Commit Graph

39111 Commits

Author SHA1 Message Date
Ronald Langeveld
41e696f00f
Added migration to include donation_message in donation_payment_events (#20839)
ref PLG-197

- DB migration to add `donation_message` to `donation_payment_events`
table
2024-08-28 15:58:11 +09:00
Chris Raible
a79ab03463
Fixed failing type check in admin-x-design-system story (#20838)
no issue

- The type checks for `admin-x-design-system` were failing for me locally for a Storybook story. It looks like we changed the `PopoverPosition` type to use 'start'/'end' rather than 'left'/'right', but this story was still using 'left'. This was causing `yarn test` to fail in the `admin-x-design-system` app.
- This commit updates the story to use 'start' instead of 'left', which allows the type checks to pass.
2024-08-27 17:58:42 -07:00
Steve Larson
962194b595
Bumped Portal (#20837)
no ref
2024-08-27 21:29:40 +00:00
Ghost CI
291d48ecb7 Merged v5.90.2 into main 2024-08-27 21:29:17 +00:00
Ghost CI
eaf414a2de v5.90.2 2024-08-27 21:29:15 +00:00
Steve Larson
8a1274517d
🐛 Added integrity token to one click subscribe (#20836)
ref https://linear.app/tryghost/issue/ONC-269

When we added the integrity token to all `send-magic-link` callers in
Portal, we missed one.
2024-08-27 21:17:19 +00:00
Steve Larson
ae15e12ffc Reverted email analytics jobs commits (#20835)
ref https://linear.app/tryghost/issue/ENG-1518

After releasing the analytics job improvements, it appears for large
sites we're awfully close to missing some Mailgun events because of an
unexpected behavior of the aggregateStats call for just the opened
events job. This is taking 2-5x(+) the amount of time that the aggregate
queries take for the other jobs, despite not being dependent on the
events.

To err on the side of caution, we're going to roll this back and look to
optimize the aggregation queries before re-implementing. And we may be a
bit more cautious in giving _some_ but not _all_ priority to the
`opened` events.
2024-08-27 16:16:07 -05:00
Steve Larson
8f3985bc66
Reverted email analytics jobs commits (#20835)
ref https://linear.app/tryghost/issue/ENG-1518

After releasing the analytics job improvements, it appears for large
sites we're awfully close to missing some Mailgun events because of an
unexpected behavior of the aggregateStats call for just the opened
events job. This is taking 2-5x(+) the amount of time that the aggregate
queries take for the other jobs, despite not being dependent on the
events.

To err on the side of caution, we're going to roll this back and look to
optimize the aggregation queries before re-implementing. And we may be a
bit more cautious in giving _some_ but not _all_ priority to the
`opened` events.
2024-08-27 16:15:34 -05:00
Kevin Ansfield
709ee163e3 Bumped Portal
ref https://linear.app/tryghost/issue/PLG-152

- updates tips and donations success states
2024-08-27 19:30:27 +01:00
Kevin Ansfield
f613f42bec Updated donation success states
closes https://linear.app/tryghost/issue/PLG-152

- switched member success to a notification
- updated non-member success modal to include signup and signin links
2024-08-27 19:30:27 +01:00
Daniel Lockyer
2757ef70fa Revert "🐛 Fixed frontend routing prioritizing collections over built in routes (#20765)"
refs https://app.incident.io/ghost/incidents/102

- this reverts commit c0471f0c28
2024-08-27 18:04:27 +02:00
Daniel Lockyer
d5bac91feb
Revert "🐛 Fixed frontend routing prioritizing collections over built in routes (#20765)"
This reverts commit c0471f0c28.
2024-08-27 17:31:08 +02:00
Daniël van der Winden
af0338b504
Rewrote the publish modal logic and layout (#20832)
Removed unnecessary code, rewrote it in places where we were repeating
ourselves, and followed the new layout for posts + emails.
2024-08-27 15:22:11 +00:00
Daniël van der Winden
344f440de9
Updated the buttons in the publish flow modals (#20831)
Buttons were previously part of the bookmark card, but that's no longer
the case. This makes it easier to scale between different types of
posts/emails.
2024-08-27 13:06:19 +00:00
Sodbileg Gansukh
528ed010a0
Fixed Radix UI related custom validity error (#20829)
ref DES-755

- a direct child of a form control primitive should be a form element
- for TextField component, a div was the direct child
- this moves the input element to the form control primitive
2024-08-27 12:59:52 +02:00
Sodbileg Gansukh
0cf987ebff
Fixed Radix UI related custom validity error (#20829)
ref DES-755

