Commit Graph

3147 Commits

Author SHA1 Message Date
Steve Larson
9d15aef243
Updated timezone dependency (#20570)
ref https://linear.app/tryghost/issue/ENG-1266
- Mexico changed tz to not participate in DST
- our package was a couple years behind, so we likely have fixes for
other countries/regions, too
2024-07-09 16:31:36 -05:00
Sag
d0d0783837
🐛 Fixed pasting product URLs into the editor (#20565)
fixes https://linear.app/tryghost/issue/ENG-1215

- when pasting URLs that return `type: link` from the oembed service, we
now fallback to using a Bookmark card
- previously, this would render a plain link in the editor
- example product URL with `type: link`:
https://indiebeer.co.uk/products/terra-tempo-vinicius-red-wine-ba-wild-ale-with-mango-pineapple-honeydew-melon-and-banana-750ml-7
2024-07-09 18:28:56 +02:00
Steve Larson
00230314db
🐛 Fixed member source attribution for sign-up (Portal) links (#20566)
ref https://linear.app/tryghost/issue/ONC-154
- the query params did not carry through on portal sign up links because
of the hash creating an ignored fragment
(/#/portal/signup?ref=something)

Now when we check link attribution, we'll attempt to run the same logic
for the referrer source after stripping out `#/portal` from the URL.
Otherwise we should continue to treat these fragments as fragments to be
ignored by the client.

NOTE: We do not have e2e tests that cover member signup on the front end
and the data entered in the back end. The tests we have mock only the
server side of things. The test added here only covers the data that is
generated from the front end request (at this time), *not* the front end
request itself, meaning it's fragile.
2024-07-09 16:14:33 +00:00
Sag
8b45af3458
Cleaned up 'Filter by email disabled' GA feature flag (#20554)
no issue

- "Filter by email disabled" feature has been released to GA in [Ghost
v5.74.0](https://github.com/TryGhost/Ghost/releases/tag/v5.74.0)
(commit: 32d0d2b293)
- cf. [Project
details](https://www.notion.so/ghost/Filter-by-email-disabled-2a73f5da5e8b46bcaacb944bd98e0674?pvs=4)
2024-07-09 10:11:26 +00:00
Sag
6e884b1a95
🐛 Fixed selection bugs in editor (#20557)
ref https://ghost.slack.com/archives/CTH5NDJMS/p1720422460943619

- bumping 'lexical' from 0.13.1 to 0.14.2 created a few selection bugs
in the editor
- this commit reverts 'lexical' back to 0.13.1 and any related changes
in the editor codebase
2024-07-08 13:34:51 +01:00
Ronald Langeveld
3818445a18
🐛 Fixed bad redirects yaml overriding backed up working yaml file (#20555)
ref ENG-945

- Fixed an issue where upload a broken redirects yaml will override the
last working yaml.
- Instead it will now do the validation before saving and overriding the
yaml.
2024-07-08 16:45:20 +07:00
Ghost CI
bd15ce5c03 v5.87.1 2024-07-05 16:04:15 +00:00
Ghost CI
d260d81348 🎨 Updated Source to v1.3.0 2024-07-05 16:04:15 +00:00
Ghost CI
dc1f9492de 🎨 Updated Casper to v5.7.3 2024-07-05 16:04:15 +00:00
Kevin Ansfield
191a301242
Cleaned up hasPortalImprovements GA feature flag (#20548)
no issue

- the feature has been GA for a long time now so the conditionals are no longer required
2024-07-04 16:21:48 +00:00
Kevin Ansfield
3b87c9be53
Cleaned up websockets experiment (#20547)
no issue

- we're no longer making use of the websockets experiment so it's just bloat
- this is the whole feature in a single commit in case we need to revive it at some point
2024-07-04 16:08:06 +00:00
Daniel Lockyer
98d171cfc6 Bumped @tryghost/metrics package
- this change contains the removal of the `promise.allsettled` package,
  as this is not needed on Node 12+, which removes 75 further dependencies
  in production mode
2024-07-04 11:40:56 +02:00
renovate[bot]
6fadf45f4a Update dependency ws to v8.18.0 2024-07-03 17:36:56 +00:00
Kevin Ansfield
e6df014f84 Cleaned up newsletterExcerpt flag
no issue

- feature is GA so the flag and related conditionals are no longer required
2024-07-03 18:22:39 +01:00
Sanne de Vries
e393676e8d
Removed duplicate email template and styles files (#20528)
Refs https://ghost.slack.com/archives/C02G9E68C/p1720003723371169
- These duplicate files have been lingering since working on an email
customisation feature that was never released.
2024-07-03 14:35:17 +02:00
Sag
6e0b009034
🎨 Added 'Payment failed' subscription cancellation reason (#20527)
ref https://linear.app/tryghost/issue/ENG-1254

- we currently only store a cancellation reason when a member cancels
manually in Portal
- we now also store "Payment failed" when the cancellation is automatic
due to several payment failures
2024-07-03 13:12:01 +02:00
renovate[bot]
8d33c9d64f Update dependency lib0 to v0.2.94 2024-07-02 18:27:02 +02:00
Michael Barrett
b36c2356fc
Added custom redirects ReDoS validation (#20515)
refs
[ENG-709](https://linear.app/tryghost/issue/ENG-709/%F0%9F%90%9B-bad-redirects-causing-container-tear-down)

