diff --git a/.licensed.yml b/.licensed.yml index 178118521fd..f89daae2bd0 100644 --- a/.licensed.yml +++ b/.licensed.yml @@ -13,6 +13,7 @@ allowed: ignored: bundler: - rchardet # Ruby terms + - strscan # Ruby reviewed: bundler: @@ -31,10 +32,16 @@ reviewed: - highline # GPL-2.0 OR Ruby terms - htmlentities # MIT - image_size # MIT + - io-wait # Ruby terms - json # Ruby terms - jwt # MIT - kgio # LGPL-2.1+ - logstash-event # Apache-2.0 + - net-http # Ruby + - net-imap # Ruby + - net-pop # Ruby + - net-protocol # Ruby + - net-smtp # Ruby - omniauth # MIT - openssl # Ruby terms - pg # Ruby terms @@ -44,5 +51,7 @@ reviewed: - rubyzip # Ruby terms - sidekiq # LGPL (Sidekiq) - tilt + - timeout # Ruby - unf # BSD-2-Clause - - unicorn \ No newline at end of file + - unicorn + - uri # Ruby diff --git a/Gemfile b/Gemfile index c66a3f25542..b7c7012bb1d 100644 --- a/Gemfile +++ b/Gemfile @@ -18,7 +18,7 @@ else # this allows us to include the bits of rails we use without pieces we do not. # # To issue a rails update bump the version number here - rails_version = '6.1.4.7' + rails_version = '7.0.2.4' gem 'actionmailer', rails_version gem 'actionpack', rails_version gem 'actionview', rails_version @@ -68,7 +68,7 @@ gem 'http_accept_language', require: false gem 'discourse-ember-rails', '0.18.6', require: 'ember-rails' gem 'discourse-ember-source', '~> 3.12.2' gem 'ember-handlebars-template', '0.8.0' -gem 'discourse-fonts' +gem 'discourse-fonts', require: 'discourse_fonts' gem 'barber' @@ -190,7 +190,7 @@ if ENV["ALLOW_DEV_POPULATE"] == "1" gem 'discourse_dev_assets' gem 'faker', "~> 2.16" else - group :development do + group :development, :test do gem 'discourse_dev_assets' gem 'faker', "~> 2.16" end @@ -268,3 +268,7 @@ gem 'colored2', require: false gem 'maxminddb' gem 'rails_failover', require: false + +# workaround for faraday-net_http, see +# https://github.com/ruby/net-imap/issues/16#issuecomment-803086765 +gem 'net-http' diff --git a/Gemfile.lock b/Gemfile.lock index 0b297095957..fa91ed2dc7e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,22 +8,25 @@ GIT GEM remote: https://rubygems.org/ specs: - actionmailer (6.1.4.7) - actionpack (= 6.1.4.7) - actionview (= 6.1.4.7) - activejob (= 6.1.4.7) - activesupport (= 6.1.4.7) + actionmailer (7.0.2.4) + actionpack (= 7.0.2.4) + actionview (= 7.0.2.4) + activejob (= 7.0.2.4) + activesupport (= 7.0.2.4) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (6.1.4.7) - actionview (= 6.1.4.7) - activesupport (= 6.1.4.7) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.2.4) + actionview (= 7.0.2.4) + activesupport (= 7.0.2.4) + rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actionview (6.1.4.7) - activesupport (= 6.1.4.7) + actionview (7.0.2.4) + activesupport (= 7.0.2.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -32,20 +35,19 @@ GEM actionview (>= 6.0.a) active_model_serializers (0.8.4) activemodel (>= 3.0) - activejob (6.1.4.7) - activesupport (= 6.1.4.7) + activejob (7.0.2.4) + activesupport (= 7.0.2.4) globalid (>= 0.3.6) - activemodel (6.1.4.7) - activesupport (= 6.1.4.7) - activerecord (6.1.4.7) - activemodel (= 6.1.4.7) - activesupport (= 6.1.4.7) - activesupport (6.1.4.7) + activemodel (7.0.2.4) + activesupport (= 7.0.2.4) + activerecord (7.0.2.4) + activemodel (= 7.0.2.4) + activesupport (= 7.0.2.4) + activesupport (7.0.2.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) annotate (3.2.0) @@ -106,6 +108,7 @@ GEM debug_inspector (1.1.0) diff-lcs (1.5.0) diffy (3.4.0) + digest (3.1.0) discourse-ember-rails (0.18.6) active_model_serializers ember-data-source (>= 1.0.0.beta.5) @@ -185,6 +188,7 @@ GEM progress (~> 3.0, >= 3.0.1) image_size (3.0.1) in_threads (1.6.0) + io-wait (0.2.1) ipaddr (1.2.4) jmespath (1.6.1) jquery-rails (4.4.0) @@ -246,6 +250,24 @@ GEM multi_xml (0.6.0) multipart-post (2.1.1) mustache (1.1.1) + net-http (0.2.0) + net-protocol + uri + net-imap (0.2.3) + digest + net-protocol + strscan + net-pop (0.1.1) + digest + net-protocol + timeout + net-protocol (0.1.2) + io-wait + timeout + net-smtp (0.3.1) + digest + net-protocol + timeout nio4r (2.5.8) nokogiri (1.13.4) mini_portile2 (~> 2.8.0) @@ -332,12 +354,13 @@ GEM rails_multisite (4.0.1) activerecord (> 5.0, < 7.1) railties (> 5.0, < 7.1) - railties (6.1.4.7) - actionpack (= 6.1.4.7) - activesupport (= 6.1.4.7) + railties (7.0.2.4) + actionpack (= 7.0.2.4) + activesupport (= 7.0.2.4) method_source - rake (>= 0.13) + rake (>= 12.2) thor (~> 1.0) + zeitwerk (~> 2.5) rainbow (3.1.1) raindrops (0.20.0) rake (13.0.6) @@ -452,9 +475,11 @@ GEM sprockets (>= 3.0.0) sshkey (2.0.0) stackprof (0.2.19) + strscan (3.0.1) test-prof (1.0.8) thor (1.2.1) tilt (2.0.10) + timeout (0.2.0) tzinfo (2.0.4) concurrent-ruby (~> 1.0) uglifier (4.2.0) @@ -467,6 +492,7 @@ GEM kgio (~> 2.6) raindrops (~> 0.7) uniform_notifier (1.16.0) + uri (0.11.0) uri_template (0.7.0) webmock (3.14.0) addressable (>= 2.8.0) @@ -489,14 +515,14 @@ PLATFORMS x86_64-linux DEPENDENCIES - actionmailer (= 6.1.4.7) - actionpack (= 6.1.4.7) - actionview (= 6.1.4.7) + actionmailer (= 7.0.2.4) + actionpack (= 7.0.2.4) + actionview (= 7.0.2.4) actionview_precompiler active_model_serializers (~> 0.8.3) - activemodel (= 6.1.4.7) - activerecord (= 6.1.4.7) - activesupport (= 6.1.4.7) + activemodel (= 7.0.2.4) + activerecord (= 7.0.2.4) + activesupport (= 7.0.2.4) addressable annotate aws-sdk-s3 @@ -556,6 +582,7 @@ DEPENDENCIES mocha multi_json mustache + net-http nokogiri oj omniauth @@ -575,7 +602,7 @@ DEPENDENCIES rack-protection rails_failover rails_multisite - railties (= 6.1.4.7) + railties (= 7.0.2.4) rake rb-fsevent rbtrace diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 4e6b69a49cc..3507affa497 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -68,7 +68,7 @@ class ApplicationController < ActionController::Base def use_crawler_layout? @use_crawler_layout ||= request.user_agent && - (request.content_type.blank? || request.content_type.include?('html')) && + (request.media_type.blank? || request.media_type.include?('html')) && !['json', 'rss'].include?(params[:format]) && (has_escaped_fragment? || params.key?