Commit Graph

1812 Commits

Author SHA1 Message Date
Rishabh
f9866f97ae Updated config test to include adminX property
refs https://github.com/TryGhost/Team/issues/3151
2023-05-16 13:10:00 +05:30
Rishabh
067766e555 Updated publish config for admin-x settings package
refs https://github.com/TryGhost/Team/issues/3151
2023-05-16 12:49:59 +05:30
Rishabh
31779c95b5 Added feature flag for new admin-x settings
refs https://github.com/TryGhost/Team/issues/3151

- allows toggling route to new settings screen in react

Co-authored-by: Peter Zimon <zimo@ghost.org>
2023-05-16 12:23:24 +05:30
Rishabh
bf2a2eeb63 Added route for new admin-x settings
refs https://github.com/TryGhost/Team/issues/3151

- adds route in Admin for opening new settings screen in react
- adds new config for passing `adminX` to Admin
- loads adminX settings from package in Admin UI when new route is opened

Co-authored-by: Peter Zimon <zimo@ghost.org>
2023-05-16 12:23:24 +05:30
renovate[bot]
e66d335aef Update dependency semver to v7.5.1 2023-05-15 15:13:17 +02:00
Michael Barrett
59fe794b0c
Implemented duplicate post functionality (#16767)
refs: https://github.com/TryGhost/Team/issues/3139 https://github.com/TryGhost/Team/issues/3140

- Added duplicate post functionality to post list context menu
  - Currently only a single post can be duplicated at a time
  - Currently only enabled via the `Making it rain` flag
- Added admin API endpoint to copy a post - `POST ghost/api/admin/posts/<post_id>/copy/`
- Added admin API endpoint to copy a page - `POST ghost/api/admin/pages/<page_id>/copy/`
2023-05-15 09:30:32 +01:00
Ghost CI
8a5b1dd5d9 Merged v5.47.2 into main 2023-05-15 07:56:45 +00:00
Ghost CI
80d4072fdd v5.47.2 2023-05-15 07:56:43 +00:00
Chris Raible
58ffd1cfeb
Bumped kg-default-nodes and kg-lexical-html-renderer (#16785)
no issue

- bumped kg-default-nodes to 0.0.41
- bumped kg-lexical-html-renderer to 0.1.37
2023-05-12 18:20:54 -07:00
Fabien "egg" O'Carroll
08597b47ba Added unit test for TiersRepository
We were completely missing tests for this, and the new logic pushed us under
the coverage threshold.
2023-05-12 16:38:32 -04:00
Fabien "egg" O'Carroll
c0ca7b16f6 Added caching to TierRepository
refs https://github.com/TryGhost/Toolbox/issues/515

Tiers are very frequently queried and we want to reduce the number of DB calls
we're making. We can store the Tiers in-memory, using the existing in-memory
repository patterns, but still persisting writes the the database.

We also have to update our test helpers, because they were bypassing the
repository for writes, but using it for reads resulting in an invalid cache
2023-05-12 16:38:32 -04:00
Fabien "egg" O'Carroll
6ab862568c Used TierRepository in serializers
We want to cache access to Tiers, and it's easier to do that in the
TierRepository. So we update a heavy user of Tiers to use the Tier
service so it can take adv of caching. The serializers are a big
offender for making calls to fetch Tiers.
2023-05-12 16:38:32 -04:00
Ghost CI
e41d9fedd8 v5.47.1 2023-05-12 15:02:19 +00:00
Ghost CI
8ce8cc81a5 🎨 Updated Casper to v5.4.11 2023-05-12 15:02:19 +00:00
Daniel Lockyer
53d30199b3
Updated Portal to v2.31
- contains support for several new languages
2023-05-12 15:37:23 +02:00
renovate[bot]
aa85263cb2 Update dependency express-lazy-router to v1.0.5 2023-05-12 13:55:57 +02:00
Daniel Lockyer
898b55265c Lazyloaded @extractus/oembed-extractor dependency
- this dependency seems a pretty heavy one to require upon boot and
  given most sites don't need it to function as normal, this saves
  several MB of RAM per instance
2023-05-12 12:18:40 +02:00
renovate[bot]
1fbf28618c Update dependency lib0 to v0.2.74 2023-05-12 11:47:38 +02:00
renovate[bot]
4ca5817286 Update dependency express-jwt to v8 2023-05-12 11:14:05 +02:00
Fabien 'egg' O'Carroll
13a18711d0
🐛 Fixed site setup hanging when mail isn't configured
closes https://github.com/TryGhost/Team/issues/3176

