about summary refs log tree commit diff
path: root/app/lib
AgeCommit message (Collapse)Author
2020-11-19Add cache buster feature for media files (#15155)Eugen Rochko
Nginx can be configured to bypass proxy cache when a special header is in the request. If the response is cacheable, it will replace the cache for that request. Proxy caching of media files is desirable when using object storage as a way of minimizing bandwidth costs, but has the drawback of leaving deleted media files for a configured amount of cache time. A cache buster can make those media files immediately unavailable. This especially makes sense when suspending and unsuspending an account.
2020-11-12Fix streaming API allowing connections to persist after access token ↵Eugen Rochko
invalidation (#15111) Fix #14816
2020-11-09Fix Move handler not being triggered when failing to fetch target (#15107)ThibG
When failing to fetch the target account, the ProcessingWorker fails as expected, but since it hasn't cleared the `move_in_progress` flag, the next attempt at processing skips the `Move` activity altogether. This commit changes it to clear the flag when encountering any unexpected error on fetching the target account. This is likely to occur because, of, e.g., a timeout, when many instances query the same actor at the same time.
2020-11-08Add support for reversible suspensions through ActivityPub (#14989)Eugen Rochko
2020-11-04Add account sensitized (#14361)Takeshi Umeda
* Add account sensitized * Fix i18n normalize * Fix description and spec * Fix spec * Fix wording
2020-10-21Add follower synchronization mechanism (#14510)ThibG
* Add support for followers synchronization on the receiving end Check the `collectionSynchronization` attribute on `Create` and `Announce` activities and synchronize followers from provided collection if possible. * Add tests for followers synchronization on the receiving end * Add support for follower synchronization on the sender's end * Add tests for the sending end * Switch from AS attributes to HTTP header Replace the custom `collectionSynchronization` ActivityStreams attribute by an HTTP header (`X-AS-Collection-Synchronization`) with the same syntax as the `Signature` header and the following fields: - `collectionId` to specify which collection to synchronize - `digest` for the SHA256 hex-digest of the list of followers known on the receiving instance (where “receiving instance” is determined by accounts sharing the same host name for their ActivityPub actor `id`) - `url` of a collection that should be fetched by the instance actor Internally, move away from the webfinger-based `domain` attribute and use account `uri` prefix to group accounts. * Add environment variable to disable followers synchronization Since the whole mechanism relies on some new preconditions that, in some extremely rare cases, might not be met, add an environment variable (DISABLE_FOLLOWERS_SYNCHRONIZATION) to disable the mechanism altogether and avoid followers being incorrectly removed. The current conditions are: 1. all managed accounts' actor `id` and inbox URL have the same URI scheme and netloc. 2. all accounts whose actor `id` or inbox URL share the same URI scheme and netloc as a managed account must be managed by the same Mastodon instance as well. As far as Mastodon is concerned, breaking those preconditions require extensive configuration changes in the reverse proxy and might also cause other issues. Therefore, this environment variable provides a way out for people with highly unusual configurations, and can be safely ignored for the overwhelming majority of Mastodon administrators. * Only set follower synchronization header on non-public statuses This is to avoid unnecessary computations and allow Follow-related activities to be handled by the usual codepath instead of going through the synchronization mechanism (otherwise, any Follow/Undo/Accept activity would trigger the synchronization mechanism even if processing the activity itself would be enough to re-introduce synchronization) * Change how ActivityPub::SynchronizeFollowersService handles follow requests If the remote lists a local follower which we only know has sent a follow request, consider the follow request as accepted instead of sending an Undo. * Integrate review feeback - rename X-AS-Collection-Synchronization to Collection-Synchronization - various minor refactoring and code style changes * Only select required fields when computing followers_hash * Use actor URI rather than webfinger domain in synchronization endpoint * Change hash computation to be a XOR of individual hashes Makes it much easier to be memory-efficient, and avoid sorting discrepancy issues. * Marginally improve followers_hash computation speed * Further improve hash computation performances by using pluck_each
2020-10-20Removed disabling comments for Style/MethodMissingSuper (#15014)abcang
* Removed disabling comments for Style/MethodMissingSuper * Update rubocop for codeclimate
2020-10-19Add support for Gemini urls (#15013)Josh Leeb-du Toit
