marrub
/
mastodon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: marrub:master
Branches Tags
marrub:master
marrub:staging
..
compare: marrub:staging
Branches Tags
marrub:master
marrub:staging

545 Commits
master ... staging

Author SHA1 Message Date
Blackle Mori 0f84a7174c Fix linear gradient colour on collapsed statuses in a few skins 2019-08-15 23:55:47 -05:00
multiple creatures f9eaffc790 relax the the media proxy rate limit when logged in (now with 300% more relaxation) 2019-08-15 23:47:23 -05:00
multiple creatures d2eb644d45 apply custom filters and cws to search + remove unused es search methods 2019-08-15 23:41:34 -05:00
multiple creatures f40c6dbc93 handle custom cws when a filter has the `entire thread` option set 2019-08-15 23:22:43 -05:00
multiple creatures 14cf223041 only drop posts matching a custom filter when the filter has no cw override set 2019-08-15 22:53:02 -05:00
multiple creatures 7bbcf793bc custom filters now have an option to add or override content warnings; filter caching has been fixed 2019-08-15 22:40:20 -05:00
multiple creatures f783ec279d allow out-of-body mentions 2019-08-15 17:07:59 -05:00
multiple creatures f54329f9d6 alias `quit` bangtag to `part` + `part:reply-guy-mode` egg 2019-08-15 17:07:56 -05:00
multiple creatures 7ce8751692 fix arachnia & seadrake media padding 2019-08-15 12:16:45 -05:00
multiple creatures e8a5c9a972 fix arachnia & seadrake colors 2019-08-15 12:15:23 -05:00
multiple creatures 18e727efdf don't bother searching if term is empty 2019-08-15 11:12:17 -05:00
multiple creatures bbb025be69 add ability to search own posts by prepending `me:` to searches 2019-08-15 11:09:36 -05:00
multiple creatures 5ae918d968 add cw to moderation bangtags if missing 2019-08-15 10:58:07 -05:00
multiple creatures ad81a82ea4 initial fixes of orctober colors 2019-08-15 10:38:58 -05:00
multiple creatures c8a9f38bcd initial fixes of tentacle colors 2019-08-15 10:25:07 -05:00
multiple creatures b4b6f39c87 fix padding on orctober & tentacle themes 2019-08-15 09:53:07 -05:00
multiple creatures 903cabc4b2 fix the header padding 2019-08-15 09:47:42 -05:00
multiple creatures cc3cf7b606 `target_account.user` -> `target_account` 2019-08-15 09:27:43 -05:00
multiple creatures e2e0eddda7 fix err 500 when someone attempts to follow someone they're already following 2019-08-15 09:27:43 -05:00
multiple creatures b6b5bae72c fix err 500 when trying to read `identity_proofs` from a non-existant account 2019-08-15 09:27:43 -05:00
Lumb c19fc4cf9b remove negative margins for direct messages and boosts in timeline 
What the tin says, noticed this bug was still hanging around, just only on DMs and on boosts in the TL so I think this should sort that.
 2019-08-15 09:27:43 -05:00
multiple creatures a06f8140d9 handle interactions on sharekeyed posts when both participants are local; allow faving sharekeyed posts 2019-08-15 09:27:43 -05:00
multiple creatures 6d026c5007 fix accidental rename 2019-08-15 09:27:43 -05:00
Lumb c9dc797ef2 remove negative margin 
this should fix the names being cut off on the notification bar uwu uwu
 2019-08-12 10:53:02 +00:00
multiple creatures 8a7605e502 fix interaction buttons on public pages 2019-08-10 03:21:04 -05:00
multiple creatures 2a41140dc7 ...and a different newline syntax too. 2019-08-10 01:43:01 -05:00
multiple creatures 1cdf37da83 Gitea uses a different Markdown quote syntax. 2019-08-10 01:41:44 -05:00
multiple creatures 0ea96118af Finally add a proper README. 2019-08-10 01:39:34 -05:00
multiple creatures eac4369868 all i am saaaaaaaaaying / is use up less raaaaaaam 
This reverts commit ed9c8f67c4.
 2019-08-09 21:25:51 -05:00
multiple creatures 5f08b96cbe broadcast monsterfork as such 2019-08-09 21:25:04 -05:00
multiple creatures b2d0389fea transparancy log - automatically add a content warning if there are admin comments; support a custom `subject` 2019-08-09 19:13:04 -05:00
multiple creatures 8c196e70b1 transparancy log - do not direct link to domains 2019-08-09 19:02:30 -05:00
multiple creatures e466f9c2ce janitor - add db & media pruning job 2019-08-09 19:00:58 -05:00
multiple creatures d8156acb06 update yarn.lock 2019-08-09 18:58:51 -05:00
multiple creatures a4b7b5c132 fedi privacy - reject incoming out-of-scope posts addressed to private/unresolvable accounts & not addressed to any local users 2019-08-08 20:09:21 -05:00
multiple creatures e496fd473f default to reject unknown policy for new servers 2019-08-08 12:46:28 -05:00
multiple creatures ecd461aa78 admin transparancy log - add moderator review links to domain policy changes 2019-08-08 12:46:23 -05:00
multiple creatures 4283f15493 admin transparancy log - support markdown 2019-08-08 12:46:23 -05:00
multiple creatures 4dfc40324b add new `reject unknown` policy option to prevent spam & harassment from large/undermoderated servers 2019-08-08 12:46:17 -05:00
multiple creatures d019e55b7b janitor - option to export `activityrelay` config 2019-08-08 09:37:34 -05:00
multiple creatures d8a1e472c2 janitor - make sure values excludes are deduped 2019-08-08 09:36:05 -05:00
multiple creatures bcfa50f5f5 unapply `force_sensitive` during domain policy resets 2019-08-07 19:05:48 -05:00
multiple creatures 72592b3c9c add distributability check to reblog worker 2019-08-07 01:51:02 -05:00
multiple creatures ef04f3879a add option to automatically space out boosts over configurable random intervals 2019-08-07 01:08:34 -05:00
multiple creatures a8475313b8 add ability to post as linked account without switching using `once:i:am`/`once:we:are` bangtag 2019-08-07 01:08:34 -05:00
multiple creatures d9a8c50f92 remember login & clear signed-in notice when switching accounts 2019-08-07 01:08:31 -05:00
multiple creatures ff22f11aae `@options[:delayed]` -> `@options[:delayed].present?` 2019-08-06 22:23:57 -05:00
multiple creatures 2329043e7b do not parse blocks from `dialup.express` or `tenforward.social` - too much margin-of-error without a machine-readable list 2019-08-06 22:00:53 -05:00
multiple creatures b564aac6f3 `account:` output posts auto-expire after 1 hour 2019-08-06 14:19:04 -05:00
multiple creatures da389a664b added ability to link accounts with `account🔗token` + `account🔗add` & switch between them with `i:am`/`we:are` bangtags; remove links with `account🔗del:USERNAME` or `account🔗clear`; list links with `account🔗list` 2019-08-06 13:55:54 -05:00
multiple creatures 647ac0f86a `unsuspend` -> `"unsuspend"` 2019-08-05 21:30:34 -05:00
multiple creatures 5e3ab78fa4 add config + utilities + instructions for `nginx`-level domain blocks 2019-08-05 19:47:30 -05:00
multiple creatures 2ff40d3788 janitor can now write suspended domains to whatever JANITOR_BLOCKLIST_OUTPUT is set to so they can be imported elsewhere (e.g., `nginx`) 2019-08-05 17:04:42 -05:00
multiple creatures 39a58f4061 ignore misc directory 2019-08-05 16:56:09 -05:00
multiple creatures d9cb0d32ed update schema 2019-08-05 01:54:08 -05:00
multiple creatures 1cd9fea3b5 add ability to access bookmarks from #self.bookmarks tag 2019-08-05 01:53:59 -05:00
multiple creatures 879166633c rewrite repeated domain maps to use a helper function & make vulpine.club yaml url a variable 2019-08-05 00:00:31 -05:00
multiple creatures f86a3314f7 port @zac@computerfox.xyz's `silence` to `BlocklistHelper` 2019-08-04 23:48:59 -05:00
multiple creatures 9a3c4bc051 restrict private pin visibility to packmates & do not include them in `featured` collection (mainline masto does not respect pin visibility) 2019-08-04 20:53:20 -05:00
multiple creatures 9ba2081720 allow more media proxy requests when logged in 2019-08-04 02:24:03 -05:00
multiple creatures 4e3d546f61 update `rack_attack` config from `glitch-soc` 2019-08-04 02:05:27 -05:00
multiple creatures f46293f6d9 limit inferred reject replies trigger to the start of first/last line; simplify text before matching 2019-08-04 00:26:33 -05:00
multiple creatures 2be5c8a55c automatically set `suspend` policy on domains that trigger `context` auto-rejections 2019-08-03 23:30:50 -05:00
multiple creatures 4801d5ac84 move `Scheduler::JanitorScheduler::admin_account` to `ModerationHelper::janitor_account` 2019-08-03 23:25:37 -05:00
multiple creatures 0a646efd48 make sure only thread authors and admins can close threads 2019-08-03 21:57:56 -05:00
multiple creatures d69ee097dd add `parent:bookmark`/`parent:bm` bangtag 2019-08-03 21:56:47 -05:00
multiple creatures 4427480356 `domain_exists` -> `domain_exists?` 2019-08-03 21:47:46 -05:00
multiple creatures 53a1f9d634 `reason?` -> `reason` 2019-08-03 21:01:16 -05:00
multiple creatures 3e6831d7d6 include note for admin account actions in audit log 2019-08-03 15:07:19 -05:00
multiple creatures e1bdc82d07 match more `reject_replies` tokens 2019-08-03 15:05:12 -05:00
multiple creatures 1785c93da7 add `noreplies`, `parent:close`, `thread:close` bangtags 2019-08-03 13:58:03 -05:00
multiple creatures b644f1c505 respect 'don't @ me' requests 2019-08-03 13:47:20 -05:00
multiple creatures cd52f75006 `domain_exists` -> `domain_exists?` 2019-08-03 06:31:55 -05:00
multiple creatures a2b9ac9a48 rename `BangtagHelper` to `ModerationHelper` 2019-08-03 06:30:54 -05:00
multiple creatures 60179e53ea skip importing dead domains 2019-08-03 06:28:25 -05:00
multiple creatures ceaf900dfc properly interpret `severity: nomedia` from `vulpine.club` yaml 2019-08-03 05:50:15 -05:00
multiple creatures a96d89ac56 fix 6 am typo - `+=` -> `=` 2019-08-03 05:41:38 -05:00
multiple creatures 6613005ae6 `monsterpit-janitor` is now built in as a sidekiq job (with better code) 2019-08-03 05:32:49 -05:00
multiple creatures 99d1b1ff6f fix web app crash when logging into a fresh account 2019-08-03 02:13:28 -05:00
multiple creatures f0094fd143 allow abandoning any thread; add `thread:leave`/`thread:part` bangtags 2019-08-02 20:55:21 -05:00
multiple creatures cf333d3699 unbreak - `tags_regex` -> `regex` 2019-08-02 20:12:59 -05:00
multiple creatures fc2e81c93f only domain policies have an `updated_at` attribute 2019-08-02 19:09:38 -05:00
multiple creatures dbcc560826 make `thread:emoji` actually grab all emojis in a thread 2019-08-02 15:04:41 -05:00
multiple creatures b1d125d704 unbreak the universe - `Redis.cache` -> `Redis.current` 2019-08-02 03:36:13 -05:00
multiple creatures e11196775f make sure the thread filter option won't affect your own threads or those you're participating in 2019-08-02 03:01:08 -05:00
multiple creatures 7cfc0f0dce fix name of `spoiler` column in migration 2019-08-02 02:32:22 -05:00
multiple creatures 65c42e5398 filters now have options to separately match post text, content warnings/titles, & hashtags + option to filter threads containing a matching post 2019-08-02 02:30:35 -05:00
multiple creatures 3813810cac bbcode: `[code]` produces `pre code` for `glitch-soc` compatability 2019-08-02 00:27:44 -05:00
multiple creatures 06fb561bd6 html5 has 2 strikethrough tags - support them both 2019-08-02 00:24:10 -05:00
multiple creatures a6e34404a2 strip params 2019-08-01 23:25:19 -05:00
multiple creatures 0e87431d61 when applying user filters make sure last check always returns a boolean 2019-08-01 22:34:56 -05:00
multiple creatures c4005a0b25 fix tag extraction failing on text in frozen state 2019-08-01 14:56:49 -05:00
multiple creatures 720207cf4b fix borkage caused by query string sanitization sometimes returning `nil` 2019-08-01 14:08:29 -05:00
multiple creatures c4bf59ed9c fix borkage caused by trying to concatinate `nil` values 2019-08-01 14:04:20 -05:00
multiple creatures 6bc75ce03b merge admin/moderator actions back under admin.log scope 2019-07-31 12:17:08 -05:00
multiple creatures 80a81fe223 ability to add domain moderation notes, edit existing domain policies in-place, and process asynchronously 2019-07-31 01:25:10 -05:00
multiple creatures 964054b6db sort instance list by most recent 2019-07-31 00:10:02 -05:00
multiple creatures 9e9a593f5a make `updated_at` attribute accessible in the instance model 2019-07-31 00:09:57 -05:00
multiple creatures a5ce8eddb4 use a non-tabular domain policy list layout & paginate 2019-07-30 20:24:37 -05:00
multiple creatures 85aec06845 order policy list by most recently changed 2019-07-30 18:39:26 -05:00
multiple creatures ccb84572d6 add a domain policy viewer at `/policies` 2019-07-30 16:36:24 -05:00
multiple creatures 3f327a3ea7 make cursor blink respect auto-play settings 2019-07-30 14:52:55 -05:00
multiple creatures 2ca0b8ce62 add missing `boolean_cast_setting` to `show_cursor` & `delayed_roars` preferences 2019-07-30 14:41:49 -05:00
multiple creatures 96770151ef remove auto-rejections from transparancy log 2019-07-30 13:54:13 -05:00
multiple creatures d51a846d3a revert to `text/plain` for transparancy logger 2019-07-30 13:37:33 -05:00
multiple creatures d9758157b9 add an optional blinking cursor to console formatting 2019-07-30 13:10:35 -05:00
multiple creatures 90130014dd add plain-text console formatting option 2019-07-29 23:09:51 -05:00
multiple creatures 0fb1e7888e actually let's make the delay time configurable 2019-07-29 18:17:51 -05:00
multiple creatures 9d55cfc6ad fix delayed roars mentions bug, increase delay to 1 minute, include local only prop 2019-07-29 17:40:44 -05:00
multiple creatures 6fa955e8a1 disable clear button when there's nothing to clear 2019-07-29 15:30:33 -05:00
multiple creatures 42bf20d22f too few args <.<' 2019-07-29 15:11:25 -05:00
multiple creatures 896817421a too many args (too many args) 2019-07-29 15:07:50 -05:00
multiple creatures 74290d4eb3 optional delayed publishing of roars for proofreading 2019-07-29 14:26:41 -05:00
multiple creatures 02729ab3ae update schema 2019-07-29 13:18:51 -05:00
multiple creatures feeb789ecd add `boostable` attribute to statuses model 2019-07-29 12:38:12 -05:00
multiple creatures 863c101e0a move clear button text to mouseover 2019-07-29 12:35:23 -05:00
multiple creatures 90d72f19ba big tails never fail! 2019-07-28 22:39:54 -05:00
multiple creatures 965b713ac2 move clear all button to the left 2019-07-28 21:05:00 -05:00
multiple creatures 4fc97d77a9 add clear button & missing monsterpit visibility icons 2019-07-28 20:58:40 -05:00
multiple creatures b93bf4b271 use identity nickname in composer placeholder instead (custom emoji won't work in placeholder text) 2019-07-28 19:33:31 -05:00
multiple creatures 30d3b9a6f7 add `i:am` shortname to the client api 2019-07-28 19:29:24 -05:00
multiple creatures 9e841ece20 make `i:am`/`we:are` signatures available to the client api 2019-07-28 19:06:02 -05:00
multiple creatures 28b2a700f0 show which identity roars are being signed with in the composer placeholder 2019-07-28 19:03:42 -05:00
multiple creatures 0f18a0ad00 fix `i:am:not`/`we:are:not` 2019-07-28 14:47:14 -05:00
multiple creatures c4f5de4e06 fix `adult content` setting & remove old `supports chat` setting 2019-07-28 14:45:43 -05:00
multiple creatures 712137fda9 make `i:am`/`we:are` handle multiple identities (`we:are:a:and:b:and:c`) and one-time authorship (`once:i:am:a`) 2019-07-26 19:46:14 -05:00
multiple creatures 31d2b16e43 add `once`/`once:` flag bangtag 2019-07-26 19:44:30 -05:00
multiple creatures 9febf12029 fix `delete_in:thread` logic flub (electric boogaloo) 2019-07-26 19:43:47 -05:00
multiple creatures aaa207284a make sure self-destructing roar worker exits successfully 2019-07-26 18:01:24 -05:00
multiple creatures cfb28743fa fix `delete_in:thread` logic flub 2019-07-26 18:00:49 -05:00
multiple creatures 1aba334730 process self-destructing roars asynchronously 2019-07-26 17:49:32 -05:00
multiple creatures f9e382b9a6 add `delete_in:thread`/`thread:delete_in` 2019-07-26 15:47:46 -05:00
multiple creatures 78dd3d0e92 fix display of report ids 2019-07-26 15:20:57 -05:00
multiple creatures 0151f14dbc split federation & moderation logs into different subscopes + make scope tag prefix configurable 2019-07-26 15:20:57 -05:00
multiple creatures e0b257d512 remove hashtag visibility warning - this fork supports unlisted hashtags 2019-07-26 15:20:57 -05:00
multiple creatures 5c27502afa bump poll sizes to 33 options x 202 chars 2019-07-26 17:30:16 +00:00
multiple creatures 0d17c2bf2e add all `ActionLog`-able admin & moderator actions to logger 2019-07-25 01:35:49 -05:00
multiple creatures 234fae09ad don't include `reject_payload!` auto-rejections in logger because that leaks objects sent to the server that weren't supposed to be 2019-07-24 21:36:13 -05:00
multiple creatures bf27f256c5 clarify rejected announces correctly (but even more correctly with the right json object) 2019-07-24 20:24:52 -05:00
multiple creatures cf28bbd9fa clarify rejected announces correctly 2019-07-24 20:00:04 -05:00
multiple creatures ab43f884e3 don't append account uri 2019-07-24 19:43:42 -05:00
multiple creatures 8945a3b534 moderation logger - add auto-reject reasons 2019-07-24 19:37:00 -05:00
multiple creatures 5ec6e9c1e2 tag `admin:` command usage as `monsterpit.admin.log` 2019-07-24 18:33:09 -05:00
multiple creatures c0d23aa032 add icons to auto-reject logs 2019-07-24 18:27:54 -05:00
multiple creatures 88c23ae912 logger should not generate link cards or mentions for entries 2019-07-24 18:01:00 -05:00
multiple creatures 9cd09d4a70 manually patch `ActivityPub::TagManager` back to version this codebase should be using 2019-07-24 17:44:19 -05:00
multiple creatures 1f7a5bb57e remove chat tables & adjust status table index 2019-07-24 16:40:58 -05:00
multiple creatures cefcad1130 transparancy - log use of admin related method calls & activitypub auto-rejections to a logger account 2019-07-24 16:39:58 -05:00
multiple creatures 8f6e737f38 remove instance actor code from tag manager for now 2019-07-24 14:01:54 -05:00
multiple creatures b75f7be799 use numeric announcer id 2019-07-24 13:48:06 -05:00
multiple creatures 4415e8b047 success message when processing bangtags-only scripts 2019-07-24 13:03:51 -05:00
multiple creatures 25d628fca3 revert the current unfinished chat implementation 2019-07-24 13:01:12 -05:00
multiple creatures d83fcfd1f1 simplify bbcode url regex 2019-07-24 12:18:26 -05:00
multiple creatures aaae5aee52 should not reject imported posts 2019-07-23 19:18:52 -05:00
multiple creatures de542eca57 clear caches after changing lifespan of existing roars 2019-07-23 18:20:34 -05:00
multiple creatures 913ef775ab add missing `delete_in` aliases 2019-07-23 18:16:05 -05:00
multiple creatures a73ec02673 set visibility of `admin` bangtags to local & tag with `#monsterpit.admin` 2019-07-23 17:28:39 -05:00
multiple creatures 3862f48c34 add self-destructing roars & `live`/`lifespan` bangtags 2019-07-23 16:48:08 -05:00
multiple creatures 2a6ccce070 fix `keysmash` - join chunks 2019-07-23 16:44:12 -05:00
multiple creatures d377c828ef fix typo in bangtag aliases parsing 2019-07-23 16:43:25 -05:00
multiple creatures 4836e1f5df log rejected uris 2019-07-23 00:17:10 -05:00
multiple creatures 6a2b323006 fix username matching 2019-07-22 22:52:28 -05:00
multiple creatures 7df4d0e132 add autoreject by ap username, grabbing from actor uri if no `preferredUsername` key 2019-07-22 22:49:07 -05:00
multiple creatures 54bc08a8a3 fix typo - `url` -> `@url` 2019-07-22 21:42:34 -05:00
multiple creatures c2e47f5871 autoreject check before fetching link preview cards & feeds 2019-07-22 21:37:11 -05:00
multiple creatures 2822fbc443 move autoreject check to own module & check for reject before pulling resources 2019-07-22 21:12:54 -05:00
multiple creatures 86f29a68fb allow autorejecting incoming ap activities by `id`, `@context`, and domain + autoject suspended domains & their subdomains 2019-07-22 20:14:29 -05:00
multiple creatures d82d7e0b2b anchor tagger - filenames must have a dot 2019-07-22 17:25:20 -05:00
multiple creatures 155c324a7b formatting examples in preferences 2019-07-22 12:54:35 -05:00
multiple creatures e14d543edd handle more edge cases in archor tagger 2019-07-22 11:41:02 -05:00
multiple creatures e3ecc0871c begone extra parenthesis 2019-07-21 22:20:24 -05:00
multiple creatures b0eade5ad6 allow self & signed-in local followers to read outbox when `hide public ap outbox` is set 2019-07-21 22:18:02 -05:00
multiple creatures acc1fb81fe allow self & signed-in local followers to see account when `hide public profile` is set 2019-07-21 22:17:58 -05:00
multiple creatures 47d9a34401 return 404 if `hide public profile` set 2019-07-21 21:06:22 -05:00
multiple creatures 084b950401 split `hide public profile` & `hide public ap outbox` into separate user options, make original `Account.hidden` prop federation-affecting `invisible mode` 2019-07-21 20:50:30 -05:00
multiple creatures bca5a3073f privacy - add option to disable public activitypub outbox 2019-07-21 20:21:20 -05:00
multiple creatures d9073f132b add more options for time range of roars visible to anonymous public profile viewers 2019-07-21 19:51:07 -05:00
multiple creatures 61461a5323 privacy - limit public profiles & public ap outboxes to last 6 days of history 2019-07-21 17:16:18 -05:00
multiple creatures 3582566a52 privacy - remove rss endpoint from account controller 2019-07-21 16:52:09 -05:00
multiple creatures 6de7b8e021 we don't need `invalidate_association_caches!` 2019-07-21 13:43:03 -05:00
multiple creatures 1cf4d5a83d make anchor tagger strip trailing punctuation from link text before matching 2019-07-20 23:26:01 -05:00
multiple creatures c4600411f7 fix anchor tagger filename matching 2019-07-20 23:25:46 -05:00
multiple creatures 19fc6952b2 stop putting boosts in the local timeline when the booster's visibility is `local` 2019-07-20 22:48:17 -05:00
multiple creatures 70080ce6e6 add `tf:stripachors` & `tf:striplinks` bangtags 2019-07-20 22:42:23 -05:00
multiple creatures c4718cd2be add `tf:head` bangtag 2019-07-20 22:32:14 -05:00
multiple creatures 7a37731210 make anchor tagger tag filename links as such 2019-07-20 21:59:38 -05:00
multiple creatures 0dabcbfb02 limit post search to own social graph 2019-07-20 21:06:49 -05:00
multiple creatures 483f550f9c fix query string sanitizer - use `query_values=` from `Addressable::URI` instead of `to_query` 2019-07-20 12:20:43 -05:00
multiple creatures 1edc2f1aeb fix display of `admin:eval` comments 2019-07-20 11:51:25 -05:00
multiple creatures f0506110c4 rewrite `admin:` bangtags to use moderation functions from bangtag helper module 2019-07-20 10:34:26 -05:00
multiple creatures 4cfff5b001 create bangtag helper module, add functions for transparent moderation in `admin:` commands 2019-07-20 10:33:50 -05:00
multiple creatures ed50fee09f replace output newlines with html breaks in `admin:eval` 2019-07-20 09:41:28 -05:00
multiple creatures 3ff2871b27 add newlines before signature & tags for vanilladon compat 2019-07-20 09:33:32 -05:00
multiple creatures 243cbb2861 fix typo in account model - `frozen` -> `froze` 2019-07-20 08:17:16 -05:00
multiple creatures c864465e71 re-cache post when changed by `visibility:parent` or `parent:tag`/`parent:untag` bangtags 2019-07-20 06:47:26 -05:00
multiple creatures 74e81d4ef7 `visibility` bangtag accepts additional `federate`/`nofederate` (`f`/`nf`) arg to set whether post can federate + add more aliases 2019-07-20 06:40:31 -05:00
multiple creatures be251c1eb4 properly distribute announcement posts made thru `admin:announce` 2019-07-20 06:39:20 -05:00
multiple creatures 2d99300a6d add `visibility:community`, `visibility:c` aliases 2019-07-20 06:37:20 -05:00
multiple creatures 29cdfc36fc fix adult content badge on public profiles 2019-07-19 20:44:57 -05:00
multiple creatures d9d2c9a77e removed upstream locked icon from ui 2019-07-19 19:53:28 -05:00
multiple creatures 4e28528888 make locked badge stand out more 2019-07-19 19:48:15 -05:00
multiple creatures 07794055f9 move admin/mod badges to top 2019-07-19 19:45:05 -05:00
multiple creatures 348dd5aa35 always show out-of-body tags for better accessibility 2019-07-19 19:31:19 -05:00
multiple creatures 2f8ac8838d revise tag conversion 2019-07-19 19:30:59 -05:00
multiple creatures 9b7e4018b0 don't strip valueless query strings 2019-07-19 18:22:58 -05:00
multiple creatures dc32d286bd use high-vis privacy icons by default 2019-07-19 17:04:54 -05:00
multiple creatures 6d07ba50f3 keep `locked` badge for approves-followers + add `frozen` badge for admin-locked accts, also federate `frozen` state 2019-07-19 17:03:15 -05:00
multiple creatures 3fda862ea0 add badge to ui for locked accounts 2019-07-19 14:53:13 -05:00
multiple creatures bc22ab034b move query string sanitizer to its own module & sanitize link cards as well 2019-07-19 10:16:33 -05:00
multiple creatures 23c36c2d7c make anchor tagging check full path 2019-07-19 09:21:45 -05:00
multiple creatures ff75f5ea4b update schema 2019-07-19 09:20:24 -05:00
multiple creatures cfd314432d correct references in kobold migration 2019-07-19 08:15:22 -05:00
multiple creatures 7c60955f06 make community visibility default for new accounts 2019-07-19 07:33:26 -05:00
multiple creatures 44e204613d remove aliases of old of kobold prefs from account model 2019-07-19 07:30:06 -05:00
multiple creatures e80921bf83 remove old version of kobold prefs from strings 2019-07-19 07:28:52 -05:00
multiple creatures 6578d02a0a remove old version of kobold prefs from ui 2019-07-19 07:28:36 -05:00
multiple creatures 66286178ad migrate the kobolds from user setting to account 2019-07-19 07:26:47 -05:00
multiple creatures 40debd9f80 federate account locked status (`mp:locked`) 2019-07-18 21:32:40 -05:00
multiple creatures 879a4a8029 unbreak logic 2019-07-18 21:13:12 -05:00
multiple creatures d620d1749d exclude mentions & hashtags from anchor tagging 2019-07-18 21:10:38 -05:00
multiple creatures d219ecded6 add icons to user-specified link text & potentially misleading links 2019-07-18 20:59:12 -05:00
multiple creatures b233e1eddf strip known tracking parameters (e.g., utm codes) from links 2019-07-18 16:12:41 -05:00
multiple creatures afa8bb3892 add missing visibility strings to preferences 2019-07-18 13:28:04 -05:00
multiple creatures 24c40ef9b9 add community visibility to the web app 2019-07-18 13:24:31 -05:00
multiple creatures 881ccb2de1 Improve the anti-spam prompt. 2019-07-18 12:40:38 -05:00
multiple creatures 42618190b1 add `visibility:parent` bangtag to allow retroactive post visibility changes (currently only between `local` & `unlisted`) 2019-07-18 12:08:17 -05:00
multiple creatures 96050ff1d9 alias `parent:permalink` to `parent:link` 2019-07-18 12:07:18 -05:00
multiple creatures 7f19514527 better handling of bangtag-only posts that produce no output 2019-07-18 12:06:45 -05:00
multiple creatures b28fae301a make sure announcements get streamed to the local tl & make them unlisted-local visibility 2019-07-17 20:05:22 -05:00
multiple creatures f927cb47b4 add `admin:announce` bangtag 2019-07-17 19:45:46 -05:00
multiple creatures 40d4eccb00 allow escaping bangtags with `#!!` 2019-07-17 18:11:18 -05:00
multiple creatures ddd84a97ad fix bbcode bracket workaround 2019-07-17 17:42:40 -05:00
multiple creatures 54c3ac4aba don't override mobile ui or drawer when resizing 2019-07-17 17:39:33 -05:00
multiple creatures 3f1e5d2f87 include skipped in `admin:` output 2019-07-17 17:29:04 -05:00
multiple creatures 6bffa56473 add `parent:urls` & `parent:domains` bangtags 2019-07-17 16:51:26 -05:00
multiple creatures 65b79ae188 allow admins to retag parent posts (`parent:tag:monsterpit.dev.todo`) 2019-07-17 16:00:28 -05:00
multiple creatures 83cb62809b pretty output for `admin:` bangtags 2019-07-17 15:55:40 -05:00
multiple creatures 9f2d158864 add `admin:eval` bangtag & make `admin:` output local-only 2019-07-17 15:54:57 -05:00
multiple creatures 6a5b0b65bb make `draft`s local-only 2019-07-17 15:53:32 -05:00
multiple creatures 6cb00bc91d pretty-format `i:am:list` & make output local-only 2019-07-17 15:52:24 -05:00
multiple creatures d3357a90fe use private user var for `media:desc` bangtag 2019-07-17 15:51:11 -05:00
Lumb 0189e487f8 Document search.sql 
Added install instructions for full text search.
 2019-07-17 02:22:47 -05:00
Lumb 5f03b404c4 Add dist/search.sql 
Adding SQL file to set up full text search.
 2019-07-17 02:22:47 -05:00
Lumb 7629b2c22b Call resize css 
This should be the right place to add an import so it affects the whole site I think? I'm new to this, forgive.
 2019-07-17 02:22:16 -05:00
Lumb 2e4bc1a64d Add css to auto-resize columns 
I'm not totally confident in all this CSS but it does what it's supposed to. Auto-resizing columns, which makes the interface slightly more usable for me.
 2019-07-17 02:21:59 -05:00
Lumb 6d8357a6f0 reset toot limit and pinned limit to merge upstream 
What the desc says uwu
 2019-07-17 07:08:14 +00:00
Lumb 05980a56d2 update size limits in env sample 
Updated video and image size limit var to reflect monsterpits implementation, added gif size limit var
 2019-07-17 07:08:14 +00:00
Lumb 2597f31daf add size var to controller file 
Add MAX_SIZE_LIMIT to control image and video size limit to read from env file
 2019-07-17 07:08:14 +00:00
Lumb 6181c72ff5 add search var to sample env 
Adding MAX_SEARCH RESULTS to the env sample file, and documented
 2019-07-17 07:08:14 +00:00
Lumb b052644d2e add search env to controller file 
Add variable to controller file for search results
 2019-07-17 07:08:14 +00:00
Lumb 5a93e171db add vars to sample env 
Adding vars to the sample env for profile fields, display name characters, max image and video size, and max audio clip length
 2019-07-17 07:08:14 +00:00
Lumb 4695ab5db9 Update '.env.production.sample' 
Changed max toot char to 5000
Changed max pinned toots to 10
 2019-07-17 07:08:14 +00:00
multiple creatures 1049c858ac make admin bangtag output use html 2019-07-17 02:00:34 -05:00
multiple creatures 12d5f1edb6 set correct content type for `draft`s 2019-07-17 01:59:40 -05:00
multiple creatures c135018d9f add `i:am:list` bangtag 2019-07-17 01:58:59 -05:00
multiple creatures efcd176d58 don't include parent components of scoped tags in folded tag list 2019-07-17 01:34:46 -05:00
multiple creatures 5e3a120120 fix parsing of tags for folding 2019-07-17 01:34:42 -05:00
multiple creatures 38a3c2b7b9 add `admin:unsuspend` bangtag & aliases 2019-07-17 01:14:08 -05:00
multiple creatures 92406964f1 fix `i:am`/`we:are` signatures 2019-07-17 00:32:56 -05:00
multiple creatures 2089a78f82 `admin:silence` and `admin:suspend` bangtags 2019-07-17 00:28:48 -05:00
dependabot-preview[bot] 17a701b443 [Security] Bump lodash from 4.17.11 to 4.17.13 (#11287) 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.13. **This update includes security fixes.**
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.13)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-16 10:44:00 -05:00
multiple creatures c3127be31e add visibility shortcodes 2019-07-15 15:08:43 -05:00
multiple creatures 6daeca8a09 bangtags are not for eating >:o 2019-07-15 15:00:45 -05:00
multiple creatures 1c10ce6269 alias `visibility` bangtag to `v` 2019-07-15 14:51:55 -05:00
multiple creatures 0eeb7fa881 stop breaking things with missing commas 2019-07-15 14:44:54 -05:00
multiple creatures 6f1a07945e make sure user exists before migrating 2019-07-15 14:44:36 -05:00
multiple creatures 037be68060 ignore `tsv` column & add index to local-scope posts 2019-07-15 14:12:24 -05:00
