Commit Graph

1467 Commits

Author SHA1 Message Date
Nazar Gargol
aa7f9ddbeb Version bump to 2.31.1 2019-09-23 17:13:25 +02:00
Nazar Gargol
3712e6e01c Bumped gscan to 2.9.0 2019-09-23 16:48:21 +02:00
Renovate Bot
93e04b0a43 Update dependency @tryghost/members-api to v0.5.3 2019-09-23 03:25:09 +00:00
Renovate Bot
b89e3650f1
Update dependency nock to v11.3.5 2019-09-23 01:27:17 +00:00
Renovate Bot
d33fc8c8a6 Update dependency @tryghost/helpers to v1.1.10 2019-09-23 01:26:36 +00:00
Nazar Gargol
62343b09e2 💡Bumped gscan version to 2.9.0 2019-09-19 18:18:33 +02:00
Fabien O'Carroll
01fca3ec2c Installed @tryghost/members-ssr@0.5.0
no-issue

This includes changes that can be used to signin via a GET request
2019-09-17 11:05:06 +08:00
Naz Gargol
0bee38d586
💡Bumped gscan version to 2.8.0 (#11134)
no issue

- This version contains --canary flag and new rules that come with it
- The theme checks will be run against canary rules by default
2019-09-16 18:22:49 +02:00
Kevin Ansfield
378ebe62b1 Merge branch 'master' into v3 2019-09-16 09:32:10 +01:00
Renovate Bot
2f86894dff Update dependency knex to v0.19.4 2019-09-16 04:25:49 +00:00
Renovate Bot
21b9ba893a Update dependency image-size to v0.7.5 2019-09-16 03:26:55 +00:00
Renovate Bot
c82418153d
Update Test & linting packages 2019-09-16 00:28:05 +00:00
Fabien O'Carroll
8d4056a6ec Installed @tryghost/members-api@0.5.2
no-issue

This improves the logging of errors when sending magic link.
2019-09-15 11:53:29 +08:00
Kevin Ansfield
d645afb416 Removed all accesstokens and refreshtokens related code
no issue

- v0.1 is ☠️ so the access/refresh token based auth is no longer used
- removed all code related to the `accesstokens` and `refreshtokens` tables
- removed all `passport` related dependencies as it's no longer used
2019-09-12 15:45:27 +01:00
Kevin Ansfield
b46f9b1dc2 🔒 Fully separated front-end and admin app urls
no issue

- uses `vhost` in parent-app to properly split front-end and admin/api apps when a separate admin url is configured
2019-09-10 15:47:49 +01:00
renovate[bot]
74fab21eb5 Update dependency mobiledoc-dom-renderer to v0.7.0 (#10937) 2019-09-10 09:36:43 +01:00
renovate[bot]
aa22de4db8 Update dependency nock to v11 (#11093) 2019-09-10 09:13:26 +01:00
renovate[bot]
07448ce034 Update dependency sqlite3 to v4.1.0 (#11034) 2019-09-10 08:58:35 +01:00
renovate[bot]
68af109d8e Update dependency bookshelf-relations to v1.3.0 (#11065) 2019-09-10 08:57:56 +01:00
Kevin Ansfield
2c5fb3d7b8 Version bump to 2.31.0 2019-09-09 17:47:56 +01:00
Kevin Ansfield
5be63958b9 Reverted dependency oembed-parser to 1.2.2
no issue

- 1.3.1 is breaking the oembed regression tests
2019-09-09 16:00:04 +01:00
renovate[bot]
5c8efd087e Update dependency @tryghost/html-to-mobiledoc to v0.6.0 (#11092) 2019-09-09 10:45:30 +01:00
renovate[bot]
fa0a399345 Update dependency oembed-parser to v1.3.1 (#10983) 2019-09-09 10:44:13 +01:00
Fabien O'Carroll
b8fc0d2bd1
Cached member data in ghost-members-ssr-cache cookie (#11096)
no-issue

* Installed @tryghost/members-ssr@0.4.0
  This now supports caching of the data returned by the members-api

* Renamed cookies set by members-ssr
  As discussed with @ErisDS I have prefixed these cookies with `ghost`
2019-09-09 17:39:46 +08:00
Fabien O'Carroll
9447165e0a Alphabetically sorted dependencies in package.json
no-issue

When installing new packages yarn sorts them alphabetically, this meant
that installing/updating packages would have extra changes which would
be noisy either to developers or the git history.
2019-09-09 17:33:47 +08:00
Renovate Bot
01f2f36547 Update dependency @tryghost/url-utils to v0.3.1 2019-09-09 02:34:18 +00:00
Renovate Bot
af021921e7 Update dependency @tryghost/helpers to v1.1.9 2019-09-09 01:28:16 +00:00
Fabien O'Carroll
f63577fa4f
Implemented stripe checkout handling for members
no-issue

