ghost 4.22.1 → 4.23.0

package/core/frontend/src/cards/css/nft.css

@@ -0,0 +1,94 @@
+.kg-nft-card {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    width: 100%;
+}
+
+.kg-nft-card-container {
+    position: static;
+    display: flex;
+    flex: auto;
+    flex-direction: column;
+    text-decoration: none;
+    font-family: -apple-system, BlinkMacSystemFont,
+                'avenir next', avenir,
+                'helvetica neue', helvetica,
+                ubuntu,
+                roboto, noto,
+                'segoe ui', arial,
+                sans-serif;
+    font-size: 1.4rem;
+    font-weight: 400;
+    box-shadow: 0 2px 6px -2px rgb(0 0 0 / 10%), 0 0 1px rgb(0 0 0 / 40%);
+    width: 100%;
+    max-width: 512px;
+    color: #222;
+    background: #fff;
+    border-radius: 5px;
+    transition: none;
+}
+
+.kg-nft-card:hover {
+    color: #333;
+    opacity: 1.0;
+    transition: none;
+}
+
+.kg-nft-card * {
+    position: static;
+}
+
+.kg-nft-metadata {
+    padding: 2.0rem;
+    width: 100%;
+}
+
+.kg-nft-image {
+    border-radius: 5px 5px 0 0;
+    width: 100%;
+}
+
+.kg-nft-header {
+    display: flex;
+    justify-content: space-between;
+    align-items: flex-start;
+    gap: 20px;
+}
+
+.kg-nft-header h4.kg-nft-title {
+    font-family: inherit;
+    font-size: 1.9rem;
+    font-weight: 700;
+    line-height: 1.3em;
+    min-width: unset;
+    max-width: unset;
+    margin: 0;
+    color: #222;
+}
+
+.kg-nft-opensea-logo {
+    margin-top: 2px;
+    width: 100px;
+    object-fit: scale-down;
+}
+
+.kg-nft-creator {
+    font-family: inherit;
+    line-height: 1.4em;
+    margin: 0.4rem 0 0;
+    color: #ababab;
+}
+
+.kg-nft-creator span {
+    font-weight: 500;
+    color: #222;
+}
+
+.kg-nft-card p.kg-nft-description {
+    font-family: inherit;
+    font-size: 1.4rem;
+    line-height: 1.4em;
+    margin: 2.0rem 0 0;
+    color: #222;
+}

package/core/frontend/src/cards/css/toggle.css

@@ -0,0 +1,47 @@
+.kg-toggle-card[data-kg-toggle-state="close"] .kg-toggle-content{
+    visibility: hidden;
+    opacity: 0;
+    height: 0;
+    padding: 0;
+}
+
+.kg-toggle-card[data-kg-toggle-state="close"] svg {
+    transform: unset;
+}
+
+.kg-toggle-card {
+    border: 1px solid rgba(127, 127, 127, 0.15);
+    border-radius: 4px;
+    padding: 20px;
+}
+
+.kg-toggle-heading {
+    font-size: 2rem;
+    font-weight: 600;
+    cursor: pointer;
+    display: flex;
+    justify-content: space-between;
+    align-items: flex-start;
+}
+
+.kg-toggle-card-icon {
+    height: 24px;
+    width: 24px;
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    margin-left: 16px;
+}
+
+.kg-toggle-heading svg {
+    width: 14px;
+    color: rgba(127, 127, 127, 0.4);
+    transition: transform 0.3s;
+    transform: rotate(180deg);
+}
+
+.kg-toggle-content {
+    display: flex;
+    transition: opacity 0.3s;
+    padding-top: 8px;
+}

package/core/frontend/src/cards/js/toggle.js

@@ -0,0 +1,16 @@
+const toggleHeadingElements = document.getElementsByClassName("kg-toggle-heading");
+
+const toggleFn = function(event) {
+    const targetElement = event.target;
+    const parentElement = targetElement.closest('.kg-toggle-card');
+    var toggleState = parentElement.getAttribute("data-kg-toggle-state");
+    if (toggleState === 'close') {
+        parentElement.setAttribute('data-kg-toggle-state', 'open');
+    } else {
+        parentElement.setAttribute('data-kg-toggle-state', 'close');
+    }
+};
+
+for (let i = 0; i < toggleHeadingElements.length; i++) {
+    toggleHeadingElements[i].addEventListener('click', toggleFn, false);
+}

package/core/frontend/web/middleware/serve-public-file.js

@@ -11,10 +11,16 @@ const messages = {
     fileNotFound: 'File not found'
 };
 
