about summary refs log tree commit diff
path: root/app/controllers/api/v1
AgeCommit message (Collapse)Author
2017-11-15Filter searched toots to be consistent with blocking behaviors (#5383)ThibG
2017-11-11Add moderator role and add pundit policies for admin actions (#5635)Eugen Rochko
* Add moderator role and add pundit policies for admin actions * Add rake task for turning user into mod and revoking it again * Fix handling of unauthorized exception * Deliver new report e-mails to staff, not just admins * Add promote/demote to admin UI, hide some actions conditionally * Fix unused i18n
2017-10-09Fix pagination in Api::V1::BlocksController (#5285)Akihiko Odaki
2017-10-05Improve admin UI for custom emojis, add copy/disable/enable (#5231)Eugen Rochko
2017-10-04Non-Serial ("Snowflake") IDs (#4801)aschmitz
* Use non-serial IDs This change makes a number of nontrivial tweaks to the data model in Mastodon: * All IDs are now 8 byte integers (rather than mixed 4- and 8-byte) * IDs are now assigned as: * Top 6 bytes: millisecond-resolution time from epoch * Bottom 2 bytes: serial (within the millisecond) sequence number * See /lib/tasks/db.rake's `define_timestamp_id` for details, but note that the purpose of these changes is to make it difficult to determine the number of objects in a table from the ID of any object. * The Redis sorted set used for the feed will have values used to look up toots, rather than scores. This is almost always the same as the existing behavior, except in the case of boosted toots. This change was made because Redis stores scores as double-precision floats, which cannot store the new ID format exactly. Note that this doesn't cause problems with sorting/pagination, because ZREVRANGEBYSCORE sorts lexicographically when scores are tied. (This will still cause sorting issues when the ID gains a new significant digit, but that's extraordinarily uncommon.) Note a couple of tradeoffs have been made in this commit: * lib/tasks/db.rake is used to enforce many/most column constraints, because this commit seems likely to take a while to bring upstream. Enforcing a post-migrate hook is an easier way to maintain the code in the interim. * Boosted toots will appear in the timeline as many times as they have been boosted. This is a tradeoff due to the way the feed is saved in Redis at the moment, but will be handled by a future commit. This would effectively close Mastodon's #1059, as it is a snowflake-like system of generating IDs. However, given how involved the changes were simply within Mastodon, it may have unexpected interactions with some clients, if they store IDs as doubles (or as 4-byte integers). This was a problem that Twitter ran into with their "snowflake" transition, particularly in JavaScript clients that treated IDs as JS integers, rather than strings. It therefore would be useful to test these changes at least in the web interface and popular clients before pushing them to all users. * Fix JavaScript interface with long IDs Somewhat predictably, the JS interface handled IDs as numbers, which in JS are IEEE double-precision floats. This loses some precision when working with numbers as large as those generated by the new ID scheme, so we instead handle them here as strings. This is relatively simple, and doesn't appear to have caused any problems, but should definitely be tested more thoroughly than the built-in tests. Several days of use appear to support this working properly. BREAKING CHANGE: The major(!) change here is that IDs are now returned as strings by the REST endpoints, rather than as integers. In practice, relatively few changes were required to make the existing JS UI work with this change, but it will likely hit API clients pretty hard: it's an entirely different type to consume. (The one API client I tested, Tusky, handles this with no problems, however.) Twitter ran into this issue when introducing Snowflake IDs, and decided to instead introduce an `id_str` field in JSON responses. I have opted to *not* do that, and instead force all IDs to 64-bit integers represented by strings in one go. (I believe Twitter exacerbated their problem by rolling out the changes three times: once for statuses, once for DMs, and once for user IDs, as well as by leaving an integer ID value in JSON. As they said, "If you’re using the `id` field with JSON in a Javascript-related language, there is a very high likelihood that the integers will be silently munged by Javascript interpreters. In most cases, this will result in behavior such as being unable to load or delete a specific direct message, because the ID you're sending to the API is different than the actual identifier associated with the message." [1]) However, given that this is a significant change for API users, alternatives or a transition time may be appropriate. 