tqt/Ghost
2
1
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2023-12-13 21:00:40 +01:00
Code Issues 1 Releases Wiki Activity
Ghost/core/server/middleware/index.js

301 lines
11 KiB
JavaScript
Raw Normal View History

Putting back relative redirects issue #1523 - also added some comments to indicate the difference between the two custom middleware files.
2013-11-25 21:31:18 +01:00
// # Custom Middleware
// The following custom middleware functions cannot yet be unit tested, and as such are kept separate from
// the testable custom middleware functions in middleware.js
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
var middleware = require('./middleware'),
express = require('express'),
_ = require('underscore'),
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 20:41:19 +01:00
url = require('url'),
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
when = require('when'),
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
slashes = require('connect-slashes'),
errors = require('../errorHandling'),
api = require('../api'),
Including theme partials in a way that supports symbolically linked directories closes #1937 - using fs.stat() instead of hasOwnProperty() to test for directory existence
2014-01-14 00:11:59 +01:00
fs = require('fs'),
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
path = require('path'),
hbs = require('express-hbs'),
Create the config module, initially used to standardise getting paths and absolute URLs. Easy to extend for other configurations we may need.
2013-11-20 14:58:52 +01:00
config = require('../config'),
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
storage = require('../storage'),
packageInfo = require('../../../package.json'),
Restore support for using ghost as a npm module fixes #1326
2013-11-26 04:22:59 +01:00
BSStore = require('../bookshelf-session'),
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
models = require('../models'),
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
expressServer,
ONE_HOUR_S = 60 * 60,
ONE_YEAR_S = 365 * 24 * ONE_HOUR_S,
ONE_HOUR_MS = ONE_HOUR_S * 1000,
ONE_YEAR_MS = 365 * 24 * ONE_HOUR_MS;
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
// ##Custom Middleware
// ### GhostLocals Middleware
// Expose the standard locals that every external page should have available,
// separating between the theme and the admin
function ghostLocals(req, res, next) {
// Make sure we have a locals value.
res.locals = res.locals || {};
res.locals.version = packageInfo.version;
New URL helper - URL consistency fixes fixes #1765 fixes #1811 issue #1833 New UrlFor functions - moved body of url helper to config.path.urlFor, which can generate a URL for various scenarios - urlFor can take a string (name) or object (relativeUrl: '/') as the first argument - this is the first step towards issue #1833 - also added config.path.urlForPost which is async and handles getting permalink setting - frontend controller, ghost_head helper, cache invalidation all now use urlFor or urlForPost all urls should be correct and consistent URL Consistency Improvements - refactored invalidateCache into cacheInvalidationHeader which returns a promise so that url can be generated properly by urlForPost - moved isPost from models to schema, and refactored schema to have a tables object - deleted posts now return the whole object, not just id and slug, ensuring cache invalidation header can be set on delete - frontend controller rss and archive page redirects work properly with subdirectory - removes {{url}} helper from admin and client, and replaced with adminUrl helper which also uses urlFor - in res.locals ghostRoot becomes relativeUrl, and path is removed
2014-01-03 01:37:21 +01:00
// relative path from the URL, not including subdir
res.locals.relativeUrl = req.path.replace(config.paths().subdir, '');
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
if (res.isAdmin) {
Remove cookie from Frontend closes #1437 closes #1472 - changed cookie to path:'/ghost' - added conditional CSRF middleware - added redirects for signup, signin, signout to /ghost/sign*/
2013-11-26 10:38:54 +01:00
res.locals.csrfToken = req.csrfToken();
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
when.all([
api.users.read({id: req.session.user}),
api.notifications.browse()
]).then(function (values) {
var currentUser = values[0],
notifications = values[1];
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
_.extend(res.locals, {
currentUser: {
name: currentUser.name,
email: currentUser.email,
image: currentUser.image
},
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
messages: notifications
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
});
next();
}).otherwise(function () {
// Only show passive notifications
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
api.notifications.browse().then(function (notifications) {
_.extend(res.locals, {
messages: _.reject(notifications, function (notification) {
return notification.status !== 'passive';
})
});
next();
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
});
});
} else {
next();
}
}
// ### InitViews Middleware
// Initialise Theme or Admin Views
function initViews(req, res, next) {
/*jslint unparam:true*/
if (!res.isAdmin) {
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 00:31:55 +01:00
hbs.updateTemplateOptions({ data: {blog: config.theme()} });
expressServer.engine('hbs', expressServer.get('theme view engine'));
expressServer.set('views', path.join(config.paths().themePath, expressServer.get('activeTheme')));
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
} else {
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 00:31:55 +01:00
expressServer.engine('hbs', expressServer.get('admin view engine'));
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.set('views', config.paths().adminViews);
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
}
next();
}
// ### Activate Theme
// Helper for manageAdminAndTheme
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
