npm - ghost - Versions diffs - 5.8.2 → 5.9.1 - Mend

ghost 5.8.2 → 5.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (117) hide show

package/core/server/services/comments/email-templates/report.hbs CHANGED Viewed

@@ -94,7 +94,7 @@
       border-bottom-color: #EEF5F8;
     }
     a {
-      color: #3A464C;
+      color: #15212A;
     }
     </style>
   </head>
@@ -116,7 +116,7 @@
                     <tr>
                       <td style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; vertical-align: top;">
                         <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 20px; color: #15212A; font-weight: bold; line-height: 25px; margin: 0; margin-bottom: 15px;">Hey there,</p>
-                          <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; color: #3A464C; font-weight: normal; margin: 0; line-height: 25px; margin-bottom: 32px;">{{reporter}} has reported the comment below on <a href="{{postUrl}}" target="_blank">{{postTitle}}</a>. This comment will remain visible until you choose to remove it, which can be done directly on the post.</p>
+                          <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; color: #3A464C; font-weight: normal; margin: 0; line-height: 25px; margin-bottom: 32px;">{{reporter}} has reported the comment below on <a href="{{postUrl}}" target="_blank" style="font-weight: bold; text-decoration: underline; color: #15212A;">{{postTitle}}</a>. This comment will remain visible until you choose to remove it, which can be done directly on the post.</p>
                         <table width="100" border="0" cellpadding="0" cellspacing="0" class="btn btn-primary" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; table-layout: fixed; width: 100%; min-width: 100%; box-sizing: border-box; background: #F9F9FA; border-radius: 7px;">
                         <tbody>

package/core/server/services/comments/service.js CHANGED Viewed

@@ -115,7 +115,18 @@ class CommentsService {
      */
     async getComments(options) {
         this.checkEnabled();
-        const page = await this.models.Comment.findPage(options);
+        const page = await this.models.Comment.findPage({...options, parentId: null});
+        return page;
+    }
+    /**
+     * @param {string} id - The ID of the Comment to get replies from
+     * @param {any} options
+     */
+    async getReplies(id, options) {
+        this.checkEnabled();
+        const page = await this.models.Comment.findPage({...options, parentId: id});
         return page;
     }
@@ -181,7 +192,8 @@ class CommentsService {
             commentId: model.id
         }));
-        return model;
+        // Instead of returning the model, fetch it again, so we have all the relations properly fetched
+        return await this.models.Comment.findOne({id: model.id}, {...options, require: true});
     }
     /**
@@ -240,7 +252,8 @@ class CommentsService {
             commentId: model.id
         }));
-        return model;
+        // Instead of returning the model, fetch it again, so we have all the relations properly fetched
+        return await this.models.Comment.findOne({id: model.id}, {...options, require: true});
     }
     /**

package/core/server/services/comments/stats.js CHANGED Viewed

@@ -11,6 +11,7 @@ module.exports = class CommentsStatsService {
         const results = await this.db.knex('comments')
             .select(this.db.knex.raw(`COUNT(*) AS count, post_id`))
             .groupBy('post_id')
+            .where('status', 'published')
             .whereIn('post_id', ids);
         const counts = ids.reduce((memo, id) => {
@@ -30,6 +31,7 @@ module.exports = class CommentsStatsService {
     async getAllCounts() {
         const results = await this.db.knex('comments')
             .select(this.db.knex.raw(`COUNT(*) AS count, post_id`))
+            .where('status', 'published')
             .groupBy('post_id');
         /** @type Object<string, number> */

package/core/server/services/email-analytics/jobs/fetch-latest.js CHANGED Viewed

@@ -1,4 +1,4 @@
-const {parentPort} = require('bthreads');
+const {parentPort} = require('worker_threads');
 const debug = require('@tryghost/debug')('jobs:email-analytics:fetch-latest');
 // recurring job to fetch analytics since the most recently seen event timestamp

package/core/server/services/mega/post-email-serializer.js CHANGED Viewed

@@ -5,7 +5,7 @@ const urlUtils = require('../../../shared/url-utils');
 const labs = require('../../../shared/labs');
 const moment = require('moment-timezone');
 const api = require('../../api').endpoints;
-const apiShared = require('../../api').shared;
+const apiFramework = require('@tryghost/api-framework');
 const {URL} = require('url');
 const mobiledocLib = require('../../lib/mobiledoc');
 const htmlToPlaintext = require('@tryghost/html-to-plaintext');
@@ -104,7 +104,7 @@ const serializePostModel = async (model) => {
     const frame = {options: {context: {user: true}, formats: 'mobiledoc'}};
     const docName = 'posts';
-    await apiShared
+    await apiFramework
         .serializers
         .handle
         .output(model, {docName: docName, method: 'read'}, api.serializers.output, frame);

