refs https://github.com/TryGhost/Team/issues/909
The request for fetching logged-in member data was making several extra DB queries to fetch data points that are not used on frontend, like `labels`, `products`, `stripe customer`. This refactor removes these extra data points and cuts DB queries in half for fetching logged in member.
refs https://github.com/TryGhost/Team/issues/919
This version of @tryghost/members-api has a patch to the loading of the
benefits relation for products, which previously was erroring and
causing a 500 error.
refs https://github.com/TryGhost/Team/issues/664
The new WellKnownController and middleware handles exposing a JSON Web
Key Set for us.
In order to serve the keys on /members/.well-known/jwks.json without a
trailing slash, we must mount the wellKnown middleware before the
frontend.
refs https://github.com/TryGhost/Team/issues/908
The `cookies` module inside `@tryghost/members-ssr` was being used incorrectly
and resulted in cookies being set with `'[Object object]'`
Co-authored-by: Renovate Bot <bot@renovateapp.com>
issue https://github.com/TryGhost/Team/issues/901
- The main issue was in the AST linter, where partials could have either forward- or backward-slash separators depending on the operating system. We have normalized all partial names to only have forward-slashes, which matches the handlebars syntax, like `{{> icons/avatar}}`.
- The second issue was in the 005-template-compile, where we wouldn't check partials even though they were used. This also comes from the path separator difference.
- We have also updated all regular expressions to account for paths with backward-slashes
refs https://github.com/TryGhost/Team/issues/778
- cleans up the stripe migration to add default monthly/yearly prices for sites, which had a possibility of using complimentary (0 amount prices) in edge cases
- adds missing return in the same migration for an unlikely failure to parse stripe plans
refs https://github.com/TryGhost/Team/issues/542
The members-api has been updated to use the passed `created_at`
property when creating members for the status change events, as well as
using the subscription start_date for members paid subscription events
This is a duplicate of 7eb821b3f5 but
with updated dependencies.
refs https://github.com/TryGhost/Team/issues/542
The members-api has been updated to use the passed `created_at`
property when creating members for the status change events, as well as
using the subscription start_date for members paid subscription events
refs https://github.com/TryGhost/Team/issues/864
- gscan was breaking when parsing double-quoted helpers like `{{"pagination"}}`.
- re-used a function to convert StringLiterals to PathExpressions, which fixes the issue.
refs https://github.com/TryGhost/Team/issues/858
Previously when complimentary access used a Stripe subscription under
the hood, we were able to restrict access to Stripe Checkout based on
whether or not a Member had an active Stripe subscription. This updates
the logic in members-api to instead check for whether or not the member
has 1-or-more products.
refs https://github.com/TryGhost/Team/issues/849
With multiple products back behind alpha flag, we want to bring back segmented post access for members which allows site owners to set post access to specific products. This change -
- updates admin-api-schema to allow `visibility_filter` attribute to post/page response
- We have a lot of tests, so it can be hard to see if any are problematic
- We have a problem with some tests being too slow, this highlights these in particular
- Very slow tests that take seconds are not really unit tests, we should look for different ways to run these
- Also we should tailor our mocha settings more, so that we have more lenient settings for acceptance/regression tests but not for unit tests
- Note: You have to wait for all tests to run to see the output
closes https://github.com/TryGhost/Team/issues/781
refs 076ad99593
refs https://github.com/TryGhost/Ghost/commit/2b73d0f66
refs https://github.com/TryGhost/Ghost/commit/bab12ca3d
- With refs 076ad99593
landing in main there is no more 500 error stopping us from bumping the version
- Previous versions of gscan wasn't able to detect partial usage inside
of a helper, e.g.: "{{#if author}}{{> "missing_partial"}}{{/if}}". It's
important to be able to detect these on theme upload/validation stage to
avoid errors during the runtime.
- The updated version provides additional information about used and
unused partials and helpers.
- With this change users might start seeing a "fatal" error during an
upload/activation of a theme previously passing validation. Currently
active themes with partials used in the context will still allow for a
boot, but will log a 422 error pointing to missing partial.
refs https://github.com/TryGhost/Team/issues/827
- Ghost needs an ability to insert email-only content for defined segments of members - at the moment distinguishing only free&paid ones.
