Commit graph

832 commits

Author SHA1 Message Date
2c54e356f9 Oops, fix mistakes turning on experimental log
I didn't notice that there was another place where "auth0" was set as the default, oops!

This caused logins to fail, because the cookie would be set, but the request wouldn't be sent with the correct `DTIAuthMode` header. So you'd stay logged in with your auth0 credentials, even though the UI was using your db cookies. Or something? Idk weird state mismatch.

Point being, fixed now!
2022-09-14 18:12:34 -07:00
aceb881b7c Default experimental login mode to On
Still leaving the toggle so users can hop back out to Auth0 if it turns out we broke stuff on 'em, but yeah I haven't heard anything bad from the experiment at all, and I think we don't need to bother with the gradual rollout! Let's just go!
2022-09-14 17:48:39 -07:00
0159bf18e0 Remove Cypress login hacks
We previously had a lil trick to help Cypress perform an Auth0 login without using the whole Auth0 UI. (I forget exactly why!)

With Cypress deleted, we don't need this code anymore!
2022-09-14 17:45:53 -07:00
2b19c4f99d Fix crashing bug in MajorErrorMessage
Uhhh oops did I just not test this refactor at all? lmao
2022-09-14 17:41:25 -07:00
50e04385e3 Account creation is ready!
Yay it seems to be working, owo! Added the actual database work, and some additional uniqueness checking.
2022-09-13 21:11:48 -07:00
08603af961 Create account endpoint skeleton + validation
It doesn't actually create the account, but it does some field validation and the form reacts to it!
2022-09-12 15:25:22 -07:00
e6176b6c16 Fix accessibility with experimental login button
Oops, my pseudo-button didn't behave quite right for keyboard-based opening the popover. Using an actual Button now!
2022-08-26 16:33:09 -07:00
a663ee79df Add WIP callout to Create Account form 2022-08-26 16:21:11 -07:00
5d8b62d499 Add settings UI to opt into db login mode
Just a cute lil thing on the homepage, not very obvious at all but easy to find if you're looking for it!
2022-08-26 16:17:25 -07:00
39852c8297 Oops, fix a bug where incorrect login closed modal
Oh yeah, ok, we don't actually want to evict `currentUser` from the Apollo cache on *any* login mutation. That's both inefficient, and puts our navbar in a loading state that hides the login button and thereby unmounts the login modal, oops!
2022-08-26 16:03:47 -07:00
92ade4a513 Update HomePage news
hey it's been a while! lol

I replaced the friendly long-time Feedback Xwee with a cute chef Kiko, to mix things up a bit and help people notice that the box changed!
2022-08-17 16:22:46 -07:00
f7f6f7b82b Remove useRequireLogin, show logged-out message
There was a bug in the new db auth method where `useRequireLogin` was expecting Auth0 logins to work, so it would get caught in an infinite redirect loop.

Rather than trying to figure out how to make `useRequireLogin` work with the new modal UI, I figured we can just delete it (since we only ended up using it once anyway), and add a little message if you happen to end up on the page while logged out. Easy peasy!
2022-08-17 16:11:40 -07:00
db8fe9f3c2 Logout button for new auth mode
Hey hey, logging out works! The server side of this was easy, but I made a few refactors to support it well on the client, like `useLoginActions` becoming just `useLogout` lol, and updating how the nav menu chooses between buttons vs menu because I wanted `<LogoutButton />` to contain some state.

We also did good Apollo cache stuff to update the page after you log in or out! I think some fields that don't derive from `User`, like `Item.currentUserOwnsThis`, are gonna fail to update until you reload the page but like that's fine idk :p

There's a known bug where logging out on the Your Outfits page turns into an infinite loop situation, because it's trying to do Auth0 stuff but the login keeps failing to have any effect because we're in db mode! I'll fix that next.
2022-08-17 16:05:36 -07:00
2dbfaf1557 Support actual login via db?? :0
Yeah cool the login button seems to. work now? And subsequent requests serve user data correctly based on that, and let you edit stuff.

I also tested the following attacks:
- Using the wrong password indeed fails! lol basic one
- Changing the userId or createdAt fields in the cookie causes the auth token to be rejected for an invalid signature.

