- there's a weird situation when we have mixed versions of the
dependency because different libraries try to compare instances
- this brings the usage up to 1.2.21 so we can fix the build for now
refs https://github.com/TryGhost/Toolbox/issues/515
- We don't have a good way to test TTL caches without setting up Redis in the environment
- Adding in-memory cache adapter with TTL allows to run tests on CI without having to install Redis
- Also, TTL in memory cache can be a great substitution for Redis-based caches on instances that
have a lot of spare RAM and don't need to use Redis necessarily
- MemoryTTL cache accepts two parameters "TTL" and "max"
- TTL - is time in milliseconds to hold the value for in cache
- max - is the maximum amount of items to keep in the cache
- To use MemoryTTL cache specify following config in the cache section:
```
"adapters": {
"cache": {
"imageSizes": {
"adapter": "MemoryTTL",
"ttl": 3600
}
}
}
```
- Above config would apply MemoryTTL cache to imageSizes feature with TTL fo 3600 ms
refs
https://www.notion.so/ghost/Marketing-Milestone-email-campaigns-1d2c9dee3cfa4029863edb16092ad5c4?pvs=4
- Added a `slack-notifications` repository which handles sending Slack
messages to a URL as defined in our Ghost(Pro) config (also includes a
global switch to disable the feature if needed) and listens to
`MilestoneCreatedEvents`.
- Added a `slack-notification` service which listens to the events on
boot.
- In order to have access to further information such as the reason why
a Milestone email hasn't been sent, or the current ARR or Member value
as comparison to the achieved milestone, I added a `meta` object to the
`MilestoneCreatedEvent` which then gets accessible by the event
subscriber. This avoid doing further requests to the DB as we need to
have this information in relation to the event occurred.
---------
Co-authored-by: Fabien "egg" O'Carroll <fabien@allou.is>
refs https://github.com/TryGhost/Team/issues/2561
- added simple socket-io implementation to Ghost server
- added alpha flag for websockets
- added route in admin to test websockets using a simple counter stored in server local memory (refreshes on reboot)
closes https://github.com/TryGhost/Team/issues/2558
- bumped `kg-lexical` packages so we're working with latest suite of default nodes and renderer
- added a `render()` method directly to our `lexicalLib` object
- allows us to pass through all of Ghost's config for image transforms etc in one place rather than every time we want to render something
refs
https://www.notion.so/ghost/Marketing-Milestone-email-campaigns-1d2c9dee3cfa4029863edb16092ad5c4
This adds a milestone entity and in-memory repository in a new
`milestone-emails` package. This also adds a first initial definition of
milestones and their types which is held in the default config to avoid
DB changes when, e. g. values change.
This should get everything in place to begin with the service
implementation.
refs https://github.com/TryGhost/Toolbox/issues/501
- this reverts commit 48dda23554
- also includes a resolution for `@elastic/elasticsearch` so we don't
run a version that is potentially problematic - see referenced issue
for context
refs https://github.com/TryGhost/Ghost/issues/15502
- the amazing `i18next-parser` dependency will extract our translated
strings from Portal and dump them into locale files, so we never have
to add them manually
refs https://github.com/TryGhost/Ghost/issues/15502
- this is an early implementation of an i18n provider by
exporting an instance of `i18next`
- there's a lot more to be done here but baby steps :)
refs https://github.com/TryGhost/Toolbox/issues/499
refs 6bcc47a0ad
- Using module directly caused issues with snapshots manager instance initialization (mocha hooks did not apply to a correct instance)
- See refed commit for more
refs https://github.com/TryGhost/Toolbox/issues/499
- Outgoing emails have been a weak point of Ghost's stability recently. The concept of "emailMockReceiver" similarly to "webhookMockReceiver", allows to test side-effects like outgoing emails.
- This is a first iteration which should lay groundwork for testing all outgoing emails in the future
- The change adds a new concept of "email mock receiver" which is very similar to how the "webhook mock receiver" works. The email mock receiver exposes two methods to record and verify snapshots:
- matchHTMLSnapshot - records and verifies only the HTML content of the outgoint email
- matchMetadataSnapshot - records and verifies all the non-HTML properties sent along an email content, e.g.: to address, plaintext, subject, etc.
- What's missing is matching content based on dynamic content like dates, links with JWT tokens, etc.
refs https://github.com/TryGhost/Toolbox/issues/501
- we were seeing random high CPU usage from one of the dependencies in
this bump, so this commit reverts the entire list until we can figure
out the cause
refs https://github.com/TryGhost/Toolbox/issues/501
- we were seeing random high CPU usage from one of the dependencies in
this bump, so this commit reverts the entire list until we can figure
out the cause
closes https://github.com/TryGhost/Toolbox/issues/497
- The classification of fatal/non-fatal errors has been updated to only be fatal when causing page renders with 5xx or 4xx responses.
- Some of the rules checking Ghost 5.x compatibility have been relaxed to only be "error" with the gscan version bump
- You can find more details on which exact rules were relaxed in the gscan's commit log - https://github.com/TryGhost/gscan/compare/v4.35.1...v4.36.0
- this was all getting terribly behind so I've done several things:
- majority of `@tryghost/*` except Lexical packages
- gscan + knex-migrator to remove old `@tryghost/errors` usage
- bumped lockfile
refs https://github.com/TryGhost/Team/issues/2235
We found some cases which can cause a site to have member emails that have invalid characters like `member@example.com�`. This happened due to the `validator` version used by Ghost not able to catch some specific cases as invalid email, allowing members to be created with them either via Admin or Importer or direct signup. Portal UI already blocked these email as invalid. This change:
- updates `@tryghost/validator` to include a latest version of email validator that catches these invalid cases
- doesn't allow member creation with invalid email like above
- doesn't allow existing member emails to be edited to invalid
refs: https://www.getrevue.co/app/offboard
- Revue is stopping all paid subscriptions on 20th Dec, and shutting down on Jan 18th.
