Beowulf
Second system release, as used on Remcon 2023. Rough changelog:
Ticket Previews
- The ticket preview system was completely reworked. Instead of generating previews using a predefined overlay template, the generator can now invoke a Docker container with arbitrary preview generation logic inside.
- Generated previews can now include metadata from the ticket (nickname, code, role, etc). This enables generating print-ready images.
- On Remcon 2023, the generator used a Jinja2 template to generate HTML files which were then rendered from Chromium to a PNG file. This generator is shipped in the repo for reference.
- Ticket previews can now be generated in multiple variants - we used this to generate front and back sides of each final ticket to print.
- Previews and personalization is now optional on a per-type basis.
- The personalization section was removed from the registration page to keep it simple.
Dynamic Forms
- The dynamic form system was also reworked and now uses a JSON-based form schema system. This makes them a lot less painful to work with on the Python side, but much more so on the admin side.
- At the moment, there's no admin GUI available to customize the forms. You just gotta JSON by hand. Sorry.
- The new form schema fixes a number of annoying parsing issues present in the first iteration and enables new features in the future, although not that many are present just yet.
- It's now possible to make the labels/help text display Markdown or HTML directly.
Custom Event Pages
- It is now possible to set up a custom payment info page - if a specific event does not require fully-automated payments, a selected Event Page can be shown instead when "Pay Online" is clicked.
- That Event Page is shown only where relevant.
Crew Panel
- The entire Crew Panel got a visual rework, making it easier to process an attendee step by step.
- The ID query fields are now focused automatically. (Thanks to Rozz for the suggestion.)
Maintenance and Security
- Upgraded to Python 3.10, Django 4.1 and bumped most libraries to +/- latest as of the release date.
- The deployment scripts were upgraded to target Ubuntu 22.04.
- The app now runs as www-data, not root. Most of its permissions were stripped with systemd service isolation features.
- Fixed lots of PyCharm warnings and inspections.
Odds and Ends
- Fixed race conditions around available ticket counts. It was possible to overpurchase ticket types in high demand - now that's no longer the case.
- Added rate-limited ticket purchases (one ticket every X seconds per user/IP address).
- It's now possible to force attendees to register a ticket before submitting any applications.
- Passwords are now hashed with scrypt (and will be upgraded on any login).
- Applications now store a JSON block with all answers, next to the formatted text block.
- Reworked the attendee-side application details view - everything is now in a fancy table.
- Sent email titles are now translated as well.
- Admin site now displays lots of columns on most models, and is far more useful now.
- Application export dumps its data to XLSX instead of CSV.
- Superadmins can now peek some user-facing pages even if they don't own a given object directly. User-facing pages are now linked on the admin pages.
- On-site tickets are no longer shown in "Your Tickets". In practice users with on-site tickets never see them on their account at all, and it's just system admins that end up with 100s of tickets on their front pages.
- Added user hijacking - admins can now impersonate any specified user to aid troubleshooting and see what they see.
- Staff users can be now exempt from the 2FA requirement. This is useful for service accounts during the event itself.
- Enabled Sentry profiling, which makes it easier to spot routes taking way longer than it should. (Hello P24, we'll have a talk later.)
- Ticket prices can be now overridden per individual ticket.
- Some system messages (sales over, etc) can now be personalized on a per-Event basis.
- Notification channels can now output to Telegram. Configuring this is a pain, but we kinda used this successfully.
- A bunch of random misc things I forgot about. Sorry!