Commit Graph

39118 Commits

Author SHA1 Message Date
Sodbileg Gansukh
3b38ba3a29
Make split number helper handle empty value (#20848)
no issues
2024-08-28 10:47:03 +00:00
Daniël van der Winden
5cc3d943f2
Made the post preview card a link (#20846)
The modal in the new publish flow has a post preview card, which did not
link to the post itself. It does now (except when it's an email).
2024-08-28 10:08:25 +00:00
Kevin Ansfield
2b2e5dfeb1 Updated Portal readme with more testing/releasing details 2024-08-28 10:37:04 +01:00
Sodbileg Gansukh
1afe96ae34
Added animation to the analytics numbers when refreshed (#20842)
ref DES-709

- when refresh button is clicked, the numbers in the analytics will be animated if changed
- for the animation to be performant, added a new dependency "animejs"
- to minimize the flash and layout shift, the analytics data is kept as it is while loading
- once finished loading, it will be replaced with the new data
2024-08-28 17:25:37 +08:00
Daniël van der Winden
1d17600f5d
Publishing flow: Social buttons update (#20841)
Updated the hover colour of the social buttons in the new publishing
flow's modal.
2024-08-28 08:42:56 +00:00
Michael Barrett
59a3a9514b
Added data retrieval for activitypub activities (#20830)
refs
[AP-283](https://linear.app/tryghost/issue/AP-283/handle-incoming-likes)

Added data retrieval for activitypub activities in the acvitiies tab of
the ActivityPub demo
2024-08-28 09:39:01 +01:00
renovate[bot]
cfda52ead2 Update dependency gscan to v4.43.3 2024-08-28 10:10:54 +02:00
Ronald Langeveld
41e696f00f
Added migration to include donation_message in donation_payment_events (#20839)
ref PLG-197

- DB migration to add `donation_message` to `donation_payment_events`
table
2024-08-28 15:58:11 +09:00
Chris Raible
a79ab03463
Fixed failing type check in admin-x-design-system story (#20838)
no issue

- The type checks for `admin-x-design-system` were failing for me locally for a Storybook story. It looks like we changed the `PopoverPosition` type to use 'start'/'end' rather than 'left'/'right', but this story was still using 'left'. This was causing `yarn test` to fail in the `admin-x-design-system` app.
- This commit updates the story to use 'start' instead of 'left', which allows the type checks to pass.
2024-08-27 17:58:42 -07:00
Steve Larson
962194b595
Bumped Portal (#20837)
no ref
2024-08-27 21:29:40 +00:00
Ghost CI
291d48ecb7 Merged v5.90.2 into main 2024-08-27 21:29:17 +00:00
Ghost CI
eaf414a2de v5.90.2 2024-08-27 21:29:15 +00:00
Steve Larson
8a1274517d
🐛 Added integrity token to one click subscribe (#20836)
ref https://linear.app/tryghost/issue/ONC-269

When we added the integrity token to all `send-magic-link` callers in
Portal, we missed one.
2024-08-27 21:17:19 +00:00
Steve Larson
ae15e12ffc Reverted email analytics jobs commits (#20835)
ref https://linear.app/tryghost/issue/ENG-1518

After releasing the analytics job improvements, it appears for large
sites we're awfully close to missing some Mailgun events because of an
unexpected behavior of the aggregateStats call for just the opened
events job. This is taking 2-5x(+) the amount of time that the aggregate
queries take for the other jobs, despite not being dependent on the
events.

To err on the side of caution, we're going to roll this back and look to
optimize the aggregation queries before re-implementing. And we may be a
bit more cautious in giving _some_ but not _all_ priority to the
`opened` events.
2024-08-27 16:16:07 -05:00
Steve Larson
8f3985bc66
Reverted email analytics jobs commits (#20835)
ref https://linear.app/tryghost/issue/ENG-1518

After releasing the analytics job improvements, it appears for large
sites we're awfully close to missing some Mailgun events because of an
unexpected behavior of the aggregateStats call for just the opened
events job. This is taking 2-5x(+) the amount of time that the aggregate
queries take for the other jobs, despite not being dependent on the
events.