- This update allows Ghost to accept and handle the zip file Revue are providing as an export in Labs > Importer
- It will import posts (as best as we can with the data provided) and subscribers as free members
- At present it doesn't import paid subscribers, as we don't have that info, but you can disconnect Revue from your Stripe account to prevent all your subscriptions being cancelled & there's the option this can be fixed later
- There will be further updates to polish up this tooling - this is just a first pass to try to get something in people's hands
Co-authored-by: Paul Davis <PaulAdamDavis@users.noreply.github.com>
refs https://github.com/TryGhost/Team/issues/2370
Due to a possible bug in either `@sentry/node` (mainly the Express
middlewares and the usage of deprectated Domain) and Node v16+,
unhandled promise rejections are transformed into uncaught exceptions
and cause Ghost to crash in unexpected situations.
Reverting to `v7.11.1` fixes this (but definitely not ideal at all)
because errors are caught in the Express middleware.
Reproduction repo:
https://github.com/SimonBackx/sentry-node-unhandled-rejection-crash
no issue
Local tests can now setup Stripe during the global setup process, and the webhook server is run out-of-process.
Running tests in CI against localhost will use environment variables to setup Stripe.
Providing a test URL will avoid setting up Stripe and will assume that it is already done.
refs https://github.com/TryGhost/Team/issues/2225
- updated the `formatOnWrite` transform map for posts to include the new `nodes` and `transformMap` options used by `urlUtils` for transforming node payload data
- added `nodes` to the `lexicalLib` module that pulls in our default nodes to be passed in to the URL transform utilities
- added `urlTransformMap` to the `lexicalLib` module that maps transform type and data type to URL transform utility functions that accept a single URL argument
refs: https://github.com/TryGhost/Ghost/issues/14882
This commit totally removes Bluebird from the importer. Updated `@tryghost/promise` to use native async/await and refactored importer logic to avoid the need of `reflect()`.
fixes https://github.com/TryGhost/Team/issues/2175
- New event type `aggregated_click_event` that is disabled by default in all the existing activity feeds
- This returns click events, but only the first click events for each member/post combination.
- It includes the total count of unique link clicks for that member on that post combination
- Had to resort to some custom knex queries to make this work easily
- Requires `@tryghost/bookshelf-pagination@0.1.31`, included in `@tryghost/bookshelf-plugins@0.6.1` (this fixes an issue with custom selects breaking the total count query of pages)
- Went a bit overboard with the pagination tests to cover as much unknown edge cases as possible
refs: https://github.com/TryGhost/Toolbox/issues/440
New command to generate demo data, creates data for over 20 tables in
Ghost, suitable for testing most features of the dashboard, as well as
making guided product tours using newsletters, tiers, many posts and
tags.
Usage: `yarn start generate-data`
Optionally, keep your existing posts / tags with: `yarn start generate-data --use-existing-tags --use-existing-posts`
refs https://github.com/TryGhost/Team/issues/2078
This pulls the current Tiers logic into its own package, the persistence part of
the work has not been done yet, that will be handled in core, so all bookshelf
model specific stuff is kept together.
closes: https://github.com/TryGhost/Ghost/issues/14973
- When fetching content using a non-standard charset, characters were notproperly decoded to utf-8 resulting in mangled text in the editor -> Detect charset and use iconv to decode the page text
- When requesting a non bookmark card, if no oembed data could be foundand we fallback to bookmark, a second network request to fetch the content was issued. This seemed unnecessary -> refactored to avoid that
- up until this commit, git hooks were only used by a handful of people
because they were a pain:
- they'd only be set up when you did `yarn setup`
- the existing hooks ran `yarn lint` on all projects, which was
incredibly slow
- as a result, not many of us actually had them enabled, but this would
cause issues in CI because people were pushing un-linted commits
- other JS projects tend to use husky to automate the git hook setup and
lint-staged to speed up linting on changed files
- this commit switches to using them both
- `lint-staged` only runs `eslint` on staged JS files that are about to
be committed - if there's a linting error, it will stop the commit
- I've configured the pre-commit hook to successfully exit in CI because we
don't want to run pre-commit hooks right now
- this means we can remove Grunt - yay!
refs https://github.com/TryGhost/Toolbox/issues/320
- Header snapshot matching was missing from webhook e2e tests. With a bumped version of webhook-mock-receiver it's now possible to record and match webhook request headers.
refs https://github.com/TryGhost/Toolbox/issues/410
- The 'private' value in 'Cache-Control' response header for all errors made it impossible for shared caches (e.g.: Fastly, Cloudflare) to cache 404 responses efficiently.
- The change substitutes 'max-age=0' which should not effect the browser cache behavior but would allow shared caches to process such requests efficiently.
- A more loose caching logic only applies to 404 responses from GET requests that are not user-specific (non-authenticated, non-cookie containing requests)
no issue
Since `ember-moment@10.0` it's not been necessary to use the `ember-cli-moment-shim` package, with `moment` instead being usable directly via `ember-auto-import`. Getting rid of the shim package is necessary for compatibility with `embroider`, Ember's new build tooling.
