Ghost Blog - Check Request Headers

Question

I have a self-hosted Ghost blog running. I want to check for the presence of a custom header, for example X-Den-Was-Here.

What I want to implement is a conditional check, where:

If the header is present - load the blog cotnents.
If the header is not present - return a 401 Unauthorized.

Where would be the most appropriate place to perform this check within the Ghost infra?

score 0 · Answer 1 · answered May 24 '16 at 00:10

0

According to Express 4.x API Reference you can access headers using req.get(headerName), and check if it returns undefined or something, e.g.:

app.get('/', function(req, res, next) {
  if(req.get(headerName) == undefined){
    //do not load modules
  }else{
    loadModules();
  }
});

answered May 24 '16 at 00:10

Ernani

1,009
3
15
26

That, of course, is the way to get the header. My question relates more to the Ghost architecture and where within the flow it would be appropriate to enforce a header check. – Den May 24 '16 at 00:23

score 0 · Accepted Answer · answered May 24 '16 at 00:25

As it turns out, the solution to this (and I am open to have someone validate it and show me that I chose the wrong location for it) is to modify the caching layer to verify an inbound request header.

For that, you need \core\server\middleware\cache-control.js. Within the cacheControlHeaders function, you can just add the snippet below right before the next() call:

if (req.headers["den-was-here"] != "1")
{
    return res.sendStatus(401);
}

This will effectively throw a 401 Unauthorized response for any request that does not carry the header.

Ghost Blog - Check Request Headers

2 Answers2