0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Commit graph

6989 commits

Author SHA1 Message Date
Austin Burdine
0d0542c5d0 swap sqlite3 & mysql dependencies (#7677)
no issue

- Ghost-CLI's recommended system stack has MySQL as the default
DB engine of choice, making the sqlite requirement unnecessary.
- Mysql (as the default) should be a required dependency
2016-11-08 13:47:14 +00:00
Katharina Irrgang
3aac3ef6de 🎨 make settings cache available (#7692)
* 🎨  settingsCache is available

- do not destroy the object reference
- added TODO to reconsider the config values for theme
- get one or all cached settings

* 🚨  remove api.init

- this functiion has just wrapped a function to update the settings cache
- if we have multiple tasks todo later, we can re-add
- but for now: this is way easier to read
- adapt test

* 🎨  tests
2016-11-08 13:37:19 +00:00
David Wolfe
68af2145a1 Replace memory spam prevention with brute-express (#7579)
no issue

- removes count from user checks model
- uses brute express brute with brute-knex adaptor to store persisted data on spam prevention
- implement brute force protection for password/token exchange, password resets and private blogging
2016-11-08 12:33:19 +01:00
Austin Burdine
b3f09347e4 ghost startup ipc messaging (#7678)
no issue

- add ipc messaging to ghost on startup success/error
- works with Ghost-CLI to ensure improve process management
2016-11-07 15:25:29 +01:00
Katharina Irrgang
bae0de6cd5 knex-migrator v2 (#7605)
* 🎨  knex-migrator reset

[ci skip]

*   add migration example

- hooks
- 1.0

[ci skip]

* 🛠  knex-migrator tarball

- remove when released

[ci skip]

* 🎨  jscs/jshint

* 🕵🏻 do not drop the database connection when running tests

- please read the comments in the commit

* 🔥  remove example migration

* 🛠  knex-migrator 0.1.0

* 🛠  knex-migrator 0.1.1

- fix a single test to ensure we catch the error

* 🛠  knex-migrator 0.1.2

* 🎨  make tests green

- added my keyword: kate-migrations
- i will go over all TODO's when removing the old migrations code

* 🛠  knex-migrator update

* 🛠  knex-migrator 0.2.0
2016-11-07 11:39:49 +00:00
Katharina Irrgang
a19fa8d3ac Ghost Auth: register client with blog_uri (#7680)
* 🛠  passport-ghost 1.1.0

*   register client: add blog_uri

refs #7654

- improve readability
- get rid of all the url util usages
- add blog_uri

[ci skip]

* 🎨  tests
2016-11-07 11:38:05 +00:00
Katharina Irrgang
4e7779b783 🎨 remove token logic from user model (#7622)
* 🔥  remove User model functions

- validateToken
- generateToken
- resetPassword
- all this logic will re-appear in a different way

Token logic:
- was already extracted as separate PR, see https://github.com/TryGhost/Ghost/pull/7554
- we will use this logic in the controller, you will see in the next commits

Reset Password:
Was just a wrapper for calling the token logic and change the password.
We can reconsider keeping the function to call: changePassword and activate the status of the user - but i think it's fine to trigger these two actions from the controlling unit.

* 🔥  remove password reset tests from User model

- we already have unit tests for change password and the token logic
- i will re-check at the end if any test case is missing - but for now i will just burn the tests

*   add token logic to controlling unit

generateResetToken endpoint
- the only change here is instead of calling the User model to generate a token, we generate the token via utils
- we fetch the user by email, and generate a hash and return

resetPassword endpoint
- here we have changed a little bit more
- first of all: we have added the validation check if the new passwords match
- a new helper method to extract the token informations
- the brute force security check, which can be handled later from the new bruteforce middleware (see TODO)
- the actual reset function is doing the steps: load me the user, compare the token, change the password and activate the user
- we can think of wrapping these steps into a User model function
- i was not sure about it, because it is actually part of the controlling unit

[ci skip]

* 🎨  tidy up

- jscs
- jshint
- naming functions
- fixes

*   add a test for resetting the password

- there was none
- added a test to reset the password

* 🎨  add more token tests

- ensure quality
- ensure logic we had

* 🔥  remove compare new password check from User Model

- this part of controlling unit

*   compare new passwords for user endpoint

- we deleted the logic in User Model
- we are adding the logic to controlling unit

* 🐛  spam prevention forgotten can crash

- no validation happend before this middleware
- it just assumes that the root key is present
- when we work on our API, we need to ensure that
  1. pre validation happens
  2. we call middlewares
  3. ...

