ghost/core/server/routes/frontend.js

var frontend    = require('../controllers/frontend'),
    config      = require('../config'),
    express     = require('express'),
    utils       = require('../utils'),

    frontendRoutes;

frontendRoutes = function (middleware) {
    var router = express.Router(),
        subdir = config.paths.subdir,
        routeKeywords = config.routeKeywords,
        indexRouter = express.Router(),
        tagRouter = express.Router({mergeParams: true}),
        authorRouter = express.Router({mergeParams: true}),
        rssRouter = express.Router({mergeParams: true}),
        privateRouter = express.Router();

    // ### Admin routes
    router.get(/^\/(logout|signout)\/$/, function redirect(req, res) {
        /*jslint unparam:true*/
        res.set({'Cache-Control': 'public, max-age=' + utils.ONE_YEAR_S});
        res.redirect(301, subdir + '/ghost/signout/');
    });
    router.get(/^\/signup\/$/, function redirect(req, res) {
        /*jslint unparam:true*/
        res.set({'Cache-Control': 'public, max-age=' + utils.ONE_YEAR_S});
        res.redirect(301, subdir + '/ghost/signup/');
    });

    // redirect to /ghost and let that do the authentication to prevent redirects to /ghost//admin etc.
    router.get(/^\/((ghost-admin|admin|wp-admin|dashboard|signin|login)\/?)$/, function (req, res) {
        /*jslint unparam:true*/
        res.redirect(subdir + '/ghost/');
    });

    // password-protected frontend route
    privateRouter.route('/')
        .get(
            middleware.isPrivateSessionAuth,
            frontend.private
        )
        .post(
            middleware.isPrivateSessionAuth,
            middleware.spamPrevention.protected,
            middleware.authenticateProtection,
            frontend.private
        );

    rssRouter.route('/rss/').get(frontend.rss);
    rssRouter.route('/rss/:page/').get(frontend.rss);
    rssRouter.route('/feed/').get(function redirect(req, res) {
        /*jshint unused:true*/
        res.set({'Cache-Control': 'public, max-age=' + utils.ONE_YEAR_S});
        res.redirect(301, subdir + '/rss/');
    });

    // Index
    indexRouter.route('/').get(frontend.homepage);
    indexRouter.route('/' + routeKeywords.page + '/:page/').get(frontend.homepage);
    indexRouter.use(rssRouter);

    // Tags
    tagRouter.route('/').get(frontend.tag);
    tagRouter.route('/' + routeKeywords.page + '/:page/').get(frontend.tag);
    tagRouter.use(rssRouter);

    // Authors
    authorRouter.route('/').get(frontend.author);
    authorRouter.route('/' + routeKeywords.page + '/:page/').get(frontend.author);
    authorRouter.use(rssRouter);

    // Mount the Routers
    router.use('/' + routeKeywords.private + '/', privateRouter);
    router.use('/' + routeKeywords.author + '/:slug/', authorRouter);
    router.use('/' + routeKeywords.tag + '/:slug/', tagRouter);
    router.use('/', indexRouter);

    // Post Live Preview
    router.get('/' + routeKeywords.preview + '/:uuid', frontend.preview);

    // Default
    router.get('*', frontend.single);

    return router;
};

module.exports = frontendRoutes;
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-23 16:49:43 -05:00			`var frontend = require('../controllers/frontend'),`
			`config = require('../config'),`
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance. 2014-04-11 22:46:15 -05:00			`express = require('express'),`
Change refresh token expiry no issue - acquiring a new access token using a refresh token sets the expiration time of the refresh token to now + 24 hrs. - moved all occurrences of ONE_HOUR, ONE_DAY and ONE_YEAR to `core/server/utils` 2014-07-28 08:19:49 -05:00			`utils = require('../utils'),`
Fix routing of posts and static pages closes #1757 and #1773 - switches routes.frontend for posts and pages to use a regex with two capturing groups. This removes the need to dynamically remove an express route at a later point, leaving the decision making to frontend controller. - added unit tests for all routing conditions that can arise for posts and pages. - updated functional tests to also test for same thing in unit tests - removes old code from server/api/index that used to fix this issue, but is no longer needed - removed some un-needed require statements in routes/admin 2013-12-30 02:03:29 -05:00
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData 2014-05-08 07:41:19 -05:00			`frontendRoutes;`

