Commit Graph

1064 Commits

Author SHA1 Message Date
Renovate Bot
92c85f1485 Update dependency mocha to v7 2020-03-03 08:35:39 +00:00
Renovate Bot
095ed2a892 Update dependency uuid to v7 2020-03-03 08:32:58 +00:00
Renovate Bot
c9af8844ba Update dependency @sentry/node to v5.13.1 2020-03-02 08:16:11 +00:00
Renovate Bot
394305ad0c Update dependency amperize to v0.6.1 2020-03-02 02:20:01 +00:00
Renovate Bot
35b9511c3e Update dependency @sentry/node to v5.12.5 2020-03-02 01:20:52 +00:00
Kevin Ansfield
8218f490cd Added capture of geolocation during member signup/signin
no issue

- updated `@tryghost/members-api` which now includes geolocation lookup from IP address during member signup and signin when geolocation data doesn't already exist
2020-02-27 10:46:37 +00:00
Naz
3af621ea9a
Added handling allowing members to edit their billing info (#11571)
no issue

- This functionality allows member to update their billing information, like credit card information.
- Adds handler to update Stripe billing when element with `data-members-edit-billing` attribute is present on the page. Additional `data-members-success` and `data-members-cancel` attributes could be used to control the redirects on billing update success or failure. They work in the same fission as for 'members-plan' (https://ghost.org/docs/members/checkout-buttons/#redirects)
2020-02-26 12:42:41 +08:00
Daniel Lockyer
119c5359ec Updated test dependencies
no issue
2020-02-24 19:16:38 +00:00
Daniel Lockyer
474f0a2184 Updated semver dependency
no issue

- required code change for new API
2020-02-24 18:01:53 +00:00
Renovate Bot
c3125dd19f Update dependency sanitize-html to v1.22.0 2020-02-24 12:49:37 +00:00
Renovate Bot
fc0042087d Update dependency ajv to v6.12.0 2020-02-24 12:45:22 +00:00
Daniel Lockyer
38c10e3585 Updated dependencies
no issue

- now Node v8 has been dropped, several dependencies can be updated
2020-02-24 12:25:11 +00:00
Renovate Bot
d144d0015f Update dependency @sentry/node to v5.12.4 2020-02-24 01:19:46 +00:00
Daniel Lockyer
b2940692e2 Removed unused cpy-cli dependency
no issue
2020-02-20 13:36:42 +00:00
Renovate Bot
32e706991c Update dependency mysql to v2.18.1 2020-02-19 14:06:17 +00:00
Daniel Lockyer
e8dd42d040 Revert "Update dependency grunt-mocha-cli to v5"
This reverts commit 7e5490aab4.
2020-02-19 09:46:09 +00:00
Renovate Bot
7e5490aab4 Update dependency grunt-mocha-cli to v5 2020-02-18 21:24:11 +00:00
Renovate Bot
4cfdd33347 Update dependency sanitize-html to v1.21.1 2020-02-18 20:59:52 +00:00
Renovate Bot
9519e4be6b Update dependency uuid to v3.4.0 2020-02-18 20:26:15 +00:00
Renovate Bot
e173d08663 Update dependency chalk to v3 2020-02-18 20:01:21 +00:00
Renovate Bot
f2c050a105 Update dependency ajv to v6.11.0 2020-02-18 19:01:19 +00:00
Nazar Gargol
8def4fb402 Bumped @tryghost/members-api to 0.15.1
no issue

- This bump removed limitation to cancel/renew "Complimentary" plan subscription
2020-02-17 16:31:23 +08:00
Renovate Bot
63b6bb58ad Update dependency @tryghost/vhost-middleware to v1.0.1 2020-02-17 01:18:44 +00:00
Rishabh Garg
001db05075
Added labels for Members (#11538)
no issue

* Updated sendEmailWithMagicLink syntax

* Updated label name selection from theme

* Updated migration version for labels

* Added labels to export/import of members

* Added member labels sanitization for case-insensitive duplicates

* Fixed tests

* Fixed label serialization bug on import

* Bumped @tryghost/members-api to 0.15.0

* Fixed lint

* Cleanup
2020-02-14 15:03:10 +05:30
Nazar Gargol
995788f5a2 Bumped @tryghost/members-api to 0.14.2
d8acfba44a

- The bump is needed to handle plan nickname fallback with an actual value instead of empty string
2020-02-11 14:11:06 +08:00
Renovate Bot
d64efff9db Update dependency @sentry/node to v5.12.3 2020-02-10 18:02:47 +00:00
Daniel Lockyer
67f856c572 Update gscan dependency to 3.3.1
no issue
2020-02-10 12:38:55 +00:00
Nazar Gargol
27d2c2fb3a Bumped @tryghost/members-api to 0.14.1
no issue

- This bump fixes a problem where members_stripe_customers_subscriptions were not able to be created due to plan 'nickname' NOT NULL constraing. This case was possible because in earlier versions of Stripe API  `nickname` property was allowed to be `null`
2020-02-10 19:11:42 +08:00
Renovate Bot
6a6413cec5 Update dependency @sentry/node to v5.11.2 2020-02-10 01:16:53 +00:00
Renovate Bot
c863d215fb Update dependency gscan to v3.3.0 2020-02-04 13:16:06 +00:00
Naz Gargol
c295435b41
Added new fields to members CSV import (#11539)
no issue

- New fields that are accepted through members CSV import endpoint are:
  - `subscribed_to_emails` - corresponds to `subscribed` flag in API
  - `stripe_customer_id` - links existing Stripe customer to created member
  - `complimentary_plan` - flag controlling "Complimentary" plan subscription creation for imported member

- Noteworthy exception in field naming - `subscribed_to_emails` that corresponds to `subscribed` API flag present on members resources. It's a special case of CSV format, where users can be less technical it's more explicit to what the flag does (also the same naming is applied in the Admin UI)

- Failing to either link Stripe customer or assign "Complimentary" subscription to imported member behaves in a transaction-like manner - imported record is not created in the database. This is needed to be able to retry imports when it fails for reasons like connectivity failure with Stripe or Stripe miss-configuration.

- To avoid conflicts with linking same Stripe customer to multiple members there is a special handling for duplicate `stripe_customer_id` fields. Records with duplicates are removed from imported set.
2020-02-04 13:51:24 +08:00
Renovate Bot
2f78e53468 Update dependency @tryghost/html-to-mobiledoc to v0.6.3 2020-02-03 22:17:20 +00:00
Daniel Lockyer
d065c268a7 Reverted tmp to v0.0.33
no issue

- Renovate automerged a bump for tmp, but this version has a bug and
  shouldn't have passed the automated tests
- this commit reverts the package back to the working version
2020-02-03 15:22:26 +00:00
Renovate Bot
34be8e7cef Update Test & linting packages 2020-02-03 14:18:05 +00:00
Daniel Lockyer
7751e78c98 Integrated Sentry error tracking
no issue

- this allows tracking of application errors within Sentry
- only enabled for HTTP 500 errors for now
- it is disabled by default
2020-02-03 13:43:43 +00:00
Renovate Bot
97d6e6b98b Update dependency simple-html-tokenizer to v0.5.9 2020-02-03 01:17:46 +00:00
Renovate Bot
94047d24af Update dependency gscan to v3.2.5 2020-01-29 12:33:27 +00:00
Kevin Ansfield
68e2274d6d Reverted "Integrated Sentry error tracking"
This reverts commit 6e024331eb.

Temporarily reverting whilst we investigate an issue with Sentry and running Ghost via Ghost-CLI.

Ghost-CLI initiated boot was failing when Sentry was installed due to what appears to be `process.cwd()` returning `undefined` here https://github.com/TryGhost/Ignition/blob/master/lib/config/index.js#L26
2020-01-28 17:21:37 +00:00
Naz Gargol
25f11bbf1c
Added complimentary member subscription (#11537)
no issue

- We need a way to simulate "premium" membership without any payment from members' side. For this new "Complimentary" plan is introduced
- Allows `comped` flag as an input only on `PUT /members/:id` endpoint which sets  free subscriptions based on "complimentary" plan on the member
- Added `comped` flag to members endpoint responses
- Bumped members-api to 0.12.0. This version supports new set/cancel complimentary subscription methods
2020-01-28 11:25:00 +07:00
Renovate Bot
56bcd4279f Update dependency @tryghost/helpers to v1.1.22 2020-01-27 01:16:37 +00:00
Daniel Lockyer
6e024331eb Integrated Sentry error tracking
no issue

- this allows tracking of application errors within Sentry
- only enabled for HTTP 500 errors for now
- it is disabled by default
2020-01-22 12:15:10 +07:00
Renovate Bot
13c87c687f Update dependency @tryghost/members-ssr to v0.7.4 2020-01-20 11:18:42 +00:00
Rish
334bdc3f10 Installed @tryghost/members-api@0..11.2
no-issue

Fixes incorrect stripe subscriptions structure in user CRUD
2020-01-20 13:42:55 +05:30
Renovate Bot
a3e0594fa5 Update dependency @tryghost/helpers to v1.1.21 2020-01-20 01:19:22 +00:00
renovate[bot]
af4ecb7b76 Update dependency cookie-session to v1.4.0 (#11510)
Co-authored-by: WhiteSource Renovate <renovatebot@gmail.com>
2020-01-17 13:10:48 +07:00
Nazar Gargol
e9e3f58792 Refactored member controller to use model layer
refs https://github.com/TryGhost/Members/pull/105

- As members module has become a core part it makes sense to follow the same principles as in all other controllers and use the model directly instead of calling external services.
- Bumped @tryghost/members-api to 0.11.1 . New stripe-specific methods used in controllers are available starting with this version
- Exposing these new methods is a little hacky because there are no relationships setup on members_* tables. Left notes for future improvements once relations are introduced.
- We don't allow for chaging member's emails at the moment. For this reason had to modify JSON schema a little. It doesn't support OO inheritence: "This shortcoming is perhaps one of the biggest surprises of the combining operations in JSON schema: it does not behave like inheritance in an object-oriented language. " (ref. https://json-schema.org/understanding-json-schema/reference/combining.html#allof)
2020-01-15 17:52:47 +07:00
Nazar Gargol
72ae194fbc Refactored member metadata logic into @tryghost/members-api package
refs c059e8e32e

- Reason why the refactor was needed can be found in refed commit
- The logic was extracted into members-api through passing models
directly as member-api module constructor parameters
- Bumped @tryghost/members-api to 0.11.0. Needed to work after the
refactor
2020-01-13 16:42:15 +07:00
Renovate Bot
caabdad7ad Update dependency gscan to v3.2.2 2020-01-13 07:18:41 +00:00
Renovate Bot
cd7dcef481 Update dependency metascraper-url to v5.8.13 2020-01-13 05:26:28 +00:00
Renovate Bot
d7f38cbedb Update dependency metascraper-description to v5.8.15 2019-12-30 01:17:13 +00:00
Renovate Bot
5874570d45 Update dependency metascraper-title to v5.8.13 2019-12-23 09:36:35 +00:00
Renovate Bot
17f8a8bfbc Update dependency oembed-parser to v1.3.7 2019-12-23 09:16:43 +00:00
Renovate Bot
52c7628a48 Update dependency metascraper-logo-favicon to v5.8.13 2019-12-23 08:17:42 +00:00
Renovate Bot
3cabd27042 Update dependency metascraper-image to v5.8.13 2019-12-23 07:16:14 +00:00
Renovate Bot
2aec73c2e2 Update dependency metascraper-publisher to v5.8.13 2019-12-23 06:16:42 +00:00
Renovate Bot
f2bba8c633 Update dependency metascraper-logo to v5.8.13 2019-12-23 05:16:43 +00:00
Renovate Bot
f49b1a8313 Update dependency metascraper-author to v5.8.13 2019-12-23 04:17:16 +00:00
Renovate Bot
7f08e0b31e Update dependency metascraper-description to v5.8.13 2019-12-23 03:17:25 +00:00
Renovate Bot
a07818f302 Update dependency metascraper to v5.8.13 2019-12-23 02:17:40 +00:00
Renovate Bot
c047232626 Update dependency @tryghost/helpers to v1.1.20 2019-12-23 01:20:52 +00:00
Renovate Bot
6ecc7d197b Update dependency metascraper-title to v5.8.12 2019-12-17 19:16:06 +00:00
Hannah Wolfe
7bf48e49a1 Update dependency analytics-node to v3.4.0-beta.1 2019-12-16 21:06:35 +00:00
Hannah Wolfe
53fdc1b090 Update dependency @tryghost/social-urls to v0.1.5 2019-12-16 20:27:50 +00:00
Hannah Wolfe
16f44e1677 Update dependency gscan to v2.3.1 2019-12-16 20:15:55 +00:00
renovate[bot]
896d4c31ae Update dependency express-hbs to v2.3.0 (#11417) 2019-12-16 20:13:17 +00:00
Renovate Bot
52e23192c0 Update dependency sqlite3 to v4.1.1 2019-12-16 11:15:42 +00:00
Renovate Bot
10a4ba306f Update dependency sharp to v0.23.4 2019-12-16 09:18:07 +00:00
Renovate Bot
a67b2d5c8a Update dependency metascraper-url to v5.8.10 2019-12-16 08:19:06 +00:00
Renovate Bot
dde5220377 Update dependency metascraper-logo-favicon to v5.8.10 2019-12-16 07:16:39 +00:00
Renovate Bot
ff9c6df418 Update dependency metascraper-image to v5.8.10 2019-12-16 06:13:46 +00:00
Renovate Bot
a54e28b962 Update dependency metascraper-publisher to v5.8.10 2019-12-16 05:15:51 +00:00
renovate[bot]
b9458475bb Update dependency juice to v6 (#11429) 2019-12-16 11:55:32 +07:00
Renovate Bot
2fe25daff4 Update dependency metascraper-logo to v5.8.10 2019-12-16 04:23:41 +00:00
Renovate Bot
a1dee8fbc8 Update dependency metascraper-author to v5.8.10 2019-12-16 03:15:12 +00:00
Renovate Bot
04e4b4d28c Update dependency metascraper-description to v5.8.10 2019-12-16 02:16:53 +00:00
Renovate Bot
c59cc557da Update dependency metascraper to v5.8.10 2019-12-16 01:16:49 +00:00
Naz Gargol
e277c6bad3
Added member's subscription cancellation helper {{cancel_link}} (#11434)
no issue

- The helper allows generating HTML needed to cancel or continue the member's subscription depending on subscription state.
- Added public members endpoint to allow updating subscription's `cancel_at_period_end` attribute available at: `PUT /api/canary/members/subscriptions/:id/`
- Added client-side hook to allow calling subscription cancellation. Allows to create elements with `data-members-cancel-subscription` / `data-members-continue-subscription` attributes which would call subscription update.
- Updated schema and added migration for `current_period_end` column
- As discussed we only add a single column to  subscriptions table to avoid preoptimizing for future cases
- Added {{cancel_link}} helper
- Added error handling for {{cancel_link}} when members are disabled
- Added test coverage for {{cancel_link}} helper
- Bumped @tryghost/members-api version to 0.10.2. Needed to use `updateSubscription` middleware
- Bumped gscan to 3.2.0. Needed to recognize new {{cancel_link}} helper
2019-12-12 19:59:15 +07:00
Fabien O'Carroll
5997343279 Installed @tryghost/members-api@0.10.1
no-issue

