Commit Graph

6928 Commits

Author SHA1 Message Date
Hannah Wolfe
03e4acdb37 🐛 Subscribers: validate urls (#7540)
no issue

- Ensure URLs submitted via form are sanitized so that we only accept real urls
- Add some tests for the isEmptyOrURL validator
2016-10-14 16:31:20 +02:00
Ryan McCarvill
ea2c3a0a3f Markdown card (#7568)
Refs #7429
- Added mobiledoc card, this uses the mobiledoc editor from within Ghost. In the future we'll pull this out and replace it with a textarea as the preview is too small to fit in the content.
- Made the HTML editor a codemirror editor (pulled in from ghost-admin to save duplicating libraries).
- Ghost-Admin now passes the paths for the ghost-api and the image directory for tools.
- Fixed the scrolling issue.
2016-10-14 14:42:48 +02:00
Katharina Irrgang
56a2e56b1c 🎨 fetch all scheduled posts on bootstrap (#7567)
refs #7555
- remove filters, they can cause problems
2016-10-14 13:39:10 +01:00
Katharina Irrgang
8cd5d9f6fe 🎨 register events in base model (#7560)
refs #7432

- all models implemented it's own initialize fn to register events
- we can register all events in the base model
- important: we only listen on the event, if the model has defined a hook for it
- this is just a small clean up PR
- register more bookshelf events
2016-10-14 13:37:01 +01:00
Hannah Wolfe
4411f8254f 🎉 🎨 Remove middleware/index.js (#7548)
closes #4172, closes #6948, refs #7491, refs #7488, refs #7542, refs #7484

* 🎨 Co-locate all admin-related code in /admin
- move all the admin related code from controllers, routes and helpers into a single location
- add error handling middleware explicitly to adminApp
- re-order blogApp middleware to ensure the shared middleware is mounted after the adminApp
- TODO: rethink the structure of /admin, this should probably be an internal app

* 💄 Group global middleware together

- There are only a few pieces of middleware which are "global"
- These are needed for the admin, blog and api
- Everything else is only needed in one or two places

*  Introduce a separate blogApp

- create a brand-new blogApp
- mount all blog/theme only middleware etc onto blogApp
- mount error handling on blogApp only

* 🎨 Separate error handling for HTML & API JSON

- split JSON and HTML error handling into separate functions
- re-introduce a way to not output the stack for certain errors
- add more tests around errors & an assertion framework for checking JSON Errors
- TODO: better 404 handling for static assets

Rationale:

The API is very different to the blog/admin panel:
 - It is intended to only ever serve JSON, never HTML responses
 - It is intended to always serve JSON

Meanwhile the blog and admin panel have no need for JSON errors,
when an error happens on those pages, we should serve HTML pages
which are nicely formatted with the error & using the correct template

* 🐛 Fix checkSSL to work for subapps

- in order to make this work on a sub app we need to use the pattern `req.originalUrl || req.url`

* 🔥 Get rid of decide-is-admin (part 1/2)

- delete decide-is-admin & tests
- add two small functions to apiApp and adminApp to set res.isAdmin
- mount checkSSL on all the apps
- TODO: deduplicate the calls to checkSSL by making blogApp a subApp :D
- PART 2/2: finish cleaning this up by removing it from where it's not needed and giving it a more specific name

Rationale:

Now that we have both an adminApp and an apiApp,
we can temporarily replace this weird path-matching middleware
with middleware that sets res.isAdmin for api & admin

* 🎨 Wire up prettyURLs on all Apps

- prettyURLs is needed for all requests
- it cannot be global because it has to live after asset middleware, and before routing
- this does not result in duplicate redirects, but does result in duplicate checks
- TODO: resolve extra middleware in stack by making blogApp a sub app

* ⏱ Add debug to API setup

* 🎨 Rename blogApp -> parentApp in middleware

* 🎨 Co-locate all blog-related code in /blog

- Move all of the blogApp code from middleware/index.js to blog/app.js
- Move routes/frontend.js to blog/routes.js
- Remove the routes/index.js and routes folder, this is empty now!
- @TODO is blog the best name for this? 🤔
- @TODO sort out the big hunk of asset-related mess
- @TODO also separate out the concept of theme from blog

