TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-11 09:53:32 +03:00
Code Issues Projects Releases Wiki Activity
93781a0e78
Ghost/core/server/services/auth/authorize.js
Fabien O'Carroll 93781a0e78 🚧 Authorized Content API requests with req.member 
closes #10111

The members labs setting is required to be set for req.member to be
considered valid authorization
2018-11-08 13:34:29 +07:00

65 lines
2.4 KiB
JavaScript
Raw Blame History

const labs = require('../labs');
const session = require('./session');
const common = require('../../lib/common');
const authorize = {
// Workaround for missing permissions
// TODO: rework when https://github.com/TryGhost/Ghost/issues/3911 is done
requiresAuthorizedUser: function requiresAuthorizedUser(req, res, next) {
if (req.user && req.user.id) {
return next();
} else {
return next(new common.errors.NoPermissionError({message: common.i18n.t('errors.middleware.auth.pleaseSignIn')}));
}
},
// ### Require user depending on public API being activated.
requiresAuthorizedUserPublicAPI: function requiresAuthorizedUserPublicAPI(req, res, next) {
if (labs.isSet('publicAPI') === true) {
return next();
} else {
if (req.user && req.user.id) {
return next();
} else {
return next(new common.errors.NoPermissionError({message: common.i18n.t('errors.middleware.auth.pleaseSignIn')}));
}
}
},
// Requires the authenticated client to match specific client
requiresAuthorizedClient: function requiresAuthorizedClient(client) {
return function doAuthorizedClient(req, res, next) {
if (client && (!req.client || !req.client.name || req.client.name !== client)) {
return next(new common.errors.NoPermissionError({message: common.i18n.t('errors.permissions.noPermissionToAction')}));
}
return next();
};
},
authorizeAdminAPI: [session.ensureUser],
authorizeContentApi(req, res, next) {
const hasApiKey = req.api_key && req.api_key.id;
const hasMember = req.member;
if (hasApiKey) {
return next();
}
if (labs.isSet('members') && hasMember) {
return next();
}
return next(new common.errors.NoPermissionError({message: common.i18n.t('errors.middleware.auth.pleaseSignInOrAuthenticate')}));
},
requiresAuthorizedUserOrApiKey(req, res, next) {
const hasUser = req.user && req.user.id;
const hasApiKey = req.api_key && req.api_key.id;
if (hasUser || hasApiKey) {
return next();
} else {
return next(new common.errors.NoPermissionError({message: common.i18n.t('errors.middleware.auth.pleaseSignInOrAuthenticate')}));
}
}
};
module.exports = authorize;
Reference in New Issue View Git Blame Copy Permalink