Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity
ghost/core/server/apps/subscribers/lib/router.js

126 lines
3.4 KiB
JavaScript
Raw Normal View History

Subscribers: Adding subscribe app + tpl + helper - added new internal app "subscribers" - app has a template "subscribe.hbs" - adds a new helper called "form_subscribe"
2016-04-14 18:33:22 +01:00
var path = require('path'),
express = require('express'),
Subscribers: Error Handling for adding subscribers no issue - do not expose information about adding subscribers
2016-05-08 16:49:12 +02:00
_ = require('lodash'),
Subscribers: router & form helpers Form: - add confirm, location & referrer hidden fields - add script to populate location & referrer - add helper for creating the email field - pass through input class and placeholder for email from top level form helper - rename subscribe_form template & helper as it sounds more natural - handle success and error cases differently - improve error message display - ensure useful data is passed back so that we can show nice messages - check for honeypot value being filled out - refactor error handler to set an error and always still render
2016-04-21 16:37:52 +01:00
subscribeRouter = express.Router(),
🎉 Middleware refactor: Give the API its own express App (#7537) refs #4172 * 🎨 Use bodyParser only where it is needed This is a pretty extreme optimisation, however in the interests of killing middleware/index.js it seemed prudent to move towards not having in there that wasn't strictly necessary 😁 We should reassess how apps do this sort of thing, but it seems pretty sane to declare bodyParsing if and only if it is necessary. * 🎨 Move all API code to API router * 🎨 Refactor API into an App, not just a router - Apps have their own rendering engines, only the frontend & the admin panel need views - The API should be JSON only, with minimal middleware - Individual sections within the API could/should be treated as Routers * 🎨 Flatten API middleware inclusion - get rid of the weird middleware object - move the api-only middleware into the middleware/api folder
2016-10-11 09:36:00 +01:00
bodyParser = require('body-parser'),
Subscribers: router & form helpers Form: - add confirm, location & referrer hidden fields - add script to populate location & referrer - add helper for creating the email field - pass through input class and placeholder for email from top level form helper - rename subscribe_form template & helper as it sounds more natural - handle success and error cases differently - improve error message display - ensure useful data is passed back so that we can show nice messages - check for honeypot value being filled out - refactor error handler to set an error and always still render
2016-04-21 16:37:52 +01:00
// Dirty requires
Subscribers: Model, API & CSV import/export - subscriber model - subscriber app updates - subscriber end points - import/export CSV - added headers to export file - added dynamic email field detection for import - returns stats object after CSV import - mask error message from DB
2016-04-14 22:44:05 +02:00
api = require('../../../api'),
Subscribers: store post id using the postlookup fn
2016-05-07 10:33:04 +02:00
errors = require('../../../errors'),
🐛 Subscribers: validate urls (#7540) no issue - Ensure URLs submitted via form are sanitized so that we only accept real urls - Add some tests for the isEmptyOrURL validator
2016-10-14 15:31:20 +01:00
validator = require('../../../data/validation').validator,
Misc cleanup & consistency amends (#9002) no issue - Consistent naming for postLookup - makes it easier to search and inspect the various usages - Cleanup unneeded code - Make res.render calls more consistent - add some consistency to the calls to res.render - Remove ancient reference to dataProvider - Let's call it models everywhere now... - Use consistent formatting across the API - we're no longer using alignment in vars - Misc other consistency changes in API - always refer to local utils as apiUtils - logical grouping of requires - dependencies, utils, "lib common" etc - use xAPI to refer to API endpoints, e.g. mailAPI, settingsAPI for clarity
2017-09-12 16:31:14 +01:00
postLookup = require('../../../controllers/frontend/post-lookup'),
Introduced renderer to DRY up controllers (#9235) refs #5091, #9192 - Renderer figures out templates, contexts, and does a render call - Templating is now handled with a single function - Context call is made in the renderer Note: to make this work, all controllers now define a little bit of config, currently stored in res._route. (That's a totally temporary location, as is res._template... when a sensible naming convention reveals itself I'll get rid of the weird _). This exposes a type and for custom routes a template name & default.
2017-11-10 12:44:29 +00:00
renderer = require('../../../controllers/frontend/renderer'),
Subscribers: Adding subscribe app + tpl + helper - added new internal app "subscribers" - app has a template "subscribe.hbs" - adds a new helper called "form_subscribe"
2016-04-14 18:33:22 +01:00
Introduced renderer to DRY up controllers (#9235) refs #5091, #9192 - Renderer figures out templates, contexts, and does a render call - Templating is now handled with a single function - Context call is made in the renderer Note: to make this work, all controllers now define a little bit of config, currently stored in res._route. (That's a totally temporary location, as is res._template... when a sensible naming convention reveals itself I'll get rid of the weird _). This exposes a type and for custom routes a template name & default.
