Commit Graph

72 Commits

Author SHA1 Message Date
Vikas Potluri
c7127d5a93
Removed final non-destructured imports of core/server/lib/common (#11858)
* removed final non-destructured imports of core/server/lib/common
* fixed lint
2020-05-28 17:54:18 +01:00
Vikas Potluri
1bd8c18a16
Moved core/server/lib/url-utils to core/shared/url-utils (#11856)
* moved url-utils from server to shared
* updated imports of url-utils
2020-05-28 11:57:02 +01:00
Kevin Ansfield
35f8042d7b
Added ?search= param to Admin API members endpoint (#11854)
no issue

- adds `search` bookshelf plugin that calls out to an optional `searchQuery()` method on individual models to apply model-specific SQL conditions to queries
- updated the base model's `findPage()` method to use the search plugin within `findPage` calls
- added a `searchQuery` method to the `member` model that performs a basic `LIKE %query%` for both `name` and `email` columns
- allowed the `?search=` parameter to pass through in the `options` object for member browse requests
2020-05-28 10:14:02 +01:00
Vikas Potluri
15d9a77092
Moved config from server to shared (#11850)
* moved `server/config` to `shared/config`
* updated config import paths in server to use shared
* updated config import paths in frontend to use shared
* updated config import paths in test to use shared
* updated config import paths in root to use shared
* trigger regression tests
* of course the rebase broke tests
2020-05-27 18:47:53 +01:00
Vikas Potluri
c17a6e457c
Removed import of common sub-modules (#11849)
* replaced import of `common/logging` with destructuring the "module" in migrations
* removed reference to `index` in admin regression test
2020-05-26 21:12:13 +01:00
Vikas Potluri
aeee302c9d
refactored 'lib/image' imports to use destructuring (#11847)
* refactored 'lib/image' imports to use destructuring
* trigger all-tests
2020-05-26 19:11:23 +01:00
Hannah Wolfe
c86933f44f
Remove common errors (#11848)
* refactored core/frontend/services/proxy to import common dependency like a normal person
* removed all imports of `common/errors`
* 🔥 removed common/errors module

Co-authored-by: Vikas Potluri <vikaspotluri123.github@gmail.com>
2020-05-26 19:10:29 +01:00
Kevin Ansfield
071ab9774b
Added Admin API endpoint for basic member stats (#11840)
no issue

- moves members stats generation for the admin graph from the client to the server
- outputs a basic totals count across a requested date range of 30, 90, 365 days, or all time. See below for the response shape
- leaves heavy lifting of the counts to the SQL engines - tested on a dataset of 100k members and query performance is <100ms

```
GET /ghost/api/canary/members/stats/?days=30

{
    total: 100000,
    total_in_range: 20000,
    total_on_date: {
        '2020-04-25': 19000,
        '2020-04-26': 19500,
        // continues until today's date
    },
    new_today: 200
}
```
2020-05-26 10:38:42 +01:00
Vikas Potluri
a9cb8adacc
Refactored tests to destructure common lib import (#11838) 2020-05-25 09:49:38 +01:00
Vikas Potluri
4ac88dce10
Refactored common lib import to use destructuring (#11835)
* refactored `core/frontend/apps` to destructure common imports
* refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports
* refactored `core/frontend/services/settings` to destructure common imports
* refactored remaining `core/frontend/services` to destructure common imports
* refactored `core/server/adapters` to destructure common imports
* refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports
* refactored `core/server/data/importer` to destructure common imports
* refactored `core/server/models/{base, plugins, relations}` to destructure common imports
* refactored remaining `core/server/models` to destructure common imports
* refactored `core/server/api/canary/utils/serializers/output` to destructure common imports
* refactored remaining `core/server/api/canary/utils` to destructure common imports
* refactored remaining `core/server/api/canary` to destructure common imports
* refactored `core/server/api/shared` to destructure common imports
* refactored `core/server/api/v2/utils` to destructure common imports
* refactored remaining `core/server/api/v2` to destructure common imports
* refactored `core/frontend/meta` to destructure common imports
* fixed some tests referencing `common.errors` instead of `@tryghost/errors`
   - Not all of them need to be updated; only updating the ones that are
causing failures
* fixed errors import being shadowed by local scope
2020-05-22 19:22:20 +01:00
Kevin Ansfield
21d38b2d37 Added label to known filter params for members
no issue

