Files

evazion 1653392361 posts: stop updating fav_string attribute.

Stop updating the fav_string attribute on posts. The column still exists
on the table, but is no longer used or updated.

Like the pool_string in 7d503f08, the fav_string was used in the past to
facilitate `fav:X` searches. Posts had a hidden fav_string column that
contained a list of every user who favorited the post. These were
treated like fake hidden tags on the post so that a search for `fav:X`
was treated like a tag search.

The fav_string attribute has been unused for search purposes for a while
now. It was only kept because of technicalities that required
departitioning the favorites table first (340e1008e) before it could be
removed. Basically, removing favorites with `@favorite.destroy` was
slow because Rails always deletes object by ID, but we didn't have an
index on favorites.id, and we couldn't easily add one until the
favorites table was departitioned.

Fixes #4652. See https://github.com/danbooru/danbooru/issues/4652#issuecomment-754993802
for more discussion of issues caused by the fav_string (in short: write
amplification, post table bloat, and favorite inconsistency problems).

2021-10-09 22:36:26 -05:00

admin

Remove /admin/dashboard page.

2021-01-16 03:32:11 -06:00

explore

api: add /explore/posts/searches.json, /explore/posts/missed_searches.json.

2020-06-27 02:09:51 -05:00

maintenance/user

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

moderator

rate limits: adjust limits for various actions.

2021-03-05 16:02:57 -06:00

api_keys_controller.rb

api keys: require reauthentication when working with API keys.

2021-02-15 00:17:31 -06:00

application_controller.rb

puma: add rack-timeout gem.

2021-09-12 09:32:12 -05:00

artist_commentaries_controller.rb

pundit: convert artist commentaries to pundit.

2020-03-20 18:03:01 -05:00

artist_commentary_versions_controller.rb

Add alternate comparison types to versions

2020-03-17 18:31:20 +00:00

artist_urls_controller.rb

reltags: remove mark inactive button from artist urls.

2020-03-20 17:55:08 -05:00

artist_versions_controller.rb

artists: redact version histories of banned artists.

2021-02-07 23:28:50 -06:00

artists_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

autocomplete_controller.rb

autocomplete: rework cache policy.

2020-12-13 00:45:22 -06:00

bans_controller.rb

bans: change expires_at field to duration.

2021-03-11 02:59:58 -06:00

bulk_update_requests_controller.rb

pundit: convert bulk update requests to pundit.

2020-03-20 18:03:00 -05:00

comment_votes_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

comments_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

counts_controller.rb

discord: fix tag search commands being limited to 2 tags.

2021-03-14 16:42:07 -05:00

delayed_jobs_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

dmails_controller.rb

dmails, emails: refactor to use Rails signed_id.

2021-01-17 00:24:02 -06:00

dtext_links_controller.rb

views: replace .category-N css classes with .tag-type-N

2020-02-16 04:35:37 -06:00

dtext_previews_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

emails_controller.rb

users: use sudo mode when changing email addresses.

2021-05-19 01:10:03 -05:00

favorite_group_orders_controller.rb

pundit: convert favorite groups to pundit.

2020-03-20 18:03:01 -05:00

favorite_groups_controller.rb

Fix #4670 : Replace RequestStore with AS::CurrentAttributes.

2021-01-16 12:43:20 -06:00

favorites_controller.rb

posts: stop updating fav_string attribute.

2021-10-09 22:36:26 -05:00

forum_post_votes_controller.rb

pundit: convert forum post votes to pundit.

2020-03-20 18:03:01 -05:00

forum_posts_controller.rb

rate limits: adjust limits for various actions.

2021-03-05 16:02:57 -06:00

forum_topic_visits_controller.rb

Fix saved searces, news updates, ip bans being dumped to BigQuery.

2021-03-10 03:08:49 -06:00

forum_topics_controller.rb

Fix #4895 : Deleted forum topics visible by default in index.

2021-10-01 17:14:48 -05:00

ip_addresses_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

ip_bans_controller.rb

ip bans: add hit counter, deleted flag, new ban type.

2020-04-06 14:13:22 -05:00

ip_geolocations_controller.rb

users: track logins, signups, and other user events.

2021-01-08 22:34:37 -06:00

iqdb_queries_controller.rb

iqdb: allow searching images by iqdb hash.

2021-09-02 03:37:36 -05:00

legacy_controller.rb

routes: remove legacy /user/index and /artist/index API endpoints.

2020-12-24 00:17:26 -06:00

media_assets_controller.rb

/media_assets: add basic index and show pages.

2021-09-29 07:46:11 -05:00

media_metadata_controller.rb

Add MediaMetadata model.

2021-09-08 05:00:54 -05:00

mock_services_controller.rb

iqdb: update API client to use new version of IQDB.

2021-06-16 05:36:24 -05:00

mod_actions_controller.rb

models: refactor search visibility methods.

2020-02-19 17:08:59 -06:00

moderation_reports_controller.rb

pundit: convert moderation reports to pundit.

