Commit Graph

1152 Commits

Author SHA1 Message Date
Kevin Ansfield
bdf1383b30 Version bump to 2.23.3 2019-06-06 11:15:47 +01:00
Kevin Ansfield
07e9490621
🐛 Fixed server crash when AMP posts contain images with unescaped chars (#10775)
no issue

- bump `amperize` to v0.4.0 which contains an updated version of `got` which does not crash on invalid image urls
2019-06-05 17:31:23 +01:00
Nazar Gargol
74d5bf3822 Version bump to 2.23.2 2019-06-04 13:01:40 +02:00
Naz Gargol
acdcadc396
🔥 Dropped Node v6 support (#10771)
no issue
    
- Node v6 has come to EOL as of 2019-04-30 (ref. https://github.com/nodejs/Release#end-of-life-releases)
- Removed Node v6 specific tests and code
2019-06-03 14:20:23 +02:00
Kevin Ansfield
525c2753ec Update dependency @tryghost/html-to-mobiledoc to v0.4.1
no issue

- includes a fix for text content potentially being lost when converting html to mobiledoc via the API
2019-06-03 12:34:35 +01:00
Kevin Ansfield
81ebe3e8a3 Version bump to 2.23.1 2019-05-28 18:36:10 +01:00
Kevin Ansfield
5ee76a3f85 Version bump to 2.23.0 2019-05-27 10:57:22 +01:00
Kevin Ansfield
7ea161ae04 Version bump to 2.22.3 2019-05-23 13:49:24 +01:00
Fabien O'Carroll
0918844e75 Version bump to 2.22.2 2019-05-21 12:09:14 +02:00
Fabien O'Carroll
5b0b7e4d8d Version bump to 2.22.1 2019-05-14 11:16:04 +02:00
Nazar Gargol
bb7bb55cf3 Bumped gscan version to 2.6.0
no issue

- Updated valid theme fixture to be inline with warning that was added when using {{each}} helper instead of {{foreach}}
2019-05-08 16:56:22 +02:00
Fabien O'Carroll
c101fd90d7
Removed lib/members in favour of packages (#10739)
* Installed `@tryghost/members-{api,auth-pages}`

no-issue

* Used @tryghost/members-auth-pages in member service

no-issue

* Used @tryghost/members-api in members service

no-issue

* Deleted core/server/lib/members

no-issue

* Fixed parent app tests

no-issue

Requiring the members api (via the `gateway` getter) was throwing an
error, so we stub out the members service getters
2019-05-08 14:08:25 +02:00
Nazar Gargol
53b300d7bf Version bump to 2.22.0 2019-05-07 12:37:29 +02:00
Rish
a4f4a00cc4 Updated to use slugify method from SDK for safe string
refs #10618

- Updated lib safe string security method
2019-05-07 15:33:07 +05:30
Fabien O'Carroll
4563999352 🐛 Fixed password submission for private blogging
no-issue

This bump to members-ssr includes an update which no longer consumes the
request stream when calling getMemberDataFromSession. Previously, this
method was called on every request to the theme layer, and the
private-blogging middleware was unable to parse the body as the request
stream had already been consumed.
2019-05-06 12:38:38 +02:00
Kevin Ansfield
75ae3f8736 Added parsing of html cards when using ?source=html with the v2 Admin API
no issue

- when sending `html` with `?source=html` to the v2 Admin API it's now possible to include blocks of HTML that will be extracted to html cards rather than going through the normal lossy html-to-mobiledoc conversion

Example usage would be sending HTML in the following format:

```html
<p>Some standard content...</p>

<!--kg-card-begin: html-->
<div class="my-custom-html">...</div>
<!--kg-card-end: html-->

<p>Some more content...</p>
```

In this case an html card will be created in the mobiledoc with the content `<div class="my-custom-html">...</div>`.
2019-05-04 11:30:59 +01:00
Kevin Ansfield
9f9dde3107 Added caption and language extraction for code blocks when converting HTML via API
no issue
- update @tryghost/html-to-mobiledoc to v0.3.0
- uses updated @tryghost/kg-parser-plugins that is now shared with Ghost-Admin
2019-05-03 11:55:38 +01:00
Fabien O'Carroll
5e33f0771d Moved cpy-cli to dependencies
no-issue

This needs to be installed as a top level dependency so that it can run
on all install contexts
2019-05-01 18:43:44 +02:00
Fabien O'Carroll
cade823ba7 🐛 Fixed postinstall script when running on Windows
no-issue

