npm - ghost - Versions diffs - 6.17.1 → 6.18.0 - Mend

ghost 6.17.1 → 6.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (217) hide show

package/core/server/services/email-address/email-address-service.ts CHANGED Viewed

@@ -24,6 +24,7 @@ export class EmailAddressService {
     #getDefaultEmail: () => EmailAddress;
     #getFallbackDomain: () => string | null;
     #getFallbackEmail: () => EmailAddress | null;
+    #getMembersSupportAddress: () => string;
     #isValidEmailAddress: (email: string) => boolean;
     constructor(dependencies: {
@@ -32,12 +33,14 @@ export class EmailAddressService {
         getFallbackDomain: () => string | null,
         getDefaultEmail: () => EmailAddress,
         getFallbackEmail: () => string | null,
+        getMembersSupportAddress: () => string,
         isValidEmailAddress: (email: string) => boolean
     }) {
         this.#getManagedEmailEnabled = dependencies.getManagedEmailEnabled;
         this.#getSendingDomain = dependencies.getSendingDomain;
         this.#getFallbackDomain = dependencies.getFallbackDomain;
         this.#getDefaultEmail = dependencies.getDefaultEmail;
+        this.#getMembersSupportAddress = dependencies.getMembersSupportAddress;
         this.#getFallbackEmail = () => {
             const fallbackAddress = dependencies.getFallbackEmail();
             if (!fallbackAddress) {
@@ -68,6 +71,16 @@ export class EmailAddressService {
         return this.#getFallbackEmail();
     }
+    /**
+     * Get the actual sender address for member emails after DMARC transformation.
+     * On managed platforms, this may differ from the configured support address to ensure DMARC compliance.
+     */
+    getMembersSupportAddress(): string {
+        const configuredAddress = this.#getMembersSupportAddress();
+        const transformed = this.getAddressFromString(configuredAddress);
+        return transformed.from.address;
+    }
     getAddressFromString(from: string, replyTo?: string): EmailAddresses {
         const parsedFrom = EmailAddressParser.parse(from);
         const parsedReplyTo = replyTo ? EmailAddressParser.parse(replyTo) : undefined;

package/core/server/services/koenig/node-renderers/transistor-renderer.js CHANGED Viewed

@@ -16,14 +16,9 @@ function renderTransistorNode(node, options = {}) {
 function frontendTemplate(node, document, options) {
     const figure = document.createElement('figure');
     figure.setAttribute('class', 'kg-card kg-transistor-card');
-    const memberUuid = options.memberUuid;
-    if (!memberUuid) {
-        // Transistor does not support public/non-member embeds for now, so we return null
-        return null;
-    }
-    const embedUrl = new URL(`https://partner.transistor.fm/ghost/embed/${memberUuid}`);
+    // Use {uuid} placeholder - content.js will substitute with member UUID at request time
+    const embedUrl = new URL(`https://partner.transistor.fm/ghost/embed/{uuid}`);
     if (node.accentColor) {
         embedUrl.searchParams.set('color', node.accentColor.replace(/^#/, ''));
@@ -34,7 +29,7 @@ function frontendTemplate(node, document, options) {
     const iframe = document.createElement('iframe');
     iframe.setAttribute('width', '100%');
-    iframe.setAttribute('height', '400');
+    iframe.setAttribute('height', '325');
     iframe.setAttribute('title', 'Transistor podcasts');
     iframe.setAttribute('frameborder', 'no');
     iframe.setAttribute('scrolling', 'no');

