Commit Graph

39581 Commits

Author SHA1 Message Date
Cathy Sarisky
73a39ead9a
Fixed members/signin_urls endpoint to take admin api key (#21284)
closes #16748 

The members/:member_id/signin_urls endpoint currently only does
cookie-based authentication. When #21249 is merged, turning on 2FA is
going to break any 3rd party processes that use it (including my social
sign-in offering).

This patch gives admin API keys 'read' permission on this endpoint, and
enables 3rd party processes to handle user logins the right way, instead
of via a staff member's email/password.

Migration included.  Feedback appreciated.

I have the wrong name on my migration. I can see it doesn't follow the
naming convention, but I'm not sure how the names are generated.

---------

Co-authored-by: Michael Barrett <mike182uk@gmail.com>
2024-10-16 14:30:36 +01:00
Daniel Lockyer
7fc4dfaac1 Reverted "Stripped moment from BaseSiteMapGenerator"
refs https://ghost.slack.com/archives/C02G9E68C/p1729083762579479

- this reverts commit 30220aa6ef.
2024-10-16 15:25:47 +02:00
Daniel Lockyer
1068f6ed13 Reverted "Stripped moment from data-manipulation.fixDatesWhenFetch"
refs https://ghost.slack.com/archives/C02G9E68C/p1729083762579479

- this reverts commit 96f6adecac.
2024-10-16 15:25:47 +02:00
renovate[bot]
7da234643e Update dependency terser to v5.35.0 2024-10-16 12:42:42 +00:00
Daniel Lockyer
6a49d7f69f Configured yarn setup to build TS projects
- we need this to happen before running the setup script because TS
  dependencies won't be compiled at this point
2024-10-16 14:36:01 +02:00
Ghost CI
27e1a89e58 Merged v5.96.2 into main 2024-10-16 09:31:44 +00:00
Ghost CI
42fcd385a6 v5.96.2 2024-10-16 09:31:42 +00:00
Sag
00f70a445b 🐛 Fixed missing incoming recommendations (#21317)
ref https://linear.app/tryghost/issue/ONC-433

- due to a regression introduced in commit 871d21a, incoming
recommendations were not rendering in Admin Settings anymore, as they
were marked as deleted
- this commit updates the refresh logic of incoming recommendations on
boot: previously deleted incoming recommendations are refetched, and if
now available, restored
- when a recommendation is restored, we don't send a staff email
notification
2024-10-16 11:14:58 +02:00
Sag
cab655289f Revert "Fixed fetching and storing bookmark card icons and thumbnails" (#21316)
ref https://linear.app/tryghost/issue/ONC-433
ref https://linear.app/tryghost/issue/ENG-904

- the reverted commit (871d21acaf) caused
a regression for recommendations: incoming recommendations were marked
as deleted and did not render in Admin Settings anymore
2024-10-16 11:14:46 +02:00
Sag
6ee3d05da5
🐛 Fixed missing incoming recommendations (#21317)
ref https://linear.app/tryghost/issue/ONC-433

- due to a regression introduced in commit 871d21a, incoming
recommendations were not rendering in Admin Settings anymore, as they
were marked as deleted
- this commit updates the refresh logic of incoming recommendations on
boot: previously deleted incoming recommendations are refetched, and if
now available, restored
- when a recommendation is restored, we don't send a staff email
notification
2024-10-16 11:00:47 +02:00
Sag
a3b84e8cd1
Revert "Fixed fetching and storing bookmark card icons and thumbnails" (#21316)
ref https://linear.app/tryghost/issue/ONC-433
ref https://linear.app/tryghost/issue/ENG-904

- the reverted commit (871d21acaf) caused
a regression for recommendations: incoming recommendations were marked
as deleted and did not render in Admin Settings anymore
2024-10-16 08:42:35 +00:00
Daniel Lockyer
b3cf23ebd8 Optimized Bookshelf plugin sanitize.permittedOptions
- concat is too heavy of a function to call on the hotpath, so we can
  just replace it with a native spread, which is much faster
- this cuts ~1.5% from boot time for sites with a lot of posts
2024-10-16 10:38:25 +02:00
Gary Lai
d689484324
feat(i18n): add zh-Hant translation (#21140) 2024-10-16 09:26:38 +01:00
Cathy Sarisky
3a662007cd
🌐 New translations and bug fix on /month and /year (#21267)
No issue

Wrapped a missing /month and /year string. Should work with and without
trials now.

Added a few additional translations for Japanese and French.