1: https://blog.twitter.com/developer/en_us/a/2011/direct-messages-going-snowflake-on-sep-30-2011.html * Restructure feed pushes/unpushes This was necessary because the previous behavior used Redis zset scores to identify statuses, but those are IEEE double-precision floats, so we can't actually use them to identify all 64-bit IDs. However, it leaves the code in a much better state for refactoring reblog handling / coalescing. Feed-management code has been consolidated in FeedManager, including: * BatchedRemoveStatusService no longer directly manipulates feed zsets * RemoveStatusService no longer directly manipulates feed zsets * PrecomputeFeedService has moved its logic to FeedManager#populate_feed (PrecomputeFeedService largely made lots of calls to FeedManager, but didn't follow the normal adding-to-feed process.) This has the effect of unifying all of the feed push/unpush logic in FeedManager, making it much more tractable to update it in the future. Due to some additional checks that must be made during, for example, batch status removals, some Redis pipelining has been removed. It does not appear that this should cause significantly increased load, but if necessary, some optimizations are possible in batch cases. These were omitted in the pursuit of simplicity, but a batch_push and batch_unpush would be possible in the future. Tests were added to verify that pushes happen under expected conditions, and to verify reblog behavior (both on pushing and unpushing). In the case of unpushing, this includes testing behavior that currently leads to confusion such as Mastodon's #2817, but this codifies that the behavior is currently expected. * Rubocop fixes I could swear I made these changes already, but I must have lost them somewhere along the line. * Address review comments This addresses the first two comments from review of this feature: https://github.com/tootsuite/mastodon/pull/4801#discussion_r139336735 https://github.com/tootsuite/mastodon/pull/4801#discussion_r139336931 This adds an optional argument to FeedManager#key, the subtype of feed key to generate. It also tests to ensure that FeedManager's settings are such that reblogs won't be tracked forever. * Hardcode IdToBigints migration columns This addresses a comment during review: https://github.com/tootsuite/mastodon/pull/4801#discussion_r139337452 This means we'll need to make sure that all _id columns going forward are bigints, but that should happen automatically in most cases. * Additional fixes for stringified IDs in JSON These should be the last two. These were identified using eslint to try to identify any plain casts to JavaScript numbers. (Some such casts are legitimate, but these were not.) Adding the following to .eslintrc.yml will identify casts to numbers: ~~~ no-restricted-syntax: - warn - selector: UnaryExpression[operator='+'] > :not(Literal) message: Avoid the use of unary + - selector: CallExpression[callee.name='Number'] message: Casting with Number() may coerce string IDs to numbers ~~~ The remaining three casts appear legitimate: two casts to array indices, one in a server to turn an environment variable into a number. * Only implement timestamp IDs for Status IDs Per discussion in #4801, this is only being merged in for Status IDs at this point. We do this in a migration, as there is no longer use for a post-migration hook. We keep the initialization of the timestamp_id function as a Rake task, as it is also needed after db:schema:load (as db/schema.rb doesn't store Postgres functions). * Change internal streaming payloads to stringified IDs as well This is equivalent to 591a9af356faf2d5c7e66e3ec715502796c875cd from #5019, with an extra change for the addition to FeedManager#unpush. * Ensure we have a status_id_seq sequence Apparently this is not a given when specifying a custom ID function, so now we ensure it gets created. This uses the generic version of this function to more easily support adding additional tables with timestamp IDs in the future, although it would be possible to cut this down to a less generic version if necessary. It is only run during db:schema:load or the relevant migration, so the overhead is extraordinarily minimal. * Transition reblogs to new Redis format This provides a one-way migration to transition old Redis reblog entries into the new format, with a separate tracking entry for reblogs. It is not invertible because doing so could (if timestamp IDs are used) require a database query for each status in each users' feed, which is likely to be a significant toll on major instances. * Address review comments from @akihikodaki No functional changes. * Additional review changes * Heredoc cleanup * Run db:schema:load hooks for test in development This matches the behavior in Rails' ActiveRecord::Tasks::DatabaseTasks.each_current_configuration, which would otherwise break `rake db:setup` in development. It also moves some functionality out to a library, which will be a good place to put additional related functionality in the near future.
