Ghost/core/server/api/v3/identities.js
Hannah Wolfe bd597db829
Moved settings/cache to shared/settings-cache
- This is part of the quest to separate the frontend and server & get rid of all the places where there are cross-requires
- At the moment the settings cache is one big shared cache used by the frontend and server liberally
- This change doesn't really solve the fundamental problems, as we still depend on events, and requires from inside frontend
- However it allows us to control the misuse slightly better by getting rid of restricted requires and turning on that eslint ruleset
2021-06-30 15:49:10 +01:00

37 lines
1004 B
JavaScript

const settings = require('../../../shared/settings-cache');
const urlUtils = require('../../../shared/url-utils');
const jwt = require('jsonwebtoken');
const jose = require('node-jose');
const issuer = urlUtils.urlFor('admin', true);
const dangerousPrivateKey = settings.get('ghost_private_key');
const keyStore = jose.JWK.createKeyStore();
const keyStoreReady = keyStore.add(dangerousPrivateKey, 'pem');
const getKeyID = async () => {
const key = await keyStoreReady;
return key.kid;
};
const sign = async (claims, options) => {
const kid = await getKeyID();
return jwt.sign(claims, dangerousPrivateKey, Object.assign({
issuer,
expiresIn: '5m',
algorithm: 'RS256',
keyid: kid
}, options));
};
module.exports = {
docName: 'identities',
permissions: true,
read: {
permissions: true,
async query(frame) {
const token = await sign({sub: frame.user.get('email')});
return {token};
}
}
};