Fixes issue with Stripe webhooks when running on localhost url
2019-12-09 14:33:04 +02:00
Naz Gargol
bcddeeadf1
Removed redundant member manipulation proxy methods (#11423)
no issue

- This includes the interface change for members-api constructor - now accepts the member's model instead of proxy methods. These methods have been moved ton @tryghost/members-api in favor of using the model directly (ref: https://github.com/TryGhost/Members/pull/105)
- Moved error handling from the service layer to controller
- Bumped @tryghost/member-api package to 0.10.0
2019-12-06 12:04:10 +07:00
Renovate Bot
3b90ac7095 Update dependency knex-migrator to v3.4.1 2019-12-02 02:23:18 +00:00
Renovate Bot
99721a72cd Update dependency bluebird to v3.7.2 2019-12-02 01:23:34 +00:00
Kevin Ansfield
f9f2d36f53 Merge branch 'mega' 2019-11-27 12:12:27 +00:00
Renovate Bot
f10a76e15a Update dependency metascraper-logo-favicon to v5.8.9 2019-11-25 02:28:43 +00:00
Renovate Bot
2120151559 Update dependency metascraper to v5.8.9 2019-11-25 01:31:44 +00:00
Kevin Ansfield
f14e3fa11b Updated yarn.lock 2019-11-18 11:10:39 +00:00
Kevin Ansfield
1c8b78818f Merge branch 'master' into mega 2019-11-18 11:09:46 +00:00
Renovate Bot
fb7afd1672 Update dependency sharp to v0.23.3 2019-11-18 05:25:57 +00:00
Renovate Bot
f5e1d24113 Update dependency metascraper to v5.8.8 2019-11-18 03:26:47 +00:00
Renovate Bot
ad48fe0057 Update dependency @tryghost/html-to-mobiledoc to v0.6.1 2019-11-18 02:24:40 +00:00
Renovate Bot
8383d5c9c2 Update dependency @tryghost/helpers to v1.1.19 2019-11-18 01:29:39 +00:00
renovate[bot]
986df75f43 Update dependency metascraper-author to v5.8.7 (#11369) 2019-11-13 15:16:59 +07:00
renovate[bot]
da0ad2d717 Update dependency metascraper-logo-favicon to v5.8.7 (#11373) 2019-11-13 15:16:27 +07:00
renovate[bot]
fc3182f9f9 Update dependency metascraper-image to v5.8.7 (#11371) 2019-11-13 15:16:00 +07:00
renovate[bot]
4709d1cc6b Update dependency metascraper-title to v5.8.7 (#11375) 2019-11-13 15:14:51 +07:00
renovate[bot]
c531b12a41 Update dependency metascraper-logo-favicon to v5.7.21 (#11362) 2019-11-13 13:57:29 +07:00
renovate[bot]
be9066bb79 Update dependency metascraper-url to v5.8.7 (#11376) 2019-11-13 13:49:23 +07:00
renovate[bot]
fc9187d2ab Update dependency metascraper-description to v5.8.7 (#11370) 2019-11-13 13:48:47 +07:00
renovate[bot]
b78a467890 Update dependency metascraper-logo to v5.8.7 (#11372) 2019-11-13 13:47:06 +07:00
renovate[bot]
3ae8d3b673 Update dependency metascraper to v5.8.7 (#11368) 2019-11-13 13:46:27 +07:00
renovate[bot]
28a69be7ce Update dependency metascraper-publisher to v5.8.7 (#11374) 2019-11-13 13:45:17 +07:00
Renovate Bot
e00f67f04e Update dependency metascraper-title to v5.7.21 2019-11-11 13:22:54 +00:00
Renovate Bot
5a5943e745 Update dependency metascraper-url to v5.7.21 2019-11-11 11:36:37 +00:00
Renovate Bot
d8ca54fd71 Update dependency metascraper-publisher to v5.7.21 2019-11-11 10:22:16 +00:00
Renovate Bot
d6399f3318 Update dependency metascraper-image to v5.7.21 2019-11-11 09:23:43 +00:00
Renovate Bot
fd4766689d Update dependency metascraper-logo to v5.7.21 2019-11-11 08:22:37 +00:00
Renovate Bot
d1c7e068a8 Update dependency metascraper-author to v5.7.21 2019-11-11 07:19:23 +00:00
Renovate Bot
d273b03169 Update dependency metascraper-description to v5.7.21 2019-11-11 06:21:31 +00:00
Renovate Bot
ccc60a7a50 Update dependency metascraper to v5.7.21 2019-11-11 05:20:07 +00:00
Renovate Bot
e2847ae4cf Update dependency mock-knex to v0.4.7 2019-11-11 04:21:00 +00:00
Renovate Bot
e4a86f0120 Update dependency glob to v7.1.6 2019-11-11 03:25:50 +00:00
Renovate Bot
bd9cb1155b Update dependency csv-parser to v2.3.2 2019-11-11 02:20:33 +00:00
Renovate Bot
3a67245a71 Update dependency @tryghost/members-ssr to v0.7.3 2019-11-11 01:20:49 +00:00
Fabien O'Carroll
427f6f6326 Installed mailgun-js@0.22.0
no-issue
2019-11-08 17:21:20 +07:00
Fabien O'Carroll
b16c460633 Installed @tryghost/members-api@0.9.0
no-issue

This now includes stripe data when listing members, which is needed for
email content gating
2019-11-06 15:30:37 +07:00
Renovate Bot
f78996d063 Update dependency sharp to v0.23.2 2019-11-04 14:29:45 +00:00
Renovate Bot
afc68be5fc Update dependency oembed-parser to v1.3.6 2019-11-04 13:31:14 +00:00
Renovate Bot
783ab24735 Update dependency metascraper-title to v5.7.17 2019-11-04 12:30:53 +00:00
Renovate Bot
ea0833c1fc Update dependency metascraper-logo-favicon to v5.7.17 2019-11-04 11:29:20 +00:00
Naz Gargol
977298b6e1 Added basic HTML template support to MEGA (#11336)
no issue

- Sends formatted email to members
- Added css inlining support for MEGA template
- Migrated MEGA service to use API serializers
- Service needs to be compliant with the API to be able to serve absolute URLs for resources like images
- Fixed send email check for previously sent mails
2019-11-04 17:53:42 +07:00
Renovate Bot
a62f9be0fb Update dependency metascraper-url to v5.7.17 2019-11-04 10:30:46 +00:00
Renovate Bot
fc23b3418e Update dependency metascraper-publisher to v5.7.17 2019-11-04 09:30:15 +00:00
Renovate Bot
07915bcf85 Update dependency metascraper-image to v5.7.17 2019-11-04 08:31:27 +00:00
Renovate Bot
d7bd355159 Update dependency metascraper-logo to v5.7.17 2019-11-04 07:29:53 +00:00
Renovate Bot
3714a66ed1 Update dependency metascraper-author to v5.7.17 2019-11-04 06:28:31 +00:00
Renovate Bot
4817679bc4 Update dependency metascraper-description to v5.7.17 2019-11-04 05:28:47 +00:00
Renovate Bot
033f4ecd76 Update dependency metascraper to v5.7.17 2019-11-04 04:30:21 +00:00
Renovate Bot
f29b734feb Update dependency gscan to v3.1.1 2019-11-04 03:32:02 +00:00
Renovate Bot
708cf6ed02 Update dependency @tryghost/members-ssr to v0.7.2 2019-11-04 02:30:56 +00:00
Renovate Bot
28d3818b97 Update dependency @tryghost/helpers to v1.1.18 2019-11-04 01:28:58 +00:00
renovate[bot]
cfb66ac161 Update dependency oembed-parser to v1.3.5 (#11124) 2019-10-30 17:16:38 +01:00
renovate[bot]
da37e3ec61 Update dependency express-session to v1.17.0 (#11238) 2019-10-30 16:41:39 +01:00
renovate[bot]
4009911da2 Update dependency grunt-contrib-compress to v1.6.0 (#11293) 2019-10-30 16:38:32 +01:00
Kevin Ansfield
314958cbf1 Updated dependency @tryghost/url-utils to v0.6.13
no issue

- includes fix for cloudflare `<stream>` embeds breaking after having their URLs transformed
2019-10-30 10:56:48 +00:00
Fabien O'Carroll
804afca51f Installed @tryghost/members-api@0.8.3
no-issue

This improves logging for webhook signature validation
2019-10-30 17:24:04 +07:00
Kevin Ansfield
37e4fd9521 Revert "Update dependency @tryghost/url-utils to v0.6.11"
This reverts commit 37e8951fe9.

- the sub-dependency bump of `moment-timezone` caused another occurrence of https://github.com/tryghost/Ghost/issues/10870

# Conflicts:
#	package.json
2019-10-29 14:13:24 +00:00
renovate[bot]
640c4a82f1 Update dependency gscan to v3.1.0 (#11294) 2019-10-29 10:00:24 +00:00
renovate[bot]
4023772d12 Update dependency express-hbs to v2.2.0 (#11292) 2019-10-29 10:00:05 +00:00
Renovate Bot
2cf3b4f2f1 Update dependency metascraper-title to v5.7.14 2019-10-28 16:44:50 +00:00
Renovate Bot
661d0d784f Update dependency metascraper-url to v5.7.14 2019-10-28 15:37:39 +00:00
Renovate Bot
ab5662e4b3 Update dependency metascraper-logo-favicon to v5.7.14 2019-10-28 14:37:14 +00:00
Renovate Bot
fbcefeb826 Update dependency metascraper-publisher to v5.7.14 2019-10-28 12:30:54 +00:00
Kevin Ansfield
7284227f1e
🐛 Fixed 404s when using a proxy setup (#11269)
no issue

When using certain proxy setups that result in `host` and `x-forwarded-host` being different, it became impossible to access Ghost because all routes showed generic 404 pages.

- `vhost` module that we are using to separate front-end and admin urls does not use express' `req.hostname` so it does not pick up the `x-forwarded-host` url that express' `'trust proxy'` config gives us
- switched to the forked `@tryghost/vhost-middleware` package which has a one-line change to use `req.hostname || req.host`
- added `'trust proxy'` config to the admin express app and switched to using `req.hostname` in our redirect code to avoid infinite redirect loops
2019-10-28 11:22:05 +00:00
Renovate Bot
953bd2a2fc Update dependency metascraper-image to v5.7.14 2019-10-28 10:33:17 +00:00
Renovate Bot
9a8de5acf7 Update dependency metascraper-logo to v5.7.14 2019-10-28 09:32:14 +00:00
Renovate Bot
034b941897 Update dependency metascraper-author to v5.7.14 2019-10-28 08:30:56 +00:00
Renovate Bot
1c43722f5a Update dependency metascraper-description to v5.7.14 2019-10-28 07:30:37 +00:00
Renovate Bot
b8c80944fd Update dependency metascraper to v5.7.14 2019-10-28 06:31:17 +00:00
Renovate Bot
ab7609e746 Update dependency gscan to v3.0.1 2019-10-28 05:31:12 +00:00
Renovate Bot
c3123e4864 Update dependency glob to v7.1.5 2019-10-28 04:32:59 +00:00
Renovate Bot
37e8951fe9 Update dependency @tryghost/url-utils to v0.6.11 2019-10-28 02:37:22 +00:00
Renovate Bot
a8ecd9ac6e Update dependency @tryghost/social-urls to v0.1.4 2019-10-28 01:35:49 +00:00
Nazar Gargol
63c34b08e4 Bumped @tryghost/helpers to 1.1.17
- Needed a bump to allow displaying reading_time even when html content is empty but the reading time property is present
2019-10-21 18:07:38 +07:00
Hannah Wolfe
2358c65535 Update dependency gscan to v3.0.0 2019-10-16 19:17:24 +01:00
Fabien O'Carroll
c9c37b0da2
Merge master -> v3 (#11242)
Merge master -> v3
2019-10-15 17:44:14 +07:00
Renovate Bot
76f7488986 Update dependency @tryghost/social-urls to v0.1.3 2019-10-14 15:28:19 +00:00
Kevin Ansfield
bc8fc566a7 🐛 Fixed markdown card content appearing corrupted when editing a post
refs https://github.com/TryGhost/Ghost/issues/11235

- updates `@tryghost/url-utils` to a version with a fixed `markdownRelativeToAbsolute` method
2019-10-14 13:40:53 +01:00
Renovate Bot
3e15b18bc6 Update dependency @tryghost/members-ssr to v0.7.1 2019-10-14 01:23:54 +00:00
Kevin Ansfield
e33c46f3d1 Merge branch 'master' into v3 2019-10-12 19:13:30 +01:00
Kevin Ansfield
0ee46ab7a8 Updated @tryghost/url-utils to v0.6.9
no issue

- contains guards to prevent unnecessary processing of markdown and html
2019-10-12 17:48:54 +01:00
Kevin Ansfield
05f348f0fe Merge branch 'master' into v3 2019-10-11 13:28:19 +01:00
Kevin Ansfield
85a03b19b1 🐛 Fixed errors when saving or importing posts with invalid URLs
no issue

- bumped @tryghost/url-utils to a version which catches parsing errors and returns the original url argument
2019-10-11 13:20:24 +01:00
Kevin Ansfield
78e16ddd3f Merge branch 'master' into v3 2019-10-11 11:31:31 +01:00
Fabien O'Carroll
8b0130193c Installed @tryghost/members-api@0.8.2
no-issue

This version uses HS256 signed tokens for magic-links and provides much
smaller links but requires a 256bit (64 byte) secret
2019-10-11 13:47:48 +07:00
Fabien O'Carroll
6070ebaf02 Installed @tryghost/members-api@0.8.1
no-issue

This includes changes to support custom subjects in emails and access to
the email of the recipient in the getHTML and getText functions
2019-10-11 11:45:11 +07:00
Kevin Ansfield
1725f538be Fixed characters being lost at the end of markdown card content
no issue

- bumped @tryghost/url-utils with relevant fix
2019-10-10 16:57:15 +01:00
Kevin Ansfield
7fc10106dc Merge branch 'master' into v3 2019-10-10 10:37:42 +01:00
Nazar Gargol
ec303e5bec Bumped @tryghost/helpers to 1.1.14
- Needed to support `reading_time` propery available on post/page resources
2019-10-10 15:42:04 +07:00
Nazar Gargol
977fb5f650 Added reading_time property to post/page resources in Content API 2019-10-10 15:42:04 +07:00
Kevin Ansfield
9aca599b60 Updated @tryghost/url-utils
no issue

- fixes errors thrown from `urlUtils` method calls where the `itemPath` parameter is not passed
2019-10-09 22:31:04 +01:00
Kevin Ansfield
c6b9193940 Fixed duplicated host in URLs returned from API when saved as relative
no issue

- Ghost passes full urls through to the `url-utils` methods as the `itemPath` argument when performing relative->absolute transforms
- `url-utils` was not handling this correctly for page-relative urls (no leading slash) where it resulted in duplicate hosts such as http://mysite.com/http://mysite.com/item-path/relative-path
- bumps version of @tryghost/url-utils to a fixed version
2019-10-09 20:49:51 +01:00
Kevin Ansfield
b01bae7c3d 🐛 Fixed 500 errors when fetching certain posts via the Admin API
no issue

- it's possible to have `mobiledoc` that has anchor markups with no `href` attribute, in that situation our url-transformation utilities were throwing errors when generating Admin API output
- bumps `@tryghost/url-utils` with fixed utility functions
2019-10-09 17:21:06 +01:00
Kevin Ansfield
587bd8accb Merge branch 'master' into v3 2019-10-09 15:04:09 +01:00
Naz Gargol
b4548b0119
Update dependency gscan to v2.10.0 (#11221)
no issue

- This removes unwanted checks for `{{statusCode}}` which are compatible with v3 and were added by mistake in v2
2019-10-09 12:13:12 +02:00
Fabien O'Carroll
757fe72da1 Installed @tryghost/members-api@0.8.0
no-issue

This adds support for storing and retrieving stripe data from local db
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
312e0cc31e Installed @tryghost/members-ssr@0.7.0
no-issue

This removes the cookie caching functionality from members-ssr
2019-10-09 16:24:51 +07:00
Kevin Ansfield
6028fde666 Merge branch 'master' into v3 2019-10-08 13:58:08 +01:00
Kevin Ansfield
32f3f9d2c3 🐛 Fixed "unsaved changes" modal displaying when post has been saved
refs https://github.com/TryGhost/Ghost/issues/10477

The unsaved changes modal is displaying even when the post has been saved if images have been uploaded because the server is transforming absolute image urls to relative during input of the `mobiledoc` field but not transforming them back to absolute during output. The editor then thinks it's out of sync and shows the warning when trying to leave.

