Commit Graph

21 Commits

Author SHA1 Message Date
renovate[bot]
396bc865a9
Update dependency knex-migrator to v5.0.2 2022-07-25 11:11:31 +00:00
Fabien 'egg' O'Carroll
b3471ab439
Improved comments API security (#15065)
refs https://github.com/TryGhost/Team/issues/1688

* Added missing/failing tests
* Refactored comments BREAD into service
* Ensured member_id is not writable, it should come from auth only
* Ensured one cannot reply to a reply
* Ensured the parent_id is not writable on edit
2022-07-25 10:41:33 +01:00
Daniel Lockyer
ee5753a6b7
Fixed minor linting issue in member-count tests
- we don't need to return this value, and eslint complains about it if
  we do
2022-07-25 11:25:14 +02:00
Daniel Lockyer
57d47a79f9
Added yarn setup to root scripts
- we had this working in the Ghost repo before switching to a monorepo
- this commit adds a `setup` script to the root package.json so we can
  maintain the functionality
2022-07-25 08:35:57 +02:00
Daniel Lockyer
184149492d
Lifted "fix repo" scripts up to root package.json
- these scripts are useful for just trying to fix your repo when
  node_modules is playing up
- as we now have a monorepo, they should be lifted up to the root and
  not hidden in the ghost package
2022-07-25 08:35:55 +02:00
Naz
5f2967cf27 Added support for offloaded oneoff jobs
refs https://github.com/TryGhost/Toolbox/issues/357

- Adds support for persisted one off offloaded (worker thread) jobs
- To try them out run Ghost instance in "testmode" and shoo a request like so: `curl http://localhost:2368/ghost/api/oneoff/graceful-job` - this starts a one time job from graceful-job script (can only ever be executed once on the Ghost instance)
- Job's progress and runtime details are persisted in `jobs` table
- To play more with one off jobs use `addOneOffJob` method available on jobsService
2022-07-22 18:19:07 +01:00
renovate[bot]
e9132d7572
Update dependency sqlite3 to v5.0.10 2022-07-22 12:09:33 +00:00
Naz
c667620d8f 🏗 Added jobs table creation migration
refs https://github.com/TryGhost/Toolbox/issues/357

- One time jobs need a storage mechanism to be run only ever once.
- Field notes:

- `id`, `created_at`, `updated_at` - standard Ghost fields
- `name` - unique name of the job, could also be used with prefixing to identify certain type of job (e.g.: backup-bob-2022-10-16, backup-sam-2023-01-13 identifying backup jobs run by users)
- `status` - 'started' | 'finished' | 'failed' | 'queued'  (need to identify when the job is in progress, done, added to the execution queue, or errored)
- `started_at` - when the job started execution
- `finished_at` - when the job successfully finished execution
2022-07-22 23:32:58 +12:00
Simon Backx
30c4f11e27
Added report API for comments (#15043)
closes https://github.com/TryGhost/Team/issues/1684

**Migrations:**
- Added report permissions (fixtures + migrations)
- Dropped reason field in reports (no textarea in reports in V1)
- Dropped nullable from comment_likes.member_id (can't be null)
- Added SET NULL/CASCADE foreign keys for comments related tables(*)

(*):
fixes https://github.com/TryGhost/Team/issues/1687
refs https://ghost.slack.com/archives/C02G9E68C/p1658217288591369

This commit adds support for `SET NULL` foreign keys in schema and migration helpers + also fixes the foreign keys for the comment_reports, comment_likes and comments tables.

- When a member is deleted, we **do** want to keep their reports (SET NULL)
- When a member is deleted, we **do not** want to keep their likes (CASCADE)
- When a member is deleted, we **do** want to keep the comments (SET NULL)

**Changes:**
- Added report API: `POST /members/api/comments/{id}}/report/`
- Sends an email to the owner when a comment is reported
- Saves a report to the database (not used for now, but might be useful later)
2022-07-22 12:03:05 +02:00
renovate[bot]
2339577dd3 Update dependency metascraper-logo-favicon to v5.30.0 2022-07-22 08:34:07 +00:00
renovate[bot]
33b3fab663 Update dependency @playwright/test to v1.24.0 2022-07-22 09:39:38 +02:00
Naz
3e57e6fe10 Moved jobmanager initialization logic
refs https://github.com/TryGhost/Toolbox/issues/357

- In upcoming iteration job manager will need "models" fully initialized to be able to persiste one time jobs. This bit of code of in a bad place as it initialized (through require) the job manager without having models module initialized first.
- The change moves that code from a bad to less bad place (wasn't able to think of any better location for now). Checking for `server:testmode' config in job initialization has a little bit of a smell, but don't think it's super critical. Could be improved if a better structure appears in the future!
2022-07-21 17:00:45 +01:00
renovate[bot]
6ebe34fdf0 Update dependency @playwright/test to v1.23.4 2022-07-21 14:37:19 +02:00
Daniel Lockyer
6192ae4620
Increased E2E test timeout temporarily
- we keep seeing a lot of random failures from CI due to the Posts
  Content API
- I think it's because of the Ghost boot + number of fixtures we load,
  which sends us over our 10s threshold
- let's see if 15s resolves that
2022-07-21 09:40:09 +02:00
Daniel Lockyer
9ec83a6e21
Disabled publishing for Members packages
- we don't want to publish these anymore so this commit disables the
  ability to
- also fixes up a missing version that wasn't reset
2022-07-21 09:26:04 +02:00
Daniel Lockyer
376ee24600
Switched to unversioned Members packages
- these packages are split apart for local development, but will be
  bundled into Ghost when publishing
- therefore, these packages won't be published so we are resetting the
  versions to make them cleaner
2022-07-21 09:15:29 +02:00
renovate[bot]
6a18b50b8a
Update dependency sanitize-html to v2.7.1 2022-07-20 19:40:39 +00:00
Daniel Lockyer
273d53cf09
Updated testing & linting packages
- these weren't updated in core before the migration, so we ended up
  with two different versions in yarn.lock
2022-07-20 18:05:27 +02:00
Daniel Lockyer
796961329a
Fixed yarn test from top-level repo
- we probably don't want it to be this long term but it allows us to
  enable tests on the new packages
2022-07-20 17:41:11 +02:00
Daniel Lockyer
9fa789159c
Reset Publishing packages version and visibility
refs https://github.com/TryGhost/Toolbox/issues/354

- these packages are here for development and will be bundled when
  published, so they don't need versioning nor publishing
2022-07-20 17:20:24 +02:00
Daniel Lockyer
3d989eba23 Converted Ghost repo into a monorepo
refs https://github.com/TryGhost/Toolbox/issues/354

- this commit turns the Ghost repo into a monorepo so we can bring our
  internal packages back in, which makes life easier when working on
  Ghost
2022-07-20 16:41:05 +02:00