about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/about_controller.rb12
-rw-r--r--app/controllers/admin/settings_controller.rb25
-rw-r--r--app/controllers/api/oembed_controller.rb2
-rw-r--r--app/controllers/api/v1/accounts_controller.rb24
-rw-r--r--app/controllers/api/v1/apps_controller.rb2
-rw-r--r--app/controllers/api/v1/blocks_controller.rb4
-rw-r--r--app/controllers/api/v1/favourites_controller.rb4
-rw-r--r--app/controllers/api/v1/notifications_controller.rb15
-rw-r--r--app/controllers/api/v1/statuses_controller.rb26
-rw-r--r--app/controllers/api/v1/timelines_controller.rb16
-rw-r--r--app/controllers/api/web/settings_controller.rb15
-rw-r--r--app/controllers/api_controller.rb11
-rw-r--r--app/controllers/application_controller.rb10
-rw-r--r--app/controllers/auth/registrations_controller.rb4
-rw-r--r--app/controllers/home_controller.rb1
-rw-r--r--app/controllers/media_controller.rb3
-rw-r--r--app/controllers/settings/preferences_controller.rb20
-rw-r--r--app/controllers/stream_entries_controller.rb2
18 files changed, 148 insertions, 48 deletions
diff --git a/app/controllers/about_controller.rb b/app/controllers/about_controller.rb
index 7df58444f..491036db2 100644
--- a/app/controllers/about_controller.rb
+++ b/app/controllers/about_controller.rb
@@ -4,11 +4,21 @@ class AboutController < ApplicationController
   before_action :set_body_classes
 
   def index
+    @description = Setting.site_description
   end
 
-  def terms
+  def more
+    @description          = Setting.site_description
+    @extended_description = Setting.site_extended_description
+    @contact_account      = Account.find_local(Setting.site_contact_username)
+    @contact_email        = Setting.site_contact_email
+    @user_count           = Rails.cache.fetch('user_count')            { User.count }
+    @status_count         = Rails.cache.fetch('local_status_count')    { Status.local.count }
+    @domain_count         = Rails.cache.fetch('distinct_domain_count') { Account.distinct.count(:domain) }
   end
 
+  def terms; end
+
   private
 
   def set_body_classes
diff --git a/app/controllers/admin/settings_controller.rb b/app/controllers/admin/settings_controller.rb
new file mode 100644
index 000000000..af0be8823
--- /dev/null
+++ b/app/controllers/admin/settings_controller.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+class Admin::SettingsController < ApplicationController
+  before_action :require_admin!
+
+  layout 'admin'
+
+  def index
+    @settings = Setting.all_as_records
+  end
+
+  def update
+    @setting = Setting.where(var: params[:id]).first_or_initialize(var: params[:id])
+
+    if @setting.value != params[:setting][:value]
+      @setting.value = params[:setting][:value]
+      @setting.save
+    end
+
+    respond_to do |format|
+      format.html { redirect_to admin_settings_path }
+      format.json { respond_with_bip(@setting) }
+    end
+  end
+end
diff --git a/app/controllers/api/oembed_controller.rb b/app/controllers/api/oembed_controller.rb
index 2360061ff..379e910e6 100644
--- a/app/controllers/api/oembed_controller.rb
+++ b/app/controllers/api/oembed_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::OembedController < ApiController
+class Api::OEmbedController < ApiController
   respond_to :json
 
   def show
diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb
index 05ff806c5..d97010c0e 100644
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -16,13 +16,13 @@ class Api::V1::AccountsController < ApiController
   end
 
   def following
-    results   = Follow.where(account: @account).paginate_by_max_id(DEFAULT_ACCOUNTS_LIMIT, params[:max_id], params[:since_id])
+    results   = Follow.where(account: @account).paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id])
     accounts  = Account.where(id: results.map(&:target_account_id)).map { |a| [a.id, a] }.to_h
     @accounts = results.map { |f| accounts[f.target_account_id] }
 
     set_account_counters_maps(@accounts)
 
