Commit Graph

44776 Commits

Author SHA1 Message Date
dependabot[bot] 0650b25563
Build(deps): Bump rails_failover from 0.7.3 to 0.8.1 (#15962)
Bumps [rails_failover](https://github.com/discourse/rails_failover) from 0.7.3 to 0.8.1.
- [Release notes](https://github.com/discourse/rails_failover/releases)
- [Changelog](https://github.com/discourse/rails_failover/blob/main/CHANGELOG.md)
- [Commits](https://github.com/discourse/rails_failover/compare/v0.7.3...v0.8.1)

---
updated-dependencies:
- dependency-name: rails_failover
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 22:37:19 +01:00
dependabot[bot] 6c220c18c1
Build(deps): Bump rack-protection from 2.1.0 to 2.2.0 (#15961)
Bumps [rack-protection](https://github.com/sinatra/sinatra) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/sinatra/sinatra/releases)
- [Changelog](https://github.com/sinatra/sinatra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sinatra/sinatra/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: rack-protection
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 22:31:50 +01:00
dependabot[bot] 4a701cf79e
Build(deps): Bump msgpack from 1.4.4 to 1.4.5 (#15960)
Bumps [msgpack](https://github.com/msgpack/msgpack-ruby) from 1.4.4 to 1.4.5.
- [Release notes](https://github.com/msgpack/msgpack-ruby/releases)
- [Changelog](https://github.com/msgpack/msgpack-ruby/blob/master/ChangeLog)
- [Commits](https://github.com/msgpack/msgpack-ruby/compare/v1.4.4...v1.4.5)

---
updated-dependencies:
- dependency-name: msgpack
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 22:30:48 +01:00
Bianca Nenciu 6b393d62c6
DEV: Update lefthook (#15911)
This version includes binaries for ARM64 used for Apple's M1.
2022-02-15 19:57:13 +02:00
David Taylor 94a47d037f
PERF: Reduce number of EXPIRE calls from CachedCounting (#15958)
Previously we were calling `EXPIRE` every time we incremented a given key. Instead, we can call EXPIRE once when the key is first populated. A LUA script is used to make this as efficient as possible.

Consumers of this Concern use daily keys. Since we're now calling EXPIRE only at the beginning of the day, rather than throughout the day, the expire time has been increased from 3 to 4 days.
2022-02-15 16:55:21 +00:00
David Taylor 11c93342dc
DEV: Consolidate Redis evalsha logic into DiscourseRedis::EvalHelper (#15957) 2022-02-15 16:06:12 +00:00
Dan Ungureanu dd5373cc4c
FIX: Do not increase invite count for current user (#15952)
The current user could redeem an invite created by themselves.
2022-02-15 17:35:58 +02:00
Rafael dos Santos Silva d83da596be
FIX: Redis may not be availiable on Redis initializer (#15955) 2022-02-15 15:25:22 +00:00
Mark VanLandingham 2644813c99
FIX: Tag show - hide no topics footer until there are no topics (#15756) 2022-02-15 08:45:55 -06:00
Discourse Translator Bot 12423b56cb
Update translations (#15928) 2022-02-15 15:10:10 +01:00
Rafael dos Santos Silva 4d3da70bc6
PERF: Use Redis `SET EX GET` instead of LUA script for counting (#15939)
This will prevent Discourse from booting on Redis < 6.2.0
2022-02-15 10:36:07 -03:00
David Taylor a48231041b
DEV: Update Discord API domain (#15953)
`discordapp.com` is being deprecated in favour of `discord.com`: https://github.com/discord/discord-api-docs/discussions/4510
2022-02-15 10:25:42 +00:00
Martin Brennan 4086ee551e
DEV: Add bounce_error_code to EmailLog (#15948)
Whenever we got a bounced email in the Email::Receiver we
previously would just set bounced: true on the EmailLog and
discard the status/diagnostic code. This commit changes this
flow to store the bounce error code (defined in the RFC at
https://www.iana.org/assignments/smtp-enhanced-status-codes/smtp-enhanced-status-codes.xhtml)
not just in the Email::Receiver, but also via webhook events
from other mail services and from SNS.

