npm - ghost - Versions diffs - 4.43.1 → 4.46.0 - Mend

ghost 4.43.1 → 4.46.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (120) hide show

package/core/server/services/newsletters/emails/verify-email.js ADDED Viewed

@@ -0,0 +1,166 @@
+module.exports = ({email, url}) => `
+<!doctype html>
+<html>
+  <head>
+    <meta name="viewport" content="width=device-width">
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <title>Confirm your email address</title>
+    <style>
+    /* -------------------------------------
+        RESPONSIVE AND MOBILE FRIENDLY STYLES
+    ------------------------------------- */
+    @media only screen and (max-width: 620px) {
+      table[class=body] h1 {
+        font-size: 28px !important;
+        margin-bottom: 10px !important;
+      }
+      table[class=body] p,
+            table[class=body] ul,
+            table[class=body] ol,
+            table[class=body] td,
+            table[class=body] span,
+            table[class=body] a {
+        font-size: 16px !important;
+      }
+      table[class=body] .wrapper,
+            table[class=body] .article {
+        padding: 10px !important;
+      }
+      table[class=body] .content {
+        padding: 0 !important;
+      }
+      table[class=body] .container {
+        padding: 0 !important;
+        width: 100% !important;
+      }
+      table[class=body] .main {
+        border-left-width: 0 !important;
+        border-radius: 0 !important;
+        border-right-width: 0 !important;
+      }
+      table[class=body] .btn table {
+        width: 100% !important;
+      }
+      table[class=body] .btn a {
+        width: 100% !important;
+      }
+      table[class=body] .img-responsive {
+        height: auto !important;
+        max-width: 100% !important;
+        width: auto !important;
+      }
+    }
+    /* -------------------------------------
+        PRESERVE THESE STYLES IN THE HEAD
+    ------------------------------------- */
+    @media all {
+      .ExternalClass {
+        width: 100%;
+      }
+      .ExternalClass,
+            .ExternalClass p,
+            .ExternalClass span,
+            .ExternalClass font,
+            .ExternalClass td,
+            .ExternalClass div {
+        line-height: 100%;
+      }
+      .recipient-link a {
+        color: inherit !important;
+        font-family: inherit !important;
+        font-size: inherit !important;
+        font-weight: inherit !important;
+        line-height: inherit !important;
+        text-decoration: none !important;
+      }
+      #MessageViewBody a {
+        color: inherit;
+        text-decoration: none;
+        font-size: inherit;
+        font-family: inherit;
+        font-weight: inherit;
+        line-height: inherit;
+      }
+    }
+    hr {
+      border-width: 0;
+      height: 0;
+      margin-top: 34px;
+      margin-bottom: 34px;
+      border-bottom-width: 1px;
+      border-bottom-color: #EEF5F8;
+    }
+    </style>
+  </head>
+  <body style="background-color: #F4F8FB; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; -webkit-font-smoothing: antialiased; font-size: 14px; line-height: 1.4; margin: 0; padding: 0; -ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;">
+    <table border="0" cellpadding="0" cellspacing="0" class="body" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background-color: #F4F8FB;">
+      <tr>
+        <td style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; vertical-align: top;">&nbsp;</td>
+        <td class="container" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; vertical-align: top; display: block; Margin: 0 auto; max-width: 600px; padding: 10px; width: 600px;">
+          <div class="content" style="box-sizing: border-box; display: block; Margin: 0 auto; max-width: 600px; padding: 30px 20px;">
+            <!-- START CENTERED WHITE CONTAINER -->
+            <table class="main" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background: #ffffff; border-radius: 8px;">
+              <!-- START MAIN CONTENT AREA -->
+              <tr>
+                <td class="wrapper" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; vertical-align: top; box-sizing: border-box; padding: 40px 50px;">
+                  <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%;">
+                    <tr>
+                      <td style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; vertical-align: top;">
+                        <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 20px; color: #15212A; font-weight: bold; line-height: 25px; margin: 0; margin-bottom: 15px;">Hey there,</p>
+                        <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; color: #3A464C; font-weight: normal; margin: 0; line-height: 25px; margin-bottom: 32px;">Please confirm your email address with this link:</p>
+                        <table border="0" cellpadding="0" cellspacing="0" class="btn btn-primary" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; box-sizing: border-box;">
+                          <tbody>
+                            <tr>
+                              <td align="left" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; vertical-align: top; padding-bottom: 35px;">
+                                <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: auto;">
+                                  <tbody>
+                                    <tr>
+                                      <td style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; vertical-align: top; background-color: #15212A; border-radius: 5px; text-align: center;"> <a href="${url}" target="_blank" style="display: inline-block; color: #ffffff; background-color: #15212A; border: solid 1px #15212A; border-radius: 5px; box-sizing: border-box; cursor: pointer; text-decoration: none; font-size: 16px; font-weight: normal; margin: 0; padding: 9px 22px 10px; border-color: #15212A;" data-test-verify-link>Confirm email address</a> </td>
+                                    </tr>
+                                  </tbody>
+                                </table>
+                              </td>
+                            </tr>
+                          </tbody>
+                        </table>
+                        <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; color: #3A464C; font-weight: normal; margin: 0; line-height: 25px; margin-bottom: 25px;">For your security, the link will expire in 24 hours time.</p>
+                        <hr/>
+                        <p style="word-break: break-all; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 15px; color: #3A464C; font-weight: normal; margin: 0; line-height: 25px; margin-bottom: 5px;">You can also copy & paste this URL into your browser:</p>
+                        <p style="word-break: break-all; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; line-height: 21px; margin-top: 0; color: #738A94;">${url}</p>
+                      </td>
+                    </tr>
+                  </table>
+                </td>
+              </tr>
+            <!-- END MAIN CONTENT AREA -->
+            </table>
+            <!-- START FOOTER -->
+            <div class="footer" style="clear: both; Margin-top: 10px; text-align: center; width: 100%;">
+              <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%;">
+                <tr>
+                  <td class="content-block" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; vertical-align: top; padding-bottom: 5px; padding-top: 15px; font-size: 13px; line-height: 21px; color: #738A94; text-align: center;">
+                    If you did not make this request, you can simply delete this message.<br/>This email address will not be used.
+                  </td>
+                </tr>
+                <tr>
+                  <td class="content-block" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; vertical-align: top; padding-bottom: 10px; padding-top: 10px; font-size: 13px; color: #738A94; text-align: center;">
+                    <span class="recipient-link" style="color: #738A94; font-size: 13px; text-align: center;">Sent to <a href="mailto:${email}" style="text-decoration: underline; color: #738A94; font-size: 13px; text-align: center;">${email}</a></span>
+                  </td>
+                </tr>
+              </table>
+            </div>
+            <!-- END FOOTER -->
+          <!-- END CENTERED WHITE CONTAINER -->
+          </div>
+        </td>
+        <td style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; vertical-align: top;">&nbsp;</td>
+      </tr>
+    </table>
+  </body>
+</html>
+`;