-    next_path = following_api_v1_account_url(max_id: results.last.id)    if results.size == DEFAULT_ACCOUNTS_LIMIT
+    next_path = following_api_v1_account_url(max_id: results.last.id)    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
     prev_path = following_api_v1_account_url(since_id: results.first.id) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
@@ -31,13 +31,13 @@ class Api::V1::AccountsController < ApiController
   end
 
   def followers
-    results   = Follow.where(target_account: @account).paginate_by_max_id(DEFAULT_ACCOUNTS_LIMIT, params[:max_id], params[:since_id])
+    results   = Follow.where(target_account: @account).paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id])
     accounts  = Account.where(id: results.map(&:account_id)).map { |a| [a.id, a] }.to_h
     @accounts = results.map { |f| accounts[f.account_id] }
 
     set_account_counters_maps(@accounts)
 
-    next_path = followers_api_v1_account_url(max_id: results.last.id)    if results.size == DEFAULT_ACCOUNTS_LIMIT
+    next_path = followers_api_v1_account_url(max_id: results.last.id)    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
     prev_path = followers_api_v1_account_url(since_id: results.first.id) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
@@ -46,13 +46,13 @@ class Api::V1::AccountsController < ApiController
   end
 
   def statuses
-    @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(DEFAULT_STATUSES_LIMIT, params[:max_id], params[:since_id])
+    @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
     @statuses = cache_collection(@statuses, Status)
 
     set_maps(@statuses)
     set_counters_maps(@statuses)
 
-    next_path = statuses_api_v1_account_url(max_id: @statuses.last.id)    if @statuses.size == DEFAULT_STATUSES_LIMIT
+    next_path = statuses_api_v1_account_url(max_id: @statuses.last.id)    if @statuses.size == limit_param(DEFAULT_STATUSES_LIMIT)
     prev_path = statuses_api_v1_account_url(since_id: @statuses.first.id) unless @statuses.empty?
 
     set_pagination_headers(next_path, prev_path)
@@ -66,7 +66,12 @@ class Api::V1::AccountsController < ApiController
 
   def block
     BlockService.new.call(current_user.account, @account)
-    set_relationship
+
+    @following   = { @account.id => false }
+    @followed_by = { @account.id => false }
+    @blocking    = { @account.id => true }
+    @requested   = { @account.id => false }
+
     render action: :relationship
   end
 
@@ -93,10 +98,9 @@ class Api::V1::AccountsController < ApiController
   end
 
   def search
-    limit = params[:limit] ? [DEFAULT_ACCOUNTS_LIMIT, params[:limit].to_i].min : DEFAULT_ACCOUNTS_LIMIT
-    @accounts = SearchService.new.call(params[:q], limit, params[:resolve] == 'true')
+    @accounts = SearchService.new.call(params[:q], limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:resolve] == 'true')
 
-    set_account_counters_maps(@accounts)
+    set_account_counters_maps(@accounts) unless @accounts.nil?
 
     render action: :index
   end
diff --git a/app/controllers/api/v1/apps_controller.rb b/app/controllers/api/v1/apps_controller.rb
index 1b33770f4..ca9dd0b7e 100644
--- a/app/controllers/api/v1/apps_controller.rb
+++ b/app/controllers/api/v1/apps_controller.rb
@@ -4,6 +4,6 @@ class Api::V1::AppsController < ApiController
   respond_to :json
 
   def create
-    @app = Doorkeeper::Application.create!(name: params[:client_name], redirect_uri: params[:redirect_uris], scopes: (params[:scopes] || Doorkeeper.configuration.default_scopes))
+    @app = Doorkeeper::Application.create!(name: params[:client_name], redirect_uri: params[:redirect_uris], scopes: (params[:scopes] || Doorkeeper.configuration.default_scopes), website: params[:website])
   end
 end
diff --git a/app/controllers/api/v1/blocks_controller.rb b/app/controllers/api/v1/blocks_controller.rb
index 8629242ab..b9816e052 100644
--- a/app/controllers/api/v1/blocks_controller.rb
+++ b/app/controllers/api/v1/blocks_controller.rb
@@ -7,13 +7,13 @@ class Api::V1::BlocksController < ApiController
   respond_to :json
 
   def index
-    results   = Block.where(account: current_account).paginate_by_max_id(DEFAULT_ACCOUNTS_LIMIT, params[:max_id], params[:since_id])
+    results   = Block.where(account: current_account).paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id])
     accounts  = Account.where(id: results.map(&:target_account_id)).map { |a| [a.id, a] }.to_h
     @accounts = results.map { |f| accounts[f.target_account_id] }
 
     set_account_counters_maps(@accounts)
 
