Commit Graph

8497 Commits

Author SHA1 Message Date
Fabien O'Carroll
b185892b7b
Created session controller (#9911)
refs #9865

Note that this controller is the singular, that's because we plan to
make a session resource controller to be used with /sessions, wheras
this is on /session
2018-10-03 20:45:42 +07:00
Nazar Gargol
82b7aea641
Refactor URL generation from models (#9917)
Moved URL attributes logic from the model into API layer 

refs #9866

- Moved URL related attribute calculation for posts, users, and tags into API layer
- Added test coverage for url attributes in tags/authors/primary_tags/primary_authors
2018-10-03 15:44:30 +02:00
Fabien O'Carroll
15da580016 Added processOptions check to base model findPage
no-issue

When calling findPage on a model with no processOptions defined this
throws an error.
2018-10-03 10:16:10 +02:00
kirrg001
079b41e608 Added body parser to web/api/v2 express app
refs #9866

- req.body is undefined if we don't use the body parser
- the content API only offers "fetch" endpoints, but if a component/module in Ghost relies on req.body being present, it can crash
- e.g. the authentication service checks for the existence of client_id + client_secret in req.query or req.body
- we could theoretically change it from `if (!req.body.client_id` to `if (req.body && !req.body.client_id)`, but that makes the code very hard to read + maintain
- we will use the body parser for the content API now
- req.body will be {}
2018-10-03 00:47:03 +02:00
kirrg001
27996db5e9 Extended sequence utility
no issue

- support promise and none promise tasks
- helpful if you create an array of operations and not all of the operations/tasks are async
- `response instanceof Promise` does not work for all cases e.g. some usages return a transaction/bookshelf chain
2018-10-03 00:17:45 +02:00
kirrg001
c96c474501 Version bump to 2.2.0 2018-10-02 22:57:14 +02:00
kirrg001
ddf22e943f Updated Ghost-Admin to 2.2.0 2018-10-02 22:57:14 +02:00
Rish
91f8e03244 Added mobiledoc_revisions schema, migration script and updated tests 2018-10-02 19:15:23 +02:00
Rish
96488af21d Added command support for index to wrapper 2018-10-02 19:15:23 +02:00
Kevin Ansfield
1db3aefb9b
Set up schema and models for API Key authentication (#9904)
refs https://github.com/TryGhost/Ghost/issues/9865
- schema migrations
  - adds `integrations` and `api_keys` tables
  - inserts `integration` and `api_key` permissions and Administrator role relationships
  - inserts `Admin Integration` role and permissions
- adds `Integration` model
- adds `ApiKey` model
  - creates default secret if not given
  - hardcodes associated role based on key type
    - `admin` = `Admin API Client`
    - `content` = no role
- updates `Role` model to use `bookshelf-relations` for auto cleanup of permission relationships on destroy
2018-10-02 17:46:38 +01:00
Fabien O'Carroll
ecf47f3b7b Added some missing tests to base model (#9931)
no-issue
2018-10-02 16:43:19 +02:00
Rishabh Garg
c795920cac Updated web/ to use API config (#9936)
refs #9866

- exports `getApiPath` method from service/url/utils
- uses `getApiPath` in web/parent-app to configure API paths for supported versions
2018-10-02 13:25:34 +02:00
Fabien O'Carroll
cb0c5dc582
Session auth service (#9910)
refs #9865

* This service handles the session store and exporting middleware to be
used for creating and managing sessions

* Updates the auth service index.js file in line with how we do things elsewhere

* After wrapping the exports in a getter, the usage of rewire had broken
the authenticate tests, this commit _removes_ rewire from the tests, calls `init` on
the models before the tests (needed because rewire isn't there) and also
cleans up the use of var.
2018-10-02 15:35:23 +07:00
Fabien O'Carroll
6cd1dc8005 🐛Fixed blog not responding when uploading routes.yaml with unknown taxonomy (#9926)
closes #9870

Instead of 500'ing when uploading a routes.yaml with an invalid taxonomy
we will now send back an error saying it's invalid.
2018-10-01 20:40:29 +02:00
Nazar Gargol
a15a45fa9b Added notes about attribute serialization for tag parent and author author_id (#9932)
refs #9866

- Added notes to tag/author model attributes that are not being touched during API  introduction
2018-10-01 20:30:37 +02:00
Fabien O'Carroll
af12f21db7 Updated base model destroy fn to be more generic (#9928)
refs #9914

