Commit Graph

3506 Commits

Author SHA1 Message Date
Fabien O'Carroll
f31e535041 Removed authenticateClient usage from v2 api
no-issue

We do not support this authentication mechanism for api v2
2019-08-07 17:57:26 +08:00
Fabien O'Carroll
910e15e643 Added backupContent permission fixture
no-issue

This permission was overlooked during the creation of the ghost-backup
integration.
2019-08-07 17:57:26 +08:00
Sumedh Nimkarde
167e1ead2e 🐛 Ignored node_modules dir when archiving (#10969)
fixes #10929
2019-08-06 16:17:41 +08:00
Fabien O'Carroll
373627223c
🐛 Ensured import does not override private setting (#10882)
closes #10788

This adds an extra filter to the preImport method of the settings
importer to removes settings with the key `is_private`

This message is specifically only for when an import has privacy mode ON
and the current site has privacy mode OFF.
2019-08-06 16:15:40 +08:00
Kevin Ansfield
d96be4907e
Fixed relative canonical_url values not being stored as root-relative (#10989)
no issue

- we try to store all urls as relative paths where possible in Ghost so that the `config.url` value can be changed
- all relative paths are stored as root-relative except for the `post.canonical_url` field which was storing subdirectory-relative paths
- adds a migration to put the subdirectory prefix onto any relative canonical_url paths
- updates the canonical_url input serialiser to keep the subdirectory rather than stripping it to match all other url fields
2019-08-05 13:56:28 +01:00
Hannah Wolfe
b48fdaf1be Added {{link_class}} helper
- moved dynamic class logic out of {{link}} helper into shared utils
- both {{link}} and {{link_class}} use these utils
2019-08-05 12:12:05 +01:00
Fabien O'Carroll
21427ad73f
Created DB Backup integration (#10974)
* Simplified db controller permissions options

The existing objects were confusing because they did the same thing as
setting permissions to true, but gave the impressions that something
special was happening/required.

* Added DB Backup Integration Role

This will allow us to assign certain api_keys this role, in order to
automate db backups

* Allowed admin api_keys to have configurable roles

This will allow keys for the admin api to do customised things such as db export

* Added ghost-backup integration to fixtures

* Added migrations for DB Backup Integration and role
2019-08-02 17:28:02 +08:00
Rish
5f9f5ea0d5 Refactored oembed controller data validation
refs #10060

- Uses validation layer for checking url data on oembed requests
- Fixes typo in comment
2019-08-01 17:13:12 +05:30
Naz Gargol
27bf453792
Migrated authentication controller to v2 (#10950)
refs #10060

- Migrated authentication.resetPassword method to v2
- Migrated authentication.acceptInvitation method to v2
- Migrated authentication.setup method to v2
- Added missing test coverage for "setupUpdate" method
- Migrated authentication.updateSetup method to v2
- Migrated authentication.isInvitation method to v2
- Migrated authentication.isSetup method to v2
- Removed unused 'setup.completed' event as it wasn's used anywhere in the system and has been complicating the logic unnecessarily
- Without the event, it's possible to simplify sendNotification method to just use email address of the user
- Added email sending check to v0.1 test suite
- Refactored sendNotification method to just use email address as parameter
- Renamed sendNotification to sendWelcomeMail
- The only thing the method does now is sending welcome mail, so new naming seems natural :)
2019-08-01 13:18:24 +02:00
Nazar Gargol
db9eed6288 Switched to use v2 http module instead of ovelooked v1
- Small adjustments in controller that came along with the switch
2019-08-01 13:06:15 +02:00
Nazar Gargol
956da204f2 Expanded authentication test suite with cases for password reset flow
- Added missing endpoint coverage
- Minor fixes with formatting and validations uncovered by the test
- Added same test to v0.1 coverage
2019-07-30 22:48:59 +02:00
Nazar Gargol
3945e8a5ee Added missing doSettings call in updateSetup 2019-07-30 16:52:37 +02:00
Nazar Gargol
589b78d575 Added missing validator to updateSetup method
- This is the code corresponding to processArgs function in v1 authentication.updateSetup method
2019-07-30 16:37:32 +02:00
Nazar Gargol
c7a836b926 Renamed sendNotification to sendWelcomeMail
- The only thing the method does now is sending welcome mail, so new naming seems natural :)
2019-07-30 16:15:53 +02:00
Nazar Gargol
8503bdceb8 Refactored sendNotification method to just use email address as parameter 2019-07-30 16:13:53 +02:00
Nazar Gargol
dae69072f6 Removed unused 'setup.completed' event
- Without the event it's possible to simplify sendNotification method to just use email address of the user
2019-07-30 15:45:07 +02:00
Nazar Gargol
7b97c1ada1 Added missing notification email when setting up a site 2019-07-30 15:42:16 +02:00
Fabien O'Carroll
7cc90a3f62 Removed noise from members-ssr error logging
no-issue