package/core/server/services/newsletters/index.js CHANGED Viewed

@@ -1,10 +1,17 @@
 const NewslettersService = require('./service.js');
+const SingleUseTokenProvider = require('../members/SingleUseTokenProvider');
+const mail = require('../mail');
+const models = require('../../models');
+const urlUtils = require('../../../shared/url-utils');
+const limitService = require('../limits');
-/**
- * @returns {NewslettersService} instance of the NewslettersService
- */
-const getNewslettersServiceInstance = ({NewsletterModel}) => {
-    return new NewslettersService({NewsletterModel});
-};
+const MAGIC_LINK_TOKEN_VALIDITY = 24 * 60 * 60 * 1000;
-module.exports = getNewslettersServiceInstance;
+module.exports = new NewslettersService({
+    NewsletterModel: models.Newsletter,
+    MemberModel: models.Member,
+    mail,
+    singleUseTokenProvider: new SingleUseTokenProvider(models.SingleUseToken, MAGIC_LINK_TOKEN_VALIDITY),
+    urlUtils,
+    limitService
+});

package/core/server/services/newsletters/service.js CHANGED Viewed

@@ -1,24 +1,255 @@
+const _ = require('lodash');
+const MagicLink = require('@tryghost/magic-link');
+const logging = require('@tryghost/logging');
+const verifyEmailTemplate = require('./emails/verify-email');
+const debug = require('@tryghost/debug')('services:newsletters');
 class NewslettersService {
     /**
      *
      * @param {Object} options
      * @param {Object} options.NewsletterModel
+     * @param {Object} options.MemberModel
+     * @param {Object} options.mail
+     * @param {Object} options.singleUseTokenProvider
+     * @param {Object} options.urlUtils
+     * @param {ILimitService} options.limitService
      */
-    constructor({NewsletterModel}) {
+    constructor({NewsletterModel, MemberModel, mail, singleUseTokenProvider, urlUtils, limitService}) {
         this.NewsletterModel = NewsletterModel;
+        this.MemberModel = MemberModel;
+        this.urlUtils = urlUtils;
+        /** @private */
+        this.limitService = limitService;
+        /* email verification setup */
+        this.ghostMailer = new mail.GhostMailer();
+        const {transporter, getSubject, getText, getHTML, getSigninURL} = {
+            transporter: {
+                sendMail() {
+                    // noop - overridden in `sendEmailVerificationMagicLink`
+                }
+            },
+            getSubject() {
+                // not used - overridden in `sendEmailVerificationMagicLink`
+                return `Verify email address`;
+            },
+            getText(url, type, email) {
+                return `
+                Hey there,
+                Please confirm your email address with this link:
+                ${url}
+                For your security, the link will expire in 24 hours time.
+                ---
+                Sent to ${email}
+                If you did not make this request, you can simply delete this message. This email address will not be used.
+                `;
+            },
+            getHTML(url, type, email) {
+                return verifyEmailTemplate({url, email});
+            },
+            getSigninURL(token) {
+                const adminUrl = urlUtils.urlFor('admin', true);
+                const signinURL = new URL(adminUrl);
+                signinURL.hash = `/settings/newsletters/?verifyEmail=${token}`;
+                return signinURL.href;
+            }
+        };
+        this.magicLinkService = new MagicLink({
+            transporter,
+            tokenProvider: singleUseTokenProvider,
+            getSigninURL,
+            getText,
+            getHTML,
+            getSubject
+        });
     }
     /**
-     *
-     * @param {Object} options browse options
-     * @returns
+     * @public
+     * @param {Object} [options] options
+     * @returns {Promise<object>} JSONified Newsletter models
      */
-    async browse(options) {
+    async browse(options = {}) {
         let newsletters = await this.NewsletterModel.findAll(options);
         return newsletters.toJSON();
     }
+    /**
+     * @public
+     * @param {object} attrs model properties
+     * @param {Object} [options] options
+     * @param {Object} [options] options.transacting
+     * @returns {Promise<{object}>} Newsetter Model with verification metadata
+     */
+    async add(attrs, options = {}) {
+        // create newsletter and assign members in the same transaction
+        if (options.opt_in_existing && !options.transacting) {
+            return this.NewsletterModel.transaction((transacting) => {
+                options.transacting = transacting;
+                return this.add(attrs, options);
+            });
+        }
+        await this.limitService.errorIfWouldGoOverLimit('newsletters');
+        // remove any email properties that are not allowed to be set without verification
+        const {cleanedAttrs, emailsToVerify} = await this.prepAttrsForEmailVerification(attrs);
+        // add this newsletter last
