ghost 5.26.4 → 5.28.0

package/core/built/admin/index.html

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
 
     
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.26%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.28%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
 
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -37,7 +37,7 @@
     </style>
 
     <link integrity="" rel="stylesheet" href="assets/vendor-3e6947aa681f0fb82b193090e520dc73.css">
-    <link integrity="" rel="stylesheet" href="assets/ghost-830670d910cea64d98ab083aafd1dffd.css" title="light">
+    <link integrity="" rel="stylesheet" href="assets/ghost-1532517fd24b662b42a85ea0881865a5.css" title="light">
 
     
 </head>
@@ -56,9 +56,9 @@
 
     <div id="ember-basic-dropdown-wormhole"></div>
 
-    <script src="assets/vendor-5aae14724f891e36c43786254980485c.js"></script>
-<script src="assets/chunk.613.25718fa355a25fc2a7c1.js"></script>
-<script src="assets/chunk.143.f9454a947ce3ca9468a9.js"></script>
-    <script src="assets/ghost-5429d972966c85a0a24d766f93db999d.js"></script>
+    <script src="assets/vendor-dbf84caa0968ef5da0486055da6636da.js"></script>
+<script src="assets/chunk.380.de3a9bf5161ab5300d23.js"></script>
+<script src="assets/chunk.143.16c07be45a0c39262995.js"></script>
+    <script src="assets/ghost-d8834e309d8e4800057d6d17fed9415b.js"></script>
 </body>
 </html>

package/core/frontend/helpers/get.js

@@ -13,7 +13,7 @@ const jsonpath = require('jsonpath');
 
 const messages = {
     mustBeCalledAsBlock: 'The {\\{{helperName}}} helper must be called as a block. E.g. {{#{helperName}}}...{{/{helperName}}}',
-    invalidResource: 'Invalid resource given to get helper'
+    invalidResource: 'Invalid "{resource}" resource given to get helper'
 };
 
 const createFrame = hbs.handlebars.createFrame;
@@ -193,7 +193,7 @@ module.exports = async function get(resource, options) {
     }
 
     if (!RESOURCES[resource]) {
-        data.error = tpl(messages.invalidResource);
+        data.error = tpl(messages.invalidResource, {resource});
         logging.warn(data.error);
         return options.inverse(self, {data: data});
     }

package/core/frontend/web/middleware/error-handler.js

@@ -47,8 +47,6 @@ const themeErrorRenderer = (err, req, res, next) => {
     // Format Data
     const data = {
         message: err.message,
-        // @deprecated Remove in Ghost 5.0
-        code: err.statusCode,
         statusCode: err.statusCode,
         errorDetails: err.errorDetails || []
     };

package/core/server/api/endpoints/themes.js

@@ -4,6 +4,7 @@ const models = require('../../models');
 
 // Used to emit theme.uploaded which is used in core/server/analytics-events
 const events = require('../../lib/common/events');
+const {settingsCache} = require('../../services/settings-helpers');
 
 module.exports = {
     docName: 'themes',
@@ -15,6 +16,15 @@ module.exports = {
         }
     },
 
+    readActive: {
+        permissions: true,
+        async query() {
+            let themeName = settingsCache.get('active_theme');
+            const themeErrors = await themeService.api.getThemeErrors(themeName);
+            return themeService.api.getJSON(themeName, themeErrors);
+        }
+    },
+
     activate: {
         headers: {
             cacheInvalidate: true
@@ -42,15 +52,9 @@ module.exports = {
                 value: themeName
             }];
 
-            return themeService.api.activate(themeName)
-                .then((checkedTheme) => {
-                    // @NOTE: we use the model, not the API here, as we don't want to trigger permissions
-                    return models.Settings.edit(newSettings, frame.options)
-                        .then(() => checkedTheme);
-                })
-                .then((checkedTheme) => {
-                    return themeService.api.getJSON(themeName, checkedTheme);
-                });
+            const themeErrors = await themeService.api.activate(themeName);
+            await models.Settings.edit(newSettings, frame.options);
+            return themeService.api.getJSON(themeName, themeErrors);
         }
     },
 

package/core/server/api/endpoints/utils/serializers/output/mappers/index.js

@@ -4,6 +4,8 @@ module.exports = {
     authors: require('./authors'),
     comments: require('./comments'),
     emails: require('./emails'),
+    emailBatches: require('./email-batches'),
+    emailFailures: require('./email-failures'),
     images: require('./images'),
     integrations: require('./integrations'),
     pages: require('./pages'),

package/core/server/data/migrations/versions/5.27/2022-12-13-16-15-add-usage-colums-to-tokens.js

