npm - ghost - Versions diffs - 5.114.1 → 5.115.1 - Mend

ghost 5.114.1 → 5.115.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (201) hide show

package/core/server/services/stripe/services/webhook/CheckoutSessionEventService.js ADDED Viewed

@@ -0,0 +1,255 @@
+const {DonationPaymentEvent} = require('@tryghost/donations');
+const _ = require('lodash');
+const errors = require('@tryghost/errors');
+const logging = require('@tryghost/logging');
+/**
+ * Handles `checkout.session.completed` webhook events
+ *
+ * The `checkout.session.completed` event is triggered when a customer completes a checkout session.
+ *
+ * It is triggered for the following scenarios:
+ * - Subscription
+ * - Donation
+ * - Setup intent
+ *
+ * This service delegates the event to the appropriate handler based on the session mode and metadata.
+ *
+ * The `session` payload can be found here: https://docs.stripe.com/api/checkout/sessions/object
+ */
+module.exports = class CheckoutSessionEventService {
+    /**
+     * @param {object} deps
+     * @param {import('../../StripeAPI')} deps.api
+     * @param {object} deps.memberRepository
+     * @param {object} deps.donationRepository
+     * @param {object} deps.staffServiceEmails
+     * @param {function} deps.sendSignupEmail
+     */
+    constructor(deps) {
+        this.api = deps.api;
+        this.deps = deps;
+    }
+    /**
+     * Handles a `checkout.session.completed` event
+     * Delegates to the appropriate handler based on the session mode and metadata
+     * @param {import('stripe').Stripe.Checkout.Session} session
+     */
+    async handleEvent(session) {
+        if (session.mode === 'setup') {
+            await this.handleSetupEvent(session);
+        }
+        if (session.mode === 'subscription') {
+            await this.handleSubscriptionEvent(session);
+        }
+        if (session.mode === 'payment' && session.metadata?.ghost_donation) {
+            await this.handleDonationEvent(session);
+        }
+    }
+    /**
+     * Handles a `checkout.session.completed` event for a donation
+     * @param {import('stripe').Stripe.Checkout.Session} session
+     */
+    async handleDonationEvent(session) {
+        const donationField = session.custom_fields?.find(obj => obj?.key === 'donation_message');
+        const donationMessage = donationField?.text?.value ? donationField.text.value : null;
+        const amount = session.amount_total;
+        const currency = session.currency;
+        const memberRepository = this.deps.memberRepository;
+        const member = session.customer ? (await memberRepository.get({customer_id: session.customer})) : null;
+        const data = DonationPaymentEvent.create({
+            name: member?.get('name') ?? session.customer_details.name,
+            email: member?.get('email') ?? session.customer_details.email,
+            memberId: member?.id ?? null,
+            amount,
+            currency,
+            donationMessage,
+            attributionId: session.metadata?.attribution_id ?? null,
+            attributionUrl: session.metadata?.attribution_url ?? null,
+            attributionType: session.metadata?.attribution_type ?? null,
+            referrerSource: session.metadata?.referrer_source ?? null,
+            referrerMedium: session.metadata?.referrer_medium ?? null,
+            referrerUrl: session.metadata?.referrer_url ?? null
+        });
+        const donationRepository = this.deps.donationRepository;
+        await donationRepository.save(data);
+        const staffServiceEmails = this.deps.staffServiceEmails;
+        await staffServiceEmails.notifyDonationReceived({donationPaymentEvent: data});
+    }
+    /**
+     * Handles a `checkout.session.completed` event for a setup intent
+     *
+     * This is used when a customer adds or changes their payment method outside
+     * of the normal subscription flow.
+     * @param {import('stripe').Stripe.Checkout.Session} session
+     */
+    async handleSetupEvent(session) {
+        const setupIntent = await this.api.getSetupIntent(session.setup_intent);
+        const memberRepository = this.deps.memberRepository;
+        const member = await memberRepository.get({
+            customer_id: setupIntent.metadata.customer_id
+        });
+        if (!member) {
+            return;
+        }
+        await this.api.attachPaymentMethodToCustomer(
+            setupIntent.metadata.customer_id,
+            setupIntent.payment_method
+        );
+        if (setupIntent.metadata.subscription_id) {
+            const updatedSubscription = await this.api.updateSubscriptionDefaultPaymentMethod(
+                setupIntent.metadata.subscription_id,
+                setupIntent.payment_method
+            );
+            try {
+                await memberRepository.linkSubscription({
+                    id: member.id,
+                    subscription: updatedSubscription
+                });
+            } catch (err) {
+                if (err.code !== 'ER_DUP_ENTRY' && err.code !== 'SQLITE_CONSTRAINT') {
+                    throw err;
+                }
+                throw new errors.ConflictError({
+                    err
+                });
+            }
+            return;
