@jgardner04/ghost-mcp-server 1.4.0 → 1.6.0

package/src/services/ghostServiceImproved.js

@@ -185,6 +185,57 @@ const validators = {
       throw new NotFoundError('Image file', imagePath);
     }
   },
+
+  validatePageData(pageData) {
+    const errors = [];
+
+    if (!pageData.title || pageData.title.trim().length === 0) {
+      errors.push({ field: 'title', message: 'Title is required' });
+    }
+
+    if (!pageData.html && !pageData.mobiledoc) {
+      errors.push({ field: 'content', message: 'Either html or mobiledoc content is required' });
+    }
+
+    if (pageData.status && !['draft', 'published', 'scheduled'].includes(pageData.status)) {
+      errors.push({
+        field: 'status',
+        message: 'Invalid status. Must be draft, published, or scheduled',
+      });
+    }
+
+    if (pageData.status === 'scheduled' && !pageData.published_at) {
+      errors.push({
+        field: 'published_at',
+        message: 'published_at is required when status is scheduled',
+      });
+    }
+
+    if (pageData.published_at) {
+      const publishDate = new Date(pageData.published_at);
+      if (isNaN(publishDate.getTime())) {
+        errors.push({ field: 'published_at', message: 'Invalid date format' });
+      } else if (pageData.status === 'scheduled' && publishDate <= new Date()) {
+        errors.push({ field: 'published_at', message: 'Scheduled date must be in the future' });
+      }
+    }
+
+    if (errors.length > 0) {
+      throw new ValidationError('Page validation failed', errors);
+    }
+  },
+
+  validateNewsletterData(newsletterData) {
+    const errors = [];
+
+    if (!newsletterData.name || newsletterData.name.trim().length === 0) {
+      errors.push({ field: 'name', message: 'Newsletter name is required' });
+    }
+
+    if (errors.length > 0) {
+      throw new ValidationError('Newsletter validation failed', errors);
+    }
+  },
 };
 
 /**
@@ -367,6 +418,218 @@ export async function searchPosts(query, options = {}) {
   }
 }
 
