npm - ghost - Versions diffs - 5.115.0 → 5.115.1 - Mend

ghost 5.115.0 → 5.115.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (197) hide show

package/core/server/models/base/plugins/actions.js CHANGED Viewed

@@ -3,9 +3,20 @@ const errors = require('@tryghost/errors');
 const logging = require('@tryghost/logging');
 /**
+ * This plugin is used to add actions to the database. It backs the "audit log" feature we have in Ghost.
+ *
+ * The functions here are triggered by the `onCreated`, `onUpdated`, `onDeleted` functions in the `events`
+ * plugin, with some extra ones for niche other events.
+ *
  * @param {import('bookshelf')} Bookshelf
  */
 module.exports = function (Bookshelf) {
+    /**
+     * Insert an action into the database
+     *
+     * @param {Object} data - The data to insert
+     * @param {Object} options - The options object
+     */
     const insertAction = (data, options) => {
         // CASE: model does not support action for target event
         if (!data) {
@@ -39,7 +50,13 @@ module.exports = function (Bookshelf) {
         }
     };
-    // We need this addAction accessible from the static model and instances
+    /**
+     * Add an action to the database
+     *
+     * @param {import('bookshelf').Model} model - The model to add the action to
+     * @param {string} event - The event that triggered the action
+     * @param {Object} options - The options object
+     */
     const addAction = (model, event, options) => {
         if (!model.wasChanged()) {
             return;
@@ -58,11 +75,14 @@ module.exports = function (Bookshelf) {
         /**
          * Constructs data to be stored in the database with info
          * on particular actions
+         *
+         * @param {string} event - The event that triggered the action
+         * @param {Object} options - The options object
+         * @returns {Object} The data to be stored in the database
          */
         getAction(event, options) {
+            // Ignore internal updates (`options.context.internal`) for now
             const actor = this.getActor(options);
-            // @NOTE: we ignore internal updates (`options.context.internal`) for now
             if (!actor) {
                 return;
             }
@@ -71,12 +91,7 @@ module.exports = function (Bookshelf) {
                 return;
             }
-            let resourceType = this.actionsResourceType;
-            if (typeof resourceType === 'function') {
-                resourceType = resourceType.bind(this)();
-            }
+            const resourceType = this.actionsResourceType;
             if (!resourceType) {
                 return;
             }
@@ -85,12 +100,14 @@ module.exports = function (Bookshelf) {
                 action_name: options.actionName
             };
+            // Used to attach extra content to the action (ie. the key + group for settings changes)
             if (this.actionsExtraContext && Array.isArray(this.actionsExtraContext)) {
                 for (const c of this.actionsExtraContext) {
                     context[c] = this.get(c) || this.previous(c);
                 }
             }
+            // Attach the primary name to the action (ie. the title or name of the model)
             if (event === 'deleted') {
                 context.primary_name = (this.previous('title') || this.previous('name'));
             } else if (['added', 'edited'].includes(event)) {
@@ -112,21 +129,17 @@ module.exports = function (Bookshelf) {
             return data;
         },
-        /**
-         * @NOTE:
-         *
-         * We add actions step by step and define how they should look like.
-         * Each post update triggers a couple of events, which we don't want to add actions for.
-         *
-         * e.g. transform post to page triggers a handful of events including `post.deleted` and `page.added`
-         *
-         * We protect adding too many and uncontrolled events.
-         *
-         * We could embed adding actions more nicely in the future e.g. plugin.
-         */
         addAction
     }, {
         addAction,
+        /**
+         * Add actions for bulk actions
+         *
+         * @param {string} event - The event that triggered the action
+         * @param {number[]} ids - The ids of the models that were affected
+         * @param {Object} options - The options object
+         */
         async addActions(event, ids, options) {
             if (ids.length === 1) {
                 // We want to store an event for a single model in the actions table
@@ -141,27 +154,27 @@ module.exports = function (Bookshelf) {
         },
         /**
-         * Constructs data to be stored in the database with info
-         * on particular actions
+         * Constructs data for bulk actions to be stored in the database
+         *
+         * @param {string} event - The event that triggered the action
+         * @param {number} count - The number of models that were affected
+         * @param {Object} options - The options object
+         * @returns {Object} The data to be stored in the database
          */
         getBulkAction(event, count, options) {
+            // Ignore internal updates (`options.context.internal`) for now
             const actor = this.prototype.getActor(options);
-            // @NOTE: we ignore internal updates (`options.context.internal`) for now
             if (!actor) {
                 return;
             }
+            // Models can opt-in to their CRUD actions being collected (we do this so we don't
+            // log every single action)
             if (!this.prototype.actionsCollectCRUD) {
                 return;
             }
-            let resourceType = this.prototype.actionsResourceType;
-            if (typeof resourceType === 'function') {
-                resourceType = resourceType.bind(this)();
-            }
+            const resourceType = this.prototype.actionsResourceType;
             if (!resourceType) {
                 return;
             }

