ghost 5.119.2 → 5.120.0

package/core/server/api/endpoints/utils/validators/input/images.js

@@ -10,21 +10,20 @@ const messages = {
     invalidFile: 'Icon must be a .jpg, .webp, .svg or .png file, at least 60x60px, under 20MB.'
 };
 
-const profileImage = (frame) => {
-    return imageSize.getImageSizeFromPath(frame.file.path).then((response) => {
-        // save the image dimensions in new property for file
-        frame.file.dimensions = response;
+const profileImage = async (frame) => {
+    const response = await imageSize.getImageSizeFromPath(frame.file.path);
+    // save the image dimensions in new property for file
+    frame.file.dimensions = response;
 
-        // CASE: file needs to be a square
-        if (frame.file.dimensions.width !== frame.file.dimensions.height) {
-            return Promise.reject(new errors.ValidationError({
-                message: tpl(messages.isNotSquare)
-            }));
-        }
-    });
+    // CASE: file needs to be a square
+    if (frame.file.dimensions.width !== frame.file.dimensions.height) {
+        throw new errors.ValidationError({
+            message: tpl(messages.isNotSquare)
+        });
+    }
 };
 
-const icon = (frame) => {
+const icon = async (frame) => {
     const iconExtensions = (config.get('uploads').icons && config.get('uploads').icons.extensions) || [];
 
     // We don't support resizing .ico files, so we set a lower max upload size
@@ -44,56 +43,48 @@ const icon = (frame) => {
 
     // CASE: file should not be larger than 20MB
     if (!validIconFileSize(frame.file.size)) {
-        return Promise.reject(new errors.ValidationError({
+        throw new errors.ValidationError({
             message: tpl(message, {extensions: iconExtensions})
-        }));
+        });
     }
 
-    return blogIcon.getIconDimensions(frame.file.path).then((response) => {
-        // save the image dimensions in new property for file
-        frame.file.dimensions = response;
+    const response = await blogIcon.getIconDimensions(frame.file.path);
+    // save the image dimensions in new property for file
+    frame.file.dimensions = response;
 
-        if (isIco) {
-            // CASE: file needs to be a square
-            if (frame.file.dimensions.width !== frame.file.dimensions.height) {
-                return Promise.reject(new errors.ValidationError({
-                    message: tpl(message, {extensions: iconExtensions})
-                }));
-            }
-
-            // CASE: icon needs to be smaller than or equal to 1000px
-            if (frame.file.dimensions.width > 1000) {
-                return Promise.reject(new errors.ValidationError({
-                    message: tpl(message, {extensions: iconExtensions})
-                }));
-            }
+    if (isIco) {
+        // CASE: file needs to be a square
+        if (frame.file.dimensions.width !== frame.file.dimensions.height) {
+            throw new errors.ValidationError({
+                message: tpl(message, {extensions: iconExtensions})
+            });
         }
 
-        // CASE: icon needs to be bigger than or equal to 60px
-        // .ico files can contain multiple sizes, we need at least a minimum of 60px (16px is ok, as long as 60px are present as well)
-        if (!isSVG && frame.file.dimensions.width < 60) {
-            return Promise.reject(new errors.ValidationError({
+        // CASE: icon needs to be smaller than or equal to 1000px
+        if (frame.file.dimensions.width > 1000) {
+            throw new errors.ValidationError({
                 message: tpl(message, {extensions: iconExtensions})
-            }));
+            });
         }
-    });
+    }
+
+    // CASE: icon needs to be bigger than or equal to 60px
+    // .ico files can contain multiple sizes, we need at least a minimum of 60px (16px is ok, as long as 60px are present as well)
+    if (!isSVG && frame.file.dimensions.width < 60) {
+        throw new errors.ValidationError({
+            message: tpl(message, {extensions: iconExtensions})
+        });
+    }
 };
 
 module.exports = {
-    upload(apiConfig, frame) {
-        return Promise.resolve()
-            .then(() => {
-                return jsonSchema.validate(apiConfig, frame);
-            })
-            .then(() => {
-                if (frame.data.purpose === 'profile_image') {
-                    return profileImage(frame);
-                }
-            })
-            .then(() => {
-                if (frame.data.purpose === 'icon') {
-                    return icon(frame);
-                }
-            });
+    async upload(apiConfig, frame) {
+        await jsonSchema.validate(apiConfig, frame);
+        if (frame.data.purpose === 'profile_image') {
+            await profileImage(frame);
+        }
+        if (frame.data.purpose === 'icon') {
+            await icon(frame);
+        }
     }
 };

