ghost 4.47.3 → 5.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Gruntfile.js +24 -24
- package/README.md +3 -2
- package/content/themes/casper/assets/built/global.css +1 -1
- package/content/themes/casper/assets/built/global.css.map +1 -1
- package/content/themes/casper/assets/built/screen.css +1 -1
- package/content/themes/casper/assets/built/screen.css.map +1 -1
- package/content/themes/casper/assets/css/global.css +2 -2
- package/content/themes/casper/assets/css/screen.css +412 -664
- package/content/themes/casper/author.hbs +48 -35
- package/content/themes/casper/default.hbs +5 -23
- package/content/themes/casper/error-404.hbs +1 -1
- package/content/themes/casper/index.hbs +29 -22
- package/content/themes/casper/package.json +25 -37
- package/content/themes/casper/page.hbs +12 -12
- package/content/themes/casper/partials/icons/facebook.hbs +1 -1
- package/content/themes/casper/partials/icons/twitter.hbs +1 -1
- package/content/themes/casper/partials/post-card.hbs +26 -40
- package/content/themes/casper/post.hbs +54 -50
- package/content/themes/casper/tag.hbs +42 -47
- package/core/boot.js +18 -15
- package/core/bridge.js +24 -25
- package/core/built/assets/ghost-dark-08acba9994ea4f9478dfdca2a97b36f1.css +1 -0
- package/core/built/assets/{ghost.min-a2a47979b0b61d15a3914042a7b1cd20.js → ghost.min-75bec566fbea362ed98811fe6d5b6e24.js} +1115 -1185
- package/core/built/assets/ghost.min-855c93486d789aa09dbe97f272672bf9.css +1 -0
- package/core/built/assets/icons/analytics.svg +14 -0
- package/core/built/assets/icons/calendar.svg +4 -1
- package/core/built/assets/icons/email-at.svg +1 -1
- package/core/built/assets/icons/email-name.svg +1 -1
- package/core/built/assets/icons/info.svg +1 -1
- package/core/built/assets/icons/twitter-logo.svg +3 -0
- package/core/built/assets/{vendor.min-97fd438f4772c5ec6bb30ad779b8530e.js → vendor.min-14ad7269e0529dd20f61d2989e69fa1e.js} +95 -90
- package/core/cli/README.md +88 -0
- package/core/cli/command.js +129 -0
- package/core/cli/repl.js +32 -0
- package/core/cli/timetravel.js +87 -0
- package/core/frontend/apps/amp/lib/helpers/amp_content.js +10 -12
- package/core/frontend/apps/amp/lib/router.js +2 -3
- package/core/frontend/helpers/body_class.js +2 -2
- package/core/frontend/helpers/excerpt.js +0 -2
- package/core/frontend/helpers/get.js +23 -24
- package/core/frontend/helpers/ghost_head.js +102 -103
- package/core/frontend/helpers/navigation.js +0 -2
- package/core/frontend/helpers/prev_post.js +20 -26
- package/core/frontend/helpers/price.js +2 -2
- package/core/frontend/meta/author-url.js +2 -2
- package/core/frontend/meta/description.js +3 -3
- package/core/frontend/meta/excerpt.js +1 -2
- package/core/frontend/meta/generate-excerpt.js +2 -11
- package/core/frontend/meta/paginated-url.js +1 -1
- package/core/frontend/meta/rss-url.js +0 -1
- package/core/frontend/meta/url.js +4 -4
- package/core/frontend/services/data/entry-lookup.js +1 -1
- package/core/frontend/services/data/fetch-data.js +1 -1
- package/core/frontend/services/helpers/handlebars.js +11 -12
- package/core/frontend/services/proxy.js +11 -1
- package/core/frontend/services/rendering/format-response.js +9 -2
- package/core/frontend/services/rendering/index.js +0 -4
- package/core/frontend/services/rendering/render-entry.js +1 -1
- package/core/frontend/services/rendering/templates.js +15 -5
- package/core/frontend/services/routing/CollectionRouter.js +2 -2
- package/core/frontend/services/routing/EmailRouter.js +2 -2
- package/core/frontend/services/routing/ParentRouter.js +1 -1
- package/core/frontend/services/routing/PreviewRouter.js +3 -3
- package/core/frontend/services/routing/{config/v4.js → config.js} +3 -5
- package/core/frontend/services/routing/controllers/channel.js +0 -10
- package/core/frontend/services/routing/controllers/collection.js +0 -9
- package/core/frontend/services/routing/controllers/email-post.js +2 -7
- package/core/frontend/services/routing/controllers/entry.js +1 -3
- package/core/frontend/services/routing/controllers/index.js +2 -2
- package/core/frontend/services/routing/controllers/{preview.js → previews.js} +3 -8
- package/core/frontend/services/routing/controllers/static.js +1 -6
- package/core/frontend/services/routing/router-manager.js +38 -20
- package/core/frontend/services/rss/generate-feed.js +7 -9
- package/core/frontend/services/theme-engine/active.js +0 -8
- package/core/frontend/services/theme-engine/config/defaults.json +1 -3
- package/core/frontend/services/theme-engine/middleware/index.js +0 -1
- package/core/frontend/services/theme-engine/middleware/update-global-template-options.js +0 -69
- package/core/frontend/services/theme-engine/middleware/update-local-template-options.js +3 -6
- package/core/frontend/web/middleware/static-theme.js +14 -6
- package/core/frontend/web/routes.js +9 -9
- package/core/frontend/web/site.js +15 -18
- package/core/server/adapters/scheduling/post-scheduling/index.js +1 -1
- package/core/server/api/README.md +2 -6
- package/core/server/api/canary/authentication.js +4 -3
- package/core/server/api/canary/{email-preview.js → email-previews.js} +9 -8
- package/core/server/api/canary/index.js +14 -18
- package/core/server/api/canary/members.js +4 -24
- package/core/server/api/{v3/actions.js → canary/newsletters-public.js} +6 -6
- package/core/server/api/canary/newsletters.js +1 -13
- package/core/server/api/canary/notifications.js +17 -22
- package/core/server/api/canary/offers-public.js +28 -0
- package/core/server/api/canary/pages.js +1 -1
- package/core/server/api/canary/posts.js +4 -8
- package/core/server/api/canary/{preview.js → previews.js} +1 -1
- package/core/server/api/canary/schedules.js +1 -1
- package/core/server/api/canary/session.js +1 -1
- package/core/server/api/canary/settings-public.js +3 -1
- package/core/server/api/canary/settings.js +28 -16
- package/core/server/api/canary/utils/index.js +2 -4
- package/core/server/api/canary/utils/serializers/input/index.js +0 -4
- package/core/server/api/canary/utils/serializers/input/members.js +46 -17
- package/core/server/api/canary/utils/serializers/input/pages.js +0 -17
- package/core/server/api/canary/utils/serializers/input/posts.js +1 -28
- package/core/server/api/canary/utils/serializers/input/settings.js +61 -142
- package/core/server/api/canary/utils/serializers/input/tiers.js +39 -4
- package/core/server/api/canary/utils/serializers/output/authentication.js +2 -6
- package/core/server/api/canary/utils/serializers/output/index.js +2 -10
- package/core/server/api/canary/utils/serializers/output/mappers/index.js +1 -0
- package/core/server/api/canary/utils/serializers/output/mappers/newsletters.js +24 -0
- package/core/server/api/canary/utils/serializers/output/mappers/pages.js +1 -1
- package/core/server/api/canary/utils/serializers/output/mappers/posts.js +9 -7
- package/core/server/api/canary/utils/serializers/output/mappers/settings.js +5 -31
- package/core/server/api/canary/utils/serializers/output/members.js +21 -11
- package/core/server/api/canary/utils/serializers/output/offers.js +9 -1
- package/core/server/api/canary/utils/serializers/output/{preview.js → previews.js} +2 -2
- package/core/server/api/canary/utils/serializers/output/settings.js +6 -14
- package/core/server/api/canary/utils/serializers/output/site.js +0 -1
- package/core/server/api/canary/utils/serializers/output/tiers.js +21 -62
- package/core/server/api/canary/utils/serializers/output/utils/clean.js +5 -10
- package/core/server/api/canary/utils/serializers/output/utils/extra-attrs.js +0 -126
- package/core/server/api/canary/utils/serializers/output/utils/post-gating.js +1 -1
- package/core/server/api/canary/utils/serializers/output/utils/url.js +0 -5
- package/core/server/api/canary/utils/validators/input/index.js +2 -2
- package/core/server/api/canary/utils/validators/input/{passwordreset.js → password_reset.js} +2 -2
- package/core/server/api/canary/utils/validators/input/settings.js +2 -23
- package/core/server/api/canary/utils/validators/utils/json-schema.js +1 -2
- package/core/server/api/index.js +1 -7
- package/core/server/api/shared/serializers/input/utils/settings-key-group-mapper.js +2 -2
- package/core/server/api/shared/serializers/input/utils/settings-key-type-mapper.js +2 -4
- package/core/server/data/db/connection.js +0 -13
- package/core/server/data/exporter/index.js +4 -1
- package/core/server/data/exporter/table-lists.js +13 -15
- package/core/server/data/importer/importers/data/base.js +16 -7
- package/core/server/data/importer/importers/data/data-importer.js +38 -1
- package/core/server/data/importer/importers/data/newsletters.js +45 -0
- package/core/server/data/importer/importers/data/posts.js +40 -12
- package/core/server/data/importer/importers/data/products.js +68 -0
- package/core/server/data/importer/importers/data/settings.js +10 -10
- package/core/server/data/importer/importers/data/stripe-prices.js +59 -0
- package/core/server/data/importer/importers/data/stripe-products.js +61 -0
- package/core/server/data/migrations/utils/constants.js +3 -0
- package/core/server/data/migrations/utils/index.js +10 -0
- package/core/server/data/migrations/utils/migrations.js +156 -0
- package/core/server/data/migrations/utils/permissions.js +291 -0
- package/core/server/data/migrations/utils/schema.js +158 -0
- package/core/server/data/migrations/utils/settings.js +59 -0
- package/core/server/data/migrations/utils/tables.js +94 -0
- package/core/server/data/migrations/versions/1.25/01-final-v1.js +2 -0
- package/core/server/data/migrations/versions/1.25/02-noop.js +6 -0