package/core/server/models/base/plugins/generate-slug.js CHANGED Viewed

@@ -39,6 +39,12 @@ module.exports = function (Bookshelf) {
                         return slugToFind;
                     }
+                    if (options.modelId) {
+                        if (found.id === options.modelId) {
+                            return slugToFind;
+                        }
+                    }
                     slugTryCount += 1;
                     // If we shortened, go back to the full version and try again

package/core/server/notify.js CHANGED Viewed

@@ -51,7 +51,7 @@ async function notify(type, error = null) {
     // CASE: use bootstrap socket to communicate with CLI for systemd
     let socketAddress = config.get('bootstrap-socket');
     if (socketAddress) {
-        const bootstrapSocket = require('@tryghost/bootstrap-socket');
+        const bootstrapSocket = require('./lib/bootstrap-socket');
         return bootstrapSocket.connectAndSend(socketAddress, message);
     }

package/core/server/services/activitypub/ActivityPubService.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import ObjectID from 'bson-objectid';
 import {Knex} from 'knex';
-import {IdentityTokenService} from '@tryghost/identity-token-service';
+import {IdentityTokenService} from '../identity-tokens/IdentityTokenService';
 import fetch from 'node-fetch';
 type ExpectedWebhook = {

package/core/server/services/api-version-compatibility/APIVersionCompatibilityService.js ADDED Viewed

@@ -0,0 +1,99 @@
+const path = require('path');
+const VersionNotificationsDataService = require('./VersionNotificationsDataService');
+const EmailContentGenerator = require('@tryghost/email-content-generator');
+class APIVersionCompatibilityService {
+    /**
+     *
+     * @param {Object} options
+     * @param {Object} options.UserModel - ghost user model
+     * @param {Object} options.ApiKeyModel -  ghost api key model
+     * @param {Object} options.settingsService - ghost settings service
+     * @param {(Object: {subject: String, to: String, text: String, html: String}) => Promise<any>} options.sendEmail - email sending function
+     * @param {Function} options.getSiteUrl
+     * @param {Function} options.getSiteTitle
+    */
+    constructor({UserModel, ApiKeyModel, settingsService, sendEmail, getSiteUrl, getSiteTitle}) {
+        this.sendEmail = sendEmail;
+        this.versionNotificationsDataService = new VersionNotificationsDataService({
+            UserModel,
+            ApiKeyModel,
+            settingsService
+        });
+        this.emailContentGenerator = new EmailContentGenerator({
+            getSiteUrl,
+            getSiteTitle,
+            templatesDir: path.join(__dirname, 'templates')
+        });
+    }
+    /**
+     * Version mismatch handler doing the logic of picking a template and sending a notification email
+     * @param {Object} options
+     * @param {string} options.acceptVersion - client's accept-version header value
+     * @param {string} options.contentVersion - server's content-version header value
+     * @param {string} options.apiKeyValue - key value (secret for Content API and kid for Admin API) used to access the API
+     * @param {string} options.apiKeyType - key type used to access the API
+     * @param {string} options.requestURL - url that was requested and failed compatibility test
+     * @param {string} [options.userAgent] - client's user-agent header value
+     */
+    async handleMismatch({acceptVersion, contentVersion, apiKeyValue, apiKeyType, requestURL, userAgent = ''}) {
+        if (!await this.versionNotificationsDataService.fetchNotification(acceptVersion)) {
+            const integration = await this.versionNotificationsDataService.getIntegration(apiKeyValue, apiKeyType);
+            // We couldn't find the integration
+            if (!integration) {
+                return;
+            }
+            const {
+                name: integrationName,
+                type: integrationType
+            } = integration;
+            // @NOTE: "internal" or "core" integrations (https://ghost.notion.site/Data-Types-e5dc54dd0078443f9afd6b2abda443c4)
+            //        are maintained by Ghost team, so there is no sense notifying the instance owner about it's incompatibility.
+            //        The other two integration types: "builtin" and "custom", is when we want to notify about incompatibility.
+            if (['internal', 'core'].includes(integrationType)) {
+                return;
+            }
+            const trimmedUseAgent = userAgent.split('/')[0];
+            const emails = await this.versionNotificationsDataService.getNotificationEmails();
+            for (const email of emails) {
+                const template = (trimmedUseAgent === 'Zapier')
+                    ? 'zapier-mismatch'
+                    : 'generic-mismatch';
+                const subject = (trimmedUseAgent === 'Zapier')
+                    ? 'Attention required: One of your Zaps has failed'
+                    : `Attention required: Your ${integrationName} integration has failed`;
+                const {html, text} = await this.emailContentGenerator.getContent({
+                    template,
+                    data: {
+                        acceptVersion,
+                        contentVersion,
+                        clientName: integrationName,
+                        recipientEmail: email,
+                        requestURL: requestURL
+                    }
+                });
+                await this.sendEmail({
+                    subject,
+                    to: email,
+                    html,
+                    text
+                });
+            }
+            await this.versionNotificationsDataService.saveNotification(acceptVersion);
+        }
+    }
+}
+module.exports = APIVersionCompatibilityService;

