2020-04-06 12:49:14 +03:00
|
|
|
const adapterManager = require('../../adapter-manager');
|
|
|
|
const createSessionService = require('@tryghost/session-service');
|
|
|
|
const sessionFromToken = require('@tryghost/mw-session-from-token');
|
|
|
|
const createSessionMiddleware = require('./middleware');
|
|
|
|
|
|
|
|
const expressSession = require('./express-session');
|
|
|
|
|
2020-04-02 17:27:31 +03:00
|
|
|
const models = require('../../../models');
|
2020-05-28 13:57:02 +03:00
|
|
|
const urlUtils = require('../../../../shared/url-utils');
|
2020-04-02 17:27:31 +03:00
|
|
|
const url = require('url');
|
|
|
|
|
|
|
|
function getOriginOfRequest(req) {
|
|
|
|
const origin = req.get('origin');
|
2020-04-06 12:49:14 +03:00
|
|
|
const referrer = req.get('referrer') || urlUtils.getAdminUrl() || urlUtils.getSiteUrl();
|
2020-04-02 17:27:31 +03:00
|
|
|
|
2020-10-01 11:37:22 +03:00
|
|
|
if (!origin && !referrer || origin === 'null') {
|
2020-04-02 17:27:31 +03:00
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (origin) {
|
|
|
|
return origin;
|
|
|
|
}
|
|
|
|
|
|
|
|
const {protocol, host} = url.parse(referrer);
|
|
|
|
if (protocol && host) {
|
|
|
|
return `${protocol}//${host}`;
|
|
|
|
}
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
2020-04-06 12:49:14 +03:00
|
|
|
const sessionService = createSessionService({
|
|
|
|
getOriginOfRequest,
|
|
|
|
getSession: expressSession.getSession,
|
|
|
|
findUserById({id}) {
|
|
|
|
return models.User.findOne({id});
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
module.exports = createSessionMiddleware({sessionService});
|
|
|
|
|
|
|
|
const ssoAdapter = adapterManager.getAdapter('sso');
|
|
|
|
// Looks funky but this is a "custom" piece of middleware
|
|
|
|
module.exports.createSessionFromToken = sessionFromToken({
|
|
|
|
callNextWithError: false,
|
|
|
|
createSession: sessionService.createSessionForUser,
|
2020-11-05 16:07:56 +03:00
|
|
|
findUserByLookup: ssoAdapter.getUserForIdentity.bind(ssoAdapter),
|
|
|
|
getLookupFromToken: ssoAdapter.getIdentityFromCredentials.bind(ssoAdapter),
|
|
|
|
getTokenFromRequest: ssoAdapter.getRequestCredentials.bind(ssoAdapter)
|
2020-04-06 12:49:14 +03:00
|
|
|
});
|
2021-04-21 20:33:48 +03:00
|
|
|
|
|
|
|
module.exports.sessionService = sessionService;
|
2021-06-23 15:54:28 +03:00
|
|
|
module.exports.deleteAllSessions = expressSession.deleteAllSessions;
|