added password protection closes #4993 - brings password protection to the frontend of blogs - adds testing for password protection - upgrades bcrypt-js to 2.1.0 2015-03-26 02:01:39 -05:00			`frontendRoutes = function (middleware) {`
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance. 2014-04-11 22:46:15 -05:00			`var router = express.Router(),`
Add post preview via uuid (/p/:uuid) Refs #5097 - All drafts will show a preview link (this needs real css) - Published posts will redirect - prev/next post helpers only activate on published posts - Powered by ~10 pints between the two of us (@ErisDS, @novaugust) 2015-04-16 14:40:32 -05:00			`subdir = config.paths.subdir,`
Frontend route refactor / cleanup refs #5091 - This is step one of several steps towards ending up with dynamic routes for channels - Refactoring this way makes the similarities between all the routes clearer to see 2015-05-26 08:01:52 -05:00			`routeKeywords = config.routeKeywords,`
			`indexRouter = express.Router(),`
			`tagRouter = express.Router({mergeParams: true}),`
			`authorRouter = express.Router({mergeParams: true}),`
			`rssRouter = express.Router({mergeParams: true}),`
			`privateRouter = express.Router();`
Fix routing of posts and static pages closes #1757 and #1773 - switches routes.frontend for posts and pages to use a regex with two capturing groups. This removes the need to dynamically remove an express route at a later point, leaving the decision making to frontend controller. - added unit tests for all routing conditions that can arise for posts and pages. - updated functional tests to also test for same thing in unit tests - removes old code from server/api/index that used to fix this issue, but is no longer needed - removed some un-needed require statements in routes/admin 2013-12-30 02:03:29 -05:00
Have /ghost use its own express instance closes #1961 - Refactor admin to use its own express instance - Refactor middlewares to work with /ghost mounted admin express instance 2014-09-16 16:02:31 -05:00			`// ### Admin routes`
			`router.get(/^\/(logout\|signout)\/$/, function redirect(req, res) {`
			`/jslint unparam:true/`
			`res.set({'Cache-Control': 'public, max-age=' + utils.ONE_YEAR_S});`
			`res.redirect(301, subdir + '/ghost/signout/');`
			`});`
			`router.get(/^\/signup\/$/, function redirect(req, res) {`
			`/jslint unparam:true/`
			`res.set({'Cache-Control': 'public, max-age=' + utils.ONE_YEAR_S});`
			`res.redirect(301, subdir + '/ghost/signup/');`
			`});`

			`// redirect to /ghost and let that do the authentication to prevent redirects to /ghost//admin etc.`
			`router.get(/^\/((ghost-admin\|admin\|wp-admin\|dashboard\|signin\|login)\/?)$/, function (req, res) {`
			`/jslint unparam:true/`
			`res.redirect(subdir + '/ghost/');`
			`});`

