2013-09-24 12:46:30 +02:00
|
|
|
var Ghost = require('../../ghost'),
|
|
|
|
dataExport = require('../data/export'),
|
|
|
|
dataImport = require('../data/import'),
|
|
|
|
_ = require('underscore'),
|
|
|
|
fs = require('fs-extra'),
|
|
|
|
path = require('path'),
|
|
|
|
when = require('when'),
|
|
|
|
nodefn = require('when/node/function'),
|
|
|
|
api = require('../api'),
|
|
|
|
moment = require('moment'),
|
|
|
|
errors = require('../errorHandling'),
|
|
|
|
|
|
|
|
ghost = new Ghost(),
|
|
|
|
dataProvider = ghost.dataProvider,
|
2013-06-25 12:43:15 +01:00
|
|
|
adminNavbar,
|
2013-08-22 20:48:36 +01:00
|
|
|
adminControllers,
|
|
|
|
loginSecurity = [];
|
2013-05-11 17:44:25 +01:00
|
|
|
|
2013-06-25 12:43:15 +01:00
|
|
|
// TODO: combine path/navClass to single "slug(?)" variable with no prefix
|
|
|
|
adminNavbar = {
|
|
|
|
content: {
|
|
|
|
name: 'Content',
|
|
|
|
navClass: 'content',
|
|
|
|
key: 'admin.navbar.content',
|
2013-09-11 15:38:09 +01:00
|
|
|
path: '/'
|
2013-06-25 12:43:15 +01:00
|
|
|
},
|
|
|
|
add: {
|
|
|
|
name: 'New Post',
|
|
|
|
navClass: 'editor',
|
|
|
|
key: 'admin.navbar.editor',
|
|
|
|
path: '/editor/'
|
|
|
|
},
|
|
|
|
settings: {
|
|
|
|
name: 'Settings',
|
|
|
|
navClass: 'settings',
|
|
|
|
key: 'admin.navbar.settings',
|
|
|
|
path: '/settings/'
|
|
|
|
}
|
|
|
|
};
|
2013-05-11 17:44:25 +01:00
|
|
|
|
2013-08-22 20:48:36 +01:00
|
|
|
|
2013-06-25 17:58:26 +01:00
|
|
|
// TODO: make this a util or helper
|
2013-06-25 12:43:15 +01:00
|
|
|
function setSelected(list, name) {
|
|
|
|
_.each(list, function (item, key) {
|
|
|
|
item.selected = key === name;
|
2013-05-29 01:10:39 +01:00
|
|
|
});
|
2013-06-25 12:43:15 +01:00
|
|
|
return list;
|
|
|
|
}
|
2013-05-29 01:10:39 +01:00
|
|
|
|
2013-09-07 21:55:01 +01:00
|
|
|
// TODO: this could be a separate module
|
|
|
|
function getUniqueFileName(dir, name, ext, i, done) {
|
|
|
|
var filename,
|
|
|
|
append = '';
|
|
|
|
|
|
|
|
if (i) {
|
|
|
|
append = '-' + i;
|
|
|
|
}
|
|
|
|
|
|
|
|
filename = path.join(dir, name + append + ext);
|
|
|
|
fs.exists(filename, function (exists) {
|
|
|
|
if (exists) {
|
|
|
|
setImmediate(function () {
|
|
|
|
i = i + 1;
|
|
|
|
return getUniqueFileName(dir, name, ext, i, done);
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
return done(filename);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
2013-06-25 12:43:15 +01:00
|
|
|
adminControllers = {
|
2013-08-05 18:31:29 +01:00
|
|
|
'uploader': function (req, res) {
|
2013-09-07 21:55:01 +01:00
|
|
|
|
2013-08-05 18:31:29 +01:00
|
|
|
var currentDate = moment(),
|
2013-09-19 07:26:26 +01:00
|
|
|
month = currentDate.format('MMM'),
|
|
|
|
year = currentDate.format('YYYY'),
|
2013-08-05 18:31:29 +01:00
|
|
|
tmp_path = req.files.uploadimage.path,
|
2013-10-10 12:44:31 +02:00
|
|
|
imagespath = path.join(ghost.paths().appRoot, 'content/images'),
|
