npm - ghost - Versions diffs - 5.82.8 → 5.82.9 - Mend

ghost 5.82.8 → 5.82.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (277) hide show

package/core/server/api/endpoints/utils/serializers/input/pages.js CHANGED Viewed

@@ -1,12 +1,20 @@
 const _ = require('lodash');
 const debug = require('@tryghost/debug')('api:endpoints:utils:serializers:input:pages');
-const mobiledoc = require('../../../../../lib/mobiledoc');
+const {ValidationError} = require('@tryghost/errors');
+const tpl = require('@tryghost/tpl');
 const url = require('./utils/url');
 const slugFilterOrder = require('./utils/slug-filter-order');
 const localUtils = require('../../index');
+const mobiledoc = require('../../../../../lib/mobiledoc');
 const postsMetaSchema = require('../../../../../data/schema').tables.posts_meta;
 const clean = require('./utils/clean');
 const lexical = require('../../../../../lib/lexical');
+const sentry = require('../../../../../../shared/sentry');
+const messages = {
+    failedHtmlToMobiledoc: 'Failed to convert HTML to Mobiledoc',
+    failedHtmlToLexical: 'Failed to convert HTML to Lexical'
+};
 function removeSourceFormats(frame) {
     if (frame.options.formats?.includes('mobiledoc') || frame.options.formats?.includes('lexical')) {
@@ -136,7 +144,17 @@ module.exports = {
                 if (process.env.CI) {
                     console.time('htmlToMobiledocConverter (page)'); // eslint-disable-line no-console
                 }
-                frame.data.pages[0].mobiledoc = JSON.stringify(mobiledoc.htmlToMobiledocConverter(html));
+                try {
+                    frame.data.pages[0].mobiledoc = JSON.stringify(mobiledoc.htmlToMobiledocConverter(html));
+                } catch (err) {
+                    sentry.captureException(err);
+                    throw new ValidationError({
+                        message: tpl(messages.failedHtmlToMobiledoc),
+                        err
+                    });
+                }
                 if (process.env.CI) {
                     console.timeEnd('htmlToMobiledocConverter (page)'); // eslint-disable-line no-console
                 }
@@ -146,7 +164,17 @@ module.exports = {
                 if (process.env.CI) {
                     console.time('htmlToLexicalConverter (page)'); // eslint-disable-line no-console
                 }
-                frame.data.pages[0].lexical = JSON.stringify(lexical.htmlToLexicalConverter(html));
+                try {
+                    frame.data.pages[0].lexical = JSON.stringify(lexical.htmlToLexicalConverter(html));
+                } catch (err) {
+                    sentry.captureException(err);
+                    throw new ValidationError({
+                        message: tpl(messages.failedHtmlToLexical),
+                        err
+                    });
+                }
                 if (process.env.CI) {
                     console.timeEnd('htmlToLexicalConverter (page)'); // eslint-disable-line no-console
                 }

package/core/server/api/endpoints/utils/serializers/input/posts.js CHANGED Viewed

@@ -1,5 +1,7 @@
 const _ = require('lodash');
 const debug = require('@tryghost/debug')('api:endpoints:utils:serializers:input:posts');
+const {ValidationError} = require('@tryghost/errors');
+const tpl = require('@tryghost/tpl');
 const url = require('./utils/url');
 const slugFilterOrder = require('./utils/slug-filter-order');
 const localUtils = require('../../index');
@@ -7,6 +9,12 @@ const mobiledoc = require('../../../../../lib/mobiledoc');
 const postsMetaSchema = require('../../../../../data/schema').tables.posts_meta;
 const clean = require('./utils/clean');
 const lexical = require('../../../../../lib/lexical');
+const sentry = require('../../../../../../shared/sentry');
+const messages = {
+    failedHtmlToMobiledoc: 'Failed to convert HTML to Mobiledoc',
+    failedHtmlToLexical: 'Failed to convert HTML to Lexical'
+};
 function removeSourceFormats(frame) {
     if (frame.options.formats?.includes('mobiledoc') || frame.options.formats?.includes('lexical')) {
@@ -170,7 +178,17 @@ module.exports = {
                 if (process.env.CI) {
                     console.time('htmlToMobiledocConverter (post)'); // eslint-disable-line no-console
                 }
-                frame.data.posts[0].mobiledoc = JSON.stringify(mobiledoc.htmlToMobiledocConverter(html));
+                try {
+                    frame.data.posts[0].mobiledoc = JSON.stringify(mobiledoc.htmlToMobiledocConverter(html));
+                } catch (err) {
+                    sentry.captureException(err);
+                    throw new ValidationError({
+                        message: tpl(messages.failedHtmlToMobiledoc),
+                        err
+                    });
+                }
                 if (process.env.CI) {
                     console.timeEnd('htmlToMobiledocConverter (post)'); // eslint-disable-line no-console
                 }
@@ -180,7 +198,17 @@ module.exports = {
                 if (process.env.CI) {
                     console.time('htmlToLexicalConverter (post)'); // eslint-disable-line no-console
                 }
-                frame.data.posts[0].lexical = JSON.stringify(lexical.htmlToLexicalConverter(html));
+                try {
+                    frame.data.posts[0].lexical = JSON.stringify(lexical.htmlToLexicalConverter(html));
+                } catch (err) {
+                    sentry.captureException(err);
+                    throw new ValidationError({
+                        message: tpl(messages.failedHtmlToLexical),
+                        err
+                    });
+                }
                 if (process.env.CI) {
                     console.timeEnd('htmlToLexicalConverter (post)'); // eslint-disable-line no-console
                 }

