Commit Graph

20011 Commits

Author SHA1 Message Date
Fabien O'Carroll
99bfa30f81 Added Content-Type Header to actor & outbox endpoints
ref https://linear.app/tryghost/issue/MOM-25

This is the correct Content-Type and whilst not required, better in than out
2024-04-22 11:18:03 +07:00
Fabien O'Carroll
8542766094 Updated Actor key id to use Actor URL with fragment
ref https://linear.app/tryghost/issue/MOM-25

This matches the way that mastodon handles the key url and may be the reason
these documents are incompatible. This also removes the `username` key as that
isn't used anywhere, instead we have a username property which is rendered as
the ActivityPub compat preferredUsername key.
2024-04-22 11:18:03 +07:00
renovate[bot]
e4ffc7b8c0 Update dependency mysql2 to v3.9.7 2024-04-22 01:37:24 +00:00
renovate[bot]
69372d9018 Update dependency @sentry/profiling-node to v7.111.0 2024-04-19 16:56:32 +00:00
renovate[bot]
7fea4151d8 Update dependency @sentry/profiling-node to v7 2024-04-19 18:43:59 +02:00
Ghost CI
cb838c4bb6 v5.82.3 2024-04-19 16:04:16 +00:00
renovate[bot]
b24ad1ccc6 Update nest monorepo to v10.3.8 2024-04-19 15:05:38 +02:00
renovate[bot]
80fe672525 Update sentry-javascript monorepo to v7.111.0 2024-04-19 08:54:26 +02:00
Daniel Lockyer
f31814c804 Updated mysql2 dependency
refs #20050

- Renovate seems to be unable to bump the package past the security
  release, but unfortunately this release contains a breaking bug
- this commit manually bumps the package so we can get things flowing
  again
- the security release doesn't really affect us, but we should still try
  and keep on the latest
2024-04-19 08:48:24 +02:00
Kevin Ansfield
7132619115
Fixed internal linking not correctly filtering to published-only (#20054)
no issue

- updated search to add `status` to the search results
- added filtering to the editor's `searchLinks()` method
- prevented TaskCancellation errors being thrown from the search task being cast to a Promise
2024-04-18 17:18:37 +00:00
Chris Raible
a10b13916a
🐛 Fixed admin error when deleting an unsaved or imported post (#20053)
ref
https://linear.app/tryghost/issue/ENG-845/error-attempted-to-set-lexical-on-the-deleted-record
ref
[https://linear.app/tryghost/issue/ENG-854/🐛-deleting-imported-posts-makes-ghost-unresponsive](https://linear.app/tryghost/issue/ENG-854/%F0%9F%90%9B-deleting-imported-posts-makes-ghost-unresponsive)

- When deleting a post in the editor's Post Settings Menu, if the post
has unsaved changes (indicated by the hasDirtyAttributes property in the
editor), Admin will crash because it tries to save a post revision
before leaving the editor, but the post has already been deleted so
saving fails.
- This can occur when editing a post and quickly deleting it from the
Post Settings Menu before saving is completed.
- It can also occur when attempting to delete an imported post, as the
editor will parse the lexical from the server and may make some minor,
invisible-to-the-user changes to the lexical string locally (e.g. JSON
formatting, or updating the JSON to use extended version of base lexical
nodes), which triggers the same error.
- This fix bypasses the attempt to save a post revision when leaving the
editor if the post is already deleted, which allows the transition back
to the Posts route to succeed.
2024-04-18 10:02:02 -07:00
Kevin Ansfield
182fa62759
Bumped Koenig packages (#20047)
closes https://linear.app/tryghost/issue/MOM-39/

- fixes clicking on search results in internal linking PoC
- adds support for Node 20
2024-04-18 14:58:01 +00:00
Daniel Lockyer
10e81aeed8
ℹ️ Added support for Node 20
ref https://linear.app/tryghost/issue/ENG-765/add-support-for-node-20

- this adds support for Node 20 to Ghost and CI, as Node 20 is an LTS
  version and we should pick it up
2024-04-18 13:17:21 +02:00
Daniel Lockyer
8e0ad1a6fb
Fixed test on Node 20
refs f39d1d3aa3

- similar to the commit above, the JSON parser changed between Node 18
  and Node 20, so the error message changed too
- we actually just want to check the error is forwarded to the user, so
  we can do that by getting the error message from JSON.parse and check
  against that
2024-04-18 13:17:16 +02:00
Kevin Ansfield
96adb0a5d8
Wired up bookmark card internal linking proof of concept (#20044)
closes https://linear.app/tryghost/issue/MOM-1/

- added `feature.internalLinking` and `searchLinks` properties to the `cardConfig` object passed to the editor
- `searchLinks()` uses Admin's internal search to fetch and filter results
  - called with no search term to obtain default links to show as soon as the bookmark card is inserted, in our case we show the last 5 published posts. Result is cached for the duration of the editing session to avoid API queries/loading state after the first fetch
  - flattens search results for now because Koenig doesn't yet support grouped results
- bumps version of `@tryghost/koenig-lexical` to support the feature flag
2024-04-18 11:16:19 +00:00
renovate[bot]
ef6f79c272 Update dependency gscan to v4.43.0 2024-04-18 12:48:42 +02:00
Fabien O'Carroll
9e98be9268 Disabled caching for ActivityPub & WebFinger
ref https://linear.app/tryghost/issue/MOM-25

Whilst we're experimenting it's gonna be easier to not have to think about
caching affecting things. We'll disable it completely for now, and then decide
on a caching strategy that suits us down the line.
2024-04-18 17:40:44 +07:00
Fabien O'Carroll
e346423db2 Added missing JSON-LD context for publicKey definition
ref https://linear.app/tryghost/issue/MOM-25

This _might_ be the reason that Mastodon doesn't recognise our Actor, but
either way it's the correct thing to do so that JSON-LD parsers correctly
understand that publicKey field
2024-04-18 16:48:09 +07:00
Fabien O'Carroll
55d05f0476 Used path instead of query params for ActivityPub API
ref https://linear.app/tryghost/issue/MOM-25

This makes it easier to work with on the frontend, as we don't need to
whitelist query params for Ghost(Pro)
2024-04-18 14:54:57 +07:00
Fabien O'Carroll
d34884fc6d Moved ActivityPub API to frontend URL
ref https://linear.app/tryghost/issue/MOM-48

This required some structural changes to our NestJS setup so that we can mount
it on multiple parts of the Ghost express app.

We've used the RouterModule to allow adding submodules that are mounted on
different paths, and we've had to be explicit about the base path for each
module. We've also had to switch back to using the Module decorator, because
RouterModule doesn't work with DynamicModule definitions.

Now that the NestJS app has knowledge of the full path, we need to "reset" the
url & baseUrl when passing the request into NestJS so that it can correctly
match the path. This is probably needed for the frontend too, for subdirs, but
that causes further issues - as this in prototype stage, we'll look later

Another issue is that NestJS replaces the express app instance with its own,
which isn't an issue for the Admin API (though we've fixed it anyway for
consistency), but did cause problems for the frontend, because the express app
is where view engine and directory information is stored.

The fix for this is to save a reference to the original ghost express
application, and reattach it to the request if it is not handled by Nest

Now that we have the Nest app mounted on the frontend, we're able to have it
handle the /.well-known/webfinger route with a proper controller, which is nice!
2024-04-18 13:26:24 +07:00
Fabien O'Carroll
c51a434f64 Added initial support for Outbox to Actors
ref https://linear.app/tryghost/issue/MOM-32

This adds the basic building blocks for an Outbox for an Actor, currently it's
hardcoded - which'll let us at lest test integration with other platforms.

JSONLDService is an awful name, but it's late and this is a prototype.
2024-04-17 20:30:40 +07:00
Fabien O'Carroll
1d1c33db1e Simplified URL creation for Actor JSON-LD
no-issue

This makes the code easier to understand and maintain, and reduces the overhead
of converting to/from a Map. It also changes the URLs and makes them path based
2024-04-17 20:30:40 +07:00
Fabien O'Carroll
7a2e66708c Added support for Anon role in permissions
no-issue

This lets us have an unauthed endpoint for reading the outbox, long term we'll
probably wanna have this on the frontend URL but we don't have NestJS wired up
there yet.
2024-04-17 20:30:40 +07:00
Fabien O'Carroll
885dc537d5 Added initial support for /.well-known/webfinger
ref https://linear.app/tryghost/issue/MOM-26
ref https://linear.app/tryghost/issue/MOM-27
ref https://webfinger.net/spec/

WebFinger is the protocol which allows different ActivityPub implementers to
find information about Actors, it's kinda like the entrypoint.

