Commit Graph

8186 Commits

Author SHA1 Message Date
Ítalo Matos 0833c52aa0 Refactor: use idiomatic .last instead of .order(:desc).first (#2098)
Simplifies the last_event method in ActivitySpike::Detector by using
the more idiomatic Rails pattern .order(:created_at).last instead of
.order(created_at: :desc).first. Both generate the same SQL query but
.last is more readable and conventional in Rails codebases.
2025-12-11 20:35:38 -08:00
Jeremy Daer 2e17b78e08 bin/bundle-both (#2100)
Convenience for bundling both OSS and SaaS in lock-step:
```bash
> bin/bundle-both install

▸ OSS: Gemfile
bundle install
Bundle complete! 45 Gemfile dependencies, 161 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.

▸ SaaS: Gemfile.saas
bundle install
Bundle complete! 63 Gemfile dependencies, 187 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.
```
2025-12-11 20:26:06 -08:00
Jankees van Woezik 78fc80cf35 API: Allow updates to last_active_at (#2076)
* Allow Card#last_updated_at to be set

This is useful when doing an import from another system. I'm currently
working on a script to import our Github issues into Fizzy.

This is discussed in
https://github.com/basecamp/fizzy/pull/2056#discussion_r2609560246

* Add nil fallback and expand test coverage for last_active_at

Adds a safety fallback to Time.current if created_at is unexpectedly nil
during card creation.

Test coverage to verify:
* last_active_at defaults to created_at when not provided
* last_active_at can be updated via API on existing cards
* import workflow where last_active_at is restored after comments
* publishing doesn't overwrite explicit last_active_at values

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-11 19:06:03 -08:00
Jason Zimdars eeb016c934 Merge pull request #2055 from xakpc/hotfix/wider-support-for-fonts
hotfix: Expand font stack for better cross-OS support
2025-12-11 20:16:50 -06:00
Jason Zimdars c6efed854e Merge pull request #2088 from robzolkos/fix-view-transition-typo
Fix view-transition-name typo in public card show
2025-12-11 20:12:12 -06:00
Jason Zimdars 7d6b316f77 Merge pull request #2094 from robzolkos/fix-duplicate-use-word
Fix duplicate word: use use → use
2025-12-11 20:08:39 -06:00
Jason Zimdars 6fc4845d62 Merge pull request #2095 from robzolkos/fix-minutes-typo
Fix typo: minues → minutes
2025-12-11 20:07:29 -06:00
Jason Zimdars b21ed270dc Merge pull request #2092 from basecamp/text-update-for-entropy
Fix typo in _entropy.html.erb
2025-12-11 20:06:40 -06:00
Matthew Kent eb06884ea7 Bump fizzy-saas to pickup another staging change. 2025-12-11 16:19:06 -08:00
Mike Dalessio 2716368769 Remove the rails credentials from .gitattributes
because they make historical diffs very slow when searching history
with git pickaxe et al
2025-12-11 17:28:22 -05:00
Rob Zolkos cbcd433ad8 Fix typo: minues → minutes 2025-12-11 14:36:20 -05:00
Rob Zolkos 3ef7ef5110 Fix duplicate word: use use → use 2025-12-11 14:00:10 -05:00
Brian Bailey f193f47376 Fix typo in _entropy.html.erb 2025-12-11 13:50:34 -05:00
Mike Dalessio cd487a7409 Merge pull request #2091 from basecamp/flavorjones/fix-redirect-from-active-storage-controllers
Explicitly use main_app for URL helpers
2025-12-11 13:07:44 -05:00
Mike Dalessio 679a073c6b Add test coverage for the require_unauthenticated_access redirect 2025-12-11 13:02:54 -05:00
Mike Dalessio 3d523b84fc Explicitly use main_app for URL helpers
in controller concerns that are mixed into other engines' controllers. This prevents errors like:

> NoMethodError: undefined method 'session_menu_url' for an instance of ActiveStorage::DirectUploadsController

