npm - ghost - Versions diffs - 5.55.1 → 5.56.0 - Mend

ghost 5.55.1 → 5.56.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (172) hide show

package/core/server/data/migrations/versions/5.56/2023-07-15-10-11-12-update-members-email-disabled-field.js ADDED Viewed

@@ -0,0 +1,22 @@
+const logging = require('@tryghost/logging');
+const {createTransactionalMigration} = require('../../utils');
+module.exports = createTransactionalMigration(
+    async function up(knex) {
+        logging.info('Setting email_disabled to true for all members that have their email on the suppression list');
+        await knex('members')
+            .join('suppressions', 'members.email', 'suppressions.email')
+            .update({
+                email_disabled: true
+            });
+    },
+    async function down(knex) {
+        logging.info('Setting email_disabled to false for all members');
+        await knex('members')
+            .update({
+                email_disabled: false
+            });
+    }
+);

package/core/server/data/schema/schema.js CHANGED Viewed

@@ -429,6 +429,7 @@ module.exports = {
         email_count: {type: 'integer', unsigned: true, nullable: false, defaultTo: 0},
         email_opened_count: {type: 'integer', unsigned: true, nullable: false, defaultTo: 0},
         email_open_rate: {type: 'integer', unsigned: true, nullable: true, index: true},
+        email_disabled: {type: 'boolean', nullable: false, defaultTo: false},
         last_seen_at: {type: 'dateTime', nullable: true},
         last_commented_at: {type: 'dateTime', nullable: true},
         created_at: {type: 'dateTime', nullable: false},

package/core/server/models/member.js CHANGED Viewed

@@ -471,7 +471,11 @@ const Member = ghostBookshelf.Model.extend({
         // we use raw queries instead of model relationships because model hydration is expensive
         const query = ghostBookshelf.knex('members_newsletters')
             .join('newsletters', 'members_newsletters.newsletter_id', '=', 'newsletters.id')
-            .where('newsletters.status', 'active')
+            .join('members', 'members_newsletters.member_id', '=', 'members.id')
+            .where({
+                'newsletters.status': 'active',
+                'members.email_disabled': false
+            })
             .distinct('member_id as id');
         if (unfilteredOptions.transacting) {

package/core/server/models/newsletter.js CHANGED Viewed

@@ -151,6 +151,16 @@ const Newsletter = ghostBookshelf.Model.extend({
                         .whereRaw('members_newsletters.newsletter_id = newsletters.id')
                         .as('count__members');
                 });
+            },
+            active_members(modelOrCollection) {
+                modelOrCollection.query('columns', 'newsletters.*', (qb) => {
+                    qb.count('members_newsletters.id')
+                        .from('members_newsletters')
+                        .join('members', 'members.id', 'members_newsletters.member_id')
+                        .whereRaw('members_newsletters.newsletter_id = newsletters.id')
+                        .andWhere('members.email_disabled', false)
+                        .as('count__active_members');
+                });
             }
         };
     },

package/core/server/models/post.js CHANGED Viewed

@@ -7,6 +7,7 @@ const tpl = require('@tryghost/tpl');
 const errors = require('@tryghost/errors');
 const nql = require('@tryghost/nql');
 const htmlToPlaintext = require('@tryghost/html-to-plaintext');
+const {posts: postExpansions} = require('@tryghost/nql-filter-expansions');
 const ghostBookshelf = require('./base');
 const config = require('../../shared/config');
 const settingsCache = require('../../shared/settings-cache');
@@ -290,28 +291,6 @@ Post = ghostBookshelf.Model.extend({
     filterExpansions: function filterExpansions() {
         const postsMetaKeys = _.without(ghostBookshelf.model('PostsMeta').prototype.orderAttributes(), 'posts_meta.id', 'posts_meta.post_id');
-        const expansions = [{
-            key: 'primary_tag',
-            replacement: 'tags.slug',
-            expansion: 'posts_tags.sort_order:0+tags.visibility:public'
-        }, {
-            key: 'primary_author',
-            replacement: 'authors.slug',
-            expansion: 'posts_authors.sort_order:0+authors.visibility:public'
-        }, {
-            key: 'authors',
-            replacement: 'authors.slug'
-        }, {
-            key: 'author',
-            replacement: 'authors.slug'
-        }, {
-            key: 'tag',
-            replacement: 'tags.slug'
-        }, {
-            key: 'tags',
-            replacement: 'tags.slug'
-        }];
         const postMetaKeyExpansions = postsMetaKeys.map((pmk) => {
             return {
                 key: pmk.split('.')[1],
@@ -319,7 +298,7 @@ Post = ghostBookshelf.Model.extend({
             };
         });
-        return expansions.concat(postMetaKeyExpansions);
+        return postExpansions.concat(postMetaKeyExpansions);
     },
     filterRelations: function filterRelations() {