-function createPublicFileMiddleware(file, type, maxAge) {
+function createPublicFileMiddleware(location, file, mime, maxAge) {
     let content;
-    const publicFilePath = config.get('paths').publicFilePath;
-    const filePath = file.match(/^public/) ? path.join(publicFilePath, file.replace(/^public/, '')) : path.join(publicFilePath, file);
+    // These files are provided by Ghost, and therefore live inside of the core folder
+    const staticFilePath = config.get('paths').publicFilePath;
+    // These files are built on the fly, and must be saved in the content folder
+    const builtFilePath = config.getContentPath('public');
+
+    let locationPath = location === 'static' ? staticFilePath : builtFilePath;
+
+    const filePath = file.match(/^public/) ? path.join(locationPath, file.replace(/^public/, '')) : path.join(locationPath, file);
     const blogRegex = /(\{\{blog-url\}\})/g;
 
     return function servePublicFileMiddleware(req, res, next) {
@@ -24,7 +30,7 @@ function createPublicFileMiddleware(file, type, maxAge) {
         }
 
         // send image files directly and let express handle content-length, etag, etc
-        if (type.match(/^image/)) {
+        if (mime.match(/^image/)) {
             return res.sendFile(filePath, (err) => {
                 if (err && err.status === 404) {
                     // ensure we're triggering basic asset 404 and not a templated 404
@@ -57,13 +63,13 @@ function createPublicFileMiddleware(file, type, maxAge) {
 
             let str = buf.toString();
 
-            if (type === 'text/xsl' || type === 'text/plain' || type === 'application/javascript') {
+            if (mime === 'text/xsl' || mime === 'text/plain' || mime === 'application/javascript') {
                 str = str.replace(blogRegex, urlUtils.urlFor('home', true).replace(/\/$/, ''));
             }
 
             content = {
                 headers: {
-                    'Content-Type': type,
+                    'Content-Type': mime,
                     'Content-Length': Buffer.from(str).length,
                     ETag: `"${crypto.createHash('md5').update(str, 'utf8').digest('hex')}"`,
                     'Cache-Control': `public, max-age=${maxAge}`
@@ -78,8 +84,8 @@ function createPublicFileMiddleware(file, type, maxAge) {
 
 // ### servePublicFile Middleware
 // Handles requests to robots.txt and favicon.ico (and caches them)
-function servePublicFile(file, type, maxAge) {
-    const publicFileMiddleware = createPublicFileMiddleware(file, type, maxAge);
+function servePublicFile(location, file, type, maxAge) {
+    const publicFileMiddleware = createPublicFileMiddleware(location, file, type, maxAge);
 
     return function servePublicFileMiddleware(req, res, next) {
         if (req.path === '/' + file) {

package/core/frontend/web/routes.js

@@ -1,7 +1,6 @@
 const debug = require('@tryghost/debug')('routing');
 
 const routing = require('../services/routing');
-// NOTE: temporary import from the frontend, will become a backend service soon
 const urlService = require('../../server/services/url');
 const routeSettings = require('../../server/services/route-settings');
 

package/core/frontend/web/site.js

@@ -25,6 +25,7 @@ const labs = require('../../shared/labs');
 
 const STATIC_IMAGE_URL_PREFIX = `/${urlUtils.STATIC_IMAGE_URL_PREFIX}`;
 const STATIC_MEDIA_URL_PREFIX = `/${constants.STATIC_MEDIA_URL_PREFIX}`;
+const STATIC_FILES_URL_PREFIX = `/${constants.STATIC_FILES_URL_PREFIX}`;
 
 let router;
 
