Commit Graph

288 Commits

Author SHA1 Message Date
Fabien O'Carroll
078060abdc
Refactored members service logging and errors (#10919)
* Installed @tryghost/members-ssr@0.2.1

refs https://github.com/TryGhost/Members/issues/38

This updates allows for dynamic access of the membersApi, which will be
used in future when replacing the membersApi instance with a newly
configured one.

* Set the membersApiInstance logger to use common.logging

refs https://github.com/TryGhost/Members/issues/38

Passes the Ghost logger to the members api, so that we can keep an eye
on errors produced by the api.

* Refactored memberService use to always use getter

refs https://github.com/TryGhost/Members/issues/38

This will allow us to switch out the membersApi and the consumers of it
to have the updated reference by going through a getter.

* Installed @tryghost/members-api@0.3.0

refs https://github.com/TryGhost/Members/issues/38

Adds support for setting the logger

* Uninstalled stripe@7.0.0

refs https://github.com/TryGhost/Members/issues/38

The stripe module is now a dep of members-api, as it should be

* Updated members service to reconfigure settings

refs https://github.com/TryGhost/Members/issues/38

Previously we were unable to stop an invalidly configured members api
instance, now that we create a new instance, we can wait for the ready
or error event and only switch it out then.
2019-07-18 15:37:11 +08:00
Naz Gargol
46706646e3
Refactored authentication controller v0.1 (#10893)
refs #10060

- Modules extractions done here are meant to make upcoming migration of authentication controller to v2 more manageable and reduce code repetition
- There were couple modules extracted for different areas that controller touches: passwordrest, accept (for invitation), setup 
- The aim was to keep changes to the minimum while making small readability improvements to new functions through async/await syntax
- The biggest barrier to make more encapsulated functions was the fact that we mutate options parameter on multiple levels in the controller. e.g mutations of options.data during validation on the password reset ties it up to the implementation of doReset function
2019-07-17 12:28:16 +02:00
Vikas Potluri
b431dc56cb 🐛 Fixed error message when get helper doesn't have API access (#10892)
closes #10875
2019-07-15 14:18:58 +08:00
Fabien O'Carroll
177411045a
Moved members static pages to members api URL (#10887)
* Installed @tryghost/members-api@0.2.0

refs #10886

This will allow us to mount one router rather than having a static and
api router.

* Added members v2 api directory

refs #10886

This brings the members api more inline with how the rest of the apis
work within Ghost.

* Mounted the members api app to the api route

closes #10886

This successfully mounts the api and the static pages to the
/api/v2/members/ URL.

* Installed @tryghost/members-auth-pages@1.0.0

refs #10886

This updates the auth pages to work correctly with the new mount point.

* Changed membersUrl in members.js to use members api

refs #10886

This keeps the membersUrl lined up with the path for the static
members pages.

* Removed old members static mount point

refs #10886

These are no longer used, nor desired.

* Remove superfluous code from members service

refs #10886

This remove the gateway getter which is no longer used, and the fallback
for members not enabled - which is handled within the members app.

* Updated ssoOrigin to use admin url

refs #10886

This ensures that sites running on a separate admin domain have the
correct ssoOrigin, which is used to ensure only the designated auth
pages are used to hit the authentication endpoints.

Since the auth pages are now hosted under the `/ghost` url, they will be
on the admin origin and not the site origin
2019-07-09 19:02:44 +08:00
renovate[bot]
db53ac0721 Update Test & linting packages (major) (#10858)
no issue 

- Updated Test & linting packages
- Updated use of hasOwnProperty
- Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins)
- Removed already defined built-in global variable Intl
- Applied `--fix` with lint command on `core/test` folder
- The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes)
- Removed redundant global variable declarations to pass linting
2019-07-05 13:40:43 +02:00
renovate[bot]
1f32a1372f Update dependency got to v9 (#10861)
no issue 

- The underlying issue is the change in retry behavior in 'got' (a3e77de287)
- Now 500 responses trigger 2 default retries
- Renamed retries -> retry. As mentioned in https://github.com/sindresorhus/got/releases/v9.0.0
- Added response body error check
2019-07-04 10:36:51 +02:00
Fabien O'Carroll
683e37c764
Fixed generation of api urls for members service (#10869)
no-issue

Previously we used urlFor which wasn't setup to correctly support
members. This changes members service to use the admin URL directly
2019-07-04 12:05:56 +07:00
Rish
15a3dacf26 Fixed invalid method usage in members authentication
no issue