package/core/server/services/collections/PostsRepository.js CHANGED Viewed

@@ -20,7 +20,9 @@ class PostsRepository {
                 id: postJson.id,
                 featured: postJson.featured,
                 published_at: this.moment(postJson.published_at).toISOString(true),
-                tags: postJson.tags.map(tag => tag.slug)
+                tags: postJson.tags.map(tag => ({
+                    slug: tag.slug
+                }))
             };
         });
     }

package/core/server/services/collections/service.js CHANGED Viewed

@@ -2,8 +2,8 @@ const {
     CollectionsService
 } = require('@tryghost/collections');
 const BookshelfCollectionsRepository = require('./BookshelfCollectionsRepository');
-const labs = require('../../../shared/labs');
+let inited = false;
 class CollectionsServiceWrapper {
     /** @type {CollectionsService} */
     api;
@@ -31,10 +31,10 @@ class CollectionsServiceWrapper {
     }
     async init() {
-        if (!labs.isSet('collections')) {
+        if (inited) {
             return;
         }
+        inited = true;
         this.api.subscribeToEvents();
         require('./intercept-events')();
     }

package/core/server/services/members/middleware.js CHANGED Viewed

@@ -105,11 +105,10 @@ const deleteSuppression = async function (req, res) {
     try {
         const member = await membersService.ssr.getMemberDataFromSession(req, res);
         const options = {
-            id: member.id,
-            withRelated: ['newsletters']
+            id: member.id
         };
         await emailSuppressionList.removeEmail(member.email);
-        await membersService.api.members.update({subscribed: true}, options);
+        await membersService.api.members.update({email_disabled: false}, options);
         res.writeHead(204);
         res.end();

package/core/server/services/segment/DomainEventsAnalytics.js CHANGED Viewed

@@ -65,7 +65,7 @@ module.exports = class DomainEventsAnalytics {
         if (event.data.milestone
             && event.data.milestone.value === 100
         ) {
-            const eventName = event.data.milestone.type === 'arr' ? '$100 MRR reached' : '100 Members reached';
+            const eventName = event.data.milestone.type === 'arr' ? '$100 ARR reached' : '100 Members reached';
             try {
                 this.#analytics.track(Object.assign(this.#trackDefaults, {}, {event: this.#prefix + eventName}));

package/core/server/services/url/UrlGenerator.js CHANGED Viewed

@@ -3,26 +3,7 @@ const nql = require('@tryghost/nql');
 const debug = require('@tryghost/debug')('services:url:generator');
 const localUtils = require('../../../shared/url-utils');
-// @TODO: merge with filter plugin
-const EXPANSIONS = [{
-    key: 'author',
-    replacement: 'authors.slug'
-}, {
-    key: 'tags',
-    replacement: 'tags.slug'
-}, {
-    key: 'tag',
-    replacement: 'tags.slug'
-}, {
-    key: 'authors',
-    replacement: 'authors.slug'
-}, {
-    key: 'primary_tag',
-    replacement: 'primary_tag.slug'
-}, {
-    key: 'primary_author',
-    replacement: 'primary_author.slug'
-}];
+const {posts: postExpansions} = require('@tryghost/nql-filter-expansions');
 /**
  * The UrlGenerator class is responsible to generate urls based on a router's conditions.
@@ -57,7 +38,7 @@ class UrlGenerator {
         if (filter) {
             this.filter = filter;
             this.nql = nql(this.filter, {
-                expansions: EXPANSIONS,
+                expansions: postExpansions,
                 transformer: nql.utils.mapKeyValues({
                     key: {
                         from: 'page',