We were waiting for the welcome email to send before responding to the
client that setup is complete, this was causing the client to hang when
running `ghost install local` as mail isn't configured by default.
2023-05-11 11:58:27 -04:00
Kevin Ansfield
9ae3a535ac
Added missing explicit jsdom dependency in core
no issue

- the lexical lib file makes use of `jsdom` but there was no explicit dependency for it in `package.json` meaning we were relying on it being incidentally depended on through another package which is brittle
2023-05-11 14:05:11 +01:00
Deepam Kapur
3a39aa361b
🐛 Fixed generating card assets with include allowlist (#16766)
fixes https://github.com/TryGhost/Ghost/issues/16652

- we need `@` keyword before '(' according to the globrex package used in tiny-glob
2023-05-11 14:20:35 +02:00
Naz
3eebeb608c
Added collections feature flag
closes https://github.com/TryGhost/Team/issues/3165

- This feature flag is here to gate the development of Collections 2.0 feature
2023-05-11 16:31:45 +07:00
Fabien 'egg' O'Carroll
d3432399c7
Bumped knex-migrator & gscan to latest versions (#16770)
These versions use the latest version of @tryghost/errors, which uses
the correct import for @stdlib/utils-copy. This should hopefully stop
missing module errors when running locally.
2023-05-10 10:13:02 -04:00
Sodbileg Gansukh
4898fd401b Updated signup confiramtion email snapshot
no issues

- updated the snapshot based on the changes added to the email template
2023-05-10 18:18:10 +08:00
Sodbileg Gansukh
1520ba3c10 Improved spacing of the transactional emails
refs https://github.com/TryGhost/Team/issues/3159
2023-05-10 18:01:46 +08:00
Fabien "egg" O'Carroll
c5dc5a2675 Fixed @tryghost/mailgun-client import
We were incorrectly specifying the path of the file rather than relying on the
package exports, and this broke in the previous commit to a file rename. It
wasn't caught by CI because the browser tests are not run on pull requests
2023-05-09 13:00:18 -04:00
Fabien "egg" O'Carroll
104f84f252 Added eslint rule for file naming convention
As discussed with the product team we want to enforce kebab-case file names for
all files, with the exception of files which export a single class, in which
case they should be PascalCase and reflect the class which they export.

This will help find classes faster, and should push better naming for them too.

Some files and packages have been excluded from this linting, specifically when
a library or framework depends on the naming of a file for the functionality
e.g. Ember, knex-migrator, adapter-manager
2023-05-09 12:34:34 -04:00
Ronald Langeveld
8a08cf3628
Added signupCard feature flags (#16763)
no issue

This pull request adds a new experimental feature flag `signupCard` to
the Ghost admin app, which enables a signup card component in the
lexical editor that's currently being worked on. 
The feature flag can be toggled from the settings/labs
UI and is read from the server-side configuration.
2023-05-09 16:27:36 +02:00
Fabien 'egg' O'Carroll
0b8c3747c5
Supported inviting users using an Admin API Integration
Whilst Admin API Integrations had the permissions to create invites they were
blocked from doing so at the HTTP level. We've removed this restriction for
creating Invites as well as browsing Roles, because a Role ID is necessary to
create an invite. The code was also not setup to support Admin API Integrations
as it made assumptions about the existence of a User. That has been updated in
the permissions layer - so that the Invites are limited to Contributors,
Authors and Editors as well as at the email layer, which has has the copy and
from address updated to reflect the lack of a User creating the Invite.
2023-05-08 15:27:15 -04:00
Sag
f560a334cc
Bumped Lexical packages (#16756)
no issue