Given a username like @user@site.com, we can look up the URL for the Actor at

   https://website.com/.well-known/webfinger?resource=acct:user@site.com

This would then give us the info needed to discover the Actor's Inbox & Outbox
2024-04-17 16:12:57 +07:00
Fabien O'Carroll
842098bd36 Switched to DynamicModule for AdminAPIModule
no-issue

This is consistent with our main NestJS Module and allows the values to be
introspected by other code, rather than be stored internaly in decorator
metadata, which makes it easier to debug.
2024-04-17 16:12:57 +07:00
Fabien O'Carroll
936e8fe8f8 Fixed type of id for base entity
no-issue

This needs to be cast to ObjectID so TS doesn't think it can be undefined
2024-04-17 16:12:57 +07:00
Fabien O'Carroll
ffbf2680ef Enabled Nest when ActivityPub flag is set
ref MOM-31
ref https://linear.app/tryghost/issue/MOM-31

We'll be building a lot of the new code for ActivityPub in Nest, so we'll need
to have it enabled in Ghost to work.
2024-04-17 14:00:07 +07:00
Fabien O'Carroll
0fb290a841 Added Feature Flag for ActivityPub
ref MOM-31
ref https://linear.app/tryghost/issue/MOM-31

Ronseal - let's goooooooo
2024-04-17 14:00:07 +07:00
Sodbileg Gansukh
7d42d1473e
Improved long label handling (#20029)
ref DES-205

- label name is now used as the title on label pills instead of static
text
- label names will now be truncated when it takes more than 2 lines
instead of 1
2024-04-17 05:02:21 +00:00
Kevin Ansfield
9213274a6b
🎨 Changed TK reminders to be case-insensitive (#20024)
closes https://linear.app/tryghost/issue/MOM-11

- updated Koenig packages to allow `tk`, `Tk`, and `tK` to be recognised as a TK reminder
2024-04-16 12:04:17 +00:00
renovate[bot]
96d0883928
🐛 Fixed file card button not being linked in emails (#20023)
ref https://linear.app/tryghost/issue/DES-202/

- bumped Koenig packages to include fix for incorrectly wrapped download image link in email rendering of file card
2024-04-16 10:37:28 +00:00
renovate[bot]
2af9c04477 Update CSS preprocessors 2024-04-16 09:44:36 +02:00
renovate[bot]
0802b9533c Update dependency semver to v7.6.0 2024-04-16 09:41:01 +02:00
Nicholas Mizoguchi
d6b7ebb517
Enforced more Mocha lint rules (#19720)
ref https://github.com/TryGhost/Ghost/issues/11038

1. Enforced lint rule
**[ghost/mocha/no-identical-title](https://github.com/lo1tuma/eslint-plugin-mocha/blob/main/docs/rules/no-identical-title.md)**
- Fixed relevant tests
2. Enforced lint rule
**[ghost/mocha/max-top-level-suites](https://github.com/lo1tuma/eslint-plugin-mocha/blob/main/docs/rules/max-top-level-suites.md)**
- No required fixes, as tests are compliant already

#### Additional details
Specifically for `ghost/mocha/no-identical-title` most fixes were simple
test description updates. Added comments to aid the PR review for the
ones that had relevant changes, and might require more attention. They
are as follows:
*
[e2e-api/admin/invites.test.js](https://github.com/TryGhost/Ghost/pull/19720#discussion_r1496397548):
Removed duplicated test (exact same code on both);
*
[e2e-api/admin/members.test.js](https://github.com/TryGhost/Ghost/pull/19720#discussion_r1496399107):
From the[ PR this was
introduced](73466c1c40 (diff-4dbc7e96e356428561085147e00e9acb5c71b58d4c1bd3d9fc9ac30e77c45be0L236-L237))
seems like author based his test on an existing one but possibly forgot
to rename it;
*
[unit/api/canary/utils/serializers/input/pages.test.js](https://github.com/TryGhost/Ghost/pull/19720#discussion_r1496400143):
The [page filter](https://github.com/TryGhost/Ghost/pull/14829/files)
was removed, so changed the description accordingly;
*
[unit/api/canary/utils/serializers/input/posts.test.js](https://github.com/TryGhost/Ghost/pull/19720#discussion_r1496400329):
The [page filter](https://github.com/TryGhost/Ghost/pull/14829/files)
was removed, so changed the description accordingly;
*
[unit/frontend/services/rendering/templates.test.js](https://github.com/TryGhost/Ghost/pull/19720#discussion_r1496402430):
Removed duplicated test
*
[unit/server/models/post.test.js](https://github.com/TryGhost/Ghost/pull/19720#discussion_r1496403529):
the change in [this
PR](https://github.com/TryGhost/Ghost/pull/14586/files#diff-c351cb589adefbb886570cfadb33b33eb8fdc12bde1024d1188cd18c165fc5e8L1010)
made three tests here mostly the same. Deduplicated them and kept only
one.
2024-04-16 09:37:06 +02:00
renovate[bot]
8e8250a332 Update dependency testem to v3.13.0 2024-04-16 09:24:20 +02:00
renovate[bot]
dd76bf2693 Update dependency terser to v5.30.3 2024-04-16 07:24:10 +00:00
Laurent Goderre
c2485af853
Updated metascraper/author dependency to fix arm32 installation (#19401)
Installing on arm32 (and perhaps arm64) on Alpine Linux architecture
fails due to re2 a dependency of metascraper.

References:
https://github.com/microlinkhq/metascraper/pull/681
https://github.com/docker-library/ghost/issues/400
2024-04-16 09:22:54 +02:00
renovate[bot]
39a9a9bfd8 Update sentry-javascript monorepo to v7.110.1 2024-04-16 09:09:22 +02:00
renovate[bot]
e7bb7a47ed Update dependency typescript to v5.4.5 2024-04-16 09:08:58 +02:00
renovate[bot]
0c119e2464 Update dependency typescript to v5.4.4 2024-04-15 09:47:55 +02:00
renovate[bot]
b008c00feb Update sentry-javascript monorepo to v7.110.0 2024-04-15 09:47:44 +02:00
renovate[bot]
f6f9f8cd79 Update dependency i18next to v23.11.2 2024-04-15 01:16:18 +00:00
Ghost CI
ff03b2eedb v5.82.2 2024-04-15 01:06:07 +00:00
Ghost CI
bc0496e5d3 🎨 Updated Source to v1.2.2 2024-04-15 01:06:06 +00:00
Ghost CI
5e6cc0d746 🎨 Updated Casper to v5.7.2 2024-04-15 01:06:06 +00:00
Kevin Ansfield
d6e599dab3
Generalised Admin search for use in editor (#20011)
ref https://linear.app/tryghost/issue/MOM-1

- renamed `searchable` to `groupName` so it better matches usage and avoids leaking internal naming to external clients
- added `url` to the fetched data for each data type as the editor will want to use front-end URLs in content
- added acceptance tests to help avoid regressions as we further generalise/optimise the search behaviour
2024-04-11 14:01:39 +00:00
Hannah Wolfe
145a184967 Added logging to RSS cache
- The RSS cache has lived for a really long time, but I'm not sure it's useful
- Want to be able to determine if it gets used much, and if not, then we can remove it
2024-04-11 10:33:53 +01:00
Michael Barrett
9e78412268
Added queue depth to requests (#19987)
refs
[CFR-14](https://linear.app/tryghost/issue/CFR-14/ensure-queue-depth-is-always-set-on-req)

Added queue depth to any request that passes through the request queue
middleware instead of only adding it to the request if it is queued.
This makes it easier to report on the queue depth within Elastic.
2024-04-11 09:24:04 +01:00
Kevin Ansfield
a788a9673c
Extracted Admin's search behaviour from component to service (#20008)
ref https://linear.app/tryghost/issue/MOM-1

- pre-requisite to exposing the search behaviour to the editor for internal linking
2024-04-10 11:44:24 +00:00
Kevin Ansfield
ebd36f2503
Added internalLinking labs flag (#20006)
ref https://linear.app/tryghost/issue/MOM-1
2024-04-10 12:13:37 +01:00
Kevin Ansfield
0cb0e7109a
Refreshed Admin .lint-todo file (#20007)
no issue