package/core/server/services/lib/member-signup-contexts.js ADDED Viewed

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SIGNUP_CONTEXTS = void 0;
+exports.canWelcomeEmailReplaceSignupPaidEmail = canWelcomeEmailReplaceSignupPaidEmail;
+// Signup context describes the sign-in state when the Stripe checkout session is created.
+// NEEDS_MAGIC_LINK_EMAIL: No guaranteed sign-in path exists yet (custom/direct checkout paths).
+// HAS_PRECHECKOUT_MAGIC_LINK: Ghost generated a signup magic-link before Stripe (standard Portal flow).
+// ALREADY_AUTHENTICATED: Request came from a signed-in member identity (for example, opening a paid signup link directly).
+exports.SIGNUP_CONTEXTS = {
+    NEEDS_MAGIC_LINK_EMAIL: 'needs_magic_link_email',
+    HAS_PRECHECKOUT_MAGIC_LINK: 'has_precheckout_magic_link',
+    ALREADY_AUTHENTICATED: 'already_authenticated'
+};
+/**
+ * Signup-paid email can be skipped when welcome email is active only if
+ * checkout already has a reliable sign-in path.
+ *
+ * - HAS_PRECHECKOUT_MAGIC_LINK: standard Portal flow generated signup link before Stripe
+ * - ALREADY_AUTHENTICATED: checkout request came from an already signed-in member
+ */
+function canWelcomeEmailReplaceSignupPaidEmail(signupContext) {
+    return signupContext === exports.SIGNUP_CONTEXTS.HAS_PRECHECKOUT_MAGIC_LINK || signupContext === exports.SIGNUP_CONTEXTS.ALREADY_AUTHENTICATED;
+}

package/core/server/services/lib/member-signup-contexts.ts ADDED Viewed

@@ -0,0 +1,22 @@
+// Signup context describes the sign-in state when the Stripe checkout session is created.
+// NEEDS_MAGIC_LINK_EMAIL: No guaranteed sign-in path exists yet (custom/direct checkout paths).
+// HAS_PRECHECKOUT_MAGIC_LINK: Ghost generated a signup magic-link before Stripe (standard Portal flow).
+// ALREADY_AUTHENTICATED: Request came from a signed-in member identity (for example, opening a paid signup link directly).
+export const SIGNUP_CONTEXTS = {
+    NEEDS_MAGIC_LINK_EMAIL: 'needs_magic_link_email',
+    HAS_PRECHECKOUT_MAGIC_LINK: 'has_precheckout_magic_link',
+    ALREADY_AUTHENTICATED: 'already_authenticated'
+} as const;
+export type SignupContext = typeof SIGNUP_CONTEXTS[keyof typeof SIGNUP_CONTEXTS];
+/**
+ * Signup-paid email can be skipped when welcome email is active only if
+ * checkout already has a reliable sign-in path.
+ *
+ * - HAS_PRECHECKOUT_MAGIC_LINK: standard Portal flow generated signup link before Stripe
+ * - ALREADY_AUTHENTICATED: checkout request came from an already signed-in member
+ */
+export function canWelcomeEmailReplaceSignupPaidEmail(signupContext?: SignupContext) {
+    return signupContext === SIGNUP_CONTEXTS.HAS_PRECHECKOUT_MAGIC_LINK || signupContext === SIGNUP_CONTEXTS.ALREADY_AUTHENTICATED;
+}

package/core/server/services/member-welcome-emails/member-welcome-email-renderer.js CHANGED Viewed

@@ -53,14 +53,12 @@ class MemberWelcomeEmailRenderer {
      * Applies replacement tokens to a string
      * Supports fallback values: {first_name, "friend"} renders "friend" if name is empty
      * @param {Object} options
+     * @param {{id: string, getValue: () => string|undefined}[]} options.definitions - Replacement token definitions
      * @param {string} options.text - The text to process (content body or subject line)
-     * @param {Object} options.member - Member data
-     * @param {Object} options.siteSettings - Site settings
      * @param {boolean} [options.escapeHtml=false] - Whether to HTML-escape replaced values
      * @returns {string}
      */
-    #applyReplacements({text, member, siteSettings, escapeHtml = false}) {
-        const definitions = this.#buildReplacementDefinitions({member, siteSettings});
+    #applyReplacements({definitions, text, escapeHtml = false}) {
         let processed = wrapReplacementStrings(text);
         processed = processed.replace(REPLACEMENT_REGEX, (match, property, fallback) => {
@@ -96,8 +94,17 @@ class MemberWelcomeEmailRenderer {
             });
         }
-        const contentWithReplacements = this.#applyReplacements({text: content, member, siteSettings, escapeHtml: true});
-        const subjectWithReplacements = this.#applyReplacements({text: subject, member, siteSettings, escapeHtml: false});
+        const definitions = this.#buildReplacementDefinitions({member, siteSettings});
+        // Remove <code> wrappers around replacement strings (Lexical treats curly braces as inline code)
+        const tokenIds = definitions.map(d => d.id).join('|');
+        content = content.replace(
+            new RegExp(`<code>(\\{(?:${tokenIds})(?:\\s*,?\\s*"[^"]*")?\\})<\\/code>`, 'g'),
+            '$1'
+        );
+        const contentWithReplacements = this.#applyReplacements({definitions, text: content, escapeHtml: true});
+        const subjectWithReplacements = this.#applyReplacements({definitions, text: subject, escapeHtml: false});
         const managePreferencesUrl = new URL('#/portal/account/newsletters', siteSettings.url).href;
         const year = new Date().getFullYear();
@@ -124,4 +131,3 @@ class MemberWelcomeEmailRenderer {
 }
 module.exports = MemberWelcomeEmailRenderer;

