Commit Graph

20979 Commits

Author SHA1 Message Date
renovate[bot]
4f4662490f
Update Koenig packages (#21480) 2024-10-31 10:11:27 +00:00
Daniel Lockyer
ea6d3a0f26 ️ Optimized fetching strings from the settings cache
fix https://linear.app/ghost/issue/ENG-1105/settingscacheget-is-slow

- through profiling and flamegraphs, we can see that `_doGet` is one of
  the bottlenecks during high traffic times, sometimes taking up to 20%
  of the CPU time when hammering Ghost with `wrk`
- this is because, for the majority of settings cache lookup, we're
  running `JSON.parse`, which blocks the main thread
- whilst we're only parsing small strings, we're doing it a LOT,
  sometimes hundreds of times per request, which adds up
- this code just throws most deserializing at `JSON.parse`, so if we can
  stop it from doing that, it'd be a huge win
- my initial attempts here were to convert the _doGet function to a
  smarter deserializing, by looking up `cacheEntry.type` and acting
  accordingly
- however, it became a bit of a logical nightmare, and difficult to
  reason about for now (i still think we should do it)
- therefore, I'm just doing to add a hotpath fix to catch 99% of
  usecases, which is checking the type of the cache entry and returning
  the value if it's a string
- on a trivial benchmark locally, this causes Ghost to return 30% more
  requests per second!!
2024-10-31 10:13:10 +01:00
Sodbileg Gansukh
fa31176621
Removed Prata font (#21478)
ref DES-926
2024-10-31 05:43:39 +00:00
Ronald Langeveld
87e24f6403
Revert "Enhanced Comments Ordering for Best Liked Sorting (#21473)" (#21475)
This reverts commit fd18a39238.
2024-10-31 03:28:44 +00:00
Ronald Langeveld
fd18a39238
Enhanced Comments Ordering for Best Liked Sorting (#21473)
ref PLG-220

- Improved `getBestComments` service to paginate correctly since we're
using a custom query to determine the top comments that goes beyond the
scope of what `findPage` is capable of.
- Updated CommentsController and CommentsService to support custom order
parameters.
- Added tests
2024-10-31 01:44:15 +00:00
matsbst
fbad9f114a
🌐 Added new and improved Norwegian translation (#21452)
- New and improved Norwegian translation. All strings translated.
2024-10-30 15:38:46 +00:00
Steve Larson
97e756ec3b
Bumped Portal and search packages (#21467)
no ref

These had new minors shipped without a bump in Ghost core.
2024-10-30 14:18:06 +00:00
Kevin Ansfield
98c06f8126 Fixed removal of event tracker requests in Sentry
no issue

- filtering was previously added to breadcrumbs but that wasn't enough to clean up Sentry reports
- added filtering to the `beforeSend` hook too so reports don't get cluttered with unhelpful XHR noise
2024-10-30 11:52:50 +00:00
Kevin Ansfield
856dd1fc2b 🐛 Fixed "Access Denied" error when accepting staff invite
ref https://app.incident.io/ghost/incidents/117

- the authenticate call made as part of signup was missed as part of the update when we adjusted the params for `cookie` authenticator's `authenticate` method in Admin so it could switch behaviour for 2fa
- fixed the authenticate call params and updated our mocked `/session` endpoint to check for expected POST data which would have let tests catch this error
2024-10-29 17:57:13 +00:00
Sodbileg Gansukh
4b32a3d9c3
Fixed signup card button height (#21446)
ref DES-923
2024-10-29 07:31:29 +00:00
Ghost CI
75948c6d45 Merged v5.98.1 into main 2024-10-28 20:53:37 +00:00
Ghost CI
2c7de4e29a v5.98.1 2024-10-28 20:53:35 +00:00
Steve Larson
00bd31a718 🐛 Fixed malformed unsubscribe_url in members api response (#21437)
no ref
2024-10-28 15:36:05 -05:00
Sodbileg Gansukh
2b2981205e Fixed banner text color in dark mode (#21427)
ref DES-908
2024-10-28 15:35:09 -05:00
Daniël van der Winden
5581695b02
Fixes Members filter falling offscreen on mobile viewports (#21438)
fixes
https://linear.app/ghost/issue/DES-922/members-filter-ui-appears-offscreen-on-mobile

Updated the positioning for the member filter dropdown to work more
accurately on mobile viewports.
2024-10-28 15:24:54 +00:00
Krisztian Kecskes
84966747dd
🌐 Added Hungarian locale for Search (#21428)
no ref

The translation of this was somehow missed in the past, now I've
replaced it.
2024-10-28 15:07:22 +00:00
Steve Larson
f577aafa52
🐛 Fixed malformed unsubscribe_url in members api response (#21437)
no ref
2024-10-28 09:58:09 -05:00
Daniël van der Winden
91e10e2959
Adds a margin between buttons (#21436)
fixes
https://linear.app/ghost/issue/DES-919/missing-space-between-back-button-and-status-indicator-in-editor

The `editor-post-status` needed a margin on its left side.
2024-10-28 14:35:02 +00:00
Kevin Ansfield
bf714ac22f
Fixed some elements overlapping mobile nav (#21431)
closes https://github.com/TryGhost/Ghost/issues/21418

