Commit Graph

43539 Commits

Author SHA1 Message Date
Jarek Radosz 648332bc9f
DEV: Don't clear cache/trigger events if site setting hasn't changed (#15045) 2021-11-22 16:43:12 +01:00
Jarek Radosz d91d67a442
FEATURE: Allow theme settings to request refresh (#15037)
Similar to site settings, adds support for `refresh` option to theme settings.

```yaml
super_feature_enabled:
  type: bool
  default: false
  refresh: true
```
2021-11-22 13:16:56 +01:00
Dan Ungureanu f43c433d50
FIX: Allow invites if must_approve_users is true (#15043)
This was implemented in 36e0e6a, but then regressed when the guardian
for invites was refactored in 76a7b75.
2021-11-22 14:04:35 +02:00
Jarek Radosz 5a8e6de42c
FIX: Don't publish polls on message bus when there are no polls (#15041)
`poll` plugin was publishing on `/polls/[topic_id]` every time a non-first post was created. I can't imagine this being needed. It regressed 3 years ago in https://github.com/discourse/discourse/pull/6359
2021-11-22 12:31:53 +01:00
Martin Brennan 8a3ab1cc43
DEV: Fix spec (#15036)
Broken by 9f8ee8f137
2021-11-22 15:59:10 +11:00
Martin Brennan 9f8ee8f137
FIX: Don't publish notifications to MessageBus for inactive users (#15035)
We are pushing /notification-alert/#{user_id} and /notification/#{user_id}
messages to MessageBus from both PostAlerter and User#publish_notification_state.
This can cause memory issues on large sites with many users. This commit
stems the bleeding by only sending these alert messages if the user
in question has been seen in the last 30 days, which eliminates a large
chunk of users on some sites.
2021-11-22 14:38:49 +11:00
Natalie Tay 9015183942
Always show input when editing text by removing hover (#15034) 2021-11-22 10:23:42 +08:00
Martin Brennan df6003aef5
DEV: Lint SCSS with prettier in pre-commit (#15033)
We are linting SCSS on the GitHub actions CI but not
on pre-commit, which can lead to lint failures in CI.
Better to warn developers about this locally like
our other lints.
2021-11-22 11:30:12 +10:00
Natalie Tay d46e450733
Refine dismiss notification confirmation (#15017) 2021-11-22 09:11:24 +08:00
Martin Brennan fa6b87a1bf
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032)
When rendering the markdown code blocks we replace the
offending characters in the output string with spans highlighting a textual
representation of the character, along with a title attribute with
information about why the character was highlighted.

The list of characters stripped by this fix, which are the bidirectional
characters considered relevant, are:

U+202A
U+202B
U+202C
U+202D
U+202E
U+2066
U+2067
U+2068
U+2069
2021-11-22 10:43:03 +10:00
Penar Musaraj 10a57825c8
UX: Fix fast edit save button color in dark schemes (#15027) 2021-11-19 16:15:10 -05:00
Mark VanLandingham a9d5921901
FIX: Allow poll feature to be disabled in discourse-markdown (#15025) 2021-11-19 15:10:47 -06:00
jbrw 97b27a7426
FIX: Remove 'Open Draft' label after topic draft deleted (#14997)
* FIX: Remove 'Open Draft' label after topic draft deleted
2021-11-19 11:00:11 -05:00
David Taylor e906596942
FIX: Ensure mobile topic-list links are treated as Ember transitions (#15022)
In the topic lists, it's important that we apply `pointer-events: none;` to the links. 0e371d4 updated the selector used for this css.

In `templates/list/topic-list-item.hbs`, `.main-link` is applied to the same element as `.topic-list-data`, so the new selector applied correctly.

In `templates/mobile/list/topic-list-item.hbr`, `.main-link` is nested within `.topic-list-data`, so the new selector did not apply correctly.

This commit switches the selector back to simply `.main-link`, so that it works for both mobile and desktop.
2021-11-19 13:47:53 +00:00
Andrei Prigorshnev b0d8d9e73d
FIX: infinite recursion when calling a refresh() action on routes (#14624) 2021-11-19 16:23:46 +04:00
David Taylor 2153011cdb
PERF: Use more efficient text-direction check in select-kit init (#15015)
Calling `window.getComputedStyle` during initialization causes the browser to pause and 'Recalculate Style'. On my machine, this adds about 7ms to boot time. Instead, we can check for the `rtl` class on the html element, which is added by the server, and doesn't require computing styles.
2021-11-19 10:17:23 +00:00
Alan Guo Xiang Tan 1566cd2048
DEV: Return promise for toggleFilteredRepliesView widget action. (#15020)
This allows plugin to wait on the promise when the widget action is
called.
2021-11-19 15:40:35 +08:00
Alan Guo Xiang Tan 4b4973ee0d
PERF: Reduce records queried in `UserStat.update_first_unread_pm`. (#15016)
The inefficiency here is that we were previously fetching all the
records from `TopicAllowedUser` before filtering against a limited subset of
users based on `User#last_seen_at`.
2021-11-19 15:30:39 +11:00
Natalie Tay da9a9a8e65
FIX: Add a confirm and cancel button when editing alt text (#15003) 2021-11-19 10:57:09 +08:00
Alan Guo Xiang Tan 1d0faedfbc
FIX: Validate number of votes allowed per poll per user. (#15001)
* DEV: Remove spec that we no longer need.

