refs https://github.com/TryGhost/Toolbox/issues/276
- this removes the PR numbers from commit messages that we prepate for
the changelog
- removing it prevents us needing to fix the path to the PR if the
commit was done in a different repo
refs https://github.com/TryGhost/Ghost/pull/14780
refs https://github.com/TryGhost/Team/issues/1583
- We need transaction support in the limit-service so that we can run the count queries in the same transaction
- This is required to avoid deadlocks when we check the limits when a transaction is in progress on the same tables
- This issue specifically is required for newsletters, where we start a transaction when creating a newsletter.
- Bumped `eslint-plugin-ghost` so we have newer ECMA features available
- Updated README
- Renamed `metadata` to `options` in `limit-service`
refs: https://github.com/TryGhost/Ghost/issues/14446
- currently ghost will upgrade configured urls to https if a secure request comes into a http configured site
- we no longer want to support this feature
- instead, ghost will strictly honour the configured URL
refs https://github.com/TryGhost/Toolbox/issues/292
- There are couple of reasons why we don't want to include the query string information in the outgoing notification emails:
- 1. Security - we can expose the Content API key to an unauthorized person. The emails go out to administrators, so they have access to this data anyway. But for example they might forward full email content to someone from “tech team” or whoever is not really authorized to see it.
2. It looks a bit ugly and could be waaay to long breaking the email layou
refs https://github.com/TryGhost/Toolbox/issues/292
- Providing user-defined Integration name instead of API client's UserAgent gives a lot more control to instance administrators identifying which integration is being used incorrectly.
- It's best practice to create an Integration with a set of API keys per API client - which should be enough to identify an outdated one.
refs https://github.com/TryGhost/Toolbox/issues/292
- The version mismatch middleware middleware is the best place where the information can be assembled for the APIVersionCompatibilityService to handle. We need API key identification information to be able to pick up the integration name when sending a notification email to the administrators
refs https://github.com/TryGhost/Toolbox/issues/292
- This information is needed for the emails used to notify the instance admins about version mismatch.
- The identification information is different for Content and Admin keys because of their nature. Content API keys send the unique "secret" value in plaintext, Admin API keys send key id (kid) as a part of token payload and that's the easiest accessible information available without a need to query the db in another parts of the system.
refs https://github.com/TryGhost/Toolbox/issues/292
- Allows to detect and extract admin api key ID value. The reason why we are not dealing withe the "secret" value here in a similar way as Content API key is to keep the package independent from the model layer. It only provides "identification" information along with the key type so that the version mismatch data service can deal with this information in an optimal way (just one db query).
refs https://github.com/TryGhost/Toolbox/issues/292
- The package is meant to be one stop shop for extraction of any API keys from requests known to Ghost
- To start with it should detect and return keys for Content and Admin APIs for the purposes of api version mismatch handling
refs https://github.com/TryGhost/Toolbox/issues/292
- The version-notifications-data-service did not resolve correctly after it was removed from it's package.json. It should have been declared here from the get go!
refs https://github.com/TryGhost/Toolbox/issues/292
- The service used to take in a whole bunch of functions as parameters and did expect the client to know about the "version-notifications-data-service" which is not necessary and make the constructor API a notch complicated
- Putting in the data service initialization internally allows for the client to pass in less parameters and know less abou the internal working of the service - way easier to use!
refs https://github.com/TryGhost/Toolbox/issues/292
- There was a typo in the variable name - req.originalURL is NOT does not exist on express' reqest object
- Added tests to avoid similar mistake again
- As of Ghost 5.0 we only use the V2 version of jsonErrorRenderer
- Removed the old one, and renamed the V2 to not have a suffix any more
- Added 100% coverage to tests whilst here
refs https://github.com/TryGhost/Toolbox/issues/292
- When the handler recognizes a Zapier client it should send an email using Zapier-specific template with instructions more suitable for Zap failure
refs https://github.com/TryGhost/Toolbox/issues/292
- The html/text emails is a desired system that's used in Ghost core and should be reused with version mismatch notification emails too.
- Currently there's only one template defined "generic-mismatch" and the original file for it can be found under /templates/generic-mismatch.html
- If we need to distinguish user agents we can addd more templates to the `/templates/` folder
refs https://github.com/TryGhost/Toolbox/issues/292
- With the package being out of TryGhost/Ghost codebase the paths have changed and needed to introdude a concept of "fixtures" for the package to be able to funciton independently