Commit Graph

520 Commits

Author SHA1 Message Date
Naz
1cc38733ba Added Media and Files APIs to API key allowlist
refs https://github.com/TryGhost/Toolbox/issues/219

- These two APIs similarly to Images API should be accessible by the Admin-API SDK. Opens up a way to write custom scripts uploading files and media
2022-03-02 16:33:56 +07:00
Fabien 'egg' O'Carroll
694721cbea
Added /tiers API to Admin API (#14200)
refs https://github.com/TryGhost/Team/issues/1313

Rather than removing the /products API we're adding a /tiers API as
a first step towards renaming "products" to "tiers". The initial idea was
to alias the URL's but out API framework doesn't easily allow for this so
we've duplicated it instead.
2022-02-23 17:00:18 +02:00
Fabien 'egg' O'Carroll
a565da06b2
🐛 Fixed Offer Redemptions being over counted (#13988)
refs https://github.com/TryGhost/Team/issues/1257

Offer Redemptions were being overcounted due to the way we were updating
Stripe configuration for the Members service. We would create a new
instance of the members-api, which would have event handlers for
creating Offer Redemptions - by creating a new instance each time Stripe
config changed, we would overcount them.

Here we've pulled out Stripe related logic into the Stripe service, and
updated it internally - rather than creating a new instance. This means
that we've been able to remove all of the logic for re-instantiating the
members-api.

- Bumped members-api & stripe-service
- Removed reinstantiation of members-api
- Used stripe service to execute migrations
- Updated Stripe Service to handle webhooks & migrations
- Used webhook controller from stripe service
- Used disconnect method from stripe service
- Removed unused stripe dependency
- Removed Stripe webhook config from members-api
2022-01-18 17:56:47 +02:00
Fabien "egg" O'Carroll
5d8f491823 Updated caching policy for /members/api/site
refs https://github.com/TryGhost/Team/issues/1240

As this endpoint is hit on every page load when Portal is enabled, it
can cause a lot of traffic to Ghost. The data does not change very
frequently so we've added a 30s cache policy to alleviate load on servers.
2022-01-14 14:04:23 +02:00
Fabien "egg" O'Carroll
76b33b6e77 Added JSDoc to cache control middleware
no-issue
2022-01-14 14:04:23 +02:00
Kevin Ansfield
9b210f9add Fixed linter error
refs https://github.com/TryGhost/Team/issues/1258

- all uses of `labs` service in canary routes have been removed but the require had been left in place
2022-01-04 15:26:17 +00:00
Kevin Ansfield
0de2c7e261 Removed filesAPI GA labs flag
refs https://github.com/TryGhost/Team/issues/1258

- files API is GA so labs flag and conditional access to files API routes is no longer necessary
2022-01-04 14:56:07 +00:00
Kevin Ansfield
2773e82e3e Removed mediaAPI GA labs flag
refs https://github.com/TryGhost/Team/issues/1258

- media API is GA so labs flag and conditional access to media API routes is no longer necessary
2022-01-04 13:11:23 +00:00
Kevin Ansfield
cabf78e938 Cleaned up customThemeSettings labs flag
closes https://github.com/TryGhost/Team/issues/1164

- `customThemeSettings` feature is GA so any conditionals can be cleaned up
- removed conditional loading of custom theme settings and associated API routes
- removed event trigger for reloading custom theme settings when the feature flag is toggled
- removed flag from labs GA list
2022-01-03 17:45:25 +00:00
Sam Lord
97c68dd388
Replace error handler middleware with @tryghost/mw-error-handler (#13879)
refs: https://github.com/TryGhost/Toolbox/issues/137

Extract error handling middleware and replace with a package.
2021-12-14 15:18:46 +00:00
Naz
b19424acb3 Moved vhost mounts into boot file
refs https://github.com/TryGhost/Toolbox/issues/152

- This stops the mounting of the admin and frontend from being buried deep in express initialisation
- Instead it's explicit, which makes two things almost possible:
   1. we can potentially boot the frontend or backend independently
   2. we can pass services and settings loaded during boot into the frontend
- This needs more work, but we can start to group all the frontend code together
- Meanwhile we also need to rip apart the routing and url services to decouple the frontend from the backend fully
- BABY STEPS!

