ref
https://linear.app/ghost/issue/ENG-1974/create-config-option-to-forcibly-disable-email-track-clicks
- With the ability to override a setting via configuration, we also need
to disable the setting's toggle in the UI to signal to the user that it
cannot be changed.
- This commit sets `disabled: true` on the `Newsletter clicks` toggle if
`is_read_only` is set to `true` on the `email_track_clicks` setting
returned from the API, and establishes a pattern that we can use for
other settings in the future, if desired.
ref
https://linear.app/ghost/issue/ENG-1974/create-config-option-to-forcibly-disable-email-track-clicks
- We want to have the ability to turn off click tracking for sites that
are adversely impacted by massive bursts of traffic from email link
checkers, but we don't currently have a pattern for this.
- This commit introduces a new configuration parameters
`hostSettings:settingsOverrides`, which accepts key/value pairs of
settings keys -> values. The value passed in here will override whatever
value is set for the associated setting key in the database
- It also adds an `is_read_only: true` property to any setting that is
overridden, which is included in the /api/admin/settings endpoint. This
value can be used by the frontend to disable the control to prevent a
user from trying to change the value.
- The value in the database is preserved, as the override is implemented
in the settings cache `get()` and `getAll()` methods.
- This commit only includes the backend changes — another commit will
follow to allow disabling the 'Newsletter clicks' toggle in Admin's
settings.
ref https://linear.app/ghost/issue/ENG-1260
ref https://linear.app/ghost/issue/ENG-1859
- names for uploaded files now include a 16-character alphanumeric hash,
that gets re-generated on every upload. This prevents original files to
be found, e.g. when redacting sensitive content in an image in the
editor
- if the filename length is higher than what most filesystem accept (255
bytes), we truncate the base of the filename, while keeping space for
the unique hash and the file extension. Example to illustrate
(non-accurate):
- input: long-name-for-an-image-imagine-255bytes-here-blablablablabla-and-a-bit-more.png
- output: long-name-for-an-image-1a2b3c4d5e6f7g890.png
ref https://linear.app/ghost/issue/PLG-327
- updated post output serializer's gating functions to add gating of specific content blocks
- uses regex to look for specific strings in the HTML for speed compared to fully parsing the HTML
- content gating blocks look like `<!--kg-gated-block:begin nonMember:true/false memberSegment:"status:free,status:-free"-->...gated content...<!--kg-gated-block:end-->`
- parsing of params is limited to `nonMember` with a true/false value and `memberSegment` with a string value containing a limited set of supported filters
- occurs at the API level so that content is correctly gated in Content API output and front-end website
- added `checkGatedBlockAccess()` to members-service content-gating methods to keep the underlying member checks co-located
ref https://linear.app/ghost/issue/AP-590/unable-to-unfollow-accounts
- Users can now unfollow accounts they’re following, which means that account will be removed from the user’s “following” list and any of the future posts or notes published by that account won’t appear in user’s inbox or feed.
- Refactored and simplified `FollowButton` so it only has 2 variants: primary (used on profiles, where it's the primary focus of the screen) and secondary (used in lists where there will probably be lots of `FollowButton`s next to each other.)
---------
Co-authored-by: Fabien O'Carroll <fabien@allou.is>
ref DES-182
- adds `accept` parameter to the file uploads making it possible to
define a set of accepted file types
- allows only zip and json files for the universal importer
no issue
- When the nx daemon is enabled and using docker for local development,
we periodically get an error like the following, which crashes `yarn
dev` and requires a manual restart:
```
Daemon process terminated and closed the connection
Please rerun the command, which will restart the daemon.
If you get this error again, check for any errors in the daemon process logs found in: /home/ghost/.nx/workspace-data/d/daemon.log
```
- Disabling the daemon in docker prevents these errors, and so far I
haven't noticed any performance degradation from disabling it.
Hey there,
I completed some missing translation keys and found a few translation
errors I adjusted. I'm a Dutch native, but feel free to double-check the
edits.
Thanks for building such awesome software for us to enjoy! ✨
no issue
- Webhooks are advanced and powerful feature Ghost offers, but they are quite
hidden in the settings
- This change adds 'webhooks' keyword to the search in the sidebar to point
users in the right direction
ref https://linear.app/ghost/issue/ENG-1973
ref https://app.incident.io/ghost/incidents/132
- following an increase in spam members signups, we have recently added
a blocklist of email domains, based on config (see
https://github.com/TryGhost/Ghost/pull/22027). With this change, we are
extending that feature with a user-facing setting in Ghost Admin
- publishers can now block additional email domains in member signups,
directly from Ghost Admin. These emails domains will be added to the
list of domains already blocked by config
ref DES-549
- togglePreview() function was called twice when the key combination
CMD+P is pressed
- added a guard in the function to prevent it from being called twice
no issue
- Hot reload for admin depends on the browser being able to reach port
4201, which was not exposed in the docker compose setup — this fixes
that so admin will hot reload when running Ghost in docker compose
ref
https://linear.app/ghost/issue/ENG-1959/extend-setupjs-to-modify-config-as-appropriate-for-full-docker-dev
- When switching from local development to docker, there are a few
configuration parameters that need to be updated to e.g. point to the
right database host within the docker network.
- Setting these values with environment variables doesn't work well
because the configuration passed via environment overrides the
configuration set in tests, and thus points tests to the wrong database.
- This commit adds a yarn docker:setup command to the root of the repo,
to make it easier to get started with a full docker compose based
workflow. It edits you config.local.json file to update the necessary
settings for running Ghost in docker compose.
- It also updates the clean.js script such that it will run successfully
regardless of whether it is run locally or in docker.
- Finally, this commit also adds convenience commands for developing and
running tests in docker compose
ref BAE-104
The members send-magic-link API should be protected by Captcha. This
required initialising the Captcha service in the members API, and
putting the middleware into the send-magic-link API.
If it's enabled via lab flag and config, then the service will prevent
API calls that don't have a valid Captcha response.
ref https://linear.app/ghost/issue/DES-1082/router-prototype
This task is about testing, figuring out pros and cons of React Router
compared to our current (custom) router, and what effort and risks are
involved in migrating to it.
ref BAE-371
Added the HCaptcha react component & related utils to enable it /
disable it based on the Captcha labs flag. At the moment this does not
include the same functionality on forms using the data-attributes.
ref
https://linear.app/ghost/issue/DES-1085/update-shade-to-be-used-in-activitypub
- Shade so far was just used in our playground (Post analytics). It
needed to be prepared so that it can be integrated in real projects like
ActivityPub. This means cleaning up everything related to it like
conventions, file structure, documentation etc.
ref https://linear.app/ghost/issue/ENG-1973
ref https://app.incident.io/ghost/incidents/132
- added a new database setting: `blocked_email_domains` (array, default:
`[]`)
- this setting will allow publishers to block additional email domains
during member signups, on top of the ones blocklisted at a config level
(follow-up PR)
ref https://linear.app/ghost/issue/PRO-1349
- the integrity token endpoint can return a json response with an error
message (for example, when rate limited)
- added the standard response handler to the integrity token endpoint in
Portal, to render the error message sent by the backend
