ghost 5.2.2 → 5.3.0

package/core/server/services/explore/index.js

@@ -0,0 +1,18 @@
+const ExploreService = require('./service');
+
+const MembersService = require('../members');
+const PostsService = require('../posts/posts-service')();
+const PublicConfigService = require('../public-config');
+const StatsService = require('../stats');
+const StripeService = require('../stripe');
+
+const models = require('../../models');
+
+module.exports = new ExploreService({
+    MembersService,
+    PostsService,
+    PublicConfigService,
+    StatsService,
+    StripeService,
+    UserModel: models.User
+});

package/core/server/services/explore/service.js

@@ -0,0 +1,55 @@
+const ghostVersion = require('@tryghost/version');
+
+module.exports = class ExploreService {
+    /**
+     * @param {Object} options
+     * @param {Object} options.MembersService
+     * @param {Object} options.PostsService
+     * @param {Object} options.PublicConfigService
+     * @param {Object} options.StatsService
+     * @param {Object} options.StripeService
+     * @param {Object} options.UserModel
+     */
+    constructor({MembersService, PostsService, PublicConfigService, StatsService, StripeService, UserModel}) {
+        this.MembersService = MembersService;
+        this.PostsService = PostsService;
+        this.PublicConfigService = PublicConfigService;
+        this.StatsService = StatsService;
+        this.StripeService = StripeService;
+        this.UserModel = UserModel;
+    }
+
+    /**
+     * Build and return the response object containing the data for the Ghost Explore endpoint
+     */
+    async fetchData() {
+        const totalMembers = await this.MembersService.stats.getTotalMembers();
+        const mrrStats = await this.StatsService.getMRRHistory();
+
+        const {description, icon, title, url} = this.PublicConfigService.site;
+
+        const exploreProperties = {
+            version: ghostVersion.full,
+            totalMembers,
+            mrrStats,
+            site: {
+                description,
+                icon,
+                title,
+                url
+            },
+            stripe: {
+                configured: this.StripeService.api.configured,
+                livemode: (this.StripeService.api.configured && this.StripeService.api.mode === 'live')
+            }
+        };
+
+        const mostRecentlyPublishedPost = await this.PostsService.getMostRecentlyPublishedPost();
+        exploreProperties.mostRecentlyPublishedAt = mostRecentlyPublishedPost?.get('published_at') || null;
+
+        const owner = await this.UserModel.findOne({role: 'Owner', status: 'all'});
+        exploreProperties.ownerEmail = owner?.get('email') || null;
+
+        return exploreProperties;
+    }
+};

package/core/server/services/members/middleware.js

@@ -75,7 +75,7 @@ const getMemberNewsletters = async function (req, res) {
             return res.end('Email address not found.');
         }
 
-        const data = _.pick(memberData.toJSON(), 'uuid', 'email', 'name', 'newsletters', 'status');
+        const data = _.pick(memberData.toJSON(), 'uuid', 'email', 'name', 'newsletters', 'enable_comment_notifications', 'status');
         return res.json(data);
     } catch (err) {
         res.writeHead(400);
@@ -91,7 +91,7 @@ const updateMemberNewsletters = async function (req, res) {
             return res.end('Invalid member uuid');
         }
 
-        const data = _.pick(req.body, 'newsletters');
+        const data = _.pick(req.body, 'newsletters', 'enable_comment_notifications');
         const memberData = await membersService.api.members.get({
             uuid: memberUuid
         });
@@ -106,7 +106,7 @@ const updateMemberNewsletters = async function (req, res) {
         };
 
         const updatedMember = await membersService.api.members.update(data, options);
-        const updatedMemberData = _.pick(updatedMember.toJSON(), ['uuid', 'email', 'name', 'newsletters', 'status']);
+        const updatedMemberData = _.pick(updatedMember.toJSON(), ['uuid', 'email', 'name', 'newsletters', 'enable_comment_notifications', 'status']);
         res.json(updatedMemberData);
     } catch (err) {
         res.writeHead(400);
@@ -116,7 +116,7 @@ const updateMemberNewsletters = async function (req, res) {
 
 const updateMemberData = async function (req, res) {
     try {
-        const data = _.pick(req.body, 'name', 'subscribed', 'newsletters');
+        const data = _.pick(req.body, 'name', 'subscribed', 'newsletters', 'enable_comment_notifications');
         const member = await membersService.ssr.getMemberDataFromSession(req, res);
         if (member) {
             const options = {

package/core/server/services/members/utils.js

@@ -16,7 +16,8 @@ module.exports.formattedMemberResponse = function formattedMemberResponse(member
         avatar_image: member.avatar_image,
         subscribed: !!member.subscribed,
         subscriptions: member.subscriptions || [],
-        paid: member.status !== 'free'
+        paid: member.status !== 'free',
+        enable_comment_notifications: member.enable_comment_notifications
     };
     if (member.newsletters) {
         data.newsletters = formatNewsletterResponse(member.newsletters);

package/core/server/services/permissions/can-this.js

@@ -27,7 +27,8 @@ CanThisResult.prototype.buildObjectTypeHandlers = function (objTypes, actType, c
         permission: models.Permission,
         setting: models.Settings,
         invite: models.Invite,
-        integration: models.Integration
+        integration: models.Integration,
+        comment: models.Comment
     };
 
     // Iterate through the object types, i.e. ['post', 'tag', 'user']
@@ -57,10 +58,12 @@ CanThisResult.prototype.buildObjectTypeHandlers = function (objTypes, actType, c
             return permissionLoad.then(function (loadedPermissions) {
                 // Iterate through the user permissions looking for an affirmation
                 const userPermissions = loadedPermissions.user ? loadedPermissions.user.permissions : null;
-
                 const apiKeyPermissions = loadedPermissions.apiKey ? loadedPermissions.apiKey.permissions : null;
+                const memberPermissions = loadedPermissions.member ? loadedPermissions.member.permissions : null;
+
                 let hasUserPermission;
                 let hasApiKeyPermission;
+                let hasMemberPermission = false;
 
                 const checkPermission = function (perm) {
                     let permObjId;
@@ -91,6 +94,10 @@ CanThisResult.prototype.buildObjectTypeHandlers = function (objTypes, actType, c
                     hasUserPermission = _.some(userPermissions, checkPermission);
                 }
 
+                if (loadedPermissions.member) {
+                    hasMemberPermission = _.some(memberPermissions, checkPermission);
+                }
+
                 // Check api key permissions if they were passed
                 hasApiKeyPermission = true;
                 if (!_.isNull(apiKeyPermissions)) {
@@ -102,7 +109,7 @@ CanThisResult.prototype.buildObjectTypeHandlers = function (objTypes, actType, c
                 // Offer a chance for the TargetModel to override the results
                 if (TargetModel && _.isFunction(TargetModel.permissible)) {
                     return TargetModel.permissible(
-                        modelId, actType, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasApiKeyPermission
+                        modelId, actType, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasApiKeyPermission, hasMemberPermission
                     );
                 }
 
@@ -122,6 +129,7 @@ CanThisResult.prototype.beginCheck = function (context) {
     const self = this;
     let userPermissionLoad;
     let apiKeyPermissionLoad;
+    let memberPermissionLoad;
     let permissionsLoad;
 
     // Get context.user, context.api_key and context.app
@@ -147,11 +155,16 @@ CanThisResult.prototype.beginCheck = function (context) {
         apiKeyPermissionLoad = Promise.resolve(null);
     }
 
+    if (context.member) {
+        memberPermissionLoad = providers.member(context.member.id);
+    }
+
     // Wait for both user and app permissions to load
-    permissionsLoad = Promise.all([userPermissionLoad, apiKeyPermissionLoad]).then(function (result) {
+    permissionsLoad = Promise.all([userPermissionLoad, apiKeyPermissionLoad, memberPermissionLoad]).then(function (result) {
         return {
             user: result[0],
-            apiKey: result[1]
+            apiKey: result[1],
+            member: result[2]
         };
     });
 

package/core/server/services/permissions/parse-context.js

@@ -12,6 +12,7 @@ module.exports = function parseContext(context) {
         user: null,
         api_key: null,
         integration: null,
+        member: null,
         public: true
     };
 