- `getPublicConfig` in members authentication was not called correctly
2019-06-27 15:21:21 +05:30
Fabien O'Carroll
dd727a44df
Fixed issuer when site and api are diff domains (#10806)
no-issue

The issuer value is used through the members code base as the identifier
for the members api. The existing code did not take into account that
the domain/url for the site could be different than for the admin (and
the apis).
2019-06-26 16:02:08 +07:00
Naz Gargol
0bf1542bc6
Extracted settings service part manipulating routes.yaml (#10800)
refs #10790
refs #9528

- The settings service was designed to handle more settings then just routing, but till this day there wasn't anything else added. As routes.yaml is only being used by frontend router so conceptually it fits better to have this code in frontend, so that it doesn't have to reach out to server
- The code left in server settings is the one that interacts with the database `settings` table and only partially provides information to frontend. That part is known as 'settings cache' and will be accessed through API controllers.
2019-06-25 18:33:56 +02:00
Naz Gargol
df7e64fafa
Extracted frontend folder (#10780)
refs #10790

- Moved /core/apps into core/frontend
- Moved /core/server/helpers to /core/frontend/helpers along with /core/server/services/themes
- Changed helper location in overrides
- Moved /core/server/services/routing to /core/frontend/services
- Moved /core/server/services/url to /core/frontend/services
- Moved /core/server/data/meta to /core/frontend/meta
- Moved /core/server/services/rss to /core/frontend/services
- Moved /core/server/data/xml to /core/frontend/services
2019-06-19 11:30:28 +02:00
Naz Gargol
abda6e6338
Migrated to use url-utils from Ghost-SDK (#10787)
closes #10773

- The refactoring is a substitute for `urlService.utils` used previously throughout the codebase and now extracted into the separate module in Ghost-SDK
- Added url-utils stubbing utility for test suites
- Some tests had to be refactored to avoid double mocks (when url's are being reset inside of rested 'describe' groups)
2019-06-18 15:13:55 +02:00
Nazar Gargol
a936362051 Removed logging for validation error in frontend routing
refs #10525

- The logging in this place only introduced confusion and provided no usefull information
2019-06-11 12:35:16 +02:00
Fabien O'Carroll
c101fd90d7
Removed lib/members in favour of packages (#10739)
* Installed `@tryghost/members-{api,auth-pages}`

no-issue

* Used @tryghost/members-auth-pages in member service

no-issue

* Used @tryghost/members-api in members service

no-issue

* Deleted core/server/lib/members

no-issue

* Fixed parent app tests

no-issue

Requiring the members api (via the `gateway` getter) was throwing an
error, so we stub out the members service getters
2019-05-08 14:08:25 +02:00
Nazar Gargol
f21e713a83 Added temp file cleanup for invalid themes
refs #10174

- When theme check fails with validation error there was no cleanup of files left from zip extraction
2019-05-02 17:59:29 +02:00
Nazar Gargol
f5c1ed8fcb 🐛 Fixed 404 in collection index page if using data.slug
closes #10542

- Fixed error that was causing collection index to not be rendered: relations connected to alliased resource were not fetched
2019-04-30 18:20:20 +02:00
Nazar Gargol
cea598597b Restructured theme check logic
refs #10571

- Removes dependency on 'context' property being set in error when
checking a theme
- Refactoring was needed to be able to avoid passing checked theme as a
part of thrown error (logic was relying on error having this specific
data in context property). This created a problem where we controlled
the logic flow with data in error object.
- Introduced 2 different types of theme check handling, one behaves the
same way as before, the other gives more granulac control to the caller
to decide what to do with returned errors.
2019-04-22 22:34:12 +02:00
ml4den
8732d40967 Fixed a typo for non-verb "setup" (#10680)
no-issue
2019-04-22 17:47:28 +02:00
Rishabh Garg
8191513a86 Updated members site config keys (#10702)
no issue
2019-04-22 17:23:58 +02:00
Nazar Gargol
2253b2d18c 🐛 Fixed redirect for pages causing 404
closes #10649

- `resourceType` in API v0.1 is only of 'post' type. Because in admin we now distinguish between 2 types of editable resources: 'posts' and 'page' the redirect has to be based on 'entry.page' flag
2019-04-22 15:08:09 +02:00
kirrg001
ab49d1eed6 Added comments for routing service
no issue

- jsdoc
- inline comments
2019-04-21 23:55:22 +02:00
kirrg001
e07c0ecdc4 Added comments for url service
no issue

- jsdoc
- inline comments
2019-04-21 00:14:40 +02:00
Rish
db9c2d1eca Fixed lint issues
no issue
2019-04-17 18:26:32 +05:30
Rishabh Garg
876e310aea
Updated check for members-ssr use at theme layer (#10693)
no issue

### Context

As part of updating the theme layer to use members-ssr [here](f9899cb8c4), we introduced a case where if `enableDeveloperExperiments` is not switched on, the whole theme loading will crash due to unavailability of `ssr` property on members service [here](https://github.com/TryGhost/Ghost/blob/master/core/server/services/members/index.js#L12). Since we switch on `enableDeveloperExperiments` by default on master now, the issue won't be reproducible locally until explicitly switched off. 

