ghost 5.129.2 → 6.0.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (286) hide show
  1. package/components/tryghost-i18n-6.0.0-alpha.1.tgz +0 -0
  2. package/core/boot.js +0 -2
  3. package/core/built/admin/assets/admin-x-activitypub/admin-x-activitypub.js +2 -2
  4. package/core/built/admin/assets/admin-x-activitypub/{index-B12913rO.mjs → index-BhgdXgH_.mjs} +2 -2
  5. package/core/built/admin/assets/admin-x-activitypub/{index-B7EmcyVj.mjs → index-rDFm98Ub.mjs} +15498 -15418
  6. package/core/built/admin/assets/admin-x-settings/{CodeEditorView-l2Ex2555.mjs → CodeEditorView-CA2VVtOE.mjs} +2 -2
  7. package/core/built/admin/assets/admin-x-settings/admin-x-settings.js +3 -3
  8. package/core/built/admin/assets/admin-x-settings/{index-C6P_16OJ.mjs → index-Dl3F40x5.mjs} +2 -2
  9. package/core/built/admin/assets/admin-x-settings/index-KA2tjCkS.mjs +30462 -0
  10. package/core/built/admin/assets/admin-x-settings/{modals-CY1xx4Em.mjs → modals-B0zezufO.mjs} +2185 -2183
  11. package/core/built/admin/assets/{chunk.524.c8313bccd308920abf9c.js → chunk.524.996c1c4d269fa6a50e90.js} +7 -7
  12. package/core/built/admin/assets/{chunk.582.e4feab981886cfc91835.js → chunk.582.75cf44e5d1b925adf16d.js} +9 -9
  13. package/core/built/admin/assets/{chunk.728.214803966b81ffdb1acd.js → chunk.728.985c45ad584b4b91ca60.js} +124 -124
  14. package/core/built/admin/assets/{ghost-db9fcb8c1f65776f3ee11c39f19a660b.js → ghost-5a5b2112df68dfaf6813ce38cad16847.js} +29 -30
  15. package/core/built/admin/assets/posts/posts.js +6641 -6621
  16. package/core/built/admin/assets/stats/stats.js +12770 -12724
  17. package/core/built/admin/index.html +4 -4
  18. package/core/frontend/helpers/get.js +4 -2
  19. package/core/frontend/helpers/ghost_head.js +71 -77
  20. package/core/frontend/helpers/match.js +3 -0
  21. package/core/frontend/meta/canonical-url.js +1 -7
  22. package/core/frontend/meta/context-object.js +1 -1
  23. package/core/frontend/meta/get-meta.js +1 -4
  24. package/core/frontend/meta/og-image.js +1 -1
  25. package/core/frontend/meta/og-type.js +0 -2
  26. package/core/frontend/meta/schema.js +20 -1
  27. package/core/frontend/meta/twitter-image.js +1 -1
  28. package/core/frontend/meta/url.js +1 -12
  29. package/core/frontend/services/rendering/context.js +0 -8
  30. package/core/server/api/endpoints/index.js +0 -4
  31. package/core/server/api/endpoints/session.js +0 -9
  32. package/core/server/api/endpoints/utils/serializers/input/settings.js +3 -3
  33. package/core/server/api/endpoints/utils/serializers/input/utils/settings-filter-type-group-mapper.js +0 -1
  34. package/core/server/api/endpoints/utils/serializers/input/utils/settings-key-group-mapper.js +3 -2
  35. package/core/server/api/endpoints/utils/serializers/input/utils/settings-key-type-mapper.js +3 -2
  36. package/core/server/api/endpoints/utils/serializers/output/all.js +1 -1
  37. package/core/server/api/endpoints/utils/serializers/output/config.js +2 -1
  38. package/core/server/api/endpoints/utils/serializers/output/index.js +0 -4
  39. package/core/server/api/endpoints/utils/serializers/output/mappers/snippets.js +1 -5
  40. package/core/server/api/endpoints/utils/serializers/output/members.js +0 -2
  41. package/core/server/api/endpoints/utils/validators/input/index.js +0 -4
  42. package/core/server/data/importer/importers/data/Base.js +1 -3
  43. package/core/server/data/importer/importers/data/SettingsImporter.js +1 -3
  44. package/core/server/data/migrations/utils/index.js +1 -4
  45. package/core/server/data/migrations/utils/permissions.js +14 -6
  46. package/core/server/data/migrations/utils/settings.js +39 -22
  47. package/core/server/data/migrations/versions/4.47/2022-05-03-15-30-final-v4.js +2 -0
  48. package/core/server/data/migrations/versions/4.47/2022-05-04-10-03-no-op.js +6 -0
  49. package/core/server/data/migrations/versions/5.100/2024-11-06-04-45-15-add-activitypub-integration.js +4 -2
  50. package/core/server/data/migrations/versions/5.113/2025-03-07-12-24-00-add-super-editor.js +4 -2
  51. package/core/server/data/migrations/versions/5.130/2025-07-11-14-14-54-add-explore-settings.js +16 -0
  52. package/core/server/data/migrations/versions/5.3/2022-07-06-07-58-add-ghost-explore-integration-role.js +4 -2
  53. package/core/server/data/migrations/versions/5.3/2022-07-06-09-17-add-ghost-explore-integration.js +4 -2
  54. package/core/server/data/migrations/versions/5.3/2022-07-06-09-26-add-ghost-explore-integration-api-key.js +4 -2
  55. package/core/server/data/migrations/versions/5.40/2023-03-21-18-42-add-self-serve-integration-role.js +4 -2
  56. package/core/server/data/migrations/versions/5.40/2023-03-21-18-52-add-self-serve-integration.js +4 -2
  57. package/core/server/data/migrations/versions/5.40/2023-03-21-19-02-add-self-serve-integration-api-key.js +4 -2
  58. package/core/server/data/migrations/versions/5.63/2023-09-13-13-03-10-add-ghost-core-content-integration.js +4 -2
  59. package/core/server/data/migrations/versions/5.63/2023-09-13-13-34-11-add-ghost-core-content-integration-key.js +4 -2
  60. package/core/server/data/migrations/versions/6.0/2025-06-20-01-41-54-remove-updated-by-column.js +46 -0
  61. package/core/server/data/migrations/versions/6.0/2025-06-20-13-41-55-remove-created-by-column.js +47 -0
  62. package/core/server/data/migrations/versions/6.0/2025-06-23-09-49-25-add-missing-member-uuids.js +22 -0
  63. package/core/server/data/migrations/versions/6.0/2025-06-23-10-03-26-members-nullable-uuid.js +5 -0