This allows us to destroy models on properties other than the id.
2018-10-01 14:44:52 +02:00
Nazar Gargol
4368aa194a Added coverage for absolute urls being generated on post's included tags (#9924)
no-issue
2018-09-30 21:48:31 +02:00
Katharina Irrgang
efc5219afa Added empty api v2 + shared folder and README.md (#9920)
refs #9866
2018-09-28 00:03:21 +05:30
Rishabh Garg
6163d1f128 Updated overrides config for api versions with v0.1 to deprecated (#9921)
refs #9866

- v0.1 == deprecated
- v2 == active
2018-09-27 19:34:12 +02:00
Katharina Irrgang
b43ab65d8a
Moved api controllers into api/v0.1 (#9918)
refs #9866

- preparation for v2
- moved api/ to api/v0.1
- do export v0.1 straight from the api folder, we don't want to touch this right now
- that means currently if you require the api folder, we return v0.1 by default
- there were some direct requires of api files in the test env
  - some of them use rewire
  - for now, we just correct the require path to require api/v0.1/
  - we touch the test env next week

**Docs about V2 design are coming soon!**
2018-09-27 16:06:57 +02:00
Fabien O'Carroll
4d9414b5d2 Created Session Model (#9909)
refs #9865

- Created session model for session table
- Added model relations
- Added unit test coverage
2018-09-27 14:31:39 +02:00
Fabien O'Carroll
1d17f2aa91 Created session table migration (#9908)
refs #9865

- This table will be used for storing user sessions in
2018-09-27 09:51:46 +02:00
Nazar Gargol
4c5bff0f49 Removed toJSON serialization in findPage method (#9899)
refs #9866

- Removed `toJSON` call in `findPage`
- Added JSON serialization on API layer
- Reason: model and api layer were coupled - all other model actions just returned the raw data and no specific format
- Corrected test suites to serialize fetched models to JSON
- Removed `absolute_urls` attribute from validOptions findPage methods as it's no longer needed in the data layer
- Changed 'include' test as this option is now tolerated and returns data
2018-09-26 14:11:22 +02:00
Nazar Gargol
7b950f6382 Added test case for includes not being present in response
refs #9866

- Adds a test case checking current filtering behavior for 'include' parameter
2018-09-26 12:16:09 +02:00
Fabien O'Carroll
6c35de7d95 Updated api.http handling of controller returned fns (#9907)
refs #9865

This is to ensure that if a controller returns a function, it will
always get called regardless of method.

Also cleaned up top level const usage
2018-09-26 08:13:41 +02:00
Fabien O'Carroll
6ccb2debe2 Version bump to 2.1.4 2018-09-25 18:04:57 +07:00
Fabien O'Carroll
8eb59ce6fa Updated Ghost-Admin to 2.1.4 2018-09-25 18:04:57 +07:00
Fabien O'Carroll
215bddeffd Version bump to 2.1.4-beta.1 2018-09-25 17:34:37 +07:00
Fabien O'Carroll
03bac6991a Updated Ghost-Admin to 2.1.4-beta.1 2018-09-25 17:34:37 +07:00
Fabien O'Carroll
045ce0a800 Updated private-sites to not redirect to full urls
no-issue

- Parse redirects as URL with blog as base
- Redirect to the pathname property of parsed URL

Credits: @j3ssie
2018-09-25 17:32:17 +07:00
Nazar Gargol
082dec7507 Bumped ghost-ignition to version 2.9.6 2018-09-25 11:41:37 +02:00
Fabien O'Carroll
afdf1bd741 Upgrading Casper to 2.6.3 2018-09-25 11:37:45 +07:00
Rishabh Garg
9624c88f3e Refactored url utility to generate multiple API version URLs (#9897)
refs #9866

- added api version config to overrides, which makes it possible to have a centralized api versioning configuration
- the next PR will use this config in the web folder
- make api url generation in url service flexible and dynamic
- remove hardcoded API_PATH
- updated all places which used `urlFor('api'..)` -> we now ask for explicit api version
2018-09-24 21:49:20 +02:00
Rishabh Garg
39485d17c0 Added new endpoint to upload square profile images with dimension validation (#9862)
refs #8576

- adds new API endpoint `/uploads/profile-image` for uploading profile images
- new validation which fails with error message if uploaded image is not square
- Renamed getImageSizeFromFilePath to getImageSizeFromStoragePath, because it's more explicit
- Add new getImageSizeFromPath method, which is used in the new dimensions middleware
- Ensure we use the sharp middleware to auto-resize the uploaded profile pictures
- Ensure the new route get's added to v2

While this makes sure all future profile images uploaded are square, this doesn’t affect any existing non-square profile image. Needs more thought on how to handle existing non-square profile images for the purpose of making theming easier in future.
2018-09-24 21:42:58 +02:00
Daman Mulye
214d682ea3 Removed change frequency and priority fields from sitemap generator (#9771)
closes #9765

