mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-06 22:40:14 -05:00
Respect subdirectory in authenticate middleware
This commit is contained in:
parent
f273e17e08
commit
b410f5833b
2 changed files with 11 additions and 10 deletions
|
@ -272,8 +272,8 @@ module.exports = function (server, dbHash) {
|
||||||
|
|
||||||
// ### Caching
|
// ### Caching
|
||||||
expressServer.use(middleware.cacheControl('public'));
|
expressServer.use(middleware.cacheControl('public'));
|
||||||
expressServer.use('/api/', middleware.cacheControl('private'));
|
expressServer.use(subdir + '/api/', middleware.cacheControl('private'));
|
||||||
expressServer.use('/ghost/', middleware.cacheControl('private'));
|
expressServer.use(subdir + '/ghost/', middleware.cacheControl('private'));
|
||||||
|
|
||||||
// enable authentication; has to be done before CSRF handling
|
// enable authentication; has to be done before CSRF handling
|
||||||
expressServer.use(middleware.authenticate);
|
expressServer.use(middleware.authenticate);
|
||||||
|
|
|
@ -29,17 +29,17 @@ var middleware = {
|
||||||
// exceptions for signin, signout, signup, forgotten, reset only
|
// exceptions for signin, signout, signup, forgotten, reset only
|
||||||
// api and frontend use different authentication mechanisms atm
|
// api and frontend use different authentication mechanisms atm
|
||||||
authenticate: function (req, res, next) {
|
authenticate: function (req, res, next) {
|
||||||
if (res.isAdmin) {
|
var subPath = req.path.substring(config().paths.subdir.length),
|
||||||
if (req.path.indexOf("/ghost/api/") === 0) {
|
noAuthNeeded = [
|
||||||
return middleware.authAPI(req, res, next);
|
|
||||||
}
|
|
||||||
|
|
||||||
var noAuthNeeded = [
|
|
||||||
'/ghost/signin/', '/ghost/signout/', '/ghost/signup/',
|
'/ghost/signin/', '/ghost/signout/', '/ghost/signup/',
|
||||||
'/ghost/forgotten/', '/ghost/reset/'
|
'/ghost/forgotten/', '/ghost/reset/'
|
||||||
];
|
];
|
||||||
|
if (res.isAdmin) {
|
||||||
|
if (subPath.indexOf('/ghost/api/') === 0) {
|
||||||
|
return middleware.authAPI(req, res, next);
|
||||||
|
}
|
||||||
|
|
||||||
if (noAuthNeeded.indexOf(req.path) < 0) {
|
if (noAuthNeeded.indexOf(subPath) < 0) {
|
||||||
return middleware.auth(req, res, next);
|
return middleware.auth(req, res, next);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -51,7 +51,8 @@ var middleware = {
|
||||||
// We strip /ghost/ out of the redirect parameter for neatness
|
// We strip /ghost/ out of the redirect parameter for neatness
|
||||||
auth: function (req, res, next) {
|
auth: function (req, res, next) {
|
||||||
if (!req.session.user) {
|
if (!req.session.user) {
|
||||||
var reqPath = req.path.replace(/^\/ghost\/?/gi, ''),
|
var subPath = req.path.substring(config().paths.subdir.length),
|
||||||
|
reqPath = subPath.replace(/^\/ghost\/?/gi, ''),
|
||||||
redirect = '',
|
redirect = '',
|
||||||
msg;
|
msg;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue