2013-11-25 20:31:18 +00:00
|
|
|
// # Custom Middleware
|
|
|
|
// The following custom middleware functions cannot yet be unit tested, and as such are kept separate from
|
|
|
|
// the testable custom middleware functions in middleware.js
|
|
|
|
|
2014-02-10 21:07:11 +00:00
|
|
|
var api = require('../api'),
|
|
|
|
BSStore = require('../bookshelf-session'),
|
|
|
|
config = require('../config'),
|
2014-05-09 12:11:29 +02:00
|
|
|
errors = require('../errors'),
|
2014-02-10 21:07:11 +00:00
|
|
|
express = require('express'),
|
2014-01-13 15:11:59 -08:00
|
|
|
fs = require('fs'),
|
2013-11-12 01:03:25 -05:00
|
|
|
hbs = require('express-hbs'),
|
2014-02-10 21:07:11 +00:00
|
|
|
middleware = require('./middleware'),
|
|
|
|
packageInfo = require('../../../package.json'),
|
|
|
|
path = require('path'),
|
|
|
|
slashes = require('connect-slashes'),
|
|
|
|
storage = require('../storage'),
|
|
|
|
url = require('url'),
|
|
|
|
when = require('when'),
|
|
|
|
_ = require('lodash'),
|
2013-11-12 01:03:25 -05:00
|
|
|
|
2013-12-30 23:13:25 +00:00
|
|
|
expressServer,
|
|
|
|
ONE_HOUR_S = 60 * 60,
|
|
|
|
ONE_YEAR_S = 365 * 24 * ONE_HOUR_S,
|
|
|
|
ONE_HOUR_MS = ONE_HOUR_S * 1000,
|
|
|
|
ONE_YEAR_MS = 365 * 24 * ONE_HOUR_MS;
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
// ##Custom Middleware
|
|
|
|
|
|
|
|
// ### GhostLocals Middleware
|
|
|
|
// Expose the standard locals that every external page should have available,
|
|
|
|
// separating between the theme and the admin
|
|
|
|
function ghostLocals(req, res, next) {
|
|
|
|
// Make sure we have a locals value.
|
|
|
|
res.locals = res.locals || {};
|
|
|
|
res.locals.version = packageInfo.version;
|
2014-01-03 00:37:21 +00:00
|
|
|
// relative path from the URL, not including subdir
|
2014-01-05 01:40:53 -05:00
|
|
|
res.locals.relativeUrl = req.path.replace(config().paths.subdir, '');
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
if (res.isAdmin) {
|
2013-11-26 10:38:54 +01:00
|
|
|
res.locals.csrfToken = req.csrfToken();
|
2013-12-06 09:51:35 +01:00
|
|
|
when.all([
|
Refactor API arguments
closes #2610, refs #2697
- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
to perform reads, updates and deletes where possible - settings / themes
may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-08 13:41:19 +01:00
|
|
|
api.users.read({id: req.session.user}, {context: {user: req.session.user}}),
|
2013-12-06 09:51:35 +01:00
|
|
|
api.notifications.browse()
|
|
|
|
]).then(function (values) {
|
2014-04-28 21:42:38 +01:00
|
|
|
var currentUser = values[0].users[0],
|
2014-04-28 22:58:18 +02:00
|
|
|
notifications = values[1].notifications;
|
2013-12-06 09:51:35 +01:00
|
|
|
|
2013-11-12 01:03:25 -05:00
|
|
|
_.extend(res.locals, {
|
|
|
|
currentUser: {
|
|
|
|
name: currentUser.name,
|
|
|
|
email: currentUser.email,
|
|
|
|
image: currentUser.image
|
|
|
|
},
|
2013-12-06 09:51:35 +01:00
|
|
|
messages: notifications
|
2013-11-12 01:03:25 -05:00
|
|
|
});
|
|
|
|
next();
|
|
|
|
}).otherwise(function () {
|
|
|
|
// Only show passive notifications
|
2014-04-28 22:58:18 +02:00
|
|
|
// ToDo: Remove once ember handles passive notifications.
