David Heinemeier Hansson
0ba43de61a
This had gotten stripped
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson
9254d17359
The magic of it is not needing to manually yield it!
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson
7d2c284726
Clarify
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson
467843fe22
Inline now anemic helper methods
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson
3329008dd8
Handle everything in the same method
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson
895b0e13b8
Drop the need for access tokens to have a session
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson
660fcff558
Authenticate api requests without needing a session
2025-12-10 09:23:52 +01:00
Jason Zimdars
073d1af862
List, create, and revoke access tokens
2025-12-10 09:23:52 +01:00
Jason Zimdars
48c83f34b0
Add developer section to user profile
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson
db29562c4c
Tie access token directly to session
...
We need to present them differently in the session list and prevent them
from being deleted
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson
b53c0a5385
Correct
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson
c65cb77ac4
API index for cards
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson
d384971ea2
Test the boards API
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson
a81c681a8d
Add access token authentication via HTTP AUTHORIZATION bearer header
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson
ea697b7143
Add API to boards
2025-12-10 09:23:52 +01:00
Stanko Krtalić
728fe7c243
Merge pull request #2043 from basecamp/fix-crash-on-gh-actions-check
...
Remove semver-major-days on GH actions
2025-12-10 09:21:46 +01:00
Stanko K.R.
9d5ddfccec
Remove semver-major-days from Dependabot on GH actions
2025-12-10 09:18:20 +01:00
Stanko Krtalić
1d89bd9795
Merge pull request #2040 from robinbrandt/push-tmrkoytpuvul
...
Allow chromium unstable endpoint for push messages
2025-12-10 09:10:06 +01:00
Robin Brandt
d60643f5ef
Allow chromium unstable endpoint
2025-12-09 20:24:09 -05:00
Andy Smith
b549291889
Merge pull request #2038 from basecamp/jump-menu-empty-state
...
Add blank slate to the main menu
2025-12-09 18:12:53 -06:00
Jeremy Daer
8a732b081d
Bump Rails to current ast-immediate-variants-process-locally branch
2025-12-09 15:54:06 -08:00
Jeremy Daer
85bd5c2df5
Rails seeded parallel tests ( #2037 )
...
Enable work stealing by default for a tiny speedup at the cost of small
loss in reproducibility.
References https://github.com/rails/rails/pull/56175
2025-12-09 15:50:01 -08:00
Andy Smith
6074ed2347
Add blank slate to the main menu
2025-12-09 15:56:10 -06:00
Andy Smith
fbb0c9d795
Merge pull request #2007 from basecamp/prompt-spacing-fix
...
Fixing Lexxy prompt menu spacing
2025-12-09 15:43:01 -06:00
Zoltan Hosszu
d12eaa4073
Fixing Lexxy prompt menu spacing
2025-12-09 17:36:22 +01:00
Kevin McConnell
0430ce0620
Merge pull request #1911 from harisadam/main
...
Configure email delivery in production using environment variables
2025-12-09 12:56:03 +00:00
Kevin McConnell
99bee0e0e0
Make SMTP config conditional on SMTP_ADDRESS
...
- If `SMTP_ADDRESS` is set, configure Action Mailer to use it, along
with additional optional SMTP-related settings.
- Otherwise, don't set config (for compatibility with engines like
fizzy-saas).
- Remove sendmail env setup, since by default there is no sendmail in
the container, and custom deployment can use whatever config the want
directly. If we end up needing this, we can bring it back via its
own env.
2025-12-09 12:44:36 +00:00
Adam Haris
9de59ca37b
default to smtp
2025-12-09 11:54:45 +00:00
Adam Haris
1d5654cafa
configurable actionmailer settings (ENV)
2025-12-09 11:54:44 +00:00
Jorge Manrubia
da2bd2f2ec
Merge pull request #2024 from basecamp/immediate-variant-locally
...
Process blob variants using local files
2025-12-09 12:17:12 +01:00
Jorge Manrubia
94c59a2399
Merge pull request #2033 from basecamp/limit-webhook-response-size
...
Stream response in webhook request manually to check size
2025-12-09 12:16:42 +01:00
Jorge Manrubia
1c6ba66cb8
Merge pull request #2031 from basecamp/push-subscription-race
...
Fix stale-read race when creating push subscriptions
2025-12-09 12:15:57 +01:00
Rosa Gutierrez
29c7926307
Stream response in webhook request manually to check size
...
