refs https://github.com/TryGhost/Toolbox/issues/515
Tiers are very frequently queried and we want to reduce the number of DB calls
we're making. We can store the Tiers in-memory, using the existing in-memory
repository patterns, but still persisting writes the the database.
We also have to update our test helpers, because they were bypassing the
repository for writes, but using it for reads resulting in an invalid cache
We want to cache access to Tiers, and it's easier to do that in the
TierRepository. So we update a heavy user of Tiers to use the Tier
service so it can take adv of caching. The serializers are a big
offender for making calls to fetch Tiers.
- this dependency seems a pretty heavy one to require upon boot and
given most sites don't need it to function as normal, this saves
several MB of RAM per instance
closes https://github.com/TryGhost/Team/issues/3176
We were waiting for the welcome email to send before responding to the
client that setup is complete, this was causing the client to hang when
running `ghost install local` as mail isn't configured by default.
no issue
- the lexical lib file makes use of `jsdom` but there was no explicit dependency for it in `package.json` meaning we were relying on it being incidentally depended on through another package which is brittle
These versions use the latest version of @tryghost/errors, which uses
the correct import for @stdlib/utils-copy. This should hopefully stop
missing module errors when running locally.
We were incorrectly specifying the path of the file rather than relying on the
package exports, and this broke in the previous commit to a file rename. It
wasn't caught by CI because the browser tests are not run on pull requests
As discussed with the product team we want to enforce kebab-case file names for
all files, with the exception of files which export a single class, in which
case they should be PascalCase and reflect the class which they export.
This will help find classes faster, and should push better naming for them too.
Some files and packages have been excluded from this linting, specifically when
a library or framework depends on the naming of a file for the functionality
e.g. Ember, knex-migrator, adapter-manager
no issue
This pull request adds a new experimental feature flag `signupCard` to
the Ghost admin app, which enables a signup card component in the
lexical editor that's currently being worked on.
The feature flag can be toggled from the settings/labs
UI and is read from the server-side configuration.
Whilst Admin API Integrations had the permissions to create invites they were
blocked from doing so at the HTTP level. We've removed this restriction for
creating Invites as well as browsing Roles, because a Role ID is necessary to
create an invite. The code was also not setup to support Admin API Integrations
as it made assumptions about the existence of a User. That has been updated in
the permissions layer - so that the Invites are limited to Contributors,
Authors and Editors as well as at the email layer, which has has the copy and
from address updated to reflect the lack of a User creating the Invite.
refs 9d104c8511
- we've seen recurring instances where Ghost will hog memory after image
uploads
- we use `jemalloc` to try and help this, but it still seems to happen
- according to the sharp thread referenced in my commit above, memory
fragmentation can also be helped by reducing the concurrency within
sharp
- this is a bit of an experiment and we can revert if it causes issues
no issue
This commit removes the `memberAttribution` feature flag from the
codebase. Some CSS classes are not removed as removing them and updating
the associated CSS files have side effects sadly.
refs TryGhost/Team#3122
<!-- Leave the line below if you'd like GitHub Copilot to generate a
summary from your commit -->
<!--
copilot:summary
-->
### <samp>🤖 Generated by Copilot at 87727d9</samp>
Added `data-testid` attributes to various elements in the announcement
bar settings feature to enable Playwright testing. Fixed a potential bug
with the `visibilitySettings` getter in the `visibility.js` component.
Added Playwright tests for the announcement bar settings feature in
`announcement-bar-settings.spec.js`.
refs 27e4523aec
- we no longer use `oembed-parser`, so we can remove it from
package.json
- also pins the `@extractus/oembed-extractor` package and adds it into
`@tryghost/oembed-service` where it was missing
no issue
The post/page bulk actions weren't logged in the history log / actions
table.
This change adds support for logging bulk actions.
- New `addActions` static method on models. It creates an action log in
the database for multiple models at once. If only one model was edited,
deleted or added, it will fallback to `addAction`
- `addAction` can also be called statically now
- `actionName` option is now supported when using `addActions`,
`addAction`, and as a result also in all bulk manipulation methods, and
CRUD methods. This allows you to replace the default '5 posts edited'
into something more specific like '5 posts featured'
- Fixed support for null resource_id in the parse-history-event helper
- Removed the default 'published' status requirement when using
Post.findOne for internal queries.
refs TryGhost/Ghost#16048
- When attempting to embed a Youtube video that has had embedding
disabled by its owner/author, Ghost displayed a generic error message
that didn't indicate the reason for the failed emebed.
