Commit Graph

53601 Commits

Author SHA1 Message Date
Bianca Nenciu d78657bf9b
DEV: Fix spec (#26226)
Follow up to commit a90b88af56.
2024-03-18 20:05:56 +02:00
Régis Hanol 4e02bb5dd9
PERF: avoid publishing user actions to the user who did the action (#26225)
We never use that information and this also fixes an issue with the BCC plugin which ends up triggering a rate-limit because we were publishing a "NEW_PRIVATE_MESSAGE" to the user sending the BCC for every recipients 💥

Internal - t/118283
2024-03-18 18:05:46 +01:00
Bianca Nenciu a90b88af56
PERF: Fix N+1 when searching categories (#26223) 2024-03-18 19:01:17 +02:00
Gabriel Grubba 8ae462c724
FEATURE: add language picker for theme translations in admin UI (#26150)
Allows editing translations of a theme in locales other than the current localy.
2024-03-18 12:00:28 -04:00
David Taylor 5023ff480e
FIX: Ensure dnd icon is updated immediately in glimmer header (#26221)
Adds `@tracked` to the relevant property on the User model so that it is autotracked correctly via the function call `glimmer-header/user-dropdown/notifications#isInDoNotDisturb` -> `models/user#isInDoNotDisturb`.
2024-03-18 14:50:23 +00:00
Alan Guo Xiang Tan e2da72b76c
PERF: Remove unnecessary `<link rel="preload">` (#26219)
Why this change?

According to https://web.dev/articles/preload-critical-assets,

> By preloading a certain resource, you are telling the browser that you would like to fetch it sooner than the browser would otherwise discover it because you are certain that it is important for the current page.

The preload resource hint is meant to tell the browser to fetch
resources that it would not discover upfront or early. However, we are
not using it the right way because we are literally adding the resource
hint right before a `<script>` tag which means the browser would have
discovered the resource even without the resource hint.

What does this change do?

This commit removes the preload resource hint which are added right
before script tags since the optimization here is highly questionable at the expense of making 
our initial DOM larger.
2024-03-18 20:07:29 +08:00
Alan Guo Xiang Tan 27b0ebff4c
DEV: Fix syntax for Link entity header for `experimental_preconnect_link_header` (#26218)
Per https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link, the
syntax for multiple links is something like

```
Link: <https://one.example.com>; rel="preconnect", <https://two.example.com>; rel="preconnect", <https://three.example.com>; rel="preconnect"
```

There should be no trailing `;` before the `,`.
2024-03-18 19:49:16 +08:00
dependabot[bot] 85bf6c6833
Build(deps-dev): Bump puppeteer-core from 22.4.1 to 22.5.0 (#26214)
Bumps [puppeteer-core](https://github.com/puppeteer/puppeteer) from 22.4.1 to 22.5.0.
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/release-please-config.json)
- [Commits](https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v22.4.1...puppeteer-core-v22.5.0)

---
updated-dependencies:
- dependency-name: puppeteer-core
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 09:03:29 +01:00
Joffrey JAFFEUX 5e3bc594c6
UX: do not close post text selection on scroll (#26217) 2024-03-18 09:03:13 +01:00
Joffrey JAFFEUX bbb8595107
PERF: defer loading channels (#26155)
Prior to this change we would pre-load all the user channels which making initial page load slower. This change will make them be loaded right after initial load. In the past this was not possible as the channels would have to be loaded on each page transition. However since about a year, we made the channels to be cached on the frontend and no other request will be needed.

I have decided for now to not show a loading state in the sidebar as I think it would be noise, but we can reconsider this later.

Note given we don't have the channels loaded at first certain things where harder to accomplish. The biggest UX change of this commit is that we removed all the complex logic of computing the best channel to display when you load /chat. We will now store the id of the last channel you visited and will use this id to decide which channel to show.
2024-03-18 08:35:07 +01:00
Joffrey JAFFEUX 0bccdc4dbc
DEV: removes generated documentation (#26207) 2024-03-18 06:58:59 +01:00
Alan Guo Xiang Tan 36cdb1444c
EXPERIMENTAL: preconnect and dns-prefetch resource hints for CDN domains (#26215)
Why this change?