package/core/server/api/endpoints/utils/serializers/input/utils/url.js CHANGED Viewed

@@ -25,11 +25,11 @@ const forPost = (attrs, options) => {
             }
             if (relation === 'author' && attrs.author) {
-                attrs.author = forUser(attrs.author, options);
+                attrs.author = forUser(attrs.author);
             }
             if (relation === 'authors' && attrs.authors) {
-                attrs.authors = attrs.authors.map(author => forUser(author, options));
+                attrs.authors = attrs.authors.map(author => forUser(author));
             }
         });
     }

package/core/server/api/endpoints/utils/serializers/output/mappers/activity-feed-events.js CHANGED Viewed

@@ -144,7 +144,7 @@ const activityFeedMapper = (event, frame) => {
         return clickEventMapper(event, frame);
     }
     if (event.type === 'aggregated_click_event') {
-        return aggregatedClickEventMapper(event, frame);
+        return aggregatedClickEventMapper(event);
     }
     if (event.type === 'feedback_event') {
         return feedbackEventMapper(event, frame);

package/core/server/api/endpoints/utils/serializers/output/members.js CHANGED Viewed

@@ -28,7 +28,7 @@ module.exports = {
  *
  * @param {{data: import('bookshelf').Model[], meta: PageMeta}} page
  * @param {APIConfig} _apiConfig
- * @param {Frame} frame
+ * @param {import('@tryghost/api-framework').Frame} frame
  *
  * @returns {{members: SerializedMember[], meta: PageMeta}}
  */
@@ -42,7 +42,7 @@ function paginatedMembers(page, _apiConfig, frame) {
 /**
  * @param {import('bookshelf').Model} model
  * @param {APIConfig} _apiConfig
- * @param {Frame} frame
+ * @param {import('@tryghost/api-framework').Frame} frame
  *
  * @returns {{members: SerializedMember[]}}
  */
@@ -55,7 +55,7 @@ function singleMember(model, _apiConfig, frame) {
 /**
  * @param {object} bulkActionResult
  * @param {APIConfig} _apiConfig
- * @param {Frame} frame
+ * @param {import('@tryghost/api-framework').Frame} frame
  *
  * @returns {{bulk: SerializedBulkAction}}
  */
@@ -219,9 +219,9 @@ function passthrough(data) {
  * @template Data
  * @template Response
  * @param {string} debugString
- * @param {(data: Data, apiConfig: APIConfig, frame: Frame) => Response} serialize - A function to serialize the data into an object suitable for API response
+ * @param {(data: Data, apiConfig: APIConfig, frame: import('@tryghost/api-framework').Frame) => Response} serialize
  *
- * @returns {(data: Data, apiConfig: APIConfig, frame: Frame) => void}
+ * @returns {(data: Data, apiConfig: APIConfig, frame: import('@tryghost/api-framework').Frame) => void}
  */
 function createSerializer(debugString, serialize) {
     return function serializer(data, apiConfig, frame) {
@@ -355,8 +355,3 @@ function createSerializer(debugString, serialize) {
  * @prop {string} docName
  * @prop {string} method
  */
-/**
- * @typedef {Object<string, any>} Frame
- * @prop {Object} options
- */

package/core/server/api/endpoints/utils/serializers/output/settings.js CHANGED Viewed

