TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-20 17:32:15 +03:00
Code Issues Projects Releases Wiki Activity
32b0f69e55
Ghost/core/server/models/settings.js

460 lines
16 KiB
JavaScript
Raw Normal View History

Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const Promise = require('bluebird');
const _ = require('lodash');
const uuid = require('uuid');
const crypto = require('crypto');
const keypair = require('keypair');
Updated Settings.populateDefaults() to account for available columns refs https://github.com/TryGhost/Ghost/issues/10318 `Settings.populateDefaults()` is run before migrations during Ghost's startup. This can cause problems when new settings table columns are added (and populated in `default-settings.json`) because `populateDefaults()` was using the model layer which assumes that those columns are available, resulting in `ER_BAD_FIELD_ERROR: Unknown column` type errors. - query the database for the available `settings` table columns - switch to using raw knex queries without Bookshelf for insertions so that we're in control of the columns that are added - use `_.pick` to skip any properties in `default-settings.json` that do not match to an available column - those columns will be added and populated by later migrations - moving away from using the model to insert settings has the side-effect of not emitting `settings.added/edited` and `settings.x.added/edited` events, this should be fine because `populateDefaults()` is called before anything else is set up and listening - added a call to `populateDefaults()` in our knex-migrator "before migration" hook so that we have consistent db state across both startup initialised migrations and manually triggered knex migrations
2020-06-25 16:22:15 +03:00
const ObjectID = require('bson-objectid');
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const ghostBookshelf = require('./base');
Replaced i18n.t w/ tpl in core/server/models (#13464) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package. Co-authored-by: Aleksander Chromik <aleksander.chromik@footballco.com>
2021-10-06 13:43:54 +03:00
const tpl = require('@tryghost/tpl');
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope
2020-05-22 21:22:20 +03:00
const errors = require('@tryghost/errors');
Switch to @trghost/validator, remove validator - Part of the effort to split Ghost down into smaller, decoupled pieces - Moved out our internal validator tooling to a separate library - Replaced all usage of our own tooling and validatorjs directly with @tryghost/validator - Removed the validatorjs dependency and removed the renovate pin - This gives us a consistant, smaller, clearer public API for validations - It will eventually be used on Ghost Admin too - This way we can start getting up to date with validator whilst not increasing build size
2021-06-15 21:46:27 +03:00
const validator = require('@tryghost/validator');
Fixed settings images (cover_image, logo, etc) having wrong URL (#12736) refs https://github.com/TryGhost/Team/issues/467 refs https://github.com/TryGhost/Ghost/pull/12731 - settings are mostly fetched directly from the settings cache rather than via the API so they aren't subject to the API-level output serializers that transform URLs meaning that URLs in the front-end ended up with raw `__GHOST_URL__` replacement strings - added images to the Settings model's `parse()` method so they are transformed immediately when fetching from the database
2021-03-06 12:00:18 +03:00
const urlUtils = require('../../shared/url-utils');
Moved labs utlity to shared - This isn't really a "service" - it's a set of utilities for working with labs flags - It's also required all over the place, and doesn't require anything that isn't shared - Therefore, it should live in shared
2021-07-07 23:41:34 +03:00
const {WRITABLE_KEYS_ALLOWLIST} = require('../../shared/labs');
Added labs setting input validation refs https://github.com/TryGhost/Team/issues/757 - To safeguard from mise of a very permissing "object" value of the "labs" setting this change introduces an "allowlist" approach to filtering unrecognized labs flags - Should allow maintainers to have a clear view of which labs flags are currently in use and manage them accordingly
2021-06-04 18:56:16 +03:00
Replaced i18n.t w/ tpl in core/server/models (#13464) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package. Co-authored-by: Aleksander Chromik <aleksander.chromik@footballco.com>
2021-10-06 13:43:54 +03:00
const messages = {
valueCannotBeBlank: 'Value in [settings.key] cannot be blank.',
unableToFindSetting: 'Unable to find setting to update: {key}',
notEnoughPermission: 'You do not have permission to perform this action'
};
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const internalContext = {context: {internal: true}};
let Settings;
let defaultSettings;
Restructure default-settings.json and add validations to important settings.
2013-09-02 05:49:08 +04:00
Improved dynamic default options performance (#10816) closes #10789 * Updated keypair generation to use a memoised fn This allows us to embed the members dynamic defaults in the object at definition, and will allow us to only create the keypair when we need it, in future. * Added getDefaultValue fn to default setting obj This will allow us to generate the default values when they're needed rather than at boot time. * Ensured dynamic defaults only generated when used This replaces all the dynamic default values with functions to return the values, and then calls (if required) that function inside the getDefaultValue method of the setting object.
2019-07-05 10:30:29 +03:00
const doBlock = fn => fn();
const getMembersKey = doBlock(() => {
let UNO_KEYPAIRINO;
Fixed "no-shadow" linting error in server modules (#12287) refs 143921948de89baff21a800ae8e7dfaeef415b05 - Continuation of changes started in referenced commit
2020-10-20 02:02:56 +03:00
return function getKey(type) {
Improved dynamic default options performance (#10816) closes #10789 * Updated keypair generation to use a memoised fn This allows us to embed the members dynamic defaults in the object at definition, and will allow us to only create the keypair when we need it, in future. * Added getDefaultValue fn to default setting obj This will allow us to generate the default values when they're needed rather than at boot time. * Ensured dynamic defaults only generated when used This replaces all the dynamic default values with functions to return the values, and then calls (if required) that function inside the getDefaultValue method of the setting object.
2019-07-05 10:30:29 +03:00
if (!UNO_KEYPAIRINO) {
UNO_KEYPAIRINO = keypair({bits: 1024});
}
return UNO_KEYPAIRINO[type];
};
});
Implemented externally verifiable identity tokens no-issue This adds two new endpoints, one at /ghost/.well-known/jwks.json for exposing a public key, and one on the canary api /identities, which allows the Owner user to fetch a JWT. This token can then be used by external services to verify the domain * Added ghost_{public,private}_key settings This key can be used for generating tokens for communicating with external services on behalf of Ghost * Added .well-known directory to /ghost/.well-known We add a jwks.json file to the .well-known directory which exposes a public JWK which can be used to verify the signatures of JWT's created by Ghost This is added to the /ghost/ path so that it can live on the admin domain, rather than the frontend. This is because most of its uses/functions will be in relation to the admin domain. * Improved settings model tests This removes hardcoded positions in favour of testing that a particular event wasn't emitted which is less brittle and more precise about what's being tested * Fixed parent app unit tests for well-known This updates the parent app unit tests to check that the well-known route is mounted. We all change proxyquire to use `noCallThru` which ensures that the ubderlying modules are not required. This stops the initialisation logic in ./well-known erroring in tests https://github.com/thlorenz/proxyquire/issues/215 * Moved jwt signature to a separate 'token' propery This structure corresponds to other resources and allows to exptend with additional properties in future if needed
2020-01-20 14:45:58 +03:00
const getGhostKey = doBlock(() => {
let UNO_KEYPAIRINO;
Fixed "no-shadow" linting error in server modules (#12287) refs 143921948de89baff21a800ae8e7dfaeef415b05 - Continuation of changes started in referenced commit
2020-10-20 02:02:56 +03:00
return function getKey(type) {
Implemented externally verifiable identity tokens no-issue This adds two new endpoints, one at /ghost/.well-known/jwks.json for exposing a public key, and one on the canary api /identities, which allows the Owner user to fetch a JWT. This token can then be used by external services to verify the domain * Added ghost_{public,private}_key settings This key can be used for generating tokens for communicating with external services on behalf of Ghost * Added .well-known directory to /ghost/.well-known We add a jwks.json file to the .well-known directory which exposes a public JWK which can be used to verify the signatures of JWT's created by Ghost This is added to the /ghost/ path so that it can live on the admin domain, rather than the frontend. This is because most of its uses/functions will be in relation to the admin domain. * Improved settings model tests This removes hardcoded positions in favour of testing that a particular event wasn't emitted which is less brittle and more precise about what's being tested * Fixed parent app unit tests for well-known This updates the parent app unit tests to check that the well-known route is mounted. We all change proxyquire to use `noCallThru` which ensures that the ubderlying modules are not required. This stops the initialisation logic in ./well-known erroring in tests https://github.com/thlorenz/proxyquire/issues/215 * Moved jwt signature to a separate 'token' propery This structure corresponds to other resources and allows to exptend with additional properties in future if needed
2020-01-20 14:45:58 +03:00
if (!UNO_KEYPAIRINO) {
UNO_KEYPAIRINO = keypair({bits: 1024});
}
return UNO_KEYPAIRINO[type];
};
});
Restructure default-settings.json and add validations to important settings.
