Commit Graph

388 Commits

Author SHA1 Message Date
Neil Lalonde 3e5f2bd1cf FIX: replace reference to Google_oauth2 with Google during signup 2016-03-29 18:08:55 -04:00
Robin Ward e407ef9d0e FIX: Also support `nil` values for the site settings 2016-03-24 11:14:17 -04:00
Robin Ward b270e0142b FIX: If site settings are missing don't do anything 2016-03-24 11:12:54 -04:00
Guo Xiang Tan 5dc5767851 FIX: Assigning wrong value to variable. 2016-03-21 15:18:31 +08:00
Guo Xiang Tan 54bdcd9b98 Update to new rate limit Redis config. 2016-03-21 14:00:50 +08:00
Régis Hanol 1c19548e30 Merge pull request from fantasticfears/omniauth-config
FIX: redirect output omniauth log to Rails logger instead of stdout
2016-03-19 18:03:16 +01:00
Erick Guan 7df33ca287 FIX: redirect output omniauth log to Rails logger instead of stdout 2016-03-19 13:17:13 +01:00
Jeff Atwood 40d6f062f7 clarify why block all mobile/tablet for miniprofiler 2016-03-15 16:54:40 -07:00
Jeff Atwood d052f1746c add support for other Nexus devices as "mobile" 2016-03-15 16:46:46 -07:00
Guo Xiang Tan 90fde5053d FIX: Load Redis patch much earlier. 2016-03-11 17:29:00 +08:00
Guo Xiang Tan c07c474575 FEATURE: Master-Slave Redis configuration with fallback and switch over. 2016-03-11 12:18:58 +08:00
Neil Lalonde b49e0e0f4a FIX: add path to cookie on subfolder installs 2016-03-07 13:40:21 -05:00
Guo Xiang Tan f32f0d6337 Merge pull request from tgxworld/add_admin_banner_for_logster
FEATURE: Admin Banner when Logster logs is getting flooded.
2016-03-02 23:44:56 +08:00
Guo Xiang Tan fdd6920ae7 FEATURE: Admin Banner when Logster logs is getting flooded. 2016-03-02 22:03:16 +08:00
Guo Xiang Tan b500f35d14 Ignore `ActionController::UnknownHttpMethod` error in logs. 2016-02-24 12:58:23 +08:00
Sam Saffron 209b022385 PERF: cut down on memory usage allowed to redis
This limits the amount of backlog message bus channels can have.
2016-02-04 13:58:38 +11:00
Régis Hanol 737c606710 FIX: 'cancel_scheduled_job' wasn't working due to sidekiq upgrade 2016-01-13 09:08:26 +01:00
Sam e451d47e84 Revert "PERF: send Content-Length from Rails on all requests"
This reverts commit ea0e238ae1.

Does not seem needed reverting
2016-01-08 11:36:32 +11:00
Sam Saffron ea0e238ae1 PERF: send Content-Length from Rails on all requests 2016-01-07 21:15:55 +11:00
Sam 77f4461c51 we need to bypass this in dev 2015-12-09 16:41:09 +11:00
Sam 65edbb609c Revert "Revert message bus upgrade"
This reverts commit 47e718f5b2.
2015-12-09 11:48:41 +11:00
Sam 47e718f5b2 Revert message bus upgrade 2015-12-09 11:45:11 +11:00
Sam d8795a5345 FIX: missing site id lookup causing message bus cross talk in multisite 2015-12-09 07:55:43 +11:00
Sam 2cc95af69b Revert "REVERT: message bus changes"
This reverts commit 4820d5c7b0.
2015-12-09 07:36:36 +11:00
Robin Ward 4820d5c7b0 REVERT: message bus changes 2015-12-08 15:32:31 -05:00
Sam c866d5b42d Revert "Revert "PERF: move message bus to the front of the middleware stack""
This reverts commit cd1dd18f01.
2015-12-08 07:11:28 +11:00
Robin Ward cd1dd18f01 Revert "PERF: move message bus to the front of the middleware stack"
I suspect this commit is preventing Sidekiq from running inprocess.
2015-12-07 14:57:23 -05:00
Sam c04bcf8655 PERF: move message bus to the front of the middleware stack
Organise all initializers so they are properly ordered and use the same naming scheme
2015-12-07 14:51:24 +11:00
Robin Ward 5e93140f85 FEATURE: Can override any translation via an admin interface 2015-11-27 11:35:19 -05:00
Robin Ward e168c5fde3 PERF: Much more performant, multisite aware I18n overrides 2015-11-19 16:36:59 -05:00
Robin Ward 1be4b6a8f5 Refresh I18n customizations on change 2015-11-17 16:15:09 -05:00
Robin Ward 3720783c1b Refactor to our own Discourse I18n backend
This removes some monkey patches and makes testing easier.
It will also support database backed I18n changes.
2015-11-13 16:35:02 -05:00
Sam 08ee367210 FIX: no keepalive tests for rake tasks, shell could be stalling threads 2015-09-29 10:17:56 +10:00
Gerhard Schlager 233bf9bc24 Always use locale fallback on server 2015-09-13 17:24:15 +02:00
Kane York 6119d9fdc0 FIX: Fallbacks for missing interpolation arguments
This takes effect when an interpolation is removed from a translation in
a Discourse update.

