Merge branch 'main' into change-overridedate-label

wellcomecollection · Nov 26, 2024 · 293a81b · 293a81b
2 parents ba98c93 + dd5eef9
commit 293a81b
Show file tree

Hide file tree

Showing 12 changed files with 162 additions and 22 deletions.
diff --git a/.github/ISSUE_TEMPLATE/design_template.md b/.github/ISSUE_TEMPLATE/design_template.md
@@ -0,0 +1,42 @@
+---
+name: Design template
+about: Start on a design feature
+title: ''
+labels: ['needs: design']
+assignees: ''
+projects: ['wellcomecollection/18']
+---
+
+## Description
+
+<!-- Complete/delete as appropriate -->
+
+## User story
+
+As a [ _persona_ ]
+I want to [ _be able to …_ ]
+So that I can [ _achieve this outcome_ ]
+
+<!-- 
+Example:
+As a _researcher influencer_
+I want to _be able to sign up to the newsletter_
+So that _I can better understand Wellcome’s position on x_ 
+-->
+
+## UX brief
+**Design brief:** <!-- Add link here -->
+**Project page on Notion:** <!-- Add link here -->
+
+## Definition of done
+- [ ] Achieves user story
+- [ ] Testing approach agreed
+- [ ] Passes accessibility (eg colour contrast)
+- [ ] Responsive design considered
+- [ ] Design critique or review
+- [ ] Check with real data (images, copy etc)
+- [ ] Flag new elements that might be incorporated into the design system
+- [ ] Spec designs (interactions, how it works, logic etc)
+- [ ] Does this design have an analytics plan?
+- [ ] Agree final designs with product manager
+- [ ] Create dev tickets and handover
diff --git a/.github/ISSUE_TEMPLATE/design_template.yml b/.github/ISSUE_TEMPLATE/design_template.yml
diff --git a/cache/modules/wc_org_cloudfront/waf.tf b/cache/modules/wc_org_cloudfront/waf.tf
@@ -37,6 +37,11 @@ locals {
 
   ip_allowlist = setunion(var.waf_ip_allowlist, local.qualys_scanner_ips)
 
+  cidr_watchlist = [
+    "20.49.161.16/28",
+    "20.77.132.128/28"
+  ]
+
   // This is the complete list of Bot Control rules from
   // https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html
   //
@@ -106,9 +111,30 @@ resource "aws_wafv2_web_acl" "wc_org" {
   }
 
   rule {
-    name     = "managed-ip-blocking"
+    name     = "ip-watchlist"
     priority = 1
 
+    action {
+      count {}
+    }
+
+    statement {
+      ip_set_reference_statement {
+        arn = aws_wafv2_ip_set.watchlist.arn
+      }
+    }
+
+    visibility_config {
+      cloudwatch_metrics_enabled = true
+      sampled_requests_enabled   = true
+      metric_name                = "weco-cloudfront-acl-watchlist-${var.namespace}"
+    }
+  }
+
+  rule {
+    name     = "managed-ip-blocking"
+    priority = 2
+
     override_action {
       none {}
     }
@@ -130,7 +156,7 @@ resource "aws_wafv2_web_acl" "wc_org" {
 
   rule {
     name     = "blanket-rate-limiting"
-    priority = 2
+    priority = 3
 
     action {
       block {}
@@ -152,7 +178,7 @@ resource "aws_wafv2_web_acl" "wc_org" {
 
   rule {
     name     = "restrictive-rate-limiting"
-    priority = 3
+    priority = 4
 
     action {
       block {}
@@ -190,7 +216,7 @@ resource "aws_wafv2_web_acl" "wc_org" {
   // See: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-baseline.html#aws-managed-rule-groups-baseline-crs
   rule {
     name     = "core-rule-group"
-    priority = 4
+    priority = 5
 
     override_action {
       none {}
@@ -213,7 +239,7 @@ resource "aws_wafv2_web_acl" "wc_org" {
   // See: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-use-case.html#aws-managed-rule-groups-use-case-sql-db
   rule {
     name     = "sqli-rule-group"
-    priority = 5
+    priority = 6
 
     override_action {
       none {}
@@ -236,7 +262,7 @@ resource "aws_wafv2_web_acl" "wc_org" {
   // See: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-baseline.html#aws-managed-rule-groups-baseline-known-bad-inputs
   rule {
     name     = "known-bad-inputs-rule-group"
-    priority = 6
+    priority = 7
 
     override_action {
       none {}
@@ -258,7 +284,7 @@ resource "aws_wafv2_web_acl" "wc_org" {
 
   rule {
     name     = "bot-control-rule-group"
-    priority = 7
+    priority = 8
 
