Go to file

Fabien O'Carroll f9899cb8c4 Updated theme layer to use members-ssr (#10676 ) * Removed support for cookies in members auth middleware no-issue The members middleware will no longer be supporting cookies, the cookie will be handled by a new middleware specific for serverside rendering, more informations can be found here: https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5 * Removed members auth middleware from site app no-issue The site app no longer needs the members auth middleware as it doesn't support cookies, and will be replaced by ssr specific middleware. https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5 * Added comment for session_secret setting no-issue We are going to have multiple concepts of sessions, so adding a comment here to be specific that this is for the Ghost Admin client * Added theme_session_secret setting dynamic default no-issue Sessions for the theme layer will be signed, so we generate a random hex string to use as a signing key * Added getPublicConfig method * Replaced export of httpHandler with POJO apiInstance no-issue This is mainly to reduce the public api, so it's easier to document. * Renamed memberUserObject -> members no-issue Simplifies the interface, and is more inline with what we would want to export as an api library. * Removed use of require options inside members no-issue This was too tight of a coupling between Ghost and Members * Simplified apiInstance definition no-issue * Added getMember method to members api * Added MembersSSR instance to members service * Wired up routes for members ssr * Updated members auth middleware to use getPublicConfig * Removed publicKey static export from members service * Used real session secret no-issue * Added DELETE /members/ssr handler no-issue This allows users to log out of the theme layer * Fixed missing code property no-issue Ignition uses the statusCode property to forward status codes to call sites * Removed superfluous error middleware no-issue Before we used generic JWT middleware which would reject, now the middleware catches it's own error and doesn't error, thus this middleware is unecessary. * Removed console.logs no-issue * Updated token expirty to hardcoded 20 minutes no-issue This returns to our previous state of using short lived tokens, both for security and simplicity. * Removed hardcoded default member settings no-issue This is no longer needed, as defaults are in default-settings.json * Removed stripe from default payment processor no-issue * Exported `getSiteUrl` method from url utils no-issue This keeps inline with newer naming conventions * Updated how audience access control works no-issue Rather than being passed a function, members api now receives an object which describes which origins have access to which audiences, and how long those tokens should be allowed to work for. It also allows syntax for default tokens where audience === origin requesting it. This can be set to undefined or null to disable this functionality. { "http://site.com": { "http://site.com": { tokenLength: '5m' }, "http://othersite.com": { tokenLength: '1h' } }, "": { tokenLength: '30m' } } Updated members service to use access control feature no-issue This also cleans up a lot of unecessary variable definitions, and some other minor cleanups. * Added status code to auth pages html response no-issue This was missing, probably default but better to be explicit * Updated gateway to have membersApiUrl from config no-issue Previously we were parsing the url, this was not very safe as we can have Ghost hosted on a subdomain, and this would have failed. * Added issuer to public config for members no-issue This can be used to request SSR tokens in the client * Fixed path for gateway bundle no-issue * Updated settings model tests no-issue * Revert "Removed stripe from default payment processor" This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845. * Revert "Removed hardcoded default member settings" This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a. * Installed @tryghost/members-ssr * Fixed tests for settings model		2019-04-16 16:50:25 +02:00
.github	Create FUNDING.yml	2019-03-07 15:23:12 +02:00
content	Updated Casper to 2.9.10	2019-04-16 16:42:31 +05:30
core	Updated theme layer to use members-ssr (#10676 )	2019-04-16 16:50:25 +02:00
.editorconfig	Various post-repo-split cleanup (#6910 )	2016-07-12 11:55:46 -06:00
.eslintignore	Moved grunt-eslint to npm script executing eslint (#10474 )	2019-02-11 13:26:06 +01:00
.eslintrc.json	Switched to eslint-plugin-ghost (#9835 )	2018-09-17 20:49:30 +02:00
.gitattributes	Enforced unix line endings (#9871 )	2018-10-23 10:59:09 +02:00
.gitignore	Removed vim specific ignores	2019-04-08 18:23:17 +02:00
.gitmodules	Switched to using relative urls for submodules	2018-12-10 16:56:35 +00:00
.npmignore	Updated npmignore to remove custom config files from release (#10614 )	2019-03-15 18:17:50 +05:30
.travis.yml	Update .travis.yml - no slack success msgs	2019-03-12 11:42:51 +00:00
config.development.json	Added config.development.json	2019-04-03 11:10:41 +01:00
Gruntfile.js	Removed coverage tasks from Gruntfile	2019-04-08 18:23:35 +02:00
index.js	Changed where we trigger server start/stop announcement (#9815 )	2018-08-22 13:28:31 +02:00
LICENSE	2019	2019-01-01 14:07:15 +00:00
MigratorConfig.js	Moved ghost-version to lib	2017-12-14 22:14:55 +01:00
package.json	Updated theme layer to use members-ssr (#10676 )	2019-04-16 16:50:25 +02:00
PRIVACY.md	Fixed RPC pings (#9816 )	2018-08-23 15:20:29 +02:00
README.md	Update to new Twitter URL	2019-04-01 23:36:43 +02:00
SECURITY.md	Updated Security.md w/ ref to improved docs	2019-02-11 16:40:29 +00:00
yarn.lock	Updated theme layer to use members-ssr (#10676 )	2019-04-16 16:50:25 +02:00

README.md

Fiercely independent, professional publishing

A fully open source, powerful platform for building and running modern publications,
we power serious blogs, magazines and journalism from DuckDuckGo to OpenAI & Sky News.

The easiest way to deploy Ghost is with our official Ghost(Pro) managed service. You can have a fresh instance up and running in a couple of clicks with a worldwide CDN, backups, security and maintenance all done for you.

Not only will it save you hours of maintenance per month, but all revenue goes to the Ghost Foundation, which funds the maintenance and further development of Ghost itself. So you’ll be supporting open source software and getting a great service! Alternatively if you'd like to support us, we're very grateful to all our backers on Open Collective ❤️

Quickstart Install

If you want to run your own instance of Ghost, in most cases the best way is to use our CLI tool

$ npm install ghost-cli -g

Then, if installing locally add the local flag to get up and running in under a minute - Local install docs

$ ghost install local

or on a server run the full install, including automatic SSL setup using LetsEncrypt - Production install docs

$ ghost install

Check out our official documentation for more information about our recommended hosting stack & properly upgrading Ghost, plus everything you need to develop your own Ghost themes or work with our API.

Getting Help

You can find answers to a huge variety of questions, along with a large community of helpful developers over on the Ghost forum - replies are generally very quick. Ghost(Pro) customers also have access to 24/7 email support.

To stay up to date with all the latest news and product updates, make sure you subscribe to our blog — or your can always follow us on Twitter, if you prefer your updates bite-sized and facetious. 🎷🐢

Contributors & Advanced Developers

For anyone wishing to contribute to Ghost or to hack/customise core files we recommend following our full development setup guides: General Contributor Guide | Developer Setup Instructions | Admin Client development guide

Copyright & License

Copyright (c) 2013-2019 Ghost Foundation - Released under the MIT license. Ghost and the Ghost Logo are trademarks of Ghost Foundation Ltd. Please see our trademark policy for info on acceptable usage.

README.md Unescape Escape