@@ -2,6 +2,8 @@ const _ = require('lodash');
 const utils = require('../../index');
 const mappers = require('./mappers');
+/** @typedef {import('@tryghost/api-framework').Frame} Frame */
 /**
  * Filters an object based on a given filter object
  * @private
@@ -25,7 +27,7 @@ function settingsFilter(settings, filter) {
  *
  * @param {Object} models
  * @param {Object} apiConfig
- * @param {Object} frame
+ * @param {Frame} frame
  */
 function serializeSettings(models, apiConfig, frame) {
     let filteredSettings;
@@ -79,7 +81,7 @@ function passthrough(data) {
  * @template Data
  * @param {Data} data
  * @param {Object} apiConfig
- * @param {Object} frame
+ * @param {Frame} frame
  */
 function serializeData(data, apiConfig, frame) {
     frame.response = data;

package/core/server/api/endpoints/utils/serializers/output/tiers.js CHANGED Viewed

@@ -20,7 +20,7 @@ module.exports = {
 function paginatedTiers(page, _apiConfig, frame) {
     return {
         tiers: page.data.map((model) => {
-            return serializeTier(model, frame.options, frame);
+            return serializeTier(model, frame.options);
         }),
         meta: page.meta
     };
@@ -36,7 +36,7 @@ function paginatedTiers(page, _apiConfig, frame) {
 function singleTier(model, _apiConfig, frame) {
     return {
         tiers: [
-            serializeTier(model, frame.options, frame)
+            serializeTier(model, frame.options)
         ]
     };
 }
@@ -131,7 +131,4 @@ function createSerializer(debugString, serialize) {
  * @prop {string} method
  */
-/**
- * @typedef {Object<string, any>} Frame
- * @prop {Object} options
- */
+/** @typedef {import('@tryghost/api-framework').Frame} Frame */

package/core/server/api/endpoints/utils/validators/input/password_reset.js CHANGED Viewed

@@ -25,7 +25,7 @@ module.exports = {
     generateResetToken(apiConfig, frame) {
         debug('generateResetToken');
-        const email = frame.data.password_reset[0].email;
+        const email = frame.data.password_reset?.[0]?.email;
         if (typeof email !== 'string' || !validator.isEmail(email)) {
             throw new errors.BadRequestError({

package/core/server/api/endpoints/utils/validators/utils/json-schema.js CHANGED Viewed

@@ -5,8 +5,7 @@ const jsonSchema = require('@tryghost/admin-api-schema');
  * @param {Object} apiConfig "frame" api configuration object
  * @param {string} apiConfig.docName the name of the resource
  * @param {string} apiConfig.method API's method name
- * @param {Object} frame "frame" object with data attached to it
- * @param {Object} frame.data request data to validate
+ * @param {import('@tryghost/api-framework').Frame} frame "frame" object with data attached to it
  */
 const validate = async (apiConfig, frame) => await jsonSchema.validate({
     data: frame.data,

package/core/server/api/endpoints/webhooks.js CHANGED Viewed

@@ -15,7 +15,8 @@ const webhooksService = getWebhooksServiceInstance({
     WebhookModel: models.Webhook
 });
-module.exports = {
+/** @type {import('@tryghost/api-framework').Controller} */
+const controller = {
     docName: 'webhooks',
     add: {
@@ -133,3 +134,5 @@ module.exports = {
         }
     }
 };
+module.exports = controller;

package/core/server/data/importer/import-manager.js CHANGED Viewed

@@ -235,6 +235,14 @@ class ImportManager {
                     help: tpl(messages.invalidZipFileNameEncodingHelp),
                     code: 'INVALID_ZIP_FILE_NAME_ENCODING'
                 });
+            } else if (
+                err.message.includes('end of central directory record signature not found')
+                || err.message.includes('invalid comment length')
+            ) { // This comes from Yauzl when the zip is invalid
+                throw new errors.UnsupportedMediaTypeError({
+                    message: tpl(messages.invalidZipFileNameEncoding),
+                    code: 'INVALID_ZIP_FILE'
+                });
             }
             throw err;
         }

package/core/server/services/comments/CommentsController.js CHANGED Viewed

@@ -2,7 +2,7 @@ const _ = require('lodash');
 const errors = require('@tryghost/errors');
 /**
- * @typedef {import('../../api/shared/frame')} Frame
+ * @typedef {import('@tryghost/api-framework').Frame} Frame
  */
 const {MethodNotAllowedError} = require('@tryghost/errors');

