TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-21 01:41:46 +03:00
Code Issues Projects Releases Wiki Activity
bd597db829
Ghost/core/server/services/members/api.js

188 lines
7.3 KiB
JavaScript
Raw Normal View History

Moved settings/cache to shared/settings-cache - This is part of the quest to separate the frontend and server & get rid of all the places where there are cross-requires - At the moment the settings cache is one big shared cache used by the frontend and server liberally - This change doesn't really solve the fundamental problems, as we still depend on events, and requires from inside frontend - However it allows us to control the misuse slightly better by getting rid of restricted requires and turning on that eslint ruleset
2021-06-30 16:56:57 +03:00
const settingsCache = require('../../../shared/settings-cache');
Removed lib/members in favour of packages (#10739) * Installed `@tryghost/members-{api,auth-pages}` no-issue * Used @tryghost/members-auth-pages in member service no-issue * Used @tryghost/members-api in members service no-issue * Deleted core/server/lib/members no-issue * Fixed parent app tests no-issue Requiring the members api (via the `gateway` getter) was throwing an error, so we stub out the members service getters
2019-05-08 15:08:25 +03:00
const MembersApi = require('@tryghost/members-api');
Change to use @tryghost/logging no issue Logging is now controlled by a logginrc.js file in the root of the project - and now we can just import @tryghost/logging everywhere
2021-06-15 17:36:27 +03:00
const logging = require('@tryghost/logging');
Added members service to create instance of members lib (#10261) refs #10213 * Added members service to create instance of members lib
2018-12-11 10:57:01 +03:00
const mail = require('../mail');
Updated members service to use magic-link signin no-issue
2019-09-03 07:39:00 +03:00
const models = require('../../models');
Wired up the members emails templates no-issue
2019-10-10 16:28:20 +03:00
const signinEmail = require('./emails/signin');
const signupEmail = require('./emails/signup');
const subscribeEmail = require('./emails/subscribe');
Updated mail template for member email change no issue The email change verification template was using the same as for `subscribe`, which did not have the right messaging that needs to be communicated about the action thats happening in this case. Updates the email template to same as what we use for email verification for support/newsletter address
2020-10-29 15:09:50 +03:00
const updateEmail = require('./emails/updateEmail');
Updated magic links to use shorter, single us, longer lived tokens (#12218) no-issue * Added SingleUseTokenProvider to members service This implements the TokenProvider interface required by members-api to generate magic links. It handles checking if the token is expired and pulls out any associated data. Future improvments may include the email in the error for expired tokens, which would make resending a token simpler. * Passed SingleUseTokenProvider to members-api This sets up the members-api module to use the new single use tokens * Installed @tryghost/members-api@0.30.0 This includes the change to allow us to pass a token provider to the members-api
2020-09-18 19:32:18 +03:00
const SingleUseTokenProvider = require('./SingleUseTokenProvider');
Added extra settings to member auth emails (#12238) no issue - Adds accent color, site domain and url to member auth emails for customization
2020-10-01 10:01:36 +03:00
const urlUtils = require('../../../shared/url-utils');
Updated magic link expiry to 24 hours no-issue As discussed with @JohnONolan 24 hours is the preferred expiry for magic links
2020-09-30 12:53:35 +03:00
const MAGIC_LINK_TOKEN_VALIDITY = 24 * 60 * 60 * 1000;
Added members service to create instance of members lib (#10261) refs #10213 * Added members service to create instance of members lib
2018-12-11 10:57:01 +03:00
Updated members service to use magic-link signin no-issue
2019-09-03 07:39:00 +03:00
const ghostMailer = new mail.GhostMailer();
Added members service to create instance of members lib (#10261) refs #10213 * Added members service to create instance of members lib
2018-12-11 10:57:01 +03:00
Refactored members service logging and errors (#10919) * Installed @tryghost/members-ssr@0.2.1 refs https://github.com/TryGhost/Members/issues/38 This updates allows for dynamic access of the membersApi, which will be used in future when replacing the membersApi instance with a newly configured one. * Set the membersApiInstance logger to use common.logging refs https://github.com/TryGhost/Members/issues/38 Passes the Ghost logger to the members api, so that we can keep an eye on errors produced by the api. * Refactored memberService use to always use getter refs https://github.com/TryGhost/Members/issues/38 This will allow us to switch out the membersApi and the consumers of it to have the updated reference by going through a getter. * Installed @tryghost/members-api@0.3.0 refs https://github.com/TryGhost/Members/issues/38 Adds support for setting the logger * Uninstalled stripe@7.0.0 refs https://github.com/TryGhost/Members/issues/38 The stripe module is now a dep of members-api, as it should be * Updated members service to reconfigure settings refs https://github.com/TryGhost/Members/issues/38 Previously we were unable to stop an invalidly configured members api instance, now that we create a new instance, we can wait for the ready or error event and only switch it out then.