Co-authored-by: Hannah Wolfe <erisds@gmail.com>
2021-12-06 21:28:53 +13:00
Hannah Wolfe
004371be36
Revert "Removed overly-specific handling of handlebars errors"
This reverts commit 303ea87897.

- Although gscan catches these now, we have a number of sites that have slipped through the net
- Reverting until we get them all cleaned up
2021-12-01 12:04:36 +00:00
Sam Lord
2887e416da
Switch to @tryghost/errors from ignition errors package (#13807)
refs: TryGhost/Toolbox#147

* Replaces all references to isIgnitionError with isGhostError
* Switches use of GhostError to InternalServerError - as GhostError is no longer public
There are places where InternalServerError is not the valid error, and new errors should be added to the @tryghost/errors package to ensure that we can use semantically correct errors in those cases.
2021-12-01 10:22:01 +00:00
Hannah Wolfe
ad9eb35746
Moved theme-specific error handling to frontend
- our themeErrorRenderer is only used in the frontend.. move it there
- this required exposing prepareError as shared middleware
- TODO: move these shared compontents to @tryghost/error
2021-11-29 17:04:01 +00:00
Hannah Wolfe
d7c4168452
Removed HTMLErrorRenderer completely
refs: 0799f02e80
refs: 5e931e2e37

- with the referenced two commits I replaced our old HTML renderer with some code borrowed heavily from finalHandler
- I had intended to modify this further to out put our message, context and help error messages
- However, I ended up doing this in prepareError so it's done for all error renderers
- There's now very little point keeping duplicated code from finalHandler just to output the status code
- If we remove this code, express will fall back to finalHandler anyway, so the output is near identical
2021-11-29 17:00:47 +00:00
Hannah Wolfe
3b069b544f
Cleaned code patterns in error handler
- got rid of old _private & variable pattern in favour of const and module.exports
- changed weird capitalisation naming conventions to be camelCase
- removed some very old TODOs that we're never gonna get TODONE
   - these are mostly old ideas that never made it, and it's been so long they're clearly not important
2021-11-29 16:53:58 +00:00
Hannah Wolfe
8c93bdff41
Removed unnecessary BasicErrorRenderer
refs: 4474ca1a1d
refs: 0799f02e80

The BasicErrorRenderer was created as a fallback for when we needed to not render templates, which is
chiefly when we're trying to render a 404 for an image. Using a template puts us at risk of an infinite 404 loop
if the missing image is referenced in the 404 template.

As of 0799f02e, the HTMLErrorRenderer no longer uses templates - instead we serve a very simple HTML page.
This can be used instead of the BasicErrorRenderer, as it results in a properly formatted error.
Even when sending responses in plain text, the content type is returned as HTML and therefore having an
unformatted error makes no sense - if we really need a non-html format I guess there should be no body at all.
2021-11-29 15:40:55 +00:00
Hannah Wolfe
303ea87897
Removed overly-specific handling of handlebars errors
refs: https://github.com/TryGhost/Ghost/issues/10496
refs: https://github.com/handlebars-lang/handlebars.js/issues/1548

- For a while, handlebars would and could generate quite a lot of obscure sytnax error messages for malformed helpers that we couldn't catch in gscan
- This was fixed in https://github.com/handlebars-lang/handlebars.js/issues/1548
- We have also since added AST parsing to gscan, so if there are more obscure syntax errors, we should be able to add rules to catch them
- Therefore, this additional, overly specific code block isn't needed anymore, so let's clean it up!
2021-11-25 14:53:36 +00:00
Hannah Wolfe
621cfd9866
Moved admin redirect middleware to named file
- moving this middleware because we're about to add a second piece of middleware
- it's easier to see what we have when each middleware is in its own file rather than in one big middleware.js file
2021-11-25 14:29:17 +00:00
Hannah Wolfe
5e931e2e37
Added err.context & err.help to stack traces
- When we handle errors in Ghost, we are supposed to use a pattern of supplying 3 messages:
   - message: what went wrong
   - context: details about why how or where the error happened
   - help: where the user can go to get help with this error
- We do this in many places and our JSON error handler and CLI error logging tools are designed to output this extra information
- However, stack traces, which start with message as the first line and then output the stack are totally missing this
- By injecting the additional messages into the stack once an error has been "ghostified" we should get clearer messages everywhere

