mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-22 18:31:57 +03:00
57271127f4
refs #9866 - Registered Content API under /ghost/api/v2/content/ - Registered Admin API under /ghost/api/v2/admin/ - Moved API v0.1 implementation to web/api/v0.1 - Created web/api/v2 for the new api endpoints - Started with reducing the implementation for the new Content API (the Content api does not serve admin api endpoints, that's why it was reducible) - Covered parent-app module with basic test checking correct applications/routes are being mounted - Added a readme file, which contains a warning using v2, because it's under active development! - This PR does only make the new endpoints available, we have not: - optimised the web folder (e.g. res.isAdmin) - started with different API controllers - reason: we want to do more preparation tasks before we copy the api controllers
53 lines
1.5 KiB
JavaScript
53 lines
1.5 KiB
JavaScript
const prettyURLs = require('../../middleware/pretty-urls'),
|
|
cors = require('../../middleware/api/cors'),
|
|
urlRedirects = require('../../middleware/url-redirects'),
|
|
auth = require('../../../services/auth');
|
|
|
|
/**
|
|
* Auth Middleware Packages
|
|
*
|
|
* IMPORTANT
|
|
* - cors middleware MUST happen before pretty urls, because otherwise cors header can get lost on redirect
|
|
* - cors middleware MUST happen after authenticateClient, because authenticateClient reads the trusted domains
|
|
* - url redirects MUST happen after cors, otherwise cors header can get lost on redirect
|
|
*/
|
|
|
|
/**
|
|
* Authentication for public endpoints
|
|
*/
|
|
module.exports.authenticatePublic = [
|
|
auth.authenticate.authenticateClient,
|
|
auth.authenticate.authenticateUser,
|
|
// This is a labs-enabled middleware
|
|
auth.authorize.requiresAuthorizedUserPublicAPI,
|
|
cors,
|
|
urlRedirects,
|
|
prettyURLs
|
|
];
|
|
|
|
/**
|
|
* Authentication for private endpoints
|
|
*/
|
|
module.exports.authenticatePrivate = [
|
|
auth.authenticate.authenticateClient,
|
|
auth.authenticate.authenticateUser,
|
|
auth.authorize.requiresAuthorizedUser,
|
|
cors,
|
|
urlRedirects,
|
|
prettyURLs
|
|
];
|
|
|
|
/**
|
|
* Authentication for client endpoints
|
|
*/
|
|
module.exports.authenticateClient = function authenticateClient(client) {
|
|
return [
|
|
auth.authenticate.authenticateClient,
|
|
auth.authenticate.authenticateUser,
|
|
auth.authorize.requiresAuthorizedClient(client),
|
|
cors,
|
|
urlRedirects,
|
|
prettyURLs
|
|
];
|
|
};
|