Commit Graph

1625 Commits

Author SHA1 Message Date
Hannah Wolfe
9f4c6957de Merge pull request #6155 from StevenMcD/issue_6140
Add .git folder to ignore folders list
2015-12-02 12:07:25 +08:00
Sebastian Gierlinger
ee275f4d0c OAuth Middleware refactor
refs #5286
- moved oauth server initialization to oauth.js
- moved generateAccessToken() to oauth.js
- added tests
2015-12-01 21:20:11 +01:00
StevenMcD
6956985c28 Add .git folder to ignore folders list
closes #6140
- simply added '.git' to the list of folder names to ignore when checking for valid themes.
2015-12-01 21:14:23 +02:00
Sebastian Gierlinger
245095c199 Origin Header revisited
closes #6106
- added override for my-ghost-blog.com
- added local IP addresses to be allowed
- changed localhost/127.0.0.1 to be allowed in production
2015-11-26 13:11:31 +01:00
Hannah Wolfe
f25039c4b9 Docs link & unique error codes for startup checks
refs #5821, #6063

- switch out help test to go to a comprehensive doc
- change error codes from 1 to unique codes
2015-11-26 16:20:11 +08:00
Sebastian Gierlinger
8c50609491 Handling Origin Header
closes #6106
- added better error message for client and console
- added exclusion of localhost/127.0.0.1 for dev mode
2015-11-23 18:21:19 +01:00
Hannah Wolfe
8f620b6dce Merge pull request #6063 from jgillich/version-check
Enable Node 4.2 testing
2015-11-23 09:56:27 +00:00
Jakob Gillich
faa1655a50 Enable Node 4.2 testing
* Do not error when node unsupported if GHOST_NODE_VERSION_CHECK=false is set
* Run engine check in preinstall script
* Add 4.2 to travis

issue #5821
2015-11-23 06:45:40 +01:00
Hannah Wolfe
d4c8b69673 Support ordering by count
refs #6009

- super quick and dirty way to support ordering by counts
- @TODO refactor :)
2015-11-22 17:18:30 +00:00
Hannah Wolfe
2aa16514a3 Rename post_count to count.posts
refs  #6009

- This is a straight rename, no functionality is added
- The dot syntax requires pre/post processing to convert the name
- This PR also includes several updates to the tests, as they weren't being run as part of Travis!
2015-11-20 14:59:58 +00:00
Hannah Wolfe
5df3cd5cfd Merge pull request #6064 from acburdine/ajax-helper
Add themes 'ajax' helper
2015-11-20 11:54:23 +00:00
Austin Burdine
250edf2b06 add themes ajax helper
closes #5942
- adds helper script for calling the api in themes
- adds tests for said helper script
2015-11-19 07:13:54 -06:00
Sebastian Gierlinger
55564e3daf Merge pull request #6091 from ErisDS/safe-count
Safe post_count for Tags & Users
2015-11-19 10:34:14 +01:00
Hannah Wolfe
770f45245c Safe post_count for Tags & Users
refs #6009, #5614

- Use the new isPublicContext method to detect whether to add extra clauses to the count
- Add count to users
2015-11-18 19:19:11 +00:00
Hannah Wolfe
f8d9af1010 Add some debugging tools to filters
- pass debug: true to the API to get some useful debug output
- does not work in production mode

Note: I have added these lines back in so many times in the past month or so so that I could
figure out what was happening, I figured everyone else might find them useful.

