OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a4f4a00cc4
Ghost/core/server/services/themes/validate.js

67 lines
2.5 KiB
JavaScript
Raw Normal View History

Improved error context usage (#10669) refs #10571 - Reduced the amount of log output for collision errors - Improved data passed into `errorDetails` during theme check - After discovering https://github.com/TryGhost/Ghost/blob/9810834/core/server/services/themes/index.js#L56-L57 wasn't able to remove `checkedTheme` from `context`. Left a note to be refactored later
2019-04-09 08:00:56 +03:00
const _ = require('lodash');
const Promise = require('bluebird');
Added temp file cleanup for invalid themes refs #10174 - When theme check fails with validation error there was no cleanup of files left from zip extraction
2019-05-02 18:59:29 +03:00
const fs = require('fs-extra');
Improved error context usage (#10669) refs #10571 - Reduced the amount of log output for collision errors - Improved data passed into `errorDetails` during theme check - After discovering https://github.com/TryGhost/Ghost/blob/9810834/core/server/services/themes/index.js#L56-L57 wasn't able to remove `checkedTheme` from `context`. Left a note to be refactored later
2019-04-09 08:00:56 +03:00
const config = require('../../config');
const common = require('../../lib/common');
Restructured theme check logic refs #10571 - Removes dependency on 'context' property being set in error when checking a theme - Refactoring was needed to be able to avoid passing checked theme as a part of thrown error (logic was relying on error having this specific data in context property). This created a problem where we controlled the logic flow with data in error object. - Introduced 2 different types of theme check handling, one behaves the same way as before, the other gives more granulac control to the caller to decide what to do with returned errors.
2019-04-22 18:31:56 +03:00
const canActivate = function canActivate(checkedTheme) {
// CASE: production and no fatal errors
// CASE: development returns fatal and none fatal errors, theme is only invalid if fatal errors
return !checkedTheme.results.error.length || (config.get('env') === 'development') && !checkedTheme.results.hasFatalErrors;
};
🔥 🎨 Themes & settings misc cleanup (#8061) no issue 🔥 remove unused loadThemes API method 🚨 Add tests for themes.readOne 🔥 Don't update settings cache for imports - this isn't needed as of #8057 - settings.edit fires an event, that will result in the update happening automatically 🎨 Move validation to themes - slowly collecting all theme-related code together 🔥 Reduce DEBUG output - all this info is a bit tooooo much!
2017-02-28 01:30:49 +03:00
Restructured theme check logic refs #10571 - Removes dependency on 'context' property being set in error when checking a theme - Refactoring was needed to be able to avoid passing checked theme as a part of thrown error (logic was relying on error having this specific data in context property). This created a problem where we controlled the logic flow with data in error object. - Introduced 2 different types of theme check handling, one behaves the same way as before, the other gives more granulac control to the caller to decide what to do with returned errors.
2019-04-22 18:31:56 +03:00
const check = function check(theme, isZip) {
// gscan can slow down boot time if we require on boot, for now nest the require.
const gscan = require('gscan');
let checkPromise;
🔥 🎨 Themes & settings misc cleanup (#8061) no issue 🔥 remove unused loadThemes API method 🚨 Add tests for themes.readOne 🔥 Don't update settings cache for imports - this isn't needed as of #8057 - settings.edit fires an event, that will result in the update happening automatically 🎨 Move validation to themes - slowly collecting all theme-related code together 🔥 Reduce DEBUG output - all this info is a bit tooooo much!