2019-07-18 10:37:11 +03:00
module.exports = createApiInstance;
Refactored members config to use DI no-issue This makes testing it much easier
2020-05-28 18:55:23 +03:00
function createApiInstance(config) {
Refactored members service logging and errors (#10919) * Installed @tryghost/members-ssr@0.2.1 refs https://github.com/TryGhost/Members/issues/38 This updates allows for dynamic access of the membersApi, which will be used in future when replacing the membersApi instance with a newly configured one. * Set the membersApiInstance logger to use common.logging refs https://github.com/TryGhost/Members/issues/38 Passes the Ghost logger to the members api, so that we can keep an eye on errors produced by the api. * Refactored memberService use to always use getter refs https://github.com/TryGhost/Members/issues/38 This will allow us to switch out the membersApi and the consumers of it to have the updated reference by going through a getter. * Installed @tryghost/members-api@0.3.0 refs https://github.com/TryGhost/Members/issues/38 Adds support for setting the logger * Uninstalled stripe@7.0.0 refs https://github.com/TryGhost/Members/issues/38 The stripe module is now a dep of members-api, as it should be * Updated members service to reconfigure settings refs https://github.com/TryGhost/Members/issues/38 Previously we were unable to stop an invalidly configured members api instance, now that we create a new instance, we can wait for the ready or error event and only switch it out then.
2019-07-18 10:37:11 +03:00
const membersApiInstance = MembersApi({
Updated members service to use config module no-issue
2019-11-07 13:24:42 +03:00
tokenConfig: config.getTokenConfig(),
Updated members service to use magic-link signin no-issue
2019-09-03 07:39:00 +03:00
auth: {
Fixed broken regression tests from #11861 no-issue The config is now a class and the context of `this` was not bound
2020-06-02 17:20:57 +03:00
getSigninURL: config.getSigninURL.bind(config),
Updated members service to use config module no-issue
2019-11-07 13:24:42 +03:00
allowSelfSignup: config.getAllowSelfSignup(),
Updated magic links to use shorter, single us, longer lived tokens (#12218) no-issue * Added SingleUseTokenProvider to members service This implements the TokenProvider interface required by members-api to generate magic links. It handles checking if the token is expired and pulls out any associated data. Future improvments may include the email in the error for expired tokens, which would make resending a token simpler. * Passed SingleUseTokenProvider to members-api This sets up the members-api module to use the new single use tokens * Installed @tryghost/members-api@0.30.0 This includes the change to allow us to pass a token provider to the members-api
2020-09-18 19:32:18 +03:00
tokenProvider: new SingleUseTokenProvider(models.SingleUseToken, MAGIC_LINK_TOKEN_VALIDITY)
Refactored members service logging and errors (#10919) * Installed @tryghost/members-ssr@0.2.1 refs https://github.com/TryGhost/Members/issues/38 This updates allows for dynamic access of the membersApi, which will be used in future when replacing the membersApi instance with a newly configured one. * Set the membersApiInstance logger to use common.logging refs https://github.com/TryGhost/Members/issues/38 Passes the Ghost logger to the members api, so that we can keep an eye on errors produced by the api. * Refactored memberService use to always use getter refs https://github.com/TryGhost/Members/issues/38 This will allow us to switch out the membersApi and the consumers of it to have the updated reference by going through a getter. * Installed @tryghost/members-api@0.3.0 refs https://github.com/TryGhost/Members/issues/38 Adds support for setting the logger * Uninstalled stripe@7.0.0 refs https://github.com/TryGhost/Members/issues/38 The stripe module is now a dep of members-api, as it should be * Updated members service to reconfigure settings refs https://github.com/TryGhost/Members/issues/38 Previously we were unable to stop an invalidly configured members api instance, now that we create a new instance, we can wait for the ready or error event and only switch it out then.
