Commit Graph

148 Commits

Author SHA1 Message Date
Hannah Wolfe
f3174de9e2 Cache control for private blogs
no issue

- private blogs need to not be cached, so that the cookie is always checked
2015-05-20 21:44:42 +01:00
Hannah Wolfe
023755c566 Cache invalidate for previews
no issue

- draft updates now need to affect the preview route
2015-05-19 18:32:00 +01:00
Hannah Wolfe
050b03d2bd Cache control middleware refactor
refs #5286

- split cache control middleware into its own file
- split out cache control tests
- add new mochacli command for running just middleware tests
2015-05-18 22:20:26 +01:00
Hannah Wolfe
4de1c29538 Password protect redirect optimisation
no issue

- Don't include r=%2F in the URL - we'll assume this is the default
- This is just a bit prettier
2015-05-16 20:48:54 +01:00
Hannah Wolfe
c3dda5e5c4 Theming updates for password protection
refs #4993, #5073

- Removed nonexistent helpers siteDescription and bodyClass from admin templates
- Changed password.hbs to private.hbs to match the route name
- added a new input_password helper for rendering the password input with the correct properties
- removed the forward input as this can be handled via urls only
- moved 'private' to routeKeywords
- added 'private' context
- minor update to text next to the password in settings
2015-05-13 19:48:24 +01:00
Hannah Wolfe
bdf5c9275f Change session length to 7 days
refs #5202

- this is just a stopgap to deliver minor improvement short term,
- longer term we will do the work to refresh refresh tokens & switch this to a month
2015-05-08 15:54:12 +01:00
Jason Williams
1e5440664e Change payload storage in session cookie 2015-05-07 13:58:09 +00:00
Austin Burdine
2865662ee5 added password protection
closes #4993
- brings password protection to the frontend of blogs
- adds testing for password protection
- upgrades bcrypt-js to 2.1.0
2015-04-30 23:44:43 -05:00
Jason Williams
5cfb2e701e Allow admin app to run when active theme missing
Closes #5155
- If the theme that has been set to active is missing, set
  a default express-hbs instance on the express app and allow
  middleware processing to continue so that the admin client can
  be accessed.
- Log a warning when this happens.
- Fix issue where frontend error page was not being rendered
  correctly.
2015-04-25 20:00:04 +00:00
Hannah Wolfe
8d1e729f30 RSS Refactor with cache
refs #5091, refs #2263

- Move rss handling out of the frontend controller and into its own module
- Separate the code into logical blocks
- Wrap the generation code in a in-memory cache to prevent it being regenerated on every request
2015-04-10 21:32:14 +01:00
Hannah Wolfe
196bbfce18 Refactor sitemaps to use centralised events
fixes #5104, refs #4348, #2263

- Create a centralised event module
- Hook it up for posts, pages, tags and users
- Use it in sitemaps instead of direct method calls
- Use it for xmlrpc calls
- Check events are fired in model tests
- Update sitemap tests to work with new code
- Fix a bug where invited users were appearing in sitemaps
- Move sitemaps and xmlrpc into a directory together
2015-04-05 19:32:18 +01:00
Hannah Wolfe
4b05585631 Update express-hbs to 0.8.4
fixes #4364, refs #4439, refs #4799

- Update express-hbs to 0.8.5
- Use preventIndent option onCompile
- Update registerAsyncHelper to support passing through options when needed
2015-03-10 15:52:00 +00:00
Matt Enlow
58635b3e0a Serve files to core/built/assets/
- see core/client/lib/assets-delivery/index.js for how this is done
- Turn off ember-cli fingerprinting
- ember-cli 0.2.0; Update .npmignore
- Fallback to old version of ember-cli-sass due to lib-sass errors
- Keep ember-data at beta-14.1 until we find the dep that's breaking on snapshot.attr
- Fix release task to ignore blank lines in .npmignore
2015-03-12 15:59:02 -06:00
Matt Enlow
388a8dd3f0 Build assets with ember, and serve with ghost 2015-03-11 12:37:41 -06:00
Mark Stosberg
770317b834 Refactor: Make checkSSL unit-testable and add unit tests for it.
- Code was moved to core/server/middleware/middleware.js, which is the
  home for unit-testable middleware.

