Replace the mocked services in scripts/mocked_services with Rails-level
mocked services.
The scripts in scripts/mocked_services were a set of stub Sinatra
servers used to mock the Reportbooru, Recommender, and IQDBs services
during development. They return fake data so you can test pages that use
these services.
Implementing these services in Rails makes it easier to run them. It
also lets us drop a dependency on Sinatra and drop a use of HTTParty.
To use these services, set the following configuration in danbooru_local_config.rb
or .env.local:
* reportbooru_server: http://localhost:3000/mock/reportbooru
* recommender_server: http://localhost:3000/mock/recommender
* iqdbs_server: http://localhost:3000/mock/iqdb
where `http://localhost:300` is the url for your local Danbooru server
(may need to be changed depending on your configuration).
* Make IP bans soft deletable.
* Add a hit counter to track how many times an IP ban has blocked someone.
* Add a last hit timestamp to track when the IP ban last blocked someone.
* Add a new type of IP ban, the signup ban. Signup bans restrict new
signups from editing anything until they've verified their email
address.
In related tags, remove the (X) button next to artist urls for marking
them as inactive. This was broken because it didn't record the change
to the is_active flag in the artist history.
- Use the current comparison type for post versions instead
- Also add the note versions as a report
- No other versions are meaningful as reports since it is expected
for them to be modified by other users, or they don't have version
numbers as is the case with artist commentaries
The old password reset flow:
* User requests a password reset.
* Danbooru generates a password reset nonce.
* Danbooru emails user a password reset confirmation link.
* User follows link to password reset confirmation page.
* The link contains a nonce authenticating the user.
* User confirms password reset.
* Danbooru resets user's password to a random string.
* Danbooru emails user their new password in plaintext.
The new password reset flow:
* User requests a password reset.
* Danbooru emails user a password reset link.
* User follows link to password edit page.
* The link contains a signed_user_id param authenticating the user.
* User changes their own password.
* Fix users being redirected back to the change password page after
successfully changing their password.
* Move passwords controller out of /maintenance/ namespace.
* Add tests.
Remove the nag message when an approver hasn't approved anything
recently. Also remove the modqueue random posts page. As of 3d410398a,
inactive approvers are now warned via dmails.
Add a curated posts page at /explore/posts/curated. Curated posts are
the most favorited posts by contributor-level users (users with
unlimited upload permissions).
Also add an order:curated tag using for use in regular searches.
Remove the edit, update, and approve endpoints for tag aliases and
implications. These have been useless since individual alias and
implication requests were removed. Aliases and implications could only
be edited or approved if they were in the pending state, which is no
longer possible.
Also remove unused new alias/implication request forms.
Remove `POST /moderator/post/undelete` endpoint. Replace it with
`POST /post_approvals` instead.
Fixes it so that undeleting a post has the same behavior as approving a
post. Namely, it reloads the page instead of just flashing a "Post was
undeleted" message.
Turn deletions into soft deletions (set the is_deleted flag) instead of
hard deletions (remove from database). The is_deleted flag actually
already existed, but it was never used before.
* Rarely used (only used ~15 times in total, not used at all since 2015-2016).
* Merging topics didn't properly bump the new topic.
* Merging topics didn't log a modaction when the old topic was deleted.
* Merging topics broke the old topic. Moving all the posts from one topic
to another leaves the old topic with zero posts. This normally can't
happen and it causes exceptions when you try to view the empty topic.
* It was technically possible to merge a topic with itself. This would
break the response_count.
* It was technically possible for a mod to merge a topic into an
admin-only topic.
Few people used forum subscriptions (only around 100), and even fewer
people were subscribed to active threads. Most subscriptions were for
old threads that will never be bumped again. The implementation also had
a few problems:
* Unsubscribe links in emails didn't work (they unset the user's
receive_email_notifications flag, but forum subscriptions didn't
respect this flag).
* Some users had invalid email addresses, which caused notifications to
bounce. There was no mechanism for preventing bounces.
* The implementation wasn't scalable. It involved a daily linear scan
over _all_ forum subscriptions looking for any topics that had been updated.
Few people used dmail filters (~900 users in 5 years) and even fewer
used them correctly. Most people used them to try to block dmail spam,
but usually they either blocked too much (by adding common words that
are present in nearly all dmails, causing all mails to them to be
filtered) or too little (blocking specific email addresses or urls,
which usually are never seen again after the spammer is banned).
Nowadays the spam detection system does a better job of filtering spam.
- Limited to Builders+
-- Moderator+ can also use as they may be too busy ATM
- Only on users, comments, and forum posts
- Multiple reports can be generated per instance
- Primarily posts to a moderator-only topic for viewability
- Secondarily has a table for searchability
-- Viewable only by moderators
* Rename 'privacy mode' to 'private favorites'.
* Make the private favorites setting only hide favorites, not favgroups
and not the user's uploads on their profile page.
* Make the favgroup is_public flag default to true instead of false and
fix existing favgroups to be public if the user didn't have privacy mode
enabled before.
* List _all_ public favgroups on the /favorite_groups index, not just
favgroups belonging to the current user.
* Add a /users/<id>/favorite_groups endpoint.
This was an alternate frontpage that contained a list of previews of the
most popular tags. This page was never linked from anywhere and it was
unknown by most users.
Remove the targeted down voting report. This report hasn't been working
for a while. The /post_votes page is a better way to investigate
downvoting activity anyway.
This was a search page that let you search for tags, aliases, and
implications at the same time. It never got much use and it's been
broken for a while now (the search form passed the wrong param to the
controller).
Remove the login reminder page. The meaning of "login reminder" wasn't
clear (it's for recovering a forgotten username) and the functionality
was redundant. The password reset page can already be used to recover
forgotten usernames.
There was also a privacy leak, since the login reminder page could be
used to find out whether a given email is in use on Danbooru.
* Replace /session/new with /login and /session/sign_out with /logout.
* Rename 'sign in' to 'login'.
This changes are to make urls cleaner and terminology more consistent.
Add a new IP address search page at /ip_addresses. Replaces the old
search page at /moderator/ip_addrs.
On user profile pages, show the user's last known IP to mods. Also add
search links for finding other IPs or accounts associated with the user.
IP address search uses a big UNION ALL statement to merge IP addresses
across various tables into a single view. This makes searching easier,
but is known to timeout in certain cases.
Fixes#4207 (the new IP search page supports searching by subnet).
Add these endpoints:
* /note_versions/1234
* /artist_versions/1234
* /artist_commentary_versions/1234
This is so the /ip_addresses listing can link to these endpoints.
Bug: links like these returned 404s:
* https://danbooru.donmai.us/wiki_pages/...
* https://danbooru.donmai.us/wiki_pages/.hack//
* https://danbooru.donmai.us/wiki_pages/ssss.gridman
Cause: by default, Rails uses dots in route segments to separate the id
from the format. For example, in /wiki_pages/ssss.gridman, the id is
parsed as "ssss" and the format is "gridman" (as if "gridman" were a
format like "json" or "xml").
We work around this by specifying the regex for the id param manually.
The trick here is to use a non-greedy match-all combined with a positive
lookahead to detect the extension but not include it in the match.
* Move search form to index page instead of a separate page.
* Merge creator + timestamp into one column.
* Add category column.
* Fix N+1 query issue.
