Commit Graph

20106 Commits

Author SHA1 Message Date
Fabien O'Carroll
f289111f6d Extracted Actor resource ids into getters
Now that we have the URI object, we don't need to convert the Actor to JSONLD
to get its resource ids. Instead we can have shared getters that expose the ids
as a URI, that can be realized as/when they're needed with the base URL.

This makes the code a little cleaner and more performant.
2024-05-16 12:39:51 +07:00
Ghost CI
b7efe4ff8e Merged v5.82.10 into main 2024-05-16 02:19:02 +00:00
Ghost CI
f6f04792ea v5.82.10 2024-05-16 02:19:00 +00:00
Ronald Langeveld
ae18b31ebd 🐛 Fixed direct paid signups on Stripe beta (#20215)
ref ONC-35

- customer_update should only be defined where cutomer_id exists and
labs are enabled.
- added additional unit testing
2024-05-16 10:05:43 +08:00
Ronald Langeveld
010e8394aa
🐛 Fixed direct paid signups on Stripe beta (#20215)
ref ONC-35

- customer_update should only be defined where cutomer_id exists and
labs are enabled.
- added additional unit testing
2024-05-16 08:47:23 +08:00
Galdin Raphael
93eaee7e08
Added missing <html> opening tag to the maintenance page (#20203)
- this was previously missing
2024-05-15 09:10:37 +02:00
Laurent Goderre
d67fc8c353
Added jackspeak resolution to core to fix ESM + CJS compat issue (#20199)
refs #20197

- adds a jackspeak resolution to Ghost core so we can try and ensure the compatible version of jackspeak/string-width is used when the lockfile is regenerated
2024-05-15 08:47:04 +02:00
Fabien O'Carroll
ddd803e1da Fixed usernames in Following list
This is a temporary solution whilst we only support Ghost2Ghost
2024-05-15 13:23:17 +07:00
Fabien O'Carroll
df1774d8e9 Supported Ghost2Ghost Follow/Accept
ref https://linear.app/tryghost/issue/MOM-108

Apologies to my future self and maintainers if you come across this commit.

This is a bit of a mega commit because we need to cut corners somewhere and it
came down to commit atomicity or tests/code quality.

The main changes here are a bunch of tests, as well as some scaffolding for
Inbox handling of Activities and delivery of Activities. The structure is not
final at all - and we have logic split across services which isn't ideal - but
thsi will do for now as we play around and discover the structure through
building.
2024-05-15 12:41:34 +07:00
Fabien O'Carroll
ba1d36bcda Allowed underscore prefixed unused params
With TypeScript, when creating mock instances, it's preferable to maintain a
reference to the params, even if they're not used. This allows us to have
unused variables as long as they're prefixed with an underscore.
2024-05-15 12:41:34 +07:00
Fabien O'Carroll
efe160862f Added testing utilities for NestJS
The supertest lib is the officially recommended way of testing NestJS e2e
2024-05-15 12:41:34 +07:00
Fabien O'Carroll
3a56b79a8c Added service for delivering activities
ref https://linear.app/tryghost/issue/MOM-120

This will allow us to deliver Follow activities to other sites
2024-05-15 12:41:34 +07:00
Fabien O'Carroll
4d24bdbccb Added finger functionality to WebFingerService
ref https://linear.app/tryghost/issue/MOM-120

We need to do this to lookup the inbox which we need to send a Follow activity
2024-05-15 12:41:34 +07:00
Fabien O'Carroll
f31330a228 Improved HTTPSignature library
ref https://linear.app/tryghost/issue/MOM-73

We've made it easier to use by adding defaults for required header, as well as
adding support for signing POST requests.
2024-05-15 12:41:34 +07:00
Fabien O'Carroll
e98f505ae3 Added body parsing to the frontend
ref https://linear.app/tryghost/issue/MOM-73

We need to add body parsing middleware here, so that NestJS has access to it.
We also attach the rawBody which is used to validate the HTTP Signatures
2024-05-15 12:41:34 +07:00
Sodbileg Gansukh
60da243d0c
Updated signup and private page forms for consistency (#20208)
ref TRI-92
2024-05-15 04:47:02 +00:00
Kevin Ansfield
d2da9d3c17
Updated metadata shown on hover in internal link lists (#20204)
closes https://linear.app/tryghost/issue/MOM-80

- updated internal linking search results items
  - removed visibility text from meta data
  - added additional icon for paid/specific tier visibility
  - added titles to icons
- bumped `@tryghost/koenig-lexical` to include support for meta icon titles
- bumped other Koenig packages due to sub-dependency updates
2024-05-14 16:07:04 +00:00
Kevin Ansfield
21321c7012
Improved internal linking copy and added query highlighting (#20191)
no issue

- bumped @tryghost/koenig-lexical to latest version
2024-05-14 11:04:06 +01:00
Peter Zimon
770f657ae9
Improve messaging and error handling (#20078)
ref DES-228

This PR updates messaging and error handling in order to make Ghost calmer and friendlier. High level summary of the changes:

- Removed all onBlur validation in Settings -> now it’s possible to just click around without being warned to fill mandatory fields
- Removed  lot of technical errors like `ValidationError: Validation (isEmpty) failed for locale`
- Completely removed the red background toast notifications, it was aggressive and raw esp. on the top
- Removed some unnecessary notifications (e.g. when removing a webhook, the removal already communicates the result)
- Now we show field errors on submitting forms, and in case of an error we show a “Retry” button in Settings too. This allowed to remove a lot of unnecessary error messages, like the big error message on the top, plus it’s consistent with the patterns outside Settings.
- Notification style is white now with filled color icons which makes everything much calmer and more refined.
- Removes redundant copy (e.g. "successful(ly)") from notifications

---------

Co-authored-by: Sodbileg Gansukh <sodbileg.gansukh@gmail.com>
2024-05-14 09:31:19 +02:00
Steve Larson
842290cbef
Improved performance for filter strings with multiple neq statements (#20198)
ref https://linear.app/tryghost/issue/CFR-27
- updated packages to include performance improvement for NQL filter
strings including multiple neq filters for the same resource
- bumped `bookshelf-plugins`
- bumped NQL versions

We identified a performance fix that allows us to combine not equal
(neq) filters for the same resource in a logically-equivalent way that
also has far more performant resulting SQL.