2017-02-28 01:30:49 +03:00
✨ Themes API activation permissions & validation (#8104) refs #8093 ✨ Add activate theme permission - add permission to activate themes - update tests - also: update tests for invites TODO: change how the active theme setting is updated to reduce extra permissions ✨ Move theme validation to gscan - add a new gscan validation method and use it for upload - update activate endpoint to do validation also using gscan - change to using SettingsModel instead of API so that we don't call validation or permissions on the settings API - remove validation from the settings model - remove the old validation function - add new invalid theme message to translations & remove a bunch of theme validation related unused keys 📖 Planned changes 🚨 Tests for theme activation API endpoint 🐛 Don't allow deleting the active theme 🚫 Prevent activeTheme being set via settings API - We want to control how this happens in future. - We still want to store the information in settings, via the model. - We just don't want to be able to change this info via the settings edit endpoint 🐛 ✨ Fix warnings for uploads & add for activations - warnings for uploads were broken in f8b498d - fix the response + adds tests to cover that warnings are correctly returned - add the same response to activations + more tests - activations now return a single theme object - the theme that was activated + any warnings 🎨 Improve how we generate theme API responses - remove the requirement to pass in the active theme! - move this to a specialist function, away from the list 🎨 Do not load gscan on boot
2017-03-13 14:44:44 +03:00
if (isZip) {
🎨 gscan 1.1.0 & optimisations refs #8222 - differentiate between errors and fatal errors - use gscan errors in theme middleware - Adds a new `error()` method to `currentActiveTheme` constructor which will return the errors we receive from gscan - In middleware, if a theme couldn't be activated because it's invalid, we'll fetch the erros and send them to our error handler. We also use a new property `hideStack` to control, if the stack (in dev mode and if available) should be shown or the gscan errors (in prod mode, or in dev if no stack error) - In our error handler we use this conditional to send a new property `gscan` to our error theme - In `error.hbs` we'll iterate through possible `gscan` error objects and render them. - remove stack printing - stack for theme developers in development mode doesn't make sense - stack in production doesn't make sense - the stack is usually hard to read - if you are developer you can read the error stack on the server log - utils.packages: transform native error into Ghost error - use `onlyFatalErrors` for gscan format and differeniate fatal errors vo.2 - optimise bootstrap error handling - transform theme is missing into an error - add new translation key - show html tags for error.hbs template: rule
2017-05-31 19:42:42 +03:00
checkPromise = gscan.checkZip(theme, {
keepExtractedDir: true
});
✨ Themes API activation permissions & validation (#8104) refs #8093 ✨ Add activate theme permission - add permission to activate themes - update tests - also: update tests for invites TODO: change how the active theme setting is updated to reduce extra permissions ✨ Move theme validation to gscan - add a new gscan validation method and use it for upload - update activate endpoint to do validation also using gscan - change to using SettingsModel instead of API so that we don't call validation or permissions on the settings API - remove validation from the settings model - remove the old validation function - add new invalid theme message to translations & remove a bunch of theme validation related unused keys 📖 Planned changes 🚨 Tests for theme activation API endpoint 🐛 Don't allow deleting the active theme 🚫 Prevent activeTheme being set via settings API - We want to control how this happens in future. - We still want to store the information in settings, via the model. - We just don't want to be able to change this info via the settings edit endpoint 🐛 ✨ Fix warnings for uploads & add for activations - warnings for uploads were broken in f8b498d - fix the response + adds tests to cover that warnings are correctly returned - add the same response to activations + more tests - activations now return a single theme object - the theme that was activated + any warnings 🎨 Improve how we generate theme API responses - remove the requirement to pass in the active theme! - move this to a specialist function, away from the list 🎨 Do not load gscan on boot
2017-03-13 14:44:44 +03:00
} else {
checkPromise = gscan.check(theme.path);
🔥 🎨 Themes & settings misc cleanup (#8061) no issue 🔥 remove unused loadThemes API method 🚨 Add tests for themes.readOne 🔥 Don't update settings cache for imports - this isn't needed as of #8057 - settings.edit fires an event, that will result in the update happening automatically 🎨 Move validation to themes - slowly collecting all theme-related code together 🔥 Reduce DEBUG output - all this info is a bit tooooo much!
