mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-24 23:48:13 -05:00

History

Nazar Gargol 00f95e7328 Migrated schedules controller to v2 closes #10060 - Implemented scheduling for posts and pages - Added cache invalidation when scheduling - Refactored admin token eneration function to accept existing key as parameter in tests - Added Ghost Scheduler Integration fixture - Added fixture for permissions for post publish action - Migrated getScheduled method to v2 - Did not add support for 'from' and 'to' parameters as they were not used by DefaultScheduler - This method needs rethinking in a long run as it's an ugly hack and should rather become proper endpoint that returns JSON data instead of models - Removed unused auth middleware from v2 routes - Added internal scheduler role - Implemetnted transactions in v2 frame - This takes into account scenario mentioned in `c93f03b87e` - Specifically: >if two queries happening in a transaction we have to signalise knex/mysql that we select for an update otherwise the following case happens: you fetch posts for an update a user requests comes in and updates the post (e.g. sets title to "X") you update the fetched posts, title would get overriden to the old one		2019-08-07 14:51:36 +02:00
..
shared	Migrated schedules controller to v2	2019-08-07 14:51:36 +02:00
v0.1	Renamed sendNotification to sendWelcomeMail	2019-07-30 16:15:53 +02:00
v2	Migrated schedules controller to v2	2019-08-07 14:51:36 +02:00
index.js	Added more webhooks & changed payload	2019-02-07 23:14:27 +01:00
README.md	Added comments for Ghost API	2019-05-06 14:49:25 +02:00

README.md

API Versioning

Ghost supports multiple API versions. Each version lives in a separate folder e.g. api/v0.1, api/v2. Next to the API folders there is a shared folder, which contains shared code, which all API versions use.

NOTE: v0.1 is deprecated and we won't touch the shared folder at all. The v0.1 folder contains the API layer which we have used since Ghost was born.

Stages

Each request goes through the following stages:

input validation
input serialisation
permissions
query
output serialisation

The framework we are building pipes a request through these stages in respect of the API controller configuration.

Frame

Is a class, which holds all the information for request processing. We pass this instance by reference. Each function can modify the original instance. No need to return the class instance.

Structure

{
  original: Object,
  options: Object,
  data: Object,
  user: Object,
  file: Object,
  files: Array
}

Example

{
  original: {
    include: 'tags'
  },
  options: {
    withRelated: ['tags']
  },
  data: {
    posts: []
  }
}

API Controller

A controller is no longer just a function, it's a set of configurations.

Structure

edit: function || object

edit: {
  headers: object,
  options: Array,
  data: Array,
  validation: object | function,
  permissions: boolean | object | function,
  query: function
}

Examples

edit: {
  headers: {
    cacheInvalidate: true
  },
  // Allowed url/query params
  options: ['include']
  // Url/query param validation configuration
  validation: {
    options: {
      include: {
        required: true,
        values: ['tags']
      }
    }
  },
  permissions: true,
  // Returns a model response!
  query(frame) {
    return models.Post.edit(frame.data, frame.options);
  }
}

read: {
  // Allowed url/query params, which will be remembered inside `frame.data`
  // This is helpful for READ requests e.g. `model.findOne(frame.data, frame.options)`.
  // Our model layer requires sending the where clauses as first parameter.
  data: ['slug']
  validation: {
    data: {
      slug: {
        values: ['eins']
      }
    }
  },
  permissions: true,
  query(frame) {
    return models.Post.findOne(frame.data, frame.options);
  }
}

edit: {
  validation() {
    // custom validation, skip framework
  },
  permissions: {
    unsafeAttrs: ['author']
  },
  query(frame) {
    return models.Post.edit(frame.data, frame.options);
  }
}