mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-21 01:41:46 +03:00
a68592a6b9
* 🔥 kill apiUrl helper, use urlFor helper instead More consistency of creating urls. Creates an easier ability to add config changes. Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs. The url util need's refactoring anyway. * 🔥 urlSSL Remove all urlSSL usages. Add TODO's for the next commit to re-add logic for deleted logic. e.g. - cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available - theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag) The changes in this commit doesn't have to be right, but it helped going step by step. The next commit is the more interesting one. * 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic I wanted to remove the forceAdminSSL as separate commit, but was hard to realise. That's why both changes are in one commit: 1. remove forceAdminSSL 2. add admin.url option - fix TODO's from last commits - rewrite the ssl middleware! - create some private helper functions in the url helper to realise the changes - rename some wordings and functions e.g. base === blog (we have so much different wordings) - i would like to do more, but this would end in a non readable PR - this commit contains the most important changes to offer admin.url option * 🤖 adapt tests IMPORTANT - all changes in the routing tests were needed, because each routing test did not start the ghost server - they just required the ghost application, which resulted in a random server port - having a random server port results in a redirect, caused by the ssl/redirect middleware * 😎 rename check-ssl middleware * 🎨 fix theme-handler because of master rebase
359 lines
11 KiB
JavaScript
359 lines
11 KiB
JavaScript
// Contains all path information to be used throughout
|
|
// the codebase.
|
|
|
|
var moment = require('moment-timezone'),
|
|
_ = require('lodash'),
|
|
url = require('url'),
|
|
config = require('./../config'),
|
|
settingsCache = require('./../api/settings').cache,
|
|
// @TODO: unify this with the path in server/app.js
|
|
API_PATH = '/ghost/api/v0.1/',
|
|
STATIC_IMAGE_URL_PREFIX = 'content/images';
|
|
|
|
/**
|
|
* Returns the base URL of the blog as set in the config.
|
|
*
|
|
* Secure:
|
|
* If the request is secure, we want to force returning the blog url as https.
|
|
* Imagine Ghost runs with http, but nginx allows SSL connections.
|
|
*
|
|
* @param {boolean} secure
|
|
* @return {string} URL returns the url as defined in config, but always with a trailing `/`
|
|
*/
|
|
function getBlogUrl(secure) {
|
|
var blogUrl;
|
|
|
|
if (secure) {
|
|
blogUrl = config.get('url').replace('http://', 'https://');
|
|
} else {
|
|
blogUrl = config.get('url');
|
|
}
|
|
|
|
if (!blogUrl.match(/\/$/)) {
|
|
blogUrl += '/';
|
|
}
|
|
|
|
return blogUrl;
|
|
}
|
|
|
|
/**
|
|
* Returns a subdirectory URL, if defined so in the config.
|
|
* @return {string} URL a subdirectory if configured.
|
|
*/
|
|
function getSubdir() {
|
|
var localPath, subdir;
|
|
|
|
// Parse local path location
|
|
if (config.get('url')) {
|
|
localPath = url.parse(config.get('url')).path;
|
|
|
|
// Remove trailing slash
|
|
if (localPath !== '/') {
|
|
localPath = localPath.replace(/\/$/, '');
|
|
}
|
|
}
|
|
|
|
subdir = localPath === '/' ? '' : localPath;
|
|
return subdir;
|
|
}
|
|
|
|
function deduplicateSubDir(url) {
|
|
var subDir = getSubdir(),
|
|
subDirRegex;
|
|
|
|
if (!subDir) {
|
|
return url;
|
|
}
|
|
|
|
subDir = subDir.replace(/^\/|\/+$/, '');
|
|
subDirRegex = new RegExp(subDir + '\/' + subDir + '\/');
|
|
|
|
return url.replace(subDirRegex, subDir + '/');
|
|
}
|
|
|
|
function getProtectedSlugs() {
|
|
var subDir = getSubdir();
|
|
|
|
if (!_.isEmpty(subDir)) {
|
|
return config.get('slugs').protected.concat([subDir.split('/').pop()]);
|
|
} else {
|
|
return config.get('slugs').protected;
|
|
}
|
|
}
|
|
|
|
/** urlJoin
|
|
* Returns a URL/path for internal use in Ghost.