- The card with a "segment" payload should contain a valid NQL statement to target specific members
- Makes the logic for determining the admin and frontend vhost args independent and easier to test
- Moved the tests to specifically test the vhost utils & removed proxyquire as a dependency
- We want to breakdown the current parent app into the existing core/app.js and boot code, allowing us to decouple the backend and frontend further
- This is all part of the refactoring to separate server and frontend completely
refs https://github.com/TryGhost/Team/issues/765
This includes the changes to @tryghost/members-csv so that we can read
and write the `product` column from/to csv files. Allowing us to include
products in exports, as well as use them in imports.
- getSubdir, getSiteUrl & getAdminUrl were currently part of @tryghost/url-utils
- They have been split out into their own library, and refactored so that they expect to be bound to nconf
- With this commit we can do e.g. config.getSubdir() rather than needing @tryghost/url-utils
- These functions will be passed to url-utils via DI
- This is the first step in breaking down url-utils into smaller pieces
- This commit only does a single change in Gruntfile.js to use the new funtions - this will be rolled out slowly
refs https://github.com/TryGhost/Team/issues/748
This updates the @tryghost/members-api MemberRepository to stop ignoring
the `products` data passed to write operations, and to attach products
directly to members. As this logic is part of a new feature, we are
maintaining existing functionality by deleting the products data when
the feature flag is not enabled.
This functionality allows us to give members complimentary access to a
product without needing to use a Stripe Subscription internally.
refs https://github.com/TryGhost/Team/issues/781
refs https://github.com/TryGhost/Team/issues/774
- Previous versions of gscan weren't able to detect partial usage inside
of a heprer, e.g.: "{{#if author}}{{> "missingpartial"}}{{/if}}". It's
important to be able to detect these on theme upload/validation stage to
avoid errors during the runtime.
- The updated version provides additional information about used and
unused partials and helpers.
- With this change users might start seeing a "fatal" error during an
upload/activation of a theme previously passing validation. Currently
active themes with partials used in the context will still allow for a
boot, but will log a 422 error pointing to missing partial.
no issue
Fixes the build - as test checks for instanceof ValidationError, and
we were using 2 versions of @tryghost/errors between Ghost and
@tryghost/validator.
refs https://github.com/TryGhost/Team/issues/775
As we currently do not delete canceled subscriptions and they are
exposed via the API, this functionality has been added to the
editSubscription controller method under the PUT HTTP method.
The cancelSubscription method in @tryghost/members-api was updated to
handle deleting by member id
- Part of the effort to split Ghost down into smaller, decoupled pieces
- Moved out our internal validator tooling to a separate library
- Replaced all usage of our own tooling and validatorjs directly with @tryghost/validator
- Removed the validatorjs dependency and removed the renovate pin
- This gives us a consistant, smaller, clearer public API for validations
- It will eventually be used on Ghost Admin too
- This way we can start getting up to date with validator whilst not increasing build size
no issue
The only pieces of Ghost-Ignition used in Ghost were debug and
logging. Both of these modules have been superceded by the Framework
monorepo, and all usages of Ignition have now been removed, replaced
with @tryghost/debug and @tryghost/logging.
- validator has seen a lot of change, this one bump is safe
- after this we need to go through and make API updates as isURL has changed quite significantly!
no issue
Part of the effort to split ghost into smaller, decoupled parts. The
@root-utils package lets us avoid hard-coding a path to package.json,
and means that the ghost-version.js file could eventually be moved
into a separate module.
This commit uses a patched version of @tryghost/root-utils which
checks for the existence of a `current` directory, as used in
Ghost-CLI. Since this is very specific to Ghost and Ghost CLI, there's
a new method called "getGhostRoot" for this purpose.
refs:
- cf15f60085
- dd20cc649b
- ccf27f7009
- abf146d61f
- 2b54c92a14
- bb029a53f6
- 95bd7ee675
- 9018b4df22
- df01a6e5f4
- d313726b34
- these plugins were in a state where they were independent enough to be
pulled out into their own packages, which is what we did in the
referenced commits above
- each package is named like `@tryghost/bookshelf-<plugin>`
- to avoid requiring multiple packages into Ghost, we've also created a
wrapper package called `@tryghost/bookshelf-plugins` which re-exports
all these plugins, so the changes in Ghost are very simple - dbebdd43b5
- this commit deletes the plugins + tests, and replaces with our new
package with some minor code changes
no issue
Part of the effort to split ghost into smaller, decoupled parts. The
@root-utils package lets us avoid hard-coding a path to package.json,
and means that the ghost-version.js file could eventually be moved
into a separate module.
refs https://github.com/TryGhost/Team/issues/770
We want post feature image functionality to better match what's available inside the editor, to do that we'll need somewhere to store alt and caption meta data. `posts_meta` chosen because even though we want to make this generic for other tables in the future those tables also have a `feature_image` (or closely related) field.