2017-11-10 12:44:29 +00:00
templateName = 'subscribe';
Subscribers: Adding subscribe app + tpl + helper - added new internal app "subscribers" - app has a template "subscribe.hbs" - adds a new helper called "form_subscribe"
2016-04-14 18:33:22 +01:00
Highlighted routes, controllers & renderers refs #5091, refs #9192 - There are several theme template "renderers" all over the codebase - Some are in apps, and were called "controllers" - One is in error handling - All of them now have comments marking out how they share logic/steps - Other comments describe routes & controllers where they live
2017-11-05 12:45:43 +00:00
function _renderer(req, res) {
Introduced renderer to DRY up controllers (#9235) refs #5091, #9192 - Renderer figures out templates, contexts, and does a render call - Templating is now handled with a single function - Context call is made in the renderer Note: to make this work, all controllers now define a little bit of config, currently stored in res._route. (That's a totally temporary location, as is res._template... when a sensible naming convention reveals itself I'll get rid of the weird _). This exposes a type and for custom routes a template name & default.
2017-11-10 12:44:29 +00:00
// Note: this is super similar to the config middleware used in channels
// @TODO refactor into to something explicit & DRY this up
res._route = {
type: 'custom',
templateName: templateName,
defaultTemplate: path.resolve(__dirname, 'views', templateName + '.hbs')
};
Highlighted routes, controllers & renderers refs #5091, refs #9192 - There are several theme template "renderers" all over the codebase - Some are in apps, and were called "controllers" - One is in error handling - All of them now have comments marking out how they share logic/steps - Other comments describe routes & controllers where they live
2017-11-05 12:45:43 +00:00
// Renderer begin
// Format data
var data = req.body;
// Render Call
Introduced renderer to DRY up controllers (#9235) refs #5091, #9192 - Renderer figures out templates, contexts, and does a render call - Templating is now handled with a single function - Context call is made in the renderer Note: to make this work, all controllers now define a little bit of config, currently stored in res._route. (That's a totally temporary location, as is res._template... when a sensible naming convention reveals itself I'll get rid of the weird _). This exposes a type and for custom routes a template name & default.
2017-11-10 12:44:29 +00:00
return renderer(req, res, data);
Subscribers: Adding subscribe app + tpl + helper - added new internal app "subscribers" - app has a template "subscribe.hbs" - adds a new helper called "form_subscribe"
2016-04-14 18:33:22 +01:00
}
🐛 subscriber: sanitize email vol. 2 (#8280) no issue 🐛 subscriber: sanitize email vol. 2 - ensure email get's sanitized for every error case 🐛 validator.isEmptyOrURL doesn't accept non strings - otherwise it shows a weird error message in the client ✨ new tests for subscriber app - routing tests * change tests for Ghost 1.0 * it took me 15min to find this 😡
2017-04-05 23:02:16 +02:00
/**
* Takes care of sanitizing the email input.
* XSS prevention.
* For success cases, we don't have to worry, because then the input contained a valid email address.