+/**
+ * Page CRUD Operations
+ * Pages are similar to posts but do NOT support tags
+ */
+
+export async function createPage(pageData, options = { source: 'html' }) {
+  // Validate input
+  validators.validatePageData(pageData);
+
+  // Add defaults
+  const dataWithDefaults = {
+    status: 'draft',
+    ...pageData,
+  };
+
+  // Sanitize HTML content if provided (use same sanitization as posts)
+  if (dataWithDefaults.html) {
+    dataWithDefaults.html = sanitizeHtml(dataWithDefaults.html, {
+      allowedTags: [
+        'h1',
+        'h2',
+        'h3',
+        'h4',
+        'h5',
+        'h6',
+        'blockquote',
+        'p',
+        'a',
+        'ul',
+        'ol',
+        'nl',
+        'li',
+        'b',
+        'i',
+        'strong',
+        'em',
+        'strike',
+        'code',
+        'hr',
+        'br',
+        'div',
+        'span',
+        'img',
+        'pre',
+      ],
+      allowedAttributes: {
+        a: ['href', 'title'],
+        img: ['src', 'alt', 'title', 'width', 'height'],
+        '*': ['class', 'id'],
+      },
+      allowedSchemes: ['http', 'https', 'mailto'],
+      allowedSchemesByTag: {
+        img: ['http', 'https', 'data'],
+      },
+    });
+  }
+
+  try {
+    return await handleApiRequest('pages', 'add', dataWithDefaults, options);
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 422) {
+      throw new ValidationError('Page creation failed due to validation errors', [
+        { field: 'page', message: error.originalError },
+      ]);
+    }
+    throw error;
+  }
+}
+
+export async function updatePage(pageId, updateData, options = {}) {
+  if (!pageId) {
+    throw new ValidationError('Page ID is required for update');
+  }
+
+  // Sanitize HTML if being updated
+  if (updateData.html) {
+    updateData.html = sanitizeHtml(updateData.html, {
+      allowedTags: [
+        'h1',
+        'h2',
+        'h3',
+        'h4',
+        'h5',
+        'h6',
+        'blockquote',
+        'p',
+        'a',
+        'ul',
+        'ol',
+        'nl',
+        'li',
+        'b',
+        'i',
+        'strong',
+        'em',
+        'strike',
+        'code',
+        'hr',
+        'br',
+        'div',
+        'span',
+        'img',
+        'pre',
+      ],
+      allowedAttributes: {
+        a: ['href', 'title'],
+        img: ['src', 'alt', 'title', 'width', 'height'],
+        '*': ['class', 'id'],
+      },
+      allowedSchemes: ['http', 'https', 'mailto'],
+      allowedSchemesByTag: {
+        img: ['http', 'https', 'data'],
+      },
+    });
+  }
+
+  try {
+    // Get existing page to retrieve updated_at for conflict resolution
+    const existingPage = await handleApiRequest('pages', 'read', { id: pageId });
+
+    // Merge existing data with updates, preserving updated_at
+    const mergedData = {
+      ...existingPage,
+      ...updateData,
+      updated_at: existingPage.updated_at,
+    };
+
+    return await handleApiRequest('pages', 'edit', mergedData, { id: pageId, ...options });
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 404) {
+      throw new NotFoundError('Page', pageId);
+    }
+    throw error;
+  }
+}
+
+export async function deletePage(pageId) {
+  if (!pageId) {
+    throw new ValidationError('Page ID is required for delete');
+  }
+
+  try {
+    return await handleApiRequest('pages', 'delete', { id: pageId });
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 404) {
+      throw new NotFoundError('Page', pageId);
+    }
+    throw error;
+  }
+}
+
+export async function getPage(pageId, options = {}) {
+  if (!pageId) {
+    throw new ValidationError('Page ID is required');
+  }
+
+  try {
+    return await handleApiRequest('pages', 'read', { id: pageId }, options);
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 404) {
+      throw new NotFoundError('Page', pageId);
+    }
+    throw error;
+  }
+}
+
+export async function getPages(options = {}) {
+  const defaultOptions = {
+    limit: 15,
+    include: 'authors',
+    ...options,
+  };
+
+  try {
+    return await handleApiRequest('pages', 'browse', {}, defaultOptions);
+  } catch (error) {
+    console.error('Failed to get pages:', error);
+    throw error;
+  }
+}
+
+export async function searchPages(query, options = {}) {
+  // Validate query
+  if (!query || query.trim().length === 0) {
+    throw new ValidationError('Search query is required');
+  }
+
+  // Sanitize query - escape special NQL characters to prevent injection
+  const sanitizedQuery = query.replace(/\\/g, '\\\\').replace(/'/g, "\\'");
+
+  // Build filter with fuzzy title match using Ghost NQL
+  const filterParts = [`title:~'${sanitizedQuery}'`];
+
+  // Add status filter if provided and not 'all'
+  if (options.status && options.status !== 'all') {
+    filterParts.push(`status:${options.status}`);
+  }
+
+  const searchOptions = {
+    limit: options.limit || 15,
+    include: 'authors',
+    filter: filterParts.join('+'),
+  };
+
+  try {
+    return await handleApiRequest('pages', 'browse', {}, searchOptions);
+  } catch (error) {
+    console.error('Failed to search pages:', error);
+    throw error;
+  }
+}
+
 export async function uploadImage(imagePath) {
   // Validate input
   await validators.validateImagePath(imagePath);
@@ -488,6 +751,103 @@ export async function deleteTag(tagId) {
   }
 }
 