@@ -0,0 +1,20 @@
+const {createAddColumnMigration, combineNonTransactionalMigrations} = require('../../utils');
+
+module.exports = combineNonTransactionalMigrations(
+    createAddColumnMigration('tokens', 'updated_at', {
+        type: 'dateTime',
+        nullable: true
+    }),
+
+    createAddColumnMigration('tokens', 'first_used_at', {
+        type: 'dateTime',
+        nullable: true
+    }),
+
+    createAddColumnMigration('tokens', 'used_count', {
+        type: 'integer',
+        nullable: false,
+        unsigned: true,
+        defaultTo: 0
+    })
+);

package/core/server/data/migrations/versions/5.27/2023-01-04-04-12-drop-suppressions-table.js

@@ -0,0 +1,14 @@
+const {addTable} = require('../../utils');
+
+const migration = addTable('suppressions', {
+    id: {type: 'string', maxlength: 24, nullable: false, primary: true},
+    email_address: {type: 'string', maxlength: 191, nullable: false, unique: true},
+    email_id: {type: 'string', maxlength: 24, nullable: true, references: 'emails.id'},
+    reason: {type: 'string', maxlength: 50, nullable: false},
+    created_at: {type: 'dateTime', nullable: false}
+});
+
+module.exports = {
+    up: migration.down,
+    down: migration.up
+};

package/core/server/data/migrations/versions/5.27/2023-01-04-04-13-add-suppressions-table.js

@@ -0,0 +1,9 @@
+const {addTable} = require('../../utils');
+
+module.exports = addTable('suppressions', {
+    id: {type: 'string', maxlength: 24, nullable: false, primary: true},
+    email: {type: 'string', maxlength: 191, nullable: false, unique: true},
+    email_id: {type: 'string', maxlength: 24, nullable: true, references: 'emails.id'},
+    reason: {type: 'string', maxlength: 50, nullable: false},
+    created_at: {type: 'dateTime', nullable: false}
+});

package/core/server/data/migrations/versions/5.28/2023-01-05-15-13-add-active-theme-permissions.js

@@ -0,0 +1,12 @@
+const {addPermissionWithRoles} = require('../../utils');
+
+module.exports = addPermissionWithRoles({
+    name: 'View active theme details',
+    action: 'readActive',
+    object: 'theme'
+}, [
+    'Author',
+    'Editor',
+    'Administrator',
+    'Admin Integration'
+]);

package/core/server/data/schema/fixtures/fixtures.json

@@ -214,6 +214,11 @@
                     "action_type": "activate",
                     "object_type": "theme"
                 },
+                {
+                    "name": "View active theme details",
+                    "action_type": "readActive",
+                    "object_type": "theme"
+                },
                 {
                     "name": "Upload themes",
                     "action_type": "add",
@@ -804,7 +809,7 @@
                     "user": "all",
                     "role": "all",
                     "invite": "all",
-                    "theme": ["browse"],
+                    "theme": ["browse", "readActive"],
                     "email_preview": "all",
                     "email": "all",
                     "snippet": "all",
@@ -819,7 +824,7 @@
                     "tag": ["browse", "read", "add"],
                     "user": ["browse", "read"],
                     "role": ["browse"],
-                    "theme": ["browse"],
+                    "theme": ["browse", "readActive"],
                     "email_preview": "read",
                     "email": "read",
                     "snippet": ["browse", "read"],