added password protection closes #4993 - brings password protection to the frontend of blogs - adds testing for password protection - upgrades bcrypt-js to 2.1.0 2015-03-26 02:01:39 -05:00			`// password-protected frontend route`
Frontend route refactor / cleanup refs #5091 - This is step one of several steps towards ending up with dynamic routes for channels - Refactoring this way makes the similarities between all the routes clearer to see 2015-05-26 08:01:52 -05:00			`privateRouter.route('/')`
			`.get(`
			`middleware.isPrivateSessionAuth,`
			`frontend.private`
			`)`
			`.post(`
			`middleware.isPrivateSessionAuth,`
Move the spam prevention into its own file. issue #5286 - Moved the spam prevention functions into their own file - Added unit tests for the functions 2015-05-26 14:04:27 -05:00			`middleware.spamPrevention.protected,`
Frontend route refactor / cleanup refs #5091 - This is step one of several steps towards ending up with dynamic routes for channels - Refactoring this way makes the similarities between all the routes clearer to see 2015-05-26 08:01:52 -05:00			`middleware.authenticateProtection,`
			`frontend.private`
			`);`
added password protection closes #4993 - brings password protection to the frontend of blogs - adds testing for password protection - upgrades bcrypt-js to 2.1.0 2015-03-26 02:01:39 -05:00
Frontend route refactor / cleanup refs #5091 - This is step one of several steps towards ending up with dynamic routes for channels - Refactoring this way makes the similarities between all the routes clearer to see 2015-05-26 08:01:52 -05:00			`rssRouter.route('/rss/').get(frontend.rss);`
			`rssRouter.route('/rss/:page/').get(frontend.rss);`
			`rssRouter.route('/feed/').get(function redirect(req, res) {`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-23 16:49:43 -05:00			`/jshint unused:true/`
Change refresh token expiry no issue - acquiring a new access token using a refresh token sets the expiration time of the refresh token to now + 24 hrs. - moved all occurrences of ONE_HOUR, ONE_DAY and ONE_YEAR to `core/server/utils` 2014-07-28 08:19:49 -05:00			`res.set({'Cache-Control': 'public, max-age=' + utils.ONE_YEAR_S});`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-23 16:49:43 -05:00			`res.redirect(301, subdir + '/rss/');`
			`});`

Frontend route refactor / cleanup refs #5091 - This is step one of several steps towards ending up with dynamic routes for channels - Refactoring this way makes the similarities between all the routes clearer to see 2015-05-26 08:01:52 -05:00			`// Index`
			`indexRouter.route('/').get(frontend.homepage);`
			`indexRouter.route('/' + routeKeywords.page + '/:page/').get(frontend.homepage);`
			`indexRouter.use(rssRouter);`

Author pages refs #3076 - This is a first draft implementation, just to make it work so that we can get casper working 2014-07-20 11:32:14 -05:00			`// Tags`
Frontend route refactor / cleanup refs #5091 - This is step one of several steps towards ending up with dynamic routes for channels - Refactoring this way makes the similarities between all the routes clearer to see 2015-05-26 08:01:52 -05:00			`tagRouter.route('/').get(frontend.tag);`
			`tagRouter.route('/' + routeKeywords.page + '/:page/').get(frontend.tag);`
			`tagRouter.use(rssRouter);`
Author pages refs #3076 - This is a first draft implementation, just to make it work so that we can get casper working 2014-07-20 11:32:14 -05:00
			`// Authors`
Frontend route refactor / cleanup refs #5091 - This is step one of several steps towards ending up with dynamic routes for channels - Refactoring this way makes the similarities between all the routes clearer to see 2015-05-26 08:01:52 -05:00			`authorRouter.route('/').get(frontend.author);`
			`authorRouter.route('/' + routeKeywords.page + '/:page/').get(frontend.author);`
			`authorRouter.use(rssRouter);`

			`// Mount the Routers`
			`router.use('/' + routeKeywords.private + '/', privateRouter);`
			`router.use('/' + routeKeywords.author + '/:slug/', authorRouter);`
			`router.use('/' + routeKeywords.tag + '/:slug/', tagRouter);`
			`router.use('/', indexRouter);`
Add post preview via uuid (/p/:uuid) Refs #5097 - All drafts will show a preview link (this needs real css) - Published posts will redirect - prev/next post helpers only activate on published posts - Powered by ~10 pints between the two of us (@ErisDS, @novaugust) 2015-04-16 14:40:32 -05:00
			`// Post Live Preview`
			`router.get('/' + routeKeywords.preview + '/:uuid', frontend.preview);`
Author pages refs #3076 - This is a first draft implementation, just to make it work so that we can get casper working 2014-07-20 11:32:14 -05:00
			`// Default`
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance. 2014-04-11 22:46:15 -05:00			`router.get('*', frontend.single);`

			`return router;`
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData 2014-05-08 07:41:19 -05:00			`};`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-23 16:49:43 -05:00
Add jscs task to grunt file and clean up files to adhere to jscs rules. resolves #1920 - updates all files to conform to style settings. 2014-09-09 23:06:24 -05:00			`module.exports = frontendRoutes;`