Ghost/ghost/admin/app
Georg Grauberger 36d9ae36ae
Added secret handling for webhooks (#13980)
closes: https://github.com/TryGhost/Team/issues/1203
refs: https://github.com/TryGhost/Ghost/issues/9942

- Ensures that the webhook secret is validated and saved in Ghost admin
- Then makes use of this value by optionally adding an X-Ghost-Signature header that effectively signs the webhooks
- This allows for verifying the source of a webhook coming from Ghost is truly Ghost.
- Uses the same pattern as GitHub uses: https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks

Co-authored-by: Hannah Wolfe <github.erisds@gmail.com>
2022-08-23 16:34:32 +01:00
..
adapters Updated usage of the Tiers API (#2388) 2022-05-16 19:51:49 +01:00
authenticators Made session.user a synchronous property rather than a promise 2021-07-08 14:54:31 +01:00
components Added secret handling for webhooks (#13980) 2022-08-23 16:34:32 +01:00
controllers Lexical-powered editor experiment (#15278) 2022-08-23 11:45:50 +01:00
errors Improved validation process for members CSV import 2020-07-07 00:28:30 +12:00
helpers Implemented context on Actions events 2022-08-23 14:58:41 +02:00
initializers Resolved ember-simple-auth deprecations 2022-01-22 00:30:56 +00:00
mixins 🐛 Fixed pasting into the post tags input not working (#1739) 2022-08-03 11:14:12 +01:00
models Added member attribution to member details page (#15266) 2022-08-19 16:39:18 -04:00
modifiers Updated modifiers to resolve ember-modifier@4.x deprecations 2022-08-02 16:54:34 +01:00
routes Updated activity feed to use full width 2022-08-23 14:36:48 +02:00
serializers Fixed odd behavior with saving complimentary members 2022-08-17 20:53:34 +05:30
services Wired expiring comp subscriptions on Admin 2022-08-19 18:20:52 +05:30
session-stores Migrated session-store to native class syntax 2022-02-02 18:41:16 +00:00
styles More work on the posts table for attribution 2022-08-23 15:54:28 +01:00
templates More work on the posts table for attribution 2022-08-23 15:54:28 +01:00
transforms Updated usage of the Tiers API (#2388) 2022-05-16 19:51:49 +01:00
transitions Fixed autofocus not working on modal inputs 2018-06-04 17:48:57 +01:00
utils 🐛 Fixed pasting into the post tags input not working (#1739) 2022-08-03 11:14:12 +01:00
validators Added secret handling for webhooks (#13980) 2022-08-23 16:34:32 +01:00
app.js Updated scheduling copy 2020-10-02 10:45:49 +02:00
index.html Updated ember-auto-import@1 -> ember-auto-import@2 (#2252) 2022-08-02 13:43:28 +01:00
README.md Renamed "client" references to "admin" 2022-05-17 09:09:14 +01:00
router.js Lexical-powered editor experiment (#15278) 2022-08-23 11:45:50 +01:00
transitions.js Removed tour feature 2021-03-02 14:29:26 +00:00

Ghost Admin App

Ember.js application used as a client-side admin for the Ghost blogging platform. This readme is a work in progress guide aimed at explaining the specific nuances of the Ghost Ember app to contributors whose main focus is on this side of things.

CSS

We use pure CSS, which is pre-processed for backwards compatibility by Myth. We do not follow any strict CSS framework, however our general style is pretty similar to BEM.

Styles are primarily broken up into 4 main categories:

  • Patterns - are base level visual styles for HTML elements (eg. Buttons)
  • Components - are groups of patterns used to create a UI component (eg. Modals)
  • Layouts - are groups of components used to create application screens (eg. Settings)

All of these separate files are subsequently imported and compiled in app.css.

Front End Standards

  • 4 spaces for HTML & CSS indentation. Never tabs.
  • Double quotes only, never single quotes.
  • Use tags and elements appropriate for an HTML5 doctype (including self-closing tags)
  • Adhere to the Recess CSS property order.
  • Always a space after a property's colon (.e.g, display: block; and not display:block;).
  • End all lines with a semi-colon.
  • For multiple, comma-separated selectors, place each selector on its own line.
  • Use js- prefixed classes for JavaScript hooks into the DOM, and never use these in CSS as per Slightly Obtrusive JavaSript
  • Avoid over-nesting CSS. Never nest more than 3 levels deep.
  • Use comments to explain "why" not "what" (Good: This requires a z-index in order to appear above mobile navigation. Bad: This is a thing which is always on top!)