TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-19 08:31:43 +03:00
Code Issues Projects Releases Wiki Activity
0695f74a65
Ghost/ghost/api-framework/lib/validators/input/all.js

214 lines
6.6 KiB
JavaScript
Raw Normal View History

Updated API framework debug and test names - these tests have moved from `core/` so the names are no longer relevant
2022-08-11 17:42:21 +03:00
const debug = require('@tryghost/debug')('validators:input:all');
Added tiny framework to support multiple API versions (#9933) refs #9326, refs #9866 **ATTENTION: This is the first iteration. Bugs are expected.** Main Goals: - add support for multiple API versions. - do not touch v0.1 implementation - do not break v0.1 ## Problems with the existing v0.1 implementation 1. It tried to be generic and helpful, but it was a mixture of generic and explicit logic living in basically two files: utils.js and index.js. 2. Supporting multiple api versions means, you want to have as less as possible code per API version. With v0.1 it is impossible to reduce the API controller implementation. ---- This commit adds three things: 1. The tiny framework with well-defined API stages. 2. An example implementation of serving static pages via /pages for the content v2 API. 3. Unit tests to prove that the API framework works in general. ## API Stages - validation - input serialization - permissions - query - output serialization Each request should go through these stages. It is possible to disable stages, but it's not recommended. The code for each stage will either live in a shared folder or in the API version itself. It depends how API specific the validation or serialization is. Depends on the use case. We should add a specific API validator or serializer if the use case is API format specific. We should put everything else to shared. The goal is to add as much as possible into the shared API layer to reduce the logic per API version. --- Serializers and validators can be added: - for each request - for specific controllers - for specific actions --- There is room for improvements/extensions: 1. Remove http header configuration from the API controller, because the API controller should not know about http - decouple. 2. Put permissions helpers into shared. I've just extracted and capsulated the permissions helpers into a single file for now. It had no priority. The focus was on the framework itself. etc. --- You can find more information about it in the API README.md (api/README.md) - e.g. find more information about the structure - e.g. example controllers The docs are not perfect. We will improve the docs in the next two weeks. --- Upcoming tasks: - prepare test env to test multiple API versions - copy over the controllers from v0.1 to v2 - adapt the v2 express app to use the v2 controllers
2018-10-05 01:50:45 +03:00
const _ = require('lodash');
const Promise = require('bluebird');
Replaced i18n.t w/ tpl helper in validators/input/ (#13460) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package.
2021-10-06 12:17:42 +03:00
const tpl = require('@tryghost/tpl');
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope
2020-05-22 21:22:20 +03:00
const {BadRequestError, ValidationError} = require('@tryghost/errors');
Switch to @trghost/validator, remove validator - Part of the effort to split Ghost down into smaller, decoupled pieces - Moved out our internal validator tooling to a separate library - Replaced all usage of our own tooling and validatorjs directly with @tryghost/validator - Removed the validatorjs dependency and removed the renovate pin - This gives us a consistant, smaller, clearer public API for validations - It will eventually be used on Ghost Admin too - This way we can start getting up to date with validator whilst not increasing build size
2021-06-15 21:46:27 +03:00
const validator = require('@tryghost/validator');
Added tiny framework to support multiple API versions (#9933) refs #9326, refs #9866 **ATTENTION: This is the first iteration. Bugs are expected.** Main Goals: - add support for multiple API versions. - do not touch v0.1 implementation - do not break v0.1 ## Problems with the existing v0.1 implementation 1. It tried to be generic and helpful, but it was a mixture of generic and explicit logic living in basically two files: utils.js and index.js. 2. Supporting multiple api versions means, you want to have as less as possible code per API version. With v0.1 it is impossible to reduce the API controller implementation. ---- This commit adds three things: 1. The tiny framework with well-defined API stages. 2. An example implementation of serving static pages via /pages for the content v2 API. 3. Unit tests to prove that the API framework works in general. ## API Stages - validation - input serialization - permissions - query - output serialization Each request should go through these stages. It is possible to disable stages, but it's not recommended. The code for each stage will either live in a shared folder or in the API version itself. It depends how API specific the validation or serialization is. Depends on the use case. We should add a specific API validator or serializer if the use case is API format specific. We should put everything else to shared. The goal is to add as much as possible into the shared API layer to reduce the logic per API version. --- Serializers and validators can be added: - for each request - for specific controllers - for specific actions --- There is room for improvements/extensions: 1. Remove http header configuration from the API controller, because the API controller should not know about http - decouple. 2. Put permissions helpers into shared. I've just extracted and capsulated the permissions helpers into a single file for now. It had no priority. The focus was on the framework itself. etc. --- You can find more information about it in the API README.md (api/README.md) - e.g. find more information about the structure - e.g. example controllers The docs are not perfect. We will improve the docs in the next two weeks. --- Upcoming tasks: - prepare test env to test multiple API versions - copy over the controllers from v0.1 to v2 - adapt the v2 express app to use the v2 controllers
2018-10-05 01:50:45 +03:00
Replaced i18n.t w/ tpl helper in validators/input/ (#13460) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package.
2021-10-06 12:17:42 +03:00
const messages = {
validationFailed: 'Validation ({validationName}) failed for {key}',
noRootKeyProvided: 'No root key (\'{docName}\') provided.',
invalidIdProvided: 'Invalid id provided.'
