ghost 4.22.3 → 4.25.0

package/core/server/web/admin/controller.js

@@ -1,10 +1,20 @@
 const debug = require('@tryghost/debug')('web:admin:controller');
+const errors = require('@tryghost/errors');
+const tpl = require('@tryghost/tpl');
 const path = require('path');
 const fs = require('fs');
 const crypto = require('crypto');
 const config = require('../../../shared/config');
 const updateCheck = require('../../update-check');
 
+const messages = {
+    templateError: {
+        message: 'Unable to find admin template file {templatePath}',
+        context: 'These template files are generated as part of the build process',
+        help: 'Please see {link}'
+    }
+};
+
 /**
  * @description Admin controller to handle /ghost/ requests.
  *
@@ -23,18 +33,31 @@ module.exports = function adminController(req, res) {
     const templatePath = path.resolve(config.get('paths').adminViews, defaultTemplate);
     const headers = {};
 
-    // Generate our own ETag header
-    //   `sendFile` by default uses filesize+lastmod date to generate an etag.
-    //   That doesn't work for admin templates because the filesize doesn't change between versions
-    //   and `npm pack` sets a fixed lastmod date for every file meaning the default etag never changes
-    const fileBuffer = fs.readFileSync(templatePath);
-    const hashSum = crypto.createHash('md5');
-    hashSum.update(fileBuffer);
-    headers.ETag = hashSum.digest('hex');
+    try {
+        // Generate our own ETag header
+        //   `sendFile` by default uses filesize+lastmod date to generate an etag.
+        //   That doesn't work for admin templates because the filesize doesn't change between versions
+        //   and `npm pack` sets a fixed lastmod date for every file meaning the default etag never changes
+        const fileBuffer = fs.readFileSync(templatePath);
+        const hashSum = crypto.createHash('md5');
+        hashSum.update(fileBuffer);
+        headers.ETag = hashSum.digest('hex');
 
-    if (config.get('adminFrameProtection')) {
-        headers['X-Frame-Options'] = 'sameorigin';
-    }
+        if (config.get('adminFrameProtection')) {
+            headers['X-Frame-Options'] = 'sameorigin';
+        }
 
-    res.sendFile(templatePath, {headers});
+        res.sendFile(templatePath, {headers});
+    } catch (error) {
+        if (error.code === 'ENOENT') {
+            throw new errors.IncorrectUsageError({
+                message: tpl(messages.templateError.message, {templatePath}),
+                context: tpl(messages.templateError.context),
+                help: tpl(messages.templateError.help, {link: 'https://ghost.org/docs/install/source/'}),
+                error: error
+            });
+        } else {
+            throw error;
+        }
+    }
 };

package/core/server/web/admin/middleware/redirect-admin-urls.js

@@ -0,0 +1,15 @@
+const urlUtils = require('../../../../shared/url-utils');
+
+function redirectAdminUrls(req, res, next) {
+    const subdir = urlUtils.getSubdir();
+    const ghostPathRegex = new RegExp(`^${subdir}/ghost/(.+)`);
+    const ghostPathMatch = req.originalUrl.match(ghostPathRegex);
+
+    if (ghostPathMatch) {
+        return res.redirect(urlUtils.urlJoin(urlUtils.urlFor('admin'), '#', ghostPathMatch[1]));
+    }
+
+    next();
+}
+
+module.exports = redirectAdminUrls;

package/core/server/web/admin/views/default-prod.html

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
 
     
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.22%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22emberKeyboard%22%3A%7B%22disableInputsInitializer%22%3Atrue%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.25%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22emberKeyboard%22%3A%7B%22disableInputsInitializer%22%3Atrue%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
 
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -41,7 +41,7 @@
 
     
                 <link rel="stylesheet" href="assets/vendor.min-987af30228885bce50f05c4723fe6f53.css">
-                <link rel="stylesheet" href="assets/ghost.min-4207edfc1ae0a3f9f6505ca00d20b0c0.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-043bb7480a0810109b130f13b2a4235e.css" title="light">
             