package/core/server/api/endpoints/utils/validators/input/invites.js

@@ -7,14 +7,12 @@ const messages = {
 };
 
 module.exports = {
-    add(apiConfig, frame) {
-        return models.User.findOne({email: frame.data.invites[0].email}, frame.options)
-            .then((user) => {
-                if (user) {
-                    return Promise.reject(new errors.ValidationError({
-                        message: tpl(messages.userAlreadyRegistered)
-                    }));
-                }
+    async add(apiConfig, frame) {
+        const user = await models.User.findOne({email: frame.data.invites[0].email}, frame.options);
+        if (user) {
+            throw new errors.ValidationError({
+                message: tpl(messages.userAlreadyRegistered)
             });
+        }
     }
 };

package/core/server/api/endpoints/webhooks.js

@@ -39,29 +39,27 @@ const controller = {
             cacheInvalidate: false
         },
         permissions: {
-            before: (frame) => {
-                if (frame.options.context && frame.options.context.integration && frame.options.context.integration.id) {
-                    return models.Webhook.findOne({id: frame.options.id})
-                        .then((webhook) => {
-                            if (!webhook) {
-                                throw new errors.NotFoundError({
-                                    message: tpl(messages.resourceNotFound, {
-                                        resource: 'Webhook'
-                                    })
-                                });
-                            }
+            before: async (frame) => {
+                if (frame.options.context?.integration?.id) {
+                    const webhook = await models.Webhook.findOne({id: frame.options.id});
+                    if (!webhook) {
+                        throw new errors.NotFoundError({
+                            message: tpl(messages.resourceNotFound, {
+                                resource: 'Webhook'
+                            })
+                        });
+                    }
 
-                            if (webhook.get('integration_id') !== frame.options.context.integration.id) {
-                                throw new errors.NoPermissionError({
-                                    message: tpl(messages.noPermissionToEdit.message, {
-                                        method: 'edit'
-                                    }),
-                                    context: tpl(messages.noPermissionToEdit.context, {
-                                        method: 'edit'
-                                    })
-                                });
-                            }
+                    if (webhook.get('integration_id') !== frame.options.context.integration.id) {
+                        throw new errors.NoPermissionError({
+                            message: tpl(messages.noPermissionToEdit.message, {
+                                method: 'edit'
+                            }),
+                            context: tpl(messages.noPermissionToEdit.context, {
+                                method: 'edit'
+                            })
                         });
+                    }
                 }
             }
         },
@@ -103,29 +101,27 @@ const controller = {
             }
         },
         permissions: {
-            before: (frame) => {
-                if (frame.options.context && frame.options.context.integration && frame.options.context.integration.id) {
-                    return models.Webhook.findOne({id: frame.options.id})
-                        .then((webhook) => {
-                            if (!webhook) {
-                                throw new errors.NotFoundError({
-                                    message: tpl(messages.resourceNotFound, {
-                                        resource: 'Webhook'
-                                    })
-                                });
-                            }
+            before: async (frame) => {
+                if (frame.options.context?.integration?.id) {
+                    const webhook = await models.Webhook.findOne({id: frame.options.id});
+                    if (!webhook) {
+                        throw new errors.NotFoundError({
+                            message: tpl(messages.resourceNotFound, {
+                                resource: 'Webhook'
+                            })
+                        });
+                    }
 
-                            if (webhook.get('integration_id') !== frame.options.context.integration.id) {
-                                throw new errors.NoPermissionError({
-                                    message: tpl(messages.noPermissionToEdit.message, {
-                                        method: 'destroy'
-                                    }),
-                                    context: tpl(messages.noPermissionToEdit.context, {
-                                        method: 'destroy'
-                                    })
-                                });
-                            }
+                    if (webhook.get('integration_id') !== frame.options.context.integration.id) {
+                        throw new errors.NoPermissionError({
+                            message: tpl(messages.noPermissionToEdit.message, {
+                                method: 'destroy'
+                            }),
+                            context: tpl(messages.noPermissionToEdit.context, {
+                                method: 'destroy'
+                            })
                         });
+                    }
                 }
             }
         },

package/core/server/data/migrations/versions/5.120/2025-05-07-14-57-38-add-newsletters-button-corners-column.js

