mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-22 10:21:36 +03:00
3db102a776
* Added API Key auth middleware to v2 content API refs #9865 - add `auth.authenticate.authenticateContentApiKey` middleware - accepts `?key=` query param, sets `req.api_key` if it's a known Content API key - add `requiresAuthorizedUserOrApiKey` authorization middleware - passes if either `req.user` or `req.api_key` exists - update `authenticatePublic` middleware stack for v2 content routes * Fixed functional content api tests no-issue This fixes the functional content api tests so they use the content api auth. * Fixed context check and removed skip * Updated cors middleware for content api * Removed client_id from frame.context no-issue The v2 api doesn't have a notion of clients as we do not use oauth for it * Fixed tests for posts input serializer
38 lines
1.2 KiB
JavaScript
38 lines
1.2 KiB
JavaScript
const models = require('../../../models');
|
|
const common = require('../../../lib/common');
|
|
|
|
const authenticateContentApiKey = function authenticateContentApiKey(req, res, next) {
|
|
// allow fallthrough to other auth methods or final ensureAuthenticated check
|
|
if (!req.query || !req.query.key) {
|
|
return next();
|
|
}
|
|
|
|
let key = req.query.key;
|
|
|
|
models.ApiKey.findOne({secret: key}).then((apiKey) => {
|
|
if (!apiKey) {
|
|
return next(new common.errors.UnauthorizedError({
|
|
message: common.i18n.t('errors.middleware.auth.unknownContentApiKey'),
|
|
code: 'UNKNOWN_CONTENT_API_KEY'
|
|
}));
|
|
}
|
|
|
|
if (apiKey.get('type') !== 'content') {
|
|
return next(new common.errors.UnauthorizedError({
|
|
message: common.i18n.t('errors.middleware.auth.invalidApiKeyType'),
|
|
code: 'INVALID_API_KEY_TYPE'
|
|
}));
|
|
}
|
|
|
|
// authenticated OK, store the api key on the request for later checks and logging
|
|
req.api_key = apiKey;
|
|
next();
|
|
}).catch((err) => {
|
|
next(new common.errors.InternalServerError({err}));
|
|
});
|
|
};
|
|
|
|
module.exports = {
|
|
authenticateContentApiKey
|
|
};
|