The dynamic configuration system has two components: the app, which
reads, and the writer script. The latter is meant for use by humans, and
converts a [live_config] section of the INI file into JSON for storage
in ZooKeeper. The app will read this data on startup and place a watch
on the node to be notified, by ZooKeeper, of changes. This means that
running the writer script with new data will automatically propagate the
changes to every app very quickly, without restart.
The writer script relies on a human-entered password to authenticate
with ZooKeeper. The reddit app uses a different set of credentials
(specified in the INI file) to obtain read-only access to the
configuration data.
Also adds a new "live_config" spec to reddit and plugins. This spec is
parsed at write-time only and the parsed values are stored as JSON in
ZooKeeper.
This will allow us to collect information about how users found
subreddits that they subscribe to. We can use this information to test
the effectiveness of new ways of discovering and subscribing to
subreddits.
Specifically, when the subscribe button is clicked, for the current page
and previous page: the URL, referrer URL, and the type of UI element
clicked are sent. We'll use this to answer questions like:
* "did clicking on gizmo A lead to users subscribing to subreddit B?"
* "why did we see a spike in subscriptions to subreddit X today?"
This provides a system for two-factor authentication, using a compliant
OTP-generator such as Google Authenticator. The framework includes a
validator for use on API calls needing authentication as well as a UI
for provisioning/resetting your secret key. A secure cookie may be
generated to effectively turn the user's browser into a temporary
authentication factor.
This feature is currently limited to admins only until full-site SSL is
available.
If the config variable profile_directory is set, ProfilingMiddleware
will be added to the WSGI stack. The middleware will generate a file in
the specified directory on each request containing the contents of that
request's profile.
Note: some CFs are explicitly marked for the "main" connection
pool and others are not. This is an artifact of the current
state of reddit.com's cassandra setup and is intentional. While
cassandra_default_pool remains "main", this will not cause an issue
for you.
It was used directly in two places in pages.py, I've
replaced those uses with safemarkdown calls. In the case
of the search fail page, I just removed the javascript
try-again link since it wouldn't be doable through safemarkdown
and that page isn't hit very frequently any more anyway.
Had to convert the three special thumbnail images
to 32-bit PNGs rather than PNG8 with indexed alpha
since PIL does not support the latter. ImageMagick was
awesome for this.
Login UI code has been simplified and moved into the client side. CORS
is used for the cross-domain POST if available, otherwise an iframe and
cookie polling technique is used. Start fleshing out the new JS tree. :)
We need onload to be able to get a client-IP based
tracking validation hash, but it doesn't actually need
to do any database work to make those hashes. It also
fails a huge number of times per day. This moves the hash
calculation out to an external app with no db dependencies.
