ghost 4.22.0 → 4.22.4

package/core/server/services/url/UrlService.js

@@ -1,7 +1,9 @@
+const fs = require('fs-extra');
 const _debug = require('@tryghost/debug')._base;
 const debug = _debug('ghost:services:url:service');
 const _ = require('lodash');
 const errors = require('@tryghost/errors');
+const labs = require('../../../shared/labs');
 const UrlGenerator = require('./UrlGenerator');
 const Queue = require('./Queue');
 const Urls = require('./Urls');
@@ -17,15 +19,28 @@ const events = require('../../lib/common/events');
  * It will tell you if the url generation is in progress or not.
  */
 class UrlService {
-    constructor() {
+    /**
+     *
+     * @param {Object} options
+     * @param {String} [options.urlsCachePath] - cached URLs storage path
+     * @param {String} [options.resourcesCachePath] - cached resources storage path
+     */
+    constructor({urlsCachePath, resourcesCachePath} = {}) {
         this.utils = urlUtils;
-
+        this.urlsCachePath = urlsCachePath;
+        this.resourcesCachePath = resourcesCachePath;
+        this.onFinished = null;
         this.finished = false;
         this.urlGenerators = [];
 
-        this.urls = new Urls();
+        // Get urls
         this.queue = new Queue();
-        this.resources = new Resources(this.queue);
+        // NOTE: Urls and Resources should not be initialized here but only in the init method.
+        //      Way too many tests fail if the initialization is removed so leaving it as is for time being
+        this.urls = new Urls();
+        this.resources = new Resources({
+            queue: this.queue
+        });
 
         this._listeners();
     }
@@ -68,26 +83,41 @@ class UrlService {
     _onQueueEnded(event) {
         if (event === 'init') {
             this.finished = true;
+            if (this.onFinished) {
+                this.onFinished();
+            }
         }
     }
 
     /**
      * @description Router was created, connect it with a url generator.
-     * @param {ExpressRouter} router
+     * @param {String} identifier frontend router ID reference
+     * @param {String} filter NQL filter
+     * @param {String} resourceType
+     * @param {String} permalink
      */
-    onRouterAddedType(router) {
-        debug('Registering route: ', router.name);
-
-        let urlGenerator = new UrlGenerator(router, this.queue, this.resources, this.urls, this.urlGenerators.length);
+    onRouterAddedType(identifier, filter, resourceType, permalink) {
+        debug('Registering route: ', filter, resourceType, permalink);
+
+        let urlGenerator = new UrlGenerator({
+            identifier,
+            filter,
+            resourceType,
+            permalink,
+            queue: this.queue,
+            resources: this.resources,
+            urls: this.urls,
+            position: this.urlGenerators.length
+        });
         this.urlGenerators.push(urlGenerator);
     }
 
     /**
      * @description Router update handler - regenerates it's resources
-     * @param {ExpressRouter} router
+     * @param {String} identifier router ID linked to the UrlGenerator
      */
-    onRouterUpdated(router) {
-        const generator = this.urlGenerators.find(g => g.router.id === router.id);
+    onRouterUpdated(identifier) {
+        const generator = this.urlGenerators.find(g => g.identifier === identifier);
         generator.regenerateResources();
     }
 
@@ -246,7 +276,7 @@ class UrlService {
         let urlGenerator;
 
         this.urlGenerators.every((_urlGenerator) => {
-            if (_urlGenerator.router.identifier === routerId) {
+            if (_urlGenerator.identifier === routerId) {
                 urlGenerator = _urlGenerator;
                 return false;
             }
@@ -276,18 +306,90 @@ class UrlService {
             return null;
         }
 
-        return _.find(this.urlGenerators, {uid: object.generatorId}).router.getPermalinks()
-            .getValue(options);
+        const permalink = _.find(this.urlGenerators, {uid: object.generatorId}).permalink;
+
+        if (options.withUrlOptions) {
+            return urlUtils.urlJoin(permalink, '/:options(edit)?/');
+        }
+
+        return permalink;
     }
 
