1
0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-20 01:03:23 +03:00
Ghost/core/server/auth/authorize.js
David Wolfe c3fcb3105f Add ghost-backup client to trigger export ()
no issue
- adds a ghost-backup client
- adds a client authenticated endpoint to export blog for ghost-backup client only
- allows some additional overrides during import
- allows for an import by file to override locking a user and double hashing the password
2017-08-22 11:15:40 +01:00

43 lines
1.5 KiB
JavaScript

var errors = require('../errors'),
labs = require('../utils/labs'),
i18n = require('../i18n'),
authorize;
authorize = {
// Workaround for missing permissions
// TODO: rework when https://github.com/TryGhost/Ghost/issues/3911 is done
requiresAuthorizedUser: function requiresAuthorizedUser(req, res, next) {
if (req.user && req.user.id) {
return next();
} else {
return next(new errors.NoPermissionError({message: i18n.t('errors.middleware.auth.pleaseSignIn')}));
}
},
// ### Require user depending on public API being activated.
requiresAuthorizedUserPublicAPI: function requiresAuthorizedUserPublicAPI(req, res, next) {
if (labs.isSet('publicAPI') === true) {
return next();
} else {
if (req.user && req.user.id) {
return next();
} else {
return next(new errors.NoPermissionError({message: i18n.t('errors.middleware.auth.pleaseSignIn')}));
}
}
},
// Requires the authenticated client to match specific client
requiresAuthorizedClient: function requiresAuthorizedClient(client) {
return function doAuthorizedClient(req, res, next) {
if (!req.client || !req.client.name || req.client.name !== client) {
return next(new errors.NoPermissionError({message: i18n.t('errors.permissions.noPermissionToAction')}));
}
return next();
};
}
};
module.exports = authorize;