Commit Graph

1727 Commits

Author SHA1 Message Date
Austin Burdine
7d304a046f refactor admin config to include explicit value types
closes #6266
- add "type" to valid keys in configuration api
- refactor ember config service to parse values based on provided type
2016-01-19 09:43:09 -06:00
Hannah Wolfe
1b5b6cf6e3 Merge pull request #6314 from halfdan/6287-import
Only import tables defined in core/server/data/schema.js
2016-01-19 15:22:24 +00:00
Fabian Becker
eef37acc49 Revert i18n in startup-check
- Removes preinstall dependencies
- Reintroduce old plain english strings
- Remove translations for startup check

closes #6332
2016-01-13 14:46:51 +01:00
Hannah Wolfe
4a7a19c86a Merge pull request #6070 from kevinkucharczyk/harvesting-server-side-strings
Harvest server side strings
2016-01-12 20:04:53 +00:00
JT Turner
e4c52a6915 Fix urlFor to handle secure correctly
issue #6270
- Exposed getBaseUrl on the config class.
- Fix formatting config index as array was more then 140 characters long.
- Updated getBaseUrl to handle secure by replacing http with https if true.
- Fixed ghost_head helper to output canonical base url no https.
- Fixed ghost_head helper to set secure correctly for the rss link.
- Fixed navigation helper to pass secure in each nav item, so that urlFor can u$
- Fixed {{url}} to pass secure correctly to config.urlFor.
- Fixed test to use urlSSL over https besides for canonical.
- Add tests for {{url}} and to make sure they output https for absolute and secure.
- Update twitter and og url to use the canonical url.
2016-01-11 19:40:30 -08:00
Hannah Wolfe
dfa74ffcd5 Merge pull request #6304 from halfdan/fix-6290
Disallow access to author/tag rss feeds if private blogging is on
2016-01-11 14:04:19 +00:00
Fabian Becker
c8e30f0182 Make regex for subfolder deduplication more restrictive
- Add subdir to protected slugs
- Fix regex for subfolder deduplication

fixes #5605
2016-01-11 12:46:59 +01:00
Fabian Becker
2770def8f1 Only import tables defined in core/server/data/schema.js
fixes #6287
2016-01-11 11:56:18 +01:00
Hannah Wolfe
5e2523a305 Merge pull request #6273 from johnny94/add-attributes
Add attributes for `{{tags}}` and `{{#foreach}}` helpers
2016-01-11 10:24:04 +00:00
Szu Yaung
70327c2a74 Add attributes for {{tags}} and {{#foreach}} helpers
issue #6205
- added `from` and `to` attribute for `{{tags}}` and `{{#foreach}}` helpers.
- added tests for these new atttributes
2016-01-10 02:47:36 +08:00
Hannah Wolfe
816e773f93 Merge pull request #6298 from jtwebman/fix_ghost_head_on_error_page
Fix ghost_head helper to not run if error page.
2016-01-09 13:42:03 +00:00
Hannah Wolfe
5fdfc5a091 Merge pull request #6296 from jgable/imageTags
Refactor sitemap generation to include images consistently
2016-01-09 13:28:32 +00:00
Fabian Becker
8a16dd5d7e Disallow access to author/tag rss feeds if private blogging is on
- Also fixes an issue where posts/tags with slugs starting with rss/sitemap became inaccessible

fixes #6290
2016-01-07 15:03:39 +01:00
JT Turner
3af224ed39 Fix ghost_head helper to not run if error page.
issue #6289
- Made quick fix to return from ghost_head helper if error page
2016-01-05 23:31:46 -08:00
Jacob Gable
d1348d709f Refactor RSS Image node generation
fixes #6292

- Added createImageNodeFromDatum to BaseSiteMapGenerator
- Refactor some defaults code that was unnecessary
- Add tests for posts, tags, users and posts with images
2016-01-05 21:25:52 -08:00
Hannah Wolfe
c10eb58144 Add missing chars to slug generator
closes #6272

