Commit Graph

271 Commits

Author SHA1 Message Date
Hannah Wolfe
4f5fb3d820 Swapped common for @tryghost/errors in core/server/web
- Update all references to common.errors to use @tryghost/errors
- Use dereferencing to only require used bits of common in each file
2020-04-09 19:40:00 +01:00
Fabien O'Carroll
a701ee7023
Added support for token session to /ghost (#11709)
no-issue

* Added default for getting origin of request

This function is used to attach the origin of the request to the
session, and later check that requests using the session are coming from
the same origin. This protects us against CSRF attacks as requests in
the browser MUST originate from the same origin on which the user
logged in.

Previously, when we could not determine the origin we would return
null, as a "safety" net.

This updates the function to use a secure and sensible default - which
is the origin of the Ghost-Admin application, and if that's not set -
the origin of the Ghost application.

This will make dealing with magic links simpler as you can not always
guaruntee the existence of these headers when visiting via a hyperlink

* Removed init fns and getters from session service

This simplifies the code here, making it easier to read and maintain

* Moved express-session initialisation to own file

This is complex enough that it deserves its own module

* Added createSessionFromToken to session service

* Wired up the createSessionFromToken middleware
2020-04-06 11:49:14 +02:00
Hannah Wolfe
7964c1de79 Updated image middleware to use new shared function
- we have a function for generating _o filenames in @tryghost/image-transform as of v0.2.0
- this  updates our Ghost code to use it
2020-03-30 18:33:59 +01:00
Hannah Wolfe
d9dfdd775e
Replaced image manipulation w/ @tryghost/image-transform (#11687)
- moved image.manipulation lib to a new package called @tryghost/image-transform
- new package has an updated API signature, so the method calls have changed but the underlying code is identical
- removed the optional sharp dependency from Ghost, as this is now optionally required by the image-transform module
2020-03-25 17:33:03 +00:00
Hannah Wolfe
7e0c71509b Moved apps service to frontend
- App service is for our internal frontend apps
- This is a very straightforward move as this truly belongs to frontend
2020-03-23 19:43:01 +00:00
Hannah Wolfe
8c1a0b8d0c Remove External Apps
- Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years.
- We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work
- This cleans up the remainder of the logic
- The tables should be cleaned up in a future major
2020-03-20 10:40:22 +00:00
Hannah Wolfe
bc7906a7b2 Revert "Remove Apps"
This reverts commit cbb59a57db.
2020-03-20 08:58:26 +00:00
Hannah Wolfe
cbb59a57db Remove Apps
- Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years.
- We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work
- This cleans up the remainder of the logic
- The tables should be cleaned up in a future major
2020-03-19 19:06:17 +00:00
Fabien O'Carroll
d246a4761e Implemented externally verifiable identity tokens
no-issue

This adds two new endpoints, one at /ghost/.well-known/jwks.json for exposing
a public key, and one on the canary api /identities, which allows the
Owner user to fetch a JWT.

This token can then be used by external services to verify the domain

* Added ghost_{public,private}_key settings

    This key can be used for generating tokens for communicating with
    external services on behalf of Ghost

* Added .well-known directory to /ghost/.well-known

    We add a jwks.json file to the .well-known directory which exposes a
    public JWK which can be used to verify the signatures of JWT's created
    by Ghost

    This is added to the /ghost/ path so that it can live on the admin
    domain, rather than the frontend. This is because most of its
    uses/functions will be in relation to the admin domain.

* Improved settings model tests

    This removes hardcoded positions in favour of testing that a particular
    event wasn't emitted which is less brittle and more precise about what's
    being tested

* Fixed parent app unit tests for well-known

    This updates the parent app unit tests to check that the well-known
    route is mounted. We all change proxyquire to use `noCallThru` which
    ensures that the ubderlying modules are not required. This stops the
    initialisation logic in ./well-known erroring in tests

https://github.com/thlorenz/proxyquire/issues/215

* Moved jwt signature to a separate 'token' propery

    This structure corresponds to other resources and allows to exptend with
    additional properties in future if needed
2020-03-16 13:22:04 +01:00
Naz
b0ff1e7cac
Added member login resource to Admin API (#11607)
no issue

