Commit Graph

122 Commits

Author SHA1 Message Date
Sebastian Gierlinger
e4e027d17b Restored spam prevention
closes #3128
- added spam prevention middleware
- restored tests
2014-07-16 10:00:49 +02:00
Hannah Wolfe
34a0c42834 Merge pull request #3276 from sebgie/issue#3252
Move image upload to API
2014-07-15 18:09:32 +01:00
Sebastian Gierlinger
2957b0175e Move image upload to API
closes #3252
- added `/ghost/api/v0.1/uploads/` endpoint
- removed upload method from `controller/admin.js`
- moved removal of temporary files from storage to endpoint (needed to
account for failed uploads)
- changed and moved tests
- Oversight: I think that we use `.otherwise()` and `.catch()` a bit
too extensive and mask the real error objects. We probably need an
error handling strategy at some point in the future.
2014-07-15 12:40:14 +02:00
Hannah Wolfe
3ff9146d9e Server side cleanup
- remove sessions
- remove all references to csrf
- create a shared base model for the 2 types of token
2014-07-14 21:50:12 +01:00
Sebastian Gierlinger
8c2258dc4c Move setup to API
closes #3136
- moved setup to authentication API
- added `POST /ghost/api/v0.1/authentication/setup` to execute the
setup process
- added `GET /ghost/api/v0.1/authentication/setup` to check if blog is
already set up (needed for #3145)
- removed unused methods from api/users.js
2014-07-11 14:17:09 +02:00
Sebastian Gierlinger
215badc663 Setup hijacks owner user
closes #3074
- user generated by fixture is hijacked
- user is updated with name, email, password, slug and status
- creates new user if db is migrated but no user exists
- previously removed tests are back
2014-07-10 19:29:51 +02:00
Jordan Sexton
66ae7e5669 Removed duplicative and unreferenced resources section 2014-07-09 18:48:00 -05:00
Hannah Wolfe
a593cbfb53 Move post slug endpoint & add endpoints for users
closes #3187

- move slug endpoint to post/slug/:slug
- create similar  slug and email endpoint for users
- add/update tests
2014-07-09 16:55:34 +01:00
Sebastian Gierlinger
84cfd529ed Allow user to accept invitation
closes #3081
- added route `/ghost/api/v0.1/authentication/invitation`
- added accept invitation
- added signup with token
- removed check() from users api
- fixed promise in resetPassword()
2014-07-03 17:06:07 +02:00
Sebastian Gierlinger
79a80b67ac Invite user API
closes #3080
- added users.invite() to add user from email with random password
- added `GET /ghost/api/v0.1/users/` to invite users and resend
invitations
- removed one user limit
- added global utils for uid generation
- changed some „“ to ‚‘
2014-07-02 16:22:18 +02:00
Hannah Wolfe
f70f99b5cf Replace the old admin with the ember admin
closes #3056

- Remove clientold
- Remove clientold tests
- Cleanup old admin helpers
- Remove old routes from admin and controllers from admin controller
- Comment out / remove old and broken tests
- Cleanup Gruntfile.js, bower.js, package.json etc

Still TODO:

- cleanup / add removed tests
- do we still need countable?
2014-07-01 08:33:17 +01:00
Sebastian Gierlinger
c8e8da4780 oAuth
closes #2759
closes #3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
2014-06-30 14:58:10 +02:00
Jason Williams
2356692fe3 Fix mail test send endpoint
Closes #3071
-Refactor api.mail.sendTest to take a "to:" parameter.
-Inject recipient address into the mail api's sendTest method
 from the route handler.
2014-06-26 22:00:31 +00:00
Fabian Becker
72156c7f89 New setup screen for blog installation.
fixes #3072
- Change router to handle /ember/setup/
- Adjust doSignup to also handle setup
- Adjust tests and add new where necessary
- Add setup controller, setup validation, setup route
- Adjust casper emberSetup to handle new setup
2014-06-26 15:31:44 +02:00
Sebastian Gierlinger
1db0431e4d User API changes
closes #2822
- added destroy user method
- added remove user permission
- added API end point for get reset token
- added API end point for reset password
- added API end point for change password
2014-06-20 11:15:01 +02:00
Harry Wolff
5d028b72fb Upgrade to Express 4.0
no related issue

