ghost 5.17.2 → 5.19.0

package/core/server/services/mail/GhostMailer.js

@@ -7,6 +7,7 @@ const errors = require('@tryghost/errors');
 const tpl = require('@tryghost/tpl');
 const settingsCache = require('../../../shared/settings-cache');
 const urlUtils = require('../../../shared/url-utils');
+const metrics = require('@tryghost/metrics');
 const messages = {
     title: 'Ghost at {domain}',
     checkEmailConfigInstructions: 'Please see {url} for instructions on configuring email.',
@@ -83,7 +84,8 @@ module.exports = class GhostMailer {
         const options = config.get('mail') && _.clone(config.get('mail').options) || {};
 
         this.state = {
-            usingDirect: transport === 'direct'
+            usingDirect: transport === 'direct',
+            usingMailgun: transport === 'mailgun'
         };
         this.transport = nodemailer(transport, options);
     }
@@ -121,10 +123,24 @@ module.exports = class GhostMailer {
     }
 
     async sendMail(message) {
+        const startTime = Date.now();
         try {
             const response = await this.transport.sendMail(message);
+            if (this.state.usingMailgun) {
+                metrics.metric('mailgun-send-transactional-mail', {
+                    value: Date.now() - startTime,
+                    statusCode: 200
+                });
+            }
+
             return response;
         } catch (err) {
+            if (this.state.usingMailgun) {
+                metrics.metric('mailgun-send-transactional-mail', {
+                    value: Date.now() - startTime,
+                    statusCode: err.status
+                });
+            }
             throw createMailError({
                 message: tpl(messages.reason, {reason: err.message || err}),
                 err

package/core/server/services/mega/feedback-buttons.js

@@ -0,0 +1,69 @@
+const {Color} = require('@tryghost/color-utils');
+const audienceFeedback = require('../audience-feedback');
+
+const templateStrings = {
+    like: '%{feedback_button_like}%',
+    dislike: '%{feedback_button_dislike}%'
+};
+
+const generateLinks = (postId, uuid, html) => {
+    const positiveLink = audienceFeedback.service.buildLink(
+        uuid,
+        postId,
+        1
+    );
+    const negativeLink = audienceFeedback.service.buildLink(
+        uuid,
+        postId,
+        0
+    );
+
+    html = html.replace(templateStrings.like, positiveLink.href);
+    html = html.replace(templateStrings.dislike, negativeLink.href);
+
+    return html;
+};
+
+const getTemplate = (accentColor) => {
+    const likeButtonHtml = getButtonHtml(templateStrings.like, 'More like this', accentColor);
+    const dislikeButtonHtml = getButtonHtml(templateStrings.dislike, 'Less like this', accentColor);
+
+    return (`
+        <tr>
+            <td dir="ltr" width="100%" style="background-color: #ffffff; text-align: center; padding: 40px 4px; border-bottom: 1px solid #e5eff5" align="center">
+                <h3 style="text-align: center; margin-bottom: 22px; font-size: 17px; letter-spacing: -0.2px; margin-top: 0 !important;">What did you think of this post?</h3>
+                <table role="presentation" border="0" cellpadding="0" cellspacing="0" style="margin: auto; width: auto !important;">
+                    <tr>
+                        ${likeButtonHtml}
+                        ${dislikeButtonHtml}
+                    </tr>
+                </table>
+            </td>
+        </tr>
+    `);
+};
+
+function getButtonHtml(href, buttonText, accentColor) {
+    const color = new Color(accentColor);
+    const bgColor = `${accentColor}10`;
+    const textColor = color.darken(0.6).hex();
+
+    return (`
+        <td dir="ltr" valign="top" align="center" style="font-family: inherit; font-size: 14px; text-align: center;" nowrap>
+            <table align="center" role="presentation" cellspacing="0" cellpadding="0" border="0" style="width: auto !important;">
+                <tr>
+                    <td style="padding: 0 6px; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol';">
+                        <a href=${href} style="background-color: ${bgColor}; color: ${textColor}; border-radius: 22px; font-family: inherit; padding: 12px 20px; border: none; font-size: 14px; font-weight: bold; line-height: 100%; text-decoration: none; display: block;">
+                            ${buttonText}
+                        </a>
+                    </td>
+                </tr>
+            </table>
+        </td>
+    `);
+}
+
+module.exports = {
+    generateLinks,
+    getTemplate
+};

