Created
July 14, 2018 14:48
-
-
Save lkatney/abc0b3417d840c0ca521cf00ec6b66b2 to your computer and use it in GitHub Desktop.
Revisions
-
Lakshay Katney created this gist
Jul 14, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,46 @@ // ### Authenticate Middleware // authentication has to be done for /ghost/* routes with // exceptions for signin, signout, signup, forgotten, reset only // api and frontend use different authentication mechanisms atm authenticate: function (req, res, next) { var path, subPath, scope; // SubPath is the url path starting after any default subdirectories // it is stripped of anything after the two levels `/ghost/.*?/` as the reset link has an argument path = req.path; /*jslint regexp:true, unparam:true*/ subPath = path.replace(/^(\/.*?\/.*?\/)(.*)?/, function (match, a) { return a; }); scope = req.query.scope; // scope to distinguish if GET POST request is for public use or not if (subPath.indexOf('/ghost/api/') === 0 && path.indexOf('/ghost/api/v0.1/authentication/') !== 0 && (path.indexOf('v0.1/posts') === -1 || req.method !== 'GET' || scope !== 'public')){ // condition to expose GET POST API publicaly return passport.authenticate('bearer', {session: false, failWithError: true}, function (err, user, info) { if (err) { return next(err); // will generate a 500 error } // Generate a JSON response reflecting authentication status if (!user) { var msg = { type: 'error', message: 'Please Sign In', status: 'passive' }; res.status(401); return res.send(msg); } // TODO: figure out, why user & authInfo is lost req.authInfo = info; req.user = user; return next(null, user, info); } )(req, res, next); } next(); }
Lakshay Katney
created
this gist