- Updates package.json packages, adding express middleware packages
 that have been broken into their own modules

- Updates controllers/frontend.js to use the new Layer object that Express 4.0
 has.  Requires some monkey-patching as the Layer object isn't explicitly
 surfaced, however it should be safe to do.

- Moved the setup of routes into middleware/index.js because they need to
 be added as a middleware function before the 404 and 500 handlers. This is
 no longer possible with the old app.use(app.router) as that has been removed.

- Cleaned up middleware/index.js to make it compatible with Express 4.0.

- Simplified the way themes are activated and enabled when they are activated.
 The new handling is simpler, yet should still cover all the use cases that
 previously existed.

- The entire flow of activating a theme through middleware should be a little
 more centralized, letting it be easier to read and maintain.

- Moved every routes/*.js file to use an individual express.Router() instance.
2014-06-08 17:41:25 -04:00
Hannah Wolfe
42af74b073 Merge pull request #2877 from jaswilli/2866-slugs
Update slug API to work with additional types
2014-06-05 13:43:46 +01:00
Jason Williams
bb4a0a3540 Update slug API to work with additional types
Closes #2866
-update slug API to handle users and apps in addition to
 posts and tags
-update existing tests
-add new functional tests for slug endpoint on http api
2014-06-04 05:54:03 +00:00
Hannah Wolfe
9e8e1fa37d Ember redirect to signup
closes #2779

- adds temporary code to redirect the ember admin to signup if a user doesn't exist.
- done serverside as this makes most sense?
2014-06-03 19:21:45 +01:00
Maurice Williams
6fda048827 refreshless user logout
fixes #2842
- new Ember route for signout
- new API route to allow async signout
2014-06-02 17:12:02 -04:00
Jason Williams
503c407090 Clean up routes. Use new slug endpoint in admin.
refs #2814
-removed route /posts/slug/:title due to API change
-changed admin to use new slug endpoint
-removed duplicate notifications routes
2014-05-28 03:59:06 +00:00
lennerd
bebafdc9a9 Refactore slug API for generating tag and post slugs.
Closes #2601
- Removed slug generation from the post API
- Added new, self-contained slug API
- Fixed slug permissions in the fixtures files
- Added a HTTP route for the new API method
- Added integrational tests
2014-05-26 10:07:05 +02:00
Hannah Wolfe
c02ebb0dcf Refactor API arguments
closes #2610, refs #2697

- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
  everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
  to perform reads, updates and deletes where possible - settings / themes
  may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-15 10:41:05 +01:00
Fabian Becker
628654961a Implements new Themes JSON API
closes #2592
- Add themes browse/read endpoint
- Add new permissions for themes (only admin by default)
- Add integration tests
2014-05-14 11:23:42 +02:00
Hannah Wolfe
d1f57a2569 Merge branch 'ember'
Conflicts:
	Gruntfile.js
	core/client/models/post.js
	core/client/models/settings.js
	core/client/models/user.js
	core/client/router.js
	package.json
2014-05-07 22:28:29 +01:00
Fabian Becker
2a803aecdd Proper endpoints for persistent notifications
closes #2637
- Add new get API route for all notifications
- Wrap API responses to comply with JSON-API
- Add new tests / adjust fixtures
- Adjust all occurences of passive notifications
2014-05-06 00:05:14 +02:00
Jason Williams
4b46d85c26 Redirect from admin editor to frontend post view
closes #2628
- added /view/ route to the editor. if /view/ is appended to
  the url of a post being edited a redirect to the frontend
  will occur
- updated controller to check for /view/ and built the
  correct url for the post
- added test for the new route
2014-05-01 01:50:24 +00:00
Hannah Wolfe
16c8080636 Merge branch 'master' into ember
Conflicts:
	core/client/models/post.js
2014-04-21 18:35:38 +01:00
Peter Szel
2433116cc6 Added email sending endpoint to the API.
closes #2550