+/**
+ * Newsletter CRUD Operations
+ */
+
+export async function getNewsletters(options = {}) {
+  const defaultOptions = {
+    limit: 'all',
+    ...options,
+  };
+
+  try {
+    const newsletters = await handleApiRequest('newsletters', 'browse', {}, defaultOptions);
+    return newsletters || [];
+  } catch (error) {
+    console.error('Failed to get newsletters:', error);
+    throw error;
+  }
+}
+
+export async function getNewsletter(newsletterId) {
+  if (!newsletterId) {
+    throw new ValidationError('Newsletter ID is required');
+  }
+
+  try {
+    return await handleApiRequest('newsletters', 'read', { id: newsletterId });
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 404) {
+      throw new NotFoundError('Newsletter', newsletterId);
+    }
+    throw error;
+  }
+}
+
+export async function createNewsletter(newsletterData) {
+  // Validate input
+  validators.validateNewsletterData(newsletterData);
+
+  try {
+    return await handleApiRequest('newsletters', 'add', newsletterData);
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 422) {
+      throw new ValidationError('Newsletter creation failed', [
+        { field: 'newsletter', message: error.originalError },
+      ]);
+    }
+    throw error;
+  }
+}
+
+export async function updateNewsletter(newsletterId, updateData) {
+  if (!newsletterId) {
+    throw new ValidationError('Newsletter ID is required for update');
+  }
+
+  try {
+    // Get existing newsletter to retrieve updated_at for conflict resolution
+    const existingNewsletter = await handleApiRequest('newsletters', 'read', {
+      id: newsletterId,
+    });
+
+    // Merge existing data with updates, preserving updated_at
+    const mergedData = {
+      ...existingNewsletter,
+      ...updateData,
+      updated_at: existingNewsletter.updated_at,
+    };
+
+    return await handleApiRequest('newsletters', 'edit', mergedData, { id: newsletterId });
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 404) {
+      throw new NotFoundError('Newsletter', newsletterId);
+    }
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 422) {
+      throw new ValidationError('Newsletter update failed', [
+        { field: 'newsletter', message: error.originalError },
+      ]);
+    }
+    throw error;
+  }
+}
+
+export async function deleteNewsletter(newsletterId) {
+  if (!newsletterId) {
+    throw new ValidationError('Newsletter ID is required for deletion');
+  }
+
+  try {
+    return await handleApiRequest('newsletters', 'delete', newsletterId);
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 404) {
+      throw new NotFoundError('Newsletter', newsletterId);
+    }
+    throw error;
+  }
+}
+
 /**
  * Health check for Ghost API connection
  */
@@ -527,11 +887,22 @@ export default {
   getPost,
   getPosts,
   searchPosts,
+  createPage,
+  updatePage,
+  deletePage,
+  getPage,
+  getPages,
+  searchPages,
   uploadImage,
   createTag,
   getTags,
   getTag,
   updateTag,
   deleteTag,
+  getNewsletters,
+  getNewsletter,
+  createNewsletter,
+  updateNewsletter,
+  deleteNewsletter,
   checkHealth,
 };

package/src/services/newsletterService.js

@@ -0,0 +1,47 @@
+import Joi from 'joi';
+import { createContextLogger } from '../utils/logger.js';
+import { createNewsletter as createGhostNewsletter } from './ghostServiceImproved.js';
+
+/**
+ * Validation schema for newsletter input
+ */
+const newsletterInputSchema = Joi.object({
+  name: Joi.string().required(),
+  description: Joi.string().optional(),
+  sender_name: Joi.string().optional(),
+  sender_email: Joi.string().email().optional(),
+  sender_reply_to: Joi.string().valid('newsletter', 'support').optional(),
+  subscribe_on_signup: Joi.boolean().strict().optional(),
+  show_header_icon: Joi.boolean().strict().optional(),
+  show_header_title: Joi.boolean().strict().optional(),
+});
+
+/**
+ * Service layer function to handle the business logic of creating a newsletter.
+ * Validates input and creates a newsletter in Ghost CMS.
+ * @param {object} newsletterInput - Data received from the controller.
+ * @returns {Promise<object>} The created newsletter object from the Ghost API.
+ */
+const createNewsletterService = async (newsletterInput) => {
+  const logger = createContextLogger('newsletter-service');
+
+  // Validate input
+  const { error, value: validatedInput } = newsletterInputSchema.validate(newsletterInput);
+  if (error) {
+    logger.error('Newsletter input validation failed', {
+      error: error.details[0].message,
+      inputKeys: Object.keys(newsletterInput),
+    });
+    throw new Error(`Invalid newsletter input: ${error.details[0].message}`);
+  }
+
+  logger.info('Creating Ghost newsletter', {
+    name: validatedInput.name,
+    hasSenderEmail: !!validatedInput.sender_email,
+  });
+
+  const newNewsletter = await createGhostNewsletter(validatedInput);
+  return newNewsletter;
+};
+
+export { createNewsletterService };