- Functional code coverage for this code also exists at:
  test/functional/routes/admin_test.js
2015-01-18 13:44:50 -05:00
Josh Vanderwillik
094d6dfc38 Make HTTPS compatible with a Ghost module
closes #4434
- Change an incorrect redirect
2015-01-17 21:23:31 -05:00
Jason Williams
d59f873aec Update dependencies
No Issue
- bluebird@2.4.2
- body-parser@1.10.0
- busboy@0.2.9
- connect-slashes@1.3.0 (remove base path option which is no
  longer needed)
- fs-extra@0.13.0
- glob@0.4.2
- passport@0.2.1
- passport-oauth2-client-password@0.1.2
- grunt-jscs@1.1.0
2014-12-25 00:22:45 +00:00
cobbspur
cbcda2faf8 Provide absolute blog url in sitemap
No issue

- Adds {{blog-url}} to sitemap.xsl
- Replaces all occurences of {{blog-url}} with absolute bkog url
2014-12-17 14:55:27 +00:00
cobbspur
7d79016af5 stop middleware converting favicon to string
closes #4658

- adds conditional to prevent favicon being processed as a string
2014-12-16 20:22:31 +00:00
cobbspur
9a0dc0be58 Adds complete url for Sitemap in robots.txt
closes #4589

- Adds {{blog-url}} to robots.txt
- Replaces {{blog-url}} with blog.url from config
2014-12-13 18:01:28 +00:00
Hannah Wolfe
818085f18c Add XSL for Sitemaps
fixes #4555

- There's no easy way to declare an XSL with the node xml module, so I
  needed to move the declarations to both be strings
- Ideally the code to serve the XSL would also be inside the sitemap
  module, but I think we need to refactor a bit to get there easily
- Added the XSL from #4559, with minor amends to make the tables and urls
  display correctly
2014-12-04 09:38:09 +00:00
Jacob Gable
2cfa18475a Generate sitemap files
Closes #623

- Add basic init and eventing scaffold
- Add sitemap-index.xml generation
- Broke out generators to individual files, added request handler
- Add page, author and tag xml files; add index mapping
- Add SiteMapManager unit tests
- Add Generators tests
- Cache invalidation headers for sitemap-*.xml
- Redirect sitemap.xml to index and rename to sitemap-index
- Handle page convert and publish/draft changes
- Add very basic functional test for route existence
- Add cache headers to sitemap routes
2014-11-30 10:49:45 -08:00
Jason Williams
1d562c8914 Add Ghost version to config object.
No Issue
- Use Ghost version value that is already loaded instead of
  reading package.json from the filesystem and parsing it on
  every call into the configuration API.
2014-11-28 18:08:50 +00:00
Fabian Becker
1d1f24d3d4 Properly server shared files
refs #3992
- Don't use path.join for URLs
- Cache robots.txt for 1h instead of 1y
2014-09-25 14:14:20 +02:00
Hannah Wolfe
e5e7488d4d Fix cache-control header for API routes
closes #4157

- adds cache-control header back to api routes
- moves cache rules object into testUtils
- adds cache-control header test to every existing API test
2014-09-25 11:06:28 +01:00
Fabian Becker
2c3abeee03 Naming cleanup
closes #4069
- Rename everything from camelCase to lowercase + dashes
- Remove usage of `server`, `app` and `instance`
2014-09-20 21:09:16 +02:00
Jason Williams
12957b1918 Adjust morgan call to avoid deprecation warning
No Issue
- Change the invocation of the morgan logging package to
  conform to the new function signature introduced in
  morgan 1.2.0.
2014-09-19 16:31:22 +00:00
Fabian Becker
9394fad6aa Have /ghost use its own express instance
closes #1961
- Refactor admin to use its own express instance
- Refactor middlewares to work with /ghost mounted admin express instance
2014-09-19 08:57:13 +00:00
Matt Enlow
a5f4fca7b2 Merge pull request #3992 from halfdan/favicon
Let Ghost serve favicon instead of using dependency
2014-09-18 18:40:22 -06:00
Fabian Becker
f2fcb5b62b Let Ghost serve favicon instead of using dependency
no ref
- Remove static-favicon dependency
- Refactor robots.txt middleware to also serve favicon
- Add ETag
2014-09-18 13:51:41 +02:00
Hannah Wolfe
aad595de7d Updating express to 4.9.2 & related packages
ref #3795

- express updated to 4.9.2
- express 4.9.0 introduced res.sendStatus() to replace res.status().end()
- we no longer need express-session, connect or cookie-parser
- body-parser, busboy, compression, express-hbs, morgan, all bumped to
  latest versions as well - there doesn't seem to be any breaking changes
2014-09-18 11:50:28 +01:00
Harry Wolff
469aaa398c Add jscs task to grunt file and clean up files to adhere to jscs rules.
resolves #1920

- updates all files to conform to style settings.
2014-09-17 21:44:29 -04:00
Hannah Wolfe
b7fdf7d872 Merge pull request #3947 from hswolff/goodbye-config-theme
Removes config.theme and restructures how theme variables are cached
2014-09-15 21:30:44 +01:00
Harry Wolff
66845def85 Moves storage module to use prototypes for inheritance and structure.
addresses #2852

- Moves storage modules to use prototypes and to create prototypes
that inherit from the base storage ctor.

