diff options
| -rw-r--r-- | Dockerfile | 13 | ||||
| -rw-r--r-- | README.md | 67 | ||||
| -rw-r--r-- | app/controllers/api/v1/accounts/follower_accounts_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/api/v1/accounts/following_accounts_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/api/v1/accounts/relationships_controller.rb | 12 | ||||
| -rw-r--r-- | app/controllers/api/v1/accounts/search_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/api/v1/accounts/statuses_controller.rb | 2 | ||||
| -rw-r--r-- | app/javascript/flavours/glitch/features/getting_started/components/trends.js | 2 | ||||
| -rw-r--r-- | app/javascript/flavours/glitch/features/ui/components/link_footer.js | 5 | ||||
| -rw-r--r-- | app/javascript/flavours/glitch/locales/en.js | 4 | ||||
| -rw-r--r-- | app/lib/sanitize_config.rb | 3 | ||||
| -rw-r--r-- | config/environments/production.rb | 10 | ||||
| -rw-r--r-- | config/initializers/content_security_policy.rb | 4 | ||||
| -rw-r--r-- | config/locales/simple_form.en.yml | 2 | ||||
| -rw-r--r-- | db/migrate/20180617162849_remove_unused_indexes.rb | 7 | ||||
| -rw-r--r-- | db/migrate/20180628181026_create_custom_filters.rb | 13 |
16 files changed, 98 insertions, 51 deletions
diff --git a/Dockerfile b/Dockerfile index 0537d8fac..3d111baff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -125,13 +125,18 @@ ENV NODE_ENV="production" ENV RAILS_SERVE_STATIC_FILES="true" ENV BIND="0.0.0.0" -# Set the run user USER mastodon # Precompile assets -RUN cd ~ && \ - OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile && \ - yarn cache clean +RUN cd ~ && OTP_SECRET=_ SECRET_KEY_BASE=_ rails assets:precompile --trace && yarn cache clean + +# Empty temporary files +USER root + +RUN rm -rf /opt/mastodon/tmp/* + +# Set the run user +USER mastodon # Set the work dir and the container entry point WORKDIR /opt/mastodon diff --git a/README.md b/README.md index 470e379dc..4e10cbcd7 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,65 @@ -# Mastodon Glitch Edition # - -> Now with automated deploys! + +======== [][circleci] - [circleci]: https://circleci.com/gh/glitch-soc/mastodon -So here's the deal: we all work on this code, and then it runs on dev.glitch.social and anyone who uses that does so absolutely at their own risk. can you dig it? +Mastodon is a **free, open-source social network server** based on **open web protocols** like ActivityPub and OStatus. The social focus of the project is a viable decentralized alternative to commercial social media silos that returns the control of the content distribution channels to the people. The technical focus of the project is a good user interface, a clean REST API for 3rd party apps and robust anti-abuse tools. + +**Ruby on Rails** is used for the back-end, while **React.js** and Redux are used for the dynamic front-end. A static front-end for public resources (profiles and statuses) is also provided. + +This repository specifically is for [Plural Café](https://plural.cafe) and has three branches: + +* **master** (**edge** on Docker Hub) for all development and staging work, +* **glitch** for all commits from upstream that will automatically be synched to this repository, and +* **production** (**latest** on Docker Hub) for what goes onto the main website. + +In addition, there are several repositories in this GitHub organization: + +* **pluralcafe/mastodon** is this repository and is the codebase for what Plural Café runs, +* [**pluralcafe/utils**](https://github.com/pluralcafe/utils) are an assortment of scripts and tutorials to help in Mastodon system administration or general helper files this instance uses, +* [**pluralcafe/barkeep**](https://github.com/pluralcafe/barkeep) is forked from [mbilokonsky/ambassador](https://github.com/mbilokonsky/ambassador) and serves as the Ambassador bot that is run on the instance. + +This instance is a fork of a fork: this has the [Mastodon Glitch Edition](https://github.com/glitch-soc/mastodon) commits. Documentation for Mastodon Glitch Edition [can be found here](https://glitch-soc.github.io/docs/). Anyone wishing to use Glitch Edition in a Docker image for their own site can use the `pluralcafe/mastodon:glitch` image. + +--- + +## Resources + +- [Frequently Asked Questions](https://github.com/tootsuite/documentation/blob/master/Using-Mastodon/FAQ.md) +- [Use this tool to find Twitter friends on Mastodon](https://bridge.joinmastodon.org) +- [API