Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00
Code Issues Activity

Refactored api key auth to use async/await syntax

Browse source 
https://github.com/TryGhost/Team/issues/599

- Before introducing limit checks into this codebase rewrote the code to use async/await for more clarity and less nesting
This commit is contained in:
Naz 2021-04-07 16:52:26 +12:00
parent 42a3197f6d
commit b677927322
2 changed files with 20 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
core/server/services/auth/api-key/admin.js
View file

@ -78,7 +78,7 @@ const authenticateWithUrl = (req, res, next) => {
* - the "Audience" claim should match the requested API path
* https://tools.ietf.org/html/rfc7519#section-4.1.3
*/
const authenticateWithToken = (req, res, next, {token, JWT_OPTIONS}) => {
const authenticateWithToken = async (req, res, next, {token, JWT_OPTIONS}) => {
const decoded = jwt.decode(token, {complete: true});
if (!decoded || !decoded.header) {
@ -97,7 +97,9 @@ const authenticateWithToken = (req, res, next, {token, JWT_OPTIONS}) => {
}));
}
models.ApiKey.findOne({id: apiKeyId}).then((apiKey) => {
try {
const apiKey = await models.ApiKey.findOne({id: apiKeyId});
if (!apiKey) {
return next(new errors.UnauthorizedError({
message: i18n.t('errors.middleware.auth.unknownAdminApiKey'),
@ -145,21 +147,23 @@ const authenticateWithToken = (req, res, next, {token, JWT_OPTIONS}) => {
if (apiKey.get('user_id')) {
// fetch the user and store it on the request for later checks and logging
return models.User.findOne(
const user = await models.User.findOne(
{id: apiKey.get('user_id'), status: 'active'},
{require: true}
).then((user) => {
req.user = user;
next();
});
);
req.user = user;
next();
}
// store the api key on the request for later checks and logging
req.api_key = apiKey;
next();
}).catch((err) => {
} catch (err) {
next(new errors.InternalServerError({err}));
});
}
};
module.exports = {

11
core/server/services/auth/api-key/content.js
View file

@ -2,7 +2,7 @@ const models = require('../../../models');
const errors = require('@tryghost/errors');
const {i18n} = require('../../../lib/common');
const authenticateContentApiKey = function authenticateContentApiKey(req, res, next) {
const authenticateContentApiKey = async function authenticateContentApiKey(req, res, next) {
// allow fallthrough to other auth methods or final ensureAuthenticated check
if (!req.query || !req.query.key) {
return next();
@ -17,7 +17,9 @@ const authenticateContentApiKey = function authenticateContentApiKey(req, res, n
let key = req.query.key;
models.ApiKey.findOne({secret: key}).then((apiKey) => {
try {
const apiKey = await models.ApiKey.findOne({secret: key});
if (!apiKey) {
return next(new errors.UnauthorizedError({
message: i18n.t('errors.middleware.auth.unknownContentApiKey'),
@ -34,10 +36,11 @@ const authenticateContentApiKey = function authenticateContentApiKey(req, res, n
// authenticated OK, store the api key on the request for later checks and logging
req.api_key = apiKey;
next();
}).catch((err) => {
} catch (err) {
next(new errors.InternalServerError({err}));
});
}
};
module.exports = {