Commit Graph

3194 Commits

Author SHA1 Message Date
Ghost CI
0c61e0cf59 v5.85.2 2024-06-19 23:16:27 +00:00
Chris Raible
a8e1a707d5 🐛 Fixed race condition when updating member's last_seen_at timestamp (#20389)
ref
https://linear.app/tryghost/issue/ENG-1240/race-condition-when-updating-members-last-seen-at-timestamp

When members click a link in an email, Ghost updates the member's
`last_seen_at` timestamp, but it should only update the timestamp if the
member hasn't yet been seen in the current day (based on the
publication's timezone).

Currently there is a race condition present where multiple simultaneous
requests from the same member (if e.g. an email link checker is
following all links in an email) can cause the `last_seen_at` timestamp
to be updated multiple times in the same day for the same member. These
additional queries add a significant load on Ghost and its database,
which can contribute to the exhaustion of the connection pool and
eventually requests may time out.

The primary motivation for this change is to avoid that race condition
by adding a lock to the member row, checking if `last_seen_at` has
already been updated in the current day, and only updating it if it
hasn't.

Another beneficial side-effect of this change is that it avoids locking
the `labels` and `newsletters` tables, which are locked when we update
the `last_seen_at` timestamp in the `members` table currently. This
should improve Ghost's ability to handle a large influx of requests to
redirect endpoints (confirmed with load tests), which tend to happen
immediately after a publisher sends an email.
2024-06-19 15:58:54 -07:00
Chris Raible
417c9c49ea
Added OpenTelemetry instrumentation to Ghost backend (#20144)
This commit adds OpenTelemetry instrumentation to Ghost's backend, which
allows us to view traces similar to what we see in Sentry Performance
locally.

OpenTelemetry is enabled if `NODE_ENV === 'development'` or if it is
explicitly enabled via config with `opentelemetry:enabled`.

It also adds a [Jaeger](https://www.jaegertracing.io/) container to
Ghost's docker-compose file for viewing the traces. There's no setup
required (beyond running `yarn docker:reset` to pickup the changes in
the docker-compose file the first time — but this will also reset your
DB so be careful). This will launch the Jaeger container, and you can
view the UI to see the traces at `http://localhost:16686/search`.
2024-06-19 13:56:51 -07:00
Kevin Ansfield
a896e1ccb7 Added "@" shortcut to trigger internal linking search (beta)
no issue

Typing "@" in the editor will immediately trigger an internal link search to make it faster to link to one of your articles. After typing "@" continue typing to search, results can be selected using Up/Down arrow keys or the mouse, then pressing Enter or clicking will insert the selected result's title pre-linked. Pressing Escape or moving the cursor out of the search box will cancel the search.

- removed labs flag
- updated Koenig feature flag for at-linking to use the same flag as our internal linking beta
2024-06-19 14:58:04 +01:00
renovate[bot]
ace8a2fb65
Update Koenig packages (#20415)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[@tryghost/kg-default-cards](https://togithub.com/TryGhost/Koenig/tree/master#readme)
([source](https://togithub.com/TryGhost/Koenig)) | [`10.0.5` ->
`10.0.6`](https://renovatebot.com/diffs/npm/@tryghost%2fkg-default-cards/10.0.5/10.0.6)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@tryghost%2fkg-default-cards/10.0.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@tryghost%2fkg-default-cards/10.0.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@tryghost%2fkg-default-cards/10.0.5/10.0.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@tryghost%2fkg-default-cards/10.0.5/10.0.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[@tryghost/kg-default-nodes](https://togithub.com/TryGhost/Koenig/tree/main#readme)
([source](https://togithub.com/TryGhost/Koenig)) | [`1.1.2` ->
`1.1.3`](https://renovatebot.com/diffs/npm/@tryghost%2fkg-default-nodes/1.1.2/1.1.3)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@tryghost%2fkg-default-nodes/1.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@tryghost%2fkg-default-nodes/1.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@tryghost%2fkg-default-nodes/1.1.2/1.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@tryghost%2fkg-default-nodes/1.1.2/1.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[@tryghost/kg-html-to-lexical](https://togithub.com/TryGhost/Koenig/tree/main#readme)
([source](https://togithub.com/TryGhost/Koenig)) | [`1.1.3` ->
`1.1.4`](https://renovatebot.com/diffs/npm/@tryghost%2fkg-html-to-lexical/1.1.3/1.1.4)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@tryghost%2fkg-html-to-lexical/1.1.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@tryghost%2fkg-html-to-lexical/1.1.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@tryghost%2fkg-html-to-lexical/1.1.3/1.1.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@tryghost%2fkg-html-to-lexical/1.1.3/1.1.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[@tryghost/kg-lexical-html-renderer](https://togithub.com/TryGhost/Koenig/tree/main#readme)
([source](https://togithub.com/TryGhost/Koenig)) | [`1.1.3` ->
`1.1.4`](https://renovatebot.com/diffs/npm/@tryghost%2fkg-lexical-html-renderer/1.1.3/1.1.4)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@tryghost%2fkg-lexical-html-renderer/1.1.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@tryghost%2fkg-lexical-html-renderer/1.1.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@tryghost%2fkg-lexical-html-renderer/1.1.3/1.1.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@tryghost%2fkg-lexical-html-renderer/1.1.3/1.1.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[@tryghost/koenig-lexical](https://togithub.com/TryGhost/Koenig/tree/master#readme)
([source](https://togithub.com/TryGhost/Koenig)) | [`1.2.6` ->
`1.2.7`](https://renovatebot.com/diffs/npm/@tryghost%2fkoenig-lexical/1.2.6/1.2.7)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@tryghost%2fkoenig-lexical/1.2.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@tryghost%2fkoenig-lexical/1.2.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@tryghost%2fkoenig-lexical/1.2.6/1.2.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@tryghost%2fkoenig-lexical/1.2.6/1.2.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>TryGhost/Koenig (@&#8203;tryghost/kg-default-cards)</summary>

###
[`v10.0.6`](https://togithub.com/TryGhost/Koenig/compare/@tryghost/kg-default-cards@10.0.5...@tryghost/kg-default-cards@10.0.6)

[Compare
Source](https://togithub.com/TryGhost/Koenig/compare/@tryghost/kg-default-cards@10.0.5...@tryghost/kg-default-cards@10.0.6)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekday" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/TryGhost/Ghost).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MTAuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQxMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-19 12:00:21 +00:00
Peter Zimon
73a88d0c13
Refined newsletter typography (#20406)
DES-459

The font size of subtitles/excerpts in newsletters was similar to the
body font size which doesn't reflect the content hierarchy
appropriately. Also, the spacing should be adjusted to represent that
the title and the subtitle belong together.
2024-06-19 11:57:29 +02:00
Fabien 'egg' O'Carroll
5acdafc0e8
Removed ActivityPub backend from Ghost (#20410)
We are no longer going to run any ActivityPub logic inside of Ghost,
instead we're moving to a separate service, so all of this code is now
redundant.
2024-06-19 15:36:36 +07:00
Chris Raible
5154e8d24f
Fixed race condition when updating member's last_seen_at timestamp (#20389)
ref
https://linear.app/tryghost/issue/ENG-1240/race-condition-when-updating-members-last-seen-at-timestamp
    
When members click a link in an email, Ghost updates the member's
`last_seen_at` timestamp, but it should only update the timestamp if the
member hasn't yet been seen in the current day (based on the
publication's timezone).
    