This PR updates the `valid_url` regex and sanitizer allowlist to provide support for Gemini urls. Closes #14991
2020-10-13Fix a bear check when the activity object is nil (#14981)Takeshi Umeda
2020-10-12Add IP-based rules (#14963)Eugen Rochko
2020-10-08Remove dependency on goldfinger gem (#14919)Eugen Rochko
There are edge cases where requests to certain hosts timeout when using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now that we no longer need to support OStatus servers, webfinger logic is so simple that there is no point encapsulating it in a gem, so we can just use our own Request class. With that, we benefit from more robust timeout code and IPv4/IPv6 resolution. Fix #14091
2020-09-30Add option to disable swiping motions across the WebUI (#13885)ThibG
Fixes #13882
2020-09-26Add environment variable to allow requests to some private addresses (#14722)ThibG
2020-09-18Add option to be notified when a followed user posts (#13546)Eugen Rochko
* Add bell button Fix #4890 * Remove duplicate type from post-deployment migration * Fix legacy class type mappings * Improve query performance with better index * Fix validation * Remove redundant index from notifications
2020-09-15Change account suspensions to be reversible by default (#14726)Eugen Rochko
2020-09-08Refactor feed manager (#14761)Eugen Rochko
2020-09-07Fix multiple boosts of a same toot erroneously appearing in TL (#14759)ThibG
* Check for and record reblog info atomically Instead of using ZREVRANK to determine whether a reblog is a new reblog or not, use ZADD's NX option to perform the check/addition option atomically. * Replace ZREVRANK call with ZSCORE key which is more efficient * Make tests a bit stricter * Fix off-by-one
2020-09-02Add featured hashtags as an ActivityPub collection (#11595)Eugen Rochko
2020-09-01Add configuration option to filter replies in lists (#9205)ThibG
* Add database support for list show-reply preferences * Add backend support to read and update list-specific show_replies settings * Add basic UI to set list replies setting * Add specs for list replies policy * Switch "cycling" reply policy link to a set of radio inputs * Capitalize replies_policy strings * Change radio button design to be consistent with that of the directory explorer
2020-09-01Change own direct-visibility statuses to be in the home feed again (#14711)Eugen Rochko
And remove highlighting in web UI Full circle from #8940
2020-09-01Bump rubocop from 0.86.0 to 0.88.0 (#14412)dependabot[bot]
* Bump rubocop from 0.86.0 to 0.88.0 Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.86.0 to 0.88.0. - [Release notes](https://github.com/rubocop-hq/rubocop/releases) - [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.86.0...v0.88.0) Signed-off-by: dependabot[bot] <support@github.com> * Fix for latest RuboCop Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2020-08-30Add support for dereferencing objects through bearcaps (#14683)Eugen Rochko
2020-08-24Fix dereferencing remote statuses not using the correct account (#14656)ThibG
Follow-up to #14359 In the case of limited toots, the receiver may not be explicitly part of the audience. If a specific user's inbox URI was specified, it makes sense to dereference the toot from the corresponding user, instead of trying to find someone in the explicit audience.
2020-08-24Add support for inlined objects in activity audience (#14514)ThibG
* Add support for inlined objects in activity audience * Add tests
2020-08-01Fix handling of Reject Follow when a matching follow relationship exists ↵ThibG
(#14479) * Add tests * Fix handling of Reject Follow when a matching follow relationship exists Regression from #12199
2020-07-22Fix not handling Undo on some activity types when they aren't inlined (#14346)ThibG
* Fix not handling Undo on some activity types when they aren't inlined When receiving an Undo for a non-inlined activity, try looking it up in database using the URI. The queries are ad-hoc because we don't have a global index of object URIs, and not all activity types are stored in database with an index on their URI. Announces are just statuses, and have an index on URIs, so this check can be done efficiently. Accepts cannot be handled at all because we don't record their URI at any point. Follows don't have an index on URI, but they have an index on the issuing account, which should make such queries largely manageable. Likes don't have an index on URI, they have an index on the issuing account, but the number of favs per account may be very high, so I decided not to handle that. Blocks don't have an index on URI, but they have an index on the issuing account, which should make such queries largely manageable. In all cases, if an Undo could not be handled properly, we call `delete_later!` because that does not require us to know more than the URI of the undone property. * Add tests * Make newer blocks overwrite older ones Allows re-synchronizing block info by re-blocking and un-blocking again when the original Undo Block has been lost.
