From 92af5b8f09d06df6e527df1bb78099cbab004dc0 Mon Sep 17 00:00:00 2001 From: Hannah Wolfe Date: Wed, 22 Apr 2020 06:41:07 +0100 Subject: [PATCH] Moved api cors mw into api app - Moved api cors from shared to api as it is not shared (except within the API) - This file is only used in one part of the app, this updates the code structure to reflect this - This is one of many similar changes needed to make it easier to refactor to the existing setup --- core/server/web/api/canary/admin/app.js | 4 ++-- core/server/web/api/canary/admin/middleware.js | 7 ++++--- core/server/web/api/canary/admin/routes.js | 3 ++- .../web/{shared/middlewares/api => api/middleware}/cors.js | 2 +- core/server/web/api/middleware/index.js | 1 + core/server/web/api/v2/admin/app.js | 4 ++-- core/server/web/api/v2/admin/middleware.js | 7 ++++--- core/server/web/api/v2/admin/routes.js | 3 ++- core/server/web/shared/middlewares/api/index.js | 4 ---- .../web/{middleware/api => api/middleware}/cors_spec.js | 4 ++-- 10 files changed, 20 insertions(+), 19 deletions(-) rename core/server/web/{shared/middlewares/api => api/middleware}/cors.js (97%) rename test/unit/web/{middleware/api => api/middleware}/cors_spec.js (95%) diff --git a/core/server/web/api/canary/admin/app.js b/core/server/web/api/canary/admin/app.js index 336bf13a93..589aac99d2 100644 --- a/core/server/web/api/canary/admin/app.js +++ b/core/server/web/api/canary/admin/app.js @@ -3,7 +3,7 @@ const boolParser = require('express-query-boolean'); const express = require('express'); const bodyParser = require('body-parser'); const shared = require('../../../shared'); -const mw = require('../../middleware'); +const apiMw = require('../../middleware'); const routes = require('./routes'); const sentry = require('../../../../sentry'); @@ -26,7 +26,7 @@ module.exports = function setupApiApp() { // Check version matches for API requests, depends on res.locals.safeVersion being set // Therefore must come after themeHandler.ghostLocals, for now - apiApp.use(mw.versionMatch); + apiApp.use(apiMw.versionMatch); // Admin API shouldn't be cached apiApp.use(shared.middlewares.cacheControl('private')); diff --git a/core/server/web/api/canary/admin/middleware.js b/core/server/web/api/canary/admin/middleware.js index 8be09f1cae..805ad30f1a 100644 --- a/core/server/web/api/canary/admin/middleware.js +++ b/core/server/web/api/canary/admin/middleware.js @@ -2,6 +2,7 @@ const errors = require('@tryghost/errors'); const {i18n} = require('../../../../lib/common'); const auth = require('../../../../services/auth'); const shared = require('../../../shared'); +const apiMw = require('../../middleware'); const notImplemented = function (req, res, next) { // CASE: user is logged in, allow @@ -53,7 +54,7 @@ module.exports.authAdminApi = [ auth.authenticate.authenticateAdminApi, auth.authorize.authorizeAdminApi, shared.middlewares.updateUserLastSeen, - shared.middlewares.api.cors, + apiMw.cors, shared.middlewares.urlRedirects.adminRedirect, shared.middlewares.prettyUrls, notImplemented @@ -67,7 +68,7 @@ module.exports.authAdminApiWithUrl = [ auth.authenticate.authenticateAdminApiWithUrl, auth.authorize.authorizeAdminApi, shared.middlewares.updateUserLastSeen, - shared.middlewares.api.cors, + apiMw.cors, shared.middlewares.urlRedirects.adminRedirect, shared.middlewares.prettyUrls, notImplemented @@ -77,7 +78,7 @@ module.exports.authAdminApiWithUrl = [ * Middleware for public admin endpoints */ module.exports.publicAdminApi = [ - shared.middlewares.api.cors, + apiMw.cors, shared.middlewares.urlRedirects.adminRedirect, shared.middlewares.prettyUrls, notImplemented diff --git a/core/server/web/api/canary/admin/routes.js b/core/server/web/api/canary/admin/routes.js index 86dcce1988..2236ba8eb8 100644 --- a/core/server/web/api/canary/admin/routes.js +++ b/core/server/web/api/canary/admin/routes.js @@ -1,5 +1,6 @@ const express = require('express'); const apiCanary = require('../../../../api/canary'); +const apiMw = require('../../middleware'); const mw = require('./middleware'); const shared = require('../../../shared'); @@ -13,7 +14,7 @@ module.exports = function apiRoutes() { // alias delete with del router.del = router.delete; - router.use(shared.middlewares.api.cors); + router.use(apiMw.cors); const http = apiCanary.http; diff --git a/core/server/web/shared/middlewares/api/cors.js b/core/server/web/api/middleware/cors.js similarity index 97% rename from core/server/web/shared/middlewares/api/cors.js rename to core/server/web/api/middleware/cors.js index f9f509cccf..615551c72f 100644 --- a/core/server/web/shared/middlewares/api/cors.js +++ b/core/server/web/api/middleware/cors.js @@ -1,7 +1,7 @@ const cors = require('cors'); const url = require('url'); const os = require('os'); -const urlUtils = require('../../../../lib/url-utils'); +const urlUtils = require('../../../lib/url-utils'); let