ghost 4.20.2 → 4.22.0

package/core/server/adapters/storage/{LocalFileStorage.js → LocalStorageBase.js}

@@ -1,12 +1,11 @@
-// # Local File System Image Storage module
-// The (default) module for storing images, using the local file system
+// # Local File Base Storage module
+// The (default) module for storing files using the local file system
 const serveStatic = require('../../../shared/express').static;
 
 const fs = require('fs-extra');
 const path = require('path');
 const Promise = require('bluebird');
 const moment = require('moment');
-const config = require('../../../shared/config');
 const tpl = require('@tryghost/tpl');
 const logging = require('@tryghost/logging');
 const errors = require('@tryghost/errors');
@@ -15,68 +14,57 @@ const urlUtils = require('../../../shared/url-utils');
 const StorageBase = require('ghost-storage-base');
 
 const messages = {
-    imageNotFound: 'Image not found',
-    imageNotFoundWithRef: 'Image not found: {img}',
-    cannotReadImage: 'Could not read image: {img}'
+    notFound: 'File not found',
+    notFoundWithRef: 'File not found: {file}',
+    cannotRead: 'Could not read file: {file}'
 };
 
-class LocalFileStore extends StorageBase {
-    constructor() {
-        super();
-
-        this.storagePath = config.getContentPath('images');
-    }
-
+class LocalStorageBase extends StorageBase {
     /**
-     * Saves a buffer in the targetPath
-     * @param {Buffer} buffer is an instance of Buffer
-     * @param {String} targetPath path to which the buffer should be written
-     * @returns {Promise<String>} a URL to retrieve the data
+     *
+     * @param {Object} options
+     * @param {String} options.storagePath
+     * @param {String} [options.staticFileURLPrefix]
+     * @param {Object} [options.errorMessages]
+     * @param {String} [options.errorMessages.notFound]
+     * @param {String} [options.errorMessages.notFoundWithRef]
+     * @param {String} [options.errorMessages.cannotRead]
      */
-    async saveRaw(buffer, targetPath) {
-        const storagePath = path.join(this.storagePath, targetPath);
-        const targetDir = path.dirname(storagePath);
-
-        await fs.mkdirs(targetDir);
-        await fs.writeFile(storagePath, buffer);
-
-        // For local file system storage can use relative path so add a slash
-        const fullUrl = (
-            urlUtils.urlJoin('/', urlUtils.getSubdir(),
-                urlUtils.STATIC_IMAGE_URL_PREFIX,
-                targetPath)
-        ).replace(new RegExp(`\\${path.sep}`, 'g'), '/');
+    constructor({storagePath, staticFileURLPrefix, errorMessages}) {
+        super();
 
-        return fullUrl;
+        this.storagePath = storagePath;
+        this.staticFileURLPrefix = staticFileURLPrefix;
+        this.errorMessages = errorMessages || messages;
     }
 
     /**
-     * Saves the image to storage (the file system)
-     * - image is the express image object
-     * - returns a promise which ultimately returns the full url to the uploaded image
+     * Saves the file to storage (the file system)
+     * - returns a promise which ultimately returns the full url to the uploaded file
      *
-     * @param {StorageBase.Image} image
+     * @param {StorageBase.Image} file
      * @param {String} targetDir
      * @returns {Promise<String>}
      */
-    async save(image, targetDir) {
+    async save(file, targetDir) {
         let targetFilename;
 
         // NOTE: the base implementation of `getTargetDir` returns the format this.storagePath/YYYY/MM
         targetDir = targetDir || this.getTargetDir(this.storagePath);
 
-        const filename = await this.getUniqueFileName(image, targetDir);
+        const filename = await this.getUniqueFileName(file, targetDir);
 
         targetFilename = filename;
         await fs.mkdirs(targetDir);
 
-        await fs.copy(image.path, targetFilename);
+        await fs.copy(file.path, targetFilename);
 
         // The src for the image must be in URI format, not a file system path, which in Windows uses \
         // For local file system storage can use relative path so add a slash
         const fullUrl = (
-            urlUtils.urlJoin('/', urlUtils.getSubdir(),
-                urlUtils.STATIC_IMAGE_URL_PREFIX,
+            urlUtils.urlJoin('/',
+                urlUtils.getSubdir(),
+                this.staticFileURLPrefix,
                 path.relative(this.storagePath, targetFilename))
         ).replace(new RegExp(`\\${path.sep}`, 'g'), '/');
 
