cofacts

<https://github.com/cofacts/rumors-line-bot/pull/282|#282 Article LIFF with feedback submission>

developers.line.biz

LINE Front-end Framework

LINE Front-end Framework (LIFF) is a platform provided by LINE.

mrorz 2021-09-02 11:12:47

昨天討論到拿掉 server-side 的 maxage 這件事情
現在 staging 上線的是拿掉 maxage 後的東西，現在看到的 cache-control 是 cloudflare 的瀏覽器快取 TTL。

不過我發現如果 server-side 沒給 cache-control，cloudflare 本身似乎就完全懶得 cache，無論怎麼 refresh, cf-cache-status 都是 expired XDDD

mrorz 2021-09-02 11:17:05

似乎還是要設個 cache-control 不然 cloudflare 真的不會 cache⋯⋯
https://developers.cloudflare.com/cache/about/default-cache-behavior

<https://github.com/cofacts/rumors-line-bot/pull/282#issuecomment-909615688|Comment on #282 Article LIFF with feedback submission>

*Pull Request Test Coverage Report for <https://coveralls.io/builds/42532060|Build 1185001360>* • *0* of *0* changed or added relevant lines in *0* files are covered. • No unchanged relevant lines lost coverage. • Overall coverage remained the same at *87.326%* * * * * * * *:yellow_heart: - <https://coveralls.io|Coveralls>*

<https://github.com/cofacts/rumors-line-bot/pull/283#issuecomment-909617614|Comment on #283 Refactor: FeedbackForm use vote (enum) instead of deprecated score (1 | -1)>

*Pull Request Test Coverage Report for <https://coveralls.io/builds/42532117|Build 1185007548>* • *0* of *0* changed or added relevant lines in *0* files are covered. • No unchanged relevant lines lost coverage. • Overall coverage remained the same at *87.326%* * * * * * * *:yellow_heart: - <https://coveralls.io|Coveralls>*

Review on #281 Turn URLs in reference section into hyperlinks

Review on #282 Article LIFF with feedback submission

Review on #282 Article LIFF with feedback submission

g0v.hackmd.io

20210901 會議記錄 - HackMD

2

<https://github.com/cofacts/rumors-line-bot/pull/281|#281 Turn URLs in reference section into hyperlinks>

<https://github.com/cofacts/rumors-line-bot/pull/284|#284 Remove LIFF max-age header>

As discussed in <https://g0v.hackmd.io/E1-ajzinSwCyacGG228VsQ#LIFF-HTML-%E8%A2%AB-cache-%E4%BD%8F%E7%9A%84%E5%95%8F%E9%A1%8C|https://g0v.hackmd.io/E1-ajzinSwCyacGG228VsQ#LIFF-HTML-%E8%A2%AB-cache-%E4%BD%8F%E7%9A%84%E5%95%8F%E9%A1%8C> We should not cache LIFF HTML. Therefore, we delete maxage and just use Cloudflare to cache.

:white_check_mark: All checks have passed

<https://github.com/cofacts/rumors-line-bot/pull/284#issuecomment-910522252|Comment on #284 Remove LIFF max-age header>

*Pull Request Test Coverage Report for <https://coveralls.io/builds/42587894|Build 1191247797>* • *0* of *0* changed or added relevant lines in *0* files are covered. • No unchanged relevant lines lost coverage. • Overall coverage remained the same at *87.326%* * * * * * * *:yellow_heart: - <https://coveralls.io|Coveralls>*

Review on #284 Remove LIFF max-age header

<https://github.com/cofacts/rumors-line-bot/pull/284|#284 Remove LIFF max-age header>

<https://github.com/cofacts/rumors-line-bot/pull/283|#283 Refactor: FeedbackForm use vote (enum) instead of deprecated score (1 | -1)>

<https://github.com/cofacts/rumors-line-bot/pull/282|#282 Article LIFF with feedback submission>

<https://github.com/cofacts/rumors-line-bot/issues/285|#285 Empty reply will break chatbot>

