npm - ghost - Versions diffs - 5.17.1 → 5.18.0 - Mend

ghost 5.17.1 → 5.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (122) hide show

package/core/built/admin/index.html CHANGED Viewed

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.17%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.18%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -36,8 +36,8 @@
         }
     </style>
-    <link integrity="" rel="stylesheet" href="assets/vendor-733135cd6cbca8126c6fa223d63a5bf3.css">
-    <link integrity="" rel="stylesheet" href="assets/ghost-597fb8e8b1b91dd0ac4d9f2d75bd67fb.css" title="light">
+    <link integrity="" rel="stylesheet" href="assets/vendor-3e6947aa681f0fb82b193090e520dc73.css">
+    <link integrity="" rel="stylesheet" href="assets/ghost-ff0bee94743aa886ce35305a5b46fac3.css" title="light">
 </head>
@@ -56,9 +56,9 @@
     <div id="ember-basic-dropdown-wormhole"></div>
-    <script src="assets/vendor-325e038b8609f0979f6578cae7a87f9e.js"></script>
-<script src="assets/chunk.579.a9bccec4d650a7be727a.js"></script>
-<script src="assets/chunk.143.a252ca5afc89e52c049a.js"></script>
-    <script src="assets/ghost-fa7772f8aa2522b3935efed71fa75619.js"></script>
+    <script src="assets/vendor-4da5d2584fbe1442e25e4271a5513f1c.js"></script>
+<script src="assets/chunk.427.4483d5bbdaf2a65888ac.js"></script>
+<script src="assets/chunk.143.6d23a3157dae7a9c899d.js"></script>
+    <script src="assets/ghost-7e6e9479705e7e772bb5ea3b6476cd52.js"></script>
 </body>
 </html>

