ghost 5.4.0 → 5.6.0

package/core/server/services/comments/emails.js

@@ -1,6 +1,7 @@
 const {promises: fs} = require('fs');
 const path = require('path');
 const moment = require('moment');
+const htmlToPlaintext = require('../../../shared/html-to-plaintext');
 
 class CommentsServiceEmails {
     constructor({config, logging, models, mailer, settingsCache, urlService, urlUtils}) {
@@ -48,7 +49,7 @@ class CommentsServiceEmails {
 
             const {html, text} = await this.renderEmailTemplate('new-comment', templateData);
 
-            this.sendMail({
+            await this.sendMail({
                 to,
                 subject,
                 html,
@@ -65,6 +66,11 @@ class CommentsServiceEmails {
             return;
         }
 
+        // Don't send a notification if you reply to your own comment
+        if (parentMember.id === reply.get('member_id')) {
+            return;
+        }
+
         const to = parentMember.get('email');
         const subject = '💬 You have a new reply on one of your comments';
 
@@ -100,6 +106,56 @@ class CommentsServiceEmails {
         });
     }
 
+    /**
+     * Send an email to notify the owner of the site that a comment has been reported by a member
+     * @param {*} comment The comment model that has been reported
+     * @param {*} reporter The member object who reported this comment
+     */
+    async notifiyReport(comment, reporter) {
+        const post = await this.models.Post.findOne({id: comment.get('post_id')}, {withRelated: ['authors']});
+        const member = await this.models.Member.findOne({id: comment.get('member_id')});
+        const owner = await this.models.User.getOwnerUser();
+
+        // For now we only send the report to the owner
+        const to = owner.get('email');
+        const subject = '🚩 A comment has been reported on your post';
+
+        const memberName = member.get('name') || 'Anonymous';
+
+        const templateData = {
+            siteTitle: this.settingsCache.get('title'),
+            siteUrl: this.urlUtils.getSiteUrl(),
+            siteDomain: this.siteDomain,
+            postTitle: post.get('title'),
+            postUrl: this.urlService.getUrlByResourceId(post.get('id'), {absolute: true}),
+            commentHtml: comment.get('html'),
+            commentText: htmlToPlaintext.email(comment.get('html')),
+            commentDate: moment(comment.get('created_at')).tz(this.settingsCache.get('timezone')).format('D MMM YYYY'),
+            
+            reporterName: reporter.name,
+            reporterEmail: reporter.email,
+            reporter: reporter.name ? `${reporter.name} (${reporter.email})` : reporter.email,
+
+            memberName: memberName,
+            memberEmail: member.get('email'),
+            memberBio: member.get('bio'),
+            memberInitials: this.extractInitials(memberName),
+            accentColor: this.settingsCache.get('accent_color'),
+            fromEmail: this.notificationFromAddress,
+            toEmail: to,
+            staffUrl: `${this.urlUtils.getAdminUrl()}ghost/#/settings/staff/${owner.get('slug')}`
+        };
+
+        const {html, text} = await this.renderEmailTemplate('report', templateData);
+
+        await this.sendMail({
+            to,
+            subject,
+            html,
+            text
+        });
+    }
+
     // Utils
 
     get siteDomain() {

package/core/server/services/comments/index.js

@@ -1,6 +1,7 @@
 class CommentsServiceWrapper {
     init() {
         const CommentsService = require('./service');
+        const CommentsController = require('./controller');
 
         const config = require('../../../shared/config');
         const logging = require('@tryghost/logging');
@@ -10,6 +11,7 @@ class CommentsServiceWrapper {
         const settingsCache = require('../../../shared/settings-cache');
         const urlService = require('../url');
         const urlUtils = require('../../../shared/url-utils');
+        const membersService = require('../members');
 
         this.api = new CommentsService({
             config,
@@ -18,8 +20,11 @@ class CommentsServiceWrapper {
             mailer,
             settingsCache,
             urlService,
-            urlUtils
+            urlUtils,
+            contentGating: membersService.contentGating
         });
+
+        this.controller = new CommentsController(this.api);
     }
 }
 