- package/core/server/data/migrations/versions/2.37/01-final-v2.js +2 -0
- package/core/server/data/migrations/versions/3.41/01-final-v3.js +2 -0
- package/core/server/data/migrations/versions/4.0/22-solve-orphaned-webhooks.js +3 -9
- package/core/server/data/migrations/versions/4.0/23-regenerate-posts-html.js +2 -11
- package/core/server/data/migrations/versions/4.11/02-add-email-verification-required-setting.js +1 -1
- package/core/server/data/migrations/versions/4.12/02-fix-member-statuses.js +1 -1
- package/core/server/data/migrations/versions/4.14/02-fix-free-members-status-events.js +1 -1
- package/core/server/data/migrations/versions/4.22/01-add-is-launch-complete-setting.js +1 -1
- package/core/server/data/migrations/versions/4.22/02-update-launch-complete-setting-from-user-data.js +1 -1
- package/core/server/data/migrations/versions/4.35/2022-02-02-10-38-add-default-content-visibility-tiers-setting.js +1 -1
- package/core/server/data/migrations/versions/4.45/2022-04-21-02-55-add-notifications-key-entry-to-settings-table.js +1 -1
- package/core/server/data/migrations/versions/4.6/01-remove-comped-status.js +1 -1
- package/core/server/data/migrations/versions/4.7/03-add-labs-setting.js +1 -1
- package/core/server/data/migrations/versions/4.9/05-fix-missed-mobiledoc-url-transforms.js +1 -1
- package/core/server/data/migrations/versions/4.9/06-add-comped-status.js +1 -1
- package/core/server/data/migrations/versions/4.9/07-update-comped-members-status-events.js +1 -1
- package/core/server/data/migrations/versions/5.0/2022-03-14-12-33-delete-duplicate-offer-redemptions.js +36 -0
- package/core/server/data/migrations/versions/5.0/2022-03-28-15-25-backfill-mrr-adjustments-for-offers.js +108 -0
- package/core/server/data/migrations/versions/5.0/2022-04-25-10-32-backfill-mrr-for-discounted-subscriptions.js +44 -0
- package/core/server/data/migrations/versions/5.0/2022-04-26-15-44-backfill-mrr-events-for-canceled-subscriptions.js +73 -0
- package/core/server/data/migrations/versions/5.0/2022-04-27-11-26-backfill-mrr-for-canceled-subscriptions.js +31 -0
- package/core/server/data/migrations/versions/5.0/2022-04-28-03-26-remove-author-id-column-from-posts-table.js +7 -0
- package/core/server/data/migrations/versions/5.0/2022-05-03-09-39-drop-nullable-subscribe-event-newsletter-id.js +4 -0
- package/core/server/data/migrations/versions/5.0/2022-05-04-15-24-map-existing-emails-to-default-newsletter.js +44 -0
- package/core/server/data/migrations/versions/5.0/2022-05-05-13-13-migrate-legacy-recipient-filters.js +30 -0
- package/core/server/data/migrations/versions/5.0/2022-05-05-13-29-add-newsletters-admin-integration-permission-roles.js +20 -0
- package/core/server/data/migrations/versions/5.0/2022-05-05-15-17-drop-oauth-table.js +3 -0
- package/core/server/data/migrations/versions/5.0/2022-05-06-08-16-cleanup-client-subscriber-permissions.js +68 -0
- package/core/server/data/migrations/versions/5.0/2022-05-06-13-22-add-frontend-integration.js +68 -0
- package/core/server/data/migrations/versions/5.0/2022-05-09-10-00-drop-members-subscribed-column.js +18 -0
- package/core/server/data/migrations/versions/5.0/2022-05-09-14-17-cleanup-invalid-users-status.js +17 -0
- package/core/server/data/migrations/versions/5.0/2022-05-10-08-33-drop-members-analytics-table.js +3 -0
- package/core/server/data/migrations/versions/5.0/2022-05-10-14-57-cleanup-invalid-posts-status.js +17 -0
- package/core/server/data/migrations/versions/5.0/2022-05-11-12-08-drop-webhooks-status-column.js +18 -0
- package/core/server/data/migrations/versions/5.0/2022-05-11-13-12-rename-settings.js +51 -0
- package/core/server/data/migrations/versions/5.0/2022-05-11-16-36-remove-unused-settings.js +54 -0
- package/core/server/data/migrations/versions/5.0/2022-05-12-10-29-add-newsletter-permissions-for-editors-and-authors.js +20 -0
- package/core/server/data/migrations/versions/5.0/2022-05-12-13-51-add-label-permissions-for-authors.js +12 -0
- package/core/server/data/migrations/versions/5.0/2022-05-13-11-38-drop-none-email-recipient-filter.js +28 -0
- package/core/server/data/migrations/versions/5.0/2022-05-21-00-00-regenerate-posts-html.js +70 -0
- package/core/server/data/schema/commands.js +35 -3
- package/core/server/data/schema/default-settings/default-settings.json +2 -159
- package/core/server/data/schema/fixtures/fixture-manager.js +11 -2
- package/core/server/data/schema/fixtures/fixtures.json +16 -7
- package/core/server/data/schema/schema.js +26 -38
- package/core/server/data/schema/validator.js +2 -0
- package/core/server/ghost-server.js +34 -64
- package/core/server/lib/image/gravatar.js +25 -9
- package/core/server/models/api-key.js +3 -26
- package/core/server/models/base/plugins/bulk-operations.js +14 -6
- package/core/server/models/integration.js +17 -0
- package/core/server/models/member.js +8 -4
- package/core/server/models/newsletter.js +27 -0
- package/core/server/models/post.js +30 -32
- package/core/server/models/relations/authors.js +74 -100
- package/core/server/models/settings.js +6 -2
- package/core/server/models/webhook.js +2 -1
- package/core/server/run-update-check.js +1 -1
- package/core/server/services/api-version-compatibility/index.js +24 -18
- package/core/server/services/api-version-compatibility/legacy-api-path-match.js +23 -0
- package/core/server/services/api-version-compatibility/mw-version-rewrites.js +36 -0
- package/core/server/services/auth/api-key/admin.js +8 -7
- package/core/server/services/auth/passwordreset.js +3 -3
- package/core/server/services/auth/session/express-session.js +1 -1
- package/core/server/services/auth/session/index.js +1 -1
- package/core/server/services/auth/setup.js +8 -8
- package/core/server/services/bulk-email/bulk-email-processor.js +5 -1
- package/core/server/services/frontend-data-service/frontend-data-service.js +27 -0
- package/core/server/services/frontend-data-service/index.js +6 -0
- package/core/server/services/mail/index.js +14 -1
- package/core/server/services/mega/email-preview.js +14 -15
- package/core/server/services/mega/mega.js +36 -50
- package/core/server/services/mega/post-email-serializer.js +18 -28
- package/core/server/services/members/api.js +0 -3
- package/core/server/services/members/config.js +0 -49
- package/core/server/services/members/exporter/query.js +88 -0
- package/core/server/services/members/middleware.js +3 -135
- package/core/server/services/members/service.js +2 -29
- package/core/server/services/members/settings.js +3 -9
- package/core/server/services/newsletters/service.js +78 -10
- package/core/server/services/posts/post-scheduling-service.js +5 -17
- package/core/server/services/posts/posts-service.js +15 -62
- package/core/server/services/public-config/site.js +0 -6
- package/core/server/services/route-settings/index.js +0 -3
- package/core/server/services/route-settings/settings-loader.js +10 -34
- package/core/server/services/route-settings/validate.js +1 -7
- package/core/server/services/settings/index.js +1 -77
- package/core/server/services/settings/settings-service.js +184 -0
- package/core/server/services/themes/validate.js +1 -1
- package/core/server/services/url/Resources.js +1 -3
- package/core/server/services/url/UrlGenerator.js +1 -1
- package/core/server/services/url/UrlService.js +6 -20
- package/core/server/services/url/{configs/v2.js → config.js} +0 -0
- package/core/server/services/users.js +2 -2
- package/core/server/services/webhooks/listen.js +5 -2
- package/core/server/services/webhooks/serialize.js +6 -7
- package/core/server/services/webhooks/trigger.js +62 -47
- package/core/server/update-check.js +1 -1
- package/core/server/web/admin/app.js +1 -1
- package/core/server/web/admin/views/default-prod.html +4 -4
- package/core/server/web/admin/views/default.html +4 -4
- package/core/server/web/api/app.js +3 -15
- package/core/server/web/api/canary/admin/app.js +1 -1
- package/core/server/web/api/canary/admin/middleware.js +3 -1
- package/core/server/web/api/canary/admin/routes.js +7 -23
- package/core/server/web/api/canary/content/app.js +2 -3
- package/core/server/web/api/canary/content/routes.js +5 -4
- package/core/server/web/members/app.js +5 -4
- package/core/server/web/parent/backend.js +0 -1
- package/core/server/web/parent/frontend.js +5 -6
- package/core/server/web/parent/middleware/ghost-locals.js +0 -3
- package/core/shared/config/defaults.json +5 -2
- package/core/shared/config/overrides.json +1 -27
- package/core/shared/html-to-plaintext.js +74 -10
- package/core/shared/labs.js +4 -8
- package/core/shared/settings-cache/cache.js +38 -4
- package/core/shared/settings-cache/public.js +13 -7
- package/core/shared/url-utils.js +0 -2
- package/ghost.js +6 -0
- package/package.json +66 -64
- package/yarn.lock +751 -1295
- package/core/built/assets/ghost-dark-c94ae212747200ca4bafc37cfb0714d8.css +0 -1
- package/core/built/assets/ghost.min-4084931bc22e794fe3722139050a80b3.css +0 -1
- package/core/frontend/helpers/author.js +0 -41
- package/core/frontend/helpers/products.js +0 -65
- package/core/frontend/services/rendering/secure.js +0 -19
- package/core/frontend/services/routing/config/canary.js +0 -61
- package/core/frontend/services/routing/config/v2.js +0 -54
- package/core/frontend/services/routing/config/v3.js +0 -54
- package/core/frontend/services/theme-engine/engines/create.js +0 -45
- package/core/frontend/services/theme-engine/engines/index.js +0 -5
- package/core/frontend/services/theme-engine/middleware/update-local-template-data.js +0 -9
- package/core/server/api/canary/products-public.js +0 -34