View details in Rollbar: <https://rollbar.com/mrorz/rumors-line-bot/items/364/|https://rollbar.com/mrorz/rumors-line-bot/items/364/> ``` [LINE Client] 400: A message (messages[2]) in the request body is invalid. ``` `messages[2]`: ``` {"type":"flex","altText":"請從下列選擇您要查看的回應。","contents":{"type":"carousel","contents":[{"type":"bubble","direction":"ltr","header":{"type":"box","layout":"horizontal","spacing":"md","paddingBottom":"none","contents":[{"type":"text","text":"💬","flex":0},{"type":"text","text":"有人認為它含有不實訊息","gravity":"center","size":"sm","weight":"bold","wrap":true,"color":"#AAAAAA"}]},"body":{"type":"box","layout":"vertical","contents":[{"type":"text","text":"假的。 \n2019年起的相關規定如下：\n1、紅燈右轉: 機車和小型車罰 600元、大型車罰1400元。\n2、闖紅燈: 機車罰1800元、小型車罰2700元、大型車罰3600元。","align":"start","wrap":true,"margin":"md","maxLines":10},{"type":"filler"},{"type":"separator","margin":"md"},{"type":"box","layout":"horizontal","contents":[{"type":"text","text":"👍 有 1296 人覺得此回應有幫助\n😕 有 14 人覺得此回應沒幫助","size":"xs","wrap":true}],"margin":"md","spacing":"none"}]},"footer":{"type":"box","layout":"vertical","contents":[{"type":"button","action":{"type":"postback","label":"👀 看他怎麼說","displayText":"我要選「假的。 \n2019年起的相關規定如下：\n1、紅⋯⋯」","data":"{\"input\":\"CkyiZ24BV0DITCqGleU_\",\"sessionId\":1630504342376,\"state\":\"CHOOSING_REPLY\"}"},"style":"primary","color":"#ffb600"}]}},{"type":"bubble","direction":"ltr","header":{"type":"box","layout":"horizontal","spacing":"md","paddingBottom":"none","contents":[{"type":"text","text":"💬","flex":0},{"type":"text","text":"有人認為它不在查證範圍","gravity":"center","size":"sm","weight":"bold","wrap":true,"color":"#AAAAAA"}]},"body":{"type":"box","layout":"vertical","contents":[{"type":"text","text":"","align":"start","wrap":true,"margin":"md","maxLines":10},{"type":"filler"},{"type":"separator","margin":"md"},{"type":"box","layout":"horizontal","contents":[{"type":"text","text":"還沒有人針對此回應評價","size":"xs","wrap":true}],"margin":"md","spacing":"none"}]},"footer":{"type":"box","layout":"vertical","contents":[{"type":"button","action":{"type":"postback","label":"👀 看他怎麼說","displayText":"我要選「」","data":"{\"input\":\"UkJBtHoBgBgcuemX5aeB\",\"sessionId\":123,\"state\":\"CHOOSING_REPLY\"}"},"style":"primary","color":"#ffb600"}]}}]}} ``` The reply: <https://cofacts.tw/reply/UkJBtHoBgBgcuemX5aeB|https://cofacts.tw/reply/UkJBtHoBgBgcuemX5aeB> Occurrences: <https://user-images.githubusercontent.com/108608/131766155-2d7fe6a1-7740-4ecc-b684-013ae87eabbe.png|image>

image.png

developers.cloudflare.com

Edge and Browser Cache TTL · Cloudflare Cache docs

Cloudflare makes customer websites faster by storing a copy of the website’s content on our servers. Caching static resources at Cloudflare reduces your server load and bandwidth, with no extra charges for bandwidth spikes

<https://github.com/cofacts/rumors-line-bot/pull/286|#286 Set cache-control for assets>