Currently there is a race condition present where multiple simultaneous
requests from the same member (if e.g. an email link checker is
following all links in an email) can cause the `last_seen_at` timestamp
to be updated multiple times in the same day for the same member. These
additional queries add a significant load on Ghost and its database,
which can contribute to the exhaustion of the connection pool and
eventually requests may time out.
    
The primary motivation for this change is to avoid that race condition
by adding a lock to the member row, checking if `last_seen_at` has
already been updated in the current day, and only updating it if it
hasn't.
    
Another beneficial side-effect of this change is that it avoids locking
the `labels` and `newsletters` tables, which are locked when we update
the `last_seen_at` timestamp in the `members` table currently. This
should improve Ghost's ability to handle a large influx of requests to
redirect endpoints (confirmed with load tests), which tend to happen
immediately after a publisher sends an email.
2024-06-18 20:03:32 -07:00
renovate[bot]
dbd4aa61d0 Update dependency yjs to v13.6.18 2024-06-18 17:04:29 +00:00
Daniel Lockyer
9a40440e82 Fixed handling SVG files with missing tag
fix https://linear.app/tryghost/issue/SLO-151/[ghost]-cannot-read-properties-of-null-reading-attributes-an

- in the event the file doesn't contain a tag, the code currently crashes
  because it tries to read `attributes from `undefined`
- we can fix that by checking the first element exists before reading
  from it
- also includes a breaking test
2024-06-18 14:41:11 +02:00
Daniël van der Winden
f456494776
Newsletter captions fix (#20396)
Fixes
https://linear.app/tryghost/issue/DES-4/image-caption-size-in-email-newsletter.

There were no styles defined for captions for cards beyond the featured
image (bookmark, gallery, video), and we had no way of targeting those
captions with CSS. They are now wrapped in a div with a specific class,
which allows for more selective styling, and are styled similarly to the
caption of the featured image.
2024-06-18 11:26:20 +02:00
Daniel Lockyer
4ff51f4187 Fixed shutdown signal compatibility issue with Node 20
fix https://linear.app/tryghost/issue/ENG-1250/fix-node-20-shutdown-signal-compatibility-issue

- in Node 20, support for string-based arguments to `process.exit` are
  removed
- we can just switch this to an anonymous function and call `.shutdown`
  directly, as we don't need to pass any integer codes to it
2024-06-18 10:05:19 +02:00
renovate[bot]
f6367621d2 Update dependency yjs to v13.6.17 2024-06-17 14:36:26 +00:00
renovate[bot]
cc9a0eeb97 Update dependency ws to v8.17.1 2024-06-17 00:33:52 +00:00
Ghost CI
158c1ae570 v5.85.1 2024-06-14 16:04:19 +00:00
renovate[bot]
710488ef82 Update dependency mysql2 to v3.10.1 2024-06-14 00:48:34 +00:00
Kevin Ansfield
83ee649e82 Added improved search into internal linking beta
closes https://linear.app/tryghost/issue/MOM-117
closes https://linear.app/tryghost/issue/MOM-70

- updated flag handling to move the improved search into the `internalLinking` beta flag
- removed now-unused `internalLinkingSearchImprovements` flag
2024-06-13 17:30:15 +01:00
renovate[bot]
238588cfa3
🐛 Fixed internal link search sometimes showing latest posts after pasting URL (#20374)
no issue

- bumps `@tryghost/koenig-lexical` to include a fix related to debounced searches overwriting our "Insert URL" state of the results popup
2024-06-12 13:01:21 +00:00
Ronald Langeveld
a33ae00dee
Bumped Comments UI to 0.17 minor (#20373)
ref MOM-211
2024-06-12 11:33:16 +00:00
Ronald Langeveld
63d912b2d8
Added content visibility feature flag (#20371)
ref MOM-221

- added new feature flag for content visibility.
2024-06-12 16:55:47 +07:00
Kevin Ansfield
54812dc67a
Added improved Admin search behind labs flag (#20363)
ref https://linear.app/tryghost/issue/MOM-117
ref https://linear.app/tryghost/issue/MOM-70

- moved current search into new `search-provider` service and updated `search` service to use the provider service internally
- added `search-provider-beta` service
  - uses `flexsearch` as the underlying index for each document so we have better indexing and matching compared to the naive exact-match search we had previously
  - adds `excerpt` matching for posts and pages
  - keeps results output the same as the original search provider
- added `internalLinkingSearchImprovements` labs flag so we can test this internally before reaching our internal linking beta testers
- updated `search` service to switch between providers based on labs flag
2024-06-11 15:18:28 +00:00
renovate[bot]
e93bdba689 Update sentry-javascript monorepo to v7.117.0 2024-06-11 09:35:31 +02:00
Sodbileg Gansukh
9ef92035f6
Adjusted spacing and amount of text of newsletter latest posts (#20285)
ref DES-347

- adjusted title and excerpt length of latest posts in emails
- as the layout is same (horizontal) on both desktop and mobile, truncateHtml() needed some update
- now maxLength is expected to be larger than maxLengthMobile, because the mobile layout isn't stacked anymore
- some spacing adjustment has been made as well
2024-06-11 12:30:32 +08:00
Ghost CI
2ce8351c4b v5.85.0 2024-06-10 17:14:15 +00:00
Steve Larson
3c247d93fe
Added posts.updated_at index to schema (#20357)
ref 6dbbdff
- added index to schema
2024-06-10 11:35:21 -05:00
Steve Larson
6dbbdfff49
Added updated_at index to the posts table (#20354)
ref https://linear.app/tryghost/issue/ONC-82
- added migration for adding a posts.updated_at index
2024-06-10 10:37:10 -05:00
renovate[bot]
67d7aadcbe Update dependency cssnano to v7.0.2 2024-06-10 15:18:42 +02:00
renovate[bot]
c641174f94 Update dependency yjs to v13.6.16 2024-06-10 12:14:26 +00:00
Ghost CI
fefb9ec395 v5.84.2 2024-06-07 16:04:25 +00:00
Chris Raible
4a6d427673
Removed members caching cookies when no member is logged in (#20349)
ref
https://linear.app/tryghost/issue/KTLO-58/dont-send-ghost-acess-cookies-if-no-member-is-logged-in