- bumped todos for 120 days
2024-04-10 10:45:59 +00:00
renovate[bot]
5eab1e1ed6 Update dependency i18next to v23.11.1 2024-04-09 18:49:21 +00:00
Daniël van der Winden
c692c1b634
Updated paywall CTA text (#20004)
fixes DES-164
2024-04-09 14:53:51 +00:00
renovate[bot]
f4cb488d04 Update dependency i18next to v23.11.0 2024-04-08 17:03:58 +00:00
Ghost CI
f046442bd8 v5.82.1 2024-04-08 14:42:52 +00:00
Kevin Ansfield
5c05ebe6cb
Fixed browser tests broken by onboarding changes (#19998)
ref 78311591d0

- updated tests to not click a button on the setup/done screen that is no longer shown
- fixed setup flow showing an alert bar due to not handling the `TransitionAborted` error that is thrown by the setup/done->dashboard redirect
2024-04-08 15:15:04 +01:00
Kevin Ansfield
78311591d0
🎨 Improved post-setup onboarding flow (#19996)
ref https://linear.app/tryghost/issue/IPC-66/onboarding-checklist-v1

- replaced the setup/done screen with a new onboarding checklist shown on the dashboard
2024-04-08 13:03:41 +01:00
Daniël van der Winden
c1321f8b84
Onboarding mobile improvements (#19997)
fixes IPC-142
2024-04-08 11:55:30 +00:00
Djordje Vlaisavljevic
3d4c4d4848 Fixed "skip onboarding" button position on smaller screens
fixes https://linear.app/tryghost/issue/IPC-141/mobile-style-bug-for-skip-onboarding-button
2024-04-08 09:55:43 +01:00
Ghost CI
b6195d204c v5.82.0 2024-04-05 16:05:12 +00:00
Chris Raible
01d0b2b304
Added new member signup flow behind labs flag (#19986)
ref https://linear.app/tryghost/issue/KTLO-1/members-spam-signups

- Some customers are seeing many spammy signups ("hundreds a day") — our
hypothesis is that bots and/or email link checkers are able to signup by
simply following the link in the email without even loading the page in
a browser.
- Currently new members signup by clicking a magic link in an email,
which is a simple GET request. When the user (or a bot) clicks that link, Ghost
creates the member and signs them in for the first time.
- This change, behind an alpha flag, requires a new member to click the
link in the email, which takes them to a new frontend route `/confirm_signup/`, then submit a form on the page which sends a POST request to the
server. If JavaScript is enabled, the form will be submitted
automatically so the only change to the user is an extra flash/redirect
before being signed in and redirected to the homepage.
- This change is behind the alpha flag `membersSpamPrevention` so we can
test it out on a few customer's sites and see if it helps reduce the
spam signups. With the flag off, the signup flow remains the same as
before.
2024-04-04 15:25:41 -07:00
Fabien O'Carroll
a262a64eea Moved additional payment methods into beta
ref ENG-812
ref https://linear.app/tryghost/issue/ENG-812

We want to roll this out as a beta feature
2024-04-04 23:54:01 +07:00
Fabien O'Carroll
c1b72b3997 Wired up additional payment types with labs flag
ref ENG-812
ref https://linear.app/tryghost/issue/ENG-812
2024-04-04 23:13:10 +07:00
Fabien O'Carroll
781599de62 Added a feature flag for additional payment methods
ref ENG-812
ref https://linear.app/tryghost/issue/ENG-812
2024-04-04 23:13:10 +07:00
Fabien O'Carroll
1d13a9c549 Refactored payment methods into shared global
ref ENG-812
ref https://linear.app/tryghost/issue/ENG-812

This will make it easier to switch to long term
2024-04-04 23:13:10 +07:00
Djordje Vlaisavljevic
7107b092fd Made Ghost logo background in dark mode match the admin background
close https://linear.app/tryghost/issue/IPC-140/ghost-logo-in-dark-mode-doesnt-perfectly-match-the-background
2024-04-04 12:13:33 +01:00
Daniel Ordóñez
0f0cdfdcd4
feat(spanish): Update spanish support comments.json (#19964)
Got some code for us? Awesome 🎊!

Please include a description of your change & check your PR against this
list, thanks!

- [x] There's a clear use-case for this code change, explained below
- [x] Commit message has a short title & references relevant issues
- [x] The build will pass (run `yarn test:all` and `yarn lint`)

We appreciate your contribution!

Explanation: There are some missing accents in:


4c598a1e6d/ghost/i18n/locales/es/comments.json (L18-L19)

And


4c598a1e6d/ghost/i18n/locales/es/comments.json (L37)

Specifically in: Conviertete, Se. So instead of including accents I just
used simpler words so it sounds as a more natural translation, I have
already translated my whole newsletter https://crecimientoconsciente.co/
to Spanish I'm just finishing some wording details.

Also if you could please give a check to this
[comment](https://github.com/TryGhost/Ghost/issues/16628#issuecomment-1990569446)
in milestone 3 of translations for official support in email paywall
cta.

Co-authored-by: Ryan Feigenbaum <48868107+royalfig@users.noreply.github.com>
2024-04-03 15:52:15 -04:00
Taro Sato
53b37d6424
Add Japanese translation of comment resources (#19941)
This PR adds Japanese translation to the comment resources
(ghost/i18n/locales/ja/comments.json). Currently, all of them are empty
and Japanese translations are not supplied.

The PR also adds Japanese translations to a few missing phrases in the
portal language resources (ghost/i18n/locales/ja/portal.json).

---------

Co-authored-by: Ryan Feigenbaum <48868107+royalfig@users.noreply.github.com>
2024-04-03 15:51:48 -04:00
Amir
f6635e2306
Added: Persian Locale (#19932)
This PR will add Persian language locale (fa/fa_IR) for Ghost

- [x] The build will pass (run `yarn test:all` and `yarn lint`)

---------

Co-authored-by: Ryan Feigenbaum <48868107+royalfig@users.noreply.github.com>
2024-04-03 15:51:12 -04:00
Fabien O'Carroll
0bd4a800a5 Fixed error message for custom theme settings
ref ENG-809
ref https://linear.app/tryghost/issue/ENG-809

This includes the fix to the error message from gscan
2024-04-04 01:39:30 +07:00
Ryan Feigenbaum
5aa792c236
Add IDs for metrics (#19981)
REF:
https://linear.app/tryghost/issue/IPC-139/ensure-buttons-have-ids-for-posthog
- Added IDs to facilitate measurement in PH.
2024-04-03 14:35:18 -04:00
Daniël van der Winden
c384b79d33
Removed a word from an onboarding step (#19980)
Deleted "own" in "craft a look that reflects your own brand and style."
2024-04-03 17:03:53 +00:00
Kevin Ansfield
d5a9731845
Fixed email_recipients indexes to match query usage (#19918)
closes https://linear.app/tryghost/issue/ENG-791/migration-to-fix-email-recipients-indexes

Our indexes over single columns (`delivered_at`, `opened_at`, `failed_at`) were ineffective because the only time we query those is alongside `email_id` meaning we were frequently performing full table scans on very large tables during our email analytics jobs.

- added migration to add new indexes covering `email_id` and the respective columns
- added migration to drop the old indexes that weren't being used in any query plans

Local runtime with ~2M email_recipient rows:
- before: 1.7s
- after: 99ms

Explain output...

before:
```
+----+-------------+------------------+------------+-------+----------------------------------------------------------------------------------+----------------------------------------------+---------+-------+--------+----------+------------------------------------+
| id | select_type | table            | partitions | type  | possible_keys                                                                    | key                                          | key_len | ref   | rows   | filtered | Extra                              |
+----+-------------+------------------+------------+-------+----------------------------------------------------------------------------------+----------------------------------------------+---------+-------+--------+----------+------------------------------------+
|  1 | UPDATE      | emails           | NULL       | index | NULL                                                                             | PRIMARY                                      | 98      | NULL  |      1 |   100.00 | Using where                        |
|  4 | SUBQUERY    | email_recipients | NULL       | range | email_recipients_email_id_member_email_index,email_recipients_failed_at_index    | email_recipients_failed_at_index             | 6       | NULL  |   2343 |     7.76 | Using index condition; Using where |
|  3 | SUBQUERY    | email_recipients | NULL       | ref   | email_recipients_email_id_member_email_index,email_recipients_opened_at_index    | email_recipients_email_id_member_email_index | 98      | const | 159126 |    50.00 | Using where                        |
|  2 | SUBQUERY    | email_recipients | NULL       | ref   | email_recipients_email_id_member_email_index,email_recipients_delivered_at_index | email_recipients_email_id_member_email_index | 98      | const | 159126 |    50.00 | Using where                        |
+----+-------------+------------------+------------+-------+----------------------------------------------------------------------------------+----------------------------------------------+---------+-------+--------+----------+------------------------------------+
```