- Added new API module named 'mail'
- Added routes for the mail endpoint
- Added 'send a test email' button to the debug settigns page
- Added handler to this button which sends and AJAX request to the mail API endpoint
2014-04-09 23:56:21 +02:00
Hannah Wolfe
c746a88b2e Merge branch 'master' into ember
Conflicts:
	Gruntfile.js
	core/client/assets/lib/showdown/extensions/ghostdown.js
	core/client/views/editor.js
	core/clientold/assets/lib/showdown/extensions/ghostdown.js
	core/shared/lib/showdown/extensions/ghostimagepreview.js
	core/test/unit/showdown_client_integrated_spec.js
	core/test/unit/showdown_ghostimagepreview_spec.js
2014-04-07 22:26:53 +01:00
Hannah Wolfe
7e95b4d291 Merge pull request #2439 from sebgie/move-slug
Rename getSlug to slug
2014-03-28 17:12:55 +00:00
Hannah Wolfe
13b65cecb9 Redirect feed -> rss
closes #2261

- reserved 'feed' in the list of reserved keywords for slugs
- added a 301 redirect from /feed/ to /rss/
- added a route test, and realised that standard express redirects don't get the right headers
- fixed the headers across all 301 redirects & added tests for the admin redirects
- removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/
2014-03-24 09:46:39 +00:00
Sebastian Gierlinger
22bbf57830 Rename getSlug to slug
another 2 % of #2124
- renamed `/ghost/api/v0.1/posts/getSlug/ to
`/ghost/api/v0.1/posts/slug/`
- renamed method getSlug to generateSlug
2014-03-18 14:00:33 +01:00
Hannah Wolfe
79a333b480 Merge branch 'master' into ember
Conflicts:
	bower.json
	core/client/views/editor.js
2014-03-16 20:52:44 +00:00
Harry Wolff
3296a3a41c Flesh out more of the Ember admin
no issue

- this ports over screens from old admin to
 allow people to begin working on aspects of the screen

- All logged out screens have been imported: Signup, Signin,
 Forgotten password, reset password

- Those screens are now ready for behavior to be ported over

- This also updates templates to be more in line with how they were
 in the old admin

- Littered through the code are @TODO comments of functionality that is
 missing and will need to be resolved before this is production ready

