const url = require('url'); const _ = require('lodash'); const testUtils = require('../../../utils'); const schema = require('../../../../server/data/schema').tables; const API_URL = '/ghost/api/v2/admin/'; const expectedProperties = { // API top level posts: ['posts', 'meta'], tags: ['tags', 'meta'], users: ['users', 'meta'], settings: ['settings', 'meta'], subscribers: ['subscribers', 'meta'], roles: ['roles'], pagination: ['page', 'limit', 'pages', 'total', 'next', 'prev'], slugs: ['slugs'], slug: ['slug'], invites: ['invites', 'meta'], themes: ['themes'], post: _(schema.posts) .keys() // by default we only return html .without('mobiledoc', 'plaintext') // swaps author_id to author, and always returns computed properties: url, comment_id, primary_tag, primary_author .without('author_id').concat('author', 'url', 'primary_tag', 'primary_author') , user: _(schema.users) .keys() .without('password') .without('ghost_auth_access_token') , tag: _(schema.tags) .keys() // Tag API swaps parent_id to parent .without('parent_id').concat('parent') , setting: _(schema.settings) .keys() , subscriber: _(schema.subscribers) .keys() , accesstoken: _(schema.accesstokens) .keys() , role: _(schema.roles) .keys() , permission: _(schema.permissions) .keys() , notification: ['type', 'message', 'status', 'id', 'dismissible', 'location', 'custom'], theme: ['name', 'package', 'active'], invite: _(schema.invites) .keys() .without('token') , webhook: _(schema.webhooks) .keys() .without( 'name', 'last_triggered_at', 'last_triggered_error', 'last_triggered_status', 'secret', 'integration_id' ) }; _.each(expectedProperties, (value, key) => { if (!value.__wrapped__) { return; } /** * @deprecated: x_by */ expectedProperties[key] = value .without( 'created_by', 'updated_by', 'published_by' ) .value(); }); module.exports = { API: { getApiQuery(route) { return url.resolve(API_URL, route); }, checkResponse(...args) { this.expectedProperties = expectedProperties; return testUtils.API.checkResponse.call(this, ...args); } }, doAuth(...args) { return testUtils.API.doAuth(`${API_URL}session/`, ...args); }, getValidAdminToken(endpoint) { const jwt = require('jsonwebtoken'); const JWT_OPTIONS = { algorithm: 'HS256', audience: endpoint }; return jwt.sign( { kid: testUtils.DataGenerator.Content.api_keys[0].id }, Buffer.from(testUtils.DataGenerator.Content.api_keys[0].secret, 'hex'), JWT_OPTIONS ); } };