- Currently when member's caching is enabled, but no member is logged
in, we always send `ghost-access=null;` and `ghost-access-hmac=null;`
cookies in the requests to `/members/api/member/`. This is done to clear
the cookies, but an unintended consequence is that these requests can
never be cached since there is a cookie in the response.
- This PR removes the cookies from the requests when no member is logged
in, the cookies will not be sent, allowing the requests to be cached
- It also unsets the cookies when deleting a member's session, so that
the cookies are not sent in the requests after the member logs out
- This should improve the cache hit ratio with members caching enabled
2024-06-06 16:28:36 -07:00
Steve Larson
734ed0b414
Added selectRaw to permitted options for posts model (#20340)
ref https://linear.app/tryghost/issue/CFR-29/
- this allows our content api requests to omit fields we do not use,
improving performance
2024-06-06 13:45:02 -05:00
Ghost CI
bf1852a913 v5.84.1 2024-06-06 16:54:25 +00:00
Kevin Ansfield
c8fc93e989 Noop'ed the post_revisions.custom_excerpt population migration
no issue

- the query can take a very long time to run on large sites causing problems during the upgrade process
- impact from not populating the column:
  - only has an effect when the inline excerpt beta is enabled
  - when beta enabled, if a revision created before the upgrade is restored then the excerpt will be removed (will be visibly empty in preview before restoring, if any edit has occurred on the post after upgrading then it can still be recovered by restoring the later version or copy/pasting from the preview)
2024-06-06 17:25:42 +01:00
Ghost CI
3b6d3b1a02 v5.84.0 2024-06-06 08:34:57 +00:00
Ghost CI
5c29bb6bb9 🎨 Updated Source to v1.2.3 2024-06-06 08:34:57 +00:00
Kevin Ansfield
a7a1166310
Added beta feature toggle for moving excerpt field into editor (#20341)
closes https://linear.app/tryghost/issue/MOM-179

Full details coming soon to https://ghost.org/changelog

- Adds a toggle to labs setting that moves the excerpt input below the post title in the editor
2024-06-05 20:14:34 +01:00
Kevin Ansfield
4a94b5efc9 Added newsletter design setting to display excerpt as subtitle
no issue

Full details coming soon to https://ghost.org/changelog/

- when enabled in newsletter design settings a post's custom excerpt will be displayed as a subtitle in the email
2024-06-05 19:46:50 +01:00
Steve Larson
e49021b7ea
🐛 Fixed default sort for the content API posts endpoint with included relations (#20333)
ref https://linear.app/tryghost/issue/CFR-31/
- when relations were included, erroneous logic resulted in the model's
default sort being applied
- the model default sort is not intended for the content API and
needlessly slowed down responses
- there's a change for users here that should be incredibly unlikely to
be hit; default sort is `published_at desc` which will be secondarily
sorted by `id desc` instead of `published_at desc, updated_at desc, id
desc`

This is a very significant performance improvement for content API
requests with includes for sites with a significant amount of data,
which will primarily impact those using Ghost as a CMS or theme {{#get}}
helpers.
2024-06-05 13:26:10 -05:00
Kevin Ansfield
9ca1f3ce24
Renamed subtitle to excerpt (#20334)
no issue

We've settled on using "excerpt" naming in place of "subtitle" to better reflect the underlying property name and tie in with themes and historical usage.

- added migration to rename the `show_subtitle` newsletter setting to `show_excerpt`
- renamed all places in the codebase that referenced subtitle
2024-06-05 17:59:30 +01:00
Michael Barrett
0f283da8eb
🐛 Fixed Slack integration using member content in excerpt (#20328)
- refs
[ONC-63](https://linear.app/tryghost/issue/ONC-63/discordslack-webhook-integration)
- fixes [#20304](https://github.com/TryGhost/Ghost/issues/20304)

When a post is published and sent to Slack via webhook, the excerpt
generated could contain member content. This change ensures that the
excerpt does not contain member content. This change also ensures that
the author for the post is correctly shown in Slack
2024-06-05 17:46:21 +01:00
Kevin Ansfield
b447a26832
Added custom excerpt to post revisions (#20323)
closes https://linear.app/tryghost/issue/MOM-170

When the subtitle field is included in the editor it creates a disconnect with post revisions if the underlying custom excerpt data is not included so we'd like to both preview and restore the subtitle when the in-editor subtitle field is enabled.

- added `post_revisions.custom_excerpt` column to schema
- added migration to add `post_revisions.custom_excerpt` to existing databases
- added migration to populate `post_revisions.custom_excerpt` with the current `post.custom_excerpt` value from the associated record
  - ensures no data is inadvertently lost when restoring an old version
- using current data matches what would have happened previously where custom_excerpt was never overwritten when restoring an old version
- updated post revisions handling to accept the `custom_excerpt` field
- updated Admin's revision preview and restoration to display and set the `custom_excerpt` field
2024-06-05 14:47:33 +01:00
renovate[bot]
d40ef32ca8
🐛 Fixed mailto: not being recognised in internal-linking search (#20331)
closes https://linear.app/tryghost/issue/MOM-195

- bumped Koenig packages with updated URL-matching
2024-06-05 14:30:24 +01:00
Kevin Ansfield
952a89f673
Renamed show_subhead to show_subtitle (#20320)
closes https://linear.app/tryghost/issue/MOM-194

- whilst working on the feature our naming changed from "Subhead" to "Subtitle"
- this rename of the newsletter design setting column brings naming back into a consistent state before public release
2024-06-04 10:57:14 +00:00
Sag
d751d648c7
Fixed offer not found case during Stripe checkout (#20322)
fixes https://linear.app/tryghost/issue/SLO-135

- handles edge cases when an invalid `offerId` is provided during Stripe
checkout
2024-06-04 10:27:45 +00:00
Ghost CI
46cb819feb v5.83.0 2024-05-31 16:04:36 +00:00
renovate[bot]
418316959c Update dependency mysql2 to v3.10.0 2024-05-30 19:28:02 +00:00
Steve Larson
65b929d1d8
Added JSDoc to stripe-mocker (#20282)
no ref
2024-05-29 17:38:24 -05:00
renovate[bot]
d507c5c6c2 Update Koenig packages 2024-05-29 22:28:20 +01:00
Kevin Ansfield
55015ccbcc
Added '@' internal link shortcut to editor (#20272)
closes https://linear.app/tryghost/issue/MOM-83