-    next_path = api_v1_blocks_url(max_id: results.last.id)    if results.size == DEFAULT_ACCOUNTS_LIMIT
+    next_path = api_v1_blocks_url(max_id: results.last.id)    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
     prev_path = api_v1_blocks_url(since_id: results.first.id) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
diff --git a/app/controllers/api/v1/favourites_controller.rb b/app/controllers/api/v1/favourites_controller.rb
index a71592acd..ef0a4854a 100644
--- a/app/controllers/api/v1/favourites_controller.rb
+++ b/app/controllers/api/v1/favourites_controller.rb
@@ -7,13 +7,13 @@ class Api::V1::FavouritesController < ApiController
   respond_to :json
 
   def index
-    results   = Favourite.where(account: current_account).paginate_by_max_id(DEFAULT_STATUSES_LIMIT, params[:max_id], params[:since_id])
+    results   = Favourite.where(account: current_account).paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
     @statuses = cache_collection(Status.where(id: results.map(&:status_id)), Status)
 
     set_maps(@statuses)
     set_counters_maps(@statuses)
 
-    next_path = api_v1_favourites_url(max_id: results.last.id)    if results.size == DEFAULT_ACCOUNTS_LIMIT
+    next_path = api_v1_favourites_url(max_id: results.last.id)    if results.size == limit_param(DEFAULT_STATUSES_LIMIT)
     prev_path = api_v1_favourites_url(since_id: results.first.id) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
diff --git a/app/controllers/api/v1/notifications_controller.rb b/app/controllers/api/v1/notifications_controller.rb
index c8f162cb0..877356a75 100644
--- a/app/controllers/api/v1/notifications_controller.rb
+++ b/app/controllers/api/v1/notifications_controller.rb
@@ -6,8 +6,10 @@ class Api::V1::NotificationsController < ApiController
 
   respond_to :json
 
+  DEFAULT_NOTIFICATIONS_LIMIT = 15
+
   def index
-    @notifications = Notification.where(account: current_account).browserable.paginate_by_max_id(20, params[:max_id], params[:since_id])
+    @notifications = Notification.where(account: current_account).browserable.paginate_by_max_id(limit_param(DEFAULT_NOTIFICATIONS_LIMIT), params[:max_id], params[:since_id])
     @notifications = cache_collection(@notifications, Notification)
     statuses       = @notifications.select { |n| !n.target_status.nil? }.map(&:target_status)
 
@@ -15,9 +17,18 @@ class Api::V1::NotificationsController < ApiController
     set_counters_maps(statuses)
     set_account_counters_maps(@notifications.map(&:from_account))
 
-    next_path = api_v1_notifications_url(max_id: @notifications.last.id)    if @notifications.size == 20
+    next_path = api_v1_notifications_url(max_id: @notifications.last.id)    if @notifications.size == limit_param(DEFAULT_NOTIFICATIONS_LIMIT)
     prev_path = api_v1_notifications_url(since_id: @notifications.first.id) unless @notifications.empty?
 
     set_pagination_headers(next_path, prev_path)
   end
+
+  def show
+    @notification = Notification.where(account: current_account).find(params[:id])
+  end
+
+  def clear
+    Notification.where(account: current_account).delete_all
+    render_empty
+  end
 end
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index f7b4ed610..4b095a570 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -3,8 +3,8 @@
 class Api::V1::StatusesController < ApiController
   before_action -> { doorkeeper_authorize! :read }, except: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite]
   before_action -> { doorkeeper_authorize! :write }, only:  [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite]
-  before_action :require_user!, except: [:show, :context, :reblogged_by, :favourited_by]
-  before_action :set_status, only:      [:show, :context, :reblogged_by, :favourited_by]
+  before_action :require_user!, except: [:show, :context, :card, :reblogged_by, :favourited_by]
+  before_action :set_status, only:      [:show, :context, :card, :reblogged_by, :favourited_by]
 
