Welcome to this weeks update! Apologies for the tardiness this week, good news is we now have a tool for collecting information from across our repositories, so we should be on time (Wednesday) next week. This is very much a work in progress idea, so please let us know what you think in the comments 📢
We're still working away on our Ghost v1.0 alpha and the related projects. It's been a slightly quieter week as much of our effort has been on getting the new Ghost Auth service polished up.
Heads up: there will be an v0.11 LTS release within the next 2 weeks! Therefore, if you'd like to get a bug fix into Ghost please submit it to the lts branch ASAP ⏳
We made MySQL a default dependency, and made SQLite3 optional
Here at Ghost HQ we ♥️ SQLite3. For most one-user blogs, it's really all you need. However, although it removes the need for database credentials, the binary dependency has always made Ghost's install process a little troublesome. With Ghost v1.0 we intend to make the install process much, much easier.
As of Ghost v1.0, we'll be making MySQL the (overridable) default for production installs AND introducing Ghost-CLI as the One True Way™ to install Ghost.
The CLI tool will offer
ghost install as a wrapper around
npm install, doing its best to make the install process go smoothly, and providing smart error messages if things go really wrong. To aid in all this we've moved
sqlite3 to be an optional dependency and made
mysql a normal, required dependency. This means that
npm install will not fail if installing SQLite3 fails.
With the CLI you'll be able to run
ghost install local to get a quick, SQLite3-based install for playing around on your local machine (handy for developing themes). The intention is that Ghost-CLI will first of all help to ensure that your environment is correct for installing Ghost with SQLite3 and in the worst case handle SQLite3 install failures by prompting with a fallback to MySQL.
We'll be writing more about the CLI tool over the coming weeks.
We replaced our brute force protection logic
Ghost's spam prevention middleware has needed an upgrade for a little while. This week we removed our custom code in favour of express-brute. This gives us more options for controlling how accounts are locked so it is now based on the much more desirable IP + email address combination, instead of the old email-address only.
This also moves account locking logic and state out of the user model. Recently, we also moved the concept of a user invite to be their own model instead of a state in the user model. With these two big changes, the concept of user state has been significantly simplified 🎉
Upgrades to the new GhostAuth service
We're working away behind the scenes to get the GhostAuth service ready to go. Ghost & passport-ghost both got several updates this week to handle changes in that service. If you're testing out the alpha, we're continuing to reset the GhostAuth service database regularly and therefore you will need to create a fresh database. This can be done by running
knex migrator reset && knex migratior init.
Improvements to the new Ghost editor
Want to find out more about Ghost development? Subscribe to the updates feed for to the alpha feed if you're more interested in how v1.0 is progressing. Alternatively, follow us on twitter 🐦 or sign up to get our weekly newsletter in your inbox 📬.