- adjusted z-index for the mobile nav expanded state so elements like
members filters no longer overlap
2024-10-28 13:23:19 +01:00
renovate[bot]
7589b36944 Update dependency nodemailer to v6.9.16 2024-10-28 11:17:18 +00:00
Sodbileg Gansukh
ef4ac66bef
Fixed banner text color in dark mode (#21427)
ref DES-908
2024-10-28 18:36:38 +08:00
Sodbileg Gansukh
259593d517
Switched from @import to <link> for loading custom fonts (#21425)
ref DES-911
2024-10-28 14:08:16 +08:00
Princi Vershwal
84473dd094
Not storing icons and thumbnails in case of mention (#21424)
Ref
https://linear.app/ghost/issue/ENG-1662/incoming-recommendations-get-deleted-if-the-metadata-icon-fails-to

https://linear.app/ghost/issue/ENG-904/bookmark-card-hot-linking-favicons
2024-10-28 05:29:49 +00:00
Ghost CI
e9c88203da v5.98.0 2024-10-27 23:59:39 +00:00
Ghost CI
77d66ada70 🎨 Updated Source to v1.3.3 2024-10-27 23:59:38 +00:00
Kevin Ansfield
9dff9cc364 Fixed 2fa re-send browser test
ref 9fa0c24be9

- updated to match current button text
2024-10-25 17:32:56 +01:00
Kevin Ansfield
9fa0c24be9 Removed resend countdown from 2fa flow
closes https://linear.app/ghost/issue/ENG-1658

- switched to using a task to match patterns elsewhere and have better cancellation behaviour if code is re-used in a short-lived component
- added `drop: true` task modifier to our main tasks so they can't be triggered again whilst we're waiting on an API request
- removed confusing countdown in button text
- restored forced "text" data type for resend API request to match API behavior
- added acceptance tests for resend behaviour
2024-10-25 15:26:23 +01:00
Fabien 'egg' O'Carroll
5fd22df669
Bumb gscan to v4.45.0
refs https://github.com/TryGhost/Ghost/commit/21da7f6b50c

Adds support for the new `content_api{key,url}` helpers
Fixes the ordering of the `@tryghost/custom-fonts` dep
2024-10-25 10:52:17 +00:00
Cathy Sarisky
21da7f6b50
Added content_api_url helper (#21331)
This adds a `content_api_url` helper, returning the url for Ghost's
Content API. By default it will return an absolute URL but can be 
passed `absolute=false` if a relative URL is wanted.

This works in tandem with the `content_api_key` helper to
facilitate third party integrations with the Content API, for
example - custom Portal or Search implementations.
2024-10-25 16:37:56 +07:00
Fernando Ochoa
66b1cb0db2
Improved es translation for no search results 2024-10-25 14:55:09 +07:00
Ludovic Toinel
c8b05fdfa6
Added missing name attribute to "WebSite" metadata
refs https://developers.google.com/search/docs/appearance/site-names?hl=fr#website

The 'WebSite' type from https://schema.org should have a name attribute
on the root object. This value is used by Google Search for the name
display on to top of the content title.
2024-10-25 14:40:45 +07:00
Peter Gonda
a9e69d3b0d
Updated slovak translations for search (#21394)
Thanks to my friend Boshi for reviewing ❤️
2024-10-25 12:34:31 +07:00
Chris Raible
162149a04d
Fixed "specific tiers" flaky publishing test (#21404)
no issue

- Fixed a flaky [publishing
test](https://github.com/TryGhost/Ghost/actions/runs/11509561903/job/32039943951)
that was suffering from a race condition. It was trying to copy the
bookmark link shown on the publishing complete modal, but it was
sometimes already closed by that point.
- It seemed to pass consistently locally, but in CI it would frequently
fail. This commit should wait to copy the link before closing the modal.
2024-10-24 18:38:43 -07:00
Chris Raible
b44ad06015
Fixed browser tests yielding a false passing result in CI (#21401)
no issue

- Browser tests in CI were yielding a passing result even if one or more
tests failed (including retries).
- The `yarn dev` command that triggers the browser tests in CI was
catching any errors and exiting with code 0, resulting in a  in CI.
- This commit changes `yarn dev` to exit with code 1 if the browser
tests fail, so that CI will correctly fail if any of the browser tests
fail.
2024-10-24 17:22:37 -07:00
Chris Raible
af0f26c75f
Added Dev Container setup (#21279)
no issue

- Dev Containers let you work on Ghost in a consistent, isolated
environment with all the necessary development dependencies
pre-installed. VSCode (or Cursor) can effectively run _inside_ the
container, providing a local quality development environment while
working in a well-defined, isolated environment.
- For now the default setup only works with "Clone repository in
Container Volume" or "Clone PR in Container Volume" — this allows for a
super quick and simple setup. We can also introduce another
configuration to allow opening an existing local checkout in a Dev
Container, but that's not quite ready yet.
- This PR also added the `yarn clean:hard` command which: deletes all
node_modules, cleans the yarn cache, and cleans the NX cache. This will
be necessary for opening a local checkout in a Dev Container.
- To learn more about Dev Containers, read this guide from VSCode:
https://code.visualstudio.com/docs/devcontainers/containers#_personalizing-with-dotfile-repositories

---------

Co-authored-by: Joe Grigg <joe@ghost.org>
Co-authored-by: Steve Larson <9larsons@gmail.com>
2024-10-24 11:15:08 -07:00
Aileen Booker
c1ce322e86
Custom fonts (#21337)
- Adding custom fonts for themes behind a feature flag
- Introduces new `@tryghost/custom-fonts` module to manage custom fonts
- UI updates for Branding and Theme settings

---------

Co-authored-by: Fabien O'Carroll <fabien@allou.is>
Co-authored-by: Sodbileg Gansukh <sodbileg.gansukh@gmail.com>
Co-authored-by: Peter Zimon <peter.zimon@gmail.com>
Co-authored-by: Sanne de Vries <sannedv@protonmail.com>
Co-authored-by: Daniël van der Winden <danielvanderwinden@ghost.org>
2024-10-24 07:43:08 -04:00
Ronald Langeveld
96239d31a6
Added Comments Sorting UI (#21375)
ref PLG-220

- Added UI for Comments Sorting on the Comments UI App.

