Commit Graph

6968 Commits

Author SHA1 Message Date
Greenkeeper
810d60ce83 chore(package): update nock to version 8.2.1 (#7641)
https://greenkeeper.io/
2016-10-28 14:26:27 +01:00
Greenkeeper
9c99f9d8bb chore(package): update oauth2orize to version 1.5.1 (#7608)
https://greenkeeper.io/
2016-10-28 14:22:57 +01:00
Greenkeeper
34c35db6d1 chore(package): update gulp-jshint to version 2.0.2 (#7625)
https://greenkeeper.io/
2016-10-28 14:22:26 +01:00
Greenkeeper
fea661d786 chore(package): update jshint to version 2.9.4 (#7606)
https://greenkeeper.io/
2016-10-28 14:22:10 +01:00
Greenkeeper
03b28df4f3 chore(package): update moment to version 2.15.2 (#7618)
https://greenkeeper.io/
2016-10-28 14:15:48 +01:00
Greenkeeper
3673e50c8f chore(package): update sqlite3 to version 3.1.8 (#7639)
https://greenkeeper.io/
2016-10-28 14:11:47 +01:00
Hannah Wolfe
9d95a81b92 Update Ghost-Admin: use config API endpoint
refs #7628
2016-10-28 14:10:20 +01:00
Katharina Irrgang
a55fb0bafe 🎨 public config endpoint (#7631)
closes #7628

With this PR we expose a public configuration endpoint.
When /ghost is requested, we don't load and render the configurations into the template anymore. Instead, Ghost-Admin can request the public configuration endpoint.

* 🎨  make configuration endpoint public
* 🔥  remove loading configurations in admin app
- do not render them into the default html page
*   load client credentials in configuration endpoint
- this is not a security issue, because we have exposed this information anyway before (by rendering them into the requested html page)
* 🎨  extend existing configuration integration test
*   tests: add ghost-auth to data generator
*   add functional test
* 🔥  remove type/value pattern
* 🎨  do not return stringified JSON objects
2016-10-28 14:07:46 +01:00
Katharina Irrgang
e11e3a2444 🛠 ignore bunyan updates for now (#7637)
no issue
- background: we would like to pin 1.8.1 bunyan, because they introduced a behaviour change in the newer versions, see https://github.com/TryGhost/Ignition/issues/16
- because we would like to use Ghost-Ignition in Ghost soon, we can ignore bunyan updates in Ghost for now
- Ignition will take care about be able to update bunyan soon
2016-10-27 12:41:32 +01:00
Greenkeeper
e58d8cac7b chore(package): update passport-ghost to version 1.0.3 (#7632)
https://greenkeeper.io/
2016-10-26 19:16:08 +02:00
Greenkeeper
128cff7e66 chore(package): update supertest to version 2.0.1 (#7598)
https://greenkeeper.io/
2016-10-25 12:19:46 +01:00
Katharina Irrgang
ca17e788ed 🐛 add missing schedulerUrl option (#7626)
no issue
- while refactoring the config module, this was accidentally deleted
- let's re-add it 😇
2016-10-25 12:19:22 +01:00
Katharina Irrgang
0e13ef8767 🎨 logging improvements (#7597)
* 🎨  rotation config
  - every parameter is configureable
  - increase default number of files to 100
* 🎨  ghost.log location
  - example: content/logs/http___my_ghost_blog_com_ghost.log
  - user can change the path to something custom by setting logging.path
* 🛠   add response-time as dependency
* 🎨  readable PrettyStream
  - tidy up
  - generic handling (was important to support more use cases, for example: logging.info({ anyKey: anyValue }))
  - common log format
  - less code 🕵🏻
* 🎨  GhostLogger cleanup
  - remove setLoggers -> this function had too much of redundant code
  - instead: add smart this.log function
  - remove logging.request (---> GhostLogger just forwards the values, it doesn't matter if that is a request or not a request)
  - make .warn .debug .info .error small and smart
* 🎨  app.js: add response time as middleware and remove logging.request
* 🎨  setStdoutStream and setFileStream
  - redesign GhostLogger to add CustomLoggers very easily

----> Example CustomLogger

function CustomLogger(options) {
  // Base iterates over defined transports
  // EXAMPLE: ['stdout', 'elasticsearch']
  Base.call(this, options);
}
util.inherits(...);

// OVERRIDE default stdout stream and your own!!!
CustomLogger.prototype.setStdoutStream = function() {}

// add a new stream
// get's called automatically when transport elasticsearch is defined
CustomLogger.prototype.setElasticsearchStream = function() {}