Previously we were using the error logger, which is probably a bit
extreme for these errors. This also removes the stacktrace from the logs
so we don't enter fresh hell whilst developing/looking through logs.
2019-07-29 15:45:04 +08:00
Nazar Gargol
8b651bff9d Migrated authentication.updateSetup method to v2 2019-07-25 17:12:39 +02:00
Nazar Gargol
4441ee15a0 Migrated authentication.isSetup method to v2 2019-07-25 17:13:05 +02:00
Nazar Gargol
ddabd5e808 Migrated setup method 2019-07-25 17:12:39 +02:00
Nazar Gargol
a5990e555b Fixed lint error 2019-07-25 17:12:39 +02:00
Nazar Gargol
132e278a22 Migrated authentication.isInvitation method to v2 2019-07-25 17:12:47 +02:00
Nazar Gargol
f4b97d3bc8 Migrated authentication.acceptInvitation method to v2 2019-07-25 17:12:39 +02:00
Nazar Gargol
4da03a38b6 Corrected debug namespace 2019-07-25 17:12:39 +02:00
Nazar Gargol
8135d4d188 Added validation layer to password reset
- Adding a new method in all.js seems a little dirty, but that seems like the best place for now as similar method was added for changePassword method
2019-07-25 17:12:39 +02:00
Nazar Gargol
b3ed11719e Migrated authentication.resetPassword method to v2 2019-07-25 17:12:20 +02:00
Aileen Nowak
d11fd4210b Updated docs api links to be version-less 2019-07-25 15:17:23 +08:00
Kevin Ansfield
1aa7e368a2
🎨 Added url value to the Content API /settings/ endpoint (#10946)
closes https://github.com/TryGhost/Ghost/issues/10945

- adds the `url` property to the returned output manually because it's a config value rather than a settings value
2019-07-24 11:12:07 +01:00
Fabien O'Carroll
805f3c7250 Added logging for members-ssr errors
no-issue

This will help us debug issues with members-ssr functionality going forward
2019-07-24 18:11:48 +08:00
Kevin Ansfield
2b6830b747 Ensured Admin API cannot fetch internal integrations (#10501)
no issue

- Forced a filter on read and browse requests to the integrations endpoint to limit fetches to only "custom" and "builtin" integration types
- Expanded test coverage for "internal" integrations
2019-07-24 11:52:55 +02:00
Nazar Gargol
bf5824a7ba Fixed ability for the owner to change password of other users
closes #10927

-  Previous fix 2823c0b342
- It didn't work because the validation layer in "frame" doesn't take into account the value under `required` property of the controller, so to prevent validation on the field whole `required` key/value have to be removed
- Removed unused variables
- Extended regression suite to prevent similar problems in the future
2019-07-22 19:00:21 +02:00
Aileen Nowak
496f873ac4
Updated links to docs (#10941)
no issue
2019-07-22 18:17:50 +08:00
Fabien O'Carroll
97983baed6 🐛 Fixed CORS for errors from Admin API
refs #10932

Previously we were only applying the cors middleware to the options
preflight request, which meant that if the request errored, the cors
headers would not be applied, resulting in the client being unable to
read response data. This applies the cors middleware to _all_ requests
to the Admin API.
2019-07-22 12:57:41 +08:00
Fabien O'Carroll
2cb41dd8cd 🐛 Fixed CORS for errors from Content API
closes #10932