@@ -37,5 +38,9 @@ module.exports = function parseContext(context) {
         parsed.public = (context.api_key.type === 'content');
     }
 
+    if (context && context.member) {
+        parsed.member = context.member;
+    }
+
     return parsed;
 };

package/core/server/services/permissions/providers.js

@@ -6,7 +6,8 @@ const tpl = require('@tryghost/tpl');
 
 const messages = {
     userNotFound: 'User not found',
-    apiKeyNotFound: 'API Key not found'
+    apiKeyNotFound: 'API Key not found',
+    memberNotFound: 'Member not found'
 };
 
 module.exports = {
@@ -72,5 +73,20 @@ module.exports = {
 
                 return {permissions, roles};
             });
+    },
+
+    async member(id) {
+        const foundMember = await models.Member.findOne({id});
+        if (!foundMember) {
+            throw new errors.NotFoundError({
+                message: tpl(messages.memberNotFound)
+            });
+        }
+
+        // @TODO: figure out how we want to associate members with permissions
+        // Dirty code to load all comment permissions except moderation for members
+        const permissions = await models.Permission.findAll({filter: 'object_type:comment+action_type:-moderate'});
+
+        return {permissions: permissions.models};
     }
 };

package/core/server/services/posts/posts-service.js

@@ -76,6 +76,20 @@ class PostsService {
         }
     }
 
+    /**
+     * Returns the most recently `published_at` post that was published or sent
+     * via email
+     */
+    async getMostRecentlyPublishedPost() {
+        const recentlyPublishedPost = await this.models.Post.findPage({
+            status: ['published', 'sent'],
+            order: 'published_at DESC',
+            limit: 1
+        });
+
+        return recentlyPublishedPost?.data[0];
+    }
+
     /**
      * Calculates if the email should be tried to be sent out
      * @private

package/core/server/services/users.js

@@ -46,6 +46,8 @@ class Users {
         this.auth = auth;
         this.apiMail = apiMail;
         this.apiSettings = apiSettings;
+
+        this.assignTagToUserPosts = this.assignTagToUserPosts.bind(this);
     }
 
     async resetAllPasswords(frameOptions) {
@@ -68,6 +70,77 @@ class Users {
         });
     }
 
+    async assignTagToUserPosts({id, context, transacting}) {
+        // create an internal tag to assign to reassigned posts
+        // in following format: `#{author_slug}`
+        const author = await this.models.User.findOne({
+            id
+        }, {
+            id,
+            context,
+            transacting
+        });
+        let tag = await this.models.Tag.findOne({
+            slug: `hash-${author.get('slug')}`
+        }, {
+            context,
+            transacting
+        });
+
+        if (!tag) {
+            tag = await this.models.Tag.add({
+                slug: `#${author.get('slug')}`
+            }, {
+                context,
+                transacting
+            });
+        }
+
+        const userPosts = await this.models.Base.knex('posts_authors')
+            .transacting(transacting)
+            .where('author_id', id)
+            .select('post_id');
+        const usersPostIds = userPosts.map(p => p.post_id);
+
+        // Add a tag to all posts that do not have the author tag yet
+        // NOTE: the method is implemented in an iterative way to avoid
+        //       memory consumption in case the user has thousands of posts
+        //       assigned to them. Also, didn't have any "bulk" way to add
+        //       a tag to multiple posts as the "sort_order" needs custom
+        //       logic to be run for each post.
+        //       Rewrite this bit if/when we hit a performance bottleneck here
+        for (const postId of usersPostIds) {
+            const post = await this.models.Post.findOne({
+                id: postId
+            }, {
+                id: postId,
+                withRelated: ['tags'],
+                context,
+                transacting
+            });
+
+            // check if tag already assigned to the post
+            const existingTagSlugs = post.relations.tags.models.map(t => t.get('slug'));
+
+            if (!existingTagSlugs.includes(tag.get('slug'))) {
+                await this.models.Post.edit({
+                    tags: [...post.relations.tags.models, tag]
+                }, {
+                    id: postId,
+                    context,
+                    transacting
+                });
+            }
+        }
+    }
+
+    /**
+     *
+     * @param {Object} frameOptions
+     * @param {string} frameOptions.id - user ID to destroy
+     * @param {Object} frameOptions.context - frame context to perform the action
+     * @returns
+     */
     async destroyUser(frameOptions) {
         const backupPath = await this.dbBackup.backup();
         const parsedFileName = path.parse(backupPath);
@@ -76,7 +149,17 @@ class Users {
         return this.models.Base.transaction(async (t) => {
             frameOptions.transacting = t;
 