@@ -0,0 +1,8 @@
+const {createAddColumnMigration} = require('../../utils');
+
+module.exports = createAddColumnMigration('newsletters', 'button_corners', {
+    type: 'string',
+    maxlength: 50,
+    nullable: false,
+    defaultTo: 'rounded'
+});

package/core/server/data/migrations/versions/5.120/2025-05-13-17-36-56-add-newsletters-button-style-column.js

@@ -0,0 +1,8 @@
+const {createAddColumnMigration} = require('../../utils');
+
+module.exports = createAddColumnMigration('newsletters', 'button_style', {
+    type: 'string',
+    maxlength: 50,
+    nullable: false,
+    defaultTo: 'fill'
+});

package/core/server/data/migrations/versions/5.120/2025-05-14-20-00-15-add-newsletters-setting-columns.js

@@ -0,0 +1,22 @@
+const {combineNonTransactionalMigrations, createAddColumnMigration} = require('../../utils');
+
+module.exports = combineNonTransactionalMigrations(
+    createAddColumnMigration('newsletters', 'title_font_weight', {
+        type: 'string',
+        maxlength: 50,
+        nullable: false,
+        defaultTo: 'bold'
+    }),
+    createAddColumnMigration('newsletters', 'link_style', {
+        type: 'string',
+        maxlength: 50,
+        nullable: false,
+        defaultTo: 'underline'
+    }),
+    createAddColumnMigration('newsletters', 'image_corners', {
+        type: 'string',
+        maxlength: 50,
+        nullable: false,
+        defaultTo: 'square'
+    })
+);

package/core/server/data/schema/schema.js

@@ -46,7 +46,12 @@ module.exports = {
         border_color: {type: 'string', maxlength: 50, nullable: true},
         title_color: {type: 'string', maxlength: 50, nullable: true},
         created_at: {type: 'dateTime', nullable: false},
-        updated_at: {type: 'dateTime', nullable: true}
+        updated_at: {type: 'dateTime', nullable: true},
+        button_corners: {type: 'string', maxlength: 50, nullable: false, defaultTo: 'rounded', validations: {isIn: [['square', 'rounded', 'pill']]}},
+        button_style: {type: 'string', maxlength: 50, nullable: false, defaultTo: 'fill', validations: {isIn: [['fill', 'outline']]}},
+        title_font_weight: {type: 'string', maxlength: 50, nullable: false, defaultTo: 'bold', validations: {isIn: [['normal', 'medium', 'semibold', 'bold']]}},
+        link_style: {type: 'string', maxlength: 50, nullable: false, defaultTo: 'underline', validations: {isIn: [['underline', 'regular', 'bold']]}},
+        image_corners: {type: 'string', maxlength: 50, nullable: false, defaultTo: 'square', validations: {isIn: [['square', 'rounded']]}}
     },
     posts: {
         id: {type: 'string', maxlength: 24, nullable: false, primary: true},

package/core/server/lib/image/Gravatar.js

@@ -23,7 +23,7 @@ class Gravatar {
         return tpl(gravatarUrl, Object.assign(defaultOptions, options, {hash: emailHash}));
     }
 
-    lookup(userData, timeout) {
+    async lookup(userData, timeout) {
         if (this.config.isPrivacyDisabled('useGravatar')) {
             return Promise.resolve();
         }
@@ -33,21 +33,20 @@ class Gravatar {
         const testUrl = this.url(userData.email, {default: 404, rating: 'x'});
         const imageUrl = this.url(userData.email, {default: 'mp', rating: 'x'});
 
-        return Promise.resolve(this.request(testUrl, {timeout: {request: timeout || 2 * 1000}}))
-            .then(function () {
+        try {
+            await this.request(testUrl, {timeout: {request: timeout || 2 * 1000}});
+            return {
+                image: imageUrl
+            };
+        } catch (err) {
+            if (err.statusCode === 404) {
                 return {
-                    image: imageUrl
+                    image: undefined
                 };
-            })
-            .catch(function (err) {
-                if (err.statusCode === 404) {
-                    return {
-                        image: undefined
-                    };
-                }
+            }
 
