Ghost/core/server/services/settings/index.js

/**
 * Settings Lib
 * A collection of utilities for handling settings including a cache
 */
const events = require('../../lib/common/events');
const models = require('../../models');
const SettingsCache = require('../../../shared/settings-cache');
const SettingsBREADService = require('./settings-bread-service');

// The string returned when a setting is set as write-only
const obfuscatedSetting = '••••••••';

// The function used to decide whether a setting is write-only
function isSecretSetting(setting) {
    return /secret/.test(setting.key);
}

// The function that obfuscates a write-only setting
// NOTE: move this method into SettingsBREADService once once refactoring is finished
function hideValueIfSecret(setting) {
    if (setting.value && isSecretSetting(setting)) {
        return {...setting, value: obfuscatedSetting};
    }
    return setting;
}

/**
 * @returns {SettingsBREADService} instance of the PostsService
 */
const getSettingsBREADServiceInstance = () => {
    return new SettingsBREADService({
        settingsCache: SettingsCache
    });
};

module.exports = {
    /**
     * Initialize the cache, used in boot and in testing
     */
    async init() {
        const settingsCollection = await models.Settings.populateDefaults();
        SettingsCache.init(events, settingsCollection);
    },

    /**
     * Shutdown the cache, used in force boot during testing
     */
    shutdown() {
        SettingsCache.reset(events);
    },

    /**
     * Handles synchronization of routes.yaml hash loaded in the frontend with
     * the value stored in the settings table.
     * getRoutesHash is a function to allow keeping "frontend" decoupled from settings
     *
     * @param {function} getRoutesHash function fetching currently loaded routes file hash
     */
    async syncRoutesHash(getRoutesHash) {
        const currentRoutesHash = await getRoutesHash();

        if (SettingsCache.get('routes_hash') !== currentRoutesHash) {
            return await models.Settings.edit([{
                key: 'routes_hash',
                value: currentRoutesHash
            }], {context: {internal: true}});
        }
    },

    /**
     * Handles email setting synchronization when email has been verified per instance
     *
     * @param {boolean} configValue current email verification value from local config
     */
    async syncEmailSettings(configValue) {
        const isEmailDisabled = SettingsCache.get('email_verification_required');

        if (configValue === true && isEmailDisabled) {
            return await models.Settings.edit([{
                key: 'email_verification_required',
                value: false
            }], {context: {internal: true}});
        }
    },

    obfuscatedSetting,
    isSecretSetting,
    hideValueIfSecret,
    getSettingsBREADServiceInstance
};
🎨 Move settings cache & cleanup settings API (#8057) closes #8037 🔥 Remove API-level default settings population - This is a relic! - We ALWAYS populate defaults on server start therefore this code could never run. - This was a lot of complicated code that wasn't even needed!! 🎨 Move settings cache - Move settings cache to be its own thing - Update all references - Adds TODOs for further cleanup 🎨 Create settings initialisation step - Create new settings library, which will eventually house more code - Unify the interface for initialising settings (will be more useful later) - Reduce number of calls to updateSettingsCache 2017-02-27 18:53:04 +03:00			`/**`
			`* Settings Lib`
			`* A collection of utilities for handling settings including a cache`
			`*/`
Refactored SettingsCache to get events through DI - requiring lib/common/events makes the settings cache tightly coupled to the server - moving this up to settings index means the cache itself can be moved to a shared component/moved out of Ghost - the index then becomes the settings manager - questionable whether the event listeners & updater part of this shouldn't be part of a manager, independent of the actual cache 🤔 2021-06-30 16:26:59 +03:00			`const events = require('../../lib/common/events');`
Extracted settings service part manipulating routes.yaml (#10800) refs #10790 refs #9528 - The settings service was designed to handle more settings then just routing, but till this day there wasn't anything else added. As routes.yaml is only being used by frontend router so conceptually it fits better to have this code in frontend, so that it doesn't have to reach out to server - The code left in server settings is the one that interacts with the database `settings` table and only partially provides information to frontend. That part is known as 'settings cache' and will be accessed through API controllers. 2019-06-25 19:33:56 +03:00			`const models = require('../../models');`
Moved settings/cache to shared/settings-cache - This is part of the quest to separate the frontend and server & get rid of all the places where there are cross-requires - At the moment the settings cache is one big shared cache used by the frontend and server liberally - This change doesn't really solve the fundamental problems, as we still depend on events, and requires from inside frontend - However it allows us to control the misuse slightly better by getting rid of restricted requires and turning on that eslint ruleset 2021-06-30 16:56:57 +03:00			`const SettingsCache = require('../../../shared/settings-cache');`
Removed method complexity in settings API controller refs https://github.com/TryGhost/Team/issues/694 refs https://linear.app/tryghost/issue/CORE-13 - The controller code is not meant to contain complex business logic. Reduced complexity in the settings.read method - Broke the usual "xxxService" naming pattern here in favor of "xxxBREADService" pattern that members package has been experimenting with recently (https://github.com/TryGhost/Members/blob/0469707f2e97c0edb18cea3d3486b7939182d55f/packages/members-api/lib/services/member-bread.js#L25). This naming choice was made because we already had a "SettingsService" and it would've become quite convoluted distinguishing the naming or doing renames for the sake of having a new temporary location for read/edit/add methods - Also duplicated `hideValueIfSecret` method code with an intention to move it fully into the BREAD service once the refactoring is completed 2021-09-20 16:40:34 +03:00			`const SettingsBREADService = require('./settings-bread-service');`
🎨 Move settings cache & cleanup settings API (#8057) closes #8037 🔥 Remove API-level default settings population - This is a relic! - We ALWAYS populate defaults on server start therefore this code could never run. - This was a lot of complicated code that wasn't even needed!! 🎨 Move settings cache - Move settings cache to be its own thing - Update all references - Adds TODOs for further cleanup 🎨 Create settings initialisation step - Create new settings library, which will eventually house more code - Unify the interface for initialising settings (will be more useful later) - Reduce number of calls to updateSettingsCache 2017-02-27 18:53:04 +03:00
Fixed the previous commit commit https://github.com/TryGhost/Ghost/commit/375c71fc6aebe068c625c958e77c26071d4f39dc 2021-04-16 19:05:13 +03:00			`// The string returned when a setting is set as write-only`
			`const obfuscatedSetting = '••••••••';`