package/core/server/data/schema/schema.js

@@ -858,6 +858,9 @@ module.exports = {
         token: {type: 'string', maxlength: 32, nullable: false, index: true},
         data: {type: 'string', maxlength: 2000, nullable: true},
         created_at: {type: 'dateTime', nullable: false},
+        updated_at: {type: 'dateTime', nullable: true},
+        first_used_at: {type: 'dateTime', nullable: true},
+        used_count: {type: 'integer', nullable: false, unsigned: true, defaultTo: 0},
         created_by: {type: 'string', maxlength: 24, nullable: false}
     },
     snippets: {
@@ -952,7 +955,7 @@ module.exports = {
     },
     suppressions: {
         id: {type: 'string', maxlength: 24, nullable: false, primary: true},
-        email_address: {type: 'string', maxlength: 191, nullable: false, unique: true, validations: {isEmail: true}},
+        email: {type: 'string', maxlength: 191, nullable: false, unique: true, validations: {isEmail: true}},
         email_id: {type: 'string', maxlength: 24, nullable: true, references: 'emails.id'},
         reason: {
             type: 'string',

package/core/server/models/member.js

@@ -50,7 +50,7 @@ const Member = ghostBookshelf.Model.extend({
             replacement: 'emails.post_id',
             // Currently we cannot expand on values such as null or a string in mongo-knex
             // But the line below is essentially the same as: `email_recipients.opened_at:-null`
-            expansion: 'email_recipients.opened_at:>=0' 
+            expansion: 'email_recipients.opened_at:>=0'
         }];
     },
 
@@ -165,6 +165,7 @@ const Member = ghostBookshelf.Model.extend({
 
     newsletters() {
         return this.belongsToMany('Newsletter', 'members_newsletters', 'member_id', 'newsletter_id')
+            .query('orderBy', 'newsletters.sort_order', 'ASC')
             .query((qb) => {
                 // avoids bookshelf adding a `DISTINCT` to the query
                 // we know the result set will already be unique and DISTINCT hurts query performance

package/core/server/models/product.js

@@ -143,7 +143,7 @@ const Product = ghostBookshelf.Model.extend({
     }
 }, {
     orderDefaultRaw() {
-        return 'stripe_prices.amount asc';
+        return 'monthly_price ASC';
     }
 });
 

package/core/server/models/single-use-token.js

@@ -1,12 +1,12 @@
 const ghostBookshelf = require('./base');
 const crypto = require('crypto');
-const logging = require('@tryghost/logging');
 
 const SingleUseToken = ghostBookshelf.Model.extend({
     tableName: 'tokens',
 
     defaults() {
         return {
+            used_count: 0,
             token: crypto
                 .randomBytes(192 / 8)
                 .toString('base64')
@@ -15,30 +15,7 @@ const SingleUseToken = ghostBookshelf.Model.extend({
                 .replace(/\//g, '_')
         };
     }
-}, {
-    async findOne(data, unfilteredOptions = {}) {
-        const model = await ghostBookshelf.Model.findOne.call(this, data, unfilteredOptions);
-
-        if (model) {
-            setTimeout(async () => {
-                try {
-                    await this.destroy(Object.assign({
-                        destroyBy: {
-                            id: model.id
-                        }
-                    }, {
-                        ...unfilteredOptions,
-                        transacting: null
-                    }));
-                } catch (err) {
-                    logging.error(err);
-                }
-            }, 10 * 60 * 1000);
-        }
-
-        return model;
-    }
-});
+}, {});
 
 const SingleUseTokens = ghostBookshelf.Collection.extend({
     model: SingleUseToken

package/core/server/services/bulk-email/bulk-email-processor.js

@@ -12,6 +12,12 @@ const postEmailSerializer = require('../mega/post-email-serializer');
 const configService = require('../../../shared/config');
 const settingsCache = require('../../../shared/settings-cache');
 
+async function sleep(ms) {
+    return new Promise((resolve) => {
+        setTimeout(resolve, ms);
+    });
+}
+
 const messages = {
     error: 'The email service received an error from mailgun and was unable to send.'
 };
@@ -145,14 +151,27 @@ module.exports = {
             });
         }
 
