- .*?<\/ol><\/div>/, '');
8 | // Strip other html
9 | excerpt = excerpt.replace(/<\/?[^>]+>/gi, '');
10 | excerpt = excerpt.replace(/(\r\n|\n|\r)+/gm, ' ');
11 |
12 | if (!truncateOptions.words && !truncateOptions.characters) {
13 | truncateOptions.words = 50;
14 | }
15 |
16 | return downsize(excerpt, truncateOptions);
17 | }
18 |
19 | module.exports = getExcerpt;
20 |
--------------------------------------------------------------------------------
/core/server/public/ghost-sdk.min.js:
--------------------------------------------------------------------------------
1 | !function(){"use strict";function a(a){var b,c=[];if(!a)return"";for(b in a)a.hasOwnProperty(b)&&(a[b]||a[b]===!1)&&c.push(b+"="+encodeURIComponent(a[b]));return c.length?"?"+c.join("&"):""}var b,c,d,e,f="{{api-url}}";d={api:function(){var d,e=Array.prototype.slice.call(arguments),g=f;return d=e.pop(),d&&"object"!=typeof d&&(e.push(d),d={}),d=d||{},d.client_id=b,d.client_secret=c,e.length&&e.forEach(function(a){g+=a.replace(/^\/|\/$/g,"")+"/"}),g+a(d)}},e=function(a){b=a.clientId?a.clientId:"",c=a.clientSecret?a.clientSecret:"",f=a.url?a.url:f.match(/{\{api-url}}/)?"":f},"undefined"!=typeof window&&(window.ghost=window.ghost||{},window.ghost.url=d,window.ghost.init=e),"undefined"!=typeof module&&(module.exports={url:d,init:e})}();
--------------------------------------------------------------------------------
/core/test/unit/services/auth/passport_spec.js:
--------------------------------------------------------------------------------
1 | var should = require('should'),
2 | sinon = require('sinon'),
3 | passport = require('passport'),
4 | ghostPassport = require('../../../../server/services/auth/passport');
5 |
6 | describe('Ghost Passport', function () {
7 | beforeEach(function () {
8 | sinon.spy(passport, 'use');
9 | });
10 |
11 | afterEach(function () {
12 | sinon.restore();
13 | });
14 |
15 | describe('[default] local auth', function () {
16 | it('initialise passport with passport auth type', function () {
17 | var response = ghostPassport.init();
18 | should.exist(response);
19 | passport.use.callCount.should.eql(2);
20 | });
21 | });
22 | });
23 |
--------------------------------------------------------------------------------
/core/test/unit/web/shared/middleware/api/spam-prevention_spec.js:
--------------------------------------------------------------------------------
1 | const should = require('should');
2 | const spamPrevention = require('../../../../../../server/web/shared/middlewares/api/spam-prevention');
3 |
4 | describe('Spam Prevention', function () {
5 | it('exports a contentApiKey method', function () {
6 | should.equal(typeof spamPrevention.contentApiKey, 'function');
7 | });
8 |
9 | describe('contentApiKey method', function () {
10 | it('returns an instance of express-brute', function () {
11 | const ExpressBrute = require('express-brute');
12 | const result = spamPrevention.contentApiKey();
13 |
14 | should.equal(result instanceof ExpressBrute, true);
15 | });
16 | });
17 | });
18 |
--------------------------------------------------------------------------------
/core/server/api/v2/utils/serializers/output/tags.js:
--------------------------------------------------------------------------------
1 | const debug = require('ghost-ignition').debug('api:v2:utils:serializers:output:tags');
2 | const mapper = require('./utils/mapper');
3 |
4 | module.exports = {
5 | all(models, apiConfig, frame) {
6 | debug('all');
7 |
8 | if (!models) {
9 | return;
10 | }
11 |
12 | if (models.meta) {
13 | frame.response = {
14 | tags: models.data.map(model => mapper.mapTag(model, frame)),
15 | meta: models.meta
16 | };
17 |
18 | return;
19 | }
20 |
21 | frame.response = {
22 | tags: [mapper.mapTag(models, frame)]
23 | };
24 |
25 | debug(frame.response);
26 | }
27 | };
28 |
--------------------------------------------------------------------------------
/core/server/lib/members/static/auth/pages/PasswordResetSentPage.js:
--------------------------------------------------------------------------------
1 | import FormHeader from '../components/FormHeader';
2 | import FormSubmit from '../components/FormSubmit';
3 |
4 | import Form from '../components/Form';
5 |
6 | export default ({ error, handleSubmit }) => (
7 |
8 |
16 | );
17 |
--------------------------------------------------------------------------------
/core/server/services/routing/helpers/render-entry.js:
--------------------------------------------------------------------------------
1 | const debug = require('ghost-ignition').debug('services:routing:helpers:render-post'),
2 | formatResponse = require('./format-response'),
3 | renderer = require('./renderer');
4 | /*
5 | * Sets the response context around an entry (post or page)
6 | * and renders it with the correct template.
7 | * Used by post preview and entry methods.
8 | * Returns a function that takes the entry to be rendered.
9 | */
10 | module.exports = function renderEntry(req, res) {
11 | debug('renderEntry called');
12 | return function renderEntry(entry) {
13 | // Format data 2 - 1 is in preview/entry
14 | // Render
15 | return renderer(req, res, formatResponse.entry(entry));
16 | };
17 | };
18 |
--------------------------------------------------------------------------------
/core/server/apps/subscribers/index.js:
--------------------------------------------------------------------------------
1 | const router = require('./lib/router'),
2 | registerHelpers = require('./lib/helpers'),
3 | // Dirty requires
4 | labs = require('../../services/labs');
5 |
6 | module.exports = {
7 | activate(ghost) {
8 | // routeKeywords.subscribe: 'subscribe'
9 | const subscribeRoute = '/subscribe/';
10 | // TODO, how to do all this only if the Subscribers flag is set?!
11 | registerHelpers(ghost);
12 |
13 | ghost.routeService.registerRouter(subscribeRoute, function labsEnabledRouter(req, res, next) {
14 | if (labs.isSet('subscribers')) {
15 | return router.apply(this, arguments);
16 | }
17 |
18 | next();
19 | });
20 | }
21 | };
22 |
--------------------------------------------------------------------------------
/core/server/apps/subscribers/lib/helpers/index.js:
--------------------------------------------------------------------------------
1 | // Dirty requires!
2 | const labs = require('../../../../services/labs');
3 |
4 | module.exports = function registerHelpers(ghost) {
5 | ghost.helpers.register('input_email', require('./input_email'));
6 |
7 | ghost.helpers.register('subscribe_form', function labsEnabledHelper() {
8 | let self = this, args = arguments;
9 |
10 | return labs.enabledHelper({
11 | flagKey: 'subscribers',
12 | flagName: 'Subscribers',
13 | helperName: 'subscribe_form',
14 | helpUrl: 'https://docs.ghost.org/faq/enable-subscribers-feature/'
15 | }, () => {
16 | return require('./subscribe_form').apply(self, args);
17 | });
18 | });
19 | };
20 |
--------------------------------------------------------------------------------
/core/server/data/meta/context_object.js:
--------------------------------------------------------------------------------
1 | var settingsCache = require('../../services/settings/cache'),
2 | _ = require('lodash');
3 |
4 | function getContextObject(data, context) {
5 | /**
6 | * If the data object does not contain the requested context, we return the fallback object.
