Add v2.5.0

Author: YannickRe

core/built/assets/ghost.min-e3bf097e9324c3108e4d726878a169e0.js core/built/assets/ghost.min-a9c5dcce8b8513b4e711b19a2b5fd06d.js

@@ -0,0 +1,66 @@
+const Promise = require('bluebird');
+const common = require('../../lib/common');
+const models = require('../../models');
+const ALLOWED_INCLUDES = ['count.posts'];
+
+module.exports = {
+    docName: 'authors',
+
+    browse: {
+        options: [
+            'include',
+            'filter',
+            'fields',
+            'limit',
+            'status',
+            'order',
+            'page'
+        ],
+        validation: {
+            options: {
+                include: {
+                    values: ALLOWED_INCLUDES
+                }
+            }
+        },
+        permissions: true,
+        query(frame) {
+            return models.User.findPage(frame.options);
+        }
+    },
+
+    read: {
+        options: [
+            'include',
+            'filter',
+            'fields'
+        ],
+        data: [
+            'id',
+            'slug',
+            'status',
+            'email',
+            'role'
+        ],
+        validation: {
+            options: {
+                include: {
+                    values: ALLOWED_INCLUDES
+                }
+            }
+        },
+        permissions: true,
+        query(frame) {
+            return models.User.findOne(frame.data, frame.options)
+                .then((model) => {
+                    if (!model) {
+                        return Promise.reject(new common.errors.NotFoundError({
+                            message: common.i18n.t('errors.api.authors.notFound')
+                        }));
+                    }
+
+                    return model;
+                });
+        }
+    }
+};

core/built/assets/vendor.min-77bca21f1e9cb03acfb0bd707f936352.js core/built/assets/vendor.min-3d45f4fcdb055b37c95a7c146cc49d44.js

@@ -69,5 +69,17 @@ module.exports = {
 
     get preview() {
         return shared.pipeline(require('./preview'), localUtils);
+    },
+
+    get oembed() {
+        return shared.pipeline(require('./oembed'), localUtils);
+    },
+
+    get slack() {
+        return shared.pipeline(require('./slack'), localUtils);
+    },
+
+    get authors() {
+        return shared.pipeline(require('./authors'), localUtils);
     }
 };

core/server/api/v2/authors.js

@@ -0,0 +1,102 @@
+const common = require('../../lib/common');
+const {extract, hasProvider} = require('oembed-parser');
+const Promise = require('bluebird');
+const request = require('../../lib/request');
+const cheerio = require('cheerio');
+
+const findUrlWithProvider = (url) => {
+    let provider;
+
+    // build up a list of URL variations to test against because the oembed
+    // providers list is not always up to date with scheme or www vs non-www
+    let baseUrl = url.replace(/^\/\/|^https?:\/\/(?:www\.)?/, '');
+    let testUrls = [
+        `http://${baseUrl}`,
+        `https://${baseUrl}`,
+        `http://www.${baseUrl}`,
+        `https://www.${baseUrl}`
+    ];
+
+    for (let testUrl of testUrls) {
+        provider = hasProvider(testUrl);
+        if (provider) {
+            url = testUrl;
+            break;
+        }
+    }
+
+    return {url, provider};
+};
+
+const getOembedUrlFromHTML = (html) => {
+    return cheerio('link[type="application/json+oembed"]', html).attr('href');
+};
+
+module.exports = {
+    docName: 'oembed',
+
+    read: {
+        permissions: false,
+        data: [
+            'url'
+        ],
+        options: [],
+        query({data}) {
+            let {url} = data;
+
+            if (!url || !url.trim()) {
+                return Promise.reject(new common.errors.BadRequestError({
+                    message: common.i18n.t('errors.api.oembed.noUrlProvided')
+                }));
+            }
+
+            function unknownProvider() {
+                return Promise.reject(new common.errors.ValidationError({
+                    message: common.i18n.t('errors.api.oembed.unknownProvider')
+                }));
+            }
+
+            function knownProvider(url) {
+                return extract(url).catch((err) => {
+                    return Promise.reject(new common.errors.InternalServerError({
+                        message: err.message
+                    }));
+                });
+            }
+
+            let provider;
+            ({url, provider} = findUrlWithProvider(url));
+
+            if (provider) {
+                return knownProvider(url);
+            }
+
+            // see if the URL is a redirect to cater for shortened urls
+            return request(url, {
+                method: 'GET',
+                timeout: 2 * 1000,
+                followRedirect: true
+            }).then((response) => {
+                if (response.url !== url) {
+                    ({url, provider} = findUrlWithProvider(response.url));
+                    return provider ? knownProvider(url) : unknownProvider();
+                }
+
+                const oembedUrl = getOembedUrlFromHTML(response.body);
+
+                if (!oembedUrl) {
+                    return unknownProvider();
+                }
+
+                return request(oembedUrl, {
+                    method: 'GET',
+                    json: true
+                }).then((response) => {
+                    return response.body;
+                });
+            }).catch(() => {
+                return unknownProvider();
+            });
+        }
+    }
+};

core/server/api/v2/index.js

@@ -39,7 +39,8 @@ module.exports = {
             'fields',
             'status',
             'formats',
-            'debug'
+            'debug',
+            'absolute_urls'
         ],
         data: [
             'id',

core/server/api/v2/oembed.js

@@ -16,7 +16,8 @@ module.exports = {
             'limit',
             'order',
             'page',
-            'debug'
+            'debug',
+            'absolute_urls'
         ],
         validation: {
             options: {
@@ -42,7 +43,8 @@ module.exports = {
             'fields',
             'status',
             'formats',
-            'debug'
+            'debug',
+            'absolute_urls'
         ],
         data: [
             'id',