- `@tryghost/url-utils` has been updated with new methods for transforming URLs in mobiledoc content
- moves absolute->relative transformation from the API input serializers into the Post model
- transforms URLs in more fields for a more comprehensive transformation and fewer issues when re-configuring a site's domain
  - previously there could be problems with internal links between posts not being transformed so you could change the url config to newdomain.com but links in post content would still be pointing to olddomain.com
- updates the API post output serializers to transform all modified fields
- drops the `?absolute_urls=true` param switch from the `canary` API post output serializer so that all URLs are output as absolute
  - we're transforming more urls to relative when saving so this is necessary to ensure the unsaved changes modal is not triggered
  - the query param isn't documented and will disappear in v3
2019-10-07 22:59:19 +01:00
Renovate Bot
0f2afafcbb Update dependency knex to v0.19.5 2019-10-07 09:30:22 +00:00
renovate[bot]
4c81a62a9d Lock file maintenance (#11175) 2019-10-07 12:53:34 +05:30
renovate[bot]
cb9eab0248 Update dependency bluebird to v3.7.0 (#11206) 2019-10-07 12:44:07 +05:30
Renovate Bot
fe4dccfaa3
Update dependency nock to v11.3.6 2019-10-07 01:29:57 +00:00
Renovate Bot
cc70fe983e Update dependency @tryghost/helpers to v1.1.12 2019-10-07 01:29:14 +00:00
Fabien O'Carroll
aaaf473154 Installed @tryghost/members-api@0.7.7
no-issue

This ensures that the correct emails are sent regardless of the form and
allows us to pass a flag to disable sending emails to users that are nor
already members.
2019-10-06 21:22:58 +07:00
Fabien O'Carroll
cb431d758b Installed @tryghost/members-api@0.7.6
no-issue

This adds support for dynamic success and cancel urls for stripe checkout
2019-10-03 17:36:33 +07:00
Kevin Ansfield
36674c7584 Updated dependency @tryghost/url-utils to v0.6.0
no issue

- has refactored relativeToAbsolute utility
- has bugfixes for subdirectory handling and deduplication
- includes new utilities for transforming urls in markdown and mobiledoc
2019-10-02 13:06:50 +01:00
Fabien O'Carroll
8bb0f6631f Installed @tryghost/members-ssr@0.6.0
no-issue

This adds extra protection for weird cookies states when trying to get
identity tokens
2019-10-02 18:23:52 +07:00
Fabien O'Carroll
d4ffb0176b Installed @tryghost/members-api@0.7.5
no-issue

This adds extra stripe information to members, including last4 digits of card
2019-10-02 18:22:44 +07:00
Fabien O'Carroll
09daf832d9 Installed @tryghost/members-api@0.7.4
This includes fixes for the destory and update methods of members object
2019-10-02 15:26:40 +07:00
Fabien O'Carroll
7a59489643 Installed @tryghost/members-api@0.7.2
no-issue

This includes fixes to webhook generating and customer handling
Also includes an update to how we set the logger
2019-10-02 14:03:00 +07:00
Fabien O'Carroll
c18cf50654 Installed @tryghost/members-api@0.7.1
no-issue

This includes a bugfix when creating members and sending the email
2019-10-01 17:50:13 +07:00
Fabien O'Carroll
3507df8a7c Installed @tryghost/members-api@0.7.0
no-issue

This includes functionality that allows us to have multiple magic-link
email templates
2019-10-01 15:16:28 +07:00
Fabien O'Carroll
e2ec3e71ac Installed members-api@0.6.2 members-ssr@0.5.2
no-issue
2019-10-01 11:58:50 +07:00
Fabien O'Carroll
020b2f2159 Updated lockfile
no-issue
2019-10-01 11:45:37 +07:00
renovate[bot]
e34cd56152 Update dependency metascraper-image to v5.7.6 (#11118) 2019-09-30 23:20:42 +02:00
renovate[bot]
b9636b64b6 Update dependency image-size to v0.8.3 (#11149) 2019-09-30 23:17:18 +02:00
renovate[bot]
82fb7b5960 Update dependency metascraper-title to v5.7.6 (#11122) 2019-09-30 23:15:30 +02:00
renovate[bot]
9da9ce669d Update dependency metascraper-description to v5.7.6 (#11117) 2019-09-30 23:10:21 +02:00
renovate[bot]
f4c14e570d Update dependency metascraper-logo-favicon to v5.7.6 (#11120) 2019-09-30 23:09:36 +02:00
renovate[bot]
1f2b5b27dc Update dependency metascraper to v5.7.6 (#11115) 2019-09-30 22:59:25 +02:00
renovate[bot]
3f3972c019 Update dependency metascraper-url to v5.7.6 (#11123) 2019-09-30 22:57:25 +02:00
renovate[bot]
7da882499a Update dependency metascraper-logo to v5.7.6 (#11119) 2019-09-30 22:56:24 +02:00
renovate[bot]
80789ab8d0 Update dependency metascraper-publisher to v5.7.6 (#11121) 2019-09-30 22:56:04 +02:00
renovate[bot]
0f098ccc3e Update dependency metascraper-author to v5.7.6 (#11116) 2019-09-30 22:55:44 +02:00
renovate[bot]
42faad9ee7 Update dependency markdown-it-mark to v3 (#11127) 2019-09-30 22:51:31 +02:00
renovate[bot]
8631f4cfd2 Update dependency knex-migrator to v3.4.0 (#11170) 2019-09-30 22:46:43 +02:00
renovate[bot]
9be99df0e1 Update dependency probe-image-size to v5 (#11128) 2019-09-30 22:35:10 +02:00
renovate[bot]
b64b0f3532 Update dependency markdown-it to v10 (#11126) 2019-09-30 21:22:08 +02:00
renovate[bot]
044919356e Update dependency mocha to v6 (#11171) 2019-09-30 10:31:11 +02:00
Renovate Bot
4bba5438f1 Update dependency sharp to v0.23.1 2019-09-30 04:32:55 +00:00
Renovate Bot
8e31417c09 Update dependency csv-parser to v2.3.1 2019-09-30 03:33:21 +00:00
Renovate Bot
719a38358b Update dependency @tryghost/members-ssr to v0.5.1 2019-09-30 02:32:32 +00:00
Renovate Bot
e03a02f3ed Update dependency @tryghost/helpers to v1.1.11 2019-09-30 01:35:46 +00:00
Kevin Ansfield
56493bed1a Update dependency @tryghost/url-utils to 0.5.0
no issue

- fixes failing regression test where `htmlRelativeToAbsolute()` was throwing an error due to some invalid HTML in our test fixtures
2019-09-26 12:24:18 +01:00
Fabien O'Carroll
e53913930d Installed @tryghost/members-api@0.6.1
no-issue

This adds support for sending email when creating member
2019-09-26 17:32:32 +07:00
Fabien O'Carroll
0de68a0919 Installed @tryghost/members-api@0.6.0
no-issue

This contains updates to allow creating of members via a stripe webhook,
and includes the webhook handler. Also updates members-api to expose a
middleware object, rather than a router - so that routes can be mounted
at the endpoint of choice.
2019-09-26 11:35:44 +07:00
Kevin Ansfield
d69440bd4f
Update dependency @tryghost/url-utils to 0.4.0 (#11156)
no issue

- updates usage of `htmlRelativeToAbsolute` to avoid unnecessary duplication of "home" url fetching (the UrlUtils instance already has that information)
2019-09-25 12:35:59 +01:00
Kevin Ansfield
3eb11533bd Marked the client auth table drop migration as irreversible
no issue

- bumps `knex-migrator` so it supports irreversible migrations
- marks the `03-drop-client-auth` migration as irreversible because it destroys data that is not recoverable and is required for earlier versions of Ghost to function
2019-09-23 17:22:46 +01:00
Nazar Gargol
3712e6e01c Bumped gscan to 2.9.0 2019-09-23 16:48:21 +02:00
Renovate Bot
93e04b0a43 Update dependency @tryghost/members-api to v0.5.3 2019-09-23 03:25:09 +00:00
Renovate Bot
b89e3650f1
Update dependency nock to v11.3.5 2019-09-23 01:27:17 +00:00
Renovate Bot
d33fc8c8a6 Update dependency @tryghost/helpers to v1.1.10 2019-09-23 01:26:36 +00:00
Nazar Gargol
62343b09e2 💡Bumped gscan version to 2.9.0 2019-09-19 18:18:33 +02:00
Fabien O'Carroll
01fca3ec2c Installed @tryghost/members-ssr@0.5.0
no-issue

This includes changes that can be used to signin via a GET request
2019-09-17 11:05:06 +08:00
Naz Gargol
0bee38d586
💡Bumped gscan version to 2.8.0 (#11134)
no issue

- This version contains --canary flag and new rules that come with it
- The theme checks will be run against canary rules by default
2019-09-16 18:22:49 +02:00
Kevin Ansfield
378ebe62b1 Merge branch 'master' into v3 2019-09-16 09:32:10 +01:00
Renovate Bot
2f86894dff Update dependency knex to v0.19.4 2019-09-16 04:25:49 +00:00
Renovate Bot
21b9ba893a Update dependency image-size to v0.7.5 2019-09-16 03:26:55 +00:00
Renovate Bot
c82418153d
Update Test & linting packages 2019-09-16 00:28:05 +00:00
Fabien O'Carroll
8d4056a6ec Installed @tryghost/members-api@0.5.2
no-issue

This improves the logging of errors when sending magic link.
2019-09-15 11:53:29 +08:00
Kevin Ansfield
d645afb416 Removed all accesstokens and refreshtokens related code
no issue

- v0.1 is ☠️ so the access/refresh token based auth is no longer used
- removed all code related to the `accesstokens` and `refreshtokens` tables
- removed all `passport` related dependencies as it's no longer used
2019-09-12 15:45:27 +01:00
Kevin Ansfield
b46f9b1dc2 🔒 Fully separated front-end and admin app urls
no issue

- uses `vhost` in parent-app to properly split front-end and admin/api apps when a separate admin url is configured
2019-09-10 15:47:49 +01:00
renovate[bot]
c3eb5c291c Lock file maintenance (#11061) 2019-09-10 09:45:45 +01:00
renovate[bot]
74fab21eb5 Update dependency mobiledoc-dom-renderer to v0.7.0 (#10937) 2019-09-10 09:36:43 +01:00
renovate[bot]
aa22de4db8 Update dependency nock to v11 (#11093) 2019-09-10 09:13:26 +01:00
renovate[bot]
07448ce034 Update dependency sqlite3 to v4.1.0 (#11034) 2019-09-10 08:58:35 +01:00
renovate[bot]
68af109d8e Update dependency bookshelf-relations to v1.3.0 (#11065) 2019-09-10 08:57:56 +01:00
Kevin Ansfield
5be63958b9 Reverted dependency oembed-parser to 1.2.2
no issue

- 1.3.1 is breaking the oembed regression tests
2019-09-09 16:00:04 +01:00
renovate[bot]
5c8efd087e Update dependency @tryghost/html-to-mobiledoc to v0.6.0 (#11092) 2019-09-09 10:45:30 +01:00
renovate[bot]
fa0a399345 Update dependency oembed-parser to v1.3.1 (#10983) 2019-09-09 10:44:13 +01:00
Fabien O'Carroll
b8fc0d2bd1
Cached member data in ghost-members-ssr-cache cookie (#11096)
no-issue

* Installed @tryghost/members-ssr@0.4.0
  This now supports caching of the data returned by the members-api

* Renamed cookies set by members-ssr
  As discussed with @ErisDS I have prefixed these cookies with `ghost`
2019-09-09 17:39:46 +08:00
Renovate Bot
01f2f36547 Update dependency @tryghost/url-utils to v0.3.1 2019-09-09 02:34:18 +00:00
Renovate Bot
af021921e7 Update dependency @tryghost/helpers to v1.1.9 2019-09-09 01:28:16 +00:00
Fabien O'Carroll
f63577fa4f
Implemented stripe checkout handling for members
no-issue

* Installed members-api@0.5.0 members-ssr@0.3.1
* Supported multiple members-forms
* Used members canary api
* Added GET handler to /members/ssr for id token
The identity token will be used to ensure that a payment is linked to the correct member
* Added stripe.js to ghost_head when members enabled
* Added basic support for linking to stripe checkout
* Removed listener to title and icon settings changes
* Added stripe subscription config
2019-09-06 15:14:21 +08:00
Fabien O'Carroll
49672a1e4d Updated members service to use magic-link signin
no-issue
2019-09-05 11:14:50 +08:00
Fabien O'Carroll
ef78fe7bab Updated members-api@0.4.1 members-ssr@0.3.0
no-issue

These versions contain the necessary changes for magic link signin
2019-09-05 11:14:50 +08:00
Renovate Bot
b1c61e4e84 Update dependency knex to v0.19.3 2019-09-02 02:32:19 +00:00
Renovate Bot
9a9be2f55e Update dependency bookshelf-relations to v1.1.2 2019-09-02 01:31:35 +00:00
Rishabh Garg
c2aa62083c Added support for bookmark card (#11024)
requires https://github.com/TryGhost/Ghost-Admin/pull/1293