package/core/server/services/comments/service.js

@@ -1,23 +1,305 @@
+const tpl = require('@tryghost/tpl');
+const errors = require('@tryghost/errors');
+const {MemberCommentEvent} = require('@tryghost/member-events');
+const DomainEvents = require('@tryghost/domain-events');
+
+const messages = {
+    commentNotFound: 'Comment could not be found',
+    memberNotFound: 'Unable to find member',
+    likeNotFound: 'Unable to find like',
+    alreadyLiked: 'This comment was liked already',
+    replyToReply: 'Can not reply to a reply',
+    commentsNotEnabled: 'Comments are not enabled for this site.',
+    cannotCommentOnPost: 'You do not have permission to comment on this post.'
+};
+
 class CommentsService {
-    constructor({config, logging, models, mailer, settingsCache, urlService, urlUtils}) {
-        this.config = config;
-        this.logging = logging;
+    constructor({config, logging, models, mailer, settingsCache, urlService, urlUtils, contentGating}) {
+        /** @private */
         this.models = models;
-        this.mailer = mailer;
+
+        /** @private */
         this.settingsCache = settingsCache;
-        this.urlService = urlService;
-        this.urlUtils = urlUtils;
+
+        /** @private */
+        this.contentGating = contentGating;
 
         const Emails = require('./emails');
-        this.emails = new Emails(this);
+        /** @private */
+        this.emails = new Emails({
+            config,
+            logging,
+            models,
+            mailer,
+            settingsCache,
+            urlService,
+            urlUtils
+        });
     }
 
+    /**
+     * @returns {'off'|'all'|'paid'}
+     */
+    get enabled() {
+        const setting = this.settingsCache.get('comments_enabled');
+        if (setting === 'off' || setting === 'all' || setting === 'paid') {
+            return setting;
+        }
+        return 'off';
+    }
+
+    /** @private */
+    checkEnabled() {
+        if (this.enabled === 'off') {
+            throw new errors.MethodNotAllowedError({
+                message: tpl(messages.commentsNotEnabled)
+            });
+        }
+    }
+
+    /** @private */
+    checkCommentAccess(memberModel) {
+        if (this.enabled === 'paid' && memberModel.get('status') === 'free') {
+            throw new errors.NoPermissionError({
+                message: tpl(messages.cannotCommentOnPost)
+            });
+        }
+    }
+
+    /** @private */
+    checkPostAccess(postModel, memberModel) {
+        const access = this.contentGating.checkPostAccess(postModel.toJSON(), memberModel.toJSON());
+        if (access === this.contentGating.BLOCK_ACCESS) {
+            throw new errors.NoPermissionError({
+                message: tpl(messages.cannotCommentOnPost)
+            });
+        }
+    }
+
+    /** @private */
     async sendNewCommentNotifications(comment) {
-        this.emails.notifyPostAuthors(comment);
+        await this.emails.notifyPostAuthors(comment);
 
