OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
189ce9bc1d
Ghost/core/server/config/defaults.json

104 lines
2.3 KiB
JSON
Raw Normal View History

✨ 🔦 add nconf files refs #6982 - add defaults.json - add overrides.json - add env specific default values - add nconf wrapper in /config - add config utils in /config/utils.js [ci skip]
2016-09-13 18:20:44 +03:00
{
"url": "http://localhost:2368",
"server": {
"host": "127.0.0.1",
"port": 2368
},
Update Notification improvements (#9123) closes #5071 - Remove hardcoded notification in admin controller - NOTE: update check notifications are no longer blocking the admin rendering - this is one of the most import changes - we remove the hardcoded release message - we also remove adding a notification manually in here, because this will work differently from now on -> you receive a notification (release or custom) in the update check module and this module adds the notification as is to our database - Change default core settings keys - remove displayUpdateNotification -> this was used to store the release version number send from the UCS -> based on this value, Ghost creates a notification container with self defined values -> not needed anymore - rename seenNotifications to notifications -> the new notifications key will hold both 1. the notification from the USC 2. the information about if a notification was seen or not - this key hold only one release notification - and n custom notifications - Update Check Module: Request to the USC depends on the privacy configuration - useUpdateCheck: true -> does a checkin in the USC (exposes data) - useUpdateCheck: false -> does only a GET query to the USC (does not expose any data) - make the request handling dynamic, so it depends on the flag - add an extra logic to be able to define a custom USC endpoint (helpful for testing) - add an extra logic to be able to force the request to the service (helpful for testing) - Update check module: re-work condition when a check should happen - only if the env is not correct - remove deprecated config.updateCheck - remove isPrivacyDisabled check (handled differently now, explained in last commit) - Update check module: remove `showUpdateNotification` and readability - showUpdateNotification was used in the admin controller to fetch the latest release version number from the db - no need to check against semver in general, the USC takes care of that (no need to double check) - improve readability of `nextUpdateCheck` condition - Update check module: refactor `updateCheckResponse` - remove db call to displayUpdateNotification, not used anymore - support receiving multiple custom notifications - support custom notification groups - the default group is `all` - this will always be consumed - groups can be extended via config e.g. `notificationGroups: ['migration']` - Update check module: refactor createCustomNotification helper - get rid of taking over notification duplication handling (this is not the task of the update check module) - ensure we have good fallback values for non present attributes in a notification - get rid of semver check (happens in the USC) - could be reconsidered later if LTS is gone - Refactor notification API - reason: get rid of in process notification store -> this was an object hold in process -> everything get's lost after restart -> not helpful anymore, because imagine the following case -> you get a notification -> you store it in process -> you mark this notification as seen -> you restart Ghost, you will receive the same notification on the next check again -> because we are no longer have a separate seen notifications object - use database settings key `notification` instead - refactor all api endpoints to support reading and storing into the `notifications` object - most important: notification deletion happens via a `seen` property (the notification get's physically deleted 3 month automatically) -> we have to remember a seen property, because otherwise you don't know which notification was already received/seen - Add listener to remove seen notifications automatically after 3 month - i just decided for 3 month (we can decrease?) - at the end it doesn't really matter, as long as the windows is not tooooo short - listen on updates for the notifications settings - check if notification was seen and is older than 3 month - ignore release notification - Updated our privacy document - Updated docs.ghost.org for privacy config behaviour - contains a migration script to remove old settings keys
2018-01-09 17:20:00 +03:00
"updateCheck": {
"url": "https://updates.ghost.org",
"forceUpdate": false
},
✨ 🔦 add nconf files refs #6982 - add defaults.json - add overrides.json - add env specific default values - add nconf wrapper in /config - add config utils in /config/utils.js [ci skip]
2016-09-13 18:20:44 +03:00
"privacy": false,
Asset amends (#8294) refs #8221 🔥 Remove ghost=true concept from asset url helper ✨ 💯 Introduce CSS minification with cssnano - add new grunt-cssnano dependency - wire up grunt task to minify public/ghost.css 🎨 Rename minification config & hash params - Change minifyInProduction -> hasMinFile - this means this asset should have a .min file available - Change minifyAssets -> useMinFiles - this means that in this env we want to serve .min files if available 🎨 Update public/ghost.css to serve .min for prod - add the new `hasMinFile` property 🎨 Move minified asset handling to asset_url util - this logic should be in the util, not the asset helper - updated tests 📖 Error handler always needs asset helper - this removes the TODO and adds a more sensible comment - we also need to update our theme documentation around error templates 🔥 Don't use asset helper in ghost head - use getAssetUrl util instead! - removed TODO 📖 Update proxy docs 🎨 Simplify asset helper & add tests - this refactor is a step prior to moving this from metadata to being a url util - needed to skip some new tests 🐛 Add missing handler for css file