2013-09-02 05:49:08 +04:00
// For neatness, the defaults file is split into categories.
// It's much easier for us to work with it as a single level
// instead of iterating those categories every time
function parseDefaultSettings() {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const defaultSettingsInCategories = require('../data/schema/').defaultSettings;
const defaultSettingsFlattened = {};
const dynamicDefault = {
db_hash: () => uuid.v4(),
public_hash: () => crypto.randomBytes(15).toString('hex'),
// @TODO: session_secret would ideally be named "admin_session_secret"
session_secret: () => crypto.randomBytes(32).toString('hex'),
theme_session_secret: () => crypto.randomBytes(32).toString('hex'),
members_public_key: () => getMembersKey('public'),
members_private_key: () => getMembersKey('private'),
members_email_auth_secret: () => crypto.randomBytes(64).toString('hex'),
ghost_public_key: () => getGhostKey('public'),
ghost_private_key: () => getGhostKey('private')
};
Restructure default-settings.json and add validations to important settings.
2013-09-02 05:49:08 +04:00
Misc cleanup: moving files & naming functions
2015-06-14 18:58:49 +03:00
_.each(defaultSettingsInCategories, function each(settings, categoryName) {
Updated default settings and schema with updated types refs https://github.com/TryGhost/Ghost/issues/10318 - Updates default settings to contain correct type and validation for each setting - Updates `populateDefaults` to correctly insert type value for new settings - Updates settings schema to allow only select types - `array`, `number`, `boolean`, `string` - `object` is a temporary type allowed till we get rid of all JSON object settings
2020-06-30 15:02:43 +03:00
_.each(settings, function eachSetting(setting, settingName) {
Added migration to add settings.{group,flags} columns (#11951) refs https://github.com/TryGhost/Ghost/issues/10318 - `group` - to replace the `type` column, provides a more descriptive name for the columns use - for existing sites it will be populated by migrating data from the `type` column in a later migration - for new sites a minimal update has been added to `parseDefaultSettings()` to populate the `group` field when settings are created during startup - fixes the NOT NULL constraint on `settings.group` - `flags` - signifies special handling that is different to other settings in a group - eg, `PUBLIC,RO` would indicate that the setting is available via unauthenticated endpoints and is read-only
2020-06-24 13:58:15 +03:00
setting.group = categoryName;
Restructure default-settings.json and add validations to important settings.
2013-09-02 05:49:08 +04:00
setting.key = settingName;
Improved dynamic default options performance (#10816) closes #10789 * Updated keypair generation to use a memoised fn This allows us to embed the members dynamic defaults in the object at definition, and will allow us to only create the keypair when we need it, in future. * Added getDefaultValue fn to default setting obj This will allow us to generate the default values when they're needed rather than at boot time. * Ensured dynamic defaults only generated when used This replaces all the dynamic default values with functions to return the values, and then calls (if required) that function inside the getDefaultValue method of the setting object.
2019-07-05 10:30:29 +03:00
setting.getDefaultValue = function getDefaultValue() {
const getDynamicDefault = dynamicDefault[setting.key];
if (getDynamicDefault) {
return getDynamicDefault();
} else {
return setting.defaultValue;
}
};
Fix lazy loading of settings Closes #3281 - Add the missing return to populateDefault - Wrap defaultSetting in [] when passing to readSettingsResult - Populate default value of dbHash in parseDefaultSettings - Modify migrations.init to only load databaseVersion for export_spec test - Fix spacing in test util file and null reference error in test - Uncomment user tests (but add .skip) and remove settings from testUtils.setup()
2014-07-28 01:04:58 +04:00
Restructure default-settings.json and add validations to important settings.
2013-09-02 05:49:08 +04:00
defaultSettingsFlattened[settingName] = setting;
});
});
return defaultSettingsFlattened;
}
Lazy load default settings Closes #2061 - Lazy load the defaultSettings value in Settings model - Populate individual defaults before read/edit - Populate all defaults before first browse call - Remove populateDefaults calls from init code
2014-06-17 19:36:47 +04:00
function getDefaultSettings() {
if (!defaultSettings) {
defaultSettings = parseDefaultSettings();
}
return defaultSettings;
}
Changes to Settings Model - add email default setting to fixture - make settings a single model - create UNIQUE index on setting keys
2013-06-08 09:03:55 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
// Each setting is saved as a separate row in the database,
// but the overlying API treats them as a single key:value mapping
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-09-23 02:20:08 +04:00
Settings = ghostBookshelf.Model.extend({
Agressive stripping of the model attributes - fixes #517 - prevents this from occuring again in future with other relations - validation function & stripping done for all models - casper test for flow, plus validation & logged out tests
2013-08-25 14:49:31 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
tableName: 'settings',
Agressive stripping of the model attributes - fixes #517 - prevents this from occuring again in future with other relations - validation function & stripping done for all models - casper test for flow, plus validation & logged out tests
2013-08-25 14:49:31 +04:00
🎨 do not run model listeners on import (#8720) no issue - if you upload a huge import file, parallel operations can throw errors e.g. lock wait exceeds - this can happen if multiple transactions run in parallel - there is no need to run: 1. the removal of active tokens on import, because imported users have no active session 2. rescheduling logic on timezone, because importing scheduled posts works out of the box via the model layer (if a published date is detected and it's in the future, the post get's scheduled)
2017-07-21 11:58:58 +03:00
emitChange: function emitChange(event, options) {
Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered
2018-04-06 19:19:45 +03:00
const eventToTrigger = 'settings' + '.' + event;
ghostBookshelf.Model.prototype.emitChange.bind(this)(this, eventToTrigger, options);
Add events to settings model issue #5370 - Add emit method to settings model - Update settings spec to test for events emitted - Fix formatting on tags spec
2015-06-15 11:36:01 +03:00
},
Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered
2018-04-06 19:19:45 +03:00
onDestroyed: function onDestroyed(model, options) {
Ensured consistency for event handlers in the model layer no issue - the event chain works like this: - if a model registers an event, it get's triggered, because it's stronger than the base model - but you have to call the base model to agree on a contract, because base model implements generic logic in event handlers - this was inconsistently used
2019-02-07 12:59:37 +03:00
ghostBookshelf.Model.prototype.onDestroyed.apply(this, arguments);
Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered
2018-04-06 19:19:45 +03:00
model.emitChange('deleted', options);
model.emitChange(model._previousAttributes.key + '.' + 'deleted', options);
🎨 register events in base model (#7560) refs #7432 - all models implemented it's own initialize fn to register events - we can register all events in the base model - important: we only listen on the event, if the model has defined a hook for it - this is just a small clean up PR - register more bookshelf events
2016-10-14 15:37:01 +03:00
},
Add events to settings model issue #5370 - Add emit method to settings model - Update settings spec to test for events emitted - Fix formatting on tags spec
2015-06-15 11:36:01 +03:00
Updated signature of Bookshelf model listeners - as per https://github.com/bookshelf/bookshelf/wiki/Migrating-from-0.15.1-to-1.0.0#different-arguments-on-after-save-event-listeners-saved-created-and-updated, the signature of saved, created and updated listeners has changed to remove the second argument - this commits updates our signatures too
2021-08-25 13:44:34 +03:00
onCreated: function onCreated(model, options) {
Ensured consistency for event handlers in the model layer no issue - the event chain works like this: - if a model registers an event, it get's triggered, because it's stronger than the base model - but you have to call the base model to agree on a contract, because base model implements generic logic in event handlers - this was inconsistently used
2019-02-07 12:59:37 +03:00
ghostBookshelf.Model.prototype.onCreated.apply(this, arguments);
Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered
2018-04-06 19:19:45 +03:00
model.emitChange('added', options);
🎨 do not run model listeners on import (#8720) no issue - if you upload a huge import file, parallel operations can throw errors e.g. lock wait exceeds - this can happen if multiple transactions run in parallel - there is no need to run: 1. the removal of active tokens on import, because imported users have no active session 2. rescheduling logic on timezone, because importing scheduled posts works out of the box via the model layer (if a published date is detected and it's in the future, the post get's scheduled)
2017-07-21 11:58:58 +03:00
model.emitChange(model.attributes.key + '.' + 'added', options);
