* The photo signing JWT tokens carry more fields to validate against:
* The username the token is assigned to (or '@' for anyone)
* An 'anyone' boolean for widely public images, such as for the chat room
and public profile pages.
* A short filename hash of the image in question (whether a Photo or a
CommentPhoto) - so that the user can't borrow a JWT token from the chat
room and reveal a different picture.
* Refactored where the VisibleAvatarURL function lives, to avoid a cyclic
dependency error.
* Originally: (*models.User).VisibleAvatarURL(other *models.User)
* Now: (pkg/photo).VisibleAvatarURL(user, currentUser *models.User)
* Add support for authenticated static photo URLs, leveraging the NGINX module
ngx_http_auth_request. The README is updated with an example NGINX config
how to set this up on the proxy side.
* In settings.json a new SignedPhoto section is added: not enabled by default.
* PhotoURL will append a ?jwt= token to the /static/photos/ path for the
current user, which expires after 30 seconds.
* When SignedPhoto is enabled, it will enforce that the JWT token is valid and
matches the username of the current logged-in user, or else will return with
a 403 Forbidden error.
Adds two new features to collect and show useful analytics.
Usage Statistics:
* Begin tracking daily active users who log in and interact with major features
of the website each day, such as the chat room, forum and gallery.
Demographics page:
* For marketing, the home page now shows live statistics about the breakdown of
content (explicit vs. non-explicit) on the site, and the /insights page gives
a lot more data in detail.
* Show the percent split in photo gallery content and how many users opt-in or
share explicit content on the site.
* Show high-level demographics of the members (by age range, gender, orientation)
Misc cleanup:
* Rearrange model list in data export to match the auto-create statements.
* In data exports, include the forum_memberships, push_notifications and
usage_statistics tables.
Add minimum quotas for users to earn the ability to create custom forums.
The entry requirements that could earn the first forum include:
1. Having a Certified account status for at least 45 days.
2. Having written 10 posts or replies in the forums.
Additional quota is granted in increasing difficulty based on the count of
forum posts created.
Other changes:
* Admin view of Manage Forums can filter for official/community.
* "Certified Since" now shown on profile pages.
* Update FAQ page for Forums feature.
Allow regular (non-admin) users access to the Manage Forums page so they can
create and manage their own forums.
Things that were already working:
* The admin forum page was already anticipating regular LoginRequired credential
* Users only see their owned forums, while admins can see and manage ALL forums
Improvements made to the Forum Admin page:
* Change the title color from admin-red to user-blue.
* Add ability to search (filter) and sort the forums.
Other changes:
* Turn the Forum tab bar into a reusable component.
The nonshy website is changing the policy on profile pictures. From August 30,
the square cropped avatar images will need to be publicly viewable to everyone.
This implements the first pass of the rollout:
* Add the Public Avatar Consent Page which explains the change to users and
asks for their acknowledgement. The link is available from their User Settings
page, near their Certification Photo link.
* When users (with non-public avatars) accept the change: their square cropped
avatar will become visible to everybody, instead of showing a placeholder
avatar.
* Users can change their mind and opt back out, which will again show the
placeholder avatar.
* The Certification Required middleware will automatically enforce the consent
page once the scheduled go-live date arrives.
Next steps are:
1. Post an announcement on the forum about the upcoming change and link users
to the consent form if they want to check it out early.
2. Update the nonshy site to add banners to places like the User Dashboard for
users who will be affected by the change, to link them to the forum post
and the consent page.
* Add an Alt Text field for users to describe their photos for accessibility.
* Alt texts appear on mouse over on Gallery pages, in the lightbox modal (on
mouse over or by clicking the ALT button that appears), and in a box on the
permalink page below the photo caption.
* Max length of Alt Text is 5,000 characters.
* Fix a bug with the right-click blocker not working on the lightbox modal.
* Add the PollVotes table and associated logic.
* Multiple choice polls supported.
* Expiring and non-expiring polls.
* Icons and badges on the forum pages to show posts with polls
* Bugfix: non-explicit users getting SQL errors on Newest Posts page.
Got initial Poll table and UI started:
* Polls can be attached to any NEW forum post (can't edit poll details
after creation)
* Max 100 options (theoretically unlimited), expiration time.
* UI: shows radio button list on posts having a poll, no submit handler
yet created.
The photo upload limit for user profiles is raised from 24 to 100.
The bug about Filesize not saving to the database for Photos and
CommentPhotos (storing zeroes in the DB) has been fixed. Run the
`nonshy backfill filesizes` to populate your existing database.
* Add a "Newest" tab to the Forums landing page to order ALL forum posts
(comments) by most recent, paginated.
* Add a "Views" cooldown in Redis: viewing the same post multiple times
within 1 hour doesn't ++ the view count with every page load, per user
per thread ID.
* Update the paginators to handle unlimited numbers of pages: shows max
7 page buttons with your current page towards the middle.
* General ability to jump to the "last page" of anything: use a negative
page size like ?page=-1 and it acts like the last page.
* Add "Like" buttons to comments and forum posts.
* Make "private" profiles more private (logged-in users see only their profile
pic, display name, and can friend request or message, if they are not approved
friends of the private user)
* Add "logged-out view" visibility setting to profiles: to share a link to your
page on other sites. Opt-in setting - default is login required to view your
public profile page.
* CSRF cookie fix.
* Updated FAQ & Privacy pages.
* Add photo upload quotas.
* Non-certified users can upload few photos; certified users more
* Fix foreign key issues around deleting user profile photos for psql
* Add "forgot password" workflow.
* Add ability to change user email address (confirmation link sent)
* Add ability to change user's password.
* Add rate limiter to deter brute force login attempts.
* Add user deep delete functionality (delete account).
* Ping user LastLoginAt every 8 hours for long-lived session cookies.
* Add age filters to user search page.
* Add sort options to user search (last login, created, username/name)
* Add the user photo gallery for profile pages. Paginated, grid or full (blog
style) view options. In grid view clicking a photo opens a large modal to
see it; full view already shows large photos.
* Edit page: can also re-crop and set an existing pic to be your profile pic.
* Delete page: remove photos from the DB and hard drive.
* Photos are cleaned up from disk when not needed, e.g. during a re-crop the
old cropped photo is removed before the new one replaces it.
* Fixed bug with cropping pictures.