npm - ghost - Versions diffs - 5.10.1 → 5.12.1 - Mend

ghost 5.10.1 → 5.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (150) hide show

package/core/server/services/mega/mega.js CHANGED Viewed

@@ -306,10 +306,11 @@ async function sendEmailJob({emailModel, options}) {
         const existingBatchCount = await emailModel.related('emailBatches').count('id');
         if (existingBatchCount === 0) {
-            let newBatchCount;
+            let newBatchCount = 0;
             await models.Base.transaction(async (transacting) => {
-                newBatchCount = await createSegmentedEmailBatches({emailModel, options: {transacting}});
+                const emailBatches = await createSegmentedEmailBatches({emailModel, options: {transacting}});
+                newBatchCount = emailBatches.length;
             });
             if (newBatchCount === 0) {
@@ -423,6 +424,8 @@ function partitionMembersBySegment(memberRows, segments) {
  * @param {Object} options
  * @param {Object} options.emailModel - instance of Email model
  * @param {Object} options.options - knex options
+ *
+ * @returns {Promise<string[]>}
  */
 async function createSegmentedEmailBatches({emailModel, options}) {
     let memberRows = await getEmailMemberRows({emailModel, options});
@@ -444,11 +447,11 @@ async function createSegmentedEmailBatches({emailModel, options}) {
                 memberSegment: partition === 'unsegmented' ? null : partition,
                 options
             });
-            batchIds.push(emailBatchIds);
+            batchIds.push(...emailBatchIds);
         }
     } else {
         const emailBatchIds = await createEmailBatches({emailModel, memberRows, options});
-        batchIds.push(emailBatchIds);
+        batchIds.push(...emailBatchIds);
     }
     return batchIds;

