Ghost

TryGhost/Ghost

Fork 0

mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-22 02:11:44 +03:00

Commit Graph

Author	SHA1	Message	Date
Fabien O'Carroll	1c56221d80	Added API Key auth middleware to v2 Admin API (#10006 ) refs #9865 - Added `auth.authenticate.authenticateAdminApiKey` middleware - accepts signed JWT in an `Authorization: Ghost [token]` header - sets `req.api_key` if the token is valid - Updated `authenticatePrivate` middleware stack for v2 admin routes	2019-01-18 12:45:06 +00:00
Fabien O'Carroll	3db102a776	Added API Key auth middleware to v2 content API (#10005 ) * Added API Key auth middleware to v2 content API refs #9865 - add `auth.authenticate.authenticateContentApiKey` middleware - accepts `?key=` query param, sets `req.api_key` if it's a known Content API key - add `requiresAuthorizedUserOrApiKey` authorization middleware - passes if either `req.user` or `req.api_key` exists - update `authenticatePublic` middleware stack for v2 content routes * Fixed functional content api tests no-issue This fixes the functional content api tests so they use the content api auth. * Fixed context check and removed skip * Updated cors middleware for content api * Removed client_id from frame.context no-issue The v2 api doesn't have a notion of clients as we do not use oauth for it * Fixed tests for posts input serializer	2018-10-15 16:23:34 +07:00

Author

SHA1

Message

Date

Fabien O'Carroll

1c56221d80

Added API Key auth middleware to v2 Admin API (#10006 )

refs #9865

- Added `auth.authenticate.authenticateAdminApiKey` middleware
  - accepts signed JWT in an `Authorization: Ghost [token]` header
  - sets `req.api_key` if the token is valid
- Updated `authenticatePrivate` middleware stack for v2 admin routes

2019-01-18 12:45:06 +00:00

Fabien O'Carroll

3db102a776

Added API Key auth middleware to v2 content API (#10005 )

* Added API Key auth middleware to v2 content API

refs #9865

- add `auth.authenticate.authenticateContentApiKey` middleware
  - accepts `?key=` query param, sets `req.api_key` if it's a known Content API key
- add `requiresAuthorizedUserOrApiKey` authorization middleware
  - passes if either `req.user` or `req.api_key` exists
- update `authenticatePublic` middleware stack for v2 content routes

* Fixed functional content api tests

no-issue

This fixes the functional content api tests so they use the content api
auth.

* Fixed context check and removed skip

* Updated cors middleware for content api

* Removed client_id from frame.context

no-issue

The v2 api doesn't have a notion of clients as we do not use oauth for it

* Fixed tests for posts input serializer

2018-10-15 16:23:34 +07:00

2 Commits