ghost 5.4.1 → 5.7.0

package/core/frontend/helpers/comments.js

@@ -1,23 +1,47 @@
 const {SafeString} = require('../services/handlebars');
-const {config, urlUtils, getFrontendKey, labs} = require('../services/proxy');
+const {urlUtils, getFrontendKey, labs, settingsCache} = require('../services/proxy');
+const {getFrontendAppConfig, getDataAttributes} = require('../utils/frontend-apps');
 
 async function comments(options) {
     // todo: For now check on the comment id to exclude normal pages (we probably have a better way to do this)
 
     const commentId = this.comment_id;
-        
+
     if (!commentId) {
         return;
     }
-    
+
+    /**
+     * We need to check if comments enabled, because the theme might not be using the other available helpers to check
+     * if comments is enabled + the member has access
+     * @type {'all'|'paid'|'off'}
+     */
+    const commentsEnabled = settingsCache.get('comments_enabled');
+    const hasAccess = !!this.access;
+
+    if (commentsEnabled === 'off' || !hasAccess) {
+        return;
+    }
+
     let colorScheme = 'auto';
-    if (options.hash.color_scheme === 'dark' || options.hash.color_scheme === 'light') {
-        colorScheme = options.hash.color_scheme;
+    if (options.hash.mode === 'dark' || options.hash.mode === 'light') {
+        colorScheme = options.hash.mode;
     }
 
-    let avatarSaturation = parseInt(options.hash.avatar_saturation);
+    let avatarSaturation = parseInt(options.hash.saturation);
     if (isNaN(avatarSaturation)) {
-        avatarSaturation = 50;
+        avatarSaturation = 60;
+    }
+
+    let count = true;
+    if (options.hash.count === false) {
+        count = false;
+    }
+
+    // This is null so that the comments-ui can handle the default title
+    let title = null;
+    if (typeof options.hash.title === 'string') {
+        title = options.hash.title;
     }
 
     let accentColor = '';
@@ -26,28 +50,29 @@ async function comments(options) {
     }
 
     const frontendKey = await getFrontendKey();
+    const {scriptUrl, stylesUrl, appVersion} = getFrontendAppConfig('comments');
 
     const data = {
         'ghost-comments': urlUtils.getSiteUrl(),
         api: urlUtils.urlFor('api', {type: 'content'}, true),
         admin: urlUtils.urlFor('admin', true),
         key: frontendKey,
+        styles: stylesUrl,
+        title: title,
+        count: count,
         'post-id': this.id,
         'sentry-dsn': '', /* todo: insert sentry dsn key here */
         'color-scheme': colorScheme,
         'avatar-saturation': avatarSaturation,
         'accent-color': accentColor,
-        'app-version': config.get('comments:version')
+        'app-version': appVersion,
+        'comments-enabled': commentsEnabled
     };
 
-    let dataAttributes = '';
-
-    Object.entries(data).forEach(([key, value]) => {
-        dataAttributes += `data-${key}="${value}" `;
-    });
+    const dataAttributes = getDataAttributes(data);
 
     return new SafeString(`
-        <script defer src="${config.get('comments:url')}" ${dataAttributes} crossorigin="anonymous"></script>
+        <script defer src="${scriptUrl}" ${dataAttributes} crossorigin="anonymous"></script>
     `);
 }
 

package/core/frontend/helpers/ghost_head.js

@@ -13,6 +13,7 @@ const logging = require('@tryghost/logging');
 const _ = require('lodash');
 const debug = require('@tryghost/debug')('ghost_head');
 const templateStyles = require('./tpl/styles');
+const {getFrontendAppConfig, getDataAttributes} = require('../utils/frontend-apps');
 
 const {get: getMetaData, getAssetUrl} = metaData;
 
@@ -47,9 +48,20 @@ function getMembersHelper(data, frontendKey) {
     if (!settingsCache.get('members_enabled')) {
         return '';
     }
+    const {scriptUrl} = getFrontendAppConfig('portal');
+
+    const colorString = (_.has(data, 'site._preview') && data.site.accent_color) ? data.site.accent_color : '';
+    const attributes = {
+        ghost: urlUtils.getSiteUrl(),
+        key: frontendKey,
+        api: urlUtils.urlFor('api', {type: 'content'}, true)
+    };
+    if (colorString) {
+        attributes['accent-color'] = colorString;
+    }
+    const dataAttributes = getDataAttributes(attributes);
 