 
     
@@ -59,8 +59,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
 
 
-                <script src="assets/vendor.min-413f887176a041e6dbf88214ca9a7481.js"></script>
-                <script src="assets/ghost.min-7da921f6c6cac3fe10da1ba104575440.js"></script>
+                <script src="assets/vendor.min-d1234c632a54502777c34e50752fa3fc.js"></script>
+                <script src="assets/ghost.min-bc72f685c1c9adc9885925c1412435a5.js"></script>
             
 </body>
 </html>

package/core/server/web/admin/views/default.html

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
 
     
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.22%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22emberKeyboard%22%3A%7B%22disableInputsInitializer%22%3Atrue%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.25%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22emberKeyboard%22%3A%7B%22disableInputsInitializer%22%3Atrue%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
 
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -41,7 +41,7 @@
 
     
                 <link rel="stylesheet" href="assets/vendor.min-987af30228885bce50f05c4723fe6f53.css">
-                <link rel="stylesheet" href="assets/ghost.min-4207edfc1ae0a3f9f6505ca00d20b0c0.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-043bb7480a0810109b130f13b2a4235e.css" title="light">
             
 
     
@@ -59,8 +59,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
 
 
-                <script src="assets/vendor.min-413f887176a041e6dbf88214ca9a7481.js"></script>
-                <script src="assets/ghost.min-7da921f6c6cac3fe10da1ba104575440.js"></script>
+                <script src="assets/vendor.min-d1234c632a54502777c34e50752fa3fc.js"></script>
+                <script src="assets/ghost.min-bc72f685c1c9adc9885925c1412435a5.js"></script>
             
 </body>
 </html>

package/core/server/web/api/app.js

@@ -2,7 +2,7 @@ const debug = require('@tryghost/debug')('web:api:default:app');
 const config = require('../../../shared/config');
 const express = require('../../../shared/express');
 const urlUtils = require('../../../shared/url-utils');
-const errorHandler = require('../shared/middlewares/error-handler');
+const errorHandler = require('../shared/middleware/error-handler');
 
 module.exports = function setupApiApp() {
     debug('Parent API setup start');

package/core/server/web/api/canary/admin/app.js

@@ -19,22 +19,19 @@ module.exports = function setupApiApp() {
     // Query parsing
     apiApp.use(boolParser());
 
-    // send 503 json response in case of maintenance
-    apiApp.use(shared.middlewares.maintenance);
-
     // Check version matches for API requests, depends on res.locals.safeVersion being set
     // Therefore must come after themeHandler.ghostLocals, for now
     apiApp.use(apiMw.versionMatch);
 
     // Admin API shouldn't be cached
-    apiApp.use(shared.middlewares.cacheControl('private'));
+    apiApp.use(shared.middleware.cacheControl('private'));
 
     // Routing
     apiApp.use(routes());
 
     // API error handling
-    apiApp.use(shared.middlewares.errorHandler.resourceNotFound);
-    apiApp.use(shared.middlewares.errorHandler.handleJSONResponseV2);
+    apiApp.use(shared.middleware.errorHandler.resourceNotFound);
+    apiApp.use(shared.middleware.errorHandler.handleJSONResponseV2);
 
     debug('Admin API canary setup end');
 

package/core/server/web/api/canary/admin/middleware.js

@@ -44,7 +44,7 @@ const notImplemented = function (req, res, next) {
         }
     }
 
-    next(new errors.GhostError({
+    next(new errors.InternalServerError({
         errorType: 'NotImplementedError',
         message: tpl(messages.notImplemented),
         statusCode: '501'
@@ -59,8 +59,8 @@ module.exports.authAdminApi = [
     auth.authorize.authorizeAdminApi,
     apiMw.updateUserLastSeen,
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];
 
@@ -73,8 +73,8 @@ module.exports.authAdminApiWithUrl = [
     auth.authorize.authorizeAdminApi,
     apiMw.updateUserLastSeen,
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];
 
