about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--.mailmap3
-rw-r--r--Dockerfile16
-rw-r--r--README.md35
-rw-r--r--app/controllers/api/v1/accounts/follower_accounts_controller.rb2
-rw-r--r--app/controllers/api/v1/accounts/following_accounts_controller.rb2
-rw-r--r--app/controllers/api/v1/accounts/relationships_controller.rb12
-rw-r--r--app/controllers/api/v1/accounts/search_controller.rb1
-rw-r--r--app/controllers/api/v1/accounts/statuses_controller.rb2
-rw-r--r--app/javascript/flavours/glitch/features/getting_started/components/trends.js2
-rw-r--r--app/javascript/flavours/glitch/features/ui/components/link_footer.js5
-rw-r--r--app/javascript/flavours/glitch/features/ui/containers/status_list_container.js2
-rw-r--r--app/javascript/flavours/glitch/locales/en.js4
-rw-r--r--app/javascript/flavours/glitch/styles/components/status.scss4
-rw-r--r--app/lib/sanitize_config.rb3
-rw-r--r--config/environments/production.rb10
-rw-r--r--config/initializers/content_security_policy.rb4
-rw-r--r--config/locales/simple_form.en.yml2
-rw-r--r--db/migrate/20180617162849_remove_unused_indexes.rb7
-rw-r--r--db/migrate/20180628181026_create_custom_filters.rb13
-rw-r--r--db/migrate/20200510181721_remove_duplicated_indexes_pghero.rb2
-rwxr-xr-xhooks/build3
-rw-r--r--lib/mastodon/version.rb10
22 files changed, 85 insertions, 59 deletions
diff --git a/.mailmap b/.mailmap
new file mode 100644
index 000000000..e066fd34a
--- /dev/null
+++ b/.mailmap
@@ -0,0 +1,3 @@
+Starfall <us@starfall.systems> Starfall <admin@plural.cafe>
+Starfall <us@starfall.systems> <root@starfall.blue>
+
diff --git a/Dockerfile b/Dockerfile
index fa6abad5a..78e4daf9e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -125,13 +125,21 @@ ENV NODE_ENV="production"
 ENV RAILS_SERVE_STATIC_FILES="true"
 ENV BIND="0.0.0.0"
 
-# Set the run user
 USER mastodon
 
+ARG SOURCE_COMMIT
+ENV SOURCE_TAG $SOURCE_COMMIT
+
 # Precompile assets
-RUN cd ~ && \
-	OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile && \
-	yarn cache clean
+RUN cd ~ && OTP_SECRET=_ SECRET_KEY_BASE=_ rails assets:precompile --trace && yarn cache clean
+
+# Empty temporary files
+USER root
+
+RUN rm -rf /opt/mastodon/tmp/*
+
+# Set the run user
+USER mastodon
 
 # Set the work dir and the container entry point
 WORKDIR /opt/mastodon
diff --git a/README.md b/README.md
index 470e379dc..502e0d8db 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,33 @@
-#  Mastodon Glitch Edition  #
+![Mastodon](https://i.imgur.com/NhZc40l.png)
+========
 
->   Now with automated deploys!
+[![Build Status](https://img.shields.io/docker/cloud/build/pluralcafe/mastodon)](https://hub.docker.com/repository/docker/pluralcafe/mastodon) [![Site Status](https://img.shields.io/website?label=plural.cafe&logo=mastodon&url=https%3A%2F%2Fplural.cafe)](https://plural.cafe)
 
-[![Build Status](https://img.shields.io/circleci/project/github/glitch-soc/mastodon.svg)][circleci]
+Mastodon is a **free, open-source social network server** based on **open web protocols** like ActivityPub and OStatus. The social focus of the project is a viable decentralized alternative to commercial social media silos that returns the control of the content distribution channels to the people. The technical focus of the project is a good user interface, a clean REST API for 3rd party apps and robust anti-abuse tools.
 
-[circleci]: https://circleci.com/gh/glitch-soc/mastodon
+**Ruby on Rails** is used for the back-end, while **React.js** and Redux are used for the dynamic front-end. A static front-end for public resources (profiles and statuses) is also provided.
 
