mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-23 02:41:50 +03:00
5fbad09a56
refs #9865 - Changed key format to {id}:{secret} so API consumer only has to worry about copying a single value during setup - Updated key expiration time in getValidAdminToken test helper to match server side expiration check
121 lines
3.1 KiB
JavaScript
121 lines
3.1 KiB
JavaScript
const url = require('url');
|
|
const _ = require('lodash');
|
|
const testUtils = require('../../../utils');
|
|
const schema = require('../../../../server/data/schema').tables;
|
|
const API_URL = '/ghost/api/v2/admin/';
|
|
|
|
const expectedProperties = {
|
|
// API top level
|
|
posts: ['posts', 'meta'],
|
|
tags: ['tags', 'meta'],
|
|
users: ['users', 'meta'],
|
|
settings: ['settings', 'meta'],
|
|
subscribers: ['subscribers', 'meta'],
|
|
roles: ['roles'],
|
|
pagination: ['page', 'limit', 'pages', 'total', 'next', 'prev'],
|
|
slugs: ['slugs'],
|
|
slug: ['slug'],
|
|
invites: ['invites', 'meta'],
|
|
themes: ['themes'],
|
|
|
|
post: _(schema.posts)
|
|
.keys()
|
|
// by default we only return html
|
|
.without('mobiledoc', 'plaintext')
|
|
// swaps author_id to author, and always returns computed properties: url, comment_id, primary_tag, primary_author
|
|
.without('author_id').concat('author', 'url', 'primary_tag', 'primary_author')
|
|
,
|
|
user: _(schema.users)
|
|
.keys()
|
|
.without('password')
|
|
.without('ghost_auth_access_token')
|
|
,
|
|
tag: _(schema.tags)
|
|
.keys()
|
|
// Tag API swaps parent_id to parent
|
|
.without('parent_id').concat('parent')
|
|
,
|
|
setting: _(schema.settings)
|
|
.keys()
|
|
,
|
|
subscriber: _(schema.subscribers)
|
|
.keys()
|
|
,
|
|
accesstoken: _(schema.accesstokens)
|
|
.keys()
|
|
,
|
|
role: _(schema.roles)
|
|
.keys()
|
|
,
|
|
permission: _(schema.permissions)
|
|
.keys()
|
|
,
|
|
notification: ['type', 'message', 'status', 'id', 'dismissible', 'location', 'custom'],
|
|
theme: ['name', 'package', 'active'],
|
|
invite: _(schema.invites)
|
|
.keys()
|
|
.without('token')
|
|
,
|
|
webhook: _(schema.webhooks)
|
|
.keys()
|
|
.without(
|
|
'name',
|
|
'last_triggered_at',
|
|
'last_triggered_error',
|
|
'last_triggered_status',
|
|
'secret',
|
|
'integration_id'
|
|
)
|
|
};
|
|
|
|
_.each(expectedProperties, (value, key) => {
|
|
if (!value.__wrapped__) {
|
|
return;
|
|
}
|
|
|
|
/**
|
|
* @deprecated: x_by
|
|
*/
|
|
expectedProperties[key] = value
|
|
.without(
|
|
'created_by',
|
|
'updated_by',
|
|
'published_by'
|
|
)
|
|
.value();
|
|
});
|
|
|
|
module.exports = {
|
|
API: {
|
|
getApiQuery(route) {
|
|
return url.resolve(API_URL, route);
|
|
},
|
|
|
|
checkResponse(...args) {
|
|
this.expectedProperties = expectedProperties;
|
|
return testUtils.API.checkResponse.call(this, ...args);
|
|
}
|
|
},
|
|
|
|
doAuth(...args) {
|
|
return testUtils.API.doAuth(`${API_URL}session/`, ...args);
|
|
},
|
|
|
|
getValidAdminToken(endpoint) {
|
|
const jwt = require('jsonwebtoken');
|
|
const JWT_OPTIONS = {
|
|
algorithm: 'HS256',
|
|
expiresIn: '5m',
|
|
audience: endpoint
|
|
};
|
|
|
|
return jwt.sign(
|
|
{
|
|
kid: testUtils.DataGenerator.Content.api_keys[0].id
|
|
},
|
|
Buffer.from(testUtils.DataGenerator.Content.api_keys[0].secret, 'hex'),
|
|
JWT_OPTIONS
|
|
);
|
|
}
|
|
};
|