("print") || show_browser_update? || CrawlerDetection.crawler?(request.user_agent, request.headers["HTTP_VIA"]) @@ -287,7 +287,7 @@ class ApplicationController < ActionController::Base # cause category / topic was deleted if permalink.present? && permalink.target_url # permalink present, redirect to that URL - redirect_with_client_support permalink.target_url, status: :moved_permanently + redirect_with_client_support permalink.target_url, status: :moved_permanently, allow_other_host: true return end end @@ -834,7 +834,7 @@ class ApplicationController < ActionController::Base end if UserApiKey.allowed_scopes.superset?(Set.new(["one_time_password"])) - redirect_to("#{params[:auth_redirect]}?otp=true") + redirect_to("#{params[:auth_redirect]}?otp=true", allow_other_host: true) return end end diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb index b7e0df39c52..f1292d4fe08 100644 --- a/app/controllers/posts_controller.rb +++ b/app/controllers/posts_controller.rb @@ -1,6 +1,9 @@ # frozen_string_literal: true class PostsController < ApplicationController + # Bug with Rails 7+ + # see https://github.com/rails/rails/issues/44867 + self._flash_types -= [:notice] requires_login except: [ :show, diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb index caa63596098..beefb526e20 100644 --- a/app/controllers/session_controller.rb +++ b/app/controllers/session_controller.rb @@ -33,7 +33,7 @@ class SessionController < ApplicationController if SiteSetting.verbose_discourse_connect_logging Rails.logger.warn("Verbose SSO log: Started SSO process\n\n#{sso.diagnostics}") end - redirect_to sso_url(sso) + redirect_to sso_url(sso), allow_other_host: true else render body: nil, status: 404 end @@ -69,14 +69,14 @@ class SessionController < ApplicationController # for the login modal cookies[:sso_destination_url] = data[:sso_redirect_url] else - redirect_to data[:sso_redirect_url] + redirect_to data[:sso_redirect_url], allow_other_host: true end elsif result.no_second_factors_enabled? if request.xhr? # for the login modal cookies[:sso_destination_url] = result.data[:sso_redirect_url] else - redirect_to result.data[:sso_redirect_url] + redirect_to result.data[:sso_redirect_url], allow_other_host: true end elsif result.second_factor_auth_completed? redirect_url = result.data[:sso_redirect_url] @@ -169,7 +169,7 @@ class SessionController < ApplicationController # they are already pre-approved because they have been invited if SiteSetting.must_approve_users? && !user.approved? && invite.blank? if SiteSetting.discourse_connect_not_approved_url.present? - redirect_to SiteSetting.discourse_connect_not_approved_url + redirect_to SiteSetting.discourse_connect_not_approved_url, allow_other_host: true else render_sso_error(text: I18n.t("discourse_connect.account_not_approved"), status: 403) end @@ -220,7 +220,7 @@ class SessionController < ApplicationController return_path = path("/") end - redirect_to return_path + redirect_to return_path, allow_other_host: true else render_sso_error(text: I18n.t("discourse_connect.not_found"), status: 500) end @@ -583,7 +583,7 @@ class SessionController < ApplicationController redirect_url: redirect_url } else - redirect_to redirect_url + redirect_to redirect_url, allow_other_host: true end end diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb index 5a509932230..ded832cb47b 100644 --- a/app/controllers/static_controller.rb +++ b/app/controllers/static_controller.rb @@ -30,7 +30,7 @@ class StaticController < ApplicationController if map.has_key?(@page) site_setting_key = map[@page][:redirect] url = SiteSetting.get(site_setting_key) if site_setting_key - return redirect_to(url) if url.present? + return redirect_to(url, allow_other_host: true) if url.present? end # The /guidelines route ALWAYS shows our FAQ, ignoring the faq_url site setting. diff --git a/app/controllers/svg_sprite_controller.rb b/app/controllers/svg_sprite_controller.rb index b5b6db3731e..5366654d9df 100644 --- a/app/controllers/svg_sprite_controller.rb +++ b/app/controllers/svg_sprite_controller.rb @@ -15,7 +15,7 @@ class SvgSpriteController < ApplicationController theme_id = params[:theme_id].to_i if params[:theme_id].present? if SvgSprite.version(theme_id) != params[:version] - return redirect_to UrlHelper.absolute((SvgSprite.path(theme_id))) + return redirect_to UrlHelper.absolute((SvgSprite.path(theme_id))), allow_other_host: true end svg_sprite = "window.__svg_sprite = #{SvgSprite.bundle(theme_id).inspect};" diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb index 891320f7e35..9c87a938690 100644 --- a/app/controllers/uploads_controller.rb +++ b/app/controllers/uploads_controller.rb @@ -118,7 +118,7 @@ class UploadsController < ApplicationController if Discourse.store.internal? send_file_local_upload(upload) else - redirect_to Discourse.store.url_for(upload, force_download: force_download?) + redirect_to Discourse.store.url_for(upload, force_download: force_download?), allow_other_host: true end else render_404 @@ -149,7 +149,7 @@ class UploadsController < ApplicationController # private, so we don't want to go to the CDN url just yet otherwise we # will get a 403. if the upload is not secure we assume the ACL is public signed_secure_url = Discourse.store.signed_url_for_path(path_with_ext) - redirect_to upload.secure? ? signed_secure_url : Discourse.store.cdn_url(upload.url) + redirect_to upload.secure? ? signed_secure_url : Discourse.store.cdn_url(upload.url), allow_other_host: true end def handle_secure_upload_request(upload, path_with_ext = nil) @@ -166,14 +166,14 @@ class UploadsController < ApplicationController # url_for figures out the full URL, handling multisite DBs, # and will return a presigned URL for the upload if path_with_ext.blank? - return redirect_to Discourse.store.url_for(upload, force_download: force_download?) + return redirect_to Discourse.store.url_for(upload, force_download: force_download?), allow_other_host: true end redirect_to Discourse.store.signed_url_for_path( path_with_ext, expires_in: S3Helper::DOWNLOAD_URL_EXPIRES_AFTER_SECONDS, force_download: force_download? - ) + ), allow_other_host: true end def metadata diff --git a/app/controllers/user_api_keys_controller.rb b/app/controllers/user_api_keys_controller.rb index 402a38e1d97..0a34a33d65f 100644 --- a/app/controllers/user_api_keys_controller.rb +++ b/app/controllers/user_api_keys_controller.rb @@ -97,7 +97,7 @@ class UserApiKeysController < ApplicationController query_attributes << "oneTimePassword=#{CGI.escape(otp_payload)}" if scopes.include?