|
|
|
dir = path.join(imagespath, year, month),
|
2013-08-13 21:04:07 +01:00
|
|
|
ext = path.extname(req.files.uploadimage.name).toLowerCase(),
|
2013-10-11 20:26:09 +01:00
|
|
|
type = req.files.uploadimage.type || req.files.uploadimage.headers['content-type'],
|
2013-09-17 22:11:22 +02:00
|
|
|
basename = path.basename(req.files.uploadimage.name, ext).replace(/[\W]/gi, '_');
|
2013-08-05 18:31:29 +01:00
|
|
|
|
2013-09-07 21:55:01 +01:00
|
|
|
function renameFile(target_path) {
|
2013-08-05 18:31:29 +01:00
|
|
|
// adds directories recursively
|
|
|
|
fs.mkdirs(dir, function (err) {
|
|
|
|
if (err) {
|
2013-09-18 09:59:42 +01:00
|
|
|
return errors.logError(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
fs.copy(tmp_path, target_path, function (err) {
|
|
|
|
if (err) {
|
|
|
|
return errors.logError(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
fs.unlink(tmp_path, function (e) {
|
2013-08-05 18:31:29 +01:00
|
|
|
if (err) {
|
2013-09-18 09:59:42 +01:00
|
|
|
return errors.logError(err);
|
2013-08-05 18:31:29 +01:00
|
|
|
}
|
2013-09-18 09:59:42 +01:00
|
|
|
|
|
|
|
// the src for the image must be in URI format, not a file system path, which in Windows uses \
|
2013-10-10 12:44:31 +02:00
|
|
|
var src = path.join('/', target_path.replace(ghost.paths().appRoot, "")).replace(new RegExp('\\' + path.sep, 'g'), '/');
|
2013-09-18 09:59:42 +01:00
|
|
|
return res.send(src);
|
2013-08-05 18:31:29 +01:00
|
|
|
});
|
2013-09-18 09:59:42 +01:00
|
|
|
});
|
2013-08-05 18:31:29 +01:00
|
|
|
});
|
|
|
|
}
|
|
|
|
|
2013-10-17 15:28:28 +02:00
|
|
|
//limit uploads to type && extension
|
|
|
|
if ((type === 'image/jpeg' || type === 'image/png' || type === 'image/gif')
|
|
|
|
&& (ext === '.jpg' || ext === '.jpeg' || ext === '.png' || ext === '.gif')) {
|
2013-09-07 21:55:01 +01:00
|
|
|
getUniqueFileName(dir, basename, ext, null, function (filename) {
|
|
|
|
renameFile(filename);
|
|
|
|
});
|
2013-08-05 18:31:29 +01:00
|
|
|
} else {
|
2013-10-20 20:25:00 +00:00
|
|
|
res.send(415, 'Unsupported Media Type');
|
2013-08-05 18:31:29 +01:00
|
|
|
}
|
|
|
|
},
|
2013-06-25 12:43:15 +01:00
|
|
|
'login': function (req, res) {
|
2013-09-12 09:59:58 +01:00
|
|
|
res.render('login', {
|
2013-06-25 12:43:15 +01:00
|
|
|
bodyClass: 'ghost-login',
|
|
|
|
hideNavbar: true,
|
|
|
|
adminNav: setSelected(adminNavbar, 'login')
|
2013-05-11 17:44:25 +01:00
|
|
|
});
|
2013-06-25 12:43:15 +01:00
|
|
|
},
|
|
|
|
'auth': function (req, res) {
|
2013-08-22 20:48:36 +01:00
|
|
|
var currentTime = process.hrtime()[0],
|
|
|
|
denied = '';
|
|
|
|
loginSecurity = _.filter(loginSecurity, function (ipTime) {
|
|
|
|
return (ipTime.time + 2 > currentTime);
|
|
|
|
});
|
|
|
|
denied = _.find(loginSecurity, function (ipTime) {
|
|
|
|
return (ipTime.ip === req.connection.remoteAddress);
|
2013-06-25 12:43:15 +01:00
|
|
|
});
|
2013-08-22 20:48:36 +01:00
|