Previously we were only applying the cors middleware to the options
preflight request, which meant that if the request errored, the cors
headers would not be applied, resulting in the client being unable to
read response data. This applies the cors middleware to _all_ requests
to the Content API.
2019-07-22 12:57:41 +08:00
Fabien O'Carroll
5da8da1879
Deleted unused pg.js module (#10928)
no-issue

This module was first created (AFAICT) in c09c20ad8d (diff-20a31f345ca2643b2602224678bb8d5b) and
has since undergone some filename renames and eslint refactors - we don't support
PostgreSQL and have no immediate plans to do so.
2019-07-22 12:11:19 +08:00
Naz Gargol
c3a80f112a
Exposed site SEO data through Conent API & {{@site.*}} helper (#10925)
refs #10921

- Site SEO data will now be available as part of `GET /settings` response in Content API as well as part of {{@site.*}} helper
2019-07-19 10:40:47 +02:00
Naz Gargol
b89b57b6fb
Added global site SEO fields in Admin API (#10923)
refs #10921

- New SEO related fields will now be available as a part of Admin API /settings endpoint
- The ordering of fields is taken from post's schema
- Extended settings test suite with new SEO fields
- Adjusted settings model unit test
2019-07-18 16:24:34 +02:00
Fabien O'Carroll
078060abdc
Refactored members service logging and errors (#10919)
* Installed @tryghost/members-ssr@0.2.1

refs https://github.com/TryGhost/Members/issues/38

This updates allows for dynamic access of the membersApi, which will be
used in future when replacing the membersApi instance with a newly
configured one.

* Set the membersApiInstance logger to use common.logging

refs https://github.com/TryGhost/Members/issues/38

Passes the Ghost logger to the members api, so that we can keep an eye
on errors produced by the api.

* Refactored memberService use to always use getter

refs https://github.com/TryGhost/Members/issues/38

This will allow us to switch out the membersApi and the consumers of it
to have the updated reference by going through a getter.

* Installed @tryghost/members-api@0.3.0

refs https://github.com/TryGhost/Members/issues/38

Adds support for setting the logger

* Uninstalled stripe@7.0.0

refs https://github.com/TryGhost/Members/issues/38

The stripe module is now a dep of members-api, as it should be

* Updated members service to reconfigure settings

refs https://github.com/TryGhost/Members/issues/38

Previously we were unable to stop an invalidly configured members api
instance, now that we create a new instance, we can wait for the ready
or error event and only switch it out then.
2019-07-18 15:37:11 +08:00
Rish
01ea872af2 🐛 Fixed cache invalidation header on theme override
closes #10920

- Fixed incorrect property name to correctly set cache invalidation header on theme override
2019-07-17 18:41:25 +05:30
Naz Gargol
46706646e3
Refactored authentication controller v0.1 (#10893)
refs #10060

- Modules extractions done here are meant to make upcoming migration of authentication controller to v2 more manageable and reduce code repetition
- There were couple modules extracted for different areas that controller touches: passwordrest, accept (for invitation), setup 
- The aim was to keep changes to the minimum while making small readability improvements to new functions through async/await syntax
- The biggest barrier to make more encapsulated functions was the fact that we mutate options parameter on multiple levels in the controller. e.g mutations of options.data during validation on the password reset ties it up to the implementation of doReset function
2019-07-17 12:28:16 +02:00
Naz Gargol
9dcc17a017
🐛 Fixed import for tag without slugs that belongs to a post (#10917)
closes #10785

- The behavior for tags will now be similar to posts' one described in the docs
- "The only strictly required field when importing posts is the title. Ghost will automatically generate slugs and set every other field to the default or empty."
- The breaking change was introduced with: 68d8154d4f (diff-e712df50c0dc7cf33746eeff0564003cR97) (assumed there's always slug in the imported object which is not true)
- Added originalIdMap to the importer base class to track id
substitution so it can be used when dealing with relational resource
updates
- Removed explicit use of 'this.stripProperties(['id']);' in
beforeImport of base class because we need to assign and remove the id
property in the same place to track this change
- Only calling 'this.stripProperties(['id']);' in
settings/trusted_domain imports as the method won't be called otherwise
- Expanded regression tests with new supported import case
2019-07-16 12:01:44 +02:00
Peter Zimon
a482c547ae Update default 404 page
refs. https://github.com/TryGhost/Ghost/issues/10899
- removed broken ghost "illustration" from default frontend 404 page
- refined style of 404 page to be more theme agnostic
2019-07-15 14:47:01 +02:00
Vikas Potluri
2823c0b342 🐛 Allowed administrators to change other users' passwords (#10891)
closes #10427

