Ghost/core/server/middleware/serve-public-file.js

var crypto = require('crypto'),
    fs     = require('fs'),
    path   = require('path'),
    config = require('../config'),
    utils  = require('../utils');

// ### servePublicFile Middleware
// Handles requests to robots.txt and favicon.ico (and caches them)
function servePublicFile(file, type, maxAge) {
    var content,
        publicFilePath = config.get('paths').publicFilePath,
        filePath,
        blogRegex = /(\{\{blog-url\}\})/g,
        apiRegex = /(\{\{api-url\}\})/g;

    filePath = file.match(/^public/) ? path.join(publicFilePath, file.replace(/^public/, '')) : path.join(publicFilePath, file);

    return function servePublicFile(req, res, next) {
        if (req.path === '/' + file) {
            if (content) {
                res.writeHead(200, content.headers);
                res.end(content.body);
            } else {
                fs.readFile(filePath, function readFile(err, buf) {
                    if (err) {
                        return next(err);
                    }

                    if (type === 'text/xsl' || type === 'text/plain' || type === 'application/javascript') {
                        buf = buf.toString().replace(blogRegex, utils.url.urlFor('home', true).replace(/\/$/, ''));
                        buf = buf.toString().replace(apiRegex, utils.url.urlFor('api', {cors: true}, true));
                    }
                    content = {
                        headers: {
                            'Content-Type': type,
                            'Content-Length': buf.length,
                            ETag: '"' + crypto.createHash('md5').update(buf, 'utf8').digest('hex') + '"',
                            'Cache-Control': 'public, max-age=' + maxAge
                        },
                        body: buf
                    };
                    res.writeHead(200, content.headers);
                    res.end(content.body);
                });
            }
        } else {
            next();
        }
    };
}

module.exports = servePublicFile;
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`var crypto = require('crypto'),`
			`fs = require('fs'),`
			`path = require('path'),`
:art: source out url utils from ConfigManager (#7347) refs #6982 2016-09-09 13:23:47 +03:00			`config = require('../config'),`
			`utils = require('../utils');`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00
💁🏻 Move`shared/` to `server/public` (#8273) refs #8221 Instead of serving our shared assets from a `shared/` folder, we move the file, which are used server side to `server/public`. Adds a new `config.paths` entry: `publicFilePath` and renames the middleware to serve the files to reflect the changes. Adds `404-ghost.png` images to be used by the server side rendered default template `error.hbs`. 2017-04-07 15:21:41 +03:00			`// ### servePublicFile Middleware`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`// Handles requests to robots.txt and favicon.ico (and caches them)`
💁🏻 Move`shared/` to `server/public` (#8273) refs #8221 Instead of serving our shared assets from a `shared/` folder, we move the file, which are used server side to `server/public`. Adds a new `config.paths` entry: `publicFilePath` and renames the middleware to serve the files to reflect the changes. Adds `404-ghost.png` images to be used by the server side rendered default template `error.hbs`. 2017-04-07 15:21:41 +03:00			`function servePublicFile(file, type, maxAge) {`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`var content,`
💁🏻 Move`shared/` to `server/public` (#8273) refs #8221 Instead of serving our shared assets from a `shared/` folder, we move the file, which are used server side to `server/public`. Adds a new `config.paths` entry: `publicFilePath` and renames the middleware to serve the files to reflect the changes. Adds `404-ghost.png` images to be used by the server side rendered default template `error.hbs`. 2017-04-07 15:21:41 +03:00			`publicFilePath = config.get('paths').publicFilePath,`
Prep shared API URL util for use on external sites refs #5942, #6150 There were a few key problems I was looking to solve with this: - Introduce a single point of truth for what the URL for accessing the API should be - Provide a simple way to configure the utility (much like a true SDK) As of this commit, this utility is still automatically available in a Ghost theme. To use it on an external site, the code would look like: ``` <script type="text/javascript" src="http://my-ghost-blog.com/shared/ghost-url.min.js"></script> <script type="text/javascript"> ghost.init({ clientId: "<your-client-id>", clientSecret: "<your-client-secret>" }); </script> ``` To achieve this, there have been a number of changes: - A new `apiUrl` function has been added to config, which calculates the correct URL. This needs to be unified with the other url generation functions as a separate piece of work. - The serveSharedFile middleware has been updated, so that it can serve files from / or /shared and to substitute `{{api-url}}` as it does `{{blog-url}}`. - ghost-url.js and ghost-url.min.js have been updated to be served via the serveSharedFile middleware - ghost-url.js has been changed slightly, to take the url from an inline variable which is substituted the first time it is served - `{{ghost_head}}` has been updated, removing the api url handling which is now in config/url.js and removing the configuration of the utility in favour of calling `init()` after the script is required - `{{ghost_head}}` has also had the meta tags for client id and secret removed - tests have been updated 2015-12-15 13:41:53 +03:00			`filePath,`
			`blogRegex = /(\{\{blog-url\}\})/g,`
			`apiRegex = /(\{\{api-url\}\})/g;`

