mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-01 23:37:43 +03:00
Fixed issuer when site and api are diff domains (#10806)
no-issue The issuer value is used through the members code base as the identifier for the members api. The existing code did not take into account that the domain/url for the site could be different than for the admin (and the apis).
This commit is contained in:
parent
9d69951c81
commit
dd727a44df
@ -18,11 +18,11 @@ module.exports = {
|
||||
const {protocol, host} = url.parse(config.get('url'));
|
||||
const siteOrigin = `${protocol}//${host}`;
|
||||
|
||||
UNO_MEMBERINO = jwt({
|
||||
UNO_MEMBERINO = membersService.getPublicConfig().then(({issuer}) => jwt({
|
||||
credentialsRequired: false,
|
||||
requestProperty: 'member',
|
||||
audience: siteOrigin,
|
||||
issuer: siteOrigin,
|
||||
issuer,
|
||||
algorithm: 'RS512',
|
||||
secret(req, payload, done) {
|
||||
membersService.getPublicConfig().then(({publicKey}) => {
|
||||
@ -42,8 +42,10 @@ module.exports = {
|
||||
|
||||
return credentials;
|
||||
}
|
||||
});
|
||||
}));
|
||||
}
|
||||
return UNO_MEMBERINO;
|
||||
return function (req, res, next) {
|
||||
UNO_MEMBERINO.then(fn => fn(req, res, next)).catch(next);
|
||||
};
|
||||
}
|
||||
};
|
||||
|
@ -116,16 +116,8 @@ const siteOrigin = doBlock(() => {
|
||||
return `${protocol}//${host}`;
|
||||
});
|
||||
|
||||
const getApiUrl = ({version, type}) => {
|
||||
const {href} = new url.URL(
|
||||
urlUtils.getApiPath({version, type}),
|
||||
siteUrl
|
||||
);
|
||||
return href;
|
||||
};
|
||||
|
||||
const contentApiUrl = getApiUrl({version: 'v2', type: 'content'});
|
||||
const membersApiUrl = getApiUrl({version: 'v2', type: 'members'});
|
||||
const contentApiUrl = urlUtils.urlFor('api', {version: 'v2', type: 'content'}, true);
|
||||
const membersApiUrl = urlUtils.urlFor('api', {version: 'v2', type: 'members'}, true);
|
||||
|
||||
const accessControl = {
|
||||
[siteOrigin]: {
|
||||
|
Loading…
Reference in New Issue
Block a user