package/core/server/services/member-welcome-emails/service.js CHANGED Viewed

@@ -2,7 +2,6 @@ const logging = require('@tryghost/logging');
 const errors = require('@tryghost/errors');
 const urlUtils = require('../../../shared/url-utils');
 const settingsCache = require('../../../shared/settings-cache');
-const config = require('../../../shared/config');
 const emailAddressService = require('../email-address');
 const mail = require('../mail');
 // @ts-expect-error type checker has trouble with the dynamic exporting in models
@@ -50,8 +49,14 @@ class MemberWelcomeEmailService {
     }
     async send({member, memberStatus}) {
+        if (!member.email) {
+            throw new errors.IncorrectUsageError({
+                message: MESSAGES.MISSING_RECIPIENT_EMAIL
+            });
+        }
         const name = member?.name ? `${member.name} at ` : '';
-        logging.info(`${MEMBER_WELCOME_EMAIL_LOG_KEY} Sending welcome email to ${name}${member?.email}`);
+        logging.info(`${MEMBER_WELCOME_EMAIL_LOG_KEY} Sending welcome email to ${name}${member.email}`);
         const memberWelcomeEmail = this.#memberWelcomeEmails[memberStatus];
@@ -77,17 +82,8 @@ class MemberWelcomeEmailService {
             siteSettings: this.#getSiteSettings()
         });
-        const testInbox = config.get('memberWelcomeEmailTestInbox');
-        const toEmail = testInbox || member.email;
-        if (!toEmail) {
-            throw new errors.IncorrectUsageError({
-                message: MESSAGES.MISSING_RECIPIENT_EMAIL
-            });
-        }
         await this.#mailer.send({
-            to: toEmail,
+            to: member.email,
             subject,
             html,
             text,

package/core/server/services/members/api.js CHANGED Viewed

@@ -19,6 +19,7 @@ const newslettersService = require('../newsletters');
 const memberAttributionService = require('../member-attribution');
 const emailSuppressionList = require('../email-suppression-list');
 const commentsService = require('../comments');
+const emailAddressService = require('../email-address');
 const {t} = require('../i18n');
 const sentry = require('../../../shared/sentry');
@@ -254,7 +255,8 @@ function createApiInstance(config) {
         sentry,
         settingsHelpers,
         urlUtils,
-        commentsService
+        commentsService,
+        emailAddressService: emailAddressService.service
     });
     return membersApiInstance;

package/core/server/services/members/members-api/controllers/router-controller.js CHANGED Viewed