@@ -83,7 +83,7 @@ module.exports.authAdminApiWithUrl = [
  */
 module.exports.publicAdminApi = [
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];

package/core/server/web/api/canary/admin/routes.js

@@ -204,8 +204,8 @@ module.exports = function apiRoutes() {
     router.get('/session', mw.authAdminApi, http(api.session.read));
     // We don't need auth when creating a new session (logging in)
     router.post('/session',
-        shared.middlewares.brute.globalBlock,
-        shared.middlewares.brute.userLogin,
+        shared.middleware.brute.globalBlock,
+        shared.middleware.brute.userLogin,
         http(api.session.add)
     );
     router.del('/session', mw.authAdminApi, http(api.session.delete));
@@ -215,11 +215,11 @@ module.exports = function apiRoutes() {
 
     // ## Authentication
     router.post('/authentication/passwordreset',
-        shared.middlewares.brute.globalReset,
-        shared.middlewares.brute.userReset,
+        shared.middleware.brute.globalReset,
+        shared.middleware.brute.userReset,
         http(api.authentication.generateResetToken)
     );
-    router.put('/authentication/passwordreset', shared.middlewares.brute.globalBlock, http(api.authentication.resetPassword));
+    router.put('/authentication/passwordreset', shared.middleware.brute.globalBlock, http(api.authentication.resetPassword));
     router.post('/authentication/invitation', http(api.authentication.acceptInvitation));
     router.get('/authentication/invitation', http(api.authentication.isInvitation));
     router.post('/authentication/setup', http(api.authentication.setup));

package/core/server/web/api/canary/content/app.js

@@ -17,18 +17,15 @@ module.exports = function setupApiApp() {
     // Query parsing
     apiApp.use(boolParser());
 
-    // send 503 json response in case of maintenance
-    apiApp.use(shared.middlewares.maintenance);
-
     // API shouldn't be cached
-    apiApp.use(shared.middlewares.cacheControl('private'));
+    apiApp.use(shared.middleware.cacheControl('private'));
 
     // Routing
     apiApp.use(routes());
 
     // API error handling
-    apiApp.use(shared.middlewares.errorHandler.resourceNotFound);
-    apiApp.use(shared.middlewares.errorHandler.handleJSONResponse);
+    apiApp.use(shared.middleware.errorHandler.resourceNotFound);
+    apiApp.use(shared.middleware.errorHandler.handleJSONResponse);
 
     debug('Content API canary setup end');
 

package/core/server/web/api/canary/content/middleware.js

@@ -14,10 +14,10 @@ const shared = require('../../../shared');
  * Authentication for public endpoints
  */
 module.exports.authenticatePublic = [
-    shared.middlewares.brute.contentApiKey,
+    shared.middleware.brute.contentApiKey,
     auth.authenticate.authenticateContentApi,
     auth.authorize.authorizeContentApi,
     cors(),
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls
 ];

package/core/server/web/api/v2/admin/app.js

@@ -19,22 +19,19 @@ module.exports = function setupApiApp() {
     // Query parsing
     apiApp.use(boolParser());
 
-    // send 503 json response in case of maintenance
-    apiApp.use(shared.middlewares.maintenance);
-
     // Check version matches for API requests, depends on res.locals.safeVersion being set
     // Therefore must come after themeHandler.ghostLocals, for now
     apiApp.use(apiMw.versionMatch);
 
     // Admin API shouldn't be cached
-    apiApp.use(shared.middlewares.cacheControl('private'));
+    apiApp.use(shared.middleware.cacheControl('private'));
 
     // Routing
     apiApp.use(routes());
 
     // API error handling
-    apiApp.use(shared.middlewares.errorHandler.resourceNotFound);
-    apiApp.use(shared.middlewares.errorHandler.handleJSONResponseV2);
+    apiApp.use(shared.middleware.errorHandler.resourceNotFound);
+    apiApp.use(shared.middleware.errorHandler.handleJSONResponseV2);
 
     debug('Admin API v2 setup end');
 

package/core/server/web/api/v2/admin/middleware.js

@@ -40,7 +40,7 @@ const notImplemented = function (req, res, next) {
         }
     }
 