package/core/server/services/mega/template.js CHANGED Viewed

@@ -1,15 +1,43 @@
 /* eslint indent: warn, no-irregular-whitespace: warn */
 const iff = (cond, yes, no) => (cond ? yes : no);
+const sanitizeHtml = require('sanitize-html');
+/**
+ * @template {Object.<string, any>} Input
+ * @param {Input} obj
+ * @param {string[]} [keys]
+ * @returns {Input}
+ */
+const sanitizeKeys = (obj, keys) => {
+    const sanitized = Object.assign({}, obj);
+    const keysToSanitize = keys || Object.keys(obj);
+    for (const key of keysToSanitize) {
+        if (typeof sanitized[key] === 'string') {
+            // @ts-ignore
+            sanitized[key] = sanitizeHtml(sanitized[key], {
+                allowedTags: false,
+                allowedAttributes: false
+            });
+        }
+    }
+    return sanitized;
+};
 module.exports = ({post, site, newsletter, templateSettings}) => {
     const date = new Date();
     const hasFeatureImageCaption = templateSettings.showFeatureImage && post.feature_image && post.feature_image_caption;
+    const cleanPost = sanitizeKeys(post, ['title', 'excerpt', 'html', 'feature_image_alt', 'feature_image_caption']);
+    const cleanSite = sanitizeKeys(site, ['title']);
+    const cleanNewsletter = sanitizeKeys(newsletter, ['name']);
     return `<!doctype html>
 <html>
 <head>
 <meta name="viewport" content="width=device-width" />
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-<title>${post.title}</title>
+<title>${cleanPost.title}</title>
 <style>
 /* -------------------------------------
     GLOBAL RESETS
@@ -1137,7 +1165,7 @@ ${ templateSettings.showBadge ? `
 </head>
 <body>
-    <span class="preheader">${ post.excerpt ? post.excerpt : `${post.title} – ` }</span>
+    <span class="preheader">${ cleanPost.excerpt ? cleanPost.excerpt : `${cleanPost.title} – ` }</span>
     <table role="presentation" border="0" cellpadding="0" cellspacing="0" class="body" width="100%">
         <!-- Outlook doesn't respect max-width so we need an extra centered table -->
@@ -1172,24 +1200,24 @@ ${ templateSettings.showBadge ? `
                                     <tr>
                                         <td class="${templateSettings.showHeaderTitle ? `site-info-bordered` : `site-info`}" width="100%" align="center">
                                             <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                                                ${ templateSettings.showHeaderIcon && site.iconUrl ? `
+                                                ${ templateSettings.showHeaderIcon && cleanSite.iconUrl ? `
                                                 <tr>
-                                                    <td class="site-icon"><a href="${site.url}"><img src="${site.iconUrl}" alt="${site.title}" border="0"></a></td>
+                                                    <td class="site-icon"><a href="${cleanSite.url}"><img src="${cleanSite.iconUrl}" alt="${cleanSite.title}" border="0"></a></td>
                                                 </tr>
                                                 ` : ``}
                                                 ${ templateSettings.showHeaderTitle ? `
                                                 <tr>
-                                                    <td class="site-url ${!templateSettings.showHeaderName ? 'site-url-bottom-padding' : ''}"><div style="width: 100% !important;"><a href="${site.url}" class="site-title">${site.title}</a></div></td>
+                                                    <td class="site-url ${!templateSettings.showHeaderName ? 'site-url-bottom-padding' : ''}"><div style="width: 100% !important;"><a href="${cleanSite.url}" class="site-title">${cleanSite.title}</a></div></td>
                                                 </tr>
                                                 ` : ``}
                                                 ${ templateSettings.showHeaderName && templateSettings.showHeaderTitle ? `
                                                 <tr>
-                                                    <td class="site-url site-url-bottom-padding"><div style="width: 100% !important;"><a href="${site.url}" class="site-subtitle">${newsletter.name}</a></div></td>
+                                                    <td class="site-url site-url-bottom-padding"><div style="width: 100% !important;"><a href="${cleanSite.url}" class="site-subtitle">${cleanNewsletter.name}</a></div></td>
                                                 </tr>
                                                 ` : ``}
                                                 ${ templateSettings.showHeaderName && !templateSettings.showHeaderTitle ? `
                                                 <tr>
-                                                    <td class="site-url site-url-bottom-padding"><div style="width: 100% !important;"><a href="${site.url}" class="site-title">${newsletter.name}</a></div></td>
+                                                    <td class="site-url site-url-bottom-padding"><div style="width: 100% !important;"><a href="${cleanSite.url}" class="site-title">${cleanNewsletter.name}</a></div></td>
                                                 </tr>
                                                 ` : ``}
@@ -1201,7 +1229,7 @@ ${ templateSettings.showBadge ? `
                                     <tr>
                                         <td class="post-title ${templateSettings.titleFontCategory === 'serif' ? `post-title-serif` : `` } ${templateSettings.titleAlignment === 'left' ? `post-title-left` : ``}">
-                                            <a href="${post.url}" class="post-title-link ${templateSettings.titleAlignment === 'left' ? `post-title-link-left` : ``}">${post.title}</a>
+                                            <a href="${cleanPost.url}" class="post-title-link ${templateSettings.titleAlignment === 'left' ? `post-title-link-left` : ``}">${cleanPost.title}</a>
                                         </td>
                                     </tr>
                                     <tr>
@@ -1209,28 +1237,28 @@ ${ templateSettings.showBadge ? `
                                             <table role="presentation" border="0" cellpadding="0" cellspacing="0" width="100%">
                                                 <tr>
                                                     <td class="post-meta ${templateSettings.titleAlignment === 'left' ? `post-meta-left` : ``}">
-                                                        By ${post.authors} –
-                                                        ${post.published_at} –
-                                                        <a href="${post.url}" class="view-online-link">View online →</a>
+                                                        By ${cleanPost.authors} –
+                                                        ${cleanPost.published_at} –
+                                                        <a href="${cleanPost.url}" class="view-online-link">View online →</a>
                                                     </td>
                                                 </tr>
                                             </table>
                                         </td>
                                     </tr>
-                                    ${ templateSettings.showFeatureImage && post.feature_image ? `
+                                    ${ templateSettings.showFeatureImage && cleanPost.feature_image ? `
                                     <tr>
-                                        <td class="feature-image ${hasFeatureImageCaption ? 'feature-image-with-caption' : ''}"><img src="${post.feature_image}"${post.feature_image_width ? ` width="${post.feature_image_width}"` : ''}${post.feature_image_alt ? ` alt="${post.feature_image_alt}"` : ''}></td>
+                                        <td class="feature-image ${hasFeatureImageCaption ? 'feature-image-with-caption' : ''}"><img src="${cleanPost.feature_image}"${cleanPost.feature_image_width ? ` width="${cleanPost.feature_image_width}"` : ''}${cleanPost.feature_image_alt ? ` alt="${cleanPost.feature_image_alt}"` : ''}></td>
                                     </tr>
                                     ` : ``}
                                     ${ hasFeatureImageCaption ? `
                                     <tr>
-                                        <td class="feature-image-caption" align="center">${post.feature_image_caption}</td>
+                                        <td class="feature-image-caption" align="center">${cleanPost.feature_image_caption}</td>
                                     </tr>
                                     ` : ``}
                                     <tr>
                                         <td class="${(templateSettings.bodyFontCategory === 'sans_serif') ? `post-content-sans-serif` : `post-content` }">
                                             <!-- POST CONTENT START -->
-                                            ${post.html}
+                                            ${cleanPost.html}
                                             <!-- POST CONTENT END -->
                                         </td>
                                     </tr>
@@ -1245,7 +1273,7 @@ ${ templateSettings.showBadge ? `
                                 <table role="presentation" border="0" cellpadding="0" cellspacing="0" width="100%" style="padding-top: 40px; padding-bottom: 30px;">
                                     ${iff(!!templateSettings.footerContent, `<tr><td class="footer">${templateSettings.footerContent}</td></tr>`, '')}
                                     <tr>
-                                        <td class="footer">${site.title} &copy; ${date.getFullYear()} – <a href="%recipient.unsubscribe_url%">Unsubscribe</a></td>
+                                        <td class="footer">${cleanSite.title} &copy; ${date.getFullYear()} – <a href="%recipient.unsubscribe_url%">Unsubscribe</a></td>
                                     </tr>
                                     ${ templateSettings.showBadge ? `