};
Added tiny framework to support multiple API versions (#9933) refs #9326, refs #9866 **ATTENTION: This is the first iteration. Bugs are expected.** Main Goals: - add support for multiple API versions. - do not touch v0.1 implementation - do not break v0.1 ## Problems with the existing v0.1 implementation 1. It tried to be generic and helpful, but it was a mixture of generic and explicit logic living in basically two files: utils.js and index.js. 2. Supporting multiple api versions means, you want to have as less as possible code per API version. With v0.1 it is impossible to reduce the API controller implementation. ---- This commit adds three things: 1. The tiny framework with well-defined API stages. 2. An example implementation of serving static pages via /pages for the content v2 API. 3. Unit tests to prove that the API framework works in general. ## API Stages - validation - input serialization - permissions - query - output serialization Each request should go through these stages. It is possible to disable stages, but it's not recommended. The code for each stage will either live in a shared folder or in the API version itself. It depends how API specific the validation or serialization is. Depends on the use case. We should add a specific API validator or serializer if the use case is API format specific. We should put everything else to shared. The goal is to add as much as possible into the shared API layer to reduce the logic per API version. --- Serializers and validators can be added: - for each request - for specific controllers - for specific actions --- There is room for improvements/extensions: 1. Remove http header configuration from the API controller, because the API controller should not know about http - decouple. 2. Put permissions helpers into shared. I've just extracted and capsulated the permissions helpers into a single file for now. It had no priority. The focus was on the framework itself. etc. --- You can find more information about it in the API README.md (api/README.md) - e.g. find more information about the structure - e.g. example controllers The docs are not perfect. We will improve the docs in the next two weeks. --- Upcoming tasks: - prepare test env to test multiple API versions - copy over the controllers from v0.1 to v2 - adapt the v2 express app to use the v2 controllers
2018-10-05 01:50:45 +03:00
const GLOBAL_VALIDATORS = {
id: {matches: /^[a-f\d]{24}$|^1$|me/i},
page: {matches: /^\d+$/},
limit: {matches: /^\d+|all$/},
from: {isDate: true},
to: {isDate: true},
columns: {matches: /^[\w, ]+$/},
order: {matches: /^[a-z0-9_,. ]+$/i},
uuid: {isUUID: true},
slug: {isSlug: true},
name: {},
email: {isEmail: true},
filter: false,
context: false,
forUpdate: false,
transacting: false,
include: false,
formats: false
};
const validate = (config, attrs) => {
let errors = [];
_.each(config, (value, key) => {
if (value.required && !attrs[key]) {
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope
2020-05-22 21:22:20 +03:00
errors.push(new ValidationError({
Replaced i18n.t w/ tpl helper in validators/input/ (#13460) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package.
2021-10-06 12:17:42 +03:00
message: tpl(messages.validationFailed, {
Replaced hardcoded translation in shared input validator no issue - re-use existing keys
2018-12-10 17:23:46 +03:00
validationName: 'FieldIsRequired',
key: key
})
Added tiny framework to support multiple API versions (#9933) refs #9326, refs #9866 **ATTENTION: This is the first iteration. Bugs are expected.** Main Goals: - add support for multiple API versions. - do not touch v0.1 implementation - do not break v0.1 ## Problems with the existing v0.1 implementation 1. It tried to be generic and helpful, but it was a mixture of generic and explicit logic living in basically two files: utils.js and index.js. 2. Supporting multiple api versions means, you want to have as less as possible code per API version. With v0.1 it is impossible to reduce the API controller implementation. ---- This commit adds three things: 1. The tiny framework with well-defined API stages. 2. An example implementation of serving static pages via /pages for the content v2 API. 3. Unit tests to prove that the API framework works in general. ## API Stages - validation - input serialization - permissions - query - output serialization Each request should go through these stages. It is possible to disable stages, but it's not recommended. The code for each stage will either live in a shared folder or in the API version itself. It depends how API specific the validation or serialization is. Depends on the use case. We should add a specific API validator or serializer if the use case is API format specific. We should put everything else to shared. The goal is to add as much as possible into the shared API layer to reduce the logic per API version. --- Serializers and validators can be added: - for each request - for specific controllers - for specific actions --- There is room for improvements/extensions: 1. Remove http header configuration from the API controller, because the API controller should not know about http - decouple. 2. Put permissions helpers into shared. I've just extracted and capsulated the permissions helpers into a single file for now. It had no priority. The focus was on the framework itself. etc. --- You can find more information about it in the API README.md (api/README.md) - e.g. find more information about the structure - e.g. example controllers The docs are not perfect. We will improve the docs in the next two weeks. --- Upcoming tasks: - prepare test env to test multiple API versions - copy over the controllers from v0.1 to v2 - adapt the v2 express app to use the v2 controllers
2018-10-05 01:50:45 +03:00
}));
}
});
_.each(attrs, (value, key) => {
debug(key, value);
Implemented global validation on defined fields (#9992) no-issue This is to allow global validation to run on fields that have some user validation defined.