- package/core/server/api/canary/products.js +0 -116
- package/core/server/api/canary/utils/serializers/input/products.js +0 -28
- package/core/server/api/canary/utils/serializers/output/email-previews.js +0 -7
- package/core/server/api/canary/utils/serializers/output/products.js +0 -213
- package/core/server/api/v2/actions.js +0 -38
- package/core/server/api/v2/authentication.js +0 -191
- package/core/server/api/v2/authors-public.js +0 -69
- package/core/server/api/v2/config.js +0 -12
- package/core/server/api/v2/db.js +0 -120
- package/core/server/api/v2/images.js +0 -20
- package/core/server/api/v2/index.js +0 -147
- package/core/server/api/v2/integrations.js +0 -144
- package/core/server/api/v2/invites.js +0 -126
- package/core/server/api/v2/mail.js +0 -66
- package/core/server/api/v2/notifications.js +0 -96
- package/core/server/api/v2/oembed.js +0 -186
- package/core/server/api/v2/pages-public.js +0 -78
- package/core/server/api/v2/pages.js +0 -197
- package/core/server/api/v2/posts-public.js +0 -78
- package/core/server/api/v2/posts.js +0 -192
- package/core/server/api/v2/preview.js +0 -46
- package/core/server/api/v2/redirects.js +0 -28
- package/core/server/api/v2/roles.js +0 -19
- package/core/server/api/v2/schedules.js +0 -77
- package/core/server/api/v2/session.js +0 -70
- package/core/server/api/v2/settings-public.js +0 -17
- package/core/server/api/v2/settings.js +0 -195
- package/core/server/api/v2/site.js +0 -14
- package/core/server/api/v2/slack.js +0 -12
- package/core/server/api/v2/slugs.js +0 -51
- package/core/server/api/v2/tags-public.js +0 -71
- package/core/server/api/v2/tags.js +0 -159
- package/core/server/api/v2/themes.js +0 -133
- package/core/server/api/v2/users.js +0 -179
- package/core/server/api/v2/utils/index.js +0 -34
- package/core/server/api/v2/utils/permissions.js +0 -112
- package/core/server/api/v2/utils/serializers/index.js +0 -9
- package/core/server/api/v2/utils/serializers/input/db.js +0 -20
- package/core/server/api/v2/utils/serializers/input/index.js +0 -33
- package/core/server/api/v2/utils/serializers/input/integrations.js +0 -33
- package/core/server/api/v2/utils/serializers/input/pages.js +0 -203
- package/core/server/api/v2/utils/serializers/input/posts.js +0 -218
- package/core/server/api/v2/utils/serializers/input/settings.js +0 -152
- package/core/server/api/v2/utils/serializers/input/tags.js +0 -35
- package/core/server/api/v2/utils/serializers/input/users.js +0 -26
- package/core/server/api/v2/utils/serializers/input/utils/url.js +0 -71
- package/core/server/api/v2/utils/serializers/input/webhooks.js +0 -12
- package/core/server/api/v2/utils/serializers/output/actions.js +0 -13
- package/core/server/api/v2/utils/serializers/output/all.js +0 -25
- package/core/server/api/v2/utils/serializers/output/authentication.js +0 -68
- package/core/server/api/v2/utils/serializers/output/authors.js +0 -21
- package/core/server/api/v2/utils/serializers/output/config.js +0 -21
- package/core/server/api/v2/utils/serializers/output/db.js +0 -40
- package/core/server/api/v2/utils/serializers/output/images.js +0 -19
- package/core/server/api/v2/utils/serializers/output/index.js +0 -107
- package/core/server/api/v2/utils/serializers/output/integrations.js +0 -35
- package/core/server/api/v2/utils/serializers/output/invites.js +0 -24
- package/core/server/api/v2/utils/serializers/output/mail.js +0 -19
- package/core/server/api/v2/utils/serializers/output/notifications.js +0 -29
- package/core/server/api/v2/utils/serializers/output/oembed.js +0 -8
- package/core/server/api/v2/utils/serializers/output/pages.js +0 -26
- package/core/server/api/v2/utils/serializers/output/posts.js +0 -26
- package/core/server/api/v2/utils/serializers/output/preview.js +0 -9
- package/core/server/api/v2/utils/serializers/output/redirects.js +0 -5
- package/core/server/api/v2/utils/serializers/output/roles.js +0 -29
- package/core/server/api/v2/utils/serializers/output/schedules.js +0 -5
- package/core/server/api/v2/utils/serializers/output/settings.js +0 -61
- package/core/server/api/v2/utils/serializers/output/site.js +0 -16
- package/core/server/api/v2/utils/serializers/output/slugs.js +0 -11
- package/core/server/api/v2/utils/serializers/output/tags.js +0 -25
- package/core/server/api/v2/utils/serializers/output/themes.js +0 -25
- package/core/server/api/v2/utils/serializers/output/users.js +0 -45
- package/core/server/api/v2/utils/serializers/output/utils/clean.js +0 -174
- package/core/server/api/v2/utils/serializers/output/utils/date.js +0 -21
- package/core/server/api/v2/utils/serializers/output/utils/extra-attrs.js +0 -161
- package/core/server/api/v2/utils/serializers/output/utils/mapper.js +0 -136
- package/core/server/api/v2/utils/serializers/output/utils/post-gating.js +0 -29
- package/core/server/api/v2/utils/serializers/output/utils/settings-type-group-mapper.js +0 -24
- package/core/server/api/v2/utils/serializers/output/utils/url.js +0 -67
- package/core/server/api/v2/utils/serializers/output/webhooks.js +0 -15
- package/core/server/api/v2/utils/validators/index.js +0 -9
- package/core/server/api/v2/utils/validators/input/images.js +0 -85
- package/core/server/api/v2/utils/validators/input/index.js +0 -45
- package/core/server/api/v2/utils/validators/input/invitations.js +0 -49
- package/core/server/api/v2/utils/validators/input/invites.js +0 -21
- package/core/server/api/v2/utils/validators/input/oembed.js +0 -17
- package/core/server/api/v2/utils/validators/input/pages.js +0 -46
- package/core/server/api/v2/utils/validators/input/passwordreset.js +0 -36
- package/core/server/api/v2/utils/validators/input/posts.js +0 -46
- package/core/server/api/v2/utils/validators/input/settings.js +0 -79
- package/core/server/api/v2/utils/validators/input/setup.js +0 -17
- package/core/server/api/v2/utils/validators/input/tags.js +0 -6
- package/core/server/api/v2/utils/validators/input/users.js +0 -21
- package/core/server/api/v2/utils/validators/output/index.js +0 -1
- package/core/server/api/v2/utils/validators/utils/json-schema.js +0 -17
- package/core/server/api/v2/webhooks.js +0 -163
- package/core/server/api/v3/authentication.js +0 -192
- package/core/server/api/v3/authors-public.js +0 -69
- package/core/server/api/v3/config.js +0 -12
- package/core/server/api/v3/db.js +0 -131
- package/core/server/api/v3/email-preview.js +0 -74
- package/core/server/api/v3/email.js +0 -65
- package/core/server/api/v3/identities.js +0 -36
- package/core/server/api/v3/images.js +0 -20
- package/core/server/api/v3/index.js +0 -179
- package/core/server/api/v3/integrations.js +0 -150
- package/core/server/api/v3/invites.js +0 -125
- package/core/server/api/v3/labels.js +0 -162
- package/core/server/api/v3/mail.js +0 -66
- package/core/server/api/v3/memberSigninUrls.js +0 -33
- package/core/server/api/v3/members.js +0 -412
- package/core/server/api/v3/membersStripeConnect.js +0 -29
- package/core/server/api/v3/notifications.js +0 -96
- package/core/server/api/v3/oembed.js +0 -23
- package/core/server/api/v3/pages-public.js +0 -77
- package/core/server/api/v3/pages.js +0 -199
- package/core/server/api/v3/posts-public.js +0 -76
- package/core/server/api/v3/posts.js +0 -200
- package/core/server/api/v3/preview.js +0 -44
- package/core/server/api/v3/redirects.js +0 -47
- package/core/server/api/v3/roles.js +0 -19
- package/core/server/api/v3/schedules.js +0 -77
- package/core/server/api/v3/session.js +0 -70
- package/core/server/api/v3/settings-public.js +0 -17
- package/core/server/api/v3/settings.js +0 -224
- package/core/server/api/v3/site.js +0 -14
- package/core/server/api/v3/slack.js +0 -12
- package/core/server/api/v3/slugs.js +0 -48
- package/core/server/api/v3/snippets.js +0 -115
- package/core/server/api/v3/tags-public.js +0 -71
- package/core/server/api/v3/tags.js +0 -159
- package/core/server/api/v3/themes.js +0 -131
- package/core/server/api/v3/users.js +0 -242
- package/core/server/api/v3/utils/index.js +0 -34
- package/core/server/api/v3/utils/permissions.js +0 -116
- package/core/server/api/v3/utils/serializers/index.js +0 -9
- package/core/server/api/v3/utils/serializers/input/authors.js +0 -31
- package/core/server/api/v3/utils/serializers/input/db.js +0 -20
- package/core/server/api/v3/utils/serializers/input/index.js +0 -41
- package/core/server/api/v3/utils/serializers/input/integrations.js +0 -33
- package/core/server/api/v3/utils/serializers/input/members.js +0 -62
- package/core/server/api/v3/utils/serializers/input/pages.js +0 -208
- package/core/server/api/v3/utils/serializers/input/posts.js +0 -242
- package/core/server/api/v3/utils/serializers/input/settings.js +0 -168
- package/core/server/api/v3/utils/serializers/input/tags.js +0 -42
- package/core/server/api/v3/utils/serializers/input/users.js +0 -26
- package/core/server/api/v3/utils/serializers/input/utils/slug-filter-order.js +0 -18
- package/core/server/api/v3/utils/serializers/input/utils/url.js +0 -71
- package/core/server/api/v3/utils/serializers/input/webhooks.js +0 -12
- package/core/server/api/v3/utils/serializers/output/actions.js +0 -13
- package/core/server/api/v3/utils/serializers/output/all.js +0 -25
- package/core/server/api/v3/utils/serializers/output/authentication.js +0 -69
- package/core/server/api/v3/utils/serializers/output/authors.js +0 -21
- package/core/server/api/v3/utils/serializers/output/config.js +0 -25
- package/core/server/api/v3/utils/serializers/output/db.js +0 -40
- package/core/server/api/v3/utils/serializers/output/email-preview.js +0 -7
- package/core/server/api/v3/utils/serializers/output/emails.js +0 -13