🎨 register events in base model (#7560) refs #7432 - all models implemented it's own initialize fn to register events - we can register all events in the base model - important: we only listen on the event, if the model has defined a hook for it - this is just a small clean up PR - register more bookshelf events
2016-10-14 15:37:01 +03:00
},
Updated signature of Bookshelf model listeners - as per https://github.com/bookshelf/bookshelf/wiki/Migrating-from-0.15.1-to-1.0.0#different-arguments-on-after-save-event-listeners-saved-created-and-updated, the signature of saved, created and updated listeners has changed to remove the second argument - this commits updates our signatures too
2021-08-25 13:44:34 +03:00
onUpdated: function onUpdated(model, options) {
Ensured consistency for event handlers in the model layer no issue - the event chain works like this: - if a model registers an event, it get's triggered, because it's stronger than the base model - but you have to call the base model to agree on a contract, because base model implements generic logic in event handlers - this was inconsistently used
2019-02-07 12:59:37 +03:00
ghostBookshelf.Model.prototype.onUpdated.apply(this, arguments);
Fixed model events and transactions (#9524) no issue - if multiple queries run in a transaction, the model events are triggered before the txn finished - if the txn rolls back, the events are anyway emitted - the events are triggered too early - solution: - `emitChange` needs to detect that a transaction is happening - it listens on a txn event to determine if events should be triggered
2018-04-06 19:19:45 +03:00
model.emitChange('edited', options);
🎨 do not run model listeners on import (#8720) no issue - if you upload a huge import file, parallel operations can throw errors e.g. lock wait exceeds - this can happen if multiple transactions run in parallel - there is no need to run: 1. the removal of active tokens on import, because imported users have no active session 2. rescheduling logic on timezone, because importing scheduled posts works out of the box via the model layer (if a published date is detected and it's in the future, the post get's scheduled)
2017-07-21 11:58:58 +03:00
model.emitChange(model.attributes.key + '.' + 'edited', options);
Add events to settings model issue #5370 - Add emit method to settings model - Update settings spec to test for events emitted - Fix formatting on tags spec
2015-06-15 11:36:01 +03:00
},
Cleaned up onValidate method on settings model no-issue Explicit arguments and async/await make this nicer on the eyes
2020-06-30 17:39:37 +03:00
async onValidate(model, attr, options) {
await ghostBookshelf.Model.prototype.onValidate.call(this, model, attr, options);
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
🐛 Fixed importing Stripe Plans with amount 0 (#12062) closes #12049 Stripe plans used to default to 0, and our new validation of plan amounts were causing issues when importing from an older version of Ghost, this updates the validation to be skipped when importing. - Added regression test for importing plans
2020-07-20 15:59:23 +03:00
await Settings.validators.all(model, options);
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
if (typeof Settings.validators[model.get('key')] === 'function') {
🐛 Fixed importing Stripe Plans with amount 0 (#12062) closes #12049 Stripe plans used to default to 0, and our new validation of plan amounts were causing issues when importing from an older version of Ghost, this updates the validation to be skipped when importing. - Added regression test for importing plans
2020-07-20 15:59:23 +03:00
await Settings.validators[model.get('key')](model, options);
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
}
🐛 Fixed private blogging getting enabled when saving any setting (#10576) no issue - Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3 --- Admin Client sends false or true booleans for `is_private` key. The settings table has two columns "key" and "value". And "value" is always type TEXT. If you pass value=false, the db will transform this value into "0". `settingsCache.get('is_private')` is then always true, even though the value is meant to be false. We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general. For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 14:56:26 +03:00
},
Added db formatter for settings model refs #10582 - ensure we won't forward booleans to database - type TEXT will transform booleans to "0"/"1!
2019-03-07 14:17:21 +03:00
format() {
const attrs = ghostBookshelf.Model.prototype.format.apply(this, arguments);
Updated serializers/model layer validation using settings type refs https://github.com/TryGhost/Ghost/issues/10318 - Updates `boolean` serialization in v2/canary serializers to apply only for `boolean` type settings - Updates `boolean` transformation in model layer `format`/`parse` to check on `boolean` type setting - Removes error thrown on Read-only setting for settings edit endpoint - Updates v2/canary input serializers to remove any Read-only settings (using RO flag) to avoid edits - Added type/group mappings in the importer when pre-migration settings table import data is present - Updates tests
2020-06-30 15:04:56 +03:00
const settingType = attrs.type;
if (settingType === 'boolean') {
// CASE: Ensure we won't forward strings, otherwise model events or model interactions can fail
if (attrs.value === '0' || attrs.value === '1') {
attrs.value = !!+attrs.value;
}
// CASE: Ensure we won't forward strings, otherwise model events or model interactions can fail
if (attrs.value === 'false' || attrs.value === 'true') {
attrs.value = JSON.parse(attrs.value);
}
if (_.isBoolean(attrs.value)) {
attrs.value = attrs.value.toString();
}
Added db formatter for settings model refs #10582 - ensure we won't forward booleans to database - type TEXT will transform booleans to "0"/"1!
2019-03-07 14:17:21 +03:00
}
Fixed __GHOST_URL__ appearing in settings values after edit (#12738) refs https://github.com/TryGhost/Ghost/pull/12736 refs https://github.com/TryGhost/Team/issues/467 knex's `parse()` method is only called on data when directly fetched from the db. This was causing problems when model instances are passed around via events for example because `.get('key')` will return data that was directly set on the model without having gone through the `parse()` transformations. The result of this inconsistency was settings appearing correct when Ghost started up but then being broken as soon as a setting was changed. - moved absolute/relative->transform-ready URL transformations from the API input serializers to the model's `format()` method and replaced with a relative->absolute transform in API input serializers - results in consistency because `.get()` on a settings model will always return an URL - removed transform-ready->absolute transforms from the API output serializers as that is now handled at the model-layer
2021-03-08 21:41:43 +03:00
🐛 Fixed performance regression introduced in 4.1.0 (#12807) closes https://github.com/TryGhost/Ghost/issues/12791 closes https://github.com/TryGhost/Team/issues/566 https://github.com/TryGhost/Ghost/pull/12787 introduced a significant performance regression due to a misunderstanding of when Bookshelf calls `.format()` ([related upstream issue](https://github.com/bookshelf/bookshelf/issues/668)). We expected `.format()` to only be called on save but it's also called when Bookshelf performs fetching and eager loading which happens frequently. `.format()` can be a heavy method as it needs to parse and serialize html and markdown so it should be performed as infrequently as possible. - override `sync()` in the base model so we can call our own `.formatOnWrite()` method to transform attributes on `update` and `insert` operations - this was the only feasible location in Bookshelf I could find that is low enough level to not require modifying model instance attributes - gives models the option to perform heavy transform operations only when writing to the database compared to the usual `.format()` method that is also called on fetch in many situations
2021-03-23 12:11:24 +03:00
return attrs;
},
formatOnWrite(attrs) {
Fixed __GHOST_URL__ appearing in settings values after edit (#12738) refs https://github.com/TryGhost/Ghost/pull/12736 refs https://github.com/TryGhost/Team/issues/467 knex's `parse()` method is only called on data when directly fetched from the db. This was causing problems when model instances are passed around via events for example because `.get('key')` will return data that was directly set on the model without having gone through the `parse()` transformations. The result of this inconsistency was settings appearing correct when Ghost started up but then being broken as soon as a setting was changed. - moved absolute/relative->transform-ready URL transformations from the API input serializers to the model's `format()` method and replaced with a relative->absolute transform in API input serializers - results in consistency because `.get()` on a settings model will always return an URL - removed transform-ready->absolute transforms from the API output serializers as that is now handled at the model-layer
2021-03-08 21:41:43 +03:00
if (attrs.value && ['cover_image', 'logo', 'icon', 'portal_button_icon', 'og_image', 'twitter_image'].includes(attrs.key)) {
attrs.value = urlUtils.toTransformReady(attrs.value);
}
Added db formatter for settings model refs #10582 - ensure we won't forward booleans to database - type TEXT will transform booleans to "0"/"1!