after:
```
+----+-------------+------------------+------------+-------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------+---------+------+--------+----------+--------------------------+
| id | select_type | table            | partitions | type  | possible_keys                                                                                                                                                                 | key                                          | key_len | ref  | rows   | filtered | Extra                    |
+----+-------------+------------------+------------+-------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------+---------+------+--------+----------+--------------------------+
|  1 | UPDATE      | emails           | NULL       | index | NULL                                                                                                                                                                          | PRIMARY                                      | 98      | NULL |      1 |   100.00 | Using where;             |
|  4 | SUBQUERY    | email_recipients | NULL       | range | email_recipients_email_id_member_email_index,email_recipients_email_id_delivered_at_index,email_recipients_email_id_opened_at_index,email_recipients_email_id_failed_at_index | email_recipients_email_id_failed_at_index    | 104     | NULL |     60 |   100.00 | Using where; Using index |
|  3 | SUBQUERY    | email_recipients | NULL       | range | email_recipients_email_id_member_email_index,email_recipients_email_id_delivered_at_index,email_recipients_email_id_opened_at_index,email_recipients_email_id_failed_at_index | email_recipients_email_id_opened_at_index    | 104     | NULL | 119496 |   100.00 | Using where; Using index |
|  2 | SUBQUERY    | email_recipients | NULL       | range | email_recipients_email_id_member_email_index,email_recipients_email_id_delivered_at_index,email_recipients_email_id_opened_at_index,email_recipients_email_id_failed_at_index | email_recipients_email_id_delivered_at_index | 104     | NULL | 146030 |   100.00 | Using where; Using index |
+----+-------------+------------------+------------+-------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------+---------+------+--------+----------+--------------------------+
```
2024-04-03 17:52:52 +01:00
Kevin Ansfield
2a119cc4a4
Removed confirmation modal when dismissing onboarding (#19979)
closes https://linear.app/tryghost/issue/IPC-138/skip-onboarding-confirmation

- removed confirmation modal
- changed button to directly call the dismiss action on the onboarding service
2024-04-03 16:46:38 +00:00
Kevin Ansfield
bd93bf0dea Optimised email stats aggregation query for typical column usage
ref https://linear.app/tryghost/issue/ENG-790/remove-use-of-sub-queries-in-email-analytics

- the `delivered_at` column is typically entirely/nearly entirely filled with values meaning the `IS NOT NULL` query matches a huge number of rows that MySQL has to fetch from the index to count
- using `IS NULL` switches that behaviour around as it will now match very few rows which has been shown in testing to be considerably quicker
- after switching to `IS NULL` the query returns an "undelivered" count rather than a "delivered" count, in order to keep the rest of the system behaviour the same we can calculate the delivered count by subtracting the query result from the total number of emails sent which we can fetch using a very fast primary key lookup query on the `emails` table
2024-04-03 16:27:23 +01:00
Kevin Ansfield
4f5a7b420e Removed use of subqueries in email analytics queries
closes https://linear.app/tryghost/issue/ENG-790/remove-use-of-sub-queries-in-email-analytics

Avoiding sub queries means we don't have a process tied up for longer than necessary and we can more easily see if one of the queries is non-performant.

- extracted the count queries into separate queries and used the retrieved values in the final update query
- removed a query by moving the email open rate calculation into JS as we've already fetched the necessary data before that point
2024-04-03 16:27:23 +01:00
Daniël van der Winden
83d4484d94
Updated icon positions in onboarding checklist (#19976)
fixes IPC-135

Icon no longer jumps around on hover in Safari.
2024-04-03 09:18:08 +00:00
Kevin Ansfield
9fb14aab7d
Added background blur to onboarding modals (#19969)
ref https://linear.app/tryghost/issue/IPC-125/modal-and-checklist-misaligned

- added background blur to the share and dismiss modals so the misalignment with non-full-width content is less obvious
2024-04-03 09:39:28 +01:00
Daniël van der Winden
9dcee418a4
Updated onboarding copy and line-height (#19975)
Descenders were being cut off in the titles due to the line-height not
being set right.
2024-04-03 08:34:35 +00:00
Daniel Lockyer
de668e7950 🔒 Added escaping to member export CSV fields
fix https://linear.app/tryghost/issue/ENG-805/
refs https://owasp.org/www-community/attacks/CSV_Injection

- it's possible for certain fields in a member CSV export to be executed
  by software that opens the CSVs
- we can protect against this for the user by escaping any forumulae in
  the CSV fields
- papaparse provides this option natively, so it's just a case of
  providing the field to the unparse method
- credits to Harvey Spec (phulelouch) for reporting
2024-04-03 10:21:02 +02:00
Kevin Ansfield
2332f339dc
Fixed setup/done screen showing 500 when not authenticated (#19973)
closes https://linear.app/tryghost/issue/IPC-136/setupdone-route-500s-if-you-hit-it-from-a-logged-out-state-instead-of

- the setup/done route was not set up as an authenticated route so no redirect occurred when accessing it directly before logging in which in turn caused an error because the route tries to read from the session user
2024-04-02 16:43:44 +00:00
Ryan Feigenbaum
12379e7cc5
Update LinkedIn share URL in share-modal.hbs (#19971)
Improve link sharing for LinkedIn
REF:
https://linear.app/tryghost/issue/IPC-131/linkedin-sharing-looks-really-odd
2024-04-02 10:24:37 -04:00
Daniël van der Winden
c7c13a394a
Added subheading to onboarding checklist (#19970) 2024-04-02 13:54:51 +00:00
renovate[bot]
956c51436e Update dependency terser to v5.30.2 2024-04-02 13:08:00 +00:00
Kevin Ansfield
98ce6bf4d5
Fixed onboarding checklist video logo autoplay (#19967)
closes https://linear.app/tryghost/issue/IPC-117/fix-ghost-orb-logo-not-being-animated-in-chrome-or-arc

- Chrome wasn't respecting the `muted` attribute when the dashboard is loaded without any interaction resulting in the video not auto playing
- fixed by adding a `{{autoplay}}` modifier that explicitly sets the `muted` property on the video before calling `.play()` which appears to bypass the interaction-required block
2024-04-02 13:55:22 +01:00
Daniël van der Winden
50dceb23ff
Updated class names for Share modal (#19966)
fixes IPC-134

Some class names in the share modal (onboarding) were not in line with
how we define our classes at Ghost.
2024-04-02 11:48:17 +00:00
renovate[bot]
a263877aa5 Update dependency terser to v5.30.1 2024-04-01 16:12:35 +00:00
Djordje Vlaisavljevic
bbb0239ac4 Updated onboarding checklist copy
ref https://linear.app/tryghost/issue/IPC-98/copy-feedback
2024-04-01 17:00:27 +01:00
Djordje Vlaisavljevic
1137926464 Open Design settings modal when clicked from Share modal
close https://linear.app/tryghost/issue/IPC-129/link-to-design-settings-modal-in-share-modal
2024-04-01 17:00:27 +01:00
Djordje Vlaisavljevic
96b23b3e6a Removed dashboard widgets when onboarding checklist is active
ref https://linear.app/tryghost/issue/IPC-128/hide-dashboard-widgets-if-onboarding-checklist-is-active
2024-04-01 17:00:27 +01:00
renovate[bot]
541395434d Update sentry-javascript monorepo to v7.109.0 2024-04-01 14:10:07 +02:00
Ghost CI
d4d69e2ac5 v5.81.1 2024-04-01 06:16:31 +00:00
Ryan Feigenbaum
7a5bb0818b
Fix punctuation in onboarding checklist help message (#19961)
REF: https://linear.app/tryghost/issue/IPC-98/copy-feedback
2024-03-31 11:53:14 -04:00
Ryan Feigenbaum
f5d025d7dd
Update copy for onboarding checklist. (#19960)
REF: https://linear.app/tryghost/issue/IPC-98/copy-feedback
2024-03-31 11:00:44 -04:00
Kevin Ansfield
0cd8547e23
Added confirmation modal to onboarding skip button (#19956)
closes https://linear.app/tryghost/issue/IPC-115/make-skip-onboarding-button-work

- show a confirmation modal when clicking the "Skip onboarding" button
- onboarding is only dismissed when confirm button is clicked in the modal
2024-03-28 17:50:40 +00:00
Daniël van der Winden
dda9ba2462
Updated checklist hovers in dark mode (#19955)
'Skip onboarding' and 'Help Center' hover states were not legible.
2024-03-28 17:01:17 +00:00
Djordje Vlaisavljevic
0b7f3546ac Fixed linting issue
ref https://linear.app/tryghost/issue/IPC-96/add-link-back-to-dashboard-to-post-published-screen
2024-03-28 16:47:53 +00:00
Djordje Vlaisavljevic
c3355d0067 Added link to dashboard on post-published screen
closes https://linear.app/tryghost/issue/IPC-96/add-link-back-to-dashboard-to-post-published-screen

