Closed SatsAllDay closed 4 months ago
api/resolvers/item.js (1)
`1369-1370`: Ensure reminders are not created for anonymous users.Verification successful
--- The search results indicate that there are indeed checks for anonymous users (`ANON_USER_ID`) in various parts of the codebase, including the `api/resolvers/item.js` file. Specifically, there are lines that mention not supporting reminders for anonymous users and disallowing anonymous users from using reminders. Here are the relevant lines from `api/resolvers/item.js`: - `api/resolvers/item.js: // don't support reminders for ANON` - `api/resolvers/item.js: // disallow anon to use reminder` - `api/resolvers/item.js: if (!me || me.id === ANON_USER_ID) {` These lines suggest that the code does include logic to prevent reminders from being created for anonymous users. - : The codebase includes checks to ensure that reminders are not created for anonymous users.Scripts Executed
The following scripts were executed for the analysis: --- Script: ```shell #!/bin/bash # Description: Verify that reminders are not created for anonymous users. # Test: Search for checks against anonymous user IDs in reminder creation logic. ast-grep --lang javascript --pattern $'function createReminderAndJob($_, $_) { $$$ if ($_ === ANON_USER_ID) { $$$ } $$$ }' ``` Length of output: 135 --- --- Script: ```shell #!/bin/bash # Description: Locate the implementation of the createReminderAndJob function and inspect its logic. # Find the implementation of the createReminderAndJob function ast-grep --lang javascript --pattern 'function createReminderAndJob($_, $_) { $$$ }' # Search for any constants or variables that might represent anonymous users rg -i 'anon' --type js ``` Length of output: 10465
Awesome! Thank you for the feedback, I'll work on it as soon as I can
FYI I've made the changes myself which I just need to test now.
Description
Closes #510
This PR adds support for a
@remindme
bot, similar to the@delete
bot.It uses the same directive pattern, meaning you mention
@remindme
followed by a known syntax to enable the functionality. The pattern is as follows:@remindme in <num> <units>
where
<num>
is a positive integer with no separators, and<units>
is one ofsecond, minute, hours, day, week, month, year
, or their plural counterparts. Some examples:@remindme in 1 day
@remindme in 2 minutes
@remindme in 4 months
When you include this in either a post or a comment, a reminder is scheduled and you are given feedback in the UI that tells you when you will be reminded of this item, localized to your browser's timezone/locale.
If you have a mention of
@remindme
but the reminder was not scheduled, a toast message is shown to help guide you to the correct syntax for using the bot.If you delete an item that has a
@remindme
bot mention, the reminder is canceled (deleted). Note: if the reminder has already occurred, it is not deleted, since we can't "unremind" you. That means it will still show up in your notification history.If you edit an item that has a
@remindme
bot mention, the existing reminder is canceled (deleted). If the updated text contains another@remindme
bot mention, the new reminder is scheduled accordingly. Similar to deleting an item with a@remindme
mention, if the reminder has already occurred before you edit the containing item, the reminder is not deleted, so it will still show up in your notification history.Reminders are sent via notifications in your notifications page, as well as via push notification, if you have that enabled. The reminder links you to the item in which you mentioned
@remindme
.So, for example, if someone else makes a post and you want to be reminded of it, you would reply via comment to the post with
@remindme in 1 week
. 1 week later, you will be notified of your comment, and therefore the parent item implicitly.Technical overview:
Reminder
model added to the DB. It has 3 interesting fields:itemId
userId
remindAt
@remindme
mentions and extract the configuration, and create theReminder
instances, and also schedule thereminder
jobs.reminder
- scheduled via the item API resolver, and handled via a new worker modulehasNewNotes
remindAt
in the past) in the notifications listingScreenshots
Successful reminder scheduled toast
Reminders in notifications page
Additional Context
We could get away with removing
userId
from theReminder
model, since with the implementation, theuserId
in theReminder
is always the owner of the item corresponding toitemId
, so we could just look up the user id when needed. I originally modeled it with bothuserId
anditemId
since that seemed natural, but it might be overkill.This approach does future-proof us if we ever decide to allow you to be directly reminded of someone else's items, though. So maybe it's fine? Open to input here.
Checklist
Are your changes backwards compatible? Please answer below: Yes. New DB model but it is backwards compatible.
Did you QA this? Could we deploy this straight to production? Please answer below: Yes.
For frontend changes: Tested on mobile? Please answer below: No new patterns implemented, so I didn't test it on mobile.
Did you introduce any new environment variables? If so, call them out explicitly here: No.