Commit Graph

1351 Commits

Author SHA1 Message Date
Renovate Bot
83ed38c2e0 Update dependency jsonpath to v1.0.2 2019-07-02 11:15:38 +00:00
Renovate Bot
4b7a1bffec Update dependency node-jose to v1.1.3 2019-07-02 10:31:28 +00:00
Renovate Bot
4753017d6a Update dependency moment-timezone to v0.5.25 2019-07-02 10:30:03 +00:00
Renovate Bot
c14849d761 Update dependency mock-knex to v0.4.5 2019-07-02 12:29:31 +02:00
Renovate Bot
b4a2305f64 Update dependency mobiledoc-dom-renderer to v0.6.6 2019-07-02 10:28:37 +00:00
Renovate Bot
90f0d38ad2 Update dependency mysql to v2.17.1 2019-07-02 12:26:23 +02:00
Renovate Bot
1371684b38 Update dependency connect-slashes to v1.4.0 2019-07-02 12:12:28 +02:00
Renovate Bot
f4dd1d173f Update dependency bson-objectid to v1.3.0 2019-07-02 12:10:29 +02:00
Renovate Bot
352fec4c00 Update dependency gscan to v2.6.2 2019-07-02 10:02:49 +00:00
Renovate Bot
ddfc0801f8 Update dependency cookie to v0.4.0 2019-07-02 11:58:53 +02:00
Renovate Bot
62e0a17aa3 Update dependency image-size to v0.7.4 2019-07-02 11:54:36 +02:00
Renovate Bot
e146737aff Update dependency jsonwebtoken to v8.5.1 2019-07-02 11:47:22 +02:00
Renovate Bot
0ed0c49732 Update dependency grunt-contrib-compress to v1.5.0 2019-07-02 11:41:15 +02:00
Renovate Bot
189ce9bc1d Update dependency express-session to v1.16.2 2019-07-02 11:37:27 +02:00
Renovate Bot
5a316c3c80 Update dependency express to v4.17.1 2019-07-02 11:30:35 +02:00
Renovate Bot
a51008a034 Update dependency knex-migrator to v3.2.6 2019-07-02 09:27:54 +00:00
Renovate Bot
2dcb1a3776 Update dependency csv-parser to v2.3.0 2019-07-02 11:27:16 +02:00
Renovate Bot
9564757d8d Update dependency ajv to v6.10.0 2019-07-02 11:13:53 +02:00
Renovate Bot
0abc8971b4 Pin dependency grunt-contrib-symlink to 1.0.0 2019-07-02 11:08:33 +02:00
Renovate Bot
885ce6eb44 Update dependency cookie-session to v1.3.3 2019-07-02 11:04:52 +02:00
Renovate Bot
2e0067d877 Update dependency html-to-text to v5 2019-07-02 11:00:00 +02:00
Renovate Bot
d88a41628e Update dependency semver to v6 2019-07-02 10:56:03 +02:00
Renovate Bot
b3561dcee4 Update dependency sharp to v0.22.1 2019-07-02 10:52:46 +02:00
Renovate Bot
deeafe9734 Update dependency compression to v1.7.4 2019-07-02 08:26:50 +00:00
Renovate Bot
2cf40d2f6f Update dependency bson-objectid to v1.2.5 2019-07-02 07:30:13 +00:00
Renovate Bot
82d146577c Update dependency @tryghost/members-auth-pages to v0.2.2 2019-07-02 06:48:32 +00:00
Renovate Bot
7638ca4d77 Update dependency @tryghost/helpers to v1.1.6 2019-07-02 05:23:38 +00:00
Renovate Bot
2f7e6d21ae Update dependency bluebird to v3.5.5 2019-07-02 04:04:31 +00:00
Renovate Bot
c576a2d724 Update dependency @tryghost/members-api to v0.1.2 2019-07-02 03:29:16 +00:00
Renovate Bot
9da9b2f448 Update dependency @nexes/nql to v0.2.2 2019-07-02 02:31:50 +00:00
Renovate Bot
3eeb81a19c Update Build Tool 2019-07-02 01:31:27 +00:00
Fabien O'Carroll
9f2e1bfde7 Version bump to 2.25.4 2019-07-01 13:31:22 +07:00
Kevin Ansfield
b35269f933 Version bump to 2.25.3 2019-06-26 14:02:07 +01:00
Kevin Ansfield
3229de75f8 Revert "Replaced keypair with rsa-keypair module (#10758)"
This reverts commit 64735693be.

- `rsa-keypair` is a binary dependency that was failing to install for a lot of users, reverting for now so we can look at alternative options for speeding up boot time
2019-06-26 14:00:25 +01:00
Kevin Ansfield
c3a493bfeb Version bump to 2.25.2 2019-06-25 13:22:54 +01:00
Fabien O'Carroll
da3f55dd9d Updated express-hbs to 2.1.2
no-issue

ronseal.
2019-06-25 16:19:33 +07:00
Fabien O'Carroll
bb1ee3c265 Updated members-theme-bindings & public/members.js
no-issue

This updates Ghost to inject the exact urls we want to use for both the
static members pages and the ssr endpoints we've configured for the
frontend. This allows us to changes these without having to update the
members repository, and gives a cleaner split between the two.
2019-06-25 15:13:52 +07:00
Nazar Gargol
e5391519eb Bumped js-yaml version to 3.13.1
no issue

- The 3.13.1 version contains security fixes described in b2f9e88239
2019-06-24 15:47:37 +02:00
Daniel Lockyer
64735693be Replaced keypair with rsa-keypair module (#10758)
refs #10789 

