npm - ghost - Versions diffs - 5.26.4 → 5.28.0 - Mend

ghost 5.26.4 → 5.28.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (146) hide show

package/core/server/services/members/service.js CHANGED Viewed

@@ -67,11 +67,11 @@ const processImport = async (options) => {
     return await membersImporter.process({...options, verificationTrigger});
 };
-const updateVerificationTrigger = () => {
-    verificationTrigger = new VerificationTrigger({
-        apiTriggerThreshold: _.get(config.get('hostSettings'), 'emailVerification.apiThreshold'),
-        adminTriggerThreshold: _.get(config.get('hostSettings'), 'emailVerification.adminThreshold'),
-        importTriggerThreshold: _.get(config.get('hostSettings'), 'emailVerification.importThreshold'),
+const initVerificationTrigger = () => {
+    return new VerificationTrigger({
+        getApiTriggerThreshold: () => _.get(config.get('hostSettings'), 'emailVerification.apiThreshold'),
+        getAdminTriggerThreshold: () => _.get(config.get('hostSettings'), 'emailVerification.adminThreshold'),
+        getImportTriggerThreshold: () => _.get(config.get('hostSettings'), 'emailVerification.importThreshold'),
         isVerified: () => config.get('hostSettings:emailVerification:verified') === true,
         isVerificationRequired: () => settingsCache.get('email_verification_required') === true,
         sendVerificationEmail: async ({subject, message, amountTriggered}) => {
@@ -133,16 +133,8 @@ module.exports = {
             getMembersApi: () => module.exports.api
         });
-        updateVerificationTrigger();
-        (async () => {
-            try {
-                const collection = await models.SingleUseToken.fetchAll();
-                await collection.invokeThen('destroy');
-            } catch (err) {
-                logging.error(err);
-            }
-        })();
+        verificationTrigger = initVerificationTrigger();
+        module.exports.verificationTrigger = verificationTrigger;
         if (!env?.startsWith('testing')) {
             const membersMigrationJobName = 'members-migrations';
@@ -159,6 +151,9 @@ module.exports = {
         // Schedule daily cron job to clean expired comp subs
         memberJobs.scheduleExpiredCompCleanupJob();
+        // Schedule daily cron job to clean expired tokens
+        memberJobs.scheduleTokenCleanupJob();
     },
     contentGating: require('./content-gating'),
@@ -169,16 +164,14 @@ module.exports = {
     },
     ssr: null,
+    verificationTrigger: null,
     stripeConnect: require('./stripe-connect'),
     processImport: processImport,
     stats: membersStats,
-    export: require('./exporter/query'),
-    // Only for tests
-    _updateVerificationTrigger: updateVerificationTrigger
+    export: require('./exporter/query')
 };
 module.exports.middleware = require('./middleware');

package/core/server/services/newsletters/index.js CHANGED Viewed

@@ -7,12 +7,19 @@ const limitService = require('../limits');
 const labs = require('../../../shared/labs');
 const MAGIC_LINK_TOKEN_VALIDITY = 24 * 60 * 60 * 1000;
+const MAGIC_LINK_TOKEN_VALIDITY_AFTER_USAGE = 10 * 60 * 1000;
+const MAGIC_LINK_TOKEN_MAX_USAGE_COUNT = 3;
 module.exports = new NewslettersService({
     NewsletterModel: models.Newsletter,
     MemberModel: models.Member,
     mail,
-    singleUseTokenProvider: new SingleUseTokenProvider(models.SingleUseToken, MAGIC_LINK_TOKEN_VALIDITY),
+    singleUseTokenProvider: new SingleUseTokenProvider({
+        SingleUseTokenModel: models.SingleUseToken,
+        validityPeriod: MAGIC_LINK_TOKEN_VALIDITY,
+        validityPeriodAfterUsage: MAGIC_LINK_TOKEN_VALIDITY_AFTER_USAGE,
+        maxUsageCount: MAGIC_LINK_TOKEN_MAX_USAGE_COUNT
+    }),
     urlUtils,
     limitService,
     labs

