Commit Graph

815 Commits

Author SHA1 Message Date
Matt Baer ff33c59f27
Merge pull request #180 from writeas/cache-control
Add Cache-Control headers on AP endpoints

Closes T693
2020-01-31 12:00:47 +01:00
Matt Baer 5452bf0c0d
Merge pull request #254 from writeas/fix-local-datetime
Fix date format in `datetime` attribute
2020-01-31 11:00:43 +01:00
Matt Baer 51700cc7da Ignore "mix of collations" error on invite SELECT
This adds the `isIgnorableError` method and calls it when error checking
in `GetUserInvite()`, returning "not found" if the rror comes up.
2020-01-30 10:36:29 +01:00
Matt Baer bc9455db4f Fix datetime attributes on read.tmpl 2020-01-30 10:20:50 +01:00
Matt Baer 5de2f633e1 Fix localdate.js not included on Tags page 2020-01-29 13:03:04 -05:00
Matt Baer 50901d2446 Fix date format in `datetime` attribute
Previously, the date format in this attribute for posts was invalid.
This caused local date rendering to fail in Firefox. This fixes that.

Closes #253
2020-01-29 13:01:21 -05:00
Matt Baer d6b7a5925f Restrict /invite/{code} route to valid chars
Previously, loading something like /invite/fFdblk😄 would return a 500,
due to a mix of collations in MySQL while SELECTing for an invite with
an ID of 'fFdblk😄'. This restricts the route to [a-zA-Z0-9] chars, to
prevent this.
2020-01-29 09:11:02 -05:00
Matt Baer 93dd2341c2
Merge pull request #191 from writeas/T670-local-time
show timestamps in local date/locale
2020-01-29 07:10:43 -05:00
Matt Baer 4d5f58a7e6 Fix date-based post header links
Posts without an explicit title render the date as the post header in
lists of posts (like on the blog index and tag pages). This updates
localdate.js to properly adjust those dates, too.
2020-01-29 06:42:32 -05:00
Matt Baer 3e902461f1 Merge branch 'develop' into T670-local-time 2020-01-29 06:24:46 -05:00
Matt Baer 5ddd73eff4
Merge pull request #247 from writeas/update-upgrade-script
update upgrade script for recent changes
2020-01-29 05:53:58 -05:00
Matt Baer b25cec8381 Update copyright in upgrade script 2020-01-29 05:49:12 -05:00
Matt Baer be0885698e Change "restarting" to "starting" in upgrade script 2020-01-29 05:47:19 -05:00
Matt Baer 8fce34b70b Tidy up Go mod files 2020-01-29 05:24:22 -05:00
Matt Baer ae1a892be0 Upgrade gorilla/sessions to v1.2.0
This gets rid of the gorilla/context dependency, which might have been
causing a memory leak.

We noticed some serious memory leakage on Write.as that seemed to point
to this library. One heap snapshot:

      flat  flat%   sum%        cum   cum%
  259.13MB 30.41% 30.41%   268.13MB 31.46%  net/textproto.(*Reader).ReadMIMEHeader
  105.71MB 12.40% 42.81%   105.71MB 12.40%  github.com/gorilla/context.Set
   78.53MB  9.21% 52.03%   125.53MB 14.73%  github.com/gorilla/sessions.(*Registry).Get
   55.51MB  6.51% 58.54%    82.52MB  9.68%  net/http.(*Request).WithContext
   38.01MB  4.46% 63.00%    38.01MB  4.46%  github.com/gorilla/mux.extractVars
      35MB  4.11% 67.11%       53MB  6.22%  context.WithCancel
   34.50MB  4.05% 71.16%    34.50MB  4.05%  context.WithValue
      27MB  3.17% 74.32%       27MB  3.17%  net/http.cloneURL
      26MB  3.05% 77.38%       26MB  3.05%  github.com/gorilla/sessions.NewSession
      18MB  2.11% 79.49%       18MB  2.11%  context.(*cancelCtx).Done
   16.50MB  1.94% 81.42%    16.50MB  1.94%  syscall.anyToSockaddr
      14MB  1.64% 83.07%       47MB  5.52%  github.com/gorilla/sessions.(*CookieStore).New
   13.50MB  1.58% 84.65%    51.51MB  6.04%  github.com/gorilla/mux.(*Route).Match
   11.67MB  1.37% 86.02%    13.21MB  1.55%  regexp.(*Regexp).replaceAll
    9.72MB  1.14% 87.16%    22.94MB  2.69%  regexp.(*Regexp).ReplaceAllString
    9.50MB  1.11% 88.28%   115.21MB 13.52%  github.com/gorilla/sessions.GetRegistry

With the help of these articles, we tracked it down to this dependency,
and upgraded the library, which seems to have completely fixed the issue
so far:

https://rover.rocks/golang-memory-leak/
https://medium.com/@walterwu_22843/golang-memory-leak-while-handling-huge-amount-of-http-request-35cc970cb75e

This should fix #133
2020-01-29 04:56:23 -05:00
Matt Baer bf8dcff01e Quit AP goroutine early when there's no "to"
Previously, we'd sleep for 2 seconds and then return for no reason. This
fixes that.
2020-01-27 09:23:50 -05:00
Matt Baer 8d3e755c8f Return pointer to http.Client in activityPubClient() 2020-01-23 12:03:23 -05:00
Matt Baer bc9843dfa3 Add timeout on ActivityPub requests 2020-01-23 11:47:35 -05:00
Matt Baer fe26594e8c
Merge pull request #245 from writeas/fix-editor-open-access
Require authenticated user for editor access
2020-01-20 15:42:24 -05:00
Matt Baer 30032e74a0 Add helpful text on Drafts page 2020-01-20 15:25:37 -05:00
Matt Baer b336e95e12 Render HTML entities in Drafts list
Previously, we'd show the raw HTML entities in the summaries of Draft
posts, instead of rendering them. This fixes that.
2020-01-20 15:20:45 -05:00
Rob Loranger 2c075c0347
update upgrade script for recent changes
changes accounted for
- the tar directory structure had changed to use a subdirectory
- there are now multiple linux targets released

bugs
- the service must be stopped before replacing the binary
- migrations were not being run during an upgrade
2020-01-19 15:57:58 -08:00
Matt Baer 8e09e72979 Require authenticated user for editor access
Previously, anyone could access the editor even if they weren't logged
in. They couldn't do much in that case (publishing would fail), but it
could potentially cause some confusion.

