ghost 5.10.0 → 5.12.0

package/core/server/lib/image/gravatar.js

@@ -40,15 +40,16 @@ class Gravatar {
                     image: imageUrl
                 };
             })
-            .catch({statusCode: 404}, function () {
-                return {
-                    image: undefined
-                };
-            })
-            .catch(function () {
+            .catch(function (err) {
+                if (err.statusCode === 404) {
+                    return {
+                        image: undefined
+                    };
+                }
+
                 // ignore error, just resolve with no image url
             });
     }
 }
 
-module.exports = Gravatar;
+module.exports = Gravatar;

package/core/server/lib/image/image-size.js

@@ -163,39 +163,41 @@ class ImageSize {
                 width: dimensions.width,
                 height: dimensions.height
             };
-        }).catch({code: 'URL_MISSING_INVALID'}, (err) => {
-            return Promise.reject(new errors.InternalServerError({
-                message: err.message,
-                code: 'IMAGE_SIZE_URL',
-                statusCode: err.statusCode,
-                context: err.url || imagePath
-            }));
-        }).catch({code: 'ETIMEDOUT'}, {code: 'ESOCKETTIMEDOUT'}, {code: 'ECONNRESET'}, {statusCode: 408}, (err) => {
-            return Promise.reject(new errors.InternalServerError({
-                message: 'Request timed out.',
-                code: 'IMAGE_SIZE_URL',
-                statusCode: err.statusCode,
-                context: err.url || imagePath
-            }));
-        }).catch({code: 'ENOENT'}, {code: 'ENOTFOUND'}, {statusCode: 404}, (err) => {
-            return Promise.reject(new errors.NotFoundError({
-                message: 'Image not found.',
-                code: 'IMAGE_SIZE_URL',
-                statusCode: err.statusCode,
-                context: err.url || imagePath
-            }));
-        }).catch(function (err) {
-            if (errors.utils.isGhostError(err)) {
-                return Promise.reject(err);
-            }
+        }).catch((err) => {
+            if (err.code === 'URL_MISSING_INVALID') {
+                return Promise.reject(new errors.InternalServerError({
+                    message: err.message,
+                    code: 'IMAGE_SIZE_URL',
+                    statusCode: err.statusCode,
+                    context: err.url || imagePath
+                }));
+            } else if (err.code === 'ETIMEDOUT' || err.code === 'ESOCKETTIMEDOUT' || err.code === 'ECONNRESET' || err.statusCode === 408) {
+                return Promise.reject(new errors.InternalServerError({
+                    message: 'Request timed out.',
+                    code: 'IMAGE_SIZE_URL',
+                    statusCode: err.statusCode,
+                    context: err.url || imagePath
+                }));
+            } else if (err.code === 'ENOENT' || err.code === 'ENOTFOUND' || err.statusCode === 404) {
+                return Promise.reject(new errors.NotFoundError({
+                    message: 'Image not found.',
+                    code: 'IMAGE_SIZE_URL',
+                    statusCode: err.statusCode,
+                    context: err.url || imagePath
+                }));
+            } else {
+                if (errors.utils.isGhostError(err)) {
+                    return Promise.reject(err);
+                }
 
-            return Promise.reject(new errors.InternalServerError({
-                message: 'Unknown Request error.',
-                code: 'IMAGE_SIZE_URL',
-                statusCode: err.statusCode,
-                context: err.url || imagePath,
-                err: err
-            }));
+                return Promise.reject(new errors.InternalServerError({
+                    message: 'Unknown Request error.',
+                    code: 'IMAGE_SIZE_URL',
+                    statusCode: err.statusCode,
+                    context: err.url || imagePath,
+                    err: err
+                }));
+            }
         });
     }
 
@@ -237,32 +239,34 @@ class ImageSize {
                     height: dimensions.height
                 };
             })
-            .catch({code: 'ENOENT'}, (err) => {
-                return Promise.reject(new errors.NotFoundError({
-                    message: err.message,
-                    code: 'IMAGE_SIZE_STORAGE',
-                    err: err,
-                    context: filePath,
-                    errorDetails: {
-                        originalPath: imagePath,
-                        reqFilePath: filePath
+            .catch((err) => {
+                if (err.code === 'ENOENT') {
+                    return Promise.reject(new errors.NotFoundError({
+                        message: err.message,
+                        code: 'IMAGE_SIZE_STORAGE',
+                        err: err,
+                        context: filePath,
+                        errorDetails: {
+                            originalPath: imagePath,
+                            reqFilePath: filePath
+                        }
+                    }));
+                } else {
+                    if (errors.utils.isGhostError(err)) {
+                        return Promise.reject(err);
                     }
-                }));
-            }).catch((err) => {
-                if (errors.utils.isGhostError(err)) {
-                    return Promise.reject(err);
-                }
 