Adjusted German - some strings were too long to fit in the layout.
Changed (the German equivalents of) "Start a X day free trial" to
"Select", because the German is just not going to fit on the button.
2024-10-16 09:23:10 +01:00
renovate[bot]
864e7b27e4 Update dependency tailwindcss to v3.4.14 2024-10-15 15:58:30 +02:00
renovate[bot]
b70bb13fb4 Update sentry-javascript monorepo to v7.119.2 2024-10-15 15:57:58 +02:00
renovate[bot]
a8f9b45038 Update dependency @actions/core to v1.11.1 2024-10-15 14:54:31 +02:00
renovate[bot]
7dc0415439 Update sentry-javascript monorepo to v7.119.1 2024-10-15 14:37:04 +02:00
Kevin Ansfield
65d84fad17 Refactored cta/main form conditional in comments-ui
no issue

- micro-refactor that came out of a bigger draft-replies refactor, splitting out early to keep main change cleaner
- adjusted nested ternary style and naming to improve clarity
- added unit tests to ensure the logic behaviour stayed consistent
- cleaned up useless dummy unit test file
2024-10-15 12:50:12 +01:00
renovate[bot]
3027a0d3b4 Update nest monorepo to v10.4.4 2024-10-15 12:44:37 +02:00
Sag
d5aa77bb7f
🐛 Fixed missing 'duplicate a post' feature for editors (#21304)
ref https://linear.app/tryghost/issue/ENG-1647

- as per [staff user definitions](https://ghost.org/docs/staff), an
editor should be able to duplicate a post
- this feature was missing from the right-click menu on post/page lists
for editors
2024-10-15 12:19:56 +02:00
Daniël van der Winden
d7e36cb22a
Updated media query (#21303)
Fixes
https://linear.app/tryghost/issue/DES-317/adminx-members-list-header-column-overlaps-sidebar-in-mobile-viewport

Added a positioning and z-index change to the `thead` within the media
query to make sure it moved back behind the overlay.
2024-10-15 10:10:21 +00:00
Daniel Lockyer
8fd32f012b Lazyloaded jsdom dependency
- we can move this later into the code to prevent it from being eagerly
  loaded and taking up CPU time and memory
2024-10-15 11:27:22 +02:00
Daniel Lockyer
1c9e55cf7b Added metrics + monitoring to DatabaseStateManager
ref https://linear.app/tryghost/issue/DEV-32/remove-migratejs-script

- we want to switch to using this code path instead of our separate
  migrate.js script on Pro
- the main things we're missing are metrics + monitoring for when things
  go wrong, so this adds that to the DatabaseStateManager
- this allows us to eventually delete the script without losing
  functionality
2024-10-15 10:33:23 +02:00
Kevin Ansfield
f982bbe9fa Extracted comment member name and initial helper functions
no issue

- extracted functions for easier re-use and testing
- removed duplicate definition of comment member initials function
2024-10-15 07:53:57 +01:00
Daniel Lockyer
bfdf2dd8bf Optimized loading dynamic redirects
- the code kept an array of IDs, and would check new entries against the
  values of this array
- this algorithm is O(n^2) and became quite slow when the site had a lot
  of redirects
- we can do away with this entirely, and just compute the keys of the
  redirects to get the IDs
- this speeds up loading redirects by 3x or so
2024-10-14 17:16:49 +02:00
Daniel Lockyer
6dd821bd41
Fixed setting minification ready state upon failure (#21294)
- this will prevent the `ready` variable from being set to true if there
is an error with minification, as we have not correctly generated the
assets yet
2024-10-14 14:09:50 +00:00
Daniel Lockyer
f1638b869c Added more exclusion fields from URL service config
- we don't need any of these fields to do URL service calculations, so
  we can exclude them from being fetched, which improves performance of
  URL service init
- ultimately, we should switch this to an include list to make this more
  explicit
2024-10-14 14:37:54 +02:00
Daniel Lockyer
96f6adecac Stripped moment from data-manipulation.fixDatesWhenFetch
- we don't need moment here and we can produce the same result in JS
  Date, which is a lot faster than moment
2024-10-14 14:37:54 +02:00
Daniel Lockyer
7bd70a3ab2 Deferred heavy permittedAttributes call unless needed
- this code is on the hotpath for the URL service and has shown to be
  slow for sites with a lot of posts
- this is due to the overhead of the lodash functions we use here
- we can take advantage of how JS executes if-statements and move the
  variable into the if-statement, which lazy evaluates it (for the URL
  service, this branch is not hit, so it's a big win)
- this cuts about 2% from CPU time
2024-10-14 14:37:54 +02:00
Daniel Lockyer
dd68fca968 Replaced lodash.{pick,union} with native JS
- this code is a hotpath for the URL service and has shown to be slow
  for sites with a lot of posts
- this is because of the overhead of lodash
- we can just do away with lodash and use native JS, which has
  a negligible performance cost
- this cuts about 5% CPU time during boot of large sites
2024-10-14 14:37:54 +02:00
Daniel Lockyer
30220aa6ef Stripped moment from BaseSiteMapGenerator
- moment calls are unbelievably heavy and we should do away with it
  where possible
- this code doesn't need moment and we can just use native JS Date here
- this saves about 5% CPU time when booting sites with a lot of posts
2024-10-14 14:37:54 +02:00
Daniel Lockyer
b376585c64 Optimized Resources constructor
- this code has shown to be chronically slow, due to the `Object.assign`
- we don't really need this, as we can just use a normal assign in this
  case
- this cuts 15% CPU from boot time for sites with a lot of resources
  (posts)
2024-10-14 14:37:54 +02:00
Daniel Lockyer
90fbbe135f Deferred URL generation until after filter
- it turns out we it the false case of this if-statement quite a lot,
  and _generateUrl is heavy enough that we should try and do it less
- by moving it into the if-statement, we cut 4% CPU time from boot on
  heavy sites
2024-10-14 14:37:54 +02:00
Daniel Lockyer
70eb96f33a Replaced lodash.each with native JS in raw_knex
- lodash adds non-negligible runtime to this loop, so we can just
  replace it with native JS and cut 3% CPU time from boot for sites
  with a large number of posts
2024-10-14 14:37:54 +02:00
Daniel Lockyer
b0cf15cb94 Refactored Resources._fetch to async-await
- aids with readability
2024-10-14 14:37:54 +02:00
Daniel Lockyer
df76883378 Optimized date + boolean deserialization code
- we have to deserialize the values from the DB to turn them into moment + boolean values
- the use of lodash adds unnecessary overhead to the function, and writing it in native JS
  is a low faster
- also fixes the naming of the functions to make it clearer in flamegraphs
2024-10-14 14:37:54 +02:00
renovate[bot]
a2afc0af75 Update dependency i18next to v23.16.0 2024-10-14 00:24:58 +00:00
renovate[bot]
346f41991f Update dependency yjs to v13.6.20 2024-10-14 00:24:37 +00:00
renovate[bot]
32419e4e07 Update dependency use-debounce to v10.0.4 2024-10-14 00:24:20 +00:00
Chris Raible
a09abaf8a5
Changed VSCode settings.json to ignore git submodules (#21286)
no issue