*/
Subscribers: router & form helpers Form: - add confirm, location & referrer hidden fields - add script to populate location & referrer - add helper for creating the email field - pass through input class and placeholder for email from top level form helper - rename subscribe_form template & helper as it sounds more natural - handle success and error cases differently - improve error message display - ensure useful data is passed back so that we can show nice messages - check for honeypot value being filled out - refactor error handler to set an error and always still render
2016-04-21 16:37:52 +01:00
function errorHandler(error, req, res, next) {
🐛 subscriber: sanitize email vol. 2 (#8280) no issue 🐛 subscriber: sanitize email vol. 2 - ensure email get's sanitized for every error case 🐛 validator.isEmptyOrURL doesn't accept non strings - otherwise it shows a weird error message in the client ✨ new tests for subscriber app - routing tests * change tests for Ghost 1.0 * it took me 15min to find this 😡
2017-04-05 23:02:16 +02:00
req.body.email = '';
Subscribers: router & form helpers Form: - add confirm, location & referrer hidden fields - add script to populate location & referrer - add helper for creating the email field - pass through input class and placeholder for email from top level form helper - rename subscribe_form template & helper as it sounds more natural - handle success and error cases differently - improve error message display - ensure useful data is passed back so that we can show nice messages - check for honeypot value being filled out - refactor error handler to set an error and always still render
2016-04-21 16:37:52 +01:00
if (error.statusCode !== 404) {
res.locals.error = error;
Highlighted routes, controllers & renderers refs #5091, refs #9192 - There are several theme template "renderers" all over the codebase - Some are in apps, and were called "controllers" - One is in error handling - All of them now have comments marking out how they share logic/steps - Other comments describe routes & controllers where they live
2017-11-05 12:45:43 +00:00
return _renderer(req, res);
Subscribers: router & form helpers Form: - add confirm, location & referrer hidden fields - add script to populate location & referrer - add helper for creating the email field - pass through input class and placeholder for email from top level form helper - rename subscribe_form template & helper as it sounds more natural - handle success and error cases differently - improve error message display - ensure useful data is passed back so that we can show nice messages - check for honeypot value being filled out - refactor error handler to set an error and always still render
2016-04-21 16:37:52 +01:00
}
next(error);
}
function honeyPot(req, res, next) {
if (!req.body.hasOwnProperty('confirm') || req.body.confirm !== '') {
return next(new Error('Oops, something went wrong!'));
}
// we don't need this anymore
delete req.body.confirm;
next();
}
🐛 Subscribers: validate urls (#7540) no issue - Ensure URLs submitted via form are sanitized so that we only accept real urls - Add some tests for the isEmptyOrURL validator
2016-10-14 15:31:20 +01:00
function santizeUrl(url) {
🐛 subscriber: sanitize email vol. 2 (#8280) no issue 🐛 subscriber: sanitize email vol. 2 - ensure email get's sanitized for every error case 🐛 validator.isEmptyOrURL doesn't accept non strings - otherwise it shows a weird error message in the client ✨ new tests for subscriber app - routing tests * change tests for Ghost 1.0 * it took me 15min to find this 😡
2017-04-05 23:02:16 +02:00
return validator.isEmptyOrURL(url || '') ? url : '';
🐛 Subscribers: validate urls (#7540) no issue - Ensure URLs submitted via form are sanitized so that we only accept real urls - Add some tests for the isEmptyOrURL validator
2016-10-14 15:31:20 +01:00
}
Subscribers: router & form helpers Form: - add confirm, location & referrer hidden fields - add script to populate location & referrer - add helper for creating the email field - pass through input class and placeholder for email from top level form helper - rename subscribe_form template & helper as it sounds more natural - handle success and error cases differently - improve error message display - ensure useful data is passed back so that we can show nice messages - check for honeypot value being filled out - refactor error handler to set an error and always still render
2016-04-21 16:37:52 +01:00
function handleSource(req, res, next) {
🐛 Subscribers: validate urls (#7540) no issue - Ensure URLs submitted via form are sanitized so that we only accept real urls - Add some tests for the isEmptyOrURL validator
2016-10-14 15:31:20 +01:00
req.body.subscribed_url = santizeUrl(req.body.location);
req.body.subscribed_referrer = santizeUrl(req.body.referrer);
Subscribers: router & form helpers Form: - add confirm, location & referrer hidden fields - add script to populate location & referrer - add helper for creating the email field - pass through input class and placeholder for email from top level form helper - rename subscribe_form template & helper as it sounds more natural - handle success and error cases differently - improve error message display - ensure useful data is passed back so that we can show nice messages - check for honeypot value being filled out - refactor error handler to set an error and always still render
2016-04-21 16:37:52 +01:00
delete req.body.location;
delete req.body.referrer;
Subscribers: store post id using the postlookup fn
2016-05-07 10:33:04 +02:00
Misc cleanup & consistency amends (#9002) no issue - Consistent naming for postLookup - makes it easier to search and inspect the various usages - Cleanup unneeded code - Make res.render calls more consistent - add some consistency to the calls to res.render - Remove ancient reference to dataProvider - Let's call it models everywhere now... - Use consistent formatting across the API - we're no longer using alignment in vars - Misc other consistency changes in API - always refer to local utils as apiUtils - logical grouping of requires - dependencies, utils, "lib common" etc - use xAPI to refer to API endpoints, e.g. mailAPI, settingsAPI for clarity
2017-09-12 16:31:14 +01:00