package/core/frontend/public/ghost.min.css CHANGED Viewed

	@@ -1 +1 @@
1	- /! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css /html{~~font~~-~~family:sans-serif;-~~ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type=checkbox],input[type=radio]{box-sizing:border-box;padding:0}input[type=number]::-webkit-inner-spin-button,input[type=number]::-webkit-outer-spin-button{height:auto}input[type=search]{-webkit-appearance:textfield;box-sizing:content-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:700}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}.black{color:#15171a}.darkgrey{color:#394047}.midgrey{color:#7c8b9a}.lightgrey{color:#ced4d9}.blue{color:#14b8ff}.red{color:#f50b23}.orange{color:#ffb41f}.green{color:#30cf43}.darkgrey-hover:hover{color:#394047}.midgrey-hover:hover{color:#7c8b9a}.lightgrey-hover:hover{color:#ced4d9}.blue-hover:hover{color:#14b8ff}.red-hover:hover{color:#f50b23}.orange-hover:hover{color:#ffb41f}.green-hover:hover{color:#30cf43}*,:after,:before{box-sizing:border-box}html{~~overflow~~:~~hidden~~;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Cantarell,Fira Sans,Droid Sans,Helvetica Neue,sans-serif;font-size:62.5%;line-height:1.65;~~letter-spacing:.2px;-webkit-tap-highlight-color~~:~~rgba(0,0,0,0)~~}body,html{~~width~~:100%;~~height~~:100%}body{~~overflow:auto;overflow-x:hidden;~~color:#343f44;font-size:1.4rem}.gh-view{-ms-flex-positive:1;~~flex-grow:1;~~display:-ms-flexbox;display:flex;-ms-flex-direction:column;flex-direction:column}h1,h2{~~margin:0 0 .3em;~~color:#343f44;line-height:1.15em;~~text-rendering~~:~~optimizeLegibility~~;text-indent:-1px;~~font~~-~~size~~:~~2.9rem~~}@media (max-width:500px){h1{font-size:2.4rem}}.gh-input{~~display~~:~~block~~;~~padding:10px 12px;width:100%;height:40px;~~border:1px solid #d6e3eb;border-radius:4px;color:#4b5b62;font-size:1.6rem;line-height:1em;~~font~~-~~weight:300~~;-webkit-user-select:text;-moz-user-select:text;-ms-user-select:text;user-select:text;~~transition~~:~~border-color .15s linear;-webkit-appearance:none~~}.gh-input:focus{~~outline:0;~~border-color:#b4cbda}.gh-btn{~~display~~:~~inline~~-~~block~~;~~outline:none;~~border:1px solid #d6e3eb;color:#829aa8;text-decoration:none!important;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none~~;fill:#829aa8;border-radius:5px;transition:all .2s ease;-webkit-font-smoothing:subpixel-antialiased~~}.gh-btn span{display:block;~~padding:0 12px;height:33px;~~font-size:1.3rem;~~line-height:33px;~~font-weight:400;~~text-align~~:~~center~~;letter-spacing:.2px;~~border~~-~~radius~~:~~4px~~}.gh-btn:hover{border-color:#b4cbda}.gh-btn-hover-blue:hover{border-color:#3eb0ef;color:#3eb0ef}.gh-btn-blue{~~padding~~:~~1px~~;border:0;~~color:#fff;text~~-shadow:0 -1px 0 rgba(0,0,0,.1);~~fill~~:#fff;~~background~~:~~linear-gradient(#3da1d6,#2288bf)~~;~~box~~-shadow:0 1px 0 rgba(0,0,0,.12);transition:none!important}.gh-btn-blue span{background:linear-gradient(#4ab6f0,#2fa5e4 60%,#2fa5e4 90%,#38a9e5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.1)}.gh-btn-blue:active,.gh-btn-blue:focus{background:#1e78a9}.gh-btn-blue:active span,.gh-btn-blue:focus span{background:#29a0e0;box-shadow:none}.gh-btn-block{display:block;width:100%}.gh-input-icon{position:relative~~;display:block~~}.gh-input-icon svg{~~position:absolute;top:50%;left:10px;z-index:2;height:14px;width:auto;~~fill:color(var(--midgrey) l(15%));transform:translateY(-7px)}.gh-input-icon input{padding-left:35px}.gh-app{display:-ms-flexbox;display:flex;-ms-flex-direction:column;flex-direction:column;overflow:hidden~~;height:100%~~}.gh-viewport{~~overflow:hidden;~~max-height:100%}.gh-main,.gh-viewport{-ms-flex-positive:1;~~flex-grow:1;~~display:-ms-flexbox;display:flex}.gh-main{~~position:relative;~~background:#fff;overflow-y:auto}.gh-flow{~~overflow-y:auto;min-height:100%;~~background:linear-gradient(315deg,#efefef,#fff)}.gh-flow,.gh-flow-content-wrap{~~flex-grow:1;~~display:flex;flex-direction:column}.gh-flow-content-wrap{flex-shrink:0;justify-content:center;~~align-items:center;~~margin:0 