0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
ghost/core/server/services/auth/authorize.js
Hannah Wolfe baa8118893 Refactor common pattern in service files
- Use array destructuring
- Use @tryghost/errors
- Part of the big move towards decoupling, this gives visibility on what's being used where
- Biting off manageable chunks / fixing bits of code I'm refactoring for other reasons
2020-04-30 20:48:42 +01:00

36 lines
1.1 KiB
JavaScript

const labs = require('../labs');
const errors = require('@tryghost/errors');
const {i18n} = require('../../lib/common');
const authorize = {
authorizeContentApi(req, res, next) {
const hasApiKey = req.api_key && req.api_key.id;
const hasMember = req.member;
if (hasApiKey) {
return next();
}
if (labs.isSet('members') && hasMember) {
return next();
}
return next(new errors.NoPermissionError({
message: i18n.t('errors.middleware.auth.authorizationFailed'),
context: i18n.t('errors.middleware.auth.missingContentMemberOrIntegration')
}));
},
authorizeAdminApi(req, res, next) {
const hasUser = req.user && req.user.id;
const hasApiKey = req.api_key && req.api_key.id;
if (hasUser || hasApiKey) {
return next();
} else {
return next(new errors.NoPermissionError({
message: i18n.t('errors.middleware.auth.authorizationFailed'),
context: i18n.t('errors.middleware.auth.missingAdminUserOrIntegration')
}));
}
}
};
module.exports = authorize;