ghost 4.36.3 → 4.38.1

package/core/server/data/schema/fixtures/fixtures.json

@@ -7,13 +7,15 @@
                     "name":             "Free",
                     "slug":             "free",
                     "type":             "free",
-                    "active":           true
+                    "active":           true,
+                    "visibility":       "public"
                 },
                 {
                     "name":             "Default Product",
                     "slug":             "default-product",
                     "type":             "paid",
-                    "active":           true
+                    "active":           true,
+                    "visibility":       "public"
                 }
             ]
         },

package/core/server/data/schema/schema.js

@@ -381,6 +381,13 @@ module.exports = {
         slug: {type: 'string', maxlength: 191, nullable: false, unique: true},
         active: {type: 'boolean', nullable: false, defaultTo: true},
         welcome_page_url: {type: 'string', maxlength: 2000, nullable: true},
+        visibility: {
+            type: 'string',
+            maxlength: 50,
+            nullable: false,
+            defaultTo: 'none',
+            validations: {isIn: [['public', 'none']]}
+        },
         monthly_price_id: {type: 'string', maxlength: 24, nullable: true},
         yearly_price_id: {type: 'string', maxlength: 24, nullable: true},
         description: {type: 'string', maxlength: 191, nullable: true},

package/core/server/models/product.js

@@ -5,7 +5,8 @@ const Product = ghostBookshelf.Model.extend({
     tableName: 'products',
 
     defaults: {
-        active: true
+        active: true,
+        visibility: 'none'
     },
 
     relationships: ['benefits'],

package/core/server/services/auth/api-key/admin.js

@@ -3,6 +3,7 @@ const url = require('url');
 const models = require('../../../models');
 const errors = require('@tryghost/errors');
 const limitService = require('../../../services/limits');
+const config = require('../../../../shared/config');
 const tpl = require('@tryghost/tpl');
 const _ = require('lodash');
 
@@ -139,12 +140,20 @@ const authenticateWithToken = async (req, res, next, {token, JWT_OPTIONS}) => {
         const secret = Buffer.from(apiKey.get('secret'), 'hex');
 
         const {pathname} = url.parse(req.originalUrl);
-        const [hasMatch, version = 'v4', api = 'admin'] = pathname.match(/ghost\/api\/([^/]+)\/([^/]+)\/(.+)*/); // eslint-disable-line no-unused-vars
-
-        // ensure the token was meant for this api version
-        const options = Object.assign({
-            audience: new RegExp(`\/?${version}\/${api}\/?$`) // eslint-disable-line no-useless-escape
-        }, JWT_OPTIONS);
+        const [hasMatch, version, api] = pathname.match(/ghost\/api\/([^/]+)\/([^/]+)\/(.+)*/); // eslint-disable-line no-unused-vars
+
+        // ensure the token was meant for this api
+        let options;
+        if (!config.get('api:versions:all').includes(version)) {
+            // CASE: non-versioned api request
+            options = Object.assign({
+                audience: new RegExp(`\/?${version}\/?$`) // eslint-disable-line no-useless-escape
+            }, JWT_OPTIONS);
+        } else {
+            options = Object.assign({
+                audience: new RegExp(`\/?${version}\/${api}\/?$`) // eslint-disable-line no-useless-escape
+            }, JWT_OPTIONS);
+        }
 
         try {
             jwt.verify(token, secret, options);

package/core/server/services/auth/setup.js

@@ -77,6 +77,7 @@ async function doSettings(data, settingsAPI) {
     const context = {context: {user: data.user.id}};
     const user = data.user;
     const blogTitle = data.userData.blogTitle;
+    const description = data.userData.description ? data.userData.description.trim() : null;
 
     let userSettings;
 
@@ -86,9 +87,15 @@ async function doSettings(data, settingsAPI) {
 
     userSettings = [
         {key: 'title', value: blogTitle.trim()},
-        {key: 'description', value: tpl(messages.sampleBlogDescription)}
+        {key: 'description', value: description || tpl(messages.sampleBlogDescription)}
     ];
 
+    if (data.userData.accentColor) {
+        userSettings.push({
+            key: 'accent_color', value: data.userData.accentColor
+        });
+    }
+
     await settingsAPI.edit({settings: userSettings}, context);
 
     return user;
@@ -157,6 +164,11 @@ async function installTheme(data, api) {
         return data;
     }
 
