mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-18 16:01:40 +03:00
68af2145a1
no issue - removes count from user checks model - uses brute express brute with brute-knex adaptor to store persisted data on spam prevention - implement brute force protection for password/token exchange, password resets and private blogging
43 lines
1.3 KiB
JavaScript
43 lines
1.3 KiB
JavaScript
var path = require('path'),
|
|
express = require('express'),
|
|
middleware = require('./middleware'),
|
|
bodyParser = require('body-parser'),
|
|
templates = require('../../../controllers/frontend/templates'),
|
|
setResponseContext = require('../../../controllers/frontend/context'),
|
|
brute = require('../../../middleware/brute'),
|
|
privateRouter = express.Router();
|
|
|
|
function controller(req, res) {
|
|
var defaultView = path.resolve(__dirname, 'views', 'private.hbs'),
|
|
paths = templates.getActiveThemePaths(req.app.get('activeTheme')),
|
|
data = {};
|
|
|
|
if (res.error) {
|
|
data.error = res.error;
|
|
}
|
|
|
|
setResponseContext(req, res);
|
|
if (paths.hasOwnProperty('private.hbs')) {
|
|
return res.render('private', data);
|
|
} else {
|
|
return res.render(defaultView, data);
|
|
}
|
|
}
|
|
|
|
// password-protected frontend route
|
|
privateRouter.route('/')
|
|
.get(
|
|
middleware.isPrivateSessionAuth,
|
|
controller
|
|
)
|
|
.post(
|
|
bodyParser.urlencoded({extended: true}),
|
|
middleware.isPrivateSessionAuth,
|
|
brute.privateBlog,
|
|
middleware.authenticateProtection,
|
|
controller
|
|
);
|
|
|
|
module.exports = privateRouter;
|
|
module.exports.controller = controller;
|