- dropped `ember-cli-moment-shim` dependency
- added `moment-timezone` dependency and updated all imports to reflect the different package
- worked around `ember-power-calendar` having `ember-cli-moment-shim` as a sub-dependency
- added empty in-repo-addon `ember-power-calendar-moment` to avoid `ember-power-calendar` complaining about a missing package
- added `ember-power-calendar-utils` in-repo-addon that is a copy of `ember-power-calendar-moment` but without the build-time renaming of the tree for better compatibility with embroider
refs https://github.com/TryGhost/Toolbox/issues/426
- we're going to need to support more complex combinations of dev
commands soon, with other packages optionally running and env
variables being altered
- this command pulls out a lot of the dev env scripting into a single
scripts
- also cleans up the use of grunt-shell so we can remove the dependency
refs https://github.com/TryGhost/Team/issues/1949
- bumps `@tryghost/kg-default-cards` which updates the rendered output for emails
- added `height: auto` style to the img element so clients don't render the image at the fixed image height retrieved from the `height="x"` attribute
closes https://github.com/TryGhost/Team/issues/1916
closes https://github.com/TryGhost/Team/issues/1917
- Added database storage for link redirects and click events via repositories (hides away database layer) defined in the wrapper services
- Added LinkClickRepository to store click events to database
- Added LinkRedirectRepository to store link redirects to database
- Added PostLinkRepository to link LinkRedirects with posts
- Renamed link-replacement package to link-replacer, and made it dependency less (it only replaces links now, doesn't do anything else)
- The link-tracking service has a new `addTrackingToUrl` which returns a new URL that includes tracking. The new `addRedirectToUrl` method does the same but without tracking for now.
- MEGA service now uses the link-replacer to replace links in the emails using a combination of different services (member attribution + link-tracking service)
no issue
- bumped `@tryghost/url-utils` to get access to the new lexical transform utilities
- updated the Post model's `parse()` and `formatOnWrite()` methods to transform the `lexical` field contents when reading/writing to ensure any links in content point at the correct place with `site.url` config changes
closes https://github.com/TryGhost/Ghost/issues/15424
refs b9ab1002b3
refs 9210ac7dc7
- When errors were throw from the model layer the HTTP API responses contained misleading information about the error - e.g.:
"message": "Unknown error - TypeError, cannot save post."
- This was due to the error handling code throwing it's own internal error resulting in compete loss of the original Ghost's error context.
no issue
- added `@tryghost/kg-lexical-html-renderer` dependency
- added `lexical` lib following the same pattern as our `mobiledoc` lib
- updated the Post model's `onSaving` hook to generate the `html` value from `lexical` when present
no issue
- bumped `@tryghost/admin-api-schema` to allow passthrough of the `lexical` property on post and page API endpoints
- prevented saving of blank document in the `mobiledoc` field if `lexical` is provided
- prevented API input containing both `mobiledoc` and `lexical` fields to avoid issues when both are present:
- not possible to know which content is latest/has precedence
- not possible to know which editor should be displayed in Admin
closes https://github.com/TryGhost/Ghost/issues/15391
- `vertical-collection` component was throwing errors during render when the tags list was filtered down causing slowdowns or full Admin crashes
- similar regression had popped up before and fixed in https://github.com/TryGhost/Ghost/pull/15207 but the dependency had been bumped again without realising it caused an error
- added a test that triggers the error-throwing behaviour in the tags input to help catch this in future dependency updates
no issue
- By bumping the version of adapter-base-cache I'm expecting `yarn` command to pick up this package. I suspect the failures on CI are due to some caching issue.
https://github.com/TryGhost/Toolbox/issues/364
- When the adapter base class lives deep inside Ghost's codebase it is pretty hard for other developers to extend it. With the goal of making Ghost easier to use and deploy by others, this kind of functionality should be as easy to extend as possible.
- The base adapters should live in the TryGhost/SDK repository. Next ones to move are Scheduling, SSO, and Storage base adapters.
refs https://github.com/TryGhost/Team/issues/1871
This commit adds a test to the serialize method of `post-emaiserializer`. It checks whether the generated email HTML is valid and standard HTML5 and that all properties are escaped.
To do this validation, I depend on the new `html-validate` dev dependency. Just parsing the HTML with a HTML parser is not enough to guarantee that the HTML is okay.
