// Module dependencies var express = require('express'), when = require('when'), _ = require('underscore'), colors = require("colors"), semver = require("semver"), errors = require('./server/errorHandling'), admin = require('./server/controllers/admin'), frontend = require('./server/controllers/frontend'), api = require('./server/api'), Ghost = require('./ghost'), I18n = require('./shared/lang/i18n'), helpers = require('./server/helpers'), packageInfo = require('../package.json'), // Variables loading = when.defer(), server = express(), ghost = new Ghost(); // ##Custom Middleware // ### Auth Middleware // Authenticate a request by redirecting to login if not logged in. // We strip /ghost/ out of the redirect parameter for neatness function auth(req, res, next) { if (!req.session.user) { var path = req.path.replace(/^\/ghost\/?/gi, ''), redirect = '', msg; if (path !== '') { msg = { type: 'error', message: 'Please Sign In', status: 'passive', id: 'failedauth' }; // let's only add the notification once if (!_.contains(_.pluck(ghost.notifications, 'id'), 'failedauth')) { ghost.notifications.push(msg); } redirect = '?r=' + encodeURIComponent(path); } return res.redirect('/ghost/signin/' + redirect); } next(); } // Check if we're logged in, and if so, redirect people back to dashboard // Login and signup forms in particular function redirectToDashboard(req, res, next) { if (req.session.user) { return res.redirect('/ghost/'); } next(); } function redirectToSignup(req, res, next) { api.users.browse().then(function (users) { if (users.length === 0) { return res.redirect('/ghost/signup/'); } }); next(); } // While we're here, let's clean up on aisle 5 // That being ghost.notifications, and let's remove the passives from there // plus the local messages, as they have already been added at this point // otherwise they'd appear one too many times function cleanNotifications(req, res, next) { ghost.notifications = _.reject(ghost.notifications, function (notification) { return notification.status === 'passive'; }); next(); } // ## AuthApi Middleware // Authenticate a request to the API by responding with a 401 and json error details function authAPI(req, res, next) { if (!req.session.user) { // TODO: standardize error format/codes/messages res.json(401, { error: 'Please sign in' }); return; } next(); } // ### GhostAdmin Middleware // Uses the URL to detect whether this response should be an admin response // This is used to ensure the right content is served, and is not for security purposes function isGhostAdmin(req, res, next) { res.isAdmin = /(^\/ghost$|^\/ghost\/)/.test(req.url); next(); } // ### GhostLocals Middleware // Expose the standard locals that every external page should have available, // separating between the frontend / theme and the admin function ghostLocals(req, res, next) { // Make sure we have a locals value. res.locals = res.locals || {}; res.locals.version = packageInfo.version; if (res.isAdmin) { api.users.read({id: req.session.user}).then(function (currentUser) { _.extend(res.locals, { // pass the admin flash messages, settings and paths messages: ghost.notifications, settings: ghost.settings(), availableThemes: ghost.paths().availableThemes, availablePlugins: ghost.paths().availablePlugins, currentUser: { name: currentUser.attributes.name, profile: currentUser.attributes.image } }); next(); }).otherwise(function () { _.extend(res.locals, { // pass the admin flash messages, settings and paths messages: ghost.notifications, settings: ghost.settings(), availableThemes: ghost.paths().availableThemes, availablePlugins: ghost.paths().availablePlugins }); next(); }); } else { next(); } } // ### DisableCachedResult Middleware // Disable any caching until it can be done properly function disableCachedResult(req, res, next) { res.set({ "Cache-Control": "no-cache, must-revalidate", "Expires": "Sat, 26 Jul 1997 05:00:00 GMT" }); next(); } // Expose the promise we will resolve after our pre-loading ghost.loaded = loading.promise; when.all([ghost.init(), helpers.loadCoreHelpers(ghost)]).then(function () { // ##Configuration server.configure(function () { server.use(isGhostAdmin); server.use(express.favicon(__dirname + '/shared/favicon.ico')); server.use(I18n.load(ghost)); server.use(express.bodyParser({})); server.use(express.bodyParser({uploadDir: __dirname + '/content/images'})); server.use(express.cookieParser(ghost.dbHash)); server.use(express.cookieSession({ cookie: { maxAge: 60000000 }})); server.use(ghost.initTheme(server)); if (process.env.NODE_ENV !