function activateTheme(activeTheme) {
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 00:31:55 +01:00
var hbsOptions,
Including theme partials in a way that supports symbolically linked directories closes #1937 - using fs.stat() instead of hasOwnProperty() to test for directory existence
2014-01-14 00:11:59 +01:00
themePartials = path.join(config.paths().themePath, activeTheme, 'partials'),
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 00:31:55 +01:00
stackLocation = _.indexOf(expressServer.stack, _.find(expressServer.stack, function (stackItem) {
Fix live theme switching not working on subdirectories Closes #1770 - Previously, the middleware would check that the route on the stack was an empty string, which worked when there was no subdirectories - When subdirectories were added, the proper route was only set when updating the theme - Because it was only set when updating, this explains themes working on initial load, since the stack location was looking for an empty string, which is what the middleware was initialized with - However, once a new theme was set, it was still look for an empty string, which would never exist, which caused the issue - Now, the route is properly set on initialization of the middleware, and then the `config.paths().subdir` property is used for the check
2013-12-29 00:08:57 +01:00
return stackItem.route === config.paths().subdir && stackItem.handle.name === 'settingEnabled';
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 00:31:55 +01:00
}));
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
// clear the view cache
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.cache = {};
expressServer.disable(expressServer.get('activeTheme'));
expressServer.set('activeTheme', activeTheme);
expressServer.enable(expressServer.get('activeTheme'));
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
if (stackLocation) {
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.stack[stackLocation].handle = middleware.whenEnabled(expressServer.get('activeTheme'), middleware.staticTheme());
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
}
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 00:31:55 +01:00
// set view engine
hbsOptions = { partialsDir: [ config.paths().helperTemplates ] };
Including theme partials in a way that supports symbolically linked directories closes #1937 - using fs.stat() instead of hasOwnProperty() to test for directory existence
2014-01-14 00:11:59 +01:00
fs.stat(themePartials, function (err, stats) {
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 00:31:55 +01:00
// Check that the theme has a partials directory before trying to use it
Including theme partials in a way that supports symbolically linked directories closes #1937 - using fs.stat() instead of hasOwnProperty() to test for directory existence
2014-01-14 00:11:59 +01:00
if (!err && stats && stats.isDirectory()) {
hbsOptions.partialsDir.push(themePartials);
}
});
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 00:31:55 +01:00
expressServer.set('theme view engine', hbs.express3(hbsOptions));
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
// Update user error template
Error handling simplification & test improvements fixes #1266 - simplifies the check for if a theme has an error template - adds more / better tests for error handling
2014-01-02 21:57:37 +01:00
errors.updateActiveTheme(activeTheme, config.paths().availableThemes[activeTheme].hasOwnProperty('error'));
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
}
// ### ManageAdminAndTheme Middleware
// Uses the URL to detect whether this response should be an admin response
// This is used to ensure the right content is served, and is not for security purposes
function manageAdminAndTheme(req, res, next) {
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client
2013-12-28 17:01:08 +01:00
res.isAdmin = req.url.lastIndexOf(config.paths().subdir + '/ghost/', 0) === 0;
Install in sub-directory support. refs #527
2013-11-17 19:40:26 +01:00
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
if (res.isAdmin) {
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.enable('admin');
expressServer.disable(expressServer.get('activeTheme'));
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
} else {
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.enable(expressServer.get('activeTheme'));
expressServer.disable('admin');
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
}
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
api.settings.read('activeTheme').then(function (activeTheme) {
// Check if the theme changed
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
if (activeTheme.value !== expressServer.get('activeTheme')) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
// Change theme
if (!config.paths().availableThemes.hasOwnProperty(activeTheme.value)) {
if (!res.isAdmin) {
// Throw an error if the theme is not available, but not on the admin UI
Start up safely when the activeTheme is not present fixes #2000 - resolves errors when attempting to start Ghost without the active theme present - the frontend will render a 500 error page safely - issues with themes that have an error template are resolved separately in #2018
2014-01-24 23:14:56 +01:00
return errors.throwError('The currently active theme ' + activeTheme.value + ' is missing.');
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
}
} else {
activateTheme(activeTheme.value);
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
}
}
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
next();
Start up safely when the activeTheme is not present fixes #2000 - resolves errors when attempting to start Ghost without the active theme present - the frontend will render a 500 error page safely - issues with themes that have an error template are resolved separately in #2018
2014-01-24 23:14:56 +01:00
}).otherwise(function (err) {
// Trying to start up without the active theme present, setup a simple hbs instance
// and render an error page straight away.