- added additional labs flag to allow internal testing prior to private beta release
- bumped Koenig packages containing support for @-link feature
2024-05-29 18:13:52 +01:00
Sanne de Vries
acac7801f4
Split subhead feature into two feature flags (#20279)
REF MOM-119
- Split subhead feature flag into two: editorSubtitle and
newsletterSubtitle
- Updated UI copy, feature flag names and class names from subhead to
subtitle
2024-05-29 17:59:25 +02:00
renovate[bot]
4ef1dd2146 Update dependency mysql2 to v3.9.9 2024-05-29 15:14:00 +00:00
Ronald Langeveld
fddcf3ffee
Added Subheads behind a flag (#20265)
refs MOM-152 MOM-148 MOM-151

- Added Subheads behind a flag + toggle in settings.
- Removes Excerpt fields from post settings if flag is enabled.
- Added subhead toggle in newsletter settings.
- Loads of styling

---------

Co-authored-by: Sanne de Vries <sannedv@protonmail.com>
2024-05-29 09:53:40 +00:00
Steve Larson
e6fcbf45a1
Added sanitization for svg uploads (#20264)
ref https://linear.app/tryghost/issue/ENG-856
- svgs were not previously sanitized and could contain scripts
2024-05-28 08:58:16 -05:00
Ronald Langeveld
d799f2ecb1
Added show_subhead column to newsletters table (#20268)
refs MOM-152

Adds `show_subhead` column to newsletter table. False by default.
2024-05-28 16:29:20 +07:00
Fabien 'egg' O'Carroll
6a8ae57a24
Used a base64 encoded string for hmac secret (#20269)
We want to use a randomly generated 64 byte secret for the hmac, and
utf8 encoding isn't nice to work with for this, so we're going to use a
base64 string and decode it into a buffer for the secret.
2024-05-28 14:12:48 +07:00
renovate[bot]
3ebe206ea7 Update TryGhost packages 2024-05-27 16:58:32 +02:00
renovate[bot]
6ff08c5c14 Update dependency mysql2 to v3.9.8 2024-05-27 08:04:34 +00:00
Daniel Lockyer
ecc6053e5d Cleaned up jsdom dependency usage
- we don't need this in `ghost/core` as it's not used in there
- we need to declare this dependency for the apps, as they use it for
  running tests
- this doesn't change the lockfile but it means we're declaring the
  dependency in the right places now
2024-05-27 09:49:43 +02:00
renovate[bot]
3e3bcb81fd Update dependency jsdom to v24 2024-05-27 09:07:18 +02:00
Ghost CI
43e25f44dc v5.82.12 2024-05-27 06:39:20 +00:00
Chris Raible
98d49f57d5
Added experimental headers to allow caching members content (#20200)
ref
https://linear.app/tryghost/issue/KTLO-45/deploy-members-caching-solution-to-a-single-site-to-validate-and-test

Currently we only cache publicly available content. Any content that is
accessed by a logged in member is only cached for that specific member
based on their cookie. As a result, almost all requests from logged in
members bypass our caching layer and reach Ghost, which adds unnecessary
load to Ghost and its database.

This change adds experimental headers that allow our CDN to understand
which tier to cache the content against, and securely tell the CDN which
tier a logged in member has access to. With these changes, we can cache
the member content against the tier, rather than the individual member,
which should result in a higher cache HIT ratio and reduce the load on
Ghost.

For requests to the frontend of the site, Ghost will set a custom
`X-Member-Cache-Tier` header to the ID of the tier of the member who is
accessing the content. This tells the CDN which tier to cache the
content against.

For requests to either `/members/?token=...` endpoint (the magic link
endpoint) or `/members/api/member`, Ghost will set a `ghost-access` and
`ghost-access-hmac` cookie with the ID of the tier of the logged in
member. With these two pieces of information, our CDN can serve cached
content to logged in members.

These headers are experimental, and can only be enabled via Ghost's
config. To enable these headers, set `cacheMembersContent:enabled` to
`true` and provide an HMAC key in `cacheMembersContent:hmacSecret`.
2024-05-23 19:06:45 -07:00
renovate[bot]
d302d4049c Update Koenig packages 2024-05-23 19:13:38 +01:00
Daniel Lockyer
4a02938774 Reverted "Enabled includeLocalVariables option in Sentry"
refs https://app.incident.io/ghost/incidents/73
refs https://blog.sentry.io/local-variables-for-nodejs-in-sentry/

- this reverts commit cc76fda3e8
- it turns out that enabling this causes the entire program to pause
  whilst it collects local variables
- this was only added to aid with debugging, so it's not critical to
  have and can be disabled
2024-05-23 12:04:10 +02:00
renovate[bot]
ad48d8eb25 Update sentry-javascript monorepo to v7.116.0 2024-05-21 14:24:23 +01:00
Steve Larson
9d9a421b54
Added a column disallow list in the content API posts serializer (#20207)
ref https://linear.app/tryghost/issue/CFR-29
- Removed the mobiledoc and lexical columns from the posts input
serializer, meaning they will no longer be queried for.

Get helpers are essentially a gateway to the Content API. We already
strip out the mobiledoc and lexical fields in the output
serializer/returned response, but this means we're passing the mobiledoc
and lexical fields back from the db. This is pointless and these fields
are substantial in size - by far the largest fields in the whole ghost
db - leading to slowed performance.

I've updated the posts input serializer to strip out the lexical and mobiledoc
columns so we stop doing a `select *` with every query.
2024-05-20 08:25:20 -05:00
Ronald Langeveld
e5056d8d9d
🐛 Fixed External Image URLs being incorrectly prefixed (#20226)
ref ENG-824

- the bug is causing resize prefixes being added to images served from
outside of Ghost.
- this now would only append the prefex to images served by Ghost and
other images urls' would get served as is.
- we can determine that by checking whether imageName doesn't exist,
meaning the source is a third party.
- this mostly affect edge case users, eg where a feature image url was
passed in via the API and doesn't get served by Ghost.
2024-05-20 18:06:03 +08:00
Ronald Langeveld
9a60254cd2
🐛 Fixed redundant member data loading for static assets (#20031)
refs CFR-21

Reorganised middleware execution so that member data is not redundantly loaded for static assets or the sitemap.