Apart from that this fixes:
- Removed the sanitizeHTML method and replaced it with normal HTML escaping. We don't want to allow any HTML in the escaped fields. Whereas `sanitizeHTML` still allows valid HTML, but we don't want that and want the same behaviour as on the site. E.g., a post with a title `All your need to know about the <br /> tag` should actually render the same title and non-html content, being `All your need to know about the <br /> tag`
- The file, nft and audio card didn't (always) escape the injected HTML fields (new version @tryghost/kg-default-cards)
- `@tryghost/string` is bumped because it contains the new escapeHtml method
closes https://github.com/TryGhost/Team/issues/1873
- bumps `@tryghost/kg-default-cards` which amends the product card rendering to output adjusted `width` and `height` attributes and a resized `src` attribute on the `<img>` element
refs https://github.com/TryGhost/Team/issues/1734
- resolves some deprecations raised by the addon which has fallen out of regular maintenance
- we were largely overriding much of the addon so the additional code was minimal, most of the changes were from updating to modern patterns
fixes https://github.com/TryGhost/Ghost/issues/15190
refs https://github.com/TryGhost/framework/pull/76
- log output always uses UTC timestamps, but it may be desirable to
configure logs to use the local machine timezone
- a new config option has been added to `@tryghost/logging` so you can
switch the logs to the local timezone
- this commit bumps the package and sets the default config option to
`false`, so it doesn't suddenly change the timezone of the logs
- docs will be updated soon but if you'd like to use the
timezone-altered timestamps, you can set `logging.useLocalTime` to
`true`
- credits to https://github.com/levee223 for the implementation and PR
refs https://github.com/TryGhost/Ghost/issues/14101
refs https://github.com/TryGhost/Team/issues/1734
- use of the helper was generating deprecation warnings when building Admin
- removed the single usage in favor of using `{{perform}}` directly on a controller task property as there was no need to go via the route
- changed naming of task properties to include a `...Task` suffix so it's clear when dealing with a task object
- cleaned up unused dependencies
- adds missing dependencies that are used in the code
- this should help us be more explicit about the dependencies a package
uses
refs https://github.com/TryGhost/Toolbox/issues/363
- this commit switches us to using the official and maintained
`mailgun.js` SDK, and updates the `mailgun-client` code to reflect the
changes between the two
fixes https://github.com/TryGhost/Ghost/issues/11541
- due to an upstream bug, typing emojis using Safari would show square
boxes in the editor
- the upstream patch has been fixed, so I've pulled it into our
mobiledoc-kit fork
- this commit bumps that package to fix the issue in Ghost
refs https://github.com/TryGhost/Team/issues/1723
- Added count.replies to comments
- Added replies endpoint
- Limited returned replies to 3.
- Replaced likes_count with count.likes in comments
- Instead of fetching all the likes of a comment to determine the total count, we'll now use count.likes
- Instead of fetching all the likes of a comment to determine whether a member liked a comment, we'll now use count.liked (which returns the amount of likes of the current member, being 0 or 1). This is mapped to `liked` to make it more natural to work with.
The `members.test.snap` file changed because we no longer include `liked: false` if we didn't fetch the liked relation. And in the comments events of the activity feed the liked property is therefore removed.
These changes requires an update to the `bookshelf-include-count` plugin:
- Updated to also work for nested relations
- This moves the count queries from the `bookshelf-include-count` plugin to the `countRelations` method of each model.
- Updated to keep the counts after saving a model (crud.edit didn't return the counts before)
- `eslint-plugin-ghost` v2.15.0 bumped `eslint-plugin-unicorn` to a
version that required Node 14.18.0
- we don't support that minimum right now so this commit bumps the Ghost
plugin which contains a revert to that plugin
refs https://github.com/TryGhost/Toolbox/issues/345
- this commit bumps `eslint-plugin-ghost`, which bumps compatiblity to
2022
- this also removes a lot of the manually-added
`parserOptions.ecmaVersion` that we had in imported packages, in favor
of the value set in `eslint-plugin-ghost`
fixes https://github.com/TryGhost/Toolbox/issues/370
- we no longer need `bthreads` because we can use native
`worker_threads` now we don't have to support Node 10 any longer
- this allows us to clean up a dependency and stick with native
libraries
- the referenced node-sqlite3 issue should be fixed (or at least, we now
maintain it so we can fix it if not)
refs https://github.com/TryGhost/Ghost/commit/a58efd6b
The references commit updated the admin-api-schema to require the `trail_days`
property, which is not yet supported by the Admin. When saving membership
setting we also save all the Tiers, which then causes the validation to fail.
Until the Admin supports the property we should remove validation from the API
refs 82dcc042cd
- `coffeescript` was only added in the first place because of an update
to `grunt-bg-shell`, which required it
- since then, we've removed `grunt-bg-shell`, so we don't need this
dependency any further
- this commit switches our `yarn dev` workflow from heavily relying on
Grunt, to using `nodemon` and `concurrently`
- we're doing this to reduce reliance on Grunt, but also to fix several
nits with the way `yarn dev` works in the monorepo
- we now use `nodemon` to run the Ghost backend, and it should
auto-refresh whenever you change a file in any of the packages (except
`admin`)
- we use `concurrently` to simultaneously run `ghost` and `admin` at
the same time. it seems to handle process cleanup well and has nice
colored prefixes to help with differentiating between log output
- this commit ends up removing a handful of Grunt dependencies and
reduces the functionality stored in the Gruntfile
- on the whole, it should keep existing functionality but there may be
some small underlying changes to get used to
- as part of our effort to reduce our usage of Grunt in favor of more
maintainable (and maintained) alternatives, this commit removes Grunt
from Admin
- the main difference here is switching from subgrunt to shell, which
should be a nice stepping stone to removing Grunt altogether one day
- we're meant to be running our CSS through csscomb in order to apply
specific code styles, but the reality is that it never gets used
- keeping csscomb around just adds to the package cruft and so this
commit cleans up references to it in order to
refs https://github.com/TryGhost/Toolbox/issues/365
- some of this was barely used anyway, but now Admin is a package in the
monorepo, we don't need to be installing dependencies twice
refs https://github.com/TryGhost/Toolbox/issues/363
- this shared library is standalone, and it used in various places of
Ghost core, so we can pull it out to keep it easier to reason about
- we also use the `html-to-text` dependency in another package but it's
outdated and could now switch to this new package
refs https://github.com/TryGhost/Team/issues/1695
This updates the comment_count helper from a block to inline, and the
frontend script to replace the entire element with the comment count
text. This means that theme designers will have the most flexibility
as they can choose whether or not to wrap the text in an element, as
well as which element.
