Commit Graph

867 Commits

Author SHA1 Message Date
renovate[bot]
d6d6be1327 Update dependency knex to v2.2.0 2022-07-19 00:27:50 +00:00
Simon Backx
05d82b35c7 Published new versions
- @tryghost/image-transform@1.2.0
 - @tryghost/mw-error-handler@1.0.4
 - @tryghost/vhost-middleware@1.0.27
2022-07-15 15:16:47 +02:00
Simon Backx
6cc92fac9a Added support for transforming AVIF files
no issue

- This adds the possibility to format AVIF files in Ghost if requested.
- This format is supported in Sharp
- Provides smaller file sizes than webp
2022-07-15 15:12:56 +02:00
renovate[bot]
035ef523f4 Update dependency supertest to v6.2.4 2022-07-04 01:28:27 +00:00
Renovate Bot
073d1f4deb Update dependency @tryghost/errors to v1.2.14 2022-06-02 01:49:26 +00:00
Simon Backx
14ae3a0ddd Published new versions
- @tryghost/database-info@0.3.7
 - @tryghost/image-transform@1.1.0
 - @tryghost/mw-error-handler@1.0.3
2022-05-27 16:07:52 +02:00
Simon Backx
8b440b051f Added support for converting image types, gifs and svgs (#191)
refs https://github.com/TryGhost/Team/issues/1652
refs https://github.com/TryGhost/Ghost/issues/13319

- Added support for animated webp and gifs optimization and resizing
- Added optinal `format` option to `unsafeResizeFromBuffer` and `resizeFromBuffer`. E.g. allows you to convert a .svg file to a .png.
- Added optional `animated` option  to `unsafeResizeFromBuffer` and `resizeFromBuffer`. Defaults to 'maintain animation'.
- Added optional `withoutEnlargement` option  to `unsafeResizeFromBuffer` and `resizeFromBuffer`. Defaults to true. Required to increase SVG size.
- Removed gif and svg from `canTransformFileExtension`. They are supported by sharp now.
- Added `shouldResizeFileExtension` method, which returns if we should resize an image. This is required to prevent resizing SVG files (while it is supported, it is not desired), while allowing them to be converted to PNG (thats why a new method was needed).
- Added `canTransformToFormat` to validate the `format` option.
- Improved TS/JSDoc type inheritance when `makeSafe` is used.
2022-05-27 16:06:46 +02:00
Renovate Bot
87338012f0 Update dependency knex to v2.1.0 2022-05-26 22:18:30 +00:00
Renovate Bot
d135ffd227 Update dependency @tryghost/errors to v1.2.13 2022-05-26 16:42:33 +00:00
Matt Hanley
887c3a6fee Published new versions
- @tryghost/api-version-compatibility-service@0.4.3
2022-05-24 16:30:26 +01:00
Peter Schulz
9a7467f343 Removed copy error in generic message 2022-05-24 08:22:00 -07:00
Daniel Lockyer
d8af7189e7 Published new versions
- @tryghost/adapter-manager@0.2.32
 - @tryghost/api-version-compatibility-service@0.4.2
 - @tryghost/bootstrap-socket@0.2.21
 - @tryghost/config-url-helpers@1.0.1
 - @tryghost/constants@1.0.6
 - @tryghost/database-info@0.3.6
 - @tryghost/email-content-generator@0.1.3
 - @tryghost/image-transform@1.0.33
 - @tryghost/job-manager@0.8.25
 - @tryghost/limit-service@1.2.1
 - @tryghost/minifier@0.1.16
 - @tryghost/moleculer-service-from-class@0.2.27
 - @tryghost/mw-api-version-mismatch@0.2.2
 - @tryghost/mw-error-handler@1.0.2
 - @tryghost/mw-session-from-token@0.1.33
 - @tryghost/mw-update-user-last-seen@0.1.7
 - @tryghost/package-json@1.0.22
 - @tryghost/pretty-cli@1.2.28
 - @tryghost/promise@0.1.19
 - @tryghost/release-utils@0.8.0
 - @tryghost/security@0.3.2
 - @tryghost/session-service@0.1.43
 - @tryghost/settings-path-manager@0.1.8
 - @tryghost/version-notifications-data-service@0.2.1
 - @tryghost/vhost-middleware@1.0.26
 - @tryghost/zip@1.1.26
2022-05-24 13:06:28 +02:00
Daniel Lockyer
40b1ad25ca Removed pull request numbers from commit messages
refs https://github.com/TryGhost/Toolbox/issues/276