- curly braces and back-tick should also be replaced with a dash
- other symbols and chars in ascii table are either removed or replace
- not all the replacements are sensible, but better than having odd chars in the slug for now
2016-01-05 19:12:44 +00:00
Sebastian Gierlinger
c533c48b89 Merge pull request #6251 from ErisDS/issues-6247
Switch channel filters to use strings not literals
2015-12-21 20:20:44 +01:00
Kevin Ansfield
c28f4853b8 Merge pull request #6244 from acburdine/issue-6226
Fix authentication error if setup/two is re-submitted
2015-12-21 11:14:39 +00:00
Hannah Wolfe
20f102808a Switch channel filters to use strings not literals
fixes #6247

- GQL has a bug where literals starting with numbers are incorrectly parsed
- Using strings instead of literals is a workaround, but is probably safer anyway
2015-12-20 16:03:39 +00:00
rfpe
7abcc43907 Harvest server side strings
closes #5617
- Replace all hard-coded server-side strings with i18n translations
2015-12-19 12:12:16 +01:00
Austin Burdine
ea1e454038 fix authentication error if setup/two is re-submitted
closes #6226
- adds calls to oauth middleware on PUT /authentication/setup/
- prevent setup/two from trying to log in again if user is already logged in
2015-12-18 12:18:13 -07:00
Fabian Becker
3b235b9acb Fix broken @last for foreach with limit
refs #6205
2015-12-18 15:55:12 +01:00
Matt Enlow
b5b0ec190b Register helpers as non-asynchronous
Ref #5850
2015-12-17 07:39:43 -07:00
Hannah Wolfe
14c3bd605e Ensure filter parse errors generate 422 not 500
no issue

- This resolves some issues we've seen with Ghost throwing 500 errors when the filter parameter is incorrectly structured/formatted
2015-12-15 15:01:06 +00:00
Sebastian Gierlinger
68a3c2527d Merge pull request #6225 from ErisDS/ghost-head-fix
Ensure `{{ghost_head}}` doesn't overwrite values
2015-12-15 15:13:17 +01:00
Hannah Wolfe
cbea617a24 Ensure {{ghost_head}} doesn't overwrite values
closes #6221

- clones contextObject so that updating values doesn't overwrite real data
2015-12-15 13:18:29 +00:00
Sebastian Gierlinger
efaa04ba61 Merge pull request #6223 from ErisDS/ghost-url
Prep shared API URL util for use on external sites
2015-12-15 14:17:41 +01:00
Kevin Ansfield
f1d7bd3bcb Merge pull request #6092 from ericschultz/aria-pagination
Add aria-hidden to the pagination arrows
2015-12-15 12:56:16 +00:00
Hannah Wolfe
9eadeb9fbb Prep shared API URL util for use on external sites
refs #5942, #6150

There were a few key problems I was looking to solve with this:

- Introduce a single point of truth for what the URL for accessing the API should be
- Provide a simple way to configure the utility (much like a true SDK)

As of this commit, this utility is still automatically available in a Ghost theme.
To use it on an external site, the code would look like:

```
<script type="text/javascript" src="http://my-ghost-blog.com/shared/ghost-url.min.js"></script>
<script type="text/javascript">
ghost.init({
   clientId: "<your-client-id>",
   clientSecret: "<your-client-secret>"
});
</script>
```

To achieve this, there have been a number of changes:

- A new `apiUrl` function has been added to config, which calculates the correct URL. This needs to be unified with the other url generation functions as a separate piece of work.
- The serveSharedFile middleware has been updated, so that it can serve files from / or /shared and to substitute `{{api-url}}` as it does `{{blog-url}}`.
- ghost-url.js and ghost-url.min.js have been updated to be served via the serveSharedFile middleware
- ghost-url.js has been changed slightly, to take the url from an inline variable which is substituted the first time it is served
- `{{ghost_head}}` has been updated, removing the api url handling which is now in config/url.js and removing the configuration of the utility in favour of calling `init()` after the script is required
- `{{ghost_head}}` has also had the meta tags for client id and secret removed
- tests have been updated
2015-12-15 11:50:46 +00:00
Hannah Wolfe
7fea696d21 Merge pull request #6213 from cobbspur/getPaginationFix
Ensure {{get}} helper returns pagination
2015-12-15 11:20:42 +00:00
Hannah Wolfe
bc97de5fe9 Unify usage of config in unit tests
no issue

