refs #10790
- Extracted 'setFromZip' method into themes services
- Extracted 'activate' method
- Extracted 'destroy' method
- Extracted 'download' method
- The method name here tries to follow 'setFrom...` convention we've agreed upon. So, in this case, we have get() which returns JSON response and getZip() which returns a file
- allow both uploading and activating themes as experiemental API features
- previously only uploading was allowed, I believe purely due to an oversight
closes#10641
There is already an "icons" section in this json file, but it appears
that that is only used for v0.1 in which there was a "/uploads/icon"
route that passed in a "type" of "icons" to the validation middleware.
However, in v2, there is only a generic "/images/upload" route that is
used for both icons and images, which passes a "type" of "images"
so the .ico information needs to be added to the "images" section
of the json file.
This reverts commit 64735693be.
- `rsa-keypair` is a binary dependency that was failing to install for a lot of users, reverting for now so we can look at alternative options for speeding up boot time
no-issue
The issuer value is used through the members code base as the identifier
for the members api. The existing code did not take into account that
the domain/url for the site could be different than for the admin (and
the apis).
refs #10790
refs #9528
- The settings service was designed to handle more settings then just routing, but till this day there wasn't anything else added. As routes.yaml is only being used by frontend router so conceptually it fits better to have this code in frontend, so that it doesn't have to reach out to server
- The code left in server settings is the one that interacts with the database `settings` table and only partially provides information to frontend. That part is known as 'settings cache' and will be accessed through API controllers.
no-issue
This updates Ghost to inject the exact urls we want to use for both the
static members pages and the ssr endpoints we've configured for the
frontend. This allows us to changes these without having to update the
members repository, and gives a cleaner split between the two.
* Moved settings#upload method out of settings controller
* Moved out code from download to serve method
* Moved API v0.1 settings upload/downalod routes.yaml methods to use setting handler service
* Reverted unintended change
* Moved RoutesHandler into settings module
- To keep in convention with settings described in - https://github.com/TryGhost/Ghost/issues/9528 , extracted routes handler into separate settings folder
* Frontend settings for API v0.1
* Renamed 'routes' to 'dynamic-routing'
* Renamved activate/serve methods as suggested in discussions
* Moved settings dynamicRouting to routing.settings
refs #10790
- The code was moved out of controllers to reduce the number of coupling points between the API controllers and "frontend" services
- A nice side effect of this move is a decreased amount of code that will need to be maintained and reusability between existing controllers
- Calling just a few methods from frontend services on API level makes it easier to abstract fronted away from API
refs #10790
- Moved /core/apps into core/frontend
- Moved /core/server/helpers to /core/frontend/helpers along with /core/server/services/themes
- Changed helper location in overrides
- Moved /core/server/services/routing to /core/frontend/services
- Moved /core/server/services/url to /core/frontend/services
- Moved /core/server/data/meta to /core/frontend/meta
- Moved /core/server/services/rss to /core/frontend/services
- Moved /core/server/data/xml to /core/frontend/services
closes#10773
- The refactoring is a substitute for `urlService.utils` used previously throughout the codebase and now extracted into the separate module in Ghost-SDK
- Added url-utils stubbing utility for test suites
- Some tests had to be refactored to avoid double mocks (when url's are being reset inside of rested 'describe' groups)
closes#10776
When the "to" property of the redirect includes a host (implying an external or fully qualified url) we skip replacing any paths and redirect straight to it, rather than modifying the URL with the sites sub-directory.