- package/core/server/api/v3/utils/serializers/output/identities.js +0 -7
- package/core/server/api/v3/utils/serializers/output/images.js +0 -19
- package/core/server/api/v3/utils/serializers/output/index.js +0 -135
- package/core/server/api/v3/utils/serializers/output/integrations.js +0 -35
- package/core/server/api/v3/utils/serializers/output/invites.js +0 -24
- package/core/server/api/v3/utils/serializers/output/labels.js +0 -25
- package/core/server/api/v3/utils/serializers/output/mail.js +0 -19
- package/core/server/api/v3/utils/serializers/output/member-signin_urls.js +0 -7
- package/core/server/api/v3/utils/serializers/output/members.js +0 -228
- package/core/server/api/v3/utils/serializers/output/notifications.js +0 -29
- package/core/server/api/v3/utils/serializers/output/oembed.js +0 -8
- package/core/server/api/v3/utils/serializers/output/pages.js +0 -26
- package/core/server/api/v3/utils/serializers/output/posts.js +0 -26
- package/core/server/api/v3/utils/serializers/output/preview.js +0 -10
- package/core/server/api/v3/utils/serializers/output/redirects.js +0 -5
- package/core/server/api/v3/utils/serializers/output/roles.js +0 -29
- package/core/server/api/v3/utils/serializers/output/schedules.js +0 -5
- package/core/server/api/v3/utils/serializers/output/settings.js +0 -65
- package/core/server/api/v3/utils/serializers/output/site.js +0 -19
- package/core/server/api/v3/utils/serializers/output/slugs.js +0 -11
- package/core/server/api/v3/utils/serializers/output/snippets.js +0 -97
- package/core/server/api/v3/utils/serializers/output/tags.js +0 -25
- package/core/server/api/v3/utils/serializers/output/themes.js +0 -25
- package/core/server/api/v3/utils/serializers/output/users.js +0 -74
- package/core/server/api/v3/utils/serializers/output/utils/clean.js +0 -166
- package/core/server/api/v3/utils/serializers/output/utils/date.js +0 -21
- package/core/server/api/v3/utils/serializers/output/utils/extra-attrs.js +0 -174
- package/core/server/api/v3/utils/serializers/output/utils/mapper.js +0 -197
- package/core/server/api/v3/utils/serializers/output/utils/post-gating.js +0 -39
- package/core/server/api/v3/utils/serializers/output/utils/settings-type-group-mapper.js +0 -24
- package/core/server/api/v3/utils/serializers/output/utils/url.js +0 -67
- package/core/server/api/v3/utils/serializers/output/webhooks.js +0 -15
- package/core/server/api/v3/utils/validators/index.js +0 -9
- package/core/server/api/v3/utils/validators/input/images.js +0 -85
- package/core/server/api/v3/utils/validators/input/index.js +0 -61
- package/core/server/api/v3/utils/validators/input/invitations.js +0 -49
- package/core/server/api/v3/utils/validators/input/invites.js +0 -21
- package/core/server/api/v3/utils/validators/input/labels.js +0 -6
- package/core/server/api/v3/utils/validators/input/members.js +0 -6
- package/core/server/api/v3/utils/validators/input/oembed.js +0 -17
- package/core/server/api/v3/utils/validators/input/pages.js +0 -46
- package/core/server/api/v3/utils/validators/input/passwordreset.js +0 -36
- package/core/server/api/v3/utils/validators/input/posts.js +0 -46
- package/core/server/api/v3/utils/validators/input/settings.js +0 -89
- package/core/server/api/v3/utils/validators/input/setup.js +0 -17
- package/core/server/api/v3/utils/validators/input/snippets.js +0 -6
- package/core/server/api/v3/utils/validators/input/tags.js +0 -6
- package/core/server/api/v3/utils/validators/input/users.js +0 -22
- package/core/server/api/v3/utils/validators/input/webhooks.js +0 -27
- package/core/server/api/v3/utils/validators/output/index.js +0 -1
- package/core/server/api/v3/utils/validators/utils/json-schema.js +0 -17
- package/core/server/api/v3/webhooks.js +0 -130
- package/core/server/data/migrations/utils.js +0 -571
- package/core/server/data/migrations/versions/1.13/1-custom-template-post.js +0 -7
- package/core/server/data/migrations/versions/1.13/2-theme-permissions.js +0 -58
- package/core/server/data/migrations/versions/1.18/1-add-webhooks-table.js +0 -2
- package/core/server/data/migrations/versions/1.19/1-webhook-permissions.js +0 -31
- package/core/server/data/migrations/versions/1.20/1-remove-settings-keys.js +0 -65
- package/core/server/data/migrations/versions/1.21/1-add-contributor-role.js +0 -58
- package/core/server/data/migrations/versions/1.22/1-multiple-authors-DDL.js +0 -2
- package/core/server/data/migrations/versions/1.22/1-multiple-authors-DML.js +0 -63
- package/core/server/data/migrations/versions/1.25/1-update-koenig-beta-html.js +0 -70
- package/core/server/data/migrations/versions/1.25/2-demo-post.js +0 -55
- package/core/server/data/migrations/versions/1.3/1-post-excerpt.js +0 -7
- package/core/server/data/migrations/versions/1.4/1-codeinjection-post.js +0 -14
- package/core/server/data/migrations/versions/1.5/1-og-twitter-post.js +0 -34
- package/core/server/data/migrations/versions/1.7/1-add-backup-client.js +0 -10
- package/core/server/data/migrations/versions/1.9/1-add-permissions-redirect.js +0 -23
- package/core/server/data/migrations/versions/2.0/1-rename-amp-column.js +0 -44
- package/core/server/data/migrations/versions/2.0/2-update-posts.js +0 -7
- package/core/server/data/migrations/versions/2.0/3-remove-koenig-labs.js +0 -42
- package/core/server/data/migrations/versions/2.0/4-permalink-setting.js +0 -85
- package/core/server/data/migrations/versions/2.0/5-remove-demo-post.js +0 -85
- package/core/server/data/migrations/versions/2.0/6-replace-fixture-posts.js +0 -10
- package/core/server/data/migrations/versions/2.13/1-remove-empty-strings.js +0 -5
- package/core/server/data/migrations/versions/2.14/1-add-actions-table.js +0 -2
- package/core/server/data/migrations/versions/2.14/2-add-actions-permissions.js +0 -12
- package/core/server/data/migrations/versions/2.15/1-add-type-column-to-integrations.js +0 -8
- package/core/server/data/migrations/versions/2.15/2-insert-zapier-integration.js +0 -69
- package/core/server/data/migrations/versions/2.16/1-add-members-perrmissions.js +0 -1
- package/core/server/data/migrations/versions/2.17/1-normalize-settings.js +0 -74
- package/core/server/data/migrations/versions/2.17/2-posts-add-canonical-url.js +0 -7
- package/core/server/data/migrations/versions/2.18/1-restore-settings-from-backup.js +0 -134
- package/core/server/data/migrations/versions/2.2/1-add-sessions-table.js +0 -2
- package/core/server/data/migrations/versions/2.2/2-add-integrations-and-api-key-tables.js +0 -6
- package/core/server/data/migrations/versions/2.2/3-insert-admin-integration-role.js +0 -83
- package/core/server/data/migrations/versions/2.2/4-insert-integration-and-api-key-permissions.js +0 -77
- package/core/server/data/migrations/versions/2.2/5-add-mobiledoc-revisions-table.js +0 -2
- package/core/server/data/migrations/versions/2.21/1-update-editor-permissions.js +0 -28
- package/core/server/data/migrations/versions/2.22/1-add-member-permissions-to-roles.js +0 -47
- package/core/server/data/migrations/versions/2.27/1-insert-ghost-db-backup-role.js +0 -83
- package/core/server/data/migrations/versions/2.27/2-insert-db-backup-integration.js +0 -69
- package/core/server/data/migrations/versions/2.27/3-add-subdirectory-to-relative-canonical-urls.js +0 -100
- package/core/server/data/migrations/versions/2.28/1-add-db-backup-content-permission.js +0 -9
- package/core/server/data/migrations/versions/2.28/2-add-db-backup-content-permission-to-roles.js +0 -15
- package/core/server/data/migrations/versions/2.28/3-insert-ghost-scheduler-role.js +0 -84
- package/core/server/data/migrations/versions/2.28/4-insert-scheduler-integration.js +0 -69
- package/core/server/data/migrations/versions/2.28/5-add-scheduler-permission-to-roles.js +0 -23
- package/core/server/data/migrations/versions/2.28/6-add-type-column.js +0 -6
- package/core/server/data/migrations/versions/2.28/7-populate-type-column.js +0 -6
- package/core/server/data/migrations/versions/2.28/8-remove-page-column.js +0 -6
- package/core/server/data/migrations/versions/2.29/1-add-post-page-column.js +0 -20
- package/core/server/data/migrations/versions/2.29/2-populate-post-page-column.js +0 -98
- package/core/server/data/migrations/versions/2.29/3-remove-page-type-column.js +0 -15
- package/core/server/data/migrations/versions/2.3/1-add-webhook-columns.js +0 -45
- package/core/server/data/migrations/versions/2.3/2-add-webhook-edit-permission.js +0 -9
- package/core/server/data/migrations/versions/2.31/1-remove-name-and-password-from-members-table.js +0 -15
- package/core/server/data/migrations/versions/2.32/01-add-members-stripe-customers-table.js +0 -4
- package/core/server/data/migrations/versions/2.32/02-add-name-to-members-table.js +0 -7
- package/core/server/data/migrations/versions/2.33/01-correct-members-stripe-customers-table.js +0 -37
- package/core/server/data/migrations/versions/2.34/01-add-stripe-customers-subscriptions-table.js +0 -2
- package/core/server/data/migrations/versions/2.34/02-add-email-to-members-stripe-customers-table.js +0 -7
- package/core/server/data/migrations/versions/2.34/03-add-name-to-members-stripe-customers-table.js +0 -7
- package/core/server/data/migrations/versions/2.35/01-add-note-to-members-table.js +0 -7
- package/core/server/data/migrations/versions/2.37/01-add-self-signup-and-from address-to-members-settings.js +0 -67
- package/core/server/data/migrations/versions/2.6/1-add-webhook-permission-roles.js +0 -31
- package/core/server/data/migrations/versions/2.8/1-add-members-table.js +0 -2
- package/core/server/data/migrations/versions/3.0/01-remove-user-ghost-auth-columns.js +0 -14