---------

Co-authored-by: Michael Barrett <mike@ghost.org>
2024-05-20 13:55:45 +08:00
Ghost CI
589793f0c5 v5.82.11 2024-05-17 16:04:53 +00:00
renovate[bot]
239b5b6369
🐛 Fixed certain snippets not inserting correctly (#20129)
ref https://linear.app/tryghost/issue/ONC-26/support-escalation-template-bug
ref https://github.com/TryGhost/Ghost/issues/18948

- bumps `@tryghost/koenig-lexical` to version that doesn't crash during snippet insertion when last node doesn't match expectations for inserting a trailing paragraph
- bumps all Koenig packages to ensure internal dependencies are pinned to prevent potential issues from mixed versions caused by yarn resolution
2024-05-16 11:39:03 +00:00
Ghost CI
b7efe4ff8e Merged v5.82.10 into main 2024-05-16 02:19:02 +00:00
Ghost CI
f6f04792ea v5.82.10 2024-05-16 02:19:00 +00:00
Galdin Raphael
93eaee7e08
Added missing <html> opening tag to the maintenance page (#20203)
- this was previously missing
2024-05-15 09:10:37 +02:00
Laurent Goderre
d67fc8c353
Added jackspeak resolution to core to fix ESM + CJS compat issue (#20199)
refs #20197

- adds a jackspeak resolution to Ghost core so we can try and ensure the compatible version of jackspeak/string-width is used when the lockfile is regenerated
2024-05-15 08:47:04 +02:00
Fabien O'Carroll
e98f505ae3 Added body parsing to the frontend
ref https://linear.app/tryghost/issue/MOM-73

We need to add body parsing middleware here, so that NestJS has access to it.
We also attach the rawBody which is used to validate the HTTP Signatures
2024-05-15 12:41:34 +07:00
Sodbileg Gansukh
60da243d0c
Updated signup and private page forms for consistency (#20208)
ref TRI-92
2024-05-15 04:47:02 +00:00
Kevin Ansfield
d2da9d3c17
Updated metadata shown on hover in internal link lists (#20204)
closes https://linear.app/tryghost/issue/MOM-80

- updated internal linking search results items
  - removed visibility text from meta data
  - added additional icon for paid/specific tier visibility
  - added titles to icons
- bumped `@tryghost/koenig-lexical` to include support for meta icon titles
- bumped other Koenig packages due to sub-dependency updates
2024-05-14 16:07:04 +00:00
Steve Larson
842290cbef
Improved performance for filter strings with multiple neq statements (#20198)
ref https://linear.app/tryghost/issue/CFR-27
- updated packages to include performance improvement for NQL filter
strings including multiple neq filters for the same resource
- bumped `bookshelf-plugins`
- bumped NQL versions

We identified a performance fix that allows us to combine not equal
(neq) filters for the same resource in a logically-equivalent way that
also has far more performant resulting SQL.

We're effectively automatically combining strings like
'tag:-tag1+tag:-tag2` into 'tag:-[tag1,tag2]'.
2024-05-13 10:35:27 -05:00
Daniel Lockyer
e3fa095c80 Fixed misc JSDoc types
- nothing crazy, but cleans up a few editor warnings
2024-05-13 14:53:53 +02:00
Ghost CI
b1c5a2985c v5.82.9 2024-05-13 07:01:15 +00:00
renovate[bot]
fc41947738 Update dependency semver to v7.6.2 2024-05-10 08:30:32 +02:00
renovate[bot]
512c3e1413 Update CSS preprocessors 2024-05-09 10:36:59 +02:00
renovate[bot]
4c1ecabfc7 Update sentry-javascript monorepo to v7.114.0 2024-05-09 10:16:37 +02:00
Ghost CI
88ad62558a Merged v5.82.8 into main 2024-05-08 19:30:39 +00:00
Ghost CI
f303432ba9 v5.82.8 2024-05-08 19:30:37 +00:00
Daniel Lockyer
7e9d82655e Added extra validation for reset_password endpoint
fix https://linear.app/tryghost/issue/SLO-104/cannot-read-properties-of-undefined-reading-0-an-unexpected-error

- if the request body didn't contain the correct keys, it'd just HTTP
  500 out of there
- this adds some optional chaining so we end up with undefined if
  anything isn't as expected, and the following if-statement does the
  rest of the check for us
- this also adds a breaking test (the first E2E test for authentication, yay!)
2024-05-08 18:05:04 +02:00
Daniel Lockyer
76c6e92006
Handled invalid files when uploading DB zips (#20165)
fix
https://linear.app/tryghost/issue/SLO-103/invalid-comment-length-expected-7-found-0-an-unexpected-error-occurred

- similar to
e8e3447f15,
this captures a specific error from yauzl and throws a user-friendly
error
- perhaps in the future we can just look for yauzl errors and always
return user-friendly errors, but let's monitor that first
- also includes a breaking test
2024-05-08 14:59:34 +02:00
Daniel Lockyer
f276abf9e8 Condensed logic for determining whether to send Sentry events
refs https://docs.sentry.io/platforms/javascript/configuration/filtering/#using--1%20

- this simplifies our logic to determine whether we should send events
  by moving the code to `beforeSend`
- `errorHandler` is going away in Sentry v8 so this results in a shorter
  diff in the future
- the logic should be the same, always send non-Ghost errors, and only
  send HTTP 500 Ghost errors
2024-05-08 14:25:00 +02:00
Daniel Lockyer
77fc66340a Refactored Sentry beforeSend code
- this tidies up the implementation by removing the very verbose ternary
  operator, and also uses the optional chaining operator
2024-05-08 14:25:00 +02:00
Daniel Lockyer
c4ad593a5a Added JSDoc types to Sentry
- this helps editors with identifying what the types of parameters are
2024-05-08 14:25:00 +02:00
Daniel Lockyer
e8e3447f15 Fixed handling empty zip file uploads
fix https://linear.app/tryghost/issue/SLO-102/end-of-central-directory-record-signature-not-found-an-unexpected

- previously, uploading an empty zip would result in a HTTP 500 error
  because yauzl would error and we'd bubble that up as an
  InternalServerError
- now, we catch the specific error message and return a more user
  friendly error
- also includes tests and sample zip file
2024-05-08 11:19:47 +02:00
Daniel Lockyer
d82b136a6a Handled uploads with invalid form bodies
fix https://linear.app/tryghost/issue/SLO-101/http-500-with-invalid-multipart-data

- previously, busboy would error out if we supplied a body that was
  invalid (such as an empty FormData)
- we would then return a HTTP 500 to the user, which causes all manner
  of problems
- now we catch errors from busboy and return a nice BadRequestError
2024-05-08 11:19:47 +02:00
Daniel Lockyer
ae88dc8548 Handled invalid timestamp format in filters
fix https://linear.app/tryghost/issue/SLO-85/fix-http-500-on-contentposts