Tbh that's all that comes to mind… like, you either attack us by tricking the login itself into giving you a token when it shouldn't, or you attack us by tricking the subsequent requests into accepting a token when it shouldn't. Seems like we're covered? 😳🤞

Still need to add logout, but yeah, this is… looking surprisingly feature-parity with our Auth0 integration already lmao. Maybe it'll be ready to launch sooner than expected?
2022-08-17 15:24:17 -07:00
4d0c48ab7c Login form checks the db, and saves a cookie
Okay so one of the trickiest parts of login is done! 🤞 and now we need to make it actually show up in the UI. (and also pressure-test the security a bit, I've only really checked the happy path!)
2022-08-17 00:58:52 -07:00
ce503ea730 Start building a login form, behind a feature flag
Thinking about longevity, I think I wanna cut Auth0 loose, and just go back to using our own auth.

I had figured at the time that I didn't want to integrate with OpenNeo ID's whole mess, and I didn't want to write a whole new auth system, so Auth0 seemed to make things easier.

But now, it's just kinda a lot to be carrying along an external service as a dependency for login, especially when we've got all the stuff in the database right here. I wanna remove architecture pieces! Get it outta here!

And I'll finally build account creation from the 2020 site while I'm at it, which seemed like it was gonna be a bit of a pain with Auth0 and syncing anyway. (I think at the time I was a bit more optimistic about a full transfer from one system to another, but that's much further off than I realized, and this path will be much better for keeping things in sync.)
2022-08-16 17:34:51 -07:00
5dde7764e2 Release the ~owls pricing!
Yaay the ~owls team says we're ready to launch! Bingo bongo!
2022-08-16 13:51:34 -07:00
38957c50c0 Merge branch 'owls-integration' into main 2022-08-16 00:16:09 -07:00
a8b4832976 Hide the ~owls badge until you type "~owls"
Just a cute little way to let us preview it without having to spin up a separate instance of the app or use a feature flag system!

This means we can safely merge and push this to production, without worrying about leaking the feature before the ~owls team signs off.
2022-08-16 00:13:11 -07:00
240a683e71 Finish wiring up ~owls data
Hey nice it looks like it's working! :3 "Bright Speckled Parasol" is a nice test case, it has a long text string! And when the NC value is not included in the ~owls list, we indeed don't show the badge!
2022-08-15 23:57:33 -07:00
25092b865a Add Delete button for outfits
Hey finally! I got in the mood and did it, after… a year? idk lol

The button should only appear for outfits that are already saved, that are owned by you. And the server enforces it!

I also added a new util function to give actually useful error messages when the GraphQL server throws an error. Might be wise to use this in more places where we're currently just using `error.message`!
2022-08-15 20:23:17 -07:00
4b2d1f949b Finally implement "Edit a copy"
I guess "Coming soon" was a lie oops lmao

it was bothering me so I finally added it :p
2022-08-15 19:28:08 -07:00
ac642ea697 Filter out browser extensions from error logging
Been getting a lot of errors I *think* from folks trying to add OWLS Pricer to Impress 2020 even though it doesn't work here! Reasonable to have happen though! I thought Sentry knew to ignore those, but I guess it doesn't?

In this change, we add some filtering to ignore errors triggered by extensions. This should keep them out of our inbox!

I wasn't able to test this very robustly locally. I'm mostly just crossing fingers!
2022-08-15 18:12:19 -07:00
6c3f2ac61c
Update Shop Wizard URL 2022-03-11 08:37:13 -05:00
6ce8a5aea2 Update lists after click item page own/want button
This is a bit hacky, but I want to ship and I'm not in a mood for a refactor :P

Before this change, you could see a bug by doing the following:

1. Click "I own this" to own an item.
2. Click "Add a list" and add it to a list.
3. Click "I own this" to un-own the item. (This deletes it from all lists.)
4. Observe that the "Add a list" dropdown disappears.
5. Click "I own this" to own it again.
6. Observe that, before this change, the dropdown would reappear, but incorrectly say it was still in the old list. After this change, it appears with the blank "Add to list", as intended.
2021-11-30 16:52:38 -08:00
29d44c10bd Fix double-click bug unchecking own/want an item
Oops, I used the wrong property to control the checkbox state! This made it an uncontrolled component. It would always start unchecked when the page loads, regardless of actual own/want state, and then toggle based on physical clicks.

This meant that things generally worked correctly if you didn't own/want the item when you first loaded the page; but if you already did, then you would click once and send an *add* mutation instead of a remove; and then click again and be able to remove.

Now, removes only take one click!
2021-11-30 16:51:20 -08:00
e95f6abbe4 Closet list dropdowns on item page
Oooh this feature is feeling very nice :) :) We hid "not in a list" pretty smoothly I think!

