Commit Graph

7967 Commits

Author SHA1 Message Date
kirrg001
4b21fc1d59 Allow forUpdate for any model
no issue

- this was only supported for the Post Model until now
- locking should be possible for every resource depending on the use case
2017-11-14 10:22:09 +00:00
Kevin Ansfield
90d6ac5a0e Fixed naming of Subscribers API integration spec 2017-11-13 13:20:52 +00:00
Hannah Wolfe
1445678035 Fixed channel path to work with Ghost-CLI
- Just, DERP 🙈
2017-11-10 20:52:50 +00:00
Kevin Ansfield
a63ce07050 Updated Ghost-Admin: fix yarn install issues 2017-11-10 16:55:24 +00:00
Hannah Wolfe
98f5ae00fc
Introduced renderer to DRY up controllers (#9235)
refs #5091, #9192

- Renderer figures out templates, contexts, and does a render call
- Templating is now handled with a single function
- Context call is made in the renderer

Note:  to make this work, all controllers now define a little bit of config, currently stored in res._route. (That's a totally temporary location, as is res._template... when a sensible naming convention reveals itself I'll get rid of the weird _). This exposes a type and for custom routes a template name & default.
2017-11-10 12:44:29 +00:00
Hannah Wolfe
e41d0c76fb
RSS service + controller improved for consistency (#9233)
refs #9192, refs #5091 

- Moved all url generation into generate-feed.js, so we can see as much data processing as possible in a single place.
- Refactored the way res.locals were used, to be more like how express uses them prior to rendering
- Removed a bunch of code & tests todo with context for RSS - I can't see any way that'd be used, unless we switched the rendering to use a template.
- moved the RSS rendering to be part of the service, not controller
- updated the tests significantly 

Note: RSS generate-feed has a complete duplication of the code used in the excerpt helper in order to create an item description
2017-11-10 07:36:39 +00:00
Kevin Ansfield
8ad64e3e8a Version bump to 1.17.1 2017-11-09 14:37:42 +00:00
Kevin Ansfield
4a3fcd6429 Updated Ghost-Admin to 1.17.1 2017-11-09 14:37:42 +00:00
Aileen Nowak
a35c0c29e0 Added more database soft limits (#9225)
refs #8143

Sets soft limits for certain db fields:

- `posts`:
	- `title`: 255 chars (current hard limit: 2,000 chars)
	- `meta_title`: 300 chars (current hard limit: 2,000 chars)
	- `meta_description`: 500 chars (current hard limit: 2,000 chars)
- `users`:
	- `bio`: 200 chars (current hard limit: 65,535 chars)
	- `location`: 150 chars (current hard limit: 65,535 chars)
	- `meta_description`: 500 chars (current hard limit: 2,000 chars)
	- `meta_title`: 300 chars (current hard limit: 2,000 chars)
- `tags`:
	- `description`: 500 chars (current hard limit: 65,535 chars)
	- `meta_title`: 300 chars (current hard limit: 2,000 chars)
	- `meta_description`: 500 chars (current hard limit: 2,000 chars)

- same error message for isLength validator as for hard limits (more improvements are comming with https://github.com/TryGhost/Ghost/issues/6050)
- added more tests for importer
- added dynamic translation key handling for validators errors (isLength is only supported atm)
2017-11-09 15:22:20 +01:00
Katharina Irrgang
f22a2784f7 🐛 Fixed error for password authentication with Bearer Token (#9227)
refs #8613, refs #9228

- if you send a request to /authentication/token with `grant_type:password` and a Bearer token, Ghost was not able to handle this combination
- because it skipped the client authentication, see https://github.com/TryGhost/Ghost/blob/1.17.0/core/server/auth/authenticate.js#L13
- and OAuth detects the `grant_type: password` and jumps in the target implementation
- the target implementation for password authentication **again** tried to fetch the client and failed, because it relied on the previous client authentication
- see https://github.com/TryGhost/Ghost/blob/1.17.0/core/server/auth/oauth.js#L40 (client.slug is undefined if client authentication is skipped)
- ^ so this is the bug
- we **can** skip client authentication for requests to the API to fetch data for example e.g. GET /posts (including Bearer)
- so when is a client authentication required?
- RFC (https://tools.ietf.org/html/rfc6749#page-38) differentiates between confidential and public clients, Ghost has no implementation for this at the moment
  - so in theory, public clients don't have to be authenticated, only if the credentials are included
- to not invent a breaking change, i decided to only make the client authentication required for password authentication
- we could change this in Ghost 2.0

