Moved api cors mw into api app

- Moved api cors from shared to api as it is not shared (except within the API) - This file is only used in one part of the app, this updates the code structure to reflect this - This is one of many similar changes needed to make it easier to refactor to the existing setup
2024-11-24 14:43:08 +03:00 · 2020-04-22 06:41:07 +01:00 · 2020-04-22 06:41:07 +01:00 · 92af5b8f09
commit 92af5b8f09
parent 41c3b4e92b
10 changed files with 20 additions and 19 deletions
--- a/core/server/web/api/canary/admin/app.js
+++ b/core/server/web/api/canary/admin/app.js
@ -3,7 +3,7 @@ const boolParser = require('express-query-boolean');
 const express = require('express');
 const bodyParser = require('body-parser');
 const shared = require('../../../shared');
-const mw = require('../../middleware');
+const apiMw = require('../../middleware');
 const routes = require('./routes');
 const sentry = require('../../../../sentry');

@ -26,7 +26,7 @@ module.exports = function setupApiApp() {

    // Check version matches for API requests, depends on res.locals.safeVersion being set
    // Therefore must come after themeHandler.ghostLocals, for now
-    apiApp.use(mw.versionMatch);
+    apiApp.use(apiMw.versionMatch);

    // Admin API shouldn't be cached
    apiApp.use(shared.middlewares.cacheControl('private'));
--- a/core/server/web/api/canary/admin/middleware.js
+++ b/core/server/web/api/canary/admin/middleware.js
@ -2,6 +2,7 @@ const errors = require('@tryghost/errors');
 const {i18n} = require('../../../../lib/common');
 const auth = require('../../../../services/auth');
 const shared = require('../../../shared');
+const apiMw = require('../../middleware');

 const notImplemented = function (req, res, next) {
    // CASE: user is logged in, allow
@ -53,7 +54,7 @@ module.exports.authAdminApi = [
    auth.authenticate.authenticateAdminApi,
    auth.authorize.authorizeAdminApi,
    shared.middlewares.updateUserLastSeen,
-    shared.middlewares.api.cors,
+    apiMw.cors,
    shared.middlewares.urlRedirects.adminRedirect,
    shared.middlewares.prettyUrls,
    notImplemented
@ -67,7 +68,7 @@ module.exports.authAdminApiWithUrl = [
    auth.authenticate.authenticateAdminApiWithUrl,
    auth.authorize.authorizeAdminApi,
    shared.middlewares.updateUserLastSeen,
-    shared.middlewares.api.cors,
+    apiMw.cors,
    shared.middlewares.urlRedirects.adminRedirect,
    shared.middlewares.prettyUrls,
    notImplemented
@ -77,7 +78,7 @@ module.exports.authAdminApiWithUrl = [
 * Middleware for public admin endpoints
 */
 module.exports.publicAdminApi = [
-    shared.middlewares.api.cors,
+    apiMw.cors,
    shared.middlewares.urlRedirects.adminRedirect,
    shared.middlewares.prettyUrls,
    notImplemented
--- a/core/server/web/api/canary/admin/routes.js
+++ b/core/server/web/api/canary/admin/routes.js
@ -1,5 +1,6 @@
 const express = require('express');
 const apiCanary = require('../../../../api/canary');
+const apiMw = require('../../middleware');
 const mw = require('./middleware');

 const shared = require('../../../shared');
@ -13,7 +14,7 @@ module.exports = function apiRoutes() {
    // alias delete with del
    router.del = router.delete;

-    router.use(shared.middlewares.api.cors);
+    router.use(apiMw.cors);

    const http = apiCanary.http;

--- a/core/server/web/shared/middlewares/api/cors.js
+++ b/core/server/web/shared/middlewares/api/cors.js
@ -1,7 +1,7 @@
 const cors = require('cors');
 const url = require('url');
 const os = require('os');
-const urlUtils = require('../../../../lib/url-utils');
+const urlUtils = require('../../../lib/url-utils');

 let whitelist = [];
 const ENABLE_CORS = {origin: true, maxAge: 86400};
--- a/core/server/web/api/middleware/index.js
+++ b/core/server/web/api/middleware/index.js
@ -1,3 +1,4 @@
 module.exports = {
+    cors: require('./cors'),
    versionMatch: require('./version-match')
 };
--- a/core/server/web/api/v2/admin/app.js
+++ b/core/server/web/api/v2/admin/app.js
@ -3,7 +3,7 @@ const boolParser = require('express-query-boolean');
 const express = require('express');
 const bodyParser = require('body-parser');
 const shared = require('../../../shared');
-const mw = require('../../middleware');
+const apiMw = require('../../middleware');
 const routes = require('./routes');
 const sentry = require('../../../../sentry');

