Commit Graph

38994 Commits

Author SHA1 Message Date
renovate[bot]
31ea0ba6a3 Update metascraper 2024-07-02 15:57:06 +00:00
Princi Vershwal
bec647412f
🐛 Fixed url decoding issue - URLs sent in emails containing a % can now be updated(#20518)
fixes https://linear.app/tryghost/issue/ENG-447/🐛-urls-sent-in-emails-containing-a-percent-can-not-be-updated

URLs were decoded before making a search query to the db. This is the reason the `%2F` character gets converted to  `/`. This decoding is not required.
2024-07-02 21:13:32 +05:30
Michael Barrett
b36c2356fc
Added custom redirects ReDoS validation (#20515)
refs
[ENG-709](https://linear.app/tryghost/issue/ENG-709/%F0%9F%90%9B-bad-redirects-causing-container-tear-down)

Added validation to prevent RegEx's susceptible to ReDoS from being used
with custom redirects. Also moved error details out of `context` and
into `errorDetails` to be consistent with error logging elsewhere as
well as fix issue in admin-x where blank screen would be shown when an
error occurred during redirects upload (due to logic not accounting for
`context` being an object)
2024-07-02 16:00:19 +01:00
Sanne de Vries
a046ee324e
Fix scroll on settings page for editor users (#20516)
REF DES-352
2024-07-02 14:37:56 +00:00
Steve Larson
fe31ee34e8
Revert "Improved performance in Admin Posts view (#20503)" (#20514)
ref https://linear.app/tryghost/issue/ONC-111

This reverts commit 3d9d552271.

This commit broke bulk post actions which we do not have tests for, so
we will need to address that as well as add tests.
2024-07-02 14:27:44 +00:00
Sanne de Vries
3618632129
Updated password updated successfully notification copy (#20512)
REF DES-540
2024-07-02 16:26:12 +02:00
Sag
92a84f77fd
Removed leftover .only on Admin unit tests (#20513)
no issue
2024-07-02 14:10:23 +00:00
Fabien 'egg' O'Carroll
a4107b8202
🐛 Fixed incorrect member subscription details in Admin (#20476)
fixes https://linear.app/tryghost/issue/ENG-642

- When a subscription is in the `canceled` state the corresponding
Member has no access to the Ghost site. The only time a Member will
continue to have access if their subscription is due to cancel at the
period end is if it is still in an active state, which is one of
`active` `trialing` `unpaid` or `past_due`
- When a subscription is canceled immediately (i.e. before the end of
the current billing period), we now render "Ended" without a date,
because we don't store the cancellation date in the subscription object.
We previously used "Ended {current_period_end}" which would sometimes
lead to dates in the future
- Bonus: refactored code and added unit tests

---------

Co-authored-by: Sag <guptazy@gmail.com>
2024-07-02 13:58:20 +00:00
Sanne de Vries
18719e2168
Updated password reset notification (#20510)
REF DES-540
2024-07-02 15:24:14 +02:00
Daniel Lockyer
23075b7bf8 Optimized aggregating member attribution statistics
- the existing code creates a new moment instance, takes away some days
  and then formats the result
- this is run for every entry of the member attribution stats, which
  means dashboards for big sites with a lot of attribution data become
  slow
- this value doesn't change across each iteration of the filter, so we
  can just extract it out and calculate it once
- this commit removes this code block from the flamegraph completely
2024-07-02 11:44:22 +02:00
Sodbileg Gansukh
04fdd2e29e
Display more useful error messages upon theme activation (#20509)
ref DES-75
2024-07-02 08:45:33 +00:00
Princi Vershwal
62aad6fd84
🐛 Fixed analytics sources to not be case sensitive (#20506)
fixes https://linear.app/tryghost/issue/ENG-925/analytics-sources-shouldnt-be-case-sensitive
2024-07-02 08:41:32 +00:00
Princi Vershwal
e6b1f8a8bf
Fixed analytics sources to not be case sensitive (#20506)
fixes
https://linear.app/tryghost/issue/ENG-925/analytics-sources-shouldnt-be-case-sensitive
2024-07-02 12:17:13 +05:30
renovate[bot]
9522ef8ca8 Update nest monorepo to v10.3.10 2024-07-02 08:31:07 +02:00
Daniel Lockyer
186c6f3c42 🐛 Fixed unexpected leave confirmation after Cmd+S on member profile
fix https://linear.app/tryghost/issue/ENG-779/%F0%9F%90%9B-cmds-does-not-save-member-profile-changes

