npm - ghost - Versions diffs - 4.13.0 → 4.16.0 - Mend

ghost 4.13.0 → 4.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (112) hide show

package/core/server/api/v3/members.js CHANGED Viewed

@@ -125,7 +125,10 @@ module.exports = {
                 member = await membersService.api.members.create(frame.data.members[0], frame.options);
                 if (frame.data.members[0].stripe_customer_id) {
-                    await membersService.api.members.linkStripeCustomer(frame.data.members[0].stripe_customer_id, member);
+                    await membersService.api.members.linkStripeCustomer({
+                        customer_id: frame.data.members[0].stripe_customer_id,
+                        member_id: member.id
+                    });
                 }
                 if (frame.data.members[0].comped) {

package/core/server/api/v3/schedules.js CHANGED Viewed

@@ -1,11 +1,6 @@
-const _ = require('lodash');
-const moment = require('moment');
-const config = require('../../../shared/config');
 const models = require('../../models');
-const urlUtils = require('../../../shared/url-utils');
-const i18n = require('../../../shared/i18n');
-const errors = require('@tryghost/errors');
-const api = require('./index');
+const postSchedulingService = require('../../services/posts/post-scheduling-service')('v3');
 module.exports = {
     docName: 'schedules',
@@ -32,11 +27,8 @@ module.exports = {
         permissions: {
             docName: 'posts'
         },
-        query(frame) {
-            let resource;
+        async query(frame) {
             const resourceType = frame.options.resource;
-            const publishAPostBySchedulerToleranceInMinutes = config.get('times').publishAPostBySchedulerToleranceInMinutes;
             const options = {
                 status: 'scheduled',
                 id: frame.options.id,
@@ -45,53 +37,13 @@ module.exports = {
                 }
             };
-            return api[resourceType].read({id: frame.options.id}, options)
-                .then((result) => {
-                    resource = result[resourceType][0];
-                    const publishedAtMoment = moment(resource.published_at);
-                    if (publishedAtMoment.diff(moment(), 'minutes') > publishAPostBySchedulerToleranceInMinutes) {
-                        return Promise.reject(new errors.NotFoundError({message: i18n.t('errors.api.job.notFound')}));
-                    }
-                    if (publishedAtMoment.diff(moment(), 'minutes') < publishAPostBySchedulerToleranceInMinutes * -1 && frame.data.force !== true) {
-                        return Promise.reject(new errors.NotFoundError({message: i18n.t('errors.api.job.publishInThePast')}));
-                    }
+            const {scheduledResource, preScheduledResource} = await postSchedulingService.publish(resourceType, frame.options.id, frame.data.force, options);
+            const cacheInvalidate = postSchedulingService.handleCacheInvalidation(scheduledResource, preScheduledResource);
+            this.headers.cacheInvalidate = cacheInvalidate;
-                    const editedResource = {};
-                    editedResource[resourceType] = [{
-                        status: 'published',
-                        updated_at: moment(resource.updated_at).toISOString(true)
-                    }];
-                    return api[resourceType].edit(
-                        editedResource,
-                        _.pick(options, ['context', 'id', 'transacting', 'forUpdate'])
-                    );
-                })
-                .then((result) => {
-                    const scheduledResource = result[resourceType][0];
-                    if (
-                        (scheduledResource.status === 'published' && resource.status !== 'published') ||
-                        (scheduledResource.status === 'draft' && resource.status === 'published')
-                    ) {
-                        this.headers.cacheInvalidate = true;
-                    } else if (
-                        (scheduledResource.status === 'draft' && resource.status !== 'published') ||
-                        (scheduledResource.status === 'scheduled' && resource.status !== 'scheduled')
-                    ) {
-                        this.headers.cacheInvalidate = {
-                            value: urlUtils.urlFor({
-                                relativeUrl: urlUtils.urlJoin('/p', scheduledResource.uuid, '/')
-                            })
-                        };
-                    } else {
-                        this.headers.cacheInvalidate = false;
-                    }
-                    return result;
-                });
+            const response = {};
+            response[resourceType] = [scheduledResource];
+            return response;
         }
     },