- in the event we give the incorrect format in a filter, MySQL will
  throw an error and we'll throw a HTTP 500 error
- we can capture this error and return a more useful error to the user
- ideally we'd do this in a validation step before attempting the query,
  but parsing this out of NQL and detecting which columns are DATETIME
  could be quite tricky
2024-05-08 09:28:56 +02:00
Daniel Lockyer
82c612bad9 Rolled out API framework JSDoc typing to more places
- this updates a bunch of places where we're just using Object to cheat
  the system
- doing this means editor autocomplete and basic type checking is better
  because we now have proper types in place
- functionality should not change, these are just comments
2024-05-08 09:28:31 +02:00
renovate[bot]
1fea2fc616 Update dependency semver to v7.6.1 2024-05-08 09:04:44 +02:00
Ghost CI
7201006f05 Merged v5.82.7 into main 2024-05-07 18:13:36 +00:00
Ghost CI
000616ac02 v5.82.7 2024-05-07 18:13:34 +00:00
Daniel Lockyer
2659e5aa40 Added handling for parsing errors with user-submitted HTML
fix https://linear.app/tryghost/issue/SLO-87/cannot-read-properties-of-undefined-reading-createimpl-an-unexpected
refs https://github.com/jsdom/jsdom/issues/3709

- in the event we are given some HTML to parse, and that fails, we
  currently return a HTTP 500 because it's unhandled
- the instance we saw was due to `<constructor>` crashing jsdom, we've
  opened an issue for that
- in terms of handling the error gracefully, we can surround the code
  in a try-catch and return a more suitable error. I've gone for a
  ValidationError for now - you could debate whether a different one is
  more appropriate
- also added Sentry error capturing so we're not blind to these,
  ultimately we should make sure the parser can handle all
  user-submitted data
2024-05-07 17:25:48 +02:00
Daniel Lockyer
dccb4ac84e Cleaned up unused controller method
- this isn't being used anywhere, so we can clean it up
2024-05-07 11:44:07 +02:00
Daniel Lockyer
1fd155d56a Fixed extra arguments being supplied to function calls
- identified by tsc, this shouldn't change any functionality because
  there were extra arguments being supplied and were unused
2024-05-07 11:44:07 +02:00
Daniel Lockyer
29cc3003c7 Fixed misc JSDoc types
- nothing crazy, just fixing minor typing issues that I've come across
2024-05-07 11:44:07 +02:00
Ronald Langeveld
4f3bfebfea
Revert "Added latest_event_timestamp to email table (#20118)" (#20149)
This reverts commit 3246a8d2c9.
2024-05-07 08:58:42 +00:00
Daniel Lockyer
c298db912c Added JSDoc types for API controllers
- this adds a simple set of types to the @tryghost/api-framework
  package that should describe all of the keys available on a
  controller, and then rolls it out to all API controllers
- unfortunately, due to https://github.com/microsoft/TypeScript/issues/47107, we have
  to split apart `module.exports` into a variable assignment in order for type-checking
  to be done
- the main benefit of this is that `frame` is now typed, and editors understand what keys
  are available, so intellisense works properly
2024-05-07 10:49:44 +02:00
Ronald Langeveld
3246a8d2c9
Added latest_event_timestamp to email table (#20118)
ref ENG-832

- Added migrations for `latest_event_timestamp` column in emails table.
- updated schema
- updated emails model
2024-05-07 16:12:51 +08:00
Daniel Lockyer
de435238f4 Fixed wrong status code type
- `statusCode` should be a number, but we were passing a string
- this doesn't really affect anything, but tsserver was flagging it up
  as the wrong type
2024-05-07 08:29:48 +02:00
Daniel Lockyer
b29c897da3 Fixed passing error to IncorrectUsageError
- we should pass it as `err` and not `error`
- this probably slipped in because the catch parameter is called
  `error`, so I've updated that and fixed the references
2024-05-07 08:29:48 +02:00
Daniel Lockyer
efc59dd315 Fixed extra parameter to function
- `serializeTier` only takes 2 parameters
- flagged by tsserver
2024-05-07 08:29:48 +02:00
Daniel Lockyer
f72d7b77ac Fixed miscellaneous jsdoc comments
- this helps tsserver figure out what the type of things is around our
  codebase
- nothing crazy, mostly Express types for the middleware, application and router levels
2024-05-07 08:29:48 +02:00
Daniel Lockyer
265a8dd16f Added function names to more middleware
refs 319f251ad2

- this helps debugging because all middleware in the stack will have a
  function name, so it'll show up instead of `<anonymous>`
2024-05-06 17:51:39 +02:00
Daniel Lockyer
a50bb8d79e Added missing error messages for members uploader
fix https://linear.app/tryghost/issue/SLO-97/missing-messages-for-members-file-upload

- these were missing, so if the members importer wasn't given a file, it
  would crash with an HTTP 500 error
- also added a test to ensure we get a 422 back
2024-05-06 15:17:25 +02:00
Daniel Lockyer
5a8145139a Fixed handling cutoff boundary data in image + media upload
fix https://linear.app/tryghost/issue/SLO-95/unexpected-end-of-multipart-data-for-broken-image-upload-request

- in the event the client sends an invalid body to the image or media
  upload endpoints, Dicer will throw an error if the boundary data is
  malformed
- previously, we've just been bubbling that up as an InternalServerError
  and that results in an HTTP 500
- we can capture errors produced by dicer and return a handled
  BadRequestError, as it's the client's fault
- also includes breaking tests
2024-05-06 13:41:25 +02:00
Daniel Lockyer
3e79712466 Fixed handling malformed image + media upload requests
fix https://linear.app/tryghost/issue/SLO-94/unexpected-field-when-given-broken-image-upload-request

- in the event the body of an image or media upload request is malformed
  (broken metadata / blob or something), we get a MulterError and this
  bubbles up as an InternalServerError and spits out a HTTP 500
- we can capture this and return a BadRequestError, as it's the client's
  fault for not providing the correct body
- this implements that and adds breaking tests
2024-05-06 13:24:26 +02:00
Ghost CI
f34c33f330 v5.82.6 2024-05-03 16:04:14 +00:00
Chris Raible
d8b629c713
Added an optional timeout parameter to AdapterCacheRedis (#20131)
ref
https://linear.app/tryghost/issue/ENG-902/add-an-optional-timeout-in-the-redis-cache-adapter-in-case-redis

- Added an optional timeout parameter to AdapterCacheRedis, so that the
`get(key)` method will return `null` after the timeout if it hasn't
received a response from Redis
- When load testing the `LinkRedirectRepository` with the Redis cache
enabled on staging, we noticed that for some reason Redis stopped
responding to commands for ~30 seconds.
- The `LinkRedirectRepository` was waiting for the Redis cache to
respond and resulted in a drastic increase in response times for link
redirects
- This change will allow us to set a timeout on the `get(key)` method,
so that if Redis doesn't respond within the timeout, the method will
return `null` as if it were a cache miss.
- Then the `LinkRedirectRepository` will fall back to the database and
return the link redirect from the database instead of waiting
indefinitely for Redis to respond
2024-05-02 20:39:23 -07:00
Chris Raible
b9f7ea65e9
Revert "Added new member signup flow behind labs flag (#19986)" (#20130)
ref https://linear.app/tryghost/issue/KTLO-1/members-spam-signups

This reverts commit 01d0b2b304.

