Commit Graph

8314 Commits

Author SHA1 Message Date
Adrien Maston 39c1906e67 Merge pull request #1698 from basecamp/mobile-app/scoped-stylesheets
Mobile app / Scoped stylesheets
2025-12-16 15:34:37 +01:00
Adrien Maston 04332bc526 Merge branch 'main' into mobile-app/scoped-stylesheets
* main:
  Use decimals for ordered lists
  Update cached fragments
  Revert "Merge pull request #1865 from basecamp/public-avatar-caching"
  Show only public cards on public boards
  Swap order of avatar links
  Limit length of full name during signup
  Make layout bulletproof
  Serve own avatar from its own endpoint
2025-12-16 15:30:31 +01:00
Andy Smith df9a6de57d Merge pull request #2155 from basecamp/ol-list-fix
Use decimals for ordered lists
2025-12-15 14:04:15 -06:00
Andy Smith 2ea6f4e070 Use decimals for ordered lists 2025-12-15 13:14:11 -06:00
Kevin McConnell 706fb8fade Merge pull request #2148 from basecamp/revert-avatar-change
Revert avatar change
2025-12-15 13:28:21 +00:00
Kevin McConnell e2292a1739 Update cached fragments 2025-12-15 13:23:57 +00:00
Kevin McConnell 741eff7bdc Revert "Merge pull request #1865 from basecamp/public-avatar-caching"
This reverts commit c628f14c01, reversing
changes made to 4bafc73236.
2025-12-15 13:07:13 +00:00
Stanko Krtalić 2058743be9 Merge pull request #2146 from basecamp/show-only-published-cards-on-public-boards
Show only public cards on public boards
2025-12-15 13:26:12 +01:00
Kevin McConnell c628f14c01 Merge pull request #1865 from basecamp/public-avatar-caching
Serve own avatar from its own endpoint
2025-12-15 12:20:28 +00:00
Stanko K.R. 87081aa617 Show only public cards on public boards 2025-12-15 13:15:36 +01:00
Kevin McConnell d4cbc86113 Swap order of avatar links
If the conditional CSS rules failed to match for some reason, we should
prefer the general avatar image rather than the "my" avatar one. That
way the fallback mode will still look correct.
2025-12-15 11:22:00 +00:00
Kevin McConnell 4bafc73236 Merge pull request #2142 from basecamp/validate-name-length
Limit length of full name during signup
2025-12-15 11:08:43 +00:00
Kevin McConnell 87c6557747 Limit length of full name during signup
If we don't validate for length, then signups that overflow the database
columns will unnecessarily create and cancel a tenant. Adding a
validation means we can avoid this.
2025-12-15 09:56:35 +00:00
Adrien Maston 1f346085b9 Merge branch 'main' into mobile-app/scoped-stylesheets
* main: (119 commits)
  Bust comment view cache
  Update lexxy to bring fixes from https://github.com/basecamp/lexxy/releases/tag/v0.1.24.beta
  Fix unexpected remove empty line from README
  Lightbox uses Stimulus target callbacks instead of data-action
  Add test coverage for the image lightbox
  Add tests for tenancy middleware and timezone cookie
  Refactor: Simplify TimeWindowParser using Rails convenience methods
  SMTP: support SMTPS on port 465 (#2132)
  Bump fizzy-saas to retain fewer docker images (#2134)
  Add test coverage for with_golden_first scope (#2130)
  Refactor: improve query scope composition with merge syntax (#2131)
  Validate avatar sizes
  Introduce Vips configuration
  Tailscale serve support (#2126)
  Update tests with final method naming: record! -> record
  CSP config to allow Minio in development
  Update fizzy-saas to get employee restriction in staging
  Drop staff restriction in beta and staging
  Unused
  Use new FIZZY_GH_TOKEN with limited access
  ...
2025-12-15 10:43:32 +01:00
Mike Dalessio cbaf5d245f Merge pull request #2136 from afurm/test/tenancy-timezone
Add focused tests for tenancy middleware and timezone cookie caching
2025-12-14 16:20:56 -05:00
Mike Dalessio c6725fdca0 Bust comment view cache
because, unlike ordinary view file changes, the change to Action Text
attachment rendering in e9cb2956 doesn't bust the cache automatically.
2025-12-14 13:05:45 -05:00
Jorge Manrubia b93cb3bcea Merge pull request #2139 from basecamp/update-lexxy-2
Update lexxy
2025-12-14 18:56:24 +01:00
Jorge Manrubia 2e66fdff4a Update lexxy to bring fixes from https://github.com/basecamp/lexxy/releases/tag/v0.1.24.beta 2025-12-14 18:53:23 +01:00
Mike Dalessio 088b06bf95 Merge pull request #2137 from basecamp/flavorjones/data-action-fix
Image lightbox uses Stimulus target callbacks instead of `data-action`
2025-12-14 12:48:17 -05:00
Jorge Manrubia 31542373ee Merge pull request #2112 from JangoCG/feature/rate-limit-join-codes
feat: protect join codes from brute-force attacks
2025-12-14 09:43:28 +01:00
Jorge Manrubia 01a5d194ba Merge pull request #2135 from italomatos/refactor/improve-time-window-parser-readability
Refactor: Simplify TimeWindowParser using Rails convenience methods
2025-12-14 09:42:07 +01:00
Jorge Manrubia 95c82a234b Merge pull request #2114 from robzolkos/remove-unused-install-svg
Remove unused install.svg and its CSS class
2025-12-14 09:40:18 +01:00
Jorge Manrubia 57008e0026 Merge pull request #2111 from robzolkos/remove-unpaired-view-transition-name
Remove unpaired view-transition-name
2025-12-14 09:39:08 +01:00
Jorge Manrubia cac9088ad3 Merge pull request #2105 from seuros/main
feat: expose closed boolean in card JSON API
2025-12-14 09:36:32 +01:00
Jorge Manrubia 4085c63d4f Merge pull request #2077 from hiendinhngoc/docs/add-missing-kamal-init-step
Add missing `kamal init` step to docs/kamal-deployment.md setup instructions
2025-12-14 09:30:47 +01:00
Jorge Manrubia e3987d2d08 Merge pull request #2063 from basecamp/lexxy-prompt-padding
Fix Lexxy prompt list padding by lowering rich-text specificity
2025-12-14 09:29:44 +01:00
Jorge Manrubia d7e5d4218f Merge pull request #2032 from tomycostantino/update-columns-on-actions
Fix: board columns actions are stale when moving a column moves
2025-12-14 09:28:57 +01:00
hiendinhngoc 90a48e3119 Fix unexpected remove empty line from README 2025-12-14 14:24:53 +07:00
hiendinhngoc 8a0180da40 Fix conflict and move the update from README to docs/kamal-deployment.md 2025-12-14 14:22:34 +07:00
Mike Dalessio e9cb2956ee Lightbox uses Stimulus target callbacks instead of data-action
Remove data-action from the sanitizer allowlist to disallow injection
of potentially malicious Stimulus actions in user-provided
content. The lightbox controller now uses imageTarget callbacks to
handle clicks on image links.