|
|
|
|
|
|
if (!denied) {
|
|
|
|
loginSecurity.push({ip: req.connection.remoteAddress, time: process.hrtime()[0]});
|
|
|
|
api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) {
|
|
|
|
req.session.user = user.id;
|
|
|
|
res.json(200, {redirect: req.body.redirect ? '/ghost/'
|
|
|
|
+ decodeURIComponent(req.body.redirect) : '/ghost/'});
|
|
|
|
}, function (error) {
|
|
|
|
res.json(401, {error: error.message});
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
res.json(401, {error: 'Slow down, there are way too many login attempts!'});
|
|
|
|
}
|
2013-06-25 12:43:15 +01:00
|
|
|
},
|
2013-08-06 00:49:06 +01:00
|
|
|
changepw: function (req, res) {
|
|
|
|
api.users.changePassword({
|
2013-08-09 02:22:49 +01:00
|
|
|
currentUser: req.session.user,
|
2013-08-06 00:49:06 +01:00
|
|
|
oldpw: req.body.password,
|
|
|
|
newpw: req.body.newpassword,
|
|
|
|
ne2pw: req.body.ne2password
|
2013-08-20 19:52:44 +01:00
|
|
|
}).then(function () {
|
2013-08-06 00:49:06 +01:00
|
|
|
res.json(200, {msg: 'Password changed successfully'});
|
|
|
|
}, function (error) {
|
2013-08-20 19:52:44 +01:00
|
|
|
res.send(401, {error: error.message});
|
2013-08-06 00:49:06 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
},
|
2013-06-25 12:43:15 +01:00
|
|
|
'signup': function (req, res) {
|
|
|
|
res.render('signup', {
|
2013-09-12 09:59:58 +01:00
|
|
|
bodyClass: 'ghost-signup',
|
2013-06-25 12:43:15 +01:00
|
|
|
hideNavbar: true,
|
|
|
|
adminNav: setSelected(adminNavbar, 'login')
|
|
|
|
});
|
|
|
|
},
|
2013-09-01 00:20:12 +02:00
|
|
|
|
2013-06-25 12:43:15 +01:00
|
|
|
'doRegister': function (req, res) {
|
2013-09-08 21:16:40 +02:00
|
|
|
var name = req.body.name,
|
|
|
|
email = req.body.email,
|
2013-06-25 12:43:15 +01:00
|
|
|
password = req.body.password;
|
2013-05-11 17:44:25 +01:00
|
|
|
|
2013-08-18 22:50:42 +01:00
|
|
|
api.users.add({
|
2013-09-11 23:04:49 +01:00
|
|
|
name: name,
|
|
|
|
email: email,
|
2013-08-18 22:50:42 +01:00
|
|
|
password: password
|
|
|
|
}).then(function (user) {
|
2013-09-17 03:08:36 +01:00
|
|
|
api.settings.edit('email', email).then(function () {
|
|
|
|
if (req.session.user === undefined) {
|
|
|
|
req.session.user = user.id;
|
|
|
|
}
|
|
|
|
res.json(200, {redirect: '/ghost/'});
|
|
|
|
});
|
|
|
|
}).otherwise(function (error) {
|
2013-08-18 22:50:42 +01:00
|
|
|
res.json(401, {error: error.message});
|
|
|
|
});
|
|
|
|
|
2013-06-25 12:43:15 +01:00
|
|
|
},
|
2013-09-01 00:20:12 +02:00
|
|
|
|
|
|
|
'forgotten': function (req, res) {
|
2013-09-12 09:59:58 +01:00
|
|
|
res.render('forgotten', {
|
2013-09-01 00:20:12 +02:00
|
|
|
bodyClass: 'ghost-forgotten',
|
|
|
|
hideNavbar: true,
|
|
|
|
adminNav: setSelected(adminNavbar, 'login')
|
|
|
|
});
|
|
|
|
},
|
|
|
|
|
|
|
|
'resetPassword': function (req, res) {
|
|
|
|
var email = req.body.email;
|
|
|
|
|
|
|
|
api.users.forgottenPassword(email).then(function (user) {
