ghost 4.21.0 → 4.22.3

package/core/server/adapters/storage/{LocalFileStorage.js → LocalStorageBase.js}

@@ -1,12 +1,11 @@
-// # Local File System Image Storage module
-// The (default) module for storing images, using the local file system
+// # Local File Base Storage module
+// The (default) module for storing files using the local file system
 const serveStatic = require('../../../shared/express').static;
 
 const fs = require('fs-extra');
 const path = require('path');
 const Promise = require('bluebird');
 const moment = require('moment');
-const config = require('../../../shared/config');
 const tpl = require('@tryghost/tpl');
 const logging = require('@tryghost/logging');
 const errors = require('@tryghost/errors');
@@ -15,74 +14,87 @@ const urlUtils = require('../../../shared/url-utils');
 const StorageBase = require('ghost-storage-base');
 
 const messages = {
-    imageNotFound: 'Image not found',
-    imageNotFoundWithRef: 'Image not found: {img}',
-    cannotReadImage: 'Could not read image: {img}'
+    notFound: 'File not found',
+    notFoundWithRef: 'File not found: {file}',
+    cannotRead: 'Could not read file: {file}',
+    invalidUrlParameter: `The URL "{url}" is not a valid URL for this site.`
 };
 
-class LocalFileStore extends StorageBase {
-    constructor() {
-        super();
-
-        this.storagePath = config.getContentPath('images');
-    }
-
+class LocalStorageBase extends StorageBase {
     /**
-     * Saves a buffer in the targetPath
-     * @param {Buffer} buffer is an instance of Buffer
-     * @param {String} targetPath path to which the buffer should be written
-     * @returns {Promise<String>} a URL to retrieve the data
+     *
+     * @param {Object} options
+     * @param {String} options.storagePath
+     * @param {String} options.siteUrl
+     * @param {String} [options.staticFileURLPrefix]
+     * @param {Object} [options.errorMessages]
+     * @param {String} [options.errorMessages.notFound]
+     * @param {String} [options.errorMessages.notFoundWithRef]
+     * @param {String} [options.errorMessages.cannotRead]
      */
-    async saveRaw(buffer, targetPath) {
-        const storagePath = path.join(this.storagePath, targetPath);
-        const targetDir = path.dirname(storagePath);
-
-        await fs.mkdirs(targetDir);
-        await fs.writeFile(storagePath, buffer);
-
-        // For local file system storage can use relative path so add a slash
-        const fullUrl = (
-            urlUtils.urlJoin('/', urlUtils.getSubdir(),
-                urlUtils.STATIC_IMAGE_URL_PREFIX,
-                targetPath)
-        ).replace(new RegExp(`\\${path.sep}`, 'g'), '/');
+    constructor({storagePath, staticFileURLPrefix, siteUrl, errorMessages}) {
+        super();
 
-        return fullUrl;
+        this.storagePath = storagePath;
+        this.staticFileURLPrefix = staticFileURLPrefix;
+        this.siteUrl = siteUrl;
+        this.staticFileUrl = `${siteUrl}${staticFileURLPrefix}`;
+        this.errorMessages = errorMessages || messages;
     }
 
     /**
-     * Saves the image to storage (the file system)
-     * - image is the express image object
-     * - returns a promise which ultimately returns the full url to the uploaded image
+     * Saves the file to storage (the file system)
+     * - returns a promise which ultimately returns the full url to the uploaded file
      *
-     * @param {StorageBase.Image} image
+     * @param {StorageBase.Image} file
      * @param {String} targetDir
      * @returns {Promise<String>}
      */
-    async save(image, targetDir) {
+    async save(file, targetDir) {
         let targetFilename;
 
         // NOTE: the base implementation of `getTargetDir` returns the format this.storagePath/YYYY/MM
         targetDir = targetDir || this.getTargetDir(this.storagePath);
 
-        const filename = await this.getUniqueFileName(image, targetDir);
+        const filename = await this.getUniqueFileName(file, targetDir);
 
         targetFilename = filename;
         await fs.mkdirs(targetDir);
 
-        await fs.copy(image.path, targetFilename);
+        await fs.copy(file.path, targetFilename);
 