7 | */
8 | var blog = {
9 | cover_image: settingsCache.get('cover_image'),
10 | twitter: settingsCache.get('twitter'),
11 | facebook: settingsCache.get('facebook')
12 | },
13 | contextObject;
14 |
15 | context = _.includes(context, 'page') || _.includes(context, 'amp') ? 'post' : context;
16 | contextObject = data[context] || blog;
17 | return contextObject;
18 | }
19 |
20 | module.exports = getContextObject;
21 |
--------------------------------------------------------------------------------
/core/test/unit/helpers/lang_spec.js:
--------------------------------------------------------------------------------
1 | const should = require('should'),
2 | settingsCache = require('../../../server/services/settings/cache'),
3 | helpers = require('../../../server/helpers'),
4 | proxy = require('../../../server/helpers/proxy');
5 |
6 | describe('{{lang}} helper', function () {
7 | beforeEach(function () {
8 | settingsCache.set('default_locale', {value: 'en'});
9 | });
10 |
11 | afterEach(function () {
12 | settingsCache.shutdown();
13 | });
14 |
15 | it('returns correct language tag', function () {
16 | let expected = proxy.i18n.locale(),
17 | rendered = helpers.lang.call();
18 |
19 | should.exist(rendered);
20 | rendered.string.should.equal(expected);
21 | });
22 | });
23 |
--------------------------------------------------------------------------------
/core/server/api/v2/utils/serializers/output/all.js:
--------------------------------------------------------------------------------
1 | const debug = require('ghost-ignition').debug('api:v2:utils:serializers:output:all');
2 | const _ = require('lodash');
3 |
4 | const removeXBY = (object) => {
5 | _.each(object, (value, key) => {
6 | // CASE: go deeper
7 | if (_.isObject(value) || _.isArray(value)) {
8 | removeXBY(value);
9 | } else if (['updated_by', 'created_by', 'published_by'].includes(key)) {
10 | delete object[key];
11 | }
12 | });
13 |
14 | return object;
15 | };
16 |
17 | module.exports = {
18 | after(apiConfig, frame) {
19 | debug('all after');
20 |
21 | if (frame.response) {
22 | frame.response = removeXBY(frame.response);
23 | }
24 | }
25 | };
26 |
--------------------------------------------------------------------------------
/core/server/lib/security/identifier.js:
--------------------------------------------------------------------------------
1 | let _private = {};
2 |
3 | // @TODO: replace with crypto.randomBytes
4 | _private.getRandomInt = function (min, max) {
5 | return Math.floor(Math.random() * (max - min + 1)) + min;
6 | };
7 |
8 | /**
9 | * Return a unique identifier with the given `len`.
10 | *
11 | * @param {Number} maxLength
12 | * @return {String}
13 | * @api private
14 | */
15 | module.exports.uid = function uid(maxLength) {
16 | var buf = [],
17 | chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',
18 | charLength = chars.length,
19 | i;
20 |
21 | for (i = 0; i < maxLength; i = i + 1) {
22 | buf.push(chars[_private.getRandomInt(0, charLength - 1)]);
23 | }
24 |
25 | return buf.join('');
26 | };
27 |
--------------------------------------------------------------------------------
/core/server/api/v2/utils/serializers/input/db.js:
--------------------------------------------------------------------------------
1 | const _ = require('lodash');
2 | const debug = require('ghost-ignition').debug('api:v2:utils:serializers:input:db');
3 | const optionsUtil = require('../../../../shared/utils/options');
4 |
5 | const INTERNAL_OPTIONS = ['transacting', 'forUpdate'];
6 |
7 | module.exports = {
8 | all(apiConfig, frame) {
9 | debug('serialize all');
10 |
11 | if (frame.options.include) {
12 | frame.options.include = optionsUtil.trimAndLowerCase(frame.options.include);
13 | }
14 |
15 | if (!frame.options.context.internal) {
16 | debug('omit internal options');
17 | frame.options = _.omit(frame.options, INTERNAL_OPTIONS);
18 | }
19 |
20 | debug(frame.options);
21 | }
22 | };
23 |
--------------------------------------------------------------------------------
/core/server/api/v2/utils/serializers/output/notifications.js:
--------------------------------------------------------------------------------
1 | const debug = require('ghost-ignition').debug('api:v2:utils:serializers:output:notifications');
2 |
3 | module.exports = {
4 | all(response, apiConfig, frame) {
5 | if (!response) {
6 | return;
7 | }
8 |
9 | if (!response || !response.length) {
10 | frame.response = {
11 | notifications: []
12 | };
13 |
14 | return;
15 | }
16 |
17 | response.forEach((notification) => {
18 | delete notification.seen;
19 | delete notification.addedAt;
20 | });
21 |
22 | frame.response = {
23 | notifications: response
24 | };
25 |
26 | debug(frame.response);
27 | }
28 | };
29 |
--------------------------------------------------------------------------------
/core/server/data/meta/blog_logo.js:
--------------------------------------------------------------------------------
1 | var urlService = require('../../services/url'),
2 | settingsCache = require('../../services/settings/cache'),
3 | imageLib = require('../../lib/image');
4 |
5 | function getBlogLogo() {
6 | var logo = {};
7 |
8 | if (settingsCache.get('logo')) {
9 | logo.url = urlService.utils.urlFor('image', {image: settingsCache.get('logo')}, true);
10 | } else {
11 | // CASE: no publication logo is updated. We can try to use either an uploaded publication icon
12 | // or use the default one to make
13 | // Google happy with it. See https://github.com/TryGhost/Ghost/issues/7558
14 | logo.url = imageLib.blogIcon.getIconUrl(true);
15 | }
16 |
17 | return logo;
18 | }
19 |
20 | module.exports = getBlogLogo;
21 |
--------------------------------------------------------------------------------
/core/server/api/v2/utils/validators/input/schemas/images.json:
--------------------------------------------------------------------------------
1 |
2 | {
3 | "$schema": "http://json-schema.org/draft-07/schema#",
4 | "$id": "images",
5 | "title": "images",
6 | "description": "Base images definitions",
7 | "definitions": {
8 | "image": {
9 | "type": "object",
10 | "additionalProperties": false,
11 | "properties": {
12 | "purpose": {
13 | "type": "string",
14 | "enum": ["image", "profile_image", "icon"],
15 | "default": "image"
16 | },
17 | "ref": {
18 | "type": ["string", "null"],
19 | "maxLength": 2000
20 | }
21 | }
22 | }
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/core/test/unit/web/api/v2/content/middleware_spec.js:
--------------------------------------------------------------------------------
1 | const should = require('should');
2 | const middleware = require('../../../../../../server/web/api/v2/content/middleware');
3 |
4 | describe('Content Api v2 middleware', function () {
5 | it('exports an authenticatePublic middleware', function () {
6 | should.exist(middleware.authenticatePublic);
7 | });
8 |
9 | describe('authenticatePublic', function () {
10 | it('uses brute content api middleware as the first middleware in the chain', function () {
11 | const firstMiddleware = middleware.authenticatePublic[0];
12 | const brute = require('../../../../../../server/web/shared/middlewares/brute');
13 |
14 | should.equal(firstMiddleware, brute.contentApiKey);
15 | });
16 | });
17 | });
18 |
--------------------------------------------------------------------------------
/core/server/api/v2/utils/serializers/output/pages.js:
--------------------------------------------------------------------------------
1 | const debug = require('ghost-ignition').debug('api:v2:utils:serializers:output:pages');
2 | const mapper = require('./utils/mapper');
3 |
4 | module.exports = {
5 | all(models, apiConfig, frame) {
6 | debug('all');
7 |
8 | // CASE: e.g. destroy returns null
9 | if (!models) {
10 | return;
11 | }
12 |
13 | if (models.meta) {
14 | frame.response = {
15 | pages: models.data.map(model => mapper.mapPost(model, frame)),
16 | meta: models.meta
17 | };
18 |
19 | return;
20 | }
21 |
22 | frame.response = {
23 | pages: [mapper.mapPost(models, frame)]
24 | };
25 |
26 | debug(frame.response);
27 | }
28 | };
29 |
--------------------------------------------------------------------------------
/core/server/data/meta/og_image.js:
--------------------------------------------------------------------------------
1 | var urlService = require('../../services/url'),
2 | getContextObject = require('./context_object.js'),
3 | _ = require('lodash');
4 |
5 | function getOgImage(data) {
6 | var context = data.context ? data.context : null,
7 | contextObject = getContextObject(data, context);
8 |
9 | if (_.includes(context, 'post') || _.includes(context, 'page') || _.includes(context, 'amp')) {
10 | if (contextObject.og_image) {
11 | return urlService.utils.urlFor('image', {image: contextObject.og_image}, true);
12 | } else if (contextObject.feature_image) {
13 | return urlService.utils.urlFor('image', {image: contextObject.feature_image}, true);
14 | }
15 | }
16 |
17 | return null;
18 | }
19 |
20 | module.exports = getOgImage;
21 |
--------------------------------------------------------------------------------
/core/server/services/permissions/index.js:
--------------------------------------------------------------------------------
1 | // canThis(someUser).edit.posts([id]|[[ids]])
2 | // canThis(someUser).edit.post(somePost|somePostId)
3 |
4 | var models = require('../../models'),
5 | actionsMap = require('./actions-map-cache'),
6 | init;
7 |
8 | init = function init(options) {
9 | options = options || {};
