- When we have todos related to deprecations, we should use @deprecated instead
- @deprecated notices should say when a feature was deprecated, not when it was removed
no issue
- Bumped into these tests when doing cleanup in the notifications service. Having full snapshot of requests is useful to have as a sanity check, so migrated this test suite quickly.
closes https://github.com/TryGhost/Team/issues/1772
- The user facing side of comments recently replaced `bio` with `expertise`.
- To remain consistent we replaced all the references of `bio` with `expertise` throughout the codebase.
- This includes a database column name changing migration, within the `members` table.
- Bumped up the comments-ui version to a new minor (0.10.x) as its a breaking change.
no issue
- By bumping the version of adapter-base-cache I'm expecting `yarn` command to pick up this package. I suspect the failures on CI are due to some caching issue.
https://github.com/TryGhost/Toolbox/issues/364
- When the adapter base class lives deep inside Ghost's codebase it is pretty hard for other developers to extend it. With the goal of making Ghost easier to use and deploy by others, this kind of functionality should be as easy to extend as possible.
- The base adapters should live in the TryGhost/SDK repository. Next ones to move are Scheduling, SSO, and Storage base adapters.
fixes https://github.com/TryGhost/Toolbox/issues/356
- this feature allows site Administrators to view a history log of staff
actions on their site so they can audit when and by whom that something happened
- this commit promotes the History log to GA
- this prevents the referrer/referer header being sent for requests that go to external domains
- this in turn prevents preview URLs from appearing in the analytics of sites that are linked to and clicked on from previews
- otherwise, preview URLs can be leaked to the owners of the linked and clicked sites
refs https://github.com/TryGhost/Team/issues/1795
- Snapshots help us detect unexpected changes in the `<head>` of all sites (e.g., newly introduced script tags)
- Added ghost_head tests for comment count helper
refs https://github.com/TryGhost/Team/issues/1871
This commit adds a test to the serialize method of `post-emaiserializer`. It checks whether the generated email HTML is valid and standard HTML5 and that all properties are escaped.
To do this validation, I depend on the new `html-validate` dev dependency. Just parsing the HTML with a HTML parser is not enough to guarantee that the HTML is okay.
Apart from that this fixes:
- Removed the sanitizeHTML method and replaced it with normal HTML escaping. We don't want to allow any HTML in the escaped fields. Whereas `sanitizeHTML` still allows valid HTML, but we don't want that and want the same behaviour as on the site. E.g., a post with a title `All your need to know about the <br /> tag` should actually render the same title and non-html content, being `All your need to know about the <br /> tag`
- The file, nft and audio card didn't (always) escape the injected HTML fields (new version @tryghost/kg-default-cards)
- `@tryghost/string` is bumped because it contains the new escapeHtml method
refs https://github.com/TryGhost/Ghost/pull/15375
- we currently pass all properties for the `tags` property of a
`page`/`post` body down further into Ghost, which is causing issues
because it's handling properties it doesn't expect
- this is showing up because it's triggering save history events for
tags when a post is edited
- this commit introduces a clean util which has an allowlist of
properties allows on tag relations
- this list was taken from the schema: 128f8fb006/packages/admin-api-schema/lib/schemas/posts.json (L214-L227)
fixes https://github.com/TryGhost/Team/issues/1821
This change moves all the event storage logic to one new place: the event storage class in the MembersEventsService, which is initialised in a new members events service wrapper.
Apart from this, this includes some improvements:
- Removed DomainEvents from the constructor arguments to the subscribe method (to make it more clear where to subscribe to and decrease dependencies)
- LastSeenAtUpdater doesn't subscribe in the constructor any longer (removes unclear side effect)
- Moved LastSeenAtUpdater initialisation to new members events service wrapper
- Added missing tests to LastSeenAtUpdater to assure that the MembersEventsService package has 100% coverage.
closes https://github.com/TryGhost/Team/issues/1873
- bumps `@tryghost/kg-default-cards` which amends the product card rendering to output adjusted `width` and `height` attributes and a resized `src` attribute on the `<img>` element
refs https://github.com/TryGhost/Team/issues/1879
OpenSea updated their URL format for NFTs after adding support for Solana
which broke our regex, this updates to support the new format.
fixes https://github.com/TryGhost/Team/issues/1861
- Moved like and unlike endpoint handling to comments service and controller
- Moved small part of report logic to comments controller
- Added proper 401 authentication error when not authenticated as member
refs https://github.com/TryGhost/Toolbox/issues/384
- Existing adapter config was based on the notion there can only be one configuration per one adapter class. With adapter cache now allowing instantiating multiple adapter instances with the same base class it opened up a possibility to have shared configuration for a base class and then extend/override it in "feature" configurations (see tests in this commit for specific examples)
refs https://github.com/TryGhost/Toolbox/issues/384
- Adapter cache was not able to store multiple object instances derived from same Base class. This created a need to create boilerplate "shell" classes inheriting from the Base class, e.g.: ImageSizeCacheSyncInMemory etc.
- Having feature-based adapter instance caching in the adapter manager allows to simplify configuration and reuse the "base class" instead of creating artificial "shell" classes.
- For example with this change both image sizes and settings caches will create separate cache instances deriving from default "Memory" class. Less code, less configuration!
refs https://github.com/TryGhost/Team/issues/1875
- due to an misbehavior in our model layer, when `tiers` is set on a Post, it'll
trigger a save of the Tier, and this produces an extra event in the
`actions` table
- mapping the Tier(s) to just the ID prevents bookshelf-relations from
editing the Tier and thus prevents the extra event
- also fixed tests which were implicitly assuming supplying a slug to a
post would create the product
fixes https://github.com/TryGhost/Team/issues/1855
fixes https://github.com/TryGhost/Team/issues/1866
This commit moves all duplicate methods to get the support email address to a single location. Also methods to get the default email domain are moved.
For the location, I initially wanted to put it at the settings service. But that service doesn't feel like the right place. Instead I created a new settings helpers service. This service takes the settingsCache, urlUtils and config and calculates some special 'calculated' settings based on those:
- Support email methods
- Stripe (active) keys / stripe connected (also removed some duplicate code that calculated the keys in a couple of places)
- All the calculated settings are moved to the settings helpers
I'm not 100% confident in whether this is the right place to put the helpers. Suggestions are welcome.
fixes https://github.com/TryGhost/Team/issues/1870
Disables email sanitization that was enabled earlier because this bug is more important and urgent.
The recently introduced email sanitzation removes HTML comments from the post html.
- This breaks the email paid preview, because it depends on the `<!--members-only-->` comment.
- Breaks the Outlook comments `<!--[if !mso !vml]-->`
This commit reverts this change.
closes: https://github.com/TryGhost/Toolbox/issues/342
refs: 032a26f9f3
refs: 588c9d04e8
- Now that the old `users:no-owner` (now named 'users') is working correctly :)
- Was able to add loginAs[Role] methods for each staff role, so that it's possible to execute tests as that user and check permissions
- Refactored the email preview tests to use the new e2e framework and these methods, as an example
- This fixture is the main user fixture you'd want to use when testing staff roles
- At the moment it has a weird name that makes it less likely people will use it
- A tiny step in trying to make our fixture system make a tiny bit more sense
- This fixture would only work if the roles were inserted by the fixture system
- In most cases, this fixture was adding users without their associated roles
- Now we assume the roles exist already, and that we need to map users to each role
- This will allow us to more easily test user roles in e2e tests
refs https://github.com/TryGhost/Team/issues/1771
We don't have access to `req.brute.reset` due to the way the flow
works, we have one endpoint which sends an email with a magic link,
and another route which handles the login. We don't want to apply
brute force protection to both because our rate limiting is designed
for API requests not web page visits (which is how login is handled).