2019-07-18 10:37:11 +03:00
},
Updated members service to use magic-link signin no-issue
2019-09-03 07:39:00 +03:00
mail: {
transporter: {
sendMail(message) {
Logged out members signin link in development no-issue This makes it easier to test locally when mail config hasn't been setup
2019-09-16 04:33:38 +03:00
if (process.env.NODE_ENV !== 'production') {
Refactor common pattern in service files - Use array destructuring - Use @tryghost/errors - Part of the big move towards decoupling, this gives visibility on what's being used where - Biting off manageable chunks / fixing bits of code I'm refactoring for other reasons
2020-04-30 22:26:12 +03:00
logging.warn(message.text);
Logged out members signin link in development no-issue This makes it easier to test locally when mail config hasn't been setup
2019-09-16 04:33:38 +03:00
}
Ensured that members emails include our text version no-issue
2019-10-10 16:25:48 +03:00
let msg = Object.assign({
Updated sender address for member auth emails to support address no issue - Member auth emails were previously using the `from` address as sender - New `members_support_address` was introduced with default as original "from" address - Auth emails use the new support address as sender
2020-08-26 11:00:16 +03:00
from: config.getAuthEmailFromAddress(),
Ensured that members emails include our text version no-issue
2019-10-10 16:25:48 +03:00
subject: 'Signin',
forceTextContent: true
}, message);
Added `from` parameter for member emails (#11222) * Added from parameter for member emails no issue - Passed in the `from` parameter when initializing members mailer to be able to customize outgoing address - Extends GhsotMailer to accept a from parameter from the outside
2019-10-11 07:21:53 +03:00
return ghostMailer.send(msg);
Updated members service to use magic-link signin no-issue
2019-09-03 07:39:00 +03:00
}
Updated members api to use `type` for url/email no-issue This adds basic templates for "signup"/"signin"/"subscribe" types for the magic-link email template. It also adds the action query parameter to the link so that clientside js can handle the different states.
2019-10-01 10:53:23 +03:00
},
Added getSubject function for members emails no-issue
2019-10-10 16:26:18 +03:00
getSubject(type) {
const siteTitle = settingsCache.get('title');
Updated members api to use `type` for url/email no-issue This adds basic templates for "signup"/"signin"/"subscribe" types for the magic-link email template. It also adds the action query parameter to the link so that clientside js can handle the different states.
2019-10-01 10:53:23 +03:00
switch (type) {
case 'subscribe':
Added getSubject function for members emails no-issue
2019-10-10 16:26:18 +03:00
return `📫 Confirm your subscription to ${siteTitle}`;
Updated members api to use `type` for url/email no-issue This adds basic templates for "signup"/"signin"/"subscribe" types for the magic-link email template. It also adds the action query parameter to the link so that clientside js can handle the different states.
2019-10-01 10:53:23 +03:00
case 'signup':
Added getSubject function for members emails no-issue
2019-10-10 16:26:18 +03:00
return `🙌 Complete your sign up to ${siteTitle}!`;
Added new mail type for member email update refs https://github.com/TryGhost/members.js/issues/30 - Added new `updateEmail` type for sending email address update confirmation mail to member - The link in email updates member's email address
2020-06-01 14:21:18 +03:00
case 'updateEmail':
return `📫 Confirm your email update for ${siteTitle}!`;
Updated members api to use `type` for url/email no-issue This adds basic templates for "signup"/"signin"/"subscribe" types for the magic-link email template. It also adds the action query parameter to the link so that clientside js can handle the different states.
2019-10-01 10:53:23 +03:00
case 'signin':
default:
Added getSubject function for members emails no-issue
2019-10-10 16:26:18 +03:00
return `🔑 Secure sign in link for ${siteTitle}`;
}
},
Wired up members plaintext emails no-issue
2019-10-10 16:43:30 +03:00
getText(url, type, email) {
const siteTitle = settingsCache.get('title');
Updated members api to use `type` for url/email no-issue This adds basic templates for "signup"/"signin"/"subscribe" types for the magic-link email template. It also adds the action query parameter to the link so that clientside js can handle the different states.
2019-10-01 10:53:23 +03:00
switch (type) {
case 'subscribe':
Wired up members plaintext emails no-issue
2019-10-10 16:43:30 +03:00
return `
Hey there,
You're one tap away from subscribing to ${siteTitle} please confirm your email address with this link:
${url}
Updated magic link expiry to 24 hours no-issue As discussed with @JohnONolan 24 hours is the preferred expiry for magic links
2020-09-30 12:53:35 +03:00
For your security, the link will expire in 24 hours time.