+    if (themeName.toLowerCase() === 'tryghost/casper') {
+        logging.warn('Skipping theme install as Casper is the default theme.');
+        return data;
+    }
+
     // Use the api instead of the services as the api performs extra logic
     try {
         const installResults = await api.themes.install({

package/core/server/services/email-analytics/lib/event-processor.js

@@ -1,5 +1,5 @@
 const {EventProcessor} = require('@tryghost/email-analytics-service');
-const moment = require('moment');
+const moment = require('moment-timezone');
 
 class GhostEventProcessor extends EventProcessor {
     constructor({db}) {
@@ -88,6 +88,23 @@ class GhostEventProcessor extends EventProcessor {
                 opened_at: this.db.knex.raw('COALESCE(opened_at, ?)', [moment.utc(event.timestamp).format('YYYY-MM-DD HH:mm:ss')])
             });
 
+        // Using the default timezone set in https://github.com/TryGhost/Ghost/blob/2c5643623db0fc4db390f6997c81a73dca7ccacd/core/server/data/schema/default-settings/default-settings.json#L105
+        let timezone = 'Etc/UTC';
+        const timezoneData = await this.db.knex('settings').first('value').where('key', 'timezone');
+        if (timezoneData && timezoneData.value) {
+            timezone = timezoneData.value;
+        }
+
+        await this.db.knex('members')
+            .where('email', '=', event.recipientEmail)
+            .andWhere(builder => builder
+                .where('last_seen_at', '<', moment.utc(event.timestamp).tz(timezone).startOf('day').utc().format('YYYY-MM-DD HH:mm:ss'))
+                .orWhereNull('last_seen_at')
+            )
+            .update({
+                last_seen_at: moment.utc(event.timestamp).format('YYYY-MM-DD HH:mm:ss')
+            });
+
         return updateResult > 0;
     }
 

package/core/server/services/members/middleware.js

@@ -110,9 +110,12 @@ const getPortalProductPrices = async function () {
             monthlyPrice: product.monthlyPrice,
             yearlyPrice: product.yearlyPrice,
             benefits: product.benefits,
+            active: product.active,
             type: product.type,
             prices: productPrices
         };
+    }).filter((product) => {
+        return !!product.active;
     });
     const defaultProduct = products.find((product) => {
         return product.type === 'paid';
@@ -198,7 +201,7 @@ const createSessionFromMagicLink = async function (req, res, next) {
 
         const action = req.query.action;
 
-        if (action === 'signup' || action === 'signup-paid') {
+        if (action === 'signup' || action === 'signup-paid' || action === 'subscribe') {
             let customRedirect = '';
             const mostRecentActiveSubscription = subscriptions
                 .sort((a, b) => {

package/core/server/services/members/service.js

@@ -16,6 +16,8 @@ const models = require('../../models');
 const {GhostMailer} = require('../mail');
 const jobsService = require('../jobs');
 const VerificationTrigger = require('@tryghost/verification-trigger');
+const DomainEvents = require('@tryghost/domain-events');
+const {LastSeenAtUpdater} = require('@tryghost/members-events-service');
 const events = require('../../lib/common/events');
 
 const messages = {
@@ -125,6 +127,13 @@ module.exports = {
             });
         }
 
+        module.exports.ssr = MembersSSR({
+            cookieSecure: urlUtils.isSSL(urlUtils.getSiteUrl()),
+            cookieKeys: [settingsCache.get('theme_session_secret')],
+            cookieName: 'ghost-members-ssr',
+            getMembersApi: () => module.exports.api
+        });
+
         verificationTrigger = new VerificationTrigger({
             configThreshold: _.get(config.get('hostSettings'), 'emailVerification.importThreshold'),
             isVerified: () => config.get('hostSettings:emailVerification:verified') === true,
@@ -132,7 +141,7 @@ module.exports = {
             sendVerificationEmail: ({subject, message, amountImported}) => {
                 const escalationAddress = config.get('hostSettings:emailVerification:escalationAddress');
                 const fromAddress = config.get('user_email');
-    
+
                 if (escalationAddress) {
                     ghostMailer.send({
                         subject,
@@ -151,6 +160,16 @@ module.exports = {
             eventRepository: membersApi.events
         });
 
+        new LastSeenAtUpdater({
+            models: {
+                Member: models.Member
+            },
+            services: {
+                domainEvents: DomainEvents,
+                settingsCache
+            }
+        });
+
         (async () => {
             try {
                 const collection = await models.SingleUseToken.fetchAll();
@@ -181,13 +200,7 @@ module.exports = {
         return membersSettings;
     },
 