We're effectively automatically combining strings like
'tag:-tag1+tag:-tag2` into 'tag:-[tag1,tag2]'.
2024-05-13 10:35:27 -05:00
Daniel Lockyer
e3fa095c80 Fixed misc JSDoc types
- nothing crazy, but cleans up a few editor warnings
2024-05-13 14:53:53 +02:00
Daniel Lockyer
a5e7eb2208 Renamed wrapper to ImplWrapper
- helps with debugging and understanding the code flow
2024-05-13 14:53:53 +02:00
Daniel Lockyer
8fa3acfd80 Fixed providing err to IncorrectUsageError
- it appears as though we only accept `err` when it's in the constructor
  of the IncorrectUsageError, so in its current form, it is ignored
- this commit performs a minor refactor to switch to constructing a new
  IncorrectUsageError and then throwing it
- detected by tsserver complaining about the `err` property not existing
  on the error
2024-05-13 14:53:53 +02:00
Sag
cb8213e7d3
Fixed validation when tierId is missing during Stripe checkout (#20195)
refs https://linear.app/tryghost/issue/SLO-90
refs
https://www.notion.so/ghost/Decoupling-Members-from-Stripe-13b644d4dccb43ea83f683473c690b82

- the members API didn't support passing a Stripe Price ID directly
during checkout since end of 2022. However, we did not update the param
validation accordingly
2024-05-13 14:47:39 +02:00
Ghost CI
b1c5a2985c v5.82.9 2024-05-13 07:01:15 +00:00
renovate[bot]
4edb6b6731 Update dependency i18next to v23.11.4 2024-05-10 10:07:11 +00:00
renovate[bot]
fc41947738 Update dependency semver to v7.6.2 2024-05-10 08:30:32 +02:00
Sam Lord
8c3e5ece01 Added option to disable fast import for data generator
Data generator uses CSV imports for a massive speed increase, but
can't be used in some environments where SQL admin isn't
available. This allows us to set a flag to use the original
insert-based importer.
2024-05-09 15:22:15 +01:00
Fabien 'egg' O'Carroll
56d984f05f
Used subscription currency for setup session (#19991)
ref https://linear.app/tryghost/issue/ENG-812
ref https://github.com/TryGhost/Ghost/commit/5b694761bc

We wanna use the currency of the subscription to avoid the edge-case where the 
subscription currency doesn't match the sites current tiers currency.
2024-05-09 13:03:11 +00:00
renovate[bot]
50a1ef1cd8 Update dependency mailgun.js to v10 2024-05-09 13:08:08 +02:00
renovate[bot]
72e136f3ff Update dependency ember-svg-jar to v2.4.9 2024-05-09 13:03:47 +02:00
renovate[bot]
545247af28 Update dependency ember-svg-jar to v2.4.8 2024-05-09 12:48:51 +02:00
renovate[bot]
e004db0636 Update dependency html-validate to v8.18.2 2024-05-09 10:42:38 +02:00
renovate[bot]
512c3e1413 Update CSS preprocessors 2024-05-09 10:36:59 +02:00
renovate[bot]
e13c2b1c23 Update dependency webpack to v5.91.0 2024-05-09 08:25:51 +00:00
renovate[bot]
4c1ecabfc7 Update sentry-javascript monorepo to v7.114.0 2024-05-09 10:16:37 +02:00
Ghost CI
88ad62558a Merged v5.82.8 into main 2024-05-08 19:30:39 +00:00
Ghost CI
f303432ba9 v5.82.8 2024-05-08 19:30:37 +00:00
Sag
5b694761bc 🐛 Fixed updating payment method when beta flag is on (#20171)
refs https://linear.app/tryghost/issue/ONC-20
refs https://linear.app/tryghost/issue/ENG-867

- when using dynamic payment methods in Stripe, we need to provide a
currency. Stripe uses that parameter to determine which payment methods
to render
- docs: https://docs.stripe.com/api/checkout/sessions/create
2024-05-08 20:59:10 +02:00
Sag
60ac3c735b
🐛 Fixed updating payment method when beta flag is on (#20171)
refs https://linear.app/tryghost/issue/ONC-20
refs https://linear.app/tryghost/issue/ENG-867

- when using dynamic payment methods in Stripe, we need to provide a
currency. Stripe uses that parameter to determine which payment methods
to render
- docs: https://docs.stripe.com/api/checkout/sessions/create
2024-05-08 20:56:17 +02:00
Daniel Lockyer
7e9d82655e Added extra validation for reset_password endpoint
fix https://linear.app/tryghost/issue/SLO-104/cannot-read-properties-of-undefined-reading-0-an-unexpected-error

- if the request body didn't contain the correct keys, it'd just HTTP
  500 out of there
- this adds some optional chaining so we end up with undefined if
  anything isn't as expected, and the following if-statement does the
  rest of the check for us
- this also adds a breaking test (the first E2E test for authentication, yay!)
2024-05-08 18:05:04 +02:00
Kevin Ansfield
b5af65a130
Added access and publish date display to internal link list on hover (#20168)
closes https://linear.app/tryghost/issue/MOM-80

- bumps @tryghost/koenig-lexical to add support for search result metadata in internal links as well as some improvements to the internal linking UI/UX
- updates search service to fetch and expose additional `visibility` and `published_at` fields for post/page resources
- updates `searchLinks` method passed to editor to decorate the search results with appropriate meta text and icon based on publish date, post visibility and member settings
2024-05-08 16:04:05 +00:00
Kevin Ansfield
2cd0eb62a7
Re-ordered Admin search results (#20166)
closes https://linear.app/tryghost/issue/MOM-106

- the search results can hide any matching authors/tags due to them appearing after matching posts which is typically a longer list that needs scrolling through
- changed the order to list matched authors and tags before posts, this matches the behaviour in our front-end search
2024-05-08 13:35:23 +00:00
Daniel Lockyer
76c6e92006
Handled invalid files when uploading DB zips (#20165)
fix
https://linear.app/tryghost/issue/SLO-103/invalid-comment-length-expected-7-found-0-an-unexpected-error-occurred

