- Makes the logic for determining the admin and frontend vhost args independent and easier to test
- Moved the tests to specifically test the vhost utils & removed proxyquire as a dependency
- We want to breakdown the current parent app into the existing core/app.js and boot code, allowing us to decouple the backend and frontend further
- This is all part of the refactoring to separate server and frontend completely
fixes https://github.com/TryGhost/Team/issues/818
- validation on query parameters should be wrapped in `options` within
`validation`
- this is missing from the theme install API endpoint so we don't force
the parameters to be passed in
- Ghost throws a 500 if `ref` is not supplied because following code
assumes we've checked the existence
- this commit wraps the two query parameter validation statements in
an `options` object to ensure they exist - Ghost returns a 422 if
missing
refs d9ddc2db6a
refs https://github.com/TryGhost/Team/issues/754
- The tests were written with falsy assumptions and validation added in refed commit have uncovered it!
- A secondary issue touched here is additional JSON object serialization that is used in the "input serializer" -d9ddc2db6a/core/server/api/v2/utils/serializers/input/settings.js (L107-L110)
- The additional stringification should not be there at all. It covers for a mistaken internal use of Settings API where raw objects are passed around instead of serialized JSON Objects (see commets left with this changeset for details)
refs https://github.com/TryGhost/Team/issues/754
refs a7dec233ba
- Additional validation protects from problems like the ones in refed commit from even getting through to the database.
- At the moment only used notificatons and couple more settings to ensure they are arrays when passed into the API. This is to avoid making big change in settings straight away - this is a problematic area which needs cautious approach.
- Ideally in the future the list of settings to check the "array" type (and other types) should be automatically generated based on the default-settings.json (or whatever way we define settings in the db a that moment)
- There's an ugly code-tripplication going on in this change. This is a separate topic that will be addressed once we work on API cleanup.
- config now exposes a few helpful methods: getSubdir, getSiteUrl, and getAdminUrl
- we can use these directly, instead of needing url-utils
- switching this inside of the boot process allows us to move the loading of url-utils into `initCore` which happens after the server has started and the database is ready
- this moves 100ms of loading time to later in the process
- also simplifies the initial loading
- Cleaned up some of the comments
- Added proper method signatures where appropriate
- Split initDynamicRouting out from initServices, to make that clearer to read
refs 0d0e09f173
refs https://github.com/TryGhost/Team/issues/754
- As per comment on the top of boot.js:
// IMPORTANT: The only global requires here should be overrides + debug so we can monitor timings with DEBUG=ghost:boot* node ghost
- Referenced change broke the rule above and would have caused all sorts of boot problems.
refs https://github.com/TryGhost/Team/issues/804
The associative table is used to implement the many-to-many relationship
between Products and Benefits. The `sort_order` column is needed because
a product's benefits should be orderable by an admin.
refs https://github.com/TryGhost/Team/issues/804
Benefits are tag-like resources which will be associated with Products.
The first iteration just requires a name for the benefit, which will be
stored as plaintext.
refs 188de00489
- this fix was incorrect - the function should have been on the
prototype but I'd moved it over incorrectly into the static class functions
- this commit moves `defaultColumnsToFetch` to the prototype functions
and reverts the referenced commit back to `this.prototype` as expected
- this wasn't including the custom columns from the `post` model, which
was causing tests to fail
- pro tip: run tests!
refs https://github.com/TryGhost/Team/issues/754
closes https://github.com/TryGhost/Ghost/issues/13088
refs a7dec233ba
- The corrupted data recovery mechanism for notifications is needed to be able to fix the data stored in `settings` table under `notifications` key. There was no validation in place, which has caused some instances to store data in unreadable/writable state
- The recovery mechanism is in place to avoid adding migrations every time we spot a broken notifications data (will be fixed by validation soon).
