Jeremy Daer
b755b3fead
Robots, begone ( #1812 )
...
* robots.txt: "Please, don't come in." If a page is directly linked, the
URL can still appear in search results, though.
* X-Robots-Tag: "If you're here, forget what you saw." Works even if the
crawler ignores robots.txt or reaches a page via external link. Can
remove already-indexed pages.
* Public boards may not be indexed. They're meant for "anyone with the
link" private sharing, not worldwide publishing.
2025-12-02 13:35:58 -08:00
Jorge Manrubia
c9ebb79dbd
Add some protections around sharing the magic link in development
2025-12-02 10:51:14 +01:00
Rosa Gutierrez
f8a1e0500d
Switch from report-only to actually using Sec-Fetch-Site for CSRF protection
...
As a fallback for Rails's token-based mechanism. To use Sec-Fetch-Site
exclusively, we'll wait until Rails offers that (when we upstream this).
2025-11-28 16:26:03 +01:00
Jorge Manrubia
3223ba53c3
We need the check in both test/code
2025-11-28 15:53:58 +01:00
Jorge Manrubia
6ccf655597
Move yabeda/prometheus stuff to the gem
2025-11-28 15:53:58 +01:00
Jorge Manrubia
3b0ddf4cfb
Move sentry to engine
2025-11-28 15:53:58 +01:00
Jorge Manrubia
1897cc238f
Only staff can access beta/staging
...
https://app.fizzy.do/5986089/cards/3208
2025-11-28 15:53:58 +01:00
Jorge Manrubia
4e09352c09
Bring simple signup flow from the fizzy-saas gem
...
We skip the QB code and we fill external account ids automatically on creation with a sequence
See:
https://github.com/basecamp/fizzy-saas/pull/7
2025-11-28 15:53:58 +01:00
Jorge Manrubia
e30709f6a7
Remove structured logging moved to the engine
2025-11-28 15:53:58 +01:00
Jorge Manrubia
c1334f7ffe
Don't choke if no structured logging
...
Temporary workaround, we need a better solution here.
2025-11-28 15:53:58 +01:00
Rosa Gutierrez
3e716bfa26
Fix a couple of typos
2025-11-26 13:16:44 +01:00
Rosa Gutierrez
fac9f3c369
Clean up a little bit the CSRF reporting code
...
Small follow-up to https://github.com/basecamp/fizzy/pull/1721
2025-11-25 21:28:50 +01:00
Rosa Gutierrez
d88949288c
Check and report on Sec-Fetch-Site header for forgery protection
...
This is a great, solid alternative to CSRF tokens for CSRF protection
when we aren't worried about older browsers or other kind of actors
doing modifying requests in our app, and could be a good test for future
upstreaming to Rails (although there we'd need to continue using CSRF
tokens or at least letting people opt out manually).
Let's start checking the header and reporting on it when CSRF fails or
when it doesn't match the other checks Rails does, and then promote this
to be the only way to defend from CSRF.
2025-11-25 19:19:50 +01:00
Kevin McConnell
bd259f7795
Add optimistic pausing to avoid stale reads
...
Instead of writer pinning, we'll track the last transaction ID of each
write in the session. Then on each read we'll wait for the replica to
report that this transaction is available.
If it doesn't become available within a reasonable timeout, we'll
proceed anyway, and accept the possibility of a stale read.
The hope here is that most of the time, the replica is caught up in the
time between a write request and the following read request. If it's
not, we now have a little tolerance to wait for it, which hopefully
proves enough to stale reads are not encountered in normal use.
We also disable the writer affinity opt-out mechanism that we had
before, since we will no longer be using writer affinity at the load
balancer.
2025-11-24 13:29:52 +00:00
Mike Dalessio
4636b31f06
Authorization ensure_staff uses identity.staff
...
for use on untenanted routes
2025-11-19 14:23:47 -05:00
Mike Dalessio
f5305b2fe6
Use Card number as the model param
...
instead of the UUID `id`
2025-11-17 09:12:41 -05:00
Kevin McConnell
9615753e1f
Add routing header to see who served request
2025-11-17 09:12:41 -05:00
Stanko K.R.
e0693de7c3
Scope jobs and controllers by account
2025-11-17 09:12:41 -05:00
Mike Dalessio
5a7f08067a
Move setting Current.account into the middleware
...
so that code called from the Rails controllers can use Current.account
2025-11-17 09:12:40 -05:00
Stanko K.R.
edf837fed3
Drop memberships
2025-11-17 09:12:39 -05:00
Stanko K.R.