("one_time_password") uri.query = query_attributes.compact.join('&') - redirect_to(uri.to_s) + redirect_to(uri.to_s, allow_other_host: true) else respond_to do |format| format.html { render :show } @@ -138,7 +138,7 @@ class UserApiKeysController < ApplicationController otp_payload = one_time_password(public_key, current_user.username) redirect_path = "#{params[:auth_redirect]}?oneTimePassword=#{CGI.escape(otp_payload)}" - redirect_to(redirect_path) + redirect_to(redirect_path, allow_other_host: true) end def revoke diff --git a/app/controllers/user_avatars_controller.rb b/app/controllers/user_avatars_controller.rb index 2d339e9f545..cc28143c0db 100644 --- a/app/controllers/user_avatars_controller.rb +++ b/app/controllers/user_avatars_controller.rb @@ -112,7 +112,7 @@ class UserAvatarsController < ApplicationController if !Discourse.avatar_sizes.include?(size) && Discourse.store.external? closest = Discourse.avatar_sizes.to_a.min { |a, b| (size - a).abs <=> (size - b).abs } avatar_url = UserAvatar.local_avatar_url(hostname, user.encoded_username(lower: true), upload_id, closest) - return redirect_to cdn_path(avatar_url) + return redirect_to cdn_path(avatar_url), allow_other_host: true end upload = Upload.find_by(id: upload_id) if user&.user_avatar&.contains_upload?(upload_id) @@ -120,7 +120,7 @@ class UserAvatarsController < ApplicationController if user.uploaded_avatar && !upload avatar_url = UserAvatar.local_avatar_url(hostname, user.encoded_username(lower: true), user.uploaded_avatar_id, size) - return redirect_to cdn_path(avatar_url) + return redirect_to cdn_path(avatar_url), allow_other_host: true elsif upload && optimized = get_optimized_image(upload, size) if optimized.local? optimized_path = Discourse.store.path_for(optimized) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 768053e00a6..2a0c900c8ca 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1024,7 +1024,7 @@ class UsersController < ApplicationController if SiteSetting.enable_discourse_connect_provider && payload = cookies.delete(:sso_payload) return redirect_to(session_sso_provider_url + "?" + payload) elsif destination_url = cookies.delete(:destination_url) - return redirect_to(destination_url) + return redirect_to(destination_url, allow_other_host: true) else return redirect_to(path('/')) end @@ -1086,7 +1086,7 @@ class UsersController < ApplicationController if Wizard.user_requires_completion?(@user) return redirect_to(wizard_path) elsif destination_url.present? - return redirect_to(destination_url) + return redirect_to(destination_url, allow_other_host: true) elsif SiteSetting.enable_discourse_connect_provider && payload = cookies.delete(:sso_payload) return redirect_to(session_sso_provider_url + "?" + payload) end diff --git a/app/jobs/regular/group_smtp_email.rb b/app/jobs/regular/group_smtp_email.rb index dbe9f822245..b06801be188 100644 --- a/app/jobs/regular/group_smtp_email.rb +++ b/app/jobs/regular/group_smtp_email.rb @@ -1,7 +1,5 @@ # frozen_string_literal: true -require_dependency 'email/sender' - module Jobs class GroupSmtpEmail < ::Jobs::Base include Skippable diff --git a/app/jobs/scheduled/old_keys_reminder.rb b/app/jobs/scheduled/old_keys_reminder.rb index f5318c70079..de824fa5d0e 100644 --- a/app/jobs/scheduled/old_keys_reminder.rb +++ b/app/jobs/scheduled/old_keys_reminder.rb @@ -57,8 +57,8 @@ module Jobs end def keys_list - messages = old_site_settings_keys.map { |key| "#{key.name} - #{key.updated_at.to_date.to_s(:db)}" } - old_api_keys.each_with_object(messages) { |key, array| array << "#{[key.description, key.user&.username, key.created_at.to_date.to_s(:db)].compact.join(" - ")}" } + messages = old_site_settings_keys.map { |key| "#{key.name} - #{key.updated_at.to_date.to_fs(:db)}" } + old_api_keys.each_with_object(messages) { |key, array| array << "#{[key.description, key.user&.username, key.created_at.to_date.to_fs(:db)].compact.join(" - ")}" } messages.join("\n") end end diff --git a/app/mailers/group_smtp_mailer.rb b/app/mailers/group_smtp_mailer.rb index d47a75051ef..42a2c9a082f 100644 --- a/app/mailers/group_smtp_mailer.rb +++ b/app/mailers/group_smtp_mailer.rb @@ -1,7 +1,5 @@ # frozen_string_literal: true -require_dependency 'email/message_builder' - class GroupSmtpMailer < ActionMailer::Base include Email::BuildEmailHelper diff --git a/app/models/theme.rb b/app/models/theme.rb index 596db2e2b2f..5c510086f7f 100644 --- a/app/models/theme.rb +++ b/app/models/theme.rb @@ -1,6 +1,5 @@ # frozen_string_literal: true -require_dependency 'global_path' require 'csv' require 'json_schemer' diff --git a/app/models/topic_list.rb b/app/models/topic_list.rb index 2c564087ed8..bfa6960e0f3 100644 --- a/app/models/topic_list.rb +++ b/app/models/topic_list.rb @@ -153,7 +153,9 @@ class TopicList ft.topic_list = self end - ActiveRecord::Associations::Preloader.new.preload(@topics, [:image_upload, topic_thumbnails: :optimized_image]) + ActiveRecord::Associations::Preloader + .new(records: @topics, associations: [:image_upload, topic_thumbnails: :optimized_image]) + .call if preloaded_custom_fields.present? Topic.preload_custom_fields(@topics, preloaded_custom_fields) diff --git a/app/models/translation_override.rb b/app/models/translation_override.rb index 85b09c0e74a..932ac08fa66 100644 --- a/app/models/translation_override.rb +++ b/app/models/translation_override.rb @@ -1,7 +1,5 @@ # frozen_string_literal: true -require "i18n/i18n_interpolation_keys_finder" - class TranslationOverride < ActiveRecord::Base # Allowlist i18n interpolation keys that can be included when customizing translations ALLOWED_CUSTOM_INTERPOLATION_KEYS = { diff --git a/app/services/bookmarkable.rb b/app/services/bookmarkable.rb index 525f07ee65b..b5cd2e8ab60 