Commit Graph

211 Commits

Author SHA1 Message Date
Austin Burdine
144544e83d 🎨 fix admin and theme caching issues (#8058)
refs #7812, closes #7958

- fixes boolean logic wrt to theme cache value from config
- disable cache for admin assets in development
- only add asset hash in production
2017-03-02 18:18:21 +01:00
Katharina Irrgang
0b68458eb7 🎨 optimise requires for MigratorConfig (#8088)
no issue

- if knex-migrator loads the MigratorConfig too much stuff was required, which increases the memory usage
- i have deleted the IncorrectUsage errors for now, because this error should actually never appear
2017-03-02 16:02:23 +00:00
Katharina Irrgang
aa670fa8b4 Updates for alpha.13 (#8026)
* 🐛  delete client if auth url has changed

no issue

* 🎨  update default auth config

refs #7488
2017-02-18 17:23:35 +01:00
Hannah Wolfe
9bd50cb527 ⏱ Boot time visibility amends (#7984)
refs #2182

* ⏱ Add boot timer - improve visibility of boot time

I've been playing around with Ghost start times a lot recently.
Every time I do, I add a console.time output for boot, which is annoying.
This commit adds that change permanently. We can always revert later before shipping 1.0 😁

* ⏱ Add debug call before main requires

- this demonstrates that the majority of boot time is spent on requires
- had to rejig the var pattern because of the linter... 💩

* 🐷 💄 Special debug mode for config

- I ❤️  being able to output the config, but this is not useful when trying to debug / optimise timings.
- This change makes it so we can see how long it takes to do config work by default
- If we want to output config specifically, we do `DEBUG=ghost:*,ghost-config npm start`
- This also prevents nconf.get() from being called unnecessarily
2017-02-17 16:27:02 +01:00
Katharina Irrgang
d9e87aa793 🎨 updates for database configuration (#7975)
* 🎨  update configuration files: database

refs #7488

- no default database configuration
- production: default is MySQL

* 🎨  add transport stdout to production for now

refs #7488

- production will log to stdout and file for now
- to reduce the risk of confusing users
- users would not see any stdout and they don't know that Ghost logs into file only in production

* 🎨  sanitize database properties

refs #7488
2017-02-11 18:02:12 +00:00
Katharina Irrgang
3ed009ac7b feature: define redirects in a custom file (#7719) (#7945)
refs #7707

- be able to add a custom redirect file into the content folder
- define redirects as JSON format

The redirects feature is already present in the LTS branch.
I was not able to cherry-pick over, too many changes or conflicts.
Creating a PR to ensure 1. tests pass and 2. overview of code changes.
I had to add an example active theme to our test fixture utils, because otherwise Ghost will complain when forking Ghost.
2017-02-06 15:32:40 +01:00
Katharina Irrgang
f3d16352b1 🎨 😎 config env usages (#7929)
refs #7488

- remove all ugly env checks
- rather use config properties
- replace process.env.NODE_ENV by config.get('env')
2017-02-03 18:25:39 +00:00
Katharina Irrgang
a68592a6b9 🔥 remove forceAdminSSL and urlSSL, add admin url (#7937)
* 🔥  kill apiUrl helper, use urlFor helper instead

More consistency of creating urls.
Creates an easier ability to add config changes.

Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs.
The url util need's refactoring anyway.

* 🔥  urlSSL

Remove all urlSSL usages.
Add TODO's for the next commit to re-add logic for deleted logic.

e.g.

- cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available
- theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag)

The changes in this commit doesn't have to be right, but it helped going step by step.
The next commit is the more interesting one.

* 🔥    remove forceAdminSSL, add new admin url and adapt logic

I wanted to remove the forceAdminSSL as separate commit, but was hard to realise.
That's why both changes are in one commit:

1. remove forceAdminSSL
2. add admin.url option

- fix TODO's from last commits
- rewrite the ssl middleware!
- create some private helper functions in the url helper to realise the changes
- rename some wordings and functions e.g. base === blog (we have so much different wordings)
- i would like to do more, but this would end in a non readable PR
- this commit contains the most important changes to offer admin.url option

* 🤖  adapt tests

IMPORTANT
- all changes in the routing tests were needed, because each routing test did not start the ghost server
- they just required the ghost application, which resulted in a random server port
- having a random server port results in a redirect, caused by the ssl/redirect middleware

* 😎  rename check-ssl middleware

* 🎨  fix theme-handler because of master rebase
2017-02-03 18:13:22 +00:00
Katharina Irrgang
2a52af1d99 🔥 remove imageRelPath (#7927)
refs #7488

- remove imageRelPath
- instead add a static image prefix to the url helper
2017-02-03 14:42:05 +00:00
Katharina Irrgang
0201c431d7 🔥 do not store settings in config (#7924)
* 🎨  🔥  do not store settings in config and make settings cache easier available

- remove remembering settings value in theme config
- if we need a cache value, we are asking the settings cache directly
- instead of settings.getSettingSync we use settings.cache.get

- added TODO:
  - think about moving the settings cache out of api/settings
  - we could create a folder named cache cache/settings
  - this settings cache listens on model changes for settings
  - decoupling

