Move Public API behind labs flag
closes #5941 - added UI to labs page - added method to determine if full authentication is required - updated public_api tests to enable public api first
This commit is contained in:
Sebastian Gierlinger
parent
0c9befc16f
commit
bf65c136ce
@ -25,5 +25,9 @@ export default Ember.Controller.extend(Ember.PromiseProxyMixin, {
|
||||
}
|
||||
|
||||
return value;
|
||||
}),
|
||||
|
||||
publicAPI: Ember.computed('config.publicAPI', 'labs.publicAPI', function () {
|
||||
return this.get('config.publicAPI') || this.get('labs.publicAPI');
|
||||
})
|
||||
});
|
||||
|
||||
@ -9,6 +9,7 @@ export default Ember.Controller.extend({
|
||||
ghostPaths: Ember.inject.service('ghost-paths'),
|
||||
notifications: Ember.inject.service(),
|
||||
session: Ember.inject.service(),
|
||||
feature: Ember.inject.controller(),
|
||||
|
||||
labsJSON: Ember.computed('model.labs', function () {
|
||||
return JSON.parse(this.get('model.labs') || {});
|
||||
@ -29,6 +30,16 @@ export default Ember.Controller.extend({
|
||||
});
|
||||
},
|
||||
|
||||
usePublicAPI: Ember.computed('feature.publicAPI', {
|
||||
get: function () {
|
||||
return this.get('feature.publicAPI');
|
||||
},
|
||||
set: function (key, value) {
|
||||
this.saveLabs('publicAPI', value);
|
||||
return value;
|
||||
}
|
||||
}),
|
||||
|
||||
actions: {
|
||||
onUpload: function (file) {
|
||||
var self = this,
|
||||
|
||||
@ -42,5 +42,19 @@
|
||||
</div>
|
||||
</fieldset>
|
||||
</form>
|
||||
<hr>
|
||||
<form>
|
||||
<fieldset>
|
||||
<div class="form-group for-checkbox">
|
||||
<label for="labs-publicAPI">Public API</label>
|
||||
<label class="checkbox" for="labs-publicAPI">
|
||||
{{input id="labs-publicAPI" name="labs[publicAPI]" type="checkbox" checked=usePublicAPI}}
|
||||
<span class="input-toggle-component"></span>
|
||||
<p>Enable public API access.</p>
|
||||
</label>
|
||||
<p>Allow access to the publicly available Ghost API using JavaScript.</p>
|
||||
</div>
|
||||
</fieldset>
|
||||
</form>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
@ -10,6 +10,7 @@ var _ = require('lodash'),
|
||||
function getValidKeys() {
|
||||
var validKeys = {
|
||||
fileStorage: config.fileStorage === false ? false : true,
|
||||
publicAPI: config.publicAPI === true ? true : false,
|
||||
apps: config.apps === true ? true : false,
|
||||
version: config.ghostVersion,
|
||||
environment: process.env.NODE_ENV,
|
||||
|
||||
@ -3,6 +3,7 @@ var _ = require('lodash'),
|
||||
url = require('url'),
|
||||
errors = require('../errors'),
|
||||
config = require('../config'),
|
||||
api = require('../api'),
|
||||
oauthServer,
|
||||
|
||||
auth;
|
||||
@ -130,6 +131,30 @@ auth = {
|
||||
}
|
||||
},
|
||||
|
||||
// ### Require user depending on public API being activated.
|
||||
requiresAuthorizedUserPublicAPI: function requiresAuthorizedUserPublicAPI(req, res, next) {
|
||||
return api.settings.read({key: 'labs', context: {internal: true}}).then(function (response) {
|
||||
var labs,
|
||||
labsValue;
|
||||
|
||||
labs = _.find(response.settings, function (setting) {
|
||||
return setting.key === 'labs';
|
||||
});
|
||||
|
||||
labsValue = JSON.parse(labs.value);
|
||||
|
||||
if (labsValue.publicAPI && labsValue.publicAPI === true) {
|
||||
return next();
|
||||
} else {
|
||||
if (req.user) {
|
||||
return next();
|
||||
} else {
|
||||
return errors.handleAPIError(new errors.NoPermissionError('Please Sign In'), req, res, next);
|
||||
}
|
||||
}
|
||||
});
|
||||
},
|
||||
|
||||
// ### Generate access token Middleware
|
||||
// register the oauth2orize middleware for password and refresh token grants
|
||||
generateAccessToken: function generateAccessToken(req, res, next) {
|
||||
|
||||
@ -43,6 +43,7 @@ middleware = {
|
||||
authenticateClient: auth.authenticateClient,
|
||||
authenticateUser: auth.authenticateUser,
|
||||
requiresAuthorizedUser: auth.requiresAuthorizedUser,
|
||||
requiresAuthorizedUserPublicAPI: auth.requiresAuthorizedUserPublicAPI,
|
||||
generateAccessToken: auth.generateAccessToken,
|
||||
errorHandler: errors.handleAPIError
|
||||
}
|
||||
|
||||
@ -8,7 +8,8 @@ apiRoutes = function apiRoutes(middleware) {
|
||||
// Authentication for public endpoints
|
||||
authenticatePublic = [
|
||||
middleware.api.authenticateClient,
|
||||
middleware.api.authenticateUser
|
||||
middleware.api.authenticateUser,
|
||||
middleware.api.requiresAuthorizedUserPublicAPI
|
||||
],
|
||||
// Require user for private endpoints
|
||||
authenticatePrivate = [
|
||||
|
||||
@ -10,6 +10,12 @@ var testUtils = require('../../../utils'),
|
||||
request;
|
||||
|
||||
describe('Public API', function () {
|
||||
var publicAPIaccessSetting = {
|
||||
settings: [
|
||||
{key: 'labs', value: {publicAPI: true}}
|
||||
]
|
||||
};
|
||||
|
||||
before(function (done) {
|
||||
// starting ghost automatically populates the db
|
||||
// TODO: prevent db init, and manage bringing up the DB with fixtures ourselves
|
||||
@ -17,8 +23,20 @@ describe('Public API', function () {
|
||||
request = supertest.agent(ghostServer.rootApp);
|
||||
}).then(function () {
|
||||
return testUtils.doAuth(request, 'posts', 'tags');
|
||||
}).then(function () {
|
||||
done();
|
||||
}).then(function (token) {
|
||||
// enable public API
|
||||
return request.put(testUtils.API.getApiQuery('settings/'))
|
||||
.set('Authorization', 'Bearer ' + token)
|
||||
.send(publicAPIaccessSetting)
|
||||
.expect('Content-Type', /json/)
|
||||
.expect('Cache-Control', testUtils.cacheRules.private)
|
||||
.expect(200)
|
||||
.end(function (err) {
|
||||
if (err) {
|
||||
return done(err);
|
||||
}
|
||||
done();
|
||||
});
|
||||
}).catch(done);
|
||||
});
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user