- updated `filter` plugin with appropriate label relationship and replacement config for NQL
- fleshed out member and label fixture data and tools to facilitate tests
2020-05-21 18:44:52 +01:00
Kevin Ansfield
225544331c Split members admin API tests between acceptance and regression
no issue

- moved typical "happy path" tests for members admin API from regression to acceptance
2020-05-21 18:44:52 +01:00
Fabien O'Carroll
4c3bd0e2e9 Added stripeDirect config to admin api w/ default
no-issue

The flag currently defaults to `true` as we are still using stripe
direct. We expose it on the admin api config endpoint so that the
Ghost-Admin client can use it to conditionally render
2020-05-20 16:47:58 +02:00
Aileen Nowak
86ab62704b
🐛 Fixed structured data issue for publisher logo (#11826)
closes #11304

- Google requires an `ImageObject` to be always returned for `publisher.logo` (https://developers.google.com/search/docs/data-types/article)
- The previous fix 3f5daa60c8 added a second nested `url` error and got therefore reverted with 7ac614030d
- This commit updates the image object generation fn to **always** return an `ImageObject` with minimum of `url` and `@type` properties. If dimensions are available, we'll pass those in there as well
2020-05-20 18:16:20 +12:00
Nazar Gargol
2d41e5cc88 🐛 Fixed permission for "Administrator" to be able to edit post visibility
closes #11825

- The initial implementation had a typo in a role name which didn't allow "Administrator" to edit post's "visibility" attribute
- Added unit tests to check administrator specific role and visibility attribute permission
2020-05-20 17:47:27 +12:00
Hannah Wolfe
2876178dcf 🐛 Fixed logic error in navigation for isSecondary
closes #11772

- Ensures that isSecondary is a boolean true or false
- Added tests that cover the bug, switching to using compile because the helpers have to be run together
- TODO: all tests for helpers should be switched to compile, it's SO MUCH easier
2020-05-18 19:15:28 +01:00
Hannah Wolfe
998eb62e22 Added success indicator for members magic links
- Add a query param that indicates whether signin/up succeeded or failed
- Add unit tests for all 3 possible cases for the createSessionFromMagicLink middleware
- Added an acceptance test to show the behaviour works in principle
2020-05-08 13:17:51 +01:00
Naz
c84866dda7
Improved password reset and session invalidation for "locked" users (#11790)
- Fixed session invalidation for "locked" user
  - Currently Ghost API was returning 404 for users having status set to "locked". This lead the user to be stuck in Ghost-Admin with "Rousource Not Found" error message.
  - By returning 401 for non-"active" users it allows for the Ghost-Admin to redirect the user to "signin" screen where they would be instructed to reset their password

- Fixed error message returned by session API
  - Instead of returning generic 'access' denied message when error happens during `User.check` we want to return more specific error thrown inside of the method, e.g.: 'accountLocked' or 'accountSuspended'
  - Fixed messaging for 'accountLocked' i18n, which not corresponds to the
actual UI available to the end user

- Added automatic password reset email to locked users on sign-in
  - uses alternative email for required password reset so it's clear that this is a security related reset and not a user-requested reset

- Backported the auto sending of required password reset email to v2 sign-in route
  - used by 3rd party clients where the email is necessary for users to know why login is failing

Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-05-05 19:37:53 +01:00
Rishabh Garg
a01bcdd2d0
Added new endpoint for refreshing api key secret (#11791)
no issue