- package/core/server/data/migrations/versions/3.0/02-drop-token-auth-tables.js +0 -31
- package/core/server/data/migrations/versions/3.0/03-drop-client-auth-tables.js +0 -35
- package/core/server/data/migrations/versions/3.0/04-add-posts-meta-table.js +0 -2
- package/core/server/data/migrations/versions/3.0/05-populate-posts-meta-table.js +0 -83
- package/core/server/data/migrations/versions/3.0/06-remove-posts-meta-columns.js +0 -44
- package/core/server/data/migrations/versions/3.0/07-add-posts-type-column.js +0 -8
- package/core/server/data/migrations/versions/3.0/08-populate-posts-type-column.js +0 -94
- package/core/server/data/migrations/versions/3.0/09-remove-posts-page-column.js +0 -7
- package/core/server/data/migrations/versions/3.0/10-remove-empty-strings.js +0 -81
- package/core/server/data/migrations/versions/3.0/11-update-posts-html.js +0 -7
- package/core/server/data/migrations/versions/3.0/12-populate-members-table-from-subscribers.js +0 -54
- package/core/server/data/migrations/versions/3.0/13-drop-subscribers-table.js +0 -34
- package/core/server/data/migrations/versions/3.0/14-remove-subscribers-flag.js +0 -24
- package/core/server/data/migrations/versions/3.1/01-add-send-email-when-published-to-posts.js +0 -7
- package/core/server/data/migrations/versions/3.1/02-add-email-subject-to-posts-meta.js +0 -7
- package/core/server/data/migrations/versions/3.1/03-add-email-preview-permissions.js +0 -18
- package/core/server/data/migrations/versions/3.1/04-add-subscribed-flag-to-members.js +0 -7
- package/core/server/data/migrations/versions/3.1/05-add-emails-table.js +0 -2
- package/core/server/data/migrations/versions/3.1/06-add-email-permissions.js +0 -15
- package/core/server/data/migrations/versions/3.1/07-add-uuid-field-to-members.js +0 -8
- package/core/server/data/migrations/versions/3.1/08-add-uuid-values-to-members.js +0 -23
- package/core/server/data/migrations/versions/3.1/09-add-further-email-permissions.js +0 -25
- package/core/server/data/migrations/versions/3.1/10-add-email-error-data-column.js +0 -8
- package/core/server/data/migrations/versions/3.11/01-remove-broken-complimentary-plan-from-members-settings.js +0 -68
- package/core/server/data/migrations/versions/3.12/01-add-identity-permission.js +0 -7
- package/core/server/data/migrations/versions/3.12/02-remove-legacy-is-paid-flag-from-settings.js +0 -93
- package/core/server/data/migrations/versions/3.18/01-add-email-preview-permissions-to-roles.js +0 -39
- package/core/server/data/migrations/versions/3.18/02-add-members_stripe_connect-auth-permissions.js +0 -7
- package/core/server/data/migrations/versions/3.19/01-update-member-from-email-address.js +0 -91
- package/core/server/data/migrations/versions/3.2/01-add-cancel-at-period-end-to-subscriptions.js +0 -7
- package/core/server/data/migrations/versions/3.22/01-removed-legacy-values-from-settings-table.js +0 -65
- package/core/server/data/migrations/versions/3.22/02-settings-key-renames.js +0 -90
- package/core/server/data/migrations/versions/3.22/03-add-group-and-flags-to-settings.js +0 -15
- package/core/server/data/migrations/versions/3.22/04-populate-settings-groups-and-flags.js +0 -194
- package/core/server/data/migrations/versions/3.22/05-migrate-members-subscription-settings.js +0 -182
- package/core/server/data/migrations/versions/3.22/06-migrate-stripe-connect-settings.js +0 -132
- package/core/server/data/migrations/versions/3.22/07-update-type-for-settings.js +0 -137
- package/core/server/data/migrations/versions/3.23/01-migrate-bulk-email-settings.js +0 -65
- package/core/server/data/migrations/versions/3.23/02-remove-bulk-email-settings.js +0 -48
- package/core/server/data/migrations/versions/3.23/03-update-portal-button-setting.js +0 -24
- package/core/server/data/migrations/versions/3.23/04-add-meta-columns-to-tags-table.js +0 -54
- package/core/server/data/migrations/versions/3.24/01-populate-group-for-new-portal-settings.js +0 -38
- package/core/server/data/migrations/versions/3.25/01-add-members-stripe-webhook-settings.js +0 -22
- package/core/server/data/migrations/versions/3.26/01-add-amp-gtag-id-setting.js +0 -20
- package/core/server/data/migrations/versions/3.29/01-remove-duplicate-subscriptions.js +0 -53
- package/core/server/data/migrations/versions/3.29/02-remove-duplicate-customers.js +0 -53
- package/core/server/data/migrations/versions/3.29/03-remove-orphaned-customers.js +0 -35
- package/core/server/data/migrations/versions/3.29/04-remove-orphaned-subscriptions.js +0 -35
- package/core/server/data/migrations/versions/3.29/05-add-member-constraints.js +0 -177
- package/core/server/data/migrations/versions/3.30/01-add-member-signin-url-permission-roles.js +0 -8
- package/core/server/data/migrations/versions/3.32/01-add-member-support-address-setting.js +0 -27
- package/core/server/data/migrations/versions/3.32/02-add-member-reply-address-setting.js +0 -20
- package/core/server/data/migrations/versions/3.32/03-add-routes-hash-setting.js +0 -20
- package/core/server/data/migrations/versions/3.33/01-add-email-recipients-tables.js +0 -8
- package/core/server/data/migrations/versions/3.34/01-add-tokens-table.js +0 -2
- package/core/server/data/migrations/versions/3.35/01-add-address-columns-to-emails-table.js +0 -14
- package/core/server/data/migrations/versions/3.36/01-add-snippets-table.js +0 -2
- package/core/server/data/migrations/versions/3.36/02-add-snippets-permissions.js +0 -56
- package/core/server/data/migrations/versions/3.37/01-update-portal-button-setting.js +0 -30
- package/core/server/data/migrations/versions/3.38/01-add-email-recipient-filter-column.js +0 -8
- package/core/server/data/migrations/versions/3.38/02-populate-email-recipient-filter-column.js +0 -34
- package/core/server/data/migrations/versions/3.38/03-add-recipient-filter-column.js +0 -8
- package/core/server/data/migrations/versions/3.38/04-populate-recipient-filter-column.js +0 -49
- package/core/server/data/migrations/versions/3.38/05-add-emails-track-opens-column.js +0 -7
- package/core/server/data/migrations/versions/3.38/06-add-newsletter-settings.js +0 -16
- package/core/server/data/migrations/versions/3.38/07-migrate-newsletter-settings-from-config.js +0 -48
- package/core/server/data/migrations/versions/3.38/08-repopulate-send-email-when-published-down-migration.js +0 -25
- package/core/server/data/migrations/versions/3.38/09-remove-send-email-when-published-column.js +0 -7
- package/core/server/data/migrations/versions/3.39/01-add-members-signup-redirect-settings.js +0 -16
- package/core/server/data/migrations/versions/3.39/02-add-user-id-to-api-keys-table.js +0 -7
- package/core/server/data/migrations/versions/3.39/03-add-email-track-opens-setting.js +0 -16
- package/core/server/data/migrations/versions/3.39/04-add-cancellation-reason-column.js +0 -7
- package/core/server/data/migrations/versions/3.39/05-remove-unused-columns-on-emails.js +0 -14
- package/core/server/data/migrations/versions/3.39/06-add-email-recipient-index.js +0 -58
- package/core/server/data/migrations/versions/3.39/07-add-email-recipients-event-timestamps.js +0 -19
- package/core/server/data/migrations/versions/3.39/08-add-email-stats-columns.js +0 -22
- package/core/server/data/migrations/versions/3.40/01-add-members-email-open-rate-column.js +0 -8
- package/core/server/data/migrations/versions/3.40/02-add members-email-aggregation-columns.js +0 -16
- package/core/server/data/migrations/versions/3.40/03-populate-members-email-counts.js +0 -15
- package/core/server/data/migrations/versions/3.41/01-add-firstpromoter-settings.js +0 -16
- package/core/server/data/migrations/versions/3.6/1-add-labels-table.js +0 -2
- package/core/server/data/migrations/versions/3.6/2-add-members-labels-table.js +0 -2
- package/core/server/data/migrations/versions/3.6/3-add-labels-permissions.js +0 -47
- package/core/server/data/migrations/versions/3.7/01-fix-incorrect-member-labels-foreign-keys.js +0 -46
- package/core/server/data/migrations/versions/3.8/01-add-geolocation-to-members.js +0 -7
- package/core/server/data/migrations/versions/3.9/01-add-member-sigin-url-permissions.js +0 -7
- package/core/server/services/mail/utils.js +0 -34
- package/core/server/services/url/configs/canary.js +0 -143
- package/core/server/services/url/configs/v3.js +0 -141
- package/core/server/services/url/configs/v4.js +0 -143
- package/core/server/web/api/v2/admin/app.js +0 -43
- package/core/server/web/api/v2/admin/middleware.js +0 -85
- package/core/server/web/api/v2/admin/routes.js +0 -200
- package/core/server/web/api/v2/content/app.js +0 -38
- package/core/server/web/api/v2/content/middleware.js +0 -23
- package/core/server/web/api/v2/content/routes.js +0 -37
- package/core/server/web/api/v3/admin/app.js +0 -43
- package/core/server/web/api/v3/admin/middleware.js +0 -89
- package/core/server/web/api/v3/admin/routes.js +0 -267
- package/core/server/web/api/v3/content/app.js +0 -38
- package/core/server/web/api/v3/content/middleware.js +0 -23
- package/core/server/web/api/v3/content/routes.js +0 -37
- package/core/server/web/oauth/app.js +0 -153
- package/core/server/web/oauth/index.js +0 -1
|
@@ -1,89 +0,0 @@
|
|
|
1
|
-
const errors = require('@tryghost/errors');
|
|
2
|
-
const tpl = require('@tryghost/tpl');
|
|
3
|
-
const auth = require('../../../../services/auth');
|
|
4
|
-
const shared = require('../../../shared');
|
|
5
|
-
const apiMw = require('../../middleware');
|
|
6
|
-
|
|
7
|
-
const messages = {
|
|
8
|
-
notImplemented: 'The server does not support the functionality required to fulfill the request.'