			`// The function used to decide whether a setting is write-only`
			`function isSecretSetting(setting) {`
			`return /secret/.test(setting.key);`
			`}`

			`// The function that obfuscates a write-only setting`
Removed method complexity in settings API controller refs https://github.com/TryGhost/Team/issues/694 refs https://linear.app/tryghost/issue/CORE-13 - The controller code is not meant to contain complex business logic. Reduced complexity in the settings.read method - Broke the usual "xxxService" naming pattern here in favor of "xxxBREADService" pattern that members package has been experimenting with recently (https://github.com/TryGhost/Members/blob/0469707f2e97c0edb18cea3d3486b7939182d55f/packages/members-api/lib/services/member-bread.js#L25). This naming choice was made because we already had a "SettingsService" and it would've become quite convoluted distinguishing the naming or doing renames for the sake of having a new temporary location for read/edit/add methods - Also duplicated `hideValueIfSecret` method code with an intention to move it fully into the BREAD service once the refactoring is completed 2021-09-20 16:40:34 +03:00			`// NOTE: move this method into SettingsBREADService once once refactoring is finished`
Fixed the previous commit commit https://github.com/TryGhost/Ghost/commit/375c71fc6aebe068c625c958e77c26071d4f39dc 2021-04-16 19:05:13 +03:00			`function hideValueIfSecret(setting) {`
			`if (setting.value && isSecretSetting(setting)) {`
			`return {...setting, value: obfuscatedSetting};`
			`}`
			`return setting;`
			`}`

Removed method complexity in settings API controller refs https://github.com/TryGhost/Team/issues/694 refs https://linear.app/tryghost/issue/CORE-13 - The controller code is not meant to contain complex business logic. Reduced complexity in the settings.read method - Broke the usual "xxxService" naming pattern here in favor of "xxxBREADService" pattern that members package has been experimenting with recently (https://github.com/TryGhost/Members/blob/0469707f2e97c0edb18cea3d3486b7939182d55f/packages/members-api/lib/services/member-bread.js#L25). This naming choice was made because we already had a "SettingsService" and it would've become quite convoluted distinguishing the naming or doing renames for the sake of having a new temporary location for read/edit/add methods - Also duplicated `hideValueIfSecret` method code with an intention to move it fully into the BREAD service once the refactoring is completed 2021-09-20 16:40:34 +03:00			`/**`
			`* @returns {SettingsBREADService} instance of the PostsService`
			`*/`
			`const getSettingsBREADServiceInstance = () => {`
			`return new SettingsBREADService({`
			`settingsCache: SettingsCache`
			`});`
			`};`