* 🔥  remove timezone from config

- no need to store in overrides config and in defaults settings

* 🎨  context object helper

- replace config.get('theme') by settings cache

* 🎨  replace config.get('theme') by settings.cache.get

* 🎨  adapt tests

* fixes from comments
2017-02-03 13:15:11 +00:00
Katharina Irrgang
85c0913d70 🎨 config optimisations (#7921)
refs #7488

- rename file keys for config files, see https://github.com/TryGhost/Ghost/pull/7493/files
- add tests to avoid running into config hierarchy problems again
- overrides.json is the strongest!
- argv/env can override any default
- custom config can override defaults
- reorganise util functions for config again
2017-02-02 12:46:30 +00:00
Aileen Nowak
d2f2888da0 Favicon URI (#7700)
closes #7688

- Use `/favicon.ico` and `/favicon.png` in blog app. Depending on type of storage (custom upload = local file storage), serves either from storage adapter with `read()` method or reads the bytes via `fs`.
- Redirects requests for `favicon.ico` to `favicon.png` if custom `png` icon is uploaded and vice versa.
- Redirect requests for `favicon.png` to `favicon.ico` if default icon is used (in `core/shared`).
- Changes the `{{asset}}` helper for favicon to not serve from theme assets anymore. It will either be served the custom blog-icon or the default one.
- The `{{@blog.icon}}` helper renders the url of the **uploaded** blog icon. It won't render the default icon.
2017-01-26 18:01:19 +00:00
Aileen Nowak
5c94151e14 Blog icon validations (#7893)
refs #7688

Adds an `uploads/icon/` endpoint to the api route to get a seperate entry point for blog icon validations. The blog icon validation will specifically check for images which have icon extensions (`.ico` & `.png`) and throw errors if:

- the icon file size is too big (>100kb)
- the icon is not a squaer
- the icon size is smaller than 32px
- the icon size is larger than 1000px
- the icon is not `.ico` or `.png` extension

TODOs for this PR:
- [X] get image dimensions
- [X] validate for image
	- [X] size
	- [X] form (must be square)
	- [X] type
	- [X] dimenstion (min 32px and max 1,000px)
- [X] return appropriate error messages
- [X] write tests

--------------------

TODOs for #7688:
- [X] Figure out, which favicon should be used (uploaded or default) -> #7713
- [ ] Serve and redirect the favicon for any browser requests, incl. redirects -> #7700 [WIP]
- [X] Upload favicon via `general/settings` and implement basic admin validations -> TryGhost/Ghost-Admin#397
- [X] Build server side validations -> this PR
2017-01-26 10:01:52 +01:00
Aileen Nowak
ca521e234f 🐷 Rename 'favicon' to 'icon' (#7888)
refs TryGhost/Ghost#7688

Just renames `favicon` to `icon` as our usage for it will not be for favicon purposes only.
2017-01-25 11:02:02 +01:00
Aileen Nowak
7cb57bff3d Find favicon in Ghost (#7713)
refs #7688

Adds logic in theme settings api to either serve an uploaded favicon and give it the type `upload` or use the default settings `default`, which will serve the favicon from our shared directory.

TODOs for #7688:
- [X] Figure out, which favicon should be used (uploaded or default) -> this PR
- [ ] Serve and redirect the favicon for any browser requests, incl. redirects
- [ ] Upload favicon via `general/settings` and implement basic admin validations -> [WIP] TryGhost/Ghost-Admin#397
- [ ] Built server side validations
2017-01-23 10:13:52 +01:00
David Wolfe
68af2145a1 Replace memory spam prevention with brute-express (#7579)
no issue

- removes count from user checks model
- uses brute express brute with brute-knex adaptor to store persisted data on spam prevention
- implement brute force protection for password/token exchange, password resets and private blogging
2016-11-08 12:33:19 +01:00
Katharina Irrgang
0e13ef8767 🎨 logging improvements (#7597)
* 🎨  rotation config
  - every parameter is configureable
  - increase default number of files to 100
* 🎨  ghost.log location
  - example: content/logs/http___my_ghost_blog_com_ghost.log
  - user can change the path to something custom by setting logging.path
* 🛠   add response-time as dependency
* 🎨  readable PrettyStream
  - tidy up
  - generic handling (was important to support more use cases, for example: logging.info({ anyKey: anyValue }))
  - common log format
  - less code 🕵🏻
* 🎨  GhostLogger cleanup
  - remove setLoggers -> this function had too much of redundant code
  - instead: add smart this.log function
  - remove logging.request (---> GhostLogger just forwards the values, it doesn't matter if that is a request or not a request)
  - make .warn .debug .info .error small and smart
* 🎨  app.js: add response time as middleware and remove logging.request
* 🎨  setStdoutStream and setFileStream
  - redesign GhostLogger to add CustomLoggers very easily

----> Example CustomLogger

function CustomLogger(options) {
  // Base iterates over defined transports
  // EXAMPLE: ['stdout', 'elasticsearch']
  Base.call(this, options);
}
util.inherits(...);

// OVERRIDE default stdout stream and your own!!!
CustomLogger.prototype.setStdoutStream = function() {}

// add a new stream
// get's called automatically when transport elasticsearch is defined
CustomLogger.prototype.setElasticsearchStream = function() {}

