ghost 6.3.0 → 6.4.0

package/core/server/api/endpoints/utils/serializers/output/utils/extra-attrs.js

@@ -8,12 +8,18 @@ const readingMinutes = require('@tryghost/helpers').utils.readingMinutes;
  * @returns {void} - modifies attrs
  */
 module.exports.forPost = (options, model, attrs) => {
+    // requested via `columns`
     const columnsIncludesCustomExcerpt = options.columns?.includes('custom_excerpt');
     const columnsIncludesExcerpt = options.columns?.includes('excerpt');
     const columnsIncludesPlaintext = options.columns?.includes('plaintext');
     const columnsIncludesReadingTime = options.columns?.includes('reading_time');
+
+    // requested via `formats`
     const formatsIncludesPlaintext = options.formats?.includes('plaintext');
 
+    // no columns requested
+    const noColumnsRequested = !Object.prototype.hasOwnProperty.call(options, 'columns');
+
     // 1. Gets excerpt from post's plaintext. If custom_excerpt exists, it overrides the excerpt but the key remains excerpt.
     if (columnsIncludesExcerpt) {
         if (!attrs.custom_excerpt) {
@@ -32,7 +38,6 @@ module.exports.forPost = (options, model, attrs) => {
         }
     }
 
-    // 2. Displays plaintext if requested via `columns` or `formats`
     if (columnsIncludesPlaintext || formatsIncludesPlaintext) {
         let plaintext = model.get('plaintext');
         if (plaintext) {
@@ -43,7 +48,7 @@ module.exports.forPost = (options, model, attrs) => {
     }
 
     // 3. Displays excerpt if no columns was requested - specifically needed for the Admin Posts API
-    if (!Object.prototype.hasOwnProperty.call(options, 'columns')) {
+    if (noColumnsRequested) {
         let customExcerpt = model.get('custom_excerpt');
 
         if (customExcerpt !== null) {
@@ -59,7 +64,7 @@ module.exports.forPost = (options, model, attrs) => {
     }
 
     // 4. Add `reading_time` if no columns were requested, or if `reading_time` was requested via `columns`
-    if (!Object.prototype.hasOwnProperty.call(options, 'columns') || columnsIncludesReadingTime) {
+    if (noColumnsRequested || columnsIncludesReadingTime) {
         if (attrs.html) {
             let additionalImages = 0;
 

package/core/server/data/migrations/versions/6.4/2025-10-13-10-18-38-add-tokens-otc-used-count-column.js

@@ -0,0 +1,8 @@
+const {createAddColumnMigration} = require('../../utils');
+
+module.exports = createAddColumnMigration('tokens', 'otc_used_count', {
+    type: 'integer',
+    nullable: false,
+    unsigned: true,
+    defaultTo: 0
+});

package/core/server/data/schema/schema.js

@@ -1,7 +1,7 @@
 /* String Column Sizes Information
  * (From: https://github.com/TryGhost/Ghost/pull/7932)
  * New/Updated column maxlengths should meet these guidlines
- * 
+ *
  * Small strings = length 50
  * Medium strings = length 191
  * Large strings = length 2000 (use soft limits via validation for 191-2000)
@@ -925,7 +925,8 @@ module.exports = {
         created_at: {type: 'dateTime', nullable: false},
         updated_at: {type: 'dateTime', nullable: true},
         first_used_at: {type: 'dateTime', nullable: true},
-        used_count: {type: 'integer', nullable: false, unsigned: true, defaultTo: 0}
+        used_count: {type: 'integer', nullable: false, unsigned: true, defaultTo: 0},
+        otc_used_count: {type: 'integer', nullable: false, unsigned: true, defaultTo: 0}
     },
     snippets: {
         id: {type: 'string', maxlength: 24, nullable: false, primary: true},

package/core/server/models/single-use-token.js

@@ -7,6 +7,7 @@ const SingleUseToken = ghostBookshelf.Model.extend({
     defaults() {
         return {
             used_count: 0,
+            otc_used_count: 0,
             uuid: crypto.randomUUID(),
             token: crypto
                 .randomBytes(192 / 8)

package/core/server/services/email-service/email-templates/template.hbs

@@ -9,12 +9,10 @@
     </head>
     <body>
         <span class="preheader">{{preheader}}</span>
-        {{#hasFeature 'emailCustomization'}}
         <!-- SPACING TO AVOID BODY TEXT BEING DUPLICATED IN PREVIEW TEXT -->
         <div style="display:none; max-height:0; overflow:hidden; mso-hide: all;" aria-hidden="true" role="presentation">
             {{{preheaderSpacing}}}
         </div>
-        {{/hasFeature}}
 
