Commit Graph

19994 Commits

Author SHA1 Message Date
Fabien O'Carroll
4d24bdbccb Added finger functionality to WebFingerService
ref https://linear.app/tryghost/issue/MOM-120

We need to do this to lookup the inbox which we need to send a Follow activity
2024-05-15 12:41:34 +07:00
Fabien O'Carroll
f31330a228 Improved HTTPSignature library
ref https://linear.app/tryghost/issue/MOM-73

We've made it easier to use by adding defaults for required header, as well as
adding support for signing POST requests.
2024-05-15 12:41:34 +07:00
Fabien O'Carroll
e98f505ae3 Added body parsing to the frontend
ref https://linear.app/tryghost/issue/MOM-73

We need to add body parsing middleware here, so that NestJS has access to it.
We also attach the rawBody which is used to validate the HTTP Signatures
2024-05-15 12:41:34 +07:00
Sodbileg Gansukh
60da243d0c
Updated signup and private page forms for consistency (#20208)
ref TRI-92
2024-05-15 04:47:02 +00:00
Kevin Ansfield
d2da9d3c17
Updated metadata shown on hover in internal link lists (#20204)
closes https://linear.app/tryghost/issue/MOM-80

- updated internal linking search results items
  - removed visibility text from meta data
  - added additional icon for paid/specific tier visibility
  - added titles to icons
- bumped `@tryghost/koenig-lexical` to include support for meta icon titles
- bumped other Koenig packages due to sub-dependency updates
2024-05-14 16:07:04 +00:00
Kevin Ansfield
21321c7012
Improved internal linking copy and added query highlighting (#20191)
no issue

- bumped @tryghost/koenig-lexical to latest version
2024-05-14 11:04:06 +01:00
Peter Zimon
770f657ae9
Improve messaging and error handling (#20078)
ref DES-228

This PR updates messaging and error handling in order to make Ghost calmer and friendlier. High level summary of the changes:

- Removed all onBlur validation in Settings -> now it’s possible to just click around without being warned to fill mandatory fields
- Removed  lot of technical errors like `ValidationError: Validation (isEmpty) failed for locale`
- Completely removed the red background toast notifications, it was aggressive and raw esp. on the top
- Removed some unnecessary notifications (e.g. when removing a webhook, the removal already communicates the result)
- Now we show field errors on submitting forms, and in case of an error we show a “Retry” button in Settings too. This allowed to remove a lot of unnecessary error messages, like the big error message on the top, plus it’s consistent with the patterns outside Settings.
- Notification style is white now with filled color icons which makes everything much calmer and more refined.
- Removes redundant copy (e.g. "successful(ly)") from notifications

---------

Co-authored-by: Sodbileg Gansukh <sodbileg.gansukh@gmail.com>
2024-05-14 09:31:19 +02:00
Steve Larson
842290cbef
Improved performance for filter strings with multiple neq statements (#20198)
ref https://linear.app/tryghost/issue/CFR-27
- updated packages to include performance improvement for NQL filter
strings including multiple neq filters for the same resource
- bumped `bookshelf-plugins`
- bumped NQL versions

We identified a performance fix that allows us to combine not equal
(neq) filters for the same resource in a logically-equivalent way that
also has far more performant resulting SQL.

We're effectively automatically combining strings like
'tag:-tag1+tag:-tag2` into 'tag:-[tag1,tag2]'.
2024-05-13 10:35:27 -05:00
Daniel Lockyer
e3fa095c80 Fixed misc JSDoc types
- nothing crazy, but cleans up a few editor warnings
2024-05-13 14:53:53 +02:00
Daniel Lockyer
a5e7eb2208 Renamed wrapper to ImplWrapper
- helps with debugging and understanding the code flow
2024-05-13 14:53:53 +02:00
Daniel Lockyer
8fa3acfd80 Fixed providing err to IncorrectUsageError
- it appears as though we only accept `err` when it's in the constructor
  of the IncorrectUsageError, so in its current form, it is ignored
- this commit performs a minor refactor to switch to constructing a new
  IncorrectUsageError and then throwing it
- detected by tsserver complaining about the `err` property not existing
  on the error
2024-05-13 14:53:53 +02:00
Sag
cb8213e7d3
Fixed validation when tierId is missing during Stripe checkout (#20195)
refs https://linear.app/tryghost/issue/SLO-90
refs
https://www.notion.so/ghost/Decoupling-Members-from-Stripe-13b644d4dccb43ea83f683473c690b82