package/core/server/services/settings/settings-service.js CHANGED Viewed

@@ -17,6 +17,8 @@ const ObjectId = require('bson-objectid').default;
 const settingsHelpers = require('../settings-helpers');
 const MAGIC_LINK_TOKEN_VALIDITY = 24 * 60 * 60 * 1000;
+const MAGIC_LINK_TOKEN_VALIDITY_AFTER_USAGE = 10 * 60 * 1000;
+const MAGIC_LINK_TOKEN_MAX_USAGE_COUNT = 3;
 /**
  * @returns {SettingsBREADService} instance of the PostsService
@@ -27,7 +29,12 @@ const getSettingsBREADServiceInstance = () => {
         settingsCache: SettingsCache,
         labsService: labs,
         mail,
-        singleUseTokenProvider: new SingleUseTokenProvider(models.SingleUseToken, MAGIC_LINK_TOKEN_VALIDITY),
+        singleUseTokenProvider: new SingleUseTokenProvider({
+            SingleUseTokenModel: models.SingleUseToken,
+            validityPeriod: MAGIC_LINK_TOKEN_VALIDITY,
+            validityPeriodAfterUsage: MAGIC_LINK_TOKEN_VALIDITY_AFTER_USAGE,
+            maxUsageCount: MAGIC_LINK_TOKEN_MAX_USAGE_COUNT
+        }),
         urlUtils
     });
 };

package/core/server/services/themes/activate.js CHANGED Viewed

@@ -21,7 +21,7 @@ module.exports.loadAndActivate = async (themeName) => {
         const loadedTheme = await themeLoader.loadOneTheme(themeName);
         // Validate
         // @NOTE: this is now the only usage of check, rather than checkSafe...
-        const checkedTheme = await validate.check(loadedTheme);
+        const checkedTheme = await validate.check(themeName, loadedTheme);
         if (!validate.canActivate(checkedTheme)) {
             logging.error(validate.getThemeValidationError('activeThemeHasFatalErrors', themeName, checkedTheme));
@@ -57,6 +57,6 @@ module.exports.activate = async (themeName) => {
     const checkedTheme = await validate.checkSafe(themeName, loadedTheme);
     // Activate
     await activator.activateFromAPI(themeName, loadedTheme, checkedTheme);
-    // Return the checked theme
-    return checkedTheme;
+    // Return the theme errors
+    return validate.getErrorsFromCheckedTheme(checkedTheme);
 };

package/core/server/services/themes/index.js CHANGED Viewed

@@ -3,7 +3,7 @@ const themeLoader = require('./loader');
 const storage = require('./storage');
 const getJSON = require('./to-json');
 const installer = require('./installer');
+const validate = require('./validate');
 const settingsCache = require('../../../shared/settings-cache');
 module.exports = {
@@ -11,8 +11,9 @@ module.exports = {
      * Load the currently active theme
      */
     init: async () => {
-        const themeName = settingsCache.get('active_theme');
+        validate.init();
+        const themeName = settingsCache.get('active_theme');
         return activate.loadAndActivate(themeName);
     },
     /**
@@ -25,6 +26,7 @@ module.exports = {
     api: {
         getJSON,
         activate: activate.activate,
+        getThemeErrors: validate.getThemeErrors,
         getZip: storage.getZip,
         setFromZip: storage.setFromZip,
         installFromGithub: installer.installFromGithub,

package/core/server/services/themes/storage.js CHANGED Viewed

@@ -86,10 +86,12 @@ module.exports = {
                 await activator.activateFromAPIOverride(themeName, loadedTheme, checkedTheme);
             }
+            const themeErrors = validate.getErrorsFromCheckedTheme(checkedTheme);
             // @TODO: unify the name across gscan and Ghost!
             return {
                 themeOverridden: overrideTheme,
-                theme: toJSON(themeName, checkedTheme)
+                theme: toJSON(themeName, themeErrors)
             };
         } catch (error) {
             // restore backup if we renamed an existing theme but saving failed