A known bug: If you have the item in a list, then click the big colorful button, it will remove the item from *all* lists; and then if you click it again, it will add it to Not in a List. But! The UI will still show the lists it was in before, because we haven't updated the client cache. (It's not that bad in the middle state though, because the list dropdown stuff gets hidden.)
2021-11-30 16:36:00 -08:00
e6a94eaf80 Move a comment to satisfy VS Code emmet extension
My cute keybind to quickly wrap stuff in <Box> wasn't working in this file, and I figured out from deleting stuff and narrowing down that it was this comment. I guess Emmet's JSX parser doesn't like a comment being there! I moved it up a bit instead.
2021-11-30 15:01:05 -08:00
7c3298d5b2 Oops, fix SVG message and build error
Ah hm, not sure why this only showed up once I tried a prod deploy, but I declared `hiResMode` twice in there, because we already had fixed this bug for item layers but not pet layers!

In this change, I fix the duplicate `hiResMode` declaration, and update the new pet layers message to match the item layers message.
2021-11-27 20:01:38 -08:00
3642e4c32a Only show SVG glitch messages if SVGs are on
It's confusing to see a message that says "instead we're showing a PNG" if you don't have hi-res mode on and actually everything is PNG anyway!
2021-11-27 19:57:49 -08:00
f32de55ed0 Handle more lists, longer list names, on item page
Give the grid a fixed size, have the list name stuff get ellipsis when it's too long, and try to show all list names (which will almost certainly too long for the space) to give a better hint of what's in there.
2021-11-26 15:05:07 -08:00
ad249d03ab WIP list editing on item page
Gonna have this button pop up a little thing of your lists, with checkboxes, and I guess probably quantities once I add that concept back to 2020 😅
2021-11-26 14:49:21 -08:00
d4b115e805 Merge branch 'ansible' of github.com:matchu/impress-2020 into ansible 2021-11-23 12:42:59 -08:00
96d6d42120 Use persisted queries in dev, bc Next.js support
We had previously configured the client to not bother to try a GET request for GraphQL queries, and just jump straight to POST instead, because the `vercel dev` server for create-react-app reloaded the backend code for every request anyway, which doubled the dev response time.

The Next.js server is more efficient than this, and keeps some memory, so GET requests work similarly in dev as on prod now! (i.e. it fails the first time, but then succeeds on the second)

In this change, we remove the code to skip `createPersistedQueryLink` in development, and instead always call it. We simplify the code accordingly, too.
2021-11-23 12:35:20 -08:00
a67509aaec Merge branch 'main' into ansible 2021-11-16 11:23:01 -08:00
bf8fd81305 Post a message linking to Metaverse revocation 2021-11-15 17:42:02 -08:00
7015dc3635 [WIP] Add lint exceptions for <img> tags
There are some places where we use <img> tags where I think it's actually just the right thing to do.

`next/image` is good for image optimization, but I don't think it's worth the proxying for Neopets art images that don't actually always have a higher-res version to begin with.

Idk, maybe the species faces could be a decent choice, but right now we're solving it with `srcSet`, and that's fine. Doesn't seem worth migrating, let's just move on with our lives! 😅

I'm still leaving the lint rule on though, because I think it's a helpful reminder. (I don't think it catches `<Box as="img" />` though, which is a shame, because that would be our natural default in this app!)
2021-11-02 00:55:21 -07:00
405b3ded77 [WIP] Fix app images in Next.js
Yeah, cool, now we use the `next/image` tag, and our images are showing up again!

There's still lint errors for using bare img tags in some places, but I'm not sure I really care…
2021-11-02 00:50:39 -07:00
7fd85e5e2a [WIP] Fix bug loading movies
This was a fun journey! Turns out Next 12 is using a new faster JS compiler called SWC, which had a compiler bug that triggered here!

The incorrect looping behavior caused `libraryUrl` to sometimes be `null` by the time the movie promise completes, because `layer` was set to whatever the `last` layer in the list had been. https://github.com/swc-project/swc/issues/2624

Anyway, turns out this code has been through a few refactors, and the `async` function wrapper is extraneous now! So I've just deleted it and inlined its code. Ta da! lol
2021-11-02 00:11:23 -07:00
589c48beda [WIP] Fix eslint for Next.js
Tweaked some of the default Next.js rules, fixed lint-staged for `next lint`, made a few small easy lint fixes. Feels good!