- previously, pressing Cmd+S on a member profile would save the profile,
  but the dirty attributes weren't being cleaned, so the application
  would trigger the leave confirmation when exiting
- now, we've fixed the code to keep a dynamic scratch member,
- long term, we should get rid of the scratch model, but this still
  allows us to fix the bug for now
2024-07-02 08:30:53 +02:00
renovate[bot]
90033eff2d Update dependency @tryghost/kg-html-to-lexical to v1.1.6 2024-07-02 08:26:16 +02:00
Kevin Ansfield
2fd9116499
🐛 Fixed unwanted extra blank paragraphs when copy/pasting from Google Docs (#20505)
closes https://linear.app/tryghost/issue/ENG-1255

- updated Koenig packages including:
  - addition of `/preview` for public preview card
  - fix for HTML import from Google Docs
  - fix for embed thumbnails being cut off in email
  - fix for wide image card width on medium screens
- multiple fixes for unhandled (but non user-visible) errors causing noise in console and error logging
2024-07-01 21:14:07 +01:00
Steve Larson
3d9d552271
Improved performance in Admin Posts view (#20503)
ref https://linear.app/tryghost/issue/ONC-111
- changed posts fetching/display behavior to be client-side instead of server-side
- admin will issue (potentially multiple) requests based on the desired status(es)
- updated admin acceptance test for missing coverage

I've pulled the sort from the database query as this triple sort
performs very poorly at scale (taking ~4s+ past ~20k posts sometimes).
Instead, we now split up the fetch to grab only one status at a time and
use the front-end logic to handle displaying scheduled, then drafts,
then published. This should result in a much more responsive view.

We will separately change the default sort on the Admin API as that was the ultimate intent for this change.
2024-07-01 19:43:41 +00:00
Sag
7f963e9c2a
🎨 Added 'Changed email address' event to Member Activity (#20493)
fixes https://linear.app/tryghost/issue/ENG-1256

- when a member changes their email address, surface it in Member
Activity
2024-07-01 15:33:33 +00:00
Peter Zimon
fca8941740
Updated integration modals buttons (#20502)
DES-27

Updated buttons in integrations from [Cancel] and [Save & close] to
[Close] and [Save] to be consistent with the rest of the Settings UI.
2024-07-01 17:29:53 +02:00
Michael Barrett
c285b0a0f1
🔒 Added timestamp to webhook signature hash (#20500)
refs
[ENG-1238](https://linear.app/tryghost/issue/ENG-1238/🔒-webhook-signatures-dont-include-timestamp-in-the-signature)

Added timestamp to the webhook signature hash to prevent replay attacks.
This is
a breaking change for webhook consumers as signature verification logic
will need to be updated to account for the timestamp in the hash, for
example:

```js
const crypto = require('crypto');

// Webhook secret from Ghost Admin
const WEBHOOK_SECRET = 'FOOBARBAZ'

// Sample incoming webhook request object
const req = {
    headers: {
        'x-ghost-signature': 'sha256=fc9749d5b3333109bd779f65d4b1b891576bc5c92febea3b1d186a7f946d0745, t=1719842984367'
    },
    body: {
        tag: {
            current: {
                id: '6682b8a8e10cc04306284330',
                name: 'test',
                slug: 'test',
                description: null,
                feature_image: null,
                visibility: 'public',
                og_image: null,
                og_title: null,
                og_description: null,
                twitter_image: null,
                twitter_title: null,
                twitter_description: null,
                meta_title: null,
                meta_description: null,
                codeinjection_head: null,
                codeinjection_foot: null,
                canonical_url: null,
                accent_color: null,
                created_at: '2024-07-01T14:09:44.000Z',
                updated_at: '2024-07-01T14:09:44.000Z',
                url: 'http://localhost:2368/404/'
            },
            previous: {}
        }
    }
};

// Get the request body as a JSON string
const reqBodyJSON = JSON.stringify(req.body);

// Extract the hash and timestamp from the x-ghost-signature header
const {sha256: hash, t: timestamp} = req.headers['x-ghost-signature']
    .split(', ')
    .map((x) => x.split('='))
    .reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {})

// Recreate the hash using the secret, request body, and timestamp and compare it to the hash from the header
const isValid = crypto.createHmac('sha256', WEBHOOK_SECRET).update(`${reqBodyJSON}${timestamp}`).digest('hex') === hash

if (isValid) {
    console.log('Valid signature!')
}
```
2024-07-01 15:59:04 +01:00
Daniel Lockyer
fcb95ecc1a Switched faker to @faker-js/faker
- `faker` was the original dependency but the maintainer ended up
  deleting the repo, so development continued in `@faker-js/faker`
- we're already using that dependency, so we can make a few simple
  changes and remove the old dependency from our repo
2024-07-01 14:49:42 +02:00
Daniel Lockyer
60f37ed118 Fixed browser tests
refs 6378d7d66f

