mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-13 22:41:32 -05:00
49 lines
1.8 KiB
JavaScript
49 lines
1.8 KiB
JavaScript
|
var passport = require('passport'),
|
||
|
apiErrorHandlers = require('./api-error-handlers');
|
||
|
|
||
|
// ### Authenticate Middleware
|
||
|
// authentication has to be done for /ghost/* routes with
|
||
|
// exceptions for signin, signout, signup, forgotten, reset only
|
||
|
// api and frontend use different authentication mechanisms atm
|
||
|
function authenticate(req, res, next) {
|
||
|
var path,
|
||
|
subPath;
|
||
|
|
||
|
// SubPath is the url path starting after any default subdirectories
|
||
|
// it is stripped of anything after the two levels `/ghost/.*?/` as the reset link has an argument
|
||
|
path = req.path;
|
||
|
/*jslint regexp:true, unparam:true*/
|
||
|
subPath = path.replace(/^(\/.*?\/.*?\/)(.*)?/, function replace(match, a) {
|
||
|
return a;
|
||
|
});
|
||
|
|
||
|
if (subPath.indexOf('/ghost/api/') === 0
|
||
|
&& (path.indexOf('/ghost/api/v0.1/authentication/') !== 0
|
||
|
|| (path.indexOf('/ghost/api/v0.1/authentication/setup/') === 0 && req.method === 'PUT'))) {
|
||
|
return passport.authenticate('bearer', {session: false, failWithError: true},
|
||
|
function authenticate(err, user, info) {
|
||
|
if (err) {
|
||
|
return next(err); // will generate a 500 error
|
||
|
}
|
||
|
// Generate a JSON response reflecting authentication status
|
||
|
if (!user) {
|
||
|
var error = {
|
||
|
code: 401,
|
||
|
errorType: 'NoPermissionError',
|
||
|
message: 'Please Sign In'
|
||
|
};
|
||
|
|
||
|
return apiErrorHandlers.errorHandler(error, req, res, next);
|
||
|
}
|
||
|
// TODO: figure out, why user & authInfo is lost
|
||
|
req.authInfo = info;
|
||
|
req.user = user;
|
||
|
return next(null, user, info);
|
||
|
}
|
||
|
)(req, res, next);
|
||
|
}
|
||
|
next();
|
||
|
}
|
||
|
|
||
|
module.exports = authenticate;
|