Notes:
- I've additionally injected a "Stack Trace:" line that makes it easier to read the error vs the stack
- This code looks a little weird because the lines are inserted backwards, but that allows us to always to the insert at position 1 as per the comment,
   so we don't have to keep track of whether we already injected something or not
2021-11-24 13:01:06 +00:00
Hannah Wolfe
0799f02e80
Rewritten HTMLErrorRenderer w/o asset helper & template
refs: 2af9e2e12

- This new HTMLErrorRenderer is borrowed heavily from finalHandler
   - This is the module that express uses to render errors if there is no custom errorhandler
- It just renders a really simple html page wrapping err.stack in a <pre>
   - This results in a nicely formatted, but unstyled error page
- I also updated BasicErrorRenderer to use the same res.statusCode + err.stack pattern rather than err.message

Note: This error renderer is _only_ used for renderering errors on the `/ghost/` route
 - In almost all cases, errors here are rendered by Ember
 - The only error that can be rendered here is a missing template error see: 2af9e2e12
2021-11-24 13:01:06 +00:00
Hannah Wolfe
2af9e2e125
Fixed error handling for missing admin templates
- If the admin templates default.html or default-prod.html are missing, don't throw a 500
- Instead throw a well considered 400 error with extra help for what to do to fix it
2021-11-24 12:30:41 +00:00
Hannah Wolfe
0c4c9ce553
Moved JSON error handlers next to each other
- helps for comparing and contrasting
- context is largely lost on why we have these two, need to figure it out and if possible, simplify
2021-11-24 11:42:53 +00:00
Hannah Wolfe
f417c4c732
Merged our two maintenance middleware into one
- Reduced our maintenance middleware code down to the bare minimum!
  - We have an old maintenance middleware in place to handle when a site is forcibly put into maintenance mode, or the urlService hasn't finished booting
    - This maintenance middleware was mounted on every sub app, instead of globally for reasons I no longer remember
  - Recently, we introduced a new, static version of maintenence middleware to show during the boot process so we can get the server started earlier & not drop requests
    - This version has its own HTML template and doesn't depend on any of Ghost's error rendering code
  - To simplify and help with decoupling, this commit merges the two middleware, so that the new independent & static middleware renders its template for any one of the 3 possible maintenance modes
    - It only needs to exist in the top level app 🙌

TODO: move the maintenance middleware to its own file/package so it's not part of the app.js as that is weird
2021-11-24 11:27:18 +00:00
Naz
bbc93ff996 Renamed withBackend/withFrotned to backend/frontend
refs https://github.com/TryGhost/Toolbox/issues/135

- Shorter name still makes sense and the "with" might be causing confusion understanding what's gonig on during the boot time
2021-11-22 21:56:32 +13:00
Naz
149c100b4c Fixed frontend initialization in "mock-express" tests
refs https://github.com/TryGhost/Toolbox/issues/135

- Without sensible defaults the web app was not initializing either the backend nor the frontned parts of the application. Fixed the defaults so the problem doesn't happen again and optimized mock-express-style initialization to only initialize the frontend routing
2021-11-22 21:56:32 +13:00
Naz
c12ae81ece Introduced "withFrontend" and "withBackend" flags in boot
refs https://github.com/TryGhost/Toolbox/issues/135

- These flags are meant to control initialization of sections of the boot sequence depending on the needs - with or without bakend (API)/frontend (public handlebars site)
- Ideally these flags should not be passed deep into the components, and if the are (like in the web/parent/app case) it's a smell that we need to move things up into the boot process!
2021-11-22 21:56:32 +13:00
Sam Lord
0692ddf57d Revert "Replace update user last seen middleware with package version"
This reverts commit 07f8c6efbb.