As discussed in <https://g0v-tw.slack.com/archives/C2PPMRQGP/p1630552367020400?thread_ts=1630433602.014900&amp;cid=C2PPMRQGP|slack>, after we remove max-age in <https://github.com/cofacts/rumors-line-bot/pull/284|#284>, cloudflare never caches our asset files. This is because • koa-send (used by koa-static-server we are currently using) sets `max-age` to 0 if we do not specify any max-age: <https://github.com/koajs/send/blob/master/index.js#L60|https://github.com/koajs/send/blob/master/index.js#L60> • <https://developers.cloudflare.com/cache/about/default-cache-behavior|Default cache behavior of cloudflare> will respect max-age: 0 when it is given In this PR we override `Cache-Control` using <https://github.com/koajs/send#setheaders|`setHeaders` option> so that whenever koa-send serves a file that is not `index.html`, we attach a 1-year long max-age in the response header. *HTML* <https://user-images.githubusercontent.com/108608/131790478-2615c1cb-26ba-423a-8726-3cd7c6cb1b68.png|image> *Assets that is not HTML* <https://user-images.githubusercontent.com/108608/131790707-a8bdbff2-9aad-46eb-9fe0-39962e74d383.png|image>

:white_check_mark: 1 other check has passed

<https://github.com/cofacts/rumors-line-bot/pull/286#issuecomment-911297102|Comment on #286 Set cache-control for assets>

*Pull Request Test Coverage Report for <https://coveralls.io/builds/42602700|Build 1193026137>* • *0* of *0* changed or added relevant lines in *0* files are covered. • No unchanged relevant lines lost coverage. • Overall coverage remained the same at *87.326%* * * * * * * *:yellow_heart: - <https://coveralls.io|Coveralls>*

<https://github.com/cofacts/rumors-site/pull/446|#446 Bump immer from 8.0.1 to 9.0.6>

