Added new setting in the database: blocked_email_domains [migration]

[sagzy]

ref https://linear.app/ghost/issue/ENG-1973
ref https://app.incident.io/ghost/incidents/132

• added a new database setting: blocked_email_domains (array, default: [])
• this setting will allow publishers to block additional email domains during member signups, on top of the ones blocklisted at a config level (follow-up PR)

[coderabbitai]

Walkthrough

This pull request introduces a new setting called blocked_email_domains to the Ghost CMS configuration. The changes span multiple files to add this setting to the system, including updating the editable settings array, creating a migration to add the setting, defining its default value in the schema, and adjusting test cases to accommodate the new configuration option. The new setting allows administrators to specify email domains that will be blocked from member registrations.

Changes

File	Change Summary
ghost/core/core/server/api/endpoints/utils/serializers/input/settings.js	Added 'blocked_email_domains' to EDITABLE_SETTINGS array
ghost/core/core/server/data/migrations/versions/5.108/2025-01-23-02-51-10-add-blocked-email-domains-setting.js	Added new migration to create blocked_email_domains setting
ghost/core/core/server/data/schema/default-settings/default-settings.json	Added blocked_email_domains property to members section with default empty array
ghost/core/test/unit/server/data/exporter/index.test.js	Updated allowedKeysLength from 88 to 89
ghost/core/test/unit/server/data/schema/integrity.test.js	Updated currentSettingsHash to reflect schema changes

Possibly related PRs

• 🔒 Blocked spammy email domains in member signups #22027: Implements a blocklist for email domains in member signups, directly related to the blocked_email_domains setting

Suggested labels

browser-tests, deploy-to-staging

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

It looks like this PR contains a migration 👀
Here's the checklist for reviewing migrations:

General requirements

• ⚠️ Tested on the staging database servers
• Satisfies idempotency requirement (both up() and down())
• Does not reference models
• Filename is in the correct format (and correctly ordered)
• Targets the next minor version
• All code paths have appropriate log messages
• Uses the correct utils
• Contains a minimal changeset
• Does not mix DDL/DML operations
• Tested in MySQL and SQLite

Schema changes

• Both schema change and related migration have been implemented
• For index changes: has been performance tested for large tables
• For new tables/columns: fields use the appropriate predefined field lengths
• For new tables/columns: field names follow the appropriate conventions
• Does not drop a non-alpha table outside of a major version

Data changes

• Mass updates/inserts are batched appropriately
• Does not loop over large tables/datasets
• Defends against missing or invalid data
• For settings updates: follows the appropriate guidelines

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

ghost/core/core/server/data/migrations/versions/5.108/2025-01-23-02-51-10-add-blocked-email-domains-setting.js (1)

1-8: LGTM! Implementation looks correct.

The migration properly sets up the new setting with appropriate type and grouping.

Add a comment explaining the migration's purpose.

Consider adding a brief comment explaining that this migration adds support for blocking specific email domains during member signups.

 const {addSetting} = require('../../utils');
 
+// Add setting to support blocking specific email domains during member signups
 module.exports = addSetting({
     key: 'blocked_email_domains',
     value: '[]',
     type: 'array',
     group: 'members'
 });

ghost/core/core/server/api/endpoints/utils/serializers/input/settings.js (1)

77-78: Consider grouping with other member-related settings.

For better organization, consider moving blocked_email_domains near other member-related settings like members_signup_access and members_support_address.

     'donations_suggested_amount',
     'recommendations_enabled',
     'body_font',
     'heading_font',
-    'blocked_email_domains'
+    // ... other settings ...
+    'members_signup_access',
+    'members_support_address',
+    'blocked_email_domains',
+    // ... remaining settings ...

ghost/core/test/unit/server/data/exporter/index.test.js (1)

239-239: Add a comment explaining the allowedKeysLength value.

Consider adding a comment to document that the value was incremented due to the addition of the blocked_email_domains setting.

-            const allowedKeysLength = 89;
+            // Incremented to 89 after adding 'blocked_email_domains' setting
+            const allowedKeysLength = 89;

ghost/core/core/server/data/schema/default-settings/default-settings.json (1)

319-321: Implementation looks good, but consider adding validations.

The new blocked_email_domains setting is correctly placed in the members section with appropriate type and default value.

Consider adding:

1. Validation rules for domain format (e.g., regex pattern for valid domain names)
2. Maximum array size limit to prevent performance issues
3. Documentation comments about the expected format of domain entries (e.g., "example.com" vs "@example.com")

Example validation structure:

 "blocked_email_domains": {
     "defaultValue": "[]",
-    "type": "array"
+    "type": "array",
+    "validations": {
+        "maxLength": 1000,
+        "validateArrayItems": {
+            "matches": "^[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9]\\.[a-zA-Z]{2,}$"
+        }
+    }
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 64eef2a and 246c250.

📒 Files selected for processing (5)

• ghost/core/core/server/api/endpoints/utils/serializers/input/settings.js (1 hunks)
• ghost/core/core/server/data/migrations/versions/5.108/2025-01-23-02-51-10-add-blocked-email-domains-setting.js (1 hunks)
• ghost/core/core/server/data/schema/default-settings/default-settings.json (1 hunks)
• ghost/core/test/unit/server/data/exporter/index.test.js (1 hunks)
• ghost/core/test/unit/server/data/schema/integrity.test.js (1 hunks)

🔇 Additional comments (2)

ghost/core/test/unit/server/data/schema/integrity.test.js (1)

40-40: LGTM! Hash update is correct.

The settings hash has been properly updated to reflect the addition of the new blocked_email_domains setting.

ghost/core/test/unit/server/data/exporter/index.test.js (1)

Line range hint 1-8: Verify integration with member signup flow.

While the database changes look good, please ensure:

1. The member signup flow validates against blocked domains
2. UI exists for publishers to manage blocked domains
3. Domain entries are properly validated (format, duplicates, etc.)

Let's verify the integration points:

[Ghost-Slimer]

Deployed to staging with ID: 3210

_{^{How does this work?}}

[Ghost-Slimer]

Deployed to staging with ID: 3210

_{^{How does this work?}}