Age | Commit message (Collapse) | Author |
|
* Add silent column to mentions
* Save silent mentions in ActivityPub Create handler and optimize it
Move networking calls out of the database transaction
* Add "limited" visibility level masked as "private" in the API
Unlike DMs, limited statuses are pushed into home feeds. The access
control rules between direct and limited statuses is almost the same,
except for counter and conversation logic
* Ensure silent column is non-null, add spec
* Ensure filters don't check silent mentions for blocks/mutes
As those are "this person is also allowed to see" rather than "this
person is involved", therefore does not warrant filtering
* Clean up code
* Use Status#active_mentions to limit returned mentions
* Fix code style issues
* Use Status#active_mentions in Notification
And remove stream_entry eager-loading from Notification
|
|
Regression from #8951
|
|
Mention and emoji code may perform network calls, but does not need
to do that inside the database transaction. This may improve availability
of database connections when using pgBouncer in transaction mode.
|
|
|
|
|
|
* Verify link ownership with rel="me"
* Add explanation about verification to UI
* Perform link verifications
* Add click-to-copy widget for verification HTML
* Redesign edit profile page
* Redesign forms
* Improve responsive design of settings pages
* Restore landing page sign-up form
* Fix typo
* Support <link> tags, add spec
* Fix links not being verified on first discovery and passive updates
|
|
* If an Update is signed with known key, skip re-following procedure
Because it means the remote actor did *not* lose their database
* Add CLI method for rotating keys
bin/tootctl accounts rotate [USERNAME]
Generates a new RSA key per account and sends out an Update activity
signed with the old key.
* Key rotation: Space out Update fan-outs every 5 minutes per 1000 accounts
* Skip suspended accounts in key rotation
|
|
* Spread out crawling randomly to avoid DDoSing the link
Fix #4486
* Remove trailing whitespace
|
|
In the same way as contentMap and nameMap.
|
|
#8376) (#8377)
|
|
* Add Follow#revoke_request!
* Implement Undo { Accept { Follow } } (fixes #8234)
|
|
#8218) (#8244)
|
|
|
|
* Fix incorrect context definition for the "featured" keyword
Fix #8077
* Adjust context definition for movedTo
|
|
* Do not accept ActivityPub follow requests from blocked user
Fix #7745
* Deliver auto-rejection immediately when follow-requested by blocked account
* Fix trailing whitespace
|
|
|
|
|
|
|
|
Fix #7518
|
|
An explicit error allows user agents to know the error and Sidekiq to
retry.
|
|
When an ActivityPub Announce is processed and the boosted toot is not known,
fetch it on behalf of one of the booster's followers. This is to allow
fetching self-boosts of previously-unknown private toots.
If fetching on behalf of a user fails, try fetching it anonymously: the
selected follower of a boosting user may be banned by the boosted toot's
author.
|
|
* Fix handling of malformed ActivityPub payloads when URIs are nil
* Gracefully handle JSON-LD canonicalization failures
|
|
Same URI passed between follow request and follow, since they are
the same thing in ActivityPub. Local URIs are generated during
creation using UUIDs and are passed to serializers.
|
|
* Revert "Fixes/do not override timestamps (#7331)"
This reverts commit 581a5c9d29ef2a12f46b67a1097a9ad6df1c6953.
* Document Snowflake ID corner-case a bit more
Snowflake IDs are used for two purposes: making object identifiers harder to
guess and ensuring they are in chronological order. For this reason, they
are based on the `created_at` attribute of the object.
Unfortunately, inserting items with older snowflakes IDs will break the
assumption of consumers of the paging APIs that new items will always have
a greater identifier than the last seen one.
* Add `override_timestamps` virtual attribute to not correlate snowflake ID with created_at
|
|
* Do not override timestamps for incoming toots
* Remove every reference to override_timestamps
Statuses are now created with the announced publishing date
and are only pushed to timelines if that date is at most
6 hours earlier than the time at which it is processed.
|
|
|
|
* Add equals_or_includes_any? helper in JsonLdHelper
* Support arrays in JSON-LD type fields for actors/tags/objects.
* Spec for resolving accounts with extension types
* Style tweaks for codeclimate
|
|
* Add bio fields
- Fix #3211
- Fix #232
- Fix #121
* Display bio fields in web UI
* Fix output of links and missing fields
* Federate bio fields over ActivityPub as PropertyValue
* Improve how the fields are stored, add to Edit profile form
* Add rel=me to links in fields
Fix #121
|
|
* Forward deletes on the same path as reply forwarding
* Remove trailing whitespace
|
|
* Support fetching objects of convertible types by URL (fixes #6924)
* Ignore invalid hashtags
|
|
That way, they are displayed in a list below the corresponding toot.
|
|
Fix #6821
|
|
* fix validation error (media only status)
* Incorporating review suggestions
* Reflect similar fix to OStatus side
* Fix not to include media in transaction
* Restore the limit of the number of media
* Fix not to return nil
|
|
|
|
* Federate pinned statuses over ActivityPub
* Display pinned toots in web UI
Fix #6117
* Fix migration
* Fix tests
* Update outbox_serializer.rb
* Update remove_serializer.rb
* Update add_serializer.rb
* Update fetch_featured_collection_service.rb
|
|
|
|
* Fix #2176: Federated reports
* UI for federated reports
* Add spec for ActivityPub Flag handler
* Add spec for ReportService
|
|
* Add focus param to media API, center thumbnails on focus point
* Add UI for setting a focal point
* Improve focal point icon on upload item
* Use focal point in upload preview
* Add focalPoint property to ActivityPub
* Don't show focal point button for non-image attachments
|
|
Time window of 6 hours
|
|
|
|
This may lead to out-of-order notifications, but this is better than not having
notifications at all.
|
|
* Skip ActivityPub Announces of non-public objects
* Skip OStatus reblogs of non-public statuses
|
|
This makes slightly more sense, and ensures that the author of a post is always referenced in the audience (which some servers might rely on). And the announce is POSTed to the author's inbox anyways.
|
|
|
|
* Fix actors accepting invalid URI schemes or different host between URI and URL
* Fix statuses accepting invalid URI scheme or different host to actor
* Adjust tests to new requirements
* Improve readability of mismatching_origin?/invalid_origin? methods
|
|
|
|
* Allow to dereference Follow object for ActivityPub
* Accept IRI as object representation for Accept activity
|
|
There's no reason for an Account record to persist after Delete->Actor is received. SuspendAccountService is necessary to make sure deleted toots get sent over streaming API properly and home feeds get cleaned up. By removing Account record, we can ensure that if in the future the account is restored remotely (or username reused), it can start with a clean slate.
|
|
|
|
|