- the buttons have been renamed and split apart into separate ones
2024-07-01 14:49:20 +02:00
Daniël van der Winden
09f2ccfca4
Updated copy for default recipients hint (#20496)
Fixes
https://linear.app/tryghost/issue/DES-179/inappropriate-copy-in-default-recipient-settings

The hint for _default recipients_ referenced the wrong setting. It now
reflects the right one.
2024-07-01 14:14:38 +02:00
Daniel Lockyer
a146709c16 Cleaned up unused core dependencies
- analytics-node usage was removed a while back
- juice is used by a different package now
2024-07-01 13:56:31 +02:00
Peter Zimon
6378d7d66f
Unify "Save" and "Close" buttons in Settings (#20430)
DES-27

There are two patterns used in settings modals for action buttons:

1. [Cancel] and [Save & close] (sometimes it's [Cancel] and [OK],
inconsistently) — example: Staff details, Tier details, Navigation,
Recommendation
2. [Close] and [Save] — example: Design settings, Portal, Newsletter
details etc.

This is confusing and leaves people confused and uncertain about what's
going to happen in one or the other case.
2024-07-01 13:35:38 +02:00
Sanne de Vries
95a4895e8f
Center aligned feature image in email template (#20491)
REF DES-380
- Center aligned feature image in email template
- Updated feature image css in editor to better display image overlay
and improve caption spacing
2024-07-01 08:43:26 +00:00
Daniel Lockyer
5f36bef451 Changed "commented" link in member feed to redirect to post
fix https://linear.app/tryghost/issue/ENG-1217/activity-log-link-for-comments-goes-to-wrong-place

- the post analytics page does not contain any comments, so it's not the
  most intuitive location to point the user. Instead, we can send them
  to the frontend of the post, where they can view comments
2024-07-01 10:15:46 +02:00
Daniel Lockyer
fa430666bf 🐛 Fixed staff user modal not showing correct example URL
fix https://linear.app/tryghost/issue/ENG-928/regression-author-url-slug-preview-broken

- simple change to append the slug to the end of the example hint
- also added test
2024-07-01 10:03:22 +02:00
renovate[bot]
f561f362f4 Update dependency postcss to v8.4.39 2024-07-01 07:28:24 +02:00
renovate[bot]
41d8240d50 Update dependency mysql2 to v3.10.2 2024-07-01 02:07:18 +00:00
Ghost CI
0d60c74957 v5.87.0 2024-06-28 16:27:27 +00:00
Sag
5dfee47fca
🐛 Fixed default recipients setting not showing label filters (#20480)
fixes https://linear.app/tryghost/issue/SLO-171

- problem: when the Default Recipient setting is set to "Specific
people" and is filtered by a label, we were not able to render the label
correctly
- cause: during the rendering, we look for labels by `id`, but they're
stored by `slug` in the database setting
`editor_default_email_recipients_filter`
- solution: allow to look by the relevant key, by introducing a
programmatic `key` to search for

Before the fix:
https://github.com/TryGhost/Ghost/assets/6225080/aed5fc31-6409-4986-aafe-557073c7f355


After the fix:
https://github.com/TryGhost/Ghost/assets/6225080/f35b2607-5f22-42be-b1bb-92f35ccc9ab7
2024-06-27 17:47:26 +02:00
Daniel Lockyer
34b903a12b Added browser autoplay error to Sentry ignore list
fix https://linear.app/tryghost/issue/SLO-179/notallowederror-the-request-is-not-allowed-by-the-user-agent-or-the

- this adds another browser error to the Sentry ignore list, as we don't
  have control over it, and it doesn't affect the user
2024-06-27 15:33:35 +02:00
renovate[bot]
430a2ca383 Update dependency testem to v3.15.0 2024-06-27 14:06:48 +02:00
Princi Vershwal
7bffe5b79a
Added option param to skip distinct from count query for members API
ref https://linear.app/tryghost/issue/SLO-173/removed-distinct-from-member-count-query

Performance of GET /members API can be improved by dropping the distinct from the total members count query.

select count(distinct members.id) as aggregate from `members`; // 275ms
select count(*) as aggregate from `members`; // 30ms

In this case we know that the result set will always be unique.
2024-06-27 17:35:19 +05:30
Daniel Lockyer
f9a6610823 Added AbortError to list of excluded errors
fix https://linear.app/tryghost/issue/SLO-175/error-aborterror-the-operation-was-aborted

- this error can occur when a user's browser navigates away mid-request,
  which causes the request to be aborted. However, we don't control
  this, nor do we particularly care, so we can just ignore it
2024-06-27 11:58:02 +02:00
Daniel Lockyer
ad77cec008 Removed unused type field
- this is no longer used and causes a React warning because we end up
  passing it to a textarea
2024-06-27 10:34:04 +02:00
Michael Barrett
ecf52d4685
Removed request queue enablement flag (#20466)
refs
[CFR-26](https://linear.app/tryghost/issue/CFR-26/remove-request-queue-config-flag)

