npm - ghost - Versions diffs - 5.119.3 → 5.120.1 - Mend

ghost 5.119.3 → 5.120.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (129) hide show

package/core/server/api/endpoints/utils/validators/input/images.js CHANGED Viewed

@@ -10,21 +10,20 @@ const messages = {
     invalidFile: 'Icon must be a .jpg, .webp, .svg or .png file, at least 60x60px, under 20MB.'
 };
-const profileImage = (frame) => {
-    return imageSize.getImageSizeFromPath(frame.file.path).then((response) => {
-        // save the image dimensions in new property for file
-        frame.file.dimensions = response;
+const profileImage = async (frame) => {
+    const response = await imageSize.getImageSizeFromPath(frame.file.path);
+    // save the image dimensions in new property for file
+    frame.file.dimensions = response;
-        // CASE: file needs to be a square
-        if (frame.file.dimensions.width !== frame.file.dimensions.height) {
-            return Promise.reject(new errors.ValidationError({
-                message: tpl(messages.isNotSquare)
-            }));
-        }
-    });
+    // CASE: file needs to be a square
+    if (frame.file.dimensions.width !== frame.file.dimensions.height) {
+        throw new errors.ValidationError({
+            message: tpl(messages.isNotSquare)
+        });
+    }
 };
-const icon = (frame) => {
+const icon = async (frame) => {
     const iconExtensions = (config.get('uploads').icons && config.get('uploads').icons.extensions) || [];
     // We don't support resizing .ico files, so we set a lower max upload size
@@ -44,56 +43,48 @@ const icon = (frame) => {
     // CASE: file should not be larger than 20MB
     if (!validIconFileSize(frame.file.size)) {
-        return Promise.reject(new errors.ValidationError({
+        throw new errors.ValidationError({
             message: tpl(message, {extensions: iconExtensions})
-        }));
+        });
     }
-    return blogIcon.getIconDimensions(frame.file.path).then((response) => {
-        // save the image dimensions in new property for file
-        frame.file.dimensions = response;
+    const response = await blogIcon.getIconDimensions(frame.file.path);
+    // save the image dimensions in new property for file
+    frame.file.dimensions = response;
-        if (isIco) {
-            // CASE: file needs to be a square
-            if (frame.file.dimensions.width !== frame.file.dimensions.height) {
-                return Promise.reject(new errors.ValidationError({
-                    message: tpl(message, {extensions: iconExtensions})
-                }));
-            }
-            // CASE: icon needs to be smaller than or equal to 1000px
-            if (frame.file.dimensions.width > 1000) {
-                return Promise.reject(new errors.ValidationError({
-                    message: tpl(message, {extensions: iconExtensions})
-                }));
-            }
+    if (isIco) {
+        // CASE: file needs to be a square
+        if (frame.file.dimensions.width !== frame.file.dimensions.height) {
+            throw new errors.ValidationError({
+                message: tpl(message, {extensions: iconExtensions})
+            });
         }
-        // CASE: icon needs to be bigger than or equal to 60px
-        // .ico files can contain multiple sizes, we need at least a minimum of 60px (16px is ok, as long as 60px are present as well)
-        if (!isSVG && frame.file.dimensions.width < 60) {
-            return Promise.reject(new errors.ValidationError({
+        // CASE: icon needs to be smaller than or equal to 1000px
+        if (frame.file.dimensions.width > 1000) {
+            throw new errors.ValidationError({
                 message: tpl(message, {extensions: iconExtensions})
-            }));
+            });
         }
-    });
+    }
+    // CASE: icon needs to be bigger than or equal to 60px
+    // .ico files can contain multiple sizes, we need at least a minimum of 60px (16px is ok, as long as 60px are present as well)
+    if (!isSVG && frame.file.dimensions.width < 60) {
+        throw new errors.ValidationError({
+            message: tpl(message, {extensions: iconExtensions})
+        });
+    }
 };
 module.exports = {
-    upload(apiConfig, frame) {
-        return Promise.resolve()
-            .then(() => {
-                return jsonSchema.validate(apiConfig, frame);
-            })
-            .then(() => {
-                if (frame.data.purpose === 'profile_image') {
-                    return profileImage(frame);
-                }
-            })
-            .then(() => {
-                if (frame.data.purpose === 'icon') {
-                    return icon(frame);
-                }
-            });
+    async upload(apiConfig, frame) {
+        await jsonSchema.validate(apiConfig, frame);
+        if (frame.data.purpose === 'profile_image') {
+            await profileImage(frame);
+        }
+        if (frame.data.purpose === 'icon') {
+            await icon(frame);
+        }
     }
 };

package/core/server/api/endpoints/utils/validators/input/invites.js CHANGED Viewed

