2021-01-21 11:57:52 +03:00
|
|
|
const Promise = require('bluebird');
|
|
|
|
|
const _ = require('lodash');
|
|
|
|
|
const models = require('../../models');
|
2021-06-28 14:09:02 +03:00
|
|
|
const routeSettings = require('../../services/route-settings');
|
2021-10-12 10:36:11 +03:00
|
|
|
const tpl = require('@tryghost/tpl');
|
2021-09-21 12:55:17 +03:00
|
|
|
const {BadRequestError, NoPermissionError} = require('@tryghost/errors');
|
2021-01-21 11:57:52 +03:00
|
|
|
const settingsService = require('../../services/settings');
|
|
|
|
|
const membersService = require('../../services/members');
|
|
|
|
|
|
2021-10-12 10:36:11 +03:00
|
|
|
const messages = {
|
|
|
|
|
error: 'Failed to send email.',
|
|
|
|
|
accessCoreSettingFromExtReq: 'Attempted to access core setting from external request'
|
|
|
|
|
};
|
|
|
|
|
|
2021-09-21 12:55:17 +03:00
|
|
|
const settingsBREADService = settingsService.getSettingsBREADServiceInstance();
|
|
|
|
|
|
2021-01-21 11:57:52 +03:00
|
|
|
module.exports = {
|
|
|
|
|
docName: 'settings',
|
|
|
|
|
|
|
|
|
|
browse: {
|
|
|
|
|
options: ['type', 'group'],
|
|
|
|
|
permissions: true,
|
|
|
|
|
query(frame) {
|
2021-09-21 12:57:30 +03:00
|
|
|
return settingsBREADService.browse(frame.options.context);
|
2021-01-21 11:57:52 +03:00
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
read: {
|
|
|
|
|
options: ['key'],
|
|
|
|
|
validation: {
|
|
|
|
|
options: {
|
|
|
|
|
key: {
|
|
|
|
|
required: true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
permissions: {
|
|
|
|
|
identifier(frame) {
|
|
|
|
|
return frame.options.key;
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
query(frame) {
|
2021-09-21 12:55:17 +03:00
|
|
|
return settingsBREADService.read(frame.options.key, frame.options.context);
|
2021-01-21 11:57:52 +03:00
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
validateMembersEmailUpdate: {
|
|
|
|
|
options: [
|
|
|
|
|
'token',
|
|
|
|
|
'action'
|
|
|
|
|
],
|
|
|
|
|
permissions: false,
|
|
|
|
|
validation: {
|
|
|
|
|
options: {
|
|
|
|
|
token: {
|
|
|
|
|
required: true
|
|
|
|
|
},
|
|
|
|
|
action: {
|
|
|
|
|
values: ['fromaddressupdate', 'supportaddressupdate']
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
async query(frame) {
|
|
|
|
|
// This is something you have to do if you want to use the "framework" with access to the raw req/res
|
|
|
|
|
frame.response = async function (req, res) {
|
|
|
|
|
try {
|
|
|
|
|
const {token, action} = frame.options;
|
|
|
|
|
const updatedEmailAddress = await membersService.settings.getEmailFromToken({token});
|
|
|
|
|
const actionToKeyMapping = {
|
|
|
|
|
fromAddressUpdate: 'members_from_address',
|
|
|
|
|
supportAddressUpdate: 'members_support_address'
|
|
|
|
|
};
|
|
|
|
|
if (updatedEmailAddress) {
|
|
|
|
|
return models.Settings.edit({
|
|
|
|
|
key: actionToKeyMapping[action],
|
|
|
|
|
value: updatedEmailAddress
|
|
|
|
|
}).then(() => {
|
|
|
|
|
// Redirect to Ghost-Admin settings page
|
|
|
|
|
const adminLink = membersService.settings.getAdminRedirectLink({type: action});
|
|
|
|
|
res.redirect(adminLink);
|
|
|
|
|
});
|
|
|
|
|
} else {
|
|
|
|
|
return Promise.reject(new BadRequestError({
|
|
|
|
|
message: 'Invalid token!'
|
|
|
|
|
}));
|
|
|
|
|
}
|
|
|
|
|
} catch (err) {
|
|
|
|
|
return Promise.reject(new BadRequestError({
|
|
|
|
|
err,
|
|
|
|
|
message: 'Invalid token!'