10 |
11 | // Load all the permissions
12 | return models.Permission.findAll(options)
13 | .then(function (permissionsCollection) {
14 | return actionsMap.init(permissionsCollection);
15 | });
16 | };
17 |
18 | module.exports = {
19 | init: init,
20 | canThis: require('./can-this'),
21 | // @TODO: Make it so that we don't need to export these
22 | parseContext: require('./parse-context'),
23 | applyPublicRules: require('./public')
24 | };
25 |
--------------------------------------------------------------------------------
/core/server/web/api/v2/content/middleware.js:
--------------------------------------------------------------------------------
1 | const cors = require('cors');
2 | const auth = require('../../../../services/auth');
3 | const shared = require('../../../shared');
4 |
5 | /**
6 | * Auth Middleware Packages
7 | *
8 | * IMPORTANT
9 | * - cors middleware MUST happen before pretty urls, because otherwise cors header can get lost on redirect
10 | * - url redirects MUST happen after cors, otherwise cors header can get lost on redirect
11 | */
12 |
13 | /**
14 | * Authentication for public endpoints
15 | */
16 | module.exports.authenticatePublic = [
17 | shared.middlewares.brute.contentApiKey,
18 | auth.authenticate.authenticateContentApi,
19 | auth.authorize.authorizeContentApi,
20 | cors(),
21 | shared.middlewares.urlRedirects.adminRedirect,
22 | shared.middlewares.prettyUrls
23 | ];
24 |
--------------------------------------------------------------------------------
/core/server/data/meta/cover_image.js:
--------------------------------------------------------------------------------
1 | var urlService = require('../../services/url'),
2 | getContextObject = require('./context_object.js'),
3 | _ = require('lodash');
4 |
5 | function getCoverImage(data) {
6 | var context = data.context ? data.context : null,
7 | contextObject = getContextObject(data, context);
8 |
9 | if (_.includes(context, 'home') || _.includes(context, 'author')) {
10 | if (contextObject.cover_image) {
11 | return urlService.utils.urlFor('image', {image: contextObject.cover_image}, true);
12 | }
13 | } else {
14 | if (contextObject.feature_image) {
15 | return urlService.utils.urlFor('image', {image: contextObject.feature_image}, true);
16 | }
17 | }
18 | return null;
19 | }
20 |
21 | module.exports = getCoverImage;
22 |
--------------------------------------------------------------------------------
/core/server/data/meta/twitter_image.js:
--------------------------------------------------------------------------------
1 | var urlService = require('../../services/url'),
2 | getContextObject = require('./context_object.js'),
3 | _ = require('lodash');
4 |
5 | function getTwitterImage(data) {
6 | var context = data.context ? data.context : null,
7 | contextObject = getContextObject(data, context);
8 |
9 | if (_.includes(context, 'post') || _.includes(context, 'page') || _.includes(context, 'amp')) {
10 | if (contextObject.twitter_image) {
11 | return urlService.utils.urlFor('image', {image: contextObject.twitter_image}, true);
12 | } else if (contextObject.feature_image) {
13 | return urlService.utils.urlFor('image', {image: contextObject.feature_image}, true);
14 | }
15 | }
16 |
17 | return null;
18 | }
19 |
20 | module.exports = getTwitterImage;
21 |
--------------------------------------------------------------------------------
/core/server/lib/promise/sequence.js:
--------------------------------------------------------------------------------
1 | const Promise = require('bluebird');
2 |
3 | /**
4 | * expects an array of functions returning a promise
5 | */
6 | function sequence(tasks /* Any Arguments */) {
7 | const args = Array.prototype.slice.call(arguments, 1);
8 |
9 | return Promise.reduce(tasks, function (results, task) {
10 | const response = task.apply(this, args);
11 |
12 | if (response && response.then) {
13 | return response.then(function (result) {
14 | results.push(result);
15 | return results;
16 | });
17 | } else {
18 | return Promise.resolve().then(() => {
19 | results.push(response);
20 | return results;
21 | });
22 | }
23 | }, []);
24 | }
25 |
26 | module.exports = sequence;
27 |
--------------------------------------------------------------------------------
/core/server/services/routing/helpers/renderer.js:
--------------------------------------------------------------------------------
1 | const debug = require('ghost-ignition').debug('services:routing:helpers:renderer'),
2 | setContext = require('./context'),
3 | templates = require('./templates');
4 |
5 | module.exports = function renderer(req, res, data) {
6 | // Context
7 | setContext(req, res, data);
8 |
9 | // Template
10 | templates.setTemplate(req, res, data);
11 |
12 | // Render Call
13 | debug('Rendering template: ' + res._template + ' for: ' + req.originalUrl);
14 | debug('res.locals', res.locals);
15 |
16 | if (res.routerOptions && res.routerOptions.contentType) {
17 | if (res.routerOptions.templates.indexOf(res._template) !== -1) {
18 | res.type(res.routerOptions.contentType);
19 | }
20 | }
21 |
22 | res.render(res._template, data);
23 | };
24 |
--------------------------------------------------------------------------------
/core/server/models/plugins/transaction-events.js:
--------------------------------------------------------------------------------
1 | /**
2 | * This is a feature request in knex for 1.0.
3 | * https://github.com/tgriesser/knex/issues/1641
4 | */
5 | module.exports = function (bookshelf) {
6 | const orig1 = bookshelf.transaction;
7 |
8 | bookshelf.transaction = function (cb) {
9 | return orig1.bind(bookshelf)(function (t) {
10 | const orig2 = t.commit;
11 | const orig3 = t.rollback;
12 |
13 | t.commit = function () {
14 | t.emit('committed', true);
15 | return orig2.apply(t, arguments);
16 | };
17 |
18 | t.rollback = function () {
19 | t.emit('committed', false);
20 | return orig3.apply(t, arguments);
21 | };
22 |
23 | return cb(t);
24 | });
25 | };
26 | };
27 |
--------------------------------------------------------------------------------
/core/server/api/v2/utils/serializers/output/posts.js:
--------------------------------------------------------------------------------
1 | const debug = require('ghost-ignition').debug('api:v2:utils:serializers:output:posts');
2 | const mapper = require('./utils/mapper');
3 |
4 | module.exports = {
5 | all(models, apiConfig, frame) {
6 | debug('all');
7 |
8 | // CASE: e.g. destroy returns null
9 | if (!models) {
10 | return;
11 | }
12 |
13 | if (models.meta) {
14 | frame.response = {
15 | posts: models.data.map(model => mapper.mapPost(model, frame)),
16 | meta: models.meta
17 | };
18 |
19 | debug(frame.response);
20 | return;
21 | }
22 |
23 | frame.response = {
24 | posts: [mapper.mapPost(models, frame)]
25 | };
26 |
27 | debug(frame.response);
28 | }
29 | };
30 |
--------------------------------------------------------------------------------
/core/server/lib/request.js:
--------------------------------------------------------------------------------
1 | var got = require('got'),
2 | _ = require('lodash'),
3 | validator = require('../data/validation').validator,
4 | common = require('./common'),
5 | ghostVersion = require('./ghost-version');
6 |
7 | var defaultOptions = {
8 | headers: {
9 | 'user-agent': 'Ghost/' + ghostVersion.original + ' (https://github.com/TryGhost/Ghost)'
10 | }
11 | };
12 |
13 | module.exports = function request(url, options) {
14 | if (_.isEmpty(url) || !validator.isURL(url)) {
15 | return Promise.reject(new common.errors.InternalServerError({
16 | message: 'URL empty or invalid.',
17 | code: 'URL_MISSING_INVALID',
18 | context: url
19 | }));
20 | }
21 |
22 | var mergedOptions = _.merge({}, defaultOptions, options);
23 |
24 | return got(url, mergedOptions);
25 | };
26 |
--------------------------------------------------------------------------------
/core/server/web/shared/middlewares/ghost-locals.js:
--------------------------------------------------------------------------------
1 | const ghostVersion = require('../../../lib/ghost-version');
2 | const themeService = require('../../../services/themes');
3 |
4 | // ### GhostLocals Middleware
5 | // Expose the standard locals that every request will need to have available
6 | module.exports = function ghostLocals(req, res, next) {
7 | // Make sure we have a locals value.
8 | res.locals = res.locals || {};
9 | // The current Ghost version
10 | res.locals.version = ghostVersion.full;
11 | // The current Ghost version, but only major.minor
12 | res.locals.safeVersion = ghostVersion.safe;
13 | // relative path from the URL
14 | res.locals.relativeUrl = req.path;
15 | // make ghost api version available for the theme + routing
16 | res.locals.apiVersion = themeService.getApiVersion();
17 |
18 | next();
19 | };
20 |
--------------------------------------------------------------------------------
/core/server/lib/fs/package-json/index.js:
--------------------------------------------------------------------------------
1 | /**
2 | * # Package Utils
3 | *
4 | * Ghost has / is in the process of gaining support for several different types of sub-packages:
5 | * - Themes: have always been packages, but we're going to lean more heavily on npm & package.json in future
6 | * - Adapters: an early version of apps, replace fundamental pieces like storage, will become npm modules
7 | * - Apps: plugins that can be installed whilst Ghost is running & modify behaviour
8 | * - More?