In https://web.dev/articles/preconnect-and-dns-prefetch, it describes
how hinting to the browser to preconnect to domains which we will
eventually use the connection for can help improve the time it takes to
load a page.

We are putting this behind an experimental flag so that we can test and
profile this in a production environment.

What does this change introduce?

Introduce a hidden experimental `experimental_preconnect_link_header`
site setting which when enabled will add the `preconnect` and
`dns-prefetch` resource hints to the response headers for full page load
requests.
2024-03-18 13:45:41 +08:00
David Battersby d5b944f1de
FEATURE: add chat direct message button to user profile (#26135)
This change adds the chat direct message button to user profiles, similarly to how we use it within the user card.
2024-03-18 11:17:37 +08:00
Alan Guo Xiang Tan 426c035b80
UX: First pass styling experimental objects typed setting editor (#26194)
Why this change?

This is a first pass at styling the editor for creating/editing/updating
an objects typed theme setting. Only the desktop view is being
considered at the current moment.

The objects typed theme setting is still behind a feature flag at this moment so there is no need for us to get the styling perfect. The purpose of this PR is to get us to a state which we can quickly iterate with a designer on.
2024-03-18 10:03:30 +08:00
dependabot[bot] a95840d39d
Build(deps): Bump rails_multisite from 5.0.1 to 6.0.0 (#26208)
Bumps [rails_multisite]() from 5.0.1 to 6.0.0.

---
updated-dependencies:
- dependency-name: rails_multisite
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:36:57 +08:00
dependabot[bot] e5a35baf49
Build(deps-dev): Bump json-schema from 4.1.1 to 4.2.0 (#26212)
Bumps [json-schema](https://github.com/voxpupuli/json-schema) from 4.1.1 to 4.2.0.
- [Changelog](https://github.com/voxpupuli/json-schema/blob/master/CHANGELOG.md)
- [Commits](https://github.com/voxpupuli/json-schema/compare/v4.1.1...v4.2.0)

---
updated-dependencies:
- dependency-name: json-schema
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:36:44 +08:00
dependabot[bot] d451b149fd
Build(deps): Bump nokogiri from 1.16.2 to 1.16.3 (#26209)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.2 to 1.16.3.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.16.2...v1.16.3)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:04:04 +08:00
dependabot[bot] 7d9795a10e
Build(deps-dev): Bump sqlite3 from 1.7.2 to 1.7.3 (#26210)
Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/sqlite3-ruby/compare/v1.7.2...v1.7.3)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:03:49 +08:00
dependabot[bot] 192874d0a8
Build(deps-dev): Bump shoulda-matchers from 6.1.0 to 6.2.0 (#26211)
Bumps [shoulda-matchers](https://github.com/thoughtbot/shoulda-matchers) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/thoughtbot/shoulda-matchers/releases)
- [Changelog](https://github.com/thoughtbot/shoulda-matchers/blob/main/CHANGELOG.md)
- [Commits](https://github.com/thoughtbot/shoulda-matchers/compare/v6.1.0...v6.2.0)

---
updated-dependencies:
- dependency-name: shoulda-matchers
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:00:29 +08:00
dependabot[bot] df18da64b3
Build(deps-dev): Bump lefthook from 1.6.6 to 1.6.7 (#26213)
Bumps [lefthook](https://github.com/evilmartians/lefthook) from 1.6.6 to 1.6.7.
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/evilmartians/lefthook/compare/v1.6.6...v1.6.7)

---
updated-dependencies:
- dependency-name: lefthook
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 07:55:16 +08:00
Ted Johansson e2ee70c4e2
FIX: Amend broken Mailgun API key check (#26206) 2024-03-18 09:10:30 +10:00
Martin Brennan 78bafb331a
FEATURE: Allow site settings to be edited throughout admin UI (#26154)
This commit makes it so the site settings filter controls and
the list of settings input editors themselves can be used elsewhere
in the admin UI outside of /admin/site_settings

This allows us to provide more targeted groups of settings in different
UI areas where it makes sense to provide them, such as on plugin pages.
You could open a single page for a plugin where you can see information
about that plugin, change settings, and configure it with custom UIs
in the one place.

