1. 02 Jun, 2020 1 commit
    • Deimos's avatar
      Prioritize showing comment removal over deletion · e1535991
      Deimos authored
      If a comment is removed and then deleted by its author, we should
      continue showing it as removed, since that's the more significant action
      (and the deletion is usually *because* of the removal).
      e1535991
  2. 27 May, 2020 1 commit
    • Deimos's avatar
      Don't post full "backlog" of scheduled topics · e8f8885f
      Deimos authored
      This will probably only ever be relevant in development environments,
      but we don't want the topic scheduler to always post a full backlog of
      scheduled topics when it hasn't run for a while. For example, if a dev
      environment has a daily scheduled topic set up, but the VM is not
      launched for a week, the next time the "post scheduled topics" cronjob
      runs, it will post all 7 of the backlogged topics.
      
      This commit changes the script so that it advances the schedule to the
      next *future* occurrence, instead of continuing the backlog.
      e8f8885f
  3. 26 May, 2020 1 commit
    • Deimos's avatar
      TopicQuery: include ignored topics by default · 740f71d3
      Deimos authored
      Previously, TopicQuery was excluding ignored topics by default. However,
      this caused some unexpected issues, such as a crash when someone tried
      to vote on a topic after ignoring it. I think it's more intuitive to
      reverse the logic like this: include the ignored topics by default, and
      only specifically exclude them in the cases where that's necessary.
      740f71d3
  4. 22 May, 2020 1 commit
  5. 15 May, 2020 4 commits
    • Deimos's avatar
      Salt: move postgresql-redis bridge to own state · 384c5c98
      Deimos authored
      384c5c98
    • Deimos's avatar
      Fix environment check in Prometheus config · 78002847
      Deimos authored
      Checking for prod isn't correct - we want the monitoring server to have
      these entries so that it can scrape them from prod.
      78002847
    • Deimos's avatar
      Exclude forums.terraria.org from url transforms · d5453cf2
      Deimos authored
      This forum uses the same invalid url scheme as the Paradox forums, so
      needs to be excluded as well.
      d5453cf2
    • Deimos's avatar
      Add simple metrics to event stream consumer jobs · b011be34
      Deimos authored
      This adds some very simple metrics to all of the background jobs that
      consume the event streams. Currently, the only "real" metric is a
      counter tracking how many messages have been processed by that consumer,
      but a lot of the value will come from being able to utilize the
      automatic "up" metric provided by Prometheus to monitor and make sure
      that all of the jobs are running.
      
      I decided to use ports starting from 25010 for these jobs - this is
      completely arbitrary, it's just a fairly large range of unassigned
      ports, so shouldn't conflict with anything.
      
      I'm not a fan of how much hard-coding is involved here for the different
      ports and jobs in the Prometheus config, but it's also not a big deal.
      b011be34
  6. 09 May, 2020 3 commits
    • Deimos's avatar
      Add temporary bans (manual) · 42f99a82
      Deimos authored
      This enables me to set a ban expiry time for a user (manually, in the
      database). By doing so:
      
      * The user's page will say that they're temporarily banned, and show the
        date their ban will be lifted.
      * If the user tries to log in, it will say they're temporarily banned,
        and give a specific datetime that the ban will be lifted by.
      * An hourly cronjob will lift any bans that have expired.
      42f99a82
    • Deimos's avatar
      Update error message for breached passwords · 7e96fb00
      Deimos authored
      This isn't always in the sidebar, so the previous message could be
      confusing.
      7e96fb00
    • Deimos's avatar
      Login: show whether username or password was wrong · 25e42075
      Deimos authored
      I get a fair number of "forgot password" emails where the person is
      actually trying to log in with the wrong username. Normally, a login
      system shouldn't display whether the username or password was the
      incorrect part, but since it's already public information which
      usernames exist on Tildes (simply by visiting /user/<username>), this
      really isn't meaningfully hiding anything. It would only have any effect
      on the most absolutely naive attackers. I think it's an acceptable
      trade-off to help out people that are inadvertently trying to log in
      with the wrong username instead.
      25e42075
  7. 05 May, 2020 1 commit
  8. 30 Apr, 2020 1 commit
  9. 15 Apr, 2020 3 commits
  10. 07 Apr, 2020 1 commit
    • dougmellon's avatar
      Remove aria-label from divs · b707e2b9
      dougmellon authored
      This is a recommendation from the W3C validator: "Don't use aria-label
      or aria-labelledby on a span or div unless its given a role."
      b707e2b9
  11. 03 Apr, 2020 1 commit
    • Deimos's avatar
      Monitoring server: add blackbox exporter · f2c0b68f
      Deimos authored
      This is a prometheus exporter that allows checking IPv4 and IPv6
      responses, among other things. This sets it up to make sure that the
      site is responding over both IPv4 and IPv6, so that I can monitor and
      set up an alert if either stops working.
      f2c0b68f
  12. 25 Mar, 2020 1 commit
    • Deimos's avatar
      Treat scheduled-topic title/markdown as Jinja · 284c3cfd
      Deimos authored
      This probably isn't particularly safe, but it's fine since I'm the only
      one that can create or edit scheduled topics for now. The only available
      variable so far is current_time_utc.
      284c3cfd
  13. 23 Mar, 2020 1 commit
  14. 21 Mar, 2020 2 commits
  15. 19 Mar, 2020 4 commits
  16. 18 Mar, 2020 1 commit
  17. 17 Mar, 2020 2 commits
    • Deimos's avatar
      Add global autocomplete tags · 3f1decb2
      Deimos authored
      This is kind of hacky again (and shouldn't contain the coronavirus tag
      over the long term), but makes sure that the "spoiler", "nsfw", and
      "coronaviruses.covid19" tags are always offered as autocomplete options,
      no matter how common they are in the topic's group.
      3f1decb2
    • Deimos's avatar
      TEMP: Add some hacky coronavirus "views" · 355dd9d3
      Deimos authored
      This adds two links at the top of the home page that go to different
      "views" - one includes only topics related to the coronavirus, while the
      other filters out all coronavirus topics.
      