2019-03-07 14:17:21 +03:00
return attrs;
},
🐛 Fixed private blogging getting enabled when saving any setting (#10576) no issue - Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3 --- Admin Client sends false or true booleans for `is_private` key. The settings table has two columns "key" and "value". And "value" is always type TEXT. If you pass value=false, the db will transform this value into "0". `settingsCache.get('is_private')` is then always true, even though the value is meant to be false. We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general. For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 14:56:26 +03:00
parse() {
const attrs = ghostBookshelf.Model.prototype.parse.apply(this, arguments);
Updated serializers/model layer validation using settings type refs https://github.com/TryGhost/Ghost/issues/10318 - Updates `boolean` serialization in v2/canary serializers to apply only for `boolean` type settings - Updates `boolean` transformation in model layer `format`/`parse` to check on `boolean` type setting - Removes error thrown on Read-only setting for settings edit endpoint - Updates v2/canary input serializers to remove any Read-only settings (using RO flag) to avoid edits - Added type/group mappings in the importer when pre-migration settings table import data is present - Updates tests
2020-06-30 15:04:56 +03:00
// transform "0" to false for boolean type
const settingType = attrs.type;
if (settingType === 'boolean' && (attrs.value === '0' || attrs.value === '1')) {
🐛 Fixed private blogging getting enabled when saving any setting (#10576) no issue - Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3 --- Admin Client sends false or true booleans for `is_private` key. The settings table has two columns "key" and "value". And "value" is always type TEXT. If you pass value=false, the db will transform this value into "0". `settingsCache.get('is_private')` is then always true, even though the value is meant to be false. We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general. For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 14:56:26 +03:00
attrs.value = !!+attrs.value;
}
Updated serializers/model layer validation using settings type refs https://github.com/TryGhost/Ghost/issues/10318 - Updates `boolean` serialization in v2/canary serializers to apply only for `boolean` type settings - Updates `boolean` transformation in model layer `format`/`parse` to check on `boolean` type setting - Removes error thrown on Read-only setting for settings edit endpoint - Updates v2/canary input serializers to remove any Read-only settings (using RO flag) to avoid edits - Added type/group mappings in the importer when pre-migration settings table import data is present - Updates tests
2020-06-30 15:04:56 +03:00
// transform "false" to false for boolean type
if (settingType === 'boolean' && (attrs.value === 'false' || attrs.value === 'true')) {
🐛 Fixed private blogging getting enabled when saving any setting (#10576) no issue - Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3 --- Admin Client sends false or true booleans for `is_private` key. The settings table has two columns "key" and "value". And "value" is always type TEXT. If you pass value=false, the db will transform this value into "0". `settingsCache.get('is_private')` is then always true, even though the value is meant to be false. We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general. For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 14:56:26 +03:00
attrs.value = JSON.parse(attrs.value);
}
Fixed settings images (cover_image, logo, etc) having wrong URL (#12736) refs https://github.com/TryGhost/Team/issues/467 refs https://github.com/TryGhost/Ghost/pull/12731 - settings are mostly fetched directly from the settings cache rather than via the API so they aren't subject to the API-level output serializers that transform URLs meaning that URLs in the front-end ended up with raw `__GHOST_URL__` replacement strings - added images to the Settings model's `parse()` method so they are transformed immediately when fetching from the database
2021-03-06 12:00:18 +03:00
// transform URLs from __GHOST_URL__ to absolute
if (['cover_image', 'logo', 'icon', 'portal_button_icon', 'og_image', 'twitter_image'].includes(attrs.key)) {
attrs.value = urlUtils.transformReadyToAbsolute(attrs.value);
}
🐛 Fixed private blogging getting enabled when saving any setting (#10576) no issue - Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3 --- Admin Client sends false or true booleans for `is_private` key. The settings table has two columns "key" and "value". And "value" is always type TEXT. If you pass value=false, the db will transform this value into "0". `settingsCache.get('is_private')` is then always true, even though the value is meant to be false. We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general. For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 14:56:26 +03:00
return attrs;
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
}
}, {
Revert "Revert "Force UTC at process level""
2016-06-03 11:06:18 +03:00
findOne: function (data, options) {
if (_.isEmpty(data)) {
options = data;
}
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
// Allow for just passing the key instead of attributes
Revert "Revert "Force UTC at process level""
2016-06-03 11:06:18 +03:00
if (!_.isObject(data)) {
data = {key: data};
adding uuid's for the posts, users, settings
2013-06-15 18:10:30 +04:00
}
Revert "Revert "Force UTC at process level""
2016-06-03 11:06:18 +03:00
return Promise.resolve(ghostBookshelf.Model.findOne.call(this, data, options));
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
Changes to Settings Model - add email default setting to fixture - make settings a single model - create UNIQUE index on setting keys
2013-06-08 09:03:55 +04:00
Sorted out the mixed usages of `include` and `withRelated` (#9425) no issue - this commit cleans up the usages of `include` and `withRelated`. ### API layer (`include`) - as request parameter e.g. `?include=roles,tags` - as theme API parameter e.g. `{{get .... include="author"}}` - as internal API access e.g. `api.posts.browse({include: 'author,tags'})` - the `include` notation is more readable than `withRelated` - and it allows us to use a different easier format (comma separated list) - the API utility transforms these more readable properties into model style (or into Ghost style) ### Model access (`withRelated`) - e.g. `models.Post.findPage({withRelated: ['tags']})` - driven by bookshelf --- Commits explained. * Reorder the usage of `convertOptions` - 1. validation - 2. options convertion - 3. permissions - the reason is simple, the permission layer access the model layer - we have to prepare the options before talking to the model layer - added `convertOptions` where it was missed (not required, but for consistency reasons) * Use `withRelated` when accessing the model layer and use `include` when accessing the API layer * Change `convertOptions` API utiliy - API Usage - ghost.api(..., {include: 'tags,authors'}) - `include` should only be used when calling the API (either via request or via manual usage) - `include` is only for readability and easier format - Ghost (Model Layer Usage) - models.Post.findOne(..., {withRelated: ['tags', 'authors']}) - should only use `withRelated` - model layer cannot read 'tags,authors` - model layer has no idea what `include` means, speaks a different language - `withRelated` is bookshelf - internal usage * include-count plugin: use `withRelated` instead of `include` - imagine you outsource this plugin to git and publish it to npm - `include` is an unknown option in bookshelf * Updated `permittedOptions` in base model - `include` is no longer a known option * Remove all occurances of `include` in the model layer * Extend `filterOptions` base function - this function should be called as first action - we clone the unfiltered options - check if you are using `include` (this is a protection which could help us in the beginning) - check for permitted and (later on default `withRelated`) options - the usage is coming in next commit * Ensure we call `filterOptions` as first action - use `ghostBookshelf.Model.filterOptions` as first action - consistent naming pattern for incoming options: `unfilteredOptions` - re-added allowed options for `toJSON` - one unsolved architecture problem: - if you override a function e.g. `edit` - then you should call `filterOptions` as first action - the base implementation of e.g. `edit` will call it again - future improvement * Removed `findOne` from Invite model - no longer needed, the base implementation is the same
2018-02-15 12:53:53 +03:00
edit: function (data, unfilteredOptions) {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const options = this.filterOptions(unfilteredOptions, 'edit');
const self = this;
Use current user in models closes #2058 - fixed apiContext as suggested in the issue - added user to options object for models - added api.users.register() for public registration - changed models to use options.user for created_by, updated_by, author_id and published_by - added override to session model to avoid created_by and updated_by values - added user (id: 1) to tests - added user (id: 1) for registration - added user (id: 1) for import, fixtures and default settings - added user (id: 1) for user update - added user (id: 1) for settings update (dbHash, installedApps, update check) - updated bookshelf to version 0.6.8