2017-04-10 12:30:21 +03:00
"useMinFiles": true,
✨ 🔦 add nconf files refs #6982 - add defaults.json - add overrides.json - add env specific default values - add nconf wrapper in /config - add config utils in /config/utils.js [ci skip]
2016-09-13 18:20:44 +03:00
"paths": {
🎨 🔦 refactor content paths (images, apps, themes, storage, scheduling) refs #6982 - create config util fn: getContentPath - we can later let the user change the folder names in contentPath - get rid of custom/default storage paths [ci skip]
2016-09-13 23:24:57 +03:00
"contentPath": "content/"
✨ 🔦 add nconf files refs #6982 - add defaults.json - add overrides.json - add env specific default values - add nconf wrapper in /config - add config utils in /config/utils.js [ci skip]
2016-09-13 18:20:44 +03:00
},
"storage": {
😱 🎨 Refactor storage adapter (#8229) refs #7687 There are four main changes in this PR: we have outsourced the base storage adapter to npm, because for storage developers it's annoying to inherit from a script within Ghost we hacked theme storage handling into the default local storage adapter - this was reverted, instead we have added a static theme storage here use classes instead of prototyping optimise the storage adapter in general - everything is explained in each commit ---- * rename local-file-store to LocalFileStorage I would like to keep the name pattern i have used for scheduling. If a file is a class, the file name reflects the class name. We can discuss this, if concerns are raised. * Transform LocalFileStorage to class and inherit from new base - inherit from npm ghost-storage-base - rewrite to class - no further refactoring, happens later * Rename core/test/unit/storage/local-file-store_spec.js -> core/test/unit/storage/LocalFileStorage_spec.js * Fix wrong require in core/test/unit/storage/LocalFileStorage_spec.js * remove base storage and test - see https://github.com/kirrg001/Ghost-Storage-Base - the test has moved to this repo as well * Use npm ghost-storage-base in storage/index.js * remove the concept of getStorage('themes') This concept was added when we added themes as a feature. Back then, we have changed the local storage adapter to support images and themes. This has added some hacks into the local storage adapters. We want to revert this change and add a simple static theme storage. Will adapt the api/themes layer in the next commits. * Revert LocalFileStorage - revert serve - revert delete * add storagePath as property to LocalFileStorage - define one property which holds the storage path - could be considered to pass from outside, but found that not helpful, as other storage adapters do not need this property - IMPORTANT: save has no longer a targetDir option, because this was used to pass the alternative theme storage path - IMPORTANT: exists has now an alternative targetDir, this makes sense, because - you can either ask the storage exists('my-file') and it will look in the base storage path - or you pass a specific path where to look exists('my-file', /path/to/dir) * LocalFileStorage: get rid of store pattern - getUniqueFileName(THIS) - this doesn't make sense, instances always have access to this by default * Add static theme storage - inherits from the local file storage, because they both operate on the file system - IMPORTANT: added a TODO to consider a merge of themes/loader and themes/storage - but will be definitely not part of this PR * Use new static theme storage in api/themes - storage functions are simplified! * Add https://github.com/kirrg001/Ghost-Storage-Base as dependency - tarball for now, as i am still testing - will release if PR review get's accepted * Adapt tests and jscs/jshint * 🐛 fix storage.read in favicon utility - wrong implementation of error handling * 🎨 optimise error messages for custom storage adapter errors * little renaming in the storage utlity - purpose is to have access to the custom storage instance and to the custom storage class - see next commit why * optimise instanceof base storage - instanceof is always tricky in javascript - if multiple modules exist, it can happen that instanceof is false * fix getTargetDir - the importer uses the `targetDir` option to ensure that images land in the correct folder * ghost-storage-base@0.0.1 package.json dependency
2017-04-05 17:10:34 +03:00
"active": "LocalFileStorage"
✨ 🔦 add nconf files refs #6982 - add defaults.json - add overrides.json - add env specific default values - add nconf wrapper in /config - add config utils in /config/utils.js [ci skip]
2016-09-13 18:20:44 +03:00
},
"scheduling": {
"active": "SchedulingDefault"
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
},
Added initial subscription support with stripe to Members API (#10460) These changes introduce a new "service" to the members api, which handles getting and creating subscriptions. This is wired up to get subscription information when creating tokens, and attaching information to the token, so that the Content API can allow/deny access. Behind the subscription service we have a Stripe "payment processor", this holds the logic for creating subscriptions etc... in Stripe. The logic for getting items out of stripe uses a hash of the relevant data as the id to search for, this allows us to forgo keeping stripe data in a db, so that this feature can get out quicker.