multiple creatures 09eb7fb78d don't put boosts of silenced folks into home feed if you don't follow them 2019-07-15 14:12:24 -05:00
multiple creatures 4f3618f7be drop home feed & boost dedup window sizes to save resources 2019-07-15 14:12:24 -05:00
multiple creatures 2bbc06de5c show formatting of replies in composer area 2019-07-15 14:12:24 -05:00
multiple creatures 31a7ca0468 unbreak `domain_block_impact` 2019-07-15 14:12:24 -05:00
multiple creatures b441174bd2 drop incoming twitter retweets 2019-07-15 14:12:24 -05:00
multiple creatures 6b72e8a4df add text representation of statuses to status serializer 2019-07-15 14:12:24 -05:00
multiple creatures 07013fba48 revise status filters & make `hide mentions of blocked` also filter mentions of users blocked at the admin level 2019-07-15 14:12:24 -05:00
multiple creatures ab132569d7 only tolerate 3 days of remote failures before giving up 2019-07-15 14:12:24 -05:00
multiple creatures 7147447254 add `untag` bangtag 2019-07-15 14:12:24 -05:00
multiple creatures 27d67e2d5c sanitize bio formatting! 2019-07-15 14:12:24 -05:00
multiple creatures 441bead7ba workaround bbcode parser voring brackets 2019-07-15 14:12:24 -05:00
multiple creatures 45408c3c01 revise bbcode markup 2019-07-15 14:12:24 -05:00
multiple creatures 436f7984d9 move user variables to `users` relation 2019-07-15 14:12:24 -05:00
multiple creatures 9a2f0131c6 tag folding 2019-07-15 14:12:24 -05:00
multiple creatures 5e3ea221a8 add `supports_chat` property, rename `adults_only` to `adult_content`, federate the kobolds~ 2019-07-15 14:12:24 -05:00
multiple creatures cf3ec71aa5 local visibility scope, chat scope+tags, unlisted tags 2019-07-15 14:12:24 -05:00
multiple creatures 0a5eba734e add ability to export followers 2019-07-15 14:12:21 -05:00
multiple creatures 29643fd6c4 make blocking domains actually block the accounts 2019-07-15 14:12:16 -05:00
multiple creatures 992bd7c752 update `ruby-bbcode` to 2.1.0 2019-07-14 20:02:34 -05:00
multiple creatures a1d091b552 fix tag routing once and for all 2019-05-22 11:02:38 -05:00
multiple creatures 61ac01a6bb **security** - make sure local roars always get sanitized 2019-05-22 10:34:03 -05:00
multiple creatures 7b6f8e5419 remove push subscription schedulers from sidekiq 2019-05-22 01:24:11 -05:00
multiple creatures 2bdfbfe32c ignore the `tsv` column on the statuses table - our code will never touch this 2019-05-21 23:31:36 -05:00
multiple creatures ec288a11a0 who would win? controller of the tags or a `:` who skipped character class? 2019-05-21 22:24:59 -05:00
multiple creatures dd7164aac2 handle tags with the old `:` scope delimiter but translate those to `.` 2019-05-21 21:20:42 -05:00
multiple creatures 9abf1ce535 make sure only `self`/`self.` & `local`/`local.` tags are marked private & local + treat `:` in tags as `.` 2019-05-21 21:01:20 -05:00
multiple creatures 3c455a7b81 convince resource router that dots are good actually 2019-05-21 18:22:23 -05:00
multiple creatures 6c6d5319d9 `hashtag_scope` is a method in *this* class - how did we even manage to break that??? 2019-05-21 18:22:18 -05:00
multiple creatures d9b62e5d11 make canceling a reply not take your roar out with it 2019-05-21 16:44:12 -05:00
multiple creatures 58f78a7af2 fix `thread:reall` 2019-05-21 16:31:10 -05:00
multiple creatures d4ca04f24d upstream forgot to allow the import mode param 2019-05-21 03:17:31 -05:00
multiple creatures 641e5acc09 exceptions: gotta catch em all 2019-05-21 03:17:31 -05:00
multiple creatures d6f37c6ae0 handle importing posts from json dumps 2019-05-21 03:17:31 -05:00
multiple creatures cbdadfb5fa add `origin` to status table to mark posts that were previously imported 2019-05-21 03:16:51 -05:00
multiple creatures 62d667dbf5 add `imported` column to status table to mark posts imported from a json dump 2019-05-21 03:16:51 -05:00
multiple creatures bf33771c80 add `edited` column to status table to mark if a mod/admin changed something 2019-05-21 03:16:51 -05:00
multiple creatures 83c2c466fb use dots instead of colons for tag scopes 2019-05-21 03:16:51 -05:00
multiple creatures 55e0484121 add `skip_notify` option to service objects we might use for post imports 2019-05-21 03:16:51 -05:00
multiple creatures 811137ef69 if `created_at` is given to `PostStatusService` make sure it's utc 2019-05-21 03:16:51 -05:00
multiple creatures 8534702269 add missing `account_media_status_ids` method to accounts controller (oooops~) 2019-05-21 03:16:51 -05:00
multiple creatures 06b8b09fca add `keysmash` bangtag 2019-05-21 03:16:51 -05:00
multiple creatures 0f50698beb fix hoverplay emoji in bbcode 2019-05-21 03:16:51 -05:00
multiple creatures 01a5d51ef7 let account badges in web app wrap 2019-05-21 03:16:51 -05:00
multiple creatures 181d9cd24b styling for staff quick links 2019-05-21 03:16:51 -05:00
multiple creatures f0466aec02 space out badges 2019-05-21 03:16:51 -05:00
multiple creatures 8b47cdef24 add quick links for staff 2019-05-21 03:16:51 -05:00
multiple creatures 46216a4030 show mod & admin badges in web app 2019-05-21 03:16:51 -05:00
multiple creatures ee83fe92f1 expose account roles to the api 2019-05-21 03:16:51 -05:00
multiple creatures 1244c30349 add strings for new import options & change domain block -> domain policy 2019-05-21 03:16:51 -05:00
multiple creatures 45e4449347 clear status caches when someone is moderated force unlisted or force sensitive 2019-05-21 03:16:51 -05:00
multiple creatures 1fa6d6e16b limit search results to 33 until we split & paginate the search api 2019-05-21 03:16:51 -05:00
multiple creatures 8ff64df4dd render normalized status in reply indicator so that custom emojis are shown 2019-05-21 03:16:50 -05:00
multiple creatures 978ed2797f allow custom emojis in field keys in web app 2019-05-21 03:16:50 -05:00
multiple creatures c66d932c22 include bio field keys in emojifiable text 2019-05-21 03:16:50 -05:00
multiple creatures 5e2a8f3d3c remove clipping border from links 2019-05-21 03:16:50 -05:00
multiple creatures fd8e92438c formatted bios + merge monsterpit markdown styles directly into glitch-soc scss 2019-05-21 03:16:50 -05:00
multiple creatures 1a670573e5 apply monsterpit style overrides to public pages 2019-05-21 03:16:50 -05:00
multiple creatures 2705c6751e set correct name on media caption `div` 2019-05-21 03:16:50 -05:00
multiple creatures fd753d1201 add html to `format` bangtag + shortcut for bbdown` 2019-05-21 03:16:50 -05:00
multiple creatures 0a00a42c67 add bbdown & bbcode options to prefs menu 2019-05-21 03:16:50 -05:00
multiple creatures 23d2e5f97c fix bbdown newlines + format & emojify footers 2019-05-21 03:16:50 -05:00
multiple creatures e411b20711 correct media reveal wording 2019-05-21 03:16:50 -05:00
multiple creatures 7a0dc34cad reimplement monsterpit bbcode and markdown extensions on top of new glitch-soc formatting system + bbcode feature parity + new `i:am` footer + set content type from `format` bangtag 2019-05-21 03:16:50 -05:00
multiple creatures 09b7532805 split `i:am` signatures into their very own `footer` column 2019-05-21 03:16:50 -05:00
multiple creatures 5c9aed40f6 tell other ap software what content type they should expect source text to be 2019-05-21 03:16:23 -05:00
multiple creatures d70e5afb6e spell correctly 2019-05-21 03:16:23 -05:00
multiple creatures edeb344b90 re-add support for tags `sup`, `h6`, `hr` 2019-05-21 03:16:23 -05:00
multiple creatures 8394452bae fix schema 2019-05-21 03:16:23 -05:00
multiple creatures 7f460853c8 one lil zwnj to make sure compat sigs always get parsed correctly 2019-05-21 03:16:23 -05:00
multiple creatures f0c9477a4b compact `i:am` signatures when there are no newlines or block starters 2019-05-21 03:16:23 -05:00
multiple creatures 21c3730703 make large emojos 24px instead of 32px 2019-05-21 03:16:23 -05:00
multiple creatures dd021e8570 fix hover-to-play emoji clipping 2019-05-21 03:16:23 -05:00
multiple creatures 75d114216e remove the buggy do-not-@-me impl - we'll replace this with a bangtag later 2019-05-21 03:16:23 -05:00
multiple creatures 8a1ac19777 when autoplay is off play animated emoji on hover 2019-05-21 03:16:23 -05:00
multiple creatures 506d2e9cf0 add option to embiggen the emojos & embiggen small bbcode text on hover 2019-05-21 03:16:23 -05:00
multiple creatures e58efb8528 Strings: Replace the confusing "include(s)" with "address" (verb) and "mention" (noun). 2019-05-21 03:16:23 -05:00
multiple creatures 3b6f8ddacc Strings, Moderation: Replace "blocked domain" with "changed policy for" (re: commit 6eaf72). 2019-05-21 03:16:23 -05:00
multiple creatures c961429dc2 Accounts, UI: Expose kobold badges over the API. Render badges in the web app. 2019-05-21 03:16:23 -05:00
multiple creatures 89c5d8ec4e Custom filters: resolve bug where filter is erronously ignored when media filtering flags are unset. 2019-05-21 03:16:23 -05:00
multiple creatures a680595ecb `PostStatusService`: Add options to set a specific creation time and whether or not to distribute, useful for importing statuses. 2019-05-21 03:16:23 -05:00
multiple creatures 24a59d8f58 Correct a 6-in-the-morning breaking typos. 2019-05-21 03:16:23 -05:00
multiple creatures 47a251048c Expose user settings to `Account` model and update code referencing those settings. 2019-05-21 03:16:23 -05:00
multiple creatures 8d12242216 `ActivityPub::ProcessAccountService`: Correct `force_` method names. 2019-05-21 03:16:23 -05:00
multiple creatures 6834ddffc9 ActivityPub `Actor`: use correct property name for `suggestedMinAge`. 2019-05-21 03:16:23 -05:00
multiple creatures 3b06175e8f Moderation: add `force sensitive` and `force unlisted` actions. Accounts: add federatable `adult content` tag. Handle from remote accounts as well. 2019-05-21 03:16:23 -05:00
multiple creatures 5c59d1837f Make user settings for status filter accessible from `account` model. 2019-05-21 03:16:23 -05:00
multiple creatures 0782dc3905 Drop remaining OStatus and PuSH code, as well as related database items. 2019-05-21 03:16:23 -05:00
multiple creatures cb311a274c Remove unneeded migration. 2019-05-21 03:16:23 -05:00
multiple creatures a3faf5b169 Account model: drop `protocol` attribute when looking up AP inboxes; use `remote` scope instead. If no `domain` set, use domain of `inbox_url`. 2019-05-21 03:16:23 -05:00
multiple creatures c2e07ecd7f User model: give user settings getter methods better names; cache the settings queries. 2019-05-21 03:16:23 -05:00
multiple creatures edfabe44da Statuses: set `local_only` flag from the `PostStatusService`. Default to `en` locale for statuses. 2019-05-21 03:16:23 -05:00
multiple creatures 540728e063 `SettingsHelper`: return `HUMAN_LOCALES` keys directly 2019-05-21 03:16:23 -05:00
multiple creatures 82f691e9a9 Strings: correct broken username interpolations while reflecting upon the dangers of automated nomenclature changes using `sed`. 2019-05-21 03:16:23 -05:00
multiple creatures 976ec97ffe Bangtags: do not assume `status.in_reply_to_id` exists just because `status.reply?` is `true`. 2019-05-21 03:16:23 -05:00
multiple creatures e85b8af051 Second round of Rspec fixes. 2019-05-21 03:16:23 -05:00
multiple creatures 66886d4367 RSpec: Test for correct media description limit. 2019-05-21 03:16:23 -05:00
multiple creatures dca70079b1 Remove automatic language detection. 2019-05-21 03:16:23 -05:00
multiple creatures 6c374b5153 Drop OStatus support. Fix some of the Rspec tests. 2019-05-21 03:16:23 -05:00
multiple creatures 6e8ec7f0a5 Allow passing an array of tags to `PostStatusservice` 2019-05-21 03:16:22 -05:00
multiple creatures 9f9ee606f3 Revise status filter logic. 2019-05-21 03:16:22 -05:00
multiple creatures e0c6d56f5f Adjust Glitch UI defaults 2019-05-21 03:16:22 -05:00
multiple creatures 59fd9c25dc Replies should not exceed the visibility being replied to. 2019-05-21 03:16:22 -05:00
multiple creatures feea4f6dc0 Add line-break-sized padding after lists and blockquotes. 2019-05-21 03:16:22 -05:00
multiple creatures 46522d8c1b Do not process mentions or bangtags in drafts. Add `draft?` method to `Status` model. 2019-05-21 03:16:22 -05:00
multiple creatures 3e8690f2c0 Correct breaking type-o: `scope` -> `starting_scope` 2019-05-21 03:16:22 -05:00
multiple creatures 163d42c04a Buttons expecting users to perform an action should be verbs. 2019-05-21 03:16:22 -05:00
multiple creatures 1ed7aca171 Add `parent:tag` bangtag 2019-05-21 03:16:22 -05:00
multiple creatures a1be3a11a9 Don't try to add tags that already exist in the status. 2019-05-21 03:16:22 -05:00
multiple creatures 2f23d34e36 Add header to draft roars. 2019-05-21 03:16:22 -05:00
multiple creatures db6ae92c09 Limit tag scope nesting to six components. Rewrite multiple consecutive delimiters to one (`::`, `:::`, ... => `:`). 2019-05-21 03:16:22 -05:00
multiple creatures 726a99a6e4 Add `draft` and `visibility` bangtags. Wrap `ProcessHashtagsService` to update status tags. 2019-05-21 03:16:22 -05:00
multiple creatures 7ca4a2089c Update schema. 2019-05-21 03:16:22 -05:00
multiple creatures ecf21d3fc6 Strings: add UI strings for interaction list options; clearer wording of `hidden`, `setting_hide_network`, and `invite_request`. 2019-05-21 03:16:22 -05:00
multiple creatures c983c4e952 Privacy: add options to make interaction lists private and to not be included in public interaction lists. 2019-05-21 03:16:22 -05:00
multiple creatures a47b1daaeb Implement scoped tags; use `local:` and `self:` scopes for community and personal tags, respectively. 2019-05-21 03:16:22 -05:00
multiple creatures 992218f05f Anxiety reduction: add option to hide mascot. 2019-05-21 03:16:22 -05:00
multiple creatures 545330dc65 federate raw versions of roars using `source` prop 2019-05-21 03:16:22 -05:00
multiple creatures a7015f9202 add `parent:emoji` and `thread:emoji` bangtags 2019-05-21 03:16:22 -05:00
multiple creatures 515688c547 stop wasting server resources converting well-supported open video formats just because a single mobile platform's proprieter wants to be a jerk 2019-05-21 03:16:22 -05:00
multiple creatures 79cc6792a1 Adjust search limits and ordering. 2019-05-21 03:16:22 -05:00
multiple creatures cfaed183aa filter prop is sometimes `undefined` i guess??? 2019-05-21 03:16:22 -05:00
multiple creatures db67333d62 Add option to filter packmate thread branches where you don't follow all the participants. 2019-05-21 03:16:22 -05:00
multiple creatures 933d7afa87 Make the UI properly handle filters using `exclude_media` and `media_only` flags. 2019-05-21 03:16:22 -05:00
multiple creatures 8dbefa3966 Assign a `key` prop to get rid of warning. 2019-05-21 03:16:22 -05:00
multiple creatures 1a12429051 Correct name broken by automated nomenclature replacement. 2019-05-21 03:16:22 -05:00
multiple creatures 1e2977256c Allow own roars to be included in lists. 2019-05-21 03:16:22 -05:00
multiple creatures 89e54748d7 Don't show Roars & Growls tag in web app if someone has disabled showing public replies. 2019-05-21 03:16:22 -05:00
multiple creatures e87151f458 Exclude repeats on the roars tab. 2019-05-21 03:16:22 -05:00
multiple creatures 1ab60fea48 Split boosts/repeats off to their own tab and add to the API. 2019-05-21 03:16:22 -05:00
multiple creatures ed9c8f67c4 Cache in memory for 30 minutes. 2019-05-21 03:16:22 -05:00
multiple creatures 13262ea614 Remove cached status when sharekey changed. 2019-05-21 03:16:22 -05:00
multiple creatures 26d90a36ff Custom filters: add ability to create filters that exclude or are exclusive to roars with attachments. 2019-05-21 03:16:22 -05:00
multiple creatures 2423830e3c Don't crash if payload is undefined. 2019-05-21 03:16:22 -05:00
multiple creatures d339d2bbb4 Make sure signatures start a new paragraph and that existing signatures are detected correctly. 2019-05-21 03:16:22 -05:00
multiple creatures 4644a6245f Raise pack timeline windows. 2019-05-21 03:16:22 -05:00
multiple creatures 4d12e45d3b Account manager: consider dormant to be 3 months instead of one. 2019-05-21 03:16:22 -05:00
multiple creatures f573712f82 Bangtags: ignore case of commands 2019-05-21 03:16:22 -05:00
multiple creatures d8f182d235 Make sure parent account excists. 2019-05-21 03:16:22 -05:00
multiple creatures 7ce2e174cf Group like media captions together and remove space between descriptors. 2019-05-21 03:16:22 -05:00
multiple creatures 9d4f42fb89 Add option to hide public replies from profile 2019-05-21 03:16:22 -05:00
multiple creatures fb449f273a `i:am`: Right-align signatures 2019-05-21 03:16:22 -05:00
multiple creatures 2a5784c61f 2 newlines is plently but 3 is way too many 2019-05-21 03:16:22 -05:00
multiple creatures c1d2febf03 these aint methods silly 2019-05-21 03:16:22 -05:00
multiple creatures 05ed9b6cea `i:am`: replace horizontal rule with ZWNJ. 2019-05-21 03:16:22 -05:00
multiple creatures 534e19cbe3 Stylistic: use em dash for signature prefix. 2019-05-21 03:16:22 -05:00
multiple creatures af7e3a88d4 Anxiety reduction: make block/mute reply filters more granular and add options to control what to filter. 2019-05-21 03:16:22 -05:00
multiple creatures 15b35d99ce `i:am`: Do not add a signature if the author inserted their own. 2019-05-21 03:16:22 -05:00
multiple creatures 66c640fd38 Allow sharekeys to be set via the API. 2019-05-21 03:16:22 -05:00
multiple creatures bb9aa16284 Make sure `rekey` parameter exists before complaining. 2019-05-21 03:16:22 -05:00
multiple creatures 87f4b4d230 Implement share keys and related bangtags, add `sharekey`, `network`, and `curated` to the API, remove app info from the UI, and move timestamps to the right. 2019-05-21 03:16:22 -05:00
multiple creatures 19b78604e9 Status model: `LOCAL_DOMAINS` constant has been moved into the `Account` model. 2019-05-21 03:16:22 -05:00
multiple creatures a230a6038b Make sure that local-only tokens still get detected when signature is enabled. 2019-05-21 03:16:22 -05:00
multiple creatures 4088e0a648 Add `i:am` bangtag to allow plural systems sharing an account to identify who is roaring. 2019-05-21 03:16:22 -05:00
multiple creatures f7c5171a83 DB: Replace `NULL` boolean values with `FALSE` in Monsterpit feature columns; add `vars` column for persistent bangtag variable storage. 2019-05-21 03:16:22 -05:00
multiple creatures b8b525c54a Correct nomenclature changes that break strings. 2019-05-21 03:16:22 -05:00
multiple creatures 9753fd203e Raise various string limits. 2019-05-21 03:16:22 -05:00
multiple creatures 1fe28ca9d6 Extend limits for poll time range to between a minute and 6 months. 2019-05-21 03:16:22 -05:00
multiple creatures fb47b6e120 Make sure topmost image fills the gap in an odd-numbered media set. 2019-05-21 03:16:22 -05:00
multiple creatures 71302f6dec Handle up to 6 attachments per roar. 2019-05-21 03:16:22 -05:00
multiple creatures ea40ae8de7 Change stray reblog SVG to repeat glyph. 2019-05-21 03:16:22 -05:00
multiple creatures acdfce2bba Raise maximum attachment size to 66 MiB and maximum standard GIF size to 333 KiB. 2019-05-21 03:16:22 -05:00
multiple creatures 1ca30982fa Add support for general-purpose file sharing. 2019-05-21 03:16:22 -05:00
multiple creatures b53ddb8126 Bump Ruby version to 2.6.3. 2019-05-21 03:16:22 -05:00
multiple creatures adea831c00 Add Pending Accounts tab to the Moderation section. 2019-05-21 03:16:22 -05:00
multiple creatures 036f422877 Make sure only distributable statuses are marked curated; move bangtags processing into own helper lib. 2019-05-21 03:16:22 -05:00
multiple creatures 500b485b77 Raise invite request text limit. Carry a kobold on tail. 2019-05-21 03:16:22 -05:00
multiple creatures cea2baf2e0 Limit scope of local/world TLs. Fixes the bug causing some requests to fetch the local and world timelines to time out. 2019-05-21 03:16:22 -05:00
multiple creatures ec5c6e7fcb This `relay` should be a string, not a `Symbol`. 2019-05-21 03:16:22 -05:00
multiple creatures 3bfa72cbce Dedicated `network` DB column for marking whether a roar is a part of the local network; rewrite posts from `FORCE_*` domains at create time instead of dynamically. 2019-05-21 03:16:22 -05:00
multiple creatures cdacbb3c4c Add option to remove filtered roar placeholder gap. 2019-05-21 03:16:22 -05:00
multiple creatures 50fae175fd Tenatacle skin: remove ununsed classes 2019-05-21 03:16:22 -05:00
multiple creatures 021fedeb2a Replace `fa-retweet` SVG with `fa-repeat` Unicode glyph. 2019-05-21 03:16:22 -05:00
multiple creatures 841776edfb Add minimum timeframe for a self-destructing roar in preparating for implementing. 2019-05-21 03:16:22 -05:00
multiple creatures 3f282fe433 Search UI: center hashtag results 2019-05-21 03:16:22 -05:00
multiple creatures 340f1e9149 Compact the hashtag section of the search UI. Get rid of trending sections; they do not work properly on instances with less than 10,000 active users. 2019-05-21 03:16:22 -05:00
multiple creatures dfbc2fc518 Add options to increase size and spacing of action buttons and width of compose drawer. 2019-05-21 03:16:22 -05:00
multiple creatures 1930b2332d Limit width of single-column to 600px, keep composer docked to left. 2019-05-21 03:16:22 -05:00
multiple creatures beee1934b2 Place roar and hashtag sections at the top in search UI. 2019-05-21 03:16:22 -05:00
multiple creatures 08a32175fa Add scope restrictions on curated world timeline considerations. 2019-05-21 03:16:22 -05:00
multiple creatures cec0a7ff3c Make sure that replies that are not sections of a root thread get filtered out of the world timeline. 2019-05-21 03:16:22 -05:00
multiple creatures 89ad628e88 Add `share_key` column to status table in preparation for letting folks generate/revoke links to view private posts. 2019-05-21 03:16:22 -05:00
multiple creatures abb8848eb7 Add `share_key` column to status table in preparation for letting folks generate/revoke links to view private posts. 2019-05-21 03:16:21 -05:00
multiple creatures 1823e78aa7 Do not set default in `add_column` migration. 2019-05-21 03:16:21 -05:00
multiple creatures 2db51e2f4c Refactored community-curated world timeline code; **privacy**: remove support for packmate-visible hashtags until we resolve federation caveats. 2019-05-21 03:16:21 -05:00
multiple creatures c86c4b95be Raise search result limit to 33 in frontend. 2019-05-21 03:16:21 -05:00
multiple creatures f344170fd0 Raise max search result limit to 66 in API. 2019-05-21 03:16:21 -05:00
multiple creatures 6c7f1691ee Only consider favorites for community-curated world timeline until we can make the query for considering boosts not be so abysmally slow. 2019-05-21 03:16:21 -05:00
multiple creatures 16147d73a2 `Status.search_for`: Don't need `Status.unscoped`; the `default_scope` sorts the way we intend. 2019-05-21 03:16:21 -05:00
multiple creatures dd5e02ad5d Use PostgreSQL FTS for searches. 2019-05-21 03:16:21 -05:00
multiple creatures 4c170d2a98 Add options to increase size and spacing of context menus and to gently the kobolds. Also allow showing multiple user roles. 2019-05-21 03:16:21 -05:00
multiple creatures d033327136 Apply GIFv styling to regular GIF overlay as well 2019-05-21 03:16:21 -05:00
multiple creatures 2cc2089534 Add support for standard GIFs (under 200 KB) 2019-05-21 03:16:21 -05:00
multiple creatures cd042a4ee3 Handle more audio formats, only converting formats not supported by HTML5 audio 2019-05-21 03:16:21 -05:00
multiple creatures 7370ff5677 let the fields overflow~ 2019-05-21 03:16:21 -05:00
multiple creatures 4550d9188d adjust upstream invite wording 2019-05-21 03:16:21 -05:00
multiple creatures 0e5935e475 various bangtag improvements squashed into one commit 2019-05-21 03:16:21 -05:00
multiple creatures 8d19acc618 allow users to add emoji 2019-05-21 03:16:21 -05:00
multiple creatures caf265bbeb add option to toggle captions + code: move monsterpit additons on top 2019-05-21 03:16:21 -05:00
multiple creatures 2ee72d3aaf s/Toot/Roar/ 2019-05-21 03:16:21 -05:00
multiple creatures bc77147a95 make hide public stats option more clear 2019-05-21 03:16:21 -05:00
multiple creatures d7dd432727 also put hide stats on public pages under mouseover 2019-05-21 03:16:21 -05:00
multiple creatures 618627eb12 make hide stats option hide all public page stats 2019-05-21 03:16:21 -05:00
multiple creatures 8938e343de Don't make stats prominent - hide them in mouseovers 2019-05-21 03:16:21 -05:00
multiple creatures c85e467c0c group related prefs together 2019-05-21 03:16:21 -05:00
multiple creatures d0631f446c bangtags: support namespacing, args, text tf + add replace commands 2019-05-21 03:16:21 -05:00
multiple creatures e42f09c53d curated world: ignore non-self replies 2019-05-21 03:16:21 -05:00
multiple creatures 7580036307 curated world: also consider public favs 2019-05-21 03:16:21 -05:00
multiple creatures b507a598c5 add bangtags to reply-all thead, insert zws; handle fencing in braces 2019-05-21 03:16:21 -05:00
multiple creatures 01acaa792a bangtag to mention admin/mods/staff 2019-05-21 03:16:21 -05:00
multiple creatures d00907014b bangtags for cloudroot (monsterpit.cloud/~/you) and blogroot (monsterpit.blog/~/you) links 2019-05-21 03:16:21 -05:00
multiple creatures dd70b4e463 initial bangtags implementation, permalinks 2019-05-21 03:16:21 -05:00
multiple creatures 8bf596861b move extended description presenter to own method 2019-05-21 03:16:21 -05:00
multiple creatures 6614d42c6e hidden accounts + stats hiding 2019-05-21 03:16:21 -05:00
multiple creatures 90d2280dfe actually add raw world to settings controller <.<" >.> 2019-05-21 03:16:21 -05:00
multiple creatures 5284cdc24d correct typo 2019-05-21 03:16:21 -05:00
multiple creatures ba51d3f135 add option to show raw world timeline 2019-05-21 03:16:21 -05:00
multiple creatures 3e8d7fd5f8 initial port of daggertooth!monsterpit themes 2019-05-21 03:16:21 -05:00
multiple creatures 475ef8bbf1 don't lighten footer drawer 2019-05-21 03:16:21 -05:00
multiple creatures 02d5a52673 restore default drawer 2019-05-21 03:16:21 -05:00
multiple creatures 85a9dee905 restore custom registration message 2019-05-21 03:16:21 -05:00
multiple creatures 57113accf6 center free-standing widget text 2019-05-21 03:16:21 -05:00
multiple creatures 3a69196c47 allow aac audio uploads 2019-05-21 03:16:21 -05:00
multiple creatures f920593cd4 use ruby 2.6.2 2019-05-21 03:16:21 -05:00
multiple creatures 6c00e2abcf update status.rb 2019-05-21 03:16:21 -05:00
multiple creatures dc5993191d arrange widgets in a sensible order 2019-05-21 03:16:21 -05:00
multiple creatures e84f1bc4ef don't sticky local only setting 2019-05-21 03:16:21 -05:00
multiple creatures 758deeb818 update csp for img proxy 2019-05-21 03:16:21 -05:00
multiple creatures 312bc14d06 make sure local only replies stay local 2019-05-21 03:16:21 -05:00
multiple creatures 0554e7c3bd single-column glitch theme 2019-05-21 03:16:21 -05:00
multiple creatures cbbed1863a sort tab bar order 2019-05-21 03:16:21 -05:00
multiple creatures 393f8aa4e1 unbreak some translation entries 2019-05-21 03:16:21 -05:00
multiple creatures bd55c63d93 adjust poll text top padding & make text even 2019-05-21 03:16:21 -05:00
multiple creatures 366676a69f make sure that poll text is actually smaller 2019-05-21 03:16:21 -05:00
multiple creatures 2f136e9889 allow text wrapping in polls + smaller font 2019-05-21 03:16:21 -05:00
multiple creatures b57383e025 increase polls to 6 opts x 111 chars 2019-05-21 03:16:21 -05:00
multiple creatures 0bdb555f57 s/toot/roar/ 2019-05-21 03:16:21 -05:00
multiple creatures b5e6e77ca4 glitch: fix local only matching 2019-05-21 03:16:21 -05:00
multiple creatures f21d4c3209 allow eye emoji to be a local-only flag 2019-05-21 03:16:21 -05:00
multiple creatures 3e55dcf944 don't strip emoji metadata 2019-05-21 03:16:21 -05:00
multiple creatures ff02142601 show captions for media descriptions 2019-05-21 03:16:21 -05:00
multiple creatures 467170f4a0 more local-only options 2019-05-21 03:16:21 -05:00
multiple creatures b5cb68581b actually add defaultLocal state (oops) 2019-05-21 03:16:21 -05:00
multiple creatures 1affcf73fb add option to default to local only 2019-05-21 03:16:21 -05:00
multiple creatures 9d559d790b default visibility public on new accounts 2019-05-21 03:16:21 -05:00
multiple creatures ace01a82da let local only option be sticky 2019-05-21 03:16:21 -05:00
multiple creatures 0697f20f2c Automatic nomenclature update 2019-05-21 03:16:21 -05:00
multiple creatures 178a2dc9eb hide follower-only replies on account tls 2019-05-21 03:16:21 -05:00
multiple creatures f1ed7bb675 hide filtered message 2019-05-21 03:16:21 -05:00
multiple creatures 28c9b9ce6a improve filtering 2019-05-21 03:16:21 -05:00
multiple creatures 10b20607ac allow hypens in hashtags 2019-05-21 03:16:21 -05:00
multiple creatures 1d5da39902 allow overriding visibility/sensitivity by domain 2019-05-21 03:16:21 -05:00
multiple creatures d6738df083 handle no-replies flag 2019-05-21 03:16:21 -05:00
multiple creatures 1636a4e8ae unlisted & private hashtags 2019-05-21 03:16:21 -05:00
multiple creatures a7aa2544e4 community world tl + networked home tl 2019-05-21 03:16:21 -05:00
multiple creatures 9a94d5e2c5 transparency: let logged in users view mod actions 2019-05-21 03:16:21 -05:00
multiple creatures fa7e6b5a63 Add pseudomentions to various hosts 2019-05-21 03:16:21 -05:00
multiple creatures 5c6a14ca68 Prune replies to muted/blocked accounts 2019-05-21 03:16:21 -05:00
multiple creatures cf557f1849 Plain AAC audio uploads live again. -DT 2019-05-21 03:16:21 -05:00
Thibaut Girka f119ef489c [Glitch] Adds follow action timestamp to notification 
Port 330e320b40 to glitch-soc
 2019-05-21 03:16:21 -05:00
multiple creatures 6a0c65d461 allow searching bookmarks 2019-05-21 03:16:21 -05:00
multiple creatures 706c177c8e also make packmate roars pinnable in web app 2019-05-21 03:16:21 -05:00
multiple creatures 3c17de7724 allow pinning packmate roars 2019-05-21 03:16:20 -05:00
multiple creatures 17a7aeb807 additional secure headers 2019-05-21 03:16:20 -05:00
multiple creatures 918f7b7478 disallow indexing 2019-05-21 03:16:20 -05:00
Daggertooth 3f79556155 Change default colmns in Glitch flavor, too. 2019-05-21 03:16:20 -05:00
Daggertooth b90ad78073 Change default columns for new users 2019-05-21 03:16:20 -05:00
Daggertooth 28724df663 Let moderators manage blocklist 2019-05-21 03:16:20 -05:00
Daggertooth 49353be9f1 Let moderators manage Emoji 2019-05-21 03:16:20 -05:00
Daggertooth 5db1301d7a Raise description text max length 2019-05-21 03:16:20 -05:00
Daggertooth b8ef3027da Raise description text max length 2019-05-21 03:16:20 -05:00
Daggertooth 41642c6668 Allow 4k image uploads 2019-05-21 03:16:20 -05:00
Daggertooth 70649ca277 Store more statuses in home timeline 2019-05-21 03:16:20 -05:00
Daggertooth 71066e4ad6 Return more accounts in searches 2019-05-21 03:16:20 -05:00
Daggertooth a607195dc0 Email mention notifications by default 2019-05-21 03:16:20 -05:00
Daggertooth d0d22f3c68 Opt users out of search engine indexing by default 2019-05-21 03:16:20 -05:00
Daggertooth cf3aee91ca Confirm boosts by default 2019-05-21 03:16:20 -05:00
Daggertooth ae1576691f Confirm unfollows by default 2019-05-21 03:16:20 -05:00
Daggertooth 4df5e5c01c Rename default site title 2019-05-21 03:16:20 -05:00
2548 changed files with 31130 additions and 68365 deletions
Show Stats Expand all files Collapse all files