2017-09-30Fix #5104 - GET /api/v1/apps/verify_credentials to confirm app works (#5112)Eugen Rochko
2017-09-28Add ability to specify alternative text for media attachments (#5123)Eugen Rochko
* Fix #117 - Add ability to specify alternative text for media attachments - POST /api/v1/media accepts `description` straight away - PUT /api/v1/media/:id to update `description` (only for unattached ones) - Serialized as `name` of Document object in ActivityPub - Uploads form adjusted for better performance and description input * Add tests * Change undo button blend mode to difference
2017-09-23New API: GET /api/v1/custom_emojis to get a server's custom emojis (#5051)Eugen Rochko
2017-09-11Fix error when following locked accounts (#4896)Eugen Rochko
2017-09-10Fix POST /api/v1/follows error when already following (#4878)Eugen Rochko
2017-09-05Fix #4794 - Fake instant follow in API response when account is believed ↵Eugen Rochko
unlocked (#4799)
2017-09-01Make PreviewCard records reuseable between statuses (#4642)Eugen Rochko
* Make PreviewCard records reuseable between statuses **Warning!** Migration truncates preview_cards tablec * Allow a wider thumbnail for link preview, display it in horizontal layout (#4648) * Delete preview cards files before truncating * Rename old table instead of truncating it * Add mastodon:maintenance:remove_deprecated_preview_cards * Ignore deprecated_preview_cards in schema definition * Fix null behaviour
2017-08-26authorize-follow-requests-after-unlocking (#4658)masarakki
2017-08-25Pinned statuses (#4675)Eugen Rochko
* Pinned statuses * yarn manage:translations
2017-08-21Fix #4637 - Re-add missing doorkeeper_authorize for ↵Eugen Rochko
/api/v1/verify_credentials (#4650)
2017-08-13ActivityPub delivery (#4566)Eugen Rochko
* Deliver ActivityPub Like * Deliver ActivityPub Undo-Like * Deliver ActivityPub Create/Announce activities * Deliver ActivityPub creates from mentions * Deliver ActivityPub Block/Undo-Block * Deliver ActivityPub Accept/Reject-Follow * Deliver ActivityPub Undo-Follow * Deliver ActivityPub Follow * Deliver ActivityPub Delete activities Incidentally fix #889 * Adjust BatchedRemoveStatusService for ActivityPub * Add tests for ActivityPub workers * Add tests for FollowService * Add tests for FavouriteService, UnfollowService and PostStatusService * Add tests for ReblogService, BlockService, UnblockService, ProcessMentionsService * Add tests for AuthorizeFollowService, RejectFollowService, RemoveStatusService * Add tests for BatchedRemoveStatusService * Deliver updates to a local account to ActivityPub followers * Minor adjustments
2017-07-25Merge queries in Api::V1::FavouritesController (#4359)Akihiko Odaki
2017-07-14Fix response of unreblog/unfavourite APIs (#4204)unarist
Both APIs process asynchronously, so reblogged/favourited fields in the response should be set to `false` manually.
2017-07-11Fix #3462 - Require authentication for search API (#4155)Eugen Rochko
This makes it consistent with /api/v1/accounts/search and previous behaviour has been an oversight.
2017-07-10Add attribute for default privacy to verify credentials (#4075)Yamagishi Kazutoshi
* Add attribute for default privacy to verify credentials * add raw_note * source
2017-07-07Refactor JSON templates to be generated with ActiveModelSerializers instead ↵Eugen Rochko
of Rabl (#4090)
2017-06-27Fix #1624 - Send e-mail notifications to admins about new reports (#3949)Eugen Rochko
2017-06-10Move create/destroy actions for api/v1/statuses to namespace (#3678)Matt Jankowski
Each of mute, favourite, reblog has been updated to: - Have a separate controller with just a create and destroy action - Preserve historical route names to not break the API - Mild refactoring to break up long methods
2017-06-09Move reblogged_by and favourited_by actions out of api/v1/statuses and into ↵Matt Jankowski
unique controllers (#3646) * Add specs for api statuses routes * Update favourited_by and reblogged_by api routes * Move methods into new controllers * Use load_accounts methods to simplify index actions * Clean up load_accounts methods * Clean up link header generation * Check for link headers in specs * Remove unused actions from api/v1/statuses controller * Remove specs for moved actions
2017-06-08Improve RuboCop rules (compatibility to Code Climate) (#3636)Yamagishi Kazutoshi
https://github.com/codeclimate/codeclimate-rubocop/blob/08f8de84ebfb39caa96391e23816877278f6441c/Gemfile.lock#L38 Code Climate is using RuboCop v0.46.0. Change several rules to maintain compatibility.