-    const colorString = _.has(data, 'site._preview') && data.site.accent_color ? ` data-accent-color="${data.site.accent_color}"` : '';
-    let membersHelper = `<script defer src="${config.get('portal:url')}" data-ghost="${urlUtils.getSiteUrl()}"${colorString} data-key="${frontendKey}" data-api="${urlUtils.urlFor('api', {type: 'content'}, true)}" crossorigin="anonymous"></script>`;
+    let membersHelper = `<script defer src="${scriptUrl}" ${dataAttributes} crossorigin="anonymous"></script>`;
     membersHelper += (`<style id="gh-members-styles">${templateStyles}</style>`);
     if (settingsCache.get('paid_members_enabled')) {
         membersHelper += '<script async src="https://js.stripe.com/v3/"></script>';
@@ -59,8 +71,14 @@ function getMembersHelper(data, frontendKey) {
 
 function getSearchHelper(frontendKey) {
     const adminUrl = urlUtils.getAdminUrl() || urlUtils.getSiteUrl();
-
-    let helper = `<script defer src="${config.get('sodoSearch:url')}" data-sodo-search="${adminUrl}" data-version="${config.get('sodoSearch:version')}" data-key="${frontendKey}" crossorigin="anonymous"></script>`;
+    const {scriptUrl, stylesUrl} = getFrontendAppConfig('sodoSearch');
+    const attrs = {
+        key: frontendKey,
+        styles: stylesUrl,
+        'sodo-search': adminUrl
+    };
+    const dataAttrs = getDataAttributes(attrs);
+    let helper = `<script defer src="${scriptUrl}" ${dataAttrs} crossorigin="anonymous"></script>`;
 
     return helper;
 }

package/core/frontend/helpers/img_url.js

@@ -12,6 +12,7 @@ const url = require('url');
 const _ = require('lodash');
 const logging = require('@tryghost/logging');
 const tpl = require('@tryghost/tpl');
+const imageTransform = require('@tryghost/image-transform');
 
 const messages = {
     attrIsRequired: 'Attribute is required e.g. {{img_url feature_image}}'
@@ -41,15 +42,26 @@ module.exports = function imgUrl(requestedImageUrl, options) {
 
     // CASE: if you pass an external image, there is nothing we want to do to it!
     const isInternalImage = detectInternalImage(requestedImageUrl);
+    const sizeOptions = getImageSizeOptions(options);
+
     if (!isInternalImage) {
+        // Detect Unsplash width and format
+        const isUnsplashImage = /images\.unsplash\.com/.test(requestedImageUrl);
+        if (isUnsplashImage) {
+            try {
+                return getUnsplashImage(requestedImageUrl, sizeOptions);
+            } catch (e) {
+                // ignore errors and just return the original URL
+            }
+        }
+        
         return requestedImageUrl;
     }
 
-    const {requestedSize, imageSizes} = getImageSizeOptions(options);
     const absoluteUrlRequested = getAbsoluteOption(options);
 
     function applyImageSizes(image) {
-        return getImageWithSize(image, requestedSize, imageSizes);
+        return getImageWithSize(image, sizeOptions);
     }
 
     function getImageUrl(image) {
@@ -79,10 +91,12 @@ function getAbsoluteOption(options) {
 function getImageSizeOptions(options) {
     const requestedSize = options && options.hash && options.hash.size;
     const imageSizes = options && options.data && options.data.config && options.data.config.image_sizes;
+    const requestedFormat = options && options.hash && options.hash.format;
 
     return {
         requestedSize,
-        imageSizes
+        imageSizes,
+        requestedFormat
     };
 }
 
@@ -99,12 +113,58 @@ function detectInternalImage(requestedImageUrl) {
     return isAbsoluteInternalImage || isRelativeInternalImage;
 }
 
