Commit Graph

93 Commits

Author SHA1 Message Date
Kevin Ansfield
bd93bf0dea Optimised email stats aggregation query for typical column usage
ref https://linear.app/tryghost/issue/ENG-790/remove-use-of-sub-queries-in-email-analytics

- the `delivered_at` column is typically entirely/nearly entirely filled with values meaning the `IS NOT NULL` query matches a huge number of rows that MySQL has to fetch from the index to count
- using `IS NULL` switches that behaviour around as it will now match very few rows which has been shown in testing to be considerably quicker
- after switching to `IS NULL` the query returns an "undelivered" count rather than a "delivered" count, in order to keep the rest of the system behaviour the same we can calculate the delivered count by subtracting the query result from the total number of emails sent which we can fetch using a very fast primary key lookup query on the `emails` table
2024-04-03 16:27:23 +01:00
Fabien 'egg' O'Carroll
7cc65c18cc
Added missing permissions to Contributor & Editor (#19881)
ref ENG-728
ref https://linear.app/tryghost/issue/ENG-728

This is NOT a functionality change. The Post#permissible method unit
tests have been updated to pass `true` as `hasUserPermission` and we can
see that the permission functionality remains the same.

The permissible method of the post model is responsible for removing
permission based on the data that is being modified, but the permissions
module is setup to allow the permissible method to grant permission -
this means that we call permissible, even if the current actor doesn't
have permission, this results in code that is hard to understand and
manage.

We are going to be instead returning early if an actor does not have
permission, this will allow permissible method signatures to be greatly
simplified (removing the need for hasUserPermission, hasApiKeyPermission
& hasMemberPermission arguments).
2024-03-20 20:36:07 +07:00
Kevin Ansfield
b704530d74
🐛 Fixed unexpected conversion of single-quoted attributes in HTML cards (#19727)
closes ENG-627

We were using `cheerio` to parse+modify+serialize our rendered HTML to modify links for member attribution. Cheerio's serializer has a [long-standing issue](https://github.com/cheeriojs/cheerio/issues/720) (that we've [had to deal with before](https://github.com/TryGhost/SDK/issues/124)) where it replaces single-quote attributes with double-quote attributes. That was resulting in broken rendering when content used single-quotes such as in HTML cards that have JSON data inside a `data-` attribute or otherwise used single-quotes to avoid escaping double-quotes in an attribute value.

- swapped the implementation that uses `cheerio` for one that uses `html5parser` to tokenize the html string, from there we can loop over the tokens and replace the href attribute values in the original string without touching any other part of the content. Avoids a full parse+serialize process which is both more costly and can result unexpected content changes due to serializer opinions.
  - fixes the quote change bug
  - uses tokenization directly to avoid cost of building a full AST
- updated Content API Posts snapshot
  - one of our fixtures has a missing closing tag which we're no longer "fixing" with a full parse+serialize step in the link replacer (keeps modified src closer to original and better matches behaviour elsewhere in the app / without member-attribution applied)
  - the link replacer no longer converts `attr=""` to `attr` (these are equivalent in the HTML spec so no change in behaviour other than preserving the original source html)
- added a benchmark test file comparing the two implementations because the link replacer runs on render so it's used in a hot path
  - new implementation has a 3x performance improvement
  - the separate files with the old/new implementations have been cleaned up but I've left the benchmark test file in place for future reference

Benchmark results comparing implementations:

```
❯ node test/benchmark.js

LinkReplacer
├─ cheerio: 5.03K /s ±2.20%
├─ html5parser: 16.5K /s ±0.43%

Completed benchmark in 0.9976526670455933s
┌─────────────┬─────────┬────────────┬─────────┬───────┐
│   (index)   │ percent │ iterations │ current │  max  │
├─────────────┼─────────┼────────────┼─────────┼───────┤
│   cheerio   │   ''    │ '5.03K/s'  │  5037   │ 5037  │
│ html5parser │   ''    │ '16.5K/s'  │  16534  │ 16534 │
└─────────────┴─────────┴────────────┴─────────┴───────┘
```
2024-03-06 09:11:49 +00:00
Chris Raible
c90e033fcf
Added an email rendering test for all Koenig cards (#19059)
refs TryGhost/Product#4125

This PR adds two new integration tests to ensure all our Koenig cards
are rendered properly after going through the EmailRenderer. Although we
have thorough tests for the cards themselves in the Koenig repo, the
EmailRenderer does post-processing on the rendered HTML, such as
inlining CSS, which can adversely impact the rendered output of our
cards in email clients (usually Outlook).