Also add the file name as a caption in the light box, and fix the
caption color for dark mode visibility.
2025-12-13 17:06:03 -05:00
Mike Dalessio 51df4af6ba Add test coverage for the image lightbox
because we're about to mess with it.
2025-12-13 16:00:54 -05:00
Andrii Furmanets f3bd38ea79 Add tests for tenancy middleware and timezone cookie 2025-12-13 22:10:21 +02:00
Italo Matos 5ade7e1a52 Refactor: Simplify TimeWindowParser using Rails convenience methods
- Replace `beginning_of_day..end_of_day` with `all_day`
- Replace `beginning_of_week..end_of_week` with `all_week`
- Replace `beginning_of_month..end_of_month` with `all_month`
- Replace `beginning_of_year..end_of_year` with `all_year`

These changes improve code readability by using idiomatic Rails
methods that accomplish the same thing in a more concise and
expressive way.
2025-12-13 16:31:48 -03:00
nu-wa 472dbeee8c SMTP: support SMTPS on port 465 (#2132)
* Add more configuration options for the SMTP connection

* Add SMTP_TLS option for implicit TLS connections

For SMTPS servers (typically port 465), set SMTP_TLS=true.
Port auto-defaults to 465 when TLS is enabled, 587 otherwise.
STARTTLS is used by default and automatically disabled when TLS is on.