- Bumped default config for koenig-lexical to ~0.2
2023-05-08 18:39:14 +02:00
Daniel Lockyer
799561aaec
Reduced Sharp concurrency to test alleviating memory fragmentation
refs 9d104c8511

- we've seen recurring instances where Ghost will hog memory after image
  uploads
- we use `jemalloc` to try and help this, but it still seems to happen
- according to the sharp thread referenced in my commit above, memory
  fragmentation can also be helped by reducing the concurrency within
  sharp
- this is a bit of an experiment and we can revert if it causes issues
2023-05-08 10:51:56 +02:00
Chris Raible
810b789419 Increased Post Revisions limit to 25
no issue
2023-05-05 21:46:50 +00:00
Ghost CI
832cee3005 v5.47.0 2023-05-05 16:00:42 +01:00
Simon Backx
6566903df5
Cleaned up member attribution flag (#16745)
no issue

This commit removes the `memberAttribution` feature flag from the
codebase. Some CSS classes are not removed as removing them and updating
the associated CSS files have side effects sadly.
2023-05-05 15:04:14 +02:00
Daniel Lockyer
310ec7d58b
Bumped Portal to v2.30
fixes https://github.com/TryGhost/Ghost/issues/16641

- this updates Ghost to use the latest Portal, which contains updated
  translations and new locales since the last publish
2023-05-05 13:29:16 +02:00
Elena Baidakova
4207c9d0d1
Added browser tests for announcement bar (#16742)
refs TryGhost/Team#3122

<!-- Leave the line below if you'd like GitHub Copilot to generate a
summary from your commit -->
<!--
copilot:summary
-->
### <samp>🤖 Generated by Copilot at 87727d9</samp>

Added `data-testid` attributes to various elements in the announcement
bar settings feature to enable Playwright testing. Fixed a potential bug
with the `visibilitySettings` getter in the `visibility.js` component.
Added Playwright tests for the announcement bar settings feature in
`announcement-bar-settings.spec.js`.
2023-05-05 14:11:26 +04:00
Simon Backx
05bba5135d
Cleaned up sourceAttribution flag (#16740)
no issue

This commit removes the `sourceAttribution` feature flag from the
codebase.
2023-05-05 10:57:26 +02:00
Daniel Lockyer
cf41c3ad54
Removed final declaration of oembed-parser
refs 27e4523aec

- we no longer use `oembed-parser`, so we can remove it from
  package.json
- also pins the `@extractus/oembed-extractor` package and adds it into
  `@tryghost/oembed-service` where it was missing
2023-05-05 10:48:16 +02:00
Simon Backx
fbed93b866
🐛 Added missing history logs for post/page bulk actions (#16734)
no issue

The post/page bulk actions weren't logged in the history log / actions
table.

This change adds support for logging bulk actions.
- New `addActions` static method on models. It creates an action log in
the database for multiple models at once. If only one model was edited,
deleted or added, it will fallback to `addAction`
- `addAction` can also be called statically now
- `actionName` option is now supported when using `addActions`,
`addAction`, and as a result also in all bulk manipulation methods, and
CRUD methods. This allows you to replace the default '5 posts edited'
into something more specific like '5 posts featured'
- Fixed support for null resource_id in the parse-history-event helper
- Removed the default 'published' status requirement when using
Post.findOne for internal queries.
2023-05-05 09:45:36 +02:00
Chris Raible
27e4523aec
🐛 Improved error message for unauthorized YouTube embeds (#16374)
refs TryGhost/Ghost#16048