@@ -7,14 +7,12 @@ const messages = {
 };
 module.exports = {
-    add(apiConfig, frame) {
-        return models.User.findOne({email: frame.data.invites[0].email}, frame.options)
-            .then((user) => {
-                if (user) {
-                    return Promise.reject(new errors.ValidationError({
-                        message: tpl(messages.userAlreadyRegistered)
-                    }));
-                }
+    async add(apiConfig, frame) {
+        const user = await models.User.findOne({email: frame.data.invites[0].email}, frame.options);
+        if (user) {
+            throw new errors.ValidationError({
+                message: tpl(messages.userAlreadyRegistered)
             });
+        }
     }
 };

package/core/server/api/endpoints/webhooks.js CHANGED Viewed

@@ -39,29 +39,27 @@ const controller = {
             cacheInvalidate: false
         },
         permissions: {
-            before: (frame) => {
-                if (frame.options.context && frame.options.context.integration && frame.options.context.integration.id) {
-                    return models.Webhook.findOne({id: frame.options.id})
-                        .then((webhook) => {
-                            if (!webhook) {
-                                throw new errors.NotFoundError({
-                                    message: tpl(messages.resourceNotFound, {
-                                        resource: 'Webhook'
-                                    })
-                                });
-                            }
+            before: async (frame) => {
+                if (frame.options.context?.integration?.id) {
+                    const webhook = await models.Webhook.findOne({id: frame.options.id});
+                    if (!webhook) {
+                        throw new errors.NotFoundError({
+                            message: tpl(messages.resourceNotFound, {
+                                resource: 'Webhook'
+                            })
+                        });
+                    }
-                            if (webhook.get('integration_id') !== frame.options.context.integration.id) {
-                                throw new errors.NoPermissionError({
-                                    message: tpl(messages.noPermissionToEdit.message, {
-                                        method: 'edit'
-                                    }),
-                                    context: tpl(messages.noPermissionToEdit.context, {
-                                        method: 'edit'
-                                    })
-                                });
-                            }
+                    if (webhook.get('integration_id') !== frame.options.context.integration.id) {
+                        throw new errors.NoPermissionError({
+                            message: tpl(messages.noPermissionToEdit.message, {
+                                method: 'edit'
+                            }),
+                            context: tpl(messages.noPermissionToEdit.context, {
+                                method: 'edit'
+                            })
                         });
+                    }
                 }
             }
         },
@@ -103,29 +101,27 @@ const controller = {
             }
         },
         permissions: {
-            before: (frame) => {
-                if (frame.options.context && frame.options.context.integration && frame.options.context.integration.id) {
-                    return models.Webhook.findOne({id: frame.options.id})
-                        .then((webhook) => {
-                            if (!webhook) {
-                                throw new errors.NotFoundError({
-                                    message: tpl(messages.resourceNotFound, {
-                                        resource: 'Webhook'
-                                    })
-                                });
-                            }
+            before: async (frame) => {
+                if (frame.options.context?.integration?.id) {
+                    const webhook = await models.Webhook.findOne({id: frame.options.id});
+                    if (!webhook) {
+                        throw new errors.NotFoundError({
+                            message: tpl(messages.resourceNotFound, {
+                                resource: 'Webhook'
+                            })
+                        });
+                    }
-                            if (webhook.get('integration_id') !== frame.options.context.integration.id) {
-                                throw new errors.NoPermissionError({
-                                    message: tpl(messages.noPermissionToEdit.message, {
-                                        method: 'destroy'
-                                    }),
-                                    context: tpl(messages.noPermissionToEdit.context, {
-                                        method: 'destroy'
-                                    })
-                                });
-                            }
+                    if (webhook.get('integration_id') !== frame.options.context.integration.id) {
+                        throw new errors.NoPermissionError({
+                            message: tpl(messages.noPermissionToEdit.message, {
+                                method: 'destroy'
+                            }),
+                            context: tpl(messages.noPermissionToEdit.context, {
+                                method: 'destroy'
+                            })
                         });
+                    }
                 }
             }
         },

package/core/server/data/migrations/versions/5.120/2025-05-07-14-57-38-add-newsletters-button-corners-column.js ADDED Viewed

