47 Commits

Author SHA1 Message Date
Rob Zolkos 5e154a767f Allow bearer auth on Active Storage downloads 2026-04-08 14:37:24 -04:00
Mike Dalessio 628571fc79 Don't set public Cache-Control on proxied non-public blobs
Rails' ActiveStorage proxy controllers hardcode `http_cache_forever public: true`,
which sets `Cache-Control: public, immutable`. For non-public blobs behind auth,
this allows CDN caching that serves responses without authorization checks.

Override `http_cache_forever` in the Authorize concern to downgrade `public` to
`false` for non-public blobs.

See https://github.com/basecamp/fizzy/pull/2251 for context
2026-03-26 14:58:40 -04:00
Stanko K.R. 017bcc9ce1 Polish up Passkey interface
- Fix indentation
- Split awkward initializer into separate methods
- Rename credentials to passkeys
- Simplify authenticator registry loading
- Flatten nested errors under ActionPack::WebAuthn
- Set passkey current params only requests that use it
- Inline anemic methods
- Replace custom validation with ActiveModel::Validation
- Rename identity to holder in Passkey
- Rename credentials to passkeys in JS
- Extract framework library out of controllers
- Pass params hashes down to ActionPack
- Attempt to simplify public interface
- Push data decoding down to the classes representing the data
- Introduce has_passkeys
- Add CBOR bigint support
- Rename ActionPack::WebAuthn::Passkey to ActionPack::Passkey
- Add create_passkey_button helper
- Rename public-key to creation-options
- Add sign_in_with_passkey_button helper
- Dispatch events for the whole Passkey lifecycle
- Add ED25519 support
- Prevent crash on missing meta tag
- Validate resident key options
- Don't clobber existing ActionPack config options
- Validate cryptographic params
- Move CurrentWebAuthnRequest into ActionPack::Passkey
- Use ActiveModel::Attributes for Options objects
- Implement expiring challanges
- Add lifecycle events
- Extract param helpers into Request
- Add passkey_creation_options and passkey_request_options helpers
- Add create_passkey_challenge to make it easier to override the create method if needed
- Prefix all view helpers with passkey_
- Auto-include ActionPack::Passkey::Holder
- Make the passkey challange url configurable
- Add a reminder about Passkeys to the magic link email
2026-03-18 11:51:10 +01:00
Mike Dalessio 4496a203e6 Quash the new Rails warnings about premature class loading (#2653) 2026-03-03 10:44:51 -05:00
Joseph Hale 451920adc7 Include concrete example motivating this module file 2026-03-02 15:25:11 -07:00
Joseph Hale 7611236a67 Simplify comment in skip-detached override
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 14:40:21 -07:00
Joseph Hale c61f49cce9 Extract detached-blob guard into its own file
Separate the attachment existence check from the broadcast suppression
override so each file has a single responsibility. The guard now lives
in ActiveStorageAnalyzeJobSkipDetached with its own documentation
explaining the upload-then-delete race condition.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 14:38:19 -07:00
Joseph Hale 143508fc22 Skip AnalyzeJob when blob has no attachments
Upload-then-delete races cause AnalyzeJob to hit S3 after PurgeJob has
already removed the object, producing Aws::S3::Errors::NoSuchKey noise
in solid_queue_failed_executions. Since PurgeOnLastAttachment destroys
the attachment row before enqueueing PurgeJob, checking
blob.attachments.exists? catches this — a fast DB query that avoids the
S3 round-trip entirely.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 14:13:00 -07:00
Rosa Gutierrez 196d685f8d Implement authorization for Active Storage endpoints
Consider blobs attached to any public records accessible to anyone with
the URL.
2025-12-25 21:22:36 +01:00
Mike Dalessio 18b3319a94 Extract hex_to_base36 and base36_to_hex methods in Uuid type
replacing normalize_base36. This should make it easier to convert
UUIDs between hex and base36 formats, useful when debugging production
logs that contain hex UUIDs.

For example, if in a log you see:

    User Load (0.3ms) SELECT `users`.* FROM `users` WHERE
    `users`.`account_id` = x'019afab815897a4f920f3a24fab75400' AND
    `users`.`id` = x'019afab815a2790688c58c7f8326e700' LIMIT 1

and you want to find that account or that user in the console, you can
now do:

    id = ActiveRecord::Type::Uuid.hex_to_base36("019afab815897a4f920f3a24fab75400")
    => "03f6bilrvt3oghzhurll4pp8g"
2025-12-16 14:16:55 -05:00
Jeremy Daer 761d0b4a76 Speedy, auditable, deadlock-resistant storage tracking (#2026)
An append-only storage ledger replaces deadlock-prone synchronous
counter updates and drift-prone async updates.