  64. package/core/server/data/migrations/versions/6.0/2025-06-24-09-19-42-use-object-id-for-hardcoded-user-id.js +95 -0
  65. package/core/server/data/migrations/versions/6.0/2025-06-25-15-03-29-remove-amp-from-settings.js +6 -0
  66. package/core/server/data/migrations/versions/6.0/2025-06-30-13-59-10-remove-mail-events-table.js +3 -0
  67. package/core/server/data/migrations/versions/6.0/2025-06-30-14-00-00-update-feature-image-alt-length.js +25 -0
  68. package/core/server/data/schema/default-settings/default-settings.json +18 -13
  69. package/core/server/data/schema/fixtures/FixtureManager.js +128 -5
  70. package/core/server/data/schema/fixtures/fixtures.json +4 -6
  71. package/core/server/data/schema/fixtures/index.js +3 -1
  72. package/core/server/data/schema/schema.js +20 -65
  73. package/core/server/data/seeders/DataGenerator.js +11 -2
  74. package/core/server/data/seeders/importers/EmailsImporter.js +1 -3
  75. package/core/server/data/seeders/importers/LabelsImporter.js +1 -3
  76. package/core/server/data/seeders/importers/MembersImporter.js +0 -1
  77. package/core/server/data/seeders/importers/MembersStripeCustomersImporter.js +1 -2
  78. package/core/server/data/seeders/importers/MembersStripeCustomersSubscriptionsImporter.js +0 -1
  79. package/core/server/data/seeders/importers/PostsImporter.js +0 -1
  80. package/core/server/data/seeders/importers/RolesUsersImporter.js +6 -1
  81. package/core/server/data/seeders/importers/TagsImporter.js +1 -2
  82. package/core/server/data/seeders/importers/UsersImporter.js +1 -2
  83. package/core/server/data/tinybird/README.md +9 -14
  84. package/core/server/models/base/bookshelf.js +8 -1
  85. package/core/server/models/base/plugins/events.js +0 -28
  86. package/core/server/models/base/plugins/user-type.js +10 -36
  87. package/core/server/models/post.js +25 -10
  88. package/core/server/models/relations/authors.js +2 -2
  89. package/core/server/models/settings.js +1 -14
  90. package/core/server/models/user.js +33 -6
  91. package/core/server/services/activitypub/ActivityPubService.js +23 -4
  92. package/core/server/services/activitypub/ActivityPubService.ts +27 -8
  93. package/core/server/services/email-service/email-templates/partials/styles.hbs +0 -14
  94. package/core/server/services/explore-ping/ExplorePingService.js +44 -33
  95. package/core/server/services/link-redirection/README.md +1 -1
  96. package/core/server/services/mentions/MentionSendingService.js +1 -1
  97. package/core/server/services/public-config/config.js +4 -0
  98. package/core/server/services/themes/installer.js +17 -3
  99. package/core/server/services/update-check/UpdateCheckService.js +18 -2
  100. package/core/server/services/url/config.js +0 -2
  101. package/core/server/web/api/app.js +4 -0
  102. package/core/server/web/api/endpoints/admin/middleware.js +8 -9
  103. package/core/server/web/api/endpoints/admin/routes.js +0 -2
  104. package/core/server/web/comments/routes.js +3 -0
  105. package/core/server/web/shared/middleware/index.js +4 -0
  106. package/core/server/web/shared/middleware/max-limit-cap.js +27 -0
  107. package/core/server/web/shared/middleware/pretty-urls.js +3 -1
  108. package/core/server/web/shared/middleware/redirect-amp-urls.js +36 -0
  109. package/core/shared/config/defaults.json +2 -0
  110. package/core/shared/config/env/config.production.json +4 -0
  111. package/core/shared/config/overrides.json +1 -4
  112. package/core/shared/labs.js +5 -6
  113. package/core/shared/max-limit-cap.js +61 -0
  114. package/package.json +7 -8
  115. package/tsconfig.tsbuildinfo +1 -1
  116. package/yarn.lock +203 -261
  117. package/components/tryghost-i18n-5.129.2.tgz +0 -0
  118. package/core/built/admin/assets/admin-x-settings/index-DoLRADbr.mjs +0 -30308
  119. package/core/built/admin/assets/img/amp-d7b72aae3315fda95921fb575dfca100.svg +0 -4
  120. package/core/frontend/apps/amp/index.js +0 -30
  121. package/core/frontend/apps/amp/lib/helpers/amp_analytics.js +0 -32
  122. package/core/frontend/apps/amp/lib/helpers/amp_components.js +0 -48
  123. package/core/frontend/apps/amp/lib/helpers/amp_content.js +0 -214
  124. package/core/frontend/apps/amp/lib/helpers/amp_style.js +0 -8
  125. package/core/frontend/apps/amp/lib/router.js +0 -95
  126. package/core/frontend/apps/amp/lib/views/amp.hbs +0 -1046
  127. package/core/frontend/meta/amp-url.js +0 -14
  128. package/core/server/api/endpoints/mail-events.js +0 -17
  129. package/core/server/api/endpoints/utils/serializers/output/mail-events.js +0 -9
  130. package/core/server/api/endpoints/utils/validators/input/mail-events.js +0 -7
  131. package/core/server/data/migrations/utils/constants.js +0 -3
  132. package/core/server/data/migrations/versions/4.0/01-update-mobiledoc.js +0 -61
  133. package/core/server/data/migrations/versions/4.0/02-add-status-column-to-members.js +0 -11
  134. package/core/server/data/migrations/versions/4.0/03-populate-status-column-for-members.js +0 -81
  135. package/core/server/data/migrations/versions/4.0/04-drop-apps-related-tables.js +0 -10
  136. package/core/server/data/migrations/versions/4.0/05-add-members-subscribe-events-table.js +0 -9
  137. package/core/server/data/migrations/versions/4.0/06-populate-members-subscribe-events-table.js +0 -53
  138. package/core/server/data/migrations/versions/4.0/07-alter-unique-constraint-for-posts-slug.js +0 -7
  139. package/core/server/data/migrations/versions/4.0/08-add-members-login-events-table.js +0 -7
