Add v2.20.1

core/server/api/v2/members.js

@@ -1,4 +1,4 @@
-const memberUserObject = require('../../services/members').api.memberUserObject;
+const memberUserObject = require('../../services/members').api.members;
 
 const members = {
     docName: 'members',

core/server/api/v2/notifications.js

@@ -30,12 +30,25 @@ module.exports = {
             allNotifications = _.orderBy(allNotifications, 'addedAt', 'desc');
 
             allNotifications = allNotifications.filter((notification) => {
+                // NOTE: Filtering by version below is just a patch for bigger problem - notifications are not removed
+                //       after Ghost update. Logic below should be removed when Ghost upgrade detection
+                //       is done (https://github.com/TryGhost/Ghost/issues/10236) and notifications are
+                //       be removed permanently on upgrade event.
+                const ghost20RegEx = /Ghost 2.0 is now available/gi;
+
                 // CASE: do not return old release notification
-                if (!notification.custom && notification.message) {
-                    const notificationVersion = notification.message.match(/(\d+\.)(\d+\.)(\d+)/),
-                        blogVersion = ghostVersion.full.match(/^(\d+\.)(\d+\.)(\d+)/);
+                if (notification.message && (!notification.custom || notification.message.match(ghost20RegEx))) {
+                    let notificationVersion = notification.message.match(/(\d+\.)(\d+\.)(\d+)/);
+
+                    if (notification.message.match(ghost20RegEx)) {
+                        notificationVersion = '2.0.0';
+                    } else if (notificationVersion){
+                        notificationVersion = notificationVersion[0];
+                    }
+
+                    const blogVersion = ghostVersion.full.match(/^(\d+\.)(\d+\.)(\d+)/);
 
-                    if (notificationVersion && blogVersion && semver.gt(notificationVersion[0], blogVersion[0])) {
+                    if (notificationVersion && blogVersion && semver.gt(notificationVersion, blogVersion[0])) {
                         return true;
                     } else {
                         return false;

core/server/api/v2/settings.js

@@ -9,6 +9,12 @@ const urlService = require('../../services/url');
 const common = require('../../lib/common');
 const settingsCache = require('../../services/settings/cache');
 
+const SETTINGS_BLACKLIST = [
+    'members_public_key',
+    'members_private_key',
+    'members_session_secret'
+];
+
 module.exports = {
     docName: 'settings',
 
@@ -28,7 +34,9 @@ module.exports = {
             // CASE: omit core settings unless internal request
             if (!frame.options.context.internal) {
                 settings = _.filter(settings, (setting) => {
-                    return setting.type !== 'core';
+                    const isCore = setting.type === 'core';
+                    const isBlacklisted = SETTINGS_BLACKLIST.includes(setting.key);
+                    return !isBlacklisted && !isCore;
                 });
             }
 

core/server/data/schema/default-settings.json

@@ -11,6 +11,9 @@
         },
         "session_secret": {
             "defaultValue": null
+        },
+        "theme_session_secret": {
+            "defaultValue": null
         }
     },
     "blog": {

core/server/lib/members/index.js

@@ -14,10 +14,10 @@ module.exports = function MembersApi({
         privateKey,
         publicKey,
         sessionSecret,
-        ssoOrigin
+        ssoOrigin,
+        accessControl
     },
     paymentConfig,
-    validateAudience,
     createMember,
     validateMember,
     updateMember,
@@ -53,6 +53,20 @@ module.exports = function MembersApi({
     /* session */
     const {getCookie, setCookie, removeCookie} = Cookies(sessionSecret);
 
+    function validateAccess({audience, origin}) {
+        const audienceLookup = accessControl[origin] || {
+            [origin]: accessControl['*']
+        };
+
+        const tokenSettings = audienceLookup[audience];
+
+        if (tokenSettings) {
+            return Promise.resolve(tokenSettings);
+        }
+
+        return Promise.reject();
+    }
+
     /* token */
     apiRouter.post('/token', getData('audience'), (req, res) => {
         const {signedin} = getCookie(req);
@@ -65,19 +79,16 @@ module.exports = function MembersApi({
 
         const {audience, origin} = req.data;
 
-        validateAudience({audience, origin, id: signedin})
-            .then(() => {
-                return users.get({id: signedin});
+        validateAccess({audience, origin})
+            .then(({tokenLength}) => {
+                return users.get({id: signedin})
+                    .then(member => encodeToken({
+                        sub: member.id,
+                        plans: member.subscriptions.map(sub => sub.plan),
+                        exp: tokenLength,
+                        aud: audience
+                    }));
             })
-            .then(member => encodeToken({
-                sub: member.id,
-                plans: member.subscriptions.map(sub => sub.plan),
-                exp: member.subscriptions
-                    .map(sub => sub.validUntil)
-                    .reduce((a, b) => Math.min(a, b),
-                        Math.floor((Date.now() / 1000) + (60 * 60 * 24 * 30))),
-                aud: audience
-            }))
             .then(token => res.end(token))
             .catch(handleError(403, res));
     });
@@ -89,9 +100,10 @@ module.exports = function MembersApi({
                     return subscriptions.getPublicConfig(adapter);
                 }));
             })
-            .then(data => res.json({
-                paymentConfig: data,
-                siteConfig: siteConfig
+            .then(paymentConfig => res.json({
+                paymentConfig,
+                issuer,
+                siteConfig
             }))
             .catch(handleError(500, res));
     });
@@ -106,7 +118,7 @@ module.exports = function MembersApi({
     }
 