- provide a single point for accessing config in unit tests
- create a single way to set and restore config
- ensure that restore deletes top level optional keys that are now undefined
- use this._config in check deprecations, otherwise the config gets cached
- solves issues with interdependent tests
2015-12-15 10:48:24 +00:00
Sebastian Gierlinger
432f8610c8 Merge pull request #6220 from ErisDS/issue-6205-limit
Add `limit` attribute to tags & foreach helpers
2015-12-15 11:37:44 +01:00
Sebastian Gierlinger
69ccca2cca Merge pull request #6167 from ErisDS/perma-ppp
Moving 'permalinks' and 'postsPerPage' to config.theme cache
2015-12-15 11:35:46 +01:00
Hannah Wolfe
a27f22acf5 Add limit attribute to tags & foreach helpers
refs #6205

- limit attribute allows theme developers to restrict output from these helpers to a smaller number
than would usually be output
2015-12-15 10:05:25 +00:00
Hannah Wolfe
883152ff15 Improvements to client auth error logging
no issue

- If client credentials are missing, or not valid, output a clear message in the server console
- Still defaults to sending the 'access denied to url' error to the frontend
2015-12-15 08:29:44 +00:00
Hannah Wolfe
e84b7f3217 Cache permalinks & postsPerPage on config.theme
no issue

- Cache the permalinks & postsPerPage settings on the config.theme object
- Use the config.theme cache to reference these items throughout the frontend of a blog
- Removes the need for workarounds and extra code to handle async fetches
- Makes these values accessible to all themes, which is very useful now we have the API stuff
2015-12-15 08:16:53 +00:00
cobbspur
0ce4078f45 Ensure {{get}} helper returns pagination
No Issue

- pagination returned if meta pagination exists
- needed to allow pagination helper to work
2015-12-14 13:27:07 +00:00
Hannah Wolfe
2b145b3c61 Merge pull request #6202 from acburdine/ghost-url-updates
`ghost.url.api` cleanup/minification
2015-12-10 17:21:14 +00:00
Hannah Wolfe
8c355349b3 No more soft 404s in pagination
closes #6201

- redirects for page/1/ or rss/1/ are now 301s
- any other invalid page now 404s
2015-12-10 15:00:02 +00:00
Austin Burdine
8f89997deb minify ghost.url.api in production
closes #6150
- clean up ghost.url.api script
- switch to inlining config and making the ghost-url.js file an external request
- add minification in production
2015-12-10 08:46:58 -06:00
Hannah Wolfe
16c71dde22 Merge pull request #6032 from vdemedes/pipeline-mail
Refactor mail API with pipeline utility
2015-12-09 19:28:08 +00:00
Hannah Wolfe
88065f58a0 Remove filters from theme helpers (no async)
closes #5850

- filters were added so that apps could change the output of the helpers, but as async helpers are a hack, this led to issues
- apps aren't currently a working part of Ghost, so for now, lets remove the filters
- we'll add these back when we have a better implementation of async helpers & this style of app is back on the cards
2015-12-08 14:35:04 +00:00
Hannah Wolfe
a956d595f2 Make channel config dynamic
refs #5091, #6166

- fetch channel config via an internal function
- prevents channel config from being statically cached at runtime
- means that labs & other settings can be used to change these values
2015-12-07 20:06:35 +00:00
John Cruikshank
5e6ed119fa fixing 'undefined is not a function' error when loading apps 2015-12-04 23:00:37 -06:00
Hannah Wolfe
4bfacf6b86 Change server-side labs utility to be synchronous
refs #6165

