1
0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-24 19:33:02 +03:00
Commit Graph

92 Commits

Author SHA1 Message Date
Aileen Nowak
d59f199ee3 🐛 🎨 Improves AMP validation for video and iframe ()
no issue

Video tags aren't supported in Amperize yet, therefore, we strip them out. If a `<video>` tag has nested `<source>` elements, they would stay because they are whitelisted regarding `Sanitize`, as we use them for `<audio>` tags as well.

This PR uses `cheerio` to strip out in `<video>` nested `<source>` tags, without removing the fallback text.
It also removes prohibites attributes for `<amp-iframe>` which are e. g. used by Vimeo embeds.

Removes every kind of inline `style` attributes, as they will cause validation errors as well.
2016-08-25 12:47:28 +02:00
Aileen Nowak
93ee19f36e 🐛 fix: make small media types not stretch ()
no issue

Fixes a bug with displaying small media types like images or gif. Two reasons for that:
1. In many cases, we only have the relative URL instead of the absolute URL for the media source and therefore, `Amperize` module wasn't able to detect the image size and set the default image size of `width="600"` and `height="400"`.
2. Even if we have detected the correct image size, the attribute `layout="default"` would still make it strech. This issue is fixed in `Amperize`, but it wasn't merged at this time, so I set the dependency on my fork.

Adds `amp-anim` to the `.post-content` class, to have same CSS style as an image.
2016-08-25 11:09:25 +02:00
Aileen Nowak
a5c29dfc34 [FEATURE] AMP ()
closes , 

* `ImageObject` with image dimensions (, , )
- Returns meta data as promise
    - returns a new Promise from meta data
    - uses `Promise.props()` to resolve `getClient()` and `getMetaData()`

- Adds 'image-size' util
The util returns an object like this
```
{
    height: 50,
    url: 'http://myblog.com/images/cat.jpg',
    width: 50
};
```
if the dimensions can be fetched and rejects with error, if not.
In case we get a locally stored image or a not complete url (like `//www.gravatar.com/andsoon`), we add the protocol to the incomplete one and use `urlFor()` to get the absolute URL. If the request fails or `image-size` is not able to read the file, we reject with error.
- adds 'image-size' module to dependencies
- adds `getImageSizeFromUrl` function that returns image dimensions

- In preparation of AMP support and to improve our schema.org JSON-LD and structured data, I made the following changes:
    - Changes the following properties to be `Objects`, which have a `url` property by default and a `dimensions` property, if `width` and `height` are available:
        - `metaData.coverImage`
        - `metaData.authorImage`
        - `metaData.blog.logo`
    - Checks cache by calling `getCachedImageSizeFromUrl`. If image dimensions were fetched already, returns them from cache instead of fetching them again.
    - If we have image dimensions on hand, the output in our JSON-LD changes from normal urls to be full `ImageObjects`. Applies to all images and logos.
    - Special case for `publisher.logo` as it has size restrictions: if the image doesn't fulfil the restrictions (<=600 width and <=60 height), we simply output the url instead, so like before.
    - Adds new property for schema.org JSON-LD: `mainEntityOfPage` as an Object.
    - Adds additional Open Graph data (if we have the image size): `og:image:width` and `og:image:height`
    - Adds/updates tests

* AMP router and controller (, )
Implements AMP in `/apps/`:
- renders `amp.hbs` if route is `/:slug/amp/`
- updates `setResponseContext` to set context to `['amp', 'post']` for a amp post and `['amp', 'page']` for a page, but will not render amp template for a page
- updates `context_spec`
- registers 'amp' as new internal app
- adds the `amp.hbs` template to `core/server/apps/amp` which will be the default template for AMP posts.
- adds `isAmpURL` to `post-lookup`

* 🎨 Use `context` in meta as array ()
Instead of reading the first value of the context array, we're checking if it includes certain context values.
This is a preparation change for AMP, where the context will be delivered as `['amp', 'post']`.