I have removed the extra client request to the database for the password authentication, this is not needed. We already do client password authentication [here](https://github.com/TryGhost/Ghost/blob/1.17.0/core/server/auth/auth-strategies.js#L19);
If a Bearer token is present and you have not send a `grant_type` (which signalises OAuth to do authentication), you can skip the client authentication.
2017-11-09 14:11:29 +00:00
Hannah Wolfe
016ee17ebb
Rework route service to prevent circular dependencies (#9229)
refs #9192, refs #9178  

After trying to progress with current implementation, it became clear that the route service can't control the boot sequence, because then we end up with circular dependencies between the route service and the channel service.

The route service now exposes:
-  a siteRouter 
- a way for apps to register routes.
- ParentRouter base class for other modules to use
- the registry

...

- moved the default route setup back to site/routes.js 🙈
- moved the parent channel router back to the channel service (this makes way more sense imo)
- this structure prevents circular dependencies
- split the registry out into it's own thing
- fixed-up various bits of tests and comments
- DEBUG will print a list of routes 🎉
2017-11-09 13:58:22 +00:00
Hannah Wolfe
27b4688cea Changed channelsRouter to use new base class
refs #9192, #5091

- changed channels to use our new base class
- keep the flexible structure, so that channels can be reloaded
- I had to move the router into the route service otherwise we get circular dependencies
- Don't _really_ want to keep it like this - need a way to define base classes as shared
2017-11-09 10:47:20 +00:00
Aileen Nowak
6a41104969 Moved isLocalFile fn to storage utils (#8985)
no issue

- moved isLocalImage fn to storage utils used the RegExp of getLocalFileStoragePath to detect also relative image paths and added tests.
- Added test for independent protocol request (skip, because not supported/implemented)
2017-11-09 11:11:54 +01:00
Hannah Wolfe
7656d0bdda
Wrapped express router & expose from route service (#9206)
refs #9192

- Moving towards a centralised concept of routing / routes
- The base router now wraps express router, and offers us the features we need
- Site Router is the parent router, it gets initialised with all of our default routing
- App Router is a sub router for apps - apps register their routes/routers onto it.
- TODO: refactor channels subrouter to work this same way
- MAYBE: move the app router to the apps service
2017-11-09 10:08:11 +00:00
Hannah Wolfe
90cfdbe7a6 Moved Channels module -> services
refs #9192, refs #5091, refs #9178

- moved channels from controllers to a service
- split out the parent router from the remaining individual router logic
- moved the tests to match
2017-11-08 15:45:23 +00:00
Hannah Wolfe
f0f0735437 Renamed single / post -> entry
refs #9192

- an entry is a post or a page, represented by a post model
2017-11-08 10:07:52 +00:00
Hannah Wolfe
187c38991e Move admin redirects out of site router
refs #9192

- Admin redirects should really happen first, up with custom redirects
- Later we can package this up, maybe
- For now, let's focus the site router on site-related things
2017-11-08 09:45:34 +00:00
Hannah Wolfe
abaf0461cf Highlighted routes, controllers & renderers
refs #5091, refs #9192

- There are several theme template "renderers" all over the codebase
- Some are in apps, and were called "controllers"
- One is in error handling
- All of them now have comments marking out how they share logic/steps
- Other comments describe routes & controllers where they live
2017-11-08 09:45:12 +00:00
Hannah Wolfe
474e9234a6 Simplified AMP internal app
refs #9192

- The AMP app is nothing more than a custom controller - this will come clear soon
- Moved enabled/disabled logic into router
- Removed error-related code, as this wasn't used
- Changed logic for static pages to be based on req.body, not context
- Improved the tests to match
2017-11-08 08:25:25 +00:00
Hannah Wolfe
86c6cec433 Moved RSS module -> services & controllers
refs #5091, #9192, #9178

- Get the RSS module into a much better shape
- Controller -> /controllers/rss
- Remainder -> /services/rss
- Moved tests to match & updated requires
2017-11-08 08:09:44 +00:00
Aaron Kau
be1d46a1fd Fixed comment about node version changes (#9223)
no issue
2017-11-08 00:27:47 +01:00
David Wolfe
f44a495cfc Added rescheduleOnBoot option for post scheduling (#9196)
no issue