2014-04-03 17:03:09 +04:00
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData
2014-05-08 16:41:19 +04:00
if (!Array.isArray(data)) {
data = [data];
Changes to Settings Model - add email default setting to fixture - make settings a single model - create UNIQUE index on setting keys
2013-06-08 09:03:55 +04:00
}
Use current user in models closes #2058 - fixed apiContext as suggested in the issue - added user to options object for models - added api.users.register() for public registration - changed models to use options.user for created_by, updated_by, author_id and published_by - added override to session model to avoid created_by and updated_by values - added user (id: 1) to tests - added user (id: 1) for registration - added user (id: 1) for import, fixtures and default settings - added user (id: 1) for user update - added user (id: 1) for settings update (dbHash, installedApps, update check) - updated bookshelf to version 0.6.8
2014-04-03 17:03:09 +04:00
Replace the when promise library with bluebird. Closes #968
2014-08-17 10:17:23 +04:00
return Promise.map(data, function (item) {
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
// Accept an array of models as input
Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file
2017-12-12 00:47:46 +03:00
if (item.toJSON) {
item = item.toJSON();
}
Settings API Primary Document refactor Closes #2606 - Refactor settings api responses to { settings: [ ] } format - Update all code using api.settings to handle new response format - Update test stubs to return new format - Update client site settings model to parse new format into one object of key/value pairs - Refactor to include all setting values - Remove unused settingsCollection method - Update settingsCache to store all attributes - Update settingsResult to send all attributes - Remove unnecessary when() wraps - Reject if editing a setting that doesn't exist - Reject earlier if setting key is empty - Update tests with new error messages - Use setting.add instead of edit that was incorrectly adding - Update importer to properly import activePlugins and installedPlugins - Update expected setting result fields - Fix a weird situation where hasOwnProperty didn't exist :shrug:
2014-04-28 03:28:50 +04:00
if (!(_.isString(item.key) && item.key.length > 0)) {
Replaced i18n.t w/ tpl in core/server/models (#13464) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package. Co-authored-by: Aleksander Chromik <aleksander.chromik@footballco.com>
2021-10-06 13:43:54 +03:00
return Promise.reject(new errors.ValidationError({message: tpl(messages.valueCannotBeBlank)}));
Settings API Primary Document refactor Closes #2606 - Refactor settings api responses to { settings: [ ] } format - Update all code using api.settings to handle new response format - Update test stubs to return new format - Update client site settings model to parse new format into one object of key/value pairs - Refactor to include all setting values - Remove unused settingsCollection method - Update settingsCache to store all attributes - Update settingsResult to send all attributes - Remove unnecessary when() wraps - Reject if editing a setting that doesn't exist - Reject earlier if setting key is empty - Update tests with new error messages - Use setting.add instead of edit that was incorrectly adding - Update importer to properly import activePlugins and installedPlugins - Update expected setting result fields - Fix a weird situation where hasOwnProperty didn't exist :shrug:
2014-04-28 03:28:50 +04:00
}
Sanitize models' attributes/options before passing to bookshelf/knex closes #2653 - enforce strict whitelists for model methods - create a class method that reports a model method's valid options - create a class method that filters a model's valid attributes from data - create a class method that filters valid options from a model method's options hash
2014-05-06 05:45:08 +04:00
item = self.filterData(item);
Misc cleanup: moving files & naming functions
2015-06-14 18:58:49 +03:00
return Settings.forge({key: item.key}).fetch(options).then(function then(setting) {
Proper settings infrastructure, allowing new features without compromising old data. On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-02 05:49:08 +04:00
if (setting) {
Revert "Revert "Force UTC at process level""
2016-06-03 11:06:18 +03:00
// it's allowed to edit all attributes in case of importing/migrating
if (options.importing) {
Refactored to save settings only if value changes (#9194) refs #9192 - Each setting is saved individually - Update this to only happen on import, or when a value changes - Reduces the amount of work Ghost does on every setting change
2017-10-31 18:47:30 +03:00
return setting.save(item, options);
} else {
// If we have a value, set it.
Update Test & linting packages (major) (#10858) no issue - Updated Test & linting packages - Updated use of hasOwnProperty - Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins) - Removed already defined built-in global variable Intl - Applied `--fix` with lint command on `core/test` folder - The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes) - Removed redundant global variable declarations to pass linting
2019-07-05 14:40:43 +03:00
if (Object.prototype.hasOwnProperty.call(item, 'value')) {
Refactored to save settings only if value changes (#9194) refs #9192 - Each setting is saved individually - Update this to only happen on import, or when a value changes - Reduces the amount of work Ghost does on every setting change
2017-10-31 18:47:30 +03:00
setting.set('value', item.value);
}
// Internal context can overwrite type (for fixture migrations)
Update Test & linting packages (major) (#10858) no issue - Updated Test & linting packages - Updated use of hasOwnProperty - Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins) - Removed already defined built-in global variable Intl - Applied `--fix` with lint command on `core/test` folder - The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes) - Removed redundant global variable declarations to pass linting
2019-07-05 14:40:43 +03:00
if (options.context && options.context.internal && Object.prototype.hasOwnProperty.call(item, 'type')) {
Refactored to save settings only if value changes (#9194) refs #9192 - Each setting is saved individually - Update this to only happen on import, or when a value changes - Reduces the amount of work Ghost does on every setting change
2017-10-31 18:47:30 +03:00
setting.set('type', item.type);
}
// If anything has changed, save the updated model
if (setting.hasChanged()) {
return setting.save(null, options);
}
return setting;
Revert "Revert "Force UTC at process level""
2016-06-03 11:06:18 +03:00
}
Proper settings infrastructure, allowing new features without compromising old data. On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-02 05:49:08 +04:00
}
Use current user in models closes #2058 - fixed apiContext as suggested in the issue - added user to options object for models - added api.users.register() for public registration - changed models to use options.user for created_by, updated_by, author_id and published_by - added override to session model to avoid created_by and updated_by values - added user (id: 1) to tests - added user (id: 1) for registration - added user (id: 1) for import, fixtures and default settings - added user (id: 1) for user update - added user (id: 1) for settings update (dbHash, installedApps, update check) - updated bookshelf to version 0.6.8
2014-04-03 17:03:09 +04:00
Replaced i18n.t w/ tpl in core/server/models (#13464) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package. Co-authored-by: Aleksander Chromik <aleksander.chromik@footballco.com>
2021-10-06 13:43:54 +03:00
return Promise.reject(new errors.NotFoundError({message: tpl(messages.unableToFindSetting, {key: item.key})}));
🎨 configurable logging with bunyan (#7431) - 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w
2016-10-04 18:33:43 +03:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
});
Proper settings infrastructure, allowing new features without compromising old data. On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-02 05:49:08 +04:00
},
Updated Settings.populateDefaults() to account for available columns refs https://github.com/TryGhost/Ghost/issues/10318 `Settings.populateDefaults()` is run before migrations during Ghost's startup. This can cause problems when new settings table columns are added (and populated in `default-settings.json`) because `populateDefaults()` was using the model layer which assumes that those columns are available, resulting in `ER_BAD_FIELD_ERROR: Unknown column` type errors. - query the database for the available `settings` table columns - switch to using raw knex queries without Bookshelf for insertions so that we're in control of the columns that are added - use `_.pick` to skip any properties in `default-settings.json` that do not match to an available column - those columns will be added and populated by later migrations - moving away from using the model to insert settings has the side-effect of not emitting `settings.added/edited` and `settings.x.added/edited` events, this should be fine because `populateDefaults()` is called before anything else is set up and listening - added a call to `populateDefaults()` in our knex-migrator "before migration" hook so that we have consistent db state across both startup initialised migrations and manually triggered knex migrations