- this removes the PR numbers from commit messages that we prepate for
  the changelog
- removing it prevents us needing to fix the path to the PR if the
  commit was done in a different repo
2022-05-24 13:05:02 +02:00
Renovate Bot
74ff5d48de Update dependency c8 to v7.11.3 2022-05-16 04:56:38 +00:00
Simon Backx
89994bff47 Published new versions
- @tryghost/limit-service@1.2.0
2022-05-12 13:41:51 +02:00
Simon Backx
cb7e7d34da Added transaction support to limit-service (#190)
refs https://github.com/TryGhost/Ghost/pull/14780
refs https://github.com/TryGhost/Team/issues/1583

- We need transaction support in the limit-service so that we can run the count queries in the same transaction
- This is required to avoid deadlocks when we check the limits when a transaction is in progress on the same tables
- This issue specifically is required for newsletters, where we start a transaction when creating a newsletter.
- Bumped `eslint-plugin-ghost` so we have newer ECMA features available
- Updated README
- Renamed `metadata` to `options` in `limit-service`
2022-05-12 13:40:41 +02:00
Hannah Wolfe
9f96d256bc Published new versions
- @tryghost/config-url-helpers@1.0.0
2022-05-11 10:38:59 +01:00
Hannah Wolfe
2a9fca6427 Removed support for mixed http/https mode
refs: https://github.com/TryGhost/Ghost/issues/14446

- currently ghost will upgrade configured urls to https if a secure request comes into a http configured site
- we no longer want to support this feature
- instead, ghost will strictly honour the configured URL
2022-05-11 10:38:26 +01:00
Naz
4627a77a99 Published new versions
- @tryghost/api-version-compatibility-service@0.4.1
 - @tryghost/mw-api-version-mismatch@0.2.1
2022-05-11 10:49:43 +08:00
Naz
d9d84c25ec Changes email notification template copy
refs https://github.com/TryGhost/Toolbox/issues/292

- Copy change was based on feedback pointed out by Peter.
2022-05-11 10:48:32 +08:00
Naz
3010d498ca Added query string trimming from the original URL
refs https://github.com/TryGhost/Toolbox/issues/292

- There are couple of reasons why we don't want to include the query string information in the outgoing notification emails:
- 1. Security - we can expose the Content API key to an unauthorized person. The emails go out to administrators, so they have access to this data anyway. But for example they might forward full email content to someone from “tech team” or whoever is not really authorized to see it.
2. It looks a bit ugly and could be waaay to long breaking the email layou
2022-05-11 10:40:09 +08:00
Naz
32d888d3cc Fixed email copy based on feedback
refs https://github.com/TryGhost/Toolbox/issues/292

- The email copy had a few bits that were off after the review. This fixes them.
2022-05-11 10:37:18 +08:00
Naz
9d875e7d45 Fixed use of integration name in the email subject
refs https://github.com/TryGhost/Toolbox/issues/292

- The integraton name should be used instead of the user agent!
2022-05-11 10:08:32 +08:00
Naz
e0e1ca0c78 Published new versions
- @tryghost/api-version-compatibility-service@0.4.0
 - @tryghost/mw-api-version-mismatch@0.2.0
2022-05-10 17:35:08 +08:00
Naz
8cc9fc4353 Substituted UserAgent with Integration Name in emails
refs https://github.com/TryGhost/Toolbox/issues/292

- Providing user-defined Integration name instead of API client's UserAgent gives a lot more control to instance administrators identifying which integration is being used incorrectly.
- It's best practice to create an Integration with a set of API keys per API client - which should be enough to identify an outdated one.
2022-05-10 17:33:15 +08:00
Naz
09594cb5e1 Updated version mismatch middleware to handle API keys
refs https://github.com/TryGhost/Toolbox/issues/292

