0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Commit graph

35882 commits

Author SHA1 Message Date
Ghost CI
145d0b84f5 Merged v5.55.2 into main 2023-07-27 07:38:59 +00:00
Ghost CI
5273b56e88 v5.55.2 2023-07-27 07:38:58 +00:00
renovate[bot]
c05976645c Update sentry-javascript monorepo to v7.60.1 2023-07-27 09:24:27 +02:00
Ronald Langeveld
abc7af8082 Added test email rate limiting (#17505)
refs https://github.com/TryGhost/Product/issues/3651

- This is a security fix that addresses an issue causing malicious users
to abuse the test / preview email API endpoint.
- We have multiple procedures in place now to limit such users.
- First, we now only allow one email address to be passed into the
`sendTestEmail` method. This method only have one purpose, which is to
compliment the test email functionality within the Editor in Admin and
therefore have no reason to send to more than one email address at a
time.
- We then add an additional rate limiter to prevent a user from making
multiple requests, eg via a script.
- The new imposed limit is 10 test emails per hour.
2023-07-27 09:22:26 +02:00
Daniel Lockyer
55d5a8d892 Fixed loading assets from CDN URL
refs https://ghost.slack.com/archives/C027S85FS/p1690202522054729

- this is another set of places where we load assets slightly
  differently
- this should fix user profile images when using assets from a CDN
2023-07-27 09:22:11 +02:00
renovate[bot]
12190746c0 Update dependency @types/react to v18.2.17 2023-07-27 08:53:24 +02:00
renovate[bot]
0b661e8eee Update dependency ember-cli-test-loader to v3.1.0 2023-07-27 08:53:13 +02:00
Ronald Langeveld
0029c444ad
Added test email rate limiting (#17505)
refs https://github.com/TryGhost/Product/issues/3651

- This is a security fix that addresses an issue causing malicious users
to abuse the test / preview email API endpoint.
- We have multiple procedures in place now to limit such users.
- First, we now only allow one email address to be passed into the
`sendTestEmail` method. This method only have one purpose, which is to
compliment the test email functionality within the Editor in Admin and
therefore have no reason to send to more than one email address at a
time.
- We then add an additional rate limiter to prevent a user from making
multiple requests, eg via a script.
- The new imposed limit is 10 test emails per hour.
2023-07-27 08:46:50 +02:00
Steve Larson
b77521ece9
Updated gscan (#17509)
no refs
2023-07-26 15:58:22 +00:00
Peter Zimon
c956561d58
Modal cleanup in AdminX settings (#17508)
refs. https://github.com/TryGhost/Product/issues/3349

- added outline to modal cancel button to avoid floating it too much in space
- added a lil' animation to modals to make it more obvious that it's a modal
- added ESC button so that it's easier to escape the modal
2023-07-26 15:45:19 +00:00
Peter Zimon
a9efd06f83
Tiers related cleanup in AdminX settings (#17504)
refs. https://github.com/TryGhost/Product/issues/3349

- added thousands separator to numbers in tiers list and preview
- added dirty state handling to edit/add tier modal
- applied sorting to tiers list
- fixed free trial toggle bug. No default was set and didn't keep the trial value and the toggle in sync
- applied a little scale down to tier preview for better proportions
2023-07-26 16:13:07 +02:00
Steve Larson
005e80b466
Updated gscan (#17507)
no refs
2023-07-26 13:06:23 +00:00
Fabien "egg" O'Carroll
8d71841918 Mapped tag.deleted event to TagDeletedEvent
refs https://github.com/TryGhost/Arch/issues/61

Because the tags system is still written in the old way, the tag.deleted
bookshelf event needs to be mapped to the DomainEvents to bridge the gap with
the collections package.
2023-07-26 12:54:42 +02:00
Fabien "egg" O'Carroll
90f92ab2a4 Fixed usage of require in test file
We should be using the import syntax instead of require in our TypeScript files.
2023-07-26 12:54:42 +02:00
Fabien "egg" O'Carroll
607ea8dcd7 Added TagDeletedEvent
refs https://github.com/TryGhost/Arch/issues/60

This will be used to update collections when a tag is deleted. Like the Post
events this should not be in the collections package, instead we should have
these as part of the tags and posts packages. These packages don't exist right
now, so I'm following the existing pattern.
2023-07-26 12:54:42 +02:00
Peter Zimon
acd84fe25c
AdminX design cleanup (#17489)
refs. https://github.com/TryGhost/Product/issues/3349

