Commit Graph

8007 Commits

Author SHA1 Message Date
David Heinemeier Hansson caa4cd491e Smooth out the finder API 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 0ba43de61a This had gotten stripped 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 9254d17359 The magic of it is not needing to manually yield it! 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 7d2c284726 Clarify 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 467843fe22 Inline now anemic helper methods 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 3329008dd8 Handle everything in the same method 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 895b0e13b8 Drop the need for access tokens to have a session 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 660fcff558 Authenticate api requests without needing a session 2025-12-10 09:23:52 +01:00
Jason Zimdars 073d1af862 List, create, and revoke access tokens 2025-12-10 09:23:52 +01:00
Jason Zimdars 48c83f34b0 Add developer section to user profile 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson db29562c4c Tie access token directly to session
We need to present them differently in the session list and prevent them
from being deleted
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson b53c0a5385 Correct 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson c65cb77ac4 API index for cards 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson d384971ea2 Test the boards API 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson a81c681a8d Add access token authentication via HTTP AUTHORIZATION bearer header 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson ea697b7143 Add API to boards 2025-12-10 09:23:52 +01:00
Stanko Krtalić 728fe7c243 Merge pull request #2043 from basecamp/fix-crash-on-gh-actions-check
Remove semver-major-days on GH actions
2025-12-10 09:21:46 +01:00
Stanko K.R. 9d5ddfccec Remove semver-major-days from Dependabot on GH actions 2025-12-10 09:18:20 +01:00
Stanko Krtalić 1d89bd9795 Merge pull request #2040 from robinbrandt/push-tmrkoytpuvul
Allow chromium unstable endpoint for push messages
2025-12-10 09:10:06 +01:00
Robin Brandt d60643f5ef Allow chromium unstable endpoint 2025-12-09 20:24:09 -05:00
Andy Smith b549291889 Merge pull request #2038 from basecamp/jump-menu-empty-state
Add blank slate to the main menu
2025-12-09 18:12:53 -06:00
Jeremy Daer 8a732b081d Bump Rails to current ast-immediate-variants-process-locally branch 2025-12-09 15:54:06 -08:00
Jeremy Daer 85bd5c2df5 Rails seeded parallel tests (#2037)
Enable work stealing by default for a tiny speedup at the cost of small
loss in reproducibility.

References https://github.com/rails/rails/pull/56175
2025-12-09 15:50:01 -08:00
Andy Smith 6074ed2347 Add blank slate to the main menu 2025-12-09 15:56:10 -06:00
Andy Smith fbb0c9d795 Merge pull request #2007 from basecamp/prompt-spacing-fix
Fixing Lexxy prompt menu spacing
2025-12-09 15:43:01 -06:00
Zoltan Hosszu d12eaa4073 Fixing Lexxy prompt menu spacing 2025-12-09 17:36:22 +01:00
Kevin McConnell 0430ce0620 Merge pull request #1911 from harisadam/main
Configure email delivery in production using environment variables
2025-12-09 12:56:03 +00:00
Kevin McConnell 99bee0e0e0 Make SMTP config conditional on SMTP_ADDRESS
- If `SMTP_ADDRESS` is set, configure Action Mailer to use it, along
  with additional optional SMTP-related settings.
- Otherwise, don't set config (for compatibility with engines like
  fizzy-saas).
- Remove sendmail env setup, since by default there is no sendmail in
  the container, and custom deployment can use whatever config the want
  directly. If we end up needing this, we can bring it back via its
  own env.
2025-12-09 12:44:36 +00:00
Adam Haris 9de59ca37b default to smtp 2025-12-09 11:54:45 +00:00
Adam Haris 1d5654cafa configurable actionmailer settings (ENV) 2025-12-09 11:54:44 +00:00
Jorge Manrubia da2bd2f2ec Merge pull request #2024 from basecamp/immediate-variant-locally
Process blob variants using local files
2025-12-09 12:17:12 +01:00
Jorge Manrubia 94c59a2399 Merge pull request #2033 from basecamp/limit-webhook-response-size
Stream response in webhook request manually to check size
2025-12-09 12:16:42 +01:00
Jorge Manrubia 1c6ba66cb8 Merge pull request #2031 from basecamp/push-subscription-race
Fix stale-read race when creating push subscriptions
2025-12-09 12:15:57 +01:00
Rosa Gutierrez 29c7926307 Stream response in webhook request manually to check size
This addresses a DoS vulnerability where the response might be massive
leading to OOM errors, as the response is read in full in memory by
default.

