@jgardner04/ghost-mcp-server 1.7.0 → 1.9.0

package/src/services/__tests__/memberService.test.js

@@ -0,0 +1,245 @@
+import { describe, it, expect } from 'vitest';
+import { validateMemberData, validateMemberUpdateData } from '../memberService.js';
+
+describe('memberService - Validation', () => {
+  describe('validateMemberData', () => {
+    it('should validate required email field', () => {
+      expect(() => validateMemberData({})).toThrow('Member validation failed');
+      expect(() => validateMemberData({ email: '' })).toThrow('Member validation failed');
+      expect(() => validateMemberData({ email: '   ' })).toThrow('Member validation failed');
+    });
+
+    it('should validate email format', () => {
+      expect(() => validateMemberData({ email: 'invalid-email' })).toThrow(
+        'Member validation failed'
+      );
+      expect(() => validateMemberData({ email: 'test@' })).toThrow('Member validation failed');
+      expect(() => validateMemberData({ email: '@test.com' })).toThrow('Member validation failed');
+    });
+
+    it('should accept valid email', () => {
+      expect(() => validateMemberData({ email: 'test@example.com' })).not.toThrow();
+    });
+
+    it('should accept optional name field', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', name: 'John Doe' })
+      ).not.toThrow();
+    });
+
+    it('should accept optional note field', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', note: 'Test note' })
+      ).not.toThrow();
+    });
+
+    it('should accept optional labels array', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', labels: ['premium', 'newsletter'] })
+      ).not.toThrow();
+    });
+
+    it('should validate labels is an array', () => {
+      expect(() => validateMemberData({ email: 'test@example.com', labels: 'premium' })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should accept optional newsletters array', () => {
+      expect(() =>
+        validateMemberData({
+          email: 'test@example.com',
+          newsletters: [{ id: 'newsletter-1' }],
+        })
+      ).not.toThrow();
+    });
+
+    it('should validate newsletter objects have id field', () => {
+      expect(() =>
+        validateMemberData({
+          email: 'test@example.com',
+          newsletters: [{ name: 'Newsletter' }],
+        })
+      ).toThrow('Member validation failed');
+    });
+
+    it('should accept optional subscribed boolean', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', subscribed: true })
+      ).not.toThrow();
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', subscribed: false })
+      ).not.toThrow();
+    });
+
+    it('should validate subscribed is a boolean', () => {
+      expect(() => validateMemberData({ email: 'test@example.com', subscribed: 'yes' })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should validate name length', () => {
+      const longName = 'a'.repeat(192); // Exceeds MAX_NAME_LENGTH (191)
+      expect(() => validateMemberData({ email: 'test@example.com', name: longName })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should accept name at max length', () => {
+      const maxName = 'a'.repeat(191); // At MAX_NAME_LENGTH
+      expect(() => validateMemberData({ email: 'test@example.com', name: maxName })).not.toThrow();
+    });
+
+    it('should validate note length', () => {
+      const longNote = 'a'.repeat(2001); // Exceeds MAX_NOTE_LENGTH (2000)
+      expect(() => validateMemberData({ email: 'test@example.com', note: longNote })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should accept note at max length', () => {
+      const maxNote = 'a'.repeat(2000); // At MAX_NOTE_LENGTH
+      expect(() => validateMemberData({ email: 'test@example.com', note: maxNote })).not.toThrow();
+    });
+
+    it('should sanitize HTML in note field', () => {
+      const memberData = {
+        email: 'test@example.com',
+        note: '<script>alert("xss")</script>Test note',
+      };
+      validateMemberData(memberData);
+      expect(memberData.note).toBe('Test note'); // HTML should be stripped
+    });
+
+    it('should validate label length', () => {
