mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-07 03:22:21 +03:00
a02a43e6fa
no-issue * Corrected function names for rpc methods * Updated gateway to store tokens locally * Fixed lint * Added hardcoded 30 minute expiry for member tokens * Added default contentApiAccess config; * Updated validateAudience method This is required for security, we need to restrict which domains can access tokens meant for the content api
136 lines
3.4 KiB
JavaScript
136 lines
3.4 KiB
JavaScript
const url = require('url');
|
|
const settingsCache = require('../settings/cache');
|
|
const config = require('../../config');
|
|
const MembersApi = require('../../lib/members');
|
|
const models = require('../../models');
|
|
const mail = require('../mail');
|
|
|
|
function createMember({name, email, password}) {
|
|
return models.Member.add({
|
|
name,
|
|
email,
|
|
password
|
|
}).then((member) => {
|
|
return member.toJSON();
|
|
});
|
|
}
|
|
|
|
function updateMember(member, newData) {
|
|
return models.Member.findOne(member, {
|
|
require: true
|
|
}).then(({id}) => {
|
|
return models.Member.edit(newData, {id});
|
|
}).then((member) => {
|
|
return member.toJSON();
|
|
});
|
|
}
|
|
|
|
function getMember(data, options) {
|
|
options = options || {};
|
|
return models.Member.findOne(data, options).then((model) => {
|
|
if (!model) {
|
|
return null;
|
|
}
|
|
return model.toJSON(options);
|
|
});
|
|
}
|
|
|
|
function listMembers(options) {
|
|
return models.Member.findPage(options).then((models) => {
|
|
return {
|
|
members: models.data.map(model => model.toJSON(options)),
|
|
meta: models.meta
|
|
};
|
|
});
|
|
}
|
|
|
|
function validateMember({email, password}) {
|
|
return models.Member.findOne({email}, {
|
|
require: true
|
|
}).then((member) => {
|
|
return member.comparePassword(password).then((res) => {
|
|
if (!res) {
|
|
throw new Error('Password is incorrect');
|
|
}
|
|
return member;
|
|
});
|
|
}).then((member) => {
|
|
return member.toJSON();
|
|
});
|
|
}
|
|
|
|
const publicKey = settingsCache.get('members_public_key');
|
|
const privateKey = settingsCache.get('members_private_key');
|
|
const sessionSecret = settingsCache.get('members_session_secret');
|
|
const passwordResetUrl = config.get('url');
|
|
const {protocol, host} = url.parse(config.get('url'));
|
|
const siteOrigin = `${protocol}//${host}`;
|
|
const issuer = siteOrigin;
|
|
const ssoOrigin = siteOrigin;
|
|
let mailer;
|
|
|
|
const membersConfig = config.get('members');
|
|
|
|
function validateAudience({audience, origin}) {
|
|
if (audience === origin) {
|
|
return Promise.resolve();
|
|
}
|
|
if (audience === siteOrigin) {
|
|
if (membersConfig.contentApiAccess.includes(origin)) {
|
|
return Promise.resolve();
|
|
}
|
|
}
|
|
return Promise.reject();
|
|
}
|
|
|
|
function sendEmail(member, {token}) {
|
|
if (!(mailer instanceof mail.GhostMailer)) {
|
|
mailer = new mail.GhostMailer();
|
|
}
|
|
const message = {
|
|
to: member.email,
|
|
subject: 'Reset password',
|
|
html: `
|
|
Hi ${member.name},
|
|
|
|
To reset your password, click the following link and follow the instructions:
|
|
|
|
${passwordResetUrl}#reset-password?token=${token}
|
|
|
|
If you didn't request a password change, just ignore this email.
|
|
`
|
|
};
|
|
|
|
/* eslint-disable */
|
|
// @TODO remove this
|
|
console.log(message.html);
|
|
/* eslint-enable */
|
|
return mailer.send(message).catch((err) => {
|
|
return Promise.reject(err);
|
|
});
|
|
}
|
|
|
|
const api = MembersApi({
|
|
authConfig: {
|
|
issuer,
|
|
publicKey,
|
|
privateKey,
|
|
sessionSecret,
|
|
ssoOrigin
|
|
},
|
|
paymentConfig: {
|
|
processors: membersConfig.paymentProcessors
|
|
},
|
|
validateAudience,
|
|
createMember,
|
|
getMember,
|
|
listMembers,
|
|
validateMember,
|
|
updateMember,
|
|
sendEmail
|
|
});
|
|
|
|
module.exports = api;
|
|
module.exports.publicKey = publicKey;
|
|
module.exports.paymentConfigured = !!membersConfig.paymentProcessors.length;
|