-function getImageWithSize(imagePath, requestedSize, imageSizes) {
+function getUnsplashImage(imagePath, sizeOptions) {
+    const parsedUrl = new URL(imagePath);
+    const {requestedSize, imageSizes, requestedFormat} = sizeOptions;
+
+    if (requestedFormat) {        
+        const supportedFormats = ['avif', 'gif', 'jpg', 'png', 'webp'];
+        if (supportedFormats.includes(requestedFormat)) {
+            parsedUrl.searchParams.set('fm', requestedFormat);
+        } else if (requestedFormat === 'jpeg') {
+            // Map to alias
+            parsedUrl.searchParams.set('fm', 'jpg');
+        }
+    }
+
+    if (!imageSizes || !imageSizes[requestedSize]) {
+        return parsedUrl.toString();
+    }
+
+    const {width, height} = imageSizes[requestedSize];
+
+    if (!width && !height) {
+        return parsedUrl.toString();
+    }
+
+    parsedUrl.searchParams.delete('w');
+    parsedUrl.searchParams.delete('h');
+
+    if (width) {
+        parsedUrl.searchParams.set('w', width);
+    }
+    if (height) {
+        parsedUrl.searchParams.set('h', height);
+    }
+    return parsedUrl.toString();
+}
+
+/**
+ * 
+ * @param {string} imagePath 
+ * @param {Object} sizeOptions 
+ * @param {string} sizeOptions.requestedSize
+ * @param {Object[]} sizeOptions.imageSizes
+ * @param {string} [sizeOptions.requestedFormat]
+ * @returns 
+ */
+function getImageWithSize(imagePath, sizeOptions) {
     const hasLeadingSlash = imagePath[0] === '/';
 
     if (hasLeadingSlash) {
-        return '/' + getImageWithSize(imagePath.slice(1), requestedSize, imageSizes);
+        return '/' + getImageWithSize(imagePath.slice(1), sizeOptions);
     }
+    const {requestedSize, imageSizes, requestedFormat} = sizeOptions;
 
     if (!requestedSize) {
         return imagePath;
@@ -123,8 +183,9 @@ function getImageWithSize(imagePath, requestedSize, imageSizes) {
     const [imgBlogUrl, imageName] = imagePath.split(STATIC_IMAGE_URL_PREFIX);
 
     const sizeDirectoryName = prefixIfPresent('w', width) + prefixIfPresent('h', height);
+    const formatPrefix = requestedFormat && imageTransform.canTransformToFormat(requestedFormat) ? `/format/${requestedFormat}` : '';
 
-    return [imgBlogUrl, STATIC_IMAGE_URL_PREFIX, `/size/${sizeDirectoryName}`, imageName].join('');
+    return [imgBlogUrl, STATIC_IMAGE_URL_PREFIX, `/size/${sizeDirectoryName}`, formatPrefix, imageName].join('');
 }
 
 function prefixIfPresent(prefix, string) {

package/core/frontend/utils/frontend-apps.js

@@ -0,0 +1,33 @@
+const {config} = require('../services/proxy');
+
+function getFrontendAppConfig(app) {
+    const appVersion = config.get(`${app}:version`);
+    let scriptUrl = config.get(`${app}:url`);
+    let stylesUrl = config.get(`${app}:styles`);
+    if (scriptUrl.includes('{version}')) {
+        scriptUrl = scriptUrl.replace('{version}', appVersion);
+    }
+    if (stylesUrl?.includes('{version}')) {
+        stylesUrl = stylesUrl.replace('{version}', appVersion);
+    }
+    return {
+        scriptUrl,
+        stylesUrl,
+        appVersion
+    };
+}
+
+function getDataAttributes(data) {
+    let dataAttributes = '';
+
+    if (!data) {
+        return dataAttributes;
+    }
+    Object.entries(data).forEach(([key, value]) => {
+        dataAttributes += `data-${key}="${value}" `;
+    });
+
+    return dataAttributes.trim();
+}
+
+module.exports = {getFrontendAppConfig, getDataAttributes};

package/core/frontend/web/middleware/handle-image-sizes.js

@@ -58,11 +58,6 @@ module.exports = function (req, res, next) {
     const themeImageSizes = activeTheme.get().config('image_sizes');
     const imageSizes = _.merge({}, themeImageSizes, internalImageSizes, contentImageSizes);
 