-So here's the deal: we all work on this code, and then it runs on dev.glitch.social and anyone who uses that does so absolutely at their own risk. can you dig it?
+This repository specifically is for [Plural Café](https://plural.cafe) and has three branches:
 
-- You can view documentation for this project at [glitch-soc.github.io/docs/](https://glitch-soc.github.io/docs/).
-- And contributing guidelines are available [here](CONTRIBUTING.md) and [here](https://glitch-soc.github.io/docs/contributing/).
+* **main** (**edge** on Docker Hub) for all development and staging work,
+* **glitch** for all commits from upstream that will automatically be synched to this repository, and
+* **production** (**latest** on Docker Hub) for what goes onto the main website.
+
+In addition, there are several repositories in this GitHub organization:
+
+* **pluralcafe/mastodon** is this repository and is the codebase for what Plural Café runs,
+* [**pluralcafe/utils**](https://github.com/pluralcafe/utils) are an assortment of scripts and tutorials to help in Mastodon system administration or general helper files this instance uses,
+* [**pluralcafe/barkeep**](https://github.com/pluralcafe/barkeep) is forked from [mbilokonsky/ambassador](https://github.com/mbilokonsky/ambassador) and serves as the Ambassador bot that is run on the instance.
+
+This instance is a fork of a fork: this has the [Mastodon Glitch Edition](https://github.com/glitch-soc/mastodon) commits. Documentation for Mastodon Glitch Edition [can be found here](https://glitch-soc.github.io/docs/). Anyone wishing to use Glitch Edition in a Docker image for their own site can use the `pluralcafe/mastodon:glitch` image.
+
+---
+
+## Notable changes from upstream
+
+See output of `git log glitch..main --oneline | grep -v '[mM]erge' | less` for a (more) complete history.
+
+* &lt;ol&gt; margin issue fixed so numbered lists aren't cut off a few pixels shy of 1 number
+* HTML summary/details tags are allowed in toots
+* gemini protocol links are supported (not yet supported: automatically marking gemini:// text as links)
+* authentication required for account api endpoints to block some naive scrapers
diff --git a/app/controllers/api/v1/accounts/follower_accounts_controller.rb b/app/controllers/api/v1/accounts/follower_accounts_controller.rb
index 2277067c9..ff7478618 100644
--- a/app/controllers/api/v1/accounts/follower_accounts_controller.rb
+++ b/app/controllers/api/v1/accounts/follower_accounts_controller.rb
@@ -25,7 +25,7 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
   end
 
   def hide_results?
-    (@account.hides_followers? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
+    !user_signed_in? || (@account.hides_followers? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
   end
 
   def default_accounts
diff --git a/app/controllers/api/v1/accounts/following_accounts_controller.rb b/app/controllers/api/v1/accounts/following_accounts_controller.rb
index 93d4bd3a4..64e1bd2cd 100644
--- a/app/controllers/api/v1/accounts/following_accounts_controller.rb
+++ b/app/controllers/api/v1/accounts/following_accounts_controller.rb
@@ -25,7 +25,7 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
   end
 
   def hide_results?
-    (@account.hides_following? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
+    !user_signed_in? || (@account.hides_following? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
   end
 
   def default_accounts
diff --git a/app/controllers/api/v1/accounts/relationships_controller.rb b/app/controllers/api/v1/accounts/relationships_controller.rb
index 1d3992a28..865529e25 100644
--- a/app/controllers/api/v1/accounts/relationships_controller.rb
+++ b/app/controllers/api/v1/accounts/relationships_controller.rb
@@ -5,10 +5,14 @@ class Api::V1::Accounts::RelationshipsController < Api::BaseController
   before_action :require_user!
 
   def index
-    accounts = Account.where(id: account_ids).select('id')
-    # .where doesn't guarantee that our results are in the same order
-    # we requested them, so return the "right" order to the requestor.
-    @accounts = accounts.index_by(&:id).values_at(*account_ids).compact
+    if user_signed_in?
+      accounts = Account.where(id: account_ids).select('id')
+      # .where doesn't guarantee that our results are in the same order
+      # we requested them, so return the "right" order to the requestor.
+      @accounts = accounts.index_by(&:id).values_at(*account_ids).compact
+    else
+      @accounts = Account.none
+    end
     render json: @accounts, each_serializer: REST::RelationshipSerializer, relationships: relationships
   end
 
diff --git a/app/controllers/api/v1/accounts/search_controller.rb b/app/controllers/api/v1/accounts/search_controller.rb
index 3061fcb7e..aa8745931 100644
--- a/app/controllers/api/v1/accounts/search_controller.rb
+++ b/app/controllers/api/v1/accounts/search_controller.rb
@@ -12,6 +12,7 @@ class Api::V1::Accounts::SearchController < Api::BaseController
   private
 
