Ghost/core/server/routes/admin.js

var admin       = require('../controllers/admin'),
    config      = require('../config'),
    middleware  = require('../middleware').middleware,

    ONE_HOUR_S  = 60 * 60,
    ONE_YEAR_S  = 365 * 24 * ONE_HOUR_S;

module.exports = function (server) {
    var subdir = config().paths.subdir;
    // ### Admin routes
    server.get('/logout/', function redirect(req, res) {
        /*jslint unparam:true*/
        res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});
        res.redirect(301, subdir + '/ghost/signout/');
    });
    server.get('/signout/', function redirect(req, res) {
        /*jslint unparam:true*/
        res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});
        res.redirect(301, subdir + '/ghost/signout/');
    });
    server.get('/signin/', function redirect(req, res) {
        /*jslint unparam:true*/
        res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});
        res.redirect(301, subdir + '/ghost/signin/');
    });
    server.get('/signup/', function redirect(req, res) {
        /*jslint unparam:true*/
        res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});
        res.redirect(301, subdir + '/ghost/signup/');
    });

    server.get('/ghost/signout/', admin.signout);
    server.get('/ghost/signin/', middleware.redirectToSignup, middleware.redirectToDashboard, admin.signin);
    server.post('/ghost/signin/', admin.doSignin);
    server.get('/ghost/signup/', middleware.redirectToDashboard, admin.signup);
    server.post('/ghost/signup/', admin.doSignup);
    server.get('/ghost/forgotten/', middleware.redirectToDashboard, admin.forgotten);
    server.post('/ghost/forgotten/', admin.doForgotten);
    server.get('/ghost/reset/:token', admin.reset);
    server.post('/ghost/reset/:token', admin.doReset);
    server.post('/ghost/changepw/', admin.doChangePassword);

    server.get('/ghost/editor(/:id)/', admin.editor);
    server.get('/ghost/editor/', admin.editor);
    server.get('/ghost/content/', admin.content);
    server.get('/ghost/settings*', admin.settings);
    server.get('/ghost/debug/', admin.debug.index);

    server.get('/ghost/export/', admin.debug.exportContent);

    server.post('/ghost/upload/', middleware.busboy, admin.upload);

    // redirect to /ghost and let that do the authentication to prevent redirects to /ghost//admin etc.
    server.get(/\/((ghost-admin|admin|wp-admin|dashboard|signin)\/?)$/, function (req, res) {
        /*jslint unparam:true*/
        res.redirect(subdir + '/ghost/');
    });
    server.get(/\/ghost$/, function (req, res) {
        /*jslint unparam:true*/
        res.redirect(subdir + '/ghost/');
    });
    server.get('/ghost/', admin.index);
};
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`var admin = require('../controllers/admin'),`
Update config.theme() after every settings edit fixes #1645 - removes server.get('ghost root') as it is only an alias to config.paths().path, and adds unnecessary indirection - removes config.theme().path as its just an alias to config.paths().path, updated all relevant references - update config.theme.update to only require the api/settings object, and no longer need the config object - modify api/settings.edit to call config.theme.update so that the themeObject is ready for next rendering of template 2013-12-10 08:41:58 +04:00			`config = require('../config'),`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-24 01:49:43 +04:00			`middleware = require('../middleware').middleware,`