postLookup(req.body.subscribed_url)
Subscribers: store post id using the postlookup fn
2016-05-07 10:33:04 +02:00
.then(function (result) {
if (result && result.post) {
req.body.post_id = result.post.id;
}
next();
})
.catch(function (err) {
if (err instanceof errors.NotFoundError) {
return next();
}
next(err);
});
Subscribers: router & form helpers Form: - add confirm, location & referrer hidden fields - add script to populate location & referrer - add helper for creating the email field - pass through input class and placeholder for email from top level form helper - rename subscribe_form template & helper as it sounds more natural - handle success and error cases differently - improve error message display - ensure useful data is passed back so that we can show nice messages - check for honeypot value being filled out - refactor error handler to set an error and always still render
2016-04-21 16:37:52 +01:00
}
Subscribers: Model, API & CSV import/export - subscriber model - subscriber app updates - subscriber end points - import/export CSV - added headers to export file - added dynamic email field detection for import - returns stats object after CSV import - mask error message from DB
2016-04-14 22:44:05 +02:00
function storeSubscriber(req, res, next) {
Subscribers: router & form helpers Form: - add confirm, location & referrer hidden fields - add script to populate location & referrer - add helper for creating the email field - pass through input class and placeholder for email from top level form helper - rename subscribe_form template & helper as it sounds more natural - handle success and error cases differently - improve error message display - ensure useful data is passed back so that we can show nice messages - check for honeypot value being filled out - refactor error handler to set an error and always still render
2016-04-21 16:37:52 +01:00
req.body.status = 'subscribed';
Subscribers: Error Handling for adding subscribers no issue - do not expose information about adding subscribers
2016-05-08 16:49:12 +02:00
if (_.isEmpty(req.body.email)) {
✨ Error creation (#7477) refs #7116, refs #2001 - Changes the way Ghost errors are implemented to benefit from proper inheritance - Moves all error definitions into a single file - Changes the error constructor to take an options object, rather than needing the arguments to be passed in the correct order. - Provides a wrapper so that any errors that haven't already been converted to GhostErrors get converted before they are displayed. Summary of changes: * 🐛 set NODE_ENV in config handler * ✨ add GhostError implementation (core/server/errors.js) - register all errors in one file - inheritance from GhostError - option pattern * 🔥 remove all error files * ✨ wrap all errors into GhostError in case of HTTP * 🎨 adaptions - option pattern for errors - use GhostError when needed * 🎨 revert debug deletion and add TODO for error id's
2016-10-06 14:27:35 +02:00
return next(new errors.ValidationError({message: 'Email cannot be blank.'}));
🔑 Expand subscriber email validation (#7793) no issue Expand the existing validation for subscriber email to not only check for the existence, but also if it's a valid email address. If it's not a valid email address, it will throw an error. Credits: Eliran Itzhak & Shashank Kumar
2016-12-21 16:52:47 +07:00
} else if (!validator.isEmail(req.body.email)) {
return next(new errors.ValidationError({message: 'Invalid email.'}));
Subscribers: Error Handling for adding subscribers no issue - do not expose information about adding subscribers
2016-05-08 16:49:12 +02:00
}
Subscribers: router & form helpers Form: - add confirm, location & referrer hidden fields - add script to populate location & referrer - add helper for creating the email field - pass through input class and placeholder for email from top level form helper - rename subscribe_form template & helper as it sounds more natural - handle success and error cases differently - improve error message display - ensure useful data is passed back so that we can show nice messages - check for honeypot value being filled out - refactor error handler to set an error and always still render
2016-04-21 16:37:52 +01:00
return api.subscribers.add({subscribers: [req.body]}, {context: {external: true}})
.then(function () {
res.locals.success = true;
next();
})
Subscribers: Error Handling for adding subscribers no issue - do not expose information about adding subscribers
2016-05-08 16:49:12 +02:00
.catch(function () {
// we do not expose any information
res.locals.success = true;
next();
Subscribers: router & form helpers Form: - add confirm, location & referrer hidden fields - add script to populate location & referrer - add helper for creating the email field - pass through input class and placeholder for email from top level form helper - rename subscribe_form template & helper as it sounds more natural - handle success and error cases differently - improve error message display - ensure useful data is passed back so that we can show nice messages - check for honeypot value being filled out - refactor error handler to set an error and always still render
2016-04-21 16:37:52 +01:00
});
Subscribers: Model, API & CSV import/export - subscriber model - subscriber app updates - subscriber end points - import/export CSV - added headers to export file - added dynamic email field detection for import - returns stats object after CSV import - mask error message from DB
2016-04-14 22:44:05 +02:00
}
Subscribers: Adding subscribe app + tpl + helper - added new internal app "subscribers" - app has a template "subscribe.hbs" - adds a new helper called "form_subscribe"
2016-04-14 18:33:22 +01:00
// subscribe frontend route
Introduced renderer to DRY up controllers (#9235) refs #5091, #9192 - Renderer figures out templates, contexts, and does a render call - Templating is now handled with a single function - Context call is made in the renderer Note: to make this work, all controllers now define a little bit of config, currently stored in res._route. (That's a totally temporary location, as is res._template... when a sensible naming convention reveals itself I'll get rid of the weird _). This exposes a type and for custom routes a template name & default.