30
.circleci/config.yml
View File

@ -3,7 +3,7 @@ version: 2
aliases:
- &defaults
docker:
- image: circleci/ruby:2.6-stretch-node
- image: circleci/ruby:2.6.0-stretch-node
environment: &ruby_environment
BUNDLE_APP_CONFIG: ./.bundle/
DB_HOST: localhost
@ -105,14 +105,14 @@ jobs:
install-ruby2.5:
<<: *defaults
docker:
- image: circleci/ruby:2.5-stretch-node
- image: circleci/ruby:2.5.3-stretch-node
environment: *ruby_environment
<<: *install_ruby_dependencies
install-ruby2.4:
<<: *defaults
docker:
- image: circleci/ruby:2.4-stretch-node
- image: circleci/ruby:2.4.5-stretch-node
environment: *ruby_environment
<<: *install_ruby_dependencies
@ -121,7 +121,10 @@ jobs:
steps:
- *attach_workspace
- *install_system_dependencies
- run: ./bin/rails assets:precompile
- run:
name: Precompile assets
command: ./bin/rails assets:precompile
no_output_timeout: 40m
- persist_to_workspace:
root: ~/projects/
paths:
@ -131,40 +134,40 @@ jobs:
test-ruby2.6:
<<: *defaults
docker:
- image: circleci/ruby:2.6-stretch-node
- image: circleci/ruby:2.6.0-stretch-node
environment: *ruby_environment
- image: circleci/postgres:10.6-alpine
environment:
POSTGRES_USER: root
- image: circleci/redis:5-alpine
- image: circleci/redis:5.0.3-alpine3.8
<<: *test_steps
test-ruby2.5:
<<: *defaults
docker:
- image: circleci/ruby:2.5-stretch-node
- image: circleci/ruby:2.5.3-stretch-node
environment: *ruby_environment
- image: circleci/postgres:10.6-alpine
environment:
POSTGRES_USER: root
- image: circleci/redis:5-alpine
- image: circleci/redis:4.0.12-alpine
<<: *test_steps
test-ruby2.4:
<<: *defaults
docker:
- image: circleci/ruby:2.4-stretch-node
- image: circleci/ruby:2.4.5-stretch-node
environment: *ruby_environment
- image: circleci/postgres:10.6-alpine
environment:
POSTGRES_USER: root
- image: circleci/redis:5-alpine
- image: circleci/redis:4.0.12-alpine
<<: *test_steps
test-webui:
<<: *defaults
docker:
- image: circleci/node:12.9-stretch
- image: circleci/node:8.15.0-stretch
steps:
- *attach_workspace
- run: ./bin/retry yarn test:jest
@ -173,11 +176,10 @@ jobs:
<<: *defaults
steps:
- *attach_workspace
- *install_system_dependencies
- run: bundle exec i18n-tasks check-normalized
- run: bundle exec i18n-tasks unused -l en
- run: bundle exec i18n-tasks unused
- run: bundle exec i18n-tasks missing -t plural
- run: bundle exec i18n-tasks check-consistent-interpolations
- run: bundle exec rake repo:check_locales_files
workflows:
version: 2

6
.codeclimate.yml
View File

@ -27,11 +27,11 @@ plugins:
enabled: true
eslint:
enabled: true
channel: eslint-6
channel: eslint-5
rubocop:
enabled: true
channel: rubocop-0-76
sass-lint:
channel: rubocop-0-54
scss-lint:
enabled: true
exclude_patterns:
- spec/

10
.dependabot/config.yml
View File

@ -1,10 +0,0 @@
version: 1
update_configs:
- package_manager: "ruby:bundler"
directory: "/"
update_schedule: "weekly"
- package_manager: "javascript"
directory: "/"
update_schedule: "weekly"

61
.env.nanobox
View File

@ -11,14 +11,24 @@ DB_NAME=gonano
DB_PASS=$DATA_DB_PASS
DB_PORT=5432
# DATABASE_URL=postgresql://$DATA_DB_USER:$DATA_DB_PASS@$DATA_DB_HOST/gonano
DATABASE_URL=postgresql://$DATA_DB_USER:$DATA_DB_PASS@$DATA_DB_HOST/gonano
# Optional ElasticSearch configuration
ES_ENABLED=true
ES_HOST=$DATA_ELASTIC_HOST
ES_PORT=9200
BIND=0.0.0.0
# Optimizations
LD_PRELOAD=/data/lib/libjemalloc.so
# ImageMagick optimizations
MAGICK_TEMPORARY_PATH=/app/tmp
MAGICK_MEMORY_LIMIT=128MiB
MAGICK_MAP_LIMIT=64MiB
MAGICK_TIME_LIMIT=15
MAGICK_AREA_LIMIT=16MP
MAGICK_WIDTH_LIMIT=8KP
MAGICK_HEIGHT_LIMIT=8KP
# Federation
# Note: Changing LOCAL_DOMAIN at a later time will cause unwanted side effects, including breaking all existing federation.
@ -74,7 +84,6 @@ SMTP_PORT=587
SMTP_LOGIN=$SMTP_LOGIN
SMTP_PASSWORD=$SMTP_PASSWORD
SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
#SMTP_REPLY_TO=
#SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
#SMTP_AUTH_METHOD=plain
@ -88,17 +97,9 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
# PAPERCLIP_ROOT_URL=/system
# Optional asset host for multi-server setups
# The asset host must allow cross origin request from WEB_DOMAIN or LOCAL_DOMAIN
# if WEB_DOMAIN is not set. For example, the server may have the
# following header field:
# Access-Control-Allow-Origin: https://example.com/
# CDN_HOST=https://assets.example.com
# S3 (optional)
# The attachment host must allow cross origin request from WEB_DOMAIN or
# LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the
# following header field:
# Access-Control-Allow-Origin: https://192.168.1.123:9000/
# S3_ENABLED=true
# S3_BUCKET=
# AWS_ACCESS_KEY_ID=
@ -108,8 +109,6 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
# S3_HOSTNAME=192.168.1.123:9000
# S3 (Minio Config (optional) Please check Minio instance for details)
# The attachment host must allow cross origin request - see the description
# above.
# S3_ENABLED=true
# S3_BUCKET=
# AWS_ACCESS_KEY_ID=
@ -120,30 +119,12 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
# S3_ENDPOINT=
# S3_SIGNATURE_VERSION=
# Google Cloud Storage (optional)
# Use S3 compatible API. Since GCS does not support Multipart Upload,
# increase the value of S3_MULTIPART_THRESHOLD to disable Multipart Upload.
# The attachment host must allow cross origin request - see the description
# above.
# S3_ENABLED=true
# AWS_ACCESS_KEY_ID=
# AWS_SECRET_ACCESS_KEY=
# S3_REGION=
# S3_PROTOCOL=https
# S3_HOSTNAME=storage.googleapis.com
# S3_ENDPOINT=https://storage.googleapis.com
# S3_MULTIPART_THRESHOLD=52428801 # 50.megabytes
# Swift (optional)
# The attachment host must allow cross origin request - see the description
# above.
# SWIFT_ENABLED=true
# SWIFT_USERNAME=
# For Keystone V3, the value for SWIFT_TENANT should be the project name
# SWIFT_TENANT=
# SWIFT_PASSWORD=
# Some OpenStack V3 providers require PROJECT_ID (optional)
# SWIFT_PROJECT_ID=
# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid
# issues with token rate-limiting during high load.
# SWIFT_AUTH_URL=
@ -183,11 +164,6 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
# LDAP_BIND_DN=
# LDAP_PASSWORD=
# LDAP_UID=cn
# LDAP_MAIL=mail
# LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email}))
# LDAP_UID_CONVERSION_ENABLED=true
# LDAP_UID_CONVERSION_SEARCH=., -
# LDAP_UID_CONVERSION_REPLACE=_
# PAM authentication (optional)
# PAM authentication uses for the email generation the "email" pam variable
@ -195,8 +171,8 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
# The pam environment variable "email" is provided by:
# https://github.com/devkral/pam_email_extractor
# PAM_ENABLED=true
# Fallback email domain for email address generation (LOCAL_DOMAIN by default)
# PAM_EMAIL_DOMAIN=example.com
# Fallback Suffix for email address generation (nil by default)
# PAM_DEFAULT_SUFFIX=pam
# Name of the pam service (pam "auth" section is evaluated)
# PAM_DEFAULT_SERVICE=rpam
# Name of the pam service used for checking if an user can register (pam "account" section is evaluated) (nil (disabled) by default)
@ -244,14 +220,7 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
# SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
# SAML_ATTRIBUTES_STATEMENTS_UID="urn:oid:0.9.2342.19200300.100.1.1"
# SAML_ATTRIBUTES_STATEMENTS_EMAIL="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
# SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.16.840.1.113730.3.1.241"
# SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME="urn:oid:2.5.4.42"
# SAML_ATTRIBUTES_STATEMENTS_LAST_NAME="urn:oid:2.5.4.4"
# SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.5.4.42"
# SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
# Use HTTP proxy for outgoing request (optional)
# http_proxy=http://gateway.local:8118
# Access control for hidden service.
# ALLOW_ACCESS_TO_HIDDEN_SERVICE=true

45
.env.production.sample
View File

@ -69,7 +69,6 @@ SMTP_PORT=587
SMTP_LOGIN=
SMTP_PASSWORD=
SMTP_FROM_ADDRESS=notifications@example.com
#SMTP_REPLY_TO=
#SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
#SMTP_AUTH_METHOD=plain
@ -115,20 +114,6 @@ SMTP_FROM_ADDRESS=notifications@example.com
# S3_ENDPOINT=
# S3_SIGNATURE_VERSION=
# Google Cloud Storage (optional)
# Use S3 compatible API. Since GCS does not support Multipart Upload,
# increase the value of S3_MULTIPART_THRESHOLD to disable Multipart Upload.
# The attachment host must allow cross origin request - see the description
# above.
# S3_ENABLED=true
# AWS_ACCESS_KEY_ID=
# AWS_SECRET_ACCESS_KEY=
# S3_REGION=
# S3_PROTOCOL=https
# S3_HOSTNAME=storage.googleapis.com
# S3_ENDPOINT=https://storage.googleapis.com
# S3_MULTIPART_THRESHOLD=52428801 # 50.megabytes
# Swift (optional)
# The attachment host must allow cross origin request - see the description
# above.
@ -175,24 +160,26 @@ STREAMING_CLUSTER_NUM=1
# Maximum number of pinned posts
# MAX_PINNED_TOOTS=5
# Maximum allowed bio characters
# MAX_BIO_CHARS=500
# Maximim number of profile fields allowed
# MAX_PROFILE_FIELDS=4
# Maximum allowed display name characters
# MAX_DISPLAY_NAME_CHARS=30
# Maximum image and video/audio upload sizes
# Units are in bytes
# 1048576 bytes equals 1 megabyte
# MAX_IMAGE_SIZE=8388608
# MAX_VIDEO_SIZE=41943040
# Maximum image and video upload sizes
# Units are in megabytes
# MAX_SIZE_LIMIT=66
# Maximum search results to display
# Only relevant when elasticsearch is installed
# MAX_SEARCH_RESULTS=20
# Maximum gif size limit
# Units are in kilobytes
# MAX_GIF_SIZE=333
# Maximum length of audio uploads in seconds
# MAX_AUDIO_LENGTH=60
# Maximum number of search results
# Only really matters if elasticsearch is enabled
# MAX_SEARCH_RESULTS=100
# LDAP authentication (optional)
# LDAP_ENABLED=true
@ -203,11 +190,7 @@ STREAMING_CLUSTER_NUM=1
# LDAP_BIND_DN=
# LDAP_PASSWORD=
# LDAP_UID=cn
# LDAP_MAIL=mail
# LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email}))
# LDAP_UID_CONVERSION_ENABLED=true
# LDAP_UID_CONVERSION_SEARCH=., -
# LDAP_UID_CONVERSION_REPLACE=_
# LDAP_SEARCH_FILTER="%{uid}=%{email}"
# PAM authentication (optional)
# PAM authentication uses for the email generation the "email" pam variable

2
.env.test
View File

@ -1,5 +1,5 @@
# Node.js
NODE_ENV=tests
NODE_ENV=test
# Federation
LOCAL_DOMAIN=cb6e6126.ngrok.io
LOCAL_HTTPS=true

1
.env.vagrant
View File

@ -1,3 +1,2 @@
VAGRANT=true
LOCAL_DOMAIN=mastodon.local
BIND=0.0.0.0

2
.github/FUNDING.yml vendored
View File

@ -1,2 +0,0 @@
patreon: mastodon
open_collective: mastodon

5
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@ -1,5 +0,0 @@
blank_issues_enabled: false
contact_links:
- name: Mastodon Meta Discussion Board
url: https://discourse.joinmastodon.org/
about: Please ask and answer questions here.

10
.github/stale.yml vendored
View File

@ -1,10 +0,0 @@
daysUntilStale: 120
daysUntilClose: 7
exemptLabels:
- security
staleLabel: wontfix
markComment: >
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs. Thank you
for your contributions.
only: pulls

5
.gitignore vendored
View File

@ -55,9 +55,8 @@ npm-debug.log
yarn-error.log
yarn-debug.log
# Ignore vagrant log files
ubuntu-xenial-16.04-cloudimg-console.log
# Ignore Docker option files
docker-compose.override.yml
# ignore misc directory
/misc

12
.rubocop.yml
View File

@ -1,6 +1,3 @@
require:
- rubocop-rails
AllCops:
TargetRubyVersion: 2.3
Exclude:
@ -71,9 +68,6 @@ Naming/MemoizedInstanceVariableName:
Rails:
Enabled: true
Rails/EnumHash:
Enabled: false
Rails/HasAndBelongsToMany:
Enabled: false
@ -88,9 +82,6 @@ Rails/Exit:
- 'lib/mastodon/*'
- 'lib/cli.rb'
Rails/HelperInstanceVariable:
Enabled: false
Style/ClassAndModuleChildren:
Enabled: false
@ -105,9 +96,6 @@ Style/Documentation:
Style/DoubleNegation:
Enabled: true
Style/FormatStringToken:
Enabled: false
Style/FrozenStringLiteralComment:
Enabled: true

2
.ruby-version
View File

@ -1 +1 @@
2.6.5
2.6.3

37
.sass-lint.yml
View File

@ -1,37 +0,0 @@
# Linter Documentation:
# https://github.com/sasstools/sass-lint/tree/v1.13.1/docs/options
files:
include: app/javascript/styles/**/*.scss
ignore:
- app/javascript/styles/mastodon/reset.scss
rules:
# Disallows
no-color-literals: 0
no-css-comments: 0
no-duplicate-properties: 0
no-ids: 0
no-important: 0
no-mergeable-selectors: 0
no-misspelled-properties: 0
no-qualifying-elements: 0
no-transition-all: 0
no-vendor-prefixes: 0
# Nesting
force-element-nesting: 0
force-attribute-nesting: 0
force-pseudo-nesting: 0
# Name Formats
class-name-format: 0
leading-zero: 0
# Style Guide
attribute-quotes: 0
hex-length: 0
indentation: 0
nesting-depth: 0
property-sort-order: 0
quotes: 0

264
.scss-lint.yml Normal file
View File

@ -0,0 +1,264 @@
# Linter Documentation:
# https://github.com/brigade/scss-lint/blob/v0.42.2/lib/scss_lint/linter/README.md
scss_files: 'app/javascript/styles/**/*.scss'
exclude:
- app/javascript/styles/reset.scss
linters:
# Reports when you use improper spacing around ! (the "bang") in !default,
# !global, !important, and !optional flags.
BangFormat:
enabled: false
# Whether or not to prefer `border: 0` over `border: none`.
BorderZero:
enabled: false
# Reports when you define a rule set using a selector with chained classes
# (a.k.a. adjoining classes).
ChainedClasses:
enabled: false
# Prefer hexadecimal color codes over color keywords.
# (e.g. `color: green` is a color keyword)
ColorKeyword:
enabled: false
# Prefer color literals (keywords or hexadecimal codes) to be used only in
# variable declarations. They should be referred to via variables everywhere
# else.
ColorVariable:
enabled: true
# Which form of comments to prefer in CSS.
Comment:
enabled: false
# Reports @debug statements (which you probably left behind accidentally).
DebugStatement:
enabled: false
# Rule sets should be ordered as follows:
# - @extend declarations
# - @include declarations without inner @content
# - properties, @include declarations with inner @content
# - nested rule sets.
DeclarationOrder:
enabled: false
# `scss-lint:disable` control comments should be preceded by a comment
# explaining why these linters are being disabled for this file.
# See https://github.com/brigade/scss-lint#disabling-linters-via-source for
# more information.
DisableLinterReason:
enabled: true
# Reports when you define the same property twice in a single rule set.
DuplicateProperty:
enabled: false
# Separate rule, function, and mixin declarations with empty lines.
EmptyLineBetweenBlocks:
enabled: true
# Reports when you have an empty rule set.
EmptyRule:
enabled: true
# Reports when you have an @extend directive.
ExtendDirective:
enabled: false
# Files should always have a final newline. This results in better diffs
# when adding lines to the file, since SCM systems such as git won't
# think that you touched the last line.
FinalNewline:
enabled: false
# HEX colors should use three-character values where possible.
HexLength:
enabled: false
# HEX color values should use lower-case colors to differentiate between
# letters and numbers, e.g. `#E3E3E3` vs. `#e3e3e3`.
HexNotation:
enabled: true
# Avoid using ID selectors.
IdSelector:
enabled: false
# The basenames of @imported SCSS partials should not begin with an
# underscore and should not include the filename extension.
ImportPath:
enabled: false
# Avoid using !important in properties. It is usually indicative of a
# misunderstanding of CSS specificity and can lead to brittle code.
ImportantRule:
enabled: false
# Indentation should always be done in increments of 2 spaces.
Indentation:
enabled: true
width: 2
# Don't write leading zeros for numeric values with a decimal point.
LeadingZero:
enabled: false
# Reports when you define the same selector twice in a single sheet.
MergeableSelector:
enabled: false
# Functions, mixins, variables, and placeholders should be declared
# with all lowercase letters and hyphens instead of underscores.
NameFormat:
enabled: false
# Avoid nesting selectors too deeply.
NestingDepth:
enabled: false
# Always use placeholder selectors in @extend.
PlaceholderInExtend:
enabled: false
# Sort properties in a strict order.
PropertySortOrder:
enabled: false
# Reports when you use an unknown or disabled CSS property
# (ignoring vendor-prefixed properties).
PropertySpelling:
enabled: false
# Configure which units are allowed for property values.
PropertyUnits:
enabled: false
# Pseudo-elements, like ::before, and ::first-letter, should be declared
# with two colons. Pseudo-classes, like :hover and :first-child, should
# be declared with one colon.
PseudoElement:
enabled: true
# Avoid qualifying elements in selectors (also known as "tag-qualifying").
QualifyingElement:
enabled: false
# Don't write selectors with a depth of applicability greater than 3.
SelectorDepth:
enabled: false
# Selectors should always use hyphenated-lowercase, rather than camelCase or
# snake_case.
SelectorFormat:
enabled: false
convention: hyphenated_lowercase
# Prefer the shortest shorthand form possible for properties that support it.
Shorthand:
enabled: true
# Each property should have its own line, except in the special case of
# single line rulesets.
SingleLinePerProperty:
enabled: true
allow_single_line_rule_sets: true
# Split selectors onto separate lines after each comma, and have each
# individual selector occupy a single line.
SingleLinePerSelector:
enabled: true
# Commas in lists should be followed by a space.
SpaceAfterComma:
enabled: false
# Properties should be formatted with a single space separating the colon
# from the property's value.
SpaceAfterPropertyColon:
enabled: true
# Properties should be formatted with no space between the name and the
# colon.
SpaceAfterPropertyName:
enabled: true
# Variables should be formatted with a single space separating the colon
# from the variable's value.
SpaceAfterVariableColon:
enabled: true
# Variables should be formatted with no space between the name and the
# colon.
SpaceAfterVariableName:
enabled: false
# Operators should be formatted with a single space on both sides of an
# infix operator.
SpaceAroundOperator:
enabled: true
# Opening braces should be preceded by a single space.
SpaceBeforeBrace:
enabled: true
# Parentheses should not be padded with spaces.
SpaceBetweenParens:
enabled: false
# Enforces that string literals should be written with a consistent form
# of quotes (single or double).
StringQuotes:
enabled: false
# Property values, @extend, @include, and @import directives, and variable
# declarations should always end with a semicolon.
TrailingSemicolon:
enabled: true
# Reports lines containing trailing whitespace.
TrailingWhitespace:
enabled: true
# Don't write trailing zeros for numeric values with a decimal point.
TrailingZero:
enabled: false
# Don't use the `all` keyword to specify transition properties.
TransitionAll:
enabled: false
# Numeric values should not contain unnecessary fractional portions.
UnnecessaryMantissa:
enabled: false
# Do not use parent selector references (&) when they would otherwise
# be unnecessary.
UnnecessaryParentReference:
enabled: false
# URLs should be valid and not contain protocols or domain names.
UrlFormat:
enabled: true
# URLs should always be enclosed within quotes.
UrlQuotes:
enabled: true
# Properties, like color and font, are easier to read and maintain
# when defined using variables rather than literals.
VariableForProperty:
enabled: false
# Avoid vendor prefixes. Or rather: don't write them yourself.
VendorPrefix:
enabled: false
# Omit length units on zero values, e.g. `0px` vs. `0`.
ZeroUnit:
enabled: true

2
.yarnclean
View File

@ -43,4 +43,4 @@ Gruntfile.js
# for specific ignore
!.svgo.yml
!sass-lint/**/*.yml