* Installed members-api@0.5.0 members-ssr@0.3.1
* Supported multiple members-forms
* Used members canary api
* Added GET handler to /members/ssr for id token
The identity token will be used to ensure that a payment is linked to the correct member
* Added stripe.js to ghost_head when members enabled
* Added basic support for linking to stripe checkout
* Removed listener to title and icon settings changes
* Added stripe subscription config
2019-09-06 15:14:21 +08:00
Fabien O'Carroll
49672a1e4d Updated members service to use magic-link signin
no-issue
2019-09-05 11:14:50 +08:00
Fabien O'Carroll
ef78fe7bab Updated members-api@0.4.1 members-ssr@0.3.0
no-issue

These versions contain the necessary changes for magic link signin
2019-09-05 11:14:50 +08:00
Renovate Bot
b1c61e4e84 Update dependency knex to v0.19.3 2019-09-02 02:32:19 +00:00
Renovate Bot
9a9be2f55e Update dependency bookshelf-relations to v1.1.2 2019-09-02 01:31:35 +00:00
Kevin Ansfield
2080d2f974 Version bump to 2.30.2 2019-08-28 11:39:00 +01:00
Kevin Ansfield
9886077620 Version bump to 2.30.1 2019-08-27 19:44:36 +01:00
Rish
c8b9fd0362 Version bump to 2.30.0 2019-08-27 21:01:30 +05:30
Rishabh Garg
c2aa62083c Added support for bookmark card (#11024)
requires https://github.com/TryGhost/Ghost-Admin/pull/1293

- updates `oembed` endpoint behaviour
  - if an oembed provider is not found then we use `metascraper` to populate a metadata object
  - when metadata is returned rather than an oembed response the payload will look like this:
    ```json
    {
        "url": "...",
        "type": "bookmark",
        "metadata": {
            "url": "...",
            "title": "...",
            "description": "...",
            "author": "...",
            "publisher": "...",
            "thumbnail": "...",
            "icon": "..."
        }
    }
    ```
- adds a `bookmark` card which generates output for the bookmark card:
  ```html
  <figure class="kg-card kg-bookmark-card">
    <a href="[URL]" class="kg-bookmark-container">
      <div class="kg-bookmark-content">
        <div class="kg-bookmark-title">[TITLE]</div>
        <div class="kg-bookmark-description">[DESCRIPTION]</div>
        <div class="kg-bookmark-metadata">
          <img src="[ICON]" class="kg-bookmark-icon">
          <span class="kg-bookmark-author">[AUTHOR]</span>
          <span class="kg-bookmark-publisher">[PUBLISHER]</span>
        </div>
      </div>
      <div class="kg-bookmark-thumbnail">
        <img src="[THUMBNAIL]">
      </div>
    </a>
  </figure>
  ```
  - if a particular bit of data does not exist then the associated html element will not be present
2019-08-27 15:01:02 +01:00
Renovate Bot
4d7164dce6 Update dependency markdown-it to v9.1.0 2019-08-27 10:45:40 +08:00
Renovate Bot
9ea2f5b445 Update dependency uuid to v3.3.3 2019-08-26 03:26:59 +00:00
Renovate Bot
35a74ecb29
Update dependency proxyquire to v2.1.3 2019-08-26 00:29:39 +00:00
Rish
0d230d4ebc Version bump to 2.29.1 2019-08-22 07:31:35 +05:30
Kevin Ansfield
653cf0396e Version bump to 2.29.0 2019-08-20 15:38:58 +01:00
Kevin Ansfield
d0fa149e0e Updated tests eslint config to use eslint-plugin-ghost@0.5.0
no issue
- bump eslint-plugin-ghost to v0.5.0
- update core/test eslint config to use "ghost:test" in place of custom ruleset
- apply automated eslint fixes
2019-08-19 13:38:35 +01:00
Kevin Ansfield
9c46ff154d Revert tmp dependency to v0.0.33
no issue
- renovate auto-upgraded to 0.1.0
- reverts to 0.0.33 to fix the tests
2019-08-19 11:08:27 +01:00
Renovate Bot
dc36012d11 Update dependency knex to v0.19.2 2019-08-19 03:33:02 +00:00
Renovate Bot
59c20ec578 Update dependency @tryghost/social-urls to v0.1.2 2019-08-19 02:48:09 +00:00
Renovate Bot
12fe76cf1d Update dependency @tryghost/html-to-mobiledoc to v0.5.1 2019-08-19 02:30:45 +00:00
Renovate Bot
a250afdfb2 Update dependency @tryghost/helpers to v1.1.8 2019-08-19 01:35:54 +00:00
Renovate Bot
a04ab771e4 Update Test & linting packages 2019-08-16 19:19:54 +00:00
Kevin Ansfield
b12ae5c99a Version bump to 2.28.1 2019-08-16 19:48:18 +01:00
Kevin Ansfield
61420ae67f
Updated @tryghost/url-utils to v0.3.0 (#11027)
refs https://github.com/TryGhost/Ghost/issues/10793

- fixes `urlUtils.htmlRelativeToAbsolute` mangling attribute quote styles and removing indentation
2019-08-16 00:26:24 +01:00
Fabien O'Carroll
24c8da58e4 Fixed local package issue for npm users (#11019)
closes #11018
2019-08-14 13:19:01 +05:30
Kevin Ansfield
80a79abff5 Version bump to 2.28.0 2019-08-13 11:21:18 +01:00
Fabien O'Carroll
ef4fd4b8ef Added shared nql-map-key-values module
no-issue