Since email newsletters are a core feature of Ghost, these bugs are
typically fairly urgent, and since it is email, they are also quite
difficult to troubleshoot and fix. These two tests are intended to
prevent bugs of this sort, which in the past have been created by
seemingly harmless changes like bumping dependencies that are used in
the EmailRenderer.

The idea is to create a 'Golden Post' which has at least 1 of every card
from Koenig, run that post through the EmailRenderer, and take a
snapshot of the rendered HTML. In the future, if we make any changes to
the EmailRenderer or the Koenig cards themselves, this will trigger us
to carefully consider the changes, and it provides an 'expected' output
to compare our changes against.

Additionally, the second test simply checks that all cards from
`kg-default-nodes` are included in the 'Golden Post'. This protects
against any new cards that we will add in the future — as soon as we add
them to Koenig and bump `kg-default-nodes` in Ghost, this test will
fail, prompting us to add the new card to the Golden Post and update the
snapshots.

We should also run the 'Golden Post' through a test in Litmus, which
allows us to visually inspect the rendered email across many different
email clients. Ideally we would create a process to review the output of
the 'Golden Post' in Litmus whenever we update the snapshot as well.
2023-12-12 16:05:04 -08:00
Simon Backx
3f6ea04c43
Added portal default plan setting (#19238)
fixes PROD-61

This adds a new default plan setting. It defaults to yearly, which is
the current default selected interval in Portal.

Behind the new portal improvements feature flag, the default plan can be
changed. It will also change automatically if the available intervals
are changed.

This PR also wires up passing the new setting to the Portal preview.
2023-12-06 11:39:58 +01:00
Simon Backx
d5492bd63c
Revert "Removed usage of unquoted ids in filter strings" (#19052)
Reverts TryGhost/Ghost#19031

Browser tests are failing with an unknown cause
2023-11-20 13:50:07 +00:00
Simon Backx
320eaac4c4
Removed usage of unquoted ids in filter strings (#19031)
fixes GRO-34
fixes GRO-33

This also adds a new way to run all tests with enforced numeric ObjectIDs.
These numeric ids cause issues if they are used withing NQL filters. So they
surface tiny bugs in our codebase.

You can run tests using this option via:
NUMERIC_IDS=1 yarn test:e2e

Also removed some defensive logic that could be explained by unquoted ids.
2023-11-20 14:00:31 +01:00
Sag
6db7cc8156
Removed email from Mailgun's suppression list on unsubscribe (#18922)
closes https://github.com/TryGhost/Product/issues/4075

- when a member clicks on "Unsubscribe from that list" from Apple Mail,
the member's email is put into Mailgun's Unsubscribe suppression list.
Ghost listens for "Unsubscribe" events from Mailgun, and unsubscribes
the member from all the newsletters
- now, the member is only unsubscribed from the newsletter they
unsubscribe to (not all of them)
- now, the email is also deleted from Mailgun's suppression list, so
that it doesn't affect any other membership
2023-11-13 16:56:37 -03:00
Chris Raible
5a5a756415
Updated theme fixtures for casper and source (#18677)
no issue

- Casper and Source theme files were out of date — this commit updates the theme fixtures, and fixes up a few tests to pass with the updated themes
2023-10-18 14:51:35 -07:00
Chris Raible
80a6fe17d0 Added Source as the new default theme
refs TryGhost/Product#3510