* 🎨  log into multiple file by default
  - content/logs/domain.error.log --> contains only the errors
  - content/logs/domain.log --> contains everything
  - rotation for both files
* 🔥  remove logging.debug and use npm debug only
*   shortcuts for mode and level
* 🎨  jshint/jscs
* 🎨  stdout as much as possible for an error
* 🎨  fix tests
* 🎨  remove req.ip from log output, remove response-time dependency
* 🎨  create middleware for logging
  - added TODO to move logging middleware to ignition
2016-10-25 12:17:43 +01:00
Hannah Wolfe
ce8517fde0 Upgrading Casper to 1.3.4 2016-10-24 16:57:06 +01:00
Kevin Ansfield
13c95bafc4 Version bump to 1.0.0-alpha.6 2016-10-24 12:51:55 +01:00
Kevin Ansfield
4520edc0e4 Updated Ghost-Admin to 1.0.0-alpha.6 2016-10-24 12:51:55 +01:00
Ryan McCarvill
646aaa1e43 deps: ghost-editor@0.0.14 (#7619) 2016-10-24 11:57:20 +01:00
Katharina Irrgang
c8c696f659 🎨 grunt release .knex-migrator (#7591)
no issue
- the file was not copied over for the release
- @TODO: different solution?
2016-10-24 10:18:04 +01:00
Greenkeeper
d8214d6a46 chore(package): update moment-timezone to version 0.5.7 (#7609)
https://greenkeeper.io/
2016-10-22 11:11:39 +01:00
Katharina Irrgang
cccd8c4f8f change ghost client redirect_uri (#7595)
closes #7580
2016-10-21 16:08:17 +01:00
Katharina Irrgang
2887602712 🎨 error improvements (#7600)
*   id for each error instance
- copy paste of ignition
- on purpose for now
- delete TODO, wohoo
- use id property instead of uid, see http://jsonapi.org/format/#errors

* 🕵🏻  remove TODO for decouple req.err
- can't find a nicer alternative solution
- added some more descriptions to code pieces in our error-handler

* 🎨  use uuid.v1
- timestamp based
2016-10-21 13:10:17 +01:00
Katharina Irrgang
02a1f08ba3 🐛 fix changePassword bug (#7590)
no issue
- comparison for isLoggedInUser did not work when userId was a string
- parsing of int was missing
2016-10-21 10:19:09 +01:00
Katharina Irrgang
8bcd000829 🐛 GhostError needs to inherit from Error (#7582)
no issue
2016-10-19 15:27:22 +01:00
Greenkeeper
441f7e54e8 chore(package): update knex-migrator to version 0.0.7 (#7592)
https://greenkeeper.io/
2016-10-19 11:59:56 +02:00
Greenkeeper
0148895269 chore(package): update passport-ghost to version 1.0.2 (#7594)
https://greenkeeper.io/
2016-10-19 11:04:34 +02:00
kirrg001
8637c7be60 Version bump to 1.0.0-alpha.5 2016-10-18 14:10:32 +02:00
kirrg001
7ab059b8b9 Updated Ghost-Admin to 1.0.0-alpha.5 2016-10-18 14:10:32 +02:00
Katharina Irrgang
258688932f 🛠 knex-migrator 0.0.6 (#7589)
no issue
- manual PR, because GK is too slow to push the version bump
2016-10-18 10:23:57 +01:00
Katharina Irrgang
fd0a08ae8c 🎨 make sqlite filename absolute (#7585)
no issue

- add tests for makePathsAbsolute
- add support for windows paths

When Ghost-CLI inits the database of the current GhostVersion (in /current), then it uses knex-migrator to do that.
Knex migrator is reading the .knex-migrator file of the current Ghost version. This returns a relative path to the database location.
The problem: knex-migrator will init the database in the root folder of Ghost-CLI /content/data instead of /current/content . And when you start Ghost (ghost start), it always complains that
that database is not initialised, because it expects the database in /current/content...

* 🎨  move config_spec to config/index_spec
- add one more test case
2016-10-18 09:04:44 +01:00
Greenkeeper
af4534c74a chore(package): update knex-migrator to version 0.0.5 (#7587)
https://greenkeeper.io/
2016-10-17 20:42:29 +02:00
Katharina Irrgang
133b7e00fd 🎨 add knexMigratorFilePath for knex-migrator initialisation (#7583)
no issue
- if we don't pass our root path, it can happen that knex-migrator get's the wrong path when looking for the .knex-migrator file
2016-10-17 16:10:14 +01:00
Greenkeeper
d2d0d80f83 chore(package): update knex-migrator to version 0.0.3 (#7581)
https://greenkeeper.io/
2016-10-17 16:32:08 +02:00
Katharina Irrgang
8d8d7bdb26 knex migrator (#7565)
refs #7489
- remove sephiroth
- use knex migrator npm
- goodbye bootup script
- 🎨  update README
- 🎨  knex migrator @ 0.0.2
2016-10-17 13:50:29 +01:00
Greenkeeper
d55f5b9860 chore(package): update mocha to version 3.1.2 (#7541)
https://greenkeeper.io/
2016-10-17 14:44:05 +02:00
Greenkeeper
d8c8f7b18b chore(package): update knex to version 0.12.5 (#7551)
https://greenkeeper.io/
2016-10-17 14:27:03 +02:00
kirrg001
2378a7ef02 Update Ghost-Admin: Use one token endpoint 2016-10-17 12:51:39 +02:00
Katharina Irrgang
4056a6da4a 🎨 one token endpoint (#7571)
* 🎨  one token endpoint