|
2013-12-06 09:51:35 +01:00
|
|
|
api.notifications.browse().then(function (notifications) {
|
|
|
|
_.extend(res.locals, {
|
2014-04-28 22:58:18 +02:00
|
|
|
messages: _.reject(notifications.notifications, function (notification) {
|
2013-12-06 09:51:35 +01:00
|
|
|
return notification.status !== 'passive';
|
|
|
|
})
|
|
|
|
});
|
|
|
|
next();
|
2013-11-12 01:03:25 -05:00
|
|
|
});
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-02-21 20:25:31 -05:00
|
|
|
function initThemeData(secure) {
|
|
|
|
var themeConfig = config.theme();
|
|
|
|
if (secure && config().urlSSL) {
|
|
|
|
// For secure requests override .url property with the SSL version
|
|
|
|
themeConfig = _.clone(themeConfig);
|
|
|
|
themeConfig.url = config().urlSSL.replace(/\/$/, '');
|
|
|
|
}
|
|
|
|
return themeConfig;
|
|
|
|
}
|
|
|
|
|
2013-11-12 01:03:25 -05:00
|
|
|
// ### InitViews Middleware
|
|
|
|
// Initialise Theme or Admin Views
|
|
|
|
function initViews(req, res, next) {
|
|
|
|
/*jslint unparam:true*/
|
|
|
|
|
|
|
|
if (!res.isAdmin) {
|
2014-02-21 20:25:31 -05:00
|
|
|
var themeData = initThemeData(req.secure);
|
|
|
|
hbs.updateTemplateOptions({ data: {blog: themeData} });
|
2013-12-01 18:31:55 -05:00
|
|
|
expressServer.engine('hbs', expressServer.get('theme view engine'));
|
2014-01-05 01:40:53 -05:00
|
|
|
expressServer.set('views', path.join(config().paths.themePath, expressServer.get('activeTheme')));
|
2013-11-12 01:03:25 -05:00
|
|
|
} else {
|
2013-12-01 18:31:55 -05:00
|
|
|
expressServer.engine('hbs', expressServer.get('admin view engine'));
|
2014-01-05 01:40:53 -05:00
|
|
|
expressServer.set('views', config().paths.adminViews);
|
2013-11-12 01:03:25 -05:00
|
|
|
}
|
|
|
|
|
2014-02-21 20:25:31 -05:00
|
|
|
// Pass 'secure' flag to the view engine
|
|
|
|
// so that templates can choose 'url' vs 'urlSSL'
|
|
|
|
res.locals.secure = req.secure;
|
|
|
|
|
2013-11-12 01:03:25 -05:00
|
|
|
next();
|
|
|
|
}
|
|
|
|
|
|
|
|
// ### Activate Theme
|
|
|
|
// Helper for manageAdminAndTheme
|
2013-12-06 09:51:35 +01:00
|
|
|
function activateTheme(activeTheme) {
|
2013-12-01 18:31:55 -05:00
|
|
|
var hbsOptions,
|
2014-01-05 01:40:53 -05:00
|
|
|
themePartials = path.join(config().paths.themePath, activeTheme, 'partials'),
|
2013-12-01 18:31:55 -05:00
|
|
|
stackLocation = _.indexOf(expressServer.stack, _.find(expressServer.stack, function (stackItem) {
|
2014-01-05 01:40:53 -05:00
|
|
|
return stackItem.route === config().paths.subdir && stackItem.handle.name === 'settingEnabled';
|
2013-12-01 18:31:55 -05:00
|
|
|
}));
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
// clear the view cache
|
2013-12-06 09:13:15 -05:00
|
|
|
expressServer.cache = {};
|
|
|
|
expressServer.disable(expressServer.get('activeTheme'));
|
|
|
|
expressServer.set('activeTheme', activeTheme);
|
|
|
|
expressServer.enable(expressServer.get('activeTheme'));
|
2013-11-12 01:03:25 -05:00
|
|
|
if (stackLocation) {
|
2013-12-06 09:13:15 -05:00
|
|
|
expressServer.stack[stackLocation].handle = middleware.whenEnabled(expressServer.get('activeTheme'), middleware.staticTheme());
|
2013-11-12 01:03:25 -05:00
|
|
|
}
|
|
|
|
|
2013-12-01 18:31:55 -05:00
|
|
|
// set view engine
|
2014-01-05 01:40:53 -05:00
|
|
|