Speed up Ghost boot time by replacing the JS-only RSA key generator
library with a native alternative.
2019-06-21 16:51:44 +07:00
Fabien O'Carroll
cbe8d1885c Version bump to 2.25.1 2019-06-19 13:58:12 +07:00
Naz Gargol
abda6e6338
Migrated to use url-utils from Ghost-SDK (#10787)
closes #10773

- The refactoring is a substitute for `urlService.utils` used previously throughout the codebase and now extracted into the separate module in Ghost-SDK
- Added url-utils stubbing utility for test suites
- Some tests had to be refactored to avoid double mocks (when url's are being reset inside of rested 'describe' groups)
2019-06-18 15:13:55 +02:00
Fabien O'Carroll
a63d29f859 Version bump to 2.25.0 2019-06-18 19:38:29 +07:00
Fabien O'Carroll
262c27c8e8 Version bump to 2.24.0 2019-06-18 19:25:06 +07:00
Kevin Ansfield
bbae006eb5
Speed up image-size utility functions (#10784)
no issue

- add `probe-image-size` dependency
- use `probe-image-size` to fetch partial image data over the network where possible
2019-06-11 16:25:15 +01:00
Rish
c5cb7a6155 Version bump to 2.23.4 2019-06-11 16:51:41 +05:30
Kevin Ansfield
6fd2db2ed4 Update amperize to v0.5.2
no issue
- includes a couple of bug fixes for fallback from probe-image-size to image-size
2019-06-11 12:17:28 +01:00
Kevin Ansfield
f34a9d2e36 Update amperize to v0.5.1
no issue

- includes fix for http->https conversion that broke tests in 90b0c8d3bb
2019-06-10 11:14:00 +01:00
Kevin Ansfield
90b0c8d3bb 🚀 Speed up initial generation of /amp/ content with many images
no issue

- update `amperize` to v0.5.0 which includes partial image loading and parallel network requests for fetching image dimensions
2019-06-10 09:53:25 +01:00
Nazar Gargol
f5544e7831 Migrated to use @tryghost/social-urls package
refs #10618

- /lib/social/urls was extracted into SDK to move more modules out of the core and reduce coupling of the theme layer
2019-06-06 17:10:13 +02:00
Kevin Ansfield
bdf1383b30 Version bump to 2.23.3 2019-06-06 11:15:47 +01:00
Kevin Ansfield
07e9490621
🐛 Fixed server crash when AMP posts contain images with unescaped chars (#10775)
no issue

- bump `amperize` to v0.4.0 which contains an updated version of `got` which does not crash on invalid image urls
2019-06-05 17:31:23 +01:00
Nazar Gargol
74d5bf3822 Version bump to 2.23.2 2019-06-04 13:01:40 +02:00
Naz Gargol
acdcadc396
🔥 Dropped Node v6 support (#10771)
no issue
    
- Node v6 has come to EOL as of 2019-04-30 (ref. https://github.com/nodejs/Release#end-of-life-releases)
- Removed Node v6 specific tests and code
2019-06-03 14:20:23 +02:00
Kevin Ansfield
525c2753ec Update dependency @tryghost/html-to-mobiledoc to v0.4.1
no issue

- includes a fix for text content potentially being lost when converting html to mobiledoc via the API
2019-06-03 12:34:35 +01:00
Kevin Ansfield
81ebe3e8a3 Version bump to 2.23.1 2019-05-28 18:36:10 +01:00
Kevin Ansfield
5ee76a3f85 Version bump to 2.23.0 2019-05-27 10:57:22 +01:00
Kevin Ansfield
7ea161ae04 Version bump to 2.22.3 2019-05-23 13:49:24 +01:00
Fabien O'Carroll
0918844e75 Version bump to 2.22.2 2019-05-21 12:09:14 +02:00
Fabien O'Carroll
5b0b7e4d8d Version bump to 2.22.1 2019-05-14 11:16:04 +02:00
Nazar Gargol
bb7bb55cf3 Bumped gscan version to 2.6.0
no issue

- Updated valid theme fixture to be inline with warning that was added when using {{each}} helper instead of {{foreach}}
2019-05-08 16:56:22 +02:00
Fabien O'Carroll
c101fd90d7
Removed lib/members in favour of packages (#10739)
* Installed `@tryghost/members-{api,auth-pages}`

no-issue

* Used @tryghost/members-auth-pages in member service

no-issue

* Used @tryghost/members-api in members service

no-issue

* Deleted core/server/lib/members

no-issue

* Fixed parent app tests

no-issue

Requiring the members api (via the `gateway` getter) was throwing an
error, so we stub out the members service getters
2019-05-08 14:08:25 +02:00
Nazar Gargol
53b300d7bf Version bump to 2.22.0 2019-05-07 12:37:29 +02:00
Rish
a4f4a00cc4 Updated to use slugify method from SDK for safe string
refs #10618

- Updated lib safe string security method
2019-05-07 15:33:07 +05:30
Fabien O'Carroll
4563999352 🐛 Fixed password submission for private blogging
no-issue

This bump to members-ssr includes an update which no longer consumes the
request stream when calling getMemberDataFromSession. Previously, this
method was called on every request to the theme layer, and the
private-blogging middleware was unable to parse the body as the request
stream had already been consumed.
2019-05-06 12:38:38 +02:00
Kevin Ansfield
75ae3f8736 Added parsing of html cards when using ?source=html with the v2 Admin API
no issue

- when sending `html` with `?source=html` to the v2 Admin API it's now possible to include blocks of HTML that will be extracted to html cards rather than going through the normal lossy html-to-mobiledoc conversion

Example usage would be sending HTML in the following format:

```html
<p>Some standard content...</p>

<!--kg-card-begin: html-->
<div class="my-custom-html">...</div>
<!--kg-card-end: html-->

<p>Some more content...</p>
```