100644 --- a/app/services/bookmarkable.rb +++ b/app/services/bookmarkable.rb @@ -73,8 +73,8 @@ class Bookmarkable # @param [Array] bookmarks The array of bookmarks after initial listing and filtering, note this is # array _not_ an ActiveRecord::Relation. def perform_preload(bookmarks) - ActiveRecord::Associations::Preloader.new.preload( - Bookmark.select_type(bookmarks, model.to_s), { bookmarkable: preload_associations } - ) + ActiveRecord::Associations::Preloader + .new(records: Bookmark.select_type(bookmarks, model.to_s), associations: [bookmarkable: preload_associations]) + .call end end diff --git a/config/application.rb b/config/application.rb index f17ea293a33..882ccda5b67 100644 --- a/config/application.rb +++ b/config/application.rb @@ -21,7 +21,7 @@ require 'action_mailer/railtie' require 'sprockets/railtie' # Plugin related stuff -require_relative '../lib/plugin_initialization_guard' +require_relative '../lib/plugin' require_relative '../lib/discourse_event' require_relative '../lib/discourse_plugin_registry' @@ -31,7 +31,13 @@ require_relative '../lib/plugin_gem' require_relative '../app/models/global_setting' GlobalSetting.configure! if GlobalSetting.load_plugins? - require_relative '../lib/custom_setting_providers' + # Support for plugins to register custom setting providers. They can do this + # by having a file, `register_provider.rb` in their root that will be run + # at this point. + + Dir.glob(File.join(File.dirname(__FILE__), '../plugins', '*', "register_provider.rb")) do |p| + require p + end end GlobalSetting.load_defaults if GlobalSetting.try(:cdn_url).present? && GlobalSetting.cdn_url !~ /^https?:\/\// @@ -85,14 +91,11 @@ module Discourse # Application configuration should go into files in config/initializers # -- all .rb files in that directory are automatically loaded. - # this pattern is somewhat odd but the reloader gets very - # confused here if we load the deps without `lib` it thinks - # discourse.rb is under the discourse folder incorrectly - require_dependency 'lib/discourse' - require_dependency 'lib/js_locale_helper' + require 'discourse' + require 'js_locale_helper' # tiny file needed by site settings - require_dependency 'lib/highlight_js/highlight_js' + require 'highlight_js' # we skip it cause we configure it in the initializer # the railtie for message_bus would insert it in the @@ -109,120 +112,19 @@ module Discourse # issue is image_optim crashes on missing dependencies config.assets.image_optim = false - config.autoloader = :zeitwerk - # Custom directories with classes and modules you want to be autoloadable. - config.autoload_paths += Dir["#{config.root}/lib"] - config.autoload_paths += Dir["#{config.root}/lib/common_passwords"] - config.autoload_paths += Dir["#{config.root}/lib/highlight_js"] - config.autoload_paths += Dir["#{config.root}/lib/i18n"] - config.autoload_paths += Dir["#{config.root}/lib/validators/"] - - Rails.autoloaders.main.ignore(Dir["#{config.root}/app/models/reports"]) - Rails.autoloaders.main.ignore(Dir["#{config.root}/lib/freedom_patches"]) - - def watchable_args - files, dirs = super - - # Skip the assets directory. It doesn't contain any .rb files, so watching it - # is just slowing things down and raising warnings about node_modules symlinks - app_file_extensions = dirs.delete("#{config.root}/app") - Dir["#{config.root}/app/*"].reject { |path| path.end_with? "/assets" }.each do |path| - dirs[path] = app_file_extensions - end - - [files, dirs] - end + config.autoload_paths << "#{root}/lib" + config.autoload_paths << "#{root}/lib/guardian" + config.autoload_paths << "#{root}/lib/i18n" + config.autoload_paths << "#{root}/lib/validators" # Only load the plugins named here, in the order given (default is alphabetical). # :all can be used as a placeholder for all plugins not explicitly named. # config.plugins = [ :exception_notification, :ssl_requirement, :all ] - config.assets.paths += %W(#{config.root}/config/locales #{config.root}/public/javascripts) - # Allows us to skip minification on some files config.assets.skip_minification = [] - # explicitly precompile any images in plugins ( /assets/images ) path - config.assets.precompile += [lambda do |filename, path| - path =~ /assets\/images/ && !%w(.js .css).include?(File.extname(filename)) - end] - - config.assets.precompile += %w{ - vendor.js - admin.js - browser-detect.js - browser-update.js - break_string.js - ember_jquery.js - pretty-text-bundle.js - wizard-application.js - wizard-vendor.js - markdown-it-bundle.js - service-worker.js - google-tag-manager.js - google-universal-analytics-v3.js - google-universal-analytics-v4.js - start-discourse.js - print-page.js - omniauth-complete.js - activate-account.js - auto-redirect.js - wizard-start.js - locales/i18n.js - discourse/app/lib/webauthn.js - confirm-new-email/confirm-new-email.js - confirm-new-email/bootstrap.js - onpopstate-handler.js - embed-application.js - discourse/tests/active-plugins.js - admin-plugins.js - discourse/tests/test_starter.js - } - - if EmberCli.enabled? - config.assets.precompile += %w{ - discourse.js - test-support.js - test-helpers.js - scripts/discourse-test-listen-boot - scripts/discourse-boot - } - else - config.assets.precompile += %w{ - application.js - discourse/tests/test-support-rails.js - discourse/tests/test-helpers-rails.js - vendor-theme-tests.js - } - end - - # Precompile all available locales - unless GlobalSetting.try(:omit_base_locales) - Dir.glob("#{config.root}/app/assets/javascripts/locales/*.js.erb").each do |file| - config.assets.precompile << "locales/#{file.match(/([a-z_A-Z]+\.js)\.erb$/)[1]}" - end - end - - # out of the box sprockets 3 grabs loose files that are hanging in assets, - # the exclusion list does not include hbs so you double compile all this stuff - initializer :fix_sprockets_loose_file_searcher, after: :set_default_precompile do |app| - app.config.assets.precompile.delete(Sprockets::Railtie::LOOSE_APP_ASSETS) - - # We don't want application from node_modules, only from the root - app.config.assets.precompile.delete(/(?:\/|\\|\A)application\.