Removed request queue enablement flag and updated the logic so that the
request queue is enabled when there is explicit configuration for it.
2024-06-27 09:30:07 +01:00
Daniel Lockyer
aa0110c842 Adjusted Sentry ignore list to cover more browser play errors
fix https://linear.app/tryghost/issue/SLO-172/error-aborterror-the-play-request-was-interrupted-because-the-media

- there are a few error messages we can ignore here, as browsers output
  slightly different messages for various types of these errors, which
  don't affect the user
2024-06-27 08:59:58 +02:00
Fabien 'egg' O'Carroll
0cf3d4d3d5
Updated ActivityPub API root path (#20471)
ref https://linear.app/tryghost/issue/MOM-201

We will be proxying to `/.ghost/activitypub` rather than just
`/activitypub`
2024-06-27 11:27:25 +07:00
Steve Larson
2e593ebcee
Improved performance fetching posts (#20460)
ref https://linear.app/tryghost/issue/ONC-111
- added composite index to posts_tags for post_id,tag_id for faster
lookup
- added composite index to posts for updated_at; this is commonly used
by get helpers on the front end to display data like the latest posts

In testing, this provided a very dramatic improvement for simple get
helper requests like 'filter="id:-{{post.id}}+tag:sampleTag" limit="3"'
which are by default sorted by updated_at desc. I'm not entirely clear
why when sorting by published_at we do not need a composite index - so
far it doesn't seem to be necessary. This should cover the primary cases
for get helpers - the latest posts with a given tag or set of tags.
2024-06-26 16:29:02 -05:00
renovate[bot]
dfc27b02c8
Update Koenig packages (#20453)
closes https://linear.app/tryghost/issue/MOM-247

- includes a few fixes for errors we've seen in our reporting
2024-06-26 14:48:17 +01:00
Daniel Lockyer
f250898a3b Optimized stats aggregation code for Admin dashboard
fix https://linear.app/tryghost/issue/SLO-168/rangeerror-maximum-call-stack-size-exceeded

- this code takes the API output and reduces it down to collect together
  stats per date
- the current code is recursive, and we've seen errors with the
  recursion hitting a `RangeError: Maximum call stack size exceeded`
  error
- as well as that, we're doing a lot of array concat'ing and cloning,
  which burns memory and CPU time
- instead, we can just use `.reduce`
- the new implementation is much faster than the existing one (1ms vs
  85ms) and uses no recursion, so those errors should go away
- I've also verified that the output is the same between the two
  functions
2024-06-26 15:46:39 +02:00
Daniel Lockyer
43bb83f7bb Extracted stats aggregation function to util
ref https://linear.app/tryghost/issue/SLO-168/rangeerror-maximum-call-stack-size-exceeded

- this extracts a function to a util so we can unit test it
- this function is about to be optimized but having unit tests allows us
  to make the change with confidence
2024-06-26 15:46:39 +02:00
Daniel Lockyer
019f417c7d Moved error exclusion to correct place
- adding it to ignoreErrors is better than beforeSend because it's built
  for this purpose and we've just looking at the error message
2024-06-26 12:43:55 +02:00
Daniel Lockyer
dd39576de0 Added more errors to Sentry exclusion list
fix https://linear.app/tryghost/issue/SLO-165/add-more-errors-to-allowlist

- we don't want to capture Sentry errors for these because they are out
  of our control (like the user's internet connection dropping out)
2024-06-26 12:43:55 +02:00
Sanne de Vries
e34c36007e
Updated frontend styles for bookmark card (#20468)
REF DES-263
- Added default white background color and sans-serif font to bookmark
card
2024-06-26 12:02:25 +02:00
Daniel Lockyer
5f5293cf6d Excluded errors caused by browser power-saving settings
fix https://linear.app/tryghost/issue/SLO-164/error-aborterror-the-play-request-was-interrupted-because-video-only

- in the case that the browser has power-saving settings enabled, we get
  an error in Sentry
- this error does not affect the user experience, so it should be safe
  to ignore
- this adds an exclusion to Sentry to ignore these errors
2024-06-26 11:49:42 +02:00
Daniel Lockyer
6c07b1cff9 Fixed TypeError when editor is focussed when not loaded
fix https://linear.app/tryghost/issue/SLO-162/typeerror-thiseditorapi-is-null

- if the editor does not load for some reason (network issue), and the
  editor area is clicked, we throw an error because we don't protect
  against a null `editorAPI`
- this adds that check
2024-06-26 11:49:42 +02:00