Commit Graph

195 Commits

Author SHA1 Message Date
Fabien O'Carroll
cb0c5dc582
Session auth service (#9910)
refs #9865

* This service handles the session store and exporting middleware to be
used for creating and managing sessions

* Updates the auth service index.js file in line with how we do things elsewhere

* After wrapping the exports in a getter, the usage of rewire had broken
the authenticate tests, this commit _removes_ rewire from the tests, calls `init` on
the models before the tests (needed because rewire isn't there) and also
cleans up the use of var.
2018-10-02 15:35:23 +07:00
Nazar Gargol
082dec7507 Bumped ghost-ignition to version 2.9.6 2018-09-25 11:41:37 +02:00
Nazar Gargol
57271127f4 Added v2 api endpoints (#9874)
refs #9866

- Registered Content API under /ghost/api/v2/content/
- Registered Admin API under /ghost/api/v2/admin/
- Moved API v0.1 implementation to web/api/v0.1
- Created web/api/v2 for the new api endpoints
- Started with reducing the implementation for the new Content API (the Content api does not serve admin api endpoints, that's why it was reducible)
- Covered parent-app module with basic test checking correct applications/routes are being mounted
- Added a readme file, which contains a warning using v2, because it's under active development!
- This PR does only make the new endpoints available, we have not:
  - optimised the web folder (e.g. res.isAdmin)
  - started with different API controllers
  - reason: we want to do more preparation tasks before we copy the api controllers
2018-09-18 15:59:06 +02:00
Kevin Ansfield
2eada22282 Bump forked oembed-parser dependency
no issue
- removes bellajs sub-dependency that wasn't pinned because it's latest version restricts the usable node version
2018-09-18 10:33:04 +01:00
Sumedh Nimkarde
efd1587ee9 Switched to eslint-plugin-ghost (#9835)
refs #9834

- @TODO: the test env eslint needs to use the plugin, not part of this PR
2018-09-17 20:49:30 +02:00
Nazar Gargol
b36490b6e7 Bump gscan to version 2.2.1
closes #9851
2018-09-06 12:24:17 +02:00
Fabien O'Carroll
c9b8ddde4b 🎨Added absolute_url flag to public api (#9833)
closes #9832

The API _should_ be returning absolute URLs for everything, 3rd party applications require absolute urls to read and display ghost data correctly. Currently they have to concat the blog url and the resource url, which is very uncomfortable.

Changing the public api like this would be considered a breaking change however so we've opted to put it behind a query parameter named `absolute_urls`.
2018-08-31 11:02:39 +01:00
Rish
5f49d9090a Update gscan version 2018-08-30 17:59:47 +01:00
Nazar Gargol
0faf89b5ab Added ability to resize and compress images on upload (#9837)
refs #4453

* On by default

* Added config to disable resizing

* Added basic image optimization processing

* Added dep: sharp (optional dep)

* Added resize middleware

* Take care of rotation based on EXIF information

* Removed all meta data from optimised image

* Added handling if sharp could not get installed

* Do not read ext twice - optimisation

* Do not call sharp if config is disabled

* Do not remove the original image which was uploaded (store 2 images)

* Support of `req.files` for internal logic

* Disabled cache to enable file removal on Windows
2018-08-30 17:30:36 +01:00
Katharina Irrgang
47e9eb48f7 Changed oembed-parser git link in package.json (#9806)
no issue
- git links require git to be installed which isn't likely on servers
- use tarball instead
2018-08-21 09:30:19 +01:00
Kevin Ansfield
c186347f0c
🐛 Koenig - Fixed Vimeo, Hulu, and Facebook Post embeds (#9803)
refs https://github.com/TryGhost/Ghost/issues/9786
- bumped `oembed-parser` dependency to a forked version
  - contains fix for oembed.com providers that include `{format}` in the `url`
  - contains updated `providers.json` file including the `Facebook (Post)` provider (thanks @lunaticmonk)
2018-08-20 11:52:40 +01:00
kirrg001
5d42767bfd Bump knex-migrator to version 3.2.3
no issue
2018-08-16 12:13:24 +02:00
kirrg001
59d9f1867d Bump gscan to version 2.0.0
no issue
2018-08-16 12:13:24 +02:00
kirrg001
ee7814cb1f Bump knex-migrator to version 3.2.2
no issue
2018-08-16 12:13:24 +02:00
kirrg001
dc96d2d451 Bump gscan to tarball link
no issue