refs #10618
- Visibility methods don't belong on model, but are generic utils
- Used directly from ghost helper's visibility methods, cleans up core
- Removes direct model dependency of theme helper
- Updated `foreach_spec` to correct test data as per schema - visibility property cannot be empty
no issue
- `{{#get}}` can slow down requests a lot if not used carefully, typically by using `limit="all"` or similar which can force a lot of data to be fetched and processed
- adds a warning log if we detect any `{{#get}}` helper call which takes longer than a certain threshold (default 200ms)
- allow log level and threshold to be configured via config to allow for different environments behaviours and requirements
New config options:
```
{
"logging": {
"slowHelper": {
"level": "warn",
"threshold": 200
}
}
}
```
Example output for `{{#get "tags" limit="all" order="name asc"}}` with a lot of tags:
```
[2019-06-07 10:35:52] WARN {{#get}} helper took 453ms to complete
{{#get}} helper took 453ms to complete
Error ID:
062daed0-8910-11e9-8185-3b615ad8677d
Error Code:
SLOW_GET_HELPER
Details:
api: v2.tagsPublic.browse
apiOptions:
order: name asc
limit: all
returnedRows: 1698
```
refs https://github.com/TryGhost/Ghost/issues/9414
refs c9b95b4bbd
- Removed package version from asset hash calculation
- Package version doesn't introduce any value when calculating a hash because Date.now() provides enough randomization on its own
no issue
- by default the `/ghost/` route will add an `x-frame-options: sameorigin` header to the response to help protect the admin area against clickjacking
- the header can be disabled by adding `"adminFrameProtection": false` to the `config.{env}.json` configuration file
Credits: Muhammad Fawwad Obaida
refs https://github.com/TryGhost/Team/issues/211
Previous code was creating a new ajv instance for each call, as well as
loading the schemas, which are cached. This was causing a memory leak as
ajv caches all schemas.
We've replaced it with one instance of ajv, and conditionally
loading/compiling the schemas if they haven't been seen before.
* Installed `@tryghost/members-{api,auth-pages}`
no-issue
* Used @tryghost/members-auth-pages in member service
no-issue
* Used @tryghost/members-api in members service
no-issue
* Deleted core/server/lib/members
no-issue
* Fixed parent app tests
no-issue
Requiring the members api (via the `gateway` getter) was throwing an
error, so we stub out the members service getters
closes#10709
- Only transform a canonical URL that is identical with the Blog URL to a relative URL when the protocol matches as well
- Leave the canonical URL absolute for all other cases
- Use case for this is e. g. when users want to port over their Facebook comments/shares/likes after a move from `http` to `https`
closes#10706
- Fixed a bug where we weren't assigning `summary_large_image` as Twitter card property when no feature image is provided, but a dedicated Twitter image
- Updated test to reflect this case to be tested better
no issue
- case: restart Ghost and while having a scheduled post
- caused by 4acc375fb6 (diff-4726ce3c4d18d41afad4b46cb0aa7dd3)
- the bug exists since 2.12
- Bookshelf added support (or better said fixed a bug) for accessing previous attributes
- `object.updated('published_at')` always returned "undefined", because the self-implementation < 2.12 only remembered previous attributes after update (see https://github.com/TryGhost/Ghost/blob/2.11.0/core/server/models/base/index.js#L234)
- but `object.previous('published_at')` returns the current value (object.get('published_at') === object.previous('published_at') -> and that's why rescheduling on bootstrap never worked
- might fix https://forum.ghost.org/t/scheduled-posts-never-publish/6873/10
- reduced timeouts on scheduling unit tests
no-issue
It turned out that due to the mismatch between `"members"` and
`"member"`, that not a single row was added to the database via this
migration. Clearing the file for simplicity.
no-issue
The original migration read data from the fixtures, and ensured the
relations were made. Now the fixtures have been corrected, we can use
the same migration for 2.22
no-issue
The previous relations were setup to match against "members", which is
plural, but the object_type on the permission is "member". This was
causing the permissions to not be added as a relation to the role.
* Added caption support to code card renderer
refs https://github.com/TryGhost/Ghost-Admin/pull/1181
- when a caption for a code card is provided, render the contents inside a `<figure>` element with a `<figcaption class="kg-card kg-code-card">` to match other caption-enabled cards