@@ -7,6 +7,8 @@ const errors = require('@tryghost/errors');
 const {isEmail} = require('@tryghost/validator');
 const normalizeEmail = require('../utils/normalize-email');
 const {getInboxLinks} = require('../../../../lib/get-inbox-links');
+const {SIGNUP_CONTEXTS} = require('../../../lib/member-signup-contexts');
+/** @typedef {import('../../../lib/member-signup-contexts').SignupContext} SignupContext */
 const messages = {
     emailRequired: 'Email is required.',
@@ -75,6 +77,7 @@ module.exports = class RouterController {
      * @param {any} deps.settingsCache
      * @param {any} deps.settingsHelpers
      * @param {any} deps.urlUtils
+     * @param {any} deps.emailAddressService
      */
     constructor({
         offersAPI,
@@ -93,7 +96,8 @@ module.exports = class RouterController {
         sentry,
         settingsCache,
         settingsHelpers,
-        urlUtils
+        urlUtils,
+        emailAddressService
     }) {
         this._offersAPI = offersAPI;
         this._paymentsService = paymentsService;
@@ -112,6 +116,7 @@ module.exports = class RouterController {
         this._settingsCache = settingsCache;
         this._settingsHelpers = settingsHelpers;
         this._urlUtils = urlUtils;
+        this._emailAddressService = emailAddressService;
     }
     async ensureStripe(_req, res, next) {
@@ -389,6 +394,12 @@ module.exports = class RouterController {
                 });
             }
+            if (!offer.tier) {
+                throw new BadRequestError({
+                    message: 'Offer does not have a tier'
+                });
+            }
             tier = await this._tiersService.api.read(offer.tier.id);
             cadence = offer.cadence;
         } else if (tierId) {
@@ -466,6 +477,8 @@ module.exports = class RouterController {
         }
         const member = options.member;
+        /** @type {SignupContext} */
+        let ghostSignupContext = (options.isAuthenticated && member) ? SIGNUP_CONTEXTS.ALREADY_AUTHENTICATED : SIGNUP_CONTEXTS.NEEDS_MAGIC_LINK_EMAIL;
         if (!member && options.email) {
             // Create a signup link if there is no member with this email address
@@ -482,6 +495,7 @@ module.exports = class RouterController {
                 // Redirect to the original success url after sign up
                 referrer: options.successUrl
             });
+            ghostSignupContext = SIGNUP_CONTEXTS.HAS_PRECHECKOUT_MAGIC_LINK;
         }
         if (member) {
@@ -506,6 +520,9 @@ module.exports = class RouterController {
             }
         }
+        // Set by server to distinguish between checkout flows in Stripe webhooks.
+        options.metadata.ghostSignupContext = ghostSignupContext;
         try {
             const paymentLink = await this._paymentsService.getPaymentLink(options);
@@ -733,7 +750,7 @@ module.exports = class RouterController {
             const inboxLinks = await getInboxLinks({
                 recipient: normalizedEmail,
-                sender: this._settingsHelpers.getMembersSupportAddress(),
+                sender: this._emailAddressService.getMembersSupportAddress(),
                 dnsResolver: this.#inboxLinksDnsResolver
             });
             if (inboxLinks) {

package/core/server/services/members/members-api/members-api.js CHANGED Viewed

@@ -79,7 +79,8 @@ module.exports = function MembersAPI({
     sentry,
     settingsHelpers,
     urlUtils,
-    commentsService
+    commentsService,
+    emailAddressService
 }) {
     const tokenService = new TokenService({
         privateKey,
@@ -213,7 +214,8 @@ module.exports = function MembersAPI({
         settingsCache,
         settingsHelpers,
         sentry,
-        urlUtils
+        urlUtils,
+        emailAddressService
     });
     const wellKnownController = new WellKnownController({

package/core/server/services/members/members-api/repositories/member-repository.js CHANGED Viewed

@@ -1769,7 +1769,7 @@ module.exports = class MemberRepository {
             });
         }
-        if (offer.tier.id !== tierId) {
+        if (offer.tier && offer.tier.id !== tierId) {
             throw new errors.BadRequestError({
                 message: tpl(messages.offerTierMismatch)
             });

package/core/server/services/members/members-api/services/payments-service.js CHANGED Viewed