  140. package/core/server/data/migrations/versions/4.0/09-add-members-email-change-events-table.js +0 -9
  141. package/core/server/data/migrations/versions/4.0/10-add-members-status-events-table.js +0 -9
  142. package/core/server/data/migrations/versions/4.0/11-add-members-paid-subscription-events-table.js +0 -12
  143. package/core/server/data/migrations/versions/4.0/12-delete-apps-related-settings-keys.js +0 -16
  144. package/core/server/data/migrations/versions/4.0/13-add-members-payment-events-table.js +0 -10
  145. package/core/server/data/migrations/versions/4.0/14-remove-orphaned-stripe-records.js +0 -36
  146. package/core/server/data/migrations/versions/4.0/15-add-frontmatter-column-to-meta.js +0 -7
  147. package/core/server/data/migrations/versions/4.0/16-refactor-slack-setting.js +0 -96
  148. package/core/server/data/migrations/versions/4.0/17-populate-members-status-events-table.js +0 -41
  149. package/core/server/data/migrations/versions/4.0/18-transform-urls-absolute-to-transform-ready.js +0 -201
  150. package/core/server/data/migrations/versions/4.0/19-remove-labs-members-setting.js +0 -10
  151. package/core/server/data/migrations/versions/4.0/20-refactor-unsplash-setting.js +0 -41
  152. package/core/server/data/migrations/versions/4.0/21-sanitize-email-batches-provider-id.js +0 -8
  153. package/core/server/data/migrations/versions/4.0/22-solve-orphaned-webhooks.js +0 -87
  154. package/core/server/data/migrations/versions/4.0/23-regenerate-posts-html.js +0 -66
  155. package/core/server/data/migrations/versions/4.0/24-add-missing-email-permissions.js +0 -36
  156. package/core/server/data/migrations/versions/4.0/25-populate-members-paid-subscription-events-table.js +0 -129
  157. package/core/server/data/migrations/versions/4.0/26-add-cascade-on-delete.js +0 -76
  158. package/core/server/data/migrations/versions/4.0/27-add-primary-key-brute-migrations-lock.js +0 -9
  159. package/core/server/data/migrations/versions/4.0/28-add-webhook-intergrations-foreign-key.js +0 -16
  160. package/core/server/data/migrations/versions/4.0/29-fix-foreign-key-for-members-stripe-customers-subscriptions.js +0 -35
  161. package/core/server/data/migrations/versions/4.0/30-set-default-accent-color.js +0 -21
  162. package/core/server/data/migrations/versions/4.1/01-fix-backup-content-permission-typo.js +0 -15
  163. package/core/server/data/migrations/versions/4.1/02-add-unique-constraint-for-member-stripe-tables.js +0 -21
  164. package/core/server/data/migrations/versions/4.11/01-add-oauth-user-data.js +0 -12
  165. package/core/server/data/migrations/versions/4.11/02-add-email-verification-required-setting.js +0 -43
  166. package/core/server/data/migrations/versions/4.12/01-add-email-only-column-to-posts-meta-table.js +0 -7
  167. package/core/server/data/migrations/versions/4.12/02-fix-member-statuses.js +0 -39
  168. package/core/server/data/migrations/versions/4.13/01-add-members-stripe-connect-auth-permission-to-administrators.js +0 -6
  169. package/core/server/data/migrations/versions/4.13/02-add-members-products-events-table.js +0 -33
  170. package/core/server/data/migrations/versions/4.14/01-fix-comped-member-statuses.js +0 -73
  171. package/core/server/data/migrations/versions/4.14/02-fix-free-members-status-events.js +0 -61
  172. package/core/server/data/migrations/versions/4.15/01-add-temp-members-analytic-events-table.js +0 -12
  173. package/core/server/data/migrations/versions/4.16/01-add-custom-theme-settings-table.js +0 -9
  174. package/core/server/data/migrations/versions/4.17/01-add-custom-theme-settings-permissions.js +0 -21
  175. package/core/server/data/migrations/versions/4.17/02-add-offers-table.js +0 -19
  176. package/core/server/data/migrations/versions/4.17/03-add-offers-permissions.js +0 -35
  177. package/core/server/data/migrations/versions/4.19/01-add-active-column-to-offers.js +0 -7
  178. package/core/server/data/migrations/versions/4.19/02-add-offer-redemptions-table.js +0 -8
  179. package/core/server/data/migrations/versions/4.2/01-fix-incorrect-mrr-delta-events.js +0 -13
  180. package/core/server/data/migrations/versions/4.20/01-remove-offer-redemptions-table.js +0 -19
  181. package/core/server/data/migrations/versions/4.20/02-remove-offers-table.js +0 -30
  182. package/core/server/data/migrations/versions/4.20/03-add-offers-table.js +0 -21
  183. package/core/server/data/migrations/versions/4.20/04-add-offer-redemptions-table.js +0 -9
  184. package/core/server/data/migrations/versions/4.20/05-remove-not-null-constraint-from-portal-title.js +0 -44
  185. package/core/server/data/migrations/versions/4.22/01-add-is-launch-complete-setting.js +0 -8
  186. package/core/server/data/migrations/versions/4.22/02-update-launch-complete-setting-from-user-data.js +0 -39
  187. package/core/server/data/migrations/versions/4.23/01-truncate-offer-names.js +0 -59
  188. package/core/server/data/migrations/versions/4.3/01-add-products-table.js +0 -9
  189. package/core/server/data/migrations/versions/4.3/02-add-members-products-table.js +0 -8
  190. package/core/server/data/migrations/versions/4.3/03-add-default-product.js +0 -39
  191. package/core/server/data/migrations/versions/4.3/04-attach-members-to-product.js +0 -50
  192. package/core/server/data/migrations/versions/4.3/05-add-stripe-products-table.js +0 -9
  193. package/core/server/data/migrations/versions/4.3/06-add-stripe-prices-table.js +0 -15