9 | *
10 | * These utils facilitate loading, reading, managing etc, packages from the file system.
11 | */
12 |
13 | module.exports = {
14 | get read() {
15 | return require('./read');
16 | },
17 |
18 | get parse() {
19 | return require('./parse');
20 | },
21 |
22 | get filter() {
23 | return require('./filter');
24 | }
25 | };
26 |
--------------------------------------------------------------------------------
/core/server/web/admin/controller.js:
--------------------------------------------------------------------------------
1 | const debug = require('ghost-ignition').debug('web:admin:controller');
2 | const path = require('path');
3 | const config = require('../../config');
4 | const updateCheck = require('../../update-check');
5 | const common = require('../../lib/common');
6 |
7 | // Route: index
8 | // Path: /ghost/
9 | // Method: GET
10 | module.exports = function adminController(req, res) {
11 | debug('index called');
12 |
13 | // run in background, don't block the admin rendering
14 | updateCheck()
15 | .catch((err) => {
16 | common.logging.error(err);
17 | });
18 |
19 | const defaultTemplate = config.get('env') === 'production' ? 'default-prod.html' : 'default.html';
20 | const templatePath = path.resolve(config.get('paths').adminViews, defaultTemplate);
21 |
22 | res.sendFile(templatePath);
23 | };
24 |
--------------------------------------------------------------------------------
/core/server/lib/fs/zip-folder.js:
--------------------------------------------------------------------------------
1 | const fs = require('fs-extra');
2 |
3 | module.exports = function zipFolder(folderToZip, destination, callback) {
4 | var archiver = require('archiver'),
5 | output = fs.createWriteStream(destination),
6 | archive = archiver.create('zip', {});
7 |
8 | // If folder to zip is a symlink, we want to get the target
9 | // of the link and zip that instead of zipping the symlink
10 | if (fs.lstatSync(folderToZip).isSymbolicLink()) {
11 | folderToZip = fs.realpathSync(folderToZip);
12 | }
13 |
14 | output.on('close', function () {
15 | callback(null, archive.pointer());
16 | });
17 |
18 | archive.on('error', function (err) {
19 | callback(err, null);
20 | });
21 |
22 | archive.directory(folderToZip, '/');
23 | archive.pipe(output);
24 | archive.finalize();
25 | };
26 |
--------------------------------------------------------------------------------
/core/server/lib/members/static/auth/pages/RequestPasswordResetPage.js:
--------------------------------------------------------------------------------
1 | import FormHeader from '../components/FormHeader';
2 | import EmailInput from '../components/EmailInput';
3 | import FormSubmit from '../components/FormSubmit';
4 |
5 | import Form from '../components/Form';
6 |
7 | export default ({ error, handleClose, handleSubmit }) => (
8 |
9 |
18 | );
19 |
--------------------------------------------------------------------------------
/core/server/api/v2/utils/validators/utils/strip-keyword.js:
--------------------------------------------------------------------------------
1 | /**
2 | * 'strip' keyword is introduced into schemas for following behavior:
3 | * properties that are 'known' but should not be present in the model
4 | * should be stripped from data and not throw validation errors.
5 | *
6 | * An example of such property is `tag.parent` which we want to ignore
7 | * but not necessarily throw a validation error as it was present in
8 | * responses in previous versions of API
9 | */
10 | module.exports = function defFunc(ajv) {
11 | defFunc.definition = {
12 | errors: false,
13 | modifying: true,
14 | valid: true,
15 | validate: function (schema, data, parentSchema, dataPath, parentData, propName) {
16 | delete parentData[propName];
17 | }
18 | };
19 |
20 | ajv.addKeyword('strip', defFunc.definition);
21 | return ajv;
22 | };
23 |
--------------------------------------------------------------------------------
/core/server/web/shared/middlewares/admin-redirects.js:
--------------------------------------------------------------------------------
1 | const express = require('express');
2 | const urlService = require('../../../services/url');
3 |
4 | const adminRedirect = (path) => {
5 | return function doRedirect(req, res) {
6 | return urlService.utils.redirectToAdmin(301, res, path);
7 | };
8 | };
9 |
10 | module.exports = function adminRedirects() {
11 | const router = express.Router();
12 | // Admin redirects - register redirect as route
13 | // TODO: this should be middleware!
14 | router.get(/^\/(logout|signout)\/$/, adminRedirect('#/signout/'));
15 | router.get(/^\/signup\/$/, adminRedirect('#/signup/'));
16 | // redirect to /ghost and let that do the authentication to prevent redirects to /ghost//admin etc.
17 | router.get(/^\/((ghost-admin|admin|dashboard|signin|login)\/?)$/, adminRedirect('/'));
18 |
19 | return router;
20 | };
21 |
--------------------------------------------------------------------------------
/core/server/apps/amp/index.js:
--------------------------------------------------------------------------------
1 | const router = require('./lib/router'),
2 | registerHelpers = require('./lib/helpers'),
3 | urlService = require('../../services/url'),
4 |
5 | // Dirty requires
6 | settingsCache = require('../../services/settings/cache');
7 |
8 | function ampRouter(req, res) {
9 | if (settingsCache.get('amp') === true) {
10 | return router.apply(this, arguments);
11 | } else {
12 | // routeKeywords.amp: 'amp'
13 | let redirectUrl = req.originalUrl.replace(/amp\/$/, '');
14 | urlService.utils.redirect301(res, redirectUrl);
15 | }
16 | }
17 |
18 | module.exports = {
19 | activate: function activate(ghost) {
20 | // routeKeywords.amp: 'amp'
21 | let ampRoute = '*/amp/';
22 |
23 | ghost.routeService.registerRouter(ampRoute, ampRouter);
24 |
25 | registerHelpers(ghost);
26 | }
27 | };
28 |
--------------------------------------------------------------------------------
/core/test/utils/fixtures/themes/casper/partials/byline-single.hbs:
--------------------------------------------------------------------------------
1 | {{!-- Everything inside the #author tags pulls data from the author --}}
2 | {{#primary_author}}
3 |
4 |
25 |
27 | );
28 | }
29 | }
30 |
31 | export default CheckoutForm;
32 |
--------------------------------------------------------------------------------
/core/server/lib/ghost-version.js:
--------------------------------------------------------------------------------
1 | const semver = require('semver'),
2 | packageInfo = require('../../../package.json'),
3 | version = packageInfo.version,
4 | plainVersion = version.match(/^(\d+\.)?(\d+\.)?(\d+)/)[0];
5 |
6 | let _private = {};
7 |
8 | _private.compose = function compose(type) {
9 | switch (type) {
10 | case 'pre':
11 | return plainVersion + '-' + semver.prerelease(version)[0] + (semver.prerelease(version)[1] ? '.' + semver.prerelease(version)[1] : '');
12 | default:
13 | return version;
14 | }
15 | };
16 |
17 | // major.minor
18 | module.exports.safe = version.match(/^(\d+\.)?(\d+)/)[0];
19 |
20 | // major.minor.patch-{prerelease}
21 | module.exports.full = semver.prerelease(version) ? _private.compose('pre') : plainVersion;
22 |
23 | // original string in package.json (can contain pre-release and build suffix)
24 | module.exports.original = version;
25 |
26 |
--------------------------------------------------------------------------------
/core/server/services/themes/engine.js:
--------------------------------------------------------------------------------
1 | var hbs = require('express-hbs'),
2 | config = require('../../config'),
3 | instance = hbs.create();
4 |
5 | // @TODO think about a config option for this e.g. theme.devmode?