- Added `TryGhost/Source` as a submodule in `ghost/core/content/themes` so `Source` will ship with Ghost (along with Casper)
- With this change, new installs will use `Source` as the default theme. Existing sites will have `Source` installed, but not activated, as this is a large change and we don't want to drastically change existing sites without warning. Users can upgrade to use `Source` simply by clicking 'Activate' in design settings.
- Updated protections to prevent users from uploading their own conflicting version of `Source`
2023-10-03 14:02:08 +02:00
Simon Backx
b82a93beac
Added recommendation_notifications column to users table (#18304)
fixes https://github.com/TryGhost/Product/issues/3939
2023-09-22 15:35:55 +00:00
Sag
f1cd6432a8
Added new setting to enable Recommendations (#17856)
closes https://github.com/TryGhost/Product/issues/3772

- Recommendations are disabled by default and will get enabled when a
first recommendation is added. The "recommendations_enabled" setting
will be not shown explicitly in Admin, it will rather be set implicitly
based on whether there is at least one recommendation
- The "recommendations_enabled" setting belongs to a new setting group
called "recommendations"

Tech Spec: https://www.notion.so/ghost/Recommentions-Tech-Spec-598f09e4109f4eef8d9e32db7245a90c?pvs=4
2023-08-30 08:56:21 +00:00
Simon Backx
935ac43584
Added recommendations CRUD api (#17845)
fixes https://github.com/TryGhost/Product/issues/3784

- Includes migrations for new permissions needed for the new endpoints
2023-08-29 15:06:57 +00:00
Simon Backx
13b732f905
Added Playwright tests for donations (#17699)
fixes https://github.com/TryGhost/Product/issues/3723

This also fixes usage of localhost instead of 127.0.0.1 as a test URL
for playwright. This caused issues for cookies because the member
impersonation navigated to 127.0.0.1 instead of localhost, meaning that
the next page.goto call would go to localhost and lose the cookies.
2023-08-15 15:20:18 +02:00
Simon Backx
690fbf3f73
🔒 Fixed arbitrary file read via symlinks in content import
refs https://github.com/TryGhost/Product/issues/3726
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg

- credits to https://github.com/ixSly
2023-08-15 13:01:11 +02:00
Simon Backx
4c8179312d
🎨 Added support for relative links in emails (#17630)
fixes https://github.com/TryGhost/Product/issues/3687

After this change, relative URLs in emails will be replaced with
absolute URLs using the post URL. Making relative Portal URLs possible
etc.

Updates the test data generator to fix invalid URL encoding (somehow a
backslash + escaped double quote was added when it wasn't required).
2023-08-08 13:22:56 +02:00
Simon Backx
66675a1383
Added donation notifications column (#17607)
fixes https://github.com/TryGhost/Product/issues/3691

When a site receives a donation, we'll send an email to all
administrator. They can disable this in their profile settings. This
migration adds the required column to make this possible. It defaults to
true.

Link to tech spec:
https://www.notion.so/ghost/Tech-Spec-5cd6929f7960462ebcbf198176e0d899?pvs=4#156834b0231d4968a203d797c6817d21
2023-08-07 15:31:36 +02:00
Sag
19bdb0efef
Added migrations for Tips & Donations' settings (#17576)
closes https://github.com/TryGhost/Product/issues/3668

- Tips and Donations feature offers two settings: "donations_currency", and "donations_suggested_amount"
    - "donation_currency": the currency to be used for the donation. Defaults to "USD", not nullable.
    - "donation_suggested_amount": an anchor price for the donation. Defaults to 0, not nullable.
- Both settings belong to a new group "donations"

Tech Spec: https://www.notion.so/ghost/Tech-Spec-5cd6929f7960462ebcbf198176e0d899?pvs=4#6e8b34c45f0c4c78b48c9e7725a307c8
2023-08-03 22:13:47 +02:00
John O'Nolan
265e62229f
2023 2023-08-03 20:40:44 +01:00
Steve Larson
6936007052
🐛 Updated gscan error handling for page errors (#17575)
refs https://github.com/TryGhost/Product/issues/3676