         // The src for the image must be in URI format, not a file system path, which in Windows uses \
         // For local file system storage can use relative path so add a slash
         const fullUrl = (
-            urlUtils.urlJoin('/', urlUtils.getSubdir(),
-                urlUtils.STATIC_IMAGE_URL_PREFIX,
+            urlUtils.urlJoin('/',
+                urlUtils.getSubdir(),
+                this.staticFileURLPrefix,
                 path.relative(this.storagePath, targetFilename))
         ).replace(new RegExp(`\\${path.sep}`, 'g'), '/');
 
         return fullUrl;
     }
 
+    /**
+     *
+     * @param {String} url full url under which the stored content is served, result of save method
+     * @returns {String} path under which the content is stored
+     */
+    urlToPath(url) {
+        let filePath;
+
+        if (url.match(this.staticFileUrl)) {
+            filePath = url.replace(this.staticFileUrl, '');
+            filePath = path.join(this.storagePath, filePath);
+        } else {
+            throw new errors.IncorrectUsageError({
+                message: tpl(messages.invalidUrlParameter, {url})
+            });
+        }
+
+        return filePath;
+    }
+
     exists(fileName, targetDir) {
         const filePath = path.join(targetDir || this.storagePath, fileName);
 
@@ -103,7 +115,7 @@ class LocalFileStore extends StorageBase {
      * @returns {serveStaticContent}
      */
     serve() {
-        const {storagePath} = this;
+        const {storagePath, errorMessages} = this;
 
         return function serveStaticContent(req, res, next) {
             const startedAtMoment = moment();
@@ -114,14 +126,14 @@ class LocalFileStore extends StorageBase {
                     maxAge: constants.ONE_YEAR_MS,
                     fallthrough: false,
                     onEnd: () => {
-                        logging.info('LocalFileStorage.serve', req.path, moment().diff(startedAtMoment, 'ms') + 'ms');
+                        logging.info('LocalStorageBase.serve', req.path, moment().diff(startedAtMoment, 'ms') + 'ms');
                     }
                 }
             )(req, res, (err) => {
                 if (err) {
                     if (err.statusCode === 404) {
                         return next(new errors.NotFoundError({
-                            message: tpl(messages.imageNotFound),
+                            message: tpl(errorMessages.notFound),
                             code: 'STATIC_FILE_NOT_FOUND',
                             property: err.path
                         }));
@@ -144,16 +156,17 @@ class LocalFileStore extends StorageBase {
     }
 
     /**
-     * Not implemented.
+     * @param {String} filePath
      * @returns {Promise.<*>}
      */
-    delete() {
-        return Promise.reject('not implemented');
+    async delete(fileName, targetDir) {
+        const filePath = path.join(targetDir, fileName);
+        return await fs.remove(filePath);
     }
 
     /**
-     * Reads bytes from disk for a target image
-     * - path of target image (without content path!)
+     * Reads bytes from disk for a target file
+     * - path of target file (without content path!)
      *
      * @param options
      */
@@ -171,7 +184,7 @@ class LocalFileStore extends StorageBase {
                     if (err.code === 'ENOENT' || err.code === 'ENOTDIR') {
                         return reject(new errors.NotFoundError({
                             err: err,
-                            message: tpl(messages.imageNotFoundWithRef, {img: options.path})
+                            message: tpl(this.errorMessages.notFoundWithRef, {file: options.path})
                         }));
                     }
 
@@ -185,7 +198,7 @@ class LocalFileStore extends StorageBase {
 
                     return reject(new errors.GhostError({
                         err: err,
-                        message: tpl(messages.cannotReadImage, {img: options.path})
+                        message: tpl(this.errorMessages.cannotRead, {file: options.path})
                     }));
                 }
 
@@ -195,4 +208,4 @@ class LocalFileStore extends StorageBase {
     }
 }
 
-module.exports = LocalFileStore;
+module.exports = LocalStorageBase;

package/core/server/adapters/storage/index.js

@@ -1,7 +1,7 @@
 const adapterManager = require('../../services/adapter-manager');
 