6 | if (config.get('env') !== 'production') {
7 | instance.handlebars.logger.level = 0;
8 | }
9 |
10 | instance.escapeExpression = instance.handlebars.Utils.escapeExpression;
11 |
12 | instance.configure = function configure(partialsPath) {
13 | var hbsOptions = {
14 | partialsDir: [config.get('paths').helperTemplates],
15 | onCompile: function onCompile(exhbs, source) {
16 | return exhbs.handlebars.compile(source, {preventIndent: true});
17 | }
18 | };
19 |
20 | if (partialsPath) {
21 | hbsOptions.partialsDir.push(partialsPath);
22 | }
23 |
24 | return instance.express4(hbsOptions);
25 | };
26 |
27 | module.exports = instance;
28 |
--------------------------------------------------------------------------------
/core/server/web/shared/middlewares/validation/profile-image.js:
--------------------------------------------------------------------------------
1 | const common = require('../../../../lib/common');
2 | const imageLib = require('../../../../lib/image');
3 |
4 | module.exports = function profileImage(req, res, next) {
5 | // we checked for a valid image file, now we need to do validations for profile image
6 | imageLib.imageSize.getImageSizeFromPath(req.file.path).then((response) => {
7 | // save the image dimensions in new property for file
8 | req.file.dimensions = response;
9 |
10 | // CASE: file needs to be a square
11 | if (req.file.dimensions.width !== req.file.dimensions.height) {
12 | return next(new common.errors.ValidationError({
13 | message: common.i18n.t('errors.api.images.isNotSquare')
14 | }));
15 | }
16 |
17 | next();
18 | }).catch((err) => {
19 | next(err);
20 | });
21 | };
22 |
--------------------------------------------------------------------------------
/core/test/unit/models/permission_spec.js:
--------------------------------------------------------------------------------
1 | const should = require('should'),
2 | sinon = require('sinon'),
3 | models = require('../../../server/models'),
4 | testUtils = require('../../utils'),
5 | configUtils = require('../../utils/configUtils');
6 |
7 | describe('Unit: models/permission', function () {
8 | before(function () {
9 | models.init();
10 | });
11 |
12 | after(function () {
13 | sinon.restore();
14 | configUtils.restore();
15 | });
16 |
17 | describe('add', function () {
18 | it('[error] validation', function () {
19 | return models.Permission.add({})
20 | .then(function () {
21 | 'Should fail'.should.be.true();
22 | })
23 | .catch(function (err) {
24 | err.length.should.eql(3);
25 | });
26 | });
27 | });
28 | });
29 |
--------------------------------------------------------------------------------
/core/index.js:
--------------------------------------------------------------------------------
1 | // ## Server Loader
2 | // Passes options through the boot process to get a server instance back
3 | const server = require('./server');
4 | const common = require('./server/lib/common');
5 | const GhostServer = require('./server/ghost-server');
6 |
7 | // Set the default environment to be `development`
8 | process.env.NODE_ENV = process.env.NODE_ENV || 'development';
9 |
10 | function makeGhost(options) {
11 | options = options || {};
12 |
13 | return server(options)
14 | .catch((err) => {
15 | if (!common.errors.utils.isIgnitionError(err)) {
16 | err = new common.errors.GhostError({message: err.message, err: err});
17 | }
18 |
19 | return GhostServer.announceServerStopped(err)
20 | .finally(() => {
21 | throw err;
22 | });
23 | });
24 | }
25 |
26 | module.exports = makeGhost;
27 |
--------------------------------------------------------------------------------
/core/test/utils/fixtures/themes/casper/partials/icons/twitter.hbs:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/.npmignore:
--------------------------------------------------------------------------------
1 | !**
2 | .build
3 | .dist
4 | .tmp
5 | docs/**
6 | _site/**
7 | content/adapters/**
8 | !content/adapters/README.md
9 | content/apps/**
10 | !content/apps/README.md
11 | content/data/**
12 | !content/data/README.md
13 | content/images/**
14 | !content/images/README.md
15 | content/logs/**
16 | !content/logs/README.md
17 | content/themes/**
18 | !content/themes/casper/**
19 | node_modules/**
20 | core/server/lib/members/static/auth/node_modules/**
21 | **/*.db*
22 | *.db*
23 | .af*
24 | .git*
25 | .groc*
26 | .jshintrc
27 | .jscsrc
28 | *.iml
29 | core/built/**/*.map
30 | core/built/**/test-*
31 | core/built/**/tests-*
32 | core/client/**
33 | core/test/**
34 | CONTRIBUTING.md
35 | SECURITY.md
36 | .travis.yml
37 | *.html
38 | !core/server/web/admin/views/**
39 | !core/server/services/mail/templates/**
40 | bower_components/**
41 | .editorconfig
42 | gulpfile.js
43 | !content/themes/casper/gulpfile.js
44 | package-lock.json
45 |
--------------------------------------------------------------------------------
/core/server/api/v2/utils/serializers/input/users.js:
--------------------------------------------------------------------------------
1 | const debug = require('ghost-ignition').debug('api:v2:utils:serializers:input:users');
2 | const url = require('./utils/url');
3 |
4 | module.exports = {
5 | read(apiConfig, frame) {
6 | debug('read');
7 |
8 | if (frame.data.id === 'me' && frame.options.context && frame.options.context.user) {
9 | frame.data.id = frame.options.context.user;
10 | }
11 | },
12 |
13 | edit(apiConfig, frame) {
14 | debug('edit');
15 |
16 | if (frame.options.id === 'me' && frame.options.context && frame.options.context.user) {
17 | frame.options.id = frame.options.context.user;
18 | }
19 |
20 | if (frame.data.users[0].password) {
21 | delete frame.data.users[0].password;
22 | }
23 |
24 | frame.data.users[0] = url.forUser(Object.assign({}, frame.data.users[0]));
25 | }
26 | };
27 |
--------------------------------------------------------------------------------
/core/server/lib/members/static/auth/pages/ResetPasswordPage.js:
--------------------------------------------------------------------------------
1 | import FormHeader from '../components/FormHeader';
2 | import PasswordInput from '../components/PasswordInput';
3 | import FormSubmit from '../components/FormSubmit';
4 | import Form from '../components/Form';
5 |
6 | const getTokenData = frameLocation => {
7 | const params = new URLSearchParams(frameLocation.query);
8 | const token = params.get('token') || '';
9 | return { token };
10 |
11 | };
12 |
13 | export default ({ error, frameLocation, handleSubmit }) => (
14 |
15 |
21 | );
22 |
--------------------------------------------------------------------------------
/core/test/unit/lib/mobiledoc/converters/converters_spec.js:
--------------------------------------------------------------------------------
1 | const should = require('should');
2 | const converters = require('../../../../../server/lib/mobiledoc/converters');
3 |
4 | describe('Unit: lib/mobiledoc/converters', function () {
5 | describe('htmlToMobiledocConverter should be unsupported in node v6', function () {
6 | before(function () {
7 | if (!process.version.startsWith('v6.')) {
8 | this.skip();
9 | }
10 | });
11 |
12 | it('should throw when running on node v6', function () {
13 | try {
14 | const thrower = converters.htmlToMobiledocConverter();
15 | thrower();
16 | throw new Error('should not execute');
17 | } catch (err) {
18 | err.message.should.equal('Unable to convert from source HTML to Mobiledoc');
19 | }
20 | });
21 | });
22 | });
23 |
--------------------------------------------------------------------------------
/core/server/services/routing/helpers/index.js:
--------------------------------------------------------------------------------
1 | module.exports = {
2 | get entryLookup() {
3 | return require('./entry-lookup');
4 | },
5 |
6 | get fetchData() {
7 | return require('./fetch-data');
8 | },
9 |
10 | get renderEntries() {
11 | return require('./render-entries');
12 | },
13 |
14 | get formatResponse() {
15 | return require('./format-response');
16 | },
17 |
18 | get renderEntry() {
19 | return require('./render-entry');
20 | },
21 |
22 | get renderer() {
23 | return require('./renderer');
24 | },
25 |
26 | get templates() {
27 | return require('./templates');
28 | },
29 |
30 | get secure() {
31 | return require('./secure');
32 | },
33 |
34 | get handleError() {
35 | return require('./error');
36 | },
37 |
38 | get context() {
39 | return require('./context');
40 | }
41 | };
42 |
--------------------------------------------------------------------------------
/core/test/unit/lib/promise/sequence_spec.js:
--------------------------------------------------------------------------------
1 | const should = require('should');
2 | const sinon = require('sinon');
3 | const Promise = require('bluebird');
4 | const sequence = require('../../../../server/lib/promise/sequence');
5 |
6 | describe('Unit: lib/promise/sequence', function () {
7 | afterEach(function () {
8 | sinon.restore();
9 | });
10 |
11 | it('mixed tasks: promise and none promise', function () {
12 | const tasks = [