+        }
+        const subscriptions = await member.related('stripeSubscriptions').fetch();
+        const activeSubscriptions = subscriptions.models.filter(subscription => ['active', 'trialing', 'unpaid', 'past_due'].includes(subscription.get('status'))
+        );
+        for (const subscription of activeSubscriptions) {
+            if (subscription.get('customer_id') === setupIntent.metadata.customer_id) {
+                const updatedSubscription = await this.api.updateSubscriptionDefaultPaymentMethod(
+                    subscription.get('subscription_id'),
+                    setupIntent.payment_method
+                );
+                try {
+                    await memberRepository.linkSubscription({
+                        id: member.id,
+                        subscription: updatedSubscription
+                    });
+                } catch (err) {
+                    if (err.code !== 'ER_DUP_ENTRY' && err.code !== 'SQLITE_CONSTRAINT') {
+                        throw err;
+                    }
+                    throw new errors.ConflictError({
+                        err
+                    });
+                }
+            }
+        }
+    }
+    /**
+     * Handles a `checkout.session.completed` event for a subscription
+     * @param {import('stripe').Stripe.Checkout.Session} session
+     */
+    async handleSubscriptionEvent(session) {
+        const customer = await this.api.getCustomer(session.customer, {
+            expand: ['subscriptions.data.default_payment_method']
+        });
+        const memberRepository = this.deps.memberRepository;
+        let member = await memberRepository.get({
+            email: customer.email
+        });
+        const checkoutType = _.get(session, 'metadata.checkoutType');
+        if (!member) {
+            const metadataName = _.get(session, 'metadata.name');
+            const metadataNewsletters = _.get(session, 'metadata.newsletters');
+            const attribution = {
+                id: session.metadata?.attribution_id ?? null,
+                url: session.metadata?.attribution_url ?? null,
+                type: session.metadata?.attribution_type ?? null,
+                referrerSource: session.metadata?.referrer_source ?? null,
+                referrerMedium: session.metadata?.referrer_medium ?? null,
+                referrerUrl: session.metadata?.referrer_url ?? null
+            };
+            const payerName = _.get(customer, 'subscriptions.data[0].default_payment_method.billing_details.name');
+            const name = metadataName || payerName || null;
+            const memberData = {email: customer.email, name, attribution};
+            if (metadataNewsletters) {
+                try {
+                    memberData.newsletters = JSON.parse(metadataNewsletters);
+                } catch (e) {
+                    logging.error(`Ignoring invalid newsletters data - ${metadataNewsletters}.`);
+                }
+            }
+            const offerId = session.metadata?.offer;
+            const memberDataWithStripeCustomer = {
+                ...memberData,
+                stripeCustomer: customer,
+                offerId
+            };
+            member = await memberRepository.create(memberDataWithStripeCustomer);
+        } else {
+            const payerName = _.get(customer, 'subscriptions.data[0].default_payment_method.billing_details.name');
+            const attribution = {
+                id: session.metadata?.attribution_id ?? null,
+                url: session.metadata?.attribution_url ?? null,
+                type: session.metadata?.attribution_type ?? null,
+                referrerSource: session.metadata?.referrer_source ?? null,
+                referrerMedium: session.metadata?.referrer_medium ?? null,
+                referrerUrl: session.metadata?.referrer_url ?? null
+            };
+            if (payerName && !member.get('name')) {
+                await memberRepository.update({name: payerName}, {id: member.get('id')});
+            }
+            await memberRepository.upsertCustomer({
+                customer_id: customer.id,
+                member_id: member.id,
+                name: customer.name,
+                email: customer.email
+            });
+            for (const subscription of customer.subscriptions.data) {
+                try {
+                    const offerId = session.metadata?.offer;
+                    await memberRepository.linkSubscription({
+                        id: member.id,
+                        subscription,
+                        offerId,
+                        attribution
+                    });
+                } catch (err) {
+                    if (err.code !== 'ER_DUP_ENTRY' && err.code !== 'SQLITE_CONSTRAINT') {
+                        throw err;
+                    }
+                    throw new errors.ConflictError({
+                        err
+                    });
+                }
+            }
+        }
+        if (checkoutType !== 'upgrade') {
+            this.deps.sendSignupEmail(customer.email);
+        }
+    }
+};

package/core/server/services/stripe/services/webhook/InvoiceEventService.js ADDED Viewed

