ref https://linear.app/ghost/issue/DES-1033/icon-implementation
The Storybook structure contained Lucide icons under "Components", but
it's an experimental component. This commit creates an Experimental
component group in Shade and updates the corresponding docs.
closes https://linear.app/ghost/issue/DES-1033/icon-implementation
In Shade right now there's no support for icons, which is a fundamental
building block in any design system. We use Streamline Icons which
unfortunately don't have an out-of-the-box React support like e.g.
Lucide Icons. This PR adds support for custom icons to be used directly
from Shade by importing SVG's from a directory and creating React
components dynamically. It also adds a grid view of all available icons
in Storybook so it's easy to get an overview of available icons and copy
their React component.
Fixes https://linear.app/ghost/issue/ENG-1855/fix-reset-password-flow-in-case-of-2fa
- User is getting stuck on reset password page and they receive a verify token on the mail and nothing happens on the UI.
- This is happening because the session is not verified in the case of the reset password flow. The backend is sending a code to verify the session, but we don't have the UI in place where the user can enter the code.
- Previously, the user would be redirected to the dashboard once they clicked on "Save new password."
- Now when 2FA is on, we should directly redirect to the dashboard as the reset password link was sent to the email address anyway. This is why we are creating an already verified session in this case.
ref DES-1012
- previously, when a member was deleted, they were displayed with an
avatar initial `NM`, the name was empty, and their list item wasn't
clickable, which led to user confusion
- now it's much clearer with a placeholder avatar and `Deleted member`
as name
ref
https://linear.app/ghost/issue/DES-1020/create-new-react-app-for-shade
Shade is our new design system that follows React best practices and
leverages third-party libraries extensively. It's built on ShadCN/UI
which is one of the most popular React UI libraries today. This commit
adds an (almost) empty React app, set up to be the a starting point of
Shade.
ref
https://linear.app/ghost/issue/CON-3/external-media-inliner-should-inline-more-file-types
The external media inliner requests each file as a buffer. Saving this
works well for images, but not media or files as the `saveRaw` method is
not available on those storage adapters.
This PR moves the `saveRaw` method from `LocalImagesStorage` to
the `LocalStorageBase` class so it is available to subclasses.
ref https://linear.app/ghost/issue/PLG-267
- updated delete comment action so it removes comments rather than just updating their status to `'deleted'`
- deleted comments that still have replies have their status updated so the replies remain visible
- matches updated API behaviour where deleted comments are not shown at all
closes https://linear.app/ghost/issue/ENG-1561
- problem: When a free member upgraded to paid, we sometimes did not
capture the subscription attribution data
- cause:
- after checkout, Stripe sends `customer.subscription.created`,
`customer.subscription.updated` and `checkout.session.completed` webhook
events
- we want to create a subscription in our database based on the
`checkout.session.completed` event, as it contains additional data (e.g.
subscription attribution data)
- but, we were sometimes creating a subscription based on a
`customer.subscription.*` event during free → paid upgrades, which did
not contain subscription attribution data
- solution: we now ignore `customer.subscription.*` events until a
member and its related subscription have been created in the database
first, by the `checkout.session.completed` event
ref https://linear.app/ghost/issue/ENG-1851/
- added handling so that jobs run by the job queue can emit events on
completion
- added tests
Events (both node and our DomainEvents lib) must be emitted on the
primary process, so we can't emit these within the worker threads.
Instead, we'll return the necessary data with the job's completion in
the thread message such that the JobQueueManager can emit whatever
events may be needed.
closes https://linear.app/ghost/issue/PLG-297
- we were setting the comment count Admin API browse comments response meta pagination data which will never be correct because it only counts top-level comments for pagination purposes
- we have a public comment counts endpoint that is already fetched, there's no need to override that when using the Admin API because the overall count doesn't change across API's, even when the Admin API includes hidden comments because those don't impact the visible count
- updated test setup so the title and count is shown so it can be asserted against
- updated mocked api to correctly return count of all published comments+replies
https://linear.app/ghost/issue/ENG-1850/
- added cache/memoized the member uuid lookup within the
LinkClickRepository (used by the LinkClickTrackingService)
- added repository tests for the save method which were absent
This one one of a series of options we're testing out in order to smooth
out the surge in requests following a newsletter send. Most of this
activity is due to link checkers, but Ghost still needs to spend time
processing the member lookup to know whether or not it is a valid id,
and memoizing this lookup could significantly improve throughput by
reducing DB contention.