2020-06-25 16:22:15 +03:00
populateDefaults: async function populateDefaults(unfilteredOptions) {
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
const options = this.filterOptions(unfilteredOptions, 'populateDefaults');
const self = this;
🔥 🎨 No more updateSettingsCache (#8090) no issue 🔥 Remove unnecessary cache update 🎨 simplify updateSettingsCache() 🎨 Simplify readSettingsResult - although this is more code, it's now much clearer what happens in the two cases 🎨 Don't use readSettingResult for edit 🎨 Simplify updateSettingsCache further 🔥 Remove now unused readSettingsResult 🎨 Change populateDefault to return all 🎨 Move the findAll call out of updateSettingsCache 🔥 Remove updateSettingsCache!! 🎨 Restructure init & finish up settingsCache - move initialisation into settingsCache.init AT LAST - change settingCache to use cloneDeep, so that the object can't be modified outside of the functions - add lots of docs to settings cache 🎨 Cleanup db api endpoints 🔥 Don't populate settings in migrations
2017-03-03 01:00:01 +03:00
Sorted out the mixed usages of `include` and `withRelated` (#9425) no issue - this commit cleans up the usages of `include` and `withRelated`. ### API layer (`include`) - as request parameter e.g. `?include=roles,tags` - as theme API parameter e.g. `{{get .... include="author"}}` - as internal API access e.g. `api.posts.browse({include: 'author,tags'})` - the `include` notation is more readable than `withRelated` - and it allows us to use a different easier format (comma separated list) - the API utility transforms these more readable properties into model style (or into Ghost style) ### Model access (`withRelated`) - e.g. `models.Post.findPage({withRelated: ['tags']})` - driven by bookshelf --- Commits explained. * Reorder the usage of `convertOptions` - 1. validation - 2. options convertion - 3. permissions - the reason is simple, the permission layer access the model layer - we have to prepare the options before talking to the model layer - added `convertOptions` where it was missed (not required, but for consistency reasons) * Use `withRelated` when accessing the model layer and use `include` when accessing the API layer * Change `convertOptions` API utiliy - API Usage - ghost.api(..., {include: 'tags,authors'}) - `include` should only be used when calling the API (either via request or via manual usage) - `include` is only for readability and easier format - Ghost (Model Layer Usage) - models.Post.findOne(..., {withRelated: ['tags', 'authors']}) - should only use `withRelated` - model layer cannot read 'tags,authors` - model layer has no idea what `include` means, speaks a different language - `withRelated` is bookshelf - internal usage * include-count plugin: use `withRelated` instead of `include` - imagine you outsource this plugin to git and publish it to npm - `include` is an unknown option in bookshelf * Updated `permittedOptions` in base model - `include` is no longer a known option * Remove all occurances of `include` in the model layer * Extend `filterOptions` base function - this function should be called as first action - we clone the unfiltered options - check if you are using `include` (this is a protection which could help us in the beginning) - check for permitted and (later on default `withRelated`) options - the usage is coming in next commit * Ensure we call `filterOptions` as first action - use `ghostBookshelf.Model.filterOptions` as first action - consistent naming pattern for incoming options: `unfilteredOptions` - re-added allowed options for `toJSON` - one unsolved architecture problem: - if you override a function e.g. `edit` - then you should call `filterOptions` as first action - the base implementation of e.g. `edit` will call it again - future improvement * Removed `findOne` from Invite model - no longer needed, the base implementation is the same
2018-02-15 12:53:53 +03:00
if (!options.context) {
options.context = internalContext.context;
}
improvement: migrations (#7000) closes #6972, #6574 - run each database version as top level transaction - run migrations in correct order
2016-07-14 13:59:42 +03:00
Updated Settings.populateDefaults() to account for available columns refs https://github.com/TryGhost/Ghost/issues/10318 `Settings.populateDefaults()` is run before migrations during Ghost's startup. This can cause problems when new settings table columns are added (and populated in `default-settings.json`) because `populateDefaults()` was using the model layer which assumes that those columns are available, resulting in `ER_BAD_FIELD_ERROR: Unknown column` type errors. - query the database for the available `settings` table columns - switch to using raw knex queries without Bookshelf for insertions so that we're in control of the columns that are added - use `_.pick` to skip any properties in `default-settings.json` that do not match to an available column - those columns will be added and populated by later migrations - moving away from using the model to insert settings has the side-effect of not emitting `settings.added/edited` and `settings.x.added/edited` events, this should be fine because `populateDefaults()` is called before anything else is set up and listening - added a call to `populateDefaults()` in our knex-migrator "before migration" hook so that we have consistent db state across both startup initialised migrations and manually triggered knex migrations
2020-06-25 16:22:15 +03:00
// this is required for sqlite to pick up the columns after db init
await ghostBookshelf.knex.destroy();
await ghostBookshelf.knex.initialize();
Refactored default settings population to reduce unnecessary DB queries refs https://github.com/TryGhost/Toolbox/issues/202 - this code suffers from two problems: - when we don't have any new settings to insert, we still end up fetching the columnInfo and owner info, even though we only need them if we're inserting data. This results in 3 extra queries upon boot - secondly, we insert every setting with a separate query - MySQL and SQLite both support batch inserts and knex has a utility to help us that I've [used before](https://github.com/TryGhost/knex-migrator/commit/38821c52426f57a502b3ac859a2970bfa0b1e08f). With 95 settings at the time of writing, this adds 94 extra queries during the DB init - this commit refactors the code so that we only fetch the columnInfo and owner data if we've got new settings to insert, and batches the inserts using knex's batchInsert util - this query results in ~95 less queries during DB init and saves a couple of queries during boot
2022-02-08 11:04:09 +03:00
const allSettings = await this.findAll(options);
Updated Settings.populateDefaults() to account for available columns refs https://github.com/TryGhost/Ghost/issues/10318 `Settings.populateDefaults()` is run before migrations during Ghost's startup. This can cause problems when new settings table columns are added (and populated in `default-settings.json`) because `populateDefaults()` was using the model layer which assumes that those columns are available, resulting in `ER_BAD_FIELD_ERROR: Unknown column` type errors. - query the database for the available `settings` table columns - switch to using raw knex queries without Bookshelf for insertions so that we're in control of the columns that are added - use `_.pick` to skip any properties in `default-settings.json` that do not match to an available column - those columns will be added and populated by later migrations - moving away from using the model to insert settings has the side-effect of not emitting `settings.added/edited` and `settings.x.added/edited` events, this should be fine because `populateDefaults()` is called before anything else is set up and listening - added a call to `populateDefaults()` in our knex-migrator "before migration" hook so that we have consistent db state across both startup initialised migrations and manually triggered knex migrations
2020-06-25 16:22:15 +03:00
Refactored default settings population to reduce unnecessary DB queries refs https://github.com/TryGhost/Toolbox/issues/202 - this code suffers from two problems: - when we don't have any new settings to insert, we still end up fetching the columnInfo and owner info, even though we only need them if we're inserting data. This results in 3 extra queries upon boot - secondly, we insert every setting with a separate query - MySQL and SQLite both support batch inserts and knex has a utility to help us that I've [used before](https://github.com/TryGhost/knex-migrator/commit/38821c52426f57a502b3ac859a2970bfa0b1e08f). With 95 settings at the time of writing, this adds 94 extra queries during the DB init - this commit refactors the code so that we only fetch the columnInfo and owner data if we've got new settings to insert, and batches the inserts using knex's batchInsert util - this query results in ~95 less queries during DB init and saves a couple of queries during boot
2022-02-08 11:04:09 +03:00
const usedKeys = allSettings.models.map(function mapper(setting) {
return setting.get('key');
});
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted!