@@ -103,7 +91,7 @@ class LocalFileStore extends StorageBase {
      * @returns {serveStaticContent}
      */
     serve() {
-        const {storagePath} = this;
+        const {storagePath, errorMessages} = this;
 
         return function serveStaticContent(req, res, next) {
             const startedAtMoment = moment();
@@ -114,14 +102,14 @@ class LocalFileStore extends StorageBase {
                     maxAge: constants.ONE_YEAR_MS,
                     fallthrough: false,
                     onEnd: () => {
-                        logging.info('LocalFileStorage.serve', req.path, moment().diff(startedAtMoment, 'ms') + 'ms');
+                        logging.info('LocalStorageBase.serve', req.path, moment().diff(startedAtMoment, 'ms') + 'ms');
                     }
                 }
             )(req, res, (err) => {
                 if (err) {
                     if (err.statusCode === 404) {
                         return next(new errors.NotFoundError({
-                            message: tpl(messages.imageNotFound),
+                            message: tpl(errorMessages.notFound),
                             code: 'STATIC_FILE_NOT_FOUND',
                             property: err.path
                         }));
@@ -152,8 +140,8 @@ class LocalFileStore extends StorageBase {
     }
 
     /**
-     * Reads bytes from disk for a target image
-     * - path of target image (without content path!)
+     * Reads bytes from disk for a target file
+     * - path of target file (without content path!)
      *
      * @param options
      */
@@ -171,7 +159,7 @@ class LocalFileStore extends StorageBase {
                     if (err.code === 'ENOENT' || err.code === 'ENOTDIR') {
                         return reject(new errors.NotFoundError({
                             err: err,
-                            message: tpl(messages.imageNotFoundWithRef, {img: options.path})
+                            message: tpl(this.errorMessages.notFoundWithRef, {file: options.path})
                         }));
                     }
 
@@ -185,7 +173,7 @@ class LocalFileStore extends StorageBase {
 
                     return reject(new errors.GhostError({
                         err: err,
-                        message: tpl(messages.cannotReadImage, {img: options.path})
+                        message: tpl(this.errorMessages.cannotRead, {file: options.path})
                     }));
                 }
 
@@ -195,4 +183,4 @@ class LocalFileStore extends StorageBase {
     }
 }
 
-module.exports = LocalFileStore;
+module.exports = LocalStorageBase;

package/core/server/adapters/storage/index.js

@@ -1,7 +1,7 @@
 const adapterManager = require('../../services/adapter-manager');
 
 /**
- * @param {'images'|'videos'|'audios'} [feature] - name for the "feature" to enable through adapter, e.g.: images or videos storage
+ * @param {'images'|'media'|'files'} [feature] - name for the "feature" to enable through adapter, e.g.: images or media storage
  * @returns {Object} adapter instance
  */
 function getStorage(feature) {

package/core/server/adapters/storage/utils.js

@@ -12,7 +12,7 @@ const urlUtils = require('../../../shared/url-utils');
  * @description Takes a url or filepath and returns a filepath with is readable
  * for the local file storage.
  */
-exports.getLocalFileStoragePath = function getLocalFileStoragePath(imagePath) {
+exports.getLocalImagesStoragePath = function getLocalImagesStoragePath(imagePath) {
     // The '/' in urlJoin is necessary to add the '/' to `content/images`, if no subdirectory is setup
     const urlRegExp = new RegExp(`^${urlUtils.urlJoin(
         urlUtils.urlFor('home', true),
@@ -43,7 +43,7 @@ exports.getLocalFileStoragePath = function getLocalFileStoragePath(imagePath) {
  */
 
 exports.isLocalImage = function isLocalImage(imagePath) {
-    const localImagePath = this.getLocalFileStoragePath(imagePath);
+    const localImagePath = this.getLocalImagesStoragePath(imagePath);
 
     if (localImagePath !== imagePath) {
         return true;

package/core/server/api/canary/index.js

@@ -105,6 +105,10 @@ module.exports = {
         return shared.pipeline(require('./images'), localUtils);
     },
 