-        // get recipient rows via knex to avoid costly bookshelf model instantiation
-        const recipientRows = await models.EmailRecipient
-            .getFilteredCollectionQuery({filter: `batch_id:${emailBatchId}`});
-
         // Patch to prevent saving the related email model
         await emailBatchModel.save({status: 'submitting'}, {...knexOptions, patch: true});
 
         try {
+            // get recipient rows via knex to avoid costly bookshelf model instantiation
+            let recipientRows = await models.EmailRecipient.getFilteredCollectionQuery({filter: `batch_id:${emailBatchId}`}, knexOptions);
+
+            // For an unknown reason, the returned recipient rows is sometimes an empty array
+            // refs https://github.com/TryGhost/Team/issues/2246
+            let counter = 0;
+            while (recipientRows.length === 0 && counter < 5) {
+                logging.info('[sendEmailJob] Found zero recipients [retries:' + counter + '] for email batch ' + emailBatchId);
+
+                counter += 1;
+                await sleep(200);
+                recipientRows = await models.EmailRecipient.getFilteredCollectionQuery({filter: `batch_id:${emailBatchId}`}, knexOptions);
+            }
+            if (counter > 0) {
+                logging.info('[sendEmailJob] Recovered recipients [retries:' + counter + '] for email batch ' + emailBatchId + ' - ' + recipientRows.length + ' recipients found');
+            }
+
             // Load newsletter data on email
             await emailBatchModel.relations.email.getLazyRelation('newsletter', {require: false, ...knexOptions});
 

package/core/server/services/email-service/wrapper.js

@@ -101,7 +101,8 @@ class EmailServiceWrapper {
             emailRenderer,
             emailSegmenter,
             limitService,
-            membersRepository
+            membersRepository,
+            verificationTrigger: membersService.verificationTrigger
         });
 
         this.controller = new EmailController(this.service, {

package/core/server/services/email-suppression-list/MailgunEmailSuppressionList.js

@@ -35,7 +35,7 @@ class MailgunEmailSuppressionList extends AbstractEmailSuppressionList {
         try {
             await this.Suppression.destroy({
                 destroyBy: {
-                    email_address: email
+                    email: email
                 }
             });
         } catch (err) {
@@ -49,7 +49,7 @@ class MailgunEmailSuppressionList extends AbstractEmailSuppressionList {
     async getSuppressionData(email) {
         try {
             const model = await this.Suppression.findOne({
-                email_address: email
+                email: email
             });
 
             if (!model) {
@@ -73,11 +73,11 @@ class MailgunEmailSuppressionList extends AbstractEmailSuppressionList {
 
         try {
             const collection = await this.Suppression.findAll({
-                filter: `email_address:[${emails.join(',')}]`
+                filter: `email:[${emails.join(',')}]`
             });
 
             return emails.map((email) => {
-                const model = collection.models.find(m => m.get('email_address') === email);
+                const model = collection.models.find(m => m.get('email') === email);
 
                 if (!model) {
                     return new EmailSuppressionData(false);
@@ -97,8 +97,16 @@ class MailgunEmailSuppressionList extends AbstractEmailSuppressionList {
     async init() {
         const handleEvent = reason => async (event) => {
             try {
+                if (reason === 'bounce') {
+                    if (!Number.isInteger(event.error?.code)) {
+                        return;
+                    }
+                    if (event.error.code < 500 || event.error.code > 599 && event.error.code !== 605) {
+                        return;
+                    }
+                }
                 await this.Suppression.add({
-                    email_address: event.email,
+                    email: event.email,
                     email_id: event.emailId,
                     reason: reason,
                     created_at: event.timestamp

package/core/server/services/mega/mega.js

@@ -185,7 +185,7 @@ const addEmail = async (postModel, options) => {
         await limitService.errorIfWouldGoOverLimit('emails');
     }
 
-    if (settingsCache.get('email_verification_required') === true) {
+    if (await membersService.verificationTrigger.checkVerificationRequired()) {
         throw new errors.HostLimitError({
             message: tpl(messages.emailSendingDisabled)
         });
@@ -312,6 +312,14 @@ async function sendEmailJob({emailId, options}) {
             await limitService.errorIfWouldGoOverLimit('emails');
         }
 