- The notification data is also NOT critical but valuable for system functioning properly, that's the reason why the data "healing" happens in less secure "fire-and-forget" way
- The referenced commit is where the "bigger" problem that was causing the data corruption was at. This change is a "cleanup" after what has happened there - storing Ghost error object in `value` for `notifications` key
refs a457631a20
- `defaultColumnsToFetch` was moved to the CRUD plugin in the referenced
commit, which makes it a function on `this` instead of `this.prototype`
- this means the function doesn't exist and Admin throws an error when
you start typing in the search bar because the API 500s
- this commit switches it to `this.defaultColumnsToFetch()`
refs https://github.com/TryGhost/Team/issues/808
- see referenced issue for context, but turning this function into
async-await seems to have broken error handling when deleting things
that don't exist
- i'm really not sure why - but my running theory is that it's something
to do with Bluebird Promises vs native Promises
- this should keep the same functionality until I can investigate what
is going on
fixes https://github.com/TryGhost/Team/issues/809
- Bookshelf won't throw a `NotFoundError` unless `require=true` in the
options
- this is present in most other API endpoints, so it's just simply
missing from the snippet one
- without this, Ghost will crash with a 500 saying `Cannot read property
'destroy' of null`
- this commit adds `require=true` to the destroy options for both the canary +
v3 endpoints
refs: #12808
- we need to use the uuid, not the id, so that e.g. unsubscribe urls are set correctly
- this is only for test emails, but it's still important to be able to test things fully!
refs https://github.com/TryGhost/Team/issues/754
- The logging wasn't working for the update check when run from the scheduled job. Fixed package method signature to allow for "logging" parameter. The sideeffect of this change was such that we need to instantiate a new instance of the UpdateCheckService on every method call to differentiate the call from within the code (controller) or from the job level
- Also added an await before returning the check method call as it didn't execute properly on the job level - the `await` wasn't waiting for the update check to actually do it's job!
issue https://github.com/TryGhost/Team/issues/750
- Only accessible by admins
- Resets all staff users' passwords and prevents them to log-in
- Sends them a reset email password to give them back access to their account
- Closes all existing staff user sessions
refs https://github.com/TryGhost/Team/issues/765
This supercedes the `complimentary_plan` flag, as it is more precise
because it determines _which_ product(s) a member has access to. Because
of this, if the `products` column is present the `complimentary_plan`
column is not used.
refs https://github.com/TryGhost/Team/issues/765
Since Members can be given complimentary access to one of many products,
we must include which products a member has access to when exporting
from Ghost. This will allow us to reimport without losing information.
refs https://github.com/TryGhost/Team/issues/765
As part of the multiple products feature, we're not longer using Stripe
subscriptions to denote Complimentary access, instead we're linking
members directly to products. Here we update the importer to follow
suit, so long as the flag is enabled.
refs https://github.com/TryGhost/Team/issues/754
- This is a minor cleanup. There should be no logic in the boot.js file other than calling services to "initialize themselves"
refs 474e6c4c45
- The method was not easy to understand after skimming through it.
- As we are working on developing a similar pattern for upcoming similar featured created a basic test suited to see input/output relation clearly
no issue
- idex.js files are meant to expose the API of the module and not contain code
- Next step would be reworking the code to use class/injection pattern
no refs
- without crossorigin=anonymous attribute, browsers obfuscate error messages from external scripts, which makes error tracking with sentry impossible
- with crossorigin attribute, portal script needs to be served with cors header or browsers will block it
- unpkg already serves the script with `access-control-allow-origin: *`
refs https://github.com/TryGhost/Team/issues/793
New settings added for newsletter customisation options:
- `newsletter_header_image` - `null/"$url"`
- `newsletter_show_header_icon` - `"true/false"`
- `newsletter_show_header_title` - `"true/false"`
- `newsletter_title_alignment` - `"center/left"`
- `newsletter_title_font_category` - `"serif/sans_serif"`
- `newsletter_show_feature_image` - `"true/false"`