|
|
|
|
var message = {
|
|
|
|
to: email,
|
|
|
|
subject: 'Your new password',
|
|
|
|
html: "<p><strong>Hello!</strong></p>" +
|
2013-09-09 11:51:12 +01:00
|
|
|
"<p>You've reset your password. Here's the new one: " + user.newPassword + "</p>" +
|
|
|
|
"<p>Ghost <br/>" +
|
2013-09-11 17:23:07 +02:00
|
|
|
'<a href="' + ghost.config().url + '">' +
|
|
|
|
ghost.config().url + '</a></p>'
|
2013-09-01 00:20:12 +02:00
|
|
|
};
|
|
|
|
|
2013-09-04 14:57:41 +01:00
|
|
|
return ghost.mail.send(message);
|
|
|
|
}).then(function success() {
|
|
|
|
var notification = {
|
|
|
|
type: 'success',
|
|
|
|
message: 'Your password was changed successfully. Check your email for details.',
|
|
|
|
status: 'passive',
|
|
|
|
id: 'successresetpw'
|
|
|
|
};
|
|
|
|
|
|
|
|
return api.notifications.add(notification).then(function () {
|
|
|
|
res.json(200, {redirect: '/ghost/signin/'});
|
|
|
|
});
|
2013-09-01 00:20:12 +02:00
|
|
|
|
2013-09-04 14:57:41 +01:00
|
|
|
}, function failure(error) {
|
2013-09-01 00:20:12 +02:00
|
|
|
res.json(401, {error: error.message});
|
2013-09-04 14:57:41 +01:00
|
|
|
}).otherwise(errors.logAndThrowError);
|
2013-09-01 00:20:12 +02:00
|
|
|
},
|
2013-06-25 12:43:15 +01:00
|
|
|
'logout': function (req, res) {
|
2013-10-18 13:24:01 +02:00
|
|
|
req.session = null;
|
2013-09-04 14:57:41 +01:00
|
|
|
var notification = {
|
2013-08-20 00:40:09 +01:00
|
|
|
type: 'success',
|
2013-08-24 12:35:31 -05:00
|
|
|
message: 'You were successfully signed out',
|
2013-08-20 00:40:09 +01:00
|
|
|
status: 'passive',
|
|
|
|
id: 'successlogout'
|
|
|
|
};
|
|
|
|
|
2013-09-04 14:57:41 +01:00
|
|
|
return api.notifications.add(notification).then(function () {
|
|
|
|
res.redirect('/ghost/signin/');
|
|
|
|
});
|
2013-06-25 12:43:15 +01:00
|
|
|
},
|
|
|
|
'index': function (req, res) {
|
2013-09-11 15:38:09 +01:00
|
|
|
res.render('content', {
|
|
|
|
bodyClass: 'manage',
|
|
|
|
adminNav: setSelected(adminNavbar, 'content')
|
2013-06-25 12:43:15 +01:00
|
|
|
});
|
|
|
|
},
|
|
|
|
'editor': function (req, res) {
|
|
|
|
if (req.params.id !== undefined) {
|
2013-09-04 21:05:36 +01:00
|
|
|
res.render('editor', {
|
|
|
|
bodyClass: 'editor',
|
|
|
|
adminNav: setSelected(adminNavbar, 'content')
|
|
|
|
});
|
2013-06-25 12:43:15 +01:00
|
|
|
} else {
|
|
|
|
res.render('editor', {
|
|
|
|
bodyClass: 'editor',
|
|
|
|
adminNav: setSelected(adminNavbar, 'add')
|
|
|
|
});
|
|
|
|
}
|
|
|
|
},
|
|
|
|
'content': function (req, res) {
|
2013-09-04 21:05:36 +01:00
|
|
|
res.render('content', {
|
|
|
|
bodyClass: 'manage',
|
|
|
|
adminNav: setSelected(adminNavbar, 'content')
|
|
|
|
});
|
2013-06-25 12:43:15 +01:00
|
|
|
},
|
2013-09-18 12:31:43 +10:00
|
|
|
'settings': function (req, res, next) {
|
|
|
|
|
|
|
|
// TODO: Centralise list/enumeration of settings panes, so we don't
|
|
|
|
// run into trouble in future.