  194. package/core/server/data/migrations/versions/4.3/07-add-products-permissions.js +0 -29
  195. package/core/server/data/migrations/versions/4.3/08-migrate-members-signup-setting.js +0 -109
  196. package/core/server/data/migrations/versions/4.3/09-add-price-id-column-to-subscriptions-table.js +0 -10
  197. package/core/server/data/migrations/versions/4.3/10-populate-stripe-price-id-in-subscriptions.js +0 -20
  198. package/core/server/data/migrations/versions/4.33/2022-01-14-11-50-add-type-column-to-products.js +0 -12
  199. package/core/server/data/migrations/versions/4.33/2022-01-14-11-51-add-default-free-tier.js +0 -40
  200. package/core/server/data/migrations/versions/4.33/2022-01-18-09-07-remove-duplicate-offer-redemptions.js +0 -46
  201. package/core/server/data/migrations/versions/4.33/2022-01-19-10-43-add-active-column-to-products-table.js +0 -7
  202. package/core/server/data/migrations/versions/4.34/2022-01-25-13-53-add-welcome-page-url-column-to-products.js +0 -7
  203. package/core/server/data/migrations/versions/4.35/2022-01-20-05-55-add-post-products-table.js +0 -8
  204. package/core/server/data/migrations/versions/4.35/2022-01-30-15-17-set-welcome-page-url-from-settings.js +0 -45
  205. package/core/server/data/migrations/versions/4.35/2022-02-01-11-48-update-email-recipient-filter-column-type.js +0 -19
  206. package/core/server/data/migrations/versions/4.35/2022-02-01-12-03-update-recipient-filter-column-type.js +0 -19
  207. package/core/server/data/migrations/versions/4.35/2022-02-02-10-38-add-default-content-visibility-tiers-setting.js +0 -8
  208. package/core/server/data/migrations/versions/4.35/2022-02-02-13-10-transform-specific-tiers-default-content-visibility.js +0 -147
  209. package/core/server/data/migrations/versions/4.35/2022-02-04-04-34-populate-empty-portal-products.js +0 -60
  210. package/core/server/data/migrations/versions/4.36/2022-02-07-14-34-add-last-seen-at-column-to-members.js +0 -10
  211. package/core/server/data/migrations/versions/4.37/2022-02-21-09-53-backfill-members-last-seen-at-column.js +0 -32
  212. package/core/server/data/migrations/versions/4.38/2022-03-01-08-46-add-visibility-to-tiers.js +0 -11
  213. package/core/server/data/migrations/versions/4.38/2022-03-03-16-12-add-visibility-to-tiers.js +0 -8
  214. package/core/server/data/migrations/versions/4.38/2022-03-03-16-17-drop-tiers-visible-column.js +0 -7
  215. package/core/server/data/migrations/versions/4.39/2022-03-07-10-57-update-free-products-visibility-column.js +0 -66
  216. package/core/server/data/migrations/versions/4.39/2022-03-07-10-57-update-products-visibility-column.js +0 -36
  217. package/core/server/data/migrations/versions/4.4/01-restore-free-members-signup-setting-from-backup.js +0 -99
  218. package/core/server/data/migrations/versions/4.4/02-migrate-members-signup-access.js +0 -126
  219. package/core/server/data/migrations/versions/4.40/2022-03-07-14-37-add-members-cancel-events-table.js +0 -8
  220. package/core/server/data/migrations/versions/4.40/2022-03-15-06-40-add-offers-admin-integration-permission-roles.js +0 -23
  221. package/core/server/data/migrations/versions/4.40/2022-03-15-06-40-add-tiers-admin-integration-permission-roles.js +0 -20
  222. package/core/server/data/migrations/versions/4.42/2022-03-21-17-17-add.js +0 -25
  223. package/core/server/data/migrations/versions/4.42/2022-03-30-15-44-add-newsletter-permissions.js +0 -28
  224. package/core/server/data/migrations/versions/4.43/2022-03-28-19-26-recreate-newsletter-table.js +0 -29
  225. package/core/server/data/migrations/versions/4.43/2022-03-29-14-45-add-members-newsletters-table.js +0 -7
  226. package/core/server/data/migrations/versions/4.43/2022-04-01-10-13-add-post-newsletter-relation.js +0 -108
  227. package/core/server/data/migrations/versions/4.43/2022-04-06-09-47-add-type-column-to-paid-subscription-events.js +0 -7
  228. package/core/server/data/migrations/versions/4.43/2022-04-06-14-56-add-email-newsletter-relation.js +0 -8
  229. package/core/server/data/migrations/versions/4.43/2022-04-08-10-45-add-subscription-id-to-mrr-events.js +0 -7
  230. package/core/server/data/migrations/versions/4.44/2022-04-06-15-22-populate-type-column-for-paid-subscription-events.js +0 -21
  231. package/core/server/data/migrations/versions/4.44/2022-04-08-11-54-add-cancelled-events.js +0 -51
  232. package/core/server/data/migrations/versions/4.44/2022-04-11-08-24-add-newsletter-permissions.js +0 -33
  233. package/core/server/data/migrations/versions/4.44/2022-04-11-10-54-add-mrr-to-subscriptions.js +0 -8
  234. package/core/server/data/migrations/versions/4.44/2022-04-12-07-33-fill-mrr.js +0 -29
  235. package/core/server/data/migrations/versions/4.44/2022-04-13-12-00-remove-newsletter-sender-name-not-null-constraint.js +0 -33
  236. package/core/server/data/migrations/versions/4.44/2022-04-15-07-53-add-offer-id-to-subscriptions.js +0 -9
  237. package/core/server/data/migrations/versions/4.45/2022-04-19-12-23-backfill-subscriptions-offers.js +0 -60
  238. package/core/server/data/migrations/versions/4.45/2022-04-20-11-25-add-newsletter-read-permission.js +0 -9
  239. package/core/server/data/migrations/versions/4.45/2022-04-21-02-55-add-notifications-key-entry-to-settings-table.js +0 -8
  240. package/core/server/data/migrations/versions/4.46/2022-04-13-12-00-add-created-at-newsletters.js +0 -6
  241. package/core/server/data/migrations/versions/4.46/2022-04-13-12-01-add-updated-at-newsletters.js +0 -6