Bumps <https://github.com/immerjs/immer|immer> from 8.0.1 to 9.0.6. Release notes _Sourced from <https://github.com/immerjs/immer/releases|immer's releases>._ &gt; *v9.0.6* &gt; *<https://github.com/immerjs/immer/compare/v9.0.5...v9.0.6|9.0.6> (2021-08-31)* &gt; *Bug Fixes* &gt; &gt; • *security:* Follow up on <https://github.com/advisories/GHSA-9qmh-276g-x5pj|CVE-2020-28477> where `path: [["__proto__"], "x"]` could still pollute the prototype (<https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237|fa671e5>) &gt; &gt; *v9.0.5* &gt; *<https://github.com/immerjs/immer/compare/v9.0.4...v9.0.5|9.0.5> (2021-07-05)* &gt; *Bug Fixes* &gt; &gt; • release missing dist/ folder (<https://github.com/immerjs/immer/commit/bfb8decc92ded85d035da4b0c70dd642bb25e451|bfb8dec>) &gt; &gt; *v9.0.4* &gt; *<https://github.com/immerjs/immer/compare/v9.0.3...v9.0.4|9.0.4> (2021-07-05)* &gt; *Bug Fixes* &gt; &gt; • <https://github-redirect.dependabot.com/immerjs/immer/issues/791|#791> return 'nothing' should produce undefined patch (<https://github.com/immerjs/immer/commit/5412c9f770663d0f19fe9bdaeabfa05ff3127cc9|5412c9f>) &gt; • <https://github-redirect.dependabot.com/immerjs/immer/issues/807|#807> new undefined properties should end up in result object (<https://github.com/immerjs/immer/commit/dc3f66cdea53fd5a8c814924bfafa9f6b53c9c62|dc3f66c>) &gt; • Better applyPatches type (<https://github-redirect.dependabot.com/immerjs/immer/issues/810|#810>) (<https://github.com/immerjs/immer/commit/09ac097513714130e08ff18bc7496c4fd04f6531|09ac097>), closes <https://github-redirect.dependabot.com/immerjs/immer/issues/809|#809> &gt; &gt; *v9.0.3* &gt; *<https://github.com/immerjs/immer/compare/v9.0.2...v9.0.3|9.0.3> (2021-06-09)* &gt; *Bug Fixes* &gt; &gt; • isPlainObject: add quick comparison between input and `Object` to short-circuit taxing `Function.toString` invocations (<https://github-redirect.dependabot.com/immerjs/immer/issues/805|#805>) (<https://github.com/immerjs/immer/commit/07575f38f49babcc6014dc898e77d39e4a9347b1|07575f3>) &gt; &gt; *v9.0.2* &gt; *<https://github.com/immerjs/immer/compare/v9.0.1...v9.0.2|9.0.2> (2021-04-25)* &gt; *Bug Fixes* &gt; &gt; • <https://github-redirect.dependabot.com/immerjs/immer/issues/785|#785> fix type inference for produce incorrectly inferring promise (<https://github-redirect.dependabot.com/immerjs/immer/issues/786|#786>) (<https://github.com/immerjs/immer/commit/6555173838f575d48a3fcb825c5a7d1953573a11|6555173>) &gt; &gt; *v9.0.1* &gt; *<https://github.com/immerjs/immer/compare/v9.0.0...v9.0.1|9.0.1> (2021-03-20)* &gt; *Bug Fixes* &gt; &gt; • <https://github-redirect.dependabot.com/immerjs/immer/issues/768|#768> `immerable` field being lost during patch value cloning (<https://github-redirect.dependabot.com/immerjs/immer/issues/771|#771>) (<https://github.com/immerjs/immer/commit/e0b7c01c4ce039b7a68b5cb3cd97a7242962b7ab|e0b7c01>) ... (truncated) Commits • <https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237|`fa671e5`> fix(security): Follow up on <https://github.com/advisories/GHSA-9qmh-276g-x5pj|CVE-2020-28477> where `path: [["__proto__"], "x"]`... • <https://github.com/immerjs/immer/commit/2e0aa95b5002dd235ac51a1e2d6ae4fc65361dbc|`2e0aa95`> Create SECURITY.md • <https://github.com/immerjs/immer/commit/050522dea1d0b3810e1896d8f01c79ce89e4186c|`050522d`> chore: fix CI. maybe. • <https://github.com/immerjs/immer/commit/11955103ee6d63adc819438d76ac8a8585e1c44e|`1195510`> docs: Update example-setstate.mdx (<https://github-redirect.dependabot.com/immerjs/immer/issues/833|#833>) • <https://github.com/immerjs/immer/commit/648d39bc72426d1772633acd48909b953d474672|`648d39b`> docs: fixing link to RFC-6902 &amp; fixing typo (<https://github-redirect.dependabot.com/immerjs/immer/issues/830|#830>) • <https://github.com/immerjs/immer/commit/bc890f751bae6a26bd0eb61022cfea45517bc52a|`bc890f7`> docs: Update example-setstate.mdx (<https://github-redirect.dependabot.com/immerjs/immer/issues/829|#829>) • <https://github.com/immerjs/immer/commit/16a3d0f36ceefeed7f4e7db8b4341b1d21f52636|`16a3d0f`> chore(deps): bump prismjs from 1.23.0 to 1.24.0 in /website (<https://github-redirect.dependabot.com/immerjs/immer/issues/822|#822>) • <https://github.com/immerjs/immer/commit/847492c42043c38674642413a69a4a6fdfe648e7|`847492c`> docs: Extended / updated documenation (<https://github-redirect.dependabot.com/immerjs/immer/issues/824|#824>) • <https://github.com/immerjs/immer/commit/7f414838a7aa84bd55f03d31afb0ee85c6cae2f5|`7f41483`> chore: [workflows] don't release from forks • <https://github.com/immerjs/immer/commit/3f9a94e9e7502001ceda15614dabf423e98c7091|`3f9a94e`> chore: let's test before publish • Additional commits viewable in <https://github.com/immerjs/immer/compare/v8.0.1...v9.0.6|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/cofacts/rumors-site/network/alerts|Security Alerts page>.

:white_check_mark: All checks have passed

<https://github.com/cofacts/rumors-site/pull/446#issuecomment-912113143|Comment on #446 Bump immer from 8.0.1 to 9.0.6>

<https://coveralls.io/builds/42626646|Coverage Status> Coverage remained the same at 75.261% when pulling *<https://github.com/cofacts/rumors-site/commit/126fc50a81835c261680cc7031429377a286575d|126fc50> on dependabot/npm_and_yarn/immer-9.0.6* into *<https://github.com/cofacts/rumors-site/commit/712af7c7126683d89ea6b4498ba8be0011382779|712af7c> on master*.

