about summary refs log tree commit diff
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/application.rb1
-rw-r--r--config/deploy.rb20
-rw-r--r--config/initializers/content_security_policy.rb7
-rw-r--r--config/initializers/http_client_proxy.rb20
-rw-r--r--config/initializers/inflections.rb2
-rw-r--r--config/locales/en.yml4
-rw-r--r--config/pghero.yml2
-rw-r--r--config/routes.rb2
8 files changed, 42 insertions, 16 deletions
diff --git a/config/application.rb b/config/application.rb
index 4c34efa15..d1980cd68 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -106,6 +106,7 @@ module Mastodon
       :tr,
       :uk,
       :ur,
+      :vi,
       :'zh-CN',
       :'zh-HK',
       :'zh-TW',
diff --git a/config/deploy.rb b/config/deploy.rb
index 79550baed..76e6b2815 100644
--- a/config/deploy.rb
+++ b/config/deploy.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-lock '3.12.1'
+lock '3.14.0'
 
 set :repo_url, ENV.fetch('REPO', 'https://github.com/tootsuite/mastodon.git')
 set :branch, ENV.fetch('BRANCH', 'master')
@@ -12,3 +12,21 @@ set :migration_role, :app
 
 append :linked_files, '.env.production', 'public/robots.txt'
 append :linked_dirs, 'vendor/bundle', 'node_modules', 'public/system'
+
+namespace :systemd do
+  %i[sidekiq streaming web].each do |service|
+    %i[reload restart status].each do |action|
+      desc "Perform a #{action} on #{service} service"
+      task "#{service}:#{action}".to_sym do
+        on roles(:app) do
+          # runs e.g. "sudo restart mastodon-sidekiq.service"
+          sudo :systemctl, action, "#{fetch(:application)}-#{service}.service"
+        end
+      end
+    end
+  end
+end
+
+after 'deploy:publishing', 'systemd:web:reload'
+after 'deploy:publishing', 'systemd:sidekiq:restart'
+after 'deploy:publishing', 'systemd:streaming:restart'
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index d1e6701e2..a76db6fe5 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -34,7 +34,7 @@ if Rails.env.production?
     p.script_src      :self, assets_host
     p.font_src        :self, assets_host
     p.img_src         :self, :data, :blob, *data_hosts
-    p.style_src       :self, :unsafe_inline, assets_host
+    p.style_src       :self, assets_host
     p.media_src       :self, :data, *data_hosts
     p.frame_src       :self, :https
     p.child_src       :self, :blob, assets_host
@@ -48,3 +48,8 @@ end
 # For further information see the following documentation:
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
 # Rails.application.config.content_security_policy_report_only = true
+
+PgHero::HomeController.content_security_policy do |p|
+  p.script_src :self, :unsafe_inline, assets_host
+  p.style_src  :self, :unsafe_inline, assets_host
+end
diff --git a/config/initializers/http_client_proxy.rb b/config/initializers/http_client_proxy.rb
index 9d7b16e69..7a9b7b86d 100644
--- a/config/initializers/http_client_proxy.rb
+++ b/config/initializers/http_client_proxy.rb
@@ -1,24 +1,22 @@
 Rails.application.configure do
   config.x.http_client_proxy = {}
+
   if ENV['http_proxy'].present?
     proxy = URI.parse(ENV['http_proxy'])
+
     raise "Unsupported proxy type: #{proxy.scheme}" unless %w(http https).include? proxy.scheme
     raise "No proxy host" unless proxy.host
 
     host = proxy.host
     host = host[1...-1] if host[0] == '[' # for IPv6 address
-    config.x.http_client_proxy[:proxy] = { proxy_address: host, proxy_port: proxy.port, proxy_username: proxy.user, proxy_password: proxy.password }.compact
+
+    config.x.http_client_proxy[:proxy] = {
+      proxy_address: host,
+      proxy_port: proxy.port,
+      proxy_username: proxy.user,
+      proxy_password: proxy.password,
+    }.compact
   end
 
   config.x.access_to_hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true'
 end
-
-module Goldfinger
-  def self.finger(uri, opts = {})
-    to_hidden = /\.(onion|i2p)(:\d+)?$/.match(uri)
-    raise Mastodon::HostValidationError, 'Instance does not support hidden service connections' if !Rails.configuration.x.access_to_hidden_service && to_hidden
-    opts = { ssl: !to_hidden, headers: {} }.merge(Rails.configuration.x.http_client_proxy).merge(opts)
-    opts[:headers]['User-Agent'] ||= Mastodon::Version.user_agent
-    Goldfinger::Client.new(uri, opts).finger
-  end
-end
diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb
index c65153b0a..0667a542c 100644
--- a/config/initializers/inflections.rb
+++ b/config/initializers/inflections.rb
@@ -19,4 +19,6 @@ ActiveSupport::Inflector.inflections(:en) do |inflect|
   inflect.acronym 'ActivityStreams'
   inflect.acronym 'JsonLd'
   inflect.acronym 'NodeInfo'
+
+  inflect.singular 'data', 'data'
 end
diff --git a/config/locales/en.yml b/config/locales/en.yml
index edb7bb684..5b61c9106 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -858,12 +858,14 @@ en:
         invalid_token: Keybase tokens are hashes of signatures and must be 66 hex characters
         verification_failed: Keybase does not recognize this token as a signature of Keybase user %{kb_username}. Please retry from Keybase.
       wrong_user: Cannot create a proof for %{proving} while logged in as %{current}. Log in as %{proving} and try again.
-    explanation_html: Here you can cryptographically connect your other identities, such as a Keybase profile. This lets other people send you encrypted messages and trust content you send them.
+    explanation_html: Here you can cryptographically connect your other identities from other platforms, such as Keybase. This lets other people send you encrypted messages on those platforms and allows them to trust that the content you send them comes from you.
     i_am_html: I am %{username} on %{service}.
     identity: Identity
     inactive: Inactive
     publicize_checkbox: 'And toot this:'
     publicize_toot: 'It is proven! I am %{username} on %{service}: %{url}'
+    remove: Remove proof from account
+    removed: Successfully removed proof from account
     status: Verification status
     view_proof: View proof
   imports:
diff --git a/config/pghero.yml b/config/pghero.yml
index 244245d0d..84d0d7eef 100644
--- a/config/pghero.yml
+++ b/config/pghero.yml
@@ -38,4 +38,4 @@ databases:
 # aws_secret_access_key: ...
 # aws_region: us-east-1
 
-override_csp: true
+override_csp: false
diff --git a/config/routes.rb b/config/routes.rb
index 2ebe12f5c..42f2f0f7f 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -130,7 +130,7 @@ Rails.application.routes.draw do
       resource :confirmation, only: [:new, :create]
     end
 
-    resources :identity_proofs, only: [:index, :show, :new, :create, :update]
+    resources :identity_proofs, only: [:index, :new, :create, :destroy]
 
     resources :applications, except: [:edit] do
       member do