Fixes boolean conversion bug in original PR (string "false" is truthy)
and removes insecure default for certificate verification.

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-13 10:57:08 -08:00
Jeremy Daer 3d3593c8f6 Bump fizzy-saas to retain fewer docker images (#2134)
References https://github.com/basecamp/fizzy-saas/pull/32
2025-12-13 10:39:01 -08:00
Ítalo Matos 2066109003 Add test coverage for with_golden_first scope (#2130)
* Add test coverage for with_golden_first scope

Test verifies that the with_golden_first scope correctly orders
golden cards before non-golden cards in query results.

* Refactor golden test: use instance variables, add subordering coverage

Extract @golden and @non_golden fixtures into setup for reuse across
all tests. Simplify with_golden_first test to verify both primary
ordering (golden before non-golden) and subordering preservation.

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-13 10:34:35 -08:00
Mike Dalessio 3584df6816 Merge pull request #2133 from basecamp/flavorjones/handle-image-uploads-better
Improve avatar image handling
2025-12-13 13:25:54 -05:00
Ítalo Matos fbc586646f Refactor: improve query scope composition with merge syntax (#2131)
* Refactor: improve query scope composition with merge syntax

Replace manual WHERE clause concatenation with Rails' merge method
for more elegant and maintainable scope composition across Card,
Comment, and Filter models. This approach better follows Rails
conventions and improves code readability.

* Extend scope composition improvements to Card::Closeable

Apply the same nested hash syntax pattern to closures table references
in order and where clauses.

* Remove unnecessary outer braces from where clause

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-13 10:10:13 -08:00
Mike Dalessio 139bf3cf81 Validate avatar sizes 2025-12-13 13:05:30 -05:00
Mike Dalessio db4c8c1138 Introduce Vips configuration 2025-12-13 12:41:37 -05:00
Jeremy Daer 82626f020d Tailscale serve support (#2126)
Ensure we can serve the app from multiple hosts without breaking links.
* Switch unnecessary full URLs to paths
* Drop default host/port URL options for controllers

Shell 1
```bash
bin/dev
```

Shell 2
```bash
tailscale serve http://fizzy.localhost:3006
```
2025-12-13 09:29:50 -08:00
Jeremy Daer 43ab17df2f Update tests with final method naming: record! -> record 2025-12-12 21:47:10 -08:00
Jason Zimdars 88ab0beb24 Make layout bulletproof 2025-12-12 22:40:53 -06:00
Mike Dalessio 202a2f599e Merge pull request #2123 from basecamp/flavorjones/development-minio-csp
CSP config to allow Minio in development
2025-12-12 17:15:36 -05:00
Mike Dalessio 7d6cf62665 CSP config to allow Minio in development 2025-12-12 17:00:17 -05:00
Mike Dalessio 08525282de Merge pull request #2122 from basecamp/flavorjones/limit-staging-beta-to-internal
Drop the `staff?` requirement in beta and staging
2025-12-12 15:36:18 -05:00
Mike Dalessio 43fd8ab691 Update fizzy-saas to get employee restriction in staging 2025-12-12 15:31:22 -05:00
Mike Dalessio 9cff236f66 Drop staff restriction in beta and staging
because it was preventing testing of signups.
2025-12-12 15:12:46 -05:00
David Heinemeier Hansson c9e9e7be55 Unused 2025-12-12 20:40:47 +01:00
Mike Dalessio 029227af0a Merge pull request #2113 from basecamp/flavorjones/queenbee-staging-update
saas: Bump queenbee gem for new staging location
2025-12-12 13:10:20 -05:00