(css|js)$/) - app.config.assets.precompile += ['application.js'] - - start_path = ::Rails.root.join("app/assets").to_s - exclude = ['.es6', '.hbs', '.hbr', '.js', '.css', '.lock', '.json', '.log', '.html', ''] - app.config.assets.precompile << lambda do |logical_path, filename| - filename.start_with?(start_path) && - !filename.include?("/node_modules/") && - !filename.include?("/dist/") && - !exclude.include?(File.extname(logical_path)) - end - end - # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. config.time_zone = 'UTC' @@ -234,24 +136,6 @@ module Discourse # Configure the default encoding used in templates for Ruby 1.9. config.encoding = 'utf-8' - # Configure sensitive parameters which will be filtered from the log file. - config.filter_parameters += [ - :password, - :pop3_polling_password, - :api_key, - :s3_secret_access_key, - :twitter_consumer_secret, - :facebook_app_secret, - :github_client_secret, - :second_factor_token, - ] - - # Enable the asset pipeline - config.assets.enabled = true - - # Version of your assets, change this if you want to expire all your assets - config.assets.version = '1.2.5' - # see: http://stackoverflow.com/questions/11894180/how-does-one-correctly-add-custom-sql-dml-in-migrations/11894420#11894420 config.active_record.schema_format = :sql @@ -336,45 +220,21 @@ module Discourse if Rails.env.test? && GlobalSetting.load_plugins? Discourse.activate_plugins! elsif GlobalSetting.load_plugins? - plugin_initialization_guard do + Plugin.initialization_guard do Discourse.activate_plugins! end end - Discourse.find_plugin_js_assets(include_disabled: true).each do |file| - config.assets.precompile << "#{file}.js" - end - # Use discourse-fonts gem to symlink fonts and generate .scss file fonts_path = File.join(config.root, 'public/fonts') Discourse::Utils.atomic_ln_s(DiscourseFonts.path_for_fonts, fonts_path) - require_dependency 'stylesheet/manager' - require_dependency 'svg_sprite/svg_sprite' + require 'stylesheet/manager' + require 'svg_sprite' config.after_initialize do - # require common dependencies that are often required by plugins - # in the past observers would load them as side-effects - # correct behavior is for plugins to require stuff they need, - # however it would be a risky and breaking change not to require here - require_dependency 'category' - require_dependency 'post' - require_dependency 'topic' - require_dependency 'user' - require_dependency 'post_action' - require_dependency 'post_revision' - require_dependency 'notification' - require_dependency 'topic_user' - require_dependency 'topic_view' - require_dependency 'topic_list' - require_dependency 'group' - require_dependency 'user_field' - require_dependency 'post_action_type' - # Ensure that Discourse event triggers for web hooks are loaded - require_dependency 'web_hook' - # Load plugins - plugin_initialization_guard do + Plugin.initialization_guard do Discourse.plugins.each(&:notify_after_initialize) end diff --git a/config/environment.rb b/config/environment.rb index 516a139c3a8..7bb5d95ae90 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,12 +1,12 @@ # frozen_string_literal: true -# Load the rails application -require File.expand_path('../application', __FILE__) +# Load the Rails application. +require_relative "application" -# Initialize the rails application -Discourse::Application.initialize! +# Initialize the Rails application. +Rails.application.initialize! # When in "dev" mode, ensure we won't be sending any emails -if Rails.env.development? && ActionMailer::Base.smtp_settings != { address: "localhost", port: 1025 } +if Rails.env.development? && ActionMailer::Base.smtp_settings.slice(:address, :port) != { address: "localhost", port: 1025 } fail "In development mode, you should be using mailhog otherwise you might end up sending thousands of digest emails" end diff --git a/config/initializers/000-zeitwerk.rb b/config/initializers/000-zeitwerk.rb index 7fa14e8bf44..0d5e55d3d57 100644 --- a/config/initializers/000-zeitwerk.rb +++ b/config/initializers/000-zeitwerk.rb @@ -36,5 +36,15 @@ Rails.autoloaders.each do |autoloader| 'onceoff' => 'Jobs', 'regular' => 'Jobs', 'scheduled' => 'Jobs', + 'google_oauth2_authenticator' => 'GoogleOAuth2Authenticator', + 'omniauth_strategies' => 'OmniAuthStrategies', + 'csrf_token_verifier' => 'CSRFTokenVerifier', + 'html' => 'HTML', + 'json' => 'JSON' ) end +Rails.autoloaders.main.ignore("lib/tasks", + "lib/generators", + "lib/freedom_patches", + "lib/i18n/backend", + "lib/unicorn_logstash_patch.rb") diff --git a/config/initializers/002-rails_failover.rb b/config/initializers/002-rails_failover.rb index 7ff49b775c4..3f1463fdd87 100644 --- a/config/initializers/002-rails_failover.rb +++ b/config/initializers/002-rails_failover.rb @@ -30,14 +30,14 @@ if defined?(RailsFailover::ActiveRecord) return unless Rails.configuration.active_record_rails_failover if Rails.configuration.multisite - if ActiveRecord::Base.current_role == ActiveRecord::Base.reading_role + if ActiveRecord::Base.current_role == ActiveRecord.reading_role RailsMultisite::ConnectionManagement.default_connection_handler = - ActiveRecord::Base.connection_handlers[ActiveRecord::Base.reading_role] + ActiveRecord::Base.connection_handlers[ActiveRecord.reading_role] end end RailsFailover::ActiveRecord.on_failover do |role| - if role == ActiveRecord::Base.writing_role # Multisite master + if role == ActiveRecord.writing_role # Multisite master RailsMultisite::ConnectionManagement.each_connection do Discourse.enable_readonly_mode(Discourse::PG_READONLY_MODE_KEY) end @@ -47,16 +47,16 @@ if defined?(RailsFailover::ActiveRecord) end # Test connection to the master, and trigger master failover if needed - ActiveRecord::Base.connected_to(role: ActiveRecord::Base.writing_role) do + ActiveRecord::Base.connected_to(role: ActiveRecord.writing_role) do ActiveRecord::Base.connection.active? rescue PG::ConnectionBad, PG::UnableToSend, PG::ServerError - RailsFailover::ActiveRecord.verify_primary(ActiveRecord::Base.writing_role) + RailsFailover::ActiveRecord.verify_primary(ActiveRecord.writing_role) end end end RailsFailover::ActiveRecord.on_fallback do |role| - if role == ActiveRecord::Base.writing_role # Multisite master + if role == ActiveRecord.writing_role # Multisite master RailsMultisite::ConnectionManagement.each_connection do Discourse.disable_readonly_mode(Discourse::PG_READONLY_MODE_KEY) end @@ -68,7 +68,7 @@ if defined?