2018-10-12 11:16:12 +03:00
if (GLOBAL_VALIDATORS[key]) {
debug('global validation');
Renamed validation to validator + better public API - renamed our internal validation library to "validator" - which is the same as the tool it wraps - updated the public api so that validator methods are directly exposed - this will make it a drop-in replacement for validator-js - in turn, this allows us to pull this out into @tryghost/validator, and use our own wrapper instead of the 3rd party library
2021-06-15 17:32:36 +03:00
errors = errors.concat(validator.validate(value, key, GLOBAL_VALIDATORS[key]));
Implemented global validation on defined fields (#9992) no-issue This is to allow global validation to run on fields that have some user validation defined.
2018-10-12 11:16:12 +03:00
}
Refactored api-framework to use optional chaining - this makes the code more readable and succinct
2022-08-12 09:46:32 +03:00
if (config?.[key]) {
Allowed passing an array directly instead of requiring object with values key for validation options noissue
2018-10-10 16:52:08 +03:00
const allowedValues = Array.isArray(config[key]) ? config[key] : config[key].values;
Added tiny framework to support multiple API versions (#9933) refs #9326, refs #9866 **ATTENTION: This is the first iteration. Bugs are expected.** Main Goals: - add support for multiple API versions. - do not touch v0.1 implementation - do not break v0.1 ## Problems with the existing v0.1 implementation 1. It tried to be generic and helpful, but it was a mixture of generic and explicit logic living in basically two files: utils.js and index.js. 2. Supporting multiple api versions means, you want to have as less as possible code per API version. With v0.1 it is impossible to reduce the API controller implementation. ---- This commit adds three things: 1. The tiny framework with well-defined API stages. 2. An example implementation of serving static pages via /pages for the content v2 API. 3. Unit tests to prove that the API framework works in general. ## API Stages - validation - input serialization - permissions - query - output serialization Each request should go through these stages. It is possible to disable stages, but it's not recommended. The code for each stage will either live in a shared folder or in the API version itself. It depends how API specific the validation or serialization is. Depends on the use case. We should add a specific API validator or serializer if the use case is API format specific. We should put everything else to shared. The goal is to add as much as possible into the shared API layer to reduce the logic per API version. --- Serializers and validators can be added: - for each request - for specific controllers - for specific actions --- There is room for improvements/extensions: 1. Remove http header configuration from the API controller, because the API controller should not know about http - decouple. 2. Put permissions helpers into shared. I've just extracted and capsulated the permissions helpers into a single file for now. It had no priority. The focus was on the framework itself. etc. --- You can find more information about it in the API README.md (api/README.md) - e.g. find more information about the structure - e.g. example controllers The docs are not perfect. We will improve the docs in the next two weeks. --- Upcoming tasks: - prepare test env to test multiple API versions - copy over the controllers from v0.1 to v2 - adapt the v2 express app to use the v2 controllers
2018-10-05 01:50:45 +03:00
Allowed passing an array directly instead of requiring object with values key for validation options noissue
2018-10-10 16:52:08 +03:00
if (allowedValues) {
debug('ctrl validation');
Added tiny framework to support multiple API versions (#9933) refs #9326, refs #9866 **ATTENTION: This is the first iteration. Bugs are expected.** Main Goals: - add support for multiple API versions. - do not touch v0.1 implementation - do not break v0.1 ## Problems with the existing v0.1 implementation 1. It tried to be generic and helpful, but it was a mixture of generic and explicit logic living in basically two files: utils.js and index.js. 2. Supporting multiple api versions means, you want to have as less as possible code per API version. With v0.1 it is impossible to reduce the API controller implementation. ---- This commit adds three things: 1. The tiny framework with well-defined API stages. 2. An example implementation of serving static pages via /pages for the content v2 API. 3. Unit tests to prove that the API framework works in general. ## API Stages - validation - input serialization - permissions - query - output serialization Each request should go through these stages. It is possible to disable stages, but it's not recommended. The code for each stage will either live in a shared folder or in the API version itself. It depends how API specific the validation or serialization is. Depends on the use case. We should add a specific API validator or serializer if the use case is API format specific. We should put everything else to shared. The goal is to add as much as possible into the shared API layer to reduce the logic per API version. --- Serializers and validators can be added: - for each request - for specific controllers - for specific actions --- There is room for improvements/extensions: 1. Remove http header configuration from the API controller, because the API controller should not know about http - decouple. 2. Put permissions helpers into shared. I've just extracted and capsulated the permissions helpers into a single file for now. It had no priority. The focus was on the framework itself. etc. --- You can find more information about it in the API README.md (api/README.md) - e.g. find more information about the structure - e.g. example controllers The docs are not perfect. We will improve the docs in the next two weeks. --- Upcoming tasks: - prepare test env to test multiple API versions - copy over the controllers from v0.1 to v2 - adapt the v2 express app to use the v2 controllers
2018-10-05 01:50:45 +03:00
Added handling for empty query options refs #9866 - it's fine if you pass e.g. `?formats=` - same behaviour as v0.1
2018-10-10 17:33:38 +03:00
// CASE: we allow e.g. `formats=`
if (!value || !value.length) {
return;
}
Allowed for repeated query parameters for arrays (#10021) no-issue There are a few libraries, including node core that when given an array for a query parameter will encode it as repeated query params. e.g. ``` {someParam: ['a', 'b']} // becomes '?someParam=a&someParam=b' ``` This adds a check for the value to stop us 500ing on repeated keys and to add easier interop with http clients
2018-10-17 09:43:32 +03:00
const valuesAsArray = Array.isArray(value) ? value : value.trim().toLowerCase().split(',');
Fixed "no-shadow" linting error in server modules (#12287) refs 143921948de89baff21a800ae8e7dfaeef415b05 - Continuation of changes started in referenced commit
2020-10-20 02:02:56 +03:00
const unallowedValues = _.filter(valuesAsArray, (valueToFilter) => {
return !allowedValues.includes(valueToFilter);
Allowed passing an array directly instead of requiring object with values key for validation options noissue
2018-10-10 16:52:08 +03:00
});
if (unallowedValues.length) {
Added clause in validation for include to not error (#10350) * Added clause in validation for include to not error refs #10337 Here we forgo erroring when an invalid property for include is sent, and instead remove the invalid properties. * Fixed authors test * Fixed validators tests
2019-01-08 14:29:15 +03:00
// CASE: we do not error for invalid includes, just silently remove
if (key === 'include') {
attrs.include = valuesAsArray.filter(x => allowedValues.includes(x));
return;
}
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope
2020-05-22 21:22:20 +03:00
errors.push(new ValidationError({
Replaced i18n.t w/ tpl helper in validators/input/ (#13460) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package.
