ghost 4.34.2 → 4.36.1

package/core/server/data/migrations/versions/4.35/2022-02-02-13-10-transform-specific-tiers-default-content-visibility.js

@@ -0,0 +1,147 @@
+const logging = require('@tryghost/logging');
+
+const {createTransactionalMigration} = require('../../utils');
+
+module.exports = createTransactionalMigration(
+    async function up(knex) {
+        logging.info('Checking default_content_visibility for specific tiers');
+
+        const settings = await knex('settings')
+            .select()
+            .whereIn('key', ['default_content_visibility', 'default_content_visibility_tiers']);
+        const contentVisibilitySetting = settings.find(d => d.key === 'default_content_visibility');
+        const visibilityTiersSetting = settings.find(d => d.key === 'default_content_visibility_tiers');
+        if (!contentVisibilitySetting) {
+            logging.warn('No default_content_visibility setting found.');
+            return;
+        }
+
+        if (!visibilityTiersSetting) {
+            logging.warn('No default_content_visibility_tiers setting found.');
+            return;
+        }
+
+        const contentVisibility = contentVisibilitySetting.value;
+
+        if (['public', 'members', 'paid'].includes(contentVisibility)) {
+            logging.info(`Ignoring default_content_visibility change as already set to ${contentVisibility}.`);
+            return;
+        }
+        // Transform visibility to tiers when stored as nql string
+        const isValidProductNqlFilter = /^(?:product:[\w-]+,?)+$/.test(contentVisibility);
+        const now = knex.raw('CURRENT_TIMESTAMP');
+        // Reset visibility value to paid if invalid string/filter
+        if (!isValidProductNqlFilter) {
+            logging.warn(`Found invalid default_content_visibility value - ${contentVisibility}, resetting to paid`);
+            await knex('settings')
+                .where({
+                    key: 'default_content_visibility'
+                })
+                .update({
+                    value: 'paid',
+                    updated_at: now
+                });
+
+            logging.info(`Resetting default_content_visibility_tiers to []`);
+            await knex('settings')
+                .where({
+                    key: 'default_content_visibility_tiers'
+                })
+                .update({
+                    value: JSON.stringify([]),
+                    updated_at: now
+                });
+            return;
+        }
+
+        // fetch product slugs from nql filter
+        const productSlugs = contentVisibility.split(',').map((segment) => {
+            return segment.replace('product:', '');
+        });
+
+        // get product ids for slugs
+        const products = await knex('products')
+            .select('id')
+            .whereIn('slug', productSlugs);
+        const productList = products.map((product) => {
+            return product.id;
+        });
+
+        logging.info(`Updating default_content_visibility to tiers`);
+        await knex('settings')
+            .where({
+                key: 'default_content_visibility'
+            })
+            .update({
+                value: 'tiers',
+                updated_at: now
+            });
+
+        logging.info(`Updating default_content_visibility_tiers to ${productList}`);
+        await knex('settings')
+            .where({
+                key: 'default_content_visibility_tiers'
+            })
+            .update({
+                value: JSON.stringify(productList),
+                updated_at: now
+            });
+    },
+    async function down(knex) {
+        logging.info('Reverting default_content_visibility for specific tiers');
+
+        const settings = await knex('settings')
+            .select()
+            .whereIn('key', ['default_content_visibility', 'default_content_visibility_tiers']);
+        const contentVisibilitySetting = settings.find(d => d.key === 'default_content_visibility');
+        const visibilityTiersSetting = settings.find(d => d.key === 'default_content_visibility_tiers');
+
+        const visibilityValue = contentVisibilitySetting && contentVisibilitySetting.value;
+        const visibilityTiersValue = visibilityTiersSetting && visibilityTiersSetting.value;
+
+        if (visibilityValue !== 'tiers') {
+            logging.info(`Ignoring default_content_visibility as is set to ${visibilityValue}.`);
+            return;
+        }
+
+        if (!visibilityTiersValue) {
+            logging.warn(`Ignoring, found empty default_content_visibility_tiers value`);
+            return;
+        }
+
+        try {
+            const parsedTiersValue = JSON.parse(visibilityTiersValue);
+            const products = await knex('products')
+                .select('slug')
+                .whereIn('id', parsedTiersValue);
+            const productSlugs = products.map((product) => {
+                return `product:${product.slug}`;
+            }).join(',');
+            const now = knex.raw('CURRENT_TIMESTAMP');
+
+            logging.info(`Setting default_content_visibility to ${productSlugs}`);
+            await knex('settings')
+                .where({
+                    key: 'default_content_visibility'
+                })
+                .update({
+                    value: productSlugs,
+                    updated_at: now
+                });
+
+            logging.info(`Setting default_content_visibility_tiers to []`);
+            await knex('settings')
+                .where({
+                    key: 'default_content_visibility_tiers'
+                })
+                .update({
+                    value: JSON.stringify([]),
+                    updated_at: now
+                });
+        } catch (e) {
+            logging.warn(`Invalid default_content_visibility_tiers value - ${visibilityTiersValue}`);
+            logging.warn(e);
+            return;
+        }
+    }
+);

