UNPKG

ghost

Version:

The professional publishing platform

ghost.org

TryGhost/Ghost

97 lines (83 loc) 3.81 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
const debug = require('@tryghost/debug')('web:admin:app'); const path = require('path'); const express = require('../../../shared/express'); const serveStatic = express.static; const config = require('../../../shared/config'); const urlUtils = require('../../../shared/url-utils'); const shared = require('../shared'); const errorHandler = require('@tryghost/mw-error-handler'); const sentry = require('../../../shared/sentry'); const redirectAdminUrls = require('./middleware/redirect-admin-urls'); const bridge = require('../../../bridge'); /** * * @returns {import('express').Application} */ module.exports = function setupAdminApp() { debug('Admin setup start'); const adminApp = express('admin'); // Admin assets // @NOTE: when we start working on HTTP/3 optimizations the immutable headers // produced below should be split into separate 'Cache-Control' entry. // For reference see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching#validation_2 adminApp.use('/assets', serveStatic( path.join(config.get('paths').adminAssets, 'assets'), { // @NOTE: the maxAge config passed below are in milliseconds and the config // is specified in seconds. See https://github.com/expressjs/serve-static/issues/150 for more context maxAge: config.get('caching:admin:maxAge') * 1000, immutable: true, fallthrough: false } )); // Auth Frame renders a HTML page that loads some JS which then makes an API // request to the Admin API /users/me/ endpoint to check if the user is logged in. // // Used by comments-ui to add moderation options to front-end comments when logged in. adminApp.use('/auth-frame', bridge.ensureAdminAuthAssetsMiddleware(), function authFrameMw(req, res, next) { // only render content when we have an Admin session cookie, // otherwise return a 204 to avoid JS and API requests being made unnecessarily try { if (req.headers.cookie?.includes('ghost-admin-api-session')) { next(); } else { res.setHeader('Cache-Control', 'public, max-age=0'); res.sendStatus(204); } } catch (err) { next(err); } }, serveStatic( path.join(config.getContentPath('public'), 'admin-auth') )); // Ember CLI's live-reload script if (config.get('env') === 'development') { adminApp.get('/ember-cli-live-reload.js', function emberLiveReload(req, res) { res.redirect(`http://localhost:4200${urlUtils.getSubdir()}/ghost/ember-cli-live-reload.js`); }); } // Force SSL if required // must happen AFTER asset loading and BEFORE routing adminApp.use(shared.middleware.urlRedirects.adminSSLAndHostRedirect); // Add in all trailing slashes & remove uppercase // must happen AFTER asset loading and BEFORE routing adminApp.use(shared.middleware.prettyUrls); // Cache headers go last before serving the request // Admin is currently set to not be cached at all adminApp.use(shared.middleware.cacheControl('private')); // Special redirects for the admin (these should have their own cache-control headers) adminApp.use(redirectAdminUrls); // Finally, routing adminApp.get('*', require('./controller')); adminApp.use(function fourOhFourMw(err, req, res, next) { if (err.statusCode && err.statusCode === 404) { // Remove 404 errors for next middleware to inject next(); } else { next(err); } }); adminApp.use(errorHandler.pageNotFound); adminApp.use(errorHandler.handleHTMLResponse(sentry)); debug('Admin setup end'); return adminApp; };