@@ -103,20 +104,22 @@ module.exports = function setupSiteApp(options = {}) {
     siteApp.use(mw.serveFavicon());
 
     // Serve sitemap.xsl file
-    siteApp.use(mw.servePublicFile('sitemap.xsl', 'text/xsl', constants.ONE_DAY_S));
+    siteApp.use(mw.servePublicFile('static', 'sitemap.xsl', 'text/xsl', constants.ONE_DAY_S));
 
     // Serve stylesheets for default templates
-    siteApp.use(mw.servePublicFile('public/ghost.css', 'text/css', constants.ONE_HOUR_S));
-    siteApp.use(mw.servePublicFile('public/ghost.min.css', 'text/css', constants.ONE_YEAR_S));
+    siteApp.use(mw.servePublicFile('static', 'public/ghost.css', 'text/css', constants.ONE_HOUR_S));
+    siteApp.use(mw.servePublicFile('static', 'public/ghost.min.css', 'text/css', constants.ONE_YEAR_S));
 
     // Card assets
-    siteApp.use(mw.servePublicFile('public/cards.min.css', 'text/css', constants.ONE_YEAR_S));
-    siteApp.use(mw.servePublicFile('public/cards.min.js', 'text/js', constants.ONE_YEAR_S));
+    siteApp.use(mw.servePublicFile('built', 'public/cards.min.css', 'text/css', constants.ONE_YEAR_S));
+    siteApp.use(mw.servePublicFile('built', 'public/cards.min.js', 'text/js', constants.ONE_YEAR_S));
 
     // Serve blog images using the storage adapter
     siteApp.use(STATIC_IMAGE_URL_PREFIX, mw.handleImageSizes, storage.getStorage('images').serve());
     // Serve blog media using the storage adapter
     siteApp.use(STATIC_MEDIA_URL_PREFIX, labs.enabledMiddleware('mediaAPI'), storage.getStorage('media').serve());
+    // Serve blog files using the storage adapter
+    siteApp.use(STATIC_FILES_URL_PREFIX, labs.enabledMiddleware('filesAPI'), storage.getStorage('files').serve());
 
     // Global handling for member session, ensures a member is logged in to the frontend
     siteApp.use(membersService.middleware.loadMemberSession);
@@ -144,26 +147,26 @@ module.exports = function setupSiteApp(options = {}) {
     debug('Themes done');
 
     // Serve robots.txt if not found in theme
-    siteApp.use(mw.servePublicFile('robots.txt', 'text/plain', constants.ONE_HOUR_S));
+    siteApp.use(mw.servePublicFile('static', 'robots.txt', 'text/plain', constants.ONE_HOUR_S));
 
     // site map - this should probably be refactored to be an internal app
     sitemapHandler(siteApp);
     debug('Internal apps done');
 
     // send 503 error page in case of maintenance
-    siteApp.use(shared.middlewares.maintenance);
+    siteApp.use(shared.middleware.maintenance);
 
     // Add in all trailing slashes & remove uppercase
     // must happen AFTER asset loading and BEFORE routing
-    siteApp.use(shared.middlewares.prettyUrls);
+    siteApp.use(shared.middleware.prettyUrls);
 
     // ### Caching
     siteApp.use(function (req, res, next) {
         // Site frontend is cacheable UNLESS request made by a member or blog is in private mode
         if (req.member || res.isPrivateBlog) {
-            return shared.middlewares.cacheControl('private')(req, res, next);
+            return shared.middleware.cacheControl('private')(req, res, next);
         } else {
-            return shared.middlewares.cacheControl('public', {maxAge: config.get('caching:frontend:maxAge')})(req, res, next);
+            return shared.middleware.cacheControl('public', {maxAge: config.get('caching:frontend:maxAge')})(req, res, next);
         }
     });
 
@@ -176,7 +179,7 @@ module.exports = function setupSiteApp(options = {}) {
     siteApp.use(SiteRouter);
 
     // ### Error handlers
-    siteApp.use(shared.middlewares.errorHandler.pageNotFound);
+    siteApp.use(shared.middleware.errorHandler.pageNotFound);
     config.get('apps:internal').forEach((appName) => {
         const app = require(path.join(config.get('paths').internalAppPath, appName));
 
