Commit Graph

9684 Commits

Author SHA1 Message Date
Kevin Ansfield
b46f9b1dc2 🔒 Fully separated front-end and admin app urls
no issue

- uses `vhost` in parent-app to properly split front-end and admin/api apps when a separate admin url is configured
2019-09-10 15:47:49 +01:00
Kevin Ansfield
58b9aea00d Added publicAdminApi middleware stack
refs https://github.com/TryGhost/Ghost/issues/11083

- the `/api/v2/admin/site/` endpoint is "public" and as such was not using the `authAdminApi` middleware stack so it did not act like other API endpoints with protocol or trailing-slash redirects
- adds `publicAdminApi` middleware array and uses it for the `/site/` endpoint in both v2 and canary API versions
2019-09-10 15:47:49 +01:00
Naz Gargol
7dc38e2078
🔥 Removed V1 code/references in frontend resources/routing layer (#11087)
no issue

- Removed v1 'author' leftover in include statement for preview controller
- Removed v1 'author' leftover in include statement for preview controller
- Removed v1 'author' leftover in include statement in entry lookup routing helper
- Migrated related test to use v2 API controller
- Removed v0.1 routing confif
- Removed v0.1 url config
- Fixed tests that had to do with url's in resources after removing v0.1 resources from URL cache
- Removed v1 'author' leftover in include statement in static routing helper
- Modified the test to use v2 API
- Removed v1 specific condition with 'page' in context helper
- Fixed dynamic routing spec after theme switch to v2. All tested users have to have at least one published post to be shown as an author
- Fixed URL Service spec to use theme engine v2
2019-09-10 11:41:42 +02:00
Naz Gargol
a9050f68ea
🔥 Removed V1 code/references in frontend helpers/meta layers (#11080)
no issue

- Removed deprecated 'blog' reference from frontend data. The alias (site->blog) stays till next version (v4) as it's not leaving much of technical debt but would ease the migration process for anybody still using it. 
- The follow up to this is substitute of all references to `options.data.blog` with `options.data.site` in "frontend"
- Fixed test utils helper to use `site` instead of `blog`
- Removed 0.1 flag checks in {{get}} helper
- Removed user aliasing from {{get}} helper
- Removed unused translation for {{get}} helper
- Added a note to excerpt changes in metadata for future reference
- Removed page alias used in description helper. The mix of page context with post object in the metadata was only possible in v0.1
- Changed mock in ghost_head helper to use v2
- Removed unneeded test for body class helper
2019-09-10 11:37:04 +02:00
Kevin Ansfield
1752132051 Merge branch 'master' into v3 2019-09-10 09:50:15 +01:00
renovate[bot]
c3eb5c291c Lock file maintenance (#11061) 2019-09-10 09:45:45 +01:00
renovate[bot]
74fab21eb5 Update dependency mobiledoc-dom-renderer to v0.7.0 (#10937) 2019-09-10 09:36:43 +01:00
renovate[bot]
aa22de4db8 Update dependency nock to v11 (#11093) 2019-09-10 09:13:26 +01:00
renovate[bot]
07448ce034 Update dependency sqlite3 to v4.1.0 (#11034) 2019-09-10 08:58:35 +01:00
renovate[bot]
68af109d8e Update dependency bookshelf-relations to v1.3.0 (#11065) 2019-09-10 08:57:56 +01:00
Kevin Ansfield
2c5fb3d7b8 Version bump to 2.31.0 2019-09-09 17:47:56 +01:00
Kevin Ansfield
e8188f8f6b Updated Ghost-Admin to 2.31.0 2019-09-09 17:47:56 +01:00
Kevin Ansfield
ba3c26ef5c
🐛 Fixed "View site" screen in admin on private sites with separate admin url (#11098)
closes https://github.com/TryGhost/Ghost/issues/11078

Problem:
- the admin client makes an XHR request to the `/private/` endpoint when a private site is configured
- when a separate admin URL is configured this was causing 500 errors in the admin client because missing CORS headers on the endpoint was causing browsers to abort the request
- browsers will also look at the CORS headers on any resources that are the result of a redirect and abort the request if they do not allow cross-origin requests, this means allowing all requests on `/private/` is not enough

Solution:
- uses the `cors` middleware with a dynamic options function for the whole of the front-end site app
- dynamic options function allows the following requests through:
  - same-origin (browsers and non-browser agents will not send an `Origin` header)
  - origin is `localhost` or `127.0.0.1` with any protocol and port
  - origin matches the configured `url` hostname+port on any protocol
  - origin matches the configured `admin:url` hostname+port on any protocol
2019-09-09 17:42:55 +01:00
Kevin Ansfield
88659e5a52 Switched private login brute errors to correct error status code
no issue

- when too many login attempts were detected for the `/private/` form we were throwing 500 errors instead of the more appropriate 429 error that we use everywhere else for "too many request" type errors
2019-09-09 16:02:21 +01:00
Kevin Ansfield
5be63958b9 Reverted dependency oembed-parser to 1.2.2
no issue

