about summary refs log tree commit diff
path: root/app/lib
AgeCommit message (Collapse)Author
2019-03-08Do not allow adding votes to expired polls (#10214)ThibG
* Do not allow adding votes to expired polls * Only validate expires_at on create
2019-03-07Avoid unnecessarily fetching the replies collection when it is empty (#10201)ThibG
2019-03-05Fix newlines in OStatus and RSS serializations (#10183)ThibG
2019-03-05When serializing polls over OStatus, serialize poll options to text (#10160)ThibG
* When serializing polls over OStatus, serialize poll options to text * Do the same for RSS feeds * Use “[ ] ” as a prefix for poll options instead of “- ”
2019-03-04Store remote votes URI (#10158)ThibG
* Store remote votes URI * Add spec for accepting remote votes * Make poll vote id generation work the same way as follows
2019-03-04Add tests for ActivityPub poll processing (#10143)Eugen Rochko
2019-03-04Fix remote poll expiration time (#10144)Eugen Rochko
2019-03-03Add polls (#10111)Eugen Rochko
* Add polls Fix #1629 * Add tests * Fixes * Change API for creating polls * Use name instead of content for votes * Remove poll validation for remote polls * Add polls to public pages * When updating the poll, update options just in case they were changed * Fix public pages showing both poll and other media
2019-02-28Give the `replies` collection an identifier and enable pagination (#10128)ThibG
2019-02-28Improved remote thread fetching (#10106)ThibG
* Fetch up to 5 replies when discovering a new remote status This is used for resolving threads downwards. The originating server must add a “replies” attributes with such replies for it to be useful. * Add some tests for ActivityPub::FetchRepliesWorker * Add specs for ActivityPub::FetchRepliesService * Serialize up to 5 public self-replies for ActivityPub notes * Add specs for ActivityPub::NoteSerializer * Move exponential backoff logic to a worker concern * Fetch first page of paginated collections when fetching thread replies * Add specs for paginated collections in replies * Move Note replies serialization to a first CollectionPage The collection isn't actually paginable yet as it has no id nor a `next` field. This may come in another PR. * Use pluck(:uri) instead of map(&:uri) to improve performances * Fix fetching replies when they are in a CollectionPage
2019-02-27Fix mention processing for unknwon accounts on incoming ActivityPub Notes ↵ThibG
(#10125) `::FetchRemoteAccountService` is not `ActivityPub::FetchRemoteAccountService`, its second argument is the pre-fetched body. Passing `id: false` actually passed a `Hash` as the prefetched body, instead of properly resolving unknown remote accounts.
2019-02-17Fix Announce activities of unknown statuses not fetching those statuses (#10065)Eugen Rochko
Regression from #9998
2019-02-17Add logging for rejected ActivityPub payloads and add tests (#10062)Eugen Rochko
2019-02-15Filter incoming Announce activities by relation to local activity (#10041)Eugen Rochko
* Filter incoming Announce activities by relation to local activity Reject if announcer is not followed by local accounts, and is not from an enabled relay, and the object is not a local status Follow-up to #10005 * Fix tests
2019-02-13Filter incoming Create activities by relation to local activity (#10005)Eugen Rochko
Reject those from accounts with no local followers, from relays that are not enabled, which do not address local accounts and are not replies to accounts that do have local followers
2019-02-13Alternative handling of private self-boosts (#9998)ThibG
* When self-boosting, embed original toot into Announce serialization * Process unknown self-boosts from Announce object if it is more than an URI * Add some self-boost specs * Only serialize private toots in self-Announces
2019-02-09Fix URL linkifier grabbing full-width spaces and quotations (#9997)Eugen Rochko
Fix #9993 Fix #5654
2019-02-09 Only URLs extract with pre-escaped text (#9991)Hinaloe
* [test] add japanese hashtag testcase * Only URLs extract with pre-escaped text ( https://github.com/tootsuite/mastodon/issues/9989 )
2019-02-02Make displaying application used to toot opt-in (#9897)ThibG
* Make storing and displaying application used to toot opt-in * Revert to storing application info, and display it to the author via API
2019-02-02Create Redisable#redis (#9633)ysksn
* Create Redisable * Use #redis instead of Redis.current
2019-02-02Allow most kinds of characters in URL query (fixes #8408) (#8447)Jakub Mendyk
* Allow unicode characters in URL query strings Fixes #8408 * Alternative approach to unicode support in urls Adds PoC/idea to approch this problem.