Co-authored-by: Sanne de Vries <65487235+sanne-san@users.noreply.github.com>
2024-10-24 19:01:14 +09:00
Ghost CI
ee980e3e34 Merged v5.97.3 into main 2024-10-23 12:30:55 +00:00
Ghost CI
e8b6f9ff84 v5.97.3 2024-10-23 12:30:53 +00:00
Michael Barrett
75205a7d31
Updated admin-x-activitypub URL to point at shorter cached version (#21378)
no refs
2024-10-23 13:03:40 +01:00
Daniel Lockyer
9c6992535b Refactored URL service code to aid with debugging
- replaced a couple of uses of lodash.each in favor of native for loops
- tidied up `debug` statements and spacing
- pulled out common statements into variables
2024-10-23 13:17:54 +02:00
Ludovic Toinel
182a07278d
Added missing lang attribute to html tag for AMP
refs https://github.com/ampproject/amphtml/blob/main/docs/spec/amp-html-components.md

SEMRush was giving back issues on AMP analysis due to this missing attribute
2024-10-23 18:05:46 +07:00
Michael Barrett
5492e64988
Updated admin-x-activitypub URL to point at shorter cached version (#21378)
no refs
2024-10-23 11:36:16 +01:00
Fabien O'Carroll
0cb435fe4d Added breaking test for ghost_head including portal script
refs https://linear.app/ghost/issue/ONC-254
refs https://github.com/TryGhost/Ghost/issues/20771

The reason that recommendations aren't working is because portal isn't loaded,
which handles the data-attributes having the event listeners added to them.
2024-10-23 08:58:52 +01:00
Ghost CI
df1da8ac24 Merged v5.97.2 into main 2024-10-23 07:56:20 +00:00
Ghost CI
0f718a13f1 v5.97.2 2024-10-23 07:56:19 +00:00
Cathy Sarisky
de3b9b1ec5
🐛 Fixed recommendations popup not opening
closes https://linear.app/ghost/issue/ONC-254
closes #20771

The portal script, which is responsible for handling the recommendations popup,
was only loaded into the front end if either members or donations are enabled.
We're adding an extra condition to load it if recommendations are enabled.

We may want to consider splitting out this functionality into several scripts,
so that we don't have to load _everything_ if only one feature is enabled, but
that is outside the scope of this issue.
2024-10-23 14:49:10 +07:00
Michael Barrett
c6bfd0f98f
Moved ActivityPub labs flag to (private) beta (#21363)
no refs
2024-10-23 08:36:15 +01:00
Daniël van der Winden
8615bd538b
MRR/Members chart axis fix (#21359)
fixes
https://linear.app/ghost/issue/DES-869/dashboard-mrr-member-chart-axis-is-making-flat-growth-look-like

A slight decline/increase on the MRR/members chart was shown as a very
dramatic shift. These changes will make the chart appear more gradual
when the changes are small. 

The chart will effectively "zoom in" on the
range where the values fluctuate. The y-axis minimum is 95% of the lowest data point, and the maximum is 105% of the highest data point. That way there's a small buffer above and below the data range, and the chart as a whole doesn't have the overly dramatic drops/peaks.

I've tested it with hardcoded values, as well as values inserted via the
API, and the charts look a lot better.

**Before**
<img width="1257" alt="1 - chart before"
src="https://github.com/user-attachments/assets/8d59fc38-0a57-4a7a-a83f-06e045057f45">
<img width="1255" alt="2 - chart before"
src="https://github.com/user-attachments/assets/46476d88-3991-4253-a5bc-76591ea67e39">

**After (same two values)**
<img width="1260" alt="3 - chart after"
src="https://github.com/user-attachments/assets/d5bcfdb2-40dd-4655-afd4-ba19a62d76b9">
<img width="1263" alt="4 - chart after"
src="https://github.com/user-attachments/assets/6c8cf189-6497-482e-9414-a7d77c00c533">

**Gradual decline**
<img width="1259" alt="5 - chart gradual"
src="https://github.com/user-attachments/assets/5ec2b470-f1d2-45cd-aba5-5f11e6e718fd">
<img width="1250" alt="6 - chart gradual"
src="https://github.com/user-attachments/assets/b6dd67ab-0b5e-47db-a9ef-d4ae10b78f73">

**More pronounced decline**
<img width="1270" alt="7 - chart dramatic"
src="https://github.com/user-attachments/assets/c43215c3-a687-47be-ab05-70fee855a345">
<img width="1256" alt="8 - chart dramatic"
src="https://github.com/user-attachments/assets/55ae833b-e47d-441a-98e0-fcfa2e9734a0">
<img width="1258" alt="9 - chart dramatic"
src="https://github.com/user-attachments/assets/b9fdef8f-61fa-4315-a662-b37eea2259d3">
2024-10-23 09:02:30 +02:00
Princi Vershwal
3f1fa96003
Updated code for fetching location (#21368)
Ref:
https://linear.app/ghost/issue/ENG-1660/undefined-location-when-logging-in-on-ios
2024-10-23 06:43:42 +01:00
Ronald Langeveld
1e8bb253bf
Added Best Comment to top of API output (#21374)
ref PLG-220