+        // Check email verification required
+        // We need to check this inside the job again
+        if (await membersService.verificationTrigger.checkVerificationRequired()) {
+            throw new errors.HostLimitError({
+                message: tpl(messages.emailSendingDisabled)
+            });
+        }
+
         // Check if the email is still pending. And set the status to submitting in one transaction.
         let hasSingleAccess = false;
         let emailModel;

package/core/server/services/members/SingleUseTokenProvider.js

@@ -3,12 +3,17 @@ const {ValidationError} = require('@tryghost/errors');
 
 class SingleUseTokenProvider {
     /**
-     * @param {import('../../models/base')} SingleUseTokenModel - A model for creating and retrieving tokens.
-     * @param {number} validity - How long a token is valid for from it's creation in milliseconds.
+     * @param {Object} dependencies
+     * @param {import('../../models/base')} dependencies.SingleUseTokenModel - A model for creating and retrieving tokens.
+     * @param {number} dependencies.validityPeriod - How long a token is valid for from it's creation in milliseconds.
+     * @param {number} dependencies.validityPeriodAfterUsage - How long a token is valid after first usage, in milliseconds.
+     * @param {number} dependencies.maxUsageCount - How many times a token can be used.
      */
-    constructor(SingleUseTokenModel, validity) {
+    constructor({SingleUseTokenModel, validityPeriod, validityPeriodAfterUsage, maxUsageCount}) {
         this.model = SingleUseTokenModel;
-        this.validity = validity;
+        this.validityPeriod = validityPeriod;
+        this.validityPeriodAfterUsage = validityPeriodAfterUsage;
+        this.maxUsageCount = maxUsageCount;
     }
 
     /**
@@ -37,8 +42,17 @@ class SingleUseTokenProvider {
      *
      * @returns {Promise<Object<string, any>>}
      */
-    async validate(token) {
-        const model = await this.model.findOne({token});
+    async validate(token, options = {}) {
+        if (!options.transacting) {
+            return await this.model.transaction((transacting) => {
+                return this.validate(token, {
+                    ...options,
+                    transacting
+                });
+            });
+        }
+
+        const model = await this.model.findOne({token}, {transacting: options.transacting, forUpdate: true});
 
         if (!model) {
             throw new ValidationError({
@@ -46,16 +60,46 @@ class SingleUseTokenProvider {
             });
         }
 
+        if (model.get('used_count') >= this.maxUsageCount) {
+            throw new ValidationError({
+                message: 'Token expired'
+            });
+        }
+
         const createdAtEpoch = model.get('created_at').getTime();
+        const firstUsedAtEpoch = model.get('first_used_at')?.getTime() ?? createdAtEpoch;
+
+        // Is this token already used?
+        if (model.get('used_count') > 0) {
+            const timeSinceFirstUsage = Date.now() - firstUsedAtEpoch;
 
+            if (timeSinceFirstUsage > this.validityPeriodAfterUsage) {
+                throw new ValidationError({
+                    message: 'Token expired'
+                });
+            }
+        }
         const tokenLifetimeMilliseconds = Date.now() - createdAtEpoch;
 
-        if (tokenLifetimeMilliseconds > this.validity) {
+        if (tokenLifetimeMilliseconds > this.validityPeriod) {
             throw new ValidationError({
                 message: 'Token expired'
             });
         }
 
+        if (!model.get('first_used_at')) {
+            await model.save({
+                first_used_at: new Date(),
+                updated_at: new Date(),
+                used_count: model.get('used_count') + 1
+            }, {autoRefresh: false, patch: true, transacting: options.transacting});
+        } else {
+            await model.save({
+                used_count: model.get('used_count') + 1,
+                updated_at: new Date()
+            }, {autoRefresh: false, patch: true, transacting: options.transacting});
+        }
+
         try {
             return JSON.parse(model.get('data'));
         } catch (err) {

package/core/server/services/members/api.js

@@ -19,6 +19,8 @@ const memberAttributionService = require('../member-attribution');
 const emailSuppressionList = require('../email-suppression-list');
 
 const MAGIC_LINK_TOKEN_VALIDITY = 24 * 60 * 60 * 1000;
+const MAGIC_LINK_TOKEN_VALIDITY_AFTER_USAGE = 10 * 60 * 1000;
+const MAGIC_LINK_TOKEN_MAX_USAGE_COUNT = 3;
 
 const ghostMailer = new mail.GhostMailer();
 