Wired

Can the Wisdom of Crowds Help Fix Social Media’s Trust Issue?

A new study finds that small groups of laypeople can match or surpass the work of professional fact checkers—and they can do it at scale.

mrorz 2021-09-05 17:26:10

Paper: https://www.science.org/doi/10.1126/sciadv.abf4393
雜誌是 SCIENCE ADVANCES

<https://github.com/cofacts/rumors-line-bot/pull/287#issuecomment-913191843|Comment on #287 Translation>

*Pull Request Test Coverage Report for <https://coveralls.io/builds/42662507|Build 1203508341>* • *0* of *0* changed or added relevant lines in *0* files are covered. • No unchanged relevant lines lost coverage. • Overall coverage remained the same at *87.326%* * * * * * * *:yellow_heart: - <https://coveralls.io|Coveralls>*

<https://github.com/cofacts/rumors-line-bot/pull/288|#288 Send article content as title when submitting LIFF events>

Adds article content as document title in the following GA events (`Event category` / `Event action` / `Event label`): • `LIFF` / `ViewArticle` / `&lt;articleId&gt;` • `LIFF` / `ViewReply` / `&lt;replyId&gt;` This will be useful to generate a message search trend report with message search capability, such as <https://datastudio.google.com/reporting/18J8jZYumsoaCPBk9bdRd97GKvi_W5v-r/page/NrUQ|this one>. <https://user-images.githubusercontent.com/108608/132167356-2ebdf02b-bcf1-4edb-b071-09dff6122d37.png|image>

:white_check_mark: All checks have passed

<https://github.com/cofacts/rumors-line-bot/pull/288#issuecomment-913365183|Comment on #288 Send article content as title when submitting LIFF events>

*Pull Request Test Coverage Report for <https://coveralls.io/builds/42667782|Build 1204850639>* • *4* of *4* *(100.0%)* changed or added relevant lines in *2* files are covered. • No unchanged relevant lines lost coverage. • Overall coverage increased (+*0.008%*) to *87.333%* * * * * * * *:yellow_heart: - <https://coveralls.io|Coveralls>*

Review on #288 Send article content as title when submitting LIFF events

20210906 1755.png

<https://github.com/cofacts/rumors-line-bot/pull/289#issuecomment-914489940|Comment on #289 Add AppBar and links to website>

*Pull Request Test Coverage Report for <https://coveralls.io/builds/42706371|Build 1210453592>* • *0* of *0* changed or added relevant lines in *0* files are covered. • No unchanged relevant lines lost coverage. • Overall coverage remained the same at *87.326%* * * * * * * *:yellow_heart: - <https://coveralls.io|Coveralls>*

g0v.hackmd.io

20210908 會議記錄 - HackMD

<https://github.com/cofacts/rumors-line-bot/pull/288|#288 Send article content as title when submitting LIFF events>

<https://github.com/cofacts/rumors-line-bot/pull/286|#286 Set cache-control for assets>

<https://github.com/cofacts/rumors-line-bot/pull/287|#287 Translation>

<https://github.com/cofacts/rumors-line-bot/pull/289|#289 Add AppBar and links to website>

1631090990900.jpg

Review on #289 Add AppBar and links to website

Review on #287 Translation

<https://github.com/cofacts/rumors-line-bot/pull/287|#287 Translation>

<https://github.com/cofacts/rumors-line-bot/pull/289|#289 Add AppBar and links to website>

<https://github.com/cofacts/rumors-line-bot/pull/290|#290 Replace "編輯" with "查證志工">