package/core/server/services/member-attribution/index.js CHANGED Viewed

@@ -1,23 +1,51 @@
 const urlService = require('../url');
 const labsService = require('../../../shared/labs');
+const DomainEvents = require('@tryghost/domain-events');
+const urlUtils = require('../../../shared/url-utils');
 class MemberAttributionServiceWrapper {
     init() {
-        if (this.service) {
+        if (this.eventHandler) {
             // Prevent creating duplicate DomainEvents subscribers
             return;
         }
-        const MemberAttributionService = require('@tryghost/member-attribution');
+        // Wire up all the dependencies
+        const {MemberAttributionService, UrlTranslator, AttributionBuilder, EventHandler} = require('@tryghost/member-attribution');
         const models = require('../../models');
-        // For now we don't need to expose anything (yet)
+        const urlTranslator = new UrlTranslator({
+            urlService,
+            urlUtils,
+            models: {
+                Post: models.Post,
+                User: models.User,
+                Tag: models.Tag
+            }
+        });
+        this.attributionBuilder = new AttributionBuilder({urlTranslator});
+        // Expose the service
         this.service = new MemberAttributionService({
-            MemberCreatedEvent: models.MemberCreatedEvent,
-            SubscriptionCreatedEvent: models.SubscriptionCreatedEvent,
-            urlService,
+            models: {
+                MemberCreatedEvent: models.MemberCreatedEvent,
+                SubscriptionCreatedEvent: models.SubscriptionCreatedEvent
+            },
+            attributionBuilder: this.attributionBuilder,
+            labsService
+        });
+        // Listen for events and store them in the database
+        this.eventHandler = new EventHandler({
+            models: {
+                MemberCreatedEvent: models.MemberCreatedEvent,
+                SubscriptionCreatedEvent: models.SubscriptionCreatedEvent
+            },
+            DomainEvents,
             labsService
         });
+        this.eventHandler.subscribe();
     }
 }