- add filter for sidebar display of theme errors (angry red box)
- filter specific to each page feature, will need to add each one by this approach
2023-08-02 09:56:40 -05:00
Steve Larson
5fe72462bc
Enabled page features (#17544)
no refs
-moved hide page title and feature image to GA
-updated gscan
2023-07-31 14:22:19 -05:00
Steve Larson
e45b947d61
Updated gscan (#17521)
no refs
- add check for unknown global use in themes
- removed `@page` check until ready for release
2023-07-27 15:43:22 +00:00
Steve Larson
b77521ece9
Updated gscan (#17509)
no refs
2023-07-26 15:58:22 +00:00
Steve Larson
005e80b466
Updated gscan (#17507)
no refs
2023-07-26 13:06:23 +00:00
Michael Barrett
184c6ae951
Retain newsletter subscriptions on suppression (#17373)
refs https://github.com/TryGhost/Product/issues/2610
2023-07-24 10:47:57 +01:00
Naz
ea2defb76c Updated collection descriptions
refs https://github.com/TryGhost/Arch/issues/25

- Updated collection descriptions to be less wordy and avoid a redundant "Collection" in them.
2023-07-17 18:43:21 +08:00
Naz
9bfb197a85 Added fixtures for collection posts
refs https://github.com/TryGhost/Arch/issues/25

- Adds collection_posts fixtures
2023-07-17 18:43:21 +08:00
Naz
acbe3a250e Added built in collection fixtures
refs https://github.com/TryGhost/Arch/issues/25

- The instance should have two built-in collections "latest" (prviously known as "index") and "featured". These have been filled through in-memory tricks before, now they should come pre-populated through fixtures mechanism.
2023-07-17 18:43:21 +08:00
Naz
05bb82cf1a Added collections CRUD permissions
refs https://github.com/TryGhost/Team/issues/3220

- Added permissions for collection resources
2023-06-09 21:13:06 +07:00
Rishabh Garg
5c209abdc0
Updated default value for image editor integration setting (#16897)
refs https://github.com/TryGhost/Team/issues/3145

Updates pintura integration to be switched on by default for all sites by adding a migration to update the default value for the setting.
2023-06-06 18:15:01 +05:30
Fabien "egg" O'Carroll
c0ca7b16f6 Added caching to TierRepository
refs https://github.com/TryGhost/Toolbox/issues/515

Tiers are very frequently queried and we want to reduce the number of DB calls
we're making. We can store the Tiers in-memory, using the existing in-memory
repository patterns, but still persisting writes the the database.

We also have to update our test helpers, because they were bypassing the
repository for writes, but using it for reads resulting in an invalid cache
2023-05-12 16:38:32 -04:00
Naz
c21f136834 Corrected announcement_visibility setting type
refs https://github.com/TryGhost/Ghost/pull/14264

- With a requirement change we need to transform `announcement_visibility` setting to be an "array" instead of a "string". Array structure will allow us to hold multiple filters at once giving more coverage to the audience targetting usecases.
- Example filter variations we'll support are:
[ ] Logged out visitors
[ ] Members
[ ] Free members
[ ] Paid members
2023-04-21 10:18:50 +02:00
Rishabh Garg
d3c6d8ad13
Added Pintura integration page in Admin (#16686)
refs https://github.com/TryGhost/Team/issues/3034

- adds new integration page for Pintura in Admin
- allows site owners to enable/disable the image editor integration
- allows self-hosters to upload the files for enabling Pintura image
editor

---------

Co-authored-by: Sodbileg Gansukh <sodbileg.gansukh@gmail.com>
2023-04-20 21:20:07 +05:30
naz
865df1e143
Added announcement fields to settings table (#16654)
refs https://github.com/TryGhost/Team/issues/3011

- This is a data structure needed to support Announcement Bar feature -
allows to create custom site-wide announcements tailored to the
audience.
- The `announcement_content` is meant to hold displayed HTML content of
the announcement and will be exposed through unauthenticated Content
Site API

- The `announcement_visibility` sets the target audience to display the
Announcement Bart to:
  - `public` - Everyone
  - `visitors` - Logged out visitors only
  - `members` - Members only
  - `paid` - Paid members only

- The `announcement_background` sets the CSS class that should be
applied to the Announcement Bar. and will be exposed through
unauthenticated Content Site API. Three styles are available:
  - `accent` - matches the color of the site accent
  - `dark` - dark style
  - `light` - light style
2023-04-19 14:25:25 +02:00
Chris Raible
7a800ec06e
Fixed flaky test: posts API export can export with order (#16605)
closes Tryghost/Team#2975

