npm - ghost - Versions diffs - 5.111.0 → 5.112.0 - Mend

ghost 5.111.0 → 5.112.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (142) hide show

package/core/server/models/role-utils.js ADDED Viewed

@@ -0,0 +1,38 @@
+// check if the user has an assigned role
+// so that we can stop writing this everywhere:
+//_.some(loadedPermissions.user.roles, {name: 'Administrator'})
+function checkUserPermissionsForRole(loadedPermissions, roleName) {
+    if (!loadedPermissions?.user?.roles) {
+        return false;
+    }
+    return loadedPermissions.user.roles.some(role => role.name === roleName);
+}
+function setIsRoles(loadedPermissions) {
+    // utility function to parse the permissions object and set up all the "is" variables.
+    let resultsObject = {
+        isOwner: false,
+        isAdmin: false,
+        isEditor: false,
+        isAuthor: false,
+        isContributor: false,
+        isSuperEditor: false,
+        isEitherEditor: false
+    };
+    if (!loadedPermissions?.user?.roles) {
+        return resultsObject;
+    }
+    resultsObject.isOwner = checkUserPermissionsForRole(loadedPermissions, 'Owner');
+    resultsObject.isAdmin = checkUserPermissionsForRole(loadedPermissions, 'Administrator');
+    resultsObject.isEditor = checkUserPermissionsForRole(loadedPermissions, 'Editor');
+    resultsObject.isAuthor = checkUserPermissionsForRole(loadedPermissions, 'Author');
+    resultsObject.isContributor = checkUserPermissionsForRole(loadedPermissions, 'Contributor');
+    resultsObject.isSuperEditor = checkUserPermissionsForRole(loadedPermissions, 'Super Editor');
+    resultsObject.isEitherEditor = resultsObject.isEditor || resultsObject.isSuperEditor;
+    return resultsObject;
+}
+exports.setIsRoles = setIsRoles;
+exports.checkUserPermissionsForRole = checkUserPermissionsForRole;

package/core/server/models/role.js CHANGED Viewed

@@ -2,6 +2,7 @@ const _ = require('lodash');
 const ghostBookshelf = require('./base');
 const tpl = require('@tryghost/tpl');
 const errors = require('@tryghost/errors');
+const {setIsRoles} = require('./role-utils');
 const messages = {
     roleNotFound: 'Role not found',
@@ -78,12 +79,13 @@ Role = ghostBookshelf.Model.extend({
         const roleModel = roleModelOrId;
         if (action === 'assign' && loadedPermissions.user) {
+            const {isOwner, isAdmin, isEitherEditor} = setIsRoles(loadedPermissions);
             let checkAgainst;
-            if (_.some(loadedPermissions.user.roles, {name: 'Owner'})) {
+            if (isOwner) {
                 checkAgainst = ['Owner', 'Administrator', 'Editor', 'Author', 'Contributor'];
-            } else if (_.some(loadedPermissions.user.roles, {name: 'Administrator'})) {
+            } else if (isAdmin) {
                 checkAgainst = ['Administrator', 'Editor', 'Author', 'Contributor'];
-            } else if (_.some(loadedPermissions.user.roles, {name: 'Editor'})) {
+            } else if (isEitherEditor) {
                 checkAgainst = ['Author', 'Contributor'];
             }

