Merge upstream

.gitattributes

@@ -1,2 +1,6 @@
 # Set the default behavior, in case people don't have core.autocrlf set.
 * text=auto
+# Bash scripts needs to have LF line endings, even on Windows
+*.sh text eol=lf
+# /usr/local/bin/ruby: warning: shebang line ending with \r may cause problems
+/bin/* text eol=lf

.github/workflows/reviewdog.yml

@@ -23,7 +23,7 @@ jobs:
           bundler-cache: true
 
       - name: rubocop
-        uses: reviewdog/action-rubocop@7ef50b200dba9fb54c97392337ac7e82d692c4bd
+        uses: reviewdog/action-rubocop@a162a8e8976d8b3b7141c2147d7d79eed7cc8c4c
         with:
           use_bundler: true
           reporter: github-pr-check
@@ -45,7 +45,7 @@ jobs:
           bundler-cache: true
 
       - name: erb-lint
-        uses: tk0miya/action-erblint@eda368e7a0d8a0e71c475bb7cc65d0d612e5148c
+        uses: tk0miya/action-erblint@b6e537f4616e4fa7a9eef209ca34ca944e1440dd
         with:
           use_bundler: true
           reporter: github-pr-check

ACKNOWLEDGMENTS.md

@@ -12,7 +12,7 @@ Acknowledgments
 <p><a href="http://galeracluster.com/products/"><img alt="" valign="middle" src="http://media.archiveofourown.org/ao3/logos/galera.png" width="200"/> Galera Cluster</a> for clustered MySQL.</p>
 <p><a href="github.com/otwcode/otwarchive"><img alt="" valign="middle" src="http://media.archiveofourown.org/ao3/logos/GitHub_Logo.png" width="200"/> GitHub</a> for collaborative programming.</p>
 <p><a href="http://www.haproxy.org/"><img alt="" valign="middle" src="http://media.archiveofourown.org/ao3/logos/logo-med.png" width="200"/> HAProxy</a> for load balancing.</p>
-<p><a href="https://houndci.com/"><img alt="" valign="middle" src="http://media.archiveofourown.org/ao3/logos/Hound-Dribbble.png" width="200"/> Hound</a> for style guidance.</p>
+<p><a href="https://houndci.com/"><img alt="" valign="middle" src="http://media.archiveofourown.org/ao3/logos/Hound-Dribbble.png" width="200"/> Hound</a> and <a href="https://github.com/reviewdog/reviewdog"><img alt="reviewdog logo" valign="middle" src="https://raw.githubusercontent.com/haya14busa/i/d598ed7dc49fefb0018e422e4c43e5ab8f207a6b/reviewdog/reviewdog.logo.png" width="200"/> reviewdog</a> for style guidance.</p>
 <p><a href="https://otwarchive.atlassian.net/"><img alt="" valign="middle" src="http://media.archiveofourown.org/ao3/logos/jira_rgb_blue.svg" width="200"/> Jira</a> for our issue tracking.</p>
 <p><a href="https://nginx.org/en/"><img alt="" valign="middle" src="http://media.archiveofourown.org/ao3/logos/Nginx_logo.svg" width="200"/> NGINX</a> for our front end.</p>
 <p><a href="https://memcached.org/"><img alt="" valign="middle" src="http://media.archiveofourown.org/ao3/logos/Memcached.png" width="200"/> Memcached</a> for caching.</p>
@@ -23,5 +23,5 @@ Acknowledgments