         if (comment.get('parent_id')) {
-            this.emails.notifyParentCommentAuthor(comment);
+            await this.emails.notifyParentCommentAuthor(comment);
+        }
+    }
+
+    async reportComment(commentId, reporter) {
+        this.checkEnabled();
+        const comment = await this.models.Comment.findOne({id: commentId}, {require: true});
+
+        // Check if this reporter already reported this comment (then don't send an email)?
+        const existing = await this.models.CommentReport.findOne({
+            comment_id: comment.id,
+            member_id: reporter.id
+        });
+
+        if (existing) {
+            // Ignore silently for now
+            return;
+        }
+
+        // Save report model
+        await this.models.CommentReport.add({
+            comment_id: comment.id,
+            member_id: reporter.id
+        });
+
+        await this.emails.notifiyReport(comment, reporter);
+    }
+
+    /**
+     * @param {any} options
+     */
+    async getComments(options) {
+        this.checkEnabled();
+        const page = await this.models.Comment.findPage(options);
+
+        return page;
+    }
+
+    /**
+     * @param {string} id - The ID of the Comment to get
+     * @param {any} options
+     */
+    async getCommentByID(id, options) {
+        this.checkEnabled();
+        const model = await this.models.Comment.findOne({id}, options);
+
+        if (!model) {
+            throw new errors.NotFoundError({
+                messages: tpl(messages.commentNotFound)
+            });
+        }
+
+        return model;
+    }
+
+    /**
+     * @param {string} post - The ID of the Post to comment on
+     * @param {string} member - The ID of the Member to comment as
+     * @param {string} comment - The HTML content of the Comment
+     * @param {any} options
+     */
+    async commentOnPost(post, member, comment, options) {
+        this.checkEnabled();
+        const memberModel = await this.models.Member.findOne({
+            id: member
+        }, {
+            require: true,
+            ...options
+        });
+
+        this.checkCommentAccess(memberModel);
+
+        const postModel = await this.models.Post.findOne({
+            id: post
+        }, {
+            require: true,
+            ...options
+        });
+
+        this.checkPostAccess(postModel, memberModel);
+
+        const model = await this.models.Comment.add({
+            post_id: post,
+            member_id: member,
+            parent_id: null,
+            html: comment,
+            status: 'published'
+        }, options);
+
+        if (!options.context.internal) {
+            await this.sendNewCommentNotifications(model);
+        }
+
+        DomainEvents.dispatch(MemberCommentEvent.create({
+            memberId: member,
+            postId: post,
+            commentId: model.id
+        }));
+
+        return model;
+    }
+
+    /**
+     * @param {string} parent - The ID of the Comment to reply to
+     * @param {string} member - The ID of the Member to comment as
+     * @param {string} comment - The HTML content of the Comment
+     * @param {any} options
+     */
+    async replyToComment(parent, member, comment, options) {
+        this.checkEnabled();
+        const memberModel = await this.models.Member.findOne({
+            id: member
+        }, {
+            require: true,
+            ...options
+        });
+
+        this.checkCommentAccess(memberModel);
+
+        const parentComment = await this.getCommentByID(parent, options);
+        if (!parentComment) {
+            throw new errors.BadRequestError({
+                message: tpl(messages.commentNotFound)
+            });
+        }
+
+        if (parentComment.get('parent_id') !== null) {
+            throw new errors.BadRequestError({
+                message: tpl(messages.replyToReply)
+            });
+        }
+        const postModel = await this.models.Post.findOne({
+            id: parentComment.get('post_id')
+        }, {
+            require: true,
+            ...options
+        });
+
+        this.checkPostAccess(postModel, memberModel);
+
+        const model = await this.models.Comment.add({
+            post_id: parentComment.get('post_id'),
+            member_id: member,
+            parent_id: parentComment.id,
+            html: comment,
+            status: 'published'
+        }, options);
+
+        if (!options.context.internal) {
+            await this.sendNewCommentNotifications(model);
         }
+
+        DomainEvents.dispatch(MemberCommentEvent.create({
+            memberId: member,
+            postId: parentComment.get('post_id'),
+            commentId: model.id
+        }));
+
+        return model;
+    }
+
+    /**
+     * @param {string} id - The ID of the Comment to delete
+     * @param {string} member - The ID of the Member to delete as
+     * @param {any} options
+     */
+    async deleteComment(id, member, options) {
+        this.checkEnabled();
+        const existingComment = await this.getCommentByID(id, options);
+
+        if (existingComment.get('member_id') !== member) {
+            throw new errors.NoPermissionError({
+                // todo fix message
+                message: tpl(messages.memberNotFound)
+            });
+        }
+
+        const model = await this.models.Comment.edit({
+            status: 'deleted'
+        }, {
+            id,
+            require: true,
+            ...options
+        });
+
+        return model;
+    }
+
+    /**
+     * @param {string} id - The ID of the Comment to edit
+     * @param {string} member - The ID of the Member to edit as
+     * @param {string} comment - The new HTML content of the Comment
+     * @param {any} options
+     */
+    async editCommentContent(id, member, comment, options) {
+        this.checkEnabled();
+        const existingComment = await this.getCommentByID(id, options);
+
+        if (!comment) {
+            return existingComment;
+        }
+
+        if (existingComment.get('member_id') !== member) {
+            throw new errors.NoPermissionError({
+                // todo fix message
+                message: tpl(messages.memberNotFound)
+            });
+        }
+
+        const model = await this.models.Comment.edit({
+            html: comment,
+            edited_at: new Date()
+        }, {
+            id,
+            require: true,
+            ...options
+        });
+
+        return model;
     }
 }
 