* 🎉 Replace middleware index with server/app.js

- The final piece of the puzzle! 🎉 🎈 🎂
- We no longer have our horrendous middleware/index.js
- Instead, we have a set of app.js files, which all use a familiar pattern

* 💄 Error handling fixups
2016-10-13 17:24:09 +02:00
Katharina Irrgang
4abb9590a1 add token utils (#7554)
no issue
- preperation for User model refactoring
- add independent util to generate reset hash, compare a hash and extract information out of it
- this code is basically a copy/paste of User model (generateResetToken, validateToken)
2016-10-13 13:54:44 +01:00
Katharina Irrgang
5b9c213849 🎨 change gravatar file design (#7553)
no issue
- preperation for User model refactoring
- the rule is:
  --> when calling a unit, this unit should return something new
  --> and NOT modifying an existing object and return it (this is an unexpected behaviour, especially for utils and libs)
2016-10-13 13:52:22 +01:00
Greenkeeper
da9c6be06c chore(package): update passport-ghost to version 1.0.1 (#7559)
https://greenkeeper.io/
2016-10-13 13:03:27 +02:00
Katharina Irrgang
48c01162a3 🎨 decrease timeout for scheduling (#7556)
refs #7555
- temporary fix to make travis green
- that should not have a any bad effect on scheduling
- we just let the job awake a bit later
- the job logic is strong enough to catch the job if setTimeout awakes too late (that can happen, because setTimeout is not accurate)
- if (moment().diff(moment(Number(timestamp))) <= self.beforePingInMs) --> is smaller ensures that even if the diff is negative, it get's executed
2016-10-13 09:49:10 +01:00
Katharina Irrgang
869a35c97d migrations: seeding is part of init db task (#7545)
* 🎨  move heart of fixtures to schema folder and change user model

- add fixtures.json to schema folder
- add fixture utils to schema folder
- keep all the logic!

--> FIXTURE.JSON
- add owner user with roles

--> USER MODEL
- add password as default
- findAll: allow querying inactive users when internal context (defaultFilters)
- findOne: do not remove values from original object!
- add: do not remove values from original object!

* 🔥  remove migrations key from default_settings.json

- this was a temporary invention for an older migration script
- sephiroth keep alls needed information in a migration collection

* 🔥   add code property to errors

- add code property to errors
- IMPORTANT: please share your opinion about that
- this is a copy paste behaviour of how node is doing that (errno, code etc.)
- so code specifies a GhostError

* 🎨  change error handling in versioning

- no need to throw specific database errors anymore (this was just a temporary solution)
- now: we are throwing real DatabaseVersionErrors
- specified by a code
- background: the versioning unit has not idea about seeding and population of the database
- it just throws what it knows --> database version does not exist or settings table does not exist

* 🎨  sephiroth optimisations

- added getPath function to get the path to init scripts and migration scripts
- migrationPath is still hardcoded (see TODO)
- tidy up database naming to transacting

*   migration init scripts are now complete

- 1. add tables
- 2. add fixtures
- 3. add default settings

* 🎨  important: make bootup script smaller!

- remove all TODO'S except of one
- no seeding logic in bootup script anymore 🕵🏻

*   sephiroth: allow params for init command

- param: skip (do not run this script)
- param: only (only run this script)
- very simple way

* 🎨  adapt tests and test env

- do not use migrate.populate anymore
- use sephiroth instead
- jscs/jshint

* 🎨  fix User model status checks
2016-10-12 16:18:57 +01:00
Katharina Irrgang
22589e8b91 🎨 Ghost OAuth improvements (#7550)
refs #7452

- 🎨  logging.debug for public client registration
- 🎨  add tests for passport ghost
- improve readability for passport file
- add basic tests
2016-10-12 12:11:56 +01:00
Kevin Ansfield
06151ef5ac 🐛 send correct token expiration time (#7547)
no issue

When using Ghost OAuth, exchanging the authorization code for an access token was returning a token along with an `expires_in` property containing a JavaScript date representation rather than the number of seconds the token is valid for. This was resulting in the client expecting it's access token to be valid until the year 48796(!) and so never attempting to refresh it's access_token.