  242. package/core/server/data/migrations/versions/4.46/2022-04-13-12-02-fill-created-at-newsletters.js +0 -19
  243. package/core/server/data/migrations/versions/4.46/2022-04-13-12-03-drop-nullable-created-at-newsletters.js +0 -3
  244. package/core/server/data/migrations/versions/4.46/2022-04-13-12-08-newsletters-show-header-name.js +0 -7
  245. package/core/server/data/migrations/versions/4.46/2022-04-13-12-57-add-uuid-column-to-newsletters.js +0 -8
  246. package/core/server/data/migrations/versions/4.46/2022-04-13-12-58-fill-uuid-for-newsletters.js +0 -19
  247. package/core/server/data/migrations/versions/4.46/2022-04-13-12-59-drop-nullable-uuid-newsletters.js +0 -3
  248. package/core/server/data/migrations/versions/4.46/2022-04-13-13-00-add-default-newsletter.js +0 -92
  249. package/core/server/data/migrations/versions/4.46/2022-04-20-08-39-map-subscribers-to-default-newsletter.js +0 -66
  250. package/core/server/data/migrations/versions/4.46/2022-04-22-07-43-add-newsletter-id-to-subscribe-events.js +0 -9
  251. package/core/server/data/migrations/versions/4.46/2022-04-27-07-59-set-newsletter-id-subscribe-events.js +0 -31
  252. package/core/server/data/migrations/versions/4.47/2022-05-03-15-30-update-newsletter-sending-options.js +0 -34
  253. package/core/server/data/migrations/versions/4.47/2022-05-04-10-03-transform-newsletter-header-image.js +0 -26
  254. package/core/server/data/migrations/versions/4.5/01-add-stripe-price-description-column.js +0 -7
  255. package/core/server/data/migrations/versions/4.5/02-add-product-description-column.js +0 -7
  256. package/core/server/data/migrations/versions/4.5/03-give-label-read-permissions-to-editors.js +0 -14
  257. package/core/server/data/migrations/versions/4.5/04-remove-unique-constraint-from-product-name.js +0 -13
  258. package/core/server/data/migrations/versions/4.5/05-rename-default-product-to-site-title.js +0 -38
  259. package/core/server/data/migrations/versions/4.6/01-remove-comped-status.js +0 -47
  260. package/core/server/data/migrations/versions/4.7/01-add-monthly-price-column-to-products.js +0 -7
  261. package/core/server/data/migrations/versions/4.7/02-add-yearly-price-column-to-products.js +0 -7
  262. package/core/server/data/migrations/versions/4.7/03-add-labs-setting.js +0 -42
  263. package/core/server/data/migrations/versions/4.8/01-add-feature-image-alt-column-to-posts-meta.js +0 -7
  264. package/core/server/data/migrations/versions/4.8/02-add-feature-image-caption-column-to-posts-meta.js +0 -7
  265. package/core/server/data/migrations/versions/4.8/03-add-default-product-portal-products.js +0 -69
  266. package/core/server/data/migrations/versions/4.8/04-migrate-show-newsletter-header-setting.js +0 -124
  267. package/core/server/data/migrations/versions/4.9/01-add-reset-all-passwords-permission.js +0 -11
  268. package/core/server/data/migrations/versions/4.9/02-add-benefits-table.js +0 -9
  269. package/core/server/data/migrations/versions/4.9/03-add-products-benefits-table.js +0 -8
  270. package/core/server/data/migrations/versions/4.9/04-add-member-segment-to-email-batches.js +0 -7
  271. package/core/server/data/migrations/versions/4.9/05-fix-missed-mobiledoc-url-transforms.js +0 -87
  272. package/core/server/data/migrations/versions/4.9/06-add-comped-status.js +0 -47
  273. package/core/server/data/migrations/versions/4.9/07-update-comped-members-status-events.js +0 -39
  274. package/core/server/models/mail-event.js +0 -12
  275. package/core/server/services/mail-events/BookshelfMailEventRepository.js +0 -40
  276. package/core/server/services/mail-events/InMemoryMailEventRepository.js +0 -10
  277. package/core/server/services/mail-events/InMemoryMailEventRepository.ts +0 -8
  278. package/core/server/services/mail-events/MailEvent.js +0 -20
  279. package/core/server/services/mail-events/MailEvent.ts +0 -10
  280. package/core/server/services/mail-events/MailEventRepository.js +0 -2
  281. package/core/server/services/mail-events/MailEventRepository.ts +0 -5
  282. package/core/server/services/mail-events/MailEventService.js +0 -124
  283. package/core/server/services/mail-events/MailEventService.ts +0 -169
  284. package/core/server/services/mail-events/index.js +0 -21
  285. package/core/server/services/mail-events/libraries.d.ts +0 -2
  286. /package/core/built/admin/assets/{chunk.728.214803966b81ffdb1acd.js.LICENSE.txt → chunk.728.985c45ad584b4b91ca60.js.LICENSE.txt} +0 -0
package/core/server/services/url/config.js CHANGED
@@ -19,7 +19,6 @@ module.exports = [
19
19
  // @TODO: https://github.com/TryGhost/Ghost/issues/10335
20
20
  // 'page',
21
21
  'status',
22
- 'amp',
23
22
  'codeinjection_head',
24
23
  'codeinjection_foot',
25
24
  'meta_title',
@@ -68,7 +67,6 @@ module.exports = [
68
67
  // @TODO: https://github.com/TryGhost/Ghost/issues/10335
69
68
  // 'page',
70
69
  // 'status',
71
- 'amp',
72
70
  'codeinjection_head',
73
71
  'codeinjection_foot',
74
72
  'meta_title',
package/core/server/web/api/app.js CHANGED
@@ -2,6 +2,7 @@ const debug = require('@tryghost/debug')('web:api:default:app');
2
2
  const config = require('../../../shared/config');
3
3
  const express = require('../../../shared/express');
4
4
  const sentry = require('../../../shared/sentry');
5
+ const middleware = require('../shared/middleware');
5
6
  const errorHandler = require('@tryghost/mw-error-handler');
6
7
  const APIVersionCompatibilityService = require('../../services/api-version-compatibility');
7
8
 