- applied outline and fixed spacing for form groups
- small UI refinements for static version of Newsletter settings
- replaced textareas with textfields in site description, twitter and FB descriptions
- unified pattern for "Save & close" and "Cancel" in user detail settings
- refined checked background for logo container in Design settings
- refined spacing in Tier detail modal
- fixed gradient bug in Portal preview
- fixed UI bugs in Portal / Links
- fixed tier dropdown bug in Portal / Links. It was always showing links for the first tier
- unified form input element headings
- refined checkbox and toggle label typography and spacing
2023-07-26 12:47:52 +02:00
Naz
48ccea818a Fixed unpublished collection posts filtering
closes https://github.com/TryGhost/Arch/issues/58

- Following assumptions were broken:
- Posts Admin API should include posts of all statuses when filtering by collection
-  Posts Content API should not include any unpublished posts
- Updated the "status" filter which fixes the problem. We still disallow any custom filters to be applied on top of collections filter.
2023-07-26 16:45:57 +08:00
Michael Barrett
2fe392c312
Added import tier to members import modal (#17492)
refs https://github.com/TryGhost/Product/issues/3629
2023-07-26 09:19:09 +01:00
Sodbileg Gansukh
dc5cc28036 Cleaned up the styles for the new Header card
no issues

- using .kg-v2 as an indicator to add the v2-specific styles
- .kg-header-card and .kg-header-card-button are the class names that confict with the existing Header card, so only using .kg-v2 to style those elements
2023-07-26 15:18:22 +08:00
renovate[bot]
8fed1abb71 Update peter-evans/create-or-update-comment digest to 716151b 2023-07-26 08:48:51 +02:00
Ronald Langeveld
c419306f30
Bumped Portal (#17499)
no issue

---

<!-- Leave the line below if you'd like GitHub Copilot to generate a
summary from your commit -->
<!--
copilot:summary
-->
### <samp>🤖 Generated by Copilot at e0f948c</samp>

This change updates the `portal` package to the latest version, which
fixes some bugs and enhances the user experience of the members feature.
2023-07-26 08:36:27 +02:00
Djordje Vlaisavljevic
ae314679fa
Add Tips and donations section to Membership settings (#17497)
refs https://github.com/TryGhost/Product/issues/3561

- Added a static section to Membership settings with a button to copy
the Tips & donations Stripe link
- Added a `tipsAndDonations` feature flag
2023-07-25 22:46:34 +01:00
Fabien "egg" O'Carroll
322dda10ab Removed flag check for running the collection service
This ensures that collections are updated in the background regardless of
whether or not the labs flag is enabled, which is important for the stability
of the collections database tables. In order to make sure we don't add a tonne
of event listeners during the tests we have to add a flag to make sure that the
service is treated as a singleton and only instanciated once. This should only
affect code running in tests, as we don't initialise services multiple times
2023-07-25 17:35:43 +02:00
Fabien "egg" O'Carroll
3d0825ea2f Supported ?include=count.posts for Collections API
Unfortuantely our framework is bookshelf centric so we have to refer to the
`withRelated` property rather than a more generic `include` property.

The collection entity already contains the list of post ids, so we can just
return the length of that array.
2023-07-25 16:56:22 +02:00
Fabien "egg" O'Carroll
431f0ed842 Fixed the "Can add a Collection" test
The test was addign an extra collection, but not cleaning it up - which makes it
hard to reason about other tests, especially when running them in isolation and
the state is different. This just cleans up the test and updates the browse test
to match the right snapshot.
2023-07-25 16:56:22 +02:00
Daniel Lockyer
33e2b39295 Removed old versions of @typescript-eslint/{eslint-plugin,parser}
refs https://github.com/TryGhost/DevOps/issues/50

- this helps prevent old versions of the dependency from lingering
  around (especially when it's unused)
2023-07-25 16:48:54 +02:00
Daniel Lockyer
af320ab864 Fixed new package detection
- turns out new packages folders aren't generating an `A` status in `git
  diff`, so this line never worked
- if we create a `package.json` file, we can reasonably assume we're
  creating a new package, so this should fix the issues we were seeing
  with caching + new packages
2023-07-25 16:15:36 +02:00
Fabien "egg" O'Carroll
517c406e17 Added Collections Content API
The only usecases we need to support at the moment are reading individual
collections by ID and by Slug. We can extend this API as we get more usescases
in future.
2023-07-25 16:14:02 +02:00
Daniel Lockyer
b0cf1f949a Switched TypeScript eslint config to custom plugin
refs https://github.com/TryGhost/DevOps/issues/50

- this switches the .eslint configs from `node` to `ts`, which is a new
  config to support eslint for TypeScript
- also makes minor changes to adhere to these new rules
2023-07-25 16:12:35 +02:00
Daniel Lockyer
bf53f8ba6f Added missing dependency definition
- `@tryghost/collections` is used within
  `@tryghost/model-to-domain-event-interceptor` but there wasn't a
  dependency on this package, so the build script wouldn't always build
  the dependency first
2023-07-25 15:56:46 +02:00
renovate[bot]
cbdd2f0273 Update dependency @types/nodemailer to v6.4.9 2023-07-25 15:50:24 +02:00
Fabien 'egg' O'Carroll
63ab254e33
Removed posts from Collections API
The correct mechanism for fetching posts from a collection is via the Posts API.
This removes all functionality of getting posts from the Collections API.