667
AUTHORS.md
View File

File diff suppressed because it is too large Load Diff

414
CHANGELOG.md
View File

@ -3,420 +3,6 @@ Changelog
All notable changes to this project will be documented in this file.
## [3.0.1] - 2019-10-10
### Added
- Add `tootctl media usage` command ([Gargron](https://github.com/tootsuite/mastodon/pull/12115))
- Add admin setting to auto-approve trending hashtags ([Gargron](https://github.com/tootsuite/mastodon/pull/12122), [Gargron](https://github.com/tootsuite/mastodon/pull/12130))
### Changed
- Change `tootctl media refresh` to skip already downloaded attachments ([Gargron](https://github.com/tootsuite/mastodon/pull/12118))
### Removed
- Remove auto-silence behaviour from spam check ([Gargron](https://github.com/tootsuite/mastodon/pull/12117))
- Remove HTML `lang` attribute from individual statuses in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/12124))
- Remove fallback to long description on sidebar and meta description ([Gargron](https://github.com/tootsuite/mastodon/pull/12119))
### Fixed
- Fix preloaded JSON-LD context for identity not being used ([Gargron](https://github.com/tootsuite/mastodon/pull/12138))
- Fix media editing modal changing dimensions once the image loads ([Gargron](https://github.com/tootsuite/mastodon/pull/12131))
- Fix not showing whether a custom emoji has a local counterpart in admin UI ([Gargron](https://github.com/tootsuite/mastodon/pull/12135))
- Fix attachment not being re-downloaded even if file is not stored ([Gargron](https://github.com/tootsuite/mastodon/pull/12125))
- Fix old migration trying to use new column due to default status scope ([Gargron](https://github.com/tootsuite/mastodon/pull/12095))
- Fix column back button missing for not found accounts ([trwnh](https://github.com/tootsuite/mastodon/pull/12094))
- Fix issues with tootctl's parallelization and progress reporting ([Gargron](https://github.com/tootsuite/mastodon/pull/12093), [Gargron](https://github.com/tootsuite/mastodon/pull/12097))
- Fix existing user records with now-renamed `pt` locale ([Gargron](https://github.com/tootsuite/mastodon/pull/12092))
- Fix hashtag timeline REST API accepting too many hashtags ([Gargron](https://github.com/tootsuite/mastodon/pull/12091))
- Fix `GET /api/v1/instance` REST APIs being unavailable in secure mode ([Gargron](https://github.com/tootsuite/mastodon/pull/12089))
- Fix performance of home feed regeneration and merging ([Gargron](https://github.com/tootsuite/mastodon/pull/12084))
- Fix ffmpeg performance issues due to stdout buffer overflow ([hugogameiro](https://github.com/tootsuite/mastodon/pull/12088))
- Fix S3 adapter retrying failing uploads with exponential backoff ([Gargron](https://github.com/tootsuite/mastodon/pull/12085))
- Fix `tootctl accounts cull` advertising unused option flag ([Kjwon15](https://github.com/tootsuite/mastodon/pull/12074))
## [3.0.0] - 2019-10-03
### Added
- Add "not available" label to unloaded media attachments in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/11715), [Gargron](https://github.com/tootsuite/mastodon/pull/11745))
- **Add profile directory to web UI** ([Gargron](https://github.com/tootsuite/mastodon/pull/11688), [mayaeh](https://github.com/tootsuite/mastodon/pull/11872))
- Add profile directory opt-in federation
- Add profile directory REST API
- Add special alert for throttled requests in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11677))
- Add confirmation modal when logging out from the web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11671))
- **Add audio player in web UI** ([Gargron](https://github.com/tootsuite/mastodon/pull/11644), [Gargron](https://github.com/tootsuite/mastodon/pull/11652), [Gargron](https://github.com/tootsuite/mastodon/pull/11654), [ThibG](https://github.com/tootsuite/mastodon/pull/11629), [Gargron](https://github.com/tootsuite/mastodon/pull/12056))
- **Add autosuggestions for hashtags in web UI** ([Gargron](https://github.com/tootsuite/mastodon/pull/11422), [ThibG](https://github.com/tootsuite/mastodon/pull/11632), [Gargron](https://github.com/tootsuite/mastodon/pull/11764), [Gargron](https://github.com/tootsuite/mastodon/pull/11588), [Gargron](https://github.com/tootsuite/mastodon/pull/11442))
- **Add media editing modal with OCR tool in web UI** ([Gargron](https://github.com/tootsuite/mastodon/pull/11563), [Gargron](https://github.com/tootsuite/mastodon/pull/11566), [ThibG](https://github.com/tootsuite/mastodon/pull/11575), [ThibG](https://github.com/tootsuite/mastodon/pull/11576), [Gargron](https://github.com/tootsuite/mastodon/pull/11577), [Gargron](https://github.com/tootsuite/mastodon/pull/11573), [Gargron](https://github.com/tootsuite/mastodon/pull/11571))
- Add indicator of unread notifications to window title when web UI is out of focus ([Gargron](https://github.com/tootsuite/mastodon/pull/11560), [Gargron](https://github.com/tootsuite/mastodon/pull/11572))
- Add indicator for which options you voted for in a poll in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11195))
- **Add search results pagination to web UI** ([Gargron](https://github.com/tootsuite/mastodon/pull/11409), [ThibG](https://github.com/tootsuite/mastodon/pull/11447))
- **Add option to disable real-time updates in web UI ("slow mode")** ([Gargron](https://github.com/tootsuite/mastodon/pull/9984), [ykzts](https://github.com/tootsuite/mastodon/pull/11880), [ThibG](https://github.com/tootsuite/mastodon/pull/11883), [Gargron](https://github.com/tootsuite/mastodon/pull/11898), [ThibG](https://github.com/tootsuite/mastodon/pull/11859))
- Add option to disable blurhash previews in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11188))
- Add native smooth scrolling when supported in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11207))
- Add scrolling to the search bar on focus in web UI ([Kjwon15](https://github.com/tootsuite/mastodon/pull/12032))
- Add refresh button to list of rebloggers/favouriters in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/12031))
- Add error description and button to copy stack trace to web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/12033))
- Add search and sort functions to hashtag admin UI ([mayaeh](https://github.com/tootsuite/mastodon/pull/11829), [Gargron](https://github.com/tootsuite/mastodon/pull/11897), [mayaeh](https://github.com/tootsuite/mastodon/pull/11875))
- Add setting for default search engine indexing in admin UI ([brortao](https://github.com/tootsuite/mastodon/pull/11804))
- Add account bio to account view in admin UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11473))
- **Add option to include reported statuses in warning e-mail from admin UI** ([Gargron](https://github.com/tootsuite/mastodon/pull/11639), [Gargron](https://github.com/tootsuite/mastodon/pull/11812), [Gargron](https://github.com/tootsuite/mastodon/pull/11741), [Gargron](https://github.com/tootsuite/mastodon/pull/11698), [mayaeh](https://github.com/tootsuite/mastodon/pull/11765))
- Add number of pending accounts and pending hashtags to dashboard in admin UI ([Gargron](https://github.com/tootsuite/mastodon/pull/11514))
- **Add account migration UI** ([Gargron](https://github.com/tootsuite/mastodon/pull/11846), [noellabo](https://github.com/tootsuite/mastodon/pull/11905), [noellabo](https://github.com/tootsuite/mastodon/pull/11907), [noellabo](https://github.com/tootsuite/mastodon/pull/11906), [noellabo](https://github.com/tootsuite/mastodon/pull/11902))
- **Add table of contents to about page** ([Gargron](https://github.com/tootsuite/mastodon/pull/11885), [ykzts](https://github.com/tootsuite/mastodon/pull/11941), [ykzts](https://github.com/tootsuite/mastodon/pull/11895), [Kjwon15](https://github.com/tootsuite/mastodon/pull/11916))
- **Add password challenge to 2FA settings, e-mail notifications** ([Gargron](https://github.com/tootsuite/mastodon/pull/11878))
- **Add optional public list of domain blocks with comments** ([ThibG](https://github.com/tootsuite/mastodon/pull/11298), [ThibG](https://github.com/tootsuite/mastodon/pull/11515), [Gargron](https://github.com/tootsuite/mastodon/pull/11908))
- Add an RSS feed for featured hashtags ([noellabo](https://github.com/tootsuite/mastodon/pull/10502))
- Add explanations to featured hashtags UI and profile ([Gargron](https://github.com/tootsuite/mastodon/pull/11586))
- **Add hashtag trends with admin and user settings** ([Gargron](https://github.com/tootsuite/mastodon/pull/11490), [Gargron](https://github.com/tootsuite/mastodon/pull/11502), [Gargron](https://github.com/tootsuite/mastodon/pull/11641), [Gargron](https://github.com/tootsuite/mastodon/pull/11594), [Gargron](https://github.com/tootsuite/mastodon/pull/11517), [mayaeh](https://github.com/tootsuite/mastodon/pull/11845), [Gargron](https://github.com/tootsuite/mastodon/pull/11774), [Gargron](https://github.com/tootsuite/mastodon/pull/11712), [Gargron](https://github.com/tootsuite/mastodon/pull/11791), [Gargron](https://github.com/tootsuite/mastodon/pull/11743), [Gargron](https://github.com/tootsuite/mastodon/pull/11740), [Gargron](https://github.com/tootsuite/mastodon/pull/11714), [ThibG](https://github.com/tootsuite/mastodon/pull/11631), [Sasha-Sorokin](https://github.com/tootsuite/mastodon/pull/11569), [Gargron](https://github.com/tootsuite/mastodon/pull/11524), [Gargron](https://github.com/tootsuite/mastodon/pull/11513))
- Add hashtag usage breakdown to admin UI
- Add batch actions for hashtags to admin UI
- Add trends to web UI
- Add trends to public pages
- Add user preference to hide trends
- Add admin setting to disable trends
- **Add categories for custom emojis** ([Gargron](https://github.com/tootsuite/mastodon/pull/11196), [Gargron](https://github.com/tootsuite/mastodon/pull/11793), [Gargron](https://github.com/tootsuite/mastodon/pull/11920), [highemerly](https://github.com/tootsuite/mastodon/pull/11876))
- Add custom emoji categories to emoji picker in web UI
- Add `category` to custom emojis in REST API
- Add batch actions for custom emojis in admin UI
- Add max image dimensions to error message ([raboof](https://github.com/tootsuite/mastodon/pull/11552))
- Add aac, m4a, 3gp, amr, wma to allowed audio formats ([Gargron](https://github.com/tootsuite/mastodon/pull/11342), [umonaca](https://github.com/tootsuite/mastodon/pull/11687))
- **Add search syntax for operators and phrases** ([Gargron](https://github.com/tootsuite/mastodon/pull/11411))
- **Add REST API for managing featured hashtags** ([noellabo](https://github.com/tootsuite/mastodon/pull/11778))
- **Add REST API for managing timeline read markers** ([Gargron](https://github.com/tootsuite/mastodon/pull/11762))
- Add `exclude_unreviewed` param to `GET /api/v2/search` REST API ([Gargron](https://github.com/tootsuite/mastodon/pull/11977))
- Add `reason` param to `POST /api/v1/accounts` REST API ([Gargron](https://github.com/tootsuite/mastodon/pull/12064))
- **Add ActivityPub secure mode** ([Gargron](https://github.com/tootsuite/mastodon/pull/11269), [ThibG](https://github.com/tootsuite/mastodon/pull/11332), [ThibG](https://github.com/tootsuite/mastodon/pull/11295))
- Add HTTP signatures to all outgoing ActivityPub GET requests ([Gargron](https://github.com/tootsuite/mastodon/pull/11284), [ThibG](https://github.com/tootsuite/mastodon/pull/11300))
- Add support for ActivityPub Audio activities ([ThibG](https://github.com/tootsuite/mastodon/pull/11189))
- Add ActivityPub actor representing the entire server ([ThibG](https://github.com/tootsuite/mastodon/pull/11321), [rtucker](https://github.com/tootsuite/mastodon/pull/11400), [ThibG](https://github.com/tootsuite/mastodon/pull/11561), [Gargron](https://github.com/tootsuite/mastodon/pull/11798))
- **Add whitelist mode** ([Gargron](https://github.com/tootsuite/mastodon/pull/11291), [mayaeh](https://github.com/tootsuite/mastodon/pull/11634))
- Add config of multipart threshold for S3 ([ykzts](https://github.com/tootsuite/mastodon/pull/11924), [ykzts](https://github.com/tootsuite/mastodon/pull/11944))
- Add health check endpoint for web ([ykzts](https://github.com/tootsuite/mastodon/pull/11770), [ykzts](https://github.com/tootsuite/mastodon/pull/11947))
- Add HTTP signature keyId to request log ([Gargron](https://github.com/tootsuite/mastodon/pull/11591))
- Add `SMTP_REPLY_TO` environment variable ([hugogameiro](https://github.com/tootsuite/mastodon/pull/11718))
- Add `tootctl preview_cards remove` command ([mayaeh](https://github.com/tootsuite/mastodon/pull/11320))
- Add `tootctl media refresh` command ([Gargron](https://github.com/tootsuite/mastodon/pull/11775))
- Add `tootctl cache recount` command ([Gargron](https://github.com/tootsuite/mastodon/pull/11597))
- Add option to exclude suspended domains from `tootctl domains crawl` ([dariusk](https://github.com/tootsuite/mastodon/pull/11454))
- Add parallelization to `tootctl search deploy` ([noellabo](https://github.com/tootsuite/mastodon/pull/12051))
- Add soft delete for statuses for instant deletes through API ([Gargron](https://github.com/tootsuite/mastodon/pull/11623), [Gargron](https://github.com/tootsuite/mastodon/pull/11648))
- Add rails-level JSON caching ([Gargron](https://github.com/tootsuite/mastodon/pull/11333), [Gargron](https://github.com/tootsuite/mastodon/pull/11271))
- **Add request pool to improve delivery performance** ([Gargron](https://github.com/tootsuite/mastodon/pull/10353), [ykzts](https://github.com/tootsuite/mastodon/pull/11756))
- Add concurrent connection attempts to resolved IP addresses ([ThibG](https://github.com/tootsuite/mastodon/pull/11757))
- Add index for remember_token to improve login performance ([abcang](https://github.com/tootsuite/mastodon/pull/11881))
- **Add more accurate hashtag search** ([Gargron](https://github.com/tootsuite/mastodon/pull/11579), [Gargron](https://github.com/tootsuite/mastodon/pull/11427), [Gargron](https://github.com/tootsuite/mastodon/pull/11448))
- **Add more accurate account search** ([Gargron](https://github.com/tootsuite/mastodon/pull/11537), [Gargron](https://github.com/tootsuite/mastodon/pull/11580))
- **Add a spam check** ([Gargron](https://github.com/tootsuite/mastodon/pull/11217), [Gargron](https://github.com/tootsuite/mastodon/pull/11806), [ThibG](https://github.com/tootsuite/mastodon/pull/11296))
- Add new languages ([Gargron](https://github.com/tootsuite/mastodon/pull/12062))
- Breton
- Spanish (Argentina)
- Estonian
- Macedonian
- New Norwegian
- Add NodeInfo endpoint ([Gargron](https://github.com/tootsuite/mastodon/pull/12002), [Gargron](https://github.com/tootsuite/mastodon/pull/12058))
### Changed
- **Change conversations UI** ([Gargron](https://github.com/tootsuite/mastodon/pull/11896))
- Change dashboard to short number notation ([noellabo](https://github.com/tootsuite/mastodon/pull/11847), [noellabo](https://github.com/tootsuite/mastodon/pull/11911))
- Change REST API `GET /api/v1/timelines/public` to require authentication when public preview is off ([ThibG](https://github.com/tootsuite/mastodon/pull/11802))
- Change REST API `POST /api/v1/follow_requests/:id/(approve|reject)` to return relationship ([ThibG](https://github.com/tootsuite/mastodon/pull/11800))
- Change rate limit for media proxy ([ykzts](https://github.com/tootsuite/mastodon/pull/11814))
- Change unlisted custom emoji to not appear in autosuggestions ([Gargron](https://github.com/tootsuite/mastodon/pull/11818))
- Change max length of media descriptions from 420 to 1500 characters ([Gargron](https://github.com/tootsuite/mastodon/pull/11819), [ThibG](https://github.com/tootsuite/mastodon/pull/11836))
- **Change deletes to preserve soft-deleted statuses in unresolved reports** ([Gargron](https://github.com/tootsuite/mastodon/pull/11805))
- **Change tootctl to use inline parallelization instead of Sidekiq** ([Gargron](https://github.com/tootsuite/mastodon/pull/11776))
- **Change account deletion page to have better explanations** ([Gargron](https://github.com/tootsuite/mastodon/pull/11753), [Gargron](https://github.com/tootsuite/mastodon/pull/11763))
- Change hashtag component in web UI to show numbers for 2 last days ([Gargron](https://github.com/tootsuite/mastodon/pull/11742), [Gargron](https://github.com/tootsuite/mastodon/pull/11755), [Gargron](https://github.com/tootsuite/mastodon/pull/11754))
- Change OpenGraph description on sign-up page to reflect invite ([Gargron](https://github.com/tootsuite/mastodon/pull/11744))
- Change layout of public profile directory to be the same as in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/11705))
- Change detailed status child ordering to sort self-replies on top ([ThibG](https://github.com/tootsuite/mastodon/pull/11686))
- Change window resize handler to switch to/from mobile layout as soon as needed ([ThibG](https://github.com/tootsuite/mastodon/pull/11656))
- Change icon button styles to make hover/focus states more obvious ([ThibG](https://github.com/tootsuite/mastodon/pull/11474))
- Change contrast of status links that are not mentions or hashtags ([ThibG](https://github.com/tootsuite/mastodon/pull/11406))
- **Change hashtags to preserve first-used casing** ([Gargron](https://github.com/tootsuite/mastodon/pull/11416), [Gargron](https://github.com/tootsuite/mastodon/pull/11508), [Gargron](https://github.com/tootsuite/mastodon/pull/11504), [Gargron](https://github.com/tootsuite/mastodon/pull/11507), [Gargron](https://github.com/tootsuite/mastodon/pull/11441))
- **Change unconfirmed user login behaviour** ([Gargron](https://github.com/tootsuite/mastodon/pull/11375), [ThibG](https://github.com/tootsuite/mastodon/pull/11394), [Gargron](https://github.com/tootsuite/mastodon/pull/11860))
- **Change single-column mode to scroll the whole page** ([Gargron](https://github.com/tootsuite/mastodon/pull/11359), [Gargron](https://github.com/tootsuite/mastodon/pull/11894), [Gargron](https://github.com/tootsuite/mastodon/pull/11891), [ThibG](https://github.com/tootsuite/mastodon/pull/11655), [Gargron](https://github.com/tootsuite/mastodon/pull/11463), [Gargron](https://github.com/tootsuite/mastodon/pull/11458), [ThibG](https://github.com/tootsuite/mastodon/pull/11395), [Gargron](https://github.com/tootsuite/mastodon/pull/11418))
- Change `tootctl accounts follow` to only work with local accounts ([angristan](https://github.com/tootsuite/mastodon/pull/11592))
- Change Dockerfile ([Shleeble](https://github.com/tootsuite/mastodon/pull/11710), [ykzts](https://github.com/tootsuite/mastodon/pull/11768), [Shleeble](https://github.com/tootsuite/mastodon/pull/11707))
- Change supported Node versions to include v12 ([abcang](https://github.com/tootsuite/mastodon/pull/11706))
- Change Portuguese language from `pt` to `pt-PT` ([Gargron](https://github.com/tootsuite/mastodon/pull/11820))
- Change domain block silence to always require approval on follow ([ThibG](https://github.com/tootsuite/mastodon/pull/11975))
- Change link preview fetcher to not perform a HEAD request first ([Gargron](https://github.com/tootsuite/mastodon/pull/12028))
- Change `tootctl domains purge` to accept multiple domains at once ([Gargron](https://github.com/tootsuite/mastodon/pull/12046))
### Removed
- **Remove OStatus support** ([Gargron](https://github.com/tootsuite/mastodon/pull/11205), [Gargron](https://github.com/tootsuite/mastodon/pull/11303), [Gargron](https://github.com/tootsuite/mastodon/pull/11460), [ThibG](https://github.com/tootsuite/mastodon/pull/11280), [ThibG](https://github.com/tootsuite/mastodon/pull/11278))
- Remove Atom feeds and old URLs in the form of `GET /:username/updates/:id` ([Gargron](https://github.com/tootsuite/mastodon/pull/11247))
- Remove WebP support ([angristan](https://github.com/tootsuite/mastodon/pull/11589))
- Remove deprecated config options from Heroku and Scalingo ([ykzts](https://github.com/tootsuite/mastodon/pull/11925))
- Remove deprecated REST API `GET /api/v1/search` API ([Gargron](https://github.com/tootsuite/mastodon/pull/11823))
- Remove deprecated REST API `GET /api/v1/statuses/:id/card` ([Gargron](https://github.com/tootsuite/mastodon/pull/11213))
- Remove deprecated REST API `POST /api/v1/notifications/dismiss?id=:id` ([Gargron](https://github.com/tootsuite/mastodon/pull/11214))
- Remove deprecated REST API `GET /api/v1/timelines/direct` ([Gargron](https://github.com/tootsuite/mastodon/pull/11212))
### Fixed
- Fix manifest warning ([ykzts](https://github.com/tootsuite/mastodon/pull/11767))
- Fix admin UI for custom emoji not respecting GIF autoplay preference ([ThibG](https://github.com/tootsuite/mastodon/pull/11801))
- Fix page body not being scrollable in admin/settings layout ([Gargron](https://github.com/tootsuite/mastodon/pull/11893))
- Fix placeholder colors for inputs not being explicitly defined ([Gargron](https://github.com/tootsuite/mastodon/pull/11890))
- Fix incorrect enclosure length in RSS ([tsia](https://github.com/tootsuite/mastodon/pull/11889))
- Fix TOTP codes not being filtered from logs during enabling/disabling ([Gargron](https://github.com/tootsuite/mastodon/pull/11877))
- Fix webfinger response not returning 410 when account is suspended ([Gargron](https://github.com/tootsuite/mastodon/pull/11869))
- Fix ActivityPub Move handler queuing jobs that will fail if account is suspended ([Gargron](https://github.com/tootsuite/mastodon/pull/11864))
- Fix SSO login not using existing account when e-mail is verified ([Gargron](https://github.com/tootsuite/mastodon/pull/11862))
- Fix web UI allowing uploads past status limit via drag & drop ([Gargron](https://github.com/tootsuite/mastodon/pull/11863))
- Fix expiring polls not being displayed as such in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11835))
- Fix 2FA challenge and password challenge for non-database users ([Gargron](https://github.com/tootsuite/mastodon/pull/11831), [Gargron](https://github.com/tootsuite/mastodon/pull/11943))
- Fix profile fields overflowing page width in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/11828))
- Fix web push subscriptions being deleted on rate limit or timeout ([Gargron](https://github.com/tootsuite/mastodon/pull/11826))
- Fix display of long poll options in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11717), [ThibG](https://github.com/tootsuite/mastodon/pull/11833))
- Fix search API not resolving URL when `type` is given ([Gargron](https://github.com/tootsuite/mastodon/pull/11822))
- Fix hashtags being split by ZWNJ character ([Gargron](https://github.com/tootsuite/mastodon/pull/11821))
- Fix scroll position resetting when opening media modals in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/11815))
- Fix duplicate HTML IDs on about page ([ThibG](https://github.com/tootsuite/mastodon/pull/11803))
- Fix admin UI showing superfluous reject media/reports on suspended domain blocks ([ThibG](https://github.com/tootsuite/mastodon/pull/11749))
- Fix ActivityPub context not being dynamically computed ([ThibG](https://github.com/tootsuite/mastodon/pull/11746))
- Fix Mastodon logo style on hover on public pages' footer ([ThibG](https://github.com/tootsuite/mastodon/pull/11735))
- Fix height of dashboard counters ([ThibG](https://github.com/tootsuite/mastodon/pull/11736))
- Fix custom emoji animation on hover in web UI directory bios ([ThibG](https://github.com/tootsuite/mastodon/pull/11716))
- Fix non-numbers being passed to Redis and causing an error ([Gargron](https://github.com/tootsuite/mastodon/pull/11697))
- Fix error in REST API for an account's statuses ([Gargron](https://github.com/tootsuite/mastodon/pull/11700))
- Fix uncaught error when resource param is missing in Webfinger request ([Gargron](https://github.com/tootsuite/mastodon/pull/11701))
- Fix uncaught domain normalization error in remote follow ([Gargron](https://github.com/tootsuite/mastodon/pull/11703))
- Fix uncaught 422 and 500 errors ([Gargron](https://github.com/tootsuite/mastodon/pull/11590), [Gargron](https://github.com/tootsuite/mastodon/pull/11811))
- Fix uncaught parameter missing exceptions and missing error templates ([Gargron](https://github.com/tootsuite/mastodon/pull/11702))
- Fix encoding error when checking e-mail MX records ([Gargron](https://github.com/tootsuite/mastodon/pull/11696))
- Fix items in StatusContent render list not all having a key ([ThibG](https://github.com/tootsuite/mastodon/pull/11645))
- Fix remote and staff-removed statuses leaving media behind for a day ([Gargron](https://github.com/tootsuite/mastodon/pull/11638))
- Fix CSP needlessly allowing blob URLs in script-src ([ThibG](https://github.com/tootsuite/mastodon/pull/11620))
- Fix ignoring whole status because of one invalid hashtag ([Gargron](https://github.com/tootsuite/mastodon/pull/11621))
- Fix hidden statuses losing focus ([ThibG](https://github.com/tootsuite/mastodon/pull/11208))
- Fix loading bar being obscured by other elements in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/11598))
- Fix multiple issues with replies collection for pages further than self-replies ([ThibG](https://github.com/tootsuite/mastodon/pull/11582))
- Fix blurhash and autoplay not working on public pages ([Gargron](https://github.com/tootsuite/mastodon/pull/11585))
- Fix 422 being returned instead of 404 when POSTing to unmatched routes ([Gargron](https://github.com/tootsuite/mastodon/pull/11574), [Gargron](https://github.com/tootsuite/mastodon/pull/11704))
- Fix client-side resizing of image uploads ([ThibG](https://github.com/tootsuite/mastodon/pull/11570))
- Fix short number formatting for numbers above million in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/11559))
- Fix ActivityPub and REST API queries setting cookies and preventing caching ([ThibG](https://github.com/tootsuite/mastodon/pull/11539), [ThibG](https://github.com/tootsuite/mastodon/pull/11557), [ThibG](https://github.com/tootsuite/mastodon/pull/11336), [ThibG](https://github.com/tootsuite/mastodon/pull/11331))
- Fix some emojis in profile metadata labels are not emojified. ([kedamaDQ](https://github.com/tootsuite/mastodon/pull/11534))
- Fix account search always returning exact match on paginated results ([Gargron](https://github.com/tootsuite/mastodon/pull/11525))
- Fix acct URIs with IDN domains not being resolved ([Gargron](https://github.com/tootsuite/mastodon/pull/11520))
- Fix admin dashboard missing latest features ([Gargron](https://github.com/tootsuite/mastodon/pull/11505))
- Fix jumping of toot date when clicking spoiler button ([ariasuni](https://github.com/tootsuite/mastodon/pull/11449))
- Fix boost to original audience not working on mobile in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11371))
- Fix handling of webfinger redirects in ResolveAccountService ([ThibG](https://github.com/tootsuite/mastodon/pull/11279))
- Fix URLs appearing twice in errors of ActivityPub::DeliveryWorker ([Gargron](https://github.com/tootsuite/mastodon/pull/11231))
- Fix support for HTTP proxies ([ThibG](https://github.com/tootsuite/mastodon/pull/11245))
- Fix HTTP requests to IPv6 hosts ([ThibG](https://github.com/tootsuite/mastodon/pull/11240))
- Fix error in ElasticSearch index import ([mayaeh](https://github.com/tootsuite/mastodon/pull/11192))
- Fix duplicate account error when seeding development database ([ysksn](https://github.com/tootsuite/mastodon/pull/11366))
- Fix performance of session clean-up scheduler ([abcang](https://github.com/tootsuite/mastodon/pull/11871))
- Fix older migrations not running ([zunda](https://github.com/tootsuite/mastodon/pull/11377))
- Fix URLs counting towards RTL detection ([ahangarha](https://github.com/tootsuite/mastodon/pull/11759))
- Fix unnecessary status re-rendering in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11211))
- Fix http_parser.rb gem not being compiled when no network available ([petabyteboy](https://github.com/tootsuite/mastodon/pull/11444))
- Fix muted text color not applying to all text ([trwnh](https://github.com/tootsuite/mastodon/pull/11996))
- Fix follower/following lists resetting on back-navigation in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/11986))
- Fix n+1 query when approving multiple follow requests ([abcang](https://github.com/tootsuite/mastodon/pull/12004))
- Fix records not being indexed into ElasticSearch sometimes ([Gargron](https://github.com/tootsuite/mastodon/pull/12024))
- Fix needlessly indexing unsearchable statuses into ElasticSearch ([Gargron](https://github.com/tootsuite/mastodon/pull/12041))
- Fix new user bootstrapping crashing when to-be-followed accounts are invalid ([ThibG](https://github.com/tootsuite/mastodon/pull/12037))
- Fix featured hashtag URL being interpreted as media or replies tab ([Gargron](https://github.com/tootsuite/mastodon/pull/12048))
- Fix account counters being overwritten by parallel writes ([Gargron](https://github.com/tootsuite/mastodon/pull/12045))
### Security
- Fix performance of GIF re-encoding and always strip EXIF data from videos ([Gargron](https://github.com/tootsuite/mastodon/pull/12057))
## [2.9.3] - 2019-08-10
### Added
- Add GIF and WebP support for custom emojis ([Gargron](https://github.com/tootsuite/mastodon/pull/11519))
- Add logout link to dropdown menu in web UI ([koyuawsmbrtn](https://github.com/tootsuite/mastodon/pull/11353))
- Add indication that text search is unavailable in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11112), [ThibG](https://github.com/tootsuite/mastodon/pull/11202))
- Add `suffix` to `Mastodon::Version` to help forks ([clarfon](https://github.com/tootsuite/mastodon/pull/11407))
- Add on-hover animation to animated custom emoji in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11348), [ThibG](https://github.com/tootsuite/mastodon/pull/11404), [ThibG](https://github.com/tootsuite/mastodon/pull/11522))
- Add custom emoji support in profile metadata labels ([ThibG](https://github.com/tootsuite/mastodon/pull/11350))
### Changed
- Change default interface of web and streaming from 0.0.0.0 to 127.0.0.1 ([Gargron](https://github.com/tootsuite/mastodon/pull/11302), [zunda](https://github.com/tootsuite/mastodon/pull/11378), [Gargron](https://github.com/tootsuite/mastodon/pull/11351), [zunda](https://github.com/tootsuite/mastodon/pull/11326))
- Change the retry limit of web push notifications ([highemerly](https://github.com/tootsuite/mastodon/pull/11292))
- Change ActivityPub deliveries to not retry HTTP 501 errors ([Gargron](https://github.com/tootsuite/mastodon/pull/11233))
- Change language detection to include hashtags as words ([Gargron](https://github.com/tootsuite/mastodon/pull/11341))
- Change terms and privacy policy pages to always be accessible ([Gargron](https://github.com/tootsuite/mastodon/pull/11334))
- Change robots tag to include `noarchive` when user opts out of indexing ([Kjwon15](https://github.com/tootsuite/mastodon/pull/11421))
### Fixed
- Fix account domain block not clearing out notifications ([Gargron](https://github.com/tootsuite/mastodon/pull/11393))
- Fix incorrect locale sometimes being detected for browser ([Gargron](https://github.com/tootsuite/mastodon/pull/8657))
- Fix crash when saving invalid domain name ([Gargron](https://github.com/tootsuite/mastodon/pull/11528))
- Fix pinned statuses REST API returning pagination headers ([Gargron](https://github.com/tootsuite/mastodon/pull/11526))
- Fix "cancel follow request" button having unreadable text in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/11521))
- Fix image uploads being blank when canvas read access is blocked ([ThibG](https://github.com/tootsuite/mastodon/pull/11499))
- Fix avatars not being animated on hover when not logged in ([ThibG](https://github.com/tootsuite/mastodon/pull/11349))
- Fix overzealous sanitization of HTML lists ([ThibG](https://github.com/tootsuite/mastodon/pull/11354))
- Fix block crashing when a follow request exists ([ThibG](https://github.com/tootsuite/mastodon/pull/11288))
- Fix backup service crashing when an attachment is missing ([ThibG](https://github.com/tootsuite/mastodon/pull/11241))
- Fix account moderation action always sending e-mail notification ([Gargron](https://github.com/tootsuite/mastodon/pull/11242))
- Fix swiping columns on mobile sometimes failing in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11200))
- Fix wrong actor URI being serialized into poll updates ([ThibG](https://github.com/tootsuite/mastodon/pull/11194))
- Fix statsd UDP sockets not being cleaned up in Sidekiq ([Gargron](https://github.com/tootsuite/mastodon/pull/11230))
- Fix expiration date of filters being set to "never" when editing them ([ThibG](https://github.com/tootsuite/mastodon/pull/11204))
- Fix support for MP4 files that are actually M4V files ([Gargron](https://github.com/tootsuite/mastodon/pull/11210))
- Fix `alerts` not being typecast correctly in push subscription in REST API ([Gargron](https://github.com/tootsuite/mastodon/pull/11343))
- Fix some notices staying on unrelated pages ([ThibG](https://github.com/tootsuite/mastodon/pull/11364))
- Fix unboosting sometimes preventing a boost from reappearing on feed ([ThibG](https://github.com/tootsuite/mastodon/pull/11405), [Gargron](https://github.com/tootsuite/mastodon/pull/11450))
- Fix only one middle dot being recognized in hashtags ([Gargron](https://github.com/tootsuite/mastodon/pull/11345), [ThibG](https://github.com/tootsuite/mastodon/pull/11363))
- Fix unnecessary SQL query performed on unauthenticated requests ([Gargron](https://github.com/tootsuite/mastodon/pull/11179))
- Fix incorrect timestamp displayed on featured tags ([Kjwon15](https://github.com/tootsuite/mastodon/pull/11477))
- Fix privacy dropdown active state when dropdown is placed on top of it ([ThibG](https://github.com/tootsuite/mastodon/pull/11495))
- Fix filters not being applied to poll options ([ThibG](https://github.com/tootsuite/mastodon/pull/11174))
- Fix keyboard navigation on various dropdowns ([ThibG](https://github.com/tootsuite/mastodon/pull/11511), [ThibG](https://github.com/tootsuite/mastodon/pull/11492), [ThibG](https://github.com/tootsuite/mastodon/pull/11491))
- Fix keyboard navigation in modals ([ThibG](https://github.com/tootsuite/mastodon/pull/11493))
- Fix image conversation being non-deterministic due to timestamps ([Gargron](https://github.com/tootsuite/mastodon/pull/11408))
- Fix web UI performance ([ThibG](https://github.com/tootsuite/mastodon/pull/11211), [ThibG](https://github.com/tootsuite/mastodon/pull/11234))
- Fix scrolling to compose form when not necessary in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11246), [ThibG](https://github.com/tootsuite/mastodon/pull/11182))
- Fix save button being enabled when list title is empty in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11475))
- Fix poll expiration not being pre-filled on delete & redraft in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11203))
- Fix content warning sometimes being set when not requested in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/11206))
### Security
- Fix invites not being disabled upon account suspension ([ThibG](https://github.com/tootsuite/mastodon/pull/11412))
- Fix blocked domains still being able to fill database with account records ([Gargron](https://github.com/tootsuite/mastodon/pull/11219))
## [2.9.2] - 2019-06-22
### Added
- Add `short_description` and `approval_required` to `GET /api/v1/instance` ([Gargron](https://github.com/tootsuite/mastodon/pull/11146))
### Changed
- Change camera icon to paperclip icon in upload form ([koyuawsmbrtn](https://github.com/tootsuite/mastodon/pull/11149))
### Fixed
- Fix audio-only OGG and WebM files not being processed as such ([Gargron](https://github.com/tootsuite/mastodon/pull/11151))
- Fix audio not being downloaded from remote servers ([Gargron](https://github.com/tootsuite/mastodon/pull/11145))
## [2.9.1] - 2019-06-22
### Added
- Add moderation API ([Gargron](https://github.com/tootsuite/mastodon/pull/9387))
- Add audio uploads ([Gargron](https://github.com/tootsuite/mastodon/pull/11123), [Gargron](https://github.com/tootsuite/mastodon/pull/11141))
### Changed
- Change domain blocks to automatically support subdomains ([Gargron](https://github.com/tootsuite/mastodon/pull/11138))
- Change Nanobox configuration to bring it up to date ([danhunsaker](https://github.com/tootsuite/mastodon/pull/11083))
### Removed
- Remove expensive counters from federation page in admin UI ([Gargron](https://github.com/tootsuite/mastodon/pull/11139))
### Fixed
- Fix converted media being saved with original extension and mime type ([Gargron](https://github.com/tootsuite/mastodon/pull/11130))
- Fix layout of identity proofs settings ([acid-chicken](https://github.com/tootsuite/mastodon/pull/11126))
- Fix active scope only returning suspended users ([ThibG](https://github.com/tootsuite/mastodon/pull/11111))
- Fix sanitizer making block level elements unreadable ([Gargron](https://github.com/tootsuite/mastodon/pull/10836))
- Fix label for site theme not being translated in admin UI ([palindromordnilap](https://github.com/tootsuite/mastodon/pull/11121))
- Fix statuses not being filtered irreversibly in web UI under some circumstances ([ThibG](https://github.com/tootsuite/mastodon/pull/11113))
- Fix scrolling behaviour in compose form ([ThibG](https://github.com/tootsuite/mastodon/pull/11093))
## [2.9.0] - 2019-06-13
### Added
- **Add single-column mode in web UI** ([Gargron](https://github.com/tootsuite/mastodon/pull/10807), [Gargron](https://github.com/tootsuite/mastodon/pull/10848), [Gargron](https://github.com/tootsuite/mastodon/pull/11003), [Gargron](https://github.com/tootsuite/mastodon/pull/10961), [Hanage999](https://github.com/tootsuite/mastodon/pull/10915), [noellabo](https://github.com/tootsuite/mastodon/pull/10917), [abcang](https://github.com/tootsuite/mastodon/pull/10859), [Gargron](https://github.com/tootsuite/mastodon/pull/10820), [Gargron](https://github.com/tootsuite/mastodon/pull/10835), [Gargron](https://github.com/tootsuite/mastodon/pull/10809), [Gargron](https://github.com/tootsuite/mastodon/pull/10963), [noellabo](https://github.com/tootsuite/mastodon/pull/10883), [Hanage999](https://github.com/tootsuite/mastodon/pull/10839))
- Add waiting time to the list of pending accounts in admin UI ([Gargron](https://github.com/tootsuite/mastodon/pull/10985))
- Add a keyboard shortcut to hide/show media in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/10647), [Gargron](https://github.com/tootsuite/mastodon/pull/10838), [ThibG](https://github.com/tootsuite/mastodon/pull/10872))
- Add `account_id` param to `GET /api/v1/notifications` ([pwoolcoc](https://github.com/tootsuite/mastodon/pull/10796))
- Add confirmation modal for unboosting toots in web UI ([aurelien-reeves](https://github.com/tootsuite/mastodon/pull/10287))
- Add emoji suggestions to content warning and poll option fields in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/10555))
- Add `source` attribute to response of `DELETE /api/v1/statuses/:id` ([ThibG](https://github.com/tootsuite/mastodon/pull/10669))
- Add some caching for HTML versions of public status pages ([ThibG](https://github.com/tootsuite/mastodon/pull/10701))
- Add button to conveniently copy OAuth code ([ThibG](https://github.com/tootsuite/mastodon/pull/11065))
### Changed
- **Change default layout to single column in web UI** ([Gargron](https://github.com/tootsuite/mastodon/pull/10847))
- **Change light theme** ([Gargron](https://github.com/tootsuite/mastodon/pull/10992), [Gargron](https://github.com/tootsuite/mastodon/pull/10996), [yuzulabo](https://github.com/tootsuite/mastodon/pull/10754), [Gargron](https://github.com/tootsuite/mastodon/pull/10845))
- **Change preferences page into appearance, notifications, and other** ([Gargron](https://github.com/tootsuite/mastodon/pull/10977), [Gargron](https://github.com/tootsuite/mastodon/pull/10988))
- Change priority of delete activity forwards for replies and reblogs ([Gargron](https://github.com/tootsuite/mastodon/pull/11002))
- Change Mastodon logo to use primary text color of the given theme ([Gargron](https://github.com/tootsuite/mastodon/pull/10994))
- Change reblogs counter to be updated when boosted privately ([Gargron](https://github.com/tootsuite/mastodon/pull/10964))
- Change bio limit from 160 to 500 characters ([trwnh](https://github.com/tootsuite/mastodon/pull/10790))
- Change API rate limiting to reduce allowed unauthenticated requests ([ThibG](https://github.com/tootsuite/mastodon/pull/10860), [hinaloe](https://github.com/tootsuite/mastodon/pull/10868), [mayaeh](https://github.com/tootsuite/mastodon/pull/10867))
- Change help text of `tootctl emoji import` command to specify a gzipped TAR archive is required ([dariusk](https://github.com/tootsuite/mastodon/pull/11000))
- Change web UI to hide poll options behind content warnings ([ThibG](https://github.com/tootsuite/mastodon/pull/10983))
- Change silencing to ensure local effects and remote effects are the same for silenced local users ([ThibG](https://github.com/tootsuite/mastodon/pull/10575))
- Change `tootctl domains purge` to remove custom emoji as well ([Kjwon15](https://github.com/tootsuite/mastodon/pull/10721))
- Change Docker image to keep `apt` working ([SuperSandro2000](https://github.com/tootsuite/mastodon/pull/10830))
### Removed
- Remove `dist-upgrade` from Docker image ([SuperSandro2000](https://github.com/tootsuite/mastodon/pull/10822))
### Fixed
- Fix RTL layout not being RTL within the columns area in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/10990))
- Fix display of alternative text when a media attachment is not available in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/10981))
- Fix not being able to directly switch between list timelines in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/10973))
- Fix media sensitivity not being maintained in delete & redraft in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/10980))
- Fix emoji picker being always displayed in web UI ([noellabo](https://github.com/tootsuite/mastodon/pull/10979), [yuzulabo](https://github.com/tootsuite/mastodon/pull/10801), [wcpaez](https://github.com/tootsuite/mastodon/pull/10978))
- Fix potential private status leak through caching ([ThibG](https://github.com/tootsuite/mastodon/pull/10969))
- Fix refreshing featured toots when the new collection is empty in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/10971))
- Fix undoing domain block also undoing individual moderation on users from before the domain block ([ThibG](https://github.com/tootsuite/mastodon/pull/10660))
- Fix time not being local in the audit log ([yuzulabo](https://github.com/tootsuite/mastodon/pull/10751))
- Fix statuses removed by moderation re-appearing on subsequent fetches ([Kjwon15](https://github.com/tootsuite/mastodon/pull/10732))
- Fix misattribution of inlined announces if `attributedTo` isn't present in ActivityPub ([ThibG](https://github.com/tootsuite/mastodon/pull/10967))
- Fix `GET /api/v1/polls/:id` not requiring authentication for non-public polls ([Gargron](https://github.com/tootsuite/mastodon/pull/10960))
- Fix handling of blank poll options in ActivityPub ([ThibG](https://github.com/tootsuite/mastodon/pull/10946))
- Fix avatar preview aspect ratio on edit profile page ([Kjwon15](https://github.com/tootsuite/mastodon/pull/10931))
- Fix web push notifications not being sent for polls ([ThibG](https://github.com/tootsuite/mastodon/pull/10864))
- Fix cut off letters in last paragraph of statuses in web UI ([ariasuni](https://github.com/tootsuite/mastodon/pull/10821))
- Fix list not being automatically unpinned when it returns 404 in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/11045))
- Fix login sometimes redirecting to paths that are not pages ([Gargron](https://github.com/tootsuite/mastodon/pull/11019))
## [2.8.4] - 2019-05-24
### Fixed
- Fix delivery not retrying on some inbox errors that should be retriable ([ThibG](https://github.com/tootsuite/mastodon/pull/10812))
- Fix unnecessary 5 minute cooldowns on signature verifications in some cases ([ThibG](https://github.com/tootsuite/mastodon/pull/10813))
- Fix possible race condition when processing statuses ([ThibG](https://github.com/tootsuite/mastodon/pull/10815))
### Security
- Require specific OAuth scopes for specific endpoints of the streaming API, instead of merely requiring a token for all endpoints, and allow using WebSockets protocol negotiation to specify the access token instead of using a query string ([ThibG](https://github.com/tootsuite/mastodon/pull/10818))
## [2.8.3] - 2019-05-19
### Added
- Add `og:image:alt` OpenGraph tag ([BenLubar](https://github.com/tootsuite/mastodon/pull/10779))
- Add clickable area below avatar in statuses in web UI ([Dar13](https://github.com/tootsuite/mastodon/pull/10766))
- Add crossed-out eye icon on account gallery in web UI ([Kjwon15](https://github.com/tootsuite/mastodon/pull/10715))
- Add media description tooltip to thumbnails in web UI ([ThibG](https://github.com/tootsuite/mastodon/pull/10713))
### Changed
- Change "mark as sensitive" button into a checkbox for clarity ([ThibG](https://github.com/tootsuite/mastodon/pull/10748))
### Fixed
- Fix bug allowing users to publicly boost their private statuses ([ThibG](https://github.com/tootsuite/mastodon/pull/10775), [ThibG](https://github.com/tootsuite/mastodon/pull/10783))
- Fix performance in formatter by a little ([ThibG](https://github.com/tootsuite/mastodon/pull/10765))
- Fix some colors in the light theme ([yuzulabo](https://github.com/tootsuite/mastodon/pull/10754))
- Fix some colors of the high contrast theme ([yuzulabo](https://github.com/tootsuite/mastodon/pull/10711))
- Fix ambivalent active state of poll refresh button in web UI ([MaciekBaron](https://github.com/tootsuite/mastodon/pull/10720))
- Fix duplicate posting being possible from web UI ([hinaloe](https://github.com/tootsuite/mastodon/pull/10785))
- Fix "invited by" not showing up in admin UI ([ThibG](https://github.com/tootsuite/mastodon/pull/10791))
## [2.8.2] - 2019-05-05
### Added

2
CODE_OF_CONDUCT.md
View File

@ -34,7 +34,7 @@ This Code of Conduct applies both within project spaces and in public spaces whe
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at glitch-abuse@sitedethib.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at beatrix.bitrot@gmail.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.