- When the onboardingChecklist feature flag is enabled, hides "Back to editor" link on post-published screen and shows "Back to dashboard" instead. There is already one link back to the editor, and it makes sense to let users go back to the dashboard easily.
2024-03-28 16:47:53 +00:00
Djordje Vlaisavljevic
f20c79ee54 Fixed placement when last onboarding step is the active one
ref https://linear.app/tryghost/issue/IPC-124/fix-placement-when-the-last-step-is-active
2024-03-28 16:47:53 +00:00
Daniël van der Winden
85737012ab
Improved hover states for Onboarding Checklist (#19953)
fixes IPC-123
2024-03-28 16:15:05 +00:00
Kevin Ansfield
5cb85ff58f
Replaced setup/done screen with onboarding checklist (#19952)
part of https://linear.app/tryghost/issue/IPC-81/remove-setupdone-screen-from-signup-flow

- when the `onboardingChecklist` flag is enabled the `setup/done` screen shown after install or signup will initiate the onboarding checklist and redirect straight to the dashboard effectively replacing the previous onboarding flow
2024-03-28 16:10:59 +00:00
Sag
540660a49e
🐛 Fixed adding recommendations with long excerpts (#19949)
ref https://linear.app/tryghost/issue/ENG-801/unable-to-recommend-sites-with-long-excerpts

- recommending a site with a long excerpt was being blocked by a
validation error
- with this change, we truncate the excerpt to 2000 characters max. and
avoid showing an error in the UI
- with this change, the description length validation is also now
stricter; 200 characters max, instead of 2000, to match the UI
2024-03-28 17:02:37 +01:00
Djordje Vlaisavljevic
60b8316bb6 Added more performant way of displaying dark mode animated logo
ref https://linear.app/tryghost/issue/IPC-121/add-dark-mode-version-of-the-animated-ghost-logo
2024-03-28 15:57:26 +00:00
Djordje Vlaisavljevic
ac90c5691d Added a dark mode version of the animated Ghost logo for onboarding
ref https://linear.app/tryghost/issue/IPC-121/add-dark-mode-version-of-the-animated-ghost-logo
2024-03-28 15:57:26 +00:00
Kevin Ansfield
63fa7b1952
Migrated dashboard share modal to modern pattern (#19950)
closes https://linear.app/tryghost/issue/IPC-92/add-logic-for-completing-steps
closes https://linear.app/tryghost/issue/IPC-111/re-work-share-modal-to-use-the-right-pattern

- migrated code over to the modern ember-promise-modals pattern
- added share step completion when opening modal
- removed unnecessary 1sec timeout when clicking "Copy" button
- moved various share URLs into the template so there's less need to look back-and-forth between template and backing class
2024-03-28 15:35:35 +00:00
Kevin Ansfield
1c219fdcb6
Wired onboarding checklist to saved user settings (#19948)
part of https://linear.app/tryghost/issue/IPC-92/add-logic-for-completing-steps
part of https://linear.app/tryghost/issue/IPC-115/make-skip-onboarding-button-work

- updated `onboarding` service to use the `user.accessibility` (poor naming, this is an old field used for general user settings) as it's backing store
- added `onboarding.allStepsCompleted` to allow for "completion" state to be shown before the checklist is marked as completed
- added `onboarding.{complete,dismiss}Checklist()` actions and wired those up to the template

When testing, if you need to reset the checklist you can run this in DevTools console
```
Ember.Namespace.NAMESPACES_BY_ID['ghost-admin'].__container__.lookup('service:onboarding').startChecklist()
```
2024-03-28 14:19:43 +00:00
Sag
7e2d842db2
🐛 Fixed keeping existing attribution in recommendations (#19945)
ref https://linear.app/tryghost/issue/ENG-799

- recommendations were being stripped of query parameters and hash
fragments before save
- in particular, query parameters for attribution such as ?ref were not
being stored
2024-03-28 13:54:23 +01:00
Daniël van der Winden
86911be7db
Removed margin from checkmark (#19947)
fixes IPC-120
2024-03-28 12:37:54 +00:00
Daniël van der Winden
9bf133a70c
Added gradient background to onboarding checklist (#19946)
fixes IPC-114
2024-03-28 11:54:53 +00:00
Daniël van der Winden
008f36e476
Added styles for dark mode (#19944)
fixes IPC-119
2024-03-28 11:29:20 +00:00
renovate[bot]
d76eed50e6 Update nest monorepo to v10.3.7 2024-03-28 10:12:04 +01:00
Steve Larson
78d2a5e3c0
🐛 Fixed flaky browser tests (#19929)
ref https://linear.app/tryghost/issue/CFR-13
- enabled saving traces on browser test failure; this makes troubleshooting a lot easier
- updated handling in offers tests to ensure the tier has fully loaded in the UI (not just `networkidle`)
- updated publishing test to examine the publish button reaction to the save action response instead of a 300ms pause

In general, our tests use a lot of watching for 'networkidle' - and sometimes just raw timeouts - which do not scale well into running tests on CI. In particular, 'networkidle' does not work if we're expecting to see React components' state updates propagate and re-render. We should always instead look to the content which encapsulates the response and the UI updates. This is something we should tackle on a larger scale.
2024-03-27 13:57:53 -05:00
Kevin Ansfield
90d8b41f63
Wired up in-memory onboarding step completion (#19940)
ref https://linear.app/tryghost/issue/IPC-92/add-logic-for-completing-steps

- added in-memory step completion to `onboarding` service
- wired up the onboarding checklist to mark steps as completed when clicked
- extracted re-used step template and logic into components/helpers
2024-03-27 18:27:43 +00:00
Kevin Ansfield
919ec733e7
Moved onboarding display check into new onboarding service (#19938)
refs
https://linear.app/tryghost/issue/IPC-92/add-logic-for-completing-steps

- added `onboarding` service to manage logic and state for the onboarding display and it's various steps
- added basic "display onboarding checklist" state to replicate the basic feature flag toggle along with making sure it's only shown to owners
- added acceptance test file and missing mirage endpoints needed for the dashboard to load without error
2024-03-27 17:37:37 +00:00
Djordje Vlaisavljevic
75b08a716b Added dark mode styles for onboarding checklist
ref https://linear.app/tryghost/issue/IPC-108/add-dark-mode-design
2024-03-27 14:13:29 +00:00
Djordje Vlaisavljevic
71a1d825e3 Added onboarding checklist success state button
ref https://linear.app/tryghost/issue/IPC-91/add-success-state-design
2024-03-27 14:13:29 +00:00
Sanne de Vries
f8a55de743
Added exact timestamp to the title attribute of the post date in the … (#19936)
…post list view

Ref DES-171
2024-03-27 13:52:38 +01:00
Oktay Kilic
a1afc87757
Made changes in Turkish local for Comments, Ghost and Portal (#19919)
Dear Ghost team, 

Hope you're well. 

While developing our website https://fayn.press (we just launched it),
we came across a few English-Turkish translations that needed
correction.

Following the guide you shared with me, I made the corrections & changes
using Github and am now submitting it.

I changed "Sign in": "Kayıt ol", to "Sign in": "Giriş Yap", as the
current translation is wrong. Kayit ol means Sign up, as opposed to sign
in. It's been confusing for our paying members to receive an email that
says "sign up" in Turkish (Kayit ol) right after they sign up for the
site by paying. We'd greatly appreciate it if this could be fixed as
soon as possible.

Other suggestions are mostly improvements in translations that sound
more natural in Turkish.

I went through all translations and other than these, they are all good.