TODO: use a proper logging method dependent on env
2015-11-18 19:17:06 +00:00
Sebastian Gierlinger
c53d31a059 Merge pull request #6082 from ErisDS/filter-plugin
Filter plugin
2015-11-17 12:32:56 +01:00
Hannah Wolfe
6a0f1cf231 Filter plugin with enforce/default logic
refs #5614, #5943

- adds a new 'filter' bookshelf plugin which extends the model
- the filter plugin provides handling for merging/combining various filters (enforced, defaults and custom/user-provided)
- the filter plugin also handles the calls to gql
- post processing is also moved to the plugin, to be further refactored/removed in future
- adds tests showing how filter could be abused prior to this commit
2015-11-17 10:39:44 +00:00
Sebastian Gierlinger
6b31f362a2 Merge pull request #6083 from ErisDS/filter-missing
Add filter param for tags & users
2015-11-17 08:33:56 +01:00
Sebastian Gierlinger
088d5131cf Merge pull request #6027 from reinoudk/bp-limit
Make bodyparser limit configurable to allow for posts larger than 100kB
2015-11-17 08:25:56 +01:00
Hannah Wolfe
1a3ae578af Add filter param for tags & users
refs #5604

- `filter` is missing from tags & users - add it in and add tests which show it works
2015-11-16 18:16:59 +00:00
Sebastian Gierlinger
1b17456f5b Merge pull request #6067 from ErisDS/gql-update
deps: ghost-gql@0.0.3
2015-11-16 16:00:55 +01:00
Hannah Wolfe
a3bd00d978 deps: ghost-gql@0.0.3
- adds test for nested null/not null query issue
- make use of new findStatement tool
2015-11-16 14:44:48 +00:00
Hannah Wolfe
666a616551 Add access rules bookshelf plugin
refs #5614

- change isPublicContext to detectPublicContext
  - behaviour now expands the context object out
  - this is a bit of a sideeffect, but this is the simplest change
    that makes it possible to use the context in the model layer without
    significant wider changes
- add new access rules plugin
  - takes a context object as part of `forge()` & caches it on the model instance
  - provides helper functions for testing access rules later on
2015-11-16 12:24:01 +00:00
Sebastian Gierlinger
007c06fdc0 Merge pull request #6065 from acburdine/export-fix
Fix DB export throwing access denied errors
2015-11-16 10:00:22 +01:00
Austin Burdine
67a6b4c07b allow api requests to be made with the access token as a query parameter
closes #6040
- adds check for access token query parameter in auth middleware
2015-11-12 11:26:18 -06:00
Hannah Wolfe
4dac01cbf9 Refactor old processOptions/where to use GQL JSON
refs #5943

- no longer assume the options in processOptions are set
- set where to a new GQL JSON-like statement object
- rather than setting options, add statements which can be understood by knexify
- pass the statements through knexify to build the query
2015-11-12 17:24:09 +00:00
Hannah Wolfe
8edf382b40 Move bookshelf plugins into own folder 2015-11-11 19:40:12 +00:00
Reinoud Kruithof
e5e699ad8f Set bodyparser limit to 1mb to allow for posts larger than 100kB
closes #5998
- added bodyparser limit of 1mb in core/server/middleware/index.js
2015-11-10 11:25:24 +01:00
Hannah Wolfe
b8bab0e74c Removing featured option code
ref #5943

- found some more code that can be removed
2015-11-09 12:15:40 +00:00
Sebastian Gierlinger
132b2a7084 Merge pull request #6045 from ErisDS/api-meta
Add meta tags for client_id & client_secret
2015-11-05 10:51:24 +01:00
Hannah Wolfe
19603a33f3 Check client is enabled before auth
no issue

- add a check that the client has status 'enabled' to client auth strategy
- this permits the disabling of clients easily
- update tests
2015-11-04 16:59:56 +00:00
Hannah Wolfe
e70898a842 Add meta tags for client_id & client_secret
refs #5942

- refactor ghost_head to use Promise.props (settle is going away and this is easier)
- add a new call to fetch the frontend client, if it exists
- add meta tags for the client_id and client_secret on all pages
- don't include the meta tags if the client is not enabled, or if the labs flag is not set
2015-11-04 16:39:39 +00:00
Sebastian Gierlinger
ddf9874fa1 Disallow staticPages from public API
refs #5151
- disable staticPages parameter for calls without authentication
2015-11-04 10:03:27 +01:00
Hannah Wolfe
df82895db7 Move get helper behind labs flag
issue #5976