         <!-- HEADER WITH FULL-WIDTH BACKGROUND -->
         {{#if hasHeaderContent}}

package/core/server/services/lib/MailgunClient.js

@@ -68,7 +68,8 @@ module.exports = class MailgunClient {
                 html: messageContent.html,
                 text: messageContent.plaintext,
                 'recipient-variables': JSON.stringify(recipientData),
-                'h:Sender': message.from
+                'h:Sender': message.from,
+                'h:Auto-Submitted': 'auto-generated'
             };
 
             // Do we have a custom List-Unsubscribe header set?

package/core/server/services/lib/magic-link/MagicLink.js

@@ -243,4 +243,3 @@ function defaultGetSubject(type, otc) {
 }
 
 module.exports = MagicLink;
-module.exports.JWTTokenProvider = require('./JWTTokenProvider');

package/core/server/services/mail/GhostMailer.js

@@ -17,6 +17,7 @@ const messages = {
     messageSent: 'Message sent. Double check inbox and spam folder!'
 };
 const EmailAddressParser = require('../email-address/EmailAddressParser');
+const DEFAULT_TAGS = ['ghost-email', 'transactional-email'];
 
 function getDomain() {
     const domain = urlUtils.urlFor('home', true).match(new RegExp('^https?://([^/:?#]+)(?:[/:?#]|$)', 'i'));
@@ -129,6 +130,15 @@ module.exports = class GhostMailer {
         }
 
         const messageToSend = createMessage(message);
+        if (this.state.usingMailgun) {
+            const tags = this.getTags();
+            if (tags.length > 0) {
+                messageToSend['o:tag'] = tags;
+            }
+            if (settingsCache.get('emailTrackOpens')) {
+                messageToSend['o:tracking-opens'] = true;
+            }
+        }
 
         const response = await this.sendMail(messageToSend);
 
@@ -184,4 +194,15 @@ module.exports = class GhostMailer {
 
         return tpl(messages.messageSent);
     }
+
+    getTags() {
+        const tagList = [...DEFAULT_TAGS];
+
+        const siteId = config.get('hostSettings:siteId');
+        if (siteId) {
+            tagList.push(`blog-${siteId}`);
+        }
+
+        return tagList;
+    }
 };

package/core/server/services/members/SingleUseTokenProvider.js

@@ -9,6 +9,7 @@ const messages = {
     INVALID_OTC_VERIFICATION_HASH: 'Invalid OTC verification hash',
     INVALID_TOKEN: 'Invalid token provided',
     TOKEN_EXPIRED: 'Token expired',
+    OTC_EXPIRED: 'One-time code expired',
     DERIVE_OTC_MISSING_INPUT: 'tokenId and tokenValue are required'
 };
 
@@ -56,7 +57,7 @@ class SingleUseTokenProvider {
      * @param {Object} [options.transacting] - Database transaction object
      * @param {string} [options.otcVerification] - OTC verification hash for additional validation
      *
-     * @returns {Promise<Object<string, any>>}
+     * @returns {Promise<Object<string, unknown>>}
      */
     async validate(token, options = {}) {
         if (!options.transacting) {
@@ -68,66 +69,13 @@ class SingleUseTokenProvider {
             });
         }
 
-        if (options.otcVerification) {
-            const isValidOTCVerification = await this._validateOTCVerificationHash(options.otcVerification, token);
-            if (!isValidOTCVerification) {
-                throw new ValidationError({
-                    message: tpl(messages.INVALID_OTC_VERIFICATION_HASH),
-                    code: 'INVALID_OTC_VERIFICATION_HASH'
-                });
-            }
-        }
-
-        const model = await this.model.findOne({token}, {transacting: options.transacting, forUpdate: true});
-
-        if (!model) {
-            throw new ValidationError({
-                message: tpl(messages.INVALID_TOKEN),
-                code: 'INVALID_TOKEN'
-            });
-        }
-
-        if (model.get('used_count') >= this.maxUsageCount) {
-            throw new ValidationError({
-                message: tpl(messages.TOKEN_EXPIRED),
-                code: 'TOKEN_EXPIRED'
-            });
-        }
-
-        const createdAtEpoch = model.get('created_at').getTime();
-        const firstUsedAtEpoch = model.get('first_used_at')?.getTime() ?? createdAtEpoch;
-
-        // Is this token already used?
-        if (model.get('used_count') > 0) {
-            const timeSinceFirstUsage = Date.now() - firstUsedAtEpoch;
-
-            if (timeSinceFirstUsage > this.validityPeriodAfterUsage) {
-                throw new ValidationError({
-                    message: tpl(messages.TOKEN_EXPIRED),
-                    code: 'TOKEN_EXPIRED'
-                });
-            }
-        }
-        const tokenLifetimeMilliseconds = Date.now() - createdAtEpoch;
-
-        if (tokenLifetimeMilliseconds > this.validityPeriod) {
-            throw new ValidationError({
-                message: tpl(messages.TOKEN_EXPIRED),
-                code: 'TOKEN_EXPIRED'
-            });
-        }
+        const model = await this._findAndLockTokenModel(token, options.transacting);
 