Wired up members plaintext emails no-issue
2019-10-10 16:43:30 +03:00
All the best!
The team at ${siteTitle}
---
Sent to ${email}
If you did not make this request, you can simply delete this message. You will not be subscribed.
`;
Updated members api to use `type` for url/email no-issue This adds basic templates for "signup"/"signin"/"subscribe" types for the magic-link email template. It also adds the action query parameter to the link so that clientside js can handle the different states.
2019-10-01 10:53:23 +03:00
case 'signup':
Wired up members plaintext emails no-issue
2019-10-10 16:43:30 +03:00
return `
Hey there!
Thanks for signing up for ${siteTitle} use this link to complete the sign up process and be automatically signed in:
${url}
Updated magic link expiry to 24 hours no-issue As discussed with @JohnONolan 24 hours is the preferred expiry for magic links
2020-09-30 12:53:35 +03:00
For your security, the link will expire in 24 hours time.
Wired up members plaintext emails no-issue
2019-10-10 16:43:30 +03:00
See you soon!
The team at ${siteTitle}
---
Sent to ${email}
If you did not make this request, you can simply delete this message. You will not be signed up, and no account will be created for you.
`;
Added new mail type for member email update refs https://github.com/TryGhost/members.js/issues/30 - Added new `updateEmail` type for sending email address update confirmation mail to member - The link in email updates member's email address
2020-06-01 14:21:18 +03:00
case 'updateEmail':
return `
Updated mail template for member email change no issue The email change verification template was using the same as for `subscribe`, which did not have the right messaging that needs to be communicated about the action thats happening in this case. Updates the email template to same as what we use for email verification for support/newsletter address
2020-10-29 15:09:50 +03:00
Hey there,
Added new mail type for member email update refs https://github.com/TryGhost/members.js/issues/30 - Added new `updateEmail` type for sending email address update confirmation mail to member - The link in email updates member's email address
2020-06-01 14:21:18 +03:00
Updated mail template for member email change no issue The email change verification template was using the same as for `subscribe`, which did not have the right messaging that needs to be communicated about the action thats happening in this case. Updates the email template to same as what we use for email verification for support/newsletter address
2020-10-29 15:09:50 +03:00
Please confirm your email address with this link:
Added new mail type for member email update refs https://github.com/TryGhost/members.js/issues/30 - Added new `updateEmail` type for sending email address update confirmation mail to member - The link in email updates member's email address
2020-06-01 14:21:18 +03:00
Updated mail template for member email change no issue The email change verification template was using the same as for `subscribe`, which did not have the right messaging that needs to be communicated about the action thats happening in this case. Updates the email template to same as what we use for email verification for support/newsletter address
2020-10-29 15:09:50 +03:00
${url}
Added new mail type for member email update refs https://github.com/TryGhost/members.js/issues/30 - Added new `updateEmail` type for sending email address update confirmation mail to member - The link in email updates member's email address
2020-06-01 14:21:18 +03:00
Updated mail template for member email change no issue The email change verification template was using the same as for `subscribe`, which did not have the right messaging that needs to be communicated about the action thats happening in this case. Updates the email template to same as what we use for email verification for support/newsletter address
2020-10-29 15:09:50 +03:00
For your security, the link will expire in 24 hours time.
Added new mail type for member email update refs https://github.com/TryGhost/members.js/issues/30 - Added new `updateEmail` type for sending email address update confirmation mail to member - The link in email updates member's email address
2020-06-01 14:21:18 +03:00
Updated mail template for member email change no issue The email change verification template was using the same as for `subscribe`, which did not have the right messaging that needs to be communicated about the action thats happening in this case. Updates the email template to same as what we use for email verification for support/newsletter address
2020-10-29 15:09:50 +03:00
---
Added new mail type for member email update refs https://github.com/TryGhost/members.js/issues/30 - Added new `updateEmail` type for sending email address update confirmation mail to member - The link in email updates member's email address
2020-06-01 14:21:18 +03:00
Updated mail template for member email change no issue The email change verification template was using the same as for `subscribe`, which did not have the right messaging that needs to be communicated about the action thats happening in this case. Updates the email template to same as what we use for email verification for support/newsletter address
2020-10-29 15:09:50 +03:00
Sent to ${email}
If you did not make this request, you can simply delete this message. This email address will not be used.