The I18n::Backend::Fallbacks loops with a catch(:exception), so calling
throw(:exception) will cause it to use the next locale, until it reaches
English which is assumed to be correct.

Also, enable fallbacks in everything except development ( for more
discussion) - we should be able to test this
2015-09-11 09:39:40 -07:00
Sam 25fb684565 ensure statistic collection is on 2015-09-03 12:00:19 +10:00
Sam 2c59ad3dd3 FIX: favicon update broken when favicon lived on a CDN 2015-08-25 11:54:23 +10:00
Sam d74d5c47ad FIX: admin not getting updates for topics in secure groups
(only where admin is missing explicit permissions)
2015-08-25 09:25:39 +10:00
Sam 2203a4147d add some extra diagnostics 2015-08-19 16:58:25 +10:00
Sam 82a6176b08 lower the volume on failed to pull hotlinked image
add more diagnostics
2015-08-19 12:32:45 +10:00
Sam b703af3d37 Skip 403 forbidden as well 2015-08-18 17:48:54 +10:00
Sam f1398f0650 another hotlinked image whitelist 2015-08-18 17:41:39 +10:00
Sam 45adeacd45 ignore empty script errors, line 0 gives us nothing. 2015-08-18 17:06:07 +10:00
Sam ffe06fbcb5 whitelist 404 pull hotlinked image 2015-08-18 17:06:07 +10:00
Sam f06137003b logster needs application version 2015-08-17 16:54:44 +10:00
Sam c711c06bb8 FIX: stop double reporting errors that were already reported 2015-08-14 12:51:23 +10:00
Robin Ward 9911e92e24 Merge pull request from riking/patch-7
FEATURE: Localization fallbacks
2015-07-30 10:44:29 -04:00
Sam d7e7ae33ea FIX: IE9 and 10 were getting white screen, due to ES6 usage 2015-07-17 12:43:45 +10:00
Kane York 650eb86a74 Disable in development (server) 2015-07-15 10:17:36 -07:00
Kane York ecfa17b5a7 FEATURE: Localization fallbacks (server-side)
The FallbackLocaleList object tells I18n::Backend::Fallbacks what order the
languages should be attempted in. Because of the translate_accelerator patch,
the SiteSetting.default_locale is *not* guaranteed to be fully loaded after the
server starts, so a call to ensure_loaded! is added after the locale is set for
the current user.