- updated schema with new columns
- added migration to create columns
- cleaned new columns from API output
- not output on v2/v3
- conditionally output on v4/canary output based on labs flag
- bumped `@tryghost/admin-api-schema` to allow new columns through in canary API requests
- silently clean properties from input when labs flag is disabled
- updated acceptance tests so they fail if `admin-api-schema` is not letting the new fields through
- The underlying package-json package has had i18n ripped out using the new tpl utility instead
- It's also then been refactored to not be a class that needs instantiating
- This means it can be required directly and its public interface methods used where needed
- This is a much nicer, neater pattern for what is a mature utility library :)
refs 971ac479dc
- `@tryghost/tpl` was accidentally placed in `devDependencies` but
Ghost needs this to run so it would cause Ghost-CLI to fail when it
only installs `dependencies`
- this commit moves the dependency to `dependencies`
- also pins the dependency to `0.1.0`
- We are going to get rid of the internal i18n tool because it doesn't solve a real use case
- Instead, we have a new tpl utility that does basic string interpolation
- This pattern will make it easier for us to decouple the codebase, and the new tool helps to keep the refactor surface area really small
- This is the first example of using the new tpl helper, so it also adds @tryghost/tpl
no issue
- `cssnano` requires `postcss` as a peer dependency which was causing warnings when running `yarn`
- `postcss` was available because it's a sub-dependency of `sanitize-html` so nothing was broken but explicitly adding it to `package.json` resolves the warnings
refs https://github.com/TryGhost/Team/issues/712
The ProductRepository in members-api has been updated to accept
monthly_price & yearly_price when creating and updating products, as
well as including them when reading.
refs https://github.com/TryGhost/Team/issues/728
- The code of update check has been extracted into it's own package as a part of TryGhost/Core monorepo. This commit is a cleanup of the leftover files
refs https://github.com/TryGhost/Team/issues/711
Since we need to support multiple products, which will each have a
monthly and yearly price, we are moving away from storing these ids in
settings, and instead in a column on the products table. The migration
depends on the settings being prepopulated, which is done outside of
knex-migrator, in members-api, so this migration must also be done there.
no issue
- includes sub-dependency bumps for `markdown-it` packages for markdown renderer bug fixes and to keep Ghost and Admin markdown rendering in sync
refs https://github.com/TryGhost/Team/issues/704
Previously a customer message was not passed, and the default message
was used. This made a reference to, "someone else is editing the post"
which is incorrect in this context! The members-api has been updated
with an appropriate error message, with a link to our documentation.
refs https://github.com/TryGhost/Team/issues/704
Currently when attempting to create stripe_prices without a Stripe
connection, it will fail silently. This is an issue when initially
configuring Members as the Stripe connection can take some time to be
established. By erroring we allow the client to be notifed that the
connection does not yet exist, so that it can be retried later.
refs f51c640fb0
- This should not affect any of the current code but should improve edge case errors related to "allowlist" types of limits
- See referenced commit for details when this edgecase was happening
refs https://github.com/TryGhost/Team/issues/635
This is to ensure we don't break migrations for any sites which have
imported external subscriptions which have an interval of 'week' or
'day'
The bump to members-api includes the handling of these intervals for
ongoing population of mrr events
refs https://github.com/TryGhost/Team/issues/698
The migrations to populate these settings are handled by the members-api
module, as they depend on the stripe_prices table being populated. This
cannot be guarunteed at boot, so we're unable to do this as a standard
migration.
refs https://github.com/TryGhost/Team/issues/687
- The frontmatter field has leaked into the API layer unintentionally when it was introduced into the DB schema during 4.0 release.
- The fix add the field to "trim" list in all API. A proper validation and handling will be add per API as usecase for the field becomes clear
refs https://github.com/TryGhost/Team/issues/581
closes https://github.com/TryGhost/Team/issues/582
Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings.
As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label.