This module was being shared between multiple parts of the codebase, the
core/shared directory is a stopgap before we move it out to mongo-utils.
2019-08-12 18:41:43 +08:00
Kevin Ansfield
4f3391cd04
Updated @tryghost/url-utils to v0.2.0 (#11004)
no issue

- updates `@tryghost/url-utils` following an internal refactor of the package
- renames `makeAbsoluteUrls` to `htmlRelativeToAbsolute` to better reflect what the function is doing
- renames `getBlogUrl` to `getSiteUrl`
- updates UrlUtils test stubbing util to work with a class
- fixes use of invalid port numbers in tests (max port number is 65535, any higher is an invalid URL that will error with some parsers)
2019-08-12 09:31:42 +01:00
Renovate Bot
e89a2074b8
Update dependency proxyquire to v2.1.2 2019-08-12 00:29:25 +00:00
Fabien O'Carroll
c713847718 Installed @nexes/nql@0.3.0 2019-08-09 14:39:01 +08:00
Nazar Gargol
c7c64bdee5 Added frontend lint comand in package.json
no issue

- The command was a missing bit for changes introduced in e10e71cc26
2019-08-08 15:01:00 +02:00
Fabien O'Carroll
5bb8fdf799 Version bump to 2.27.0 2019-08-06 17:34:38 +08:00
renovate[bot]
494e0d14a0 Update dependency archiver to v3.1.1 (#10981) 2019-08-06 16:16:08 +08:00
renovate[bot]
13b1a9e7ef Update dependency sharp to v0.23.0 (#10984) 2019-08-06 16:14:50 +08:00
Renovate Bot
ff4d3f9e61 Update dependency proxyquire to v2.1.1 2019-08-05 04:34:25 +00:00
Renovate Bot
75ba8b5c64 Update dependency knex-migrator to v3.3.3 2019-08-05 01:28:21 +00:00
Hannah Wolfe
75f6e9c0e3 Update dependency gscan to v2.7.0 2019-08-01 11:00:04 +01:00
Renovate Bot
5766edd6a3 Update dependency semver to v6.3.0 2019-08-01 10:44:06 +05:30
Renovate Bot
2d7a34fcbd Update dependency amperize to v0.6.0 2019-08-01 10:43:41 +05:30
Renovate Bot
c7a873b80f Update dependency @tryghost/html-to-mobiledoc to v0.5.0 2019-08-01 10:43:15 +05:30
Renovate Bot
40d8cd332b Update dependency intl-messageformat to v5.4.3 2019-08-01 10:40:32 +05:30
Rish
1767744b7c Version bump to 2.26.0 2019-07-30 20:24:26 +05:30
Rish
86c670a942 Updated dependency @tryghost/url-utils to v0.1.4
refs #10870

- Reverts moment-timezone version in url-utils to 0.5.23 to fix moment format issue
2019-07-30 20:17:38 +05:30
Rish
ffbd749c8d Added resolution for moment-timezone version
refs #10870

- `moment-timezone` was bumped to `0.5.26` inadvertently as a result of bump to `url-utils` in 6cb0f800c8
- Added resolution makes sure we use `0.5.23` for `moment-timezone` till tests are updated to work with latest version
2019-07-30 18:36:26 +05:30
Renovate Bot
e6a99ec147 Update dependency simple-html-tokenizer to v0.5.8 2019-07-29 12:24:53 +00:00
Renovate Bot
4428822253 Update dependency knex to v0.19.1 2019-07-29 06:25:28 +00:00
Renovate Bot
264a185721 Update dependency intl-messageformat to v5.1.2 2019-07-29 05:25:57 +00:00
Renovate Bot
d663cd2c8a Update dependency gscan to v2.6.6 2019-07-29 04:27:19 +00:00
Renovate Bot
6cb0f800c8 Update dependency @tryghost/url-utils to v0.1.3 2019-07-29 03:26:26 +00:00
Renovate Bot
a4546409c2 Update dependency @tryghost/social-urls to v0.1.1 2019-07-29 02:27:21 +00:00
Renovate Bot
d5d89ce9e4 Update dependency @tryghost/helpers to v1.1.7 2019-07-29 01:27:14 +00:00
Kevin Ansfield
5bdaf29c89 Version bump to 2.25.9 2019-07-23 12:01:47 +01:00
Renovate Bot
e774d7bdd3 Update dependency multer to v1.4.2 2019-07-23 10:41:43 +00:00
Renovate Bot
2b20ae8f78 Update dependency lodash to v4.17.15 2019-07-22 03:27:21 +00:00
Renovate Bot
a1ece81c55 Update dependency gscan to v2.6.4 2019-07-22 02:30:43 +00:00
Renovate Bot
876ef128a7 Update dependency archiver to v3.0.3 2019-07-22 01:28:19 +00:00
Fabien O'Carroll
078060abdc
Refactored members service logging and errors (#10919)
* Installed @tryghost/members-ssr@0.2.1

refs https://github.com/TryGhost/Members/issues/38

This updates allows for dynamic access of the membersApi, which will be
used in future when replacing the membersApi instance with a newly
configured one.