`newsletter_show_header` has been dropped because the same functionality can be achieved by setting both `newsletter_show_header_icon` and `newsletter_show_header_title` to `false`
---
- migration to convert and delete `newsletter_show_header` setting
- removed `newsletter_show_header` from default settings to ensure it doesn't get re-created
- replaced main labs template and template settings generation with the labs template
- deleted labs template
refs https://github.com/TryGhost/Team/issues/768
- `portal_products` stores list of products available in Portal
- adds new `portal_products` setting to default settings
- adds migration to populate `portal_products` with current product so its available by default
- update tests
- We were using the same bind pattern for both internal-only and public helpers
- Binding helpers to config makes them available throughout the codebase
- Removing the binding doesn't make the code much more complicated, but it does make the Public API of the config module a lot clearer
- The new @tryghost/config-url-helpers has a pattern of exposing bindAll()
- Changed the local (non url) helpers to have the same pattern for consistency
- Also fixed types as best I can
- getSubdir, getSiteUrl & getAdminUrl were currently part of @tryghost/url-utils
- They have been split out into their own library, and refactored so that they expect to be bound to nconf
- With this commit we can do e.g. config.getSubdir() rather than needing @tryghost/url-utils
- These functions will be passed to url-utils via DI
- This is the first step in breaking down url-utils into smaller pieces
- This commit only does a single change in Gruntfile.js to use the new funtions - this will be rolled out slowly
no issue
- when feature image redesign flag is enabled add the caption under the feature image when available
- adds extra class for feature image so spacing can be adjusted when the caption is present
no issue
- `setId` is only used within the `events` plugin and it makes sense to
keep code together
- we don't lose anything by putting it here, but it should make it
easier to test in the future
refs https://github.com/TryGhost/Team/issues/748
This updates the @tryghost/members-api MemberRepository to stop ignoring
the `products` data passed to write operations, and to attach products
directly to members. As this logic is part of a new feature, we are
maintaining existing functionality by deleting the products data when
the feature flag is not enabled.
This functionality allows us to give members complimentary access to a
product without needing to use a Stripe Subscription internally.
no issue
- `formatOnWrite` doesn't override anything in Bookshelf but we use it
within the `override` plugin and sub-models may override it, so it's
easier to keep these things together
no issue
- we were only importing the `db` to access the `knex` instance, but
we can get this through the Bookshelf instance
- switches to pulling out `knex` from Bookshelf so we can remove the
remaining local require
no issue
- this commit extracts code relating to bulk DB operations into a
separate plugin
- it __could__ go into the CRUD one but these operations are a little
more involved
no issue
- this commit extracts event related code from the Base model into a plugin
- in particular:
- events initialization
- the `on*` events
- `emitChange` - I'm not sure about this one but it __is__ event
related
no issue
- this commit extracts code related to Actions from the Base model into
a separate plugin
- `api-key.js` contained the exact same helper function as the Base
model so that has been de-duplicated
no issue
- I'm working on pulling apart the base index.js and this code is
specific to setting up Bookshelf + the plugins, which is pretty
contained and can stay in one file
- it only has one local require so it might be a good candidate for
extracting out of Ghost in the future
no issue
Fixes commit caea330647 when running on Ghost (Pro), this is a temporary patch that will be removed when there are no references to the logging module.
- There are two different types of function here
1. "helpers" are public API - config.something() that provide dynamic helpers on top of config
2. "utils" are internal methods used only by config itself
- This commit makes this distinction clearer, although we should also change the code to enforce that utils are not exposed
- Renamed the file in line with our rules around index.js files
- Cleaned up some outdated code patterns
- Want to make the config module a little clearer in what it does
refs https://github.com/TryGhost/Team/issues/775
As we currently do not delete canceled subscriptions and they are
exposed via the API, this functionality has been added to the
editSubscription controller method under the PUT HTTP method.