2017-02-28 01:30:49 +03:00
}
✨ Themes API activation permissions & validation (#8104) refs #8093 ✨ Add activate theme permission - add permission to activate themes - update tests - also: update tests for invites TODO: change how the active theme setting is updated to reduce extra permissions ✨ Move theme validation to gscan - add a new gscan validation method and use it for upload - update activate endpoint to do validation also using gscan - change to using SettingsModel instead of API so that we don't call validation or permissions on the settings API - remove validation from the settings model - remove the old validation function - add new invalid theme message to translations & remove a bunch of theme validation related unused keys 📖 Planned changes 🚨 Tests for theme activation API endpoint 🐛 Don't allow deleting the active theme 🚫 Prevent activeTheme being set via settings API - We want to control how this happens in future. - We still want to store the information in settings, via the model. - We just don't want to be able to change this info via the settings edit endpoint 🐛 ✨ Fix warnings for uploads & add for activations - warnings for uploads were broken in f8b498d - fix the response + adds tests to cover that warnings are correctly returned - add the same response to activations + more tests - activations now return a single theme object - the theme that was activated + any warnings 🎨 Improve how we generate theme API responses - remove the requirement to pass in the active theme! - move this to a specialist function, away from the list 🎨 Do not load gscan on boot
2017-03-13 14:44:44 +03:00
🐛 Fixed gscan errors not caught for corrupted zips closes TryGhost/Support#426 refs TryGhost/gscan#106 needs TryGhost/gscan#107 GScan can return errors, which was not handled in our theme validator and caused Ghost to crash completely. GScan will now return an Ignition error when its not able to read the `.zip` file. e. g.: `{"errors":[{"message":"Failed to read zip file","context":"tife.zip","errorType":"ValidationError","errorDetails":"invalid relative path: ../tife/"}]}`
2018-05-11 08:12:15 +03:00
return checkPromise
.then(function resultHandler(checkedTheme) {
checkedTheme = gscan.format(checkedTheme, {
onlyFatalErrors: config.get('env') === 'production'
});
✨ Themes API activation permissions & validation (#8104) refs #8093 ✨ Add activate theme permission - add permission to activate themes - update tests - also: update tests for invites TODO: change how the active theme setting is updated to reduce extra permissions ✨ Move theme validation to gscan - add a new gscan validation method and use it for upload - update activate endpoint to do validation also using gscan - change to using SettingsModel instead of API so that we don't call validation or permissions on the settings API - remove validation from the settings model - remove the old validation function - add new invalid theme message to translations & remove a bunch of theme validation related unused keys 📖 Planned changes 🚨 Tests for theme activation API endpoint 🐛 Don't allow deleting the active theme 🚫 Prevent activeTheme being set via settings API - We want to control how this happens in future. - We still want to store the information in settings, via the model. - We just don't want to be able to change this info via the settings edit endpoint 🐛 ✨ Fix warnings for uploads & add for activations - warnings for uploads were broken in f8b498d - fix the response + adds tests to cover that warnings are correctly returned - add the same response to activations + more tests - activations now return a single theme object - the theme that was activated + any warnings 🎨 Improve how we generate theme API responses - remove the requirement to pass in the active theme! - move this to a specialist function, away from the list 🎨 Do not load gscan on boot
2017-03-13 14:44:44 +03:00
Restructured theme check logic refs #10571 - Removes dependency on 'context' property being set in error when checking a theme - Refactoring was needed to be able to avoid passing checked theme as a part of thrown error (logic was relying on error having this specific data in context property). This created a problem where we controlled the logic flow with data in error object. - Introduced 2 different types of theme check handling, one behaves the same way as before, the other gives more granulac control to the caller to decide what to do with returned errors.
2019-04-22 18:31:56 +03:00
return checkedTheme;
});
};
const checkSafe = function checkSafe(theme, isZip) {
return check(theme, isZip)
.then((checkedTheme) => {
if (canActivate(checkedTheme)) {
🐛 Fixed gscan errors not caught for corrupted zips closes TryGhost/Support#426 refs TryGhost/gscan#106 needs TryGhost/gscan#107 GScan can return errors, which was not handled in our theme validator and caused Ghost to crash completely. GScan will now return an Ignition error when its not able to read the `.zip` file. e. g.: `{"errors":[{"message":"Failed to read zip file","context":"tife.zip","errorType":"ValidationError","errorDetails":"invalid relative path: ../tife/"}]}`
2018-05-11 08:12:15 +03:00
return checkedTheme;
}
✨ Themes API activation permissions & validation (#8104) refs #8093 ✨ Add activate theme permission - add permission to activate themes - update tests - also: update tests for invites TODO: change how the active theme setting is updated to reduce extra permissions ✨ Move theme validation to gscan - add a new gscan validation method and use it for upload - update activate endpoint to do validation also using gscan - change to using SettingsModel instead of API so that we don't call validation or permissions on the settings API - remove validation from the settings model - remove the old validation function - add new invalid theme message to translations & remove a bunch of theme validation related unused keys 📖 Planned changes 🚨 Tests for theme activation API endpoint 🐛 Don't allow deleting the active theme 🚫 Prevent activeTheme being set via settings API - We want to control how this happens in future. - We still want to store the information in settings, via the model. - We just don't want to be able to change this info via the settings edit endpoint 🐛 ✨ Fix warnings for uploads & add for activations - warnings for uploads were broken in f8b498d - fix the response + adds tests to cover that warnings are correctly returned - add the same response to activations + more tests - activations now return a single theme object - the theme that was activated + any warnings 🎨 Improve how we generate theme API responses - remove the requirement to pass in the active theme! - move this to a specialist function, away from the list 🎨 Do not load gscan on boot
2017-03-13 14:44:44 +03:00
Added temp file cleanup for invalid themes refs #10174 - When theme check fails with validation error there was no cleanup of files left from zip extraction
2019-05-02 18:59:29 +03:00
// NOTE: When theme cannot be activated and gscan explicitly keeps extracted files (after
// being called with `keepExtractedDir: true`), this is the closes place for a cleanup.