   def account_search
+    return Account.none unless user_signed_in?
     AccountSearchService.new.call(
       params[:q],
       current_account,
diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb
index 114ee0a82..fe932f93c 100644
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@@ -26,6 +26,8 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
   end
 
   def account_statuses
+    return Status.none unless user_signed_in?
+
     statuses = truthy_param?(:pinned) ? pinned_scope : permitted_account_statuses
 
     statuses.merge!(only_media_scope) if truthy_param?(:only_media)
diff --git a/app/javascript/flavours/glitch/features/getting_started/components/trends.js b/app/javascript/flavours/glitch/features/getting_started/components/trends.js
index 0734ec72b..c60f78f7e 100644
--- a/app/javascript/flavours/glitch/features/getting_started/components/trends.js
+++ b/app/javascript/flavours/glitch/features/getting_started/components/trends.js
@@ -38,7 +38,7 @@ export default class Trends extends ImmutablePureComponent {
       <div className='getting-started__trends'>
         <h4><FormattedMessage id='trends.trending_now' defaultMessage='Trending now' /></h4>
 
-        {trends.take(3).map(hashtag => <Hashtag key={hashtag.get('name')} hashtag={hashtag} />)}
+        {trends.take(1).map(hashtag => <Hashtag key={hashtag.get('name')} hashtag={hashtag} />)}
       </div>
     );
   }
diff --git a/app/javascript/flavours/glitch/features/ui/components/link_footer.js b/app/javascript/flavours/glitch/features/ui/components/link_footer.js
index 4d7fc36c2..d26bbe9f8 100644
--- a/app/javascript/flavours/glitch/features/ui/components/link_footer.js
+++ b/app/javascript/flavours/glitch/features/ui/components/link_footer.js
@@ -58,9 +58,10 @@ class LinkFooter extends React.PureComponent {
         <p>
           <FormattedMessage
             id='getting_started.open_source_notice'
-            defaultMessage='Glitchsoc is open source software, a friendly fork of {Mastodon}. You can contribute or report issues on GitHub at {github}.'
+            defaultMessage='GlitchCafe is open source software, based on {Glitchsoc} which is a friendly fork of {Mastodon}. You can contribute or report issues on GitHub at {github}.'
             values={{
-              github: <span><a href='https://github.com/glitch-soc/mastodon' rel='noopener noreferrer' target='_blank'>glitch-soc/mastodon</a> (v{version})</span>,
+              github: <span><a href='https://github.com/pluralcafe/mastodon' rel='noopener noreferrer' target='_blank'>pluralcafe/mastodon</a> (v{version})</span>,
+              Glitchsoc: <a href='https://github.com/glitch-soc/mastodon' rel='noopener noreferrer' target='_blank'>glitch-soc/mastodon</a>,
               Mastodon: <a href='https://github.com/tootsuite/mastodon' rel='noopener noreferrer' target='_blank'>Mastodon</a> }}
           />
         </p>
diff --git a/app/javascript/flavours/glitch/features/ui/containers/status_list_container.js b/app/javascript/flavours/glitch/features/ui/containers/status_list_container.js
index bd2d2eb4e..abcbf13db 100644
--- a/app/javascript/flavours/glitch/features/ui/containers/status_list_container.js
+++ b/app/javascript/flavours/glitch/features/ui/containers/status_list_container.js
@@ -33,8 +33,6 @@ const makeGetStatusIds = (pending = false) => createSelector([
     const statusForId = statuses.get(id);
     let showStatus    = true;
 
-    if (statusForId.get('account') === me) return true;
-
     if (columnSettings.getIn(['shows', 'reblog']) === false) {
       showStatus = showStatus && statusForId.get('reblog') === null;
     }
diff --git a/app/javascript/flavours/glitch/locales/en.js b/app/javascript/flavours/glitch/locales/en.js
index 90e924d4a..528875e45 100644
--- a/app/javascript/flavours/glitch/locales/en.js
+++ b/app/javascript/flavours/glitch/locales/en.js
@@ -1,7 +1,7 @@
 import inherited from 'mastodon/locales/en.json';
 
