ghost/core/server/routes/frontend.js

var frontend    = require('../controllers/frontend'),
    config      = require('../config'),
    express     = require('express'),
    utils       = require('../utils'),

    frontendRoutes;

frontendRoutes = function (middleware) {
    var router = express.Router(),
        subdir = config.paths.subdir,
        routeKeywords = config.routeKeywords;

    // ### Admin routes
    router.get(/^\/(logout|signout)\/$/, function redirect(req, res) {
        /*jslint unparam:true*/
        res.set({'Cache-Control': 'public, max-age=' + utils.ONE_YEAR_S});
        res.redirect(301, subdir + '/ghost/signout/');
    });
    router.get(/^\/signup\/$/, function redirect(req, res) {
        /*jslint unparam:true*/
        res.set({'Cache-Control': 'public, max-age=' + utils.ONE_YEAR_S});
        res.redirect(301, subdir + '/ghost/signup/');
    });

    // redirect to /ghost and let that do the authentication to prevent redirects to /ghost//admin etc.
    router.get(/^\/((ghost-admin|admin|wp-admin|dashboard|signin|login)\/?)$/, function (req, res) {
        /*jslint unparam:true*/
        res.redirect(subdir + '/ghost/');
    });

    // password-protected frontend route
    router.get('/private/',
        middleware.isPrivateSessionAuth,
        frontend.private
    );
    router.post('/private/',
        middleware.isPrivateSessionAuth,
        middleware.spamProtectedPrevention,
        middleware.authenticateProtection,
        frontend.private
    );

    // ### Frontend routes
    router.get('/rss/', frontend.rss);
    router.get('/rss/:page/', frontend.rss);
    router.get('/feed/', function redirect(req, res) {
        /*jshint unused:true*/
        res.set({'Cache-Control': 'public, max-age=' + utils.ONE_YEAR_S});
        res.redirect(301, subdir + '/rss/');
    });

    // Tags
    router.get('/' + routeKeywords.tag + '/:slug/rss/', frontend.rss);
    router.get('/' + routeKeywords.tag + '/:slug/rss/:page/', frontend.rss);
    router.get('/' + routeKeywords.tag + '/:slug/' + routeKeywords.page + '/:page/', frontend.tag);
    router.get('/' + routeKeywords.tag + '/:slug/', frontend.tag);

    // Authors
    router.get('/' + routeKeywords.author + '/:slug/rss/', frontend.rss);
    router.get('/' + routeKeywords.author + '/:slug/rss/:page/', frontend.rss);
    router.get('/' + routeKeywords.author + '/:slug/' + routeKeywords.page + '/:page/', frontend.author);
    router.get('/' + routeKeywords.author + '/:slug/', frontend.author);

    // Post Live Preview
    router.get('/' + routeKeywords.preview + '/:uuid', frontend.preview);

    // Default
    router.get('/' + routeKeywords.page + '/:page/', frontend.homepage);
    router.get('/', frontend.homepage);
    router.get('*', frontend.single);

    return router;
};

module.exports = frontendRoutes;
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-23 16:49:43 -05:00			`var frontend = require('../controllers/frontend'),`
			`config = require('../config'),`
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance. 2014-04-11 22:46:15 -05:00			`express = require('express'),`
Change refresh token expiry no issue - acquiring a new access token using a refresh token sets the expiration time of the refresh token to now + 24 hrs. - moved all occurrences of ONE_HOUR, ONE_DAY and ONE_YEAR to `core/server/utils` 2014-07-28 08:19:49 -05:00			`utils = require('../utils'),`
Fix routing of posts and static pages closes #1757 and #1773 - switches routes.frontend for posts and pages to use a regex with two capturing groups. This removes the need to dynamically remove an express route at a later point, leaving the decision making to frontend controller. - added unit tests for all routing conditions that can arise for posts and pages. - updated functional tests to also test for same thing in unit tests - removes old code from server/api/index that used to fix this issue, but is no longer needed - removed some un-needed require statements in routes/admin 2013-12-30 02:03:29 -05:00
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData 2014-05-08 07:41:19 -05:00			`frontendRoutes;`

added password protection closes #4993 - brings password protection to the frontend of blogs - adds testing for password protection - upgrades bcrypt-js to 2.1.0 2015-03-26 02:01:39 -05:00			`frontendRoutes = function (middleware) {`
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance. 2014-04-11 22:46:15 -05:00			`var router = express.Router(),`
Add post preview via uuid (/p/:uuid) Refs #5097 - All drafts will show a preview link (this needs real css) - Published posts will redirect - prev/next post helpers only activate on published posts - Powered by ~10 pints between the two of us (@ErisDS, @novaugust) 2015-04-16 14:40:32 -05:00			`subdir = config.paths.subdir,`
			`routeKeywords = config.routeKeywords;`
Fix routing of posts and static pages closes #1757 and #1773 - switches routes.frontend for posts and pages to use a regex with two capturing groups. This removes the need to dynamically remove an express route at a later point, leaving the decision making to frontend controller. - added unit tests for all routing conditions that can arise for posts and pages. - updated functional tests to also test for same thing in unit tests - removes old code from server/api/index that used to fix this issue, but is no longer needed - removed some un-needed require statements in routes/admin 2013-12-30 02:03:29 -05:00
Have /ghost use its own express instance closes #1961 - Refactor admin to use its own express instance - Refactor middlewares to work with /ghost mounted admin express instance 2014-09-16 16:02:31 -05:00			`// ### Admin routes`
			`router.get(/^\/(logout\|signout)\/$/, function redirect(req, res) {`
			`/jslint unparam:true/`
			`res.set({'Cache-Control': 'public, max-age=' + utils.ONE_YEAR_S});`
			`res.redirect(301, subdir + '/ghost/signout/');`
			`});`
			`router.get(/^\/signup\/$/, function redirect(req, res) {`
			`/jslint unparam:true/`
			`res.set({'Cache-Control': 'public, max-age=' + utils.ONE_YEAR_S});`
			`res.redirect(301, subdir + '/ghost/signup/');`
			`});`