- Removed the new member signup flow because it didn't solve the
problems with spam signups
2024-05-02 13:02:32 -07:00
Daniel Lockyer
7950122ffe Protected against deleting non-existent image during upload
fix https://linear.app/tryghost/issue/SLO-93/undefined-path-error-with-bad-image-upload

- in the event we receive a request to upload an image, that doesn't
  contain an image, we still try and unlink the files
- this is a dangling promise, so it doesn't cause an explicit HTTP
  error, but it does show up as a console error
- fixed it by checking for the path, and early returning if it doesn't
  exist
- also added a test that would fail without this
2024-05-02 17:29:03 +02:00
Sag
e996213122
Moved POST /members/api/member behind alpha flag (#20124)
ref https://linear.app/tryghost/issue/SLO-78

- the `POST /members/api/member` endpoint is solely used by the alpha
feature `membersSpamPrevention` and should not be available otherwise
2024-05-02 16:34:32 +02:00
Daniel Lockyer
cc76fda3e8 Enabled includeLocalVariables option in Sentry
ref https://linear.app/tryghost/issue/SLO-92/enable-extra-sentry-integrations
refs https://docs.sentry.io/platforms/javascript/guides/node/configuration/options/#include-local-variables

- this will capture the local stack variables when producing a stack
  trace, which would be super useful when debugging
2024-05-02 13:52:40 +02:00
Daniel Lockyer
5b28dc9246 Enabled Sentry's ExtraErrorData integration
refs https://docs.sentry.io/platforms/javascript/guides/node/configuration/integrations/extraerrordata/
ref https://linear.app/tryghost/issue/SLO-92/enable-extra-sentry-integrations

- this enables the ExtraErrorData integration, which should help us
  capture more of the properties of the errors we're producing, which
  _may_ help with debugging
2024-05-02 13:52:40 +02:00
renovate[bot]
a33dccf8cd Update TryGhost packages 2024-05-01 17:01:41 +02:00
Daniel Lockyer
3f7a7fff44 Fixed HTTP 500 when adding unknown products to member
fix https://linear.app/tryghost/issue/SLO-89/cannot-read-properties-of-null-reading-get-an-unexpected-error

- if we pass an invalid ID when updating the products on a member, we
  throw a HTTP 500 error because `product` is `null`
- we can check for this and return a BadRequestError, because the user
  supplied an incorrect ID
2024-05-01 16:54:35 +02:00
Ghost CI
6b32548e5c Merged v5.82.5 into main 2024-05-01 13:22:28 +00:00
Ghost CI
a4c478958b v5.82.5 2024-05-01 13:22:26 +00:00
renovate[bot]
746df63307
Update dependency gscan to v4.43.1 (#20109)
ref https://linear.app/tryghost/issue/ENG-842/gluster-file-name-length-limit

- gscan v4.43.1 contains a bug fix to throw an large filenames
2024-05-01 11:26:21 +00:00
Daniel Lockyer
ddac3a9e8b Removed Sentry error capturing for failed URL decoding
fix https://linear.app/tryghost/issue/SLO-79/incorrectusageerror-the-url-httpsblogkongregatecompercentc0-couldnt-be

- we added this Sentry captureException whilst fixing a bug where
  decodeUrl could fail, and throw a 500 exception
- we added handling for that case and returned an empty string, but we
  also added Sentry error capturing
- at this point, I don't think we need to be capturing errors in Sentry,
  because the issue is already handled, and it only usually happens with
  malicious/incorrect URLs
- this is our #2 cause of Sentry alerts, so it's good to clean it up
2024-05-01 10:15:13 +02:00
renovate[bot]
60a3b5a913 Update TryGhost packages 2024-05-01 08:49:04 +02:00
Daniel Lockyer
7109743282 Fixed overly verbose DatabaseInfo require
- we don't need to deep require into the library as it exports what we
  need on the surface
- this should unblock https://github.com/TryGhost/Ghost/pull/19002, as
  it's randomly failing with this require
2024-04-30 21:39:56 +02:00
Michael Barrett
4cd85ab8b7
Added timeout when resizing an image (#20087)
refs
[ENG-827](https://linear.app/tryghost/issue/ENG-827/🐛-crash-on-resizing-animated-gif)

Added a timeout to the image resizing middleware to prevent crashes when
an image is taking too long to resize. When the timeout is reached and
the image has not been resized, the middleware will return the original
image
2024-04-30 08:39:30 +01:00
Ronald Langeveld
b2970cb4e0
Added integrity test for flags (#20094)
ref
https://ghost.slack.com/archives/C02G9E68C/p1714047709694639?thread_ts=1713956576.497899&cid=C02G9E68C
    
    - Ensures unique feature flags, avoiding configuration conflicts.
    - Enhances code reliability and simplifies feature tracking.
    - Prevents bad rebases was the reason for the initial duplication.
2024-04-29 02:39:15 +00:00
renovate[bot]
305029bc38 Update dependency ws to v8.17.0 2024-04-29 01:23:51 +00:00
renovate[bot]
f18f08928f Update dependency yjs to v13.6.15 2024-04-29 01:22:59 +00:00
Ghost CI
cf9ba60524 v5.82.4 2024-04-26 16:04:30 +00:00
Chris Raible
dcd65bfa4f
Added caching to the LinkRedirectRepository (#20036)
ref
https://linear.app/tryghost/issue/ENG-851/implement-a-minimal-but-complete-version-of-redirect-caching-to
ref https://app.incident.io/ghost/incidents/55

Often immediately after sending an email, sites receive a large volume
of requests to LinkRedirect endpoints from members clicking on the links in
the email.

We currently don't cache any of these requests in our CDN, because we
also record click events, update the member's `last_seen_at` timestamp,
and send webhooks in response to these clicks, so Ghost needs to handle
each of these requests itself. This means that each of these LinkRedirect requests
hits Ghost, and currently all these requests hit the database to lookup
where to redirect the member to.

Each one of these requests can make up to 11 database queries, which can
quickly exhaust Ghost's database connection pool. Even though the
LinkRedirect lookup query is fairly cheap and quick, these queries aren't
prioritized over the "record" queries Ghost needs to handle, so they can
get stuck behind other queries in the queue and eventually timeout.