2021-10-06 12:17:42 +03:00
message: tpl(messages.validationFailed, {
Added v2 controller for slugs (#9978) - Added slugs controller to v2 API - Added slugs tests to v2 API - Updated generic validation error message in shared validator to return validation error with sub-message
2018-10-12 15:25:20 +03:00
validationName: 'AllowedValues',
key: key
})
}));
Allowed passing an array directly instead of requiring object with values key for validation options noissue
2018-10-10 16:52:08 +03:00
}
Added tiny framework to support multiple API versions (#9933) refs #9326, refs #9866 **ATTENTION: This is the first iteration. Bugs are expected.** Main Goals: - add support for multiple API versions. - do not touch v0.1 implementation - do not break v0.1 ## Problems with the existing v0.1 implementation 1. It tried to be generic and helpful, but it was a mixture of generic and explicit logic living in basically two files: utils.js and index.js. 2. Supporting multiple api versions means, you want to have as less as possible code per API version. With v0.1 it is impossible to reduce the API controller implementation. ---- This commit adds three things: 1. The tiny framework with well-defined API stages. 2. An example implementation of serving static pages via /pages for the content v2 API. 3. Unit tests to prove that the API framework works in general. ## API Stages - validation - input serialization - permissions - query - output serialization Each request should go through these stages. It is possible to disable stages, but it's not recommended. The code for each stage will either live in a shared folder or in the API version itself. It depends how API specific the validation or serialization is. Depends on the use case. We should add a specific API validator or serializer if the use case is API format specific. We should put everything else to shared. The goal is to add as much as possible into the shared API layer to reduce the logic per API version. --- Serializers and validators can be added: - for each request - for specific controllers - for specific actions --- There is room for improvements/extensions: 1. Remove http header configuration from the API controller, because the API controller should not know about http - decouple. 2. Put permissions helpers into shared. I've just extracted and capsulated the permissions helpers into a single file for now. It had no priority. The focus was on the framework itself. etc. --- You can find more information about it in the API README.md (api/README.md) - e.g. find more information about the structure - e.g. example controllers The docs are not perfect. We will improve the docs in the next two weeks. --- Upcoming tasks: - prepare test env to test multiple API versions - copy over the controllers from v0.1 to v2 - adapt the v2 express app to use the v2 controllers
2018-10-05 01:50:45 +03:00
}
}
});
return errors;
};
Extended all shared validator refs #9866 - there was a missing step in the shared validator - we have to differentiate between data validation for browse/read and data validation for add/edit - furthermore, the data validation for add/edit was missing and was not copied over from v0.1 (check structure of incoming body) - adds the ability to require properties from req.body.docName[0]
2018-10-12 00:05:49 +03:00
module.exports = {
all(apiConfig, frame) {
debug('validate all');
Added tiny framework to support multiple API versions (#9933) refs #9326, refs #9866 **ATTENTION: This is the first iteration. Bugs are expected.** Main Goals: - add support for multiple API versions. - do not touch v0.1 implementation - do not break v0.1 ## Problems with the existing v0.1 implementation 1. It tried to be generic and helpful, but it was a mixture of generic and explicit logic living in basically two files: utils.js and index.js. 2. Supporting multiple api versions means, you want to have as less as possible code per API version. With v0.1 it is impossible to reduce the API controller implementation. ---- This commit adds three things: 1. The tiny framework with well-defined API stages. 2. An example implementation of serving static pages via /pages for the content v2 API. 3. Unit tests to prove that the API framework works in general. ## API Stages - validation - input serialization - permissions - query - output serialization Each request should go through these stages. It is possible to disable stages, but it's not recommended. The code for each stage will either live in a shared folder or in the API version itself. It depends how API specific the validation or serialization is. Depends on the use case. We should add a specific API validator or serializer if the use case is API format specific. We should put everything else to shared. The goal is to add as much as possible into the shared API layer to reduce the logic per API version. --- Serializers and validators can be added: - for each request - for specific controllers - for specific actions --- There is room for improvements/extensions: 1. Remove http header configuration from the API controller, because the API controller should not know about http - decouple. 2. Put permissions helpers into shared. I've just extracted and capsulated the permissions helpers into a single file for now. It had no priority. The focus was on the framework itself. etc. --- You can find more information about it in the API README.md (api/README.md) - e.g. find more information about the structure - e.g. example controllers The docs are not perfect. We will improve the docs in the next two weeks. --- Upcoming tasks: - prepare test env to test multiple API versions - copy over the controllers from v0.1 to v2 - adapt the v2 express app to use the v2 controllers
2018-10-05 01:50:45 +03:00
Extended all shared validator refs #9866 - there was a missing step in the shared validator - we have to differentiate between data validation for browse/read and data validation for add/edit - furthermore, the data validation for add/edit was missing and was not copied over from v0.1 (check structure of incoming body) - adds the ability to require properties from req.body.docName[0]
2018-10-12 00:05:49 +03:00
let validationErrors = validate(apiConfig.options, frame.options);