			`// redirect to /ghost and let that do the authentication to prevent redirects to /ghost//admin etc.`
			`router.get(/^\/((ghost-admin\|admin\|wp-admin\|dashboard\|signin\|login)\/?)$/, function (req, res) {`
			`/jslint unparam:true/`
			`res.redirect(subdir + '/ghost/');`
			`});`

added password protection closes #4993 - brings password protection to the frontend of blogs - adds testing for password protection - upgrades bcrypt-js to 2.1.0 2015-03-26 02:01:39 -05:00			`// password-protected frontend route`
			`router.get('/private/',`
			`middleware.isPrivateSessionAuth,`
			`frontend.private`
			`);`
			`router.post('/private/',`
			`middleware.isPrivateSessionAuth,`
			`middleware.spamProtectedPrevention,`
			`middleware.authenticateProtection,`
			`frontend.private`
			`);`

Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 00:27:12 -05:00			`// ### Frontend routes`
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance. 2014-04-11 22:46:15 -05:00			`router.get('/rss/', frontend.rss);`
			`router.get('/rss/:page/', frontend.rss);`
			`router.get('/feed/', function redirect(req, res) {`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-23 16:49:43 -05:00			`/jshint unused:true/`
Change refresh token expiry no issue - acquiring a new access token using a refresh token sets the expiration time of the refresh token to now + 24 hrs. - moved all occurrences of ONE_HOUR, ONE_DAY and ONE_YEAR to `core/server/utils` 2014-07-28 08:19:49 -05:00			`res.set({'Cache-Control': 'public, max-age=' + utils.ONE_YEAR_S});`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-23 16:49:43 -05:00			`res.redirect(301, subdir + '/rss/');`
			`});`

Author pages refs #3076 - This is a first draft implementation, just to make it work so that we can get casper working 2014-07-20 11:32:14 -05:00			`// Tags`
Add post preview via uuid (/p/:uuid) Refs #5097 - All drafts will show a preview link (this needs real css) - Published posts will redirect - prev/next post helpers only activate on published posts - Powered by ~10 pints between the two of us (@ErisDS, @novaugust) 2015-04-16 14:40:32 -05:00			`router.get('/' + routeKeywords.tag + '/:slug/rss/', frontend.rss);`
			`router.get('/' + routeKeywords.tag + '/:slug/rss/:page/', frontend.rss);`
			`router.get('/' + routeKeywords.tag + '/:slug/' + routeKeywords.page + '/:page/', frontend.tag);`
			`router.get('/' + routeKeywords.tag + '/:slug/', frontend.tag);`
Author pages refs #3076 - This is a first draft implementation, just to make it work so that we can get casper working 2014-07-20 11:32:14 -05:00
			`// Authors`
Add post preview via uuid (/p/:uuid) Refs #5097 - All drafts will show a preview link (this needs real css) - Published posts will redirect - prev/next post helpers only activate on published posts - Powered by ~10 pints between the two of us (@ErisDS, @novaugust) 2015-04-16 14:40:32 -05:00			`router.get('/' + routeKeywords.author + '/:slug/rss/', frontend.rss);`
			`router.get('/' + routeKeywords.author + '/:slug/rss/:page/', frontend.rss);`
			`router.get('/' + routeKeywords.author + '/:slug/' + routeKeywords.page + '/:page/', frontend.author);`
			`router.get('/' + routeKeywords.author + '/:slug/', frontend.author);`

			`// Post Live Preview`
			`router.get('/' + routeKeywords.preview + '/:uuid', frontend.preview);`
Author pages refs #3076 - This is a first draft implementation, just to make it work so that we can get casper working 2014-07-20 11:32:14 -05:00
			`// Default`
Add post preview via uuid (/p/:uuid) Refs #5097 - All drafts will show a preview link (this needs real css) - Published posts will redirect - prev/next post helpers only activate on published posts - Powered by ~10 pints between the two of us (@ErisDS, @novaugust) 2015-04-16 14:40:32 -05:00			`router.get('/' + routeKeywords.page + '/:page/', frontend.homepage);`
Upgrade to Express 4.0 no related issue - Updates package.json packages, adding express middleware packages that have been broken into their own modules - Updates controllers/frontend.js to use the new Layer object that Express 4.0 has. Requires some monkey-patching as the Layer object isn't explicitly surfaced, however it should be safe to do. - Moved the setup of routes into middleware/index.js because they need to be added as a middleware function before the 404 and 500 handlers. This is no longer possible with the old app.use(app.router) as that has been removed. - Cleaned up middleware/index.js to make it compatible with Express 4.0. - Simplified the way themes are activated and enabled when they are activated. The new handling is simpler, yet should still cover all the use cases that previously existed. - The entire flow of activating a theme through middleware should be a little more centralized, letting it be easier to read and maintain. - Moved every routes/*.js file to use an individual express.Router() instance. 2014-04-11 22:46:15 -05:00			`router.get('/', frontend.homepage);`
			`router.get('*', frontend.single);`

			`return router;`
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData 2014-05-08 07:41:19 -05:00			`};`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-23 16:49:43 -05:00
Add jscs task to grunt file and clean up files to adhere to jscs rules. resolves #1920 - updates all files to conform to style settings. 2014-09-09 23:06:24 -05:00			`module.exports = frontendRoutes;`