2019-02-07 12:41:39 +03:00
"members": {
Improved Members security and performance (#10511) no-issue * Corrected function names for rpc methods * Updated gateway to store tokens locally * Fixed lint * Added hardcoded 30 minute expiry for member tokens * Added default contentApiAccess config; * Updated validateAudience method This is required for security, we need to restrict which domains can access tokens meant for the content api
2019-02-23 06:47:42 +03:00
"contentApiAccess": [],
Added initial subscription support with stripe to Members API (#10460) These changes introduce a new "service" to the members api, which handles getting and creating subscriptions. This is wired up to get subscription information when creating tokens, and attaching information to the token, so that the Content API can allow/deny access. Behind the subscription service we have a Stripe "payment processor", this holds the logic for creating subscriptions etc... in Stripe. The logic for getting items out of stripe uses a hash of the relevant data as the id to search for, this allows us to forgo keeping stripe data in a db, so that this feature can get out quicker.
2019-02-07 12:41:39 +03:00
"paymentProcessors": []
},
🎨 configurable logging with bunyan (#7431) - 🛠 add bunyan and prettyjson, remove morgan - ✨ add logging module - GhostLogger class that handles setup of bunyan - PrettyStream for stdout - ✨ config for logging - @TODO: testing level fatal? - ✨ log each request via GhostLogger (express middleware) - @TODO: add errors to output - 🔥 remove errors.updateActiveTheme - we can read the value from config - 🔥 remove 15 helper functions in core/server/errors/index.js - all these functions get replaced by modules: 1. logging 2. error middleware handling for html/json 3. error creation (which will be part of PR #7477) - ✨ add express error handler for html/json - one true error handler for express responses - contains still some TODO's, but they are not high priority for first implementation/integration - this middleware only takes responsibility of either rendering html responses or return json error responses - 🎨 use new express error handler in middleware/index - 404 and 500 handling - 🎨 return error instead of error message in permissions/index.js - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error - 🎨 wrap serve static module - rule: if you call a module/unit, you should always wrap this error - it's always the same rule - so the caller never has to worry about what comes back - it's always a clear error instance - in this case: we return our notfounderror if serve static does not find the resource - this avoid having checks everywhere - 🎨 replace usages of errors/index.js functions and adapt tests - use logging.error, logging.warn - make tests green - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically - 🐛 return errorDetails to Ghost-Admin - errorDetails is used for Theme error handling - 🎨 use 500er error for theme is missing error in theme-handler - 🎨 extend file rotation to 1w
2016-10-04 18:33:43 +03:00
"logging": {
"level": "info",
🎨 logging improvements (#7597) * 🎨 rotation config - every parameter is configureable - increase default number of files to 100 * 🎨 ghost.log location - example: content/logs/http___my_ghost_blog_com_ghost.log - user can change the path to something custom by setting logging.path * 🛠 add response-time as dependency * 🎨 readable PrettyStream - tidy up - generic handling (was important to support more use cases, for example: logging.info({ anyKey: anyValue })) - common log format - less code 🕵🏻 * 🎨 GhostLogger cleanup - remove setLoggers -> this function had too much of redundant code - instead: add smart this.log function - remove logging.request (---> GhostLogger just forwards the values, it doesn't matter if that is a request or not a request) - make .warn .debug .info .error small and smart * 🎨 app.js: add response time as middleware and remove logging.request * 🎨 setStdoutStream and setFileStream - redesign GhostLogger to add CustomLoggers very easily ----> Example CustomLogger function CustomLogger(options) { // Base iterates