next) {
Updated servePublicFile to honor v= cache keys - Currently it's assumed that public files are 100% static - With card assets, we're using it for files that are partially static, but can change between reboots and theme changes - We already have a system for managing cache busting across theme changes and restarts - the ?v= key that is added via the asset helper - This was already in place and used, but servePublicFile's internal cache didn't honor this key, and cached for the lifetime of boot - This small change means that if a ?v= query param is present on a request for a public file, that we pay attention to it. Else we cache as before
2021-11-23 15:16:32 +03:00
if (cache && matchCacheKey(req, cache)) {
res.writeHead(200, cache.headers);
return res.end(cache.body);
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members.
2019-04-23 17:24:33 +03:00
}
Fixed serving of binary public files no issue - serving of our public asset images was broken - we were reading the binary file in as a string so we could do url transforms, this meant data was lost/corrupted and browsers could not display the served data - we were using the wrong mime-type for pngs which meant browsers were triggering downloads rather than displaying images (at least when accessed directly) - updates uses of `servePublicFile` to have the correct png mimetype - adjusts `servePublicFile` to treat any mime type starting with `image` as a binary file, passing the file directly through express using `res.sendFile` and skipping the in-memory content caching which is mostly only useful for text files with URL transforms
2020-02-10 12:51:19 +03:00
// send image files directly and let express handle content-length, etag, etc
🐛 Fixed perms error when building public assets closes: https://github.com/TryGhost/Ghost/issues/13739 - Ghost cannot write to the core folder in correctly configured production installations - Built assets therefore need to be written to the content directory - Ghost does not overwrite anything in the content folder as part of an upgrade, therefore static files that are provided by Ghost must still live inside /core - So as a result, we now have core/frontend/public and content/public
2021-11-19 12:43:48 +03:00
if (mime.match(/^image/)) {
Fixed serving of binary public files no issue - serving of our public asset images was broken - we were reading the binary file in as a string so we could do url transforms, this meant data was lost/corrupted and browsers could not display the served data - we were using the wrong mime-type for pngs which meant browsers were triggering downloads rather than displaying images (at least when accessed directly) - updates uses of `servePublicFile` to have the correct png mimetype - adjusts `servePublicFile` to treat any mime type starting with `image` as a binary file, passing the file directly through express using `res.sendFile` and skipping the in-memory content caching which is mostly only useful for text files with URL transforms
2020-02-10 12:51:19 +03:00
return res.sendFile(filePath, (err) => {
if (err && err.status === 404) {
// ensure we're triggering basic asset 404 and not a templated 404
Swapped common for @tryghost/errors in core/server/web - Update all references to common.errors to use @tryghost/errors - Use dereferencing to only require used bits of common in each file
2020-04-09 21:40:00 +03:00
return next(new errors.NotFoundError({
Replaced i18n.t w/ tpl helper in serve-public-file.js (#13429) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package.
2021-10-05 12:00:28 +03:00
message: tpl(messages.imageNotFound),
Fixed serving of binary public files no issue - serving of our public asset images was broken - we were reading the binary file in as a string so we could do url transforms, this meant data was lost/corrupted and browsers could not display the served data - we were using the wrong mime-type for pngs which meant browsers were triggering downloads rather than displaying images (at least when accessed directly) - updates uses of `servePublicFile` to have the correct png mimetype - adjusts `servePublicFile` to treat any mime type starting with `image` as a binary file, passing the file directly through express using `res.sendFile` and skipping the in-memory content caching which is mostly only useful for text files with URL transforms
2020-02-10 12:51:19 +03:00
code: 'STATIC_FILE_NOT_FOUND',
property: err.path
}));
}
Fixed error when serving public images from `servePublicFile` middleware no issue - when `servePublicFile` middleware serves an image it resulted in a "Cannot set headers after they are sent to the client" error because `next()` was erroneously called for successful requests which then tripped the `prettyUrls` middleware which tries to perform a redirect - only calling `next()` when an error is present allows errors to be picked up by later middleware but successful requests end in the `servePublicFile` middleware
2020-02-17 02:24:01 +03:00
if (err) {
return next(err);
}
Fixed serving of binary public files no issue - serving of our public asset images was broken - we were reading the binary file in as a string so we could do url transforms, this meant data was lost/corrupted and browsers could not display the served data - we were using the wrong mime-type for pngs which meant browsers were triggering downloads rather than displaying images (at least when accessed directly) - updates uses of `servePublicFile` to have the correct png mimetype - adjusts `servePublicFile` to treat any mime type starting with `image` as a binary file, passing the file directly through express using `res.sendFile` and skipping the in-memory content caching which is mostly only useful for text files with URL transforms
2020-02-10 12:51:19 +03:00
});
}
// modify text files before caching+serving to ensure URL placeholders are transformed
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members.