-    // CASE: no image_sizes config (NOTE - unlikely to be reachable now we have content sizes)
-    if (!imageSizes) {
-        return redirectToOriginal();
-    }
-
     // build a new object with keys that match the strings used in size paths like "w640h480"
     const imageDimensions = {};
     Object.keys(imageSizes).forEach((size) => {
@@ -106,16 +101,16 @@ module.exports = function (req, res, next) {
         return redirectToOriginal();
     }
 
+    // exit early if sharp isn't installed to avoid extra file reads
+    if (!imageTransform.canTransformFiles()) {
+        return redirectToOriginal();
+    }
+
     storageInstance.exists(req.url).then((exists) => {
         if (exists) {
             return;
         }
 
-        // exit early if sharp isn't installed to avoid extra file reads
-        if (!imageTransform.canTransformFiles()) {
-            return redirectToOriginal();
-        }
-
         const {dir, name, ext} = path.parse(imagePath);
         const [imageNameMatched, imageName, imageNumber] = name.match(/^(.+?)(-\d+)?$/) || [null];
 
@@ -148,7 +143,8 @@ module.exports = function (req, res, next) {
     }).then(() => {
         if (format) {
             // File extension won't match the new format, so we need to update the Content-Type header manually here
-            res.type(format);
+            // Express JS still uses an out of date mime package, which doesn't support avif
+            res.type(format === 'avif' ? 'image/avif' : format);
         }
         next();
     }).catch(function (err) {

package/core/server/api/endpoints/{comments-comments.js → comments-members.js}

@@ -3,6 +3,7 @@ const tpl = require('@tryghost/tpl');
 const errors = require('@tryghost/errors');
 const models = require('../../models');
 const db = require('../../data/db');
+const commentsService = require('../../services/comments');
 const ALLOWED_INCLUDES = ['post', 'member', 'likes', 'replies'];
 const UNSAFE_ATTRS = ['status'];
 
@@ -33,7 +34,7 @@ module.exports = {
         },
         permissions: true,
         query(frame) {
-            return models.Comment.findPage(frame.options);
+            return commentsService.controller.browse(frame);
         }
     },
 
@@ -52,16 +53,7 @@ module.exports = {
         },
         permissions: true,
         query(frame) {
-            return models.Comment.findOne(frame.data, frame.options)
-                .then((model) => {
-                    if (!model) {
-                        return Promise.reject(new errors.NotFoundError({
-                            message: tpl(messages.commentNotFound)
-                        }));
-                    }
-
-                    return model;
-                });
+            return commentsService.controller.read(frame);
         }
     },
 
@@ -83,16 +75,7 @@ module.exports = {
         },
         permissions: true,
         query(frame) {
-            return models.Comment.edit(frame.data.comments[0], frame.options)
-                .then((model) => {
-                    if (!model) {
-                        return Promise.reject(new errors.NotFoundError({
-                            message: tpl(messages.commentNotFound)
-                        }));
-                    }
-
-                    return model;
-                });
+            return commentsService.controller.edit(frame);
         }
     },
 
@@ -116,19 +99,7 @@ module.exports = {
             unsafeAttrs: UNSAFE_ATTRS
         },
         query(frame) {
-            // TODO: move to comment service
-            const data = frame.data.comments[0];
-
-            if (frame.options?.context?.member?.id) {
-                data.member_id = frame.options.context.member.id;
-
-                // todo: add validation that the parent comment is on the same post, and not deleted
-                return models.Comment.add(data, frame.options);
-            } else {
-                return Promise.reject(new errors.NotFoundError({
-                    message: tpl(messages.memberNotFound)
-                }));
-            }
+            return commentsService.controller.add(frame);
         }
     },
 
@@ -145,15 +116,7 @@ module.exports = {
         },
         permissions: true,
         query(frame) {
-            frame.options.require = true;
-
-            return models.Comment.destroy(frame.options)
-                .then(() => null)
-                .catch(models.Comment.NotFoundError, () => {
-                    return Promise.reject(new errors.NotFoundError({
-                        message: tpl(messages.commentNotFound)
-                    }));
-                });
+            return commentsService.controller.destroy(frame);
         }
     },
 