refs 0a34be4012
- the admin html is no longer stored in core/server, and we don't need to
copy the production file to default.html
- this commit cleans up the grunt command to do this, and removes the
plugin whose only use was doing this
- this takes us another step closer to removing grunt
- this commit switches out the Grunt postcss plugin with the official
postcss CLI
- this means we can remove yet another step from Grunt, which helps
towards our goal of removing Grunt entirely
- I've confirmed the minified output is exactly the same as before
fixes https://github.com/TryGhost/Ghost/issues/14323
- Fixed support for resizing images from Unsplash using the `img-url` helper (previously the size property was ignored for images from Unsplash)
- Added support for `avif` file formats (supported by sharp out of the box)
- Added support for setting the format of images, with a new `format` option:
E.g. to convert an image to webp (only works in combination with size for now, except for Unsplash where you can use it without size):
```
{{img_url @site.cover_image size="s" format="webp"}}
```
This can help improve the performance of a theme, by serving assets in `<picture>` elements with webp and fallback image formats.
Usage example:
```html
<picture>
<source
srcset="{{img_url feature_image size="s" format="avif"}} 300w,
{{img_url feature_image size="m" format="avif"}} 600w,
{{img_url feature_image size="l" format="avif"}} 1000w,
{{img_url feature_image size="xl" format="avif"}} 2000w"
sizes="(min-width: 1400px) 1400px, 92vw"
type="image/avif"
>
<source
srcset="{{img_url feature_image size="s" format="webp"}} 300w,
{{img_url feature_image size="m" format="webp"}} 600w,
{{img_url feature_image size="l" format="webp"}} 1000w,
{{img_url feature_image size="xl" format="webp"}} 2000w"
sizes="(min-width: 1400px) 1400px, 92vw"
type="image/webp"
>
<img
srcset="{{img_url feature_image size="s"}} 300w,
{{img_url feature_image size="m"}} 600w,
{{img_url feature_image size="l"}} 1000w,
{{img_url feature_image size="xl"}} 2000w"
sizes="(min-width: 1400px) 1400px, 92vw"
src="{{img_url feature_image size="xl"}}"
alt="{{#if feature_image_alt}}{{feature_image_alt}}{{else}}{{title}}{{/if}}"
>
</picture>
```
- it was incorrectly referencing `tpl` as a dependency, which must have
been accidentally included when the package was created
- this has been switched out for `@tryghost/tpl`
- also added the missing `@tryghost/errors` dependency
- since we've turned the repo into a monorepo, the `yarn main` scripts
have lived in their original place under `ghost/core` package.json and
Gruntfile.js
- for one, we want to remove grunt because it's terribly old and our use
is hacked together
- secondly, `yarn main` applies to the monorepo + submodules as a whole,
and not just the Ghost core folder
- this commit extracts the functionality into yarn scripts in the
top-level and removes the dependency that was required
refs https://github.com/TryGhost/Toolbox/issues/357
- Adds support for persisted one off offloaded (worker thread) jobs
- To try them out run Ghost instance in "testmode" and shoo a request like so: `curl http://localhost:2368/ghost/api/oneoff/graceful-job` - this starts a one time job from graceful-job script (can only ever be executed once on the Ghost instance)
- Job's progress and runtime details are persisted in `jobs` table
- To play more with one off jobs use `addOneOffJob` method available on jobsService
refs https://github.com/TryGhost/Toolbox/issues/354
- this commit turns the Ghost repo into a monorepo so we can bring our
internal packages back in, which makes life easier when working on
Ghost
- up until now, we've been running `grunt release` before publishing to
NPM or pushing the canary zip
- this command runs the production asset build and generates a zip
- this zip isn't used by the NPM publishing task because that does an
`npm pack`
- we only use it for the canary build, but this should be brought more
inline with the NPM process to make the gaps smaller
- this commit refactors the `grunt release` task to become a lot smaller
by removing the generated zip steps
- the expected workflow is now to just to an `npm pack`, which will run
the `prepack` task to generate a `.tgz` archive
- this should still respect `.npmignore`, so it'll just include the
files we expect
- the test of the canary workflow is being updated to handle this
- also cleans up a dev dependency that is no longer used, along with 2
imports
refs https://github.com/TryGhost/Team/issues/1174
refs https://github.com/TryGhost/Members/pull/408
When logged out members navigate a site and want to interact with, for example
comments, they are redirected to the homepage after sign-in with the magic link,
this is disorientating, and means they then need to navigate back to the content
they were interacting with.
This change means that sign-in's will be redirected to the page from which they
were initiated, allowing a more streamlined flow for logged out members wanting
to add comments.
We've restricted the redirect to URI's which are on the same domain as the site,
and we also do a relative redirect, this is to ensure that a malicious actor does not
send magic links which redirect off-site and leak authentication details
closes https://github.com/TryGhost/Team/issues/1674
- The comped flag in Members API unintentionally stopped working when v3 API was dropped with the release of Ghost v5. The flag is deprecated but should be back-compatible for now - we don't want to break integratons like Zapier.