+        const sortOrder = await this.NewsletterModel.getNextAvailableSortOrder(options);
+        cleanedAttrs.sort_order = sortOrder;
+        // add the model now because we need the ID for sending verification emails
+        const newsletter = await this.NewsletterModel.add(cleanedAttrs, options);
+        // subscribe existing members if opt_in_existing=true
+        if (options.opt_in_existing) {
+            debug(`Subscribing members to newsletter '${newsletter.get('name')}'`);
+            // subscribe members that have an existing subscription to an active newsletter
+            const memberIds = await this.MemberModel.fetchAllSubscribed(_.pick(options, 'transacting'));
+            newsletter.meta = newsletter.meta || {};
+            newsletter.meta.opted_in_member_count = memberIds.length;
+            if (memberIds.length) {
+                debug(`Found ${memberIds.length} members to subscribe`);
+                await newsletter.subscribeMembersById(memberIds, options);
+            }
+        }
+        // send any verification emails and respond with the appropriate meta added
+        return this.respondWithEmailVerification(newsletter, emailsToVerify);
+    }
+    /**
+     * @public
+     * @param {object} attrs model properties
+     * @param {Object} [options] options
+     * @returns {Promise<{object}>} Newsetter Model with verification metadata
+     */
+    async edit(attrs, options = {}) {
+        // fetch newsletter first so we can compare changed emails
+        const originalNewsletter = await this.NewsletterModel.findOne(options, {require: true});
+        const {cleanedAttrs, emailsToVerify} = await this.prepAttrsForEmailVerification(attrs, originalNewsletter);
+        const updatedNewsletter = await this.NewsletterModel.edit(cleanedAttrs, options);
+        return this.respondWithEmailVerification(updatedNewsletter, emailsToVerify);
+    }
+    /**
+     * @public
+     * @param {string} token - token that provides details of what to update
+     * @returns {Promise<{object}>} Newsetter Model
+     */
+    async verifyPropertyUpdate(token) {
+        const data = await this.magicLinkService.getDataFromToken(token);
+        const {id, property, value} = data;
+        const attrs = {};
+        attrs[property] = value;
+        return this.NewsletterModel.edit(attrs, {id});
+    }
+    /* Email verification Internals */
+    /**
+     * @private
+     */
+    async prepAttrsForEmailVerification(attrs, newsletter) {
+        const cleanedAttrs = _.cloneDeep(attrs);
+        const emailsToVerify = [];
+        for (const property of ['sender_email']) {
+            const email = cleanedAttrs[property];
+            const hasChanged = !newsletter || newsletter.get(property) !== email;
+            if (await this.requiresEmailVerification({email, hasChanged})) {
+                delete cleanedAttrs[property];
+                emailsToVerify.push({email, property});
+            }
+        }
+        return {cleanedAttrs, emailsToVerify};
+    }
+    /**
+     * @private
+     */
+    async requiresEmailVerification({email, hasChanged}) {
+        if (!email || !hasChanged) {
+            return false;
+        }
+        // TODO: check other newsletters for known/verified email
+        return true;
+    }
+    /**
+     * @private
+     */
+    async respondWithEmailVerification(newsletter, emailsToVerify) {
+        if (emailsToVerify.length > 0) {
+            for (const {email, property} of emailsToVerify) {
+                await this.sendEmailVerificationMagicLink({id: newsletter.get('id'), email, property});
+            }
+            newsletter.meta = newsletter.meta || {};
+            newsletter.meta.sent_email_verification = emailsToVerify.map(v => v.property);
+        }
+        return newsletter;
+    }
+    /**
+     * @private
+     */
+    async sendEmailVerificationMagicLink({id, email, property = 'sender_from'}) {
+        const [,toDomain] = email.split('@');
+        let fromEmail = `noreply@${toDomain}`;
+        if (fromEmail === email) {
+            fromEmail = `no-reply@${toDomain}`;
+        }
+        const {ghostMailer} = this;
+        this.magicLinkService.transporter = {
+            sendMail(message) {
+                if (process.env.NODE_ENV !== 'production') {
+                    logging.warn(message.text);
+                }
+                let msg = Object.assign({
+                    from: fromEmail,
+                    subject: 'Verify email address',
+                    forceTextContent: true
+                }, message);
+                return ghostMailer.send(msg);
+            }
+        };
+        return this.magicLinkService.sendMagicLink({email, tokenData: {id, property, value: email}});
+    }
 }
-module.exports = NewslettersService;
+/**
+ * @typedef {object} ILimitService
+ * @prop {(name: string) => Promise<void>} errorIfWouldGoOverLimit
+ **/
+module.exports = NewslettersService;