`;
Updated members api to use `type` for url/email no-issue This adds basic templates for "signup"/"signin"/"subscribe" types for the magic-link email template. It also adds the action query parameter to the link so that clientside js can handle the different states.
2019-10-01 10:53:23 +03:00
case 'signin':
default:
Wired up members plaintext emails no-issue
2019-10-10 16:43:30 +03:00
return `
Hey there,
Welcome back! Use this link to securely sign in to your ${siteTitle} account:
${url}
Updated magic link expiry to 24 hours no-issue As discussed with @JohnONolan 24 hours is the preferred expiry for magic links
2020-09-30 12:53:35 +03:00
For your security, the link will expire in 24 hours time.
Wired up members plaintext emails no-issue
2019-10-10 16:43:30 +03:00
See you soon!
The team at ${siteTitle}
---
Sent to ${email}
If you did not make this request, you can safely ignore this email.
`;
Updated members api to use `type` for url/email no-issue This adds basic templates for "signup"/"signin"/"subscribe" types for the magic-link email template. It also adds the action query parameter to the link so that clientside js can handle the different states.
2019-10-01 10:53:23 +03:00
}
},
Wired up the members emails templates no-issue
2019-10-10 16:28:20 +03:00
getHTML(url, type, email) {
const siteTitle = settingsCache.get('title');
Added extra settings to member auth emails (#12238) no issue - Adds accent color, site domain and url to member auth emails for customization
2020-10-01 10:01:36 +03:00
const siteUrl = urlUtils.urlFor('home', true);
const domain = urlUtils.urlFor('home', true).match(new RegExp('^https?://([^/:?#]+)(?:[/:?#]|$)', 'i'));
const siteDomain = (domain && domain[1]);
Removed hardcoded accent color fallbacks (#12813) refs https://github.com/TryGhost/Team/issues/536 From 4.0, we ensure and require that accent colour is always set. This change removes hardcoded accent color fallbacks to avoid confusion as well as cause accidental fallback that is undesired causing themes to look different
2021-03-24 15:55:26 +03:00
const accentColor = settingsCache.get('accent_color');
Updated members api to use `type` for url/email no-issue This adds basic templates for "signup"/"signin"/"subscribe" types for the magic-link email template. It also adds the action query parameter to the link so that clientside js can handle the different states.
2019-10-01 10:53:23 +03:00
switch (type) {
case 'subscribe':
Added extra settings to member auth emails (#12238) no issue - Adds accent color, site domain and url to member auth emails for customization
2020-10-01 10:01:36 +03:00
return subscribeEmail({url, email, siteTitle, accentColor, siteDomain, siteUrl});
Updated members api to use `type` for url/email no-issue This adds basic templates for "signup"/"signin"/"subscribe" types for the magic-link email template. It also adds the action query parameter to the link so that clientside js can handle the different states.
2019-10-01 10:53:23 +03:00
case 'signup':
Added extra settings to member auth emails (#12238) no issue - Adds accent color, site domain and url to member auth emails for customization
2020-10-01 10:01:36 +03:00
return signupEmail({url, email, siteTitle, accentColor, siteDomain, siteUrl});
Added new mail type for member email update refs https://github.com/TryGhost/members.js/issues/30 - Added new `updateEmail` type for sending email address update confirmation mail to member - The link in email updates member's email address
2020-06-01 14:21:18 +03:00
case 'updateEmail':
Updated mail template for member email change no issue The email change verification template was using the same as for `subscribe`, which did not have the right messaging that needs to be communicated about the action thats happening in this case. Updates the email template to same as what we use for email verification for support/newsletter address
2020-10-29 15:09:50 +03:00
return updateEmail({url, email, siteTitle, accentColor, siteDomain, siteUrl});
Updated members api to use `type` for url/email no-issue This adds basic templates for "signup"/"signin"/"subscribe" types for the magic-link email template. It also adds the action query parameter to the link so that clientside js can handle the different states.
2019-10-01 10:53:23 +03:00
case 'signin':
default:
Added extra settings to member auth emails (#12238) no issue - Adds accent color, site domain and url to member auth emails for customization
2020-10-01 10:01:36 +03:00
return signinEmail({url, email, siteTitle, accentColor, siteDomain, siteUrl});
Updated members api to use `type` for url/email no-issue This adds basic templates for "signup"/"signin"/"subscribe" types for the magic-link email template. It also adds the action query parameter to the link so that clientside js can handle the different states.