|
|
* @param {string} arguments takes arguments and concats those to a valid path/URL.
|
|
* @return {string} URL concatinated URL/path of arguments.
|
|
*/
|
|
function urlJoin() {
|
|
var args = Array.prototype.slice.call(arguments),
|
|
prefixDoubleSlash = false,
|
|
url;
|
|
|
|
// Remove empty item at the beginning
|
|
if (args[0] === '') {
|
|
args.shift();
|
|
}
|
|
|
|
// Handle schemeless protocols
|
|
if (args[0].indexOf('//') === 0) {
|
|
prefixDoubleSlash = true;
|
|
}
|
|
|
|
// join the elements using a slash
|
|
url = args.join('/');
|
|
|
|
// Fix multiple slashes
|
|
url = url.replace(/(^|[^:])\/\/+/g, '$1/');
|
|
|
|
// Put the double slash back at the beginning if this was a schemeless protocol
|
|
if (prefixDoubleSlash) {
|
|
url = url.replace(/^\//, '//');
|
|
}
|
|
|
|
url = deduplicateSubDir(url);
|
|
return url;
|
|
}
|
|
|
|
/**
|
|
* admin:url is optional
|
|
*/
|
|
function getAdminUrl() {
|
|
var adminUrl = config.get('admin:url'),
|
|
subDir = getSubdir();
|
|
|
|
if (!adminUrl) {
|
|
return;
|
|
}
|
|
|
|
if (!adminUrl.match(/\/$/)) {
|
|
adminUrl += '/';
|
|
}
|
|
|
|
adminUrl = urlJoin(adminUrl, subDir, '/');
|
|
adminUrl = deduplicateSubDir(adminUrl);
|
|
return adminUrl;
|
|
}
|
|
|
|
// ## createUrl
|
|
// Simple url creation from a given path
|
|
// Ensures that our urls contain the subdirectory if there is one
|
|
// And are correctly formatted as either relative or absolute
|
|
// Usage:
|
|
// createUrl('/', true) -> http://my-ghost-blog.com/
|
|
// E.g. /blog/ subdir
|
|
// createUrl('/welcome-to-ghost/') -> /blog/welcome-to-ghost/
|
|
// Parameters:
|
|
// - urlPath - string which must start and end with a slash
|
|
// - absolute (optional, default:false) - boolean whether or not the url should be absolute
|
|
// - secure (optional, default:false) - boolean whether or not to force SSL
|
|
// Returns:
|
|
// - a URL which always ends with a slash
|
|
function createUrl(urlPath, absolute, secure) {
|
|
urlPath = urlPath || '/';
|
|
absolute = absolute || false;
|
|
var base;
|
|
|
|
// create base of url, always ends without a slash
|
|
if (absolute) {
|
|
base = getBlogUrl(secure);
|
|
} else {
|
|
base = getSubdir();
|
|
}
|
|
|
|
return urlJoin(base, urlPath);
|
|
}
|
|
|
|
/**
|
|
* creates the url path for a post based on blog timezone and permalink pattern
|
|
*
|
|
* @param {JSON} post
|
|
* @returns {string}
|
|
*/
|
|
function urlPathForPost(post) {
|
|
var output = '',
|
|
permalinks = settingsCache.get('permalinks'),
|
|
publishedAtMoment = moment.tz(post.published_at || Date.now(), settingsCache.get('activeTimezone')),
|
|
tags = {
|
|
year: function () { return publishedAtMoment.format('YYYY'); },
|
|
month: function () { return publishedAtMoment.format('MM'); },
|
|
day: function () { return publishedAtMoment.format('DD'); },
|
|
author: function () { return post.author.slug; },
|
|
slug: function () { return post.slug; },
|
|
id: function () { return post.id; }
|
|
};
|
|
|
|
if (post.page) {
|
|
output += '/:slug/';
|
|
} else {
|
|
output += permalinks;
|
|
}
|
|
|