- This removes the `casper` and `source` submodules from the VSCode
source control sidebar to simplify the view.
- It also points all of VSCode's `git` commands in the command palette
to the root repository (Ghost), so you don't have to specify which repo
you want to commit to every time.
- With this, you can simply run the "Git commit all" command in VSCode
(and optionally map a keybinding to it), which adds all changed files to
the commit and prompts for a commit message.
2024-10-13 07:21:53 -07:00
Chris Raible
401ec7d14d
Improved pre-commit hook to automatically remove submodules (#21222)
no issue

# Before
The pre-commit hook would abort the commit if any submodules were staged
for commit, and prompt the user to manually un-stage them and retry the
commit.

# Now
The pre-commit hook automatically un-stages any staged submodules, then
allows the commit to proceed.

# Why?
This was a daily annoyance that caused many common git commands to
abort, and required manual un-staging of the submodules before retrying
the commit:
- `git commit -a`
- `git add . && git commit`
- `git add -A && git commit`

If we ever _do_ need to commit submodules, we can always add them back
and run `git commit --no-verify` to accomplish that (which we would have
needed to do before regardless). This should accomplish the same goal of
not allowing submodules to be committed, but reduce the day to day
friction of making commits in Ghost.
2024-10-12 03:40:31 -07:00
Ghost CI
b7409ff3d2 v5.96.1 2024-10-11 15:05:17 +00:00
Kevin Ansfield
54a7f70a3c Removed lodash usage from config helpers
no issue

- config helpers are required early during boot and it requiring lodash added some unnecessary require+compile time
- switched to using an inlined escapeRegExp function in place of requiring lodash
2024-10-10 17:44:24 +01:00
Kevin Ansfield
8d4d6b6516 Removed lodash usage from config utils
no issue

- config utils are required early during boot and it requiring lodash added some unnecessary require+compile time
- switched to using native JS for the few lodash methods we used
2024-10-10 17:26:19 +01:00
Kevin Ansfield
e97717a0cc Added flag to skip gscan checks during boot
no issue

- bumped gscan version to provide `skipChecks` flag to `check` function
- added `optimization:themes:skipBootChecks` config flag defaulting to `false` to maintain current behaviour
  - updated theme service initialization to use `skipChecks: true` when the config flag is set
  - we only want to skip the checks during boot in specific cases to improve performance, they are still useful for general development and any production use-cases where themes get edited directly on the server
- updated our theme validate module to accept and pass through `skipChecks` option
- switched the `isZip` positional argument of `validate.check()` to an options object property to make usage cleaner
2024-10-10 16:27:43 +01:00
Daniel Lockyer
ab4c67f2d2 Lazyloaded cheerio dependency
- this moves cheerio to be lazyloaded
- given there are many uses of cheerio in this file, I've just made a
  helper function to DRY up the code
2024-10-10 14:55:39 +01:00
Daniel Lockyer
b092929bba Lazy-minified assets at first request
- right now, we minify the assets on boot. This is wasteful because they're not even needed
- this commit implements a change which lazy-minifies these assets and
  allows for cache invalidation when the theme changes
- it also introduces some middleware that each asset calls to ensure
  that the assets are minified before serving
2024-10-10 14:36:28 +01:00
Daniel Lockyer
0862989b2e Lazyloaded dependencies
- these dependencies do not need to be eagerly loaded so we can move
  them down to where they are used
2024-10-10 13:38:56 +01:00
Daniel Lockyer
c07a884f23 Remove usage of fs-extra
- we don't need to use fs-extra here when we can use the native fs lib
2024-10-10 13:38:56 +01:00