2019-10-01 10:53:23 +03:00
}
Updated members service to use magic-link signin no-issue
2019-09-03 07:39:00 +03:00
}
Updated theme layer to use members-ssr (#10676) * Removed support for cookies in members auth middleware no-issue The members middleware will no longer be supporting cookies, the cookie will be handled by a new middleware specific for serverside rendering, more informations can be found here: https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5 * Removed members auth middleware from site app no-issue The site app no longer needs the members auth middleware as it doesn't support cookies, and will be replaced by ssr specific middleware. https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5 * Added comment for session_secret setting no-issue We are going to have multiple concepts of sessions, so adding a comment here to be specific that this is for the Ghost Admin client * Added theme_session_secret setting dynamic default no-issue Sessions for the theme layer will be signed, so we generate a random hex string to use as a signing key * Added getPublicConfig method * Replaced export of httpHandler with POJO apiInstance no-issue This is mainly to reduce the public api, so it's easier to document. * Renamed memberUserObject -> members no-issue Simplifies the interface, and is more inline with what we would want to export as an api library. * Removed use of require options inside members no-issue This was too tight of a coupling between Ghost and Members * Simplified apiInstance definition no-issue * Added getMember method to members api * Added MembersSSR instance to members service * Wired up routes for members ssr * Updated members auth middleware to use getPublicConfig * Removed publicKey static export from members service * Used real session secret no-issue * Added DELETE /members/ssr handler no-issue This allows users to log out of the theme layer * Fixed missing code property no-issue Ignition uses the statusCode property to forward status codes to call sites * Removed superfluous error middleware no-issue Before we used generic JWT middleware which would reject, now the middleware catches it's own error and doesn't error, thus this middleware is unecessary. * Removed console.logs no-issue * Updated token expirty to hardcoded 20 minutes no-issue This returns to our previous state of using short lived tokens, both for security and simplicity. * Removed hardcoded default member settings no-issue This is no longer needed, as defaults are in default-settings.json * Removed stripe from default payment processor no-issue * Exported `getSiteUrl` method from url utils no-issue This keeps inline with newer naming conventions * Updated how audience access control works no-issue Rather than being passed a function, members api now receives an object which describes which origins have access to which audiences, and how long those tokens should be allowed to work for. It also allows syntax for default tokens where audience === origin requesting it. This can be set to undefined or null to disable this functionality. { "http://site.com": { "http://site.com": { tokenLength: '5m' }, "http://othersite.com": { tokenLength: '1h' } }, "*": { tokenLength: '30m' } } * Updated members service to use access control feature no-issue This also cleans up a lot of unecessary variable definitions, and some other minor cleanups. * Added status code to auth pages html response no-issue This was missing, probably default but better to be explicit * Updated gateway to have membersApiUrl from config no-issue Previously we were parsing the url, this was not very safe as we can have Ghost hosted on a subdomain, and this would have failed. * Added issuer to public config for members no-issue This can be used to request SSR tokens in the client * Fixed path for gateway bundle no-issue * Updated settings model tests no-issue * Revert "Removed stripe from default payment processor" This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845. * Revert "Removed hardcoded default member settings" This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a. * Installed @tryghost/members-ssr * Fixed tests for settings model
2019-04-16 17:50:25 +03:00
},