package/core/server/services/permissions/can-this.js CHANGED Viewed

@@ -12,186 +12,179 @@ const messages = {
     noActionsMapFoundError: 'No actions map found, ensure you have loaded permissions into database and then call permissions.init() before use.'
 };
-let canThis;
-let CanThisResult;
-// Base class for canThis call results
-CanThisResult = function () {
-};
-CanThisResult.prototype.buildObjectTypeHandlers = function (objTypes, actType, context, permissionLoad) {
-    const objectTypeModelMap = {
-        post: models.Post,
-        role: models.Role,
-        user: models.User,
-        permission: models.Permission,
-        setting: models.Settings,
-        invite: models.Invite,
-        integration: models.Integration,
-        comment: models.Comment
-    };
-    // Iterate through the object types, i.e. ['post', 'tag', 'user']
-    return _.reduce(objTypes, function (objTypeHandlers, objType) {
-        // Grab the TargetModel through the objectTypeModelMap
-        const TargetModel = objectTypeModelMap[objType];
-        // Create the 'handler' for the object type;
-        // the '.post()' in canThis(user).edit.post()
-        objTypeHandlers[objType] = function (modelOrId, unsafeAttrs) {
-            let modelId;
-            unsafeAttrs = unsafeAttrs || {};
-            // If it's an internal request, resolve immediately
-            if (context.internal) {
-                return Promise.resolve();
-            }
-            if (_.isNumber(modelOrId) || _.isString(modelOrId)) {
-                // It's an id already, do nothing
-                modelId = modelOrId;
-            } else if (modelOrId) {
-                // It's a model, get the id
-                modelId = modelOrId.id;
-            }
-            // Wait for the user loading to finish
-            return permissionLoad.then(function (loadedPermissions) {
-                // Iterate through the user permissions looking for an affirmation
-                const userPermissions = loadedPermissions.user ? loadedPermissions.user.permissions : null;
-                const apiKeyPermissions = loadedPermissions.apiKey ? loadedPermissions.apiKey.permissions : null;
-                const memberPermissions = loadedPermissions.member ? loadedPermissions.member.permissions : null;
-                let hasUserPermission;
-                let hasApiKeyPermission;
-                let hasMemberPermission = false;
-                const checkPermission = function (perm) {
-                    let permObjId;
-                    // Look for a matching action type and object type first
-                    if (perm.get('action_type') !== actType || perm.get('object_type') !== objType) {
-                        return false;
-                    }
-                    // Grab the object id (if specified, could be null)
-                    permObjId = perm.get('object_id');
-                    // If we didn't specify a model (any thing)
-                    // or the permission didn't have an id scope set
-                    // then the "thing" has permission
-                    if (!modelId || !permObjId) {
-                        return true;
-                    }
-                    // Otherwise, check if the id's match
-                    // TODO: String vs Int comparison possibility here?
-                    return modelId === permObjId;
-                };
-                if (loadedPermissions.user && _.some(loadedPermissions.user.roles, {name: 'Owner'})) {
-                    hasUserPermission = true;
-                } else if (!_.isEmpty(userPermissions)) {
-                    hasUserPermission = _.some(userPermissions, checkPermission);
-                }
+class CanThisResult {
+    buildObjectTypeHandlers(objTypes, actType, context, permissionLoad) {
+        const objectTypeModelMap = {
+            post: models.Post,
+            role: models.Role,
+            user: models.User,
+            permission: models.Permission,
+            setting: models.Settings,
+            invite: models.Invite,
+            integration: models.Integration,
+            comment: models.Comment
+        };
-                if (loadedPermissions.member) {
-                    hasMemberPermission = _.some(memberPermissions, checkPermission);
-                }
+        // Iterate through the object types, i.e. ['post', 'tag', 'user']
+        return _.reduce(objTypes, function (objTypeHandlers, objType) {
+            // Grab the TargetModel through the objectTypeModelMap
+            const TargetModel = objectTypeModelMap[objType];
-                // Check api key permissions if they were passed
-                hasApiKeyPermission = true;
-                if (!_.isNull(apiKeyPermissions)) {
-                    // api key request have no user, but we want the user permissions checks to pass