package/core/server/models/user.js CHANGED Viewed

@@ -13,6 +13,7 @@ const permissions = require('../services/permissions');
 const urlUtils = require('../../shared/url-utils');
 const activeStates = ['active', 'warn-1', 'warn-2', 'warn-3', 'warn-4'];
 const ASSIGNABLE_ROLES = ['Administrator', 'Editor', 'Author', 'Contributor'];
+const {setIsRoles} = require('./role-utils');
 const messages = {
     valueCannotBeBlank: 'Value in [{tableName}.{columnKey}] cannot be blank.',
@@ -784,6 +785,7 @@ User = ghostBookshelf.Model.extend({
         const self = this;
         const userModel = userModelOrId;
         let origArgs;
+        const {isOwner, isEitherEditor} = setIsRoles(loadedPermissions);
         // If we passed in a model without its related roles, we need to fetch it again
         if (_.isObject(userModelOrId) && !_.isObject(userModelOrId.related('roles'))) {
@@ -826,10 +828,10 @@ User = ghostBookshelf.Model.extend({
             if (context.user === userModel.get('id')) {
                 // If this is the same user that requests the operation allow it.
                 hasUserPermission = true;
-            } else if (loadedPermissions.user && userModel.hasRole('Owner')) {
+            } else if (isOwner) {
                 // Owner can only be edited by owner
                 hasUserPermission = loadedPermissions.user && _.some(loadedPermissions.user.roles, {name: 'Owner'});
-            } else if (loadedPermissions.user && _.some(loadedPermissions.user.roles, {name: 'Editor'})) {
+            } else if (isEitherEditor) {
                 // If the user we are trying to edit is an Author or Contributor, allow it
                 hasUserPermission = userModel.hasRole('Author') || userModel.hasRole('Contributor');
             }
@@ -844,7 +846,7 @@ User = ghostBookshelf.Model.extend({
             }
             // Users with the role 'Editor' have complex permissions when the action === 'destroy'
-            if (loadedPermissions.user && _.some(loadedPermissions.user.roles, {name: 'Editor'})) {
+            if (isEitherEditor) {
                 // Alternatively, if the user we are trying to edit is an Author, allow it
                 hasUserPermission = context.user === userModel.get('id') || userModel.hasRole('Author') || userModel.hasRole('Contributor');
             }

package/core/server/services/activitypub/ActivityPubService.js ADDED Viewed

@@ -0,0 +1,116 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ActivityPubService = void 0;
+const bson_objectid_1 = __importDefault(require("bson-objectid"));
+const node_fetch_1 = __importDefault(require("node-fetch"));
+class ActivityPubService {
+    knex;
+    siteUrl;
+    logging;
+    identityTokenService;
+    constructor(knex, siteUrl, logging, identityTokenService) {
+        this.knex = knex;
+        this.siteUrl = siteUrl;
+        this.logging = logging;
+        this.identityTokenService = identityTokenService;
+    }
+    getExpectedWebhooks(secret) {
+        return [{
+                event: 'post.published',
+                target_url: new URL('.ghost/activitypub/webhooks/post/published', this.siteUrl),
+                api_version: 'v5.100.0',
+                secret
+            }, {
+                event: 'site.changed',
+                target_url: new URL('.ghost/activitypub/webhooks/site/changed', this.siteUrl),
+                api_version: 'v5.100.0',
+                secret
+            }];
+    }
+    async checkWebhookState(expectedWebhooks, integration) {
+        this.logging.info(`Checking ActivityPub Webhook state`);
