I was seeing some strange behavior from this tween on non-GET requests,
where a huge number of Set-Cookie headers were being added. I'm not sure
exactly what was causing this, but it's not necessary to do on non-GET
requests anyway, so this should be safer.
The site-icons spritesheet has already become unwieldy - it's almost
1MB, is mostly rarely-needed icons, and needs to be fully replaced and
re-downloaded whenever a new icon is added. With HTTP/2 now being widely
supported, spritesheets seem to be mostly obsolete, and I probably never
should have done it that way in the first place.
This commit changes over to simply using individual icon images, and
rebuilds the CSS file whenever new icons are downloaded. This new CSS
file will probably be somewhat large, but should gzip extremely well.
This probably still needs some work to support cache-busting on the CSS
file.
This is mostly motivated by recently enabling the themes from the main
Tildes site on the Docs and Blog. To support users maintaining their
theme between sites, we need to set the domain field on the cookie,
which we weren't doing previously. This tween will automatically convert
"old" cookies to "new" ones, but unfortunately there's no way to
determine whether their cookie has domain set or not, so we just need to
set a new-style cookie every time.
This also will start setting the cookie if they don't already have one,
but have a default theme set on their account. This is necessary to be
able to have the default theme carry over to Docs/Blog.
In the future (maybe in a month or so), we can change this so that it
only does the default-theme function.
We're going to make the static sites depend on the main site's
stylesheet, but as part of that we need to be able to do a little bit of
customization specific to them - specifically, being able to bring over
the rules for setting up how lists and links look. Hopefully we
shouldn't need to use this much, but this is reasonable for now.
This will allow individual groups to always show the username on topics,
overriding the usual behavior of only showing username when it's a text
topic. On Tildes itself, this will be useful for groups like ~creative.
Markdown won't merge subsequent quoted paragraphs into a single
blockquote unless the blank line between them also has a ">" on it. Most
people don't expect this behavior when quoting a multi-paragraph
section, and end up with a bunch of separated blockquotes.
This should fix that issue by default, but still allows people to keep
their blockquotes separated by adding at least one more newline between
the two quoted paragraphs (so they have at least two blank lines), among
various other methods.
The foreground color was accidentally set wrongly before (using
$foreground itself, which wasn't set yet) so that it ended up as full
white, which was too bright. These should be the right colors from the
theme.
The special formatting for the "spoiler" tag was being applied to a post
with the tag "spoiler attack", due to the way the CSS rules were
written. This still isn't a great solution overall, but should fix those
cases at least.
It seems like the absolute url (without domain) is making the image not
render in Twitter cards, and lack of a description is making some of the
embeds look strange. We'll add a default description for now and look to
override this soon.
This should allow for some basic embeds to be displayed in
Slack/Discord/Twitter/etc. when people link to Tildes urls. This should
definitely be enhanced by adding things like descriptions to pages where
that's relevant, but it's a reasonable start.
If the user has text selected inside a comment when they click the reply
button, this will automatically start off the form with that text inside
a blockquote. This only works if the selected text is inside another
comment (for example it won't work if the text is in the sidebar or the
topic itself), and only if the entirety of the selection is inside the
same comment.
This is a change I've been meaning to make for a while anyway for better
semantic HTML and accessibility, and it ended up being necessary to be
able to support some other updates as well.
This button only shows up on mobile (or small screens) and will appear
after the user has scrolled down at least two viewport-heights. The
Intersection Observer API is used to detect this with an invisible
"buffer" div, instead of attaching to scroll events.
Nothing too significant in here, but it rearranges some of the theme
initialization a little more, including making sure that each theme sets
a number of "essential" colors. It also moves the default theme out into
its own file, instead of having it at the bottom of _theme_base.scss for
no particular reason.
Previously, PHP syntax highlighting worked only inside <?php ... ?>
block.
Pygments can disable this behavior, but we have to pass an argument when
creating the PhpLexer to do it.
HTTPException hits all HTTP codes, including redirections, which was
breaking the tild.es shortener. Using HTTPError instead will only cover
the 4xx and 5xx codes, which is what we want.
Previously the site would give an unstyled web-server error on a lot of
errors (such as trying to visit the page for a username that doesn't
exist). This just adds a generic error page, but we'll want to add some
more specialized ones for certain errors.
Most people are coming to the register page through the register links
that people give them as an invite (and it isn't even linked from
anywhere on the site itself). There's no need to show the warning about
the site being invite-only if they've got a code, so we'll only show it
if people happen across this page by typing in the url manually or
something similar.
This also makes the warning a little more prominent by changing it to a
toast instead of just colored text.
This is mostly for logged-out users, we don't need the votes to stand
out so much for them. I think it's fine for logged-in too though, so
let's just try it for both initially.
This is messy in a few ways and needs some reworking, but should be fine
for testing and initial enabling public visibility. An invite is still
required for registration, and the registration page isn't even
currently linked anywhere since people should usually get a registration
link as the invite.
May roll this back and/or do follow-up commits if it makes the site
break.
Using GET for logging out isn't a very good idea, and can result in
external sites being able to log users out by including things like
<img src="https://tildes.net/logout">
This changes it to require a POST, and uses a form with its submit
button re-styled to look like the other text links in the menu.
Previously, the little "Exemplary" badge was only being shown to people
that can view the reasons (generally, the comment author and admins).
The only indication to other users that the comment had been labeled as
Exemplary was the colored left border. This adds the label to the top
for all users, including a count if there are multiple.
I've been reading a little about PostgreSQL transaction ID wraparound
today, and how it's knocked multiple companies out of commission for
days to get it resolved. It should have almost no chance of happening on
Tildes for years, but this will let me set up some monitoring for it
now, while I'm thinking about it.
For more info:
https://blog.sentry.io/2015/07/23/transaction-id-wraparound-in-postgres.html
I didn't like that the previous change made it possible to *always* have
leading/trailing whitespace around a username. For example, it made it
so that you could go to "/user/ Deimos" and still see my user page
because of the leading space being trimmed. This makes it so that you
have to manually set a flag in the UserSchema context to enable the
trimming, and then only does that on the login view.
This is mostly for when people are logging in. Mobile keyboards
especially like to add a space after the username, which previously
would cause an error unless they manually deleted the trailing space.