Merge remote-tracking branch 'glitch/main'

author: Starfall <us@starfall.systems> 2022-11-28 16:41:29 -0600
committer: Starfall <us@starfall.systems> 2022-11-28 16:41:29 -0600
commit: cb9dad90b01c9f53d1910cf128eb22200bdb9884 (patch)
tree: 1935d74f49853ed371e36cfac2d44ac33d2e8a2e /app/controllers
parent: c3c3b6953f37462f26f011b6c6cbd1655d5dcbea (diff)
parent: 1a7aa37b60769a10077c585fa76ec848b6866d9a (diff)
14 files changed, 35 insertions, 21 deletions
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index f36a0c859..4d03a04b7 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -17,6 +17,8 @@ class AccountsController < ApplicationController
     respond_to do |format|
       format.html do
         expires_in 0, public: true unless user_signed_in?
+
+        @rss_url = rss_url
       end
 
       format.rss do
diff --git a/app/controllers/admin/domain_blocks_controller.rb b/app/controllers/admin/domain_blocks_controller.rb
index 32f1f9a5d..e79f7a43e 100644
--- a/app/controllers/admin/domain_blocks_controller.rb
+++ b/app/controllers/admin/domain_blocks_controller.rb
@@ -9,9 +9,9 @@ module Admin
       @form = Form::DomainBlockBatch.new(form_domain_block_batch_params.merge(current_account: current_account, action: action_from_button))
       @form.save
     rescue ActionController::ParameterMissing
-      flash[:alert] = I18n.t('admin.email_domain_blocks.no_domain_block_selected')
+      flash[:alert] = I18n.t('admin.domain_blocks.no_domain_block_selected')
     rescue Mastodon::NotPermittedError
-      flash[:alert] = I18n.t('admin.domain_blocks.created_msg')
+      flash[:alert] = I18n.t('admin.domain_blocks.not_permitted')
     else
       redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
     end
diff --git a/app/controllers/admin/email_domain_blocks_controller.rb b/app/controllers/admin/email_domain_blocks_controller.rb
index 593457b94..a0a43de19 100644
--- a/app/controllers/admin/email_domain_blocks_controller.rb
+++ b/app/controllers/admin/email_domain_blocks_controller.rb
@@ -19,7 +19,7 @@ module Admin
     rescue ActionController::ParameterMissing
       flash[:alert] = I18n.t('admin.email_domain_blocks.no_email_domain_block_selected')
     rescue Mastodon::NotPermittedError
-      flash[:alert] = I18n.t('admin.custom_emojis.not_permitted')
+      flash[:alert] = I18n.t('admin.email_domain_blocks.not_permitted')
     ensure
       redirect_to admin_email_domain_blocks_path
     end
diff --git a/app/controllers/admin/export_domain_allows_controller.rb b/app/controllers/admin/export_domain_allows_controller.rb
index eb2955ac3..57fb12c62 100644
--- a/app/controllers/admin/export_domain_allows_controller.rb
+++ b/app/controllers/admin/export_domain_allows_controller.rb
@@ -8,8 +8,6 @@ module Admin
 
     before_action :set_dummy_import!, only: [:new]
 
-    ROWS_PROCESSING_LIMIT = 20_000
-
     def new
       authorize :domain_allow, :create?
     end
@@ -23,9 +21,11 @@ module Admin
       authorize :domain_allow, :create?
       begin
         @import = Admin::Import.new(import_params)
+        return render :new unless @import.validate
+
         parse_import_data!(export_headers)
 
-        @data.take(ROWS_PROCESSING_LIMIT).each do |row|
+        @data.take(Admin::Import::ROWS_PROCESSING_LIMIT).each do |row|
           domain = row['#domain'].strip
           next if DomainAllow.allowed?(domain)
 
diff --git a/app/controllers/admin/export_domain_blocks_controller.rb b/app/controllers/admin/export_domain_blocks_controller.rb
index 545bd94ed..fb0cd05d2 100644
--- a/app/controllers/admin/export_domain_blocks_controller.rb
+++ b/app/controllers/admin/export_domain_blocks_controller.rb
@@ -8,8 +8,6 @@ module Admin
 
     before_action :set_dummy_import!, only: [:new]
 
-    ROWS_PROCESSING_LIMIT = 20_000
-
     def new
       authorize :domain_block, :create?
     end
@@ -23,12 +21,14 @@ module Admin
       authorize :domain_block, :create?
 
       @import = Admin::Import.new(import_params)
+      return render :new unless @import.validate
+
       parse_import_data!(export_headers)
 
       @global_private_comment = I18n.t('admin.export_domain_blocks.import.private_comment_template', source: @import.data_file_name, date: I18n.l(Time.now.utc))
 
       @form = Form::DomainBlockBatch.new
-      @domain_blocks = @data.take(ROWS_PROCESSING_LIMIT).filter_map do |row|
+      @domain_blocks = @data.take(Admin::Import::ROWS_PROCESSING_LIMIT).filter_map do |row|
         domain = row['#domain'].strip
         next if DomainBlock.rule_for(domain).present?
 
