mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-22 10:21:36 +03:00
631716053a
closes #10174 - Introduced upload middleware that cleans up temporary files stored by mutler after the request is finished - Removed redundant fs.remove calls as this work is now handled in newly introduced middleware
231 lines
9.6 KiB
JavaScript
231 lines
9.6 KiB
JavaScript
const express = require('express');
|
|
// This essentially provides the controllers for the routes
|
|
const api = require('../../../api');
|
|
|
|
// Middleware
|
|
const mw = require('./middleware');
|
|
|
|
// API specific
|
|
const auth = require('../../../services/auth');
|
|
const cors = require('../../shared/middlewares/api/cors');
|
|
const brute = require('../../shared/middlewares/brute');
|
|
|
|
// Handling uploads & imports
|
|
const upload = require('../../shared/middlewares/upload');
|
|
const validation = require('../../shared/middlewares/validation');
|
|
const image = require('../../shared/middlewares/image');
|
|
|
|
// Temporary
|
|
// @TODO find a more appy way to do this!
|
|
const labs = require('../../shared/middlewares/labs');
|
|
|
|
module.exports = function apiRoutes() {
|
|
const apiRouter = express.Router();
|
|
|
|
// alias delete with del
|
|
apiRouter.del = apiRouter.delete;
|
|
|
|
// ## CORS pre-flight check
|
|
apiRouter.options('*', cors);
|
|
|
|
// ## Configuration
|
|
apiRouter.get('/configuration', api.http(api.configuration.read));
|
|
apiRouter.get('/configuration/:key', mw.authenticatePrivate, api.http(api.configuration.read));
|
|
|
|
// ## Posts
|
|
apiRouter.get('/posts', mw.authenticatePublic, api.http(api.posts.browse));
|
|
|
|
apiRouter.post('/posts', mw.authenticatePrivate, api.http(api.posts.add));
|
|
apiRouter.get('/posts/:id', mw.authenticatePublic, api.http(api.posts.read));
|
|
apiRouter.get('/posts/slug/:slug', mw.authenticatePublic, api.http(api.posts.read));
|
|
apiRouter.put('/posts/:id', mw.authenticatePrivate, api.http(api.posts.edit));
|
|
apiRouter.del('/posts/:id', mw.authenticatePrivate, api.http(api.posts.destroy));
|
|
|
|
// ## Schedules
|
|
apiRouter.put('/schedules/posts/:id', [
|
|
auth.authenticate.authenticateClient,
|
|
auth.authenticate.authenticateUser
|
|
], api.http(api.schedules.publishPost));
|
|
|
|
// ## Settings
|
|
apiRouter.get('/settings/routes/yaml', mw.authenticatePrivate, api.http(api.settings.download));
|
|
apiRouter.post('/settings/routes/yaml',
|
|
mw.authenticatePrivate,
|
|
upload.single('routes'),
|
|
validation.upload({type: 'routes'}),
|
|
api.http(api.settings.upload)
|
|
);
|
|
|
|
apiRouter.get('/settings', mw.authenticatePrivate, api.http(api.settings.browse));
|
|
apiRouter.get('/settings/:key', mw.authenticatePrivate, api.http(api.settings.read));
|
|
apiRouter.put('/settings', mw.authenticatePrivate, api.http(api.settings.edit));
|
|
|
|
// ## Users
|
|
apiRouter.get('/users', mw.authenticatePublic, api.http(api.users.browse));
|
|
apiRouter.get('/users/:id', mw.authenticatePublic, api.http(api.users.read));
|
|
apiRouter.get('/users/slug/:slug', mw.authenticatePublic, api.http(api.users.read));
|
|
// NOTE: We don't expose any email addresses via the public api.