@@ -184,7 +187,7 @@ module.exports = function setupSiteApp(options = {}) {
             app.setupErrorHandling(siteApp);
         }
     });
-    siteApp.use(shared.middlewares.errorHandler.handleThemeResponse);
+    siteApp.use(shared.middleware.errorHandler.handleThemeResponse);
 
     debug('Site setup end');
 

package/core/server/adapters/storage/LocalFilesStorage.js

@@ -0,0 +1,17 @@
+// # Local File System Storage module
+// The (default) module for storing media, using the local file system
+const config = require('../../../shared/config');
+const constants = require('@tryghost/constants');
+const LocalStorageBase = require('./LocalStorageBase');
+
+class LocalFilesStorage extends LocalStorageBase {
+    constructor() {
+        super({
+            storagePath: config.getContentPath('files'),
+            siteUrl: config.getSiteUrl(),
+            staticFileURLPrefix: constants.STATIC_FILES_URL_PREFIX
+        });
+    }
+}
+
+module.exports = LocalFilesStorage;

package/core/server/adapters/storage/LocalImagesStorage.js

@@ -19,6 +19,7 @@ class LocalImagesStorage extends LocalStorageBase {
         super({
             storagePath: config.getContentPath('images'),
             staticFileURLPrefix: urlUtils.STATIC_IMAGE_URL_PREFIX,
+            siteUrl: config.getSiteUrl(),
             errorMessages: messages
         });
     }

package/core/server/adapters/storage/LocalMediaStorage.js

@@ -1,4 +1,4 @@
-// # Local File System Video Storage module
+// # Local File System Media Storage module
 // The (default) module for storing media, using the local file system
 const config = require('../../../shared/config');
 const constants = require('@tryghost/constants');
@@ -15,6 +15,7 @@ class LocalMediaStore extends LocalStorageBase {
         super({
             storagePath: config.getContentPath('media'),
             staticFileURLPrefix: constants.STATIC_MEDIA_URL_PREFIX,
+            siteUrl: config.getSiteUrl(),
             errorMessages: messages
         });
     }

package/core/server/adapters/storage/LocalStorageBase.js

@@ -16,7 +16,8 @@ const StorageBase = require('ghost-storage-base');
 const messages = {
     notFound: 'File not found',
     notFoundWithRef: 'File not found: {file}',
-    cannotRead: 'Could not read file: {file}'
+    cannotRead: 'Could not read file: {file}',
+    invalidUrlParameter: `The URL "{url}" is not a valid URL for this site.`
 };
 
 class LocalStorageBase extends StorageBase {
@@ -24,17 +25,20 @@ class LocalStorageBase extends StorageBase {
      *
      * @param {Object} options
      * @param {String} options.storagePath
+     * @param {String} options.siteUrl
      * @param {String} [options.staticFileURLPrefix]
      * @param {Object} [options.errorMessages]
      * @param {String} [options.errorMessages.notFound]
      * @param {String} [options.errorMessages.notFoundWithRef]
      * @param {String} [options.errorMessages.cannotRead]
      */
-    constructor({storagePath, staticFileURLPrefix, errorMessages}) {
+    constructor({storagePath, staticFileURLPrefix, siteUrl, errorMessages}) {
         super();
 
         this.storagePath = storagePath;
         this.staticFileURLPrefix = staticFileURLPrefix;
+        this.siteUrl = siteUrl;
+        this.staticFileUrl = `${siteUrl}${staticFileURLPrefix}`;
         this.errorMessages = errorMessages || messages;
     }
 
@@ -71,6 +75,26 @@ class LocalStorageBase extends StorageBase {
         return fullUrl;
     }
 
+    /**
+     *
+     * @param {String} url full url under which the stored content is served, result of save method
+     * @returns {String} path under which the content is stored
+     */
+    urlToPath(url) {
+        let filePath;
+
+        if (url.match(this.staticFileUrl)) {
+            filePath = url.replace(this.staticFileUrl, '');
+            filePath = path.join(this.storagePath, filePath);
+        } else {
+            throw new errors.IncorrectUsageError({
+                message: tpl(messages.invalidUrlParameter, {url})
+            });
+        }
+
+        return filePath;
+    }
+
     exists(fileName, targetDir) {
         const filePath = path.join(targetDir || this.storagePath, fileName);
 