6
CONTRIBUTING.md
View File

@ -48,13 +48,11 @@ If your contributions are accepted into Mastodon, you can request to be paid thr
## Bug reports
Bug reports and feature suggestions must use descriptive and concise titles and be submitted to [GitHub Issues](https://github.com/tootsuite/mastodon/issues). Please use the search function to make sure that you are not submitting duplicates, and that a similar report or request has not already been resolved or rejected.
Bug reports and feature suggestions can be submitted to [GitHub Issues](https://github.com/tootsuite/mastodon/issues). Please make sure that you are not submitting duplicates, and that a similar report or request has not already been resolved or rejected in the past using the search function. Please also use descriptive, concise titles.
## Translations
You can submit translations via [Crowdin](https://crowdin.com/project/mastodon). They are periodically merged into the codebase.
[![Crowdin](https://d322cqt584bo4o.cloudfront.net/mastodon/localized.svg)](https://crowdin.com/project/mastodon)
You can submit translations via pull request.
## Pull requests

34
Dockerfile
View File

@ -3,21 +3,24 @@ FROM ubuntu:18.04 as build-dep
# Use bash for the shell
SHELL ["bash", "-c"]
# Install Node v12 (LTS)
ENV NODE_VER="12.13.1"
# Install Node
ENV NODE_VER="8.15.0"
RUN echo "Etc/UTC" > /etc/localtime && \
apt update && \
apt -y install wget python && \
apt -y dist-upgrade && \
apt -y install wget make gcc g++ python && \
cd ~ && \
wget https://nodejs.org/download/release/v$NODE_VER/node-v$NODE_VER-linux-x64.tar.gz && \
tar xf node-v$NODE_VER-linux-x64.tar.gz && \
rm node-v$NODE_VER-linux-x64.tar.gz && \
mv node-v$NODE_VER-linux-x64 /opt/node
wget https://nodejs.org/download/release/v$NODE_VER/node-v$NODE_VER.tar.gz && \
tar xf node-v$NODE_VER.tar.gz && \
cd node-v$NODE_VER && \
./configure --prefix=/opt/node && \
make -j$(nproc) > /dev/null && \
make install
# Install jemalloc
ENV JE_VER="5.2.1"
ENV JE_VER="5.1.0"
RUN apt update && \
apt -y install make autoconf gcc g++ && \
apt -y install autoconf && \
cd ~ && \
wget https://github.com/jemalloc/jemalloc/archive/$JE_VER.tar.gz && \
tar xf $JE_VER.tar.gz && \
@ -28,7 +31,7 @@ RUN apt update && \
make install_bin install_include install_lib
# Install ruby
ENV RUBY_VER="2.6.5"
ENV RUBY_VER="2.6.1"
ENV CPPFLAGS="-I/opt/jemalloc/include"
ENV LDFLAGS="-L/opt/jemalloc/lib/"
RUN apt update && \
@ -77,12 +80,13 @@ ARG GID=991
RUN apt update && \
echo "Etc/UTC" > /etc/localtime && \
ln -s /opt/jemalloc/lib/* /usr/lib/ && \
apt -y dist-upgrade && \
apt install -y whois wget && \
addgroup --gid $GID mastodon && \
useradd -m -u $UID -g $GID -d /opt/mastodon mastodon && \
echo "mastodon:`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 | mkpasswd -s -m sha-256`" | chpasswd
# Install mastodon runtime deps
# Install masto runtime deps
RUN apt -y --no-install-recommends install \
libssl1.1 libpq5 imagemagick ffmpeg \
libicu60 libprotobuf10 libidn11 libyaml-0-2 \
@ -91,7 +95,7 @@ RUN apt -y --no-install-recommends install \
ln -s /opt/mastodon /mastodon && \
gem install bundler && \
rm -rf /var/cache && \
rm -rf /var/lib/apt/lists/*
rm -rf /var/lib/apt
# Add tini
ENV TINI_VERSION="0.18.0"
@ -100,17 +104,16 @@ ADD https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini /tin
RUN echo "$TINI_SUM tini" | sha256sum -c -
RUN chmod +x /tini
# Copy over mastodon source, and dependencies from building, and set permissions
# Copy over masto source, and dependencies from building, and set permissions
COPY --chown=mastodon:mastodon . /opt/mastodon
COPY --from=build-dep --chown=mastodon:mastodon /opt/mastodon /opt/mastodon
# Run mastodon services in prod mode
# Run masto services in prod mode
ENV RAILS_ENV="production"
ENV NODE_ENV="production"
# Tell rails to serve static files
ENV RAILS_SERVE_STATIC_FILES="true"
ENV BIND="0.0.0.0"
# Set the run user
USER mastodon
@ -123,4 +126,3 @@ RUN cd ~ && \
# Set the work dir and the container entry point
WORKDIR /opt/mastodon
ENTRYPOINT ["/tini", "--"]
EXPOSE 3000 4000

91
Gemfile
View File

@ -3,19 +3,19 @@
source 'https://rubygems.org'
ruby '>= 2.4.0', '< 2.7.0'
gem 'pkg-config', '~> 1.4'
gem 'pkg-config', '~> 1.3'
gem 'puma', '~> 4.3'
gem 'puma', '~> 3.12'
gem 'rails', '~> 5.2.3'
gem 'thor', '~> 0.20'
gem 'hamlit-rails', '~> 0.2'
gem 'pg', '~> 1.1'
gem 'makara', '~> 0.4'
gem 'pghero', '~> 2.4'
gem 'pghero', '~> 2.2'
gem 'dotenv-rails', '~> 2.7'
gem 'aws-sdk-s3', '~> 1.57', require: false
gem 'aws-sdk-s3', '~> 1.39', require: false
gem 'fog-core', '<= 2.1.0'
gem 'fog-openstack', '~> 0.3', require: false
gem 'paperclip', '~> 6.0'
@ -24,92 +24,84 @@ gem 'streamio-ffmpeg', '~> 3.0'
gem 'blurhash', '~> 0.1'
gem 'active_model_serializers', '~> 0.10'
gem 'addressable', '~> 2.7'
gem 'addressable', '~> 2.6'
gem 'bootsnap', '~> 1.4', require: false
gem 'browser'
gem 'charlock_holmes', '~> 0.7.7'
gem 'charlock_holmes', '~> 0.7.6'
gem 'iso-639'
gem 'chewy', '~> 5.1'
gem 'cld3', '~> 3.2.4'
gem 'devise', '~> 4.7'
gem 'devise-two-factor', '~> 3.1'
gem 'chewy', '~> 5.0'
gem 'devise', '~> 4.6'
gem 'devise-two-factor', '~> 3.0'
group :pam_authentication, optional: true do
gem 'devise_pam_authenticatable2', '~> 9.2'
end
gem 'net-ldap', '~> 0.16'
gem 'net-ldap', '~> 0.10'
gem 'omniauth-cas', '~> 1.1'
gem 'omniauth-saml', '~> 1.10'
gem 'omniauth', '~> 1.9'
gem 'discard', '~> 1.1'
gem 'doorkeeper', '~> 5.2'
gem 'doorkeeper', '~> 5.1'
gem 'fast_blank', '~> 1.0'
gem 'fastimage'
gem 'goldfinger', '~> 2.1'
gem 'hiredis', '~> 0.6'
gem 'redis-namespace', '~> 1.5'
gem 'health_check', git: 'https://github.com/ianheggie/health_check', ref: '0b799ead604f900ed50685e9b2d469cd2befba5b'
gem 'html2text'
gem 'htmlentities', '~> 4.3'
gem 'http', '~> 3.3'
gem 'http_accept_language', '~> 2.1'
gem 'http_parser.rb', '~> 0.6', git: 'https://github.com/tmm1/http_parser.rb', ref: '54b17ba8c7d8d20a16dfc65d1775241833219cf2', submodules: true
gem 'httplog', '~> 1.3'
gem 'http_parser.rb', '~> 0.6', git: 'https://github.com/tmm1/http_parser.rb', ref: '54b17ba8c7d8d20a16dfc65d1775241833219cf2'
gem 'httplog', '~> 1.2'
gem 'idn-ruby', require: 'idn'
gem 'kaminari', '~> 1.1'
gem 'link_header', '~> 0.0'
gem 'mime-types', '~> 3.3', require: 'mime/types/columnar'
gem 'nilsimsa', git: 'https://github.com/witgo/nilsimsa', ref: 'fd184883048b922b176939f851338d0a4971a532'
gem 'mime-types', '~> 3.2', require: 'mime/types/columnar'
gem 'nokogiri', '~> 1.10'
gem 'nsa', '~> 0.2'
gem 'oj', '~> 3.9'
gem 'ostatus2', '~> 2.0'
gem 'ox', '~> 2.11'
gem 'parslet'
gem 'parallel', '~> 1.19'
gem 'oj', '~> 3.7'
gem 'ox', '~> 2.10'
gem 'posix-spawn', git: 'https://github.com/rtomayko/posix-spawn', ref: '58465d2e213991f8afb13b984854a49fcdcc980c'
gem 'pundit', '~> 2.1'
gem 'pundit', '~> 2.0'
gem 'premailer-rails'
gem 'rack-attack', '~> 6.2'
gem 'rack-cors', '~> 1.1', require: 'rack/cors'
gem 'rack-attack', '~> 6.0'
gem 'rack-cors', '~> 1.0', require: 'rack/cors'
gem 'rails-i18n', '~> 5.1'
gem 'rails-settings-cached', '~> 0.6'
gem 'redis', '~> 4.1', require: ['redis', 'redis/connection/hiredis']
gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
gem 'rqrcode', '~> 0.10'
gem 'ruby-progressbar', '~> 1.10'
gem 'sanitize', '~> 5.1'
gem 'sanitize', '~> 5.0'
gem 'sidekiq', '~> 5.2'
gem 'sidekiq-scheduler', '~> 3.0'
gem 'sidekiq-unique-jobs', '~> 6.0'
gem 'sidekiq-bulk', '~>0.2.0'
gem 'simple-navigation', '~> 4.1'
gem 'simple_form', '~> 5.0'
gem 'simple-navigation', '~> 4.0'
gem 'simple_form', '~> 4.1'
gem 'sprockets-rails', '~> 3.2', require: 'sprockets/railtie'
gem 'stoplight', '~> 2.2.0'
gem 'strong_migrations', '~> 0.4'
gem 'tty-command', '~> 0.9', require: false
gem 'tty-prompt', '~> 0.20', require: false
gem 'stoplight', '~> 2.1.3'
gem 'strong_migrations', '~> 0.3'
gem 'tty-command', '~> 0.8', require: false
gem 'tty-prompt', '~> 0.18', require: false
gem 'twitter-text', '~> 1.14'
gem 'tzinfo-data', '~> 1.2019'
gem 'webpacker', '~> 4.2'
gem 'webpacker', '~> 4.0'
gem 'webpush'
gem 'json-ld', git: 'https://github.com/ruby-rdf/json-ld.git', ref: 'e742697a0906e74e8bb777ef98137bc3955d981d'
gem 'json-ld', '~> 3.0'
gem 'json-ld-preloaded', '~> 3.0'
gem 'rdf-normalize', '~> 0.3'
gem 'redcarpet', '~> 3.4'
group :development, :test do
gem 'fabrication', '~> 2.21'
gem 'fuubar', '~> 2.5'
gem 'fabrication', '~> 2.20'
gem 'fuubar', '~> 2.3'
gem 'i18n-tasks', '~> 0.9', require: false
gem 'pry-byebug', '~> 3.7'
gem 'pry-rails', '~> 0.3'
gem 'rspec-rails', '~> 3.9'
gem 'rspec-rails', '~> 3.8'
end
group :production, :test do
@ -117,30 +109,30 @@ group :production, :test do
end
group :test do
gem 'capybara', '~> 3.29'
gem 'capybara', '~> 3.20'
gem 'climate_control', '~> 0.2'
gem 'faker', '~> 2.8'
gem 'faker', '~> 1.9'
gem 'microformats', '~> 4.1'
gem 'rails-controller-testing', '~> 1.0'
gem 'rspec-sidekiq', '~> 3.0'
gem 'simplecov', '~> 0.17', require: false
gem 'webmock', '~> 3.7'
gem 'simplecov', '~> 0.16', require: false
gem 'webmock', '~> 3.5'
gem 'parallel_tests', '~> 2.29'
end
group :development do
gem 'active_record_query_trace', '~> 1.7'
gem 'annotate', '~> 3.0'
gem 'active_record_query_trace', '~> 1.6'
gem 'annotate', '~> 2.7'
gem 'better_errors', '~> 2.5'
gem 'binding_of_caller', '~> 0.7'
gem 'bullet', '~> 6.0'
gem 'letter_opener', '~> 1.7'
gem 'letter_opener_web', '~> 1.3'
gem 'memory_profiler'
gem 'rubocop', '~> 0.76', require: false
gem 'rubocop-rails', '~> 2.4', require: false
gem 'brakeman', '~> 4.7', require: false
gem 'rubocop', '~> 0.69', require: false
gem 'brakeman', '~> 4.5', require: false
gem 'bundler-audit', '~> 0.6', require: false
gem 'scss_lint', '~> 0.58', require: false
gem 'capistrano', '~> 3.11'
gem 'capistrano-rails', '~> 1.4'
@ -157,4 +149,5 @@ group :production do
end
gem 'concurrent-ruby', require: false
gem 'connection_pool', require: false
gem "ruby-bbcode", "~> 2.0"

454
Gemfile.lock
View File

@ -1,11 +1,3 @@
GIT
remote: https://github.com/ianheggie/health_check
revision: 0b799ead604f900ed50685e9b2d469cd2befba5b
ref: 0b799ead604f900ed50685e9b2d469cd2befba5b
specs:
health_check (4.0.0.pre)
rails (>= 4.0)
GIT
remote: https://github.com/rtomayko/posix-spawn
revision: 58465d2e213991f8afb13b984854a49fcdcc980c
@ -13,34 +5,13 @@ GIT
specs:
posix-spawn (0.3.13)
GIT
remote: https://github.com/ruby-rdf/json-ld.git
revision: e742697a0906e74e8bb777ef98137bc3955d981d
ref: e742697a0906e74e8bb777ef98137bc3955d981d
specs:
json-ld (3.0.2)
htmlentities (~> 4.3)
json-canonicalization (~> 0.1)
link_header (~> 0.0, >= 0.0.8)
multi_json (~> 1.13)
rack (>= 1.6, < 3.0)
rdf (~> 3.0, >= 3.0.8)
GIT
remote: https://github.com/tmm1/http_parser.rb
revision: 54b17ba8c7d8d20a16dfc65d1775241833219cf2
ref: 54b17ba8c7d8d20a16dfc65d1775241833219cf2
submodules: true
specs:
http_parser.rb (0.6.1)
GIT
remote: https://github.com/witgo/nilsimsa
revision: fd184883048b922b176939f851338d0a4971a532
ref: fd184883048b922b176939f851338d0a4971a532
specs:
nilsimsa (1.1.2)
GEM
remote: https://rubygems.org/
specs:
@ -67,12 +38,12 @@ GEM
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
active_model_serializers (0.10.10)
actionpack (>= 4.1, < 6.1)
activemodel (>= 4.1, < 6.1)
active_model_serializers (0.10.9)
actionpack (>= 4.1, < 6)
activemodel (>= 4.1, < 6)
case_transform (>= 0.2)
jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
active_record_query_trace (1.7)
active_record_query_trace (1.6.2)
activejob (5.2.3)
activesupport (= 5.2.3)
globalid (>= 0.3.6)
@ -91,13 +62,13 @@ GEM
i18n (>= 0.7, < 2)
minitest (~> 5.1)
tzinfo (~> 1.1)
addressable (2.7.0)
public_suffix (>= 2.0.2, < 5.0)
airbrussh (1.3.4)
addressable (2.6.0)
public_suffix (>= 2.0.2, < 4.0)
airbrussh (1.3.0)
sshkit (>= 1.6.1, != 1.7.0)
annotate (3.0.3)
annotate (2.7.5)
activerecord (>= 3.2, < 7.0)
rake (>= 10.4, < 14.0)
rake (>= 10.4, < 13.0)
arel (9.0.0)
ast (2.4.0)
attr_encrypted (3.1.0)
@ -105,19 +76,19 @@ GEM
av (0.9.0)
cocaine (~> 0.5.3)
aws-eventstream (1.0.3)
aws-partitions (1.246.0)
aws-sdk-core (3.82.0)
aws-partitions (1.162.0)
aws-sdk-core (3.52.1)
aws-eventstream (~> 1.0, >= 1.0.2)
aws-partitions (~> 1, >= 1.239.0)
aws-partitions (~> 1.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1.0)
aws-sdk-kms (1.26.0)
aws-sdk-core (~> 3, >= 3.71.0)
aws-sdk-kms (1.20.0)
aws-sdk-core (~> 3, >= 3.52.1)
aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.57.0)
aws-sdk-core (~> 3, >= 3.77.0)
aws-sdk-s3 (1.39.0)
aws-sdk-core (~> 3, >= 3.52.1)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.1)
aws-sigv4 (~> 1.0)
aws-sigv4 (1.1.0)
aws-eventstream (~> 1.0, >= 1.0.2)
bcrypt (3.1.12)
@ -130,19 +101,19 @@ GEM
debug_inspector (>= 0.0.1)
blurhash (0.1.3)
ffi (~> 1.10.0)
bootsnap (1.4.5)
bootsnap (1.4.4)
msgpack (~> 1.0)
brakeman (4.7.2)
browser (2.7.1)
brakeman (4.5.1)
browser (2.5.3)
builder (3.2.3)
bullet (6.0.2)
bullet (6.0.0)
activesupport (>= 3.0.0)
uniform_notifier (~> 1.11)
bundler-audit (0.6.1)
bundler (>= 1.2.0, < 3)
thor (~> 0.18)
byebug (11.0.0)
capistrano (3.11.2)
capistrano (3.11.0)
airbrussh (>= 1.0.0)
i18n
rake (>= 10.0.0)
@ -158,24 +129,23 @@ GEM
sshkit (~> 1.3)
capistrano-yarn (2.0.2)
capistrano (~> 3.0)
capybara (3.29.0)
capybara (3.20.0)
addressable
mini_mime (>= 0.1.3)
nokogiri (~> 1.8)
rack (>= 1.6.0)
rack-test (>= 0.6.3)
regexp_parser (~> 1.5)
regexp_parser (~> 1.2)
uglifier
xpath (~> 3.2)
case_transform (0.2)
activesupport
charlock_holmes (0.7.7)
chewy (5.1.0)
charlock_holmes (0.7.6)
chewy (5.0.0)
activesupport (>= 4.0)
elasticsearch (>= 2.0.0)
elasticsearch-dsl
chunky_png (1.3.10)
cld3 (3.2.4)
ffi (>= 1.1.0, < 1.11.0)
climate_control (0.2.0)
cocaine (0.5.8)
climate_control (>= 0.0.3, < 1.0)
@ -184,68 +154,66 @@ GEM
connection_pool (2.2.2)
crack (0.4.3)
safe_yaml (~> 1.0.0)
crass (1.0.5)
css_parser (1.7.0)
crass (1.0.4)
css_parser (1.6.0)
addressable
debug_inspector (0.0.3)
derailed_benchmarks (1.4.2)
derailed_benchmarks (1.3.5)
benchmark-ips (~> 2)
get_process_mem (~> 0)
heapy (~> 0)
memory_profiler (~> 0)
rack (>= 1)
rake (> 10, < 14)
ruby-statistics (>= 2.1)
rake (> 10, < 13)
thor (~> 0.19)
devise (4.7.1)
devise (4.6.2)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0)
railties (>= 4.1.0, < 6.0)
responders
warden (~> 1.2.3)
devise-two-factor (3.1.0)
activesupport (< 6.1)
devise-two-factor (3.0.3)
activesupport (< 5.3)
attr_encrypted (>= 1.3, < 4, != 2)
devise (~> 4.0)
railties (< 6.1)
railties (< 5.3)
rotp (~> 2.0)
devise_pam_authenticatable2 (9.2.0)
devise (>= 4.0.0)
rpam2 (~> 4.0)
diff-lcs (1.3)
discard (1.1.0)
activerecord (>= 4.2, < 7)
docile (1.3.2)
docile (1.3.0)
domain_name (0.5.20180417)
unf (>= 0.0.5, < 1.0.0)
doorkeeper (5.2.2)
doorkeeper (5.1.0)
railties (>= 5)
dotenv (2.7.5)
dotenv-rails (2.7.5)
dotenv (= 2.7.5)
dotenv (2.7.2)
dotenv-rails (2.7.2)
dotenv (= 2.7.2)
railties (>= 3.2, < 6.1)
elasticsearch (7.3.0)
elasticsearch-api (= 7.3.0)
elasticsearch-transport (= 7.3.0)
elasticsearch-api (7.3.0)
elasticsearch (6.0.2)
elasticsearch-api (= 6.0.2)
elasticsearch-transport (= 6.0.2)
elasticsearch-api (6.0.2)
multi_json
elasticsearch-dsl (0.1.8)
elasticsearch-transport (7.3.0)
elasticsearch-dsl (0.1.5)
elasticsearch-transport (6.0.2)
faraday
multi_json
encryptor (3.0.0)
equatable (0.6.1)
erubi (1.9.0)
equatable (0.5.0)
erubi (1.8.0)
et-orbi (1.1.6)
tzinfo
excon (0.62.0)
fabrication (2.21.0)
faker (2.8.0)
i18n (>= 1.6, < 1.8)
faraday (0.15.4)
execjs (2.7.0)
fabrication (2.20.2)
faker (1.9.3)
i18n (>= 0.7)
faraday (0.15.0)
multipart-post (>= 1.2, < 3)
fast_blank (1.0.0)
fastimage (2.1.7)
fastimage (2.1.5)
ffi (1.10.0)
fog-core (2.1.0)
builder
@ -263,11 +231,10 @@ GEM
fugit (1.1.6)
et-orbi (~> 1.1, >= 1.1.6)
raabro (~> 1.1)
fuubar (2.5.0)
fuubar (2.3.2)
rspec-core (~> 3.0)
ruby-progressbar (~> 1.4)
get_process_mem (0.2.5)
ffi (~> 1.0)
get_process_mem (0.2.3)
globalid (0.4.2)
activesupport (>= 4.2.0)
goldfinger (2.1.0)
@ -286,7 +253,7 @@ GEM
railties (>= 4.0.1)
hamster (3.0.0)
concurrent-ruby (~> 1.0)
hashdiff (1.0.0)
hashdiff (0.3.7)
hashie (3.6.0)
heapy (0.1.4)
highline (2.0.1)
@ -304,10 +271,10 @@ GEM
domain_name (~> 0.5)
http-form_data (2.1.1)
http_accept_language (2.1.1)
httplog (1.3.3)
httplog (1.2.2)
rack (>= 1.0)
rainbow (>= 2.0.0)
i18n (1.7.0)
i18n (1.6.0)
concurrent-ruby (~> 1.0)
i18n-tasks (0.9.29)
activesupport (>= 4.0.2)
@ -322,15 +289,17 @@ GEM
idn-ruby (0.1.0)
ipaddress (0.8.3)
iso-639 (0.2.8)
jaro_winkler (1.5.4)
jaro_winkler (1.5.2)
jmespath (1.4.0)
json (2.2.0)
json-canonicalization (0.1.0)
json-ld-preloaded (3.0.4)
json (2.1.0)
json-ld (3.0.2)
multi_json (~> 1.12)
rdf (>= 2.2.8, < 4.0)
json-ld-preloaded (3.0.2)
json-ld (~> 3.0)
multi_json (~> 1.12)
rdf (~> 3.0)
jsonapi-renderer (0.2.2)
jsonapi-renderer (0.2.0)
jwt (2.1.0)
kaminari (1.1.1)
activesupport (>= 4.1.0)
@ -353,12 +322,12 @@ GEM
letter_opener (~> 1.0)
railties (>= 3.2)
link_header (0.0.8)
lograge (0.11.2)
lograge (0.11.0)
actionpack (>= 4)
activesupport (>= 4)
railties (>= 4)
request_store (~> 1.0)
loofah (2.3.1)
loofah (2.2.3)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
@ -369,37 +338,37 @@ GEM
mimemagic (~> 0.3.2)
mario-redis-lock (1.2.1)
redis (>= 3.0.5)
memory_profiler (0.9.14)
memory_profiler (0.9.13)
method_source (0.9.2)
microformats (4.1.0)
json (~> 2.1)
nokogiri (~> 1.8, >= 1.8.3)
mime-types (3.3)
mime-types (3.2.2)
mime-types-data (~> 3.2015)
mime-types-data (3.2019.0904)
mime-types-data (3.2018.0812)
mimemagic (0.3.3)
mini_mime (1.0.2)
mini_mime (1.0.1)
mini_portile2 (2.4.0)
minitest (5.13.0)
msgpack (1.3.1)
minitest (5.11.3)
msgpack (1.2.10)
multi_json (1.13.1)
multipart-post (2.1.1)
necromancer (0.5.1)
net-ldap (0.16.2)
net-scp (2.0.0)
net-ssh (>= 2.6.5, < 6.0.0)
net-ssh (5.2.0)
nio4r (2.5.2)
nokogiri (1.10.5)
multipart-post (2.0.0)
necromancer (0.4.0)
net-ldap (0.16.1)
net-scp (1.2.1)
net-ssh (>= 2.6.5)
net-ssh (5.0.2)
nio4r (2.3.1)
nokogiri (1.10.3)
mini_portile2 (~> 2.4.0)
nokogumbo (2.0.1)
nokogumbo (2.0.0)
nokogiri (~> 1.8, >= 1.8.4)
nsa (0.2.7)
activesupport (>= 4.2, < 6)
concurrent-ruby (~> 1.0, >= 1.0.2)
sidekiq (>= 3.5)
statsd-ruby (~> 1.4, >= 1.4.0)
oj (3.9.2)
oj (3.7.12)
omniauth (1.9.0)
hashie (>= 3.4.6, < 3.7.0)
rack (>= 1.6.2, < 3)
@ -411,11 +380,7 @@ GEM
omniauth (~> 1.3, >= 1.3.2)
ruby-saml (~> 1.7)
orm_adapter (0.5.0)
ostatus2 (2.0.3)
addressable (~> 2.5)
http (~> 3.0)
nokogiri (~> 1.8)
ox (2.11.0)
ox (2.10.0)
paperclip (6.0.0)
activemodel (>= 4.2.0)
activesupport (>= 4.2.0)
@ -425,25 +390,24 @@ GEM
paperclip-av-transcoder (0.6.4)
av (~> 0.9.0)
paperclip (>= 2.5.2)
parallel (1.19.1)
parallel_tests (2.29.2)
parallel (1.17.0)
parallel_tests (2.29.0)
parallel
parser (2.6.5.0)
parser (2.6.3.0)
ast (~> 2.4.0)
parslet (1.8.2)
pastel (0.7.3)
equatable (~> 0.6)
tty-color (~> 0.5)
pastel (0.7.2)
equatable (~> 0.5.0)
tty-color (~> 0.4.0)
pg (1.1.4)
pghero (2.4.1)
activerecord (>= 5)
pkg-config (1.4.0)
pghero (2.2.0)
activerecord
pkg-config (1.3.7)
premailer (1.11.1)
addressable
css_parser (>= 1.6.0)
htmlentities (>= 4.0.0)
premailer-rails (1.10.3)
actionmailer (>= 3)
premailer-rails (1.10.2)
actionmailer (>= 3, < 6)
premailer (~> 1.7, >= 1.7.9)
private_address_check (0.5.0)
pry (0.12.2)
@ -454,18 +418,16 @@ GEM
pry (~> 0.10)
pry-rails (0.3.9)
pry (>= 0.10.4)
public_suffix (4.0.1)
puma (4.3.1)
nio4r (~> 2.0)
pundit (2.1.0)
public_suffix (3.0.3)
puma (3.12.1)
pundit (2.0.1)
activesupport (>= 3.0.0)
raabro (1.1.6)
rack (2.0.7)
rack-attack (6.2.1)
rack-attack (6.0.0)
rack (>= 1.0, < 3)
rack-cors (1.1.0)
rack (>= 2.0.0)
rack-protection (2.0.7)
rack-cors (1.0.3)
rack-protection (2.0.5)
rack
rack-proxy (0.6.5)
rack
@ -491,8 +453,8 @@ GEM
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.3.0)
loofah (~> 2.3)
rails-html-sanitizer (1.0.4)
loofah (~> 2.2, >= 2.2.2)
rails-i18n (5.1.3)
i18n (>= 0.7, < 2)
railties (>= 5.0, < 6)
@ -505,14 +467,17 @@ GEM
rake (>= 0.8.7)
thor (>= 0.19.0, < 2.0)
rainbow (3.0.0)
rake (13.0.1)
rdf (3.0.12)
rake (12.3.2)
rb-fsevent (0.10.3)
rb-inotify (0.10.0)
ffi (~> 1.0)
rdf (3.0.9)
hamster (~> 3.0)
link_header (~> 0.0, >= 0.0.8)
rdf-normalize (0.3.3)
rdf (>= 2.2, < 4.0)
redcarpet (3.4.0)
redis (4.1.3)
redis (4.1.1)
redis-actionpack (5.0.2)
actionpack (>= 4.0, < 6)
redis-rack (>= 1, < 3)
@ -531,57 +496,63 @@ GEM
redis-store (>= 1.2, < 2)
redis-store (1.5.0)
redis (>= 2.2, < 5)
regexp_parser (1.6.0)
regexp_parser (1.5.0)
request_store (1.4.1)
rack (>= 1.4)
responders (3.0.0)
actionpack (>= 5.0)
railties (>= 5.0)
responders (2.4.1)
actionpack (>= 4.2.0, < 6.0)
railties (>= 4.2.0, < 6.0)
rotp (2.1.2)
rpam2 (4.0.2)
rqrcode (0.10.1)
chunky_png (~> 1.0)
rspec-core (3.9.0)
rspec-support (~> 3.9.0)
rspec-expectations (3.9.0)
rspec-core (3.8.0)
rspec-support (~> 3.8.0)
rspec-expectations (3.8.2)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.9.0)
rspec-mocks (3.9.0)
rspec-support (~> 3.8.0)
rspec-mocks (3.8.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.9.0)
rspec-rails (3.9.0)
rspec-support (~> 3.8.0)
rspec-rails (3.8.2)
actionpack (>= 3.0)
activesupport (>= 3.0)
railties (>= 3.0)
rspec-core (~> 3.9.0)
rspec-expectations (~> 3.9.0)
rspec-mocks (~> 3.9.0)
rspec-support (~> 3.9.0)
rspec-core (~> 3.8.0)
rspec-expectations (~> 3.8.0)
rspec-mocks (~> 3.8.0)
rspec-support (~> 3.8.0)
rspec-sidekiq (3.0.3)
rspec-core (~> 3.0, >= 3.0.0)
sidekiq (>= 2.4.0)
rspec-support (3.9.0)
rubocop (0.76.0)
rspec-support (3.8.0)
rubocop (0.69.0)
jaro_winkler (~> 1.5.1)
parallel (~> 1.10)
parser (>= 2.6)
rainbow (>= 2.2.2, < 4.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 1.7)
rubocop-rails (2.4.0)
rack (>= 1.1)
rubocop (>= 0.72.0)
ruby-progressbar (1.10.1)
ruby-bbcode (2.1.0)
activesupport (>= 4.2.2)
ruby-progressbar (1.10.0)
ruby-saml (1.9.0)
nokogiri (>= 1.5.10)
ruby-statistics (2.1.1)
rufus-scheduler (3.5.2)
fugit (~> 1.1, >= 1.1.5)
safe_yaml (1.0.5)
sanitize (5.1.0)
safe_yaml (1.0.4)
sanitize (5.0.0)
crass (~> 1.0.2)
nokogiri (>= 1.8.0)
nokogumbo (~> 2.0)
sass (3.7.4)
sass-listen (~> 4.0.0)
sass-listen (4.0.0)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
scss_lint (0.58.0)
rake (>= 0.9, < 13)
sass (~> 3.5, >= 3.5.5)
sidekiq (5.2.7)
connection_pool (~> 2.2, >= 2.2.2)
rack (>= 1.5.0)
@ -594,16 +565,16 @@ GEM
rufus-scheduler (~> 3.2)
sidekiq (>= 3)
tilt (>= 1.4.0)
sidekiq-unique-jobs (6.0.15)
sidekiq-unique-jobs (6.0.13)
concurrent-ruby (~> 1.0, >= 1.0.5)
sidekiq (>= 4.0, < 7.0)
thor (~> 0)
simple-navigation (4.1.0)
simple-navigation (4.0.5)
activesupport (>= 2.3.2)
simple_form (5.0.1)
simple_form (4.1.0)
actionpack (>= 5.0)
activemodel (>= 5.0)
simplecov (0.17.1)
simplecov (0.16.1)
docile (~> 1.1)
json (>= 1.8, < 3)
simplecov-html (~> 0.10.0)
@ -615,16 +586,16 @@ GEM
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (>= 3.0.0)
sshkit (1.20.0)
sshkit (1.17.0)
net-scp (>= 1.1.2)
net-ssh (>= 2.8.0)
stackprof (0.2.13)
stackprof (0.2.12)
statsd-ruby (1.4.0)
stoplight (2.2.0)
stoplight (2.1.3)
streamio-ffmpeg (3.0.2)
multi_json (~> 1.8)
strong_migrations (0.4.2)
activerecord (>= 5)
strong_migrations (0.3.1)
activerecord (>= 3.2.0)
temple (0.8.1)
terminal-table (1.8.0)
unicode-display_width (~> 1.1, >= 1.1.1)
@ -633,25 +604,30 @@ GEM
thor (0.20.3)
thread_safe (0.3.6)
tilt (2.0.9)
tty-color (0.5.0)
tty-command (0.9.0)
timers (4.2.0)
tty-color (0.4.3)
tty-command (0.8.2)
pastel (~> 0.7.0)
tty-cursor (0.7.0)
tty-prompt (0.20.0)
necromancer (~> 0.5.0)
tty-cursor (0.6.0)
tty-prompt (0.18.1)
necromancer (~> 0.4.0)
pastel (~> 0.7.0)
tty-reader (~> 0.7.0)
tty-reader (0.7.0)
tty-cursor (~> 0.7)
tty-screen (~> 0.7)
timers (~> 4.0)
tty-cursor (~> 0.6.0)
tty-reader (~> 0.5.0)
tty-reader (0.5.0)
tty-cursor (~> 0.6.0)
tty-screen (~> 0.6.4)
wisper (~> 2.0.0)
tty-screen (0.7.0)
tty-screen (0.6.5)
twitter-text (1.14.7)
unf (~> 0.1.0)
tzinfo (1.2.5)
thread_safe (~> 0.1)
tzinfo-data (1.2019.3)
tzinfo-data (1.2019.1)
tzinfo (>= 1.0.0)
uglifier (4.1.20)
execjs (>= 0.3.0, < 3)
unf (0.1.4)
unf_ext
unf_ext (0.0.7.5)
@ -659,11 +635,11 @@ GEM
uniform_notifier (1.12.1)
warden (1.2.8)
rack (>= 2.0.6)
webmock (3.7.6)
webmock (3.5.1)
addressable (>= 2.3.6)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
webpacker (4.2.0)
hashdiff
webpacker (4.0.2)
activesupport (>= 4.2)
rack-proxy (>= 0.6.1)
railties (>= 4.2)
@ -673,7 +649,7 @@ GEM
websocket-driver (0.7.0)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.3)
wisper (2.0.1)
wisper (2.0.0)
xpath (3.2.0)
nokogiri (~> 1.8)
@ -682,15 +658,15 @@ PLATFORMS
DEPENDENCIES
active_model_serializers (~> 0.10)
active_record_query_trace (~> 1.7)
addressable (~> 2.7)
annotate (~> 3.0)
aws-sdk-s3 (~> 1.57)
active_record_query_trace (~> 1.6)
addressable (~> 2.6)
annotate (~> 2.7)
aws-sdk-s3 (~> 1.39)
better_errors (~> 2.5)
binding_of_caller (~> 0.7)
blurhash (~> 0.1)
bootsnap (~> 1.4)
brakeman (~> 4.7)
brakeman (~> 4.5)
browser
bullet (~> 6.0)
bundler-audit (~> 0.6)
@ -698,41 +674,37 @@ DEPENDENCIES
capistrano-rails (~> 1.4)
capistrano-rbenv (~> 2.1)
capistrano-yarn (~> 2.0)
capybara (~> 3.29)
charlock_holmes (~> 0.7.7)
chewy (~> 5.1)
cld3 (~> 3.2.4)
capybara (~> 3.20)
charlock_holmes (~> 0.7.6)
chewy (~> 5.0)
climate_control (~> 0.2)
concurrent-ruby
connection_pool
derailed_benchmarks
devise (~> 4.7)
devise-two-factor (~> 3.1)
devise (~> 4.6)
devise-two-factor (~> 3.0)
devise_pam_authenticatable2 (~> 9.2)
discard (~> 1.1)
doorkeeper (~> 5.2)
doorkeeper (~> 5.1)
dotenv-rails (~> 2.7)
fabrication (~> 2.21)
faker (~> 2.8)
fabrication (~> 2.20)
faker (~> 1.9)
fast_blank (~> 1.0)
fastimage
fog-core (<= 2.1.0)
fog-openstack (~> 0.3)
fuubar (~> 2.5)
fuubar (~> 2.3)
goldfinger (~> 2.1)
hamlit-rails (~> 0.2)
health_check!
hiredis (~> 0.6)
html2text
htmlentities (~> 4.3)
http (~> 3.3)
http_accept_language (~> 2.1)
http_parser.rb (~> 0.6)!
httplog (~> 1.3)
httplog (~> 1.2)
i18n-tasks (~> 0.9)
idn-ruby
iso-639
json-ld!
json-ld (~> 3.0)
json-ld-preloaded (~> 3.0)
kaminari (~> 1.1)
letter_opener (~> 1.7)
@ -743,34 +715,30 @@ DEPENDENCIES
mario-redis-lock (~> 1.2)
memory_profiler
microformats (~> 4.1)
mime-types (~> 3.3)
net-ldap (~> 0.16)
nilsimsa!
mime-types (~> 3.2)
net-ldap (~> 0.10)
nokogiri (~> 1.10)
nsa (~> 0.2)
oj (~> 3.9)
oj (~> 3.7)
omniauth (~> 1.9)
omniauth-cas (~> 1.1)
omniauth-saml (~> 1.10)
ostatus2 (~> 2.0)
ox (~> 2.11)
ox (~> 2.10)
paperclip (~> 6.0)
paperclip-av-transcoder (~> 0.6)
parallel (~> 1.19)
parallel_tests (~> 2.29)
parslet
pg (~> 1.1)
pghero (~> 2.4)
pkg-config (~> 1.4)
pghero (~> 2.2)
pkg-config (~> 1.3)
posix-spawn!
premailer-rails
private_address_check (~> 0.5)
pry-byebug (~> 3.7)
pry-rails (~> 0.3)
puma (~> 4.3)
pundit (~> 2.1)
rack-attack (~> 6.2)
rack-cors (~> 1.1)
puma (~> 3.12)
pundit (~> 2.0)
rack-attack (~> 6.0)
rack-cors (~> 1.0)
rails (~> 5.2.3)
rails-controller-testing (~> 1.0)
rails-i18n (~> 5.1)
@ -781,35 +749,35 @@ DEPENDENCIES
redis-namespace (~> 1.5)
redis-rails (~> 5.0)
rqrcode (~> 0.10)
rspec-rails (~> 3.9)
rspec-rails (~> 3.8)
rspec-sidekiq (~> 3.0)
rubocop (~> 0.76)
rubocop-rails (~> 2.4)
ruby-progressbar (~> 1.10)
sanitize (~> 5.1)
rubocop (~> 0.69)
ruby-bbcode (~> 2.0)
sanitize (~> 5.0)
scss_lint (~> 0.58)
sidekiq (~> 5.2)
sidekiq-bulk (~> 0.2.0)
sidekiq-scheduler (~> 3.0)
sidekiq-unique-jobs (~> 6.0)
simple-navigation (~> 4.1)
simple_form (~> 5.0)
simplecov (~> 0.17)
simple-navigation (~> 4.0)
simple_form (~> 4.1)
simplecov (~> 0.16)
sprockets-rails (~> 3.2)
stackprof
stoplight (~> 2.2.0)
stoplight (~> 2.1.3)
streamio-ffmpeg (~> 3.0)
strong_migrations (~> 0.4)
strong_migrations (~> 0.3)
thor (~> 0.20)
tty-command (~> 0.9)
tty-prompt (~> 0.20)
tty-command (~> 0.8)
tty-prompt (~> 0.18)
twitter-text (~> 1.14)
tzinfo-data (~> 1.2019)
webmock (~> 3.7)
webpacker (~> 4.2)
webmock (~> 3.5)
webpacker (~> 4.0)
webpush
RUBY VERSION
ruby 2.6.5p114
ruby 2.6.1p33
BUNDLED WITH
1.17.3