Implemented stripe checkout handling for members no-issue * Installed members-api@0.5.0 members-ssr@0.3.1 * Supported multiple members-forms * Used members canary api * Added GET handler to /members/ssr for id token The identity token will be used to ensure that a payment is linked to the correct member * Added stripe.js to ghost_head when members enabled * Added basic support for linking to stripe checkout * Removed listener to title and icon settings changes * Added stripe subscription config
2019-09-06 10:14:21 +03:00
paymentConfig: {
Updated members service to use config module no-issue
2019-11-07 13:24:42 +03:00
stripe: config.getStripePaymentConfig()
Implemented stripe checkout handling for members no-issue * Installed members-api@0.5.0 members-ssr@0.3.1 * Supported multiple members-forms * Used members canary api * Added GET handler to /members/ssr for id token The identity token will be used to ensure that a payment is linked to the correct member * Added stripe.js to ghost_head when members enabled * Added basic support for linking to stripe checkout * Removed listener to title and icon settings changes * Added stripe subscription config
2019-09-06 10:14:21 +03:00
},
Improved handling of Stripe webhooks on boot no-issue This version of members-api includes changes to how webhooks are managed, previously they would be deleted and recreated on every boot of Ghost. Now they are created and the secret is persisted, on boot the webhook is updated to the most current url and events. If the api version is wrong or the update fails, the webhook is deleted and recreated and the settings updated. - Installed @tryghost/members-api@0.24.0 - Updated config to work with 0.24.0
2020-07-09 17:17:54 +03:00
models: {
/**
* Settings do not have their own models, so we wrap the webhook in a "fake" model
*/
StripeWebhook: {
async upsert(data, options) {
const settings = [{
key: 'members_stripe_webhook_id',
value: data.webhook_id
}, {
key: 'members_stripe_webhook_secret',
value: data.secret
}];
await models.Settings.edit(settings, options);
}
},
StripeCustomer: models.MemberStripeCustomer,
StripeCustomerSubscription: models.StripeCustomerSubscription,
Passed MemberSubscribeEvent to members-api refs https://github.com/TryGhost/Ghost/issues/12602 This allows the Members module to create MemberSubscribeEvents when appropriate
2021-02-04 12:29:04 +03:00
Member: models.Member,
Added MemberStatusEvent model refs https://github.com/TryGhost/Ghost/issues/12602
2021-02-12 16:13:16 +03:00
MemberSubscribeEvent: models.MemberSubscribeEvent,
Added MemberPaidSubscriptionEvent model refs https://github.com/TryGhost/Ghost/issues/12602 - Adds the aggregateMRRDeltas option to the `findAll` method, allowing us to calculate MRR over time
2021-02-12 16:15:47 +03:00
MemberPaidSubscriptionEvent: models.MemberPaidSubscriptionEvent,
Added MemberLoginEvent model refs https://github.com/TryGhost/Ghost/issues/12602
2021-02-12 16:14:52 +03:00
MemberLoginEvent: models.MemberLoginEvent,
Added MemberEmailChangeEvent model refs https://github.com/TryGhost/Ghost/issues/12602
2021-02-12 16:15:27 +03:00
MemberEmailChangeEvent: models.MemberEmailChangeEvent,
Added MemberPaymentEvent model refs https://github.com/TryGhost/Ghost/issues/12602 - Adds the aggregatePaymentVolume option to the `findAll` method, allowing us to calculate volume over time
2021-02-12 16:13:56 +03:00
MemberPaymentEvent: models.MemberPaymentEvent,
Added price and product models to members service refs https://github.com/TryGhost/Team/issues/586 - Passes new Product, Stripe Price and Stripe Product models to members API service - Allows members service to populate the tables for existing plans and products
2021-04-12 18:00:59 +03:00
MemberStatusEvent: models.MemberStatusEvent,
StripeProduct: models.StripeProduct,
StripePrice: models.StripePrice,
Passed Settings model to @tryghost/members-api refs https://github.com/TryGhost/Team/issues/637 refs https://github.com/TryGhost/Team/issues/591 We need to run migrations which will update the `portal_plans` setting to use id's rather than names. This migration relies on the `stripe_prices` table being complete populated. The migration to populate the `stripe_prices` table was not added as a "normal" migration because it needs to access the Stripe API over the network. Any migrations that rely on this are unable to be run in a "normal" migration as that cannot be sure that the database is in the correct state. The `portal_plans` setting migration is therefore run in code, and needs access to the Settings model in order to modify the database.
