UNPKG

ghost

Version:

The professional publishing platform

ghost.org

TryGhost/Ghost

135 lines (122 loc) 4.15 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
const _ = require('lodash'); const url = require('./utils/url'); const localUtils = require('../../index'); const settingsCache = require('../../../../../../shared/settings-cache'); const {WRITABLE_KEYS_ALLOWLIST} = require('../../../../../../shared/labs'); const EDITABLE_SETTINGS = [ 'title', 'description', 'logo', 'cover_image', 'icon', 'locale', 'timezone', 'codeinjection_head', 'codeinjection_foot', 'facebook', 'twitter', 'navigation', 'secondary_navigation', 'meta_title', 'meta_description', 'og_image', 'og_title', 'og_description', 'twitter_image', 'twitter_title', 'twitter_description', 'is_private', 'password', 'default_content_visibility', 'default_content_visibility_tiers', 'members_signup_access', 'members_support_address', 'stripe_secret_key', 'stripe_publishable_key', 'stripe_connect_integration_token', 'portal_name', 'portal_button', 'portal_plans', 'portal_default_plan', 'portal_button_style', 'firstpromoter', 'firstpromoter_id', 'portal_button_icon', 'portal_button_signup_text', 'portal_signup_terms_html', 'portal_signup_checkbox_required', 'mailgun_api_key', 'mailgun_domain', 'mailgun_base_url', 'email_track_opens', 'email_track_clicks', 'members_track_sources', 'web_analytics', 'amp', 'amp_gtag_id', 'slack_url', 'slack_username', 'unsplash', 'shared_views', 'accent_color', 'editor_default_email_recipients', 'editor_default_email_recipients_filter', 'labs', 'comments_enabled', 'outbound_link_tagging', 'announcement_content', 'announcement_background', 'announcement_visibility', 'pintura', 'pintura_js_url', 'pintura_css_url', 'donations_currency', 'donations_suggested_amount', 'recommendations_enabled', 'body_font', 'heading_font', 'blocked_email_domains', 'require_email_mfa', 'social_web', 'explore_ping', 'explore_ping_growth' ]; module.exports = { edit(apiConfig, frame) { // CASE: allow shorthand syntax where a single key and value are passed to edit instead of object and options if (_.isString(frame.data)) { frame.data = {settings: [{key: frame.data, value: frame.options}]}; } const settings = settingsCache.getAll(); if (!localUtils.isInternal(frame)) { // Ignore and drop all values not in the EDITABLE_SETTINGS list unless this is an internal request frame.data.settings = frame.data.settings.filter((setting) => { return EDITABLE_SETTINGS.includes(setting.key); }); } frame.data.settings.forEach((setting) => { const settingType = settings[setting.key] ? settings[setting.key].type : ''; // @TODO: handle these transformations in a centralized API place (these rules should apply for ALL resources) // CASE: Ensure we won't forward strings, otherwise model events or model interactions can fail if (settingType === 'boolean' && (setting.value === '0' || setting.value === '1')) { setting.value = !!+setting.value; } // CASE: Ensure we won't forward strings, otherwise model events or model interactions can fail if (settingType === 'boolean' && (setting.value === 'false' || setting.value === 'true')) { setting.value = setting.value === 'true'; } // CASE: filter labs to allowlist if (setting.key === 'labs') { const inputLabsValue = JSON.parse(setting.value); const filteredLabsValue = {}; for (const flag in inputLabsValue) { if (WRITABLE_KEYS_ALLOWLIST.includes(flag)) { filteredLabsValue[flag] = inputLabsValue[flag]; } } setting.value = JSON.stringify(filteredLabsValue); } setting = url.forSetting(setting); }); } };