closes#942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
Closes#887
- Adds getSocket function > Returns the socket location if sockets are enabled or false
- Adds startGhost function > Callback for server.listen
closes#850
- the aliases for the ghost admin link were causing redirects of the
form /ghost//admin etc.
- simplest solution is to split the route into two with the first one
just redirecting and the second doing the auth
Fixes#825
- Changes the way the error middleware is delivered in server.js, moving
all the logic back into errorHandling.js
- Alters error logging to use console.error (probably more appropriate) instead
of console.log
- Changes error tests to accomodate for these alterations
- Alters user-error and error hbs templates to incorporate stack traces
- Adds additional styling for error pages to accomodate stack traces
- Added logic to parse and deliver formatted stack traces
Notes:
======
- Jslint gets in the way of the regex I've got to use to parse the stack.
(It cites 'security reasons' which are not relevant in this case.)
I needed to add a condition to relax it at the top of errorHandling.js
- The stack trace should probably be added as a partial, but I figured it
was out of scope for this PR.
Fixes#824
- Removed global registration of `express.bodyParser` middleware.
- Replaced with `express.bodyParser`'s constituents: `express.json` and
`express.urlencoded`, then registered `express.multipart` against *only*
the upload route.
Fixes#356
- Adds new generic methods for handling errors to errorHandling.js
- Initialises generic methods as middleware
- Created error.hbs view in admin
- Error handler searches for error.hbs view file in user theme folder
and renders it if available, otherwise lets the error fall through
to express.
- We *could* change the final behaviour to render a default ghost
template should the user template be missing
- Because it currently isn't possible to require(ghost) in errorHandling.js,
it was necessary to duplicate some aspects of the ghost path init code
inside errorhandling.js. This should be cleaned up and moved back
into ghost.js when possible.
closes#657, closes#761
- Got rid of initTheme from ghost.js (yay)
- Divided up the logic for static assets and views
- Ghost admin static assets are now served from /ghost/
- New logic to figure out if we're on the admin, or a theme and which theme we are on
- Activate theme method reregisters static access and uncaches views
- Re-ordered all of the middleware, and ensured we had a 404 handler at the end
- Activate theme method ensures that middleware maintains order
closes#172
- added type to ghost.settings()
- added /api/settings?type=<filter>
- added availableThemes to settingsCache
- removed cachedSettingsRequestHandler
- removed /api/themes (including front end)
- changed activePlugins to type "plugin" in default-settings.json
closes#748
- Removed the alpha software warning
- Better error message output for the whole app - can now specify an error, a context, and a help message
- Improved invalid node version, start and stop messaging
- Listens for Ctrl+C and exits nicely
- Minor improvements to handling and errors with old DBs (temporary)
Extracts all express-server-related code in index.js to core/server.js, leaving index.js purely for booting up Ghost's core components in a sensible order.
Aside from the project's tidiness, this means that we can perform asynchronous configuration loading/checks before requiring any modules that read the config.