The result is that members are unable to actually reach the destination
of the link they clicked on, instead receiving a 500 error in Ghost, or
it can take a long time (60s+) for the redirect to happen.

This PR uses our existing `adapterManager` to cache the redirect lookups
either in-memory or in Redis (if configured — by default there is no caching). This only removes 1 out of
11 queries per redirect request, so it won't reduce the load on the DB
drastically, but it at least decouples the serving of the LinkRedirect from
the DB so the member can be redirected even if the DB is under heavy
load.

Local load testing results have shown a decrease in response times from
60 seconds to ~50ms for the redirect requests when handling 500 requests
per second, and reduced the 500 error rate to 0.
2024-04-25 19:17:25 -07:00
Daniel Lockyer
892b9ab397 Moved internalLinking and stripeAutomaticTax flags to private beta
refs https://ghost.slack.com/archives/C02G9E68C/p1714051665654659?thread_ts=1713970812.191919&cid=C02G9E68C

- this enables us to enable the flags on sites without the need to
  enable developer experiments
- added `(private beta)` to the end of the relevant UI flags, because
  they're still in alpha in the UI despite being in beta in backend
2024-04-25 16:37:55 +02:00
Ronald Langeveld
601d05de0d
Removed duplicated ActivityPub labs key (#20089)
no issue

- rebased from main without seeing there's an existing flag.
- this removes the duplicated flag
2024-04-25 14:15:47 +00:00
Steve Larson
a0b7476794
Updated staff deletion logic (#20069)
ref https://linear.app/tryghost/issue/ENG-826

- Changed staff deletion logic to do a bulk insert when adding a tag to
the users' associated posts

Staff deletion logic has really poor performance at scale because we do
individual updates for every post. If a user has dozens+ posts
(especially in a large db with thousands of posts), this can take >60s
and look like a timeout. Ultimately this should probably be a jobbed off
process, but for the time being we can improve this by doing a bulk
insert.

Note that this update uses the pattern for the bulk tagging of posts
from the right click (bulk) actions in the posts lists in Admin. With
bulk actions, **we do not trigger web hooks or the post.edited events**.
We will document this and follow up on this separately.
2024-04-25 08:19:11 -05:00
Djordje Vlaisavljevic
7a3bbfde10
Added ActivityPub playground (#20081)
ref MOM61

- Adds admin-x react app we’ll use as ActivityPub playground to the
sidebar nav behind the feature flag.
- Wired up routing to Ember
- Setup the project as `admin-x-activitypub`

---------

Co-authored-by: Ronald Langeveld <hi@ronaldlangeveld.com>
2024-04-25 16:44:29 +08:00
Fabien O'Carroll
af02ca7044 Initial wire up of Posts -> Outbox flow
ref https://linear.app/tryghost/issue/MOM-29

This is very rough, and all still behind a flag. The idea is that any public
post which is published gets added to the Outbox of the site Actor. We also
dispatch an event, which will be used to deliver the Activity to any relevant
inboxes, but that is outside the scope of this commit.
2024-04-25 11:10:17 +07:00
renovate[bot]
25657b6a99 Update sentry-javascript monorepo to v7.112.1 2024-04-23 16:39:50 +02:00
renovate[bot]
3960e8caa1 Update sentry-javascript monorepo to v7.112.0 2024-04-23 14:11:30 +02:00
Daniel Lockyer
fda8aa5bfe Removed Sentry logging from XMLRPC service
refs https://ghost-foundation.sentry.io/issues/5135326925/

- the service tends to 503 all the time, and we don't really care enough
  for it to ping us in Sentry, as it's not something we control
- we can still keep logging the errors in case we need to go and look at
  what went wrong
2024-04-23 12:48:33 +02:00
renovate[bot]
d69a0aa1e6 Update dependency knex-migrator to v5.2.1 2024-04-22 12:29:48 +02:00
renovate[bot]
e4ffc7b8c0 Update dependency mysql2 to v3.9.7 2024-04-22 01:37:24 +00:00
renovate[bot]
69372d9018 Update dependency @sentry/profiling-node to v7.111.0 2024-04-19 16:56:32 +00:00
renovate[bot]
7fea4151d8 Update dependency @sentry/profiling-node to v7 2024-04-19 18:43:59 +02:00
Ghost CI
cb838c4bb6 v5.82.3 2024-04-19 16:04:16 +00:00
renovate[bot]
80fe672525 Update sentry-javascript monorepo to v7.111.0 2024-04-19 08:54:26 +02:00
Daniel Lockyer
f31814c804 Updated mysql2 dependency
refs #20050

- Renovate seems to be unable to bump the package past the security
  release, but unfortunately this release contains a breaking bug
- this commit manually bumps the package so we can get things flowing
  again
- the security release doesn't really affect us, but we should still try
  and keep on the latest
2024-04-19 08:48:24 +02:00
Chris Raible
a10b13916a
🐛 Fixed admin error when deleting an unsaved or imported post (#20053)
ref
https://linear.app/tryghost/issue/ENG-845/error-attempted-to-set-lexical-on-the-deleted-record
ref
[https://linear.app/tryghost/issue/ENG-854/🐛-deleting-imported-posts-makes-ghost-unresponsive](https://linear.app/tryghost/issue/ENG-854/%F0%9F%90%9B-deleting-imported-posts-makes-ghost-unresponsive)

- When deleting a post in the editor's Post Settings Menu, if the post
has unsaved changes (indicated by the hasDirtyAttributes property in the
editor), Admin will crash because it tries to save a post revision
before leaving the editor, but the post has already been deleted so
saving fails.
- This can occur when editing a post and quickly deleting it from the
Post Settings Menu before saving is completed.
- It can also occur when attempting to delete an imported post, as the
editor will parse the lexical from the server and may make some minor,
invisible-to-the-user changes to the lexical string locally (e.g. JSON
formatting, or updating the JSON to use extended version of base lexical
nodes), which triggers the same error.
- This fix bypasses the attempt to save a post revision when leaving the
editor if the post is already deleted, which allows the transition back
to the Posts route to succeed.
2024-04-18 10:02:02 -07:00
Kevin Ansfield
182fa62759
Bumped Koenig packages (#20047)
closes https://linear.app/tryghost/issue/MOM-39/

- fixes clicking on search results in internal linking PoC
- adds support for Node 20
2024-04-18 14:58:01 +00:00
Daniel Lockyer
10e81aeed8
ℹ️ Added support for Node 20
ref https://linear.app/tryghost/issue/ENG-765/add-support-for-node-20

- this adds support for Node 20 to Ghost and CI, as Node 20 is an LTS
  version and we should pick it up
2024-04-18 13:17:21 +02:00