- Use the settings cache to populate config.labs whenever settings change
- Use the labs util just to check if a flag isSet synchronously
2015-12-03 16:05:50 +00:00
Sebastian Gierlinger
bc83dbce09 Merge pull request #6145 from ErisDS/view-refactor
Unify code for picking a template to render with
2015-12-02 10:02:31 +01:00
Brandon Hops
e5ee97bece Remove undefined function and fix some comments 2015-12-01 23:28:36 -08:00
Hannah Wolfe
7ebc7f7ff1 Merge pull request #6126 from sebgie/option-restore
Restore options
2015-12-02 12:13:36 +08:00
Hannah Wolfe
9f4c6957de Merge pull request #6155 from StevenMcD/issue_6140
Add .git folder to ignore folders list
2015-12-02 12:07:25 +08:00
Sebastian Gierlinger
ee275f4d0c OAuth Middleware refactor
refs #5286
- moved oauth server initialization to oauth.js
- moved generateAccessToken() to oauth.js
- added tests
2015-12-01 21:20:11 +01:00
StevenMcD
6956985c28 Add .git folder to ignore folders list
closes #6140
- simply added '.git' to the list of folder names to ignore when checking for valid themes.
2015-12-01 21:14:23 +02:00
Hannah Wolfe
395079cd2f Unify code for picking a template to render with
refs #5091

- 100% coverage for new frontend/templates file
- new module handles the logic for determining which template to render with
2015-12-01 12:05:46 +08:00
Sebastian Gierlinger
245095c199 Origin Header revisited
closes #6106
- added override for my-ghost-blog.com
- added local IP addresses to be allowed
- changed localhost/127.0.0.1 to be allowed in production
2015-11-26 13:11:31 +01:00
Hannah Wolfe
f25039c4b9 Docs link & unique error codes for startup checks
refs #5821, #6063

- switch out help test to go to a comprehensive doc
- change error codes from 1 to unique codes
2015-11-26 16:20:11 +08:00
Sebastian Gierlinger
014e2c88dd Restore options
refs #6122
- restore original options after delete
- this is a fix for one use case, long term we should aim to leave
options untouched and execute special queries with temporary data
2015-11-25 09:59:27 +01:00
Sebastian Gierlinger
8c50609491 Handling Origin Header
closes #6106
- added better error message for client and console
- added exclusion of localhost/127.0.0.1 for dev mode
2015-11-23 18:21:19 +01:00
Hannah Wolfe
8f620b6dce Merge pull request #6063 from jgillich/version-check
Enable Node 4.2 testing
2015-11-23 09:56:27 +00:00
Jakob Gillich
faa1655a50 Enable Node 4.2 testing
* Do not error when node unsupported if GHOST_NODE_VERSION_CHECK=false is set
* Run engine check in preinstall script
* Add 4.2 to travis

issue #5821
2015-11-23 06:45:40 +01:00
Hannah Wolfe
d4c8b69673 Support ordering by count
refs #6009

- super quick and dirty way to support ordering by counts
- @TODO refactor :)
2015-11-22 17:18:30 +00:00
Hannah Wolfe
2aa16514a3 Rename post_count to count.posts
refs  #6009

- This is a straight rename, no functionality is added
- The dot syntax requires pre/post processing to convert the name
- This PR also includes several updates to the tests, as they weren't being run as part of Travis!
2015-11-20 14:59:58 +00:00
Hannah Wolfe
5df3cd5cfd Merge pull request #6064 from acburdine/ajax-helper
Add themes 'ajax' helper
2015-11-20 11:54:23 +00:00
Austin Burdine
250edf2b06 add themes ajax helper
closes #5942
- adds helper script for calling the api in themes
- adds tests for said helper script
2015-11-19 07:13:54 -06:00
Sebastian Gierlinger
55564e3daf Merge pull request #6091 from ErisDS/safe-count
Safe post_count for Tags & Users
2015-11-19 10:34:14 +01:00
Eric Schultz
1ddea6dbc1 Add aria-hidden to the pagination arrows
Pagination arrows seem to be an appropriate place to use aria-hidden. That is the use-case for bootstrap (http://getbootstrap.com/components/#aligned-links) and based upon my understanding of area seems to be correct.
2015-11-18 13:54:33 -06:00
Hannah Wolfe
770f45245c Safe post_count for Tags & Users
refs #6009, #5614

- Use the new isPublicContext method to detect whether to add extra clauses to the count
- Add count to users
2015-11-18 19:19:11 +00:00
Hannah Wolfe
f8d9af1010 Add some debugging tools to filters
- pass debug: true to the API to get some useful debug output
- does not work in production mode

Note: I have added these lines back in so many times in the past month or so so that I could
figure out what was happening, I figured everyone else might find them useful.