Revert "Remove unused unit test file"

This reverts commit f1798119d3.
2021-11-17 11:00:55 +00:00
Hannah Wolfe
332beaaf90
Moved "vhost-utils" to config helpers
- These are simple functions that get data from config in a specific format
- They are also used by the topmost part of the application
- Config helpers seems like a reasonable fit to get them out of the web folder
- Functions have also been renamed to try to get them to make more sense
2021-11-17 08:37:08 +00:00
Sam Lord
07f8c6efbb Replace update user last seen middleware with package version
no issue

Part of the goal to move these middleware packages to remove untested code from the codebase
2021-11-16 15:58:45 +00:00
Hannah Wolfe
4f9b72ff43
Renamed middlewares to middleware consistently
- This is a minor bugbare, but it will affect some configuration I'm about to do for c8
- I've been wanting to do it for ages, middleware is plural all on it's own so it's an odd affectation in our codebase
- This also only exists in 2 places, everywhere else we use "middleware"
- Sadly it did result in a lot of churn as I did a full find and replace, but consistency is king!
2021-11-16 15:51:47 +00:00
Naz
4721b75463 Moved `/media/thumbnail/ Admin API endpoint to /media/thumbnail/upload
refs  https://github.com/TryGhost/Toolbox/issues/120

- Changed endpoint name as it suits way better to the `/upload` postfix convention we use along with all other endpoints that support file uploads
2021-11-09 16:39:33 +04:00
Naz
61b82e3ae2 Added thumbnail upload endpoint to Media API
closes https://github.com/TryGhost/Toolbox/issues/120

- Allows to update and upload brand new thumbnail images for previusly uploaded media resources
- The endpoint is available udner alpa flag as part of Admin API at `PUT /media/thumbnail/`
- As an input accepts following parameters:
- *required* `file` field containing an image file
- *required* `url` field containing parent media file URL
- *optional* `ref` as a field to put in an ID to reference the resource on the client side

- The response has following format:
```
{
  media: [{
    url: 'http://127.0.0.1:2369/content/images/1991/11/nicevideo_thumb.png'
    ref: 'unique-id-420'
  }]
}
```
2021-11-09 16:07:23 +04:00
Naz
92986b77e3 Renamed whitelist -> allowlist
no issue

- Renames to follow the naming convention from https://mysqlhighavailability.com/mysql-terminology-updates/
2021-11-08 16:09:30 +04:00
Naz
a099073fde Added Files API behind an alpha flag
refs https://github.com/TryGhost/Toolbox/issues/114

- Files API is meant to be used for non-executable file uploads of all sorts
- The files are stored and retrieved for download as-is
2021-11-08 11:40:17 +04:00
Naz
f43eeacfd0 Changed thumbnail to be an optional parameter
refs https://github.com/TryGhost/Toolbox/issues/95

- With incoming support of audio media files thumbnail would not be a required parameter
2021-11-05 17:17:18 +04:00
Naz
142eff22ee Fixed thumbnail file name
refs https://github.com/TryGhost/Toolbox/issues/95

- The uploaded media thumbnail name should have a "_thumb" postfix to be able to distinguish thumbnails from other files. This can be handy if we decide to store them in a different location in the future.
2021-11-04 19:03:45 +04:00
Naz
2dac3d489f Added "mediaAPI" labs flag
refs https://github.com/TryGhost/Toolbox/issues/95

- A flag go control the Media API alpha feature
2021-11-04 10:48:53 +04:00
Naz
091240db48 Added thumbnail upload support to Media API
refs https://github.com/TryGhost/Toolbox/issues/95

- Each media file quires a thumbnail and these changes provide a capability to upload them along with media files.
- The thumbnail file is always required and has to be the format of already supported image formats
- The thumbnail should be uploaded as a part of "thumbnail" attachment in the request
- The regression tests added with this changeset will be claened up and moved to unit-tests (this is a dirty-but-working version!)
- The thumbnail always gets a name of the uploaded media file and keeps it's own extension.
- The thumbnails is accessible under the url present in the "thumbnail_url" reponse field
2021-11-04 10:23:29 +04:00
Fabien 'egg' O'Carroll
da152a0a13
Removed references to Offers labs flag (#13709)
refs https://github.com/TryGhost/Team/issues/1115

