0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00

Extracted scheduling token generation into separate module

refs https://github.com/TryGhost/Team/issues/694

- This is a tiny step towards more decoupled scheduler's code organization
This commit is contained in:
Naz 2021-05-24 14:55:38 +04:00
parent 2000c3c156
commit 33696b8244
2 changed files with 40 additions and 36 deletions

View file

@ -1,12 +1,12 @@
const Promise = require('bluebird'); const Promise = require('bluebird');
const moment = require('moment'); const moment = require('moment');
const jwt = require('jsonwebtoken');
const localUtils = require('../utils'); const localUtils = require('../utils');
const events = require('../../../lib/common/events'); const events = require('../../../lib/common/events');
const i18n = require('../../../../shared/i18n'); const i18n = require('../../../../shared/i18n');
const errors = require('@tryghost/errors'); const errors = require('@tryghost/errors');
const models = require('../../../models'); const models = require('../../../models');
const urlUtils = require('../../../../shared/url-utils'); const urlUtils = require('../../../../shared/url-utils');
const getSignedAdminToken = require('./scheduling-auth-token');
const _private = {}; const _private = {};
const SCHEDULED_RESOURCES = ['post', 'page']; const SCHEDULED_RESOURCES = ['post', 'page'];
@ -29,40 +29,6 @@ _private.getSchedulerIntegration = function () {
}); });
}; };
/**
* @description Get signed admin token for making authenticated scheduling requests
*
* @return {Promise}
*/
_private.getSignedAdminToken = function ({publishedAt, apiUrl, integration}) {
let key = integration.api_keys[0];
const JWT_OPTIONS = {
keyid: key.id,
algorithm: 'HS256',
audience: apiUrl,
noTimestamp: true
};
// Default token expiry is till 6 hours after scheduled time
// or if published_at is in past then till 6 hours after blog start
// to allow for retries in case of network issues
// and never before 10 mins to publish time
let tokenExpiry = moment(publishedAt).add(6, 'h');
if (tokenExpiry.isBefore(moment())) {
tokenExpiry = moment().add(6, 'h');
}
return jwt.sign(
{
exp: tokenExpiry.unix(),
nbf: moment(publishedAt).subtract(10, 'm').unix()
},
Buffer.from(key.secret, 'hex'),
JWT_OPTIONS
);
};
/** /**
* @description Normalize model data into scheduler notation. * @description Normalize model data into scheduler notation.
* @param {Object} options * @param {Object} options
@ -71,7 +37,7 @@ _private.getSignedAdminToken = function ({publishedAt, apiUrl, integration}) {
_private.normalize = function normalize({model, apiUrl, resourceType, integration}, event = '') { _private.normalize = function normalize({model, apiUrl, resourceType, integration}, event = '') {
const resource = `${resourceType}s`; const resource = `${resourceType}s`;
let publishedAt = (event === 'unscheduled') ? model.previous('published_at') : model.get('published_at'); let publishedAt = (event === 'unscheduled') ? model.previous('published_at') : model.get('published_at');
const signedAdminToken = _private.getSignedAdminToken({publishedAt, apiUrl, integration}); const signedAdminToken = getSignedAdminToken({publishedAt, apiUrl, integration});
let url = `${urlUtils.urlJoin(apiUrl, 'schedules', resource, model.get('id'))}/?token=${signedAdminToken}`; let url = `${urlUtils.urlJoin(apiUrl, 'schedules', resource, model.get('id'))}/?token=${signedAdminToken}`;
return { return {
// NOTE: The scheduler expects a unix timestamp. // NOTE: The scheduler expects a unix timestamp.

View file

@ -0,0 +1,38 @@
const moment = require('moment');
const jwt = require('jsonwebtoken');
/**
* @description Get signed admin token for making authenticated scheduling requests
*
* @return {Promise}
*/
const getSignedAdminToken = function ({publishedAt, apiUrl, integration}) {
let key = integration.api_keys[0];
const JWT_OPTIONS = {
keyid: key.id,
algorithm: 'HS256',
audience: apiUrl,
noTimestamp: true
};
// Default token expiry is till 6 hours after scheduled time
// or if published_at is in past then till 6 hours after blog start
// to allow for retries in case of network issues
// and never before 10 mins to publish time
let tokenExpiry = moment(publishedAt).add(6, 'h');
if (tokenExpiry.isBefore(moment())) {
tokenExpiry = moment().add(6, 'h');
}
return jwt.sign(
{
exp: tokenExpiry.unix(),
nbf: moment(publishedAt).subtract(10, 'm').unix()
},
Buffer.from(key.secret, 'hex'),
JWT_OPTIONS
);
};
module.exports = getSignedAdminToken;