package/core/server/api/v3/settings.js CHANGED Viewed

@@ -1,15 +1,15 @@
 const Promise = require('bluebird');
 const _ = require('lodash');
-const validator = require('@tryghost/validator');
 const models = require('../../models');
 const routeSettings = require('../../services/route-settings');
 const frontendSettings = require('../../../frontend/services/settings');
 const i18n = require('../../../shared/i18n');
-const {BadRequestError, NoPermissionError, NotFoundError} = require('@tryghost/errors');
+const {BadRequestError, NoPermissionError} = require('@tryghost/errors');
 const settingsService = require('../../services/settings');
-const settingsCache = require('../../../shared/settings-cache');
 const membersService = require('../../services/members');
+const settingsBREADService = settingsService.getSettingsBREADServiceInstance();
 module.exports = {
     docName: 'settings',
@@ -17,26 +17,7 @@ module.exports = {
         options: ['type', 'group'],
         permissions: true,
         query(frame) {
-            let settings = settingsCache.getAll();
-            // CASE: no context passed (functional call)
-            if (!frame.options.context) {
-                return Promise.resolve(settings.filter((setting) => {
-                    return setting.group === 'site';
-                }));
-            }
-            if (!frame.options.context.internal) {
-                // CASE: omit core settings unless internal request
-                settings = _.filter(settings, (setting) => {
-                    const isCore = setting.group === 'core';
-                    return !isCore;
-                });
-                // CASE: omit secret settings unless internal request
-                settings = settings.map(settingsService.hideValueIfSecret);
-            }
-            return settings;
+            return settingsBREADService.browse(frame.options.context);
         }
     },
@@ -55,41 +36,7 @@ module.exports = {
             }
         },
         query(frame) {
-            let setting;
-            if (frame.options.key === 'slack') {
-                const slackURL = settingsCache.get('slack_url', {resolve: false});
-                const slackUsername = settingsCache.get('slack_username', {resolve: false});
-                setting = slackURL || slackUsername;
-                setting.key = 'slack';
-                setting.value = [{
-                    url: slackURL && slackURL.value,
-                    username: slackUsername && slackUsername.value
-                }];
-            } else {
-                setting = settingsCache.get(frame.options.key, {resolve: false});
-            }
-            if (!setting) {
-                return Promise.reject(new NotFoundError({
-                    message: i18n.t('errors.api.settings.problemFindingSetting', {
-                        key: frame.options.key
-                    })
-                }));
-            }
-            // @TODO: handle in settings model permissible fn
-            if (setting.group === 'core' && !(frame.options.context && frame.options.context.internal)) {
-                return Promise.reject(new NoPermissionError({
-                    message: i18n.t('errors.api.settings.accessCoreSettingFromExtReq')
-                }));
-            }
-            setting = settingsService.hideValueIfSecret(setting);
-            return {
-                [frame.options.key]: setting
-            };
+            return settingsBREADService.read(frame.options.key, frame.options.context);
         }
     },
@@ -153,17 +100,7 @@ module.exports = {
         ],
         async query(frame) {
             const {email, type} = frame.data;
-            if (typeof email !== 'string' || !validator.isEmail(email)) {
-                throw new BadRequestError({
-                    message: i18n.t('errors.api.settings.invalidEmailReceived')
-                });
-            }
-            if (!type || !['fromAddressUpdate', 'supportAddressUpdate'].includes(type)) {
-                throw new BadRequestError({
-                    message: 'Invalid email type recieved'
-                });
-            }
             try {
                 // Send magic link to update fromAddress
                 await membersService.settings.sendEmailAddressUpdateMagicLink({
@@ -232,76 +169,20 @@ module.exports = {
             }
         },
         async query(frame) {
+            let stripeConnectData;
             const stripeConnectIntegrationToken = frame.data.settings.find(setting => setting.key === 'stripe_connect_integration_token');
-            const settings = frame.data.settings.filter((setting) => {
-                // The `stripe_connect_integration_token` "setting" is only used to set the `stripe_connect_*` settings.
-                return ![
-                    'stripe_connect_integration_token',
-                    'stripe_connect_publishable_key',
-                    'stripe_connect_secret_key',
-                    'stripe_connect_livemode',
-                    'stripe_connect_account_id',
-                    'stripe_connect_display_name'
-                ].includes(setting.key)
-                // Remove obfuscated settings
-                && !(setting.value === settingsService.obfuscatedSetting && settingsService.isSecretSetting(setting));
-            });
-            const getSetting = setting => settingsCache.get(setting.key, {resolve: false});
-            const firstUnknownSetting = settings.find(setting => !getSetting(setting));
-            if (firstUnknownSetting) {
-                throw new NotFoundError({
-                    message: i18n.t('errors.api.settings.problemFindingSetting', {
-                        key: firstUnknownSetting.key
-                    })
-                });
-            }
-            if (!(frame.options.context && frame.options.context.internal)) {
-                const firstCoreSetting = settings.find(setting => getSetting(setting).group === 'core');
-                if (firstCoreSetting) {
-                    throw new NoPermissionError({
-                        message: i18n.t('errors.api.settings.accessCoreSettingFromExtReq')
-                    });
-                }
-            }
             if (stripeConnectIntegrationToken && stripeConnectIntegrationToken.value) {
                 const getSessionProp = prop => frame.original.session[prop];
-                try {
-                    const data = await membersService.stripeConnect.getStripeConnectTokenData(stripeConnectIntegrationToken.value, getSessionProp);
-                    settings.push({
-                        key: 'stripe_connect_publishable_key',
-                        value: data.public_key
-                    });
-                    settings.push({
-                        key: 'stripe_connect_secret_key',
-                        value: data.secret_key
-                    });
-                    settings.push({
-                        key: 'stripe_connect_livemode',
-                        value: data.livemode
-                    });
-                    settings.push({
-                        key: 'stripe_connect_display_name',
-                        value: data.display_name
-                    });
-                    settings.push({
-                        key: 'stripe_connect_account_id',
-                        value: data.account_id
-                    });
-                } catch (err) {
-                    throw new BadRequestError({
-                        err,
-                        message: 'The Stripe Connect token could not be parsed.'
-                    });
-                }
+                stripeConnectData = await settingsBREADService.getStripeConnectData(
+                    stripeConnectIntegrationToken,
+                    getSessionProp,
+                    membersService.stripeConnect.getStripeConnectTokenData
+                );
             }
-            return models.Settings.edit(settings, frame.options);
+            return await settingsBREADService.edit(frame.data.settings, frame.options, stripeConnectData);
         }
     },

