Commit Graph

7009 Commits

Author SHA1 Message Date
Greenkeeper
e58d8cac7b chore(package): update passport-ghost to version 1.0.3 (#7632)
https://greenkeeper.io/
2016-10-26 19:16:08 +02:00
Greenkeeper
128cff7e66 chore(package): update supertest to version 2.0.1 (#7598)
https://greenkeeper.io/
2016-10-25 12:19:46 +01:00
Katharina Irrgang
ca17e788ed 🐛 add missing schedulerUrl option (#7626)
no issue
- while refactoring the config module, this was accidentally deleted
- let's re-add it 😇
2016-10-25 12:19:22 +01:00
Katharina Irrgang
0e13ef8767 🎨 logging improvements (#7597)
* 🎨  rotation config
  - every parameter is configureable
  - increase default number of files to 100
* 🎨  ghost.log location
  - example: content/logs/http___my_ghost_blog_com_ghost.log
  - user can change the path to something custom by setting logging.path
* 🛠   add response-time as dependency
* 🎨  readable PrettyStream
  - tidy up
  - generic handling (was important to support more use cases, for example: logging.info({ anyKey: anyValue }))
  - common log format
  - less code 🕵🏻
* 🎨  GhostLogger cleanup
  - remove setLoggers -> this function had too much of redundant code
  - instead: add smart this.log function
  - remove logging.request (---> GhostLogger just forwards the values, it doesn't matter if that is a request or not a request)
  - make .warn .debug .info .error small and smart
* 🎨  app.js: add response time as middleware and remove logging.request
* 🎨  setStdoutStream and setFileStream
  - redesign GhostLogger to add CustomLoggers very easily

----> Example CustomLogger

function CustomLogger(options) {
  // Base iterates over defined transports
  // EXAMPLE: ['stdout', 'elasticsearch']
  Base.call(this, options);
}
util.inherits(...);

// OVERRIDE default stdout stream and your own!!!
CustomLogger.prototype.setStdoutStream = function() {}

// add a new stream
// get's called automatically when transport elasticsearch is defined
CustomLogger.prototype.setElasticsearchStream = function() {}

* 🎨  log into multiple file by default
  - content/logs/domain.error.log --> contains only the errors
  - content/logs/domain.log --> contains everything
  - rotation for both files
* 🔥  remove logging.debug and use npm debug only
*   shortcuts for mode and level
* 🎨  jshint/jscs
* 🎨  stdout as much as possible for an error
* 🎨  fix tests
* 🎨  remove req.ip from log output, remove response-time dependency
* 🎨  create middleware for logging
  - added TODO to move logging middleware to ignition
2016-10-25 12:17:43 +01:00
Hannah Wolfe
ce8517fde0 Upgrading Casper to 1.3.4 2016-10-24 16:57:06 +01:00
Kevin Ansfield
13c95bafc4 Version bump to 1.0.0-alpha.6 2016-10-24 12:51:55 +01:00
Kevin Ansfield
4520edc0e4 Updated Ghost-Admin to 1.0.0-alpha.6 2016-10-24 12:51:55 +01:00
Ryan McCarvill
646aaa1e43 deps: ghost-editor@0.0.14 (#7619) 2016-10-24 11:57:20 +01:00
Katharina Irrgang
c8c696f659 🎨 grunt release .knex-migrator (#7591)
no issue
- the file was not copied over for the release
- @TODO: different solution?
2016-10-24 10:18:04 +01:00
Greenkeeper
d8214d6a46 chore(package): update moment-timezone to version 0.5.7 (#7609)
https://greenkeeper.io/
2016-10-22 11:11:39 +01:00
Katharina Irrgang
cccd8c4f8f change ghost client redirect_uri (#7595)
closes #7580
2016-10-21 16:08:17 +01:00
Katharina Irrgang
2887602712 🎨 error improvements (#7600)
*   id for each error instance
- copy paste of ignition
- on purpose for now
- delete TODO, wohoo
- use id property instead of uid, see http://jsonapi.org/format/#errors

* 🕵🏻  remove TODO for decouple req.err
- can't find a nicer alternative solution
- added some more descriptions to code pieces in our error-handler