As discussed in <https://g0v.hackmd.io/6mTYVWhLSTWfDcyaxYLaXA?view#%E6%9C%AA%E7%AB%9F%E9%A0%85%E7%9B%AE|https://g0v.hackmd.io/6mTYVWhLSTWfDcyaxYLaXA?view#%E6%9C%AA%E7%AB%9F%E9%A0%85%E7%9B%AE> , we should avoid using "編輯" because it is too ambiguous. We use "查證志工" instead. <https://user-images.githubusercontent.com/108608/132513816-6d696429-f7f1-4246-94f2-330c4ba1100b.png|圖片> <https://user-images.githubusercontent.com/108608/132514272-0c149642-ef16-4d22-a167-15aa1f440cf6.png|圖片> <https://user-images.githubusercontent.com/108608/132516160-8f51c391-1a88-4e81-ab22-98c8e869a675.png|圖片> <https://user-images.githubusercontent.com/108608/132516243-7ad2c0e2-de4f-4827-85b8-3547c98ebd3f.png|圖片>

:white_check_mark: All checks have passed

<https://github.com/cofacts/rumors-line-bot/pull/290#issuecomment-915230111|Comment on #290 Replace "編輯" with "查證志工">

*Pull Request Test Coverage Report for <https://coveralls.io/builds/42727886|Build 1213457984>* • *0* of *0* changed or added relevant lines in *0* files are covered. • No unchanged relevant lines lost coverage. • Overall coverage remained the same at *87.333%* * * * * * * *:yellow_heart: - <https://coveralls.io|Coveralls>*

<https://github.com/cofacts/rumors-line-bot/pull/290|#290 Replace "編輯" with "查證志工">

註解 2021-09-13 004829.png

mrorz 2021-09-13 10:12:52

在手機上送出的時候沒有限制，但我們期待網站使用者會貼 URL 並且描述內容等，所以比較長唷！

<https://github.com/cofacts/rumors-site/pull/447|#447 Comply to OAuth2 Login identity provider platform terms>

Facebook <https://developers.facebook.com/terms|Platform Terms>: &gt; Platform Terms 4.b: Your privacy policy must comply with applicable law and regulations and must accurately and clearly explain what data you are Processing, how you are Processing it, the purposes for which you are Processing it, and how Users may request deletion of that data. Thus we add the following info to our privacy term (四、隱私及個人資料): • How we process the platform data • How to request delete of platform data • actually in 一、5 we already said that collaborators can email us to modify their personal data. However since it is not a clear "deletion" step, let's clarify it again in 四、隱私及個人資料.

:white_check_mark: All checks have passed

<https://github.com/cofacts/rumors-site/pull/447#issuecomment-918435062|Comment on #447 Comply to OAuth2 Login identity provider platform terms>

<https://coveralls.io/builds/42836109|Coverage Status> Coverage remained the same at 75.261% when pulling *<https://github.com/cofacts/rumors-site/commit/75b2e00b1ed5c9ff1bc1d0341428b09a283262f9|75b2e00> on privacy-update* into *<https://github.com/cofacts/rumors-site/commit/712af7c7126683d89ea6b4498ba8be0011382779|712af7c> on master*.

<https://github.com/cofacts/rumors-site/issues/449|#449 Do not allow empty replies>

Currently there are empty replies like this in the DB: <https://cofacts.tw/reply/UkJBtHoBgBgcuemX5aeB|https://cofacts.tw/reply/UkJBtHoBgBgcuemX5aeB> We should block empty replies when submitting on website &amp; also block it on API side. Also, replies with only space / blank lines should be blocked to. Consider `trim()` before checking its emptyness. Relates to <https://github.com/cofacts/rumors-line-bot/issues/285|cofacts/rumors-line-bot#285>

<https://github.com/cofacts/rumors-site/pull/448#issuecomment-919416584|Comment on #448 [Trivial] fix typo in ReportPage>

<https://coveralls.io/builds/42869583|Coverage Status> Coverage remained the same at 75.261% when pulling *<https://github.com/cofacts/rumors-site/commit/d9689cf6bcbd3e9690ef80f85feaf5a48713e565|d9689cf> on impact-typo* into *<https://github.com/cofacts/rumors-site/commit/712af7c7126683d89ea6b4498ba8be0011382779|712af7c> on master*.