- Administrators don't know other users' passwords, but they should be able to change other users' password
- Don't require oldPassword to be provided
2019-07-15 14:19:31 +08:00
Vikas Potluri
b431dc56cb 🐛 Fixed error message when get helper doesn't have API access (#10892)
closes #10875
2019-07-15 14:18:58 +08:00
Christoph Tavan
834a5a0521 Replaced v1 for v4 uuids (#10871)
* Swapped v1 with v4 UUID as requestId when logging

no issue

v1 UUID are based on current time and the hardware MAC address of the
machine where they are being generated. As such they have much more
complex semantics than v4 UUIDs which are simply randomly generated.

Unless there's a specific requirement for the special semantics of v1
UUIDs it is simpler and less error prone to simply go for v4 UUIDs
whenever just a unique identifier is needed.

* Swapped v1 with v4 UUID when creating a temporary contentFolder

no issue

v1 UUID are based on current time and the hardware MAC address of the
machine where they are being generated. As such they have much more
complex semantics than v4 UUIDs which are simply randomly generated.

Unless there's a specific requirement for the special semantics of v1
UUIDs it is simpler and less error prone to simply go for v4 UUIDs
whenever just a unique identifier is needed.

* Swapped v1 with v4 UUID when creating a temporary exportFolder

no issue

v1 UUID are based on current time and the hardware MAC address of the
machine where they are being generated. As such they have much more
complex semantics than v4 UUIDs which are simply randomly generated.

Unless there's a specific requirement for the special semantics of v1
UUIDs it is simpler and less error prone to simply go for v4 UUIDs
whenever just a unique identifier is needed.
2019-07-15 14:01:02 +08:00
David Darnes
b293b25128
Update each to foreach loop 2019-07-12 10:08:45 +01:00
Rish
e26635620e 🐛 Fixed theme upload error when overriding existing
no issue

- Cache invalidation header was set wrongly in frontend theme service
- This moves cache invalidation out of theme service to themes controller by passing `themeOverriden` flag along with theme
2019-07-11 15:34:15 +05:30
Naz Gargol
f3ec2fb2f7
Cleaned up theme service (#10884)
refs #10790

- Following TODO in theme index file was waiting for 2 years, and today is the day to cross it out:
- "Reduced the amount of things we expose to the outside world"
- "Made this a nice clean sensible API we can all understand!" - by @ErisDS
- Cleaned exposed methods from themes module
- Removed unused storage getter
- Removed list method
- Removed validate method
- Renamed Storage to ThemeStorage
  - Named the file the same way the class defined inside of it is named
  - Naming was conflicting with coming rename of  `settings` -> `storage`
- Renamed theme settings to storage
2019-07-09 16:35:18 +02:00
Fabien O'Carroll
d9d8d91b6a
Fixed members auth pages flashing on open (#10889)
closes #10888

The real work for this was done in:
https://github.com/TryGhost/Members/pull/37

Installed @tryghost/members-auth-pages@1.1.0
Installed @tryghost/members-theme-bindings@0.2.3
2019-07-09 19:05:47 +08:00
Fabien O'Carroll
177411045a
Moved members static pages to members api URL (#10887)
* Installed @tryghost/members-api@0.2.0

refs #10886

This will allow us to mount one router rather than having a static and
api router.

* Added members v2 api directory

refs #10886

This brings the members api more inline with how the rest of the apis
work within Ghost.

* Mounted the members api app to the api route

closes #10886

This successfully mounts the api and the static pages to the
/api/v2/members/ URL.

* Installed @tryghost/members-auth-pages@1.0.0

refs #10886

This updates the auth pages to work correctly with the new mount point.

* Changed membersUrl in members.js to use members api

refs #10886

This keeps the membersUrl lined up with the path for the static
members pages.

* Removed old members static mount point

refs #10886

These are no longer used, nor desired.