- Added the ability to move the Best comment to the first entry when
order=best is passed as params.
2024-10-23 09:48:16 +09:00
Ghost CI
1626a0c537 Merged v5.97.1 into main 2024-10-22 15:20:32 +00:00
Ghost CI
7dc0c87b44 v5.97.1 2024-10-22 15:20:30 +00:00
Fabien 'egg' O'Carroll
1739bdb9be 🐛 Fixed hidden comments still appearing
refs https://linear.app/ghost/issue/ONC-469

Hidden comments were not being purged from the cache, which resulted
in stale data being served, and hidden comments being visible.
2024-10-22 22:08:37 +07:00
Fabien 'egg' O'Carroll
73e0727cc4
🐛 Fixed hidden comments still appearing
refs https://linear.app/ghost/issue/ONC-469

Hidden comments were not being purged from the cache, which resulted
in stale data being served, and hidden comments being visible.
2024-10-22 22:02:24 +07:00
Michael Barrett
f7fbb6edcd
Moved ActivityPub labs flag to (private) beta (#21363)
no refs
2024-10-22 12:45:45 +01:00
Cathy Sarisky
1ce5dc34ca
🐛 fixed routing error when no recommendations (#21251)
no ref.

The default routing for the portal app is a signup page. When a site has
no recommendations, the result of triggering that page (by following a
link that goes there) is a prompt to sign up, or a notification that one
cannot sign up, if membership is disabled.

This patch adds a "No recommendations" message, which will be shown if a
user follows a recommendations link (#/portal/recommendations) on a site
without recommendations. While we shouldn't end up there very often,
it'll make a lot more sense when it does!
2024-10-22 11:34:44 +01:00
Kevin Ansfield
a4e3ef012c Improved validation behaviour on 2fa code verification screen
closes https://linear.app/ghost/issue/ENG-1672

- removed input on-blur validation because it can be triggered when clicking reset button giving a misleading error state
- added client-side validation for 6-digit code
- added validation when submitting the form
- added error reset when typing in the code field, including removal of button failure state, so it's clearer you're in a new submit state
2024-10-21 12:32:29 +01:00
Kevin Ansfield
6c4de6a937 Updated 2fa flow copy
closes https://linear.app/tryghost/issue/ENG-1654
closes https://linear.app/tryghost/issue/ENG-1656
closes https://linear.app/tryghost/issue/ENG-1657

- updated copy
- improved error handling when verification fails
- refactored some duplication of steps in Admin authentication tests
2024-10-21 11:01:40 +01:00
Sam Lord
85d305ebf7 Added browser tests for 2fa 2024-10-21 11:01:40 +01:00
Kevin Ansfield
2bf626bf6c Added explicit 2fa required error detection
no issue

- previously we determined any 403 response was an indication that we should switch to the 2fa input screen during sign-in
- added a custom error that explicitly looks for an error with our `2FA_TOKEN_REQUIRED` code so we don't have any confusion when a non-2fa 403 is received for any reason and to have the option of moving away from the 403 if needed without breaking the client
- test to ensure our error 2fa-required error detection works correctly
- extracted duplicate steps in the authentication tests into a helper function
- fixed authentication tests so they better represent our API output of `errors` being an array
2024-10-21 11:01:40 +01:00
Kevin Ansfield
df6eb7bfda Fixed flash of button error state when redirected to 2fa screen
closes https://linear.app/tryghost/issue/ENG-1652/

- returning `undefined` from a task is equivalent to failing
- switched to returning `true` when we get the 2fa required error so the button stays in the neutral/success state
- added `SUCCESS` and `FAILURE` consts to better reflect control flow when returning from tasks and ensured we always return a value
2024-10-21 11:01:40 +01:00
Sam Lord
3ed1f6a8ca Added tests for sessions API with 2fa enabled 2024-10-21 11:01:40 +01:00
Sam Lord
eef6c64131 Added brute protection to 2FA endpoints
ref ENG-1629

Use separate protection for the 2 endpoints as one can resend an
email, and the other is used to login -- each presents its own
security challenges.
2024-10-21 11:01:40 +01:00
Michael Barrett
d90a70e43c Moved 2fa resend button inside form and added countdown 2024-10-21 11:01:40 +01:00
Sam Lord
c9c8709fd3 Added publication icon to 2fa email if available 2024-10-21 11:01:40 +01:00
Princi Vershwal
d2ca6e4a74 Added siteLogo to session service emails 2024-10-21 11:01:40 +01:00
Djordje Vlaisavljevic
548ff8d14a Updated design for 2FA verification code email
ref https://linear.app/tryghost/issue/ENG-1636/email-template-design-for-verification-code-email
2024-10-21 11:01:40 +01:00
Princi Vershwal
0c0ac6f0ab Changed subject for verification code email 2024-10-21 11:01:40 +01:00
Princi Vershwal
5ee2f91557 Added support for fetching device details when creating session 2024-10-21 11:01:40 +01:00
Michael Barrett
29d1026606 Added button to resend 2fa code
refs [ENG-1644](https://linear.app/tryghost/issue/ENG-1644/add-re-send-ui-flow)
2024-10-21 11:01:40 +01:00
Sam Lord
1f687ae466 Moved 2fa labs flag usage to avoid logging out users
After migrations run, any sessions made with the labs flag turned off
will have the verified flag set. We also need new sessions made after
that to gain the verified flag, so that they aren't logged out at the
point that the labs flag is enabled (or removed).
2024-10-21 11:01:40 +01:00
Michael Barrett
16b0ef352f Fixed 2fa code resend button reverting to retry on success
refs [ENG-1642](https://linear.app/tryghost/issue/ENG-1642/when-submitting-the-code-the-login-button-changes-to-retry-before)
2024-10-21 11:01:40 +01:00
Sam Lord
db107bd789 Fixed sendAuthCodeForUser to find user on first request
ref ENG-1641