over defined transports // EXAMPLE: ['stdout', 'elasticsearch'] Base.call(this, options); } util.inherits(...); // OVERRIDE default stdout stream and your own!!! CustomLogger.prototype.setStdoutStream = function() {} // add a new stream // get's called automatically when transport elasticsearch is defined CustomLogger.prototype.setElasticsearchStream = function() {} * 🎨 log into multiple file by default - content/logs/domain.error.log --> contains only the errors - content/logs/domain.log --> contains everything - rotation for both files * 🔥 remove logging.debug and use npm debug only * ✨ shortcuts for mode and level * 🎨 jshint/jscs * 🎨 stdout as much as possible for an error * 🎨 fix tests * 🎨 remove req.ip from log output, remove response-time dependency * 🎨 create middleware for logging - added TODO to move logging middleware to ignition
2016-10-25 14:17:43 +03:00
"rotation": {
Added default logging rotation config (#8974) no issue - define `period` and `count` in our defaults.json config - advantage: easier access and better overview how logging is configured by default - period is 1d and count is 10
2017-09-05 18:25:20 +03:00
"enabled": false,
"period": "1d",
"count": 10
🎨 logging improvements (#7597) * 🎨 rotation config - every parameter is configureable - increase default number of files to 100 * 🎨 ghost.log location - example: content/logs/http___my_ghost_blog_com_ghost.log - user can change the path to something custom by setting logging.path * 🛠 add response-time as dependency * 🎨 readable PrettyStream - tidy up - generic handling (was important to support more use cases, for example: logging.info({ anyKey: anyValue })) - common log format - less code 🕵🏻 * 🎨 GhostLogger cleanup - remove setLoggers -> this function had too much of redundant code - instead: add smart this.log function - remove logging.request (---> GhostLogger just forwards the values, it doesn't matter if that is a request or not a request) - make .warn .debug .info .error small and smart * 🎨 app.js: add response time as middleware and remove logging.request * 🎨 setStdoutStream and setFileStream - redesign GhostLogger to add CustomLoggers very easily ----> Example CustomLogger function CustomLogger(options) { // Base iterates over defined transports // EXAMPLE: ['stdout', 'elasticsearch'] Base.call(this, options); } util.inherits(...); // OVERRIDE default stdout stream and your own!!! CustomLogger.prototype.setStdoutStream = function() {} // add a new stream // get's called automatically when transport elasticsearch is defined CustomLogger.prototype.setElasticsearchStream = function() {} * 🎨 log into multiple file by default - content/logs/domain.error.log --> contains only the errors - content/logs/domain.log --> contains everything - rotation for both files * 🔥 remove logging.debug and use npm debug only * ✨ shortcuts for mode and level * 🎨 jshint/jscs * 🎨 stdout as much as possible for an error * 🎨 fix tests * 🎨 remove req.ip from log output, remove response-time dependency * 🎨 create middleware for logging - added TODO to move logging middleware to ignition
2016-10-25 14:17:43 +03:00
},
Added logging of slow {{#get}} helper uses (#10779) no issue - `{{#get}}` can slow down requests a lot if not used carefully, typically by using `limit="all"` or similar which can force a lot of data to be fetched and processed - adds a warning log if we detect any `{{#get}}` helper call which takes longer than a certain threshold (default 200ms) - allow log level and threshold to be configured via config to allow for different environments behaviours and requirements New config options: ``` { "logging": { "slowHelper": { "level": "warn", "threshold": 200 } } } ``` Example output for `{{#get "tags" limit="all" order="name asc"}}` with a lot of tags: ``` [2019-06-07 10:35:52] WARN {{#get}} helper took 453ms to complete {{#get}} helper took 453ms to complete Error ID: 062daed0-8910-11e9-8185-3b615ad8677d Error Code: SLOW_GET_HELPER Details: api: v2.tagsPublic.browse apiOptions: order: name asc limit: all returnedRows: 1698 ```
2019-06-07 16:54:55 +03:00
"transports": ["stdout"],
"slowHelper": {