package/core/server/services/api-version-compatibility/VersionNotificationsDataService.js ADDED Viewed

@@ -0,0 +1,80 @@
+const internalContext = {
+    internal: true
+};
+class VersionNotificationsDataService {
+    /**
+     * @param {Object} options
+     * @param {Object} options.UserModel - ghost user model
+     * @param {Object} options.ApiKeyModel -  ghost api key model
+     * @param {Object} options.settingsService - ghost settings service
+    */
+    constructor({UserModel, ApiKeyModel, settingsService}) {
+        this.UserModel = UserModel;
+        this.ApiKeyModel = ApiKeyModel;
+        this.settingsService = settingsService;
+    }
+    async fetchNotification(acceptVersion) {
+        const setting = await this.settingsService.read('version_notifications', internalContext);
+        const versionNotifications = JSON.parse(setting.version_notifications.value);
+        return versionNotifications.find(version => version === acceptVersion);
+    }
+    async saveNotification(acceptVersion) {
+        const setting = await this.settingsService.read('version_notifications', internalContext);
+        const versionNotifications = JSON.parse(setting.version_notifications.value);
+        if (!versionNotifications.find(version => version === acceptVersion)) {
+            versionNotifications.push(acceptVersion);
+            return this.settingsService.edit([{
+                key: 'version_notifications',
+                value: JSON.stringify(versionNotifications)
+            }], {
+                context: internalContext
+            });
+        }
+    }
+    async getNotificationEmails() {
+        const data = await this.UserModel.findAll(Object.assign({
+            withRelated: ['roles'],
+            filter: 'status:active'
+        }, internalContext));
+        const adminEmails = data
+            .toJSON()
+            .filter(user => ['Owner', 'Administrator'].includes(user.roles[0].name))
+            .map(user => user.email);
+        return adminEmails;
+    }
+    /**
+     * This method is for internal use only.
+     *
+     * @param {String} key - api key identification value, it's "secret" in case of Content API key and "id" for Admin API
+     * @param {String} type - one of "content" or "admin" values
+     * @returns {Promise<Object | null>} Integration JSON object
+     */
+    async getIntegration(key, type) {
+        let queryOptions = null;
+        if (type === 'content') {
+            queryOptions = {secret: key};
+        } else if (type === 'admin') {
+            queryOptions = {id: key};
+        }
+        const apiKey = await this.ApiKeyModel.findOne(queryOptions, {withRelated: ['integration']});
+        if (!apiKey) {
+            return null;
+        }
+        return apiKey.relations.integration.toJSON();
+    }
+}
+module.exports = VersionNotificationsDataService;

package/core/server/services/api-version-compatibility/extract-api-key.js ADDED Viewed