2020-03-20 18:03:01 -05:00

modqueue_controller.rb

Fixup regression in 2eb89a835.

2021-09-29 06:28:53 -05:00

news_updates_controller.rb

Fix saved searces, news updates, ip bans being dumped to BigQuery.

2021-03-10 03:08:49 -06:00

note_previews_controller.rb

notes: move sanitization from d_text.rb to note_sanitizer.rb.

2017-06-15 22:58:13 -05:00

note_versions_controller.rb

Add alternate comparison types to versions

2020-03-17 18:31:20 +00:00

notes_controller.rb

notes: include search form on search results page.

2020-12-18 01:59:39 -06:00

password_resets_controller.rb

users: track logins, signups, and other user events.

2021-01-08 22:34:37 -06:00

passwords_controller.rb

users: track logins, signups, and other user events.

2021-01-08 22:34:37 -06:00

pixiv_ugoira_frame_data_controller.rb

Add /pixiv_ugoira_frame_data.json endpoint.

2020-02-24 22:43:03 -06:00

pool_elements_controller.rb

pundit: convert pools to pundit.

2020-03-20 18:03:01 -05:00

pool_orders_controller.rb

pundit: convert pools to pundit.

2020-03-20 18:03:01 -05:00

pool_versions_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

pools_controller.rb

posts: stop using pool_string attribute.

2021-10-07 05:55:43 -05:00

post_appeals_controller.rb

make appeals editable

2021-06-29 14:43:27 -03:00

post_approvals_controller.rb

pundit: convert post approvals to pundit.

2020-03-20 18:03:01 -05:00

post_disapprovals_controller.rb

rate limits: adjust limits for various actions.

2021-03-05 16:02:57 -06:00

post_events_controller.rb

Make more pages publicly accessible to logged out users.

2016-10-17 05:57:05 -05:00

post_flags_controller.rb

Fix #4770 : Allow flaggers to update flag reason.

2021-03-23 01:27:16 -05:00

post_regenerations_controller.rb

post regenerations: regenerate posts asynchronously.

2021-01-04 21:43:27 -06:00

post_replacements_controller.rb

pundit: convert post replacements to pundit.

2020-03-20 18:03:01 -05:00

post_versions_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

post_votes_controller.rb

rate limits: adjust limits for various actions.

2021-03-05 16:02:57 -06:00

posts_controller.rb

Fix various rubocop warnings.

2021-09-27 00:46:13 -05:00

rate_limits_controller.rb

rate limits: add /rate_limits endpoint.

2021-03-05 16:47:20 -06:00

README.md

docs add more docs to app/{jobs,logical}.

2021-06-28 05:09:19 -05:00

recommended_posts_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

related_tags_controller.rb

Add support for using any of the current related tag types

2020-03-06 08:10:26 +00:00

robots_controller.rb

/robots.txt: enable HTTP caching.

2021-03-07 18:35:37 -06:00

saved_searches_controller.rb

Fix saved searces, news updates, ip bans being dumped to BigQuery.

2021-03-10 03:08:49 -06:00

sessions_controller.rb

logins: don't return api_token field in API.

2021-02-15 14:28:31 -06:00

sources_controller.rb

Render "Fetch source data" box html server-side.

2018-09-08 15:42:16 -05:00

static_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

status_controller.rb

/status: show HTTP request headers and client IP.

2021-05-06 00:32:24 -05:00

tag_aliases_controller.rb

aliases/implications: log manual deletions by admins.

2021-09-06 03:25:02 -05:00

tag_implications_controller.rb

aliases/implications: log manual deletions by admins.

2021-09-06 03:25:02 -05:00

tags_controller.rb

Fix #4601 : Hide deleted pools by default in pool search.

2021-09-29 05:44:59 -05:00

uploads_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

user_events_controller.rb

users: track logins, signups, and other user events.

2021-01-08 22:34:37 -06:00

user_feedbacks_controller.rb

pundit: convert user feedbacks to pundit.

2020-03-20 18:03:00 -05:00

user_name_change_requests_controller.rb

Fix #4670 : Replace RequestStore with AS::CurrentAttributes.

2021-01-16 12:43:20 -06:00

user_sessions_controller.rb

users: track logins, signups, and other user events.

2021-01-08 22:34:37 -06:00

user_upgrades_controller.rb

user upgrades: allow using promo codes during checkout.

2021-01-01 04:24:24 -06:00

users_controller.rb

custom css: don't add !important to every line.

2021-03-16 20:04:09 -05:00

webhooks_controller.rb

discord: add initial slash command integration.

2021-03-11 03:04:10 -06:00

wiki_page_versions_controller.rb

Add alternate comparison types to versions

2020-03-17 18:31:20 +00:00

wiki_pages_controller.rb

wikis: redirect legacy title param to show page.