package/core/server/web/api/endpoints/admin/routes.js CHANGED Viewed

@@ -22,6 +22,7 @@ module.exports = function apiRoutes() {
     // ## Collections
     router.get('/collections', mw.authAdminApi, labs.enabledMiddleware('collections'), http(api.collections.browse));
     router.get('/collections/:id', mw.authAdminApi, labs.enabledMiddleware('collections'), http(api.collections.read));
+    router.get('/collections/slug/:slug', mw.authAdminApi, labs.enabledMiddleware('collections'), http(api.collections.read));
     router.post('/collections', mw.authAdminApi, labs.enabledMiddleware('collections'), http(api.collections.add));
     router.put('/collections/:id', mw.authAdminApi, labs.enabledMiddleware('collections'), http(api.collections.edit));
     router.del('/collections/:id', mw.authAdminApi, labs.enabledMiddleware('collections'), http(api.collections.destroy));
@@ -313,7 +314,8 @@ module.exports = function apiRoutes() {
     // ## Email Preview
     router.get('/email_previews/posts/:id', mw.authAdminApi, http(api.email_previews.read));
-    router.post('/email_previews/posts/:id', mw.authAdminApi, http(api.email_previews.sendTestEmail));
+    // preview sending have an additional rate limiter to prevent abuse
+    router.post('/email_previews/posts/:id', shared.middleware.brute.previewEmailLimiter, mw.authAdminApi, http(api.email_previews.sendTestEmail));
     // ## Emails
     router.get('/emails', mw.authAdminApi, http(api.emails.browse));

package/core/server/web/api/endpoints/content/routes.js CHANGED Viewed

@@ -39,5 +39,8 @@ module.exports = function apiRoutes() {
     router.get('/tiers', mw.authenticatePublic, http(api.tiersPublic.browse));
     router.get('/offers/:id', mw.authenticatePublic, http(api.offersPublic.read));
+    router.get('/collections/:id', mw.authenticatePublic, http(api.collectionsPublic.readById));
+    router.get('/collections/slug/:slug', mw.authenticatePublic, http(api.collectionsPublic.readBySlug));
     return router;
 };