hbsOptions = { partialsDir: [ config().paths.helperTemplates ] };
|
2014-01-13 15:11:59 -08:00
|
|
|
|
|
|
|
fs.stat(themePartials, function (err, stats) {
|
2013-12-01 18:31:55 -05:00
|
|
|
// Check that the theme has a partials directory before trying to use it
|
2014-01-13 15:11:59 -08:00
|
|
|
if (!err && stats && stats.isDirectory()) {
|
|
|
|
hbsOptions.partialsDir.push(themePartials);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
2013-12-01 18:31:55 -05:00
|
|
|
expressServer.set('theme view engine', hbs.express3(hbsOptions));
|
|
|
|
|
2013-11-12 01:03:25 -05:00
|
|
|
// Update user error template
|
2014-03-26 14:43:16 -06:00
|
|
|
errors.updateActiveTheme(activeTheme);
|
2013-11-12 01:03:25 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// ### ManageAdminAndTheme Middleware
|
|
|
|
// Uses the URL to detect whether this response should be an admin response
|
|
|
|
// This is used to ensure the right content is served, and is not for security purposes
|
|
|
|
function manageAdminAndTheme(req, res, next) {
|
2014-01-05 01:40:53 -05:00
|
|
|
res.isAdmin = req.url.lastIndexOf(config().paths.subdir + '/ghost/', 0) === 0;
|
2013-11-17 18:40:26 +00:00
|
|
|
|
2013-11-12 01:03:25 -05:00
|
|
|
if (res.isAdmin) {
|
2013-12-06 09:13:15 -05:00
|
|
|
expressServer.enable('admin');
|
|
|
|
expressServer.disable(expressServer.get('activeTheme'));
|
2013-11-12 01:03:25 -05:00
|
|
|
} else {
|
2013-12-06 09:13:15 -05:00
|
|
|
expressServer.enable(expressServer.get('activeTheme'));
|
|
|
|
expressServer.disable('admin');
|
2013-11-12 01:03:25 -05:00
|
|
|
}
|
Refactor API arguments
closes #2610, refs #2697
- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
to perform reads, updates and deletes where possible - settings / themes
may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-08 13:41:19 +01:00
|
|
|
api.settings.read({context: {internal: true}, key: 'activeTheme'}).then(function (response) {
|
2014-04-27 18:28:50 -05:00
|
|
|
var activeTheme = response.settings[0];
|
Refactor API arguments
closes #2610, refs #2697
- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
to perform reads, updates and deletes where possible - settings / themes
may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-08 13:41:19 +01:00
|
|
|
|
2013-12-06 09:51:35 +01:00
|
|
|
// Check if the theme changed
|
2013-12-06 09:13:15 -05:00
|
|
|
if (activeTheme.value !== expressServer.get('activeTheme')) {
|
2013-12-06 09:51:35 +01:00
|
|
|
// Change theme
|
2014-01-05 01:40:53 -05:00
|
|
|
if (!config().paths.availableThemes.hasOwnProperty(activeTheme.value)) {
|
2013-12-06 09:51:35 +01:00
|
|
|
if (!res.isAdmin) {
|
|
|
|
// Throw an error if the theme is not available, but not on the admin UI
|
2014-01-24 22:14:56 +00:00
|
|
|
return errors.throwError('The currently active theme ' + activeTheme.value + ' is missing.');
|
2013-12-06 09:51:35 +01:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
activateTheme(activeTheme.value);
|
2013-11-12 01:03:25 -05:00
|
|
|
}
|
|
|
|
}
|
2013-12-06 09:51:35 +01:00
|
|
|
next();
|
2014-01-24 22:14:56 +00:00
|
|
|
}).otherwise(function (err) {
|
|
|
|
// Trying to start up without the active theme present, setup a simple hbs instance
|
|
|
|
// and render an error page straight away.
