Ghost/test/regression/api/v2/admin/utils.js

const url = require('url');
const _ = require('lodash');
const testUtils = require('../../../../utils');
const schema = require('../../../../../core/server/data/schema').tables;
const API_URL = '/ghost/api/v2/admin/';

const expectedProperties = {
    // API top level
    posts: ['posts', 'meta'],
    tags: ['tags', 'meta'],
    users: ['users', 'meta'],
    settings: ['settings', 'meta'],
    subscribers: ['subscribers', 'meta'],
    roles: ['roles'],
    pagination: ['page', 'limit', 'pages', 'total', 'next', 'prev'],
    slugs: ['slugs'],
    slug: ['slug'],
    invites: ['invites', 'meta'],
    themes: ['themes'],

    post: _(schema.posts)
        .keys()
        // by default we only return mobiledoc
        .without('html', 'plaintext')
        .without('visibility')
        .without('locale')
        .without('page')
        .without('author_id', 'author')
        // emails are not supported in API v2
        .without('send_email_when_published')
        // always returns computed properties
        .concat('url', 'primary_tag', 'primary_author', 'excerpt')
        .concat('authors', 'tags')
        // returns meta fields from `posts_meta` schema
        .concat(
            ..._(schema.posts_meta).keys()
                .without('post_id', 'id')
                // emails are not supported in API v2
                .without('email_subject')
        )
    ,
    user: _(schema.users)
        .keys()
        .without('visibility')
        .without('password')
        .without('locale')
        .without('ghost_auth_id')
        .concat('url')
    ,
    tag: _(schema.tags)
        .keys()
        // unused field
        .without('parent_id')
    ,
    setting: _(schema.settings)
        .keys()
    ,
    subscriber: _(schema.subscribers)
        .keys()
    ,
    member: _(schema.members)
        .keys()
    ,
    role: _(schema.roles)
        .keys()
    ,
    permission: _(schema.permissions)
        .keys()
    ,
    notification: ['type', 'message', 'status', 'id', 'dismissible', 'location', 'custom'],
    theme: ['name', 'package', 'active'],
    invite: _(schema.invites)
        .keys()
        .without('token')
    ,
    webhook: _(schema.webhooks)
        .keys()
};

_.each(expectedProperties, (value, key) => {
    if (!value.__wrapped__) {
        return;
    }

    /**
     * @deprecated: x_by
     */
    expectedProperties[key] = value
        .without(
            'created_by',
            'updated_by',
            'published_by'
        )
        .value();
});

module.exports = {
    API: {
        getApiQuery(route) {
            return url.resolve(API_URL, route);
        },

        checkResponse(...args) {
            this.expectedProperties = expectedProperties;
            return testUtils.API.checkResponse.call(this, ...args);
        }
    },

    doAuth(...args) {
        return testUtils.API.doAuth(`${API_URL}session/`, ...args);
    },

    getValidAdminToken(endpoint, key) {
        const jwt = require('jsonwebtoken');
        key = key || testUtils.DataGenerator.Content.api_keys[0];

        const JWT_OPTIONS = {
            keyid: key.id,
            algorithm: 'HS256',
            expiresIn: '5m',
            audience: endpoint
        };

        return jwt.sign(
            {},
            Buffer.from(key.secret, 'hex'),
            JWT_OPTIONS
        );
    }
};
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests 2019-02-04 17:16:24 +03:00			`const url = require('url');`
			`const _ = require('lodash');`
			`const testUtils = require('../../../../utils');`
Move tests from core to root (#11700) - move all test files from core/test to test/ - updated all imports and other references - all code inside of core/ is then application code - tests are correctly at the root level - consistent with other repos/projects Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk> 2020-03-30 18:26:47 +03:00			`const schema = require('../../../../../core/server/data/schema').tables;`
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests 2019-02-04 17:16:24 +03:00			`const API_URL = '/ghost/api/v2/admin/';`

			`const expectedProperties = {`
			`// API top level`
			`posts: ['posts', 'meta'],`
			`tags: ['tags', 'meta'],`
			`users: ['users', 'meta'],`
			`settings: ['settings', 'meta'],`
			`subscribers: ['subscribers', 'meta'],`
			`roles: ['roles'],`
			`pagination: ['page', 'limit', 'pages', 'total', 'next', 'prev'],`
			`slugs: ['slugs'],`
			`slug: ['slug'],`
			`invites: ['invites', 'meta'],`
			`themes: ['themes'],`