💁🏻 Move`shared/` to `server/public` (#8273) refs #8221 Instead of serving our shared assets from a `shared/` folder, we move the file, which are used server side to `server/public`. Adds a new `config.paths` entry: `publicFilePath` and renames the middleware to serve the files to reflect the changes. Adds `404-ghost.png` images to be used by the server side rendered default template `error.hbs`. 2017-04-07 15:21:41 +03:00			`filePath = file.match(/^public/) ? path.join(publicFilePath, file.replace(/^public/, '')) : path.join(publicFilePath, file);`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00
💁🏻 Move`shared/` to `server/public` (#8273) refs #8221 Instead of serving our shared assets from a `shared/` folder, we move the file, which are used server side to `server/public`. Adds a new `config.paths` entry: `publicFilePath` and renames the middleware to serve the files to reflect the changes. Adds `404-ghost.png` images to be used by the server side rendered default template `error.hbs`. 2017-04-07 15:21:41 +03:00			`return function servePublicFile(req, res, next) {`
Prep shared API URL util for use on external sites refs #5942, #6150 There were a few key problems I was looking to solve with this: - Introduce a single point of truth for what the URL for accessing the API should be - Provide a simple way to configure the utility (much like a true SDK) As of this commit, this utility is still automatically available in a Ghost theme. To use it on an external site, the code would look like: ``` <script type="text/javascript" src="http://my-ghost-blog.com/shared/ghost-url.min.js"></script> <script type="text/javascript"> ghost.init({ clientId: "<your-client-id>", clientSecret: "<your-client-secret>" }); </script> ``` To achieve this, there have been a number of changes: - A new `apiUrl` function has been added to config, which calculates the correct URL. This needs to be unified with the other url generation functions as a separate piece of work. - The serveSharedFile middleware has been updated, so that it can serve files from / or /shared and to substitute `{{api-url}}` as it does `{{blog-url}}`. - ghost-url.js and ghost-url.min.js have been updated to be served via the serveSharedFile middleware - ghost-url.js has been changed slightly, to take the url from an inline variable which is substituted the first time it is served - `{{ghost_head}}` has been updated, removing the api url handling which is now in config/url.js and removing the configuration of the utility in favour of calling `init()` after the script is required - `{{ghost_head}}` has also had the meta tags for client id and secret removed - tests have been updated 2015-12-15 13:41:53 +03:00			`if (req.path === '/' + file) {`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`if (content) {`
			`res.writeHead(200, content.headers);`
			`res.end(content.body);`
			`} else {`
			`fs.readFile(filePath, function readFile(err, buf) {`
			`if (err) {`
			`return next(err);`
			`}`
Prep shared API URL util for use on external sites refs #5942, #6150 There were a few key problems I was looking to solve with this: - Introduce a single point of truth for what the URL for accessing the API should be - Provide a simple way to configure the utility (much like a true SDK) As of this commit, this utility is still automatically available in a Ghost theme. To use it on an external site, the code would look like: ``` <script type="text/javascript" src="http://my-ghost-blog.com/shared/ghost-url.min.js"></script> <script type="text/javascript"> ghost.init({ clientId: "<your-client-id>", clientSecret: "<your-client-secret>" }); </script> ``` To achieve this, there have been a number of changes: - A new `apiUrl` function has been added to config, which calculates the correct URL. This needs to be unified with the other url generation functions as a separate piece of work. - The serveSharedFile middleware has been updated, so that it can serve files from / or /shared and to