package/core/server/data/migrations/versions/4.35/2022-02-04-04-34-populate-empty-portal-products.js

@@ -0,0 +1,60 @@
+const {createTransactionalMigration} = require('../../utils');
+const logging = require('@tryghost/logging');
+
+module.exports = createTransactionalMigration(
+    async function up(knex) {
+        const products = await knex
+            .select('id')
+            .where({
+                type: 'paid'
+            })
+            .from('products');
+
+        if (products.length === 0) {
+            logging.warn(`Skipping updating portal_products, no product exists`);
+            return;
+        }
+
+        if (products.length > 1) {
+            logging.warn(`Skipping updating portal_products, tiers beta is enabled`);
+            return;
+        }
+
+        const portalProductsSetting = await knex('settings')
+            .where('key', 'portal_products')
+            .select('value')
+            .first();
+
+        if (!portalProductsSetting) {
+            logging.warn(`Missing portal_products setting`);
+            return;
+        }
+        try {
+            const currPortalProductsValue = JSON.parse(portalProductsSetting.value);
+
+            if (currPortalProductsValue.length > 0) {
+                logging.warn(`Ignoring - portal_products setting is not empty, - ${currPortalProductsValue}`);
+                return;
+            }
+
+            const defaultProduct = products[0];
+            const portalProductsValue = [defaultProduct.id];
+
+            logging.info(`Setting portal_products setting to have product - ${defaultProduct.id}`);
+
+            const now = knex.raw('CURRENT_TIMESTAMP');
+
+            await knex('settings')
+                .where('key', 'portal_products')
+                .update({
+                    value: JSON.stringify(portalProductsValue),
+                    updated_at: now
+                });
+        } catch (e) {
+            logging.warn(`Ignoring, unable to parse portal_products setting value - ${portalProductsSetting.value}`);
+            logging.warn(e);
+        }
+    },
+    // no-op - we don't want to return to invalid state
+    async function down() {}
+);

package/core/server/data/migrations/versions/4.36/2022-02-07-14-34-add-last-seen-at-column-to-members.js

@@ -0,0 +1,10 @@
+const {createAddColumnMigration} = require('../../utils');
+
+module.exports = createAddColumnMigration(
+    'members',
+    'last_seen_at',
+    {
+        type: 'dateTime',
+        nullable: true
+    }
+);

package/core/server/data/schema/default-settings.json

@@ -235,6 +235,10 @@
             "defaultValue": "public",
             "type": "string"
         },
+        "default_content_visibility_tiers": {
+            "defaultValue": "[]",
+            "type": "array"
+        },
         "members_signup_access": {
             "defaultValue": "all",
             "validations": {

