about summary refs log tree commit diff
path: root/app/lib
AgeCommit message (Collapse)Author
2017-09-02Raise an error for remote url in StatusFinder (#4776)unarist
* Raise an error for remote url in StatusFinder Previous implementation had allowed remote url with status id which also exists on local. Then that bug leads /api/web/embed to return wrong embed url. * Fix oembed_controller_spec
2017-09-02Define missing JSON-LD properties (#4767)Eugen Rochko
Using _: property names is discouraged, as in the future, canonicalization may throw an error when encountering that instead of discarding it silently like it does now. We are defining some ActivityStreams properties which we expect to land in ActivityStreams eventually, to ensure that future versions of Mastodon will remain compatible with this even once that happens. Those would be `locked`, `sensitive` and `Hashtag` We are defining a custom context inline for some properties which we do not expect to land in any other context. `atomUri`, `inReplyToAtomUri` and `conversation` are part of the custom defined OStatus context.
2017-09-01Add ActivityPub handler for Delete->Actor activities (#4761)Eugen Rochko
2017-09-01Do not rely on activity arriving exactly once after delete arrived (#4754)Eugen Rochko
2017-09-01Deduplicate with local status on Create activity (#4763)unarist
2017-09-01Convert OStatus tag to ActivityPub id on in_reply_to resolution (#4756)unarist
2017-09-01Fallback from perform_via_activitypub on private posts (#4758)unarist
Currently, private / direct posts via OStatus from AP compatible instance will be dropped due to failing to fetch AP version. So this fallbacks to OStatus handling: * when failed to fetch ActivityPub version * when status is neither :public nor :unlisted
2017-08-31Remove identity context from output of LinkedDataSignature (#4753)Eugen Rochko
2017-08-30Forward ActivityPub creates that reply to local statuses (#4709)Eugen Rochko
* Forward ActivityPub creates that reply to local statuses * Fix test * Fix wrong signers
2017-08-30Update status embeds (#4742)Eugen Rochko
- Use statuses controller for embeds instead of stream entries controller - Prefer /@:username/:id/embed URL for embeds - Use /@:username as author_url in OEmbed - Add follow link to embeds which opens web intent in new window - Use redis cache in development - Cache entire embed
2017-08-29Serialize ActivityPub alternate link into OStatus deletes, handle it (#4730)Eugen Rochko
Requires moving Atom rendering from DistributionWorker (where `stream_entry.status` is already nil) to inline (where `stream_entry.status.destroyed?` is true) and distributing that. Unfortunately, such XML renderings can no longer be easily chained together into one payload of n items.
2017-08-28Fix Delete activity handling when the status has been reblogged (#4729)unarist
2017-08-27Allow Symbol keyed Hash in LinkedDataSignature (#4715)unarist
SerializarbleResource#as_json serializes to Symbol keyed Hash, but current implementation of LinkedDataSignature expects String keyed Hash. So it generates broken payload.
2017-08-26Add _:inReplyToAtomUri to ActivityPub (#4702)Eugen Rochko
2017-08-26Forward ActivityPub deletes to followers of rebloggers (#4706)Eugen Rochko
2017-08-26Use Tombstone and _:atomUri in Delete activities as fallback (#4704)Eugen Rochko
2017-08-26Add handling of Linked Data Signatures in payloads (#4687)Eugen Rochko
* Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context
2017-08-24Fetch reblogs as Announce activity instead of Note object (#4672)unarist
* Process Create / Announce activity in FetchRemoteStatusService * Use activity URL in ActivityPub for reblogs * Redirect to the original status on StatusesController#show
2017-08-22Fix bugs which OStatus accounts may detected as ActivityPub ready (#4662)unarist
* Fallback to OStatus in FetchAtomService * Skip activity+json link if that activity is Person without inbox * If unsupported activity was detected and all other URLs failed, retry with ActivityPub-less Accept header * Allow mention to OStatus account in ActivityPub * Don't update profile with inbox-less Person object
2017-08-21Support more variations of ActivityPub keyId in signature (#4630)Eugen Rochko
- Tries to avoid performing HTTP request if the keyId is an actor URI - Likewise if the URI is a fragment URI on top of actor URI - Resolves public key, returns owner if the owner links back to the key
2017-08-20Handle duplicate ActivityPub activities (#4639)Eugen Rochko
* Handle duplicate ActivityPub activities Only perform side-effects when record processed for the first time * Fast-forward repeat follow requests
2017-08-19Improve ActivityPub/OStatus compatibility (#4632)Eugen Rochko