@@ -72,6 +72,11 @@ class PaymentsService {
         let coupon = null;
         let trialDays = null;
         if (offer) {
+            if (!offer.tier) {
+                throw new BadRequestError({
+                    message: 'Offer does not have a tier'
+                });
+            }
             if (!tier.id.equals(offer.tier.id)) {
                 throw new BadRequestError({
                     message: 'This Offer is not valid for the Tier'

package/core/server/services/oembed/oembed-service.js CHANGED Viewed

@@ -10,7 +10,7 @@ const iconv = require('iconv-lite');
 const path = require('path');
 // Some sites block non-standard user agents so we need to mimic a typical browser
-const USER_AGENT = 'Mozilla/5.0 (compatible; Ghost/5.0; +https://ghost.org/)';
+const USER_AGENT = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36';
 const messages = {
     noUrlProvided: 'No url provided.',

package/core/server/services/offers/application/offer-mapper.js CHANGED Viewed

@@ -26,9 +26,9 @@
  * @prop {number} redemption_count
  * @prop {'signup'|'retention'} redemption_type
  *
- * @prop {object} tier
- * @prop {string} tier.id
- * @prop {string} tier.name
+ * @prop {object|null} tier
+ * @prop {string} [tier.id]
+ * @prop {string} [tier.name]
  * @prop {string} created_at
  * @prop {string|null} last_redeemed
  */
@@ -55,10 +55,9 @@ class OfferMapper {
             status: offer.status.value,
             redemption_count: offer.redemptionCount,
             redemption_type: offer.redemptionType.value,
-            tier: {
-                id: offer.tier.id,
-                name: offer.tier.name
-            },
+            tier: offer.tier
+                ? {id: offer.tier.id, name: offer.tier.name}
+                : null,
             created_at: offer.createdAt,
             last_redeemed: offer.lastRedeemed
         };

package/core/server/services/offers/application/offers-api.js CHANGED Viewed

@@ -165,12 +165,12 @@ class OffersAPI {
                 return [];
             }
-            // Filter by tier and cadence
-            let available = allOffers.filter(offer => offer.tier.id === tierId && offer.cadence.value === cadence);
+            // Filter by tier and cadence - Null-tier offers (retention) match any tier with the correct cadence
+            let available = allOffers.filter(offer => (offer.tier === null || offer.tier.id === tierId) && offer.cadence.value === cadence);
             debug(`listOffersAvailableToSubscription: ${available.length} offers match tier and cadence`);
             if (available.length === 0) {
-                const tierIds = [...new Set(allOffers.map(o => o.tier.id))];
+                const tierIds = [...new Set(allOffers.filter(o => o.tier !== null).map(o => o.tier.id))];
                 const cadences = [...new Set(allOffers.map(o => o.cadence.value))];
                 debug(`listOffersAvailableToSubscription: no offers match - available tiers: [${tierIds.join(', ')}], available cadences: [${cadences.join(', ')}]`);

package/core/server/services/offers/domain/errors/index.js CHANGED Viewed

@@ -18,6 +18,7 @@ class InvalidOfferCode extends InvalidPropError {}
 class InvalidOfferType extends InvalidPropError {}
 class InvalidOfferAmount extends InvalidPropError {}
 class InvalidOfferCurrency extends InvalidPropError {}
+class InvalidOfferTier extends InvalidPropError {}
 class InvalidOfferTierName extends InvalidPropError {}
 class InvalidOfferCadence extends InvalidPropError {}
 class InvalidOfferDuration extends InvalidPropError {}
@@ -36,6 +37,7 @@ module.exports = {
     InvalidOfferCurrency,
     InvalidOfferCadence,
     InvalidOfferDuration,
+    InvalidOfferTier,
     InvalidOfferTierName,
     InvalidOfferCoupon,
     InvalidOfferStatus,

