Commit Graph

13053 Commits

Author SHA1 Message Date
Renovate Bot
3af01b350f Lock file maintenance 2021-05-05 17:13:23 +01:00
Hannah Wolfe
01d9701096 Fixed i18n being called outside of a function
- calling i18n as a global const like this requires it to be loaded before anything else, when we have to manage this with the init() flow
- wrapping it inside the function where it's used ensures we don't call i18n til we need it
- also improved the i18n called without init error to include the key it was called with
2021-05-05 16:34:40 +01:00
Hannah Wolfe
fb974f6650 Moved i18n to correct location in boot process
- Note: added a forced error to show that this was previously happening at the wrong time
- i18n is required by ghost-server to log server start messages, and so gets initialised as part of the ghost-server load
- moving this into the right place means we can see how long it takes in the debug logs
- previously the debug log lines for i18n showed 0/1ms, which is not correct as this contains a sync file load operation!
- we should consider if we want to have i18n be a requirement for ghost server, or if we want static messages
2021-05-05 16:13:26 +01:00
Hannah Wolfe
9ce407966f Improved theme locale handling
- when activating a theme, we need to load the current locale
- this request used to be buried deep in the themeI18n init call
- now we surface it in the bridge and pass it down, which is closer to what we want to do with eventually initialising the frontend
with everything it needs up front (or not initialising it, if it isn't needed)

- in the related helpers we depend on the site.locale value instead of proxy -> themeI18n -> settingsCache drastically simplifying the code and removing deep requires
- site.locale is updated via middleware and can be relied upon
2021-05-05 16:13:26 +01:00
Renovate Bot
a795e12ffe Update dependency fs-extra to v10 2021-05-05 16:06:45 +01:00
Hannah Wolfe
d8318654a9 Improved i18n with unified getCandidateString fn
- the core i18n library and theme i18n library have slightly different methods of getting a candidate string
- both of them use forms of jsonpath, meaning they both require jsonpath as a dependency
- to try to get to a point of being able to rip more things out of ghost, we want to have less dependencies
- so instead of overloading the method, we pass in a stringMode as an argument
- eventually we might not need an overloaded class for themeI18n at all, which would simplify the codebase
2021-05-05 15:53:09 +01:00
Daniel Lockyer
470f2a8728
Updated dependency grunt-contrib-compress to v2
- this reverts commit 4be4af9c18 because
  we have now dropped Node 10
2021-05-05 15:46:02 +01:00
Renovate Bot
ee9ef5498d Update metascraper to v5.21.7 2021-05-05 15:43:46 +01:00
Renovate Bot
a9cc729c54 Update dependency oembed-parser to v1.4.7 2021-05-05 15:24:05 +01:00
Hannah Wolfe
ba53de1add Refactored i18n into a class + index
- preparation for using DI instead of requires, so we can move this out of Ghost
- have done this for both the main i18n and theme i18n file
- refactored the constructor
2021-05-05 15:13:23 +01:00
Daniel Lockyer
7360be5625
Disabled Ghost v1 and v2 CLI tests
refs 57ff38da8a

- we're dropping support for Node 10 which involved bumping the Node
  version we run our Ghost-CLI tests on but they fail because Ghost v1
  and v2 don't support Node 12
- this commit disables these tests until we come up with a good
  workaround
2021-05-05 14:59:20 +01:00
Daniel Lockyer
156900a4ae
⚙️ Bumped required Ghost-CLI version to 1.17.0
refs https://github.com/TryGhost/Team/issues/658

- Ghost-CLI 1.17.0 displays warnings when users are on an unsupported
  version of Node, or are running a Ghost version that is EOL
- by bumping this here, we can force users to update to CLI 1.17.0 to
  get these features
2021-05-05 14:40:28 +01:00
Daniel Lockyer
57ff38da8a
🔥 Dropped support for Node 10
refs https://github.com/TryGhost/Team/issues/658

