Commit Graph

446 Commits

Author SHA1 Message Date
Michael Barrett
ed0762fb51
Removed usage of yg when using NQL (#19287)
refs https://github.com/TryGhost/NQL/pull/73

The referenced PR removes `yg` from the parsed NQL output, so we also
need to remove any usage of it in Ghost
2024-01-15 14:40:01 +00:00
Simon Backx
e5f644c27f
🐛 Fixed contain/starts/endsWith filters with /, _ or % in them (#19015)
fixes GRO-25

Updated @tryghost/nql to 0.12.0 and other packages that depend on it

1. SQLite: when a filter string contains /.

When we use a NQL contain/starts/endsWith filter that contains a slash,
underlyingly the whole filter will get converted to a MongoDB query, in
which we just use a regexp to represent the filter. In here we will
escape the slash: \/ as expected in a regexp. Later when we convert this
MongoDB query back to knex/SQL, we use a SQL LIKE query. Currently we
don't remove the escaping here for a normal slash. MySQL seems to ignore
this (kinda incorrect). SQLite doesn't like it, and this breaks queries
on SQLite that use slashes. The solution here is simple: remove the
backslash escaping when converting the regexp to LIKE, just like we do
with other special regexp characters.

2. We don't escape % and _, which have a special meaning in LIKE queries

Usage of % and _ is now as expected and doesn't have the special SQL
meaning anymore.
2023-11-16 09:35:20 +00:00
Simon Backx
75bb53f065
🔒 Added support for logging out members on all devices (#18935)
fixes https://github.com/TryGhost/Product/issues/3738
https://www.notion.so/ghost/Member-Session-Invalidation-13254316f2244c34bcbc65c101eb5cc4

- Adds the transient_id column to the members table. This defaults to
email, to keep it backwards compatible (not logging out all existing
sessions)
- Instead of using the email in the cookies, we now use the transient_id
- Updating the transient_id means invalidating all sessions of a member
- Adds an endpoint to the admin api to log out a member from all devices
- Added the `all` body property to the DELETE session endpoint in the
members API. Setting it to true will sign a member out from all devices.
- Adds a UI button in Admin to sign a member out from all devices
- Portal 'sign out of all devices' will not be added for now

Related changes (added because these areas were affected by the code
changes):
- Adds a serializer to member events / activity feed endpoints - all
member fields were returned here, so the transient_id would also be
returned - which is not needed and bloats the API response size
(`transient_id` is not a secret because the cookies are signed)
- Removed `loadMemberSession` from public settings browse (not used
anymore + bad pattern)

Performance tests on site with 50.000 members (on Macbook M1 Pro):
- Migrate: 6s (adding column 4s, setting to email is 1s, dropping
nullable: 1s)
- Rollback: 2s
2023-11-15 17:10:28 +01:00
renovate[bot]
cc43a311c2 Update Types packages 2023-11-08 12:29:48 +01:00
renovate[bot]
057d9599f5 Update TryGhost packages 2023-10-31 20:54:17 +01:00
renovate[bot]
df8eeb2249 Update Types packages 2023-10-31 14:40:32 +01:00
Daniel Lockyer
85d41d0562 Aligned dependencies with resolution values
- this commit brings all dependencies up-to-date with the version set as
  a resolution
2023-10-13 08:37:36 +02:00
Daniel Lockyer
85098e07d4 Configured all unit tests to use dot reporter
refs https://ghost.slack.com/archives/C02G9E68C/p1696490748701419

- this configures mocha to use the dot reporter because the default is
  way too verbose in CI
2023-10-05 12:24:24 +02:00
renovate[bot]
d15de11bf3 Update dependency @types/node-jose to v1.1.11 2023-09-25 09:11:50 +02:00
renovate[bot]
a79717e9ba Update dependency @types/jsonwebtoken to v9.0.3 2023-09-18 08:51:04 +02:00
Daniel Lockyer
c6cb35074a Updated linting and testing packages 2023-09-01 15:51:17 +02:00
Daniel Lockyer
d5cbb33e54 Pinned dependencies 2023-07-24 16:21:47 +02:00
renovate[bot]
7dce046786 Update Test & linting packages 2023-07-11 15:26:07 +02:00
renovate[bot]
476d7900d0 Update dependency @types/jsonwebtoken to v9 2023-06-20 15:46:04 +02:00
Hannah Wolfe
b80b90229f Added consistent linting pattern to all packages
refs: https://github.com/TryGhost/Toolbox/issues/188