Added tiny framework to support multiple API versions (#9933) refs #9326, refs #9866 **ATTENTION: This is the first iteration. Bugs are expected.** Main Goals: - add support for multiple API versions. - do not touch v0.1 implementation - do not break v0.1 ## Problems with the existing v0.1 implementation 1. It tried to be generic and helpful, but it was a mixture of generic and explicit logic living in basically two files: utils.js and index.js. 2. Supporting multiple api versions means, you want to have as less as possible code per API version. With v0.1 it is impossible to reduce the API controller implementation. ---- This commit adds three things: 1. The tiny framework with well-defined API stages. 2. An example implementation of serving static pages via /pages for the content v2 API. 3. Unit tests to prove that the API framework works in general. ## API Stages - validation - input serialization - permissions - query - output serialization Each request should go through these stages. It is possible to disable stages, but it's not recommended. The code for each stage will either live in a shared folder or in the API version itself. It depends how API specific the validation or serialization is. Depends on the use case. We should add a specific API validator or serializer if the use case is API format specific. We should put everything else to shared. The goal is to add as much as possible into the shared API layer to reduce the logic per API version. --- Serializers and validators can be added: - for each request - for specific controllers - for specific actions --- There is room for improvements/extensions: 1. Remove http header configuration from the API controller, because the API controller should not know about http - decouple. 2. Put permissions helpers into shared. I've just extracted and capsulated the permissions helpers into a single file for now. It had no priority. The focus was on the framework itself. etc. --- You can find more information about it in the API README.md (api/README.md) - e.g. find more information about the structure - e.g. example controllers The docs are not perfect. We will improve the docs in the next two weeks. --- Upcoming tasks: - prepare test env to test multiple API versions - copy over the controllers from v0.1 to v2 - adapt the v2 express app to use the v2 controllers
2018-10-05 01:50:45 +03:00
Extended all shared validator refs #9866 - there was a missing step in the shared validator - we have to differentiate between data validation for browse/read and data validation for add/edit - furthermore, the data validation for add/edit was missing and was not copied over from v0.1 (check structure of incoming body) - adds the ability to require properties from req.body.docName[0]
2018-10-12 00:05:49 +03:00
if (!_.isEmpty(validationErrors)) {
return Promise.reject(validationErrors[0]);
}
Added tiny framework to support multiple API versions (#9933) refs #9326, refs #9866 **ATTENTION: This is the first iteration. Bugs are expected.** Main Goals: - add support for multiple API versions. - do not touch v0.1 implementation - do not break v0.1 ## Problems with the existing v0.1 implementation 1. It tried to be generic and helpful, but it was a mixture of generic and explicit logic living in basically two files: utils.js and index.js. 2. Supporting multiple api versions means, you want to have as less as possible code per API version. With v0.1 it is impossible to reduce the API controller implementation. ---- This commit adds three things: 1. The tiny framework with well-defined API stages. 2. An example implementation of serving static pages via /pages for the content v2 API. 3. Unit tests to prove that the API framework works in general. ## API Stages - validation - input serialization - permissions - query - output serialization Each request should go through these stages. It is possible to disable stages, but it's not recommended. The code for each stage will either live in a shared folder or in the API version itself. It depends how API specific the validation or serialization is. Depends on the use case. We should add a specific API validator or serializer if the use case is API format specific. We should put everything else to shared. The goal is to add as much as possible into the shared API layer to reduce the logic per API version. --- Serializers and validators can be added: - for each request - for specific controllers - for specific actions --- There is room for improvements/extensions: 1. Remove http header configuration from the API controller, because the API controller should not know about http - decouple. 2. Put permissions helpers into shared. I've just extracted and capsulated the permissions helpers into a single file for now. It had no priority. The focus was on the framework itself. etc. --- You can find more information about it in the API README.md (api/README.md) - e.g. find more information about the structure - e.g. example controllers The docs are not perfect. We will improve the docs in the next two weeks. --- Upcoming tasks: - prepare test env to test multiple API versions - copy over the controllers from v0.1 to v2 - adapt the v2 express app to use the v2 controllers
2018-10-05 01:50:45 +03:00
Extended all shared validator refs #9866 - there was a missing step in the shared validator - we have to differentiate between data validation for browse/read and data validation for add/edit - furthermore, the data validation for add/edit was missing and was not copied over from v0.1 (check structure of incoming body) - adds the ability to require properties from req.body.docName[0]
2018-10-12 00:05:49 +03:00
return Promise.resolve();
},