- similar to
e8e3447f15,
this captures a specific error from yauzl and throws a user-friendly
error
- perhaps in the future we can just look for yauzl errors and always
return user-friendly errors, but let's monitor that first
- also includes a breaking test
2024-05-08 14:59:34 +02:00
Daniel Lockyer
f276abf9e8 Condensed logic for determining whether to send Sentry events
refs https://docs.sentry.io/platforms/javascript/configuration/filtering/#using--1%20

- this simplifies our logic to determine whether we should send events
  by moving the code to `beforeSend`
- `errorHandler` is going away in Sentry v8 so this results in a shorter
  diff in the future
- the logic should be the same, always send non-Ghost errors, and only
  send HTTP 500 Ghost errors
2024-05-08 14:25:00 +02:00
Daniel Lockyer
77fc66340a Refactored Sentry beforeSend code
- this tidies up the implementation by removing the very verbose ternary
  operator, and also uses the optional chaining operator
2024-05-08 14:25:00 +02:00
Daniel Lockyer
c4ad593a5a Added JSDoc types to Sentry
- this helps editors with identifying what the types of parameters are
2024-05-08 14:25:00 +02:00
Daniel Lockyer
e8e3447f15 Fixed handling empty zip file uploads
fix https://linear.app/tryghost/issue/SLO-102/end-of-central-directory-record-signature-not-found-an-unexpected

- previously, uploading an empty zip would result in a HTTP 500 error
  because yauzl would error and we'd bubble that up as an
  InternalServerError
- now, we catch the specific error message and return a more user
  friendly error
- also includes tests and sample zip file
2024-05-08 11:19:47 +02:00
Daniel Lockyer
00f42855e3 Excluded docName key from API controller method map
- due to the structure of our API controllers, the docName and methods
  are under the same structure
- this code loops over the keys of the controller and forms the method
  map
- however, it currently also loops over every character of the docName,
  so the resulting map contains a weird structure of chars
- we don't need the docName for this, so we can just exclude it from the
  keys
- this doesn't change any functionality
2024-05-08 11:19:47 +02:00
Daniel Lockyer
d82b136a6a Handled uploads with invalid form bodies
fix https://linear.app/tryghost/issue/SLO-101/http-500-with-invalid-multipart-data

- previously, busboy would error out if we supplied a body that was
  invalid (such as an empty FormData)
- we would then return a HTTP 500 to the user, which causes all manner
  of problems
- now we catch errors from busboy and return a nice BadRequestError
2024-05-08 11:19:47 +02:00
Daniel Lockyer
ae88dc8548 Handled invalid timestamp format in filters
fix https://linear.app/tryghost/issue/SLO-85/fix-http-500-on-contentposts

- in the event we give the incorrect format in a filter, MySQL will
  throw an error and we'll throw a HTTP 500 error
- we can capture this error and return a more useful error to the user
- ideally we'd do this in a validation step before attempting the query,
  but parsing this out of NQL and detecting which columns are DATETIME
  could be quite tricky
2024-05-08 09:28:56 +02:00
Daniel Lockyer
82c612bad9 Rolled out API framework JSDoc typing to more places
- this updates a bunch of places where we're just using Object to cheat
  the system
- doing this means editor autocomplete and basic type checking is better
  because we now have proper types in place
- functionality should not change, these are just comments
2024-05-08 09:28:31 +02:00
renovate[bot]
1fea2fc616 Update dependency semver to v7.6.1 2024-05-08 09:04:44 +02:00
Ghost CI
7201006f05 Merged v5.82.7 into main 2024-05-07 18:13:36 +00:00
Ghost CI
000616ac02 v5.82.7 2024-05-07 18:13:34 +00:00
Djordje Vlaisavljevic
9fe0d13232 Fixed typo
ref https://linear.app/tryghost/issue/DES-338/subscription-details-section-on-mobile-spacing-issues
2024-05-07 20:00:11 +02:00
Kevin Ansfield
d831e687a5 Added initial implementation of internal linking for standard links (#20139)
ref https://linear.app/tryghost/issue/MOM-81

- bumps `@tryghost/koenig-lexical` to version with updated internal linking beta features
2024-05-07 19:59:46 +02:00
Kevin Ansfield
b24f976b34 Fixed empty groups in internal link searches (#20142)
closes https://linear.app/tryghost/issue/MOM-101

- we were mapping over the grouped search results which meant we still got a group even if it's options/items list was empty after filtering for published
2024-05-07 19:59:40 +02:00
Kevin Ansfield
0f482907e1 🐛 Fixed Admin search sometimes stalling on first query (#20143)
closes https://linear.app/tryghost/issue/MOM-103

- the `yield waitForProperty(...)` call that was supposed to return once the content refresh occurred never reached a valid state so the first search query (or any later query) where a content refresh occurred would never resolve causing search to look like it had stalled
- switched to waiting for the last running task to resolve instead which does the same as the previous code intended
- exported the `getPosts` request handler function so in mirage config so we can re-use it with different timing on a per-case basis
2024-05-07 19:59:33 +02:00
Djordje Vlaisavljevic
bae5ae43c9 Fixed typo
ref https://linear.app/tryghost/issue/DES-338/subscription-details-section-on-mobile-spacing-issues
2024-05-07 18:29:25 +01:00
Daniel Lockyer
2659e5aa40 Added handling for parsing errors with user-submitted HTML
fix https://linear.app/tryghost/issue/SLO-87/cannot-read-properties-of-undefined-reading-createimpl-an-unexpected
refs https://github.com/jsdom/jsdom/issues/3709

- in the event we are given some HTML to parse, and that fails, we
  currently return a HTTP 500 because it's unhandled
- the instance we saw was due to `<constructor>` crashing jsdom, we've
  opened an issue for that
- in terms of handling the error gracefully, we can surround the code
  in a try-catch and return a more suitable error. I've gone for a
  ValidationError for now - you could debate whether a different one is
  more appropriate
- also added Sentry error capturing so we're not blind to these,
  ultimately we should make sure the parser can handle all
  user-submitted data
2024-05-07 17:25:48 +02:00
Kevin Ansfield
40ee2043e0
Reduced Admin search re-indexes (#20154)
closes https://linear.app/tryghost/issue/MOM-97

The 30s search content expiry didn't really make sense and caused unnecessary delays and server load now that search will be more widely used within the editor.