Note that using the `dirs` option in `next.config.js` was causing `lint-staged` to lint _everything_. That's why I edited `yarn lint` to specify the dirs instead: that way, that command will lint all those dirs, but they won't get included in invocations with `--file`.

There are still a few lint errors left after this commit, because our <img> tags aren't working (@next/next/no-img-element). I'll fix those when we figure out what's wrong with images!
2021-11-01 22:07:46 -07:00
12d525e3ab Preload next/prev user outfits page
Even in production, scrolling is a bit slow! This will preload the pagination one click ahead.

There is a bit of a perf downside, in that if you click through the pages too fast, you'll trigger _extra_ requests. I think that's a net win though, and I'm not gonna try to get cleverer than this right now.
2021-11-01 19:50:21 -07:00
299561d1e3 Paginate the user outfits page
My main inspiration for doing this is actually our potentially-huge upcoming Vercel bill lol

From inspecting my Honeycomb dashboard, it looks like the main offender for backend CPU time usage is outfit images. And it looks like they come in big spikes, of lots of low usage and then suddenly 1,000 requests in one minute.

My suspicion is that this is from users with many saved outfits loading their outfit page, which previously would show all of them at once.

We do have `loading="lazy"` set, but not all browsers support that yet, and I've had trouble pinning down the exact behavior anyway!

Anyway, paginating makes for a better experience for those huge-list users anyway. We've been meaning to do it, so here we go!

My hope is that this drastically decreases backend CPU hours immediately 🤞 If not, we'll need to investigate in more detail where these outfit image requests are actually coming from!

Note that I added the pagination to the existing `outfits` GraphQL endpoint, rather than creating a new one. I felt comfortable doing this because it requires login anyway, so I'm confident that other clients aren't using it; and because, while this kind of thing often creates a risk of problems with frontend and backend code getting out of sync, I think someone running old frontend code will just see only their first 30 outfits (but no pagination toolbar), and get confused and refresh the page, at which point they'll see all of them. (And I actually _prefer_ that slightly confusing UX, to avoid getting more giant spikes of outfit image requests, lol :p)
2021-11-01 19:33:40 -07:00
33740af5ee Stop passing null value in SpeciesColorPicker
This is a minor change to clear a console warning, and make intended behavior clearer! You're not supposed to pass `null` as a select value, because it's ambiguous about whether you're looking for the first option or to make this an "uncontrolled component".

Here, I now provide a fallback value, which is an explicit string for the placeholder option. I made the string very explicit, to aid in debugging if it somehow leaks out from where it's supposed to be! (But I also added gating in the `onChange` event, just to be extra sure.)
2021-11-01 16:19:17 -07:00
21096ef837 Remove incorrect flexAlign prop
Huh. `flexAlign` isn't a real Chakra style prop, because it's not a real CSS style. I wonder if I meant `alignItems`? Anyway, this was getting passed down to the DOM element and triggering a console warning. Removed!
2021-11-01 16:09:56 -07:00
6ce0f59894 Remove stray onChangeHasAnimations prop
This isn't used, so it was getting passed down to the underlying DOM element and triggering a console warning! Remove it.
2021-11-01 16:09:09 -07:00
e4567d04bf Stop requesting bad outfit thumbnails in wardrobe
Oops, our cutesy feature to show an outfit thumbnail sa a placeholder while the rest of the data is loading was making spurious requests!

I put the `skip` in the wrong place 😅

This caused a request to https://outfits.openneo-assets.net/outfits/null/v/NaN/300.png, which would return a 500.

The user wouldn't see anything, because the image wouldn't show because it failed. But it's a mistake, and it's sending extra requests from the client and to the server, and it's a good one to fix!
2021-11-01 16:05:13 -07:00
086ada40f1 Polyfill Promise.any
Resolves Sentry issue IMPRESS-2020-7T
2021-11-01 16:01:05 -07:00
b5865bf699 Fix email search redirect
Oh oops, I missed this path change when I changed the route to `/user/:id/lists`! This caused searching by email to redirect to the homepage, but with a valid URL in the address bar; and refreshing the page would hit the redirect defined in `vercel.json`, redirect to the new route, and load the correct page.

Fixed!
2021-10-21 11:56:55 -07:00
9b856a40b8 Sort /support/petAppearances from newest to oldest 2021-10-01 04:22:53 -07:00
4d4bc289df Update homepage Sep 30 2021-09-30 20:05:56 -07:00