- updates `oembed` endpoint behaviour
  - if an oembed provider is not found then we use `metascraper` to populate a metadata object
  - when metadata is returned rather than an oembed response the payload will look like this:
    ```json
    {
        "url": "...",
        "type": "bookmark",
        "metadata": {
            "url": "...",
            "title": "...",
            "description": "...",
            "author": "...",
            "publisher": "...",
            "thumbnail": "...",
            "icon": "..."
        }
    }
    ```
- adds a `bookmark` card which generates output for the bookmark card:
  ```html
  <figure class="kg-card kg-bookmark-card">
    <a href="[URL]" class="kg-bookmark-container">
      <div class="kg-bookmark-content">
        <div class="kg-bookmark-title">[TITLE]</div>
        <div class="kg-bookmark-description">[DESCRIPTION]</div>
        <div class="kg-bookmark-metadata">
          <img src="[ICON]" class="kg-bookmark-icon">
          <span class="kg-bookmark-author">[AUTHOR]</span>
          <span class="kg-bookmark-publisher">[PUBLISHER]</span>
        </div>
      </div>
      <div class="kg-bookmark-thumbnail">
        <img src="[THUMBNAIL]">
      </div>
    </a>
  </figure>
  ```
  - if a particular bit of data does not exist then the associated html element will not be present
2019-08-27 15:01:02 +01:00
Renovate Bot
4d7164dce6 Update dependency markdown-it to v9.1.0 2019-08-27 10:45:40 +08:00
Renovate Bot
9ea2f5b445 Update dependency uuid to v3.3.3 2019-08-26 03:26:59 +00:00
Renovate Bot
35a74ecb29
Update dependency proxyquire to v2.1.3 2019-08-26 00:29:39 +00:00
Kevin Ansfield
d0fa149e0e Updated tests eslint config to use eslint-plugin-ghost@0.5.0
no issue
- bump eslint-plugin-ghost to v0.5.0
- update core/test eslint config to use "ghost:test" in place of custom ruleset
- apply automated eslint fixes
2019-08-19 13:38:35 +01:00
Kevin Ansfield
9c46ff154d Revert tmp dependency to v0.0.33
no issue
- renovate auto-upgraded to 0.1.0
- reverts to 0.0.33 to fix the tests
2019-08-19 11:08:27 +01:00
Renovate Bot
dc36012d11 Update dependency knex to v0.19.2 2019-08-19 03:33:02 +00:00
Renovate Bot
59c20ec578 Update dependency @tryghost/social-urls to v0.1.2 2019-08-19 02:48:09 +00:00
Renovate Bot
12fe76cf1d Update dependency @tryghost/html-to-mobiledoc to v0.5.1 2019-08-19 02:30:45 +00:00
Renovate Bot
a250afdfb2 Update dependency @tryghost/helpers to v1.1.8 2019-08-19 01:35:54 +00:00
Renovate Bot
a04ab771e4 Update Test & linting packages 2019-08-16 19:19:54 +00:00
Kevin Ansfield
61420ae67f
Updated @tryghost/url-utils to v0.3.0 (#11027)
refs https://github.com/TryGhost/Ghost/issues/10793

- fixes `urlUtils.htmlRelativeToAbsolute` mangling attribute quote styles and removing indentation
2019-08-16 00:26:24 +01:00
Fabien O'Carroll
24c8da58e4 Fixed local package issue for npm users (#11019)
closes #11018
2019-08-14 13:19:01 +05:30
Fabien O'Carroll
ef4fd4b8ef Added shared nql-map-key-values module
no-issue

This module was being shared between multiple parts of the codebase, the
core/shared directory is a stopgap before we move it out to mongo-utils.
2019-08-12 18:41:43 +08:00
Kevin Ansfield
4f3391cd04
Updated @tryghost/url-utils to v0.2.0 (#11004)
no issue

- updates `@tryghost/url-utils` following an internal refactor of the package
- renames `makeAbsoluteUrls` to `htmlRelativeToAbsolute` to better reflect what the function is doing
- renames `getBlogUrl` to `getSiteUrl`
- updates UrlUtils test stubbing util to work with a class
- fixes use of invalid port numbers in tests (max port number is 65535, any higher is an invalid URL that will error with some parsers)
2019-08-12 09:31:42 +01:00
Renovate Bot
e89a2074b8
Update dependency proxyquire to v2.1.2 2019-08-12 00:29:25 +00:00
Fabien O'Carroll
c713847718 Installed @nexes/nql@0.3.0 2019-08-09 14:39:01 +08:00
renovate[bot]
494e0d14a0 Update dependency archiver to v3.1.1 (#10981) 2019-08-06 16:16:08 +08:00
renovate[bot]
13b1a9e7ef Update dependency sharp to v0.23.0 (#10984) 2019-08-06 16:14:50 +08:00
Renovate Bot
ff4d3f9e61 Update dependency proxyquire to v2.1.1 2019-08-05 04:34:25 +00:00
Renovate Bot
75ba8b5c64 Update dependency knex-migrator to v3.3.3 2019-08-05 01:28:21 +00:00
Hannah Wolfe
75f6e9c0e3 Update dependency gscan to v2.7.0 2019-08-01 11:00:04 +01:00
Renovate Bot
daae3964cc Lock file maintenance 2019-08-01 11:57:31 +05:30
Renovate Bot
5766edd6a3 Update dependency semver to v6.3.0 2019-08-01 10:44:06 +05:30
Renovate Bot
2d7a34fcbd Update dependency amperize to v0.6.0 2019-08-01 10:43:41 +05:30
Renovate Bot
c7a873b80f Update dependency @tryghost/html-to-mobiledoc to v0.5.0 2019-08-01 10:43:15 +05:30
Renovate Bot
40d8cd332b Update dependency intl-messageformat to v5.4.3 2019-08-01 10:40:32 +05:30
Rish
86c670a942 Updated dependency @tryghost/url-utils to v0.1.4
refs #10870

- Reverts moment-timezone version in url-utils to 0.5.23 to fix moment format issue
2019-07-30 20:17:38 +05:30
Rish
ffbd749c8d Added resolution for moment-timezone version
refs #10870

- `moment-timezone` was bumped to `0.5.26` inadvertently as a result of bump to `url-utils` in 6cb0f800c8
- Added resolution makes sure we use `0.5.23` for `moment-timezone` till tests are updated to work with latest version
2019-07-30 18:36:26 +05:30
Renovate Bot
e6a99ec147 Update dependency simple-html-tokenizer to v0.5.8 2019-07-29 12:24:53 +00:00
Renovate Bot
4428822253 Update dependency knex to v0.19.1 2019-07-29 06:25:28 +00:00
Renovate Bot
264a185721 Update dependency intl-messageformat to v5.1.2 2019-07-29 05:25:57 +00:00
Renovate Bot
d663cd2c8a Update dependency gscan to v2.6.6 2019-07-29 04:27:19 +00:00
Renovate Bot
6cb0f800c8 Update dependency @tryghost/url-utils to v0.1.3 2019-07-29 03:26:26 +00:00
Renovate Bot
a4546409c2 Update dependency @tryghost/social-urls to v0.1.1 2019-07-29 02:27:21 +00:00
Renovate Bot
d5d89ce9e4 Update dependency @tryghost/helpers to v1.1.7 2019-07-29 01:27:14 +00:00
Renovate Bot
e774d7bdd3 Update dependency multer to v1.4.2 2019-07-23 10:41:43 +00:00
Renovate Bot
2b20ae8f78 Update dependency lodash to v4.17.15 2019-07-22 03:27:21 +00:00
Renovate Bot
a1ece81c55 Update dependency gscan to v2.6.4 2019-07-22 02:30:43 +00:00
Renovate Bot
876ef128a7 Update dependency archiver to v3.0.3 2019-07-22 01:28:19 +00:00
Fabien O'Carroll
078060abdc
Refactored members service logging and errors (#10919)
* Installed @tryghost/members-ssr@0.2.1

refs https://github.com/TryGhost/Members/issues/38

This updates allows for dynamic access of the membersApi, which will be
used in future when replacing the membersApi instance with a newly
configured one.

* Set the membersApiInstance logger to use common.logging

refs https://github.com/TryGhost/Members/issues/38

Passes the Ghost logger to the members api, so that we can keep an eye
on errors produced by the api.

* Refactored memberService use to always use getter

refs https://github.com/TryGhost/Members/issues/38

This will allow us to switch out the membersApi and the consumers of it
to have the updated reference by going through a getter.

* Installed @tryghost/members-api@0.3.0

refs https://github.com/TryGhost/Members/issues/38

Adds support for setting the logger

* Uninstalled stripe@7.0.0

refs https://github.com/TryGhost/Members/issues/38

The stripe module is now a dep of members-api, as it should be

* Updated members service to reconfigure settings

refs https://github.com/TryGhost/Members/issues/38

Previously we were unable to stop an invalidly configured members api
instance, now that we create a new instance, we can wait for the ready
or error event and only switch it out then.
2019-07-18 15:37:11 +08:00
Renovate Bot
c521b6632d Update dependency markdown-it to v9 2019-07-15 13:32:21 +01:00
Renovate Bot
033e58e4ac Update dependency knex to v0.19.0 2019-07-15 16:37:34 +08:00
Renovate Bot
6eefce3349 Update dependency brute-knex to v4 2019-07-15 16:13:14 +08:00
Renovate Bot
c7e30e9970 Update dependency intl-messageformat to v5 2019-07-15 14:27:05 +08:00
Renovate Bot
a926adfd6c Update dependency probe-image-size to v4.1.1 2019-07-15 14:26:19 +08:00
Renovate Bot
e497486e78 Update dependency intl-messageformat to v4.4.0 2019-07-15 14:17:04 +08:00
Renovate Bot
07215bd040 Update dependency probe-image-size to v4.0.1 2019-07-15 05:24:55 +00:00
Renovate Bot
848640eda2 Update dependency mock-knex to v0.4.6 2019-07-15 04:25:22 +00:00
Renovate Bot
79b2cb7294 Update dependency markdown-it-footnote to v3.0.2 2019-07-15 03:25:21 +00:00
Renovate Bot
0e29b57ab3 Update dependency lodash to v4.17.14 2019-07-15 02:25:23 +00:00
Renovate Bot
6d3cd93107 Update dependency gscan to v2.6.3 2019-07-15 01:54:27 +00:00
Renovate Bot
1b56892e33 Update dependency ajv to v6.10.2 2019-07-15 01:25:12 +00:00
Renovate Bot
c55f341632 Update dependency lodash to v4.17.13 [SECURITY] 2019-07-11 11:26:39 +00:00
Fabien O'Carroll
d9d8d91b6a
Fixed members auth pages flashing on open (#10889)
closes #10888

The real work for this was done in:
https://github.com/TryGhost/Members/pull/37

Installed @tryghost/members-auth-pages@1.1.0
Installed @tryghost/members-theme-bindings@0.2.3
2019-07-09 19:05:47 +08:00
Fabien O'Carroll
177411045a
Moved members static pages to members api URL (#10887)
* Installed @tryghost/members-api@0.2.0

refs #10886

This will allow us to mount one router rather than having a static and
api router.

* Added members v2 api directory

refs #10886

This brings the members api more inline with how the rest of the apis
work within Ghost.

* Mounted the members api app to the api route

closes #10886

This successfully mounts the api and the static pages to the
/api/v2/members/ URL.

* Installed @tryghost/members-auth-pages@1.0.0

refs #10886

This updates the auth pages to work correctly with the new mount point.

* Changed membersUrl in members.js to use members api

refs #10886

This keeps the membersUrl lined up with the path for the static
members pages.

* Removed old members static mount point

refs #10886

These are no longer used, nor desired.

* Remove superfluous code from members service

refs #10886

This remove the gateway getter which is no longer used, and the fallback
for members not enabled - which is handled within the members app.

* Updated ssoOrigin to use admin url

refs #10886

This ensures that sites running on a separate admin domain have the
correct ssoOrigin, which is used to ensure only the designated auth
pages are used to hit the authentication endpoints.

Since the auth pages are now hosted under the `/ghost` url, they will be
on the admin origin and not the site origin
2019-07-09 19:02:44 +08:00
Renovate Bot
f2ef27243a Update dependency ajv to v6.10.1 2019-07-08 01:25:46 +00:00
Nazar Gargol
2048ea5cb2 Bumped eslint-plugin-ghost version to 0.4.0
no issue

- This version allows for async/await syntax to be used in the codebase which is available after dropping Node v6 support
2019-07-05 17:36:02 +02:00
renovate[bot]
db53ac0721 Update Test & linting packages (major) (#10858)
no issue 

- Updated Test & linting packages
- Updated use of hasOwnProperty
- Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins)
- Removed already defined built-in global variable Intl
- Applied `--fix` with lint command on `core/test` folder
- The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes)
- Removed redundant global variable declarations to pass linting
2019-07-05 13:40:43 +02:00
Nazar Gargol
5aa0a2134b Reverted moment-timezone bump back to 0.5.23
refs #10870

- Added moment-timezone to Renovate's ignore list
- Described reasoning  in https://github.com/TryGhost/Ghost/issues/10870
2019-07-04 13:56:13 +02:00
renovate[bot]
1f32a1372f Update dependency got to v9 (#10861)
no issue 