Thank you, 
Oktay

Co-authored-by: Ryan Feigenbaum <48868107+royalfig@users.noreply.github.com>
2024-03-27 08:21:16 -04:00
renovate[bot]
dfacfb56bc Update dependency terser to v5.30.0 2024-03-27 11:31:29 +00:00
Daniël van der Winden
8757a5deec
Updated the copy link behaviour on the social share modal (#19933) 2024-03-27 12:18:15 +01:00
Sanne de Vries
c39c2de067
Updated time formatting for drafts and scheduled posts (#19924)
Ref TRI-27
- Published posts now show the published date in post list, instead of
updated date.
- The `gh-format-post-time` helper now has a `relative` and `absolute`
and option instead of formatting being tied to `draft` and `published`
state. This allows for more flexibility in how dates are displayed.
- Draft, scheduled and published posts now follow the same time
formatting pattern: today, yesterday, or explicit dates if further in
the past.
- Hover states for dates in the post list have been removed.
- Title attributes are added indicating whether timestamp refers to updated_at or published_at
- The scheduling logic on the publish page still uses relative
formatting.
2024-03-27 11:30:14 +01:00
renovate[bot]
dcbbfbba70 Update dependency express to v4.19.2 [SECURITY] 2024-03-27 11:18:44 +01:00
renovate[bot]
86575890f3 Update nest monorepo to v10.3.6 2024-03-27 11:04:20 +01:00
Simon Backx
3b8fb3cedf
Added support for ignoring migrated (duplicate) subscriptions (#19902)
refs KTLO-19

When we need to migrate subscriptions from a platform with platform
fees, we need to recreate the subscriptions. That can cause the same
subscription to be attached multiple times to the same member in Ghost.

This is a problem because all MRR, subscriptions and cancellations stats
are no longer correct. Ghost will add a MRR event for the duplicated
subscription from the start time, so there is a sudden peak in MRR and a
dip after the migration because all those duplicate subscriptions are
suddenly cancelled 'today'.

The migrator tool adds a ghost_migrated_to metadata field to the old
subscription. Ghost can use this to detect the old subscription and
delete the subscription and corresponding events.
2024-03-27 10:32:32 +01:00
Bojan Drango
08553f63f8
Added Macedonian language (mk) (#19920)
Added translation for Macedonian language (locales/mk)

Co-authored-by: Ryan Feigenbaum <48868107+royalfig@users.noreply.github.com>
2024-03-26 22:46:49 -04:00
Daniël van der Winden
3664db491d
Updated social share modal layout (#19925)
- Changed the layout of the modal
- Added a fallback state for the cover image
- Added possibility to copy the publication link
- Correct hover states for social media buttons

---------

Co-authored-by: Ryan Feigenbaum <48868107+royalfig@users.noreply.github.com>
2024-03-26 19:38:07 +01:00
Sag
5c4a4e812c
Removed Powered by Ghost clicks in publisher analytics (#19926)
fixes https://linear.app/tryghost/issue/TRI-65/add-powered-by-ghost-badge-tracking

- clicks on the "Powered by Ghost" badge were unintentionally surfaced
in publisher analytics, under Newsletter Clicks
2024-03-26 17:51:23 +01:00
renovate[bot]
ec25aed06f fix(deps): update dependency mysql2 to v3.9.3 2024-03-26 07:46:09 +00:00
Fabien 'egg' O'Carroll
3d3b3ff701
Fixed Editors being able to invite Editors (#19904)
ref ENG-774
ref https://linear.app/tryghost/issue/ENG-774

Staff Tokens will have both a `user` and an `apiKey` present on the
`loadedPermissions`.

The check here for `apiKey` was written when we could assume that an
`apiKey` was an Admin Integration - so it completely overwrote the
previous `allowed` list. When we added the concept of Staff Tokens -
this resulted in a privilege escalation.

This is a good lesson in not using proxies or indicators for data, as
changes elsewhere can invalidate them - if we had been specific and
checked the role of the current actor we wouldn't've had this bug!
2024-03-26 00:45:08 +07:00
Simon Backx
89a01c2d05
Added support for clearing all data with data generator (#19901)
no issue

When testing Stripe migrations, it is useful to be able to clear the
database quickly without deleting admins and tokens. This is possible
with the data generator.
2024-03-25 14:44:28 +01:00
Ronald Langeveld
db62d83387
Bumped Koenig-Lexical to new minor (#19909)
no issue

- Bumped Koenig-Lexical to a new minor.
- This change contains the new Unsplash selector which is a breaking
change as default headers are handled a touch different.
2024-03-25 20:32:46 +08:00
Peter Zimon
cda909fdb8
Fixed alignment of main title in Admin (#19911)
Ref DES-188

- the alignment of the main page title and the site title in the sidebar
was off
- also the top right dropdown's vertical positioning was off
2024-03-25 12:23:24 +01:00
Daniël van der Winden
3fa363f944
Fixed design issue DES-4 (#19662)
Fixed inconsistencies in typography for footer and featured images, on desktop and mobile.
2024-03-25 12:08:34 +01:00
renovate[bot]
97c63e1735 chore(deps): update sentry-javascript monorepo to v7.108.0 2024-03-25 08:34:53 +00:00
renovate[bot]
8db502c1b0 Update nest monorepo to v10.3.5 2024-03-25 08:22:23 +00:00
Ghost CI
5d714f8a05 v5.81.0 2024-03-22 16:05:44 +00:00
Sunghyun Cho
bdbbac6d15
i18n: Korean Improvements (#19906)
- [x] There's a clear use-case for this code change, explained below
- [x] Commit message has a short title & references relevant issues
- [x] The build will pass (run `yarn test:all` and `yarn lint`)

I have improved the Korean translations by ensuring consistent tones,
using more polite phrases and correcting grammar errors.
2024-03-22 10:18:31 -04:00
Djordje Vlaisavljevic
5e631114db Added a thousands separator to tier price on member detail screen
ref https://linear.app/tryghost/issue/DES-152/thousand-separator-missing-in-member-details-tier-price
2024-03-21 14:55:39 +00:00
Djordje Vlaisavljevic
ba7f448e12 Fixed "Read this article" link on the dashboard
ref https://linear.app/tryghost/issue/DES-138/🐛-read-this-article-link-on-dashboard-leads-to-resources-instead
2024-03-21 14:55:39 +00:00
Steve Larson
a1c4e64994
Added queueing middleware to handle high request volume (#19887)
ref https://linear.app/tryghost/issue/CFR-4/
- added request queueing middleware (express-queue) to handle high
request volume
- added new config option `optimization.requestQueue`
- added new config option `optimization.requestConcurrency`
- added logging of request queue depth - `req.queueDepth`

We've done a fair amount of investigation around improving Ghost's
resiliency to high request volume. While we believe this to be partly
due to database connection contention, it also seems Ghost gets
overwhelmed by the requests themselves. Implementing a simple queueing
system allows us a simple lever to change the volume of requests Ghost
is actually ingesting at any given time and gives us options besides
simply increasing database connection pool size.

---------

Co-authored-by: Michael Barrett <mike@ghost.org>
2024-03-21 09:25:07 -05:00
renovate[bot]
dfdd4e5cfa Update dependency express to v4.19.1 2024-03-21 11:50:48 +01:00
Ghost CI
b88ef5f816 Merged v5.80.5 into main 2024-03-21 09:51:52 +00:00
Ghost CI
40277465ba v5.80.5 2024-03-21 09:51:50 +00:00
Sag
c2320cd2ea Revert "Added referral tracking to the powered-by-ghost newsletter badge" (#19899)
refs https://ghost.slack.com/archives/CTH5NDJMS/p1710976281912809

- this reverts commit 9869d9adb6
- the referral query parameter is unintentionally surfacing in publisher
analytics
2024-03-21 10:37:42 +01:00
Sag
5477d70a0c
Revert "Added referral tracking to the powered-by-ghost newsletter badge" (#19899)
refs https://ghost.slack.com/archives/CTH5NDJMS/p1710976281912809

- this reverts commit 9869d9adb6
- the referral query parameter is unintentionally surfacing in publisher
analytics
2024-03-21 10:02:17 +01:00
renovate[bot]
1c1ef70677 Update nest monorepo to v10.3.4 2024-03-21 09:30:07 +01:00
renovate[bot]
092f982fec Update dependency typescript to v5.4.3 2024-03-21 09:28:10 +01:00
Djordje Vlaisavljevic
7b70b60ad4 Added dynamic site title to the checklist
ref https://linear.app/tryghost/issue/IPC-76/add-static-checklist-to-the-dashboard
2024-03-20 20:39:01 +00:00
Djordje Vlaisavljevic
53310b52c1 Added function for copying publication link
ref https://linear.app/tryghost/issue/IPC-90/add-share-modal
2024-03-20 20:39:01 +00:00
Djordje Vlaisavljevic
aa7d294162 Switched "Copy link" icon to link
ref https://linear.app/tryghost/issue/IPC-90/add-share-modal
2024-03-20 20:39:01 +00:00
renovate[bot]
28c851be6a Update dependency sanitize-html to v2.13.0 2024-03-20 19:10:32 +00:00
Fabien O'Carroll
cb72835af1 Removed support for id specific permissions
ref ENG-728
ref https://linear.app/tryghost/issue/ENG-728