+        const webhooks = await this.knex
+            .select('*')
+            .from('webhooks')
+            .where('integration_id', '=', integration.id);
+        if (webhooks.length !== expectedWebhooks.length) {
+            this.logging.warn(`Expected ${expectedWebhooks.length} webhooks for ActivityPub`);
+            return false;
+        }
+        for (const expectedWebhook of expectedWebhooks) {
+            const foundWebhook = webhooks.find((webhook) => {
+                return webhook.event === expectedWebhook.event && webhook.target_url === expectedWebhook.target_url.href && webhook.secret === expectedWebhook.secret;
+            });
+            if (!foundWebhook) {
+                this.logging.error(`Could not find webhook for ${expectedWebhook.event} ${expectedWebhook.target_url}`);
+                return false;
+            }
+        }
+        return true;
+    }
+    async getWebhookSecret() {
+        try {
+            const ownerUser = await this.knex.select('*').from('users').where('id', '=', '1').first();
+            const token = await this.identityTokenService.getTokenForUser(ownerUser.email, 'Owner');
+            const res = await (0, node_fetch_1.default)(new URL('.ghost/activitypub/site', this.siteUrl), {
+                headers: {
+                    Authorization: `Bearer ${token}`
+                }
+            });
+            const body = await res.json();
+            return body.webhook_secret;
+        }
+        catch (err) {
+            this.logging.error(`Could not get webhook secret for ActivityPub ${err}`);
+            return null;
+        }
+    }
+    async initialiseWebhooks() {
+        const integration = await this.knex
+            .select('*')
+            .from('integrations')
+            .where('slug', '=', 'ghost-activitypub')
+            .andWhere('type', '=', 'internal')
+            .first();
+        if (!integration) {
+            this.logging.error('No ActivityPub integration found - cannot initialise');
+            return;
+        }
+        const secret = await this.getWebhookSecret();
+        if (!secret) {
+            this.logging.error('No webhook secret found - cannot initialise');
+            return;
+        }
+        const expectedWebhooks = this.getExpectedWebhooks(secret);
+        const isInCorrectState = await this.checkWebhookState(expectedWebhooks, integration);
+        if (isInCorrectState) {
+            this.logging.info(`ActivityPub webhooks in correct state`);
+            return;
+        }
+        this.logging.info(`ActivityPub webhooks in incorrect state, deleting all of them and starting fresh`);
+        await this.knex
+            .del()
+            .from('webhooks')
+            .where('integration_id', '=', integration.id);
+        const webhooksToInsert = expectedWebhooks.map((expectedWebhook) => {
+            return {
+                id: (new bson_objectid_1.default).toHexString(),
+                event: expectedWebhook.event,
+                target_url: expectedWebhook.target_url.href,
+                api_version: expectedWebhook.api_version,
+                name: `ActivityPub ${expectedWebhook.event} Webhook`,
+                secret: secret,
+                integration_id: integration.id,
+                created_at: this.knex.raw('current_timestamp'),
+                created_by: '1'
+            };
+        });
+        await this.knex
+            .insert(webhooksToInsert)
+            .into('webhooks');
+    }
+}
+exports.ActivityPubService = ActivityPubService;