|
|
|
|
|
}));
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
updateMembersEmail: {
|
|
|
|
|
permissions: {
|
|
|
|
|
method: 'edit'
|
|
|
|
|
},
|
|
|
|
|
data: [
|
|
|
|
|
'email',
|
|
|
|
|
'type'
|
|
|
|
|
],
|
|
|
|
|
async query(frame) {
|
|
|
|
|
const {email, type} = frame.data;
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
// Send magic link to update fromAddress
|
|
|
|
|
await membersService.settings.sendEmailAddressUpdateMagicLink({
|
|
|
|
|
email,
|
|
|
|
|
type
|
|
|
|
|
});
|
|
|
|
|
} catch (err) {
|
|
|
|
|
throw new BadRequestError({
|
|
|
|
|
err,
|
2021-10-12 10:36:11 +03:00
|
|
|
message: tpl(messages.error)
|
2021-01-21 11:57:52 +03:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
disconnectStripeConnectIntegration: {
|
|
|
|
|
permissions: {
|
|
|
|
|
method: 'edit'
|
|
|
|
|
},
|
|
|
|
|
async query(frame) {
|
|
|
|
|
const hasActiveStripeSubscriptions = await membersService.api.hasActiveStripeSubscriptions();
|
|
|
|
|
if (hasActiveStripeSubscriptions) {
|
|
|
|
|
throw new BadRequestError({
|
|
|
|
|
message: 'Cannot disconnect Stripe whilst you have active subscriptions.'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return models.Settings.edit([{
|
|
|
|
|
key: 'stripe_connect_publishable_key',
|
|
|
|
|
value: null
|
|
|
|
|
}, {
|
|
|
|
|
key: 'stripe_connect_secret_key',
|
|
|
|
|
value: null
|
|
|
|
|
}, {
|
|
|
|
|
key: 'stripe_connect_livemode',
|
|
|
|
|
value: null
|
|
|
|
|
}, {
|
|
|
|
|
key: 'stripe_connect_display_name',
|
|
|
|
|
value: null
|
|
|
|
|
}, {
|
|
|
|
|
key: 'stripe_connect_account_id',
|
|
|
|
|
value: null
|
|
|
|
|
}], frame.options);
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
edit: {
|
|
|
|
|
headers: {
|
|
|
|
|
cacheInvalidate: true
|
|
|
|
|
},
|
|
|
|
|
permissions: {
|
|
|
|
|
unsafeAttrsObject(frame) {
|
|
|
|
|
return _.find(frame.data.settings, {key: 'labs'});
|
|
|
|
|
},
|
|
|
|
|
async before(frame) {
|
|
|
|
|
if (frame.options.context && frame.options.context.internal) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const firstCoreSetting = frame.data.settings.find(setting => setting.group === 'core');
|
|
|
|
|
if (firstCoreSetting) {
|
|
|
|
|
throw new NoPermissionError({
|
2021-10-12 10:36:11 +03:00
|
|
|
message: tpl(messages.accessCoreSettingFromExtReq)
|
2021-01-21 11:57:52 +03:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
async query(frame) {
|
2021-09-21 12:55:17 +03:00
|
|
|
let stripeConnectData;
|
2021-01-21 11:57:52 +03:00
|
|
|
const stripeConnectIntegrationToken = frame.data.settings.find(setting => setting.key === 'stripe_connect_integration_token');
|
|
|
|
|
|
|
|
|
|
if (stripeConnectIntegrationToken && stripeConnectIntegrationToken.value) {
|
|
|
|
|
const getSessionProp = prop => frame.original.session[prop];
|
2021-09-21 12:55:17 +03:00
|
|
|
|
|
|
|
|
stripeConnectData = await settingsBREADService.getStripeConnectData(
|
|
|
|
|
stripeConnectIntegrationToken,
|
|
|
|
|
getSessionProp,
|
|
|
|
|
membersService.stripeConnect.getStripeConnectTokenData
|
|
|
|
|
);
|
2021-01-21 11:57:52 +03:00
|
|
|
}
|
|
|
|
|
|
2021-09-21 12:55:17 +03:00
|
|
|
return await settingsBREADService.edit(frame.data.settings, frame.options, stripeConnectData);
|
2021-01-21 11:57:52 +03:00
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
upload: {
|
|
|
|
|
headers: {
|
|
|
|
|
cacheInvalidate: true
|
|
|
|
|
},
|
|
|
|
|
permissions: {
|
|
|
|
|
method: 'edit'
|
|
|
|
|
},
|
|
|
|
|
async query(frame) {
|
2021-09-23 19:31:13 +03:00
|
|
|
await routeSettings.api.setFromFilePath(frame.file.path);
|
2021-09-27 17:34:15 +03:00
|
|
|
const getRoutesHash = () => routeSettings.api.getCurrentHash();
|
2021-01-21 11:57:52 +03:00
|
|
|
await settingsService.syncRoutesHash(getRoutesHash);
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
download: {
|
|
|
|
|
headers: {
|
|
|
|
|
disposition: {
|
|
|
|
|
type: 'yaml',
|
|
|
|
|
value: 'routes.yaml'
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
response: {
|
|
|
|
|
format: 'plain'
|
|
|
|
|
},
|
|
|
|
|
permissions: {
|
|
|
|
|
method: 'browse'
|
|
|
|
|
},
|
|
|
|
|
query() {
|
2021-09-23 19:31:13 +03:00
|
|
|
return routeSettings.api.get();
|
2021-01-21 11:57:52 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
};
|