 /**
- * @param {'images'|'videos'|'audios'} [feature] - name for the "feature" to enable through adapter, e.g.: images or videos storage
+ * @param {'images'|'media'|'files'} [feature] - name for the "feature" to enable through adapter, e.g.: images or media storage
  * @returns {Object} adapter instance
  */
 function getStorage(feature) {

package/core/server/adapters/storage/utils.js

@@ -12,7 +12,7 @@ const urlUtils = require('../../../shared/url-utils');
  * @description Takes a url or filepath and returns a filepath with is readable
  * for the local file storage.
  */
-exports.getLocalFileStoragePath = function getLocalFileStoragePath(imagePath) {
+exports.getLocalImagesStoragePath = function getLocalImagesStoragePath(imagePath) {
     // The '/' in urlJoin is necessary to add the '/' to `content/images`, if no subdirectory is setup
     const urlRegExp = new RegExp(`^${urlUtils.urlJoin(
         urlUtils.urlFor('home', true),
@@ -43,7 +43,7 @@ exports.getLocalFileStoragePath = function getLocalFileStoragePath(imagePath) {
  */
 
 exports.isLocalImage = function isLocalImage(imagePath) {
-    const localImagePath = this.getLocalFileStoragePath(imagePath);
+    const localImagePath = this.getLocalImagesStoragePath(imagePath);
 
     if (localImagePath !== imagePath) {
         return true;

package/core/server/api/canary/files.js

@@ -0,0 +1,19 @@
+const storage = require('../../adapters/storage');
+
+module.exports = {
+    docName: 'files',
+    upload: {
+        statusCode: 201,
+        permissions: false,
+        async query(frame) {
+            const filePath = await storage.getStorage('files').save({
+                name: frame.file.originalname,
+                path: frame.file.path
+            });
+
+            return {
+                filePath
+            };
+        }
+    }
+};

package/core/server/api/canary/index.js

@@ -105,6 +105,14 @@ module.exports = {
         return shared.pipeline(require('./images'), localUtils);
     },
 
+    get media() {
+        return shared.pipeline(require('./media'), localUtils);
+    },
+
+    get files() {
+        return shared.pipeline(require('./files'), localUtils);
+    },
+
     get tags() {
         return shared.pipeline(require('./tags'), localUtils);
     },

package/core/server/api/canary/media.js

@@ -0,0 +1,42 @@
+const path = require('path');
+const storage = require('../../adapters/storage');
+
+module.exports = {
+    docName: 'media',
+    upload: {
+        statusCode: 201,
+        permissions: false,
+        async query(frame) {
+            let thumbnailPath = null;
+            if (frame.files.thumbnail && frame.files.thumbnail[0]) {
+                thumbnailPath = await storage.getStorage('media').save(frame.files.thumbnail[0]);
+            }
+
+            const filePath = await storage.getStorage('media').save(frame.files.file[0]);
+
+            return {
+                filePath,
+                thumbnailPath
+            };
+        }
+    },
+
+    uploadThumbnail: {
+        permissions: false,
+        options: [
+            'url'
+        ],
+        async query(frame) {
+            const mediaStorage = storage.getStorage('media');
+            const targetDir = path.dirname(mediaStorage.urlToPath(frame.data.url));
+
+            // NOTE: need to cleanup otherwise the parent media name won't match thumb name
+            //       due to "unique name" generation during save
+            if (mediaStorage.exists(frame.file.name, targetDir)) {
+                await mediaStorage.delete(frame.file.name, targetDir);
+            }
+
+            return await mediaStorage.save(frame.file, targetDir);
+        }
+    }
+};

package/core/server/api/canary/oembed.js

@@ -3,6 +3,9 @@ const externalRequest = require('../../lib/request-external');
 
 const OEmbed = require('../../services/oembed');
 const oembed = new OEmbed({config, externalRequest});
+const NFT = require('../../services/nft-oembed');
+const nft = new NFT();
+oembed.registerProvider(nft);
 
 module.exports = {
     docName: 'oembed',

package/core/server/api/canary/redirects.js

@@ -1,6 +1,5 @@
 const path = require('path');
 