|
|
|
|
expressServer.engine('hbs', hbs.express3());
|
|
|
|
next(err);
|
2013-12-06 09:51:35 +01:00
|
|
|
});
|
2013-11-12 01:03:25 -05:00
|
|
|
}
|
|
|
|
|
2013-12-06 09:13:15 -05:00
|
|
|
// Redirect to signup if no users are currently created
|
|
|
|
function redirectToSignup(req, res, next) {
|
|
|
|
/*jslint unparam:true*/
|
2014-04-08 15:40:33 +02:00
|
|
|
|
|
|
|
api.users.doesUserExist().then(function (exists) {
|
|
|
|
if (!exists) {
|
2014-06-03 19:20:30 +01:00
|
|
|
// TODO remove this when ember admin becomes the default
|
|
|
|
if (req.path.match(/\/ember\//)) {
|
|
|
|
if (!req.path.match(/\/ghost\/ember\/signup\//)) {
|
|
|
|
return res.redirect(config().paths.subdir + '/ghost/ember/signup/');
|
|
|
|
} else {
|
|
|
|
return next();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// END remove this
|
2014-01-05 01:40:53 -05:00
|
|
|
return res.redirect(config().paths.subdir + '/ghost/signup/');
|
2013-12-06 09:13:15 -05:00
|
|
|
}
|
|
|
|
next();
|
|
|
|
}).otherwise(function (err) {
|
|
|
|
return next(new Error(err));
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
2013-12-19 17:05:45 +01:00
|
|
|
function isSSLrequired(isAdmin) {
|
|
|
|
var forceSSL = url.parse(config().url).protocol === 'https:' ? true : false,
|
|
|
|
forceAdminSSL = (isAdmin && config().forceAdminSSL);
|
|
|
|
if (forceSSL || forceAdminSSL) {
|
|
|
|
return true;
|
2013-12-09 13:41:19 -06:00
|
|
|
}
|
2013-12-19 17:05:45 +01:00
|
|
|
return false;
|
2013-12-09 13:41:19 -06:00
|
|
|
}
|
|
|
|
|
2013-12-19 17:05:45 +01:00
|
|
|
// Check to see if we should use SSL
|
|
|
|
// and redirect if needed
|
2013-12-09 13:41:19 -06:00
|
|
|
function checkSSL(req, res, next) {
|
2013-12-19 17:05:45 +01:00
|
|
|
if (isSSLrequired(res.isAdmin)) {
|
2014-01-26 17:00:50 -05:00
|
|
|
if (!req.secure) {
|
2014-02-21 20:25:31 -05:00
|
|
|
var forceAdminSSL = config().forceAdminSSL,
|
|
|
|
redirectUrl;
|
|
|
|
|
|
|
|
// Check if forceAdminSSL: { redirect: false } is set, which means
|
|
|
|
// we should just deny non-SSL access rather than redirect
|
|
|
|
if (forceAdminSSL && forceAdminSSL.redirect !== undefined && !forceAdminSSL.redirect) {
|
|
|
|
return res.send(403);
|
|
|
|
}
|
|
|
|
|
|
|
|
redirectUrl = url.parse(config().urlSSL || config().url);
|
2013-12-19 17:05:45 +01:00
|
|
|
return res.redirect(301, url.format({
|
|
|
|
protocol: 'https:',
|
2014-02-21 20:25:31 -05:00
|
|
|
hostname: redirectUrl.hostname,
|
|
|
|
port: redirectUrl.port,
|
2013-12-19 17:05:45 +01:00
|
|
|
pathname: req.path,
|
|
|
|
query: req.query
|
|
|
|
}));
|
|
|
|
}
|
2013-12-09 13:41:19 -06:00
|
|
|
}
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
|
2014-03-09 09:28:58 +00:00
|
|
|
// ### Robots Middleware
|
|
|
|
// Handle requests to robots.txt and cache file
|
|
|
|
function robots() {
|
|
|
|