- This change updated the error message when Youtube (or any provider)
returns 401: Unauthorized to indicate that the owner of the resource has
explicitly disabled embedding.
no issue
This pull request removes the `suppressionList` feature flag and all its
dependencies from the codebase. It makes the suppression list feature
the default and consistent behavior for all email events and
newsletters. It simplifies the UI, logic, and data related to email
events and newsletters. It affects several files in the
`ghost/admin/app`, `ghost/core/core`, and `ghost/members-api`
directories.
refs TryGhost/Team#3133
- the backend previously had logic to save a revision if more than 10
mins had elapsed since the last revision
- however, the frontend would autosave after 3 seconds of inactivity
(which doesn't trigger a revision), and never send another save request
at 10 minutes, so the backend logic to save a revision was never
triggered
- this change will save the current contents of the editor every 10
minutes, even if nothing has changed since the last save
This is an initial start to using TypeScript in our non-core Ghost packages.
- Adds a prepare script to build the project after installing deps
- Adds an initial tsconfig.json which is compatible with our node env
- Migrates all of the code to TypeScript, including tests
- Updates tests to use ts-node so that we don't need to compile the tests
- ts-node is installed at the top level because the env is weird with lerna and
doesn't work otherwise
- Updates the yarn dev script to build the project with the --all and --revisions flag
- Updates the prepare script in the top level to run prepare on packages, so
that packages can be built when running `yarn`
- Updates the build script in ghost/core to run build on packages, so that
packages are built before being monobundled
- Updates monobundle to be a dependency and use the new TryGhost repo, which
includes some minor fixes and improvements, such as supporting devDeps
- Updates the GitHub workflows to run the build command in the top level
directory rather than ghost/core so that other packages are built, too.
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9
Because our filtering layer is so coupled to the DB and we don't generally
apply restrictions, it was possible to fetch authors and filter by their
password or email field. Coupled with the "starts with" operator this can be
used to brute force the first character of these fields by trying random
combinations until an author is included in the filter. After which the next
character can be brute forced, and so on until the data has been leaked
completely.
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9
Because our filtering layer is so coupled to the DB and we don't generally
apply restrictions, it was possible to fetch authors and filter by their
password or email field. Coupled with the "starts with" operator this can be
used to brute force the first character of these fields by trying random
combinations until an author is included in the filter. After which the next
character can be brute forced, and so on until the data has been leaked
completely.
no issue
There was an error when generating the snapshot for this test. It never ran, so the snapshot was never committed. On top of that, the generated snapshot would change every time because the email verification token was not replaced with a static value.
closes https://github.com/TryGhost/Team/issues/3137
We have now included the ability to display an "Unpublished" tag for revisions that have been unpublished. The tag is only displayed when the revision's reason property is set to "unpublished". A new revision is triggered when a post is unpublished, regardless whether there's a change in the content.
fixes https://github.com/TryGhost/Team/issues/2385
The Sentry version has been locked to v7.11.1 for some time because Sentry still used a legacy Node feature, called domains. Due to a bug or change in in Noide 16+, those domains broke handling uncaught promise execptions. So Ghost crashed when a promise exception wasn't caught. But that shouldn't be the case because we have a global uncaught exception handler.
Luckily Sentry switched to AsyncLocalStorage in v7.48.0. This fixes the issue as demonstrated in c0cd62184c
refs TryGhost/Team#3122
- Fixed that preview takes data from user input before saving on
backend.
---
<!-- Leave the line below if you'd like GitHub Copilot to generate a
summary from your commit -->
<!--
copilot:summary
-->
### <samp>🤖 Generated by Copilot at 54d5b2d</samp>
This pull request adds the ability to preview the announcement bar in
the Ghost admin panel and the theme settings. It also adds a
confirmation dialog to discard or save unsaved changes before leaving
the announcement bar settings. It refactors some components and methods
to remove unnecessary or redundant calls to save the settings. It
modifies the `ghost_head` helper, the `theme-management` service, and
the `announcement-bar/src` files to support the preview feature.
https://github.com/TryGhost/Team/issues/3121
- Because the announcement data has to be available with member's context, it's only possible to have it in cross-origin requests in the Members API.
