mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-13 22:41:32 -05:00
f16dc290b7
addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
342 lines
12 KiB
JavaScript
342 lines
12 KiB
JavaScript
var config = require('../config'),
|
|
_ = require('lodash'),
|
|
path = require('path'),
|
|
when = require('when'),
|
|
api = require('../api'),
|
|
mailer = require('../mail'),
|
|
errors = require('../errorHandling'),
|
|
storage = require('../storage'),
|
|
updateCheck = require('../update-check'),
|
|
|
|
adminNavbar,
|
|
adminControllers,
|
|
loginSecurity = [];
|
|
|
|
adminNavbar = {
|
|
content: {
|
|
name: 'Content',
|
|
navClass: 'content',
|
|
key: 'admin.navbar.content',
|
|
path: '/'
|
|
},
|
|
add: {
|
|
name: 'New Post',
|
|
navClass: 'editor',
|
|
key: 'admin.navbar.editor',
|
|
path: '/editor/'
|
|
},
|
|
settings: {
|
|
name: 'Settings',
|
|
navClass: 'settings',
|
|
key: 'admin.navbar.settings',
|
|
path: '/settings/'
|
|
}
|
|
};
|
|
|
|
|
|
// TODO: make this a util or helper
|
|
function setSelected(list, name) {
|
|
_.each(list, function (item, key) {
|
|
item.selected = key === name;
|
|
});
|
|
return list;
|
|
}
|
|
|
|
adminControllers = {
|
|
'uploader': function (req, res) {
|
|
var type = req.files.uploadimage.type,
|
|
ext = path.extname(req.files.uploadimage.name).toLowerCase(),
|
|
store = storage.get_storage();
|
|
|
|
if ((type !== 'image/jpeg' && type !== 'image/png' && type !== 'image/gif' && type !== 'image/svg+xml')
|
|
|| (ext !== '.jpg' && ext !== '.jpeg' && ext !== '.png' && ext !== '.gif' && ext !== '.svg' && ext !== '.svgz')) {
|
|
return res.send(415, 'Unsupported Media Type');
|
|
}
|
|
|
|
store
|
|
.save(req.files.uploadimage)
|
|
.then(function (url) {
|
|
return res.send(url);
|
|
})
|
|
.otherwise(function (e) {
|
|
errors.logError(e);
|
|
return res.send(500, e.message);
|
|
});
|
|
},
|
|
'login': function (req, res) {
|
|
/*jslint unparam:true*/
|
|
res.render('login', {
|
|
bodyClass: 'ghost-login',
|
|
hideNavbar: true,
|
|
adminNav: setSelected(adminNavbar, 'login')
|
|
});
|
|
},
|
|
'auth': function (req, res) {
|
|
var currentTime = process.hrtime()[0],
|
|
remoteAddress = req.connection.remoteAddress,
|
|
denied = '';
|
|
loginSecurity = _.filter(loginSecurity, function (ipTime) {
|
|
return (ipTime.time + 2 > currentTime);
|
|
});
|
|
denied = _.find(loginSecurity, function (ipTime) {
|
|
return (ipTime.ip === remoteAddress);
|
|
});
|
|
|
|
if (!denied) {
|
|
loginSecurity.push({ip: remoteAddress, time: currentTime});
|
|
api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) {
|
|
req.session.regenerate(function (err) {
|
|
if (!err) {
|
|
req.session.user = user.id;
|
|
var redirect = config().paths.subdir + '/ghost/';
|
|
if (req.body.redirect) {
|
|
redirect += decodeURIComponent(req.body.redirect);
|
|
}
|
|
// If this IP address successfully logs in we
|
|
// can remove it from the array of failed login attempts.
