Commit Graph

644 Commits

Author SHA1 Message Date
Stanko K.R. 73c2b00211 Rever to using Ssrf instead of SSRF
Ref: https://github.com/basecamp/fizzy/pull/1967#discussion_r2593750027
2025-12-06 11:04:55 +01:00
Jeremy Daer af14feb8fc CSP gives env config precedence (#1976)
Bit clearer, and simpler config wrangling: presence of ENV → use it.
2025-12-05 20:49:41 -08:00
Jeremy Daer ab5964a375 Tune CSP: allow required external sources and user tools (#1977)
External sources:
- challenges.cloudflare.com for Turnstile (script-src, frame-src)
- storage.basecamp.com for Active Storage (connect-src)

User tools: loosen style/img/font/media/worker-src to avoid fighting
accessibility extensions, privacy tools, and custom fonts.
2025-12-05 20:45:48 -08:00
Mike Dalessio 4602cd3cdd Add verified_at timestamp to use for spam prevention
User are marked as verified after a join code is redeemed. The user is
redirected to Users::VerificationsController, either:

- after submitting a valid magic link code,
- or immediately after redeeming the join code (if they're already
  authenticated with the correct identity)

Account owners are automatically verified when the account is
created (because they have already provided a magic link code at that
point).

This sets up for later commits that will backfill existing users and
require verification before sending notification emails.

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-05 21:51:44 -05:00
Jeremy Daer 345f457513 Tune CSP for user extensions and close implicit-allow gaps (#1974)
Loosen font-src and add media-src to allow browser extensions like
accessibility fonts (OpenDyslexic) and user style managers to work
without CSP violations.

Add default-src and connect-src directives to close security gaps where
unspecified directives were implicitly allowing all sources.
2025-12-05 16:57:03 -08:00
Jeremy Daer 6006491ab4 Content Security Policy (#1964)
Default to a very narrow policy since there are no CDNs or third-party
resources to contend with.

Configurable via:
- config.x.content_security_policy.* for fizzy-saas gem overrides
- DISABLE_CSP to skip entirely
- CSP_REPORT_ONLY to enable report-only mode
- CSP_REPORT_URI for violation reporting
2025-12-05 14:57:50 -08:00
Stanko K.R. cd3751f4c1 Fix Resolv::DNS always returning no results 2025-12-05 20:09:39 +01:00
Kevin McConnell 04153038f0 Document deployment
- Update the README with detailed information about how to deploy a
  Fizzy instance
- Reduce the example deploy config
- Add example SMTP configuration in production.rb
2025-12-05 17:03:07 +00:00
Kevin McConnell 08c380cc71 Remove trailing whitespace
Appease the Rubocop
2025-12-04 13:32:47 +00:00
David Heinemeier Hansson b3481b10a8 Move legacy out of sight 2025-12-04 03:34:30 -08:00
Stanko Krtalić 6050f187ca Merge pull request #1895 from jbnunn/remove-legacy-join-pattern
Removed legacy join link
2025-12-04 09:21:08 +01:00
umarhadi 374fa1b5d0 Add production queue and cache database config 2025-12-04 09:50:45 +07:00
J. Nunn 383033b9d0 Removed legacy join link 2025-12-03 18:06:38 -08:00
Donal McBreen 13db384648 Auto default for UUID primary keys
Patch load_schmema! to set the default value for UUID primary keys. This
removes the need to patch ApplicationRecord + Rails models individually.

It also means we no longer need to patch the default in for the integer
primary key in Search::Record::SQLite.
2025-12-03 14:27:52 +00:00
Dave Kimura 4c669b26fb Updated database.sqlite.yml 2025-12-02 16:11:10 -05:00
Kevin McConnell 60e7e9ffd8 Merge pull request #1733 from basecamp/allow-all-signups
Remove basic auth restriction on signup
2025-12-02 15:46:04 +00:00
Kevin McConnell d24726c1d3 Merge pull request #1768 from basecamp/data-exports
Add "data export" feature
2025-12-02 09:56:40 +00:00
Kevin McConnell 9ae9e67d24 Remove all credentials files 2025-12-02 09:11:37 +01:00
David Heinemeier Hansson 28371e10c8 Turn off the help notice 2025-12-01 16:25:23 +01:00
Kevin McConnell e16cc21b0a Add "data export" feature
- Adds a button in Account Settings where you can request a ZIP export of your
  Fizzy data
- Export files are created in the background. When ready, a link to
  download them is sent to the requester.
- Exports expire after 24 hours. And are limited to 10 per day.
2025-12-01 15:23:26 +00:00
Jorge Manrubia 3480e2d6db Handle size in binary columns
In the cable schema we use:

```
    t.binary "payload", size: :long, null: false
```

