When the server gets overloaded and lots of requests start queuing server
will attempt to shed load by returning 429 errors on background requests.
The client can flag a request as background by setting the header:
`Discourse-Background` to `true`
Out-of-the-box we shed load when the queue time goes above 0.5 seconds.
The only request we shed at the moment is the request to load up a new post
when someone posts to a topic.
We can extend this as we go with a more general pattern on the client.
Previous to this change, rate limiting would "break" the post stream which
would make suggested topics vanish and users would have to scroll the page
to see more posts in the topic.
Server needs this protection for cases where tons of clients are navigated
to a topic and a new post is made. This can lead to a self inflicted denial
of service if enough clients are viewing the topic.
Due to the internal security design of Discourse it is hard for a large
number of clients to share a channel where we would pass the full post body
via the message bus.
It also renames (and deprecates) triggerNewPostInStream to triggerNewPostsInStream
This allows us to load a batch of new posts cleanly, so the controller can
keep track of a backlog
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
We were trying to observe a non-ember object which is undefined
behavior and was leaking to odd bugs. This replaces the `filter` object
with an Ember Object and things seem to work.
I also took the opportunity with this commit to move some test specific
stuff out of `discourse-loader` which is loaded on the front end of the
application. The test module building now happens in the `test_helper`
bundle.
DEV: Replace instances of Discourse.base_uri with Discourse.base_path
This is clearer because the base_uri is actually just a path prefix. This continues the work started in 555f467.
This misses a test because Favcount doesn't exposes a get to the counter.
Also, since this code deals with all possible notifications configs we support:
- favicon notification
- favicon new content
- title notification
- title new content
the code is a bit complicated to follow. We may look into refactoring it when a
good opportunity arises, like if https://w3c.github.io/badging/ setClientBadge() method
gives us a cleaner way to notify users.
We can't use erb in Ember CLI (since it does not have Ruby) so this has
been ported to use our `javascript:update_constants` rake test instead.
Note we don't have to run this every time a notification type as it's
only used by fixtures to fill in some specific types we test against.
This is long overdue. We had a lot of (not linted) code to initialize
our test suite as part of the Ruby `test_helper.js` bundle.
This refactor moves that out to a `setup-tests` module, which imports
all the modules properly, rather than using `require`.
It also removes the global `server` variable which some tests were using
for pretender. Those tests are fixed, and in the case of widget tests,
support for a `pretend()` was added, which mimics our acceptance tests.
One problematic test was removed, which overwrites `/posts` - this could
break tons of other tests depending on order.
The prefixing logic is moved into a `prefixProtocol` function in lib:url.
This commit also renames an incorrectly named test and uses https as default instead of http, in 2020 it's reasonable to think we most likely want https and not http. User can still specify http if required.
This commit is also moving one test to a component test.
A followup to this commit would be to ensure every dropdowns are using a regex instead of the normalize/lowercase system we have now.
The dark-mode-friendly SVG mask for the wizard's background image
introduced in 8fcfb9586c does not work with
CDNs, because CORS restrictions apply to SVG masks.
It would be complicated to modify CDN access origin rules for this one
specific assets, so instead, this PR moves the contents of the SVG file
inside the stylesheet.
These are tricky because `module.exports` is used by nodejs files as a
global, which is OK. But we don't want to allow `module` in JS tests
for qunit without importing it first.
We used many global functions to handle tests when they should be
imported like other libraries in our application. This also gets us
closer to the way Ember CLI prefers our tests to be laid out.
Previously, Jobs::EnqueueDigestEmails would enqueue a digest job for every user, even if there are no topics to send. The digest job would exit, no email would send, and last_emailed_at would not change. 30 minutes later, Jobs::EnqueueDigestEmails would run again and re-enqueue jobs for the same users.
120fa8ad introduced a temporary mitigation for this issue, by randomly selecting a subset of those users each time.
This commit adds a new `digest_attempted_at` column to the `user_stats` table. This column is updated every time a digest job completes for a user. Using this, we can avoid scheduling digest jobs for the same user every 30 minutes. This also removes the random user selection in 120fa8ad, and instead prioritizes users who had digests attempted the longest time ago.
To avoid blocking the sidekiq queue a limit of 10,000 digests per 30 minutes
is introduced.
This acts as a safety measure that makes sure we don't keep pouring oil on
a fire.
On multisites it is recommended to set the number way lower so sites do not
dominate the backlog. A reasonable default for multisites may be 100-500.
This can be controlled with the environment var
DISCOURSE_MAX_DIGESTS_ENQUEUED_PER_30_MINS_PER_SITE
See https://meta.discourse.org/t/changing-a-users-email/164512 for additional context.
Previously when an admin user changed a user's email we assumed that they would need a password reset too because they likely did not have access to their account. This proved to be incorrect, as there are other reasons a user needs admin to change their email. This PR:
* Changes the admin change email for user flow so the user is sent an email to confirm the change
* We now record who the email change request was requested by
* If the requested by user is admin and not the user we note this in the email sent to the user
* We also make the confirm change email route open to anonymous users, so it can be clicked by the user even if they do not have access to their account. If there is a logged in user we make sure the confirmation matches the current user.
* FEATURE: Export the entire user profile as json, not just bio/website
* FEATURE: Add session log information to user export
Even though the columns are named 'auth_token' etc, the content is not actually usable to log into the forum with. Despite all that, it is still truncated for export, to avoid any 'token hash cracking' situations.
Allows site administrators to pick different fonts for headings in the wizard and in their site settings. Also correctly displays the header logos in wizard previews.
allowEmails used to always be set to true and did not use
can_invite_via_email, which checks for enable_local_logins.
It was a problem because on sites with local logins
disabled users were allowed to enter email addresses, but
received a generic error "error inviting that user".
Previously, moving a category into another one, that already had a child category of that name (but with a non-conflicting slug) would cause a 500 error:
```
# PG::UniqueViolation:
# ERROR: duplicate key value violates unique constraint "unique_index_categories_on_name"
# DETAIL: Key (COALESCE(parent_category_id, '-1'::integer), name)=(5662, Amazing Category 0) already exists.
```
It now returns 422, and shows the same message as when you're renaming a category: "Category Name has already been taken".
Prior to this fix, weekly could be 8 days and we could have differences between period chooser text and actual results in the chart.
A good followup to this PR would be to add custom date ranges in period-chooser component.
`BasicGroupSerializer` includes `flair_url` which uses `flair_upload` relation, so the N in N+1 in this case was the number of groups with flair in the forum.
This is where they should be as far as ember is concerned. Note this is
a huge commit and we should be really careful everything continues to
work properly.
Bianca Nenciu
Joffrey JAFFEUX
Sam
Kris
Krzysztof Kotlarek
jbrw
Robin Ward
hawm
Daniel Waterworth
David Taylor
Rafael dos Santos Silva
Penar Musaraj
Gerhard Schlager
Martin Brennan
Kane York
Roman Rizzi
Arpit Jalan
Jarek Radosz
Arpit Jalan