Added validation to prevent RegEx's susceptible to ReDoS from being used
with custom redirects. Also moved error details out of `context` and
into `errorDetails` to be consistent with error logging elsewhere as
well as fix issue in admin-x where blank screen would be shown when an
error occurred during redirects upload (due to logic not accounting for
`context` being an object)
2024-07-02 16:00:19 +01:00
Sanne de Vries
3618632129
Updated password updated successfully notification copy (#20512)
REF DES-540
2024-07-02 16:26:12 +02:00
renovate[bot]
90033eff2d Update dependency @tryghost/kg-html-to-lexical to v1.1.6 2024-07-02 08:26:16 +02:00
Kevin Ansfield
2fd9116499
🐛 Fixed unwanted extra blank paragraphs when copy/pasting from Google Docs (#20505)
closes https://linear.app/tryghost/issue/ENG-1255

- updated Koenig packages including:
  - addition of `/preview` for public preview card
  - fix for HTML import from Google Docs
  - fix for embed thumbnails being cut off in email
  - fix for wide image card width on medium screens
- multiple fixes for unhandled (but non user-visible) errors causing noise in console and error logging
2024-07-01 21:14:07 +01:00
Sag
7f963e9c2a
🎨 Added 'Changed email address' event to Member Activity (#20493)
fixes https://linear.app/tryghost/issue/ENG-1256

- when a member changes their email address, surface it in Member
Activity
2024-07-01 15:33:33 +00:00
Michael Barrett
c285b0a0f1
🔒 Added timestamp to webhook signature hash (#20500)
refs
[ENG-1238](https://linear.app/tryghost/issue/ENG-1238/🔒-webhook-signatures-dont-include-timestamp-in-the-signature)

Added timestamp to the webhook signature hash to prevent replay attacks.
This is
a breaking change for webhook consumers as signature verification logic
will need to be updated to account for the timestamp in the hash, for
example:

```js
const crypto = require('crypto');

// Webhook secret from Ghost Admin
const WEBHOOK_SECRET = 'FOOBARBAZ'

// Sample incoming webhook request object
const req = {
    headers: {
        'x-ghost-signature': 'sha256=fc9749d5b3333109bd779f65d4b1b891576bc5c92febea3b1d186a7f946d0745, t=1719842984367'
    },
    body: {
        tag: {
            current: {
                id: '6682b8a8e10cc04306284330',
                name: 'test',
                slug: 'test',
                description: null,
                feature_image: null,
                visibility: 'public',
                og_image: null,
                og_title: null,
                og_description: null,
                twitter_image: null,
                twitter_title: null,
                twitter_description: null,
                meta_title: null,
                meta_description: null,
                codeinjection_head: null,
                codeinjection_foot: null,
                canonical_url: null,
                accent_color: null,
                created_at: '2024-07-01T14:09:44.000Z',
                updated_at: '2024-07-01T14:09:44.000Z',
                url: 'http://localhost:2368/404/'
            },
            previous: {}
        }
    }
};

// Get the request body as a JSON string
const reqBodyJSON = JSON.stringify(req.body);

// Extract the hash and timestamp from the x-ghost-signature header
const {sha256: hash, t: timestamp} = req.headers['x-ghost-signature']
    .split(', ')
    .map((x) => x.split('='))
    .reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {})

// Recreate the hash using the secret, request body, and timestamp and compare it to the hash from the header
const isValid = crypto.createHmac('sha256', WEBHOOK_SECRET).update(`${reqBodyJSON}${timestamp}`).digest('hex') === hash

if (isValid) {
    console.log('Valid signature!')
}
```
2024-07-01 15:59:04 +01:00
Daniel Lockyer
60f37ed118 Fixed browser tests
refs 6378d7d66f

- the buttons have been renamed and split apart into separate ones
2024-07-01 14:49:20 +02:00
Daniel Lockyer
a146709c16 Cleaned up unused core dependencies
- analytics-node usage was removed a while back
- juice is used by a different package now
2024-07-01 13:56:31 +02:00
Sanne de Vries
95a4895e8f
Center aligned feature image in email template (#20491)
REF DES-380
- Center aligned feature image in email template
- Updated feature image css in editor to better display image overlay
and improve caption spacing
2024-07-01 08:43:26 +00:00
renovate[bot]
f561f362f4 Update dependency postcss to v8.4.39 2024-07-01 07:28:24 +02:00
renovate[bot]
41d8240d50 Update dependency mysql2 to v3.10.2 2024-07-01 02:07:18 +00:00
Ghost CI
0d60c74957 v5.87.0 2024-06-28 16:27:27 +00:00
Princi Vershwal
7bffe5b79a
Added option param to skip distinct from count query for members API
ref https://linear.app/tryghost/issue/SLO-173/removed-distinct-from-member-count-query

Performance of GET /members API can be improved by dropping the distinct from the total members count query.

