UNPKG

ghost

Version:

The professional publishing platform

ghost.org

TryGhost/Ghost

135 lines (125 loc) 4.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
const models = require('../../models'); const tpl = require('@tryghost/tpl'); const errors = require('@tryghost/errors'); const getWebhooksServiceInstance = require('../../services/webhooks/webhooks-service'); const messages = { resourceNotFound: '{resource} not found.', noPermissionToEdit: { message: 'You do not have permission to {method} this webhook.', context: 'You may only {method} webhooks that belong to the authenticated integration. Check the supplied Admin API Key.' } }; const webhooksService = getWebhooksServiceInstance({ WebhookModel: models.Webhook }); /** @type {import('@tryghost/api-framework').Controller} */ const controller = { docName: 'webhooks', add: { statusCode: 201, headers: { // NOTE: remove if there is ever a 'read' method location: false, cacheInvalidate: false }, options: [], data: [], permissions: true, async query(frame) { return await webhooksService.add(frame.data, frame.options); } }, edit: { headers: { cacheInvalidate: false }, permissions: { before: async (frame) => { if (frame.options.context?.integration?.id) { const webhook = await models.Webhook.findOne({id: frame.options.id}); if (!webhook) { throw new errors.NotFoundError({ message: tpl(messages.resourceNotFound, { resource: 'Webhook' }) }); } if (webhook.get('integration_id') !== frame.options.context.integration.id) { throw new errors.NoPermissionError({ message: tpl(messages.noPermissionToEdit.message, { method: 'edit' }), context: tpl(messages.noPermissionToEdit.context, { method: 'edit' }) }); } } } }, data: [ 'name', 'event', 'target_url', 'secret', 'api_version' ], options: [ 'id' ], validation: { options: { id: { required: true } } }, query({data, options}) { return models.Webhook.edit(data.webhooks[0], {...options, require: true}); } }, destroy: { statusCode: 204, headers: { cacheInvalidate: false }, options: [ 'id' ], validation: { options: { id: { required: true } } }, permissions: { before: async (frame) => { if (frame.options.context?.integration?.id) { const webhook = await models.Webhook.findOne({id: frame.options.id}); if (!webhook) { throw new errors.NotFoundError({ message: tpl(messages.resourceNotFound, { resource: 'Webhook' }) }); } if (webhook.get('integration_id') !== frame.options.context.integration.id) { throw new errors.NoPermissionError({ message: tpl(messages.noPermissionToEdit.message, { method: 'destroy' }), context: tpl(messages.noPermissionToEdit.context, { method: 'destroy' }) }); } } } }, query(frame) { return models.Webhook.destroy({...frame.options, require: true}); } } }; module.exports = controller;