			`post: _(schema.posts)`
			`.keys()`
Changed default format from html to mobiledoc for Admin API v2 no issue - Ghost-Admin needs mobiledoc only - Ghost-Android needs mobiledoc only - any other client can fetch other formats using the query param 2019-02-25 12:44:19 +03:00			`// by default we only return mobiledoc`
			`.without('html', 'plaintext')`
Removed more unused fields from Admin API v2 response refs #10438 - these fields are not used - no need to expose them in v2 - we will either remove them in the next major or use them for new features (will see) 2019-02-13 13:41:14 +03:00			`.without('visibility')`
			`.without('locale')`
Separated pages & posts in Admin API v2 (#10494) refs #10438, refs #10106 * Renamed existing pages ctrl * Splitted posts & pages for Admin API v2 * Added pages JSON input schema for Admin API v2 * Removed single author for Content & Admin API v2 - single author is not documented - single author usage is deprecated in v0.1 - single author usage is removed in API v2 * Splitted posts & postsPublic controller for v2 * Removed requirement to send `status=all` from Admin API v2 * Removed `status` option from pages Content API v2 * Removed `status` options from Users Admin API v2 2019-02-22 06:17:14 +03:00			`.without('page')`
Updated author/author_id cleanup notes no issue - Updated test utilities to clearly identify both fields are not used in API responses - Updated comment to remember clearning authors/author_id before releasing Ghost 4.0 2019-09-17 18:26:23 +03:00			`.without('author_id', 'author')`
Removed email related fields from API v2 responses refs https://github.com/TryGhost/Ghost/issues/11461 - The email feature was introduced in API v3 and is not back compatible with API v2. These fields should not appear in any v2 responses. - Added regression tests for API v2 so that cases like this are spotted easier in the future. 2019-12-16 15:19:08 +03:00			`// emails are not supported in API v2`
			`.without('send_email_when_published')`
Returned tags & authors by default for Admin API v2 no issue - tags, authors, authors.roles by default 2019-02-25 13:08:28 +03:00			`// always returns computed properties`
			`.concat('url', 'primary_tag', 'primary_author', 'excerpt')`
			`.concat('authors', 'tags')`
🏗 Extracted post metadata in new post_meta table (#11102) NOTE: The post metadata table split is purely an internal optimization for v3 and doesn't require or expect any external actions including related API usage in v3 We keep running into issues adding new fields to the post table because there are too many fields making the post table "too wide". We have also hit MySQL limitations in how many bytes can be in a row (64kb) with post table. In v3, we decided to split the 8 post fields (meta, twitter and og) used for meta data into a posts_meta table as these 8 fields are all "problem" `varchar` fields and make sense logically grouped together. The API layer is unaffected by the split as input/output serializers ensure the data flow works the same way as it was in v2. Only thing to note is json export in v3 will have slightly different structure with posts meta fields as separate. - Creates new post_meta schema/table with 8 fields (2 meta_* , 3 twitter_* and 3 og_*) - Update relations between post and post_meta table - Update input/output serializers to keep existing API behavior - Avoids new entry in post_meta table for post where all meta fields are null - Keeps the current fields API param behavior - Handles migration of existing posts to new table structure - Updates importer/exporter to work seamlessly with table changes 2019-09-16 11:45:55 +03:00			// returns meta fields from `posts_meta` schema
			`.concat(`
Removed email related fields from API v2 responses refs https://github.com/TryGhost/Ghost/issues/11461 - The email feature was introduced in API v3 and is not back compatible with API v2. These fields should not appear in any v2 responses. - Added regression tests for API v2 so that cases like this are spotted easier in the future. 2019-12-16 15:19:08 +03:00			`..._(schema.posts_meta).keys()`
			`.without('post_id', 'id')`
			`// emails are not supported in API v2`