- 1.3.1 is breaking the oembed regression tests
2019-09-09 16:00:04 +01:00
Kevin Ansfield
be71afa07d Fixed regression tests expecting relative URLs for admin redirects
no issue

- @tryghost/url-utils was bumped to 0.3.1 which fixed admin redirects returning relative rather than absolute URLs
- updates tests that were expecting relative URLs rather than absolute URLs
2019-09-09 15:52:26 +01:00
Hannah Wolfe
708927335b Added error handling for weird handlebars syntax
refs #10496

- handlebars if and unless helpers throw weird, unhelpful syntax errors
- for now, catch these errors and do something helpful with them
2019-09-09 13:03:04 +01:00
Hannah Wolfe
9abffe4396 Added guard to asset helper for missing paths
refs #10496

- currently {{asset this/is/not/a.string}} would throw a 500 error
- this commit changes that to make it throw a sensible 400 + incorrect usage error
2019-09-09 13:02:45 +01:00
renovate[bot]
5c8efd087e Update dependency @tryghost/html-to-mobiledoc to v0.6.0 (#11092) 2019-09-09 10:45:30 +01:00
renovate[bot]
fa0a399345 Update dependency oembed-parser to v1.3.1 (#10983) 2019-09-09 10:44:13 +01:00
Fabien O'Carroll
b8fc0d2bd1
Cached member data in ghost-members-ssr-cache cookie (#11096)
no-issue

* Installed @tryghost/members-ssr@0.4.0
  This now supports caching of the data returned by the members-api

* Renamed cookies set by members-ssr
  As discussed with @ErisDS I have prefixed these cookies with `ghost`
2019-09-09 17:39:46 +08:00
Fabien O'Carroll
9447165e0a Alphabetically sorted dependencies in package.json
no-issue

When installing new packages yarn sorts them alphabetically, this meant
that installing/updating packages would have extra changes which would
be noisy either to developers or the git history.
2019-09-09 17:33:47 +08:00
Renovate Bot
01f2f36547 Update dependency @tryghost/url-utils to v0.3.1 2019-09-09 02:34:18 +00:00
Renovate Bot
af021921e7 Update dependency @tryghost/helpers to v1.1.9 2019-09-09 01:28:16 +00:00
Hannah Wolfe
a4464d0137 Return correct error codes from storage adapter
no issue

- malformed paths such as http://localhost:2368/content/images/2018/02/%c0%af were throwing 500 errors, instead of 500 errors
- this code catches the error and handles it correctly
2019-09-06 17:40:55 +01:00
Hannah Wolfe
623c65c509 💡Changed static router - throw 400 for missing tpl
fixes #10990

- Changed the static router to throw a 400 error for a missing template file, rather than falling back to using the default.hbs file
- Falling back is weird and hard to understand, but throwing an error makes it clear that the user has to provide the matching template
- The new error reads 'Missing template [filename].hbs for route "[route]".'

Assume you have a route.yaml file something like:

```
routes:
  /: home
```

- In Ghost v2, if you don't have a home.hbs template, Ghost falls back to using the default.hbs file if it's available
- Most themes have a default.hbs, however this file is a layout file, depended on by other templates, not a template file itself
- In production mode, using the default.hbs as a template causes weird, intermittent layout issues depending on which order pages are loaded
- This is due to this issue: https://github.com/barc/express-hbs/issues/161
- In Ghost v3, we will throw a 400 error for missing template files instead of having a fallback
- In the example above, navigating to '/' would throw the error 'Missing template home.hbs for route "/".'
2019-09-06 15:41:42 +01:00
Fabien O'Carroll
78505f86ef
Updated members.js & members.min.js (#11082)
no-issue

* Converted member.js to es5
* Updated member.min.js
2019-09-06 16:07:46 +08:00
Fabien O'Carroll
f63577fa4f
Implemented stripe checkout handling for members
no-issue

* Installed members-api@0.5.0 members-ssr@0.3.1
* Supported multiple members-forms
* Used members canary api
* Added GET handler to /members/ssr for id token
The identity token will be used to ensure that a payment is linked to the correct member
* Added stripe.js to ghost_head when members enabled
* Added basic support for linking to stripe checkout
* Removed listener to title and icon settings changes
* Added stripe subscription config
2019-09-06 15:14:21 +08:00
Fabien O'Carroll
49672a1e4d Updated members service to use magic-link signin
no-issue
2019-09-05 11:14:50 +08:00
Fabien O'Carroll
ef78fe7bab Updated members-api@0.4.1 members-ssr@0.3.0
no-issue

These versions contain the necessary changes for magic link signin
2019-09-05 11:14:50 +08:00
Fabien O'Carroll
edca4138ff Updated getMember to return null rather than throw
no-issue