- some of our older packages used a pattern for linting which missed using test config for linting tests
- we need this to be consistent so that we can add more eslint rules for testing
- two packages also didn't use the lib pattern, which made the lint pattern error - so this was fixed as well
2023-06-13 10:43:29 +01:00
renovate[bot]
07545541a8 Update @tryghost 2023-04-07 13:47:12 +02:00
renovate[bot]
83373e1751 Update Test & linting packages 2023-04-05 15:16:08 +02:00
Daniel Lockyer
b64d32cc26 Removed heavy dependency within @tryghost/errors
- we previously used `@stdlib/utils` instead of the child package
  `@stdlib/copy`, which is a lot smaller and contains our only use of
  the parent
- this saves 140+MB of dependencies
2023-04-05 13:46:15 +02:00
Daniel Lockyer
7ec2656495 Added yarn resolution for @tryghost/errors
- we keep ending up with multiple versions of the depedency in our tree,
  and it's causing problems when comparing instances
- the workaround I'm implementing for now is to bump the package
  everywhere and set a resolution so we only have 1 shared instance
- hopefully we can come up with a better method down the line
2023-04-05 09:34:50 +02:00
renovate[bot]
2223db5379
Update Test & linting packages 2023-03-13 02:36:20 +00:00
Daniel Lockyer
6b1966ad9b Updated sinon dependency
- this is being done manually instead of merging the Renovate PR because
  the PR bundles another bump which doesn't pass yet
2023-03-02 12:43:42 +01:00
renovate[bot]
9f08732039 Update @tryghost 2023-03-02 09:47:02 +01:00
Daniel Lockyer
2d1f9fff0c
Updated @tryghost/errors dependency
- there's a weird situation when we have mixed versions of the
  dependency because different libraries try to compare instances
- this brings the usage up to 1.2.21 so we can fix the build for now
2023-02-22 11:32:11 +01:00
renovate[bot]
0181f2f61d Update dependency body-parser to v1.20.2 2023-02-22 09:59:25 +01:00
Steve Larson
2d84b7d990
Upgraded got package from v9.6.0 to v11.8.6 (#16261)
Refs TryGhost/Team#2459
-upgraded got from v9.6.0 to v11.8.6 to support following redirects (and
other fixes)
-got v12+ requires ESM, so we do not want to upgrade further at this
time
-required changes to a few libraries that use externalRequests
-mention discovery service tests updated to test for follow redirects
2023-02-20 09:33:11 -06:00
renovate[bot]
7de35f1ca3 Update dependency node-jose to v2.2.0 [SECURITY] 2023-02-17 05:29:46 +00:00
renovate[bot]
cf7ecb492c
Update dependency c8 to v7.13.0 2023-02-16 22:15:50 +00:00
Daniel Lockyer
34fe49b110
Added version information to log lines
refs https://github.com/TryGhost/Toolbox/issues/501

- this reverts commit 48dda23554
- also includes a resolution for `@elastic/elasticsearch` so we don't
  run a version that is potentially problematic - see referenced issue
  for context
2023-01-20 13:18:44 +01:00
Daniel Lockyer
48dda23554
Reverted "Added version information to log lines"
refs https://github.com/TryGhost/Toolbox/issues/501

- this reverts commit f2116357b7
- something with Elasticsearch is causing high CPU usage, so this commit
  reverts that for now
2023-01-17 13:20:47 +01:00
Sam Lord
f2116357b7 Added version information to log lines
refs: https://github.com/TryGhost/Toolbox/issues/502

Updated to @tryghost/logging@2.4.0 to allow metadata to be logged
2023-01-12 10:34:23 +00:00
renovate[bot]
b86eaf8e71
Update dependency nock to v13.3.0 2023-01-10 21:36:44 +00:00
Daniel Lockyer
08b786af3b Bumped TryGhost-owned dependencies and lockfile
- this was all getting terribly behind so I've done several things:
  - majority of `@tryghost/*` except Lexical packages
  - gscan + knex-migrator to remove old `@tryghost/errors` usage
  - bumped lockfile
2023-01-02 20:55:22 +01:00
Rishabh Garg
2eac41b1f4
🐛 Fixed invalid email getting saved for members (#16021)
refs https://github.com/TryGhost/Team/issues/2235

We found some cases which can cause a site to have member emails that have invalid characters like `member@example.com�`. This happened due to the `validator` version used by Ghost not able to catch some specific cases as invalid email, allowing members to be created with them either via Admin or Importer or direct signup. Portal UI already blocked these email as invalid. This change:

- updates `@tryghost/validator` to include a latest version of email validator that catches these invalid cases
- doesn't allow member creation with invalid email like above
- doesn't allow existing member emails to be edited to invalid
2022-12-16 16:47:52 +05:30
Daniel Lockyer
6f4e663d74
Updated @tryghost dependencies (#16005)
- also includes `knex-migrator` with a simple `sqlite3` bump
2022-12-14 11:18:55 +07:00
renovate[bot]
13abcf6c9d
Update dependency mocha to v10.2.0 2022-12-12 13:20:22 +00:00
renovate[bot]
e48072e471 Update dependency bson-objectid to v2.0.4 2022-11-24 11:24:07 +07:00
Rishabh
d6af8fbb8f Cleaned up old member analytics services
refs https://github.com/TryGhost/Team/issues/2216

This change removes old analytics code which was added under `membersActivity` flag as an experimental alpha feature to test the first versions of member analytics, and is no longer active or in use.