🎨 Move settings cache & cleanup settings API (#8057) closes #8037 🔥 Remove API-level default settings population - This is a relic! - We ALWAYS populate defaults on server start therefore this code could never run. - This was a lot of complicated code that wasn't even needed!! 🎨 Move settings cache - Move settings cache to be its own thing - Update all references - Adds TODOs for further cleanup 🎨 Create settings initialisation step - Create new settings library, which will eventually house more code - Unify the interface for initialising settings (will be more useful later) - Reduce number of calls to updateSettingsCache 2017-02-27 18:53:04 +03:00			`module.exports = {`
Refactored shutdown and reset for settings - shutdown removed listeners, which should really be done before adding them anyway! - reset sets the cache back to an empty object, which was already done by init - merge these into one reset function that fully resets the cache - all instances of shutdown were called before an init call, and now called during init, therefore these can be removed - acceptance utils had an instance of calling shutdown and reset together as part of stopping Ghost, reworked that to be clearer 2021-06-30 12:32:04 +03:00			`/**`
Swapped to American English spellings refs https://github.com/TryGhost/Ghost/commit/16728a3ef135851a7cc7c7c70c0f1b48f32096b5 2021-07-27 11:15:19 +03:00			`* Initialize the cache, used in boot and in testing`
Refactored shutdown and reset for settings - shutdown removed listeners, which should really be done before adding them anyway! - reset sets the cache back to an empty object, which was already done by init - merge these into one reset function that fully resets the cache - all instances of shutdown were called before an init call, and now called during init, therefore these can be removed - acceptance utils had an instance of calling shutdown and reset together as part of stopping Ghost, reworked that to be clearer 2021-06-30 12:32:04 +03:00			`*/`
Emitted all settings events on reinit of cache (#12012) closes #12003 There are a few parts of Ghost that rely on the settings events being emitted anytime a setting is changed, so that the data is kept in sync. When a setting is renamed in a migration essentially what happens is that the settings value is changed from a default value to its actual value, but this does no emit an event. Anything that is initialised before migrations have run that relies on the events to keep it up to date will have stale data - e.g. the themes i18n service. This change ensures that when we `reinit` after migrations have been run, we emit events for every setting to tell the rest of Ghost that it has changed. 2020-07-06 18:09:43 +03:00			`async init() {`
			`const settingsCollection = await models.Settings.populateDefaults();`
Refactored SettingsCache to get events through DI - requiring lib/common/events makes the settings cache tightly coupled to the server - moving this up to settings index means the cache itself can be moved to a shared component/moved out of Ghost - the index then becomes the settings manager - questionable whether the event listeners & updater part of this shouldn't be part of a manager, independent of the actual cache 🤔 2021-06-30 16:26:59 +03:00			`SettingsCache.init(events, settingsCollection);`
🐛 Fixed settings cache being out of sync after migrations (#11987) refs https://github.com/TryGhost/Ghost/issues/10318 - re-initialize settings cache after migrations by shutting down to clean up event listeners then and calling `init` again - important to ensure `db.ready` event is not emitted until settings have finished re-initializing to avoid problems with background processes using the db connection which is disconnected/re-connected or being kicked off with out-of-date settings 2020-07-01 19:16:57 +03:00			`},`

Refactored shutdown and reset for settings - shutdown removed listeners, which should really be done before adding them anyway! - reset sets the cache back to an empty object, which was already done by init - merge these into one reset function that fully resets the cache - all instances of shutdown were called before an init call, and now called during init, therefore these can be removed - acceptance utils had an instance of calling shutdown and reset together as part of stopping Ghost, reworked that to be clearer 2021-06-30 12:32:04 +03:00			`/**`
			`* Shutdown the cache, used in force boot during testing`
			`*/`
			`shutdown() {`
Refactored SettingsCache to get events through DI - requiring lib/common/events makes the settings cache tightly coupled to the server - moving this up to settings index means the cache itself can be moved to a shared component/moved out of Ghost - the index then becomes the settings manager - questionable whether the event listeners & updater part of this shouldn't be part of a manager, independent of the actual cache 🤔 2021-06-30 16:26:59 +03:00			`SettingsCache.reset(events);`
Refactored shutdown and reset for settings - shutdown removed listeners, which should really be done before adding them anyway! - reset sets the cache back to an empty object, which was already done by init - merge these into one reset function that fully resets the cache - all instances of shutdown were called before an init call, and now called during init, therefore these can be removed - acceptance utils had an instance of calling shutdown and reset together as part of stopping Ghost, reworked that to be clearer 2021-06-30 12:32:04 +03:00			`},`