package/core/server/services/jobs/job-service.js

@@ -5,6 +5,7 @@
 
 const JobManager = require('@tryghost/job-manager');
 const logging = require('@tryghost/logging');
+const models = require('../../models');
 const sentry = require('../../../shared/sentry');
 
 const errorHandler = (error, workerMeta) => {
@@ -17,6 +18,28 @@ const workerMessageHandler = ({name, message}) => {
     logging.info(`Worker for job ${name} sent a message: ${message}`);
 };
 
-const jobManager = new JobManager({errorHandler, workerMessageHandler});
+const initTestMode = () => {
+    // Output job queue length every 5 seconds
+    setInterval(() => {
+        logging.warn(`${jobManager.queue.length()} jobs in the queue. Idle: ${jobManager.queue.idle()}`);
+
+        const runningScheduledjobs = Object.keys(jobManager.bree.workers);
+        if (Object.keys(jobManager.bree.workers).length) {
+            logging.warn(`${Object.keys(jobManager.bree.workers).length} jobs running: ${runningScheduledjobs}`);
+        }
+
+        const scheduledJobs = Object.keys(jobManager.bree.intervals);
+        if (Object.keys(jobManager.bree.intervals).length) {
+            logging.warn(`${Object.keys(jobManager.bree.intervals).length} scheduled jobs: ${scheduledJobs}`);
+        }
+
+        if (runningScheduledjobs.length === 0 && scheduledJobs.length === 0) {
+            logging.warn('No scheduled or running jobs');
+        }
+    }, 5000);
+};
+
+const jobManager = new JobManager({errorHandler, workerMessageHandler, JobModel: models.Job});
 
 module.exports = jobManager;
+module.exports.initTestMode = initTestMode;

package/core/server/services/mail/GhostMailer.js

@@ -95,6 +95,7 @@ module.exports = class GhostMailer {
      * @param {string} message.html - email content
      * @param {string} message.to - email recipient address
      * @param {string} [message.from] - sender email address
+     * @param {string} [message.text] - text version of this message
      * @param {boolean} [message.forceTextContent] - maps to generateTextFromHTML nodemailer option
      * which is: "if set to true uses HTML to generate plain text body part from the HTML if the text is not defined"
      * (ref: https://github.com/nodemailer/nodemailer/tree/da2f1d278f91b4262e940c0b37638e7027184b1d#e-mail-message-fields)

package/core/server/services/mega/email-preview.js

@@ -36,7 +36,11 @@ class EmailPreview {
             );
         });
 
-        return emailContent;
+        return {
+            subject: emailContent.subject,
+            html: emailContent.html,
+            plaintext: emailContent.plaintext
+        };
     }
 }
 

package/core/server/services/mega/mega.js

@@ -69,6 +69,7 @@ const getEmailData = async (postModel, options) => {
     }
 
     return {
+        post: postModel.toJSON(), // for content paywalling
         subject,
         html,
         plaintext,
@@ -87,9 +88,6 @@ const sendTestEmail = async (postModel, toEmails, memberSegment) => {
     let emailData = await getEmailData(postModel);
     emailData.subject = `[Test] ${emailData.subject}`;
 
