Commit Graph

20901 Commits

Author SHA1 Message Date
Sam Lord
296a2be2d8 Fixed the snapshot test for the e2e suite 2024-10-21 11:01:40 +01:00
Sam Lord
f772008c69 Prevent regression / e2e tests from trying to use 2fa 2024-10-21 11:01:40 +01:00
Kevin Ansfield
1a05652b50 Added 2fa token verification error handling
closes https://linear.app/tryghost/issue/ENG-1635

# Conflicts:
#	ghost/admin/app/controllers/signin-verify.js
2024-10-21 11:01:40 +01:00
Sam Lord
5f192344f8 Switched to 1 token per minute, 10 tokens accepted
More typical in TOTP setups for each token to last 1 minute, and to
allow some older tokens.

Also moved the options setting out of the generate scope in case
verify is called first (unlikely but possible).
2024-10-21 11:01:40 +01:00
Michael Barrett
8a86db4ea5 Updated response code for re-sending verification 2024-10-21 11:01:40 +01:00
Michael Barrett
916b2aef9d Added tests for auth code middleware 2024-10-21 11:01:40 +01:00
Sam Lord
0b852bcb38 Added check for verified sessions
refs ENG-1610
2024-10-21 11:01:40 +01:00
Michael Barrett
7a18e829c5 Added endpoints for supporting 2FA
no refs

- Added `POST /session/verify` to send the user a verification code
- Added `PUT /session/verify` to verify the user's verification code
2024-10-21 11:01:40 +01:00
Princi Vershwal
51fa21324d Added logic for generating and verifying otp 2024-10-21 11:01:40 +01:00
Princi Vershwal
1106d64706 Added API for sendingAuthCode 2024-10-21 11:01:40 +01:00
Kevin Ansfield
68af12cfad Added 2fa happy path to Admin
closes https://linear.app/tryghost/issue/ENG-1617/
closes https://linear.app/tryghost/issue/ENG-1619/

- updated cookie authenticator's `authenticate` method to accept an `{identification, pasword, token}` object
  - if `token` is provided, hit our `PUT /session/verify/` endpoint passing through the token instead of hitting the `POST /session/` endpoint
- added `signin/verify` route
  - displays a 2fa code input field, including required attributes for macOS auto-fill from email/messages to work
  - uses `session.authenticate({token})` when submitted
- updated signin routine to detect token-required state
  - detects a `403` response with a `2FA_TOKEN_REQUIRED` code property when authenticating
  - if detected transitions to the `signin/verify` route
2024-10-21 11:01:40 +01:00
Paul Davis
a70e88b903 Add 2fa code email template 2024-10-21 11:01:40 +01:00
Sam Lord
8f7c81ac84 Added "verified" status to session
refs ENG-1622

Currently unused by the API, this session variable will be used to
confirm whether the user has authenticated their session with an email
OTP. The verified status is not removed on logout, so sessions are now
retained instead of being destroyed.
2024-10-21 11:01:40 +01:00
Kevin Ansfield
698e42433c Added staff2fa labs flag 2024-10-21 11:01:40 +01:00
renovate[bot]
17892c6a99 Update dependency i18next to v23.16.2 2024-10-21 00:58:33 +00:00
Steve Larson
d1db417495
Reduced apps package size (#21349)
ref 324211f
- this includes changes to improve package size

Package size was found to be bloated due to expanding i18n strings. We
were packing all i18n strings instead of just the ones relevant to the
package. Thanks to @cathysarisky for identifying this!
2024-10-20 13:47:15 +00:00
jubi-git
d122d9b2fa
🌐 Added Dutch (nl) locale for search.json (#21339)
no ref
2024-10-20 13:31:49 +00:00
Ghost CI
e42ed553dc v5.97.0 2024-10-18 15:05:19 +00:00
Kevin Ansfield
2fb88e65ca Fixed signin and signup button failure state hover colors
ref https://linear.app/tryghost/issue/ENG-1653

- we were always setting a `style="background-color: #123456"` attribute on the buttons but that didn't allow for different button states such as the red failure state to correctly override meaning there was some odd behaviour when hovering
- removed the fixed `style` attribute and adjusted `<GhTaskButton>`
  - added `@useAccentColor` prop
  - when `@useAccentColor` is true, add the necessary `style` attribute except when showing the failure state
2024-10-17 16:54:23 +01:00
Steve Larson
2e0293c99f
🐛 Fixed NQL filters for single letter slugs (#21340)
fixes https://github.com/TryGhost/Ghost/issues/20133
- includes fix to support single letter slugs
2024-10-17 15:35:26 +00:00
Aileen Booker
3eb6503849 Added migration for new settings keys 2024-10-17 05:51:38 -04:00
Chris Raible
0e10f500aa
Added target dependencies to test scripts in ghost/core (#21332)
no issue

- The `test:*` commands in `ghost/core` are all implicitly dependent on
the TS packages in the whole monorepo being built, but we hadn't
explicitly declared this dependency to NX.
- Now if you run `yarn nx run ghost:test:e2e` (or any other `test:*`
commands in ghost), NX will know that it needs to rebuild the TS
packages, unless they are cached and haven't changed.
- With this, you should be able to directly clone the repo and run `yarn
nx run ghost:test:e2e` to run e2e tests, without running `yarn dev` or
`yarn nx run-many -t build:ts` first.
- This is especially useful for getting tests to run properly in docker
2024-10-16 14:12:20 -07:00
Chris Raible
14d762ddc9
Added @tryghost/metrics-server to package.json (#21330)
no issue

- I apparently never added @tryghost/metrics-server as a dependency to
ghost/core/package.json. It worked in most cases as a 'phantom
dependency' — yarn installs all node_modules in a flat structure, so
even though it wasn't a dependency in package.json, it still resolved to
the correct package, as long as the typescript packages were all built
first.
- This passed CI because we explicitly run ts:build on all packages
before running tests, and it worked in production because we build the
TS packages as part of the docker build. However, when trying to run
tests locally, it would sometimes fail unless you explicitly ran nx
run-many -t build:ts at the top level before running the tests.
- Adding it as a dependency in package.json fixes this problem.
2024-10-16 12:38:54 -07:00
Steve Larson
63f25ece6d
Added unsubscribe_url to member api response (#21207)
ref https://linear.app/tryghost/issue/ONC-387/

With some recent changes, we added validation to unsubscribe URLs to verify the source, allowing us to cut down on spam and improving security, as the underlying key could be re-generated should the need arise. This had the side effect of making unsubscribe URLs difficult to reconstruct when using third-party/downstream integrations, such as ActiveCampaign, which fills a gap in the current Ghost feature set.