== "development") { server.use(express.logger()); server.use(express.errorHandler({ dumpExceptions: false, showStack: false })); } }); // Development only configuration server.configure("development", function () { server.use(express.errorHandler({ dumpExceptions: true, showStack: true })); server.use(express.logger('dev')); }); // post init config server.use(ghostLocals); // So on every request we actually clean out reduntant passive notifications from the server side server.use(cleanNotifications); // ## Routing // ### API routes /* TODO: auth should be public auth not user auth */ // #### Posts server.get('/api/v0.1/posts', authAPI, disableCachedResult, api.requestHandler(api.posts.browse)); server.post('/api/v0.1/posts', authAPI, disableCachedResult, api.requestHandler(api.posts.add)); server.get('/api/v0.1/posts/:id', authAPI, disableCachedResult, api.requestHandler(api.posts.read)); server.put('/api/v0.1/posts/:id', authAPI, disableCachedResult, api.requestHandler(api.posts.edit)); server.del('/api/v0.1/posts/:id', authAPI, disableCachedResult, api.requestHandler(api.posts.destroy)); // #### Settings server.get('/api/v0.1/settings', authAPI, disableCachedResult, api.requestHandler(api.settings.browse)); server.get('/api/v0.1/settings/:key', authAPI, disableCachedResult, api.requestHandler(api.settings.read)); server.put('/api/v0.1/settings', authAPI, disableCachedResult, api.requestHandler(api.settings.edit)); // #### Users server.get('/api/v0.1/users', authAPI, disableCachedResult, api.requestHandler(api.users.browse)); server.get('/api/v0.1/users/:id', authAPI, disableCachedResult, api.requestHandler(api.users.read)); server.put('/api/v0.1/users/:id', authAPI, disableCachedResult, api.requestHandler(api.users.edit)); // #### Tags server.get('/api/v0.1/tags', authAPI, disableCachedResult, api.requestHandler(api.tags.all)); // #### Notifications server.del('/api/v0.1/notifications/:id', authAPI, disableCachedResult, api.requestHandler(api.notifications.destroy)); server.post('/api/v0.1/notifications/', authAPI, disableCachedResult, api.requestHandler(api.notifications.add)); // ### Admin routes /* TODO: put these somewhere in admin */ server.get(/^\/logout\/?$/, function redirect(req, res) { res.redirect(301, '/signout/'); }); server.get(/^\/signout\/?$/, admin.logout); server.get('/ghost/login/', function redirect(req, res) { res.redirect(301, '/ghost/signin/'); }); server.get('/ghost/signin/', redirectToSignup, redirectToDashboard, admin.login); server.get('/ghost/signup/', redirectToDashboard, admin.signup); server.get('/ghost/forgotten/', redirectToDashboard, admin.forgotten); server.post('/ghost/forgotten/', admin.resetPassword); server.post('/ghost/signin/', admin.auth); server.post('/ghost/signup/', admin.doRegister); server.post('/ghost/changepw/', auth, admin.changepw); server.get('/ghost/editor/:id', auth, admin.editor); server.get('/ghost/editor', auth, admin.editor); server.get('/ghost/content', auth, admin.content); server.get('/ghost/settings*', auth, admin.settings); server.get('/ghost/debug/', auth, admin.debug.index); server.get('/ghost/debug/db/export/', auth, admin.debug['export']); server.post('/ghost/debug/db/import/', auth, admin.debug['import']); server.get('/ghost/debug/db/reset/', auth, admin.debug.reset); server.post('/ghost/upload', admin.uploader); server.get(/^\/(ghost$|(ghost-admin|admin|wp-admin|dashboard|signin)\/?)/, auth, function (req, res) { res.redirect('/ghost/'); }); server.get('/ghost/', redirectToSignup, auth, admin.index); // ### Frontend routes /* TODO: dynamic routing, homepage generator, filters ETC ETC */ server.get('/rss/', frontend.rss); server.get('/rss/:page/', frontend.rss); server.get('/:slug', frontend.single); server.get('/', frontend.homepage); server.get('/page/:page/', frontend.homepage); // ## Start Ghost App server.listen( ghost.config().server.port, ghost.config().server.host, function () { // Tell users if their node version is not supported, and exit if (!semver.satisfies(process.versions.node, packageInfo.engines.node)) { console.log( "\nERROR: Unsupported version of Node".red, "\nGhost needs Node version".red, packageInfo.engines.node.yellow, "you are using version".red, process.versions.node.yellow, "\nPlease go to http://nodejs.org to get the latest version".green ); process.exit(0); } // Startup & Shutdown messages if (process.env.NODE_ENV === 'production') { console.log( "Ghost is running...".green, "\nYour blog is now available on", ghost.config().url, "\nCtrl+C to shut down".grey ); // ensure that Ghost exits correctly on Ctrl+C process.on('SIGINT', function () { console.log( "\nGhost has shut down".red, "\nYour blog is now offline" ); process.exit(0); }); } else { console.log( "Ghost is running...".green, "\nListening on", ghost.config().server.host + ':' + ghost.config().server.port, "\nUrl configured as:", ghost.config().url, "\nCtrl+C to shut down".grey ); // ensure that Ghost exits correctly on Ctrl+C process.on('SIGINT', function () { console.log( "\nGhost has shutdown".red, "\nGhost was running for", Math.round(process.uptime()), "seconds" ); process.exit(0); }); } // Let everyone know we have finished loading loading.resolve(); } ); }, errors.logAndThrowError);