var content, // file cache
|
|
|
|
filePath = path.join(config().paths.corePath, '/shared/robots.txt');
|
|
|
|
|
|
|
|
return function robots(req, res, next) {
|
|
|
|
if ('/robots.txt' === req.url) {
|
|
|
|
if (content) {
|
|
|
|
res.writeHead(200, content.headers);
|
|
|
|
res.end(content.body);
|
|
|
|
} else {
|
|
|
|
fs.readFile(filePath, function (err, buf) {
|
|
|
|
if (err) {
|
|
|
|
return next(err);
|
|
|
|
}
|
2014-04-28 21:42:38 +01:00
|
|
|
|
2014-03-09 09:28:58 +00:00
|
|
|
content = {
|
|
|
|
headers: {
|
|
|
|
'Content-Type': 'text/plain',
|
|
|
|
'Content-Length': buf.length,
|
|
|
|
'Cache-Control': 'public, max-age=' + ONE_YEAR_MS / 1000
|
|
|
|
},
|
|
|
|
body: buf
|
|
|
|
};
|
|
|
|
res.writeHead(200, content.headers);
|
|
|
|
res.end(content.body);
|
|
|
|
});
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2013-12-06 09:13:15 -05:00
|
|
|
module.exports = function (server, dbHash) {
|
2014-02-10 21:07:11 +00:00
|
|
|
var logging = config().logging,
|
|
|
|
subdir = config().paths.subdir,
|
2014-01-05 01:40:53 -05:00
|
|
|
corePath = config().paths.corePath,
|
2013-12-19 17:05:45 +01:00
|
|
|
cookie;
|
2013-11-12 01:03:25 -05:00
|
|
|
|
2013-12-06 09:13:15 -05:00
|
|
|
// Cache express server instance
|
|
|
|
expressServer = server;
|
|
|
|
middleware.cacheServer(expressServer);
|
|
|
|
|
2014-01-26 17:00:50 -05:00
|
|
|
// Make sure 'req.secure' is valid for proxied requests
|
|
|
|
// (X-Forwarded-Proto header will be checked, if present)
|
|
|
|
expressServer.enable('trust proxy');
|
|
|
|
|
2013-11-12 01:03:25 -05:00
|
|
|
// Logging configuration
|
2014-02-10 21:07:11 +00:00
|
|
|
if (logging !== false) {
|
|
|
|
if (expressServer.get('env') !== 'development') {
|
|
|
|
expressServer.use(express.logger(logging || {}));
|
|
|
|
} else {
|
|
|
|
expressServer.use(express.logger(logging || 'dev'));
|
|
|
|
}
|
2013-11-12 01:03:25 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// Favicon
|
2013-12-28 16:01:08 +00:00
|
|
|
expressServer.use(subdir, express.favicon(corePath + '/shared/favicon.ico'));
|
2013-11-12 01:03:25 -05:00
|
|
|
|
2013-12-30 23:13:25 +00:00
|
|
|
// Static assets
|
|
|
|
expressServer.use(subdir + '/shared', express['static'](path.join(corePath, '/shared'), {maxAge: ONE_HOUR_MS}));
|
2013-12-28 16:01:08 +00:00
|
|
|
expressServer.use(subdir + '/content/images', storage.get_storage().serve());
|
2013-12-30 23:13:25 +00:00
|
|
|
expressServer.use(subdir + '/ghost/scripts', express['static'](path.join(corePath, '/built/scripts'), {maxAge: ONE_YEAR_MS}));
|
2014-03-03 21:41:34 +00:00
|
|
|
expressServer.use(subdir + '/public', express['static'](path.join(corePath, '/built/public'), {maxAge: ONE_YEAR_MS}));
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
// First determine whether we're serving admin or theme content
|