- To properly deprecate the flag we need to plan it's removal and start signalling about it through the version headers
Co-authored-by: Simon Backx <simon@ghost.org>
ref https://github.com/TryGhost/Team/issues/1667
Introducing 2 new helper handlebars tags, `{{total_members}}` and `{{total_paid_members}}` ideal for Member Sites who want to display these metrics to incentivise users to upgrade.
refs https://github.com/TryGhost/Team/issues/1673
When a user switches plan, the paid subscribers delta chart on the dashboard displays the change as a cancellation plus a new subscription. This display is misleading and confusing - instead, plan changes should be excluded from the paid subscribers delta chart.
To accomplish this, we added new properties to the API (signups and cancellations) that can be used to exclude plan changes in the statistics.
Changes in `@tryghost/stats-service`: d0dd218fc7
Related admin changes: https://github.com/TryGhost/Admin/pull/2425
refs https://github.com/TryGhost/Team/issues/1664
These changes are required for Portal to be able to edit the member notification preferences for comments, and to be able to know whether comments are enabled for the site.
refs https://github.com/TryGhost/Toolbox/issues/320
- Following the rule of having minimum code changes in the Ghost core codebase. This module belongs to "framework" along with other testing tools anyway.
- The bump includes a noteworthy changes - the "snapshotManager" was extracted into a separate exposed property of express-test API (maybe should be even it's own separate concept eventually, for now exposing it was enough). "snapshotManager" had to be exposed to be able to pass it to the webhook mock receiver - to use same instance configured with mocha hooks. snapshotManager has to be a singleton in the system to configure snapshots correctly through mochaHooks.
refs https://github.com/TryGhost/Team/issues/1526
This adds a check for existing subscriptions for a member associated with the
email addressed used for Stripe Checkout, if any are found the Checkout Session
creation fails and responds with a 403.
We've also updated the error handling for the create-stripe-checkout-session
endpoint so that it follows the existing Ghost API patterns.
fixes https://github.com/TryGhost/Team/issues/1652
fixes https://github.com/TryGhost/Ghost/issues/13319
**Image formatting**
Added support for changing the format of images via the `handle-image-sizes` middleware (e.g. format SVG to png, jpeg, webp)
This change was required:
- Not all browsers support SVG favicons, so we need to convert them to PNGs
- We can't fit image resizing and formatting in the `serve-favicon` middleware: we need to store the resized image to avoid resizing on every request. This system was already present in the `handle-image-sizes` middleware.
To format an uploaded image:
- Original URL: https://localhost/blog/content/images/2022/05/giphy.gif
- To resize: https://localhost/blog/content/images/size/w256h256/2022/05/giphy.gif (already supported)
- To resize and format to webp: https://localhost/blog/content/images/size/w256h256/format/webp/2022/05/giphy.gif
- Animations are preserved when converting Gifs to Webp and in reverse, and also when only resizing (https://github.com/TryGhost/Ghost/issues/13319)
**Favicons**
- Custom favicons are no longer served via `/favicon.png` or `/favicon.ico` (only for default favicon), but use their full path
- Added support for uploading more image extensions in Ghost as a favicon: .jpg, .jpeg, .gif, .webp and .svg are now supported (already supported .png and .ico).
- File extensions other than jpg/jpeg, png, or ico will always get transformed to the image/png format to guarantee browser support (webp and svg images are not yet supported as favicons by all browsers).
For all image formats, other than .ico files:
- Allowed to upload images larger than 1000px in width and height, they will get cropped to 256x256px.
- Allowed uploading favicons that are not square. They will get cropped automatically.
- Allowed to upload larger files, up to 20MB (will get served at a lower file size after being resized)
For .svg files:
- The minimum size of 60x60px is no longer required.
For .ico files:
- The file size limit is increased to 200kb (coming from 100kb)
refs https://github.com/TryGhost/Team/issues/1640
- Some the clien libraries were not able to match the signin key to verify JWT when using `GET /members/.well-knonw/jwks.json` endpoint for member token verification. This issue was due to missing `keyid` parameter allows to indicate the key used to secure JWS (as per https://www.rfc-editor.org/rfc/rfc7515#section-4.1.4) and resolves the automatic matching issue on the client.
- The `kid` parameter was left in claims to avoid accidental breaking changes.
refs https://ghost.slack.com/archives/C02G9E68C/p1652980792270029
- When bulk unsubscribing members, the number of deleted newsletter relations are returned instead of the number of members with newsletters that were cleared
- Updates members-api to 8.1.0, which uses this new option to delete newsletter relations by member_id instead of the id of the relation (which allows us to fetch the number of successfully/failed member deletes) Changes: https://github.com/TryGhost/Members/pull/400
- Added tests for bulk unsubscribe and bulk delete labels (because they both use the updated bulkDestroy method)
refs https://github.com/TryGhost/Team/issues/1642
- Updated `members-csv` (dependency via `members-importer`, shouldn't this be a separate dependency too?) package to use the `tiers` field instead of the (removed) products field.
- Added basic test to see if products and labels are returned in the csv.