5c6b91ef77
Fix incorrect var setting
2025-11-17 09:12:36 -05:00
Stanko K.R.
71a332bb08
Remove dead code
2025-11-17 09:12:17 -05:00
Stanko K.R.
db172bae4e
Simplify authorization
2025-11-17 09:12:17 -05:00
Stanko K.R.
28a6dfce01
Simplify user deactivation
2025-11-17 09:12:17 -05:00
Stanko K.R.
6858b96619
Simplify join codes
2025-11-17 09:12:17 -05:00
Mike Dalessio
89d1299ec0
Fix authentication on "untenanted" controllers
...
trying out the name "disallow_account_scope" for this, but I don't
think it's quite right yet.
2025-11-17 09:11:47 -05:00
Mike Dalessio
086a9ceada
Revert some auth pieces of "Account.sole → Current.account"
2025-11-17 09:11:45 -05:00
Mike Dalessio
030433b99d
Remove debugging statements
2025-11-17 09:11:42 -05:00
Mike Dalessio
ec54014832
Add account slug middleware
...
and set Current.account
2025-11-17 09:11:42 -05:00
Mike Dalessio
d41d50d52b
Account.sole → Current.account
...
and some other de-tenant changes, including removing the controller
tenanting concerns
2025-11-17 09:11:40 -05:00
Kevin McConnell
dc40d2b5b0
Remove custom read/writer routing
2025-11-17 09:11:28 -05:00
Jorge Manrubia
872537f02c
Ensure only admins/creators can publish boards
2025-11-12 11:48:35 +01:00
Stanko K.R.
bbe74966a1
Extract saas helpers into a concern
2025-11-07 07:08:24 +01:00
Jorge Manrubia
39ec6cf062
Replace collection with board in the code, tests green
2025-11-05 13:41:12 +01:00
Jorge Manrubia
03a345609e
Baseline replacing collection with board across code
2025-11-05 13:31:54 +01:00
Jorge Manrubia
2bb90eab13
Use the sole collection as the root for a better onboarding experience for new accounts
2025-11-04 17:09:35 +01:00
Stanko K.R.
87d9c3cd01
Make unauthenticated access permit unauthorized access
2025-11-04 09:02:36 +01:00
David Heinemeier Hansson
6678d0e4fc
No longer used
2025-11-03 15:58:36 +01:00
David Heinemeier Hansson
65d04f681a
DRY up the public controllers by introducing a shared base class
2025-11-03 15:56:25 +01:00
David Heinemeier Hansson
393e5fd3d4
Don't want to ship with this wart
...
cc @monorkin
2025-11-03 15:30:44 +01:00
David Heinemeier Hansson
42ebdf9ac1
More natural conditional
2025-11-03 15:29:20 +01:00
David Heinemeier Hansson
9913853cc6
Remove anemic concern
2025-11-03 15:27:12 +01:00
David Heinemeier Hansson
cf503bfba3
Prefer templates for turbo streams in all but the very simplest cases
...
(And probably even then)
2025-11-02 20:20:01 +01:00
David Heinemeier Hansson
43069b1ea4
Extract Users::JoinsController from overloaded UsersController
...
Good code smell is when the before_action callbacks stack up but can't
be shared across actions
2025-11-02 17:49:25 +01:00
Stanko K.R.
49d865ffd1
Delete scoped session tokens when encountered
2025-10-31 19:00:37 +01:00
Stanko K.R.
085c7fee2e
Fix Rubocop offenses
2025-10-31 16:35:44 +01:00
Stanko K.R.
ece9008459
Remove dead code
2025-10-31 16:28:08 +01:00
Stanko Krtalić
98755844a1
Remove the internal API
...
* Bind sessions to identities
* Remove references to the identity token
* Move email changes to identity
* Move account menu into a turbo-frame
* Create tenants from a tenanted route
2025-10-31 16:26:08 +01:00
Stanko K.R.
201c3e27d3
Update tests for the Internal API
2025-10-31 16:26:08 +01:00
Stanko K.R.
79b012f319
Add Join Codes
2025-10-31 16:24:30 +01:00