- The version mismatch middleware middleware is the best place where the information can be assembled for the  APIVersionCompatibilityService to handle. We need API key identification information to be able to pick up the integration name when sending a notification email to the administrators
2022-05-10 16:44:18 +08:00
Naz
c317069c75 Published new versions
- @tryghost/api-version-compatibility-service@0.3.2
 - @tryghost/version-notifications-data-service@0.2.0
2022-05-10 16:28:10 +08:00
Naz
baef69f968 Added Integration name extraction based on API Key data
refs https://github.com/TryGhost/Toolbox/issues/292

- This information is needed for the emails used to notify the instance admins about version mismatch.
- The identification information is different for Content and Admin keys because of their nature. Content API keys send the unique "secret" value in plaintext, Admin API keys send key id (kid) as a part of token payload and that's the easiest accessible information available without a need to query the db in another parts of the system.
2022-05-10 16:26:52 +08:00
Naz
fbd7e206dc Published new versions
- @tryghost/extract-api-key@0.1.0
2022-05-10 16:11:42 +08:00
Naz
41103000d2 Added support for Admin API key extraction
refs https://github.com/TryGhost/Toolbox/issues/292

- Allows to detect and extract admin api key ID value. The reason why we are not dealing withe the "secret" value here in a similar way as Content API key is to keep the package independent from the model layer. It only provides "identification" information along with the key type so that the version mismatch data service can deal with this information in an optimal way (just one db query).
2022-05-10 16:08:54 +08:00
Naz
988acff403 Simplified returned data from api key extraction
refs https://github.com/TryGhost/Toolbox/issues/292

- We can query the data base by the API key itself, there's no need for type of the API  at any point yet
2022-05-10 14:44:55 +08:00
Naz
ef0de40228 Added extra test for output when request has no keys
refs https://github.com/TryGhost/Toolbox/issues/292

- Providing extra coverage so the outputs are clear
2022-05-10 14:18:38 +08:00
Naz
b4445cf6e0 Bootstrapped api key extractor package
refs https://github.com/TryGhost/Toolbox/issues/292

- The package is meant to be one stop shop for extraction of any API keys from requests known to Ghost
- To start with it should detect and return keys for Content and Admin APIs for the purposes of api version mismatch handling
2022-05-10 12:37:05 +08:00
Naz
8e0f9f0be4 Published new versions
- @tryghost/api-version-compatibility-service@0.3.1
2022-05-09 20:01:58 +08:00
Naz
6bcc0fcc86 Fixed dependency for @tryghost/version-notifications-data-service
refs https://github.com/TryGhost/Toolbox/issues/292

- The version-notifications-data-service did not resolve correctly after it was removed from it's package.json. It should have been declared here from the get go!
2022-05-09 20:00:57 +08:00
Naz
c5b8d073d7 Published new versions
- @tryghost/adapter-manager@0.2.31
 - @tryghost/api-version-compatibility-service@0.3.0
 - @tryghost/bootstrap-socket@0.2.20
 - @tryghost/config-url-helpers@0.1.8
 - @tryghost/constants@1.0.5
 - @tryghost/database-info@0.3.5
 - @tryghost/email-content-generator@0.1.2
 - @tryghost/image-transform@1.0.32
 - @tryghost/job-manager@0.8.24
 - @tryghost/limit-service@1.1.3
 - @tryghost/minifier@0.1.15
 - @tryghost/moleculer-service-from-class@0.2.26
 - @tryghost/mw-api-version-mismatch@0.1.4
 - @tryghost/mw-error-handler@1.0.1
 - @tryghost/mw-session-from-token@0.1.32
 - @tryghost/mw-update-user-last-seen@0.1.6
 - @tryghost/package-json@1.0.21
 - @tryghost/pretty-cli@1.2.27
 - @tryghost/promise@0.1.18
 - @tryghost/release-utils@0.7.15
 - @tryghost/security@0.3.1
 - @tryghost/session-service@0.1.42
 - @tryghost/settings-path-manager@0.1.7
 - @tryghost/update-check-service@0.3.4
 - @tryghost/version-notifications-data-service@0.1.2
 - @tryghost/zip@1.1.25
2022-05-09 18:25:48 +08:00
Naz
a730b63ee0 Added JSDocs to the version notification service
refs https://github.com/TryGhost/Toolbox/issues/292
2022-05-09 18:15:46 +08:00
Naz
35031b8f2e Refactored api version compatibility service API
refs https://github.com/TryGhost/Toolbox/issues/292