- replaced concept of time-based expiry with explicit expiry
  - content still fetched on query if not already loaded or marked as stale
  - added `.expireContent()` method on search service to allow explicit expiry
- updated editor to pre-fetch search content when not already loaded or marked as stale
  - removes delay when first using internal linking search inside the editor
- updated post model to expire search content on save
  - expires on published post save or delete
  - expires on publish and unpublish
- updated tag model to expire content on create/save/delete
  - only expires when name or url is changed
- updated user model to expire on save/delete
  - only expires when name or url is changed
  - does not handle creation because that's done server-side via invites
2024-05-07 15:24:20 +01:00
Sanne de Vries
2b16a65720
Updated lock icon from hardcoded black to using currentColor (#20152)
REF MOM-80
2024-05-07 11:58:41 +00:00
Daniel Lockyer
dccb4ac84e Cleaned up unused controller method
- this isn't being used anywhere, so we can clean it up
2024-05-07 11:44:07 +02:00
Daniel Lockyer
1fd155d56a Fixed extra arguments being supplied to function calls
- identified by tsc, this shouldn't change any functionality because
  there were extra arguments being supplied and were unused
2024-05-07 11:44:07 +02:00
Daniel Lockyer
29cc3003c7 Fixed misc JSDoc types
- nothing crazy, just fixing minor typing issues that I've come across
2024-05-07 11:44:07 +02:00
Ronald Langeveld
4f3bfebfea
Revert "Added latest_event_timestamp to email table (#20118)" (#20149)
This reverts commit 3246a8d2c9.
2024-05-07 08:58:42 +00:00
Daniel Lockyer
c298db912c Added JSDoc types for API controllers
- this adds a simple set of types to the @tryghost/api-framework
  package that should describe all of the keys available on a
  controller, and then rolls it out to all API controllers
- unfortunately, due to https://github.com/microsoft/TypeScript/issues/47107, we have
  to split apart `module.exports` into a variable assignment in order for type-checking
  to be done
- the main benefit of this is that `frame` is now typed, and editors understand what keys
  are available, so intellisense works properly
2024-05-07 10:49:44 +02:00
Ronald Langeveld
3246a8d2c9
Added latest_event_timestamp to email table (#20118)
ref ENG-832

- Added migrations for `latest_event_timestamp` column in emails table.
- updated schema
- updated emails model
2024-05-07 16:12:51 +08:00
Daniel Lockyer
de435238f4 Fixed wrong status code type
- `statusCode` should be a number, but we were passing a string
- this doesn't really affect anything, but tsserver was flagging it up
  as the wrong type
2024-05-07 08:29:48 +02:00
Daniel Lockyer
b29c897da3 Fixed passing error to IncorrectUsageError
- we should pass it as `err` and not `error`
- this probably slipped in because the catch parameter is called
  `error`, so I've updated that and fixed the references
2024-05-07 08:29:48 +02:00
Daniel Lockyer
efc59dd315 Fixed extra parameter to function
- `serializeTier` only takes 2 parameters
- flagged by tsserver
2024-05-07 08:29:48 +02:00
Daniel Lockyer
f72d7b77ac Fixed miscellaneous jsdoc comments
- this helps tsserver figure out what the type of things is around our
  codebase
- nothing crazy, mostly Express types for the middleware, application and router levels
2024-05-07 08:29:48 +02:00
Kevin Ansfield
27e771b3a8
🐛 Fixed Admin search sometimes stalling on first query (#20143)
closes https://linear.app/tryghost/issue/MOM-103

- the `yield waitForProperty(...)` call that was supposed to return once the content refresh occurred never reached a valid state so the first search query (or any later query) where a content refresh occurred would never resolve causing search to look like it had stalled
- switched to waiting for the last running task to resolve instead which does the same as the previous code intended
- exported the `getPosts` request handler function so in mirage config so we can re-use it with different timing on a per-case basis
2024-05-06 21:04:13 +00:00
Kevin Ansfield
7f3731e9d1
Fixed empty groups in internal link searches (#20142)
closes https://linear.app/tryghost/issue/MOM-101

- we were mapping over the grouped search results which meant we still got a group even if it's options/items list was empty after filtering for published
2024-05-06 15:55:16 +00:00
Daniel Lockyer
265a8dd16f Added function names to more middleware
refs 319f251ad2

- this helps debugging because all middleware in the stack will have a
  function name, so it'll show up instead of `<anonymous>`
2024-05-06 17:51:39 +02:00
Kevin Ansfield
2aad4ca06f
Added initial implementation of internal linking for standard links (#20139)
ref https://linear.app/tryghost/issue/MOM-81

- bumps `@tryghost/koenig-lexical` to version with updated internal linking beta features
2024-05-06 15:12:11 +00:00
Daniel Lockyer
a50bb8d79e Added missing error messages for members uploader
fix https://linear.app/tryghost/issue/SLO-97/missing-messages-for-members-file-upload

- these were missing, so if the members importer wasn't given a file, it
  would crash with an HTTP 500 error
- also added a test to ensure we get a 422 back
2024-05-06 15:17:25 +02:00
Daniel Lockyer
5a8145139a Fixed handling cutoff boundary data in image + media upload
fix https://linear.app/tryghost/issue/SLO-95/unexpected-end-of-multipart-data-for-broken-image-upload-request

- in the event the client sends an invalid body to the image or media
  upload endpoints, Dicer will throw an error if the boundary data is
  malformed
- previously, we've just been bubbling that up as an InternalServerError
  and that results in an HTTP 500
- we can capture errors produced by dicer and return a handled
  BadRequestError, as it's the client's fault
- also includes breaking tests
2024-05-06 13:41:25 +02:00
Daniel Lockyer
3e79712466 Fixed handling malformed image + media upload requests
fix https://linear.app/tryghost/issue/SLO-94/unexpected-field-when-given-broken-image-upload-request

