Commit Graph

3023 Commits

Author SHA1 Message Date
renovate[bot]
48782df301 Update dependency newrelic to v11.13.0 2024-03-13 17:14:53 +00:00
Kevin Ansfield
47e6911ca0
Added cache-control header back to /auth-frame/ response (#19858)
ref https://linear.app/tryghost/issue/ENG-721

- when changing the response to a `204` for requests with no cookie we'd lost the `Cache-Control: public, max-age: 0` header which meant some cache systems weren't caching as efficiently as possible
2024-03-13 16:00:46 +00:00
Sag
9869d9adb6
Added referral tracking to the powered-by-ghost newsletter badge (#19850)
ref https://linear.app/tryghost/issue/TRI-65

In the context of referrals, we want to understand how useful our
“Powered by Ghost” badges are.

There are currently a few places where the “Powered by Ghost” badge can
be rendered:
- in newsletters (enabled/disabled by publisher, on a newsletter basis)
- in Portal popups, e.g. member signup/signin/account settings
- in the footer of some themes, including Source & Casper

We're adding the query param ?via to evaluate the usage of the badge in
newsletters.
2024-03-13 16:03:13 +01:00
Fabien "egg" O'Carroll
0fb0c6c2b5 Added NestJS Playground
no-issue

This adds the barebones of a NestJS application wired up to the Admin API
behind a feature flag, so that we can experiement with how to use Nest in the
context of Ghost
2024-03-13 19:44:06 +07:00
Fabien "egg" O'Carroll
d2620171ea Refactored auth services so they can be used in Nest
no-issue

This decouples the business logic from the express middleware so that it can be
used inside of a NestJS application.
2024-03-13 19:44:06 +07:00
Sag
59bbade630
Fixed browser tests (#19852)
no issue

- browser tests were failing due to the renaming of a button
2024-03-13 12:54:19 +01:00
Fabien 'egg' O'Carroll
5a5ddcb609
🐛 Fixed Tiers API erroring when invalid filter passed (#19845)
closes ENG-730
closes https://linear.app/tryghost/issue/ENG-730/

We've updated the input serializer to parse the filter, and responded
with an error if it cannot be parsed correctly.

Now that it's parsed, we can pass a mongo query object through the
stack, which will lend itself to better typing for this code, which is a
direction we want to go in anyway. We've had to update all the internal
usages of the `browse` method to use mongo query objects.
2024-03-13 00:25:42 +07:00
Daniel Lockyer
55791a8c64 Switched to throwing error upon failed image processing
ref https://linear.app/tryghost/issue/ENG-740/http-500-error-when-image-processing-fails
refs 4aad551c72

- upon further discussion, we've decided it's better to throw an error
  in this case because the uploaded image is deemed invalid and storing
  it on the filesystem might cause more issues with resizing/further
  processing in the future
- this commit implements that and alters the tests
2024-03-12 16:24:29 +01:00
Daniel Lockyer
4aad551c72 🐛 Fixed HTTP 500 error when image processing fails during upload
fixes ENG-740
fixes https://linear.app/tryghost/issue/ENG-740/http-500-error-when-image-processing-fails

- in the event the image transform library throws (which can happen for
  many reasons; sharp/libvips can come across a number of errors), we
  currently return this as a HTTP 500 error to the user
- in this case, we should just try-catch the call and jump to the
  non-processing flow where it just saves the original image
- also added breaking test
2024-03-12 15:33:17 +01:00
Kevin Ansfield
ef143978e7
🎨 Reduced requests and 403 responses for comments auth check (#19840)
closes https://linear.app/tryghost/issue/ENG-721
ref https://linear.app/tryghost/issue/ENG-708

Comments-UI loads `/ghost/admin-frame/` in an iframe to check if a Staff User is authenticated in order to  show moderation options. That iframe request loads a HTML page which in turn contains a script that fires off an API request that attempts to fetch the logged-in user details, resulting in a 403 "error" showing up when not authenticated. In the vast majority of cases there will be no staff user authenticated so lots of extra requests and "errors" are seen unnecessarily.

- adjusted the `/ghost/auth-frame/` endpoint to check if the request contains an Admin session cookie
  - if it does, continue as before with rendering the HTML page so the script is loaded
  - if it doesn't, return an empty 204 response avoiding the script request and subsequent 403-generating API request
- eliminates the 403 error being generated for all typical visitor traffic, the error should only be seen when an Admin was previously logged in but their cookie is no longer valid (either from logging out, or going past the 6month validity period)
2024-03-12 12:27:18 +00:00
Daniel Lockyer
5fa4496d52 🐛 Fixed HTTP 500 responses when oembed endpoint receives error
fixes https://github.com/TryGhost/Product/issues/4237

- this fixes the fact that we return a HTTP 500 response when the oembed
  library receives an error, such as a 401 or 403
- includes special handling for cases where we want to return a slightly
  different error message
- also adds unit tests for @tryghost/oembed-service package
2024-03-12 12:31:44 +01:00
Daniel Lockyer
6842d599e9 🐛 Fixed handling of image uploads with overly long filenames
fixes ENG-733
ref https://linear.app/tryghost/issue/ENG-733/handle-image-uploads-where-name-is-too-long

- filesystems usually have a filename length limit; ie. on macOS it is
  255 characters
- if a file is uploaded with a longer filename, we'll return a HTTP 500
- we shouldn't do this as it is user error, so we can just catch the
  error code and return BadRequest
- this implements that, and adds a breaking test
2024-03-12 12:31:44 +01:00
Daniel Lockyer
6db20fc14b Fixed minor code nits
- made fixes for the following:
  - jsdoc definitions
  - typos
  - extra parameter to function
  - missing `utf-8` to fs file read
2024-03-12 12:31:44 +01:00
Daniel Lockyer
360ecf15ae 🐛 Fixed HTTP 500 error when given incorrect Range header
ref ENG-729
ref https://linear.app/tryghost/issue/ENG-729/incorrect-range-header-leads-to-http-500-errors

- we didn't have handling here for the `RangeNotSatisfiableError` that
  can come from express/serve-static/send
- as a result, passing an invalid range would cause a 500 error
- this prevents that and adds a breaking test
2024-03-11 19:14:30 +01:00
Daniel Lockyer
162f438c63 Updated @tryghost/errors dependency
- this version is written in TS, but was published a few months ago and
  needs to be bumped here
- also updates a previous deep include into the library, which was
  unnecessary anyway
2024-03-11 17:33:51 +01:00
Ghost CI
f83d51c1e3 v5.80.2 2024-03-08 16:04:08 +00:00
Ghost CI
76383b4295 🎨 Updated Source to v1.2.0 2024-03-08 16:04:08 +00:00
renovate[bot]
3301332253 Update dependency express to v4.18.3 2024-03-07 13:42:27 +01:00
Ghost CI
624168ead5 Merged v5.80.1 into main 2024-03-07 09:04:51 +00:00
Ghost CI
0a8716b0ae v5.80.1 2024-03-07 09:04:50 +00:00
Sag
ae95e8de8c Fixed tiers paywall selecting all paid tiers (#19817)
refs INC-36

- oversight in parent commit 00cff0a
2024-03-06 22:35:43 +01:00
Sag
69466ecab9 🐛 Fixed free tier showing in the tiers-only paywall in posts (#19807)
refs INC-36
fixes https://github.com/TryGhost/Ghost/issues/19796