<https://github.com/cofacts/takedowns/pull/18|#18 Add 謝汗馬 to spammer list>

Review on #18 Add 謝汗馬 to spammer list

Review on #18 Add 謝汗馬 to spammer list

Review on #447 Comply to OAuth2 Login identity provider platform terms

<https://github.com/cofacts/takedowns/pull/18|#18 Add 謝汗馬 to spammer list>

<https://github.com/cofacts/rumors-site/issues/449#issuecomment-920104679|Comment on #449 Do not allow empty replies>

若只擋空字串或空白字元，有心人只要隨便打幾個字就可以騙過，所以怎樣的狀況應該視為是來亂的而忽略掉，可能要再討論一下吧?

<https://github.com/cofacts/rumors-site/issues/449#issuecomment-920106757|Comment on #449 Do not allow empty replies>

如果有違反使用者條款的狀況，我們可以直接尋條款刪除唷 目前實際有刪掉的狀況可以看 <https://github.com/cofacts/takedowns|https://github.com/cofacts/takedowns> ～ 無論多複雜的阻擋方式，先從空白下手，總是一種開始的方法

<https://github.com/cofacts/rumors-site/pull/447|#447 Comply to OAuth2 Login identity provider platform terms>

<https://github.com/cofacts/rumors-line-bot/issues/291|#291 Article LIFF should handle the case when specified replyId is incorrect>

When `replyId` of article LIFF is not one of the currently available replies (may be a deleted reply or just an incorrect ID), show an error message "This reply does not exist or has been deleted by its author." and list all other replies. Current: <https://line-bot.cofacts.tw/liff/index.html?p=article&amp;articleId=3i4cnjbpou0qy&amp;replyId=WRONG_ID|https://line-bot.cofacts.tw/liff/index.html?p=article&amp;articleId=3i4cnjbpou0qy&amp;replyId=WRONG_ID>

<https://github.com/cofacts/rumors-site/pull/450|#450 Bump tmpl from 1.0.4 to 1.0.5>

Bumps <https://github.com/daaku/nodejs-tmpl|tmpl> from 1.0.4 to 1.0.5. Commits • See full diff in <https://github.com/daaku/nodejs-tmpl/commits/v1.0.5|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/cofacts/rumors-site/network/alerts|Security Alerts page>.

:white_check_mark: No checks have passed

<https://github.com/cofacts/rumors-fb-bot/pull/27|#27 Bump tmpl from 1.0.4 to 1.0.5>

Bumps <https://github.com/daaku/nodejs-tmpl|tmpl> from 1.0.4 to 1.0.5. Commits • See full diff in <https://github.com/daaku/nodejs-tmpl/commits/v1.0.5|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/cofacts/rumors-fb-bot/network/alerts|Security Alerts page>.

<https://github.com/cofacts/rumors-line-bot/issues/293|#293 LIFF should request "Profile" instead of "Open ID">

