0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00

Added notImplemented middleware for integrations

refs #9865
This commit is contained in:
kirrg001 2019-01-30 13:08:35 +01:00
parent 8fd4b3f09f
commit 7d05cbba1d
2 changed files with 39 additions and 2 deletions

View file

@ -314,7 +314,8 @@
},
"api": {
"common": {
"invalidTokenStructure": "Invalid token structure"
"invalidTokenStructure": "Invalid token structure",
"notImplemented": "The server does not support the functionality required to fulfill the request."
},
"authentication": {
"setupUnableToRun": "Database missing fixture data. Please reset database and try again.",

View file

@ -1,6 +1,41 @@
const common = require('../../../../lib/common');
const auth = require('../../../../services/auth');
const shared = require('../../../shared');
const notImplemented = function (req, res, next) {
// CASE: user is logged in, allow
if (!req.api_key) {
return next();
}
// @NOTE: integrations have limited access for now
const whitelisted = {
// @NOTE: stable
posts: ['GET', 'PUT', 'DELETE', 'POST'],
tags: ['GET', 'PUT', 'DELETE', 'POST'],
uploads: ['POST'],
// @NOTE: experimental
users: ['GET'],
themes: ['POST']
};
const match = req.url.match(/^\/(\w+)\//);
if (match) {
const entity = match[1];
if (whitelisted[entity] && whitelisted[entity].includes(req.method)) {
return next();
}
}
next(new common.errors.GhostError({
errorType: 'NotImplementedError',
message: common.i18n.t('errors.api.common.notImplemented'),
statusCode: '501'
}));
};
/**
* Authentication for private endpoints
*/
@ -10,7 +45,8 @@ module.exports.authAdminApi = [
shared.middlewares.updateUserLastSeen,
shared.middlewares.api.cors,
shared.middlewares.urlRedirects.adminRedirect,
shared.middlewares.prettyUrls
shared.middlewares.prettyUrls,
notImplemented
];
/**