- The tiers-only paywall was incorrectly rendering "Free". Example:
"This post is for subscribers of the Free, Silver and Gold tiers only"
- Steps to reproduce the issue:
    1. Create a post with public visibility, publish it
    2. Then swap the visibility to specific tiers. The default selects all
paid tiers. Leave it like that
    3. Update the post. The paywall show Free, even though it should be
showing only the paid tiers
- This fix filters out the "free" tier when visibility is set to tiers,
before updating a Post or a Page. The fix includes bulk updates from the
list of Posts and Pages (right-click on a Post/Page > Change Access).
2024-03-06 22:35:33 +01:00
Sag
656846018a
Fixed tiers paywall selecting all paid tiers (#19817)
refs INC-36

- oversight in parent commit 00cff0a
2024-03-06 22:14:17 +01:00
Sag
00cff0aece
🐛 Fixed free tier showing in the tiers-only paywall in posts (#19807)
refs INC-36
fixes https://github.com/TryGhost/Ghost/issues/19796

- The tiers-only paywall was incorrectly rendering "Free". Example:
"This post is for subscribers of the Free, Silver and Gold tiers only"
- Steps to reproduce the issue:
    1. Create a post with public visibility, publish it
    2. Then swap the visibility to specific tiers. The default selects all
paid tiers. Leave it like that
    3. Update the post. The paywall show Free, even though it should be
showing only the paid tiers
- This fix filters out the "free" tier when visibility is set to tiers,
before updating a Post or a Page. The fix includes bulk updates from the
list of Posts and Pages (right-click on a Post/Page > Change Access).
2024-03-06 21:30:00 +01:00
Kevin Ansfield
3090f8ec95
🎨 Improved lazy-loading of comments data (#19809)
no issue

Bumps `Comments-UI` app version that contains an improvement to data loading:

- within the comments block we only use Admin auth to show moderation options on each displayed comment but we were always pre-emptively loading the `admin-auth` frame and making the associated Admin API user request. That loading has now been deferred until at least one comment has been displayed cutting down unnecessary requests on each post view
2024-03-06 10:29:55 +00:00
Kevin Ansfield
78aba5b22a
🎨 Improved lazy-loading of comments data (#19809)
no issue

Bumps `Comments-UI` app version that contains an improvement to data loading:

- within the comments block we only use Admin auth to show moderation options on each displayed comment but we were always pre-emptively loading the `admin-auth` frame and making the associated Admin API user request. That loading has now been deferred until at least one comment has been displayed cutting down unnecessary requests on each post view
2024-03-06 10:17:32 +00:00
Kevin Ansfield
b704530d74
🐛 Fixed unexpected conversion of single-quoted attributes in HTML cards (#19727)
closes ENG-627

We were using `cheerio` to parse+modify+serialize our rendered HTML to modify links for member attribution. Cheerio's serializer has a [long-standing issue](https://github.com/cheeriojs/cheerio/issues/720) (that we've [had to deal with before](https://github.com/TryGhost/SDK/issues/124)) where it replaces single-quote attributes with double-quote attributes. That was resulting in broken rendering when content used single-quotes such as in HTML cards that have JSON data inside a `data-` attribute or otherwise used single-quotes to avoid escaping double-quotes in an attribute value.

- swapped the implementation that uses `cheerio` for one that uses `html5parser` to tokenize the html string, from there we can loop over the tokens and replace the href attribute values in the original string without touching any other part of the content. Avoids a full parse+serialize process which is both more costly and can result unexpected content changes due to serializer opinions.
  - fixes the quote change bug
  - uses tokenization directly to avoid cost of building a full AST
- updated Content API Posts snapshot
  - one of our fixtures has a missing closing tag which we're no longer "fixing" with a full parse+serialize step in the link replacer (keeps modified src closer to original and better matches behaviour elsewhere in the app / without member-attribution applied)
  - the link replacer no longer converts `attr=""` to `attr` (these are equivalent in the HTML spec so no change in behaviour other than preserving the original source html)
- added a benchmark test file comparing the two implementations because the link replacer runs on render so it's used in a hot path
  - new implementation has a 3x performance improvement
  - the separate files with the old/new implementations have been cleaned up but I've left the benchmark test file in place for future reference

Benchmark results comparing implementations:

```
❯ node test/benchmark.js

LinkReplacer
├─ cheerio: 5.03K /s ±2.20%
├─ html5parser: 16.5K /s ±0.43%

Completed benchmark in 0.9976526670455933s
┌─────────────┬─────────┬────────────┬─────────┬───────┐
│   (index)   │ percent │ iterations │ current │  max  │
├─────────────┼─────────┼────────────┼─────────┼───────┤
│   cheerio   │   ''    │ '5.03K/s'  │  5037   │ 5037  │
│ html5parser │   ''    │ '16.5K/s'  │  16534  │ 16534 │
└─────────────┴─────────┴────────────┴─────────┴───────┘
```
2024-03-06 09:11:49 +00:00
Fabien O'Carroll
d9fb4787ec Removed whitelist of JWT errors
refs https://linear.app/tryghost/issue/ENG-712/

I don't think we ever need to respond with a 500 here, if the verify call
fails, we know that the token is unauthorized for use.
2024-03-05 03:04:34 +07:00
Fabien O'Carroll
dcbd168585 🐛 Fixed 500 error for premature api token use
refs https://linear.app/tryghost/issue/ENG-712

We weren't handling the NotBeforeError and instead responing with a 500 which
is not correct.
2024-03-05 03:04:34 +07:00
renovate[bot]
b6b2e2ea31 Update dependency newrelic to v11.12.0 2024-03-04 18:35:26 +00:00
Ghost CI
9df5148427 v5.80.0 2024-03-01 16:04:20 +00:00
renovate[bot]
69459e9b42 Update dependency yjs to v13.6.14 2024-03-01 11:32:05 +00:00
renovate[bot]
81f1b63cca Update dependency yjs to v13.6.13 2024-02-29 19:32:37 +00:00
Peter Zimon
8f3617aaa8
Content card design improvements (#19737)
refs. https://linear.app/tryghost/issue/DES-122/bookmark-card-issues

This PR addresses the following content card related problems:

1. The design of the following cards are more self-contained so it makes
more sense to use `px` for their font-sizes and spacings so it looks the
same regardless of the theme. Of course themes still can override these
values.

Updated cards to use `px` for font sizing:
- audio
- bookmark
- file
- product

2. So far header and signup cards had been using `rem` for font-sizes
and some sizing. This commit updates these to use `em` instead so that
it's consistent with all other cards.

3. The favicon sometimes is not available for bookmark cards. This PR also
fixes that by providing a default favicon for these cases.
2024-02-29 17:09:34 +01:00
Sanne de Vries
c7e475feb0
Remove comment icon at the top of email template (#19771)
Refs
https://linear.app/tryghost/issue/DES-80/newsletter-view-in-browser-breaking-to-next-line-with-incorrect
2024-02-29 14:45:38 +01:00
Kevin Ansfield
e0d8e18785
Added lazy-loading of comments data (#19778)
no issue

Bumps `Comments-UI` app version that contains a few changes:

- comments data is now lazy-loaded with API requests being deferred until the comments block is scrolled into view, saving up-front visitor data usage as well as reducing server-load for page views where the comments are never seen
- comments data is now fetched from `/members/api/comments/{post_id}/` rather than using the post_id in the `filter` param to enable cache bucketing and cache invalidation
- `created_at` timestamp has been dropped from the initial comments data request so the results can be cached, on pagination requests the timestamp has been improved to use the created_at data from the response so it remains consistent and can also be cached
- `order` param has been dropped from API requests as the API has been updated to include our default ordering
2024-02-29 10:21:05 +00:00
Fabien 'egg' O'Carroll
a489d5a3d8
Added /comments/:id/replies/ to X-Cache-Invalidate
refs https://linear.app/tryghost/issue/ENG-682/

This should allow us to bust both endpoints cache when write operations
are made to comments.
2024-02-28 23:15:02 +00:00
Kevin Ansfield
44e602b447
Switched to default ordering for comments API requests (#19774)
closes ENG-681

There's no need to provide an `order` param with every request in Comments-UI if the API has default ordering that matches our requirements. The order param makes logs more noisy/harder to read than they need to be so we want to get rid of it.