package/core/server/data/schema/schema.js

@@ -30,8 +30,8 @@ module.exports = {
             defaultTo: 'public'
         },
         email_recipient_filter: {
-            type: 'string',
-            maxlength: 50,
+            type: 'text',
+            maxlength: 1000000000,
             nullable: false,
             defaultTo: 'none'
         },
@@ -369,6 +369,7 @@ module.exports = {
         email_count: {type: 'integer', unsigned: true, nullable: false, defaultTo: 0},
         email_opened_count: {type: 'integer', unsigned: true, nullable: false, defaultTo: 0},
         email_open_rate: {type: 'integer', unsigned: true, nullable: true, index: true},
+        last_seen_at: {type: 'dateTime',nullable: true},
         created_at: {type: 'dateTime', nullable: false},
         created_by: {type: 'string', maxlength: 24, nullable: false},
         updated_at: {type: 'dateTime', nullable: true},
@@ -424,6 +425,12 @@ module.exports = {
         product_id: {type: 'string', maxlength: 24, nullable: false, references: 'products.id', cascadeDelete: true},
         sort_order: {type: 'integer', nullable: false, unsigned: true, defaultTo: 0}
     },
+    posts_products: {
+        id: {type: 'string', maxlength: 24, nullable: false, primary: true},
+        post_id: {type: 'string', maxlength: 24, nullable: false, references: 'posts.id', cascadeDelete: true},
+        product_id: {type: 'string', maxlength: 24, nullable: false, references: 'products.id', cascadeDelete: true},
+        sort_order: {type: 'integer', nullable: false, unsigned: true, defaultTo: 0}
+    },
     members_payment_events: {
         id: {type: 'string', maxlength: 24, nullable: false, primary: true},
         member_id: {type: 'string', maxlength: 24, nullable: false, references: 'members.id', cascadeDelete: true},
@@ -592,8 +599,8 @@ module.exports = {
             validations: {isIn: [['pending', 'submitting', 'submitted', 'failed']]}
         },
         recipient_filter: {
-            type: 'string',
-            maxlength: 50,
+            type: 'text',
+            maxlength: 1000000000,
             nullable: false,
             defaultTo: 'status:-free'
         },

package/core/server/models/post.js

@@ -54,9 +54,20 @@ Post = ghostBookshelf.Model.extend({
      */
     defaults: function defaults() {
         let visibility = 'public';
-
-        if (settingsCache.get('default_content_visibility')) {
-            visibility = settingsCache.get('default_content_visibility');
+        let tiers = [];
+        const defaultContentVisibility = settingsCache.get('default_content_visibility');
+        if (defaultContentVisibility) {
+            if (defaultContentVisibility === 'tiers') {
+                const tiersData = settingsCache.get('default_content_visibility_tiers') || [];
+                visibility = 'tiers',
+                tiers = tiersData.map((tierId) => {
+                    return {
+                        id: tierId
+                    };
+                });
+            } else if (defaultContentVisibility !== 'tiers') {
+                visibility = settingsCache.get('default_content_visibility');
+            }
         }
 
         return {
@@ -64,16 +75,18 @@ Post = ghostBookshelf.Model.extend({
             status: 'draft',
             featured: false,
             type: 'post',
+            tiers,
             visibility: visibility,
             email_recipient_filter: 'none'
         };
     },
 
-    relationships: ['tags', 'authors', 'mobiledoc_revisions', 'posts_meta'],
+    relationships: ['tags', 'authors', 'mobiledoc_revisions', 'posts_meta', 'tiers'],
 
     // NOTE: look up object, not super nice, but was easy to implement
     relationshipBelongsTo: {
         tags: 'tags',
+        tiers: 'products',
         authors: 'users',
         posts_meta: 'posts_meta'
     },
@@ -89,6 +102,17 @@ Post = ghostBookshelf.Model.extend({
         }
     },
 
+    tiers() {
+        return this.belongsToMany('Product', 'posts_products', 'post_id', 'product_id')
+            .withPivot('sort_order')
+            .query('orderBy', 'sort_order', 'ASC')
+            .query((qb) => {
+                // avoids bookshelf adding a `DISTINCT` to the query
+                // we know the result set will already be unique and DISTINCT hurts query performance
+                qb.columns('products.*');
+            });
+    },
+
     parse() {
         const attrs = ghostBookshelf.Model.prototype.parse.apply(this, arguments);
 