* 🎨  log into multiple file by default
  - content/logs/domain.error.log --> contains only the errors
  - content/logs/domain.log --> contains everything
  - rotation for both files
* 🔥  remove logging.debug and use npm debug only
*   shortcuts for mode and level
* 🎨  jshint/jscs
* 🎨  stdout as much as possible for an error
* 🎨  fix tests
* 🎨  remove req.ip from log output, remove response-time dependency
* 🎨  create middleware for logging
  - added TODO to move logging middleware to ignition
2016-10-25 12:17:43 +01:00
Katharina Irrgang
fd0a08ae8c 🎨 make sqlite filename absolute (#7585)
no issue

- add tests for makePathsAbsolute
- add support for windows paths

When Ghost-CLI inits the database of the current GhostVersion (in /current), then it uses knex-migrator to do that.
Knex migrator is reading the .knex-migrator file of the current Ghost version. This returns a relative path to the database location.
The problem: knex-migrator will init the database in the root folder of Ghost-CLI /content/data instead of /current/content . And when you start Ghost (ghost start), it always complains that
that database is not initialised, because it expects the database in /current/content...

* 🎨  move config_spec to config/index_spec
- add one more test case
2016-10-18 09:04:44 +01:00
Katharina Irrgang
8d8d7bdb26 knex migrator (#7565)
refs #7489
- remove sephiroth
- use knex migrator npm
- goodbye bootup script
- 🎨  update README
- 🎨  knex migrator @ 0.0.2
2016-10-17 13:50:29 +01:00
Hannah Wolfe
59e2694acf Misc Middleware cleanup (#7526)
* 💄 Combine slashes & uncapitalise middleware

- these bits of middleware belong together
- ideally they should be optimised

* 🎨 Move ghostLocals out of themeHandler

GhostLocals sets several important values which are needed for every part of the application,
admin, api and theme. Therefore, it doesn't make sense for it to be bundled in the themeHandler.

* 🐛 Fix the uncapitalise middleware

- Updated to make correct use of req.baseUrl, req.path, req.url & req.originalUrl
- Updated the tests to actually cover our weird cases

* 🎨 Move ghostVersion logic out of config

* 💄 Group static / asset-related middleware together

* 🔥 Remove /shared/ asset handling

- The 5 files which are located in `/shared/` are all handled by individual calls to `serveSharedFile`
- Therefore this code is redundant
2016-10-10 21:14:32 +02:00
Katharina Irrgang
637d177cac 🎨 operate on separate nconf instance (#7528)
refs #7488

- if multiple projects use nconf, they all operate on the same cached nconf instance
- that can cause trouble
2016-10-10 13:04:00 +01:00
Sebastian Gierlinger
8370aa51a8 nconf separator (#7518)
refs #7488 

If you want to set properties for our configuration values using
environment variables on the command line, Linux and MacOS return an
invalid identifier error.

```
$ export database:connection:host=127.0.0.1
-bash: export: `database:connection:host=127.0.0.1': not a valid
identifier
```

According to the nconf documentation a custom separator can be set. The
docs suggest `'__'` which this PR adds.
2016-10-10 11:43:17 +02:00
Katharina Irrgang
d81bc91bd2 Error creation (#7477)
refs #7116, refs #2001

- Changes the way Ghost errors are implemented to benefit from proper inheritance
- Moves all error definitions into a single file
- Changes the error constructor to take an options object, rather than needing the arguments to be passed in the correct order.
- Provides a wrapper so that any errors that haven't already been converted to GhostErrors get converted before they are displayed.

Summary of changes:

* 🐛  set NODE_ENV in config handler
*   add GhostError implementation (core/server/errors.js)
  - register all errors in one file
  - inheritance from GhostError
  - option pattern
* 🔥  remove all error files
*   wrap all errors into GhostError in case of HTTP
* 🎨  adaptions
  - option pattern for errors
  - use GhostError when needed
* 🎨  revert debug deletion and add TODO for error id's
2016-10-06 13:27:35 +01:00
Katharina Irrgang
bb07096b9d 🐛 argv config overrides (#7493)
refs #7492

- this is just a temporary solution
2016-10-05 15:55:39 +01:00
Katharina Irrgang
1882278b5b 🎨 configurable logging with bunyan (#7431)
- 🛠  add bunyan and prettyjson, remove morgan

-   add logging module
  - GhostLogger class that handles setup of bunyan
  - PrettyStream for stdout

-   config for logging
  - @TODO: testing level fatal?

-   log each request via GhostLogger (express middleware)
  - @TODO: add errors to output

- 🔥  remove errors.updateActiveTheme
  - we can read the value from config

- 🔥  remove 15 helper functions in core/server/errors/index.js
  - all these functions get replaced by modules:
    1. logging
    2. error middleware handling for html/json
    3. error creation (which will be part of PR #7477)

-   add express error handler for html/json
  - one true error handler for express responses
  - contains still some TODO's, but they are not high priority for first implementation/integration
  - this middleware only takes responsibility of either rendering html responses or return json error responses

- 🎨  use new express error handler in middleware/index
  - 404 and 500 handling

- 🎨  return error instead of error message in permissions/index.js
  - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error

- 🎨  wrap serve static module
  - rule: if you call a module/unit, you should always wrap this error
  - it's always the same rule
  - so the caller never has to worry about what comes back
  - it's always a clear error instance
  - in this case: we return our notfounderror if serve static does not find the resource
  - this avoid having checks everywhere