-const web = require('../../web');
 const redirects = require('../../services/redirects');
 
 module.exports = {
@@ -42,11 +41,7 @@ module.exports = {
             cacheInvalidate: true
         },
         query(frame) {
-            return redirects.api.setFromFilePath(frame.file.path, frame.file.ext)
-                .then(() => {
-                    // CASE: trigger that redirects are getting re-registered
-                    web.shared.middlewares.customRedirects.reload();
-                });
+            return redirects.api.setFromFilePath(frame.file.path, frame.file.ext);
         }
     }
 };

package/core/server/api/canary/utils/serializers/input/index.js

@@ -35,6 +35,10 @@ module.exports = {
         return require('./members');
     },
 
+    get media() {
+        return require('./media');
+    },
+
     get products() {
         return require('./products');
     },

package/core/server/api/canary/utils/serializers/input/media.js

@@ -0,0 +1,8 @@
+const path = require('path');
+
+module.exports = {
+    uploadThumbnail(apiConfig, frame) {
+        const parentFileName = path.basename(frame.data.url, path.extname(frame.data.url));
+        frame.file.name = `${parentFileName}_thumb${frame.file.ext}`;
+    }
+};

package/core/server/api/canary/utils/serializers/input/pages.js

@@ -102,6 +102,13 @@ const forceStatusFilter = (frame) => {
     }
 };
 
+const transformPageVisibilityFilters = (frame) => {
+    if (frame.data.pages[0].visibility === 'filter' && frame.data.pages[0].visibility_filter) {
+        frame.data.pages[0].visibility = frame.data.pages[0].visibility_filter;
+    }
+    delete frame.data.pages[0].visibility_filter;
+};
+
 module.exports = {
     browse(apiConfig, frame) {
         debug('browse');
@@ -180,6 +187,7 @@ module.exports = {
             });
         }
 
+        transformPageVisibilityFilters(frame);
         handlePostsMeta(frame);
         defaultFormat(frame);
         defaultRelations(frame);

package/core/server/api/canary/utils/serializers/output/config.js

@@ -1,25 +1,32 @@
 const _ = require('lodash');
+const labs = require('../../../../../../shared/labs');
 const debug = require('@tryghost/debug')('api:canary:utils:serializers:output:config');
 
 module.exports = {
     all(data, apiConfig, frame) {
         debug('all');
 
+        const keys = [
+            'version',
+            'environment',
+            'database',
+            'mail',
+            'useGravatar',
+            'labs',
+            'clientExtensions',
+            'enableDeveloperExperiments',
+            'stripeDirect',
+            'mailgunIsConfigured',
+            'emailAnalytics',
+            'hostSettings'
+        ];
+
+        if (labs.isSet('gifsCard')) {
+            keys.push('tenorApiKey');
+        }
+
         frame.response = {
-            config: _.pick(data, [
-                'version',
-                'environment',
-                'database',
-                'mail',
-                'useGravatar',
-                'labs',
-                'clientExtensions',
-                'enableDeveloperExperiments',
-                'stripeDirect',
-                'mailgunIsConfigured',
-                'emailAnalytics',
-                'hostSettings'
-            ])
+            config: _.pick(data, keys)
         };
     }
 };

package/core/server/api/canary/utils/serializers/output/files.js

@@ -0,0 +1,27 @@
+const config = require('../../../../../../shared/config');
+const {STATIC_FILES_URL_PREFIX} = require('@tryghost/constants');
+
+function getURL(urlPath) {
+    const media = new RegExp('^' + config.getSubdir() + '/' + STATIC_FILES_URL_PREFIX);
+    const absolute = media.test(urlPath) ? true : false;
+
+    if (absolute) {
+        // Remove the sub-directory from the URL because ghostConfig will add it back.
+        urlPath = urlPath.replace(new RegExp('^' + config.getSubdir()), '');
+        const baseUrl = config.getSiteUrl().replace(/\/$/, '');
+        urlPath = baseUrl + urlPath;
+    }
+
+    return urlPath;
+}
+
+module.exports = {
+    upload({filePath}, apiConfig, frame) {
+        return frame.response = {
+            files: [{
+                url: getURL(filePath),
+                ref: frame.data.ref || null
+            }]
+        };
+    }
+};

package/core/server/api/canary/utils/serializers/output/index.js

@@ -85,6 +85,14 @@ module.exports = {
         return require('./images');
     },
 