@ -26,7 +26,7 @@ module.exports = function setupApiApp() {

    // Check version matches for API requests, depends on res.locals.safeVersion being set
    // Therefore must come after themeHandler.ghostLocals, for now
-    apiApp.use(mw.versionMatch);
+    apiApp.use(apiMw.versionMatch);

    // Admin API shouldn't be cached
    apiApp.use(shared.middlewares.cacheControl('private'));
--- a/core/server/web/api/v2/admin/middleware.js
+++ b/core/server/web/api/v2/admin/middleware.js
@ -2,6 +2,7 @@ const errors = require('@tryghost/errors');
 const {i18n} = require('../../../../lib/common');
 const auth = require('../../../../services/auth');
 const shared = require('../../../shared');
+const apiMw = require('../../middleware');

 const notImplemented = function (req, res, next) {
    // CASE: user is logged in, allow
@ -50,7 +51,7 @@ module.exports.authAdminApi = [
    auth.authenticate.authenticateAdminApi,
    auth.authorize.authorizeAdminApi,
    shared.middlewares.updateUserLastSeen,
-    shared.middlewares.api.cors,
+    apiMw.cors,
    shared.middlewares.urlRedirects.adminRedirect,
    shared.middlewares.prettyUrls,
    notImplemented
@ -64,7 +65,7 @@ module.exports.authAdminApiWithUrl = [
    auth.authenticate.authenticateAdminApiWithUrl,
    auth.authorize.authorizeAdminApi,
    shared.middlewares.updateUserLastSeen,
-    shared.middlewares.api.cors,
+    apiMw.cors,
    shared.middlewares.urlRedirects.adminRedirect,
    shared.middlewares.prettyUrls,
    notImplemented
@ -74,7 +75,7 @@ module.exports.authAdminApiWithUrl = [
 * Middleware for public admin endpoints
 */
 module.exports.publicAdminApi = [
-    shared.middlewares.api.cors,
+    apiMw.cors,
    shared.middlewares.urlRedirects.adminRedirect,
    shared.middlewares.prettyUrls,
    notImplemented
--- a/core/server/web/api/v2/admin/routes.js
+++ b/core/server/web/api/v2/admin/routes.js
@ -1,6 +1,7 @@
 const express = require('express');
 const apiv2 = require('../../../../api/v2');
 const mw = require('./middleware');
+const apiMw = require('../../middleware');

 const shared = require('../../../shared');

@ -13,7 +14,7 @@ module.exports = function apiRoutes() {
    // alias delete with del
    router.del = router.delete;

-    router.use(shared.middlewares.api.cors);
+    router.use(apiMw.cors);

    const http = apiv2.http;

--- a/core/server/web/shared/middlewares/api/index.js
+++ b/core/server/web/shared/middlewares/api/index.js
@ -1,8 +1,4 @@
 module.exports = {
-    get cors() {
-        return require('./cors');
-    },
-
    get spamPrevention() {
        return require('./spam-prevention');
    }
--- a/test/unit/web/api/middleware/cors_spec.js
+++ b/test/unit/web/api/middleware/cors_spec.js
@ -2,7 +2,7 @@ var should = require('should'),
    sinon = require('sinon'),
    rewire = require('rewire'),
    urlUtils = require('../../../../utils/urlUtils'),
-    cors = rewire('../../../../../core/server/web/shared/middlewares/api/cors');
+    cors = rewire('../../../../../core/server/web/api/middleware/cors');

 describe('cors', function () {
    var res, req, next;
@ -29,7 +29,7 @@ describe('cors', function () {

    afterEach(function () {
        sinon.restore();
-        cors = rewire('../../../../../core/server/web/shared/middlewares/api/cors');
+        cors = rewire('../../../../../core/server/web/api/middleware/cors');
    });

    it('should not be enabled without a request origin header', function (done) {