core/server/api/v2/pages.js

@@ -0,0 +1,11 @@
+const common = require('../../lib/common');
+
+module.exports = {
+    docName: 'slack',
+    sendTest: {
+        permissions: false,
+        query() {
+            common.events.emit('slack.test');
+        }
+    }
+};

core/server/api/v2/posts.js

@@ -9,5 +9,16 @@ module.exports = {
 
     get validators() {
         return require('./validators');
+    },
+
+    /**
+     *  TODO: We need to check for public context as permission stage overrides
+     * the whole context object currently: https://github.com/TryGhost/Ghost/issues/10099
+     */
+    isContentAPI: (frame) => {
+        return !!(Object.keys(frame.options.context).length === 0 ||
+                    (!frame.options.context.user && frame.options.context.api_key_id) ||
+                    frame.options.context.public
+        );
     }
 };

core/server/api/v2/slack.js

@@ -1,5 +1,13 @@
 const debug = require('ghost-ignition').debug('api:v2:utils:serializers:input:pages');
 
+function removeMobiledocFormat(frame) {
+    if (frame.options.formats && frame.options.formats.includes('mobiledoc')) {
+        frame.options.formats = frame.options.formats.filter((format) => {
+            return (format !== 'mobiledoc');
+        });
+    }
+}
+
 module.exports = {
     browse(apiConfig, frame) {
         debug('browse');
@@ -19,6 +27,7 @@ module.exports = {
         } else {
             frame.options.filter = 'page:true';
         }
+        removeMobiledocFormat(frame);
 
         debug(frame.options);
     },
@@ -27,6 +36,7 @@ module.exports = {
         debug('read');
 
         frame.data.page = true;
+        removeMobiledocFormat(frame);
 
         debug(frame.options);
     }

core/server/api/v2/utils/index.js

@@ -1,12 +1,28 @@
 const _ = require('lodash');
 const debug = require('ghost-ignition').debug('api:v2:utils:serializers:input:posts');
 const url = require('./utils/url');
+const utils = require('../../index');
+
+function removeMobiledocFormat(frame) {
+    if (frame.options.formats && frame.options.formats.includes('mobiledoc')) {
+        frame.options.formats = frame.options.formats.filter((format) => {
+            return (format !== 'mobiledoc');
+        });
+    }
+}
 
 module.exports = {
     browse(apiConfig, frame) {
         debug('browse');
 
-        if (!_.get(frame, 'options.context.user') && _.get(frame, 'options.context.api_key_id')) {
+        // @TODO: `api_key_id` does not work long term, because it can be either a content or an admin api key?
+        /**
+         * ## current cases:
+         * - context object is empty (functional call, content api access)
+         * - api_key_id exists? content api access
+         * - user exists? admin api access
+         */
+        if (utils.isContentAPI(frame)) {
             // CASE: the content api endpoints for posts should only return non page type resources
             if (frame.options.filter) {
                 if (frame.options.filter.match(/page:\w+\+?/)) {
@@ -21,6 +37,8 @@ module.exports = {
             } else {
                 frame.options.filter = 'page:false';
             }
+            // CASE: the content api endpoint for posts should not return mobiledoc
+            removeMobiledocFormat(frame);
         }
 
         debug(frame.options);
@@ -29,8 +47,17 @@ module.exports = {
     read(apiConfig, frame) {
         debug('read');
 
-        if (!_.get(frame, 'options.context.user') && _.get(frame, 'options.context.api_key_id')) {
+        // @TODO: `api_key_id` does not work long term, because it can be either a content or an admin api key?
+        /**
+         * ## current cases:
+         * - context object is empty (functional call, content api access)
+         * - api_key_id exists? content api access
+         * - user exists? admin api access
+         */
+        if (utils.isContentAPI(frame)) {
             frame.data.page = false;
+            // CASE: the content api endpoint for posts should not return mobiledoc
+            removeMobiledocFormat(frame);
         }
 
         debug(frame.options);

core/server/api/v2/utils/serializers/input/pages.js

@@ -0,0 +1,25 @@
+const debug = require('ghost-ignition').debug('api:v2:utils:serializers:output:authors');
+const mapper = require('./utils/mapper');
+
+module.exports = {
+    browse(models, apiConfig, frame) {
+        debug('browse');
+
+        frame.response = {
+            authors: models.data.map(model => mapper.mapUser(model, frame)),
+            meta: models.meta
+        };
+
+        debug(frame.response);
+    },
+
+    read(model, apiConfig, frame) {
+        debug('read');
+
+        frame.response = {
+            authors: [mapper.mapUser(model, frame)]
+        };
+
+        debug(frame.response);
+    }
+};

core/server/api/v2/utils/serializers/input/posts.js

@@ -57,5 +57,13 @@ module.exports = {
 
     get preview() {
         return require('./preview');
+    },
+
+    get oembed() {
+        return require('./oembed');
+    },
+
+    get authors() {
+        return require('./authors');
     }
 };

core/server/api/v2/utils/serializers/output/authors.js

@@ -0,0 +1,9 @@
+const debug = require('ghost-ignition').debug('api:v2:utils:serializers:output:oembed');
+
+module.exports = {
+    all(res, apiConfig, frame) {
+        debug('all');
+        frame.response = res;
+        debug(frame.response);
+    }
+};