-    ssr: MembersSSR({
-        cookieSecure: urlUtils.isSSL(urlUtils.getSiteUrl()),
-        cookieKeys: [settingsCache.get('theme_session_secret')],
-        cookieName: 'ghost-members-ssr',
-        cookieCacheName: 'ghost-members-ssr-cache',
-        getMembersApi: () => module.exports.api
-    }),
+    ssr: null,
 
     stripeConnect: require('./stripe-connect'),
 

package/core/server/services/route-settings/index.js

@@ -22,7 +22,7 @@ module.exports = {
             type: 'routes',
             extension: '.yaml',
             destinationFolderPath: config.getContentPath('settings'),
-            sourceFolderPath: config.get('paths').defaultSettings
+            sourceFolderPath: config.get('paths').defaultRouteSettings
         });
 
         return await defaultSettingsManager.ensureSettingsFileExists();

package/core/server/web/admin/views/default-prod.html

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
 
     
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.36%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.38%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
 
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -38,7 +38,7 @@
 
     
                 <link rel="stylesheet" href="assets/vendor.min-2c8ad32b7960bb605ebc20097fee5ebd.css">
-                <link rel="stylesheet" href="assets/ghost.min-75ed7451ca633bae1b345eb57e2c28e0.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-f4c59dd57a2136df8b0a34f87c099034.css" title="light">
             
 
     
@@ -56,8 +56,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
 
 
-                <script src="assets/vendor.min-2313642ee897688be83924a38d5e62f1.js"></script>
-                <script src="assets/ghost.min-801697772dc605c0dae0abfec54ec591.js"></script>
+                <script src="assets/vendor.min-c814d3c4b3f543c4cd5ef3aacd0fc645.js"></script>
+                <script src="assets/ghost.min-6386b02480494a69c3bfe66206754836.js"></script>
             
 </body>
 </html>

package/core/server/web/admin/views/default.html

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
 
     
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.36%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.38%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
 
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -38,7 +38,7 @@
 
     
                 <link rel="stylesheet" href="assets/vendor.min-2c8ad32b7960bb605ebc20097fee5ebd.css">
-                <link rel="stylesheet" href="assets/ghost.min-75ed7451ca633bae1b345eb57e2c28e0.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-f4c59dd57a2136df8b0a34f87c099034.css" title="light">
             
 
     
@@ -56,8 +56,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
 
 
-                <script src="assets/vendor.min-2313642ee897688be83924a38d5e62f1.js"></script>
-                <script src="assets/ghost.min-801697772dc605c0dae0abfec54ec591.js"></script>
+                <script src="assets/vendor.min-c814d3c4b3f543c4cd5ef3aacd0fc645.js"></script>
+                <script src="assets/ghost.min-6386b02480494a69c3bfe66206754836.js"></script>
             
 </body>
 </html>

package/core/server/web/api/app.js

@@ -25,6 +25,9 @@ module.exports = function setupApiApp() {
     apiApp.lazyUse(urlUtils.getVersionPath({version: 'canary', type: 'content'}), require('./canary/content/app'));
     apiApp.lazyUse(urlUtils.getVersionPath({version: 'canary', type: 'admin'}), require('./canary/admin/app'));
 
+    apiApp.lazyUse('/content/', require('./canary/content/app'));
+    apiApp.lazyUse('/admin/', require('./canary/admin/app'));
+
     // Error handling for requests to non-existent API versions
     apiApp.use(errorHandler.resourceNotFound);
     apiApp.use(errorHandler.handleJSONResponse(sentry));

package/core/server/web/api/canary/admin/middleware.js

@@ -31,6 +31,8 @@ const notImplemented = function (req, res, next) {
         members: ['GET', 'PUT', 'DELETE', 'POST'],
         config: ['GET'],
         schedules: ['PUT'],
+        files: ['POST'],
+        media: ['POST'],
         db: ['POST']
     };
 

package/core/server/web/api/canary/admin/routes.js

@@ -88,11 +88,18 @@ module.exports = function apiRoutes() {
     router.del('/tags/:id', mw.authAdminApi, http(api.tags.destroy));
 
     // Products
+    // TODO Remove
     router.get('/products', mw.authAdminApi, http(api.products.browse));
     router.post('/products', mw.authAdminApi, http(api.products.add));
     router.get('/products/:id', mw.authAdminApi, http(api.products.read));
     router.put('/products/:id', mw.authAdminApi, http(api.products.edit));
 
