Commit Graph

1392 Commits

Author SHA1 Message Date
Hannah Wolfe
4a67ea5546
Fixed admin host with port causing infinite redirect (#11767)
closes #11766, refs 7284227f1

- when we changed from host to hostname, more changed than just using the x-forwarded-host if trusted because express req.hostname does not return the port
- this causes issues with an infinite redirect if you try to set a different admin host with a port
- added a test to demonstrate the case, that didn't fail due to an error in the test logic
- switched from redirecting based on req.hostname to using req.vhost.host which has the correct trusted, requested value that we should rely on
- simplified the comparison logic to explicitly compare host with host
2020-04-23 19:00:28 +01:00
Daniel Lockyer
0e4dbc659c Added eslint exceptions in test-suite
no issue

- eslint-plugin-ghost will warn for console.* calls
- we use a mini-hack in the test suite to print out the start time for
  Ghost
- we want to keep these for the mean time, so explicitly allow them for
  now
2020-04-23 09:15:22 +01:00
Hannah Wolfe
d4cd996e20 Use destructuring for more readable redirect code
- This code was a little verbose, which made it hard to see what was happening (it still is a bit)
- Used destructuring to reduce the code
- Renamed a few variables
2020-04-22 20:30:17 +01:00
Hannah Wolfe
19dde146c1 Renamed redirect functions for clarity
- we had urlRedirects, urlRedirects.adminRedirect and adminRedirects
- all do kinda similar things, but for different contexts so for now I've done a minimal renaming for clarity
- and updated some comments!!
- also removed totally unnecessary if res.isAdmin clause, as we don't use that, and it was never true
2020-04-22 19:31:36 +01:00
Hannah Wolfe
37a22edbe9 Refactored cache-control mw to remove dependencies
- cache-control had some logic in it for private blogging + similar logic exists for members in site/app
- having it in 2 places is weird, and having it inside the mw makes the mw less generic/reusable
- instead of requiring config inside the middleware, we pass config in for the one case where this is used
- fixed tests that didn't test anything 🙈
2020-04-22 18:01:01 +01:00
Hannah Wolfe
f4f61b8a3a Moved normalize image mw into api app
- Moved normalize image mw from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 17:48:54 +01:00
Hannah Wolfe
de9864db30 Moved upload validation mw into api app
- Moved upload validation mw from shared to api as it is not shared (except within the API)
- Co-located the code with the upload middleware, as it's small and gives us a nice API of .upload.single and .upload.validation
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:37:02 +01:00
Hannah Wolfe
1a4506dcf0 Moved validation utils into validation/upload
- These two functions have no dependencies and are only used in valiation/upload
- Co-locating the code makes it easier to move
- Exported them with a new module.exports._test pattern - we'll see about whether this is a good idea
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:21:41 +01:00
Hannah Wolfe
d85c634669 Removed unused middleware code
- removed empty theme-handler_spec.js file
- removed unused export of uncapitalise
- removed unused export of utils
- remove unused blog-icon and profile-image validation code (now lives in core/server/api/[version]/utils/validators/input)
2020-04-22 07:15:51 +01:00
Hannah Wolfe
05cf4f495d Moved update-user-last-seen mw into api app
- Moved update-user-last-seen from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:12:25 +01:00
Hannah Wolfe
92af5b8f09 Moved api cors mw into api app
- Moved api cors from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:12:25 +01:00
Hannah Wolfe
41c3b4e92b Moved version-match mw into api app
- Moved version-match from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:12:25 +01:00
Hannah Wolfe
213f0a4785 Moved ghost-locals mw into parent app
- Moved ghost-locals from shared to parent as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
- This allows shared middleware to be unhooked from the parent app
2020-04-21 18:50:46 +01:00
Hannah Wolfe
8fe56852e0 Moved request-id mw into parent app
- Moved request-id from shared to parent as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 18:29:20 +01:00
Hannah Wolfe
becc239de1 Moved web/parent-app to web/parent/app
- Have a consistent structure so we can co-locate an app with its own middleware
- This is another small step in sorting out the giant mess that was web/shared/middleware
2020-04-21 18:08:29 +01:00
Hannah Wolfe
61633d48ee Moved serve-public-file mw into site app
- Moved serve-public-file from shared to site as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 17:23:07 +01:00
Hannah Wolfe
406218489c Remove additional mount of content/images
refs 717567995b