+    get media() {
+        return require('./media');
+    },
+
+    get files() {
+        return require('./files');
+    },
+
     get tags() {
         return require('./tags');
     },

package/core/server/api/canary/utils/serializers/output/media.js

@@ -0,0 +1,37 @@
+const config = require('../../../../../../shared/config');
+const {STATIC_MEDIA_URL_PREFIX} = require('@tryghost/constants');
+
+function getURL(urlPath) {
+    const media = new RegExp('^' + config.getSubdir() + '/' + STATIC_MEDIA_URL_PREFIX);
+    const absolute = media.test(urlPath) ? true : false;
+
+    if (absolute) {
+        // Remove the sub-directory from the URL because ghostConfig will add it back.
+        urlPath = urlPath.replace(new RegExp('^' + config.getSubdir()), '');
+        const baseUrl = config.getSiteUrl().replace(/\/$/, '');
+        urlPath = baseUrl + urlPath;
+    }
+
+    return urlPath;
+}
+
+module.exports = {
+    upload({filePath, thumbnailPath}, apiConfig, frame) {
+        return frame.response = {
+            media: [{
+                url: getURL(filePath),
+                thumbnail_url: getURL(thumbnailPath),
+                ref: frame.data.ref || null
+            }]
+        };
+    },
+
+    uploadThumbnail(path, apiConfig, frame) {
+        return frame.response = {
+            media: [{
+                url: getURL(path),
+                ref: frame.data.ref || null
+            }]
+        };
+    }
+};

package/core/server/api/canary/utils/validators/input/files.js

@@ -0,0 +1,7 @@
+const limitService = require('../../../../../services/limits');
+
+module.exports = {
+    async upload(apiConfig, frame) {
+        await limitService.errorIfIsOverLimit('uploads', {currentCount: frame.file.size});
+    }
+};

package/core/server/api/canary/utils/validators/input/index.js

@@ -27,6 +27,14 @@ module.exports = {
         return require('./members');
     },
 
+    get media() {
+        return require('./media');
+    },
+
+    get files() {
+        return require('./files');
+    },
+
     get settings() {
         return require('./settings');
     },

package/core/server/api/canary/utils/validators/input/media.js

@@ -0,0 +1,11 @@
+const limitService = require('../../../../../services/limits');
+
+module.exports = {
+    async upload(apiConfig, frame) {
+        await limitService.errorIfIsOverLimit('uploads', {currentCount: frame.file.size});
+    },
+
+    async uploadThumbnail(apiConfig, frame) {
+        await limitService.errorIfIsOverLimit('uploads', {currentCount: frame.file.size});
+    }
+};

package/core/server/api/v2/redirects.js

@@ -1,4 +1,3 @@
-const web = require('../../web');
 const redirects = require('../../services/redirects');
 
 module.exports = {
@@ -23,11 +22,7 @@ module.exports = {
             cacheInvalidate: true
         },
         query(frame) {
-            return redirects.api.setFromFilePath(frame.file.path)
-                .then(() => {
-                    // CASE: trigger that redirects are getting re-registered
-                    web.shared.middlewares.customRedirects.reload();
-                });
+            return redirects.api.setFromFilePath(frame.file.path);
         }
     }
 };

package/core/server/api/v3/members.js

@@ -154,7 +154,11 @@ module.exports = {
                 }
 
                 if (frame.options.send_email) {
-                    await membersService.api.sendEmailWithMagicLink({email: member.get('email'), requestedType: frame.options.email_type});
+                    await membersService.api.sendEmailWithMagicLink({
+                        email: member.get('email'), requestedType: frame.options.email_type, options: {
+                            forceEmailType: true
+                        }
+                    });
                 }
 
                 return member;

package/core/server/api/v3/redirects.js

@@ -1,6 +1,5 @@
 const path = require('path');
 
-const web = require('../../web');
 const redirects = require('../../services/redirects');
 
 module.exports = {
@@ -42,11 +41,7 @@ module.exports = {
             cacheInvalidate: true
         },
         query(frame) {
-            return redirects.api.setFromFilePath(frame.file.path, frame.file.ext)
-                .then(() => {
-                    // CASE: trigger that redirects are getting re-registered
-                    web.shared.middlewares.customRedirects.reload();
-                });
+            return redirects.api.setFromFilePath(frame.file.path, frame.file.ext);
         }
     }
 };