|
2013-09-24 12:46:30 +02:00
|
|
|
var allowedSections = ['', 'general', 'user'],
|
|
|
|
section = req.url.replace(/(^\/ghost\/settings[\/]*|\/$)/ig, '');
|
2013-09-18 12:31:43 +10:00
|
|
|
|
|
|
|
if (allowedSections.indexOf(section) < 0) {
|
|
|
|
return next();
|
|
|
|
}
|
|
|
|
|
2013-09-04 21:05:36 +01:00
|
|
|
res.render('settings', {
|
|
|
|
bodyClass: 'settings',
|
|
|
|
adminNav: setSelected(adminNavbar, 'settings')
|
|
|
|
});
|
2013-06-25 12:43:15 +01:00
|
|
|
},
|
|
|
|
'debug': { /* ugly temporary stuff for managing the app before it's properly finished */
|
|
|
|
index: function (req, res) {
|
|
|
|
res.render('debug', {
|
|
|
|
bodyClass: 'settings',
|
|
|
|
adminNav: setSelected(adminNavbar, 'settings')
|
|
|
|
});
|
|
|
|
},
|
|
|
|
'export': function (req, res) {
|
2013-09-15 17:04:42 +01:00
|
|
|
return dataExport()
|
2013-06-25 12:43:15 +01:00
|
|
|
.then(function (exportedData) {
|
|
|
|
// Save the exported data to the file system for download
|
2013-07-22 15:10:17 +01:00
|
|
|
var fileName = path.resolve(__dirname + '/../../server/data/export/exported-' + (new Date().getTime()) + '.json');
|
2013-06-23 15:55:03 -05:00
|
|
|
|
2013-06-25 12:43:15 +01:00
|
|
|
return nodefn.call(fs.writeFile, fileName, JSON.stringify(exportedData)).then(function () {
|
|
|
|
return when(fileName);
|
2013-06-23 15:55:03 -05:00
|
|
|
});
|
2013-06-25 12:43:15 +01:00
|
|
|
})
|
|
|
|
.then(function (exportedFilePath) {
|
|
|
|
// Send the exported data file
|
|
|
|
res.download(exportedFilePath, 'GhostData.json');
|
|
|
|
})
|
|
|
|
.otherwise(function (error) {
|
2013-06-23 15:55:03 -05:00
|
|
|
// Notify of an error if it occurs
|
2013-08-03 16:11:16 +01:00
|
|
|
var notification = {
|
|
|
|
type: 'error',
|
|
|
|
message: error.message || error,
|
|
|
|
status: 'persistent',
|
|
|
|
id: 'per-' + (ghost.notifications.length + 1)
|
|
|
|
};
|
|
|
|
|
|
|
|
return api.notifications.add(notification).then(function () {
|
2013-09-24 12:46:30 +02:00
|
|
|
res.redirect('/ghost/debug/');
|
2013-08-03 16:11:16 +01:00
|
|
|
});
|
2013-06-25 12:43:15 +01:00
|
|
|
});
|
|
|
|
},
|
|
|
|
'import': function (req, res) {
|
2013-09-28 15:42:42 +01:00
|
|
|
if (!req.files.importfile || req.files.importfile.size === 0 || req.files.importfile.name.indexOf('json') === -1) {
|
|
|
|
/**
|
|
|
|
* Notify of an error if it occurs
|
|
|
|
*
|
|
|
|
* - If there's no file (although if you don't select anything, the input is still submitted, so
|
|
|
|
* !req.files.importfile will always be false)
|
|
|
|
* - If the size is 0
|
|
|
|
* - If the name doesn't have json in it
|
|
|
|
*/
|
2013-08-03 16:11:16 +01:00
|
|
|
var notification = {
|
|
|
|
type: 'error',
|
2013-09-28 15:42:42 +01:00
|
|
|
message: "Must select a .json file to import",
|
2013-08-03 16:11:16 +01:00
|
|
|
status: 'persistent',
|
|
|
|
id: 'per-' + (ghost.notifications.length + 1)
|
|
|
|
};
|
|
|
|
|
|
|
|