-                return Promise.reject(new errors.InternalServerError({
-                    message: err.message,
-                    code: 'IMAGE_SIZE_STORAGE',
-                    err: err,
-                    context: filePath,
-                    errorDetails: {
-                        originalPath: imagePath,
-                        reqFilePath: filePath
-                    }
-                }));
+                    return Promise.reject(new errors.InternalServerError({
+                        message: err.message,
+                        code: 'IMAGE_SIZE_STORAGE',
+                        err: err,
+                        context: filePath,
+                        errorDetails: {
+                            originalPath: imagePath,
+                            reqFilePath: filePath
+                        }
+                    }));
+                }
             });
     }
 

package/core/server/models/action.js

@@ -1,34 +1,21 @@
-const _ = require('lodash');
 const ghostBookshelf = require('./base');
 
-const candidates = [];
-
 const Action = ghostBookshelf.Model.extend({
     tableName: 'actions',
 
-    initialize: function initialize() {
-        _.each(ghostBookshelf.registry.models, (model) => {
-            candidates.push([model, model.prototype.tableName.replace(/s$/, '')]);
+    candidates() {
+        return Object.keys(ghostBookshelf.registry.models).map((key) => {
+            const model = ghostBookshelf.registry.models[key];
+            return [model, model.prototype.tableName.replace(/s$/, '')];
         });
-        this.constructor.__super__.initialize.apply(this, arguments);
     },
 
     actor() {
-        return this.morphTo('actor', ['actor_type', 'actor_id'], ...candidates);
+        return this.morphTo('actor', ['actor_type', 'actor_id'], ...this.candidates());
     },
 
     resource() {
-        return this.morphTo('resource', ['resource_type', 'resource_id'], ...candidates);
-    },
-
-    toJSON(unfilteredOptions) {
-        const options = Action.filterOptions(unfilteredOptions, 'toJSON');
-        const attrs = ghostBookshelf.Model.prototype.toJSON.call(this, options);
-
-        // @TODO: context is not implemented yet
-        delete attrs.context;
-
-        return attrs;
+        return this.morphTo('resource', ['resource_type', 'resource_id'], ...this.candidates());
     }
 }, {
     orderDefaultOptions: function orderDefaultOptions() {

package/core/server/models/base/plugins/actions.js

@@ -29,14 +29,37 @@ module.exports = function (Bookshelf) {
                 resourceType = resourceType.bind(this)();
             }
 
-            // @TODO: implement context
-            return {
-                event: event,
+            if (!resourceType) {
+                return;
+            }
+
+            let context = {};
+
+            if (this.actionsExtraContext && Array.isArray(this.actionsExtraContext)) {
+                for (const c of this.actionsExtraContext) {
+                    context[c] = this.get(c) || this.previous(c);
+                }
+            }
+
+            if (event === 'deleted') {
+                context.primary_name = (this.previous('title') || this.previous('name'));
+            } else if (['added', 'edited'].includes(event)) {
+                context.primary_name = (this.get('title') || this.get('name') || this.previous('title') || this.previous('name'));
+            }
+
+            const data = {
+                event,
                 resource_id: this.id || this.previous('id'),
                 resource_type: resourceType,
                 actor_id: actor.id,
                 actor_type: actor.type
             };
+
+            if (context && Object.keys(context).length) {
+                data.context = context;
+            }
+
+            return data;
         },
 
         /**

package/core/server/models/member-created-event.js

@@ -8,8 +8,16 @@ const MemberCreatedEvent = ghostBookshelf.Model.extend({
         return this.belongsTo('Member', 'member_id', 'id');
     },
 
-    attribution() {
-        return this.belongsTo('Post', 'attribution_id', 'id');
+    postAttribution() {
+        return this.belongsTo('Post', 'attribution_id', 'id');   
+    },
+
+    userAttribution() {
+        return this.belongsTo('User', 'attribution_id', 'id');   
+    },
+
+    tagAttribution() {
+        return this.belongsTo('Tag', 'attribution_id', 'id');   
     }
 }, {
     async edit() {

package/core/server/models/member-paid-subscription-event.js

@@ -8,6 +8,10 @@ const MemberPaidSubscriptionEvent = ghostBookshelf.Model.extend({
         return this.belongsTo('Member', 'member_id', 'id');
     },
 