-            await this.models.Post.reassignByAuthor(frameOptions);
+            await this.assignTagToUserPosts({
+                id: frameOptions.id,
+                context: frameOptions.context,
+                transacting: frameOptions.transacting
+            });
+
+            await this.models.Post.reassignByAuthor({
+                id: frameOptions.id,
+                context: frameOptions.context,
+                transacting: frameOptions.transacting
+            });
 
             try {
                 await this.models.ApiKey.destroy({

package/core/server/web/admin/app.js

@@ -21,6 +21,10 @@ module.exports = function setupAdminApp() {
         {maxAge: (configMaxAge || configMaxAge === 0) ? configMaxAge : constants.ONE_YEAR_MS, fallthrough: false}
     ));
 
+    adminApp.use('/auth-frame', serveStatic(
+        config.get('paths').adminAuthAssets
+    ));
+
     // Ember CLI's live-reload script
     if (config.get('env') === 'development') {
         adminApp.get('/ember-cli-live-reload.js', function emberLiveReload(req, res) {

package/core/server/web/admin/views/default-prod.html

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
 
     
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.2%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.3%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
 
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -37,8 +37,8 @@
     </style>
 
     
-                <link rel="stylesheet" href="assets/vendor.min-ba66b98f7c24fa40e061c7ffc94f4e23.css">
-                <link rel="stylesheet" href="assets/ghost.min-c74f50609022cebf13ad28810def68b6.css" title="light">
+                <link rel="stylesheet" href="assets/vendor.min-4a6661c574707ceca220aa2e76558995.css">
+                <link rel="stylesheet" href="assets/ghost.min-e7cfbd1800f8e99b9158f74f1e39cd76.css" title="light">
             
 
     
@@ -56,8 +56,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
 
 
-                <script src="assets/vendor.min-ea369e6487643585f35409d474b06789.js"></script>
-                <script src="assets/ghost.min-971a0ff706bbf9e24f0b0a5770c8fc41.js"></script>
+                <script src="assets/vendor.min-4076498ccd6c8412365f43b156084ed8.js"></script>
+                <script src="assets/ghost.min-f4bba3a2a5ef256b82641345505d4f0f.js"></script>
             
 </body>
 </html>

package/core/server/web/admin/views/default.html

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
 
     
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.2%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.3%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
 
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -37,8 +37,8 @@
     </style>
 
     
-                <link rel="stylesheet" href="assets/vendor.min-ba66b98f7c24fa40e061c7ffc94f4e23.css">
-                <link rel="stylesheet" href="assets/ghost.min-c74f50609022cebf13ad28810def68b6.css" title="light">
+                <link rel="stylesheet" href="assets/vendor.min-4a6661c574707ceca220aa2e76558995.css">
+                <link rel="stylesheet" href="assets/ghost.min-e7cfbd1800f8e99b9158f74f1e39cd76.css" title="light">
             
 
     
@@ -56,8 +56,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
 
 
-                <script src="assets/vendor.min-ea369e6487643585f35409d474b06789.js"></script>
-                <script src="assets/ghost.min-971a0ff706bbf9e24f0b0a5770c8fc41.js"></script>
+                <script src="assets/vendor.min-4076498ccd6c8412365f43b156084ed8.js"></script>
+                <script src="assets/ghost.min-f4bba3a2a5ef256b82641345505d4f0f.js"></script>
             