- allows custom scheduling adapters with persistent data to not reschedule posts when Ghost is restarted
2017-11-08 00:24:34 +01:00
Hannah Wolfe
60fd98679f
Split RSS module into controller + other (#9224)
refs #5091, refs #9192

- This is similar to #9218, in that I'm revealing bits of code that are "controllers" in our codebase. As opposed to routes, services, renderers etc.
- This also reveals some code which is identical to the channels controller
- There is more to do here, but for now I've got the module split up, and the tests split and improved.
- Next I'll split RSS into controller + service, DRY up the controller code, etc
2017-11-07 20:00:03 +00:00
Kevin Ansfield
f06270acb5 Version bump to 1.17.0 2017-11-07 13:41:35 +00:00
Kevin Ansfield
cb90970b80 Updated Ghost-Admin to 1.17.0 2017-11-07 13:41:35 +00:00
rambii
341948966d 🐛 Fixed custom_excerpt not being used in RSS feeds (#9219)
closes #9210

* use `custom_excerpt` before `meta_description` in rss
2017-11-07 10:16:14 +00:00
Aileen Nowak
d507eab3e8 Changed logic for importPersistUser option (#9203)
no issue

- `importing` and `importPersistUser` are two different concepts
2017-11-07 09:09:57 +01:00
Aileen Nowak
dbd22d7447 Feature: {{reading_time}} theme helper (#9217)
closes #9200

- Registered new server helper `{{reading_time}}`.
- Added new global util `word-count` based on the util in Ghost admin, which returns the number of words in an HTML string.
- Based on the word count of the post html, the helper calculated the estimated reading time:
   - 275 words per minute
   - additional 12 seconds when post has feature image
- Renders a string like 'x min red', unless reading time is less than a minute. In this case, the rendered string is '< 1 min read'.
2017-11-06 18:40:07 +00:00
Hannah Wolfe
5dac1c97fc
Split renderChannel into controller + renderer (#9218)
refs #5091, refs #9192

- render channel was always a weird file
- now it's clearly 2 things
- we're slowly getting towards closing #5091... 🎉
- added some extra tests
2017-11-06 12:17:24 +00:00
Hannah Wolfe
4600f9312c ESlint rule: no-multiple-empty-lines
- We've always disallowed multiple line breaks
- ESLint's default allows for 2
- This sets it back to how it was :)
2017-11-06 10:12:18 +00:00
Hannah Wolfe
4c5ef16bc3
Represent channels as class instances (#9209)
refs #9192, refs #5091

- Using a class allows for easy shared logic
- Loading is designed to work from config right now, but could be DB driven, etc
- Provided configuration can be simplified and extended in the constructor / class methods
- Update tests, move custom assertions to utils
2017-11-05 10:04:59 +00:00
Hannah Wolfe
4ee522069c
Increased URL utility coverage to 100% (#9201)
refs #9192

To anyone seeing this go by - I'm about to start some fairly major refactoring work on the url utility. Before I do that, I wanted to make sure I had 100% coverage, and understanding of some of the weird cases.

The majority of the changes I've made are adding tests, but I was also able to clean up a little bit, remove a few lines or change them to make use of other tools.
2017-11-02 20:35:58 +00:00
kirrg001
89e57ad6b2 Version bump to 1.16.2 2017-11-02 13:54:36 +01:00
kirrg001
85683b50f5 Updated Ghost-Admin to 1.16.2 2017-11-02 13:54:36 +01:00
Hannah Wolfe
329289a2b4 Classes must use strict mode 2017-11-01 15:55:06 +00:00
Hannah Wolfe
5319fd4e35 Added concept of ghost-query debug mode
- Outputting all queries is too much debug info for normal dev
- Use DEBUG=ghost:*,ghost-query to debug queries
- Or just DEBUG=ghost-query
2017-11-01 15:18:53 +00:00
Hannah Wolfe
9b54ed0689 Refactored apps to have access to a router
refs #9192

- Instead of `setupRoutes` function in apps that gets passed a router, there is now a registerRouter function as part of the proxy
- Moved towards a route service, which will know about all routes
- Using classes to abstract away shared behaviour

Notes:

- changing the app proxy didn't result in a test failure!
- structure of route service is totally new and may change a lot yet
2017-11-01 15:02:25 +00:00
Hannah Wolfe
bcf5a1bc34
Switch to Eslint (#9197)
refs #9178

* Add eslint deps, remove old lint deps
* Add eslint config, remove old lint configs
* Config for server and tests are different
* Tweaked rules to suit us
* Fix linting in codebase - lots of indent changes.
* Fix a real broken test
2017-11-01 13:44:54 +00:00
Katharina Irrgang
a7fe464d64 Bump Node v8 minimum version (#9198)
no issue

- the official V8 LTS release version is 8.9.0
- came out on the 31th of 10/17 (this is where the official LTS for V8 has started)
- requires an update on docs.ghost.org
2017-11-01 13:12:58 +00:00
Katharina Irrgang
9b11ad1f90
Added package-lock.json to npmignore (#9193)
no issue

- refs 07dcbb0d53 (diff-a084b794bc0759e7a6b77810e01874f2)
- if we don't add the npm lock file, it get's added to the release zip when using v8
2017-10-31 17:29:46 +01:00
Hannah Wolfe
bbf59fc6c1
Refactored to save settings only if value changes (#9194)
refs #9192

- Each setting is saved individually
- Update this to only happen on import, or when a value changes
- Reduces the amount of work Ghost does on every setting change
2017-10-31 15:47:30 +00:00
kirrg001
b1516375bb Version bump to 1.16.1 2017-10-31 13:20:05 +01:00
kirrg001
7d6caf4822 Updated Ghost-Admin to 1.16.1 2017-10-31 13:20:05 +01:00
kirrg001
949d33b1db Bump jsonpath to version 1.0.0
no issue

- major bump
- we only use jsonpath inside the `get` helper
- the functionality still works as expected
- includes security fix, see 98464aa5fe
2017-10-31 12:21:48 +01:00
kirrg001
9d4ed8c61c Replaced extract-zip-fork by extract-zip
no issue

- we had to fork the original repository at one point, because of slow maintenance
- maintenance is back now
- https://github.com/maxogden/extract-zip/pull/52 was merged and released
2017-10-31 12:11:59 +01:00
kirrg001
cfca111493 Bump dependencies
no issue

- bson-objectid@1.2.1
- compression@1.7.1
- express@4.16.2
- moment-timezone@0.5.14
- mysql@2.15.0
- nconf@0.8.5
- sanitize-html@1.15.0
- simple-html-tokenizer@0.4.3
- superagent@3.8.0

IMPORTANT:
- we are unable to bump moment and bluebird at the moment, because in both releases there is a bug which breaks our tests
- i didn't investigate a lot, but there is https://github.com/petkaantonov/bluebird/issues/1468
- and for moment, a couple of reports came in for .19 regarding a wrong date behaviour
2017-10-31 11:53:16 +01:00
Hannah Wolfe
882a2361ee
Moved apps to /services/ & moved individual tests (#9187)
refs #9178

* Moved app handling code into services/apps
  - Apps is a service, that allows for the App lifecycle 
  - /server/apps = contains internal apps 
   - /server/services/apps = contains code for managing/handling app life cycle, providing the proxy, etc
* Split apps service tests into separate files
* Moved internal app tests into test folders
    - Problem: Not all the tests in apps were unit tests, yet they were treated like they were in Gruntfile.js
    - Unit tests now live in /test/unit/apps
    - Route tests now live in /test/functional/routes/apps
    - Gruntfile.js has been updated to match
* Switch api.read usage for settingsCache
* Add tests to cover the basic App lifecycle
* Simplify some of the init logic
2017-10-30 12:31:04 +00:00
kirrg001
97beaf0c1b Tests: Fixed listeners_spec.js (DST)
closes #9188

- make timezone offsets dynamic, yey!
2017-10-30 10:37:03 +01:00
Hannah Wolfe
17e18d7431 Removed duplicate test file
- This happened by accident when the model filters were introduced
- filters_spec.js was supposed to be renamed to apps_filters_spec.js
- Removing the duplicate file now
2017-10-28 16:46:55 +01:00
Hannah Wolfe
b5228f5c43 Rename blog -> site
- We're going to be moving towards this naming convention more
- Doing this now makes it easier to name other things
2017-10-26 18:09:56 +01:00