- Adds 'GET /members/:id/signin_urls' endpoint to Admin API allowing to fetch login URL for member. This URL allows to log in as a member which is useful in situations when you need to impersonate a member (for example to debug some issue they are having)
- Added member_signin_urls permission with migrations. Only the "Owner" user can read "signin_urls" resource. Admin and other users will be denied access
2020-02-27 11:48:02 +08:00
Nazar Gargol
258bcc71bf Added minified members.js file handling
refs 91984b54ca

- For request effieciency we should be using a minified file just like we did previously with `ghost-sdk.js`
- Modified 'max-age' caching header to 1 year  for both minified and non-minified files as thay won't affect dev environment and should be beneficial for self-hosting instances that don't use minification
- Along the way corrected an extra 301 redirect because `/public/member.js` path wasn't using a bakslach in the end.
2020-02-26 14:08:10 +08:00
Naz
3af621ea9a
Added handling allowing members to edit their billing info (#11571)
no issue

- This functionality allows member to update their billing information, like credit card information.
- Adds handler to update Stripe billing when element with `data-members-edit-billing` attribute is present on the page. Additional `data-members-success` and `data-members-cancel` attributes could be used to control the redirects on billing update success or failure. They work in the same fission as for 'members-plan' (https://ghost.org/docs/members/checkout-buttons/#redirects)
2020-02-26 12:42:41 +08:00
Kevin Ansfield
2f55baccd7 Added "trust proxy" to members API app
no issue

- match the other express apps, makes sure that we have access to the correct IP and forwarded host names when running behind proxies
2020-02-20 18:20:57 +00:00
Daniel Lockyer
6dcb1094aa Refactored variable name to match intent
no issue
2020-02-20 11:56:01 +00:00
Daniel Lockyer
28071a242a Fixed error reporting to Sentry
no issue

- some errors weren't being reported because they were being passed to
  Sentry before our middleware could populate the error information
- this commit inserts the Sentry middleware into these steps
2020-02-17 13:52:01 +00:00
Kevin Ansfield
02c034068c Fixed error when serving public images from servePublicFile middleware
no issue

- when `servePublicFile` middleware serves an image it resulted in a "Cannot set headers after they are sent to the client" error because `next()` was erroneously called for successful requests which then tripped the `prettyUrls` middleware which tries to perform a redirect
- only calling `next()` when an error is present allows errors to be picked up by later middleware but successful requests end in the `servePublicFile` middleware
2020-02-17 09:24:15 +00:00
Rishabh Garg
001db05075
Added labels for Members (#11538)
no issue

* Updated sendEmailWithMagicLink syntax

* Updated label name selection from theme

* Updated migration version for labels

* Added labels to export/import of members

* Added member labels sanitization for case-insensitive duplicates

* Fixed tests

* Fixed label serialization bug on import

* Bumped @tryghost/members-api to 0.15.0

* Fixed lint

* Cleanup
2020-02-14 15:03:10 +05:30
Kevin Ansfield
830610d243 Fixed serving of binary public files
no issue

- serving of our public asset images was broken
  - we were reading the binary file in as a string so we could do url transforms, this meant data was lost/corrupted and browsers could not display the served data
  - we were using the wrong mime-type for pngs which meant browsers were triggering downloads rather than displaying images (at least when accessed directly)
- updates uses of `servePublicFile` to have the correct png mimetype
- adjusts `servePublicFile` to treat any mime type starting with `image` as a binary file, passing the file directly through express using `res.sendFile` and skipping the in-memory content caching which is mostly only useful for text files with URL transforms
2020-02-10 09:51:32 +00:00
Daniel Lockyer
a510e075b6 Handled missing file extensions for resized image requests
no issue

- if a request was sent for an resized image URL that didn't contain a
  file extension, the code would eventually end up throwing a 500
- this commit checks for this case and returns a 404
2020-02-04 08:04:22 +00:00
Daniel Lockyer
7751e78c98 Integrated Sentry error tracking
no issue

- this allows tracking of application errors within Sentry
- only enabled for HTTP 500 errors for now
- it is disabled by default
2020-02-03 13:43:43 +00:00
Kevin Ansfield
68e2274d6d Reverted "Integrated Sentry error tracking"
This reverts commit 6e024331eb.

Temporarily reverting whilst we investigate an issue with Sentry and running Ghost via Ghost-CLI.