overview](https://github.com/tootsuite/documentation/blob/master/Using-the-API/API.md) +- [List of Mastodon instances](https://github.com/tootsuite/documentation/blob/master/Using-Mastodon/List-of-Mastodon-instances.md) +- [List of apps](https://github.com/tootsuite/documentation/blob/master/Using-Mastodon/Apps.md) +- [List of sponsors](https://joinmastodon.org/sponsors) + +## Features + +**No vendor lock-in: Fully interoperable with any conforming platform** + +It doesn't have to be Mastodon, whatever implements ActivityPub or OStatus is part of the social network! + +**Real-time timeline updates** + +See the updates of people you're following appear in real-time in the UI via WebSockets. There's a firehose view as well! + +**Federated thread resolving** + +If someone you follow replies to a user unknown to the server, the server fetches the full thread so you can view it without leaving the UI + +**Media attachments like images and short videos** + +Upload and view images and WebM/MP4 videos attached to the updates. Videos with no audio track are treated like GIFs; normal videos are looped - like vines! + +**OAuth2 and a straightforward REST API** + +Mastodon acts as an OAuth2 provider so 3rd party apps can use the API + +**Fast response times** + +Mastodon tries to be as fast and responsive as possible, so all long-running tasks are delegated to background processing + +**Deployable via Docker** + +You don't need to mess with dependencies and configuration if you want to try Mastodon, if you have Docker and Docker Compose the deployment is extremely easy -- You can view documentation for this project at [glitch-soc.github.io/docs/](https://glitch-soc.github.io/docs/). -- And contributing guidelines are available [here](CONTRIBUTING.md) and [here](https://glitch-soc.github.io/docs/contributing/). diff --git a/app/controllers/api/v1/accounts/follower_accounts_controller.rb b/app/controllers/api/v1/accounts/follower_accounts_controller.rb index 2277067c9..ff7478618 100644 --- a/app/controllers/api/v1/accounts/follower_accounts_controller.rb +++ b/app/controllers/api/v1/accounts/follower_accounts_controller.rb @@ -25,7 +25,7 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController end def hide_results? - (@account.hides_followers? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account)) + !user_signed_in? || (@account.hides_followers? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account)) end def default_accounts diff --git a/app/controllers/api/v1/accounts/following_accounts_controller.rb b/app/controllers/api/v1/accounts/following_accounts_controller.rb index 93d4bd3a4..64e1bd2cd 100644 --- a/app/controllers/api/v1/accounts/following_accounts_controller.rb +++ b/app/controllers/api/v1/accounts/following_accounts_controller.rb @@ -25,7 +25,7 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController end def hide_results? - (@account.hides_following? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account)) + !user_signed_in? || (@account.hides_following? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account)) end def default_accounts diff --git a/app/controllers/api/v1/accounts/relationships_controller.rb b/app/controllers/api/v1/accounts/relationships_controller.rb index 1d3992a28..865529e25 100644 --- a/app/controllers/api/v1/accounts/relationships_controller.rb +++ b/app/controllers/api/v1/accounts/relationships_controller.rb @@ -5,10 +5,14 @@ class Api::V1::Accounts::RelationshipsController < Api::BaseController before_action :require_user! def index - accounts = Account.where(id: account_ids).select('id') - # .where doesn't guarantee that our results are in the same order - # we requested them, so return the "right" order to the requestor. - @accounts = accounts.index_by(&:id).values_at(*account_ids).compact + if user_signed_in? + accounts = Account.where(id: account_ids).select('id') + # .where doesn't guarantee that our results are in the same order + # we requested them, so return the "right" order to the requestor. + @accounts = accounts.index_by(&:id).values_at(*account_ids).compact + else + @accounts = Account.none + end render json: @accounts, each_serializer: REST::RelationshipSerializer, relationships: relationships end diff --git a/app/controllers/api/v1/accounts/search_controller.rb b/app/controllers/api/v1/accounts/search_controller.rb index 3061fcb7e..aa8745931 