14
Procfile
View File

@ -1,14 +1,2 @@
web: if [ "$RUN_STREAMING" != "true" ]; then BIND=0.0.0.0 bundle exec puma -C config/puma.rb; else BIND=0.0.0.0 node ./streaming; fi
web: bundle exec puma -C config/puma.rb
worker: bundle exec sidekiq
# For the streaming API, you need a separate app that shares Postgres and Redis:
#
# heroku create
# heroku buildpacks:add heroku/nodejs
# heroku config:set RUN_STREAMING=true
# heroku addons:attach <main-app>::DATABASE
# heroku addons:attach <main-app>::REDIS
#
# and let the main app use the separate app:
#
# heroku config:set STREAMING_API_BASE_URL=wss://<streaming-app>.herokuapp.com -a <main-app>

71
README.md
View File

@ -1,12 +1,69 @@
# Mastodon Glitch Edition #
# Monsterfork
> Now with automated deploys!
> *[Monsterpit](https://monsterpit.net/about/more) is a community of creatures and critters* /
> *For those who love monsters to be monsters they love.* /
> *Whether fur, scale, or skin; whether plural or kin* /
> *If you dont feel quite human, come!* /
> *Youll fit right on in.*
[![Build Status](https://img.shields.io/circleci/project/github/glitch-soc/mastodon.svg)][circleci]
Monsterfork is a... well... fork of [Glitch-Soc](https://glitch-soc.github.io) used on [Monsterpit](https://monsterpit.net/about). It focuses on adding a *monstrous* number of community features with wild abandon along with improved accessibility, better moderation tools, and more user privacy options.
[circleci]: https://circleci.com/gh/glitch-soc/mastodon
## Non-exhaustive feature list
So here's the deal: we all work on this code, and then it runs on dev.glitch.social and anyone who uses that does so absolutely at their own risk. can you dig it?
### Identity
- [Signatures](https://monsterpit.blog/monsterpit-bangtags/i-am)
- Account switching
- You can view documentation for this project at [glitch-soc.github.io/docs/](https://glitch-soc.github.io/docs/).
- And contributing guidelines are available [here](CONTRIBUTING.md) and [here](https://glitch-soc.github.io/docs/contributing/).
### Advanced
- [Bangtag macros](https://monsterpit.blog/monsterpit-bangtags)
### Privacy
- [Sharekeys](https://monsterpit.blog/monsterpit-bangtags/sharekey-new)
- Self-destructing posts
- Optional public profile pages and ActivityPub outbox
- Option to limit the length of time posts are avaiable
### Accessibility
- Media descriptions shown as captions in UI by default
- High-contrast visibility icons by default
- UI element size and spacing options
### Boundries
- Respect "don't `@` me"
- All threads can be muted
### Anxiety reduction
- No metrics in the UI
- Additional post and thread filtering options
- Granular visibility options
- [Community-curated world timeline](https://monsterpit.blog/monsterpit-creature-comforts/world-timeline)
### Publishing
- Delayed posts
- Queued boosts
- Formatting (BBdown, BBcode, Markdown, HTML, console, plain)
- Arbitary attachments
### Tagging
- Scoped tags (`#monsters.kobolds`, `#local.minotaur.den` `#self.drafts`)
- Unlisted tags (`#.hidden`)
- Retroactive tagging (`#!parent:tag:art`)
- Out-of-body tags
- Glitch-Soc bookmarks as a tag (`#self.bookmarks`)
### Imports
- Users can add their own custom emoji
- Emoji can be imported from other posts (`#!parent:emoji`) or threads (`#!thread:emoji`)
- Post importing from other ActivityPub software (currently text only)
### Moderation
- Additional policies (force unlisted, force sensitive, reject unknown)
- Moderator bangtags (`#!admin:silence`, `#!admin:suspend`, `#!admin:reset`, ...)
- New admin transparancy log system, posted under a tag
- Domain policy comments and list (`https://instance.site/policies`)
### Safety
- Graylist-based federation by default
- Domain suspensions include subdomains
- Can block malicious servers by ActivityPub object propreties
- Tools to block resource requests (see `/dist`)

9
app.json
View File

@ -13,6 +13,15 @@
"description": "The domain that your Mastodon instance will run on (this can be appname.herokuapp.com or a custom domain)",
"required": true
},
"LOCAL_HTTPS": {
"description": "Will your domain support HTTPS? (Automatic for herokuapp, requires manual configuration for custom domains)",
"value": "false",
"required": true
},
"PAPERCLIP_SECRET": {
"description": "The secret key for storing media files",
"generator": "secret"
},
"SECRET_KEY_BASE": {
"description": "The secret key base",
"generator": "secret"

43
app/chewy/accounts_index.rb
View File

@ -1,43 +0,0 @@
# frozen_string_literal: true
class AccountsIndex < Chewy::Index
settings index: { refresh_interval: '5m' }, analysis: {
analyzer: {
content: {
tokenizer: 'whitespace',
filter: %w(lowercase asciifolding cjk_width),
},
edge_ngram: {
tokenizer: 'edge_ngram',
filter: %w(lowercase asciifolding cjk_width),
},
},
tokenizer: {
edge_ngram: {
type: 'edge_ngram',
min_gram: 1,
max_gram: 15,
},
},
}
define_type ::Account.searchable.includes(:account_stat), delete_if: ->(account) { account.destroyed? || !account.searchable? } do
root date_detection: false do
field :id, type: 'long'
field :display_name, type: 'text', analyzer: 'content' do
field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
end
field :acct, type: 'text', analyzer: 'content', value: ->(account) { [account.username, account.domain].compact.join('@') } do
field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
end
field :following_count, type: 'long', value: ->(account) { account.following.local.count }
field :followers_count, type: 'long', value: ->(account) { account.followers.local.count }
field :last_status_at, type: 'date', value: ->(account) { account.last_status_at || account.created_at }
end
end
end

15
app/chewy/statuses_index.rb
View File

@ -31,19 +31,24 @@ class StatusesIndex < Chewy::Index
},
}
define_type ::Status.unscoped.kept.without_reblogs.includes(:media_attachments), delete_if: ->(status) { status.searchable_by.empty? } do
define_type ::Status.unscoped.without_reblogs.includes(:media_attachments) do
crutch :mentions do |collection|
data = ::Mention.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
data = ::Mention.where(status_id: collection.map(&:id)).pluck(:status_id, :account_id)
data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
end
crutch :favourites do |collection|
data = ::Favourite.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
data = ::Favourite.where(status_id: collection.map(&:id)).pluck(:status_id, :account_id)
data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
end
crutch :reblogs do |collection|
data = ::Status.where(reblog_of_id: collection.map(&:id)).where(account: Account.local).pluck(:reblog_of_id, :account_id)
data = ::Status.where(reblog_of_id: collection.map(&:id)).pluck(:reblog_of_id, :account_id)
data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
end
crutch :bookmarks do |collection|
data = ::Bookmark.where(status_id: collection.map(&:id)).pluck(:status_id, :account_id)
data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
end
@ -51,7 +56,7 @@ class StatusesIndex < Chewy::Index
field :id, type: 'long'
field :account_id, type: 'long'
field :text, type: 'text', value: ->(status) { [status.spoiler_text, Formatter.instance.plaintext(status)].concat(status.media_attachments.map(&:description)).concat(status.preloadable_poll ? status.preloadable_poll.options : []).join("\n\n") } do
field :text, type: 'text', value: ->(status) { [status.spoiler_text, Formatter.instance.plaintext(status)].concat(status.media_attachments.map(&:description)).join("\n\n") } do
field :stemmed, type: 'text', analyzer: 'content'
end

37
app/chewy/tags_index.rb
View File

@ -1,37 +0,0 @@
# frozen_string_literal: true
class TagsIndex < Chewy::Index
settings index: { refresh_interval: '15m' }, analysis: {
analyzer: {
content: {
tokenizer: 'keyword',
filter: %w(lowercase asciifolding cjk_width),
},
edge_ngram: {
tokenizer: 'edge_ngram',
filter: %w(lowercase asciifolding cjk_width),
},
},
tokenizer: {
edge_ngram: {
type: 'edge_ngram',
min_gram: 2,
max_gram: 15,
},
},
}
define_type ::Tag.listable, delete_if: ->(tag) { tag.destroyed? || !tag.listable? } do
root date_detection: false do
field :name, type: 'text', analyzer: 'content' do
field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
end
field :reviewed, type: 'boolean', value: ->(tag) { tag.reviewed? }
field :usage, type: 'long', value: ->(tag) { tag.history.reduce(0) { |total, day| total + day[:accounts].to_i } }
field :last_status_at, type: 'date', value: ->(tag) { tag.last_status_at || tag.created_at }
end
end
end

47
app/controllers/about_controller.rb
View File

@ -4,43 +4,18 @@ class AboutController < ApplicationController
before_action :set_pack
layout 'public'
before_action :set_body_classes, only: :show
before_action :set_instance_presenter
before_action :set_expires_in, only: [:show, :more, :terms]
before_action :set_instance_presenter, only: [:show, :more, :terms]
skip_before_action :require_functional!, only: [:more, :terms]
def show; end
def more
flash.now[:notice] = I18n.t('about.instance_actor_flash') if params[:instance_actor]
toc_generator = TOCGenerator.new(@instance_presenter.site_extended_description)
@contents = toc_generator.html
@table_of_contents = toc_generator.toc
@blocks = DomainBlock.with_user_facing_limitations.by_severity if display_blocks?
@allows = InstanceFilter.new(allowed: true).results
def show
@hide_navbar = true
end
def more; end
def terms; end
helper_method :display_blocks?
helper_method :display_blocks_rationale?
helper_method :public_fetch_mode?
helper_method :new_user
private
def display_blocks?
Setting.show_domain_blocks == 'all' || (Setting.show_domain_blocks == 'users' && user_signed_in?)
end
def display_blocks_rationale?
Setting.show_domain_blocks_rationale == 'all' || (Setting.show_domain_blocks_rationale == 'users' && user_signed_in?)
end
def new_user
User.new.tap do |user|
user.build_account
@ -48,19 +23,13 @@ class AboutController < ApplicationController
end
end
helper_method :new_user
def set_pack
use_pack 'public'
use_pack 'common'
end
def set_instance_presenter
@instance_presenter = InstancePresenter.new
end
def set_body_classes
@hide_navbar = true
end
def set_expires_in
expires_in 0, public: true
end
end

101
app/controllers/accounts_controller.rb
View File

@ -4,33 +4,34 @@ class AccountsController < ApplicationController
PAGE_SIZE = 20
include AccountControllerConcern
include SignatureAuthentication
before_action :set_cache_headers
before_action :set_body_classes
skip_around_action :set_locale, if: -> { [:json, :rss].include?(request.format) }
skip_before_action :require_functional!
def show
respond_to do |format|
format.html do
use_pack 'public'
expires_in 0, public: true unless user_signed_in?
unless current_account && current_account.id == @account.id
not_found if @account.hidden
if @account&.user && @account.user.hides_public_profile?
not_found unless current_account && current_account.following?(@account)
end
end
mark_cacheable! unless user_signed_in?
@body_classes = 'with-modals'
@pinned_statuses = []
@endorsed_accounts = @account.endorsed_accounts.to_a.sample(4)
@featured_hashtags = @account.featured_tags.order(statuses_count: :desc)
if current_account && @account.blocking?(current_account)
@statuses = []
return
end
@pinned_statuses = cache_collection(@account.pinned_statuses, Status) if show_pinned_statuses?
@pinned_statuses = cache_collection(pinned_statuses, Status) if show_pinned_statuses?
@statuses = filtered_status_page(params)
@statuses = cache_collection(@statuses, Status)
@rss_url = rss_url
unless @statuses.empty?
@older_url = older_url if @statuses.last.id > filtered_statuses.last.id
@ -38,60 +39,62 @@ class AccountsController < ApplicationController
end
end
format.rss do
expires_in 1.minute, public: true
@statuses = filtered_statuses.without_reblogs.without_replies.limit(PAGE_SIZE)
@statuses = cache_collection(@statuses, Status)
render xml: RSS::AccountSerializer.render(@account, @statuses, params[:tag])
end
format.json do
expires_in 3.minutes, public: !(authorized_fetch_mode? && signed_request_account.present?)
render_with_cache json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter, fields: restrict_fields_to
mark_cacheable!
render_cached_json(['activitypub', 'actor', @account], content_type: 'application/activity+json') do
ActiveModelSerializers::SerializableResource.new(@account, serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter)
end
end
end
end
private
def set_body_classes
@body_classes = 'with-modals'
def pinned_statuses
if user_signed_in? && current_account.following?(@account)
@account.pinned_statuses
else
@account.pinned_statuses.where.not(visibility: :private)
end
end
def show_pinned_statuses?
[replies_requested?, media_requested?, tag_requested?, params[:max_id].present?, params[:min_id].present?].none?
[reblogs_requested?, replies_requested?, media_requested?, tag_requested?, params[:max_id].present?, params[:min_id].present?].none?
end
def filtered_statuses
default_statuses.tap do |statuses|
statuses.merge!(hashtag_scope) if tag_requested?
statuses.merge!(only_media_scope) if media_requested?
statuses.merge!(no_replies_scope) unless replies_requested?
if reblogs_requested?
scope = default_statuses.reblogs
elsif replies_requested?
scope = @account.replies ? default_statuses : default_statuses.without_replies
elsif media_requested?
scope = default_statuses.where(id: account_media_status_ids)
elsif tag_requested?
scope = hashtag_scope
else
scope = default_statuses.without_replies.without_reblogs
end
return scope if current_user
return Status.none unless @account&.user
scope.where(created_at: @account.user.max_public_history.to_i.days.ago..Time.current)
end
def default_statuses
@account.statuses.not_local_only.where(visibility: [:public, :unlisted])
end
def only_media_scope
Status.where(id: account_media_status_ids)
end
def account_media_status_ids
@account.media_attachments.attached.reorder(nil).select(:status_id).distinct
end
def no_replies_scope
Status.without_replies
end
def hashtag_scope
tag = Tag.find_normalized(params[:tag])
if tag
Status.tagged_with(tag.id)
return Status.none if !user_signed_in? && (tag.local || tag.private) || tag.private && current_account.id != @account.id
scope = tag.private ? current_account.statuses : tag.local ? Status.local : Status
scope.tagged_with(tag.id)
else
Status.none
end
@ -101,14 +104,6 @@ class AccountsController < ApplicationController
params[:username]
end
def rss_url
if tag_requested?
short_account_tag_url(@account, params[:tag], format: 'rss')
else
short_account_url(@account, format: 'rss')
end
end
def older_url
pagination_url(max_id: @statuses.last.id)
end
@ -124,21 +119,27 @@ class AccountsController < ApplicationController
short_account_media_url(@account, max_id: max_id, min_id: min_id)
elsif replies_requested?
short_account_with_replies_url(@account, max_id: max_id, min_id: min_id)
elsif reblogs_requested?
short_account_reblogs_url(@account, max_id: max_id, min_id: min_id)
else
short_account_url(@account, max_id: max_id, min_id: min_id)
end
end
def media_requested?
request.path.ends_with?('/media') && !tag_requested?
request.path.ends_with?('/media')
end
def replies_requested?
request.path.ends_with?('/with_replies') && !tag_requested?
request.path.ends_with?('/with_replies')
end
def reblogs_requested?
request.path.ends_with?('/reblogs')
end
def tag_requested?
request.path.split('.').first.ends_with?(Addressable::URI.parse("/tagged/#{params[:tag]}").normalize)
request.path.ends_with?(Addressable::URI.parse("/tagged/#{params[:tag]}").normalize)
end
def filtered_status_page(params)
@ -148,12 +149,4 @@ class AccountsController < ApplicationController
filtered_statuses.paginate_by_max_id(PAGE_SIZE, params[:max_id], params[:since_id]).to_a
end
end
def restrict_fields_to
if signed_request_account.present? || public_fetch_mode?
# Return all fields
else
%i(id type preferred_username inbox public_key endpoints)
end
end
end

11
app/controllers/activitypub/base_controller.rb
View File

@ -1,11 +0,0 @@
# frozen_string_literal: true
class ActivityPub::BaseController < Api::BaseController
skip_before_action :require_authenticated_user!
private
def set_cache_headers
response.headers['Vary'] = 'Signature' if authorized_fetch_mode?
end
end

29
app/controllers/activitypub/collections_controller.rb
View File

@ -1,21 +1,32 @@
# frozen_string_literal: true
class ActivityPub::CollectionsController < ActivityPub::BaseController
class ActivityPub::CollectionsController < Api::BaseController
include SignatureVerification
include AccountOwnedConcern
before_action :require_signature!, if: :authorized_fetch_mode?
before_action :set_account
before_action :set_size
before_action :set_statuses
before_action :set_cache_headers
def show
expires_in 3.minutes, public: public_fetch_mode?
render_with_cache json: collection_presenter, content_type: 'application/activity+json', serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, skip_activities: true
skip_session!
render_cached_json(['activitypub', 'collection', @account, params[:id]], content_type: 'application/activity+json') do
ActiveModelSerializers::SerializableResource.new(
collection_presenter,
serializer: ActivityPub::CollectionSerializer,
adapter: ActivityPub::Adapter,
skip_activities: true
)
end
end
private
def set_account
@account = Account.find_local!(params[:account_username])
end
def set_statuses
@statuses = scope_for_collection
@statuses = cache_collection(@statuses, Status)
@ -24,7 +35,7 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
def set_size
case params[:id]
when 'featured'
@account.pinned_statuses.count
@account.pinned_statuses.where.not(visibility: :private).count
else
raise ActiveRecord::RecordNotFound
end
@ -33,9 +44,9 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
def scope_for_collection
case params[:id]
when 'featured'
return Status.none if @account.blocking?(signed_request_account)
@account.pinned_statuses
@account.statuses.permitted_for(@account, signed_request_account).tap do |scope|
scope.merge!(@account.pinned_statuses.where.not(visibility: :private))
end
else
raise ActiveRecord::RecordNotFound
end

43
app/controllers/activitypub/inboxes_controller.rb
View File

@ -1,57 +1,42 @@
# frozen_string_literal: true
class ActivityPub::InboxesController < ActivityPub::BaseController
class ActivityPub::InboxesController < Api::BaseController
include SignatureVerification
include JsonLdHelper
include AccountOwnedConcern
before_action :skip_unknown_actor_delete
before_action :require_signature!
#skip_before_action :authenticate_user!
before_action :set_account
def create
upgrade_account
process_payload
head 202
if unknown_deleted_account?
head 202
elsif signed_request_account
process_payload
head 202
else
render plain: signature_verification_failure_reason, status: 401
end
end
private
def skip_unknown_actor_delete
head 202 if unknown_deleted_account?
end
def unknown_deleted_account?
json = Oj.load(body, mode: :strict)
json.is_a?(Hash) && json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
rescue Oj::ParseError
false
end
def account_required?
params[:account_username].present?
def set_account
@account = Account.find_local!(params[:account_username]) if params[:account_username]
end
def body
return @body if defined?(@body)
@body = request.body.read
@body.force_encoding('UTF-8') if @body.present?
@body = request.body.read.force_encoding('UTF-8')
request.body.rewind if request.body.respond_to?(:rewind)
@body
end
def upgrade_account
if signed_request_account.ostatus?
signed_request_account.update(last_webfingered_at: nil)
ResolveAccountWorker.perform_async(signed_request_account.acct)
end
DeliveryFailureTracker.track_inverse_success!(signed_request_account)
end
def process_payload
ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body, @account&.id)
end

24
app/controllers/activitypub/outboxes_controller.rb
View File

@ -1,22 +1,29 @@
# frozen_string_literal: true
class ActivityPub::OutboxesController < ActivityPub::BaseController
class ActivityPub::OutboxesController < Api::BaseController
LIMIT = 20
include SignatureVerification
include AccountOwnedConcern
before_action :require_signature!, if: :authorized_fetch_mode?
before_action :set_account
before_action :set_statuses
before_action :set_cache_headers
def show
expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode?)
unless page_requested?
skip_session!
expires_in 1.minute, public: true
end
render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
end
private
def set_account
@account = Account.find_local!(params[:account_username])
end
def outbox_presenter
if page_requested?
ActivityPub::CollectionPresenter.new(
@ -48,8 +55,15 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
def set_statuses
return unless page_requested?
account_owner = current_account && current_account.id == @account.id
outbox_hidden = @account&.user && @account.user.hides_public_outbox?
local_follower = current_account && current_account.following?(@account)
@statuses = @account.statuses.permitted_for(@account, signed_request_account)
if account_owner || !@account.hidden? || (outbox_hidden && local_follower)
@statuses = @account.statuses.permitted_for(@account, signed_request_account)
else
@statuses = Status.none
end
@statuses = params[:min_id].present? ? @statuses.paginate_by_min_id(LIMIT, params[:min_id]).reverse : @statuses.paginate_by_max_id(LIMIT, params[:max_id])
@statuses = cache_collection(@statuses, Status)
end

71
app/controllers/activitypub/replies_controller.rb
View File

@ -1,71 +0,0 @@
# frozen_string_literal: true
class ActivityPub::RepliesController < ActivityPub::BaseController
include SignatureAuthentication
include Authorization
include AccountOwnedConcern
DESCENDANTS_LIMIT = 60
before_action :require_signature!, if: :authorized_fetch_mode?
before_action :set_status
before_action :set_cache_headers
before_action :set_replies
def index
expires_in 0, public: public_fetch_mode?
render json: replies_collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json', skip_activities: true
end
private
def set_status
@status = @account.statuses.find(params[:status_id])
authorize @status, :show?
rescue Mastodon::NotPermittedError
raise ActiveRecord::RecordNotFound
end
def set_replies
@replies = page_params[:only_other_accounts] ? Status.where.not(account_id: @account.id) : @account.statuses
@replies = @replies.where(in_reply_to_id: @status.id, visibility: [:public, :unlisted])
@replies = @replies.paginate_by_min_id(DESCENDANTS_LIMIT, params[:min_id])
end
def replies_collection_presenter
page = ActivityPub::CollectionPresenter.new(
id: account_status_replies_url(@account, @status, page_params),
type: :unordered,
part_of: account_status_replies_url(@account, @status),
next: next_page,
items: @replies.map { |status| status.local ? status : status.uri }
)
return page if page_requested?
ActivityPub::CollectionPresenter.new(
id: account_status_replies_url(@account, @status),
type: :unordered,
first: page
)
end
def page_requested?
params[:page] == 'true'
end
def next_page
only_other_accounts = !(@replies&.last&.account_id == @account.id && @replies.size == DESCENDANTS_LIMIT)
account_status_replies_url(
@account,
@status,
page: true,
min_id: only_other_accounts && !page_params[:only_other_accounts] ? nil : @replies&.last&.id,
only_other_accounts: only_other_accounts
)
end
def page_params
params_slice(:only_other_accounts, :min_id).merge(page: true)
end
end

4
app/controllers/admin/account_actions_controller.rb
View File

@ -5,7 +5,7 @@ module Admin
before_action :set_account
def new
@account_action = Admin::AccountAction.new(type: params[:type], report_id: params[:report_id], send_email_notification: true, include_statuses: true)
@account_action = Admin::AccountAction.new(type: params[:type], report_id: params[:report_id], send_email_notification: true)
@warning_presets = AccountWarningPreset.all
end
@ -30,7 +30,7 @@ module Admin
end
def resource_params
params.require(:admin_account_action).permit(:type, :report_id, :warning_preset_id, :text, :send_email_notification, :include_statuses)
params.require(:admin_account_action).permit(:type, :report_id, :warning_preset_id, :text, :send_email_notification)
end
end
end

51
app/controllers/admin/accounts_controller.rb
View File

@ -2,7 +2,7 @@
module Admin
class AccountsController < BaseController
before_action :set_account, only: [:show, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize, :approve, :reject]
before_action :set_account, only: [:show, :redownload, :remove_avatar, :remove_header, :enable, :mark_known, :mark_unknown, :allow_public, :allow_nonsensitive, :unsilence, :unsuspend, :memorialize, :approve, :reject]
before_action :require_remote_account!, only: [:redownload]
before_action :require_local_account!, only: [:enable, :memorialize, :approve, :reject]
@ -36,13 +36,55 @@ module Admin
def approve
authorize @account.user, :approve?
@account.user.approve!
redirect_to admin_pending_accounts_path
redirect_to admin_accounts_path(pending: '1')
end
def reject
authorize @account.user, :reject?
SuspendAccountService.new.call(@account, reserve_email: false, reserve_username: false)
redirect_to admin_pending_accounts_path
SuspendAccountService.new.call(@account, including_user: true, destroy: true, skip_distribution: true)
redirect_to admin_accounts_path(pending: '1')
end
def mark_unknown
authorize @account, :mark_unknown?
@account.mark_unknown!
log_action :mark_unknown, @account
redirect_to admin_account_path(@account.id)
end
def mark_known
authorize @account, :mark_known?
@account.mark_known!
log_action :mark_known, @account
redirect_to admin_account_path(@account.id)
end
def force_sensitive
authorize @account, :force_sensitive?
@account.force_sensitive!
log_action :force_sensitive, @account
redirect_to admin_account_path(@account.id)
end
def allow_nonsensitive
authorize @account, :allow_nonsensitive?
@account.allow_nonsensitive!
log_action :allow_nonsensitive, @account
redirect_to admin_account_path(@account.id)
end
def force_unlisted
authorize @account, :force_unlisted?
@account.force_unlisted!
log_action :force_unlisted, @account
redirect_to admin_account_path(@account.id)
end
def allow_public
authorize @account, :allow_public?
@account.allow_public!
log_action :allow_public, @account
redirect_to admin_account_path(@account.id)
end
def unsilence
@ -115,7 +157,6 @@ module Admin
:by_domain,
:active,
:pending,
:disabled,
:silenced,
:suspended,
:username,