2017-11-10 12:44:29 +00:00
subscribeRouter
.route('/')
Subscribers: Adding subscribe app + tpl + helper - added new internal app "subscribers" - app has a template "subscribe.hbs" - adds a new helper called "form_subscribe"
2016-04-14 18:33:22 +01:00
.get(
Highlighted routes, controllers & renderers refs #5091, refs #9192 - There are several theme template "renderers" all over the codebase - Some are in apps, and were called "controllers" - One is in error handling - All of them now have comments marking out how they share logic/steps - Other comments describe routes & controllers where they live
2017-11-05 12:45:43 +00:00
_renderer
Subscribers: Adding subscribe app + tpl + helper - added new internal app "subscribers" - app has a template "subscribe.hbs" - adds a new helper called "form_subscribe"
2016-04-14 18:33:22 +01:00
)
.post(
🎉 Middleware refactor: Give the API its own express App (#7537) refs #4172 * 🎨 Use bodyParser only where it is needed This is a pretty extreme optimisation, however in the interests of killing middleware/index.js it seemed prudent to move towards not having in there that wasn't strictly necessary 😁 We should reassess how apps do this sort of thing, but it seems pretty sane to declare bodyParsing if and only if it is necessary. * 🎨 Move all API code to API router * 🎨 Refactor API into an App, not just a router - Apps have their own rendering engines, only the frontend & the admin panel need views - The API should be JSON only, with minimal middleware - Individual sections within the API could/should be treated as Routers * 🎨 Flatten API middleware inclusion - get rid of the weird middleware object - move the api-only middleware into the middleware/api folder
2016-10-11 09:36:00 +01:00
bodyParser.urlencoded({extended: true}),
Subscribers: router & form helpers Form: - add confirm, location & referrer hidden fields - add script to populate location & referrer - add helper for creating the email field - pass through input class and placeholder for email from top level form helper - rename subscribe_form template & helper as it sounds more natural - handle success and error cases differently - improve error message display - ensure useful data is passed back so that we can show nice messages - check for honeypot value being filled out - refactor error handler to set an error and always still render
2016-04-21 16:37:52 +01:00
honeyPot,
handleSource,
Subscribers: Model, API & CSV import/export - subscriber model - subscriber app updates - subscriber end points - import/export CSV - added headers to export file - added dynamic email field detection for import - returns stats object after CSV import - mask error message from DB
2016-04-14 22:44:05 +02:00
storeSubscriber,
Highlighted routes, controllers & renderers refs #5091, refs #9192 - There are several theme template "renderers" all over the codebase - Some are in apps, and were called "controllers" - One is in error handling - All of them now have comments marking out how they share logic/steps - Other comments describe routes & controllers where they live
2017-11-05 12:45:43 +00:00
_renderer
Subscribers: Adding subscribe app + tpl + helper - added new internal app "subscribers" - app has a template "subscribe.hbs" - adds a new helper called "form_subscribe"
2016-04-14 18:33:22 +01:00
);
Subscribers: router & form helpers Form: - add confirm, location & referrer hidden fields - add script to populate location & referrer - add helper for creating the email field - pass through input class and placeholder for email from top level form helper - rename subscribe_form template & helper as it sounds more natural - handle success and error cases differently - improve error message display - ensure useful data is passed back so that we can show nice messages - check for honeypot value being filled out - refactor error handler to set an error and always still render
2016-04-21 16:37:52 +01:00
// configure an error handler just for subscribe problems
subscribeRouter.use(errorHandler);
Subscribers: Adding subscribe app + tpl + helper - added new internal app "subscribers" - app has a template "subscribe.hbs" - adds a new helper called "form_subscribe"
2016-04-14 18:33:22 +01:00
module.exports = subscribeRouter;
🐛 subscriber: sanitize email (#8078) no issue
2017-03-01 13:02:53 +01:00
module.exports.storeSubscriber = storeSubscriber;
Reference in a new issue Copy permalink