package/core/server/services/members/api.js CHANGED Viewed

@@ -13,6 +13,7 @@ const SingleUseTokenProvider = require('./SingleUseTokenProvider');
 const urlUtils = require('../../../shared/url-utils');
 const labsService = require('../../../shared/labs');
 const offersService = require('../offers');
+const staffService = require('../staff');
 const newslettersService = require('../newsletters');
 const memberAttributionService = require('../member-attribution');
@@ -185,6 +186,8 @@ function createApiInstance(config) {
             MemberStatusEvent: models.MemberStatusEvent,
             MemberProductEvent: models.MemberProductEvent,
             MemberAnalyticEvent: models.MemberAnalyticEvent,
+            MemberCreatedEvent: models.MemberCreatedEvent,
+            SubscriptionCreatedEvent: models.SubscriptionCreatedEvent,
             OfferRedemption: models.OfferRedemption,
             Offer: models.Offer,
             StripeProduct: models.StripeProduct,
@@ -195,6 +198,7 @@ function createApiInstance(config) {
         },
         stripeAPIService: stripeService.api,
         offersAPI: offersService.api,
+        staffService: staffService.api,
         labsService: labsService,
         newslettersService: newslettersService,
         memberAttributionService: memberAttributionService.service

package/core/server/services/members/middleware.js CHANGED Viewed

@@ -36,7 +36,9 @@ const deleteSession = async function (req, res) {
         res.writeHead(204);
         res.end();
     } catch (err) {
-        res.writeHead(err.statusCode);
+        res.writeHead(err.statusCode, {
+            'Content-Type': 'text/plain;charset=UTF-8'
+        });
         res.end(err.message);
     }
 };
@@ -130,7 +132,9 @@ const updateMemberData = async function (req, res) {
             res.json(null);
         }
     } catch (err) {
-        res.writeHead(err.statusCode);
+        res.writeHead(err.statusCode, {
+            'Content-Type': 'text/plain;charset=UTF-8'
+        });
         res.end(err.message);
     }
 };

package/core/server/services/members/service.js CHANGED Viewed

@@ -105,10 +105,12 @@ module.exports = {
         });
         verificationTrigger = new VerificationTrigger({
-            configThreshold: _.get(config.get('hostSettings'), 'emailVerification.importThreshold'),
+            apiTriggerThreshold: _.get(config.get('hostSettings'), 'emailVerification.apiThreshold'),
+            adminTriggerThreshold: _.get(config.get('hostSettings'), 'emailVerification.adminThreshold'),
+            importTriggerThreshold: _.get(config.get('hostSettings'), 'emailVerification.importThreshold'),
             isVerified: () => config.get('hostSettings:emailVerification:verified') === true,
             isVerificationRequired: () => settingsCache.get('email_verification_required') === true,
-            sendVerificationEmail: ({subject, message, amountImported}) => {
+            sendVerificationEmail: ({subject, message, amountTriggered}) => {
                 const escalationAddress = config.get('hostSettings:emailVerification:escalationAddress');
                 const fromAddress = config.get('user_email');
@@ -116,7 +118,7 @@ module.exports = {
                     ghostMailer.send({
                         subject,
                         html: tpl(message, {
-                            importedNumber: amountImported,
+                            amountTriggered: amountTriggered,
                             siteUrl: urlUtils.getSiteUrl()
                         }),
                         forceTextContent: true,
@@ -189,4 +191,5 @@ module.exports = {
     stats: membersStats,
     export: require('./exporter/query')
 };
 module.exports.middleware = require('./middleware');

package/core/server/services/public-config/site.js CHANGED Viewed

@@ -10,6 +10,7 @@ module.exports = function getSiteProperties() {
         logo: settingsCache.get('logo'),
         icon: settingsCache.get('icon'),
         accent_color: settingsCache.get('accent_color'),
+        locale: settingsCache.get('locale'),
         url: urlUtils.urlFor('home', true),
         version: ghostVersion.safe
     };

package/core/server/services/route-settings/default-settings-manager.js CHANGED Viewed