expressServer.engine('hbs', hbs.express3());
next(err);
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
});
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
}
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
// Redirect to signup if no users are currently created
function redirectToSignup(req, res, next) {
/*jslint unparam:true*/
api.users.browse().then(function (users) {
if (users.length === 0) {
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client
2013-12-28 17:01:08 +01:00
return res.redirect(config.paths().subdir + '/ghost/signup/');
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
}
next();
}).otherwise(function (err) {
return next(new Error(err));
});
}
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 17:05:45 +01:00
function isSSLrequired(isAdmin) {
var forceSSL = url.parse(config().url).protocol === 'https:' ? true : false,
forceAdminSSL = (isAdmin && config().forceAdminSSL);
if (forceSSL || forceAdminSSL) {
return true;
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 20:41:19 +01:00
}
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 17:05:45 +01:00
return false;
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 20:41:19 +01:00
}
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 17:05:45 +01:00
// Check to see if we should use SSL
// and redirect if needed
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 20:41:19 +01:00
function checkSSL(req, res, next) {
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 17:05:45 +01:00
if (isSSLrequired(res.isAdmin)) {
// Check if X-Forarded-Proto headers are sent, if they are check for https.
// If they are not assume true to avoid infinite redirect loop.
// If the X-Forwarded-Proto header is missing and Express cannot automatically sense HTTPS the redirect will not be made.
var httpsHeader = req.header('X-Forwarded-Proto') !== undefined ? req.header('X-Forwarded-Proto').toLowerCase() === 'https' ? true : false : true;
if (!req.secure && !httpsHeader) {
return res.redirect(301, url.format({
protocol: 'https:',
hostname: url.parse(config().url).hostname,
pathname: req.path,
query: req.query
}));
}
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 20:41:19 +01:00
}
next();
}
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
module.exports = function (server, dbHash) {
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
var subdir = config.paths().subdir,
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 17:05:45 +01:00
corePath = config.paths().corePath,
cookie;
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
// Cache express server instance
expressServer = server;
middleware.cacheServer(expressServer);
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
// Logging configuration
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
if (expressServer.get('env') !== 'development') {
expressServer.use(express.logger());
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
} else {
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.use(express.logger('dev'));
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
}
// Favicon
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client
2013-12-28 17:01:08 +01:00
expressServer.use(subdir, express.favicon(corePath + '/shared/favicon.ico'));
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
// Static assets
// For some reason send divides the max age number by 1000
expressServer.use(subdir + '/shared', express['static'](path.join(corePath, '/shared'), {maxAge: ONE_HOUR_MS}));
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client
2013-12-28 17:01:08 +01:00
expressServer.use(subdir + '/content/images', storage.get_storage().serve());
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
expressServer.use(subdir + '/ghost/scripts', express['static'](path.join(corePath, '/built/scripts'), {maxAge: ONE_YEAR_MS}));
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
// First determine whether we're serving admin or theme content
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.use(manageAdminAndTheme);
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 20:41:19 +01:00
// Force SSL
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 17:05:45 +01:00
expressServer.use(checkSSL);
Add Force SSL Configuration/Middleware Solves #1300 - Adds forceAdminSSL bool config value - Adds checkSSL middleware - Adds redirectSSL helper function
2013-12-09 20:41:19 +01:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
// Admin only config
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
expressServer.use(subdir + '/ghost', middleware.whenEnabled('admin', express['static'](path.join(corePath, '/client/assets'), {maxAge: ONE_YEAR_MS})));
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
// Theme only config
Fix live theme switching not working on subdirectories Closes #1770 - Previously, the middleware would check that the route on the stack was an empty string, which worked when there was no subdirectories - When subdirectories were added, the proper route was only set when updating the theme - Because it was only set when updating, this explains themes working on initial load, since the stack location was looking for an empty string, which is what the middleware was initialized with - However, once a new theme was set, it was still look for an empty string, which would never exist, which caused the issue - Now, the route is properly set on initialization of the middleware, and then the `config.paths().subdir` property is used for the check