Now any authenticated query to `/api/members` will return an `unsubscribe_url` field that can be used directly.
2024-10-16 14:00:31 -05:00
renovate[bot]
a0600e3595 Update dependency terser to v5.36.0 2024-10-16 17:59:04 +00:00
Steve Larson
ea70631a29
Added created_at field to member fixtures for consistent sort (#21325)
no ref

When running tests, occasionally we'll see some varying sort in the
members api response because members are generally all created with the
same timestamp. While `ObjectId` should be progressive, and our defalut
sort is `ORDER BY created_at desc, id desc`, we still would sometimes
see issues. This ought to remove any flakiness.
2024-10-16 16:45:22 +00:00
Steve Larson
cf2b429436
Stubbed ghost core unit test errors (#21324)
no ref

Stubbed expected test errors. In general, we should be expecting these
errors in the tests as we write them as that is the expected behavior
(or that behavior should change).
2024-10-16 15:31:57 +00:00
Cathy Sarisky
73a39ead9a
Fixed members/signin_urls endpoint to take admin api key (#21284)
closes #16748 

The members/:member_id/signin_urls endpoint currently only does
cookie-based authentication. When #21249 is merged, turning on 2FA is
going to break any 3rd party processes that use it (including my social
sign-in offering).

This patch gives admin API keys 'read' permission on this endpoint, and
enables 3rd party processes to handle user logins the right way, instead
of via a staff member's email/password.

Migration included.  Feedback appreciated.

I have the wrong name on my migration. I can see it doesn't follow the
naming convention, but I'm not sure how the names are generated.

---------

Co-authored-by: Michael Barrett <mike182uk@gmail.com>
2024-10-16 14:30:36 +01:00
Daniel Lockyer
7fc4dfaac1 Reverted "Stripped moment from BaseSiteMapGenerator"
refs https://ghost.slack.com/archives/C02G9E68C/p1729083762579479

- this reverts commit 30220aa6ef.
2024-10-16 15:25:47 +02:00
Daniel Lockyer
1068f6ed13 Reverted "Stripped moment from data-manipulation.fixDatesWhenFetch"
refs https://ghost.slack.com/archives/C02G9E68C/p1729083762579479

- this reverts commit 96f6adecac.
2024-10-16 15:25:47 +02:00
renovate[bot]
7da234643e Update dependency terser to v5.35.0 2024-10-16 12:42:42 +00:00
Ghost CI
27e1a89e58 Merged v5.96.2 into main 2024-10-16 09:31:44 +00:00
Ghost CI
42fcd385a6 v5.96.2 2024-10-16 09:31:42 +00:00
Sag
00f70a445b 🐛 Fixed missing incoming recommendations (#21317)
ref https://linear.app/tryghost/issue/ONC-433

- due to a regression introduced in commit 871d21a, incoming
recommendations were not rendering in Admin Settings anymore, as they
were marked as deleted
- this commit updates the refresh logic of incoming recommendations on
boot: previously deleted incoming recommendations are refetched, and if
now available, restored
- when a recommendation is restored, we don't send a staff email
notification
2024-10-16 11:14:58 +02:00
Sag
cab655289f Revert "Fixed fetching and storing bookmark card icons and thumbnails" (#21316)
ref https://linear.app/tryghost/issue/ONC-433
ref https://linear.app/tryghost/issue/ENG-904

- the reverted commit (871d21acaf) caused
a regression for recommendations: incoming recommendations were marked
as deleted and did not render in Admin Settings anymore
2024-10-16 11:14:46 +02:00
Sag
6ee3d05da5
🐛 Fixed missing incoming recommendations (#21317)
ref https://linear.app/tryghost/issue/ONC-433

- due to a regression introduced in commit 871d21a, incoming
recommendations were not rendering in Admin Settings anymore, as they
were marked as deleted
- this commit updates the refresh logic of incoming recommendations on
boot: previously deleted incoming recommendations are refetched, and if
now available, restored
- when a recommendation is restored, we don't send a staff email
notification
2024-10-16 11:00:47 +02:00
Sag
a3b84e8cd1
Revert "Fixed fetching and storing bookmark card icons and thumbnails" (#21316)
ref https://linear.app/tryghost/issue/ONC-433
ref https://linear.app/tryghost/issue/ENG-904

- the reverted commit (871d21acaf) caused
a regression for recommendations: incoming recommendations were marked
as deleted and did not render in Admin Settings anymore
2024-10-16 08:42:35 +00:00
Daniel Lockyer
b3cf23ebd8 Optimized Bookshelf plugin sanitize.permittedOptions
- concat is too heavy of a function to call on the hotpath, so we can
  just replace it with a native spread, which is much faster
- this cuts ~1.5% from boot time for sites with a lot of posts
2024-10-16 10:38:25 +02:00
Gary Lai
d689484324
feat(i18n): add zh-Hant translation (#21140) 2024-10-16 09:26:38 +01:00
Cathy Sarisky
3a662007cd
🌐 New translations and bug fix on /month and /year (#21267)
No issue

Wrapped a missing /month and /year string. Should work with and without
trials now.

Added a few additional translations for Japanese and French.