24px;padding-bottom:8vh}.gh-flow-content-wrap .site-icon{~~width~~:~~70px~~;height:70px;~~border-radius~~:~~3px~~}.gh-flow-content{~~display:flex;flex-direction:column;max-width:520px;width:100%;margin:4rem 0 6rem;padding:40px;~~background:#fff;~~color:var(--darkgrey);font-size:1.9rem;line-height:1.5em;font-weight:300;~~border-radius:3px;box-shadow:0 2.8px 2.2px rgba(0,0,0,.02),0 6.7px 5.3px rgba(0,0,0,.02),0 12.5px 10px rgba(0,0,0,.02),0 22.3px 17.9px rgba(0,0,0,.03),0 41.8px 33.4px rgba(0,0,0,.03),0 100px 80px rgba(0,0,0,.05)}.gh-flow-content.unsubscribe{align-items:center;justify-content:center;max-width:560px;min-height:200px;~~margin:4rem 0;~~text-align:center}@media (max-width:500px){.gh-flow-content{~~padding:0;~~background:transparent;box-shadow:none}}.gh-flow-content header{display:flex;flex-direction:column~~;align-items:center~~}.gh-flow-content h1{~~margin-bottom:24px;~~color:#15171a;font-size:4.1rem;font-weight:700;line-height:1.15em}.gh-flow-content.unsubscribe h1{font-size:3.2rem}@media (max-width:600px){.gh-flow-content~~.unsubscribe~~ h1,.gh-flow-content h1{font-size:6vw}}.gh-flow-content.unsubscribe p{~~margin:0 0 .4em;~~color:#394047;font-size:1.8rem}@media (max-width:500px){.gh-flow-content.unsubscribe p{font-size:1.6rem;line-height:1.5}}.gh-flow-content .gh-btn{display:block;margin:20px auto 0;max-width:400px}.gh-flow-content .form-group{~~position:relative;~~margin-bottom:2.5rem}.gh-flow-content .form-group.error .gh-input{border-color:#f50b23;box-shadow:0 0 0 3px rgba(239,24,24,.15)}.gh-flow-content .main-error{~~position:absolute;right:0;margin:0;~~color:#7c8b9a;font-size:1.35rem;font-weight:400;text-align:center;user-select:text}.gh-flow-em{font-weight:500}.unsubscribe-footer{~~text-align:center;~~font-size:1.5rem}@media (max-width:500px){.unsubscribe-footer{~~padding:0 24px;~~font-size:1.4rem;line-height:1.4em}}.unsubscribe-footer p{color:#7c8b9a;margin:0 0 .4rem}.unsubscribe-footer a{color:#15171a;text-decoration:none}.unsubscribe-footer a:hover{text-decoration:underline}.gh-signin{margin-bottom:1.5rem}.gh-signin .gh-input,.gh-signin .gh-input:-webkit-autofill:first-line{~~height~~:~~54px~~;~~padding:12px 16px;~~font-size:1.8rem;~~border-radius~~:~~8px~~}.gh-signin .gh-input::placeholder{color:#abb4be;font-weight:400;opacity:1}.gh-signin .gh-input::-webkit-input-placeholder{color:#abb4be;font-weight:400}.gh-signin .gh-input:-ms-input-placeholder{color:#abb4be;font-weight:400}.gh-signin .gh-input::-moz-placeholder{color:#abb4be;font-weight:400;opacity:1}.gh-signin .gh-input:focus{border-color:#30cf43;box-shadow:0 0 0 3px rgba(26,170,96,.15)}.gh-signin .gh-btn{~~margin:0;width:100%;height:54px;max~~-~~width~~:~~unset;margin~~-~~top:32px~~;background:#15171a;font-weight:300;line-height:54px;~~border~~-~~radius~~:~~8px~~;transition:all .4s ease~~;-webkit-font-smoothing~~:~~subpixel-antialiased~~}.gh-signin .gh-btn span{color:#fff;font-size:1.8rem}.error-content{flex-grow:1;justify-content:center;user-select:text~~;padding:8vw~~}.error-content,.error-details{~~display:flex;~~align-items:center}.error-details{margin-bottom:4rem}.error-ghost{margin:15px~~;height:115px~~}@media (max-width:630px){.error-ghost{display:none}}.error-code{~~margin:0;~~color:#c5d2d9;font-size:10vw;font-weight:600;line-height:.9em;~~letter-spacing:-.4vw~~}.error-description{~~margin:0;padding:0;~~border:none;color:#54666d;font-size:2.3rem;font-weight:300;line-height:1.3em}.error-message{display:flex;flex-direction:column;margin:15px~~;align-items:center~~}.error-message a{font-size:1.4rem;line-height:1;margin:8px 0}.error-link{background-color:transparent;color:#5ba4e5;transition:background .3s,color .3s~~;text-decoration:none~~}.error-stack{~~margin:1rem auto;padding:2rem;max-width:800px;~~background-color:hsla(0,0%,100%,.3)}.error-stack-list{margin:0;padding:0~~;list-style-type:none~~}.error-stack-list li{display:block}.error-stack-list li:before{content:"\21AA";display:inline-block;~~margin-right:.5rem;color:#bbb;~~font-size:1.2rem}.error-stack-function{font-weight:700}