   respond_to :json
 
@@ -14,21 +14,26 @@ class Api::V1::StatusesController < ApiController
   end
 
   def context
-    @context = OpenStruct.new(ancestors: @status.ancestors(current_account), descendants: @status.descendants(current_account))
+    @context = OpenStruct.new(ancestors: @status.in_reply_to_id.nil? ? [] : @status.ancestors(current_account), descendants: @status.descendants(current_account))
     statuses = [@status] + @context[:ancestors] + @context[:descendants]
 
     set_maps(statuses)
     set_counters_maps(statuses)
   end
 
+  def card
+    @card = PreviewCard.find_by(status: @status)
+    render_empty if @card.nil?
+  end
+
   def reblogged_by
-    results   = @status.reblogs.paginate_by_max_id(DEFAULT_ACCOUNTS_LIMIT, params[:max_id], params[:since_id])
+    results   = @status.reblogs.paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id])
     accounts  = Account.where(id: results.map(&:account_id)).map { |a| [a.id, a] }.to_h
     @accounts = results.map { |r| accounts[r.account_id] }
 
     set_account_counters_maps(@accounts)
 
-    next_path = reblogged_by_api_v1_status_url(max_id: results.last.id)    if results.size == DEFAULT_ACCOUNTS_LIMIT
+    next_path = reblogged_by_api_v1_status_url(max_id: results.last.id)    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
     prev_path = reblogged_by_api_v1_status_url(since_id: results.first.id) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
@@ -37,13 +42,13 @@ class Api::V1::StatusesController < ApiController
   end
 
   def favourited_by
-    results   = @status.favourites.paginate_by_max_id(DEFAULT_ACCOUNTS_LIMIT, params[:max_id], params[:since_id])
+    results   = @status.favourites.paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id])
     accounts  = Account.where(id: results.map(&:account_id)).map { |a| [a.id, a] }.to_h
     @accounts = results.map { |f| accounts[f.account_id] }
 
     set_account_counters_maps(@accounts)
 
-    next_path = favourited_by_api_v1_status_url(max_id: results.last.id)    if results.size == DEFAULT_ACCOUNTS_LIMIT
+    next_path = favourited_by_api_v1_status_url(max_id: results.last.id)    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
     prev_path = favourited_by_api_v1_status_url(since_id: results.first.id) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
@@ -52,7 +57,12 @@ class Api::V1::StatusesController < ApiController
   end
 
   def create
-    @status = PostStatusService.new.call(current_user.account, params[:status], params[:in_reply_to_id].blank? ? nil : Status.find(params[:in_reply_to_id]), media_ids: params[:media_ids], sensitive: params[:sensitive], visibility: params[:visibility])
+    @status = PostStatusService.new.call(current_user.account, params[:status], params[:in_reply_to_id].blank? ? nil : Status.find(params[:in_reply_to_id]), media_ids: params[:media_ids],
+                                                                                                                                                             sensitive: params[:sensitive],
+                                                                                                                                                             spoiler_text: params[:spoiler_text],
+                                                                                                                                                             visibility: params[:visibility],
+                                                                                                                                                             application: doorkeeper_token.application)
+
     render action: :show
   end
 
diff --git a/app/controllers/api/v1/timelines_controller.rb b/app/controllers/api/v1/timelines_controller.rb
index 9727797e5..5042550db 100644
--- a/app/controllers/api/v1/timelines_controller.rb
+++ b/app/controllers/api/v1/timelines_controller.rb
@@ -7,14 +7,14 @@ class Api::V1::TimelinesController < ApiController
   respond_to :json
 
   def home
-    @statuses = Feed.new(:home, current_account).get(DEFAULT_STATUSES_LIMIT, params[:max_id], params[:since_id])
+    @statuses = Feed.new(:home, current_account).get(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
     @statuses = cache_collection(@statuses)
 
     set_maps(@statuses)
     set_counters_maps(@statuses)
     set_account_counters_maps(@statuses.flat_map { |s| [s.account, s.reblog? ? s.reblog.account : nil] }.compact.uniq)
 