- in the event the body of an image or media upload request is malformed
  (broken metadata / blob or something), we get a MulterError and this
  bubbles up as an InternalServerError and spits out a HTTP 500
- we can capture this and return a BadRequestError, as it's the client's
  fault for not providing the correct body
- this implements that and adds breaking tests
2024-05-06 13:24:26 +02:00
Daniel Lockyer
4c35e00721 Fixed handling of invalid Accept-Version header
fix https://linear.app/tryghost/issue/SLO-96/invalid-version-must-be-a-string-got-type-object-an-unexpected-error

- in the event that a non-semver Accept-Version header is given, the
  current code will throw an error because the semver lib can't compare null
  against a valid version
- the error in question is `Must be a string. Got type "object"`
- to fix this, we can just detect a null and early return with a
  BadRequestError
- also adds a breaking test
2024-05-06 12:01:08 +02:00
Daniel Lockyer
319f251ad2 Added function names to mw-error-handler middleware
- this helps with debugging because all the middleware will now have
  function names, so it'll show up as something labeled vs `<anonymous>`
2024-05-06 12:01:08 +02:00
Daniel Lockyer
dd214aa67c Refactored @tryghost/mw-error-handler to assert
- removes should as our preferred assertion lib is `assert`
- removes empty test utils, these won't be needed
2024-05-06 12:01:08 +02:00
renovate[bot]
88957ca1f4 Update dependency @types/nodemailer to v6.4.15 2024-05-06 11:55:52 +02:00
Fabien O'Carroll
e6552ddb63 Added ability for Actor to sign requests
ref https://linear.app/tryghost/issue/MOM-74

This will allow us to generated signed requests for Activites.
2024-05-06 14:21:16 +07:00
Fabien O'Carroll
deb6e05889 Added HTTPSignature service
ref https://linear.app/tryghost/issue/MOM-72

This module handles signing and validating HTTP signatures, which is a core
part of interfacing with ActivityPub enabled servers.
2024-05-06 14:21:16 +07:00
Ghost CI
f34c33f330 v5.82.6 2024-05-03 16:04:14 +00:00
Chris Raible
d8b629c713
Added an optional timeout parameter to AdapterCacheRedis (#20131)
ref
https://linear.app/tryghost/issue/ENG-902/add-an-optional-timeout-in-the-redis-cache-adapter-in-case-redis

- Added an optional timeout parameter to AdapterCacheRedis, so that the
`get(key)` method will return `null` after the timeout if it hasn't
received a response from Redis
- When load testing the `LinkRedirectRepository` with the Redis cache
enabled on staging, we noticed that for some reason Redis stopped
responding to commands for ~30 seconds.
- The `LinkRedirectRepository` was waiting for the Redis cache to
respond and resulted in a drastic increase in response times for link
redirects
- This change will allow us to set a timeout on the `get(key)` method,
so that if Redis doesn't respond within the timeout, the method will
return `null` as if it were a cache miss.
- Then the `LinkRedirectRepository` will fall back to the database and
return the link redirect from the database instead of waiting
indefinitely for Redis to respond
2024-05-02 20:39:23 -07:00
Chris Raible
b9f7ea65e9
Revert "Added new member signup flow behind labs flag (#19986)" (#20130)
ref https://linear.app/tryghost/issue/KTLO-1/members-spam-signups

This reverts commit 01d0b2b304.

- Removed the new member signup flow because it didn't solve the
problems with spam signups
2024-05-02 13:02:32 -07:00
Kevin Ansfield
0fbea2d503
Revert "Added initial implementation of internal linking for standard links (#20126)" (#20128)
This reverts commit 41111893b4.

- reverting for further polish before it ends up in next release
2024-05-02 18:50:29 +00:00
Kevin Ansfield
41111893b4
Added initial implementation of internal linking for standard links (#20126)
ref https://linear.app/tryghost/issue/MOM-81

- bumps `@tryghost/koenig-lexical` to version with updated internal linking beta features
2024-05-02 17:28:19 +00:00
Daniel Lockyer
7950122ffe Protected against deleting non-existent image during upload
fix https://linear.app/tryghost/issue/SLO-93/undefined-path-error-with-bad-image-upload

- in the event we receive a request to upload an image, that doesn't
  contain an image, we still try and unlink the files
- this is a dangling promise, so it doesn't cause an explicit HTTP
  error, but it does show up as a console error
- fixed it by checking for the path, and early returning if it doesn't
  exist
- also added a test that would fail without this
2024-05-02 17:29:03 +02:00
Sag
e996213122
Moved POST /members/api/member behind alpha flag (#20124)
ref https://linear.app/tryghost/issue/SLO-78

- the `POST /members/api/member` endpoint is solely used by the alpha
feature `membersSpamPrevention` and should not be available otherwise
2024-05-02 16:34:32 +02:00
Daniel Lockyer
cc76fda3e8 Enabled includeLocalVariables option in Sentry
ref https://linear.app/tryghost/issue/SLO-92/enable-extra-sentry-integrations
refs https://docs.sentry.io/platforms/javascript/guides/node/configuration/options/#include-local-variables

- this will capture the local stack variables when producing a stack
  trace, which would be super useful when debugging
2024-05-02 13:52:40 +02:00
Daniel Lockyer
5b28dc9246 Enabled Sentry's ExtraErrorData integration
refs https://docs.sentry.io/platforms/javascript/guides/node/configuration/integrations/extraerrordata/
ref https://linear.app/tryghost/issue/SLO-92/enable-extra-sentry-integrations

- this enables the ExtraErrorData integration, which should help us
  capture more of the properties of the errors we're producing, which
  _may_ help with debugging
2024-05-02 13:52:40 +02:00
Daniel Lockyer
6c7b230efe Fixed handling requests with mismatching version and missing key
fix https://linear.app/tryghost/issue/SLO-88/typeerror-cannot-read-properties-of-null-reading-relations