- GScan 2.0 is in progress
- it's helpful to use a latest tarball already for testing
- https://github.com/TryGhost/gscan/commits/2.0
2018-08-16 12:13:24 +02:00
kirrg001
65b5ccfe54 Bump gscan to tarball link
no issue

- GScan 2.0 is in progress
- it's helpful to use a latest tarball already for testing
2018-08-16 12:13:24 +02:00
kirrg001
f574507214 Bump knex-migrator to version 3.2.1
no issue
2018-08-16 12:13:24 +02:00
Hannah Wolfe
290f74f815 Added advanced filtering to Dynamic Routing (#9757)
refs #9601, refs #9742

- Upgraded NQL to 0.1.0
- The new version of NQL supports aliases e.g. `tag: tags.slug`, which makes it possible to define `filter=tag:support`
- Furthermore, this allows us to support advanced filtering like tag:[a,b]
- In dynamic routing, we use mingo via NQL which has a slightly different feature set to GQL in the API:
   - AND NOT, OR and other advanced logic combos DO work on joined tables
   - Counts are not yet supported
- The Dynamic Routing beta docs should describe that API filtering and Dynamic Routing filtering is different
2018-08-16 12:13:24 +02:00
kirrg001
ef5dd6b878 Bump knex-migrator to version 3.2.0
no issue
2018-08-16 12:13:24 +02:00
kirrg001
23b4fd26c6 Moved knex-migrator execution into Ghost
refs #9742, refs https://github.com/TryGhost/Ghost-CLI/issues/759

- required a reordering of Ghost's bootstrap file, because:
  - we have to ensure that no database queries are executed within Ghost during the migrations
  - make 3 sections: check if db needs initialisation, bootstrap Ghost with minimal components (db/models, express apps, load settings+theme)
- create a new `migrator` utility, which tells you which state your db is in and offers an API to execute knex-migrator based on this state
- ensure we still detect an incompatible db: you connect your 2.0 blog with a 0.11 database
- enable maintenance mode if migrations are missing
- if the migration have failed, knex-migrator roll auto rollback
  - you can automatically switch to 1.0 again
- added socket communication for the CLI
2018-08-16 12:13:24 +02:00
kirrg001
8c1061cd30 Bump dependencies
no issue

- ghost-ignition@2.9.4
  - fixed log rotation (c8f256430a)
- multer@1.3.1
- uuid@3.3.2
- nock@9.4.0
2018-07-02 12:39:58 +02:00
Katharina Irrgang
7027980ad2
Dynamic Routing Beta: Filter collections with NQL (#9704)
refs #9601

- replace jsonpath with [NQL](https://github.com/NexesJS/NQL)
- jsonpath was just a temporary solution (a short-term fix)
- with NQL we are able to filter collections more powerful in the near future
- NQL is not feature complete
- we still support `featured:true` for collections
2018-06-26 01:54:51 +02:00
Katharina Irrgang
fc9da07025
Dynamic Routing Beta: Added ability to disable+override rss (#9693)
refs #9601

- you can now use `rss:false`
- ability to define a custom rss url with a target template (+ content_type)
- ability to disable rss for channel or collection
2018-06-26 01:33:29 +02:00
kirrg001
11b61aebce Bump dependencies
no issue

- image-size@0.6.3
- moment-timezone@0.5.21
- oembed-parser@1.1.1
- simple-html-tokenizer@0.5.5
- nock@9.3.3
- sqlite3@4.0.1
2018-06-25 18:43:08 +02:00
Katharina Irrgang
835fd6c45b
Removed knex mock (#9685)
no issue

- this mock eat already too much of my/our time
- the idea of adding a knex mock was definitely a failed approach/try
- it's too much to maintaince and have not found a module which does this already
  - we have to support any query format
  - this is too crazy
- the idea was to use the knex mock for model unit tests, because if we want to unit test models we have to
  run through bookshelf, because the whole model layer depends on bookshelf e.g. events
- for now we simply use the real database
  - we could use the sqlite3 memory mode, but that would mean every unit test runs on sqlite3
  - something to consider for later e.g. run unit tests on one matrix
  - run the rest on another matrix for sqlite + mysql
2018-06-12 20:26:16 +02:00
Kevin Ansfield
ca20f3a6b0 Added /oembed API endpoint
refs https://github.com/TryGhost/Ghost/issues/9623
- add `oembed-parser` module for checking provider availability for a url and fetching data from the provider
  - require it in the `overrides.js` file before the general Promise override so that the `promise-wrt` sub-dependency doesn't attempt to extend the Bluebird promise implementation
- add `/oembed` authenticated endpoint
  - takes `?url=` query parameter to match against known providers
  - adds safeguard against oembed-parser's providers list not recognising http+https and www+non-www
  - responds with `ValidationError` if no provider is found
  - responds with oembed response from matched provider's oembed endpoint if match is found
2018-06-12 16:18:01 +01:00
kirrg001
2f69e51018 Bump dependencies
no issue