- 🎨  replace usages of errors/index.js functions and adapt tests
  - use logging.error, logging.warn
  - make tests green
  - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically

- 🐛  return errorDetails to Ghost-Admin
  - errorDetails is used for Theme error handling

- 🎨  use 500er error for theme is missing error in theme-handler

- 🎨  extend file rotation to 1w
2016-10-04 16:33:43 +01:00
Hannah Wolfe
e40290af5d 🎨 Use GhostAuth name and example emails (#7475)
refs #7452

- remove references to 'patronus' in favour of GhostAuth, Note: this will require databases to be deleted ;)
- remove email addresses from test data
2016-10-03 15:11:43 +01:00
Katharina Irrgang
6473c9e858 Ghost OAuth (#7451)
issue #7452

Remote oauth2 authentication with Ghost.org.

This PR supports:

- oauth2 login or local login
- authentication on blog setup
- authentication on invite
- normal authentication
- does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 12:45:59 +01:00
Katharina Irrgang
32a5982430 utf8mb4 support (#7409)
closes #5519, closes #6197

- default encoding is utf8mb4 instead of utf8
- support emojis
- read here why: http://dev.mysql.com/doc/refman/5.7/en/innodb-restrictions.html
- read here why: https://dev.mysql.com/doc/refman/5.5/en/charset-unicode-conversion.html
2016-09-20 15:59:34 +01:00
kirrg001
8115d83782 🔥 remove postgres support
refs #1333, refs #5878, refs #5321
2016-09-20 15:59:34 +01:00
kirrg001
6a97873f98 🎨 🔦 refactor content paths (images, apps, themes, storage, scheduling)
refs #6982
- create config util fn: getContentPath
- we can later let the user change the folder names in contentPath
- get rid of custom/default storage paths

[ci skip]
2016-09-20 15:59:34 +01:00
kirrg001
042e0da1c9 🎨 🔦 read ghost version from package.json
refs #6982
[ci skip]
2016-09-20 15:59:34 +01:00
kirrg001
0ae0a0b490 🎨 change how we get and set config
refs #6982
- a replace for all config usages
- always use config.get or config.set
- this a pure replacement, no logic has changed

[ci skip]
2016-09-20 15:59:34 +01:00
kirrg001
7d3e8fa8a9 🔦 add nconf files
refs #6982
- add defaults.json
- add overrides.json
- add env specific default values
- add nconf wrapper in /config
- add config utils in /config/utils.js

[ci skip]
2016-09-20 15:59:34 +01:00
kirrg001
96203a46dc 🔥 remove config.example.js and ConfigManager
refs #6982
[ci skip]
2016-09-20 15:59:34 +01:00
kirrg001
0b2940d587 🎨 add getSubdir and getProtectedSlugs
refs #6982

- do not add the subdir property as static config value
- create functions to read subdir and protected slugs on runtime
2016-09-20 15:59:34 +01:00
Katharina Irrgang
c8119eee1f 🎨 source out url utils from ConfigManager (#7347)
refs #6982
2016-09-20 15:59:34 +01:00
Katharina Irrgang
dc1ef35f0c 🎨 do not load apps in ConfigManager (#7344)
refs #6982
2016-09-20 15:59:34 +01:00
Katharina Irrgang
a639e48715 🎨 load themes not in ConfigManager (#7342)
refs #6982
2016-09-20 15:59:34 +01:00
Katharina Irrgang
265f058466 🎨 use apiUrl helper for scheduling initialisation (#7400)
no issue
- extend apiUrl to return either an admin url for CORS or not
2016-09-19 14:41:50 +01:00
Austin Burdine
2b07f7a15b Add application/octet-stream to allowed types for theme uploads (#7382)
closes #7292 (again)
- fix more uploads
2016-09-14 17:53:36 +01:00
Austin Burdine
7854b65848 fix subscriber uploads from windows (#7306)
no issue
- allow 'application/octet-stream' as a valid content type for an
  uploaded subscriber csv
2016-09-01 12:43:50 +02:00
Austin Burdine
c8bc1b0d3c allow windows flavor of zip mime type to be uploaded (#7293)
refs #7292
- add 'application/x-zip-compressed' to allowed mime types for import
  and theme upload
2016-09-01 08:49:54 +02:00
Aileen Nowak
587337aab3 🐛 Allow .zip file upload for file import (#7278)
closes #7277

Adds `.zip` to `extensions` and `application/zip` to `contentTypes` in config, specificly for uploads to `db`, to allow .zip-file file uploads from labs.
2016-08-29 09:19:49 +02:00
Katharina Irrgang
a91e54cf1a feature: theme upload/download/delete (#7209)
refs #7204

- added 3 new themes permissions
- change core/client
- add theme upload/download logic
- extended local file storage to serve zips
- added gscan dependency
- add ability to handle the express response within the api layer
- restrict theme upload to local file storage
- added 007 migration
2016-08-23 13:07:25 +01:00
Katharina Irrgang
41ae8c03b9 feature: storage adapter for images and themes (#7241)
refs #2852
- we offer the option to define a storage for themes and a storage for images
2016-08-22 18:55:28 +01:00
Aileen Nowak
a5c29dfc34 [FEATURE] AMP (#7229)
closes #6588, #7095