See also 912bb8a8 and 5ee10800
2025-12-11 12:55:32 -05:00
Fernando Álvarez ef3c49d9ad Bump fizzy-saas
Related to updating URL on staging environment.
2025-12-11 18:26:01 +01:00
Zoltan Hosszu 761fd8ccfb Make list style same for every indentation
Adds 'list-style: disc' to ordered and unordered lists in rich-text-content.css to ensure consistent bullet styling.
2025-12-11 18:11:50 +01:00
Jason Zimdars 2a17976f9c Merge pull request #1972 from viniciussoares/fix/auto-close-knob-bug-ios-safari
Fix auto-close knob showing range thumb on iOS Safari
2025-12-11 11:05:25 -06:00
Rob Zolkos 5dab9f8a3c Fix view-transition-name typo in public card show
Note: This transition name isn't paired with any other element,
so could be removed entirely if not planned for future use.
2025-12-11 11:42:30 -05:00
Kevin McConnell ddf4d2454d Merge pull request #2085 from basecamp/gemfile-lock-fix
Update Gemfile.saas.lock
2025-12-11 16:10:54 +00:00
Andy Smith 00d870c502 Merge pull request #2061 from nqst/blank-slates-updates
Blank slate adjustments
2025-12-11 10:08:56 -06:00
Kevin McConnell 4edd49374a Update Gemfile.saas.lock
To bring in line with change in [36419c3600]
2025-12-11 16:04:55 +00:00
Jason Zimdars 1e59bc9f6f Merge pull request #2023 from basecamp/theme-switcher-revised
Theme switcher revised
2025-12-11 09:46:11 -06:00
Jason Zimdars 941ce1f775 Need to use has*Target to check for optional static targets to prevent console errors 2025-12-11 09:38:34 -06:00
Jason Zimdars 2a0cf4efe9 Turn #theme into a proper setter 2025-12-11 09:31:12 -06:00
Jason Zimdars 21586291fa Prefer normal if/else conditional 2025-12-11 08:59:13 -06:00
Thiago Youssef 36419c3600 Bump rails version to remove svg renderer patch (#2081) 2025-12-11 15:15:54 +01:00
Kevin McConnell 193a28f6c8 Merge pull request #2035 from harisadam/single_tenant
Add env-configurable option to disable public signups
2025-12-11 13:08:19 +00:00
Kevin McConnell 05d176cc31 Test that sign in respects single tenant state 2025-12-11 12:49:03 +00:00
Kevin McConnell 3f2938dd8e Bump fizzy-saas to set config option 2025-12-11 12:24:59 +00:00
Stanko Krtalić f89838ba96 Merge pull request #2079 from basecamp/fix-direct-uploads-via-api
Fix direct uploads via API
2025-12-11 13:04:58 +01:00
Kevin McConnell 06bfe2c982 Scope the config option
Also use a `configure` block to set it up.
2025-12-11 11:28:32 +00:00
Kevin McConnell dece2d08d1 Update namespacing & naming 2025-12-11 11:21:09 +00:00
Kevin McConnell 5d2ca6759d Naming 2025-12-11 11:20:43 +00:00
Kevin McConnell cad1e97e8a Don't need to call this out 2025-12-11 11:20:43 +00:00
Kevin McConnell 0e443d3602 Use initializer to configure tenant mode 2025-12-11 11:20:43 +00:00
Kevin McConnell a5580666a7 Single tenant by default & update tests 2025-12-11 11:20:43 +00:00
Stanko K.R. fb77d85b0d Explain that the upload URL is account-scope 2025-12-11 12:00:51 +01:00
Stanko K.R. 5ee10800a2 Allow direct uploads via API 2025-12-11 11:52:38 +01:00
Jorge Manrubia dcdd8537af Merge pull request #2066 from basecamp/text-change-for-golden-tickets
Update tip text for turning a card into a Golden Ticket
2025-12-11 07:36:22 +01:00
Adam Haris f76309d116 Merge branch 'main' into single_tenant 2025-12-11 06:08:01 +01:00
Jeremy Daer 5d181af391 Storage: ignore jobs for now-deleted targets 2025-12-10 20:13:19 -08:00
Jankees van Woezik 477b4d65f2 API: Support created_at for API card and comment creation (#2056)
* Add support to set `created_at`

Discussed in
https://github.com/basecamp/fizzy/pull/1766#issuecomment-3637846074,
this allows users to import cards from another system with entries from
the past. For instance I'm importing all our Github issues (including
the closed onces) to Fizzy.

* Iron out published state tracking

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-10 19:57:38 -08:00
Jeremy Daer 90452a4236 Enforce CSP (#2070) 2025-12-10 17:55:02 -08:00
Jeremy Daer 22da6dc19d CSP: full config with env vars per source (#2069)
* Configure all sources with CSP_* vars. Space separated source list.
* Fall back to `config.x.content_security_policy.*`
* Move our sources to fizzy-saas

References https://github.com/basecamp/fizzy-saas/pull/24
2025-12-10 17:21:09 -08:00
Jeremy Daer 761d0b4a76 Speedy, auditable, deadlock-resistant storage tracking (#2026)
An append-only storage ledger replaces deadlock-prone synchronous
counter updates and drift-prone async updates.

All content storage (card images, card/comment/board description embeds)
is tracked. Account exports (which expire) and avatars are not tracked.

Storage is accounted for by Account and Board. Both consume the same
event stream independently: no bubble-up storage bumps triggering
deadlocks due to lock sequencing. Each calculates its own total from
the underlying ledger with independent cursors and materialization.

* Storage::Entry: Append-only ledger recording attach/detach/transfer
  events with delta bytes. Single event stream indexed for both
  Account and Board cursor queries.

* Storage::Total: Polymorphic snapshot cache with cursor (last_entry_id)
  tracking which entries have been materialized.

* Storage::Totaled concern: Provides bytes_used (fast snapshot) and
  bytes_used_exact (snapshot + pending) query modes, plus
  materialize_storage! to roll up pending entries.

* Storage::Tracked concern: For models owning attachments (Card,
  Comment, Board). Provides board_for_storage_tracking for models
  where board is determined differently (Board returns self).
  Handles board transfers by recording transfer_out/transfer_in entries.

* Storage::AttachmentTracking: Hooks ActiveStorage::Attachment lifecycle
  to record attach/detach entries. Handles ActionText::RichText embeds
  by traversing to the actual model. Snapshots context in before_destroy
  to handle cascading deletes where parent record may be gone by
  after_destroy_commit.

* MaterializeJob: Rolls up pending entries into snapshot. Concurrency
  limited per owner to prevent duplicate work.

* ReconcileJob: On-demand reconciliation against actual attachment
  storage for support/debugging. Compares ledger total to real bytes
  from card images, card embeds, comment embeds, and board embeds.

Usage:
* account.bytes_used / board.bytes_used: fast, slightly stale bytesize
* account.bytes_used_exact / board.bytes_used_exact: real-time bytesize
* Storage::Entry: audit trail for debugging and point-in-time queries
2025-12-10 16:04:30 -08:00
Jason Zimdars 04d3ac50b2 Clean-up post merge and rework layout to accomodate API and Appearance blocks 2025-12-10 16:46:58 -06:00
Jason Zimdars 6f25b70b7f Merge branch 'main' into theme-switcher-revised 2025-12-10 16:30:36 -06:00
Jeremy Daer 94e991df07 Gitleaks: ignore legit non-sensitive API keys and tokens in docs/ and test/ (#2068) 2025-12-10 14:23:55 -08:00