+      const longLabel = 'a'.repeat(192); // Exceeds MAX_LABEL_LENGTH (191)
+      expect(() => validateMemberData({ email: 'test@example.com', labels: [longLabel] })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should reject empty string labels', () => {
+      expect(() => validateMemberData({ email: 'test@example.com', labels: [''] })).toThrow(
+        'Member validation failed'
+      );
+      expect(() => validateMemberData({ email: 'test@example.com', labels: ['  '] })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should reject non-string labels', () => {
+      expect(() => validateMemberData({ email: 'test@example.com', labels: [123] })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should reject empty newsletter IDs', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', newsletters: [{ id: '' }] })
+      ).toThrow('Member validation failed');
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', newsletters: [{ id: '  ' }] })
+      ).toThrow('Member validation failed');
+    });
+  });
+
+  describe('validateMemberUpdateData', () => {
+    it('should validate email format if provided', () => {
+      expect(() => validateMemberUpdateData({ email: 'invalid-email' })).toThrow(
+        'Member validation failed'
+      );
+      expect(() => validateMemberUpdateData({ email: 'test@example.com' })).not.toThrow();
+    });
+
+    it('should accept update with only name', () => {
+      expect(() => validateMemberUpdateData({ name: 'John Doe' })).not.toThrow();
+    });
+
+    it('should accept update with only note', () => {
+      expect(() => validateMemberUpdateData({ note: 'Updated note' })).not.toThrow();
+    });
+
+    it('should accept update with only labels', () => {
+      expect(() => validateMemberUpdateData({ labels: ['premium'] })).not.toThrow();
+    });
+
+    it('should validate labels is an array if provided', () => {
+      expect(() => validateMemberUpdateData({ labels: 'premium' })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should accept update with only newsletters', () => {
+      expect(() =>
+        validateMemberUpdateData({ newsletters: [{ id: 'newsletter-1' }] })
+      ).not.toThrow();
+    });
+
+    it('should validate newsletter objects have id field if provided', () => {
+      expect(() => validateMemberUpdateData({ newsletters: [{ name: 'Newsletter' }] })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should allow empty update object', () => {
+      expect(() => validateMemberUpdateData({})).not.toThrow();
+    });
+
+    it('should validate name length in updates', () => {
+      const longName = 'a'.repeat(192); // Exceeds MAX_NAME_LENGTH (191)
+      expect(() => validateMemberUpdateData({ name: longName })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should accept name at max length in updates', () => {
+      const maxName = 'a'.repeat(191); // At MAX_NAME_LENGTH
+      expect(() => validateMemberUpdateData({ name: maxName })).not.toThrow();
+    });
+
+    it('should validate note length in updates', () => {
+      const longNote = 'a'.repeat(2001); // Exceeds MAX_NOTE_LENGTH (2000)
+      expect(() => validateMemberUpdateData({ note: longNote })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should accept note at max length in updates', () => {
+      const maxNote = 'a'.repeat(2000); // At MAX_NOTE_LENGTH
+      expect(() => validateMemberUpdateData({ note: maxNote })).not.toThrow();
+    });
+
+    it('should sanitize HTML in note field for updates', () => {
+      const updateData = { note: '<script>alert("xss")</script>Updated note' };
+      validateMemberUpdateData(updateData);
+      expect(updateData.note).toBe('Updated note'); // HTML should be stripped
+    });
+
+    it('should validate label length in updates', () => {
+      const longLabel = 'a'.repeat(192); // Exceeds MAX_LABEL_LENGTH (191)
+      expect(() => validateMemberUpdateData({ labels: [longLabel] })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should reject empty string labels in updates', () => {
+      expect(() => validateMemberUpdateData({ labels: [''] })).toThrow('Member validation failed');