			`.without('email_subject')`
🏗 Extracted post metadata in new post_meta table (#11102) NOTE: The post metadata table split is purely an internal optimization for v3 and doesn't require or expect any external actions including related API usage in v3 We keep running into issues adding new fields to the post table because there are too many fields making the post table "too wide". We have also hit MySQL limitations in how many bytes can be in a row (64kb) with post table. In v3, we decided to split the 8 post fields (meta, twitter and og) used for meta data into a posts_meta table as these 8 fields are all "problem" `varchar` fields and make sense logically grouped together. The API layer is unaffected by the split as input/output serializers ensure the data flow works the same way as it was in v2. Only thing to note is json export in v3 will have slightly different structure with posts meta fields as separate. - Creates new post_meta schema/table with 8 fields (2 meta_* , 3 twitter_* and 3 og_*) - Update relations between post and post_meta table - Update input/output serializers to keep existing API behavior - Avoids new entry in post_meta table for post where all meta fields are null - Keeps the current fields API param behavior - Handles migration of existing posts to new table structure - Updates importer/exporter to work seamlessly with table changes 2019-09-16 11:45:55 +03:00			`)`
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests 2019-02-04 17:16:24 +03:00			`,`
			`user: _(schema.users)`
			`.keys()`
Removed more unused fields from Admin API v2 response refs #10438 - these fields are not used - no need to expose them in v2 - we will either remove them in the next major or use them for new features (will see) 2019-02-13 13:41:14 +03:00			`.without('visibility')`
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests 2019-02-04 17:16:24 +03:00			`.without('password')`
Removed more unused fields from Admin API v2 response refs #10438 - these fields are not used - no need to expose them in v2 - we will either remove them in the next major or use them for new features (will see) 2019-02-13 13:41:14 +03:00			`.without('locale')`
Removed ghost_auth_id from Admin API v2 response refs #10438 - unused field - no need to expose this field 2019-02-13 01:36:42 +03:00			`.without('ghost_auth_id')`
Corrected object check to include 'url' property 2019-07-24 21:22:08 +03:00			`.concat('url')`
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests 2019-02-04 17:16:24 +03:00			`,`
			`tag: _(schema.tags)`
			`.keys()`
Removed `tag.parent` from Admin API v2 response refs #10438 - this is an unused field - no need to expose this field - if we start working on nested tags, this field might become interesting/used 2019-02-12 21:26:31 +03:00			`// unused field`
			`.without('parent_id')`
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests 2019-02-04 17:16:24 +03:00			`,`
			`setting: _(schema.settings)`
			`.keys()`
			`,`
			`subscriber: _(schema.subscribers)`
			`.keys()`
			`,`
Added members POST API (#11189) no issue - Added Regression full test coverage for members Admin API - Added `POST /members` endpoint - Added members schema definition + validation - Added ability to pass through send_email/emal_type options to members API 2019-10-03 12:15:50 +03:00			`member: _(schema.members)`
			`.keys()`
			`,`
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests 2019-02-04 17:16:24 +03:00			`role: _(schema.roles)`
			`.keys()`
			`,`
			`permission: _(schema.permissions)`
			`.keys()`
			`,`
			`notification: ['type', 'message', 'status', 'id', 'dismissible', 'location', 'custom'],`
			`theme: ['name', 'package', 'active'],`
			`invite: _(schema.invites)`
			`.keys()`
			`.without('token')`
			`,`
			`webhook: _(schema.webhooks)`
Updated tests eslint config to use eslint-plugin-ghost@0.5.0 no issue - bump eslint-plugin-ghost to v0.5.0 - update core/test eslint config to use "ghost:test" in place of custom ruleset - apply automated eslint fixes 2019-08-19 14:41:09 +03:00			`.keys()`
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests 2019-02-04 17:16:24 +03:00			`};`