+    // Tiers
+    router.get('/tiers', mw.authAdminApi, http(api.tiers.browse));
+    router.post('/tiers', mw.authAdminApi, http(api.tiers.add));
+    router.get('/tiers/:id', mw.authAdminApi, http(api.tiers.read));
+    router.put('/tiers/:id', mw.authAdminApi, http(api.tiers.edit));
+
     // ## Members
     router.get('/members', mw.authAdminApi, http(api.members.browse));
     router.post('/members', mw.authAdminApi, http(api.members.add));

package/core/server/web/api/canary/content/routes.js

@@ -34,6 +34,7 @@ module.exports = function apiRoutes() {
     router.get('/settings', mw.authenticatePublic, http(api.publicSettings.browse));
 
     router.get('/products', mw.authenticatePublic, http(api.productsPublic.browse));
+    router.get('/tiers', mw.authenticatePublic, http(api.tiersPublic.browse));
 
     return router;
 };

package/core/server/web/members/app.js

@@ -39,7 +39,7 @@ module.exports = function setupMembersApp() {
     membersApp.get('/api/session', middleware.getIdentityToken);
     membersApp.get('/api/offers/:id', middleware.getOfferData);
     membersApp.delete('/api/session', middleware.deleteSession);
-    membersApp.get('/api/site', shared.middleware.cacheControl('public', {maxAge: 30}), middleware.getMemberSiteData);
+    membersApp.get('/api/site', middleware.getMemberSiteData);
 
     // NOTE: this is wrapped in a function to ensure we always go via the getter
     membersApp.post('/api/send-magic-link', bodyParser.json(), shared.middleware.brute.membersAuth, (req, res, next) => membersService.api.middleware.sendMagicLink(req, res, next));

package/core/server/web/shared/middleware/uncapitalise.js

@@ -27,13 +27,13 @@ const uncapitalise = (req, res, next) => {
     let decodedURI;
 
     const isSignupOrReset = pathToTest.match(/^(.*\/ghost\/(signup|reset)\/)/i);
-    const isAPI = pathToTest.match(/^(.*\/ghost\/api\/(v[\d.]+|canary)\/.*?\/)/i);
+    const isAPI = pathToTest.match(/^(.*\/ghost\/api(\/(v[\d.]+|canary))?\/.*?\/)/i);
 
     if (isSignupOrReset) {
         pathToTest = isSignupOrReset[1];
     }
 
-    // Do not lowercase anything after e.g. /api/v{X}/ to protect :key/:slug
+    // Do not lowercase anything after e.g. /ghost/api(/v{X})?/ to protect :key/:slug
     if (isAPI) {
         pathToTest = isAPI[1];
     }

package/core/shared/config/defaults.json

@@ -17,6 +17,7 @@
     "paths": {
         "contentPath": "content/",
         "fixtures": "core/server/data/schema/fixtures/fixtures",
+        "defaultSettings": "core/server/data/schema/default-settings/default-settings",
         "assetSrc": "core/frontend/src"
     },
     "adapters": {
@@ -127,8 +128,8 @@
         "emailAnalytics": true
     },
     "portal": {
-        "url": "https://unpkg.com/@tryghost/portal@~1.14.0/umd/portal.min.js",
-        "version": "1.14"
+        "url": "https://unpkg.com/@tryghost/portal@~1.15.0/umd/portal.min.js",
+        "version": "1.15"
     },
     "tenor": {
         "publicReadOnlyApiKey": null,

package/core/shared/config/overrides.json

@@ -6,7 +6,7 @@
         "helperTemplates": "core/frontend/helpers/tpl/",
         "adminViews": "core/server/web/admin/views/",
         "defaultViews": "core/server/views/",
-        "defaultSettings": "core/server/services/route-settings/",
+        "defaultRouteSettings": "core/server/services/route-settings/",
         "internalAppPath": "core/frontend/apps/",
         "internalAdaptersPath": "core/server/adapters/",
         "migrationPath": "core/server/data/migrations",

package/core/shared/config/utils.js

@@ -54,9 +54,13 @@ const checkUrlProtocol = function checkUrlProtocol(url) {
  * https://github.com/indexzero/nconf/issues/235#issuecomment-257606507
  */
 const sanitizeDatabaseProperties = function sanitizeDatabaseProperties(nconf) {
+    if (nconf.get('database:client') === 'mysql') {
+        nconf.set('database:client', 'mysql2');
+    }
+
     const database = nconf.get('database');
 
-    if (nconf.get('database:client') === 'mysql') {
+    if (nconf.get('database:client') === 'mysql2') {
         delete database.connection.filename;
     } else {
         delete database.connection.host;

package/core/shared/labs.js

@@ -34,7 +34,10 @@ const ALPHA_FEATURES = [
     'improvedOnboarding',
     'tierWelcomePages',
     'tierName',
-    'membersTableStatus'
+    'membersTableStatus',
+    'membersLastSeenFilter',
+    'membersContainsFilters',
+    'selectablePortalLinks'
 ];
 
 module.exports.GA_KEYS = [...GA_FEATURES];