     // Because the Bot Control rules are quite aggressive, they block some useful bots
     // such as Updown. While we could add overrides for specific bots, we don"t want to have to
@@ -304,7 +330,7 @@ resource "aws_wafv2_web_acl" "wc_org" {
 
   rule {
     name     = "google-other-block"
-    priority = 8
+    priority = 9
 
     action {
       block {}
@@ -326,7 +352,7 @@ resource "aws_wafv2_web_acl" "wc_org" {
 
   rule {
     name     = "geo-rate-limit"
-    priority = 9
+    priority = 10
 
     action {
       block {
@@ -391,3 +417,13 @@ resource "aws_wafv2_ip_set" "allowlist" {
   # These need to be CIDR blocks rather than plain addresses
   addresses = [for ip in local.ip_allowlist : "${ip}/32"]
 }
+
+resource "aws_wafv2_ip_set" "watchlist" {
+  name        = "watchlist-${var.namespace}"
+  description = "IPs that we do not apply managed WAF rules to, but we want to monitor"
+
+  scope              = "CLOUDFRONT"
+  ip_address_version = "IPV4"
+
+  addresses = local.cidr_watchlist
+}
diff --git a/common/data/cookies.ts b/common/data/cookies.ts
@@ -130,6 +130,10 @@ export const cookiesTableCopy = {
       'YouTube',
       `We embed videos on our websites from our official YouTube channel using YouTube's privacy-enhanced mode.<br />YouTube will not store personally-identifiable Cookie information for playbacks of embedded videos using the privacy-enhanced mode.<br /><a href="https://www.youtube.com/intl/ALL_uk/howyoutubeworks/our-commitments/protecting-user-data" target="_blank" rel="noopener noreferrer">Read about how YouTube maintains user privacy</a>.`,
     ],
+    [
+      'Vimeo',
+      `We embed videos on our websites from our official Vimeo channel. With permission we collect data on how you interact with these videos.<br />This information helps us improve the digital content we create. <a href="https://help.vimeo.com/hc/en-us/articles/26080940921361-Vimeo-Player-Cookies" target="_blank" rel="noopener noreferrer">Visit Vimeo to see a full list of cookies and their uses</a>.`,
+    ],
   ],
   '[marketing_cookies_table]': [
     ['Provider', 'Purpose'],

diff --git a/common/views/components/CivicUK/index.tsx b/common/views/components/CivicUK/index.tsx
@@ -137,6 +137,10 @@ const CivicUK = ({ apiKey }: { apiKey: string }) => (
                     name: 'YouTube',
                     optOutLink: 'https://myaccount.google.com/yourdata/youtube?hl=en&pli=1',
                   },
+                  {
+                    name: 'Vimeo',
+                    optOutLink: 'https://vimeo.com/cookie_policy'
+                  },
                 ],
               },
               {

diff --git a/common/views/components/VideoEmbed/VideoEmbed.tsx b/common/views/components/VideoEmbed/VideoEmbed.tsx
@@ -96,7 +96,7 @@ const VideoEmbed: FunctionComponent<Props> = ({
   const videoSrc = isYouTube
     ? `${embedUrl}&enablejsapi=1&autoplay=1`
     : isVimeo
-      ? `${embedUrl}&autoplay=1`
+      ? `${embedUrl}&autoplay=1${!hasAnalyticsConsent ? '&dnt=1' : ''}`
       : undefined;
 
   const thumbnailSrc = isYouTube

diff --git a/content/webapp/components/SearchPagesLink/Images.tsx b/content/webapp/components/SearchPagesLink/Images.tsx
@@ -27,7 +27,9 @@ const emptyImagesProps: ImagesProps = {
   'source.production.dates.from': undefined,
   'source.genres.concepts': [],
   'source.subjects.label': [],
+  'source.subjects.concepts': [],
   'source.contributors.agent.label': [],
+  'source.contributors.concepts': [],
   color: undefined,
   sort: undefined,
   sortOrder: undefined,
@@ -42,7 +44,9 @@ const codecMap = {
   'source.production.dates.from': maybeStringCodec,
   'source.genres.concepts': csvCodec,
   'source.subjects.label': quotedCsvCodec,
+  'source.subjects.concepts': csvCodec,
   'source.contributors.agent.label': quotedCsvCodec,
+  'source.contributors.concepts': csvCodec,
   color: maybeStringCodec,
   sort: maybeStringCodec,
   sortOrder: maybeStringCodec,