2013-12-29 00:08:57 +01:00
expressServer.use(subdir, middleware.whenEnabled(expressServer.get('activeTheme'), middleware.staticTheme()));
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
// Add in all trailing slashes
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
expressServer.use(slashes(true, {headers: {'Cache-Control': 'public, max-age=' + ONE_YEAR_S}}));
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
// Body parsing
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.use(express.json());
expressServer.use(express.urlencoded());
Install in sub-directory support. refs #527
2013-11-17 19:40:26 +01:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
// ### Sessions
Ensure cookies are only ever set for admin fixes #1901 - Adds a trailing slash to the cookie path - Resolves random log-outs - Adds a test which proves the case
2014-01-12 18:08:12 +01:00
// we need the trailing slash in the cookie path. Session handling *must* be after the slash handling
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 17:05:45 +01:00
cookie = {
Ensure cookies are only ever set for admin fixes #1901 - Adds a trailing slash to the cookie path - Resolves random log-outs - Adds a test which proves the case
2014-01-12 18:08:12 +01:00
path: subdir + '/ghost/',
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
maxAge: 12 * ONE_HOUR_MS
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 17:05:45 +01:00
};
// if SSL is forced, add secure flag to cookie
// parameter is true, since cookie is used with admin only
if (isSSLrequired(true)) {
cookie.secure = true;
}
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.use(express.cookieParser());
expressServer.use(express.session({
store: new BSStore(models),
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 17:05:45 +01:00
proxy: true,
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
secret: dbHash,
Set cookie secure flag closes #1680 - added secure flag for cookies if SSL is forced
2013-12-19 17:05:45 +01:00
cookie: cookie
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 15:29:36 +01:00
}));
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
//enable express csrf protection
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.use(middleware.conditionalCSRF);
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
// local data
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.use(ghostLocals);
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
// So on every request we actually clean out redundant passive notifications from the server side
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.use(middleware.cleanNotifications);
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
// Initialise the views
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.use(initViews);
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 00:13:25 +01:00
// ### Caching
expressServer.use(middleware.cacheControl('public'));
expressServer.use('/api/', middleware.cacheControl('private'));
expressServer.use('/ghost/', middleware.cacheControl('private'));
// ### Routing
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client
2013-12-28 17:01:08 +01:00
expressServer.use(subdir, expressServer.router);
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
// ### Error handling
// 404 Handler
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.use(errors.error404);
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
// 500 Handler
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
expressServer.use(errors.error500);
Move server middleware configuration to related file
2013-11-12 07:03:25 +01:00
};
// Export middleware functions directly
Install in sub-directory support. refs #527
2013-11-17 19:40:26 +01:00
module.exports.middleware = middleware;
Remove ghost.js fixes #1575 - Moves most code that was in ghost.js into ./core/server/index.js - Creates ./core/server/config/theme.js to hold all theme configurations (which previously lived on ghost.blogGlobals()) - Removed ghost.server, passing it in as an argument where needed and allowing middleware to hold onto a reference for lazy use.
2013-12-06 15:13:15 +01:00
// Expose middleware functions in this file as well
Bug fixes for partial views closes #1203 - Update express-hbs module to the new version (0.5.2) - Use two instance of hbs one for the theme and an other for the admin - Template helpers are register as partial view - Partial views of the theme are reload when the theme changed Remove clear partial cache in handlebars This code will be move in `express-hbs`. This doesn't cause a problem to remove this line but it is not clean. Remove unused hbs instance Resolve conflict
2013-12-02 00:31:55 +01:00
module.exports.middleware.redirectToSignup = redirectToSignup;
Reference in a new issue Copy permalink