- Also scaffolds out the settings screen and every tab
2014-03-16 16:01:56 -04:00
Johan Stenehall
4556e1df0a Rss support for tags
closes #2260
- added routes for /tag/:slug/rss and /tag/:slug/rss/:page
- added support for tag in the rss controller
- added route tests for each extra case
- fixing a tiny typo in some test descriptions
2014-03-13 00:12:41 +01:00
Harry Wolff
9983e05535 Add HTML5 pushState support for Ember
- also updates associated route
2014-03-09 20:57:13 -04:00
Hannah Wolfe
31f41822e0 Merge branch 'master' into ember
Conflicts:
	.gitignore
	Gruntfile.js
	bower.json
	core/client/assets/lib/showdown/extensions/ghostdown.js
	core/client/assets/vendor/showdown/extensions/ghostdown.js
	core/client/router.js
	core/clientold/assets/vendor/chart.min.js
	core/clientold/assets/vendor/codemirror/addon/mode/overlay.js
	core/clientold/assets/vendor/codemirror/codemirror.js
	core/clientold/assets/vendor/codemirror/mode/gfm/gfm.js
	core/clientold/assets/vendor/codemirror/mode/gfm/index.html
	core/clientold/assets/vendor/codemirror/mode/gfm/test.js
	core/clientold/assets/vendor/codemirror/mode/markdown/index.html
	core/clientold/assets/vendor/codemirror/mode/markdown/markdown.js
	core/clientold/assets/vendor/codemirror/mode/markdown/test.js
	core/clientold/assets/vendor/countable.js
	core/clientold/assets/vendor/fastclick.js
	core/clientold/assets/vendor/icheck/jquery.icheck.min.js
	core/clientold/assets/vendor/jquery.hammer.min.js
	core/clientold/assets/vendor/nprogress.js
	core/clientold/assets/vendor/packery.pkgd.min.js
	core/clientold/assets/vendor/showdown/extensions/ghostdown.js
	core/clientold/assets/vendor/showdown/showdown.js
	core/clientold/assets/vendor/validator-client.js
	core/test/unit/client_ghostdown_spec.js
	core/test/unit/client_showdown_int_spec.js
2014-03-05 23:10:44 +00:00
Sebastian Gierlinger
7155d95f9d Add JSON API tests & cleanup
first 10 % of #2124
- added initial version of JSON API tests
- renamed error.errorCode to error.code
- renamed tags.all to tags.browse for consistency
2014-02-28 22:26:03 +00:00
Sebastian Gierlinger
67611045e7 Remove res.redirect from db.exportContent
closes #1654
- added frontend route /ghost/export/
- removed request handling from API
2014-02-27 16:48:38 +01:00
Harry Wolff
edfc98f65f Create base route for ember admin 2014-02-26 20:02:12 -05:00
Hannah Wolfe
bee58922b2 Rename client -> clientold
issue #2271

- should allow development of new admin UI whilst still having access to the old ui
2014-02-27 00:52:04 +00:00
Hannah Wolfe
310fcab7ed Cleanup naming & order in admin controller
no issue

 There seemed to be no convention or order to the functions in the admin controller, so I have:
 - organised them
 - reordered them
 - added a small doc-block
 - reordered some routes
 - updated tests accordingly
2014-02-25 10:51:12 +00:00
Michael Bradshaw
cb6d0d8dfe Remove useless regex for redirecting /ghost -> /ghost/ 2014-02-19 18:19:42 -07:00
Hannah Wolfe
e81924282c Merge pull request #2190 from sebgie/issue#2171
Make session expiry less arsey
2014-02-18 22:05:44 +00:00
Harry Wolff
9ab4b7d4d5 Adds tag pages
fixes #2111

- modified Post model to support a tag query
  param that will filter the desired post collection
  to only include posts that contain the requested tag

- in the updated Post model it includes the Tag model
  under a nested object called 'aspects'

- added tests for updated Post model, updating
  test utils to add more posts_tags relations

- adds two new routes to frontend,
  one for initial tag page,
  another to page that tag page

- for tag pages the array of posts
  is exposed to the view similarly
  to the homepeage

- on the tag view page the information
  for the tag is also accessible
  for further theme usage

- the tag view page supports a hierarchy of
  views, it'll first attempt to use a tag.hbs
  file if it exists, otherwise fall back
  to the default index.hbs file

- modified pageUrl and pagination helper
  to have it be compatible with tag paging

- added unit tests for frontend controller

- added unit tests for handlebar helper modifications

- add functional tests for new tag routes
2014-02-18 15:10:02 -05:00
Sebastian Gierlinger
d3c641ea31 Make session expiry less arsey
closes #2171
- added authentication middleware
- removed authentication from routes
- moved authentication before CSRF validation
- moved caching rules before authentication
- changed/added test
2014-02-14 11:00:11 +01:00
Harry Wolff
b066e732dd Adds support for additional permalink structures
fixes #2057

- uses express’ Route object to create RegExp’s
 that we use to check the incoming path
- refactored structure of fronted controller single
 tests to be easier to read
- amend regex to incorporate new allowed permalink
 structure
2014-02-10 12:07:43 -05:00
Harry Wolff
f16dc290b7 Improve bootstrap flow of a Ghost application
addresses #1789, #1364

- Moves ./core/server/loader -> ./core/bootstrap.
The bootstrap file is only accessed once during startup,
and it’s sole job is to ensure a config.js file exists
(creating one if it doesn’t) and then validates
the contents of the config file.