@@ -0,0 +1,8 @@
+const {createAddColumnMigration} = require('../../utils');
+module.exports = createAddColumnMigration('newsletters', 'button_corners', {
+    type: 'string',
+    maxlength: 50,
+    nullable: false,
+    defaultTo: 'rounded'
+});

package/core/server/data/migrations/versions/5.120/2025-05-13-17-36-56-add-newsletters-button-style-column.js ADDED Viewed

@@ -0,0 +1,8 @@
+const {createAddColumnMigration} = require('../../utils');
+module.exports = createAddColumnMigration('newsletters', 'button_style', {
+    type: 'string',
+    maxlength: 50,
+    nullable: false,
+    defaultTo: 'fill'
+});

package/core/server/data/migrations/versions/5.120/2025-05-14-20-00-15-add-newsletters-setting-columns.js ADDED Viewed

@@ -0,0 +1,22 @@
+const {combineNonTransactionalMigrations, createAddColumnMigration} = require('../../utils');
+module.exports = combineNonTransactionalMigrations(
+    createAddColumnMigration('newsletters', 'title_font_weight', {
+        type: 'string',
+        maxlength: 50,
+        nullable: false,
+        defaultTo: 'bold'
+    }),
+    createAddColumnMigration('newsletters', 'link_style', {
+        type: 'string',
+        maxlength: 50,
+        nullable: false,
+        defaultTo: 'underline'
+    }),
+    createAddColumnMigration('newsletters', 'image_corners', {
+        type: 'string',
+        maxlength: 50,
+        nullable: false,
+        defaultTo: 'square'
+    })
+);

package/core/server/data/schema/schema.js CHANGED Viewed

@@ -46,7 +46,12 @@ module.exports = {
         border_color: {type: 'string', maxlength: 50, nullable: true},
         title_color: {type: 'string', maxlength: 50, nullable: true},
         created_at: {type: 'dateTime', nullable: false},
-        updated_at: {type: 'dateTime', nullable: true}
+        updated_at: {type: 'dateTime', nullable: true},
+        button_corners: {type: 'string', maxlength: 50, nullable: false, defaultTo: 'rounded', validations: {isIn: [['square', 'rounded', 'pill']]}},
+        button_style: {type: 'string', maxlength: 50, nullable: false, defaultTo: 'fill', validations: {isIn: [['fill', 'outline']]}},
+        title_font_weight: {type: 'string', maxlength: 50, nullable: false, defaultTo: 'bold', validations: {isIn: [['normal', 'medium', 'semibold', 'bold']]}},
+        link_style: {type: 'string', maxlength: 50, nullable: false, defaultTo: 'underline', validations: {isIn: [['underline', 'regular', 'bold']]}},
+        image_corners: {type: 'string', maxlength: 50, nullable: false, defaultTo: 'square', validations: {isIn: [['square', 'rounded']]}}
     },
     posts: {
         id: {type: 'string', maxlength: 24, nullable: false, primary: true},

package/core/server/lib/image/Gravatar.js CHANGED Viewed

@@ -23,7 +23,7 @@ class Gravatar {
         return tpl(gravatarUrl, Object.assign(defaultOptions, options, {hash: emailHash}));
     }
-    lookup(userData, timeout) {
+    async lookup(userData, timeout) {
         if (this.config.isPrivacyDisabled('useGravatar')) {
             return Promise.resolve();
         }
@@ -33,21 +33,20 @@ class Gravatar {
         const testUrl = this.url(userData.email, {default: 404, rating: 'x'});
         const imageUrl = this.url(userData.email, {default: 'mp', rating: 'x'});
-        return Promise.resolve(this.request(testUrl, {timeout: {request: timeout || 2 * 1000}}))
-            .then(function () {
+        try {
+            await this.request(testUrl, {timeout: {request: timeout || 2 * 1000}});
+            return {
+                image: imageUrl
+            };
+        } catch (err) {
+            if (err.statusCode === 404) {
                 return {
-                    image: imageUrl
+                    image: undefined
                 };
-            })
-            .catch(function (err) {
-                if (err.statusCode === 404) {
-                    return {
-                        image: undefined
-                    };
-                }
+            }
-                // ignore error, just resolve with no image url
-            });
+            // ignore error, just resolve with no image url
+        }
     }
 }