package/core/server/services/mega/mega.js

@@ -3,7 +3,7 @@ const Promise = require('bluebird');
 const debug = require('@tryghost/debug')('mega');
 const tpl = require('@tryghost/tpl');
 const moment = require('moment');
-const ObjectID = require('bson-objectid');
+const ObjectID = require('bson-objectid').default;
 const errors = require('@tryghost/errors');
 const logging = require('@tryghost/logging');
 const settingsCache = require('../../../shared/settings-cache');

package/core/server/services/mega/post-email-serializer.js

@@ -16,11 +16,12 @@ const urlService = require('../../services/url');
 const linkReplacer = require('@tryghost/link-replacer');
 const linkTracking = require('../link-tracking');
 const memberAttribution = require('../member-attribution');
+const feedbackButtons = require('./feedback-buttons');
 
 const ALLOWED_REPLACEMENTS = ['first_name', 'uuid'];
 
 const PostEmailSerializer = {
-    
+
     // Format a full html document ready for email by inlining CSS, adjusting links,
     // and performing any client-specific fixes
     formatHtmlForEmail(html) {
@@ -107,6 +108,23 @@ const PostEmailSerializer = {
         return signupUrl.href;
     },
 
+    /**
+     * createUserLinks
+     *
+     * Generate personalised links for each user
+     *
+     * @param {string} memberUuid member uuid
+     * @param {Object} email
+     */
+    createUserLinks(email, memberUuid) {
+        const result = {...email};
+
+        result.html = feedbackButtons.generateLinks(result.post.id, memberUuid, result.html);
+        result.plaintext = htmlToPlaintext.email(result.html);
+
+        return result;
+    },
+
     // NOTE: serialization is needed to make sure we do post transformations such as image URL transformation from relative to absolute
     async serializePostModel(model) {
         // fetch mobiledoc rather than html and plaintext so we can render email-specific contents
@@ -206,6 +224,7 @@ const PostEmailSerializer = {
             titleAlignment: newsletter.get('title_alignment'),
             bodyFontCategory: newsletter.get('body_font_category'),
             showBadge: newsletter.get('show_badge'),
+            feedbackEnabled: newsletter.get('feedback_enabled'),
             footerContent: newsletter.get('footer_content'),
             showHeaderName: newsletter.get('show_header_name'),
             accentColor,
@@ -335,7 +354,7 @@ const PostEmailSerializer = {
             plaintext: post.plaintext
         };
 
-        /** 
+        /**
          *  If a part of the email is members-only and the post is paid-only, add a paywall:
          *  - Just before sending the email, we'll hide the paywall or paid content depending on the member segment it is sent to.
          *  - We already need to do URL-replacement on the HTML here
@@ -369,7 +388,7 @@ const PostEmailSerializer = {
 
                 // Add link click tracking
                 url = await linkTracking.service.addTrackingToUrl(url, post, '--uuid--');
-                
+
                 // We need to convert to a string at this point, because we need invalid string characters in the URL
                 const str = url.toString().replace(/--uuid--/g, '%%{uuid}%%');
                 return str;
@@ -490,7 +509,7 @@ const PostEmailSerializer = {
         });
 
         result.html = this.formatHtmlForEmail($.html());
-        result.plaintext = htmlToPlaintext.email(result.html); 
+        result.plaintext = htmlToPlaintext.email(result.html);
         delete result.post;
 
         return result;
@@ -501,6 +520,7 @@ module.exports = {
     serialize: PostEmailSerializer.serialize.bind(PostEmailSerializer),
     createUnsubscribeUrl: PostEmailSerializer.createUnsubscribeUrl.bind(PostEmailSerializer),
     createPostSignupUrl: PostEmailSerializer.createPostSignupUrl.bind(PostEmailSerializer),
+    createUserLinks: PostEmailSerializer.createUserLinks.bind(PostEmailSerializer),
     renderEmailForSegment: PostEmailSerializer.renderEmailForSegment.bind(PostEmailSerializer),
     parseReplacements: PostEmailSerializer.parseReplacements.bind(PostEmailSerializer),
     // Export for tests

package/core/server/services/mega/template.js

@@ -1,4 +1,5 @@
 const {escapeHtml: escape} = require('@tryghost/string');
+const feedbackButtons = require('./feedback-buttons');
 
