Added notImplemented middleware for integrations

refs #9865

core/server/translations/en.json

@@ -314,7 +314,8 @@
         },
         "api": {
             "common": {
-                "invalidTokenStructure": "Invalid token structure"
+                "invalidTokenStructure": "Invalid token structure",
+                "notImplemented": "The server does not support the functionality required to fulfill the request."
             },
             "authentication": {
                 "setupUnableToRun": "Database missing fixture data. Please reset database and try again.",

core/server/web/api/v2/admin/middleware.js

@@ -1,6 +1,41 @@
+const common = require('../../../../lib/common');
 const auth = require('../../../../services/auth');
 const shared = require('../../../shared');
 
+const notImplemented = function (req, res, next) {
+    // CASE: user is logged in, allow
+    if (!req.api_key) {
+        return next();
+    }
+
+    // @NOTE: integrations have limited access for now
+    const whitelisted = {
+        // @NOTE: stable
+        posts: ['GET', 'PUT', 'DELETE', 'POST'],
+        tags: ['GET', 'PUT', 'DELETE', 'POST'],
+        uploads: ['POST'],
+        // @NOTE: experimental
+        users: ['GET'],
+        themes: ['POST']
+    };
+
+    const match = req.url.match(/^\/(\w+)\//);
+
+    if (match) {
+        const entity = match[1];
+
+        if (whitelisted[entity] && whitelisted[entity].includes(req.method)) {
+            return next();
+        }
+    }
+
+    next(new common.errors.GhostError({
+        errorType: 'NotImplementedError',
+        message: common.i18n.t('errors.api.common.notImplemented'),
+        statusCode: '501'
+    }));
+};
+
 /**
  * Authentication for private endpoints
  */
@@ -10,7 +45,8 @@ module.exports.authAdminApi = [
     shared.middlewares.updateUserLastSeen,
     shared.middlewares.api.cors,
     shared.middlewares.urlRedirects.adminRedirect,
-    shared.middlewares.prettyUrls
+    shared.middlewares.prettyUrls,
+    notImplemented
 ];
 
 /**