closes: https://github.com/TryGhost/Toolbox/issues/324
refs: https://github.com/TryGhost/Ghost/issues/14446
- Currently, if url is configured to http but a request is marked secure, Ghost will handle upgrading all internal URLs to https so that there are no mixed content warnings
- From 5.0 that feature is going away, in favour of strictly honouring the configured URL
- Ghost will serve URLs exactly as configured and won't upgrade http to https anymore
- This use case was common when Ghost was first built, but in 2022 the web is mostly https.
- The code needed to support the feature creates a lot of additional complexity & maintenance overhead, so removing this gives us space to do more cool and useful stuff in 2022
refs https://github.com/TryGhost/Toolbox/issues/309
- this column is not used and I was going to add `validation` to it but
it's better to clean it up and re-add the column if we need it again
- async/await makes the code easier to read
- also means we can get rid of usages of Promise, and some unnecessary usages of Bluebird
- this refactor is done for the 4 async helpers and the code that wraps async helpers so the whole pipeline is async/await and more understandable
refs https://github.com/TryGhost/Toolbox/issues/292
- Copy improvements were done base on feedback. Makes the information in the email more concise and removes unecessary/unsecure bits like query strings.
refs: https://github.com/TryGhost/Team/issues/626
- calculated settings are simplified settings (booleans) that are based on other settings or data
- they make it easier for us to determine what state features are in elsewhere in ghost e.g. admin and themes
- this duplicates some of the members config concepts in the settings service
no issue
- When applying an incorrect limits config, or missing expected values, Ghost would not boot as the errors would interrupt this process, which should not happen
- This commit catches the error thrown by the limit-service on boot sequence and transforms it into a warning if it's an `IncorectUsageError`. Other errors are handled as before
- Added a test for the limit-service service
refs: e68cb8b314
- a couple of months ago when improving the test coverage here I found some weird behaviour with falsey values
- turned out it didn't matter at the time because we didn't have any settings that are false
- with the introduction of calculated settings we will have: https://github.com/TryGhost/Ghost/pull/14766
- whilst building that, I found settings that should be returned as false were being returned as null
- fixing it in a separate commit to keep the work clean
- It's time, we want to be able to use more modern features, and now we're on node 14 min this makes sense
- @TODO: do this in eslint-plugin-ghost and add new rules to guard the new features
- by default, the model will auto-refresh when you save
- in MySQL, which doesn't support RETURNING, this is implemented by
doing a SELECT after your actual query
- `email_recipients` is a huge table and `processed_at` is not an
indexed column, so the query times can become realllyyyyyyy big
- given we don't even need the result of the model save, we can just
disable fetching all the affected records again
- Bookshelf gives us this ability in the form of `autoRefresh: false`
refs https://github.com/TryGhost/Toolbox/issues/309
- these stopped being added to the DB in v3 but there was never a
migration to clean up existing permissions and the role link in the DB
- we now have the utils to do this cleanly, so we can drop all the
permissions in this migration
- The recently refactored path matching code forgot to take into account that originalUrl can include the subdir
- Added more permutations to tests and ensured that all tests pass
- This means we don't have to worry about what sort of path we pass to the function, it'll figure out the version and api info
- this will drop the link between a role and a permission, and then
delete the permission
- required minor refactoring to aid in creating migrations for dropping
the links and permission
- I'm refactoring the utils to make way for dropping permissions but the
utils are in a real mess
- to aid my refactoring, I want to make the utils a folder, so the
migrations that require utils as a file need updating
- this commit does that
refs: https://github.com/TryGhost/Team/issues/1599
- add an internal integration for Ghost's frontend to talk to the content API
- this is so that portal and future features can access our APIs through the correct mechanism of an API key
refs https://github.com/TryGhost/Toolbox/issues/325
- this was used for an alpha proof-of-concept for member activity data
collection but we're rethinking the strategy so this is the easiest
way to ensure it can't be enabled when the database table has been deleted
refs https://github.com/TryGhost/Toolbox/issues/292
- Providing user-defined Integration name instead of API client's UserAgent gives a lot more control to instance administrators identifying which integration is being used incorrectly.