Added tiny framework to support multiple API versions (#9933) refs #9326, refs #9866 **ATTENTION: This is the first iteration. Bugs are expected.** Main Goals: - add support for multiple API versions. - do not touch v0.1 implementation - do not break v0.1 ## Problems with the existing v0.1 implementation 1. It tried to be generic and helpful, but it was a mixture of generic and explicit logic living in basically two files: utils.js and index.js. 2. Supporting multiple api versions means, you want to have as less as possible code per API version. With v0.1 it is impossible to reduce the API controller implementation. ---- This commit adds three things: 1. The tiny framework with well-defined API stages. 2. An example implementation of serving static pages via /pages for the content v2 API. 3. Unit tests to prove that the API framework works in general. ## API Stages - validation - input serialization - permissions - query - output serialization Each request should go through these stages. It is possible to disable stages, but it's not recommended. The code for each stage will either live in a shared folder or in the API version itself. It depends how API specific the validation or serialization is. Depends on the use case. We should add a specific API validator or serializer if the use case is API format specific. We should put everything else to shared. The goal is to add as much as possible into the shared API layer to reduce the logic per API version. --- Serializers and validators can be added: - for each request - for specific controllers - for specific actions --- There is room for improvements/extensions: 1. Remove http header configuration from the API controller, because the API controller should not know about http - decouple. 2. Put permissions helpers into shared. I've just extracted and capsulated the permissions helpers into a single file for now. It had no priority. The focus was on the framework itself. etc. --- You can find more information about it in the API README.md (api/README.md) - e.g. find more information about the structure - e.g. example controllers The docs are not perfect. We will improve the docs in the next two weeks. --- Upcoming tasks: - prepare test env to test multiple API versions - copy over the controllers from v0.1 to v2 - adapt the v2 express app to use the v2 controllers
2018-10-05 01:50:45 +03:00
Extended all shared validator refs #9866 - there was a missing step in the shared validator - we have to differentiate between data validation for browse/read and data validation for add/edit - furthermore, the data validation for add/edit was missing and was not copied over from v0.1 (check structure of incoming body) - adds the ability to require properties from req.body.docName[0]
2018-10-12 00:05:49 +03:00
browse(apiConfig, frame) {
debug('validate browse');
let validationErrors = [];
if (frame.data) {
validationErrors = validate(apiConfig.data, frame.data);
}
if (!_.isEmpty(validationErrors)) {
return Promise.reject(validationErrors[0]);
}
},
read() {
debug('validate read');
Fixed missing return statement in shared validators refs #9866 - if the fn returns a Promise, it won't be returned
2018-10-12 19:34:57 +03:00
return this.browse(...arguments);
Extended all shared validator refs #9866 - there was a missing step in the shared validator - we have to differentiate between data validation for browse/read and data validation for add/edit - furthermore, the data validation for add/edit was missing and was not copied over from v0.1 (check structure of incoming body) - adds the ability to require properties from req.body.docName[0]
2018-10-12 00:05:49 +03:00
},
Added tiny framework to support multiple API versions (#9933) refs #9326, refs #9866 **ATTENTION: This is the first iteration. Bugs are expected.** Main Goals: - add support for multiple API versions. - do not touch v0.1 implementation - do not break v0.1 ## Problems with the existing v0.1 implementation 1. It tried to be generic and helpful, but it was a mixture of generic and explicit logic living in basically two files: utils.js and index.js. 2. Supporting multiple api versions means, you want to have as less as possible code per API version. With v0.1 it is impossible to reduce the API controller implementation. ---- This commit adds three things: 1. The tiny framework with well-defined API stages. 2. An example implementation of serving static pages via /pages for the content v2 API. 3. Unit tests to prove that the API framework works in general. ## API Stages - validation - input serialization - permissions - query - output serialization Each request should go through these stages. It is possible to disable stages, but it's not recommended. The code for each stage will either live in a shared folder or in the API version itself. It depends how API specific the validation or serialization is. Depends on the use case. We should add a specific API validator or serializer if the use case is API format specific. We should put everything else to shared. The goal is to add as much as possible into the shared API layer to reduce the logic per API version. --- Serializers and validators can be added: - for each request - for specific controllers - for specific actions --- There is room for improvements/extensions: 1. Remove http header configuration from the API controller, because the API controller should not know about http - decouple. 2. Put permissions helpers into shared. I've just extracted and capsulated the permissions helpers into a single file for now. It had no priority. The focus was on the framework itself. etc. --- You can find more information about it in the API README.md (api/README.md) - e.g. find more information about the structure - e.g. example controllers The docs are not perfect. We will improve the docs in the next two weeks. --- Upcoming tasks: - prepare test env to test multiple API versions - copy over the controllers from v0.1 to v2 - adapt the v2 express app to use the v2 controllers
2018-10-05 01:50:45 +03:00
Extended all shared validator refs #9866 - there was a missing step in the shared validator - we have to differentiate between data validation for browse/read and data validation for add/edit - furthermore, the data validation for add/edit was missing and was not copied over from v0.1 (check structure of incoming body) - adds the ability to require properties from req.body.docName[0]
2018-10-12 00:05:49 +03:00
add(apiConfig, frame) {
debug('validate add');
Skiped 'all' validations for posts/tags endpoints refs #10438 - Skipped validations that are now handled on JSON Schema level and would make sure error messages are consistent for these endpoints
2019-02-14 21:44:33 +03:00
// NOTE: this block should be removed completely once JSON Schema validations
// are introduced for all of the endpoints
if (!['posts', 'tags'].includes(apiConfig.docName)) {
if (_.isEmpty(frame.data) || _.isEmpty(frame.data[apiConfig.docName]) || _.isEmpty(frame.data[apiConfig.docName][0])) {
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope
2020-05-22 21:22:20 +03:00
return Promise.reject(new BadRequestError({
Replaced i18n.t w/ tpl helper in validators/input/ (#13460) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package.
