mirror of
https://github.com/basecamp/once-campfire.git
synced 2025-11-03 14:32:42 +09:00
eecdb29332
* Bump Ruby to 3.4.5
* Update dependencies
* Adjust for Rails 8 and Ruby 3.5 API changes
* Mark params strings as mutable in prepapration for frozen strings in Ruby 3.5
* Update test for HTML5 sanitizer
With Rails 7.1 the HTML5 sanitizer became the default, this breakts this test because the old sanitizer used to delete unpermitted nodes, while the new one returns their content
The final string is safe, but different then it used to be in Rails 7.0
* Remove direct Turbo tesh helpers require & parallelize tests
* Fix Zeitwerk issues with rails extensions
* Update Resque setup for Redis 5+
* Remove unused views
* Remove GID v1 handler
33 lines
1.2 KiB
Ruby
33 lines
1.2 KiB
Ruby
ActiveSupport.on_load(:action_text_content) do
|
|
class ActionText::Attachment
|
|
class << self
|
|
def from_node(node, attachable = nil)
|
|
new(node, attachable || ActionText::Attachment::OpengraphEmbed.from_node(node) || attachable_from_possibly_expired_sgid(node["sgid"]) || ActionText::Attachable.from_node(node))
|
|
end
|
|
|
|
private
|
|
# Our @mentions use ActionText attachments, which are signed. If someone rotates SECRET_KEY_BASE, the existing attachments become invalid.
|
|
# This allows ignoring invalid signatures for User attachments in ActionText.
|
|
ATTACHABLES_PERMITTED_WITH_INVALID_SIGNATURES = %w[ User ]
|
|
|
|
def attachable_from_possibly_expired_sgid(sgid)
|
|
if message = sgid&.split("--")&.first
|
|
encoded_message = JSON.parse Base64.strict_decode64(message)
|
|
|
|
decoded_gid = if data = encoded_message.dig("_rails", "data")
|
|
data
|
|
else
|
|
nil
|
|
end
|
|
|
|
model = GlobalID.find(decoded_gid)
|
|
|
|
model.model_name.to_s.in?(ATTACHABLES_PERMITTED_WITH_INVALID_SIGNATURES) ? model : nil
|
|
end
|
|
rescue ActiveRecord::RecordNotFound
|
|
nil
|
|
end
|
|
end
|
|
end
|
|
end
|