- modified comments API input serializer to add a default order param to the browse and replies endpoints when none is provided
- removed order param from the requests that Comments-UI makes
2024-02-28 18:42:02 +00:00
Fabien O'Carroll
4c6f7715ef Cleaned up comments controller
no-issue

This removes some redundant calls to `get` and makes refactoring
easier in future.
2024-02-29 00:24:34 +07:00
Fabien O'Carroll
001f2b0b91 Invalidated post comments cache on like&unlike
refs https://linear.app/tryghost/issue/ENG-676/

We want to make sure that we're not serving stale liked counts for
comments, which means we need to cache bust when they're liked/unliked

Unfortuantely this means we need to fetch the comment from the db so
that we have access to the post id.
2024-02-29 00:24:34 +07:00
Fabien O'Carroll
58dd79ccb4 Invalidated the new comments endpoint cache on add & edit
refs https://linear.app/tryghost/issue/ENG-676/

This is the meat of the change and actually causes the cache to be
invalidated on adds and edits to the comments endpoints.

It doesn't currently include the liked/unliked actions at the moment
as we don't have easy access to the post id from those endpoints.
2024-02-28 22:40:56 +07:00
Fabien O'Carroll
2c6321472c Added endpoint for comments/post/:post_id
refs https://linear.app/tryghost/issue/ENG-676/

This is pretty simple as we can reuse the existing browse method
on the CommentsController, but we need to add support for the post_id
option to the endpoint, for it to be added to the frame.

We also need to update the browse method to enforce the post_id on the
NQL filter. I initially tried this with string concatenation, but ran
into way too many bugs, so we're using a mongo transformer instead.
2024-02-28 22:40:56 +07:00
Djordje Vlaisavljevic
f032f11d8a Added hrefs to paywall links for improved SEO
refs DES-150
2024-02-28 15:28:41 +00:00
Fabien O'Carroll
ec697051dc 🐛 Fixed cache invalidation header race conditions
refs https://linear.app/tryghost/issue/ENG-674/

This ensures that all of our dynamic cache invalidation header logic
is applied on a per-request basis!
2024-02-28 21:31:04 +07:00
Fabien 'egg' O'Carroll
5fae212416
Ensured comment counts route doesn't load member (#19762)
refs https://linear.app/tryghost/issue/ENG-672/

The comment counts endpoint does not need member authentication.
This saves us a bunch of db queries for each request
2024-02-28 07:36:35 +07:00
Fabien 'egg' O'Carroll
7f392c305b
Added output to the get helper when the timeout is exceeded (#19761)
refs https://linear.app/tryghost/issue/ENG-670

We keep running into issues with a sites content not being correct,
and slow get helpers being the suspect - but it's difficult to prove.
The idea behind this it to give us concrete evidence, which will allow
us to diagnose the problem faster.
2024-02-28 07:35:16 +07:00
renovate[bot]
0c5f1daf96 Update dependency newrelic to v11.11.0 2024-02-27 22:55:16 +00:00
Kevin Ansfield
f3e36bcd4e
🐛 Fixed extra whitespace in plaintext transactional member emails (#19736)
closes ENG-660

- added tagged template function to strip leading whitespace from our plaintext email strings without making the source file harder to read
2024-02-27 16:24:38 +00:00
Ghost CI
536f67398c Merged v5.79.6 into main 2024-02-26 17:18:43 +00:00
Ghost CI
3b0d0934eb v5.79.6 2024-02-26 17:18:41 +00:00
Kevin Ansfield
ab7c1cfa92
Fixed incorrect cache invalidation headers for slugs Admin API endpoint (#19753)
closes ENG-666

- the Admin API `GET /slugs/{type}/{slug}/` endpoint is used by Admin to check when a potential slug needs de-duping by adding a `-{x}` suffix. Most often this occurs when setting a draft post title
- the endpoint was returning a full-site cache invalidation header meaning hosting services could be blowing away their site caches and needlessly hurting performance because this endpoint is purely a read operation and makes no changes to the site
- updated the endpoint to return no cache invalidation header
2024-02-26 17:02:09 +00:00
Kevin Ansfield
ca9c0a4055
Fixed incorrect cache invalidation headers for slugs Admin API endpoint (#19753)
closes ENG-666

- the Admin API `GET /slugs/{type}/{slug}/` endpoint is used by Admin to check when a potential slug needs de-duping by adding a `-{x}` suffix. Most often this occurs when setting a draft post title
- the endpoint was returning a full-site cache invalidation header meaning hosting services could be blowing away their site caches and needlessly hurting performance because this endpoint is purely a read operation and makes no changes to the site
- updated the endpoint to return no cache invalidation header
2024-02-26 16:59:29 +00:00
renovate[bot]
65a9a04959 Update dependency mysql2 to v3.9.2 2024-02-26 16:25:50 +00:00
Ghost CI
3a0fd45958 v5.79.5 2024-02-26 06:26:13 +00:00
renovate[bot]
49fc876fe1 Update dependency sanitize-html to v2.12.1 2024-02-22 19:17:35 +00:00
Steve Larson
02edc5ad4f
Updated browser tests to be less flaky (#19701)
no refs

- Offers browser tests were subject to a race condition. I'm guessing
this dates back to when we moved to Settings X (and React), as it seems
the url for the offer is not present on the first render of the page -
despite being returned in the `POST` request of the offer creation, the
component does a `GET` on render to get the link. This is now awaited.
- The Publishing timezone test also seemed to suffer from a race
condition. This is less sure of a fix as it's a much less frequent
failure. The date time picker input is now validated in the test before
continuing.
- Offers browser tests often timed out so the timeout has been moved to
90s for these tests.
- All tests were bumped to 75s timeout as we generally would
occasionally hit the timeout.
2024-02-21 17:47:44 +00:00
renovate[bot]
bcbd3fbcc8 Update dependency sanitize-html to v2.12.0 2024-02-21 16:47:38 +00:00
Kevin Ansfield
a3f8aa110d
🐛 Fixed explicit HTML entities being decoded when rendering HTML cards (#19728)
closes ENG-608

- bumps Koenig rendering packages to include fix for HTML entities in HTML card content being decoded during rendering which could result in unexpected/broken output
2024-02-21 16:36:04 +00:00
Sag
034df3714e
Removed leftover alpha flag (#19717)
no issue
2024-02-20 14:07:03 +01:00
Sag
ba3ea9b36c
Fixed browser tests (#19719)
no issue
2024-02-20 14:03:36 +01:00
Sag
e9f5af110c
🎨 Added option to change the name of the free tier (#19715)
ref ENG-607