 /* eslint indent: warn, no-irregular-whitespace: warn */
 const iff = (cond, yes, no) => (cond ? yes : no);
@@ -1265,6 +1266,8 @@ ${ templateSettings.showBadge ? `
 
                         <!-- END MAIN CONTENT AREA -->
 
+                        ${iff(templateSettings.feedbackEnabled, feedbackButtons.getTemplate(templateSettings.accentColor), '')}
+
                         <tr>
                             <td class="wrapper" align="center">
                                 <table role="presentation" border="0" cellpadding="0" cellspacing="0" width="100%" style="padding-top: 40px; padding-bottom: 30px;">

package/core/server/services/members/middleware.js

@@ -5,6 +5,13 @@ const models = require('../../models');
 const urlUtils = require('../../../shared/url-utils');
 const spamPrevention = require('../../web/shared/middleware/api/spam-prevention');
 const {formattedMemberResponse} = require('./utils');
+const errors = require('@tryghost/errors');
+const tpl = require('@tryghost/tpl');
+
+const messages = {
+    missingUuid: 'Missing uuid.',
+    invalidUuid: 'Invalid uuid.'
+};
 
 // @TODO: This piece of middleware actually belongs to the frontend, not to the member app
 // Need to figure a way to separate these things (e.g. frontend actually talks to members API)
@@ -20,6 +27,38 @@ const loadMemberSession = async function (req, res, next) {
     }
 };
 
+/**
+ * Require member authentication, and make it possible to authenticate via uuid.
+ * You can chain this after loadMemberSession to make it possible to authetnicate via both the uuid and the session.
+ */
+const authMemberByUuid = async function (req, res, next) {
+    try {
+        const uuid = req.query.uuid;
+        if (!uuid) {
+            if (res.locals.member && req.member) {
+                // Already authenticated via session
+                return next();
+            }
+            
+            throw new errors.UnauthorizedError({
+                messsage: tpl(messages.missingUuid)
+            });
+        }
+
+        const member = await membersService.api.memberBREADService.read({uuid});
+        if (!member) {
+            throw new errors.UnauthorizedError({
+                message: tpl(messages.invalidUuid)
+            });
+        }
+        Object.assign(req, {member});
+        res.locals.member = req.member;
+        next();
+    } catch (err) {
+        next(err);
+    }
+};
+
 const getIdentityToken = async function (req, res) {
     try {
         const token = await membersService.ssr.getIdentityTokenForMemberFromSession(req, res);
@@ -216,6 +255,7 @@ const createSessionFromMagicLink = async function (req, res, next) {
 // Set req.member & res.locals.member if a cookie is set
 module.exports = {
     loadMemberSession,
+    authMemberByUuid,
     createSessionFromMagicLink,
     getIdentityToken,
     getMemberNewsletters,

package/core/server/services/notifications/notifications.js

@@ -5,7 +5,7 @@ const _ = require('lodash');
 const errors = require('@tryghost/errors');
 const ghostVersion = require('@tryghost/version');
 const tpl = require('@tryghost/tpl');
-const ObjectId = require('bson-objectid');
+const ObjectId = require('bson-objectid').default;
 
 const messages = {
     noPermissionToDismissNotif: 'You do not have permission to dismiss this notification.',

package/core/server/services/settings/settings-service.js

@@ -13,7 +13,7 @@ const mail = require('../mail');
 const SingleUseTokenProvider = require('../members/SingleUseTokenProvider');
 const urlUtils = require('../../../shared/url-utils');
 
-const ObjectId = require('bson-objectid');
+const ObjectId = require('bson-objectid').default;
 const settingsHelpers = require('../settings-helpers');
 
 const MAGIC_LINK_TOKEN_VALIDITY = 24 * 60 * 60 * 1000;

package/core/server/services/themes/storage.js

@@ -1,6 +1,6 @@
 const debug = require('@tryghost/debug')('themes');
 const fs = require('fs-extra');
-const ObjectID = require('bson-objectid');
+const ObjectID = require('bson-objectid').default;
 
 const tpl = require('@tryghost/tpl');
 const logging = require('@tryghost/logging');

package/core/server/services/webhooks/serialize.js

@@ -13,7 +13,7 @@ module.exports = (event, model) => {
         ops.push(() => {
             let frame = {options: {previous: false, context: {user: true}}};
 