diff --git a/content/webapp/components/SearchPagesLink/Works.tsx b/content/webapp/components/SearchPagesLink/Works.tsx
@@ -26,7 +26,9 @@ const emptyWorksProps: WorksProps = {
   'genres.label': [],
   'genres.concepts': [],
   'subjects.label': [],
+  'subjects.concepts': [],
   'contributors.agent.label': [],
+  'contributors.concepts': [],
   sort: undefined,
   sortOrder: undefined,
   'partOf.title': undefined,
@@ -44,7 +46,9 @@ const codecMap = {
   'genres.label': quotedCsvCodec,
   'genres.concepts': csvCodec,
   'subjects.label': quotedCsvCodec,
+  'subjects.concepts': csvCodec,
   'contributors.agent.label': quotedCsvCodec,
+  'contributors.concepts': csvCodec,
   sort: maybeStringCodec,
   sortOrder: maybeStringCodec,
   'partOf.title': maybeStringCodec,

diff --git a/content/webapp/components/SearchPagesLink/WorksLink.test.tsx b/content/webapp/components/SearchPagesLink/WorksLink.test.tsx
@@ -19,8 +19,10 @@ describe('WorksLink', () => {
         'genres.concepts': [],
         'genres.label': [],
         'subjects.label': [],
+        'subjects.concepts': [],
         languages: [],
         'contributors.agent.label': [],
+        'contributors.concepts': [],
       });
     });
 
@@ -49,8 +51,10 @@ describe('WorksLink', () => {
         'genres.concepts': [],
         'genres.label': [],
         'subjects.label': [],
+        'subjects.concepts': [],
         languages: [],
         'contributors.agent.label': [],
+        'contributors.concepts': [],
       });
     });
   });

diff --git a/content/webapp/pages/concepts/[conceptId].tsx b/content/webapp/pages/concepts/[conceptId].tsx
@@ -7,6 +7,7 @@ import styled from 'styled-components';
 import { pageDescriptionConcepts } from '@weco/common/data/microcopy';
 import { ImagesLinkSource } from '@weco/common/data/segment-values';
 import { getServerData } from '@weco/common/server-data';
+import { useToggles } from '@weco/common/server-data/Context';
 import { appError, AppErrorProps } from '@weco/common/services/app';
 import { Pageview } from '@weco/common/services/conversion/track';
 import { font } from '@weco/common/utils/classnames';
@@ -42,7 +43,8 @@ import {
   allRecordsLinkParams,
   conceptTypeDisplayName,
   getDisplayIdentifierType,
-  queryParams,
+  queryParamsById,
+  queryParams as queryParamsByLabel,
 } from '@weco/content/utils/concepts';
 import { cacheTTL, setCacheControl } from '@weco/content/utils/setCacheControl';
 
@@ -259,6 +261,9 @@ export const ConceptPage: NextPage<Props> = ({
   apiToolbarLinks,
 }) => {
   useHotjar(true);
+  const { conceptsById } = useToggles();
+  const linkParams = conceptsById ? queryParamsById : allRecordsLinkParams;
+
   const pathname = usePathname();
   const worksTabs = tabOrder
     .map(relationship => {
@@ -271,7 +276,7 @@ export const ConceptPage: NextPage<Props> = ({
         resultsGroup: data.works,
         tabLabelText: data.label,
         link: toWorksLink(
-          allRecordsLinkParams(tabId, conceptResponse),
+          linkParams(tabId, conceptResponse),
           linkSources[tabId]
         ),
       });
@@ -291,7 +296,7 @@ export const ConceptPage: NextPage<Props> = ({
         resultsGroup: sectionsData[relationship].images,
         tabLabelText: sectionsData[relationship].label,
         link: toImagesLink(
-          allRecordsLinkParams(tabId, conceptResponse),
+          linkParams(tabId, conceptResponse),
           `${linkSources[tabId]}_${pathname}` as ImagesLinkSource
         ),
       });
@@ -449,6 +454,9 @@ export const getServerSideProps: GetServerSideProps<
     );
   }
 
+  const filterByConceptId = serverData.toggles?.conceptsById?.value;
+  const queryParams = filterByConceptId ? queryParamsById : queryParamsByLabel;
+
   const getConceptWorks = (sectionName: string) =>
     getWorks({
       params: queryParams(sectionName, conceptResponse),

diff --git a/content/webapp/services/prismic/transformers/embeds.ts b/content/webapp/services/prismic/transformers/embeds.ts
@@ -3,7 +3,7 @@ import * as prismic from '@prismicio/client';
 export function getVimeoEmbedUrl(embed: prismic.EmbedField): string {
   const embedUrl = embed.html?.match(/src="([-a-zA-Z0-9://.?=_]+)?/)![1];
 
-  return `${embedUrl}?rel=0&dnt=1`;
+  return `${embedUrl}?rel=0`;
 }
 
 export function getSoundCloudEmbedUrl(embed: prismic.EmbedField): string {