In future we will do this in "config areas" for other parts of the
admin UI.
2024-03-18 08:50:39 +10:00
Kris d0d659e733
UX: update twitter icon, add threads & mastodon (#26203) 2024-03-15 16:48:23 -04:00
Daniel Waterworth 1fbcc6936c
DEV: Regression test for categories N+1 (#26204) 2024-03-15 15:10:37 -05:00
Penar Musaraj 531e33b303
DEV: Allow user api key scope for notifications#totals (#26205)
The `/notifications/totals` route is a stripped down version of `notifications#index`. This just allows the mobile app to use this new route.
2024-03-15 16:06:32 -04:00
Penar Musaraj 8cf2f909f5
DEV: Dedicated route for current user notification counts (#26106)
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-03-15 12:08:37 -04:00
Nat ad7e3e04f3
Bump version to v3.3.0.beta1 2024-03-15 15:01:58 +08:00
Bianca Nenciu b425fbc2a2
SECURITY: Generate more category CSS on client
This commit moves the generation of category background CSS from the
server side to the client side. This simplifies the server side code
because it does not need to check which categories are visible to the
current user.
2024-03-15 14:24:11 +08:00
Penar Musaraj 62ea382247
SECURITY: Limit invites params length 2024-03-15 14:24:07 +08:00
Daniel Waterworth 8cade1e825
SECURITY: Prevent large staff actions causing DoS
This commit operates at three levels of abstraction:

 1. We want to prevent user history rows from being unbounded in size.
    This commit adds rails validations to limit the sizes of columns on
    user_histories,

 2. However, we don't want to prevent certain actions from being
    completed if these columns are too long. In those cases, we truncate
    the values that are given and store the truncated versions,

 3. For endpoints that perform staff actions, we can further control
    what is permitted by explicitly validating the params that are given
    before attempting the action,
2024-03-15 14:24:04 +08:00
Alan Guo Xiang Tan 003b80e62f
SECURITY: Add rate limits for uploads 2024-03-15 14:24:00 +08:00
Daniel Waterworth 819361ba28
SECURITY: Don't disclose the existence of secret subcategories 2024-03-15 14:23:55 +08:00
dependabot[bot] 085edb170d
Build(deps): Bump sassc-embedded from 1.70.0 to 1.70.1 (#26184)
Bumps sassc-embedded from 1.70.0 to 1.70.1.

---
updated-dependencies:
- dependency-name: sassc-embedded
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 07:48:54 +08:00
dependabot[bot] f2914bafd3
Build(deps): Bump follow-redirects from 1.15.4 to 1.15.6 (#26191)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.4...v1.15.6)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 07:48:39 +08:00
Alan Guo Xiang Tan cdba864598
DEV: Support description for properties in objects schema (#26172)
Why this change?

When editing a objects typed theme setting, the input fields which are
rendered should include a description so that the user knows the purpose
of the field which they are changing.

What does this change do?

This change adds support for adding description to each property in the
schema for an object by following a given convention in the locale file.

For a schema like this:

```
objects_setting:
  type: objects
  schema:
    name: section
    properties:
      name:
        type: string
        required: true
      links:
        type: objects
        schema:
          name: link
          properties:
            name:
              type: string
              required: true
              validations:
                max_length: 20
            url:
              type: string
```

Description for each property in the object can be added like so:

```
en:
  theme_metadata:
    settings:
      objects_setting:
        description: <description> for the setting
        schema:
          properties:
            name: <description for the name property>
            links:
              name: <description for the name property in link>
              url: <description for the url property in link>
```

If the a description is not present, the input field will simply not
have an description.