In this case an html card will be created in the mobiledoc with the content `<div class="my-custom-html">...</div>`.
2019-05-04 11:30:59 +01:00
Kevin Ansfield
9f9dde3107 Added caption and language extraction for code blocks when converting HTML via API
no issue
- update @tryghost/html-to-mobiledoc to v0.3.0
- uses updated @tryghost/kg-parser-plugins that is now shared with Ghost-Admin
2019-05-03 11:55:38 +01:00
Fabien O'Carroll
5e33f0771d Moved cpy-cli to dependencies
no-issue

This needs to be installed as a top level dependency so that it can run
on all install contexts
2019-05-01 18:43:44 +02:00
Fabien O'Carroll
cade823ba7 🐛 Fixed postinstall script when running on Windows
no-issue

The previous postinstall script used the unix specific `cp` command,
which caused installing on Windows to break. This replaces it with an
npm module which handles copying files agnostic to platform.
2019-05-01 18:09:04 +02:00
Nazar Gargol
17cc70b94b Bumped bookshelf-relations version to 1.1.1 2019-04-30 17:11:40 +02:00
Kevin Ansfield
3d16b50fc0 Version bump to 2.21.1 2019-04-30 11:10:02 +02:00
Fabien O'Carroll
59c57a9216 Copied members-theme-bindings to public post install
no-issue
2019-04-24 12:46:00 +02:00
Fabien O'Carroll
5d02d1999c Installed @tryghost/members-theme-bindings@0.1.0
no-issue
2019-04-24 12:46:00 +02:00
Fabien O'Carroll
2edda4c757 Version bump to 2.21.0 2019-04-23 11:34:46 +02:00
Rish
c53e66d49a Version bump to 2.20.1 2019-04-17 18:31:47 +05:30
Rish
4d0643fb49 🐛 Fixed crash in calculating reading time for empty posts
no issue

- Updated helpers package to fix `null` html cases in case of empty post content
2019-04-17 15:12:01 +05:30
Fabien O'Carroll
f9899cb8c4
Updated theme layer to use members-ssr (#10676)
* Removed support for cookies in members auth middleware

no-issue

The members middleware will no longer be supporting cookies, the cookie
will be handled by a new middleware specific for serverside rendering,
more informations can be found here:

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Removed members auth middleware from site app

no-issue

The site app no longer needs the members auth middleware as it doesn't
support cookies, and will be replaced by ssr specific middleware.

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Added comment for session_secret setting

no-issue

We are going to have multiple concepts of sessions, so adding a comment
here to be specific that this is for the Ghost Admin client

* Added theme_session_secret setting dynamic default

no-issue

Sessions for the theme layer will be signed, so we generate a random hex
string to use as a signing key

* Added getPublicConfig method

* Replaced export of httpHandler with POJO apiInstance

no-issue

This is mainly to reduce the public api, so it's easier to document.

* Renamed memberUserObject -> members

no-issue

Simplifies the interface, and is more inline with what we would want to export as an api library.

* Removed use of require options inside members

no-issue

This was too tight of a coupling between Ghost and Members

* Simplified apiInstance definition

no-issue

* Added getMember method to members api

* Added MembersSSR instance to members service

* Wired up routes for members ssr

* Updated members auth middleware to use getPublicConfig

* Removed publicKey static export from members service

* Used real session secret

no-issue

* Added DELETE /members/ssr handler

no-issue

This allows users to log out of the theme layer

* Fixed missing code property

no-issue

Ignition uses the statusCode property to forward status codes to call sites

* Removed superfluous error middleware

no-issue

Before we used generic JWT middleware which would reject, now the
middleware catches it's own error and doesn't error, thus this
middleware is unecessary.

* Removed console.logs

no-issue

* Updated token expirty to hardcoded 20 minutes

no-issue

This returns to our previous state of using short lived tokens, both for
security and simplicity.

* Removed hardcoded default member settings

no-issue

This is no longer needed, as defaults are in default-settings.json

* Removed stripe from default payment processor

no-issue

* Exported `getSiteUrl` method from url utils

no-issue

This keeps inline with newer naming conventions

* Updated how audience access control works

no-issue

Rather than being passed a function, members api now receives an object
which describes which origins have access to which audiences, and how
long those tokens should be allowed to work for. It also allows syntax
for default tokens where audience === origin requesting it. This can be
set to undefined or null to disable this functionality.

{
    "http://site.com": {
        "http://site.com": {
            tokenLength: '5m'
        },
        "http://othersite.com": {
            tokenLength: '1h'
        }
    },
    "*": {
        tokenLength: '30m'
    }
}

* Updated members service to use access control feature

no-issue

This also cleans up a lot of unecessary variable definitions, and some
other minor cleanups.

* Added status code to auth pages html response

no-issue

This was missing, probably default but better to be explicit

* Updated gateway to have membersApiUrl from config

no-issue

Previously we were parsing the url, this was not very safe as we can
have Ghost hosted on a subdomain, and this would have failed.

* Added issuer to public config for members

no-issue

This can be used to request SSR tokens in the client

* Fixed path for gateway bundle

no-issue

* Updated settings model tests

no-issue

* Revert "Removed stripe from default payment processor"

This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845.

* Revert "Removed hardcoded default member settings"

This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a.