2019-04-23 17:24:33 +03:00
fs.readFile(filePath, (err, buf) => {
if (err) {
Ensured nonexistant public files fallback to 404 - If we register the serve public file middleware for a file that doesn't exist, this will currently throw an ENOENT error - Instead, we want to fall back to a standard 404 so that this behaves normally - This will be useful for the card asset service, where the cards.min.css and cards.min.js files may or may not exist
2021-11-04 14:54:22 +03:00
// Downgrade to a simple 404 if the file didn't exist
if (err.code === 'ENOENT') {
err = new errors.NotFoundError({
message: tpl(messages.fileNotFound),
code: 'PUBLIC_FILE_NOT_FOUND',
property: err.path
});
}
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members.
2019-04-23 17:24:33 +03:00
return next(err);
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 19:01:23 +03:00
}
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members.
2019-04-23 17:24:33 +03:00
let str = buf.toString();
🐛 Fixed perms error when building public assets closes: https://github.com/TryGhost/Ghost/issues/13739 - Ghost cannot write to the core folder in correctly configured production installations - Built assets therefore need to be written to the content directory - Ghost does not overwrite anything in the content folder as part of an upgrade, therefore static files that are provided by Ghost must still live inside /core - So as a result, we now have core/frontend/public and content/public
2021-11-19 12:43:48 +03:00
if (mime === 'text/xsl' || mime === 'text/plain' || mime === 'application/javascript') {
Migrated to use url-utils from Ghost-SDK (#10787) closes #10773 - The refactoring is a substitute for `urlService.utils` used previously throughout the codebase and now extracted into the separate module in Ghost-SDK - Added url-utils stubbing utility for test suites - Some tests had to be refactored to avoid double mocks (when url's are being reset inside of rested 'describe' groups)
2019-06-18 16:13:55 +03:00
str = str.replace(blogRegex, urlUtils.urlFor('home', true).replace(/\/$/, ''));
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members.
2019-04-23 17:24:33 +03:00
}
Updated servePublicFile to honor v= cache keys - Currently it's assumed that public files are 100% static - With card assets, we're using it for files that are partially static, but can change between reboots and theme changes - We already have a system for managing cache busting across theme changes and restarts - the ?v= key that is added via the asset helper - This was already in place and used, but servePublicFile's internal cache didn't honor this key, and cached for the lifetime of boot - This small change means that if a ?v= query param is present on a request for a public file, that we pay attention to it. Else we cache as before
2021-11-23 15:16:32 +03:00
cache = {
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members.
2019-04-23 17:24:33 +03:00
headers: {
🐛 Fixed perms error when building public assets closes: https://github.com/TryGhost/Ghost/issues/13739 - Ghost cannot write to the core folder in correctly configured production installations - Built assets therefore need to be written to the content directory - Ghost does not overwrite anything in the content folder as part of an upgrade, therefore static files that are provided by Ghost must still live inside /core - So as a result, we now have core/frontend/public and content/public
2021-11-19 12:43:48 +03:00
'Content-Type': mime,
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members.