- also added the option to show the monthly pricing by default during
signup

Co-authored-by: Simon Backx <simon@ghost.org>
Co-authored-by: Djordje Vlaisavljevic <dzvlais@gmail.com>
2024-02-20 12:54:41 +01:00
Ghost CI
98b5992f63 v5.79.4 2024-02-19 11:26:01 +00:00
Ghost CI
0c4d62880e v5.79.3 2024-02-16 18:20:06 +00:00
Ghost CI
49bf6d2754 v5.79.2 2024-02-16 16:06:40 +00:00
renovate[bot]
c0325da0e7 Update dependency newrelic to v11.10.4 2024-02-13 21:27:42 +00:00
renovate[bot]
cd8b5f3ab3 Update dependency yjs to v13.6.12 2024-02-12 02:16:00 +00:00
Ghost CI
300563eb95 v5.79.1 2024-02-09 16:04:10 +00:00
renovate[bot]
46866788dd Update dependency newrelic to v11.10.3 2024-02-07 20:03:13 +00:00
Ronald Langeveld
b460dabf68
Revert "Added headers if making a preview site request (#19668)" (#19669) 2024-02-07 16:54:27 +02:00
Ronald Langeveld
d3e16bb885
Added headers if making a preview site request (#19668)
no issue

- to test if we can access Private Sites in Admin when set as a private
site.
- the issue is, we have CORS issues that doesn't allow a cookie to be
passed via Admin when the site uses a custom domain.
- generally does not affect self hosters.
2024-02-07 11:37:59 +00:00
Steve Larson
5f371027a3
Updated editor lexical packages (#19664)
no refs
- updated koenig packages with the newest lexical version to bring in bugfixes and improvements
2024-02-06 22:13:54 +00:00
Ghost CI
c6c66d2a20 v5.79.0 2024-02-02 16:04:15 +00:00
Steve Larson
2c166582fd
Added config option to disable db backups (#19614)
refs https://linear.app/tryghost/issue/ENG-600
- users need an option so they can perform actions like delete users
without blowing up Ghost as large dbs can OOM node
2024-02-01 12:09:41 -06:00
Sag
c12e279e0c
Added migration to fix data discrepancy in free tier visibility (#19624)
refs INC-18

- release v5.69.0 introduced a data discrepancy in the free tier
visibility: the "free" tier visibility got out of sync with the
"portal_plans" setting due to a bug in the new Admin settings. The bug
was corrected in a patch release rolled out a few days later, v5.69.4
- however, the data discrepancy has not been corrected for all
customers; this data migration fixes the data discrepancy
2024-02-01 16:53:40 +01:00
renovate[bot]
1bd7dea79d Update dependency newrelic to v11.10.2 2024-01-31 19:53:07 +00:00
Steve Larson
1ed34aebac
Added check for Stripe Pass in Stripe Connect test utils (#19633)
refs https://linear.app/tryghost/issue/ENG-599
- Portal tests occasionally failed without clear cause on CI, possibly
due to GH runner region
- Portal tests never successfully ran locally for US-based IPs because
of a required prompt for Stripe Pass
2024-01-31 11:52:09 -06:00
Fabien 'egg' O'Carroll
38b29d0566
Fixed boot crashing when segment config is present (#19625)
refs https://github.com/TryGhost/Ghost/commit/c4912665e5d5af2c25e

We removed the segment service but continued to attempt to load it when
the segment config was present.
2024-01-31 13:01:34 +07:00
Steve Larson
d5077ac1bf
Cleared member count cache on manual member add/delete (#19623)
refs https://linear.app/tryghost/issue/ENG-599
- member count is based on the cache which only updates ~every minute
- forced cache clear on manual member add/delete (not import)
- tests were failing based on the assumption that a new site that adds a
member has a nonzero member count, although the cache did not reflect
this quickly enough for the test to pass

Previously on a new site if you tried to publish a newsletter, it would
require at least one member. If you quickly added a member and tried to
send a newsletter, it would stop you saying you need at least one
member, requiring a browser refresh. This was a bug that is resolved
with this changes, as well as odd behaviour to try to write tests
around.
2024-01-30 15:08:27 -06:00
Daniel Lockyer
f76bb91122 Updated @elastic/elasticsearch to latest version
refs https://github.com/TryGhost/Toolbox/issues/501

- at this point, we have no real reason to keep this behind as it wasn't
  proven what the cause of the high CPU was, and it's just causing more
  lockfile issues with the resolution
2024-01-30 21:41:33 +01:00
Aileen Booker
c4912665e5 Removed DomainEventsAnalytics
closes CA-11

- Segment events in Ghost core are not used currently
2024-01-30 13:58:22 -04:00
Kevin Ansfield
3c56005d44
🐛 Fixed error when converting or pasting HTML content with headings+text nested inside lists (#19618)
closes https://github.com/TryGhost/Product/issues/4234

- bumps Koenig packages to version containing a fix to our denest transform so it properly handles denesting element nodes inside list item nodes
2024-01-30 13:45:58 +00:00
Ghost CI
5d19c75482 v5.78.0 2024-01-30 11:17:31 +00:00
Simon Backx
7d0be3f1a9
Improved sending email addresses for self-hosters (#19617)
ref https://github.com/TryGhost/Ghost/issues/12802
fixes DMA-27

- You can choose any support and newsletter email address in the UI
without verification (as long as your SMTP-server / Mailgun can send
from it)
- All emails will use the mail.from config as the from address as a
default:
- Staff notification emails no longer use the made up ghost@domain email
address
    - Newsletters no longer default to 'noreply@domain' 
- Member related emails (signin/signup/comment notifications...) will
continue to be send from the chosen support address (Portal settings →
Account page), but will now default to the mail.from config instead of
noreply@domain if no support address is set.
2024-01-30 11:21:08 +01:00
Steve Larson
68dda65a12
Added refresh to publishing test (#19612)
refs ENG-599
- added refresh to publishing workflow test
- member count is cached and not updated immediately upon adding a
member, but a count >0 is required in order to send a newsletter (what
this test tests)
- we are looking at updating the cached count; until then, a refresh
will be a performance hit but allow this test to pass
2024-01-29 14:15:56 -06:00
Chris Raible
975bb6849f
Renamed performanceMonitoring config to telemetry (#19613)
no issue

- Renaming the configuration parameter created in this commit:
e0dae46dfc
- No functional difference, this change just makes the configuration a
bit more succinct
2024-01-29 11:56:17 -08:00
Chris Raible
e0dae46dfc
Added basic instrumentation to the database connection pool (#19589)
no issue

- To help debug potential causes of slow/aborted get helpers, it would
be cool to get more visibility into how Ghost handles database
connections, particularly if it has to spend a long time waiting to
acquire a new connection from the pool.
- Under the hood, knex uses a package called tarn
(https://github.com/Vincit/tarn.js/tree/3.0.2) to manage the connection
pool. Tarn provides some hooks for instrumentation, so we can use those
to get some basic visibility into the connection pool.
- This PR adds handling for creating, acquiring and releasing
connections from Tarn's connection pool which logs some basic metrics,
particularly the queue length and time it takes to acquire a connection.
2024-01-29 10:25:35 -08:00
Ghost CI
1d4b076670 v5.77.0 2024-01-29 15:36:59 +00:00
renovate[bot]
e45eb3e222 Update dependency mysql2 to v3.9.1 2024-01-29 13:06:38 +00:00
renovate[bot]
b2712065df Update dependency express-session to v1.18.0 2024-01-29 01:10:26 +00:00
Ronald Langeveld
b490534983
Fixed flaky portal tests (#19596)
no issue
2024-01-28 23:04:39 +04:00
Sag
1e988cccff
Revert Portal changes (#19594)
no issue