-                    hasUserPermission = true;
-                    hasApiKeyPermission = _.some(apiKeyPermissions, checkPermission);
-                }
+            // Create the 'handler' for the object type;
+            // the '.post()' in canThis(user).edit.post()
+            objTypeHandlers[objType] = function (modelOrId, unsafeAttrs) {
+                let modelId;
+                unsafeAttrs = unsafeAttrs || {};
-                // Offer a chance for the TargetModel to override the results
-                if (TargetModel && _.isFunction(TargetModel.permissible)) {
-                    return TargetModel.permissible(
-                        modelId, actType, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasApiKeyPermission, hasMemberPermission
-                    );
+                // If it's an internal request, resolve immediately
+                if (context.internal) {
+                    return Promise.resolve();
                 }
-                if (hasUserPermission && hasApiKeyPermission) {
-                    return;
+                if (_.isNumber(modelOrId) || _.isString(modelOrId)) {
+                    // It's an id already, do nothing
+                    modelId = modelOrId;
+                } else if (modelOrId) {
+                    // It's a model, get the id
+                    modelId = modelOrId.id;
                 }
+                // Wait for the user loading to finish
+                return permissionLoad.then(function (loadedPermissions) {
+                    // Iterate through the user permissions looking for an affirmation
+                    const userPermissions = loadedPermissions.user ? loadedPermissions.user.permissions : null;
+                    const apiKeyPermissions = loadedPermissions.apiKey ? loadedPermissions.apiKey.permissions : null;
+                    const memberPermissions = loadedPermissions.member ? loadedPermissions.member.permissions : null;
+                    let hasUserPermission;
+                    let hasApiKeyPermission;
+                    let hasMemberPermission = false;
+                    const checkPermission = function (perm) {
+                        let permObjId;
+                        // Look for a matching action type and object type first
+                        if (perm.get('action_type') !== actType || perm.get('object_type') !== objType) {
+                            return false;
+                        }
+                        // Grab the object id (if specified, could be null)
+                        permObjId = perm.get('object_id');
+                        // If we didn't specify a model (any thing)
+                        // or the permission didn't have an id scope set
+                        // then the "thing" has permission
+                        if (!modelId || !permObjId) {
+                            return true;
+                        }
+                        // Otherwise, check if the id's match
+                        // TODO: String vs Int comparison possibility here?
+                        return modelId === permObjId;
+                    };
+                    if (loadedPermissions.user && _.some(loadedPermissions.user.roles, {name: 'Owner'})) {
+                        hasUserPermission = true;
+                    } else if (!_.isEmpty(userPermissions)) {
+                        hasUserPermission = _.some(userPermissions, checkPermission);
+                    }
-                return Promise.reject(new errors.NoPermissionError({message: tpl(messages.noPermissionToAction)}));
-            });
-        };
-        return objTypeHandlers;
-    }, {});
-};
+                    if (loadedPermissions.member) {
+                        hasMemberPermission = _.some(memberPermissions, checkPermission);
+                    }
-CanThisResult.prototype.beginCheck = function (context) {
-    const self = this;
-    let userPermissionLoad;
-    let apiKeyPermissionLoad;
-    let memberPermissionLoad;
-    let permissionsLoad;
+                    // Check api key permissions if they were passed
+                    hasApiKeyPermission = true;
+                    if (!_.isNull(apiKeyPermissions)) {
+                        // api key request have no user, but we want the user permissions checks to pass
+                        hasUserPermission = true;
+                        hasApiKeyPermission = _.some(apiKeyPermissions, checkPermission);
+                    }
-    // Get context.user, context.api_key and context.app
-    context = parseContext(context);
+                    // Offer a chance for the TargetModel to override the results
+                    if (TargetModel && _.isFunction(TargetModel.permissible)) {
+                        return TargetModel.permissible(