package/core/server/api/v3/utils/validators/input/settings.js CHANGED Viewed

@@ -1,7 +1,13 @@
 const Promise = require('bluebird');
 const _ = require('lodash');
 const i18n = require('../../../../../../shared/i18n');
-const {NotFoundError, ValidationError} = require('@tryghost/errors');
+const {NotFoundError, ValidationError, BadRequestError} = require('@tryghost/errors');
+const validator = require('@tryghost/validator');
+const messages = {
+    invalidEmailReceived: 'Please send a valid email',
+    invalidEmailTypeReceived: 'Invalid email type received'
+};
 module.exports = {
     read(apiConfig, frame) {
@@ -62,5 +68,21 @@ module.exports = {
         if (errors.length) {
             return Promise.reject(errors[0]);
         }
+    },
+    updateMembersEmail(apiConfig, frame) {
+        const {email, type} = frame.data;
+        if (typeof email !== 'string' || !validator.isEmail(email)) {
+            throw new BadRequestError({
+                message: messages.invalidEmailReceived
+            });
+        }
+        if (!type || !['fromAddressUpdate', 'supportAddressUpdate'].includes(type)) {
+            throw new BadRequestError({
+                message: messages.invalidEmailTypeReceived
+            });
+        }
     }
 };

package/core/server/api/v3/webhooks.js CHANGED Viewed

@@ -1,6 +1,11 @@
 const models = require('../../models');
 const i18n = require('../../../shared/i18n');
 const errors = require('@tryghost/errors');
+const getWebhooksServiceInstance = require('../../services/webhooks/webhooks-service');
+const webhooksService = getWebhooksServiceInstance({
+    WebhookModel: models.Webhook
+});
 module.exports = {
     docName: 'webhooks',
@@ -15,34 +20,7 @@ module.exports = {
         data: [],
         permissions: true,
         async query(frame) {
-            const isIntegrationRequest = frame.options.context && frame.options.context.integration && frame.options.context.integration.id;
-            // NOTE: this check can be removed once `webhooks.integration_id` gets foreigh ke constraint (Ghost 4.0)
-            if (!isIntegrationRequest && frame.data.webhooks[0].integration_id) {
-                const integration = await models.Integration.findOne({id: frame.data.webhooks[0].integration_id}, {context: {internal: true}});
-                if (!integration) {
-                    throw new errors.ValidationError({
-                        message: i18n.t('notices.data.validation.index.schemaValidationFailed', {
-                            key: 'integration_id'
-                        }),
-                        context: i18n.t('errors.api.webhooks.nonExistingIntegrationIdProvided.context'),
-                        help: i18n.t('errors.api.webhooks.nonExistingIntegrationIdProvided.help')
-                    });
-                }
-            }
-            const webhook = await models.Webhook.getByEventAndTarget(
-                frame.data.webhooks[0].event,
-                frame.data.webhooks[0].target_url,
-                frame.options
-            );
-            if (webhook) {
-                throw new errors.ValidationError({message: i18n.t('errors.api.webhooks.webhookAlreadyExists')});
-            }
-            return models.Webhook.add(frame.data.webhooks[0], frame.options);
+            return await webhooksService.add(frame.data, frame.options);
         }
     },

package/core/server/data/exporter/table-lists.js CHANGED Viewed

@@ -50,6 +50,7 @@ const TABLES_ALLOWLIST = [
     'roles',
     'roles_users',
     'settings',
+    'custom_theme_settings',
     'tags',
     'users'
 ];