mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-04 17:04:59 +03:00
3010d498ca
refs https://github.com/TryGhost/Toolbox/issues/292 - There are couple of reasons why we don't want to include the query string information in the outgoing notification emails: - 1. Security - we can expose the Content API key to an unauthorized person. The emails go out to administrators, so they have access to this data anyway. But for example they might forward full email content to someone from “tech team” or whoever is not really authorized to see it. 2. It looks a bit ugly and could be waaay to long breaking the email layou
32 lines
1.1 KiB
JavaScript
32 lines
1.1 KiB
JavaScript
const extractApiKey = require('@tryghost/extract-api-key');
|
|
|
|
const versionMismatchHandler = (APIVersionCompatibilityService) => {
|
|
/**
|
|
* @param {Object} err
|
|
* @param {import('express').Request} req
|
|
* @param {import('express').Response} res
|
|
* @param {import('express').NextFunction} next
|
|
*/
|
|
return async (err, req, res, next) => {
|
|
if (err && err.errorType === 'RequestNotAcceptableError') {
|
|
if (err.code === 'UPDATE_CLIENT') {
|
|
const {key, type} = extractApiKey(req);
|
|
const requestURL = req.originalUrl.split('?').shift();
|
|
|
|
await APIVersionCompatibilityService.handleMismatch({
|
|
acceptVersion: req.headers['accept-version'],
|
|
contentVersion: `v${res.locals.safeVersion}`,
|
|
requestURL,
|
|
userAgent: req.headers['user-agent'],
|
|
apiKeyValue: key,
|
|
apiKeyType: type
|
|
});
|
|
}
|
|
}
|
|
|
|
next(err, req, res);
|
|
};
|
|
};
|
|
|
|
module.exports = versionMismatchHandler;
|