2017-06-07Clean up for api/base controller (#3629)Matt Jankowski
* Move ApiController to Api/BaseController * API controllers inherit from Api::BaseController * Add coverage for various error cases in api/base controller
2017-06-05Redirect to streaming_api_base_url (#3579)Daigo 3 Dango
* Redirect to streaming_api_base_url When Rails receives a request to streaming API, it most likely means that there is another host which is configured to respond to it. This is to redirect clients to that host if `STREAMING_API_BASE_URL` is set as another host. * Use the new Ruby 1.9 hash syntax
2017-06-04Fix limit_param in favourites_controller.rb (#3553)Naoki Kosaka
2017-05-31Spec coverage and refactor for the api/v1/accounts controllers (#3451)Matt Jankowski
2017-05-31Improve spec coverage and clean up api/v1/blocks controller (#3464)Matt Jankowski
2017-05-31Improve spec coverage and clean up api/v1/follow_requests controller (#3465)Matt Jankowski
2017-05-31Improve spec coverage and clean up api/v1/domain_blocks controller (#3466)Matt Jankowski
2017-05-31Refactor api/v1/notifications controller (#3470)Matt Jankowski
2017-05-31Improve spec coverage and clean up api/v1/favourites controller (#3472)Matt Jankowski
2017-05-31Improve spec coverage and clean up api/v1/mutes controller (#3481)Matt Jankowski
2017-05-31Refactor and spec coverage for api/v1/timelines actions (#3482)Matt Jankowski
2017-05-30Refactor api/v1/apps controller (#3471)Matt Jankowski
2017-05-30Refactor api/v1/reports controller (#3469)Matt Jankowski
2017-05-30Refactor api/v1/search controller (#3468)Matt Jankowski
2017-05-30Improve spec coverage and clean up api/v1/media controller (#3467)Matt Jankowski
2017-05-30Add status destroy authorization to policy (#3453)Jack Jennings
* Add status destroy authorization to policy * Create explicit unreblog status authorization
2017-05-29Extract authorization policy for viewing statuses (#3150)Jack Jennings
2017-05-25More use of next link header on account (media) timelines (#3311)unarist
This will reduce requests on who have only few statuses. - Use next link header to detect more items from first request - Omit next link header if result items are fewer than requested count (It had omit it only if result was empty before)
2017-05-23Fix following/followers API to return correct link headers (#3268)unarist
Link headers in following/followers API should include follow_id as max_id/since_id. However, these API use current_user's account_id instead of follow_id from #3167. This causes irrelevant result on loading more users.
2017-05-23Refactor of API timeline actions (#3263)Matt Jankowski
- Increase coverage to exercise all parts of each action - Move into namespace to share common code - Misc refactor of each action for smaller methods, simpler code
2017-05-21Fix mutes_controller error and incorrect statuses_controller report (#3202)Akihiko Odaki
This commit fixes a regression in commit f55480756337dd4df7513e89673e81e003f1201a.
2017-05-20Fix regressions in api/v1 (#3178)Akihiko Odaki
The regressions are introduced at commit f55480756337dd4df7513e89673e81e003f1201a by me (Akihiko Odaki)
2017-05-20Fix block list 500 (#3174)Yamagishi Kazutoshi
2017-05-20Use joins for account properties (#3167)Akihiko Odaki
2017-05-19Add buttons to block and unblock domain (#3127)Eugen Rochko
* Add buttons to block and unblock domain * Relationship API now returns "domain_blocking" status for accounts, rename "block entire domain" to "hide entire domain", fix unblocking domain, do not block notifications from domain-blocked-but-followed people, do not send Salmons to domain blocked users * Add test * Personal domain blocks shouldn't affect Salmon after all, since in this direction of communication the control is very thin when it comes to public stuff. Best stay consistent and not affect federation in this way * Ignore followers and follow request from domain blocked folks, ensure account domain blocks are not created for empty domain, and avoid duplicates in validation * Purge followers when blocking domain (without soft-blocks, since they are useless here) * Add tests, fix local timeline being empty when having any domain blocks