Commit Graph

28 Commits

Author SHA1 Message Date
Hannah Wolfe
bd597db829
Moved settings/cache to shared/settings-cache
- This is part of the quest to separate the frontend and server & get rid of all the places where there are cross-requires
- At the moment the settings cache is one big shared cache used by the frontend and server liberally
- This change doesn't really solve the fundamental problems, as we still depend on events, and requires from inside frontend
- However it allows us to control the misuse slightly better by getting rid of restricted requires and turning on that eslint ruleset
2021-06-30 15:49:10 +01:00
Hannah Wolfe
8612f3aaeb
Moved route settings to new server service
- The main goal here is getting this settings related code out of the routing service as it really doesn't belong there
- This settings file is used purely by the API to get and set files - its not really anything to do with actual routing
- This file calls out to the bridge to do a reload, which helps decouple slightly
- More refactoring is needed to get rid of the urlService dependency
- Note this file is really similar to the redirects one, it would be good to merge them
2021-06-30 10:58:33 +01:00
Hannah Wolfe
ed46f31c71
Revert "Moved route settings to server"
This reverts commit 3c36af63cf.
2021-06-30 10:52:19 +01:00
Hannah Wolfe
3c36af63cf
Moved route settings to server 2021-06-30 09:31:15 +01:00
Hannah Wolfe
273e220327 Moved i18n to shared
refs 829e8ed010

- i18n is used everywhere but only requires shared or external packages, therefore it's a good candidate for living in shared
- this reduces invalid requires across frontend and server, and lets us use it everywhere until we come up with a better option
2021-05-04 13:03:38 +01:00
Hannah Wolfe
829e8ed010 Expanded requires of lib/common i18n and events
- Having these as destructured from the same package is hindering refactoring now
- Events should really only ever be used server-side
- i18n should be a shared module for now so it can be used everywhere until we figure out something better
- Having them seperate also allows us to lint them properly
2021-05-03 17:14:52 +01:00
Thibaut Patel
375c71fc6a 🔒 Added a way to hide the secret settings once they are set
issue https://github.com/TryGhost/Team/issues/621
2021-04-16 17:05:16 +02:00
Fabien O'Carroll
8880cc82c7 Refactored usage of the pre v4 "slack" setting
refs https://github.com/TryGhost/Ghost/issues/10318

- Change/compatibility table for this changeset:

Importer

+ "slack_username"  import
- "slack_url" ignore
+ "slack.username" import
- "slack.url" ignore

v3 & canary/v4 Admin APIs
GET /settings/ (browse)

+ "slack_username" present in response
+ "slack_url" present in response
+ "slack" present in response

GET /settings/:settingName (read)

+ "slack_username" present in response
+ "slack_url" present in response
+ "slack" present in response

PUT /settings/ (edit)

+ "slack_username" updates setting
+ "slack_url" updates setting
+ "slack" !NOTE! updates setting unless "slack_username" or "slack_ur"l are set (updated keys take priority)

v2 Admin API
GET /settings/ (browse)

- "slack_username" NOT present in response
- "slack_url" NOT present in response
+ "slack" present in response

GET /settings/:settingName (read)

- "slack_username" ignored (404)
- "slack_url" ignored (404)
- "slack" present in response

PUT /settings/ (edit)

- "slack_username" ignored (no error)
- "slack_url" ignored (no error)
+ "slack" updates setting
2021-02-15 15:25:54 +13:00
Nazar Gargol
5582d030e3 Added routes.yaml content checksum storage to the db
closes #11999

- When the routes.yaml file changes (manually or through API) we need
to store a checksum to be able to optimize routes reloads in the future
- Added mechanism to detect differences between stored and current routes.yaml hash value
- Added routes.yaml sync on server boot
- Added routes.yaml handling in controllers
- Added routes hash synchronization method in core settings. It lives in core settings
as it needs access to model layer. To avoid coupling with the frontend settings it accepts
a function which has to resolve to a routes hash
- Added note about settings validation side-effect. It mutates input!
- Added async check for currently loaded routes hash
- Extended frontend settings loader with async loader. The default behavior of the loader is
to load settings syncronously for reasons spelled in 0ac19dcf84
To avoid blocking the eventloop added async loading method
- Refactored frontend setting loader for reusability of  settings file path
- Added integrity check test for routes.yaml file
2020-09-10 10:54:57 +12:00
Nazar Gargol
e394b5ad9c Added naive settings type options parameter support to settings API v2
refs TryGhost/Ghost#10318
refs 8fc526ff6

- This is symetric change to one done for v3 API (commited as 8fc526ff6)
- Added 'core' filtering for v2 API controller
2020-06-25 16:32:16 +12:00
Kevin Ansfield
e9b6e8eca7 Removed API filter of settings now correctly grouped in "core"
refs https://github.com/TryGhost/Ghost/issues/10318

- `members_public_key` and `members_private_key` are now correctly grouped under `core` which is already filtered out so we don't need the extra filter to exclude them
2020-06-24 14:55:50 +01:00
Kevin Ansfield
8a817050c5
Organised default settings into new groups (#11952)
refs https://github.com/TryGhost/Ghost/issues/10318

- precursor to migrating from `settings.type` to `settings.group`
- renames `blog` type to `site`
- renames `bulk_email` type to `email`
- moves settings out of `site` (previously `blog`) into more appropriate groups such as `core` or individual feature groups
2020-06-23 20:49:08 +01:00
Nazar Gargol
b78dbfbbc2 Removed use of deprecated setting flags from the codebase
refs #10318
refs https://github.com/TryGhost/Ghost/pull/11942

