Commit Graph

15161 Commits

Author SHA1 Message Date
Fabien O'Carroll
b45e514cb1 🐛 Prevented unexecuted migrations from being rolled back
refs https://github.com/TryGhost/knex-migrator/issues/241

Previous to this bump if a migration was occuring across multiple
versions and a migration was to error, we would incorrectly rollback
migrations which had not run yet.

For example - assume we are on v1.0.0 and migrating to v1.3.0, and there are
migrations for v1.1.0, v1.2.0 & v1.3.0. In the case that a migration in
v1.2.0 fails, we will still attempt to rollback migrations from v1.3.0.

This is no longer the case, and we will only roll back migrations which
have already been run.
2021-11-02 16:27:15 +01:00
Renovate Bot
52ee74c16a Update dependency cssnano to v5.0.9 2021-11-02 15:22:27 +00:00
Fabien O'Carroll
0cb551d37b 🐛 Fixed handling of non-subscription invoices
refs https://github.com/TryGhost/Team/issues/887

This updates our webhook handling to ignore invoices which are not
associated with a subscriptions. This stops us from throwing 500 errors
when a Stripe account is used for more than just Member subscriptions,
for example - selling products, or taking one-off payments.
2021-11-02 15:40:03 +02:00
Naz
7eb7e00634 Added test coverage for not supported media type
refs https://github.com/TryGhost/Toolbox/issues/95

- Only supported media types should be accepted by `/media/` enpoint
2021-11-03 00:33:28 +13:00
Naz
d657432531 Cleaned up use of 'content/media' magic string
refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- `content/media` path is now a part of the constants package and should've been used instead of a magic-string.
2021-11-03 00:33:28 +13:00
Naz
d20732ce34 Imroved media validation middleware
refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- Error messages are now more specific when uploaded media files fail the validation check
2021-11-03 00:33:28 +13:00
Naz
02da62ee48 Added limit service check for uploaded media filesize
refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- Uploading large files is costly and might cause DDoS. Limits would allow fair use of the site instance.
- The configureation in hostSettings to enable an "uploads" limit would look like following:
```
"hostSettings": {
    "limits": {
            "uploads": {
                "max": 5,
                "error": "Your plan supports uploads of max size up to {{max}}MB. Please upgrade to reenable uploading."
            }
    }
}
```
- Read more at ba37890be4/packages/limit-service (usage)
2021-11-03 00:33:28 +13:00
Naz
d5b1552dc9 Simlified limit service initialization
refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- Init function for the limits service initialization is never called with parameters, so it doesn't make sense to keep that option around and have unnecessary logic handling it
2021-11-03 00:33:28 +13:00
Naz
f9a8edb1a0 Refactored upload middleware
refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- Using a wrapping object to store enableClear/multer instances didn't make any sense
2021-11-03 00:33:28 +13:00
Naz
4a551661d9 Implemented '/media/upload' API endpoint
refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- This is an experimental implementation of video file upload support
- Also the output serializer skipped use of url utils in favor of inline implementatoin - this should almost certainly be it's own package
2021-11-03 00:33:28 +13:00
Naz
4907b7bf1e Added media fixtures for video files
refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- Example source files downloaded from https://filesamples.com/
- These fixtures will be used in media endpoint tests
- They had to go in a separate commit as git doesn't like to batch up big files
2021-11-03 00:33:28 +13:00
Naz
5242566252 Added local media storage adapter
refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- This is an experimental implementation of video file upload support (audio is yet to follow)
- The storage adapter still needs more thinking as it's almost the same as the "LocalStorgeAdapter" that stores images.
- Also the output serializer skipped use of url utils in favor of inline implementatoin - this should almost certainly be it's own package
2021-11-03 00:33:28 +13:00
Fabien O'Carroll
c45afc7f26 🐛 Fixed email type when creating Members via API
refs https://github.com/TryGhost/Team/issues/1197

We were always sending the 'signin' email, rather than respecting the
email_type param passed to the API. This updates our email sending when
creating members to force the requested type if it's present.
2021-11-02 12:56:00 +02:00
Kevin Ansfield
b690fce219 Added cardSettingsPanel labs flag
no issue

- used to toggle editor UI experiments/exploration for cards with settings
2021-11-02 09:55:55 +00:00
Rishabh
1a9705b824 🐛 Fixed error in setting page access to tiers
closes https://github.com/TryGhost/Ghost/issues/13704
closes https://github.com/TryGhost/Team/issues/1186

- updates page serializer to handle new `visibility_filter` property for filtering access on specific tier
- this change was already added for `posts` but was missed on `pages`, so parsing filter on `visibility` filter was failing
2021-11-02 13:36:32 +05:30
Sam Lord
b79870d48c Revert "Added metrics for test runs"
This reverts commit e9afa6f40f.