- ghost-ignition@2.9.3
- simple-html-tokenizer@0.5.3
2018-06-06 14:00:43 +02:00
kirrg001
fdde9f7c5d Bump dependencies
no issue

- body-parser@1.18.3
- extract-zip@1.6.7
- js-yaml@3.12.0
- moment@2.22.2
- moment-timezone@0.5.17
- grunt@1.0.3
- grunt-contrib-watch@1.1.0
- nock@9.3.0
- supertest@3.1.0
2018-06-04 15:48:07 +02:00
Aileen Nowak
2cc032524e Bump gscan to version 1.4.3
no issue

- fixes a bug, that didn't catch errors caused by corrupt zip files
- uses a fork of the `extract-zip` dependency with a bug fix for https://github.com/maxogden/extract-zip/issues/65
2018-05-16 10:20:30 +08:00
kirrg001
45b3d50ced Bump dependencies
no issue

bookshelf-relations@0.2.1, bson-objectid@1.2.3, csv-parser@1.12.1, ghost-gql@0.0.10, ghost-ignition@2.9.2, ghost-storage-base@0.0.3, gscan@1.4.2, knex@0.14.6, knex-mig
rator@3.1.6, lodash@4.17.10, moment@2.22.1, moment-timezone@0.5.16, simple-html-tokenizer@0.5.1, superagent@3.8.3, eslint@4.19.1, grunt-contrib-watch@1.0.1, nock@9.2.5
2018-05-01 14:06:18 +02:00
kirrg001
932d5f4c60 Bump brute-knex to version 3.0.0
no issue

- drop node 4 support
- i finally got full access to brute-knex
- see https://github.com/llambda/brute-knex
2018-05-01 14:06:18 +02:00
Aileen Nowak
63642fd8ad YAML settings loader and parser
closes #9528

These code changes introduce a YAML parser which will load and parse YAML files from the `/content/settings` directory. There are three major parts involved:

1. `ensure-settings.js`: this fn takes care that on bootstrap, the supported files are present in the `/content/settings` directory. If the files are not present, they get copied back from our default files. The default files to copy from are located in `core/server/services/settings`.

2. `loader.js`: the settings loader reads the requested `yaml` file from the disk and passes it to the yaml parser, which returns a `json` object of the file. The settings loader throws an error, if the file is not accessible, e. g. because of permission errors.

3. `yaml-parser`: gets passed a `yaml` file and returns a `json` object. If the file is not parseable, it returns a clear error that contains the information, what and where the parsing error occurred (e. g. line number and reason).

- added a `get()` fn to settings services, that returns the settings object that's asked for. e. g. `settings.get('routes').then(()...` will return the `routes` settings.
- added a `getAll()` fn to settings services, that returns all available settings in an object. The object looks like: `{routes: {routes: {}, collections: {}, resources: {}}, globals: {value: {}}`, assuming that we have to supported settings `routes` and `globals`.

Further additions:
- config `contentPath` for `settings`
- config overrides for default `yaml` files location in `/core/server/services/settings`

**Important**: These code changes are in preparation for Dynamic Routing and not yet used. The process of copying the supported `yaml` files (in this first step, the `routes.yaml` file) is not yet activated.
2018-04-15 19:40:22 +02:00
kirrg001
e986ce4af7 Bump ghost-ignition to version 2.9.1
no issue

- fixes a bug, which can slow down the process when using loggly transport
2018-04-02 21:05:16 +02:00
Katharina Irrgang
40d0a745df Multiple authors (#9426)
no issue

This PR adds the server side logic for multiple authors. This adds the ability to add multiple authors per post. We keep and support single authors (maybe till the next major - this is still in discussion)