- removed enum validations for `visibility` so it now accepts any string or `null`
- bumped `@tryghost/admin-api-schema` for API-level validation changes
- added nql validation to API input validators by running the visibility query against the members model
- added transform of NQL to special-case visibility values when saving post model
- ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment
- useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected
- updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match
- bumped @tryghost/members-api to include label and product data when loading member
refs https://github.com/TryGhost/Team/issues/588
- This is a new type of limit allowing to measure resource use (e.g. sent emails) per period (e.g. subscription, billing, cycle, etc)
- To enable periodical limit add following values under `hostSettings.limits`:
```
"emails": {
"maxPeriodic": 10,
"error": "Your plan supports up to {{max}} emails. Please upgrade to reenable sending emails."
}
```
and following under `hostSettings.subscription`:
```
"subscription": {
"start": "2020-04-02T15:53:55.000Z",
"interval": "month"
}
```
- Above config would allow checking if 10 emails per month starting on the 2nd of every month has been reached untill now
refs: https://github.com/TryGhost/Ghost/commit/7bce05ab8
- I wrote a custom plugin for the no-cross-requires logic between our modules after not finding anything that could do it
- Then, when searching for the next rule I wanted, I found eslint-plugin-ghost has no-restricted-requires
- This rule is more flexible, so switching to it
- NOTE: This update to eslint-plugin-ghost also fixes performance of linting our test files by pinning eslint-plugin-mocha to v7 as v8 has performance problems
refs 37ebe723c6
- `package-json` was a standalone library using dependency injection so
we could pull it out into its own package in Utils
- this was done in the commit referenced above
- this commit removes the implementation and tests in Ghost and replaces
the require in the initialization wrapper with the new package
refs https://github.com/TryGhost/Team/issues/588
- This bump allows to pass configuration for "emails" limit (flag type for now) and allows to do checks against this limit as a consequence
- Useful to be able to do basic checks for newsletter-related functionality
refs: 7e787ef807
- bumps eslint-plugin-ghost to 2.1.0 which adds the code for a new custom rule
- adds configuration to our eslint file to enable the rule in a very soft mode for now
- this rule is intended to enforce not tightly coupling the server and frontend
- the intention is to make it stricter over time as the number of cross requires reduces
- enabling this rule temporarily and running lint is a nice way to grok just how tightly coupled things are at the moment
refs https://github.com/TryGhost/Team/issues/628
After a recent bump to Stripe API version used by Members service - 2020-08-27 - importing paid members via CSV in ghost was not working correctly due to missing subscriptions object in customer data fetched from Stripe. Stripe had updated the customer resource to not include the subscriptions data by default which is now patched to always include in Ghost.
refs https://github.com/TryGhost/Team/issues/591
refs ffe24a728c
It's possible to have sites which still have customer subscriptions in their DB from old Stripe accounts, most likely added when we allowed Stripe Direct, as those subscriptions were not cleaned up. While populating stripe prices and products for existing subscriptions, we want to ignore these old subscriptions which are not part of current Stripe account instead of throwing error and halting the one off migration which we currently do.
The population script will re-run again as long as no new subscriptions are created between the last release and this, and there were no old invalid plans in DB, which is a very unlikely edge case so the data will eventually re-populate correctly.
issue https://github.com/TryGhost/Team/issues/614
- Users who have a password can directly sign-in via oauth
- User who are logged-in get their password disabled
- Users accepting an invitation get their password disabled
- The way we disable password is by setting it to a long random password
refs https://github.com/TryGhost/Team/issues/619
- Bumps `@tryghost/members-api` to `1.3.0` which adds a one-off migration to populate missing stripe prices and products
- Bumps patch versions on `@trghost/members-ssr` and `@tryghost/magic-link` to 1.02
refs https://github.com/TryGhost/Team/issues/616
This adds the schema for the Products Admin API to be used as the input
validation, and adds support for the `products` property on the Members
Admin API
Co-authored-by: Renovate Bot <bot@renovateapp.com>
no issue
- `tmp` 0.1.0 was broken and I added `tmp` to the Renovate ignore list
to stop it creating PRs - 082160106a
- 0.2.1 is fixed again so we can merge the update and remove it from the
list
no issue
- we've been unpinning dependencies in our libraries to remove
duplicates
- this commit bumps packages from the Utils repo and NQL, all of which
contain changes to unpin their own dependencies
no issue
- I recently unpinned dependencies in the Utils monorepo so we can avoid
multiple versions of the same package
- this commit bumps all the packages that I published, that do not have
other changes. Other team members should merge these