@@ -243,5 +206,23 @@ module.exports = {
                 }));
             }
         }
+    },
+
+    report: {
+        statusCode: 204,
+        options: [
+            'id'
+        ],
+        validation: {},
+        permissions: true,
+        async query(frame) {
+            if (!frame.options?.context?.member?.id) {
+                return Promise.reject(new errors.UnauthorizedError({
+                    message: tpl(messages.memberNotFound)
+                }));
+            }
+
+            await commentsService.api.reportComment(frame.options.id, frame.options?.context?.member);
+        }
     }
 };

package/core/server/api/endpoints/index.js

@@ -225,11 +225,7 @@ module.exports = {
         return shared.pipeline(require('./offers-public'), localUtils, 'content');
     },
 
-    /**
-     * Comment API
-     */
-
-    get commentsComments() {
-        return shared.pipeline(require('./comments-comments'), localUtils, 'comments');
+    get commentsMembers() {
+        return shared.pipeline(require('./comments-members'), localUtils, 'comments');
     }
 };

package/core/server/api/endpoints/utils/serializers/output/config.js

@@ -18,7 +18,8 @@ module.exports = {
             'mailgunIsConfigured',
             'emailAnalytics',
             'hostSettings',
-            'tenor'
+            'tenor',
+            'editor'
         ];
 
         frame.response = {

package/core/server/api/endpoints/utils/serializers/output/mappers/activity-feed-events.js

@@ -0,0 +1,17 @@
+const mapComment = require('./comments');
+
+const commentEventMapper = (json, frame) => {
+    return {
+        ...json,
+        data: mapComment(json.data, frame)
+    };
+};
+
+const activityFeedMapper = (event, frame) => {
+    if (event.type === 'comment_event') {
+        return commentEventMapper(event, frame);
+    }
+    return event;
+};
+
+module.exports = activityFeedMapper;

package/core/server/api/endpoints/utils/serializers/output/mappers/comments.js

@@ -1,4 +1,5 @@
 const _ = require('lodash');
+const url = require('../utils/url');
 
 const commentFields = [
     'id',
@@ -16,6 +17,13 @@ const memberFields = [
     'avatar_image'
 ];
 
+const postFields = [
+    'id',
+    'uuid',
+    'title',
+    'url'
+];
+
 const commentMapper = (model, frame) => {
     const jsonModel = model.toJSON ? model.toJSON(frame.options) : model;
 
@@ -37,6 +45,16 @@ const commentMapper = (model, frame) => {
         response.replies = jsonModel.replies.map(reply => commentMapper(reply, frame));
     }
 
+    if (jsonModel.parent) {
+        response.parent = commentMapper(jsonModel.parent, frame);
+    }
+
+    if (jsonModel.post) {
+        // We could use the post mapper here, but we need less field + don't need al the async behaviour support
+        url.forPost(jsonModel.post.id, jsonModel.post, frame);
+        response.post = _.pick(jsonModel.post, postFields);
+    }
+
     // todo
     response.liked = false;
     if (jsonModel.likes && frame.original.context.member && frame.original.context.member.id) {

package/core/server/api/endpoints/utils/serializers/output/mappers/index.js

@@ -1,5 +1,6 @@
 module.exports = {
     actions: require('./actions'),
+    activityFeedEvents: require('./activity-feed-events'),
     authors: require('./authors'),
     comments: require('./comments'),
     emails: require('./emails'),

package/core/server/api/endpoints/utils/serializers/output/mappers/posts.js

@@ -17,6 +17,8 @@ const postsMetaSchema = require('../../../../../../data/schema').tables.posts_me
 const getPostServiceInstance = require('../../../../../../services/posts/posts-service');
 const postsService = getPostServiceInstance();
 
+const commentsService = require('../../../../../../services/comments');
+
 module.exports = async (model, frame, options = {}) => {
     const {tiers: tiersData} = options || {};
     const extendedOptions = Object.assign(_.cloneDeep(frame.options), {
@@ -54,6 +56,15 @@ module.exports = async (model, frame, options = {}) => {
     if (utils.isContentAPI(frame)) {
         date.forPost(jsonModel);
         gating.forPost(jsonModel, frame);
+        if (jsonModel.access) {
+            if (commentsService?.api?.enabled !== 'off') {
+                jsonModel.comments = true;
+            } else {
+                jsonModel.comments = false;
+            }
+        } else {
+            jsonModel.comments = false;
+        }
     }
 