2013-12-06 09:13:15 -05:00
|
|
|
expressServer.use(manageAdminAndTheme);
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
// Admin only config
|
2014-02-26 23:15:31 +00:00
|
|
|
expressServer.use(subdir + '/ghost', middleware.whenEnabled('admin', express['static'](path.join(corePath, '/clientold/assets'), {maxAge: ONE_YEAR_MS})));
|
2014-03-15 00:00:30 +01:00
|
|
|
expressServer.use(subdir + '/ghost/ember', middleware.whenEnabled('admin', express['static'](path.join(corePath, '/client/assets'), {maxAge: ONE_YEAR_MS})));
|
2013-11-12 01:03:25 -05:00
|
|
|
|
2014-01-26 17:21:24 -05:00
|
|
|
// Force SSL
|
|
|
|
// NOTE: Importantly this is _after_ the check above for admin-theme static resources,
|
|
|
|
// which do not need HTTPS. In fact, if HTTPS is forced on them, then 404 page might
|
|
|
|
// not display properly when HTTPS is not available!
|
|
|
|
expressServer.use(checkSSL);
|
|
|
|
|
2013-11-12 01:03:25 -05:00
|
|
|
// Theme only config
|
Fix live theme switching not working on subdirectories
Closes #1770
- Previously, the middleware would check that the route on the stack was an empty string, which worked when there was no subdirectories
- When subdirectories were added, the proper route was only set when
updating the theme
- Because it was only set when updating, this explains themes working on
initial load, since the stack location was looking for an empty
string, which is what the middleware was initialized with
- However, once a new theme was set, it was still look for an empty
string, which would never exist, which caused the issue
- Now, the route is properly set on initialization of the middleware,
and then the `config.paths().subdir` property is used for the check
2013-12-28 15:08:57 -08:00
|
|
|
expressServer.use(subdir, middleware.whenEnabled(expressServer.get('activeTheme'), middleware.staticTheme()));
|
2013-11-12 01:03:25 -05:00
|
|
|
|
2014-03-09 09:28:58 +00:00
|
|
|
// Serve robots.txt if not found in theme
|
|
|
|
expressServer.use(robots());
|
|
|
|
|
2013-11-12 01:03:25 -05:00
|
|
|
// Add in all trailing slashes
|
2013-12-30 23:13:25 +00:00
|
|
|
expressServer.use(slashes(true, {headers: {'Cache-Control': 'public, max-age=' + ONE_YEAR_S}}));
|
2013-11-12 01:03:25 -05:00
|
|
|
|
2013-12-30 23:13:25 +00:00
|
|
|
// Body parsing
|
2013-12-06 09:13:15 -05:00
|
|
|
expressServer.use(express.json());
|
|
|
|
expressServer.use(express.urlencoded());
|
2013-11-17 18:40:26 +00:00
|
|
|
|
2013-12-30 23:13:25 +00:00
|
|
|
// ### Sessions
|
2014-01-12 17:08:12 +00:00
|
|
|
// we need the trailing slash in the cookie path. Session handling *must* be after the slash handling
|
2013-12-19 17:05:45 +01:00
|
|
|
cookie = {
|
2014-01-12 17:08:12 +00:00
|
|
|
path: subdir + '/ghost/',
|
2013-12-30 23:13:25 +00:00
|
|
|
maxAge: 12 * ONE_HOUR_MS
|