- Node 10 become EOL as of April 30th so it's time to drop support
- this commit:
  - removes the Node 10 range from the `node` `engines` block
  - removes Node 10 from CI tests
  - switches Node 10 in the CLI test to Node 12 so we can ensure it
    installs on our oldest supported Node version
2021-05-05 14:38:14 +01:00
Hannah Wolfe
c999e48c01 Refactored urlUtils out of ghost-server
- We only require a single value from urlUtils, the url for the site
- Move that logic back to the boot file makes it much more explict
- Will help if we want to refactor how urlUtils works, or when we want to move ghost-server out of core
2021-05-05 14:24:59 +01:00
Hannah Wolfe
78cdd3fe13 Added core root files to grunt watch list properly
- We no longer have a core/index.js file
- Instead we have a small set of root core files that should all trigger a watch reload
2021-05-04 17:13:09 +01:00
Hannah Wolfe
814a0054e7 Improved single author deprecated notices
- single authors were deprecated in v1.22 when we added multiple authors
- we always thought we'd clean this up a lot sooner, but it's stuck because it's an annoying thing to break people's shit over
- still saying "remove in vX" isn't useful, we need to know how long a feature has been deprecated so we can judge whether it's safe to remove
2021-05-04 17:11:12 +01:00
Rishabh Garg
75169b705b
Added custom prices list to portal settings (#12912)
refs https://github.com/TryGhost/Team/issues/637

With custom prices, Portal now needs to show all available custom prices in the UI instead of just `monthly` and `yearly` prices. This change adds a list of all custom prices to Portal site settings for the default product which Portal will use to show the available prices in UI. 
Note: As part of cleanup, the stripe price ids will be removed from the prices list.

Also:
- Fixes product name in serialised subscriptions
- Adds `type` value in  serialised price object
2021-05-04 21:02:20 +05:30
Fabien O'Carroll
da33a4ee65 Included description in Admin Products API output
refs https://github.com/TryGhost/Ghost/issues/12055
refs https://github.com/TryGhost/Ghost/commit/b4d9ee0b

Since we've added the description column to the products table we need
to include it in responses from the API
2021-05-04 13:42:35 +01:00
Fabien 'egg' O'Carroll
b4d9ee0b4e
Added description to Products & Prices (#12916)
refs https://github.com/TryGhost/Team/issues/586

The `products` and `stripe_prices` tables are missing a description
column which will be used by Portal to display information about the
products and prices
2021-05-04 13:41:48 +01:00
Hannah Wolfe
6ccd2251b3 Fixed weird require in theme templates
- this require weirdly went back too far, likely a product of recent refactoring
2021-05-04 13:32:17 +01:00
Hannah Wolfe
3eec28afcf Removed unused onMany method from events
- Preparing to cleanup / change how we use events across Ghost
- Removing this unused bit of additional complexity makes it easier to reason about what we need
2021-05-04 13:28:24 +01:00
Hannah Wolfe
273e220327 Moved i18n to shared
refs 829e8ed010

- i18n is used everywhere but only requires shared or external packages, therefore it's a good candidate for living in shared
- this reduces invalid requires across frontend and server, and lets us use it everywhere until we come up with a better option
2021-05-04 13:03:38 +01:00
Daniel Lockyer
6bc4c2caa6
v4.4.0 2021-05-04 11:55:36 +01:00
Daniel Lockyer
90f2b0e71a
Updated Ghost-Admin to v4.4.0 2021-05-04 11:55:36 +01:00
Kevin Ansfield
65862b437e
Migrated 'invite' to 'all' for sites that were not truly invite-only (#12907)
refs https://github.com/TryGhost/Team/issues/579

The previous `members_allow_free_signup` -> `members_signup_access` migration made a direct correlation between the toggle `true/false` to `all/invite` under the assumption that behaviour between the two settings would be identical. The assumption was incorrect and the behaviour is changing so `invite` forces invite-only mode, stopping all front-end signup to free or paid plans with the free plan now being disabled via the portal plans setting.

- check existing `members_signup_access` setting and if it's `'invite'` migrate it to `'all'` where signup should still be possible. The "invite-only" mode should only be active if certain conditions are met:
  - Stripe is not configured ("allow free member signup" off and no Stripe showed "invite-only" in portal)
  - Stripe is configured but no plans are selected in portal (no plans showed "invite-only" in portal)
- when migrating `'invite'` to `'all'`, also remove `'free'` plan from the `portal_plans` setting to avoid previously paid-only sites unexpectedly showing a free plan on signup
2021-05-04 09:50:29 +01:00
Kevin Ansfield
0f41d1aa49
🐛 Restored correct "allow free signup" setting from backup after buggy 4.3 upgrade (#12905)
refs https://github.com/TryGhost/Team/issues/634