- Makes storage/base conform to an all Promise interface.
2014-09-12 21:41:29 -04:00
Matt Enlow
9c0b203dce Merge pull request #3867 from hswolff/middleware-work
Makes the Ghost application more express middleware friendly.
2014-09-08 13:43:48 -06:00
Harry Wolff
2bb1b14ebd Removes config.theme and restructures how theme variables are cached
resolves #1789

- removes config/theme.js
- moves caching of theme variables to api/settings.js which is where the
rest of the settings cache occurs.  this removes the requirement of having
to push changes to cache, now it simply occurs alongside when settings
are changed.
- updates relevant tests.
2014-09-02 23:15:15 -04:00
Fabian Becker
5ab8c661ec Fix regex from #3898
refs #3898
2014-09-01 15:39:53 +02:00
Fabian Becker
a0b7941439 Restrict uncapitalise middleware for API
no ref
- Do not lowercase anything after /api/v0.1/<resource>/ to protect :key/:slug
2014-09-01 12:38:06 +00:00
Harry Wolff
8bc6a6e633 Makes the Ghost application more express middleware friendly.
refs #827

- Moves ./index to use Ghost in a similar manner to how someone uses
Ghost as an npm module.
- Allows Ghost to be cleanly mounted on another express application
on any arbitrary endpoint, all you need to customize is the mount path.
2014-08-29 17:30:16 -04:00
Hannah Wolfe
25ad4b39fd Uncapitalise middleware should not affect tokens
no issue

- Whilst testing on next, I noticed trying to signup didn't prepopulate email addresses any more, and this is why
2014-08-26 22:30:33 +01:00
Sebastian Gierlinger
cab8254539 Merge pull request #3860 from ErisDS/issue-3857
Redirect uppercase routes to lowercase version
2014-08-26 12:19:52 +02:00
Jason Williams
07ad400ee0 Replace the when promise library with bluebird.
Closes #968
2014-08-23 17:15:40 +00:00
Hannah Wolfe
6a52fc8ace Redirect uppercase routes to lowercase version
fixes #3857

- adds uncapitalise middleware which detects uppercase in req.path and
  redirects to the lowercase equivalent
- change the ghost route to a regex, just so it's consistent with other
  routes in the file
2014-08-23 17:59:58 +01:00
Sebastian Gierlinger
f0da28abb3 Fix broken status code
closes #3779
- added custom error classes for OAuth errors (bug was caused by
oauth2orize error classes)
- added basic tests for `/authentication/token` endpoints
2014-08-20 11:28:55 +02:00
Jason Williams
8fb3cddcf6 Update express and body-parser dependencies.
No Issue
- Upgrade to versions of these packages that use qs >= 1.0.0.
2014-08-11 05:20:31 +00:00
Hannah Wolfe
7d37a829c3 Switch middleware order to result in proper error
fixes #3694

- Split the res.isAdmin check out into it's own thing because we need to detect whether we are in the admin, before everything else
2014-08-08 17:17:07 +01:00
Hannah Wolfe
c95c9b45cb Merge pull request #3621 from sebgie/fix-refresh-token
Fix token refresh
2014-08-06 10:34:20 +01:00
Sebastian Gierlinger
b2e9d21018 Fix token refresh
no issue
- spam prevention causes token refresh to return an error
2014-08-06 11:11:44 +02:00
Hannah Wolfe
e315148cc5 Cleaner spam prevention error messages
closes #3589

- Full error messages appear in stderr
- Clean error messages for user
2014-08-06 10:00:21 +01:00
Sebastian Gierlinger
c62d7ba43e Improve spam prevention
closes #3544
- limit forgotten password requests to five requests per IP per hour
for different email addresses
- limit forgotten password requests to five requests per email address
- limit signin requests to ten failed requests per IP per hour
- removed special treatment for tests
2014-08-05 12:58:58 +02:00