whitelist = []; const ENABLE_CORS = {origin: true, maxAge: 86400}; diff --git a/core/server/web/api/middleware/index.js b/core/server/web/api/middleware/index.js index 1e39a1de7f..5b82f6454b 100644 --- a/core/server/web/api/middleware/index.js +++ b/core/server/web/api/middleware/index.js @@ -1,3 +1,4 @@ module.exports = { + cors: require('./cors'), versionMatch: require('./version-match') }; diff --git a/core/server/web/api/v2/admin/app.js b/core/server/web/api/v2/admin/app.js index ef12ab58ed..d4b611e02a 100644 --- a/core/server/web/api/v2/admin/app.js +++ b/core/server/web/api/v2/admin/app.js @@ -3,7 +3,7 @@ const boolParser = require('express-query-boolean'); const express = require('express'); const bodyParser = require('body-parser'); const shared = require('../../../shared'); -const mw = require('../../middleware'); +const apiMw = require('../../middleware'); const routes = require('./routes'); const sentry = require('../../../../sentry'); @@ -26,7 +26,7 @@ module.exports = function setupApiApp() { // Check version matches for API requests, depends on res.locals.safeVersion being set // Therefore must come after themeHandler.ghostLocals, for now - apiApp.use(mw.versionMatch); + apiApp.use(apiMw.versionMatch); // Admin API shouldn't be cached apiApp.use(shared.middlewares.cacheControl('private')); diff --git a/core/server/web/api/v2/admin/middleware.js b/core/server/web/api/v2/admin/middleware.js index 07806359ea..66eea169b2 100644 --- a/core/server/web/api/v2/admin/middleware.js +++ b/core/server/web/api/v2/admin/middleware.js @@ -2,6 +2,7 @@ const errors = require('@tryghost/errors'); const {i18n} = require('../../../../lib/common'); const auth = require('../../../../services/auth'); const shared = require('../../../shared'); +const apiMw = require('../../middleware'); const notImplemented = function (req, res, next) { // CASE: user is logged in, allow @@ -50,7 +51,7 @@ module.exports.authAdminApi = [ auth.authenticate.authenticateAdminApi, auth.authorize.authorizeAdminApi, shared.middlewares.updateUserLastSeen, - shared.middlewares.api.cors, + apiMw.cors, shared.middlewares.urlRedirects.adminRedirect, shared.middlewares.prettyUrls, notImplemented @@ -64,7 +65,7 @@ module.exports.authAdminApiWithUrl = [ auth.authenticate.authenticateAdminApiWithUrl, auth.authorize.authorizeAdminApi, shared.middlewares.updateUserLastSeen, - shared.middlewares.api.cors, + apiMw.cors, shared.middlewares.urlRedirects.adminRedirect, shared.middlewares.prettyUrls, notImplemented @@ -74,7 +75,7 @@ module.exports.authAdminApiWithUrl = [ * Middleware for public admin endpoints */ module.exports.publicAdminApi = [ - shared.middlewares.api.cors, + apiMw.cors, shared.middlewares.urlRedirects.adminRedirect, shared.middlewares.prettyUrls, notImplemented diff --git a/core/server/web/api/v2/admin/routes.js b/core/server/web/api/v2/admin/routes.js index 2eedc3cd0c..d6d37f17b9 100644 --- a/core/server/web/api/v2/admin/routes.js +++ b/core/server/web/api/v2/admin/routes.js @@ -1,6 +1,7 @@ const express = require('express'); const apiv2 = require('../../../../api/v2'); const mw = require('./middleware'); +const apiMw = require('../../middleware'); const shared = require('../../../shared'); @@ -13,7 +14,7 @@ module.exports = function apiRoutes() { // alias delete with del router.del = router.delete; - router.use(shared.middlewares.api.cors); + router.use(apiMw.cors); const http = apiv2.http; diff --git a/core/server/web/shared/middlewares/api/index.js b/core/server/web/shared/middlewares/api/index.js index 7a1362e72d..f890dfcdc9 100644 --- a/core/server/web/shared/middlewares/api/index.js +++ b/core/server/web/shared/middlewares/api/index.js @@ -1,8 +1,4 @@ module.exports = { - get cors() { - return require('./cors'); - }, - get spamPrevention() { return require('./spam-prevention'); } diff --git a/test/unit/web/middleware/api/cors_spec.js b/test/unit/web/api/middleware/cors_spec.js similarity index 95% rename from test/unit/web/middleware/api/cors_spec.js rename to test/unit/web/api/middleware/cors_spec.js index dcb54aeac4..b1dc184729 100644 --- a/test/unit/web/middleware/api/cors_spec.js +++ b/test/unit/web/api/middleware/cors_spec.js @@ -2,7 +2,7 @@ var should = require('should'), sinon = require('sinon'), rewire = require('rewire'), urlUtils = require('../../../../utils/urlUtils'), - cors = rewire('../../../../../core/server/web/shared/middlewares/api/cors'); + cors = rewire('../../../../../core/server/web/api/middleware/cors'); describe('cors', function () { var res, req, next; @@ -29,7 +29,7 @@ describe('cors', function () { afterEach(function () { sinon.restore(); - cors = rewire('../../../../../core/server/web/shared/middlewares/api/cors'); + cors = rewire('../../../../../core/server/web/api/middleware/cors'); }); it('should not be enabled without a request origin header', function (done) {