* Updates to API generation and tooling
- Added build script and build instructions for API files
- Updated `.gitignore` to keep node_module folders out, wherever they occur
- Rewrite existing YAML files to use new component system
- Compile rewritten YAML files
- Add more validation checks to the route builders and dispatchers
- Add a user-facing documentation page with interactive view using RapiDoc
- Add a generic 404 handler for missing routes under `/api`, which returns JSON instead of HTML
- Clean up spec output route slightly to make it valid OpenAPI 3.0.0
* Auto-fill API Key in docs
Co-authored-by: Cocoa <momijizukamori@gmail.com>
Years ago, we changed our source of country code data to use a
standard CPAN module. This has largely worked well except for a
couple of odd corner cases where the previous country code stored in
user data didn't match up with the new source. The obvious one was
the change from UK to GB, so we kludged in recognition for both codes,
and then deleted the older one anywhere it showed up as a duplicate in
a drop down menu.
Subsequently it was noted that there was a legacy code for Scotland
(LJSC) which needed the same treatment. Instead of continuing to
expand the kludge, this adds a second class method, load_legacy, to
use when requesting the version of the data that includes the older
codes. That way we can go back to calling the basic load method
without having to then delete the extra codes in the caller. And if we
stumble across any other missing codes, they'll be maintained in one
place.
Fixes#2197.
* Fix loginlog with long ua's
This trims useragents so they fit into the VARCHAR(100) that is the db
column. This also fixes so that we will log errors when we fail to
record logins, so this won't show up silently in production.
* Add multi-select and logout all
This adds the ability to log out multiple sessions at the same time as
well as to log out all sessions in one click, including the one you're
actively using.
Although the license stated in the text is CC-by-SA-2.5, the comments in the header stated inconsistent information apparently left over from use of that header in a code file. This pull request updates the comments to be consistent with the license stated, and adds a link to the license as required by the license terms for its use. I would like to fix these issues before making a copy to use on our own site with appropriate alterations and credit as per the license.
CODE TOUR: no-impact
Although the license stated in the text is CC-by-SA-2.5, the comments in the header incorrectly stated contradictory information apparently left over from use of that header in a code file. This pull request updaes the comments to be consistent with the license stated, and adds a link to the license as required for its use. I would like to fix these issues before making a copy to use on our own site with appropriate alterations and credit as per the license.
I took my cue from ContactInfo.pm, which mentions a desire
to avoid using load_userids on a large data set for filtering
purposes. Instead this expresses the visibility requirement as
an additional WHERE clause in the SELECT statement, acting only
on users that have rows in both the user and userprop tables.
Obviously my ability to test this locally is extremely limited,
but this should fix the problem with location results being
sparsely populated due to a large number of suspended SEO accounts.
Static content sometimes fails to compile, such as fckeditor, so this allows
us to fall back to the max/ directory (which contains the source files) if
we can't find the minified version.
* [#1184] don't enforce black text for console output
This changes the color value to "inherit" which should
use whatever the CSS has specified for body text.
* [#2921] tweaks to console command table styling
* [#2945] new 'finduser delve' command per request
Uses the finduser:infohistory priv, since it includes
data from the infohistory table.
Fixes#2945.
* not all CAP entries are created equal
This was generating "Use of uninitialized value in string eq at cgi-bin/DW/Shop/Item/Account.pm line 480."
* don't include staff accounts in "gift paid time" suggestion list
It just looks wrong, especially if you follow a LOT of official comms.
* add backlinks to shop pages for icons and points
The pages for accounts and rename tokens had these, but the others
did not.
* allow for=self paid time buyers to future date purchases
We were hiding all of the "gift" options on this version of
the form, but there are legit reasons for someone to want to
future-date a purchase for themselves. You could work around
it by visiting the for=gift version of the page and entering
your own username, but that's pointlessly annoying.
* [#1339] warn when purchasing regular paid time for premium account
You can override the warning by resubmitting the form with the
new checkbox checked, if you don't want to adjust the delivery date
or the type of account time.
Fixes#1339.
