Foreman is unmaintained and locked to a really old version of thor,
which prevents upgrading to Rails 6.
The Procfile can still be used by manually installing Foreman with
`gem install foreman`. This is what Foreman's README recommends anyway.
Refactor to use `render_error_page` to handle User::PrivilegeError
exceptions. This way these exceptions are logged to New Relic.
Changes:
* Anonymous users aren't automatically redirected to the login page.
Instead they're taken to the access denied page, which links to the
login/signup pages.
* JSON/XML error responses return `message` instead of `reason`.
* Refactor api_check to use render_error_page so that api limit errors
get logged to New Relic for analysis.
* Also standardize json error responses to return the error message in
`message` instead of `reason`.
Fixes POST/PUT API requests failing with InvalidAuthenticityToken errors
due to missing CSRF tokens.
CSRF protection is only necessary for cookie-based authentication. For
non-cookie-based authentication we can safely disable it. That is, if
the user is already passing their login + api_key, then we don't need
to additionally verify the request with a CSRF token.
ref: 2e407fa476 (comments)
Fixes a conflict with `Enumerable#excluding` in Rails 6.
Rename Array#without and Enumerable#without to Array#excluding and
Enumerable#excluding. Old method names are retained as aliases.
Setting the statement timeout at the beginning didn't work because
`PostPruner.new.prune!` clobbers the timeout (it calls `without_timeout`,
which doesn't restore the timeout properly if the timeout was zero).
Bug: sending dmails failed for members.
Cause: using lambdas with `rakismet_attrs` failed because unexpected
arguments are passed to the lambdas. Using procs works because the
arguments are ignored.
Also fix the tests to actually test akismet. We didn't catch this
because the tests mocked out the `spam?` call.
Bug: capistrano didn't update the crontab during deployment. As a result
the crontab still referenced an old deployment. Eventually that
deployment was deleted and cronjobs started silently failing.
Broken in 223e5f1e8. Turns out that `whenever` defaults to running on
servers with the `db` role. Removing kagamihara from the db role meant
that whenever was no longer configured to run anywhere.
Certain parts of comment rendering triggered sql queries that we didn't
really need to do. Rework things to avoid this.
* Preload comment creators in order to display commenter names with link_to_user.
* Preload comment votes in order to display "undo vote" links. Only preload
votes for members since anonymous users can't vote and don't have "undo
vote" links.
* Rework various conditionals to do the filtering in Ruby so that we
avoid issuing any extra queries in sql.
* Avoid issuing any queries at all when the post doesn't have any
comments (when last_commented_at is blank).
In production the name input is really big because the artist name
column in the production db is `text` rather than `character varying`,
and simpleform treats text columns as textbox inputs.