Since this is directly related to the initializing 
the application is is appropriate to have 
it in the ./core folder, named bootstrap as that
is what it does.

This also improves the dependency graph, as now
the bootstrap file require’s the ./core/server/config
module and is responsible for passing in the validated
config file.

Whereas before we had ./core/server/config
require’ing ./core/server/loader and running its
init code and then passing that value back to itself,
the flow is now more straight forward of
./core/bootstrap handling initialization and then
instatiation of config module

- Merges ./core/server/config/paths into 
./core/server/config
This flow was always confusing me to that some config
options were on the config object, and some were on
the paths object.

This change now incorporates all of the variables
previously defined in config/paths directly
into the config module, and in extension,
the config.js file.

This means that you now have the option of deciding
at startup where the content directory for ghost
should reside.

- broke out loader tests in config_spec to bootstrap_spec

- updated all relevant files to now use config().paths

- moved urlFor and urlForPost function into 
 ./server/config/url.js
2014-02-07 17:34:21 -05:00
Hannah Wolfe
f185a5d616 General cleanup
- Cleanup some todos, comments, and unused variables
2014-01-19 21:08:39 +00:00
Fabian Becker
11c8d234f7 New Post UX behaviour.
refs #1351
- Make generateSlug a static method on base model
- Change client behaviour (unfinished)
- Add new getSlug API method
2014-01-06 21:05:17 -05:00
Sebastian Gierlinger
6220bd19f5 Use ajax for import
closes #1854
- added blueimp file upload to debug.js
- changed POST /ghost/api/v0.1/db to be used with AJAX
- cache invalidation header should now work for import
- moved busboy middleware invocation to routes/api and routes/admin
- moved api.db.import to api.db.importContent (I hated the [] notation)
- moved api.db.export to api.db.exportContent (see above)
2014-01-06 22:55:43 +00:00
Harry Wolff
ab80a132f3 Adds ability to quickly get to post’s edit page
fixes #1810

- updates frontend.single route to accept ‘edit’
as the last param

- updates controller.frontend to handle redirection
only when we would otherwise have rendered the page

- added unit tests for this behavior
2014-01-03 18:16:00 -05:00
Hannah Wolfe
1925fa0196 Cache control headers & query string asset management
closes #1470
issue #1405

- added cache control middleware
- added defaults for all routes, assets, etc
- updated asset helper to add a query string with a timestamp hash to all assets
- added unit tests for asset and ghostScriptTags helpers
- added cache-control checks to route tests
2014-01-02 12:14:33 +00:00
Hannah Wolfe
834cb73613 Date permalinks use published date
fixes #1803

- switches date permalinks from created_at to published_at
- enforces that the post will ONLY render if the date is valid and correct
2014-01-01 15:28:59 +00:00
Hannah Wolfe
a2a606a920 Functional test debugging & improvements
issue #1702
2014-01-01 14:52:49 +00:00
Hannah Wolfe
bfe80da54a Enforce 2-digit dates in permalinks
fixes #1800

- changed permalink regex to require 4/2/2/slug
- changed url helper to enforce the same
- changed permalink toggle to set a specific state, this means the
  functional tests are independent again
- chnaged permalink toggle to wait for the settings page to load
- change as many frontend tests to not login as possible
2014-01-01 11:39:19 +00:00
Harry Wolff
91ca4a43e5 Fix routing of posts and static pages
closes #1757 and #1773

- switches routes.frontend for posts and pages
to use a regex with two capturing groups.  This removes
the need to dynamically remove an express route at a
later point, leaving the decision making to frontend
controller.

