From 2e922808e8b3857e42c7c59b8c7260591c4437c2 Mon Sep 17 00:00:00 2001
From: Fabien O'Carroll <fabien@allou.is>
Date: Wed, 7 Nov 2018 17:29:40 +0700
Subject: [PATCH] =?UTF-8?q?=E2=99=BB=20Updated=20naming=20for=20Content=20?=
 =?UTF-8?q?API=20specific=20middleware?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

no-issue

This is because the Content API will eventually be accessed not just
from Content API keys. The addition of a Content API specific
authorization middleware is because:
1. content api should not authorize based on req.user
2. content api will need separate authorization than admin api
---
 core/server/services/auth/authenticate.js    |  2 +-
 core/server/services/auth/authorize.js       | 10 +++++++++-
 core/server/web/api/v2/content/middleware.js |  4 ++--
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/core/server/services/auth/authenticate.js b/core/server/services/auth/authenticate.js
index 567abb416c..f14430d639 100644
--- a/core/server/services/auth/authenticate.js
+++ b/core/server/services/auth/authenticate.js
@@ -103,7 +103,7 @@ const authenticate = {
 
     // ### v2 API auth middleware
     authenticateAdminAPI: [session.safeGetSession, session.getUser],
-    authenticateContentApiKey: apiKeyAuth.content.authenticateContentApiKey
+    authenticateContentApi: apiKeyAuth.content.authenticateContentApiKey
 };
 
 module.exports = authenticate;
diff --git a/core/server/services/auth/authorize.js b/core/server/services/auth/authorize.js
index 8b4420054f..6f5737049e 100644
--- a/core/server/services/auth/authorize.js
+++ b/core/server/services/auth/authorize.js
@@ -38,7 +38,15 @@ const authorize = {
     },
 
     authorizeAdminAPI: [session.ensureUser],
-    // used by API v2 endpoints
+    authorizeContentApi(req, res, next) {
+        const hasApiKey = req.api_key && req.api_key.id;
+        if (hasApiKey) {
+            return next();
+        } else {
+            return next(new common.errors.NoPermissionError({message: common.i18n.t('errors.middleware.auth.pleaseSignInOrAuthenticate')}));
+        }
+    },
+
     requiresAuthorizedUserOrApiKey(req, res, next) {
         const hasUser = req.user && req.user.id;
         const hasApiKey = req.api_key && req.api_key.id;
diff --git a/core/server/web/api/v2/content/middleware.js b/core/server/web/api/v2/content/middleware.js
index 600392f1ea..63d277789f 100644
--- a/core/server/web/api/v2/content/middleware.js
+++ b/core/server/web/api/v2/content/middleware.js
@@ -14,8 +14,8 @@ const shared = require('../../../shared');
  * Authentication for public endpoints
  */
 module.exports.authenticatePublic = [
-    auth.authenticate.authenticateContentApiKey,
-    auth.authorize.requiresAuthorizedUserOrApiKey,
+    auth.authenticate.authenticateContentApi,
+    auth.authorize.authorizeContentApi,
     cors(),
     shared.middlewares.urlRedirects.adminRedirect,
     shared.middlewares.prettyUrls