- return token expiration time of 3600 seconds / 1hr
2016-10-12 10:19:33 +02:00
Katharina Irrgang
50f383ef0b 🐛 logging: error output format (#7546)
no issue
- the format for standalone error was wrong
2016-10-11 19:03:14 +01:00
Katharina Irrgang
677502813e 🎨 replace process.env.NODE_ENV usages by config.get('env') (#7544)
closes #6629

- i had the case that in gravatar process.env.NODE_ENV was undefined and indexOf of undefined crashe my application
- so always use config to read current env
2016-10-11 13:53:52 +01:00
Katharina Irrgang
9fad7f1d69 use migration runner for init db (#7502)
refs #7489

* 🎨  protect error when creating owner
* 🎨  reset migration table
- temporary solution, see TODO's
* 🎨  use sephiroth in bootUp script
- do not populate the database
- ask sephiroth for database state
- do seeding manually (this will be removed in next seeding PR)
* 🎨  rewrite createTableIfNotExists because it causes error when running twice
- see knex issue
- hasTable and createTable
- indexes can cause trouble when calling them twice
* 🎨  tests: populate db in test env
- when forking db
- when starting ghost()
- this basically affects only the functional tests
* 🎨  server spec test adaption
- we now throw an error when database is not populated, instead of populating the database
* 🎨   migration spec adaption
- reset database now deletes migration table
- we will move the reset script into sephiroth and then we make it pretty
* 🎨  error creation adaption in bootUp
* 🎨  fixes
- sephiroth error handling
- fix tests
2016-10-11 13:37:11 +01:00
Kevin Ansfield
49191c9023 🎨 improve gulp dev reload behaviour (#7543)
refs #7427
- prevent unnecessary reloads of the server due to changes in client files, this makes working on the client as quick/painless as the old `grunt dev` command
- fix nodemon `watch` config - it only accepts directories not files
- update nodemon `ignore` config - directories should be specified without a `/*`, add directories that are changed on each client re-compile
2016-10-11 14:06:07 +02:00
Hannah Wolfe
61bf54ec88 🎉 Middleware refactor: Give the API its own express App (#7537)
refs #4172

* 🎨 Use bodyParser only where it is needed

This is a pretty extreme optimisation, however in the interests of killing middleware/index.js it
seemed prudent to move towards not having in there that wasn't strictly necessary 😁

We should reassess how apps do this sort of thing, but it seems pretty sane to declare bodyParsing
if and only if it is necessary.

* 🎨 Move all API code to API router

* 🎨 Refactor API into an App, not just a router

- Apps have their own rendering engines, only the frontend & the admin panel need views
- The API should be JSON only, with minimal middleware
- Individual sections within the API could/should be treated as Routers

* 🎨 Flatten API middleware inclusion

- get rid of the weird middleware object
- move the api-only middleware into the middleware/api folder
2016-10-11 10:36:00 +02:00
Katharina Irrgang
0227efb41b 🐛 logging: always print body of standalone error (#7535)
- we can see the logging mode as HTTP mode
- standalone logging should still log everything
- tidy up the PrettyStreamer a little big and add current expectation tests
2016-10-11 07:26:37 +01:00
Hannah Wolfe
59e2694acf Misc Middleware cleanup (#7526)
* 💄 Combine slashes & uncapitalise middleware

- these bits of middleware belong together
- ideally they should be optimised

* 🎨 Move ghostLocals out of themeHandler

GhostLocals sets several important values which are needed for every part of the application,
admin, api and theme. Therefore, it doesn't make sense for it to be bundled in the themeHandler.

* 🐛 Fix the uncapitalise middleware

- Updated to make correct use of req.baseUrl, req.path, req.url & req.originalUrl
- Updated the tests to actually cover our weird cases

