Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00
Code Issues Activity

Added precondition for Stripe Connect Admin API

Browse source 
refs https://github.com/TryGhost/Team/issues/598

Stripe Webhooks require SSL in production, and so we should not be
allowing connecting to Stripe in production mode unless the site is
running with SSL.
This commit is contained in:
Fabien O'Carroll 2021-05-13 11:06:54 +01:00
parent b668d6fc9c
commit 17a2083c05
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
core/server/api/canary/membersStripeConnect.js
View file

@ -1,4 +1,7 @@
const membersService = require('../../services/members');
const config = require('../../../shared/config');
const urlUtils = require('../../../shared/url-utils');
const {BadRequestError} = require('@tryghost/errors');
module.exports = {
docName: 'members_stripe_connect',
@ -15,6 +18,13 @@ module.exports = {
}
},
query(frame) {
const siteUrl = urlUtils.getSiteUrl();
const productionMode = config.get('env') === 'production';
const siteUrlUsingSSL = /^https/.test(siteUrl);
const cannotConnectToStripe = productionMode && !siteUrlUsingSSL;
if (cannotConnectToStripe) {
throw new BadRequestError('Cannot connect to stripe unless site is using https://');
}
// This is something you have to do if you want to use the "framework" with access to the raw req/res
frame.response = async function (req, res) {
function setSessionProp(prop, val) {