			`_.each(expectedProperties, (value, key) => {`
			`if (!value.__wrapped__) {`
			`return;`
			`}`

			`/**`
			`* @deprecated: x_by`
			`*/`
			`expectedProperties[key] = value`
			`.without(`
			`'created_by',`
			`'updated_by',`
			`'published_by'`
			`)`
			`.value();`
			`});`

			`module.exports = {`
			`API: {`
			`getApiQuery(route) {`
			`return url.resolve(API_URL, route);`
			`},`

			`checkResponse(...args) {`
			`this.expectedProperties = expectedProperties;`
			`return testUtils.API.checkResponse.call(this, ...args);`
			`}`
			`},`

			`doAuth(...args) {`
			return testUtils.API.doAuth(`${API_URL}session/`, ...args);
			`},`

Migrated schedules controller to v2 closes #10060 - Implemented scheduling for posts and pages - Added cache invalidation when scheduling - Refactored admin token eneration function to accept existing key as parameter in tests - Added Ghost Scheduler Integration fixture - Added fixture for permissions for post publish action - Migrated getScheduled method to v2 - Did not add support for 'from' and 'to' parameters as they were not used by DefaultScheduler - This method needs rethinking in a long run as it's an ugly hack and should rather become proper endpoint that returns JSON data instead of models - Removed unused auth middleware from v2 routes - Added internal scheduler role - Implemetnted transactions in v2 frame - This takes into account scenario mentioned in c93f03b87e122edb62cc9f780926d640555bd5b4 - Specifically: >if two queries happening in a transaction we have to signalise knex/mysql that we select for an update otherwise the following case happens: you fetch posts for an update a user requests comes in and updates the post (e.g. sets title to "X") you update the fetched posts, title would get overriden to the old one 2019-07-31 23:34:49 +03:00			`getValidAdminToken(endpoint, key) {`
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests 2019-02-04 17:16:24 +03:00			`const jwt = require('jsonwebtoken');`
Migrated schedules controller to v2 closes #10060 - Implemented scheduling for posts and pages - Added cache invalidation when scheduling - Refactored admin token eneration function to accept existing key as parameter in tests - Added Ghost Scheduler Integration fixture - Added fixture for permissions for post publish action - Migrated getScheduled method to v2 - Did not add support for 'from' and 'to' parameters as they were not used by DefaultScheduler - This method needs rethinking in a long run as it's an ugly hack and should rather become proper endpoint that returns JSON data instead of models - Removed unused auth middleware from v2 routes - Added internal scheduler role - Implemetnted transactions in v2 frame - This takes into account scenario mentioned in c93f03b87e122edb62cc9f780926d640555bd5b4 - Specifically: >if two queries happening in a transaction we have to signalise knex/mysql that we select for an update otherwise the following case happens: you fetch posts for an update a user requests comes in and updates the post (e.g. sets title to "X") you update the fetched posts, title would get overriden to the old one 2019-07-31 23:34:49 +03:00			`key = key \|\| testUtils.DataGenerator.Content.api_keys[0];`

Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests 2019-02-04 17:16:24 +03:00			`const JWT_OPTIONS = {`
Migrated schedules controller to v2 closes #10060 - Implemented scheduling for posts and pages - Added cache invalidation when scheduling - Refactored admin token eneration function to accept existing key as parameter in tests - Added Ghost Scheduler Integration fixture - Added fixture for permissions for post publish action - Migrated getScheduled method to v2 - Did not add support for 'from' and 'to' parameters as they were not used by DefaultScheduler - This method needs rethinking in a long run as it's an ugly hack and should rather become proper endpoint that returns JSON data instead of models - Removed unused auth middleware from v2 routes - Added internal scheduler role - Implemetnted transactions in v2 frame - This takes into account scenario mentioned in c93f03b87e122edb62cc9f780926d640555bd5b4 - Specifically: >if two queries happening in a transaction we have to signalise knex/mysql that we select for an update otherwise the following case happens: you fetch posts for an update a user requests comes in and updates the post (e.g. sets title to "X") you update the fetched posts, title would get overriden to the old one 2019-07-31 23:34:49 +03:00			`keyid: key.id,`
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests 2019-02-04 17:16:24 +03:00			`algorithm: 'HS256',`
			`expiresIn: '5m',`
			`audience: endpoint`
			`};`

			`return jwt.sign(`
Updated Admin API key auth to require `kid` in header (#10538) * Required kid be a header claim as according to spec https://tools.ietf.org/html/rfc7515#section-4.1.4 (JWT is an extension of JWS) * Updated error message for missing kid * Fixed admin-api key unit tests * Fixed regression and acceptance tests 2019-02-26 07:03:47 +03:00			`{},`
Migrated schedules controller to v2 closes #10060 - Implemented scheduling for posts and pages - Added cache invalidation when scheduling - Refactored admin token eneration function to accept existing key as parameter in tests - Added Ghost Scheduler Integration fixture - Added fixture for permissions for post publish action - Migrated getScheduled method to v2 - Did not add support for 'from' and 'to' parameters as they were not used by DefaultScheduler - This method needs rethinking in a long run as it's an ugly hack and should rather become proper endpoint that returns JSON data instead of models - Removed unused auth middleware from v2 routes - Added internal scheduler role - Implemetnted transactions in v2 frame - This takes into account scenario mentioned in c93f03b87e122edb62cc9f780926d640555bd5b4 - Specifically: >if two queries happening in a transaction we have to signalise knex/mysql that we select for an update otherwise the following case happens: you fetch posts for an update a user requests comes in and updates the post (e.g. sets title to "X") you update the fetched posts, title would get overriden to the old one 2019-07-31 23:34:49 +03:00			`Buffer.from(key.secret, 'hex'),`
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests 2019-02-04 17:16:24 +03:00			`JWT_OPTIONS`
			`);`
			`}`
			`};`