This PR includes a patch fix which adds dummy `ssr` object to members service `api` object and members middleware check on APIs to ensure no crash in case developer flags is not switched on. 

Longer term it will be definitely useful to upgrade the dummy `api` object to trigger on member labs than the developer flag.
2019-04-17 17:38:12 +05:30
Rish
ab3b0d95a2 🐛 Fixed fetching RSS in case of posts with no content
refs #10679

- Handles `null` html values in calculation
2019-04-17 15:12:01 +05:30
Fabien O'Carroll
9aa9b39a59 Fixed require path of members-ssr
no-issue
2019-04-16 17:19:46 +02:00
Fabien O'Carroll
f9899cb8c4
Updated theme layer to use members-ssr (#10676)
* Removed support for cookies in members auth middleware

no-issue

The members middleware will no longer be supporting cookies, the cookie
will be handled by a new middleware specific for serverside rendering,
more informations can be found here:

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Removed members auth middleware from site app

no-issue

The site app no longer needs the members auth middleware as it doesn't
support cookies, and will be replaced by ssr specific middleware.

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Added comment for session_secret setting

no-issue

We are going to have multiple concepts of sessions, so adding a comment
here to be specific that this is for the Ghost Admin client

* Added theme_session_secret setting dynamic default

no-issue

Sessions for the theme layer will be signed, so we generate a random hex
string to use as a signing key

* Added getPublicConfig method

* Replaced export of httpHandler with POJO apiInstance

no-issue

This is mainly to reduce the public api, so it's easier to document.

* Renamed memberUserObject -> members

no-issue

Simplifies the interface, and is more inline with what we would want to export as an api library.

* Removed use of require options inside members

no-issue

This was too tight of a coupling between Ghost and Members

* Simplified apiInstance definition

no-issue

* Added getMember method to members api

* Added MembersSSR instance to members service

* Wired up routes for members ssr

* Updated members auth middleware to use getPublicConfig

* Removed publicKey static export from members service

* Used real session secret

no-issue

* Added DELETE /members/ssr handler

no-issue

This allows users to log out of the theme layer

* Fixed missing code property

no-issue

Ignition uses the statusCode property to forward status codes to call sites

* Removed superfluous error middleware

no-issue

Before we used generic JWT middleware which would reject, now the
middleware catches it's own error and doesn't error, thus this
middleware is unecessary.

* Removed console.logs

no-issue

* Updated token expirty to hardcoded 20 minutes

no-issue

This returns to our previous state of using short lived tokens, both for
security and simplicity.

* Removed hardcoded default member settings

no-issue

This is no longer needed, as defaults are in default-settings.json

* Removed stripe from default payment processor

no-issue

* Exported `getSiteUrl` method from url utils

no-issue

This keeps inline with newer naming conventions

* Updated how audience access control works

no-issue

Rather than being passed a function, members api now receives an object
which describes which origins have access to which audiences, and how
long those tokens should be allowed to work for. It also allows syntax
for default tokens where audience === origin requesting it. This can be
set to undefined or null to disable this functionality.

{
    "http://site.com": {
        "http://site.com": {
            tokenLength: '5m'
        },
        "http://othersite.com": {
            tokenLength: '1h'
        }
    },
    "*": {
        tokenLength: '30m'
    }
}

* Updated members service to use access control feature

no-issue

This also cleans up a lot of unecessary variable definitions, and some
other minor cleanups.

* Added status code to auth pages html response

no-issue

This was missing, probably default but better to be explicit

* Updated gateway to have membersApiUrl from config

no-issue

Previously we were parsing the url, this was not very safe as we can
have Ghost hosted on a subdomain, and this would have failed.

* Added issuer to public config for members

no-issue

This can be used to request SSR tokens in the client

* Fixed path for gateway bundle

no-issue

* Updated settings model tests

no-issue

* Revert "Removed stripe from default payment processor"

This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845.

* Revert "Removed hardcoded default member settings"

This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a.