1	+ /! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css /html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;font-family:sans-serif}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type=checkbox],input[type=radio]{box-sizing:border-box;padding:0}input[type=number]::-webkit-inner-spin-button,input[type=number]::-webkit-outer-spin-button{height:auto}input[type=search]{-webkit-appearance:textfield;box-sizing:content-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:700}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}.black{color:#15171a}.darkgrey{color:#394047}.midgrey{color:#7c8b9a}.lightgrey{color:#ced4d9}.blue{color:#14b8ff}.red{color:#f50b23}.orange{color:#ffb41f}.green{color:#30cf43}.darkgrey-hover:hover{color:#394047}.midgrey-hover:hover{color:#7c8b9a}.lightgrey-hover:hover{color:#ced4d9}.blue-hover:hover{color:#14b8ff}.red-hover:hover{color:#f50b23}.orange-hover:hover{color:#ffb41f}.green-hover:hover{color:#30cf43}*,:after,:before{box-sizing:border-box}html{-webkit-tap-highlight-color:rgba(0,0,0,0);font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Cantarell,Fira Sans,Droid Sans,Helvetica Neue,sans-serif;font-size:62.5%;letter-spacing:.2px;line-height:1.65;overflow:hidden}body,html{height:100%;width:100%}body{color:#343f44;font-size:1.4rem;overflow:auto;overflow-x:hidden}.gh-view{-ms-flex-positive:1;display:-ms-flexbox;display:flex;-ms-flex-direction:column;flex-direction:column;flex-grow:1}h1,h2{color:#343f44;font-size:2.9rem;line-height:1.15em;margin:0 0 .3em;text-indent:-1px;text-rendering:optimizeLegibility}@media (max-width:500px){h1{font-size:2.4rem}}.gh-input{-webkit-appearance:none;border:1px solid #d6e3eb;border-radius:4px;color:#4b5b62;display:block;font-size:1.6rem;font-weight:300;height:40px;line-height:1em;padding:10px 12px;transition:border-color .15s linear;-webkit-user-select:text;-moz-user-select:text;-ms-user-select:text;user-select:text;width:100%}.gh-input:focus{border-color:#b4cbda;outline:0}.gh-btn{fill:#829aa8;-webkit-font-smoothing:subpixel-antialiased;border:1px solid #d6e3eb;border-radius:5px;color:#829aa8;display:inline-block;outline:none;text-decoration:none!important;transition:all .2s ease;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.gh-btn span{border-radius:4px;display:block;font-size:1.3rem;font-weight:400;height:33px;letter-spacing:.2px;line-height:33px;padding:0 12px;text-align:center}.gh-btn:hover{border-color:#b4cbda}.gh-btn-hover-blue:hover{border-color:#3eb0ef;color:#3eb0ef}.gh-btn-blue{fill:#fff;background:linear-gradient(#3da1d6,#2288bf);border:0;box-shadow:0 1px 0 rgba(0,0,0,.12);color:#fff;padding:1px;text-shadow:0 -1px 0 rgba(0,0,0,.1);transition:none!important}.gh-btn-blue span{background:linear-gradient(#4ab6f0,#2fa5e4 60%,#2fa5e4 90%,#38a9e5);box-shadow:inset 0 1px 0 hsla(0,0%,100%,.1)}.gh-btn-blue:active,.gh-btn-blue:focus{background:#1e78a9}.gh-btn-blue:active span,.gh-btn-blue:focus span{background:#29a0e0;box-shadow:none}.gh-btn-block{display:block;width:100%}.gh-input-icon{display:block;position:relative}.gh-input-icon svg{fill:color(var(--midgrey) l(15%));height:14px;left:10px;position:absolute;top:50%;transform:translateY(-7px);width:auto;z-index:2}.gh-input-icon input{padding-left:35px}.gh-app{display:-ms-flexbox;display:flex;-ms-flex-direction:column;flex-direction:column;height:100%;overflow:hidden}.gh-viewport{max-height:100%;overflow:hidden}.gh-main,.gh-viewport{-ms-flex-positive:1;display:-ms-flexbox;display:flex;flex-grow:1}.gh-main{background:#fff;overflow-y:auto;position:relative}.gh-flow{background:linear-gradient(315deg,#efefef,#fff);min-height:100%;overflow-y:auto}.gh-flow,.gh-flow-content-wrap{display:flex;flex-direction:column;flex-grow:1}.gh-flow-content-wrap{align-items:center;flex-shrink:0;justify-content:center;margin:0 