substitute `{{api-url}}` as it does `{{blog-url}}`. - ghost-url.js and ghost-url.min.js have been updated to be served via the serveSharedFile middleware - ghost-url.js has been changed slightly, to take the url from an inline variable which is substituted the first time it is served - `{{ghost_head}}` has been updated, removing the api url handling which is now in config/url.js and removing the configuration of the utility in favour of calling `init()` after the script is required - `{{ghost_head}}` has also had the meta tags for client id and secret removed - tests have been updated 2015-12-15 13:41:53 +03:00
			`if (type === 'text/xsl' \|\| type === 'text/plain' \|\| type === 'application/javascript') {`
More consistant usage of urlFor('home') (#7689) refs #7666 Using `urlFor('home')` instead `config.get('url')` in Ghost. When `urlFor('home', true)` returns the absolute adress of the blog as defined in the config. Will always return a trailing `/`. 2017-01-23 11:22:37 +03:00			`buf = buf.toString().replace(blogRegex, utils.url.urlFor('home', true).replace(/\/$/, ''));`
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937) * 🔥 kill apiUrl helper, use urlFor helper instead More consistency of creating urls. Creates an easier ability to add config changes. Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs. The url util need's refactoring anyway. * 🔥 urlSSL Remove all urlSSL usages. Add TODO's for the next commit to re-add logic for deleted logic. e.g. - cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available - theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag) The changes in this commit doesn't have to be right, but it helped going step by step. The next commit is the more interesting one. * 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic I wanted to remove the forceAdminSSL as separate commit, but was hard to realise. That's why both changes are in one commit: 1. remove forceAdminSSL 2. add admin.url option - fix TODO's from last commits - rewrite the ssl middleware! - create some private helper functions in the url helper to realise the changes - rename some wordings and functions e.g. base === blog (we have so much different wordings) - i would like to do more, but this would end in a non readable PR - this commit contains the most important changes to offer admin.url option * 🤖 adapt tests IMPORTANT - all changes in the routing tests were needed, because each routing test did not start the ghost server - they just required the ghost application, which resulted in a random server port - having a random server port results in a redirect, caused by the ssl/redirect middleware * 😎 rename check-ssl middleware * 🎨 fix theme-handler because of master rebase 2017-02-03 21:13:22 +03:00			`buf = buf.toString().replace(apiRegex, utils.url.urlFor('api', {cors: true}, true));`
Middleware Refactor - Refactor SSL middleware into separate module. - Refactor redirectToSetup to separate module + tests - Refactor serveStaticFile + tests - Refactor authentication middleware + tests - Refactor private blogging middleware refs #5286 2015-07-15 19:01:23 +03:00			`}`
			`content = {`
			`headers: {`
			`'Content-Type': type,`
			`'Content-Length': buf.length,`
			`ETag: '"' + crypto.createHash('md5').update(buf, 'utf8').digest('hex') + '"',`
			`'Cache-Control': 'public, max-age=' + maxAge`
			`},`
			`body: buf`
			`};`
			`res.writeHead(200, content.headers);`
			`res.end(content.body);`
			`});`
			`}`
			`} else {`
			`next();`
			`}`
			`};`
			`}`

💁🏻 Move`shared/` to `server/public` (#8273) refs #8221 Instead of serving our shared assets from a `shared/` folder, we move the file, which are used server side to `server/public`. Adds a new `config.paths` entry: `publicFilePath` and renames the middleware to serve the files to reflect the changes. Adds `404-ghost.png` images to be used by the server side rendered default template `error.hbs`. 2017-04-07 15:21:41 +03:00			`module.exports = servePublicFile;`