Ghost blog authentication

The authentication for Ghost blog is very simple, there’s no MFA, and a single request is needed to complete the login. By the end, the user gets a cookie that works everywhere. Below is the configuration file including three functions, to get the user information, get all the posts, and the tags:

(setv _base_url "https://url.to.ghost.blog/")
(setv username (Variable "username"))
(setv password (Variable "password"))

(setv session_id
      (Cookie "ghost-admin-api-session"))


(setv login
      (Flow
        :name "login"
        :request (Request
                   :method "POST"
                   :path "/ghost/api/v3/admin/session"
                   :data
                   {"password" password
                    "username" username})
        :outputs [session_id]
        :operations [(Http
                       :status 404
                       :action (Error "Login failed"))]))


(setv get_user_info
      (Flow
        :name "get_user_info"
        :request (Request
                   :method "GET"
                   :path "/ghost/api/canary/admin/users/me/"
                   :cookies [session_id]
                   :data {"include" "roles"})
        :operations [(Print.body)]))


(setv get_tags
      (Flow
        :name "get_tags"
        :request (Request
                   :method "GET"
                   :path "/ghost/api/v3/admin/tags/?limit=all"
                   :cookies [session_id])
        :operations [(Print.body)]))


(setv get_posts
      (Flow
        :name "get_posts"
        :request (Request
                   :method "GET"
                   :path "/ghost/api/canary/admin/posts/"
                   :cookies [session_id])
        :operations [(Print.body)]))


(setv _authentication
      [login])

(setv _functions [get_user_info
                  get_tags
                  get_posts])