Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-03-04 02:01:58 -05:00
Code Issues Activity

Merge pull request #61 from ricardobeat/api_auth

Browse source 
API auth failures should respond with json, closes #49
This commit is contained in:
Hannah Wolfe 2013-05-25 23:35:57 -07:00
commit c6135cfaa2
1 changed files with 21 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
app.js
View file

@ -16,6 +16,7 @@
// ## Variables // ## Variables
auth, auth,
authAPI,
/** /**
* Create new Ghost object * Create new Ghost object
@ -50,9 +51,19 @@
if (!req.session.user) { if (!req.session.user) {
req.flash('warn', "Please login"); req.flash('warn', "Please login");
res.redirect('/ghost/login/?redirect=' + encodeURIComponent(req.path)); res.redirect('/ghost/login/?redirect=' + encodeURIComponent(req.path));
} else { return;
next();
} }
next();
};
authAPI = function (req, res, next) {
if (!req.session.user) {
// TODO: standardize error format/codes/messages
var err = { code: 42, message: 'Please login' };
res.json(401, { error: err });
return;
}
next();
}; };
helpers.loadCoreHelpers(ghost); helpers.loadCoreHelpers(ghost);
@ -62,14 +73,14 @@
* API routes.. * API routes..
* @todo auth should be public auth not user auth * @todo auth should be public auth not user auth
*/ */
ghost.app().get('/api/v0.1/posts', auth, api.requestHandler(api.posts.browse)); ghost.app().get('/api/v0.1/posts', authAPI, api.requestHandler(api.posts.browse));
ghost.app().post('/api/v0.1/posts', auth, api.requestHandler(api.posts.add)); ghost.app().post('/api/v0.1/posts', authAPI, api.requestHandler(api.posts.add));
ghost.app().get('/api/v0.1/posts/:id', auth, api.requestHandler(api.posts.read)); ghost.app().get('/api/v0.1/posts/:id', authAPI, api.requestHandler(api.posts.read));
ghost.app().put('/api/v0.1/posts/:id', auth, api.requestHandler(api.posts.edit)); ghost.app().put('/api/v0.1/posts/:id', authAPI, api.requestHandler(api.posts.edit));
ghost.app().del('/api/v0.1/posts/:id', auth, api.requestHandler(api.posts.destroy)); ghost.app().del('/api/v0.1/posts/:id', authAPI, api.requestHandler(api.posts.destroy));
ghost.app().get('/api/v0.1/settings', auth, api.requestHandler(api.settings.browse)); ghost.app().get('/api/v0.1/settings', authAPI, api.requestHandler(api.settings.browse));
ghost.app().get('/api/v0.1/settings/:key', auth, api.requestHandler(api.settings.read)); ghost.app().get('/api/v0.1/settings/:key', authAPI, api.requestHandler(api.settings.read));
ghost.app().put('/api/v0.1/settings', auth, api.requestHandler(api.settings.edit)); ghost.app().put('/api/v0.1/settings', authAPI, api.requestHandler(api.settings.edit));
/** /**
* Admin routes.. * Admin routes..