100644 --- a/app/controllers/api/v1/accounts/search_controller.rb +++ b/app/controllers/api/v1/accounts/search_controller.rb @@ -12,6 +12,7 @@ class Api::V1::Accounts::SearchController < Api::BaseController private def account_search + return Account.none unless user_signed_in? AccountSearchService.new.call( params[:q], current_account, diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb index 114ee0a82..fe932f93c 100644 --- a/app/controllers/api/v1/accounts/statuses_controller.rb +++ b/app/controllers/api/v1/accounts/statuses_controller.rb @@ -26,6 +26,8 @@ class Api::V1::Accounts::StatusesController < Api::BaseController end def account_statuses + return Status.none unless user_signed_in? + statuses = truthy_param?(:pinned) ? pinned_scope : permitted_account_statuses statuses.merge!(only_media_scope) if truthy_param?(:only_media) diff --git a/app/javascript/flavours/glitch/features/getting_started/components/trends.js b/app/javascript/flavours/glitch/features/getting_started/components/trends.js index 0734ec72b..c60f78f7e 100644 --- a/app/javascript/flavours/glitch/features/getting_started/components/trends.js +++ b/app/javascript/flavours/glitch/features/getting_started/components/trends.js @@ -38,7 +38,7 @@ export default class Trends extends ImmutablePureComponent { <div className='getting-started__trends'> <h4><FormattedMessage id='trends.trending_now' defaultMessage='Trending now' /></h4> - {trends.take(3).map(hashtag => <Hashtag key={hashtag.get('name')} hashtag={hashtag} />)} + {trends.take(1).map(hashtag => <Hashtag key={hashtag.get('name')} hashtag={hashtag} />)} </div> ); } diff --git a/app/javascript/flavours/glitch/features/ui/components/link_footer.js b/app/javascript/flavours/glitch/features/ui/components/link_footer.js index 4d7fc36c2..d26bbe9f8 100644 --- a/app/javascript/flavours/glitch/features/ui/components/link_footer.js +++ b/app/javascript/flavours/glitch/features/ui/components/link_footer.js @@ -58,9 +58,10 @@ class LinkFooter extends React.PureComponent { <p> <FormattedMessage id='getting_started.open_source_notice' - defaultMessage='Glitchsoc is open source software, a friendly fork of {Mastodon}. You can contribute or report issues on GitHub at {github}.' + defaultMessage='GlitchCafe is open source software, based on {Glitchsoc} which is a friendly fork of {Mastodon}. You can contribute or report issues on GitHub at {github}.' values={{ - github: <span><a href='https://github.com/glitch-soc/mastodon' rel='noopener noreferrer' target='_blank'>glitch-soc/mastodon</a> (v{version})</span>, + github: <span><a href='https://github.com/pluralcafe/mastodon' rel='noopener noreferrer' target='_blank'>pluralcafe/mastodon</a> (v{version})</span>, + Glitchsoc: <a href='https://github.com/glitch-soc/mastodon' rel='noopener noreferrer' target='_blank'>glitch-soc/mastodon</a>, Mastodon: <a href='https://github.com/tootsuite/mastodon' rel='noopener noreferrer' target='_blank'>Mastodon</a> }} /> </p> diff --git a/app/javascript/flavours/glitch/locales/en.js b/app/javascript/flavours/glitch/locales/en.js index 90e924d4a..528875e45 100644 --- a/app/javascript/flavours/glitch/locales/en.js +++ b/app/javascript/flavours/glitch/locales/en.js @@ -1,7 +1,7 @@ import inherited from 'mastodon/locales/en.json'; const messages = { - 'getting_started.open_source_notice': 'Glitchsoc is free open source software forked from {Mastodon}. You can contribute or report issues on GitHub at {github}.', + 'getting_started.open_source_notice': 'GlitchCafe is free open source software forked from {Glitchsoc} and {Mastodon}. You can contribute or report issues on GitHub at {github}.', 'layout.auto': 'Auto', 'layout.current_is': 'Your current layout is:', 'layout.desktop': 'Desktop', @@ -10,7 +10,7 @@ const messages = { 'getting_started.onboarding': 'Show me around', 'onboarding.page_one.federation': '{domain} is an \'instance\' of Mastodon. Mastodon is a network of independent servers joining up to make one larger social network. We call these servers instances.', 'onboarding.page_one.welcome': 'Welcome to {domain}!', - 'onboarding.page_six.github': '{domain} runs on Glitchsoc. Glitchsoc is a friendly {fork} of {Mastodon}, and is compatible with any Mastodon instance or app. Glitchsoc is entirely free and open-source. You can report bugs, request features, or contribute to the code on {github}.', + 'onboarding.page_six.github': '{domain} runs on