 </body>
 </html>

package/core/server/web/api/app.js

@@ -16,8 +16,8 @@ module.exports = function setupApiApp() {
     apiApp.use(APIVersionCompatibilityService.versionRewrites);
     apiApp.use(APIVersionCompatibilityService.contentVersion);
 
-    apiApp.lazyUse('/content/', require('./canary/content/app'));
-    apiApp.lazyUse('/admin/', require('./canary/admin/app'));
+    apiApp.lazyUse('/content/', require('./endpoints/content/app'));
+    apiApp.lazyUse('/admin/', require('./endpoints/admin/app'));
 
     // Error handling for requests to non-existent API versions
     apiApp.use(errorHandler.resourceNotFound);

package/core/server/web/api/{canary → endpoints}/admin/app.js

@@ -1,4 +1,4 @@
-const debug = require('@tryghost/debug')('web:canary:admin:app');
+const debug = require('@tryghost/debug')('web:endpoints:admin:app');
 const boolParser = require('express-query-boolean');
 const express = require('../../../../../shared/express');
 const bodyParser = require('body-parser');
@@ -10,8 +10,8 @@ const routes = require('./routes');
 const APIVersionCompatibilityService = require('../../../../services/api-version-compatibility');
 
 module.exports = function setupApiApp() {
-    debug('Admin API canary setup start');
-    const apiApp = express('canary admin');
+    debug('Admin API setup start');
+    const apiApp = express('admin api');
 
     // API middleware
 
@@ -37,7 +37,7 @@ module.exports = function setupApiApp() {
     apiApp.use(APIVersionCompatibilityService.errorHandler);
     apiApp.use(errorHandler.handleJSONResponse(sentry));
 
-    debug('Admin API canary setup end');
+    debug('Admin API setup end');
 
     return apiApp;
 };

package/core/server/web/api/{canary → endpoints}/admin/middleware.js

@@ -33,6 +33,7 @@ const notImplemented = function (req, res, next) {
         offers: ['GET', 'PUT', 'POST'],
         newsletters: ['GET', 'PUT', 'POST'],
         config: ['GET'],
+        explore: ['GET'],
         schedules: ['PUT'],
         files: ['POST'],
         media: ['POST'],

package/core/server/web/api/{canary → endpoints}/admin/routes.js

@@ -7,7 +7,7 @@ const mw = require('./middleware');
 const shared = require('../../../shared');
 
 module.exports = function apiRoutes() {
-    const router = express.Router('canary admin');
+    const router = express.Router('admin api');
 
     // alias delete with del
     router.del = router.delete;
@@ -20,6 +20,9 @@ module.exports = function apiRoutes() {
     // ## Configuration
     router.get('/config', mw.authAdminApi, http(api.config.read));
 
+    // ## Ghost Explore
+    router.get('/explore', mw.authAdminApi, http(api.explore.read));
+
     // ## Posts
     router.get('/posts', mw.authAdminApi, http(api.posts.browse));
     router.post('/posts', mw.authAdminApi, http(api.posts.add));
@@ -28,6 +31,8 @@ module.exports = function apiRoutes() {
     router.put('/posts/:id', mw.authAdminApi, http(api.posts.edit));
     router.del('/posts/:id', mw.authAdminApi, http(api.posts.destroy));
 
+    router.put('/comments/:id', mw.authAdminApi, http(api.comments.edit));
+
     // ## Pages
     router.get('/pages', mw.authAdminApi, http(api.pages.browse));
     router.post('/pages', mw.authAdminApi, http(api.pages.add));

package/core/server/web/api/{canary → endpoints}/content/app.js

@@ -1,4 +1,4 @@
-const debug = require('@tryghost/debug')('web:api:canary:content:app');
+const debug = require('@tryghost/debug')('web:api:endpoints:content:app');
 const boolParser = require('express-query-boolean');
 const bodyParser = require('body-parser');
 const express = require('../../../../../shared/express');
@@ -9,8 +9,8 @@ const errorHandler = require('@tryghost/mw-error-handler');
 const apiVersionCompatibility = require('../../../../services/api-version-compatibility');
 
 module.exports = function setupApiApp() {
-    debug('Content API canary setup start');
-    const apiApp = express('canary content');
+    debug('Content API setup start');
+    const apiApp = express('content api');
 