2021-10-06 12:17:42 +03:00
message: tpl(messages.noRootKeyProvided, {docName: apiConfig.docName})
Skiped 'all' validations for posts/tags endpoints refs #10438 - Skipped validations that are now handled on JSON Schema level and would make sure error messages are consistent for these endpoints
2019-02-14 21:44:33 +03:00
}));
}
Extended all shared validator refs #9866 - there was a missing step in the shared validator - we have to differentiate between data validation for browse/read and data validation for add/edit - furthermore, the data validation for add/edit was missing and was not copied over from v0.1 (check structure of incoming body) - adds the ability to require properties from req.body.docName[0]
2018-10-12 00:05:49 +03:00
}
const jsonpath = require('jsonpath');
if (apiConfig.data) {
Fixed incorrect validation message for required values no issue - the message always showed: `Validation (FieldIsRequired) failed for key`
2018-12-10 17:13:52 +03:00
const missedDataProperties = [];
Added validation for null|undefined values for required keys closes #10071
2018-12-10 17:24:28 +03:00
const nilDataProperties = [];
Fixed incorrect validation message for required values no issue - the message always showed: `Validation (FieldIsRequired) failed for key`
2018-12-10 17:13:52 +03:00
_.each(apiConfig.data, (value, key) => {
if (jsonpath.query(frame.data[apiConfig.docName][0], key).length === 0) {
missedDataProperties.push(key);
Added validation for null|undefined values for required keys closes #10071
2018-12-10 17:24:28 +03:00
} else if (_.isNil(frame.data[apiConfig.docName][0][key])) {
nilDataProperties.push(key);
Fixed incorrect validation message for required values no issue - the message always showed: `Validation (FieldIsRequired) failed for key`
2018-12-10 17:13:52 +03:00
}
Extended all shared validator refs #9866 - there was a missing step in the shared validator - we have to differentiate between data validation for browse/read and data validation for add/edit - furthermore, the data validation for add/edit was missing and was not copied over from v0.1 (check structure of incoming body) - adds the ability to require properties from req.body.docName[0]
2018-10-12 00:05:49 +03:00
});
if (missedDataProperties.length) {
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope
2020-05-22 21:22:20 +03:00
return Promise.reject(new ValidationError({
Replaced i18n.t w/ tpl helper in validators/input/ (#13460) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package.
2021-10-06 12:17:42 +03:00
message: tpl(messages.validationFailed, {
Fixed incorrect validation message for required values no issue - the message always showed: `Validation (FieldIsRequired) failed for key`
2018-12-10 17:13:52 +03:00
validationName: 'FieldIsRequired',
key: JSON.stringify(missedDataProperties)
Extended all shared validator refs #9866 - there was a missing step in the shared validator - we have to differentiate between data validation for browse/read and data validation for add/edit - furthermore, the data validation for add/edit was missing and was not copied over from v0.1 (check structure of incoming body) - adds the ability to require properties from req.body.docName[0]
2018-10-12 00:05:49 +03:00
})
}));
}
Added validation for null|undefined values for required keys closes #10071
2018-12-10 17:24:28 +03:00
if (nilDataProperties.length) {
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope
2020-05-22 21:22:20 +03:00
return Promise.reject(new ValidationError({
Replaced i18n.t w/ tpl helper in validators/input/ (#13460) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package.
2021-10-06 12:17:42 +03:00
message: tpl(messages.validationFailed, {
Added validation for null|undefined values for required keys closes #10071
2018-12-10 17:24:28 +03:00
validationName: 'FieldIsInvalid',
key: JSON.stringify(nilDataProperties)
})
}));
}
Extended all shared validator refs #9866 - there was a missing step in the shared validator - we have to differentiate between data validation for browse/read and data validation for add/edit - furthermore, the data validation for add/edit was missing and was not copied over from v0.1 (check structure of incoming body) - adds the ability to require properties from req.body.docName[0]
2018-10-12 00:05:49 +03:00
}
},
Added removal of null values in v2 refs #9866 - also moved id mismatch to global validator - this is not specific to posts
2018-10-12 22:46:16 +03:00
edit(apiConfig, frame) {
Extended all shared validator refs #9866 - there was a missing step in the shared validator - we have to differentiate between data validation for browse/read and data validation for add/edit - furthermore, the data validation for add/edit was missing and was not copied over from v0.1 (check structure of incoming body) - adds the ability to require properties from req.body.docName[0]
2018-10-12 00:05:49 +03:00
debug('validate edit');
Added removal of null values in v2 refs #9866 - also moved id mismatch to global validator - this is not specific to posts
2018-10-12 22:46:16 +03:00
const result = this.add(...arguments);
if (result instanceof Promise) {
return result;
}
Skiped 'all' validations for posts/tags endpoints refs #10438 - Skipped validations that are now handled on JSON Schema level and would make sure error messages are consistent for these endpoints
2019-02-14 21:44:33 +03:00
// NOTE: this block should be removed completely once JSON Schema validations
// are introduced for all of the endpoints. `id` property is currently
// stripped from the request body and only the one provided in `options`
// is used in later logic
if (!['posts', 'tags'].includes(apiConfig.docName)) {
if (frame.options.id && frame.data[apiConfig.docName][0].id
&& frame.options.id !== frame.data[apiConfig.docName][0].id) {
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope
2020-05-22 21:22:20 +03:00
return Promise.reject(new BadRequestError({
Replaced i18n.t w/ tpl helper in validators/input/ (#13460) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package.