This commit does not surface the bounce error in the UI,
we can do that later if necessary.
2022-02-15 14:17:26 +10:00
dependabot[bot] a0c65e91d9
Build(deps): Bump i18n from 1.9.1 to 1.10.0 (#15947)
Bumps [i18n](https://github.com/ruby-i18n/i18n) from 1.9.1 to 1.10.0.
- [Release notes](https://github.com/ruby-i18n/i18n/releases)
- [Changelog](https://github.com/ruby-i18n/i18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ruby-i18n/i18n/compare/v1.9.1...v1.10.0)

---
updated-dependencies:
- dependency-name: i18n
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 02:01:51 +01:00
Martin Brennan ad9e791ba7
FIX: Post migration to fix custom emojis with secure URL (#15944)
Follow up to 88a8584348. Sets
the baked version of all posts with custom emoji and a secure
media URL in the cooked content to 0. Then our periodic rebake
posts job will rebake them to apply the fix in the linked
commit. This only matters on sites with secure media enabled.
2022-02-15 10:37:16 +10:00
dependabot[bot] 16b1fcd95e
Build(deps): Bump simplecov_json_formatter from 0.1.3 to 0.1.4 (#15946)
Bumps [simplecov_json_formatter](https://github.com/fede-moya/simplecov_json_formatter) from 0.1.3 to 0.1.4.
- [Release notes](https://github.com/fede-moya/simplecov_json_formatter/releases)
- [Changelog](https://github.com/codeclimate-community/simplecov_json_formatter/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fede-moya/simplecov_json_formatter/commits)

---
updated-dependencies:
- dependency-name: simplecov_json_formatter
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 01:33:24 +01:00
dependabot[bot] e2bca42ca0
Build(deps): Bump jmespath from 1.5.0 to 1.6.0 (#15943)
Bumps [jmespath](https://github.com/trevorrowe/jmespath.rb) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/trevorrowe/jmespath.rb/releases)
- [Changelog](https://github.com/jmespath/jmespath.rb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/trevorrowe/jmespath.rb/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: jmespath
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 01:01:56 +01:00
David Taylor ebb5c1ff4d
DEV: Prefix deprecation notices with plugin name (#15942)
To make this possible in development mode, the `sourceURL=` implementation needs to include something plugin-specific. This has no effect on production.

The asset version is bumped in order to trigger a re-compilation of plugin JS assets.
2022-02-14 20:13:52 +00:00
dependabot[bot] 4be0e86f1e
Build(deps): Bump pg from 1.3.1 to 1.3.2 (#15941)
Bumps [pg](https://github.com/ged/ruby-pg) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/compare/v1.3.1...v1.3.2)

---
updated-dependencies:
- dependency-name: pg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-14 21:12:52 +01:00
David Taylor b8526c6d75
DEV: Ensure stylesheet sourcemap URLs include __ws hostname param (#15934)
Without this parameter, requests for sourcemaps on shared-CDN multisites will not be routed to the correct database, resulting in a 404.

The stylesheet content now depends on the site hostname, so the hostname has been added to the digest.
2022-02-14 19:53:39 +00:00
David Taylor 3405f66b7e
UX: Improve default_code_lang copy (#15940)
Co-authored-by: Dax74 <Dax74@users.noreply.github.com>
2022-02-14 19:16:09 +00:00
dependabot[bot] 22f066832b
Build(deps): Bump loofah from 2.13.0 to 2.14.0 (#15926)
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.13.0 to 2.14.0.
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.13.0...v2.14.0)