|
|
9
|
-
};
|
|
10
|
-
|
|
11
|
-
const notImplemented = function (req, res, next) {
|
|
12
|
-
// CASE: user is logged in, allow
|
|
13
|
-
if (!req.api_key) {
|
|
14
|
-
return next();
|
|
15
|
-
}
|
|
16
|
-
|
|
17
|
-
// @NOTE: integrations have limited access for now
|
|
18
|
-
const allowlisted = {
|
|
19
|
-
// @NOTE: stable
|
|
20
|
-
site: ['GET'],
|
|
21
|
-
posts: ['GET', 'PUT', 'DELETE', 'POST'],
|
|
22
|
-
pages: ['GET', 'PUT', 'DELETE', 'POST'],
|
|
23
|
-
images: ['POST'],
|
|
24
|
-
webhooks: ['POST', 'PUT', 'DELETE'],
|
|
25
|
-
// @NOTE: experimental
|
|
26
|
-
actions: ['GET'],
|
|
27
|
-
tags: ['GET', 'PUT', 'DELETE', 'POST'],
|
|
28
|
-
labels: ['GET', 'PUT', 'DELETE', 'POST'],
|
|
29
|
-
users: ['GET'],
|
|
30
|
-
themes: ['POST', 'PUT'],
|
|
31
|
-
members: ['GET', 'PUT', 'DELETE', 'POST'],
|
|
32
|
-
config: ['GET'],
|
|
33
|
-
schedules: ['PUT'],
|
|
34
|
-
db: ['POST']
|
|
35
|
-
};
|
|
36
|
-
|
|
37
|
-
const match = req.url.match(/^\/(\w+)\/?/);
|
|
38
|
-
|
|
39
|
-
if (match) {
|
|
40
|
-
const entity = match[1];
|
|
41
|
-
|
|
42
|
-
if (allowlisted[entity] && allowlisted[entity].includes(req.method)) {
|
|
43
|
-
return next();
|
|
44
|
-
}
|
|
45
|
-
}
|
|
46
|
-
|
|
47
|
-
next(new errors.InternalServerError({
|
|
48
|
-
errorType: 'NotImplementedError',
|
|
49
|
-
message: tpl(messages.notImplemented),
|
|
50
|
-
statusCode: '501'
|
|
51
|
-
}));
|
|
52
|
-
};
|
|
53
|
-
|
|
54
|
-
/**
|
|
55
|
-
* Authentication for private endpoints
|
|
56
|
-
*/
|
|
57
|
-
module.exports.authAdminApi = [
|
|
58
|
-
auth.authenticate.authenticateAdminApi,
|
|
59
|
-
auth.authorize.authorizeAdminApi,
|
|
60
|
-
apiMw.updateUserLastSeen,
|
|
61
|
-
apiMw.cors,
|
|
62
|
-
shared.middleware.urlRedirects.adminSSLAndHostRedirect,
|
|
63
|
-
shared.middleware.prettyUrls,
|
|
64
|
-
notImplemented
|
|
65
|
-
];
|
|
66
|
-
|
|
67
|
-
/**
|
|
68
|
-
* Authentication for private endpoints with token in URL
|
|
69
|
-
* Ex.: For scheduler publish endpoint
|
|
70
|
-
*/
|
|
71
|
-
module.exports.authAdminApiWithUrl = [
|
|
72
|
-
auth.authenticate.authenticateAdminApiWithUrl,
|
|
73
|
-
auth.authorize.authorizeAdminApi,
|
|
74
|
-
apiMw.updateUserLastSeen,
|
|
75
|
-
apiMw.cors,
|
|
76
|
-
shared.middleware.urlRedirects.adminSSLAndHostRedirect,
|
|
77
|
-
shared.middleware.prettyUrls,
|
|
78
|
-
notImplemented
|
|
79
|
-
];
|
|
80
|
-
|
|
81
|
-
/**
|
|
82
|
-
* Middleware for public admin endpoints
|
|
83
|
-
*/
|
|
84
|
-
module.exports.publicAdminApi = [
|
|
85
|
-
apiMw.cors,
|
|
86
|
-
shared.middleware.urlRedirects.adminSSLAndHostRedirect,
|
|
87
|
-
shared.middleware.prettyUrls,
|
|
88
|
-
notImplemented
|
|
89
|
-
];
|
|
@@ -1,267 +0,0 @@
|
|
|
1
|
-
const express = require('../../../../../shared/express');
|
|
2
|
-
const api = require('../../../../api').v3;
|
|
3
|
-
const apiMw = require('../../middleware');
|
|
4
|
-
const mw = require('./middleware');
|
|
5
|
-
|
|
6
|
-
const shared = require('../../../shared');
|
|
7
|
-
|
|
8
|
-
module.exports = function apiRoutes() {
|
|
9
|
-
const router = express.Router('v3 admin');
|
|
10
|
-
|
|
11
|
-
// alias delete with del
|
|
12
|
-
router.del = router.delete;
|
|
13
|
-
|
|
14
|
-
router.use(apiMw.cors);
|
|
15
|
-
|
|
16
|
-
const http = api.http;
|
|
17
|
-
|
|
18
|
-
// ## Public
|
|
19
|
-
router.get('/site', mw.publicAdminApi, http(api.site.read));
|
|
20
|
-
|
|
21
|
-
// ## Configuration
|
|
22
|
-
router.get('/config', mw.authAdminApi, http(api.config.read));
|
|
23
|
-
|
|
24
|
-
// ## Posts
|
|
25
|
-
router.get('/posts', mw.authAdminApi, http(api.posts.browse));
|
|
26
|
-
router.post('/posts', mw.authAdminApi, http(api.posts.add));
|
|
27
|
-
router.get('/posts/:id', mw.authAdminApi, http(api.posts.read));
|
|
28
|
-
router.get('/posts/slug/:slug', mw.authAdminApi, http(api.posts.read));
|
|
29
|
-
router.put('/posts/:id', mw.authAdminApi, http(api.posts.edit));
|
|
30
|
-
router.del('/posts/:id', mw.authAdminApi, http(api.posts.destroy));
|
|
31
|
-
|
|
32
|
-
// ## Pages
|
|
33
|
-
router.get('/pages', mw.authAdminApi, http(api.pages.browse));
|
|
34
|
-
router.post('/pages', mw.authAdminApi, http(api.pages.add));
|
|
35
|
-
router.get('/pages/:id', mw.authAdminApi, http(api.pages.read));
|
|
36
|
-
router.get('/pages/slug/:slug', mw.authAdminApi, http(api.pages.read));
|
|
37
|
-
router.put('/pages/:id', mw.authAdminApi, http(api.pages.edit));
|
|
38
|
-
router.del('/pages/:id', mw.authAdminApi, http(api.pages.destroy));
|
|
39
|
-
|
|
40
|
-
// # Integrations
|
|
41
|
-
|
|
42
|
-
router.get('/integrations', mw.authAdminApi, http(api.integrations.browse));
|
|
43
|
-
router.get('/integrations/:id', mw.authAdminApi, http(api.integrations.read));
|
|
44
|
-
router.post('/integrations', mw.authAdminApi, http(api.integrations.add));
|
|
45
|
-
router.post('/integrations/:id/api_key/:keyid/refresh', mw.authAdminApi, http(api.integrations.edit));
|
|
46
|
-
router.put('/integrations/:id', mw.authAdminApi, http(api.integrations.edit));
|
|
47
|
-
router.del('/integrations/:id', mw.authAdminApi, http(api.integrations.destroy));
|
|
48
|
-
|
|
49
|
-
// ## Schedules
|
|
50
|
-
router.put('/schedules/:resource/:id', mw.authAdminApiWithUrl, http(api.schedules.publish));
|
|
51
|
-
|
|
52
|
-
// ## Settings
|
|
53
|
-
router.get('/settings/routes/yaml', mw.authAdminApi, http(api.settings.download));
|
|
54
|
-
router.post('/settings/routes/yaml',
|
|
55
|
-
mw.authAdminApi,
|
|
56
|
-
apiMw.upload.single('routes'),
|
|
57
|
-
apiMw.upload.validation({type: 'routes'}),
|
|
58
|
-
http(api.settings.upload)
|
|
59
|
-
);
|
|
60
|
-
|
|
61
|
-
router.get('/settings', mw.authAdminApi, http(api.settings.browse));
|
|
62
|
-
router.get('/settings/:key', mw.authAdminApi, http(api.settings.read));
|
|
63
|
-
router.put('/settings', mw.authAdminApi, http(api.settings.edit));
|
|
64
|
-
router.get('/settings/members/email', http(api.settings.validateMembersEmailUpdate));
|
|
65
|
-
router.post('/settings/members/email', mw.authAdminApi, http(api.settings.updateMembersEmail));
|
|
66
|
-
router.del('/settings/stripe/connect', mw.authAdminApi, http(api.settings.disconnectStripeConnectIntegration));
|
|
67
|
-
|
|
68
|
-
// ## Users
|
|
69
|
-
router.get('/users', mw.authAdminApi, http(api.users.browse));
|
|
70
|
-
router.get('/users/:id', mw.authAdminApi, http(api.users.read));
|
|
71
|
-
router.get('/users/slug/:slug', mw.authAdminApi, http(api.users.read));
|
|
72
|
-
// NOTE: We don't expose any email addresses via the public api.
|
|
73
|
-
router.get('/users/email/:email', mw.authAdminApi, http(api.users.read));
|
|
74
|
-
router.get('/users/:id/token', mw.authAdminApi, http(api.users.readToken));
|
|
75
|
-
|
|
76
|
-
router.put('/users/password', mw.authAdminApi, http(api.users.changePassword));
|
|
77
|
-
router.put('/users/owner', mw.authAdminApi, http(api.users.transferOwnership));
|
|
78
|
-
router.put('/users/:id', mw.authAdminApi, http(api.users.edit));
|
|
79
|
-
router.put('/users/:id/token', mw.authAdminApi, http(api.users.regenerateToken));
|
|
80
|
-
router.del('/users/:id', mw.authAdminApi, http(api.users.destroy));
|
|
81
|
-
|
|
82
|
-
// ## Tags
|
|
83
|
-
router.get('/tags', mw.authAdminApi, http(api.tags.browse));
|
|
84
|
-
router.get('/tags/:id', mw.authAdminApi, http(api.tags.read));
|
|
85
|
-
router.get('/tags/slug/:slug', mw.authAdminApi, http(api.tags.read));
|
|
86
|
-
router.post('/tags', mw.authAdminApi, http(api.tags.add));
|
|
87
|
-
router.put('/tags/:id', mw.authAdminApi, http(api.tags.edit));
|
|
88
|
-
router.del('/tags/:id', mw.authAdminApi, http(api.tags.destroy));
|
|
89
|
-
|
|
90
|
-
// ## Members
|
|
91
|
-
router.get('/members', mw.authAdminApi, http(api.members.browse));
|
|
92
|
-
router.post('/members', mw.authAdminApi, http(api.members.add));
|
|
93
|
-
|
|
94
|
-
router.get('/members/stats', mw.authAdminApi, http(api.members.stats));
|
|
95
|
-
|
|
96
|
-
router.get('/members/upload', mw.authAdminApi, http(api.members.exportCSV));
|
|
97
|
-
router.post('/members/upload',
|
|
98
|
-
mw.authAdminApi,
|
|
99
|
-
apiMw.upload.single('membersfile'),
|
|
100
|
-
apiMw.upload.validation({type: 'members'}),
|
|
101
|
-
http(api.members.importCSV)
|
|
102
|
-
);
|
|
103
|
-
|
|
104
|
-
router.get('/members/hasActiveStripeSubscriptions', mw.authAdminApi, http(api.members.hasActiveStripeSubscriptions));
|
|
105
|
-
|
|
106
|
-
router.get('/members/stripe_connect', mw.authAdminApi, http(api.membersStripeConnect.auth));
|
|
107
|
-
|
|
108
|
-
router.get('/members/:id', mw.authAdminApi, http(api.members.read));
|
|
109
|
-
router.put('/members/:id', mw.authAdminApi, http(api.members.edit));
|
|
110
|
-
router.del('/members/:id', mw.authAdminApi, http(api.members.destroy));
|
|
111
|
-
|
|
112
|
-
router.put('/members/:id/subscriptions/:subscription_id', mw.authAdminApi, http(api.members.editSubscription));
|
|
113
|
-
|
|
114
|
-
router.get('/members/:id/signin_urls', mw.authAdminApi, http(api.memberSigninUrls.read));