- This revert recent changes made to Portal, that may be causing the
Free tier to not render properly on Ghost sites
2024-01-27 01:46:59 +01:00
Sag
24952ab3df
🎨 Improved Portal and Portal settings (#19584)
no issue

---------

Co-authored-by: Simon Backx <simon@ghost.org>
Co-authored-by: Djordje Vlaisavljevic <dzvlais@gmail.com>
2024-01-26 10:38:00 +01:00
renovate[bot]
07dbcb0715 Update dependency mysql2 to v3.9.0 2024-01-26 08:38:20 +00:00
renovate[bot]
8b36aa03d1 Update dependency newrelic to v11.10.1 2024-01-25 22:04:39 +00:00
Ronald Langeveld
0c95111f8e
🎨 Admin X - Offers (#19520)
no issue

- Offers rebuilt in React and now located in Settings.
2024-01-25 12:41:54 +00:00
Chris Raible
794ef85968
Added Sentry instrumentation for get helpers (#19576)
no issue

- To help debug ABORTED_GET_HELPER errors, this PR adds Sentry
instrumentation to the get helpers
- It also adds the homepage, any pages/posts, the tag page, and the
author page to the list of transactions that will send to Sentry
2024-01-24 18:50:48 -08:00
Ghost CI
5e0bcc5a38 Merged v5.76.2 into main 2024-01-24 17:37:40 +00:00
Ghost CI
922af6defe v5.76.2 2024-01-24 17:37:39 +00:00
Steve Larson
f9adc59774 🐛 Fixed custom excerpts sometimes being cut off (#19560)
refs TryGhost/Ghost#19559
- custom excerpts are truncated based on character length
- escaped characters added extra length but we didn't account for this,
resulting in poor truncation of excerpts
2024-01-24 10:55:49 -06:00
renovate[bot]
f22e0eb2dd Update dependency cookie-session to v2.1.0 2024-01-24 05:11:56 +00:00
renovate[bot]
b0a9d3541e Update dependency mysql2 to v3.8.0 2024-01-23 20:56:42 +00:00
Steve Larson
40891272dc
🐛 Fixed custom excerpts sometimes being cut off (#19560)
refs TryGhost/Ghost#19559
- custom excerpts are truncated based on character length
- escaped characters added extra length but we didn't account for this,
resulting in poor truncation of excerpts
2024-01-23 14:45:27 -06:00
Sag
5469e76852
Fixed reply-to address to stay the same after dmarc changes (#19542)
fixes PROD-102
- after dmarc changes, replies from members should keep going to any previously set
reply-to email address by the publisher
2024-01-23 16:22:40 +01:00
Simon Backx
eb063f7a40
Fixed clearing invalid sender_email when changing newsletter sender_reply_to (#19555)
fixes PROD-102

When a newsletter has a sender_email stored in the database that Ghost
is not allowed to send from, we no longer return it as sender_email in
the API. Instead we return it as the sender_reply_to. That way the
expected behaviour is shown correctly in the frontend and the API result
also makes more sense.

In addition to that, when a change is made to a newsletters reply_to
address we'll clear any invalid sender_email values in that newsletter.
That makes sure we can clear the sender_reply_to value instead of
keeping the current fallback to sender_email if that one is stored.

On top of that, this change correclty updates the browse endpoint to use
the newsletter service instead of directly using the model.
2024-01-23 16:10:11 +01:00
Michael Barrett
57810cd34e
Added allowlist for Sentry transactions (#19538)
refs
[ARCH-41](https://linear.app/tryghost/issue/ARCH-41/add-allowlist-for-sentry-transactions)

Added allowlist for Sentry transactions so that we can better control
the data we are putting into Sentry
2024-01-23 08:22:57 +00:00
renovate[bot]
aa5cd13aec Update dependency newrelic to v11.10.0 2024-01-22 22:21:29 +00:00
Kevin Ansfield
15897096b0
🐛 Fixed broken access to preview of scheduled email-only posts (#19539)
no issue

- we recently added a redirect to disable access to the preview endpoint for sent email-only posts but the condition was too broad and also disabled access to scheduled email-only posts
- adjusted so we only apply the /p/ -> /email/ redirect for sent posts
2024-01-22 14:20:50 +00:00
Ghost CI
f4e20ad247 Merged v5.76.1 into main 2024-01-22 09:00:44 +00:00
Ghost CI
5a630b6aa4 v5.76.1 2024-01-22 09:00:42 +00:00
Chris Raible
d1f9dab1d5
🐛 Fixed externally hosted images overflowing in Outlook (#19527)
refs TryGhost/Product#4243

- Externally hosted images added in the editor were not populating the
`width` and `height` attributes, which could result in overflowing
images in certain email clients, particularly Outlook.
- This fix populates the `width` and `height` attributes in the editor
when adding an external image by URL or copy/pasting, which in turn
corrects the rendering in Outlook.
- Various other fixes and improvements to editor related packages, see
https://github.com/tryghost/koenig repo for more info
2024-01-22 09:44:05 +01:00
Djordje Vlaisavljevic
8511fbbdae
Updated design for sender and reply-to email address flow PROD-215 PROD-216
refs PROD-215 PROD-216

- Added toast notifications for successful sender and reply-to email
address change behind the flag, instead of the modal
- Updated email template for verifying new sender or reply-to email
2024-01-22 09:43:48 +01:00
renovate[bot]
c9d571354f
🐛 Fixed rare rendering issue of lists appearing as headings (#19511)
closes https://github.com/TryGhost/Product/issues/4247

- bumps `@tryghost/kg-default-transforms` with a fix to our de-nesting transform so ListNode is no longer ignored as a badly nested child node which can occur through copy/paste from other editors

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-22 09:43:05 +01:00
renovate[bot]
8168fdb9be Update dependency yjs to v13.6.11 2024-01-22 00:22:10 +00:00
Chris Raible
21fc34d088
🐛 Fixed externally hosted images overflowing in Outlook (#19527)
refs TryGhost/Product#4243

- Externally hosted images added in the editor were not populating the
`width` and `height` attributes, which could result in overflowing
images in certain email clients, particularly Outlook.
- This fix populates the `width` and `height` attributes in the editor
when adding an external image by URL or copy/pasting, which in turn
corrects the rendering in Outlook.
- Various other fixes and improvements to editor related packages, see
https://github.com/tryghost/koenig repo for more info
2024-01-18 12:38:09 -08:00
Djordje Vlaisavljevic
501b1a2640
Updated design for sender and reply-to email address flow PROD-215 PROD-216
refs PROD-215 PROD-216

- Added toast notifications for successful sender and reply-to email
address change behind the flag, instead of the modal
- Updated email template for verifying new sender or reply-to email
2024-01-18 15:21:48 +00:00
Kevin Ansfield
0c5cdbf4d2
🐛 Fixed embed service trying http before https for oembed providers (#19521)
no issue

- issue reported via the forum https://forum.ghost.org/t/video-embed-break-page-on-mobile/44172
- due to historical issues we check against http/https and non-www/www URLs to match an oembed provider in case our library's provider list is out of date. However we checked http first which could match and then update the original URL to be `http` in place of `https` leading to potentially broken oembed fetch requests as was the case with http://odysee.com URLs
2024-01-18 14:42:28 +00:00
Aileen Booker
75874151fd Removed ModelEventsAnalytics
refs https://linear.app/tryghost/issue/BIZ-6/[wip]-update-segment-events

- With the removal of the `integration.added` event, we have no more model events remaining to listen to for our analytics
- Removal of the function entirely seems the easier and more straightforward way
2024-01-18 10:29:56 -04:00
Aileen Booker
e4b9305e2a Removed unneeded analytics for model events
refs https://linear.app/tryghost/issue/BIZ-6/[wip]-update-segment-events

- Removed model events to listen to: `post.published`, `page.published`, and `theme.uploaded` in segment service,  as we're not actively using those.
- Updated tests to reflect the changes (from 4 events to 1 model event)
2024-01-18 10:29:56 -04:00
Simon Backx
b30558c77c
Added cache config to stats endpoints (#19481)
no issue

Allows to enable cache via hostSettings.statsCache.enabled. This will
need proper cache timeouts in order to function correctly.