@@ -0,0 +1,57 @@
+const jwt = require('jsonwebtoken');
+/**
+ * Remove 'Ghost' from raw authorization header and extract the JWT token.
+ * Eg. Authorization: Ghost ${JWT}
+ * @param {string} header
+ */
+const extractTokenFromHeader = (header) => {
+    const [scheme, token] = header.split(' ');
+    if (/^Ghost$/i.test(scheme)) {
+        return token;
+    }
+};
+const extractAdminAPIKey = (token) => {
+    const decoded = jwt.decode(token, {complete: true});
+    if (!decoded || !decoded.header || !decoded.header.kid) {
+        return null;
+    }
+    return decoded.header.kid;
+};
+/**
+ * @typedef {object} ApiKey
+ * @prop {string} key
+ * @prop {string} type
+ */
+/**
+ * When it's a Content API the function resolves with the value of the key secret.
+ * When it's an Admin API the function resolves with the value of the key id.
+ *
+ * @param {import('express').Request} req
+ * @returns {ApiKey}
+ */
+const extractAPIKey = (req) => {
+    let keyValue = null;
+    let keyType = null;
+    if (req.query && req.query.key) {
+        keyValue = req.query.key;
+        keyType = 'content';
+    } else if (req.headers && req.headers.authorization) {
+        keyValue = extractAdminAPIKey(extractTokenFromHeader(req.headers.authorization));
+        keyType = 'admin';
+    }
+    return {
+        key: keyValue,
+        type: keyType
+    };
+};
+module.exports = extractAPIKey;

package/core/server/services/api-version-compatibility/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
-const APIVersionCompatibilityService = require('@tryghost/api-version-compatibility-service');
-const versionMismatchHandler = require('@tryghost/mw-api-version-mismatch');
+const APIVersionCompatibilityService = require('./APIVersionCompatibilityService');
+const versionMismatchHandler = require('./mw-api-version-mismatch');
 const ghostVersion = require('@tryghost/version');
 const {GhostMailer} = require('../mail');
 const settingsService = require('../settings/settings-service');

package/core/server/services/api-version-compatibility/mw-api-version-mismatch.js ADDED Viewed

@@ -0,0 +1,31 @@
+const extractApiKey = require('./extract-api-key');
+const versionMismatchHandler = (APIVersionCompatibilityService) => {
+    /**
+     * @param {Object} err
+     * @param {import('express').Request} req
+     * @param {import('express').Response} res
+     * @param {import('express').NextFunction} next
+     */
+    return async function versionMismatchHandlerMiddleware(err, req, res, next) {
+        if (err && err.errorType === 'RequestNotAcceptableError') {
+            if (err.code === 'UPDATE_CLIENT') {
+                const {key, type} = extractApiKey(req);
+                const requestURL = req.originalUrl.split('?').shift();
+                await APIVersionCompatibilityService.handleMismatch({
+                    acceptVersion: req.headers['accept-version'],
+                    contentVersion: `v${res.locals.safeVersion}`,
+                    requestURL,
+                    userAgent: req.headers['user-agent'],
+                    apiKeyValue: key,
+                    apiKeyType: type
+                });
+            }
+        }
+        next(err);
+    };
+};
+module.exports = versionMismatchHandler;

package/core/server/services/audience-feedback/AudienceFeedbackController.js ADDED Viewed

@@ -0,0 +1,85 @@
+const Feedback = require('./Feedback');
+const errors = require('@tryghost/errors');
+const tpl = require('@tryghost/tpl');
+const messages = {
+    invalidScore: 'Invalid feedback score. Only 1 or 0 is currently allowed.',
+    postNotFound: 'Post not found.',
+    memberNotFound: 'Member not found.'
+};
+/**
+ * @typedef {object} IFeedbackRepository
+ * @prop {(feedback: Feedback) => Promise<void>} add
+ * @prop {(feedback: Feedback) => Promise<void>} edit
+ * @prop {(postId, memberId) => Promise<Feedback>} get
+ * @prop {(id: string) => Promise<Post|undefined>} getPostById
+ */
+class AudienceFeedbackController {
+    /** @type IFeedbackRepository */
+    #repository;
+    /**
+     * @param {object} deps
+     * @param {IFeedbackRepository} deps.repository
+     */
+    constructor(deps) {
+        this.#repository = deps.repository;
+    }
+    /**
+     * Get member from frame
+     */
+    #getMember(frame) {
+        if (!frame.options?.context?.member?.id) {
+            // This is an internal server error because authentication should happen outside this service.
+            throw new errors.InternalServerError({
+                message: tpl(messages.memberNotFound)
+            });
+        }
+        return frame.options.context.member;
+    }
+    async add(frame) {
+        const data = frame.data.feedback[0];
+        const postId = data.post_id;
+        const score = data.score;
+        if (![0, 1].includes(score)) {
+            throw new errors.ValidationError({
+                message: tpl(messages.invalidScore)
+            });
+        }
+        const member = this.#getMember(frame);
+        const post = await this.#repository.getPostById(postId);
+        if (!post) {
+            throw new errors.NotFoundError({
+                message: tpl(messages.postNotFound)
+            });
+        }
+        const existing = await this.#repository.get(post.id, member.id);
+        if (existing) {
+            if (existing.score === score) {
+                // Don't save so we don't update the updated_at timestamp
+                return existing;
+            }
+            existing.score = score;
+            await this.#repository.edit(existing);
+            return existing;
+        }
+        const feedback = new Feedback({
+            memberId: member.id,
+            postId: post.id,
+            score
+        });
+        await this.#repository.add(feedback);
+        return feedback;
+    }
+}
+module.exports = AudienceFeedbackController;

