Commit Graph

141 Commits

Author SHA1 Message Date
Kevin McConnell decd01c8d0 Extend public caching to 30 seconds
Up from the previous 5 seconds. It's still short enough that the pages
shouldn't feel stale, but it further reduces the number of requests that
will reach the app.

Also moved this into a shared concern so we can adjust the caching rule
in one place.
2025-10-23 11:48:12 -07:00
Kevin McConnell c1600a99e2 Populate writer and last transaction in responses
In order to control routing dynamically, we need to expose some Beamer
information to the proxy.

The `beamer_writer` value is used by the proxy to keep track of which
node should receive write requests. When it changes due to a failover,
the proxy will update after seeing a new value in this header. We
provide this to the proxy in the `X-Writer` response header.

The `beamer_last_txn` value will be used to control writer pinning.
Setting it in the cookie here is the first stage of this. The second
stage will be to catch situations where a reader gets a request where
this header value is set to a large value than the reader has seen; when
that happens if means there's a risk of reading stale data, so rather
than serve the request we should request the proxy to reproxy it back to
the writer.

We also set `X-Kamal-Target` in the response to match the
`X-Kamal-Target` that was set in the request; this lets us see which
proxy target served each request, which is useful for diagnostics.
2025-10-15 08:46:45 +01:00
Jorge Manrubia b177f92ec1 Prevent view transition animations on page refreshes
View transitions don't play great with page refreshes as they can make those
very noticeable
2025-10-14 15:38:35 +02:00
Mike Dalessio 04be825609 Fix identities for existing sessions 2025-10-10 10:58:30 -04:00
Mike Dalessio 3399e45130 Introduce an "Identity" model to ease login
- New untenanted Identity and Membership models
- New `identity_token` cookie with path "/" holds state across tenants

We're not sure whether the untenanted database will be sqlite or
MySQL, and so I've been careful to minimize

- database reads, placing them behind etags and caching
- database writes, only writing when a new Session is created (login)

Note that we track two things in the identity_token cookie: a signed
id, and the updated_at for the underlying Identity object. This allows
us to effectively cache on the Identity without having to hit the
database, by using an Identity::Mock object that is compatible with
etag and cache methods.

The new integration test shows the desired user-facing behavior, which
is to make it easy to login without a tenanted URL and to jump between
tenants.

- the untenanted "login_help" page shows all linked memberships
- the jump menu shows all linked memberships (except the current)

Also introduced a utility script to populate existing employee
Identities, grouping accounts by email address.
2025-10-10 10:12:25 -04:00
Jorge Manrubia 4527dcbeda Remove unnecessary filtering code
After removing collections from the filtering menu, there was quite a good cleanup here pending
2025-10-03 10:56:34 +02:00
Mike Dalessio 2d327e6294 Render a helpful menu of tenants temporarily 2025-10-02 16:33:25 -04:00
Jorge Manrubia 1bb8de8564 Fix tests 2025-09-29 13:13:40 +02:00
Jorge Manrubia 4103e0c346 Adapt public collections/cards to the new columns model 2025-09-28 18:33:06 +02:00
Jorge Manrubia ce80c843d0 Several fixes for saving filters
- Unify terms with the settings form so that terms are saved normally in the same form.
- Fix filter normalization since it was sometimes failing to match the saved filters due to using quotes around number strings.
2025-09-22 12:55:19 +02:00
Jorge Manrubia 0703263664 Save/delete filter working properly and fast 2025-09-19 16:51:11 +02:00
Jorge Manrubia 375b16b26e Introduce columns and column entity
To refactor some messy code used to render the cards index screen
2025-09-18 11:41:28 +02:00
Stanko K.R. 25b2daad93 Limit access to webhooks to admins 2025-09-16 20:04:20 +02:00
Jorge Manrubia 48f7f914dc Fix: the system to filter at the current view was broken after moving menu to turbo frame
https://fizzy.37signals.com/5986089/cards/1723
2025-09-15 17:07:09 +02:00
Jorge Manrubia 2e4138b585 Tie etag to sessions
So that we don't get CSRF token issues if sharing sessions in the same browser
2025-09-15 16:31:01 +02:00
Jorge Manrubia af6cb37db1 Speed up filter expansion with turbo stream 2025-09-12 13:06:00 +02:00
Jorge Manrubia 36488278a8 Merge pull request #1052 from basecamp/caching
Add more caching
2025-09-09 12:31:46 +02:00
Jorge Manrubia 0864c91770 Add timezone to etag 2025-09-09 11:32:31 +02:00
Stanko Krtalić 24cb5da194 Make Fizzy Ask staff-only (#1037)
* Make Fizzy Ask invisible but usable by staff