2020-04-29 18:44:27 +03:00
Refactored default settings population to reduce unnecessary DB queries refs https://github.com/TryGhost/Toolbox/issues/202 - this code suffers from two problems: - when we don't have any new settings to insert, we still end up fetching the columnInfo and owner info, even though we only need them if we're inserting data. This results in 3 extra queries upon boot - secondly, we insert every setting with a separate query - MySQL and SQLite both support batch inserts and knex has a utility to help us that I've [used before](https://github.com/TryGhost/knex-migrator/commit/38821c52426f57a502b3ac859a2970bfa0b1e08f). With 95 settings at the time of writing, this adds 94 extra queries during the DB init - this commit refactors the code so that we only fetch the columnInfo and owner data if we've got new settings to insert, and batches the inserts using knex's batchInsert util - this query results in ~95 less queries during DB init and saves a couple of queries during boot
2022-02-08 11:04:09 +03:00
const settingsToInsert = [];
_.each(getDefaultSettings(), function forEachDefault(defaultSetting, defaultSettingKey) {
const isMissingFromDB = usedKeys.indexOf(defaultSettingKey) === -1;
if (isMissingFromDB) {
defaultSetting.value = defaultSetting.getDefaultValue();
settingsToInsert.push(defaultSetting);
}
});
Proper settings infrastructure, allowing new features without compromising old data. On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-02 05:49:08 +04:00
Refactored default settings population to reduce unnecessary DB queries refs https://github.com/TryGhost/Toolbox/issues/202 - this code suffers from two problems: - when we don't have any new settings to insert, we still end up fetching the columnInfo and owner info, even though we only need them if we're inserting data. This results in 3 extra queries upon boot - secondly, we insert every setting with a separate query - MySQL and SQLite both support batch inserts and knex has a utility to help us that I've [used before](https://github.com/TryGhost/knex-migrator/commit/38821c52426f57a502b3ac859a2970bfa0b1e08f). With 95 settings at the time of writing, this adds 94 extra queries during the DB init - this commit refactors the code so that we only fetch the columnInfo and owner data if we've got new settings to insert, and batches the inserts using knex's batchInsert util - this query results in ~95 less queries during DB init and saves a couple of queries during boot
2022-02-08 11:04:09 +03:00
if (settingsToInsert.length > 0) {
// fetch available columns to avoid populating columns not yet created by migrations
const columnInfo = await ghostBookshelf.knex.table('settings').columnInfo();
const columns = Object.keys(columnInfo);
// fetch other data that is used when inserting new settings
const date = ghostBookshelf.knex.raw('CURRENT_TIMESTAMP');
let owner;
try {
owner = await ghostBookshelf.model('User').getOwnerUser();
} catch (e) {
// in some tests the owner is deleted and not recreated before setup
if (e.errorType === 'NotFoundError') {
owner = {id: 1};
} else {
throw e;
Proper settings infrastructure, allowing new features without compromising old data. On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-02 05:49:08 +04:00
}
Refactored default settings population to reduce unnecessary DB queries refs https://github.com/TryGhost/Toolbox/issues/202 - this code suffers from two problems: - when we don't have any new settings to insert, we still end up fetching the columnInfo and owner info, even though we only need them if we're inserting data. This results in 3 extra queries upon boot - secondly, we insert every setting with a separate query - MySQL and SQLite both support batch inserts and knex has a utility to help us that I've [used before](https://github.com/TryGhost/knex-migrator/commit/38821c52426f57a502b3ac859a2970bfa0b1e08f). With 95 settings at the time of writing, this adds 94 extra queries during the DB init - this commit refactors the code so that we only fetch the columnInfo and owner data if we've got new settings to insert, and batches the inserts using knex's batchInsert util - this query results in ~95 less queries during DB init and saves a couple of queries during boot
2022-02-08 11:04:09 +03:00
}
const settingsDataToInsert = settingsToInsert.map((setting) => {
const settingValues = Object.assign({}, setting, {
id: ObjectID().toHexString(),
created_at: date,
created_by: owner.id,
updated_at: date,
updated_by: owner.id
});
Proper settings infrastructure, allowing new features without compromising old data. On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-02 05:49:08 +04:00
Refactored default settings population to reduce unnecessary DB queries refs https://github.com/TryGhost/Toolbox/issues/202 - this code suffers from two problems: - when we don't have any new settings to insert, we still end up fetching the columnInfo and owner info, even though we only need them if we're inserting data. This results in 3 extra queries upon boot - secondly, we insert every setting with a separate query - MySQL and SQLite both support batch inserts and knex has a utility to help us that I've [used before](https://github.com/TryGhost/knex-migrator/commit/38821c52426f57a502b3ac859a2970bfa0b1e08f). With 95 settings at the time of writing, this adds 94 extra queries during the DB init - this commit refactors the code so that we only fetch the columnInfo and owner data if we've got new settings to insert, and batches the inserts using knex's batchInsert util - this query results in ~95 less queries during DB init and saves a couple of queries during boot
2022-02-08 11:04:09 +03:00
return _.pick(settingValues, columns);
🔥 🎨 No more updateSettingsCache (#8090) no issue 🔥 Remove unnecessary cache update 🎨 simplify updateSettingsCache() 🎨 Simplify readSettingsResult - although this is more code, it's now much clearer what happens in the two cases 🎨 Don't use readSettingResult for edit 🎨 Simplify updateSettingsCache further 🔥 Remove now unused readSettingsResult 🎨 Change populateDefault to return all 🎨 Move the findAll call out of updateSettingsCache 🔥 Remove updateSettingsCache!! 🎨 Restructure init & finish up settingsCache - move initialisation into settingsCache.init AT LAST - change settingCache to use cloneDeep, so that the object can't be modified outside of the functions - add lots of docs to settings cache 🎨 Cleanup db api endpoints 🔥 Don't populate settings in migrations
2017-03-03 01:00:01 +03:00
});
Refactored default settings population to reduce unnecessary DB queries refs https://github.com/TryGhost/Toolbox/issues/202 - this code suffers from two problems: - when we don't have any new settings to insert, we still end up fetching the columnInfo and owner info, even though we only need them if we're inserting data. This results in 3 extra queries upon boot - secondly, we insert every setting with a separate query - MySQL and SQLite both support batch inserts and knex has a utility to help us that I've [used before](https://github.com/TryGhost/knex-migrator/commit/38821c52426f57a502b3ac859a2970bfa0b1e08f). With 95 settings at the time of writing, this adds 94 extra queries during the DB init - this commit refactors the code so that we only fetch the columnInfo and owner data if we've got new settings to insert, and batches the inserts using knex's batchInsert util - this query results in ~95 less queries during DB init and saves a couple of queries during boot
2022-02-08 11:04:09 +03:00
await ghostBookshelf.knex
.batchInsert('settings', settingsDataToInsert);
return self.findAll(options);
}
return allSettings;
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
},
Remove External Apps - Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years. - We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work - This cleans up the remainder of the logic - The tables should be cleaned up in a future major
2020-03-19 18:23:10 +03:00
permissible: function permissible(modelId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasApiKeyPermission) {
if (hasUserPermission && hasApiKeyPermission) {
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
return Promise.resolve();
}
Refactored `common` lib import to use destructuring (#11835) * refactored `core/frontend/apps` to destructure common imports * refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports * refactored `core/frontend/services/settings` to destructure common imports * refactored remaining `core/frontend/services` to destructure common imports * refactored `core/server/adapters` to destructure common imports * refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports * refactored `core/server/data/importer` to destructure common imports * refactored `core/server/models/{base, plugins, relations}` to destructure common imports * refactored remaining `core/server/models` to destructure common imports * refactored `core/server/api/canary/utils/serializers/output` to destructure common imports * refactored remaining `core/server/api/canary/utils` to destructure common imports * refactored remaining `core/server/api/canary` to destructure common imports * refactored `core/server/api/shared` to destructure common imports * refactored `core/server/api/v2/utils` to destructure common imports * refactored remaining `core/server/api/v2` to destructure common imports * refactored `core/frontend/meta` to destructure common imports * fixed some tests referencing `common.errors` instead of `@tryghost/errors` - Not all of them need to be updated; only updating the ones that are causing failures * fixed errors import being shadowed by local scope
2020-05-22 21:22:20 +03:00
return Promise.reject(new errors.NoPermissionError({
Replaced i18n.t w/ tpl in core/server/models (#13464) refs: #13380 - The i18n package is deprecated. It is being replaced with the tpl package. Co-authored-by: Aleksander Chromik <aleksander.chromik@footballco.com>
2021-10-06 13:43:54 +03:00
message: tpl(messages.notEnoughPermission)
Added permission restrictions to editing members flag (#11217) no issue - Added test cases to check edit permission on settings endpoints - Added test to demonstrate owner-only being able to toggle members flag - Permission check when editing settings `lab.members` - Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure. - Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame" - Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 11:26:54 +03:00
}));
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
},
validators: {
async all(model) {
const settingName = model.get('key');
const settingDefault = getDefaultSettings()[settingName];
if (!settingDefault) {
return;
}
// Basic validations from default-settings.json
Renamed validation to validator + better public API - renamed our internal validation library to "validator" - which is the same as the tool it wraps - updated the public api so that validator methods are directly exposed - this will make it a drop-in replacement for validator-js - in turn, this allows us to pull this out into @tryghost/validator, and use our own wrapper instead of the 3rd party library
2021-06-15 17:32:36 +03:00
const validationErrors = validator.validate(
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
model.get('value'),
model.get('key'),
settingDefault.validations,
'settings'
);
if (validationErrors.length) {
Added linting for use of @tryghost/errors refs: https://github.com/TryGhost/Toolbox/issues/147 Errors in @tryghost/errors rely on being called with an object (with a `message` member) rather than with a string.