+    get media() {
+        return shared.pipeline(require('./media'), localUtils);
+    },
+
     get tags() {
         return shared.pipeline(require('./tags'), localUtils);
     },

package/core/server/api/canary/media.js

@@ -0,0 +1,22 @@
+const storage = require('../../adapters/storage');
+
+module.exports = {
+    docName: 'media',
+    upload: {
+        statusCode: 201,
+        permissions: false,
+        async query(frame) {
+            let thumbnail = null;
+            if (frame.files.thumbnail && frame.files.thumbnail[0]) {
+                thumbnail = await storage.getStorage('media').save(frame.files.thumbnail[0]);
+            }
+
+            const file = await storage.getStorage('media').save(frame.files.file[0]);
+
+            return {
+                filePath: file,
+                thumbnailPath: thumbnail
+            };
+        }
+    }
+};

package/core/server/api/canary/members.js

@@ -59,8 +59,7 @@ module.exports = {
         permissions: true,
         validation: {},
         async query(frame) {
-            frame.options.withRelated = ['labels', 'stripeSubscriptions', 'stripeSubscriptions.customer', 'stripeSubscriptions.stripePrice', 'stripeSubscriptions.stripePrice.stripeProduct'];
-            const page = await membersService.api.members.list(frame.options);
+            const page = await membersService.api.memberBREADService.browse(frame.options);
 
             return page;
         }
@@ -84,7 +83,7 @@ module.exports = {
         },
         permissions: true,
         async query(frame) {
-            let member = await membersService.api.memberBREADService.read(frame.data, frame.options);
+            const member = await membersService.api.memberBREADService.read(frame.data, frame.options);
 
             if (!member) {
                 throw new errors.NotFoundError({
@@ -115,72 +114,9 @@ module.exports = {
         },
         permissions: true,
         async query(frame) {
-            let member;
-            frame.options.withRelated = ['stripeSubscriptions', 'products', 'labels', 'stripeSubscriptions.stripePrice', 'stripeSubscriptions.stripePrice.stripeProduct'];
-            if (!labsService.isSet('multipleProducts')) {
-                delete frame.data.products;
-            }
-            try {
-                if (!membersService.config.isStripeConnected()
-                    && (frame.data.members[0].stripe_customer_id || frame.data.members[0].comped)) {
-                    const property = frame.data.members[0].comped ? 'comped' : 'stripe_customer_id';
-
-                    throw new errors.ValidationError({
-                        message: tpl(messages.stripeNotConnected.message),
-                        context: tpl(messages.stripeNotConnected.context),
-                        help: tpl(messages.stripeNotConnected.help),
-                        property
-                    });
-                }
-
-                member = await membersService.api.members.create(frame.data.members[0], frame.options);
-
-                if (frame.data.members[0].stripe_customer_id) {
-                    await membersService.api.members.linkStripeCustomer({
-                        customer_id: frame.data.members[0].stripe_customer_id,
-                        member_id: member.id
-                    }, frame.options);
-                }
-
-                if (!labsService.isSet('multipleProducts')) {
-                    if (frame.data.members[0].comped) {
-                        await membersService.api.members.setComplimentarySubscription(member);
-                    }
-                }
-
-                if (frame.options.send_email) {
-                    await membersService.api.sendEmailWithMagicLink({email: member.get('email'), requestedType: frame.options.email_type});
-                }
-
-                return member;
-            } catch (error) {
-                if (error.code && error.message.toLowerCase().indexOf('unique') !== -1) {
-                    throw new errors.ValidationError({
-                        message: tpl(messages.memberAlreadyExists.message),
-                        context: tpl(messages.memberAlreadyExists.context, {
-                            action: 'add'
-                        })
-                    });
-                }
-
-                // NOTE: failed to link Stripe customer/plan/subscription or have thrown custom Stripe connection error.
-                //       It's a bit ugly doing regex matching to detect errors, but it's the easiest way that works without
-                //       introducing additional logic/data format into current error handling
-                const isStripeLinkingError = error.message && (error.message.match(/customer|plan|subscription/g));
-                if (member && isStripeLinkingError) {
-                    if (error.message.indexOf('customer') && error.code === 'resource_missing') {
-                        error.message = `Member not imported. ${error.message}`;
-                        error.context = tpl(messages.stripeCustomerNotFound.context);
-                        error.help = tpl(messages.stripeCustomerNotFound.help);
-                    }
+            const member = await membersService.api.memberBREADService.add(frame.data.members[0], frame.options);
 
-                    await membersService.api.members.destroy({
-                        id: member.get('id')
-                    }, frame.options);
-                }
-
-                throw error;
-            }
+            return member;
         }
     },
 