2021-10-06 12:17:42 +03:00
message: tpl(messages.invalidIdProvided)
Skiped 'all' validations for posts/tags endpoints refs #10438 - Skipped validations that are now handled on JSON Schema level and would make sure error messages are consistent for these endpoints
2019-02-14 21:44:33 +03:00
}));
}
Added removal of null values in v2 refs #9866 - also moved id mismatch to global validator - this is not specific to posts
2018-10-12 22:46:16 +03:00
}
Added users ctrl to v2 (#10001) refs #9866
2018-10-13 00:27:30 +03:00
},
changePassword() {
debug('validate changePassword');
return this.add(...arguments);
Added validation layer to password reset - Adding a new method in all.js seems a little dirty, but that seems like the best place for now as similar method was added for changePassword method
2019-07-23 19:30:17 +03:00
},
resetPassword() {
debug('validate resetPassword');
return this.add(...arguments);
Migrated setup method
2019-07-24 21:21:42 +03:00
},
setup() {
debug('validate setup');
return this.add(...arguments);
Migrated schedules controller to v2 closes #10060 - Implemented scheduling for posts and pages - Added cache invalidation when scheduling - Refactored admin token eneration function to accept existing key as parameter in tests - Added Ghost Scheduler Integration fixture - Added fixture for permissions for post publish action - Migrated getScheduled method to v2 - Did not add support for 'from' and 'to' parameters as they were not used by DefaultScheduler - This method needs rethinking in a long run as it's an ugly hack and should rather become proper endpoint that returns JSON data instead of models - Removed unused auth middleware from v2 routes - Added internal scheduler role - Implemetnted transactions in v2 frame - This takes into account scenario mentioned in c93f03b87e122edb62cc9f780926d640555bd5b4 - Specifically: >if two queries happening in a transaction we have to signalise knex/mysql that we select for an update otherwise the following case happens: you fetch posts for an update a user requests comes in and updates the post (e.g. sets title to "X") you update the fetched posts, title would get overriden to the old one
2019-07-31 23:34:49 +03:00
},
publish() {
debug('validate schedule');
return this.browse(...arguments);
Extended all shared validator refs #9866 - there was a missing step in the shared validator - we have to differentiate between data validation for browse/read and data validation for add/edit - furthermore, the data validation for add/edit was missing and was not copied over from v0.1 (check structure of incoming body) - adds the ability to require properties from req.body.docName[0]
2018-10-12 00:05:49 +03:00
}
Added tiny framework to support multiple API versions (#9933) refs #9326, refs #9866 **ATTENTION: This is the first iteration. Bugs are expected.** Main Goals: - add support for multiple API versions. - do not touch v0.1 implementation - do not break v0.1 ## Problems with the existing v0.1 implementation 1. It tried to be generic and helpful, but it was a mixture of generic and explicit logic living in basically two files: utils.js and index.js. 2. Supporting multiple api versions means, you want to have as less as possible code per API version. With v0.1 it is impossible to reduce the API controller implementation. ---- This commit adds three things: 1. The tiny framework with well-defined API stages. 2. An example implementation of serving static pages via /pages for the content v2 API. 3. Unit tests to prove that the API framework works in general. ## API Stages - validation - input serialization - permissions - query - output serialization Each request should go through these stages. It is possible to disable stages, but it's not recommended. The code for each stage will either live in a shared folder or in the API version itself. It depends how API specific the validation or serialization is. Depends on the use case. We should add a specific API validator or serializer if the use case is API format specific. We should put everything else to shared. The goal is to add as much as possible into the shared API layer to reduce the logic per API version. --- Serializers and validators can be added: - for each request - for specific controllers - for specific actions --- There is room for improvements/extensions: 1. Remove http header configuration from the API controller, because the API controller should not know about http - decouple. 2. Put permissions helpers into shared. I've just extracted and capsulated the permissions helpers into a single file for now. It had no priority. The focus was on the framework itself. etc. --- You can find more information about it in the API README.md (api/README.md) - e.g. find more information about the structure - e.g. example controllers The docs are not perfect. We will improve the docs in the next two weeks. --- Upcoming tasks: - prepare test env to test multiple API versions - copy over the controllers from v0.1 to v2 - adapt the v2 express app to use the v2 controllers
2018-10-05 01:50:45 +03:00
};
Reference in New Issue Copy Permalink