Adjusted German - some strings were too long to fit in the layout.
Changed (the German equivalents of) "Start a X day free trial" to
"Select", because the German is just not going to fit on the button.
2024-10-16 09:23:10 +01:00
renovate[bot]
b70bb13fb4 Update sentry-javascript monorepo to v7.119.2 2024-10-15 15:57:58 +02:00
renovate[bot]
a8f9b45038 Update dependency @actions/core to v1.11.1 2024-10-15 14:54:31 +02:00
renovate[bot]
7dc0415439 Update sentry-javascript monorepo to v7.119.1 2024-10-15 14:37:04 +02:00
renovate[bot]
3027a0d3b4 Update nest monorepo to v10.4.4 2024-10-15 12:44:37 +02:00
Sag
d5aa77bb7f
🐛 Fixed missing 'duplicate a post' feature for editors (#21304)
ref https://linear.app/tryghost/issue/ENG-1647

- as per [staff user definitions](https://ghost.org/docs/staff), an
editor should be able to duplicate a post
- this feature was missing from the right-click menu on post/page lists
for editors
2024-10-15 12:19:56 +02:00
Daniël van der Winden
d7e36cb22a
Updated media query (#21303)
Fixes
https://linear.app/tryghost/issue/DES-317/adminx-members-list-header-column-overlaps-sidebar-in-mobile-viewport

Added a positioning and z-index change to the `thead` within the media
query to make sure it moved back behind the overlay.
2024-10-15 10:10:21 +00:00
Daniel Lockyer
8fd32f012b Lazyloaded jsdom dependency
- we can move this later into the code to prevent it from being eagerly
  loaded and taking up CPU time and memory
2024-10-15 11:27:22 +02:00
Daniel Lockyer
1c9e55cf7b Added metrics + monitoring to DatabaseStateManager
ref https://linear.app/tryghost/issue/DEV-32/remove-migratejs-script

- we want to switch to using this code path instead of our separate
  migrate.js script on Pro
- the main things we're missing are metrics + monitoring for when things
  go wrong, so this adds that to the DatabaseStateManager
- this allows us to eventually delete the script without losing
  functionality
2024-10-15 10:33:23 +02:00
Daniel Lockyer
bfdf2dd8bf Optimized loading dynamic redirects
- the code kept an array of IDs, and would check new entries against the
  values of this array
- this algorithm is O(n^2) and became quite slow when the site had a lot
  of redirects
- we can do away with this entirely, and just compute the keys of the
  redirects to get the IDs
- this speeds up loading redirects by 3x or so
2024-10-14 17:16:49 +02:00
Daniel Lockyer
6dd821bd41
Fixed setting minification ready state upon failure (#21294)
- this will prevent the `ready` variable from being set to true if there
is an error with minification, as we have not correctly generated the
assets yet
2024-10-14 14:09:50 +00:00
Daniel Lockyer
f1638b869c Added more exclusion fields from URL service config
- we don't need any of these fields to do URL service calculations, so
  we can exclude them from being fetched, which improves performance of
  URL service init
- ultimately, we should switch this to an include list to make this more
  explicit
2024-10-14 14:37:54 +02:00
Daniel Lockyer
96f6adecac Stripped moment from data-manipulation.fixDatesWhenFetch
- we don't need moment here and we can produce the same result in JS
  Date, which is a lot faster than moment
2024-10-14 14:37:54 +02:00
Daniel Lockyer
7bd70a3ab2 Deferred heavy permittedAttributes call unless needed
- this code is on the hotpath for the URL service and has shown to be
  slow for sites with a lot of posts
- this is due to the overhead of the lodash functions we use here
- we can take advantage of how JS executes if-statements and move the
  variable into the if-statement, which lazy evaluates it (for the URL
  service, this branch is not hit, so it's a big win)
- this cuts about 2% from CPU time
2024-10-14 14:37:54 +02:00
Daniel Lockyer
dd68fca968 Replaced lodash.{pick,union} with native JS
- this code is a hotpath for the URL service and has shown to be slow
  for sites with a lot of posts
- this is because of the overhead of lodash
- we can just do away with lodash and use native JS, which has
  a negligible performance cost
- this cuts about 5% CPU time during boot of large sites
2024-10-14 14:37:54 +02:00
Daniel Lockyer
30220aa6ef Stripped moment from BaseSiteMapGenerator
- moment calls are unbelievably heavy and we should do away with it
  where possible
- this code doesn't need moment and we can just use native JS Date here
- this saves about 5% CPU time when booting sites with a lot of posts
2024-10-14 14:37:54 +02:00
Daniel Lockyer
b376585c64 Optimized Resources constructor
- this code has shown to be chronically slow, due to the `Object.assign`
- we don't really need this, as we can just use a normal assign in this
  case
- this cuts 15% CPU from boot time for sites with a lot of resources
  (posts)
2024-10-14 14:37:54 +02:00
Daniel Lockyer
90fbbe135f Deferred URL generation until after filter
- it turns out we it the false case of this if-statement quite a lot,
  and _generateUrl is heavy enough that we should try and do it less
- by moving it into the if-statement, we cut 4% CPU time from boot on
  heavy sites
2024-10-14 14:37:54 +02:00
Daniel Lockyer
70eb96f33a Replaced lodash.each with native JS in raw_knex
- lodash adds non-negligible runtime to this loop, so we can just
  replace it with native JS and cut 3% CPU time from boot for sites
  with a large number of posts
2024-10-14 14:37:54 +02:00
Daniel Lockyer
b0cf15cb94 Refactored Resources._fetch to async-await
- aids with readability
2024-10-14 14:37:54 +02:00
Daniel Lockyer
df76883378 Optimized date + boolean deserialization code
- we have to deserialize the values from the DB to turn them into moment + boolean values
- the use of lodash adds unnecessary overhead to the function, and writing it in native JS
  is a low faster
- also fixes the naming of the functions to make it clearer in flamegraphs
2024-10-14 14:37:54 +02:00
renovate[bot]
a2afc0af75 Update dependency i18next to v23.16.0 2024-10-14 00:24:58 +00:00
renovate[bot]
346f41991f Update dependency yjs to v13.6.20 2024-10-14 00:24:37 +00:00
Ghost CI
b7409ff3d2 v5.96.1 2024-10-11 15:05:17 +00:00
Kevin Ansfield
54a7f70a3c Removed lodash usage from config helpers
no issue