package/core/server/services/url/UrlService.js CHANGED Viewed

@@ -219,14 +219,12 @@ class UrlService {
      * They would show localhost:2368/null/.
      *
      * @param {String} id
-     * @param {Object} options
+     * @param {Object} [options]
      * @param {Object} [options.absolute]
      * @param {Object} [options.withSubdirectory]
      * @returns {String}
      */
-    getUrlByResourceId(id, options) {
-        options = options || {};
+    getUrlByResourceId(id, options = {}) {
         const obj = this.urls.getByResourceId(id);
         if (obj) {

package/core/server/web/admin/app.js CHANGED Viewed

@@ -10,6 +10,10 @@ const errorHandler = require('@tryghost/mw-error-handler');
 const sentry = require('../../../shared/sentry');
 const redirectAdminUrls = require('./middleware/redirect-admin-urls');
+/**
+ *
+ * @returns {import('express').Application}
+ */
 module.exports = function setupAdminApp() {
     debug('Admin setup start');
     const adminApp = express('admin');
@@ -34,7 +38,7 @@ module.exports = function setupAdminApp() {
     // request to the Admin API /users/me/ endpoint to check if the user is logged in.
     //
     // Used by comments-ui to add moderation options to front-end comments when logged in.
-    adminApp.use('/auth-frame', (req, res, next) => {
+    adminApp.use('/auth-frame', function authFrameMw(req, res, next) {
         // only render content when we have an Admin session cookie,
         // otherwise return a 204 to avoid JS and API requests being made unnecessarily
         try {

package/core/server/web/admin/controller.js CHANGED Viewed

@@ -20,8 +20,8 @@ const messages = {
  *
  * Every request to the admin panel will re-trigger the update check service.
  *
- * @param req
- * @param res
+ * @param {import('express').Request} req
+ * @param {import('express').Response} res
  */
 module.exports = function adminController(req, res) {
     debug('index called');
@@ -47,16 +47,15 @@ module.exports = function adminController(req, res) {
         }
         res.sendFile(templatePath, {headers});
-    } catch (error) {
-        if (error.code === 'ENOENT') {
+    } catch (err) {
+        if (err.code === 'ENOENT') {
             throw new errors.IncorrectUsageError({
                 message: tpl(messages.templateError.message, {templatePath}),
                 context: tpl(messages.templateError.context),
                 help: tpl(messages.templateError.help, {link: 'https://ghost.org/docs/install/source/'}),
-                error: error
+                err
             });
-        } else {
-            throw error;
         }
+        throw err;
     }
 };

package/core/server/web/admin/middleware/redirect-admin-urls.js CHANGED Viewed

@@ -1,5 +1,11 @@
 const urlUtils = require('../../../../shared/url-utils');
+/**
+ *
+ * @param {import('express').Request} req
+ * @param {import('express').Response} res
+ * @param {import('express').NextFunction} next
+ */
 function redirectAdminUrls(req, res, next) {
     const subdir = urlUtils.getSubdir();
     const ghostPathRegex = new RegExp(`^${subdir}/ghost/(.+)`);

package/core/server/web/announcement/routes.js CHANGED Viewed

@@ -3,6 +3,9 @@ const api = require('../../api').endpoints;
 const {http} = require('@tryghost/api-framework');
 const shared = require('../shared');
+/**
+ * @returns {import('express').Router}
+ */
 module.exports = function apiRoutes() {
     const router = express.Router('announcements');

package/core/server/web/api/app.js CHANGED Viewed

@@ -5,6 +5,9 @@ const sentry = require('../../../shared/sentry');
 const errorHandler = require('@tryghost/mw-error-handler');
 const APIVersionCompatibilityService = require('../../services/api-version-compatibility');
+/**
+ * @returns {import('express').Application}
+ */
 module.exports = function setupApiApp() {
     debug('Parent API setup start');
     const apiApp = express('api');

package/core/server/web/api/endpoints/admin/app.js CHANGED Viewed

@@ -12,6 +12,9 @@ const routes = require('./routes');
 const APIVersionCompatibilityService = require('../../../../services/api-version-compatibility');
 const GhostNestApp = require('@tryghost/ghost');
+/**
+ * @returns {import('express').Application}
+ */
 module.exports = function setupApiApp() {
     debug('Admin API setup start');
     const apiApp = express('admin api');
@@ -35,7 +38,7 @@ module.exports = function setupApiApp() {
     // Routing
     apiApp.use(routes());
-    apiApp.use(async (req, res, next) => {
+    apiApp.use(async function nestApp(req, res, next) {
         if (labs.isSet('NestPlayground') || labs.isSet('ActivityPub')) {
             const originalExpressApp = req.app;
             const app = await GhostNestApp.getApp();