|
|
115
|
-
|
|
116
|
-
// ## Labels
|
|
117
|
-
router.get('/labels', mw.authAdminApi, http(api.labels.browse));
|
|
118
|
-
router.get('/labels/:id', mw.authAdminApi, http(api.labels.read));
|
|
119
|
-
router.get('/labels/slug/:slug', mw.authAdminApi, http(api.labels.read));
|
|
120
|
-
router.post('/labels', mw.authAdminApi, http(api.labels.add));
|
|
121
|
-
router.put('/labels/:id', mw.authAdminApi, http(api.labels.edit));
|
|
122
|
-
router.del('/labels/:id', mw.authAdminApi, http(api.labels.destroy));
|
|
123
|
-
|
|
124
|
-
// ## Roles
|
|
125
|
-
router.get('/roles/', mw.authAdminApi, http(api.roles.browse));
|
|
126
|
-
|
|
127
|
-
// ## Slugs
|
|
128
|
-
router.get('/slugs/:type/:name', mw.authAdminApi, http(api.slugs.generate));
|
|
129
|
-
|
|
130
|
-
// ## Themes
|
|
131
|
-
router.get('/themes/', mw.authAdminApi, http(api.themes.browse));
|
|
132
|
-
|
|
133
|
-
router.get('/themes/:name/download',
|
|
134
|
-
mw.authAdminApi,
|
|
135
|
-
http(api.themes.download)
|
|
136
|
-
);
|
|
137
|
-
|
|
138
|
-
router.post('/themes/upload',
|
|
139
|
-
mw.authAdminApi,
|
|
140
|
-
apiMw.upload.single('file'),
|
|
141
|
-
apiMw.upload.validation({type: 'themes'}),
|
|
142
|
-
http(api.themes.upload)
|
|
143
|
-
);
|
|
144
|
-
|
|
145
|
-
router.put('/themes/:name/activate',
|
|
146
|
-
mw.authAdminApi,
|
|
147
|
-
http(api.themes.activate)
|
|
148
|
-
);
|
|
149
|
-
|
|
150
|
-
router.del('/themes/:name',
|
|
151
|
-
mw.authAdminApi,
|
|
152
|
-
http(api.themes.destroy)
|
|
153
|
-
);
|
|
154
|
-
|
|
155
|
-
// ## Notifications
|
|
156
|
-
router.get('/notifications', mw.authAdminApi, http(api.notifications.browse));
|
|
157
|
-
router.post('/notifications', mw.authAdminApi, http(api.notifications.add));
|
|
158
|
-
router.del('/notifications/:notification_id', mw.authAdminApi, http(api.notifications.destroy));
|
|
159
|
-
|
|
160
|
-
// ## DB
|
|
161
|
-
router.get('/db', mw.authAdminApi, http(api.db.exportContent));
|
|
162
|
-
router.post('/db',
|
|
163
|
-
mw.authAdminApi,
|
|
164
|
-
apiMw.upload.single('importfile'),
|
|
165
|
-
apiMw.upload.validation({type: 'db'}),
|
|
166
|
-
http(api.db.importContent)
|
|
167
|
-
);
|
|
168
|
-
router.del('/db', mw.authAdminApi, http(api.db.deleteAllContent));
|
|
169
|
-
router.post('/db/backup',
|
|
170
|
-
mw.authAdminApi,
|
|
171
|
-
http(api.db.backupContent)
|
|
172
|
-
);
|
|
173
|
-
|
|
174
|
-
// ## Mail
|
|
175
|
-
router.post('/mail', mw.authAdminApi, http(api.mail.send));
|
|
176
|
-
router.post('/mail/test', mw.authAdminApi, http(api.mail.sendTest));
|
|
177
|
-
|
|
178
|
-
// ## Slack
|
|
179
|
-
router.post('/slack/test', mw.authAdminApi, http(api.slack.sendTest));
|
|
180
|
-
|
|
181
|
-
// ## Sessions
|
|
182
|
-
router.get('/session', mw.authAdminApi, http(api.session.read));
|
|
183
|
-
// We don't need auth when creating a new session (logging in)
|
|
184
|
-
router.post('/session',
|
|
185
|
-
shared.middleware.brute.globalBlock,
|
|
186
|
-
shared.middleware.brute.userLogin,
|
|
187
|
-
http(api.session.add)
|
|
188
|
-
);
|
|
189
|
-
router.del('/session', mw.authAdminApi, http(api.session.delete));
|
|
190
|
-
|
|
191
|
-
// ## Identity
|
|
192
|
-
router.get('/identities', mw.authAdminApi, http(api.identities.read));
|
|
193
|
-
|
|
194
|
-
// ## Authentication
|
|
195
|
-
router.post('/authentication/passwordreset',
|
|
196
|
-
shared.middleware.brute.globalReset,
|
|
197
|
-
shared.middleware.brute.userReset,
|
|
198
|
-
http(api.authentication.generateResetToken)
|
|
199
|
-
);
|
|
200
|
-
router.put('/authentication/passwordreset', shared.middleware.brute.globalBlock, http(api.authentication.resetPassword));
|
|
201
|
-
router.post('/authentication/invitation', http(api.authentication.acceptInvitation));
|
|
202
|
-
router.get('/authentication/invitation', http(api.authentication.isInvitation));
|
|
203
|
-
router.post('/authentication/setup', http(api.authentication.setup));
|
|
204
|
-
router.put('/authentication/setup', mw.authAdminApi, http(api.authentication.updateSetup));
|
|
205
|
-
router.get('/authentication/setup', http(api.authentication.isSetup));
|
|
206
|
-
|
|
207
|
-
// ## Images
|
|
208
|
-
router.post('/images/upload',
|
|
209
|
-
mw.authAdminApi,
|
|
210
|
-
apiMw.upload.single('file'),
|
|
211
|
-
apiMw.upload.validation({type: 'images'}),
|
|
212
|
-
apiMw.normalizeImage,
|
|
213
|
-
http(api.images.upload)
|
|
214
|
-
);
|
|
215
|
-
|
|
216
|
-
// ## Invites
|
|
217
|
-
router.get('/invites', mw.authAdminApi, http(api.invites.browse));
|
|
218
|
-
router.get('/invites/:id', mw.authAdminApi, http(api.invites.read));
|
|
219
|
-
router.post('/invites', mw.authAdminApi, http(api.invites.add));
|
|
220
|
-
router.del('/invites/:id', mw.authAdminApi, http(api.invites.destroy));
|
|
221
|
-
|
|
222
|
-
// ## Redirects
|
|
223
|
-
// TODO: yaml support has been added to https://github.com/TryGhost/Ghost/issues/11085
|
|
224
|
-
// The `/json` endpoints below are left for backward compatibility. They'll be removed in v4.
|
|
225
|
-
router.get('/redirects/json', mw.authAdminApi, http(api.redirects.download));
|
|
226
|
-
router.post('/redirects/json',
|
|
227
|
-
mw.authAdminApi,
|
|
228
|
-
apiMw.upload.single('redirects'),
|
|
229
|
-
apiMw.upload.validation({type: 'redirects'}),
|
|
230
|
-
http(api.redirects.upload)
|
|
231
|
-
);
|
|
232
|
-
router.get('/redirects/download', mw.authAdminApi, http(api.redirects.download));
|
|
233
|
-
router.post('/redirects/upload',
|
|
234
|
-
mw.authAdminApi,
|
|
235
|
-
apiMw.upload.single('redirects'),
|
|
236
|
-
apiMw.upload.validation({type: 'redirects'}),
|
|
237
|
-
http(api.redirects.upload)
|
|
238
|
-
);
|
|
239
|
-
|
|
240
|
-
// ## Webhooks (RESTHooks)
|
|
241
|
-
router.post('/webhooks', mw.authAdminApi, http(api.webhooks.add));
|
|
242
|
-
router.put('/webhooks/:id', mw.authAdminApi, http(api.webhooks.edit));
|
|
243
|
-
router.del('/webhooks/:id', mw.authAdminApi, http(api.webhooks.destroy));
|
|
244
|
-
|
|
245
|
-
// ## Oembed (fetch response from oembed provider)
|
|
246
|
-
router.get('/oembed', mw.authAdminApi, http(api.oembed.read));
|
|
247
|
-
|
|
248
|
-
// ## Actions
|
|
249
|
-
router.get('/actions', mw.authAdminApi, http(api.actions.browse));
|
|
250
|
-
|
|
251
|
-
// ## Email Preview
|
|
252
|
-
router.get('/email_preview/posts/:id', mw.authAdminApi, http(api.email_preview.read));
|
|
253
|
-
router.post('/email_preview/posts/:id', mw.authAdminApi, http(api.email_preview.sendTestEmail));
|
|
254
|
-
|
|
255
|
-
// ## Emails
|
|
256
|
-
router.get('/emails/:id', mw.authAdminApi, http(api.emails.read));
|
|
257
|
-
router.put('/emails/:id/retry', mw.authAdminApi, http(api.emails.retry));
|
|
258
|
-
|
|
259
|
-
// ## Snippets
|
|
260
|
-
router.get('/snippets', mw.authAdminApi, http(api.snippets.browse));
|
|
261
|
-
router.get('/snippets/:id', mw.authAdminApi, http(api.snippets.read));
|
|
262
|
-
router.post('/snippets', mw.authAdminApi, http(api.snippets.add));
|
|
263
|
-
router.put('/snippets/:id', mw.authAdminApi, http(api.snippets.edit));
|
|
264
|
-
router.del('/snippets/:id', mw.authAdminApi, http(api.snippets.destroy));
|
|
265
|
-
|
|
266
|
-
return router;
|
|
267
|
-
};
|
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
const debug = require('@tryghost/debug')('web:api:v3:content:app');
|
|
2
|
-
const boolParser = require('express-query-boolean');
|
|
3
|
-
const bodyParser = require('body-parser');
|
|
4
|
-
const express = require('../../../../../shared/express');
|
|
5
|
-
const sentry = require('../../../../../shared/sentry');
|
|
6
|
-
const shared = require('../../../shared');
|
|
7
|
-
const routes = require('./routes');
|
|
8
|
-
const errorHandler = require('@tryghost/mw-error-handler');
|
|
9
|
-
const versionMissmatchHandler = require('@tryghost/mw-api-version-mismatch');
|
|
10
|
-
const {APIVersionCompatibilityServiceInstance} = require('../../../../services/api-version-compatibility');
|
|
11
|
-
|
|
12
|
-
module.exports = function setupApiApp() {
|
|
13
|
-
debug('Content API v3 setup start');
|
|
14
|
-
const apiApp = express('v3 content');
|
|
15
|
-
|
|
16
|
-
// API middleware
|
|
17
|
-
|
|
18
|
-
// @NOTE: req.body is undefined if we don't use this parser, this can trouble if components rely on req.body being present
|
|
19
|
-
apiApp.use(bodyParser.json({limit: '1mb'}));
|
|
20
|
-
|
|
21
|
-
// Query parsing
|
|
22
|
-
apiApp.use(boolParser());
|
|
23
|
-
|
|
24
|
-
// API shouldn't be cached
|
|
25
|
-
apiApp.use(shared.middleware.cacheControl('private'));
|
|
26
|
-
|
|
27
|
-
// Routing
|
|
28
|
-
apiApp.use(routes());
|
|
29
|
-
|
|
30
|
-
// API error handling
|
|
31
|
-
apiApp.use(errorHandler.resourceNotFound);
|
|
32
|
-
apiApp.use(versionMissmatchHandler(APIVersionCompatibilityServiceInstance));
|
|
33
|
-
apiApp.use(errorHandler.handleJSONResponse(sentry));
|
|
34
|
-
|
|
35
|
-
debug('Content API v3 setup end');
|
|
36
|
-
|
|
37
|
-
return apiApp;
|
|
38
|
-
};