@@ -132,11 +156,12 @@ class LocalStorageBase extends StorageBase {
     }
 
     /**
-     * Not implemented.
+     * @param {String} filePath
      * @returns {Promise.<*>}
      */
-    delete() {
-        return Promise.reject('not implemented');
+    async delete(fileName, targetDir) {
+        const filePath = path.join(targetDir, fileName);
+        return await fs.remove(filePath);
     }
 
     /**

package/core/server/api/canary/authentication.js

@@ -163,7 +163,7 @@ module.exports = {
                     options = Object.assign(options, {context: {internal: true}});
                     return auth.passwordreset.doReset(options, tokenParts, api.settings)
                         .then((params) => {
-                            web.shared.middlewares.api.spamPrevention.userLogin().reset(frame.options.ip, `${tokenParts.email}login`);
+                            web.shared.middleware.api.spamPrevention.userLogin().reset(frame.options.ip, `${tokenParts.email}login`);
                             return params;
                         });
                 });

package/core/server/api/canary/files.js

@@ -0,0 +1,19 @@
+const storage = require('../../adapters/storage');
+
+module.exports = {
+    docName: 'files',
+    upload: {
+        statusCode: 201,
+        permissions: false,
+        async query(frame) {
+            const filePath = await storage.getStorage('files').save({
+                name: frame.file.originalname,
+                path: frame.file.path
+            });
+
+            return {
+                filePath
+            };
+        }
+    }
+};

package/core/server/api/canary/index.js

@@ -109,6 +109,10 @@ module.exports = {
         return shared.pipeline(require('./media'), localUtils);
     },
 
+    get files() {
+        return shared.pipeline(require('./files'), localUtils);
+    },
+
     get tags() {
         return shared.pipeline(require('./tags'), localUtils);
     },

package/core/server/api/canary/media.js

@@ -1,3 +1,4 @@
+const path = require('path');
 const storage = require('../../adapters/storage');
 
 module.exports = {
@@ -6,17 +7,36 @@ module.exports = {
         statusCode: 201,
         permissions: false,
         async query(frame) {
-            let thumbnail = null;
+            let thumbnailPath = null;
             if (frame.files.thumbnail && frame.files.thumbnail[0]) {
-                thumbnail = await storage.getStorage('media').save(frame.files.thumbnail[0]);
+                thumbnailPath = await storage.getStorage('media').save(frame.files.thumbnail[0]);
             }
 
-            const file = await storage.getStorage('media').save(frame.files.file[0]);
+            const filePath = await storage.getStorage('media').save(frame.files.file[0]);
 
             return {
-                filePath: file,
-                thumbnailPath: thumbnail
+                filePath,
+                thumbnailPath
             };
         }
+    },
+
+    uploadThumbnail: {
+        permissions: false,
+        options: [
+            'url'
+        ],
+        async query(frame) {
+            const mediaStorage = storage.getStorage('media');
+            const targetDir = path.dirname(mediaStorage.urlToPath(frame.data.url));
+
+            // NOTE: need to cleanup otherwise the parent media name won't match thumb name
+            //       due to "unique name" generation during save
+            if (mediaStorage.exists(frame.file.name, targetDir)) {
+                await mediaStorage.delete(frame.file.name, targetDir);
+            }
+
+            return await mediaStorage.save(frame.file, targetDir);
+        }
     }
 };

package/core/server/api/canary/oembed.js

@@ -3,6 +3,9 @@ const externalRequest = require('../../lib/request-external');
 
 const OEmbed = require('../../services/oembed');
 const oembed = new OEmbed({config, externalRequest});
+const NFT = require('../../services/nft-oembed');
+const nft = new NFT();
+oembed.registerProvider(nft);
 
 module.exports = {
     docName: 'oembed',

package/core/server/api/canary/utils/serializers/input/index.js

@@ -35,6 +35,10 @@ module.exports = {
         return require('./members');
     },
 