@@ -0,0 +1,70 @@
+const errors = require('@tryghost/errors');
+// const _ = require('lodash');
+/**
+ * Handles `invoice.payment_succeeded` webhook events
+ *
+ * The `invoice.payment_succeeded` event is triggered when a customer's payment succeeds.
+ */
+module.exports = class InvoiceEventService {
+    /**
+     * @param {object} deps
+     * @param {object} deps.api
+     * @param {object} deps.memberRepository
+     * @param {object} deps.eventRepository
+     * @param {object} deps.productRepository
+     */
+    constructor(deps) {
+        this.deps = deps;
+    }
+    /**
+     * Handles a `invoice.payment_succeeded` event
+     *
+     * Inserts a payment event into the database
+     * @param {import('stripe').Stripe.Invoice} invoice
+     */
+    async handleInvoiceEvent(invoice) {
+        const {api, memberRepository, eventRepository, productRepository} = this.deps;
+        if (!invoice.subscription) {
+            // Check if this is a one time payment, related to a donation
+            // this is being handled in checkoutSessionEvent because we need to handle the custom donation message
+            // which is not available in the invoice object
+            return;
+        }
+        const subscription = await api.getSubscription(invoice.subscription, {
+            expand: ['default_payment_method']
+        });
+        const member = await memberRepository.get({
+            customer_id: subscription.customer
+        });
+        if (member) {
+            if (invoice.paid && invoice.amount_paid !== 0) {
+                await eventRepository.registerPayment({
+                    member_id: member.id,
+                    currency: invoice.currency,
+                    amount: invoice.amount_paid
+                });
+            }
+        } else {
+            // Subscription has more than one plan - meaning it is not one created by us - ignore.
+            if (!subscription.plan) {
+                return;
+            }
+            // Subscription is for a different product - ignore.
+            const product = await productRepository.get({
+                stripe_product_id: subscription.plan.product
+            });
+            if (!product) {
+                return;
+            }
+            // Could not find the member, which we need in order to insert an payment event.
+            throw new errors.NotFoundError({
+                message: `No member found for customer ${subscription.customer}`
+            });
+        }
+    }
+};

package/core/server/services/stripe/services/webhook/SubscriptionEventService.js ADDED Viewed

@@ -0,0 +1,54 @@
+const errors = require('@tryghost/errors');
+const _ = require('lodash');
+/**
+ * Handles `customer.subscription.*` webhook events
+ *
+ * The `customer.subscription.*` events are triggered when a customer's subscription status changes.
+ *
+ * This service is responsible for handling these events and updating the subscription status in Ghost,
+ * although it mostly delegates the responsibility to the `MemberRepository`.
+ */
+module.exports = class SubscriptionEventService {
+    /**
+     * @param {object} deps
+     * @param {import('../../repositories/MemberRepository')} deps.memberRepository
+     */
+    constructor(deps) {
+        this.deps = deps;
+    }
+    /**
+     * Handles a `customer.subscription.*` event
+     *
+     * Looks up the member by the Stripe customer ID and links the subscription to the member.
+     * @param {import('stripe').Stripe.Subscription} subscription
+     */
+    async handleSubscriptionEvent(subscription) {
+        const subscriptionPriceData = _.get(subscription, 'items.data');
+        if (!subscriptionPriceData || subscriptionPriceData.length !== 1) {
+            throw new errors.BadRequestError({
+                message: 'Subscription should have exactly 1 price item'
+            });
+        }
+        const memberRepository = this.deps.memberRepository;
+        const member = await memberRepository.get({
+            customer_id: subscription.customer
+        });
+        if (member) {
+            try {
+                await memberRepository.linkSubscription({
+                    id: member.id,
+                    subscription
+                });
+            } catch (err) {
+                if (err.code !== 'ER_DUP_ENTRY' && err.code !== 'SQLITE_CONSTRAINT') {
+                    throw err;
+                }
+                throw new errors.ConflictError({err});
+            }
+        }
+    }
+};