 <p><a href="http://rspec.info/"><img alt="" valign="middle" src="http://media.archiveofourown.org/ao3/logos/rspec.png" width="200"/> RSpec</a> for unit tests.</p>
 <p><a href="https://www.ruby-lang.org/en/"><img alt="" valign="middle" src="http://media.archiveofourown.org/ao3/logos/ruby.png" width="200"/> Ruby</a> as our language.</p>
 <p><a href="https://www.jetbrains.com/ruby/"><img alt="" valign="middle" src="http://media.archiveofourown.org/ao3/logos/logo_RubyMine.svg" width="200"/> RubyMine</a> for our integrated development environment.</p>
+<p><a href="https://sentry.io/"><svg class="css-lfbo6j e1igk8x04" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 222 66" width="200" height="60"><path d="M29,2.26a4.67,4.67,0,0,0-8,0L14.42,13.53A32.21,32.21,0,0,1,32.17,40.19H27.55A27.68,27.68,0,0,0,12.09,17.47L6,28a15.92,15.92,0,0,1,9.23,12.17H4.62A.76.76,0,0,1,4,39.06l2.94-5a10.74,10.74,0,0,0-3.36-1.9l-2.91,5a4.54,4.54,0,0,0,1.69,6.24A4.66,4.66,0,0,0,4.62,44H19.15a19.4,19.4,0,0,0-8-17.31l2.31-4A23.87,23.87,0,0,1,23.76,44H36.07a35.88,35.88,0,0,0-16.41-31.8l4.67-8a.77.77,0,0,1,1.05-.27c.53.29,20.29,34.77,20.66,35.17a.76.76,0,0,1-.68,1.13H40.6q.09,1.91,0,3.81h4.78A4.59,4.59,0,0,0,50,39.43a4.49,4.49,0,0,0-.62-2.28Z M124.32,28.28,109.56,9.22h-3.68V34.77h3.73V15.19l15.18,19.58h3.26V9.22h-3.73ZM87.15,23.54h13.23V20.22H87.14V12.53h14.93V9.21H83.34V34.77h18.92V31.45H87.14ZM71.59,20.3h0C66.44,19.06,65,18.08,65,15.7c0-2.14,1.89-3.59,4.71-3.59a12.06,12.06,0,0,1,7.07,2.55l2-2.83a14.1,14.1,0,0,0-9-3c-5.06,0-8.59,3-8.59,7.27,0,4.6,3,6.19,8.46,7.52C74.51,24.74,76,25.78,76,28.11s-2,3.77-5.09,3.77a12.34,12.34,0,0,1-8.3-3.26l-2.25,2.69a15.94,15.94,0,0,0,10.42,3.85c5.48,0,9-2.95,9-7.51C79.75,23.79,77.47,21.72,71.59,20.3ZM195.7,9.22l-7.69,12-7.64-12h-4.46L186,24.67V34.78h3.84V24.55L200,9.22Zm-64.63,3.46h8.37v22.1h3.84V12.68h8.37V9.22H131.08ZM169.41,24.8c3.86-1.07,6-3.77,6-7.63,0-4.91-3.59-8-9.38-8H154.67V34.76h3.8V25.58h6.45l6.48,9.2h4.44l-7-9.82Zm-10.95-2.5V12.6h7.17c3.74,0,5.88,1.77,5.88,4.84s-2.29,4.86-5.84,4.86Z" transform="translate(11, 11)" fill="#362d59"></path></svg> Sentry</a> for APM/application monitoring.</p>
 <p><a href="https://slack.com/"><img alt="" valign="middle" src="http://media.archiveofourown.org/ao3/logos/Slack_RGB.svg" width="200"/> Slack</a> for communications.</p>
-<p><a href="https://www.vagrantup.com/"><img alt="" valign="middle" src="http://media.archiveofourown.org/ao3/logos/logo_wide-56017ded.png" width="200"/> Vagrant</a> for our development environment.</p>

Gemfile

@@ -80,14 +80,6 @@ gem 'escape_utils', '1.2.1'
 
 gem 'timeliness'
 
-# TODO: rpm_contrib is deprecated and needs to be replaced
-# Here is a list of possible alternatives:
-# https://github.com/newrelic/extends_newrelic_rpm
-#
-# The last working version is not compatible with Rails 5
-#
-# gem 'rpm_contrib', '2.2.0'
-
 # for generating graphs
 gem 'google_visualr', git: 'https://github.com/winston/google_visualr'
 