-        if (!model.get('first_used_at')) {
-            await model.save({
-                first_used_at: new Date(),
-                updated_at: new Date(),
-                used_count: model.get('used_count') + 1
-            }, {autoRefresh: false, patch: true, transacting: options.transacting});
+        if (options.otcVerification) {
+            await this._validateOTCVerificationHash(options.otcVerification, model.get('token'));
+            await this._validateOTCUsageLimit(model, options.transacting);
         } else {
-            await model.save({
-                used_count: model.get('used_count') + 1,
-                updated_at: new Date()
-            }, {autoRefresh: false, patch: true, transacting: options.transacting});
+            await this._validateUsageLimit(model, options.transacting);
         }
 
         try {
@@ -137,6 +85,40 @@ class SingleUseTokenProvider {
         }
     }
 
+    /**
+     * @private
+     * @method _validateOTCUsageLimit
+     * Validates a token model is within it's usage limits after additional OTC verification..
+     * OTC bypasses the non-OTC usage count and time-since-first-usage validation but is true single-use.
+     *
+     * @param {Object} model - Token model instance
+     * @param {Object} transaction - Database transaction object
+     *
+     * @returns {Promise<void>}
+     */
+    async _validateOTCUsageLimit(model, transaction) {
+        this._validateOTCUsageCount(model);
+        this._validateTotalTokenLifetime(model);
+        await this._incrementOTCUsageCount(model, transaction);
+    }
+
+    /**
+     * @private
+     * @method _validateUsageLimit
+     * Validates a token model is within it's usage limits
+     *
+     * @param {Object} model - Token model instance
+     * @param {Object} transaction - Database transaction object
+     *
+     * @returns {Promise<void>}
+     */
+    async _validateUsageLimit(model, transaction) {
+        this._validateUsageCount(model);
+        this._validateTimeSinceFirstUsage(model);
+        this._validateTotalTokenLifetime(model);
+        await this._incrementUsageCount(model, transaction);
+    }
+
     /**
      * @private
      * @method deriveCounter
@@ -268,17 +250,59 @@ class SingleUseTokenProvider {
         return hmac.digest('hex');
     }
 