2020-03-31 18:13:41 -05:00

README.md

Controllers

Controllers are the entry points to Danbooru. Every URL on the site corresponds to a controller action. When a request for an URL is made, the corresponding controller action is called to handle the request.

Controllers follow a convention where, for example, the URL https://danbooru.donmai.us/posts/1234 is handled by the #show method inside the PostsController living at app/controllers/posts_controller.rb. https://danbooru.donmai.us/posts?tags=touhou is handled by the #index method in the PostsController. The HTML template for the response lives at app/views/posts/index.html.erb. See below for more examples.

Controllers are responsible for taking the URL parameters, checking whether the user is authorized to perform the action, actually performing the action, then returning the response. Most controllers simply fetch or update a model, then render an HTML template from app/views in response.

Example

A standard controller looks something like this:

class BansController < ApplicationController
  def new
    @ban = authorize Ban.new(permitted_attributes(Ban))
    respond_with(@ban)
  end

  def edit
    @ban = authorize Ban.find(params[:id])
    respond_with(@ban)
  end

  def index
    @bans = authorize Ban.paginated_search(params, count_pages: true)
    respond_with(@bans)
  end

  def show
    @ban = authorize Ban.find(params[:id])
    respond_with(@ban)
  end

  def create
    @ban = authorize Ban.new(banner: CurrentUser.user, **permitted_attributes(Ban))
    @ban.save
    respond_with(@ban, location: bans_path)
  end

  def update
    @ban = authorize Ban.find(params[:id])
    @ban.update(permitted_attributes(@ban))
    respond_with(@ban)
  end

  def destroy
    @ban = authorize Ban.find(params[:id])
    @ban.destroy
    respond_with(@ban)
  end
end

Routes

Each controller action above corresponds to an URL:

Controller Action	URL	Route	Route Helper	View
BansController#new	https://danbooru.donmai.us/bans/new	GET /bans/new	new_ban_path	app/views/bans/new.html.erb
BansController#edit	https://danbooru.donmai.us/bans/1234/edit	GET /bans/:id/edit	edit_ban_path(@ban)	app/views/bans/edit.html.erb
BansController#index	https://danbooru.donmai.us/bans	GET /bans	bans_path	app/views/bans/index.html.erb
BansController#show	https://danbooru.donmai.us/bans/1234	GET /bans/:id	ban_path(@ban)	app/views/bans/show.html.erb
BansController#create	POST https://danbooru.donmai.us/bans	POST /bans
BansController#update	PUT https://danbooru.donmai.us/bans/1234	PUT /bans/:id
BansController#destroy	DELETE https://danbooru.donmai.us/bans/1234	DELETE /bans/:id

These routes are defined in config/routes.rb.

Authorization

Most permission checks for whether a user has permission to do something happen inside controllers, using authorize calls.

The authorize method comes from the Pundit framework. This method checks whether the current user is authorized to perform the current action. If not, it raises a Pundit::NotAuthorizedError, which is caught in the ApplicationController.

The actual authorization logic for these calls lives in app/policies. They follow a convention where the authorization logic for the BansController#create action lives in BanPolicy#create?, which lives in app/policies/ban_policy.rb. The call to authorize in the controller simply finds and calls the ban policy.

The #create, #new, and #update actions also use permitted_attributes to check that the user is allowed to update the model attributes they're trying to update. This also comes from the Pundit framework. See the permitted_attributes_for_create and permitted_attributes_for_update methods in app/policies.

Responses

Controllers use respond_with(@post) to generate a response. This comes from the Responders gem. respond_with does the following:

Detects whether the user wants an HTML, JSON, or XML response.
Renders an HTML template from app/views for HTML requests.
Renders JSON or XML for API requests.
Handles universal URL parameters, like only or includes.
Handles universal behavior, like returning 200 OK for successful responses, or returning an error if trying to save a model with validation errors.

HTML Responses

The HTML templates for controller actions live in app/views. For example, the template for PostsController#show, which corresponds to https://danbooru.donmai.us/posts/1234, lives in app/views/posts/show.html.erb.

Instance variables set by controllers are automatically inherited by views. For example, if a controller sets @post, then the @post variable will be available in the view.

API Responses

All URLs support JSON or XML responses. This is handled by respond_with.

The response format can be chosen in several ways. First, by adding a .json or .xml file extension:

Second, by setting the format URL parameter:

Third, by setting the Accept HTTP header:

curl -H "Accept: application/json" https://danbooru.donmai.us/posts
curl -H "Accept: application/xml" https://danbooru.donmai.us/posts

When generating API responses, respond_with uses the api_attributes method inside app/policies to determine which attributes are visible to the current user.

Application Controller

Global behavior that runs on every request lives inside the ApplicationController. This includes the following:

Setting the current user based on their session cookies or API keys.
Checking rate limits.
Checking for IP bans.
Adding certain HTTP headers.
Handling exceptions.

README.md

Controllers

Example

Routes

Authorization

Responses

HTML Responses

API Responses

Application Controller

See also

External links