This will fail when resetting the db otherwise with an error due to the unexpected size property.
2025-12-01 13:32:54 +01:00
Jorge Manrubia 5a1b59dc47 Define solid cable databases for the OSS mode 2025-12-01 13:25:44 +01:00
Jorge Manrubia 12de564176 Remove MySQL from default local development setup
https://3.basecamp.com/2914079/buckets/37331921/chats/9301300227@9334968661
2025-12-01 12:46:37 +01:00
Jorge Manrubia 7457f78a1f Merge pull request #1758 from basecamp/clean-env
Move env-specific bits to the engine
2025-11-29 21:58:29 +01:00
Jorge Manrubia 081586c0a6 This was moved to the engine
https://github.com/basecamp/fizzy-saas/commit/27d4d34091de8db53bb01ac604c56e1a83b3adc3
2025-11-29 21:46:34 +01:00
Mike Dalessio bd19b91e05 Make sure the sqlite db is prepared in SAAS mode
Previously, the mysql database was prepared twice and sqlite not at all.
2025-11-29 14:09:55 -05:00
Jorge Manrubia 486d56d24f Move env-specific config bits to the saas gem 2025-11-29 16:19:30 +01:00
Stanko K.R. 658b5a07cf Organize everything under Signups 2025-11-29 11:46:09 +01:00
Stanko K.R. 5747445977 Create signups controller 2025-11-29 10:15:48 +01:00
Mike Dalessio 8ddb4b37d0 Merge pull request #1755 from basecamp/flavorjones/storage-require
remove require of `lib/fizzy` from storage.yml
2025-11-28 15:15:15 -05:00
Mike Dalessio bf915e63c4 Split system tests out into separate single-worker steps
because they aren't written to be run in parallel.
2025-11-28 15:02:58 -05:00
Mike Dalessio 3286fbb50e require_relative doesn't work as expected in ERB templates
e.g., when firing up bin/minio-setup this looks in the parent
directory

However, we shouldn't need it since `lib` is eager loaded.
2025-11-28 13:39:47 -05:00
Jorge Manrubia 8e0445ddf5 Add yabeda metrics check only in SaaS mode 2025-11-28 15:53:58 +01:00
Jorge Manrubia efe3070499 Add gitleaks from main 2025-11-28 15:53:58 +01:00
Jorge Manrubia 6ccf655597 Move yabeda/prometheus stuff to the gem 2025-11-28 15:53:58 +01:00
Jorge Manrubia 3b0ddf4cfb Move sentry to engine 2025-11-28 15:53:58 +01:00
Jorge Manrubia 81656ac260 Run SQLite in saas mode too 2025-11-28 15:53:58 +01:00
Jorge Manrubia f03fbba5ac Restore local CI, sensible setup for open source users 2025-11-28 15:53:58 +01:00
Jorge Manrubia cebd5d35f6 Revert "Remove local ci for now"
This reverts commit 7d6ed4a459f78d14767f1523b32553df84e627e5.
2025-11-28 15:53:58 +01:00
Jorge Manrubia 76d3ec0fc4 Remove local ci for now 2025-11-28 15:53:58 +01:00
Jorge Manrubia e962ba82ed Simplify local ci 2025-11-28 15:53:58 +01:00
Jorge Manrubia 4e09352c09 Bring simple signup flow from the fizzy-saas gem
We skip the QB code and we fill external account ids automatically on creation with a sequence

See:
https://github.com/basecamp/fizzy-saas/pull/7
2025-11-28 15:53:58 +01:00
Jorge Manrubia 96caeacb03 Move to ENV (kamal secrets) 2025-11-28 15:53:58 +01:00
Jorge Manrubia c61dba0641 Format 2025-11-28 15:53:58 +01:00
Jorge Manrubia 1083f715a8 This was moved to the gem already by Mike 2025-11-28 15:53:58 +01:00
Jorge Manrubia fa9ee0381d Move more settings to the gem 2025-11-28 15:53:58 +01:00
Jorge Manrubia af42ce43d4 Remove vapid keys in development 2025-11-28 15:53:58 +01:00
Jorge Manrubia 44d086e076 Cleanup of credentials
Secrets moved to 1password.
2025-11-28 15:53:58 +01:00
Jorge Manrubia 18e1badfb5 Prevent choking when no structured logging for now 2025-11-28 15:53:58 +01:00
Jorge Manrubia 197090f754 Move active storage config to gem 2025-11-28 15:53:58 +01:00