GlitchCafe, which is based on Glitchsoc. Glitchsoc is a friendly {fork} of {Mastodon}, and is compatible with any Mastodon instance or app. GlitchCafe includes Plural Cafe-specific additions to Glitchsoc. Glitchsoc is entirely free and open-source. You can report bugs, request features, or contribute to the code on {github}.', 'settings.auto_collapse': 'Automatic collapsing', 'settings.auto_collapse_all': 'Everything', 'settings.auto_collapse_lengthy': 'Lengthy toots', diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb index 34793ed93..e63f290a3 100644 --- a/app/lib/sanitize_config.rb +++ b/app/lib/sanitize_config.rb @@ -15,6 +15,7 @@ class Sanitize ipfs ipns ssb + gemini gopher xmpp magnet @@ -83,7 +84,7 @@ class Sanitize end MASTODON_STRICT ||= freeze_config( - elements: %w(p br span a abbr del pre blockquote code b strong u sub sup i em h1 h2 h3 h4 h5 ul ol li), + elements: %w(p br span a abbr del pre blockquote code b strong u sub sup i em h1 h2 h3 h4 h5 ul ol li details summary), attributes: { 'a' => %w(href rel class title), diff --git a/config/environments/production.rb b/config/environments/production.rb index 00571a35a..d617a297a 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -105,11 +105,11 @@ Rails.application.configure do config.action_dispatch.default_headers = { 'Server' => 'Mastodon', - 'X-Frame-Options' => 'DENY', - 'X-Content-Type-Options' => 'nosniff', - 'X-XSS-Protection' => '1; mode=block', - 'Referrer-Policy' => 'same-origin', - 'Strict-Transport-Security' => 'max-age=63072000; includeSubDomains; preload', + #'X-Frame-Options' => 'DENY', + #'X-Content-Type-Options' => 'nosniff', + #'X-XSS-Protection' => '1; mode=block', + #'Referrer-Policy' => 'same-origin', + #'Strict-Transport-Security' => 'max-age=63072000; includeSubDomains; preload', 'X-Clacks-Overhead' => 'GNU Natalie Nguyen' } diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index a76db6fe5..dbe5894ae 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -33,9 +33,9 @@ if Rails.env.production? p.frame_ancestors :none p.script_src :self, assets_host p.font_src :self, assets_host - p.img_src :self, :data, :blob, *data_hosts + p.img_src :self, :data, :blob, *data_hosts, "pool.jortage.com", "blob.jortage.com", "s3-us-east-2.amazonaws.com" p.style_src :self, assets_host - p.media_src :self, :data, *data_hosts + p.media_src :self, :data, *data_hosts, "pool.jortage.com", "blob.jortage.com", "s3-us-east-2.amazonaws.com" p.frame_src :self, :https p.child_src :self, :blob, assets_host p.worker_src :self, :blob, assets_host diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml index 141ef574b..49a6007e9 100644 --- a/config/locales/simple_form.en.yml +++ b/config/locales/simple_form.en.yml @@ -69,7 +69,7 @@ en: imports: data: CSV file exported from another Mastodon server invite_request: - text: This will help us review your application + text: 'If you are interested in signing up, please put whether you are a plural system or singlet in the "Why do you want to join" box. This is purely to ward off spam bots. If this is not answered, your request to join the instance will be rejected.' sessions: otp: 'Enter the two-factor code generated by your phone app or use one of your recovery codes:' tag: diff --git a/db/migrate/20180617162849_remove_unused_indexes.rb b/db/migrate/20180617162849_remove_unused_indexes.rb deleted file mode 100644 index 61add6385..000000000 --- a/db/migrate/20180617162849_remove_unused_indexes.rb +++ /dev/null @@ -1,7 +0,0 @@ -class RemoveUnusedIndexes < ActiveRecord::Migration[5.2] - def change - remove_index :statuses, name: "index_statuses_on_conversation_id" - remove_index :users, name: "index_users_on_filtered_languages" - remove_index :backups, name: "index_backups_on_user_id" - end -end diff --git a/db/migrate/20180628181026_create_custom_filters.rb b/db/migrate/20180628181026_create_custom_filters.rb deleted file mode 100644 index d19cf2e9d..000000000 --- a/db/migrate/20180628181026_create_custom_filters.rb +++ /dev/null @@ -1,13 +0,0 @@ -class CreateCustomFilters < ActiveRecord::Migration[5.2] - def change - create_table :custom_filters do |t| - t.belongs_to :account, foreign_key: { on_delete: :cascade } - t.datetime :expires_at - t.text :phrase, null: false, default: '' - t.string :context, array: true, null: false, default: [] - t.boolean :irreversible, null: false, default: false - - t.timestamps - end - end -end |