* 🎨  use uuid.v1
- timestamp based
2016-10-21 13:10:17 +01:00
Katharina Irrgang
02a1f08ba3 🐛 fix changePassword bug (#7590)
no issue
- comparison for isLoggedInUser did not work when userId was a string
- parsing of int was missing
2016-10-21 10:19:09 +01:00
Katharina Irrgang
8bcd000829 🐛 GhostError needs to inherit from Error (#7582)
no issue
2016-10-19 15:27:22 +01:00
Greenkeeper
441f7e54e8 chore(package): update knex-migrator to version 0.0.7 (#7592)
https://greenkeeper.io/
2016-10-19 11:59:56 +02:00
Greenkeeper
0148895269 chore(package): update passport-ghost to version 1.0.2 (#7594)
https://greenkeeper.io/
2016-10-19 11:04:34 +02:00
kirrg001
8637c7be60 Version bump to 1.0.0-alpha.5 2016-10-18 14:10:32 +02:00
kirrg001
7ab059b8b9 Updated Ghost-Admin to 1.0.0-alpha.5 2016-10-18 14:10:32 +02:00
Katharina Irrgang
258688932f 🛠 knex-migrator 0.0.6 (#7589)
no issue
- manual PR, because GK is too slow to push the version bump
2016-10-18 10:23:57 +01:00
Katharina Irrgang
fd0a08ae8c 🎨 make sqlite filename absolute (#7585)
no issue

- add tests for makePathsAbsolute
- add support for windows paths

When Ghost-CLI inits the database of the current GhostVersion (in /current), then it uses knex-migrator to do that.
Knex migrator is reading the .knex-migrator file of the current Ghost version. This returns a relative path to the database location.
The problem: knex-migrator will init the database in the root folder of Ghost-CLI /content/data instead of /current/content . And when you start Ghost (ghost start), it always complains that
that database is not initialised, because it expects the database in /current/content...

* 🎨  move config_spec to config/index_spec
- add one more test case
2016-10-18 09:04:44 +01:00
Greenkeeper
af4534c74a chore(package): update knex-migrator to version 0.0.5 (#7587)
https://greenkeeper.io/
2016-10-17 20:42:29 +02:00
Katharina Irrgang
133b7e00fd 🎨 add knexMigratorFilePath for knex-migrator initialisation (#7583)
no issue
- if we don't pass our root path, it can happen that knex-migrator get's the wrong path when looking for the .knex-migrator file
2016-10-17 16:10:14 +01:00
Greenkeeper
d2d0d80f83 chore(package): update knex-migrator to version 0.0.3 (#7581)
https://greenkeeper.io/
2016-10-17 16:32:08 +02:00
Katharina Irrgang
8d8d7bdb26 knex migrator (#7565)
refs #7489
- remove sephiroth
- use knex migrator npm
- goodbye bootup script
- 🎨  update README
- 🎨  knex migrator @ 0.0.2
2016-10-17 13:50:29 +01:00
Greenkeeper
d55f5b9860 chore(package): update mocha to version 3.1.2 (#7541)
https://greenkeeper.io/
2016-10-17 14:44:05 +02:00
Greenkeeper
d8c8f7b18b chore(package): update knex to version 0.12.5 (#7551)
https://greenkeeper.io/
2016-10-17 14:27:03 +02:00
kirrg001
2378a7ef02 Update Ghost-Admin: Use one token endpoint 2016-10-17 12:51:39 +02:00
Katharina Irrgang
4056a6da4a 🎨 one token endpoint (#7571)
* 🎨  one token endpoint

refs #7562
- delete /authentication/ghost
- Ghost-Admin will use /authentication/token for all use cases (password, refresh token and ghost.org authorization code)
- add new grant_type `authorization_code`

* 🎨  update comment description and remove spamPrevention.resetCounter
2016-10-17 12:45:50 +02:00
Katharina Irrgang
25b0c9eb9a add isPasswordCorrect fn to User Model (#7573)
refs #7432
- clean code!
- less code!
2016-10-14 18:46:22 +01:00
Katharina Irrgang
ca7b5643d5 🎨 more clean code in User Model (#7572)
* 🎨  do not call generateSlug twice for User.setup

