Someone has been spamming the donation form to test credit card info
lately, with a bunch of $1 charges that almost all get rejected by
Stripe.
They don't seem to change IP addresses most of the time, so this should
make a little harder for them to do, anyway.
If a user tries to post a link topic that's been posted before, this
will add a warning below the form with info about the previous posts and
ask them to confirm that they want to re-post. Currently, this doesn't
have any sort of time/group/etc. restrictions and will just find
previous topics from all time.
The method for doing this is a big ugly to be able to handle both the
no-JS and with-JS posting methods, but it's not too bad.
mypy 0.720 includes a new semantic analyzer that it uses by default. It
mostly still works fine with Tildes's code, except that it doesn't
understand that @hybrid_property is very similar to @property, and it
also fixes a bug I was taking advantage of before to get mypy to not
complain about a @property that returns a different type than you set it
to.
This uses the TYPE_CHECKING constant (which is only ever true when mypy
is currently analyzing the code) to effectively replace @hybrid_property
with @property so that mypy understands it.
Uses the new pluralize macro I added to simplify/shorten other cases
where I was using {% trans %} previously.
The only exception was for "vote"/"votes" in the topic voting button,
since those are in separate HTML elements so it wouldn't work very
cleanly through the macro.
Now that the login page is set up to send users back to wherever they
were before logging in, we'll send users there with an appropriate
from_url if they try to access a page that they need to be logged in
for.
Previously, logging in would always send you to the home page. Now the
user will be sent back to whichever page they clicked the "Log in" link
from. Note that the destination is not validated, other than ensuring
that it starts with a "/" to prevent redirects to different sites.
The previous method of doing this could cause redis to try to start up
(via restart) earlier than it should. By using require_in and watch_in,
it should now only start up in the first place once this service has
been started first, and it will also cause redis to restart if it ever
needs to run again in the future.
With the current repo setup, line-endings will automatically be
converted to and from CRLF when someone is working on Windows. This is
how we want it to work, but since the line-endings are CRLF while
they're working, these checks will always throw a ton of errors. We can
safely just disable them, since everything should be fine and handled
properly already.
Vagrant on Windows has issues with creating symlinks inside shared
folders - it requires a permission that isn't granted to a user by
default. This can be fixed by changing security policies, but for our
purposes we don't need the symlinks anyway, and can run the tools
manually like this, instead of using the .bin/ symlinks.
This may need some more specific file-type definitions added, but let's
try with the absolute minimal version first, which just relies on git to
detect which files are text or binary.
Without setting any defaults, it seems to give 1024MB of memory and 2
CPUs. That low of memory can (and does) result in the VM swapping itself
to death when doing some things. I'm going to set a reasonable amount in
the Vagrantfile, and update the docs to explain how to raise/lower it if
necessary (and recommend a minimum).
Previously the "web API" exceptions were being based on the matched
route, but that would cause issues such as trying to move a topic to a
non-existent group. That's a PATCH request on a topic, so it would
display an error of "Topic not found" instead of "Group not found".
This moves the logic into the root factories and displays the message
attached to the HTTPNotFound exception when one is returned, which
should work more properly.
If an AJAX request ends up hitting some sort of error that hasn't been
handled properly in the code yet, it often gets a full HTML page back as
a response, instead of just a text error message. Previously, this would
end up with Intercooler putting the full text of the HTML into the error
element, which is really ugly and confusing.
Now, it will just put an "Unknown error" message, and the actual error
should still end up getting reported to me through Sentry to be able to
investigate.
This causes an internal server occasionally from people trying to see if
there's a topic with ID 0 (often via tild.es/0), so this will just
return a 404 instead.
Previously, this was showing a title of "Topics in ~" in embeds and
such, due to using the same title/description as group topic listings,
but without a group name.
This adds settings into pyproject.toml for the isort tool to match up
with the styles I've generally been using, and then applies it to the
whole project (by running "isort -rc").
Most of these changes are very minor, but it's good to fix the few
inconsistencies that were around.
prospector 1.1.6.4 is currently broken - it updates to a new version of
pylint that it isn't compatible with. The relevant issue is here:
https://github.com/PyCQA/prospector/issues/335
Previously tild.es urls would proxy_pass through to the views inside the
Pyramid app, but this caused strange behavior in some cases. For
example, anything that caused a 404 response would end up in a broken
page that still appeared to be on the tild.es domain, but would be an
HTML-only page coming from the app, since the CSS and JS would not be
available.
This method is still a bit weird in some ways (now you'll end up on a
404 page at https://tildes.net/shortener/... instead), but I think it's
an improvement overall.
Some links can get through to this point without a hostname, which will
cause some of the transformers to crash. We'll just skip everything if
there's no hostname, and it will end up getting rejected afterwards
anyway.
Having this set to "auto" may be contributing to the layout shift while
the page is loading, since it doesn't know the size until the content is
loaded.
Chrome is showing a brief flash of the page rearranging while loading,
where it initially has the sidebar hidden but then it "pops in" and
moves the page to the left. I believe this is due to the HTML ordering
(the sidebar is after the main content) combined with it being hidden by
default, which prevents it from being included in the layout while the
main content is still being loaded.
This should hopefully resolve it, but may need some more changes still.
Previously the description (used for embeds / link previews) was always
"Tildes - a non-profit community site", so this will display how many
comments are in a discussion when people are linking to one.
Previously, the default time period for topic listings under the
Activity sort (which is the overall default) was set to 3 days. Part of
the purpose of this was to stop long-lived, off-topic threads from
sitting at the top of the site indefinitely. However, now that the
Activity sort is adjusted to have a way to consider these threads
"uninteresting" and prevent them from bumping, that's no longer
necessary.
We can try Activity/"all time" as the default sorting again, and should
be able to resolve any issues through using the "uninteresting"
judgments instead of trying to use the shorter time period to hide it.
This file is NPM's equivalent of requirements.txt, and should be
included to make sure that everyone is using the exact same versions of
all NPM packages, which will prevent weird inconsistencies between the
JS/SCSS linting.