- config helpers are required early during boot and it requiring lodash added some unnecessary require+compile time
- switched to using an inlined escapeRegExp function in place of requiring lodash
2024-10-10 17:44:24 +01:00
Kevin Ansfield
8d4d6b6516 Removed lodash usage from config utils
no issue

- config utils are required early during boot and it requiring lodash added some unnecessary require+compile time
- switched to using native JS for the few lodash methods we used
2024-10-10 17:26:19 +01:00
Kevin Ansfield
e97717a0cc Added flag to skip gscan checks during boot
no issue

- bumped gscan version to provide `skipChecks` flag to `check` function
- added `optimization:themes:skipBootChecks` config flag defaulting to `false` to maintain current behaviour
  - updated theme service initialization to use `skipChecks: true` when the config flag is set
  - we only want to skip the checks during boot in specific cases to improve performance, they are still useful for general development and any production use-cases where themes get edited directly on the server
- updated our theme validate module to accept and pass through `skipChecks` option
- switched the `isZip` positional argument of `validate.check()` to an options object property to make usage cleaner
2024-10-10 16:27:43 +01:00
Daniel Lockyer
ab4c67f2d2 Lazyloaded cheerio dependency
- this moves cheerio to be lazyloaded
- given there are many uses of cheerio in this file, I've just made a
  helper function to DRY up the code
2024-10-10 14:55:39 +01:00
Daniel Lockyer
b092929bba Lazy-minified assets at first request
- right now, we minify the assets on boot. This is wasteful because they're not even needed
- this commit implements a change which lazy-minifies these assets and
  allows for cache invalidation when the theme changes
- it also introduces some middleware that each asset calls to ensure
  that the assets are minified before serving
2024-10-10 14:36:28 +01:00
Daniel Lockyer
0862989b2e Lazyloaded dependencies
- these dependencies do not need to be eagerly loaded so we can move
  them down to where they are used
2024-10-10 13:38:56 +01:00
Daniel Lockyer
c07a884f23 Remove usage of fs-extra
- we don't need to use fs-extra here when we can use the native fs lib
2024-10-10 13:38:56 +01:00
Daniel Lockyer
e1da082329 Removed Sentry span creation from get helper
- this didn't really end up being useful and it just forces us to
  require the `@sentry/node` dependency, so we can remove it
2024-10-10 13:38:56 +01:00
Daniël van der Winden
2a5ba1c13c
Added hover states for Resource boxes (#21276)
On Post Analytics, and on the Dashboard, the resource boxes did not have
a hover state, making them look very static. They now have a hover
state.
2024-10-10 10:24:06 +00:00
Djordje Vlaisavljevic
598ce03186 Allowed search results to span multiple lines
ref https://linear.app/tryghost/issue/DES-832/admin-search-results-that-span-multiple-lines-get-cut-off
2024-10-10 11:07:48 +01:00
Djordje Vlaisavljevic
29dd2bca8d Fixed alignment of icon and text in admin search
ref https://linear.app/tryghost/issue/DES-806/fix-alignment-of-search-input-field
2024-10-10 11:07:48 +01:00
Djordje Vlaisavljevic
3c3b001df2 Made newsletter preference toggles more compact on Member details screen
ref https://linear.app/tryghost/issue/DES-818/toggles-are-huge-lets-make-them-more-elegant

- They were too big and stood out too much on this screen, the `xs` variant fits better
2024-10-10 10:55:10 +01:00
Djordje Vlaisavljevic
bce8687004
Added nicer apostrophes (#21271)
ref https://linear.app/tryghost/issue/DES-814/replace-dumb-quotes-with-smart-quotes-in-admin

- Replaced “dumb” apostrophes with “smart” (or “curly”) apostrophes, see
http://quotesandaccents.com/
2024-10-10 10:11:19 +01:00
Kevin Ansfield
2036747bef Standardised mobiledocLib renderer access
no issue

- avoid accessing `mobiledocLib.mobiledocHtmlRenderer` directly to access the `render()` method in favor of using `mobiledocLib.render()` instead
- standardising on this pattern should help avoid accidentally requiring the full library before we have a need to render
2024-10-09 17:26:05 +01:00
Kevin Ansfield
e136ecb09f Removed init of mobiledoc html renderer on boot
no issue

- the lazy-loading `mobiledocHtmlRenderer` getter was being accessed by the email renderer that gets initialized during boot
- switched the pattern to match our lexical lib where we have a `render()` method that doesn't load the renderer until it's actually needed
2024-10-09 17:26:05 +01:00
Daniel Lockyer
67278d91a1 Lazyloaded cheerio dependency
- we can move this lower in the code so it's not eagerly loaded when
  it's not needed
2024-10-09 17:03:04 +01:00
Daniel Lockyer
de5dcb8189 Fixed treeshaking and require size for date-fns
- we don't need to require the entire package and this costs 5% of our
  boot time
- this commit bumps NQL to the latest version, which fixes the requires
  to help with treeshaking and loading less code
2024-10-09 17:03:04 +01:00
Daniel Lockyer
8478a753a9 Refactored assets minification to DRY up implementation
- this moves common logic to a class that all the assets services
  extend
- this allows us to DRY up the implementation to make changes easier
2024-10-09 15:18:33 +01:00
Daniel Lockyer
5dedfbe82e Lazyloaded dependencies
- these dependencies do not need to be eagerly loaded so we can move
  them to the block of code where they are needed
2024-10-09 14:30:32 +01:00
renovate[bot]
1877419939 Update dependency express-session to v1.18.1 2024-10-08 21:05:01 +00:00
renovate[bot]
62d7b7ea52 Update dependency express to v4.21.1 2024-10-08 21:53:17 +01:00
Daniel Lockyer
b49210f4dd Removed duplicate calls to moment()
- the return type of `getLastModifiedForDatum` is a moment object, and
  we're just wrapping it again in another moment call
- moment is very heavy so we shouldn't do it unnecessarily
- this makes boot time 1% quicker of heavy sites
2024-10-08 17:22:50 +01:00
sateshcharan
638e7d8d1a
Added Indian-Tamil translations (#21239)
no issue