     // Transforms post/page metadata to flat structure

package/core/server/api/endpoints/utils/serializers/output/members.js

@@ -1,6 +1,7 @@
 //@ts-check
 const debug = require('@tryghost/debug')('api:endpoints:utils:serializers:output:members');
 const {unparse} = require('@tryghost/members-csv');
+const mappers = require('./mappers');
 
 module.exports = {
     browse: createSerializer('browse', paginatedMembers),
@@ -18,7 +19,7 @@ module.exports = {
     importCSV: createSerializer('importCSV', passthrough),
     memberStats: createSerializer('memberStats', passthrough),
     mrrStats: createSerializer('mrrStats', passthrough),
-    activityFeed: createSerializer('activityFeed', passthrough)
+    activityFeed: createSerializer('activityFeed', activityFeed)
 };
 
 /**
@@ -73,6 +74,16 @@ function bulkAction(bulkActionResult, _apiConfig, frame) {
     };
 }
 
+/**
+ *
+ * @returns {{events: any[]}}
+ */
+function activityFeed(data, _apiConfig, frame) {
+    return {
+        events: data.events.map(e => mappers.activityFeedEvents(e, frame))
+    };
+}
+
 /**
  * @template PageMeta
  *

package/core/server/api/endpoints/utils/serializers/output/utils/clean.js

@@ -102,6 +102,10 @@ const post = (attrs, frame) => {
         if (columns && columns.includes('visibility') && fields && !fields.includes('visibility')) {
             delete attrs.visibility;
         }
+
+        if (fields && !fields.includes('comments')) {
+            delete attrs.comments;
+        }
     }
 
     if (columns && columns.includes('email_segment') && fields && !fields.includes('email_segment')) {

package/core/server/data/exporter/table-lists.js

@@ -34,7 +34,8 @@ const BACKUP_TABLES = [
     'members_newsletters',
     'comments',
     'comment_likes',
-    'comment_reports'
+    'comment_reports',
+    'jobs'
 ];
 
 // NOTE: exposing only tables which are going to be included in a "default" export file

package/core/server/data/migrations/versions/5.3/2022-07-06-09-17-add-ghost-explore-integration.js

@@ -6,7 +6,6 @@ module.exports = createTransactionalMigration(
     async function up(knex) {
         logging.info('Creating Ghost Explore Integration');
         const existingIntegration = await knex('integrations').where({
-            type: 'internal',
             name: 'Ghost Explore',
             slug: 'ghost-explore'
         }).first();

package/core/server/data/migrations/versions/5.3/2022-07-06-09-26-add-ghost-explore-integration-api-key.js

@@ -10,7 +10,6 @@ module.exports = createTransactionalMigration(
 
         const integration = await knex('integrations').where({
             slug: 'ghost-explore',
-            type: 'internal',
             name: 'Ghost Explore'
         }).first();
 

package/core/server/data/migrations/versions/5.5/2022-07-18-14-29-add-comment-reporting-permissions.js

@@ -0,0 +1,10 @@
+const {addPermissionWithRoles} = require('../../utils');
+
+module.exports = addPermissionWithRoles({
+    name: 'Report comments',
+    action: 'report',
+    object: 'comment'
+}, [
+    'Administrator',
+    'Admin Integration'
+]);

package/core/server/data/migrations/versions/5.5/2022-07-18-14-31-drop-reports-reason.js

@@ -0,0 +1,3 @@
+const {createDropColumnMigration} = require('../../utils');
+
+module.exports = createDropColumnMigration('comment_reports', 'reason', {type: 'text', maxlength: 65535, nullable: false});

package/core/server/data/migrations/versions/5.5/2022-07-18-14-32-drop-nullable-member-id-from-likes.js

@@ -0,0 +1,4 @@
+const {createDropNullableMigration} = require('../../utils');
+
+// We need to disable foreign key checks because if MySQL is missing the STRICT_TRANS_TABLES mode, we cannot drop nullable from a foreign key
+module.exports = createDropNullableMigration('comment_likes', 'member_id', {disableForeignKeyChecks: true});