The users online count recently added to wrappers.py:get_logged_in_user
uses g.timestamp for its calculations. This is primarily set in
__main__.py:before_request. However, chat has requests which do not
trigger @app.before_request. To resolve this, we now set g.timestamp
in the auth_required wrapper before calling get_logged_in_user().
I think this is safe in general; there's no particular harm to setting
the timestamp _more_ frequently.
After ea48c46b0f adds the leaderboard table for most blocked user,
it appeared that the user profile links did not appear correctly.
As such, it was necessary to join on the appropriate information.
This has been (mostly) resolved, excluding the removal of profile
picture because profile_url has logic in Python.
If someone knows SQLAlchemy better than I do, please redo this and
add the profile pictures back into the template. However, I got tired
of fighting with the ORM when I already knew the damn query.
Originally prompted by https://rdrama.net/post/18459/-/1984609 which
noticed that streamable.com/e/ links as posts would have another e/
added to them. This was in spite of logic in posts.py api_is_repost
and submit_post designed to specifically counteract this.
Proximal cause was a copypasta'd url.replace(...) chain which
caused the mistake before the streamable-specific logic had a chance
to avoid making it.
Solution: remove the streamable replacement from the chained statement
and create `helpers.normalize_url(url)` to get rid of the copypasta.
With the changes in 8a400a209b, a bug was accidentally introduced
which resulted in one's own profile being wrapped in a `display: none;`
block due to a template conditional which caused the mobile
<div id="profile--actionbtns"> to not be closed when v.id != u.id
(cf. userpage.html circa L489).
Because the current conditional structure makes it hard to add an
analogous profile--actionbtns div to mobile, it has been removed.
By direct request of Carp. Also shrunk text slightly to match.
In light of the animated icon, it's plenty visually obvious.
Also, the smaller text reduces instances of unsightly text wrapping.
After much debate, the user counter will remain in the top banner for
all non-rDrama sites using the codebase, while on rDrama the journoid
banner will remain there and the counter has been moved back to the
sidebar. This partially reverts some recent commits.
In addition to the sidebar move, the rDrama user counter now has
random flavor text, much as reddit sidebars do, though ours is
cooler because it can randomly select from a list.
Per https://rdrama.net/post/70341/-/1976650 added more gTLDs that
are actually desired by site users.
Also, hard wrapped the `TLDS` and `allowed_tags` tuple-lists at a
100char hard ruler for my sanity.
The confetti button in the awardModal had a conflicting ID to the
newly-reimplemented confetti award. This resulted in an amusing bug
where the awardModal was filled with confetti. Conflict has been
resolved by renaming the confetti overlay.
This is what I deserve for writing code at 3AM.
To replace the implementation of the confetti award, we now use an
animated WebP tiled as a background image on a fixed overlay. This
should alleviate the previous performance concerns (no runtime
calculation of confetti mechanics & rendering) and maintainable
concerns.
Fixes https://rdrama.net/post/18459/-/1969386
The appropriate internal links--viz. profile, settings, changelogs,
bug reporting, discord, archives, and contact--in the header menu
respect the User.newtab setting to open internal links in new tabs.
Removes temporary changes for the Birthgay 2022 event, ending
approximately at 2022-05-23 0600Z. Changes:
- Double XP disabled.
- Lootboxes disabled.
- Three event awards given real descriptions and colors.
- Partyhats: restored to cakeday-only condition and tooltip.
- Header UI: balloons removed, text visibility outline removed,
journoid banner reverted, marseyjam as header icon.
- Birthgay banners: removed from template, moved to new storage dir.
Confetti, though remaining as a permanent award, has been temporarily
removed pending a less performance-intensive implementation and one
that doesn't require maintaining a third-party package in the codebase.
Recently, caa81452f4 relaxed the condition for Snappy pinning a post
from `body.startswith(':#marseypin:')` to the same sans trailing colon.
I believe this was intended to allow :marseypin2: to also lead to post
pinning. However, the amusing, though incorrect, side effect is that
:marseypinkcat: and :marseypinochet: can now also lead to Snappy pins.
This has been remedied by explicitly defining the two conditions we
want rather than hoping all :marseypin [sic] are about pinning.
cb1bb4e43b40: Server cleaned out schema.sql for some reason and
it was autocommitted by the sneed cron. This is why the tests fail.
2737a6ca479b: Originally pulled from themotte/rDrama @ 309bf44f12ba.
In light of the fact this is breaking comment previews right now and
the actual XSS threat is unclear, given we sanitize serverside,
this is reverted until I find time to look at it.
Comments of the style e.g. "@TLSM / @TLSM2" would mistakenly be
`sanitize`d to have identical links only on "@TLSM", the latter
instance having a dangling 2 on the end. It seems this is purely an
issue with text formatting; alerts.py @ NOTIF_USERS had no such
issues. The root cause appears to be partly an optimization and
partly the use of str.replace without a count limit.
The award modal note field had a maxLength of 200 characters.
This was retained when repurposing the field for the new flair to be
applied by a flairlock award. However, flairs have a maxLength of 100
characters. award_modal.js now makes this clearer in the UI by
changing the maxLength of note when a flairlock award is picked.
The shop discount from Big Spender badges was incorrectly implemented:
intended behavior was for 2pp per badge. However, the values in
const.py were set as if a user could only have one Spender badge at
once, while user.py @ discount was implemented as if they were
additive. Since users factually do have multiple big spender badges,
the values in const were adjusted to reflect this fact.
Also, lootbox Roller badges now each offer a 1pp discount.
users.py @ discount was improved to check against the `discounts`
keys for appropriate badges, rather than a hardcoded list.
Very strange bug, and I hope this fixes it. User popovers, e.g. on
comments pages when names are clicked, spontaneously stopped working
on my local instance. This parallels occasional reports from others
that their popovers stop working for seemingly no reason.
The primary symptom appeared to be in comments+submission_listing.js
@ popclick(...), which became unable to find any `.popover` elements
in the document, resulting in a console error. Running `bs_trigger(
document)` manually in console after page load always fixed this.
As such, I am assuming this is (hopefully) a timing bug from the
bs_trigger call in header.js running before document ready. The call
now runs on a standard document ready callback boilerplate.
May God have mercy on our souls if this doesn't fix it.
I discovered that running `bs_trigger(document)`
Double XP now has a constant for unixtime to start. Logic around
DXP is designed to only apply to votes made after DOUBLE_XP_ENABLED.
This prevents an exploit in the old implementation where spam voting/
unvoting a post made prior to the DXP start could farm 300 DC/hr/alt.
Also it's more maintainable and comports with the coin_delta changes
to prevent self-vote coin changes.
Re-enable lootboxes in const.py, and update their contents in
awards.py. Additionally, improve appearance in shop.
Upon purchasing a lootbox, users now receive a message informing
them of the contents thereof.
Lootbox backend now properly uses CARP_ID (and checks for the
existence thereof correctly).
Also, minor changes to how const.py whitelists awards.
Modlog only had ModAction.age_string visible. However, we sometimes
need to know the exact time an action was taken.
Adds `created_string` to ModAction, and exposes that to log.html.
The COUNT(*) performance optimization in b71ae6cc74 was a bit
overzealous and wound up breaking four fields in /stats intended to
count distinct users who performed certain activities. These fields
were returned to their original implementation.