Because of this we require access to the underlying ExpressBrute
instance exposed by the spam-protection module, so that we can
perform the reset.
refs https://github.com/TryGhost/Team/issues/1074
Rather than relying on the global block to stop malicious actors from
enumerating email addresses to determine who is and isn't a user, we
want our user login brute force protection to be on an IP basis,
rather than tied to the username.
- we ignore some files within Casper via the Core .npmignore, but this
was outdated
- `.csscomb.json` and `.yarnrc` do not exist in the repo anymore
- `yarn.lock` should be added because this is the bundled theme files
and we don't expect to be editing them again
refs https://github.com/TryGhost/Toolbox/issues/389
- The e2e test suite log was full of ERR_NOCK_NO_MATCH warnings when the logging level was set to "warn". The cause of this warning was legit duplicated webhook trigger processing on test environment. Gah!
- The source of duplicate webhook processing was duplication of event handlers. Event handlers were registered multiple times for same event because of the singleton nature of the "common/events" module - it remains the same instance and is not cleaned up between reboots. The deeper issue of events module initialization should be solved separately, this slightly hacky approach fixes the problem now and highlights it to be tackled in the future.
refs https://github.com/TryGhost/Team/issues/1074
Rather than relying on the global block to stop malicious actors from
enumerating email addresses to determine who is and isn't a user, we
want our user login brute force protection to be on an IP basis,
rather than tied to the username.
refs https://github.com/TryGhost/Toolbox/issues/389
- if we enable warning logs in E2E tests, we get a bunch of error
messages saying `ERROR Unhandled rejection: aborted` coming from the
SQLite DB reset code
- specifically, it's coming from the line that resets the DB by copying
the file
- this line was initially added because we would see random SQLite
"malformed database" errors
- I have a feeling that was due to something else, but I can't be sure
- I'm also not sure how else we should shut the DB connection, as this
is the recommended way but it throws an unhandled rejection
- this commit is a bit of a gamble because I'm not actually sure what
was causing the problem, but it gets rid of the errors locally and
doesn't regress on the random failures
fixes https://github.com/TryGhost/Ghost/issues/15190
refs https://github.com/TryGhost/framework/pull/76
- log output always uses UTC timestamps, but it may be desirable to
configure logs to use the local machine timezone
- a new config option has been added to `@tryghost/logging` so you can
switch the logs to the local timezone
- this commit bumps the package and sets the default config option to
`false`, so it doesn't suddenly change the timezone of the logs
- docs will be updated soon but if you'd like to use the
timezone-altered timestamps, you can set `logging.useLocalTime` to
`true`
- credits to https://github.com/levee223 for the implementation and PR
- in its current form, bundling will happen before we build Admin
- Admin complains because the version in its package.json for
`@tryghost/members-csv` is different to the one linked in the monorepo
- by putting bundling at the end, we write the new package versions
after we've already built Admin, so this issue should go away
fixes https://github.com/TryGhost/Team/issues/1860
**Problem:**
Members were not able to comment on a post that was only visible for members with a specific tier.
**Causes:**
Content gating was done on models with missing relations.
- The products relation was not loaded on the member when doing content gating
- The tiers relation was not loaded on the post when doing content gating
**Tests:**
- Added for tier-only posts
- Added for paid-only commenting
fixes https://github.com/TryGhost/Team/issues/1859
**Problem:**
When for some reason a member has an active subscription (or legacy comped subscription) for product A, and a comped subscription for product B. You cannot remove comped subscription B.
**Fixed by:**
Updating the API to allow more flexible product changes on members.
- Allow the removal of (comped) products on a member, as long as that product doesn't have a related subscription
- (still) allow the addition of comped products to a member, as long as that member doesn't have other active subscriptions. This matches the existing behaviour, but now this is only checked for added products.
- Includes tests for these edge cases
- the code in question had the intention of returning early if no new
email batches had been created for an Email
- there were 2 minor bugs here:
- `batchIds` would end up being an array of an array of strings
because we just push an array in without the spread operator
- we would compare that the returned array equaled zero, which was
never the case
- this commit fixes these minor issues and adds JSDoc to document the
function's return type
no issue
- While auditing the access rights to endpoints have come across the "stable" / "experimental" notes that do not make any sense in the current approach towards the API. Every endpoint that's documented and exposed just "is" there no stable/unstable/canary/whatever distinction in the Admin API since Ghost v5
- Staff tokens were also acked as a separate way to access the API, so we have them in mind when modifying the access-list
fixes https://github.com/TryGhost/Team/issues/1679
These endpoints are safe to be removed, as they are only used by the admin app and usage has been removed over there. It is very unlikely that this endpoint has been used in a third party integration (in which case they will get a notification email).
no issue
- Return was missing for `res.end` if an invalid subscription_id was passed
- Added explicit `text/plain` `Content-Type` headers to error messages to avoid MIME sniffing
Signed-off-by: Elijah Conners <business@elijahpepe.com>
Co-authored-by: Simon Backx <simon@ghost.org>
In case there is an issue with the filtering of items in our client
side attribution script, we also check for and remove out of date
items here. This ensures that we do not erroneously attribute signups
or conversions to webpages from more than 24h ago.
We promote from alpha -> beta so that we don't require the
enableDeveloperExperiments flag, the toggle in the UI is behind the
flag still, so it will only be visible to developers or people using
alpha features.
refs TryGhost/Team#1826
- adds new service package that manages all the email alert notifications for free members and paid subscriptions
- includes email templates for free member signup and paid subscription start/cancel
- initializes staff service before members to allow managing email alert notifications
- passes staff service to members api for triggering alerts
refs TryGhost/Team#1826
- adds a method on user model which fetches all eligible users for a type of email alert
- restricts users to active `Owner` and `Administrators` with setting turned on
refs https://github.com/TryGhost/Toolbox/issues/387
- The limit values should be as configurable as possible to adjust verification thresholds dinamically per-usecase. This solves a problem of doing a separate version release when we need to adjust the verification thresholds.
- Before this "importThreshold" was the same concept as "apiThreshold", which makes it hard&confusing to reason about and hard to parameterize each specific case.
refs https://github.com/TryGhost/Toolbox/issues/387
- Similar reasoning as to previous renames - the variables were named with a single trigger source in mind and now would be confusing with multiple verification trigger sources.
refs https://github.com/TryGhost/Toolbox/issues/387
- There will three distinct verification limits soon. To keep the naming clear "configThreshold" would be too generic/confusing to use.
- Introduced jsdoc descriptions for the "source" parameter, which will be corelating with each new config parameter ("apiTriggerThreshold", "importTriggerThreshold", "adminTriggerThreshold", etc.). This should give a better visibility into parameters we are dealing in this area.
closes: https://github.com/TryGhost/Team/issues/1732
- adds a theme helper which outputs a working search button with a standard icon
- the icon adopts whatever the current color is from css, and has a set of default styles
- styles can be overridden with !important or the data attribute
- alternatively, any element in a theme may be turned into a search button by adding data-ghost-search
- this is meant to be a simple tool for non-theme-developers to easily add a search icon to their themes in a way that doesn't require css or html knowledge
refs: 203c8036fa
refs: 1fadbacdec
refs: 22fd7f289c
- There is something seriously weird about how content-length changes...