--
Co-authored-by: Cathy Sarisky <42299862+cathysarisky@users.noreply.github.com>
2024-10-08 14:39:32 +00:00
Daniel Lockyer
e5d8294f71 Delayed ember-template-lint warnings
- these have started flagging up again but we don't currently want to
  fix them, so I've regenerated the file to fix linting
2024-10-08 14:34:11 +01:00
Daniel Lockyer
8aa34fcf38 ️ Improved performance of several checks in GScan
ref f57ab075c6

- this commit bumps the GScan version in Ghost to include a commit that
  implements partial caching
2024-10-08 14:34:11 +01:00
renovate[bot]
084022a30d Update dependency html-validate to v8.24.1 2024-10-07 15:13:31 +02:00
Fernando Ochoa
3244cb2e22
Updated Spanish translations in portal.json (#21231)
no issue
2024-10-07 12:07:53 +00:00
Duy
4288232bdb
🌐 Updated Vietnamese translation (#21230)
no issue

- improved Vietnamese translations
- improved i18n support for Portal error messages
(cf. https://github.com/TryGhost/Ghost/pull/21190)
2024-10-07 12:56:01 +02:00
Alexandre "Lekler" Rodrigues
b7e4052af3
🌐 Updated pt-BR translations of portal.json (#21244)
no issue

- Following commit #21190, the following updates were made:
    - **Filled missing translations and made style corrections to existing
translations to improve clarity and consistency.**
    - Total new translations added: 29 entries filled.
    - Existing translations improved: 7 entries updated for better
consistency and clarity.
2024-10-07 12:48:03 +02:00
Fernando Ochoa
66fb7fcb80
Updated Spanish translations
no issue
2024-10-07 12:44:06 +02:00
Fernando Ochoa
1580bfc67f
🌐 Updated Spanish translations (#21232)
no issue

- Fixed syntax error from "Comenzar" to "Empezar", in the context given it
is "Empezar", both are synonyms, but it depends on the use of the whole
sentence
2024-10-07 08:50:25 +00:00
Volodymyr Lavrynovych
5af07a193d
🌐 Added new Ukrainian translations and improved existing ones (#21235)
no issue
2024-10-07 10:41:45 +02:00
renovate[bot]
e65283f049 Update dependency i18next to v23.15.2 2024-10-07 00:52:05 +00:00
Shah Newaj
44eeed2472
🌐 Added locale for Bengali Language (bn) (#20432)
no ref
- Only modified signup form for now
- Soon the other files will be translated

Added Bengali (bn) Locale.
2024-10-04 17:30:04 +00:00
Duy
6dec2b0c08
🌐 Updated Vietnamese translation (#21227)
no ref

Re-translate the correct words in Vietnamese and adapted new commits:

*Improved comments UI styles (#20957)
*Updated comment report modal (#21084)
2024-10-04 17:19:56 +00:00
Raka Afp
5944d83de2
🌐 Added Bahasa Indonesia translation for Portal error messages (#21224)
no ref
2024-10-04 17:10:09 +00:00
Jannis Fedoruk-Betschki
8d0f168562
🌐 Added new German translations to Portal (#21223)
no ref
2024-10-04 16:57:46 +00:00
Peter Jidamva
531793535d
🌐 Added Swahili language translations (#20485)
no ref

Added Locale for Swahili Language🎊!

This pull request adds support for the Swahili language locale to our
project. As a fluent Swahili speaker (Swahili is my native language) and
i am from Tanzania, I have ensured that all translations are accurate
and culturally appropriate.

Changes
-Added sw locale files for Swahili
-Included translations for all the json files for comments.json ,
ghost.json , portal.json ,signup-form.json

Why
Swahili is a widely spoken language in East Africa, with over 80 million
native speakers and an estimated 200 million speakers in total. Adding
Swahili support will make our project more accessible to this large and
growing user base

---------

Co-authored-by: Steve Larson <9larsons@gmail.com>
2024-10-04 16:21:22 +00:00
Bobve
990aca3bf8
🌐 Added a few missing strings for Croatian i18n (#20449)
no ref

- Added some translations for Croatian
- Provided to me by a customer of ours
- added this for them as they mentioned they were struggling with
Github.
2024-10-04 16:03:43 +00:00
Ghost CI
5f32c8e89d v5.96.0 2024-10-04 15:05:25 +00:00
Steve Larson
2157cbfc20
🌐 Updated packages for improved i18n support (#21218)
no ref

We've shipped quite a few updates to our i18n package these past couple
weeks and are due for an update to the consuming packages. Special
thanks to our community contributors for the translations, and in
particular to @cathysarisky for their continued effort!
2024-10-03 22:27:16 +00:00
Cathy Sarisky
cf63094e13
🌐 Updated Hindi translations (#21208)
no ref

Hindi translations - original PR from meSingh, thank you! #20631
2024-10-03 21:01:39 +00:00
Cathy Sarisky
69a283b229
🌐 Added Urdu translations (#21209)
no issue

A re-submission of @siddiqss 's work on translating Urdu.  
#18508

---------

Co-authored-by: Steve Larson <9larsons@gmail.com>
2024-10-03 20:43:32 +00:00
renovate[bot]
83e9eb1345
Pin dependency parse-prometheus-text-format to 1.1.1 (#21211)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[parse-prometheus-text-format](https://redirect.github.com/yunyu/parse-prometheus-text-format)
| devDependencies | pin | [`^1.1.1` ->
`1.1.1`](https://renovatebot.com/diffs/npm/parse-prometheus-text-format/1.1.1/1.1.1)
|

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: Branch creation - "every weekday" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/TryGhost/Ghost).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC45Ny4wIiwidXBkYXRlZEluVmVyIjoiMzguOTcuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-03 19:16:42 +00:00
Chris Raible
768336efad
Added a prometheus metrics exporter to Ghost (#21193)
ref
https://linear.app/tryghost/issue/ENG-1505/add-prometheus-metrics-server-to-allow-monitoring-ghost-metrics

# Summary
This commit includes two main components: a prometheus client class to
collect metrics from Ghost, and a standalone metrics server that exposes
a /metrics endpoint at a separate port (9416 by default) from the main
Ghost app.