@@ -184,7 +176,8 @@ gem 'unicorn', '~> 5.5', require: false
 gem 'god', '~> 0.13.7'
 
 group :staging, :production do
-  # Place the New Relic gem as low in the list as possible, allowing the
-  # frameworks above it to be instrumented when the gem initializes.
-  gem "newrelic_rpm"
+  gem "stackprof"
+  gem "sentry-ruby"
+  gem "sentry-rails"
+  gem "sentry-resque"
 end

Gemfile.lock

@@ -173,7 +173,7 @@ GEM
     chronic (0.10.2)
     climate_control (1.2.0)
     coderay (1.1.3)
-    concurrent-ruby (1.3.1)
+    concurrent-ruby (1.3.4)
     connection_pool (2.4.1)
     crack (1.0.0)
       bigdecimal
@@ -259,7 +259,7 @@ GEM
       smart_properties
     erubi (1.12.0)
     escape_utils (1.2.1)
-    et-orbi (1.2.7)
+    et-orbi (1.2.11)
       tzinfo
     factory_bot (6.4.6)
       activesupport (>= 5.0.0)
@@ -293,8 +293,8 @@ GEM
     faraday-retry (1.0.3)
     fastimage (2.3.0)
     ffi (1.16.3)
-    fugit (1.10.1)
-      et-orbi (~> 1, >= 1.2.7)
+    fugit (1.11.1)
+      et-orbi (~> 1, >= 1.2.11)
       raabro (~> 1.4)
     globalid (1.2.1)
       activesupport (>= 6.1)
@@ -395,7 +395,6 @@ GEM
     net-ssh-gateway (2.0.0)
       net-ssh (>= 4.0.0)
     netrc (0.11.0)
-    newrelic_rpm (9.7.1)
     nio4r (2.7.0)
     nkf (0.2.0)
     nokogiri (1.16.5)
@@ -500,7 +499,7 @@ GEM
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rexml (3.3.2)
+    rexml (3.3.6)
       strscan
     rollout (2.4.3)
     rspec-core (3.13.0)
@@ -553,6 +552,15 @@ GEM
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
       websocket (~> 1.0)
+    sentry-rails (5.18.0)
+      railties (>= 5.0)
+      sentry-ruby (~> 5.18.0)
+    sentry-resque (5.18.0)
+      resque (>= 1.24)
+      sentry-ruby (~> 5.18.0)
+    sentry-ruby (5.18.0)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.0.2)
     shoulda (4.0.0)
       shoulda-context (~> 2.0)
       shoulda-matchers (~> 4.0)
@@ -577,6 +585,7 @@ GEM
     sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
+    stackprof (0.2.26)
     stringex (2.8.6)
     strscan (3.1.0)
     sys-uname (1.2.3)
@@ -684,7 +693,6 @@ DEPENDENCIES
   minitest
   mysql2
   n_plus_one_control
-  newrelic_rpm
   nokogiri (>= 1.8.5)
   permit_yo
   phraseapp-in-context-editor-ruby (>= 1.0.6)
@@ -711,10 +719,14 @@ DEPENDENCIES
   rvm-capistrano
   sanitize (>= 4.6.5)
   selenium-webdriver
+  sentry-rails
+  sentry-resque
+  sentry-ruby
   shoulda
   simplecov
   simplecov-cobertura
   sprockets (< 4)
+  stackprof
   terrapin
   test-unit (~> 3.2)
   timecop

README.md

@@ -36,6 +36,7 @@ We benefit from software and services that are free to use for Open Source proje
 * [Codeship](https://codeship.com/)
 * [Hound](https://houndci.com/) by [thoughtbot](https://thoughtbot.com/)
 * [BrowserStack](https://www.browserstack.com)
+* [Sentry](https://sentry.io)
 * [Full list of acknowledgments](ACKNOWLEDGMENTS.md)
 
 Thank you kindly!

app/controllers/admin/admin_users_controller.rb

@@ -1,6 +1,31 @@
 class Admin::AdminUsersController < Admin::BaseController
   include ExportsHelper
 
