mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-22 18:31:57 +03:00
cda041d424
refs https://github.com/TryGhost/Team/issues/1083 The Offers service is going to need access to the StripeAPIService too, so we need to move it out of the @tryghost/members-api module and make it accessible to both.
58 lines
1.7 KiB
JavaScript
58 lines
1.7 KiB
JavaScript
const jwt = require('express-jwt');
|
|
const {UnauthorizedError} = require('@tryghost/errors');
|
|
const membersService = require('../../members');
|
|
const config = require('../../../../shared/config');
|
|
|
|
let UNO_MEMBERINO;
|
|
|
|
async function createMiddleware() {
|
|
const url = require('url');
|
|
const {protocol, host} = url.parse(config.get('url'));
|
|
const siteOrigin = `${protocol}//${host}`;
|
|
|
|
const membersConfig = await membersService.api.getPublicConfig();
|
|
return jwt({
|
|
credentialsRequired: false,
|
|
requestProperty: 'member',
|
|
audience: siteOrigin,
|
|
issuer: membersConfig.issuer,
|
|
algorithms: ['RS512'],
|
|
secret: membersConfig.publicKey,
|
|
getToken(req) {
|
|
if (!req.get('authorization')) {
|
|
return null;
|
|
}
|
|
|
|
const [scheme, credentials] = req.get('authorization').split(/\s+/);
|
|
|
|
if (scheme !== 'GhostMembers') {
|
|
return null;
|
|
}
|
|
|
|
return credentials;
|
|
}
|
|
});
|
|
}
|
|
|
|
module.exports = {
|
|
get authenticateMembersToken() {
|
|
return async function (req, res, next) {
|
|
if (!UNO_MEMBERINO) {
|
|
UNO_MEMBERINO = await createMiddleware();
|
|
}
|
|
try {
|
|
const middleware = UNO_MEMBERINO;
|
|
|
|
middleware(req, res, function (err, ...rest) {
|
|
if (err && err.name === 'UnauthorizedError') {
|
|
return next(new UnauthorizedError({err}), ...rest);
|
|
}
|
|
return next(err, ...rest);
|
|
});
|
|
} catch (err) {
|
|
next(err);
|
|
}
|
|
};
|
|
}
|
|
};
|