+      expect(() => validateMemberUpdateData({ labels: ['  '] })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should reject non-string labels in updates', () => {
+      expect(() => validateMemberUpdateData({ labels: [123] })).toThrow('Member validation failed');
+    });
+
+    it('should reject empty newsletter IDs in updates', () => {
+      expect(() => validateMemberUpdateData({ newsletters: [{ id: '' }] })).toThrow(
+        'Member validation failed'
+      );
+      expect(() => validateMemberUpdateData({ newsletters: [{ id: '  ' }] })).toThrow(
+        'Member validation failed'
+      );
+    });
+  });
+});

package/src/services/ghostServiceImproved.js

@@ -772,6 +772,110 @@ export async function deleteTag(tagId) {
   }
 }
 
+/**
+ * Member CRUD Operations
+ * Members represent subscribers/users in Ghost CMS
+ */
+
+/**
+ * Creates a new member (subscriber) in Ghost CMS
+ * @param {Object} memberData - The member data
+ * @param {string} memberData.email - Member email (required)
+ * @param {string} [memberData.name] - Member name
+ * @param {string} [memberData.note] - Notes about the member (HTML will be sanitized)
+ * @param {string[]} [memberData.labels] - Array of label names
+ * @param {Object[]} [memberData.newsletters] - Array of newsletter objects with id
+ * @param {boolean} [memberData.subscribed] - Email subscription status
+ * @param {Object} [options] - Additional options for the API request
+ * @returns {Promise<Object>} The created member object
+ * @throws {ValidationError} If validation fails
+ * @throws {GhostAPIError} If the API request fails
+ */
+export async function createMember(memberData, options = {}) {
+  // Import and validate input
+  const { validateMemberData } = await import('./memberService.js');
+  validateMemberData(memberData);
+
+  try {
+    return await handleApiRequest('members', 'add', memberData, options);
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 422) {
+      throw new ValidationError('Member creation failed due to validation errors', [
+        { field: 'member', message: error.originalError },
+      ]);
+    }
+    throw error;
+  }
+}
+
+/**
+ * Updates an existing member in Ghost CMS
+ * @param {string} memberId - The member ID to update
+ * @param {Object} updateData - The member update data
+ * @param {string} [updateData.email] - Member email
+ * @param {string} [updateData.name] - Member name
+ * @param {string} [updateData.note] - Notes about the member (HTML will be sanitized)
+ * @param {string[]} [updateData.labels] - Array of label names
+ * @param {Object[]} [updateData.newsletters] - Array of newsletter objects with id
+ * @param {boolean} [updateData.subscribed] - Email subscription status
+ * @param {Object} [options] - Additional options for the API request
+ * @returns {Promise<Object>} The updated member object
+ * @throws {ValidationError} If validation fails
+ * @throws {NotFoundError} If the member is not found
+ * @throws {GhostAPIError} If the API request fails
+ */
+export async function updateMember(memberId, updateData, options = {}) {
+  if (!memberId) {
+    throw new ValidationError('Member ID is required for update');
+  }
+
+  // Import and validate update data
+  const { validateMemberUpdateData } = await import('./memberService.js');
+  validateMemberUpdateData(updateData);
+
+  try {
+    // Get existing member to retrieve updated_at for conflict resolution
+    const existingMember = await handleApiRequest('members', 'read', { id: memberId });
+
+    // Merge existing data with updates, preserving updated_at
+    const mergedData = {
+      ...existingMember,
+      ...updateData,
+      updated_at: existingMember.updated_at,
+    };
+
+    return await handleApiRequest('members', 'edit', mergedData, { id: memberId, ...options });
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 404) {
+      throw new NotFoundError('Member', memberId);
+    }
+    throw error;
+  }
+}
+
+/**
+ * Deletes a member from Ghost CMS
+ * @param {string} memberId - The member ID to delete
+ * @returns {Promise<Object>} Deletion confirmation object
+ * @throws {ValidationError} If member ID is not provided