package/core/server/services/themes/loader.js CHANGED Viewed

@@ -1,6 +1,6 @@
 const debug = require('@tryghost/debug')('themes');
-const packageJSON = require('@tryghost/package-json');
+const packageJSON = require('../../lib/package-json');
 const config = require('../../../shared/config');
 const themeList = require('./list');

package/core/server/services/themes/to-json.js CHANGED Viewed

@@ -1,7 +1,7 @@
 const _ = require('lodash');
 const themeList = require('./list');
 const bridge = require('../../../bridge');
-const packageJSON = require('@tryghost/package-json');
+const packageJSON = require('../../lib/package-json');
 const settingsCache = require('../../../shared/settings-cache');
 /**

package/core/server/web/api/endpoints/admin/routes.js CHANGED Viewed

@@ -168,6 +168,7 @@ module.exports = function apiRoutes() {
     // ## Slugs
     router.get('/slugs/:type/:name', mw.authAdminApi, http(api.slugs.generate));
+    router.get('/slugs/:type/:name/:id', mw.authAdminApi, http(api.slugs.generate));
     // ## Themes
     router.get('/themes/', mw.authAdminApi, http(api.themes.browse));

package/core/server/web/shared/middleware/cache-control.js ADDED Viewed

@@ -0,0 +1,51 @@
+// # CacheControl Middleware
+// Usage: cacheControl(profile), where profile is one of 'public' or 'private'
+// After: checkIsPrivate
+// Before: routes
+// App: Admin|Site|API
+//
+// Allows each app to declare its own default caching rules
+const isString = require('lodash/isString');
+/**
+ * @param {'public'|'private'} profile Use "private" if you do not want caching
+ * @param {object} [options]
+ * @param {number} [options.maxAge] The max-age in seconds to use when profile is "public"
+ * @param {number} [options.staleWhileRevalidate] The stale-while-revalidate in seconds to use when profile is "public"
+ */
+const cacheControl = (profile, options = {maxAge: 0}) => {
+    const isOptionHasProperty = property => Object.prototype.hasOwnProperty.call(options, property);
+    const publicOptions = [
+        'public',
+        `max-age=${options.maxAge}`,
+        isOptionHasProperty('staleWhileRevalidate') ? `stale-while-revalidate=${options.staleWhileRevalidate}` : ''
+    ];
+    const profiles = {
+        public: publicOptions.filter(option => option).join(', '),
+        private: 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0'
+    };
+    let output;
+    if (isString(profile) && Object.prototype.hasOwnProperty.call(profiles, profile)) {
+        output = profiles[profile];
+    }
+    /**
+     * @param {import('express').Request} req
+     * @param {import('express').Response} res
+     * @param {() => void} next
+     *
+     * @returns {void}
+     */
+    return function cacheControlHeaders(req, res, next) {
+        if (output) {
+            res.set({'Cache-Control': output});
+        }
+        next();
+    };
+};
+module.exports = cacheControl;

package/core/server/web/shared/middleware/index.js CHANGED Viewed

@@ -8,7 +8,7 @@ module.exports = {
     },
     get cacheControl() {
-        return require('@tryghost/mw-cache-control');
+        return require('./cache-control');
     },
     get prettyUrls() {

package/core/server/web/well-known.js CHANGED Viewed

@@ -1,7 +1,7 @@
-const cacheControl = require('@tryghost/mw-cache-control');
 const express = require('../../shared/express');
 const settings = require('../../shared/settings-cache');
 const config = require('../../shared/config');
+const {cacheControl} = require('./shared/middleware');
 module.exports = function setupWellKnownApp() {
     const wellKnownApp = express('well-known');

package/core/shared/labs.js CHANGED Viewed

@@ -51,8 +51,10 @@ const ALPHA_FEATURES = [
     'lexicalIndicators',
     'adminXDemo',
     'postsX',
+    'statsX',
     'captcha',
-    'contentVisibilityAlpha'
+    'contentVisibilityAlpha',
+    'explore'
 ];
 module.exports.GA_KEYS = [...GA_FEATURES];