As far as we know, the migration has been successful for a number of
years.

* FIX: Validate number of votes allowed per poll per user.
2021-11-19 09:50:08 +08:00
David Taylor 254689b1fb
DEV: Remove JQuery from discourse/lib/text-direction (#15014) 2021-11-19 01:09:36 +00:00
jbrw 9955f1774d
UX: Move share topic warning to modal flash alert (#15012) 2021-11-18 19:24:15 -05:00
Jarek Radosz e6670393df
DEV: Refactor `logs-notice`/`global-notice` (#15000) 2021-11-18 21:49:58 +01:00
Robin Ward 2c045c6368 FIX: Don't overwrite computed property for loading spinner fix
This fixes an issue CvX found on PR #14666 where a previous fix
overwrote a computed property.

The better fix (as is often the case with Ember) is to remove an
observer and call methods when things change ourselves.
2021-11-18 15:04:11 -05:00
Jordan Vidrine 9ebfcbb867
FIX: Topic list separator fix (#15011) 2021-11-18 13:32:44 -06:00
Dan Ungureanu 6ae065f9cd
Improved create invite modal (#14151)
* FEATURE: Always show advanced invite options

The UI is more simple and more efficient than how it was when the
advanced options toggle was introduced. It does not make sense to keep
it anymore.

* UX: Minor copy edits

* UX: Merge expire invite controls

There were two controls in the create invite modal. One was a static
text that displayed how much time is left until the invite expires. The
other one was a datetime selector that set the time the invite expires.

This commit merges the two controls in a single one: staff users will
continue to see the datetime selector without the static text and
regular users will only see the static text because they cannot set
when the invite expires.

* UX: Remove invite link

It should only be visible after the invite was created.
2021-11-18 20:19:02 +02:00
David Taylor ed2c3ebd71
PERF: Move `preload` hints to the `<head>` (#15008)
We have two JS assets which are included in the `<body>` of responses. We were including the `<link rel='preload'` hint alongside the script tag in the body. Instead, we can move the preload hint to the `<head>` so that the browser discovers it earlier, and can start preloading the assets while the body is loading.
2021-11-18 18:02:16 +00:00
Daniel Waterworth 510219a0da
DEV: Hide message bus site settings (#15009)
Admins don't need to be changing these.
2021-11-18 11:36:34 -06:00
David Taylor 135fdd59ed
PERF: Improve JS app boot speed by optimizing `customResolve()` (#14990)
Time spent in the 'find module with suffix' portion of our `customResolve` function were adding up to around 100ms-150ms when booting the app. This time is spread over 150+ calls, so it's not immediately obvious in flamegraphs.

This commit implements a (reversed) [Trie](https://en.wikipedia.org/wiki/Trie) which enables fast suffix-based lookups on a list of strings.

In my tests, this requires < 5ms to initialize, and brings the cumulative 'find module with suffix' time down to `< 5ms`. This corresponds to a ~100ms improvement in LCP metrics in my browser.

The only behavior change is to remove support for module filenames which are **not** dasherized. I haven't found any core/theme/plugin modules which are not dasherized in their filenames.
2021-11-18 16:38:00 +00:00
Jarek Radosz a102673522
DEV: Avoid unnecessary `site-settings:main` lookups (#15006) 2021-11-18 17:11:59 +01:00
Jarek Radosz 8dc9e0f4bd
DEV: Use `class` syntax in key-value-store (#15005) 2021-11-18 16:54:47 +01:00
Jarek Radosz 82c72a46d1
DEV: Fix `castInteger` deprecations (#15004) 2021-11-18 16:52:14 +01:00
Jarek Radosz 4021842628
DEV: Make `search` an actual service (#14998) 2021-11-18 16:52:03 +01:00
Jarek Radosz 42fff92d9f
DEV: Make `store` an actual service (#14996)
`store:main` was unofficially deprecated 4 years ago in fbd5f1e411 (diff-b19dd1d6a5c7938fda9ae317136bbbb82339946ab457c9b95af936a47276c3ddR22)
2021-11-18 16:51:20 +01:00
Kris 19627eca4b
DEV: add outlet for extra categories column (#15002) 2021-11-18 09:46:59 -05:00
Vinoth Kannan fc1c76cfcc
FIX: exclude moderator_action post for reply count in user summary. (#14991)
Previously, incorrect reply counts are displayed in the "top categories" section of the user summary page since we included the `moderator_action` and `small_action` post types.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2021-11-18 13:42:03 +05:30
Penar Musaraj 20f5474be9
FEATURE: Log only topic/post search queries in search log (#14994) 2021-11-18 09:21:12 +08:00
Alan Guo Xiang Tan db24c9b94e
FIX: Incorrect title and chevron when filtering by post number. (#14985)
The widget's state did not reflect the state of the controller.
2021-11-18 09:19:00 +08:00
Krzysztof Kotlarek eb82849ccb
FIX: none and all categories filter (#14999)
parentCategory is passed to drop-category componen: https://github.com/discourse/discourse/blob/main/app/assets/javascripts/discourse/app/templates/components/bread-crumbs.hbs#L11