* Installed @tryghost/members-ssr

* Fixed tests for settings model
2019-04-16 16:50:25 +02:00
Rish
770f6afa2a Version bump to 2.20.0 2019-04-16 16:42:31 +05:30
Rish
1ca3ba9a6e Updated Ignition to 3.1.0
no issue

- Bumped Ghost Ignition to 3.1.0 to support more options
2019-04-16 16:32:50 +05:30
Rishabh Garg
62f5bdac4c
Updated to use count words/images helpers from SDK (#10686)
refs #10618

- Added @tryghost/helpers dependency to use Ghost-SDK helpers
- Updated countWords, countImages helpers and removed local copy
2019-04-16 08:00:01 +05:30
Fabien O'Carroll
5460de9c58 Updated gscan to 2.5.0
no-issue

This includes a bump to handlebars -> 4.1.2, which fixes a potential RCE
https://github.com/wycats/handlebars.js/blob/v4.1.2/release-notes.md#v412---april-13th-2019
2019-04-15 14:30:37 +02:00
Fabien O'Carroll
0f5ca616b8 Updated express-hbs to 1.1.1
no-issue

This includes a bump to handlebars -> 4.1.2, which fixes a potential RCE
https://github.com/wycats/handlebars.js/blob/v4.1.2/release-notes.md#v412---april-13th-2019
2019-04-15 14:30:37 +02:00
Nazar Gargol
a7385f5e10 Version bump to 2.19.4 2019-04-09 19:30:37 +08:00
Fabien O'Carroll
3f52c404d4 Removed coverage tasks from Gruntfile
refs #9441
2019-04-08 18:23:35 +02:00
Kevin Ansfield
12e0366fc9 Version bump to 2.19.3 2019-04-04 14:58:48 +01:00
Fabien O'Carroll
c461c66b38 Added support for local template options
no-issue

This bumps express-hbs to 1.1.0 which includes the change for local
template options.

https://github.com/barc/express-hbs/releases/tag/v1.1.0
2019-04-03 11:31:20 +02:00
Kevin Ansfield
dd619789cb Version bump to 2.19.2 2019-04-02 10:02:14 +01:00
Nazar Gargol
7d6436f9bf Bumped gscan version to 2.4.0
no issue

- Updated theme fixtures to be in line with new deprecation rules
for {{lang}} and {{@blog.*}} helpers introduced with https://github.com/TryGhost/gscan/pull/180
2019-04-02 13:47:59 +08:00
Kevin Ansfield
a532e35dc4 Version bump to 2.19.1 2019-03-27 17:26:57 +00:00
Fabien O'Carroll
e99db0ee2d Revert "🐛 Fixed AMP output when there is a trailing '$'" (#10642)
This reverts commit 0c77033d51.

See https://github.com/TryGhost/Ghost/issues/10643 for an explanation.
2019-03-27 17:20:21 +00:00
Fabien O'Carroll
00a52750df Version bump to 2.19.0 2019-03-26 11:50:32 +01:00
Fabien O'Carroll
0c77033d51 🐛 Fixed AMP output when there is a trailing '$'
closes #9716

This was caused by a bug in express-hbs, which has more explanation
here:
https://github.com/TryGhost/Ghost/issues/9716#issuecomment-414863553
2019-03-26 12:19:30 +08:00
Kevin Ansfield
6629b4d490 Version bump to 2.18.3 2019-03-22 13:38:48 +00:00
Rish
eacd9d6e08 Version bump to 2.18.2 2019-03-19 16:41:50 +05:30
kirrg001
8fd2e03ebf Version bump to 2.18.1 2019-03-13 23:43:48 +01:00
Fabien O'Carroll
02c56e90e5 Version bump to 2.18.0 2019-03-13 22:06:18 +01:00
Nazar Gargol
1d64090f5e Version bump to 2.17.2 2019-03-13 18:52:43 +08:00
Kevin Ansfield
f6f35ebcd0 Version bump to 2.17.1 2019-03-12 18:45:55 +00:00
Nazar Gargol
458a57b09d Version bump to 2.17.0 2019-03-12 20:39:30 +08:00
Hannah Wolfe
9efc06255f Simplify lint build in travis & grunt
refs #9441

- We have logic in travis and in grunt and in package.json, this simplifies things.
- `grunt lint` is now just an alias
2019-03-11 16:25:56 +00:00
Nazar Gargol
b95547c3a2 Bumped ghost-ignition version to 3.0.4 2019-03-11 12:01:14 +08:00
Nazar Gargol
363d10cc29 Bumped ghost-ignition version to 3.0.3
no issue
2019-03-07 14:29:03 +08:00
Kevin Ansfield
4428ed5f79 Version bump to 2.16.4 2019-03-06 12:19:06 +00:00
Kevin Ansfield
4fc6b11d79 Version bump to 2.16.3 2019-03-05 10:46:57 +00:00
Vikas Potluri
42c472feff Removed superagent dependency (#10535)
no issue

- Migrated default scheduling adapter to use Got via the request proxy
- SchedulingDefault is the only module that was using superagent so removed it as a dependency
2019-03-04 15:59:38 +08:00
kirrg001
2732e467db Version bump to 2.16.2 2019-02-27 10:06:48 +01:00
kirrg001
4547bf5e07 Version bump to 2.16.1 2019-02-26 12:15:53 +01:00
kirrg001
609b3ca57e Version bump to 2.16.0 2019-02-26 10:29:47 +01:00
Nazar Gargol
4db2eb7ce1 Bumped @tryghost/html-to-mobiledoc version
refs #10471
2019-02-25 10:25:56 +07:00
Fabien O'Carroll
add02c02b0 Version bump to 2.15.0 2019-02-21 12:10:22 +01:00
Nazar Gargol
f394eaa7b8 Added optional support for HTML source
closes TryGhost/Ghost-SDK/issues/51

- Due to JSDOM not supporting Node v6 the support for HTML conversion is now optional
2019-02-21 13:27:47 +07:00
Nazar Gargol
4e12b73c8a Bumped and pinned version for @tryghost/html-to-mobiledoc
no issue
2019-02-15 19:07:01 +00:00
Nazar Gargol
9020293e61 Added posibility to accept html as an input source for post
closes #10471