@@ -19,6 +20,9 @@ module.exports = function setupApiApp() {
19
20
  apiApp.use(APIVersionCompatibilityService.versionRewrites);
20
21
  apiApp.use(APIVersionCompatibilityService.contentVersion);
21
22
 
23
+ // Enforce capped limit parameter
24
+ apiApp.use(middleware.maxLimitCap);
25
+
22
26
  apiApp.lazyUse('/content/', require('./endpoints/content/app'));
23
27
  apiApp.lazyUse('/admin/', require('./endpoints/admin/app'));
24
28
 
package/core/server/web/api/endpoints/admin/middleware.js CHANGED
@@ -5,7 +5,7 @@ const shared = require('../../../shared');
5
5
  const apiMw = require('../../middleware');
6
6
 
7
7
  const messages = {
8
- notImplemented: 'The server does not support the functionality required to fulfill the request.',
8
+ apiTokenBlocked: 'API tokens do not have permission to access this endpoint',
9
9
  staffTokenBlocked: 'Staff tokens are not allowed to access this endpoint'
10
10
  };
11
11
 
@@ -14,7 +14,7 @@ const messages = {
14
14
  * @param {import('express').Response} res
15
15
  * @param {import('express').NextFunction} next
16
16
  */
17
- const notImplemented = function notImplemented(req, res, next) {
17
+ const tokenPermissionCheck = function tokenPermissionCheck(req, res, next) {
18
18
  // CASE: user is logged in with user auth, skip to permission system
19
19
  if (!req.api_key) {
20
20
  return next();
@@ -81,10 +81,9 @@ const notImplemented = function notImplemented(req, res, next) {
81
81
  }
82
82
  }
83
83
 
84
- next(new errors.InternalServerError({
85
- errorType: 'NotImplementedError',
86
- message: tpl(messages.notImplemented),
87
- statusCode: 501
84
+ next(new errors.NoPermissionError({
85
+ message: tpl(messages.apiTokenBlocked),
86
+ statusCode: 403
88
87
  }));
89
88
  };
90
89
 
@@ -102,7 +101,7 @@ module.exports.authAdminApi = [
102
101
  apiMw.cors,
103
102
  shared.middleware.urlRedirects.adminSSLAndHostRedirect,
104
103
  shared.middleware.prettyUrls,
105
- notImplemented
104
+ tokenPermissionCheck
106
105
  ];
107
106
 
108
107
  /**
@@ -118,7 +117,7 @@ module.exports.authAdminApiWithUrl = [
118
117
  apiMw.cors,
119
118
  shared.middleware.urlRedirects.adminSSLAndHostRedirect,
120
119
  shared.middleware.prettyUrls,
121
- notImplemented
120
+ tokenPermissionCheck
122
121
  ];
123
122
 
124
123
  /**
@@ -130,5 +129,5 @@ module.exports.publicAdminApi = [
130
129
  apiMw.cors,
131
130
  shared.middleware.urlRedirects.adminSSLAndHostRedirect,
132
131
  shared.middleware.prettyUrls,
133
- notImplemented
132
+ tokenPermissionCheck
134
133
  ];
package/core/server/web/api/endpoints/admin/routes.js CHANGED
@@ -19,7 +19,6 @@ module.exports = function apiRoutes() {
19
19
 
20
20
  // ## Public
21
21
  router.get('/site', mw.publicAdminApi, http(api.site.read));
22
- router.post('/mail_events', mw.publicAdminApi, http(api.mailEvents.add));
23
22
 
24
23
  // ## Configuration
25
24
  router.get('/config', mw.authAdminApi, http(api.config.read));
@@ -247,7 +246,6 @@ module.exports = function apiRoutes() {
247
246
  router.get('/tinybird/token', mw.authAdminApi, http(api.tinybird.token));
248
247
 
249
248
  // ## Sessions
250
- router.get('/session', mw.authAdminApi, http(api.session.read));
251
249
  // We don't need auth when creating a new session (logging in)
252
250
  router.post('/session',
253
251
  shared.middleware.brute.globalBlock,
package/core/server/web/comments/routes.js CHANGED
@@ -23,6 +23,9 @@ module.exports = function apiRoutes() {
23
23
  // Authenticated Routes
24
24
  router.use(membersService.middleware.loadMemberSession);
25
25
 
26
+ // Enforce capped limit parameter
27
+ router.use(shared.middleware.maxLimitCap);
28
+
26
29
  router.get('/', http(api.commentsMembers.browse));
27
30
  router.get('/post/:post_id', http(api.commentsMembers.browse));
28
31
  router.get('/:id', http(api.commentsMembers.read));
package/core/server/web/shared/middleware/index.js CHANGED
@@ -11,6 +11,10 @@ module.exports = {
11
11
  return require('./cache-control');
12
12
  },
13
13
 