* 🎨 Move ghostVersion logic out of config

* 💄 Group static / asset-related middleware together

* 🔥 Remove /shared/ asset handling

- The 5 files which are located in `/shared/` are all handled by individual calls to `serveSharedFile`
- Therefore this code is redundant
2016-10-10 21:14:32 +02:00
Greenkeeper
a533010cfd chore(package): update nock to version 8.1.0 (#7534)
https://greenkeeper.io/
2016-10-10 18:49:10 +01:00
Greenkeeper
ce396d1117 chore(package): update should to version 11.1.1 (#7530)
https://greenkeeper.io/
2016-10-10 18:32:43 +01:00
Greenkeeper
57eb8ce4a4 chore(package): update mocha to version 3.1.1 (#7527)
https://greenkeeper.io/
2016-10-10 18:32:36 +01:00
Katharina Irrgang
8d9414e8ba 🎨 optimise sephiroth error handling (#7531)
refs #7489
2016-10-10 18:31:32 +01:00
Katharina Irrgang
f570aaef3c 🎨 optimise error to inherit from in GhostError prototype (#7529)
refs #7116
- add errors_spec
- inherit all given attribute values
2016-10-10 18:30:30 +01:00
Hannah Wolfe
2e9aa8c465 Version bump to 1.0.0-alpha.4 2016-10-10 17:08:54 +01:00
Hannah Wolfe
1bb27cc0e4 Updated Ghost-Admin to 1.0.0-alpha.4 2016-10-10 17:08:54 +01:00
Katharina Irrgang
29a48d0856 🐛 logging: temporary fix for info,warn and debug logging (#7533)
- GhostLogging always expected an stdout stream
- so it was not possible to use production env with GhostLogger, because an error was happening
- temporary fix!
2016-10-10 17:03:34 +01:00
Hannah Wolfe
64ac53cef0 🐛 Short log still needs data.msg (#7532)
- to see the problem, migrate a fresh DB in short mode
- this would output [INFO] but no info!
2016-10-10 16:55:39 +02:00
Hannah Wolfe
d979bd442e 🎨 Add support for short one-line log format (#7523)
refs #7116

- The long format logs were making it hard to see the debug statements
- Seeing headers for every asset is a bit much
- "short" format doesn't output bodyPretty
- This needs love as there's no reason to calculate bodyPretty if we aren't using it
- The default output should be discussed
- req.url doesn't include the full path when apps are mounted
- Use mode instead of format & pass config correctly
2016-10-10 16:17:16 +02:00
Katharina Irrgang
c4fa34224f Migration runner - first iteration (#7501)
refs #7489
- add independent migratio runner
- add init script
- this is not connected to Ghost yet, but next PR will
2016-10-10 13:27:31 +01:00
Katharina Irrgang
637d177cac 🎨 operate on separate nconf instance (#7528)
refs #7488

- if multiple projects use nconf, they all operate on the same cached nconf instance
- that can cause trouble
2016-10-10 13:04:00 +01:00
Sebastian Gierlinger
8370aa51a8 nconf separator (#7518)
refs #7488 

If you want to set properties for our configuration values using
environment variables on the command line, Linux and MacOS return an
invalid identifier error.

```
$ export database:connection:host=127.0.0.1
-bash: export: `database:connection:host=127.0.0.1': not a valid
identifier
```

According to the nconf documentation a custom separator can be set. The
docs suggest `'__'` which this PR adds.
2016-10-10 11:43:17 +02:00
Hannah Wolfe
01f5dc238f 🔥 Remove the deprecated body classes (#7510)
closes #2597

- Remove .archive-template
- Remove .page
- Don't output .post-template on pages
- Use `page-slug` instead of `page-template-slug`
- Always output `page-slug` irrelevant of whether or not there is a custom template
2016-10-10 11:38:12 +02:00
Greenkeeper
613015c792 chore(package): update knex to version 0.12.3 (#7524)
https://greenkeeper.io/
2016-10-10 10:24:05 +01:00
Kevin Ansfield
8f3552657c Update Ghost-Admin: Move internal tags out of labs 2016-10-10 09:52:18 +01:00
Hannah Wolfe
63094d3cc7 Move internal tags out of labs (#7519)
closes #6165

- internal tags has been in labs for a couple of months, we've fixed some bugs & are ready to ship
- removes all code that tests for the labs flag
- also refactors the various usage of the visibility filter into a single util
- all the tests still pass!!!
- this marks #6165 as closed because I think the remaining UI tasks will be handled as part of a larger piece of work
2016-10-10 09:51:03 +01:00
Hannah Wolfe
f57719daa8 Update Ghost-Admin: Editor upgrade 2016-10-10 07:15:16 +01:00
Greenkeeper
0f3d013ecc chore(package): update moment-timezone to version 0.5.6 (#7522)
https://greenkeeper.io/
2016-10-10 07:11:09 +01:00
Ryan McCarvill
ff9e6b5393 Upgraded editor (#7516)
refs #7429

Finally it's starting to feel like a real editor, although there will be another version bump over the weekend which improves the toolbar behaviour and usability, and enables image uploading.