-    next(new errors.GhostError({
+    next(new errors.InternalServerError({
         errorType: 'NotImplementedError',
         message: tpl(messages.notImplemented),
         statusCode: '501'
@@ -55,8 +55,8 @@ module.exports.authAdminApi = [
     auth.authorize.authorizeAdminApi,
     apiMw.updateUserLastSeen,
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];
 
@@ -69,8 +69,8 @@ module.exports.authAdminApiWithUrl = [
     auth.authorize.authorizeAdminApi,
     apiMw.updateUserLastSeen,
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];
 
@@ -79,7 +79,7 @@ module.exports.authAdminApiWithUrl = [
  */
 module.exports.publicAdminApi = [
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];

package/core/server/web/api/v2/admin/routes.js

@@ -142,19 +142,19 @@ module.exports = function apiRoutes() {
     router.get('/session', mw.authAdminApi, http(api.session.read));
     // We don't need auth when creating a new session (logging in)
     router.post('/session',
-        shared.middlewares.brute.globalBlock,
-        shared.middlewares.brute.userLogin,
+        shared.middleware.brute.globalBlock,
+        shared.middleware.brute.userLogin,
         http(api.session.add)
     );
     router.del('/session', mw.authAdminApi, http(api.session.delete));
 
     // ## Authentication
     router.post('/authentication/passwordreset',
-        shared.middlewares.brute.globalReset,
-        shared.middlewares.brute.userReset,
+        shared.middleware.brute.globalReset,
+        shared.middleware.brute.userReset,
         http(api.authentication.generateResetToken)
     );
-    router.put('/authentication/passwordreset', shared.middlewares.brute.globalBlock, http(api.authentication.resetPassword));
+    router.put('/authentication/passwordreset', shared.middleware.brute.globalBlock, http(api.authentication.resetPassword));
     router.post('/authentication/invitation', http(api.authentication.acceptInvitation));
     router.get('/authentication/invitation', http(api.authentication.isInvitation));
     router.post('/authentication/setup', http(api.authentication.setup));

package/core/server/web/api/v2/content/app.js

@@ -17,18 +17,15 @@ module.exports = function setupApiApp() {
     // Query parsing
     apiApp.use(boolParser());
 
-    // send 503 json response in case of maintenance
-    apiApp.use(shared.middlewares.maintenance);
-
     // API shouldn't be cached
-    apiApp.use(shared.middlewares.cacheControl('private'));
+    apiApp.use(shared.middleware.cacheControl('private'));
 
     // Routing
     apiApp.use(routes());
 
     // API error handling
-    apiApp.use(shared.middlewares.errorHandler.resourceNotFound);
-    apiApp.use(shared.middlewares.errorHandler.handleJSONResponse);
+    apiApp.use(shared.middleware.errorHandler.resourceNotFound);
+    apiApp.use(shared.middleware.errorHandler.handleJSONResponse);
 
     debug('Content API v2 setup end');
 

package/core/server/web/api/v2/content/middleware.js

@@ -14,10 +14,10 @@ const shared = require('../../../shared');
  * Authentication for public endpoints
  */
 module.exports.authenticatePublic = [
-    shared.middlewares.brute.contentApiKey,
+    shared.middleware.brute.contentApiKey,
     auth.authenticate.authenticateContentApi,
     auth.authorize.authorizeContentApi,
     cors(),
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls
 ];

package/core/server/web/api/v3/admin/app.js

@@ -19,22 +19,19 @@ module.exports = function setupApiApp() {
     // Query parsing
     apiApp.use(boolParser());
 
-    // send 503 json response in case of maintenance
-    apiApp.use(shared.middlewares.maintenance);
-
     // Check version matches for API requests, depends on res.locals.safeVersion being set
     // Therefore must come after themeHandler.ghostLocals, for now
     apiApp.use(apiMw.versionMatch);
 