- The test was failing because the order of the posts was not guaranteed
- The posts receive a published_at timestamp = new Date() when they are
created, unless a published_at date is passed in
- ~1/3 times the tests would run, the ordering would change and this
test would fail
- This commit fixes the test by passing in a published_at date to ensure
the order is always the same
2023-04-10 18:40:03 -07:00
Simon Backx
e13f052af8
Added Portal signup terms settings and migration (#16545)
fixes https://github.com/TryGhost/Team/issues/2885 
fixes https://github.com/TryGhost/Team/issues/2896 
fixes https://github.com/TryGhost/Team/issues/2877

This change adds the new portal_signup_terms_html setting and
portal_signup_checkbox_required setting and the corresponding migration.
2023-04-04 10:04:12 +02:00
Naz
fe4e9897fc
Added migration for Self-Serve Integration permissions
refs https://github.com/TryGhost/Team/issues/2790

- This migration adds permissions for Self-Serve Migration Integration to have access to Admin APIs:

POST /ghost/api/admin/db
POST /ghost/api/admin/db/media/inline
POST /ghost/api/admin/members/upload
GET  /ghost/api/admin/tags/:id
GET  /ghost/api/admin/tags/slug/:slug
2023-03-24 11:31:25 +01:00
Naz
0b107f5af5
Added migrations for Self-Serve Migration Integration and API key
refs https://github.com/TryGhost/Team/issues/2790
refs 3747df1bc8 (diff-396038cecd7a381616d00954ae18a655ae2a8af71ea65866bf09d2c7cc1b5235)

- This integration will be used to perform self-serve migrations.
- The integration will be limited to these Admin API endpoints:
POST /ghost/api/admin/db
POST /ghost/api/admin/db/media/inline
POST /ghost/api/admin/members/upload
GET   /ghost/api/admin/tags/:id
GET   /ghost/api/admin/tags/slug/:slug
2023-03-24 11:28:29 +01:00
Naz
c487b12518 Reverted zip's root file copying fix
refs https://github.com/TryGhost/Toolbox/issues/523

- The reverted fix did not take into account the "original path" of the
files would be truncated. This path has to be full relative to the root
of the zip to later be used during importer url substitution logic.
- This reverts commit 831a76505c.
2023-03-16 21:52:24 +01:00
Fabien 'egg' O'Carroll
bdaddd1a64
Added setting to store last mention report email date (#16399)
Because there is no guarantee about a daily job running exactly once a
day, we need to store the last time that the email was sent, so that we
can refrain from sending one if it's been less than a day since the
last.

A setting has been used for this as we don't currently have a pattern
for it, we might want to consider moving this to some kind of cache
based solution in future. This has been added as a core setting so that
we don't expose it via the API.

The setting is stored as a number to allow us to store value as unix timestamp.

---------

Co-authored-by: Rishabh <zrishabhgarg@gmail.com>
2023-03-15 15:34:41 +05:30
Daniel Lockyer
89493893d1 Removed all unused variables from test files
- this cleans up all imports or variables that aren't currently being used
- this really helps keep the tests clean by only allowing what is needed
- I've left `should` as an exemption for now because we need to clean up
  how it is used
2023-03-10 14:29:55 +01:00
Naz
831a76505c
Fixed root zip image/media/files copying during import
https://github.com/TryGhost/Toolbox/issues/523

- During import process of content files the files from the root directory were also copied over. This is causing chaos in the root of content folder with files that only needed for data import. For example, the csv files needed for Revue import were also copied over by "file importer" even though those do not belong to any content.
- Any content import files - images, media, files, should be in according folders in the imported zip file. The root files in the base zip directory are for data-related imports
2023-03-08 11:03:47 +08:00
Naz
ab3959f3f2
Added document file support to the zip importer
refs https://github.com/TryGhost/Toolbox/issues/523