- It's different on CI to local sometimes...
- This particular test should not change IMO
refs https://github.com/TryGhost/Team/issues/1833
refs https://github.com/TryGhost/Team/issues/1834
We've added the attribution property to subscription and signup events when the
flag is enabled. The attributions resource is fetched by creating multiple relations
on the model, rather than polymorphic as we ran into issues with that as they can't
be nullable/optional.
The parse-member-event structure has been updated to make it easier to work with,
specifically `getObject` is only used when the event is clickable, and there is now a
join property which makes it easier to join the action and the object.
- after a while of browsing around filtering Actions, the endpoint will
suddenly lock up and start throwing stack exceeded errors
- this is because every time we initialize an Actions model, we push to
the `candidates` array with a list of the current models
- this was producing a `candidates` array with a length of several
thousand models after a few clicks, which would cause errors when
joining the data down the line
- the code was like this because we need to lazy-initialize the models,
so the order of requiring the Actions model doesn't matter
- this commit switches the code to using a `candidates` function to get
the models
- this seems to work and the performance cost is negligible given it now
doesn't error
refs: https://github.com/TryGhost/Ghost/issues/14882
- Usage of bluebird is deprecated in favour of using native promises
Co-authored-by: Navarjun <navarjun@Navarjuns-MBP.hitronhub.home>
refs https://github.com/TryGhost/Team/issues/1833
refs https://github.com/TryGhost/Team/issues/1834
We've added the attribution property to subscription and signup events when the
flag is enabled. The attributions resource is fetched by creating multiple relations
on the model, rather than polymorphic as we ran into issues with that as they can't
be nullable/optional.
The parse-member-event structure has been updated to make it easier to work with,
specifically `getObject` is only used when the event is clickable, and there is now a
join property which makes it easier to join the action and the object.
closes https://github.com/TryGhost/Team/issues/1727
- allows site owners to give cardless free trials to members by setting expiry on complimentary subscriptions
- also allows complimentary members to upgrade as paid member
closes https://github.com/TryGhost/Team/issues/1836
- Uses the timestamps from the members table to determine the timestamps for the events
- Clears the table when downgrading to prevent having multiple rows for the same member
Co-authored-by: Fabien "egg" O'Carroll <fabien@allou.is>
- without this, the model doesn't have the context on who was
adding/editing it
- this resulted in being unable to store actions for Offers because the
`actor` is unknown
- this is the pattern we use elsewhere in the code so I've copied it
into here
refs https://github.com/TryGhost/Toolbox/issues/356
- this allows collection of CRUD events for Offers but we currently don't
show them in the UI until it's overhauled to avoid being monotonously
long
refs https://github.com/TryGhost/Toolbox/issues/356
- this allows collection of CRUD events for Tiers but we currently don't
show them in the UI until it's overhauled to avoid being monotonously
long
refs: https://github.com/TryGhost/Ghost/issues/14882
- The use of predicates is deprecated, and we're working to remove them from everywhere, so that we can remove bluebird
- This should be the final piece of the puzzle in terms of predicates, from here we can start removing bluebird without concern that a predicate somewhere will explode
- Note: some of this code is poorly tested, but the refactors are very straightforward and minimal
refs: https://github.com/TryGhost/Ghost/issues/14882
- I found a common pattern where catch predicates were being used to catch non-existent models in destroy methods, and sometimes elsewhere in the API endpoints
- The use of predicates is deprecated, and we're working to remove them from everywhere, so that we can remove bluebird
- In order to still handle these errors correctly, we needed a small change to mw-error-handler so that it can detect EmptyResponse errors from bookshelf, as well as 404s
Note: there is a small change as a result of this - the context on these errors now says "Resource not found" instead of "{ModelName} not found".
- I think this is acceptable for now, as we will be reviewing these errors in more depth later. It's quite easy to make changes, we just have to decide what with proper design input
- this shouldn't ever be the case, but if we forget to label the
resource type, we shouldn't proceed with storing the event because
it'll throw an error
refs https://github.com/TryGhost/Toolbox/issues/356
- we should store the `primary_name` on `added` events too because if
the resource is eventually deleted, we won't have the pretty name to
refer to it
refs https://github.com/TryGhost/Toolbox/issues/356
refs 3a9016639c
- I misunderstood the purpose of a column, and changed the values that
are inserted into it, which broke relation includes in Bookshelf
- I've since reverted that in the commit above but this migration is to
fixup the data that got stored in the DB
- we want to replace `resource_type` = `page` back to `post`, but then
use the `context` column as described in the referenced commit to
store that the type is actually a `page`, so we can link to it
from the audit log accordingly
- I'm overwriting the `context` column without taking into account the
current contents but that's ok because this bug existed before we
started using `context`
refs https://github.com/TryGhost/Team/issues/1825
- adds 3 new columns to users table for storing email alert preferences for member signups/cancellation
- adds column for new member signup alert
- adds column for paid subscription started alert
- adds column for paid subscription canceled alert
- Updated default fixtures and tests for new columns
refs https://github.com/TryGhost/Toolbox/issues/356
- we have a very crude version of this before but it just wasn't
maintainable
- one of the first things I did here was to add `include=resource` on
the API call, so it returns the fields we need without extra API
requests
- after we have the id/slug, I could build a route and model array
dynamically, or return null if we can't redirect to the object (it
doesn't exist)
refs bde9b84221
- the commit above claimed to fix an issue where actions taken on pages
were stored using the `post` resource type
- whilst it does that, this actually breaks part of the API because we
use the `resource_type` to join on tables when doing an
`include=resource`
- this commit reverts that functionality and instead stores the type in
the `context` field so we can still differentiate between pages and
posts
- copied over and rewrote the deletion test from the legacy file
- added a new test that checks that we get a 404 when attempting to delete an unknown post
- this is a guard to protect and futureproof the API whilst we do refactoring to improve 404 handling from bookshelf
- in turn this is aimed at helping to get rid of a bunch of catch predicates from the API
- I want to start rewriting the post tests using the new e2e framework, but it's quite a big task
- For now I have renamed the existing file, and will use the correct file name for writing modern versions of tests
- Note: I have a specific test that I'd like to add which is far easier to write in the new framework
- This change should facilitate moving forward more with the new framework
refs https://github.com/TryGhost/Toolbox/issues/356
- in order to show data that we might not necessarily still have around
(ie. when you delete a post, you might want the title), we're going to
start utilizing the `context` column
- right now, we store the `primary_name` for deleted events, and we also
store the `setting` `key` and `group` so we can reference it in the
audit log
no issue
- The site locale should be exposed within the public site config in order to handle i18n in third party apps
- Added the locale to Explore service to simplify fetching it when submitting a new site
no issue
We're spending a bit of time playing with an alternative to mobiledoc-kit to test it's feasibility as a base for future editor improvements.
- add `editor.lexicalUrl` config that points at the unpkg release by default
- set up a route on `/ghost/#/lexical-editor/post/` for the test playground which renders `<KoenigLexicialEditor>` as the editor
- adds `<KoenigLexicalEditor>` component that lazy loads the external react component
closes https://github.com/TryGhost/Toolbox/issues/386
- When the API request was made using staff token the source attribution was "user" instead of "api". Misattribution caused ripple effects in limit service.
