mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-11-30 21:40:39 +03:00
♻ Updated naming for Content API specific middleware
no-issue This is because the Content API will eventually be accessed not just from Content API keys. The addition of a Content API specific authorization middleware is because: 1. content api should not authorize based on req.user 2. content api will need separate authorization than admin api
This commit is contained in:
Fabien O'Carroll
parent
7323258415
commit
2e922808e8
@ -103,7 +103,7 @@ const authenticate = {
|
||||
|
||||
// ### v2 API auth middleware
|
||||
authenticateAdminAPI: [session.safeGetSession, session.getUser],
|
||||
authenticateContentApiKey: apiKeyAuth.content.authenticateContentApiKey
|
||||
authenticateContentApi: apiKeyAuth.content.authenticateContentApiKey
|
||||
};
|
||||
|
||||
module.exports = authenticate;
|
||||
|
||||
@ -38,7 +38,15 @@ const authorize = {
|
||||
},
|
||||
|
||||
authorizeAdminAPI: [session.ensureUser],
|
||||
// used by API v2 endpoints
|
||||
authorizeContentApi(req, res, next) {
|
||||
const hasApiKey = req.api_key && req.api_key.id;
|
||||
if (hasApiKey) {
|
||||
return next();
|
||||
} else {
|
||||
return next(new common.errors.NoPermissionError({message: common.i18n.t('errors.middleware.auth.pleaseSignInOrAuthenticate')}));
|
||||
}
|
||||
},
|
||||
|
||||
requiresAuthorizedUserOrApiKey(req, res, next) {
|
||||
const hasUser = req.user && req.user.id;
|
||||
const hasApiKey = req.api_key && req.api_key.id;
|
||||
|
||||
@ -14,8 +14,8 @@ const shared = require('../../../shared');
|
||||
* Authentication for public endpoints
|
||||
*/
|
||||
module.exports.authenticatePublic = [
|
||||
auth.authenticate.authenticateContentApiKey,
|
||||
auth.authorize.requiresAuthorizedUserOrApiKey,
|
||||
auth.authenticate.authenticateContentApi,
|
||||
auth.authorize.authorizeContentApi,
|
||||
cors(),
|
||||
shared.middlewares.urlRedirects.adminRedirect,
|
||||
shared.middlewares.prettyUrls
|
||||
|
||||
Loading…
Reference in New Issue
Block a user