+    subscriptionCreatedEvent() {
+        return this.belongsTo('SubscriptionCreatedEvent', 'subscription_id', 'subscription_id');
+    },
+
     customQuery(qb, options) {
         if (options.aggregateMRRDeltas) {
             if (options.limit || options.filter) {

package/core/server/models/member.js

@@ -40,6 +40,12 @@ const Member = ghostBookshelf.Model.extend({
         }, {
             key: 'newsletters',
             replacement: 'newsletters.slug'
+        }, {
+            key: 'signup',
+            replacement: 'signups.attribution_id'
+        }, {
+            key: 'conversion',
+            replacement: 'conversions.attribution_id'
         }];
     },
 
@@ -74,6 +80,18 @@ const Member = ghostBookshelf.Model.extend({
                 joinFrom: 'member_id',
                 joinTo: 'customer_id',
                 joinToForeign: 'customer_id'
+            },
+            signups: {
+                tableName: 'members_created_events',
+                tableNameAs: 'signups',
+                type: 'oneToOne',
+                joinFrom: 'member_id'
+            },
+            conversions: {
+                tableName: 'members_subscription_created_events',
+                tableNameAs: 'conversions',
+                type: 'oneToOne',
+                joinFrom: 'member_id'
             }
         };
     },

package/core/server/models/offer.js

@@ -3,6 +3,9 @@ const ghostBookshelf = require('./base');
 const Offer = ghostBookshelf.Model.extend({
     tableName: 'offers',
 
+    actionsCollectCRUD: true,
+    actionsResourceType: 'offer',
+
     product() {
         return this.belongsTo('Product', 'product_id', 'id');
     }

package/core/server/models/post.js

@@ -39,9 +39,8 @@ Post = ghostBookshelf.Model.extend({
     tableName: 'posts',
 
     actionsCollectCRUD: true,
-    actionsResourceType: function () {
-        return this.get('type') || this.previous('type');
-    },
+    actionsResourceType: 'post',
+    actionsExtraContext: ['type'],
 
     /**
      * @NOTE

package/core/server/models/product.js

@@ -4,6 +4,9 @@ const _ = require('lodash');
 const Product = ghostBookshelf.Model.extend({
     tableName: 'products',
 
+    actionsCollectCRUD: true,
+    actionsResourceType: 'product',
+
     defaults: {
         active: true,
         visibility: 'none',

package/core/server/models/settings.js

@@ -97,6 +97,10 @@ Settings = ghostBookshelf.Model.extend({
 
     tableName: 'settings',
 
+    actionsCollectCRUD: true,
+    actionsResourceType: 'setting',
+    actionsExtraContext: ['key', 'group'],
+
     emitChange: function emitChange(event, options) {
         const eventToTrigger = 'settings' + '.' + event;
         ghostBookshelf.Model.prototype.emitChange.bind(this)(this, eventToTrigger, options);

package/core/server/models/subscription-created-event.js

@@ -12,8 +12,16 @@ const SubscriptionCreatedEvent = ghostBookshelf.Model.extend({
         return this.belongsTo('StripeCustomerSubscription', 'subscription_id', 'id');
     },
 
-    attribution() {
-        return this.belongsTo('Post', 'attribution_id', 'id');
+    postAttribution() {
+        return this.belongsTo('Post', 'attribution_id', 'id');   
+    },
+
+    userAttribution() {
+        return this.belongsTo('User', 'attribution_id', 'id');   
+    },
+
+    tagAttribution() {
+        return this.belongsTo('Tag', 'attribution_id', 'id');   
     }
 }, {
     async edit() {

package/core/server/models/user.js

@@ -65,7 +65,10 @@ User = ghostBookshelf.Model.extend({
             password: security.identifier.uid(50),
             visibility: 'public',
             status: 'active',
-            comment_notifications: true
+            comment_notifications: true,
+            free_member_signup_notification: true,
+            paid_subscription_started_notification: true,
+            paid_subscription_canceled_notification: false
         };
     },
 
@@ -485,6 +488,33 @@ User = ghostBookshelf.Model.extend({
         return query.fetch(options);
     },
 
+    /**
+     * Returns users who should receive a specific type of alert
+     * @param {'free-signup'|'paid-started'|'paid-canceled'} type The type of alert to fetch users for
+     * @param {any} options
+     * @return {Promise<[Object]>} Array of users
+     */
+    getEmailAlertUsers(type, options) {
+        options = options || {};
+
+        let filter = 'status:active';
+        if (type === 'free-signup') {
+            filter += '+free_member_signup_notification:true';
+        } else if (type === 'paid-started') {
+            filter += '+paid_subscription_started_notification:true';
+        } else if (type === 'paid-canceled') {
+            filter += '+paid_subscription_canceled_notification:true';
+        }
+        const updatedOptions = _.merge({}, options, {filter, withRelated: ['roles']});
+        return this.findAll(updatedOptions).then((users) => {
+            return users.toJSON().filter((user) => {
+                return user?.roles?.some((role) => {
+                    return ['Owner', 'Administrator'].includes(role.name);
+                });
+            });
+        });
+    },
+
     /**
      * ### Edit
      *
@@ -1002,10 +1032,10 @@ User = ghostBookshelf.Model.extend({
         let ownerRole;
         let contextUser;
 