Ghost-CLI initiated boot was failing when Sentry was installed due to what appears to be `process.cwd()` returning `undefined` here https://github.com/TryGhost/Ignition/blob/master/lib/config/index.js#L26
2020-01-28 17:21:37 +00:00
Daniel Lockyer
6e024331eb Integrated Sentry error tracking
no issue

- this allows tracking of application errors within Sentry
- only enabled for HTTP 500 errors for now
- it is disabled by default
2020-01-22 12:15:10 +07:00
Daniel Lockyer
dbcffe9245 🐛 Handled trailing slashes in resized image URLs
no issue

- requests for resized images with a trailing slash would end up
  throwing a EISDIR error because it got through to writing an
  image buffer to a directory
- we want to cut this off early and disallow trailing slashes
2020-01-18 13:45:22 +07:00
Naz Gargol
e277c6bad3
Added member's subscription cancellation helper {{cancel_link}} (#11434)
no issue

- The helper allows generating HTML needed to cancel or continue the member's subscription depending on subscription state.
- Added public members endpoint to allow updating subscription's `cancel_at_period_end` attribute available at: `PUT /api/canary/members/subscriptions/:id/`
- Added client-side hook to allow calling subscription cancellation. Allows to create elements with `data-members-cancel-subscription` / `data-members-continue-subscription` attributes which would call subscription update.
- Updated schema and added migration for `current_period_end` column
- As discussed we only add a single column to  subscriptions table to avoid preoptimizing for future cases
- Added {{cancel_link}} helper
- Added error handling for {{cancel_link}} when members are disabled
- Added test coverage for {{cancel_link}} helper
- Bumped @tryghost/members-api version to 0.10.2. Needed to use `updateSubscription` middleware
- Bumped gscan to 3.2.0. Needed to recognize new {{cancel_link}} helper
2019-12-12 19:59:15 +07:00
Nazar Gargol
75e8caa76c Removed unexisting member endpoints from API key access whitelist
no issue

- /members endpoints are not available under API v2, removed them from the whitelist to avoid confusion
2019-12-09 13:21:38 +07:00
Fabien O'Carroll
2cd8f89933 🐛 Fixed 500 errors for incorrect Origin headers (#11433)
no-issue

Our function for determining cors options created a new instance of URL
without wrapping it in a try/catch which meant any failures to parse the
URL bubbled down as a 500 error.

500 errors are commonly used for alerting at the infrastructure level,
and this error is definitely one caused by a badly configured client, so
we wrap the construction and crap out with a Bad Request Error (HTTP
400) if it fails.
2019-12-04 18:06:30 +07:00
Nazar Gargol
3d49f3ed15 Renamed authentication middleware to createSessionFromToken
no issue

- This rename comes in to describe better what actually happens behind the middleware instead of catch-all "authentication"
2019-12-04 09:49:13 +02:00
Nazar Gargol
0be2c21f68 Renamed logout middleware to deleteSession
no issue

- This rename is meant to clarify what exactly happens behind the logout and be inline with `login`-> `getIdentityToken` rename
2019-12-04 09:49:13 +02:00
Fabien O'Carroll
046bd652e5 Renamed login middleware to getIdentityToken
no-issue

This name `login` was misleading as this middleware didn't login
members, that was handled by the `authentication` middleware,
specifically `exchangeTokenForSession`
2019-12-04 09:49:13 +02:00
Kevin Ansfield
f9f2d36f53 Merge branch 'mega' 2019-11-27 12:12:27 +00:00
Kevin Ansfield
6a057fad99
Added /emails/:id/retry/ endpoint for retrying failed emails (#11410)
We want to allow admin users to trigger a retry of failed emails without having to go through the unpublish/republish dance.

- fixed resource identifier in email permissions migration so email permissions are added correctly
- added new email permissions migration so that beta releases can be upgraded without rollback (will be a no-op for any non-beta upgrades)
- added `/emails/:id/retry/` canary Admin API endpoint
  - follows same URL pattern as theme activation
  - only triggers mega service retry endpoint if the email has a `'failed'` status
2019-11-22 14:20:32 +00:00
Naz Gargol
193c179110
Extracted members-specific middleware from site app module (#11405)
no issue

- In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually
- Added "members enabled check" middleware to stripe webhook endpoint
- Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware
- Extracted member-specific public file middleware
- Unified use of `labs.member` alias method. Done for code style consistency
- Added basic members' test suite. This is a base we could work from when more modifications are needed
- Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d
2019-11-21 10:01:24 +07:00
Kevin Ansfield
1c8b78818f Merge branch 'master' into mega 2019-11-18 11:09:46 +00:00
Kevin Ansfield
ee47dd4dae
Added /unsubscribe/ route to the front-end (#11394)
no issue