TODO: use a proper logging method dependent on env
2015-11-18 19:17:06 +00:00
Sebastian Gierlinger
c53d31a059 Merge pull request #6082 from ErisDS/filter-plugin
Filter plugin
2015-11-17 12:32:56 +01:00
Hannah Wolfe
6a0f1cf231 Filter plugin with enforce/default logic
refs #5614, #5943

- adds a new 'filter' bookshelf plugin which extends the model
- the filter plugin provides handling for merging/combining various filters (enforced, defaults and custom/user-provided)
- the filter plugin also handles the calls to gql
- post processing is also moved to the plugin, to be further refactored/removed in future
- adds tests showing how filter could be abused prior to this commit
2015-11-17 10:39:44 +00:00
Sebastian Gierlinger
6b31f362a2 Merge pull request #6083 from ErisDS/filter-missing
Add filter param for tags & users
2015-11-17 08:33:56 +01:00
Sebastian Gierlinger
088d5131cf Merge pull request #6027 from reinoudk/bp-limit
Make bodyparser limit configurable to allow for posts larger than 100kB
2015-11-17 08:25:56 +01:00
Hannah Wolfe
1a3ae578af Add filter param for tags & users
refs #5604

- `filter` is missing from tags & users - add it in and add tests which show it works
2015-11-16 18:16:59 +00:00
Sebastian Gierlinger
1b17456f5b Merge pull request #6067 from ErisDS/gql-update
deps: ghost-gql@0.0.3
2015-11-16 16:00:55 +01:00
Hannah Wolfe
a3bd00d978 deps: ghost-gql@0.0.3
- adds test for nested null/not null query issue
- make use of new findStatement tool
2015-11-16 14:44:48 +00:00
Hannah Wolfe
666a616551 Add access rules bookshelf plugin
refs #5614

- change isPublicContext to detectPublicContext
  - behaviour now expands the context object out
  - this is a bit of a sideeffect, but this is the simplest change
    that makes it possible to use the context in the model layer without
    significant wider changes
- add new access rules plugin
  - takes a context object as part of `forge()` & caches it on the model instance
  - provides helper functions for testing access rules later on
2015-11-16 12:24:01 +00:00
Sebastian Gierlinger
007c06fdc0 Merge pull request #6065 from acburdine/export-fix
Fix DB export throwing access denied errors
2015-11-16 10:00:22 +01:00
Austin Burdine
67a6b4c07b allow api requests to be made with the access token as a query parameter
closes #6040
- adds check for access token query parameter in auth middleware
2015-11-12 11:26:18 -06:00
Hannah Wolfe
4dac01cbf9 Refactor old processOptions/where to use GQL JSON
refs #5943

- no longer assume the options in processOptions are set
- set where to a new GQL JSON-like statement object
- rather than setting options, add statements which can be understood by knexify
- pass the statements through knexify to build the query
2015-11-12 17:24:09 +00:00
Hannah Wolfe
8edf382b40 Move bookshelf plugins into own folder 2015-11-11 19:40:12 +00:00
Reinoud Kruithof
e5e699ad8f Set bodyparser limit to 1mb to allow for posts larger than 100kB
closes #5998
- added bodyparser limit of 1mb in core/server/middleware/index.js
2015-11-10 11:25:24 +01:00
Hannah Wolfe
b8bab0e74c Removing featured option code
ref #5943

- found some more code that can be removed
2015-11-09 12:15:40 +00:00
Sebastian Gierlinger
132b2a7084 Merge pull request #6045 from ErisDS/api-meta
Add meta tags for client_id & client_secret
2015-11-05 10:51:24 +01:00
Hannah Wolfe
19603a33f3 Check client is enabled before auth
no issue

- add a check that the client has status 'enabled' to client auth strategy
- this permits the disabling of clients easily
- update tests
2015-11-04 16:59:56 +00:00
Hannah Wolfe
e70898a842 Add meta tags for client_id & client_secret
refs #5942