-                // ignore error, just resolve with no image url
-            });
+            // ignore error, just resolve with no image url
+        }
     }
 }
 

package/core/server/lib/lexical.js

@@ -74,7 +74,9 @@ module.exports = {
                     && typeof storage.getStorage('images').saveRaw === 'function';
             },
             feature: {
-                contentVisibility: labs.isSet('contentVisibility')
+                contentVisibility: labs.isSet('contentVisibility'),
+                emailCustomization: labs.isSet('emailCustomization'),
+                emailCustomizationAlpha: labs.isSet('emailCustomizationAlpha')
             }
         }, userOptions);
 

package/core/server/models/newsletter.js

@@ -30,7 +30,12 @@ const Newsletter = ghostBookshelf.Model.extend({
             border_color: null,
             title_color: null,
             feedback_enabled: false,
-            show_excerpt: false
+            show_excerpt: false,
+            button_corners: 'rounded',
+            button_style: 'fill',
+            title_font_weight: 'bold',
+            link_style: 'underline',
+            image_corners: 'square'
         };
     },
 

package/core/server/services/api-version-compatibility/index.js

@@ -1,39 +1,9 @@
-const APIVersionCompatibilityService = require('./APIVersionCompatibilityService');
-const versionMismatchHandler = require('./mw-api-version-mismatch');
 const ghostVersion = require('@tryghost/version');
-const {GhostMailer} = require('../mail');
-const settingsService = require('../settings/settings-service');
-const models = require('../../models');
-const urlUtils = require('../../../shared/url-utils');
-const settingsCache = require('../../../shared/settings-cache');
-
-let serviceInstance;
-
-const init = () => {
-    const ghostMailer = new GhostMailer();
-
-    serviceInstance = new APIVersionCompatibilityService({
-        UserModel: models.User,
-        ApiKeyModel: models.ApiKey,
-        settingsService: settingsService.getSettingsBREADServiceInstance(),
-        sendEmail: (options) => {
-            // NOTE: not using bind here because mockMailer is having trouble mocking bound methods
-            return ghostMailer.send(options);
-        },
-        getSiteUrl: () => urlUtils.urlFor('home', true),
-        getSiteTitle: () => settingsCache.get('title')
-    });
-};
-
-module.exports.errorHandler = function apiVersionCompatibilityErrorHandler(err, req, res, next) {
-    return versionMismatchHandler(serviceInstance)(err, req, res, next);
-};
 
 /**
  * Set Content-Version on the response, and add 'Accept-Version' to VARY as
  * it effects response caching
- * TODO: move the method to mw once back-compatibility with 4.x is sorted
- *
+ * * TODO: move the method to mw once back-compatibility with 4.x is sorted *
  * @param {import('express').Request} req
  * @param {import('express').Response} res
  * @param {import('express').NextFunction} next
@@ -47,5 +17,3 @@ module.exports.contentVersion = function apiVersionCompatibilityContentVersion(r
 
 module.exports.versionRewrites = require('./mw-version-rewrites');
 module.exports.legacyApiPathMatch = require('./legacy-api-path-match');
-
-module.exports.init = init;

package/core/server/services/auth/session/emails/signin.js

@@ -4,7 +4,7 @@ module.exports = ({t, siteTitle, email, siteDomain, siteUrl, siteLogo, token, de
   <head>
     <meta name="viewport" content="width=device-width">
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-    <title>🔑 ${t('Your verification code for {{siteTitle}}', {siteTitle, interpolation: {escapeValue: false}})}</title>
+    <title>🔑 ${t('Your verification code for {siteTitle}', {siteTitle, interpolation: {escapeValue: false}})}</title>
     <style>
     /* -------------------------------------
         RESPONSIVE AND MOBILE FRIENDLY STYLES
@@ -107,7 +107,7 @@ module.exports = ({t, siteTitle, email, siteDomain, siteUrl, siteLogo, token, de
           <div class="content" style="box-sizing: border-box; display: block; Margin: 0 auto; max-width: 600px; padding: 30px 20px;">
 
             <!-- START CENTERED CONTAINER -->
-            <span class="preheader" style="color: transparent; display: none; height: 0; max-height: 0; max-width: 0; opacity: 0; overflow: hidden; mso-hide: all; visibility: hidden; width: 0;">${t('Here\'s your code to login to {{siteTitle}}', {siteTitle, interpolation: {escapeValue: false}})}</span>
+            <span class="preheader" style="color: transparent; display: none; height: 0; max-height: 0; max-width: 0; opacity: 0; overflow: hidden; mso-hide: all; visibility: hidden; width: 0;">${t('Here\'s your code to login to {siteTitle}', {siteTitle, interpolation: {escapeValue: false}})}</span>
             <table class="main" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background: #ffffff; border-radius: 8px;">
 