The declarations of config.i18n.fallbacks = true in the environment files were
actually garbage, because the I18n.default_locale was
SiteSetting.default_locale, so there was nothing to fall back to. *derp*
2015-07-15 10:17:36 -07:00
Sam e516036492 correct broken specs 2015-07-09 17:05:15 +10:00
Sam 8252f4e110 FEATURE: allow use of redis sentinel via redis_sentinels
Use: DISCOURSE_REDIS_SENTINELS and DISCOURSE_REDIS_HOST to configure redis
sentinel
2015-06-25 16:51:48 +10:00
Sam Saffron 57e82ceac7 PERF: production assets not minified
source url post processor forcing all scripts into an eval,
  minifier can not minify such files
2015-06-11 16:41:39 +10:00
Sam Saffron 9b489506d0 update memory profiler, oj and lru redux 2015-06-05 01:39:38 +10:00
Sam 3f24e18df0 stop logging badrequest, its just bad urls entered 2015-05-27 13:46:15 +10:00
Sam f26fef4340 silence ar not found 2015-05-19 09:32:27 +10:00
Aaron Boushley 60aa52b753 Enable CORS requests to pass necessary headers.
To fully enable session deletion over CORS we need support for passing the
`X-Requested-With` header so that these requests can pass the `check-xhr` filter.

I also allowed the `X-CSRF-Token` to enable the alternative CSRF passing syntax.
2015-05-14 09:46:41 -07:00
Robin Ward 963b08f063 Allow OPTIONS requests when CORS is enabled 2015-05-14 11:14:47 -04:00
Sam d6c06eb547 Get rid of CSRF errors 2015-05-07 10:42:21 +10:00
Sam cea9cfe49f remove alihack 2015-05-06 16:59:41 +10:00
Sam 2f82caafa2 Add ignore for another type of not found 2015-05-06 16:21:59 +10:00
Sam c96a057395 ignore routing errors on multisite 2015-05-06 12:47:30 +10:00
Sam 19e5304813 add hostname to fake env 2015-05-06 12:28:32 +10:00
Sam f58d85edea FEATURE: move stylesheet cache out of the uploads directory 2015-05-05 15:50:13 +10:00
Sam 0369f26a39 add some ignores 2015-05-04 16:12:03 +10:00
Sam 803feefd54 MessageBus handles readonly redis now, no need to wrap it 2015-05-04 12:21:00 +10:00
Arthur Neves 439d0d2e37
Check Rails.version instead of ENV
Like that we can have code that works on multiple Rails versions, and we
dont need to mix a new method on Kernel.
Also, this makes easier to have multiple versions.
For instance, before master was 4.2, which is not the case anymore, so
on the code we should check versions and not Environment variables
2015-04-28 22:27:47 -04:00
Robin Ward 5b3f99aa50 Don't blow up if Redis switches to READONLY 2015-04-24 14:37:16 -04:00
Sam 0c11b4c707 timings is a POST 2015-04-17 12:49:55 +10:00
Sam 2599b94920 ignore uploads for mini profiler 2015-04-17 12:16:37 +10:00
Robin Ward 788b66e4a3 Update SourceURL to work better 2015-04-16 16:51:49 -04:00
Sam 2d9d60e9a2 we don't need oobgc in ruby 2.2, disable for now 2015-04-08 15:24:17 +10:00
Sam a0369855b9 FIX: subfolder offsite message bus was not returning wrong header 2015-03-18 09:10:35 +11:00
Sam a82530012a FEATURE: Allow selection of highlight js languages
PERF: stop loading highlight js on load