* 🎨  token translation key
2016-11-07 11:18:50 +00:00
Greenkeeper
a6226e4832 chore(package): update ghost-editor to version 0.1.4 (#7686)
https://greenkeeper.io/
2016-11-07 11:49:46 +01:00
Greenkeeper
381fb16ddf chore(package): update moment-timezone to version 0.5.9 (#7682)
https://greenkeeper.io/
2016-11-06 17:59:40 +01:00
Greenkeeper
6d658f45d7 chore(package): update amperize to version 1.0.0 (#7662)
https://greenkeeper.io/
2016-11-05 18:14:43 +01:00
Greenkeeper
01f59ab79c chore(package): update lodash to version 4.16.6 (#7659)
https://greenkeeper.io/
2016-11-05 17:59:34 +01:00
Greenkeeper
ddefc92a29 chore(package): update gscan to version 0.1.1 (#7638)
https://greenkeeper.io/
2016-11-05 17:15:48 +01:00
Greenkeeper
be341b51f8 chore(package): update tmp to version 0.0.30 (#7661)
https://greenkeeper.io/
2016-11-03 23:37:23 +01:00
Aileen Nowak
3cb38ad01c 🐛 Fix URL mismatch error for redirect_uri (#7663)
closes #7656

Uses `urlJoin` to create `redirect_uri` rather then concatenating url + `/ghost/` which produced a double `/` in the url.
2016-11-02 13:02:32 +01:00
Ben Vibhagool
ad9b59c87c Fix access-rules plugin description comment (#7665)
no issue

The plugin extends `Bookshelf.Model.forge` not` Bookshelf.Model.force`
2016-11-02 12:40:09 +01:00
Hannah Wolfe
07618911b4 Version bump to 1.0.0-alpha.7 2016-10-31 13:55:09 +00:00
Hannah Wolfe
9a399387b9 Updated Ghost-Admin to 1.0.0-alpha.7 2016-10-31 13:55:09 +00:00
Hannah Wolfe
9a7ebeef1c Use moment-timezone when using .tz() (#7653)
refs #7449, refs #7514, refs #7643

- We've had a couple of issues raised, and a few people in #help all report the same error:
> Cannot read property 'zone' of undefined
When starting Ghost.

I'm not sure why this seems to work sometimes, and not others, however it would seem that we
should require moment-timezone anywhere we want to use timezone features.

This PR fixes the LOC shown in #7449 as the problem line + I searched for any other potential problems
2016-10-31 14:44:24 +01:00
Ryan McCarvill
dfa073c29e Ghost Editor 0.1.1 (#7649)
- Added slash menu (kinda)
- Updated toolbars
- Added soft return
- Improved performance
- Added code block ` ` ` support
- Improved Link functionality
2016-10-31 11:47:03 +00:00
Katharina Irrgang
be183f3441 🐛 fix DST in listeners spec (#7652)
no issue
- we need to calculate the timezone offset dynamically, because of DST
2016-10-31 11:46:29 +00:00
Katharina Irrgang
16a726bf1b 🎨 add logs folder to content folder (#7635)
refs #7116