2020-07-22Dereference object URIs in Create and Update messages (#14359)ThibG
* Dereference object URIs in Create and Update messages Fixes #14353 Signed-off-by: Thibaut Girka <thib@sitedethib.com> * Refactor, and perform origin check *before* attempting to fetch object Co-authored-by: Fire Demon <firedemon@creature.cafe>
2020-07-20Fix to add RedisLock to handle Announce activity (#14365)Takeshi Umeda
2020-07-19Fix movie width and frame_rate returning nil (#14357)Takeshi Umeda
* Fix movie width and frame_rate returning nil * Add StreamValidationError and raise * Fix code style
2020-07-17Fix boosted toots from blocked account not being retroactively removed from ↵ThibG
TL (#14339) * Fix boosted toots from blocked account not being retroactively removed from TL Fixes #14301 * Add test for clear_from_timeline
2020-07-14Improve group processing (#14279)Takeshi Umeda
* Fix the local group's followers collection * Fix to accept followed relayed_through_account * Add local delivery to the group's followers * Fix code style * Revert "Add local delivery to the group's followers" This reverts commit 3237effc199772e4c4d30f19082cbc5633f56196.
2020-07-14Fix rubocop warning (#14288)abcang
* Fix rubocop warning * use limit variable * use ContextCreatingMethods option
2020-07-01Change Redis#exists calls to Redis#exists? to avoid deprecation warning (#14191)Eugen Rochko
2020-06-30Fix remote files not using Content-Type header, streaming (#14184)Eugen Rochko
2020-06-29Add customizable thumbnails for audio and video attachments (#14145)Eugen Rochko
- Change audio files to not be stripped of metadata - Automatically extract cover art from audio if it exists - Add `thumbnail` parameter to `POST /api/v1/media`, `POST /api/v2/media` and `PUT /api/v1/media/:id` - Add `icon` to represent it in attachments in ActivityPub - Fix `preview_url` containing URL of missing missing image when there is no thumbnail instead of null - Fix duration of audio not being displayed on public pages until the file is loaded
2020-06-25Fix Thai being skipped from language detection (#13989)Sasha Sorokin
Thai does not separate words by spaces, so I figured out it should be in 'reliable characters regexp' that denotes languages that do the same. Related #13891.
2020-06-23Fix crash in MergeWorker (#14129)ThibG
Similarly to #12324, the code is passing an Account object where an id is expected.
2020-06-09FIX: filters ignore media descriptions (#13837)Ben Lubar
* FIX: filters ignore media descriptions * remove parentheses to make codeclimate happy * combine the text and run the regular expression only once. https://github.com/tootsuite/mastodon/pull/13837#discussion_r431752581 * Fix use of “filter” instead of “compact”, fix coding style issues Co-authored-by: Thibaut Girka <thib@sitedethib.com>
2020-06-02Add E2EE API (#13820)Eugen Rochko
2020-05-15Add support for `summary` field for media description (#13763)ThibG
2020-05-14Fix webfinger returning wrong status code on malformed or missing param (#13759)ThibG
Fixes #13757
2020-05-12Fix keybase config serializer (#13742)Takeshi Umeda
2020-05-10Fix error within error when limiting backtrace to 3 lines (#13120)Eugen Rochko
Fix #13086, close #13113
2020-05-10Improve RSS entries for statuses (#13592)ThibG
* Improve RSS entries for statuses - Render polls in both accounts and tags serializers - Refactor RSS serializers - Change title preview to include ellipsis when truncated - Change title preview to show CW instead of toot text - Add tests * Remove title from OEmbed serialization Twitter doesn't serialize title either, and tihs allows us to move the title formatting code to the RSS serializers.
2020-04-15Change delivery failure tracking to work with hostnames instead of URLs (#13437)Eugen Rochko
2020-04-05Add rate limit for reporting (#13390)Eugen Rochko
2020-04-05Fix PostgreSQL load when linking in announcements (#13250)ThibG
* Fix PostgreSQL load when linking in announcements Fixes #13245 by caching status lookups Since statuses are supposed to be known already and we only need their URLs and a few other things, caching them should be fine. Since it's only used by announcements so far, there won't be much statuses to cache. * Perform status lookup when saving announcements, not when rendering them * Change EntityCache#status to fetch URLs instead of looking into the database * Move announcement link lookup to publishing worker * Address issues pointed out during review
2020-03-26Change `tootctl media remove-orphans` to work for all classes (#13316)Eugen Rochko
Change `tootctl media lookup` to not use an interactive prompt
2020-03-09Bump cld3 from 3.2.6 to 3.3.0 (#13107)dependabot-preview[bot]
* Bump cld3 from 3.2.6 to 3.3.0 Bumps [cld3](https://github.com/akihikodaki/cld3-ruby) from 3.2.6 to 3.3.0. - [Release notes](https://github.com/akihikodaki/cld3-ruby/releases) - [Commits](https://github.com/akihikodaki/cld3-ruby/compare/v3.2.6...v3.3.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Fix compatibility with cld3 3.3.0 Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2020-03-08Add specific rate limits for posting and following (#13172)Eugen Rochko