- the members API didn't support passing a Stripe Price ID directly
during checkout since end of 2022. However, we did not update the param
validation accordingly
2024-05-13 14:47:39 +02:00
Ghost CI
b1c5a2985c v5.82.9 2024-05-13 07:01:15 +00:00
renovate[bot]
4edb6b6731 Update dependency i18next to v23.11.4 2024-05-10 10:07:11 +00:00
renovate[bot]
fc41947738 Update dependency semver to v7.6.2 2024-05-10 08:30:32 +02:00
Sam Lord
8c3e5ece01 Added option to disable fast import for data generator
Data generator uses CSV imports for a massive speed increase, but
can't be used in some environments where SQL admin isn't
available. This allows us to set a flag to use the original
insert-based importer.
2024-05-09 15:22:15 +01:00
Fabien 'egg' O'Carroll
56d984f05f
Used subscription currency for setup session (#19991)
ref https://linear.app/tryghost/issue/ENG-812
ref https://github.com/TryGhost/Ghost/commit/5b694761bc

We wanna use the currency of the subscription to avoid the edge-case where the 
subscription currency doesn't match the sites current tiers currency.
2024-05-09 13:03:11 +00:00
renovate[bot]
50a1ef1cd8 Update dependency mailgun.js to v10 2024-05-09 13:08:08 +02:00
renovate[bot]
72e136f3ff Update dependency ember-svg-jar to v2.4.9 2024-05-09 13:03:47 +02:00
renovate[bot]
545247af28 Update dependency ember-svg-jar to v2.4.8 2024-05-09 12:48:51 +02:00
renovate[bot]
e004db0636 Update dependency html-validate to v8.18.2 2024-05-09 10:42:38 +02:00
renovate[bot]
512c3e1413 Update CSS preprocessors 2024-05-09 10:36:59 +02:00
renovate[bot]
e13c2b1c23 Update dependency webpack to v5.91.0 2024-05-09 08:25:51 +00:00
renovate[bot]
4c1ecabfc7 Update sentry-javascript monorepo to v7.114.0 2024-05-09 10:16:37 +02:00
Ghost CI
88ad62558a Merged v5.82.8 into main 2024-05-08 19:30:39 +00:00
Ghost CI
f303432ba9 v5.82.8 2024-05-08 19:30:37 +00:00
Sag
5b694761bc 🐛 Fixed updating payment method when beta flag is on (#20171)
refs https://linear.app/tryghost/issue/ONC-20
refs https://linear.app/tryghost/issue/ENG-867

- when using dynamic payment methods in Stripe, we need to provide a
currency. Stripe uses that parameter to determine which payment methods
to render
- docs: https://docs.stripe.com/api/checkout/sessions/create
2024-05-08 20:59:10 +02:00
Sag
60ac3c735b
🐛 Fixed updating payment method when beta flag is on (#20171)
refs https://linear.app/tryghost/issue/ONC-20
refs https://linear.app/tryghost/issue/ENG-867

- when using dynamic payment methods in Stripe, we need to provide a
currency. Stripe uses that parameter to determine which payment methods
to render
- docs: https://docs.stripe.com/api/checkout/sessions/create
2024-05-08 20:56:17 +02:00
Daniel Lockyer
7e9d82655e Added extra validation for reset_password endpoint
fix https://linear.app/tryghost/issue/SLO-104/cannot-read-properties-of-undefined-reading-0-an-unexpected-error

- if the request body didn't contain the correct keys, it'd just HTTP
  500 out of there
- this adds some optional chaining so we end up with undefined if
  anything isn't as expected, and the following if-statement does the
  rest of the check for us
- this also adds a breaking test (the first E2E test for authentication, yay!)
2024-05-08 18:05:04 +02:00
Kevin Ansfield
b5af65a130
Added access and publish date display to internal link list on hover (#20168)
closes https://linear.app/tryghost/issue/MOM-80