- Allows accepting HTML input for /posts endpoint when `?source=html` is
present in query parameter along with `html` in request payload
2019-02-15 18:58:46 +00:00
Nazar Gargol
3877f532e4 Version bump to 2.14.3 2019-02-14 11:03:10 +00:00
Nazar Gargol
2f24aca5f4 Version bump to 2.14.2 2019-02-13 14:59:05 +00:00
Rish
7a6375f931 Version bump to 2.14.1 2019-02-12 16:36:32 +05:30
Fabien O'Carroll
21e6242498
Removed unused greenkeeper config (#10479)
refs #9441
2019-02-11 20:16:23 +01:00
Fabien O'Carroll
bdd57b36cf
Moved grunt-eslint to npm script executing eslint (#10474)
refs #9441

* Updated top-level ids to use const
* Removed one layer of indentation
* Added .eslintignore files for server and test tasks
* Added npm scripts for eslint
* Fixed lint command in w/ grunt
* Uninstalled grunt-eslint
* Added eslint config
2019-02-11 13:26:06 +01:00
Nazar Gargol
6e0409d6db Bumped ghost-ignition version
no issue
2019-02-11 12:18:29 +00:00
Fabien O'Carroll
986c6d1f07
Removed minimist dev dependency (#10475)
refs #9441
2019-02-11 13:16:09 +01:00
Kevin Ansfield
aa1b9574ab Updated oembed providers list
no issue
- switch away from forked version of `oembed-parser` - our changes are merged upstream
- latest `oembed-parser` has a newer version of the providers list
2019-02-11 12:13:33 +00:00
Kevin Ansfield
6bae5e3c4c Added yarn fixmodulenotdefined dev task
no issue
- sometimes the Ghost-Admin build will succeed but show a `module is not defined` error. The only fix we've found so far is a computer restart (most reliable) or to clean the yarn cache and re-install the admin dependencies
- adds `yarn fixmodulenotdefined` that:
  1. runs `yarn cache clean`
  2. changes to `{ghost}/core/client` then deletes `node_modules`, `tmp`, and `dist`, before re-installing dependencies with `yarn`
  3. changes back to `{ghost}/`
- after running the command you'll need to run `grunt dev` or similar again
2019-02-11 10:44:42 +00:00
Naz Gargol
19643c75dd
Added JSON Schema validation for /posts endpoint (#10468)
refs #10438

- Added  validation helper based on JSON schema
- Added schema validation for POST/PUT in /posts endpoints
- Refactored existing authors validation test suite
- Extended test coverage with a minimally required structure of post.add validator
2019-02-08 10:40:58 +00:00
kirrg001
6616cfe617 Fixed triggering bookshelf event twice
no issue

- bumped bookshelf-relations
- IMO this bug is not critical, because our event listeners should be protected to run twice
2019-02-07 22:10:12 +01:00
Kevin Ansfield
52a482cba8 Version bump to 2.14.0 2019-02-07 14:35:06 +00:00
Kevin Ansfield
68d73d31b2 Bumped express-hbs dependency
no issue
- express-hbs has been updated to depend on handlebars@4.0.13 which protects against a potential RCE
- Ghost itself was not vulnerable to the RCE due to protection by gscan which does not allow themes using unknown helpers to be installed/activated
2019-02-07 14:16:37 +00:00
Fabien O'Carroll
46bf5270df
Added initial subscription support with stripe to Members API (#10460)
These changes introduce a new "service" to the members api, which handles getting and creating subscriptions.

This is wired up to get subscription information when creating tokens, and attaching information to the token, so that the Content API can allow/deny access. 

Behind the subscription service we have a Stripe "payment processor", this holds the logic for creating subscriptions etc... in Stripe.

The logic for getting items out of stripe uses a hash of the relevant data as the id to search for, this allows us to forgo keeping stripe data in a db, so that this feature can get out quicker.
2019-02-07 10:41:39 +01:00
Nazar Gargol
d482b4dd3a Version bump to 2.13.2 2019-02-05 12:11:27 +00:00
Fabien O'Carroll
6dc47f2ff2 🐛 Fixed errors for missing sharp install
closes #10421
2019-02-05 10:14:05 +01:00
kirrg001
3289dc7619 Introduced model._changed
refs #9248

- Bookshelf gives access to ".changed" before the update
  - Discussion: https://github.com/bookshelf/bookshelf/issues/1943
- We also need to know what has changed after the update to be able to decide if we should trigger events
- Furthermore: Bookshelf cannot handle relation updates, it always marks relations as changed even though they did not change
- Bumped bookshelf-relations to be able to
  - know if relations were updated
  - ensure we unset relations on bookshelf's ".changed"
2019-02-03 13:02:26 +01:00
Kevin Ansfield
fa4daf8052 Version bump to 2.13.1 2019-01-29 14:49:22 +00:00
Kevin Ansfield
8ce86313fc Version bump to 2.13.0 2019-01-29 10:59:32 +00:00
Fabien O'Carroll
12a265b500
🐛 Fixed error for missing sharp install (#10423)
closes #10421
refs #10181

This bumbs the ghost-ignition dep, so that the code passed to errors
takes priority over any code the error is inheriting from.
2019-01-28 12:37:27 +01:00
kirrg001
d017cf32a0 🐛 Fixed eslint installation error when using node version < 8.10 and < 6.14
closes #10420

- bumped brute-knex

> error eslint@5.12.1: The engine “node” is incompatible with this module. Expected version “^6.14.0 || ^8.10.0 || >=9.10.0”. Got “8.9.1”
2019-01-27 18:29:40 +01:00
Katharina Irrgang
75fbd272c9
Separated test env into: acceptance, regression and unit tests (#10411)
refs #9178

`yarn test` only runs acceptance and unit tests.
We will setup a cronjob in Travis and run the regression tests once per day.
You can manually run them with `yarn test:regression`

This separation is just a first step into the right direction.
Travis will no longer run for 10-13minutes.
The goal is to run common API use cases and unit tests in Travis and locally by default.