- checkout session creation was failing when setup with `offerId` instead of `tierId` and `cadence`
- updates `members-api` to ignore cadence check to allow creation using `offerId` present in request
Added CLI commands for REPL and timetravel functionality
- Added TimeTravel command for updating test data with a date offset
- Added REPL command for access to models and knex in development
- Added pattern for creating new CLI commands, including
- User input
- Output
- Validation of `NODE_ENV`
- TimeTravel command is in the main Ghost repo because it requires the schema
refs https://github.com/TryGhost/Team/issues/1575
- Updates the admin-api-schema to reflect new data structure
- Updates members-api to allow Portal to use new data structure
- Data is only mapped at the serialised level to avoid changing the underlying implementation
- Ensure only one version of domain-events present in yarn.lock
refs https://github.com/TryGhost/Toolbox/issues/314
- Writing schema definitions will become more concise without a need to specify all valid resource properties that could be accepted by the Admin API - no need to define "strip" attribute on every known
refs https://github.com/TryGhost/Toolbox/issues/329
- Adds and improves gscan checks for use of following helpers:
- @labs.members
- @member.products
- @price
@labs.members going in favour @site.members_enabled
@member.products gone in favour of @member.subscriptions
@price and it's variations gone in favour of {{price}} + {{@member.subscriptions}}
refs https://github.com/TryGhost/Team/issues/1583
- Check limits when unarchiving newsletters
- Added tests for more scenarios
- When editing/adding newsletters, the limit check happens in the same transaction.
- `limit-service` was bumped to add transactions support
- Added transaction support for edit in newsletter service
refs https://github.com/TryGhost/Toolbox/issues/314
- The API principle guiding this change is the Robustness Principle: "be conservative in what you send, be liberal in what you accept". The API will start accepting any additional properties that are not explicitly defined in the schema for the resource and will be trimming any rogue properties that are sent in the payload
closes: https://github.com/TryGhost/Toolbox/issues/324
refs: https://github.com/TryGhost/Ghost/issues/14446
- Currently, if url is configured to http but a request is marked secure, Ghost will handle upgrading all internal URLs to https so that there are no mixed content warnings
- From 5.0 that feature is going away, in favour of strictly honouring the configured URL
- Ghost will serve URLs exactly as configured and won't upgrade http to https anymore
- This use case was common when Ghost was first built, but in 2022 the web is mostly https.
- The code needed to support the feature creates a lot of additional complexity & maintenance overhead, so removing this gives us space to do more cool and useful stuff in 2022
refs https://github.com/TryGhost/Toolbox/issues/292
- Copy improvements were done base on feedback. Makes the information in the email more concise and removes unecessary/unsecure bits like query strings.
refs https://github.com/TryGhost/Toolbox/issues/292
- Providing user-defined Integration name instead of API client's UserAgent gives a lot more control to instance administrators identifying which integration is being used incorrectly.
- It's best practice to create an Integration with a set of API keys per API client - which should be enough to identify an outdated one.
refs https://github.com/TryGhost/Toolbox/issues/292
- The version mismatch notification emails were missing a URL of the endpoint that was being accessed by an outdated integraton
- Also squeezed in a refactor simplifying APIVersionCompatibilityService initialization
- these packages have had minor code changes or dependency updates that
have forced us to publish the packages in Lerna
- this commit updates all packages in one rollup commit
- updated usage of url-utils.urlFor to work with v3
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Hannah Wolfe <github.erisds@gmail.com>
refs https://github.com/TryGhost/Toolbox/issues/292
- This change allows to reuse existing pattern present in Ghost on the version mismatch service layer, where we define the contents of the sent email through email templates instead of plain text.
- Apart form templates, there's now failed request URL present in the data passed to the email template along with site title and site url
refs https://github.com/TryGhost/Team/issues/1577
The last seen at was being updated via the model rather than the
respository, which mean that the default relations were not being
loaded.
This fix updates the repository to load the newseletters relation,
updates the last seen at updated to use the repository and updates the
output serializer to handle missing newsletter relation.
We also update all packages relying on the domain-events package to
ensure that they're all using the same version.
Co-authored-by: Fabien 'egg' O'Carroll <fabien@allou.is>
refs https://github.com/TryGhost/Toolbox/issues/292
- Following the concept of having as little code in Ghost core as possible :) The email content generation is also needed to be reused in the version mismatch handling package.
- these packages contain minor code or dependency updates but we're
forced to publish them because of Lerna
- this commit rolls up all pending updates into one commit to save noise
refs https://github.com/TryGhost/Team/issues/1545
**Changes (`members-api`)**
- Compare via https://github.com/TryGhost/Members/compare/%40tryghost/members-api%406.0.0...%40tryghost/members-api%406.1.0
- Added mapping from member subscribed to newsletters on edit/create
- When editing or creating a member with the subscribed property, it is mapped to the corresponding newletters value
- Defaults to all active newsletters with visibility = members and subscribe_on_signup = true
**Tests**
- Adds test that adds a member with subscribed = true
- Adds test that adds a member with subscribed = false
- Adds test that edits a member with subscribed = true
- Adds test that edits a member with subscribed = false
- these packages contain only code changes or dependency updates but
we're force to publish new versions due to Lerna's limitations
- this commit bulk updates the packages to save having many commits
refs 58ace0af76
- please see the referenced commit above for full context but this
commit bumps `@tryghost/nodemailer`, which contains a fix for reading
credentials when using the SES mail transport
- credits to @touzoku
refs https://github.com/TryGhost/Team/issues/1478
- Moved all admin API members tests to enable the multiple newsletters flag
- Checks if the susbcribe events are added correctly when adding or removing newsletters
- Checks if susbcribe events are added for default newsletters
refs https://github.com/TryGhost/Team/issues/1524
- This enables admins in the ghost admin to have an overview of the total posts/members associated with a newsletter.