- Removes force_i18n, permalinks, and members_session_secret usage from the codebase
-  We deprecated these flasgs and have not used since Ghost v2. It's good time to remove them before we introduce bigger changes to how `settings` table opeartes.
- Fixed importer test. The test was meant to check if string values were converted properly, the check agains boolean didn't make much sense in this context, so removed it.
- Following this change are going to come ralated migrations to fix existing data (see ref)
2020-06-23 11:58:19 +12:00
Vikas Potluri
4ac88dce10
Refactored common lib import to use destructuring (#11835)
* refactored `core/frontend/apps` to destructure common imports
* refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports
* refactored `core/frontend/services/settings` to destructure common imports
* refactored remaining `core/frontend/services` to destructure common imports
* refactored `core/server/adapters` to destructure common imports
* refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports
* refactored `core/server/data/importer` to destructure common imports
* refactored `core/server/models/{base, plugins, relations}` to destructure common imports
* refactored remaining `core/server/models` to destructure common imports
* refactored `core/server/api/canary/utils/serializers/output` to destructure common imports
* refactored remaining `core/server/api/canary/utils` to destructure common imports
* refactored remaining `core/server/api/canary` to destructure common imports
* refactored `core/server/api/shared` to destructure common imports
* refactored `core/server/api/v2/utils` to destructure common imports
* refactored remaining `core/server/api/v2` to destructure common imports
* refactored `core/frontend/meta` to destructure common imports
* fixed some tests referencing `common.errors` instead of `@tryghost/errors`
   - Not all of them need to be updated; only updating the ones that are
causing failures
* fixed errors import being shadowed by local scope
2020-05-22 19:22:20 +01:00
Naz Gargol
786eaac57e
Added permission restrictions to editing members flag (#11217)
no issue

- Added test cases to check edit permission on settings endpoints
- Added test to demonstrate owner-only being able to toggle members flag
- Permission check when editing settings `lab.members`
- Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure.
- Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame"
- Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 10:26:54 +02:00
Nazar Gargol
c7522f896b Moved settings dynamicRouting to routing.settings 2019-06-21 16:34:17 +02:00
Nazar Gargol
a84c15689e Renamved activate/serve methods as suggested in discussions 2019-06-21 13:58:26 +02:00
Nazar Gargol
f3b4e2e39a Renamed 'routes' to 'dynamic-routing' 2019-06-21 13:12:23 +02:00
Nazar Gargol
61dc9e8c24 Moved RoutesHandler into settings module
- To keep in convention with settings described in - https://github.com/TryGhost/Ghost/issues/9528 , extracted routes handler into separate settings folder
2019-06-20 16:58:26 +02:00
Nazar Gargol
8709f5cc55 Moved out code from download to serve method 2019-06-20 13:23:58 +02:00
Nazar Gargol
c3b14f82fd Moved settings#upload method out of settings controller 2019-06-20 13:19:22 +02:00
Naz Gargol
df7e64fafa
Extracted frontend folder (#10780)
refs #10790

- Moved /core/apps into core/frontend
- Moved /core/server/helpers to /core/frontend/helpers along with /core/server/services/themes
- Changed helper location in overrides
- Moved /core/server/services/routing to /core/frontend/services
- Moved /core/server/services/url to /core/frontend/services
- Moved /core/server/data/meta to /core/frontend/meta
- Moved /core/server/services/rss to /core/frontend/services
- Moved /core/server/data/xml to /core/frontend/services
2019-06-19 11:30:28 +02:00
Fabien O'Carroll
b3f66c6c91 Blacklisted private member settings for HTTP calls
no-issue

Previously it was possible to fetch the private key and session secret
for the members service, this is a security issue as we do not have
specific permissions for individual settings yet, and could have
possibly exposed secrets to admin integrations.
2019-04-16 14:39:01 +02:00
kirrg001
97cf337907 🐛 Fixed 404 when trying to update codeinjection_* settings in Admin API v2
refs #10560
2019-03-04 22:59:13 +01:00
Naz Gargol
48d6e7298a
Refactored content-disposition header handling in API v2 (#10374)
closes https://github.com/TryGhost/Ghost/issues/10331

- Left only a filename part to be handled by controller configuration, the rest was extracted to more generic headers layer
2019-01-14 18:05:16 +00:00
Hannah Wolfe
80f9765a35 Removed deprecated settings
refs #10318

- cheap and dirty way of removing settings we don't use
- rewritten the settingsFilter function as that was unnecessarily complex
- aslo fixed the require of default-settings in the importer
2019-01-04 12:17:32 +00:00
Katharina Irrgang
e48c28b98f 🐛 Protected Ghost blog against invalid uploaded routes.yaml (#10100)
* 🐛  Protected Ghost blog against invalid uploaded routes.yaml

no issue

- e.g. you upload `filter:tag=this is a wrong filter value`
- ask the url service if it has finished it's work to ensure the upload was successful
- wait 5 seconds till Ghost will bring back the last uploaded valid version

* fixed test
2018-11-26 16:28:22 +07:00
kirrg001
b899a6fec8 Added settings ctrl to v2
refs #9866
2018-10-12 21:13:20 +02:00