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
const cors = require('cors');
|
|
2
|
-
const auth = require('../../../../services/auth');
|
|
3
|
-
const shared = require('../../../shared');
|
|
4
|
-
|
|
5
|
-
/**
|
|
6
|
-
* Auth Middleware Packages
|
|
7
|
-
*
|
|
8
|
-
* IMPORTANT
|
|
9
|
-
* - cors middleware MUST happen before pretty urls, because otherwise cors header can get lost on redirect
|
|
10
|
-
* - url redirects MUST happen after cors, otherwise cors header can get lost on redirect
|
|
11
|
-
*/
|
|
12
|
-
|
|
13
|
-
/**
|
|
14
|
-
* Authentication for public endpoints
|
|
15
|
-
*/
|
|
16
|
-
module.exports.authenticatePublic = [
|
|
17
|
-
shared.middleware.brute.contentApiKey,
|
|
18
|
-
auth.authenticate.authenticateContentApi,
|
|
19
|
-
auth.authorize.authorizeContentApi,
|
|
20
|
-
cors(),
|
|
21
|
-
shared.middleware.urlRedirects.adminSSLAndHostRedirect,
|
|
22
|
-
shared.middleware.prettyUrls
|
|
23
|
-
];
|
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
const express = require('../../../../../shared/express');
|
|
2
|
-
const cors = require('cors');
|
|
3
|
-
const api = require('../../../../api').v3;
|
|
4
|
-
const mw = require('./middleware');
|
|
5
|
-
|
|
6
|
-
module.exports = function apiRoutes() {
|
|
7
|
-
const router = express.Router('v3 content');
|
|
8
|
-
|
|
9
|
-
router.use(cors());
|
|
10
|
-
|
|
11
|
-
const http = api.http;
|
|
12
|
-
|
|
13
|
-
// ## Posts
|
|
14
|
-
router.get('/posts', mw.authenticatePublic, http(api.postsPublic.browse));
|
|
15
|
-
router.get('/posts/:id', mw.authenticatePublic, http(api.postsPublic.read));
|
|
16
|
-
router.get('/posts/slug/:slug', mw.authenticatePublic, http(api.postsPublic.read));
|
|
17
|
-
|
|
18
|
-
// ## Pages
|
|
19
|
-
router.get('/pages', mw.authenticatePublic, http(api.pagesPublic.browse));
|
|
20
|
-
router.get('/pages/:id', mw.authenticatePublic, http(api.pagesPublic.read));
|
|
21
|
-
router.get('/pages/slug/:slug', mw.authenticatePublic, http(api.pagesPublic.read));
|
|
22
|
-
|
|
23
|
-
// ## Users
|
|
24
|
-
router.get('/authors', mw.authenticatePublic, http(api.authorsPublic.browse));
|
|
25
|
-
router.get('/authors/:id', mw.authenticatePublic, http(api.authorsPublic.read));
|
|
26
|
-
router.get('/authors/slug/:slug', mw.authenticatePublic, http(api.authorsPublic.read));
|
|
27
|
-
|
|
28
|
-
// ## Tags
|
|
29
|
-
router.get('/tags', mw.authenticatePublic, http(api.tagsPublic.browse));
|
|
30
|
-
router.get('/tags/:id', mw.authenticatePublic, http(api.tagsPublic.read));
|
|
31
|
-
router.get('/tags/slug/:slug', mw.authenticatePublic, http(api.tagsPublic.read));
|
|
32
|
-
|
|
33
|
-
// ## Settings
|
|
34
|
-
router.get('/settings', mw.authenticatePublic, http(api.publicSettings.browse));
|
|
35
|
-
|
|
36
|
-
return router;
|
|
37
|
-
};
|
|
@@ -1,153 +0,0 @@
|
|
|
1
|
-
const debug = require('@tryghost/debug')('web:oauth:app');
|
|
2
|
-
const {URL} = require('url');
|
|
3
|
-
const express = require('../../../shared/express');
|
|
4
|
-
const urlUtils = require('../../../shared/url-utils');
|
|
5
|
-
const settingsCache = require('../../../shared/settings-cache');
|
|
6
|
-
const models = require('../../models');
|
|
7
|
-
const auth = require('../../services/auth');
|
|
8
|
-
const labs = require('../../../shared/labs');
|
|
9
|
-
|
|
10
|
-
function randomPassword() {
|
|
11
|
-
return require('crypto').randomBytes(128).toString('hex');
|
|
12
|
-
}
|
|
13
|
-
|
|
14
|
-
module.exports = function setupOAuthApp() {
|
|
15
|
-
debug('OAuth App setup start');
|
|
16
|
-
const oauthApp = express('oauth');
|
|
17
|
-
|
|
18
|
-
function labsMiddleware(req, res, next) {
|
|
19
|
-
if (labs.isSet('oauthLogin')) {
|
|
20
|
-
return next();
|
|
21
|
-
}
|
|
22
|
-
res.sendStatus(404);
|
|
23
|
-
}
|
|
24
|
-
oauthApp.use(labsMiddleware);
|
|
25
|
-
|
|
26
|
-
/**
|
|
27
|
-
* Configure the passport.authenticate middleware
|
|
28
|
-
* We need to configure it on each request because clientId and secret
|
|
29
|
-
* will change (when the Owner is changing these settings)
|
|
30
|
-
*/
|
|
31
|
-
function googleOAuthMiddleware(clientId, secret) {
|
|
32
|
-
return (req, res, next) => {
|
|
33
|
-
// Lazy-required to save boot time
|
|
34
|
-
const passport = require('passport');
|
|
35
|
-
const GoogleStrategy = require('passport-google-oauth20').Strategy;
|
|
36
|
-
|
|
37
|
-
const adminURL = urlUtils.urlFor('admin', true);
|
|
38
|
-
|
|
39
|
-
//Create the callback url to be sent to Google
|
|
40
|
-
const callbackUrl = new URL('oauth/google/callback', adminURL);
|
|
41
|
-
|
|
42
|
-
passport.authenticate(new GoogleStrategy({
|
|
43
|
-
clientID: clientId,
|
|
44
|
-
clientSecret: secret,
|
|
45
|
-
callbackURL: callbackUrl.href
|
|
46
|
-
}, async function (accessToken, refreshToken, profile) {
|
|
47
|
-
// This is the verify function that checks that a Google-authenticated user
|
|
48
|
-
// is matching one of our users (or invite).
|
|
49
|
-
|
|
50
|
-
if (req.user) {
|
|
51
|
-
// CASE: the user already has an active Ghost session
|
|
52
|
-
const emails = profile.emails.filter(email => email.verified === true).map(email => email.value);
|
|
53
|
-
|
|
54
|
-
if (!emails.includes(req.user.get('email'))) {
|
|
55
|
-
return res.redirect(new URL('#/staff?message=oauth-linking-failed', adminURL));
|
|
56
|
-
}
|
|
57
|
-
|
|
58
|
-
// TODO: configure the oauth data for this user (row in the oauth table)
|
|
59
|
-
|
|
60
|
-
//Associate logged-in user with oauth account
|
|
61
|
-
req.user.set('password', randomPassword());
|
|
62
|
-
await req.user.save();
|
|
63
|
-
} else {
|
|
64
|
-
// CASE: the user is logging-in or accepting an invite
|
|
65
|
-
|
|
66
|
-
//Find user in DB and log-in
|
|
67
|
-
//TODO: instead find the oauth row with the email use the provider id
|
|
68
|
-
const emails = profile.emails.filter(email => email.verified === true);
|
|
69
|
-
if (emails.length < 1) {
|
|
70
|
-
return res.redirect(new URL('#/signin?message=login-failed', adminURL));
|
|
71
|
-
}
|
|
72
|
-
const email = emails[0].value;
|
|
73
|
-
|
|
74
|
-
let user = await models.User.findOne({
|
|
75
|
-
email: email
|
|
76
|
-
});
|
|
77
|
-
|
|
78
|
-
if (!user) {
|
|
79
|
-
// CASE: the user is accepting an invite
|
|
80
|
-
// TODO: move this code in the invitations service
|
|
81
|
-
const options = {context: {internal: true}};
|
|
82
|
-
let invite = await models.Invite.findOne({email, status: 'sent'}, options);
|
|
83
|
-
|
|
84
|
-
if (!invite || invite.get('expires') < Date.now()) {
|
|
85
|
-
return res.redirect(new URL('#/signin?message=login-failed', adminURL));
|
|
86
|
-
}
|
|
87
|
-
|
|
88
|
-
//Accept invite
|
|
89
|
-
user = await models.User.add({
|
|
90
|
-
email: email,
|
|
91
|
-
name: profile.displayName,
|
|
92
|
-
password: randomPassword(),
|
|
93
|
-
roles: [invite.toJSON().role_id]
|
|
94
|
-
}, options);
|
|
95
|
-
|
|
96
|
-
await invite.destroy(options);
|
|
97
|
-
|
|
98
|
-
// TODO: create an oauth model link to user
|
|
99
|
-
}
|
|
100
|
-
|
|
101
|
-
req.user = user;
|
|
102
|
-
}
|
|
103
|
-
|
|
104
|
-
await auth.session.sessionService.createSessionForUser(req, res, req.user);
|
|
105
|
-
|
|
106
|
-
return res.redirect(adminURL);
|
|
107
|
-
}), {
|
|
108
|
-
scope: ['profile', 'email'],
|
|
109
|
-
session: false,
|
|
110
|
-
prompt: 'consent',
|
|
111
|
-
accessType: 'offline'
|
|
112
|
-
})(req, res, next);
|
|
113
|
-
};
|
|
114
|
-
}
|
|
115
|
-
|
|
116
|
-
oauthApp.get('/:provider', auth.authenticate.authenticateAdminApi, (req, res, next) => {
|
|
117
|
-
if (req.params.provider !== 'google') {
|
|
118
|
-
return res.sendStatus(404);
|
|
119
|
-
}
|
|
120
|
-
|
|
121
|
-
const clientId = settingsCache.get('oauth_client_id');
|
|
122
|
-
const secret = settingsCache.get('oauth_client_secret');
|
|
123
|
-
|
|
124
|
-
if (clientId && secret) {
|
|
125
|
-
return googleOAuthMiddleware(clientId, secret)(req, res, next);
|
|
126
|
-
}
|
|
127
|
-
|
|
128
|
-
res.sendStatus(404);
|
|
129
|
-
});
|
|
130
|
-
|
|
131
|
-
oauthApp.get('/:provider/callback', (req, res, next) => {
|
|
132
|
-
// Set the referrer as the ghost instance domain so that the session is linked to the ghost instance domain
|
|
133
|
-
req.headers.referrer = urlUtils.getAdminUrl();
|
|
134
|
-
next();
|
|
135
|
-
}, auth.authenticate.authenticateAdminApi, (req, res, next) => {
|
|
136
|
-
if (req.params.provider !== 'google') {
|
|
137
|
-
return res.sendStatus(404);
|
|
138
|
-
}
|
|
139
|
-
|
|
140
|
-
const clientId = settingsCache.get('oauth_client_id');
|
|
141
|
-
const secret = settingsCache.get('oauth_client_secret');
|
|
142
|
-
|
|
143
|
-
if (clientId && secret) {
|
|
144
|
-
return googleOAuthMiddleware(clientId, secret)(req, res, next);
|
|
145
|
-
}
|
|
146
|
-
|
|
147
|
-
res.sendStatus(404);
|
|
148
|
-
});
|
|
149
|
-
|
|
150
|
-
debug('OAuth App setup end');
|
|
151
|
-
|
|
152
|
-
return oauthApp;
|
|
153
|
-
};
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
module.exports = require('./app');
|