2013-11-25 20:31:18 +00:00
|
|
|
// # Custom Middleware
|
|
|
|
// The following custom middleware functions cannot yet be unit tested, and as such are kept separate from
|
|
|
|
// the testable custom middleware functions in middleware.js
|
|
|
|
|
2013-11-12 01:03:25 -05:00
|
|
|
var middleware = require('./middleware'),
|
|
|
|
express = require('express'),
|
|
|
|
_ = require('underscore'),
|
|
|
|
slashes = require('connect-slashes'),
|
|
|
|
errors = require('../errorHandling'),
|
|
|
|
api = require('../api'),
|
|
|
|
path = require('path'),
|
|
|
|
hbs = require('express-hbs'),
|
|
|
|
Ghost = require('../../ghost'),
|
2013-11-20 08:58:52 -05:00
|
|
|
config = require('../config'),
|
2013-11-12 01:03:25 -05:00
|
|
|
storage = require('../storage'),
|
|
|
|
packageInfo = require('../../../package.json'),
|
2013-11-25 22:22:59 -05:00
|
|
|
BSStore = require('../bookshelf-session'),
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
ghost = new Ghost();
|
|
|
|
|
|
|
|
// ##Custom Middleware
|
|
|
|
|
|
|
|
// ### GhostLocals Middleware
|
|
|
|
// Expose the standard locals that every external page should have available,
|
|
|
|
// separating between the theme and the admin
|
|
|
|
function ghostLocals(req, res, next) {
|
|
|
|
// Make sure we have a locals value.
|
|
|
|
res.locals = res.locals || {};
|
|
|
|
res.locals.version = packageInfo.version;
|
|
|
|
res.locals.path = req.path;
|
2013-11-25 06:15:04 +00:00
|
|
|
// Strip off the subdir part of the path
|
|
|
|
res.locals.ghostRoot = req.path.replace(ghost.blogGlobals().path.replace(/\/$/, ''), '');
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
if (res.isAdmin) {
|
2013-11-26 10:38:54 +01:00
|
|
|
res.locals.csrfToken = req.csrfToken();
|
2013-11-12 01:03:25 -05:00
|
|
|
api.users.read({id: req.session.user}).then(function (currentUser) {
|
|
|
|
_.extend(res.locals, {
|
|
|
|
currentUser: {
|
|
|
|
name: currentUser.name,
|
|
|
|
email: currentUser.email,
|
|
|
|
image: currentUser.image
|
|
|
|
},
|
|
|
|
messages: ghost.notifications
|
|
|
|
});
|
|
|
|
next();
|
|
|
|
}).otherwise(function () {
|
|
|
|
// Only show passive notifications
|
|
|
|
_.extend(res.locals, {
|
|
|
|
messages: _.reject(ghost.notifications, function (notification) {
|
|
|
|
return notification.status !== 'passive';
|
|
|
|
})
|
|
|
|
});
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// ### InitViews Middleware
|
|
|
|
// Initialise Theme or Admin Views
|
|
|
|
function initViews(req, res, next) {
|
|
|
|
/*jslint unparam:true*/
|
|
|
|
var hbsOptions;
|
|
|
|
|
|
|
|
if (!res.isAdmin) {
|
|
|
|
// self.globals is a hack til we have a better way of getting combined settings & config
|
|
|
|
hbsOptions = {templateOptions: {data: {blog: ghost.blogGlobals()}}};
|
|
|
|
|
2013-11-20 08:58:52 -05:00
|
|
|
if (config.paths().availableThemes[ghost.settings('activeTheme')].hasOwnProperty('partials')) {
|
2013-11-12 01:03:25 -05:00
|
|
|
// Check that the theme has a partials directory before trying to use it
|
2013-11-20 08:58:52 -05:00
|
|
|
hbsOptions.partialsDir = path.join(config.paths().activeTheme, 'partials');
|
2013-11-12 01:03:25 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
ghost.server.engine('hbs', hbs.express3(hbsOptions));
|
2013-11-20 08:58:52 -05:00
|
|
|