- The fix also adds a new combination of data available on the `req` object - both `user` and `api_key` can be present when the request is done using a staff (user) token. Having both pieces of data on the request object gives more context for business logic, did not find a good reason to keep it "pure" with either `api_key` or `user` property.
fixes https://github.com/TryGhost/Team/issues/1829
- Remove the subdirectories when creating the Attribution instances
- URLs are now always stored relative to the subdirectory instead of the root directory (makes changing the subdirectory easier)
- Fixed returning absolute urls
- Added tests
- this endpoint returns the Ghost version, of which the minor just hit
double digits
- because of this, the content-length size changed, and the snapshot was
incorrect
- we've previously allowed overrides for the content-length to be any number (see
1fadbacdec)
- this commit allows the header to be any number so it doesn't fail when
the Ghost version is incremented
closes: https://github.com/TryGhost/Ghost/issues/15252
- comments are deleted when posts are deleted. Without cascade delete on parent_id, replies cannot be deleted
- this change means that deleting a post will delete all comments and replies without error
refs: https://github.com/TryGhost/Ghost/issues/15252
- all columns with a foreign key (references prop) must have a deletion strategy
- we just found a bug with this in the comments table - see referenced issue
- this fix adjusts the schema and migration for this change before its released so we don't have to write a horrible migration later
closes: https://github.com/TryGhost/Ghost/issues/15251
- getAdminUrl is a config helper that returns the direct value from config
- change to using urlJoin and urlFor helpers to generate the correct URL
- not entirely happy with this fix as there's no test, but I've verified it locally
refs https://github.com/TryGhost/Team/issues/1727
- runs a daily cron job at start of the day to cleanup all expired comped subs
- removes `members<>products` mapping for expired entries, and updates status for corresponding members
- also adds status events for members going back from comp -> free as a result of expiry
- scope for future optimisation on how the scheduled job is ran or does the cleanup
refs https://github.com/TryGhost/Team/issues/1727
- if feature flag is enabled, handles storing expiry date on complimentary subscriptions in `expiry_at` column of `members_products`
- updates the expiry value on both member edit or add with tiers
- expiry is passed as `expiry_at` in `tiers` list of a member
- includes `expiry_at` on tiers data of a member when flag is enabled
- if a model is being deleted, `attributes` is an empty object and the
data we actually need is in `_previousAttributes`
- because of this, only fetching the type using `.get` returned the
wrong value, and the Action model validator would throw an error
because we tried to insert an empty type
- we can access the previous value using `.previous(..)`
- this commit fixes saving actions when deleting a post by fetching the
type from the previous attributes if the current attributes is empty
refs: 22fd7f289c
- in the mentioned commit I changed the tests so that we don't need to update snapshots for every labs flag change
- this commit does the same for content-length which didn't get picked up locally, but does on CI for some reason
- the goal is to allow the team to add and remove flags without needing to update a random snapshot
- it turns out we're running the members migration job in tests, and
these run every time we boot Ghost. Given we wipe the DB each time,
this forces the job to run, which is just burning valuable test time
- the reason this block of code is slow is because it waits 500ms to see
if the job has completed
- we run this 55 times, as of writing, during the E2E tests, so that's
over 27s of idle time
- this commit gates running the migrations to outside of the test environment
refs https://github.com/TryGhost/Team/issues/1822
Exposing the values through the API is restricted behind the alpha flag.
We're exposing the values by default when the flag is enabled for now,
but can reconsider that later.
refs https://github.com/TryGhost/Team/issues/1808
refs https://github.com/TryGhost/Team/issues/1809
refs https://github.com/TryGhost/Team/issues/1820
refs https://github.com/TryGhost/Team/issues/1814
### Changes in `member-events` package
- Added MemberCreatedEvent (event, not model)
- Added SubscriptionCreatedEvent (event, not model)
### Added `member-attribution` package (new)
- Added the AttributionBuilder class which is able to convert a url history to an attribution object (exposed as getAttribution on the service itself, which handles the dependencies)
```
[{
"path": "/",
"time": 123
}]
```
to
```
{
"url": "/",
"id": null,
"type": "url"
}
```
- event handler listens for MemberCreatedEvent and SubscriptionCreatedEvent and creates the corresponding models in the database.
### Changes in `members-api` package
- Added urlHistory to `sendMagicLink` endpoint body + convert the urlHistory to an attribution object that is stored in the tokenData of the magic link (sent by Portal in this PR: https://github.com/TryGhost/Portal/pull/256).
- Added urlHistory to `createCheckoutSession` endpoint + convert the urlHistory to attribution keys that are saved in the Stripe Session metadata (sent by Portal in this PR: https://github.com/TryGhost/Portal/pull/256).
- Added attribution data property to member repository's create method (when a member is created)
- Dispatch MemberCreatedEvent with attribution
### Changes in `members-stripe-service` package (`ghost/stripe`)
- Dispatch SubscriptionCreatedEvent in WebhookController on subscription checkout (with attribution from session metadata)
- this was due to the fact that we use the same model for pages as we do
for posts, so the hardcoded `post` key was not accurate
- this commit adds support for providing a function to return the key for the
action type
- cleaned up unused dependencies
- adds missing dependencies that are used in the code
- this should help us be more explicit about the dependencies a package
uses
refs https://github.com/TryGhost/Toolbox/issues/356
- we had a function called `getAction` in every model where we were
collecting CRUD actions to store in the DB
- this function has the same boilerplate code - make sure it's not
internal and then construct the object to return
- as we add more actions to more models, we probably want to pull this
out and just configure the things specific to the model
- this commit pulls out the function into the actions plugin and adds a
couple of keys to the models to indicate we'd like to store CRUD
actions, along with the model name
refs https://github.com/TryGhost/Team/issues/1804
- Adds a script that is only injected when the member attribution alpha flag is enabled
- This script builds a history and saves it in localStorage as `ghost-history` that contains something like this:
``` json
[
{
"time": 1660650730,
"path": "/about/"
},
{
"time": 1660651730,
"path": "/welcome/"
}
]
```
- Keeps track of the time of every page visit, so we can correctly remove old items. I also considered saving the time separately and clearing the whole history when the saved time is older than 24h, but that would have the side effect that items older than 24h might leak into the history if you visit every 12 hours (to give an example). Plus, having objects in the history might make it easier to add other attributes to the items if we ever want to do that in the future. We also have access to the time between visits.
- Added `.eslintrc` configuration for this new frontend script. This makes it easier to spot errors when developing, and follow the same syntax rules as other scripts. In the future it can allow us to require an older ECMA version in the browser script. If we like this pattern, we could also use it for other frontend scripts.
refs https://github.com/TryGhost/Toolbox/issues/364
refs 147ec91162
- This looks like a subtle bug that has gone unnoticed for years. Have checked if we rely on the logic anywhere (mostly used in image-dimensions frontend helper) - we don't access the "url" directly.