-    next_path = api_v1_home_timeline_url(max_id: @statuses.last.id)    if @statuses.size == DEFAULT_STATUSES_LIMIT
+    next_path = api_v1_home_timeline_url(max_id: @statuses.last.id)    if @statuses.size == limit_param(DEFAULT_STATUSES_LIMIT)
     prev_path = api_v1_home_timeline_url(since_id: @statuses.first.id) unless @statuses.empty?
 
     set_pagination_headers(next_path, prev_path)
@@ -23,14 +23,14 @@ class Api::V1::TimelinesController < ApiController
   end
 
   def mentions
-    @statuses = Feed.new(:mentions, current_account).get(DEFAULT_STATUSES_LIMIT, params[:max_id], params[:since_id])
+    @statuses = Feed.new(:mentions, current_account).get(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
     @statuses = cache_collection(@statuses)
 
     set_maps(@statuses)
     set_counters_maps(@statuses)
     set_account_counters_maps(@statuses.flat_map { |s| [s.account, s.reblog? ? s.reblog.account : nil] }.compact.uniq)
 
-    next_path = api_v1_mentions_timeline_url(max_id: @statuses.last.id)    if @statuses.size == DEFAULT_STATUSES_LIMIT
+    next_path = api_v1_mentions_timeline_url(max_id: @statuses.last.id)    if @statuses.size == limit_param(DEFAULT_STATUSES_LIMIT)
     prev_path = api_v1_mentions_timeline_url(since_id: @statuses.first.id) unless @statuses.empty?
 
     set_pagination_headers(next_path, prev_path)
@@ -39,14 +39,14 @@ class Api::V1::TimelinesController < ApiController
   end
 
   def public
-    @statuses = Status.as_public_timeline(current_account).paginate_by_max_id(DEFAULT_STATUSES_LIMIT, params[:max_id], params[:since_id])
+    @statuses = Status.as_public_timeline(current_account).paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
     @statuses = cache_collection(@statuses)
 
     set_maps(@statuses)
     set_counters_maps(@statuses)
     set_account_counters_maps(@statuses.flat_map { |s| [s.account, s.reblog? ? s.reblog.account : nil] }.compact.uniq)
 
-    next_path = api_v1_public_timeline_url(max_id: @statuses.last.id)    if @statuses.size == DEFAULT_STATUSES_LIMIT
+    next_path = api_v1_public_timeline_url(max_id: @statuses.last.id)    if @statuses.size == limit_param(DEFAULT_STATUSES_LIMIT)
     prev_path = api_v1_public_timeline_url(since_id: @statuses.first.id) unless @statuses.empty?
 
     set_pagination_headers(next_path, prev_path)
@@ -56,14 +56,14 @@ class Api::V1::TimelinesController < ApiController
 
   def tag
     @tag      = Tag.find_by(name: params[:id].downcase)
-    @statuses = @tag.nil? ? [] : Status.as_tag_timeline(@tag, current_account).paginate_by_max_id(DEFAULT_STATUSES_LIMIT, params[:max_id], params[:since_id])
+    @statuses = @tag.nil? ? [] : Status.as_tag_timeline(@tag, current_account).paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
     @statuses = cache_collection(@statuses)
 
     set_maps(@statuses)
     set_counters_maps(@statuses)
     set_account_counters_maps(@statuses.flat_map { |s| [s.account, s.reblog? ? s.reblog.account : nil] }.compact.uniq)
 
-    next_path = api_v1_hashtag_timeline_url(params[:id], max_id: @statuses.last.id)    if @statuses.size == DEFAULT_STATUSES_LIMIT
+    next_path = api_v1_hashtag_timeline_url(params[:id], max_id: @statuses.last.id)    if @statuses.size == limit_param(DEFAULT_STATUSES_LIMIT)
     prev_path = api_v1_hashtag_timeline_url(params[:id], since_id: @statuses.first.id) unless @statuses.empty?
 