- We should not be using relative URLs inside the admin panel anymore
- Removes a usage of "shared" middleware which isn't truly shared
2020-04-21 17:02:16 +01:00
Hannah Wolfe
dbafaf7205 Moved handle-image-sizes mw into site app
- Moved handle-image-sizes from shared to site as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 15:50:01 +01:00
Hannah Wolfe
9fe741c9b9 Moved static-theme mw into site app
- Moved static-theme from shared to site as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 15:50:01 +01:00
Hannah Wolfe
40fa2053e3 Moved serve-favicon mw into site app
- Moved serve-favicon from shared to site as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 14:30:32 +01:00
Kevin Ansfield
9981ea336c Changed {subscriber_firstname} replacement to {first_name}
no issue

- easier to remember and type
- removes need to remove the `subscriber_` prefix when accessing member properties
2020-04-20 14:25:58 +01:00
Kevin Ansfield
944ffa8668 Added acceptance test for email preview with email card and replacements
no issue

- the email previews API should return html and plaintext content that contains any email cards and where any valid replacement strings have been replaced with desired fallbacks
- unknown/invalid replacement strings should appear as entered by the user (no %% wrappers that are used internally)
2020-04-20 12:48:00 +01:00
Daniel Lockyer
7ac614030d 🐛 Fixed structured metadata for images
fixes #11746

- the original fix[1] inadvertently moved the logo object down one level
- this commit moves it back up, and fixes the tests to reflect the
  expected format

[1]: 3f5daa60c8
2020-04-17 13:51:55 +01:00
Daniel Lockyer
8853067830 Added custom json-string format to AJV validator
no issue

- the value of `mobiledoc` when submitting a page/post via the API must
  be JSON, but we don't validate this
- this results in url-utils throwing an error, which ends up being a 500
- this commit adds a custom format to AJV to validate it is valid JSON
- also updates tests with bad JSON - 'a'
2020-04-17 11:56:20 +01:00
Kevin Ansfield
374b43ceab Fixed linting error 2020-04-17 11:32:29 +01:00
Nazar Gargol
192cb107a5 Fixed regression test for tag edit redirects
refs bd92fcd282

- Referenced commit broke the regression test
2020-04-16 22:10:28 +12:00
Hannah Wolfe
a4cf470c87 🐛 Fixed importer always erroring
- in 3.13.2 the importer always throws the error "The "path" argument must be of type string. Received an instance of Object"
- this is due to a change in method signature that wasn't accounted for
- added a test to catch similar changes to this code in future
2020-04-15 13:24:43 +01:00
Hannah Wolfe
fc664ac697 Improved helper index, use glob to read directory
- Having to remember to add files to an index.js is a PITA
- We already have glob as a dependency, so use that
- This requires that the file prev_next be renamed to prev_post, which is what it's called as by default
- next_post is an alias of next_post - so this reflects that more closely
2020-04-10 13:08:41 +01:00
Hannah Wolfe
59b9f161dd Moved non-helper code out of helpers
- the helper dir also contained some code used with helpers - utils and helper-helpers?
- the goal here was for helpers to be the only thing in their folder so we can look at moving them out
- all other code has been moved to services/themes for now, which is not the right place either
- services/themes is a catch-all for theme storage, loading, validation, rendering and more, needs to be broken down
2020-04-10 12:27:43 +01:00
Hannah Wolfe
3a2ccea3a9 Moved helper util tests to Ghost-SDK/helpers
ref 99b2adc1c82eface95dca2a85d6f62169265d3e4

- these tests belong to @tryghost/helpers as they test code that isn't in this repo
2020-04-10 08:19:16 +01:00
Hannah Wolfe
e639a25171 Moved labs usage into cancel_link helper file
- this removes the need to require the proxy inside the helpers/index.js file
- have the helper file define and return it's own labs-enabled-ness
- update the tests to test for the labs flag being unset
2020-04-08 19:31:55 +01:00
Kevin Ansfield
b37ac8ef1f Switched to extracted @tryghost/mobiledoc-dom-renderer package
no issue