To prevent this, we need to read the body in chunks, checking the
size of the chunks we've read and raising if we go over a certain limit.

I've set the limit to 100 KB because the responses to these requests
should be fairly small or even empty, and we only care about the status
code in the end.
2025-12-09 11:25:12 +01:00
Jeremy Daer ea8a78cc22 Fix stale-read race when creating push subscriptions
(Caught one such uniqueness exception in the wild)

* 200 OK -> 204 No Content, default status
* No need to touch the subscription when found
* Drop superflous test
2025-12-09 01:34:37 -08:00
Lewis Buckley a2d4f3431e Merge pull request #2018 from basecamp/ssl-config
Allow configuring SSL in production with ENV vars
2025-12-09 00:51:08 -08:00
Jeremy Daer bec46e15a9 Drop defunct Account upload attachments (#2030)
Controller and routes removed in 6a62df470c
2025-12-09 00:36:39 -08:00
Jeremy Daer 8eb01da057 Process blob variants using local files
Rails does post-upload variant processing using the same file upload
in https://github.com/rails/rails/pull/56327

Unrelated Lexxy bump:
Pulls in https://github.com/basecamp/lexxy/pull/493 to work around `dom_id`
removal from ActionText tag in https://github.com/rails/rails/pull/51238
2025-12-08 23:41:15 -08:00
Jeremy Daer 08896deb32 bin/ci: run OSS suite in SAAS mode for full coverage (#2029) 2025-12-08 23:33:46 -08:00
Jeremy Daer b23a5d0b7c Fix flaky tests caused by leaky show_exceptions twiddling (#2028)
Rails memoizes `@app_env_config`, so running push subscriptions test
after join codes test will result in running with `show_exceptions:
:none`, causing RecordInvalid to raise instead of returning 422 status.

References #1996
2025-12-08 23:27:36 -08:00
Jeremy Daer 49c4f2adc6 Fix ActiveStorage FileNotFoundError with immediate variant processing (#2022)
When ActiveStorage::Record uses `connects_to` for read replica support,
it creates a separate connection pool from ApplicationRecord. This causes
`after_commit` callbacks to fire in non-deterministic order - the
Attachment's `create_variants` callback can fire before the User model's
upload callback completes, resulting in FileNotFoundError.

The fix removes replica connection configuration from ActiveStorage::Record
so it shares the same connection pool as application models, ensuring
proper callback ordering.

Also reverts test workarounds that were added to work around this issue,
since the root cause is now fixed.

See: https://github.com/rails/rails/issues/53694
2025-12-08 14:44:49 -08:00
Jorge Manrubia cb0e9b9962 Immediate avatar and embed variants (#2002)
Reverts #2001
Restores #1955
2025-12-08 14:17:06 -08:00
Jason Zimdars f8a812f038 Merge pull request #2021 from basecamp/internal/pr-2000
Update font stack
2025-12-08 16:10:23 -06:00
Andy Smith fbb47eda4d Merge pull request #2020 from basecamp/lexxy-highlight-fixes-ios
Account for browser button styled and adjust mobile padding for perma BG
2025-12-08 16:04:34 -06:00
Jason Zimdars 3cdcd3f00c Should be in global gitignore 2025-12-08 16:03:39 -06:00
Andy Smith bc8ecc3e91 Account for browser button styled and adjust mobile padding for perma BG 2025-12-08 15:59:58 -06:00
Andy Smith 14e763ec59 Merge pull request #2019 from basecamp/wrap-lexxy-overflow
Wrap the overflow menu
2025-12-08 15:47:09 -06:00
Andy Smith 27585a75b2 Wrap the overflow menu 2025-12-08 15:01:47 -06:00
Lewis Buckley 50be611f01 Allow configuring SSL in production with ENV vars 2025-12-08 20:57:01 +00:00
Mike Dalessio e1c9b7df1e doc: update style doc reference for LLM agents 2025-12-08 15:29:26 -05:00