TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-23 22:11:09 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2223 from mjbshaw/fix-subdir

Browse Source 
Respect subdirectory in authenticate middleware
This commit is contained in:
Hannah Wolfe 2014-02-20 18:51:11 +00:00
commit f2d2757a31
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/server/middleware/index.js
View File

@ -272,8 +272,8 @@ module.exports = function (server, dbHash) {
// ### Caching // ### Caching
expressServer.use(middleware.cacheControl('public')); expressServer.use(middleware.cacheControl('public'));
expressServer.use('/api/', middleware.cacheControl('private')); expressServer.use(subdir + '/api/', middleware.cacheControl('private'));
expressServer.use('/ghost/', middleware.cacheControl('private')); expressServer.use(subdir + '/ghost/', middleware.cacheControl('private'));
// enable authentication; has to be done before CSRF handling // enable authentication; has to be done before CSRF handling
expressServer.use(middleware.authenticate); expressServer.use(middleware.authenticate);

17
core/server/middleware/middleware.js
View File

@ -29,17 +29,17 @@ var middleware = {
// exceptions for signin, signout, signup, forgotten, reset only // exceptions for signin, signout, signup, forgotten, reset only
// api and frontend use different authentication mechanisms atm // api and frontend use different authentication mechanisms atm
authenticate: function (req, res, next) { authenticate: function (req, res, next) {
if (res.isAdmin) { var subPath = req.path.substring(config().paths.subdir.length),
if (req.path.indexOf("/ghost/api/") === 0) { noAuthNeeded = [
return middleware.authAPI(req, res, next);
}
var noAuthNeeded = [
'/ghost/signin/', '/ghost/signout/', '/ghost/signup/', '/ghost/signin/', '/ghost/signout/', '/ghost/signup/',
'/ghost/forgotten/', '/ghost/reset/' '/ghost/forgotten/', '/ghost/reset/'
]; ];
if (res.isAdmin) {
if (subPath.indexOf('/ghost/api/') === 0) {
return middleware.authAPI(req, res, next);
}
if (noAuthNeeded.indexOf(req.path) < 0) { if (noAuthNeeded.indexOf(subPath) < 0) {
return middleware.auth(req, res, next); return middleware.auth(req, res, next);
} }
} }
@ -51,7 +51,8 @@ var middleware = {
// We strip /ghost/ out of the redirect parameter for neatness // We strip /ghost/ out of the redirect parameter for neatness
auth: function (req, res, next) { auth: function (req, res, next) {
if (!req.session.user) { if (!req.session.user) {
var reqPath = req.path.replace(/^\/ghost\/?/gi, ''), var subPath = req.path.substring(config().paths.subdir.length),
reqPath = subPath.replace(/^\/ghost\/?/gi, ''),
redirect = '', redirect = '',
msg; msg;