## After this separation we still need to:

- re-work our test utility
- remove some tests
- define which tests are our common API use cases
- rewrite some tests
- make testing easier (starting/stopping Ghost, fixtures and resetting services or event listeners, it's a pain and takes sometimes ages to fix tests)


---

**Acceptance:**
- common/basic API use cases against the current **stable** API

**Unit:**
- all unit tests (no database access)
- proper mocking

**Regression:**
- packages we don't want to run for each PR or commit
- tests which protect Ghost from breaking components and behaviour
- it is wishful that regression tests are using Ghost's API's (frontend, apps, core)

---

**This PR requires an update to our docs.**
2019-01-22 17:54:50 +01:00
Kevin Ansfield
9fc9aefa9c Version bump to 2.12.0 2019-01-22 11:36:17 +00:00
kirrg001
baa8a6a1d4 Bumped moment to version 2.24.0
no issue
2019-01-22 09:12:43 +01:00
kirrg001
c862110cc4 Respected peer dependency for bookshelf
no issue

- need to use knex 0.14.x for now
- Bookshelf already bumped the peer dependency in master, but was not released yet
2019-01-22 09:12:43 +01:00
Katharina Irrgang
585eada1c3
Removed grunt-docker from dev dependencies (#10405)
no issue

- this npm package is very out-of-date
- it shows 5-6 security warnings
- i don't really know why this grunt command exists
- it was added 5 years ago: f84d3d32e5
2019-01-22 06:56:50 +01:00
Katharina Irrgang
4acc375fb6
Bumped knex & bookshelf dependencies (#10404)
refs #9389, refs #9248

- https://github.com/bookshelf/bookshelf/releases/tag/0.14.0
- Bookshelf has fixed it's previous attr handling, see https://github.com/bookshelf/bookshelf/pull/1848
- SQlite3 double slashes was merged into knex and released 👻tgriesser/knex@c746dea
2019-01-21 21:53:11 +01:00
Katharina Irrgang
d0687da3a3
Bumped major test dependencies (#10403)
refs #9389

- eslint@5.12.1, eslint-plugin-ghost@0.1.0, grunt-contrib-clean@2.0.0, grunt-contrib-uglify@4.0.0, grunt-eslint@21.0.0, grunt-mocha-cli@4.0.0, grunt-shell@3.0.1, mocha@5.2
.0, nock@10.0.6, rewire@4.0.1

All of them dropped Node v4. I was not able to find any other big breaking changes, which affect us right now.
2019-01-21 18:28:44 +01:00
Katharina Irrgang
fb044e6d88
Bumped sinon from 4.4.6 to 7.3.2 (#10400)
refs #9389

- https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md

Breaking changes for Ghost:

- no need to create a sandbox anymore, each file get's it's own sandbox
- just require sinon and use this sandbox
- you can still create separate sandboxes with .createSandbox
- reset single stubs: use .resetHistory instead of .reset

This is a global replace for any sandbox creation.

---

From https://sinonjs.org/releases/v7.2.3/sandbox/

> Default sandbox
> Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
kirrg001
c20ff9afb8 Bumped superagent from 3.8.3 to 4.1.0
refs #9389

- https://github.com/visionmedia/superagent/blob/master/History.md#400-2018-11-17
- breaking changes don't really affect us
  - .end(…) returns undefined instead of the request. If you need the request object after calling .end() (and you probably don't), save it in a variable and call request.end(…). Consider not using .end() at all, and migrating to promises by calling .then() instead.
  - this could be changed, but it's not required
2019-01-21 15:19:07 +01:00
kirrg001
742aef77f2 Bumped html-to-text from 3.3.0 to 4.0.0
refs #9389

- https://github.com/werk85/node-html-to-text/blob/master/CHANGELOG.md#version-400
- breaking change does not affect us
2019-01-21 15:02:52 +01:00
kirrg001
1705e8575f Bumped csv-parser from 1.12.1 to 2.1.0
refs #9389

- breaking change does not affect use
- https://github.com/mafintosh/csv-parser/releases/tag/v2.0.0
2019-01-21 14:40:30 +01:00
kirrg001
eedf0dae02 Bumped chalk from version 1.1.3 to 2.4.2
refs #9389

- i was not able to find a breaking change, which affects us
- https://github.com/chalk/chalk/releases/tag/v2.0.0
2019-01-21 14:31:26 +01:00
kirrg001
8174a5cce7 Bumped archiver from version 1.3.0 to 3.0.0
refs #9389

- i wasn't able to find a breaking change which affect us
- https://github.com/archiverjs/node-archiver/blob/master/CHANGELOG.md
- we use it for downloading themes. this feature still works
2019-01-21 14:16:00 +01:00
kirrg001
7681199135 Bumped analytics-node from version 2.4.1 to 3.3.0
refs #9389

- breaking changes do not affect us
- https://github.com/segmentio/analytics-node/releases/tag/v3.0.0
2019-01-21 13:36:46 +01:00
kirrg001
f17d134759 Bumped dependencies
no issue
2019-01-21 13:33:20 +01:00
Fabien O'Carroll
2aec5db811 Version bump to 2.11.1 2019-01-16 09:58:53 +01:00
Hannah Wolfe
846a94728f
🐛 Fixed uncaught exceptions from image fetches
closes #10383