|
// replace tags like :slug or :year with actual values
|
|
output = output.replace(/(:[a-z]+)/g, function (match) {
|
|
if (_.has(tags, match.substr(1))) {
|
|
return tags[match.substr(1)]();
|
|
}
|
|
});
|
|
|
|
return output;
|
|
}
|
|
|
|
// ## urlFor
|
|
// Synchronous url creation for a given context
|
|
// Can generate a url for a named path, given path, or known object (post)
|
|
// Determines what sort of context it has been given, and delegates to the correct generation method,
|
|
// Finally passing to createUrl, to ensure any subdirectory is honoured, and the url is absolute if needed
|
|
// Usage:
|
|
// urlFor('home', true) -> http://my-ghost-blog.com/
|
|
// E.g. /blog/ subdir
|
|
// urlFor({relativeUrl: '/my-static-page/'}) -> /blog/my-static-page/
|
|
// E.g. if post object represents welcome post, and slugs are set to standard
|
|
// urlFor('post', {...}) -> /welcome-to-ghost/
|
|
// E.g. if post object represents welcome post, and slugs are set to date
|
|
// urlFor('post', {...}) -> /2014/01/01/welcome-to-ghost/
|
|
// Parameters:
|
|
// - context - a string, or json object describing the context for which you need a url
|
|
// - data (optional) - a json object containing data needed to generate a url
|
|
// - absolute (optional, default:false) - boolean whether or not the url should be absolute
|
|
// This is probably not the right place for this, but it's the best place for now
|
|
// @TODO: rewrite, very hard to read, create private functions!
|
|
function urlFor(context, data, absolute) {
|
|
var urlPath = '/',
|
|
secure, imagePathRe,
|
|
knownObjects = ['post', 'tag', 'author', 'image', 'nav'], baseUrl,
|
|
hostname,
|
|
|
|
// this will become really big
|
|
knownPaths = {
|
|
home: '/',
|
|
rss: '/rss/',
|
|
api: API_PATH,
|
|
sitemap_xsl: '/sitemap.xsl'
|
|
};
|
|
|
|
// Make data properly optional
|
|
if (_.isBoolean(data)) {
|
|
absolute = data;
|
|
data = null;
|
|
}
|
|
|
|
// Can pass 'secure' flag in either context or data arg
|
|
secure = (context && context.secure) || (data && data.secure);
|
|
|
|
if (_.isObject(context) && context.relativeUrl) {
|
|
urlPath = context.relativeUrl;
|
|
} else if (_.isString(context) && _.indexOf(knownObjects, context) !== -1) {
|
|
// trying to create a url for an object
|
|
if (context === 'post' && data.post) {
|
|
urlPath = data.post.url;
|
|
secure = data.secure;
|
|
} else if (context === 'tag' && data.tag) {
|
|
urlPath = urlJoin('/', config.get('routeKeywords').tag, data.tag.slug, '/');
|
|
secure = data.tag.secure;
|
|
} else if (context === 'author' && data.author) {
|
|
urlPath = urlJoin('/', config.get('routeKeywords').author, data.author.slug, '/');
|
|
secure = data.author.secure;
|
|
} else if (context === 'image' && data.image) {
|
|
urlPath = data.image;
|
|
imagePathRe = new RegExp('^' + getSubdir() + '/' + STATIC_IMAGE_URL_PREFIX);
|
|
absolute = imagePathRe.test(data.image) ? absolute : false;
|
|
secure = data.image.secure;
|
|
|
|
if (absolute) {
|
|
// Remove the sub-directory from the URL because ghostConfig will add it back.