---
updated-dependencies:
- dependency-name: loofah
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-14 19:57:38 +01:00
dependabot[bot] 506cfd2fdd
Build(deps): Bump rubocop-ast from 1.15.1 to 1.15.2 (#15925)
Bumps [rubocop-ast](https://github.com/rubocop/rubocop-ast) from 1.15.1 to 1.15.2.
- [Release notes](https://github.com/rubocop/rubocop-ast/releases)
- [Changelog](https://github.com/rubocop/rubocop-ast/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-ast/compare/v1.15.1...v1.15.2)

---
updated-dependencies:
- dependency-name: rubocop-ast
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-14 19:54:21 +01:00
dependabot[bot] a06dafba78
Build(deps): Bump rqrcode from 2.1.0 to 2.1.1 (#15924)
Bumps [rqrcode](https://github.com/whomwah/rqrcode) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/whomwah/rqrcode/releases)
- [Changelog](https://github.com/whomwah/rqrcode/blob/master/CHANGELOG.md)
- [Commits](https://github.com/whomwah/rqrcode/compare/v2.1.0...v2.1.1)

---
updated-dependencies:
- dependency-name: rqrcode
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-14 19:54:06 +01:00
dependabot[bot] cb626adc9f
Build(deps): Bump regexp_parser from 2.2.0 to 2.2.1 (#15923)
Bumps [regexp_parser](https://github.com/ammar/regexp_parser) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/ammar/regexp_parser/releases)
- [Changelog](https://github.com/ammar/regexp_parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ammar/regexp_parser/compare/v2.2.0...v2.2.1)

---
updated-dependencies:
- dependency-name: regexp_parser
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-14 19:53:17 +01:00
dependabot[bot] c99f3819e2
Build(deps): Bump puma from 5.6.1 to 5.6.2 (#15922)
Bumps [puma](https://github.com/puma/puma) from 5.6.1 to 5.6.2.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v5.6.1...v5.6.2)

---
updated-dependencies:
- dependency-name: puma
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-14 19:52:38 +01:00
janzenisaac ee050e5063
DEV: Make user card non-clickable for anon users: (#15938)
Make name / avatar non-clickable for anon users
2022-02-14 11:25:41 -06:00
Gerhard Schlager 33d6ed60a4
DEV: Don't import year of birth (#15937)
The cakeday plugin doesn't use the year.
2022-02-14 18:10:35 +01:00
David Taylor f078d1ab0a
FIX: Update application_helper logic now that Ember CLI is default (#15935)
Followup to a01b1dd648
2022-02-14 13:48:18 +00:00
Osama Sayegh 7ed899fed9
FIX: Ensure theme JavaScript cache get consistent SHA1 digest (#15933)
There is a couple of layers of caching for theme JavaScript in Discourse:

The first layer is the `javascript_caches` table in the database. When a theme
with JavaScript files is installed, Discourse stores each one of the JavaScript
files in the `theme_fields` table, and then concatenates the files, compiles
them, computes a SHA1 digest of the compiled JavaScript and store the results
along with the SHA1 digest in the `javascript_caches` table.

Now when a request comes in, we need to render `<script>` tags for the
activated theme(s) of the site. To do this, we retrieve the `javascript_caches`
records of the activated themes and generate a `<script>` tag for each record.
The `src` attribute of these tags is a path to the `/theme-javascripts/:digest`
route which simply responds with the compiled JavaScript that has the requested
digest.

The second layer is a distributed cache whose purpose is to make rendering
`<script>` a lot more efficient. Without this cache, we'd have to query the
`javascript_caches` table to retrieve the SHA1 digests for every single
request. So we use this cache to store the `<script>` tags themselves so that
we only have to retrieve the `javascript_caches` records of the activated
themes for the first request and future requests simply get the cached
`<script>` tags.

What this commit does it ensures that the SHA1 digest in the
`javascript_caches` table stay the same across compilations by adding an order
by id clause to the query that loads the `theme_fields` records. Currently, we
specify no order when retrieving the `theme_fields` records so the order in
which they're retrieved can change across compilations and therefore cause the
SHA1 to change even though the individual records have not changed at all.