-    if (memberSegment) {
-        emailData = postEmailSerializer.renderEmailForSegment(emailData, memberSegment);
-    }
     // fetch any matching members so that replacements use expected values
     const recipients = await Promise.all(toEmails.map(async (email) => {
         const member = await membersService.api.members.get({email});
@@ -109,7 +107,7 @@ const sendTestEmail = async (postModel, toEmails, memberSegment) => {
     // enable tracking for previews to match real-world behaviour
     emailData.track_opens = !!settingsCache.get('email_track_opens');
 
-    const response = await bulkEmailService.send(emailData, recipients);
+    const response = await bulkEmailService.send(emailData, recipients, memberSegment);
 
     if (response instanceof bulkEmailService.FailedBatch) {
         return Promise.reject(response.error);

package/core/server/services/mega/post-email-serializer.js

@@ -2,15 +2,18 @@ const _ = require('lodash');
 const template = require('./template');
 const settingsCache = require('../../../shared/settings-cache');
 const urlUtils = require('../../../shared/url-utils');
+const labs = require('../../../shared/labs');
 const moment = require('moment-timezone');
 const api = require('../../api').endpoints;
 const apiShared = require('../../api').shared;
 const {URL} = require('url');
 const mobiledocLib = require('../../lib/mobiledoc');
 const htmlToPlaintext = require('../../../shared/html-to-plaintext');
+const membersService = require('../members');
 const {isUnsplashImage, isLocalContentImage} = require('@tryghost/kg-default-cards/lib/utils');
 const {textColorForBackgroundColor, darkenToContrastThreshold} = require('@tryghost/color-utils');
 const logging = require('@tryghost/logging');
+const urlService = require('../../services/url');
 
 const ALLOWED_REPLACEMENTS = ['first_name'];
 
@@ -74,6 +77,27 @@ const createUnsubscribeUrl = (uuid, newsletterUuid) => {
     return unsubscribeUrl.href;
 };
 
+/**
+ * createPostSignupUrl
+ *
+ * Takes a post object. Returns the url that should be used to signup from newsletter
+ *
+ * @param {Object} post post object
+ */
+const createPostSignupUrl = (post) => {
+    let url = urlService.getUrlByResourceId(post.id, {absolute: true});
+
+    // For email-only posts, use site url as base
+    if (post.status !== 'published' && url.match(/\/404\//)) {
+        url = urlUtils.getSiteUrl();
+    }
+
+    const signupUrl = new URL(url);
+    signupUrl.hash = `/portal/signup`;
+
+    return signupUrl.href;
+};
+
 // NOTE: serialization is needed to make sure we do post transformations such as image URL transformation from relative to absolute
 const serializePostModel = async (model) => {
     // fetch mobiledoc rather than html and plaintext so we can render email-specific contents
@@ -297,18 +321,87 @@ const serialize = async (postModel, newsletter, options = {isBrowserPreview: fal
         html: formatHtmlForEmail(htmlTemplate),
         plaintext: post.plaintext
     });
-
-    return {
+    const data = {
         subject: post.email_subject || post.title,
         html,
         plaintext
     };
+    if (labs.isSet('newsletterPaywall')) {
+        data.post = post;
+    }
+    return data;
 };
 