2
app/controllers/admin/base_controller.rb
View File

@ -7,7 +7,7 @@ module Admin
layout 'admin'
before_action :require_staff!
#before_action :require_staff!
before_action :set_pack
before_action :set_body_classes

102
app/controllers/admin/custom_emojis_controller.rb
View File

@ -2,20 +2,19 @@
module Admin
class CustomEmojisController < BaseController
include ObfuscateFilename
before_action :set_custom_emoji, except: [:index, :new, :create]
before_action :set_filter_params
include ObfuscateFilename
obfuscate_filename [:custom_emoji, :image]
def index
authorize :custom_emoji, :index?
@custom_emojis = filtered_custom_emojis.eager_load(:local_counterpart).page(params[:page])
@form = Form::CustomEmojiBatch.new
end
def new
authorize :custom_emoji, :create?
@custom_emoji = CustomEmoji.new
end
@ -32,17 +31,69 @@ module Admin
end
end
def batch
@form = Form::CustomEmojiBatch.new(form_custom_emoji_batch_params.merge(current_account: current_account, action: action_from_button))
@form.save
rescue ActionController::ParameterMissing
flash[:alert] = I18n.t('admin.accounts.no_account_selected')
ensure
redirect_to admin_custom_emojis_path(filter_params)
def update
authorize @custom_emoji, :update?
if @custom_emoji.update(resource_params)
log_action :update, @custom_emoji
flash[:notice] = I18n.t('admin.custom_emojis.updated_msg')
else
flash[:alert] = I18n.t('admin.custom_emojis.update_failed_msg')
end
redirect_to admin_custom_emojis_path(page: params[:page], **@filter_params)
end
def destroy
authorize @custom_emoji, :destroy?
@custom_emoji.destroy!
log_action :destroy, @custom_emoji
flash[:notice] = I18n.t('admin.custom_emojis.destroyed_msg')
redirect_to admin_custom_emojis_path(page: params[:page], **@filter_params)
end
def copy
authorize @custom_emoji, :copy?
emoji = CustomEmoji.find_or_initialize_by(domain: nil,
shortcode: @custom_emoji.shortcode)
emoji.image = @custom_emoji.image
if emoji.save
log_action :create, emoji
flash[:notice] = I18n.t('admin.custom_emojis.copied_msg')
else
flash[:alert] = I18n.t('admin.custom_emojis.copy_failed_msg')
end
redirect_to admin_custom_emojis_path(page: params[:page], **@filter_params)
end
def enable
authorize @custom_emoji, :enable?
@custom_emoji.update!(disabled: false)
log_action :enable, @custom_emoji
flash[:notice] = I18n.t('admin.custom_emojis.enabled_msg')
redirect_to admin_custom_emojis_path(page: params[:page], **@filter_params)
end
def disable
authorize @custom_emoji, :disable?
@custom_emoji.update!(disabled: true)
log_action :disable, @custom_emoji
flash[:notice] = I18n.t('admin.custom_emojis.disabled_msg')
redirect_to admin_custom_emojis_path(page: params[:page], **@filter_params)
end
private
def set_custom_emoji
@custom_emoji = CustomEmoji.find(params[:id])
end
def set_filter_params
@filter_params = filter_params.to_hash.symbolize_keys
end
def resource_params
params.require(:custom_emoji).permit(:shortcode, :image, :visible_in_picker)
end
@ -52,29 +103,12 @@ module Admin
end
def filter_params
params.slice(:local, :remote, :by_domain, :shortcode, :page).permit(:local, :remote, :by_domain, :shortcode, :page)
end
def action_from_button
if params[:update]
'update'
elsif params[:list]
'list'
elsif params[:unlist]
'unlist'
elsif params[:enable]
'enable'
elsif params[:disable]
'disable'
elsif params[:copy]
'copy'
elsif params[:delete]
'delete'
end
end
def form_custom_emoji_batch_params
params.require(:form_custom_emoji_batch).permit(:action, :category_id, :category_name, custom_emoji_ids: [])
params.permit(
:local,
:remote,
:by_domain,
:shortcode
)
end
end
end

18
app/controllers/admin/dashboard_controller.rb
View File

@ -5,7 +5,6 @@ module Admin
class DashboardController < BaseController
def index
@users_count = User.count
@pending_users_count = User.pending.count
@registrations_week = Redis.current.get("activity:accounts:local:#{current_week}") || 0
@logins_week = Redis.current.pfcount("activity:logins:#{current_week}")
@interactions_week = Redis.current.get("activity:interactions:#{current_week}") || 0
@ -20,7 +19,7 @@ module Admin
@redis_version = redis_info['redis_version']
@reports_count = Report.unresolved.count
@queue_backlog = Sidekiq::Stats.new.enqueued
@recent_users = User.confirmed.recent.includes(:account).limit(8)
@recent_users = User.confirmed.recent.includes(:account).limit(4)
@database_size = ActiveRecord::Base.connection.execute('SELECT pg_database_size(current_database())').first['pg_database_size']
@redis_size = redis_info['used_memory']
@ldap_enabled = ENV['LDAP_ENABLED'] == 'true'
@ -28,15 +27,10 @@ module Admin
@saml_enabled = ENV['SAML_ENABLED'] == 'true'
@pam_enabled = ENV['PAM_ENABLED'] == 'true'
@hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true'
@trending_hashtags = TrendingTags.get(10, filtered: false)
@pending_tags_count = Tag.pending_review.count
@authorized_fetch = authorized_fetch_mode?
@whitelist_enabled = whitelist_mode?
@trending_hashtags = TrendingTags.get(7)
@profile_directory = Setting.profile_directory
@timeline_preview = Setting.timeline_preview
@keybase_integration = Setting.enable_keybase
@spam_check_enabled = Setting.spam_check_enabled
@trends_enabled = Setting.trends
end
private
@ -46,13 +40,7 @@ module Admin
end
def redis_info
@redis_info ||= begin
if Redis.current.is_a?(Redis::Namespace)
Redis.current.redis.info
else
Redis.current.info
end
end
@redis_info ||= Redis.current.info
end
end
end

40
app/controllers/admin/domain_allows_controller.rb
View File

@ -1,40 +0,0 @@
# frozen_string_literal: true
class Admin::DomainAllowsController < Admin::BaseController
before_action :set_domain_allow, only: [:destroy]
def new
authorize :domain_allow, :create?
@domain_allow = DomainAllow.new(domain: params[:_domain])
end
def create
authorize :domain_allow, :create?
@domain_allow = DomainAllow.new(resource_params)
if @domain_allow.save
log_action :create, @domain_allow
redirect_to admin_instances_path, notice: I18n.t('admin.domain_allows.created_msg')
else
render :new
end
end
def destroy
authorize @domain_allow, :destroy?
UnallowDomainService.new.call(@domain_allow)
redirect_to admin_instances_path, notice: I18n.t('admin.domain_allows.destroyed_msg')
end
private
def set_domain_allow
@domain_allow = DomainAllow.find(params[:id])
end
def resource_params
params.require(:domain_allow).permit(:domain)
end
end

73
app/controllers/admin/domain_blocks_controller.rb
View File

@ -2,56 +2,32 @@
module Admin
class DomainBlocksController < BaseController
before_action :set_domain_block, only: [:show, :destroy, :edit, :update]
before_action :set_domain_block, only: [:show, :destroy, :update]
def new
authorize :domain_block, :create?
@domain_block = DomainBlock.new(domain: params[:_domain])
end
def edit
authorize :domain_block, :create?
@domain_block = DomainBlock.new(domain: params[:_domain].present? ? params[:_domain].strip : nil)
end
def create
authorize :domain_block, :create?
resource_params[:domain].strip! if resource_params[:domain].present?
resource_params[:reason].strip! if resource_params[:reason].present?
@domain_block = DomainBlock.new(resource_params)
existing_domain_block = resource_params[:domain].present? ? DomainBlock.rule_for(resource_params[:domain]) : nil
existing_domain_block = resource_params[:domain].present? ? DomainBlock.find_by(domain: resource_params[:domain].strip) : nil
if existing_domain_block.present? && !@domain_block.stricter_than?(existing_domain_block)
@domain_block.save
flash.now[:alert] = I18n.t('admin.domain_blocks.existing_domain_block_html', name: existing_domain_block.domain, unblock_url: admin_domain_block_path(existing_domain_block)).html_safe # rubocop:disable Rails/OutputSafety
@domain_block.errors[:domain].clear
render :new
else
if existing_domain_block.present?
@domain_block = existing_domain_block
@domain_block.update(resource_params)
end
if @domain_block.save
DomainBlockWorker.perform_async(@domain_block.id)
log_action :create, @domain_block
redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
else
render :new
end
if existing_domain_block.present?
@domain_block = existing_domain_block
@domain_block.update(resource_params.except(:undo))
end
end
def update
authorize :domain_block, :create?
@domain_block.update(update_params)
severity_changed = @domain_block.severity_changed?
if @domain_block.save
DomainBlockWorker.perform_async(@domain_block.id, severity_changed)
DomainBlockWorker.perform_async(@domain_block.id)
log_action :create, @domain_block
redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
redirect_to admin_instance_path(id: @domain_block.domain, limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
else
render :edit
render :new
end
end
@ -61,9 +37,26 @@ module Admin
def destroy
authorize @domain_block, :destroy?
UnblockDomainService.new.call(@domain_block)
DomainUnblockWorker.perform_async(@domain_block.id)
log_action :destroy, @domain_block
redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.destroyed_msg')
flash[:notice] = I18n.t('admin.domain_blocks.destroyed_msg')
redirect_to controller: 'admin/instances', action: 'index', limited: '1'
end
def update
return destroy unless resource_params[:undo].to_i.zero?
resource_params[:reason].strip! if resource_params[:reason].present?
authorize @domain_block, :update?
@domain_block.update(resource_params.except(:domain, :undo))
changed = @domain_block.changed
if @domain_block.save
DomainBlockWorker.perform_async(@domain_block.id) if (changed & %w(severity force_sensitive reject_media reject_unknown)).any?
log_action :update, @domain_block
flash[:notice] = I18n.t('admin.domain_blocks.updated_msg')
else
flash[:alert] = I18n.t('admin.domain_blocks.update_failed_msg')
end
redirect_to admin_instance_path(id: @domain_block.domain, limited: '1')
end
private
@ -72,12 +65,8 @@ module Admin
@domain_block = DomainBlock.find(params[:id])
end
def update_params
params.require(:domain_block).permit(:severity, :reject_media, :reject_reports, :private_comment, :public_comment)
end
def resource_params
params.require(:domain_block).permit(:domain, :severity, :reject_media, :reject_reports, :private_comment, :public_comment)
params.require(:domain_block).permit(:domain, :severity, :force_sensitive, :reject_media, :reject_reports, :reject_unknown, :reason, :undo)
end
end
end

14
app/controllers/admin/domain_whitelist_controller.rb
View File

@ -1,14 +0,0 @@
# frozen_string_literal: true
class Admin::DomainWhitelistController < ApplicationController
before_action :require_admin!
layout 'admin'
def index
@unblocks = DomainWhitelist.paginate(page: params[:page], per_page: 40)
end
def create
end
end

32
app/controllers/admin/instances_controller.rb
View File

@ -2,10 +2,6 @@
module Admin
class InstancesController < BaseController
before_action :set_domain_block, only: :show
before_action :set_domain_allow, only: :show
before_action :set_instance, only: :show
def index
authorize :instance, :index?
@ -15,40 +11,20 @@ module Admin
def show
authorize :instance, :show?
@instance = Instance.new(Account.by_domain_accounts.find_by(domain: params[:id]) || DomainBlock.find_by!(domain: params[:id]))
@following_count = Follow.where(account: Account.where(domain: params[:id])).count
@followers_count = Follow.where(target_account: Account.where(domain: params[:id])).count
@reports_count = Report.where(target_account: Account.where(domain: params[:id])).count
@blocks_count = Block.where(target_account: Account.where(domain: params[:id])).count
@available = DeliveryFailureTracker.available?(Account.select(:shared_inbox_url).where(domain: params[:id]).first&.shared_inbox_url)
@media_storage = MediaAttachment.where(account: Account.where(domain: params[:id])).sum(:file_file_size)
@private_comment = @domain_block&.private_comment
@public_comment = @domain_block&.public_comment
@domain_block = DomainBlock.find_by(domain: params[:id])
end
private
def set_domain_block
@domain_block = DomainBlock.rule_for(params[:id])
end
def set_domain_allow
@domain_allow = DomainAllow.rule_for(params[:id])
end
def set_instance
resource = Account.by_domain_accounts.find_by(domain: params[:id])
resource ||= @domain_block
resource ||= @domain_allow
if resource
@instance = Instance.new(resource)
else
not_found
end
end
def filtered_instances
InstanceFilter.new(whitelist_mode? ? { allowed: true } : filter_params).results
InstanceFilter.new(filter_params).results
end
def paginated_instances
@ -58,7 +34,7 @@ module Admin
helper_method :paginated_instances
def ordered_instances
paginated_instances.map { |resource| Instance.new(resource) }
paginated_instances.map { |resource| Instance.new(resource) }.sort_by(&:updated_at).reverse!
end
def filter_params

7
app/controllers/admin/relays_controller.rb
View File

@ -3,7 +3,6 @@
module Admin
class RelaysController < BaseController
before_action :set_relay, except: [:index, :new, :create]
before_action :require_signatures_enabled!, only: [:new, :create, :enable]
def index
authorize :relay, :update?
@ -12,7 +11,7 @@ module Admin
def new
authorize :relay, :update?
@relay = Relay.new
@relay = Relay.new(inbox_url: Relay::PRESET_RELAY)
end
def create
@ -55,9 +54,5 @@ module Admin
def resource_params
params.require(:relay).permit(:inbox_url)
end
def require_signatures_enabled!
redirect_to admin_relays_path, alert: I18n.t('admin.relays.signatures_not_enabled') if authorized_fetch_mode?
end
end
end

9
app/controllers/admin/report_notes_controller.rb
View File

@ -5,10 +5,10 @@ module Admin
before_action :set_report_note, only: [:destroy]
def create
authorize :report_note, :create?
authorize ReportNote, :create?
@report_note = current_account.report_notes.new(resource_params)
@report = @report_note.report
@report = @report_note.report
if @report_note.save
if params[:create_and_resolve]
@ -26,8 +26,9 @@ module Admin
redirect_to admin_report_path(@report), notice: I18n.t('admin.report_notes.created_msg')
else
@report_notes = (@report.notes.latest + @report.history + @report.target_account.targeted_account_warnings.latest.custom).sort_by(&:created_at)
@form = Form::StatusBatch.new
@report_notes = @report.notes.latest
@report_history = @report.history
@form = Form::StatusBatch.new
render template: 'admin/reports/show'
end

3
app/controllers/admin/reports_controller.rb
View File

@ -55,8 +55,7 @@ module Admin
params.permit(
:account_id,
:resolved,
:target_account_id,
:by_target_domain
:target_account_id
)
end

20
app/controllers/admin/subscriptions_controller.rb
View File

@ -1,20 +0,0 @@
# frozen_string_literal: true
module Admin
class SubscriptionsController < BaseController
def index
authorize :subscription, :index?
@subscriptions = ordered_subscriptions.page(requested_page)
end
private
def ordered_subscriptions
Subscription.order(id: :desc).includes(:account)
end
def requested_page
params[:page].to_i
end
end
end

97
app/controllers/admin/tags_controller.rb
View File

@ -2,102 +2,43 @@
module Admin
class TagsController < BaseController
before_action :set_tag, except: [:index, :batch, :approve_all, :reject_all]
before_action :set_usage_by_domain, except: [:index, :batch, :approve_all, :reject_all]
before_action :set_counters, except: [:index, :batch, :approve_all, :reject_all]
before_action :set_tags, only: :index
before_action :set_tag, except: :index
before_action :set_filter_params
def index
authorize :tag, :index?
@tags = filtered_tags.page(params[:page])
@form = Form::TagBatch.new
end
def batch
@form = Form::TagBatch.new(form_tag_batch_params.merge(current_account: current_account, action: action_from_button))
@form.save
rescue ActionController::ParameterMissing
flash[:alert] = I18n.t('admin.accounts.no_account_selected')
ensure
redirect_to admin_tags_path(filter_params)
def hide
authorize @tag, :hide?
@tag.account_tag_stat.update!(hidden: true)
redirect_to admin_tags_path(@filter_params)
end
def approve_all
Form::TagBatch.new(current_account: current_account, tag_ids: Tag.pending_review.pluck(:id), action: 'approve').save
redirect_to admin_tags_path(filter_params)
end
def reject_all
Form::TagBatch.new(current_account: current_account, tag_ids: Tag.pending_review.pluck(:id), action: 'reject').save
redirect_to admin_tags_path(filter_params)
end
def show
authorize @tag, :show?
end
def update
authorize @tag, :update?
if @tag.update(tag_params.merge(reviewed_at: Time.now.utc))
redirect_to admin_tag_path(@tag.id), notice: I18n.t('admin.tags.updated_msg')
else
render :show
end
def unhide
authorize @tag, :unhide?
@tag.account_tag_stat.update!(hidden: false)
redirect_to admin_tags_path(@filter_params)
end
private
def set_tags
@tags = Tag.discoverable
@tags.merge!(Tag.hidden) if filter_params[:hidden]
end
def set_tag
@tag = Tag.find(params[:id])
end
def set_usage_by_domain
@usage_by_domain = @tag.statuses
.with_public_visibility
.excluding_silenced_accounts
.where(Status.arel_table[:id].gteq(Mastodon::Snowflake.id_at(Time.now.utc.beginning_of_day)))
.joins(:account)
.group('accounts.domain')
.reorder('statuses_count desc')
.pluck('accounts.domain, count(*) AS statuses_count')
end
def set_counters
@accounts_today = @tag.history.first[:accounts]
@accounts_week = Redis.current.pfcount(*current_week_days.map { |day| "activity:tags:#{@tag.id}:#{day}:accounts" })
end
def filtered_tags
TagFilter.new(filter_params).results
def set_filter_params
@filter_params = filter_params.to_hash.symbolize_keys
end
def filter_params
params.slice(:directory, :reviewed, :unreviewed, :pending_review, :page, :popular, :active, :name).permit(:directory, :reviewed, :unreviewed, :pending_review, :page, :popular, :active, :name)
end
def tag_params
params.require(:tag).permit(:name, :trendable, :usable, :listable)
end
def current_week_days
now = Time.now.utc.beginning_of_day.to_date
(Date.commercial(now.cwyear, now.cweek)..now).map do |date|
date.to_time(:utc).beginning_of_day.to_i
end
end
def form_tag_batch_params
params.require(:form_tag_batch).permit(:action, tag_ids: [])
end
def action_from_button
if params[:approve]
'approve'
elsif params[:reject]
'reject'
end
params.permit(:hidden)
end
end
end

1
app/controllers/admin/two_factor_authentications_controller.rb
View File

@ -8,7 +8,6 @@ module Admin
authorize @user, :disable_2fa?
@user.disable_two_factor!
log_action :disable_2fa, @user
UserMailer.two_factor_disabled(@user).deliver_later!
redirect_to admin_accounts_path
end

25
app/controllers/api/base_controller.rb
View File

@ -7,23 +7,16 @@ class Api::BaseController < ApplicationController
include RateLimitHeaders
skip_before_action :store_current_location
skip_before_action :require_functional!
skip_before_action :check_user_permissions
before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access?
before_action :set_cache_headers
protect_from_forgery with: :null_session
skip_around_action :set_locale
rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
render json: { error: e.to_s }, status: 422
end
rescue_from ActiveRecord::RecordNotUnique do
render json: { error: 'Duplicate record' }, status: 422
end
rescue_from ActiveRecord::RecordNotFound do
render json: { error: 'Record not found' }, status: 404
end
@ -40,14 +33,6 @@ class Api::BaseController < ApplicationController
render json: { error: 'This action is not allowed' }, status: 403
end
rescue_from Mastodon::RaceConditionError do
render json: { error: 'There was a temporary problem serving your request, please try again' }, status: 503
end
rescue_from ActionController::ParameterMissing do |e|
render json: { error: e.to_s }, status: 400
end
def doorkeeper_unauthorized_render_options(error: nil)
{ json: { error: (error.try(:description) || 'Not authorized') } }
end
@ -84,10 +69,6 @@ class Api::BaseController < ApplicationController
nil
end
def require_authenticated_user!
render json: { error: 'This API requires an authenticated user' }, status: 401 unless current_user
end
def require_user!
if !current_user
render json: { error: 'This method requires an authenticated user' }, status: 422
@ -113,8 +94,4 @@ class Api::BaseController < ApplicationController
def set_cache_headers
response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
end
def disallow_unauthenticated_api_access?
authorized_fetch_mode?
end
end

19
app/controllers/api/proofs_controller.rb
View File

@ -1,11 +1,10 @@
# frozen_string_literal: true
class Api::ProofsController < Api::BaseController
include AccountOwnedConcern
skip_before_action :require_authenticated_user!
before_action :set_account
before_action :set_provider
before_action :check_account_approval
before_action :check_account_suspension
def index
render json: @account, serializer: @provider.serializer_class
@ -17,7 +16,15 @@ class Api::ProofsController < Api::BaseController
@provider = ProofProvider.find(params[:provider]) || raise(ActiveRecord::RecordNotFound)
end
def username_param
params[:username]
def set_account
@account = Account.find_local!(params[:username])
end
def check_account_approval
not_found if @account.user_pending?
end
def check_account_suspension
gone if @account.suspended?
end
end

2
app/controllers/api/v1/accounts/credentials_controller.rb
View File

@ -25,7 +25,7 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
end
def user_settings_params
return nil if params[:source].blank?
return nil unless params.key?(:source)
source_params = params.require(:source)

24
app/controllers/api/v1/accounts/statuses_controller.rb
View File

@ -3,8 +3,7 @@
class Api::V1::Accounts::StatusesController < Api::BaseController
before_action -> { authorize_if_got_token! :read, :'read:statuses' }
before_action :set_account
after_action :insert_pagination_headers, unless: -> { truthy_param?(:pinned) }
after_action :insert_pagination_headers
respond_to :json
@ -30,10 +29,11 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
def account_statuses
statuses = truthy_param?(:pinned) ? pinned_scope : permitted_account_statuses
statuses.merge!(only_media_scope) if truthy_param?(:only_media)
statuses.merge!(no_replies_scope) if truthy_param?(:exclude_replies)
statuses.merge!(no_reblogs_scope) if truthy_param?(:exclude_reblogs)
statuses.merge!(hashtag_scope) if params[:tagged].present?
statuses = statuses.without_replies if !@account.replies || truthy_param?(:exclude_replies)
statuses = statuses.without_reblogs if truthy_param?(:exclude_reblogs)
statuses = statuses.reblogs if truthy_param?(:reblogs) && !truthy_param?(:exclude_reblogs)
statuses = statuses.where(id: account_media_status_ids) if truthy_param?(:only_media)
statuses = statuses.hashtag_scope if params[:tagged].present?
statuses.paginate_by_id(limit_param(DEFAULT_STATUSES_LIMIT), params_slice(:max_id, :since_id, :min_id))
end
@ -57,9 +57,11 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
end
def pinned_scope
return Status.none if @account.blocking?(current_account)
@account.pinned_statuses
if user_signed_in? && current_account.following?(@account)
@account.pinned_statuses
else
@account.pinned_statuses.where.not(visibility: :private)
end
end
def no_replies_scope
@ -74,7 +76,9 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
tag = Tag.find_normalized(params[:tagged])
if tag
Status.tagged_with(tag.id)
return Status.none if !user_signed_in && (tag.local || tag.private) || tag.private && current_account.id != @account.id
scope = tag.private ? current_account.statuses : tag.local ? Status.local : Status
scope.tagged_with(tag.id)
else
Status.none
end

6
app/controllers/api/v1/accounts_controller.rb
View File

@ -12,8 +12,6 @@ class Api::V1::AccountsController < Api::BaseController
before_action :check_account_suspension, only: [:show]
before_action :check_enabled_registrations, only: [:create]
skip_before_action :require_authenticated_user!, only: :create
respond_to :json
def show
@ -33,7 +31,7 @@ class Api::V1::AccountsController < Api::BaseController
def follow
FollowService.new.call(current_user.account, @account, reblogs: truthy_param?(:reblogs))
options = @account.locked? || current_user.account.silenced? ? {} : { following_map: { @account.id => { reblogs: truthy_param?(:reblogs) } }, requested_map: { @account.id => false } }
options = @account.locked? ? {} : { following_map: { @account.id => { reblogs: truthy_param?(:reblogs) } }, requested_map: { @account.id => false } }
render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships(options)
end
@ -78,7 +76,7 @@ class Api::V1::AccountsController < Api::BaseController
end
def account_params
params.permit(:username, :email, :password, :agreement, :locale, :reason)
params.permit(:username, :email, :password, :agreement, :locale)
end
def check_enabled_registrations

32
app/controllers/api/v1/admin/account_actions_controller.rb
View File

@ -1,32 +0,0 @@
# frozen_string_literal: true
class Api::V1::Admin::AccountActionsController < Api::BaseController
before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:accounts' }
before_action :require_staff!
before_action :set_account
def create
account_action = Admin::AccountAction.new(resource_params)
account_action.target_account = @account
account_action.current_account = current_account
account_action.save!
render_empty
end
private
def set_account
@account = Account.find(params[:account_id])
end
def resource_params
params.permit(
:type,
:report_id,
:warning_preset_id,
:text,
:send_email_notification
)
end
end

128
app/controllers/api/v1/admin/accounts_controller.rb
View File

@ -1,128 +0,0 @@
# frozen_string_literal: true
class Api::V1::Admin::AccountsController < Api::BaseController
include Authorization
include AccountableConcern
LIMIT = 100
before_action -> { doorkeeper_authorize! :'admin:read', :'admin:read:accounts' }, only: [:index, :show]
before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:accounts' }, except: [:index, :show]
before_action :require_staff!
before_action :set_accounts, only: :index
before_action :set_account, except: :index
before_action :require_local_account!, only: [:enable, :approve, :reject]
after_action :insert_pagination_headers, only: :index
FILTER_PARAMS = %i(
local
remote
by_domain
active
pending
disabled
silenced
suspended
username
display_name
email
ip
staff
).freeze
PAGINATION_PARAMS = (%i(limit) + FILTER_PARAMS).freeze
def index
authorize :account, :index?
render json: @accounts, each_serializer: REST::Admin::AccountSerializer
end
def show
authorize @account, :show?
render json: @account, serializer: REST::Admin::AccountSerializer
end
def enable
authorize @account.user, :enable?
@account.user.enable!
log_action :enable, @account.user
render json: @account, serializer: REST::Admin::AccountSerializer
end
def approve
authorize @account.user, :approve?
@account.user.approve!
render json: @account, serializer: REST::Admin::AccountSerializer
end
def reject
authorize @account.user, :reject?
SuspendAccountService.new.call(@account, reserve_email: false, reserve_username: false)
render json: @account, serializer: REST::Admin::AccountSerializer
end
def unsilence
authorize @account, :unsilence?
@account.unsilence!
log_action :unsilence, @account
render json: @account, serializer: REST::Admin::AccountSerializer
end
def unsuspend
authorize @account, :unsuspend?
@account.unsuspend!
log_action :unsuspend, @account
render json: @account, serializer: REST::Admin::AccountSerializer
end
private
def set_accounts
@accounts = filtered_accounts.order(id: :desc).includes(user: [:invite_request, :invite]).paginate_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
end
def set_account
@account = Account.find(params[:id])
end
def filtered_accounts
AccountFilter.new(filter_params).results
end
def filter_params
params.permit(*FILTER_PARAMS)
end
def insert_pagination_headers
set_pagination_headers(next_path, prev_path)
end
def next_path
api_v1_admin_accounts_url(pagination_params(max_id: pagination_max_id)) if records_continue?
end
def prev_path
api_v1_admin_accounts_url(pagination_params(min_id: pagination_since_id)) unless @accounts.empty?
end
def pagination_max_id
@accounts.last.id
end
def pagination_since_id
@accounts.first.id
end
def records_continue?
@accounts.size == limit_param(LIMIT)
end
def pagination_params(core_params)
params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
end
def require_local_account!
forbidden unless @account.local? && @account.user.present?
end
end

108
app/controllers/api/v1/admin/reports_controller.rb
View File

@ -1,108 +0,0 @@
# frozen_string_literal: true
class Api::V1::Admin::ReportsController < Api::BaseController
include Authorization
include AccountableConcern
LIMIT = 100
before_action -> { doorkeeper_authorize! :'admin:read', :'admin:read:reports' }, only: [:index, :show]
before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:reports' }, except: [:index, :show]
before_action :require_staff!
before_action :set_reports, only: :index
before_action :set_report, except: :index
after_action :insert_pagination_headers, only: :index
FILTER_PARAMS = %i(
resolved
account_id
target_account_id
).freeze
PAGINATION_PARAMS = (%i(limit) + FILTER_PARAMS).freeze
def index
authorize :report, :index?
render json: @reports, each_serializer: REST::Admin::ReportSerializer
end
def show
authorize @report, :show?
render json: @report, serializer: REST::Admin::ReportSerializer
end
def assign_to_self
authorize @report, :update?
@report.update!(assigned_account_id: current_account.id)
log_action :assigned_to_self, @report
render json: @report, serializer: REST::Admin::ReportSerializer
end
def unassign
authorize @report, :update?
@report.update!(assigned_account_id: nil)
log_action :unassigned, @report
render json: @report, serializer: REST::Admin::ReportSerializer
end
def reopen
authorize @report, :update?
@report.unresolve!
log_action :reopen, @report
render json: @report, serializer: REST::Admin::ReportSerializer
end
def resolve
authorize @report, :update?
@report.resolve!(current_account)
log_action :resolve, @report
render json: @report, serializer: REST::Admin::ReportSerializer
end
private
def set_reports
@reports = filtered_reports.order(id: :desc).with_accounts.paginate_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
end
def set_report
@report = Report.find(params[:id])
end
def filtered_reports
ReportFilter.new(filter_params).results
end
def filter_params
params.permit(*FILTER_PARAMS)
end
def insert_pagination_headers
set_pagination_headers(next_path, prev_path)
end
def next_path
api_v1_admin_reports_url(pagination_params(max_id: pagination_max_id)) if records_continue?
end
def prev_path
api_v1_admin_reports_url(pagination_params(min_id: pagination_since_id)) unless @reports.empty?
end
def pagination_max_id
@reports.last.id
end
def pagination_since_id
@reports.first.id
end
def records_continue?
@reports.size == limit_param(LIMIT)
end
def pagination_params(core_params)
params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
end
end

2
app/controllers/api/v1/apps_controller.rb
View File

@ -1,8 +1,6 @@
# frozen_string_literal: true
class Api::V1::AppsController < Api::BaseController
skip_before_action :require_authenticated_user!
def create
@app = Doorkeeper::Application.create!(application_options)
render json: @app, serializer: REST::ApplicationSerializer

13
app/controllers/api/v1/bookmarks_controller.rb
View File

@ -26,9 +26,10 @@ class Api::V1::BookmarksController < Api::BaseController
end
def results
@_results ||= account_bookmarks.paginate_by_id(
@_results ||= account_bookmarks.paginate_by_max_id(
limit_param(DEFAULT_STATUSES_LIMIT),
params_slice(:max_id, :since_id, :min_id)
params[:max_id],
params[:since_id]
)
end
@ -41,11 +42,15 @@ class Api::V1::BookmarksController < Api::BaseController
end
def next_path
api_v1_bookmarks_url pagination_params(max_id: pagination_max_id) if records_continue?
if records_continue?
api_v1_bookmarks_url pagination_params(max_id: pagination_max_id)
end
end
def prev_path
api_v1_bookmarks_url pagination_params(min_id: pagination_since_id) unless results.empty?
unless results.empty?
api_v1_bookmarks_url pagination_params(since_id: pagination_since_id)
end
end
def pagination_max_id

5
app/controllers/api/v1/custom_emojis_controller.rb
View File

@ -6,7 +6,8 @@ class Api::V1::CustomEmojisController < Api::BaseController
skip_before_action :set_cache_headers
def index
expires_in 3.minutes, public: true
render_with_cache(each_serializer: REST::CustomEmojiSerializer) { CustomEmoji.listed.includes(:category) }
render_cached_json('api:v1:custom_emojis', expires_in: 1.minute) do
ActiveModelSerializers::SerializableResource.new(CustomEmoji.local.where(disabled: false), each_serializer: REST::CustomEmojiSerializer)
end
end
end

30
app/controllers/api/v1/directories_controller.rb
View File

@ -1,30 +0,0 @@
# frozen_string_literal: true
class Api::V1::DirectoriesController < Api::BaseController
before_action :require_enabled!
before_action :set_accounts
def show
render json: @accounts, each_serializer: REST::AccountSerializer
end
private
def require_enabled!
return not_found unless Setting.profile_directory
end
def set_accounts
@accounts = accounts_scope.offset(params[:offset]).limit(limit_param(DEFAULT_ACCOUNTS_LIMIT))
end
def accounts_scope
Account.discoverable.tap do |scope|
scope.merge!(Account.local) if truthy_param?(:local)
scope.merge!(Account.by_recent_status) if params[:order].blank? || params[:order] == 'active'
scope.merge!(Account.order(id: :desc)) if params[:order] == 'new'
scope.merge!(Account.not_excluded_by_account(current_account)) if current_account
scope.merge!(Account.not_domain_blocked_by_account(current_account)) if current_account && !truthy_param?(:local)
end
end
end