2019-04-23 17:24:33 +03:00
'Content-Length': Buffer.from(str).length,
ETag: `"${crypto.createHash('md5').update(str, 'utf8').digest('hex')}"`,
'Cache-Control': `public, max-age=${maxAge}`
},
Updated servePublicFile to honor v= cache keys - Currently it's assumed that public files are 100% static - With card assets, we're using it for files that are partially static, but can change between reboots and theme changes - We already have a system for managing cache busting across theme changes and restarts - the ?v= key that is added via the asset helper - This was already in place and used, but servePublicFile's internal cache didn't honor this key, and cached for the lifetime of boot - This small change means that if a ?v= query param is present on a request for a public file, that we pay attention to it. Else we cache as before
2021-11-23 15:16:32 +03:00
body: str,
key: req.query && req.query.v ? req.query.v : null
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members.
2019-04-23 17:24:33 +03:00
};
Updated servePublicFile to honor v= cache keys - Currently it's assumed that public files are 100% static - With card assets, we're using it for files that are partially static, but can change between reboots and theme changes - We already have a system for managing cache busting across theme changes and restarts - the ?v= key that is added via the asset helper - This was already in place and used, but servePublicFile's internal cache didn't honor this key, and cached for the lifetime of boot - This small change means that if a ?v= query param is present on a request for a public file, that we pay attention to it. Else we cache as before
2021-11-23 15:16:32 +03:00
res.writeHead(200, cache.headers);
res.end(cache.body);
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members.
2019-04-23 17:24:33 +03:00
});
};
}
// ### servePublicFile Middleware
// Handles requests to robots.txt and favicon.ico (and caches them)
🐛 Fixed perms error when building public assets closes: https://github.com/TryGhost/Ghost/issues/13739 - Ghost cannot write to the core folder in correctly configured production installations - Built assets therefore need to be written to the content directory - Ghost does not overwrite anything in the content folder as part of an upgrade, therefore static files that are provided by Ghost must still live inside /core - So as a result, we now have core/frontend/public and content/public
2021-11-19 12:43:48 +03:00
function servePublicFile(location, file, type, maxAge) {
const publicFileMiddleware = createPublicFileMiddleware(location, file, type, maxAge);
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members.
2019-04-23 17:24:33 +03:00
Fixed "no-shadow" linting error in server modules (#12287) refs 143921948de89baff21a800ae8e7dfaeef415b05 - Continuation of changes started in referenced commit
2020-10-20 02:02:56 +03:00
return function servePublicFileMiddleware(req, res, next) {
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members.
2019-04-23 17:24:33 +03:00
if (req.path === '/' + file) {
return publicFileMiddleware(req, res, next);
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 19:01:23 +03:00
} else {
Switch to Eslint (#9197) refs #9178 * Add eslint deps, remove old lint deps * Add eslint config, remove old lint configs * Config for server and tests are different * Tweaked rules to suit us * Fix linting in codebase - lots of indent changes. * Fix a real broken test
2017-11-01 16:44:54 +03:00
return next();
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286
2015-07-15 19:01:23 +03:00
}
};
}
💁🏻 Move`shared/` to `server/public` (#8273) refs #8221 Instead of serving our shared assets from a `shared/` folder, we move the file, which are used server side to `server/public`. Adds a new `config.paths` entry: `publicFilePath` and renames the middleware to serve the files to reflect the changes. Adds `404-ghost.png` images to be used by the server side rendered default template `error.hbs`.
2017-04-07 15:21:41 +03:00
module.exports = servePublicFile;
Exported raw middleware from serve-public-file no-issue The current public file middleware handles route matching itself, which means it is applied to express via the use method. Due to use being a "global" application of middleware, this means it is not possible to apply a labs middleware before the public file serving middleware without it affecting the entire route stack. This commit exports a piece of raw middleware that can be used with the get method of express, so that we can attach middleware beforehand. This will be used to conditionally serve the members specific public files, based on the labs flag for members.
2019-04-23 17:24:33 +03:00
module.exports.servePublicFile = servePublicFile;
module.exports.createPublicFileMiddleware = createPublicFileMiddleware;
Reference in New Issue Copy Permalink