An inconsistent SHA1 digest across compilations can cause the database cache
and the distributed cache to have different digests and that causes the
JavaScript to fail to load (and if the theme heavily customizes the site, it
gives the impression that the site is broken) until the cache is cleared.

This can happen in busy sites when 2 concurrent requests recompile the
JavaScript files of a theme at the same time (this can happen when deploying a
new Discourse version) and request A updates the database cache after request B
did, and request B updates the distributed cache after request A did.

Internal ticket: t60783.

Co-authored-by: David Taylor <david@taylorhq.com>
2022-02-14 16:23:06 +03:00
David Taylor 07893779df
DEV: Correct service-worker sourceMappingURL (#15916)
We serve `service-worker.js` in an unusual way, which means that the sourcemap is not available on an adjacent path. This means that the browser fails to fetch the map, and shows an error in the console.

This commit re-writes the source map reference in the static_controller to be an absolute link to the asset (including the appropriate CDN, if enabled), and adds a spec for the behavior.

It's important to do this at runtime, rather than JS precompile time, so that changes to CDN configuration do not require re-compilation to take effect.
2022-02-14 12:47:56 +00:00
David Taylor 6ab4d26d84
PERF: Terminate `rake` process during `ember build` (#15920)
The `assets:precompile` rake task loads the full Ruby app, which can consume around 500mb of RAM by itself. Using `exec` to run `ember build` allows us to free up the Ruby memory and make more space for `ember build`
2022-02-14 11:49:46 +00:00
Dan Ungureanu efb584e32f
FEATURE: Use new topic-chooser for invite modal (#15884)
The old choose-topic component did not have the same style as the rest
of the create invite modal and was not very suitable to use in the modal
because it introduced the search results in modal's body.

The new topic-chooser is built using select-kit and provides a more
polished user experience.
2022-02-14 13:43:52 +02:00
David Taylor a01b1dd648
PERF: Update ember-auto-import and webpack (#15919)
This makes a small improvement to 'cold cache' ember-cli build times, and a large improvement to 'warm cache' build times

The ember-auto-import update means that vendor is now split into multiple files for efficiency. These are named `chunk.*`, and should be included immediately after the `vendor.js` file. This commit also updates the rails app to render script tags for these chunks.

This change was previously merged, and caused memory-related errors on RAM-constrained machines. This was because Webpack 5 switches from multiple worker processes to a single multi-threaded process. This meant that it was hitting node's default heap size limit (~500mb on a 1GB RAM server). Discourse's standard install procedure recommends adding 2GB swap to 1GB-RAM machines, so we can afford to override's Node's default via the `--max-old-space-size` flag.
2022-02-14 11:21:39 +00:00
David Taylor c4e34047a1 DEV: Prefix deprecation notices and api warnings with theme name/id 2022-02-14 10:11:19 +00:00
David Taylor af24c10314 DEV: Improve theme error handling UX
- Update UI to improve contrast
- Make it clear that the message is only shown to administrators
- Add theme name and id to the console output
- Parse the error backtrace to identify the theme-id for post-decoration errors
- Improve console output to include the theme name / URL
- Add `?safe_mode=no_custom` to the admin panel link, so that it will work even if the theme is causing the site to break
2022-02-14 10:11:19 +00:00
Martin Brennan 4b4f2330da
DEV: Expand UploadMarkdown generation capabilities (#15930)
The chat quoting mechanism will need to be able to generate
markdown for all kinds of uploads. The UploadMarkdown class
was missing generation for video and audio uploads. This
commit adds that in, and also expands the server-side regex
recognition of FileHelper types to match those in uploads.js,
and adds a spec for UploadMarkdown
2022-02-14 15:48:27 +10:00
Krzysztof Kotlarek fbf0345512
Version bump to v2.9.0.beta2 (#15932) 2022-02-14 16:23:19 +11:00
Martin Brennan 88a8584348
FIX: Cooking custom emojis should not use a secure URL (#15929)
When a site has secure media enabled and a post is with secure
media, we were incorrectly cooking custom emoji URLs and using the
secure URL for those emojis, even though they should not be
considered secure (their corresponding upload records in the
database are _not_ secure). Now instead of the blanket
post.with_secure_media? boolean for the secure: param, we also
want to make sure the image whose URL is being cooked is also
_not_ a custom emoji.
2022-02-14 13:02:42 +10:00
Krzysztof Kotlarek a34075d205
SECURITY: Onebox response timeout and size limit (#15927)
Validation to ensure that Onebox request is no longer than 10 seconds and response size is not bigger than 1 MB
2022-02-14 12:11:09 +11:00
Kris 55007fbf55
UX: crawler view always shows 0 votes, hide count (#15903) 2022-02-11 16:38:10 -05:00
David Taylor 8025768fd2
DEV: Embed source content in JS sourcemaps (#15914)
This removes the need for a further request for the 'original' source file, and brings our custom terser arguments in line with the ember-cli defaults
2022-02-11 20:38:53 +00:00
Gerhard Schlager 6a41ec179c
FIX: Default settings for phpBB3 import were broken (#15913) 2022-02-11 18:18:54 +01:00
David Taylor a54a06fc41
DEV: Connect pretty-text console to the Rails logger (#15909)
This will allow pretty text deprecations / errors / warnings to appear in the Rails logs, rather than disappearing silently.