* `ImageObject` with image dimensions (#7152, #7151, #7153)
- Returns meta data as promise
    - returns a new Promise from meta data
    - uses `Promise.props()` to resolve `getClient()` and `getMetaData()`

- Adds 'image-size' util
The util returns an object like this
```
{
    height: 50,
    url: 'http://myblog.com/images/cat.jpg',
    width: 50
};
```
if the dimensions can be fetched and rejects with error, if not.
In case we get a locally stored image or a not complete url (like `//www.gravatar.com/andsoon`), we add the protocol to the incomplete one and use `urlFor()` to get the absolute URL. If the request fails or `image-size` is not able to read the file, we reject with error.
- adds 'image-size' module to dependencies
- adds `getImageSizeFromUrl` function that returns image dimensions

- In preparation of AMP support and to improve our schema.org JSON-LD and structured data, I made the following changes:
    - Changes the following properties to be `Objects`, which have a `url` property by default and a `dimensions` property, if `width` and `height` are available:
        - `metaData.coverImage`
        - `metaData.authorImage`
        - `metaData.blog.logo`
    - Checks cache by calling `getCachedImageSizeFromUrl`. If image dimensions were fetched already, returns them from cache instead of fetching them again.
    - If we have image dimensions on hand, the output in our JSON-LD changes from normal urls to be full `ImageObjects`. Applies to all images and logos.
    - Special case for `publisher.logo` as it has size restrictions: if the image doesn't fulfil the restrictions (<=600 width and <=60 height), we simply output the url instead, so like before.
    - Adds new property for schema.org JSON-LD: `mainEntityOfPage` as an Object.
    - Adds additional Open Graph data (if we have the image size): `og:image:width` and `og:image:height`
    - Adds/updates tests

* AMP router and controller (#7171, #7157)
Implements AMP in `/apps/`:
- renders `amp.hbs` if route is `/:slug/amp/`
- updates `setResponseContext` to set context to `['amp', 'post']` for a amp post and `['amp', 'page']` for a page, but will not render amp template for a page
- updates `context_spec`
- registers 'amp' as new internal app
- adds the `amp.hbs` template to `core/server/apps/amp` which will be the default template for AMP posts.
- adds `isAmpURL` to `post-lookup`

* 🎨 Use `context` in meta as array (#7205)
Instead of reading the first value of the context array, we're checking if it includes certain context values.
This is a preparation change for AMP, where the context will be delivered as `['amp', 'post']`.

*  AMP helpers (#7174, #7216, #7215, #7223)
- Adds AMP helpers `{{amp_content}}`, `{{amp_component}}` and  `{{amp_ghost_head}}` to support AMP:
- `{{amp_content}}`:
    - Adds `Amperize` as dependency
    - AMP app uses new helper `{{amp_content}}` to render AMP HTML
    - `Amperize` transforms regular HTML into AMP HTML
    - Adds test for `{{amp_content}}` helper
    - Adds 'Sanitize-HTML` as dependendy
    - After the HTML get 'amperized' we still might have some HTML tags, which are prohibited in AMP HTML, so we use `sanitize-html` to remove those. With every update, `Amperize` gets and it is able to transform more HTML tags, they valid AMP HTML tags (e. g. `video` and `amp-video`) and will therefore not be removed.
- `{{amp_ghost_head}}`:
    - registers `{{amp_ghost_head}}` helper, but uses `{{ghost_head}}` code
    - uses `{{amp_ghost_head}}` in `amp.hbs` instead of `{{ghost_head}}`
- `{{ghost_head}}`:
    - Render `amphtml` link in metadata for post, which links to the amp post (`getAmpUrl`)
    - Updates all test in metadata to support `amp` context
    - Changes context conditionals to work with full array instead of first array value
    - Adds conditionals, so no additional javascript gets rendered in `{{ghost_head}}`
    - Removes trailing `/amp/` in URLs, so only `amphtml` link on regular post renders it
    - Adds a conditional, so no code injection will be included, for an `amp` context.
- `{{amp_components}}`:
    - AMP app uses new helper `{{amp_components}}` to render necessary script tags for AMP extended components as `amp-iframe`, `amp-anime` and `amp-form`
    - Adds test for `{{amp_components}}`
2016-08-22 18:49:27 +02:00
Aileen Nowak
2875f5a9bc 🐛 config.theme.timezone must not be overwritten (#7232)
closes #7182

When calling `config.set()` in the settings api, we want to set the active timezone of the blog to make it available in our `settingsCache`. But because the `theme` object in the `set` prototype was already set to `Etc/UTC` as default, the `_.merge` function would always overwrite our `activeTimezone` with the default value.

This PR changes the code in the way, that we always set 'Etc/UTC' for the timezone as default, _until_ we fetched our settings and therefore the `activeTimezone` setting, so we can overwrite it.