|
|
urlPath = urlPath.replace(new RegExp('^' + getSubdir()), '');
|
|
baseUrl = getBlogUrl(secure).replace(/\/$/, '');
|
|
urlPath = baseUrl + urlPath;
|
|
}
|
|
|
|
return urlPath;
|
|
} else if (context === 'nav' && data.nav) {
|
|
urlPath = data.nav.url;
|
|
secure = data.nav.secure || secure;
|
|
baseUrl = getBlogUrl(secure);
|
|
hostname = baseUrl.split('//')[1] + getSubdir();
|
|
|
|
if (urlPath.indexOf(hostname) > -1
|
|
&& !urlPath.split(hostname)[0].match(/\.|mailto:/)
|
|
&& urlPath.split(hostname)[1].substring(0,1) !== ':') {
|
|
// make link relative to account for possible
|
|
// mismatch in http/https etc, force absolute
|
|
// do not do so if link is a subdomain of blog url
|
|
// or if hostname is inside of the slug
|
|
// or if slug is a port
|
|
urlPath = urlPath.split(hostname)[1];
|
|
if (urlPath.substring(0, 1) !== '/') {
|
|
urlPath = '/' + urlPath;
|
|
}
|
|
absolute = true;
|
|
}
|
|
}
|
|
} else if (context === 'home' && absolute) {
|
|
urlPath = getBlogUrl(secure);
|
|
|
|
// CASE: with or without protocol?
|
|
// @TODO: rename cors
|
|
if (data && data.cors) {
|
|
urlPath = urlPath.replace(/^.*?:\/\//g, '//');
|
|
}
|
|
} else if (context === 'admin') {
|
|
urlPath = getAdminUrl() || getBlogUrl();
|
|
|
|
if (absolute) {
|
|
urlPath += 'ghost/';
|
|
} else {
|
|
urlPath = '/ghost/';
|
|
}
|
|
} else if (context === 'api') {
|
|
urlPath = getAdminUrl() || getBlogUrl();
|
|
|
|
// CASE: with or without protocol?
|
|
// @TODO: rename cors
|
|
if (data && data.cors) {
|
|
urlPath = urlPath.replace(/^.*?:\/\//g, '//');
|
|
}
|
|
|
|
if (absolute) {
|
|
urlPath = urlPath.replace(/\/$/, '') + API_PATH;
|
|
} else {
|
|
urlPath = API_PATH;
|
|
}
|
|
} else if (_.isString(context) && _.indexOf(_.keys(knownPaths), context) !== -1) {
|
|
// trying to create a url for a named path
|
|
urlPath = knownPaths[context] || '/';
|
|
}
|
|
|
|
// This url already has a protocol so is likely an external url to be returned
|
|
// or it is an alternative scheme, protocol-less, or an anchor-only path
|
|
if (urlPath && (urlPath.indexOf('://') !== -1 || urlPath.match(/^(\/\/|#|[a-zA-Z0-9\-]+:)/))) {
|
|
return urlPath;
|
|
}
|
|
|
|
return createUrl(urlPath, absolute, secure);
|
|
}
|
|
|
|
function isSSL(urlToParse) {
|
|
var protocol = url.parse(urlToParse).protocol;
|
|
return protocol === 'https:';
|
|
}
|
|
|
|
module.exports.getProtectedSlugs = getProtectedSlugs;
|
|
module.exports.getSubdir = getSubdir;
|
|
module.exports.urlJoin = urlJoin;
|
|
module.exports.urlFor = urlFor;
|
|
module.exports.isSSL = isSSL;
|
|
module.exports.urlPathForPost = urlPathForPost;
|
|
|
|
/**
|
|
* If you request **any** image in Ghost, it get's served via
|
|
* http://your-blog.com/content/images/2017/01/02/author.png
|
|
*
|
|
* /content/images/ is a static prefix for serving images!
|
|
*
|
|
* But internally the image is located for example in your custom content path:
|
|
* my-content/another-dir/images/2017/01/02/author.png
|
|
*/
|
|
module.exports.STATIC_IMAGE_URL_PREFIX = STATIC_IMAGE_URL_PREFIX;
|