All content storage (card images, card/comment/board description embeds)
is tracked. Account exports (which expire) and avatars are not tracked.

Storage is accounted for by Account and Board. Both consume the same
event stream independently: no bubble-up storage bumps triggering
deadlocks due to lock sequencing. Each calculates its own total from
the underlying ledger with independent cursors and materialization.

* Storage::Entry: Append-only ledger recording attach/detach/transfer
  events with delta bytes. Single event stream indexed for both
  Account and Board cursor queries.

* Storage::Total: Polymorphic snapshot cache with cursor (last_entry_id)
  tracking which entries have been materialized.

* Storage::Totaled concern: Provides bytes_used (fast snapshot) and
  bytes_used_exact (snapshot + pending) query modes, plus
  materialize_storage! to roll up pending entries.

* Storage::Tracked concern: For models owning attachments (Card,
  Comment, Board). Provides board_for_storage_tracking for models
  where board is determined differently (Board returns self).
  Handles board transfers by recording transfer_out/transfer_in entries.

* Storage::AttachmentTracking: Hooks ActiveStorage::Attachment lifecycle
  to record attach/detach entries. Handles ActionText::RichText embeds
  by traversing to the actual model. Snapshots context in before_destroy
  to handle cascading deletes where parent record may be gone by
  after_destroy_commit.

* MaterializeJob: Rolls up pending entries into snapshot. Concurrency
  limited per owner to prevent duplicate work.

* ReconcileJob: On-demand reconciliation against actual attachment
  storage for support/debugging. Compares ledger total to real bytes
  from card images, card embeds, comment embeds, and board embeds.

Usage:
* account.bytes_used / board.bytes_used: fast, slightly stale bytesize
* account.bytes_used_exact / board.bytes_used_exact: real-time bytesize
* Storage::Entry: audit trail for debugging and point-in-time queries
2025-12-10 16:04:30 -08:00
Mike Dalessio c4a8996562 Retry mailer jobs on common networking and SMTP errors
This concern is lifted nearly verbatim from Basecamp.

ref: https://app.fizzy.do/5986089/cards/3300
2025-12-04 10:26:24 -05:00
Donal McBreen c4498212dc Merge branch 'main' into sqlite
* main: (116 commits)
  Ensure avatar thumbnails are square
  Update useragent to recognize twitterbot/facebot
  Add defensive styles for non-square avatar images
  Update test for copy changes
  Missed commit
  AI: standardize on https://agents.md
  Make it clear this is just notifications, not comprehensive activity
  AI: configure MCP servers for Chrome, Grafana, and Sentry (#1727)
  Allow requests from Google Image Proxy
  Update to basecamp's useragent fork
  Clean up a little bit the CSRF reporting code
  Claude: production observability guidance (#1725)
  Prevent autoscroll to the root columns container to prevent jump on page load
  Include full name string so you can type your name to filter
  Prioritize current user and assigned users in assignment dropdown
  Check and report on Sec-Fetch-Site header for forgery protection
  bundle update
  Bump bootsnap from 1.18.6 to 1.19.0
  Bump rails from `077c3ad` to `17f6e00`
  Fix cards getting stuck in edit mode
  ...
2025-11-26 10:07:41 +00:00
Mike Dalessio b2e3c7b1c7 Drop the "max previewable file size" limit
which was originally introduced to work around timing issues causing
us to try (and fail) to generate previews on sqlite read replicas.
2025-11-21 10:55:20 -05:00
Donal McBreen a682a807ed Handle SQLite date subtraction 2025-11-21 09:15:19 +00:00
Donal McBreen cc7e091508 Disable multi-db for SQLite 2025-11-21 09:15:19 +00:00
Donal McBreen a2333d9a37 Add SQLite support
- UUID support
- Schema compatibility layer, ignore MySQL specific options
- Search not working yet
2025-11-21 09:15:19 +00:00
Mike Dalessio 2c2a1c4b4a Make sure jobs are enqueued only after all transactions are committed
This should fix the recurring ActiveStorage::FileNotFoundError errors
from ActiveStorage::AnalyzeJob.

The issue is that, when images are not direct uploaded (e.g. a card
background image or avatar image), the AnalyzeJob has been getting
enqueued before the file itself was uploaded to blob storage.