+    /**
+     * @private
+     * @method _findAndLockTokenModel
+     * Finds token in database and locks it for update
+     *
+     * @param {string} token
+     * @param {Object} transacting
+     * @returns {Promise<Object>}
+     */
+    async _findAndLockTokenModel(token, transacting) {
+        const model = await this.model.findOne({token}, {transacting, forUpdate: true});
+
+        if (!model) {
+            throw new ValidationError({
+                message: tpl(messages.INVALID_TOKEN),
+                code: 'INVALID_TOKEN'
+            });
+        }
+
+        return model;
+    }
+
     /**
      * @private
      * @method _validateOTCVerificationHash
-     * Validates OTC verification hash by recreating and comparing the hash.
-     * Private because it's only used internally by the public validate method.
+     * Validates OTC verification hash, throwing on invalid hash.
      *
      * @param {string} otcVerificationHash - The hash to validate (timestamp:hash format)
      * @param {string} token - The token value
-     * @returns {Promise<boolean>} - True if hash is valid, false otherwise
+     * @returns {Promise<void>}
      */
     async _validateOTCVerificationHash(otcVerificationHash, token) {
+        const isValid = await this._isValidOTCVerificationHash(otcVerificationHash, token);
+
+        if (!isValid) {
+            throw new ValidationError({
+                message: tpl(messages.INVALID_OTC_VERIFICATION_HASH),
+                code: 'INVALID_OTC_VERIFICATION_HASH'
+            });
+        }
+    }
+
+    /**
+     * @private
+     * @method _isValidOTCVerificationHash
+     * Validates OTC verification hash by recreating and comparing the hash.
+     * Returns true if the hash is valid, false otherwise.
+     *
+     * @param {string} otcVerificationHash - The hash to validate (timestamp:hash format)
+     * @param {string} token - The token value
+     * @returns {Promise<boolean>}
+     */
+    async _isValidOTCVerificationHash(otcVerificationHash, token) {
         try {
             if (!this.secret || !otcVerificationHash || !token) {
                 return false;
@@ -319,6 +343,138 @@ class SingleUseTokenProvider {
             return false;
         }
     }
+
+    /**
+     * @private
+     * @method _validateUsageCount
+     * Validates that token has not exceeded usage limits, throws on over-used token
+     *
+     * @param {Object} model - The token model
+     * @returns {void}
+     */
+    _validateUsageCount(model) {
+        // Magic links are invalid if OTC has been used
+        const otcUsedCount = model.get('otc_used_count') || 0;
+        if (otcUsedCount > 0) {
+            throw new ValidationError({
+                message: tpl(messages.TOKEN_EXPIRED),
+                code: 'TOKEN_EXPIRED'
+            });
+        }
+
+        if (model.get('used_count') >= this.maxUsageCount) {
+            throw new ValidationError({
+                message: tpl(messages.TOKEN_EXPIRED),
+                code: 'TOKEN_EXPIRED'
+            });
+        }
+    }
+
+    /**
+     * @private
+     * @method _validateOTCUsageCount
+     * Validates that OTC has not exceeded usage limits, throws on over-used token
+     *
+     * @param {Object} model - The token model
+     * @returns {void}
+     */
+    _validateOTCUsageCount(model) {
+        const otcUsedCount = model.get('otc_used_count') || 0;
+        if (otcUsedCount >= 1) {
+            throw new ValidationError({
+                message: tpl(messages.OTC_EXPIRED),
+                code: 'OTC_EXPIRED'
+            });
+        }
+    }
+
+    /**
+     * @private
+     * @method _validateTimeSinceFirstUsage
+     * Validates token has not exceeded its time since first usage, throws on expired token
+     *
+     * @param {Object} model - The token model
+     * @returns {void}
+     */
+    _validateTimeSinceFirstUsage(model) {
+        const createdAtEpoch = model.get('created_at').getTime();
+        const firstUsedAtEpoch = model.get('first_used_at')?.getTime() ?? createdAtEpoch;
+        const timeSinceFirstUsage = Date.now() - firstUsedAtEpoch;
+
+        if (timeSinceFirstUsage > this.validityPeriodAfterUsage) {
+            throw new ValidationError({
+                message: tpl(messages.TOKEN_EXPIRED),
+                code: 'TOKEN_EXPIRED'
+            });
+        }
+    }
+
+    /**
+     * @private
+     * @method _validateTotalTokenLifetime
+     * Validates token has not exceeded its total lifetime, throws on expired token
+     *
+     * @param {Object} model - The token model
+     * @returns {void}
+     */
+    _validateTotalTokenLifetime(model) {
+        const createdAtEpoch = model.get('created_at').getTime();
+        const tokenLifetimeMilliseconds = Date.now() - createdAtEpoch;
+        if (tokenLifetimeMilliseconds > this.validityPeriod) {
+            throw new ValidationError({
+                message: tpl(messages.TOKEN_EXPIRED),
+                code: 'TOKEN_EXPIRED'
+            });
+        }
+    }
+
+    /**
+     * @private
+     * @method _incrementUsageCount
+     * Increments the usage count for a token
+     *
+     * @param {Object} model - The token model
+     * @param {Object} transacting - Database transaction object
+     * @returns {Promise<void>}
+     */
+    async _incrementUsageCount(model, transacting) {
+        const updateData = {used_count: model.get('used_count') + 1};
+        await this._saveUsageData(updateData, model, transacting);
+    }
+
+    /**
+     * @private
+     * @method _incrementOTCUsageCount
+     * Increments the OTC usage count for a token
+     *
+     * @param {Object} model - The token model
+     * @param transacting - Database transaction object
+     * @returns {Promise<void>}
+     */
+    async _incrementOTCUsageCount(model, transacting) {
+        const updateData = {otc_used_count: model.get('otc_used_count') + 1};
+        await this._saveUsageData(updateData, model, transacting);
+    }
+
+    /**
+     * @private
+     * @method _saveUsageData
+     * Saves the usage data for a token
+     *
+     * @param {Object} updateData - The data to save
+     * @param {Object} model - The token model
+     * @param {Object} transacting - Database transaction object
+     * @returns {Promise<void>}
+     */
+    async _saveUsageData(updateData, model, transacting) {
+        updateData.updated_at = new Date();
+
+        if (!model.get('first_used_at')) {
+            updateData.first_used_at = new Date();
+        }
+
+        await model.save(updateData, {autoRefresh: false, patch: true, transacting});
+    }
 }
 
 module.exports = SingleUseTokenProvider;