- Adds new endpoint on integration to refresh admin/content api key secret
- Allows owner/admin to refresh their content or admin API keys for an integration via Ghost Admin
- Adds a new `refreshed` event to actions table for anytime an api_key secret is refreshed
2020-05-05 23:36:21 +05:30
Hannah Wolfe
53d14fd8e3 Added Router etc to shared/express + use everywhere
- Added a wrapper around express.Router to our shared/express util
- Also export static and _express
- Use this shared util everywhre, meaning express is only used directly in this one file
- ATM this file is mostly an experiment / debug helper, it might be removed again later
- The aim is to have a minimal framework wrapping express that allows us to:
     - reduce our usage of express() in favour of Router()
     - unify some of our duplicated logic
     - fix some structural issues e.g. Sentry
     - make it easier to understand the codebase
2020-05-01 19:32:57 +01:00
Hannah Wolfe
c70c49258e Added new members/api/site endpoint
- easy way to access public settings needed for building members clients
- no auth means this is for public info only
2020-04-30 19:50:40 +01:00
Hannah Wolfe
0cba02b370 Renamed members ssr + api endpoints 2020-04-30 19:00:37 +01:00
Hannah Wolfe
985bbbd194 Moved members routing+mw into its own app
- create a new app for the /members/ endpoint
- moved all /members/ routes and middleware onto this app
- helps to separate members and frontend/site logic so we can start to decouple things more
2020-04-30 13:03:27 +01:00
Hannah Wolfe
3133c302fc Fixed error in redirect regression test
- this redirect is the only one in our tests which is permanent
- also I verified that this new test works the same before and after the recent changes :)
2020-04-30 09:01:49 +01:00
Federico Tibaldo
4fcc31015b
🐛 Fixed regex match replacement when dealing with external URLs (#11781)
refs #10898

- Execute string replacement on external paths
- Take non-top-level base URLs into consideration (to avoid #10776 dups)
- Added tests for all of the above cases
2020-04-30 07:51:36 +01:00
Hannah Wolfe
22e13acd65 Updated var declarations to const/let and no lists
- All var declarations are now const or let as per ES6
- All comma-separated lists / chained declarations are now one declaration per line
- This is for clarity/readability but also made running the var-to-const/let switch smoother
- ESLint rules updated to match

How this was done:

- npm install -g jscodeshift
- git clone https://github.com/cpojer/js-codemod.git
- git clone git@github.com:TryGhost/Ghost.git shallow-ghost
- cd shallow-ghost
- jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2
- jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2
- yarn
- yarn test
- yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode
- grunt test-regression
- sorted!
2020-04-29 16:51:13 +01:00
Hannah Wolfe
0fe0e09d62 Moved express init + sentry to a shared util
- added core/shared to watched folders in grunt
- moved sentry to shared
- moved express initialisation to a shared file
- always set trust proxy + sentry error handler
- use this new express init everywhere, and remove duplicate trust proxy and sentry error handler code
2020-04-27 18:17:50 +01:00
Hannah Wolfe
18bd10308b Updated misc files to use ES6 variables
- updated various files I noticed were outdated on my travels around the codebase
- doesn't make any more advanced ES6 changes, this is mostly in the persuit of getting rid of var x = y, z = a; lists at the top of files
2020-04-27 16:03:21 +01:00
Hannah Wolfe
4eeb8604dd 🐛 Fixed public/members.js request path
- removed trailing slash typo
- moved tests out of regression & renamed
2020-04-27 12:48:54 +01:00
Hannah Wolfe
a5c8549616 Moved remaining shared mw tests into correct folder
- make sure the test structure follows the main structure for these files
2020-04-23 19:38:12 +01:00
Hannah Wolfe
4a67ea5546
Fixed admin host with port causing infinite redirect (#11767)
closes #11766, refs 7284227f1

- when we changed from host to hostname, more changed than just using the x-forwarded-host if trusted because express req.hostname does not return the port
- this causes issues with an infinite redirect if you try to set a different admin host with a port
- added a test to demonstrate the case, that didn't fail due to an error in the test logic
- switched from redirecting based on req.hostname to using req.vhost.host which has the correct trusted, requested value that we should rely on
- simplified the comparison logic to explicitly compare host with host
2020-04-23 19:00:28 +01:00
Daniel Lockyer
0e4dbc659c Added eslint exceptions in test-suite
no issue