Setting ActiveJob::Base.enqueue_after_transaction_commit = true makes
sure that jobs are always enqueued only once *all* transactions have
been committed.

This will be the Rails default at some point, but for now we still
need to explicitly set it.

Big thanks to @jeremy for the assist. 👏
2025-11-20 18:47:42 -05:00
Stanko K.R. e8a7b19647 Retry file analisys on FileNotFoundError 2025-11-20 15:09:43 +01:00
Mike Dalessio d8f935498a ActiveRecord::Type::Uuid#hex
to make it easier to convert when we have to look in the logs
2025-11-17 20:04:43 -05:00
Donal McBreen a8412449e3 Don't cast and extract normalization
We are not trying to handle user input so `cast` can be a no-op. Also
extract the base36 normalization logic, let the binary class handle the
serialize encoding and add some tests.
2025-11-17 09:12:36 -05:00
Donal McBreen 8ec5c1af5c Use Binary::Data for serialization
This handles quoting for us automatically
2025-11-17 09:12:36 -05:00
Donal McBreen f6ec9bbeea Use a custom class for Uuid values 2025-11-17 09:12:35 -05:00
Donal McBreen fc56ad9d7c Combine uuid-old and uuid branch changes
- Switch to binary 16 for UUID keys
- Remove AccountScopedRecord base class, all model use binary uuids now
- Fix the search sql to serialize uuids properly
- Patch the MySQL schema dumper to output binary lengths
2025-11-17 09:12:34 -05:00
Jorge Manrubia e8920ceb0e Prevent page refreshes when posting comments/descriptions with attachments 2025-11-13 16:03:48 +01:00
Fernando Álvarez 514c0f45a2 Migrate to fizzy.do 2025-11-04 13:17:10 +01:00
Fernando Álvarez 7f78514a58 Move to app.box-car.com 2025-10-30 11:12:39 +01:00
Fernando Álvarez 3946733b65 Migrate to box-car.com 2025-10-28 18:44:25 +01:00
Mike Dalessio a711975904 Turn off attachment previews on large files
ref: https://fizzy.37signals.com/5986089/collections/7/cards/1302
2025-08-19 12:16:24 -04:00
Stanko K.R. c95e8678a9 Extract #all_emoji? to a Rails ext 2025-08-13 15:14:12 +02:00
Mike Dalessio 0a92fc3a16 Port over Jeremy's fix for slow uploads
ref: https://fizzy.37signals.com/5986089/collections/7/cards/944
2025-07-20 13:19:53 -04:00
Jorge Manrubia fa04016cbe Revert "Revert "Replace House with Lexical"" 2025-05-29 14:25:16 +02:00
Jorge Manrubia 08d8b2e5ff Revert "Replace House with Lexical" 2025-05-29 14:22:27 +02:00
Jorge Manrubia 10b2aad647 Replace House with lexical-powered actiontext 2025-05-23 11:41:08 +02:00
David Heinemeier Hansson 48a6c05250 No longer used 2025-04-20 16:23:15 +02:00
Jorge Manrubia 17aa9b97e9 Monkey patch a prepend_order method 2025-04-11 10:28:12 +02:00
Jorge Manrubia 168a790687 Add a rails helper for the new custom stream action 2025-04-10 13:30:15 +02:00
Jose Farias 7d83874266 Use Redcarpet for plain text rendering 2024-12-18 16:39:56 -06:00
Jose Farias 0139f71bf2 Use redcarpet as markdown renderer 2024-12-18 16:37:33 -06:00
Jose Farias cb1686d84e Use house ssr 2024-12-17 18:02:42 -06:00
Jose Farias 6164da2e38 Unnest uploads controller 2024-11-29 17:05:32 -06:00
Jose Farias 45e94e4484 Support search on markdown fields 2024-11-29 14:28:37 -06:00
Jose Farias d556e21287 Use House for MD comments 2024-11-27 18:59:15 -06:00
Jose Farias c570fa7e4c Appease zeitwerk 2024-10-17 22:01:25 -06:00
Jose Farias 783f0ec83a Revert "Appease zeitwerk"
This reverts commit 87ebabe260.
2024-10-17 21:53:42 -06:00
Jose Farias 87ebabe260 Appease zeitwerk 2024-10-17 21:44:49 -06:00
Jose Farias f4b5210ca1 Spike persisted filters 2024-10-16 16:41:11 -06:00