Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00
Code Issues Activity
ghost/core/server/api/canary
History
Fabien O'Carroll d246a4761e Implemented externally verifiable identity tokens 
no-issue

This adds two new endpoints, one at /ghost/.well-known/jwks.json for exposing
a public key, and one on the canary api /identities, which allows the
Owner user to fetch a JWT.

This token can then be used by external services to verify the domain

* Added ghost_{public,private}_key settings

    This key can be used for generating tokens for communicating with
    external services on behalf of Ghost

* Added .well-known directory to /ghost/.well-known

    We add a jwks.json file to the .well-known directory which exposes a
    public JWK which can be used to verify the signatures of JWT's created
    by Ghost

    This is added to the /ghost/ path so that it can live on the admin
    domain, rather than the frontend. This is because most of its
    uses/functions will be in relation to the admin domain.

* Improved settings model tests

    This removes hardcoded positions in favour of testing that a particular
    event wasn't emitted which is less brittle and more precise about what's
    being tested

* Fixed parent app unit tests for well-known

    This updates the parent app unit tests to check that the well-known
    route is mounted. We all change proxyquire to use `noCallThru` which
    ensures that the ubderlying modules are not required. This stops the
    initialisation logic in ./well-known erroring in tests

https://github.com/thlorenz/proxyquire/issues/215

* Moved jwt signature to a separate 'token' propery

    This structure corresponds to other resources and allows to exptend with
    additional properties in future if needed
2020-03-16 13:22:04 +01:00
..
utils Implemented externally verifiable identity tokens 2020-03-16 13:22:04 +01:00
actions.js Updated canary actions endpoint 2019-08-14 17:40:36 +08:00
authentication.js
authors-public.js
config.js Read billing url from config and add to API 2020-03-16 13:22:04 +01:00
db.js Corrected 404 handling 2020-02-10 12:41:39 +00:00
email-preview.js Refactored email handling to be consistent for test and newsletter emails 2019-11-26 21:41:01 +05:30
email.js Moved toJSON calls to serializer 2019-11-25 12:04:58 +07:00
identities.js Implemented externally verifiable identity tokens 2020-03-16 13:22:04 +01:00
images.js
index.js Implemented externally verifiable identity tokens 2020-03-16 13:22:04 +01:00
integrations.js
invites.js
labels.js Added labels for Members (#11538) 2020-02-14 15:03:10 +05:30
mail.js
members.js Fixed handling of empty created_at dates in member CSV imorts 2020-03-09 20:12:02 +08:00
memberSigninUrls.js Added member login resource to Admin API (#11607) 2020-02-27 11:48:02 +08:00
notifications.js
oembed.js 🔒 Improved validation of fetched urls and responses in oembed endpoint 2020-03-09 10:42:25 +00:00
pages-public.js
pages.js Allowed pages to accept HTML as a source (#11422) 2020-01-08 17:44:34 +01:00
posts-public.js
posts.js 🏗Added host config limits for member emails (#11439) 2019-12-17 19:24:27 +05:30
preview.js
redirects.js
roles.js
schedules.js 🏗 Migrated scheduler to work with v2 API (#11142) 2019-09-23 21:42:53 +05:30
session.js 💡Migrated session controllers for compatibility with "frame" (#11101) 2019-09-11 11:28:55 +02:00
settings-public.js
settings.js Added permission restrictions to editing members flag (#11217) 2019-10-09 10:26:54 +02:00
site.js
slack.js
slugs.js
tags-public.js
tags.js
themes.js
users.js Deleted all but active sessions on password change (#11639) 2020-03-05 12:22:32 +02:00
webhooks.js