- find earliest backup file created when a 4.3 migration was run, if found use the `members_allow_free_signup` value from there to change `members_signup_access` from `'all'` to `'invite'` if necessary
2021-05-04 09:49:33 +01:00
Renovate Bot
7b6df51d08 Update dependency cssnano to v5.0.2 2021-05-04 08:57:43 +01:00
Hannah Wolfe
829e8ed010 Expanded requires of lib/common i18n and events
- Having these as destructured from the same package is hindering refactoring now
- Events should really only ever be used server-side
- i18n should be a shared module for now so it can be used everywhere until we figure out something better
- Having them seperate also allows us to lint them properly
2021-05-03 17:14:52 +01:00
Naz
bc15f8c1bb Added "emails" limit check when (re)sending a newsletter
refs https://github.com/TryGhost/Team/issues/588

- This check allows for a on/off switch to be set up on the instance and control limits around sending emails
- An example configuration for such check would look like following in config's hostSettings section, e.g.:
```
"emails": {
    "disabled": true,
    "error": "Email sending has been temporarily disabled whilst your account is under review."
}
```
2021-05-03 17:51:33 +04:00
Fabien O'Carroll
fa327a7a85 Passed Settings model to @tryghost/members-api
refs https://github.com/TryGhost/Team/issues/637
refs https://github.com/TryGhost/Team/issues/591

We need to run migrations which will update the `portal_plans` setting
to use id's rather than names. This migration relies on the
`stripe_prices` table being complete populated. The migration to
populate the `stripe_prices` table was not added as a "normal"
migration because it needs to access the Stripe API over the network.
Any migrations that rely on this are unable to be run in a "normal"
migration as that cannot be sure that the database is in the correct
state.

The `portal_plans` setting migration is therefore run in code, and needs
access to the Settings model in order to modify the database.
2021-05-03 13:59:13 +01:00
Naz
a83cccd84b Enabled "emails" limit configuration
refs https://github.com/TryGhost/Team/issues/588

- This bump allows to pass configuration for "emails" limit (flag type for now) and allows to do checks against this limit as a consequence
- Useful to be able to do basic checks for newsletter-related functionality
2021-05-03 14:06:45 +04:00
Renovate Bot
026b85baca
Update dependency @sentry/node to v6.3.5 2021-04-30 13:33:27 +00:00
Renovate Bot
62d257f7a0
Update dependency @sentry/node to v6.3.4 2021-04-29 11:16:46 +00:00
Daniel Lockyer
15ecfd471b
Merged v4.3.3 into main
v4.3.3
2021-04-29 12:14:39 +01:00
Daniel Lockyer
8f3fbfb79d
v4.3.3 2021-04-29 12:12:55 +01:00
Daniel Lockyer
ef0381531e
Updated Ghost-Admin to v4.3.3 2021-04-29 12:12:55 +01:00
Hannah Wolfe
14b3431de1
🔒 Removed unused and insecure preview endpoint
refs: https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg

- This was part of an experiment during the build phase of 4.0. We never ended up using it, but the endpoint wasn't cleaned up.
- The endpoint leaves sites open to a security vulnerability. Anyone running 4.x should update to 4.3.3

Credits: Paul Gerste, SonarSource (https://www.sonarsource.com/)
2021-04-29 12:10:39 +01:00
Daniel Lockyer
95651b33a6
🐛 Fixed error when using staff access tokens
closes https://github.com/TryGhost/Team/issues/645

- we did some refactoring in [1] to turn promise chained code into
  async/await, but this removed an early `return` from the code
- therefore we'd continue on to further code, which breaks for obscure
  reasons that weren't apparent from the error
- this commit adds back a return at the end of the block where we handle
  staff API tokens to match the same functionality as before
- this is regression that landed in 4.3.0 and would break staff user
  tokens

[1]: b677927322 (diff-bc0bedcac8ec9646d0644c86a91e46f4759bc1b0c2aebac54a2b26ec474c3d15L148-L155)
2021-04-29 08:56:27 +01:00
Renovate Bot
ad48c16cb5
Update dependency @sentry/node to v6.3.3 2021-04-28 11:45:04 +00:00
Thibaut Patel
af35d5986a Exposed a read-only public oauth enabled/disabled configuration
issue https://github.com/TryGhost/Team/issues/614

The new flag is only appearing when oauth is configured.
2021-04-27 20:56:10 +02:00
Rishabh
d17c68ba96 Fixed invite only handling in Portal
refs https://github.com/TryGhost/Team/issues/579

Last commit missed updating Portal version in the URL, patched here.
2021-04-27 23:16:12 +05:30
Rishabh Garg
8c65b25c41
💡 Updated portal script to handle new signup access options (#12911)
refs https://github.com/TryGhost/Team/issues/579