- The underlying issue is the change in retry behavior in 'got' (a3e77de287)
- Now 500 responses trigger 2 default retries
- Renamed retries -> retry. As mentioned in https://github.com/sindresorhus/got/releases/v9.0.0
- Added response body error check
2019-07-04 10:36:51 +02:00
Renovate Bot
1225bd2fe9 Update dependency glob to v7 2019-07-04 10:18:12 +05:30
Renovate Bot
b508fd70ba Update dependency intl-messageformat to v4 2019-07-04 10:05:46 +05:30
Renovate Bot
a2473cbb42 Update dependency stripe to v7 2019-07-04 09:59:27 +05:30
Renovate Bot
cbaa7fde3b Update dependency fs-extra to v8 2019-07-02 19:10:12 +02:00
Renovate Bot
5bb732546f Update dependency knex-migrator to v3.3.2 2019-07-02 16:23:28 +02:00
Renovate Bot
052271272b Update dependency sqlite3 to v4.0.9 2019-07-02 11:39:33 +00:00
Renovate Bot
c214203015 Update dependency sanitize-html to v1.20.1 2019-07-02 13:36:49 +02:00
Renovate Bot
83ed38c2e0 Update dependency jsonpath to v1.0.2 2019-07-02 11:15:38 +00:00
Renovate Bot
4b7a1bffec Update dependency node-jose to v1.1.3 2019-07-02 10:31:28 +00:00
Renovate Bot
4753017d6a Update dependency moment-timezone to v0.5.25 2019-07-02 10:30:03 +00:00
Renovate Bot
c14849d761 Update dependency mock-knex to v0.4.5 2019-07-02 12:29:31 +02:00
Renovate Bot
b4a2305f64 Update dependency mobiledoc-dom-renderer to v0.6.6 2019-07-02 10:28:37 +00:00
Renovate Bot
90f0d38ad2 Update dependency mysql to v2.17.1 2019-07-02 12:26:23 +02:00
Renovate Bot
1371684b38 Update dependency connect-slashes to v1.4.0 2019-07-02 12:12:28 +02:00
Renovate Bot
f4dd1d173f Update dependency bson-objectid to v1.3.0 2019-07-02 12:10:29 +02:00
Renovate Bot
352fec4c00 Update dependency gscan to v2.6.2 2019-07-02 10:02:49 +00:00
Renovate Bot
62e0a17aa3 Update dependency image-size to v0.7.4 2019-07-02 11:54:36 +02:00
Renovate Bot
e146737aff Update dependency jsonwebtoken to v8.5.1 2019-07-02 11:47:22 +02:00
Renovate Bot
0ed0c49732 Update dependency grunt-contrib-compress to v1.5.0 2019-07-02 11:41:15 +02:00
Renovate Bot
189ce9bc1d Update dependency express-session to v1.16.2 2019-07-02 11:37:27 +02:00
Renovate Bot
5a316c3c80 Update dependency express to v4.17.1 2019-07-02 11:30:35 +02:00
Renovate Bot
a51008a034 Update dependency knex-migrator to v3.2.6 2019-07-02 09:27:54 +00:00
Renovate Bot
2dcb1a3776 Update dependency csv-parser to v2.3.0 2019-07-02 11:27:16 +02:00
Renovate Bot
9564757d8d Update dependency ajv to v6.10.0 2019-07-02 11:13:53 +02:00
Renovate Bot
0abc8971b4 Pin dependency grunt-contrib-symlink to 1.0.0 2019-07-02 11:08:33 +02:00
Renovate Bot
885ce6eb44 Update dependency cookie-session to v1.3.3 2019-07-02 11:04:52 +02:00
Renovate Bot
2e0067d877 Update dependency html-to-text to v5 2019-07-02 11:00:00 +02:00
Renovate Bot
d88a41628e Update dependency semver to v6 2019-07-02 10:56:03 +02:00
Renovate Bot
b3561dcee4 Update dependency sharp to v0.22.1 2019-07-02 10:52:46 +02:00
Renovate Bot
deeafe9734 Update dependency compression to v1.7.4 2019-07-02 08:26:50 +00:00
Renovate Bot
2cf40d2f6f Update dependency bson-objectid to v1.2.5 2019-07-02 07:30:13 +00:00
Renovate Bot
82d146577c Update dependency @tryghost/members-auth-pages to v0.2.2 2019-07-02 06:48:32 +00:00
Renovate Bot
7638ca4d77 Update dependency @tryghost/helpers to v1.1.6 2019-07-02 05:23:38 +00:00
Renovate Bot
2f7e6d21ae Update dependency bluebird to v3.5.5 2019-07-02 04:04:31 +00:00
Renovate Bot
c576a2d724 Update dependency @tryghost/members-api to v0.1.2 2019-07-02 03:29:16 +00:00
Renovate Bot
9da9b2f448 Update dependency @nexes/nql to v0.2.2 2019-07-02 02:31:50 +00:00
Renovate Bot
3eeb81a19c Update Build Tool 2019-07-02 01:31:27 +00:00
Kevin Ansfield
3229de75f8 Revert "Replaced keypair with rsa-keypair module (#10758)"
This reverts commit 64735693be.

- `rsa-keypair` is a binary dependency that was failing to install for a lot of users, reverting for now so we can look at alternative options for speeding up boot time
2019-06-26 14:00:25 +01:00
Fabien O'Carroll
da3f55dd9d Updated express-hbs to 2.1.2
no-issue

ronseal.
2019-06-25 16:19:33 +07:00
Fabien O'Carroll
bb1ee3c265 Updated members-theme-bindings & public/members.js
no-issue

This updates Ghost to inject the exact urls we want to use for both the
static members pages and the ssr endpoints we've configured for the
frontend. This allows us to changes these without having to update the
members repository, and gives a cleaner split between the two.
2019-06-25 15:13:52 +07:00
Nazar Gargol
e5391519eb Bumped js-yaml version to 3.13.1
no issue

- The 3.13.1 version contains security fixes described in b2f9e88239
2019-06-24 15:47:37 +02:00
Daniel Lockyer
64735693be Replaced keypair with rsa-keypair module (#10758)
refs #10789 

Speed up Ghost boot time by replacing the JS-only RSA key generator
library with a native alternative.
2019-06-21 16:51:44 +07:00
Naz Gargol
abda6e6338
Migrated to use url-utils from Ghost-SDK (#10787)
closes #10773

- The refactoring is a substitute for `urlService.utils` used previously throughout the codebase and now extracted into the separate module in Ghost-SDK
- Added url-utils stubbing utility for test suites
- Some tests had to be refactored to avoid double mocks (when url's are being reset inside of rested 'describe' groups)
2019-06-18 15:13:55 +02:00
Kevin Ansfield
bbae006eb5
Speed up image-size utility functions (#10784)
no issue

- add `probe-image-size` dependency
- use `probe-image-size` to fetch partial image data over the network where possible
2019-06-11 16:25:15 +01:00
Kevin Ansfield
6fd2db2ed4 Update amperize to v0.5.2
no issue
- includes a couple of bug fixes for fallback from probe-image-size to image-size
2019-06-11 12:17:28 +01:00
Kevin Ansfield
f34a9d2e36 Update amperize to v0.5.1
no issue

- includes fix for http->https conversion that broke tests in 90b0c8d3bb
2019-06-10 11:14:00 +01:00
Kevin Ansfield
90b0c8d3bb 🚀 Speed up initial generation of /amp/ content with many images
no issue

- update `amperize` to v0.5.0 which includes partial image loading and parallel network requests for fetching image dimensions
2019-06-10 09:53:25 +01:00
Nazar Gargol
f5544e7831 Migrated to use @tryghost/social-urls package
refs #10618

- /lib/social/urls was extracted into SDK to move more modules out of the core and reduce coupling of the theme layer
2019-06-06 17:10:13 +02:00
Kevin Ansfield
07e9490621
🐛 Fixed server crash when AMP posts contain images with unescaped chars (#10775)
no issue

- bump `amperize` to v0.4.0 which contains an updated version of `got` which does not crash on invalid image urls
2019-06-05 17:31:23 +01:00
Kevin Ansfield
525c2753ec Update dependency @tryghost/html-to-mobiledoc to v0.4.1
no issue

- includes a fix for text content potentially being lost when converting html to mobiledoc via the API
2019-06-03 12:34:35 +01:00
Nazar Gargol
bb7bb55cf3 Bumped gscan version to 2.6.0
no issue

- Updated valid theme fixture to be inline with warning that was added when using {{each}} helper instead of {{foreach}}
2019-05-08 16:56:22 +02:00
Fabien O'Carroll
c101fd90d7
Removed lib/members in favour of packages (#10739)
* Installed `@tryghost/members-{api,auth-pages}`

no-issue

* Used @tryghost/members-auth-pages in member service

no-issue

* Used @tryghost/members-api in members service

no-issue

* Deleted core/server/lib/members

no-issue

* Fixed parent app tests

no-issue

Requiring the members api (via the `gateway` getter) was throwing an
error, so we stub out the members service getters
2019-05-08 14:08:25 +02:00
Rish
a4f4a00cc4 Updated to use slugify method from SDK for safe string
refs #10618

- Updated lib safe string security method
2019-05-07 15:33:07 +05:30
Fabien O'Carroll
4563999352 🐛 Fixed password submission for private blogging
no-issue

This bump to members-ssr includes an update which no longer consumes the
request stream when calling getMemberDataFromSession. Previously, this
method was called on every request to the theme layer, and the
private-blogging middleware was unable to parse the body as the request
stream had already been consumed.
2019-05-06 12:38:38 +02:00
Kevin Ansfield
75ae3f8736 Added parsing of html cards when using ?source=html with the v2 Admin API
no issue

- when sending `html` with `?source=html` to the v2 Admin API it's now possible to include blocks of HTML that will be extracted to html cards rather than going through the normal lossy html-to-mobiledoc conversion

Example usage would be sending HTML in the following format:

```html
<p>Some standard content...</p>

<!--kg-card-begin: html-->
<div class="my-custom-html">...</div>
<!--kg-card-end: html-->

<p>Some more content...</p>
```

In this case an html card will be created in the mobiledoc with the content `<div class="my-custom-html">...</div>`.
2019-05-04 11:30:59 +01:00
Kevin Ansfield
9f9dde3107 Added caption and language extraction for code blocks when converting HTML via API
no issue
- update @tryghost/html-to-mobiledoc to v0.3.0
- uses updated @tryghost/kg-parser-plugins that is now shared with Ghost-Admin
2019-05-03 11:55:38 +01:00
Fabien O'Carroll
66f96d0a37 Updated yarn.lock
no-issue

There was a mismatch between exact version and caret version between
package.json and yarn.lock
2019-05-01 22:13:33 +02:00
Fabien O'Carroll
cade823ba7 🐛 Fixed postinstall script when running on Windows
no-issue

The previous postinstall script used the unix specific `cp` command,
which caused installing on Windows to break. This replaces it with an
npm module which handles copying files agnostic to platform.
2019-05-01 18:09:04 +02:00
Nazar Gargol
17cc70b94b Bumped bookshelf-relations version to 1.1.1 2019-04-30 17:11:40 +02:00
Fabien O'Carroll
5d02d1999c Installed @tryghost/members-theme-bindings@0.1.0
no-issue
2019-04-24 12:46:00 +02:00
Rish
4d0643fb49 🐛 Fixed crash in calculating reading time for empty posts
no issue

- Updated helpers package to fix `null` html cases in case of empty post content
2019-04-17 15:12:01 +05:30
Fabien O'Carroll
f9899cb8c4
Updated theme layer to use members-ssr (#10676)
* Removed support for cookies in members auth middleware

no-issue

The members middleware will no longer be supporting cookies, the cookie
will be handled by a new middleware specific for serverside rendering,
more informations can be found here:

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Removed members auth middleware from site app

no-issue

The site app no longer needs the members auth middleware as it doesn't
support cookies, and will be replaced by ssr specific middleware.

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Added comment for session_secret setting

no-issue

We are going to have multiple concepts of sessions, so adding a comment
here to be specific that this is for the Ghost Admin client

* Added theme_session_secret setting dynamic default

no-issue

Sessions for the theme layer will be signed, so we generate a random hex
string to use as a signing key

* Added getPublicConfig method

* Replaced export of httpHandler with POJO apiInstance

no-issue

This is mainly to reduce the public api, so it's easier to document.

* Renamed memberUserObject -> members

no-issue

Simplifies the interface, and is more inline with what we would want to export as an api library.

* Removed use of require options inside members

no-issue

This was too tight of a coupling between Ghost and Members

* Simplified apiInstance definition

no-issue

* Added getMember method to members api

* Added MembersSSR instance to members service

* Wired up routes for members ssr

* Updated members auth middleware to use getPublicConfig

* Removed publicKey static export from members service

* Used real session secret

no-issue

* Added DELETE /members/ssr handler

no-issue

This allows users to log out of the theme layer

* Fixed missing code property

no-issue

Ignition uses the statusCode property to forward status codes to call sites

* Removed superfluous error middleware

no-issue

Before we used generic JWT middleware which would reject, now the
middleware catches it's own error and doesn't error, thus this
middleware is unecessary.

* Removed console.logs

no-issue

* Updated token expirty to hardcoded 20 minutes

no-issue

This returns to our previous state of using short lived tokens, both for
security and simplicity.

* Removed hardcoded default member settings

no-issue

This is no longer needed, as defaults are in default-settings.json

* Removed stripe from default payment processor

no-issue

* Exported `getSiteUrl` method from url utils

no-issue

This keeps inline with newer naming conventions

* Updated how audience access control works

no-issue

Rather than being passed a function, members api now receives an object
which describes which origins have access to which audiences, and how
long those tokens should be allowed to work for. It also allows syntax
for default tokens where audience === origin requesting it. This can be
set to undefined or null to disable this functionality.

{
    "http://site.com": {
        "http://site.com": {
            tokenLength: '5m'
        },
        "http://othersite.com": {
            tokenLength: '1h'
        }
    },
    "*": {
        tokenLength: '30m'
    }
}

* Updated members service to use access control feature

no-issue

This also cleans up a lot of unecessary variable definitions, and some
other minor cleanups.

* Added status code to auth pages html response

no-issue

This was missing, probably default but better to be explicit

* Updated gateway to have membersApiUrl from config

no-issue

Previously we were parsing the url, this was not very safe as we can
have Ghost hosted on a subdomain, and this would have failed.

* Added issuer to public config for members

no-issue

This can be used to request SSR tokens in the client

* Fixed path for gateway bundle

no-issue

* Updated settings model tests

no-issue

* Revert "Removed stripe from default payment processor"

This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845.

* Revert "Removed hardcoded default member settings"

This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a.

* Installed @tryghost/members-ssr

* Fixed tests for settings model
2019-04-16 16:50:25 +02:00
Rishabh Garg
62f5bdac4c
Updated to use count words/images helpers from SDK (#10686)
refs #10618

- Added @tryghost/helpers dependency to use Ghost-SDK helpers
- Updated countWords, countImages helpers and removed local copy
2019-04-16 08:00:01 +05:30
Fabien O'Carroll
5460de9c58 Updated gscan to 2.5.0
no-issue

This includes a bump to handlebars -> 4.1.2, which fixes a potential RCE
https://github.com/wycats/handlebars.js/blob/v4.1.2/release-notes.md#v412---april-13th-2019
2019-04-15 14:30:37 +02:00
Fabien O'Carroll
0f5ca616b8 Updated express-hbs to 1.1.1
no-issue

This includes a bump to handlebars -> 4.1.2, which fixes a potential RCE
https://github.com/wycats/handlebars.js/blob/v4.1.2/release-notes.md#v412---april-13th-2019
2019-04-15 14:30:37 +02:00
Fabien O'Carroll
3f52c404d4 Removed coverage tasks from Gruntfile
refs #9441
2019-04-08 18:23:35 +02:00
Fabien O'Carroll
c461c66b38 Added support for local template options
no-issue

This bumps express-hbs to 1.1.0 which includes the change for local
template options.

https://github.com/barc/express-hbs/releases/tag/v1.1.0
2019-04-03 11:31:20 +02:00
Nazar Gargol
7d6436f9bf Bumped gscan version to 2.4.0
no issue

- Updated theme fixtures to be in line with new deprecation rules
for {{lang}} and {{@blog.*}} helpers introduced with https://github.com/TryGhost/gscan/pull/180
2019-04-02 13:47:59 +08:00
Fabien O'Carroll
e99db0ee2d Revert "🐛 Fixed AMP output when there is a trailing '$'" (#10642)
This reverts commit 0c77033d51.