 const messages = {
-  'getting_started.open_source_notice': 'Glitchsoc is free open source software forked from {Mastodon}. You can contribute or report issues on GitHub at {github}.',
+  'getting_started.open_source_notice': 'GlitchCafe is free open source software forked from {Glitchsoc} and {Mastodon}. You can contribute or report issues on GitHub at {github}.',
   'layout.auto': 'Auto',
   'layout.current_is': 'Your current layout is:',
   'layout.desktop': 'Desktop',
@@ -10,7 +10,7 @@ const messages = {
   'getting_started.onboarding': 'Show me around',
   'onboarding.page_one.federation': '{domain} is an \'instance\' of Mastodon. Mastodon is a network of independent servers joining up to make one larger social network. We call these servers instances.',
   'onboarding.page_one.welcome': 'Welcome to {domain}!',
-  'onboarding.page_six.github': '{domain} runs on Glitchsoc. Glitchsoc is a friendly {fork} of {Mastodon}, and is compatible with any Mastodon instance or app. Glitchsoc is entirely free and open-source. You can report bugs, request features, or contribute to the code on {github}.',
+  'onboarding.page_six.github': '{domain} runs on GlitchCafe, which is based on Glitchsoc. Glitchsoc is a friendly {fork} of {Mastodon}, and is compatible with any Mastodon instance or app. GlitchCafe includes Plural Cafe-specific additions to Glitchsoc. Glitchsoc is entirely free and open-source. You can report bugs, request features, or contribute to the code on {github}.',
   'settings.auto_collapse': 'Automatic collapsing',
   'settings.auto_collapse_all': 'Everything',
   'settings.auto_collapse_lengthy': 'Lengthy toots',
diff --git a/app/javascript/flavours/glitch/styles/components/status.scss b/app/javascript/flavours/glitch/styles/components/status.scss
index a65581136..76167ec60 100644
--- a/app/javascript/flavours/glitch/styles/components/status.scss
+++ b/app/javascript/flavours/glitch/styles/components/status.scss
@@ -132,19 +132,19 @@
     }
 
     ul, ol {
-      margin-left: 1em;
-
       p {
         margin: 0;
       }
     }
 
     ul {
+      margin-left: 1em;
       list-style-type: disc;
     }
 
     ol {
       list-style-type: decimal;
+      list-style-position: inside;
     }
   }
 
diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb
index ccc3f4642..80e8f6cc7 100644
--- a/app/lib/sanitize_config.rb
+++ b/app/lib/sanitize_config.rb
@@ -15,6 +15,7 @@ class Sanitize
       ipfs
       ipns
       ssb
+      gemini
       gopher
       xmpp
       magnet
@@ -83,7 +84,7 @@ class Sanitize
     end
 
     MASTODON_STRICT ||= freeze_config(
-      elements: %w(p br span a abbr del pre blockquote code b strong u sub sup i em h1 h2 h3 h4 h5 ul ol li),
+      elements: %w(p br span a abbr del pre blockquote code b strong u sub sup i em h1 h2 h3 h4 h5 ul ol li details summary),
 
       attributes: {
         'a'          => %w(href rel class title),
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 00571a35a..d617a297a 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -105,11 +105,11 @@ Rails.application.configure do
 
   config.action_dispatch.default_headers = {
     'Server'                  => 'Mastodon',
-    'X-Frame-Options'         => 'DENY',
-    'X-Content-Type-Options'  => 'nosniff',
-    'X-XSS-Protection'        => '1; mode=block',
-    'Referrer-Policy'         => 'same-origin',
-    'Strict-Transport-Security' => 'max-age=63072000; includeSubDomains; preload',
+    #'X-Frame-Options'         => 'DENY',
+    #'X-Content-Type-Options'  => 'nosniff',
+    #'X-XSS-Protection'        => '1; mode=block',
+    #'Referrer-Policy'         => 'same-origin',
+    #'Strict-Transport-Security' => 'max-age=63072000; includeSubDomains; preload',
     'X-Clacks-Overhead' => 'GNU Natalie Nguyen'
 