@@ -38,23 +38,25 @@ class DefaultSettingsManager {
         const defaultFilePath = path.join(this.sourceFolderPath, defaultFileName);
         return Promise.resolve(fs.readFile(destinationFilePath, 'utf8'))
-            .catch({code: 'ENOENT'}, () => {
-                // CASE: file doesn't exist, copy it from our defaults
-                return fs.copy(
-                    defaultFilePath,
-                    destinationFilePath
-                ).then(() => {
-                    debug(`'${defaultFileName}' copied to ${this.destinationFolderPath}.`);
-                });
-            }).catch((error) => {
-                // CASE: we might have a permission error, as we can't access the directory
-                throw new errors.InternalServerError({
-                    message: tpl(messages.ensureSettings, {
-                        path: this.destinationFolderPath
-                    }),
-                    err: error,
-                    context: error.path
-                });
+            .catch((err) => {
+                if (err.code === 'ENOENT') {
+                    // CASE: file doesn't exist, copy it from our defaults
+                    return fs.copy(
+                        defaultFilePath,
+                        destinationFilePath
+                    ).then(() => {
+                        debug(`'${defaultFileName}' copied to ${this.destinationFolderPath}.`);
+                    });
+                } else {
+                    // CASE: we might have a permission error, as we can't access the directory
+                    throw new errors.InternalServerError({
+                        message: tpl(messages.ensureSettings, {
+                            path: this.destinationFolderPath
+                        }),
+                        err: err,
+                        context: err.path
+                    });
+                }
             });
     }
 }

package/core/server/services/staff/index.js ADDED Viewed

@@ -0,0 +1,26 @@
+class StaffServiceWrapper {
+    init() {
+        const StaffService = require('@tryghost/staff-service');
+        const config = require('../../../shared/config');
+        const logging = require('@tryghost/logging');
+        const models = require('../../models');
+        const {GhostMailer} = require('../mail');
+        const mailer = new GhostMailer();
+        const settingsCache = require('../../../shared/settings-cache');
+        const urlService = require('../url');
+        const urlUtils = require('../../../shared/url-utils');
+        this.api = new StaffService({
+            config,
+            logging,
+            models,
+            mailer,
+            settingsCache,
+            urlService,
+            urlUtils
+        });
+    }
+}
+module.exports = new StaffServiceWrapper();

package/core/server/services/webhooks/trigger.js CHANGED Viewed

@@ -1,6 +1,7 @@
 const debug = require('@tryghost/debug')('services:webhooks:trigger');
 const logging = require('@tryghost/logging');
 const ghostVersion = require('@tryghost/version');
+const crypto = require('crypto');
 class WebhookTrigger {
     /**
@@ -85,13 +86,21 @@ class WebhookTrigger {
             const reqPayload = JSON.stringify(hookPayload);
             const url = webhook.get('target_url');
+            const secret = webhook.get('secret') || '';
+            const headers = {
+                'Content-Length': Buffer.byteLength(reqPayload),
+                'Content-Type': 'application/json',
+                'Content-Version': `v${ghostVersion.safe}`
+            };
+            if (secret !== '') {
+                headers['X-Ghost-Signature'] = `sha256=${crypto.createHmac('sha256', secret).update(reqPayload).digest('hex')}, t=${Date.now()}`;
+            }
             const opts = {
                 body: reqPayload,
-                headers: {
-                    'Content-Length': Buffer.byteLength(reqPayload),
-                    'Content-Type': 'application/json',
-                    'Content-Version': `v${ghostVersion.safe}`
-                },
+                headers,
                 timeout: 2 * 1000,
                 retry: 5
             };