Usage in config:
```
"hostSettings": {
        "statsCache": {
            "enabled": true
        }
    },
    "adapters": {
        "cache": {
            "Redis": {
                "host": "127.0.0.1",
                "port": 6379,
                "username": "",
                "password": "",
                "ttl": 60,
                "storeConfig": {
                    "maxRetriesPerRequest": 1,
                    "enableOfflineQueue": false,
                    "retryConnectSeconds": 60
                }
            },
            "stats": {
                "adapter": "Redis",
                "ttl": 3600,
                "refreshAheadFactor": 1,
                "keyPrefix": "site:123456:stats"
            }
        }
    },
    ```
2024-01-18 15:26:49 +01:00
Daniel Lockyer
57c5f92770 Reverted "🎨 Added Offers to the new Settings (#19493)"
This reverts commit c7d7b883cc.
2024-01-18 15:04:59 +01:00
Fabien "egg" O'Carroll
c60dd779c9 Removed usage of EventAwareCacheAdapter
This logic is so simple it isn't worth having the indirection of another class.

This also removes the indirection of wrapped getters/setters, which is useful
because otherwise we need to update the wrapper with new methods each time
theunderlying implementation is changed. There was a note about losing the
context of this, but I haven't found anywhere that the context is lost.
2024-01-18 20:16:36 +07:00
Ronald Langeveld
c7d7b883cc
🎨 Added Offers to the new Settings (#19493)
no issue

- Removes flags for the new Offers in Admin X (Settings)
- Removes old Offers from the sidebar.
- See a new version of Offers in Settings. 🎨
2024-01-18 12:56:08 +00:00
renovate[bot]
89a24c3e8b
🐛 Fixed rare rendering issue of lists appearing as headings (#19511)
closes https://github.com/TryGhost/Product/issues/4247

- bumps `@tryghost/kg-default-transforms` with a fix to our de-nesting transform so ListNode is no longer ignored as a badly nested child node which can occur through copy/paste from other editors

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-18 07:19:38 +00:00
renovate[bot]
ecd54b1a63 Update dependency mysql2 to v3.7.1 2024-01-18 00:28:28 +00:00
Simon Backx
a60704c588
Revert "Added support for "Refresh Ahead" caching strategy" (#19502)
Reverts TryGhost/Ghost#19499
2024-01-17 13:12:58 +00:00
Fabien 'egg' O'Carroll
aaaa3ba797
Added support for "Refresh Ahead" caching strategy (#19499)
The main changes are:
- Updating the pipeline to allow for doing a background refresh of the
cache
- Remove the use of the EventAwareCacheWrapper for the posts public
cache

### Background refresh

This is just an initial implementation, and tbh it doesn't sit right
with me that the logic for this is in the pipeline - I think this should
sit in the cache implementation itself, and then we call out to it with
something like: `cache.get(key, fetchData)` and then the updates can
happen internally.

The `cache-manager` project actually has a method like this called
`wrap` - but every time I've used it it hangs, and debugging was a pain,
so I don't really trust it.

### EventAwareCacheWrapper

This is such a small amount of logic, I don't think it's worth creating
an entire wrapper for it, at least not a class based one. I would be
happy to refactor this to use a `Proxy` too, so that we don't have to
add methods to it each time we wanna change the underlying cache
implementation.
2024-01-17 14:00:24 +01:00
Ghost CI
3b0f99d455 v5.76.0 2024-01-17 09:16:09 +00:00
Kevin Ansfield
100e7b70c6
Added TK Reminders feature (#19491)
no issue

- keep an eye on on https://ghost.org/changelog/ for full details
2024-01-17 08:57:35 +00:00
renovate[bot]
c37642a67b Update dependency json-stable-stringify to v1.1.1 2024-01-16 23:05:24 +00:00
Kevin Ansfield
f88fdfe363
Increased test timeout for HTML transform unit tests (#19490)
closes https://github.com/TryGhost/Product/issues/4086

- JSDOM require on CI has been found to occasionally be very slow causing random timeouts
- doubled test time to eliminate the noise
2024-01-16 11:16:46 +00:00
Simon Backx
709a0cf3c4
🐛 Fixed error logging crash when email recipients count if off by 1% (#19485)
no issue

When creating the batches when sending an email, we log a message to
Sentry when there is an unexpected offset of 1% between creating the
email and actually creating the batch recipients. We used a method that
was not mapped in our Sentry proxy.

Location of error: ghost/email-service/lib/BatchSendingService.js:286
2024-01-15 16:21:11 +01:00
Michael Barrett
ed0762fb51
Removed usage of yg when using NQL (#19287)
refs https://github.com/TryGhost/NQL/pull/73

The referenced PR removes `yg` from the parsed NQL output, so we also
need to remove any usage of it in Ghost
2024-01-15 14:40:01 +00:00
renovate[bot]
524f73c545 Update dependency socket.io to v4.7.4 2024-01-14 20:54:29 +00:00
Daniel Lockyer
be6b9e437f Refactored fetching schema tables in data generator
- we want to pass in the schema tables instead of cross requiring them
  from a different package because it means the package isn't standalone
  and moving the code structure around breaks the data generator
2024-01-13 18:28:14 +01:00
renovate[bot]
09921fd2b4 Update dependency @sentry/profiling-node to v1.3.5 2024-01-12 18:05:56 +00:00
renovate[bot]
84c2fe9051 Update dependency @sentry/profiling-node to v1.3.4 2024-01-11 17:05:58 +00:00
renovate[bot]
78e2c10d3c Update dependency newrelic to v11.9.0 2024-01-10 22:17:49 +00:00
renovate[bot]
3f9598d14c Update dependency @sentry/profiling-node to v1.3.3 2024-01-08 21:57:00 +00:00
renovate[bot]
0b0c177952 Update dependency mysql2 to v3.7.0 2024-01-08 01:45:46 +00:00
Daniel Lockyer
18599fb9ce
Merged v5.75.3 into main
v5.75.3
2024-01-05 15:24:59 +01:00
Ghost CI
f21f025659 v5.75.3 2024-01-05 13:58:49 +00:00
Simon Backx
d2cb23c3fa
Wired up Docker setup script and increased data generation performance (#19420)
ref PROD-233

- Stored whether Docker is used in the config files
- When running `yarn setup`, any existing Docker container will be
reset. Run with `-y` to skip the confirmation step.
- `yarn setup` will always init the database and generate fake data
- Increased amount of default generated data to 100,000 members + 500
posts.
- Made lots of performance improvements in the data generator so we can
generate the default data in ±170s
2024-01-05 13:42:30 +00:00
Daniel Lockyer
d2ab091599
Updated snapshots for the new year
- these shouldn't be hardcoded but it changes so infrequently that we
  can just update the snapshots for now and then fix it at a later point
2024-01-05 13:31:07 +00:00
Daniel Lockyer
a667b160c1
Lazyloaded @sentry/profiling-node dependency
- we don't need to load this if we haven't configured Node profiling to occur
- this might help fix random segfaults we've been seeing in CI, which