* 🎨  call generatePasswordHash onSaving only

- now we can add defaults to User Model
- it was not possible before because add User model did the following:
  1. validate password length
  2. hash password manually
  3. call ghostBookshelf.Model.add and THEN bookshelf defaults fn gets triggered
- call generatePasswordHash in onSaving hook for all use case
- add more tests to user model, juhu
2016-10-14 18:24:38 +01:00
Katharina Irrgang
e1ac6a53dd 🎨 gravatar lookup in saving hook (#7561)
refs #7432

- in preparation for more User model cleanup
- look for gravatar when email has changed
- run onSaving tasks in parallel in User model
2016-10-14 15:37:40 +01:00
Hannah Wolfe
03e4acdb37 🐛 Subscribers: validate urls (#7540)
no issue

- Ensure URLs submitted via form are sanitized so that we only accept real urls
- Add some tests for the isEmptyOrURL validator
2016-10-14 16:31:20 +02:00
Ryan McCarvill
ea2c3a0a3f Markdown card (#7568)
Refs #7429
- Added mobiledoc card, this uses the mobiledoc editor from within Ghost. In the future we'll pull this out and replace it with a textarea as the preview is too small to fit in the content.
- Made the HTML editor a codemirror editor (pulled in from ghost-admin to save duplicating libraries).
- Ghost-Admin now passes the paths for the ghost-api and the image directory for tools.
- Fixed the scrolling issue.
2016-10-14 14:42:48 +02:00
Katharina Irrgang
56a2e56b1c 🎨 fetch all scheduled posts on bootstrap (#7567)
refs #7555
- remove filters, they can cause problems
2016-10-14 13:39:10 +01:00
Katharina Irrgang
8cd5d9f6fe 🎨 register events in base model (#7560)
refs #7432

- all models implemented it's own initialize fn to register events
- we can register all events in the base model
- important: we only listen on the event, if the model has defined a hook for it
- this is just a small clean up PR
- register more bookshelf events
2016-10-14 13:37:01 +01:00
Hannah Wolfe
4411f8254f 🎉 🎨 Remove middleware/index.js (#7548)
closes #4172, closes #6948, refs #7491, refs #7488, refs #7542, refs #7484

* 🎨 Co-locate all admin-related code in /admin
- move all the admin related code from controllers, routes and helpers into a single location
- add error handling middleware explicitly to adminApp
- re-order blogApp middleware to ensure the shared middleware is mounted after the adminApp
- TODO: rethink the structure of /admin, this should probably be an internal app

* 💄 Group global middleware together

- There are only a few pieces of middleware which are "global"
- These are needed for the admin, blog and api
- Everything else is only needed in one or two places

*  Introduce a separate blogApp

- create a brand-new blogApp
- mount all blog/theme only middleware etc onto blogApp
- mount error handling on blogApp only

* 🎨 Separate error handling for HTML & API JSON

- split JSON and HTML error handling into separate functions
- re-introduce a way to not output the stack for certain errors
- add more tests around errors & an assertion framework for checking JSON Errors
- TODO: better 404 handling for static assets

Rationale:

The API is very different to the blog/admin panel:
 - It is intended to only ever serve JSON, never HTML responses
 - It is intended to always serve JSON

Meanwhile the blog and admin panel have no need for JSON errors,
when an error happens on those pages, we should serve HTML pages
which are nicely formatted with the error & using the correct template

* 🐛 Fix checkSSL to work for subapps

- in order to make this work on a sub app we need to use the pattern `req.originalUrl || req.url`

* 🔥 Get rid of decide-is-admin (part 1/2)

- delete decide-is-admin & tests
- add two small functions to apiApp and adminApp to set res.isAdmin
- mount checkSSL on all the apps
- TODO: deduplicate the calls to checkSSL by making blogApp a subApp :D
- PART 2/2: finish cleaning this up by removing it from where it's not needed and giving it a more specific name

Rationale:

Now that we have both an adminApp and an apiApp,
we can temporarily replace this weird path-matching middleware
with middleware that sets res.isAdmin for api & admin

* 🎨 Wire up prettyURLs on all Apps

- prettyURLs is needed for all requests
- it cannot be global because it has to live after asset middleware, and before routing
- this does not result in duplicate redirects, but does result in duplicate checks
- TODO: resolve extra middleware in stack by making blogApp a sub app

