Merge production. Bump to 3.0.11

Freegle · Aug 4, 2023 · 3c71ef4 · 3c71ef4
2 parents 32c802d + e14d198
commit 3c71ef4
Show file tree

Hide file tree

Showing 14 changed files with 65 additions and 38 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -2,8 +2,8 @@ FROM node:18-alpine
 
 WORKDIR /app
 
-ENV IZNIK_API_V1=http://apiv1/api \
-    IZNIK_API_V2=http://apiv2:8192/api
+ENV IZNIK_API_V1=http://apiv1.localhost/api \
+    IZNIK_API_V2=http://apiv2.localhost:8192/api
 
 RUN apk update && apk add git \
     && git clone https://github.com/Freegle/iznik-nuxt3.git
@@ -12,4 +12,4 @@ CMD cd iznik-nuxt3 \
     && git pull \
     && yes | npm install -y --legacy-peer-deps \
     && export NODE_OPTIONS=--max-old-space-size=8192;npm run build \
-    && npm run start
+    && export HOST=0; npm run start
diff --git a/android/app/build.gradle b/android/app/build.gradle
@@ -6,8 +6,8 @@ android {
         applicationId "org.ilovefreegle.direct"
         minSdkVersion rootProject.ext.minSdkVersion
         targetSdkVersion rootProject.ext.targetSdkVersion
-        versionCode 1212
-        versionName "3.0.10"
+        versionCode 1213
+        versionName "3.0.11"
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
         aaptOptions {
              // Files and dirs to omit from the packaged assets dir, modified to accommodate modern web apps.

diff --git a/api/BaseAPI.js b/api/BaseAPI.js
@@ -78,6 +78,9 @@ export default class BaseAPI {
           'Iznik ' + JSON.stringify(authStore.auth.persistent)
       }
 
+      headers['Cache-Control'] =
+        'max-age=0, must-revalidate, no-cache, no-store, private'
+
       if (method === 'GET' && config?.params) {
         // Remove falsey values from the params.
         config.params = Object.fromEntries(
@@ -311,6 +314,9 @@ export default class BaseAPI {
         headers.Authorization2 = JSON.stringify(authStore.auth.persistent)
       }
 
+      headers['Cache-Control'] =
+        'max-age=0, must-revalidate, no-cache, no-store, private'
+
       if (method === 'GET' && config?.params) {
         // Remove falsey values from the params.
         config.params = Object.fromEntries(

diff --git a/components/PostMessage.vue b/components/PostMessage.vue
@@ -35,7 +35,6 @@
         ref="filepond"
         imgtype="Message"
         imgflag="message"
-        :identify="true"
         :browse="pondBrowse"
         :multiple="true"
         @photo-processed="photoProcessed"
@@ -161,7 +160,7 @@ export default {
       // init callback below.
       this.uploading = true
     },
-    photoProcessed(imageid, imagethumb, image, ocr, suggestions) {
+    photoProcessed(imageid, imagethumb, image) {
       // We have uploaded a photo.  Remove the filepond instance.
       const att = {
         id: imageid,

diff --git a/config.js b/config.js
@@ -34,5 +34,5 @@ export default {
     'https://[email protected]/4504083802226688',
 
   ISAPP: process.env.IZNIK_NUXT3_IS_APP === 'true',
-  MOBILE_VERSION: '3.0.10',
+  MOBILE_VERSION: '3.0.11',
 }
diff --git a/ios/App/App.xcodeproj/project.pbxproj b/ios/App/App.xcodeproj/project.pbxproj
@@ -357,12 +357,12 @@
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CODE_SIGN_ENTITLEMENTS = App/App.entitlements;
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 1206;
+				CURRENT_PROJECT_VERSION = 1207;
 				DEVELOPMENT_TEAM = GMYU3K9D84;
 				INFOPLIST_FILE = App/Info.plist;
 				IPHONEOS_DEPLOYMENT_TARGET = 13.0;
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks";
-				MARKETING_VERSION = 3.0.10;
+				MARKETING_VERSION = 3.0.11;
 				OTHER_SWIFT_FLAGS = "$(inherited) \"-D\" \"COCOAPODS\" \"-DDEBUG\"";
 				PRODUCT_BUNDLE_IDENTIFIER = org.ilovefreegle.iphone;
 				PRODUCT_NAME = "$(TARGET_NAME)";
@@ -379,12 +379,12 @@
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CODE_SIGN_ENTITLEMENTS = App/App.entitlements;
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 1206;
+				CURRENT_PROJECT_VERSION = 1207;
 				DEVELOPMENT_TEAM = GMYU3K9D84;
 				INFOPLIST_FILE = App/Info.plist;
 				IPHONEOS_DEPLOYMENT_TARGET = 13.0;
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks";
-				MARKETING_VERSION = 3.0.10;
+				MARKETING_VERSION = 3.0.11;
 				PRODUCT_BUNDLE_IDENTIFIER = org.ilovefreegle.iphone;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SWIFT_ACTIVE_COMPILATION_CONDITIONS = "";

