shubhsherl · shubhsherl · May 25, 2019 · May 27, 2019 · May 30, 2019 · Jun 1, 2019
diff --git a/core/client b/core/client
diff --git a/core/server/api/shared/http.js b/core/server/api/shared/http.js
@@ -1,6 +1,7 @@
 const debug = require('ghost-ignition').debug('api:shared:http');
 const shared = require('../shared');
 const models = require('../../models');
+const _ = require('lodash');
 
 /**
  * @description HTTP wrapper.
@@ -18,6 +19,16 @@ const http = (apiImpl) => {
         let apiKey = null;
         let integration = null;
         let user = null;
+        let rc_uid = null;
+        let rc_token = null;
+
+        if(req.headers && req.headers.cookie)
+            _.forEach(req.headers.cookie.split(';'), (v)=>{
+                if(v.includes('rc_uid'))
+                    rc_uid = v.split('=')[1];
+                if(v.includes('rc_token'))
+                    rc_token = v.split('=')[1];
+            });
 
         if (req.api_key) {
             apiKey = {
@@ -39,6 +50,8 @@ const http = (apiImpl) => {
             file: req.file,
             files: req.files,
             query: req.query,
+            rc_uid: rc_uid,
+            rc_token: rc_token,
             params: req.params,
             user: req.user,
             context: {
@@ -93,7 +106,6 @@ const http = (apiImpl) => {
                     docName: frame.docName,
                     method: frame.method
                 };
-
                 next(err);
             });
     };

diff --git a/core/server/api/v0.1/authentication.js b/core/server/api/v0.1/authentication.js
@@ -9,6 +9,7 @@ const Promise = require('bluebird'),
     mail = require('../../services/mail'),
     urlService = require('../../services/url'),
     localUtils = require('./utils'),
+    rcUtils = require('../v2/utils/rc-utils'),
     models = require('../../models'),
     web = require('../../web'),
     mailAPI = require('./mail'),
@@ -61,14 +62,25 @@ function setupTasks(setupData) {
     let tasks;
 
     function validateData(setupData) {
-        return localUtils.checkObject(setupData, 'setup').then((checked) => {
-            const data = checked.setup[0];
-
+        const id = setupData['setup'][0].rc_id;
+        const token = setupData['setup'][0].rc_token;
+        const blogTitle = setupData['setup'][0].blogTitle;
+        const rcUrl = setupData['setup'][0].rc_url;
+        const announceToken = setupData['setup'][0].announce_token;
+        const collabToken = setupData['setup'][0].collaboration_token;
+        return rcUtils.checkAdmin(rcUrl, id, token).then((data) => {
+            const email = data.emails[0].address;
             return {
                 name: data.name,
-                email: data.email,
-                password: data.password,
-                blogTitle: data.blogTitle,
+                rc_id: id,
+                rc_username: data.username,
+                profile_image: data.avatarUrl, 
+                email: email,
+                password: "qwe123qwe123",//TODO set random password
+                blogTitle: blogTitle,
+                announce_token: announceToken,
+                collaboration_token: collabToken,
+                serverUrl: rcUrl,
                 status: 'active'
             };
         });
@@ -97,6 +109,9 @@ function setupTasks(setupData) {
     function doSettings(data) {
         const user = data.user,
             blogTitle = data.userData.blogTitle,
+            serverUrl = data.userData.serverUrl,
+            announceToken = data.userData.announce_token,
+            collabToken = data.userData.collaboration_token,
             context = {context: {user: data.user.id}};
 
         let userSettings;
@@ -106,7 +121,10 @@ function setupTasks(setupData) {
         }
 
         userSettings = [
+            {key: 'server_url', value: serverUrl},
             {key: 'title', value: blogTitle.trim()},
+            {key: 'announce_token', value: announceToken},
+            {key: 'collaboration_token', value: collabToken},
             {key: 'description', value: common.i18n.t('common.api.authentication.sampleBlogDescription')}
         ];
 
@@ -437,6 +455,92 @@ authentication = {
         return pipeline(tasks, invitation);
     },
 