The prometheus client is a very thin wrapper around
[prom-client](https://github.com/siimon/prom-client). We could use
prom-client directly, but this approach should make it easier to switch
to a different prometheus client package (or make our own) if we ever
need to down the line.

The list of default metrics this enables is specified in an e2e test
[here](https://github.com/TryGhost/Ghost/pull/21192/files#diff-ebc52236be2cd14b40be89220ae961f48d3f837693f7d1da76db292348915941R66-R92).
This also gives us the ability to create and collect custom metrics,
although none are included in this commit yet.

# Configuration
The prometheus client and the metrics server are both disabled by
default, but can be enabled by setting the metrics_server:enabled flag
to true.

You can also define a custom host and port using `metrics_server:host`
and `metrics_server:port`.

## Why not expose the /metrics endpoint in one of the existing express
apps?
The standalone express app exists for two main reasons:

1. We don't want these metrics to be public, and the easiest way to
accomplish that is to expose the /metrics endpoint at a different port
that won't be exposed to the internet.

2. Creating a standalone express instance decouples the metrics endpoint
from the Ghost server, so if Ghost is not responding for whatever
reason, we should still be able to scrape metrics to understand what's
going on internally.


## Impact on Boot & Shut down time
The prometheus client is initialized early in the boot process so we can
collect metrics during the boot sequence. Testing locally has shown that
this increases boot time by ~20ms. The metrics server which exposes the
/metrics endpoint is not initialized until after the background
services, and it is not awaited, to avoid impacting boot time. None of
this code, including the requires, will run if the
metrics_server:enabled flag is set to false (or not set).

Shutting down the metrics server is added as a cleanup task for the main
Ghost server instance, and is setup to shut down with 0 grace period to
avoid impacting shut down time.
2024-10-03 11:34:25 -07:00
Steve Larson
135772620d
Updated Norwegian i18n string order (#21210)
no ref

This was causing i18n test failures because the string was being reordered (updated) to be fully alphabetical.
2024-10-03 17:48:16 +00:00
Chris Raible
52ac218867
Fixed flaky publishing browser tests (#20935)
no issue

- These two tests were relying on the ordering of the posts in the posts
list, which can vary when running the test suite all together (as we do
in CI), since multiple tests can be running and creating/deleting posts
in parallel.
- This commit navigates directly to the post's URL to avoid this
problem.
2024-10-03 10:06:28 -07:00
matsbst
b125a25dfc
🌐 Updated Norwegian translations (#20917)
no ref

Fixed typos and improved some translations with correct wording
2024-10-03 15:27:21 +00:00
ayangizzat
b9063c9e82
🌐 Added Kazakh locale for Portal (#20698)
no ref
2024-10-03 15:22:07 +00:00
renovate[bot]
0bbb29fbf8 Update dependency sanitize-html to v2.13.1 2024-10-03 14:42:44 +00:00
Cathy Sarisky
1196688b0e
🌐 Improved i18n support for Portal error messages (#21190)
no ref

Expose (some) Portal error strings for translations

💩This is a somewhat hacky (but test-passing and individual inspection
passing) solution to the way Portal handles errors. Or rather, the
half-dozen ways Portal handles errors.

Passing 't' around with context and state, and occasionally recreating
it from the site object. Yes, I am also somewhat horrified, but a better
implementation will need a major rewrite of Portal.

Addresses errors in both the popover React app and in the
data-attributes.

There are probably more. Since Portal exposes raw API responses in some
places, it's hard to enumerate everything that /might/ end up being
client-facing, but at least I've gotten the ones that I've commonly
seen.

Improvements very welcome.
2024-10-03 13:35:23 +00:00
Kevin Ansfield
d65f07e4fd Extracted basic request/response tests in e2e comments test file
no issue

- removes some repetition making tests more compact and easier to read
2024-10-03 11:04:40 +01:00
Kevin Ansfield
a2d44c8778 Refactored members-comments e2e test
no issue

Initial pass at refactoring the tests and making each independent so they aren't relying on data from previous tests.

- DRYed up some repeated API requests by extracting `testPostComment()`, `testGetComments()`, and `assertAuthorEmailSent()`
- removed data inter-dependency across tests
  - truncated the tables under test before each test is run
  - added suite of db fns to populate the database without having to do so via API requests
  - updated all tests to include their own data setup calls rather than relying on fixtures and modifications from earlier tests
2024-10-03 10:07:46 +01:00
Steve Larson
c26aacacf5
Fixed Date.now() use in email analytics unit tests (#21188)
no ref

We had an instance where this was a ms off and I should've used mock
timers when I first wrote this. This should prevent any rare clock
mishaps.
2024-10-02 17:54:48 +00:00
Raka Afp
851ec7eb0b
🌐 Added Bahasa Indonesia translation for search & portal (#21179)
no ref

Translated/updated all relevant strings in the search & portal feature
to Bahasa Indonesia.