*As-is* Currently Cofacts LIFF requests for `openid` and `chat_message.write` scope. <https://user-images.githubusercontent.com/108608/134458898-89d9be95-b495-4628-b520-482ddfb79a55.png|image> This triggers the following consent window when the user first opens Cofacts LIFF: <https://user-images.githubusercontent.com/108608/134459233-2e4f29c5-fe84-4cef-999e-bf7c69b378ba.png|image> Currently the "用戶識別資訊 (必要資訊)" has caused confusion and intimidated users from proceeding. *To-be* We should use `profile` instead. If we do so, the consent window will become something similar to: <https://user-images.githubusercontent.com/108608/134459682-746d7f16-fad0-44b6-99d0-d47903ba5103.png|image> The wording of "Profile" scope (個人檔案) is more welcoming to the users. To achieve this, we should replace <https://g0v.hackmd.io/eIeU2g86Tfu5VnLazNfUvQ?view#1-LIFF-ltgt-chatbot-GraphQL-API-%E7%9A%84%E6%96%B0%E8%AA%8D%E8%AD%89%E6%96%B9%E5%BC%8F|current ID token mechanism> with <https://developers.line.biz/en/docs/line-login/secure-login-process/#using-access-tokens|access token + get profile API from chatbot server>. Furthermore, we can access <https://developers.line.biz/en/reference/liff/#get-friendship|`liff.getFriendship()`> after we have access to `profile` scope, allowing us to <https://g0v.hackmd.io/s3gX4lQ-SSmqMXzrcOpPag#%E7%9C%9F%E7%9A%84%E5%81%87%E7%9A%84-ltgt-TM-Check|display links to add Cofacts chatbot to those who did not>. *Implementation detail* 1. We can replace the current mechanism of passing ID tokens to passing access token instead. 2. On server side, we replace ID token verification mechanism with calling `/v2/profile` for the `userId`. 3. We don't need to call `/oauth2/v2.1/verify`, `/v2/profile` should be enough just for retrieving trustworthy `userId` from LINE. *Other notes* • This issue does not nessasarily cover <https://g0v.hackmd.io/BBeVH2VxRNOCq5QB_HC6EQ?both#Devs---Q2|the deprecation> of <https://g0v.hackmd.io/BBeVH2VxRNOCq5QB_HC6EQ?view#Devs---Q2|`urlToken` param mechanism>. • This issue does not cover <https://github.com/cofacts/rumors-line-bot/issues/174|"send messages to user">. Removing this scope requires siginificant rewrite of the chatbot workflows, which are outlined <https://g0v.hackmd.io/iTCmUFHeQLSILSXi2dBTjw#%E6%B6%88%E9%99%A4%E3%80%8C%E9%80%81%E8%A8%8A%E6%81%AF%E8%87%B3%E8%81%8A%E5%A4%A9%E5%AE%A4%E3%80%8D%E6%AC%8A%E9%99%90%E8%AB%8B%E6%B1%82|here>.

meet.jit.si

Jitsi Meet

Join a WebRTC video conference powered by the Jitsi Videobridge

meet.jit.si

Jitsi Meet

Join a WebRTC video conference powered by the Jitsi Videobridge

<https://github.com/cofacts/rumors-site/pull/448|#448 [Trivial] fix typo in ReportPage>

<https://github.com/cofacts/rumors-site/pull/451|#451 Block empty replies>

Fixes <https://github.com/cofacts/rumors-site/issues/449|#449> When reply text is empty or contains nothing but only space / line breaks, block submission. <https://user-images.githubusercontent.com/108608/135214140-df796939-4fae-4e06-82f4-095cc33311d7.gif|block-empty>

:white_check_mark: All checks have passed

<https://github.com/cofacts/rumors-site/pull/451#issuecomment-929874905|Comment on #451 Block empty replies>

<https://coveralls.io/builds/43142243|Coverage Status> Coverage remained the same at 75.261% when pulling *<https://github.com/cofacts/rumors-site/commit/a3a33e438c8d6bc30bb3229ea81556579b47a1c2|a3a33e4> on block-empty-replies* into *<https://github.com/cofacts/rumors-site/commit/824fb25a0fdb3d5ba73359e612efcd5cf6dad893|824fb25> on master*.

<https://github.com/cofacts/rumors-site/pull/443#issuecomment-929875372|Comment on #443 Bump next from 9.3.2 to 11.1.0>

We are not affected as we are using old version of next.js. <https://github.com/dependabot|@dependabot> close

<https://github.com/cofacts/rumors-site/pull/443|#443 Bump next from 9.3.2 to 11.1.0>

<https://github.com/cofacts/takedowns/pull/19|#19 Add empty reply deletion announcement>

Review on #451 Block empty replies

Review on #448 [Trivial] fix typo in ReportPage

Review on #19 Add empty reply deletion announcement

LGTM!

<https://github.com/cofacts/takedowns/pull/19|#19 Add empty reply deletion announcement>

<https://github.com/cofacts/takedowns/pull/20|#20 Remove ads user>

<https://github.com/cofacts/rumors-site/pull/448|#448 [Trivial] fix typo in ReportPage>

Review on #20 Remove ads user

<https://github.com/cofacts/takedowns/pull/20|#20 Remove ads user>

<https://github.com/cofacts/rumors-site/issues/449|#449 Do not allow empty replies>

<https://github.com/cofacts/rumors-site/pull/451|#451 Block empty replies>