package/core/server/services/themes/to-json.js CHANGED Viewed

@@ -13,10 +13,10 @@ const settingsCache = require('../../../shared/settings-cache');
  * @TODO: settingsCache.get('active_theme') vs. active.get().name
  *
  * @param {string} [name] - the theme to output
- * @param {object} [checkedTheme] - a theme result from gscan
+ * @param {{errors: Array, warnings: Array}} [themeErrors] - Error and warning results from checked theme (if available)
  * @return {}
  */
-module.exports = function toJSON(name, checkedTheme) {
+module.exports = function toJSON(name, themeErrors) {
     let themeResult;
     let toFilter;
@@ -30,12 +30,12 @@ module.exports = function toJSON(name, checkedTheme) {
         themeResult = packageJSON.filter(toFilter, settingsCache.get('active_theme'));
-        if (checkedTheme && checkedTheme.results.warning.length > 0) {
-            themeResult[0].warnings = _.cloneDeep(checkedTheme.results.warning);
+        if (themeErrors && themeErrors.warnings.length) {
+            themeResult[0].warnings = _.cloneDeep(themeErrors.warnings);
         }
-        if (checkedTheme && checkedTheme.results.error.length > 0) {
-            themeResult[0].errors = _.cloneDeep(checkedTheme.results.error);
+        if (themeErrors && themeErrors.errors.length) {
+            themeResult[0].errors = _.cloneDeep(themeErrors.errors);
         }
     }