### key notes

- `authors` are not fetched by default, only if we need them
- the migration script iterates over all posts and figures out if an author_id is valid and exists (in master we can add invalid author_id's) and then adds the relation (falls back to owner if invalid)
- ~~i had to push a fork of bookshelf to npm because we currently can't bump bookshelf + the two bugs i discovered are anyway not yet merged (https://github.com/kirrg001/bookshelf/commits/master)~~ replaced by new bookshelf release
- the implementation of single & multiple authors lives in a single place (introduction of a new concept: model relation)
- if you destroy an author, we keep the behaviour for now -> remove all posts where the primary author id matches. furthermore, remove all relations in posts_authors (e.g. secondary author)
- we make re-use of the `excludeAttrs` concept which was invented in the contributors PR (to protect editing authors as author/contributor role) -> i've added a clear todo that we need a logic to make a diff of the target relation -> both for tags and authors
- `authors` helper available (same as `tags` helper)
- `primary_author` computed field available
- `primary_author` functionality available (same as `primary_tag` e.g. permalinks, prev/next helper etc)
2018-03-27 15:16:15 +01:00
Katharina Irrgang
7c6f690eb5 🐛 Fixed updated_at not being updated (#9532)
closes #9520

- it contains a dependency bump of the latest Bookshelf release
- Bookshelf introduced a bug in the last release
  - see https://github.com/bookshelf/bookshelf/pull/1583
  - see https://github.com/bookshelf/bookshelf/pull/1798
- this has caused trouble in Ghost
  - the `updated_at` attribute was not automatically set anymore

---

The bookshelf added one breaking change: it's allow to pass custom `updated_at` and `created_at`.
We already have a protection for not being able to override the `created_at` date on update.
We had to add another protection to now allow to only change the `updated_at` property.
You can only change `updated_at` if you actually change something else e.g. the title of a post.

To be able to implement this check i discovered that Bookshelfs `model.changed` object has a tricky behaviour.
It remembers **all** attributes, which where changed, doesn't matter if they are valid or invalid model properties.
We had to add a line of code to avoid remembering none valid model attributes in this object.

e.g. you change `tag.parent` (no valid model attribute). The valid property is `tag.parent_id`.
     If you pass `tag.parent` but the value has **not** changed (`tag.parent` === `tag.parent_id`), it will output you `tag.changed.parent`. But this is wrong.
     Bookshelf detects `changed` attributes too early. Or if you think the other way around, Ghost detects valid attributes too late.
     But the current earliest possible stage is the `onSaving` event, there is no earlier way to pick valid attributes (except of `.forge`, but we don't use this fn ATM).
     Later: the API should transform `tag.parent` into `tag.parent_id`, but we are not using it ATM, so no need to pre-optimise.
     The API already transforms `post.author` into `post.author_id`.
2018-03-26 14:12:02 +01:00
Katharina Irrgang
fa1cc76e15
Bump dependencies (#9516)
no issue

- compression@1.7.2
- express@4.16.3
- ghost-ignition@2.9.0
- gscan@1.3.4
- knex-migrator@3.1.5
- lodash@4.17.5
- moment@2.21.0
- netjet@1.3.0
- sanitize-html@1.18.2
- sqlite@4.0.0
- eslint@4.19.0
- grunt@1.0.2
- sinon@4.4.6
- nock@9.2.3
- grunt-express-server@0.5.4

This commit resolves https://hackerone.com/reports/310439.
2018-03-21 18:49:42 +01:00
Katharina Irrgang
95423ea8fa
Bump dependencies (#9513)
no issue

- knex@0.14.4
- bookshelf@0.13.0
- knex-migrator@3.1.4
- brute-knex@4feff38ad2
- bookshelf-relations@0.2.0

### Fixes for Bookshelf 0.13

- they introduced some breaking changes
- https://github.com/bookshelf/bookshelf/blob/master/CHANGELOG.md#breaking-changes
- adapt event handling in Ghost and in bookshelf-relations
2018-03-19 16:27:06 +01:00
Silvio Fernández
043370d84e Bump markdown-it to version 8.4.1 (#9484)
no issue

- which bumps the sub-dependency "uc.micro" to 1.0.5 
- this version is now MIT licensed
2018-03-05 10:03:24 +01:00
kirrg001
68d8154d4f Imported nested tags by foreign key
no issue

- replace logic for preparing nested tags
- if you have nested tags in your file, we won't update or update the target tag
- we simply would like to add the relationship to the database
- use same approach as base class
  - add `posts_tags` to target post model
  - update identifiers
  - insert relation by foreign key `tag_id`
- bump bookshelf-relations to 0.1.10
2018-02-20 09:56:45 +01:00
kirrg001
0b5cfd933f Added knex mock for unit testing
no issue