package/core/server/services/audience-feedback/AudienceFeedbackService.js ADDED Viewed

@@ -0,0 +1,34 @@
+class AudienceFeedbackService {
+    /** @type URL */
+    #baseURL;
+    /** @type {Object} */
+    #urlService;
+    /**
+     * @param {object} deps
+     * @param {object} deps.config
+     * @param {URL} deps.config.baseURL
+     * @param {object} deps.urlService
+     */
+    constructor(deps) {
+        this.#baseURL = deps.config.baseURL;
+        this.#urlService = deps.urlService;
+    }
+    /**
+     * @param {string} uuid
+     * @param {string} postId
+     * @param {0 | 1} score
+     * @param {string} key - hashed uuid value
+     */
+    buildLink(uuid, postId, score, key) {
+        let postUrl = this.#urlService.getUrlByResourceId(postId, {absolute: true});
+        if (postUrl.match(/\/404\//)) {
+            postUrl = this.#baseURL;
+        }
+        const url = new URL(postUrl);
+        url.hash = `#/feedback/${postId}/${score}/?uuid=${encodeURIComponent(uuid)}&key=${encodeURIComponent(key)}`;
+        return url;
+    }
+}
+module.exports = AudienceFeedbackService;

package/core/server/services/audience-feedback/Feedback.js ADDED Viewed

@@ -0,0 +1,35 @@
+const ObjectID = require('bson-objectid').default;
+module.exports = class Feedback {
+    /** @type {ObjectID} */
+    id;
+    /** @type {number} */
+    score;
+    /** @type {ObjectID} */
+    memberId;
+    /** @type {ObjectID} */
+    postId;
+    constructor(data) {
+        if (!data.id) {
+            this.id = new ObjectID();
+        }
+        if (typeof data.id === 'string') {
+            this.id = ObjectID.createFromHexString(data.id);
+        }
+        this.score = data.score ?? 0;
+        if (typeof data.memberId === 'string') {
+            this.memberId = ObjectID.createFromHexString(data.memberId);
+        } else {
+            this.memberId = data.memberId;
+        }
+        if (typeof data.postId === 'string') {
+            this.postId = ObjectID.createFromHexString(data.postId);
+        } else {
+            this.postId = data.postId;
+        }
+    }
+};

package/core/server/services/audience-feedback/index.js CHANGED Viewed

@@ -1,5 +1,9 @@
 const urlUtils = require('../../../shared/url-utils');
 const urlService = require('../../services/url');
+const AudienceFeedbackService = require('./AudienceFeedbackService');
+const AudienceFeedbackController = require('./AudienceFeedbackController');
+const Feedback = require('./Feedback');
 const FeedbackRepository = require('./FeedbackRepository');
 class AudienceFeedbackServiceWrapper {
@@ -12,8 +16,6 @@ class AudienceFeedbackServiceWrapper {
         // Wire up all the dependencies
         const models = require('../../models');
-        const {AudienceFeedbackService, AudienceFeedbackController, Feedback} = require('@tryghost/audience-feedback');
         this.repository = new FeedbackRepository({
             Member: models.Member,
             MemberFeedback: models.MemberFeedback,