(RailsFailover::ActiveRecord) if Rails.configuration.multisite RailsMultisite::ConnectionManagement.default_connection_handler = - ActiveRecord::Base.connection_handlers[ActiveRecord::Base.writing_role] + ActiveRecord::Base.connection_handlers[ActiveRecord.writing_role] end end diff --git a/config/initializers/005-site_settings.rb b/config/initializers/005-site_settings.rb index 4ecaa85df33..9286affcbf0 100644 --- a/config/initializers/005-site_settings.rb +++ b/config/initializers/005-site_settings.rb @@ -6,17 +6,15 @@ Discourse.git_version if GlobalSetting.skip_redis? - # Requiring this file explicitly prevents it from being autoloaded and so the - # provider attribute is not cleared - require File.expand_path('../../../app/models/site_setting', __FILE__) - require 'site_settings/local_process_provider' Rails.cache = Discourse.cache - SiteSetting.provider = SiteSettings::LocalProcessProvider.new + Rails.application.config.to_prepare do + SiteSetting.provider = SiteSettings::LocalProcessProvider.new + end return end -reload_settings = lambda { +Rails.application.config.to_prepare do RailsMultisite::ConnectionManagement.safe_each_connection do begin SiteSetting.refresh! @@ -28,12 +26,4 @@ reload_settings = lambda { # This will happen when migrating a new database end end -} - -reload_settings.call - -if !Rails.configuration.cache_classes - ActiveSupport::Reloader.to_prepare do - reload_settings.call - end end diff --git a/config/initializers/006-ensure_login_hint.rb b/config/initializers/006-ensure_login_hint.rb index 837ab3f1ab8..06debac7564 100644 --- a/config/initializers/006-ensure_login_hint.rb +++ b/config/initializers/006-ensure_login_hint.rb @@ -2,30 +2,32 @@ return if GlobalSetting.skip_db? -# Some sanity checking so we don't count on an unindexed column on boot -begin - if ActiveRecord::Base.connection.table_exists?(:users) && - User.limit(20).count < 20 && - User.where(admin: true).human_users.count == 0 +Rails.application.config.to_prepare do + # Some sanity checking so we don't count on an unindexed column on boot + begin + if ActiveRecord::Base.connection.table_exists?(:users) && + User.limit(20).count < 20 && + User.where(admin: true).human_users.count == 0 - notice = - if GlobalSetting.developer_emails.blank? - "Congratulations, you installed Discourse! Unfortunately, no administrator emails were defined during setup, so finalizing the configuration may be difficult." - else - emails = GlobalSetting.developer_emails.split(",") - if emails.length > 1 - emails = emails[0..-2].join(', ') << " or #{emails[-1]} " + notice = + if GlobalSetting.developer_emails.blank? + "Congratulations, you installed Discourse! Unfortunately, no administrator emails were defined during setup, so finalizing the configuration may be difficult." else - emails = emails[0] + emails = GlobalSetting.developer_emails.split(",") + if emails.length > 1 + emails = emails[0..-2].join(', ') << " or #{emails[-1]} " + else + emails = emails[0] + end + "Congratulations, you installed Discourse! Register a new admin account with #{emails} to finalize configuration." end - "Congratulations, you installed Discourse! Register a new admin account with #{emails} to finalize configuration." - end - if notice != SiteSetting.global_notice - SiteSetting.global_notice = notice - SiteSetting.has_login_hint = true + if notice != SiteSetting.global_notice + SiteSetting.global_notice = notice + SiteSetting.has_login_hint = true + end end + rescue ActiveRecord::NoDatabaseError + # Database might not have been created end -rescue ActiveRecord::NoDatabaseError - # Database might not have been created end diff --git a/config/initializers/100-onebox_options.rb b/config/initializers/100-onebox_options.rb index d98886e2ba3..3d2e4a2f055 100644 --- a/config/initializers/100-onebox_options.rb +++ b/config/initializers/100-onebox_options.rb @@ -1,16 +1,18 @@ # frozen_string_literal: true -if Rails.env.development? && SiteSetting.port.to_i > 0 - Onebox.options = { - twitter_client: TwitterApi, - redirect_limit: 3, - user_agent: "Discourse Forum Onebox v#{Discourse::VERSION::STRING}", - allowed_ports: [80, 443, SiteSetting.port.to_i] - } -else - Onebox.options = { - twitter_client: TwitterApi, - redirect_limit: 3, - user_agent: "Discourse Forum Onebox v#{Discourse::VERSION::STRING}" - } +Rails.application.config.to_prepare do + if Rails.env.development? && SiteSetting.port.to_i > 0 + Onebox.options = { + twitter_client: TwitterApi, + redirect_limit: 3, + user_agent: "Discourse Forum Onebox v#{Discourse::VERSION::STRING}", + allowed_ports: [80, 443, SiteSetting.port.to_i] + } + else + Onebox.options = { + twitter_client: TwitterApi, + redirect_limit: 3, + user_agent: "Discourse Forum Onebox v#{Discourse::VERSION::STRING}" + } + end end diff --git a/config/initializers/100-push-notifications.rb b/config/initializers/100-push-notifications.rb index 6b16a07a8e6..4a8166c077c 100644 --- a/config/initializers/100-push-notifications.rb +++ b/config/initializers/100-push-notifications.rb @@ -2,30 +2,32 @@ return if GlobalSetting.skip_db? -require_dependency 'webpush' +Rails.application.config.to_prepare do + require 'webpush' -def generate_vapid_key? - SiteSetting.vapid_public_key.blank? || - SiteSetting.vapid_private_key.blank? || - SiteSetting.vapid_public_key_bytes.blank? || - SiteSetting.vapid_base_url != Discourse.base_url -end + def generate_vapid_key? + SiteSetting.vapid_public_key.blank? || + SiteSetting.vapid_private_key.blank? || + SiteSetting.vapid_public_key_bytes.blank? || + SiteSetting.vapid_base_url != Discourse.base_url + end -SiteSetting.vapid_base_url = Discourse.base_url if SiteSetting.vapid_base_url.blank? + SiteSetting.vapid_base_url = Discourse.base_url if SiteSetting.vapid_base_url.blank? -if generate_vapid_key? - vapid_key = Webpush.generate_key - SiteSetting.vapid_public_key = vapid_key.public_key - SiteSetting.vapid_private_key = vapid_key.private_key + if generate_vapid_key? + vapid_key = Webpush.generate_key + SiteSetting.vapid_public_key = vapid_key.public_key + SiteSetting.vapid_private_key = vapid_key.private_key - SiteSetting.vapid_public_key_bytes = Base64.urlsafe_decode64(SiteSetting.vapid_public_key).bytes.join("|") - SiteSetting.vapid_base_url = Discourse.base_url + SiteSetting.vapid_public_key_bytes = Base64.urlsafe_decode64(SiteSetting.vapid_public_key).bytes.join("|") + SiteSetting.vapid_base_url = Discourse.base_url - if ActiveRecord::Base.connection.table_exists?