Using `getUserFromSession` requires the cookie header to be set, but
at this point we may still be constructing the session. Instead we can
get the user id from the session itself
2024-10-21 11:01:40 +01:00
Princi Vershwal
3cffb9a132 Moved session verified check behind staff2fa flag 2024-10-21 11:01:40 +01:00
Sam Lord
cb8d18423a Fixed login / logout with 2fa code
refs ENG-1640

We had built all the right pieces, but the session endpoints weren't
verifying the service
2024-10-21 11:01:40 +01:00
Princi Vershwal
3bf0b7d8ed Added sending of 2fa code email on sign in 2024-10-21 11:01:40 +01:00
Michael Barrett
58269c879b Added migration for session verification field 2024-10-21 11:01:40 +01:00
Sam Lord
296a2be2d8 Fixed the snapshot test for the e2e suite 2024-10-21 11:01:40 +01:00
Sam Lord
f772008c69 Prevent regression / e2e tests from trying to use 2fa 2024-10-21 11:01:40 +01:00
Kevin Ansfield
1a05652b50 Added 2fa token verification error handling
closes https://linear.app/tryghost/issue/ENG-1635

# Conflicts:
#	ghost/admin/app/controllers/signin-verify.js
2024-10-21 11:01:40 +01:00
Sam Lord
5f192344f8 Switched to 1 token per minute, 10 tokens accepted
More typical in TOTP setups for each token to last 1 minute, and to
allow some older tokens.

Also moved the options setting out of the generate scope in case
verify is called first (unlikely but possible).
2024-10-21 11:01:40 +01:00
Michael Barrett
8a86db4ea5 Updated response code for re-sending verification 2024-10-21 11:01:40 +01:00
Michael Barrett
916b2aef9d Added tests for auth code middleware 2024-10-21 11:01:40 +01:00
Sam Lord
0b852bcb38 Added check for verified sessions
refs ENG-1610
2024-10-21 11:01:40 +01:00
Michael Barrett
7a18e829c5 Added endpoints for supporting 2FA
no refs

- Added `POST /session/verify` to send the user a verification code
- Added `PUT /session/verify` to verify the user's verification code
2024-10-21 11:01:40 +01:00
Princi Vershwal
51fa21324d Added logic for generating and verifying otp 2024-10-21 11:01:40 +01:00
Princi Vershwal
1106d64706 Added API for sendingAuthCode 2024-10-21 11:01:40 +01:00
Kevin Ansfield
68af12cfad Added 2fa happy path to Admin
closes https://linear.app/tryghost/issue/ENG-1617/
closes https://linear.app/tryghost/issue/ENG-1619/

- updated cookie authenticator's `authenticate` method to accept an `{identification, pasword, token}` object
  - if `token` is provided, hit our `PUT /session/verify/` endpoint passing through the token instead of hitting the `POST /session/` endpoint
- added `signin/verify` route
  - displays a 2fa code input field, including required attributes for macOS auto-fill from email/messages to work
  - uses `session.authenticate({token})` when submitted
- updated signin routine to detect token-required state
  - detects a `403` response with a `2FA_TOKEN_REQUIRED` code property when authenticating
  - if detected transitions to the `signin/verify` route
2024-10-21 11:01:40 +01:00
Paul Davis
a70e88b903 Add 2fa code email template 2024-10-21 11:01:40 +01:00
Sam Lord
8f7c81ac84 Added "verified" status to session
refs ENG-1622

Currently unused by the API, this session variable will be used to
confirm whether the user has authenticated their session with an email
OTP. The verified status is not removed on logout, so sessions are now
retained instead of being destroyed.
2024-10-21 11:01:40 +01:00
Kevin Ansfield
698e42433c Added staff2fa labs flag 2024-10-21 11:01:40 +01:00
renovate[bot]
17892c6a99 Update dependency i18next to v23.16.2 2024-10-21 00:58:33 +00:00
Steve Larson
d1db417495
Reduced apps package size (#21349)
ref 324211f
- this includes changes to improve package size

Package size was found to be bloated due to expanding i18n strings. We
were packing all i18n strings instead of just the ones relevant to the
package. Thanks to @cathysarisky for identifying this!
2024-10-20 13:47:15 +00:00
jubi-git
d122d9b2fa
🌐 Added Dutch (nl) locale for search.json (#21339)
no ref
2024-10-20 13:31:49 +00:00
Ghost CI
e42ed553dc v5.97.0 2024-10-18 15:05:19 +00:00
Kevin Ansfield
2fb88e65ca Fixed signin and signup button failure state hover colors
ref https://linear.app/tryghost/issue/ENG-1653