See https://github.com/TryGhost/Ghost/issues/10643 for an explanation.
2019-03-27 17:20:21 +00:00
Fabien O'Carroll
0c77033d51 🐛 Fixed AMP output when there is a trailing '$'
closes #9716

This was caused by a bug in express-hbs, which has more explanation
here:
https://github.com/TryGhost/Ghost/issues/9716#issuecomment-414863553
2019-03-26 12:19:30 +08:00
Nazar Gargol
b95547c3a2 Bumped ghost-ignition version to 3.0.4 2019-03-11 12:01:14 +08:00
Nazar Gargol
363d10cc29 Bumped ghost-ignition version to 3.0.3
no issue
2019-03-07 14:29:03 +08:00
Vikas Potluri
42c472feff Removed superagent dependency (#10535)
no issue

- Migrated default scheduling adapter to use Got via the request proxy
- SchedulingDefault is the only module that was using superagent so removed it as a dependency
2019-03-04 15:59:38 +08:00
Nazar Gargol
4db2eb7ce1 Bumped @tryghost/html-to-mobiledoc version
refs #10471
2019-02-25 10:25:56 +07:00
Nazar Gargol
f394eaa7b8 Added optional support for HTML source
closes TryGhost/Ghost-SDK/issues/51

- Due to JSDOM not supporting Node v6 the support for HTML conversion is now optional
2019-02-21 13:27:47 +07:00
Nazar Gargol
4e12b73c8a Bumped and pinned version for @tryghost/html-to-mobiledoc
no issue
2019-02-15 19:07:01 +00:00
Nazar Gargol
9020293e61 Added posibility to accept html as an input source for post
closes #10471

- Allows accepting HTML input for /posts endpoint when `?source=html` is
present in query parameter along with `html` in request payload
2019-02-15 18:58:46 +00:00
Fabien O'Carroll
bdd57b36cf
Moved grunt-eslint to npm script executing eslint (#10474)
refs #9441

* Updated top-level ids to use const
* Removed one layer of indentation
* Added .eslintignore files for server and test tasks
* Added npm scripts for eslint
* Fixed lint command in w/ grunt
* Uninstalled grunt-eslint
* Added eslint config
2019-02-11 13:26:06 +01:00
Nazar Gargol
6e0409d6db Bumped ghost-ignition version
no issue
2019-02-11 12:18:29 +00:00
Fabien O'Carroll
986c6d1f07
Removed minimist dev dependency (#10475)
refs #9441
2019-02-11 13:16:09 +01:00
Kevin Ansfield
aa1b9574ab Updated oembed providers list
no issue
- switch away from forked version of `oembed-parser` - our changes are merged upstream
- latest `oembed-parser` has a newer version of the providers list
2019-02-11 12:13:33 +00:00
Naz Gargol
19643c75dd
Added JSON Schema validation for /posts endpoint (#10468)
refs #10438

- Added  validation helper based on JSON schema
- Added schema validation for POST/PUT in /posts endpoints
- Refactored existing authors validation test suite
- Extended test coverage with a minimally required structure of post.add validator
2019-02-08 10:40:58 +00:00
kirrg001
6616cfe617 Fixed triggering bookshelf event twice
no issue

- bumped bookshelf-relations
- IMO this bug is not critical, because our event listeners should be protected to run twice
2019-02-07 22:10:12 +01:00
Kevin Ansfield
68d73d31b2 Bumped express-hbs dependency
no issue
- express-hbs has been updated to depend on handlebars@4.0.13 which protects against a potential RCE
- Ghost itself was not vulnerable to the RCE due to protection by gscan which does not allow themes using unknown helpers to be installed/activated
2019-02-07 14:16:37 +00:00
Fabien O'Carroll
46bf5270df
Added initial subscription support with stripe to Members API (#10460)
These changes introduce a new "service" to the members api, which handles getting and creating subscriptions.

This is wired up to get subscription information when creating tokens, and attaching information to the token, so that the Content API can allow/deny access. 

Behind the subscription service we have a Stripe "payment processor", this holds the logic for creating subscriptions etc... in Stripe.

The logic for getting items out of stripe uses a hash of the relevant data as the id to search for, this allows us to forgo keeping stripe data in a db, so that this feature can get out quicker.
2019-02-07 10:41:39 +01:00
Fabien O'Carroll
6dc47f2ff2 🐛 Fixed errors for missing sharp install
closes #10421
2019-02-05 10:14:05 +01:00
kirrg001
3289dc7619 Introduced model._changed
refs #9248

- Bookshelf gives access to ".changed" before the update
  - Discussion: https://github.com/bookshelf/bookshelf/issues/1943
- We also need to know what has changed after the update to be able to decide if we should trigger events
- Furthermore: Bookshelf cannot handle relation updates, it always marks relations as changed even though they did not change
- Bumped bookshelf-relations to be able to
  - know if relations were updated
  - ensure we unset relations on bookshelf's ".changed"
2019-02-03 13:02:26 +01:00
Fabien O'Carroll
12a265b500
🐛 Fixed error for missing sharp install (#10423)
closes #10421
refs #10181

This bumbs the ghost-ignition dep, so that the code passed to errors
takes priority over any code the error is inheriting from.
2019-01-28 12:37:27 +01:00
kirrg001
d017cf32a0 🐛 Fixed eslint installation error when using node version < 8.10 and < 6.14
closes #10420

- bumped brute-knex

> error eslint@5.12.1: The engine “node” is incompatible with this module. Expected version “^6.14.0 || ^8.10.0 || >=9.10.0”. Got “8.9.1”
2019-01-27 18:29:40 +01:00
kirrg001
baa8a6a1d4 Bumped moment to version 2.24.0
no issue
2019-01-22 09:12:43 +01:00
kirrg001
c862110cc4 Respected peer dependency for bookshelf
no issue

- need to use knex 0.14.x for now
- Bookshelf already bumped the peer dependency in master, but was not released yet
2019-01-22 09:12:43 +01:00
Katharina Irrgang
4acc375fb6
Bumped knex & bookshelf dependencies (#10404)
refs #9389, refs #9248

- https://github.com/bookshelf/bookshelf/releases/tag/0.14.0
- Bookshelf has fixed it's previous attr handling, see https://github.com/bookshelf/bookshelf/pull/1848
- SQlite3 double slashes was merged into knex and released 👻tgriesser/knex@c746dea
2019-01-21 21:53:11 +01:00
Katharina Irrgang
d0687da3a3
Bumped major test dependencies (#10403)
refs #9389

- eslint@5.12.1, eslint-plugin-ghost@0.1.0, grunt-contrib-clean@2.0.0, grunt-contrib-uglify@4.0.0, grunt-eslint@21.0.0, grunt-mocha-cli@4.0.0, grunt-shell@3.0.1, mocha@5.2
.0, nock@10.0.6, rewire@4.0.1

All of them dropped Node v4. I was not able to find any other big breaking changes, which affect us right now.
2019-01-21 18:28:44 +01:00
Katharina Irrgang
fb044e6d88
Bumped sinon from 4.4.6 to 7.3.2 (#10400)
refs #9389

- https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md

Breaking changes for Ghost:

- no need to create a sandbox anymore, each file get's it's own sandbox
- just require sinon and use this sandbox
- you can still create separate sandboxes with .createSandbox
- reset single stubs: use .resetHistory instead of .reset

This is a global replace for any sandbox creation.

---

From https://sinonjs.org/releases/v7.2.3/sandbox/

> Default sandbox
> Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
kirrg001
c20ff9afb8 Bumped superagent from 3.8.3 to 4.1.0
refs #9389

- https://github.com/visionmedia/superagent/blob/master/History.md#400-2018-11-17
- breaking changes don't really affect us
  - .end(…) returns undefined instead of the request. If you need the request object after calling .end() (and you probably don't), save it in a variable and call request.end(…). Consider not using .end() at all, and migrating to promises by calling .then() instead.
  - this could be changed, but it's not required
2019-01-21 15:19:07 +01:00
kirrg001
742aef77f2 Bumped html-to-text from 3.3.0 to 4.0.0
refs #9389

- https://github.com/werk85/node-html-to-text/blob/master/CHANGELOG.md#version-400
- breaking change does not affect us
2019-01-21 15:02:52 +01:00
kirrg001
1705e8575f Bumped csv-parser from 1.12.1 to 2.1.0
refs #9389

- breaking change does not affect use
- https://github.com/mafintosh/csv-parser/releases/tag/v2.0.0
2019-01-21 14:40:30 +01:00
kirrg001
eedf0dae02 Bumped chalk from version 1.1.3 to 2.4.2
refs #9389

- i was not able to find a breaking change, which affects us
- https://github.com/chalk/chalk/releases/tag/v2.0.0
2019-01-21 14:31:26 +01:00
kirrg001
8174a5cce7 Bumped archiver from version 1.3.0 to 3.0.0
refs #9389

- i wasn't able to find a breaking change which affect us
- https://github.com/archiverjs/node-archiver/blob/master/CHANGELOG.md
- we use it for downloading themes. this feature still works
2019-01-21 14:16:00 +01:00
kirrg001
7681199135 Bumped analytics-node from version 2.4.1 to 3.3.0
refs #9389

- breaking changes do not affect us
- https://github.com/segmentio/analytics-node/releases/tag/v3.0.0
2019-01-21 13:36:46 +01:00
kirrg001
f17d134759 Bumped dependencies
no issue
2019-01-21 13:33:20 +01:00
Fabien O'Carroll
1c56221d80 Added API Key auth middleware to v2 Admin API (#10006)
refs #9865

- Added `auth.authenticate.authenticateAdminApiKey` middleware
  - accepts signed JWT in an `Authorization: Ghost [token]` header
  - sets `req.api_key` if the token is valid
- Updated `authenticatePrivate` middleware stack for v2 admin routes
2019-01-18 12:45:06 +00:00
Hannah Wolfe
846a94728f
🐛 Fixed uncaught exceptions from image fetches
closes #10383

- Upgrades got to 8.3.2, which contains better error handling and resolves the issue with uncaught exceptions
- Note: Got 9.x stream doesn't support Node v6
- Requires us to hardcode http:// for xmlrpc because there is a breaking change where got now defaults to https instead of http
2019-01-15 20:35:46 +00:00
Katharina Irrgang
9d7c3bd726
🐛 Fixed all known filter limitations (#10159)
refs #10105, closes #10108, closes https://github.com/TryGhost/Ghost/issues/9950, refs https://github.com/TryGhost/Ghost/issues/9923, refs https://github.com/TryGhost/Ghost/issues/9916, refs https://github.com/TryGhost/Ghost/issues/9574, refs https://github.com/TryGhost/Ghost/issues/6345, refs https://github.com/TryGhost/Ghost/issues/6309, refs https://github.com/TryGhost/Ghost/issues/6158, refs https://github.com/TryGhost/GQL/issues/16

- removed GQL dependency
- replaced GQL with our brand new NQL implementation
- fixed all known filter limitations
- GQL suffered from some underlying filter bugs, which NQL tried to fix
- the bugs were mostly in how we query the database for relation filtering
- the underlying problem was caused by a too simple implementation of querying the relations
- mongo-knex has implemented a more robust and complex filtering mechanism for relations
- replaced logic in our bookshelf filter plugin
- we pass the custom, default and override filters from Ghost to NQL, which then are getting parsed and merged into a mongo JSON object. The mongo JSON is getting attached by mongo-knex.

NQL: https://github.com/NexesJS/NQL
mongo-knex: https://github.com/NexesJS/mongo-knex
2018-12-11 11:53:40 +01:00
Fabien O'Carroll
38c631eaf7 Installed deps required for members
refs #10213
2018-12-11 11:53:55 +07:00
Nazar Gargol
28a686a936 🐛 Fixed image optimisation for input image being smaller than optimized one
closes #10144

- When the input image is well optimized and has smaller byte size than the processed one it's still being used
- Bumped sharp version to have access to `size` property
2018-11-13 13:19:31 +01:00
kirrg001
fb3c375e74 Bumped knex-migrator to version 3.2.4
refs https://github.com/TryGhost/Ghost/issues/10155
2018-11-13 12:00:40 +01:00
Fabien O'Carroll
e0f31c67ba Installed jsonwebtoken@8.3.0 2018-11-08 13:32:09 +07:00
Katharina Irrgang
4bd211b42a Added Node v10 Support (#10058)
* Added Node v10 Support

no issue

Signed-off-by: kirrg001 <katharina.irrgang@googlemail.com>

* Bump amperize to version 0.3.8

no issue

* Bump mysql to version 2.16.0

no issue

- mysql 2.15.0 uses a deprecated notation for timers
- e.g. timers.unenroll()

* Bump sub dependencies

no issue

- e.g. knex-migrator used mysql 2.15.0

* Bump dependencies

no issue

* Replaced `new Buffer` with `Buffer.from`

no issue

- Buffer() is deprecated due to security and usability issues.
- https://nodejs.org/en/docs/guides/buffer-constructor-deprecation/
2018-10-30 15:45:51 +07:00
Katharina Irrgang
a7b0029471 Added mobiledoc revisions functionality
closes #9927

- Added post model implementation to be able to store up to 10 versions of mobiledoc
- Bumped GQL to support filtering on the mobiledoc revision table
- Added tests ensuring new functionality works
2018-10-09 15:31:09 +02:00
Katharina Irrgang
db1d2f62dd
Removed api integration tests (#9940)
refs #9866 

- moved the tests either to unit tests or routing tests
- or removed test case (a lot)
- this commit is very big 🤪, it was not rly possible to create clean commits for this
- it only changes the test env, no real code is touched

Next steps:
- optimise folder structure + make v2 testing possible
- reduce some more tests from routing and model integeration tests
2018-10-06 22:13:52 +02:00
Fabien O'Carroll
cb0c5dc582
Session auth service (#9910)
refs #9865

* This service handles the session store and exporting middleware to be
used for creating and managing sessions

* Updates the auth service index.js file in line with how we do things elsewhere

* After wrapping the exports in a getter, the usage of rewire had broken
the authenticate tests, this commit _removes_ rewire from the tests, calls `init` on
the models before the tests (needed because rewire isn't there) and also
cleans up the use of var.
2018-10-02 15:35:23 +07:00
Nazar Gargol
082dec7507 Bumped ghost-ignition to version 2.9.6 2018-09-25 11:41:37 +02:00
Nazar Gargol
57271127f4 Added v2 api endpoints (#9874)
refs #9866

- Registered Content API under /ghost/api/v2/content/
- Registered Admin API under /ghost/api/v2/admin/
- Moved API v0.1 implementation to web/api/v0.1
- Created web/api/v2 for the new api endpoints
- Started with reducing the implementation for the new Content API (the Content api does not serve admin api endpoints, that's why it was reducible)
- Covered parent-app module with basic test checking correct applications/routes are being mounted
- Added a readme file, which contains a warning using v2, because it's under active development!
- This PR does only make the new endpoints available, we have not:
  - optimised the web folder (e.g. res.isAdmin)
  - started with different API controllers
  - reason: we want to do more preparation tasks before we copy the api controllers
2018-09-18 15:59:06 +02:00
Kevin Ansfield
2eada22282 Bump forked oembed-parser dependency
no issue
- removes bellajs sub-dependency that wasn't pinned because it's latest version restricts the usable node version
2018-09-18 10:33:04 +01:00
Sumedh Nimkarde
efd1587ee9 Switched to eslint-plugin-ghost (#9835)
refs #9834

- @TODO: the test env eslint needs to use the plugin, not part of this PR
2018-09-17 20:49:30 +02:00
Nazar Gargol
b36490b6e7 Bump gscan to version 2.2.1
closes #9851
2018-09-06 12:24:17 +02:00
Fabien O'Carroll
c9b8ddde4b 🎨Added absolute_url flag to public api (#9833)
closes #9832

The API _should_ be returning absolute URLs for everything, 3rd party applications require absolute urls to read and display ghost data correctly. Currently they have to concat the blog url and the resource url, which is very uncomfortable.

