Commit graph

75 commits

Author SHA1 Message Date
9384fd2aa7 Add additional cookie method to view hidden NeoPass features
This is gonna help me in development, to stop having to add stuff to
the URL all the time!! I also considered just always making it
available in development, but I wanted to match production behavior to
help us ensure the hiding behavior is working, to avoid leaking NeoPass
without realizing.
2024-04-09 06:36:44 -07:00
0a046ed9c1 Oh right, hide NeoPass on settings page unless you set the magic param!
Simplified this a bit into a helper. It's kinda odd to me, but
convenient for this moment, that Rails allows views to read `params`! I
guess it's for escape hatches exactly like this! lol
2024-04-08 05:34:47 -07:00
c3eab22b4e Downgrade jQuery on homepage to be the same version as everywhere else
I noticed an issue where Turbo-loading between the Your Items page and
the homepage would clobber each other's copy of jQuery, breaking things
sometimes. e.g. go to Your Items, then go to home, then go to Your
Items, and the page's JS fails because `$.fn.live` isn't defined.

I briefly tested the homepage and it didn't seem to actually depend on
any features from the later version of jQuery? At least not that I
noticed! So I'll just downgrade for consistency. (I also tried
upgrading the Your Items page, but there's too much usage of
`$.fn.live`, which is replaced with a notably different syntax in
jQuery 2.0+.)
2024-03-13 21:38:45 -07:00
c011e99819 Fix various JS Turbo issues
First one, Turbo reasonably yelled at us in the JS console that we
should put its script tag in the `head` rather than the `body`, because
it re-executes scripts in the `body` and we don't want to spin up Turbo
multiple times!

I also removed some scripts that aren't relevant anymore, fixed a bug
in `outfits/new.js` where failing to load a donation pet would cause
the preview thing to not work when you type (I think this might've
already been an issue?), reworked `item_header.js` to just run once in
the `head`, and split scripts into `:javascripts` (run once in `head`)
vs `:javascripts_body` (run every page load in `body`).
2024-03-13 21:26:22 -07:00
9156fa7162 Bold the Terms of Use link when it's been changed recently 2024-02-29 11:22:12 -08:00
666394de25 Refactor Impress 2020 config
I've moved the support secret into the encrypted credentials file, and
moved the origin into a top-level custom config value in the
environment files, with different defaults per environment but still
the ability to override it. (I don't use this, but it feels polite to
not actually *demand* that people use port 4000, y'know?)
2024-02-22 13:07:43 -08:00
82be7fe301 Move most fundraising files into a Fundraising module
Mostly this is just me testing out what it would look like to
modularize the app more… I've noticed that some concerns, like
fundraising, are just not relevant to most of the app, and being able
to lock them away inside subfolders feels like it'll help tidy up
long folder lists.

Notably, I haven't touched the models case yet, because I worry that
might be a bit more complex, whereas everything else seems pretty
well-isolated? We'll try it out!
2024-02-18 20:12:14 -08:00
4fff8d88f2 Add support_staff flag to user record; they can use Support tools
A little architecture trick here! DTI 2020 authorizes support staff
requests by means of a secret token, instead of user account stuff. And
our support tools still all call DTI 2020 APIs.

So here, we bridge the gap: we copy DTI 2020's support secret to this
app's environment variables (I needed to update
`deploy/files/production.env` and run `bin/deploy:setup` for this!),
then users with the new `support_secret` flag have it added to their
HTML documents in the meta tags. Then, the JS reads the meta tag.

I also fixed an issue in the `deploy/setup.yml` playbook, where I had
temporarily commented some stuff out to skip steps one time, and forgot
to uncomment them after oops lol!
2024-01-29 04:21:19 -08:00
6763e9454e Optionally use local instance of impress-2020 during development
To activate this, I created a `.env.development` file in my project
root, with the following content:

```env
IMPRESS_2020_ORIGIN=http://localhost:4000
```

Then, I started impress-2020 with `yarn dev --port=4000`.

Now, the app loads from there, hooray!! It even fixes that obnoxious
pet state ID bug that happens when you run against the production db lol
2024-01-28 07:00:29 -08:00
fb4e967ea1 Delete unused helper 2023-11-11 15:50:07 -08:00
f9669195ea Remove old feedback UserVoice link 2023-11-11 15:48:05 -08:00
3243a0fdd9 Remove unused Javascript utility libraries
Some of these just didn't have call sites anymore; the HTML5 shim still
did, but that URL is literally broken now lmao. Goodbye!
2023-10-25 16:24:50 -07:00
22e3f4240a Update most URLs to use HTTPS
I noticed we didn't have the little lock icon in the browser, and yeah
huh there's a lot of `http://` still floating around! Let's fix that!
2023-10-25 15:22:57 -07:00
c85c3f5b8f Add the Pardon Our Dust page 2023-10-23 19:05:09 -07:00
45090b8d1c Login/logout returns you to the same page
In the login case, we save the `return_to` parameter in the session, because login can be a multi-step process.

In the logout case, we just read it directly from the form params.

Note that you *could* end up in a weird scenario where an old return_to value sticks around for a bit? But we have the sense to delete it when we use it on a successful sign-in, and most links to the login page come with a `return_to` param which should reset it. So, you'd have to 1) have started but not finished a sign-in, 2) during the same session, and 3) get to the login page by an unusual means.