- When attempting to embed a Youtube video that has had embedding
disabled by its owner/author, Ghost displayed a generic error message
that didn't indicate the reason for the failed emebed.
- This change updated the error message when Youtube (or any provider)
returns 401: Unauthorized to indicate that the owner of the resource has
explicitly disabled embedding.
2023-05-04 16:04:58 -07:00
Simon Backx
848b2d82a1
Cleaned up suppressionList feature flag (#16736)
no issue

This pull request removes the `suppressionList` feature flag and all its
dependencies from the codebase. It makes the suppression list feature
the default and consistent behavior for all email events and
newsletters. It simplifies the UI, logic, and data related to email
events and newsletters. It affects several files in the
`ghost/admin/app`, `ghost/core/core`, and `ghost/members-api`
directories.
2023-05-04 14:47:04 +02:00
Chris Raible
b62a642084
Added background save every 10 minutes to the lexical editor (#16732)
refs TryGhost/Team#3133

- the backend previously had logic to save a revision if more than 10
mins had elapsed since the last revision
- however, the frontend would autosave after 3 seconds of inactivity
(which doesn't trigger a revision), and never send another save request
at 10 minutes, so the backend logic to save a revision was never
triggered
- this change will save the current contents of the editor every 10
minutes, even if nothing has changed since the last save
2023-05-03 14:46:32 -07:00
Fabien "egg" O'Carroll
b9565bc290 Migrated @tryghost/post-revisions to TypeScript!
This is an initial start to using TypeScript in our non-core Ghost packages.

- Adds a prepare script to build the project after installing deps
- Adds an initial tsconfig.json which is compatible with our node env
- Migrates all of the code to TypeScript, including tests
- Updates tests to use ts-node so that we don't need to compile the tests
- ts-node is installed at the top level because the env is weird with lerna and
  doesn't work otherwise
- Updates the yarn dev script to build the project with the --all and --revisions flag
2023-05-03 14:32:31 -04:00
Fabien "egg" O'Carroll
ed674981e6 Updated npm scripts to support packages with a build step
- Updates the prepare script in the top level to run prepare on packages, so
  that packages can be built when running `yarn`

- Updates the build script in ghost/core to run build on packages, so that
  packages are built before being monobundled

- Updates monobundle to be a dependency and use the new TryGhost repo, which
  includes some minor fixes and improvements, such as supporting devDeps

- Updates the GitHub workflows to run the build command in the top level
  directory rather than ghost/core so that other packages are built, too.
2023-05-03 14:32:31 -04:00
Ghost CI
81c93c16f0 Merged v5.46.1 into main 2023-05-03 13:47:34 +01:00
Ghost CI
17025cd344 v5.46.1 2023-05-03 13:47:31 +01:00
Fabien "egg" O'Carroll
b3caf16005 🔒 Fixed filtering on private Author fields in Content API
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9

Because our filtering layer is so coupled to the DB and we don't generally
apply restrictions, it was possible to fetch authors and filter by their
password or email field. Coupled with the "starts with" operator this can be
used to brute force the first character of these fields by trying random
combinations until an author is included in the filter. After which the next
character can be brute forced, and so on until the data has been leaked
completely.
2023-05-03 08:43:20 -04:00
Fabien "egg" O'Carroll
a22717a8e7 🔒 Fixed filtering on private Author fields in Content API
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9

Because our filtering layer is so coupled to the DB and we don't generally
apply restrictions, it was possible to fetch authors and filter by their
password or email field. Coupled with the "starts with" operator this can be
used to brute force the first character of these fields by trying random
combinations until an author is included in the filter. After which the next
character can be brute forced, and so on until the data has been leaked
completely.
2023-05-03 08:25:27 -04:00
Simon Backx
514c8917c0 Readded matchMetadataSnapshot
refs bac2f4d4d4 (diff-473dc0c49e80df6c07569ed5730445ebdaaa8138fc819182548727db50eb55aa)
2023-05-03 14:14:10 +02:00