* Remove superfluous code from members service

refs #10886

This remove the gateway getter which is no longer used, and the fallback
for members not enabled - which is handled within the members app.

* Updated ssoOrigin to use admin url

refs #10886

This ensures that sites running on a separate admin domain have the
correct ssoOrigin, which is used to ensure only the designated auth
pages are used to hit the authentication endpoints.

Since the auth pages are now hosted under the `/ghost` url, they will be
on the admin origin and not the site origin
2019-07-09 19:02:44 +08:00
Nazar Gargol
bc8f8979c1 Removed stray use of urlService.utils
refs #10773

- All instances of `urlService.utils` were previously migrated to use standalone SDK module `url-utils`
2019-07-08 17:53:29 +02:00
renovate[bot]
db53ac0721 Update Test & linting packages (major) (#10858)
no issue 

- Updated Test & linting packages
- Updated use of hasOwnProperty
- Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins)
- Removed already defined built-in global variable Intl
- Applied `--fix` with lint command on `core/test` folder
- The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes)
- Removed redundant global variable declarations to pass linting
2019-07-05 13:40:43 +02:00
Fabien O'Carroll
90bb40ed80
Improved dynamic default options performance (#10816)
closes #10789

* Updated keypair generation to use a memoised fn

This allows us to embed the members dynamic defaults in the object at
definition, and will allow us to only create the keypair when we need
it, in future.

* Added getDefaultValue fn to default setting obj

This will allow us to generate the default values when they're needed
rather than at boot time.

* Ensured dynamic defaults only generated when used

This replaces all the dynamic default values with functions to return
the values, and then calls (if required) that function inside the
getDefaultValue method of the setting object.
2019-07-05 15:30:29 +08:00
renovate[bot]
1f32a1372f Update dependency got to v9 (#10861)
no issue 

- The underlying issue is the change in retry behavior in 'got' (a3e77de287)
- Now 500 responses trigger 2 default retries
- Renamed retries -> retry. As mentioned in https://github.com/sindresorhus/got/releases/v9.0.0
- Added response body error check
2019-07-04 10:36:51 +02:00
Fabien O'Carroll
683e37c764
Fixed generation of api urls for members service (#10869)
no-issue

Previously we used urlFor which wasn't setup to correctly support
members. This changes members service to use the admin URL directly
2019-07-04 12:05:56 +07:00
Naz Gargol
4529ab514c
Themes controllers code extraction (#10818)
refs #10790

- Extracted 'setFromZip' method into themes services
- Extracted 'activate' method
- Extracted 'destroy' method
- Extracted 'download' method
- The method name here tries to follow 'setFrom...` convention we've agreed upon. So, in this case, we have get() which returns JSON response and getZip() which returns a file
2019-07-01 16:56:23 +02:00
Hannah Wolfe
6f507b8608 Updated theme activation API to experimental
- allow both uploading and activating themes as experiemental API features
- previously only uploading was allowed, I believe purely due to an oversight
2019-07-01 10:14:03 +01:00
Jeffrey Fisher
6ca34a29fd 🐛 Allowed .ico files to be uploaded for icons. (#10820)
closes #10641

There is already an "icons" section in this json file, but it appears
that that is only used for v0.1 in which there was a "/uploads/icon"
route that passed in a "type" of "icons" to the validation middleware.
However, in v2, there is only a generic "/images/upload" route that is
used for both icons and images, which passes a "type" of "images"
so the .ico information needs to be added to the "images" section
of the json file.
2019-07-01 13:29:24 +07:00
Rish
15a3dacf26 Fixed invalid method usage in members authentication
no issue

- `getPublicConfig` in members authentication was not called correctly
2019-06-27 15:21:21 +05:30
Kevin Ansfield
3229de75f8 Revert "Replaced keypair with rsa-keypair module (#10758)"
This reverts commit 64735693be.

