Added custom theme feature limit

refs: https://github.com/TryGhost/Team/issues/510 - in the case that host config is provided, limits Ghost to only permitting official themes to be installed and used
2024-11-24 06:35:49 +03:00 · 2021-03-03 12:47:09 +00:00 · 2021-03-03 12:47:09 +00:00 · b310666bda
commit b310666bda
parent c7b843471f
3 changed files with 25 additions and 4 deletions
--- a/core/server/api/canary/themes.js
+++ b/core/server/api/canary/themes.js
@ -4,6 +4,7 @@ const path = require('path');
 const security = require('@tryghost/security');
 const {events} = require('../../lib/common');
 const themeService = require('../../../frontend/services/themes');
 const limitService = require('../../services/limits');
 const models = require('../../models');
 const request = require('../../lib/request');
 const errors = require('@tryghost/errors/lib/errors');
@ -75,6 +76,10 @@ module.exports = {
            if (frame.options.source === 'github') {
                const [org, repo] = frame.options.ref.toLowerCase().split('/');
                if (limitService.isLimited('custom_themes') && org.toLowerCase() !== 'tryghost') {
                    await limitService.errorIfWouldGoOverLimit('custom_themes');
                }
                // omit /:ref so we fetch the default branch
                const zipUrl = `https://api.github.com/repos/${org}/${repo}/zipball`;
                const zipName = `${repo}.zip`;
@ -133,7 +138,11 @@ module.exports = {
        permissions: {
            method: 'add'
        },
-        query(frame) {
+        async query(frame) {
            if (limitService.isLimited('custom_themes')) {
                return await limitService.errorIfWouldGoOverLimit('custom_themes');
            }
            // @NOTE: consistent filename uploads
            frame.options.originalname = frame.file.originalname.toLowerCase();
--- a/core/server/api/v2/themes.js
+++ b/core/server/api/v2/themes.js
@ -1,5 +1,6 @@
 const {events} = require('../../lib/common');
 const themeService = require('../../../frontend/services/themes');
 const limitService = require('../../services/limits');
 const models = require('../../models');
 module.exports = {
@ -51,9 +52,15 @@ module.exports = {
        permissions: {
            method: 'add'
        },
-        query(frame) {
+        async query(frame) {
            if (limitService.isLimited('custom_themes')) {
                return await limitService.errorIfWouldGoOverLimit('custom_themes');
            }
            // @NOTE: consistent filename uploads
-            frame.options.originalname = frame.file.originalname.toLowerCase();
+            {
                frame.options.originalname = frame.file.originalname.toLowerCase();
            }
            let zip = {
                path: frame.file.path,
--- a/core/server/api/v3/themes.js
+++ b/core/server/api/v3/themes.js
@ -1,5 +1,6 @@
 const {events} = require('../../lib/common');
 const themeService = require('../../../frontend/services/themes');
 const limitService = require('../../services/limits');
 const models = require('../../models');
 module.exports = {
@ -51,7 +52,11 @@ module.exports = {
        permissions: {
            method: 'add'
        },
-        query(frame) {
+        async query(frame) {
            if (limitService.isLimited('custom_themes')) {
                return await limitService.errorIfWouldGoOverLimit('custom_themes');
            }
            // @NOTE: consistent filename uploads
            frame.options.originalname = frame.file.originalname.toLowerCase();