- When migrating or importing ZIP files into Ghost there's often a need to include document files.
- When document files are present in the imported zip file they are now copied across and processed along with the rest of import files: json, images, csvs, etc.
- The importer also searches for use of the document files in the imported "posts" substituting the links with local ones
- The document files importer recognizes media files inside of "files" or "content/files" folders present in the zip.
- The supported media file extensions are same as for file upload widget:
".pdf",".json",".jsonld",".odp",".ods",".odt",".ppt",".pptx",".rtf",".txt",".xls",".xlsx",".xml"

with following content-types:
"application/pdf", "application/json", "application/ld+json", "application/vnd.oasis.opendocument.presentation", "application/vnd.oasis.opendocument.spreadsheet", "application/vnd.oasis.opendocument.text", "application/vnd.ms-powerpoint", "application/vnd.openxmlformats-officedocument.presentationml.presentation", "application/rtf", "text/plain", "application/vnd.ms-excel", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "application/xml", "application/atom+xml"
2023-03-02 17:54:19 +08:00
Naz
cd49992cd9
Added generic file import handler
refs https://github.com/TryGhost/Toolbox/issues/523
refs c2534e3c86/packages/mg-assetscraper/lib/AssetScraper.js (L14-L16)
refs https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types

- Importer needs to process and recognize document files like pdfs, presentations etc to be able to import them into sites file storage.
- The handler allows a new root directory "files" to place imported documents
- The handler adds validation and processing for following file extensions:
".pdf",
".json",
".jsonld",
".odp",
".ods",
".odt",
".ppt",
".pptx",
".rtf",
".txt",
".xls",
".xlsx",
".xml"
- With following content types:
"application/pdf",
"application/json",
"application/ld+json",
"application/vnd.oasis.opendocument.presentation",
"application/vnd.oasis.opendocument.spreadsheet",
"application/vnd.oasis.opendocument.text",
"application/vnd.ms-powerpoint",
"application/vnd.openxmlformats-officedocument.presentationml.presentation",
"application/rtf",
"text/plain",
"application/vnd.ms-excel",
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
"application/xml",
"application/atom+xml"
2023-03-02 17:54:18 +08:00
Naz
ce5eea5707
Added media file handling to Ghost importer
refs https://github.com/TryGhost/Toolbox/issues/523

- When a zip file is imported into Ghost we need to recognize and process media files with following extensions:
".mp4",".webm", ".ogv", ".mp3", ".wav", ".ogg", ".m4a"
- The media files can come from a "media" or "content/media" folder inside of zip file
2023-03-01 15:55:10 +08:00
Naz
23e2fdde95
Added image importer test coverage
refs https://github.com/TryGhost/Toolbox/issues/523

- The test cases for "content" and "content/images" zip import file structure were missing.
2023-03-01 15:55:10 +08:00
Reupen Shah
c5a4ee89c9 🐛 Fixed uploads of m4a files with audio/mp4 content type
fixes https://github.com/TryGhost/Ghost/issues/16301

Previously, audio/x-m4a was allowed but not audio/mp4. This meant
uploads of m4a files failed in some cases e.g. Firefox on Windows.
2023-03-01 08:32:21 +01:00
Aileen Booker
4556e9be88
Added milestone_notifications column (#16306)
refs
https://www.notion.so/ghost/Marketing-Milestone-email-campaigns-1d2c9dee3cfa4029863edb16092ad5c4?pvs=4

- created a migration for a new boolean column in users that would
determine if the staff user gets an email when a new milestone is
achieved.
2023-02-22 14:13:50 +02:00
Fabien 'egg' O'Carroll
57695d03df
Fixed rate limit test (#16258)
closes https://github.com/TryGhost/Team/issues/2547

Changed the configuration for testing to be a bit more strict, by slowing down the amount of requests it can handle to give CI enough time to kick in the rate limiter. Before this, CI simply wasn't hitting the API fast enough to trigger the rate limiter.

Co-authored-by: Ronald Langeveld <hi@ronaldlangeveld.com>
2023-02-13 15:16:56 +08:00
Ronald Langeveld
30dc2a8228
Added mention_notifications column (#16242)
refs https://github.com/TryGhost/Team/issues/2526

- created a migration for a new boolean column in users that would
determine if the staff user gets an email when the publication receive a
new mention.
2023-02-09 16:15:54 +08:00