package/core/server/web/api/endpoints/admin/middleware.js CHANGED Viewed

@@ -14,15 +14,13 @@ const notImplemented = function (req, res, next) {
         return next();
     }
-    // @NOTE: integrations have limited access for now
+    // @NOTE: integrations & staff tokens have limited access to the API
     const allowlisted = {
-        // @NOTE: stable
         site: ['GET'],
         posts: ['GET', 'PUT', 'DELETE', 'POST'],
         pages: ['GET', 'PUT', 'DELETE', 'POST'],
         images: ['POST'],
         webhooks: ['POST', 'PUT', 'DELETE'],
-        // @NOTE: experimental
         actions: ['GET'],
         tags: ['GET', 'PUT', 'DELETE', 'POST'],
         labels: ['GET', 'PUT', 'DELETE', 'POST'],

package/core/server/web/api/endpoints/admin/routes.js CHANGED Viewed

@@ -65,13 +65,6 @@ module.exports = function apiRoutes() {
     router.get('/settings', mw.authAdminApi, http(api.settings.browse));
     router.put('/settings', mw.authAdminApi, http(api.settings.edit));
     router.put('/settings/verifications/', mw.authAdminApi, http(api.settings.verifyKeyUpdate));
-    /** @deprecated This endpoint is part of the old email verification flow for the support email */
-    router.get('/settings/members/email', http(api.settings.validateMembersEmailUpdate));
-    /** @deprecated This endpoint is part of the old email verification flow for the support email */
-    router.post('/settings/members/email', mw.authAdminApi, http(api.settings.updateMembersEmail));
     router.del('/settings/stripe/connect', mw.authAdminApi, http(api.settings.disconnectStripeConnectIntegration));
     // ## Users

package/core/shared/config/defaults.json CHANGED Viewed

@@ -141,7 +141,7 @@
     },
     "portal": {
         "url": "https://cdn.jsdelivr.net/npm/@tryghost/portal@~{version}/umd/portal.min.js",
-        "version": "2.9"
+        "version": "2.11"
     },
     "sodoSearch": {
         "url": "https://cdn.jsdelivr.net/npm/@tryghost/sodo-search@~{version}/umd/sodo-search.min.js",
@@ -154,7 +154,8 @@
         "version": "0.9"
     },
     "editor": {
-        "url": "https://unpkg.com/@tryghost/koenig-react/dist/umd/koenig-react.min.js"
+        "url": "https://unpkg.com/@tryghost/koenig-react/dist/umd/koenig-react.min.js",
+        "lexicalUrl": "https://unpkg.com/@tryghost/koenig-lexical-experiment/dist/koenig-lexical.umd.js"
     },
     "tenor": {
         "googleApiKey": null,

package/core/shared/labs.js CHANGED Viewed

@@ -15,23 +15,24 @@ const messages = {
 // flags in this list always return `true`, allows quick global enable prior to full flag removal
 const GA_FEATURES = [
-    'newsletterPaywall'
+    'newsletterPaywall',
+    'freeTrial',
+    'compExpiring',
+    'searchHelper',
+    'emailAlerts'
 ];
 // NOTE: this allowlist is meant to be used to filter out any unexpected
 //       input for the "labs" setting value
 const BETA_FEATURES = [
-    'activitypub'
+    'activitypub',
+    'memberAttribution'
 ];
 const ALPHA_FEATURES = [
     'auditLog',
     'urlCache',
-    'beforeAfterCard',
-    'freeTrial',
-    'memberAttribution',
-    'searchHelper',
-    'compExpiring'
+    'beforeAfterCard'
 ];
 module.exports.GA_KEYS = [...GA_FEATURES];