@@ -171,7 +195,7 @@ Post = ghostBookshelf.Model.extend({
 
         // transform visibility NQL queries to special-case values where necessary
         // ensures checks against special-case values such as `{{#has visibility="paid"}}` continue working
-        if (attrs.visibility && !['public', 'members', 'paid'].includes(attrs.visibility)) {
+        if (attrs.visibility && !['public', 'members', 'paid', 'tiers'].includes(attrs.visibility)) {
             if (attrs.visibility === 'status:-free') {
                 attrs.visibility = 'paid';
             } else {

package/core/server/models/settings.js

@@ -260,62 +260,60 @@ Settings = ghostBookshelf.Model.extend({
         await ghostBookshelf.knex.destroy();
         await ghostBookshelf.knex.initialize();
 
-        // fetch available columns to avoid populating columns not yet created by migrations
-        const columnInfo = await ghostBookshelf.knex.table('settings').columnInfo();
-        const columns = Object.keys(columnInfo);
-
-        // fetch other data that is used when inserting new settings
-        const date = ghostBookshelf.knex.raw('CURRENT_TIMESTAMP');
-        let owner;
-        try {
-            owner = await ghostBookshelf.model('User').getOwnerUser();
-        } catch (e) {
-            // in some tests the owner is deleted and not recreated before setup
-            if (e.errorType === 'NotFoundError') {
-                owner = {id: 1};
-            } else {
-                throw e;
-            }
-        }
+        const allSettings = await this.findAll(options);
 
-        return this
-            .findAll(options)
-            .then(function checkAllSettings(allSettings) {
-                const usedKeys = allSettings.models.map(function mapper(setting) {
-                    return setting.get('key');
-                });
+        const usedKeys = allSettings.models.map(function mapper(setting) {
+            return setting.get('key');
+        });
 
-                const insertOperations = [];
+        const settingsToInsert = [];
 
-                _.each(getDefaultSettings(), function forEachDefault(defaultSetting, defaultSettingKey) {
-                    const isMissingFromDB = usedKeys.indexOf(defaultSettingKey) === -1;
-                    if (isMissingFromDB) {
-                        defaultSetting.value = defaultSetting.getDefaultValue();
+        _.each(getDefaultSettings(), function forEachDefault(defaultSetting, defaultSettingKey) {
+            const isMissingFromDB = usedKeys.indexOf(defaultSettingKey) === -1;
+            if (isMissingFromDB) {
+                defaultSetting.value = defaultSetting.getDefaultValue();
+                settingsToInsert.push(defaultSetting);
+            }
+        });
 
-                        const settingValues = Object.assign({}, defaultSetting, {
-                            id: ObjectID().toHexString(),
-                            created_at: date,
-                            created_by: owner.id,
-                            updated_at: date,
-                            updated_by: owner.id
-                        });
+        if (settingsToInsert.length > 0) {
+            // fetch available columns to avoid populating columns not yet created by migrations
+            const columnInfo = await ghostBookshelf.knex.table('settings').columnInfo();
+            const columns = Object.keys(columnInfo);
+
+            // fetch other data that is used when inserting new settings
+            const date = ghostBookshelf.knex.raw('CURRENT_TIMESTAMP');
+            let owner;
+            try {
+                owner = await ghostBookshelf.model('User').getOwnerUser();
+            } catch (e) {
+                // in some tests the owner is deleted and not recreated before setup
+                if (e.errorType === 'NotFoundError') {
+                    owner = {id: 1};
+                } else {
+                    throw e;
+                }
+            }
 
-                        insertOperations.push(
-                            ghostBookshelf.knex
-                                .table('settings')
-                                .insert(_.pick(settingValues, columns))
-                        );
-                    }
+            const settingsDataToInsert = settingsToInsert.map((setting) => {
+                const settingValues = Object.assign({}, setting, {
+                    id: ObjectID().toHexString(),
+                    created_at: date,
+                    created_by: owner.id,
+                    updated_at: date,
+                    updated_by: owner.id
                 });
 