-        return Promise.join(
+        return Promise.all([
             ghostBookshelf.model('Role').findOne({name: 'Owner'}),
             User.findOne({id: options.context.user}, {withRelated: ['roles']})
-        )
+        ])
             .then((results) => {
                 ownerRole = results[0];
                 contextUser = results[1];
@@ -1018,8 +1048,10 @@ User = ghostBookshelf.Model.extend({
                     }));
                 }
 
-                return Promise.join(ghostBookshelf.model('Role').findOne({name: 'Administrator'}),
-                    User.findOne({id: object.id}, {withRelated: ['roles']}));
+                return Promise.all([
+                    ghostBookshelf.model('Role').findOne({name: 'Administrator'}),
+                    User.findOne({id: object.id}, {withRelated: ['roles']})
+                ]);
             })
             .then((results) => {
                 const adminRole = results[0];
@@ -1046,9 +1078,11 @@ User = ghostBookshelf.Model.extend({
                 }
 
                 // convert owner to admin
-                return Promise.join(contextUser.roles().updatePivot({role_id: adminRole.id}),
+                return Promise.all([
+                    contextUser.roles().updatePivot({role_id: adminRole.id}),
                     user.roles().updatePivot({role_id: ownerRole.id}),
-                    user.id);
+                    user.id
+                ]);
             })
             .then((results) => {
                 return Users.forge()

package/core/server/services/auth/api-key/admin.js

@@ -181,9 +181,6 @@ const authenticateWithToken = async (req, res, next, {token, JWT_OPTIONS}) => {
             );
 
             req.user = user;
-
-            next();
-            return;
         }
 
         // store the api key on the request for later checks and logging

package/core/server/services/auth/passwordreset.js

@@ -144,9 +144,6 @@ function doReset(options, tokenParts, settingsAPI) {
             updatedUser.set('status', 'active');
             return updatedUser.save(options);
         })
-        .catch(errors.ValidationError, (err) => {
-            return Promise.reject(err);
-        })
         .catch((err) => {
             if (errors.utils.isGhostError(err)) {
                 return Promise.reject(err);

package/core/server/services/explore/service.js

@@ -26,18 +26,19 @@ module.exports = class ExploreService {
         const totalMembers = await this.MembersService.stats.getTotalMembers();
         const mrrStats = await this.StatsService.getMRRHistory();
 
-        const {description, icon, title, url, accent_color: accentColor} = this.PublicConfigService.site;
+        const {description, icon, title, url, accent_color: accentColor, locale} = this.PublicConfigService.site;
 
         const exploreProperties = {
             version: ghostVersion.full,
-            totalMembers,
-            mrrStats,
+            total_members: totalMembers,
+            mrr_stats: mrrStats,
             site: {
                 description,
                 icon,
                 title,
                 url,
-                accentColor
+                accent_color: accentColor,
+                locale
             },
             stripe: {
                 configured: this.StripeService.api.configured,
@@ -46,10 +47,10 @@ module.exports = class ExploreService {
         };
 
         const mostRecentlyPublishedPost = await this.PostsService.getMostRecentlyPublishedPost();
-        exploreProperties.mostRecentlyPublishedAt = mostRecentlyPublishedPost?.get('published_at') || null;
+        exploreProperties.most_recently_published_at = mostRecentlyPublishedPost?.get('published_at') || null;
 
         const owner = await this.UserModel.findOne({role: 'Owner', status: 'all'});
-        exploreProperties.ownerEmail = owner?.get('email') || null;
+        exploreProperties.owner_email = owner?.get('email') || null;
 
         return exploreProperties;
     }

package/core/server/services/member-attribution/index.js

@@ -1,23 +1,51 @@
 const urlService = require('../url');
 const labsService = require('../../../shared/labs');
+const DomainEvents = require('@tryghost/domain-events');
+const urlUtils = require('../../../shared/url-utils');
 
 class MemberAttributionServiceWrapper {
     init() {
-        if (this.service) {
+        if (this.eventHandler) {
             // Prevent creating duplicate DomainEvents subscribers
             return;
         }
 