|
|
loginSecurity = _.reject(loginSecurity, function (ipTime) {
|
|
return ipTime.ip === remoteAddress;
|
|
});
|
|
res.json(200, {redirect: redirect});
|
|
}
|
|
});
|
|
}, function (error) {
|
|
res.json(401, {error: error.message});
|
|
});
|
|
} else {
|
|
res.json(401, {error: 'Slow down, there are way too many login attempts!'});
|
|
}
|
|
},
|
|
'changepw': function (req, res) {
|
|
return api.users.changePassword({
|
|
currentUser: req.session.user,
|
|
oldpw: req.body.password,
|
|
newpw: req.body.newpassword,
|
|
ne2pw: req.body.ne2password
|
|
}).then(function () {
|
|
res.json(200, {msg: 'Password changed successfully'});
|
|
}, function (error) {
|
|
res.send(401, {error: error.message});
|
|
});
|
|
},
|
|
'signup': function (req, res) {
|
|
/*jslint unparam:true*/
|
|
res.render('signup', {
|
|
bodyClass: 'ghost-signup',
|
|
hideNavbar: true,
|
|
adminNav: setSelected(adminNavbar, 'login')
|
|
});
|
|
},
|
|
'doRegister': function (req, res) {
|
|
var name = req.body.name,
|
|
email = req.body.email,
|
|
password = req.body.password;
|
|
|
|
api.users.add({
|
|
name: name,
|
|
email: email,
|
|
password: password
|
|
}).then(function (user) {
|
|
api.settings.edit('email', email).then(function () {
|
|
var message = {
|
|
to: email,
|
|
subject: 'Your New Ghost Blog',
|
|
html: '<p><strong>Hello!</strong></p>' +
|
|
'<p>Good news! You\'ve successfully created a brand new Ghost blog over on ' + config().url + '</p>' +
|
|
'<p>You can log in to your admin account with the following details:</p>' +
|
|
'<p> Email Address: ' + email + '<br>' +
|
|
'Password: The password you chose when you signed up</p>' +
|
|
'<p>Keep this email somewhere safe for future reference, and have fun!</p>' +
|
|
'<p>xoxo</p>' +
|
|
'<p>Team Ghost<br>' +
|
|
'<a href="https://ghost.org">https://ghost.org</a></p>'
|
|
};
|
|
mailer.send(message).otherwise(function (error) {
|
|
errors.logError(
|
|
error.message,
|
|
"Unable to send welcome email, your blog will continue to function.",
|
|
"Please see http://docs.ghost.org/mail/ for instructions on configuring email."
|
|
);
|
|
});
|
|
|
|
req.session.regenerate(function (err) {
|
|
if (!err) {
|
|
if (req.session.user === undefined) {
|
|
req.session.user = user.id;
|
|
}
|
|
res.json(200, {redirect: config().paths.subdir + '/ghost/'});
|
|
}
|
|
});
|
|
});
|
|
}).otherwise(function (error) {
|
|
res.json(401, {error: error.message});
|
|
});
|
|
},
|
|
'forgotten': function (req, res) {
|
|
/*jslint unparam:true*/
|
|
res.render('forgotten', {
|
|
bodyClass: 'ghost-forgotten',
|
|
hideNavbar: true,
|
|
adminNav: setSelected(adminNavbar, 'login')
|
|
});
|
|
},
|
|
'generateResetToken': function (req, res) {
|
|
var email = req.body.email;
|
|
|
|
api.users.generateResetToken(email).then(function (token) {
|
|
var siteLink = '<a href="' + config().url + '">' + config().url + '</a>',
|
|
resetUrl = config().url.replace(/\/$/, '') + '/ghost/reset/' + token + '/',
|
|
resetLink = '<a href="' + resetUrl + '">' + resetUrl + '</a>',
|
|
message = {
|
|
to: email,
|
|
subject: 'Reset Password',
|
|
html: '<p><strong>Hello!</strong></p>' +
|
|
'<p>A request has been made to reset the password on the site ' + siteLink + '.</p>' +
|
|
'<p>Please follow the link below to reset your password:<br><br>' + resetLink + '</p>' +
|
|
'<p>Ghost</p>'
|
|
};
|
|
|
|
return mailer.send(message);
|
|
}).then(function success() {
|
|
var notification = {
|
|
type: 'success',
|
|
message: 'Check your email for further instructions',
|
|
status: 'passive',
|
|
id: 'successresetpw'
|
|
};
|
|
|
|
return api.notifications.add(notification).then(function () {
|
|
res.json(200, {redirect: config().paths.subdir + '/ghost/signin/'});
|
|
});
|
|
|
|
}, function failure(error) {
|
|
// TODO: This is kind of sketchy, depends on magic string error.message from Bookshelf.