- Upgrades got to 8.3.2, which contains better error handling and resolves the issue with uncaught exceptions
- Note: Got 9.x stream doesn't support Node v6
- Requires us to hardcode http:// for xmlrpc because there is a breaking change where got now defaults to https instead of http
2019-01-15 20:35:46 +00:00
Fabien O'Carroll
80869166c2 Version bump to 2.11.0 2019-01-15 14:10:52 +01:00
Fabien O'Carroll
7a97442457 Version bump to 2.10.2 2019-01-15 13:42:13 +01:00
Fabien O'Carroll
be4eb576e3 Version bump to 2.10.1 2019-01-09 12:27:01 +01:00
Nazar Gargol
dcaed2be3c Version bump to 2.10.0 2019-01-08 12:37:48 +00:00
Nazar Gargol
af7daa08f9 Version bump to 2.9.1 2018-12-20 11:28:23 +01:00
Kevin Ansfield
4c9d4ed664 Version bump to 2.9.0 2018-12-17 14:25:24 +00:00
kirrg001
a357df1eb9 Version bump to 2.8.0 2018-12-11 14:25:52 +01:00
Katharina Irrgang
9d7c3bd726
🐛 Fixed all known filter limitations (#10159)
refs #10105, closes #10108, closes https://github.com/TryGhost/Ghost/issues/9950, refs https://github.com/TryGhost/Ghost/issues/9923, refs https://github.com/TryGhost/Ghost/issues/9916, refs https://github.com/TryGhost/Ghost/issues/9574, refs https://github.com/TryGhost/Ghost/issues/6345, refs https://github.com/TryGhost/Ghost/issues/6309, refs https://github.com/TryGhost/Ghost/issues/6158, refs https://github.com/TryGhost/GQL/issues/16

- removed GQL dependency
- replaced GQL with our brand new NQL implementation
- fixed all known filter limitations
- GQL suffered from some underlying filter bugs, which NQL tried to fix
- the bugs were mostly in how we query the database for relation filtering
- the underlying problem was caused by a too simple implementation of querying the relations
- mongo-knex has implemented a more robust and complex filtering mechanism for relations
- replaced logic in our bookshelf filter plugin
- we pass the custom, default and override filters from Ghost to NQL, which then are getting parsed and merged into a mongo JSON object. The mongo JSON is getting attached by mongo-knex.

NQL: https://github.com/NexesJS/NQL
mongo-knex: https://github.com/NexesJS/mongo-knex
2018-12-11 11:53:40 +01:00
Fabien O'Carroll
38c631eaf7 Installed deps required for members
refs #10213
2018-12-11 11:53:55 +07:00
Fabien O'Carroll
3d7b4dc0f5 Version bump to 2.7.1 2018-12-05 14:28:11 +07:00
Fabien O'Carroll
3618db6d40 Version bump to 2.7.0 2018-12-04 21:10:16 +07:00
John O'Nolan
7aa8251b80 Updated npm keywords (#10217)
no issue
2018-12-03 12:04:05 +01:00
Rish
3017959b2f Version bump to 2.6.2 2018-11-27 18:33:56 +05:30
Nazar Gargol
ec0a58b6f7 Version bump to 2.6.1 2018-11-20 18:21:48 +01:00
Kevin Ansfield
2f4b2151b3 Version bump to 2.6.0 2018-11-13 12:51:06 +00:00
Nazar Gargol
28a686a936 🐛 Fixed image optimisation for input image being smaller than optimized one
closes #10144

- When the input image is well optimized and has smaller byte size than the processed one it's still being used
- Bumped sharp version to have access to `size` property
2018-11-13 13:19:31 +01:00
kirrg001
fb3c375e74 Bumped knex-migrator to version 3.2.4
refs https://github.com/TryGhost/Ghost/issues/10155
2018-11-13 12:00:40 +01:00
Fabien O'Carroll
e0f31c67ba Installed jsonwebtoken@8.3.0 2018-11-08 13:32:09 +07:00
kirrg001
26fe808b77 Version bump to 2.5.0 2018-11-07 16:19:44 +01:00
Katharina Irrgang
c15a473ac8
📌 Pinned Node v10 to ^10.13.0 (#10125)
no issue

- see/reason https://nodejs.org/en/blog/release/v10.13.0/
- https://github.com/TryGhost/Ghost-CLI/releases/tag/1.9.8
2018-11-07 15:43:01 +01:00
Fabien O'Carroll
31c35e1c2c Version bump to 2.4.0 2018-10-30 19:26:41 +07:00
Katharina Irrgang
4bd211b42a Added Node v10 Support (#10058)
* Added Node v10 Support

no issue

Signed-off-by: kirrg001 <katharina.irrgang@googlemail.com>

* Bump amperize to version 0.3.8

no issue

* Bump mysql to version 2.16.0

no issue

- mysql 2.15.0 uses a deprecated notation for timers
- e.g. timers.unenroll()

* Bump sub dependencies

no issue

- e.g. knex-migrator used mysql 2.15.0

* Bump dependencies

no issue

* Replaced `new Buffer` with `Buffer.from`

no issue

- Buffer() is deprecated due to security and usability issues.
- https://nodejs.org/en/docs/guides/buffer-constructor-deprecation/
2018-10-30 15:45:51 +07:00
Rish
35ba1d40df Version bump to 2.3.0 2018-10-22 15:41:19 +05:30
Kevin Ansfield
da2c292f64 Version bump to 2.2.4 2018-10-18 12:29:28 +01:00
Kevin Ansfield
2c603c8a8a Version bump to 2.2.3 2018-10-16 17:38:23 +01:00
Fabien O'Carroll
df4ef18410 Version bump to 2.2.2 2018-10-11 14:20:35 +07:00
Nazar Gargol
e709c80afd Version bump to 2.2.1 2018-10-09 16:34:37 +02:00
Katharina Irrgang
a7b0029471 Added mobiledoc revisions functionality
closes #9927