13 | function a() {
14 | return Promise.resolve('hello');
15 | },
16 | function b() {
17 | return 'from';
18 | },
19 | function c() {
20 | return Promise.resolve('chio');
21 | },
22 | ];
23 | return sequence(tasks)
24 | .then(function (result) {
25 | result.should.eql(['hello','from', 'chio']);
26 | });
27 | });
28 | });
29 |
--------------------------------------------------------------------------------
/core/server/lib/mobiledoc/cards/embed.js:
--------------------------------------------------------------------------------
1 | const createCard = require('../create-card');
2 |
3 | module.exports = createCard({
4 | name: 'embed',
5 | type: 'dom',
6 | render(opts) {
7 | if (!opts.payload.html) {
8 | return '';
9 | }
10 |
11 | let {payload, env: {dom}} = opts;
12 |
13 | let figure = dom.createElement('figure');
14 | figure.setAttribute('class', 'kg-card kg-embed-card');
15 |
16 | let html = dom.createRawHTMLSection(payload.html);
17 | figure.appendChild(html);
18 |
19 | if (payload.caption) {
20 | let figcaption = dom.createElement('figcaption');
21 | figcaption.appendChild(dom.createRawHTMLSection(payload.caption));
22 | figure.appendChild(figcaption);
23 | figure.setAttribute('class', `${figure.getAttribute('class')} kg-card-hascaption`);
24 | }
25 |
26 | return figure;
27 | }
28 | });
29 |
--------------------------------------------------------------------------------
/core/server/api/v2/utils/serializers/input/tags.js:
--------------------------------------------------------------------------------
1 | const debug = require('ghost-ignition').debug('api:v2:utils:serializers:input:tags');
2 | const url = require('./utils/url');
3 | const utils = require('../../index');
4 |
5 | function setDefaultOrder(frame) {
6 | if (!frame.options.order) {
7 | frame.options.order = 'name asc';
8 | }
9 | }
10 |
11 | module.exports = {
12 | browse(apiConfig, frame) {
13 | debug('browse');
14 |
15 | if (utils.isContentAPI(frame)) {
16 | setDefaultOrder(frame);
17 | }
18 | },
19 |
20 | read() {
21 | debug('read');
22 |
23 | this.browse(...arguments);
24 | },
25 |
26 | add(apiConfig, frame) {
27 | debug('add');
28 | frame.data.tags[0] = url.forTag(Object.assign({}, frame.data.tags[0]));
29 | },
30 |
31 | edit(apiConfig, frame) {
32 | debug('edit');
33 | this.add(apiConfig, frame);
34 | }
35 | };
36 |
--------------------------------------------------------------------------------
/core/server/lib/members/static/auth/components/FormInput.js:
--------------------------------------------------------------------------------
1 | export default ({type, name, placeholder, value = '', error, onInput, required, className, children, icon}) => (
2 |
3 |
24 | );
25 |
--------------------------------------------------------------------------------
/core/server/lib/mobiledoc/create-card.js:
--------------------------------------------------------------------------------
1 | module.exports = function createCard(card) {
2 | const {name, type} = card;
3 |
4 | return {
5 | name,
6 | type,
7 | render({env, payload, options}) {
8 | const {dom} = env;
9 | const cleanName = name.replace(/^card-/, '');
10 |
11 | const cardOutput = card.render({env, payload, options});
12 |
13 | if (!cardOutput) {
14 | return cardOutput;
15 | }
16 |
17 | const beginComment = dom.createComment(`kg-card-begin: ${cleanName}`);
18 | const endComment = dom.createComment(`kg-card-end: ${cleanName}`);
19 | const fragment = dom.createDocumentFragment();
20 |
21 | fragment.appendChild(beginComment);
22 | fragment.appendChild(cardOutput);
23 | fragment.appendChild(endComment);
24 |
25 | return fragment;
26 | }
27 | };
28 | };
29 |
--------------------------------------------------------------------------------
/core/server/models/accesstoken.js:
--------------------------------------------------------------------------------
1 | const ghostBookshelf = require('./base'),
2 | Basetoken = require('./base/token');
3 |
4 | let Accesstoken,
5 | Accesstokens;
6 |
7 | Accesstoken = Basetoken.extend({
8 | tableName: 'accesstokens',
9 |
10 | emitChange: function emitChange(event, options) {
11 | const eventToTrigger = 'token' + '.' + event;
12 | ghostBookshelf.Model.prototype.emitChange.bind(this)(this, eventToTrigger, options);
13 | },
14 |
15 | onCreated: function onCreated(model, attrs, options) {
16 | ghostBookshelf.Model.prototype.onCreated.apply(this, arguments);
17 | model.emitChange('added', options);
18 | }
19 | });
20 |
21 | Accesstokens = ghostBookshelf.Collection.extend({
22 | model: Accesstoken
23 | });
24 |
25 | module.exports = {
26 | Accesstoken: ghostBookshelf.model('Accesstoken', Accesstoken),
27 | Accesstokens: ghostBookshelf.collection('Accesstokens', Accesstokens)
28 | };
29 |
--------------------------------------------------------------------------------
/core/test/unit/helpers/post_class_spec.js:
--------------------------------------------------------------------------------
1 | var should = require('should'),
2 |
3 | // Stuff we are testing
4 | helpers = require('../../../server/helpers');
5 |
6 | describe('{{post_class}} helper', function () {
7 | it('can render class string', function () {
8 | var rendered = helpers.post_class.call({});
9 |
10 | should.exist(rendered);
11 | rendered.string.should.equal('post');
12 | });
13 |
14 | it('can render featured class', function () {
15 | var post = {featured: true},
16 | rendered = helpers.post_class.call(post);
17 |
18 | should.exist(rendered);
19 | rendered.string.should.equal('post featured');
20 | });
21 |
22 | it('can render page class', function () {
23 | var post = {page: true},
24 | rendered = helpers.post_class.call(post);
25 |
26 | should.exist(rendered);
27 | rendered.string.should.equal('post page');
28 | });
29 | });
30 |
--------------------------------------------------------------------------------
/core/server/lib/members/util.js:
--------------------------------------------------------------------------------
1 | function getData(...props) {
2 | return function (req, res, next) {
3 | if (!req.body) {
4 | res.writeHead(400);
5 | return res.end();
6 | }
7 |
8 | const data = props.concat('origin').reduce((data, prop) => {
9 | if (!data || !req.body[prop]) {
10 | return null;
11 | }
12 | return Object.assign(data, {
13 | [prop]: req.body[prop]
14 | });
15 | }, {});
16 |
17 | if (!data) {
18 | res.writeHead(400);
19 | return res.end(`Expected {${props.join(', ')}}`);
20 | }
21 | req.data = data || {};
22 | next();
23 | };
24 | }
25 |
26 | function handleError(status, res) {
27 | return function () {
28 | res.writeHead(status);
29 | res.end();
30 | };
31 | }
32 |
33 | module.exports = {
34 | getData,
35 | handleError
36 | };
37 |
--------------------------------------------------------------------------------
/core/test/unit/data/meta/rss_url_spec.js:
--------------------------------------------------------------------------------
1 | const should = require('should'),
2 | sinon = require('sinon'),
3 | routing = require('../../../../server/services/routing'),
4 | getRssUrl = require('../../../../server/data/meta/rss_url');
5 |
6 | describe('getRssUrl', function () {
7 | beforeEach(function () {
8 | sinon.stub(routing.registry, 'getRssUrl').returns('/rss/');
9 | });
10 |
11 | afterEach(function () {
12 | sinon.restore();
13 | });
14 |
15 | it('should return rss url', function () {
16 | const rssUrl = getRssUrl({
17 | secure: false
18 | });
19 |
20 | should.equal(rssUrl, '/rss/');
21 | });
22 |
23 | it('forwards absolute/secure flags', function () {
24 | const rssUrl = getRssUrl({
25 | secure: false
26 | }, true);
27 |
28 | routing.registry.getRssUrl.calledWith({secure: false, absolute: true}).should.be.true();
29 | });
30 | });
31 |
--------------------------------------------------------------------------------
/core/server/api/v2/config.js:
--------------------------------------------------------------------------------
1 | const {isPlainObject} = require('lodash');
2 | const config = require('../../config');
3 | const labs = require('../../services/labs');
4 | const ghostVersion = require('../../lib/ghost-version');
5 |
6 | module.exports = {
7 | docName: 'config',
8 |
9 | read: {
10 | permissions: false,
11 | query() {
12 | return {
13 | version: ghostVersion.full,
14 | environment: config.get('env'),
15 | database: config.get('database').client,
16 | mail: isPlainObject(config.get('mail')) ? config.get('mail').transport : '',
17 | useGravatar: !config.isPrivacyDisabled('useGravatar'),
18 | labs: labs.getAll(),
19 | clientExtensions: config.get('clientExtensions') || {},
20 | enableDeveloperExperiments: config.get('enableDeveloperExperiments') || false
21 | };
22 | }
23 | }
24 | };
25 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/--anything-else.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: "\U0001F4A1Anything else"
3 | about: "For help, support, features & ideas - please use https://forum.ghost.org \U0001F46B "
4 |
5 | ---
6 |
7 | --------------^ Click "Preview" for a nicer view!