|
|
apiRouter.get('/users/email/:email', mw.authenticatePrivate, api.http(api.users.read));
|
|
|
|
apiRouter.put('/users/password', mw.authenticatePrivate, api.http(api.users.changePassword));
|
|
apiRouter.put('/users/owner', mw.authenticatePrivate, api.http(api.users.transferOwnership));
|
|
apiRouter.put('/users/:id', mw.authenticatePrivate, api.http(api.users.edit));
|
|
apiRouter.del('/users/:id', mw.authenticatePrivate, api.http(api.users.destroy));
|
|
|
|
// ## Tags
|
|
apiRouter.get('/tags', mw.authenticatePublic, api.http(api.tags.browse));
|
|
apiRouter.get('/tags/:id', mw.authenticatePublic, api.http(api.tags.read));
|
|
apiRouter.get('/tags/slug/:slug', mw.authenticatePublic, api.http(api.tags.read));
|
|
apiRouter.post('/tags', mw.authenticatePrivate, api.http(api.tags.add));
|
|
apiRouter.put('/tags/:id', mw.authenticatePrivate, api.http(api.tags.edit));
|
|
apiRouter.del('/tags/:id', mw.authenticatePrivate, api.http(api.tags.destroy));
|
|
|
|
// ## Subscribers
|
|
apiRouter.get('/subscribers', labs.subscribers, mw.authenticatePrivate, api.http(api.subscribers.browse));
|
|
apiRouter.get('/subscribers/csv', labs.subscribers, mw.authenticatePrivate, api.http(api.subscribers.exportCSV));
|
|
apiRouter.post('/subscribers/csv',
|
|
labs.subscribers,
|
|
mw.authenticatePrivate,
|
|
upload.single('subscribersfile'),
|
|
validation.upload({type: 'subscribers'}),
|
|
api.http(api.subscribers.importCSV)
|
|
);
|
|
apiRouter.get('/subscribers/:id', labs.subscribers, mw.authenticatePrivate, api.http(api.subscribers.read));
|
|
apiRouter.get('/subscribers/email/:email', labs.subscribers, mw.authenticatePrivate, api.http(api.subscribers.read));
|
|
apiRouter.post('/subscribers', labs.subscribers, mw.authenticatePublic, api.http(api.subscribers.add));
|
|
apiRouter.put('/subscribers/:id', labs.subscribers, mw.authenticatePrivate, api.http(api.subscribers.edit));
|
|
apiRouter.del('/subscribers/:id', labs.subscribers, mw.authenticatePrivate, api.http(api.subscribers.destroy));
|
|
apiRouter.del('/subscribers/email/:email', labs.subscribers, mw.authenticatePrivate, api.http(api.subscribers.destroy));
|
|
|
|
// ## Roles
|
|
apiRouter.get('/roles/', mw.authenticatePrivate, api.http(api.roles.browse));
|
|
|
|
// ## Clients
|
|
apiRouter.get('/clients/slug/:slug', api.http(api.clients.read));
|
|
|
|
// ## Slugs
|
|
apiRouter.get('/slugs/:type/:name', mw.authenticatePrivate, api.http(api.slugs.generate));
|
|
|
|
// ## Themes
|
|
apiRouter.get('/themes/', mw.authenticatePrivate, api.http(api.themes.browse));
|
|
|
|
apiRouter.get('/themes/:name/download',
|
|
mw.authenticatePrivate,
|
|
api.http(api.themes.download)
|
|
);
|
|
|
|
apiRouter.post('/themes/upload',
|
|
mw.authenticatePrivate,
|
|
upload.single('theme'),
|
|
validation.upload({type: 'themes'}),
|
|
api.http(api.themes.upload)
|
|
);
|
|
|
|
apiRouter.put('/themes/:name/activate',
|
|
mw.authenticatePrivate,
|
|
api.http(api.themes.activate)
|
|
);
|
|
|
|
apiRouter.del('/themes/:name',
|
|
mw.authenticatePrivate,
|
|
api.http(api.themes.destroy)
|
|
);
|
|
|
|
// ## Notifications
|
|
apiRouter.get('/notifications', mw.authenticatePrivate, api.http(api.notifications.browse));
|
|
apiRouter.post('/notifications', mw.authenticatePrivate, api.http(api.notifications.add));
|
|
apiRouter.del('/notifications/:id', mw.authenticatePrivate, api.http(api.notifications.destroy));
|
|
|
|
// ## DB
|
|
apiRouter.get('/db', mw.authenticatePrivate, api.http(api.db.exportContent));
