Commit Graph

13 Commits

Author SHA1 Message Date
Hannah Wolfe
f417c4c732
Merged our two maintenance middleware into one
- Reduced our maintenance middleware code down to the bare minimum!
  - We have an old maintenance middleware in place to handle when a site is forcibly put into maintenance mode, or the urlService hasn't finished booting
    - This maintenance middleware was mounted on every sub app, instead of globally for reasons I no longer remember
  - Recently, we introduced a new, static version of maintenence middleware to show during the boot process so we can get the server started earlier & not drop requests
    - This version has its own HTML template and doesn't depend on any of Ghost's error rendering code
  - To simplify and help with decoupling, this commit merges the two middleware, so that the new independent & static middleware renders its template for any one of the 3 possible maintenance modes
    - It only needs to exist in the top level app 🙌

TODO: move the maintenance middleware to its own file/package so it's not part of the app.js as that is weird
2021-11-24 11:27:18 +00:00
Hannah Wolfe
4f9b72ff43
Renamed middlewares to middleware consistently
- This is a minor bugbare, but it will affect some configuration I'm about to do for c8
- I've been wanting to do it for ages, middleware is plural all on it's own so it's an odd affectation in our codebase
- This also only exists in 2 places, everywhere else we use "middleware"
- Sadly it did result in a lot of churn as I did a full find and replace, but consistency is king!
2021-11-16 15:51:47 +00:00
Daniel Lockyer
ed6a8dca76 Inlined package requires to save boot time and memory
no issue

- following on from f4fb0fcbaa,
  this commit moves around some package requires in Ghost
- these are often niche packages that do something in a subsystem of
  Ghost, and are not necessarily be needed to boot the application
- these packages use non-negligible CPU and memory when they are
  required, so it makes sense to lazy-require them
- the concern here is that we obscure the code too much by moving
  random requires further into code, but the changes are small and the
  improvements big
- this commit bring the boot time since 4.19.0 down ~31% and initial
  memory usage down by a total of ~12%
2021-10-22 09:57:59 +02:00
Matt Hanley
a9ea792d65
Updated OAuth middleware to use the correct URL helpers
no-ref

Hardcoded redirect URLs were breaking when admin and site URLs were
different, or when Ghost is configured with a subdirectory.
2021-09-23 17:26:29 +01:00
Thibaut Patel
489e470d7b Added a feature flag to the oauth login feature
issue https://github.com/TryGhost/Team/issues/614

- The feature flag was called `oauthLogin` instead of simply `oauth` to avoid clashes in the frontend `feature` service as it is merging the config and labs properties.
2021-07-20 23:16:49 +02:00
Hannah Wolfe
bd597db829
Moved settings/cache to shared/settings-cache
- This is part of the quest to separate the frontend and server & get rid of all the places where there are cross-requires
- At the moment the settings cache is one big shared cache used by the frontend and server liberally
- This change doesn't really solve the fundamental problems, as we still depend on events, and requires from inside frontend
- However it allows us to control the misuse slightly better by getting rid of restricted requires and turning on that eslint ruleset
2021-06-30 15:49:10 +01:00
Sam Lord
35e51e364b Switch to @tryghost/debug, remove ghost-ignition
no issue
The only pieces of Ghost-Ignition used in Ghost were debug and
logging. Both of these modules have been superceded by the Framework
monorepo, and all usages of Ignition have now been removed, replaced
with @tryghost/debug and @tryghost/logging.
2021-06-15 17:24:22 +01:00
Thibaut Patel
1d5c8ccf2b Fix the OAuth callback
https://github.com/TryGhost/Team/issues/614

By binding the user session to the Ghost instance domain
2021-05-21 10:50:03 +02:00
Thibaut Patel
2bcc934eb4 Disable CSRF on the oauth callback route
no issue

Keeping CSRF enabled there would prevent oauth from working as users are redirected from the provider domain to the /callback route, where they are logged-in
2021-05-18 20:44:21 +02:00
Thibaut Patel
14cae4b154 Added notes to oauth code for future improvements
no issue
2021-05-14 12:10:27 +02:00
Thibaut Patel
b1e8cd3179 Added oauth parameters to get a refresh token during login
issue https://github.com/TryGhost/Team/issues/614
2021-04-23 11:20:40 +02:00
Thibaut Patel
90f5a97c15 Fixed linting error
commit c471ae11d4
2021-04-21 19:45:03 +02:00
Thibaut Patel
c471ae11d4 Added oauth login and invitation acceptance
issue https://github.com/TryGhost/Team/issues/614

- Users who have a password can directly sign-in via oauth
- User who are logged-in get their password disabled
- Users accepting an invitation get their password disabled
- The way we disable password is by setting it to a long random password
2021-04-21 19:36:27 +02:00