* Set the membersApiInstance logger to use common.logging

refs https://github.com/TryGhost/Members/issues/38

Passes the Ghost logger to the members api, so that we can keep an eye
on errors produced by the api.

* Refactored memberService use to always use getter

refs https://github.com/TryGhost/Members/issues/38

This will allow us to switch out the membersApi and the consumers of it
to have the updated reference by going through a getter.

* Installed @tryghost/members-api@0.3.0

refs https://github.com/TryGhost/Members/issues/38

Adds support for setting the logger

* Uninstalled stripe@7.0.0

refs https://github.com/TryGhost/Members/issues/38

The stripe module is now a dep of members-api, as it should be

* Updated members service to reconfigure settings

refs https://github.com/TryGhost/Members/issues/38

Previously we were unable to stop an invalidly configured members api
instance, now that we create a new instance, we can wait for the ready
or error event and only switch it out then.
2019-07-18 15:37:11 +08:00
Nazar Gargol
d3ca12056f Version bump to 2.25.8 2019-07-17 17:45:21 +02:00
Fabien O'Carroll
c2e4d0f6be Version bump to 2.25.7 2019-07-16 16:01:28 +08:00
Renovate Bot
c521b6632d Update dependency markdown-it to v9 2019-07-15 13:32:21 +01:00
Fabien O'Carroll
ff8e3ed953 💡 Bumped minimum node v8.x version to v8.10.0
refs https://github.com/TryGhost/Ghost-CLI/issues/952
2019-07-15 19:40:56 +08:00
Renovate Bot
033e58e4ac Update dependency knex to v0.19.0 2019-07-15 16:37:34 +08:00
Renovate Bot
6eefce3349 Update dependency brute-knex to v4 2019-07-15 16:13:14 +08:00
Renovate Bot
c7e30e9970 Update dependency intl-messageformat to v5 2019-07-15 14:27:05 +08:00
Renovate Bot
a926adfd6c Update dependency probe-image-size to v4.1.1 2019-07-15 14:26:19 +08:00
Renovate Bot
e497486e78 Update dependency intl-messageformat to v4.4.0 2019-07-15 14:17:04 +08:00
Renovate Bot
07215bd040 Update dependency probe-image-size to v4.0.1 2019-07-15 05:24:55 +00:00
Renovate Bot
848640eda2 Update dependency mock-knex to v0.4.6 2019-07-15 04:25:22 +00:00
Renovate Bot
79b2cb7294 Update dependency markdown-it-footnote to v3.0.2 2019-07-15 03:25:21 +00:00
Renovate Bot
0e29b57ab3 Update dependency lodash to v4.17.14 2019-07-15 02:25:23 +00:00
Renovate Bot
6d3cd93107 Update dependency gscan to v2.6.3 2019-07-15 01:54:27 +00:00
Renovate Bot
1b56892e33 Update dependency ajv to v6.10.2 2019-07-15 01:25:12 +00:00
Renovate Bot
c55f341632 Update dependency lodash to v4.17.13 [SECURITY] 2019-07-11 11:26:39 +00:00
Rish
a2406d6d06 Version bump to 2.25.6 2019-07-11 15:46:12 +05:30
Rish
39e2a17023 Version bump to 2.25.5 2019-07-09 18:39:18 +05:30
Fabien O'Carroll
d9d8d91b6a
Fixed members auth pages flashing on open (#10889)
closes #10888

The real work for this was done in:
https://github.com/TryGhost/Members/pull/37

Installed @tryghost/members-auth-pages@1.1.0
Installed @tryghost/members-theme-bindings@0.2.3
2019-07-09 19:05:47 +08:00
Fabien O'Carroll
177411045a
Moved members static pages to members api URL (#10887)
* Installed @tryghost/members-api@0.2.0

refs #10886

This will allow us to mount one router rather than having a static and
api router.

* Added members v2 api directory

refs #10886

This brings the members api more inline with how the rest of the apis
work within Ghost.

* Mounted the members api app to the api route

closes #10886

This successfully mounts the api and the static pages to the
/api/v2/members/ URL.

* Installed @tryghost/members-auth-pages@1.0.0

refs #10886

This updates the auth pages to work correctly with the new mount point.

* Changed membersUrl in members.js to use members api

refs #10886

This keeps the membersUrl lined up with the path for the static
members pages.

* Removed old members static mount point

refs #10886

These are no longer used, nor desired.

* Remove superfluous code from members service

refs #10886

This remove the gateway getter which is no longer used, and the fallback
for members not enabled - which is handled within the members app.

* Updated ssoOrigin to use admin url

refs #10886

This ensures that sites running on a separate admin domain have the
correct ssoOrigin, which is used to ensure only the designated auth
pages are used to hit the authentication endpoints.