8 |
9 | We use GitHub only for bug reports 🐛
10 |
11 | Anything else should be posted to https://forum.ghost.org 👫.
12 |
13 | 🚨For support, help & questions use https://forum.ghost.org/c/help
14 | 💡For feature requests & ideas you can post and vote on https://forum.ghost.org/c/Ideas
15 |
16 | Alternatively, check out these resources below. Thanks! 😁.
17 |
18 | - [Forum](https://forum.ghost.org/c/help)
19 | - [Theme Support](https://forum.ghost.org/c/themes)
20 | - [Theme Docs](http://themes.ghost.org/)
21 | - [API Docs](https://api.ghost.org/)
22 | - [Feature Requests / Ideas](https://forum.ghost.org/c/Ideas)
23 | - [Contributing Guide](https://docs.ghost.org/docs/contributing)
24 | - [Self-hoster Docs](https://docs.ghost.org/)
25 |
--------------------------------------------------------------------------------
/core/server/data/schema/checks.js:
--------------------------------------------------------------------------------
1 | function isPost(jsonData) {
2 | return jsonData.hasOwnProperty('html') &&
3 | jsonData.hasOwnProperty('title') && jsonData.hasOwnProperty('slug');
4 | }
5 |
6 | function isTag(jsonData) {
7 | return jsonData.hasOwnProperty('name') && jsonData.hasOwnProperty('slug') &&
8 | jsonData.hasOwnProperty('description') && jsonData.hasOwnProperty('feature_image');
9 | }
10 |
11 | function isUser(jsonData) {
12 | return jsonData.hasOwnProperty('bio') && jsonData.hasOwnProperty('website') &&
13 | jsonData.hasOwnProperty('profile_image') && jsonData.hasOwnProperty('location');
14 | }
15 |
16 | function isNav(jsonData) {
17 | return jsonData.hasOwnProperty('label') && jsonData.hasOwnProperty('url') &&
18 | jsonData.hasOwnProperty('slug') && jsonData.hasOwnProperty('current');
19 | }
20 |
21 | module.exports = {
22 | isPost: isPost,
23 | isTag: isTag,
24 | isUser: isUser,
25 | isNav: isNav
26 | };
27 |
--------------------------------------------------------------------------------
/core/server/helpers/is.js:
--------------------------------------------------------------------------------
1 | // # Is Helper
2 | // Usage: `{{#is "paged"}}`, `{{#is "index, paged"}}`
3 | // Checks whether we're in a given context.
4 | var proxy = require('./proxy'),
5 | _ = require('lodash'),
6 | logging = proxy.logging,
7 | i18n = proxy.i18n;
8 |
9 | module.exports = function is(context, options) {
10 | options = options || {};
11 |
12 | var currentContext = options.data.root.context;
13 |
14 | if (!_.isString(context)) {
15 | logging.warn(i18n.t('warnings.helpers.is.invalidAttribute'));
16 | return;
17 | }
18 |
19 | function evaluateContext(expr) {
20 | return expr.split(',').map(function (v) {
21 | return v.trim();
22 | }).reduce(function (p, c) {
23 | return p || _.includes(currentContext, c);
24 | }, false);
25 | }
26 |
27 | if (evaluateContext(context)) {
28 | return options.fn(this);
29 | }
30 | return options.inverse(this);
31 | };
32 |
33 |
--------------------------------------------------------------------------------
/core/server/web/shared/middlewares/frontend-client.js:
--------------------------------------------------------------------------------
1 | const labs = require('../../../services/labs');
2 | const common = require('../../../lib/common');
3 |
4 | module.exports = function getFrontendClient(req, res, next) {
5 | if (labs.isSet('publicAPI') !== true) {
6 | return next();
7 | }
8 |
9 | const api = require('../../../api')['v0.1'];
10 |
11 | return api.clients
12 | .read({slug: 'ghost-frontend'})
13 | .then((client) => {
14 | client = client.clients[0];
15 |
16 | if (client.status === 'enabled') {
17 | res.locals.client = {
18 | id: client.slug,
19 | secret: client.secret
20 | };
21 | }
22 |
23 | next();
24 | })
25 | .catch((err) => {
26 | // Log the error, but carry on as this is non-critical
27 | common.logging.error(err);
28 | next();
29 | });
30 | };
31 |
--------------------------------------------------------------------------------
/core/server/services/themes/list.js:
--------------------------------------------------------------------------------
1 | /**
2 | * Store themes after loading them from the file system
3 | */
4 | var _ = require('lodash'),
5 | themeListCache = {};
6 |
7 | module.exports = {
8 | get: function get(key) {
9 | return themeListCache[key];
10 | },
11 |
12 | getAll: function getAll() {
13 | return themeListCache;
14 | },
15 |
16 | set: function set(key, theme) {
17 | themeListCache[key] = _.cloneDeep(theme);
18 | return themeListCache[key];
19 | },
20 |
21 | del: function del(key) {
22 | delete themeListCache[key];
23 | },
24 |
25 | init: function init(themes) {
26 | var self = this;
27 | // First, reset the cache
28 | themeListCache = {};
29 | // For each theme, call set. Allows us to do processing on set later.
30 | _.each(themes, function (theme, key) {
31 | self.set(key, theme);
32 | });
33 |
34 | return themeListCache;
35 | }
36 | };
37 |
--------------------------------------------------------------------------------
/core/server/services/routing/PreviewRouter.js:
--------------------------------------------------------------------------------
1 | const ParentRouter = require('./ParentRouter');
2 | const urlService = require('../url');
3 | const controllers = require('./controllers');
4 |
5 | class PreviewRouter extends ParentRouter {
6 | constructor(RESOURCE_CONFIG) {
7 | super('PreviewRouter');
8 |
9 | this.RESOURCE_CONFIG = RESOURCE_CONFIG.QUERY.preview;
10 |
11 | this.route = {value: '/p/'};
12 |
13 | this._registerRoutes();
14 | }
15 |
16 | _registerRoutes() {
17 | this.router().use(this._prepareContext.bind(this));
18 |
19 | this.mountRoute(urlService.utils.urlJoin(this.route.value, ':uuid', ':options?'), controllers.preview);
20 | }
21 |
22 | _prepareContext(req, res, next) {
23 | res.routerOptions = {
24 | type: 'entry',
25 | query: this.RESOURCE_CONFIG,
26 | context: ['preview']
27 | };
28 |
29 | next();
30 | }
31 | }
32 |
33 | module.exports = PreviewRouter;
34 |
--------------------------------------------------------------------------------
/core/test/unit/api/v2/utils/index_spec.js:
--------------------------------------------------------------------------------
1 | const should = require('should');
2 | const sinon = require('sinon');
3 | const utils = require('../../../../../server/api/v2/utils');
4 |
5 | describe('Unit: v2/utils/index', function () {
6 | afterEach(function () {
7 | sinon.restore();
8 | });
9 |
10 | describe('isContentAPI', function () {
11 | it('is true when apiType is "content"', function () {
12 | const frame = {
13 | apiType: 'content'
14 | };
15 | should(utils.isContentAPI(frame)).equal(true);
16 | });
17 |
18 | it('is false when apiType is admin', function () {
19 | const frame = {
20 | apiType: 'admin',
21 | options: {
22 | context: {
23 | no: 'public'
24 | }
25 | }
26 | };
27 | should(utils.isContentAPI(frame)).equal(false);
28 | });
29 | });
30 | });
31 |
--------------------------------------------------------------------------------
/core/server/data/migrations/init/2-create-fixtures.js:
--------------------------------------------------------------------------------
1 | var Promise = require('bluebird'),
2 | _ = require('lodash'),
3 | fixtures = require('../../schema/fixtures'),
4 | common = require('../../../lib/common');
5 |
6 | module.exports.config = {
7 | transaction: true
8 | };
9 |
10 | module.exports.up = function insertFixtures(options) {
11 | var localOptions = _.merge({
12 | context: {internal: true},
13 | migrating: true
14 | }, options);
15 |
16 | return Promise.mapSeries(fixtures.models, function (model) {
17 | common.logging.info('Model: ' + model.name);
18 |
19 | return fixtures.utils.addFixturesForModel(model, localOptions);
20 | }).then(function () {
21 | return Promise.mapSeries(fixtures.relations, function (relation) {
22 | common.logging.info('Relation: ' + relation.from.model + ' to ' + relation.to.model);
23 | return fixtures.utils.addFixturesForRelation(relation, localOptions);
24 | });
25 | });
26 | };
27 |
--------------------------------------------------------------------------------
