mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-11-28 14:03:48 +03:00
Moved api cors mw into api app
- Moved api cors from shared to api as it is not shared (except within the API) - This file is only used in one part of the app, this updates the code structure to reflect this - This is one of many similar changes needed to make it easier to refactor to the existing setup
This commit is contained in:
parent
41c3b4e92b
commit
92af5b8f09
@ -3,7 +3,7 @@ const boolParser = require('express-query-boolean');
|
||||
const express = require('express');
|
||||
const bodyParser = require('body-parser');
|
||||
const shared = require('../../../shared');
|
||||
const mw = require('../../middleware');
|
||||
const apiMw = require('../../middleware');
|
||||
const routes = require('./routes');
|
||||
const sentry = require('../../../../sentry');
|
||||
|
||||
@ -26,7 +26,7 @@ module.exports = function setupApiApp() {
|
||||
|
||||
// Check version matches for API requests, depends on res.locals.safeVersion being set
|
||||
// Therefore must come after themeHandler.ghostLocals, for now
|
||||
apiApp.use(mw.versionMatch);
|
||||
apiApp.use(apiMw.versionMatch);
|
||||
|
||||
// Admin API shouldn't be cached
|
||||
apiApp.use(shared.middlewares.cacheControl('private'));
|
||||
|
@ -2,6 +2,7 @@ const errors = require('@tryghost/errors');
|
||||
const {i18n} = require('../../../../lib/common');
|
||||
const auth = require('../../../../services/auth');
|
||||
const shared = require('../../../shared');
|
||||
const apiMw = require('../../middleware');
|
||||
|
||||
const notImplemented = function (req, res, next) {
|
||||
// CASE: user is logged in, allow
|
||||
@ -53,7 +54,7 @@ module.exports.authAdminApi = [
|
||||
auth.authenticate.authenticateAdminApi,
|
||||
auth.authorize.authorizeAdminApi,
|
||||
shared.middlewares.updateUserLastSeen,
|
||||
shared.middlewares.api.cors,
|
||||
apiMw.cors,
|
||||
shared.middlewares.urlRedirects.adminRedirect,
|
||||
shared.middlewares.prettyUrls,
|
||||
notImplemented
|
||||
@ -67,7 +68,7 @@ module.exports.authAdminApiWithUrl = [
|
||||
auth.authenticate.authenticateAdminApiWithUrl,
|
||||
auth.authorize.authorizeAdminApi,
|
||||
shared.middlewares.updateUserLastSeen,
|
||||
shared.middlewares.api.cors,
|
||||
apiMw.cors,
|
||||
shared.middlewares.urlRedirects.adminRedirect,
|
||||
shared.middlewares.prettyUrls,
|
||||
notImplemented
|
||||
@ -77,7 +78,7 @@ module.exports.authAdminApiWithUrl = [
|
||||
* Middleware for public admin endpoints
|
||||
*/
|
||||
module.exports.publicAdminApi = [
|
||||
shared.middlewares.api.cors,
|
||||
apiMw.cors,
|
||||
shared.middlewares.urlRedirects.adminRedirect,
|
||||
shared.middlewares.prettyUrls,
|
||||
notImplemented
|
||||
|
@ -1,5 +1,6 @@
|
||||
const express = require('express');
|
||||
const apiCanary = require('../../../../api/canary');
|
||||
const apiMw = require('../../middleware');
|
||||
const mw = require('./middleware');
|
||||
|
||||
const shared = require('../../../shared');
|
||||
@ -13,7 +14,7 @@ module.exports = function apiRoutes() {
|
||||
// alias delete with del
|
||||
router.del = router.delete;
|
||||
|
||||
router.use(shared.middlewares.api.cors);
|
||||
router.use(apiMw.cors);
|
||||
|
||||
const http = apiCanary.http;
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
const cors = require('cors');
|
||||
const url = require('url');
|
||||
const os = require('os');
|
||||
const urlUtils = require('../../../../lib/url-utils');
|
||||
const urlUtils = require('../../../lib/url-utils');
|
||||
|
||||
let whitelist = [];
|
||||
const ENABLE_CORS = {origin: true, maxAge: 86400};
|
@ -1,3 +1,4 @@
|
||||
module.exports = {
|
||||
cors: require('./cors'),
|
||||
versionMatch: require('./version-match')
|
||||
};
|
||||
|
@ -3,7 +3,7 @@ const boolParser = require('express-query-boolean');