      For the purposes of these views, a "coronavirus topic" is one that is
      either in the ~health.coronavirus group, or has coronaviruses.covid19
      tag.
      
      This is very hacky and will only work on the main tildes.net site due to
      hardcoded group name and tag. I'm okay with that.
      355dd9d3
  18. 13 Mar, 2020 1 commit
    • Deimos's avatar
      Update groups page layout + show activity stats · 1c739d97
      Deimos authored
      This replaces the groups page with a new list style that doesn't include
      the ability to subscribe/unsubscribe directly on the page, and also
      shows approximate activity statistics (daily topics/comments) for each
      group.
      1c739d97
  19. 09 Mar, 2020 1 commit
  20. 06 Mar, 2020 1 commit
  21. 05 Mar, 2020 4 commits
    • Deimos's avatar
      Fix autocomplete chip X "ends with" conflicts · c8f86977
      Deimos authored
      Let's try this again without the regex.
      
      Clicking the X button in an autocomplete chip could inadvertently remove
      the wrong tag (and cause a weird "merging" behavior) if another tag
      ended with the same text as the one being removed. For example, if a
      post had both "one.two" and "two" tags and you clicked the X button on
      the "two".
      c8f86977
    • Deimos's avatar
      Revert "Fix autocomplete chip X "ends with" conflicts" · 6e610be3
      Deimos authored
      This reverts commit 83ce0824.
      6e610be3
    • Deimos's avatar
      Fix autocomplete chip X "ends with" conflicts · 83ce0824
      Deimos authored
      Clicking the X button in an autocomplete chip could inadvertently remove
      the wrong tag (and cause a weird "merging" behavior) if another tag
      ended with the same text as the one being removed. For example, if a
      post had both "one.two" and "two" tags and you clicked the X button on
      the "two".
      83ce0824
    • Deimos's avatar
      Minor updates to Financials and donation goal · c5492cf4
      Deimos authored
      Just a couple relatively minor updates to the financial stuff:
      
      * Removed the "is_approximate" column on the table and just added a more
        general note about most of the amounts being approximate. It was more
        annoying to worry about than meaningful.
      * Some style/layout/wording tweaks to the donation goal to try to make
        it a little more obvious that this is a long-term sustainability goal.
      c5492cf4
  22. 02 Mar, 2020 2 commits
  23. 29 Feb, 2020 2 commits
    • Deimos's avatar
      Rework permissions/ACL system · 94b9e1bf
      Deimos authored
      This is a major rework of the permissions system to enable various new
      capabilities and clean up some of the oddities that were there.
      Highlights:
      
      - The concept of "admin" permission is removed. All permissions must be
        granted individually.
      - Permissions can now be granted on a group-specific level, such as
        giving a user the ability to tag topics only in a specific group.
      - Permissions can also be denied for a specific group (or all groups),
        enabling uses like "tag topics in all groups except ~music".
      - Removed the two cases where "all permissions" were granted: users on
        themselves and the sender and recipient on messages. This was
        dangerous, we should always grant permissions explicitly.
      - Eliminated all the granular permissions for changing a user's settings
        (which were all granted implicitly), and replaced with an overall
        "change_settings" permission.
      94b9e1bf
    • Deimos's avatar
      Update cleanup script for new permissions table · 9ab70c44
      Deimos authored
      9ab70c44