- we were always setting a `style="background-color: #123456"` attribute on the buttons but that didn't allow for different button states such as the red failure state to correctly override meaning there was some odd behaviour when hovering
- removed the fixed `style` attribute and adjusted `<GhTaskButton>`
  - added `@useAccentColor` prop
  - when `@useAccentColor` is true, add the necessary `style` attribute except when showing the failure state
2024-10-17 16:54:23 +01:00
Steve Larson
2e0293c99f
🐛 Fixed NQL filters for single letter slugs (#21340)
fixes https://github.com/TryGhost/Ghost/issues/20133
- includes fix to support single letter slugs
2024-10-17 15:35:26 +00:00
Aileen Booker
3eb6503849 Added migration for new settings keys 2024-10-17 05:51:38 -04:00
Chris Raible
0e10f500aa
Added target dependencies to test scripts in ghost/core (#21332)
no issue

- The `test:*` commands in `ghost/core` are all implicitly dependent on
the TS packages in the whole monorepo being built, but we hadn't
explicitly declared this dependency to NX.
- Now if you run `yarn nx run ghost:test:e2e` (or any other `test:*`
commands in ghost), NX will know that it needs to rebuild the TS
packages, unless they are cached and haven't changed.
- With this, you should be able to directly clone the repo and run `yarn
nx run ghost:test:e2e` to run e2e tests, without running `yarn dev` or
`yarn nx run-many -t build:ts` first.
- This is especially useful for getting tests to run properly in docker
2024-10-16 14:12:20 -07:00
Chris Raible
14d762ddc9
Added @tryghost/metrics-server to package.json (#21330)
no issue

- I apparently never added @tryghost/metrics-server as a dependency to
ghost/core/package.json. It worked in most cases as a 'phantom
dependency' — yarn installs all node_modules in a flat structure, so
even though it wasn't a dependency in package.json, it still resolved to
the correct package, as long as the typescript packages were all built
first.
- This passed CI because we explicitly run ts:build on all packages
before running tests, and it worked in production because we build the
TS packages as part of the docker build. However, when trying to run
tests locally, it would sometimes fail unless you explicitly ran nx
run-many -t build:ts at the top level before running the tests.
- Adding it as a dependency in package.json fixes this problem.
2024-10-16 12:38:54 -07:00
Steve Larson
63f25ece6d
Added unsubscribe_url to member api response (#21207)
ref https://linear.app/tryghost/issue/ONC-387/

With some recent changes, we added validation to unsubscribe URLs to verify the source, allowing us to cut down on spam and improving security, as the underlying key could be re-generated should the need arise. This had the side effect of making unsubscribe URLs difficult to reconstruct when using third-party/downstream integrations, such as ActiveCampaign, which fills a gap in the current Ghost feature set.

Now any authenticated query to `/api/members` will return an `unsubscribe_url` field that can be used directly.
2024-10-16 14:00:31 -05:00
renovate[bot]
a0600e3595 Update dependency terser to v5.36.0 2024-10-16 17:59:04 +00:00
Steve Larson
ea70631a29
Added created_at field to member fixtures for consistent sort (#21325)
no ref

When running tests, occasionally we'll see some varying sort in the
members api response because members are generally all created with the
same timestamp. While `ObjectId` should be progressive, and our defalut
sort is `ORDER BY created_at desc, id desc`, we still would sometimes
see issues. This ought to remove any flakiness.
2024-10-16 16:45:22 +00:00
Steve Larson
cf2b429436
Stubbed ghost core unit test errors (#21324)
no ref

Stubbed expected test errors. In general, we should be expecting these
errors in the tests as we write them as that is the expected behavior
(or that behavior should change).
2024-10-16 15:31:57 +00:00
Cathy Sarisky
73a39ead9a
Fixed members/signin_urls endpoint to take admin api key (#21284)
closes #16748 

The members/:member_id/signin_urls endpoint currently only does
cookie-based authentication. When #21249 is merged, turning on 2FA is
going to break any 3rd party processes that use it (including my social
sign-in offering).

This patch gives admin API keys 'read' permission on this endpoint, and
enables 3rd party processes to handle user logins the right way, instead
of via a staff member's email/password.

Migration included.  Feedback appreciated.

I have the wrong name on my migration. I can see it doesn't follow the
naming convention, but I'm not sure how the names are generated.

---------

Co-authored-by: Michael Barrett <mike182uk@gmail.com>
2024-10-16 14:30:36 +01:00
Daniel Lockyer
7fc4dfaac1 Reverted "Stripped moment from BaseSiteMapGenerator"
refs https://ghost.slack.com/archives/C02G9E68C/p1729083762579479

- this reverts commit 30220aa6ef.
2024-10-16 15:25:47 +02:00
Daniel Lockyer
1068f6ed13 Reverted "Stripped moment from data-manipulation.fixDatesWhenFetch"
refs https://ghost.slack.com/archives/C02G9E68C/p1729083762579479

- this reverts commit 96f6adecac.
2024-10-16 15:25:47 +02:00
renovate[bot]
7da234643e Update dependency terser to v5.35.0 2024-10-16 12:42:42 +00:00
Ghost CI
27e1a89e58 Merged v5.96.2 into main 2024-10-16 09:31:44 +00:00
Ghost CI
42fcd385a6 v5.96.2 2024-10-16 09:31:42 +00:00
Sag
00f70a445b 🐛 Fixed missing incoming recommendations (#21317)
ref https://linear.app/tryghost/issue/ONC-433

- due to a regression introduced in commit 871d21a, incoming
recommendations were not rendering in Admin Settings anymore, as they
were marked as deleted
- this commit updates the refresh logic of incoming recommendations on
boot: previously deleted incoming recommendations are refetched, and if
now available, restored
- when a recommendation is restored, we don't send a staff email
notification
2024-10-16 11:14:58 +02:00
Sag
cab655289f Revert "Fixed fetching and storing bookmark card icons and thumbnails" (#21316)
ref https://linear.app/tryghost/issue/ONC-433
ref https://linear.app/tryghost/issue/ENG-904

