diff options
Diffstat (limited to 'app/controllers')
14 files changed, 35 insertions, 21 deletions
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index f36a0c859..4d03a04b7 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -17,6 +17,8 @@ class AccountsController < ApplicationController respond_to do |format| format.html do expires_in 0, public: true unless user_signed_in? + + @rss_url = rss_url end format.rss do diff --git a/app/controllers/admin/domain_blocks_controller.rb b/app/controllers/admin/domain_blocks_controller.rb index 32f1f9a5d..e79f7a43e 100644 --- a/app/controllers/admin/domain_blocks_controller.rb +++ b/app/controllers/admin/domain_blocks_controller.rb @@ -9,9 +9,9 @@ module Admin @form = Form::DomainBlockBatch.new(form_domain_block_batch_params.merge(current_account: current_account, action: action_from_button)) @form.save rescue ActionController::ParameterMissing - flash[:alert] = I18n.t('admin.email_domain_blocks.no_domain_block_selected') + flash[:alert] = I18n.t('admin.domain_blocks.no_domain_block_selected') rescue Mastodon::NotPermittedError - flash[:alert] = I18n.t('admin.domain_blocks.created_msg') + flash[:alert] = I18n.t('admin.domain_blocks.not_permitted') else redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg') end diff --git a/app/controllers/admin/email_domain_blocks_controller.rb b/app/controllers/admin/email_domain_blocks_controller.rb index 593457b94..a0a43de19 100644 --- a/app/controllers/admin/email_domain_blocks_controller.rb +++ b/app/controllers/admin/email_domain_blocks_controller.rb @@ -19,7 +19,7 @@ module Admin rescue ActionController::ParameterMissing flash[:alert] = I18n.t('admin.email_domain_blocks.no_email_domain_block_selected') rescue Mastodon::NotPermittedError - flash[:alert] = I18n.t('admin.custom_emojis.not_permitted') + flash[:alert] = I18n.t('admin.email_domain_blocks.not_permitted') ensure redirect_to admin_email_domain_blocks_path end diff --git a/app/controllers/admin/export_domain_allows_controller.rb b/app/controllers/admin/export_domain_allows_controller.rb index eb2955ac3..57fb12c62 100644 --- a/app/controllers/admin/export_domain_allows_controller.rb +++ b/app/controllers/admin/export_domain_allows_controller.rb @@ -8,8 +8,6 @@ module Admin before_action :set_dummy_import!, only: [:new] - ROWS_PROCESSING_LIMIT = 20_000 - def new authorize :domain_allow, :create? end @@ -23,9 +21,11 @@ module Admin authorize :domain_allow, :create? begin @import = Admin::Import.new(import_params) + return render :new unless @import.validate + parse_import_data!(export_headers) - @data.take(ROWS_PROCESSING_LIMIT).each do |row| + @data.take(Admin::Import::ROWS_PROCESSING_LIMIT).each do |row| domain = row['#domain'].strip next if DomainAllow.allowed?(domain) diff --git a/app/controllers/admin/export_domain_blocks_controller.rb b/app/controllers/admin/export_domain_blocks_controller.rb index 545bd94ed..fb0cd05d2 100644 --- a/app/controllers/admin/export_domain_blocks_controller.rb +++ b/app/controllers/admin/export_domain_blocks_controller.rb @@ -8,8 +8,6 @@ module Admin before_action :set_dummy_import!, only: [:new] - ROWS_PROCESSING_LIMIT = 20_000 - def new authorize :domain_block, :create? end @@ -23,12 +21,14 @@ module Admin authorize :domain_block, :create? @import = Admin::Import.new(import_params) + return render :new unless @import.validate + parse_import_data!(export_headers) @global_private_comment = I18n.t('admin.export_domain_blocks.import.private_comment_template', source: @import.data_file_name, date: I18n.l(Time.now.utc)) @form = Form::DomainBlockBatch.new - @domain_blocks = @data.take(ROWS_PROCESSING_LIMIT).filter_map do |row| + @domain_blocks = @data.take(Admin::Import::ROWS_PROCESSING_LIMIT).filter_map do |row| domain = row['#domain'].strip next if DomainBlock.rule_for(domain).present? diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 665425f29..defef0656 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -129,7 +129,7 @@ class Api::BaseController < ApplicationController end def set_cache_headers - response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate' + response.headers['Cache-Control'] = 'private, no-store' end def disallow_unauthenticated_api_access? diff --git a/app/controllers/api/v1/followed_tags_controller.rb b/app/controllers/api/v1/followed_tags_controller.rb index f0dfd044c..eae2bdc01 100644 --- a/app/controllers/api/v1/followed_tags_controller.rb +++ b/app/controllers/api/v1/followed_tags_controller.rb @@ -3,11 +3,11 @@ class Api::V1::FollowedTagsController < Api::BaseController TAGS_LIMIT = 100 - before_action -> { doorkeeper_authorize! :follow, :read, :'read:follows' }, except: :show + before_action -> { doorkeeper_authorize! :follow, :read, :'read:follows' } before_action :require_user! before_action :set_results - after_action :insert_pagination_headers, only: :show + after_action :insert_pagination_headers def index render json: @results.map(&:tag), each_serializer: REST::TagSerializer, relationships: TagRelationshipsPresenter.new(@results.map(&:tag), current_user&.account_id) @@ -43,7 +43,7 @@ class Api::V1::FollowedTagsController < Api::BaseController end def records_continue? - @results.size == limit_param(TAG_LIMIT) + @results.size == limit_param(TAGS_LIMIT) end def pagination_params(core_params) diff --git a/app/controllers/api/v1/tags_controller.rb b/app/controllers/api/v1/tags_controller.rb index 32f71bdce..272362c31 100644 --- a/app/controllers/api/v1/tags_controller.rb +++ b/app/controllers/api/v1/tags_controller.rb @@ -12,7 +12,7 @@ class Api::V1::TagsController < Api::BaseController end def follow - TagFollow.create!(tag: @tag, account: current_account, rate_limit: true) + TagFollow.create_with(rate_limit: true).find_or_create_by!(tag: @tag, account: current_account) render json: @tag, serializer: REST::TagSerializer end diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb index edef0d5bb..d363efeee 100644 --- a/app/controllers/auth/registrations_controller.rb +++ b/app/controllers/auth/registrations_controller.rb @@ -159,6 +159,6 @@ class Auth::RegistrationsController < Devise::RegistrationsController end def set_cache_headers - response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate' + response.headers['Cache-Control'] = 'private, no-store' end end diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 13dfebcdd..16c18baa2 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -15,6 +15,10 @@ class Auth::SessionsController < Devise::SessionsController before_action :set_instance_presenter, only: [:new] before_action :set_body_classes + content_security_policy only: :new do |p| + p.form_action(false) + end + def check_suspicious! user = find_user @login_is_suspicious = suspicious_sign_in?(user) unless user.nil? diff --git a/app/controllers/concerns/admin_export_controller_concern.rb b/app/controllers/concerns/admin_export_controller_concern.rb index 013915d02..b40c76557 100644 --- a/app/controllers/concerns/admin_export_controller_concern.rb +++ b/app/controllers/concerns/admin_export_controller_concern.rb @@ -27,13 +27,13 @@ module AdminExportControllerConcern params.require(:admin_import).permit(:data) end - def import_data - Paperclip.io_adapters.for(@import.data).read + def import_data_path + params[:admin_import][:data].path end def parse_import_data!(default_headers) - data = CSV.parse(import_data, headers: true) - data = CSV.parse(import_data, headers: default_headers) unless data.headers&.first&.strip&.include?(default_headers[0]) + data = CSV.read(import_data_path, headers: true, encoding: 'UTF-8') + data = CSV.read(import_data_path, headers: default_headers, encoding: 'UTF-8') unless data.headers&.first&.strip&.include?(default_headers[0]) @data = data.reject(&:blank?) end end diff --git a/app/controllers/oauth/authorizations_controller.rb b/app/controllers/oauth/authorizations_controller.rb index 137346ed0..d6e7d0800 100644 --- a/app/controllers/oauth/authorizations_controller.rb +++ b/app/controllers/oauth/authorizations_controller.rb @@ -8,6 +8,10 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController before_action :set_pack before_action :set_cache_headers + content_security_policy do |p| + p.form_action(false) + end + include Localized private @@ -35,6 +39,6 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController end def set_cache_headers - response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate' + response.headers['Cache-Control'] = 'private, no-store' end end diff --git a/app/controllers/settings/base_controller.rb b/app/controllers/settings/base_controller.rb index dee3922d8..bf17b918c 100644 --- a/app/controllers/settings/base_controller.rb +++ b/app/controllers/settings/base_controller.rb @@ -19,7 +19,7 @@ class Settings::BaseController < ApplicationController end def set_cache_headers - response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate' + response.headers['Cache-Control'] = 'private, no-store' end def require_not_suspended! diff --git a/app/controllers/statuses_cleanup_controller.rb b/app/controllers/statuses_cleanup_controller.rb index 3d4f4af02..0e7bb835f 100644 --- a/app/controllers/statuses_cleanup_controller.rb +++ b/app/controllers/statuses_cleanup_controller.rb @@ -20,6 +20,10 @@ class StatusesCleanupController < ApplicationController # Do nothing end + def require_functional! + redirect_to edit_user_registration_path unless current_user.functional_or_moved? + end + private def set_pack |