+  before_action :set_roles, only: [:index, :bulk_search]
+  before_action :load_user, only: [:show, :update, :confirm_delete_user_creations, :destroy_user_creations, :troubleshoot, :activate, :creations]
+  before_action :user_is_banned, only: [:confirm_delete_user_creations, :destroy_user_creations]
+  before_action :load_user_creations, only: [:confirm_delete_user_creations, :creations]
+
+  def set_roles
+    @roles = Role.assignable.distinct
+  end
+
+  def load_user
+    @user = User.find_by!(login: params[:id])
+  end
+
+  def user_is_banned
+    return if @user&.banned?
+
+    flash[:error] = ts("That user is not banned!")
+    redirect_to admin_users_path
+  end
+
+  def load_user_creations
+    @works = @user.works.paginate(page: params[:works_page])
+    @comments = @user.comments.paginate(page: params[:comments_page])
+  end
+
   def index
     authorize User
     @role_values = @roles.map{ |role| [role.name.humanize.titlecase, role.name] }
@@ -37,22 +62,16 @@ def bulk_search
     end
   end
 
-  before_action :set_roles, only: [:index, :bulk_search]
-  def set_roles
-    @roles = Role.assignable.distinct
-  end
-
   # GET admin/users/1
   def show
-    @user = authorize User.find_by!(login: params[:id])
-    @hide_dashboard = true
+    authorize @user
     @page_subtitle = t(".page_title", login: @user.login)
     log_items
   end
 
   # POST admin/users/update
   def update
-    @user = authorize User.find_by(login: params[:id])
+    authorize @user
 
     attributes = permitted_attributes(@user)
     @user.email = attributes[:email] if attributes[:email].present?
@@ -119,38 +138,35 @@ def update_status
     end
   end
 
-  before_action :user_is_banned, only: [:confirm_delete_user_creations, :destroy_user_creations]
-  def user_is_banned
-    @user = User.find_by(login: params[:id])
-    unless @user && @user.banned?
-      flash[:error] = ts("That user is not banned!")
-      redirect_to admin_users_path and return
-    end
-  end
-
   def confirm_delete_user_creations
     authorize @user
-    @works = @user.works.paginate(page: params[:works_page])
-    @comments = @user.comments.paginate(page: params[:comments_page])
     @bookmarks = @user.bookmarks
     @collections = @user.sole_owned_collections
     @series = @user.series
   end
 
   def destroy_user_creations
     authorize @user
-    creations = @user.works + @user.bookmarks + @user.sole_owned_collections + @user.comments
+
+    creations = @user.works + @user.bookmarks + @user.sole_owned_collections
     creations.each do |creation|
       AdminActivity.log_action(current_admin, creation, action: "destroy spam", summary: creation.inspect)
       creation.mark_as_spam! if creation.respond_to?(:mark_as_spam!)
       creation.destroy
     end
-    flash[:notice] = ts("All creations by user %{login} have been deleted.", login: @user.login)
+
+    # comments are special and needs to be handled separately
+    @user.comments.each do |comment|
+      AdminActivity.log_action(current_admin, comment, action: "destroy spam", summary: comment.inspect)
+      # Akismet spam procedures are skipped, since logged-in comments aren't spam-checked anyways
+      comment.destroy_or_mark_deleted # comments with replies cannot be destroyed, mark deleted instead
+    end
+
+    flash[:notice] = t(".success", login: @user.login)
     redirect_to(admin_users_path)
   end
 
   def troubleshoot
-    @user = User.find_by(login: params[:id])
     authorize @user
 
     @user.fix_user_subscriptions
@@ -163,7 +179,6 @@ def troubleshoot
   end
 
   def activate
-    @user = User.find_by(login: params[:id])
     authorize @user
 
     @user.activate
@@ -177,6 +192,11 @@ def activate
     end
   end
 
+  def creations
+    authorize @user
+    @page_subtitle = t(".page_title", login: @user.login)
+  end
+
   def log_items
     @log_items ||= @user.log_items.sort_by(&:created_at).reverse
   end

app/controllers/admin/api_controller.rb

@@ -2,23 +2,27 @@ class Admin::ApiController < Admin::BaseController
   before_action :check_for_cancel, only: [:create, :update]
 