     // Admin API shouldn't be cached
-    apiApp.use(shared.middlewares.cacheControl('private'));
+    apiApp.use(shared.middleware.cacheControl('private'));
 
     // Routing
     apiApp.use(routes());
 
     // API error handling
-    apiApp.use(shared.middlewares.errorHandler.resourceNotFound);
-    apiApp.use(shared.middlewares.errorHandler.handleJSONResponseV2);
+    apiApp.use(shared.middleware.errorHandler.resourceNotFound);
+    apiApp.use(shared.middleware.errorHandler.handleJSONResponseV2);
 
     debug('Admin API v3 setup end');
 

package/core/server/web/api/v3/admin/middleware.js

@@ -44,7 +44,7 @@ const notImplemented = function (req, res, next) {
         }
     }
 
-    next(new errors.GhostError({
+    next(new errors.InternalServerError({
         errorType: 'NotImplementedError',
         message: tpl(messages.notImplemented),
         statusCode: '501'
@@ -59,8 +59,8 @@ module.exports.authAdminApi = [
     auth.authorize.authorizeAdminApi,
     apiMw.updateUserLastSeen,
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];
 
@@ -73,8 +73,8 @@ module.exports.authAdminApiWithUrl = [
     auth.authorize.authorizeAdminApi,
     apiMw.updateUserLastSeen,
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];
 
@@ -83,7 +83,7 @@ module.exports.authAdminApiWithUrl = [
  */
 module.exports.publicAdminApi = [
     apiMw.cors,
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls,
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls,
     notImplemented
 ];

package/core/server/web/api/v3/admin/routes.js

@@ -182,8 +182,8 @@ module.exports = function apiRoutes() {
     router.get('/session', mw.authAdminApi, http(api.session.read));
     // We don't need auth when creating a new session (logging in)
     router.post('/session',
-        shared.middlewares.brute.globalBlock,
-        shared.middlewares.brute.userLogin,
+        shared.middleware.brute.globalBlock,
+        shared.middleware.brute.userLogin,
         http(api.session.add)
     );
     router.del('/session', mw.authAdminApi, http(api.session.delete));
@@ -193,11 +193,11 @@ module.exports = function apiRoutes() {
 
     // ## Authentication
     router.post('/authentication/passwordreset',
-        shared.middlewares.brute.globalReset,
-        shared.middlewares.brute.userReset,
+        shared.middleware.brute.globalReset,
+        shared.middleware.brute.userReset,
         http(api.authentication.generateResetToken)
     );
-    router.put('/authentication/passwordreset', shared.middlewares.brute.globalBlock, http(api.authentication.resetPassword));
+    router.put('/authentication/passwordreset', shared.middleware.brute.globalBlock, http(api.authentication.resetPassword));
     router.post('/authentication/invitation', http(api.authentication.acceptInvitation));
     router.get('/authentication/invitation', http(api.authentication.isInvitation));
     router.post('/authentication/setup', http(api.authentication.setup));

package/core/server/web/api/v3/content/app.js

@@ -17,18 +17,15 @@ module.exports = function setupApiApp() {
     // Query parsing
     apiApp.use(boolParser());
 
-    // send 503 json response in case of maintenance
-    apiApp.use(shared.middlewares.maintenance);
-
     // API shouldn't be cached
-    apiApp.use(shared.middlewares.cacheControl('private'));
+    apiApp.use(shared.middleware.cacheControl('private'));
 
     // Routing
     apiApp.use(routes());
 