"level": "warn",
"threshold": 200
}
Replace memory spam prevention with brute-express (#7579) no issue - removes count from user checks model - uses brute express brute with brute-knex adaptor to store persisted data on spam prevention - implement brute force protection for password/token exchange, password resets and private blogging
2016-11-08 14:33:19 +03:00
},
"spam": {
"user_login": {
"minWait": 600000,
"maxWait": 604800000,
"freeRetries": 4
},
"user_reset": {
"minWait": 3600000,
"maxWait": 3600000,
"lifetime": 3600,
"freeRetries": 4
},
"global_reset": {
"minWait": 3600000,
"maxWait": 3600000,
"lifetime": 3600,
"freeRetries":4
},
"global_block": {
"minWait": 3600000,
"maxWait": 3600000,
"lifetime": 3600,
"freeRetries":99
},
"private_block": {
"minWait": 3600000,
"maxWait": 3600000,
"lifetime": 3600,
"freeRetries":99
Added brute protection to content api (#10343) * Added spam config for content api key no-issue * Created contentApiKey spam prevention method * Added contentApiKey brute middleware no-issue This middleware attaches a listener for when the request has completed, if the request ends with a successful response code, we reset any spam prevention data for that ip. * Added contentApiKey brute middleware to the content api * Multipled maxWait by 24, to 24 hours
2019-01-07 16:03:46 +03:00
},
"content_api_key": {
"minWait": 3600000,
"maxWait": 86400000,
"lifetime": 3600,
"freeRetries": 99
Replace memory spam prevention with brute-express (#7579) no issue - removes count from user checks model - uses brute express brute with brute-knex adaptor to store persisted data on spam prevention - implement brute force protection for password/token exchange, password resets and private blogging
2016-11-08 14:33:19 +03:00
}
🎨 add cache control configurations into the default config refs #7488 - cache control can be overridden if needed
2017-05-29 23:10:32 +03:00
},
"caching": {
"frontend": {
"maxAge": 0
},
"301": {
"maxAge": 31536000
},
"customRedirects": {
"maxAge": 31536000
},
"favicon": {
"maxAge": 86400
},
"sitemap": {
"maxAge": 3600
},
"robotstxt": {
"maxAge": 3600000
}
✨Added ability to resize and compress images on upload (#9837) refs #4453 * On by default * Added config to disable resizing * Added basic image optimization processing * Added dep: sharp (optional dep) * Added resize middleware * Take care of rotation based on EXIF information * Removed all meta data from optimised image * Added handling if sharp could not get installed * Do not read ext twice - optimisation * Do not call sharp if config is disabled * Do not remove the original image which was uploaded (store 2 images) * Support of `req.files` for internal logic * Disabled cache to enable file removal on Windows
2018-08-30 19:30:36 +03:00
},
"imageOptimization": {
"resize": true
:wrench: Add the 'compress' and 'preloadHeaders' options to defaults.json config (#9863)
2018-09-12 19:27:01 +03:00
},
"compress": true,
Ability to not send welcome email (#10293) no issue - We need to be able to not send the welcome email if needed - Intruduces a new possible config setting `sendWelcomeEmail` which is set to `true` by default
2018-12-17 17:02:47 +03:00
"preloadHeaders": false,
Added x-frame-options header to /ghost/ route (#10760) no issue - by default the `/ghost/` route will add an `x-frame-options: sameorigin` header to the response to help protect the admin area against clickjacking - the header can be disabled by adding `"adminFrameProtection": false` to the `config.{env}.json` configuration file Credits: Muhammad Fawwad Obaida
2019-05-28 11:04:48 +03:00
"adminFrameProtection": true,
Ability to not send welcome email (#10293) no issue - We need to be able to not send the welcome email if needed - Intruduces a new possible config setting `sendWelcomeEmail` which is set to `true` by default
2018-12-17 17:02:47 +03:00
"sendWelcomeEmail": true
✨ 🔦 add nconf files refs #6982 - add defaults.json - add overrides.json - add env specific default values - add nconf wrapper in /config - add config utils in /config/utils.js [ci skip]
2016-09-13 18:20:44 +03:00
}
Reference in New Issue Copy Permalink