- Google says that change frequency and priority are not important when search engines crawl through pages. Therefore, these two properties are unimportant and removed from Ghost. Reference: https://www.seroundtable.com/google-priority-change-frequency-xml-sitemap-20273.html
- Credits to @damanm24
2018-09-24 19:16:31 +02:00
Jesse Houwing
e3234bce6c 🎨Added case insensitive support for redirects (#9755)
no issue

- e.g. "/^\\/case-insensitive/i
- Adds tests for case sensitive redirects
- Needs a doc update on release!
2018-09-24 18:57:05 +02:00
kirrg001
bc4b637e30 Refactored direct usages of api controllers
refs #9866

- if we start with v2 controllers, the code base should not require specific api controllers
- because e.g. `require('../api/posts')` will no longer exist
- if you require the api folder, you will get the latest available version by default e.g. `require('../api').posts`
- this branch does not touch the test env (!)
2018-09-21 15:18:22 +02:00
Katharina Irrgang
727ff183f4 Normalised how we require models
refs #9866

- if I want to do a project search and looks for model usages e.g. `models.`, then I won't find these usages
- normalise how we require models -> consistency
2018-09-21 15:16:19 +02:00
Katharina Irrgang
213474835b Refactored how we require shared middlewares from web/ (#9893)
refs #9866

- use package notation
- get rid of x requires for middlewares
- improved readability
- do not refactor web/api/v0.1
2018-09-21 16:17:11 +05:30
Fabien O'Carroll
7d25c36a7b Removed duplicate 'id' for User permittedOptions
refs #9881

This is because we don't want duplicates
2018-09-21 12:15:29 +02:00
Fabien O'Carroll
2cb8d06fca Updated permittedOptions to correctly call super
refs #9881

When subclassing and calling "super" you must explicitly pass the this
context and any parameters
2018-09-21 12:15:29 +02:00
Fabien O'Carroll
b326cfaab7 Updated base model to remove extraAllowedProperties
refs #9881

This is because when extending these methods, you need to know the
contents of the extraAllowedProperties to replicate it in the subclass,
breaking the principle of open/closed.
2018-09-21 12:15:29 +02:00
Katharina Irrgang
b913618c03 Extended uncapitalise unit tests (#9891)
Extended uncapitalise unit tests

refs #9866

- Proved that the middleware works for many API versions
- Added test case to prove that the version identifier gets lowercased too
2018-09-20 22:27:38 +02:00
Katharina Irrgang
0d35733448 Removed res.isAdmin from admin express app (#9889)
refs #9866

- the admin express app serves the client
- it only uses admin redirects
- we can use the new middleware function to avoid `res.isAdmin`
2018-09-21 01:08:09 +05:30
Rishabh Garg
fcd275f6c0 Refactored web/middleware and web/utils to web/shared (#9892)
refs #9866

- Moved web/middleware to web/shared/middlewares
- Moved util file to web/shared/utils
2018-09-20 20:04:34 +02:00
kirrg001
07fee6d027 Replaced setPrototypeOf with Object.setPrototypeOf
no issue

- discovered here: https://github.com/TryGhost/Ghost/pull/9886#discussion_r219127231
- `setPrototypeOf` is a npm package and a dependency of e.g. express
- we can use `Object.setPrototypeOf` instead
2018-09-20 17:50:57 +02:00
Nazar Gargol
006c83fbe4 ES6 migration: server/web/ (#9886)
refs #9589
2018-09-20 15:03:33 +02:00
Nazar Gargol
7e17c56feb Removed res.isAdmin usages from v2 express app (#9884)
refs #9866

- Removed `res.isAdmin` flag in v2 express app
- Did not touch v0.1 express app
- Separated url redirect middleware for admin and content API
2018-09-20 13:58:45 +02:00
Rishabh Garg
0549c9f7d4 ES6 migration: server/api/ (#9876)
refs #9589
2018-09-18 15:59:56 +02:00
Nazar Gargol
57271127f4 Added v2 api endpoints (#9874)
refs #9866

- Registered Content API under /ghost/api/v2/content/
- Registered Admin API under /ghost/api/v2/admin/
- Moved API v0.1 implementation to web/api/v0.1
- Created web/api/v2 for the new api endpoints
- Started with reducing the implementation for the new Content API (the Content api does not serve admin api endpoints, that's why it was reducible)
- Covered parent-app module with basic test checking correct applications/routes are being mounted
- Added a readme file, which contains a warning using v2, because it's under active development!
- This PR does only make the new endpoints available, we have not:
  - optimised the web folder (e.g. res.isAdmin)
  - started with different API controllers
  - reason: we want to do more preparation tasks before we copy the api controllers
2018-09-18 15:59:06 +02:00