@@ -199,42 +135,9 @@ module.exports = {
         },
         permissions: true,
         async query(frame) {
-            if (!labsService.isSet('multipleProducts')) {
-                delete frame.data.products;
-            }
-            try {
-                frame.options.withRelated = ['stripeSubscriptions', 'products', 'labels', 'stripeSubscriptions.stripePrice', 'stripeSubscriptions.stripePrice.stripeProduct'];
-                const member = await membersService.api.members.update(frame.data.members[0], frame.options);
-
-                const hasCompedSubscription = !!member.related('stripeSubscriptions').find(sub => sub.get('plan_nickname') === 'Complimentary' && sub.get('status') === 'active');
-
-                if (!labsService.isSet('multipleProducts')) {
-                    if (typeof frame.data.members[0].comped === 'boolean') {
-                        if (frame.data.members[0].comped && !hasCompedSubscription) {
-                            await membersService.api.members.setComplimentarySubscription(member);
-                        } else if (!(frame.data.members[0].comped) && hasCompedSubscription) {
-                            await membersService.api.members.cancelComplimentarySubscription(member);
-                        }
-
-                        await member.load(['stripeSubscriptions', 'products', 'stripeSubscriptions.stripePrice', 'stripeSubscriptions.stripePrice.stripeProduct']);
-                    }
-                }
-
-                await member.load(['stripeSubscriptions.customer', 'stripeSubscriptions.stripePrice', 'stripeSubscriptions.stripePrice.stripeProduct']);
-
-                return member;
-            } catch (error) {
-                if (error.code && error.message.toLowerCase().indexOf('unique') !== -1) {
-                    throw new errors.ValidationError({
-                        message: tpl(messages.memberAlreadyExists.message),
-                        context: tpl(messages.memberAlreadyExists.context, {
-                            action: 'edit'
-                        })
-                    });
-                }
+            const member = await membersService.api.memberBREADService.edit(frame.data.members[0], frame.options);
 
-                throw error;
-            }
+            return member;
         }
     },
 

package/core/server/api/canary/membersStripeConnect.js

@@ -1,7 +1,4 @@
 const membersService = require('../../services/members');
-const config = require('../../../shared/config');
-const urlUtils = require('../../../shared/url-utils');
-const {BadRequestError} = require('@tryghost/errors');
 
 module.exports = {
     docName: 'members_stripe_connect',
@@ -18,13 +15,6 @@ module.exports = {
             }
         },
         query(frame) {
-            const siteUrl = urlUtils.getSiteUrl();
-            const productionMode = config.get('env') === 'production';
-            const siteUrlUsingSSL = /^https/.test(siteUrl);
-            const cannotConnectToStripe = productionMode && !siteUrlUsingSSL;
-            if (cannotConnectToStripe) {
-                throw new BadRequestError('Cannot connect to stripe unless site is using https://');
-            }
             // This is something you have to do if you want to use the "framework" with access to the raw req/res
             frame.response = async function (req, res) {
                 function setSessionProp(prop, val) {

package/core/server/api/canary/redirects.js

@@ -1,6 +1,5 @@
 const path = require('path');
 
-const web = require('../../web');
 const redirects = require('../../services/redirects');
 
 module.exports = {
@@ -42,11 +41,7 @@ module.exports = {
             cacheInvalidate: true
         },
         query(frame) {
-            return redirects.api.setFromFilePath(frame.file.path, frame.file.ext)
-                .then(() => {
-                    // CASE: trigger that redirects are getting re-registered
-                    web.shared.middlewares.customRedirects.reload();
-                });
+            return redirects.api.setFromFilePath(frame.file.path, frame.file.ext);
         }
     }
 };

package/core/server/api/canary/utils/serializers/input/pages.js

@@ -102,6 +102,13 @@ const forceStatusFilter = (frame) => {
     }
 };
 
+const transformPageVisibilityFilters = (frame) => {
+    if (frame.data.pages[0].visibility === 'filter' && frame.data.pages[0].visibility_filter) {
+        frame.data.pages[0].visibility = frame.data.pages[0].visibility_filter;
+    }
+    delete frame.data.pages[0].visibility_filter;
+};
+
 module.exports = {
     browse(apiConfig, frame) {
         debug('browse');
@@ -180,6 +187,7 @@ module.exports = {
             });
         }
 
+        transformPageVisibilityFilters(frame);
         handlePostsMeta(frame);
         defaultFormat(frame);
         defaultRelations(frame);

package/core/server/api/canary/utils/serializers/output/images.js

@@ -8,6 +8,10 @@ module.exports = {
         return frame.response = {
             images: [{
                 url: mapper.mapImage(path),
+                // NOTE: ref field is here to have reference point on the client
+                //       for example when substituting existing images in the mobiledoc
+                //       this field would serve as an identifier to find images to replace
+                //       once the response is back. Think of it as ID on the client's side.
                 ref: frame.data.ref || null
             }]
         };

package/core/server/api/canary/utils/serializers/output/index.js

@@ -85,6 +85,10 @@ module.exports = {
         return require('./images');
     },
 