2019-01-18Add tombstones for remote statuses (#9830)ThibG
* Add Tombstone model to remember object deletion * Do not recreate a status if it has been deleted * Record Tombstone for remote deleted items Also, only record deleted items from same-host actors * Clear an user's tombstones when their key change
2019-01-18Add support for non-public reblogs from ActivityPub (#9841)Eugen Rochko
Fix #9838
2019-01-16Use summary as summary for converted ActivityPub objects (#9823)Eugen Rochko
Fix #8609
2019-01-16Reduce chances of race conditions when processing deleted toots (#9815)ThibG
* Reduce chances of race conditions when processing deleted toots * Prevent race condition when processing deleted toots
2019-01-02Ensure blocked user unfollows blocker if Block/Undo Block are processed out ↵ThibG
of order (#9687) * Ensure blocked user unfollows blocker if Block/Undo Block are processed out of order * Add specs for Block causing unfollow and for out-of-order Block + Undo
2018-12-30Do not ignore federated reports targetting already-reported accounts (#9534)ThibG
2018-12-30Reduce usage of LD signatures (#9659)ThibG
* Do not LDS-sign Follow, Accept, Reject, Undo, Block * Do not use LDS for Create activities of private toots * Minor cleanup * Ignore unsigned activities instead of misattributing them * Use status.distributable? instead of querying visibility directly
2018-12-29Add handler for Move activity (#9629)Eugen Rochko
2018-12-26Fix ThreadResolveWorker getting queued with invalid URLs (#9628)Eugen Rochko
2018-12-09Add setting to not aggregate reblogs (#9248)ThibG
* Add setting to not aggregate reblogs Fixes #9222 * Handle cases where user is nil in add_to_home and add_to_list * Add hint for setting_aggregate_reblogs option * Reword setting_aggregate_reblogs label
2018-11-27Fix TLS handshake timeout not being enforced (#9381)Eugen Rochko
Follow-up to #9329
2018-11-27Fix nil error when no DNS addresses are found for host (#9379)Eugen Rochko
2018-11-22Fix connect timeout not being enforced (#9329)Eugen Rochko
* Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec
2018-11-21Include replies to list owner and replies to list members in list statuses ↵ThibG
(#9324)
2018-11-21Revert connect timeout from 1s to 10s (#9319)Eugen Rochko
The failure rate in Sidekiq is too high
2018-11-16Prevent multiple handlers for Delete of Actor from running (#9292)Eugen Rochko
2018-11-16Remove intermediary arrays when creating hash maps from results (#9291)Eugen Rochko
2018-11-10Fix emoji update date processing (#9255)ThibG
2018-11-08Reduce connect timeout limit and limit signature failures by source IP (#9236)Eugen Rochko
* Reduce connect timeout from 10s to 1s * Limit failing signature verifications per source IP
2018-10-30Accept the same payload in multiple inboxes and deliver (#9150)Eugen Rochko
2018-10-29Add Page AP type support (#9121)m.b
2018-10-26Ignore invalid hashtags on remote statuses instead of rejecting them (#9118)ThibG
Fixes #9115
2018-10-26Fix missing `mention` argument when processing incoming Create activities ↵ThibG
(#9114) * Fix missing `mention` argument when processing incoming Create activities * Fix typo (param → params)
2018-10-25Allow inbox owner to view implicitly targeted ActivityPub payload (#9093)Eugen Rochko
Fix #9091
2018-10-20Add option to block reports from domain (#8830)Eugen Rochko
2018-10-17Improve support for aspects/circles (#8950)Eugen Rochko
* Add silent column to mentions * Save silent mentions in ActivityPub Create handler and optimize it Move networking calls out of the database transaction * Add "limited" visibility level masked as "private" in the API Unlike DMs, limited statuses are pushed into home feeds. The access control rules between direct and limited statuses is almost the same, except for counter and conversation logic * Ensure silent column is non-null, add spec * Ensure filters don't check silent mentions for blocks/mutes As those are "this person is also allowed to see" rather than "this person is involved", therefore does not warrant filtering * Clean up code * Use Status#active_mentions to limit returned mentions * Fix code style issues * Use Status#active_mentions in Notification And remove stream_entry eager-loading from Notification
2018-10-12Improve signature verification safeguards (#8959)Eugen Rochko
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
2018-10-11Fix typo in ActivityPub Create handler (#8952)Eugen Rochko
Regression from #8951
2018-10-11Move network calls out of transaction in ActivityPub handler (#8951)Eugen Rochko
Mention and emoji code may perform network calls, but does not need to do that inside the database transaction. This may improve availability of database connections when using pgBouncer in transaction mode.