-        const MemberAttributionService = require('@tryghost/member-attribution');
+        // Wire up all the dependencies
+        const {MemberAttributionService, UrlTranslator, AttributionBuilder, EventHandler} = require('@tryghost/member-attribution');
         const models = require('../../models');
 
-        // For now we don't need to expose anything (yet)
+        const urlTranslator = new UrlTranslator({
+            urlService, 
+            urlUtils,
+            models: {
+                Post: models.Post, 
+                User: models.User, 
+                Tag: models.Tag
+            }
+        });
+
+        this.attributionBuilder = new AttributionBuilder({urlTranslator});
+
+        // Expose the service
         this.service = new MemberAttributionService({
-            MemberCreatedEvent: models.MemberCreatedEvent,
-            SubscriptionCreatedEvent: models.SubscriptionCreatedEvent,
-            urlService,
+            models: {
+                MemberCreatedEvent: models.MemberCreatedEvent,
+                SubscriptionCreatedEvent: models.SubscriptionCreatedEvent
+            },
+            attributionBuilder: this.attributionBuilder,
+            labsService
+        });
+
+        // Listen for events and store them in the database
+        this.eventHandler = new EventHandler({
+            models: {
+                MemberCreatedEvent: models.MemberCreatedEvent,
+                SubscriptionCreatedEvent: models.SubscriptionCreatedEvent
+            }, 
+            DomainEvents, 
             labsService
         });
+        this.eventHandler.subscribe();
     }
 }
 

package/core/server/services/members/api.js

@@ -13,6 +13,7 @@ const SingleUseTokenProvider = require('./SingleUseTokenProvider');
 const urlUtils = require('../../../shared/url-utils');
 const labsService = require('../../../shared/labs');
 const offersService = require('../offers');
+const staffService = require('../staff');
 const newslettersService = require('../newsletters');
 const memberAttributionService = require('../member-attribution');
 
@@ -185,6 +186,8 @@ function createApiInstance(config) {
             MemberStatusEvent: models.MemberStatusEvent,
             MemberProductEvent: models.MemberProductEvent,
             MemberAnalyticEvent: models.MemberAnalyticEvent,
+            MemberCreatedEvent: models.MemberCreatedEvent,
+            SubscriptionCreatedEvent: models.SubscriptionCreatedEvent,
             OfferRedemption: models.OfferRedemption,
             Offer: models.Offer,
             StripeProduct: models.StripeProduct,
@@ -195,6 +198,7 @@ function createApiInstance(config) {
         },
         stripeAPIService: stripeService.api,
         offersAPI: offersService.api,
+        staffService: staffService.api,
         labsService: labsService,
         newslettersService: newslettersService,
         memberAttributionService: memberAttributionService.service

package/core/server/services/members/service.js

@@ -105,10 +105,12 @@ module.exports = {
         });
 
         verificationTrigger = new VerificationTrigger({
-            configThreshold: _.get(config.get('hostSettings'), 'emailVerification.importThreshold'),
+            apiTriggerThreshold: _.get(config.get('hostSettings'), 'emailVerification.apiThreshold'),
+            adminTriggerThreshold: _.get(config.get('hostSettings'), 'emailVerification.adminThreshold'),
+            importTriggerThreshold: _.get(config.get('hostSettings'), 'emailVerification.importThreshold'),
             isVerified: () => config.get('hostSettings:emailVerification:verified') === true,
             isVerificationRequired: () => settingsCache.get('email_verification_required') === true,
-            sendVerificationEmail: ({subject, message, amountImported}) => {
+            sendVerificationEmail: ({subject, message, amountTriggered}) => {
                 const escalationAddress = config.get('hostSettings:emailVerification:escalationAddress');
                 const fromAddress = config.get('user_email');
 
@@ -116,7 +118,7 @@ module.exports = {
                     ghostMailer.send({
                         subject,
                         html: tpl(message, {
-                            importedNumber: amountImported,
+                            amountTriggered: amountTriggered,
                             siteUrl: urlUtils.getSiteUrl()
                         }),
                         forceTextContent: true,
@@ -189,4 +191,5 @@ module.exports = {
     stats: membersStats,
     export: require('./exporter/query')
 };
+
 module.exports.middleware = require('./middleware');

package/core/server/services/public-config/site.js

@@ -10,6 +10,7 @@ module.exports = function getSiteProperties() {
         logo: settingsCache.get('logo'),
         icon: settingsCache.get('icon'),
         accent_color: settingsCache.get('accent_color'),
+        locale: settingsCache.get('locale'),
         url: urlUtils.urlFor('home', true),
         version: ghostVersion.safe
     };