- a direct child of a form control primitive should be a form element
- for TextField component, a div was the direct child
- this moves the input element to the form control primitive
2024-08-27 18:17:39 +08:00
Ronald Langeveld
9449e0a048
Added donations checkout session unit tests (#20827)
ref PLG-196

- Added comprehensive unit tests to cover various scenarios for the
createDonationCheckoutSession function.
- Verified correct handling of customer object, customerEmail and
metadata.
- Ensured accurate parameter passing to Stripe API, including
success_url and cancel_url.
2024-08-27 12:36:43 +09:00
Ghost CI
8fc8dc72e6 Merged v5.90.1 into main 2024-08-26 23:37:15 +00:00
Ghost CI
46e9b20479 v5.90.1 2024-08-26 23:37:13 +00:00
Steve Larson
2df2c7f120 Bumped Portal (#20826)
ref https://github.com/TryGhost/Ghost/issues/20767
2024-08-26 18:20:43 -05:00
Steve Larson
5622a29fc1 Fixed Portal honeypot field (#20825)
ref INC-97
ref https://github.com/TryGhost/Ghost/issues/20767
- finishes wiring up the honeypot fied
- updates state handing to properly set the value
- maintains honeypot field across page changes within portal

There isn't a single previous commit to point to here since they didn't
get squashed. We added a honeypot field to help mitigate bot signup
activity. It's hidden, and if filled out, we can anticipate it's a bot.
Right now this just logs to Ghost while we collect data.
2024-08-26 18:20:35 -05:00
Steve Larson
d24af3bd50
Bumped Portal (#20826)
ref https://github.com/TryGhost/Ghost/issues/20767
2024-08-26 23:06:27 +00:00
Steve Larson
22fcd21fbb
Fixed Portal honeypot field (#20825)
ref INC-97
ref https://github.com/TryGhost/Ghost/issues/20767
- finishes wiring up the honeypot fied
- updates state handing to properly set the value
- maintains honeypot field across page changes within portal

There isn't a single previous commit to point to here since they didn't
get squashed. We added a honeypot field to help mitigate bot signup
activity. It's hidden, and if filled out, we can anticipate it's a bot.
Right now this just logs to Ghost while we collect data.
2024-08-26 22:51:57 +00:00
renovate[bot]
cfc4c08200 Pin dependency @opentelemetry/instrumentation-runtime-node to 0.6.0 2024-08-26 18:34:34 +02:00
renovate[bot]
400ccfafef Update dependency @sinonjs/fake-timers to v11.3.1 2024-08-26 14:08:32 +02:00
Peter Zimon
65b6978482 Updated layout switch 2024-08-26 14:02:47 +02:00
Peter Zimon
6530cd535e Added basic inbox view 2024-08-26 14:02:47 +02:00
Djordje Vlaisavljevic
8cbdecfc7f Added static design for Search page
ref https://linear.app/tryghost/issue/AP-352/search-for-mastodon-usernames-in-ghost-admin
2024-08-26 14:02:47 +02:00
Djordje Vlaisavljevic
6171a417de Updated design of Notes in the feed and in the drawer
ref https://linear.app/tryghost/issue/AP-282/render-notes-in-the-frontend
2024-08-26 14:02:47 +02:00
Djordje Vlaisavljevic
5b70fc6b1c Added design for Profile component
ref https://linear.app/tryghost/issue/AP-305/profile-viewer-component-that-can-render-activitypub-actor-data
2024-08-26 14:02:47 +02:00
Djordje Vlaisavljevic
366d683d7b Fixed time not being converted properly
ref https://linear.app/tryghost/issue/AP-131/show-nice-relative-timestamps
2024-08-26 14:02:47 +02:00
Sodbileg Gansukh
2a212bfff4
Publish flow improvements and bug fixes (#20824)
ref DES-731

- improved mobile styles for the social buttons in the modal
- fixed the flow for publishing/scheduling pages
- redirect to post list only when a post doesn't involve any email
2024-08-26 17:02:00 +08:00
Amel Sućeska
0673ca9627
Improved Bosnian translations (#20667)
Comprehensive, context aware, Bosnian translations for all available
strings.

Informal addressing of users (as is widely accepted in Bosnia and
Herzegovina).