|
||||
const express = require('express');
|
||||
const bodyParser = require('body-parser');
|
||||
const shared = require('../../../shared');
|
||||
const mw = require('../../middleware');
|
||||
const apiMw = require('../../middleware');
|
||||
const routes = require('./routes');
|
||||
const sentry = require('../../../../sentry');
|
||||
|
||||
@ -26,7 +26,7 @@ module.exports = function setupApiApp() {
|
||||
|
||||
// Check version matches for API requests, depends on res.locals.safeVersion being set
|
||||
// Therefore must come after themeHandler.ghostLocals, for now
|
||||
apiApp.use(mw.versionMatch);
|
||||
apiApp.use(apiMw.versionMatch);
|
||||
|
||||
// Admin API shouldn't be cached
|
||||
apiApp.use(shared.middlewares.cacheControl('private'));
|
||||
|
@ -2,6 +2,7 @@ const errors = require('@tryghost/errors');
|
||||
const {i18n} = require('../../../../lib/common');
|
||||
const auth = require('../../../../services/auth');
|
||||
const shared = require('../../../shared');
|
||||
const apiMw = require('../../middleware');
|
||||
|
||||
const notImplemented = function (req, res, next) {
|
||||
// CASE: user is logged in, allow
|
||||
@ -50,7 +51,7 @@ module.exports.authAdminApi = [
|
||||
auth.authenticate.authenticateAdminApi,
|
||||
auth.authorize.authorizeAdminApi,
|
||||
shared.middlewares.updateUserLastSeen,
|
||||
shared.middlewares.api.cors,
|
||||
apiMw.cors,
|
||||
shared.middlewares.urlRedirects.adminRedirect,
|
||||
shared.middlewares.prettyUrls,
|
||||
notImplemented
|
||||
@ -64,7 +65,7 @@ module.exports.authAdminApiWithUrl = [
|
||||
auth.authenticate.authenticateAdminApiWithUrl,
|
||||
auth.authorize.authorizeAdminApi,
|
||||
shared.middlewares.updateUserLastSeen,
|
||||
shared.middlewares.api.cors,
|
||||
apiMw.cors,
|
||||
shared.middlewares.urlRedirects.adminRedirect,
|
||||
shared.middlewares.prettyUrls,
|
||||
notImplemented
|
||||
@ -74,7 +75,7 @@ module.exports.authAdminApiWithUrl = [
|
||||
* Middleware for public admin endpoints
|
||||
*/
|
||||
module.exports.publicAdminApi = [
|
||||
shared.middlewares.api.cors,
|
||||
apiMw.cors,
|
||||
shared.middlewares.urlRedirects.adminRedirect,
|
||||
shared.middlewares.prettyUrls,
|
||||
notImplemented
|
||||
|
@ -1,6 +1,7 @@
|
||||
const express = require('express');
|
||||
const apiv2 = require('../../../../api/v2');
|
||||
const mw = require('./middleware');
|
||||
const apiMw = require('../../middleware');
|
||||
|
||||
const shared = require('../../../shared');
|
||||
|
||||
@ -13,7 +14,7 @@ module.exports = function apiRoutes() {
|
||||
// alias delete with del
|
||||
router.del = router.delete;
|
||||
|
||||
router.use(shared.middlewares.api.cors);
|
||||
router.use(apiMw.cors);
|
||||
|
||||
const http = apiv2.http;
|
||||
|
||||
|
@ -1,8 +1,4 @@
|
||||
module.exports = {
|
||||
get cors() {
|
||||
return require('./cors');
|
||||
},
|
||||
|
||||
get spamPrevention() {
|
||||
return require('./spam-prevention');
|
||||
}
|
||||
|
@ -2,7 +2,7 @@ var should = require('should'),
|
||||
sinon = require('sinon'),
|
||||
rewire = require('rewire'),
|
||||
urlUtils = require('../../../../utils/urlUtils'),
|
||||
cors = rewire('../../../../../core/server/web/shared/middlewares/api/cors');
|
||||
cors = rewire('../../../../../core/server/web/api/middleware/cors');
|
||||
|
||||
describe('cors', function () {
|
||||
var res, req, next;
|
||||
@ -29,7 +29,7 @@ describe('cors', function () {
|
||||
|
||||
afterEach(function () {
|
||||
sinon.restore();
|
||||
cors = rewire('../../../../../core/server/web/shared/middlewares/api/cors');
|
||||
cors = rewire('../../../../../core/server/web/api/middleware/cors');
|
||||
});
|
||||
|
||||
it('should not be enabled without a request origin header', function (done) {
|
Loading…
Reference in New Issue
Block a user