Now, users will be sent to the login page, and then redirected back to
the editor once successfully logged in.
2020-01-16 14:50:29 -05:00
Matt Baer b9914dd65a
Merge pull request #244 from writeas/oauth-signup-tweaks
OAuth signup form tweaks

Resolves T715
2020-01-16 14:46:48 -05:00
Matt Baer c1ec6b2605 Fix copyright years in oauth_slack.go 2020-01-16 14:43:32 -05:00
Matt Baer dcdd4dd1ef Add and update copyright notices 2020-01-16 14:39:18 -05:00
Matt Baer 803dd78df5 Remove Password field from OAuth signup page
This removes a bit of friction.

Ref T715 T712
2020-01-16 14:30:09 -05:00
Matt Baer f7dabd39c2 Skip password requirement on OAuth signup
This makes it possible to complete OAuth signup without creating a
password on the WriteFreely instance.

A user can then add a password to their account through their Account
Settings page without any admin action (all of this logic is already in
place).

Ref T715 T712
2020-01-16 14:25:33 -05:00
Matt Baer b5a38efd28 Fall back to username as coll title on OAuth signup
This uses the given username as the Display Name / Collection Title if a
user doesn't give one -- as might happen when authenticating with
Write.as.

Ref T712
2020-01-16 14:09:42 -05:00
Matt Baer 130c9eb747 Change Blog Title to Display Name in OAuth signup
Ref T712
2020-01-16 13:58:14 -05:00
Matt Baer 6842ab2e3b Rename collTitle from alias
"alias" is the name of a different collection field, so this renames the
variable internally to make things clearer.
2020-01-16 13:50:37 -05:00
Matt Baer 4d5c89e7ef Fix false login state on OAuth signup page
Having a `Username` field populated in the page data tells the base
template to display navigation that only a logged in user should see. So
this renames the field to `LoginUsername`, similar to our login.tmpl
page.

Ref T712
2020-01-16 13:37:44 -05:00
Matt Baer 33a6129d1e Add async username check on OAuth signup form
This checks the user's inputted username as they type it, and prevents
form submission if the name is taken.

Ref T712
2020-01-16 13:18:23 -05:00
Matt Baer f2f779e4a2 Generate non-colliding usernames in all lowercase
All usernames should be lowercase, so this generates any username suffix
(in cases of collision) with only lowercase letters. It also removes
vowels to prevent bad 5-letter words from forming.

Ref T712
2020-01-16 12:29:01 -05:00
Matt Baer d297859705 Reserve the username "oauth" 2020-01-16 12:18:21 -05:00
Rob Loranger 571460f08d
move timezone correction to client side 2020-01-15 09:04:38 -08:00
Rob Loranger 0766e6cb36
fixes imported post times
changes the client side to round the unix time to avoid floats

alters the time to match the client time zone on the server side
2020-01-14 10:44:56 -08:00
Matti R 80cffbb3ec
update golang.org/x/crypto vendor to use acme v2
also run go mod tidy to clean up module files
2020-01-14 12:46:52 -05:00
Matt Baer 75e2b60328
Merge pull request #172 from writeas/import-text
add basic text file imports

Resolves T609
2020-01-14 12:33:57 -05:00
Matt Baer 3e97625cca Fix Unix timestamps on client during import
File API gives timestamp in milliseconds, not seconds, so this converts
it on the client-side and sends it the correct time to the server.

Ref T609
2020-01-14 12:26:02 -05:00
Matt Baer 65e2e5126b Revert "Fix unix timestamp in file upload"
This reverts commit 2b066997d1.
2020-01-14 12:24:57 -05:00
Matt Baer 2b066997d1 Fix unix timestamp in file upload
File API gives timestamp in milliseconds, not seconds, so this converts
it correctly.

Ref T609
2020-01-14 12:23:01 -05:00
Matti R 98ca449b66
add arm-6 2020-01-14 12:02:43 -05:00
Rob Loranger aae2f28bb6
pass original file modified date for imports 2020-01-14 08:59:30 -08:00
Matti R f4c6ce76dd
Switch to a maintained fork of XGO 2020-01-14 11:55:55 -05:00
Matt Baer c7b797929b
Merge pull request #238 from writeas/oauth-bugfix-alias-signature
OAuth alias field not set correctly
2020-01-14 10:59:48 -05:00
Nick Gerakines f7995bee48 Fixing bug where display name was not set correctly. 2020-01-14 10:28:40 -05:00
Matt Baer 659392ac4f
Merge pull request #235 from writeas/date-stamps
Add dates to blog posts

Resolves T669
2020-01-14 09:51:12 -05:00
Matt Baer c00daf64b0
Merge pull request #236 from writeas/oauth-provider-callback-hotfix
Fixing bug in oauth callback URL registration.
2020-01-14 09:12:28 -05:00
Nick Gerakines a77d403dfb
Fixing bug in oauth callback URL registration.
Fixing a bug in the oauth callback URL registration where the lack of provider context was overwriting the previous oauth callback route registration call.
2020-01-10 16:16:43 -05:00