     /**
-     * @description Internal helper to re-trigger fetching resources on theme change.
-     *
-     * @TODO: Either remove this helper or rename to `_init`, because it's a little confusing,
-     *        because this service get's initalised via events.
+     * @description Initializes components needed for the URL Service to function
+     * @param {Object} options
+     * @param {Function} [options.onFinished] - callback when url generation is finished
      */
-    init() {
-        this.resources.fetchResources();
+    async init(options = {}) {
+        this.onFinished = options.onFinished;
+
+        let persistedUrls;
+        let persistedResources;
+
+        if (labs.isSet('urlCache')) {
+            persistedUrls = await this.readCacheFile(this.urlsCachePath);
+            persistedResources = await this.readCacheFile(this.resourcesCachePath);
+        }
+
+        if (persistedUrls && persistedResources) {
+            this.urls = new Urls({
+                urls: persistedUrls
+            });
+            this.resources = new Resources({
+                queue: this.queue,
+                resources: persistedResources
+            });
+            this.resources.initResourceConfig();
+            this.resources.initEvenListeners();
+
+            this._onQueueEnded('init');
+        } else {
+            this.resources.initResourceConfig();
+            this.resources.initEvenListeners();
+            await this.resources.fetchResources();
+            // CASE: all resources are fetched, start the queue
+            this.queue.start({
+                event: 'init',
+                tolerance: 100,
+                requiredSubscriberCount: 1
+            });
+        }
+    }
+
+    async shutdown() {
+        if (!labs.isSet('urlCache')) {
+            return null;
+        }
+
+        await this.persistToCacheFile(this.urlsCachePath, this.urls.urls);
+        await this.persistToCacheFile(this.resourcesCachePath, this.resources.getAll());
+    }
+
+    async persistToCacheFile(filePath, data) {
+        return fs.writeFile(filePath, JSON.stringify(data, null, 4));
+    }
+
+    async readCacheFile(filePath) {
+        let cacheExists = false;
+        let cacheData;
+
+        try {
+            await fs.stat(filePath);
+            cacheExists = true;
+        } catch (e) {
+            cacheExists = false;
+        }
+
+        if (cacheExists) {
+            try {
+                const cacheFile = await fs.readFile(filePath, 'utf8');
+                cacheData = JSON.parse(cacheFile);
+            } catch (e) {
+                //noop as we'd start a long boot process if there are any errors in the file
+            }
+        }
+
+        return cacheData;
     }
 
     /**

package/core/server/services/url/Urls.js

@@ -20,8 +20,13 @@ const events = require('../../lib/common/events');
  * You can easily ask `this.urls[resourceId]`.
  */
 class Urls {
-    constructor() {
-        this.urls = {};
+    /**
+     *
+     * @param {Object} [options]
+     * @param {Object} [options.urls] map of available URLs with their resources
+     */
+    constructor({urls = {}} = {}) {
+        this.urls = urls;
     }
 
     /**

package/core/server/services/url/index.js

@@ -1,5 +1,13 @@
+const path = require('path');
+const config = require('../../../shared/config');
 const UrlService = require('./UrlService');
-const urlService = new UrlService();
+
+// NOTE: instead of a path we could give UrlService a "data-resolver" of some sort
+//       so it doesn't have to contain the logic to read data at all. This would be
+//       a possible improvement in the future
+const urlsCachePath = path.join(config.getContentPath('data'), 'urls.json');
+const resourcesCachePath = path.join(config.getContentPath('data'), 'resources.json');
+const urlService = new UrlService({urlsCachePath, resourcesCachePath});
 
 // Singleton
 module.exports = urlService;

package/core/server/web/admin/app.js

@@ -27,19 +27,19 @@ module.exports = function setupAdminApp() {
     }
 
     // Render error page in case of maintenance
-    adminApp.use(shared.middlewares.maintenance);
+    adminApp.use(shared.middleware.maintenance);
 