Updates minimum Portal version to handle the new `members_signup_access` setting and explicitly handle the `invite` option to make Portal work in invite only mode if selected
2021-04-27 18:04:43 +01:00
Kevin Ansfield
858f48cf9d
🐛 Fixed Ghost 4.3.0 migration that put all sites into "allow free members signup" (#12904)
refs https://github.com/TryGhost/Team/issues/634

- the migration moving `members_allow_free_signup` to `members_signup_access` was expecting a raw boolean setting value but the actual value is a string so always evaluated as truthy making all sites look like they had "allow free members signup" toggled on when generating the new setting's value
- updated to check for an explicit string value in `up` and set an explicit string value in `down`
2021-04-27 17:10:41 +01:00
Rishabh Garg
1d8b6ef1c3
Added members signup access setting to Portal (#12908)
refs https://github.com/TryGhost/Team/issues/579

The new signup access setting allows site owner to set the type of access level allowed for a member which Portal needs to handle
2021-04-27 21:02:22 +05:30
Kevin Ansfield
cf29ed8c30
Updated members allowSelfSignup() to take portal plans into account (#12909)
refs https://github.com/TryGhost/Team/issues/579

`members_signup_access = 'invite'` now forces invite-only mode so both free and paid setups both use the `'all'` setting. To ensure we're properly allowing/disabling free (self signup) signups in the members API we need to update `allowSelfSignup()` to take additional settings into account.

- `true` when Stripe is not connected. There are no paid plans available in this configuration so free signup is always enabled. To disable free signup on a site with no Stripe setup the members signup access should be set to `invite` or `none`.
- `true` when Stripe is configured and free plan is enabled in portal, without it Members API would not send magic link emails to signup requests
- `false` in all other situations such as invite-only and members-disabled signup access modes, or when the free plan has been disabled in portal configuration
2021-04-27 16:22:43 +01:00
Kevin Ansfield
10b6fbfc82
🐛 Fixed Ghost 4.3.0 migration that put all sites into "allow free members signup" (#12904)
refs https://github.com/TryGhost/Team/issues/634

- the migration moving `members_allow_free_signup` to `members_signup_access` was expecting a raw boolean setting value but the actual value is a string so always evaluated as truthy making all sites look like they had "allow free members signup" toggled on when generating the new setting's value
- updated to check for an explicit string value in `up` and set an explicit string value in `down`
2021-04-27 15:37:41 +01:00
Hannah Wolfe
bc75fab663 Moved theme service to core/server
refs: bf0823c9a2
refs: ae86254972

- continuing the work of splitting up the theme service into logical components

Themes Service
- The serverside theme service now serves just the API and boot
- It loads the theme and passes it to the theme-engine via the bridge

This achieves the bare minimum goal of removing all the cross requires between server and frontend around themes
There is still a lot more to do to achieve an ideal architecture here as laid out in ae86254972
2021-04-27 15:14:49 +01:00
Hannah Wolfe
b128cebcb0 Removed use of proxy in theme service
refs: bf0823c9a2

- continuing the work of splitting up the theme service into logical components
- am about to move the theme service to core/server so it should require i18n directly
2021-04-27 14:32:11 +01:00
Hannah Wolfe
53669b6e71 Changed to getActive from bridge in toJSON
refs: bf0823c9a2

- continuing the work of splitting up the theme service into logical components
- this file is not part of the theme engine so it should use the bridge not the engine
- am about to move the theme service to core/server so this will make even more sense then
2021-04-27 14:07:32 +01:00
Hannah Wolfe
af09d55c7a Moved activate from themes to the bridge
refs: bf0823c9a2

- continuing the work of splitting up the theme service into logical components

Theme activations are a trickier piece of the theme split puzzle because they are called from the API and theme service on boot in different ways.

Activations require a theme to have been validated at different levels. Validations are also tricky - do they belong to the theme engine, or the theme service?

There are then several different flows for activations:
- On Boot
- API "activate" call
- API override on upload or install via setFromZip, which is a method in the storage layer

These calls all have quite different logical flows at the moment, and need to be unified

For now, I've moved the existing "activate" function onto the bridge. This allows the theme service to be split from the frontend, and refactoring can start from there.
I hope to move this so there is less code in the actual bridge very soon, but my goal is not to require any server packages in the frontend part of this

I think ideally:
- all activation code, including validation, should probably be part of the theme engine
- the theme engine should offer 3 methods: getActive() canActivate() and activate()
- the theme service is then only responsible for loading themes in and out of storage, JSON responses for the API, and handing themes to the frontend via the bridge at the appropriate moment
2021-04-27 13:52:19 +01:00