@@ -30,7 +32,12 @@ function createApiInstance(config) {
         auth: {
             getSigninURL: config.getSigninURL.bind(config),
             allowSelfSignup: config.getAllowSelfSignup.bind(config),
-            tokenProvider: new SingleUseTokenProvider(models.SingleUseToken, MAGIC_LINK_TOKEN_VALIDITY)
+            tokenProvider: new SingleUseTokenProvider({
+                SingleUseTokenModel: models.SingleUseToken,
+                validityPeriod: MAGIC_LINK_TOKEN_VALIDITY,
+                validityPeriodAfterUsage: MAGIC_LINK_TOKEN_VALIDITY_AFTER_USAGE,
+                maxUsageCount: MAGIC_LINK_TOKEN_MAX_USAGE_COUNT
+            })
         },
         mail: {
             transporter: {

package/core/server/services/members/jobs/clean-tokens.js

@@ -0,0 +1,50 @@
+const {parentPort} = require('worker_threads');
+const debug = require('@tryghost/debug')('jobs:clean-tokens');
+const moment = require('moment');
+
+// Exit early when cancelled to prevent stalling shutdown. No cleanup needed when cancelling as everything is idempotent and will pick up
+// where it left off on next run
+function cancel() {
+    if (parentPort) {
+        parentPort.postMessage('Expired complimentary subscriptions cleanup cancelled before completion');
+        parentPort.postMessage('cancelled');
+    } else {
+        setTimeout(() => {
+            process.exit(0);
+        }, 1000);
+    }
+}
+
+if (parentPort) {
+    parentPort.once('message', (message) => {
+        if (message === 'cancel') {
+            return cancel();
+        }
+    });
+}
+
+(async () => {
+    const cleanupStartDate = new Date();
+    const db = require('../../../data/db');
+    debug(`Starting cleanup of tokens`);
+
+    // We delete all tokens that are older than 24 hours.
+    const d = moment.utc().subtract(24, 'hours');
+    const deletedTokens = await db.knex('tokens')
+        .where('created_at', '<', d.format('YYYY-MM-DD HH:mm:ss')) // we need to be careful about the type here. .format() is the only thing that works across SQLite and MySQL
+        .delete();
+
+    const cleanupEndDate = new Date();
+
+    debug(`Removed ${deletedTokens} tokens created before ${d.toISOString()} in ${cleanupEndDate.valueOf() - cleanupStartDate.valueOf()}ms`);
+
+    if (parentPort) {
+        parentPort.postMessage(`Removed ${deletedTokens} tokens created before ${d.toISOString()} in ${cleanupEndDate.valueOf() - cleanupStartDate.valueOf()}ms`);
+        parentPort.postMessage('done');
+    } else {
+        // give the logging pipes time finish writing before exit
+        setTimeout(() => {
+            process.exit(0);
+        }, 1000);
+    }
+})();

package/core/server/services/members/jobs/index.js

@@ -1,12 +1,15 @@
 const path = require('path');
 const jobsService = require('../../jobs');
 
-let hasScheduled = false;
+let hasScheduled = {
+    expiredComped: false,
+    tokens: false
+};
 
 module.exports = {
     async scheduleExpiredCompCleanupJob() {
         if (
-            !hasScheduled &&
+            !hasScheduled.expiredComped &&
             !process.env.NODE_ENV.startsWith('test')
         ) {
             // use a random seconds value to avoid spikes to external APIs on the minute
@@ -19,9 +22,31 @@ module.exports = {
                 name: 'clean-expired-comped'
             });
 
-            hasScheduled = true;
+            hasScheduled.expiredComped = true;
+        }
+
+        return hasScheduled.expiredComped;
+    },
+
+    async scheduleTokenCleanupJob() {
+        if (
+            !hasScheduled.tokens &&
+            !process.env.NODE_ENV.startsWith('test')
+        ) {
+            // use a random seconds/minutes/hours value to avoid delete spikes to the database
+            const s = Math.floor(Math.random() * 60); // 0-59
+            const m = Math.floor(Math.random() * 60); // 0-59
+            const h = Math.floor(Math.random() * 24); // 0-23
+
+            jobsService.addJob({
+                at: `${s} ${m} ${h} * * *`, // Every day
+                job: require('path').resolve(__dirname, 'clean-tokens.js'),
+                name: 'clean-tokens'
+            });
+
+            hasScheduled.tokens = true;
         }
 
-        return hasScheduled;
+        return hasScheduled.tokens;
     }
 };