1
app/controllers/api/v1/domain_blocks_controller.rb
View File

@ -23,6 +23,7 @@ class Api::V1::DomainBlocksController < Api::BaseController
def destroy
current_account.unblock_domain!(domain_block_params[:domain])
AfterAccountDomainUnblockWorker.perform_async(current_account.id, domain_block_params[:domain])
render_empty
end

20
app/controllers/api/v1/featured_tags/suggestions_controller.rb
View File

@ -1,20 +0,0 @@
# frozen_string_literal: true
class Api::V1::FeaturedTags::SuggestionsController < Api::BaseController
before_action -> { doorkeeper_authorize! :read, :'read:accounts' }, only: :index
before_action :require_user!
before_action :set_most_used_tags, only: :index
respond_to :json
def index
render json: @most_used_tags, each_serializer: REST::TagSerializer
end
private
def set_most_used_tags
@most_used_tags = Tag.most_used(current_account).where.not(id: current_account.featured_tags).limit(10)
end
end

40
app/controllers/api/v1/featured_tags_controller.rb
View File

@ -1,40 +0,0 @@
# frozen_string_literal: true
class Api::V1::FeaturedTagsController < Api::BaseController
before_action -> { doorkeeper_authorize! :read, :'read:accounts' }, only: :index
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, except: :index
before_action :require_user!
before_action :set_featured_tags, only: :index
before_action :set_featured_tag, except: [:index, :create]
def index
render json: @featured_tags, each_serializer: REST::FeaturedTagSerializer
end
def create
@featured_tag = current_account.featured_tags.new(featured_tag_params)
@featured_tag.reset_data
@featured_tag.save!
render json: @featured_tag, serializer: REST::FeaturedTagSerializer
end
def destroy
@featured_tag.destroy!
render_empty
end
private
def set_featured_tag
@featured_tag = current_account.featured_tags.find(params[:id])
end
def set_featured_tags
@featured_tags = current_account.featured_tags.order(statuses_count: :desc)
end
def featured_tag_params
params.permit(:name)
end
end

2
app/controllers/api/v1/filters_controller.rb
View File

@ -43,6 +43,6 @@ class Api::V1::FiltersController < Api::BaseController
end
def resource_params
params.permit(:phrase, :expires_in, :irreversible, :whole_word, context: [])
params.permit(:phrase, :expires_in, :irreversible, :whole_word, :exclude_media, :media_only, :status_text, :spoiler, :tags, :custom_cw, :override_cw, context: [])
end
end

8
app/controllers/api/v1/follow_requests_controller.rb
View File

@ -14,12 +14,12 @@ class Api::V1::FollowRequestsController < Api::BaseController
def authorize
AuthorizeFollowService.new.call(account, current_account)
NotifyService.new.call(current_account, Follow.find_by(account: account, target_account: current_account))
render json: account, serializer: REST::RelationshipSerializer, relationships: relationships
render_empty
end
def reject
RejectFollowService.new.call(account, current_account)
render json: account, serializer: REST::RelationshipSerializer, relationships: relationships
render_empty
end
private
@ -28,10 +28,6 @@ class Api::V1::FollowRequestsController < Api::BaseController
Account.find(params[:id])
end
def relationships(**options)
AccountRelationshipsPresenter.new([params[:id]], current_user.account_id, options)
end
def load_accounts
default_accounts.merge(paginated_follow_requests).to_a
end

31
app/controllers/api/v1/follows_controller.rb Normal file
View File

@ -0,0 +1,31 @@
# frozen_string_literal: true
class Api::V1::FollowsController < Api::BaseController
before_action -> { doorkeeper_authorize! :follow, :'write:follows' }
before_action :require_user!
respond_to :json
def create
raise ActiveRecord::RecordNotFound if follow_params[:uri].blank?
@account = FollowService.new.call(current_user.account, target_uri).try(:target_account)
if @account.nil?
username, domain = target_uri.split('@')
@account = Account.find_remote!(username, domain)
end
render json: @account, serializer: REST::AccountSerializer
end
private
def target_uri
follow_params[:uri].strip.gsub(/\A@/, '')
end
def follow_params
params.permit(:uri)
end
end

7
app/controllers/api/v1/instances/activity_controller.rb
View File

@ -2,15 +2,12 @@
class Api::V1::Instances::ActivityController < Api::BaseController
before_action :require_enabled_api!
skip_before_action :set_cache_headers
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
respond_to :json
def show
expires_in 1.day, public: true
render_with_cache json: :activity, expires_in: 1.day
render_cached_json('api:v1:instances:activity:show', expires_in: 1.day) { activity }
end
private
@ -35,6 +32,6 @@ class Api::V1::Instances::ActivityController < Api::BaseController
end
def require_enabled_api!
head 404 unless Setting.activity_api_enabled && !whitelist_mode?
head 404 unless Setting.activity_api_enabled
end
end

7
app/controllers/api/v1/instances/peers_controller.rb
View File

@ -2,20 +2,17 @@
class Api::V1::Instances::PeersController < Api::BaseController
before_action :require_enabled_api!
skip_before_action :set_cache_headers
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
respond_to :json
def index
expires_in 1.day, public: true
render_with_cache(expires_in: 1.day) { Account.remote.domains }
render_cached_json('api:v1:instances:peers:index', expires_in: 1.day) { Account.remote.domains }
end
private
def require_enabled_api!
head 404 unless Setting.peers_api_enabled && !whitelist_mode?
head 404 unless Setting.peers_api_enabled
end
end

7
app/controllers/api/v1/instances_controller.rb
View File

@ -2,12 +2,11 @@
class Api::V1::InstancesController < Api::BaseController
respond_to :json
skip_before_action :set_cache_headers
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
def show
expires_in 3.minutes, public: true
render_with_cache json: {}, serializer: REST::InstanceSerializer, root: 'instance'
render_cached_json('api:v1:instances', expires_in: 5.minutes) do
ActiveModelSerializers::SerializableResource.new({}, serializer: REST::InstanceSerializer)
end
end
end

2
app/controllers/api/v1/lists_controller.rb
View File

@ -38,6 +38,6 @@ class Api::V1::ListsController < Api::BaseController
end
def list_params
params.permit(:title, :replies_policy)
params.permit(:title, :replies_policy, :show_self)
end
end

44
app/controllers/api/v1/markers_controller.rb
View File

@ -1,44 +0,0 @@
# frozen_string_literal: true
class Api::V1::MarkersController < Api::BaseController
before_action -> { doorkeeper_authorize! :read, :'read:statuses' }, only: [:index]
before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, except: [:index]
before_action :require_user!
def index
@markers = current_user.markers.where(timeline: Array(params[:timeline])).each_with_object({}) { |marker, h| h[marker.timeline] = marker }
render json: serialize_map(@markers)
end
def create
Marker.transaction do
@markers = {}
resource_params.each_pair do |timeline, timeline_params|
@markers[timeline] = current_user.markers.find_or_initialize_by(timeline: timeline)
@markers[timeline].update!(timeline_params)
end
end
render json: serialize_map(@markers)
rescue ActiveRecord::StaleObjectError
render json: { error: 'Conflict during update, please try again' }, status: 409
end
private
def serialize_map(map)
serialized = {}
map.each_pair do |key, value|
serialized[key] = ActiveModelSerializers::SerializableResource.new(value, serializer: REST::MarkerSerializer).as_json
end
Oj.dump(serialized)
end
def resource_params
params.slice(*Marker::TIMELINES).permit(*Marker::TIMELINES.map { |timeline| { timeline.to_sym => [:last_read_id] } })
end
end

6
app/controllers/api/v1/notifications_controller.rb
View File

@ -53,7 +53,7 @@ class Api::V1::NotificationsController < Api::BaseController
end
def browserable_account_notifications
current_account.notifications.browserable(exclude_types, from_account)
current_account.notifications.browserable(exclude_types)
end
def target_statuses_from_notifications
@ -90,10 +90,6 @@ class Api::V1::NotificationsController < Api::BaseController
val
end
def from_account
params[:account_id]
end
def pagination_params(core_params)
params.slice(:limit, :exclude_types).permit(:limit, exclude_types: []).merge(core_params)
end

19
app/controllers/api/v1/polls_controller.rb
View File

@ -1,28 +1,13 @@
# frozen_string_literal: true
class Api::V1::PollsController < Api::BaseController
include Authorization
before_action -> { authorize_if_got_token! :read, :'read:statuses' }, only: :show
before_action :set_poll
before_action :refresh_poll
respond_to :json
def show
@poll = Poll.attached.find(params[:id])
ActivityPub::FetchRemotePollService.new.call(@poll, current_account) if user_signed_in? && @poll.possibly_stale?
render json: @poll, serializer: REST::PollSerializer, include_results: true
end
private
def set_poll
@poll = Poll.attached.find(params[:id])
authorize @poll.status, :show?
rescue Mastodon::NotPermittedError
raise ActiveRecord::RecordNotFound
end
def refresh_poll
ActivityPub::FetchRemotePollService.new.call(@poll, current_account) if user_signed_in? && @poll.possibly_stale?
end
end

2
app/controllers/api/v1/push/subscriptions_controller.rb
View File

@ -51,6 +51,6 @@ class Api::V1::Push::SubscriptionsController < Api::BaseController
def data_params
return {} if params[:data].blank?
params.require(:data).permit(alerts: [:follow, :follow_request, :favourite, :reblog, :mention, :poll])
params.require(:data).permit(alerts: [:follow, :favourite, :reblog, :mention])
end
end

2
app/controllers/api/v1/reports_controller.rb
View File

@ -21,7 +21,7 @@ class Api::V1::ReportsController < Api::BaseController
private
def reported_status_ids
reported_account.statuses.with_discarded.find(status_ids).pluck(:id)
reported_account.statuses.find(status_ids).pluck(:id)
end
def status_ids

32
app/controllers/api/v1/search_controller.rb Normal file
View File

@ -0,0 +1,32 @@
# frozen_string_literal: true
class Api::V1::SearchController < Api::BaseController
include Authorization
RESULTS_LIMIT = (ENV['MAX_SEARCH_RESULTS'] || 100).to_i
before_action -> { doorkeeper_authorize! :read, :'read:search' }
before_action :require_user!
respond_to :json
def index
@search = Search.new(search_results)
render json: @search, serializer: REST::SearchSerializer
end
private
def search_results
SearchService.new.call(
params[:q],
current_account,
limit_param(RESULTS_LIMIT),
search_params.merge(resolve: truthy_param?(:resolve))
)
end
def search_params
params.permit(:type, :offset, :min_id, :max_id, :account_id)
end
end

9
app/controllers/api/v1/statuses/bookmarks_controller.rb
View File

@ -30,10 +30,19 @@ class Api::V1::Statuses::BookmarksController < Api::BaseController
bookmark = Bookmark.find_or_create_by!(account: current_user.account, status: requested_status)
curate_status(requested_status)
bookmark.status.reload
end
def requested_status
Status.find(params[:status_id])
end
def curate_status(status)
return if status.curated || !status.distributable? || (status.reply? && status.in_reply_to_account_id != status.account_id)
status.curated = true
status.save
FanOutOnWriteService.new.call(status)
end
end

3
app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
View File

@ -17,11 +17,12 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController
private
def load_accounts
return [] if @status.local? && @status.account.user.setting_hide_interactions
default_accounts.merge(paginated_favourites).to_a
end
def default_accounts
Account
Account.without_unlisted
.includes(:favourites, :account_stat)
.references(:favourites)
.where(favourites: { status_id: @status.id })

3
app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
View File

@ -17,11 +17,12 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::BaseController
private
def load_accounts
return [] if @status.local? && @status.account.user.setting_hide_interactions
default_accounts.merge(paginated_statuses).to_a
end
def default_accounts
Account.includes(:statuses, :account_stat).references(:statuses)
Account.without_unlisted.includes(:statuses, :account_stat).references(:statuses)
end
def paginated_statuses

3
app/controllers/api/v1/statuses/reblogs_controller.rb
View File

@ -18,7 +18,6 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController
@reblogs_map = { @status.id => false }
authorize status_for_destroy, :unreblog?
status_for_destroy.discard
RemovalWorker.perform_async(status_for_destroy.id)
render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_user&.account_id, reblogs_map: @reblogs_map)
@ -31,7 +30,7 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController
end
def status_for_destroy
@status_for_destroy ||= current_user.account.statuses.where(reblog_of_id: params[:status_id]).first!
current_user.account.statuses.where(reblog_of_id: params[:status_id]).first!
end
def reblog_params

30
app/controllers/api/v1/statuses_controller.rb
View File

@ -2,11 +2,12 @@
class Api::V1::StatusesController < Api::BaseController
include Authorization
include FilterHelper
before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :destroy]
before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only: [:create, :destroy]
before_action :require_user!, except: [:show, :context]
before_action :set_status, only: [:show, :context]
before_action :require_user!, except: [:show, :context, :card]
before_action :set_status, only: [:show, :context, :card]
respond_to :json
@ -18,6 +19,8 @@ class Api::V1::StatusesController < Api::BaseController
def show
@status = cache_collection([@status], Status).first
# make sure any custom cws are applied
phrase_filtered?(@status, current_account.id, 'thread') unless current_account.nil?
render json: @status, serializer: REST::StatusSerializer
end
@ -33,6 +36,16 @@ class Api::V1::StatusesController < Api::BaseController
render json: @context, serializer: REST::ContextSerializer, relationships: StatusRelationshipsPresenter.new(statuses, current_user&.account_id)
end
def card
@card = @status.preview_cards.first
if @card.nil?
render_empty
else
render json: @card, serializer: REST::PreviewCardSerializer
end
end
def create
@status = PostStatusService.new.call(current_user.account,
text: status_params[:status],
@ -42,20 +55,25 @@ class Api::V1::StatusesController < Api::BaseController
spoiler_text: status_params[:spoiler_text],
visibility: status_params[:visibility],
scheduled_at: status_params[:scheduled_at],
delete_after: status_params[:delete_after],
sharekey: status_params[:sharekey],
application: doorkeeper_token.application,
poll: status_params[:poll],
content_type: status_params[:content_type],
idempotency: request.headers['Idempotency-Key'])
render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
if @status.nil?
raise Mastodon::ValidationError, 'Bangtags processed successfully.'
else
render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
end
end
def destroy
@status = Status.where(account_id: current_user.account).find(params[:id])
authorize @status, :destroy?
@status.discard
RemovalWorker.perform_async(@status.id, redraft: true)
RemovalWorker.perform_async(@status.id)
render json: @status, serializer: REST::StatusSerializer, source_requested: true
end
@ -76,7 +94,9 @@ class Api::V1::StatusesController < Api::BaseController
:sensitive,
:spoiler_text,
:visibility,
:sharekey,
:scheduled_at,
:delete_after,
:content_type,
media_ids: [],
poll: [

14
app/controllers/api/v1/streaming_controller.rb
View File

@ -5,17 +5,11 @@ class Api::V1::StreamingController < Api::BaseController
def index
if Rails.configuration.x.streaming_api_base_url != request.host
redirect_to streaming_api_url, status: 301
uri = URI.parse(request.url)
uri.host = URI.parse(Rails.configuration.x.streaming_api_base_url).host
redirect_to uri.to_s, status: 301
else
not_found
raise ActiveRecord::RecordNotFound
end
end
private
def streaming_api_url
Addressable::URI.parse(request.url).tap do |uri|
uri.host = Addressable::URI.parse(Rails.configuration.x.streaming_api_base_url).host
end.to_s
end
end

10
app/controllers/api/v1/timelines/direct_controller.rb
View File

@ -27,18 +27,16 @@ class Api::V1::Timelines::DirectController < Api::BaseController
end
def direct_timeline_statuses
account_direct_feed.get(
# this query requires built in pagination.
Status.as_direct_timeline(
current_account,
limit_param(DEFAULT_STATUSES_LIMIT),
params[:max_id],
params[:since_id],
params[:min_id]
true # returns array of cache_ids object
)
end
def account_direct_feed
DirectFeed.new(current_account)
end
def insert_pagination_headers
set_pagination_headers(next_path, prev_path)
end

6
app/controllers/api/v1/timelines/home_controller.rb
View File

@ -13,7 +13,7 @@ class Api::V1::Timelines::HomeController < Api::BaseController
render json: @statuses,
each_serializer: REST::StatusSerializer,
relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id),
status: account_home_feed.regenerating? ? 206 : 200
status: regeneration_in_progress? ? 206 : 200
end
private
@ -62,4 +62,8 @@ class Api::V1::Timelines::HomeController < Api::BaseController
def pagination_since_id
@statuses.first.id
end
def regeneration_in_progress?
Redis.current.exists("account:#{current_account.id}:regeneration")
end
end

5
app/controllers/api/v1/timelines/public_controller.rb
View File

@ -1,7 +1,6 @@
# frozen_string_literal: true
class Api::V1::Timelines::PublicController < Api::BaseController
before_action :require_user!, only: [:show], if: :require_auth?
after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
respond_to :json
@ -13,10 +12,6 @@ class Api::V1::Timelines::PublicController < Api::BaseController
private
def require_auth?
!Setting.timeline_preview
end
def load_statuses
cached_public_statuses
end

14
app/controllers/api/v1/timelines/tag_controller.rb
View File

@ -28,6 +28,8 @@ class Api::V1::Timelines::TagController < Api::BaseController
def tagged_statuses
if @tag.nil?
[]
elsif @tag.name.in?(['self.bookmarks', '.self.bookmarks'])
Status.reorder(nil).joins(:bookmarks).merge(bookmark_results)
else
statuses = tag_timeline_statuses.paginate_by_id(
limit_param(DEFAULT_STATUSES_LIMIT),
@ -48,6 +50,18 @@ class Api::V1::Timelines::TagController < Api::BaseController
HashtagQueryService.new.call(@tag, params.slice(:any, :all, :none), current_account, truthy_param?(:local))
end
def bookmark_results
@_results ||= account_bookmarks.paginate_by_max_id(
limit_param(DEFAULT_STATUSES_LIMIT),
params[:max_id],
params[:since_id]
)
end
def account_bookmarks
current_account.bookmarks
end
def insert_pagination_headers
set_pagination_headers(next_path, prev_path)
end

17
app/controllers/api/v1/trends_controller.rb
View File

@ -1,17 +0,0 @@
# frozen_string_literal: true
class Api::V1::TrendsController < Api::BaseController
before_action :set_tags
respond_to :json
def index
render json: @tags, each_serializer: REST::TagSerializer
end
private
def set_tags
@tags = TrendingTags.get(limit_param(10))
end
end

28
app/controllers/api/v2/search_controller.rb
View File

@ -1,32 +1,8 @@
# frozen_string_literal: true
class Api::V2::SearchController < Api::BaseController
include Authorization
RESULTS_LIMIT = (ENV['MAX_SEARCH_RESULTS'] || 20).to_i
before_action -> { doorkeeper_authorize! :read, :'read:search' }
before_action :require_user!
respond_to :json
class Api::V2::SearchController < Api::V1::SearchController
def index
@search = Search.new(search_results)
render json: @search, serializer: REST::SearchSerializer
end
private
def search_results
SearchService.new.call(
params[:q],
current_account,
limit_param(RESULTS_LIMIT),
search_params.merge(resolve: truthy_param?(:resolve), exclude_unreviewed: truthy_param?(:exclude_unreviewed))
)
end
def search_params
params.permit(:type, :offset, :min_id, :max_id, :account_id)
render json: @search, serializer: REST::V2::SearchSerializer
end
end

4
app/controllers/api/web/push_subscriptions_controller.rb
View File

@ -19,11 +19,9 @@ class Api::Web::PushSubscriptionsController < Api::Web::BaseController
data = {
alerts: {
follow: alerts_enabled,
follow_request: false,
favourite: alerts_enabled,
reblog: alerts_enabled,
mention: alerts_enabled,
poll: alerts_enabled,
},
}
@ -59,6 +57,6 @@ class Api::Web::PushSubscriptionsController < Api::Web::BaseController
end
def data_params
@data_params ||= params.require(:data).permit(alerts: [:follow, :follow_request, :favourite, :reblog, :mention, :poll])
@data_params ||= params.require(:data).permit(alerts: [:follow, :favourite, :reblog, :mention])
end
end

105
app/controllers/application_controller.rb
View File

@ -10,8 +10,6 @@ class ApplicationController < ActionController::Base
include Localized
include UserTrackingConcern
include SessionTrackingConcern
include CacheConcern
include DomainControlHelper
helper_method :current_account
helper_method :current_session
@ -19,21 +17,15 @@ class ApplicationController < ActionController::Base
helper_method :current_skin
helper_method :single_user_mode?
helper_method :use_seamless_external_login?
helper_method :whitelist_mode?
rescue_from ActionController::RoutingError, with: :not_found
rescue_from ActiveRecord::RecordNotFound, with: :not_found
rescue_from ActionController::InvalidAuthenticityToken, with: :unprocessable_entity
rescue_from ActionController::UnknownFormat, with: :not_acceptable
rescue_from ActionController::ParameterMissing, with: :bad_request
rescue_from ActiveRecord::RecordNotFound, with: :not_found
rescue_from Mastodon::NotPermittedError, with: :forbidden
rescue_from HTTP::Error, OpenSSL::SSL::SSLError, with: :internal_server_error
rescue_from Mastodon::RaceConditionError, with: :service_unavailable
before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
before_action :require_functional!, if: :user_signed_in?
skip_before_action :verify_authenticity_token, only: :raise_not_found
before_action :check_user_permissions, if: :user_signed_in?
def raise_not_found
raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"
@ -42,15 +34,7 @@ class ApplicationController < ActionController::Base
private
def https_enabled?
Rails.env.production? && !request.path.start_with?('/health')
end
def authorized_fetch_mode?
ENV['AUTHORIZED_FETCH'] == 'true' || Rails.configuration.x.whitelist_mode
end
def public_fetch_mode?
!authorized_fetch_mode?
Rails.env.production?
end
def store_current_location
@ -65,8 +49,8 @@ class ApplicationController < ActionController::Base
forbidden unless current_user&.staff?
end
def require_functional!
redirect_to edit_user_registration_path unless current_user.functional?
def check_user_permissions
forbidden if current_user.disabled? || current_user.account.suspended?
end
def after_sign_out_path_for(_resource_or_scope)
@ -168,20 +152,8 @@ class ApplicationController < ActionController::Base
respond_with_error(406)
end
def bad_request
respond_with_error(400)
end
def internal_server_error
respond_with_error(500)
end
def service_unavailable
respond_with_error(503)
end
def single_user_mode?
@single_user_mode ||= Rails.configuration.x.single_user_mode && Account.where('id > 0').exists?
@single_user_mode ||= Rails.configuration.x.single_user_mode && Account.exists?
end
def use_seamless_external_login?
@ -189,15 +161,11 @@ class ApplicationController < ActionController::Base
end
def current_account
return @current_account if defined?(@current_account)
@current_account = current_user&.account
@current_account ||= current_user.try(:account)
end
def current_session
return @current_session if defined?(@current_session)
@current_session = SessionActivation.find_by(session_id: cookies.signed['_session_id']) if cookies.signed['_session_id'].present?
@current_session ||= SessionActivation.find_by(session_id: cookies.signed['_session_id'])
end
def current_flavour
@ -210,8 +178,61 @@ class ApplicationController < ActionController::Base
current_user.setting_skin
end
def cache_collection(raw, klass)
return raw unless klass.respond_to?(:with_includes)
raw = raw.cache_ids.to_a if raw.is_a?(ActiveRecord::Relation)
cached_keys_with_value = Rails.cache.read_multi(*raw).transform_keys(&:id)
uncached_ids = raw.map(&:id) - cached_keys_with_value.keys
klass.reload_stale_associations!(cached_keys_with_value.values) if klass.respond_to?(:reload_stale_associations!)
unless uncached_ids.empty?
uncached = klass.where(id: uncached_ids).with_includes.each_with_object({}) { |item, h| h[item.id] = item }
uncached.each_value do |item|
Rails.cache.write(item, item)
end
end
raw.map { |item| cached_keys_with_value[item.id] || uncached[item.id] }.compact
end
def respond_with_error(code)
use_pack 'error'
render "errors/#{code}", layout: 'error', status: code
respond_to do |format|
format.any { head code }
format.html do
set_locale
use_pack 'error'
render "errors/#{code}", layout: 'error', status: code
end
end
end
def render_cached_json(cache_key, **options)
options[:expires_in] ||= 3.minutes
cache_public = options.key?(:public) ? options.delete(:public) : true
content_type = options.delete(:content_type) || 'application/json'
data = Rails.cache.fetch(cache_key, { raw: true }.merge(options)) do
yield.to_json
end
expires_in options[:expires_in], public: cache_public
render json: data, content_type: content_type
end
def set_cache_headers
response.headers['Vary'] = 'Accept'
end
def mark_cacheable!
skip_session!
expires_in 0, public: true
end
def skip_session!
request.session_options[:skip] = true
end
end

29
app/controllers/auth/challenges_controller.rb
View File

@ -1,29 +0,0 @@
# frozen_string_literal: true
class Auth::ChallengesController < ApplicationController
include ChallengableConcern
layout 'auth'
before_action :set_pack
before_action :authenticate_user!
skip_before_action :require_functional!
def create
if challenge_passed?
session[:challenge_passed_at] = Time.now.utc
redirect_to challenge_params[:return_to]
else
@challenge = Form::Challenge.new(return_to: challenge_params[:return_to])
flash.now[:alert] = I18n.t('challenge.invalid_password')
render_challenge
end
end
private
def set_pack
use_pack 'auth'
end
end

32
app/controllers/auth/confirmations_controller.rb
View File

@ -4,15 +4,19 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
layout 'auth'
before_action :set_body_classes
before_action :set_user, only: [:finish_signup]
before_action :set_pack
before_action :require_unconfirmed!
skip_before_action :require_functional!
def finish_signup
return unless request.patch? && params[:user]
def new
super
resource.email = current_user.unconfirmed_email || current_user.email if user_signed_in?
if @user.update(user_params)
@user.skip_reconfirmation!
bypass_sign_in(@user)
redirect_to root_path, notice: I18n.t('devise.confirmations.send_instructions')
else
@show_errors = true
end
end
private
@ -21,24 +25,16 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
use_pack 'auth'
end
def require_unconfirmed!
redirect_to edit_user_registration_path if user_signed_in? && current_user.confirmed? && current_user.unconfirmed_email.blank?
def set_user
@user = current_user
end
def set_body_classes
@body_classes = 'lighter'
end
def after_resending_confirmation_instructions_path_for(_resource_name)
if user_signed_in?
if current_user.confirmed? && current_user.approved?
edit_user_registration_path
else
auth_setup_path
end
else
new_user_session_path
end
def user_params
params.require(:user).permit(:email)
end
def after_confirmation_path_for(_resource_name, user)

2
app/controllers/auth/omniauth_callbacks_controller.rb
View File

@ -27,7 +27,7 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
if resource.email_verified?
root_path
else
auth_setup_path(missing_email: '1')
finish_signup_path
end
end
end

9
app/controllers/auth/registrations_controller.rb
View File

@ -10,9 +10,6 @@ class Auth::RegistrationsController < Devise::RegistrationsController
before_action :set_sessions, only: [:edit, :update]
before_action :set_instance_presenter, only: [:new, :create, :update]
before_action :set_body_classes, only: [:new, :create, :edit, :update]
before_action :require_not_suspended!, only: [:update]
skip_before_action :require_functional!, only: [:edit, :update]
def new
super(&:build_invite_request)
@ -47,7 +44,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
end
def after_sign_up_path_for(_resource)
auth_setup_path
new_user_session_path
end
def after_sign_in_path_for(_resource)
@ -110,8 +107,4 @@ class Auth::RegistrationsController < Devise::RegistrationsController
def set_sessions
@sessions = current_user.session_activations
end
def require_not_suspended!
forbidden if current_account.suspended?
end
end

46
app/controllers/auth/sessions_controller.rb
View File

@ -6,11 +6,10 @@ class Auth::SessionsController < Devise::SessionsController
layout 'auth'
skip_before_action :require_no_authentication, only: [:create]
skip_before_action :require_functional!
prepend_before_action :set_pack
skip_before_action :check_user_permissions, only: [:destroy]
prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
prepend_before_action :switch_user
prepend_before_action :set_pack
before_action :set_instance_presenter, only: [:new]
before_action :set_body_classes
@ -32,7 +31,6 @@ class Auth::SessionsController < Devise::SessionsController
def destroy
tmp_stored_location = stored_location_for(:user)
super
session.delete(:challenge_passed_at)
flash.delete(:notice)
store_location_for(:user, tmp_stored_location) if continue_after?
end
@ -42,10 +40,12 @@ class Auth::SessionsController < Devise::SessionsController
def find_user
if session[:otp_user_id]
User.find(session[:otp_user_id])
else
user = User.authenticate_with_ldap(user_params) if Devise.ldap_authentication
user ||= User.authenticate_with_pam(user_params) if Devise.pam_authentication
user ||= User.find_for_authentication(email: user_params[:email])
elsif user_params[:email]
if use_seamless_external_login? && Devise.check_at_sign && user_params[:email].index('@').nil?
User.joins(:account).find_by(accounts: { username: user_params[:email] })
else
User.find_for_authentication(email: user_params[:email])
end
end
end
@ -53,6 +53,10 @@ class Auth::SessionsController < Devise::SessionsController
params.require(:user).permit(:email, :password, :otp_attempt)
end
def switch_params
params.permit(:switch_to)
end
def after_sign_in_path_for(resource)
last_url = stored_location_for(:user)
@ -72,13 +76,13 @@ class Auth::SessionsController < Devise::SessionsController
end
def two_factor_enabled?
find_user&.otp_required_for_login?
find_user.try(:otp_required_for_login?)
end
def valid_otp_attempt?(user)
user.validate_and_consume_otp!(user_params[:otp_attempt]) ||
user.invalidate_otp_backup_code!(user_params[:otp_attempt])
rescue OpenSSL::Cipher::CipherError
rescue OpenSSL::Cipher::CipherError => _error
false
end
@ -87,10 +91,7 @@ class Auth::SessionsController < Devise::SessionsController
if user_params[:otp_attempt].present? && session[:otp_user_id]
authenticate_with_two_factor_via_otp(user)
elsif user.present? && (user.encrypted_password.blank? || user.valid_password?(user_params[:password]))
# If encrypted_password is blank, we got the user from LDAP or PAM,
# so credentials are already valid
elsif user&.valid_password?(user_params[:password])
prompt_for_two_factor(user)
end
end
@ -108,11 +109,22 @@ class Auth::SessionsController < Devise::SessionsController
def prompt_for_two_factor(user)
session[:otp_user_id] = user.id
use_pack 'auth'
@body_classes = 'lighter'
render :two_factor
end
def switch_user
return unless switch_params[:switch_to].present? && current_user.present?
target_user = User.find_by(id: switch_params[:switch_to])
return unless target_user.present? && current_user.in?(target_user.linked_users)
self.resource = target_user
remember_me(target_user)
sign_in(target_user)
flash.delete(:error)
flash.delete(:alert)
flash.delete(:notice)
return root_path
end
private
def set_pack

63
app/controllers/auth/setup_controller.rb
View File

@ -1,63 +0,0 @@
# frozen_string_literal: true
class Auth::SetupController < ApplicationController
layout 'auth'
before_action :set_pack
before_action :authenticate_user!
before_action :require_unconfirmed_or_pending!
before_action :set_body_classes
before_action :set_user
skip_before_action :require_functional!
def show
flash.now[:notice] = begin
if @user.pending?
I18n.t('devise.registrations.signed_up_but_pending')
else
I18n.t('devise.registrations.signed_up_but_unconfirmed')
end
end
end
def update
# This allows updating the e-mail without entering a password as is required
# on the account settings page; however, we only allow this for accounts
# that were not confirmed yet
if @user.update(user_params)
redirect_to auth_setup_path, notice: I18n.t('devise.confirmations.send_instructions')
else
render :show
end
end
helper_method :missing_email?
private
def require_unconfirmed_or_pending!
redirect_to root_path if current_user.confirmed? && current_user.approved?
end
def set_user
@user = current_user
end
def set_body_classes
@body_classes = 'lighter'
end
def user_params
params.require(:user).permit(:email)
end
def missing_email?
truthy_param?(:missing_email)
end
def set_pack
use_pack 'auth'
end
end

34
app/controllers/concerns/account_controller_concern.rb
View File

@ -3,19 +3,25 @@
module AccountControllerConcern
extend ActiveSupport::Concern
include AccountOwnedConcern
FOLLOW_PER_PAGE = 12
included do
layout 'public'
before_action :set_account
before_action :check_account_approval
before_action :check_account_suspension
before_action :check_account_hidden
before_action :set_instance_presenter
before_action :set_link_headers, if: -> { request.format.nil? || request.format == :html }
before_action :set_link_headers
end
private
def set_account
@account = Account.find_local!(username_param)
end
def set_instance_presenter
@instance_presenter = InstancePresenter.new
end
@ -29,10 +35,14 @@ module AccountControllerConcern
)
end
def username_param
params[:account_username]
end
def webfinger_account_link
[
webfinger_account_url,
[%w(rel lrdd), %w(type application/jrd+json)],
[%w(rel lrdd), %w(type application/xrd+xml)],
]
end
@ -46,4 +56,20 @@ module AccountControllerConcern
def webfinger_account_url
webfinger_url(resource: @account.to_webfinger_s)
end
def check_account_approval
not_found if @account.user_pending?
end
def check_account_suspension
if @account.suspended?
skip_session!
expires_in(3.minutes, public: true)
gone
end
end
def check_account_hidden
not_found if @account.hidden?
end
end

Some files were not shown because too many files have changed in this diff Show More