Changing the public api like this would be considered a breaking change however so we've opted to put it behind a query parameter named `absolute_urls`.
2018-08-31 11:02:39 +01:00
Rish
5f49d9090a Update gscan version 2018-08-30 17:59:47 +01:00
Nazar Gargol
0faf89b5ab Added ability to resize and compress images on upload (#9837)
refs #4453

* On by default

* Added config to disable resizing

* Added basic image optimization processing

* Added dep: sharp (optional dep)

* Added resize middleware

* Take care of rotation based on EXIF information

* Removed all meta data from optimised image

* Added handling if sharp could not get installed

* Do not read ext twice - optimisation

* Do not call sharp if config is disabled

* Do not remove the original image which was uploaded (store 2 images)

* Support of `req.files` for internal logic

* Disabled cache to enable file removal on Windows
2018-08-30 17:30:36 +01:00
Katharina Irrgang
47e9eb48f7 Changed oembed-parser git link in package.json (#9806)
no issue
- git links require git to be installed which isn't likely on servers
- use tarball instead
2018-08-21 09:30:19 +01:00
Kevin Ansfield
c186347f0c
🐛 Koenig - Fixed Vimeo, Hulu, and Facebook Post embeds (#9803)
refs https://github.com/TryGhost/Ghost/issues/9786
- bumped `oembed-parser` dependency to a forked version
  - contains fix for oembed.com providers that include `{format}` in the `url`
  - contains updated `providers.json` file including the `Facebook (Post)` provider (thanks @lunaticmonk)
2018-08-20 11:52:40 +01:00
kirrg001
5d42767bfd Bump knex-migrator to version 3.2.3
no issue
2018-08-16 12:13:24 +02:00
kirrg001
59d9f1867d Bump gscan to version 2.0.0
no issue
2018-08-16 12:13:24 +02:00
kirrg001
ee7814cb1f Bump knex-migrator to version 3.2.2
no issue
2018-08-16 12:13:24 +02:00
kirrg001
dc96d2d451 Bump gscan to tarball link
no issue

- GScan 2.0 is in progress
- it's helpful to use a latest tarball already for testing
- https://github.com/TryGhost/gscan/commits/2.0
2018-08-16 12:13:24 +02:00
kirrg001
65b5ccfe54 Bump gscan to tarball link
no issue

- GScan 2.0 is in progress
- it's helpful to use a latest tarball already for testing
2018-08-16 12:13:24 +02:00
kirrg001
f574507214 Bump knex-migrator to version 3.2.1
no issue
2018-08-16 12:13:24 +02:00
Hannah Wolfe
290f74f815 Added advanced filtering to Dynamic Routing (#9757)
refs #9601, refs #9742

- Upgraded NQL to 0.1.0
- The new version of NQL supports aliases e.g. `tag: tags.slug`, which makes it possible to define `filter=tag:support`
- Furthermore, this allows us to support advanced filtering like tag:[a,b]
- In dynamic routing, we use mingo via NQL which has a slightly different feature set to GQL in the API:
   - AND NOT, OR and other advanced logic combos DO work on joined tables
   - Counts are not yet supported
- The Dynamic Routing beta docs should describe that API filtering and Dynamic Routing filtering is different
2018-08-16 12:13:24 +02:00
kirrg001
ef5dd6b878 Bump knex-migrator to version 3.2.0
no issue
2018-08-16 12:13:24 +02:00
kirrg001
23b4fd26c6 Moved knex-migrator execution into Ghost
refs #9742, refs https://github.com/TryGhost/Ghost-CLI/issues/759

- required a reordering of Ghost's bootstrap file, because:
  - we have to ensure that no database queries are executed within Ghost during the migrations
  - make 3 sections: check if db needs initialisation, bootstrap Ghost with minimal components (db/models, express apps, load settings+theme)
- create a new `migrator` utility, which tells you which state your db is in and offers an API to execute knex-migrator based on this state
- ensure we still detect an incompatible db: you connect your 2.0 blog with a 0.11 database
- enable maintenance mode if migrations are missing
- if the migration have failed, knex-migrator roll auto rollback
  - you can automatically switch to 1.0 again
- added socket communication for the CLI
2018-08-16 12:13:24 +02:00
kirrg001
8c1061cd30 Bump dependencies
no issue

- ghost-ignition@2.9.4
  - fixed log rotation (c8f256430a)
- multer@1.3.1
- uuid@3.3.2
- nock@9.4.0
2018-07-02 12:39:58 +02:00
Katharina Irrgang
7027980ad2
Dynamic Routing Beta: Filter collections with NQL (#9704)
refs #9601

- replace jsonpath with [NQL](https://github.com/NexesJS/NQL)
- jsonpath was just a temporary solution (a short-term fix)
- with NQL we are able to filter collections more powerful in the near future
- NQL is not feature complete
- we still support `featured:true` for collections
2018-06-26 01:54:51 +02:00
Katharina Irrgang
fc9da07025
Dynamic Routing Beta: Added ability to disable+override rss (#9693)
refs #9601

- you can now use `rss:false`
- ability to define a custom rss url with a target template (+ content_type)
- ability to disable rss for channel or collection
2018-06-26 01:33:29 +02:00
kirrg001
11b61aebce Bump dependencies
no issue

- image-size@0.6.3
- moment-timezone@0.5.21
- oembed-parser@1.1.1
- simple-html-tokenizer@0.5.5
- nock@9.3.3
- sqlite3@4.0.1
2018-06-25 18:43:08 +02:00
Katharina Irrgang
835fd6c45b
Removed knex mock (#9685)
no issue

- this mock eat already too much of my/our time
- the idea of adding a knex mock was definitely a failed approach/try
- it's too much to maintaince and have not found a module which does this already
  - we have to support any query format
  - this is too crazy
- the idea was to use the knex mock for model unit tests, because if we want to unit test models we have to
  run through bookshelf, because the whole model layer depends on bookshelf e.g. events
- for now we simply use the real database
  - we could use the sqlite3 memory mode, but that would mean every unit test runs on sqlite3
  - something to consider for later e.g. run unit tests on one matrix
  - run the rest on another matrix for sqlite + mysql
2018-06-12 20:26:16 +02:00
Kevin Ansfield
ca20f3a6b0 Added /oembed API endpoint
refs https://github.com/TryGhost/Ghost/issues/9623
- add `oembed-parser` module for checking provider availability for a url and fetching data from the provider
  - require it in the `overrides.js` file before the general Promise override so that the `promise-wrt` sub-dependency doesn't attempt to extend the Bluebird promise implementation
- add `/oembed` authenticated endpoint
  - takes `?url=` query parameter to match against known providers
  - adds safeguard against oembed-parser's providers list not recognising http+https and www+non-www
  - responds with `ValidationError` if no provider is found
  - responds with oembed response from matched provider's oembed endpoint if match is found
2018-06-12 16:18:01 +01:00
kirrg001
2f69e51018 Bump dependencies
no issue

- ghost-ignition@2.9.3
- simple-html-tokenizer@0.5.3
2018-06-06 14:00:43 +02:00
kirrg001
fdde9f7c5d Bump dependencies
no issue

- body-parser@1.18.3
- extract-zip@1.6.7
- js-yaml@3.12.0
- moment@2.22.2
- moment-timezone@0.5.17
- grunt@1.0.3
- grunt-contrib-watch@1.1.0
- nock@9.3.0
- supertest@3.1.0
2018-06-04 15:48:07 +02:00
Aileen Nowak
2cc032524e Bump gscan to version 1.4.3
no issue

- fixes a bug, that didn't catch errors caused by corrupt zip files
- uses a fork of the `extract-zip` dependency with a bug fix for https://github.com/maxogden/extract-zip/issues/65
2018-05-16 10:20:30 +08:00
kirrg001
45b3d50ced Bump dependencies
no issue

bookshelf-relations@0.2.1, bson-objectid@1.2.3, csv-parser@1.12.1, ghost-gql@0.0.10, ghost-ignition@2.9.2, ghost-storage-base@0.0.3, gscan@1.4.2, knex@0.14.6, knex-mig
rator@3.1.6, lodash@4.17.10, moment@2.22.1, moment-timezone@0.5.16, simple-html-tokenizer@0.5.1, superagent@3.8.3, eslint@4.19.1, grunt-contrib-watch@1.0.1, nock@9.2.5
2018-05-01 14:06:18 +02:00
kirrg001
932d5f4c60 Bump brute-knex to version 3.0.0
no issue

- drop node 4 support
- i finally got full access to brute-knex
- see https://github.com/llambda/brute-knex
2018-05-01 14:06:18 +02:00
Aileen Nowak
63642fd8ad YAML settings loader and parser
closes #9528

These code changes introduce a YAML parser which will load and parse YAML files from the `/content/settings` directory. There are three major parts involved:

1. `ensure-settings.js`: this fn takes care that on bootstrap, the supported files are present in the `/content/settings` directory. If the files are not present, they get copied back from our default files. The default files to copy from are located in `core/server/services/settings`.

2. `loader.js`: the settings loader reads the requested `yaml` file from the disk and passes it to the yaml parser, which returns a `json` object of the file. The settings loader throws an error, if the file is not accessible, e. g. because of permission errors.

3. `yaml-parser`: gets passed a `yaml` file and returns a `json` object. If the file is not parseable, it returns a clear error that contains the information, what and where the parsing error occurred (e. g. line number and reason).

- added a `get()` fn to settings services, that returns the settings object that's asked for. e. g. `settings.get('routes').then(()...` will return the `routes` settings.
- added a `getAll()` fn to settings services, that returns all available settings in an object. The object looks like: `{routes: {routes: {}, collections: {}, resources: {}}, globals: {value: {}}`, assuming that we have to supported settings `routes` and `globals`.

Further additions:
- config `contentPath` for `settings`
- config overrides for default `yaml` files location in `/core/server/services/settings`

**Important**: These code changes are in preparation for Dynamic Routing and not yet used. The process of copying the supported `yaml` files (in this first step, the `routes.yaml` file) is not yet activated.
2018-04-15 19:40:22 +02:00
kirrg001
e986ce4af7 Bump ghost-ignition to version 2.9.1
no issue

- fixes a bug, which can slow down the process when using loggly transport
2018-04-02 21:05:16 +02:00
Katharina Irrgang
40d0a745df Multiple authors (#9426)
no issue

This PR adds the server side logic for multiple authors. This adds the ability to add multiple authors per post. We keep and support single authors (maybe till the next major - this is still in discussion)

### key notes

- `authors` are not fetched by default, only if we need them
- the migration script iterates over all posts and figures out if an author_id is valid and exists (in master we can add invalid author_id's) and then adds the relation (falls back to owner if invalid)
- ~~i had to push a fork of bookshelf to npm because we currently can't bump bookshelf + the two bugs i discovered are anyway not yet merged (https://github.com/kirrg001/bookshelf/commits/master)~~ replaced by new bookshelf release
- the implementation of single & multiple authors lives in a single place (introduction of a new concept: model relation)
- if you destroy an author, we keep the behaviour for now -> remove all posts where the primary author id matches. furthermore, remove all relations in posts_authors (e.g. secondary author)
- we make re-use of the `excludeAttrs` concept which was invented in the contributors PR (to protect editing authors as author/contributor role) -> i've added a clear todo that we need a logic to make a diff of the target relation -> both for tags and authors
- `authors` helper available (same as `tags` helper)
- `primary_author` computed field available
- `primary_author` functionality available (same as `primary_tag` e.g. permalinks, prev/next helper etc)
2018-03-27 15:16:15 +01:00
Katharina Irrgang
7c6f690eb5 🐛 Fixed updated_at not being updated (#9532)
closes #9520

- it contains a dependency bump of the latest Bookshelf release
- Bookshelf introduced a bug in the last release
  - see https://github.com/bookshelf/bookshelf/pull/1583
  - see https://github.com/bookshelf/bookshelf/pull/1798
- this has caused trouble in Ghost
  - the `updated_at` attribute was not automatically set anymore

---

The bookshelf added one breaking change: it's allow to pass custom `updated_at` and `created_at`.
We already have a protection for not being able to override the `created_at` date on update.
We had to add another protection to now allow to only change the `updated_at` property.
You can only change `updated_at` if you actually change something else e.g. the title of a post.