2021-12-01 14:22:14 +03:00
throw new errors.ValidationError({message: validationErrors.join('\n')});
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
}
},
Added labs setting input validation refs https://github.com/TryGhost/Team/issues/757 - To safeguard from mise of a very permissing "object" value of the "labs" setting this change introduces an "allowlist" approach to filtering unrecognized labs flags - Should allow maintainers to have a clear view of which labs flags are currently in use and manage them accordingly
2021-06-04 18:56:16 +03:00
async labs(model) {
const flags = JSON.parse(model.get('value'));
for (const flag in flags) {
if (!WRITABLE_KEYS_ALLOWLIST.includes(flag)) {
throw new errors.ValidationError({
message: `Settings lab value cannot have value other then ${WRITABLE_KEYS_ALLOWLIST.join(', ')}`
});
}
}
},
🐛 Fixed importing Stripe Plans with amount 0 (#12062) closes #12049 Stripe plans used to default to 0, and our new validation of plan amounts were causing issues when importing from an older version of Ghost, this updates the validation to be skipped when importing. - Added regression test for importing plans
2020-07-20 15:59:23 +03:00
async stripe_plans(model, options) {
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
const plans = JSON.parse(model.get('value'));
for (const plan of plans) {
🐛 Fixed importing Stripe Plans with amount 0 (#12062) closes #12049 Stripe plans used to default to 0, and our new validation of plan amounts were causing issues when importing from an older version of Ghost, this updates the validation to be skipped when importing. - Added regression test for importing plans
2020-07-20 15:59:23 +03:00
// Stripe plans used to be allowed (and defaulted to!) 0 amount plans
// this causes issues to people importing from older versions of Ghost
// even if they don't use Members/Stripe
// issue: https://github.com/TryGhost/Ghost/issues/12049
if (!options.importing) {
// We check 100, not 1, because amounts are in fractional units
if (plan.amount < 100 && plan.name !== 'Complimentary') {
throw new errors.ValidationError({
message: 'Plans cannot have an amount less than 1'
});
}
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
}
if (typeof plan.name !== 'string') {
throw new errors.ValidationError({
message: 'Plan must have a name'
});
}
if (typeof plan.currency !== 'string') {
throw new errors.ValidationError({
message: 'Plan must have a currency'
});
}
if (!['year', 'month', 'week', 'day'].includes(plan.interval)) {
throw new errors.ValidationError({
message: 'Plan interval must be one of: year, month, week or day'
});
}
}
},
// @TODO: Maybe move some of the logic into the members service, exporting an isValidStripeKey
// method which can be called here, cleaning up the duplication, but not removing control
async stripe_secret_key(model) {
const value = model.get('value');
if (value === null) {
return;
}
const secretKeyRegex = /(?:sk|rk)_(?:test|live)_[\da-zA-Z]{1,247}$/;
if (!secretKeyRegex.test(value)) {
throw new errors.ValidationError({
message: `stripe_secret_key did not match ${secretKeyRegex}`
});
}
},
async stripe_publishable_key(model) {
const value = model.get('value');
if (value === null) {
return;
}
Fixed settings validation error not distinguishing between publishable/secret keys no issue - when saving Stripe keys with `stripeDirect: true` config, if either key didn't match the key format the returned validation error always contained `stripe_secret_key` - updated to output `stripe_publishable_key` if it was the publishable key that was invalid
2021-02-03 19:42:51 +03:00
const publishableKeyRegex = /pk_(?:test|live)_[\da-zA-Z]{1,247}$/;
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
Fixed settings validation error not distinguishing between publishable/secret keys no issue - when saving Stripe keys with `stripeDirect: true` config, if either key didn't match the key format the returned validation error always contained `stripe_secret_key` - updated to output `stripe_publishable_key` if it was the publishable key that was invalid
2021-02-03 19:42:51 +03:00
if (!publishableKeyRegex.test(value)) {
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
throw new errors.ValidationError({
Fixed settings validation error not distinguishing between publishable/secret keys no issue - when saving Stripe keys with `stripeDirect: true` config, if either key didn't match the key format the returned validation error always contained `stripe_secret_key` - updated to output `stripe_publishable_key` if it was the publishable key that was invalid
2021-02-03 19:42:51 +03:00
message: `stripe_publishable_key did not match ${publishableKeyRegex}`
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
});
}
},
async stripe_connect_secret_key(model) {
const value = model.get('value');
if (value === null) {
return;
}
const secretKeyRegex = /(?:sk|rk)_(?:test|live)_[\da-zA-Z]{1,247}$/;
if (!secretKeyRegex.test(value)) {
throw new errors.ValidationError({
message: `stripe_secret_key did not match ${secretKeyRegex}`
});
}
},
async stripe_connect_publishable_key(model) {
const value = model.get('value');
if (value === null) {
return;
}
Fixed settings validation error not distinguishing between publishable/secret keys no issue - when saving Stripe keys with `stripeDirect: true` config, if either key didn't match the key format the returned validation error always contained `stripe_secret_key` - updated to output `stripe_publishable_key` if it was the publishable key that was invalid
2021-02-03 19:42:51 +03:00
const publishableKeyRegex = /pk_(?:test|live)_[\da-zA-Z]{1,247}$/;
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
Fixed settings validation error not distinguishing between publishable/secret keys no issue - when saving Stripe keys with `stripeDirect: true` config, if either key didn't match the key format the returned validation error always contained `stripe_secret_key` - updated to output `stripe_publishable_key` if it was the publishable key that was invalid
2021-02-03 19:42:51 +03:00
if (!publishableKeyRegex.test(value)) {
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
throw new errors.ValidationError({
Fixed settings validation error not distinguishing between publishable/secret keys no issue - when saving Stripe keys with `stripeDirect: true` config, if either key didn't match the key format the returned validation error always contained `stripe_secret_key` - updated to output `stripe_publishable_key` if it was the publishable key that was invalid
2021-02-03 19:42:51 +03:00
message: `stripe_publishable_key did not match ${publishableKeyRegex}`
Improved settings validation (#12048) closes #12001 * Moved settings validation to the model This moves the settings validation out of the validation file and into the model, as it is _only_ used there. It also sets us up in the future for custom validators on individual settings. * Improved validation of stripe_plans setting - Checks `interval` is a valid string - Checks `name` & `currency` are strings * Moved stripe key validation into model The stripe key settings are all nullable and the regex validation fails when the input is `null`. Rather than reworking the entirety of how we validate with default-settings validation objects, this moves the validation into methods on the Settings model. * Added tests for new setting validations Adds tests for both valid and invalid settings, as well as helpers making future tests easier and less repetitive
2020-07-15 18:11:27 +03:00
});
}
}
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
}
});
Changes to Settings Model - add email default setting to fixture - make settings a single model - create UNIQUE index on setting keys
2013-06-08 09:03:55 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
module.exports = {
Use bookshelf's model registry plugin Refs #2170 This removes the circular dependency problem from our models thanks to https://github.com/tgriesser/bookshelf/issues/181 - add the registry plugin - switch all models and collections to be registered - switch relationships to be defined using a string, which calls from the registry
2014-07-13 15:17:18 +04:00
Settings: ghostBookshelf.model('Settings', Settings)
Proper settings infrastructure, allowing new features without compromising old data. On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-02 05:49:08 +04:00
};
Reference in New Issue Copy Permalink