Refactor models so that we define attribute API permissions in policy
files instead of directly in models.
This is cleaner because a) permissions are better handled by policies
and b) which attributes are visible to the API is an API-level concern
that models shouldn't have to care about.
This fixes an issue with not being able to precompile CSS/JS assets
unless the database was up and running. This was a problem when building
Docker images because we don't have a database at build time. We needed
the database because `api_attributes` was a class-level macro in some
places, which meant it ran at boot time, but this triggered a database
call because api_attributes used database introspection to get the list
of allowed API attributes.
Notes are not given percent coordinates when created, however moving
or resizing would update the coordinates to percentage. This is why
it was appearing as if the type of coordinates given were random.
* Inline Javascript in the <head> is a minor bottleneck because it
blocks page rendering.
* Fix antiproxying protection (proxy sites like to strip <script> tags
from the header).
Don't embed config options directly in Javascript. Including them in the
Javascript forces us to recompile the Javascript whenever these options
change, which requires us to redeploy the entire site instead of just
restarting the app server.
* Remove `banned_ip_for_download?` config option. This isn't something that usually needs
to be configured.
* Replace the `ipaddress` gem with `ipaddress_2`. The `ipaddress` gem has several methods
we need (`link_local?`, etc) that are only available in master because the gem hasn't had
an official release in several years. `ipaddress_2` is a fork that is more actively
maintained.
Try to prevent malicious sites like danbooru.me or idanbooru.com from
proxying our site and inserting ads. If we detect that we're not running
on the real site, then we redirect to the real site.
Fix regression in #4475. Fetch the commentary as html instead of
plaintext so that we don't lose links or other formatting.
Also fix it so that /jump.php redirect links are replaced with the
actual url.
Get rid of `normalized_for_artist_finder?` and `normalizable_for_artist_finder?`.
This was legacy bullshit that was originally designed to avoid API calls
when saving artist entries containing old Pixiv direct image urls that
had already been normalized, or that couldn't be normalized because they
were bad id.
Nowadays we store profile urls in artist entries instead of direct image
urls, so we don't normally need to do any API calls to normalize the
profile url. Strategies should take care to avoid triggering API calls
inside `profile_url` when possible.
Hide banned artist pages from anonymous (logged out) users. Partial
revert of 6b066f2ca. Artists sometimes ask us to remove all their
information from the site, including their artist profile. It's easier
to hide their profile than to explain to Japanese artists that a) we're
under no obligation to remove their profile and b) we need to keep it to
maintain the ban on their content that they asked for.
The issue is that the body of the embedded notes were being set to
the value which tells the script not to read the original body after
saving a note. This was a poor system prone to issues, so instead a
DOM class is now explicitly added to the notes on note creation and
cleared whenever a note gets saved.
Additionally, the embedded note bodies were standardized to use the
same initial value as non-embedded notes as well.
flash files can be quite big (the biggest on danbooru.donmai.us being
68.6MB atm). Reading it and applying complex transformations twice seems
unnecessary.
MediaFile#dimensions is called twice - in #width and in #height but
it only works on the first call because the file is read to the end and
consumed the first time so when #read is called the second time it only
returns the empty string
ref: https://danbooru.donmai.us/forum_topics/16935.
Bug: sample images were being generated to be at most 850px width *and*
850px tall. They're supposed to be at most 850px wide with unlimited height.
Rename the `error` url param to `cause_error`. Using this param causes
Danbooru to return an error response for testing purposes. Calling this
param `error` caused problems when OAuth2 authorization failed and the
user was redirected back to Danbooru with the `error` param set.
This was only halfways supported, as the download module does not
have an image_url function. So for this, it just uses the url function,
which is just the original URL passed into the download function.
Additionally, it adds support to grab the largest available image,
which it does by using the file_url function of the downloads module.
- Fixes image_url parameter
- Adds file_url parameter
The reason that the download was failing was not because the 4k size
didn't exist, but because the Artstation had no way to handle image
cover URLs. This caused it to pass nil to the download function.
Additionally, there was no way to get the preview URL size, i.e. the
smallest available image for an Arstation image URL.
- Adds support for cover URLs
- Adds support for preview URL size