This issue had not only influence on the date helper, but everywhere in our codebase, where we rely on reading the `timezone` from our config, instead of our settings. The `{{@blog.timezone}}` helper reflected that quiet well, as it would always show `Etc/UTC`
2016-08-22 17:56:35 +02:00
Katharina Irrgang
663b410fd4 feature: upload validation middleware (#7208)
no issue

- Source out validation logic into a upload validation middleware for all upload types (csv, image, subscribers). This unit can be later used for Ghost 1.0 as a pre validation core unit. 
- More usage of route tests than controller tests. These are use case tests, a use case only changes if the product changes
2016-08-18 20:25:51 +01:00
Lukas Strassel
9d1848ce5c Allow usage of blogurl:port inside of navigation (#6998)
closes #6893

- modified logic to allow urls in form of domain:port to be referenced in navigation
- added a test a domain:port link
2016-07-21 14:05:13 +01:00
Katharina Irrgang
748c664b78 feature: maintenance mode (#7019)
closes #6976
- add maintenance mode when running migrations
- refactor update/populate migrations
2016-07-15 17:22:41 +01:00
Lukas Strassel
9222577c27 allow multiple subdirectories (#7062)
refs #6958 (first task of it)
-includes additional tests
-Instead of removing all slashes "/g" we now specifically remove leading and trailing slashes.
2016-07-15 12:35:39 +02:00
kirrg001
507677f071 fix: url for post path when post is not published
closes #6999
2016-06-20 14:48:01 +02:00
kirrg001
b5ebd0200b post-scheduling: flat config for scheduling 2016-06-14 15:13:00 +02:00
“kirrg001”
1421c92ba5 post-scheduling
refs #6413
- PUT endpoint to publish a post/page for the scheduler
- fn endpoint to get all scheduled posts (with from/to query params) for the scheduler
- hardcoded permission handling for scheduler client
- fix event bug: unscheduled
- basic structure for scheduling
- post scheduling basics
- offer easy option to change adapter
- integrate the default scheduler adapter
- update scheduled posts when blog TZ changes
- safety check before scheduler can publish a post (not allowed to publish in the future or past)
- add force flag to allow publishing in the past
- invalidate cache header for /schedules/posts/:id
2016-06-14 10:52:13 +02:00
kirrg001
7d5baf4e9a fix: put default timezone into config
no issue
- config.theme.timezone can be undefined, when settings are not loaded from the database
- this PR will define the default blog TZ in config
- use `Etc/UTC` as default instead of `Europe/Dublin`
2016-06-13 15:02:52 +02:00
Hannah Wolfe
eeb41a8976 Merge pull request #6945 from sakulstra/bugfix-url-on-external-page
Allow domain name to be referenced on an external page in the navigation
2016-06-10 18:20:15 +01:00
Lukas Strassel
696a06fa00 Allow domain name to be referenced on an external page in the navigation.
closes #6939
- added a test for the specific issue
- modified the url generation to allow the url in an external pages slug
2016-06-09 15:28:58 +02:00
Ethan Garofolo
b3c88b8c14 Fixes #6935 - Let Bluebird know Promise is not runaway 2016-06-08 07:47:45 -06:00
kirrg001
ff132fd934 timezones: support permalinks based on current timezone
issue #6406
- redirect date permalink if timezone changed
- create permalinks based on blog TZ
- post-lookup fn is now more generic
2016-05-20 18:14:19 +02:00
Sebastian Gierlinger
01ae7ae49f Subscribers: Model, API & CSV import/export
- subscriber model
- subscriber app updates
- subscriber end points
- import/export CSV
- added headers to export file
- added dynamic email field detection for import
- returns stats object after CSV import
- mask error message from DB
2016-05-11 10:28:10 +02:00
Terin Stock
7bbfc37df6 automatically insert Link rel="preload" headers 2016-04-26 14:07:36 -07:00
Hannah Wolfe
c5eda57f1e Minor internal apps improvements
refs #6589

- add internalAppsPath as a proper config path
- middleware/routes will be setup for any internal apps which have the function
- this should be refactored into some sort of proper hooks system as part of apps
- internal apps get permission to do anything the proxy allows
2016-04-14 19:05:48 +01:00
Austin Burdine
1181707a9d move private-blogging functionality into an internal app
closes #5914, #6589
- moves all private-blogging related code & tests into /server/apps/private-blogging/
- rework Grunt to run private-blogging tests
- modify server apps code to have a place for internal apps
2016-04-11 08:58:41 -05:00
Hannah Wolfe
2386a69f9d Always override database config + exit tests on error
refs #6354, #6495 & #6599

- don't allow config.database to be merged, instead, override it always
- make sure that route tests call done even when they error
2016-03-14 15:39:59 +00:00
Hannah Wolfe
9309adc511 Exporter cleanup & tests
refs #6301

- change knex getter def to be configurable, else it is not testable
- remove exportPath and lang from config - neither are used
- add client_trusted_domains to tables which shouldn't be exported as there are no clients in the export
- change export signature to be an object with `doExport` function consistent with import & easier to test
- cleanup export code so it is clearer, easier to read & to test:
  - use mapSeries instead of sequence
  - use Promise.props instead of Promise.join
  - split functionality into smaller functions
- add test coverage
2016-03-12 19:01:25 +00:00
Hannah Wolfe
1c85650108 Move db connection out of config
refs #5047

