tqt/Ghost
2
1
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2023-12-13 21:00:40 +01:00
Code Issues 1 Releases Wiki Activity

Moved api cors mw into api app

Browse source 
- Moved api cors from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
This commit is contained in:
Hannah Wolfe 2020-04-22 06:41:07 +01:00
parent 41c3b4e92b
commit 92af5b8f09
10 changed files with 20 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
core/server/web/api/canary/admin/app.js
View file

@ -3,7 +3,7 @@ const boolParser = require('express-query-boolean');
const express = require('express');
const bodyParser = require('body-parser');
const shared = require('../../../shared');
const mw = require('../../middleware');
const apiMw = require('../../middleware');
const routes = require('./routes');
const sentry = require('../../../../sentry');
@ -26,7 +26,7 @@ module.exports = function setupApiApp() {
// Check version matches for API requests, depends on res.locals.safeVersion being set
// Therefore must come after themeHandler.ghostLocals, for now
apiApp.use(mw.versionMatch);
apiApp.use(apiMw.versionMatch);
// Admin API shouldn't be cached
apiApp.use(shared.middlewares.cacheControl('private'));

7
core/server/web/api/canary/admin/middleware.js
View file

@ -2,6 +2,7 @@ const errors = require('@tryghost/errors');
const {i18n} = require('../../../../lib/common');
const auth = require('../../../../services/auth');
const shared = require('../../../shared');
const apiMw = require('../../middleware');
const notImplemented = function (req, res, next) {
// CASE: user is logged in, allow
@ -53,7 +54,7 @@ module.exports.authAdminApi = [
auth.authenticate.authenticateAdminApi,
auth.authorize.authorizeAdminApi,
shared.middlewares.updateUserLastSeen,
shared.middlewares.api.cors,
apiMw.cors,
shared.middlewares.urlRedirects.adminRedirect,
shared.middlewares.prettyUrls,
notImplemented
@ -67,7 +68,7 @@ module.exports.authAdminApiWithUrl = [
auth.authenticate.authenticateAdminApiWithUrl,
auth.authorize.authorizeAdminApi,
shared.middlewares.updateUserLastSeen,
shared.middlewares.api.cors,
apiMw.cors,
shared.middlewares.urlRedirects.adminRedirect,
shared.middlewares.prettyUrls,
notImplemented
@ -77,7 +78,7 @@ module.exports.authAdminApiWithUrl = [
* Middleware for public admin endpoints
*/
module.exports.publicAdminApi = [
shared.middlewares.api.cors,
apiMw.cors,
shared.middlewares.urlRedirects.adminRedirect,
shared.middlewares.prettyUrls,
notImplemented

3
core/server/web/api/canary/admin/routes.js
View file

@ -1,5 +1,6 @@
const express = require('express');
const apiCanary = require('../../../../api/canary');
const apiMw = require('../../middleware');
const mw = require('./middleware');
const shared = require('../../../shared');
@ -13,7 +14,7 @@ module.exports = function apiRoutes() {
// alias delete with del
router.del = router.delete;
router.use(shared.middlewares.api.cors);
router.use(apiMw.cors);
const http = apiCanary.http;

2
core/server/web/shared/middlewares/api/cors.js → core/server/web/api/middleware/cors.js
View file

@ -1,7 +1,7 @@
const cors = require('cors');
const url = require('url');
const os = require('os');
const urlUtils = require('../../../../lib/url-utils');
const urlUtils = require('../../../lib/url-utils');
let whitelist = [];
const ENABLE_CORS = {origin: true, maxAge: 86400};

1
core/server/web/api/middleware/index.js
View file

@ -1,3 +1,4 @@
module.exports = {
cors: require('./cors'),
versionMatch: require('./version-match')
};

4
core/server/web/api/v2/admin/app.js
View file

@ -3,7 +3,7 @@ const boolParser = require('express-query-boolean');
const express = require('express');
const bodyParser = require('body-parser');
const shared = require('../../../shared');
const mw = require('../../middleware');
const apiMw = require('../../middleware');
const routes = require('./routes');
const sentry = require('../../../../sentry');
@ -26,7 +26,7 @@ module.exports = function setupApiApp() {
// Check version matches for API requests, depends on res.locals.safeVersion being set
// Therefore must come after themeHandler.ghostLocals, for now
apiApp.use(mw.versionMatch);
apiApp.use(apiMw.versionMatch);
// Admin API shouldn't be cached
apiApp.use(shared.middlewares.cacheControl('private'));

7
core/server/web/api/v2/admin/middleware.js
View file

@ -2,6 +2,7 @@ const errors = require('@tryghost/errors');
const {i18n} = require('../../../../lib/common');
const auth = require('../../../../services/auth');
const shared = require('../../../shared');
const apiMw = require('../../middleware');
const notImplemented = function (req, res, next) {
// CASE: user is logged in, allow
@ -50,7 +51,7 @@ module.exports.authAdminApi = [
auth.authenticate.authenticateAdminApi,
auth.authorize.authorizeAdminApi,
shared.middlewares.updateUserLastSeen,
shared.middlewares.api.cors,
apiMw.cors,
shared.middlewares.urlRedirects.adminRedirect,
shared.middlewares.prettyUrls,
notImplemented
@ -64,7 +65,7 @@ module.exports.authAdminApiWithUrl = [
auth.authenticate.authenticateAdminApiWithUrl,
auth.authorize.authorizeAdminApi,
shared.middlewares.updateUserLastSeen,
shared.middlewares.api.cors,
apiMw.cors,
shared.middlewares.urlRedirects.adminRedirect,
shared.middlewares.prettyUrls,
notImplemented
@ -74,7 +75,7 @@ module.exports.authAdminApiWithUrl = [
* Middleware for public admin endpoints
*/
module.exports.publicAdminApi = [
shared.middlewares.api.cors,
apiMw.cors,
shared.middlewares.urlRedirects.adminRedirect,
shared.middlewares.prettyUrls,
notImplemented

3
core/server/web/api/v2/admin/routes.js
View file

@ -1,6 +1,7 @@
const express = require('express');
const apiv2 = require('../../../../api/v2');
const mw = require('./middleware');
const apiMw = require('../../middleware');
const shared = require('../../../shared');
@ -13,7 +14,7 @@ module.exports = function apiRoutes() {
// alias delete with del
router.del = router.delete;
router.use(shared.middlewares.api.cors);
router.use(apiMw.cors);
const http = apiv2.http;

4
core/server/web/shared/middlewares/api/index.js
View file

@ -1,8 +1,4 @@
module.exports = {
get cors() {
return require('./cors');
},
get spamPrevention() {
return require('./spam-prevention');
}

4
test/unit/web/middleware/api/cors_spec.js → test/unit/web/api/middleware/cors_spec.js
View file

@ -2,7 +2,7 @@ var should = require('should'),
sinon = require('sinon'),
rewire = require('rewire'),
urlUtils = require('../../../../utils/urlUtils'),
cors = rewire('../../../../../core/server/web/shared/middlewares/api/cors');
cors = rewire('../../../../../core/server/web/api/middleware/cors');
describe('cors', function () {
var res, req, next;
@ -29,7 +29,7 @@ describe('cors', function () {
afterEach(function () {
sinon.restore();
cors = rewire('../../../../../core/server/web/shared/middlewares/api/cors');
cors = rewire('../../../../../core/server/web/api/middleware/cors');
});
it('should not be enabled without a request origin header', function (done) {