24px;padding-bottom:8vh}.gh-flow-content-wrap .site-icon{border-radius:3px;height:70px;width:70px}.gh-flow-content{background:#fff;border-radius:3px;box-shadow:0 2.8px 2.2px rgba(0,0,0,.02),0 6.7px 5.3px rgba(0,0,0,.02),0 12.5px 10px rgba(0,0,0,.02),0 22.3px 17.9px rgba(0,0,0,.03),0 41.8px 33.4px rgba(0,0,0,.03),0 100px 80px rgba(0,0,0,.05);color:var(--darkgrey);display:flex;flex-direction:column;font-size:1.9rem;font-weight:300;line-height:1.5em;margin:4rem 0 6rem;max-width:520px;padding:40px;width:100%}.gh-flow-content.unsubscribe{align-items:center;justify-content:center;margin:4rem 0;max-width:560px;min-height:200px;text-align:center}@media (max-width:500px){.gh-flow-content{background:transparent;box-shadow:none;padding:0}}.gh-flow-content header{align-items:center;display:flex;flex-direction:column}.gh-flow-content h1{color:#15171a;font-size:4.1rem;font-weight:700;line-height:1.15em;margin-bottom:24px}.gh-flow-content.unsubscribe h1{font-size:3.2rem}@media (max-width:600px){.gh-flow-content h1,.gh-flow-content.unsubscribe h1{font-size:6vw}}.gh-flow-content.unsubscribe p{color:#394047;font-size:1.8rem;margin:0 0 .4em}@media (max-width:500px){.gh-flow-content.unsubscribe p{font-size:1.6rem;line-height:1.5}}.gh-flow-content .gh-btn{display:block;margin:20px auto 0;max-width:400px}.gh-flow-content .form-group{margin-bottom:2.5rem;position:relative}.gh-flow-content .form-group.error .gh-input{border-color:#f50b23;box-shadow:0 0 0 3px rgba(239,24,24,.15)}.gh-flow-content .main-error{color:#7c8b9a;font-size:1.35rem;font-weight:400;margin:0;position:absolute;right:0;text-align:center;user-select:text}.gh-flow-em{font-weight:500}.unsubscribe-footer{font-size:1.5rem;text-align:center}@media (max-width:500px){.unsubscribe-footer{font-size:1.4rem;line-height:1.4em;padding:0 24px}}.unsubscribe-footer p{color:#7c8b9a;margin:0 0 .4rem}.unsubscribe-footer a{color:#15171a;text-decoration:none}.unsubscribe-footer a:hover{text-decoration:underline}.gh-signin{margin-bottom:1.5rem}.gh-signin .gh-input,.gh-signin .gh-input:-webkit-autofill:first-line{border-radius:8px;font-size:1.8rem;height:54px;padding:12px 16px}.gh-signin .gh-input::placeholder{color:#abb4be;font-weight:400;opacity:1}.gh-signin .gh-input::-webkit-input-placeholder{color:#abb4be;font-weight:400}.gh-signin .gh-input:-ms-input-placeholder{color:#abb4be;font-weight:400}.gh-signin .gh-input::-moz-placeholder{color:#abb4be;font-weight:400;opacity:1}.gh-signin .gh-input:focus{border-color:#30cf43;box-shadow:0 0 0 3px rgba(26,170,96,.15)}.gh-signin .gh-btn{-webkit-font-smoothing:subpixel-antialiased;background:#15171a;border-radius:8px;font-weight:300;height:54px;line-height:54px;margin:0;margin-top:32px;max-width:unset;transition:all .4s ease;width:100%}.gh-signin .gh-btn span{color:#fff;font-size:1.8rem}.error-content{flex-grow:1;justify-content:center;padding:8vw;user-select:text}.error-content,.error-details{align-items:center;display:flex}.error-details{margin-bottom:4rem}.error-ghost{height:115px;margin:15px}@media (max-width:630px){.error-ghost{display:none}}.error-code{color:#c5d2d9;font-size:10vw;font-weight:600;letter-spacing:-.4vw;line-height:.9em;margin:0}.error-description{border:none;color:#54666d;font-size:2.3rem;font-weight:300;line-height:1.3em;margin:0;padding:0}.error-message{align-items:center;display:flex;flex-direction:column;margin:15px}.error-message a{font-size:1.4rem;line-height:1;margin:8px 0}.error-link{background-color:transparent;color:#5ba4e5;text-decoration:none;transition:background .3s,color .3s}.error-stack{background-color:hsla(0,0%,100%,.3);margin:1rem auto;max-width:800px;padding:2rem}.error-stack-list{list-style-type:none;margin:0;padding:0}.error-stack-list li{display:block}.error-stack-list li:before{color:#bbb;content:"\21AA";display:inline-block;font-size:1.2rem;margin-right:.5rem}.error-stack-function{font-weight:700}

