mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-20 22:42:53 -05:00
Added initial auth frame
refs https://github.com/TryGhost/Team/issues/1664 This has no security features, we need to replace usage of "*" with the origin of the frontend site.
This commit is contained in:
parent
e60ec64454
commit
ed7ce2c00f
5 changed files with 78 additions and 0 deletions
5
core/frontend/src/admin-auth/index.html
Normal file
5
core/frontend/src/admin-auth/index.html
Normal file
|
@ -0,0 +1,5 @@
|
|||
<html>
|
||||
<head>
|
||||
<script src="message-handler.js"></script>
|
||||
</head>
|
||||
</html>
|
67
core/frontend/src/admin-auth/message-handler.js
Normal file
67
core/frontend/src/admin-auth/message-handler.js
Normal file
|
@ -0,0 +1,67 @@
|
|||
window.addEventListener('message', async function (event) {
|
||||
if (event.origin !== '*') {
|
||||
// return;
|
||||
}
|
||||
let data = null;
|
||||
try {
|
||||
data = JSON.parse(event.data);
|
||||
} catch (err) {
|
||||
console.error(err);
|
||||
}
|
||||
|
||||
function respond(error, result) {
|
||||
event.source.postMessage(JSON.stringify({
|
||||
uid: data.uid,
|
||||
error: error,
|
||||
result: result
|
||||
}), '*');
|
||||
}
|
||||
|
||||
if (data.action === 'getUser') {
|
||||
try {
|
||||
const res = await fetch(
|
||||
'https://admin.egg/blog/ghost/api/canary/admin/users/me/'
|
||||
);
|
||||
const json = await res.json();
|
||||
respond(null, json);
|
||||
} catch (err) {
|
||||
respond(err, null);
|
||||
}
|
||||
}
|
||||
|
||||
if (data.action === 'hideComment') {
|
||||
try {
|
||||
const res = await fetch('https://admin.egg/blog/ghost/api/canary/admin/comments/' + data.id + '/', {
|
||||
method: 'PUT',
|
||||
body: JSON.stringify({
|
||||
status: 'hidden'
|
||||
}),
|
||||
headers: {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
});
|
||||
const json = await res.json();
|
||||
respond(null, json);
|
||||
} catch (err) {
|
||||
respond(err, null);
|
||||
}
|
||||
}
|
||||
|
||||
if (data.action === 'showComment') {
|
||||
try {
|
||||
const res = await fetch('https://admin.egg/blog/ghost/api/canary/admin/comments/' + data.id + '/', {
|
||||
method: 'PUT',
|
||||
body: JSON.stringify({
|
||||
status: 'published'
|
||||
}),
|
||||
headers: {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
});
|
||||
const json = await res.json();
|
||||
respond(null, json);
|
||||
} catch (err) {
|
||||
respond(err, null);
|
||||
}
|
||||
}
|
||||
});
|
|
@ -21,6 +21,10 @@ module.exports = function setupAdminApp() {
|
|||
{maxAge: (configMaxAge || configMaxAge === 0) ? configMaxAge : constants.ONE_YEAR_MS, fallthrough: false}
|
||||
));
|
||||
|
||||
adminApp.use('/auth-frame', serveStatic(
|
||||
config.get('paths').adminAuthAssets
|
||||
));
|
||||
|
||||
// Ember CLI's live-reload script
|
||||
if (config.get('env') === 'development') {
|
||||
adminApp.get('/ember-cli-live-reload.js', function emberLiveReload(req, res) {
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
"appRoot": ".",
|
||||
"corePath": "core/",
|
||||
"adminAssets": "core/built/assets",
|
||||
"adminAuthAssets": "content/public/admin-auth",
|
||||
"helperTemplates": "core/frontend/helpers/tpl/",
|
||||
"adminViews": "core/server/web/admin/views/",
|
||||
"defaultViews": "core/server/views/",
|
||||
|
|
|
@ -102,6 +102,7 @@ describe('Config Loader', function () {
|
|||
'appRoot',
|
||||
'corePath',
|
||||
'adminAssets',
|
||||
'adminAuthAssets',
|
||||
'helperTemplates',
|
||||
'adminViews',
|
||||
'defaultViews',
|
||||
|
|
Loading…
Add table
Reference in a new issue