|
|
apiRouter.post('/db',
|
|
mw.authenticatePrivate,
|
|
upload.single('importfile'),
|
|
validation.upload({type: 'db'}),
|
|
api.http(api.db.importContent)
|
|
);
|
|
apiRouter.del('/db', mw.authenticatePrivate, api.http(api.db.deleteAllContent));
|
|
|
|
// ## Mail
|
|
apiRouter.post('/mail', mw.authenticatePrivate, api.http(api.mail.send));
|
|
apiRouter.post('/mail/test', mw.authenticatePrivate, api.http(api.mail.sendTest));
|
|
|
|
// ## Slack
|
|
apiRouter.post('/slack/test', mw.authenticatePrivate, api.http(api.slack.sendTest));
|
|
|
|
// ## Authentication
|
|
apiRouter.post('/authentication/passwordreset',
|
|
brute.globalReset,
|
|
brute.userReset,
|
|
api.http(api.authentication.generateResetToken)
|
|
);
|
|
apiRouter.put('/authentication/passwordreset', brute.globalBlock, api.http(api.authentication.resetPassword));
|
|
apiRouter.post('/authentication/invitation', api.http(api.authentication.acceptInvitation));
|
|
apiRouter.get('/authentication/invitation', api.http(api.authentication.isInvitation));
|
|
apiRouter.post('/authentication/setup', api.http(api.authentication.setup));
|
|
apiRouter.put('/authentication/setup', mw.authenticatePrivate, api.http(api.authentication.updateSetup));
|
|
apiRouter.get('/authentication/setup', api.http(api.authentication.isSetup));
|
|
|
|
apiRouter.post('/authentication/token',
|
|
mw.authenticateClient(),
|
|
brute.globalBlock,
|
|
brute.userLogin,
|
|
auth.oauth.generateAccessToken
|
|
);
|
|
|
|
apiRouter.post('/authentication/revoke', mw.authenticatePrivate, api.http(api.authentication.revoke));
|
|
|
|
// ## Uploads
|
|
// @TODO: rename endpoint to /images/upload (or similar)
|
|
apiRouter.post('/uploads',
|
|
mw.authenticatePrivate,
|
|
upload.single('uploadimage'),
|
|
validation.upload({type: 'images'}),
|
|
image.normalize,
|
|
api.http(api.uploads.add)
|
|
);
|
|
|
|
apiRouter.post('/uploads/profile-image',
|
|
mw.authenticatePrivate,
|
|
upload.single('uploadimage'),
|
|
validation.upload({type: 'images'}),
|
|
validation.profileImage,
|
|
image.normalize,
|
|
api.http(api.uploads.add)
|
|
);
|
|
|
|
apiRouter.post('/db/backup', mw.authenticateClient('Ghost Backup'), api.http(api.db.backupContent));
|
|
|
|
apiRouter.post('/uploads/icon',
|
|
mw.authenticatePrivate,
|
|
upload.single('uploadimage'),
|
|
validation.upload({type: 'icons'}),
|
|
validation.blogIcon(),
|
|
api.http(api.uploads.add)
|
|
);
|
|
|
|
// ## Invites
|
|
apiRouter.get('/invites', mw.authenticatePrivate, api.http(api.invites.browse));
|
|
apiRouter.get('/invites/:id', mw.authenticatePrivate, api.http(api.invites.read));
|
|
apiRouter.post('/invites', mw.authenticatePrivate, api.http(api.invites.add));
|
|
apiRouter.del('/invites/:id', mw.authenticatePrivate, api.http(api.invites.destroy));
|
|
|
|
// ## Redirects (JSON based)
|
|
apiRouter.get('/redirects/json', mw.authenticatePrivate, api.http(api.redirects.download));
|
|
apiRouter.post('/redirects/json',
|
|
mw.authenticatePrivate,
|
|
upload.single('redirects'),
|
|
validation.upload({type: 'redirects'}),
|
|
api.http(api.redirects.upload)
|
|
);
|
|
|
|
// ## Webhooks (RESTHooks)
|
|
apiRouter.post('/webhooks', mw.authenticatePrivate, api.http(api.webhooks.add));
|
|
apiRouter.del('/webhooks/:id', mw.authenticatePrivate, api.http(api.webhooks.destroy));
|
|
|
|
// ## Oembed (fetch response from oembed provider)
|
|
apiRouter.get('/oembed', mw.authenticatePrivate, api.http(api.oembed.read));
|
|
|
|
return apiRouter;
|
|
};
|