package/core/server/lib/lexical.js CHANGED Viewed

@@ -74,7 +74,9 @@ module.exports = {
                     && typeof storage.getStorage('images').saveRaw === 'function';
             },
             feature: {
-                contentVisibility: labs.isSet('contentVisibility')
+                contentVisibility: labs.isSet('contentVisibility'),
+                emailCustomization: labs.isSet('emailCustomization'),
+                emailCustomizationAlpha: labs.isSet('emailCustomizationAlpha')
             }
         }, userOptions);

package/core/server/models/newsletter.js CHANGED Viewed

@@ -30,7 +30,12 @@ const Newsletter = ghostBookshelf.Model.extend({
             border_color: null,
             title_color: null,
             feedback_enabled: false,
-            show_excerpt: false
+            show_excerpt: false,
+            button_corners: 'rounded',
+            button_style: 'fill',
+            title_font_weight: 'bold',
+            link_style: 'underline',
+            image_corners: 'square'
         };
     },

package/core/server/services/api-version-compatibility/index.js CHANGED Viewed

@@ -1,39 +1,9 @@
-const APIVersionCompatibilityService = require('./APIVersionCompatibilityService');
-const versionMismatchHandler = require('./mw-api-version-mismatch');
 const ghostVersion = require('@tryghost/version');
-const {GhostMailer} = require('../mail');
-const settingsService = require('../settings/settings-service');
-const models = require('../../models');
-const urlUtils = require('../../../shared/url-utils');
-const settingsCache = require('../../../shared/settings-cache');
-let serviceInstance;
-const init = () => {
-    const ghostMailer = new GhostMailer();
-    serviceInstance = new APIVersionCompatibilityService({
-        UserModel: models.User,
-        ApiKeyModel: models.ApiKey,
-        settingsService: settingsService.getSettingsBREADServiceInstance(),
-        sendEmail: (options) => {
-            // NOTE: not using bind here because mockMailer is having trouble mocking bound methods
-            return ghostMailer.send(options);
-        },
-        getSiteUrl: () => urlUtils.urlFor('home', true),
-        getSiteTitle: () => settingsCache.get('title')
-    });
-};
-module.exports.errorHandler = function apiVersionCompatibilityErrorHandler(err, req, res, next) {
-    return versionMismatchHandler(serviceInstance)(err, req, res, next);
-};
 /**
  * Set Content-Version on the response, and add 'Accept-Version' to VARY as
  * it effects response caching
- * TODO: move the method to mw once back-compatibility with 4.x is sorted
- *
+ * * TODO: move the method to mw once back-compatibility with 4.x is sorted *
  * @param {import('express').Request} req
  * @param {import('express').Response} res
  * @param {import('express').NextFunction} next
@@ -47,5 +17,3 @@ module.exports.contentVersion = function apiVersionCompatibilityContentVersion(r
 module.exports.versionRewrites = require('./mw-version-rewrites');
 module.exports.legacyApiPathMatch = require('./legacy-api-path-match');
-module.exports.init = init;