- in the event that we make it through the version mismatch code, but
  without a key, which is possible if you send a request like POST
  /ghost/api/v2/content/posts/`, then the version mismatch code will try
  and look up the API key attached to a null key, which won't work
- we should handle this case and soft return, to avoid trying to read
  `.relations` from `null`
- I'm not entirely convinced by how this code works in general, it seems
  quite confusing to reason about, but this commit should solve the HTTP
  500 we've been seeing from this
- perhaps in the future we can return earlier in the flow if we receive
  a `null` key
2024-05-02 13:03:26 +02:00
renovate[bot]
ec626bd0cf Update react monorepo to v18.3.1 2024-05-02 11:46:13 +02:00
Chris Raible
d50a766aa3
Bumped koenig-lexical (#20116)
ref
https://linear.app/tryghost/issue/PA-53/add-posthog-tracking-to-trackevent-in-admin-x-settings-and-lexical

- Added `posthog.capture` to koenig-lexical's existing `trackEvent`
function to start sending events from the editor to PostHog
2024-05-01 22:39:28 -07:00
renovate[bot]
a33dccf8cd Update TryGhost packages 2024-05-01 17:01:41 +02:00
Daniel Lockyer
3f7a7fff44 Fixed HTTP 500 when adding unknown products to member
fix https://linear.app/tryghost/issue/SLO-89/cannot-read-properties-of-null-reading-get-an-unexpected-error

- if we pass an invalid ID when updating the products on a member, we
  throw a HTTP 500 error because `product` is `null`
- we can check for this and return a BadRequestError, because the user
  supplied an incorrect ID
2024-05-01 16:54:35 +02:00
Ghost CI
6b32548e5c Merged v5.82.5 into main 2024-05-01 13:22:28 +00:00
Ghost CI
a4c478958b v5.82.5 2024-05-01 13:22:26 +00:00
Ronald Langeveld
a738f5aacb Added customer_update param to StripeAPI (#20105)
ref https://linear.app/tryghost/issue/ENG-881/stripe-tax-checkout-instantiation-fails-for-free-members-when-choosing

- For existing customers to be able to upgrade their account with automatic tax enabled, we need to pass in `customer_update[address]:auto` as per Stripe documentation.
- Automatic tax calculation in Checkout requires a valid address on the Customer. Add a valid address to the Customer or set either 'customer_update[address]' to 'auto' or 'customer_update[shipping]' to 'auto' to save the address entered in Checkout to the Customer.
- We update the existing customer details by passing in address `auto` when they upgrade their accounts.
- Stripe captures the billing address information by default when new accounts are created and then that is used to calculate the tax rate.
2024-05-01 21:07:40 +08:00
renovate[bot]
746df63307
Update dependency gscan to v4.43.1 (#20109)
ref https://linear.app/tryghost/issue/ENG-842/gluster-file-name-length-limit

- gscan v4.43.1 contains a bug fix to throw an large filenames
2024-05-01 11:26:21 +00:00
Daniel Lockyer
31bdef94cd Handled invalid filters in members event repository
fix https://linear.app/tryghost/issue/SLO-82/query-error-unexpected-character-in-filter-at-char-1

- previously, we weren't handling a parsing error, and just bubbling it
  back up the chain
- this would result in an InternalServerError somewhere, which caused
  500s
- we can handle this, because it's just a bad filter
- this adds handling so we return a 422 upon receiving an invalid filter
2024-05-01 11:58:09 +02:00
Daniel Lockyer
ddac3a9e8b Removed Sentry error capturing for failed URL decoding
fix https://linear.app/tryghost/issue/SLO-79/incorrectusageerror-the-url-httpsblogkongregatecompercentc0-couldnt-be

- we added this Sentry captureException whilst fixing a bug where
  decodeUrl could fail, and throw a 500 exception
- we added handling for that case and returned an empty string, but we
  also added Sentry error capturing
- at this point, I don't think we need to be capturing errors in Sentry,
  because the issue is already handled, and it only usually happens with
  malicious/incorrect URLs
- this is our #2 cause of Sentry alerts, so it's good to clean it up
2024-05-01 10:15:13 +02:00
Ronald Langeveld
8483d96f08
Added customer_update param to StripeAPI (#20105)
ref https://linear.app/tryghost/issue/ENG-881/stripe-tax-checkout-instantiation-fails-for-free-members-when-choosing

- For existing customers to be able to upgrade their account with automatic tax enabled, we need to pass in `customer_update[address]:auto` as per Stripe documentation.
- Automatic tax calculation in Checkout requires a valid address on the Customer. Add a valid address to the Customer or set either 'customer_update[address]' to 'auto' or 'customer_update[shipping]' to 'auto' to save the address entered in Checkout to the Customer.
- We update the existing customer details by passing in address `auto` when they upgrade their accounts.
- Stripe captures the billing address information by default when new accounts are created and then that is used to calculate the tax rate.
2024-05-01 15:35:25 +08:00
renovate[bot]
60a3b5a913 Update TryGhost packages 2024-05-01 08:49:04 +02:00
renovate[bot]
8f839b34b1 Update Types packages 2024-04-30 22:00:55 +02:00
renovate[bot]
5dbaee8d43 Update dependency tough-cookie to v4.1.4 2024-04-30 19:56:24 +00:00
Daniel Lockyer
7109743282 Fixed overly verbose DatabaseInfo require
- we don't need to deep require into the library as it exports what we
  need on the surface
- this should unblock https://github.com/TryGhost/Ghost/pull/19002, as
  it's randomly failing with this require
2024-04-30 21:39:56 +02:00
renovate[bot]
393007bcd6 Update react monorepo to v18.3.0 2024-04-30 21:26:31 +02:00
Michael Barrett
4cd85ab8b7
Added timeout when resizing an image (#20087)
refs
[ENG-827](https://linear.app/tryghost/issue/ENG-827/🐛-crash-on-resizing-animated-gif)

Added a timeout to the image resizing middleware to prevent crashes when
an image is taking too long to resize. When the timeout is reached and
the image has not been resized, the middleware will return the original
image
2024-04-30 08:39:30 +01:00
Kevin Ansfield
3d6fae3ea7
Fixed intermittent click issues with internal links dropdown (#20101)
closes https://linear.app/tryghost/issue/MOM-60

