diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/paperclip.rb | 2 | ||||
-rw-r--r-- | config/initializers/rack_attack.rb | 4 | ||||
-rw-r--r-- | config/initializers/twitter_regex.rb | 2 | ||||
-rw-r--r-- | config/locales/en.yml | 19 | ||||
-rw-r--r-- | config/locales/simple_form.en.yml | 16 | ||||
-rw-r--r-- | config/navigation.rb | 1 | ||||
-rw-r--r-- | config/routes.rb | 21 | ||||
-rw-r--r-- | config/settings.yml | 1 | ||||
-rw-r--r-- | config/webpack/configuration.js | 17 |
9 files changed, 57 insertions, 26 deletions
diff --git a/config/initializers/paperclip.rb b/config/initializers/paperclip.rb index b4849370d..b841d5220 100644 --- a/config/initializers/paperclip.rb +++ b/config/initializers/paperclip.rb @@ -62,7 +62,7 @@ if ENV['S3_ENABLED'] == 'true' s3_options: { signature_version: ENV.fetch('S3_SIGNATURE_VERSION') { 'v4' }, http_open_timeout: ENV.fetch('S3_OPEN_TIMEOUT'){ '5' }.to_i, - http_read_timeout: 5, + http_read_timeout: ENV.fetch('S3_READ_TIMEOUT'){ '5' }.to_i, http_idle_timeout: 5, retry_limit: 0, } diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index f11e87b11..4904b8d57 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -42,6 +42,10 @@ class Rack::Attack req.remote_ip == '127.0.0.1' || req.remote_ip == '::1' end + Rack::Attack.blocklist('deny from blocklist') do |req| + IpBlock.blocked?(req.remote_ip) + end + throttle('throttle_authenticated_api', limit: 300, period: 5.minutes) do |req| req.authenticated_user_id if req.api_request? end diff --git a/config/initializers/twitter_regex.rb b/config/initializers/twitter_regex.rb index f84f7c0cb..7f99a0005 100644 --- a/config/initializers/twitter_regex.rb +++ b/config/initializers/twitter_regex.rb @@ -29,7 +29,7 @@ module Twitter ( # $1 total match (#{REGEXEN[:valid_url_preceding_chars]}) # $2 Preceding character ( # $3 URL - ((?:https?|dat|dweb|ipfs|ipns|ssb|gopher):\/\/)? # $4 Protocol (optional) + ((?:https?|dat|dweb|ipfs|ipns|ssb|gopher|gemini):\/\/)? # $4 Protocol (optional) (#{REGEXEN[:valid_domain]}) # $5 Domain(s) (?::(#{REGEXEN[:valid_port_number]}))? # $6 Port number (optional) (/#{REGEXEN[:valid_url_path]}*)? # $7 URL Path and anchor diff --git a/config/locales/en.yml b/config/locales/en.yml index 427b2c3fc..084006a2a 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -223,12 +223,14 @@ en: create_domain_allow: Create Domain Allow create_domain_block: Create Domain Block create_email_domain_block: Create E-mail Domain Block + create_ip_block: Create IP rule demote_user: Demote User destroy_announcement: Delete Announcement destroy_custom_emoji: Delete Custom Emoji destroy_domain_allow: Delete Domain Allow destroy_domain_block: Delete Domain Block destroy_email_domain_block: Delete e-mail domain block + destroy_ip_block: Delete IP rule destroy_status: Delete Status disable_2fa_user: Disable 2FA disable_custom_emoji: Disable Custom Emoji @@ -259,12 +261,14 @@ en: create_domain_allow: "%{name} allowed federation with domain %{target}" create_domain_block: "%{name} blocked domain %{target}" create_email_domain_block: "%{name} blocked e-mail domain %{target}" + create_ip_block: "%{name} created rule for IP %{target}" demote_user: "%{name} demoted user %{target}" destroy_announcement: "%{name} deleted announcement %{target}" destroy_custom_emoji: "%{name} destroyed emoji %{target}" destroy_domain_allow: "%{name} disallowed federation with domain %{target}" destroy_domain_block: "%{name} unblocked domain %{target}" destroy_email_domain_block: "%{name} unblocked e-mail domain %{target}" + destroy_ip_block: "%{name} deleted rule for IP %{target}" destroy_status: "%{name} removed status by %{target}" disable_2fa_user: "%{name} disabled two factor requirement for user %{target}" disable_custom_emoji: "%{name} disabled emoji %{target}" @@ -449,6 +453,21 @@ en: expired: Expired title: Filter title: Invites + ip_blocks: + add_new: Create rule + created_msg: Successfully added new IP rule + delete: Delete + expires_in: + '1209600': 2 weeks + '15778476': 6 months + '2629746': 1 month + '31556952': 1 year + '86400': 1 day + '94670856': 3 years + new: + title: Create new IP rule + no_ip_block_selected: No IP rules were changed as none were selected + title: IP rules pending_accounts: title: Pending accounts (%{count}) relationships: diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml index 910e77ec2..b69487953 100644 --- a/config/locales/simple_form.en.yml +++ b/config/locales/simple_form.en.yml @@ -65,6 +65,14 @@ en: data: CSV file exported from another Mastodon server invite_request: text: This will help us review your application + ip_block: + comment: Optional. Remember why you added this rule. + expires_in: IP addresses are a finite resource, they are sometimes shared and often change hands. For this reason, indefinite IP blocks are not recommended. + ip: Enter an IPv4 or IPv6 address. You can block entire ranges using the CIDR syntax. Be careful not to lock yourself out! + severities: + no_access: Block access to all resources + sign_up_requires_approval: New sign-ups will require your approval + severity: Choose what will happen with requests from this IP sessions: otp: 'Enter the two-factor code generated by your phone app or use one of your recovery codes:' webauthn: If it's an USB key be sure to insert it and, if necessary, tap it. @@ -136,6 +144,7 @@ en: setting_default_privacy: Posting privacy setting_default_sensitive: Always mark media as sensitive setting_delete_modal: Show confirmation dialog before deleting a toot + setting_disable_swiping: Disable swiping motions setting_display_media: Media display setting_display_media_default: Default setting_display_media_hide_all: Hide all @@ -169,6 +178,13 @@ en: comment: Comment invite_request: text: Why do you want to join? + ip_block: + comment: Comment + ip: IP + severities: + no_access: Block access + sign_up_requires_approval: Limit sign-ups + severity: Rule notification_emails: digest: Send digest e-mails favourite: Someone favourited your status diff --git a/config/navigation.rb b/config/navigation.rb index 5fcbd2fe4..cb97709d6 100644 --- a/config/navigation.rb +++ b/config/navigation.rb @@ -51,6 +51,7 @@ SimpleNavigation::Configuration.run do |navigation| s.item :tags, safe_join([fa_icon('hashtag fw'), t('admin.tags.title')]), admin_tags_path, highlights_on: %r{/admin/tags} s.item :instances, safe_join([fa_icon('cloud fw'), t('admin.instances.title')]), admin_instances_url, highlights_on: %r{/admin/instances|/admin/domain_blocks|/admin/domain_allows}, if: -> { current_user.admin? } s.item :email_domain_blocks, safe_join([fa_icon('envelope fw'), t('admin.email_domain_blocks.title')]), admin_email_domain_blocks_url, highlights_on: %r{/admin/email_domain_blocks}, if: -> { current_user.admin? } + s.item :ip_blocks, safe_join([fa_icon('ban fw'), t('admin.ip_blocks.title')]), admin_ip_blocks_url, highlights_on: %r{/admin/ip_blocks}, if: -> { current_user.admin? } end n.item :admin, safe_join([fa_icon('cogs fw'), t('admin.title')]), admin_dashboard_url, if: proc { current_user.staff? } do |s| diff --git a/config/routes.rb b/config/routes.rb index 13b744bf8..377ae3c46 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -55,10 +55,10 @@ Rails.application.routes.draw do devise_for :users, path: 'auth', controllers: { omniauth_callbacks: 'auth/omniauth_callbacks', - sessions: 'auth/sessions', - registrations: 'auth/registrations', - passwords: 'auth/passwords', - confirmations: 'auth/confirmations', + sessions: 'auth/sessions', + registrations: 'auth/registrations', + passwords: 'auth/passwords', + confirmations: 'auth/confirmations', } get '/users/:username', to: redirect('/@%{username}'), constraints: lambda { |req| req.format.nil? || req.format.html? } @@ -86,6 +86,7 @@ Rails.application.routes.draw do resource :inbox, only: [:create], module: :activitypub resource :claim, only: [:create], module: :activitypub resources :collections, only: [:show], module: :activitypub + resource :followers_synchronization, only: [:show], module: :activitypub end resource :inbox, only: [:create], module: :activitypub @@ -294,6 +295,12 @@ Rails.application.routes.draw do resource :two_factor_authentication, only: [:destroy] end + resources :ip_blocks, only: [:index, :new, :create] do + collection do + post :batch + end + end + resources :account_moderation_notes, only: [:create, :destroy] resources :tags, only: [:index, :show, :update] do @@ -395,11 +402,7 @@ Rails.application.routes.draw do resources :media, only: [:create, :update, :show] resources :blocks, only: [:index] - resources :mutes, only: [:index] do - collection do - get 'details' - end - end + resources :mutes, only: [:index] resources :favourites, only: [:index] resources :bookmarks, only: [:index] resources :reports, only: [:create] diff --git a/config/settings.yml b/config/settings.yml index be9fe093a..0877fe111 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -27,6 +27,7 @@ defaults: &defaults expand_spoilers: false preview_sensitive_media: false reduce_motion: false + disable_swiping: false show_application: false system_font_ui: false system_emoji_font: false diff --git a/config/webpack/configuration.js b/config/webpack/configuration.js index 926af9b39..b34ba0e0a 100644 --- a/config/webpack/configuration.js +++ b/config/webpack/configuration.js @@ -57,22 +57,9 @@ for (let i = 0; i < skinFiles.length; i++) { } } -function removeOuterSlashes(string) { - return string.replace(/^\/*/, '').replace(/\/*$/, ''); -} - -function formatPublicPath(host = '', path = '') { - let formattedHost = removeOuterSlashes(host); - if (formattedHost && !/^http/i.test(formattedHost)) { - formattedHost = `//${formattedHost}`; - } - const formattedPath = removeOuterSlashes(path); - return `${formattedHost}/${formattedPath}/`; -} - const output = { path: resolve('public', settings.public_output_path), - publicPath: formatPublicPath(env.CDN_HOST, settings.public_output_path), + publicPath: `/${settings.public_output_path}/`, }; module.exports = { @@ -80,8 +67,8 @@ module.exports = { core, flavours, env: { - CDN_HOST: env.CDN_HOST, NODE_ENV: env.NODE_ENV, + PUBLIC_OUTPUT_PATH: settings.public_output_path, }, output, }; |