- eslint-plugin-ghost will warn for console.* calls
- we use a mini-hack in the test suite to print out the start time for
  Ghost
- we want to keep these for the mean time, so explicitly allow them for
  now
2020-04-23 09:15:22 +01:00
Hannah Wolfe
d4cd996e20 Use destructuring for more readable redirect code
- This code was a little verbose, which made it hard to see what was happening (it still is a bit)
- Used destructuring to reduce the code
- Renamed a few variables
2020-04-22 20:30:17 +01:00
Hannah Wolfe
19dde146c1 Renamed redirect functions for clarity
- we had urlRedirects, urlRedirects.adminRedirect and adminRedirects
- all do kinda similar things, but for different contexts so for now I've done a minimal renaming for clarity
- and updated some comments!!
- also removed totally unnecessary if res.isAdmin clause, as we don't use that, and it was never true
2020-04-22 19:31:36 +01:00
Hannah Wolfe
37a22edbe9 Refactored cache-control mw to remove dependencies
- cache-control had some logic in it for private blogging + similar logic exists for members in site/app
- having it in 2 places is weird, and having it inside the mw makes the mw less generic/reusable
- instead of requiring config inside the middleware, we pass config in for the one case where this is used
- fixed tests that didn't test anything 🙈
2020-04-22 18:01:01 +01:00
Hannah Wolfe
f4f61b8a3a Moved normalize image mw into api app
- Moved normalize image mw from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 17:48:54 +01:00
Hannah Wolfe
de9864db30 Moved upload validation mw into api app
- Moved upload validation mw from shared to api as it is not shared (except within the API)
- Co-located the code with the upload middleware, as it's small and gives us a nice API of .upload.single and .upload.validation
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:37:02 +01:00
Hannah Wolfe
1a4506dcf0 Moved validation utils into validation/upload
- These two functions have no dependencies and are only used in valiation/upload
- Co-locating the code makes it easier to move
- Exported them with a new module.exports._test pattern - we'll see about whether this is a good idea
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:21:41 +01:00
Hannah Wolfe
d85c634669 Removed unused middleware code
- removed empty theme-handler_spec.js file
- removed unused export of uncapitalise
- removed unused export of utils
- remove unused blog-icon and profile-image validation code (now lives in core/server/api/[version]/utils/validators/input)
2020-04-22 07:15:51 +01:00
Hannah Wolfe
05cf4f495d Moved update-user-last-seen mw into api app
- Moved update-user-last-seen from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:12:25 +01:00
Hannah Wolfe
92af5b8f09 Moved api cors mw into api app
- Moved api cors from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:12:25 +01:00
Hannah Wolfe
41c3b4e92b Moved version-match mw into api app
- Moved version-match from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:12:25 +01:00
Hannah Wolfe
213f0a4785 Moved ghost-locals mw into parent app
- Moved ghost-locals from shared to parent as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
- This allows shared middleware to be unhooked from the parent app
2020-04-21 18:50:46 +01:00
Hannah Wolfe
8fe56852e0 Moved request-id mw into parent app
- Moved request-id from shared to parent as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 18:29:20 +01:00
Hannah Wolfe
becc239de1 Moved web/parent-app to web/parent/app
- Have a consistent structure so we can co-locate an app with its own middleware
- This is another small step in sorting out the giant mess that was web/shared/middleware
2020-04-21 18:08:29 +01:00
Hannah Wolfe
61633d48ee Moved serve-public-file mw into site app
- Moved serve-public-file from shared to site as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 17:23:07 +01:00
Hannah Wolfe
406218489c Remove additional mount of content/images
refs 717567995b

- We should not be using relative URLs inside the admin panel anymore
- Removes a usage of "shared" middleware which isn't truly shared
2020-04-21 17:02:16 +01:00
Hannah Wolfe
dbafaf7205 Moved handle-image-sizes mw into site app
- Moved handle-image-sizes from shared to site as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 15:50:01 +01:00
Hannah Wolfe
9fe741c9b9 Moved static-theme mw into site app
- Moved static-theme from shared to site as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 15:50:01 +01:00
Hannah Wolfe
40fa2053e3 Moved serve-favicon mw into site app
- Moved serve-favicon from shared to site as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 14:30:32 +01:00