To err on the side of caution, we're going to roll this back and look to
optimize the aggregation queries before re-implementing. And we may be a
bit more cautious in giving _some_ but not _all_ priority to the
`opened` events.
2024-08-27 16:15:34 -05:00
Kevin Ansfield
709ee163e3 Bumped Portal
ref https://linear.app/tryghost/issue/PLG-152

- updates tips and donations success states
2024-08-27 19:30:27 +01:00
Kevin Ansfield
f613f42bec Updated donation success states
closes https://linear.app/tryghost/issue/PLG-152

- switched member success to a notification
- updated non-member success modal to include signup and signin links
2024-08-27 19:30:27 +01:00
Daniel Lockyer
2757ef70fa Revert "🐛 Fixed frontend routing prioritizing collections over built in routes (#20765)"
refs https://app.incident.io/ghost/incidents/102

- this reverts commit c0471f0c28
2024-08-27 18:04:27 +02:00
Daniel Lockyer
d5bac91feb
Revert "🐛 Fixed frontend routing prioritizing collections over built in routes (#20765)"
This reverts commit c0471f0c28.
2024-08-27 17:31:08 +02:00
Daniël van der Winden
af0338b504
Rewrote the publish modal logic and layout (#20832)
Removed unnecessary code, rewrote it in places where we were repeating
ourselves, and followed the new layout for posts + emails.
2024-08-27 15:22:11 +00:00
Daniël van der Winden
344f440de9
Updated the buttons in the publish flow modals (#20831)
Buttons were previously part of the bookmark card, but that's no longer
the case. This makes it easier to scale between different types of
posts/emails.
2024-08-27 13:06:19 +00:00
Sodbileg Gansukh
528ed010a0
Fixed Radix UI related custom validity error (#20829)
ref DES-755

- a direct child of a form control primitive should be a form element
- for TextField component, a div was the direct child
- this moves the input element to the form control primitive
2024-08-27 12:59:52 +02:00
Sodbileg Gansukh
0cf987ebff
Fixed Radix UI related custom validity error (#20829)
ref DES-755

- a direct child of a form control primitive should be a form element
- for TextField component, a div was the direct child
- this moves the input element to the form control primitive
2024-08-27 18:17:39 +08:00
Ronald Langeveld
9449e0a048
Added donations checkout session unit tests (#20827)
ref PLG-196

- Added comprehensive unit tests to cover various scenarios for the
createDonationCheckoutSession function.
- Verified correct handling of customer object, customerEmail and
metadata.
- Ensured accurate parameter passing to Stripe API, including
success_url and cancel_url.
2024-08-27 12:36:43 +09:00
Ghost CI
8fc8dc72e6 Merged v5.90.1 into main 2024-08-26 23:37:15 +00:00
Ghost CI
46e9b20479 v5.90.1 2024-08-26 23:37:13 +00:00
Steve Larson
2df2c7f120 Bumped Portal (#20826)
ref https://github.com/TryGhost/Ghost/issues/20767
2024-08-26 18:20:43 -05:00
Steve Larson
5622a29fc1 Fixed Portal honeypot field (#20825)
ref INC-97
ref https://github.com/TryGhost/Ghost/issues/20767
- finishes wiring up the honeypot fied
- updates state handing to properly set the value
- maintains honeypot field across page changes within portal

There isn't a single previous commit to point to here since they didn't
get squashed. We added a honeypot field to help mitigate bot signup
activity. It's hidden, and if filled out, we can anticipate it's a bot.
Right now this just logs to Ghost while we collect data.
2024-08-26 18:20:35 -05:00
Steve Larson
d24af3bd50
Bumped Portal (#20826)
ref https://github.com/TryGhost/Ghost/issues/20767
2024-08-26 23:06:27 +00:00
Steve Larson
22fcd21fbb
Fixed Portal honeypot field (#20825)
ref INC-97
ref https://github.com/TryGhost/Ghost/issues/20767
- finishes wiring up the honeypot fied
- updates state handing to properly set the value
- maintains honeypot field across page changes within portal