- adds new router to the frontend for handling unsubscribe
- default template lives in `core/server/frontend/views/unsubscribe.hbs`
- `{{error}}` is present and contains the error message when unsubscribe fails
- `{{member}}` is present and contains the member email
- updated unsubscribe url to match the new format
2019-11-15 09:36:49 +00:00
Nazar Gargol
ae14eb00f9 Implemented GET /emails/:id endpoint 2019-11-06 15:56:56 +07:00
Fabien O'Carroll
a7e7f74f8b Wired up middleware to handle unsubscribing
no-issue
2019-11-06 15:30:37 +07:00
Hannah Wolfe
9a2719ac4f Decoupled routing service and theme service
- This is a fairly temporary state
- It at least removes the themeService require from inside the routingService
- Requires us to pass the routingService the desired API Version...
- We're working towards having the entire frontend respect the theme API version by having it passed around everywhere
2019-11-06 15:20:13 +07:00
Rish
9018e64493 Fixed email preview auth for test mails
no issue
2019-11-06 13:15:14 +07:00
Rish
4a53184d7f Added send preview email API
no issue
2019-11-05 16:09:18 +07:00
Nazar Gargol
61af0e08ae Added email preview endpoint to Admin API 2019-11-05 12:15:50 +07:00
Kevin Ansfield
a339a838b3
Removed /api/v2/members/ endpoints (#11308)
no issue

- this was a hangover from earlier members betas
- members is only available on `v3` and `canary` APIs
2019-10-31 11:11:46 +00:00
Kevin Ansfield
7284227f1e
🐛 Fixed 404s when using a proxy setup (#11269)
no issue

When using certain proxy setups that result in `host` and `x-forwarded-host` being different, it became impossible to access Ghost because all routes showed generic 404 pages.

- `vhost` module that we are using to separate front-end and admin urls does not use express' `req.hostname` so it does not pick up the `x-forwarded-host` url that express' `'trust proxy'` config gives us
- switched to the forked `@tryghost/vhost-middleware` package which has a one-line change to use `req.hostname || req.host`
- added `'trust proxy'` config to the admin express app and switched to using `req.hostname` in our redirect code to avoid infinite redirect loops
2019-10-28 11:22:05 +00:00
Kevin Ansfield
78e16ddd3f Merge branch 'master' into v3 2019-10-11 11:31:31 +01:00
Fabien O'Carroll
58651caa32 Removed members endpoint from admin v2 api
no-issue
2019-10-10 17:51:46 +07:00
Naz Gargol
0225936292
Removed subscribers from the codebase (#11153)
refs https://github.com/TryGhost/Ghost/pull/11152

- Added subscribers table drop migration
- Removed subscribers from schema
- Removed subscribers controllers/routes/regression tests
- Removed subscriber related API code
- Removed subscribers from internal apps
- Removed subscriber importer
- Removed subscriber model
- Removed subscriber related permissions
- Removed webhook code related to subscribers
- When upgrading to v3 it is on the site admin to migrate all zapps or any other webhook clients to use members
- Removed subscriber-specific translation
- Removed subscriber lab flag
2019-10-09 11:47:04 +02:00
Kevin Ansfield
6028fde666 Merge branch 'master' into v3 2019-10-08 13:58:08 +01:00
Naz Gargol
a4462c5753
Added members CSV export to Admin API (#11198)
no issue
2019-10-03 20:36:22 +02:00
Naz Gargol
bb355ac9f2
Added members CSV import to Admin API (#11197)
no issue

- Improved error handling for member creation. We should be returning 422s instead of 500 when possible
- Wrapped `members.add` method with Bluebird promise. Wrapping is needed to be able to use `.reflect()` in CSV export method
- Added proper members CSV fixture
2019-10-03 19:59:19 +02:00
Kevin Ansfield
1fa70dea23
Whitelisted members endpoints for v2 and canary Admin APIs (#11196)
no issue

- http verbs needed to be whitelisted for the members endpoint to avoid `NotImplementedError`s when accessing
2019-10-03 17:28:20 +01:00
Naz Gargol
30326cbd2d
Added handling for PUT members endpoint (#11194)
no issue

- Adds the ability to edit `name` field for a specific member by using `PUT /members/:id` endpoint
2019-10-03 13:38:22 +02:00