package/core/server/services/auth/session/emails/signin.js CHANGED Viewed

@@ -4,7 +4,7 @@ module.exports = ({t, siteTitle, email, siteDomain, siteUrl, siteLogo, token, de
   <head>
     <meta name="viewport" content="width=device-width">
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-    <title>🔑 ${t('Your verification code for {{siteTitle}}', {siteTitle, interpolation: {escapeValue: false}})}</title>
+    <title>🔑 ${t('Your verification code for {siteTitle}', {siteTitle, interpolation: {escapeValue: false}})}</title>
     <style>
     /* -------------------------------------
         RESPONSIVE AND MOBILE FRIENDLY STYLES
@@ -107,7 +107,7 @@ module.exports = ({t, siteTitle, email, siteDomain, siteUrl, siteLogo, token, de
           <div class="content" style="box-sizing: border-box; display: block; Margin: 0 auto; max-width: 600px; padding: 30px 20px;">
             <!-- START CENTERED CONTAINER -->
-            <span class="preheader" style="color: transparent; display: none; height: 0; max-height: 0; max-width: 0; opacity: 0; overflow: hidden; mso-hide: all; visibility: hidden; width: 0;">${t('Here\'s your code to login to {{siteTitle}}', {siteTitle, interpolation: {escapeValue: false}})}</span>
+            <span class="preheader" style="color: transparent; display: none; height: 0; max-height: 0; max-width: 0; opacity: 0; overflow: hidden; mso-hide: all; visibility: hidden; width: 0;">${t('Here\'s your code to login to {siteTitle}', {siteTitle, interpolation: {escapeValue: false}})}</span>
             <table class="main" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background: #ffffff; border-radius: 8px;">
               <!-- START MAIN CONTENT AREA -->
@@ -120,7 +120,7 @@ module.exports = ({t, siteTitle, email, siteDomain, siteUrl, siteLogo, token, de
                     <tr>
                       <td style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; vertical-align: top;">
                         <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 20px; color: #15212A; font-weight: 600; line-height: 24px; margin: 0; margin-bottom: 15px; margin-top: 50px;">${t('Sign in verification')}</p>
-                        <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; color: #3A464C; font-weight: normal; margin: 0; line-height: 24px; margin-bottom: 32px;">${is2FARequired ? '' : t('You just tried to access your account from a new device.')} ${t('For security verification, enter the code below to sign in to {{siteTitle}}:', {siteTitle, interpolation: {escapeValue: false}})}</p>
+                        <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; color: #3A464C; font-weight: normal; margin: 0; line-height: 24px; margin-bottom: 32px;">${is2FARequired ? '' : t('You just tried to access your account from a new device.')} ${t('For security verification, enter the code below to sign in to {siteTitle}:', {siteTitle, interpolation: {escapeValue: false}})}</p>
                       </td>
                     </tr>
                     <tr>

package/core/server/services/email-address/EmailAddressParser.js ADDED Viewed

@@ -0,0 +1,70 @@
+const addressparser = require('nodemailer/lib/addressparser');
+/**
+ * @typedef {Object} EmailAddress
+ * @property {string} address - The email address
+ * @property {string} [name] - Optional name associated with the email
+ */
+module.exports = class EmailAddressParser {
+    /**
+     * Parse an email string into an EmailAddress object
+     * @param {string} email - Email string to parse
+     * @returns {EmailAddress|null} Parsed email or null if invalid
+     */
+    static parse(email) {
+        if (!email || typeof email !== 'string' || !email.length) {
+            return null;
+        }
+        const parsed = addressparser(email);
+        if (parsed.length !== 1) {
+            return null;
+        }
+        const first = parsed[0];
+        // Check first has a group property
+        if ('group' in first) {
+            // Unsupported format
+            return null;
+        }
+        return {
+            address: first.address,
+            name: first.name || undefined
+        };
+    }
+    /**
+     * Convert an EmailAddress object to a string representation
+     * @param {EmailAddress} email - Email object to stringify
+     * @returns {string} String representation of the email
+     */
+    static stringify(email) {
+        if (!email.name) {
+            return email.address;
+        }
+        const escapedName = email.name.replace(/"/g, '\\"');
+        /**
+         * https://linear.app/ghost/issue/ONC-969
+         *
+         * Gmail will reject emails that contain certain Unicode characters.
+         * There isn't a documented list of which characters, and the error
+         * messages points us to https://support.google.com/mail/?p=BlockedMessage
+         *
+         * We've found that the following characters are problematic:
+         * - ✅ WHITE HEAVY CHECK MARK (U+2705)
+         * - ✓ CHECK MARK (U+2713)
+         * - ✔ HEAVY CHECK MARK (U+2714)
+         * - ☑ BALLOT BOX WITH CHECK (U+2611)
+         * - 🗸 LIGHT CHECK MARK (U+1F5F8)
+         *
+         * We remove these characters from the name.
+         */
+        const nameCleanedForGmail = escapedName.replace(/[\u2705\u2713\u2714\u2611\u{1F5F8}]/gu, '').trim();
+        return `"${nameCleanedForGmail}" <${email.address}>`;
+    }
+};

package/core/server/services/email-address/EmailAddressParser.js.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/* eslint-disable ghost/filenames/match-exported-class */
+export interface EmailAddress {
+    address: string;
+    name?: string;
+}
+declare class EmailAddressParser {
+    static parse(email: string): EmailAddress | null;
+    static stringify(email: EmailAddress): string;
+}
+export default EmailAddressParser;