- added unit tests for all routing conditions that 
can arise for posts and pages.

- updated functional tests to also test for same thing
in unit tests

- removes old code from server/api/index that used
to fix this issue, but is no longer needed

- removed some un-needed require statements in routes/admin
2013-12-30 02:04:46 -05:00
Hannah Wolfe
6f7f61d112 Merge pull request #1772 from markberger/1753-static-page-url
Static pages do not use dated permalinks
2013-12-28 10:40:07 -08:00
Mark Berger
075dd8ac9b Static pages do not use dated permalinks
closes #1753
- Pages are registered to '/:slug/' route if posts are using dated permalinks
2013-12-28 12:47:52 -05:00
Hannah Wolfe
755ad934bf Path, url and subdir cleanup & test
issue #1754

- remove path (it was only used once, and not needed)
- change webroot to subdir
- add unit tests for config.paths
- various other cleanup
- renamed client-side ghostRoot to subdir
- added url helper for client
2013-12-28 16:09:56 +00:00
Sebastian Gierlinger
691c8cd5a9 Delete all content (posts and tags)
closes #1445
- added delete button to ‚ugly debug tools‘
- added api call to delete all content
- added /db to cache invalidation routes
2013-12-25 01:05:20 +01:00
Harry Wolff
058b82bba1 Update config.theme() after every settings edit
fixes #1645

- removes server.get('ghost root') as it is only an alias
to config.paths().path, and adds unnecessary indirection
- removes config.theme().path as its just an alias to
config.paths().path, updated all relevant references
- update config.theme.update to only require the api/settings object,
and no longer need the config object
- modify api/settings.edit to call config.theme.update so that
the themeObject is ready for next rendering of template
2013-12-12 08:25:08 -05:00
Harry Wolff
c8c02a65fa Remove ghost.js
fixes #1575
- Moves most code that was in ghost.js into ./core/server/index.js
- Creates ./core/server/config/theme.js to hold all theme configurations 
(which previously lived on ghost.blogGlobals())
- Removed ghost.server, passing it in as an argument where needed 
and allowing middleware to hold onto a reference for lazy use.
2013-12-07 10:10:02 -05:00
Sebastian Gierlinger
078f464197 remove ghost.settings and ghost.notifications
covers 90% of #755
- moved ghost.settings to api.settings
- moved ghost.notifications to api.notifications
- split up api/index.js to notifications.js, posts.js, settings.js,
tags.js and users.js
- added instance.globals as temp workaround for blogglobals (Known
issue: blog title and blog description are updated after restart only)
- added webroot to config() to remove `var root = ...`
- changed `e` and `url` helper to async
- updated tests
2013-12-06 09:51:35 +01:00
Sebastian Gierlinger
e95b592028 Remove cookie from Frontend
closes #1437
closes #1472

- changed cookie to path:'/ghost'
- added conditional CSRF middleware
- added redirects for signup, signin, signout to /ghost/sign*/
2013-11-26 10:38:54 +01:00
Fabian Becker
e210e75e97 Install in sub-directory support.
refs #527
2013-11-24 21:11:34 +00:00
Hannah Wolfe
7db5481f92 Merge pull request #1533 from jgillich/permalinks
Add Customisable Permalinks
2013-11-23 14:29:02 -08:00
Jakob Gillich
83d047c0ba Add Customisable Permalinks 2013-11-23 17:02:17 +01:00
Jacob Gable
34e453039b Improved Password Reset Tool
Closes #1471

- add api and User model methods for generating and validating tokens
- add routes and handlers for reset password pages
- add client styles and views for reset password form
- some basic integration tests for User model methods
2013-11-22 10:46:19 -06:00
Harry Wolff
985a23f446 Move server middleware configuration to related file 2013-11-19 21:05:57 -05:00
Harry Wolff
ea8d12a607 Reduce size of ghost.js by moving related Routing code to their own files 2013-11-19 21:05:09 -05:00