Phorge

PublicGeneral discussions about Phorge.

• Join Room

Sorry :(

ok, I'm gonna fix that real quick...

I'm sorry, sorry, sorry. And thanks for fixing that.

"Invalid Condition: Condition references a rule which does not exist!"

I think I fixed H7 now.
It was referring to H22, which I disabled, but it turns out that "referring to a disabled rule" breaks the pointing rule instead of what I assumed would happen, which is to just magically be ok.
I'll file a ticket...

thanks though I'm not gonna test it ;-/

😁

Hmm did anything else change as part of that? Trying to git pull master, I get "phabricator-ssh-exec: This repository ("phorge") is not available over SSH. fatal: Could not read from remote repository."

errr... shouldn't be, except that my computer won't turn on now.

"avivey deactivated this repository."
🤦‍♂️

One-click
https://we.phorge.it/source/phorge/edit/activate/

try now?

It works now, thanks

is there any documentation like https://secure.phabricator.com/book/phabricator/ hosted by phorge? I worry that the phabricator/book will disappear some time

https://we.phorge.it/book/phorge/ 😬 should have looked in the most obvious place

😄

then again I couldn't find a link from the home page so struggled to find it again

Home → Documentation → Phorge 👍

Maybe we misconfigured something?
The last link "Defined in... concepts/behaviors.diviner:1 " does not work:
https://we.phorge.it/book/javelin/article/behaviors/

I think the files for the Javelin books are not in the right place, and the code to generate this "Defined" section is very simplistic (i.e. dumb).

Do we generally agree that removing IE8 and IE9 specific code in Phorge is fine these days?

Lol wasn't IE9 end-of-life-d back in like 2016 or something??

Correct, though MS released IE9 security updates until 18months ago

I doubt anyone using Phorge is on such an old browser

Agree, but please list it as a breaking change in the release notes

yeah, and create a ticket to track those changes and refer people to.

Heya, I'm writing an extension and I was wondering if there's a space to store request context? I have a preflight function that takes a reference to the AphrontRequest passed into the controller - right now I'm modifying requestData, but that obviously has the downside of being modifiable at request-time just with ?x=y.
My current workaround to that is checking every value I'm going to be setting and just halting the request if it's being sent (although realistically I could just override the value and be fine.. ehh, I'm iffy on it)

I'm not sure there is - we usually just pass everything as method arguments, and have very little "global"/"static" storage.
What are you trying to do? And how did you install the preflight function?

Some context: I'm abusing the controller system to create an API within Phorge that authenticates a system calling it with JWTs instead of Conduit; It's horrible and somehow works?
Anyways; I'm calling the preflight check function as the first thing that happens in each controller handler, since I expose them without auth controller-side.

Here's some example code of what I'm basically trying to do

// public static function PreflightApiChecks(AphrontRequest &$request): ?AphrontResponse
public function handleRequest(AphrontRequest $request): AphrontResponse {
  $preflight = Util::PreflightApiChecks($request);
  if ($preflight !== null) {
    return $preflight; // 403 or 404 response, depending on internal "stealth_mode" config to prevent probing
  }

  $jwt_issuer = $request->getStr('jwt_iss'); // token issuer is set in preflight

btw, assuming I want to turn this into a library instead of an extension (to both avoid the stated performance penalty in docs, and because I just hit an issue where an abstract class i created wasn't resolved until i turned it into a lib for arc liberate), is placing it into the extensions/ dir good enough? I'd prefer avoiding using the load-libraries config- (if not, would a shim of ...Init.php that runs phutil_register_library('libname', '/path/to/actual/lib'); work in its place in extensions, or would I end up loading too late?)

(sorry, had to go and things)

For the second question: If you put the file in /extensions/, then it will still try to load it automatically even if you did arc liberate, so you wouldn't gain anything performance-wise. I think an explicit phutil_register_library would "just work"; I'm not 100% sure you can use it in a Preamble script, worth trying out.

Ah, thanks avivey. There was an user talking about $_SERVER['HTTPS'] = true; and now I see that is covered by that "Preamble script"

For the first issue - I'm not sure if we have anything exactly like this.

There is a "request cache" that you could maybe use for this; It's used for policy checks in some places. It an optional size limit, so it's not ideal for this task.

@avivey: Im'm working on a cluster config inject and want to avoid local configuration as much as possible :P

The problem is, said inject is in the same codebase as the API routes that had an issue loading the abstract base class lol

for the first issue though i ended up making a ControllerBase class that implements a $this->requestContext that I then pass into functions that need it :)

I think Valerio & I welcome more highly opinionated review comments in D25672 (JS or HTML, good or evil, pink or blue)... TIA! :)

Also maybe somebody can help l2dy to confirm their email manually

Thank you for your help with my earlier problem. Now I have a slightly different one. When I load a work board on mobile none of the cards show up. They show up fine on desktop. Screenshot attached.