/core/server/lib/members/static/auth/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "ghost-member",
3 | "version": "0.0.0",
4 | "license": "MIT",
5 | "scripts": {
6 | "build": "preact build --template=index.html --src=index.js --dest=dist --service-worker=false --no-prerender",
7 | "dev": "yarn build --no-production && preact watch --port=8080",
8 | "lint": "eslint src"
9 | },
10 | "eslintIgnore": [
11 | "build/*"
12 | ],
13 | "devDependencies": {
14 | "autoprefixer": "^9.4.2",
15 | "cssnano": "^4.1.7",
16 | "grunt": "1.0.3",
17 | "grunt-shell": "2.1.0",
18 | "postcss-color-mod-function": "^3.0.3",
19 | "postcss-css-variables": "^0.11.0",
20 | "postcss-custom-properties": "^8.0.9",
21 | "postcss-import": "^12.0.1",
22 | "preact-cli": "https://github.com/TryGhost/preact-cli/tarball/421f03bcf954c79d5f14fd2e278049a9bdfcba83"
23 | },
24 | "dependencies": {
25 | "preact": "^8.2.1",
26 | "preact-compat": "^3.17.0",
27 | "react-stripe-elements": "^2.0.3"
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/core/test/unit/api/shared/util/options_spec.js:
--------------------------------------------------------------------------------
1 | const should = require('should');
2 | const optionsUtil = require('../../../../../server/api/shared/utils/options');
3 |
4 | describe('Unit: api/shared/util/options', () => {
5 | it('returns an array with empty string when no parameters are passed', () => {
6 | optionsUtil.trimAndLowerCase().should.eql(['']);
7 | });
8 |
9 | it('returns single item array', () => {
10 | optionsUtil.trimAndLowerCase('butter').should.eql(['butter']);
11 | });
12 |
13 | it('returns multiple items in array', () => {
14 | optionsUtil.trimAndLowerCase('peanut, butter').should.eql(['peanut', 'butter']);
15 | });
16 |
17 | it('lowercases and trims items in the string', () => {
18 | optionsUtil.trimAndLowerCase(' PeanUt, buTTer ').should.eql(['peanut', 'butter']);
19 | });
20 |
21 | it('accepts parameters in form of an array', () => {
22 | optionsUtil.trimAndLowerCase([' PeanUt', ' buTTer ']).should.eql(['peanut', 'butter']);
23 | });
24 | });
25 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/---bug-report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: "\U0001F41B Bug report"
3 | about: Report reproducible software issues so we can improve
4 |
5 | ---
6 |
7 | Welcome to Ghost's GitHub repo! 👋🎉
8 |
9 | We use GitHub only for bug reports 🐛
10 |
11 | Anything else should be posted to https://forum.ghost.org 👫
12 |
13 | 🚨For support, help & questions use https://forum.ghost.org/c/help
14 | 💡For feature requests & ideas you can post and vote on https://forum.ghost.org/c/Ideas
15 |
16 | If your issue is with Ghost CLI, please report it on the CLI repo ➡️ https://github.com/TryGhost/Ghost-CLI/issues/new.
17 |
18 | ### Issue Summary
19 |
20 | A summary of the issue and the browser/OS environment in which it occurs.
21 |
22 | ### To Reproduce
23 |
24 | 1. This is the first step
25 | 2. This is the second step, etc.
26 |
27 | Any other info e.g. Why do you consider this to be a bug? What did you expect to happen instead?
28 |
29 | ### Technical details:
30 |
31 | * Ghost Version:
32 | * Node Version:
33 | * Browser/OS:
34 | * Database:
35 |
--------------------------------------------------------------------------------
/core/server/web/shared/middlewares/log-request.js:
--------------------------------------------------------------------------------
1 | const uuid = require('uuid');
2 | const common = require('../../../lib/common');
3 |
4 | /**
5 | * @TODO:
6 | * - move middleware to ignition?
7 | */
8 | module.exports = function logRequest(req, res, next) {
9 | const startTime = Date.now(),
10 | requestId = req.get('X-Request-ID') || uuid.v1();
11 |
12 | function logResponse() {
13 | res.responseTime = (Date.now() - startTime) + 'ms';
14 | req.requestId = requestId;
15 | req.userId = req.user ? (req.user.id ? req.user.id : req.user) : null;
16 |
17 | if (req.err && req.err.statusCode !== 404) {
18 | common.logging.error({req: req, res: res, err: req.err});
19 | } else {
20 | common.logging.info({req: req, res: res});
21 | }
22 |
23 | res.removeListener('finish', logResponse);
24 | res.removeListener('close', logResponse);
25 | }
26 |
27 | res.on('finish', logResponse);
28 | res.on('close', logResponse);
29 | next();
30 | };
31 |
--------------------------------------------------------------------------------
/core/server/analytics-events.js:
--------------------------------------------------------------------------------
1 | var _ = require('lodash'),
2 | Analytics = require('analytics-node'),
3 | config = require('./config'),
4 | common = require('./lib/common'),
5 | analytics;
6 |
7 | module.exports.init = function () {
8 | analytics = new Analytics(config.get('segment:key'));
9 | var toTrack,
10 | trackDefaults = config.get('segment:trackDefaults') || {},
11 | prefix = config.get('segment:prefix') || '';
12 |
13 | toTrack = [
14 | {
15 | event: 'post.published',
16 | name: 'Post Published'
17 | },
18 | {
19 | event: 'page.published',
20 | name: 'Page Published'
21 | },
22 | {
23 | event: 'theme.uploaded',
24 | name: 'Theme Uploaded'
25 | }
26 | ];
27 |
28 | _.each(toTrack, function (track) {
29 | common.events.on(track.event, function () {
30 | analytics.track(_.extend(trackDefaults, {event: prefix + track.name}));
31 | });
32 | });
33 | };
34 |
--------------------------------------------------------------------------------
/core/server/services/themes/loader.js:
--------------------------------------------------------------------------------
1 | var debug = require('ghost-ignition').debug('themes:loader'),
2 | config = require('../../config'),
3 | packageJSON = require('../../lib/fs/package-json'),
4 | themeList = require('./list'),
5 | loadAllThemes,
6 | loadOneTheme;
7 |
8 | loadAllThemes = function loadAllThemes() {
9 | return packageJSON.read
10 | .all(config.getContentPath('themes'))
11 | .then(function updateThemeList(themes) {
12 | debug('loading themes', Object.keys(themes));
13 |
14 | themeList.init(themes);
15 | });
16 | };
17 |
18 | loadOneTheme = function loadOneTheme(themeName) {
19 | return packageJSON.read
20 | .one(config.getContentPath('themes'), themeName)
21 | .then(function (readThemes) {
22 | debug('loaded one theme', themeName);
23 | return themeList.set(themeName, readThemes[themeName]);
24 | });
25 | };
26 |
27 | module.exports = {
28 | loadAllThemes: loadAllThemes,
29 | loadOneTheme: loadOneTheme
30 | };
31 |
--------------------------------------------------------------------------------
/content/adapters/README.md:
--------------------------------------------------------------------------------
1 | # Content / Adapters
2 |
3 |
4 | An adapter is a way to override a default behaviour in Ghost.
5 | The default behaviour in Ghost is as following:
6 |
7 | ### LocalFileStorage
8 | By default Ghost will upload your images to the `content/images` folder.
9 | The LocalFileStorage is using the file system to read or write images.
10 | This default adapter can be found in `core/server/adapters/storage/LocalFileStorage.js`.
11 |
12 | ### SchedulingDefault
13 | By default Ghost will schedule your posts using a pure JavaScript solution.
14 | It doesn't use `cron` or similar.
15 | This default adapter can be found in `core/server/adapters/scheduling/SchedulingDefault.js`.
16 |
17 | ### Custom Adapter
18 | To override any of the default adapters, you have to add a folder (`content/adapters/storage` or `content/adapters/scheduling`) and copy your adapter to it.
19 |
20 | Please follow our detailed guides:
21 | https://docs.ghost.org/v1/docs/using-a-custom-storage-module
22 | https://docs.ghost.org/v1/docs/using-a-custom-scheduling-module
23 |
--------------------------------------------------------------------------------
7 | onInput(e, name) }
14 | required={ required }
15 | className={[
16 | (value ? "gm-input-filled" : ""),
17 | (error ? "gm-error" : "")
18 | ].join(' ')}
19 | />
20 | { icon }
21 | { children }
22 |
23 |