Commit Graph

55 Commits

Author SHA1 Message Date
Fabian Becker
c3417fe090 Serve default robots.txt
closes #2062
- Server robots.txt from theme if available
- Serve default robots.txt from /core/shared/ otherwise
- Added tests for default robots.txt
2014-03-13 21:31:41 +01:00
Fabian Becker
cd74b0e232 Switch to bower for client assets.
fixes #2272
- Remove libraries from shared/vendor
- Remove libraries from client/assets/vendor
- Add bower to package.json and postinstall
- Add bower.json with dependencies
- Add scripts from bower_components to concat/uglify
- Fix tests
- Serve jquery from /ghost/built/theme/
2014-03-04 20:09:26 +00:00
Fabian Becker
1a9e91f120 Replace JSLint with JSHint.
closes #2277
- Added ES6 linting to core/client/
- Fix typeof array comparison
2014-03-04 15:47:39 +00:00
Sebastian Gierlinger
7155d95f9d Add JSON API tests & cleanup
first 10 % of #2124
- added initial version of JSON API tests
- renamed error.errorCode to error.code
- renamed tags.all to tags.browse for consistency
2014-02-28 22:26:03 +00:00
Hannah Wolfe
aa15b464c8 /ghost/reset/* should not redirect to signin
fixes #2257
2014-02-25 10:44:16 +00:00
Michael Bradshaw
b410f5833b Respect subdirectory in authenticate middleware 2014-02-20 09:46:20 -07:00
Sebastian Gierlinger
ea6c601b01 Improvements for models
#closes #1655
- removed models as parameter for bookshelf-session
- changed to read permittedAttributes from schema.js
- changed updateTags to be executed at saved event
- added validate to execute after saving event
- added test for published_at = null (see #2015)
- fixed typo in general.hbs
2014-02-19 14:57:26 +01:00
Hannah Wolfe
e81924282c Merge pull request #2190 from sebgie/issue#2171
Make session expiry less arsey
2014-02-18 22:05:44 +00:00
Sebastian Gierlinger
d3c641ea31 Make session expiry less arsey
closes #2171
- added authentication middleware
- removed authentication from routes
- moved authentication before CSRF validation
- moved caching rules before authentication
- changed/added test
2014-02-14 11:00:11 +01:00
Fabian Becker
691e9e773b Add logging config option
closes #2103
- Deactivate logging for testing environments
- Override logging with settings from config
2014-02-10 21:07:11 +00:00
Harry Wolff
f16dc290b7 Improve bootstrap flow of a Ghost application
addresses #1789, #1364

- Moves ./core/server/loader -> ./core/bootstrap.
The bootstrap file is only accessed once during startup,
and it’s sole job is to ensure a config.js file exists
(creating one if it doesn’t) and then validates
the contents of the config file.

Since this is directly related to the initializing 
the application is is appropriate to have 
it in the ./core folder, named bootstrap as that
is what it does.

This also improves the dependency graph, as now
the bootstrap file require’s the ./core/server/config
module and is responsible for passing in the validated
config file.

Whereas before we had ./core/server/config
require’ing ./core/server/loader and running its
init code and then passing that value back to itself,
the flow is now more straight forward of
./core/bootstrap handling initialization and then
instatiation of config module

- Merges ./core/server/config/paths into 
./core/server/config
This flow was always confusing me to that some config
options were on the config object, and some were on
the paths object.

This change now incorporates all of the variables
previously defined in config/paths directly
into the config module, and in extension,
the config.js file.

This means that you now have the option of deciding
at startup where the content directory for ghost
should reside.

- broke out loader tests in config_spec to bootstrap_spec

- updated all relevant files to now use config().paths

- moved urlFor and urlForPost function into 
 ./server/config/url.js
2014-02-07 17:34:21 -05:00
John-David Dalton
6eab7b3f92 Replace underscore with lodash. 2014-02-06 14:08:34 +00:00
Hannah Wolfe
be9afc439c Merge branch '0.4-maintenance' 2014-01-28 09:25:38 +00:00
Lev Gimelfarb
6cf586aae6 Fix error page resources loading when forceAdminSSL is true
closes #1837
- moved admin theme static resource service above 'checkSSL', otherwise
  when forceAdminSSL is true it will try to redirect them to HTTPS, and
  error pages will be unstyled
2014-01-27 21:57:58 +00:00
Lev Gimelfarb
1df6ac3b94 Detect SSL connection whether or not behind a proxy
closes #1836
- adding server.enable('trust proxy') to let connect framework do the work
  of detecting X-Forwarded-Proto header
- replacing explicit checking for the X-Forwarded-Proto header with just
  'req.secure' boolean check
2014-01-27 21:55:32 +00:00
Hannah Wolfe
199a92d9cb Merge branch '0.4-maintenance'
Conflicts:
	core/server/config/paths.js
	core/test/unit/config_spec.js
2014-01-26 16:11:02 +00:00
Hannah Wolfe
6ec7c42947 Start up safely when the activeTheme is not present
fixes #2000