package/core/frontend/web/middleware/static-theme.js CHANGED Viewed

@@ -32,6 +32,8 @@ function forwardToExpressStatic(req, res, next) {
     const configMaxAge = config.get('caching:theme:maxAge');
+    // @NOTE: the maxAge config passed below are in milliseconds and the config
+    //        is specified in seconds. See https://github.com/expressjs/serve-static/issues/150 for more context
     express.static(themeEngine.getActive().path, {
         maxAge: (configMaxAge || configMaxAge === 0) ? configMaxAge : constants.ONE_YEAR_MS
     }

package/core/server/api/endpoints/member-signin-urls.js CHANGED Viewed

@@ -22,7 +22,7 @@ module.exports = {
                 });
             }
-            const magicLink = await membersService.api.getMagicLink(model.get('email'));
+            const magicLink = await membersService.api.getMagicLink(model.get('email'), 'signin');
             return {
                 member_id: model.get('id'),

package/core/server/api/endpoints/utils/serializers/input/posts.js CHANGED Viewed

@@ -6,7 +6,6 @@ const localUtils = require('../../index');
 const mobiledoc = require('../../../../../lib/mobiledoc');
 const postsMetaSchema = require('../../../../../data/schema').tables.posts_meta;
 const clean = require('./utils/clean');
-const labs = require('../../../../../../shared/labs');
 function removeSourceFormats(frame) {
     if (frame.options.formats?.includes('mobiledoc') || frame.options.formats?.includes('lexical')) {
@@ -25,11 +24,7 @@ function defaultRelations(frame) {
         return false;
     }
-    if (labs.isSet('emailClicks')) {
-        frame.options.withRelated = ['tags', 'authors', 'authors.roles', 'email', 'tiers', 'newsletter', 'count.signups', 'count.paid_conversions', 'count.clicks'];
-    } else {
-        frame.options.withRelated = ['tags', 'authors', 'authors.roles', 'email', 'tiers', 'newsletter', 'count.signups', 'count.paid_conversions'];
-    }
+    frame.options.withRelated = ['tags', 'authors', 'authors.roles', 'email', 'tiers', 'newsletter', 'count.signups', 'count.paid_conversions', 'count.clicks'];
 }
 function setDefaultOrder(frame) {

package/core/server/api/endpoints/utils/serializers/output/mappers/posts.js CHANGED Viewed

@@ -10,7 +10,6 @@ const extraAttrs = require('../utils/extra-attrs');
 const gating = require('../utils/post-gating');
 const url = require('../utils/url');
-const labs = require('../../../../../../../shared/labs');
 const utils = require('../../../index');
 const postsMetaSchema = require('../../../../../../data/schema').tables.posts_meta;
@@ -110,20 +109,14 @@ module.exports = async (model, frame, options = {}) => {
         });
     }
-    if (labs.isSet('emailClicks')) {
-        if (jsonModel.email && jsonModel.count) {
-            jsonModel.email.opened_count = Math.min(
-                Math.max(
-                    jsonModel.email.opened_count || 0,
-                    jsonModel.count.clicks || 0
-                ),
-                jsonModel.email.email_count
-            );
-        }
-    }
-    if (!labs.isSet('memberAttribution') && !labs.isSet('emailClicks')) {
-        delete jsonModel.count;
+    if (jsonModel.email && jsonModel.count) {
+        jsonModel.email.opened_count = Math.min(
+            Math.max(
+                jsonModel.email.opened_count || 0,
+                jsonModel.count.clicks || 0
+            ),
+            jsonModel.email.email_count
+        );
     }
     return jsonModel;

package/core/server/services/members/middleware.js CHANGED Viewed

@@ -157,6 +157,7 @@ const createSessionFromMagicLink = async function (req, res, next) {
     try {
         const member = await membersService.ssr.exchangeTokenForSession(req, res);
         spamPrevention.membersAuth().reset(req.ip, `${member.email}login`);
+        // Note: don't reset 'member_login', or that would give an easy way around user enumeration by logging in to a manually created account
         const subscriptions = member && member.subscriptions || [];
         const action = req.query.action;

package/core/server/services/webhooks/serialize.js CHANGED Viewed

@@ -13,7 +13,7 @@ module.exports = (event, model) => {
         ops.push(() => {
             let frame = {options: {previous: false, context: {user: true}}};
-            // NOTE: below options are lost in the during event processing, a more holistic approach would be
+            // @NOTE: below options are lost during event processing, a more holistic approach would be
             //       to pass them somehow along with the model
             if (['posts', 'pages'].includes(docName)) {
                 frame.options.formats = ['mobiledoc', 'html', 'plaintext'];

package/core/server/web/admin/app.js CHANGED Viewed

@@ -20,6 +20,8 @@ module.exports = function setupAdminApp() {
     // @NOTE: when we start working on HTTP/3 optimizations the immutable headers
     //        produced below should be split into separate 'Cache-Control' entry.
     //        For reference see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching#validation_2
+    // @NOTE: the maxAge config passed below are in milliseconds and the config
+    //        is specified in seconds. See https://github.com/expressjs/serve-static/issues/150 for more context
     adminApp.use('/assets', serveStatic(
         path.join(config.get('paths').adminAssets, 'assets'), {
             maxAge: (configMaxAge || configMaxAge === 0) ? configMaxAge : constants.ONE_YEAR_MS,