* ⏱ Add debug to API setup

* 🎨 Rename blogApp -> parentApp in middleware

* 🎨 Co-locate all blog-related code in /blog

- Move all of the blogApp code from middleware/index.js to blog/app.js
- Move routes/frontend.js to blog/routes.js
- Remove the routes/index.js and routes folder, this is empty now!
- @TODO is blog the best name for this? 🤔
- @TODO sort out the big hunk of asset-related mess
- @TODO also separate out the concept of theme from blog

* 🎉 Replace middleware index with server/app.js

- The final piece of the puzzle! 🎉 🎈 🎂
- We no longer have our horrendous middleware/index.js
- Instead, we have a set of app.js files, which all use a familiar pattern

* 💄 Error handling fixups
2016-10-13 17:24:09 +02:00
Katharina Irrgang
4abb9590a1 add token utils (#7554)
no issue
- preperation for User model refactoring
- add independent util to generate reset hash, compare a hash and extract information out of it
- this code is basically a copy/paste of User model (generateResetToken, validateToken)
2016-10-13 13:54:44 +01:00
Katharina Irrgang
5b9c213849 🎨 change gravatar file design (#7553)
no issue
- preperation for User model refactoring
- the rule is:
  --> when calling a unit, this unit should return something new
  --> and NOT modifying an existing object and return it (this is an unexpected behaviour, especially for utils and libs)
2016-10-13 13:52:22 +01:00
Greenkeeper
da9c6be06c chore(package): update passport-ghost to version 1.0.1 (#7559)
https://greenkeeper.io/
2016-10-13 13:03:27 +02:00
Katharina Irrgang
48c01162a3 🎨 decrease timeout for scheduling (#7556)
refs #7555
- temporary fix to make travis green
- that should not have a any bad effect on scheduling
- we just let the job awake a bit later
- the job logic is strong enough to catch the job if setTimeout awakes too late (that can happen, because setTimeout is not accurate)
- if (moment().diff(moment(Number(timestamp))) <= self.beforePingInMs) --> is smaller ensures that even if the diff is negative, it get's executed
2016-10-13 09:49:10 +01:00
Katharina Irrgang
869a35c97d migrations: seeding is part of init db task (#7545)
* 🎨  move heart of fixtures to schema folder and change user model

- add fixtures.json to schema folder
- add fixture utils to schema folder
- keep all the logic!

--> FIXTURE.JSON
- add owner user with roles

--> USER MODEL
- add password as default
- findAll: allow querying inactive users when internal context (defaultFilters)
- findOne: do not remove values from original object!
- add: do not remove values from original object!

* 🔥  remove migrations key from default_settings.json

- this was a temporary invention for an older migration script
- sephiroth keep alls needed information in a migration collection

* 🔥   add code property to errors

- add code property to errors
- IMPORTANT: please share your opinion about that
- this is a copy paste behaviour of how node is doing that (errno, code etc.)
- so code specifies a GhostError

* 🎨  change error handling in versioning

- no need to throw specific database errors anymore (this was just a temporary solution)
- now: we are throwing real DatabaseVersionErrors
- specified by a code
- background: the versioning unit has not idea about seeding and population of the database
- it just throws what it knows --> database version does not exist or settings table does not exist

* 🎨  sephiroth optimisations

- added getPath function to get the path to init scripts and migration scripts
- migrationPath is still hardcoded (see TODO)
- tidy up database naming to transacting

*   migration init scripts are now complete

- 1. add tables
- 2. add fixtures
- 3. add default settings

* 🎨  important: make bootup script smaller!

- remove all TODO'S except of one
- no seeding logic in bootup script anymore 🕵🏻

*   sephiroth: allow params for init command

- param: skip (do not run this script)
- param: only (only run this script)
- very simple way

* 🎨  adapt tests and test env

- do not use migrate.populate anymore
- use sephiroth instead
- jscs/jshint

* 🎨  fix User model status checks
2016-10-12 16:18:57 +01:00
Katharina Irrgang
22589e8b91 🎨 Ghost OAuth improvements (#7550)
refs #7452

- 🎨  logging.debug for public client registration
- 🎨  add tests for passport ghost
- improve readability for passport file
- add basic tests
2016-10-12 12:11:56 +01:00
Kevin Ansfield
06151ef5ac 🐛 send correct token expiration time (#7547)
no issue

When using Ghost OAuth, exchanging the authorization code for an access token was returning a token along with an `expires_in` property containing a JavaScript date representation rather than the number of seconds the token is valid for. This was resulting in the client expecting it's access token to be valid until the year 48796(!) and so never attempting to refresh it's access_token.