- moved `mobiledoc.renderers.mobiledocHtmlRenderer` to `mobiledoc.mobiledocHtmlRenderer` so that it's easier for the getter to access the parent objects getters
- removed all tests and dependencies that now live in @tryghost/mobiledoc-dom-renderer
  - kept the `mobiledocHtmlRenderer` test because that's testing that we've correctly wired up our cards and atoms and the output is what we expect
2020-04-08 18:27:12 +01:00
Hannah Wolfe
35e3e0708c Moved helper proxy into a service
- The proxy is not a helper, we want the helpers folder to only include helpers
- The proxy is also meant to be the interface to Ghost for the helpers, and we want to enforce that
- This is a small step on the way
2020-04-08 17:22:44 +01:00
Kevin Ansfield
294187c41f Switched to extracted @tryghost/kg-default-atoms package
no issue

- removed code that now lives in the external Koenig monorepo
2020-04-08 14:49:44 +01:00
Tim Gates
270af89ee2
Fixed typo tempalte -> template (#11722)
no issue

- Fixes al typo in test/regression/site/site_spec.js. Should read `template` rather than `tempalte`.
2020-04-08 14:26:50 +12:00
Kevin Ansfield
2642405595
Merge pull request from GHSA-q6jp-j3gg-3mxr
no issue

- backports fixes implemented in https://github.com/TryGhost/Ghost/commit/477393967 from the v3/api endpoint to the v2 endpoint
2020-04-07 11:05:48 +01:00
Joseph Coffland
67b8fbf6cf Added raw handlebars helper
- Allows using the 4-bracket raw block syntax e.g: {{{{raw}}}}{{{{/raw}}}}
- This allows you to include handlebars inside a template that is not compiled and executed
- The common usecase is if you want to include client-side handlebars templates inside server-side ones
2020-04-06 17:26:50 +01:00
Fabien O'Carroll
a701ee7023
Added support for token session to /ghost (#11709)
no-issue

* Added default for getting origin of request

This function is used to attach the origin of the request to the
session, and later check that requests using the session are coming from
the same origin. This protects us against CSRF attacks as requests in
the browser MUST originate from the same origin on which the user
logged in.

Previously, when we could not determine the origin we would return
null, as a "safety" net.

This updates the function to use a secure and sensible default - which
is the origin of the Ghost-Admin application, and if that's not set -
the origin of the Ghost application.

This will make dealing with magic links simpler as you can not always
guaruntee the existence of these headers when visiting via a hyperlink

* Removed init fns and getters from session service

This simplifies the code here, making it easier to read and maintain

* Moved express-session initialisation to own file

This is complex enough that it deserves its own module

* Added createSessionFromToken to session service

* Wired up the createSessionFromToken middleware
2020-04-06 11:49:14 +02:00
Fabien O'Carroll
1f68d8dc20 Refactored existing adapters to use adapter-manager
no-issue

This removes duplications and reduces maintentence going forward.
2020-04-05 21:13:47 +02:00
Fabien O'Carroll
23154f0739
Refactored session service (#11701)
* Refactored SessionStore to use @tryghost/errors

no-issue

* Updated tests to test exposed API

no-issue

This will make refactoring easier, as we only have the "public" contract to maintain

* Refactored session functionality to SessionService

no-issue

This splits the session logic away from the HTTP responding logic,
which will allows us to decouple session creation/modification from the
API. Eventually this can be used to create sessions based on magiclink
style tokens.

* Instantiated and exported the new SessionService

no-issue

* Refactored session middleware to take session service

no-issue

This removes duplication of code and makes the middleware more explicit
that it's just a wrapper around the session service.

* Updated to use external @tryghost/session-service

no-issue
2020-04-02 16:27:31 +02:00
Hannah Wolfe
573850ddd7 Removed fixture yarn.lock file
- This theme fixture is confusing GitHub's security tooling into thinking we have a tonne of insecure dependencies that we don't
2020-03-31 12:56:15 +01:00
Hannah Wolfe
7f1d3ebc07
Move tests from core to root (#11700)
- move all test files from core/test to test/
- updated all imports and other references
- all code inside of core/ is then application code
- tests are correctly at the root level
- consistent with other repos/projects

Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-03-30 16:26:47 +01:00