From d064eda229e59b72c71e96f6877dbba185ed011f Mon Sep 17 00:00:00 2001
From: Kevin Ansfield <kevin@lookingsideways.co.uk>
Date: Tue, 15 Aug 2017 15:59:16 +0100
Subject: [PATCH] Add `configuration/private` endpoint and settings for
 Unsplash (#8895)

refs #8859

- adds new `configuration/private` endpoint for exposing config that should not be accessible without authentication
- adds `unsplashAPI` to private config
- adds empty `unsplash` config to default settings
---
 core/server/api/app.js                          |  1 -
 core/server/api/configuration.js                | 13 +++++++++++++
 core/server/data/schema/default-settings.json   |  3 +++
 .../integration/api/api_configuration_spec.js   | 17 +++++++++++++++++
 4 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/core/server/api/app.js b/core/server/api/app.js
index 1d51469558..8065681ec9 100644
--- a/core/server/api/app.js
+++ b/core/server/api/app.js
@@ -67,7 +67,6 @@ function apiRoutes() {
     // ## Configuration
     apiRouter.get('/configuration', api.http(api.configuration.read));
     apiRouter.get('/configuration/:key', authenticatePrivate, api.http(api.configuration.read));
-    apiRouter.get('/configuration/timezones', authenticatePrivate, api.http(api.configuration.read));
 
     // ## Posts
     apiRouter.get('/posts', authenticatePublic, api.http(api.posts.browse));
diff --git a/core/server/api/configuration.js b/core/server/api/configuration.js
index 998d77a941..2b7c10a5cd 100644
--- a/core/server/api/configuration.js
+++ b/core/server/api/configuration.js
@@ -15,6 +15,14 @@ function fetchAvailableTimezones() {
     return timezones;
 }
 
+function fetchPrivateConfig() {
+    var unsplashConfig = config.get('unsplash') || {};
+
+    return {
+        unsplashAPI: unsplashConfig
+    };
+}
+
 function getAboutConfig() {
     return {
         version: ghostVersion.full,
@@ -88,6 +96,11 @@ configuration = {
             return Promise.resolve({configuration: [fetchAvailableTimezones()]});
         }
 
+        // Private configuration config for API keys used by the client
+        if (options.key === 'private') {
+            return Promise.resolve({configuration: [fetchPrivateConfig()]});
+        }
+
         return Promise.resolve({configuration: []});
     }
 };
diff --git a/core/server/data/schema/default-settings.json b/core/server/data/schema/default-settings.json
index 4e76e110d9..7a58349997 100644
--- a/core/server/data/schema/default-settings.json
+++ b/core/server/data/schema/default-settings.json
@@ -80,6 +80,9 @@
         },
         "slack": {
             "defaultValue": "[{\"url\":\"\"}]"
+        },
+        "unsplash": {
+            "defaultValue": ""
         }
     },
     "theme": {
diff --git a/core/test/integration/api/api_configuration_spec.js b/core/test/integration/api/api_configuration_spec.js
index 49a079e8c3..33a3ed012b 100644
--- a/core/test/integration/api/api_configuration_spec.js
+++ b/core/test/integration/api/api_configuration_spec.js
@@ -79,4 +79,21 @@ describe('Configuration API', function () {
             done();
         }).catch(done);
     });
+
+    it('can read private config and get all expected properties', function (done) {
+        ConfigurationAPI.read({key: 'private'}).then(function (response) {
+            var props;
+
+            should.exist(response);
+            should.exist(response.configuration);
+            response.configuration.should.be.an.Array().with.lengthOf(1);
+            props = response.configuration[0];
+
+            // property is set, but value not available, because settings API was not called yet
+            props.should.have.property('unsplashAPI').which.is.an.Object();
+            props.unsplashAPI.should.be.empty();
+
+            done();
+        }).catch(done);
+    });
 });