2021-05-03 15:59:13 +03:00
Product: models.Product,
Settings: models.Settings
Improved handling of Stripe webhooks on boot no-issue This version of members-api includes changes to how webhooks are managed, previously they would be deleted and recreated on every boot of Ghost. Now they are created and the secret is persisted, on boot the webhook is updated to the most current url and events. If the api version is wrong or the update fails, the webhook is deleted and recreated and the settings updated. - Installed @tryghost/members-api@0.24.0 - Updated config to work with 0.24.0
2020-07-09 17:17:54 +03:00
},
Refactor common pattern in service files - Use array destructuring - Use @tryghost/errors - Part of the big move towards decoupling, this gives visibility on what's being used where - Biting off manageable chunks / fixing bits of code I'm refactoring for other reasons
2020-04-30 22:26:12 +03:00
logger: logging
Updated theme layer to use members-ssr (#10676) * Removed support for cookies in members auth middleware no-issue The members middleware will no longer be supporting cookies, the cookie will be handled by a new middleware specific for serverside rendering, more informations can be found here: https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5 * Removed members auth middleware from site app no-issue The site app no longer needs the members auth middleware as it doesn't support cookies, and will be replaced by ssr specific middleware. https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5 * Added comment for session_secret setting no-issue We are going to have multiple concepts of sessions, so adding a comment here to be specific that this is for the Ghost Admin client * Added theme_session_secret setting dynamic default no-issue Sessions for the theme layer will be signed, so we generate a random hex string to use as a signing key * Added getPublicConfig method * Replaced export of httpHandler with POJO apiInstance no-issue This is mainly to reduce the public api, so it's easier to document. * Renamed memberUserObject -> members no-issue Simplifies the interface, and is more inline with what we would want to export as an api library. * Removed use of require options inside members no-issue This was too tight of a coupling between Ghost and Members * Simplified apiInstance definition no-issue * Added getMember method to members api * Added MembersSSR instance to members service * Wired up routes for members ssr * Updated members auth middleware to use getPublicConfig * Removed publicKey static export from members service * Used real session secret no-issue * Added DELETE /members/ssr handler no-issue This allows users to log out of the theme layer * Fixed missing code property no-issue Ignition uses the statusCode property to forward status codes to call sites * Removed superfluous error middleware no-issue Before we used generic JWT middleware which would reject, now the middleware catches it's own error and doesn't error, thus this middleware is unecessary. * Removed console.logs no-issue * Updated token expirty to hardcoded 20 minutes no-issue This returns to our previous state of using short lived tokens, both for security and simplicity. * Removed hardcoded default member settings no-issue This is no longer needed, as defaults are in default-settings.json * Removed stripe from default payment processor no-issue * Exported `getSiteUrl` method from url utils no-issue This keeps inline with newer naming conventions * Updated how audience access control works no-issue Rather than being passed a function, members api now receives an object which describes which origins have access to which audiences, and how long those tokens should be allowed to work for. It also allows syntax for default tokens where audience === origin requesting it. This can be set to undefined or null to disable this functionality. { "http://site.com": { "http://site.com": { tokenLength: '5m' }, "http://othersite.com": { tokenLength: '1h' } }, "*": { tokenLength: '30m' } } * Updated members service to use access control feature no-issue This also cleans up a lot of unecessary variable definitions, and some other minor cleanups. * Added status code to auth pages html response no-issue This was missing, probably default but better to be explicit * Updated gateway to have membersApiUrl from config no-issue Previously we were parsing the url, this was not very safe as we can have Ghost hosted on a subdomain, and this would have failed. * Added issuer to public config for members no-issue This can be used to request SSR tokens in the client * Fixed path for gateway bundle no-issue * Updated settings model tests no-issue * Revert "Removed stripe from default payment processor" This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845. * Revert "Removed hardcoded default member settings" This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a. * Installed @tryghost/members-ssr * Fixed tests for settings model
2019-04-16 17:50:25 +03:00
});
Refactored members auth flow with dynamic settings no issue - Updated members auth flow UI - Updated members settings and routing to be dynamic
2019-02-26 06:09:16 +03:00
Refactored members service logging and errors (#10919) * Installed @tryghost/members-ssr@0.2.1 refs https://github.com/TryGhost/Members/issues/38 This updates allows for dynamic access of the membersApi, which will be used in future when replacing the membersApi instance with a newly configured one. * Set the membersApiInstance logger to use common.logging refs https://github.com/TryGhost/Members/issues/38 Passes the Ghost logger to the members api, so that we can keep an eye on errors produced by the api. * Refactored memberService use to always use getter refs https://github.com/TryGhost/Members/issues/38 This will allow us to switch out the membersApi and the consumers of it to have the updated reference by going through a getter. * Installed @tryghost/members-api@0.3.0 refs https://github.com/TryGhost/Members/issues/38 Adds support for setting the logger * Uninstalled stripe@7.0.0 refs https://github.com/TryGhost/Members/issues/38 The stripe module is now a dep of members-api, as it should be * Updated members service to reconfigure settings refs https://github.com/TryGhost/Members/issues/38 Previously we were unable to stop an invalidly configured members api instance, now that we create a new instance, we can wait for the ready or error event and only switch it out then.
2019-07-18 10:37:11 +03:00
return membersApiInstance;
}
Reference in New Issue Copy Permalink