14
+ get maxLimitCap() {
15
+ return require('./max-limit-cap');
16
+ },
17
+
14
18
  get prettyUrls() {
15
19
  return require('./pretty-urls');
16
20
  },
package/core/server/web/shared/middleware/max-limit-cap.js ADDED
@@ -0,0 +1,27 @@
1
+ const {applyLimitCap, limitConfig} = require('../../../../shared/max-limit-cap');
2
+
3
+ // Prior to Ghost 6.x we allowed any limit value, including 'all', but as sites
4
+ // grew in size it led to performance issues and mis-use of the API.
5
+
6
+ // After Ghost 6.x we only allow a max limit of 100. This middleware enforces
7
+ // that limit by rewriting the limit parameter before it reaches any API code.
8
+
9
+ function maxLimitCap(req, res, next) {
10
+ const limit = req.query.limit;
11
+
12
+ if (!limit) {
13
+ return next();
14
+ }
15
+
16
+ // Apply the shared limit capping logic with URL for exception endpoint checking
17
+ const cappedLimit = applyLimitCap(limit, {url: req.originalUrl});
18
+
19
+ req.query.limit = cappedLimit;
20
+ next();
21
+ }
22
+
23
+ // Create middleware stack with limitConfig property for test access
24
+ /** @type {Array<Function> & {limitConfig: object}} */
25
+ const middlewareStack = Object.assign([maxLimitCap], {limitConfig});
26
+
27
+ module.exports = middlewareStack;
package/core/server/web/shared/middleware/pretty-urls.js CHANGED
@@ -1,8 +1,9 @@
1
1
  // Pretty URL redirects
2
2
  //
3
- // These are two pieces of middleware that handle ensuring that
3
+ // These are three pieces of middleware that handle ensuring that
4
4
  // URLs get formatted correctly.
5
5
  // Slashes ensures that we get trailing slashes
6
+ // redirectAmpUrls removes /amp from the end of urls if it exists (AMP support removed in v6)
6
7
  // Uncapitalise changes case to lowercase
7
8
  // @TODO optimize this to reduce the number of redirects required to get to a pretty URL
8
9
  // @TODO move this to being used by routers?
@@ -15,5 +16,6 @@ module.exports = [
15
16
  'Cache-Control': `public, max-age=${config.get('caching:301:maxAge')}`
16
17
  }
17
18
  }),
19
+ require('./redirect-amp-urls'),
18
20
  require('./uncapitalise')
19
21
  ];
package/core/server/web/shared/middleware/redirect-amp-urls.js ADDED
@@ -0,0 +1,36 @@
1
+ const urlUtils = require('../../../../shared/url-utils');
2
+ const localUtils = require('../utils');
3
+
4
+ /**
5
+ * redirectAmpUrls middleware
6
+ *
7
+ * 1. Detect requests whose path ends with `/amp/` (case-insensitive) or `/amp` before a query-string
8
+ * 2. Issue a 301 redirect to the same URL without that suffix, preserving the query string.
9
+ *
10
+ * Needs to sit early in the public-site middleware stack so that the request never reaches
11
+ * the dynamic routers or results in a 404.
12
+ *
13
+ * Example:
14
+ * /welcome/amp/ -> /welcome/
15
+ * /welcome/amp/?q=1 -> /welcome/?q=1
16
+ *
17
+ * @param {import('express').Request} req - Express request object
18
+ * @param {import('express').Response} res - Express response object
19
+ * @param {import('express').NextFunction} next - Express next function
20
+ * @returns {void}
21
+ */
22
+ function redirectAmpUrls(req, res, next) {
23
+ const ampPattern = /\/amp\/?$/i;
24
+ const url = new URL(req.url, 'http://example.com');
25
+
26
+ if (!ampPattern.test(url.pathname)) {
27
+ return next();
28
+ }
29
+
30
+ const sanitizedPath = url.pathname.replace(ampPattern, '/') + url.search;
31
+ const redirectPath = localUtils.removeOpenRedirectFromUrl(sanitizedPath);
32
+
33
+ return urlUtils.redirect301(res, redirectPath);
34
+ }
35
+
36
+ module.exports = redirectAmpUrls;
package/core/shared/config/defaults.json CHANGED
@@ -171,6 +171,8 @@
171
171
  }
172
172
  },
173
173
  "optimization": {
174
+ "maxLimit": 100,
175
+ "allowLimitAll": false,
174
176
  "getHelper": {
175
177
  "timeout": {
176
178
  "threshold": 5000,
package/core/shared/config/env/config.production.json CHANGED
@@ -17,5 +17,9 @@
17
17
  "enabled": true
18
18
  },
19
19
  "transports": ["file"]
20
+ },
21
+ "explore": {
22
+ "update_url": "https://explore.ghost.org/api/update",
23
+ "testimonials_url": "https://explore.ghost.org/api/testimonials"
20
24
  }
21
25
  }
package/core/shared/config/overrides.json CHANGED
@@ -12,10 +12,7 @@
12
12
  "publicFilePath": "core/frontend/public"
13
13
  },
14
14
  "apps": {
15
- "internal": [
16
- "private-blogging",
17
- "amp"
18
- ]
15
+ "internal": ["private-blogging"]
19
16
  },
20
17
  "slugs": {
21
18
  "protected": ["ghost", "rss", "amp"]
package/core/shared/labs.js CHANGED
@@ -26,12 +26,15 @@ const GA_FEATURES = [
26
26
  'themeErrorsNotification',
27
27
  'announcementBar',
28
28
  'customFonts',
29
- 'contentVisibility'
29
+ 'contentVisibility',
30
+ 'ActivityPub',
31
+ 'trafficAnalytics',
32
+ 'ui60',
33
+ 'explore'
30
34
  ];
31
35
 