* Installed @tryghost/members-ssr

* Fixed tests for settings model
2019-04-16 16:50:25 +02:00
Fabien O'Carroll
90c2dbcd6b Removed use of filters module
no-issue

As we're deprecating apps, filters are no longer used.

- Removed use of filters in helpers
- Removed use of filters from routing service
- Removed use of filters from rss service
- Removed use of filters in base model
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
54ac98037b Refactored proxy to not take name param
no-issue

This was only used as context to api methods, but those have been removed.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
ca2dc1889a Removed unused filters object from apps proxy
no-issue

This is not used by any current apps, and apps are considered
deprecated.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
65f16f77a7 Removed unused api object from apps proxy
no-issue

This is not used by any current apps, and apps are considered deprecated.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
29948da3bc Refactored app service init to load config
no-issue
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
d31395412b Removed sandbox from apps service
no-issue

The instansiation of a Module object was only used so that we could
override the require method inside external apps, now we have no support
for them, we are free to require the internal apps directly. This has no
functionality change.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
4696d70de0 Refactored app proxy module to not use Constructor
no-issue

Rather than creating a whole instance, we can replace it with a helper
method - his is less memory intensive and a little easier to parse for
something this small.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
ca8c5c4907 Removed app permissions module and updated loader
no-issue

The permissions module is no longer necessary as we only suppot internal
apps, which have all permissions. This allowed us to delete the module,
but required that we update the loader to remove references to it.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
e4db1eed81 Removed support for external apps from Proxy
no-issue

This also removes the need for permissions, as internal apps have all permissions
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
4b74c11abb Removed installAppByName method
no-issue

Only external apps needed the install step, we can safely remove this now.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
ad9d142174 Refactored Sandbox to be singleton
no-issue
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
fd9fc92dd5 Removed external app support in Sandbox
no-issue
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
fc1aa58dc0 Removed external app support from app service loader
no-issue
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
d63d3f77eb Removed external app support from app service init
no-issue
2019-04-16 11:05:33 +02:00
Rishabh Garg
c03ca79c66
Added Admin API for deleting members (#10673)
no issue

- Added new API to delete members
- Added methods to handle e2e member deletion
- Deleting member via Admin leads to
  - Removal of member from payment processor and cancelling all active subscriptions immediately
  - Removal of member information from DB
2019-04-13 10:38:56 +05:30
Rishabh Garg
35c4da710a
🐛 Fixed sitemap generation with correct date and images value (#10668)
closes #10640

- Updated sitemap resources data to include certain fields
- Fixes sitemap date and images value
- Updated date handling for sitemap nodes
2019-04-09 12:43:07 +05:30
Naz Gargol
87b37556c8
Improved error context usage (#10669)
refs #10571

- Reduced the amount of log output for collision errors
- Improved data passed into `errorDetails` during theme check
- After discovering https://github.com/TryGhost/Ghost/blob/9810834/core/server/services/themes/index.js#L56-L57 wasn't able to remove `checkedTheme` from `context`. Left a note to be refactored later
2019-04-09 13:00:56 +08:00
Fabien O'Carroll
35725f9537 Added members data to local template options
no-issue

- Splits updateTemplateData into three functions with clear naming
- Adds req.member to local template options, to be used as {{@member}}
2019-04-04 10:44:43 +02:00
Fabien O'Carroll
b38fb32c3f Refactored theme middleware module
no-issue

- Replaces var -> const
- Removed use of object to hold functions
2019-04-04 10:44:43 +02:00
Fabien O'Carroll
d0c1853797 Used getter instead of looking up internal property
no-issue

Since express-hbs@1.10 we have a method to get the template options,
which should be used rather than reading internal "private" properties
2019-04-04 10:44:43 +02:00
Rish
394c8b7650 Removed hard-coded members lab flag for theme
no issue

- Removed hard-coded setting to switch on members flag in labs based on developer flag
2019-03-21 13:56:46 +05:30
Grant
51151e9e9e Removed obsolete comment about api keys not being supported (#10622)
no issue

I noticed an outdated comment in the codebase ([confirmed by Kevin](https://forum.ghost.org/t/code-comment-says-we-dont-support-admin-api-keys-yet-is-this-true/6344/4?u=grant)). This PR removes it.
2019-03-19 20:05:37 +01:00
kirrg001
3b4edccf62 🐛 Fixed {{meta_description}} output when using data: page.{slug} in routes
refs #10599

- meta_description output wrong meta description

Only solves meta_description for this use case:

```
routes:
  /:
    data: page.{slug}
    template: t
```
2019-03-12 12:34:16 +01:00