closes https://linear.app/ghost/issue/PLG-273
- removed previous fix which only worked on last comment but not last reply
- keeping track of last comment/reply spread a lot of domain knowledge around for a UI-only concern and wouldn't scale if we have other dropdowns in the future
- added `useOutOfViewportClasses` hook
- accepts an object with top/bottom/right/left containing default and outOfViewPort classes
- applies the correct classes using the DOM rather than React so that we avoid re-renders and associated flickering or broken rendering
no ref
This isn't needed at this time. We're doing some load testing to better
assess what piece is doing the most work, and this config flag lets us
shut off pieces of the redirect flow.
ref https://linear.app/ghost/issue/PLG-296/
When logged in as an Admin, comments-ui switches comment reads from the Members API over to the Admin API so that hidden comments can be displayed to allow moderation activities. However, the Admin API not using member authentication and CORS preventing the front-end members auth cookie being passed over to the Admin API domain meant that the logged-in member's likes were missing when fetching via the Admin API as there is no available reference to the logged in member.
This change works around the problem by introducing an `impersonate_member_uuid` param to the comments read/browse endpoints of the Admin API. When passed, the provided uuid is used to simulate that member being logged in so that likes are correctly shown.
- Introduced `impersonation_member_id` parameter to resolve issues with admin API not returning correct "liked" status for comments when an admin is logged in.
- Updated API endpoints in `comment-replies.js` and `comments.js` to handle `impersonation_member_id`.
- Adjusted `CommentsController` to validate and process the `impersonation_member_id` parameter before passing it to database queries.
- Enhanced test coverage to ensure proper handling of the new parameter and accurate "liked" status behavior.
ref https://github.com/TryGhost/Ghost/pull/21794
- We've now added versioning to all of our endpoints as of pr/21794
- This change updates the stats page to use the new versioned endpoints
- Currently, it's set to a global as all endpoints are on the same
version
- In future we may need this to be an array of versions for each
endpoint, but for now we're keeping it simple
ref https://github.com/TryGhost/Ghost/pull/21794
- This was missed in the PR to add versioning to all the resources - the
endpoints are now different, and the tests don't run
- I've been struggling to deploy out my changes, and part of it is
because this is a wholesale change to having versions, where previously
we didn't
- This change brings the tests into line, so we can be certain that the
new endpoints with the versions work the same as the old
- TODO: really must get CI working for tinybird!
- Previously the script would error out if a resource was missing e.g.
if a deploy had gone wrong
- That meant I frequently had to make further, manual changes
- These updates mean the script only attempts to delete a resource if it
is present
- Each type of resource is listed in an array and iterated over
- note there is no real difference between data and endpoint pipes, but
we need to manage them in order
- This should make the script much much more robust!
Fixes
https://linear.app/ghost/issue/ENG-1010/uploaded-file-permission-security-improvement
- This commit ensures all files uploaded to Ghost via importer are set
with 0644 permissions to improve security.
- Uploaded files previously retained their original permissions, which
could leave them executable.
- This commit prevents files from being inadvertently executable.
REF https://linear.app/ghost/issue/PLG-298/
- When you're typing a comment, and exit the input field, it collapses into a non-editable state; you first have to click on it again to "open" the form. This means you can't select the text or instantly start typing again. When the input has a value, we should stop it from closing.
- added custom `useEditor` hook that wraps TipTap and exposes both the `editor` and `hasContent` props keeping logic out of the consuming components
---------
Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
ref https://github.com/TryGhost/Ghost/pull/21788#discussion_r1869802093
- Introduced `setCommentsIsLoading` action to handle the loading state
of comments dynamically.
- Updated `setOrder` function to dispatch the `setCommentsIsLoading`
action, ensuring proper UI feedback during asynchronous operations.
ref https://linear.app/ghost/issue/AP-625/implement-notification-grouping-for-follows-and-likes
- Improved handling for notification clicks of various types: single follower notification opens that follower in the drawer, multiple followers expands the followers list, liked post opens the article in the wide drawer, liked note opens the note in the narrow drawer
- Improved hover and click states for profile names, usernames and avatars. Now it's more obvious what's clickable, and clicking on any of these elements in any context opens that profile in the drawer.
- Created a handleProfileClick utility since we're using it in a lot of places.
- Removed unnecessary types
- Made the HTML structure more semantic
no ref
I've discovered email link checkers appear to be using
falsified/scrambled uuids when testing links for a given site. It's
difficult to check against all sites, so instead we'll log to Sentry to
confirm this is the case.
I've put this behind config because I believe it will create a LOT of
entries, and may burden an already burdened workflow during peak
traffic.