- the reverted commit (871d21acaf) caused
a regression for recommendations: incoming recommendations were marked
as deleted and did not render in Admin Settings anymore
2024-10-16 11:14:46 +02:00
Sag
6ee3d05da5
🐛 Fixed missing incoming recommendations (#21317)
ref https://linear.app/tryghost/issue/ONC-433

- due to a regression introduced in commit 871d21a, incoming
recommendations were not rendering in Admin Settings anymore, as they
were marked as deleted
- this commit updates the refresh logic of incoming recommendations on
boot: previously deleted incoming recommendations are refetched, and if
now available, restored
- when a recommendation is restored, we don't send a staff email
notification
2024-10-16 11:00:47 +02:00
Sag
a3b84e8cd1
Revert "Fixed fetching and storing bookmark card icons and thumbnails" (#21316)
ref https://linear.app/tryghost/issue/ONC-433
ref https://linear.app/tryghost/issue/ENG-904

- the reverted commit (871d21acaf) caused
a regression for recommendations: incoming recommendations were marked
as deleted and did not render in Admin Settings anymore
2024-10-16 08:42:35 +00:00
Daniel Lockyer
b3cf23ebd8 Optimized Bookshelf plugin sanitize.permittedOptions
- concat is too heavy of a function to call on the hotpath, so we can
  just replace it with a native spread, which is much faster
- this cuts ~1.5% from boot time for sites with a lot of posts
2024-10-16 10:38:25 +02:00
Gary Lai
d689484324
feat(i18n): add zh-Hant translation (#21140) 2024-10-16 09:26:38 +01:00
Cathy Sarisky
3a662007cd
🌐 New translations and bug fix on /month and /year (#21267)
No issue

Wrapped a missing /month and /year string. Should work with and without
trials now.

Added a few additional translations for Japanese and French.

Adjusted German - some strings were too long to fit in the layout.
Changed (the German equivalents of) "Start a X day free trial" to
"Select", because the German is just not going to fit on the button.
2024-10-16 09:23:10 +01:00
renovate[bot]
b70bb13fb4 Update sentry-javascript monorepo to v7.119.2 2024-10-15 15:57:58 +02:00
renovate[bot]
a8f9b45038 Update dependency @actions/core to v1.11.1 2024-10-15 14:54:31 +02:00
renovate[bot]
7dc0415439 Update sentry-javascript monorepo to v7.119.1 2024-10-15 14:37:04 +02:00
renovate[bot]
3027a0d3b4 Update nest monorepo to v10.4.4 2024-10-15 12:44:37 +02:00
Sag
d5aa77bb7f
🐛 Fixed missing 'duplicate a post' feature for editors (#21304)
ref https://linear.app/tryghost/issue/ENG-1647

- as per [staff user definitions](https://ghost.org/docs/staff), an
editor should be able to duplicate a post
- this feature was missing from the right-click menu on post/page lists
for editors
2024-10-15 12:19:56 +02:00
Daniël van der Winden
d7e36cb22a
Updated media query (#21303)
Fixes
https://linear.app/tryghost/issue/DES-317/adminx-members-list-header-column-overlaps-sidebar-in-mobile-viewport

Added a positioning and z-index change to the `thead` within the media
query to make sure it moved back behind the overlay.
2024-10-15 10:10:21 +00:00
Daniel Lockyer
8fd32f012b Lazyloaded jsdom dependency
- we can move this later into the code to prevent it from being eagerly
  loaded and taking up CPU time and memory
2024-10-15 11:27:22 +02:00
Daniel Lockyer
1c9e55cf7b Added metrics + monitoring to DatabaseStateManager
ref https://linear.app/tryghost/issue/DEV-32/remove-migratejs-script

