* With the new JWT signatures on photo URLs, it was no longer possible for
creative users to embed their gallery photos on their profile page.
* Add a function to ReSignPhotoLinks that finds/replaces (on the server side)
all references to paths under "/static/photos/" and gives them a fresh
?jwt= query string signature.
* Note: only applies to the profile page essays, ReSignPhotoLinks is a
template func that must be opted-in on a per page basis.
Other miscellaneous fixes
* Add "Edit" buttons in the corners of profile cards, when the current user
looks at their profile page. They link to URIs like
"/settings#profile/about_me" which will now:
1. Select the "Profile settings" tab like #profile
2. Scroll and focus the profile essay field that the user clicked to edit.
* The photo signing JWT tokens carry more fields to validate against:
* The username the token is assigned to (or '@' for anyone)
* An 'anyone' boolean for widely public images, such as for the chat room
and public profile pages.
* A short filename hash of the image in question (whether a Photo or a
CommentPhoto) - so that the user can't borrow a JWT token from the chat
room and reveal a different picture.
* Refactored where the VisibleAvatarURL function lives, to avoid a cyclic
dependency error.
* Originally: (*models.User).VisibleAvatarURL(other *models.User)
* Now: (pkg/photo).VisibleAvatarURL(user, currentUser *models.User)
* On Forums landing page, show who was the most recent commenter on each
board's most recently updated post.
* Show photo count on Profile Pages on the "Photos" tab.
* Revise the mobile and tablet top nav bar:
* Always show small badge icons linking to the Site Gallery & Forum
* Always show Friends & Messages badges. If no new notifications, they
display as grey instead of yellow w/ a number.
* Put icons next to most nav bar items, especially the User Menu
* Tighten the sprawling page layouts in the Forums to be more compact
for mobile screens.
* Fix bug where some pages scrolled horizontally on mobile: the root cause
was divs with class="content p-2", needs minimum p-3 (but p-4 is used) to
provide enough padding to overcome column margins which were pushing the
page too wide on mobile.
* Add photo upload quotas.
* Non-certified users can upload few photos; certified users more
* Fix foreign key issues around deleting user profile photos for psql
* Add "forgot password" workflow.
* Add ability to change user email address (confirmation link sent)
* Add ability to change user's password.
* Add rate limiter to deter brute force login attempts.
* Add user deep delete functionality (delete account).
* Ping user LastLoginAt every 8 hours for long-lived session cookies.
* Add age filters to user search page.
* Add sort options to user search (last login, created, username/name)
* Add the user photo gallery for profile pages. Paginated, grid or full (blog
style) view options. In grid view clicking a photo opens a large modal to
see it; full view already shows large photos.
* Edit page: can also re-crop and set an existing pic to be your profile pic.
* Delete page: remove photos from the DB and hard drive.
* Photos are cleaned up from disk when not needed, e.g. during a re-crop the
old cropped photo is removed before the new one replaces it.
* Fixed bug with cropping pictures.