This is not used anywhere, and makes the code more complicated, it's a good
step toward simplifying permissions and pulling them out of the database.
2024-03-21 00:21:40 +07:00
Fabien O'Carroll
e29c653ef6 Removed permissible method from setting model
ref ENG-728
ref https://linear.app/tryghost/issue/ENG-728

This implementation is essentially a no-op so we can remove it completely
2024-03-21 00:21:24 +07:00
Daniël van der Winden
4c598a1e6d
Added social share modal to onboarding checklist (#19891)
Updated the share modal design and functionality

ref IPC-90

• Rebuilt the bookmark card to match other components
• Added linking to the different social networks
• Added a close button that closes the modal
• Removed repetitive subtitle
2024-03-20 16:48:45 +01:00
Daniel Lockyer
27cc32ec25 Added comments count endpoint to robots.txt disallow list
fix https://linear.app/tryghost/issue/ENG-771/add-comments-count-endpoint-to-robotstxt-ignorelist

- we've seen web scrapers hitting this endpoint a lot, but the value to
  be taken from it is minimal for SEO purposes
- adding it to robots.txt should encourage web scrapers to ignore it,
  and we should see less traffic as a result
2024-03-20 14:48:54 +01:00
Fabien 'egg' O'Carroll
7cc65c18cc
Added missing permissions to Contributor & Editor (#19881)
ref ENG-728
ref https://linear.app/tryghost/issue/ENG-728

This is NOT a functionality change. The Post#permissible method unit
tests have been updated to pass `true` as `hasUserPermission` and we can
see that the permission functionality remains the same.

The permissible method of the post model is responsible for removing
permission based on the data that is being modified, but the permissions
module is setup to allow the permissible method to grant permission -
this means that we call permissible, even if the current actor doesn't
have permission, this results in code that is hard to understand and
manage.

We are going to be instead returning early if an actor does not have
permission, this will allow permissible method signatures to be greatly
simplified (removing the need for hasUserPermission, hasApiKeyPermission
& hasMemberPermission arguments).
2024-03-20 20:36:07 +07:00
renovate[bot]
38f8e05a3e Update dependency knex-migrator to v5.2.0 2024-03-20 10:54:21 +01:00
Djordje Vlaisavljevic
cdf45172a7
Added a fullscreen onboarding checklist to the dashboard (#19888)
ref https://linear.app/tryghost/issue/IPC-66/onboarding-checklist-v1

- Larger, 100vh onboarding checklist that’s currently on the dashboard,
but should be moved to it’s own component and route
- Every step links to the relevant screen, but the logic for completing
steps is missing
2024-03-19 16:07:49 +00:00
renovate[bot]
3ff2eecb76 Update dependency bookshelf-relations to v2.7.0 2024-03-19 11:20:22 +00:00
Simon Backx
b1c60d20d1
Updated email error button text in case of partial email errors (#19877)
fixes DES-66

In case some batches succeeded sending, the button text will be
different if the email sending was partially successful.

For now this uses text matching with a warning in our E2E tests because
we don't have a straightforward way to check if an error is partial or
not yet.
2024-03-19 10:31:21 +01:00
Daniel Lockyer
134c33cef5
🐛 Fixed missing source + resized images producing rendered 404 (#19869)
fixes https://linear.app/tryghost/issue/ENG-746/http-500-responses-when-handle-image-sizes-middleware-hits-missing

- in the event a request comes in for a resized image, but the source
image does not exist, we return a rendered 404 page
- we do this because we pass the NotFoundError to `next`, which skips
over the static asset code where we return a plaintext 404
- also included a breaking test that ensure we go to the next middleware
without an error
2024-03-18 18:32:10 +01:00
Fabien 'egg' O'Carroll
3f27ca5c00
Cached api controller pipelines (#19880)
ref ENG-761
ref https://linear.app/tryghost/issue/ENG-761

Creating these pipelines is expensive, and we don't want to do it
repeatedly for the same controller. Adding caching should reduce the
amount of time spent setting up pipelines for each usage of the `get`
helper.
2024-03-19 00:29:41 +07:00
Djordje Vlaisavljevic
a67342b06a
Add WIP onboarding checklist behind the flag (#19801)
ref https://linear.app/tryghost/issue/IPC-66/onboarding-checklist-v1

- Adds a basic version of a new onboarding checklist behind the feature
flag, without incomplete/complete state logic
- Links to Design settings, Members screen and new post
- Opens amodal that we’ll use as Share modal

---------

Co-authored-by: Daniël van der Winden <danielvanderwinden@ghost.org>
2024-03-18 14:53:01 +00:00
Daniel Lockyer
48ae822b9f Removed NewRelic from Ghost
fix https://linear.app/tryghost/issue/SLO-47/remove-newrelic-from-ghost

- we no longer need this in Ghost because we've doubled down on Sentry
  Performance
- we can remove this because we've seen it costs 200-300ms to include
  the dependency
2024-03-18 15:22:33 +01:00
Michael Barrett
949b157775
Fixed naming of connection pool metrics (#19874)
no refs
2024-03-18 09:59:16 +00:00
Ghost CI
715ff56032 v5.80.4 2024-03-18 09:42:10 +00:00
Michael Barrett
15ed2eb245
Added date based cache buster to client script (#19873)
refs https://app.incident.io/ghost/incidents/39
2024-03-18 09:29:00 +00:00
Ghost CI
6849aa9891 v5.80.3 2024-03-15 16:04:57 +00:00
Ghost CI
a52c645c44 🎨 Updated Source to v1.2.1 2024-03-15 16:04:57 +00:00
Ghost CI
8b438fa015 🎨 Updated Casper to v5.7.1 2024-03-15 16:04:57 +00:00
renovate[bot]
566a065f36 Update dependency socket.io to v4.7.5 2024-03-14 17:30:47 +00:00
Fabien 'egg' O'Carroll
6a35f6e4cc
Fixed get helper cache optimizations (#19865)
ref [ENG-747](https://linear.app/tryghost/issue/ENG-747/)
ref https://linear.app/tryghost/issue/ENG-747

H'okay - so what we're trying to do here is make get helper queries more
cacheable. The way we're doing that is by modifying the filter used when
we're trying to remove a single post from the query.

The idea is that we can remove that restriction on the filter, increase
the number of posts fetched by 1 and then filter the fetched posts back
down, this means that the same query, but filtering different posts,
will be updated to make _exactly_ the same query, and so share a cache!

We've been purposefully restrictive in the types of filters we
manipulate, so that we only deal with the simplest cases and the code is
easier to understand.
2024-03-15 00:18:15 +07:00
Fabien 'egg' O'Carroll
e607556913
Stopped us from rendering no html when error occurs
no-issue

We need to make sure that we return, otherwise we'll end up skipping the
error handler middleware and trying to render.
2024-03-14 16:34:13 +00:00
Fabien 'egg' O'Carroll
aaa19a535a
🐛 Fixed 500 errors for invalid theme layouts (#19848)
ref ENG-742
ref https://linear.app/tryghost/issue/ENG-742

We don't do any parsing of layouts in gscan, which means themes can be
uploaded which use non-existent files for their layout.

We can catch the error in the res.render call, and wrap it, just like we
do for missing templates (e.g. the StaticRoutesRouter)
2024-03-14 23:12:26 +07:00
Aileen Booker
f16d9802d0 Added ability to pass minThreshold for Milestone Slack notifications
closes ENG-632

- This listens to a new property in the `milestones` config to set a minimum value of Milestones we wanna use the Slack notification service for
2024-03-14 12:06:43 -04:00
Michael Barrett
60d81b2003
🐛 Fixed /p/ redirects not being indexed by search engines (#19864)
ref
[ENG-741](https://linear.app/tryghost/issue/ENG-741/🐛-our-robotstxt-config-causes-indexing-issues-for-customers-who-have)

`/p/` has been dropped from the `robots.txt` file so that search engines
can index the pages at these locations. In the event that the page at
the location is a preview page, the existing robots meta tag on the page
will prevent indexing.
2024-03-14 14:44:54 +00:00
Fabien O'Carroll
39da5a1f88 Revert "Optimised queries made by get helper for posts"
no-issue

This was incorrectly merged - reverting until the work is complete
2024-03-14 20:26:01 +07:00
renovate[bot]
a309a29ef6 Update dependency terser to v5.29.2 2024-03-14 13:09:36 +00:00
renovate[bot]
c8ea87ba83 Update dependency typescript to v5.4.2 2024-03-14 13:55:11 +01:00
Sag
7a40ab52fb
🐛 Fixed adding recommendation when oembed fails (#19861)
refs https://linear.app/tryghost/issue/ENG-750

- when adding a recommendation, we fetch the recommended site's metadata
- before this change, if the metadata fetch failed for some reason, we'd show an error and block the recommendation from being added
- after this change, we use fallback values if the metadata fails to fetch, instead of blocking the recommendation from being added. We use the site domain as the title and leave the rest empty (no favicon, no description)
- this change also means we are not checking whether a site exists or not for the publisher anymore. It’s then up to the publisher to make sure they don’t enter broken URLs
2024-03-14 11:36:28 +01:00
Fabien 'egg' O'Carroll
52a28c0059
Optimised queries made by get helper for posts (#19859)
ref ENG-747
ref https://linear.app/tryghost/issue/ENG-747

H'okay - so what we're trying to do here is make get helper queries more
cacheable. The way we're doing that is by modifying the filter used when
we're trying to remove a single post from the query.