- There is no reasoning attached behind why the cached size was stored as a url (see refed commit)
- WHY is this even being fixed? Caches can store anything... does not mean we should! Inconsistent data becomes a real PITA if the cache is persisted and is hard to repopulate (e.g. to migrate the cached data format).
refs. https://github.com/TryGhost/Team/issues/1806
- free trial indicator - which helps users identify tiers easier - was missing on tier cards in Settings / Membership in the Admin
refs https://github.com/TryGhost/Toolbox/issues/364
- The "new Map()" cache was a "hidden cache" that did not follow any specific pattern. Following the cache adapter pattern here makes it possible swapping out the cache for alternative implementations - e.g. Redis storage
refs https://github.com/TryGhost/Toolbox/issues/364
- Before introducing an image size caching mechanism we need to make existing caches explicit - makes sure caches are operating in multiple different instances.
- Explicit syntax also allows to pass in different configurations for each cache instance (e.g. use different Redis connections for caches with different purposes)
refs https://github.com/TryGhost/Toolbox/issues/364
- The InMemoryCache is an implementation of the cache adapter interface and allows to test cache in the works which is "close to the real world". Being able to do so in tests for image sizes cache manager proves we can use other cache adapters such as Redis based ones.
refs https://github.com/TryGhost/Toolbox/issues/364
- Doing the `.catch(errors.NotFoundError...` was throwing another error as this syntax did not work with native promises. Checking `instanceof` works 100% and is way more explicit/readable way to handle this type of error differently
refs https://github.com/TryGhost/Toolbox/issues/364
- Cache adapter does not have a "has" method, so using "get" instead to achieve the same to have full compatibility. Should allow to just drop in the cache adapter implementation instead of current Map instance.
refs https://github.com/TryGhost/Toolbox/issues/364
- It was using an outdated syntax and relied on Bluebird depencency. Updated the syntax to async/await and dropped the Bluebird dependency.
refs https://github.com/TryGhost/Team/issues/1799
Rather than using the `adminAuthAssets` config which is not updated to
be aware of running in a different directory to the cwd, we use the
getContentPath method which handles all of the directory checking.
Without this, we were unable to serve the admin-auth iframe, as the
directory was incorrect for self hosters.
- we've had an optimization in CI that copies a fresh SQLite DB to a
file, and copies it back when we need to do a DB reset
- I originally only let this run in CI but we've had it around for a
while so we should GA it to run on local machines
- there may be edge cases, but we should fix them instead of letting
tests run slower for development
- this also makes sure we clean up any existing files before
initializing the DB
- the comments system lives at members/api/comments and was meant to be removed from here in an early refactor but was missed, possibly as a result of the huge rebase we did
- prior to this commit, if you add or remove a faeture flag, you also have to update the snapshots for the settings tests
- feature flags are intended to be very easy to add and remove, and so this extra step doesn't fit with our needs
- it's also unnecessary, we don't need to verify the exact contents of the labs setting
refs https://github.com/TryGhost/Toolbox/issues/363
- the oembed service is completely standalone and could do with some
individual unit tests
- moving it out to a package allows us to draw the boundaries better and
allows us to remove some dependencies from the core package.json
- I'm not sure if we gain anything here except noise
- it was added after a bug in the oembed service but it was regarding
oembed-parser and not metascraper
- added core and builtin integrations to test fixtures
- allowed passing a custom api key id to generate JWT
- updated admin key auth test to make successful request with a `core` integration, which doesn't work atm because relations are not returned
fixes https://github.com/TryGhost/Team/issues/1787
- Options were not passed
- The member context variable was not passed to the count helper
- Liked was always false for replies
- we need to initialize the submodules in case they weren't done when
cloning, otherwise Casper will be missing
- we can avoid doing an initial build because it'll get wiped when we do
`yarn dev` anyway
The limit applies to the replies relation is applies globally when
fetching a collection, which means only 3 replies in total will be
fetched across all comments.
This patches the findPage method to manually fetch the replies and
replies adjacent relations manually on each comment, applying the limit
on a comment-by-comment basis.
This is not optimised as we currently still make the initial request for
relations.
refs https://github.com/TryGhost/Toolbox/issues/363
- this API framework is standalone and should be pulled out into a
separate package so we can define its boundaries more clearly, and
promote better testing of smaller parts
- these requires go outside of the shared folder, and then back in to
the index.js
- this is confusing and won't work when we pull this code out of core
- this commit cleans up the requires to make them more explicit
refs https://github.com/TryGhost/Toolbox/issues/363
- AFAICT, this is an outdated and unused concept from when subscribers
were a thing, but members are now how we do things, and this is causing code
to linger around that we don't need
refs https://github.com/TryGhost/Toolbox/issues/363
- this middleware is standalone and I suspect we're going to be touching
it further when we work on Ghost's caching in the near future
refs https://github.com/TryGhost/Team/issues/1726
- free trial offers don't need a stripe coupon created for them
- checkout sessions for free trial offers ignore stripe coupon and directly pass the trial days value
- trial days of an offer take precedence over trial days added as default to a tier
refs https://github.com/TryGhost/Team/issues/1726
- updates offer type validation to include `trial`
- add offer duration validation which includes `trial` for free trial offers
refs https://github.com/TryGhost/Toolbox/issues/363
- this commit pulls all code involving the Mailgun client SDK into one
new package called `mailgun-client`
- this means we should be able to replace `mailgun-js` (deprecated) with
`mailgun.js` (the new, official one) without editing code all over the
place
- this also lays some groundwork for better testing of smaller
components
refs https://github.com/TryGhost/Team/issues/1723
- Added count.replies to comments
- Added replies endpoint
- Limited returned replies to 3.
- Replaced likes_count with count.likes in comments
- Instead of fetching all the likes of a comment to determine the total count, we'll now use count.likes
- Instead of fetching all the likes of a comment to determine whether a member liked a comment, we'll now use count.liked (which returns the amount of likes of the current member, being 0 or 1). This is mapped to `liked` to make it more natural to work with.
The `members.test.snap` file changed because we no longer include `liked: false` if we didn't fetch the liked relation. And in the comments events of the activity feed the liked property is therefore removed.
These changes requires an update to the `bookshelf-include-count` plugin:
- Updated to also work for nested relations
- This moves the count queries from the `bookshelf-include-count` plugin to the `countRelations` method of each model.
- Updated to keep the counts after saving a model (crud.edit didn't return the counts before)
- these files are copied into the `ghost/core` folder by monobundle so
they can be included with NPM, but they shouldn't be in git because
they'd just be duplicates of the top-level files
- in order to pack the tarball correctly, we need monobundle to run
beforehand
- up until now, it's the responsibility of the release script to make sure
to run it before `npm pack`
- this commit ensures it gets run, so the generated .tgz file is valid
refs 03cbc89a53
- this util was added to fix an issue with the types of columns in
MySQL, but the issue was back in 2014 (!!)
- we're long past doing it in this way so we'll likely never use it
again
refs https://github.com/TryGhost/Toolbox/issues/345
- this commit bumps `eslint-plugin-ghost`, which bumps compatiblity to
2022
- this also removes a lot of the manually-added
`parserOptions.ecmaVersion` that we had in imported packages, in favor
of the value set in `eslint-plugin-ghost`
refs https://github.com/TryGhost/Team/issues/1760
This allows theme developers to wrap the output of the comment_count
helper in an element, which will only be shown when there is content
to output.