*  AMP helpers (, , , )
- Adds AMP helpers `{{amp_content}}`, `{{amp_component}}` and  `{{amp_ghost_head}}` to support AMP:
- `{{amp_content}}`:
    - Adds `Amperize` as dependency
    - AMP app uses new helper `{{amp_content}}` to render AMP HTML
    - `Amperize` transforms regular HTML into AMP HTML
    - Adds test for `{{amp_content}}` helper
    - Adds 'Sanitize-HTML` as dependendy
    - After the HTML get 'amperized' we still might have some HTML tags, which are prohibited in AMP HTML, so we use `sanitize-html` to remove those. With every update, `Amperize` gets and it is able to transform more HTML tags, they valid AMP HTML tags (e. g. `video` and `amp-video`) and will therefore not be removed.
- `{{amp_ghost_head}}`:
    - registers `{{amp_ghost_head}}` helper, but uses `{{ghost_head}}` code
    - uses `{{amp_ghost_head}}` in `amp.hbs` instead of `{{ghost_head}}`
- `{{ghost_head}}`:
    - Render `amphtml` link in metadata for post, which links to the amp post (`getAmpUrl`)
    - Updates all test in metadata to support `amp` context
    - Changes context conditionals to work with full array instead of first array value
    - Adds conditionals, so no additional javascript gets rendered in `{{ghost_head}}`
    - Removes trailing `/amp/` in URLs, so only `amphtml` link on regular post renders it
    - Adds a conditional, so no code injection will be included, for an `amp` context.
- `{{amp_components}}`:
    - AMP app uses new helper `{{amp_components}}` to render necessary script tags for AMP extended components as `amp-iframe`, `amp-anime` and `amp-form`
    - Adds test for `{{amp_components}}`
2016-08-22 18:49:27 +02:00
John O'Nolan
61a8845ab5 Switch to new native system font stack ()
no issue

Based on an increasingly popular trend and modern web typography capabilities, switch out Google Fonts for default native system fonts, tailored in a stack to suit every device. Also makes some very minor visual adjustments to suit.

Nixes all references to Google Fonts, and provides a faster rendering experience and fewer http requests. 💃

Reference material:

https://www.smashingmagazine.com/2015/11/using-system-ui-fonts-practical-guide/
https://medium.design/system-shock-6b1dc6d6596f#.rhqx5fmyz
Dependencies:


2016-08-18 20:29:46 +01:00
Lukas Strassel
9c2d14949d Fix: back link on the subscribe page ()
closes 
-the backlink had a static href to {{@blog.url}} which is now changed to {{#if subscribed_url}}{{subscribed_url}}{{else}}{{@blog.url}}{{/if}} to reflect the referring url.
-This PR makes the back link on the subscribe page to link back to the referring page instead of linking back to /
2016-07-14 17:09:40 +02:00
Austin Burdine
a1a5e55bf7 improve styling on private blogging password page ()
refs 
- make private.hbs styling consistent with the ghost signin page
2016-07-07 15:37:42 +01:00
Austin Burdine
44537bd15f deps: lodash@4.13.1
closes 
- update lodash to v4
- remove lodash.tostring override
- remove lodash from greenkeeper ignore
2016-06-11 13:13:55 -06:00
kirrg001
90d872e592 Subscribers: Error Handling for adding subscribers
no issue
- do not expose information about adding subscribers
2016-05-11 12:55:29 +02:00
kirrg001
804fcffa6c Subscribers: store post id using the postlookup fn 2016-05-11 10:28:12 +02:00
kirrg001
a836081f54 Subscribers: keep original referrer & location if set 2016-05-11 10:28:11 +02:00
Hannah Wolfe
6ef79534e4 Subscribers: router & form helpers
Form:
- add confirm, location & referrer hidden fields
- add script to populate location & referrer
- add helper for creating the email field
- pass through input class and placeholder for email from top level form helper
- rename subscribe_form template & helper as it sounds more natural
- handle success and error cases differently
- improve error message display
- ensure useful data is passed back so that we can show nice messages
- check for honeypot value being filled out
- refactor error handler to set an error and always still render
2016-05-11 10:28:11 +02:00
Sebastian Gierlinger
01ae7ae49f Subscribers: Model, API & CSV import/export
- subscriber model
- subscriber app updates
- subscriber end points
- import/export CSV
- added headers to export file
- added dynamic email field detection for import
- returns stats object after CSV import
- mask error message from DB
2016-05-11 10:28:10 +02:00
Hannah Wolfe
4ca0c67f9c Subscribers: Adding subscribe app + tpl + helper
- added new internal app "subscribers"
- app has a template "subscribe.hbs"
- adds a new helper called "form_subscribe"
2016-05-11 10:28:10 +02:00
Hannah Wolfe
c5eda57f1e Minor internal apps improvements
refs 

