Commit Graph

5753 Commits

Author SHA1 Message Date
Italo Matos 5ade7e1a52 Refactor: Simplify TimeWindowParser using Rails convenience methods
- Replace `beginning_of_day..end_of_day` with `all_day`
- Replace `beginning_of_week..end_of_week` with `all_week`
- Replace `beginning_of_month..end_of_month` with `all_month`
- Replace `beginning_of_year..end_of_year` with `all_year`

These changes improve code readability by using idiomatic Rails
methods that accomplish the same thing in a more concise and
expressive way.
2025-12-13 16:31:48 -03:00
Mike Dalessio 3584df6816 Merge pull request #2133 from basecamp/flavorjones/handle-image-uploads-better
Improve avatar image handling
2025-12-13 13:25:54 -05:00
Ítalo Matos fbc586646f Refactor: improve query scope composition with merge syntax (#2131)
* Refactor: improve query scope composition with merge syntax

Replace manual WHERE clause concatenation with Rails' merge method
for more elegant and maintainable scope composition across Card,
Comment, and Filter models. This approach better follows Rails
conventions and improves code readability.

* Extend scope composition improvements to Card::Closeable

Apply the same nested hash syntax pattern to closures table references
in order and where clauses.

* Remove unnecessary outer braces from where clause

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-13 10:10:13 -08:00
Mike Dalessio 139bf3cf81 Validate avatar sizes 2025-12-13 13:05:30 -05:00
Jeremy Daer 82626f020d Tailscale serve support (#2126)
Ensure we can serve the app from multiple hosts without breaking links.
* Switch unnecessary full URLs to paths
* Drop default host/port URL options for controllers

Shell 1
```bash
bin/dev
```

Shell 2
```bash
tailscale serve http://fizzy.localhost:3006
```
2025-12-13 09:29:50 -08:00
Mike Dalessio 08525282de Merge pull request #2122 from basecamp/flavorjones/limit-staging-beta-to-internal
Drop the `staff?` requirement in beta and staging
2025-12-12 15:36:18 -05:00
Mike Dalessio 9cff236f66 Drop staff restriction in beta and staging
because it was preventing testing of signups.
2025-12-12 15:12:46 -05:00
David Heinemeier Hansson c9e9e7be55 Unused 2025-12-12 20:40:47 +01:00
Jason Zimdars 0bc3ccb528 Merge pull request #2109 from basecamp/theme-tweak
Apply theme preference before body renders
2025-12-12 11:48:47 -06:00
Rosa Gutierrez 7f5fa6d715 Use Sec-Fetch-Site exclusively for CSRF protection
And close the gap with JSON requests, which shouldn't be allowed if
Sec-Fetch-Site is 'cross-site' or 'none', only if it's empty as this
wouldn't be coming from a browser.
2025-12-12 18:37:32 +01:00
Andy Smith 0181b1df84 Merge pull request #2115 from basecamp/maybe-mini-bubble-position
Better mini-bubble position for the Maybe column
2025-12-12 11:17:44 -06:00
Kevin McConnell 87ad234f32 Apply theme preference before body
To avoid any visual flashes of the old theme before the Stimulus
controllers load, we can apply the saved theme from `<head>` whenever
there is a full page load.

This applies to both the regular and public views, as we're doing it in
the shared head partial.
2025-12-12 14:17:58 +00:00
Kevin McConnell e13565ee70 Merge pull request #2104 from basecamp/remove-unused-include
Remove redundant include
2025-12-12 09:14:15 +00:00
Stanko K.R. c8a5d01771 Wrap join code redemption in a lock 2025-12-12 09:59:42 +01:00
Kevin McConnell 8d32a322e9 Remove redundant include
This is no longer needed since af0e2488 removed the streaming of
avatar images.
2025-12-12 08:58:52 +00:00
Stanko K.R. a4d11e169f Replace custom code generator with Base32 2025-12-12 07:45:23 +01:00
Stanko Krtalić 23425cb67b Merge pull request #2086 from basecamp/harden-magic-links
Pin sign in attempts to the current session
2025-12-12 07:23:19 +01:00
Ítalo Matos 2e33262960 Refactor: Use Rails range syntax in ActivitySpike query (#2080)
Replace SQL string syntax with Rails range syntax for date filtering
in the ActivitySpike::Detector. This improves code readability and
follows Rails idioms.

Changed from:
  .where("created_at >= ?", recent_period.seconds.ago)

To:
  .where(created_at: recent_period.seconds.ago..)

This modernizes the codebase while maintaining the same functionality.
2025-12-11 20:40:31 -08:00
Anthony f2a2878382 Fix typo in translate property in card columns CSS (#2090)
Rename incorrect CSS property from `translaate` to `translate`
2025-12-11 20:36:54 -08:00
Ítalo Matos 0833c52aa0 Refactor: use idiomatic .last instead of .order(:desc).first (#2098)
Simplifies the last_event method in ActivitySpike::Detector by using
the more idiomatic Rails pattern .order(:created_at).last instead of
.order(created_at: :desc).first. Both generate the same SQL query but
.last is more readable and conventional in Rails codebases.
2025-12-11 20:35:38 -08:00
Jankees van Woezik 78fc80cf35 API: Allow updates to last_active_at (#2076)
* Allow Card#last_updated_at to be set

This is useful when doing an import from another system. I'm currently
working on a script to import our Github issues into Fizzy.