package/core/server/web/api/endpoints/admin/routes.js CHANGED Viewed

@@ -3,7 +3,6 @@ const api = require('../../../../api').endpoints;
 const {http} = require('@tryghost/api-framework');
 const apiMw = require('../../middleware');
 const mw = require('./middleware');
-const labs = require('../../../../../shared/labs');
 const shared = require('../../../shared');
@@ -310,7 +309,7 @@ module.exports = function apiRoutes() {
     router.put('/newsletters/verifications/', mw.authAdminApi, http(api.newsletters.verifyPropertyUpdate));
     router.put('/newsletters/:id', mw.authAdminApi, http(api.newsletters.edit));
-    router.get('/links', labs.enabledMiddleware('emailClicks'), mw.authAdminApi, http(api.links.browse));
+    router.get('/links', mw.authAdminApi, http(api.links.browse));
     return router;
 };

package/core/server/web/members/app.js CHANGED Viewed

@@ -48,7 +48,15 @@ module.exports = function setupMembersApp() {
     membersApp.delete('/api/session', middleware.deleteSession);
     // NOTE: this is wrapped in a function to ensure we always go via the getter
-    membersApp.post('/api/send-magic-link', bodyParser.json(), shared.middleware.brute.membersAuth, (req, res, next) => membersService.api.middleware.sendMagicLink(req, res, next));
+    membersApp.post(
+        '/api/send-magic-link',
+        bodyParser.json(),
+        // Prevent brute forcing email addresses (user enumeration)
+        shared.middleware.brute.membersAuthEnumeration,
+        // Prevent brute forcing passwords for the same email address
+        shared.middleware.brute.membersAuth,
+        (req, res, next) => membersService.api.middleware.sendMagicLink(req, res, next)
+    );
     membersApp.post('/api/create-stripe-checkout-session', (req, res, next) => membersService.api.middleware.createCheckoutSession(req, res, next));
     membersApp.post('/api/create-stripe-update-session', (req, res, next) => membersService.api.middleware.createCheckoutSetupSession(req, res, next));
     membersApp.put('/api/subscriptions/:id', (req, res, next) => membersService.api.middleware.updateSubscription(req, res, next));

package/core/server/web/shared/middleware/api/spam-prevention.js CHANGED Viewed

@@ -5,7 +5,7 @@ const errors = require('@tryghost/errors');
 const config = require('../../../../../shared/config');
 const tpl = require('@tryghost/tpl');
 const logging = require('@tryghost/logging');
-const spam = config.get('spam') || {};
+let spam = config.get('spam') || {};
 const messages = {
     forgottenPasswordEmail: {
@@ -22,13 +22,13 @@ const messages = {
     },
     tooManyAttempts: 'Too many attempts.'
 };
-const spamPrivateBlock = spam.private_block || {};
-const spamGlobalBlock = spam.global_block || {};
-const spamGlobalReset = spam.global_reset || {};
-const spamUserReset = spam.user_reset || {};
-const spamUserLogin = spam.user_login || {};
-const spamContentApiKey = spam.content_api_key || {};
+let spamPrivateBlock = spam.private_block || {};
+let spamGlobalBlock = spam.global_block || {};
+let spamGlobalReset = spam.global_reset || {};
+let spamUserReset = spam.user_reset || {};
+let spamUserLogin = spam.user_login || {};
+let spamMemberLogin = spam.member_login || {};
+let spamContentApiKey = spam.content_api_key || {};
 let store;
 let memoryStore;
@@ -37,6 +37,7 @@ let globalResetInstance;
 let globalBlockInstance;
 let userLoginInstance;
 let membersAuthInstance;
+let membersAuthEnumerationInstance;
 let userResetInstance;
 let contentApiKeyInstance;
@@ -152,6 +153,39 @@ const membersAuth = () => {
     return membersAuthInstance;
 };
+/**
+ * This one should have higher limits because it checks across all email addresses
+ */
+const membersAuthEnumeration = () => {
+    const ExpressBrute = require('express-brute');
+    const BruteKnex = require('brute-knex');
+    const db = require('../../../../data/db');
+    store = store || new BruteKnex({
+        tablename: 'brute',
+        createTable: false,
+        knex: db.knex
+    });
+    if (!membersAuthEnumerationInstance) {
+        membersAuthEnumerationInstance = new ExpressBrute(store,
+            extend({
+                attachResetToRequest: true,
+                failCallback(req, res, next, nextValidRequestDate) {
+                    return next(new errors.TooManyRequestsError({
+                        message: `Too many different sign-in attempts try again in ${moment(nextValidRequestDate).fromNow(true)}`,
+                        context: tpl(messages.tooManySigninAttempts.context),
+                        help: tpl(messages.tooManySigninAttempts.context)
+                    }));
+                },
+                handleStoreError: handleStoreError
+            }, pick(spamMemberLogin, spamConfigKeys))
+        );
+    }
+    return membersAuthEnumerationInstance;
+};
 // Stops login attempts for a user+IP pair with an increasing time period starting from 10 minutes
 // and rising to a week in a fibonnaci sequence
 // The user+IP count is reset when on successful login
@@ -281,7 +315,29 @@ module.exports = {
     globalReset: globalReset,
     userLogin: userLogin,
     membersAuth: membersAuth,
+    membersAuthEnumeration: membersAuthEnumeration,
     userReset: userReset,
     privateBlog: privateBlog,
-    contentApiKey: contentApiKey
+    contentApiKey: contentApiKey,
+    reset: () => {
+        store = undefined;
+        memoryStore = undefined;
+        privateBlogInstance = undefined;
+        globalResetInstance = undefined;
+        globalBlockInstance = undefined;
+        userLoginInstance = undefined;
+        membersAuthInstance = undefined;
+        membersAuthEnumerationInstance = undefined;
+        userResetInstance = undefined;
+        contentApiKeyInstance = undefined;
+        spam = config.get('spam') || {};
+        spamPrivateBlock = spam.private_block || {};
+        spamGlobalBlock = spam.global_block || {};
+        spamGlobalReset = spam.global_reset || {};
+        spamUserReset = spam.user_reset || {};
+        spamUserLogin = spam.user_login || {};
+        spamMemberLogin = spam.member_login || {};
+        spamContentApiKey = spam.content_api_key || {};
+    }
 };

