Commit Graph

38 Commits

Author SHA1 Message Date
Kevin McConnell 741eff7bdc Revert "Merge pull request #1865 from basecamp/public-avatar-caching"
This reverts commit c628f14c01, reversing
changes made to 4bafc73236.
2025-12-15 13:07:13 +00:00
Kevin McConnell c628f14c01 Merge pull request #1865 from basecamp/public-avatar-caching
Serve own avatar from its own endpoint
2025-12-15 12:20:28 +00:00
Kevin McConnell eec96ff384 Serve own avatar from its own endpoint
This allows us to have different cache controls depending on whether
you're viewing your own avatar, or someone else's. Your own avatar will
always be fresh, while other folks' avatars can be pulled from the CDN.
2025-12-12 09:03:35 +00:00
Kevin McConnell 8d32a322e9 Remove redundant include
This is no longer needed since af0e2488 removed the streaming of
avatar images.
2025-12-12 08:58:52 +00:00
Jeremy Daer ea8a78cc22 Fix stale-read race when creating push subscriptions
(Caught one such uniqueness exception in the wild)

* 200 OK -> 204 No Content, default status
* No need to touch the subscription when found
* Drop superflous test
2025-12-09 01:34:37 -08:00
Mike Dalessio 4602cd3cdd Add verified_at timestamp to use for spam prevention
User are marked as verified after a join code is redeemed. The user is
redirected to Users::VerificationsController, either:

- after submitting a valid magic link code,
- or immediately after redeeming the join code (if they're already
  authenticated with the correct identity)

Account owners are automatically verified when the account is
created (because they have already provided a magic link code at that
point).

This sets up for later commits that will backfill existing users and
require verification before sending notification emails.

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-05 21:51:44 -05:00
Kevin McConnell 6475ad3425 Don't try to resize non-variable avatars 2025-12-04 13:36:21 +00:00
Stanko K.R. 84213265e7 Render friendly error message when using an invalid token 2025-12-03 15:37:27 +01:00
Stanko K.R. 46d80f2ca2 Serve system user avatar as an asset 2025-11-24 13:16:14 +01:00
Stanko K.R. e85c5736c9 Render system user avatars using redirects 2025-11-24 12:05:32 +01:00
Mike Dalessio 4dc28943da Don't let cloudflare cache avatars
The issue here is that anyone else who views my avatar will cause it
to be cached, and then I can't easily bust the cache if I change my
avatar.
2025-11-22 09:48:28 -05:00
Mike Dalessio 64bac96545 User avatar responses have cache-control "public"
ref: https://app.fizzy.do/5986089/cards/3125
2025-11-21 16:11:39 -05:00
Mike Dalessio bcb43305b6 Improve avatar image handling
- redirect avatar image requests to the rails_blob_url, instead of
  streaming them through the web app
- use a thumbnail variant for avatar images
- only put avatar initials behind the stale? check (not the image
  redirect, which would result in browsers rendering broken images when
  an avatar is changed, until max-age expires)
2025-11-21 15:16:46 -05:00
Stanko K.R. fe909d6dc5 Disable stale while revalidate for own avatar
Locally, having stale_while_revalidate works great, but in production when we are behind CloudFlare, this results in an old image being shown after you upload a new one

See: https://app.fizzy.do/5986089/cards/2978
2025-11-21 19:26:38 +01:00
Stanko K.R. e0693de7c3 Scope jobs and controllers by account 2025-11-17 09:12:41 -05:00
Stanko K.R. 56c41d45eb Reinstate email changes 2025-11-17 09:12:40 -05:00
Stanko K.R. 34d83aaa7c Fix tests after the removal of memberships 2025-11-17 09:12:40 -05:00
Stanko K.R. edf837fed3 Drop memberships 2025-11-17 09:12:39 -05:00
Stanko K.R. 6858b96619 Simplify join codes 2025-11-17 09:12:17 -05:00
Mike Dalessio dbf66f9a50 Constrain user queries to the current or relevant account 2025-11-17 09:11:57 -05:00
Jason Zimdars 7a58c23e55 Copy edits for unified flow 2025-11-07 07:06:28 +01:00
Jorge Manrubia 2bb90eab13 Use the sole collection as the root for a better onboarding experience for new accounts 2025-11-04 17:09:35 +01:00
David Heinemeier Hansson f9ff13cdc4 Add http caching for user events 2025-11-03 14:25:32 +01:00
David Heinemeier Hansson b05e7c04e1 Ensure you can only delete your own avatar or else you have to be admin 2025-11-03 14:21:48 +01:00
David Heinemeier Hansson 4c2f3ef0b8 Style 2025-11-03 14:21:25 +01:00
David Heinemeier Hansson 3ec9308345 Always bang for exceptions 2025-11-03 14:21:06 +01:00
Jorge Manrubia ebe1617f42 Format 2025-11-03 09:29:43 +01:00
David Heinemeier Hansson 43069b1ea4 Extract Users::JoinsController from overloaded UsersController
Good code smell is when the before_action callbacks stack up but can't
be shared across actions
2025-11-02 17:49:25 +01:00
David Heinemeier Hansson bced7405df Extract events loading from overloaded UsersController 2025-11-02 17:31:28 +01:00
Jason Zimdars 8f47db3ced Add service worker and subscriptions controllers 2025-07-15 15:22:32 -05:00
Jorge Manrubia 5e3b5b6d7c Make avatars public so that they work in public collections 2025-06-09 15:03:21 +02:00
David Heinemeier Hansson a106b1b6a7 Join the two users controllers but split out role setting 2025-04-12 20:30:47 +02:00
David Heinemeier Hansson 6bbf68a4f9 The tenanted db is the account scope 2025-04-12 20:06:34 +02:00
Jorge Manrubia 40df93eed7 Max max age for your own avatar
So that you don't get confused when you don't see it update
after changing it.
2025-04-07 06:59:36 +02:00
Kevin McConnell f50a880d6b Avoid double render in Avatars#show
After sending the conditional 304 response, we were still attempting to
render the response, which is unnecessary.
2025-03-12 09:05:50 +00:00
Jason Zimdars 66640bbac0 Remove avatars 2024-12-18 16:24:39 -06:00
Jeffrey Hardy 6953701df4 Scope user finding by Current.account 2024-10-04 12:51:04 -04:00
Jason Zimdars 9e28359587 Add proper avatars for users 2024-10-04 10:54:11 -05:00