|
|
if (error && error.message === 'EmptyResponse') {
|
|
error.message = "Invalid email address";
|
|
}
|
|
|
|
res.json(401, {error: error.message});
|
|
});
|
|
},
|
|
'reset': function (req, res) {
|
|
// Validate the request token
|
|
var token = req.params.token;
|
|
|
|
api.users.validateToken(token).then(function () {
|
|
// Render the reset form
|
|
res.render('reset', {
|
|
bodyClass: 'ghost-reset',
|
|
hideNavbar: true,
|
|
adminNav: setSelected(adminNavbar, 'reset')
|
|
});
|
|
}).otherwise(function (err) {
|
|
// Redirect to forgotten if invalid token
|
|
var notification = {
|
|
type: 'error',
|
|
message: 'Invalid or expired token',
|
|
status: 'persistent',
|
|
id: 'errorinvalidtoken'
|
|
};
|
|
|
|
errors.logError(err, 'admin.js', "Please check the provided token for validity and expiration.");
|
|
|
|
return api.notifications.add(notification).then(function () {
|
|
res.redirect(config().paths.subdir + '/ghost/forgotten');
|
|
});
|
|
});
|
|
},
|
|
'resetPassword': function (req, res) {
|
|
var token = req.params.token,
|
|
newPassword = req.param('newpassword'),
|
|
ne2Password = req.param('ne2password');
|
|
|
|
api.users.resetPassword(token, newPassword, ne2Password).then(function () {
|
|
var notification = {
|
|
type: 'success',
|
|
message: 'Password changed successfully.',
|
|
status: 'passive',
|
|
id: 'successresetpw'
|
|
};
|
|
|
|
return api.notifications.add(notification).then(function () {
|
|
res.json(200, {redirect: config().paths.subdir + '/ghost/signin/'});
|
|
});
|
|
}).otherwise(function (err) {
|
|
res.json(401, {error: err.message});
|
|
});
|
|
},
|
|
'logout': function (req, res) {
|
|
req.session.destroy();
|
|
|
|
var notification = {
|
|
type: 'success',
|
|
message: 'You were successfully signed out',
|
|
status: 'passive',
|
|
id: 'successlogout'
|
|
};
|
|
|
|
return api.notifications.add(notification).then(function () {
|
|
res.redirect(config().paths.subdir + '/ghost/signin/');
|
|
});
|
|
},
|
|
'index': function (req, res) {
|
|
/*jslint unparam:true*/
|
|
function renderIndex() {
|
|
res.render('content', {
|
|
bodyClass: 'manage',
|
|
adminNav: setSelected(adminNavbar, 'content')
|
|
});
|
|
}
|
|
|
|
when.join(
|
|
updateCheck(res),
|
|
when(renderIndex())
|
|
// an error here should just get logged
|
|
).otherwise(errors.logError);
|
|
},
|
|
'editor': function (req, res) {
|
|
if (req.params.id !== undefined) {
|
|
res.render('editor', {
|
|
bodyClass: 'editor',
|
|
adminNav: setSelected(adminNavbar, 'content')
|
|
});
|
|
} else {
|
|
res.render('editor', {
|
|
bodyClass: 'editor',
|
|
adminNav: setSelected(adminNavbar, 'add')
|
|
});
|
|
}
|
|
},
|
|
'content': function (req, res) {
|
|
/*jslint unparam:true*/
|
|
res.render('content', {
|
|
bodyClass: 'manage',
|
|
adminNav: setSelected(adminNavbar, 'content')
|
|
});
|
|
},
|
|
'settings': function (req, res, next) {
|
|
// TODO: Centralise list/enumeration of settings panes, so we don't run into trouble in future.
|
|
var allowedSections = ['', 'general', 'user'],
|
|
section = req.url.replace(/(^\/ghost\/settings[\/]*|\/$)/ig, '');
|
|
|
|
if (allowedSections.indexOf(section) < 0) {
|
|
return next();
|
|
}
|
|
|
|
res.render('settings', {
|
|
bodyClass: 'settings',
|
|
adminNav: setSelected(adminNavbar, 'settings')
|
|
});
|
|
},
|
|
'debug': {
|
|
index: function (req, res) {
|
|
/*jslint unparam:true*/
|
|
res.render('debug', {
|
|
bodyClass: 'settings',
|
|
adminNav: setSelected(adminNavbar, 'settings')
|
|
});
|
|
}
|
|
}
|
|
};
|
|
|
|
module.exports = adminControllers;
|