From 6bdeeaba10b40d1ad7b0a45cb84ae246dfc97434 Mon Sep 17 00:00:00 2001 From: Fabien O'Carroll Date: Wed, 13 Feb 2019 16:59:10 +0100 Subject: [PATCH] Added apiType property to frame for {Content,Admin} API (#10487) no-issue This sets the `apiType` property of the `frame` to 'content' and 'admin' for the Content & Admin API respectively. --- core/server/api/shared/frame.js | 3 +- core/server/api/shared/http.js | 5 +- core/server/web/api/v2/admin/routes.js | 156 ++++++++++++----------- core/server/web/api/v2/content/routes.js | 28 ++-- core/test/unit/api/shared/frame_spec.js | 3 +- core/test/unit/api/shared/http_spec.js | 3 +- 6 files changed, 103 insertions(+), 95 deletions(-) diff --git a/core/server/api/shared/frame.js b/core/server/api/shared/frame.js index 9e02225536..7feb97af98 100644 --- a/core/server/api/shared/frame.js +++ b/core/server/api/shared/frame.js @@ -2,7 +2,7 @@ const debug = require('ghost-ignition').debug('api:shared:frame'); const _ = require('lodash'); class Frame { - constructor(obj) { + constructor(obj = {}) { this.original = obj; this.options = {}; @@ -10,6 +10,7 @@ class Frame { this.user = {}; this.file = {}; this.files = []; + this.apiType = obj.apiType; } /** diff --git a/core/server/api/shared/http.js b/core/server/api/shared/http.js index bed5cb3008..da0a5584d1 100644 --- a/core/server/api/shared/http.js +++ b/core/server/api/shared/http.js @@ -2,7 +2,7 @@ const debug = require('ghost-ignition').debug('api:shared:http'); const shared = require('../shared'); const models = require('../../models'); -const http = (apiImpl) => { +const http = (apiImpl, apiType) => { return (req, res, next) => { debug('request'); @@ -36,7 +36,8 @@ const http = (apiImpl) => { user: user, integration: integration, member: (req.member || null) - } + }, + apiType }); frame.configure({ diff --git a/core/server/web/api/v2/admin/routes.js b/core/server/web/api/v2/admin/routes.js index 2dc6198564..950bff7d80 100644 --- a/core/server/web/api/v2/admin/routes.js +++ b/core/server/web/api/v2/admin/routes.js @@ -18,25 +18,27 @@ module.exports = function apiRoutes() { // ## CORS pre-flight check router.options('*', shared.middlewares.api.cors); + const http = apiImpl => apiv2.http(apiImpl, 'admin'); + // ## Configuration - router.get('/configuration', apiv2.http(apiv2.configuration.read)); - router.get('/configuration/:key', mw.authAdminApi, apiv2.http(apiv2.configuration.read)); + router.get('/configuration', http(apiv2.configuration.read)); + router.get('/configuration/:key', mw.authAdminApi, http(apiv2.configuration.read)); // ## Posts - router.get('/posts', mw.authAdminApi, apiv2.http(apiv2.posts.browse)); - router.post('/posts', mw.authAdminApi, apiv2.http(apiv2.posts.add)); - router.get('/posts/:id', mw.authAdminApi, apiv2.http(apiv2.posts.read)); - router.get('/posts/slug/:slug', mw.authAdminApi, apiv2.http(apiv2.posts.read)); - router.put('/posts/:id', mw.authAdminApi, apiv2.http(apiv2.posts.edit)); - router.del('/posts/:id', mw.authAdminApi, apiv2.http(apiv2.posts.destroy)); + router.get('/posts', mw.authAdminApi, http(apiv2.posts.browse)); + router.post('/posts', mw.authAdminApi, http(apiv2.posts.add)); + router.get('/posts/:id', mw.authAdminApi, http(apiv2.posts.read)); + router.get('/posts/slug/:slug', mw.authAdminApi, http(apiv2.posts.read)); + router.put('/posts/:id', mw.authAdminApi, http(apiv2.posts.edit)); + router.del('/posts/:id', mw.authAdminApi, http(apiv2.posts.destroy)); // # Integrations - router.get('/integrations', mw.authAdminApi, apiv2.http(apiv2.integrations.browse)); - router.get('/integrations/:id', mw.authAdminApi, apiv2.http(apiv2.integrations.read)); - router.post('/integrations', mw.authAdminApi, apiv2.http(apiv2.integrations.add)); - router.put('/integrations/:id', mw.authAdminApi, apiv2.http(apiv2.integrations.edit)); - router.del('/integrations/:id', mw.authAdminApi, apiv2.http(apiv2.integrations.destroy)); + router.get('/integrations', mw.authAdminApi, http(apiv2.integrations.browse)); + router.get('/integrations/:id', mw.authAdminApi, http(apiv2.integrations.read)); + router.post('/integrations', mw.authAdminApi, http(apiv2.integrations.add)); + router.put('/integrations/:id', mw.authAdminApi, http(apiv2.integrations.edit)); + router.del('/integrations/:id', mw.authAdminApi, http(apiv2.integrations.destroy)); // ## Schedules router.put('/schedules/posts/:id', [ @@ -45,118 +47,118 @@ module.exports = function apiRoutes() { ], api.http(api.schedules.publishPost)); // ## Settings - router.get('/settings/routes/yaml', mw.authAdminApi, apiv2.http(apiv2.settings.download)); + router.get('/settings/routes/yaml', mw.authAdminApi, http(apiv2.settings.download)); router.post('/settings/routes/yaml', mw.authAdminApi, upload.single('routes'), shared.middlewares.validation.upload({type: 'routes'}), - apiv2.http(apiv2.settings.upload) + http(apiv2.settings.upload) ); - router.get('/settings', mw.authAdminApi, apiv2.http(apiv2.settings.browse)); - router.get('/settings/:key', mw.authAdminApi, apiv2.http(apiv2.settings.read)); - router.put('/settings', mw.authAdminApi, apiv2.http(apiv2.settings.edit)); + router.get('/settings', mw.authAdminApi, http(apiv2.settings.browse)); + router.get('/settings/:key', mw.authAdminApi, http(apiv2.settings.read)); + router.put('/settings', mw.authAdminApi, http(apiv2.settings.edit)); // ## Users - router.get('/users', mw.authAdminApi, apiv2.http(apiv2.users.browse)); - router.get('/users/:id', mw.authAdminApi, apiv2.http(apiv2.users.read)); - router.get('/users/slug/:slug', mw.authAdminApi, apiv2.http(apiv2.users.read)); + router.get('/users', mw.authAdminApi, http(apiv2.users.browse)); + router.get('/users/:id', mw.authAdminApi, http(apiv2.users.read)); + router.get('/users/slug/:slug', mw.authAdminApi, http(apiv2.users.read)); // NOTE: We don't expose any email addresses via the public api. - router.get('/users/email/:email', mw.authAdminApi, apiv2.http(apiv2.users.read)); + router.get('/users/email/:email', mw.authAdminApi, http(apiv2.users.read)); - router.put('/users/password', mw.authAdminApi, apiv2.http(apiv2.users.changePassword)); - router.put('/users/owner', mw.authAdminApi, apiv2.http(apiv2.users.transferOwnership)); - router.put('/users/:id', mw.authAdminApi, apiv2.http(apiv2.users.edit)); - router.del('/users/:id', mw.authAdminApi, apiv2.http(apiv2.users.destroy)); + router.put('/users/password', mw.authAdminApi, http(apiv2.users.changePassword)); + router.put('/users/owner', mw.authAdminApi, http(apiv2.users.transferOwnership)); + router.put('/users/:id', mw.authAdminApi, http(apiv2.users.edit)); + router.del('/users/:id', mw.authAdminApi, http(apiv2.users.destroy)); // ## Tags - router.get('/tags', mw.authAdminApi, apiv2.http(apiv2.tags.browse)); - router.get('/tags/:id', mw.authAdminApi, apiv2.http(apiv2.tags.read)); - router.get('/tags/slug/:slug', mw.authAdminApi, apiv2.http(apiv2.tags.read)); - router.post('/tags', mw.authAdminApi, apiv2.http(apiv2.tags.add)); - router.put('/tags/:id', mw.authAdminApi, apiv2.http(apiv2.tags.edit)); - router.del('/tags/:id', mw.authAdminApi, apiv2.http(apiv2.tags.destroy)); + router.get('/tags', mw.authAdminApi, http(apiv2.tags.browse)); + router.get('/tags/:id', mw.authAdminApi, http(apiv2.tags.read)); + router.get('/tags/slug/:slug', mw.authAdminApi, http(apiv2.tags.read)); + router.post('/tags', mw.authAdminApi, http(apiv2.tags.add)); + router.put('/tags/:id', mw.authAdminApi, http(apiv2.tags.edit)); + router.del('/tags/:id', mw.authAdminApi, http(apiv2.tags.destroy)); // ## Subscribers - router.get('/subscribers', shared.middlewares.labs.subscribers, mw.authAdminApi, apiv2.http(apiv2.subscribers.browse)); - router.get('/subscribers/csv', shared.middlewares.labs.subscribers, mw.authAdminApi, apiv2.http(apiv2.subscribers.exportCSV)); + router.get('/subscribers', shared.middlewares.labs.subscribers, mw.authAdminApi, http(apiv2.subscribers.browse)); + router.get('/subscribers/csv', shared.middlewares.labs.subscribers, mw.authAdminApi, http(apiv2.subscribers.exportCSV)); router.post('/subscribers/csv', shared.middlewares.labs.subscribers, mw.authAdminApi, upload.single('subscribersfile'), shared.middlewares.validation.upload({type: 'subscribers'}), - apiv2.http(apiv2.subscribers.importCSV) + http(apiv2.subscribers.importCSV) ); - router.get('/subscribers/:id', shared.middlewares.labs.subscribers, mw.authAdminApi, apiv2.http(apiv2.subscribers.read)); - router.get('/subscribers/email/:email', shared.middlewares.labs.subscribers, mw.authAdminApi, apiv2.http(apiv2.subscribers.read)); - router.post('/subscribers', shared.middlewares.labs.subscribers, mw.authAdminApi, apiv2.http(apiv2.subscribers.add)); - router.put('/subscribers/:id', shared.middlewares.labs.subscribers, mw.authAdminApi, apiv2.http(apiv2.subscribers.edit)); - router.del('/subscribers/:id', shared.middlewares.labs.subscribers, mw.authAdminApi, apiv2.http(apiv2.subscribers.destroy)); - router.del('/subscribers/email/:email', shared.middlewares.labs.subscribers, mw.authAdminApi, apiv2.http(apiv2.subscribers.destroy)); + router.get('/subscribers/:id', shared.middlewares.labs.subscribers, mw.authAdminApi, http(apiv2.subscribers.read)); + router.get('/subscribers/email/:email', shared.middlewares.labs.subscribers, mw.authAdminApi, http(apiv2.subscribers.read)); + router.post('/subscribers', shared.middlewares.labs.subscribers, mw.authAdminApi, http(apiv2.subscribers.add)); + router.put('/subscribers/:id', shared.middlewares.labs.subscribers, mw.authAdminApi, http(apiv2.subscribers.edit)); + router.del('/subscribers/:id', shared.middlewares.labs.subscribers, mw.authAdminApi, http(apiv2.subscribers.destroy)); + router.del('/subscribers/email/:email', shared.middlewares.labs.subscribers, mw.authAdminApi, http(apiv2.subscribers.destroy)); // ## Members - router.get('/members', shared.middlewares.labs.members, mw.authAdminApi, apiv2.http(apiv2.members.browse)); - router.get('/members/:id', shared.middlewares.labs.members, mw.authAdminApi, apiv2.http(apiv2.members.read)); + router.get('/members', shared.middlewares.labs.members, mw.authAdminApi, http(apiv2.members.browse)); + router.get('/members/:id', shared.middlewares.labs.members, mw.authAdminApi, http(apiv2.members.read)); // ## Roles - router.get('/roles/', mw.authAdminApi, apiv2.http(apiv2.roles.browse)); + router.get('/roles/', mw.authAdminApi, http(apiv2.roles.browse)); // ## Clients router.get('/clients/slug/:slug', api.http(api.clients.read)); // ## Slugs - router.get('/slugs/:type/:name', mw.authAdminApi, apiv2.http(apiv2.slugs.generate)); + router.get('/slugs/:type/:name', mw.authAdminApi, http(apiv2.slugs.generate)); // ## Themes - router.get('/themes/', mw.authAdminApi, apiv2.http(apiv2.themes.browse)); + router.get('/themes/', mw.authAdminApi, http(apiv2.themes.browse)); router.get('/themes/:name/download', mw.authAdminApi, - apiv2.http(apiv2.themes.download) + http(apiv2.themes.download) ); router.post('/themes/upload', mw.authAdminApi, upload.single('theme'), shared.middlewares.validation.upload({type: 'themes'}), - apiv2.http(apiv2.themes.upload) + http(apiv2.themes.upload) ); router.put('/themes/:name/activate', mw.authAdminApi, - apiv2.http(apiv2.themes.activate) + http(apiv2.themes.activate) ); router.del('/themes/:name', mw.authAdminApi, - apiv2.http(apiv2.themes.destroy) + http(apiv2.themes.destroy) ); // ## Notifications - router.get('/notifications', mw.authAdminApi, apiv2.http(apiv2.notifications.browse)); - router.post('/notifications', mw.authAdminApi, apiv2.http(apiv2.notifications.add)); - router.del('/notifications/:notification_id', mw.authAdminApi, apiv2.http(apiv2.notifications.destroy)); + router.get('/notifications', mw.authAdminApi, http(apiv2.notifications.browse)); + router.post('/notifications', mw.authAdminApi, http(apiv2.notifications.add)); + router.del('/notifications/:notification_id', mw.authAdminApi, http(apiv2.notifications.destroy)); // ## DB - router.get('/db', mw.authAdminApi, apiv2.http(apiv2.db.exportContent)); + router.get('/db', mw.authAdminApi, http(apiv2.db.exportContent)); router.post('/db', mw.authAdminApi, upload.single('importfile'), shared.middlewares.validation.upload({type: 'db'}), - apiv2.http(apiv2.db.importContent) + http(apiv2.db.importContent) ); - router.del('/db', mw.authAdminApi, apiv2.http(apiv2.db.deleteAllContent)); + router.del('/db', mw.authAdminApi, http(apiv2.db.deleteAllContent)); router.post('/db/backup', mw.authenticateClient('Ghost Backup'), - apiv2.http(apiv2.db.backupContent) + http(apiv2.db.backupContent) ); // ## Mail - router.post('/mail', mw.authAdminApi, apiv2.http(apiv2.mail.send)); - router.post('/mail/test', mw.authAdminApi, apiv2.http(apiv2.mail.sendTest)); + router.post('/mail', mw.authAdminApi, http(apiv2.mail.send)); + router.post('/mail/test', mw.authAdminApi, http(apiv2.mail.sendTest)); // ## Slack - router.post('/slack/test', mw.authAdminApi, apiv2.http(apiv2.slack.sendTest)); + router.post('/slack/test', mw.authAdminApi, http(apiv2.slack.sendTest)); // ## Sessions router.get('/session', mw.authAdminApi, api.http(apiv2.session.read)); @@ -188,7 +190,7 @@ module.exports = function apiRoutes() { upload.single('uploadimage'), shared.middlewares.validation.upload({type: 'images'}), shared.middlewares.image.normalize, - apiv2.http(apiv2.upload.image) + http(apiv2.upload.image) ); router.post('/uploads/profile-image', @@ -197,7 +199,7 @@ module.exports = function apiRoutes() { shared.middlewares.validation.upload({type: 'images'}), shared.middlewares.validation.profileImage, shared.middlewares.image.normalize, - apiv2.http(apiv2.upload.image) + http(apiv2.upload.image) ); router.post('/uploads/icon', @@ -205,7 +207,7 @@ module.exports = function apiRoutes() { upload.single('uploadimage'), shared.middlewares.validation.upload({type: 'icons'}), shared.middlewares.validation.blogIcon(), - apiv2.http(apiv2.upload.image) + http(apiv2.upload.image) ); router.post('/images', @@ -213,7 +215,7 @@ module.exports = function apiRoutes() { upload.single('uploadimage'), shared.middlewares.validation.upload({type: 'images'}), shared.middlewares.image.normalize, - apiv2.http(apiv2.upload.image) + http(apiv2.upload.image) ); router.post('/images/profile-image', @@ -222,7 +224,7 @@ module.exports = function apiRoutes() { shared.middlewares.validation.upload({type: 'images'}), shared.middlewares.validation.profileImage, shared.middlewares.image.normalize, - apiv2.http(apiv2.upload.image) + http(apiv2.upload.image) ); router.post('/images/icon', @@ -230,34 +232,34 @@ module.exports = function apiRoutes() { upload.single('uploadimage'), shared.middlewares.validation.upload({type: 'icons'}), shared.middlewares.validation.blogIcon(), - apiv2.http(apiv2.upload.image) + http(apiv2.upload.image) ); // ## Invites - router.get('/invites', mw.authAdminApi, apiv2.http(apiv2.invites.browse)); - router.get('/invites/:id', mw.authAdminApi, apiv2.http(apiv2.invites.read)); - router.post('/invites', mw.authAdminApi, apiv2.http(apiv2.invites.add)); - router.del('/invites/:id', mw.authAdminApi, apiv2.http(apiv2.invites.destroy)); + router.get('/invites', mw.authAdminApi, http(apiv2.invites.browse)); + router.get('/invites/:id', mw.authAdminApi, http(apiv2.invites.read)); + router.post('/invites', mw.authAdminApi, http(apiv2.invites.add)); + router.del('/invites/:id', mw.authAdminApi, http(apiv2.invites.destroy)); // ## Redirects (JSON based) - router.get('/redirects/json', mw.authAdminApi, apiv2.http(apiv2.redirects.download)); + router.get('/redirects/json', mw.authAdminApi, http(apiv2.redirects.download)); router.post('/redirects/json', mw.authAdminApi, upload.single('redirects'), shared.middlewares.validation.upload({type: 'redirects'}), - apiv2.http(apiv2.redirects.upload) + http(apiv2.redirects.upload) ); // ## Webhooks (RESTHooks) - router.post('/webhooks', mw.authAdminApi, apiv2.http(apiv2.webhooks.add)); - router.put('/webhooks/:id', mw.authAdminApi, apiv2.http(apiv2.webhooks.edit)); - router.del('/webhooks/:id', mw.authAdminApi, apiv2.http(apiv2.webhooks.destroy)); + router.post('/webhooks', mw.authAdminApi, http(apiv2.webhooks.add)); + router.put('/webhooks/:id', mw.authAdminApi, http(apiv2.webhooks.edit)); + router.del('/webhooks/:id', mw.authAdminApi, http(apiv2.webhooks.destroy)); // ## Oembed (fetch response from oembed provider) - router.get('/oembed', mw.authAdminApi, apiv2.http(apiv2.oembed.read)); + router.get('/oembed', mw.authAdminApi, http(apiv2.oembed.read)); // ## Actions - router.get('/actions/:type/:id', mw.authAdminApi, apiv2.http(apiv2.actions.browse)); + router.get('/actions/:type/:id', mw.authAdminApi, http(apiv2.actions.browse)); return router; }; diff --git a/core/server/web/api/v2/content/routes.js b/core/server/web/api/v2/content/routes.js index 08989def4f..7508a18f4e 100644 --- a/core/server/web/api/v2/content/routes.js +++ b/core/server/web/api/v2/content/routes.js @@ -8,28 +8,30 @@ module.exports = function apiRoutes() { router.options('*', cors()); + const http = apiImpl => apiv2.http(apiImpl, 'content'); + // ## Posts - router.get('/posts', mw.authenticatePublic, apiv2.http(apiv2.posts.browse)); - router.get('/posts/:id', mw.authenticatePublic, apiv2.http(apiv2.posts.read)); - router.get('/posts/slug/:slug', mw.authenticatePublic, apiv2.http(apiv2.posts.read)); + router.get('/posts', mw.authenticatePublic, http(apiv2.posts.browse)); + router.get('/posts/:id', mw.authenticatePublic, http(apiv2.posts.read)); + router.get('/posts/slug/:slug', mw.authenticatePublic, http(apiv2.posts.read)); // ## Pages - router.get('/pages', mw.authenticatePublic, apiv2.http(apiv2.pages.browse)); - router.get('/pages/:id', mw.authenticatePublic, apiv2.http(apiv2.pages.read)); - router.get('/pages/slug/:slug', mw.authenticatePublic, apiv2.http(apiv2.pages.read)); + router.get('/pages', mw.authenticatePublic, http(apiv2.pages.browse)); + router.get('/pages/:id', mw.authenticatePublic, http(apiv2.pages.read)); + router.get('/pages/slug/:slug', mw.authenticatePublic, http(apiv2.pages.read)); // ## Users - router.get('/authors', mw.authenticatePublic, apiv2.http(apiv2.authors.browse)); - router.get('/authors/:id', mw.authenticatePublic, apiv2.http(apiv2.authors.read)); - router.get('/authors/slug/:slug', mw.authenticatePublic, apiv2.http(apiv2.authors.read)); + router.get('/authors', mw.authenticatePublic, http(apiv2.authors.browse)); + router.get('/authors/:id', mw.authenticatePublic, http(apiv2.authors.read)); + router.get('/authors/slug/:slug', mw.authenticatePublic, http(apiv2.authors.read)); // ## Tags - router.get('/tags', mw.authenticatePublic, apiv2.http(apiv2.tagsPublic.browse)); - router.get('/tags/:id', mw.authenticatePublic, apiv2.http(apiv2.tagsPublic.read)); - router.get('/tags/slug/:slug', mw.authenticatePublic, apiv2.http(apiv2.tagsPublic.read)); + router.get('/tags', mw.authenticatePublic, http(apiv2.tagsPublic.browse)); + router.get('/tags/:id', mw.authenticatePublic, http(apiv2.tagsPublic.read)); + router.get('/tags/slug/:slug', mw.authenticatePublic, http(apiv2.tagsPublic.read)); // ## Settings - router.get('/settings', mw.authenticatePublic, apiv2.http(apiv2.publicSettings.browse)); + router.get('/settings', mw.authenticatePublic, http(apiv2.publicSettings.browse)); return router; }; diff --git a/core/test/unit/api/shared/frame_spec.js b/core/test/unit/api/shared/frame_spec.js index 3ce8823057..1d79de9ee0 100644 --- a/core/test/unit/api/shared/frame_spec.js +++ b/core/test/unit/api/shared/frame_spec.js @@ -10,7 +10,8 @@ describe('Unit: api/shared/frame', function () { 'data', 'user', 'file', - 'files' + 'files', + 'apiType' ]); }); diff --git a/core/test/unit/api/shared/http_spec.js b/core/test/unit/api/shared/http_spec.js index 8cc516861e..e2b9d0b0ce 100644 --- a/core/test/unit/api/shared/http_spec.js +++ b/core/test/unit/api/shared/http_spec.js @@ -38,7 +38,8 @@ describe('Unit: api/shared/http', function () { 'data', 'user', 'file', - 'files' + 'files', + 'apiType' ]); apiImpl.args[0][0].data.should.eql({a: 'a'});