package/core/server/services/posts/posts-service.js CHANGED Viewed

@@ -4,7 +4,8 @@ const tpl = require('@tryghost/tpl');
 const messages = {
     invalidEmailRecipientFilter: 'Invalid filter in email_recipient_filter param.',
-    invalidVisibilityFilter: 'Invalid visibility filter.'
+    invalidVisibilityFilter: 'Invalid visibility filter.',
+    invalidNewsletterId: 'The newsletter_id parameter doesn\'t match any active newsletter.'
 };
 class PostsService {
@@ -19,6 +20,22 @@ class PostsService {
     async editPost(frame) {
         let model;
+        // Make sure the newsletter_id is matching an active newsletter
+        if (frame.options.newsletter_id) {
+            const newsletter = await this.models.Newsletter.findOne({id: frame.options.newsletter_id, filter: 'status:active'}, {transacting: frame.options.transacting});
+            if (!newsletter) {
+                throw new BadRequestError({
+                    message: messages.invalidNewsletterId
+                });
+            }
+        } else {
+            // Set the newsletter_id if it isn't passed to the API
+            const newsletters = await this.models.Newsletter.findPage({filter: 'status:active', limit: 1, columns: ['id']}, {transacting: frame.options.transacting});
+            if (newsletters.data.length > 0) {
+                frame.options.newsletter_id = newsletters.data[0].id;
+            }
+        }
         if (!frame.options.email_recipient_filter && frame.options.send_email_when_published) {
             await this.models.Base.transaction(async (transacting) => {
                 const options = {

package/core/server/services/stats/service.js CHANGED Viewed

@@ -1,8 +1,4 @@
+const StatsService = require('@tryghost/stats-service');
 const db = require('../../data/db');
-const MemberStatsService = require('./lib/members-stats-service');
-const MrrStatsService = require('./lib/mrr-stats-service');
-module.exports = {
-    members: new MemberStatsService({db}),
-    mrr: new MrrStatsService({db})
-};
+module.exports = StatsService.create({knex: db.knex});

package/core/server/services/users.js CHANGED Viewed

@@ -73,28 +73,28 @@ class Users {
         const parsedFileName = path.parse(backupPath);
         const filename = `${parsedFileName.name}${parsedFileName.ext}`;
-        return this.models.Base.transaction((t) => {
+        return this.models.Base.transaction(async (t) => {
             frameOptions.transacting = t;
-            return this.models.Post.destroyByAuthor(frameOptions)
-                .then(() => {
-                    return this.models.ApiKey.destroy({
-                        ...frameOptions,
-                        require: true,
-                        destroyBy: {
-                            user_id: frameOptions.id
-                        }
-                    }).catch((err) => {
-                        if (err instanceof this.models.ApiKey.NotFoundError) {
-                            return; //Do nothing here as it's ok
-                        }
-                        throw err;
-                    });
-                })
-                .then(() => {
-                    return this.models.User.destroy(Object.assign({status: 'all'}, frameOptions));
-                })
-                .then(() => filename);
+            await this.models.Post.destroyByAuthor(frameOptions);
+            try {
+                await this.models.ApiKey.destroy({
+                    ...frameOptions,
+                    require: true,
+                    destroyBy: {
+                        user_id: frameOptions.id
+                    }
+                });
+            } catch (err) {
+                if (!(err instanceof this.models.ApiKey.NotFoundError)) {
+                    throw err;
+                }
+            }
+            await this.models.User.destroy(Object.assign({status: 'all'}, frameOptions));
+            return filename;
         });
     }
 }