However, it is not available if it is not explicitly allow listed in selectKitOptions
2021-11-18 10:21:34 +11:00
Martin Brennan b96c10a903
DEV: Extract shared external upload routes into controller helper (#14984)
This commit refactors the direct external upload routes (get presigned
put, complete external, create/abort/complete multipart) into a
helper which is then included in both BackupController and the
UploadController. This is done so UploadController doesn't need
strange backup logic added to it, and so each controller implementing
this helper can do their own validation/error handling nicely.

This is a follow up to e4350bb966
2021-11-18 09:17:23 +10:00
Osama Sayegh b86127ad12
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706)
Currently, Discourse rate limits all incoming requests by the IP address they
originate from regardless of the user making the request. This can be
frustrating if there are multiple users using Discourse simultaneously while
sharing the same IP address (e.g. employees in an office).

This commit implements a new feature to make Discourse apply rate limits by
user id rather than IP address for users at or higher than the configured trust
level (1 is the default).

For example, let's say a Discourse instance is configured to allow 200 requests
per minute per IP address, and we have 10 users at trust level 4 using
Discourse simultaneously from the same IP address. Before this feature, the 10
users could only make a total of 200 requests per minute before they got rate
limited. But with the new feature, each user is allowed to make 200 requests
per minute because the rate limits are applied on user id rather than the IP
address.

The minimum trust level for applying user-id-based rate limits can be
configured by the `skip_per_ip_rate_limit_trust_level` global setting. The
default is 1, but it can be changed by either adding the
`DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the
desired value to your `app.yml`, or changing the setting's value in the
`discourse.conf` file.

Requests made with API keys are still rate limited by IP address and the
relevant global settings that control API keys rate limits.

Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters
string that Discourse used to lookup the current user from the database and the
cookie contained no additional information about the user. However, we had to
change the cookie content in this commit so we could identify the user from the
cookie without making a database query before the rate limits logic and avoid
introducing a bottleneck on busy sites.

Besides the 32 characters auth token, the cookie now includes the user id,
trust level and the cookie's generation date, and we encrypt/sign the cookie to
prevent tampering.

Internal ticket number: t54739.
2021-11-17 23:27:30 +03:00
Jarek Radosz 9be69b603c
DEV: Make `screen-track` a regular service (#14983) 2021-11-17 20:56:06 +01:00
Jarek Radosz 05423e9dfd
DEV: `I18n` global is no longer supported (#14993)
Don't allow it when linting.
2021-11-17 20:52:22 +01:00
Bianca Nenciu 186379adac
FIX: Cache all watched words (#14992)
It used to cache up to 1000 words, but the maximum number of watched
word is 2000.
2021-11-17 18:59:44 +02:00
Jarek Radosz bf34d3524b
DEV: Fix a `userFields` computed property override (#14988)
in `preferences/profile` controller

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2021-11-17 15:02:15 +01:00
Joffrey JAFFEUX 439cd68e0d
DEV: updates popper to 2.10.2 (#14986) 2021-11-17 13:47:55 +01:00
Joffrey JAFFEUX 113ecab7a6
FIX: clear previous errors on second factor form display (#14987) 2021-11-17 13:47:38 +01:00
Vinoth Kannan a3a4f16e88
UX: add more search aliases for emojis. (#14768) 2021-11-17 11:54:43 +01:00
Krzysztof Kotlarek 9ce29ad013
FIX: register customOptions as select kit filter (#14933)
* FIX: register customOptions as select kit filter

We are allowing plugins to define custom filters which are added to CUSTOM_USER_SEARCH_OPTIONS const. However, we need to have static placeholder for custom filters, so those props will be passed, and we can use it later.

* fix
2021-11-17 17:12:19 +11:00
Bianca Nenciu cc1b45f58b
FIX: Convert URLs embedded topics to absolute form (#14975)
Sometimes the expanded post contained broken relative URLs because they
were not converted to their absolute form.
2021-11-17 16:39:49 +11:00