This makes styling a lot easier, as the default output for no comments
is nothing, meaning that separators defined with CSS will not be rendered.
refs https://github.com/TryGhost/Team/issues/1757
- exposes trial start and end dates in member's subscription object
- allows portal and admin to show member's trial information in UI
fixes https://github.com/TryGhost/Toolbox/issues/370
- we no longer need `bthreads` because we can use native
`worker_threads` now we don't have to support Node 10 any longer
- this allows us to clean up a dependency and stick with native
libraries
- the referenced node-sqlite3 issue should be fixed (or at least, we now
maintain it so we can fix it if not)
refs https://github.com/TryGhost/Ghost/commit/a58efd6b
The references commit updated the admin-api-schema to require the `trail_days`
property, which is not yet supported by the Admin. When saving membership
setting we also save all the Tiers, which then causes the validation to fail.
Until the Admin supports the property we should remove validation from the API
refs https://github.com/TryGhost/Team/issues/1745
This is done at the mapper layer, so that the model can be used for the
Admin API - where will probably want to expose the underlying content.
We've also disabled editing of deleted/hidden comments, to avoid
accidentally overriding the comments html when sending up deleted
comments.
- most of these tasks were duplicates or had been extracted out into
npm/yarn scripts
- in order to get closer to removing Grunt, I've cleaned up the majority
of those script
- this also removes an intermediate command to building Admin, so it starts
ever so slightly quicker
refs 82dcc042cd
- `coffeescript` was only added in the first place because of an update
to `grunt-bg-shell`, which required it
- since then, we've removed `grunt-bg-shell`, so we don't need this
dependency any further
- this commit switches our `yarn dev` workflow from heavily relying on
Grunt, to using `nodemon` and `concurrently`
- we're doing this to reduce reliance on Grunt, but also to fix several
nits with the way `yarn dev` works in the monorepo
- we now use `nodemon` to run the Ghost backend, and it should
auto-refresh whenever you change a file in any of the packages (except
`admin`)
- we use `concurrently` to simultaneously run `ghost` and `admin` at
the same time. it seems to handle process cleanup well and has nice
colored prefixes to help with differentiating between log output
- this commit ends up removing a handful of Grunt dependencies and
reduces the functionality stored in the Gruntfile
- on the whole, it should keep existing functionality but there may be
some small underlying changes to get used to
refs https://github.com/TryGhost/Team/issues/1750
- Trim whitespace from empty paragraphs
- Do not allow empty comments
- Also includes: Allow requesting the parent relationship of a comment (required for focusing comments)
refs https://github.com/TryGhost/Team/issues/1724
With free trials, members can start subscriptions with a trial period. This change stores the information about trial start and end date for every subscription so it can be shown on Admin/Portal for member.
- adds new `trial_start_at` column for storing trial start date on Stripe subscription. Will in most cases match the start of subscription date.
- adds new `trial_end_at` column for storing trial end date on Stripe subscription.
- wires storing trial start and end values on stripe subscription
closes: https://github.com/TryGhost/Ghost/issues/14980
refs: cc276486f0
- Tenor is now operated by Google, and the old v1 Tenor API has been decommissioned
- At present anyone with a pre-configured tenor integration will get intermittent errors, whilst it is impossible to setup a new tenor API integration
- Sadly old keys do not work with the new API, and new keys do not work with the old API, so there is no happy path forward.
- After this lands, everyone will need to go and get a new Google API Key for Tenor, update their config, and then the integration will work properly again.
- This particular change renames the API key from `publicReadOnlyApiKey` to `googleApiKey` to reflect that the key itself changes in type and behaviour
Co-authored-by: Hannah Wolfe <github.erisds@gmail.com>
- this is only a temporary fix until we have time to go and investigate
some performance issues in the tests
- we keep seeing random failures due to timeouts in the integration
tests, and it's incredibly distracting
- Ghost doesn't prevent itself from running the `shutdown` procedure more than once
- if you spam Ctrl-C, you can reproduce this
- this might not be the case when running using `yarn dev` because
some Grunt code captures the SIGINT/SIGTERM, but that is changing
very soon
- whilst not necessary a problem now, we might introduce code that runs
during a shutdown but only expects to happen once
- this commit introduces a flag to say that Ghost is shutting down, and
prevents the `shutdown` function from executing further once true
- as part of our effort to reduce our usage of Grunt in favor of more
maintainable (and maintained) alternatives, this commit removes Grunt
from Admin
- the main difference here is switching from subgrunt to shell, which
should be a nice stepping stone to removing Grunt altogether one day
- up until now, we've been sending the `safe` version as data in
metrics, but this only includes major.minor
- we'd like to be able to see how every release affects the results, so
this commit switches to using the version that was supplied in the
package.json so we've got more of a granular overview
refs https://github.com/TryGhost/Toolbox/issues/364
- Settings Manager used to store all of it's settings values in a hash - an in memory cache in disguise. Having a hidden cache made it hard to reason about it's impact of memory usage and did not allow to swap it out for an alternative storage metchanism easily. Having a cache storage abstraction in Settings Manager allows to get rid of long lasting memory problems + decouples storage mechanism from the logic around transforming stored values.
refs https://github.com/TryGhost/Toolbox/issues/364
- This is groundwork to substitute in memory caches we use across the codebase. The first candidate would be settings cache. The interface of the memory cache was kept to the minimum. The "keys" method is a somewhat acceptable alternative to the "getAll" method used in the codebase right now.
- The next iteration over this would be adding async methods are alternative key/value storage methanisms like Redis.
refs https://github.com/TryGhost/Toolbox/issues/364
- Passing "cache" through constructor did not work out because cache setting is still dependent upon on the model layer (gets called before it has a chance to initialize during db migrations)
- To remove the initialization dependency blockers were:
"defaults" method in the post model - the value resolved to "undefined" anyway during the fixture insertion
validate-password module - checks the password against "undefined" during fixture initialization
- Passing the cache through "init" method works too, but is not as clear as with constructor DI pattern.
refs https://github.com/TryGhost/Team/issues/1716
- Adds the bio field to the API output
- Allow setting bio when updating the member
- Includes new E2E tests for the members API that were missing
no issue
- jsdelivr has heavy CDN and local caching for 7 days which makes it difficult to test the frequent package bumps whilst we're actively working on the experimental package. Switching back to unpkg for now to take advantage of it's 60s cache
refs https://forum.ghost.org/t/admin-template-issues-default-install/31750
- we recently switched to using different folders within `core/built`, to
indicate the assets that are applicable for development/production
environments
- unfortunately, this came with the side effect of the "development" assets
missing in the published tarball, which meant Admin wouldn't load when
running in development mode
- this was a regression from how it previously worked because we used to
just copy the production HTML file to the development HTML name, and
use the same assets
- after thinking about it, I think we can get rid of the split folders
for assets, because I don't think the use-case is there for having
them:
- if you run Ghost from source, you're 99% only using the
development-built assets
- if you want production ones, you can run with a flag, but the
development ones get wiped anyway
- those running Ghost from a published package are using the same
assets and HTML file
- therefore, I think we can make our lives simpler by removing the env
folders and using a folder under `core/built/admin/...`
- this commit implements that across Ghost and Admin
refs https://github.com/TryGhost/Team/issues/1724
- storing trial period days allows site owners to give free trial for N days to all members signing up on a tier
- by default, all tiers have 0 trial period days(same as no trial)
refs https://github.com/TryGhost/Toolbox/issues/365
- some of this was barely used anyway, but now Admin is a package in the
monorepo, we don't need to be installing dependencies twice
refs https://github.com/TryGhost/Toolbox/issues/363
- this shared library is standalone, and it used in various places of
Ghost core, so we can pull it out to keep it easier to reason about
- we also use the `html-to-text` dependency in another package but it's
outdated and could now switch to this new package
refs https://github.com/TryGhost/Team/issues/1694
- Added replacements option to `@tryghost/minifier` + updated documentation and name of 'options' param which was a bit confusing.