+                            modelId, actType, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasApiKeyPermission, hasMemberPermission
+                        );
+                    }
-    if (actionsMap.empty()) {
-        throw new errors.InternalServerError({message: tpl(messages.noActionsMapFoundError)});
-    }
+                    if (hasUserPermission && hasApiKeyPermission) {
+                        return;
+                    }
-    // Kick off loading of user permissions if necessary
-    if (context.user) {
-        userPermissionLoad = providers.user(context.user);
-    } else {
-        // Resolve null if no context.user to prevent db call
-        userPermissionLoad = Promise.resolve(null);
-    }
+                    return Promise.reject(new errors.NoPermissionError({message: tpl(messages.noPermissionToAction)}));
+                });
+            };
-    // Kick off loading of api key permissions if necessary
-    if (context.api_key) {
-        apiKeyPermissionLoad = providers.apiKey(context.api_key.id);
-    } else {
-        // Resolve null if no context.api_key
-        apiKeyPermissionLoad = Promise.resolve(null);
+            return objTypeHandlers;
+        }, {});
     }
-    if (context.member) {
-        memberPermissionLoad = providers.member(context.member.id);
-    }
+    beginCheck(context) {
+        const self = this;
+        let userPermissionLoad;
+        let apiKeyPermissionLoad;
+        let memberPermissionLoad;
+        let permissionsLoad;
+        // Get context.user, context.api_key and context.app
+        context = parseContext(context);
+        if (actionsMap.empty()) {
+            throw new errors.InternalServerError({message: tpl(messages.noActionsMapFoundError)});
+        }
+        // Kick off loading of user permissions if necessary
+        if (context.user) {
+            userPermissionLoad = providers.user(context.user);
+        } else {
+            // Resolve null if no context.user to prevent db call
+            userPermissionLoad = Promise.resolve(null);
+        }
+        // Kick off loading of api key permissions if necessary
+        if (context.api_key) {
+            apiKeyPermissionLoad = providers.apiKey(context.api_key.id);
+        } else {
+            // Resolve null if no context.api_key
+            apiKeyPermissionLoad = Promise.resolve(null);
+        }
+        if (context.member) {
+            memberPermissionLoad = providers.member(context.member.id);
+        }
+        // Wait for both user and app permissions to load
+        permissionsLoad = Promise.all([userPermissionLoad, apiKeyPermissionLoad, memberPermissionLoad]).then(function (result) {
+            return {
+                user: result[0],
+                apiKey: result[1],
+                member: result[2]
+            };
+        });
-    // Wait for both user and app permissions to load
-    permissionsLoad = Promise.all([userPermissionLoad, apiKeyPermissionLoad, memberPermissionLoad]).then(function (result) {
-        return {
-            user: result[0],
-            apiKey: result[1],
-            member: result[2]
-        };
-    });
-    // Iterate through the actions and their related object types
-    _.each(actionsMap.getAll(), function (objTypes, actType) {
-        // Build up the object type handlers;
-        // the '.post()' parts in canThis(user).edit.post()
-        const objTypeHandlers = self.buildObjectTypeHandlers(objTypes, actType, context, permissionsLoad);
-        // Define a property for the action on the result;
-        // the '.edit' in canThis(user).edit.post()
-        Object.defineProperty(self, actType, {
-            writable: false,
-            enumerable: false,
-            configurable: false,
-            value: objTypeHandlers
+        // Iterate through the actions and their related object types
+        _.each(actionsMap.getAll(), function (objTypes, actType) {
+            // Build up the object type handlers;
+            // the '.post()' parts in canThis(user).edit.post()
+            const objTypeHandlers = self.buildObjectTypeHandlers(objTypes, actType, context, permissionsLoad);
+            // Define a property for the action on the result;
+            // the '.edit' in canThis(user).edit.post()
+            Object.defineProperty(self, actType, {
+                writable: false,
+                enumerable: false,
+                configurable: false,
+                value: objTypeHandlers
+            });
         });
-    });
-    // Return this for chaining
-    return this;
-};
+        // Return this for chaining
+        return this;
+    }
+}
-canThis = function (context) {
+module.exports = function canThis(context) {
     const result = new CanThisResult();
     return result.beginCheck(context);
 };
-module.exports = canThis;