Probably fine!
2023-10-23 19:05:08 -07:00
83f80facda Can log into OpenNeo ID accounts directly!
A lot of rough edges here (e.g. no styles on the flash messages), but it's working and that's good!!

I tested this by temporarily switching to the production database and logging in as matchu!

Still missing a lot of big features too, like registration, password resets, settings page, etc.
2023-10-23 19:05:07 -07:00
7e922503b5 Upgrade to Rails 7.0.6
Whew! Seems like a pretty clean one? Ran `rails app:upgrade` and stuff, and made some corrections to keyword arguments for `translate` calls. There might be more such problems elsewhere? But that's hard to search for, and we'll have to see.
2023-10-23 19:05:07 -07:00
Matchu
d0616b6dfd Delete Camo references & Addressable gem
At one point we piloted a "Camo" service to proxy HTTPS image urls for us, but it doesn't exist anymore.

We already have proxies and stuff for this, so I left `Image` as a placeholder for this, but it's not working yet!

This also deletes our final reference to the Addressable gem, so we can remove it!
2023-10-23 19:05:05 -07:00
Matchu
14f66b1e9e Fix caching crashes in localized_cache
The controller was like "oh yeah we have that cached" (from previous renders of the app on Rails 3 I think?), but the view disagreed, bc it was appending a template digest to the cache key. That's a smart feature, but not compatible with how we skip queries in the controller, so disable it for now!
2023-10-23 19:05:02 -07:00
Matt Dunn-Rankin
512b64a104 update campaign final stretch copy 2017-01-09 11:35:55 -08:00
Matchu
973bbbcb0a even better campaign copy: complete text + ceil to $5 for the finish-up pitch 2015-09-24 19:39:49 -07:00
Matchu
5466cc9301 when remaining costs < $200, pitch harder 2015-09-22 22:19:43 -07:00
Matchu
b11d7a8c9c oh dang, did we just fix most of the mixed content? 2015-08-05 20:11:08 -04:00
Matchu
4a18f22571 camo the emotes on the campaign show page 2015-08-05 19:41:42 -04:00
Matchu
0d88a6dd6f use same-protocol URLs for javascript libraries, so HTTPS is happy 2015-08-05 18:36:28 -04:00
0e6f823154 toggle whether a donation campaign is advertised 2015-02-25 13:49:18 -06:00
d588253c4c campaign banner on homepage is pretty 2014-09-11 18:09:00 -05:00
8e22c271a4 track campaign progress 2014-09-11 17:40:37 -05:00
8fc156833f basic tip functionality 2014-04-02 23:00:50 -05:00
72b174c9b3 store all neopets usernames for logged-in users, but breaks closet_hangers#index 2014-01-18 21:55:01 -06:00
fd106d7dba basic modeling buttons
no behavior yet, nor are they filtered
2014-01-10 16:25:03 -05:00
5f95ef7e56 make userbar area more compact, including removing favicon 2013-12-26 13:08:51 -05:00
923335b8da localize blog posts 2013-02-06 10:59:25 -06:00
573e8a6459 use I18n.with_locale wherever possible, since it catches errors properly
In particular, pet#load was handling locale-switching itself, but wasn't
switching back to original locale on error. We could've used a rescue
block, but, when I18n.with_locale is so cool, may as well use it fully.
2013-01-25 15:09:56 -06:00
c9ae7155b1 locale metadata, including hidden locales for item loading and selection 2013-01-24 18:24:34 -06:00
1439e4a74c canonical paths are always in english 2013-01-24 18:24:34 -06:00
0f49d3ed02 simple locale dropdown in layouts#application 2013-01-24 18:24:33 -06:00
5935ed055d refactor tmd helper, move closet_hangers#index autocomplete to markdown 2013-01-24 18:23:20 -06:00
7f2070e78e refactor userbar contributions to use twl 2013-01-24 18:23:20 -06:00
2b1cb2fe7f i18n for outfits#edit base template - dynamic content in outfits/edit.js still needs examined 2013-01-24 18:23:20 -06:00
b346bcc6d9 i18n for outfits#index - plus the translate_with_links helper, which can be used for refactoring other stuff 2013-01-24 18:23:20 -06:00
34d919179a i18n for broken_image_reports#new 2013-01-24 18:23:18 -06:00
132a49d30b i18n for outfits#new (and layouts#application), including caching 2013-01-24 18:23:18 -06:00
5601511ad5 xss vulnerability in outfits#show
This one was actually pretty darn clever - nobody's abused it, but
I was reading a blog post where someone described this type of
issue, I realized it was a brilliant attack, and then realized
DTI was vulnerable. Oops. Thanks for the solution, Jamie!

http://jamie-wong.com/2012/08/22/what-i-did-at-khan-academy/#XSS+Fix
2012-10-20 17:56:38 -05:00
54ca5881fe add thumbnails to outfits#show via open graph 2012-07-29 16:45:12 -04:00
70cf262387 remove campaign banner from most pages 2011-10-10 22:06:46 -05:00
c930397123 edit campaign copy now that image mode is public 2011-08-07 19:52:35 -04:00
f9de777c79 update campaign: upgrade complete 2011-08-05 00:12:17 -04:00
163d74fe07 donate update, campaign complete 2011-08-04 10:25:57 -04:00
4f0e7899b7 Your Items intro text polishing 2011-07-31 00:59:29 -04:00