- break out the labs check into a utility
- wrap the get helper in a labs check, so it only works if the checkbox is checked
- make the get helper output an error to both the server and browser console if used when not enabled
2015-11-03 19:39:37 +00:00
Hannah Wolfe
e0a6d027c8 Move cross-table api counts into plugin
refs #6009, #5615

- minimal refactor to remove the addition of count from pagination and other various points
- create a include count plugin that overrides fetch and fetchAll
- this ensures that counts get added at the right points
2015-11-03 14:09:38 +00:00
Sebastian Gierlinger
c4f9cde008 Merge pull request #6037 from ErisDS/pagination
Pagination cleanup & improvements
2015-11-03 13:53:18 +01:00
Sebastian Gierlinger
369b6ad19c Merge pull request #6036 from ErisDS/pipeline
Pipeline util tests, clean & fix
2015-11-03 13:52:31 +01:00
Hannah Wolfe
ea402218d3 Pagination cleanup & improvements
no issue

- switching from using fetch to fetch all means some code can be removed from the fetchPage method
- updating tests to reflect cleaner code
- ensure coverage is at 100%
2015-11-03 11:01:48 +00:00
Hannah Wolfe
9d07e6f3be Pipeline util tests, clean & fix
no issue

- added comments to pipeline util, inc where it came from
- added tests for pipeline util
- tests uncovered a bug with promises for args, which has been fixed
2015-11-03 09:14:44 +00:00
Hannah Wolfe
8db90bae73 Merge pull request #5984 from sebgie/issue#5941
Move Public API behind labs flag
2015-11-02 16:15:50 +00:00
Kevin Ansfield
92123e427f Use tag slugs in URLs for tag management and add front-end edit redirect
refs #5845
- adds custom adapter for tags so that `store.queryRecord('tag', {slug: 'tag-slug'})` hits the `/tags/slug/tag-slug` endpoint instead of `/tags/?slug=tag-slug`
- updates tag management screens to use tag slugs instead of IDs
- adds `/tag/:slug/edit` redirect to front-end
2015-11-02 14:56:59 +00:00
Sebastian Gierlinger
bf65c136ce Move Public API behind labs flag
closes #5941
- added UI to labs page
- added method to determine if full authentication is required
- updated public_api tests to enable public api first
2015-11-02 14:18:58 +01:00
Hannah Wolfe
0c9befc16f Merge pull request #5999 from delgermurun/api-db-refactor
db api endpoint validation error refactor
2015-11-02 13:16:07 +00:00
Sebastian Gierlinger
de147ba044 Merge pull request #6030 from ErisDS/mini-refactor
Don't use api to lookup theme in frontend controller
2015-11-02 14:14:59 +01:00
Hannah Wolfe
a78ee06848 Merge pull request #6019 from vdemedes/api-order
Add order parameter
2015-11-01 15:04:24 +00:00
Hannah Wolfe
d6fb21fa28 Don't use api to lookup theme in frontend controller
no issue

- small fix, we already have the info, no need to look it up again
2015-10-30 19:02:06 +00:00
Sebastian Gierlinger
6474bba64e Merge pull request #6024 from cobbspur/limit
Ensure public api can uses limit parameter
2015-10-29 17:23:09 +01:00
cobbspur
d0d126eba7 Ensure public api can uses limit parameter
No Issue

- removes client id and secret after authentication
- adds tests to check default limit, all and integer
2015-10-29 15:36:54 +00:00
vdemedes
8687772604 Make read-directory ignore invalid package.json files
refs #5940, #5923
- make read-directory ignore invalid package.json files
- display a warning about invalid package.json files on startup
- add tests to ensure read-directory continues, even with invalid package.json files
2015-10-28 15:37:52 +01:00
vdemedes
6db41584e7 Add order parameter
refs #5602
- add "order" to default browse options
- parse order parameter in Base model
- accept "order" option in Post, User and Tag models
- add tests for posts order
- add tests for tags order
- add tests for users order
2015-10-28 14:14:03 +01:00