* Remove unused span

* Prevent non-staff users from creating or browsing messages

* Extract staff-only into a mixin

* Keep existing markup, use the utility class we already have

---------

Co-authored-by: Jason Zimdars <jz@37signals.com>
2025-09-09 11:23:31 +02:00
Jorge Manrubia cfa0149564 Persist timezones in the server
Add a beacon to persist timezones when these change (or the first time)
2025-09-05 12:11:57 +02:00
Jorge Manrubia c8569ce8b9 Split indexed_by into two filters: indexed by and sort by
https://3.basecamp.com/2914079/buckets/37331921/todos/8877489555#__recording_8987808963
2025-08-21 19:12:54 +02:00
Jorge Manrubia 5896a21499 Support filter by collection in different screens
We want to filter in the same screen for cards/events but not when viewing a card or from other screens. This adds a controller action to flag the actions where this is supported
2025-08-21 14:19:13 +02:00
Jorge Manrubia 109a95ac6f Tidy up settings 2025-08-21 13:25:47 +02:00
Jorge Manrubia d6fe0d919c Reorganize ƒilter's menu templates (WIP) 2025-08-20 12:20:18 +02:00
Mike Dalessio 5540b0fd1b Make sure session cookie has the correct path for the tenant
ref: https://fizzy.37signals.com/5986089/collections/7/cards/1234
2025-08-10 18:53:52 -04:00
Mike Dalessio 988b20a36d Introduce turbo_stream_flash helper and use it for collection edit
The collections/{entropy,publications,workflows} controllers all
respond via turbo stream, and now also provide a flash message.
2025-08-07 15:04:45 -04:00
Mike Dalessio 57269b1b9c Allow local authentication with LOCAL_AUTHENTICATION=1
You can touch `tmp/local-auth.txt` to persist this setting.
2025-08-06 17:05:35 -04:00
Mike Dalessio 8e13ce5b78 Drop Current.account and just use Account.sole
I had reintroduced this in dacb53b8 after David removed it in
6bbf68a4, but now I agree we don't need it.

Also, fix a CORS error when trying to redirect a user to an untenanted
path after login (see
https://fizzy.37signals.com/5986089/collections/2/cards/1032).
2025-07-20 13:00:09 -04:00
Jason Zimdars e77710c6b6 Cards inherit their collection's publication status 2025-07-09 10:08:47 -05:00
Mike Dalessio 0c341d14e1 Untenanted access in authenticated controllers should request auth 2025-07-03 10:05:55 -04:00
Mike Dalessio da69bd1689 Remove local authentication code 2025-07-02 11:59:21 -04:00
Jason Zimdars 1cb9ccdf15 Comparing params is fragile, use id for saved filters 2025-06-26 17:57:30 -05:00
Jason Zimdars ae12a7294c New UI for exposing filter options and saving/deleting them 2025-06-25 19:00:47 -05:00
Jorge Manrubia 2821cf9850 Extract common concern 2025-06-24 12:45:15 +02:00
Mike Dalessio d0dcb6dfa8 Redirect unauthenticated users to Launchpad 2025-06-20 17:14:58 -04:00
Mike Dalessio ee60e8dd01 Signup::AccountsController suppports signing up with a new identity 2025-06-20 15:16:57 -04:00
Mike Dalessio dacb53b8b1 Launchpad login works for existing 37id identities 2025-06-20 15:16:56 -04:00
Mike Dalessio 319e4223e4 Add request details to Current 2025-06-20 15:16:56 -04:00
Kevin McConnell 63ddb23585 Opt out of writer affinity on readings controller 2025-06-16 15:05:47 +01:00
Jorge Manrubia 0cb3648785 Extract concern with common column-related code 2025-06-12 12:48:10 +02:00
Jorge Manrubia a979daddf3 Reuse filter scope 2025-06-12 12:39:33 +02:00
Jorge Manrubia 7013b7f378 Pagination working for public collections 2025-06-09 14:36:53 +02:00
Jason Zimdars bd5d17ff26 Clear indexed_by, too 2025-06-05 16:56:26 -05:00
Jorge Manrubia 540254def4 Fix tests after removing the index action
The show action makes more sense in the controller. Also, the filter
scoped was failing due to Rails raising on missing actions (because we
have deleted the index action). Inlining the concern fixes it and clarifies
where this action is implemented.
2025-06-05 09:12:07 +02:00
Jason Zimdars d17134cb5c Detect platform and label the correct hotkey shortcut
Yes, Platform Agent is overkill for just this but there isn't a one-size JS solution for updating both input placeholders and other HTML text and we're likely to need it later for other things like displaying platform-specific PWA prompts.
2025-05-27 12:14:24 -05:00
Jason Zimdars 7ee65608c9 Show user's activity right on their profile screen 2025-05-22 16:18:28 -05:00
Jason Zimdars 0a500612da Just set the clear filter so restore_collections_filter_from_cookie can do the right thing 2025-05-13 08:24:48 -05:00
Jason Zimdars 368ae5ce6a Handle case where no params are sent because nothing is checked 2025-05-12 22:23:16 -05:00
Mike Dalessio 7dee9ed9d6 Log the authenticated user
to help track down issues reported by individuals in the logs
2025-05-07 17:13:25 -04:00
Jorge Manrubia 76fc4aeb0e Order method 2025-04-26 09:10:58 +02:00