     // Force SSL if required
     // must happen AFTER asset loading and BEFORE routing
-    adminApp.use(shared.middlewares.urlRedirects.adminSSLAndHostRedirect);
+    adminApp.use(shared.middleware.urlRedirects.adminSSLAndHostRedirect);
 
     // Add in all trailing slashes & remove uppercase
     // must happen AFTER asset loading and BEFORE routing
-    adminApp.use(shared.middlewares.prettyUrls);
+    adminApp.use(shared.middleware.prettyUrls);
 
     // Cache headers go last before serving the request
     // Admin is currently set to not be cached at all
-    adminApp.use(shared.middlewares.cacheControl('private'));
+    adminApp.use(shared.middleware.cacheControl('private'));
 
     // Special redirects for the admin (these should have their own cache-control headers)
     adminApp.use(adminMiddleware);
@@ -47,8 +47,8 @@ module.exports = function setupAdminApp() {
     // Finally, routing
     adminApp.get('*', require('./controller'));
 
-    adminApp.use(shared.middlewares.errorHandler.pageNotFound);
-    adminApp.use(shared.middlewares.errorHandler.handleHTMLResponse);
+    adminApp.use(shared.middleware.errorHandler.pageNotFound);
+    adminApp.use(shared.middleware.errorHandler.handleHTMLResponse);
 
     debug('Admin setup end');
 

package/core/server/web/admin/views/default-prod.html

@@ -41,7 +41,7 @@
 
     
                 <link rel="stylesheet" href="assets/vendor.min-987af30228885bce50f05c4723fe6f53.css">
-                <link rel="stylesheet" href="assets/ghost.min-66e08535f8bb797a8c40e0a2b31f1e9e.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-fcf6a0738421f86c47c55f20d00c5ba9.css" title="light">
             
 
     
@@ -59,8 +59,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
 
 
-                <script src="assets/vendor.min-7c8fdd90f7ecd2e94328a07ea3b64608.js"></script>
-                <script src="assets/ghost.min-efbfb823467b66f4acc66537d033aa55.js"></script>
+                <script src="assets/vendor.min-c9002845b6c30ac978abdadde9f33d7c.js"></script>
+                <script src="assets/ghost.min-2e3e64eb258cf424c59c3e308b4bc6e6.js"></script>
             
 </body>
 </html>

package/core/server/web/admin/views/default.html

@@ -41,7 +41,7 @@
 
     
                 <link rel="stylesheet" href="assets/vendor.min-987af30228885bce50f05c4723fe6f53.css">
-                <link rel="stylesheet" href="assets/ghost.min-66e08535f8bb797a8c40e0a2b31f1e9e.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-fcf6a0738421f86c47c55f20d00c5ba9.css" title="light">
             
 
     
@@ -59,8 +59,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
 
 
-                <script src="assets/vendor.min-7c8fdd90f7ecd2e94328a07ea3b64608.js"></script>
-                <script src="assets/ghost.min-efbfb823467b66f4acc66537d033aa55.js"></script>
+                <script src="assets/vendor.min-c9002845b6c30ac978abdadde9f33d7c.js"></script>
+                <script src="assets/ghost.min-2e3e64eb258cf424c59c3e308b4bc6e6.js"></script>
             
 </body>
 </html>

package/core/server/web/api/app.js

@@ -2,7 +2,7 @@ const debug = require('@tryghost/debug')('web:api:default:app');
 const config = require('../../../shared/config');
 const express = require('../../../shared/express');
 const urlUtils = require('../../../shared/url-utils');
-const errorHandler = require('../shared/middlewares/error-handler');
+const errorHandler = require('../shared/middleware/error-handler');
 
 module.exports = function setupApiApp() {
     debug('Parent API setup start');

package/core/server/web/api/canary/admin/app.js

@@ -20,21 +20,21 @@ module.exports = function setupApiApp() {
     apiApp.use(boolParser());
 
     // send 503 json response in case of maintenance
-    apiApp.use(shared.middlewares.maintenance);
+    apiApp.use(shared.middleware.maintenance);
 