- Exposed the announcement bar data through `GET /members/api/announcement` endpoint
refs https://github.com/TryGhost/Team/issues/3010
- Having all possible values in within single packages will make it easier to look for "source of truth" and is more maintainable rather than having values scattered all over the codebase
We no longer need a reference to the previous version, instead we can use the
latest revision, this makes it easier to compare "off table" data such as the
feature image caption stored in posts_meta.
no issue
<!-- Leave the line below if you'd like GitHub Copilot to generate a
summary from your commit -->
<!--
copilot:summary
-->
### <samp>🤖 Generated by Copilot at ebd1973</samp>
This pull request adds support for storing and tracking the status of
posts in revisions. It introduces a new `post_status` column and
property in the `post` and `PostRevision` models, and updates the
`PostRevisions.formatInput` method to handle it.
refs https://github.com/TryGhost/Team/issues/3099
<!-- Leave the line below if you'd like GitHub Copilot to generate a
summary from your commit -->
<!--
copilot:summary
-->
### <samp>🤖 Generated by Copilot at 83140b5</samp>
This pull request adds a new column `post_status` to the
`post_revisions` table to store the status of the post revision. It also
updates the schema definition, the migration file, and the integrity
test to reflect the new column.
refs @TryGhost/Team#3076
- added `save_revision` option to edit post endpoint
- this change covers the following cases:
1. we will not save a `post_revision` on every background autosave that
occurs after 3 seconds of inactivity in the editor
2. we will save a `post_revision` when the user hits `cmd+s` in the
editor to explicitly save
3. we will save a `post_revision` when the user navigates away from the
editor (e.g. by clicking the 'Posts' breadcrumb in the editor)
4. we will save a `post_revision` when the user publishes a post
5. we will save a `post_revision` when a user updates an already
published post
refs https://github.com/TryGhost/Ghost/pull/14264
- With a requirement change we need to transform `announcement_visibility` setting to be an "array" instead of a "string". Array structure will allow us to hold multiple filters at once giving more coverage to the audience targetting usecases.
- Example filter variations we'll support are:
[ ] Logged out visitors
[ ] Members
[ ] Free members
[ ] Paid members
refs https://github.com/TryGhost/Team/issues/3034
- adds new integration page for Pintura in Admin
- allows site owners to enable/disable the image editor integration
- allows self-hosters to upload the files for enabling Pintura image
editor
---------
Co-authored-by: Sodbileg Gansukh <sodbileg.gansukh@gmail.com>
refs https://github.com/TryGhost/Team/issues/3034
- adds 3 new settings for managing pintura image editor integration in
admin
- `pintura` setting controls the enabling of the feature
- `pintura_css_url` is used to store path to pintura css file uploaded
on integration page
- `pintura_js_url` is used to store path to pintura js file uploaded on
integration page
no issue
When a user is deleted any post revisions created by the user are set to
be owned by nobody (null) rather than deleting the post revisions
associated with the user
refs https://github.com/TryGhost/Team/issues/3011
- This is a data structure needed to support Announcement Bar feature -
allows to create custom site-wide announcements tailored to the
audience.
- The `announcement_content` is meant to hold displayed HTML content of
the announcement and will be exposed through unauthenticated Content
Site API
- The `announcement_visibility` sets the target audience to display the
Announcement Bart to:
- `public` - Everyone
- `visitors` - Logged out visitors only
- `members` - Members only
- `paid` - Paid members only
- The `announcement_background` sets the CSS class that should be
applied to the Announcement Bar. and will be exposed through
unauthenticated Content Site API. Three styles are available:
- `accent` - matches the color of the site accent
- `dark` - dark style
- `light` - light style
refs 3b90b1f335
refs https://github.com/TryGhost/Team/issues/3011
- The "flags" property was missing from the allowed parameters in addSettings migrations utility method. Passing in "flags" is needed to complete a refed issue where we add a new "announcement" group of settings and two of these settings have a "PUBLIC" flag
no issue
- added full author object to the post_revisions array on the /posts endpoint
- to be used in the post history modal to display who authored each revision
refs https://github.com/TryGhost/Team/issues/3034
- adds new alpha feature flag for image editing in Admin
- allows new config for Pintura files that enable the image editing in
Admin
- adds new ember component for triggering image editing for post feature
images
---------
Co-authored-by: Sodbileg Gansukh <sodbileg.gansukh@gmail.com>
no issue
- maxlength for author_id was errantly set to 2000 instead of 24
- migration was failing with:
ERROR Field length of `author_id` in `post_revisions` is too long!
Field length of `author_id` in `post_revisions` is too long!
"This usually happens if your database encoding is utf8mb4.\nAll unique
fields and indexes must be lower than 191 characters.\nPlease correct
your field length and reset your database with `yarn knex-migrator
reset`.\n" "Read more here:
https://github.com/TryGhost/knex-migrator/issues/51\n"
- the autogenerated constraint name was too long for MySQL, yielding the
error below (although it seems to be fine for sqlite)
- this change adds an explicit, shorthand name for the constraint to
stay under the limit on MySQL8
Error: alter table `post_revisions` add constraint
`post_revisions_author_id_foreign` foreign key (`author_id`) references
`users` (`id`), algorithm=copy - Specified key was too long; max key
length is 3072 bytes