Since the auth pages are now hosted under the `/ghost` url, they will be
on the admin origin and not the site origin
2019-07-09 19:02:44 +08:00
Renovate Bot
f2ef27243a Update dependency ajv to v6.10.1 2019-07-08 01:25:46 +00:00
Nazar Gargol
2048ea5cb2 Bumped eslint-plugin-ghost version to 0.4.0
no issue

- This version allows for async/await syntax to be used in the codebase which is available after dropping Node v6 support
2019-07-05 17:36:02 +02:00
renovate[bot]
db53ac0721 Update Test & linting packages (major) (#10858)
no issue 

- Updated Test & linting packages
- Updated use of hasOwnProperty
- Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins)
- Removed already defined built-in global variable Intl
- Applied `--fix` with lint command on `core/test` folder
- The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes)
- Removed redundant global variable declarations to pass linting
2019-07-05 13:40:43 +02:00
Nazar Gargol
5aa0a2134b Reverted moment-timezone bump back to 0.5.23
refs #10870

- Added moment-timezone to Renovate's ignore list
- Described reasoning  in https://github.com/TryGhost/Ghost/issues/10870
2019-07-04 13:56:13 +02:00
renovate[bot]
1f32a1372f Update dependency got to v9 (#10861)
no issue 

- The underlying issue is the change in retry behavior in 'got' (a3e77de287)
- Now 500 responses trigger 2 default retries
- Renamed retries -> retry. As mentioned in https://github.com/sindresorhus/got/releases/v9.0.0
- Added response body error check
2019-07-04 10:36:51 +02:00
Renovate Bot
1225bd2fe9 Update dependency glob to v7 2019-07-04 10:18:12 +05:30
Renovate Bot
b508fd70ba Update dependency intl-messageformat to v4 2019-07-04 10:05:46 +05:30
Renovate Bot
a2473cbb42 Update dependency stripe to v7 2019-07-04 09:59:27 +05:30
Renovate Bot
cbaa7fde3b Update dependency fs-extra to v8 2019-07-02 19:10:12 +02:00
Renovate Bot
5bb732546f Update dependency knex-migrator to v3.3.2 2019-07-02 16:23:28 +02:00
Renovate Bot
bfa416cbf6 Update dependency body-parser to v1.19.0 2019-07-02 13:39:47 +02:00
Renovate Bot
052271272b Update dependency sqlite3 to v4.0.9 2019-07-02 11:39:33 +00:00
Renovate Bot
c214203015 Update dependency sanitize-html to v1.20.1 2019-07-02 13:36:49 +02:00
Renovate Bot
83ed38c2e0 Update dependency jsonpath to v1.0.2 2019-07-02 11:15:38 +00:00
Renovate Bot
4b7a1bffec Update dependency node-jose to v1.1.3 2019-07-02 10:31:28 +00:00
Renovate Bot
4753017d6a Update dependency moment-timezone to v0.5.25 2019-07-02 10:30:03 +00:00
Renovate Bot
c14849d761 Update dependency mock-knex to v0.4.5 2019-07-02 12:29:31 +02:00
Renovate Bot
b4a2305f64 Update dependency mobiledoc-dom-renderer to v0.6.6 2019-07-02 10:28:37 +00:00
Renovate Bot
90f0d38ad2 Update dependency mysql to v2.17.1 2019-07-02 12:26:23 +02:00
Renovate Bot
1371684b38 Update dependency connect-slashes to v1.4.0 2019-07-02 12:12:28 +02:00
Renovate Bot
f4dd1d173f Update dependency bson-objectid to v1.3.0 2019-07-02 12:10:29 +02:00
Renovate Bot
352fec4c00 Update dependency gscan to v2.6.2 2019-07-02 10:02:49 +00:00
Renovate Bot
ddfc0801f8 Update dependency cookie to v0.4.0 2019-07-02 11:58:53 +02:00
Renovate Bot
62e0a17aa3 Update dependency image-size to v0.7.4 2019-07-02 11:54:36 +02:00
Renovate Bot
e146737aff Update dependency jsonwebtoken to v8.5.1 2019-07-02 11:47:22 +02:00
Renovate Bot
0ed0c49732 Update dependency grunt-contrib-compress to v1.5.0 2019-07-02 11:41:15 +02:00
Renovate Bot
189ce9bc1d Update dependency express-session to v1.16.2 2019-07-02 11:37:27 +02:00
Renovate Bot
5a316c3c80 Update dependency express to v4.17.1 2019-07-02 11:30:35 +02:00
Renovate Bot
a51008a034 Update dependency knex-migrator to v3.2.6 2019-07-02 09:27:54 +00:00
Renovate Bot
2dcb1a3776 Update dependency csv-parser to v2.3.0 2019-07-02 11:27:16 +02:00
Renovate Bot
9564757d8d Update dependency ajv to v6.10.0 2019-07-02 11:13:53 +02:00
Renovate Bot
0abc8971b4 Pin dependency grunt-contrib-symlink to 1.0.0 2019-07-02 11:08:33 +02:00
Renovate Bot
885ce6eb44 Update dependency cookie-session to v1.3.3 2019-07-02 11:04:52 +02:00
Renovate Bot
2e0067d877 Update dependency html-to-text to v5 2019-07-02 11:00:00 +02:00
Renovate Bot
d88a41628e Update dependency semver to v6 2019-07-02 10:56:03 +02:00
Renovate Bot
b3561dcee4 Update dependency sharp to v0.22.1 2019-07-02 10:52:46 +02:00
Renovate Bot
deeafe9734 Update dependency compression to v1.7.4 2019-07-02 08:26:50 +00:00
Renovate Bot
2cf40d2f6f Update dependency bson-objectid to v1.2.5 2019-07-02 07:30:13 +00:00
Renovate Bot
82d146577c Update dependency @tryghost/members-auth-pages to v0.2.2 2019-07-02 06:48:32 +00:00
Renovate Bot
7638ca4d77 Update dependency @tryghost/helpers to v1.1.6 2019-07-02 05:23:38 +00:00
Renovate Bot
2f7e6d21ae Update dependency bluebird to v3.5.5 2019-07-02 04:04:31 +00:00
Renovate Bot
c576a2d724 Update dependency @tryghost/members-api to v0.1.2 2019-07-02 03:29:16 +00:00
Renovate Bot
9da9b2f448 Update dependency @nexes/nql to v0.2.2 2019-07-02 02:31:50 +00:00
Renovate Bot
3eeb81a19c Update Build Tool 2019-07-02 01:31:27 +00:00
Fabien O'Carroll
9f2e1bfde7 Version bump to 2.25.4 2019-07-01 13:31:22 +07:00
Kevin Ansfield
b35269f933 Version bump to 2.25.3 2019-06-26 14:02:07 +01:00
Kevin Ansfield
3229de75f8 Revert "Replaced keypair with rsa-keypair module (#10758)"
This reverts commit 64735693be.