This allows members code to remove try/catch statements without having
to pass the Ghost/bookshelf specific `require: false` option
2019-09-05 11:14:50 +08:00
Fabien O'Carroll
294f3769cb Removed name and password columns from members table
no-issue

We have no need for these right now and it is easier to drops the
columns, rather than to modify the name column to nullable
2019-09-05 11:14:50 +08:00
Fabien O'Carroll
7382967613 Added createColumnMigration helper
no-issue
2019-09-05 11:14:50 +08:00
Rishabh Garg
b875cc339d
🔥 Dropped unused ghost_auth_* user fields
no issue

- Drops `ghost_auth_access_token` and `ghost_auth_id` fields since not used anymore
- Adds migration for dropping these columns from users table
- Drops Auth strategy - `ghostStrategy` - since its not used anymore
2019-09-03 20:48:42 +05:30
Rishabh Garg
303046bc0a
💡Added v3 API endpoint (#11073)
no issue

- Adds new /v3/ endpoint which currently aliases canary code
2019-09-03 12:33:31 +05:30
Kevin Ansfield
bc18aee3b4 Removed unused admin serviceworker endpoint
no issue

- Ghost-Admin serviceworker support was removed a long time ago but the URL handling was never removed
2019-09-02 16:58:06 +01:00
Nazar Gargol
548ed8b851 🔥 Dropped default inclusion of primary_tag/primary_author fields in Content API
no issue

- Content API doesn't return primary_tag and primary_author fields by default if authors or tags were not requested
- These fields are still always included in Admin API as a result of having authors and tags loaded (like a sideeffect)
2019-09-02 15:06:12 +02:00
Kevin Ansfield
7e408ae808
🔥 Removed RSS pagination (#11069)
no issue

- removed support for `/rss/:page/` URLs
- removed `/rss/1/` -> `/rss/` redirect
2019-09-02 11:34:13 +01:00
Renovate Bot
b1c61e4e84 Update dependency knex to v0.19.3 2019-09-02 02:32:19 +00:00
Renovate Bot
9a9be2f55e Update dependency bookshelf-relations to v1.1.2 2019-09-02 01:31:35 +00:00
Kevin Ansfield
2080d2f974 Version bump to 2.30.2 2019-08-28 11:39:00 +01:00
Kevin Ansfield
7d330013ba Updated Ghost-Admin to 2.30.2 2019-08-28 11:39:00 +01:00
Kevin Ansfield
9886077620 Version bump to 2.30.1 2019-08-27 19:44:36 +01:00
Kevin Ansfield
49c517db20 Updated Ghost-Admin to 2.30.1 2019-08-27 19:44:36 +01:00
Kevin Ansfield
91f14419c6 Updated Casper to 2.11.1 2019-08-27 19:44:36 +01:00
Rishabh Garg
44a5da22b9 🐛 Fixed wrong icon being pulled into bookmark cards for some sites (#11055)
no issue

Current metascraper rule for fetching page metadata in case of bookmark card gives preference to publisher logo over icon tags. This PR updates giving first preference to icon link tags followed by logo.
2019-08-27 19:32:26 +01:00
Rish
c8b9fd0362 Version bump to 2.30.0 2019-08-27 21:01:30 +05:30
Rish
a66746f110 Updated Ghost-Admin to 2.30.0 2019-08-27 21:01:30 +05:30
Rish
21f87e9925 Updated Casper to 2.11.0 2019-08-27 21:01:30 +05:30
Rishabh Garg
c2aa62083c Added support for bookmark card (#11024)
requires https://github.com/TryGhost/Ghost-Admin/pull/1293

- updates `oembed` endpoint behaviour
  - if an oembed provider is not found then we use `metascraper` to populate a metadata object
  - when metadata is returned rather than an oembed response the payload will look like this:
    ```json
    {
        "url": "...",
        "type": "bookmark",
        "metadata": {
            "url": "...",
            "title": "...",
            "description": "...",
            "author": "...",
            "publisher": "...",
            "thumbnail": "...",
            "icon": "..."
        }
    }
    ```
- adds a `bookmark` card which generates output for the bookmark card:
  ```html
  <figure class="kg-card kg-bookmark-card">
    <a href="[URL]" class="kg-bookmark-container">
      <div class="kg-bookmark-content">
        <div class="kg-bookmark-title">[TITLE]</div>
        <div class="kg-bookmark-description">[DESCRIPTION]</div>
        <div class="kg-bookmark-metadata">
          <img src="[ICON]" class="kg-bookmark-icon">
          <span class="kg-bookmark-author">[AUTHOR]</span>
          <span class="kg-bookmark-publisher">[PUBLISHER]</span>
        </div>
      </div>
      <div class="kg-bookmark-thumbnail">
        <img src="[THUMBNAIL]">
      </div>
    </a>
  </figure>
  ```
  - if a particular bit of data does not exist then the associated html element will not be present
2019-08-27 15:01:02 +01:00