- At compile time, we'll replace `'{{SITE_ORIGIN}}'` with the actual and JS encoded origin string.
- Block requests to the auth frame with the wrong origin, but log a warning for now to make debugging easier.
- Limit who can read the response messages by origin
refs https://github.com/TryGhost/Team/issues/1695
We add english defaults for the singular and plural params leaving the
empty param blank so as to not draw attention to low engagement.
refs https://github.com/TryGhost/Team/issues/1695
When a post does not have any comments we were not returning any data
from the API, which would cause issues with the comment counts helper
frontend script. This updates the endpoint to always include the count
when explicitly requesting the count for specific posts.
We've also pulled the logic out into a stats service so that the endpoint
can just refer to the controller.
refs https://github.com/TryGhost/Team/issues/1695
This updates the comment_count helper from a block to inline, and the
frontend script to replace the entire element with the comment count
text. This means that theme designers will have the most flexibility
as they can choose whether or not to wrap the text in an element, as
well as which element.
no issue
- The linter does not seem to pickup the trailing whitespace problem in test files. This would be good to fix project-wise with the `--fix` options or something similar
- This change is for example purpuses :)
refs 0a34be4012
- the admin html is no longer stored in core/server, and we don't need to
copy the production file to default.html
- this commit cleans up the grunt command to do this, and removes the
plugin whose only use was doing this
- this takes us another step closer to removing grunt
- this commit switches out the Grunt postcss plugin with the official
postcss CLI
- this means we can remove yet another step from Grunt, which helps
towards our goal of removing Grunt entirely
- I've confirmed the minified output is exactly the same as before
refs https://github.com/TryGhost/Toolbox/issues/364
- This is a groundwork which moves the "cache" property in settings cache to be injectable parameter, so we can swap it out with different implementations.
- The module will be broken downn into two concepts - an injectable cache and a cache manager (the update system)
refs 0a34be4012
- as of the referenced commit, we no longer store the HTML in the
core/server folder so we don't need to keep this folder in the
npmignore
refs https://github.com/TryGhost/Admin/pull/2252
closes https://github.com/TryGhost/Team/issues/1182
- Admin now copies it's build output to a single env-specific directory rather than splitting html and assets
- `core/built/admin/{development|production}/*`
- updated the admin app's `serveStatic` definition for assets and controller's html serving to reflect the new asset paths
fixes https://github.com/TryGhost/Ghost/issues/14323
- Fixed support for resizing images from Unsplash using the `img-url` helper (previously the size property was ignored for images from Unsplash)
- Added support for `avif` file formats (supported by sharp out of the box)
- Added support for setting the format of images, with a new `format` option:
E.g. to convert an image to webp (only works in combination with size for now, except for Unsplash where you can use it without size):
```
{{img_url @site.cover_image size="s" format="webp"}}
```
This can help improve the performance of a theme, by serving assets in `<picture>` elements with webp and fallback image formats.
Usage example:
```html
<picture>
<source
srcset="{{img_url feature_image size="s" format="avif"}} 300w,
{{img_url feature_image size="m" format="avif"}} 600w,
{{img_url feature_image size="l" format="avif"}} 1000w,
{{img_url feature_image size="xl" format="avif"}} 2000w"
sizes="(min-width: 1400px) 1400px, 92vw"
type="image/avif"
>
<source
srcset="{{img_url feature_image size="s" format="webp"}} 300w,
{{img_url feature_image size="m" format="webp"}} 600w,
{{img_url feature_image size="l" format="webp"}} 1000w,
{{img_url feature_image size="xl" format="webp"}} 2000w"
sizes="(min-width: 1400px) 1400px, 92vw"
type="image/webp"
>
<img
srcset="{{img_url feature_image size="s"}} 300w,
{{img_url feature_image size="m"}} 600w,
{{img_url feature_image size="l"}} 1000w,
{{img_url feature_image size="xl"}} 2000w"
sizes="(min-width: 1400px) 1400px, 92vw"
src="{{img_url feature_image size="xl"}}"
alt="{{#if feature_image_alt}}{{feature_image_alt}}{{else}}{{title}}{{/if}}"
>
</picture>
```
refs https://github.com/TryGhost/Team/issues/1680
- paywall card in Admin now inserts cta and restricts content for newsletters as well
- mimics paywall behavior in posts for newsletters
fixes https://github.com/TryGhost/Toolbox/issues/150
- up until now, the test framework has copied all theme fixtures to the
test directory when it boots Ghost
- the vast majority of tests don't need all the themes, so this is quite
a wasteful operation
- this commit disables copying all themes by default, and provides the
`copyThemes` boot option to enable this
- also adds a `copySettings` option, and defaults `redirectsFile` to
false to further reduce the number of file copies
refs https://github.com/TryGhost/Team/issues/1680
- using test emails via email preview in admin were failing due to missing post data attached to them
- adds test to make sure email segment rendering doesn't crash even with missing data
refs https://github.com/TryGhost/Team/issues/1695
This property can be used by theme developers to determine if comments
are available for the currently logged in member. It follows the same
logic as used internally in the comments helper, so that they can be
used interchangeably
refs https://github.com/TryGhost/Team/issues/1695
This updates the comments helper based on the design document
Changes include:
- `color_scheme` renamed to `mode`
- `avatar_saturation` renamed to `saturation`
- `saturation` default changed from 50 to 60
- `count` option added
- `title` option added
The count and title options allow theme developers to better customise
the output of comments, so that they can either pass in their own
title, or pass in no title, and instead provide HTML in the them to
handle it. The same is the case for the count option, which is used to
toggle whether or not the comment count is shown.
refs https://github.com/TryGhost/Team/issues/1705
- Made `max-width` smaller to avoid super-long lines
- Added `span` elements with `nowrap` to avoid one or two-word orphans
Co-authored-by: Rishabh <zrishabhgarg@gmail.com>
refs https://github.com/TryGhost/Toolbox/issues/358
- The execution of members migration only ever has to be done once in the lifetime of the Ghost instance. It is slightly slow and blocking process, which slows down instance boot time considerably. Putting the execution into one off job allows to execute migrations only once and save boot time on each consequent instance restart - less resource usage, save the planet!
refs https://github.com/TryGhost/Team/issues/1688
We've moved the BREAD logic out of the endpoint and into a controller which
interfaces with the `frame` object from our API framework. The service handles
the core logic of comments, and has been updated with several fixes. This
separation means we keep the HTTP API logic and the underlying comments logic
decoupled.
We've also updated the naming to make it clear that it is part of the members api.
Permissions have been implemented, ensuring that members cannot create comments
if they do not have the required access, but they are able to edit their existing comments,
regardless of access.
The edited_at field is now correctly updated when a comment is edited.