* warning should only include date if the logged-in user owns the account
* [#2917] include expiration date in paid time notification email
* hush uninitialized value warnings related to empty message body
* send from dw_null, reply-to user's own email
Currently, the header of the generated email looks like:
> From: "[[username]] via [[sitename]]" <[[user's email]]>
This updates it to come from $LJ::BOGUS_EMAIL,
with the user's email as a reply-to:
> From: "[[username]] via [[sitename]]" <[[dw_null@site]]>
> Reply-To: "[[username]]" <[[user's email]]>
This change also makes it more likely that the message will
actually be delivered by SES.
Fixes#1866.
* fix problem with $default_formdata being ignored
Since $r->post_args is never empty (it's a Hash::MultiValue object),
let's use the value of $r->did_post instead.
* update the form display to better reflect the actual email header
also displays the message subject, which was hidden before
* site configuration misbehavior: turning off shop components
It is easily possible to disable the individual sections of the shop
that sell icons, points, and rename tokens, but the storefront was
not designed to gracefully handle that configuration.
In the case of points or icons, the cart would throw a generic error
when submitting the form. In the case of rename tokens, the "Add To
Order" button would just silently fail.
Although it is unlikely DW will ever disable these shop items, let's
update the code to be better behaved on general principle.
(Unavailable account levels are already handled in a reasonable manner.)
This also adds the missing 'icons' key to the example %LJ::SHOP hash.
* site configuration misbehavior: turning off the shop entirely
Visiting any shop page with the 'payments' config option turned off
results in a completely blank page and an error in the logs that says:
Argument "The shop is currently disabled." isn't numeric.
Looks like this happened because of a misunderstanding about the intended
return value of DW::Controller::controller. The relevant code comment says
to return "error text" if there was an error, but the error message can't be
just a string, it has to be a server response. Perhaps the behavior was later
updated in order to allow other possible responses such as redirects.
At any rate, the fix is to use error_ml here. The subsequent sysban check
obviously has the same problem, so this fixes that as well.
* [#2974] enforce minimum amount for check/money order payments
Defines a new config parameter $LJ::SHOP_CMO_MINIMUM. If set
to a value greater than zero, that value will be the minimum
"cash" value required to accept check/money order payments.
Fixes#2974.
* [#2328] print the currency to 2 decimal places in receipt email
As reported some time ago, the "Amount Due" was being shown as e.g.
$20.2 instead of $20.20. Future emails will print the amount with
the standard number of decimal places.
Fixes#2328.
* new 'payments_cmo' option for LJ::is_enabled
As mentioned in #2974, it's possible that we may need to
entirely disable paying by check or money order in the
future due to increasing costs. This adds a 'payments_cmo'
test to LJ::is_enabled that will make the switch easy to
flip if that day comes.
* tellafriend fixup pt 1
* The "forbiddenimages" string in the regex looked like a
copy-paste error. This is the regex in the original BML.
* Assign an empty string to $msg so we don't get warnings
about concatenating to an undefined variable.
* tellafriend fixup pt 2
* The main problem here is that the template was trying
to call "form" methods as "dw" methods that didn't exist.
* Removed HTML table elements.
* Turned off Foundation styling because it made the page
look weird. More work for another day.
* A few other typo fixes and regressions to the original BML.
* remove BML
* [#1866] site text improvements
It was bugging the stew out of me that this hadn't been
updated to use $LJ::NEWS_JOURNAL so I did that. I also
changed the bits of boilerplate text that I complained
about in #1866, and made the textarea a bit wider.
* bug in LatestNews widget on logged-in homepage
Obscure, but I just ran into this in testing: if you
set $LJ::NEWS_JOURNAL to a valid community but it
doesn't have any entries yet, the widget will bomb
out with a missing anum error.
This adds a validity check to the entry object before
attempting to do anything with it.
* [#1866] disallow /tools/tellafriend in robots.txt
As I mentioned in #1866, this page gets a lot of crawler
traffic because it's linked on every journal and entry.
Adding it here should tell well-behaved bots to ignore it.