package/core/server/web/admin/views/default-prod.html CHANGED Viewed

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.43%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.46%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -38,7 +38,7 @@
                 <link rel="stylesheet" href="assets/vendor.min-ba66b98f7c24fa40e061c7ffc94f4e23.css">
-                <link rel="stylesheet" href="assets/ghost.min-38f3c38c0c6a1864f57079b068a0b0ce.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-bd8cd0185fd5dfc8291502f801e443e6.css" title="light">
@@ -56,8 +56,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
-                <script src="assets/vendor.min-21f79c68a284acb1b70039f3f63e5507.js"></script>
-                <script src="assets/ghost.min-2a278873d60d6a13a4c05a396e5bed5e.js"></script>
+                <script src="assets/vendor.min-97fd438f4772c5ec6bb30ad779b8530e.js"></script>
+                <script src="assets/ghost.min-30e597cb65b62b31a9422ca9c0eb2890.js"></script>
 </body>
 </html>

package/core/server/web/admin/views/default.html CHANGED Viewed

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.43%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%224.46%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -38,7 +38,7 @@
                 <link rel="stylesheet" href="assets/vendor.min-ba66b98f7c24fa40e061c7ffc94f4e23.css">
-                <link rel="stylesheet" href="assets/ghost.min-38f3c38c0c6a1864f57079b068a0b0ce.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-bd8cd0185fd5dfc8291502f801e443e6.css" title="light">
@@ -56,8 +56,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
-                <script src="assets/vendor.min-21f79c68a284acb1b70039f3f63e5507.js"></script>
-                <script src="assets/ghost.min-2a278873d60d6a13a4c05a396e5bed5e.js"></script>
+                <script src="assets/vendor.min-97fd438f4772c5ec6bb30ad779b8530e.js"></script>
+                <script src="assets/ghost.min-30e597cb65b62b31a9422ca9c0eb2890.js"></script>
 </body>
 </html>

package/core/server/web/api/app.js CHANGED Viewed

@@ -4,6 +4,8 @@ const express = require('../../../shared/express');
 const urlUtils = require('../../../shared/url-utils');
 const sentry = require('../../../shared/sentry');
 const errorHandler = require('@tryghost/mw-error-handler');
+const versionMissmatchHandler = require('@tryghost/mw-api-version-mismatch');
+const {APIVersionCompatibilityServiceInstance} = require('../../services/api-version-compatibility');
 module.exports = function setupApiApp() {
     debug('Parent API setup start');
@@ -30,6 +32,7 @@ module.exports = function setupApiApp() {
     // Error handling for requests to non-existent API versions
     apiApp.use(errorHandler.resourceNotFound);
+    apiApp.use(versionMissmatchHandler(APIVersionCompatibilityServiceInstance));
     apiApp.use(errorHandler.handleJSONResponse(sentry));
     debug('Parent API setup end');

package/core/server/web/api/canary/admin/app.js CHANGED Viewed

@@ -5,8 +5,10 @@ const bodyParser = require('body-parser');
 const shared = require('../../../shared');
 const apiMw = require('../../middleware');
 const errorHandler = require('@tryghost/mw-error-handler');
+const versionMissmatchHandler = require('@tryghost/mw-api-version-mismatch');
 const sentry = require('../../../../../shared/sentry');
 const routes = require('./routes');
+const {APIVersionCompatibilityServiceInstance} = require('../../../../services/api-version-compatibility');
 module.exports = function setupApiApp() {
     debug('Admin API canary setup start');
@@ -33,6 +35,7 @@ module.exports = function setupApiApp() {
     // API error handling
     apiApp.use(errorHandler.resourceNotFound);
+    apiApp.use(versionMissmatchHandler(APIVersionCompatibilityServiceInstance));
     apiApp.use(errorHandler.handleJSONResponseV2(sentry));
     debug('Admin API canary setup end');