Co-authored-by: Naz <hi@nazavo.com>
2023-07-25 13:19:19 +00:00
Daniel Lockyer
adc3f8e8ee Skipped dependency caching for new packages
- in this event, we don't want to cache the dependencies because the new
  package will need to be linked to the others
- this commit should add detection for new packages and skip the cache
  if so
2023-07-25 15:14:50 +02:00
Daniel Lockyer
87d234403f Deduplicated tsconfig.json to use base config
- this allows for easier maintenance
2023-07-25 13:50:45 +02:00
Daniel Lockyer
223109be9d Added ghost/nql-filter-expansions to TS dev script list
- this enables us to watch the directory for changes and rebuild when
  necessary
2023-07-25 13:50:45 +02:00
Naz
658adf0ab1 Fixed build command for nql-filter-expansions
no issue

- The newly generated package did not have the build:ts command needed for nx build to run
2023-07-25 19:01:56 +08:00
Naz
694ab1d32d Added support for expansions in collection filters
refs https://github.com/TryGhost/Arch/issues/46

- Similarly to post filters, collection filters now support both 'tag' and 'tags' nql filter keys when defining a filter for related tag slugs. For example, both `tag:avocado` and `tags:avocado` would both be valid collection filters that would filter by the same 'slug' property of the tags assigned to a post.
- Along with these changes had to rework the tags property of the collection posts to match the shape used in post resources. Moved from:
`tags: ['bacon', 'broc']`
to
`tags:[{slug: 'bacon'}, {slug: 'broc'}]`
2023-07-25 19:01:56 +08:00
Naz
8fa36916d7 Migrated admin and core modules to use nql-filter-expansions
refs https://github.com/TryGhost/Arch/issues/46

- Reused posts expansions from nql-filter-expansions module
2023-07-25 19:01:56 +08:00
Naz
9f979917e3 Added nql-filter-expansions module
refs https://github.com/TryGhost/Arch/issues/46

- This module with be a placeholder for "filter expansions" we use across the codebase. For now it will only contain the expansions for the "post" resource, but any new or refactored expansions should land here too.
2023-07-25 19:01:56 +08:00
Naz
c4351456c6 Made tag snapshots more accurate in collections test suite
refs https://github.com/TryGhost/Arch/issues/46

- Allows to actually verify in the snapshot itself if the tag filter is working correctly or not.
2023-07-25 19:01:56 +08:00
renovate[bot]
3830401d55 Update dependency @playwright/test to v1.36.2 2023-07-25 12:26:15 +02:00
Michael Barrett
8095843939
Added feature flag for import tier functionality (#17480)
refs https://github.com/TryGhost/Product/issues/3629
2023-07-25 10:52:52 +01:00
Sodbileg Gansukh
0b00c653cc Added margin override to the signup card input
no issues

- some themes have global styles applied to inputs and it breaks the card input layout because of the style conflict
- this adds some default margin values to fix the issue
2023-07-25 14:22:44 +08:00
renovate[bot]
ec46993e0f Update dependency @types/react to v18.2.16 2023-07-25 08:05:02 +02:00
renovate[bot]
7baa1b13af Update storybook monorepo to v7.1.1 2023-07-25 08:04:47 +02:00
Ghost CI
fc50d1e92c Merged v5.55.1 into main 2023-07-25 02:46:04 +00:00
Ghost CI
95d343a786 v5.55.1 2023-07-25 02:46:02 +00:00
Chris Raible
e50ad7561c
🐛 Fixed image rendering in Outlook email client (#17475)
refs TryGhost/Product#3647

- The latest version of juice (which Ghost uses to inline css in email
newsletters) included new functionality to add height="auto" and
width="auto" for any images with dimensions set to auto in css
- This was causing rendering issues in Outlook, which would render the
image at full width, which often added a horizontal scroll and generally
messed up the flow of the document
- This change prevents juice from modifying the height or width of `<img
/>` tags
2023-07-24 18:33:56 -07:00
renovate[bot]
5ca8c1f568 Update dependency vite to v4.4.7 2023-07-24 20:56:39 +02:00
Aileen Booker
eb303ec221 Fixed Segment event named wrong 2023-07-24 15:49:33 +01:00