To get latest highlight js run bin/rake highlightjs:update
2015-03-13 16:18:59 +11:00
Robin Ward 31ca464c31 We define `console.log` as an empty function for old browsers now 2015-03-09 14:51:37 -04:00
Sam d4d5f739ea get rid of deprecation 2015-03-09 13:14:29 +11:00
Sam f5af4768eb FEATURE: add clean support for running Discourse in a subfolder
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
Sam 6960639c58 Merge pull request from riking/thrown_logging
Delete old ErrorLog, use Logster for 500 errors
2015-02-23 14:19:16 +11:00
Sam cdef67667a PERF: allow background jobs to flush between requests in same thread 2015-02-17 09:58:43 +11:00
riking 5657006aca Rename handle_exception to handle_job_exception 2015-02-09 12:47:46 -08:00
Sam a7cb93a5c3 FEATURE: failsafe, in multisite if a site is bad still boot up 2015-02-09 18:31:05 +11:00
Sam 63404b16bb FIX: on upgrade via discourse docker client json not updating 2015-02-09 17:58:56 +11:00
Sam 820ce8765e refactor traffic report
split traffic report in 2, page view vs raw traffic
hide raw traffic report by default
improve flushing logic for application reqs
2015-02-06 14:39:16 +11:00
Sam 08b790b3c2 improve metrics gathered using in our traffic section
this also pulls out the middleware into its own home and inserts in front
2015-02-05 16:08:52 +11:00
Jeff Atwood dae39b5b71 missed closing paren 2015-01-19 01:29:02 -08:00
Jeff Atwood 4cb6606e8c block some more dumb trackback spam from logging 2015-01-19 01:19:34 -08:00
Jeff Atwood a2e77d8bf4 better regex JS err suppression for Logster 2015-01-16 23:30:06 -08:00
Jeff Atwood 18215f90d0 more flexible regex to block empty JS Logster errors 2015-01-16 17:36:18 -08:00
Jeff Atwood 77ae0b4f7f block empty JS errors from Logster 2015-01-16 17:28:50 -08:00
Sam ef62933034 Ruby 2.2 fixes 2014-12-29 13:31:15 +11:00
Sam 2535e22151 stop logging csrf errors for API 2014-12-12 08:00:22 +11:00
Sam 23ad68678e rails master fixes 2014-11-11 12:58:56 +11:00
Godfrey Chan b1a0cd417d Avoid a deprecation warning by poly-filling #deliver_now and #deliver_now 2014-11-10 01:05:46 -08:00
Sam aa9b3bb35a FEATURE: allow long polling to go to a different url
Added the site setting long_polling_base_url , this allows you
to farm long polling to a different server.

This setting is very important if a CDN is serving dynamic content.
2014-10-24 13:38:38 +11:00
Neil Lalonde f88075cbba FEATURE: CORS settings per-site in a multisite env 2014-10-15 15:20:39 -04:00
Sam 5e0623d1e5 FEATURE: airbrake dependency removed, can be added via a plugin if needed 2014-09-25 10:30:29 +10:00
Sam 492aca05c2 FIX: authorized callback deprecated 2014-08-22 11:05:20 +10:00
Sam e291138cf1 Unknown format is not interesting 2014-08-18 13:10:22 +10:00
Sam f897c89d48 FIX: run reaper after fork 2014-08-11 17:51:55 +10:00
Sam 9ceb0556bc PERF: add connection pool drainer to keep connection counts down 2014-08-11 16:48:10 +10:00
Sam 44d45c6eda FIX: logster update, enable ignore patterns 2014-08-07 10:30:12 +10:00
Régis Hanol 562d2e0c86 TEMP: comment out logster ignore patterns 2014-08-06 14:50:48 +02:00
Sam 3cab3acd60 FIX: stop logging way too much information 2014-08-05 16:14:28 +10:00
Vikhyat Korrapati 2f30ce79c8 Add Access-Control-Allow-Credentials to the CORS headers. 2014-07-30 02:36:30 +05:30
Sam 1c25f00615 Fix build 2014-07-29 12:47:26 +10:00
riking 400bbb57fe Suppress trackback CSRF errors from Logster 2014-07-25 12:43:57 -07:00
Sam 46c406360d FIX: cors setting was broken
Some days I wonder why we bother taking a whole gem
dependency when 10 lines of code does the job right
2014-07-23 17:04:09 +10:00
riking d90404e830 Change 'code' to 'message' 2014-07-17 15:19:58 -07:00
riking 12cb682548 Start passing more context to Discourse.handle_exception 2014-07-17 14:11:56 -07:00
riking 2b5a955c18 Pass more context from Sidekiq jobs to Logster 2014-07-17 11:19:59 -07:00
Sam 9468ebeb2e CHANGE: Mini Profiler only enabled for developers in prd 2014-07-17 08:34:41 +10:00
Sam efd6bf1490 FIX: set last modified date on CDN assets 2014-07-08 14:48:20 +10:00
Neil Lalonde 10f0ddbbdd Make it possible to add multiple CORS origins in discourse.conf and docker yml files 2014-06-13 14:47:19 -04:00
Robin Ward 1af2ff6201 ES6: More components moved over. 2014-05-30 12:28:05 -04:00
Sam fa6f22dd39 Move letter avatars out of upload system
FIX: S3 issues around system avatars
FIX: reduced backup file size
2014-05-30 14:45:55 +10:00
Robin Ward 20c640355d Silence avatar logger for sanity 2014-05-27 10:27:49 -04:00
Sam Saffron 7c3d72f77a BUGFIX: exclude avatars from mini profiler 2014-05-27 12:38:42 +10:00
Sam 6c1c8be794 Work in progress, keeping avatars locally
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)