- resolves errors when attempting to start Ghost without the active theme present
- the frontend will render a 500 error page safely
- issues with themes that have an error template are resolved separately in #2018
2014-01-24 22:14:56 +00:00
Hannah Wolfe
f185a5d616 General cleanup
- Cleanup some todos, comments, and unused variables
2014-01-19 21:08:39 +00:00
Joel Rosenberg
6437f343c1 Including theme partials in a way that supports symbolically linked directories
closes #1937
 - using fs.stat() instead of hasOwnProperty() to test for directory existence
2014-01-14 11:43:23 -08:00
Hannah Wolfe
3dea6431df Ensure cookies are only ever set for admin
fixes #1901

- Adds a trailing slash to the cookie path
- Resolves random log-outs
- Adds a test which proves the case
2014-01-12 17:08:48 +00:00
Sebastian Gierlinger
6220bd19f5 Use ajax for import
closes #1854
- added blueimp file upload to debug.js
- changed POST /ghost/api/v0.1/db to be used with AJAX
- cache invalidation header should now work for import
- moved busboy middleware invocation to routes/api and routes/admin
- moved api.db.import to api.db.importContent (I hated the [] notation)
- moved api.db.export to api.db.exportContent (see above)
2014-01-06 22:55:43 +00:00
Hannah Wolfe
f17b320a7b ghost-busboy improvements
- use hex instead of base64 as this can cause errors when trying to reopen the file due to characters like '/' appearing
- added basic console log to errors.
2014-01-06 22:39:03 +00:00
Sean Hellwig
1640d9bc35 Unique filenames for tmp files in ghost-busboy
fixes #1843

- uses a timestamp and an md5 hash of the filename for the tmp file
  instead of the user-provided filename
2014-01-06 16:03:29 +00:00
Hannah Wolfe
af6137248d New URL helper - URL consistency fixes
fixes #1765
fixes #1811
issue #1833

New UrlFor functions

- moved body of url helper to config.path.urlFor, which can generate a URL for various scenarios
- urlFor can take a string (name) or object (relativeUrl: '/') as the first
  argument - this is the first step towards issue #1833
- also added config.path.urlForPost which is async and handles getting
  permalink setting
- frontend controller, ghost_head helper, cache invalidation all now use
  urlFor or urlForPost all urls should be correct and consistent

URL Consistency Improvements

- refactored invalidateCache into cacheInvalidationHeader which returns a
  promise so that url can be generated properly by urlForPost
- moved isPost from models to schema, and refactored schema to have a tables object
- deleted posts now return the whole object, not just id and slug,
  ensuring cache invalidation header can be set on delete
- frontend controller rss and archive page redirects work properly with subdirectory
- removes {{url}} helper from admin and client, and replaced with adminUrl
  helper which also uses urlFor
- in res.locals ghostRoot becomes relativeUrl, and path is removed
2014-01-06 15:15:48 +00:00
Hannah Wolfe
495b7b7f05 Error handling simplification & test improvements
fixes #1266

- simplifies the check for if a theme has an error template
- adds more / better tests for error handling
2014-01-02 21:03:37 +00:00
Hannah Wolfe
1925fa0196 Cache control headers & query string asset management
closes #1470
issue #1405

- added cache control middleware
- added defaults for all routes, assets, etc
- updated asset helper to add a query string with a timestamp hash to all assets
- added unit tests for asset and ghostScriptTags helpers
- added cache-control checks to route tests
2014-01-02 12:14:33 +00:00
remixz
14750e0d2a Fix live theme switching not working on subdirectories
Closes #1770
- Previously, the middleware would check that the route on the stack was an empty string, which worked when there was no subdirectories
- When subdirectories were added, the proper route was only set when
  updating the theme
- Because it was only set when updating, this explains themes working on
  initial load, since the stack location was looking for an empty
  string, which is what the middleware was initialized with
- However, once a new theme was set, it was still look for an empty
  string, which would never exist, which caused the issue
- Now, the route is properly set on initialization of the middleware,
  and then the `config.paths().subdir` property is used for the check
2013-12-28 15:08:57 -08:00
Hannah Wolfe
755ad934bf Path, url and subdir cleanup & test
issue #1754

- remove path (it was only used once, and not needed)
- change webroot to subdir
- add unit tests for config.paths
- various other cleanup
- renamed client-side ghostRoot to subdir
- added url helper for client
2013-12-28 16:09:56 +00:00
Sebastian Gierlinger
691c8cd5a9 Delete all content (posts and tags)
closes #1445
- added delete button to ‚ugly debug tools‘
- added api call to delete all content
- added /db to cache invalidation routes
2013-12-25 01:05:20 +01:00
Michael Bradshaw
7ee3235a68 Don't use unnecessary (and unescaped) regex
closes #1731
2013-12-21 16:32:57 -07:00
Sebastian Gierlinger
17225d4928 Set cookie secure flag
closes #1680
- added secure flag for cookies if SSL is forced
2013-12-21 20:18:13 +00:00
Fabian Becker
c81c43a96a Complete subdir support.
fixes #527
- Fix image upload in backend
- Use config.paths().webroot where necessary
2013-12-21 19:43:58 +00:00
William Dibbern
bf7692b151 Switch from multipart to busboy
Fixes #1227