- `rsa-keypair` is a binary dependency that was failing to install for a lot of users, reverting for now so we can look at alternative options for speeding up boot time
2019-06-26 14:00:25 +01:00
Fabien O'Carroll
dd727a44df
Fixed issuer when site and api are diff domains (#10806)
no-issue

The issuer value is used through the members code base as the identifier
for the members api. The existing code did not take into account that
the domain/url for the site could be different than for the admin (and
the apis).
2019-06-26 16:02:08 +07:00
Naz Gargol
0bf1542bc6
Extracted settings service part manipulating routes.yaml (#10800)
refs #10790
refs #9528

- The settings service was designed to handle more settings then just routing, but till this day there wasn't anything else added. As routes.yaml is only being used by frontend router so conceptually it fits better to have this code in frontend, so that it doesn't have to reach out to server
- The code left in server settings is the one that interacts with the database `settings` table and only partially provides information to frontend. That part is known as 'settings cache' and will be accessed through API controllers.
2019-06-25 18:33:56 +02:00
Fabien O'Carroll
0e2ce29468 Moved members static mount point to /ghost/members
no-issue

This alleviates the CORS requests failing for members when the admin is
hosted on a different domain than the site
2019-06-25 15:13:52 +07:00
Fabien O'Carroll
bb1ee3c265 Updated members-theme-bindings & public/members.js
no-issue

This updates Ghost to inject the exact urls we want to use for both the
static members pages and the ssr endpoints we've configured for the
frontend. This allows us to changes these without having to update the
members repository, and gives a cleaner split between the two.
2019-06-25 15:13:52 +07:00
Nazar Gargol
22f56c95a8 Fixed redirects.json file validation
refs #10790

- Reference to method previously used to validate wasn't updated during refactoring done in be27db46eb
2019-06-24 10:56:30 +02:00
Naz Gargol
8ae5db9922
Extracted frontend code from settings API controllers (#10797)
* Moved settings#upload method out of settings controller

* Moved out code from download to serve method

* Moved API v0.1 settings upload/downalod routes.yaml methods to use setting handler service

* Reverted unintended change

* Moved RoutesHandler into settings module

- To keep in convention with settings described in - https://github.com/TryGhost/Ghost/issues/9528 , extracted routes handler into separate settings folder

* Frontend settings for API v0.1

* Renamed 'routes' to 'dynamic-routing'

* Renamved activate/serve methods as suggested in discussions

* Moved settings dynamicRouting to routing.settings
2019-06-21 16:52:07 +02:00
Naz Gargol
be27db46eb
Extracted frontend code from redirects API controllers (#10798)
refs #10790

- The code was moved out of controllers to reduce the number of coupling points between the API controllers and "frontend" services
- A nice side effect of this move is a decreased amount of code that will need to be maintained and reusability between existing controllers
- Calling just a few methods from frontend services on API level makes it easier to abstract fronted away from API
2019-06-21 16:50:16 +02:00
Nazar Gargol
c7522f896b Moved settings dynamicRouting to routing.settings 2019-06-21 16:34:17 +02:00
Nazar Gargol
a84c15689e Renamved activate/serve methods as suggested in discussions 2019-06-21 13:58:26 +02:00
Nazar Gargol
f3b4e2e39a Renamed 'routes' to 'dynamic-routing' 2019-06-21 13:12:23 +02:00
Daniel Lockyer
64735693be Replaced keypair with rsa-keypair module (#10758)
refs #10789 

Speed up Ghost boot time by replacing the JS-only RSA key generator
library with a native alternative.
2019-06-21 16:51:44 +07:00
Nazar Gargol
19d3c4bc5c Frontend settings for API v0.1 2019-06-20 17:20:44 +02:00
Nazar Gargol
61dc9e8c24 Moved RoutesHandler into settings module
- To keep in convention with settings described in - https://github.com/TryGhost/Ghost/issues/9528 , extracted routes handler into separate settings folder
2019-06-20 16:58:26 +02:00
Nazar Gargol
06a6dc835d Moved API v0.1 settings upload/downalod routes.yaml methods to use setting handler service 2019-06-20 13:34:22 +02:00
Nazar Gargol
8709f5cc55 Moved out code from download to serve method 2019-06-20 13:23:58 +02:00
Nazar Gargol
c3b14f82fd Moved settings#upload method out of settings controller 2019-06-20 13:19:22 +02:00
Nazar Gargol
58a077564f Fixed stray rename after frontend extraction
refs #10790