(implementation adapted from `discourse_js_processor.rb`)
2022-02-11 17:16:27 +00:00
Régis Hanol 0cda57f236
I18N: improve 'here_mention' site setting's description (#15912)
Inspired by [this suggestion](https://meta.discourse.org/t/what-is-a-here-mention/217878/3) from G Ann Campbell

> I suppose the description of the “here mention” field could be improved to something like:
> "Name used for @here mention to allow a privileged user to notify up to 10 people participating in the thread. Must not…"
2022-02-11 16:21:41 +01:00
Bianca Nenciu 694205cc0c
DEV: Add include_all_pms option to TopicQuery (#15742)
This is intended for use by plugins which are building their own
topic lists, and want to include PMs alongside regular topics (e.g.
discourse-assign). It does not get used directly in core.
2022-02-11 14:46:23 +02:00
David Taylor 3acc54c218
UX: Add whos-online to official plugin list (#15910) 2022-02-11 12:00:24 +00:00
dependabot[bot] 078fc2bbec
Build(deps-dev): Bump rswag-specs from 2.5.0 to 2.5.1 (#15898)
Bumps [rswag-specs](https://github.com/rswag/rswag) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/rswag/rswag/releases)
- [Changelog](https://github.com/rswag/rswag/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rswag/rswag/compare/2.5.0...2.5.1)

---
updated-dependencies:
- dependency-name: rswag-specs
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-11 11:50:39 +01:00
Alan Guo Xiang Tan 1d6a45d1f9
DEV: Bump Theme::BASE_COMPILER_VERSION. (#15906)
In 8e5b945b0f, we reverted the commit but
at the same time resulted in Theme::BASE_COMPILER_VERSION going
backwards which caused problems with themes caching.

This commit bumps the version to clear all the caches.

Follow-up to 8e5b945b0f
2022-02-11 17:33:04 +11:00
Osama Sayegh 1fc3cf0569
DEV: Make DiscourseRedis#del support deleting multiple keys (#15905)
Redis supports deleting multiple keys at once using the `del` command and so does the `redis` gem: 21ec1dec06/lib/redis/commands/keys.rb (L188-L193). However, our wrapper around the `del` method currently accepts only one argument and expects it to be a string so it's impossible to delete multiple keys at once.

This PR changes the signature of the `DiscourseRedis#del` method so it accepts any number of arguments and makes sure all keys are properly namespaced before calling the `del` implementation of the `redis` gem.
2022-02-11 08:09:32 +03:00