package/core/server/services/themes/validate.js CHANGED Viewed

@@ -5,20 +5,46 @@ const config = require('../../../shared/config');
 const labs = require('../../../shared/labs');
 const tpl = require('@tryghost/tpl');
 const errors = require('@tryghost/errors');
+const adapterManager = require('../adapter-manager');
+const logging = require('@tryghost/logging');
+const list = require('./list');
 const messages = {
     themeHasErrors: 'Theme "{theme}" is not compatible or contains errors.',
     activeThemeHasFatalErrors: 'The currently active theme "{theme}" has fatal errors.',
-    activeThemeHasErrors: 'The currently active theme "{theme}" has errors, but will still work.'
+    activeThemeHasErrors: 'The currently active theme "{theme}" has errors, but will still work.',
+    themeNotLoaded: 'Theme "{themeName}" is not loaded and cannot be checked.'
+};
+/**
+ * @typedef {Object} CacheStore
+ * @property {(key: string) => Promise<any>} get - get a value from the cache. Returns undefined if not found
+ * @property {(key: string, value: any) => Promise<void>} set - set a value in the cache
+ * @property {() => Promise<void>} reset - reset the cache
+ */
+/**
+ * The cache store for storing the result of the last theme validation
+ * @type {CacheStore}
+ */
+let gscanCacheStore;
+module.exports.init = () => {
+    gscanCacheStore = adapterManager.getAdapter('cache:gscan');
 };
 const canActivate = function canActivate(checkedTheme) {
-    // CASE: production and no fatal errors
-    // CASE: development returns fatal and none fatal errors, theme is only invalid if fatal errors
-    return !checkedTheme.results.error.length || (config.get('env') === 'development') && !checkedTheme.results.hasFatalErrors;
+    return !checkedTheme.results.hasFatalErrors;
 };
-const check = async function check(theme, isZip) {
+const getErrorsFromCheckedTheme = function getErrorsFromCheckedTheme(checkedTheme) {
+    return {
+        errors: checkedTheme.results.error ?? [],
+        warnings: checkedTheme.results.warning ?? []
+    };
+};
+const check = async function check(themeName, theme, isZip) {
     debug('Begin: Check');
     // gscan can slow down boot time if we require on boot, for now nest the require.
     const gscan = require('gscan');
@@ -41,16 +67,59 @@ const check = async function check(theme, isZip) {
     }
     checkedTheme = gscan.format(checkedTheme, {
-        onlyFatalErrors: config.get('env') === 'production',
+        onlyFatalErrors: false,
         checkVersion: checkedVersion
     });
+    // In production we don't want to show warnings
+    // Warnings are meant for developers only
+    if (config.get('env') === 'production') {
+        checkedTheme.results.warning = [];
+    }
+    // Cache warnings and errors
+    try {
+        await gscanCacheStore.set(themeName, getErrorsFromCheckedTheme(checkedTheme));
+    } catch (err) {
+        logging.error('Failed to cache gscan result');
+        logging.error(err);
+    }
     debug('End: Check');
     return checkedTheme;
 };
+/**
+ * Returns the last cached errors and warnings of check() if available.
+ * Otherwise runs check() on the loaded theme with that name (which will always cache the error and warning results)
+ * @returns {Promise<{errors: Array, warnings: Array}>}
+ */
+const getThemeErrors = async function getThemeErrors(themeName) {
+    try {
+        const cachedThemeErrors = await gscanCacheStore.get(themeName);
+        if (cachedThemeErrors) {
+            return cachedThemeErrors;
+        }
+    } catch (err) {
+        logging.error('Failed to get gscan result from cache');
+        logging.error(err);
+    }
+    const loadedTheme = list.get(themeName);
+    if (!loadedTheme) {
+        throw new errors.ValidationError({
+            message: tpl(messages.themeNotLoaded, {themeName: themeName}),
+            errorDetails: themeName
+        });
+    }
+    const result = await check(themeName, loadedTheme);
+    return getErrorsFromCheckedTheme(result);
+};
 const checkSafe = async function checkSafe(themeName, theme, isZip) {
-    const checkedTheme = await check(theme, isZip);
+    const checkedTheme = await check(themeName, theme, isZip);
     if (canActivate(checkedTheme)) {
         return checkedTheme;
@@ -74,7 +143,8 @@ const getThemeValidationError = (message, themeName, checkedTheme) => {
         message: tpl(messages[message], {theme: themeName}),
         errorDetails: Object.assign(
             _.pick(checkedTheme, ['checkedVersion', 'name', 'path', 'version']), {
-                errors: checkedTheme.results.error
+                errors: checkedTheme.results.error,
+                warnings: checkedTheme.results.warning
             }
         )
     });
@@ -83,4 +153,6 @@ const getThemeValidationError = (message, themeName, checkedTheme) => {
 module.exports.check = check;
 module.exports.checkSafe = checkSafe;
 module.exports.canActivate = canActivate;
+module.exports.getErrorsFromCheckedTheme = getErrorsFromCheckedTheme;
 module.exports.getThemeValidationError = getThemeValidationError;
+module.exports.getThemeErrors = getThemeErrors;

package/core/server/web/api/endpoints/admin/routes.js CHANGED Viewed

@@ -159,6 +159,11 @@ module.exports = function apiRoutes() {
         http(api.themes.download)
     );
+    router.get('/themes/active',
+        mw.authAdminApi,
+        http(api.themes.readActive)
+    );
     router.post('/themes/upload',
         mw.authAdminApi,
         apiMw.upload.single('file'),

package/core/shared/config/defaults.json CHANGED Viewed

@@ -27,7 +27,8 @@
         "cache": {
             "active": "Memory",
             "settings": {},
-            "imageSizes": {}
+            "imageSizes": {},
+            "gscan": {}
         }
     },
     "storage": {
@@ -169,7 +170,7 @@
     },
     "portal": {
         "url": "https://cdn.jsdelivr.net/ghost/portal@~{version}/umd/portal.min.js",
-        "version": "2.22"
+        "version": "2.23"
     },
     "sodoSearch": {
         "url": "https://cdn.jsdelivr.net/ghost/sodo-search@~{version}/umd/sodo-search.min.js",

package/core/shared/labs.js CHANGED Viewed

@@ -17,7 +17,8 @@ const messages = {
 const GA_FEATURES = [
     'sourceAttribution',
     'memberAttribution',
-    'audienceFeedback'
+    'audienceFeedback',
+    'themeErrorsNotification'
 ];
 // NOTE: this allowlist is meant to be used to filter out any unexpected