- when the dropdown opens near the end of the document, clicking the links sometimes did nothing and showed an error in the console
- we have a mousedown event handler on an element that surrounds the main editing element that re-focuses the editor when clicked in order to make the "focus editor" click target larger and more natural-feeling but it was inadvertently re-focusing when the mousedown event fired for an element in the dropdown list when the list was positioned outside of the main editor element. This lead to timing issues with the bookmark node being removed on blur because it was empty followed by an error from the node's component's async event handlers which were trying to set values on the now-removed node
- by switching from `event.target.closest()` to looping over `event.composedPath()` when checking to see if we should skip re-focusing we're more resilient to DOM manipulations occurring between event triggers and function calls because we'll always be given the list of elements that existed at the time the event fired
2024-04-29 17:58:33 +01:00
renovate[bot]
756be38d59 Update dependency terser to v5.31.0 2024-04-29 15:20:31 +00:00
Sérgio Spagnuolo
4f5d375828
🎨 update i18n for better fit (pt-br) (#20045)
reduce word size to fit properly within button without making style
changes (_economize_ and _poupe_ have the exact same meaning)

Co-authored-by: Ryan Feigenbaum <48868107+royalfig@users.noreply.github.com>
2024-04-29 09:20:07 -04:00
Sodbileg Gansukh
70ca7baf5a
Improved sign in form error typography (#20098)
ref DES-170
2024-04-29 10:29:07 +00:00
Sodbileg Gansukh
2eb6f86a22
Updated sign in form to make it consistent with the new signup design (#20086)
ref TRI-90
2024-04-29 16:55:32 +08:00
renovate[bot]
9056b9138c Update dependency i18next to v23.11.3 2024-04-29 08:40:51 +00:00
Ronald Langeveld
b2970cb4e0
Added integrity test for flags (#20094)
ref
https://ghost.slack.com/archives/C02G9E68C/p1714047709694639?thread_ts=1713956576.497899&cid=C02G9E68C
    
    - Ensures unique feature flags, avoiding configuration conflicts.
    - Enhances code reliability and simplifies feature tracking.
    - Prevents bad rebases was the reason for the initial duplication.
2024-04-29 02:39:15 +00:00
renovate[bot]
305029bc38 Update dependency ws to v8.17.0 2024-04-29 01:23:51 +00:00
renovate[bot]
f18f08928f Update dependency yjs to v13.6.15 2024-04-29 01:22:59 +00:00
Ghost CI
cf9ba60524 v5.82.4 2024-04-26 16:04:30 +00:00
Chris Raible
dcd65bfa4f
Added caching to the LinkRedirectRepository (#20036)
ref
https://linear.app/tryghost/issue/ENG-851/implement-a-minimal-but-complete-version-of-redirect-caching-to
ref https://app.incident.io/ghost/incidents/55

Often immediately after sending an email, sites receive a large volume
of requests to LinkRedirect endpoints from members clicking on the links in
the email.

We currently don't cache any of these requests in our CDN, because we
also record click events, update the member's `last_seen_at` timestamp,
and send webhooks in response to these clicks, so Ghost needs to handle
each of these requests itself. This means that each of these LinkRedirect requests
hits Ghost, and currently all these requests hit the database to lookup
where to redirect the member to.

Each one of these requests can make up to 11 database queries, which can
quickly exhaust Ghost's database connection pool. Even though the
LinkRedirect lookup query is fairly cheap and quick, these queries aren't
prioritized over the "record" queries Ghost needs to handle, so they can
get stuck behind other queries in the queue and eventually timeout.

The result is that members are unable to actually reach the destination
of the link they clicked on, instead receiving a 500 error in Ghost, or
it can take a long time (60s+) for the redirect to happen.

This PR uses our existing `adapterManager` to cache the redirect lookups
either in-memory or in Redis (if configured — by default there is no caching). This only removes 1 out of
11 queries per redirect request, so it won't reduce the load on the DB
drastically, but it at least decouples the serving of the LinkRedirect from
the DB so the member can be redirected even if the DB is under heavy
load.

Local load testing results have shown a decrease in response times from
60 seconds to ~50ms for the redirect requests when handling 500 requests
per second, and reduced the 500 error rate to 0.
2024-04-25 19:17:25 -07:00
Daniel Lockyer
892b9ab397 Moved internalLinking and stripeAutomaticTax flags to private beta
refs https://ghost.slack.com/archives/C02G9E68C/p1714051665654659?thread_ts=1713970812.191919&cid=C02G9E68C

- this enables us to enable the flags on sites without the need to
  enable developer experiments
- added `(private beta)` to the end of the relevant UI flags, because
  they're still in alpha in the UI despite being in beta in backend
2024-04-25 16:37:55 +02:00
Ronald Langeveld
601d05de0d
Removed duplicated ActivityPub labs key (#20089)
no issue

- rebased from main without seeing there's an existing flag.
- this removes the duplicated flag
2024-04-25 14:15:47 +00:00
Steve Larson
a0b7476794
Updated staff deletion logic (#20069)
ref https://linear.app/tryghost/issue/ENG-826

- Changed staff deletion logic to do a bulk insert when adding a tag to
the users' associated posts

Staff deletion logic has really poor performance at scale because we do
individual updates for every post. If a user has dozens+ posts
(especially in a large db with thousands of posts), this can take >60s
and look like a timeout. Ultimately this should probably be a jobbed off
process, but for the time being we can improve this by doing a bulk
insert.