ghost.server.set('views', config.paths().activeTheme);
|
2013-11-12 01:03:25 -05:00
|
|
|
} else {
|
2013-11-20 08:58:52 -05:00
|
|
|
ghost.server.engine('hbs', hbs.express3({partialsDir: config.paths().adminViews + 'partials'}));
|
|
|
|
ghost.server.set('views', config.paths().adminViews);
|
2013-11-12 01:03:25 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
|
|
|
|
// ### Activate Theme
|
|
|
|
// Helper for manageAdminAndTheme
|
|
|
|
function activateTheme() {
|
|
|
|
var stackLocation = _.indexOf(ghost.server.stack, _.find(ghost.server.stack, function (stackItem) {
|
|
|
|
return stackItem.route === '' && stackItem.handle.name === 'settingEnabled';
|
|
|
|
}));
|
|
|
|
|
2013-11-28 16:10:34 +00:00
|
|
|
// Tell the paths to update
|
|
|
|
config.paths.setActiveTheme(ghost);
|
|
|
|
|
2013-11-12 01:03:25 -05:00
|
|
|
// clear the view cache
|
|
|
|
ghost.server.cache = {};
|
|
|
|
ghost.server.disable(ghost.server.get('activeTheme'));
|
|
|
|
ghost.server.set('activeTheme', ghost.settings('activeTheme'));
|
|
|
|
ghost.server.enable(ghost.server.get('activeTheme'));
|
|
|
|
if (stackLocation) {
|
2013-11-20 08:58:52 -05:00
|
|
|
ghost.server.stack[stackLocation].handle = middleware.whenEnabled(ghost.server.get('activeTheme'), middleware.staticTheme());
|
2013-11-12 01:03:25 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// Update user error template
|
|
|
|
errors.updateActiveTheme(ghost.settings('activeTheme'));
|
|
|
|
}
|
|
|
|
|
|
|
|
// ### ManageAdminAndTheme Middleware
|
|
|
|
// Uses the URL to detect whether this response should be an admin response
|
|
|
|
// This is used to ensure the right content is served, and is not for security purposes
|
|
|
|
function manageAdminAndTheme(req, res, next) {
|
|
|
|
// TODO improve this regex
|
2013-11-17 18:40:26 +00:00
|
|
|
if (ghost.blogGlobals().path === '/') {
|
|
|
|
res.isAdmin = /(^\/ghost\/)/.test(req.url);
|
|
|
|
} else {
|
|
|
|
res.isAdmin = new RegExp("^\\" + ghost.blogGlobals().path + "\\/ghost\\/").test(req.url);
|
|
|
|
}
|
|
|
|
|
2013-11-12 01:03:25 -05:00
|
|
|
if (res.isAdmin) {
|
|
|
|
ghost.server.enable('admin');
|
|
|
|
ghost.server.disable(ghost.server.get('activeTheme'));
|
|
|
|
} else {
|
|
|
|
ghost.server.enable(ghost.server.get('activeTheme'));
|
|
|
|
ghost.server.disable('admin');
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if the theme changed
|
|
|
|
if (ghost.settings('activeTheme') !== ghost.server.get('activeTheme')) {
|
|
|
|
// Change theme
|
2013-11-20 08:58:52 -05:00
|
|
|
if (!config.paths().availableThemes.hasOwnProperty(ghost.settings('activeTheme'))) {
|
2013-11-12 01:03:25 -05:00
|
|
|
if (!res.isAdmin) {
|
|
|
|
// Throw an error if the theme is not available, but not on the admin UI
|
|
|
|
errors.logAndThrowError('The currently active theme ' + ghost.settings('activeTheme') + ' is missing.');
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
activateTheme();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
|
|
|
|
module.exports = function (server) {
|
|
|
|
var oneYear = 31536000000,
|
2013-11-17 18:40:26 +00:00
|
|
|
root = ghost.blogGlobals().path === '/' ? '' : ghost.blogGlobals().path,
|
2013-11-20 08:58:52 -05:00
|
|
|
corePath = path.join(config.paths().appRoot, 'core');
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