package/core/server/services/offers/domain/models/offer.js CHANGED Viewed

@@ -31,7 +31,7 @@ const StripeCoupon = require('./stripe-coupon');
  * @prop {OfferCurrency} [currency]
  * @prop {OfferStatus} status
  * @prop {string|null} [stripeCouponId]
- * @prop {OfferTier} tier
+ * @prop {OfferTier|null} tier
  * @prop {number} redemptionCount
  * @prop {OfferRedemptionType} redemptionType
  * @prop {string} createdAt
@@ -55,7 +55,7 @@ const StripeCoupon = require('./stripe-coupon');
  * @prop {string} [stripe_coupon_id]
  * @prop {number} [redemptionCount]
  * @prop {string} [redemption_type]
- * @prop {TierProps|OfferTier} tier
+ * @prop {TierProps|OfferTier|null} tier
  * @prop {Date} [created_at]
  * @prop {Date} [last_redeemed]
  */
@@ -356,8 +356,20 @@ class Offer {
             }
         }
-        const tier = OfferTier.create(data.tier);
         const redemptionType = OfferRedemptionType.create(data.redemption_type || 'signup');
+        const tier = data.tier ? OfferTier.create(data.tier) : null;
+        if (redemptionType.value === 'signup' && !tier) {
+            throw new errors.InvalidOfferTier({
+                message: 'Signup offers must be associated with a tier'
+            });
+        }
+        if (redemptionType.value === 'retention' && tier) {
+            throw new errors.InvalidOfferTier({
+                message: 'Retention offers cannot be associated with a specific tier'
+            });
+        }
         return new Offer({
             id,

package/core/server/services/offers/offer-bookshelf-repository.js CHANGED Viewed

@@ -125,10 +125,9 @@ class OfferBookshelfRepository {
                 redemptionCount: count,
                 redemption_type: json.redemption_type,
                 status: json.active ? 'active' : 'archived',
-                tier: {
-                    id: json.product.id,
-                    name: json.product.name
-                },
+                tier: json.product && json.product.id
+                    ? {id: json.product.id, name: json.product.name}
+                    : null,
                 created_at: json.created_at,
                 last_redeemed: lastRedeemedObject.length > 0 ? lastRedeemedObject[0].created_at : null
             }, null);
@@ -225,7 +224,7 @@ class OfferBookshelfRepository {
             discount_type: offer.type.value === 'fixed' ? 'amount' : offer.type.value,
             discount_amount: offer.amount.value,
             interval: offer.cadence.value,
-            product_id: offer.tier.id,
+            product_id: offer.tier ? offer.tier.id : null,
             duration: offer.duration.value.type,
             duration_in_months: offer.duration.value.type === 'repeating' ? offer.duration.value.months : null,
             currency: offer.currency ? offer.currency.value : null,

package/core/server/services/stats/utils/tinybird.js CHANGED Viewed

@@ -19,6 +19,7 @@ const create = ({config, request, settingsCache, tinybirdService}) => {
      * @param {string} [options.timezone] - Timezone for the query
      * @param {string} [options.memberStatus] - Member status filter (defaults to 'all')
      * @param {string} [options.postType] - Post type filter
+     * @param {string} [options.version] - Version override (e.g., 'v3') - bypasses config version
      * @returns {Object} Object with URL and request options
      */
     const buildRequest = (pipeName, options = {}) => {
@@ -32,9 +33,10 @@ const create = ({config, request, settingsCache, tinybirdService}) => {
         const tokenData = tinybirdService.getToken();
         const token = tokenData?.token;
-        // Use version from config if provided for constructing the URL
+        // Use version from options if provided, otherwise fall back to config
         // Pattern: api_kpis -> api_kpis_v2 (single underscore + version)
-        const version = statsConfig?.version;
+        // Pass empty string to force unversioned endpoint
+        const version = options.version !== undefined ? options.version : statsConfig?.version;
         const pipeUrl = version ?
             `/v0/pipes/${pipeName}_${version}.json` :
             `/v0/pipes/${pipeName}.json`;
@@ -64,7 +66,7 @@ const create = ({config, request, settingsCache, tinybirdService}) => {
         }
         // Add any other options that might be needed
         Object.entries(options).forEach(([key, value]) => {
-            if (!['dateFrom', 'dateTo', 'timezone', 'memberStatus', 'postType'].includes(key) && value !== undefined && value !== null) {
+            if (!['dateFrom', 'dateTo', 'timezone', 'memberStatus', 'postType', 'version'].includes(key) && value !== undefined && value !== null) {
                 // Convert camelCase to snake_case for Tinybird API
                 const snakeKey = key.replace(/[A-Z]/g, letter => `_${letter.toLowerCase()}`);
                 // Handle arrays by converting them to comma-separated strings for Tinybird

package/core/server/services/stripe/services/webhook/checkout-session-event-service.js CHANGED Viewed