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index 665425f29..defef0656 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -129,7 +129,7 @@ class Api::BaseController < ApplicationController
   end
 
   def set_cache_headers
-    response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
+    response.headers['Cache-Control'] = 'private, no-store'
   end
 
   def disallow_unauthenticated_api_access?
diff --git a/app/controllers/api/v1/followed_tags_controller.rb b/app/controllers/api/v1/followed_tags_controller.rb
index f0dfd044c..eae2bdc01 100644
--- a/app/controllers/api/v1/followed_tags_controller.rb
+++ b/app/controllers/api/v1/followed_tags_controller.rb
@@ -3,11 +3,11 @@
 class Api::V1::FollowedTagsController < Api::BaseController
   TAGS_LIMIT = 100
 
-  before_action -> { doorkeeper_authorize! :follow, :read, :'read:follows' }, except: :show
+  before_action -> { doorkeeper_authorize! :follow, :read, :'read:follows' }
   before_action :require_user!
   before_action :set_results
 
-  after_action :insert_pagination_headers, only: :show
+  after_action :insert_pagination_headers
 
   def index
     render json: @results.map(&:tag), each_serializer: REST::TagSerializer, relationships: TagRelationshipsPresenter.new(@results.map(&:tag), current_user&.account_id)
@@ -43,7 +43,7 @@ class Api::V1::FollowedTagsController < Api::BaseController
   end
 
   def records_continue?
-    @results.size == limit_param(TAG_LIMIT)
+    @results.size == limit_param(TAGS_LIMIT)
   end
 
   def pagination_params(core_params)
diff --git a/app/controllers/api/v1/tags_controller.rb b/app/controllers/api/v1/tags_controller.rb
index 32f71bdce..272362c31 100644
--- a/app/controllers/api/v1/tags_controller.rb
+++ b/app/controllers/api/v1/tags_controller.rb
@@ -12,7 +12,7 @@ class Api::V1::TagsController < Api::BaseController
   end
 
   def follow
-    TagFollow.create!(tag: @tag, account: current_account, rate_limit: true)
+    TagFollow.create_with(rate_limit: true).find_or_create_by!(tag: @tag, account: current_account)
     render json: @tag, serializer: REST::TagSerializer
   end
 
diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb
index edef0d5bb..d363efeee 100644
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@@ -159,6 +159,6 @@ class Auth::RegistrationsController < Devise::RegistrationsController
   end
 
   def set_cache_headers
-    response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
+    response.headers['Cache-Control'] = 'private, no-store'
   end
 end
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
index 13dfebcdd..16c18baa2 100644
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -15,6 +15,10 @@ class Auth::SessionsController < Devise::SessionsController
   before_action :set_instance_presenter, only: [:new]
   before_action :set_body_classes
 
+  content_security_policy only: :new do |p|
+    p.form_action(false)
+  end
+
   def check_suspicious!
     user = find_user
     @login_is_suspicious = suspicious_sign_in?(user) unless user.nil?
diff --git a/app/controllers/concerns/admin_export_controller_concern.rb b/app/controllers/concerns/admin_export_controller_concern.rb
index 013915d02..b40c76557 100644
--- a/app/controllers/concerns/admin_export_controller_concern.rb
+++ b/app/controllers/concerns/admin_export_controller_concern.rb
@@ -27,13 +27,13 @@ module AdminExportControllerConcern
     params.require(:admin_import).permit(:data)
   end
 
-  def import_data
-    Paperclip.io_adapters.for(@import.data).read
+  def import_data_path
+    params[:admin_import][:data].path
   end
 
   def parse_import_data!(default_headers)
-    data = CSV.parse(import_data, headers: true)
-    data = CSV.parse(import_data, headers: default_headers) unless data.headers&.first&.strip&.include?(default_headers[0])
+    data = CSV.read(import_data_path, headers: true, encoding: 'UTF-8')
+    data = CSV.read(import_data_path, headers: default_headers, encoding: 'UTF-8') unless data.headers&.first&.strip&.include?(default_headers[0])
     @data = data.reject(&:blank?)
   end
 end
diff --git a/app/controllers/oauth/authorizations_controller.rb b/app/controllers/oauth/authorizations_controller.rb
index 137346ed0..d6e7d0800 100644
--- a/app/controllers/oauth/authorizations_controller.rb
+++ b/app/controllers/oauth/authorizations_controller.rb
@@ -8,6 +8,10 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
   before_action :set_pack
   before_action :set_cache_headers
 
+  content_security_policy do |p|
+    p.form_action(false)
+  end
+
   include Localized
 
   private
@@ -35,6 +39,6 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
   end
 
   def set_cache_headers
-    response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
+    response.headers['Cache-Control'] = 'private, no-store'
   end
 end
diff --git a/app/controllers/settings/base_controller.rb b/app/controllers/settings/base_controller.rb
index dee3922d8..bf17b918c 100644
--- a/app/controllers/settings/base_controller.rb
+++ b/app/controllers/settings/base_controller.rb
@@ -19,7 +19,7 @@ class Settings::BaseController < ApplicationController
   end
 
   def set_cache_headers
-    response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
+    response.headers['Cache-Control'] = 'private, no-store'
   end
 
   def require_not_suspended!
diff --git a/app/controllers/statuses_cleanup_controller.rb b/app/controllers/statuses_cleanup_controller.rb
index 3d4f4af02..0e7bb835f 100644
--- a/app/controllers/statuses_cleanup_controller.rb
+++ b/app/controllers/statuses_cleanup_controller.rb
@@ -20,6 +20,10 @@ class StatusesCleanupController < ApplicationController
     # Do nothing
   end
 
+  def require_functional!
+    redirect_to edit_user_registration_path unless current_user.functional_or_moved?
+  end
+
   private
 
   def set_pack
author	Starfall <us@starfall.systems>	2022-11-28 16:41:29 -0600
committer	Starfall <us@starfall.systems>	2022-11-28 16:41:29 -0600
commit	cb9dad90b01c9f53d1910cf128eb22200bdb9884 (patch)
tree	1935d74f49853ed371e36cfac2d44ac33d2e8a2e /app/controllers
parent	c3c3b6953f37462f26f011b6c6cbd1655d5dcbea (diff)
parent	1a7aa37b60769a10077c585fa76ec848b6866d9a (diff)