32
36
  // These features are considered publicly available and can be enabled/disabled by users
33
37
  const PUBLIC_BETA_FEATURES = [
34
- 'ActivityPub',
35
38
  'superEditors',
36
39
  'editorExcerpt',
37
40
  'additionalPaymentMethods'
@@ -42,14 +45,10 @@ const PUBLIC_BETA_FEATURES = [
42
45
  const PRIVATE_FEATURES = [
43
46
  'stripeAutomaticTax',
44
47
  'webmentions',
45
- 'trafficAnalytics',
46
48
  'importMemberTier',
47
49
  'urlCache',
48
- 'mailEvents',
49
50
  'lexicalIndicators',
50
- 'ui60',
51
51
  'contentVisibilityAlpha',
52
- 'explore',
53
52
  'emailCustomization'
54
53
  ];
55
54
 
package/core/shared/max-limit-cap.js ADDED
@@ -0,0 +1,61 @@
1
+ const config = require('../shared/config');
2
+
3
+ // Prior to Ghost 6.x we allowed any limit value, including 'all', but as sites
4
+ // grew in size it led to performance issues and mis-use of the API.
5
+
6
+ // After Ghost 6.x we only allow a max limit of 100. This shared module provides
7
+ // the core limit capping logic that can be used by both middleware and helpers.
8
+
9
+ const limitConfig = {
10
+ allowLimitAll: config.get('optimization:allowLimitAll') || false,
11
+ maxLimit: config.get('optimization:maxLimit') || 100,
12
+ // Temporary exceptions to the max limit rule (HTTP-specific)
13
+ exceptionEndpoints: [
14
+ '/ghost/api/admin/posts/export/',
15
+ '/ghost/api/admin/emails/' // /:id/batches/ and /:id/recipient-failures/
16
+ ]
17
+ };
18
+
19
+ /**
20
+ * Apply limit capping logic to a limit value
21
+ * @param {string|number} limit - The limit value to cap
22
+ * @param {Object} options - Optional settings
23
+ * @param {string} [options.url] - URL to check against exception endpoints (for middleware)
24
+ * @returns {string|number} The capped limit value
25
+ */
26
+ function applyLimitCap(limit, options = {}) {
27
+ if (!limit) {
28
+ return limit;
29
+ }
30
+
31
+ // If 'all' is globally allowed, skip everything else
32
+ if (limit === 'all' && limitConfig.allowLimitAll) {
33
+ return limit;
34
+ }
35
+
36
+ // Check exception endpoints - they bypass all limits (HTTP-specific)
37
+ if (options.url && limitConfig.exceptionEndpoints.some(endpoint => options.url.startsWith(endpoint))) {
38
+ return limit;
39
+ }
40
+
41
+ // 'all' is no longer supported so gets capped to maxLimit
42
+ if (limit === 'all') {
43
+ return limitConfig.maxLimit;
44
+ }
45
+
46
+ // Convert to number for comparison
47
+ const numericLimit = parseInt(String(limit), 10);
48
+
49
+ // If it's not a valid number or exceeds maxLimit, cap it
50
+ if (isNaN(numericLimit) || numericLimit > limitConfig.maxLimit) {
51
+ return limitConfig.maxLimit;
52
+ }
53
+
54
+ // Return the original limit if it's within bounds
55
+ return limit;
56
+ }
57
+
58
+ module.exports = {
59
+ applyLimitCap,
60
+ limitConfig
61
+ };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "ghost",
3
- "version": "5.129.2",
3
+ "version": "6.0.0-alpha.1",
4
4
  "description": "The professional publishing platform",
5
5
  "author": "Ghost Foundation",
6
6
  "homepage": "https://ghost.org",
@@ -62,7 +62,7 @@
62
62
  "reset:data:tinybird": "cd core/server/data/tinybird/scripts && node reset-data-tinybird.js"
63
63
  },
64
64
  "engines": {
65
- "node": "^18.12.1 || ^20.11.1 || ^22.13.1",
65
+ "node": "^22.13.1",
66
66
  "cli": "^1.27.0"
67
67
  },
68
68
  "dependencies": {
@@ -86,7 +86,7 @@
86
86
  "@tryghost/helpers": "1.1.97",
87
87
  "@tryghost/html-to-plaintext": "1.0.4",
88
88
  "@tryghost/http-cache-utils": "0.1.20",
89
- "@tryghost/i18n": "file:components/tryghost-i18n-5.129.2.tgz",
89
+ "@tryghost/i18n": "file:components/tryghost-i18n-6.0.0-alpha.1.tgz",
90
90
  "@tryghost/image-transform": "1.4.6",
91
91
  "@tryghost/job-manager": "1.0.3",
92
92
  "@tryghost/kg-card-factory": "5.1.2",
@@ -122,7 +122,6 @@
122
122
  "@tryghost/validator": "0.2.17",
123
123
  "@tryghost/version": "0.1.33",
124
124
  "@tryghost/zip": "1.1.49",
125
- "amperize": "0.6.1",
126
125
  "body-parser": "1.20.3",
127
126
  "bookshelf": "1.2.0",
128
127
  "bookshelf-relations": "2.8.0",
@@ -226,21 +225,21 @@
226
225
  },
227
226
  "devDependencies": {
228
227
  "@actions/core": "1.11.1",
229
- "@playwright/test": "1.53.2",
228
+ "@playwright/test": "1.54.1",
230
229
  "@prettier/sync": "0.6.1",
231
230
  "@tryghost/express-test": "0.15.0",
232
231
  "@tryghost/webhook-mock-receiver": "0.2.17",
233
232
  "@types/bookshelf": "1.2.9",
234
233
  "@types/common-tags": "1.8.4",
235
234
  "@types/jsonwebtoken": "9.0.10",
236
- "@types/node": "22.16.3",
235
+ "@types/node": "22.16.4",
237
236
  "@types/node-jose": "1.1.13",
238
237
  "@types/nodemailer": "6.4.17",
239
238
  "@types/sinon": "17.0.4",
240
239
  "@types/supertest": "6.0.3",
241
240
  "c8": "10.1.3",
242
241
  "cli-progress": "3.12.0",
243
- "cssnano": "7.0.7",
242
+ "cssnano": "7.1.0",
244
243
  "detect-indent": "6.1.0",
245
244
  "detect-newline": "3.1.0",
246
245
  "expect": "29.7.0",
@@ -274,7 +273,7 @@
274
273
  "jackspeak": "2.3.6",
275
274
  "moment": "2.24.0",
276
275
  "moment-timezone": "0.5.45",
277
- "@tryghost/i18n": "file:components/tryghost-i18n-5.129.2.tgz"
276
+ "@tryghost/i18n": "file:components/tryghost-i18n-6.0.0-alpha.1.tgz"
278
277
  },
279
278
  "nx": {
280
279
  "targets": {