user can then pick which they want.
2014-05-27 10:08:03 +10:00
Sam 7fbf162666 Logster update
cleans up a bunch of messed up context stuff with multisite
improves backtraces
adds request params
2014-05-25 13:54:52 +10:00
Neil Lalonde c4d3aa3d47 Theming: a UI to choose some base colors that are applied to all the site css. CSS compiled outside of asset pipeline. 2014-05-14 10:18:12 -04:00
Sam 31c575687b memory_profiler should be shipped with mini profiler 2014-05-08 14:47:54 +10:00
Sam c25cd4e78d A new logster, that gets rid of a pile of 404s being logged as fatal errors. 2014-05-07 17:01:19 +10:00
Sam 19dec8c87c mini profiler too chatty 2014-05-07 08:33:07 +10:00
Sam 4af0aa9cbc logster integration (in production as well) 2014-05-07 08:24:15 +10:00
Sam c6f9cc0787 UPGRADE: sidekiq to sidekiq 3.0 2014-04-23 11:01:17 +10:00
Jeff Atwood fa4c21c28f better first boot register admin account help 2014-04-21 11:36:35 -07:00
Robin Ward caa2564b83 Start up the Job scheduler after all the other initializers have loaded.
We do this so that plugins can register scheduled jobs.
2014-04-10 12:41:13 -04:00
Vikhyat Korrapati 8c129e480a Always use DiscourseSassImporter, add optional sprockets deps tracking. 2014-04-09 19:17:19 +05:30
Sam d064dd241f BUGFIX: reload site settings on rails reload in dev 2014-04-03 10:39:30 +11:00
Sam f3cc7360e0 BUGFIX: Correct after_fork semantics
After fork SiteSettings was not getting a new process id,
causing site settings not to refresh properly in unicorn

This code also centralizes the logic
2014-03-31 12:34:13 +11:00
Sam 14f7551f2b Fix visual bug 2014-03-25 09:45:21 +11:00
Jeff Atwood 6715786630 minor login install hint copyedit 2014-03-24 00:33:02 -07:00
Sam 039e65c3eb improve copy 2014-03-24 18:11:12 +11:00
Sam 7e7c4efcc0 FEATURE: on initial boot hint users on how to get admin 2014-03-24 18:03:39 +11:00
Sam Saffron 2ab76f60d1 FEATURE: Discoruse.handle_exception
to report exception via sidekiq helper, adds extra context
2014-02-21 14:30:25 +11:00
Sam c0d947aa98 allow bench to run with unicorn optionally
memstats can output yaml now
2014-02-16 16:44:51 +11:00
Régis Hanol 0e686aca95 update sidekiq initializer to use the pausable middleware 2014-02-13 13:31:13 -08:00
slainer68 a89018db87 Use GlobalSetting to enable CORS at application level 2014-02-09 23:11:52 -08:00
Sam 212ece3e80 Remove memory profiler at least until I push a new docker image 2014-02-10 15:40:32 +11:00
Sam ca170e4636 Add memory profiler gem for ruby 2.1 2014-02-10 15:27:46 +11:00
Sam 87a07e2355 attempt to work around concurrency issue with active record 2014-02-08 15:19:10 +11:00
Sam e1f293ad66 FEATURE: new scheduler
Removed sidetiq, introduced new scheduler