There isn't a single previous commit to point to here since they didn't
get squashed. We added a honeypot field to help mitigate bot signup
activity. It's hidden, and if filled out, we can anticipate it's a bot.
Right now this just logs to Ghost while we collect data.
2024-08-26 22:51:57 +00:00
renovate[bot]
cfc4c08200 Pin dependency @opentelemetry/instrumentation-runtime-node to 0.6.0 2024-08-26 18:34:34 +02:00
renovate[bot]
400ccfafef Update dependency @sinonjs/fake-timers to v11.3.1 2024-08-26 14:08:32 +02:00
Peter Zimon
65b6978482 Updated layout switch 2024-08-26 14:02:47 +02:00
Peter Zimon
6530cd535e Added basic inbox view 2024-08-26 14:02:47 +02:00
Djordje Vlaisavljevic
8cbdecfc7f Added static design for Search page
ref https://linear.app/tryghost/issue/AP-352/search-for-mastodon-usernames-in-ghost-admin
2024-08-26 14:02:47 +02:00
Djordje Vlaisavljevic
6171a417de Updated design of Notes in the feed and in the drawer
ref https://linear.app/tryghost/issue/AP-282/render-notes-in-the-frontend
2024-08-26 14:02:47 +02:00
Djordje Vlaisavljevic
5b70fc6b1c Added design for Profile component
ref https://linear.app/tryghost/issue/AP-305/profile-viewer-component-that-can-render-activitypub-actor-data
2024-08-26 14:02:47 +02:00
Djordje Vlaisavljevic
366d683d7b Fixed time not being converted properly
ref https://linear.app/tryghost/issue/AP-131/show-nice-relative-timestamps
2024-08-26 14:02:47 +02:00
Sodbileg Gansukh
2a212bfff4
Publish flow improvements and bug fixes (#20824)
ref DES-731

- improved mobile styles for the social buttons in the modal
- fixed the flow for publishing/scheduling pages
- redirect to post list only when a post doesn't involve any email
2024-08-26 17:02:00 +08:00
Amel Sućeska
0673ca9627
Improved Bosnian translations (#20667)
Comprehensive, context aware, Bosnian translations for all available
strings.

Informal addressing of users (as is widely accepted in Bosnia and
Herzegovina).

Minor text fixes.
2024-08-26 14:59:09 +07:00
renovate[bot]
91e8aa1271 Update dependency jsdom to v24.1.3 2024-08-26 09:44:19 +02:00
Ghost CI
ef031728cc v5.90.0 2024-08-23 15:05:10 +00:00
Chris Raible
5f9c0d21c5
Added eventLoopUtilization instrumentation behind config (#20819)
ref
https://linear.app/tryghost/issue/ENG-1505/start-monitoring-event-loop-utilization-in-production-with

- The two main constraints we've observed in Ghost are the database connection pool and the CPU usage. However, there is a third constraint that we may be hitting, but can't currently observe: the event loop.
- This commit re-enabled OpenTelemetry (behind a config flag), removes the problematic tracing instrumentation which was breaking the frontend, and adds a Prometheus endpoint to export the eventLoopUtilization metric.
- This should give us visibility into whether we are hitting constraints in the event loop and address the root cause if we are.
2024-08-22 19:16:53 -07:00
Sam Lord
9ca513bfdd Added logging when honeypot field is hit
ref KTLO-1
2024-08-22 22:32:04 +01:00
Sam Lord
56a9fa34af Fixed names of tests for Portal honeypot field
ref KTLO-1
2024-08-22 22:32:04 +01:00
Sam Lord
0a9d2fadba Added honeypot field to prevent bot signup/signin
ref KTLO-1
Should prevent untargeted attacks using headless browser bots.
2024-08-22 22:32:04 +01:00
Sam Lord
244e612f53 Use config flag to change whether token integrity is checked
ref KTLO-1
Allows us to get this out to self-hosters much faster
2024-08-22 22:23:16 +01:00
Sam Lord
23c0882019 Added tests for request integrity token validation 2024-08-22 22:23:16 +01:00
Sam Lord
ebc87002ce Added integrity token to signup-form package
ref KTLO-1
2024-08-22 22:23:16 +01:00
Sam Lord
ef4f79370f Added support in Portal for integrity tokens on magic link API
ref KTLO-1
These tokens should prevent untargeted attacks, as the magic link
endpoint needs a token that was generated by the server, similar to a
CSRF token, but without needing any server-side state, or a cookie to
be set for unauthenticated users.
2024-08-22 22:23:16 +01:00