From a1f27151352f5b88244147980bd1365fa9b06d3b Mon Sep 17 00:00:00 2001 From: Hannah Wolfe Date: Thu, 30 Apr 2020 16:51:04 +0100 Subject: [PATCH] Moved members app mount to parent app - Clarify that the parent app has 2 distinct parts: backend and frontend - Frontend app takes members and site apps + the frontend SSL redirect middleware - Backend app already has admin + API (and the SSL redirect needs significant work) - There's a lot more to do here, but this increases clarity --- core/server/web/parent/app.js | 17 ++++++++++++++--- core/server/web/site/app.js | 6 ------ 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/core/server/web/parent/app.js b/core/server/web/parent/app.js index c881a1068d..14ba55edd2 100644 --- a/core/server/web/parent/app.js +++ b/core/server/web/parent/app.js @@ -7,6 +7,7 @@ const netjet = require('netjet'); const mw = require('./middleware'); const escapeRegExp = require('lodash.escaperegexp'); const {URL} = require('url'); +const shared = require('../shared'); module.exports = function setupParentApp(options = {}) { debug('ParentApp setup start'); @@ -37,11 +38,11 @@ module.exports = function setupParentApp(options = {}) { parentApp.use(mw.ghostLocals); // Mount the express apps on the parentApp - const backendHost = config.get('admin:url') ? (new URL(config.get('admin:url')).hostname) : ''; const frontendHost = new URL(config.get('url')).hostname; const hasSeparateBackendHost = backendHost && backendHost !== frontendHost; + // BACKEND // Wrap the admin and API apps into a single express app for use with vhost const backendApp = express(); backendApp.use('/ghost/api', require('../api')()); @@ -53,12 +54,22 @@ module.exports = function setupParentApp(options = {}) { const backendVhostArg = hasSeparateBackendHost && backendHost ? backendHost : /.*/; parentApp.use(vhost(backendVhostArg, backendApp)); - // BLOG + // FRONTEND + const frontendApp = express(); + + // Force SSL if blog url is set to https. The redirects handling must happen before asset and page routing, + // otherwise we serve assets/pages with http. This can cause mixed content warnings in the admin client. + frontendApp.use(shared.middlewares.urlRedirects.frontendSSLRedirect); + + frontendApp.use('/members', require('../members')()); + frontendApp.use('/', require('../site')(options)); + + // SITE + MEMBERS // with a separate admin url we adjust the frontend vhost to exclude requests to that host, otherwise serve on all hosts const frontendVhostArg = (hasSeparateBackendHost && backendHost) ? new RegExp(`^(?!${escapeRegExp(backendHost)}).*`) : /.*/; - parentApp.use(vhost(frontendVhostArg, require('../site')(options))); + parentApp.use(vhost(frontendVhostArg, frontendApp)); debug('ParentApp setup end'); diff --git a/core/server/web/site/app.js b/core/server/web/site/app.js index 1c862ebe9d..96469b4050 100644 --- a/core/server/web/site/app.js +++ b/core/server/web/site/app.js @@ -91,10 +91,6 @@ module.exports = function setupSiteApp(options = {}) { // (Optionally) redirect any requests to /ghost to the admin panel siteApp.use(mw.redirectGhostToAdmin()); - // force SSL if blog url is set to https. The redirects handling must happen before asset and page routing, - // otherwise we serve assets/pages with http. This can cause mixed content warnings in the admin client. - siteApp.use(shared.middlewares.urlRedirects.frontendSSLRedirect); - // Static content/assets // @TODO make sure all of these have a local 404 error handler // Favicon @@ -129,8 +125,6 @@ module.exports = function setupSiteApp(options = {}) { themeService.loadCoreHelpers(); debug('Helpers done'); - siteApp.use('/members', require('../members')()); - // Global handling for member session, ensures a member is logged in to the frontend siteApp.use(membersMiddleware.loadMemberSession);