(:push_subscriptions) - PushSubscription.delete_all + if ActiveRecord::Base.connection.table_exists?(:push_subscriptions) + PushSubscription.delete_all + end + end + + DiscourseEvent.on(:user_logged_out) do |user| + PushNotificationPusher.clear_subscriptions(user) end end - -DiscourseEvent.on(:user_logged_out) do |user| - PushNotificationPusher.clear_subscriptions(user) -end diff --git a/config/initializers/100-session_store.rb b/config/initializers/100-session_store.rb index 1827f6e552a..b2ce5d47b46 100644 --- a/config/initializers/100-session_store.rb +++ b/config/initializers/100-session_store.rb @@ -1,21 +1,21 @@ # frozen_string_literal: true # Be sure to restart your server when you modify this file. -# -require_dependency 'discourse_cookie_store' -if Rails.env == "development" && SiteSetting.force_https - STDERR.puts - STDERR.puts "WARNING: force_https is enabled in dev" - STDERR.puts "It is very unlikely you are running HTTPS in dev." - STDERR.puts "Without HTTPS your session cookie will not work" - STDERR.puts "Try: bin/rails c" - STDERR.puts "SiteSetting.force_https = false" - STDERR.puts -end - -Discourse::Application.config.session_store( +Rails.application.config.session_store( :discourse_cookie_store, key: '_forum_session', path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root ) + +Rails.application.config.to_prepare do + if Rails.env.development? && SiteSetting.force_https + STDERR.puts + STDERR.puts "WARNING: force_https is enabled in dev" + STDERR.puts "It is very unlikely you are running HTTPS in dev." + STDERR.puts "Without HTTPS your session cookie will not work" + STDERR.puts "Try: bin/rails c" + STDERR.puts "SiteSetting.force_https = false" + STDERR.puts + end +end diff --git a/config/initializers/101-lograge.rb b/config/initializers/101-lograge.rb index bcbcc4c2a21..311c64c7533 100644 --- a/config/initializers/101-lograge.rb +++ b/config/initializers/101-lograge.rb @@ -1,117 +1,119 @@ # frozen_string_literal: true -if (Rails.env.production? && SiteSetting.logging_provider == 'lograge') || (ENV["ENABLE_LOGRAGE"] == "1") - require 'lograge' +Rails.application.config.to_prepare do + if (Rails.env.production? && SiteSetting.logging_provider == 'lograge') || (ENV["ENABLE_LOGRAGE"] == "1") + require 'lograge' - if Rails.configuration.multisite - Rails.logger.formatter = ActiveSupport::Logger::SimpleFormatter.new - end + if Rails.configuration.multisite + Rails.logger.formatter = ActiveSupport::Logger::SimpleFormatter.new + end - Rails.application.configure do - config.lograge.enabled = true + Rails.application.configure do + config.lograge.enabled = true - Lograge.ignore(lambda do |event| - # this is our hijack magic status, - # no point logging this cause we log again - # direct from hijack - event.payload[:status] == 418 - end) + Lograge.ignore(lambda do |event| + # this is our hijack magic status, + # no point logging this cause we log again + # direct from hijack + event.payload[:status] == 418 + end) - config.lograge.custom_payload do |controller| - begin - username = - begin - if controller.respond_to?(:current_user) - controller.current_user&.username + config.lograge.custom_payload do |controller| + begin + username = + begin + if controller.respond_to?(:current_user) + controller.current_user&.username + end + rescue Discourse::InvalidAccess, Discourse::ReadOnly, ActiveRecord::ReadOnlyError + nil end - rescue Discourse::InvalidAccess, Discourse::ReadOnly, ActiveRecord::ReadOnlyError - nil - end - ip = - begin - controller.request.remote_ip - rescue ActionDispatch::RemoteIp::IpSpoofAttackError - nil - end + ip = + begin + controller.request.remote_ip + rescue ActionDispatch::RemoteIp::IpSpoofAttackError + nil + end - { - ip: ip, - username: username - } - rescue => e - Rails.logger.warn("Failed to append custom payload: #{e.message}\n#{e.backtrace.join("\n")}") - {} + { + ip: ip, + username: username + } + rescue => e + Rails.logger.warn("Failed to append custom payload: #{e.message}\n#{e.backtrace.join("\n")}") + {} + end end - end - config.lograge.custom_options = lambda do |event| - begin - exceptions = %w(controller action format id) + config.lograge.custom_options = lambda do |event| + begin + exceptions = %w(controller action format id) - params = event.payload[:params].except(*exceptions) + params = event.payload[:params].except(*exceptions) - if (file = params[:file]) && file.respond_to?(:headers) - params[:file] = file.headers + if (file = params[:file]) && file.respond_to?(:headers) + params[:file] = file.headers + end + + if (files = params[:files]) && files.respond_to?(:map) + params[:files] = files.map do |f| + f.respond_to?(:headers) ? f.headers : f + end + end + + output = { + params: params.to_query, + database: RailsMultisite::ConnectionManagement.current_db, + } + + if data = (Thread.current[:_method_profiler] || event.payload[:timings]) + sql = data[:sql] + + if sql + output[:db] = sql[:duration] * 1000 + output[:db_calls] = sql[:calls] + end + + redis = data[:redis] + + if redis + output[:redis] = redis[:duration] * 1000 + output[:redis_calls] = redis[:calls] + end + + net = data[:net] + + if net + output[:net] = net[:duration] * 1000 + output[:net_calls] = net[:calls] + end + end + + output + rescue RateLimiter::LimitExceeded + # no idea who this is, but they are limited + {} + rescue => e + Rails.logger.warn("Failed to append custom options: #{e.message}\n#{e.backtrace.join("\n")}") + {} end - - if (files = params[:files]) && files.respond_to?