- It's best practice to create an Integration with a set of API keys per API client - which should be enough to identify an outdated one.
refs https://github.com/TryGhost/Toolbox/issues/309
- this table was used an an experiment for member analytics
- as we rethink the strategy, we can take the opportunity to clean the table up
- we have these rules in place to force the developer to think about the
performance impact of their code
- unless they are enforced, it's easy for them to slip by and miss them
- this commit changes the warnings to errors, which will fail CI
- developers still have the ability to disable lines that flag the
linting in case there is a valid use-case
- if the table doesn't exist, it's not necessarily a failure that we
should be informing the user about
- this brings the message wording in line with other log lines of
similar operations
refs https://github.com/TryGhost/Toolbox/issues/309
- this column is now a calculated value based upon the relation of a
member to a newsletter
- we should no longer need `subscribed`, so this migrations cleans up
the column in the DB
refs https://ghost.slack.com/archives/C02G9E68C/p1651939076681719
Cause:
- When a scheduled post was published via the post scheduler, no `newsletter_id` option is passed when editing the post.
- When editing a post via the posts service, without the `newsletter_id` option, the `newsletter_id` option is automatically set to the default newsletter's id.
- Inside the post model, this new `newsletter_id` was not saved, because it was already set, and changing it is prevented.
- The `mega` service wasn't using the (unchanged) post's newsletter_id, but used the option instead, which contained the default newsletter's id.
Fix:
- Always using the newsletter_id from the post and requiring the newsletter associated with a post to exist.
- This behaviour can be/is tested by publishing a scheduled post without any option.
Also cleaned up some `Object.assign` usages.
refs https://github.com/TryGhost/Team/issues/1546
- allows newsletters API to work with Admin API keys
- updates fixtures to add permissions to admin integration role for new sites
- adds migration to update existing sites to have correct permissions for role
- whitelists add/edit/read/browse on newsletters API for integrations
refs https://github.com/TryGhost/Toolbox/issues/309
- this commit adds a validation array of valid user `status` values to
the schema
- this also includes a migration to update users with invalid statuses
to `inactive`, which I've seen with `invited` and `invited-pending`
statuses that pre-dated proper invitations
- this also deletes tests that were wrong and written 7 years ago before
invites was added
- `subscribed` will soon cease to be a column on a member and I get errors
in tests that stem from this block of code because it no longer exists
- AFAICT this block of code is only used to verify the filter is valid
to filter on, which we should be able to do even if we remove
`subscribed`
- this commit removes `subscribed` from the filter
refs https://github.com/TryGhost/Toolbox/issues/309
- I originally started looking at this because I wanted to change the default of
`emails.recipient_filter` for old DBs to `status:-free`
- we changed these columns to a `text` type, which doesn't support
defaults
- the tables already have defaults set in the model, so the only change
needed here is to delete the `defaultTo` in the schema to avoid
confusion
- on the way, I ended up fixing 51498abb5c too
refs https://github.com/TryGhost/Toolbox/issues/309
- we're removing the OAuth prototype and the table was never used, so we
should be good to drop it
- this commit adds a migration to drop the table
refs https://github.com/TryGhost/Toolbox/issues/309
- we started off with "free" and "paid" in these columns but since moved
to NQL strings
- there is code in Ghost to rewrite these values to NQL strings, but we
still have posts/emails in the DB with these old values so they need
to be updated
- once this migration is merged, we can probably clean a lot of that
aliasing up
- this commit migrates values in `posts.email_recipient_filter` and
`emails.recipient_filter` from `free` to `status:free` and `paid` to
`status:-free`
- I've left the down as a no-op because we don't want to translate
values back, and we don't know which ones we originally migrated in
the first place
refs https://github.com/TryGhost/Toolbox/issues/230
- The test fixtures should be using `authors: [{id:...}]` syntax instead of relyin on `author_id` or `author` - these are deprecated concepts that should go away from the codebase
refs https://github.com/TryGhost/Toolbox/issues/230
- The `author_id` would be ignored as a parameter in the API or Post model, so would produce a falsy results if specific fixtures were used to compare test results