package/core/server/services/permissions/parse-context.js CHANGED Viewed

@@ -3,12 +3,11 @@
  *
  * Utility function, to expand strings out into objects.
  * @param {Object|String} context
- * @return {{internal: boolean, external: boolean, user: integer|null, public: boolean, api_key: Object|null}}
+ * @return {{internal: boolean, user: integer|null, public: boolean, api_key: Object|null}}
  */
 module.exports = function parseContext(context) {
     const parsed = {
         internal: false,
-        external: false,
         user: null,
         api_key: null,
         integration: null,
@@ -16,12 +15,6 @@ module.exports = function parseContext(context) {
         public: true
     };
-    // NOTE: We use the `external` context for subscribers only at the moment.
-    if (context && (context === 'external' || context.external)) {
-        parsed.external = true;
-        parsed.public = false;
-    }
     if (context && (context === 'internal' || context.internal)) {
         parsed.internal = true;
         parsed.public = false;

package/core/server/services/webhooks/serialize.js CHANGED Viewed

@@ -2,7 +2,7 @@ module.exports = (event, model) => {
     const _ = require('lodash');
     const {sequence} = require('@tryghost/promise');
     const api = require('../../api').endpoints;
-    const apiShared = require('../../api').shared;
+    const apiFramework = require('@tryghost/api-framework');
     const resourceName = event.match(/(\w+)\./)[1];
     const docName = `${resourceName}s`;
@@ -23,7 +23,7 @@ module.exports = (event, model) => {
                 };
             }
-            return apiShared
+            return apiFramework
                 .serializers
                 .handle
                 .output(model, {docName: docName, method: 'read'}, api.serializers.output, frame)
@@ -46,7 +46,7 @@ module.exports = (event, model) => {
                 frame.options.withRelated = ['tags', 'authors'];
             }
-            return apiShared
+            return apiFramework
                 .serializers
                 .handle
                 .output(model, {docName: docName, method: 'read'}, api.serializers.output, frame)

package/core/server/web/api/endpoints/admin/routes.js CHANGED Viewed

@@ -1,6 +1,6 @@
 const express = require('../../../../../shared/express');
 const api = require('../../../../api').endpoints;
-const http = require('../../../../api').shared.http;
+const {http} = require('@tryghost/api-framework');
 const apiMw = require('../../middleware');
 const mw = require('./middleware');

package/core/server/web/api/endpoints/content/routes.js CHANGED Viewed

@@ -1,7 +1,7 @@
 const express = require('../../../../../shared/express');
 const cors = require('cors');
 const api = require('../../../../api').endpoints;
-const http = require('../../../../api').shared.http;
+const {http} = require('@tryghost/api-framework');
 const mw = require('./middleware');
 const config = require('../../../../../shared/config');

package/core/server/web/api/testmode/jobs/graceful-job.js CHANGED Viewed

@@ -1,4 +1,4 @@
-const {parentPort} = require('bthreads');
+const {parentPort} = require('worker_threads');
 const util = require('util');
 let shutdown = false;

package/core/server/web/comments/routes.js CHANGED Viewed

@@ -1,6 +1,6 @@
 const express = require('../../../shared/express');
 const api = require('../../api').endpoints;
-const http = require('../../api').shared.http;
+const {http} = require('@tryghost/api-framework');
 const bodyParser = require('body-parser');
 const membersService = require('../../../server/services/members');
@@ -23,6 +23,7 @@ module.exports = function apiRoutes() {
     router.post('/:id/like', http(api.commentsMembers.like));
     router.delete('/:id/like', http(api.commentsMembers.unlike));
+    router.get('/:id/replies', http(api.commentsMembers.replies));
     router.post('/:id/report', http(api.commentsMembers.report));

package/core/server/web/shared/middleware/index.js CHANGED Viewed

@@ -8,7 +8,7 @@ module.exports = {
     },
     get cacheControl() {
-        return require('./cache-control');
+        return require('@tryghost/mw-cache-control');
     },
     get prettyUrls() {

package/core/shared/config/defaults.json CHANGED Viewed

@@ -137,7 +137,7 @@
     },
     "portal": {
         "url": "https://cdn.jsdelivr.net/npm/@tryghost/portal@~{version}/umd/portal.min.js",
-        "version": "2.5"
+        "version": "2.7"
     },
     "sodoSearch": {
         "url": "https://cdn.jsdelivr.net/npm/@tryghost/sodo-search@~{version}/umd/sodo-search.min.js",
@@ -147,7 +147,7 @@
     "comments": {
         "url": "https://cdn.jsdelivr.net/npm/@tryghost/comments-ui@~{version}/umd/comments-ui.min.js",
         "styles": "https://cdn.jsdelivr.net/npm/@tryghost/comments-ui@~{version}/umd/main.css",
-        "version": "0.4"
+        "version": "0.8"
     },
     "editor": {
         "url": "https://unpkg.com/@tryghost/koenig-react/dist/umd/koenig-react.min.js"

package/core/shared/labs.js CHANGED Viewed

@@ -27,7 +27,6 @@ const BETA_FEATURES = [
 const ALPHA_FEATURES = [
     'urlCache',
     'beforeAfterCard',
-    'comments',
     'freeTrial'
 ];