diff --git a/nuxt.config.ts b/nuxt.config.ts
@@ -195,6 +195,7 @@ export default defineNuxtConfig({
       MOBILE_VERSION: config.MOBILE_VERSION,
       NETLIFY_DEPLOY_ID: process.env.DEPLOY_ID,
       NETLIFY_SITE_NAME: process.env.SITE_NAME,
+      MATOMO_HOST: process.env.MATOMO_HOST,
     },
   },
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -111,6 +111,7 @@
     "vue-highlight-words": "^3.0.0",
     "vue-inner-image-zoom": "^2.0.0",
     "vue-json-pretty": "^2.2.4",
+    "vue-matomo": "^4.2.0",
     "vue-plugin-load-script": "^2.1.1",
     "vue-read-more3": "^1.2.2",
     "vue-simple-context-menu": "^4.0.4",

diff --git a/pages/privacy.vue b/pages/privacy.vue
@@ -46,10 +46,6 @@
           out.
         </p>
         <ul>
-          <li>
-            We store a session cookie. That's strictly necessary for the site to
-            function, and does not require consent.
-          </li>
           <li>
             We store some information in your browser's local storage, because
             of the way the site works. There's not much in it except if you're
@@ -70,6 +66,13 @@
             <!-- eslint-disable-next-line -->
           <nuxt-link  no-prefetch to="/donate">donate</nuxt-link>).
           </li>
+          <li>
+            We use
+            <ExternalLink href="https://matomo.org">Matomo</ExternalLink> to
+            collect information about how people use the site. This is similar
+            to Google Analytics, but more privacy-safe. We have configured this
+            not to use any cookies.
+          </li>
         </ul>
         <p>Once you log in, you're giving us consent to do the following.</p>
         <ul>
@@ -101,21 +104,6 @@
           <!-- eslint-disable-next-line -->
         <ExternalLink href="https://sentry.io/privacy/">here</ExternalLink>.
         </p>
-        <h2>Inspectlet</h2>
-        <p>
-          On a small random fraction of sessions, we use
-          <ExternalLink href="https://www.inspectlet.com/"
-            >Inspectlet</ExternalLink
-          >. This helps us work out which bits of the website are working well
-          for freeglers, and which aren't. You can read their privacy policy
-          <ExternalLink
-            href="https://docs.inspectlet.com/hc/en-us/articles/360002994432-Privacy-Impact-Assessment-under-GDPR"
-            >here</ExternalLink
-          >, and opt out of this
-          <ExternalLink href="https://www.inspectlet.com/optout"
-            >here</ExternalLink
-          >.
-        </p>
         <h2>Deleting your data</h2>
         <p>
           If you want to leave Freegle, please go
@@ -132,6 +120,8 @@
         <h3>Change History</h3>
         <p>Here are the changes to this page.</p>
         <ul class>
+          <li>03/08/2023: Remove session cookie, which is no longer used.</li>
+          <li>31/07/2023: Remove Inspectlet, which we no longer use.</li>
           <li>
             04/02/2023: Removed Google Analytics, which we no longer use. Add
             mention of cookies.

diff --git a/plugins/matomo.client.js b/plugins/matomo.client.js
@@ -0,0 +1,16 @@
+import VueMatomo from 'vue-matomo'
+import { useRuntimeConfig, defineNuxtPlugin } from '#imports'
+
+export default defineNuxtPlugin((nuxtApp) => {
+  const config = useRuntimeConfig()
+
+  const host = config.public.MATOMO_HOST
+
+  if (host) {
+    nuxtApp.vueApp.use(VueMatomo, {
+      router: nuxtApp.$router,
+      host,
+      siteId: 1,
+    })
+  }
+})
diff --git a/public/_headers b/public/_headers
@@ -1,3 +1,3 @@
 # Headers for Netlify.  csp.js seems to kick in during dev but not when deployed.
 /*
-Content-Security-Policy: worker-src blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.google.com *.gstatic.com cdn.jsdelivr.net *.paypalobjects.com; report-uri https://fdapilive.ilovefreegle.org/csp.php
+Content-Security-Policy: worker-src blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net ilovefreegle.matomo.cloud *.google.com *.gstatic.com cdn.jsdelivr.net *.paypalobjects.com; report-uri https://fdapilive.ilovefreegle.org/csp.php
diff --git a/server/middleware/csp.js b/server/middleware/csp.js
@@ -2,6 +2,6 @@
 export default defineEventHandler((event) => {
   event.node.res.setHeader(
     'Content-Security-Policy',
-    "object-src 'none'; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.google.com *.gstatic.com cdn.jsdelivr.net *.paypalobjects.com; report-uri https://fdapilive.ilovefreegle.org/csp.php"
+    "object-src 'none'; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net ilovefreegle.matomo.cloud *.google.com *.gstatic.com cdn.jsdelivr.net *.paypalobjects.com; report-uri https://fdapilive.ilovefreegle.org/csp.php"
   )
 })
diff --git a/stores/auth.js b/stores/auth.js
@@ -68,11 +68,15 @@ export const useAuthStore = defineStore({
 
       if (process.client) {
         // Store the values in cookies.  This means they are accessible during SSR.
-        const j = useCookie('jwt')
-        const p = useCookie('persistent')
-        j.value = jwt
-        p.value = JSON.stringify(persistent)
-        console.log('Saved jwt and persistent cookies')
+        if (jwt) {
+          const j = useCookie('jwt')
+          j.value = jwt
+        }
+
+        if (persistent) {
+          const p = useCookie('persistent')
+          p.value = JSON.stringify(persistent)
+        }
       }
     },
     setUser(value) {