   def index
+    @page_subtitle = t(".page_title")
     @api_keys = if params[:query]
                   sql_query = "%" + params[:query] + "%"
                   ApiKey.where("name LIKE ?", sql_query).order("name").paginate(page: params[:page])
                 else
                   ApiKey.order("name").paginate(page: params[:page])
                 end
+    authorize @api_keys
   end
 
   def show
     redirect_to action: "index"
   end
 
   def new
-    @api_key = ApiKey.new
+    @page_subtitle = t(".page_title")
+    @api_key = authorize ApiKey.new
   end
 
   def create
+    authorize ApiKey
     # Use provided api key params if available otherwise fallback to empty
     # ApiKey object
     @api_key = params[:api_key].nil? ? ApiKey.new : ApiKey.new(api_key_params)
@@ -31,11 +35,12 @@ def create
   end
 
   def edit
-    @api_key = ApiKey.find(params[:id])
+    @page_subtitle = t(".page_title")
+    @api_key = authorize ApiKey.find(params[:id])
   end
 
   def update
-    @api_key = ApiKey.find(params[:id])
+    @api_key = authorize ApiKey.find(params[:id])
     if @api_key.update(api_key_params)
       flash[:notice] = ts("Access token was successfully updated")
       redirect_to action: "index"
@@ -45,7 +50,7 @@ def update
   end
 
   def destroy
-    @api_key = ApiKey.find(params[:id])
+    @api_key = authorize ApiKey.find(params[:id])
     @api_key.destroy
     redirect_to(admin_api_path)
   end

app/controllers/application_controller.rb

@@ -389,11 +389,11 @@ def use_caching?
   # Prevents banned and suspended users from adding/editing content
   def check_user_status
     if current_user.is_a?(User) && (current_user.suspended? || current_user.banned?)
-      if current_user.suspended?
-        flash[:error] = t("suspension_notice", default: "Your account has been suspended until %{suspended_until}. You may not add or edit content until your suspension has been resolved. Please <a href=\"#{new_abuse_report_path}\">contact Abuse</a> for more information.", suspended_until: localize(current_user.suspended_until)).html_safe
-      else
-        flash[:error] = t("ban_notice", default: "Your account has been banned. You are not permitted to add or edit archive content. Please <a href=\"#{new_abuse_report_path}\">contact Abuse</a> for more information.").html_safe
-      end
+      flash[:error] = if current_user.suspended?
+                        t("users.status.suspension_notice_html", contact_abuse_link: view_context.link_to(t("users.status.contact_abuse"), new_abuse_report_path), suspended_until: localize(current_user.suspended_until))
+                      else
+                        t("users.status.ban_notice_html", contact_abuse_link: view_context.link_to(t("users.status.contact_abuse"), new_abuse_report_path))
+                      end
       redirect_to current_user
     end
   end
@@ -402,7 +402,7 @@ def check_user_status
   def check_user_not_suspended
     return unless current_user.is_a?(User) && current_user.suspended?
 
-    flash[:error] = t("suspension_notice", default: "Your account has been suspended until %{suspended_until}. You may not add or edit content until your suspension has been resolved. Please <a href=\"#{new_abuse_report_path}\">contact Abuse</a> for more information.", suspended_until: localize(current_user.suspended_until)).html_safe
+    flash[:error] = t("users.status.suspension_notice_html", contact_abuse_link: view_context.link_to(t("users.status.contact_abuse"), new_abuse_report_path), suspended_until: localize(current_user.suspended_until))
     redirect_to current_user
   end
 

app/controllers/autocomplete_controller.rb

@@ -92,7 +92,7 @@ def noncanonical_tag
     raise "Redshirt: Attempted to constantize invalid class initialize noncanonical_tag #{params[:type].classify}" unless Tag::TYPES.include?(params[:type].classify)
 
     tag_class = params[:type].classify.constantize
-    one_tag = tag_class.find_by(canonical: false, name: params[:term])
+    one_tag = tag_class.find_by(canonical: false, name: params[:term]) if params[:term].present?
     # If there is an exact match in the database, ensure it is the first thing suggested.
     match = if one_tag
               [one_tag.name]