To be able to implement this check i discovered that Bookshelfs `model.changed` object has a tricky behaviour.
It remembers **all** attributes, which where changed, doesn't matter if they are valid or invalid model properties.
We had to add a line of code to avoid remembering none valid model attributes in this object.

e.g. you change `tag.parent` (no valid model attribute). The valid property is `tag.parent_id`.
     If you pass `tag.parent` but the value has **not** changed (`tag.parent` === `tag.parent_id`), it will output you `tag.changed.parent`. But this is wrong.
     Bookshelf detects `changed` attributes too early. Or if you think the other way around, Ghost detects valid attributes too late.
     But the current earliest possible stage is the `onSaving` event, there is no earlier way to pick valid attributes (except of `.forge`, but we don't use this fn ATM).
     Later: the API should transform `tag.parent` into `tag.parent_id`, but we are not using it ATM, so no need to pre-optimise.
     The API already transforms `post.author` into `post.author_id`.
2018-03-26 14:12:02 +01:00
Katharina Irrgang
fa1cc76e15
Bump dependencies (#9516)
no issue

- compression@1.7.2
- express@4.16.3
- ghost-ignition@2.9.0
- gscan@1.3.4
- knex-migrator@3.1.5
- lodash@4.17.5
- moment@2.21.0
- netjet@1.3.0
- sanitize-html@1.18.2
- sqlite@4.0.0
- eslint@4.19.0
- grunt@1.0.2
- sinon@4.4.6
- nock@9.2.3
- grunt-express-server@0.5.4

This commit resolves https://hackerone.com/reports/310439.
2018-03-21 18:49:42 +01:00
Katharina Irrgang
95423ea8fa
Bump dependencies (#9513)
no issue

- knex@0.14.4
- bookshelf@0.13.0
- knex-migrator@3.1.4
- brute-knex@4feff38ad2
- bookshelf-relations@0.2.0

### Fixes for Bookshelf 0.13

- they introduced some breaking changes
- https://github.com/bookshelf/bookshelf/blob/master/CHANGELOG.md#breaking-changes
- adapt event handling in Ghost and in bookshelf-relations
2018-03-19 16:27:06 +01:00
Silvio Fernández
043370d84e Bump markdown-it to version 8.4.1 (#9484)
no issue

- which bumps the sub-dependency "uc.micro" to 1.0.5 
- this version is now MIT licensed
2018-03-05 10:03:24 +01:00
kirrg001
68d8154d4f Imported nested tags by foreign key
no issue

- replace logic for preparing nested tags
- if you have nested tags in your file, we won't update or update the target tag
- we simply would like to add the relationship to the database
- use same approach as base class
  - add `posts_tags` to target post model
  - update identifiers
  - insert relation by foreign key `tag_id`
- bump bookshelf-relations to 0.1.10
2018-02-20 09:56:45 +01:00
kirrg001
0b5cfd933f Added knex mock for unit testing
no issue

- added https://github.com/colonyamerican/mock-knex as dev dependency
- the mock serves our data generator test data by default
  - but you can define your own if you want
- we need a proper mock for unit testing
- we should not mock bookshelf if possible, otherwise we can't test event flows
2018-02-15 22:11:49 +01:00
Katharina Irrgang
80a1128016
Bump dependencies (#9421)
no issue

- bookshelf-relations@0.1.5
- ghost-ignition@2.8.18
- sanitize-html@1.17.0
- semver@5.5.0
- uuid@3.2.1
- eslint@4.16.0
- should@13.2.1
- sinon@4.2.1
2018-01-24 22:50:20 +01:00
Katharina Irrgang
9a8acd5517
Downgraded dependencies (#9403)
no issue

- knex@0.12.9
- bookshelf@0.10.3
- and any dependency, which relies on knex@0.14
- we experienced an unwated behaviour where the blog keeps too many connections open
- we have to investigate
2018-01-17 17:49:07 +01:00
kirrg001
042b18cb69 Bump dependencies
no issue

- brute-knex@4feff38ad2e4ccd8d9de05f04a2ad7a5eb3e0ac1
- knex-migrator@3.1.4
- ghost-ignition@2.8.17
2018-01-11 22:59:22 +01:00
Katharina Irrgang
4d6538fbca
Bump dependencies (#9391)
no issue

- bookshelf@0.12.1
- knex@0.14.2
- moment@2.20.1
- eslint@4.15.0
- nock@9.1.6
- sinon@4.1.4
2018-01-11 21:19:34 +01:00
juan-g
f671f9d2c9 Theme translations and blog localisation (#8437)
refs #5345, refs #3801

- Blog localisation
  - default is `en` (English)
  - you can change the language code in the admin panel, see https://github.com/TryGhost/Ghost-Admin/pull/703
  - blog behaviour changes depending on the language e.g. date helper format
  - theme translation get's loaded if available depending on the language setting
  - falls back to english if not available

- Theme translation
  - complete automatic translation of Ghost's frontend for site visitors (themes, etc.), to quickly deploy a site in a non-English language
  - added {{t}} and {{lang}} helper
  - no backend or admin panel translations (!)
  - easily readable translation keys - very simple translation
  - server restart required when adding new language files or changing existing files in the theme
  - no language code validation for now (will be added soon)
  - a full theme translation requires to translate Ghost core templates (e.g. subscriber form)
  - when activating a different theme, theme translations are auto re-loaded
  - when switching language of blog, theme translations are auto re-loaded

- Bump gscan to version 1.3.0 to support more known helpers

**Documentation can be found at https://themes.ghost.org/v1.20.0/docs/i18n.**
2018-01-09 14:50:57 +01:00
Aileen Nowak
8ea861c496 Bump Amperize to version 0.3.7 (#9370)
no issue

- includes updated tests and usage of another user-agent for image requests
2018-01-04 14:44:33 +01:00
kirrg001
fccfa7614d Bump bookshelf-relations to version 0.1.4
no issue

- patch release with two fixes:
  - 1. attach target models in batches
  - 2. ensure we detach the bookshelf model event from new targets, otherwise we can run into memory leaks
2018-01-02 23:20:04 +01:00
kirrg001
98dcbd72bc Bump dependencies
no issue

- bson-objectid@1.2.2
- image-size@0.6.2
- knex-migrator@3.1.3
- nconf@0.10.0
- sanitize-html@1.16.3
- superagent@3.8.2

- eslint@4.14.0
- grunt-contrib-uglify@3.3.0
- grunt-subgrunt@1.3.0
- mocha@4.1.0
- nock@9.1.5
- should@13.2.0
- sinon@4.1.3
2018-01-02 12:08:32 +01:00
kirrg001
1ac7c00d4a Bump knex-migrator to version 3.1.2
no issue

- patch update
2017-12-05 10:04:23 +01:00
Katharina Irrgang
0bb81bb3c4
Bump knex-migrator to version 3.1.1 (#9199)
no issue

- adapt major changes of knex-migrator v3
- adapt migration scripts, simplify and add `down` (rollback) hook if possible
- clear Ghost cache after init hook (because of `knex-migrator migrate --init`)
- ensure db migrations work with the CLI
- updated troubleshooting guide (https://docs.ghost.org/v1/docs/troubleshooting#section-task-execute-is-not-a-function)

**For development only: Please ensure you run `npm i -g knex-migrator@latest` to update your global installation to v3. We always prefer the local installation, but v3 has modified and added binaries.**
2017-12-05 09:14:55 +01:00
kirrg001
d58f7ae22b Bump grunt-mocha-cli to version 3.0.0
no issue

- https://github.com/Rowno/grunt-mocha-cli/blob/master/CHANGELOG.md#300--2016-11-07
- no major changes to adapt
2017-11-29 10:34:36 +01:00
kirrg001
53e7789d6d Bump grunt-shell to version 2.1.0
no issue

- no major changes to adapt
- 3b379e718a
2017-11-29 10:34:36 +01:00
kirrg001
5e370bc5ce Bump matchdep to version 2.0.0
no issue

- no major changes to adapt
2017-11-29 10:34:36 +01:00
kirrg001
71f6068aa6 Bump grunt-contrib-uglify to version 3.2.1
no issue

- we only use the `sourceMap` option, which is still supported
2017-11-29 10:34:36 +01:00
kirrg001
9ce20fb043 Removed run-sequence dev dependency
no issue

- not used
2017-11-29 10:34:36 +01:00
kirrg001
ee7710ba68 Bump mocha to version 4.0.1
no issue

- https://github.com/mochajs/mocha/blob/master/CHANGELOG.md#400--2017-10-02
- the new `--exit` flag might be interesting at some point

> In Mocha v3.0.0 and newer, returning a Promise and calling done() will result in an exception.

- adapt teardown/setup test utility
- adapt other mixed usages of callback && Promise usage
2017-11-29 10:34:36 +01:00
kirrg001
404d045461 Bump rewire to version 3.0.2
no issue

- nothing to adapt for the major jump
2017-11-29 10:34:36 +01:00
Katharina Irrgang
b9a44bacf6
Bump should to version 13.1.3 (#9284)
refs https://github.com/TryGhost/Ghost/issues/9178

- adapt major changes
- see https://github.com/shouldjs/should.js/blob/master/History.md
- should.have.enumerable was removed
2017-11-28 19:41:16 +01:00
Katharina Irrgang
b4b5da2a75
Bump sinon to version 4.1.2 (#9283)
refs #9178

- adapt major changes
2017-11-28 18:19:23 +01:00
kirrg001
2f23cd32bb Bump dependencies
no issue

- gscan@1.2.3
- sanitize-html@1.16.1
- eslint@4.12.0
- nock@9.1.3
- sqlite3@3.1.13
2017-11-28 14:02:47 +01:00
Aileen Nowak
a4cf29dc7d Bump amperize to version 0.3.6 (#9264)
no issue

New version contains
- dependency updates
- Node v8 support
- Eslint refactoring
2017-11-21 15:00:04 +01:00
Katharina Irrgang
dfd4afea19 Add bookshelf-relations (#9252)
no issue

- added https://github.com/TryGhost/bookshelf-relations as dependency
- remove existing tag handling

--- 

* Important: Ensure we trigger parent initialize function

- otherwise the plugin is unable to listen on model events
- important: event order for listeners is Ghost -> Plugin
- Ghost should be able to listen on the events as first instance
- e.g. be able to modify/validate relationships

* Fix tag validation

- we detect lower/update case slugs for tags manually
- this can't be taken over from the plugin obviously
- ensure we update the target model e.g. this.set('tags', ...)

* override base fn: `permittedAttributes`

- ensure we call the base
- put relations on top
- each relation is allowed to be passed
- the plugin will auto-unset any relations to it does not reach the database

* Ensure we run add/edit/delete within a transaction

- updating nested relationships requires sql queries
- all sql statements have to run in a single transaction to ensure we rollback everything if an error occurs
- use es6
2017-11-21 13:28:05 +00:00
kirrg001
eba100d965 Bump dependencies
no issue

- bluebird@3.5.1
- csv-parser@1.12.0
- gscan@1.2.2
- moment@2.19.2
- nconf@0.9.1
- oauth2orize@1.11.0
- superagent@3.8.1
- eslint@4.11.0
- nock@9.1.0
2017-11-17 17:33:29 +01:00
kirrg001
2e521791b8 Optimised dependency tree
no issue
2017-11-17 17:33:29 +01:00
Hannah Wolfe
bcf5a1bc34
Switch to Eslint (#9197)
refs #9178

* Add eslint deps, remove old lint deps
* Add eslint config, remove old lint configs
* Config for server and tests are different
* Tweaked rules to suit us
* Fix linting in codebase - lots of indent changes.
* Fix a real broken test
2017-11-01 13:44:54 +00:00
kirrg001
949d33b1db Bump jsonpath to version 1.0.0
no issue

- major bump
- we only use jsonpath inside the `get` helper
- the functionality still works as expected
- includes security fix, see 98464aa5fe
2017-10-31 12:21:48 +01:00
kirrg001
9d4ed8c61c Replaced extract-zip-fork by extract-zip
no issue

- we had to fork the original repository at one point, because of slow maintenance
- maintenance is back now
- https://github.com/maxogden/extract-zip/pull/52 was merged and released
2017-10-31 12:11:59 +01:00
kirrg001
cfca111493 Bump dependencies
no issue

- bson-objectid@1.2.1
- compression@1.7.1
- express@4.16.2
- moment-timezone@0.5.14
- mysql@2.15.0
- nconf@0.8.5
- sanitize-html@1.15.0
- simple-html-tokenizer@0.4.3
- superagent@3.8.0

IMPORTANT:
- we are unable to bump moment and bluebird at the moment, because in both releases there is a bug which breaks our tests
- i didn't investigate a lot, but there is https://github.com/petkaantonov/bluebird/issues/1468
- and for moment, a couple of reports came in for .19 regarding a wrong date behaviour
2017-10-31 11:53:16 +01:00
Katharina Irrgang
07dcbb0d53 Support for Node v8 (#9183)
no issue

- bump dependencies because of failing tests
- added package-lock.json to gitignore, because we use yarn
- run v8 on travis
- support v8 engine in package.json
2017-10-26 11:37:58 +01:00
kirrg001
984aeffeb6 Bump knex-migrator to version 2.1.8
no issue

- Fixed migration order on db initialisation
2017-10-25 10:44:27 +02:00
Hannah Wolfe
7262c9e465 Upgrading knex-migrator to 2.1.7 (#9154) 2017-10-17 16:06:46 +01:00
Katharina Irrgang
594b0c2d14 Custom post templates (#9073)
closes #9060

- Update `gscan` - it now extracts custom templates and exposes them to Ghost
- Add `custom_template` field to post schema w/ 1.13 migration
- Return `templates` array for the active theme in `/themes/` requests
- Users with Author/Editor roles can now request `/themes/`
- Front-end will render `custom_template` for posts if it exists, template priority is now:
  1. `post/page-{{slug}}.hbs`
  2. `{{custom_template}}.hbs`
  3. `post/page.hbs`
2017-10-10 13:36:35 +01:00
Hannah Wolfe
7999c38fa2 Support filtering based on primary_tag (#9124)
closes #8668, refs #8920

- Updated tests to include internal tags
  - Tests had no example of an internal tag
  - Need this to show that the new filtering works as expected
- primary_tag is a calculated field
- This ensures that we can alias the field to equivalent logic in API filters
- By replacing primary_tag by a lookup based on a tag which has order 0
- bump ghost-gql to 0.0.8

**NOTE:**
Until GQL is refactored, there are limitations on what else can be filtered when using primary_tag in a filter e.g. it wont be possible to do a filter based on primary_tag AND/OR other tag filters.
2017-10-10 14:07:44 +02:00
Aileen Nowak
7be165da07 Fixed not updated yarn.lock
no issue

PR #9087 was updated with a new `yarn.lock` file after changing from using the caret in the `package.json` file for the dependency to not using it.
2017-10-04 17:09:18 +07:00
Aileen Nowak
d7e0770a7b Bump Amperize to version 0.3.5 (#9087)
no issue

- bump `amperize` to 0.3.5 which fixes issues with images-size requests not following redirects, and image-size requests that caused errors leading to stop transforming the rest of the passed HTML.
2017-10-04 11:12:03 +02:00
Kevin Ansfield
ec6e25674c Removed markdown-it-named-headers and unused string deps (#8994)
refs https://github.com/TryGhost/Ghost-Admin/pull/856

- moves `markdown-it-named-headers` functionality into our own app code without requiring the [`string.js`](http://stringjs.com) sub-dependency
- matches Ghost-Admin markdown-it code
2017-09-25 16:36:34 +02:00
Katharina Irrgang
55bf5997b9 Bump dependencies (#9050)
no issue

- body-parser@1.18.2
- cookie-session@1.3.2
- knex-migrator@2.1.6
- markdown-it@8.4.0
- netjet@1.1.4
- oauth2orize@1.10.0
- passport@0.4.0
- superagent@3.6.0
- mocha@3.5.3
- nock@9.0.20
- tmp@0.0.33
2017-09-25 13:27:14 +01:00
Katharina Irrgang
7b4c3fc085 Removed defunct Ghost OAuth code (#9014)
closes #8342

- no need to add a migration, because when we'released 1.0, OAuth was never an option
- it was disabled in April, 1.0-beta was released in June
- remove all remote authentication code
2017-09-18 13:01:58 +01:00
Kevin Ansfield
47322e4239 Re-instate mobiledoc dom rendering with bypass of SimpleDOM parsing (#8937)
closes #8757

- update the markdown card render method to use SimpleDOM's `createRawHtmlSection`. This avoids SimpleDOM parsing and tokenization of broken or unsupported free-form HTML that markdown allows
- replace markdown extraction/render with mobiledoc's renderer in the `Post` model
- removes `jsdom` as it's no longer necessary
2017-08-31 12:09:02 +02:00
Aileen Nowak
30bee115fe Used got to handle requests for image-size (#8892)
refs #8589, refs #8868

- swap `request` with `got` in `getImageSizeFromUrl` util
- less handling for request cases e.g. timeouts, follow redirects
2017-08-31 11:39:37 +02:00
David Wolfe
be54da265b Add segment analytics for blog data (#8912)
no issue
- adds data to track such as post published
- adds ability to add custom data and event prefix via config file
2017-08-22 12:23:23 +01:00