- bumps @tryghost/koenig-lexical to add support for search result metadata in internal links as well as some improvements to the internal linking UI/UX
- updates search service to fetch and expose additional `visibility` and `published_at` fields for post/page resources
- updates `searchLinks` method passed to editor to decorate the search results with appropriate meta text and icon based on publish date, post visibility and member settings
2024-05-08 16:04:05 +00:00
Kevin Ansfield
2cd0eb62a7
Re-ordered Admin search results (#20166)
closes https://linear.app/tryghost/issue/MOM-106

- the search results can hide any matching authors/tags due to them appearing after matching posts which is typically a longer list that needs scrolling through
- changed the order to list matched authors and tags before posts, this matches the behaviour in our front-end search
2024-05-08 13:35:23 +00:00
Daniel Lockyer
76c6e92006
Handled invalid files when uploading DB zips (#20165)
fix
https://linear.app/tryghost/issue/SLO-103/invalid-comment-length-expected-7-found-0-an-unexpected-error-occurred

- similar to
e8e3447f15,
this captures a specific error from yauzl and throws a user-friendly
error
- perhaps in the future we can just look for yauzl errors and always
return user-friendly errors, but let's monitor that first
- also includes a breaking test
2024-05-08 14:59:34 +02:00
Daniel Lockyer
f276abf9e8 Condensed logic for determining whether to send Sentry events
refs https://docs.sentry.io/platforms/javascript/configuration/filtering/#using--1%20

- this simplifies our logic to determine whether we should send events
  by moving the code to `beforeSend`
- `errorHandler` is going away in Sentry v8 so this results in a shorter
  diff in the future
- the logic should be the same, always send non-Ghost errors, and only
  send HTTP 500 Ghost errors
2024-05-08 14:25:00 +02:00
Daniel Lockyer
77fc66340a Refactored Sentry beforeSend code
- this tidies up the implementation by removing the very verbose ternary
  operator, and also uses the optional chaining operator
2024-05-08 14:25:00 +02:00
Daniel Lockyer
c4ad593a5a Added JSDoc types to Sentry
- this helps editors with identifying what the types of parameters are
2024-05-08 14:25:00 +02:00
Daniel Lockyer
e8e3447f15 Fixed handling empty zip file uploads
fix https://linear.app/tryghost/issue/SLO-102/end-of-central-directory-record-signature-not-found-an-unexpected

- previously, uploading an empty zip would result in a HTTP 500 error
  because yauzl would error and we'd bubble that up as an
  InternalServerError
- now, we catch the specific error message and return a more user
  friendly error
- also includes tests and sample zip file
2024-05-08 11:19:47 +02:00
Daniel Lockyer
00f42855e3 Excluded docName key from API controller method map
- due to the structure of our API controllers, the docName and methods
  are under the same structure
- this code loops over the keys of the controller and forms the method
  map
- however, it currently also loops over every character of the docName,
  so the resulting map contains a weird structure of chars
- we don't need the docName for this, so we can just exclude it from the
  keys
- this doesn't change any functionality
2024-05-08 11:19:47 +02:00
Daniel Lockyer
d82b136a6a Handled uploads with invalid form bodies
fix https://linear.app/tryghost/issue/SLO-101/http-500-with-invalid-multipart-data

- previously, busboy would error out if we supplied a body that was
  invalid (such as an empty FormData)
- we would then return a HTTP 500 to the user, which causes all manner
  of problems
- now we catch errors from busboy and return a nice BadRequestError
2024-05-08 11:19:47 +02:00
Daniel Lockyer
ae88dc8548 Handled invalid timestamp format in filters
fix https://linear.app/tryghost/issue/SLO-85/fix-http-500-on-contentposts