This addresses a DoS vulnerability where the response might be massive
leading to OOM errors, as the response is read in full in memory by
default.
To prevent this, we need to read the body in chunks, checking the
size of the chunks we've read and raising if we go over a certain limit.
I've set the limit to 100 KB because the responses to these requests
should be fairly small or even empty, and we only care about the status
code in the end.
2025-12-09 11:25:12 +01:00
Jeremy Daer
ea8a78cc22
Fix stale-read race when creating push subscriptions
...
(Caught one such uniqueness exception in the wild)
* 200 OK -> 204 No Content, default status
* No need to touch the subscription when found
* Drop superflous test
2025-12-09 01:34:37 -08:00
Lewis Buckley
a2d4f3431e
Merge pull request #2018 from basecamp/ssl-config
...
Allow configuring SSL in production with ENV vars
2025-12-09 00:51:08 -08:00
Jeremy Daer
bec46e15a9
Drop defunct Account upload attachments ( #2030 )
...
Controller and routes removed in 6a62df470c
2025-12-09 00:36:39 -08:00
Jeremy Daer
8eb01da057
Process blob variants using local files
...
Rails does post-upload variant processing using the same file upload
in https://github.com/rails/rails/pull/56327
Unrelated Lexxy bump:
Pulls in https://github.com/basecamp/lexxy/pull/493 to work around `dom_id`
removal from ActionText tag in https://github.com/rails/rails/pull/51238
2025-12-08 23:41:15 -08:00
Jeremy Daer
08896deb32
bin/ci: run OSS suite in SAAS mode for full coverage ( #2029 )
2025-12-08 23:33:46 -08:00
Jeremy Daer
b23a5d0b7c
Fix flaky tests caused by leaky show_exceptions twiddling ( #2028 )
...
Rails memoizes `@app_env_config`, so running push subscriptions test
after join codes test will result in running with `show_exceptions:
:none`, causing RecordInvalid to raise instead of returning 422 status.
References #1996
2025-12-08 23:27:36 -08:00
Jeremy Daer
49c4f2adc6
Fix ActiveStorage FileNotFoundError with immediate variant processing ( #2022 )
...
When ActiveStorage::Record uses `connects_to` for read replica support,
it creates a separate connection pool from ApplicationRecord. This causes
`after_commit` callbacks to fire in non-deterministic order - the
Attachment's `create_variants` callback can fire before the User model's
upload callback completes, resulting in FileNotFoundError.
The fix removes replica connection configuration from ActiveStorage::Record
so it shares the same connection pool as application models, ensuring
proper callback ordering.
Also reverts test workarounds that were added to work around this issue,
since the root cause is now fixed.
See: https://github.com/rails/rails/issues/53694
2025-12-08 14:44:49 -08:00
Jorge Manrubia
cb0e9b9962
Immediate avatar and embed variants ( #2002 )
...
Reverts #2001
Restores #1955
2025-12-08 14:17:06 -08:00
Jason Zimdars
f8a812f038
Merge pull request #2021 from basecamp/internal/pr-2000
...
Update font stack
2025-12-08 16:10:23 -06:00
Andy Smith
fbb47eda4d
Merge pull request #2020 from basecamp/lexxy-highlight-fixes-ios
...
Account for browser button styled and adjust mobile padding for perma BG
2025-12-08 16:04:34 -06:00
Jason Zimdars
3cdcd3f00c
Should be in global gitignore
2025-12-08 16:03:39 -06:00
Andy Smith
bc8ecc3e91
Account for browser button styled and adjust mobile padding for perma BG
2025-12-08 15:59:58 -06:00
Andy Smith
14e763ec59
Merge pull request #2019 from basecamp/wrap-lexxy-overflow
...
Wrap the overflow menu
2025-12-08 15:47:09 -06:00
Andy Smith
27585a75b2
Wrap the overflow menu
2025-12-08 15:01:47 -06:00
Lewis Buckley
50be611f01
Allow configuring SSL in production with ENV vars
2025-12-08 20:57:01 +00:00
Mike Dalessio
e1c9b7df1e
doc: update style doc reference for LLM agents
2025-12-08 15:29:26 -05:00
Mike Dalessio
5328d63840
Merge pull request #2017 from basecamp/flavorjones/2003-identity-destroy-cleanup
...
Fix Identity destruction callback ordering
2025-12-08 15:21:54 -05:00