Reverting because the TailScale step sometimes crashes the build
2021-11-01 13:31:43 +00:00
Renovate Bot
30bc2f5090 Update dependency @tryghost/metrics to v1 2021-11-01 12:40:49 +00:00
Fabien 'egg' O'Carroll
b36d0cc1c4
🐛 Fixed idempotentcy of addPermissionToRole util (#13685)
refs https://github.com/TryGhost/Team/issues/1178

The "up" migration that this util generates correctly throws if the
pre-requisite data cannot be found in the database. The "down" migration
however was incorrectly mirroring this behaviour of throwing - which
meant that it wasn't idempotent, as it does not require a permission or
role to existing if it wants to move relations between them.
2021-11-01 09:27:50 +00:00
Daniel Lockyer
46277b6718 v4.21.0 2021-10-29 16:00:28 +01:00
Daniel Lockyer
5b5240cab8 Updated Admin to v4.21.0 2021-10-29 16:00:28 +01:00
Enrique Benitez
7f001a4758
Replaced moment with luxon in amp helper (#13683)
refs: #13648

- We are replacing moment with luxon as it is now recommended.
2021-10-28 20:10:53 +01:00
Renovate Bot
083b57a924 Update dependency @tryghost/logging to v1 2021-10-28 19:57:49 +01:00
Thibaut Patel
d0933c51ad Revert "Switched AMP to be 'off' by default in all new Ghost instances"
This reverts commit 98fd48cb32.
2021-10-28 18:52:31 +02:00
Renovate Bot
858a9897d4 Update dependency @tryghost/update-check-service to v0.2.5 2021-10-28 17:43:41 +01:00
Thibaut Patel
98fd48cb32 Switched AMP to be 'off' by default in all new Ghost instances
refs https://github.com/TryGhost/Team/issues/1189

- The world & internet is slowly moving away from AMP
2021-10-28 18:13:25 +02:00
Sam Lord
e9afa6f40f
Added metrics for test runs
Refs CORE-120

When test runs execute, use the new @tryghost/metrics package to send metrics to configurable backends.

At the moment, we're just sending the test run duration to our metric store in preparation of changes to the test suite.
2021-10-28 14:15:48 +01:00
Naz
d89b8448ab Added a not to the Images API ref field
refs https://github.com/TryGhost/Ghost/pull/10534

- The original PR has no explanation around the purpose of the ref field and it's easy to forget without knowing a wider context. Documented it to remember next time we come around working on this part of the codebase!
2021-10-28 16:05:54 +04:00
Renovate Bot
ca2c9b92cd Update dependency @tryghost/email-analytics-provider-mailgun to v1.0.5 2021-10-27 13:41:11 +01:00
Renovate Bot
650c88b3dd Update dependency @tryghost/email-analytics-service to v1.0.4 2021-10-27 12:07:52 +01:00
Daniel Lockyer
f4b48c1373 🔥 Added support for Node 16
refs https://github.com/TryGhost/Toolbox/issues/71

- Node 16 is now LTS so we're adding support in Ghost
- we're also bumping the minimum Node 14 version to 14.17.0 so we can merge
  dependencies who have higher Node 14 requirements than current
- this commit adds Node 16 to the `package.json` engines and to CI
- also bumps all dependencies that needed new versions to add Node 16
  support
2021-10-27 11:39:42 +01:00
Thibaut Patel
6e0bd7e7b5 Added fallbacks when the site title is undefined
refs https://github.com/TryGhost/Team/issues/1180

- An undefined site title was causing the `null` string to show in the html title tag on tag and author pages
2021-10-27 12:18:57 +02:00
John O'Nolan
297e173544 Updated member signup email copy 2021-10-26 17:53:35 -04:00
Thibaut Patel
1b01036458 Removed the theme settings lab flag in gscan
refs https://github.com/TryGhost/Team/issues/1164