The cancelSubscription method in @tryghost/members-api was updated to
handle deleting by member id
- Part of the effort to split Ghost down into smaller, decoupled pieces
- Moved out our internal validator tooling to a separate library
- Replaced all usage of our own tooling and validatorjs directly with @tryghost/validator
- Removed the validatorjs dependency and removed the renovate pin
- This gives us a consistant, smaller, clearer public API for validations
- It will eventually be used on Ghost Admin too
- This way we can start getting up to date with validator whilst not increasing build size
no issue
- we're going to pull this out into the framework monorepo but
refactoring it here first makes it a lot easier to extract without
losing the history
no issue
The only pieces of Ghost-Ignition used in Ghost were debug and
logging. Both of these modules have been superceded by the Framework
monorepo, and all usages of Ignition have now been removed, replaced
with @tryghost/debug and @tryghost/logging.
no issue
- we're going to pull this out into the `framework` monorepo but
refactoring it here first makes it a lot easier to extract without
losing the history
- note: this is very temporary and will be extracted soon
- renamed our internal validation library to "validator" - which is the same as the tool it wraps
- updated the public api so that validator methods are directly exposed
- this will make it a drop-in replacement for validator-js
- in turn, this allows us to pull this out into @tryghost/validator, and use our own wrapper instead of the 3rd party library
- General code cleanup
- Removed unused notContains rule
- Swapped custom empty rule for builtin isEmpty rule
- Dropped usage of .extend on validator, as this was removed 2 years ago!
- This will allow us to upgrade the validator dependency to a much newer version
- Changed our internal validator module to only expose the functions we use.
- This gives us a clearer Public API
- It makes it easier to see if we are affected by changes in validator
- It's still easy to add another validator, we just have to update what we require
- We can potentially use this to make smaller builds esp for client-side usage
- Once ripped out into a module we can use ES imports :D
- Rejigged and _slightly_ improved the tests
no issue
Part of the effort to split ghost into smaller, decoupled parts. The
@root-utils package lets us avoid hard-coding a path to package.json,
and means that the ghost-version.js file could eventually be moved
into a separate module.
This commit uses a patched version of @tryghost/root-utils which
checks for the existence of a `current` directory, as used in
Ghost-CLI. Since this is very specific to Ghost and Ghost CLI, there's
a new method called "getGhostRoot" for this purpose.
refs:
- cf15f60085
- dd20cc649b
- ccf27f7009
- abf146d61f
- 2b54c92a14
- bb029a53f6
- 95bd7ee675
- 9018b4df22
- df01a6e5f4
- d313726b34
- these plugins were in a state where they were independent enough to be
pulled out into their own packages, which is what we did in the
referenced commits above
- each package is named like `@tryghost/bookshelf-<plugin>`
- to avoid requiring multiple packages into Ghost, we've also created a
wrapper package called `@tryghost/bookshelf-plugins` which re-exports
all these plugins, so the changes in Ghost are very simple - dbebdd43b5
- this commit deletes the plugins + tests, and replaces with our new
package with some minor code changes
- This is super specific code relating only to validating passwords.
- It's needed as a shared validator as we use other funnels to help people setup Ghost on Pro, but currently it's hard-baked into Ghost
- It's also not the greatest code. It'd be nice to be able to rework it and know that would automatically update everywhere passwords are set
- This is a really specific piece of code related to validating models against our internal schema.js format
- This doesn't make sense without a schema.js file
- It does depend on the internal validator and validate tools - but those are used elsewhere too, and can reasonably be moved out of the codebase
- I don't see schema.js moving out of the codebase any time soon. We can move the validator but it would be a class that requires schema via DI
- For now my focus is on getting the data/validation tooling separated and making clear sense
- Improving data/schema can come later :)
no issue
- `options` is not a correct type, so changed it to `Object` - maybe we
could introduce an `options` type at some point
- also fixed another case of incorrect subtype extraction from
`bookshelf`
no refs
- adding/changing products needs cache invalidation header otherwise frontend endpoints like `/members/api/site` use cached product data
- adds cache invalidation for both add and edit endpoints for products
refs d783a8d2d4
- we're removing i18n from Ghost core because it no longer meets our
needs
- this switches out i18n in the base Bookshelf model for our
`tryghost/tpl` package with a `messages` object of strings sprinkled
through the code
no issue
- eager-load: turned param import into typedef for reusability and fixed
attribute typing
- pagination:
- removed typing on helper function object - this was incorrect and
tsserver can pick up the real types a lot better, so removing it
reduces maintenance overhead
- `fetchPage` actually returns a Promise, so this fixes the typing
on the docs