     // Check version matches for API requests, depends on res.locals.safeVersion being set
     // Therefore must come after themeHandler.ghostLocals, for now
     apiApp.use(apiMw.versionMatch);
 
     // Admin API shouldn't be cached
-    apiApp.use(shared.middlewares.cacheControl('private'));
+    apiApp.use(shared.middleware.cacheControl('private'));
 
     // Routing
     apiApp.use(routes());
 
     // API error handling
-    apiApp.use(shared.middlewares.errorHandler.resourceNotFound);
-    apiApp.use(shared.middlewares.errorHandler.handleJSONResponseV2);
+    apiApp.use(shared.middleware.errorHandler.resourceNotFound);
+    apiApp.use(shared.middleware.errorHandler.handleJSONResponseV2);
 
     debug('Admin API canary setup end');
 

package/core/server/web/api/canary/admin/middleware.js

@@ -59,8 +59,8 @@ module.exports.authAdminApi = [
     auth.authorize.authorizeAdminApi,
     apiMw.updateUserLastSeen,
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];
 
@@ -73,8 +73,8 @@ module.exports.authAdminApiWithUrl = [
     auth.authorize.authorizeAdminApi,
     apiMw.updateUserLastSeen,
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];
 
@@ -83,7 +83,7 @@ module.exports.authAdminApiWithUrl = [
  */
 module.exports.publicAdminApi = [
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];

package/core/server/web/api/canary/admin/routes.js

@@ -204,8 +204,8 @@ module.exports = function apiRoutes() {
     router.get('/session', mw.authAdminApi, http(api.session.read));
     // We don't need auth when creating a new session (logging in)
     router.post('/session',
-        shared.middlewares.brute.globalBlock,
-        shared.middlewares.brute.userLogin,
+        shared.middleware.brute.globalBlock,
+        shared.middleware.brute.userLogin,
         http(api.session.add)
     );
     router.del('/session', mw.authAdminApi, http(api.session.delete));
@@ -215,11 +215,11 @@ module.exports = function apiRoutes() {
 
     // ## Authentication
     router.post('/authentication/passwordreset',
-        shared.middlewares.brute.globalReset,
-        shared.middlewares.brute.userReset,
+        shared.middleware.brute.globalReset,
+        shared.middleware.brute.userReset,
         http(api.authentication.generateResetToken)
     );
-    router.put('/authentication/passwordreset', shared.middlewares.brute.globalBlock, http(api.authentication.resetPassword));
+    router.put('/authentication/passwordreset', shared.middleware.brute.globalBlock, http(api.authentication.resetPassword));
     router.post('/authentication/invitation', http(api.authentication.acceptInvitation));
     router.get('/authentication/invitation', http(api.authentication.isInvitation));
     router.post('/authentication/setup', http(api.authentication.setup));
@@ -244,6 +244,21 @@ module.exports = function apiRoutes() {
         apiMw.upload.mediaValidation({type: 'media'}),
         http(api.media.upload)
     );
+    router.put('/media/thumbnail/upload',
+        labs.enabledMiddleware('mediaAPI'),
+        mw.authAdminApi,
+        apiMw.upload.single('file'),
+        apiMw.upload.validation({type: 'images'}),
+        http(api.media.uploadThumbnail)
+    );
+
+    // ## files
+    router.post('/files/upload',
+        labs.enabledMiddleware('filesAPI'),
+        mw.authAdminApi,
+        apiMw.upload.single('file'),
+        http(api.files.upload)
+    );
 
     // ## Invites
     router.get('/invites', mw.authAdminApi, http(api.invites.browse));

package/core/server/web/api/canary/content/app.js

@@ -18,17 +18,17 @@ module.exports = function setupApiApp() {
     apiApp.use(boolParser());
 
     // send 503 json response in case of maintenance
-    apiApp.use(shared.middlewares.maintenance);
+    apiApp.use(shared.middleware.maintenance);
 