+    get media() {
+        return require('./media');
+    },
+
     get tags() {
         return require('./tags');
     },

package/core/server/api/canary/utils/serializers/output/media.js

@@ -0,0 +1,28 @@
+const config = require('../../../../../../shared/config');
+const {STATIC_MEDIA_URL_PREFIX} = require('@tryghost/constants');
+
+function getURL(urlPath) {
+    const media = new RegExp('^' + config.getSubdir() + '/' + STATIC_MEDIA_URL_PREFIX);
+    const absolute = media.test(urlPath) ? true : false;
+
+    if (absolute) {
+        // Remove the sub-directory from the URL because ghostConfig will add it back.
+        urlPath = urlPath.replace(new RegExp('^' + config.getSubdir()), '');
+        const baseUrl = config.getSiteUrl().replace(/\/$/, '');
+        urlPath = baseUrl + urlPath;
+    }
+
+    return urlPath;
+}
+
+module.exports = {
+    upload({filePath, thumbnailPath}, apiConfig, frame) {
+        return frame.response = {
+            media: [{
+                url: getURL(filePath),
+                thumbnail_url: getURL(thumbnailPath),
+                ref: frame.data.ref || null
+            }]
+        };
+    }
+};

package/core/server/api/canary/utils/validators/input/index.js

@@ -27,6 +27,10 @@ module.exports = {
         return require('./members');
     },
 
+    get media() {
+        return require('./media');
+    },
+
     get settings() {
         return require('./settings');
     },

package/core/server/api/canary/utils/validators/input/media.js

@@ -0,0 +1,7 @@
+const limitService = require('../../../../../services/limits');
+
+module.exports = {
+    async upload(apiConfig, frame) {
+        await limitService.errorIfIsOverLimit('uploads', {currentCount: frame.file.size});
+    }
+};

package/core/server/api/v2/redirects.js

@@ -1,4 +1,3 @@
-const web = require('../../web');
 const redirects = require('../../services/redirects');
 
 module.exports = {
@@ -23,11 +22,7 @@ module.exports = {
             cacheInvalidate: true
         },
         query(frame) {
-            return redirects.api.setFromFilePath(frame.file.path)
-                .then(() => {
-                    // CASE: trigger that redirects are getting re-registered
-                    web.shared.middlewares.customRedirects.reload();
-                });
+            return redirects.api.setFromFilePath(frame.file.path);
         }
     }
 };

package/core/server/api/v2/utils/serializers/output/images.js

@@ -8,6 +8,10 @@ module.exports = {
         return frame.response = {
             images: [{
                 url: mapper.mapImage(path),
+                // NOTE: ref field is here to have reference point on the client
+                //       for example when substituting existing images in the mobiledoc
+                //       this field would serve as an identifier to find images to replace
+                //       once the response is back. Think of it as ID on the client's side.
                 ref: frame.data.ref || null
             }]
         };

package/core/server/api/v3/members.js

@@ -154,7 +154,11 @@ module.exports = {
                 }
 
                 if (frame.options.send_email) {
-                    await membersService.api.sendEmailWithMagicLink({email: member.get('email'), requestedType: frame.options.email_type});
+                    await membersService.api.sendEmailWithMagicLink({
+                        email: member.get('email'), requestedType: frame.options.email_type, options: {
+                            forceEmailType: true
+                        }
+                    });
                 }
 
                 return member;

package/core/server/api/v3/redirects.js

@@ -1,6 +1,5 @@
 const path = require('path');
 
-const web = require('../../web');
 const redirects = require('../../services/redirects');
 
 module.exports = {
@@ -42,11 +41,7 @@ module.exports = {
             cacheInvalidate: true
         },
         query(frame) {
-            return redirects.api.setFromFilePath(frame.file.path, frame.file.ext)
-                .then(() => {
-                    // CASE: trigger that redirects are getting re-registered
-                    web.shared.middlewares.customRedirects.reload();
-                });
+            return redirects.api.setFromFilePath(frame.file.path, frame.file.ext);
         }
     }
 };

package/core/server/api/v3/utils/serializers/output/images.js

@@ -8,6 +8,10 @@ module.exports = {
         return frame.response = {
             images: [{
                 url: mapper.mapImage(path),
+                // NOTE: ref field is here to have reference point on the client
+                //       for example when substituting existing images in the mobiledoc
+                //       this field would serve as an identifier to find images to replace
+                //       once the response is back. Think of it as ID on the client's side.
                 ref: frame.data.ref || null
             }]
         };