			`ONE_HOUR_S = 60 * 60,`
			`ONE_YEAR_S = 365 * 24 * ONE_HOUR_S;`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00
			`module.exports = function (server) {`
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js 2014-01-05 10:40:53 +04:00			`var subdir = config().paths.subdir;`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`// ### Admin routes`
Remove cookie from Frontend closes #1437 closes #1472 - changed cookie to path:'/ghost' - added conditional CSRF middleware - added redirects for signup, signin, signout to /ghost/sign*/ 2013-11-26 13:38:54 +04:00			`server.get('/logout/', function redirect(req, res) {`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`/jslint unparam:true/`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-24 01:49:43 +04:00			`res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});`
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client 2013-12-28 20:01:08 +04:00			`res.redirect(301, subdir + '/ghost/signout/');`
Remove cookie from Frontend closes #1437 closes #1472 - changed cookie to path:'/ghost' - added conditional CSRF middleware - added redirects for signup, signin, signout to /ghost/sign*/ 2013-11-26 13:38:54 +04:00			`});`
			`server.get('/signout/', function redirect(req, res) {`
			`/jslint unparam:true/`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-24 01:49:43 +04:00			`res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});`
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client 2013-12-28 20:01:08 +04:00			`res.redirect(301, subdir + '/ghost/signout/');`
Remove cookie from Frontend closes #1437 closes #1472 - changed cookie to path:'/ghost' - added conditional CSRF middleware - added redirects for signup, signin, signout to /ghost/sign*/ 2013-11-26 13:38:54 +04:00			`});`
			`server.get('/signin/', function redirect(req, res) {`
			`/jslint unparam:true/`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-24 01:49:43 +04:00			`res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});`
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client 2013-12-28 20:01:08 +04:00			`res.redirect(301, subdir + '/ghost/signin/');`
Remove cookie from Frontend closes #1437 closes #1472 - changed cookie to path:'/ghost' - added conditional CSRF middleware - added redirects for signup, signin, signout to /ghost/sign*/ 2013-11-26 13:38:54 +04:00			`});`
			`server.get('/signup/', function redirect(req, res) {`
			`/jslint unparam:true/`
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/ 2014-03-24 01:49:43 +04:00			`res.set({'Cache-Control': 'public, max-age=' + ONE_YEAR_S});`
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client 2013-12-28 20:01:08 +04:00			`res.redirect(301, subdir + '/ghost/signup/');`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`});`
Remove cookie from Frontend closes #1437 closes #1472 - changed cookie to path:'/ghost' - added conditional CSRF middleware - added redirects for signup, signin, signout to /ghost/sign*/ 2013-11-26 13:38:54 +04:00
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly 2014-02-25 14:51:12 +04:00			`server.get('/ghost/signout/', admin.signout);`
			`server.get('/ghost/signin/', middleware.redirectToSignup, middleware.redirectToDashboard, admin.signin);`
			`server.post('/ghost/signin/', admin.doSignin);`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`server.get('/ghost/signup/', middleware.redirectToDashboard, admin.signup);`
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly 2014-02-25 14:51:12 +04:00			`server.post('/ghost/signup/', admin.doSignup);`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`server.get('/ghost/forgotten/', middleware.redirectToDashboard, admin.forgotten);`
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly 2014-02-25 14:51:12 +04:00			`server.post('/ghost/forgotten/', admin.doForgotten);`
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods 2013-11-22 07:17:38 +04:00			`server.get('/ghost/reset/:token', admin.reset);`
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly 2014-02-25 14:51:12 +04:00			`server.post('/ghost/reset/:token', admin.doReset);`
			`server.post('/ghost/changepw/', admin.doChangePassword);`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00
Make session expiry less arsey closes #2171 - added authentication middleware - removed authentication from routes - moved authentication before CSRF validation - moved caching rules before authentication - changed/added test 2014-02-14 14:00:11 +04:00			`server.get('/ghost/editor(/:id)/', admin.editor);`
			`server.get('/ghost/editor/', admin.editor);`
			`server.get('/ghost/content/', admin.content);`
			`server.get('/ghost/settings*', admin.settings);`
			`server.get('/ghost/debug/', admin.debug.index);`

Remove res.redirect from db.exportContent closes #1654 - added frontend route /ghost/export/ - removed request handling from API 2014-02-27 19:48:38 +04:00			`server.get('/ghost/export/', admin.debug.exportContent);`

Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly 2014-02-25 14:51:12 +04:00			`server.post('/ghost/upload/', middleware.busboy, admin.upload);`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00
			`// redirect to /ghost and let that do the authentication to prevent redirects to /ghost//admin etc.`
Install in sub-directory support. refs #527 2013-11-17 22:40:26 +04:00			`server.get(/\/((ghost-admin\|admin\|wp-admin\|dashboard\|signin)\/?)$/, function (req, res) {`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`/jslint unparam:true/`
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client 2013-12-28 20:01:08 +04:00			`res.redirect(subdir + '/ghost/');`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`});`
Remove useless regex for redirecting /ghost -> /ghost/ 2014-02-20 02:56:06 +04:00			`server.get(/\/ghost$/, function (req, res) {`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`/jslint unparam:true/`
Path, url and subdir cleanup & test issue #1754 - remove path (it was only used once, and not needed) - change webroot to subdir - add unit tests for config.paths - various other cleanup - renamed client-side ghostRoot to subdir - added url helper for client 2013-12-28 20:01:08 +04:00			`res.redirect(subdir + '/ghost/');`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`});`
Make session expiry less arsey closes #2171 - added authentication middleware - removed authentication from routes - moved authentication before CSRF validation - moved caching rules before authentication - changed/added test 2014-02-14 14:00:11 +04:00			`server.get('/ghost/', admin.index);`
Reduce size of ghost.js by moving related Routing code to their own files 2013-11-12 09:27:12 +04:00			`};`