- Follows the `?include=count.x` convention used by other resources
- I had to fork this dependency to add support for Knex 2.0 but yarn is
weird and won't bump it if we use `master` because "nothing changed"
- Using a hash should force yarn to pull the changes if the hash gets
updated
refs fccee0614f
- `@tryghost/nql-lang` had `date-fns` declared as a devDependency but it
was used within the library itself
- the referenced commit moved it to `dependencies` and this commit bumps
the packages in Ghost
- we had to switch to `@vscode/sqlite3` a while back because `sqlite3`
was unmaintained
- this fork didn't come with prebuilt binaries, so everyone had to
compile them on their machine
- this brought a lot of issues with installing Ghost
- since then, the Ghost team have picked up maintenance of `sqlite3` and
Knex has switched back, so we can switch back here too
refs https://github.com/TryGhost/Toolbox/issues/280
- Email notification handling logic needs to be added to Ghost. Ideally there should be as little code landing in the core as possible - mostly data fetching and hooking modules together.
- The primary email handling logic for the `Accept-Version`/`Conent-Version` header missmatch is done in `api-version-compatibility-service` module, and the `mw-api-version-mismatch` allows to intercept request with the missmatch and call the api version compatibility service to do it's job. The mw-error-handler gives each case of client BEHIND or AHEAD of the Ghost version a unique error code, so that the versioning compatibility service has data to distinguish different cases
refs https://github.com/TryGhost/Team/issues/1520
**Changes in members repo**
Bumped to `5.12.0`, with the following changes:
- Compare differences via https://github.com/TryGhost/Members/compare/%40tryghost/members-api%405.11.1...%40tryghost/members-api%405.12.0
- Instead of doing the matching of the offers and subscriptions by looking at the offer redemptions, we can now look at the offer_id from subscriptions.
- This also fixes an issue where we don't attach the offer object to subscriptions in the members' browse method
- Updated browse behaviour to match the read behaviour of members (product relation needs to get loaded because it is missing in member.products if the subscription is expired).
**Tests**
- Includes test to see if the API correctly returns the offer object when fetching one or multiple members
- Check if the return format is the same for the read, edit and browse members admin API endpoints (offer was missing in subscriptions)
- Snapshot files have been updated because now the offer is returned in subscriptions (content length increased)
refs https://github.com/TryGhost/Team/issues/1519
**Tests:**
- Tests whether the metadata from an offer is read correctly and stored in the database
- Test that invalid offer ids are ignored
**Changes in members repository:**
- Compare changes here: https://github.com/TryGhost/Members/compare/%40tryghost/members-api%405.9.2...%40tryghost/members-api%405.11.1
- The `offer_id` column of subscriptions is set based on the coupon id from Stripe
- `getByStripeCouponId` method added in the offers repository (required to look up an offer from a stripe_coupon_id)
- the `members-payments` package was bumped twice (once for changes, once for undoing those changes, my bad). Nothing else has changed in that package.
refs https://github.com/TryGhost/Team/issues/1469
Previously, members were subscribed to all available newsletters by default when added. This change updates the default newsletters subscription for member to take into account newsletter preferences for auto opt-in(`subscribe_on_signup`) as well as `visibility`.
refs https://github.com/TryGhost/Team/issues/1490
With multiple newsletters, members can choose their newsletter subscription preference in Portal while signing up. This change handles newsletter preference data for both free and paid members via magic link/stripe checkout and saves it for the newly created member.
refs https://github.com/TryGhost/Team/issues/1502
- Support the `newsletter_id` only when sending a newsletter
- Default to the default newsletter when `newsletter_id` isn't specified
- Ignore the `newsletter_id` parameter when passed in the post body
closes https://github.com/TryGhost/Ghost/issues/14452
- When {{tiers}} helper was used with parameters in a Ghost theme, for example statement like this: `{{tiers prefix="Access with:"}}`, the theme did not pass the gscan check and threw a false positive fatal error. {{tiers}} is fully valid and documented helper that should work in current version of Ghost
closes https://github.com/TryGhost/Ghost/issues/14452
- When {{tiers}} helper was used with parameters in a Ghost theme, for example statement like this: `{{tiers prefix="Access with:"}}`, the theme did not pass the gscan check and threw a false positive fatal error. {{tiers}} is fully valid and documented helper that should work in current version of Ghost
refs https://github.com/TryGhost/Toolbox/issues/280
- This change covers two use cases:
- The accept-version > current version + the request cannot be served: ERROR CASE 1
- The accept-version < current version + the request cannot be served: ERROR CASE 2
- Along with 406 status there's additional information about the probable cause and action to be taken by the Ghost site owner or an integration talking to the Ghost API.
- These errors is designed to allow introducing breaking API changes gradually and have meaningful information when the requests cannot be server any longer
refs https://github.com/TryGhost/Team/issues/1248
refs https://github.com/TryGhost/Team/issues/1302
refs https://github.com/TryGhost/Ghost/pull/14433
This fixes multiple problems we've had with handling stripe webhooks where
linking the same subscription concurrently was not locking the database row, we
would have the same operation attempted multiple times, in the case of creating
subscriptions this causes unique constraint errors, and in the case of creating
cancellation events, it was causing multiple cancellation events to be created.
refs https://github.com/TryGhost/Team/issues/1469
Currently, all new members get auto subscribed to the default newsletter. This change adds same behavior with multiple newsletters by auto subscribing all available newsletters on site for new members(If flag is enabled).
Note: In future, this will also take into consideration the `subscribe_on_signup` flag for a newsletter to filter which newsletters should a member be auto-subscribed.
- adds newsletters service for working with newsletter data
- bumps `@tryghost/members-api` package which handles default subscription
- adds new test fixture/data for newsletters