- see comment https://github.com/TryGhost/Ghost/issues/7116#issuecomment-256598791
- add README.md
2016-10-28 14:27:02 +01:00
Greenkeeper
810d60ce83 chore(package): update nock to version 8.2.1 (#7641)
https://greenkeeper.io/
2016-10-28 14:26:27 +01:00
Greenkeeper
9c99f9d8bb chore(package): update oauth2orize to version 1.5.1 (#7608)
https://greenkeeper.io/
2016-10-28 14:22:57 +01:00
Greenkeeper
34c35db6d1 chore(package): update gulp-jshint to version 2.0.2 (#7625)
https://greenkeeper.io/
2016-10-28 14:22:26 +01:00
Greenkeeper
fea661d786 chore(package): update jshint to version 2.9.4 (#7606)
https://greenkeeper.io/
2016-10-28 14:22:10 +01:00
Greenkeeper
03b28df4f3 chore(package): update moment to version 2.15.2 (#7618)
https://greenkeeper.io/
2016-10-28 14:15:48 +01:00
Greenkeeper
3673e50c8f chore(package): update sqlite3 to version 3.1.8 (#7639)
https://greenkeeper.io/
2016-10-28 14:11:47 +01:00
Hannah Wolfe
9d95a81b92 Update Ghost-Admin: use config API endpoint
refs #7628
2016-10-28 14:10:20 +01:00
Katharina Irrgang
a55fb0bafe 🎨 public config endpoint (#7631)
closes #7628

With this PR we expose a public configuration endpoint.
When /ghost is requested, we don't load and render the configurations into the template anymore. Instead, Ghost-Admin can request the public configuration endpoint.

* 🎨  make configuration endpoint public
* 🔥  remove loading configurations in admin app
- do not render them into the default html page
*   load client credentials in configuration endpoint
- this is not a security issue, because we have exposed this information anyway before (by rendering them into the requested html page)
* 🎨  extend existing configuration integration test
*   tests: add ghost-auth to data generator
*   add functional test
* 🔥  remove type/value pattern
* 🎨  do not return stringified JSON objects
2016-10-28 14:07:46 +01:00
Katharina Irrgang
e11e3a2444 🛠 ignore bunyan updates for now (#7637)
no issue
- background: we would like to pin 1.8.1 bunyan, because they introduced a behaviour change in the newer versions, see https://github.com/TryGhost/Ignition/issues/16
- because we would like to use Ghost-Ignition in Ghost soon, we can ignore bunyan updates in Ghost for now
- Ignition will take care about be able to update bunyan soon
2016-10-27 12:41:32 +01:00
Greenkeeper
e58d8cac7b chore(package): update passport-ghost to version 1.0.3 (#7632)
https://greenkeeper.io/
2016-10-26 19:16:08 +02:00
Greenkeeper
128cff7e66 chore(package): update supertest to version 2.0.1 (#7598)
https://greenkeeper.io/
2016-10-25 12:19:46 +01:00
Katharina Irrgang
ca17e788ed 🐛 add missing schedulerUrl option (#7626)
no issue
- while refactoring the config module, this was accidentally deleted
- let's re-add it 😇
2016-10-25 12:19:22 +01:00
Katharina Irrgang
0e13ef8767 🎨 logging improvements (#7597)
* 🎨  rotation config
  - every parameter is configureable
  - increase default number of files to 100
* 🎨  ghost.log location
  - example: content/logs/http___my_ghost_blog_com_ghost.log
  - user can change the path to something custom by setting logging.path
* 🛠   add response-time as dependency
* 🎨  readable PrettyStream
  - tidy up
  - generic handling (was important to support more use cases, for example: logging.info({ anyKey: anyValue }))
  - common log format
  - less code 🕵🏻
* 🎨  GhostLogger cleanup
  - remove setLoggers -> this function had too much of redundant code
  - instead: add smart this.log function
  - remove logging.request (---> GhostLogger just forwards the values, it doesn't matter if that is a request or not a request)
  - make .warn .debug .info .error small and smart
* 🎨  app.js: add response time as middleware and remove logging.request
* 🎨  setStdoutStream and setFileStream
  - redesign GhostLogger to add CustomLoggers very easily

----> Example CustomLogger

function CustomLogger(options) {
  // Base iterates over defined transports
  // EXAMPLE: ['stdout', 'elasticsearch']
  Base.call(this, options);
}
util.inherits(...);

// OVERRIDE default stdout stream and your own!!!
CustomLogger.prototype.setStdoutStream = function() {}

// add a new stream
// get's called automatically when transport elasticsearch is defined
CustomLogger.prototype.setElasticsearchStream = function() {}