- `rsa-keypair` is a binary dependency that was failing to install for a lot of users, reverting for now so we can look at alternative options for speeding up boot time
2019-06-26 14:00:25 +01:00
Kevin Ansfield
c3a493bfeb Version bump to 2.25.2 2019-06-25 13:22:54 +01:00
Fabien O'Carroll
da3f55dd9d Updated express-hbs to 2.1.2
no-issue

ronseal.
2019-06-25 16:19:33 +07:00
Fabien O'Carroll
bb1ee3c265 Updated members-theme-bindings & public/members.js
no-issue

This updates Ghost to inject the exact urls we want to use for both the
static members pages and the ssr endpoints we've configured for the
frontend. This allows us to changes these without having to update the
members repository, and gives a cleaner split between the two.
2019-06-25 15:13:52 +07:00
Nazar Gargol
e5391519eb Bumped js-yaml version to 3.13.1
no issue

- The 3.13.1 version contains security fixes described in b2f9e88239
2019-06-24 15:47:37 +02:00
Daniel Lockyer
64735693be Replaced keypair with rsa-keypair module (#10758)
refs #10789 

Speed up Ghost boot time by replacing the JS-only RSA key generator
library with a native alternative.
2019-06-21 16:51:44 +07:00
Fabien O'Carroll
cbe8d1885c Version bump to 2.25.1 2019-06-19 13:58:12 +07:00
Naz Gargol
abda6e6338
Migrated to use url-utils from Ghost-SDK (#10787)
closes #10773

- The refactoring is a substitute for `urlService.utils` used previously throughout the codebase and now extracted into the separate module in Ghost-SDK
- Added url-utils stubbing utility for test suites
- Some tests had to be refactored to avoid double mocks (when url's are being reset inside of rested 'describe' groups)
2019-06-18 15:13:55 +02:00
Fabien O'Carroll
a63d29f859 Version bump to 2.25.0 2019-06-18 19:38:29 +07:00
Fabien O'Carroll
262c27c8e8 Version bump to 2.24.0 2019-06-18 19:25:06 +07:00
Kevin Ansfield
bbae006eb5
Speed up image-size utility functions (#10784)
no issue

- add `probe-image-size` dependency
- use `probe-image-size` to fetch partial image data over the network where possible
2019-06-11 16:25:15 +01:00
Rish
c5cb7a6155 Version bump to 2.23.4 2019-06-11 16:51:41 +05:30
Kevin Ansfield
6fd2db2ed4 Update amperize to v0.5.2
no issue
- includes a couple of bug fixes for fallback from probe-image-size to image-size
2019-06-11 12:17:28 +01:00
Kevin Ansfield
f34a9d2e36 Update amperize to v0.5.1
no issue

- includes fix for http->https conversion that broke tests in 90b0c8d3bb
2019-06-10 11:14:00 +01:00
Kevin Ansfield
90b0c8d3bb 🚀 Speed up initial generation of /amp/ content with many images
no issue

- update `amperize` to v0.5.0 which includes partial image loading and parallel network requests for fetching image dimensions
2019-06-10 09:53:25 +01:00
Nazar Gargol
f5544e7831 Migrated to use @tryghost/social-urls package
refs #10618

- /lib/social/urls was extracted into SDK to move more modules out of the core and reduce coupling of the theme layer
2019-06-06 17:10:13 +02:00
Kevin Ansfield
bdf1383b30 Version bump to 2.23.3 2019-06-06 11:15:47 +01:00
Kevin Ansfield
07e9490621
🐛 Fixed server crash when AMP posts contain images with unescaped chars (#10775)
no issue