LOL we cannot see file F2273742 (well-known bug that will be fixed in D25709) - please manually set it visible to everybody

I changed visibility do you see it now?

Yep. Can you reproduce this problem on desktop with small window? also in other phones? or just on your specific phone?

On desktop everything works normally. Let me try my other phone.

Okay I can't reproduce the issue on iOS safari or iOS Chrome. The next step is to test on my other Android phone.

Couldn't reproduce on the test Android. I cleared cache on my phone browser and that seems to fix it.

How do you recommend I make a feature request? In particular I'd like the breakpoint width to be changed for showing project columns as columns as opposed to full-width boxes, especially when I have "request desktop site" ticked (not sure that does anything though). It would be nice to be able to use the increased screen real estate of Android tablets and folding phones. Probably a niche request but I don't mind doing the work.

IIRC "Request Desktop Site" is basically ignored, see also https://phabricator.wikimedia.org/T258529 (though that does not really provide pointers)

Phorge considers only (or almost only) the screen width as the "is this a mobile".
When I tick "desktop site" in Chrome Android, it changes the screen size to use smaller pixels, and removes the words "mobile" and "android" from the user-agent string.

Does Phorge offer functionality for generating SQL for a LiskDAO/PhabricatorLiskDAO descendant? Given that Phorge is capable of inspecting its own schema I would expect it to be capable of generating a table definition, but all I could find is bin/storage quickstart and that is broken on latest master.

No SQL generation, unfortunately, but the storage upgrade can automatically adjust some things to match the code (IIRC, Keys, some type information on columns, and things like Collation etc).

I'd better get some tunes going to bang out SQL like the olden days then. Maybe if I'm feeling particularly daring I'll build something for that too. Thanks!

when I run arc lint --everything in the phorge repo, some of the unit test files are auto-corrected which will break the corresponding tests:

• src/infrastructure/markup/remarkup/__tests__/remarkup/block-then-list.txt
• src/infrastructure/markup/remarkup/__tests__/remarkup/diff.txt
• src/infrastructure/markup/remarkup/__tests__/remarkup/just-backticks.txt
• src/infrastructure/markup/remarkup/__tests__/remarkup/leading-newline.txt
• src/infrastructure/markup/remarkup/__tests__/remarkup/tick-block-multi-flavored-comment.txt
• src/infrastructure/markup/remarkup/__tests__/remarkup/tick-block-multi-flavored.txt
• src/infrastructure/markup/remarkup/__tests__/remarkup/tick-block-multi.txt
• src/infrastructure/markup/remarkup/__tests__/remarkup/trailing-whitespace-codeblock.txt

All the "errors" are trailing whitespaces.
Shouldn't these txt files be ignored somehow ?

yes

I got it solved.
.git/arc/default-relative-commit did contain a strange commit from a year ago

How to drop a Diviner book? Like, the old "phabricator" Diviner book? 🤔

I think it has a PHID, so it might be possible to go via bin/remove.
Or just truncate all the diviner tables and regen everything.

If anyone has some spare cycles, I welcome patch reviews - I offer only biggest choice and all very quality so much! Pick a fresh one and make Phorge bestest Phorge ever! <3

hmm, does phorge/phab compete with solutions of the likes of jira?

Different product spaces. Jira isnt built for trivial things like "developer productivity" or "usefulness". And Phorge isn't built for enabling hour long meetings to debate whether a task should be a made-up 2 story points versus a made-up 3 story points

i see, i guess bugzilla might be coming in the direction of the space that phorge is at

hmm but to come in a direction, Bugzilla first would have to move? 😁

There used to be support for graphviz, but it was dropped for security concerns.
There's growing interest in mermaid (Q108), I might end up making an extension for it someday.

hmm, what are the security issues of graphviz?

huh strange, phabricator server seems to have ran out of disk space somewhere

There was some CVE reported somewhere about graphviz, but the real concern was allowing un-sanitized user input to be provided directly to 3rd party executables running server-side.
cowsay (and figlet) were re-written in php and are still around, but we couldn't do that with graphviz.

mermaid runs in the user's browser, so it's still a risk, it's slightly less so.

Yeah graphviz rendering on the server turned out to be able to spit out contents of files if you abused some parameters, I think things related to fonts.

i understand thanks!

well perhaps some compromise in the name of security could be done to introduce mermaid

[PSA] Last call for your opinionated review comment on "Allow collapsing/expanding workboard column content by clicking its header" in https://we.phorge.it/D25672 before merging - TIA

Would anyone have review opinions on merging OGP support for Maniphest tasks in https://we.phorge.it/D25668 ? Asking as I repeatedly get asked about this in my company... Comments like "no, make this more generic and not only for tasks" are also fine but I'd consider that a future step

@aklapper Functionality-wise LGTM. Is there a function like getAnonymousViewer()? That would be better suited for OGP, to prevent accidental leak of metadata.