2013-12-19 17:05:45 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
// if SSL is forced, add secure flag to cookie
|
|
|
|
// parameter is true, since cookie is used with admin only
|
|
|
|
if (isSSLrequired(true)) {
|
|
|
|
cookie.secure = true;
|
|
|
|
}
|
|
|
|
|
2013-12-06 09:13:15 -05:00
|
|
|
expressServer.use(express.cookieParser());
|
|
|
|
expressServer.use(express.session({
|
2014-02-19 14:57:26 +01:00
|
|
|
store: new BSStore(),
|
2013-12-19 17:05:45 +01:00
|
|
|
proxy: true,
|
2013-12-06 09:13:15 -05:00
|
|
|
secret: dbHash,
|
2013-12-19 17:05:45 +01:00
|
|
|
cookie: cookie
|
2013-11-24 15:29:36 +01:00
|
|
|
}));
|
2013-11-12 01:03:25 -05:00
|
|
|
|
2014-02-14 11:00:11 +01:00
|
|
|
// ### Caching
|
|
|
|
expressServer.use(middleware.cacheControl('public'));
|
2014-02-19 15:53:40 -07:00
|
|
|
expressServer.use(subdir + '/api/', middleware.cacheControl('private'));
|
|
|
|
expressServer.use(subdir + '/ghost/', middleware.cacheControl('private'));
|
2014-02-14 11:00:11 +01:00
|
|
|
|
2014-04-28 22:58:18 +02:00
|
|
|
|
2014-02-14 11:00:11 +01:00
|
|
|
// enable authentication; has to be done before CSRF handling
|
|
|
|
expressServer.use(middleware.authenticate);
|
|
|
|
|
2014-01-19 21:08:39 +00:00
|
|
|
// enable express csrf protection
|
2013-12-06 09:13:15 -05:00
|
|
|
expressServer.use(middleware.conditionalCSRF);
|
2013-12-30 23:13:25 +00:00
|
|
|
|
2013-11-12 01:03:25 -05:00
|
|
|
// local data
|
2013-12-06 09:13:15 -05:00
|
|
|
expressServer.use(ghostLocals);
|
2014-04-28 22:58:18 +02:00
|
|
|
|
2013-12-30 23:13:25 +00:00
|
|
|
// So on every request we actually clean out redundant passive notifications from the server side
|
2014-04-28 22:58:18 +02:00
|
|
|
// ToDo: Remove when ember handles passive notifications.
|
2013-12-06 09:13:15 -05:00
|
|
|
expressServer.use(middleware.cleanNotifications);
|
2014-04-28 22:58:18 +02:00
|
|
|
|
2013-11-12 01:03:25 -05:00
|
|
|
// Initialise the views
|
2013-12-06 09:13:15 -05:00
|
|
|
expressServer.use(initViews);
|
2013-11-12 01:03:25 -05:00
|
|
|
|
2013-12-30 23:13:25 +00:00
|
|
|
// ### Routing
|
2013-12-28 16:01:08 +00:00
|
|
|
expressServer.use(subdir, expressServer.router);
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
// ### Error handling
|
|
|
|
// 404 Handler
|
2013-12-06 09:13:15 -05:00
|
|
|
expressServer.use(errors.error404);
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
// 500 Handler
|
2013-12-06 09:13:15 -05:00
|
|
|
expressServer.use(errors.error500);
|
2013-11-12 01:03:25 -05:00
|
|
|
};
|
|
|
|
|
|
|
|
// Export middleware functions directly
|
2013-11-17 18:40:26 +00:00
|
|
|
module.exports.middleware = middleware;
|
2013-12-06 09:13:15 -05:00
|
|
|
// Expose middleware functions in this file as well
|
2013-12-01 18:31:55 -05:00
|
|
|
module.exports.middleware.redirectToSignup = redirectToSignup;
|