  only started occurring after this dependency was added
2024-01-05 13:30:21 +00:00
Michael Barrett
b639993a1b
Removed Sentry Express integration (#19443)
no refs

Removed Sentry Express integration as it is not compatible with Ghost's
use of Express
2024-01-05 13:02:29 +00:00
Michael Barrett
06a413c807
Updated Sentry env to use PRO_ENV when available (#19441)
refs
[ARCH-33](https://linear.app/tryghost/issue/ARCH-33/fix-sentry-environment)

To ensure that we are correctly identifying the environment that data is
being sent to Sentry from, we can use the `PRO_ENV` environment variable
if it is available. This will be set to `production` in production and
`staging` in staging. If `PRO_ENV` is not available, we will fall back
to retrieving the environment from config (`env`)
2024-01-05 13:02:29 +00:00
Chris Raible
0feebfcf63
Added Sentry Profiling to Ghost server (#19319)
refs ARCH-29

- Added Sentry Profiling to collect more detailed performance data on
the backend.
- This feature is opt-in behind a config. To enable profiling, first
enable tracing with `sentry.tracing.enabled: true`, then set
`sentry.profiling.enabled: true` and `sentry.profiling.sampleRate` to a
decimal number between 0 and 1.
2024-01-05 12:57:18 +00:00
Michael Barrett
bd6bfe13c0
Added custom Sentry integration for Knex.js (#19315)
no refs

Added custom Sentry integration for Knex.js to trace database queries in
Sentry
2024-01-05 12:54:26 +00:00
Chris Raible
f91d046f5e
Added Sentry performance monitoring to Ghost Server (#19243)
refs ARCH-21

- We currently have NewRelic setup for a few of our largest customers
for monitoring performance, but it is too expensive to enable across all
sites
- Sentry has similar (but simpler) performance monitoring tools to keep
track of response times that are available to us for free, but we just
haven't configured them
- This PR sets up Sentry Performance monitoring for API requests so we
can have one place for monitoring errors + performance so we can stay on
top of response times more easily.
- Tracing is disabled by default, so there is no additional overhead
unless `sentry.tracing.enabled` is set to `true` in the site's config.
Additionally, `sentry.tracing.sampleRate` should be set to a decimal
value between 0 and 1. This value defaults to 0 to avoid accidentally
blowing through quota, and requires a value to explicitly be set in
order to send the traces to Sentry.
2024-01-05 12:53:36 +00:00
Michael Barrett
1263cf148e
Updated Sentry env to use PRO_ENV when available (#19441)
refs
[ARCH-33](https://linear.app/tryghost/issue/ARCH-33/fix-sentry-environment)

To ensure that we are correctly identifying the environment that data is
being sent to Sentry from, we can use the `PRO_ENV` environment variable
if it is available. This will be set to `production` in production and
`staging` in staging. If `PRO_ENV` is not available, we will fall back
to retrieving the environment from config (`env`)
2024-01-05 12:10:39 +00:00
renovate[bot]
1fa2a11cbc Update dependency knex-migrator to v5.1.7 2024-01-05 12:32:45 +01:00
renovate[bot]
85f3ef3d14 Update dependency postcss to v8.4.33 2024-01-05 11:05:49 +01:00
renovate[bot]
ce5466d017 Update dependency sqlite3 to v5.1.7 2024-01-05 11:05:15 +01:00
Michael Barrett
2d28dbe2fd
Removed Sentry Express integration (#19443)
no refs

Removed Sentry Express integration as it is not compatible with Ghost's
use of Express
2024-01-04 14:31:57 +00:00
renovate[bot]
dc45d5285a Update dependency cssnano to v6.0.3 2024-01-04 10:44:39 +01:00
Sag
1f5a42d34c
Added webmentions endpoint to robots.txt disallow (#19433)
fixes PROD-290

- in order to receive webmentions (e.g. recommendations), Ghost sites
expose a /webmentions/receive endpoint. This endpoint is wrongly being
indexed by Google as a regular page, and causes indexing errors in
Google Search Console
2024-01-03 17:30:37 +00:00
renovate[bot]
668e51e631 Update dependency newrelic to v11.8.0 2024-01-03 16:20:33 +00:00
renovate[bot]
56fd992a1f Update dependency image-size to v1.1.1 2024-01-02 17:41:16 +00:00
renovate[bot]
9e2558931f
🐛 Fixed signup card background color and editor crash when typing :, or :| (#19421)
refs https://github.com/TryGhost/Ghost/issues/19282
refs https://github.com/TryGhost/Koenig/pull/1136

- fixes signup card background color
- fixes crash when typing `:,` or `:|` or similar
2024-01-02 17:26:55 +00:00
renovate[bot]
43dbc4ca89 Update dependency cssnano to v6.0.2 2024-01-02 09:46:50 +01:00
renovate[bot]
e90e403aca Update dependency ws to v8.16.0 2024-01-02 08:39:49 +00:00
Daniel Lockyer
a86bf46347 Updated snapshots for the new year
- these shouldn't be hardcoded but it changes so infrequently that we
  can just update the snapshots for now and then fix it at a later point
2024-01-02 09:07:55 +01:00
Daniel Lockyer
d21ab1aa4e Lazyloaded @sentry/profiling-node dependency
- we don't need to load this if we haven't configured Node profiling to occur
- this might help fix random segfaults we've been seeing in CI, which
  only started occurring after this dependency was added
2024-01-02 09:07:55 +01:00
renovate[bot]
9f2365209d Update dependency image-size to v1.1.0 2023-12-28 15:32:30 +00:00
renovate[bot]
bce90d5337 Update dependency newrelic to v11.7.0 2023-12-14 22:01:01 +00:00
Daniel Lockyer
47f50e2d35
Merged v5.75.2 into main
v5.75.2
2023-12-14 13:51:23 +01:00
Ghost CI
c2ad349b78 v5.75.2 2023-12-14 12:34:56 +00:00
Sanne de Vries
255d1b1740
Added site url link to newsletter header image (#19380)
No ref
2023-12-14 12:08:10 +00:00
Chris Raible
a33ce7c20c
Added Sentry Profiling to Ghost server (#19319)
refs ARCH-29

- Added Sentry Profiling to collect more detailed performance data on
the backend.
- This feature is opt-in behind a config. To enable profiling, first
enable tracing with `sentry.tracing.enabled: true`, then set
`sentry.profiling.enabled: true` and `sentry.profiling.sampleRate` to a
decimal number between 0 and 1.
2023-12-13 21:53:19 -08:00
Joel DeSante
dc7e2b9261
🐛Fixed XSS vulnerability involving post excerpts (#17190)
closes https://github.com/TryGhost/Ghost/issues/17058

- Uses the lodash `escape` function.
- Avoids XSS vulnerabilities in post excerpts.
2023-12-13 15:23:48 -06:00
Daniel Lockyer
20b0890a02 Cleaned up duplicate await
- noticed whilst bouncing around the codebase
- shouldn't change anything but it gets rid of some tsserver warnings
2023-12-13 11:54:31 +01:00
Chris Raible
c90e033fcf
Added an email rendering test for all Koenig cards (#19059)
refs TryGhost/Product#4125

This PR adds two new integration tests to ensure all our Koenig cards
are rendered properly after going through the EmailRenderer. Although we
have thorough tests for the cards themselves in the Koenig repo, the
EmailRenderer does post-processing on the rendered HTML, such as