This is discussed in
https://github.com/basecamp/fizzy/pull/2056#discussion_r2609560246

* Add nil fallback and expand test coverage for last_active_at

Adds a safety fallback to Time.current if created_at is unexpectedly nil
during card creation.

Test coverage to verify:
* last_active_at defaults to created_at when not provided
* last_active_at can be updated via API on existing cards
* import workflow where last_active_at is restored after comments
* publishing doesn't overwrite explicit last_active_at values

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-11 19:06:03 -08:00
Jason Zimdars eeb016c934 Merge pull request #2055 from xakpc/hotfix/wider-support-for-fonts
hotfix: Expand font stack for better cross-OS support
2025-12-11 20:16:50 -06:00
Jason Zimdars c6efed854e Merge pull request #2088 from robzolkos/fix-view-transition-typo
Fix view-transition-name typo in public card show
2025-12-11 20:12:12 -06:00
Jason Zimdars 7d6b316f77 Merge pull request #2094 from robzolkos/fix-duplicate-use-word
Fix duplicate word: use use → use
2025-12-11 20:08:39 -06:00
Jason Zimdars 6fc4845d62 Merge pull request #2095 from robzolkos/fix-minutes-typo
Fix typo: minues → minutes
2025-12-11 20:07:29 -06:00
Jason Zimdars 0dccd7e19c Move email address into hint line 2025-12-11 19:31:20 -06:00
Rob Zolkos cbcd433ad8 Fix typo: minues → minutes 2025-12-11 14:36:20 -05:00
Rob Zolkos 3ef7ef5110 Fix duplicate word: use use → use 2025-12-11 14:00:10 -05:00
Brian Bailey f193f47376 Fix typo in _entropy.html.erb 2025-12-11 13:50:34 -05:00
Stanko K.R. 8a66369d64 Show the email address you are signing in with 2025-12-11 19:18:01 +01:00
Stanko K.R. abaed12124 Prohibit access to magic links unless an email address 2025-12-11 19:17:39 +01:00
Stanko K.R. b6edb93c47 Pin sign in attempts to the current session
This makes it way more difficult to brute-force a magic link.

Original implementation by udiudi. Ref: https://github.com/udiudi/fizzy/pull/1/files

Discussion: https://github.com/basecamp/fizzy/discussions/1981

Co-Authored-By: Udi <udi@udi.codes>
2025-12-11 19:05:54 +01:00
Mike Dalessio 3d523b84fc Explicitly use main_app for URL helpers
in controller concerns that are mixed into other engines' controllers. This prevents errors like:

> NoMethodError: undefined method 'session_menu_url' for an instance of ActiveStorage::DirectUploadsController

See also 912bb8a8 and 5ee10800
2025-12-11 12:55:32 -05:00
Zoltan Hosszu 761fd8ccfb Make list style same for every indentation
Adds 'list-style: disc' to ordered and unordered lists in rich-text-content.css to ensure consistent bullet styling.
2025-12-11 18:11:50 +01:00
Jason Zimdars 2a17976f9c Merge pull request #1972 from viniciussoares/fix/auto-close-knob-bug-ios-safari
Fix auto-close knob showing range thumb on iOS Safari
2025-12-11 11:05:25 -06:00
Rob Zolkos 5dab9f8a3c Fix view-transition-name typo in public card show
Note: This transition name isn't paired with any other element,
so could be removed entirely if not planned for future use.
2025-12-11 11:42:30 -05:00
Andy Smith 00d870c502 Merge pull request #2061 from nqst/blank-slates-updates
Blank slate adjustments
2025-12-11 10:08:56 -06:00
Jason Zimdars 1e59bc9f6f Merge pull request #2023 from basecamp/theme-switcher-revised
Theme switcher revised
2025-12-11 09:46:11 -06:00
Jason Zimdars 941ce1f775 Need to use has*Target to check for optional static targets to prevent console errors 2025-12-11 09:38:34 -06:00
Jason Zimdars 2a0cf4efe9 Turn #theme into a proper setter 2025-12-11 09:31:12 -06:00
Jason Zimdars 21586291fa Prefer normal if/else conditional 2025-12-11 08:59:13 -06:00
Kevin McConnell 193a28f6c8 Merge pull request #2035 from harisadam/single_tenant
Add env-configurable option to disable public signups
2025-12-11 13:08:19 +00:00
Kevin McConnell dece2d08d1 Update namespacing & naming 2025-12-11 11:21:09 +00:00
Kevin McConnell 5d2ca6759d Naming 2025-12-11 11:20:43 +00:00
Kevin McConnell cad1e97e8a Don't need to call this out 2025-12-11 11:20:43 +00:00
Kevin McConnell 0e443d3602 Use initializer to configure tenant mode 2025-12-11 11:20:43 +00:00
Kevin McConnell a5580666a7 Single tenant by default & update tests 2025-12-11 11:20:43 +00:00
Jorge Manrubia dcdd8537af Merge pull request #2066 from basecamp/text-change-for-golden-tickets
Update tip text for turning a card into a Golden Ticket
2025-12-11 07:36:22 +01:00
Adam Haris f76309d116 Merge branch 'main' into single_tenant 2025-12-11 06:08:01 +01:00
Jeremy Daer 5d181af391 Storage: ignore jobs for now-deleted targets 2025-12-10 20:13:19 -08:00