               <!-- START MAIN CONTENT AREA -->
@@ -120,7 +120,7 @@ module.exports = ({t, siteTitle, email, siteDomain, siteUrl, siteLogo, token, de
                     <tr>
                       <td style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; vertical-align: top;">
                         <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 20px; color: #15212A; font-weight: 600; line-height: 24px; margin: 0; margin-bottom: 15px; margin-top: 50px;">${t('Sign in verification')}</p>
-                        <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; color: #3A464C; font-weight: normal; margin: 0; line-height: 24px; margin-bottom: 32px;">${is2FARequired ? '' : t('You just tried to access your account from a new device.')} ${t('For security verification, enter the code below to sign in to {{siteTitle}}:', {siteTitle, interpolation: {escapeValue: false}})}</p>
+                        <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; color: #3A464C; font-weight: normal; margin: 0; line-height: 24px; margin-bottom: 32px;">${is2FARequired ? '' : t('You just tried to access your account from a new device.')} ${t('For security verification, enter the code below to sign in to {siteTitle}:', {siteTitle, interpolation: {escapeValue: false}})}</p>
                       </td>
                     </tr>
                     <tr>

package/core/server/services/email-address/EmailAddressParser.js

@@ -0,0 +1,52 @@
+const addressparser = require('nodemailer/lib/addressparser');
+
+/**
+ * @typedef {Object} EmailAddress
+ * @property {string} address - The email address
+ * @property {string} [name] - Optional name associated with the email
+ */
+
+module.exports = class EmailAddressParser {
+    /**
+     * Parse an email string into an EmailAddress object
+     * @param {string} email - Email string to parse
+     * @returns {EmailAddress|null} Parsed email or null if invalid
+     */
+    static parse(email) {
+        if (!email || typeof email !== 'string' || !email.length) {
+            return null;
+        }
+
+        const parsed = addressparser(email);
+
+        if (parsed.length !== 1) {
+            return null;
+        }
+        const first = parsed[0];
+
+        // Check first has a group property
+        if ('group' in first) {
+            // Unsupported format
+            return null;
+        }
+
+        return {
+            address: first.address,
+            name: first.name || undefined
+        };
+    }
+
+    /**
+     * Convert an EmailAddress object to a string representation
+     * @param {EmailAddress} email - Email object to stringify
+     * @returns {string} String representation of the email
+     */
+    static stringify(email) {
+        if (!email.name) {
+            return email.address;
+        }
+
+        const escapedName = email.name.replace(/"/g, '\\"');
+        return `"${escapedName}" <${email.address}>`;
+    }
+};

package/core/server/services/email-address/EmailAddressParser.js.d.ts

@@ -0,0 +1,13 @@
+/* eslint-disable ghost/filenames/match-exported-class */
+
+export interface EmailAddress {
+    address: string;
+    name?: string;
+}
+
+declare class EmailAddressParser {
+    static parse(email: string): EmailAddress | null;
+    static stringify(email: EmailAddress): string;
+}
+
+export default EmailAddressParser;

