ref BAE-104
The members send-magic-link API should be protected by Captcha. This
required initialising the Captcha service in the members API, and
putting the middleware into the send-magic-link API.
If it's enabled via lab flag and config, then the service will prevent
API calls that don't have a valid Captcha response.
ref https://linear.app/ghost/issue/DES-1082/router-prototype
This task is about testing, figuring out pros and cons of React Router
compared to our current (custom) router, and what effort and risks are
involved in migrating to it.
ref BAE-371
Added the HCaptcha react component & related utils to enable it /
disable it based on the Captcha labs flag. At the moment this does not
include the same functionality on forms using the data-attributes.
ref
https://linear.app/ghost/issue/DES-1085/update-shade-to-be-used-in-activitypub
- Shade so far was just used in our playground (Post analytics). It
needed to be prepared so that it can be integrated in real projects like
ActivityPub. This means cleaning up everything related to it like
conventions, file structure, documentation etc.
ref https://linear.app/ghost/issue/ENG-1973
ref https://app.incident.io/ghost/incidents/132
- added a new database setting: `blocked_email_domains` (array, default:
`[]`)
- this setting will allow publishers to block additional email domains
during member signups, on top of the ones blocklisted at a config level
(follow-up PR)
ref https://linear.app/ghost/issue/PRO-1349
- the integrity token endpoint can return a json response with an error
message (for example, when rate limited)
- added the standard response handler to the integrity token endpoint in
Portal, to render the error message sent by the backend
ref
https://linear.app/ghost/issue/ONC-723/support-escalation-re-fwd-email-preferences
- On sites where the Default recipients setting was set to anything
other than "Whoever has access to the post", the list of newsletters and
the toggle to subscribe/unsubscribe would not be rendered on the Portal
"Email Preferences" page.
- The bug was introduced in v5.106.0, and intended to hide the
newsletter list if Newsletter sending were disabled completely, but
there was bug in the logic
- This commit has a breaking test to prevent this in the future, and
fixes the logic to only hide the newsletter list if
`editor_default_email_recipients` is explicitly set to 'disabled'.
ref bb9a69e
ref https://linear.app/ghost/issue/ENG-1753/labs-flags-cleanup
- We promoted i18n to GA several weeks ago now, and it's going fine
- Removing the UI first to reduce confusion before cleaning up all the
other references to the flag
- Introduced a new function for setting the publication language in internationalization (i18n) test cases, for readability
ref
https://linear.app/ghost/issue/ONC-717/support-escalation-re-dashboard-unresponsive
This reverts commit 9082a9f1db, which
introduced an automatic refresh interval on the Post Analytics screen in
Admin. This change led to an increase in the number of requests to the
`/ghost/api/admin/members/events/` endpoint, which is a particularly
database intensive endpoint. Ultimately this led to significantly higher
load on the database which degraded performance for sites with a large
`email_recipients` table.
ref
https://linear.app/ghost/issue/ONC-717/support-escalation-re-dashboard-unresponsive
This reverts commit 9082a9f1db, which
introduced an automatic refresh interval on the Post Analytics screen in
Admin. This change led to an increase in the number of requests to the
`/ghost/api/admin/members/events/` endpoint, which is a particularly
database intensive endpoint. Ultimately this led to significantly higher
load on the database which degraded performance for sites with a large
`email_recipients` table.
ref https://linear.app/ghost/issue/AP-534/profile-weird-button-hover-state-in-post-list
- While we've separated Inbox and Feed views, we're still showing both Notes and Articles together in Profiles. Articles had a confusing hover state and also felt disconnected. The new design is similar to the one used in the new publishing flow, with adjustments where it makes sense.
- Added more useful alt descriptions
- Fixed images from Thread notes not showing
ref https://linear.app/ghost/issue/ONC-721
ref https://app.incident.io/ghost/incidents/132
- added a blocklist at the email domain level for free member signups
- for example, if `blocked-domain.com` is blocked,
`thomas@blocked-domain.com` cannot sign up as free member
- the blocklist is configurable: `"spam.blocked_email_domains":
["blocked-domain.com"]`
ref https://linear.app/ghost/issue/ONC-721
ref https://app.incident.io/ghost/incidents/132
- added a blocklist at the email domain level for free member signups
- for example, if `blocked-domain.com` is blocked,
`thomas@blocked-domain.com` cannot sign up as free member
- the blocklist is configurable: `"spam.blocked_email_domains":
["blocked-domain.com"]`
ref https://linear.app/ghost/issue/AP-634/table-of-contents-in-reader-view
- Sometimes publishers use headings in unusual ways (for example, using just `h3`s). This means we can't rely on headings always being structured in the expected way (`h1`, `h2`, `h3`...) Now after we scan the article for headings, we find the highest level heading and then calculate normalized levels for all other headings. This helps the widget look good even in these edge cases.
ref
https://linear.app/ghost/issue/ONC-699/lever-member-export-unresponsive
- Split large SQL queries into smaller, focused queries to improve
performance and reduce database load.
- Shifted aggregation logic from database to in-memory processing for
improved query efficiency and faster execution.
- Added temp logging to identify performance bottlenecks and measure
execution time for each step in production environment as things are
pretty fast in local setup and staging.
- No updates in the test, this API already has snapshot tests and unit tests
ref
https://linear.app/ghost/issue/DES-797/admin-visual-design-improvements
- With the current user setting initialization the main navigation was to be
closed/hidden by default. This change makes sure that if the menu toggle
wasn't used it's going to use the default value (`visible: true`)
no refs
Changed profile modal to always remote load in `admin-x-activitypub`
instead of both accepting an object or a string. This will allow for
easier refactoring of the modal when we switch this area of the app to
use `accounts` instead of `profiles`
refs
[AP-647](https://linear.app/ghost/issue/AP-648/refactor-profile-tab-to-use-account-and-follows)
Updated the profile tab in `admin-x-activitypub` to use dedicated
account endpoints. This is to remove coupling between the UI and the
ActivityPub endpoints in preparation for the upcoming changes around
storing `accounts` and `follows` in the database
ref https://linear.app/ghost/issue/AP-634/table-of-contents-in-reader-view
- Adds a table of contents widget to the right side of articles in
reader view that let's you navigate between headings for easier
navigation in long, complex articles
- Enhanced popover component with configurable side positioning
- Updated package version to 0.3.44
ref https://linear.app/ghost/issue/ENG-1805/remove-collections-code
- a bit of a chunky commit but this removes all (backend) collections code from
the codebase, as we're removing the feature whilst it's not fully
fleshed out
- removes the flag, code and tests
- I need to leave the models because there are some fixtures that get
generated and I need to clarify whether having inconsistent databases
is acceptable atm
ref https://linear.app/ghost/issue/AP-644/fix-enabling-activitypub-service-when-flag-is-enabled
- right now, we only set up the ActivityPub webhooks if the service is
initialized at boot
- so if the flag is enabled after boot, the webhooks aren't setup
- this changes that to allow initializing the service either at boot, or
when the labs setting is changed (and ActivityPub flag is enabled)
ref ONC-715
- A customer reported an issue where one of their custom views in Admin doesn't
have the edit button appearing.
- The issue stems to a bad state in the database where `order` has
`null` as a value, however this should never be possible.
- To fix this, we allow the filtering which compares the routes with the
view query to ignore nulled keys in order for the edit button to be
populated.
- also added tests