This feature is now GA, and the flag has been hardcoded to `true`, here we clean up the
remaining references as they're no longer needed.
2021-11-03 17:11:48 +02:00
Fabien O'Carroll
91efa4605c Used DynamicRedirectManager for Custom Redirects
refs https://github.com/TryGhost/Members/commit/9e59f5a9

Since we have a DynamicRedirectManager for handling adding/removing
redirects at runtime, we no longer need the custom-redirects middleware.
The redirects service does however need an init method now to add the
custom redirects at Ghost boot, so it's been refactored into our Class &
DI pattern.
2021-11-03 07:41:55 +13:00
Naz
d20732ce34 Imroved media validation middleware
refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- Error messages are now more specific when uploaded media files fail the validation check
2021-11-03 00:33:28 +13:00
Naz
f9a8edb1a0 Refactored upload middleware
refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- Using a wrapping object to store enableClear/multer instances didn't make any sense
2021-11-03 00:33:28 +13:00
Naz
4a551661d9 Implemented '/media/upload' API endpoint
refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- This is an experimental implementation of video file upload support
- Also the output serializer skipped use of url utils in favor of inline implementatoin - this should almost certainly be it's own package
2021-11-03 00:33:28 +13:00
Fabien O'Carroll
f3bb6b43a5 Added Offers feature to Ghost
refs https://github.com/TryGhost/Team/issues/1115

This allows users to create Offers for Tier/Cadence pairs in order to
provide discounted subscriptions to Members! We have support for
percentage based discounts & fixed price discounts, either for the first
payment, all payments, or a number of monthly payments.

Offers also have a code, which can be used as an easy way to share them,
as visiting https://site.com/offer-code will automatically open Portal
with the Offer prepopulated.
2021-10-22 17:55:34 +02:00
Kevin Ansfield
d7fbf94d91
Fixed ETag header for admin templates not changing between versions (#13680)
refs https://github.com/TryGhost/Team/issues/1175

We found the ETag header sent when serving the Admin template for /ghost/ was not changing between versions which after an upgrade could result in out of date cached content being served containing links to JS/CSS files that no longer existed.

The culprit is weak etags served by Node's `send` package, coupled with Admin template filesize not changing between versions and `npm pack` setting a fixed modification date for every file. See https://github.com/pillarjs/send/issues/176 for more details.

- updated the Admin app's controller to read the template and generate an md5 hash of the contents so we can serve a strong ETag header value when serving the `/ghost/` html
2021-10-22 14:25:58 +01:00
Daniel Lockyer
ed6a8dca76 Inlined package requires to save boot time and memory
no issue

- following on from f4fb0fcbaa,
  this commit moves around some package requires in Ghost
- these are often niche packages that do something in a subsystem of
  Ghost, and are not necessarily be needed to boot the application
- these packages use non-negligible CPU and memory when they are
  required, so it makes sense to lazy-require them
- the concern here is that we obscure the code too much by moving
  random requires further into code, but the changes are small and the
  improvements big
- this commit bring the boot time since 4.19.0 down ~31% and initial
  memory usage down by a total of ~12%
2021-10-22 09:57:59 +02:00
Hannah Wolfe
faea2da596
Moved server/web/site to frontend/web
- we're slowly trying to draw the lines between the backend and the frontend correctly
- these files deal only with serving the frontend so they should live there
- there are lots of mixed requires in these files, so having them in the right place makes that clear
2021-10-21 19:28:18 +01:00
Naz
07afb08875 Made storage calls related to images use "images" feature
refs https://linear.app/tryghost/issue/CORE-1/multiple-adapters-per-type

- Having this preemptive change allows to separate implementation of "image" storage from future usecases like "videos", "audios" etc. Even if the "image" adapter is not configured the default behavior will fallback to use the "active" storage adapter. If there's a need to handle "images" differently through a custom apapter that'll work out of the box ;)
2021-10-21 20:22:45 +13:00
Naz
51b78211c5 Renamed bootstrap to routerManager
refs https://linear.app/tryghost/issue/CORE-104/decouple-frontend-routing-events-from-urlserver-events

- A follow up rename after bootstrap module was transformed into class
2021-10-19 07:29:09 +13:00