- added https://github.com/colonyamerican/mock-knex as dev dependency
- the mock serves our data generator test data by default
  - but you can define your own if you want
- we need a proper mock for unit testing
- we should not mock bookshelf if possible, otherwise we can't test event flows
2018-02-15 22:11:49 +01:00
Katharina Irrgang
80a1128016
Bump dependencies (#9421)
no issue

- bookshelf-relations@0.1.5
- ghost-ignition@2.8.18
- sanitize-html@1.17.0
- semver@5.5.0
- uuid@3.2.1
- eslint@4.16.0
- should@13.2.1
- sinon@4.2.1
2018-01-24 22:50:20 +01:00
Katharina Irrgang
9a8acd5517
Downgraded dependencies (#9403)
no issue

- knex@0.12.9
- bookshelf@0.10.3
- and any dependency, which relies on knex@0.14
- we experienced an unwated behaviour where the blog keeps too many connections open
- we have to investigate
2018-01-17 17:49:07 +01:00
kirrg001
042b18cb69 Bump dependencies
no issue

- brute-knex@4feff38ad2e4ccd8d9de05f04a2ad7a5eb3e0ac1
- knex-migrator@3.1.4
- ghost-ignition@2.8.17
2018-01-11 22:59:22 +01:00
Katharina Irrgang
4d6538fbca
Bump dependencies (#9391)
no issue

- bookshelf@0.12.1
- knex@0.14.2
- moment@2.20.1
- eslint@4.15.0
- nock@9.1.6
- sinon@4.1.4
2018-01-11 21:19:34 +01:00
juan-g
f671f9d2c9 Theme translations and blog localisation (#8437)
refs #5345, refs #3801

- Blog localisation
  - default is `en` (English)
  - you can change the language code in the admin panel, see https://github.com/TryGhost/Ghost-Admin/pull/703
  - blog behaviour changes depending on the language e.g. date helper format
  - theme translation get's loaded if available depending on the language setting
  - falls back to english if not available

- Theme translation
  - complete automatic translation of Ghost's frontend for site visitors (themes, etc.), to quickly deploy a site in a non-English language
  - added {{t}} and {{lang}} helper
  - no backend or admin panel translations (!)
  - easily readable translation keys - very simple translation
  - server restart required when adding new language files or changing existing files in the theme
  - no language code validation for now (will be added soon)
  - a full theme translation requires to translate Ghost core templates (e.g. subscriber form)
  - when activating a different theme, theme translations are auto re-loaded
  - when switching language of blog, theme translations are auto re-loaded

- Bump gscan to version 1.3.0 to support more known helpers

**Documentation can be found at https://themes.ghost.org/v1.20.0/docs/i18n.**
2018-01-09 14:50:57 +01:00
Aileen Nowak
8ea861c496 Bump Amperize to version 0.3.7 (#9370)
no issue

- includes updated tests and usage of another user-agent for image requests
2018-01-04 14:44:33 +01:00
kirrg001
fccfa7614d Bump bookshelf-relations to version 0.1.4
no issue

- patch release with two fixes:
  - 1. attach target models in batches
  - 2. ensure we detach the bookshelf model event from new targets, otherwise we can run into memory leaks
2018-01-02 23:20:04 +01:00
kirrg001
98dcbd72bc Bump dependencies
no issue

- bson-objectid@1.2.2
- image-size@0.6.2
- knex-migrator@3.1.3
- nconf@0.10.0
- sanitize-html@1.16.3
- superagent@3.8.2

- eslint@4.14.0
- grunt-contrib-uglify@3.3.0
- grunt-subgrunt@1.3.0
- mocha@4.1.0
- nock@9.1.5
- should@13.2.0
- sinon@4.1.3
2018-01-02 12:08:32 +01:00
kirrg001
1ac7c00d4a Bump knex-migrator to version 3.1.2
no issue

- patch update
2017-12-05 10:04:23 +01:00
Katharina Irrgang
0bb81bb3c4
Bump knex-migrator to version 3.1.1 (#9199)
no issue

- adapt major changes of knex-migrator v3
- adapt migration scripts, simplify and add `down` (rollback) hook if possible
- clear Ghost cache after init hook (because of `knex-migrator migrate --init`)
- ensure db migrations work with the CLI
- updated troubleshooting guide (https://docs.ghost.org/v1/docs/troubleshooting#section-task-execute-is-not-a-function)

**For development only: Please ensure you run `npm i -g knex-migrator@latest` to update your global installation to v3. We always prefer the local installation, but v3 has modified and added binaries.**
2017-12-05 09:14:55 +01:00