- add basic UI
- add schedule discover
- add scheduling in initializer
2014-02-06 10:26:16 +11:00
Neil Lalonde e6096b4524 Revert "Try secure: true again" It's definitely broken 2014-01-31 15:02:57 -05:00
Neil Lalonde ad34a297fd Try secure: true again 2014-01-31 14:17:14 -05:00
Neil Lalonde f71c8bb533 Revert "Add secure flag to cookie" 2014-01-30 18:53:48 -05:00
Neil Lalonde 4e158b2316 Add secure flag to cookie 2014-01-30 17:07:08 -05:00
Neil Lalonde 946e837542 Add twitter to Onebox.options 2014-01-29 14:14:07 -05:00
Sam a247389d4e FEATURE: automatically update site to latest version of assets
if a user neglects to move around the site it will prompt to do so 2 hours in
2014-01-15 12:08:35 +11:00
Sam fd95dbe75a FEATURE: Automatically force a full refresh between pages if assets change 2014-01-15 12:08:35 +11:00
Sam 166a8d2932 don't insert middleware its a problem 2014-01-10 13:51:02 +11:00
Sam 5242a49c02 BUGFIX: in some proxy scenarios https was not propergated properly 2014-01-10 12:21:09 +11:00
Sam adc9a58f4a BUGFIX: anon cache was mucking with params 2014-01-09 16:49:12 +11:00
Sam d4cc367a6f Disable cache for a bit to see if its killing the build 2014-01-09 16:08:59 +11:00
Sam 177983afe6 BUGFIX: mobile ui was being cached for anon views 2014-01-09 14:08:42 +11:00
Régis Hanol 06dd7ffe3c better revision history 2013-12-12 03:41:34 +01:00
Sam 461972844e unicorn out of band GC 2013-11-15 12:15:49 +11:00
Sam 0e8914cee6 add unicorn launcher to support live reloads
add oobgc rudimentary support
2013-11-13 15:29:36 +11:00
Sam 11428ef9d6 filter out android from mini profiler 2013-11-12 16:47:01 +11:00
Neil Lalonde 18bc6ecd08 Sidetiq::Clock#start is deprecated. Remove it. 2013-11-05 15:43:48 -05:00
Raul Murciano bd5fe86c87 require `X-Frame-Options: SAMEORIGIN` for clickjack prevention 2013-10-28 15:14:08 -07:00
Sam 3d647a4b41 remove rack cache, it has been causing trouble
instead implement an aggressive anonymous cache that is stored in redis
this cache is sitting in the front of the middleware stack enabled only in production
TODO: expire it more intelligently when stuff is created
2013-10-16 16:39:18 +11:00
Sam c4bab8915c fix initialization issues with unicorn
amend unicorn script to demonize sidekiq
create a sidekiq demon that unicorn consumes
correct bug in exec_sql with empty params
2013-10-10 14:23:24 +11:00
Sam f0a122a66c move job files so they live underneath app/ and not in lib/
introduce new setting email_always, that will force emails to send to users regardless of presence on site
2013-10-01 17:04:02 +10:00
Sam 98267d439a fixed ruby 2.0 p0 bug in fast_stack so re-pushing 2013-09-09 21:19:23 +10:00
Sam 3fb0f52574 disable flamegraph while I figure out why fast stack is not working for some people on x32 2013-09-07 08:50:16 +10:00
Sam 51eb764345 mini profiler update to use latest flame graph engine 2013-09-03 17:58:56 +10:00
Sam d3c5afbb80 reduce sidetiq frequency
remove minutely() schedule that was very inefficient
2013-09-02 17:14:41 +10:00
Sam b730b27c4f some soample counter methods 2013-08-30 16:44:34 +10:00
Sam aaf41d227f fix secret_token init to always allow an override even if its too short 2013-08-29 15:27:59 +10:00
Sam 213ce33af2 Fixed all broken specs
Moved middleware config into authenticators
2013-08-26 12:59:17 +10:00
Sam 912d4b853b slowly going about ordering our middleware 2013-08-26 12:59:17 +10:00
Sam 075002a6d5 refactoring the plugin interfaces to allow for better extensible 2013-08-26 12:59:17 +10:00
Sam b5b22f0f36 move secret token into redis to ease install 2013-08-20 17:17:19 +10:00
Michael Kirk 4af8a9102e Authenticate with Discourse via OAuth2
See https://github.com/michaelkirk/discourse_oauth2_example for an
example of how you might integrate your existing oauth2 provider's
authentication via a Discourse plugin.
2013-08-17 21:45:20 -07:00
Stephan Kaag a6b4b5dbf2 Replace Clockwork with Sidetiq 2013-08-14 21:39:40 +02:00
Régis Hanol 92b0cfe3d3 cleaned up non-used code 2013-08-13 22:09:10 +02:00
Sam 857e2e6a19 correct scope, it should user:email to get read access to email 2013-08-02 10:03:29 +10:00
Sam 2162e3bbb5 we need email scope (also as I edit files I like to keep quoting consistent) 2013-08-02 09:59:25 +10:00
Sam 160107a712 working plugin interface for custom openid auth, custom css and custom js 2013-08-01 16:02:43 +10:00
Robin Ward 8c4aac7f94 Migrate all jasmine specs to Qunit. Removed Jasmine. 2013-06-19 18:18:35 -04:00
Sam 11afa0c11b work in progress migrate to moment 2013-06-07 08:49:22 +10:00
Ian Christian Myers 0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Sam 8b69ee26ff forking in passenger was bust, message bus subscriptions would stop working after fork 2013-06-03 16:50:30 +10:00
Chris Hunt dbf4d9b0dc Set Sidekiq log level to WARN 2013-05-29 09:36:15 -07:00
Erik Ordway 1575ce7b10 add cas support with a few tests 2013-05-23 13:40:50 -07:00
Sam e9ebadb414 Nuke message_bus_observer move to service class and classes
Secure all messages triggered by post creation and all user actions so they don't leak
(meaning, if you have a browser open and secure topics are created you will only get them if you are allowed to see them)
2013-05-16 15:03:16 +10:00
Sam 68e6405aca redis rack cache was crazy, it was just storing stuff in redis FOREVER, added a PR to fix, forked to my repo, sourcing a sane version 2013-05-07 17:33:04 +10:00
Sam 4d2c28e8b2 added setting to flush redis if you feel like doing so in dev 2013-05-03 09:56:10 +10:00
slainer68 467c76b2c0 Implements support for rack-cors for API JavaScript access in end-user browser 2013-04-22 11:16:58 +02:00
Sam 8014d7fd25 correct rack::cache so it always punches through users with auth cookies 2013-04-12 21:59:52 +10:00
Sam 850b042cab introduce rack:cache as a default, so users don't need to configure apache or nginx
under rack cache we are able to serve 620reqs a second per thin (on my machine) before it 12 (on my machine)

