Merge pull request #504 from javorszky/iss418

Dropping the database invalidates cookies
This commit is contained in:
Hannah Wolfe 2013-08-24 11:07:43 -07:00
commit 60450e8c2a
3 changed files with 46 additions and 28 deletions

5
.gitignore vendored
View File

@ -39,4 +39,7 @@ projectFilesBackup
/_site
# Changelog, which is autogenerated, not committed
CHANGELOG.md
CHANGELOG.md
# Casper generated files
/core/test/functional/*.png

View File

@ -16,6 +16,7 @@ var config = require('./../config'),
plugins = require('./server/plugins'),
requireTree = require('./server/require-tree'),
permissions = require('./server/permissions'),
uuid = require('node-uuid'),
// Variables
appRoot = path.resolve(__dirname, '../'),
@ -83,6 +84,9 @@ Ghost = function () {
// Holds the available plugins
instance.availablePlugins = {};
// Holds the dbhash (mainly used for cookie secret)
instance.dbHash = undefined;
app = express();
polyglot = new Polyglot();
@ -133,6 +137,20 @@ Ghost.prototype.init = function () {
}).then(function () {
// Initialize the permissions actions and objects
return permissions.init();
}).then(function () {
// get the settings and whatnot
return when(models.Settings.read('dbHash')).then(function (dbhash) {
// we already ran this, chill
self.dbHash = dbhash.attributes.value;
return dbhash.attributes.value;
}).otherwise(function (error) {
// this is where all the "first run" functionality should go
var dbhash = uuid.v4();
return when(models.Settings.add({key: 'dbHash', value: dbhash})).then(function (returned) {
self.dbHash = dbhash;
return dbhash;
});
});
}, errors.logAndThrowError);
};

View File

@ -73,7 +73,7 @@ function redirectToDashboard(req, res, next) {
// While we're here, let's clean up on aisle 5
// That being ghost.notifications, and let's remove the passives from there
// plus the local messages, as the have already been added at this point
// plus the local messages, as they have already been added at this point
// otherwise they'd appear one too many times
function cleanNotifications(req, res, next) {
ghost.notifications = _.reject(ghost.notifications, function (notification) {
@ -187,41 +187,38 @@ function disableCachedResult(req, res, next) {
next();
}
// ##Configuration
ghost.app().configure(function () {
ghost.app().use(isGhostAdmin);
ghost.app().use(express.favicon(__dirname + '/content/images/favicon.ico'));
ghost.app().use(I18n.load(ghost));
ghost.app().use(express.bodyParser({}));
ghost.app().use(express.bodyParser({uploadDir: __dirname + '/content/images'}));
ghost.app().use(express.cookieParser('try-ghost'));
ghost.app().use(express.cookieSession({ cookie: { maxAge: 60000000 }}));
ghost.app().use(ghost.initTheme(ghost.app()));
if (process.env.NODE_ENV !== "development") {
ghost.app().use(express.logger());
ghost.app().use(express.errorHandler({ dumpExceptions: false, showStack: false }));
}
});
// Development only configuration
ghost.app().configure("development", function () {
ghost.app().use(express.errorHandler({ dumpExceptions: true, showStack: true }));
ghost.app().use(express.logger('dev'));
});
// Expose the promise we will resolve after our pre-loading
ghost.loaded = loading.promise;
when.all([ghost.init(), filters.loadCoreFilters(ghost), helpers.loadCoreHelpers(ghost)]).then(function () {
// ##Configuration
ghost.app().configure(function () {
ghost.app().use(isGhostAdmin);
ghost.app().use(express.favicon(__dirname + '/content/images/favicon.ico'));
ghost.app().use(I18n.load(ghost));
ghost.app().use(express.bodyParser({}));
ghost.app().use(express.bodyParser({uploadDir: __dirname + '/content/images'}));
ghost.app().use(express.cookieParser(ghost.dbHash));
ghost.app().use(express.cookieSession({ cookie: { maxAge: 60000000 }}));
ghost.app().use(ghost.initTheme(ghost.app()));
if (process.env.NODE_ENV !== "development") {
ghost.app().use(express.logger());
ghost.app().use(express.errorHandler({ dumpExceptions: false, showStack: false }));
}
});
// Development only configuration
ghost.app().configure("development", function () {
ghost.app().use(express.errorHandler({ dumpExceptions: true, showStack: true }));
ghost.app().use(express.logger('dev'));
});
// post init config
ghost.app().use(ghostLocals);
// because science
// So on every request we actually clean out reduntant passive notifications from the server side
ghost.app().use(cleanNotifications);
// ## Routing
// ### API routes