// Logging configuration
|
|
|
|
if (server.get('env') !== 'development') {
|
|
|
|
server.use(express.logger());
|
|
|
|
} else {
|
|
|
|
server.use(express.logger('dev'));
|
|
|
|
}
|
|
|
|
|
|
|
|
// Favicon
|
2013-11-17 18:40:26 +00:00
|
|
|
server.use(root, express.favicon(corePath + '/shared/favicon.ico'));
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
// Shared static config
|
2013-11-17 18:40:26 +00:00
|
|
|
server.use(root + '/shared', express['static'](path.join(corePath, '/shared')));
|
2013-11-12 01:03:25 -05:00
|
|
|
|
2013-11-17 18:40:26 +00:00
|
|
|
server.use(root + '/content/images', storage.get_storage().serve());
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
// Serve our built scripts; can't use /scripts here because themes already are
|
2013-11-17 18:40:26 +00:00
|
|
|
server.use(root + '/built/scripts', express['static'](path.join(corePath, '/built/scripts'), {
|
2013-11-12 01:03:25 -05:00
|
|
|
// Put a maxAge of one year on built scripts
|
|
|
|
maxAge: oneYear
|
|
|
|
}));
|
|
|
|
|
|
|
|
// First determine whether we're serving admin or theme content
|
|
|
|
server.use(manageAdminAndTheme);
|
|
|
|
|
|
|
|
// Admin only config
|
2013-11-17 18:40:26 +00:00
|
|
|
server.use(root + '/ghost', middleware.whenEnabled('admin', express['static'](path.join(corePath, '/client/assets'))));
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
// Theme only config
|
2013-11-20 08:58:52 -05:00
|
|
|
server.use(middleware.whenEnabled(server.get('activeTheme'), middleware.staticTheme()));
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
// Add in all trailing slashes
|
|
|
|
server.use(slashes());
|
|
|
|
|
|
|
|
server.use(express.json());
|
|
|
|
server.use(express.urlencoded());
|
2013-11-17 18:40:26 +00:00
|
|
|
|
|
|
|
server.use(root + '/ghost/upload/', express.multipart());
|
|
|
|
server.use(root + '/ghost/upload/', express.multipart({uploadDir: __dirname + '/content/images'}));
|
|
|
|
server.use(root + '/ghost/api/v0.1/db/', express.multipart());
|
2013-11-24 15:29:36 +01:00
|
|
|
|
|
|
|
// Session handling
|
|
|
|
server.use(express.cookieParser());
|
|
|
|
server.use(express.session({
|
|
|
|
store: new BSStore(ghost.dataProvider),
|
|
|
|
secret: ghost.dbHash,
|
2013-11-27 02:00:55 +00:00
|
|
|
cookie: { path: root + '/ghost', maxAge: 12 * 60 * 60 * 1000 }
|
2013-11-24 15:29:36 +01:00
|
|
|
}));
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
//enable express csrf protection
|
2013-11-26 10:38:54 +01:00
|
|
|
server.use(middleware.conditionalCSRF);
|
2013-11-12 01:03:25 -05:00
|
|
|
// local data
|
|
|
|
server.use(ghostLocals);
|
|
|
|
// So on every request we actually clean out reduntant passive notifications from the server side
|
|
|
|
server.use(middleware.cleanNotifications);
|
|
|
|
|
|
|
|
// Initialise the views
|
|
|
|
server.use(initViews);
|
|
|
|
|
|
|
|
// process the application routes
|
2013-11-17 18:40:26 +00:00
|
|
|
server.use(root, server.router);
|
2013-11-12 01:03:25 -05:00
|
|
|
|
|
|
|
// ### Error handling
|
|
|
|
// 404 Handler
|
|
|
|
server.use(errors.error404);
|
|
|
|
|
|
|
|
// 500 Handler
|
|
|
|
server.use(errors.error500);
|
|
|
|
};
|
|
|
|
|
|
|
|
// Export middleware functions directly
|
2013-11-17 18:40:26 +00:00
|
|
|
module.exports.middleware = middleware;
|