- these agent files are all very similar and should be grouped together
- moving them into a subfolder makes the `test/utils` folder a little
bit easier to browse
- we keep seeing random failures that complain about a directory already
existing when trying to create it
- the error arises from the `fs.copySync` in this `prepareContentFolder`
function, because it tries to create the folder if it doesn't exist
- it turns out we're using the asynchronous `fs.ensureDir` without an
await just before, so it doesn't block on creating the folder
- there's a veeeery small window where the code within `copySync` thinks
the folder doesn't exist, `ensureDir` creates the folder, and
then `copySync` tries to create the folder => 💥
- it looks like we're already `await`-ing `prepareContentFolder`, so we
can just switch all the calls to the Promise-based ones and await them
- the other `prepareContentFolder` uses the sync versions of the
functions, but we can fix that in the future: 7b7767d483/ghost/core/test/utils/e2e-utils.js (L73-L79)
refs https://github.com/TryGhost/Toolbox/issues/358
- Error handling should be done as close to the place that knows how to handle them. It's a catch-all block which doesn't add any logic, so does not really make sense to have that extra code in general "init" method which ideally should be just a whole bunch of calls with no extras.
refs TryGhost/Team#1680
- extends the public preview card so that the paywall is shown in newsletters for paid-only posts based on member's access
- adds CTA for paywalled content in newsletters
- the segmentation for paywall only considers free and non-free members, so post with specific `tiers` and `paid-only` access settings are sent to all paid members
Co-authored-by: Djordje Vlaisavljevic <dzvlais@gmail.com>
refs https://github.com/TryGhost/Team/issues/1719
- creates scripts injected for portal/search/comments using new config format
- adds `data-styles` to search/comments script for adding external styles URL
refs https://github.com/TryGhost/Team/issues/1719
- switches default CDN from unpkg to jsDelivr for better reliability
- current config for frontend apps doesn't allow easy switching of CDN for frontend urls
- allows easy switch of base CDN for frontend apps via config
- fixes double use of version string in the config
- extends config to include url needed for loading styles for frontend app instead of hardcoded urs
- since we've turned the repo into a monorepo, the `yarn main` scripts
have lived in their original place under `ghost/core` package.json and
Gruntfile.js
- for one, we want to remove grunt because it's terribly old and our use
is hacked together
- secondly, `yarn main` applies to the monorepo + submodules as a whole,
and not just the Ghost core folder
- this commit extracts the functionality into yarn scripts in the
top-level and removes the dependency that was required
refs https://github.com/TryGhost/Team/issues/1709
- New event type `comment_event` (comments and replies of a member in the activity feed)
- Includes member, post and parent relation by default
- Added new output mapper for ActivityFeed events
**Changes to `Comment` model:**
* **Only limit comment fetched to root comments when not authenticated as a user:**
`enforcedFilters` is applied to all queries, which is a problem because for the activity feed we also need to fetch comments which have a parent_id that is not null (`Member x replied to a comment`). The current filter in the model is specifically for the members API, not the admin API (so checking the user should fix that, not sure if that is a good pattern but couldn’t find a better alternative).
* **Only set default relations for comments when withRelated is empty or not set:**
`defaultRelations`: Right now, for every fetch it would force all these relations. But we don’t need all those relations for the activity feed; So I updated the pattern to only set the default relations when it is empty (which we also do on a couple of other places and seems like a good pattern). I also updated the comments-ui frontend to not send ?include
refs https://github.com/TryGhost/Team/issues/1717
- Updates last_commented_at and last_seen_at (only once a day)
- Used the LastSeenAtUpdater, so we can combine updating last_commented_at and last_seen_at in one query + used same pattern
- Updated comments service to await emails in order to make E2E tests more stable (as we don't have any method to await emails and test emails otherwise). This removed the email sending logic from the `onCreated` hook of the model.
fixes https://github.com/TryGhost/Team/issues/1718
- Text content of report emails still had some placeholder text
- Converts HTML comments to TXT to include in the TXT version of the email
- Added support for Regexp matchers in the email mocker
- Added tests to check if the email content is in the new comment/report emails
refs https://github.com/TryGhost/Team/issues/1688
* Added missing/failing tests
* Refactored comments BREAD into service
* Ensured member_id is not writable, it should come from auth only
* Ensured one cannot reply to a reply
* Ensured the parent_id is not writable on edit
- we had this working in the Ghost repo before switching to a monorepo
- this commit adds a `setup` script to the root package.json so we can
maintain the functionality
- these scripts are useful for just trying to fix your repo when
node_modules is playing up
- as we now have a monorepo, they should be lifted up to the root and
not hidden in the ghost package
refs https://github.com/TryGhost/Toolbox/issues/357
- Adds support for persisted one off offloaded (worker thread) jobs
- To try them out run Ghost instance in "testmode" and shoo a request like so: `curl http://localhost:2368/ghost/api/oneoff/graceful-job` - this starts a one time job from graceful-job script (can only ever be executed once on the Ghost instance)
- Job's progress and runtime details are persisted in `jobs` table
- To play more with one off jobs use `addOneOffJob` method available on jobsService
refs https://github.com/TryGhost/Toolbox/issues/357
- One time jobs need a storage mechanism to be run only ever once.
- Field notes:
- `id`, `created_at`, `updated_at` - standard Ghost fields
- `name` - unique name of the job, could also be used with prefixing to identify certain type of job (e.g.: backup-bob-2022-10-16, backup-sam-2023-01-13 identifying backup jobs run by users)
- `status` - 'started' | 'finished' | 'failed' | 'queued' (need to identify when the job is in progress, done, added to the execution queue, or errored)
- `started_at` - when the job started execution
- `finished_at` - when the job successfully finished execution
closes https://github.com/TryGhost/Team/issues/1684
**Migrations:**
- Added report permissions (fixtures + migrations)
- Dropped reason field in reports (no textarea in reports in V1)
- Dropped nullable from comment_likes.member_id (can't be null)
- Added SET NULL/CASCADE foreign keys for comments related tables(*)
(*):
fixes https://github.com/TryGhost/Team/issues/1687
refs https://ghost.slack.com/archives/C02G9E68C/p1658217288591369
This commit adds support for `SET NULL` foreign keys in schema and migration helpers + also fixes the foreign keys for the comment_reports, comment_likes and comments tables.
- When a member is deleted, we **do** want to keep their reports (SET NULL)
- When a member is deleted, we **do not** want to keep their likes (CASCADE)
- When a member is deleted, we **do** want to keep the comments (SET NULL)
**Changes:**
- Added report API: `POST /members/api/comments/{id}}/report/`
- Sends an email to the owner when a comment is reported
- Saves a report to the database (not used for now, but might be useful later)
refs https://github.com/TryGhost/Toolbox/issues/357
- In upcoming iteration job manager will need "models" fully initialized to be able to persiste one time jobs. This bit of code of in a bad place as it initialized (through require) the job manager without having models module initialized first.
- The change moves that code from a bad to less bad place (wasn't able to think of any better location for now). Checking for `server:testmode' config in job initialization has a little bit of a smell, but don't think it's super critical. Could be improved if a better structure appears in the future!
- we keep seeing a lot of random failures from CI due to the Posts
Content API
- I think it's because of the Ghost boot + number of fixtures we load,
which sends us over our 10s threshold
- let's see if 15s resolves that
- these packages are split apart for local development, but will be
bundled into Ghost when publishing
- therefore, these packages won't be published so we are resetting the
versions to make them cleaner
refs https://github.com/TryGhost/Toolbox/issues/354
- this commit turns the Ghost repo into a monorepo so we can bring our
internal packages back in, which makes life easier when working on
Ghost