+ * @throws {NotFoundError} If the member is not found
+ * @throws {GhostAPIError} If the API request fails
+ */
+export async function deleteMember(memberId) {
+  if (!memberId) {
+    throw new ValidationError('Member ID is required for deletion');
+  }
+
+  try {
+    return await handleApiRequest('members', 'delete', { id: memberId });
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 404) {
+      throw new NotFoundError('Member', memberId);
+    }
+    throw error;
+  }
+}
+
 /**
  * Newsletter CRUD Operations
  */
@@ -920,6 +1024,9 @@ export default {
   getTag,
   updateTag,
   deleteTag,
+  createMember,
+  updateMember,
+  deleteMember,
   getNewsletters,
   getNewsletter,
   createNewsletter,

package/src/services/memberService.js

@@ -0,0 +1,202 @@
+import sanitizeHtml from 'sanitize-html';
+import { ValidationError } from '../errors/index.js';
+
+/**
+ * Email validation regex
+ * Simple but effective email validation
+ */
+const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+
+/**
+ * Maximum length constants (following Ghost's database constraints)
+ */
+const MAX_NAME_LENGTH = 191; // Ghost's typical varchar limit
+const MAX_NOTE_LENGTH = 2000; // Reasonable limit for notes
+const MAX_LABEL_LENGTH = 191; // Label name limit
+
+/**
+ * Validates member data for creation
+ * @param {Object} memberData - The member data to validate
+ * @throws {ValidationError} If validation fails
+ */
+export function validateMemberData(memberData) {
+  const errors = [];
+
+  // Email is required and must be valid
+  if (!memberData.email || memberData.email.trim().length === 0) {
+    errors.push({ field: 'email', message: 'Email is required' });
+  } else if (!EMAIL_REGEX.test(memberData.email)) {
+    errors.push({ field: 'email', message: 'Invalid email format' });
+  }
+
+  // Name is optional but must be a string with valid length if provided
+  if (memberData.name !== undefined) {
+    if (typeof memberData.name !== 'string') {
+      errors.push({ field: 'name', message: 'Name must be a string' });
+    } else if (memberData.name.length > MAX_NAME_LENGTH) {
+      errors.push({ field: 'name', message: `Name must not exceed ${MAX_NAME_LENGTH} characters` });
+    }
+  }
+
+  // Note is optional but must be a string with valid length if provided
+  // Sanitize HTML to prevent XSS attacks
+  if (memberData.note !== undefined) {
+    if (typeof memberData.note !== 'string') {
+      errors.push({ field: 'note', message: 'Note must be a string' });
+    } else {
+      if (memberData.note.length > MAX_NOTE_LENGTH) {
+        errors.push({
+          field: 'note',
+          message: `Note must not exceed ${MAX_NOTE_LENGTH} characters`,
+        });
+      }
+      // Sanitize HTML content - strip all HTML tags for notes
+      memberData.note = sanitizeHtml(memberData.note, {
+        allowedTags: [], // Strip all HTML
+        allowedAttributes: {},
+      });
+    }
+  }
+
+  // Labels is optional but must be an array of valid strings if provided
+  if (memberData.labels !== undefined) {
+    if (!Array.isArray(memberData.labels)) {
+      errors.push({ field: 'labels', message: 'Labels must be an array' });
+    } else {
+      // Validate each label is a non-empty string within length limit
+      const invalidLabels = memberData.labels.filter(
+        (label) =>
+          typeof label !== 'string' || label.trim().length === 0 || label.length > MAX_LABEL_LENGTH
+      );
+      if (invalidLabels.length > 0) {
+        errors.push({
+          field: 'labels',
+          message: `Each label must be a non-empty string (max ${MAX_LABEL_LENGTH} characters)`,
+        });
+      }
+    }
+  }
+
+  // Newsletters is optional but must be an array of objects with valid id field
+  if (memberData.newsletters !== undefined) {
+    if (!Array.isArray(memberData.newsletters)) {
+      errors.push({ field: 'newsletters', message: 'Newsletters must be an array' });
+    } else {
+      // Validate each newsletter has a non-empty string id
+      const invalidNewsletters = memberData.newsletters.filter(
+        (newsletter) =>