package/src/services/pageService.js

@@ -0,0 +1,121 @@
+import sanitizeHtml from 'sanitize-html';
+import Joi from 'joi';
+import { createContextLogger } from '../utils/logger.js';
+import { createPage as createGhostPage } from './ghostServiceImproved.js';
+
+/**
+ * Helper to generate a simple meta description from HTML content.
+ * Uses sanitize-html to safely strip HTML tags and truncates.
+ * @param {string} htmlContent - The HTML content of the page.
+ * @param {number} maxLength - The maximum length of the description.
+ * @returns {string} A plain text truncated description.
+ */
+const generateSimpleMetaDescription = (htmlContent, maxLength = 500) => {
+  if (!htmlContent) return '';
+
+  // Use sanitize-html to safely remove all HTML tags
+  // This prevents ReDoS attacks and properly handles malformed HTML
+  const textContent = sanitizeHtml(htmlContent, {
+    allowedTags: [], // Remove all HTML tags
+    allowedAttributes: {},
+    textFilter: function (text) {
+      return text.replace(/\s\s+/g, ' ').trim();
+    },
+  });
+
+  // Truncate and add ellipsis if needed
+  return textContent.length > maxLength
+    ? textContent.substring(0, maxLength - 3) + '...'
+    : textContent;
+};
+
+/**
+ * Validation schema for page input
+ * Pages are similar to posts but do NOT support tags
+ */
+const pageInputSchema = Joi.object({
+  title: Joi.string().max(255).required(),
+  html: Joi.string().required(),
+  custom_excerpt: Joi.string().max(500).optional(),
+  status: Joi.string().valid('draft', 'published', 'scheduled').optional(),
+  published_at: Joi.string().isoDate().optional(),
+  // NO tags field - pages don't support tags
+  feature_image: Joi.string().uri().optional(),
+  feature_image_alt: Joi.string().max(255).optional(),
+  feature_image_caption: Joi.string().max(500).optional(),
+  meta_title: Joi.string().max(70).optional(),
+  meta_description: Joi.string().max(160).optional(),
+});
+
+/**
+ * Service layer function to handle the business logic of creating a page.
+ * Transforms input data, generates metadata defaults.
+ * Note: Pages do NOT support tags (unlike posts).
+ * @param {object} pageInput - Data received from the controller.
+ * @returns {Promise<object>} The created page object from the Ghost API.
+ */
+const createPageService = async (pageInput) => {
+  const logger = createContextLogger('page-service');
+
+  // Validate input to prevent format string vulnerabilities
+  const { error, value: validatedInput } = pageInputSchema.validate(pageInput);
+  if (error) {
+    logger.error('Page input validation failed', {
+      error: error.details[0].message,
+      inputKeys: Object.keys(pageInput),
+    });
+    throw new Error(`Invalid page input: ${error.details[0].message}`);
+  }
+
+  const {
+    title,
+    html,
+    custom_excerpt,
+    status,
+    published_at,
+    // NO tags destructuring - pages don't support tags
+    feature_image,
+    feature_image_alt,
+    feature_image_caption,
+    meta_title,
+    meta_description,
+  } = validatedInput;
+
+  // NO tag resolution section (removed from postService)
+  // Pages do not support tags in Ghost CMS
+
+  // Metadata defaults
+  const finalMetaTitle = meta_title || title;
+  const finalMetaDescription =
+    meta_description || custom_excerpt || generateSimpleMetaDescription(html);
+  const truncatedMetaDescription =
+    finalMetaDescription.length > 500
+      ? finalMetaDescription.substring(0, 497) + '...'
+      : finalMetaDescription;
+
+  // Prepare data for Ghost API
+  const pageDataForApi = {
+    title,
+    html,
+    custom_excerpt,
+    status: status || 'draft',
+    published_at,
+    // NO tags field
+    feature_image,
+    feature_image_alt,
+    feature_image_caption,
+    meta_title: finalMetaTitle,
+    meta_description: truncatedMetaDescription,
+  };
+
+  logger.info('Creating Ghost page', {
+    title: pageDataForApi.title,
+    status: pageDataForApi.status,
+    hasFeatureImage: !!pageDataForApi.feature_image,
+  });
+
+  const newPage = await createGhostPage(pageDataForApi);
+  return newPage;
+};
+
+export { createPageService };