     set_pagination_headers(next_path, prev_path)
diff --git a/app/controllers/api/web/settings_controller.rb b/app/controllers/api/web/settings_controller.rb
new file mode 100644
index 000000000..c00e016a4
--- /dev/null
+++ b/app/controllers/api/web/settings_controller.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class Api::Web::SettingsController < ApiController
+  respond_to :json
+
+  before_action :require_user!
+
+  def update
+    setting      = ::Web::Setting.where(user: current_user).first_or_initialize(user: current_user)
+    setting.data = params[:data]
+    setting.save!
+
+    render_empty
+  end
+end
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 8f1c8ac8a..5d2bd9a22 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -62,6 +62,11 @@ class ApiController < ApplicationController
     response.headers['Link'] = LinkHeader.new(links)
   end
 
+  def limit_param(default_limit)
+    return default_limit unless params[:limit]
+    [params[:limit].to_i.abs, default_limit * 2].min
+  end
+
   def current_resource_owner
     @current_user ||= User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
   end
@@ -89,19 +94,19 @@ class ApiController < ApplicationController
       return
     end
 
-    status_ids      = statuses.flat_map { |s| [s.id, s.reblog_of_id] }.compact.uniq
+    status_ids      = statuses.compact.flat_map { |s| [s.id, s.reblog_of_id] }.uniq
     @reblogs_map    = Status.reblogs_map(status_ids, current_account)
     @favourites_map = Status.favourites_map(status_ids, current_account)
   end
 
   def set_counters_maps(statuses) # rubocop:disable Style/AccessorMethodName
-    status_ids             = statuses.map { |s| s.reblog? ? s.reblog_of_id : s.id }.uniq
+    status_ids             = statuses.compact.map { |s| s.reblog? ? s.reblog_of_id : s.id }.uniq
     @favourites_counts_map = Favourite.select('status_id, COUNT(id) AS favourites_count').group('status_id').where(status_id: status_ids).map { |f| [f.status_id, f.favourites_count] }.to_h
     @reblogs_counts_map    = Status.select('statuses.id, COUNT(reblogs.id) AS reblogs_count').joins('LEFT OUTER JOIN statuses AS reblogs ON statuses.id = reblogs.reblog_of_id').where(id: status_ids).group('statuses.id').map { |r| [r.id, r.reblogs_count] }.to_h
   end
 
   def set_account_counters_maps(accounts) # rubocop:disable Style/AccessorMethodName
-    account_ids = accounts.map(&:id)
+    account_ids = accounts.compact.map(&:id).uniq
     @followers_counts_map = Follow.unscoped.select('target_account_id, COUNT(account_id) AS followers_count').group('target_account_id').where(target_account_id: account_ids).map { |f| [f.target_account_id, f.followers_count] }.to_h
     @following_counts_map = Follow.unscoped.select('account_id, COUNT(target_account_id) AS following_count').group('account_id').where(account_id: account_ids).map { |f| [f.account_id, f.following_count] }.to_h
     @statuses_counts_map  = Status.unscoped.select('account_id, COUNT(id) AS statuses_count').group('account_id').where(account_id: account_ids).map { |s| [s.account_id, s.statuses_count] }.to_h
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0a6b50a29..e4b6d0faf 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -11,6 +11,7 @@ class ApplicationController < ActionController::Base
 
   rescue_from ActionController::RoutingError, with: :not_found
   rescue_from ActiveRecord::RecordNotFound, with: :not_found
+  rescue_from ActionController::InvalidAuthenticityToken, with: :unprocessable_entity
 
   before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
   before_action :set_locale
@@ -50,12 +51,21 @@ class ApplicationController < ActionController::Base
   def not_found
     respond_to do |format|
       format.any  { head 404 }
+      format.html { render 'errors/404', layout: 'error' }
     end
   end
 
   def gone
     respond_to do |format|
       format.any  { head 410 }
+      format.html { render 'errors/410', layout: 'error' }
+    end
+  end
+
+  def unprocessable_entity
+    respond_to do |format|
+      format.any  { head 422 }
+      format.html { render 'errors/422', layout: 'error' }
     end
   end
 
diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb
index 60eb9905a..6ce4984bb 100644
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@@ -23,6 +23,10 @@ class Auth::RegistrationsController < Devise::RegistrationsController
     new_user_session_path
   end
 