- The name should be themeService as everywhere else in the codebase
2019-06-19 17:58:07 +02:00
Naz Gargol
df7e64fafa
Extracted frontend folder (#10780)
refs #10790

- Moved /core/apps into core/frontend
- Moved /core/server/helpers to /core/frontend/helpers along with /core/server/services/themes
- Changed helper location in overrides
- Moved /core/server/services/routing to /core/frontend/services
- Moved /core/server/services/url to /core/frontend/services
- Moved /core/server/data/meta to /core/frontend/meta
- Moved /core/server/services/rss to /core/frontend/services
- Moved /core/server/data/xml to /core/frontend/services
2019-06-19 11:30:28 +02:00
Naz Gargol
abda6e6338
Migrated to use url-utils from Ghost-SDK (#10787)
closes #10773

- The refactoring is a substitute for `urlService.utils` used previously throughout the codebase and now extracted into the separate module in Ghost-SDK
- Added url-utils stubbing utility for test suites
- Some tests had to be refactored to avoid double mocks (when url's are being reset inside of rested 'describe' groups)
2019-06-18 15:13:55 +02:00
Hannah Wolfe
d1e3205569 Add url as context to oembed unknownProvider error
- This is so that we can use logs to see urls that turn up with this error
2019-06-13 12:57:02 +01:00
Kevin Ansfield
bbae006eb5
Speed up image-size utility functions (#10784)
no issue

- add `probe-image-size` dependency
- use `probe-image-size` to fetch partial image data over the network where possible
2019-06-11 16:25:15 +01:00
Nazar Gargol
a936362051 Removed logging for validation error in frontend routing
refs #10525

- The logging in this place only introduced confusion and provided no usefull information
2019-06-11 12:35:16 +02:00
Timothy Stapleton
f2e60806da 🐛 Fixed redirects to absolute URLs (#10777)
closes #10776

When the "to" property of the redirect includes a host (implying an external or fully qualified url) we skip replacing any paths and redirect straight to it, rather than modifying the URL with the sites sub-directory.
2019-06-10 12:48:37 +07:00
Rish
a4f119cb7f Moved visibility utility from static model fn to Ghost-SDK
refs #10618

- Visibility methods don't belong on model, but are generic utils
- Used directly from ghost helper's visibility methods, cleans up core
- Removes direct model dependency of theme helper
- Updated `foreach_spec` to correct test data as per schema - visibility property cannot be empty
2019-06-09 13:12:04 +05:30
Kevin Ansfield
ea37b78456
Added logging of slow {{#get}} helper uses (#10779)
no issue

- `{{#get}}` can slow down requests a lot if not used carefully, typically by using `limit="all"` or similar which can force a lot of data to be fetched and processed
- adds a warning log if we detect any `{{#get}}` helper call which takes longer than a certain threshold (default 200ms)
- allow log level and threshold to be configured via config to allow for different environments behaviours and requirements

New config options:
```
{
    "logging": {
        "slowHelper": {
            "level": "warn",
            "threshold": 200
        }
    }
}
```

Example output for `{{#get "tags" limit="all" order="name asc"}}` with a lot of tags:

```
[2019-06-07 10:35:52] WARN {{#get}} helper took 453ms to complete

{{#get}} helper took 453ms to complete

Error ID:
    062daed0-8910-11e9-8185-3b615ad8677d

Error Code:
    SLOW_GET_HELPER

Details:
    api:          v2.tagsPublic.browse
    apiOptions:
      order: name asc
      limit: all
    returnedRows: 1698
```
2019-06-07 14:54:55 +01:00
Nazar Gargol
f5544e7831 Migrated to use @tryghost/social-urls package
refs #10618

- /lib/social/urls was extracted into SDK to move more modules out of the core and reduce coupling of the theme layer
2019-06-06 17:10:13 +02:00
Naz Gargol
cb199b17b8
Decoupled asset hash calculation from package.json (#10774)
refs https://github.com/TryGhost/Ghost/issues/9414
refs c9b95b4bbd

- Removed package version from asset hash calculation
- Package version doesn't introduce any value when calculating a hash because Date.now() provides enough randomization on its own
2019-06-05 10:06:25 +02:00
Naz Gargol
acdcadc396
🔥 Dropped Node v6 support (#10771)
no issue
    