refs #7562
- delete /authentication/ghost
- Ghost-Admin will use /authentication/token for all use cases (password, refresh token and ghost.org authorization code)
- add new grant_type `authorization_code`

* 🎨  update comment description and remove spamPrevention.resetCounter
2016-10-17 12:45:50 +02:00
Katharina Irrgang
25b0c9eb9a add isPasswordCorrect fn to User Model (#7573)
refs #7432
- clean code!
- less code!
2016-10-14 18:46:22 +01:00
Katharina Irrgang
ca7b5643d5 🎨 more clean code in User Model (#7572)
* 🎨  do not call generateSlug twice for User.setup

* 🎨  call generatePasswordHash onSaving only

- now we can add defaults to User Model
- it was not possible before because add User model did the following:
  1. validate password length
  2. hash password manually
  3. call ghostBookshelf.Model.add and THEN bookshelf defaults fn gets triggered
- call generatePasswordHash in onSaving hook for all use case
- add more tests to user model, juhu
2016-10-14 18:24:38 +01:00
Katharina Irrgang
e1ac6a53dd 🎨 gravatar lookup in saving hook (#7561)
refs #7432

- in preparation for more User model cleanup
- look for gravatar when email has changed
- run onSaving tasks in parallel in User model
2016-10-14 15:37:40 +01:00
Hannah Wolfe
03e4acdb37 🐛 Subscribers: validate urls (#7540)
no issue

- Ensure URLs submitted via form are sanitized so that we only accept real urls
- Add some tests for the isEmptyOrURL validator
2016-10-14 16:31:20 +02:00
Ryan McCarvill
ea2c3a0a3f Markdown card (#7568)
Refs #7429
- Added mobiledoc card, this uses the mobiledoc editor from within Ghost. In the future we'll pull this out and replace it with a textarea as the preview is too small to fit in the content.
- Made the HTML editor a codemirror editor (pulled in from ghost-admin to save duplicating libraries).
- Ghost-Admin now passes the paths for the ghost-api and the image directory for tools.
- Fixed the scrolling issue.
2016-10-14 14:42:48 +02:00
Katharina Irrgang
56a2e56b1c 🎨 fetch all scheduled posts on bootstrap (#7567)
refs #7555
- remove filters, they can cause problems
2016-10-14 13:39:10 +01:00
Katharina Irrgang
8cd5d9f6fe 🎨 register events in base model (#7560)
refs #7432

- all models implemented it's own initialize fn to register events
- we can register all events in the base model
- important: we only listen on the event, if the model has defined a hook for it
- this is just a small clean up PR
- register more bookshelf events
2016-10-14 13:37:01 +01:00
Hannah Wolfe
4411f8254f 🎉 🎨 Remove middleware/index.js (#7548)
closes #4172, closes #6948, refs #7491, refs #7488, refs #7542, refs #7484

* 🎨 Co-locate all admin-related code in /admin
- move all the admin related code from controllers, routes and helpers into a single location
- add error handling middleware explicitly to adminApp
- re-order blogApp middleware to ensure the shared middleware is mounted after the adminApp
- TODO: rethink the structure of /admin, this should probably be an internal app

* 💄 Group global middleware together

- There are only a few pieces of middleware which are "global"
- These are needed for the admin, blog and api
- Everything else is only needed in one or two places

*  Introduce a separate blogApp

- create a brand-new blogApp
- mount all blog/theme only middleware etc onto blogApp
- mount error handling on blogApp only

* 🎨 Separate error handling for HTML & API JSON

- split JSON and HTML error handling into separate functions
- re-introduce a way to not output the stack for certain errors
- add more tests around errors & an assertion framework for checking JSON Errors
- TODO: better 404 handling for static assets

Rationale:

The API is very different to the blog/admin panel:
 - It is intended to only ever serve JSON, never HTML responses
 - It is intended to always serve JSON

Meanwhile the blog and admin panel have no need for JSON errors,
when an error happens on those pages, we should serve HTML pages
which are nicely formatted with the error & using the correct template

* 🐛 Fix checkSSL to work for subapps

- in order to make this work on a sub app we need to use the pattern `req.originalUrl || req.url`