package/core/server/services/activitypub/ActivityPubService.ts ADDED Viewed

@@ -0,0 +1,139 @@
+import ObjectID from 'bson-objectid';
+import {Knex} from 'knex';
+import {IdentityTokenService} from '@tryghost/identity-token-service';
+import fetch from 'node-fetch';
+type ExpectedWebhook = {
+    event: string;
+    target_url: URL;
+    api_version: string;
+    secret: string;
+};
+interface Logger {
+    info(message: string): void
+    warn(message: string): void
+    error(message: string): void
+}
+export class ActivityPubService {
+    constructor(
+        private knex: Knex,
+        private siteUrl: URL,
+        private logging: Logger,
+        private identityTokenService: IdentityTokenService
+    ) {}
+    getExpectedWebhooks(secret: string): ExpectedWebhook[] {
+        return [{
+            event: 'post.published',
+            target_url: new URL('.ghost/activitypub/webhooks/post/published', this.siteUrl),
+            api_version: 'v5.100.0',
+            secret
+        }, {
+            event: 'site.changed',
+            target_url: new URL('.ghost/activitypub/webhooks/site/changed', this.siteUrl),
+            api_version: 'v5.100.0',
+            secret
+        }];
+    }
+    async checkWebhookState(expectedWebhooks: ExpectedWebhook[], integration: {id: string}) {
+        this.logging.info(`Checking ActivityPub Webhook state`);
+        const webhooks = await this.knex
+            .select('*')
+            .from('webhooks')
+            .where('integration_id', '=', integration.id);
+        if (webhooks.length !== expectedWebhooks.length) {
+            this.logging.warn(`Expected ${expectedWebhooks.length} webhooks for ActivityPub`);
+            return false;
+        }
+        for (const expectedWebhook of expectedWebhooks) {
+            const foundWebhook = webhooks.find((webhook) => {
+                return webhook.event === expectedWebhook.event && webhook.target_url === expectedWebhook.target_url.href && webhook.secret === expectedWebhook.secret;
+            });
+            if (!foundWebhook) {
+                this.logging.error(`Could not find webhook for ${expectedWebhook.event} ${expectedWebhook.target_url}`);
+                return false;
+            }
+        }
+        return true;
+    }
+    async getWebhookSecret(): Promise<string | null> {
+        try {
+            const ownerUser = await this.knex.select('*').from('users').where('id', '=', '1').first();
+            const token = await this.identityTokenService.getTokenForUser(ownerUser.email, 'Owner');
+            const res = await fetch(new URL('.ghost/activitypub/site', this.siteUrl), {
+                headers: {
+                    Authorization: `Bearer ${token}`
+                }
+            });
+            const body = await res.json();
+            return body.webhook_secret;
+        } catch (err: unknown) {
+            this.logging.error(`Could not get webhook secret for ActivityPub ${err}`);
+            return null;
+        }
+    }
+    async initialiseWebhooks() {
+        const integration = await this.knex
+            .select('*')
+            .from('integrations')
+            .where('slug', '=', 'ghost-activitypub')
+            .andWhere('type', '=', 'internal')
+            .first();
+        if (!integration) {
+            this.logging.error('No ActivityPub integration found - cannot initialise');
+            return;
+        }
+        const secret = await this.getWebhookSecret();
+        if (!secret) {
+            this.logging.error('No webhook secret found - cannot initialise');
+            return;
+        }
+        const expectedWebhooks = this.getExpectedWebhooks(secret);
+        const isInCorrectState = await this.checkWebhookState(expectedWebhooks, integration);
+        if (isInCorrectState) {
+            this.logging.info(`ActivityPub webhooks in correct state`);
+            return;
+        }
+        this.logging.info(`ActivityPub webhooks in incorrect state, deleting all of them and starting fresh`);
+        await this.knex
+            .del()
+            .from('webhooks')
+            .where('integration_id', '=', integration.id);
+        const webhooksToInsert = expectedWebhooks.map((expectedWebhook) => {
+            return {
+                id: (new ObjectID).toHexString(),
+                event: expectedWebhook.event,
+                target_url: expectedWebhook.target_url.href,
+                api_version: expectedWebhook.api_version,
+                name: `ActivityPub ${expectedWebhook.event} Webhook`,
+                secret: secret,
+                integration_id: integration.id,
+                created_at: this.knex.raw('current_timestamp'),
+                created_by: '1'
+            };
+        });
+        await this.knex
+            .insert(webhooksToInsert)
+            .into('webhooks');
+    }
+}