     // API error handling
-    apiApp.use(shared.middlewares.errorHandler.resourceNotFound);
-    apiApp.use(shared.middlewares.errorHandler.handleJSONResponse);
+    apiApp.use(shared.middleware.errorHandler.resourceNotFound);
+    apiApp.use(shared.middleware.errorHandler.handleJSONResponse);
 
     debug('Content API v3 setup end');
 

package/core/server/web/api/v3/content/middleware.js

@@ -14,10 +14,10 @@ const shared = require('../../../shared');
  * Authentication for public endpoints
  */
 module.exports.authenticatePublic = [
-    shared.middlewares.brute.contentApiKey,
+    shared.middleware.brute.contentApiKey,
     auth.authenticate.authenticateContentApi,
     auth.authorize.authorizeContentApi,
     cors(),
-    shared.middlewares.urlRedirects.adminSSLAndHostRedirect,
-    shared.middlewares.prettyUrls
+    shared.middleware.urlRedirects.adminSSLAndHostRedirect,
+    shared.middleware.prettyUrls
 ];

package/core/server/web/members/app.js

@@ -13,11 +13,8 @@ module.exports = function setupMembersApp() {
     debug('Members App setup start');
     const membersApp = express('members');
 
-    // send 503 json response in case of maintenance
-    membersApp.use(shared.middlewares.maintenance);
-
     // Members API shouldn't be cached
-    membersApp.use(shared.middlewares.cacheControl('private'));
+    membersApp.use(shared.middleware.cacheControl('private'));
 
     // Support CORS for requests from the frontend
     const siteUrl = new URL(urlUtils.getSiteUrl());
@@ -42,19 +39,19 @@ module.exports = function setupMembersApp() {
     membersApp.get('/api/site', middleware.getMemberSiteData);
 
     // NOTE: this is wrapped in a function to ensure we always go via the getter
-    membersApp.post('/api/send-magic-link', bodyParser.json(), shared.middlewares.brute.membersAuth, (req, res, next) => membersService.api.middleware.sendMagicLink(req, res, next));
+    membersApp.post('/api/send-magic-link', bodyParser.json(), shared.middleware.brute.membersAuth, (req, res, next) => membersService.api.middleware.sendMagicLink(req, res, next));
     membersApp.post('/api/create-stripe-checkout-session', (req, res, next) => membersService.api.middleware.createCheckoutSession(req, res, next));
     membersApp.post('/api/create-stripe-update-session', (req, res, next) => membersService.api.middleware.createCheckoutSetupSession(req, res, next));
     membersApp.put('/api/subscriptions/:id', (req, res, next) => membersService.api.middleware.updateSubscription(req, res, next));
     membersApp.post('/api/events', labs.enabledMiddleware('membersActivity'), middleware.loadMemberSession, (req, res, next) => membersService.api.middleware.createEvents(req, res, next));
 
     // API error handling
-    membersApp.use('/api', shared.middlewares.errorHandler.resourceNotFound);
-    membersApp.use('/api', shared.middlewares.errorHandler.handleJSONResponseV2);
+    membersApp.use('/api', shared.middleware.errorHandler.resourceNotFound);
+    membersApp.use('/api', shared.middleware.errorHandler.handleJSONResponseV2);
 
     // Webhook error handling
-    membersApp.use('/webhooks', shared.middlewares.errorHandler.resourceNotFound);
-    membersApp.use('/webhooks', shared.middlewares.errorHandler.handleJSONResponseV2);
+    membersApp.use('/webhooks', shared.middleware.errorHandler.resourceNotFound);
+    membersApp.use('/webhooks', shared.middleware.errorHandler.handleJSONResponseV2);
 
     debug('Members App setup end');
 

package/core/server/web/oauth/app.js

@@ -2,7 +2,6 @@ const debug = require('@tryghost/debug')('web:oauth:app');
 const {URL} = require('url');
 const express = require('../../../shared/express');
 const urlUtils = require('../../../shared/url-utils');
-const shared = require('../shared');
 const settingsCache = require('../../../shared/settings-cache');
 const models = require('../../models');
 const auth = require('../../services/auth');
@@ -24,9 +23,6 @@ module.exports = function setupOAuthApp() {
     }
     oauthApp.use(labsMiddleware);
 
-    // send 503 json response in case of maintenance
-    oauthApp.use(shared.middlewares.maintenance);
-
     /**
      * Configure the passport.authenticate middleware
      * We need to configure it on each request because clientId and secret