     // API shouldn't be cached
-    apiApp.use(shared.middlewares.cacheControl('private'));
+    apiApp.use(shared.middleware.cacheControl('private'));
 
     // Routing
     apiApp.use(routes());
 
     // API error handling
-    apiApp.use(shared.middlewares.errorHandler.resourceNotFound);
-    apiApp.use(shared.middlewares.errorHandler.handleJSONResponse);
+    apiApp.use(shared.middleware.errorHandler.resourceNotFound);
+    apiApp.use(shared.middleware.errorHandler.handleJSONResponse);
 
     debug('Content API canary setup end');
 

package/core/server/web/api/canary/content/middleware.js

@@ -14,10 +14,10 @@ const shared = require('../../../shared');
  * Authentication for public endpoints
  */
 module.exports.authenticatePublic = [
-    shared.middlewares.brute.contentApiKey,
+    shared.middleware.brute.contentApiKey,
     auth.authenticate.authenticateContentApi,
     auth.authorize.authorizeContentApi,
     cors(),
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls
 ];

package/core/server/web/api/middleware/cors.js

@@ -3,7 +3,7 @@ const url = require('url');
 const os = require('os');
 const urlUtils = require('../../../../shared/url-utils');
 
-let whitelist = [];
+let allowlist = [];
 const ENABLE_CORS = {origin: true, maxAge: 86400};
 const DISABLE_CORS = {origin: false};
 
@@ -46,16 +46,16 @@ function getUrls() {
     return urls;
 }
 
-function getWhitelist() {
+function getAllowlist() {
     // This needs doing just one time after init
-    if (whitelist.length === 0) {
+    if (allowlist.length === 0) {
         // origins that always match: localhost, local IPs, etc.
-        whitelist = whitelist.concat(getIPs());
+        allowlist = allowlist.concat(getIPs());
         // Trusted urls from config.js
-        whitelist = whitelist.concat(getUrls());
+        allowlist = allowlist.concat(getUrls());
     }
 
-    return whitelist;
+    return allowlist;
 }
 
 /**
@@ -73,7 +73,7 @@ function handleCORS(req, cb) {
     }
 
     // Origin matches whitelist
-    if (getWhitelist().indexOf(url.parse(origin).hostname) > -1) {
+    if (getAllowlist().indexOf(url.parse(origin).hostname) > -1) {
         return cb(null, ENABLE_CORS);
     }
 

package/core/server/web/api/v2/admin/app.js

@@ -20,21 +20,21 @@ module.exports = function setupApiApp() {
     apiApp.use(boolParser());
 
     // send 503 json response in case of maintenance
-    apiApp.use(shared.middlewares.maintenance);
+    apiApp.use(shared.middleware.maintenance);
 
     // Check version matches for API requests, depends on res.locals.safeVersion being set
     // Therefore must come after themeHandler.ghostLocals, for now
     apiApp.use(apiMw.versionMatch);
 
     // Admin API shouldn't be cached
-    apiApp.use(shared.middlewares.cacheControl('private'));
+    apiApp.use(shared.middleware.cacheControl('private'));
 
     // Routing
     apiApp.use(routes());
 
     // API error handling
-    apiApp.use(shared.middlewares.errorHandler.resourceNotFound);
-    apiApp.use(shared.middlewares.errorHandler.handleJSONResponseV2);
+    apiApp.use(shared.middleware.errorHandler.resourceNotFound);
+    apiApp.use(shared.middleware.errorHandler.handleJSONResponseV2);
 
     debug('Admin API v2 setup end');
 

package/core/server/web/api/v2/admin/middleware.js

@@ -55,8 +55,8 @@ module.exports.authAdminApi = [
     auth.authorize.authorizeAdminApi,
     apiMw.updateUserLastSeen,
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];
 
@@ -69,8 +69,8 @@ module.exports.authAdminApiWithUrl = [
     auth.authorize.authorizeAdminApi,
     apiMw.updateUserLastSeen,
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];
 