+/**
+ * renderPaywallCTA
+ *
+ * outputs html for rendering paywall CTA in newsletter
+ *
+ * @param {Object} post Post Object
+ */
+
+function renderPaywallCTA(post) {
+    const accentColor = settingsCache.get('accent_color');
+    const siteTitle = settingsCache.get('title') || 'Ghost';
+    const signupUrl = createPostSignupUrl(post);
+
+    return `<div class="align-center" style="text-align: center;">
+    <hr
+        style="position: relative; display: block; width: 100%; margin: 3em 0; padding: 0; height: 1px; border: 0; border-top: 1px solid #e5eff5;">
+    <h2
+        style="margin-top: 0; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; line-height: 1.11em; font-weight: 700; text-rendering: optimizeLegibility; margin: 1.5em 0 0.5em 0; font-size: 26px;">
+        Subscribe to <span style="white-space: nowrap; font-size: 26px !important;">continue reading.</span></h2>
+    <p style="margin: 0 auto 1.5em auto; line-height: 1.6em; max-width: 440px;">Become a paid member of ${siteTitle} to get access to 
+    <span style="white-space: nowrap;">all subscriber-only content.</span></p>
+    <div class="btn btn-accent" style="box-sizing: border-box; width: 100%; display: table;">
+        <table border="0" cellspacing="0" cellpadding="0" align="center"
+            style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: auto;">
+            <tbody>
+                <tr>
+                    <td align="center"
+                        style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; vertical-align: top; text-align: center; border-radius: 5px;"
+                        valign="top" bgcolor="${accentColor}">
+                        <a href="${signupUrl}"
+                            style="overflow-wrap: anywhere; border: solid 1px #3498db; border-radius: 5px; box-sizing: border-box; cursor: pointer; display: inline-block; font-size: 14px; font-weight: bold; margin: 0; padding: 12px 25px; text-decoration: none; background-color: ${accentColor}; border-color: ${accentColor}; color: #FFFFFF;"
+                            target="_blank">Subscribe
+                        </a>
+                    </td>
+                </tr>
+            </tbody>
+        </table>
+    </div>
+    <p style="margin: 0 0 1.5em 0; line-height: 1.6em;"></p>
+</div>`;
+}
+
 function renderEmailForSegment(email, memberSegment) {
     const cheerio = require('cheerio');
 
     const result = {...email};
+
+    /** Checks and hides content for newsletter behind paywall card
+     *  based on member's status and post access
+     *  Adds CTA in case content is hidden.
+    */
+    if (labs.isSet('newsletterPaywall')) {
+        const paywallIndex = (result.html || '').indexOf('<!--members-only-->');
+        if (paywallIndex !== -1 && memberSegment && result.post) {
+            let statusFilter = memberSegment === 'status:free' ? {status: 'free'} : {status: 'paid'};
+            const postVisiblity = result.post.visibility;
+
+            // For newsletter paywall, specific tiers visibility is considered on par to paid tiers
+            result.post.visibility = postVisiblity === 'tiers' ? 'paid' : postVisiblity;
+
+            const memberHasAccess = membersService.contentGating.checkPostAccess(result.post, statusFilter);
+
+            if (!memberHasAccess) {
+                const postContentEndIdx = result.html.search(/[\s\n\r]+?<!-- POST CONTENT END -->/);
+                result.html = result.html.slice(0, paywallIndex) + renderPaywallCTA(result.post) + result.html.slice(postContentEndIdx);
+                result.plaintext = htmlToPlaintext.excerpt(result.html);
+            }
+        }
+    }
+
     const $ = cheerio.load(result.html);
 
     $('[data-gh-segment]').get().forEach((node) => {
@@ -322,6 +415,7 @@ function renderEmailForSegment(email, memberSegment) {
 
     result.html = formatHtmlForEmail($.html());
     result.plaintext = htmlToPlaintext.email(result.html);
+    delete result.post;
 
     return result;
 }
@@ -329,6 +423,7 @@ function renderEmailForSegment(email, memberSegment) {
 module.exports = {
     serialize,
     createUnsubscribeUrl,
+    createPostSignupUrl,
     renderEmailForSegment,
     parseReplacements,
     // Export for tests

package/core/server/services/mega/segment-parser.js

@@ -1,11 +1,20 @@
+const labs = require('../../../shared/labs');
+
 const getSegmentsFromHtml = (html) => {
     const cheerio = require('cheerio');
     const $ = cheerio.load(html);
 
-    const allSegments = $('[data-gh-segment]')
+    let allSegments = $('[data-gh-segment]')
         .get()
         .map(el => el.attribs['data-gh-segment']);
 
+    /**
+     * Always add free and paid segments if email has paywall card
+     */
+    if (labs.isSet('newsletterPaywall') && html.indexOf('<!--members-only-->') !== -1) {
+        allSegments = allSegments.concat(['status:free', 'status:-free']);
+    }
+
     // only return unique elements
     return [...new Set(allSegments)];
 };