reorganised so mini profilers can be cleanly disabled from config file

added caching for categories index

move production.rb to production.sample.rb
2013-04-11 16:24:21 +10:00
Kuba Brecka af0a772629 implement pluralization for server-side and js 2013-03-31 19:55:02 +02:00
Sam 36d60befbd mini profiler fix for multisite 2013-03-25 18:04:46 -07:00
Neil Lalonde ba315c6610 If assets haven't been precompiled, fail to start server in production mode with a message 2013-03-25 13:33:58 -04:00
Robin Ward 7c505df6d4 Merge branch 'update-sidekiq' of git://github.com/nverba/discourse
Conflicts:
	config/initializers/sidekiq.rb
2013-03-25 10:26:13 -04:00
Sam 622568fd57 fix mp in prd 2013-03-24 20:36:55 -07:00
Sam f921d1c547 comment out dead code
add some explanations
2013-03-24 20:09:28 -07:00
Sam 67c438434b wow, this has been broken for OH so long, we need to segragate users correctly so MP results work as expected 2013-03-24 19:52:03 -07:00
Sam 988a712c77 correct multisite functionality for omniauth 2013-03-24 17:21:18 -07:00
Karan Misra 5dfb04e4b3 Convert a lot of :a => b to a: b and bring peace to the world 2013-03-25 05:07:36 +05:30