package/core/server/web/shared/middleware/brute.js CHANGED Viewed

@@ -84,6 +84,7 @@ module.exports = {
     },
     /**
+     * Block too many password guesses for the same email address
      */
     membersAuth(req, res, next) {
         return spamPrevention.membersAuth().getMiddleware({
@@ -96,5 +97,12 @@ module.exports = {
                 return _next();
             }
         })(req, res, next);
+    },
+    /**
+     * Blocks user enumeration
+     */
+    membersAuthEnumeration(req, res, next) {
+        return spamPrevention.membersAuthEnumeration().prevent(req, res, next);
     }
 };

package/core/shared/config/defaults.json CHANGED Viewed

@@ -99,6 +99,12 @@
             "maxWait": 86400000,
             "lifetime": 3600,
             "freeRetries": 99
+        },
+        "member_login": {
+            "minWait": 600000,
+            "maxWait": 43200000,
+            "lifetime": 43200,
+            "freeRetries": 8
         }
     },
     "caching": {
@@ -152,7 +158,7 @@
     },
     "portal": {
         "url": "https://cdn.jsdelivr.net/ghost/portal@~{version}/umd/portal.min.js",
-        "version": "2.13"
+        "version": "2.14"
     },
     "sodoSearch": {
         "url": "https://cdn.jsdelivr.net/ghost/sodo-search@~{version}/umd/sodo-search.min.js",
@@ -162,7 +168,7 @@
     "comments": {
         "url": "https://cdn.jsdelivr.net/ghost/comments-ui@~{version}/umd/comments-ui.min.js",
         "styles": "https://cdn.jsdelivr.net/ghost/comments-ui@~{version}/umd/main.css",
-        "version": "0.10.1"
+        "version": "0.10"
     },
     "editor": {
         "url": "https://unpkg.com/@tryghost/koenig-lexical@~{version}/dist/koenig-lexical.umd.js",

package/core/shared/labs.js CHANGED Viewed

@@ -19,8 +19,7 @@ const GA_FEATURES = [
     'freeTrial',
     'compExpiring',
     'searchHelper',
-    'emailAlerts',
-    'emailClicks'
+    'emailAlerts'
 ];
 // NOTE: this allowlist is meant to be used to filter out any unexpected
@@ -34,7 +33,8 @@ const ALPHA_FEATURES = [
     'urlCache',
     'beforeAfterCard',
     'sourceAttribution',
-    'lexicalEditor'
+    'lexicalEditor',
+    'exploreApp'
 ];
 module.exports.GA_KEYS = [...GA_FEATURES];