0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
ghost/core/server/routes/api.js
Sebastian Gierlinger c8e8da4780 oAuth
closes #2759
closes #3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
2014-06-30 14:58:10 +02:00

68 lines
3.1 KiB
JavaScript

// # API routes
var express = require('express'),
api = require('../api'),
apiRoutes;
apiRoutes = function (middleware) {
var router = express.Router();
// ## Posts
router.get('/ghost/api/v0.1/posts', api.http(api.posts.browse));
router.post('/ghost/api/v0.1/posts', api.http(api.posts.add));
router.get('/ghost/api/v0.1/posts/:id(\\d+)', api.http(api.posts.read));
router.get('/ghost/api/v0.1/posts/:slug([a-z-]+)', api.http(api.posts.read));
router.put('/ghost/api/v0.1/posts/:id', api.http(api.posts.edit));
router['delete']('/ghost/api/v0.1/posts/:id', api.http(api.posts.destroy));
// ## Settings
router.get('/ghost/api/v0.1/settings/', api.http(api.settings.browse));
router.get('/ghost/api/v0.1/settings/:key/', api.http(api.settings.read));
router.put('/ghost/api/v0.1/settings/', api.http(api.settings.edit));
// ## Users
router.get('/ghost/api/v0.1/users/', api.http(api.users.browse));
router.get('/ghost/api/v0.1/users/:id/', api.http(api.users.read));
router.put('/ghost/api/v0.1/users/password/', api.http(api.users.changePassword));
router.put('/ghost/api/v0.1/users/:id/', api.http(api.users.edit));
router['delete']('/ghost/api/v0.1/users/:id/', api.http(api.users.destroy));
// ## Tags
router.get('/ghost/api/v0.1/tags/', api.http(api.tags.browse));
// ## Themes
router.get('/ghost/api/v0.1/themes/', api.http(api.themes.browse));
router.put('/ghost/api/v0.1/themes/:name', api.http(api.themes.edit));
// ## Notifications
router.get('/ghost/api/v0.1/notifications/', api.http(api.notifications.browse));
router.post('/ghost/api/v0.1/notifications/', api.http(api.notifications.add));
router['delete']('/ghost/api/v0.1/notifications/:id', api.http(api.notifications.destroy));
// ## DB
router.get('/ghost/api/v0.1/db/', api.http(api.db.exportContent));
router.post('/ghost/api/v0.1/db/', middleware.busboy, api.http(api.db.importContent));
router['delete']('/ghost/api/v0.1/db/', api.http(api.db.deleteAllContent));
// ## Mail
router.post('/ghost/api/v0.1/mail', api.http(api.mail.send));
router.post('/ghost/api/v0.1/mail/test', function (req, res) {
api.settings.read('email').then(function (result) {
// attach the to: address to the request body so that it is available
// to the http api handler
req.body = { to: result.settings[0].value };
api.http(api.mail.sendTest)(req, res);
}).catch(function () {
api.http(api.mail.sendTest)(req, res);
});
});
// ## Slugs
router.get('/ghost/api/v0.1/slugs/:type/:name', api.http(api.slugs.generate));
// ## Authentication
router.post('/ghost/api/v0.1/authentication/passwordreset', api.http(api.authentication.generateResetToken));
router.put('/ghost/api/v0.1/authentication/passwordreset', api.http(api.authentication.resetPassword));
router.post('/ghost/api/v0.1/authentication/token',
middleware.addClientSecret,
middleware.authenticateClient,
middleware.generateAccessToken
);
return router;
};
module.exports = apiRoutes;