// TODO: The `keepExtractedDir` flag is the cause of confusion for when and where the cleanup
// should be done. It's probably best if gscan is called directly with path to the extracted
// directory, this would allow keeping gscan to do just one thing - validate the theme, and
// file manipulations could be left to another module/library
if (isZip) {
fs.remove(checkedTheme.path);
}
🐛 Fixed gscan errors not caught for corrupted zips closes TryGhost/Support#426 refs TryGhost/gscan#106 needs TryGhost/gscan#107 GScan can return errors, which was not handled in our theme validator and caused Ghost to crash completely. GScan will now return an Ignition error when its not able to read the `.zip` file. e. g.: `{"errors":[{"message":"Failed to read zip file","context":"tife.zip","errorType":"ValidationError","errorDetails":"invalid relative path: ../tife/"}]}`
2018-05-11 08:12:15 +03:00
return Promise.reject(new common.errors.ThemeValidationError({
message: common.i18n.t('errors.api.themes.invalidTheme'),
Improved error context usage (#10669) refs #10571 - Reduced the amount of log output for collision errors - Improved data passed into `errorDetails` during theme check - After discovering https://github.com/TryGhost/Ghost/blob/9810834/core/server/services/themes/index.js#L56-L57 wasn't able to remove `checkedTheme` from `context`. Left a note to be refactored later
2019-04-09 08:00:56 +03:00
errorDetails: Object.assign(
_.pick(checkedTheme, ['checkedVersion', 'name', 'path', 'version']), {
errors: checkedTheme.results.error
}
Restructured theme check logic refs #10571 - Removes dependency on 'context' property being set in error when checking a theme - Refactoring was needed to be able to avoid passing checked theme as a part of thrown error (logic was relying on error having this specific data in context property). This created a problem where we controlled the logic flow with data in error object. - Introduced 2 different types of theme check handling, one behaves the same way as before, the other gives more granulac control to the caller to decide what to do with returned errors.
2019-04-22 18:31:56 +03:00
)
🐛 Fixed gscan errors not caught for corrupted zips closes TryGhost/Support#426 refs TryGhost/gscan#106 needs TryGhost/gscan#107 GScan can return errors, which was not handled in our theme validator and caused Ghost to crash completely. GScan will now return an Ignition error when its not able to read the `.zip` file. e. g.: `{"errors":[{"message":"Failed to read zip file","context":"tife.zip","errorType":"ValidationError","errorDetails":"invalid relative path: ../tife/"}]}`
2018-05-11 08:12:15 +03:00
}));
});
🔥 🎨 Themes & settings misc cleanup (#8061) no issue 🔥 remove unused loadThemes API method 🚨 Add tests for themes.readOne 🔥 Don't update settings cache for imports - this isn't needed as of #8057 - settings.edit fires an event, that will result in the update happening automatically 🎨 Move validation to themes - slowly collecting all theme-related code together 🔥 Reduce DEBUG output - all this info is a bit tooooo much!
2017-02-28 01:30:49 +03:00
};
Restructured theme check logic refs #10571 - Removes dependency on 'context' property being set in error when checking a theme - Refactoring was needed to be able to avoid passing checked theme as a part of thrown error (logic was relying on error having this specific data in context property). This created a problem where we controlled the logic flow with data in error object. - Introduced 2 different types of theme check handling, one behaves the same way as before, the other gives more granulac control to the caller to decide what to do with returned errors.
2019-04-22 18:31:56 +03:00
module.exports.check = check;
module.exports.checkSafe = checkSafe;
module.exports.canActivate = canActivate;
Reference in New Issue Copy Permalink