     /* subscriptions */
-    apiRouter.post('/subscription', getData('adapter', 'plan', 'stripeToken'), ssoOriginCheck, (req, res) => {
+    apiRouter.post('/subscription', getData('adapter', 'plan', 'stripeToken', {name: 'coupon', required: false}), ssoOriginCheck, (req, res) => {
         const {signedin} = getCookie(req);
         if (!signedin) {
             res.writeHead(401, {
@@ -115,7 +127,7 @@ module.exports = function MembersApi({
             return res.end();
         }
 
-        const {plan, adapter, stripeToken} = req.data;
+        const {plan, adapter, stripeToken, coupon} = req.data;
 
         subscriptions.getAdapters()
             .then((adapters) => {
@@ -128,7 +140,8 @@ module.exports = function MembersApi({
                 return subscriptions.createSubscription(member, {
                     adapter,
                     plan,
-                    stripeToken
+                    stripeToken,
+                    coupon
                 });
             })
             .then(() => {
@@ -195,9 +208,19 @@ module.exports = function MembersApi({
     /* http */
     const staticRouter = Router();
     staticRouter.use('/static', static(require('path').join(__dirname, './static/auth/dist')));
-    staticRouter.use('/gateway', static(require('path').join(__dirname, './static/gateway')));
+    staticRouter.get('/gateway', (req, res) => {
+        res.status(200).send(`
+            <script>
+                window.membersApiUrl = "${issuer}";
+            </script>
+            <script src="bundle.js"></script>
+        `);
+    });
+    staticRouter.get('/bundle.js', (req, res) => {
+        res.status(200).sendFile(require('path').join(__dirname, './static/gateway/bundle.js'));
+    });
     staticRouter.get('/*', (req, res) => {
-        res.sendFile(require('path').join(__dirname, './static/auth/dist/index.html'));
+        res.status(200).sendFile(require('path').join(__dirname, './static/auth/dist/index.html'));
     });
 
     /* http */
@@ -210,14 +233,23 @@ module.exports = function MembersApi({
         });
     });
 
-    function httpHandler(req, res, next) {
-        return router.handle(req, res, next);
-    }
-
-    httpHandler.staticRouter = staticRouter;
-    httpHandler.apiRouter = apiRouter;
-    httpHandler.memberUserObject = users;
-    httpHandler.reconfigureSettings = function (data) {
+    const apiInstance = {
+        staticRouter,
+        apiRouter
+    };
+    apiInstance.members = users;
+    apiInstance.getPublicConfig = function () {
+        return Promise.resolve({
+            publicKey,
+            issuer
+        });
+    };
+    apiInstance.getMember = function (id, token) {
+        return decodeToken(token).then(() => {
+            return users.get({id});
+        });
+    };
+    apiInstance.reconfigureSettings = function (data) {
         subscriptions = new Subscriptions(data.paymentConfig);
         users = Users({
             subscriptions,
@@ -233,5 +265,5 @@ module.exports = function MembersApi({
         siteConfig = data.siteConfig;
     };
 
-    return httpHandler;
+    return apiInstance;
 };

core/server/lib/members/static/auth/components/CouponInput.js

@@ -0,0 +1,19 @@
+import FormInput from './FormInput';
+import { IconName } from './icons';
+
+export default ({value, disabled, error, children, onInput, className}) => (
+    <FormInput
+        type="text"
+        name="coupon"
+        label="coupon"
+        value={value}
+        error={error}
+        icon={IconName}
+        placeholder="Coupon..."
+        required={false}
+        disabled={disabled}
+        className={className}
+        onInput={onInput}>
+        {children}
+    </FormInput>
+);

core/server/lib/members/static/auth/components/Form.js

@@ -56,8 +56,8 @@ export default class Form extends Component {
         return (e) => {
             e.preventDefault();
 
-            const requiredFields = children.map(c => c.attributes.bindTo).filter(x => !!x)
-            if (!requiredFields.some(x => !data[x])) {
+            const requiredFields = children.map(c => c.attributes && c.attributes.bindTo).filter(x => !!x)
+            if (!requiredFields.some(x => data[x] == null)) {
                 onSubmit(this.state.data)
             }
             this.setState({

core/server/lib/members/static/auth/components/FormInput.js

@@ -1,4 +1,4 @@
-export default ({type, name, placeholder, value = '', error, onInput, required, className, children, icon}) => (
+export default ({type, name, placeholder, value = '', error, onInput, required, disabled = false, className, children, icon}) => (
     <div className="gm-form-element">
         <div className={[
                 (className ? className : ""),
@@ -12,6 +12,7 @@ export default ({type, name, placeholder, value = '', error, onInput, required,
                 value={ value }
                 onInput={ (e) => onInput(e, name) }
                 required={ required }
+                disabled={ disabled }
                 className={[
                     (value ? "gm-input-filled" : ""),
                     (error ? "gm-error" : "")