package/core/server/services/activitypub/ActivityPubServiceWrapper.js CHANGED Viewed

@@ -1,4 +1,4 @@
-const {ActivityPubService} = require('@tryghost/activitypub');
+const {ActivityPubService} = require('./ActivityPubService');
 module.exports = class ActivityPubServiceWrapper {
     /** @type ActivityPubService */

package/core/server/services/stats/MembersStatsService.js ADDED Viewed

@@ -0,0 +1,167 @@
+const moment = require('moment');
+class MembersStatsService {
+    /**
+     * @param {object} deps
+     * @param {import('knex').Knex} deps.knex*/
+    constructor({knex}) {
+        this.knex = knex;
+    }
+    /**
+     * Get the current total members grouped by status
+     * @returns {Promise<TotalMembersByStatus>}
+     */
+    async getCount() {
+        const knex = this.knex;
+        const rows = await knex('members')
+            .select('status')
+            .select(knex.raw('COUNT(id) AS total'))
+            .groupBy('status');
+        const paidEvent = rows.find(c => c.status === 'paid');
+        const freeEvent = rows.find(c => c.status === 'free');
+        const compedEvent = rows.find(c => c.status === 'comped');
+        return {
+            paid: paidEvent ? paidEvent.total : 0,
+            free: freeEvent ? freeEvent.total : 0,
+            comped: compedEvent ? compedEvent.total : 0
+        };
+    }
+    /**
+     * Get the member deltas by status for all days, sorted ascending
+     * @returns {Promise<MemberStatusDelta[]>} The deltas of paid, free and comped users per day, sorted ascending
+     */
+    async fetchAllStatusDeltas() {
+        const knex = this.knex;
+        const ninetyDaysAgo = moment.utc().subtract(91, 'days').startOf('day').utc().format('YYYY-MM-DD HH:mm:ss');
+        const rows = await knex('members_status_events')
+            .select(knex.raw('DATE(created_at) as date'))
+            .select(knex.raw(`SUM(
+                CASE WHEN to_status='paid' THEN 1
+                ELSE 0 END
+            ) as paid_subscribed`))
+            .select(knex.raw(`SUM(
+                CASE WHEN from_status='paid' THEN 1
+                ELSE 0 END
+            ) as paid_canceled`))
+            .select(knex.raw(`SUM(
+                CASE WHEN to_status='comped' THEN 1
+                WHEN from_status='comped' THEN -1
+                ELSE 0 END
+            ) as comped_delta`))
+            .select(knex.raw(`SUM(
+                CASE WHEN to_status='free' THEN 1
+                WHEN from_status='free' THEN -1
+                ELSE 0 END
+            ) as free_delta`))
+            .where('created_at', '>=', ninetyDaysAgo)
+            .groupByRaw('DATE(created_at)');
+        return rows;
+    }
+    /**
+     * Returns a list of the total members by status for each day, including the paid deltas paid_subscribed and paid_canceled
+     * @returns {Promise<CountHistory>}
+     */
+    async getCountHistory() {
+        const rows = await this.fetchAllStatusDeltas();
+        // Fetch current total amounts and start counting from there
+        const totals = await this.getCount();
+        let {paid, free, comped} = totals;
+        // Get today in UTC (default timezone)
+        const today = moment().format('YYYY-MM-DD');
+        const cumulativeResults = [];
+        rows.sort((a, b) => new Date(a.date) - new Date(b.date));
+        // Loop in reverse order (needed to have correct sorted result)
+        for (let i = rows.length - 1; i >= 0; i -= 1) {
+            const row = rows[i];
+            // Convert JSDates to YYYY-MM-DD (in UTC)
+            const date = moment(row.date).format('YYYY-MM-DD');
+            if (date > today) {
+                // Skip results that are in the future (fix for invalid events)
+                continue;
+            }
+            cumulativeResults.unshift({
+                date,
+                paid: Math.max(0, paid),
+                free: Math.max(0, free),
+                comped: Math.max(0, comped),
+                // Deltas
+                paid_subscribed: row.paid_subscribed,
+                paid_canceled: row.paid_canceled
+            });
+            // Update current counts
+            paid -= row.paid_subscribed - row.paid_canceled;
+            free -= row.free_delta;
+            comped -= row.comped_delta;
+        }
+        // Now also add the oldest day we have left over (this one will be zero, which is also needed as a data point for graphs)
+        const oldestDate = rows.length > 0 ? moment(rows[0].date).add(-1, 'days').format('YYYY-MM-DD') : today;
+        cumulativeResults.unshift({
+            date: oldestDate,
+            paid: Math.max(0, paid),
+            free: Math.max(0, free),
+            comped: Math.max(0, comped),
+            // Deltas
+            paid_subscribed: 0,
+            paid_canceled: 0
+        });
+        return {
+            data: cumulativeResults,
+            meta: {
+                totals
+            }
+        };
+    }
+}
+module.exports = MembersStatsService;
+/**
+ * @typedef MemberStatusDelta
+ * @type {Object}
+ * @property {Date} date
+ * @property {number} paid_subscribed Paid members that subscribed on this day
+ * @property {number} paid_canceled Paid members that canceled on this day
+ * @property {number} comped_delta Total net comped members on this day
+ * @property {number} free_delta Total net members on this day
+ */
+/**
+ * @typedef TotalMembersByStatus
+ * @type {Object}
+ * @property {number} paid Total paid members
+ * @property {number} free Total free members
+ * @property {number} comped Total comped members
+ */
+/**
+ * @typedef {Object} TotalMembersByStatusItem
+ * @property {string} date In YYYY-MM-DD format
+ * @property {number} paid Total paid members
+ * @property {number} free Total free members
+ * @property {number} comped Total comped members
+ * @property {number} paid_subscribed Paid members that subscribed on this day
+ * @property {number} paid_canceled Paid members that canceled on this day
+ */
+/**
+ * @typedef {Object} CountHistory
+ * @property {TotalMembersByStatusItem[]} data List of the total members by status for each day, including the paid deltas paid_subscribed and paid_canceled
+ * @property {Object} meta
+ * @property {TotalMembersByStatus} meta.totals
+ */