The idea is that we can remove that restriction on the filter, increase
the number of posts fetched by 1 and then filter the fetched posts back
down, this means that the same query, but filtering different posts,
will be updated to make _exactly_ the same query, and so share a cache!

We've been purposefully restrictive in the types of filters we
manipulate, so that we only deal with the simplest cases and the code is
easier to understand.
2024-03-13 19:27:27 +00:00
renovate[bot]
48782df301 Update dependency newrelic to v11.13.0 2024-03-13 17:14:53 +00:00
Kevin Ansfield
47e6911ca0
Added cache-control header back to /auth-frame/ response (#19858)
ref https://linear.app/tryghost/issue/ENG-721

- when changing the response to a `204` for requests with no cookie we'd lost the `Cache-Control: public, max-age: 0` header which meant some cache systems weren't caching as efficiently as possible
2024-03-13 16:00:46 +00:00
renovate[bot]
2c7253edd7 Update dependency ts-node to v10.9.2 2024-03-13 16:31:48 +01:00
renovate[bot]
7f6bc16df8 Update nest monorepo to v10.3.3 2024-03-13 16:31:35 +01:00
Sag
9869d9adb6
Added referral tracking to the powered-by-ghost newsletter badge (#19850)
ref https://linear.app/tryghost/issue/TRI-65

In the context of referrals, we want to understand how useful our
“Powered by Ghost” badges are.

There are currently a few places where the “Powered by Ghost” badge can
be rendered:
- in newsletters (enabled/disabled by publisher, on a newsletter basis)
- in Portal popups, e.g. member signup/signin/account settings
- in the footer of some themes, including Source & Casper

We're adding the query param ?via to evaluate the usage of the badge in
newsletters.
2024-03-13 16:03:13 +01:00
Fabien "egg" O'Carroll
0fb0c6c2b5 Added NestJS Playground
no-issue

This adds the barebones of a NestJS application wired up to the Admin API
behind a feature flag, so that we can experiement with how to use Nest in the
context of Ghost
2024-03-13 19:44:06 +07:00
Fabien "egg" O'Carroll
d2620171ea Refactored auth services so they can be used in Nest
no-issue

This decouples the business logic from the express middleware so that it can be
used inside of a NestJS application.
2024-03-13 19:44:06 +07:00
Sag
59bbade630
Fixed browser tests (#19852)
no issue

- browser tests were failing due to the renaming of a button
2024-03-13 12:54:19 +01:00
Peter Zimon
9d9707e6f4
Settings keyboard shortcuts (#19836)
ref DES-166

Accessing settings via a keyboard shortcut is a great productivity
booster for advanced users and it is missing from Ghost today.
2024-03-13 08:46:22 +01:00
Fabien 'egg' O'Carroll
5a5ddcb609
🐛 Fixed Tiers API erroring when invalid filter passed (#19845)
closes ENG-730
closes https://linear.app/tryghost/issue/ENG-730/

We've updated the input serializer to parse the filter, and responded
with an error if it cannot be parsed correctly.

Now that it's parsed, we can pass a mongo query object through the
stack, which will lend itself to better typing for this code, which is a
direction we want to go in anyway. We've had to update all the internal
usages of the `browse` method to use mongo query objects.
2024-03-13 00:25:42 +07:00
Daniel Lockyer
55791a8c64 Switched to throwing error upon failed image processing
ref https://linear.app/tryghost/issue/ENG-740/http-500-error-when-image-processing-fails
refs 4aad551c72

- upon further discussion, we've decided it's better to throw an error
  in this case because the uploaded image is deemed invalid and storing
  it on the filesystem might cause more issues with resizing/further
  processing in the future
- this commit implements that and alters the tests
2024-03-12 16:24:29 +01:00
Daniel Lockyer
4aad551c72 🐛 Fixed HTTP 500 error when image processing fails during upload
fixes ENG-740
fixes https://linear.app/tryghost/issue/ENG-740/http-500-error-when-image-processing-fails

- in the event the image transform library throws (which can happen for
  many reasons; sharp/libvips can come across a number of errors), we
  currently return this as a HTTP 500 error to the user
- in this case, we should just try-catch the call and jump to the
  non-processing flow where it just saves the original image
- also added breaking test
2024-03-12 15:33:17 +01:00
Kevin Ansfield
ef143978e7
🎨 Reduced requests and 403 responses for comments auth check (#19840)
closes https://linear.app/tryghost/issue/ENG-721
ref https://linear.app/tryghost/issue/ENG-708

Comments-UI loads `/ghost/admin-frame/` in an iframe to check if a Staff User is authenticated in order to  show moderation options. That iframe request loads a HTML page which in turn contains a script that fires off an API request that attempts to fetch the logged-in user details, resulting in a 403 "error" showing up when not authenticated. In the vast majority of cases there will be no staff user authenticated so lots of extra requests and "errors" are seen unnecessarily.

- adjusted the `/ghost/auth-frame/` endpoint to check if the request contains an Admin session cookie
  - if it does, continue as before with rendering the HTML page so the script is loaded
  - if it doesn't, return an empty 204 response avoiding the script request and subsequent 403-generating API request
- eliminates the 403 error being generated for all typical visitor traffic, the error should only be seen when an Admin was previously logged in but their cookie is no longer valid (either from logging out, or going past the 6month validity period)
2024-03-12 12:27:18 +00:00
Daniel Lockyer
dea639e3f6 🐛 Fixed returning HTTP 500 response when recommendations check fails
ref ENG-737
ref https://linear.app/tryghost/issue/ENG-737/http-500-errors-from-recommendations-check-endpoint

- it's still possible for `this.#externalRequest.get` to throw, like if
  DNS resolution fails
- we want to try-catch this so we don't throw from this function and
  return a HTTP 500 to the user
- instead, we can just return `undefined`, which is the fallback
- adds a breaking test too
2024-03-12 12:31:44 +01:00
Daniel Lockyer
5fa4496d52 🐛 Fixed HTTP 500 responses when oembed endpoint receives error
fixes https://github.com/TryGhost/Product/issues/4237

- this fixes the fact that we return a HTTP 500 response when the oembed
  library receives an error, such as a 401 or 403
- includes special handling for cases where we want to return a slightly
  different error message
- also adds unit tests for @tryghost/oembed-service package
2024-03-12 12:31:44 +01:00
Daniel Lockyer
6842d599e9 🐛 Fixed handling of image uploads with overly long filenames
fixes ENG-733
ref https://linear.app/tryghost/issue/ENG-733/handle-image-uploads-where-name-is-too-long

- filesystems usually have a filename length limit; ie. on macOS it is
  255 characters
- if a file is uploaded with a longer filename, we'll return a HTTP 500
- we shouldn't do this as it is user error, so we can just catch the
  error code and return BadRequest
- this implements that, and adds a breaking test
2024-03-12 12:31:44 +01:00
Daniel Lockyer
6db20fc14b Fixed minor code nits
- made fixes for the following:
  - jsdoc definitions
  - typos
  - extra parameter to function
  - missing `utf-8` to fs file read
2024-03-12 12:31:44 +01:00
renovate[bot]
bba53b82aa Update dependency html-validate to v8.15.0 2024-03-12 06:26:02 +01:00
timemanagementsk
7fb5def470
Edited few phrases in Slovak (sk) translation to make it sound better (#19825)
I think my changes make the Slovak better. I changed just a few thins,
it's my first time trying Github, but if this is approved, I plan to do
more changes in the future and make the Slovak translation even btetter.

Co-authored-by: Ryan Feigenbaum <48868107+royalfig@users.noreply.github.com>
2024-03-11 17:56:26 -04:00