+    get media() {
+        return require('./media');
+    },
+
     get products() {
         return require('./products');
     },

package/core/server/api/canary/utils/serializers/input/media.js

@@ -0,0 +1,8 @@
+const path = require('path');
+
+module.exports = {
+    uploadThumbnail(apiConfig, frame) {
+        const parentFileName = path.basename(frame.data.url, path.extname(frame.data.url));
+        frame.file.name = `${parentFileName}_thumb${frame.file.ext}`;
+    }
+};

package/core/server/api/canary/utils/serializers/output/config.js

@@ -1,25 +1,32 @@
 const _ = require('lodash');
+const labs = require('../../../../../../shared/labs');
 const debug = require('@tryghost/debug')('api:canary:utils:serializers:output:config');
 
 module.exports = {
     all(data, apiConfig, frame) {
         debug('all');
 
+        const keys = [
+            'version',
+            'environment',
+            'database',
+            'mail',
+            'useGravatar',
+            'labs',
+            'clientExtensions',
+            'enableDeveloperExperiments',
+            'stripeDirect',
+            'mailgunIsConfigured',
+            'emailAnalytics',
+            'hostSettings'
+        ];
+
+        if (labs.isSet('gifsCard')) {
+            keys.push('tenor');
+        }
+
         frame.response = {
-            config: _.pick(data, [
-                'version',
-                'environment',
-                'database',
-                'mail',
-                'useGravatar',
-                'labs',
-                'clientExtensions',
-                'enableDeveloperExperiments',
-                'stripeDirect',
-                'mailgunIsConfigured',
-                'emailAnalytics',
-                'hostSettings'
-            ])
+            config: _.pick(data, keys)
         };
     }
 };

package/core/server/api/canary/utils/serializers/output/files.js

@@ -0,0 +1,27 @@
+const config = require('../../../../../../shared/config');
+const {STATIC_FILES_URL_PREFIX} = require('@tryghost/constants');
+
+function getURL(urlPath) {
+    const media = new RegExp('^' + config.getSubdir() + '/' + STATIC_FILES_URL_PREFIX);
+    const absolute = media.test(urlPath) ? true : false;
+
+    if (absolute) {
+        // Remove the sub-directory from the URL because ghostConfig will add it back.
+        urlPath = urlPath.replace(new RegExp('^' + config.getSubdir()), '');
+        const baseUrl = config.getSiteUrl().replace(/\/$/, '');
+        urlPath = baseUrl + urlPath;
+    }
+
+    return urlPath;
+}
+
+module.exports = {
+    upload({filePath}, apiConfig, frame) {
+        return frame.response = {
+            files: [{
+                url: getURL(filePath),
+                ref: frame.data.ref || null
+            }]
+        };
+    }
+};

package/core/server/api/canary/utils/serializers/output/index.js

@@ -89,6 +89,10 @@ module.exports = {
         return require('./media');
     },
 
+    get files() {
+        return require('./files');
+    },
+
     get tags() {
         return require('./tags');
     },

package/core/server/api/canary/utils/serializers/output/media.js

@@ -24,5 +24,14 @@ module.exports = {
                 ref: frame.data.ref || null
             }]
         };
+    },
+
+    uploadThumbnail(path, apiConfig, frame) {
+        return frame.response = {
+            media: [{
+                url: getURL(path),
+                ref: frame.data.ref || null
+            }]
+        };
     }
 };

package/core/server/api/canary/utils/validators/input/files.js

@@ -0,0 +1,7 @@
+const limitService = require('../../../../../services/limits');
+
+module.exports = {
+    async upload(apiConfig, frame) {
+        await limitService.errorIfIsOverLimit('uploads', {currentCount: frame.file.size});
+    }
+};

package/core/server/api/canary/utils/validators/input/index.js

@@ -31,6 +31,10 @@ module.exports = {
         return require('./media');
     },
 
+    get files() {
+        return require('./files');
+    },
+
     get settings() {
         return require('./settings');
     },