---------

Co-authored-by: Cathy Sarisky <42299862+cathysarisky@users.noreply.github.com>
2024-10-02 12:36:34 -05:00
Hannah Wolfe
4b1ce62ca9
Fix origin attribution in Tinybird analytics hits (#21187)
closes 
https://linear.app/tryghost/issue/ANAL-96/data-discrepancy-between-charts-when-filtering

- Atttribute the referral of the first hits to the whole session in `analytics_sources_mv`, while keeping the raw hits in `analytics_hits`
- Updated tests accordingly
- This is a rebased / reordered version of https://github.com/TryGhost/Ghost/pull/21166

Co-authored-by: alejandromav <hi@alejandromav.com>
Co-authored-by: Alejandro Martin <alejandromav@tinybird.co>
2024-10-02 17:27:43 +01:00
Hannah Wolfe
f082ba68e0 Added tinybird tests for filtering
ref https://linear.app/tryghost/issue/ANAL-96/data-discrepancy-between-charts-when-filtering

- This adds a set of tests to describe what the data should look like when we filter on various values
- We have tests for source and browser which are pulled from different MVs
- The result files are generated using ./scripts/gen_test_results.sh, and then manually verified
- We know they are not yet fully correct
2024-10-02 17:04:24 +01:00
Hannah Wolfe
60443726c9 Fixed tinybird test fixture data
ref https://linear.app/tryghost/issue/ANAL-96/data-discrepancy-between-charts-when-filtering

- This fixes the test data so that the session first hit and subsequent hits are in chronological order
- It also makes sure there isn't more than 30 minutes between hits, as our tracking script is only designed to keep sessions alive for 30 minutes so the data wasn't realistic
- NOTE: This data was generated by a script https://gist.github.com/ErisDS/25bb36f38d4c5a3f01d86f34ea5be707 - which didn't take these things into account

Co-authored-by: alejandromav <hi@alejandromav.com>
2024-10-02 17:04:24 +01:00
Hannah Wolfe
bce5d9d588
Updated tinybird tooling with usability improvements (#21185)
- Added yarn command to update TB CLI, as that needs doing frequently and I can never remember the command
- Improved safety & usability of tinybird test script by ensuring branches are correctly created before running & adding optional delete
- Updated tinybird test to warn only for sanity check as that's not always a valid check (Will prob remove soon)
- Improved output of tinybird test script on failure, so that the diff is readable and closer to what git shows you
- Added tool to convert tinybird ndjson to csv to make it easier to bring the data into google sheets for verifying numbers
2024-10-02 15:28:39 +01:00
Kevin Ansfield
bb48d3623a Increased feature image alt text length to 191 chars
no issue

- removed the 125 char soft limit so the full 191 char db field length can be used
2024-10-02 10:22:17 +01:00
renovate[bot]
9a93a5cfc6 Pin dependency i18n-iso-countries to 7.12.0 2024-10-02 07:28:28 +00:00
Peter Zimon
7cb8cbdf7a
Showing country names instead of codes in Stats (#21172)
[ANAL-53](https://linear.app/tryghost/issue/ANAL-53/10-stats-page-engineering-stuff)

- So far only country codes were displayed instead of human readable country names in the Stats page
2024-10-02 09:17:06 +02:00
Chris Raible
bf7320cfb7
Fixed test that left an instance of ghost running (#21178)
no issue

- This test file starts a Ghost server, but doesn't close it, which can
cause other tests to fail when they try to start an instance of Ghost,
with an `EADDRINUSE` error.
- This change closes the server in the `after` hook
2024-10-01 17:22:48 -07:00
Leif Singer
6965254b3f
🌐 Added German translations for search (#21163)
no ref

This PR adds the translations for `search.js`. It's a bit opinionated in
that ...
- it uses the Anglicism "Posts" to ... "translate" ... "Posts" 😆;
- it uses an asterisk to make sure we address all genders when
translating "authors".

Happy to discuss. ☺️
2024-10-01 21:55:42 +00:00
Cathy Sarisky
6501f1d41b
🌐 Added Kazakh locale and translations (#21174)
no ref

This is a merge & tidy up of [[ayangizzat](https://github.com/ayangizzat)] 's original (https://github.com/TryGhost/Ghost/pull/20698), which was missing the changes to locale, causing folders & files not to generate correctly. All credit goes to @ayangizzat , and thank you for your work!

Kazakh-speaking help still needed for search.json, which is untranslated, and the addition of a few other new strings, and refinements anywhere needed. Please add comments if not yet merged, or open a new PR if already merged.

---------

Co-authored-by: ayangizzt
2024-10-01 21:45:03 +00:00
Cathy Sarisky
b9547cc120
Improved i18n tests to include commits with missing i18n.js entries (#21175)
no ref

We've had several PRs for new locales that forgot to update i18n.js,
which causes them not to get regenerated by yarn translate. This PR
checks for that error, and also the reverse one where they update i18n
but we're missing folders. (Never expected to error, because 'yarn test'
is defined to include 'yarn translate', which generates the folders.)
2024-10-01 15:04:21 -05:00
Kevin Ansfield
3bbe8c8c7a
Fixed bugs in post's change-access context menu flow (#21173)
ref 86d61304b1
ref https://linear.app/tryghost/issue/ONC-323

- added `tracked()` to our proxy model object properties
  - fixes default data always showing when opening the modal
- fixed data push after completing modal
- `post.tiers` is set up as an attribute in Admin rather than a relationship
- fixes incorrect tiers list showing when the change access modal is opened again after changing access before the post is re-fetched from the API
- fixed flash of failure button state when saving modal changes
- expanded tests to cover tiers selection
2024-10-01 17:16:23 +00:00
Peter Zimon
8aaac5abe1
Stats page design fixes (#21171)
[ANAL-95](https://linear.app/tryghost/issue/ANAL-95/internal-beta-qa)

Various design refinements and fixes for the Stats page:
- Updated scroll area in detail modals so that the Close button and the footer is never outside the viewport
- The detail modal didn't close after clicking on the filter values
- "Show all" button was displayed also when there were no new items in the detail modal
- Dropdown styles needed a visual update: the toggles were way too huge and inconsistent with other dropdowns
- If no audience was selected we still showed stats. Now it's displaying the default empty screen in this case
- Click through filter indicators had low discoverability
- Technical data styles needed some love: changed the alignment and color scheme
- Mobile size viewports were not handled
- The google favicon API returned 404 many times for sources. Swapped the service for another one that returns favicons more reliably
- Default favicon was not handled. Now it comes from static.ghost.org
2024-10-01 17:51:55 +02:00
Cathy Sarisky
d8c4dfef99
Added content_api_key helper (#21151)
no ref

This very small helper adds {{content_api_key}} to the collection of handlebars helpers available to theme creators. This will make it easier for themes to access the content API key, without either requiring the user to get it from the integrations page and input it on the theme setting page or resorting to JavaScript to read it from one of the built-in script tag attributes -- both ugly workarounds.
2024-10-01 09:13:57 -05:00
Kevin Ansfield
86d61304b1 🐛 Fixed errors creating new posts after a post access change via context menu
ref https://linear.app/tryghost/issue/ONC-323

After changing a post's access via the posts list context menu, creating new posts or members would not work correctly.