* 🎨  log into multiple file by default
  - content/logs/domain.error.log --> contains only the errors
  - content/logs/domain.log --> contains everything
  - rotation for both files
* 🔥  remove logging.debug and use npm debug only
*   shortcuts for mode and level
* 🎨  jshint/jscs
* 🎨  stdout as much as possible for an error
* 🎨  fix tests
* 🎨  remove req.ip from log output, remove response-time dependency
* 🎨  create middleware for logging
  - added TODO to move logging middleware to ignition
2016-10-25 12:17:43 +01:00
Hannah Wolfe
ce8517fde0 Upgrading Casper to 1.3.4 2016-10-24 16:57:06 +01:00
Kevin Ansfield
13c95bafc4 Version bump to 1.0.0-alpha.6 2016-10-24 12:51:55 +01:00
Kevin Ansfield
4520edc0e4 Updated Ghost-Admin to 1.0.0-alpha.6 2016-10-24 12:51:55 +01:00
Ryan McCarvill
646aaa1e43 deps: ghost-editor@0.0.14 (#7619) 2016-10-24 11:57:20 +01:00
Katharina Irrgang
c8c696f659 🎨 grunt release .knex-migrator (#7591)
no issue
- the file was not copied over for the release
- @TODO: different solution?
2016-10-24 10:18:04 +01:00
Greenkeeper
d8214d6a46 chore(package): update moment-timezone to version 0.5.7 (#7609)
https://greenkeeper.io/
2016-10-22 11:11:39 +01:00
Katharina Irrgang
cccd8c4f8f change ghost client redirect_uri (#7595)
closes #7580
2016-10-21 16:08:17 +01:00
Katharina Irrgang
2887602712 🎨 error improvements (#7600)
*   id for each error instance
- copy paste of ignition
- on purpose for now
- delete TODO, wohoo
- use id property instead of uid, see http://jsonapi.org/format/#errors

* 🕵🏻  remove TODO for decouple req.err
- can't find a nicer alternative solution
- added some more descriptions to code pieces in our error-handler

* 🎨  use uuid.v1
- timestamp based
2016-10-21 13:10:17 +01:00
Katharina Irrgang
02a1f08ba3 🐛 fix changePassword bug (#7590)
no issue
- comparison for isLoggedInUser did not work when userId was a string
- parsing of int was missing
2016-10-21 10:19:09 +01:00
Katharina Irrgang
8bcd000829 🐛 GhostError needs to inherit from Error (#7582)
no issue
2016-10-19 15:27:22 +01:00
Greenkeeper
441f7e54e8 chore(package): update knex-migrator to version 0.0.7 (#7592)
https://greenkeeper.io/
2016-10-19 11:59:56 +02:00
Greenkeeper
0148895269 chore(package): update passport-ghost to version 1.0.2 (#7594)
https://greenkeeper.io/
2016-10-19 11:04:34 +02:00
kirrg001
8637c7be60 Version bump to 1.0.0-alpha.5 2016-10-18 14:10:32 +02:00
kirrg001
7ab059b8b9 Updated Ghost-Admin to 1.0.0-alpha.5 2016-10-18 14:10:32 +02:00
Katharina Irrgang
258688932f 🛠 knex-migrator 0.0.6 (#7589)
no issue
- manual PR, because GK is too slow to push the version bump
2016-10-18 10:23:57 +01:00
Katharina Irrgang
fd0a08ae8c 🎨 make sqlite filename absolute (#7585)
no issue

- add tests for makePathsAbsolute
- add support for windows paths

When Ghost-CLI inits the database of the current GhostVersion (in /current), then it uses knex-migrator to do that.
Knex migrator is reading the .knex-migrator file of the current Ghost version. This returns a relative path to the database location.
The problem: knex-migrator will init the database in the root folder of Ghost-CLI /content/data instead of /current/content . And when you start Ghost (ghost start), it always complains that
that database is not initialised, because it expects the database in /current/content...

* 🎨  move config_spec to config/index_spec
- add one more test case
2016-10-18 09:04:44 +01:00