-            // NOTE: below options are lost in the during event processing, a more holistic approach would be
+            // @NOTE: below options are lost during event processing, a more holistic approach would be
             //       to pass them somehow along with the model
             if (['posts', 'pages'].includes(docName)) {
                 frame.options.formats = ['mobiledoc', 'html', 'plaintext'];

package/core/server/web/admin/app.js

@@ -20,6 +20,8 @@ module.exports = function setupAdminApp() {
     // @NOTE: when we start working on HTTP/3 optimizations the immutable headers
     //        produced below should be split into separate 'Cache-Control' entry.
     //        For reference see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching#validation_2
+    // @NOTE: the maxAge config passed below are in milliseconds and the config
+    //        is specified in seconds. See https://github.com/expressjs/serve-static/issues/150 for more context
     adminApp.use('/assets', serveStatic(
         path.join(config.get('paths').adminAssets, 'assets'), {
             maxAge: (configMaxAge || configMaxAge === 0) ? configMaxAge : constants.ONE_YEAR_MS,

package/core/server/web/api/endpoints/admin/routes.js

@@ -3,7 +3,6 @@ const api = require('../../../../api').endpoints;
 const {http} = require('@tryghost/api-framework');
 const apiMw = require('../../middleware');
 const mw = require('./middleware');
-const labs = require('../../../../../shared/labs');
 
 const shared = require('../../../shared');
 
@@ -310,7 +309,7 @@ module.exports = function apiRoutes() {
     router.put('/newsletters/verifications/', mw.authAdminApi, http(api.newsletters.verifyPropertyUpdate));
     router.put('/newsletters/:id', mw.authAdminApi, http(api.newsletters.edit));
 
-    router.get('/links', labs.enabledMiddleware('emailClicks'), mw.authAdminApi, http(api.links.browse));
+    router.get('/links', mw.authAdminApi, http(api.links.browse));
 
     return router;
 };

package/core/server/web/members/app.js

@@ -10,6 +10,8 @@ const shared = require('../shared');
 const labs = require('../../../shared/labs');
 const errorHandler = require('@tryghost/mw-error-handler');
 const config = require('../../../shared/config');
+const {http} = require('@tryghost/api-framework');
+const api = require('../../api').endpoints;
 
 const commentRouter = require('../comments');
 
@@ -65,6 +67,16 @@ module.exports = function setupMembersApp() {
     // Comments
     membersApp.use('/api/comments', commentRouter());
 
+    // Feedback
+    membersApp.post(
+        '/api/feedback', 
+        labs.enabledMiddleware('audienceFeedback'), 
+        bodyParser.json({limit: '50mb'}), 
+        middleware.loadMemberSession, 
+        middleware.authMemberByUuid, 
+        http(api.feedbackMembers.add)
+    );
+
     // API error handling
     membersApp.use('/api', errorHandler.resourceNotFound);
     membersApp.use('/api', errorHandler.handleJSONResponse(sentry));

package/core/shared/config/defaults.json

@@ -168,7 +168,7 @@
     "comments": {
         "url": "https://cdn.jsdelivr.net/ghost/comments-ui@~{version}/umd/comments-ui.min.js",
         "styles": "https://cdn.jsdelivr.net/ghost/comments-ui@~{version}/umd/main.css",
-        "version": "0.10.1"
+        "version": "0.10"
     },
     "editor": {
         "url": "https://unpkg.com/@tryghost/koenig-lexical@~{version}/dist/koenig-lexical.umd.js",

package/core/shared/labs.js

@@ -19,22 +19,24 @@ const GA_FEATURES = [
     'freeTrial',
     'compExpiring',
     'searchHelper',
-    'emailAlerts',
-    'emailClicks'
+    'emailAlerts'
 ];
 
 // NOTE: this allowlist is meant to be used to filter out any unexpected
 //       input for the "labs" setting value
 const BETA_FEATURES = [
     'activitypub',
+    'sourceAttribution',
     'memberAttribution'
 ];
 
 const ALPHA_FEATURES = [
     'urlCache',
     'beforeAfterCard',
-    'sourceAttribution',
-    'lexicalEditor'
+    'lexicalEditor',
+    'exploreApp',
+    'audienceFeedback',
+    'fixNewsletterLinks'
 ];
 
 module.exports.GA_KEYS = [...GA_FEATURES];