@@ -79,7 +79,7 @@ module.exports.authAdminApiWithUrl = [
  */
 module.exports.publicAdminApi = [
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];

package/core/server/web/api/v2/admin/routes.js

@@ -142,19 +142,19 @@ module.exports = function apiRoutes() {
     router.get('/session', mw.authAdminApi, http(api.session.read));
     // We don't need auth when creating a new session (logging in)
     router.post('/session',
-        shared.middlewares.brute.globalBlock,
-        shared.middlewares.brute.userLogin,
+        shared.middleware.brute.globalBlock,
+        shared.middleware.brute.userLogin,
         http(api.session.add)
     );
     router.del('/session', mw.authAdminApi, http(api.session.delete));
 
     // ## Authentication
     router.post('/authentication/passwordreset',
-        shared.middlewares.brute.globalReset,
-        shared.middlewares.brute.userReset,
+        shared.middleware.brute.globalReset,
+        shared.middleware.brute.userReset,
         http(api.authentication.generateResetToken)
     );
-    router.put('/authentication/passwordreset', shared.middlewares.brute.globalBlock, http(api.authentication.resetPassword));
+    router.put('/authentication/passwordreset', shared.middleware.brute.globalBlock, http(api.authentication.resetPassword));
     router.post('/authentication/invitation', http(api.authentication.acceptInvitation));
     router.get('/authentication/invitation', http(api.authentication.isInvitation));
     router.post('/authentication/setup', http(api.authentication.setup));

package/core/server/web/api/v2/content/app.js

@@ -18,17 +18,17 @@ module.exports = function setupApiApp() {
     apiApp.use(boolParser());
 
     // send 503 json response in case of maintenance
-    apiApp.use(shared.middlewares.maintenance);
+    apiApp.use(shared.middleware.maintenance);
 
     // API shouldn't be cached
-    apiApp.use(shared.middlewares.cacheControl('private'));
+    apiApp.use(shared.middleware.cacheControl('private'));
 
     // Routing
     apiApp.use(routes());
 
     // API error handling
-    apiApp.use(shared.middlewares.errorHandler.resourceNotFound);
-    apiApp.use(shared.middlewares.errorHandler.handleJSONResponse);
+    apiApp.use(shared.middleware.errorHandler.resourceNotFound);
+    apiApp.use(shared.middleware.errorHandler.handleJSONResponse);
 
     debug('Content API v2 setup end');
 

package/core/server/web/api/v2/content/middleware.js

@@ -14,10 +14,10 @@ const shared = require('../../../shared');
  * Authentication for public endpoints
  */
 module.exports.authenticatePublic = [
-    shared.middlewares.brute.contentApiKey,
+    shared.middleware.brute.contentApiKey,
     auth.authenticate.authenticateContentApi,
     auth.authorize.authorizeContentApi,
     cors(),
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls
 ];

package/core/server/web/api/v3/admin/app.js

@@ -20,21 +20,21 @@ module.exports = function setupApiApp() {
     apiApp.use(boolParser());
 
     // send 503 json response in case of maintenance
-    apiApp.use(shared.middlewares.maintenance);
+    apiApp.use(shared.middleware.maintenance);
 
     // Check version matches for API requests, depends on res.locals.safeVersion being set
     // Therefore must come after themeHandler.ghostLocals, for now
     apiApp.use(apiMw.versionMatch);
 
     // Admin API shouldn't be cached
-    apiApp.use(shared.middlewares.cacheControl('private'));
+    apiApp.use(shared.middleware.cacheControl('private'));
 
     // Routing
     apiApp.use(routes());
 
     // API error handling
-    apiApp.use(shared.middlewares.errorHandler.resourceNotFound);
-    apiApp.use(shared.middlewares.errorHandler.handleJSONResponseV2);
+    apiApp.use(shared.middleware.errorHandler.resourceNotFound);
+    apiApp.use(shared.middleware.errorHandler.handleJSONResponseV2);
 
     debug('Admin API v3 setup end');