(:map) - params[:files] = files.map do |f| - f.respond_to?(:headers) ? f.headers : f - end - end - - output = { - params: params.to_query, - database: RailsMultisite::ConnectionManagement.current_db, - } - - if data = (Thread.current[:_method_profiler] || event.payload[:timings]) - sql = data[:sql] - - if sql - output[:db] = sql[:duration] * 1000 - output[:db_calls] = sql[:calls] - end - - redis = data[:redis] - - if redis - output[:redis] = redis[:duration] * 1000 - output[:redis_calls] = redis[:calls] - end - - net = data[:net] - - if net - output[:net] = net[:duration] * 1000 - output[:net_calls] = net[:calls] - end - end - - output - rescue RateLimiter::LimitExceeded - # no idea who this is, but they are limited - {} - rescue => e - Rails.logger.warn("Failed to append custom options: #{e.message}\n#{e.backtrace.join("\n")}") - {} end - end - if ENV["LOGSTASH_URI"] - config.lograge.formatter = Lograge::Formatters::Logstash.new + if ENV["LOGSTASH_URI"] + config.lograge.formatter = Lograge::Formatters::Logstash.new - require 'discourse_logstash_logger' + require 'discourse_logstash_logger' - config.lograge.logger = DiscourseLogstashLogger.logger( - uri: ENV['LOGSTASH_URI'], type: :rails - ) + config.lograge.logger = DiscourseLogstashLogger.logger( + uri: ENV['LOGSTASH_URI'], type: :rails + ) - # Remove ActiveSupport::Logger from the chain and replace with Lograge's - # logger - Rails.logger.chained.pop - Rails.logger.chain(config.lograge.logger) + # Remove ActiveSupport::Logger from the chain and replace with Lograge's + # logger + Rails.logger.chained.pop + Rails.logger.chain(config.lograge.logger) + end end end end diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb new file mode 100644 index 00000000000..306dd044ab0 --- /dev/null +++ b/config/initializers/assets.rb @@ -0,0 +1,99 @@ +# frozen_string_literal: true + +# Be sure to restart your server when you modify this file. + +# Enable the asset pipeline +Rails.application.config.assets.enabled = true + +# Version of your assets, change this if you want to expire all your assets. +Rails.application.config.assets.version = "1.2.5" + +# Add additional assets to the asset load path. +Rails.application.config.assets.paths << "#{Rails.root}/config/locales" +Rails.application.config.assets.paths << "#{Rails.root}/public/javascripts" + +# Precompile additional assets. +# application.js, application.css, and all non-JS/CSS in the app/assets +# folder are already added. + +# explicitly precompile any images in plugins ( /assets/images ) path +Rails.application.config.assets.precompile += [lambda do |filename, path| + path =~ /assets\/images/ && !%w(.js .css).include?(File.extname(filename)) +end] + +Rails.application.config.assets.precompile += %w{ + vendor.js + admin.js + browser-detect.js + browser-update.js + break_string.js + ember_jquery.js + pretty-text-bundle.js + wizard-application.js + wizard-vendor.js + markdown-it-bundle.js + service-worker.js + google-tag-manager.js + google-universal-analytics-v3.js + google-universal-analytics-v4.js + start-discourse.js + print-page.js + omniauth-complete.js + activate-account.js + auto-redirect.js + wizard-start.js + locales/i18n.js + discourse/app/lib/webauthn.js + confirm-new-email/confirm-new-email.js + confirm-new-email/bootstrap.js + onpopstate-handler.js + embed-application.js + discourse/tests/active-plugins.js + admin-plugins.js + discourse/tests/test_starter.js + } + +if EmberCli.enabled? + Rails.application.config.assets.precompile += %w{ + discourse.js + test-support.js + test-helpers.js + scripts/discourse-test-listen-boot + scripts/discourse-boot + } +else + Rails.application.config.assets.precompile += %w{ + application.js + discourse/tests/test-support-rails.js + discourse/tests/test-helpers-rails.js + vendor-theme-tests.js + } +end + +# Precompile all available locales +unless GlobalSetting.try(:omit_base_locales) + Dir.glob("#{Rails.root}/app/assets/javascripts/locales/*.js.erb").each do |file| + Rails.application.config.assets.precompile << "locales/#{file.match(/([a-z_A-Z]+\.js)\.erb$/)[1]}" + end +end + +# out of the box sprockets 3 grabs loose files that are hanging in assets, +# the exclusion list does not include hbs so you double compile all this stuff +Rails.application.config.assets.precompile.delete(Sprockets::Railtie::LOOSE_APP_ASSETS) + +# We don't want application from node_modules, only from the root +Rails.application.config.assets.precompile.delete(/(?:\/|\\|\A)application\.(css|js)$/) +Rails.application.config.assets.precompile += ['application.js'] + +start_path = ::Rails.root.join("app/assets").to_s +exclude = ['.es6', '.hbs', '.hbr', '.js', '.css', '.lock', '.json', '.log', '.html', ''] +Rails.application.config.assets.precompile << lambda do |logical_path, filename| + filename.start_with?(start_path) && + !filename.include?("/node_modules/") && + !filename.include?("/dist/") && + !exclude.include?(File.extname(logical_path)) +end + +Discourse.find_plugin_js_assets(include_disabled: true).each do |file| + Rails.application.config.assets.precompile << "#{file}.js" +end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb new file mode 100644 index 00000000000..af4c108bf6e --- /dev/null +++ b/config/initializers/filter_parameter_logging.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +# Be sure to restart your server when you modify this file. + +# Configure sensitive parameters which will be filtered from the log file. +Rails.application.config.filter_parameters += [ + :password, + :pop3_polling_password, + :api_key, + :s3_secret_access_key, + :twitter_consumer_secret, + :facebook_app_secret, + :github_client_secret, + :second_factor_token, +] diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb new file mode 100644 index 00000000000..69f37343efa --- /dev/null +++ b/config/initializers/new_framework_defaults_7_0.rb @@ -0,0 +1,106 @@ +# frozen_string_literal: true + +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 7.0 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `7.0`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +# `button_to` view helper will render `