package/core/server/services/email-address/EmailAddressService.js

@@ -0,0 +1,142 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EmailAddressService = void 0;
+/* eslint-disable ghost/filenames/match-exported-class */
+const logging_1 = __importDefault(require("@tryghost/logging"));
+const EmailAddressParser_js_1 = __importDefault(require("./EmailAddressParser.js"));
+class EmailAddressService {
+    #getManagedEmailEnabled;
+    #getSendingDomain;
+    #getDefaultEmail;
+    #isValidEmailAddress;
+    #labs;
+    constructor(dependencies) {
+        this.#getManagedEmailEnabled = dependencies.getManagedEmailEnabled;
+        this.#getSendingDomain = dependencies.getSendingDomain;
+        this.#getDefaultEmail = dependencies.getDefaultEmail;
+        this.#isValidEmailAddress = dependencies.isValidEmailAddress;
+        this.#labs = dependencies.labs;
+    }
+    get sendingDomain() {
+        return this.#getSendingDomain();
+    }
+    get managedEmailEnabled() {
+        return this.#getManagedEmailEnabled();
+    }
+    get defaultFromEmail() {
+        return this.#getDefaultEmail();
+    }
+    getAddressFromString(from, replyTo) {
+        const parsedFrom = EmailAddressParser_js_1.default.parse(from);
+        const parsedReplyTo = replyTo ? EmailAddressParser_js_1.default.parse(replyTo) : undefined;
+        return this.getAddress({
+            from: parsedFrom ?? this.defaultFromEmail,
+            replyTo: parsedReplyTo ?? undefined
+        });
+    }
+    /**
+     * When sending an email, we should always ensure DMARC alignment.
+     * Because of that, we restrict which email addresses we send from. All emails should be either
+     * send from a configured domain (hostSettings.managedEmail.sendingDomains), or from the configured email address (mail.from).
+     *
+     * If we send an email from an email address that doesn't pass, we'll just default to the default email address,
+     * and instead add a replyTo email address from the requested from address.
+     */
+    getAddress(preferred) {
+        if (preferred.replyTo && !this.#isValidEmailAddress(preferred.replyTo.address)) {
+            // Remove invalid replyTo addresses
+            logging_1.default.error(`[EmailAddresses] Invalid replyTo address: ${preferred.replyTo.address}`);
+            preferred.replyTo = undefined;
+        }
+        // Validate the from address
+        if (!this.#isValidEmailAddress(preferred.from.address)) {
+            // Never allow an invalid email address
+            return {
+                from: this.defaultFromEmail,
+                replyTo: preferred.replyTo || undefined
+            };
+        }
+        if (!this.managedEmailEnabled) {
+            // Self hoster or legacy Ghost Pro
+            return preferred;
+        }
+        // Case: always allow the default from address
+        if (preferred.from.address === this.defaultFromEmail.address) {
+            if (!preferred.from.name) {
+                // Use the default sender name if it is missing
+                preferred.from.name = this.defaultFromEmail.name;
+            }
+            return preferred;
+        }
+        if (this.sendingDomain) {
+            // Check if FROM address is from the sending domain
+            if (preferred.from.address.endsWith(`@${this.sendingDomain}`)) {
+                return preferred;
+            }
+            // Invalid configuration: don't allow to send from this sending domain
+            logging_1.default.error(`[EmailAddresses] Invalid configuration: cannot send emails from ${preferred.from.address} when sending domain is ${this.sendingDomain}`);
+        }
+        // Only allow to send from the configured from address
+        const address = {
+            from: this.defaultFromEmail,
+            replyTo: preferred.replyTo || preferred.from
+        };
+        // Do allow to change the sender name if requested
+        if (preferred.from.name) {
+            address.from.name = preferred.from.name;
+        }
+        if (address.replyTo.address === address.from.address) {
+            return {
+                from: address.from
+            };
+        }
+        return address;
+    }
+    /**
+     * When changing any from or reply to addresses in the system, we need to validate them
+     */
+    validate(email, type) {
+        if (!this.#isValidEmailAddress(email)) {
+            // Never allow an invalid email address
+            return {
+                allowed: email === this.defaultFromEmail.address, // Localhost email noreply@127.0.0.1 is marked as invalid, but we should allow it
+                verificationEmailRequired: false,
+                reason: 'invalid'
+            };
+        }
+        if (!this.managedEmailEnabled) {
+            // Self hoster or legacy Ghost Pro
+            return {
+                allowed: true,
+                verificationEmailRequired: false // Self hosters don't need to verify email addresses
+            };
+        }
+        if (this.sendingDomain) {
+            // Only allow it if it ends with the sending domain
+            if (email.endsWith(`@${this.sendingDomain}`)) {
+                return {
+                    allowed: true,
+                    verificationEmailRequired: false
+                };
+            }
+            // Use same restrictions as one without a sending domain for other addresses
+        }
+        // Only allow to edit the replyTo address, with verification
+        if (type === 'replyTo') {
+            return {
+                allowed: true,
+                verificationEmailRequired: email !== this.defaultFromEmail.address
+            };
+        }
+        // Not allowed to change from
+        return {
+            allowed: email === this.defaultFromEmail.address,
+            verificationEmailRequired: false,
+            reason: 'not allowed'
+        };
+    }
+}
+exports.EmailAddressService = EmailAddressService;