This change removes the remaining services and its usage that were created to manage this version of analytics but is no longer active or maintained.

- removes `members-analytics-ingress` service that was used to ingest events from Portal in this experimental feature
- removes `member-analytics-service` service that managed the events from this experimental feature
- removes usages of the 2 services and their dependency in `members-api`
- removes `member-analytic-event` model as the corresponding table for it does not exist anymore and was dropped in 5.0
2022-11-14 10:44:10 +05:30
renovate[bot]
8fa9f1e7e6
Update Test & linting packages 2022-11-07 20:39:48 +00:00
Simon Backx
076e3c02b2
Added linking between member and subscription created events (#15693)
fixes https://github.com/TryGhost/Team/issues/2160

- Adds a `batch_id` to both events that contain the same ID if they were created at the same time.
- Removes duplicate signup/conversion events using the batch_id
- Requires an update in mongo-knex to work (refs https://ghost.slack.com/archives/C02G9E68C/p1666773313272409?thread_ts=1666767872.375009&cid=C02G9E68C)
- Some dependencies needed an update to load the latest mongo-knex
- Added tiers to membersUtils, loaded on startup (we can start to use this instead of fetching it every time)
2022-10-27 11:44:19 +02:00
renovate[bot]
603c78755d
Updated @tryghost dependencies (#15631)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-24 10:30:40 +07:00
renovate[bot]
e9587e02d0
Update dependency mocha to v10.1.0 2022-10-17 08:41:28 +00:00
renovate[bot]
6fc497743d
Updated @tryghost dependencies (#15479)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-12 10:16:05 +07:00
renovate[bot]
82441e943d Update dependency express to v4.18.2 2022-10-10 10:29:34 +07:00
renovate[bot]
0370dd258d
Update dependency body-parser to v1.20.1 2022-10-06 21:20:56 +00:00
renovate[bot]
2c2ee81adb
Update Test & linting packages 2022-10-05 00:36:08 +00:00
renovate[bot]
9eb3c84a23
Updated @tryghost dependencies (#15434)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-27 08:31:35 +07:00
renovate[bot]
225765241c
Updated @tryghost dependencies (#15404)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-19 12:09:33 +01:00
Daniel Lockyer
7a2f766668
Added logging configuration option for timestamps to use the local timezone
fixes https://github.com/TryGhost/Ghost/issues/15190
refs https://github.com/TryGhost/framework/pull/76

- log output always uses UTC timestamps, but it may be desirable to
  configure logs to use the local machine timezone
- a new config option has been added to `@tryghost/logging` so you can
  switch the logs to the local timezone
- this commit bumps the package and sets the default config option to
  `false`, so it doesn't suddenly change the timezone of the logs
- docs will be updated soon but if you'd like to use the
  timezone-altered timestamps, you can set `logging.useLocalTime` to
  `true`
- credits to https://github.com/levee223 for the implementation and PR
2022-08-31 10:29:55 +01:00
renovate[bot]
fce4b26601 Update dependency @types/jsonwebtoken to v8.5.9 2022-08-24 16:54:58 +02:00
Simon Backx
da24d13601
Added member attribution events and storage (#15243)
refs https://github.com/TryGhost/Team/issues/1808
refs https://github.com/TryGhost/Team/issues/1809
refs https://github.com/TryGhost/Team/issues/1820
refs https://github.com/TryGhost/Team/issues/1814

### Changes in `member-events` package

- Added MemberCreatedEvent (event, not model)
- Added SubscriptionCreatedEvent (event, not model) 

### Added `member-attribution` package (new)

- Added the AttributionBuilder class which is able to convert a url history to an attribution object (exposed as getAttribution on the service itself, which handles the dependencies)
```
[{
    "path": "/",
    "time": 123
}]
```
to
```
{
    "url": "/",
    "id": null,
    "type": "url"
}
```

- event handler listens for MemberCreatedEvent and SubscriptionCreatedEvent and creates the corresponding models in the database.

### Changes in `members-api` package

- Added urlHistory to `sendMagicLink` endpoint body + convert the urlHistory to an attribution object that is stored in the tokenData of the magic link (sent by Portal in this PR: https://github.com/TryGhost/Portal/pull/256).
- Added urlHistory to `createCheckoutSession` endpoint + convert the urlHistory to attribution keys that are saved in the Stripe Session metadata (sent by Portal in this PR: https://github.com/TryGhost/Portal/pull/256).

- Added attribution data property to member repository's create method (when a member is created)
- Dispatch MemberCreatedEvent with attribution

###  Changes in `members-stripe-service` package (`ghost/stripe`)

- Dispatch SubscriptionCreatedEvent in WebhookController on subscription checkout (with attribution from session metadata)
2022-08-18 17:38:42 +02:00