- we want to switch to using this code path instead of our separate
  migrate.js script on Pro
- the main things we're missing are metrics + monitoring for when things
  go wrong, so this adds that to the DatabaseStateManager
- this allows us to eventually delete the script without losing
  functionality
2024-10-15 10:33:23 +02:00
Daniel Lockyer
bfdf2dd8bf Optimized loading dynamic redirects
- the code kept an array of IDs, and would check new entries against the
  values of this array
- this algorithm is O(n^2) and became quite slow when the site had a lot
  of redirects
- we can do away with this entirely, and just compute the keys of the
  redirects to get the IDs
- this speeds up loading redirects by 3x or so
2024-10-14 17:16:49 +02:00
Daniel Lockyer
6dd821bd41
Fixed setting minification ready state upon failure (#21294)
- this will prevent the `ready` variable from being set to true if there
is an error with minification, as we have not correctly generated the
assets yet
2024-10-14 14:09:50 +00:00
Daniel Lockyer
f1638b869c Added more exclusion fields from URL service config
- we don't need any of these fields to do URL service calculations, so
  we can exclude them from being fetched, which improves performance of
  URL service init
- ultimately, we should switch this to an include list to make this more
  explicit
2024-10-14 14:37:54 +02:00
Daniel Lockyer
96f6adecac Stripped moment from data-manipulation.fixDatesWhenFetch
- we don't need moment here and we can produce the same result in JS
  Date, which is a lot faster than moment
2024-10-14 14:37:54 +02:00
Daniel Lockyer
7bd70a3ab2 Deferred heavy permittedAttributes call unless needed
- this code is on the hotpath for the URL service and has shown to be
  slow for sites with a lot of posts
- this is due to the overhead of the lodash functions we use here
- we can take advantage of how JS executes if-statements and move the
  variable into the if-statement, which lazy evaluates it (for the URL
  service, this branch is not hit, so it's a big win)
- this cuts about 2% from CPU time
2024-10-14 14:37:54 +02:00
Daniel Lockyer
dd68fca968 Replaced lodash.{pick,union} with native JS
- this code is a hotpath for the URL service and has shown to be slow
  for sites with a lot of posts
- this is because of the overhead of lodash
- we can just do away with lodash and use native JS, which has
  a negligible performance cost
- this cuts about 5% CPU time during boot of large sites
2024-10-14 14:37:54 +02:00
Daniel Lockyer
30220aa6ef Stripped moment from BaseSiteMapGenerator
- moment calls are unbelievably heavy and we should do away with it
  where possible
- this code doesn't need moment and we can just use native JS Date here
- this saves about 5% CPU time when booting sites with a lot of posts
2024-10-14 14:37:54 +02:00
Daniel Lockyer
b376585c64 Optimized Resources constructor
- this code has shown to be chronically slow, due to the `Object.assign`
- we don't really need this, as we can just use a normal assign in this
  case
- this cuts 15% CPU from boot time for sites with a lot of resources
  (posts)
2024-10-14 14:37:54 +02:00
Daniel Lockyer
90fbbe135f Deferred URL generation until after filter
- it turns out we it the false case of this if-statement quite a lot,
  and _generateUrl is heavy enough that we should try and do it less
- by moving it into the if-statement, we cut 4% CPU time from boot on
  heavy sites
2024-10-14 14:37:54 +02:00
Daniel Lockyer
70eb96f33a Replaced lodash.each with native JS in raw_knex
- lodash adds non-negligible runtime to this loop, so we can just
  replace it with native JS and cut 3% CPU time from boot for sites
  with a large number of posts
2024-10-14 14:37:54 +02:00
Daniel Lockyer
b0cf15cb94 Refactored Resources._fetch to async-await
- aids with readability
2024-10-14 14:37:54 +02:00
Daniel Lockyer
df76883378 Optimized date + boolean deserialization code
- we have to deserialize the values from the DB to turn them into moment + boolean values
- the use of lodash adds unnecessary overhead to the function, and writing it in native JS
  is a low faster
- also fixes the naming of the functions to make it clearer in flamegraphs
2024-10-14 14:37:54 +02:00
renovate[bot]
a2afc0af75 Update dependency i18next to v23.16.0 2024-10-14 00:24:58 +00:00
renovate[bot]
346f41991f Update dependency yjs to v13.6.20 2024-10-14 00:24:37 +00:00
Ghost CI
b7409ff3d2 v5.96.1 2024-10-11 15:05:17 +00:00
Kevin Ansfield
54a7f70a3c Removed lodash usage from config helpers
no issue

- config helpers are required early during boot and it requiring lodash added some unnecessary require+compile time
- switched to using an inlined escapeRegExp function in place of requiring lodash
2024-10-10 17:44:24 +01:00
Kevin Ansfield
8d4d6b6516 Removed lodash usage from config utils
no issue

- config utils are required early during boot and it requiring lodash added some unnecessary require+compile time
- switched to using native JS for the few lodash methods we used
2024-10-10 17:26:19 +01:00
Kevin Ansfield
e97717a0cc Added flag to skip gscan checks during boot
no issue

- bumped gscan version to provide `skipChecks` flag to `check` function
- added `optimization:themes:skipBootChecks` config flag defaulting to `false` to maintain current behaviour
  - updated theme service initialization to use `skipChecks: true` when the config flag is set
  - we only want to skip the checks during boot in specific cases to improve performance, they are still useful for general development and any production use-cases where themes get edited directly on the server
- updated our theme validate module to accept and pass through `skipChecks` option
- switched the `isZip` positional argument of `validate.check()` to an options object property to make usage cleaner
2024-10-10 16:27:43 +01:00
Daniel Lockyer
ab4c67f2d2 Lazyloaded cheerio dependency
- this moves cheerio to be lazyloaded
- given there are many uses of cheerio in this file, I've just made a
  helper function to DRY up the code
2024-10-10 14:55:39 +01:00
Daniel Lockyer
b092929bba Lazy-minified assets at first request
- right now, we minify the assets on boot. This is wasteful because they're not even needed
- this commit implements a change which lazy-minifies these assets and
  allows for cache invalidation when the theme changes
- it also introduces some middleware that each asset calls to ensure
  that the assets are minified before serving
2024-10-10 14:36:28 +01:00
Daniel Lockyer
0862989b2e Lazyloaded dependencies
- these dependencies do not need to be eagerly loaded so we can move
  them down to where they are used
2024-10-10 13:38:56 +01:00
Daniel Lockyer
c07a884f23 Remove usage of fs-extra
- we don't need to use fs-extra here when we can use the native fs lib
2024-10-10 13:38:56 +01:00
Daniel Lockyer
e1da082329 Removed Sentry span creation from get helper
- this didn't really end up being useful and it just forces us to
  require the `@sentry/node` dependency, so we can remove it
2024-10-10 13:38:56 +01:00
Daniël van der Winden
2a5ba1c13c
Added hover states for Resource boxes (#21276)
On Post Analytics, and on the Dashboard, the resource boxes did not have
a hover state, making them look very static. They now have a hover
state.
2024-10-10 10:24:06 +00:00