* 🔥 Get rid of decide-is-admin (part 1/2)

- delete decide-is-admin & tests
- add two small functions to apiApp and adminApp to set res.isAdmin
- mount checkSSL on all the apps
- TODO: deduplicate the calls to checkSSL by making blogApp a subApp :D
- PART 2/2: finish cleaning this up by removing it from where it's not needed and giving it a more specific name

Rationale:

Now that we have both an adminApp and an apiApp,
we can temporarily replace this weird path-matching middleware
with middleware that sets res.isAdmin for api & admin

* 🎨 Wire up prettyURLs on all Apps

- prettyURLs is needed for all requests
- it cannot be global because it has to live after asset middleware, and before routing
- this does not result in duplicate redirects, but does result in duplicate checks
- TODO: resolve extra middleware in stack by making blogApp a sub app

* ⏱ Add debug to API setup

* 🎨 Rename blogApp -> parentApp in middleware

* 🎨 Co-locate all blog-related code in /blog

- Move all of the blogApp code from middleware/index.js to blog/app.js
- Move routes/frontend.js to blog/routes.js
- Remove the routes/index.js and routes folder, this is empty now!
- @TODO is blog the best name for this? 🤔
- @TODO sort out the big hunk of asset-related mess
- @TODO also separate out the concept of theme from blog

* 🎉 Replace middleware index with server/app.js

- The final piece of the puzzle! 🎉 🎈 🎂
- We no longer have our horrendous middleware/index.js
- Instead, we have a set of app.js files, which all use a familiar pattern

* 💄 Error handling fixups
2016-10-13 17:24:09 +02:00
Katharina Irrgang
4abb9590a1 add token utils (#7554)
no issue
- preperation for User model refactoring
- add independent util to generate reset hash, compare a hash and extract information out of it
- this code is basically a copy/paste of User model (generateResetToken, validateToken)
2016-10-13 13:54:44 +01:00
Katharina Irrgang
5b9c213849 🎨 change gravatar file design (#7553)
no issue
- preperation for User model refactoring
- the rule is:
  --> when calling a unit, this unit should return something new
  --> and NOT modifying an existing object and return it (this is an unexpected behaviour, especially for utils and libs)
2016-10-13 13:52:22 +01:00
Greenkeeper
da9c6be06c chore(package): update passport-ghost to version 1.0.1 (#7559)
https://greenkeeper.io/
2016-10-13 13:03:27 +02:00
Katharina Irrgang
48c01162a3 🎨 decrease timeout for scheduling (#7556)
refs #7555
- temporary fix to make travis green
- that should not have a any bad effect on scheduling
- we just let the job awake a bit later
- the job logic is strong enough to catch the job if setTimeout awakes too late (that can happen, because setTimeout is not accurate)
- if (moment().diff(moment(Number(timestamp))) <= self.beforePingInMs) --> is smaller ensures that even if the diff is negative, it get's executed
2016-10-13 09:49:10 +01:00
Katharina Irrgang
869a35c97d migrations: seeding is part of init db task (#7545)
* 🎨  move heart of fixtures to schema folder and change user model

- add fixtures.json to schema folder
- add fixture utils to schema folder
- keep all the logic!

--> FIXTURE.JSON
- add owner user with roles

--> USER MODEL
- add password as default
- findAll: allow querying inactive users when internal context (defaultFilters)
- findOne: do not remove values from original object!
- add: do not remove values from original object!

* 🔥  remove migrations key from default_settings.json

- this was a temporary invention for an older migration script
- sephiroth keep alls needed information in a migration collection

* 🔥   add code property to errors

- add code property to errors
- IMPORTANT: please share your opinion about that
- this is a copy paste behaviour of how node is doing that (errno, code etc.)
- so code specifies a GhostError

* 🎨  change error handling in versioning

- no need to throw specific database errors anymore (this was just a temporary solution)
- now: we are throwing real DatabaseVersionErrors
- specified by a code
- background: the versioning unit has not idea about seeding and population of the database
- it just throws what it knows --> database version does not exist or settings table does not exist

* 🎨  sephiroth optimisations

- added getPath function to get the path to init scripts and migration scripts
- migrationPath is still hardcoded (see TODO)
- tidy up database naming to transacting

*   migration init scripts are now complete

- 1. add tables
- 2. add fixtures
- 3. add default settings

* 🎨  important: make bootup script smaller!

- remove all TODO'S except of one
- no seeding logic in bootup script anymore 🕵🏻

*   sephiroth: allow params for init command

- param: skip (do not run this script)
- param: only (only run this script)
- very simple way

* 🎨  adapt tests and test env

- do not use migrate.populate anymore
- use sephiroth instead
- jscs/jshint

* 🎨  fix User model status checks
2016-10-12 16:18:57 +01:00