- bump `amperize` to v0.4.0 which contains an updated version of `got` which does not crash on invalid image urls
2019-06-05 17:31:23 +01:00
Nazar Gargol
74d5bf3822 Version bump to 2.23.2 2019-06-04 13:01:40 +02:00
Naz Gargol
acdcadc396
🔥 Dropped Node v6 support (#10771)
no issue
    
- Node v6 has come to EOL as of 2019-04-30 (ref. https://github.com/nodejs/Release#end-of-life-releases)
- Removed Node v6 specific tests and code
2019-06-03 14:20:23 +02:00
Kevin Ansfield
525c2753ec Update dependency @tryghost/html-to-mobiledoc to v0.4.1
no issue

- includes a fix for text content potentially being lost when converting html to mobiledoc via the API
2019-06-03 12:34:35 +01:00
Kevin Ansfield
81ebe3e8a3 Version bump to 2.23.1 2019-05-28 18:36:10 +01:00
Kevin Ansfield
5ee76a3f85 Version bump to 2.23.0 2019-05-27 10:57:22 +01:00
Kevin Ansfield
7ea161ae04 Version bump to 2.22.3 2019-05-23 13:49:24 +01:00
Fabien O'Carroll
0918844e75 Version bump to 2.22.2 2019-05-21 12:09:14 +02:00
Fabien O'Carroll
5b0b7e4d8d Version bump to 2.22.1 2019-05-14 11:16:04 +02:00
Nazar Gargol
bb7bb55cf3 Bumped gscan version to 2.6.0
no issue

- Updated valid theme fixture to be inline with warning that was added when using {{each}} helper instead of {{foreach}}
2019-05-08 16:56:22 +02:00
Fabien O'Carroll
c101fd90d7
Removed lib/members in favour of packages (#10739)
* Installed `@tryghost/members-{api,auth-pages}`

no-issue

* Used @tryghost/members-auth-pages in member service

no-issue

* Used @tryghost/members-api in members service

no-issue

* Deleted core/server/lib/members

no-issue

* Fixed parent app tests

no-issue

Requiring the members api (via the `gateway` getter) was throwing an
error, so we stub out the members service getters
2019-05-08 14:08:25 +02:00
Nazar Gargol
53b300d7bf Version bump to 2.22.0 2019-05-07 12:37:29 +02:00
Rish
a4f4a00cc4 Updated to use slugify method from SDK for safe string
refs #10618

- Updated lib safe string security method
2019-05-07 15:33:07 +05:30
Fabien O'Carroll
4563999352 🐛 Fixed password submission for private blogging
no-issue

This bump to members-ssr includes an update which no longer consumes the
request stream when calling getMemberDataFromSession. Previously, this
method was called on every request to the theme layer, and the
private-blogging middleware was unable to parse the body as the request
stream had already been consumed.
2019-05-06 12:38:38 +02:00
Kevin Ansfield
75ae3f8736 Added parsing of html cards when using ?source=html with the v2 Admin API
no issue

- when sending `html` with `?source=html` to the v2 Admin API it's now possible to include blocks of HTML that will be extracted to html cards rather than going through the normal lossy html-to-mobiledoc conversion

Example usage would be sending HTML in the following format:

```html
<p>Some standard content...</p>

<!--kg-card-begin: html-->
<div class="my-custom-html">...</div>
<!--kg-card-end: html-->

<p>Some more content...</p>
```

In this case an html card will be created in the mobiledoc with the content `<div class="my-custom-html">...</div>`.
2019-05-04 11:30:59 +01:00
Kevin Ansfield
9f9dde3107 Added caption and language extraction for code blocks when converting HTML via API
no issue
- update @tryghost/html-to-mobiledoc to v0.3.0
- uses updated @tryghost/kg-parser-plugins that is now shared with Ghost-Admin
2019-05-03 11:55:38 +01:00
Fabien O'Carroll
5e33f0771d Moved cpy-cli to dependencies
no-issue

This needs to be installed as a top level dependency so that it can run
on all install contexts
2019-05-01 18:43:44 +02:00
Fabien O'Carroll
cade823ba7 🐛 Fixed postinstall script when running on Windows
no-issue

The previous postinstall script used the unix specific `cp` command,
which caused installing on Windows to break. This replaces it with an
npm module which handles copying files agnostic to platform.
2019-05-01 18:09:04 +02:00
Nazar Gargol
17cc70b94b Bumped bookshelf-relations version to 1.1.1 2019-04-30 17:11:40 +02:00
Kevin Ansfield
3d16b50fc0 Version bump to 2.21.1 2019-04-30 11:10:02 +02:00
Fabien O'Carroll
59c57a9216 Copied members-theme-bindings to public post install
no-issue
2019-04-24 12:46:00 +02:00
Fabien O'Carroll
5d02d1999c Installed @tryghost/members-theme-bindings@0.1.0
no-issue
2019-04-24 12:46:00 +02:00
Fabien O'Carroll
2edda4c757 Version bump to 2.21.0 2019-04-23 11:34:46 +02:00
Rish
c53e66d49a Version bump to 2.20.1 2019-04-17 18:31:47 +05:30
Rish
4d0643fb49 🐛 Fixed crash in calculating reading time for empty posts
no issue

- Updated helpers package to fix `null` html cases in case of empty post content
2019-04-17 15:12:01 +05:30
Fabien O'Carroll
f9899cb8c4
Updated theme layer to use members-ssr (#10676)
* Removed support for cookies in members auth middleware

no-issue

The members middleware will no longer be supporting cookies, the cookie
will be handled by a new middleware specific for serverside rendering,
more informations can be found here:

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Removed members auth middleware from site app

no-issue

The site app no longer needs the members auth middleware as it doesn't
support cookies, and will be replaced by ssr specific middleware.