inlining CSS, which can adversely impact the rendered output of our
cards in email clients (usually Outlook).

Since email newsletters are a core feature of Ghost, these bugs are
typically fairly urgent, and since it is email, they are also quite
difficult to troubleshoot and fix. These two tests are intended to
prevent bugs of this sort, which in the past have been created by
seemingly harmless changes like bumping dependencies that are used in
the EmailRenderer.

The idea is to create a 'Golden Post' which has at least 1 of every card
from Koenig, run that post through the EmailRenderer, and take a
snapshot of the rendered HTML. In the future, if we make any changes to
the EmailRenderer or the Koenig cards themselves, this will trigger us
to carefully consider the changes, and it provides an 'expected' output
to compare our changes against.

Additionally, the second test simply checks that all cards from
`kg-default-nodes` are included in the 'Golden Post'. This protects
against any new cards that we will add in the future — as soon as we add
them to Koenig and bump `kg-default-nodes` in Ghost, this test will
fail, prompting us to add the new card to the Golden Post and update the
snapshots.

We should also run the 'Golden Post' through a test in Litmus, which
allows us to visually inspect the rendered email across many different
email clients. Ideally we would create a process to review the output of
the 'Golden Post' in Litmus whenever we update the snapshot as well.
2023-12-12 16:05:04 -08:00
renovate[bot]
45891f83b1 Update dependency ws to v8.15.1 2023-12-12 21:10:38 +00:00
Kevin Ansfield
565b9b245e
🐛 Fixed callout card not rendering all inline formats (#19343)
refs https://github.com/TryGhost/Ghost/issues/19129

- bumps Koenig packages containing fix for callout card rendering
2023-12-12 19:00:32 +00:00
Kevin Ansfield
9706754d6a
🐛 Fixed quote and aside formatting being lost in single-block snippets (#19341)
refs https://github.com/TryGhost/Product/issues/4197

- bumped Koenig packages containing fix for snippets capturing plain text when only the text of an aside or quote block is selected
2023-12-12 17:56:21 +00:00
Simon Backx
60fb2e3139
Added quantities and seed option to the data generator (#19330)
ref PROD-243
2023-12-12 12:50:55 +01:00
Michael Barrett
95eaaad459
Added custom Sentry integration for Knex.js (#19315)
no refs

Added custom Sentry integration for Knex.js to trace database queries in
Sentry
2023-12-12 11:09:49 +00:00
Sanne de Vries
98ff45647c
🎨 Updated editor layout to be more mobile friendly (#19327)
Refs https://github.com/TryGhost/Ghost/issues/18690
2023-12-12 11:51:59 +01:00
Steve Larson
ccc9c9bdd8
Removed emoji picker feature flag (#19314)
closes TryGhost/Product#4109
- requires new editor packages which are bumped in this commit
2023-12-11 09:51:37 -06:00
Kevin Ansfield
1479c55068
🐛 Fixed video uploads hanging in editor when using iOS (#19302)
refs https://github.com/TryGhost/Koenig/issues/1121

- bumps `@tryghost/koenig-lexical` to version including fix (https://github.com/TryGhost/Koenig/pull/1122)
2023-12-11 11:27:59 +00:00
Ronald Langeveld
c969dd18a8
Revert "Fixed private mode cookie for local development (#17938)" (#19298)
This reverts commit f303eee8a4.

refs https://ghost.slack.com/archives/C0568LN2CGJ/p1702277420152709
https://linear.app/tryghost/issue/PROD-46/rss-url-for-private-mode-site-is-hardcoded
2023-12-11 09:18:03 +00:00
renovate[bot]
9fae565673 Update sentry-javascript monorepo to v7.86.0 2023-12-11 09:48:49 +01:00
renovate[bot]
2caf1ec93a Update dependency ws to v8.15.0 2023-12-11 03:41:38 +00:00
renovate[bot]
8cbf133614 Update dependency newrelic to v11.6.1 2023-12-07 19:41:46 +00:00
Daniel Lockyer
db16e565bc Added --print-dependencies to data generator
refs https://github.com/TryGhost/DevOps/issues/119

- this allows you to debug the dependency chain to understand why a
  particular table is being generated
2023-12-07 14:44:00 +01:00
Chris Raible
1b43b5c60a
Added Sentry performance monitoring to Ghost Server (#19243)
refs ARCH-21

- We currently have NewRelic setup for a few of our largest customers
for monitoring performance, but it is too expensive to enable across all
sites
- Sentry has similar (but simpler) performance monitoring tools to keep
track of response times that are available to us for free, but we just
haven't configured them
- This PR sets up Sentry Performance monitoring for API requests so we
can have one place for monitoring errors + performance so we can stay on
top of response times more easily.
- Tracing is disabled by default, so there is no additional overhead
unless `sentry.tracing.enabled` is set to `true` in the site's config.
Additionally, `sentry.tracing.sampleRate` should be set to a decimal
value between 0 and 1. This value defaults to 0 to avoid accidentally
blowing through quota, and requires a value to explicitly be set in
order to send the traces to Sentry.
2023-12-06 15:04:35 -08:00
Steve Larson
d696e8b2e2
Added support for TK tracking inside cards (#19247)
refs https://github.com/TryGhost/Product/issues/4209

- bumped Koenig packages
  - `koenig-lexical` added nested editor TK support
  - all packages dropped Node 16 support
- switched to using `isTKEnabled` prop and `<TKCountPlugin>`

Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2023-12-06 11:32:36 +00:00
Simon Backx
3f6ea04c43
Added portal default plan setting (#19238)
fixes PROD-61

This adds a new default plan setting. It defaults to yearly, which is
the current default selected interval in Portal.

Behind the new portal improvements feature flag, the default plan can be
changed. It will also change automatically if the available intervals
are changed.

This PR also wires up passing the new setting to the Portal preview.
2023-12-06 11:39:58 +01:00
Simon Backx
7c8a141264 Bumped Portal to 2.37.x
no issue
2023-12-06 11:30:47 +01:00
renovate[bot]
351e93ebca Update dependency lib0 to v0.2.88 2023-12-04 22:09:17 +01:00
renovate[bot]
e2a6a83fb6 Update sentry-javascript monorepo to v7.85.0 2023-12-04 22:05:42 +01:00
Djordje Vlaisavljevic
36294c6482 Added feature flag for portal improvements
refs GRO-154
2023-12-04 18:16:23 +00:00
Ghost CI
feb15d2273 Merged v5.75.1 into main 2023-12-04 14:56:08 +00:00
Ghost CI
9ac050dfe9 v5.75.1 2023-12-04 14:56:05 +00:00
renovate[bot]
50d40f298f Update dependency knex-migrator to v5.1.6 2023-12-04 15:21:00 +01:00
renovate[bot]
6f3d16f75b Update dependency postcss to v8.4.32 2023-12-04 08:37:46 +01:00
Ghost CI
90656aa047 v5.75.0 2023-12-01 16:04:16 +00:00
Ghost CI
643ec589a9 🎨 Updated Source to v1.1.2 2023-12-01 16:04:16 +00:00
renovate[bot]
de2482736e Update sentry-javascript monorepo to v7.84.0 2023-12-01 08:58:32 +01:00
Jono M
642c7f39cd
Fixed bugs with newsletter creation in admin (#19201)
refs ADM-4
2023-11-30 15:07:02 +00:00