Make community assets paths configurable #1946
Conversation
Oaphi
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| in_sql = "(select id from posts where community_id = #{community.id} and category = '$cat')" | ||
| sql = "select tag_id from posts_tags where post_id in #{in_sql}" |
There was a problem hiding this comment.
This is a manual line length fix
| configured_service = ActiveStorage::Blob.service.name | ||
|
|
||
| if configured_service |
There was a problem hiding this comment.
This is a manual fix for assignment in condition
Codecov Report❌ Patch coverage is
Additional details and impacted files
☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| # Lifesaving reference: https://stackoverflow.com/q/1294117/3160466 | ||
|
|
||
| tables_columns = ActiveRecord::Base.connection.tables.map { |t| [t, ActiveRecord::Base.connection.columns(t)] }.to_h | ||
| tables_columns = ActiveRecord::Base.connection.tables.to_h { |t| [t, ActiveRecord::Base.connection.columns(t)] } |
There was a problem hiding this comment.
map.to_h -> to_h with block - tested locally (note that I've also made the script resilient to errors as it turns out it fails on our new FULLTEXT index columns [title, body] for posts - will be addressed in a separate PR)
There was a problem hiding this comment.
Above my pay grade to evaluate. :-)
| sql = "ALTER TABLE `#{t}` MODIFY `#{c.name}` #{c.sql_type} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" | ||
| ActiveRecord::Base.connection.execute sql | ||
| rescue => e | ||
| puts "failed to reset collations on #{t}" | ||
| puts "message: #{e.message}" |
There was a problem hiding this comment.
Manual line length fix + robustness improvement mentioned above
cellio
left a comment
cellio
left a comment
There was a problem hiding this comment.
I tested locally and it looks good to me. I tried valid and invalid values and got the expected behaviors. Somebody with more experience should review the seeds changes.
| # Lifesaving reference: https://stackoverflow.com/q/1294117/3160466 | ||
|
|
||
| tables_columns = ActiveRecord::Base.connection.tables.map { |t| [t, ActiveRecord::Base.connection.columns(t)] }.to_h | ||
| tables_columns = ActiveRecord::Base.connection.tables.to_h { |t| [t, ActiveRecord::Base.connection.columns(t)] } |
There was a problem hiding this comment.
Above my pay grade to evaluate. :-)
db/seeds/site_settings.yml
Outdated
| category: SiteDetails | ||
| description: > | ||
| Path to a file containing site-specific JavaScript. | ||
| Only accepts domain-relative URLs (such as `/assets/community.js`). |
There was a problem hiding this comment.
How about: Must be a domain-relative URL (such as...) ? It does accept others; it just quietly ignores them. For the previous setting we use the "must be" language, so we could use it for these two too.
…her similar settings
closes #1941
closes #964
Primariy, this PR adds two new site settings:
CSSPathandJSPathand makes sure requests for those assets are only made if these new settings are set:To address security concerns raised in #964, these settings are of a new type
uri_paththat only allows domain-relative URLs (f.e.,/assets/community/codegolf.js). Unexpected values are fixed up under the hood or dropped entirely if invalid.The PR also heavily reworks
seeds.rbto simplify working with it going forward as well as enables linting fordb/*source files (most of the fixes are from autocorrectable suggestions - manual fixes to pay more attention to are indicated via comments here).Our production Judaism and Code Golf settings will be automatically populated upon running seeds - I've tested locally, but we'll need to double check that upon deployment to prod.