+        /**
+     * ### Add Users
+     * @param {Object} invitation an invitation object
+     * @returns {Promise<Object>}
+     */
+    addUser(invitation, option) {
+        let tasks,
+            invite;
+        const options = {context: {internal: true}, withRelated: ['roles']};
+        const localOptions = {context: {internal: true}};
+        // 1. if admin adds user, option.
+        // 2. if user creating account, invitation.
+        const rc_uid = option.rc_uid || invitation.user[0].rc_uid;
+        const rc_token = option.rc_token || invitation.user[0].rc_token;
+
+        function validateInvitation(invitation) {
+            return models.Settings.findOne({ key: 'invite_only' }, localOptions)
+                .then((setting) => {
+                    const inviteOnly = setting.attributes.value;
+                    return rcUtils.getMe(rc_uid, rc_token)
+                        .then((invitedBy) => {
+                            if (!invitedBy.success) {
+                                throw new common.errors.NotFoundError({ message: "User not found. Make Sure you are logged in on RC." });
+                            }
+                            if (inviteOnly) { //Check that rc_uid is of Owner/Admin
+                                return models.User.findOne({ rc_id: rc_uid, role: 'Owner'||'Administrator', status: 'all'}, options)
+                                    .then((user) => {
+                                        if (user) {
+                                            return invitation;
+                                        } else {
+                                            throw new common.errors.NotFoundError({ message: "You are not authorized to add new authors" });
+                                        }
+                                    });
+                            } else {// Self Invitation
+                                return invitation;
+                            }
+                        });
+                });
+        }
+
+        function processInvitation(invitation) {
+            const data = invitation.user[0];
+            return rcUtils.getUser(rc_uid, rc_token, data.rc_username)
+                .then((user) => {
+                    if (user.success && user.user) {
+                        const u = user.user;
+                        if(!u.emails){
+                            throw new common.errors.NotFoundError({ message: "Cannot create account without email." });
+                        }
+                        const email = u.emails[0].address;
+                        const role = data.role.name||'Author';
+                        return models.Role.findOne({name: role})
+                            .then((r) => {
+                            return models.User.add({
+                                rc_id: u._id,
+                                rc_username: u.username,
+                                email: email,
+                                name: u.name,
+                                password: "qwe123qwe123",//TODO Random password
+                                roles: [r]
+                            }, localOptions);
+                            });
+                    } else {
+                        throw new common.errors.NotFoundError({message: "User not found. Make Sure you are logged in on RC."});
+                    }
+                });
+        }
+
+        function formatResponse() {
+            return {
+                invitation: [
+                    {message: 'User Added'}
+                ]
+            };
+        }
+
+        tasks = [
+            assertSetupCompleted(true),
+            validateInvitation,
+            processInvitation,
+            formatResponse
+        ];
+
+        return pipeline(tasks, invitation);
+    },
+
     /**
      * ### Check for invitation
      * @param {Object} options
@@ -513,7 +617,7 @@ authentication = {
     },
 
     /**
-     * Executes the setup tasks and sends an email to the owner
+     * Executes the setup tasks and get access_token and user_id and verify with rc-utils
      * @param  {Object} setupDetails
      * @return {Promise<Object>} a user api payload
      */
@@ -566,7 +670,8 @@ authentication = {
         tasks = [
             assertSetupCompleted(false),
             doSetup,
-            sendNotification,
+            // TODO: add mail service from RC.
+            // sendNotification,
             formatResponse
         ];
 

diff --git a/core/server/api/v0.1/index.js b/core/server/api/v0.1/index.js
@@ -4,7 +4,7 @@
 // Ghost's JSON API is integral to the workings of Ghost, regardless of whether you want to access data internally,
 // from a theme, an app, or from an external app, you'll use the Ghost JSON API to do so.
 
-const {isEmpty} = require('lodash');
+const {isEmpty, forEach} = require('lodash');
 const Promise = require('bluebird');
 const models = require('../../models');
 const urlService = require('../../services/url');
@@ -272,6 +272,14 @@ const http = (apiMethod) => {
                 }
             });
 
+        if(req.headers && req.headers.cookie)
+            forEach(req.headers.cookie.split(';'), (v)=>{
+                if(v.includes('rc_uid'))
+                    options.rc_uid = v.split('=')[1];
+                if(v.includes('rc_token'))
+                    options.rc_token = v.split('=')[1];
+            });
+
         if (req.files) {
             options.files = req.files;
         }

diff --git a/core/server/api/v2/index.js b/core/server/api/v2/index.js
@@ -43,8 +43,8 @@ module.exports = {
         return shared.pipeline(require('./posts'), localUtils);
     },
 
-    get invites() {
-        return shared.pipeline(require('./invites'), localUtils);
+    get rcapi() {
+        return shared.pipeline(require('./rcapi'), localUtils);
     },
 
     get mail() {