package/core/shared/settings-cache/CacheManager.js CHANGED Viewed

@@ -11,6 +11,59 @@ const _ = require('lodash');
  * - See the notes in core/server/lib/common/events
  * - There's also a plan to introduce a proper caching layer, and rewrite this on top of that
  */
+/**
+ * @typedef {Object} PublicSettingsCache
+ * @property {string|null} title - The blog's title
+ * @property {string|null} description - The blog's description
+ * @property {string|null} logo - URL to the blog's logo
+ * @property {string|null} icon - URL to the blog's icon
+ * @property {string|null} accent_color - The blog's accent color
+ * @property {string|null} cover_image - URL to the blog's cover image
+ * @property {string|null} facebook - Facebook page name
+ * @property {string|null} twitter - Twitter username
+ * @property {string|null} lang - The blog's language code
+ * @property {string|null} locale - The blog's locale
+ * @property {string|null} timezone - The blog's timezone
+ * @property {string|null} codeinjection_head - Code injected into head
+ * @property {string|null} codeinjection_foot - Code injected into footer
+ * @property {string|null} navigation - JSON string of navigation items
+ * @property {string|null} secondary_navigation - JSON string of secondary navigation items
+ * @property {string|null} meta_title - Custom meta title
+ * @property {string|null} meta_description - Custom meta description
+ * @property {string|null} og_image - Open Graph image URL
+ * @property {string|null} og_title - Open Graph title
+ * @property {string|null} og_description - Open Graph description
+ * @property {string|null} twitter_image - Twitter card image URL
+ * @property {string|null} twitter_title - Twitter card title
+ * @property {string|null} twitter_description - Twitter card description
+ * @property {string|null} members_support_address - Support email for members
+ * @property {boolean|null} members_enabled - Whether members feature is enabled
+ * @property {boolean|null} allow_self_signup - Whether self signup is allowed
+ * @property {boolean|null} members_invite_only - Whether membership is invite only
+ * @property {string|null} members_signup_access - Member signup access level
+ * @property {boolean|null} paid_members_enabled - Whether paid memberships are enabled
+ * @property {string|null} firstpromoter_account - FirstPromoter account ID
+ * @property {string|null} portal_button_style - Portal button style
+ * @property {string|null} portal_button_signup_text - Portal signup button text
+ * @property {string|null} portal_button_icon - Portal button icon
+ * @property {string|null} portal_signup_terms_html - Portal signup terms HTML
+ * @property {boolean|null} portal_signup_checkbox_required - Whether signup checkbox is required
+ * @property {string|null} portal_plans - JSON string of available portal plans
+ * @property {string|null} portal_default_plan - Default portal plan
+ * @property {boolean|null} portal_name - Whether to show portal names
+ * @property {boolean|null} portal_button - Whether to show the portal button
+ * @property {boolean|null} comments_enabled - Whether comments are enabled
+ * @property {boolean|null} recommendations_enabled - Whether recommendations are enabled
+ * @property {boolean|null} outbound_link_tagging - Whether outbound link tagging is enabled
+ * @property {string|null} default_email_address - Default email address
+ * @property {string|null} support_email_address - Support email address
+ * @property {string|null} editor_default_email_recipients - Default email recipients for editor
+ * @property {boolean|null} captcha_enabled - Whether captcha is enabled
+ * @property {string|null} labs - JSON string of enabled labs features
+ * @property {never} [x] - Prevent accessing undefined properties
+ */
 class CacheManager {
     /**
      * @prop {Object} options
@@ -164,14 +217,19 @@ class CacheManager {
     /**
      * Get all the publicly accessible cache entries with their correct names
      * Uses clone to prevent modifications from being reflected
-     * @return {object} cache
+    * @return {PublicSettingsCache} cache
      */
     getPublic() {
-        let settings = {};
-        _.each(this.publicSettings, (key, newKey) => {
-            settings[newKey] = this._doGet(key) ?? null;
-        });
+        // This block correctly builds the type signature for the return value
+        /** @type {PublicSettingsCache} */
+        let settings = Object.fromEntries(
+            Object.keys(this.publicSettings).map(key => [this.publicSettings[key], null])
+        );
+        // This block correctly populates the values from the cache
+        for (const newKey in this.publicSettings) {
+            settings[newKey] = this._doGet(this.publicSettings[newKey]) ?? null;
+        }
         return settings;
     }