- refactor ghost_head to use Promise.props (settle is going away and this is easier)
- add a new call to fetch the frontend client, if it exists
- add meta tags for the client_id and client_secret on all pages
- don't include the meta tags if the client is not enabled, or if the labs flag is not set
2015-11-04 16:39:39 +00:00
Sebastian Gierlinger
ddf9874fa1 Disallow staticPages from public API
refs #5151
- disable staticPages parameter for calls without authentication
2015-11-04 10:03:27 +01:00
Hannah Wolfe
df82895db7 Move get helper behind labs flag
issue #5976

- break out the labs check into a utility
- wrap the get helper in a labs check, so it only works if the checkbox is checked
- make the get helper output an error to both the server and browser console if used when not enabled
2015-11-03 19:39:37 +00:00
Hannah Wolfe
e0a6d027c8 Move cross-table api counts into plugin
refs #6009, #5615

- minimal refactor to remove the addition of count from pagination and other various points
- create a include count plugin that overrides fetch and fetchAll
- this ensures that counts get added at the right points
2015-11-03 14:09:38 +00:00
Sebastian Gierlinger
c4f9cde008 Merge pull request #6037 from ErisDS/pagination
Pagination cleanup & improvements
2015-11-03 13:53:18 +01:00
Sebastian Gierlinger
369b6ad19c Merge pull request #6036 from ErisDS/pipeline
Pipeline util tests, clean & fix
2015-11-03 13:52:31 +01:00
Hannah Wolfe
ea402218d3 Pagination cleanup & improvements
no issue

- switching from using fetch to fetch all means some code can be removed from the fetchPage method
- updating tests to reflect cleaner code
- ensure coverage is at 100%
2015-11-03 11:01:48 +00:00
Hannah Wolfe
9d07e6f3be Pipeline util tests, clean & fix
no issue

- added comments to pipeline util, inc where it came from
- added tests for pipeline util
- tests uncovered a bug with promises for args, which has been fixed
2015-11-03 09:14:44 +00:00
Hannah Wolfe
8db90bae73 Merge pull request #5984 from sebgie/issue#5941
Move Public API behind labs flag
2015-11-02 16:15:50 +00:00
Kevin Ansfield
92123e427f Use tag slugs in URLs for tag management and add front-end edit redirect
refs #5845
- adds custom adapter for tags so that `store.queryRecord('tag', {slug: 'tag-slug'})` hits the `/tags/slug/tag-slug` endpoint instead of `/tags/?slug=tag-slug`
- updates tag management screens to use tag slugs instead of IDs
- adds `/tag/:slug/edit` redirect to front-end
2015-11-02 14:56:59 +00:00
vdemedes
51ce3572a0 Refactor mail API with pipeline utility
refs #5508
- refactor mail API with pipeline utility
2015-11-02 14:23:05 +01:00
Sebastian Gierlinger
bf65c136ce Move Public API behind labs flag
closes #5941
- added UI to labs page
- added method to determine if full authentication is required
- updated public_api tests to enable public api first
2015-11-02 14:18:58 +01:00
Hannah Wolfe
0c9befc16f Merge pull request #5999 from delgermurun/api-db-refactor
db api endpoint validation error refactor
2015-11-02 13:16:07 +00:00
Sebastian Gierlinger
de147ba044 Merge pull request #6030 from ErisDS/mini-refactor
Don't use api to lookup theme in frontend controller
2015-11-02 14:14:59 +01:00
Hannah Wolfe
a78ee06848 Merge pull request #6019 from vdemedes/api-order
Add order parameter
2015-11-01 15:04:24 +00:00
Hannah Wolfe
d6fb21fa28 Don't use api to lookup theme in frontend controller
no issue

- small fix, we already have the info, no need to look it up again
2015-10-30 19:02:06 +00:00
Sebastian Gierlinger
6474bba64e Merge pull request #6024 from cobbspur/limit
Ensure public api can uses limit parameter
2015-10-29 17:23:09 +01:00
cobbspur
d0d126eba7 Ensure public api can uses limit parameter
No Issue

- removes client id and secret after authentication
- adds tests to check default limit, all and integer
2015-10-29 15:36:54 +00:00