-                if (insertOperations.length > 0) {
-                    return Promise.all(insertOperations).then(function fetchAllToReturn() {
-                        return self.findAll(options);
-                    });
-                }
-
-                return allSettings;
+                return _.pick(settingValues, columns);
             });
+
+            await ghostBookshelf.knex
+                .batchInsert('settings', settingsDataToInsert);
+
+            return self.findAll(options);
+        }
+
+        return allSettings;
     },
 
     permissible: function permissible(modelId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasApiKeyPermission) {

package/core/server/services/auth/setup.js

@@ -149,11 +149,47 @@ function sendWelcomeEmail(email, mailAPI) {
     return Promise.resolve();
 }
 
+async function installTheme(data, api) {
+    const {theme: themeName} = data.userData;
+
+    if (!themeName) {
+        return data;
+    }
+
+    // Use the api instead of the services as the api performs extra logic
+    try {
+        const installResults = await api.themes.install({
+            source: 'github',
+            ref: themeName,
+            context: {internal: true}
+        });
+        const theme = installResults.themes[0];
+
+        await api.themes.activate({
+            name: theme.name,
+            context: {internal: true}
+        });
+    } catch (e) {
+        //Fallback to Casper by doing nothing as the theme setting update is the last step
+
+        await api.notifications.add({
+            notifications: [{
+                custom: true, //avoids update-check from deleting the notification
+                type: 'warn',
+                message: 'The installation of the theme you have selected wasn\'t successful.'
+            }]
+        }, {context: {internal: true}});
+    }
+
+    return data;
+}
+
 module.exports = {
     checkIsSetup: checkIsSetup,
     assertSetupCompleted: assertSetupCompleted,
     setupUser: setupUser,
     doSettings: doSettings,
     doProduct: doProduct,
-    sendWelcomeEmail: sendWelcomeEmail
+    sendWelcomeEmail: sendWelcomeEmail,
+    installTheme: installTheme
 };

package/core/server/services/bulk-email/bulk-email-processor.js

@@ -130,6 +130,7 @@ module.exports = {
                 id: emailModel.id
             });
         } catch (err) {
+            sentry.captureException(err);
             logging.error(err);
         }
 

package/core/server/services/mega/template.js

@@ -1151,7 +1151,7 @@ ${ templateSettings.showBadge ? `
                                             <table role="presentation" border="0" cellpadding="0" cellspacing="0">
                                                 ${ templateSettings.showHeaderIcon && site.iconUrl ? `
                                                 <tr>
-                                                    <td class="site-icon"><a href="${site.url}"><img src="${site.iconUrl}" border="0"></a></td>
+                                                    <td class="site-icon"><a href="${site.url}"><img src="${site.iconUrl}" alt="${site.title}" border="0"></a></td>
                                                 </tr>
                                                 ` : ``}
                                                 ${ templateSettings.showHeaderTitle ? `

package/core/server/services/members/content-gating.js

@@ -40,7 +40,15 @@ function checkPostAccess(post, member) {
         return PERMIT_ACCESS;
     }
 
-    const visibility = post.visibility === 'paid' ? 'status:-free' : post.visibility;
+    let visibility = post.visibility === 'paid' ? 'status:-free' : post.visibility;
+    if (visibility === 'tiers') {
+        if (!post.tiers) {
+            return BLOCK_ACCESS;
+        }
+        visibility = post.tiers.map((product) => {
+            return `product:${product.slug}`;
+        }).join(',');
+    }
 
     if (visibility && member.status && nql(visibility, {expansions: MEMBER_NQL_EXPANSIONS}).queryJSON(member)) {
         return PERMIT_ACCESS;

package/core/server/services/members/middleware.js

@@ -1,6 +1,7 @@
 const _ = require('lodash');
 const logging = require('@tryghost/logging');
 const membersService = require('./service');
+const models = require('../../models');
 const offersService = require('../offers/service');
 const urlUtils = require('../../../shared/url-utils');
 const ghostVersion = require('@tryghost/version');
@@ -197,12 +198,28 @@ const createSessionFromMagicLink = async function (req, res, next) {
 
         const action = req.query.action;
 