return api.notifications.add(notification).then(function () {
|
2013-09-24 12:46:30 +02:00
|
|
|
res.redirect('/ghost/debug/');
|
2013-08-03 16:11:16 +01:00
|
|
|
});
|
2013-06-25 12:43:15 +01:00
|
|
|
}
|
2013-06-23 15:55:03 -05:00
|
|
|
|
2013-06-25 12:43:15 +01:00
|
|
|
// Get the current version for importing
|
2013-09-24 12:46:30 +02:00
|
|
|
api.settings.read({ key: 'databaseVersion' })
|
2013-06-25 12:43:15 +01:00
|
|
|
.then(function (setting) {
|
|
|
|
return when(setting.value);
|
|
|
|
}, function () {
|
2013-09-24 12:46:30 +02:00
|
|
|
return when('001');
|
2013-06-25 12:43:15 +01:00
|
|
|
})
|
2013-09-14 22:13:59 +01:00
|
|
|
.then(function (databaseVersion) {
|
2013-06-25 12:43:15 +01:00
|
|
|
// Read the file contents
|
|
|
|
return nodefn.call(fs.readFile, req.files.importfile.path)
|
|
|
|
.then(function (fileContents) {
|
|
|
|
var importData;
|
2013-06-23 15:55:03 -05:00
|
|
|
|
2013-06-25 12:43:15 +01:00
|
|
|
// Parse the json data
|
|
|
|
try {
|
|
|
|
importData = JSON.parse(fileContents);
|
|
|
|
} catch (e) {
|
|
|
|
return when.reject(new Error("Failed to parse the import file"));
|
|
|
|
}
|
2013-06-23 15:55:03 -05:00
|
|
|
|
2013-06-25 12:43:15 +01:00
|
|
|
if (!importData.meta || !importData.meta.version) {
|
|
|
|
return when.reject(new Error("Import data does not specify version"));
|
|
|
|
}
|
2013-06-23 15:55:03 -05:00
|
|
|
|
2013-06-25 12:43:15 +01:00
|
|
|
// Import for the current version
|
2013-09-14 22:13:59 +01:00
|
|
|
return dataImport(databaseVersion, importData);
|
2013-06-25 12:43:15 +01:00
|
|
|
});
|
|
|
|
})
|
2013-08-03 16:11:16 +01:00
|
|
|
.then(function importSuccess() {
|
|
|
|
var notification = {
|
|
|
|
type: 'success',
|
|
|
|
message: "Data imported. Log in with the user details you imported",
|
|
|
|
status: 'persistent',
|
|
|
|
id: 'per-' + (ghost.notifications.length + 1)
|
|
|
|
};
|
|
|
|
|
|
|
|
return api.notifications.add(notification).then(function () {
|
2013-10-18 13:24:01 +02:00
|
|
|
req.session = null;
|
2013-09-24 17:21:43 +02:00
|
|
|
res.set({
|
|
|
|
"X-Cache-Invalidate": "/*"
|
|
|
|
});
|
2013-09-18 16:11:21 +01:00
|
|
|
res.redirect('/ghost/signin/');
|
2013-08-03 16:11:16 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
}, function importFailure(error) {
|
2013-06-25 12:43:15 +01:00
|
|
|
// Notify of an error if it occurs
|
2013-08-03 16:11:16 +01:00
|
|
|
var notification = {
|
|
|
|
type: 'error',
|
|
|
|
message: error.message || error,
|
|
|
|
status: 'persistent',
|
|
|
|
id: 'per-' + (ghost.notifications.length + 1)
|
|
|
|
};
|
|
|
|
|
|
|
|
return api.notifications.add(notification).then(function () {
|
|
|
|
res.redirect('/ghost/debug/');
|
|
|
|
});
|
2013-06-25 12:43:15 +01:00
|
|
|
});
|
2013-05-11 17:44:25 +01:00
|
|
|
}
|
2013-06-25 12:43:15 +01:00
|
|
|
}
|
|
|
|
};
|
2013-05-11 17:44:25 +01:00
|
|
|
|
2013-08-09 02:22:49 +01:00
|
|
|
module.exports = adminControllers;
|