- the issue stemmed from `this.post.set('currentState.parentState.isNew', false);` that was called when changing a post's access level, after that all Ember Data models created from the store would have `isNew: false` causing Ember Data to attempt a PUT request to update the not-yet-created model rather than a POST request to create it
- we were only using a real post model instance in order to run validations against the post access level settings but we can do that just as easily by creating a new object and injecting our validation mixin
2024-10-01 15:10:59 +01:00
Leif Singer
4679bbb10b
🌐 Added and adjusted various German translations in portal.json (#21165)
no ref

This PR adds and adjusts various German translations in `portal.json`.
I'm a native speaker and have made adjustments to the best of my
knowledge. As in #21163, the gender variations are a bit opinionated and
I'm happy to discuss.
2024-10-01 08:48:05 -05:00
Leif Singer
44bfb8a17a
🌐🐛 Fixed German translation for "Sign up" in comments (#21162)
fixes #21104 

This PR corrects a single translation. The German translations for "sign
up" and "sign in" _can_ both be "anmelden", but are confusing when used
together. So here we're switch to "register now" and "sign in" to make
the distinction clearer. IMHO even in English "register now" and "sign
in" might be a better (more distinguishable) combination, but it's much
harsher in German.
2024-10-01 00:24:55 +00:00
Volodymyr Lavrynovych
80794486a9
🌐 Added Ukrainian translations (#20709)
no ref

---------

Co-authored-by: Steve Larson <9larsons@gmail.com>
2024-09-30 11:36:00 -05:00
ココロ
647e675ff5
🌐 Updated Chinese translations (#21154)
-translation for zh portal and search

---------

Co-authored-by: Steve Larson <9larsons@gmail.com>
2024-09-30 11:35:05 -05:00
Alexandre "Lekler" Rodrigues
5381530b21
🌐 Updated Portal pt-BR translations (#21076)
no ref

Filled in 6 missing translations and made style corrections to existing translations to improve clarity and consistency.
2024-09-30 11:19:02 -05:00
Fernando Ochoa Olivares
0756000766
🐛🌐 Fixed capitalization in Spanish sign-up string (#20711)
no ref

When beginning a sentence with exclamation in Spanish first letter needs
to be uppercase.
2024-09-30 11:15:05 -05:00
Cathy Sarisky
27d4f643b5
🐛🌐 Fixed missing Greek strings (#21137)
no ref 

This PR restores a few strings that were renamed during the time the
Greek strings were not being correctly processed.

---------

Co-authored-by: Vikas Potluri <vikaspotluri123.github@gmail.com>
2024-09-30 11:13:25 -05:00
Cuong Thach
e9cff37283
🌐 Added Vietnamese translation for search (#21149)
no ref
- also added a few missing Portal strings
2024-09-30 11:12:27 -05:00
Kevin Ansfield
c0bc17fb72 Added beforeunload debug log to editor
ref https://linear.app/tryghost/issue/ONC-323

- we're sometimes seeing our force-refresh failing when Ember Data gets into a bad state but we're not sure why so this log should tell us if it's the browser's native "leave site" modal that is preventing the refresh
- updated the `onbeforeunload` event handler to match modern JS approach
  - modern browsers use `event.preventDefault()` to show their dialog
  - older browsers use `event.returnValue = true` (this is what our old string return was triggering)
  - no browser supports a custom message in the native dialog
2024-09-30 16:58:54 +01:00
renovate[bot]
06c54f2472 Update dependency terser to v5.34.1 2024-09-30 08:54:20 +00:00
renovate[bot]
d9a18a77a9 Update dependency webpack to v5.95.0 2024-09-30 08:52:06 +00:00
Ghost CI
de82b6be61 v5.95.0 2024-09-27 15:05:25 +00:00
Ghost CI
b572c565b2 🎨 Updated Casper to v5.7.5 2024-09-27 15:05:25 +00:00
Hannah Wolfe
7ebb208549 Fixed browser/device missing data in tinybird
ref https://linear.app/tryghost/issue/ANAL-96/data-discrepancy-between-charts-when-filtering

- The top browser and device endpoints were pulling from the sources MV, that is filtered to not have same-source traffic
2024-09-27 14:30:42 +01:00
Hannah Wolfe
606fcbabe7 Added a set of tests for our tinybird setup
- TODO: make these run in CI
- Right now you run them by running `yarn tb` and then `./script/branch_and_test.sh`
- These are snapshot tests that check we get the desired result

Co-authored-by: alejandromav <hi@alejandromav.com>
2024-09-27 14:30:42 +01:00
Hannah Wolfe
e3268c8c59 Renamed hits to pageviews in tinybird
closes https://linear.app/tryghost/issue/ANAL-111/rename-hits-to-pageviews-inside-of-tinybird

- We currently have two concepts: visits (unique visits) and pageviews (also called hits)
- We want to standardise on this terminology, so inside tinybird, we're going to call hit "pageviews" to make it super clear what's happening
2024-09-27 14:30:42 +01:00
Cathy Sarisky
43b57aa53c
🐛🌐 Added missing locales to i18n.js (#21144)
- Apparently several PRs for new languages were merged without the
corresponding additions to i18n.js, which has caused new strings not to
be generated for those languages, and missing translations in the
frontend, even though we had them in the .json file.

- I've added language codes for all languages that had at least some
strings translated in i18n/locales, and have run yarn translate to
create missing strings and files for these languages.

New language codes for:
* Arabic
* Swiss German
* Greek
* Estonian
* Macedonian
* Serbian (Cyrillic)
* Thai
2024-09-27 14:07:51 +01:00