+  def after_inactive_sign_up_path_for(_resource)
+    new_user_session_path
+  end
+
   def check_single_user_mode
     redirect_to root_path if Rails.configuration.x.single_user_mode
   end
diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
index a25fe77da..814b1f758 100644
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -6,6 +6,7 @@ class HomeController < ApplicationController
   def index
     @body_classes = 'app-body'
     @token        = find_or_create_access_token.token
+    @web_settings = Web::Setting.find_by(user: current_user)&.data || {}
   end
 
   private
diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb
index 6f1f7ec48..488c4f944 100644
--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@@ -10,6 +10,7 @@ class MediaController < ApplicationController
   private
 
   def set_media_attachment
-    @media_attachment = MediaAttachment.where.not(status_id: nil).find(params[:id])
+    @media_attachment = MediaAttachment.where.not(status_id: nil).find_by!(shortcode: params[:id])
+    raise ActiveRecord::RecordNotFound unless @media_attachment.status.permitted?(current_account)
   end
 end
diff --git a/app/controllers/settings/preferences_controller.rb b/app/controllers/settings/preferences_controller.rb
index 3b6d109a6..f273b5f21 100644
--- a/app/controllers/settings/preferences_controller.rb
+++ b/app/controllers/settings/preferences_controller.rb
@@ -8,14 +8,18 @@ class Settings::PreferencesController < ApplicationController
   def show; end
 
   def update
-    current_user.settings(:notification_emails).follow         = user_params[:notification_emails][:follow]         == '1'
-    current_user.settings(:notification_emails).follow_request = user_params[:notification_emails][:follow_request] == '1'
-    current_user.settings(:notification_emails).reblog         = user_params[:notification_emails][:reblog]         == '1'
-    current_user.settings(:notification_emails).favourite      = user_params[:notification_emails][:favourite]      == '1'
-    current_user.settings(:notification_emails).mention        = user_params[:notification_emails][:mention]        == '1'
-
-    current_user.settings(:interactions).must_be_follower  = user_params[:interactions][:must_be_follower]  == '1'
-    current_user.settings(:interactions).must_be_following = user_params[:interactions][:must_be_following] == '1'
+    current_user.settings['notification_emails'] = {
+      follow:         user_params[:notification_emails][:follow]         == '1',
+      follow_request: user_params[:notification_emails][:follow_request] == '1',
+      reblog:         user_params[:notification_emails][:reblog]         == '1',
+      favourite:      user_params[:notification_emails][:favourite]      == '1',
+      mention:        user_params[:notification_emails][:mention]        == '1',
+    }
+
+    current_user.settings['interactions'] = {
+      must_be_follower:  user_params[:interactions][:must_be_follower]  == '1',
+      must_be_following: user_params[:interactions][:must_be_following] == '1',
+    }
 
     if current_user.update(user_params.except(:notification_emails, :interactions))
       redirect_to settings_preferences_path, notice: I18n.t('generic.changes_saved_msg')
diff --git a/app/controllers/stream_entries_controller.rb b/app/controllers/stream_entries_controller.rb
index 3f60bb0c4..5701b2efa 100644
--- a/app/controllers/stream_entries_controller.rb
+++ b/app/controllers/stream_entries_controller.rb
@@ -46,7 +46,7 @@ class StreamEntriesController < ApplicationController
     @stream_entry = @account.stream_entries.find(params[:id])
     @type         = @stream_entry.activity_type.downcase
 
-    raise ActiveRecord::RecordNotFound if @stream_entry.hidden? && (@stream_entry.activity_type != 'Status' || (@stream_entry.activity_type == 'Status' && !@stream_entry.activity.permitted?(current_account)))
+    raise ActiveRecord::RecordNotFound if @stream_entry.activity.nil? || (@stream_entry.hidden? && (@stream_entry.activity_type != 'Status' || (@stream_entry.activity_type == 'Status' && !@stream_entry.activity.permitted?(current_account))))
   end
 
   def check_account_suspension