- theme settings are GA now
2021-10-26 17:46:29 +02:00
Daniel Lockyer
6802a61307
Merged v4.20.4 into main
v4.20.4
2021-10-26 13:21:41 +01:00
Daniel Lockyer
db4951795b v4.20.4 2021-10-26 13:20:31 +01:00
Daniel Lockyer
3c4419f717 Updated Admin to v4.20.4 2021-10-26 13:20:31 +01:00
Naz
f6c81033d7
🐛 Fixed 500 error when visiting an email-only post link
refs 74280cfbea

- We allow to send email-only posts when using v4 Admin API, but it's possible to configure a v3 Theme with a site instance which resulta in an unsupported behavior throwing a 500.
- With this fix a 404 will be returned when an email-only post is viewed through the public email-only post URL
2021-10-26 13:04:09 +01:00
Naz
6e6f427149 🐛 Fixed 500 error when visiting an email-only post link
refs 74280cfbea

- We allow to send email-only posts when using v4 Admin API, but it's possible to configure a v3 Theme with a site instance which resulta in an unsupported behavior throwing a 500.
- With this fix a 404 will be returned when an email-only post is viewed through the public email-only post URL
2021-10-26 16:01:10 +04:00
Thibaut Patel
5d9e237951
🐛 Fixed GScan crash on files starting with package.json
refs https://github.com/TryGhost/Team/issues/1185

- gscan was attempting to json parse all files starting with package.json
2021-10-26 12:03:54 +01:00
Thibaut Patel
82e42bfc8b
🐛 Fixed GScan falsely triggering the "unused theme setting" error
refs https://github.com/TryGhost/Team/issues/1183

- This gscan rule wasn't parsing the partials where the theme setting was used
2021-10-26 12:03:45 +01:00
Kevin Ansfield
b6f9a19b25
🐛 Fixed error from custom settings sync when theme name contains . chars
no issue

- bumped `@tryghost/custom-theme-settings-service`
- contains a fix for invalid filter strings being generated for theme names that contain `.` by wrapping the name in quotes, eg `theme:'4.1.1-my-theme'`
2021-10-26 12:02:52 +01:00
Thibaut Patel
e851e28b16 Fixed gscan crash on files starting with package.json
refs https://github.com/TryGhost/Team/issues/1185

- gscan was attempting to json parse all files starting with package.json
2021-10-26 12:23:11 +02:00
Thibaut Patel
e4ce745ab6 🐛 Fixed gscan falsely triggering the "unused theme setting" error
refs https://github.com/TryGhost/Team/issues/1183

- This gscan rule wasn't parsing the partials where the theme setting was used
2021-10-26 11:20:05 +02:00
Kevin Ansfield
af4c115fb3 🐛 Fixed error from custom settings sync when theme name contains . chars
no issue

- bumped `@tryghost/custom-theme-settings-service`
- contains a fix for invalid filter strings being generated for theme names that contain `.` by wrapping the name in quotes, eg `theme:'4.1.1-my-theme'`
2021-10-26 10:18:47 +01:00
Hannah Wolfe
5327eb4b4b
Upgraded api max complixity eslint rule to error
- We've now squashed all the warnings, upgrade to error to prevent regressions
2021-10-25 14:36:12 +01:00
Fabien O'Carroll
960828b646 Removed handling of invoice.payment_failed webhook
refs https://github.com/TryGhost/Team/issues/885

This webhook was not used to populate data, and was causing 404's when
checkout sessions were completed, but payment had failed. Removing it
should fix these 404's.
2021-10-25 14:34:45 +02:00
Fabien O'Carroll
bccc8790f0 Fixed max-complexity-warnings for stripe_connect API
no-issue

This removes the logic to check if stripe connect is allowed into the
stripe connect service, which makes the feature easier to maintain, as
well as fixes the v3 API - which previously did not have this check.
2021-10-25 14:06:28 +02:00
Fabien O'Carroll
a68b96001c Fixed max-complexity-warnings for members API
no-issue

This removes logic from the Members API controller, and into the Members
BREAD service, this allows our controllers to be simpler and easier to
maintain, as well as keeping the important logic all together.
2021-10-25 14:06:12 +02:00
Daniel Lockyer
cfb5323017
Merged v4.20.3 into main
v4.20.3
2021-10-25 11:32:31 +02:00
Daniel Lockyer
6f0357e670 v4.20.3 2021-10-25 10:28:23 +01:00