Note that this update uses the pattern for the bulk tagging of posts
from the right click (bulk) actions in the posts lists in Admin. With
bulk actions, **we do not trigger web hooks or the post.edited events**.
We will document this and follow up on this separately.
2024-04-25 08:19:11 -05:00
Djordje Vlaisavljevic
7a3bbfde10
Added ActivityPub playground (#20081)
ref MOM61

- Adds admin-x react app we’ll use as ActivityPub playground to the
sidebar nav behind the feature flag.
- Wired up routing to Ember
- Setup the project as `admin-x-activitypub`

---------

Co-authored-by: Ronald Langeveld <hi@ronaldlangeveld.com>
2024-04-25 16:44:29 +08:00
Fabien O'Carroll
af02ca7044 Initial wire up of Posts -> Outbox flow
ref https://linear.app/tryghost/issue/MOM-29

This is very rough, and all still behind a flag. The idea is that any public
post which is published gets added to the Outbox of the site Actor. We also
dispatch an event, which will be used to deliver the Activity to any relevant
inboxes, but that is outside the scope of this commit.
2024-04-25 11:10:17 +07:00
Fabien O'Carroll
e01c9cb546 Moved frontend controllers into dedicated directory
no-issue

These should never have been in the admin directory!
2024-04-25 11:10:17 +07:00
Fabien O'Carroll
299f7c408e Added very basic Outbox for Actors
ref https://linear.app/tryghost/issue/MOM-28
ref https://linear.app/tryghost/issue/MOM-29
ref https://linear.app/tryghost/issue/MOM-30

Basic wire up of Create Activities, Articles for Posts & Actor's Outbox!
I'd definitely like to rethink the whole storage layer and how we split things
out - I think separating the Outbox from the Actor would make sense, otherwise
the size of thsi is gonna grow, or we're gonna have to deal with sub-pagination.
2024-04-25 11:10:17 +07:00
Fabien O'Carroll
d592b1e9c9 Expanded ActivityPub type definitions
ref https://linear.app/tryghost/issue/MOM-25

All these intersection types are getting a bit out of hand - but we can clean
up all of this once we're past prototyping phase.
2024-04-25 11:10:17 +07:00
renovate[bot]
25657b6a99 Update sentry-javascript monorepo to v7.112.1 2024-04-23 16:39:50 +02:00
renovate[bot]
627e8b66bb
Fixed BookmarkNode not auto selecting in Editor
refs 8166363359

- updated dependency @tryghost/koenig-lexical to v1.1.6
2024-04-23 14:36:00 +00:00
renovate[bot]
3960e8caa1 Update sentry-javascript monorepo to v7.112.0 2024-04-23 14:11:30 +02:00
Daniel Lockyer
fda8aa5bfe Removed Sentry logging from XMLRPC service
refs https://ghost-foundation.sentry.io/issues/5135326925/

- the service tends to 503 all the time, and we don't really care enough
  for it to ping us in Sentry, as it's not something we control
- we can still keep logging the errors in case we need to go and look at
  what went wrong
2024-04-23 12:48:33 +02:00
Fabien O'Carroll
2deee35673 Used more specific Content-Type for ActivityPub
no-issue
2024-04-23 11:53:27 +07:00
Fabien O'Carroll
da2ba37f63 Made the default ID a little more fun
no-issue

A bunch of zeroes is boring :(
2024-04-23 11:53:27 +07:00
Fabien O'Carroll
dfeb965878 Added extra properties to Actors JSON-LD
ref https://linear.app/tryghost/issue/MOM-25
ref https://docs.joinmastodon.org/spec/activitypub/#properties-used-1

This adds a bunch of extra properties, most of which are placeholders. They're
all taken from the mastodon docs for properties used on ActivityPub Actors
2024-04-23 11:53:27 +07:00
Chris Raible
d8672cb1ff
Fixed length of from field in the RedirectsImporter (#20034)
no issue

- The `RedirectsImporter` used by the data generator was creating
redirects with the wrong length for the `from` field, which didn't match
the actual behavior of Ghost.
- This commit corrects the length from 32 to 8, which is the actual
length of the `from` field in production.
- This change has no impact on Ghost's behavior, but makes the data
generator more representative of real world data for more accurate
testing.
2024-04-22 18:11:14 -07:00
Sanne de Vries
a2bbe6b3c3
Updated 'Users' to 'Staff' in search dropdown component (#20064)
No ref

- This copy change allows us to use consistent copy in both the general
search as well as the internal linking search component in the editor.
2024-04-22 14:49:43 +00:00
Daniël van der Winden
3771b2fca4
Fixed email footer text styling inconsistencies (#20063)
fixes
https://linear.app/tryghost/issue/DES-260/footer-link-text-smaller-than-regular-text

There was a bit of CSS in a media query aimed at other parts of the
newsletter template that was causing the footer styling to break. I
added some more specific styling for the footer as well, to make sure
span's within the `<p>` element are covered as well.
2024-04-22 15:43:19 +02:00
renovate[bot]
33c5ce057c Update dependency terser to v5.30.4 2024-04-22 12:42:44 +00:00
renovate[bot]
d69a0aa1e6 Update dependency knex-migrator to v5.2.1 2024-04-22 12:29:48 +02:00
Kevin Ansfield
8dac340492
Updated editor link search to group results (#20058)
closes https://linear.app/tryghost/issue/MOM-49

- bumped koenig-lexical so the bookmark card has group support for testing
- updated `searchLinks` function passed to Koenig to match expected grouped results shape
2024-04-22 05:35:18 +00:00
Fabien O'Carroll
99bfa30f81 Added Content-Type Header to actor & outbox endpoints
ref https://linear.app/tryghost/issue/MOM-25

This is the correct Content-Type and whilst not required, better in than out
2024-04-22 11:18:03 +07:00
Fabien O'Carroll
8542766094 Updated Actor key id to use Actor URL with fragment
ref https://linear.app/tryghost/issue/MOM-25

This matches the way that mastodon handles the key url and may be the reason
these documents are incompatible. This also removes the `username` key as that
isn't used anywhere, instead we have a username property which is rendered as
the ActivityPub compat preferredUsername key.
2024-04-22 11:18:03 +07:00
renovate[bot]
e4ffc7b8c0 Update dependency mysql2 to v3.9.7 2024-04-22 01:37:24 +00:00
renovate[bot]
69372d9018 Update dependency @sentry/profiling-node to v7.111.0 2024-04-19 16:56:32 +00:00
renovate[bot]
7fea4151d8 Update dependency @sentry/profiling-node to v7 2024-04-19 18:43:59 +02:00