-        if (action === 'signup') {
+        if (action === 'signup' || action === 'signup-paid') {
             let customRedirect = '';
-            if (subscriptions.find(sub => ['active', 'trialing'].includes(sub.status))) {
-                customRedirect = settingsCache.get('members_paid_signup_redirect') || '';
+            const mostRecentActiveSubscription = subscriptions
+                .sort((a, b) => {
+                    const aStartDate = new Date(a.start_date);
+                    const bStartDate = new Date(b.start_date);
+                    return bStartDate.valueOf() - aStartDate.valueOf();
+                })
+                .find(sub => ['active', 'trialing'].includes(sub.status));
+            if (mostRecentActiveSubscription) {
+                if (labsService.isSet('tierWelcomePages')) {
+                    customRedirect = mostRecentActiveSubscription.tier.welcome_page_url;
+                } else {
+                    customRedirect = settingsCache.get('members_paid_signup_redirect') || '';
+                }
             } else {
-                customRedirect = settingsCache.get('members_free_signup_redirect') || '';
+                if (labsService.isSet('tierWelcomePages')) {
+                    const freeTier = await models.Product.findOne({type: 'free'});
+                    customRedirect = freeTier && freeTier.get('welcome_page_url') || '';
+                } else {
+                    customRedirect = settingsCache.get('members_free_signup_redirect') || '';
+                }
             }
 
             if (customRedirect && customRedirect !== '/') {

package/core/server/services/members/service.js

@@ -16,13 +16,12 @@ const models = require('../../models');
 const {GhostMailer} = require('../mail');
 const jobsService = require('../jobs');
 const VerificationTrigger = require('@tryghost/verification-trigger');
+const events = require('../../lib/common/events');
 
 const messages = {
     noLiveKeysInDevelopment: 'Cannot use live stripe keys in development. Please restart in production mode.',
     sslRequiredForStripe: 'Cannot run Ghost without SSL when Stripe is connected. Please update your url config to use "https://".',
-    remoteWebhooksInDevelopment: 'Cannot use remote webhooks in development. See https://ghost.org/docs/webhooks/#stripe-webhooks for developing with Stripe.',
-    emailVerificationNeeded: `We're hard at work processing your import. To make sure you get great deliverability on a list of that size, we'll need to enable some extra features for your account. A member of our team will be in touch with you by email to review your account make sure everything is configured correctly so you're ready to go.`,
-    emailVerificationEmailMessage: `Email verification needed for site: {siteUrl}, just imported: {importedNumber} members.`
+    remoteWebhooksInDevelopment: 'Cannot use remote webhooks in development. See https://ghost.org/docs/webhooks/#stripe-webhooks for developing with Stripe.'
 };
 
 const ghostMailer = new GhostMailer();
@@ -63,7 +62,8 @@ const processImport = async (options) => {
     if (importSize > importThreshold) {
         await verificationTrigger.startVerificationProcess({
             amountImported: importSize,
-            throwOnTrigger: true
+            throwOnTrigger: true,
+            source: 'import'
         });
     }
 
@@ -76,6 +76,32 @@ module.exports = {
         const createMembersApiInstance = require('./api');
         const env = config.get('env');
 
+        events.on('settings.edited', async function (settingModel) {
+            if (labsService.isSet('multipleProducts')) {
+                return;
+            }
+
+            const key = settingModel.get('key');
+            const value = settingModel.get('value');
+
+            if (key === 'members_free_signup_redirect') {
+                try {
+                    await models.Product.forge().query().update('welcome_page_url', value).where('type', 'free');
+                } catch (err) {
+                    logging.error(err);
+                }
+                return;
+            }
+            if (key === 'members_paid_signup_redirect') {
+                try {
+                    await models.Product.forge().query().update('welcome_page_url', value).where('type', 'paid');
+                } catch (err) {
+                    logging.error(err);
+                }
+                return;
+            }
+        });
+
         // @TODO Move to stripe service
         if (env !== 'production') {
             if (stripeService.api.configured && stripeService.api.mode === 'live') {