- The service used to take in a whole bunch of functions as parameters and did expect the client to know about the "version-notifications-data-service" which is not necessary and make the constructor API a notch complicated
- Putting in the data service initialization internally allows for the client to pass in less parameters and know less abou the internal working of the service - way easier to use!
2022-05-09 18:14:41 +08:00
Naz
e2c7c21e86 Added typings to the middleware to imporve checks
refs https://github.com/TryGhost/Toolbox/issues/292

- Having types would potentially have prevented a bug from a parent commit with mistyped property name
2022-05-09 15:35:09 +08:00
Naz
7419ff2c4f Fixed requestURL value passed to the APIVersionCompatibilityService
refs https://github.com/TryGhost/Toolbox/issues/292

- There was a typo in the variable name - req.originalURL is NOT does not exist on express' reqest object
- Added tests to avoid similar mistake again
2022-05-09 15:35:09 +08:00
Renovate Bot
82b83743a7 Update dependency sinon to v14 2022-05-09 00:14:50 +00:00
Hannah Wolfe
7b6b8192e3 Published new versions
- @tryghost/mw-error-handler@1.0.0
 - @tryghost/security@0.3.0
2022-05-06 15:46:34 +01:00
Hannah Wolfe
0ad0cee19b Removed unused jsonErrorRenderer + renamed V2
- As of Ghost 5.0 we only use the V2 version of jsonErrorRenderer
- Removed the old one, and renamed the V2 to not have a suffix any more
- Added 100% coverage to tests whilst here
2022-05-06 15:45:41 +01:00
Hannah Wolfe
3a7613a46e Added secret.create util to security package
- this utility existed twice in the ghost codebase:
   - f6fb823ce9/core/server/models/api-key.js (L24)
   - f6fb823ce9/core/server/data/migrations/versions/4.0/22-solve-orphaned-webhooks.js (L7)
- We also potentially need it for a second migration use case
- so moved it here, made it slightly more generic and also deprecated identifier.uid in favour of using this method as they do the same thing, but secret.create uses crypto properly
2022-05-06 15:15:40 +01:00
Naz
877fdc7bfe Published new versions
- @tryghost/api-version-compatibility-service@0.2.0
 - @tryghost/email-content-generator@0.1.1
 - @tryghost/limit-service@1.1.2
 - @tryghost/mw-api-version-mismatch@0.1.3
2022-05-05 17:57:44 +08:00
Naz
fc7e1c383e Added requestURL handling in version mismatch middleware
refs https://github.com/TryGhost/Toolbox/issues/292

- We need to pass this data so that emails include this bit of information
2022-05-05 17:56:18 +08:00
Naz
521ddc001c Added request url parameter to notification emails
refs https://github.com/TryGhost/Toolbox/issues/292

- Generic version mismatch notification emails contain request url which had to be parameterized to function properly.
2022-05-05 14:51:47 +08:00
Naz
b2f585e0d0 Added Zapier-specific email templates
refs https://github.com/TryGhost/Toolbox/issues/292

- When the handler recognizes a Zapier client it should send an email using Zapier-specific template with instructions more suitable for Zap failure
2022-05-05 12:43:55 +08:00
Naz
1a0a4272f3 Extracted template to be a separate variable
refs https://github.com/TryGhost/Toolbox/issues/292

- Nice to track the change history
2022-05-05 12:32:52 +08:00
Naz
6aeb27ce62 Renamed zapier test variables
refs https://github.com/TryGhost/Toolbox/issues/292

- Before adding Zapier specific feature cleaning up here for cleaner history
2022-05-05 12:24:32 +08:00