   }
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 68d3751fc..a0d48eafd 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -33,9 +33,9 @@ if Rails.env.production?
     p.frame_ancestors :none
     p.script_src      :self, assets_host
     p.font_src        :self, assets_host
-    p.img_src         :self, :data, :blob, *data_hosts
+    p.img_src         :self, :data, :blob, *data_hosts, "pool.jortage.com", "blob.jortage.com", "s3-us-east-2.amazonaws.com"
     p.style_src       :self, assets_host
-    p.media_src       :self, :data, *data_hosts
+    p.media_src       :self, :data, *data_hosts, "pool.jortage.com", "blob.jortage.com", "s3-us-east-2.amazonaws.com"
     p.frame_src       :self, :https
     p.child_src       :self, :blob, assets_host
     p.worker_src      :self, :blob, assets_host
diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml
index 0a8a6fd62..78735e9c3 100644
--- a/config/locales/simple_form.en.yml
+++ b/config/locales/simple_form.en.yml
@@ -64,7 +64,7 @@ en:
       imports:
         data: CSV file exported from another Mastodon server
       invite_request:
-        text: This will help us review your application
+        text: 'If you are interested in signing up, please put whether you are a plural system or singlet in the "Why do you want to join" box. This is purely to ward off spam bots. If this is not answered, your request to join the instance will be rejected.'
       sessions:
         otp: 'Enter the two-factor code generated by your phone app or use one of your recovery codes:'
       tag:
diff --git a/db/migrate/20180617162849_remove_unused_indexes.rb b/db/migrate/20180617162849_remove_unused_indexes.rb
deleted file mode 100644
index 61add6385..000000000
--- a/db/migrate/20180617162849_remove_unused_indexes.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-class RemoveUnusedIndexes < ActiveRecord::Migration[5.2]
-  def change
-    remove_index :statuses, name: "index_statuses_on_conversation_id"
-    remove_index :users, name: "index_users_on_filtered_languages"
-    remove_index :backups, name: "index_backups_on_user_id"
-  end
-end
diff --git a/db/migrate/20180628181026_create_custom_filters.rb b/db/migrate/20180628181026_create_custom_filters.rb
deleted file mode 100644
index d19cf2e9d..000000000
--- a/db/migrate/20180628181026_create_custom_filters.rb
+++ /dev/null
@@ -1,13 +0,0 @@
-class CreateCustomFilters < ActiveRecord::Migration[5.2]
-  def change
-    create_table :custom_filters do |t|
-      t.belongs_to :account, foreign_key: { on_delete: :cascade }
-      t.datetime :expires_at
-      t.text :phrase, null: false, default: ''
-      t.string :context, array: true, null: false, default: []
-      t.boolean :irreversible, null: false, default: false
-
-      t.timestamps
-    end
-  end
-end
diff --git a/db/migrate/20200510181721_remove_duplicated_indexes_pghero.rb b/db/migrate/20200510181721_remove_duplicated_indexes_pghero.rb
index e2eaf46f1..e7f3462ae 100644
--- a/db/migrate/20200510181721_remove_duplicated_indexes_pghero.rb
+++ b/db/migrate/20200510181721_remove_duplicated_indexes_pghero.rb
@@ -5,7 +5,7 @@ class RemoveDuplicatedIndexesPghero < ActiveRecord::Migration[5.2]
     remove_index :account_pins, name: "index_account_pins_on_account_id", column: :account_id
     remove_index :announcement_mutes, name: "index_announcement_mutes_on_account_id", column: :account_id
     remove_index :announcement_reactions, name: "index_announcement_reactions_on_account_id", column: :account_id
-    remove_index :bookmarks, name: "index_bookmarks_on_account_id", column: :account_id
+    # remove_index :bookmarks, name: "index_bookmarks_on_account_id", column: :account_id
     remove_index :markers, name: "index_markers_on_user_id", column: :user_id
   end
 end
diff --git a/hooks/build b/hooks/build
new file mode 100755
index 000000000..4f7259bec
--- /dev/null
+++ b/hooks/build
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+echo "Building from ${SOURCE_COMMIT}"
+docker build --build-arg SOURCE_COMMIT=`head -c 7 <<< $SOURCE_COMMIT` -t $IMAGE_NAME .
diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb
index fa85f8e37..9702018dc 100644
--- a/lib/mastodon/version.rb
+++ b/lib/mastodon/version.rb
@@ -13,7 +13,7 @@ module Mastodon
     end
 
     def patch
-      4
+      5
     end
 
     def flags
@@ -21,7 +21,11 @@ module Mastodon
     end
 
     def suffix
-      '+glitch'
+      if source_tag
+        "+cafe.#{source_tag}"
+      else
+        "+cafe"
+      end
     end
 
     def to_a
@@ -33,7 +37,7 @@ module Mastodon
     end
 
     def repository
-      ENV.fetch('GITHUB_REPOSITORY') { 'glitch-soc/mastodon' }
+      ENV.fetch('GITHUB_REPOSITORY') { 'pluralcafe/mastodon' }
     end
 
     def source_base_url