- database connections are not configuration
2016-02-12 13:56:23 +00:00
Hannah Wolfe
c549914ae8 Merge pull request #6316 from halfdan/5606-subdir
Make regex for subfolder deduplication more restrictive
2016-01-20 20:09:29 +00:00
Hannah Wolfe
4a7a19c86a Merge pull request #6070 from kevinkucharczyk/harvesting-server-side-strings
Harvest server side strings
2016-01-12 20:04:53 +00:00
JT Turner
e4c52a6915 Fix urlFor to handle secure correctly
issue #6270
- Exposed getBaseUrl on the config class.
- Fix formatting config index as array was more then 140 characters long.
- Updated getBaseUrl to handle secure by replacing http with https if true.
- Fixed ghost_head helper to output canonical base url no https.
- Fixed ghost_head helper to set secure correctly for the rss link.
- Fixed navigation helper to pass secure in each nav item, so that urlFor can u$
- Fixed {{url}} to pass secure correctly to config.urlFor.
- Fixed test to use urlSSL over https besides for canonical.
- Add tests for {{url}} and to make sure they output https for absolute and secure.
- Update twitter and og url to use the canonical url.
2016-01-11 19:40:30 -08:00
Fabian Becker
c8e30f0182 Make regex for subfolder deduplication more restrictive
- Add subdir to protected slugs
- Fix regex for subfolder deduplication

fixes #5605
2016-01-11 12:46:59 +01:00
rfpe
7abcc43907 Harvest server side strings
closes #5617
- Replace all hard-coded server-side strings with i18n translations
2015-12-19 12:12:16 +01:00
Hannah Wolfe
9eadeb9fbb Prep shared API URL util for use on external sites
refs #5942, #6150

There were a few key problems I was looking to solve with this:

- Introduce a single point of truth for what the URL for accessing the API should be
- Provide a simple way to configure the utility (much like a true SDK)

As of this commit, this utility is still automatically available in a Ghost theme.
To use it on an external site, the code would look like:

```
<script type="text/javascript" src="http://my-ghost-blog.com/shared/ghost-url.min.js"></script>
<script type="text/javascript">
ghost.init({
   clientId: "<your-client-id>",
   clientSecret: "<your-client-secret>"
});
</script>
```

To achieve this, there have been a number of changes:

- A new `apiUrl` function has been added to config, which calculates the correct URL. This needs to be unified with the other url generation functions as a separate piece of work.
- The serveSharedFile middleware has been updated, so that it can serve files from / or /shared and to substitute `{{api-url}}` as it does `{{blog-url}}`.
- ghost-url.js and ghost-url.min.js have been updated to be served via the serveSharedFile middleware
- ghost-url.js has been changed slightly, to take the url from an inline variable which is substituted the first time it is served
- `{{ghost_head}}` has been updated, removing the api url handling which is now in config/url.js and removing the configuration of the utility in favour of calling `init()` after the script is required
- `{{ghost_head}}` has also had the meta tags for client id and secret removed
- tests have been updated
2015-12-15 11:50:46 +00:00
Hannah Wolfe
bc97de5fe9 Unify usage of config in unit tests
no issue

- provide a single point for accessing config in unit tests
- create a single way to set and restore config
- ensure that restore deletes top level optional keys that are now undefined
- use this._config in check deprecations, otherwise the config gets cached
- solves issues with interdependent tests
2015-12-15 10:48:24 +00:00
Hannah Wolfe
e84b7f3217 Cache permalinks & postsPerPage on config.theme
no issue

- Cache the permalinks & postsPerPage settings on the config.theme object
- Use the config.theme cache to reference these items throughout the frontend of a blog
- Removes the need for workarounds and extra code to handle async fetches
- Makes these values accessible to all themes, which is very useful now we have the API stuff
2015-12-15 08:16:53 +00:00
vdemedes
05f44c4c64 Add readThemes() utility to get a list of themes
refs #5923
- add read-themes module to get a list of themes
- replace readDirectory() usage with readThemes(), where only themes are needed
- test read-themes
- test read-directory
- test validate-themes
- test parse-package-json
- add tempfile testing utility to generate temporary paths
2015-10-13 15:54:41 +02:00
vdemedes
20fec74c73 Refactor require-tree and split it into models
closes #5492
- remove core/server/require-tree.js and split it into modules
- add read-directory module to recursively read directories
- add validate-themes module to scan themes and return errors/warnings
- add parse-package-json module to parse json and validate requirements
- rewrite core/server/models/index.js to manually require models
2015-10-12 17:48:37 +02:00
Sebastian Gierlinger
bfefbabfdc Merge pull request #5931 from ErisDS/issue-5905-context
Fix /author/ pages crashing & permit /tag/
2015-10-12 10:35:37 +02:00
Hannah Wolfe
26231d5bd3 Fix /author/ pages crashing & permit /tag/
fixes #5905

- update context patterns to correctly match author & tag pages
- remove 'tag' and 'tags' from reserved slugs - we'll handle this in terms of overrides in future
2015-10-10 14:52:23 +01:00
Hannah Wolfe
20c192557d Test support for various URL schemes
refs #5801
2015-09-27 10:31:49 +01:00
Kevin Ansfield
621b633079 Fix front-end URL output for more URL schemes
- allows direct pass-through of protocol-relative (`//host`), alternate-scheme (`tel:`), and anchor-only urls (`#contact`)
2015-09-25 22:58:37 +01:00
Fabian Becker
0309b5aa46 Fix urlFor to preserve mailto:
fixes #5561
2015-07-18 03:45:06 +02:00
John O'Mahoney
5fd9d3567f Improve Ghost starup checks and errors
closes #5358
- Moved node version check and exits if not supported
- Removed upgrade warning from `ghost-server.js`
- Perform a check for NODE_ENV, uses `config.example.js` if none apparent
2015-06-23 18:04:37 +01:00
Hannah Wolfe
2700bfa4cc Refactor URL builder
refs #1833