package/core/server/web/api/endpoints/admin/middleware.js CHANGED Viewed

@@ -8,6 +8,11 @@ const messages = {
     notImplemented: 'The server does not support the functionality required to fulfill the request.'
 };
+/**
+ * @param {import('express').Request} req
+ * @param {import('express').Response} res
+ * @param {import('express').NextFunction} next
+ */
 const notImplemented = function notImplemented(req, res, next) {
     // CASE: user is logged in, allow
     if (!req.api_key) {
@@ -59,12 +64,16 @@ const notImplemented = function notImplemented(req, res, next) {
     next(new errors.InternalServerError({
         errorType: 'NotImplementedError',
         message: tpl(messages.notImplemented),
-        statusCode: '501'
+        statusCode: 501
     }));
 };
+/** @typedef {import('express').RequestHandler} RequestHandler */
 /**
  * Authentication for private endpoints
+ *
+ * @type {RequestHandler[]}
  */
 module.exports.authAdminApi = [
     auth.authenticate.authenticateAdminApi,
@@ -79,6 +88,8 @@ module.exports.authAdminApi = [
 /**
  * Authentication for private endpoints with token in URL
  * Ex.: For scheduler publish endpoint
+ *
+ * @type {RequestHandler[]}
  */
 module.exports.authAdminApiWithUrl = [
     auth.authenticate.authenticateAdminApiWithUrl,
@@ -92,6 +103,8 @@ module.exports.authAdminApiWithUrl = [
 /**
  * Middleware for public admin endpoints
+ *
+ * @type {RequestHandler[]}
  */
 module.exports.publicAdminApi = [
     apiMw.cors,

package/core/server/web/api/endpoints/admin/routes.js CHANGED Viewed

@@ -7,6 +7,9 @@ const mw = require('./middleware');
 const shared = require('../../../shared');
 const labs = require('../../../../../shared/labs');
+/**
+ * @returns {import('express').Router}
+ */
 module.exports = function apiRoutes() {
     const router = express.Router('admin api');

package/core/server/web/api/endpoints/content/app.js CHANGED Viewed

@@ -9,6 +9,9 @@ const routes = require('./routes');
 const errorHandler = require('@tryghost/mw-error-handler');
 const apiVersionCompatibility = require('../../../../services/api-version-compatibility');
+/**
+ * @returns {import('express').Application}
+ */
 module.exports = function setupApiApp() {
     debug('Content API setup start');
     const apiApp = express('content api');

package/core/server/web/api/endpoints/content/middleware.js CHANGED Viewed

@@ -12,6 +12,8 @@ const shared = require('../../../shared');
 /**
  * Authentication for public endpoints
+ *
+ * @type {import('express').RequestHandler[]}
  */
 module.exports.authenticatePublic = [
     shared.middleware.brute.contentApiKey,

package/core/server/web/api/endpoints/content/routes.js CHANGED Viewed

@@ -5,6 +5,9 @@ const {http} = require('@tryghost/api-framework');
 const mw = require('./middleware');
 const config = require('../../../../../shared/config');
+/**
+ * @returns {import('express').Router}
+ */
 module.exports = function apiRoutes() {
     const router = express.Router('content api');