     // API middleware
 
@@ -31,7 +31,7 @@ module.exports = function setupApiApp() {
     apiApp.use(apiVersionCompatibility.errorHandler);
     apiApp.use(errorHandler.handleJSONResponse(sentry));
 
-    debug('Content API canary setup end');
+    debug('Content API setup end');
 
     return apiApp;
 };

package/core/server/web/api/{canary → endpoints}/content/routes.js

@@ -5,7 +5,7 @@ const http = require('../../../../api').shared.http;
 const mw = require('./middleware');
 
 module.exports = function apiRoutes() {
-    const router = express.Router('canary content');
+    const router = express.Router('content api');
 
     router.use(cors());
 

package/core/server/web/api/testmode/routes.js

@@ -5,7 +5,7 @@ const jobsService = require('../../../services/jobs');
 
 /** A bunch of helper routes for testing purposes */
 module.exports = function testRoutes() {
-    const router = express.Router('canary admin');
+    const router = express.Router('testmode');
 
     router.get('/500', (req, res) => res.sendStatus(500));
     router.get('/400', (req, res) => res.sendStatus(400));

package/core/server/web/comments/index.js

@@ -0,0 +1 @@
+module.exports = require('./routes');

package/core/server/web/comments/routes.js

@@ -0,0 +1,28 @@
+const express = require('../../../shared/express');
+const api = require('../../api').endpoints;
+const http = require('../../api').shared.http;
+
+const bodyParser = require('body-parser');
+const membersService = require('../../../server/services/members');
+
+module.exports = function apiRoutes() {
+    const router = express.Router('comment api');
+
+    router.use(bodyParser.json({limit: '50mb'}));
+
+    // Global handling for member session, ensures a member is logged in to the frontend
+    router.use(membersService.middleware.loadMemberSession);
+
+    router.post('/counts', http(api.commentsComments.counts));
+
+    router.get('/', http(api.commentsComments.browse));
+    router.get('/:id', http(api.commentsComments.read));
+    router.post('/', http(api.commentsComments.add));
+    router.put('/:id', http(api.commentsComments.edit));
+    router.delete('/:id', http(api.commentsComments.destroy));
+
+    router.post('/:id/like', http(api.commentsComments.like));
+    router.delete('/:id/like', http(api.commentsComments.unlike));
+
+    return router;
+};

package/core/server/web/members/app.js

@@ -12,6 +12,8 @@ const shared = require('../shared');
 const labs = require('../../../shared/labs');
 const errorHandler = require('@tryghost/mw-error-handler');
 
+const commentRouter = require('../comments');
+
 module.exports = function setupMembersApp() {
     debug('Members App setup start');
     const membersApp = express('members');
@@ -54,6 +56,9 @@ module.exports = function setupMembersApp() {
     membersApp.put('/api/subscriptions/:id', (req, res, next) => membersService.api.middleware.updateSubscription(req, res, next));
     membersApp.post('/api/events', labs.enabledMiddleware('membersActivity'), middleware.loadMemberSession, (req, res, next) => membersService.api.middleware.createEvents(req, res, next));
 
+    // Comments
+    membersApp.use('/api/comments', commentRouter());
+
     // API error handling
     membersApp.use('/api', errorHandler.resourceNotFound);
     membersApp.use('/api', errorHandler.handleJSONResponse(sentry));

package/core/server/web/parent/frontend.js

@@ -18,6 +18,7 @@ module.exports = (routerConfig) => {
     frontendApp.use(shared.middleware.urlRedirects.frontendSSLRedirect);
 
     frontendApp.lazyUse('/members', require('../members'));
+    frontendApp.lazyUse('/comments', require('../comments'));
     frontendApp.use('/', require('../../../frontend/web')(routerConfig));
 
     return frontendApp;