- Refactor url generation to use a base urlJoin method
- urlJoin handles slash de-duping and subdir de-duping
- fixes sitemap xml option
2015-06-02 21:50:17 +01:00
Hannah Wolfe
06959661c0 Misc grunt /dev updates
- Updated all dev dependencies in the root package.json
- Added `--colors` to mocha when called from grunt test:... so that works better
- Removed non-unit tests from coverage, because they're just not useful
- Updated docker config to generate useful docs again - as a statement of intent, I also updated docs in key files
- Setup grunt watch-docs task for documentation writing easyness
2015-05-28 20:25:14 +01:00
Hannah Wolfe
da8752cc88 Merge pull request #5290 from josephwegner/chalk-colors-swap
replace colors with chalk everywhere
2015-05-21 16:28:41 +01:00
Joe Wegner
f26179ae6a replace colors with chalk everywhere
issue #5259
- removes the colors dependency
- adds in chalk dependency, and migrates everything to use that
- reduces some specs now that the log calls are cleaner
2015-05-19 11:07:40 -05:00
Hannah Wolfe
c3dda5e5c4 Theming updates for password protection
refs #4993, #5073

- Removed nonexistent helpers siteDescription and bodyClass from admin templates
- Changed password.hbs to private.hbs to match the route name
- added a new input_password helper for rendering the password input with the correct properties
- removed the forward input as this can be handled via urls only
- moved 'private' to routeKeywords
- added 'private' context
- minor update to text next to the password in settings
2015-05-13 19:48:24 +01:00
Austin Burdine
2865662ee5 added password protection
closes #4993
- brings password protection to the frontend of blogs
- adds testing for password protection
- upgrades bcrypt-js to 2.1.0
2015-04-30 23:44:43 -05:00
Matt Enlow
433956c102 Add post preview via uuid (/p/:uuid)
Refs #5097

- All drafts will show a preview link (this needs real css)
- Published posts will redirect
- prev/next post helpers only activate on published posts
- Powered by ~10 pints between the two of us (@ErisDS, @novaugust)
2015-04-30 11:57:37 +01:00
Hannah Wolfe
8d1e729f30 RSS Refactor with cache
refs #5091, refs #2263

- Move rss handling out of the frontend controller and into its own module
- Separate the code into logical blocks
- Wrap the generation code in a in-memory cache to prevent it being regenerated on every request
2015-04-10 21:32:14 +01:00
Hannah Wolfe
cb2f0c5dee Merge pull request #5056 from ianlopshire/master
url helper breaks subdomains
2015-04-02 22:08:23 +01:00
Katie Fenn
980b0a8610 Refactoring hard-coded frontend route keywords
closes #4519

- Added configurable route keywords
- Replaced instances of hard-coded keywords with config
- Added keywords to frontend tests stub config
2015-03-23 15:00:02 +00:00
Ian Lopshire
e74a329b8a Navigation menu support for subdomains of blog url
Closes #5033
- Added unit tests for the nav context of urlFor
- Fixed issue in the nav context of urlFor where subdomains of blog url were truncated
- Fixed issue in the nav context of urlFor where there was sometimes an extra preceding /
2015-03-22 00:40:55 -05:00
Hannah Wolfe
6cd696b332 Merge pull request #4820 from phated/file-storage
File storage
2015-03-20 08:55:19 +00:00
Blaine Bublitz
5c640e95f5 Initial implementation for custom storage engines
closes #4600
- implemented as suggested in #4600
- loads a custom storage defined in config from the /content/storage directory
2015-03-19 22:34:01 -07:00
Matt Enlow
61b86bf821 Merge pull request #5027 from felixrieseberg/iss4847
Replace fs.exists (deprecated) with fs.stat
2015-03-19 10:47:01 -06:00
Felix Rieseberg
0484eee6a5 Replace fs.exists (deprecated) with fs.stat
Closes #4847

- Replaces the deprecated fs.exists() with fs.stat(), in accordance with iojs & node.
2015-03-17 11:49:43 -07:00
Pascal Borreli
13838fff9d Fixed typos 2015-03-17 17:43:53 +00:00
Matt Enlow
58635b3e0a Serve files to core/built/assets/
- see core/client/lib/assets-delivery/index.js for how this is done
- Turn off ember-cli fingerprinting
- ember-cli 0.2.0; Update .npmignore
- Fallback to old version of ember-cli-sass due to lib-sass errors
- Keep ember-data at beta-14.1 until we find the dep that's breaking on snapshot.attr
- Fix release task to ignore blank lines in .npmignore
2015-03-12 15:59:02 -06:00
Matt Enlow
388a8dd3f0 Build assets with ember, and serve with ghost 2015-03-11 12:37:41 -06:00