- Removed deprecated `multipart` references.
- Setup `busboy` to pass along file streams and do a naive parse of form
values.
- Updated logic in file storage and db import to handle file streams
instead of the temporary files created by `multipart`.
2013-12-17 17:24:30 -06:00
Hannah Wolfe
1c52e3a980 Merge pull request #1636 from hswolff/standardize-path-access
Standardize file path access throughout ghost
2013-12-15 06:42:34 -08:00
Hannah Wolfe
db362b30cd Bug fixes, undefined should not be a string 2013-12-15 11:36:01 +00:00
Patrick Garman
a914077145 Add Force SSL Configuration/Middleware
Solves #1300
- Adds forceAdminSSL bool config value
- Adds checkSSL middleware
- Adds redirectSSL helper function
2013-12-15 10:01:02 +00:00
Hannah Wolfe
409cc34c1d Merge pull request #1651 from hswolff/issue-1645
Update config.theme() after every settings edit
2013-12-13 15:05:18 -08:00
Harry Wolff
9090764052 Standardize file path access throughout ghost
resolves #1390

update all string based references to file paths
to use the ./core/server/config/paths file
so that it is the single source of truth
2013-12-12 21:27:07 -05:00
Seb Gotvitch
fef9b4be25 Bug fixes for partial views
closes #1203
- Update express-hbs module to the new version (0.5.2)
- Use two instance of hbs one for the theme and an other for the admin
- Template helpers are register as partial view
- Partial views of the theme are reload when the theme changed

Remove clear partial cache in handlebars

This code will be move in `express-hbs`.
This doesn't cause a problem to remove this line but it is not clean.

Remove unused hbs instance

Resolve conflict
2013-12-12 12:11:02 -05:00
Harry Wolff
058b82bba1 Update config.theme() after every settings edit
fixes #1645

- removes server.get('ghost root') as it is only an alias
to config.paths().path, and adds unnecessary indirection
- removes config.theme().path as its just an alias to
config.paths().path, updated all relevant references
- update config.theme.update to only require the api/settings object,
and no longer need the config object
- modify api/settings.edit to call config.theme.update so that
the themeObject is ready for next rendering of template
2013-12-12 08:25:08 -05:00
Harry Wolff
c8c02a65fa Remove ghost.js
fixes #1575
- Moves most code that was in ghost.js into ./core/server/index.js
- Creates ./core/server/config/theme.js to hold all theme configurations 
(which previously lived on ghost.blogGlobals())
- Removed ghost.server, passing it in as an argument where needed 
and allowing middleware to hold onto a reference for lazy use.
2013-12-07 10:10:02 -05:00
Sebastian Gierlinger
078f464197 remove ghost.settings and ghost.notifications
covers 90% of #755
- moved ghost.settings to api.settings
- moved ghost.notifications to api.notifications
- split up api/index.js to notifications.js, posts.js, settings.js,
tags.js and users.js
- added instance.globals as temp workaround for blogglobals (Known
issue: blog title and blog description are updated after restart only)
- added webroot to config() to remove `var root = ...`
- changed `e` and `url` helper to async
- updated tests
2013-12-06 09:51:35 +01:00
Hannah Wolfe
dedc5d9239 Update activeTheme path on theme switch
fixes #1583

- the active theme path wasn't getting updated when we were switching theme
2013-11-28 16:10:34 +00:00
Hannah Wolfe
7b2bf5b98c Merge pull request #1577 from halfdan/527-subdir-admin
Fix Admin interface with sub directories
2013-11-28 05:14:23 -08:00
Harry Wolff
89154ad997 Restore support for using ghost as a npm module fixes #1326 2013-11-27 17:39:14 +00:00
Fabian Becker
dcd3b192c1 Subdir support for admin interface
refs #527
2013-11-27 09:57:38 +00:00
Sebastian Gierlinger
e95b592028 Remove cookie from Frontend
closes #1437
closes #1472

- changed cookie to path:'/ghost'
- added conditional CSRF middleware
- added redirects for signup, signin, signout to /ghost/sign*/
2013-11-26 10:38:54 +01:00
Hannah Wolfe
330722efdc Merge pull request #1535 from hswolff/create-config-module
Create config module to standardise getting paths and abs URLs
2013-11-25 14:03:29 -08:00
Hannah Wolfe
b7a8ea5945 Merge pull request #1565 from ErisDS/redirect-fixes
Putting back relative redirects
2013-11-25 13:57:07 -08:00
Harry Wolff
b920662790 Create the config module, initially used
to standardise getting paths and absolute URLs.  Easy
to extend for other configurations we may need.
2013-11-25 16:35:16 -05:00