diff --git a/src/middleware/index.js b/src/middleware/index.js index 8b84fbae1b..2b39184b86 100644 --- a/src/middleware/index.js +++ b/src/middleware/index.js @@ -34,15 +34,6 @@ require('./maintenance')(middleware); require('./user')(middleware); require('./headers')(middleware); -middleware.stripLeadingSlashes = function (req, res, next) { - var target = req.originalUrl.replace(nconf.get('relative_path'), ''); - if (target.startsWith('//')) { - res.redirect(nconf.get('relative_path') + target.replace(/^\/+/, '/')); - } else { - next(); - } -}; - middleware.pageView = function (req, res, next) { analytics.pageView({ ip: req.ip, diff --git a/src/plugins.js b/src/plugins.js index 7c758c517a..9dbc5d04b9 100644 --- a/src/plugins.js +++ b/src/plugins.js @@ -117,6 +117,10 @@ Plugins.reload = function (callback) { Plugins.reloadRoutes = function (callback) { var router = express.Router(); + var ensureLoggedIn = require('connect-ensure-login'); + + router.all('(/api/admin|/api/admin/*?)', middleware.isAdmin); + router.all('(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin); router.hotswapId = 'plugins'; router.render = function () { diff --git a/src/routes/index.js b/src/routes/index.js index d05551ccbd..9c933a63ca 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -113,12 +113,14 @@ module.exports = function (app, middleware, hotswapIds, callback) { pluginRouter.hotswapId = 'plugins'; authRouter.hotswapId = 'auth'; - app.use(middleware.stripLeadingSlashes); - app.all(relativePath + '(/api|/api/*?)', middleware.prepareAPI); + app.all(relativePath + '(/api/admin|/api/admin/*?)', middleware.isAdmin); app.all(relativePath + '(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin); + router.all('(/api/admin|/api/admin/*?)', middleware.isAdmin); + router.all('(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin); + adminRoutes(router, middleware, controllers); metaRoutes(router, middleware, controllers); apiRoutes(router, middleware, controllers); diff --git a/test/controllers.js b/test/controllers.js index 6a3882ea5e..da95296f24 100644 --- a/test/controllers.js +++ b/test/controllers.js @@ -1771,6 +1771,26 @@ describe('Controllers', function () { }); }); + describe('admin middlewares', function () { + it('should redirect to login', function (done) { + request(nconf.get('url') + '//api/admin/advanced/database', { json: true }, function (err, res, body) { + assert.ifError(err); + assert.equal(res.statusCode, 200); + assert(body.indexOf('Login to your account') !== -1); + done(); + }); + }); + + it('should redirect to login', function (done) { + request(nconf.get('url') + '//admin/advanced/database', { json: true }, function (err, res, body) { + assert.ifError(err); + assert.equal(res.statusCode, 200); + assert(body.indexOf('Login to your account') !== -1); + done(); + }); + }); + }); + after(function (done) { var analytics = require('../src/analytics'); analytics.writeData(done);