- in the event we give the incorrect format in a filter, MySQL will
  throw an error and we'll throw a HTTP 500 error
- we can capture this error and return a more useful error to the user
- ideally we'd do this in a validation step before attempting the query,
  but parsing this out of NQL and detecting which columns are DATETIME
  could be quite tricky
2024-05-08 09:28:56 +02:00
Daniel Lockyer
82c612bad9 Rolled out API framework JSDoc typing to more places
- this updates a bunch of places where we're just using Object to cheat
  the system
- doing this means editor autocomplete and basic type checking is better
  because we now have proper types in place
- functionality should not change, these are just comments
2024-05-08 09:28:31 +02:00
renovate[bot]
1fea2fc616 Update dependency semver to v7.6.1 2024-05-08 09:04:44 +02:00
Ghost CI
7201006f05 Merged v5.82.7 into main 2024-05-07 18:13:36 +00:00
Ghost CI
000616ac02 v5.82.7 2024-05-07 18:13:34 +00:00
Djordje Vlaisavljevic
9fe0d13232 Fixed typo
ref https://linear.app/tryghost/issue/DES-338/subscription-details-section-on-mobile-spacing-issues
2024-05-07 20:00:11 +02:00
Kevin Ansfield
d831e687a5 Added initial implementation of internal linking for standard links (#20139)
ref https://linear.app/tryghost/issue/MOM-81

- bumps `@tryghost/koenig-lexical` to version with updated internal linking beta features
2024-05-07 19:59:46 +02:00
Kevin Ansfield
b24f976b34 Fixed empty groups in internal link searches (#20142)
closes https://linear.app/tryghost/issue/MOM-101

- we were mapping over the grouped search results which meant we still got a group even if it's options/items list was empty after filtering for published
2024-05-07 19:59:40 +02:00
Kevin Ansfield
0f482907e1 🐛 Fixed Admin search sometimes stalling on first query (#20143)
closes https://linear.app/tryghost/issue/MOM-103

- the `yield waitForProperty(...)` call that was supposed to return once the content refresh occurred never reached a valid state so the first search query (or any later query) where a content refresh occurred would never resolve causing search to look like it had stalled
- switched to waiting for the last running task to resolve instead which does the same as the previous code intended
- exported the `getPosts` request handler function so in mirage config so we can re-use it with different timing on a per-case basis
2024-05-07 19:59:33 +02:00
Djordje Vlaisavljevic
bae5ae43c9 Fixed typo
ref https://linear.app/tryghost/issue/DES-338/subscription-details-section-on-mobile-spacing-issues
2024-05-07 18:29:25 +01:00
Daniel Lockyer
2659e5aa40 Added handling for parsing errors with user-submitted HTML
fix https://linear.app/tryghost/issue/SLO-87/cannot-read-properties-of-undefined-reading-createimpl-an-unexpected
refs https://github.com/jsdom/jsdom/issues/3709

- in the event we are given some HTML to parse, and that fails, we
  currently return a HTTP 500 because it's unhandled
- the instance we saw was due to `<constructor>` crashing jsdom, we've
  opened an issue for that
- in terms of handling the error gracefully, we can surround the code
  in a try-catch and return a more suitable error. I've gone for a
  ValidationError for now - you could debate whether a different one is
  more appropriate
- also added Sentry error capturing so we're not blind to these,
  ultimately we should make sure the parser can handle all
  user-submitted data
2024-05-07 17:25:48 +02:00
Kevin Ansfield
40ee2043e0
Reduced Admin search re-indexes (#20154)
closes https://linear.app/tryghost/issue/MOM-97

The 30s search content expiry didn't really make sense and caused unnecessary delays and server load now that search will be more widely used within the editor.

- replaced concept of time-based expiry with explicit expiry
  - content still fetched on query if not already loaded or marked as stale
  - added `.expireContent()` method on search service to allow explicit expiry
- updated editor to pre-fetch search content when not already loaded or marked as stale
  - removes delay when first using internal linking search inside the editor
- updated post model to expire search content on save
  - expires on published post save or delete
  - expires on publish and unpublish
- updated tag model to expire content on create/save/delete
  - only expires when name or url is changed
- updated user model to expire on save/delete
  - only expires when name or url is changed
  - does not handle creation because that's done server-side via invites
2024-05-07 15:24:20 +01:00