The previous postinstall script used the unix specific `cp` command,
which caused installing on Windows to break. This replaces it with an
npm module which handles copying files agnostic to platform.
2019-05-01 18:09:04 +02:00
Nazar Gargol
17cc70b94b Bumped bookshelf-relations version to 1.1.1 2019-04-30 17:11:40 +02:00
Kevin Ansfield
3d16b50fc0 Version bump to 2.21.1 2019-04-30 11:10:02 +02:00
Fabien O'Carroll
59c57a9216 Copied members-theme-bindings to public post install
no-issue
2019-04-24 12:46:00 +02:00
Fabien O'Carroll
5d02d1999c Installed @tryghost/members-theme-bindings@0.1.0
no-issue
2019-04-24 12:46:00 +02:00
Fabien O'Carroll
2edda4c757 Version bump to 2.21.0 2019-04-23 11:34:46 +02:00
Rish
c53e66d49a Version bump to 2.20.1 2019-04-17 18:31:47 +05:30
Rish
4d0643fb49 🐛 Fixed crash in calculating reading time for empty posts
no issue

- Updated helpers package to fix `null` html cases in case of empty post content
2019-04-17 15:12:01 +05:30
Fabien O'Carroll
f9899cb8c4
Updated theme layer to use members-ssr (#10676)
* Removed support for cookies in members auth middleware

no-issue

The members middleware will no longer be supporting cookies, the cookie
will be handled by a new middleware specific for serverside rendering,
more informations can be found here:

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Removed members auth middleware from site app

no-issue

The site app no longer needs the members auth middleware as it doesn't
support cookies, and will be replaced by ssr specific middleware.

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Added comment for session_secret setting

no-issue

We are going to have multiple concepts of sessions, so adding a comment
here to be specific that this is for the Ghost Admin client

* Added theme_session_secret setting dynamic default

no-issue

Sessions for the theme layer will be signed, so we generate a random hex
string to use as a signing key

* Added getPublicConfig method

* Replaced export of httpHandler with POJO apiInstance

no-issue

This is mainly to reduce the public api, so it's easier to document.

* Renamed memberUserObject -> members

no-issue

Simplifies the interface, and is more inline with what we would want to export as an api library.

* Removed use of require options inside members

no-issue

This was too tight of a coupling between Ghost and Members

* Simplified apiInstance definition

no-issue

* Added getMember method to members api

* Added MembersSSR instance to members service

* Wired up routes for members ssr

* Updated members auth middleware to use getPublicConfig

* Removed publicKey static export from members service

* Used real session secret

no-issue

* Added DELETE /members/ssr handler

no-issue

This allows users to log out of the theme layer

* Fixed missing code property

no-issue

Ignition uses the statusCode property to forward status codes to call sites

* Removed superfluous error middleware

no-issue

Before we used generic JWT middleware which would reject, now the
middleware catches it's own error and doesn't error, thus this
middleware is unecessary.

* Removed console.logs

no-issue

* Updated token expirty to hardcoded 20 minutes

no-issue

This returns to our previous state of using short lived tokens, both for
security and simplicity.

* Removed hardcoded default member settings

no-issue

This is no longer needed, as defaults are in default-settings.json

* Removed stripe from default payment processor

no-issue

* Exported `getSiteUrl` method from url utils

no-issue

This keeps inline with newer naming conventions

* Updated how audience access control works

no-issue

Rather than being passed a function, members api now receives an object
which describes which origins have access to which audiences, and how
long those tokens should be allowed to work for. It also allows syntax
for default tokens where audience === origin requesting it. This can be
set to undefined or null to disable this functionality.

{
    "http://site.com": {
        "http://site.com": {
            tokenLength: '5m'
        },
        "http://othersite.com": {
            tokenLength: '1h'
        }
    },
    "*": {
        tokenLength: '30m'
    }
}

* Updated members service to use access control feature

no-issue

This also cleans up a lot of unecessary variable definitions, and some
other minor cleanups.

* Added status code to auth pages html response

no-issue

This was missing, probably default but better to be explicit

* Updated gateway to have membersApiUrl from config

no-issue

Previously we were parsing the url, this was not very safe as we can
have Ghost hosted on a subdomain, and this would have failed.

* Added issuer to public config for members

no-issue

This can be used to request SSR tokens in the client

* Fixed path for gateway bundle

no-issue

* Updated settings model tests

no-issue

* Revert "Removed stripe from default payment processor"

This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845.