- add internalAppsPath as a proper config path
- middleware/routes will be setup for any internal apps which have the function
- this should be refactored into some sort of proper hooks system as part of apps
- internal apps get permission to do anything the proxy allows
2016-04-14 19:05:48 +01:00
Austin Burdine
1181707a9d move private-blogging functionality into an internal app
closes , 
- moves all private-blogging related code & tests into /server/apps/private-blogging/
- rework Grunt to run private-blogging tests
- modify server apps code to have a place for internal apps
2016-04-11 08:58:41 -05:00
rfpe
7abcc43907 Harvest server side strings
closes 
- Replace all hard-coded server-side strings with i18n translations
2015-12-19 12:12:16 +01:00
John Cruikshank
5e6ed119fa fixing 'undefined is not a function' error when loading apps 2015-12-04 23:00:37 -06:00
vdemedes
20fec74c73 Refactor require-tree and split it into models
closes 
- remove core/server/require-tree.js and split it into modules
- add read-directory module to recursively read directories
- add validate-themes module to scan themes and return errors/warnings
- add parse-package-json module to parse json and validate requirements
- rewrite core/server/models/index.js to manually require models
2015-10-12 17:48:37 +02:00
Matt Enlow
61b86bf821 Merge pull request from felixrieseberg/iss4847
Replace fs.exists (deprecated) with fs.stat
2015-03-19 10:47:01 -06:00
Felix Rieseberg
0484eee6a5 Replace fs.exists (deprecated) with fs.stat
Closes 

- Replaces the deprecated fs.exists() with fs.stat(), in accordance with iojs & node.
2015-03-17 11:49:43 -07:00
Pascal Borreli
13838fff9d Fixed typos 2015-03-17 17:43:53 +00:00
Harry Wolff
469aaa398c Add jscs task to grunt file and clean up files to adhere to jscs rules.
resolves 

- updates all files to conform to style settings.
2014-09-17 21:44:29 -04:00
Thai Phan
76f7412a75 Stop packagePath variable from being undefined 2014-09-05 22:52:24 +10:00
Jason Williams
07ad400ee0 Replace the when promise library with bluebird.
Closes 
2014-08-23 17:15:40 +00:00
Harry Wolff
be37070fb6 This aims to speed up both the ghost application and tests by
migration from usage of config() to just an object of config.

no relevant issue

- Change 'loadConfig' task to 'ensureConfig' to more accurately reflect
what it is actually doing.  Its sole purpose is to make sure a `config.js`
 file exists, and as such the name now reflects that purpose.

- Update config/index.js to export the ghostConfig object directly
so that it can be accessed from other modules

- Update all references of config(). to config.
This was a blind global find all and replace, treat it as such.

- Fixes to tests to support new config access method

- Allow each test to still work when invoked invidually
2014-07-22 22:37:44 -04:00
Hannah Wolfe
4aabce4474 correct settings.edit call signature for installedApps
closes 

- this is left over from my refactoring work
2014-05-24 08:21:17 +02:00
Hannah Wolfe
c02ebb0dcf Refactor API arguments
closes , refs 

- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
  everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
  to perform reads, updates and deletes where possible - settings / themes
  may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-15 10:41:05 +01:00
Sebastian Gierlinger
fd0f5a5028 Add distinct error classes
closes 
- added new error classes
- moved errorhandling.js to /errors/index.js
- changed API errors to use new classes
- updated tests
2014-05-09 12:11:29 +02:00
Jacob Gable
298077582b ACL and strict rules for Settings API
Ref 

- Add canThis permission checks to settings api calls
- Add strict rules about accessing core settings without internal: true
- Omit core settings in browse() call unless internal: true
- Update unit tests to call api.settings with contexts
- Add a couple unit tests for new scenarios
- Update all api.settings calls in the app to call with internal context
- Re-arrange permissions.init in server startup so config.theme.update
can access settings without permissions error
2014-05-07 10:56:03 -05:00
Jacob Gable
7e9880ce8d Settings API Primary Document refactor
Closes 

- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
2014-04-30 23:15:27 -05:00
Jacob Gable
822cb2d9f6 AppProxy with permissions checks and app context
Ref 

- Refactor appProxy into class that is instantiated per App
- Check for permissions before doing proxied filter/helper calls
- Add all currently existing api methods, let api check for permissions
- Basic unit tests for filter and helper register/deregister
- Adjusted proxy api method existence unit tests
2014-04-26 10:38:23 -05:00
Sebastian Gierlinger
61e94a6e8b Use current user in models
closes 
- fixed apiContext as suggested in the issue
- added user to options object for models
- added api.users.register() for public registration
- changed models to use options.user for created_by, updated_by,
author_id and published_by
- added override to session model to avoid created_by and updated_by
values
- added user (id: 1) to tests
- added user (id: 1) for registration
- added user (id: 1) for import, fixtures and default settings
- added user (id: 1) for user update
- added user (id: 1) for settings update (dbHash, installedApps, update
check)
- updated bookshelf to version 0.6.8
2014-04-16 18:20:09 +02:00
Jacob Gable
13d2d04c72 App Permissions from package.json
Progress on 

- Add new AppPermissions class with read() method
- has default permissions to read and browse posts
- uses default permissions if no package.json
- uses default permissions if no ghost object in package.json
- errors when reading malformed package.json
- uses ghost.permissions if found in package.json
2014-04-16 18:14:56 +02:00
Fabian Becker
1a9e91f120 Replace JSLint with JSHint.
closes 
- Added ES6 linting to core/client/
- Fix typeof array comparison
2014-03-04 15:47:39 +00:00
Sebastian Gierlinger
7155d95f9d Add JSON API tests & cleanup
first 10 % of 
- added initial version of JSON API tests
- renamed error.errorCode to error.code
- renamed tags.all to tags.browse for consistency
2014-02-28 22:26:03 +00:00
Fabian Becker
3993b676b6 Rename unregisterFilter to deregisterFilter
fixes 
- Rename functions
- Adjust tests
2014-02-10 12:44:07 +00:00
Fabian Becker
3950c8b30a Fix for broken filters where this context was lost.
fixes 
- Change tests to only check for existance
- Properly bind helpers/filters to their instance
2014-02-10 01:45:24 +01:00
Jacob Gable
e3affff713 Install App Dependencies
- Spawns an npm install command from the App root
- Has some special OS checks for windows command spawning
2014-02-08 16:58:13 -06:00
Harry Wolff
f16dc290b7 Improve bootstrap flow of a Ghost application
addresses , 

- Moves ./core/server/loader -> ./core/bootstrap.
The bootstrap file is only accessed once during startup,
and it’s sole job is to ensure a config.js file exists
(creating one if it doesn’t) and then validates
the contents of the config file.

Since this is directly related to the initializing 
the application is is appropriate to have 
it in the ./core folder, named bootstrap as that
is what it does.

This also improves the dependency graph, as now
the bootstrap file require’s the ./core/server/config
module and is responsible for passing in the validated
config file.

Whereas before we had ./core/server/config
require’ing ./core/server/loader and running its
init code and then passing that value back to itself,
the flow is now more straight forward of
./core/bootstrap handling initialization and then
instatiation of config module

- Merges ./core/server/config/paths into 
./core/server/config
This flow was always confusing me to that some config
options were on the config object, and some were on
the paths object.

This change now incorporates all of the variables
previously defined in config/paths directly
into the config module, and in extension,
the config.js file.

This means that you now have the option of deciding
at startup where the content directory for ghost
should reside.

- broke out loader tests in config_spec to bootstrap_spec

- updated all relevant files to now use config().paths

- moved urlFor and urlForPost function into 
 ./server/config/url.js
2014-02-07 17:34:21 -05:00
John-David Dalton
6eab7b3f92 Replace underscore with lodash. 2014-02-06 14:08:34 +00:00
Jacob Gable
c7713c1d27 Load Apps Sandboxed
- Based on suggestions from hswolff loading with a Module class approach
- Loads relative modules in child sandboxes
2014-02-04 15:46:31 -06:00
John O'Nolan
7ebd104f3f Rename 'plugins' to 'apps'
Fixes 
2014-01-21 15:45:27 +07:00