Minor text fixes.
2024-08-26 14:59:09 +07:00
renovate[bot]
91e8aa1271 Update dependency jsdom to v24.1.3 2024-08-26 09:44:19 +02:00
Ghost CI
ef031728cc v5.90.0 2024-08-23 15:05:10 +00:00
Chris Raible
5f9c0d21c5
Added eventLoopUtilization instrumentation behind config (#20819)
ref
https://linear.app/tryghost/issue/ENG-1505/start-monitoring-event-loop-utilization-in-production-with

- The two main constraints we've observed in Ghost are the database connection pool and the CPU usage. However, there is a third constraint that we may be hitting, but can't currently observe: the event loop.
- This commit re-enabled OpenTelemetry (behind a config flag), removes the problematic tracing instrumentation which was breaking the frontend, and adds a Prometheus endpoint to export the eventLoopUtilization metric.
- This should give us visibility into whether we are hitting constraints in the event loop and address the root cause if we are.
2024-08-22 19:16:53 -07:00
Sam Lord
9ca513bfdd Added logging when honeypot field is hit
ref KTLO-1
2024-08-22 22:32:04 +01:00
Sam Lord
56a9fa34af Fixed names of tests for Portal honeypot field
ref KTLO-1
2024-08-22 22:32:04 +01:00
Sam Lord
0a9d2fadba Added honeypot field to prevent bot signup/signin
ref KTLO-1
Should prevent untargeted attacks using headless browser bots.
2024-08-22 22:32:04 +01:00
Sam Lord
244e612f53 Use config flag to change whether token integrity is checked
ref KTLO-1
Allows us to get this out to self-hosters much faster
2024-08-22 22:23:16 +01:00
Sam Lord
23c0882019 Added tests for request integrity token validation 2024-08-22 22:23:16 +01:00
Sam Lord
ebc87002ce Added integrity token to signup-form package
ref KTLO-1
2024-08-22 22:23:16 +01:00
Sam Lord
ef4f79370f Added support in Portal for integrity tokens on magic link API
ref KTLO-1
These tokens should prevent untargeted attacks, as the magic link
endpoint needs a token that was generated by the server, similar to a
CSRF token, but without needing any server-side state, or a cookie to
be set for unauthenticated users.
2024-08-22 22:23:16 +01:00
Sam Lord
a48b4e5cbf Added integrity token API & middleware for magic link requests
ref KTLO-1
Back-end implementation of request integrity tokens. The purpose here
is to prevent simple web bots from spamming the signup form.
2024-08-22 22:23:16 +01:00
Steve Larson
0053939185
Improved email analytics jobs system (#20809)
ref https://linear.app/tryghost/issue/ENG-952
- added persistence to the job timestamps

This set of changes reduces the potential for gaps in our email event
processing by adding persistence to the job timestamps. This avoids
expensive queries on the `email_recipients` table after every boot, and
reduces reliance on fallbacks in periods of heavy processing or reboot.

This is our first use of the jobs table to create a persistent line,
instead of its initial use case of single-run jobs. We may expand this
capability and move to use of the jobs model over knex.raw in order to
make this a bit friendlier.

Note: this works with sqlite but datetimes are stored as ints. It still
works fine. https://github.com/knex/knex/pull/5272
2024-08-22 15:20:42 -05:00
Steve Larson
827518c98b
🐛 Fixed shift selection in the posts list (#20818)
ref https://linear.app/tryghost/issue/ENG-1489/

The changes to improve posts loading in admin broke the shift selection
functionality. This restores that, as we need to be able to crawl across
the (now) three models when present.
2024-08-22 13:15:06 -05:00
Daniël van der Winden
7c992825ed
Publish modal updates (#20817)
The new modal for the updated publishing flow has an entirely new
layout, based on feedback previously received. In addition, this PR
includes a few tweaks to the underlying logic.
2024-08-22 14:49:29 +00:00
Steve Larson
cd7c27d3ad
🐛 Fixed fetching labels and offers in the editor (#20815)
ref https://linear.app/tryghost/issue/ONC-263/
- labels dropdown in sign up card was not successfully fetching labels
- offers dropdown suffered the same fate

When introducing the second editor instance, it appears we ran into some
race conditions with the Ember tasks used to fetch the resources. The
init instance was beating the other to the punch, and so the state was
never successfully updated, as it is only fetched once on mounting the
card.
2024-08-22 08:55:33 -05:00
Princi Vershwal
f984fbd47e
🎨 Improved the performance of the /members/events/ aggregated_click_event endpoint (#20790)
Ref https://linear.app/tryghost/issue/ONC-216/improve-the-performance-of-the-membersevents-aggregated-click-event
2024-08-22 18:26:10 +05:30
Ronald Langeveld
f2206fb232
Added one-time payments under "payments" for filtering (#20807)
ref PLG-153

- Scoped one-time payments (`donation_event`) under the "payments"
category in the member activity feed filter.
- Updated `toggleEventType` logic to ensure that toggling "payments"
also toggles one-time payments when the `tipsAndDonations` feature is
enabled.
- Refactored event type handling into utility functions for easier
testing.
- Added unit tests for the new utility functions to ensure correct
behaviour.
- Added acceptance testing.
2024-08-22 10:26:46 +00:00