- Node v6 has come to EOL as of 2019-04-30 (ref. https://github.com/nodejs/Release#end-of-life-releases)
- Removed Node v6 specific tests and code
2019-06-03 14:20:23 +02:00
Kevin Ansfield
f88adb9180
Added x-frame-options header to /ghost/ route (#10760)
no issue
- by default the `/ghost/` route will add an `x-frame-options: sameorigin` header to the response to help protect the admin area against clickjacking
- the header can be disabled by adding `"adminFrameProtection": false` to the `config.{env}.json` configuration file

Credits: Muhammad Fawwad Obaida
2019-05-28 09:04:48 +01:00
Aileen Nowak
d086841f36
Updated link to Marketplace (#10754)
no issue

- Marketplace moved to https://ghost.org/marketplace
2019-05-22 16:55:28 +08:00
Fabien O'Carroll
53b884ec2b
Refactored json-schema to use one instance of ajv (#10746)
refs https://github.com/TryGhost/Team/issues/211

Previous code was creating a new ajv instance for each call, as well as
loading the schemas, which are cached. This was causing a memory leak as
ajv caches all schemas.

We've replaced it with one instance of ajv, and conditionally
loading/compiling the schemas if they haven't been seen before.
2019-05-15 13:28:10 +02:00
Fabien O'Carroll
c101fd90d7
Removed lib/members in favour of packages (#10739)
* Installed `@tryghost/members-{api,auth-pages}`

no-issue

* Used @tryghost/members-auth-pages in member service

no-issue

* Used @tryghost/members-api in members service

no-issue

* Deleted core/server/lib/members

no-issue

* Fixed parent app tests

no-issue

Requiring the members api (via the `gateway` getter) was throwing an
error, so we stub out the members service getters
2019-05-08 14:08:25 +02:00
Rish
a4f4a00cc4 Updated to use slugify method from SDK for safe string
refs #10618

- Updated lib safe string security method
2019-05-07 15:33:07 +05:30
Rish
65ee0f95c4 Updated reading time helper to use SDK
refs #10618

- Removed duplicate calculation for reading time by using SDK method
2019-05-07 15:33:07 +05:30
Aileen Nowak
b2ed906773 🎨 Allowed protocol overwrite for canonical URLs (#10729)
closes #10709

- Only transform a canonical URL that is identical with the Blog URL to a relative URL when the protocol matches as well
- Leave the canonical URL absolute for all other cases
- Use case for this is e. g. when users want to port over their Facebook comments/shares/likes after a move from `http` to `https`
2019-05-06 15:27:54 +02:00
kirrg001
a31ed7c71d Added comments for Ghost API
no issue

- jsdoc
- added more information & context
2019-05-06 14:49:25 +02:00
Aileen Nowak
79345f9030 🐛 Fixed Twittercard having wrong property when no feature image provided
closes #10706

- Fixed a bug where we weren't assigning `summary_large_image` as Twitter card property when no feature image is provided, but a dedicated Twitter image
- Updated test to reflect this case to be tested better
2019-05-06 12:51:43 +02:00
Nazar Gargol
b69f1e9e21 Added comment about future scheduler migration
refs #10060
2019-05-06 12:26:08 +02:00
Katharina Irrgang
2447335ab1 🐛 Fixed post scheduling on restart (#10726)
no issue

- case: restart Ghost and while having a scheduled post 
- caused by 4acc375fb6 (diff-4726ce3c4d18d41afad4b46cb0aa7dd3)
  - the bug exists since 2.12
  - Bookshelf added support (or better said fixed a bug) for accessing previous attributes
  - `object.updated('published_at')` always returned "undefined", because the self-implementation < 2.12 only remembered previous attributes after update (see https://github.com/TryGhost/Ghost/blob/2.11.0/core/server/models/base/index.js#L234)
  - but `object.previous('published_at')` returns the current value (object.get('published_at') === object.previous('published_at') -> and that's why rescheduling on bootstrap never worked
- might fix https://forum.ghost.org/t/scheduled-posts-never-publish/6873/10
- reduced timeouts on scheduling unit tests
2019-05-06 11:11:43 +02:00