- Added the start of a new toolbar, what we're (well I am) calling the Owesome bar, not to be confused with the Firefox Awesome bar. It's a cultural thing. (google "O for awesome").
- The idea of dragging and dropping cards has been removed for now, although the code will still be in there as we will support dragging cards around fairly shortly. When apps are included a better card interface will be required for a larger amount of app created content cards (Oh yeah!)
- Ghost Server now pulls in it's configuration from Ghost-Editor, this allows Ghost-Editor to a) keep cards up to date, and b) define what happens if a card is missing.
- The whole cards in admin written in ember and cards in server written in javascript thing is still very much a work in progress, it's kind of messy as we find the optimum solution (which isn't the current sollution).

So yeah, this is a WIP not the final styling, not the final interactions, not the final anything... :)

Adds a new mobile doc editor which has:
- A new toolbar
- Basic image uploading capability
2016-10-10 07:09:32 +01:00
Hannah Wolfe
c74f65683e 🎨 Change asset path to /ghost/assets (#7504)
closes #7503

- Update this server-side to serve assets from ghost/assets
- a Ghost-Admin PR changes the client to always request them from there
2016-10-07 17:05:36 -05:00
Austin Burdine
2550cdcac6 Update Ghost-Admin: asset path change 2016-10-07 21:22:26 +00:00
Greenkeeper
8f42678ba6 chore(package): update gulp-nodemon to version 2.2.1 (#7455)
https://greenkeeper.io/
2016-10-07 18:22:04 +01:00
Hannah Wolfe
74b5d67001 ⬆️ deps: bookshelf@0.10.2 2016-10-07 16:44:29 +01:00
Greenkeeper
d6b1b06024 chore(package): update lodash to version 4.16.4 (#7505)
https://greenkeeper.io/
2016-10-07 16:30:18 +01:00
Hannah Wolfe
2ca5bc2f35 Upgrading Casper to 1.3.3 2016-10-07 16:13:33 +01:00
Greenkeeper
4b7d4b6ed7 chore(package): update sqlite3 to version 3.1.6 (#7513)
https://greenkeeper.io/
2016-10-07 11:37:13 +01:00
Katharina Irrgang
f9561eed29 🎨 use nullable(false) for knex schema builder (#7511)
refs #7470
2016-10-07 10:17:39 +01:00
Katharina Irrgang
c8691a85c5 🐛 tests: fix fork config (#7508)
closes #7506
2016-10-06 20:40:01 +01:00
Hannah Wolfe
a98efe1b68 🔥 Remove deprecated pageUrl helper (#7509)
closes #2217

- This helper has been deprecated in favour of `page_url` for more than 2 years!!!
- Ghost 1.0.0 is the end of all of this 💩
2016-10-06 20:47:37 +02:00
Katharina Irrgang
e2e83a0f7b Migration: New database versioning (#7499)
refs #7489

- new database versioning scheme which is based upon the Ghost version, and so easier to reason about
- massive refactor of all the version related code 

Summary of changes:

*   new error: DatabaseNotSeeded
* 🎨  change versioning module
  - versioning is based on Ghost Version
* 🎨  change bootUp file
  - add big picture description
  - version error get's trigger from versioning module
* 🎨  default setting for database version is null
  - very important change: this is caused by the big picture
  - see bootUp description
  - the database version get's set by the seed script later
  - db version is by default null
  - 1. population happens (we ensure that this has finished, by checking if each table exists)   
  - 2. seeds happening (we ensure that seeds happend if database version is set to X.X)
* 🎨  temporary change for population logic
  - set database version after population happens
  - ensure population of default settings happend before
  - both: get's removed in next iteration
* 🎨  adapt tests && mark TODO's
* 🎨  err instance checking
2016-10-06 14:50:55 +01:00