* Revert "Removed hardcoded default member settings"

This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a.

* Installed @tryghost/members-ssr

* Fixed tests for settings model
2019-04-16 16:50:25 +02:00
Rish
770f6afa2a Version bump to 2.20.0 2019-04-16 16:42:31 +05:30
Rish
1ca3ba9a6e Updated Ignition to 3.1.0
no issue

- Bumped Ghost Ignition to 3.1.0 to support more options
2019-04-16 16:32:50 +05:30
Rishabh Garg
62f5bdac4c
Updated to use count words/images helpers from SDK (#10686)
refs #10618

- Added @tryghost/helpers dependency to use Ghost-SDK helpers
- Updated countWords, countImages helpers and removed local copy
2019-04-16 08:00:01 +05:30
Fabien O'Carroll
5460de9c58 Updated gscan to 2.5.0
no-issue

This includes a bump to handlebars -> 4.1.2, which fixes a potential RCE
https://github.com/wycats/handlebars.js/blob/v4.1.2/release-notes.md#v412---april-13th-2019
2019-04-15 14:30:37 +02:00
Fabien O'Carroll
0f5ca616b8 Updated express-hbs to 1.1.1
no-issue

This includes a bump to handlebars -> 4.1.2, which fixes a potential RCE
https://github.com/wycats/handlebars.js/blob/v4.1.2/release-notes.md#v412---april-13th-2019
2019-04-15 14:30:37 +02:00
Nazar Gargol
a7385f5e10 Version bump to 2.19.4 2019-04-09 19:30:37 +08:00
Fabien O'Carroll
3f52c404d4 Removed coverage tasks from Gruntfile
refs #9441
2019-04-08 18:23:35 +02:00
Kevin Ansfield
12e0366fc9 Version bump to 2.19.3 2019-04-04 14:58:48 +01:00
Fabien O'Carroll
c461c66b38 Added support for local template options
no-issue

This bumps express-hbs to 1.1.0 which includes the change for local
template options.

https://github.com/barc/express-hbs/releases/tag/v1.1.0
2019-04-03 11:31:20 +02:00
Kevin Ansfield
dd619789cb Version bump to 2.19.2 2019-04-02 10:02:14 +01:00
Nazar Gargol
7d6436f9bf Bumped gscan version to 2.4.0
no issue

- Updated theme fixtures to be in line with new deprecation rules
for {{lang}} and {{@blog.*}} helpers introduced with https://github.com/TryGhost/gscan/pull/180
2019-04-02 13:47:59 +08:00
Kevin Ansfield
a532e35dc4 Version bump to 2.19.1 2019-03-27 17:26:57 +00:00
Fabien O'Carroll
e99db0ee2d Revert "🐛 Fixed AMP output when there is a trailing '$'" (#10642)
This reverts commit 0c77033d51.

See https://github.com/TryGhost/Ghost/issues/10643 for an explanation.
2019-03-27 17:20:21 +00:00
Fabien O'Carroll
00a52750df Version bump to 2.19.0 2019-03-26 11:50:32 +01:00
Fabien O'Carroll
0c77033d51 🐛 Fixed AMP output when there is a trailing '$'
closes #9716

This was caused by a bug in express-hbs, which has more explanation
here:
https://github.com/TryGhost/Ghost/issues/9716#issuecomment-414863553
2019-03-26 12:19:30 +08:00
Kevin Ansfield
6629b4d490 Version bump to 2.18.3 2019-03-22 13:38:48 +00:00
Rish
eacd9d6e08 Version bump to 2.18.2 2019-03-19 16:41:50 +05:30
kirrg001
8fd2e03ebf Version bump to 2.18.1 2019-03-13 23:43:48 +01:00
Fabien O'Carroll
02c56e90e5 Version bump to 2.18.0 2019-03-13 22:06:18 +01:00
Nazar Gargol
1d64090f5e Version bump to 2.17.2 2019-03-13 18:52:43 +08:00
Kevin Ansfield
f6f35ebcd0 Version bump to 2.17.1 2019-03-12 18:45:55 +00:00
Nazar Gargol
458a57b09d Version bump to 2.17.0 2019-03-12 20:39:30 +08:00
Hannah Wolfe
9efc06255f Simplify lint build in travis & grunt
refs #9441

- We have logic in travis and in grunt and in package.json, this simplifies things.
- `grunt lint` is now just an alias
2019-03-11 16:25:56 +00:00