@@ -1,6 +1,10 @@
 const _ = require('lodash');
 const errors = require('@tryghost/errors');
 const logging = require('@tryghost/logging');
+const {
+    canWelcomeEmailReplaceSignupPaidEmail
+} = require('../../../lib/member-signup-contexts');
+/** @typedef {import('../../../lib/member-signup-contexts').SignupContext} SignupContext */
 /**
  * Handles `checkout.session.completed` webhook events
@@ -24,6 +28,7 @@ module.exports = class CheckoutSessionEventService {
      * @param {object} deps.donationRepository
      * @param {object} deps.staffServiceEmails
      * @param {function} deps.sendSignupEmail
+     * @param {function} deps.isPaidWelcomeEmailActive
      */
     constructor(deps) {
         this.api = deps.api;
@@ -260,7 +265,18 @@ module.exports = class CheckoutSessionEventService {
         }
         if (checkoutType !== 'upgrade') {
-            this.deps.sendSignupEmail(customer.email);
+            const ghostSignupContext = /** @type {SignupContext | undefined} */ (session.metadata?.ghostSignupContext);
+            const shouldSkipSignupEmailWhenWelcomeEmailActive = canWelcomeEmailReplaceSignupPaidEmail(ghostSignupContext);
+            if (shouldSkipSignupEmailWhenWelcomeEmailActive) {
+                const isPaidWelcomeEmailActive = await this.deps.isPaidWelcomeEmailActive();
+                if (!isPaidWelcomeEmailActive) {
+                    this.deps.sendSignupEmail(customer.email);
+                }
+            } else {
+                // Direct checkout flows do not have a pre-checkout sign-in path.
+                this.deps.sendSignupEmail(customer.email);
+            }
         }
     }
 };

package/core/server/services/stripe/stripe-service.js CHANGED Viewed

@@ -8,6 +8,7 @@ const {StripeLiveEnabledEvent, StripeLiveDisabledEvent} = require('./events');
 const SubscriptionEventService = require('./services/webhook/subscription-event-service');
 const InvoiceEventService = require('./services/webhook/invoice-event-service');
 const CheckoutSessionEventService = require('./services/webhook/checkout-session-event-service');
+const memberWelcomeEmailService = require('../member-welcome-emails/service');
 /**
  * @typedef {object} IStripeServiceConfig
@@ -120,6 +121,13 @@ module.exports = class StripeService {
                     },
                     tokenData: {}
                 });
+            },
+            async isPaidWelcomeEmailActive() {
+                if (!labs.isSet('welcomeEmails')) {
+                    return false;
+                }
+                memberWelcomeEmailService.init();
+                return memberWelcomeEmailService.api.isMemberWelcomeEmailActive('paid');
             }
         });

package/core/shared/config/defaults.json CHANGED Viewed

@@ -186,6 +186,12 @@
         },
         "theme": {
             "maxAge": 31536000
+        },
+        "assets": {
+            "contentBasedHash": {
+                "enabled": false,
+                "maxSize": 100000
+            }
         }
     },
     "optimization": {

package/core/shared/labs.js CHANGED Viewed

@@ -27,7 +27,9 @@ const GA_FEATURES = [
     'explore',
     'inboxlinks',
     'commentModeration',
-    'commentPermalinks'
+    'commentPermalinks',
+    'featurebaseFeedback',
+    'welcomeEmails'
 ];
 // These features are considered publicly available and can be enabled/disabled by users
@@ -48,10 +50,8 @@ const PRIVATE_FEATURES = [
     'emailCustomization',
     'tagsX',
     'emailUniqueid',
-    'welcomeEmails',
     'themeTranslation',
     'indexnow',
-    'featurebaseFeedback',
     'transistor'
 ];

package/core/shared/url-utils.js CHANGED Viewed

@@ -8,7 +8,8 @@ const urlUtils = new UrlUtils({
     getAdminUrl: config.getAdminUrl,
     assetBaseUrls: {
         media: config.get('urls:media'),
-        files: config.get('urls:files')
+        files: config.get('urls:files'),
+        image: config.get('urls:image')
     },
     slugs: config.get('slugs').protected,
     redirectCacheMaxAge: config.get('caching:301:maxAge'),