- return token expiration time of 3600 seconds / 1hr
2016-10-12 10:19:33 +02:00
Katharina Irrgang
50f383ef0b 🐛 logging: error output format (#7546)
no issue
- the format for standalone error was wrong
2016-10-11 19:03:14 +01:00
Katharina Irrgang
677502813e 🎨 replace process.env.NODE_ENV usages by config.get('env') (#7544)
closes #6629

- i had the case that in gravatar process.env.NODE_ENV was undefined and indexOf of undefined crashe my application
- so always use config to read current env
2016-10-11 13:53:52 +01:00
Katharina Irrgang
9fad7f1d69 use migration runner for init db (#7502)
refs #7489

* 🎨  protect error when creating owner
* 🎨  reset migration table
- temporary solution, see TODO's
* 🎨  use sephiroth in bootUp script
- do not populate the database
- ask sephiroth for database state
- do seeding manually (this will be removed in next seeding PR)
* 🎨  rewrite createTableIfNotExists because it causes error when running twice
- see knex issue
- hasTable and createTable
- indexes can cause trouble when calling them twice
* 🎨  tests: populate db in test env
- when forking db
- when starting ghost()
- this basically affects only the functional tests
* 🎨  server spec test adaption
- we now throw an error when database is not populated, instead of populating the database
* 🎨   migration spec adaption
- reset database now deletes migration table
- we will move the reset script into sephiroth and then we make it pretty
* 🎨  error creation adaption in bootUp
* 🎨  fixes
- sephiroth error handling
- fix tests
2016-10-11 13:37:11 +01:00
Kevin Ansfield
49191c9023 🎨 improve gulp dev reload behaviour (#7543)
refs #7427
- prevent unnecessary reloads of the server due to changes in client files, this makes working on the client as quick/painless as the old `grunt dev` command
- fix nodemon `watch` config - it only accepts directories not files
- update nodemon `ignore` config - directories should be specified without a `/*`, add directories that are changed on each client re-compile
2016-10-11 14:06:07 +02:00
Hannah Wolfe
61bf54ec88 🎉 Middleware refactor: Give the API its own express App (#7537)
refs #4172

* 🎨 Use bodyParser only where it is needed

This is a pretty extreme optimisation, however in the interests of killing middleware/index.js it
seemed prudent to move towards not having in there that wasn't strictly necessary 😁

We should reassess how apps do this sort of thing, but it seems pretty sane to declare bodyParsing
if and only if it is necessary.

* 🎨 Move all API code to API router

* 🎨 Refactor API into an App, not just a router

- Apps have their own rendering engines, only the frontend & the admin panel need views
- The API should be JSON only, with minimal middleware
- Individual sections within the API could/should be treated as Routers

* 🎨 Flatten API middleware inclusion

- get rid of the weird middleware object
- move the api-only middleware into the middleware/api folder
2016-10-11 10:36:00 +02:00
Katharina Irrgang
0227efb41b 🐛 logging: always print body of standalone error (#7535)
- we can see the logging mode as HTTP mode
- standalone logging should still log everything
- tidy up the PrettyStreamer a little big and add current expectation tests
2016-10-11 07:26:37 +01:00
Hannah Wolfe
59e2694acf Misc Middleware cleanup (#7526)
* 💄 Combine slashes & uncapitalise middleware

- these bits of middleware belong together
- ideally they should be optimised

* 🎨 Move ghostLocals out of themeHandler

GhostLocals sets several important values which are needed for every part of the application,
admin, api and theme. Therefore, it doesn't make sense for it to be bundled in the themeHandler.

* 🐛 Fix the uncapitalise middleware

- Updated to make correct use of req.baseUrl, req.path, req.url & req.originalUrl
- Updated the tests to actually cover our weird cases

* 🎨 Move ghostVersion logic out of config

* 💄 Group static / asset-related middleware together

* 🔥 Remove /shared/ asset handling

- The 5 files which are located in `/shared/` are all handled by individual calls to `serveSharedFile`
- Therefore this code is redundant
2016-10-10 21:14:32 +02:00