package/core/server/web/shared/middleware/api/spam-prevention.js CHANGED Viewed

@@ -21,7 +21,8 @@ const messages = {
         context: 'Too many login attempts.'
     },
     tooManyAttempts: 'Too many attempts.',
-    webmentionsBlock: 'Too many mention attempts'
+    webmentionsBlock: 'Too many mention attempts',
+    emailPreviewBlock: 'Only 10 test emails can be sent per hour'
 };
 let spamPrivateBlock = spam.private_block || {};
 let spamGlobalBlock = spam.global_block || {};
@@ -31,6 +32,7 @@ let spamUserLogin = spam.user_login || {};
 let spamMemberLogin = spam.member_login || {};
 let spamContentApiKey = spam.content_api_key || {};
 let spamWebmentionsBlock = spam.webmentions_block || {};
+let spamEmailPreviewBlock = spam.email_preview_block || {};
 let store;
 let memoryStore;
@@ -43,6 +45,7 @@ let membersAuthInstance;
 let membersAuthEnumerationInstance;
 let userResetInstance;
 let contentApiKeyInstance;
+let emailPreviewBlockInstance;
 const spamConfigKeys = ['freeRetries', 'minWait', 'maxWait', 'lifetime'];
@@ -152,6 +155,32 @@ const webmentionsBlock = () => {
     return webmentionsBlockInstance;
 };
+const emailPreviewBlock = () => {
+    const ExpressBrute = require('express-brute');
+    const BruteKnex = require('brute-knex');
+    const db = require('../../../../data/db');
+    store = store || new BruteKnex({
+        tablename: 'brute',
+        createTable: false,
+        knex: db.knex
+    });
+    emailPreviewBlockInstance = emailPreviewBlockInstance || new ExpressBrute(store,
+        extend({
+            attachResetToRequest: false,
+            failCallback(req, res, next) {
+                return next(new errors.TooManyRequestsError({
+                    message: messages.emailPreviewBlock
+                }));
+            },
+            handleStoreError: handleStoreError
+        }, pick(spamEmailPreviewBlock, spamConfigKeys))
+    );
+    return emailPreviewBlockInstance;
+};
 const membersAuth = () => {
     const ExpressBrute = require('express-brute');
     const BruteKnex = require('brute-knex');
@@ -349,6 +378,7 @@ module.exports = {
     privateBlog: privateBlog,
     contentApiKey: contentApiKey,
     webmentionsBlock: webmentionsBlock,
+    emailPreviewBlock: emailPreviewBlock,
     reset: () => {
         store = undefined;
         memoryStore = undefined;

package/core/server/web/shared/middleware/brute.js CHANGED Viewed

@@ -117,5 +117,18 @@ module.exports = {
                 return _next('webmention_blocked');
             }
         })(req, res, next);
+    },
+    /**
+     * Blocks preview email spam
+     */
+    previewEmailLimiter(req, res, next) {
+        return spamPrevention.emailPreviewBlock().getMiddleware({
+            ignoreIP: false,
+            key(_req, _res, _next) {
+                return _next('preview_email_blocked');
+            }
+        })(req, res, next);
     }
 };

package/core/shared/config/defaults.json CHANGED Viewed

@@ -108,6 +108,12 @@
             "maxWait": 100,
             "lifetime": 1000,
             "freeRetries": 100
+        },
+        "email_preview_block": {
+            "minWait": 360000,
+            "maxWait": 360000,
+            "lifetime": 3600,
+            "freeRetries": 10
         }
     },
     "caching": {

package/core/shared/config/env/config.testing-browser.json CHANGED Viewed

@@ -49,6 +49,12 @@
             "maxWait": 100000,
             "lifetime": 3600,
             "freeRetries": 3
+        },
+        "email_preview_block": {
+            "minWait": 360000,
+            "maxWait": 360000,
+            "lifetime": 3600,
+            "freeRetries": 10
         }
     },
     "privacy": {

package/core/shared/config/env/config.testing-mysql.json CHANGED Viewed

@@ -50,8 +50,13 @@
             "maxWait": 100000,
             "lifetime": 3600,
             "freeRetries": 3
+        },
+        "email_preview_block": {
+            "minWait": 360000,
+            "maxWait": 360000,
+            "lifetime": 3600,
+            "freeRetries": 10
         }
     },
     "privacy": {
         "useTinfoil": true,

package/core/shared/config/env/config.testing.json CHANGED Viewed

@@ -49,6 +49,12 @@
             "maxWait": 100000,
             "lifetime": 3600,
             "freeRetries": 3
+        },
+        "email_preview_block": {
+            "minWait": 360000,
+            "maxWait": 360000,
+            "lifetime": 3600,
+            "freeRetries": 10
         }
     },
     "privacy": {

package/core/shared/labs.js CHANGED Viewed

@@ -42,7 +42,9 @@ const ALPHA_FEATURES = [
     'flatUrls',
     'mailEvents',
     'collectionsCard',
-    'headerUpgrade'
+    'headerUpgrade',
+    'importMemberTier',
+    'tipsAndDonations'
 ];
 module.exports.GA_KEYS = [...GA_FEATURES];