package/core/server/web/api/middleware/upload.js CHANGED Viewed

@@ -24,6 +24,10 @@ const messages = {
         missingFile: 'Please select a theme.',
         invalidFile: 'Please select a valid zip file.'
     },
+    members: {
+        missingFile: 'Please select a members CSV file.',
+        invalidFile: 'Please select a valid CSV file.'
+    },
     images: {
         missingFile: 'Please select an image.',
         invalidFile: 'Please select a valid image.'
@@ -58,6 +62,13 @@ const single = name => function singleUploadFunction(req, res, next) {
     singleUpload(req, res, (err) => {
         if (err) {
+            // Busboy, Multer or Dicer errors are usually caused by invalid file uploads
+            if (err instanceof multer.MulterError || err.stack?.includes('dicer') || err.stack?.includes('busboy')) {
+                return next(new errors.BadRequestError({
+                    err
+                }));
+            }
             return next(err);
         }
         if (enabledClear) {
@@ -94,6 +105,13 @@ const media = (fileName, thumbName) => function mediaUploadFunction(req, res, ne
     mediaUpload(req, res, (err) => {
         if (err) {
+            // Busboy, Multer or Dicer errors are usually caused by invalid file uploads
+            if (err instanceof multer.MulterError || err.stack?.includes('dicer') || err.stack?.includes('busboy')) {
+                return next(new errors.BadRequestError({
+                    err
+                }));
+            }
             return next(err);
         }
@@ -138,10 +156,16 @@ const checkFileIsValid = (fileData, types, extensions) => {
  *
  * @param {Object} options
  * @param {String} options.type - type of the file
- * @returns {Function}
+ * @returns {import('express').RequestHandler}
  */
 const validation = function ({type}) {
     // if we finish the data/importer logic, we forward the request to the specified importer
+    /**
+     * @param {import('express').Request} req
+     * @param {import('express').Response} res
+     * @param {import('express').NextFunction} next
+     */
     return function uploadValidation(req, res, next) {
         const extensions = (config.get('uploads')[type] && config.get('uploads')[type].extensions) || [];
         const contentTypes = (config.get('uploads')[type] && config.get('uploads')[type].contentTypes) || [];
@@ -174,7 +198,7 @@ const validation = function ({type}) {
  *
  * @param {Object} options
  * @param {String} options.type - type of the file
- * @returns {Function}
+ * @returns {import('express').RequestHandler}
  */
 const mediaValidation = function ({type}) {
     return function mediaUploadValidation(req, res, next) {

package/core/server/web/comments/routes.js CHANGED Viewed

@@ -7,6 +7,9 @@ const shared = require('../shared');
 const bodyParser = require('body-parser');
 const membersService = require('../../../server/services/members');
+/**
+ * @returns {import('express').Router}
+ */
 module.exports = function apiRoutes() {
     const router = express.Router('comment api');
     router.use(bodyParser.json({limit: '50mb'}));

package/core/server/web/members/app.js CHANGED Viewed

@@ -16,6 +16,9 @@ const api = require('../../api').endpoints;
 const commentRouter = require('../comments');
 const announcementRouter = require('../announcement');
+/**
+ * @returns {import('express').Application}
+ */
 module.exports = function setupMembersApp() {
     debug('Members App setup start');
     const membersApp = express('members');
@@ -61,11 +64,19 @@ module.exports = function setupMembersApp() {
         shared.middleware.brute.membersAuthEnumeration,
         // Prevent brute forcing passwords for the same email address
         shared.middleware.brute.membersAuth,
-        (req, res, next) => membersService.api.middleware.sendMagicLink(req, res, next)
+        function lazySendMagicLinkMw(req, res, next) {
+            return membersService.api.middleware.sendMagicLink(req, res, next);
+        }
     );
-    membersApp.post('/api/create-stripe-checkout-session', (req, res, next) => membersService.api.middleware.createCheckoutSession(req, res, next));
-    membersApp.post('/api/create-stripe-update-session', (req, res, next) => membersService.api.middleware.createCheckoutSetupSession(req, res, next));
-    membersApp.put('/api/subscriptions/:id', (req, res, next) => membersService.api.middleware.updateSubscription(req, res, next));
+    membersApp.post('/api/create-stripe-checkout-session', function lazyCreateCheckoutSessionMw(req, res, next) {
+        return membersService.api.middleware.createCheckoutSession(req, res, next);
+    });
+    membersApp.post('/api/create-stripe-update-session', function lazyCreateCheckoutSetupSessionMw(req, res, next) {
+        return membersService.api.middleware.createCheckoutSetupSession(req, res, next);
+    });
+    membersApp.put('/api/subscriptions/:id', function lazyUpdateSubscriptionMw(req, res, next) {
+        return membersService.api.middleware.updateSubscription(req, res, next);
+    });
     // Comments
     membersApp.use('/api/comments', commentRouter());

package/core/server/web/parent/app.js CHANGED Viewed

@@ -4,6 +4,9 @@ const express = require('../../../shared/express');
 const compress = require('compression');
 const mw = require('./middleware');
+/**
+ * @returns {import('express').Application}
+ */
 module.exports = function setupParentApp() {
     debug('ParentApp setup start');
     const parentApp = express('parent');

package/core/server/web/parent/backend.js CHANGED Viewed

@@ -4,7 +4,7 @@ const {BASE_API_PATH} = require('../../../shared/url-utils');
 /**
  *
- * @returns {import('express').RequestHandler}
+ * @returns {import('express').Application}
  */
 module.exports = () => {
     debug('BackendApp setup start');