Also note that a description for a theme setting can now be added like
so:

```
en:
  theme_metadata:
    settings:
      some_other_setting: <This will be used as the description>
      objects_setting:
        description: <This will also be used as the description>
```
2024-03-15 07:47:42 +08:00
dependabot[bot] ede6118f69
Build(deps): Bump terser from 5.29.1 to 5.29.2 (#26186)
Bumps [terser](https://github.com/terser/terser) from 5.29.1 to 5.29.2.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.29.1...v5.29.2)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:36:08 +08:00
dependabot[bot] 70d27de7fe
Build(deps-dev): Bump esbuild from 0.20.1 to 0.20.2 (#26187)
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.20.1...v0.20.2)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:35:52 +08:00
dependabot[bot] 1a7ea82198
Build(deps-dev): Bump lefthook from 1.6.5 to 1.6.6 (#26188)
Bumps [lefthook](https://github.com/evilmartians/lefthook) from 1.6.5 to 1.6.6.
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/evilmartians/lefthook/compare/v1.6.5...v1.6.6)

---
updated-dependencies:
- dependency-name: lefthook
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:35:37 +08:00
dependabot[bot] 31c41dd013
Build(deps): Bump sass-embedded from 1.71.1 to 1.72.0 (#26189)
Bumps sass-embedded from 1.71.1 to 1.72.0.

---
updated-dependencies:
- dependency-name: sass-embedded
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:35:22 +08:00
dependabot[bot] 6901fcd254
Build(deps): Bump json_schemer from 2.2.0 to 2.2.1 (#26190)
Bumps json_schemer from 2.2.0 to 2.2.1.

---
updated-dependencies:
- dependency-name: json_schemer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:35:08 +08:00
Blake Erickson 70c23f11a9
DEV: Add API scopes for post revisions (#26183)
This commit adds API scopes for reading, modifying, and deleting post
revisions.
2024-03-14 15:24:54 -06:00
Joffrey JAFFEUX c986f9a947
DEV: adds details/location options to downloadCalendar (#26177)
This will now only be used for google to pre-fill the associated fields in: https://calendar.google.com/calendar/u/0/r/eventedit
2024-03-14 21:32:15 +01:00
Penar Musaraj a71f68afdd
DEV: Improve localizability for a few labels (#26178)
Using separate prefix + date elements makes it harder to translate in
some languages. This moves a few dates inside i18n strings.
2024-03-14 15:01:43 -04:00
David Taylor 2546817d07
FIX: correctly strip unneeded csp directives under strict-dynamic (#26180) 2024-03-14 18:50:09 +00:00
David Taylor b16f212c47
DEV: Add discourse prefix to d-popover deprecations (#26181) 2024-03-14 18:50:00 +00:00
Régis Hanol 5213bba672
FIX: support [code] in blockquotes (#26182)
> [code]
> line1
> line2
> [/code]

would render as

| line1
| > line2

instead of the correct

| line1
| line2

That was due to the `bbcode-block` code using a `slice` to get the content of a block and not taking into account it being nested in a quote block for example.

The fix was to get the content using the `getLines` utils method.

Context: https://meta.discourse.org/t/markdown-bbcode-code-quote-bug/299047
2024-03-14 19:31:22 +01:00
Rafael dos Santos Silva 679a773411
FIX: Handle nil post_search_data for search result (#26179)
Since we are introducing new ways to search in Discourse, like the AI
semantic search using embeddings, posts can be part of a search result
list without having any search data.

Since the code path already handles this, we only need to add a safety
check when accessing the post_search_data.
2024-03-14 14:40:46 -03:00
Régis Hanol c662a99db3
FIX: clicking "more..." in emoji autocomplete (#26176)
This reverts the "fix" made in 44f6b24e34 since it wasn't the correct fix and the emoji picker wasn't showing in chat 🤦‍♂️

The proper fix is to `stopPropagation()` on the `click` event since the click handler has been made `async`. `preventDefault()` isn't enough.
2024-03-14 18:15:02 +01:00
Andrei Prigorshnev dedf1a5e03
Correct versions (#26175)
This is a follow-up to https://github.com/discourse/discourse/pull/25883. 
Somehow I forgot to address this comment –https://github.com/discourse/discourse/pull/25883#discussion_r1503234622
2024-03-14 20:36:56 +04:00
Kris 9376a2e755
FEATURE: optionally show "Powered by Discourse" link to discourse.org (#26162) 2024-03-14 10:30:12 -04:00