select count(distinct members.id) as aggregate from `members`; // 275ms
select count(*) as aggregate from `members`; // 30ms

In this case we know that the result set will always be unique.
2024-06-27 17:35:19 +05:30
Michael Barrett
ecf52d4685
Removed request queue enablement flag (#20466)
refs
[CFR-26](https://linear.app/tryghost/issue/CFR-26/remove-request-queue-config-flag)

Removed request queue enablement flag and updated the logic so that the
request queue is enabled when there is explicit configuration for it.
2024-06-27 09:30:07 +01:00
Steve Larson
2e593ebcee
Improved performance fetching posts (#20460)
ref https://linear.app/tryghost/issue/ONC-111
- added composite index to posts_tags for post_id,tag_id for faster
lookup
- added composite index to posts for updated_at; this is commonly used
by get helpers on the front end to display data like the latest posts

In testing, this provided a very dramatic improvement for simple get
helper requests like 'filter="id:-{{post.id}}+tag:sampleTag" limit="3"'
which are by default sorted by updated_at desc. I'm not entirely clear
why when sorting by published_at we do not need a composite index - so
far it doesn't seem to be necessary. This should cover the primary cases
for get helpers - the latest posts with a given tag or set of tags.
2024-06-26 16:29:02 -05:00
renovate[bot]
dfc27b02c8
Update Koenig packages (#20453)
closes https://linear.app/tryghost/issue/MOM-247

- includes a few fixes for errors we've seen in our reporting
2024-06-26 14:48:17 +01:00
Sanne de Vries
e34c36007e
Updated frontend styles for bookmark card (#20468)
REF DES-263
- Added default white background color and sans-serif font to bookmark
card
2024-06-26 12:02:25 +02:00
Steve Larson
b10b81b7d7
Prevented pages content api queries from returning mobiledoc or lexical fields (#20454)
ref https://linear.app/tryghost/issue/CFR-43/
ref 9d9a421

We recently stopped `select *` from posts when making Content API
requests. This is now being applied to the pages endpoint to help
improve performance. These fields were already being stripped out in the
output serializer, and they will now no longer be returned from the db
at all, reducing the amount of data transferred.
2024-06-24 15:17:45 +00:00
Steve Larson
4f6842b99a
Added composite index to posts table for type,status (#20437)
ref https://linear.app/tryghost/issue/CFR-35
- performance improvement intended for the content api/get helpers

The posts table is shared by posts and pages and seldom is queried for
both. It makes sense to add an index on type, and from the perspective
of the content API, also on status as you're almost only ever querying
for published posts or published pages.
2024-06-24 09:13:20 -05:00
Michael Barrett
897481b3b4
Added time field to slow get helper logging (#20427)
refs
[CFR-36](https://linear.app/tryghost/issue/CFR-36/pull-out-response-time-from-ghost-logs-message-field-for-get-helper)

Added time field to slow get helper logging to make it easier to query
and filter on this value in elastic without having to parse the message
field
2024-06-24 14:28:42 +01:00
Ghost CI
bfd7a26370 v5.86.2 2024-06-23 20:39:22 +00:00
Ghost CI
7dcc82b951 v5.86.1 2024-06-21 21:27:33 +00:00
Kevin Ansfield
5b2eaec982 🐛 Fixed 500 errors when viewing posts in development mode
closes https://linear.app/tryghost/issue/ONC-115

- OpenTelemetry was throwing errors when viewing posts
- disabled the instrumentation in development mode so it requires explicit config to enable
2024-06-21 21:59:03 +01:00
Ghost CI
a837cf0247 v5.86.0 2024-06-21 16:04:16 +00:00
renovate[bot]
ccf2d22f4b Update sentry-javascript monorepo to v7.118.0 2024-06-21 13:07:47 +01:00
Daniel Lockyer
12cbb22b85 Lazyloaded OpenTelemetry packages to avoid boot time regression
- we don't want to load the Otel packages unless the instrumentation is
  enabled, because they dramatically increase the boot time (2x locally!)
2024-06-21 11:26:37 +01:00
renovate[bot]
bec000567d Update dependency @opentelemetry/auto-instrumentations-node to v0.47.1 2024-06-21 11:23:14 +01:00
renovate[bot]
4609b43ad7 Update dependency @opentelemetry/instrumentation-runtime-node to v0.5.0 2024-06-21 11:22:50 +01:00
renovate[bot]
478ac0460b Update opentelemetry-js monorepo 2024-06-21 10:55:03 +01:00
renovate[bot]
360088603f Update dependency @opentelemetry/instrumentation-knex to v0.37.0 2024-06-21 10:00:10 +01:00
renovate[bot]
4fd28d4947 Update dependency cssnano to v7.0.3 2024-06-21 09:43:36 +01:00
renovate[bot]
4c8a780e2e Pin dependencies 2024-06-21 09:35:29 +01:00
Kevin Ansfield
5248fbd98e 🐛 Fixed inability to override accent color variable via code injection
closes https://linear.app/tryghost/issue/ONC-72

- moved output of the accent color style element before the site and post/page/tag code injection output
2024-06-20 20:47:11 +01:00