- Added post model implementation to be able to store up to 10 versions of mobiledoc
- Bumped GQL to support filtering on the mobiledoc revision table
- Added tests ensuring new functionality works
2018-10-09 15:31:09 +02:00
Katharina Irrgang
db1d2f62dd
Removed api integration tests (#9940)
refs #9866 

- moved the tests either to unit tests or routing tests
- or removed test case (a lot)
- this commit is very big 🤪, it was not rly possible to create clean commits for this
- it only changes the test env, no real code is touched

Next steps:
- optimise folder structure + make v2 testing possible
- reduce some more tests from routing and model integeration tests
2018-10-06 22:13:52 +02:00
kirrg001
c96c474501 Version bump to 2.2.0 2018-10-02 22:57:14 +02:00
Fabien O'Carroll
cb0c5dc582
Session auth service (#9910)
refs #9865

* This service handles the session store and exporting middleware to be
used for creating and managing sessions

* Updates the auth service index.js file in line with how we do things elsewhere

* After wrapping the exports in a getter, the usage of rewire had broken
the authenticate tests, this commit _removes_ rewire from the tests, calls `init` on
the models before the tests (needed because rewire isn't there) and also
cleans up the use of var.
2018-10-02 15:35:23 +07:00
Fabien O'Carroll
6ccb2debe2 Version bump to 2.1.4 2018-09-25 18:04:57 +07:00
Fabien O'Carroll
215bddeffd Version bump to 2.1.4-beta.1 2018-09-25 17:34:37 +07:00
Nazar Gargol
082dec7507 Bumped ghost-ignition to version 2.9.6 2018-09-25 11:41:37 +02:00
Nazar Gargol
57271127f4 Added v2 api endpoints (#9874)
refs #9866

- Registered Content API under /ghost/api/v2/content/
- Registered Admin API under /ghost/api/v2/admin/
- Moved API v0.1 implementation to web/api/v0.1
- Created web/api/v2 for the new api endpoints
- Started with reducing the implementation for the new Content API (the Content api does not serve admin api endpoints, that's why it was reducible)
- Covered parent-app module with basic test checking correct applications/routes are being mounted
- Added a readme file, which contains a warning using v2, because it's under active development!
- This PR does only make the new endpoints available, we have not:
  - optimised the web folder (e.g. res.isAdmin)
  - started with different API controllers
  - reason: we want to do more preparation tasks before we copy the api controllers
2018-09-18 15:59:06 +02:00
Rish
6ae5c13de7 Version bump to 2.1.3 2018-09-18 18:07:57 +05:30
Kevin Ansfield
2eada22282 Bump forked oembed-parser dependency
no issue
- removes bellajs sub-dependency that wasn't pinned because it's latest version restricts the usable node version
2018-09-18 10:33:04 +01:00
Sumedh Nimkarde
efd1587ee9 Switched to eslint-plugin-ghost (#9835)
refs #9834

- @TODO: the test env eslint needs to use the plugin, not part of this PR
2018-09-17 20:49:30 +02:00
Nazar Gargol
d2bc812983 Version bump to 2.1.2 2018-09-11 14:15:21 +02:00
Nazar Gargol
8ca444fd55 Version bump to 2.1.1 2018-09-06 12:59:24 +02:00
Nazar Gargol
b36490b6e7 Bump gscan to version 2.2.1
closes #9851
2018-09-06 12:24:17 +02:00
kirrg001
c679a3527a Version bump to 2.1.0 2018-08-31 12:14:52 +01:00
Fabien O'Carroll
c9b8ddde4b 🎨Added absolute_url flag to public api (#9833)
closes #9832

The API _should_ be returning absolute URLs for everything, 3rd party applications require absolute urls to read and display ghost data correctly. Currently they have to concat the blog url and the resource url, which is very uncomfortable.

Changing the public api like this would be considered a breaking change however so we've opted to put it behind a query parameter named `absolute_urls`.
2018-08-31 11:02:39 +01:00
Rish
5f49d9090a Update gscan version 2018-08-30 17:59:47 +01:00
Nazar Gargol
0faf89b5ab Added ability to resize and compress images on upload (#9837)
refs #4453

* On by default

* Added config to disable resizing

* Added basic image optimization processing

* Added dep: sharp (optional dep)

* Added resize middleware

* Take care of rotation based on EXIF information

* Removed all meta data from optimised image

* Added handling if sharp could not get installed

* Do not read ext twice - optimisation

* Do not call sharp if config is disabled

* Do not remove the original image which was uploaded (store 2 images)

* Support of `req.files` for internal logic

* Disabled cache to enable file removal on Windows
2018-08-30 17:30:36 +01:00
kirrg001
fcc2ee4114 Version bump to 2.0.3 2018-08-22 14:35:01 +02:00
Kevin Ansfield
85213ed553 Version bump to 2.0.2 2018-08-21 10:11:14 +01:00
Katharina Irrgang
47e9eb48f7 Changed oembed-parser git link in package.json (#9806)
no issue
- git links require git to be installed which isn't likely on servers
- use tarball instead
2018-08-21 09:30:19 +01:00
Kevin Ansfield
ac63978643 Version bump to 2.0.1 2018-08-20 15:11:51 +01:00
Kevin Ansfield
c186347f0c
🐛 Koenig - Fixed Vimeo, Hulu, and Facebook Post embeds (#9803)
refs https://github.com/TryGhost/Ghost/issues/9786
- bumped `oembed-parser` dependency to a forked version
  - contains fix for oembed.com providers that include `{format}` in the `url`
  - contains updated `providers.json` file including the `Facebook (Post)` provider (thanks @lunaticmonk)
2018-08-20 11:52:40 +01:00