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Added comment for session_secret setting

no-issue

We are going to have multiple concepts of sessions, so adding a comment
here to be specific that this is for the Ghost Admin client

* Added theme_session_secret setting dynamic default

no-issue

Sessions for the theme layer will be signed, so we generate a random hex
string to use as a signing key

* Added getPublicConfig method

* Replaced export of httpHandler with POJO apiInstance

no-issue

This is mainly to reduce the public api, so it's easier to document.

* Renamed memberUserObject -> members

no-issue

Simplifies the interface, and is more inline with what we would want to export as an api library.

* Removed use of require options inside members

no-issue

This was too tight of a coupling between Ghost and Members

* Simplified apiInstance definition

no-issue

* Added getMember method to members api

* Added MembersSSR instance to members service

* Wired up routes for members ssr

* Updated members auth middleware to use getPublicConfig

* Removed publicKey static export from members service

* Used real session secret

no-issue

* Added DELETE /members/ssr handler

no-issue

This allows users to log out of the theme layer

* Fixed missing code property

no-issue

Ignition uses the statusCode property to forward status codes to call sites

* Removed superfluous error middleware

no-issue

Before we used generic JWT middleware which would reject, now the
middleware catches it's own error and doesn't error, thus this
middleware is unecessary.

* Removed console.logs

no-issue

* Updated token expirty to hardcoded 20 minutes

no-issue

This returns to our previous state of using short lived tokens, both for
security and simplicity.

* Removed hardcoded default member settings

no-issue

This is no longer needed, as defaults are in default-settings.json

* Removed stripe from default payment processor

no-issue

* Exported `getSiteUrl` method from url utils

no-issue

This keeps inline with newer naming conventions

* Updated how audience access control works

no-issue

Rather than being passed a function, members api now receives an object
which describes which origins have access to which audiences, and how
long those tokens should be allowed to work for. It also allows syntax
for default tokens where audience === origin requesting it. This can be
set to undefined or null to disable this functionality.

{
    "http://site.com": {
        "http://site.com": {
            tokenLength: '5m'
        },
        "http://othersite.com": {
            tokenLength: '1h'
        }
    },
    "*": {
        tokenLength: '30m'
    }
}

* Updated members service to use access control feature

no-issue

This also cleans up a lot of unecessary variable definitions, and some
other minor cleanups.

* Added status code to auth pages html response

no-issue

This was missing, probably default but better to be explicit

* Updated gateway to have membersApiUrl from config

no-issue

Previously we were parsing the url, this was not very safe as we can
have Ghost hosted on a subdomain, and this would have failed.

* Added issuer to public config for members

no-issue

This can be used to request SSR tokens in the client

* Fixed path for gateway bundle

no-issue

* Updated settings model tests

no-issue

* Revert "Removed stripe from default payment processor"

This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845.

* Revert "Removed hardcoded default member settings"

This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a.

* Installed @tryghost/members-ssr

* Fixed tests for settings model
2019-04-16 16:50:25 +02:00
Rish
770f6afa2a Version bump to 2.20.0 2019-04-16 16:42:31 +05:30
Rish
1ca3ba9a6e Updated Ignition to 3.1.0
no issue

- Bumped Ghost Ignition to 3.1.0 to support more options
2019-04-16 16:32:50 +05:30
Rishabh Garg
62f5bdac4c
Updated to use count words/images helpers from SDK (#10686)
refs #10618

- Added @tryghost/helpers dependency to use Ghost-SDK helpers
- Updated countWords, countImages helpers and removed local copy
2019-04-16 08:00:01 +05:30
Fabien O'Carroll
5460de9c58 Updated gscan to 2.5.0
no-issue

This includes a bump to handlebars -> 4.1.2, which fixes a potential RCE
https://github.com/wycats/handlebars.js/blob/v4.1.2/release-notes.md#v412---april-13th-2019
2019-04-15 14:30:37 +02:00
Fabien O'Carroll
0f5ca616b8 Updated express-hbs to 1.1.1
no-issue

This includes a bump to handlebars -> 4.1.2, which fixes a potential RCE
https://github.com/wycats/handlebars.js/blob/v4.1.2/release-notes.md#v412---april-13th-2019
2019-04-15 14:30:37 +02:00
Nazar Gargol
a7385f5e10 Version bump to 2.19.4 2019-04-09 19:30:37 +08:00
Fabien O'Carroll
3f52c404d4 Removed coverage tasks from Gruntfile
refs #9441
2019-04-08 18:23:35 +02:00
Kevin Ansfield
12e0366fc9 Version bump to 2.19.3 2019-04-04 14:58:48 +01:00