Added routes.yaml content checksum storage to the db closes #11999 - When the routes.yaml file changes (manually or through API) we need to store a checksum to be able to optimize routes reloads in the future - Added mechanism to detect differences between stored and current routes.yaml hash value - Added routes.yaml sync on server boot - Added routes.yaml handling in controllers - Added routes hash synchronization method in core settings. It lives in core settings as it needs access to model layer. To avoid coupling with the frontend settings it accepts a function which has to resolve to a routes hash - Added note about settings validation side-effect. It mutates input! - Added async check for currently loaded routes hash - Extended frontend settings loader with async loader. The default behavior of the loader is to load settings syncronously for reasons spelled in https://github.com/TryGhost/Ghost/commit/0ac19dcf8419b20dd1005b6d88b44d55de2c1bff To avoid blocking the eventloop added async loading method - Refactored frontend setting loader for reusability of settings file path - Added integrity check test for routes.yaml file 2020-09-09 15:28:12 +03:00			`/**`
Fixed typo 2021-07-27 13:07:57 +03:00			`* Handles synchronization of routes.yaml hash loaded in the frontend with`
Added routes.yaml content checksum storage to the db closes #11999 - When the routes.yaml file changes (manually or through API) we need to store a checksum to be able to optimize routes reloads in the future - Added mechanism to detect differences between stored and current routes.yaml hash value - Added routes.yaml sync on server boot - Added routes.yaml handling in controllers - Added routes hash synchronization method in core settings. It lives in core settings as it needs access to model layer. To avoid coupling with the frontend settings it accepts a function which has to resolve to a routes hash - Added note about settings validation side-effect. It mutates input! - Added async check for currently loaded routes hash - Extended frontend settings loader with async loader. The default behavior of the loader is to load settings syncronously for reasons spelled in https://github.com/TryGhost/Ghost/commit/0ac19dcf8419b20dd1005b6d88b44d55de2c1bff To avoid blocking the eventloop added async loading method - Refactored frontend setting loader for reusability of settings file path - Added integrity check test for routes.yaml file 2020-09-09 15:28:12 +03:00			`* the value stored in the settings table.`
			`* getRoutesHash is a function to allow keeping "frontend" decoupled from settings`
			`*`
			`* @param {function} getRoutesHash function fetching currently loaded routes file hash`
			`*/`
			`async syncRoutesHash(getRoutesHash) {`
			`const currentRoutesHash = await getRoutesHash();`

			`if (SettingsCache.get('routes_hash') !== currentRoutesHash) {`
			`return await models.Settings.edit([{`
			`key: 'routes_hash',`
			`value: currentRoutesHash`
			`}], {context: {internal: true}});`
			`}`
🔒 Added a way to hide the secret settings once they are set issue https://github.com/TryGhost/Team/issues/621 2021-04-16 18:05:16 +03:00			`},`

Added email unfreeze for verified email config refs https://github.com/TryGhost/Team/issues/912 - When instance has "verified" email configuration it should remove email freeze and disallow future feezes 2021-07-27 13:07:11 +03:00			`/**`
			`* Handles email setting synchronization when email has been verified per instance`
			`*`
			`* @param {boolean} configValue current email verification value from local config`
			`*/`
			`async syncEmailSettings(configValue) {`
			`const isEmailDisabled = SettingsCache.get('email_verification_required');`

			`if (configValue === true && isEmailDisabled) {`
			`return await models.Settings.edit([{`
			`key: 'email_verification_required',`
			`value: false`
			`}], {context: {internal: true}});`
			`}`
			`},`

Fixed the previous commit commit https://github.com/TryGhost/Ghost/commit/375c71fc6aebe068c625c958e77c26071d4f39dc 2021-04-16 19:05:13 +03:00			`obfuscatedSetting,`
			`isSecretSetting,`
Removed method complexity in settings API controller refs https://github.com/TryGhost/Team/issues/694 refs https://linear.app/tryghost/issue/CORE-13 - The controller code is not meant to contain complex business logic. Reduced complexity in the settings.read method - Broke the usual "xxxService" naming pattern here in favor of "xxxBREADService" pattern that members package has been experimenting with recently (https://github.com/TryGhost/Members/blob/0469707f2e97c0edb18cea3d3486b7939182d55f/packages/members-api/lib/services/member-bread.js#L25). This naming choice was made because we already had a "SettingsService" and it would've become quite convoluted distinguishing the naming or doing renames for the sake of having a new temporary location for read/edit/add methods - Also duplicated `hideValueIfSecret` method code with an intention to move it fully into the BREAD service once the refactoring is completed 2021-09-20 16:40:34 +03:00			`hideValueIfSecret,`
			`getSettingsBREADServiceInstance`
🎨 Move settings cache & cleanup settings API (#8057) closes #8037 🔥 Remove API-level default settings population - This is a relic! - We ALWAYS populate defaults on server start therefore this code could never run. - This was a lot of complicated code that wasn't even needed!! 🎨 Move settings cache - Move settings cache to be its own thing - Update all references - Adds TODOs for further cleanup 🎨 Create settings initialisation step - Create new settings library, which will eventually house more code - Unify the interface for initialising settings (will be more useful later) - Reduce number of calls to updateSettingsCache 2017-02-27 18:53:04 +03:00			`};`