+          !newsletter.id || typeof newsletter.id !== 'string' || newsletter.id.trim().length === 0
+      );
+      if (invalidNewsletters.length > 0) {
+        errors.push({
+          field: 'newsletters',
+          message: 'Each newsletter must have a non-empty id field',
+        });
+      }
+    }
+  }
+
+  // Subscribed is optional but must be a boolean if provided
+  if (memberData.subscribed !== undefined && typeof memberData.subscribed !== 'boolean') {
+    errors.push({ field: 'subscribed', message: 'Subscribed must be a boolean' });
+  }
+
+  if (errors.length > 0) {
+    throw new ValidationError('Member validation failed', errors);
+  }
+}
+
+/**
+ * Validates member data for update
+ * All fields are optional for updates, but if provided they must be valid
+ * @param {Object} updateData - The member update data to validate
+ * @throws {ValidationError} If validation fails
+ */
+export function validateMemberUpdateData(updateData) {
+  const errors = [];
+
+  // Email is optional for update but must be valid if provided
+  if (updateData.email !== undefined) {
+    if (typeof updateData.email !== 'string' || updateData.email.trim().length === 0) {
+      errors.push({ field: 'email', message: 'Email must be a non-empty string' });
+    } else if (!EMAIL_REGEX.test(updateData.email)) {
+      errors.push({ field: 'email', message: 'Invalid email format' });
+    }
+  }
+
+  // Name is optional but must be a string with valid length if provided
+  if (updateData.name !== undefined) {
+    if (typeof updateData.name !== 'string') {
+      errors.push({ field: 'name', message: 'Name must be a string' });
+    } else if (updateData.name.length > MAX_NAME_LENGTH) {
+      errors.push({ field: 'name', message: `Name must not exceed ${MAX_NAME_LENGTH} characters` });
+    }
+  }
+
+  // Note is optional but must be a string with valid length if provided
+  // Sanitize HTML to prevent XSS attacks
+  if (updateData.note !== undefined) {
+    if (typeof updateData.note !== 'string') {
+      errors.push({ field: 'note', message: 'Note must be a string' });
+    } else {
+      if (updateData.note.length > MAX_NOTE_LENGTH) {
+        errors.push({
+          field: 'note',
+          message: `Note must not exceed ${MAX_NOTE_LENGTH} characters`,
+        });
+      }
+      // Sanitize HTML content - strip all HTML tags for notes
+      updateData.note = sanitizeHtml(updateData.note, {
+        allowedTags: [], // Strip all HTML
+        allowedAttributes: {},
+      });
+    }
+  }
+
+  // Labels is optional but must be an array of valid strings if provided
+  if (updateData.labels !== undefined) {
+    if (!Array.isArray(updateData.labels)) {
+      errors.push({ field: 'labels', message: 'Labels must be an array' });
+    } else {
+      // Validate each label is a non-empty string within length limit
+      const invalidLabels = updateData.labels.filter(
+        (label) =>
+          typeof label !== 'string' || label.trim().length === 0 || label.length > MAX_LABEL_LENGTH
+      );
+      if (invalidLabels.length > 0) {
+        errors.push({
+          field: 'labels',
+          message: `Each label must be a non-empty string (max ${MAX_LABEL_LENGTH} characters)`,
+        });
+      }
+    }
+  }
+
+  // Newsletters is optional but must be an array of objects with valid id field
+  if (updateData.newsletters !== undefined) {
+    if (!Array.isArray(updateData.newsletters)) {
+      errors.push({ field: 'newsletters', message: 'Newsletters must be an array' });
+    } else {
+      // Validate each newsletter has a non-empty string id
+      const invalidNewsletters = updateData.newsletters.filter(
+        (newsletter) =>
+          !newsletter.id || typeof newsletter.id !== 'string' || newsletter.id.trim().length === 0
+      );
+      if (invalidNewsletters.length > 0) {
+        errors.push({
+          field: 'newsletters',
+          message: 'Each newsletter must have a non-empty id field',
+        });
+      }
+    }
+  }
+
+  if (errors.length > 0) {
+    throw new ValidationError('Member validation failed', errors);
+  }
+}
+
+export default {
+  validateMemberData,
+  validateMemberUpdateData,
+};