*Note: OStatus URIs are invalid for ActivityPub. But we have them for as long as we want to keep old OStatus-sourced content and as long as we remain OStatus-compatible.* - In Announce handling, if object URI is not a URL, fallback to object URL - Do not use specialized ThreadResolveWorker, rely on generalized handling - When serializing notes, if parent's URI is not a URL, use parent's URL
2017-08-18Parse OStatus tag URIs in ActivityPub handlers when those are local (#4631)Eugen Rochko
2017-08-18Make ActivityPub::TagManager#local_uri? recognize local URIs with ports (#4628)Eugen Rochko
2017-08-18If url attribute not present in Note, fallback to id attribute (#4629)Eugen Rochko
2017-08-18Put ActivityPub alternate link into Atom, prefer it when processing Atom (#4623)Eugen Rochko
2017-08-17Add _:atomUri property for deduplicating OStatus/ActivityPub legacy records ↵Eugen Rochko
(#4593)
2017-08-14Re-add missing transaction around status-from-OStatus creation (#4603)Eugen Rochko
2017-08-14Fix ActivityPub follow interaction and add more specs (#4601)unarist
2017-08-13ActivityPub delivery (#4566)Eugen Rochko
* Deliver ActivityPub Like * Deliver ActivityPub Undo-Like * Deliver ActivityPub Create/Announce activities * Deliver ActivityPub creates from mentions * Deliver ActivityPub Block/Undo-Block * Deliver ActivityPub Accept/Reject-Follow * Deliver ActivityPub Undo-Follow * Deliver ActivityPub Follow * Deliver ActivityPub Delete activities Incidentally fix #889 * Adjust BatchedRemoveStatusService for ActivityPub * Add tests for ActivityPub workers * Add tests for FollowService * Add tests for FavouriteService, UnfollowService and PostStatusService * Add tests for ReblogService, BlockService, UnblockService, ProcessMentionsService * Add tests for AuthorizeFollowService, RejectFollowService, RemoveStatusService * Add tests for BatchedRemoveStatusService * Deliver updates to a local account to ActivityPub followers * Minor adjustments
2017-08-12Add serializing/unserializing of "locked" actor attribute (#4585)Eugen Rochko
2017-08-10Handle ActivityPub follows correctly (#4571)Eugen Rochko
* Handle ActivityPub follows correctly ActivityPub follows are follow-requests. Always require an Accept. If account is not locked, auto-accept. * Handle ActivityPub Accept/Reject-Follow * Fix wrong method * Fix wrong class
2017-08-09Add Digest header to requests with body, handle acct and URI keyId (#4565)Eugen Rochko
2017-08-08Add ActivityPub inbox (#4216)Eugen Rochko
* Add ActivityPub inbox * Handle ActivityPub deletes * Handle ActivityPub creates * Handle ActivityPub announces * Stubs for handling all activities that need to be handled * Add ActivityPub actor resolving * Handle conversation URI passing in ActivityPub * Handle content language in ActivityPub * Send accept header when fetching actor, handle JSON parse errors * Test for ActivityPub::FetchRemoteAccountService * Handle public key and icon/image when embedded/as array/as resolvable URI * Implement ActivityPub::FetchRemoteStatusService * Add stubs for more interactions * Undo activities implemented * Handle out of order activities * Hook up ActivityPub to ResolveRemoteAccountService, handle Update Account activities * Add fragment IDs to all transient activity serializers * Add tests and fixes * Add stubs for missing tests * Add more tests * Add more tests
2017-08-02Don't normalize invalid domain names (#4499)TheKinrar
Fixes #4496
2017-07-31Change RuboCop rules to loose (#4464)Yamagishi Kazutoshi
2017-07-31Fix length validator counting things that look like URIs like URLs (#4462)Eugen Rochko
URI.extract is too strong, not limited to URLs, matched real text. Same issue was present in language detector.
2017-07-27Fix multipoint shortcode bug (#4387)Ondřej Hruška
* Fix multipoint shortcode bug * Added testcase for composite emoji shortcode
2017-07-27Add callback_url/acct information for Sidekiq PuSH workers Exception. (#4281)Clworld
* Add destination informations to exception on SubscribeWorker and DeliveryWorker. * Simplify delivery error message. * Prevent changing Exception type... * fix typo.
2017-07-21Use the same emoji data on the frontend and backend (#4284)Eugen Rochko
* Use the same emoji data on the frontend and backend * Move emoji.json to repository, add tests This way you don't need to install node dependencies if you only want to run Ruby code
2017-07-20Fix webfinger retries (#4275)Eugen Rochko
* Do not raise unretryable exceptions in ResolveRemoteAccountService * Removed fatal exceptions from ResolveRemoteAccountService Exceptions that cannot be retried should not be raised. New exception class for those that can be retried (Mastodon::UnexpectedResponseError)
2017-07-19Correct OStatus inflection (Ostatus -> OStatus) (#4255)Eugen Rochko
2017-07-18Add unfollow modal (optional) (#4246)Yamagishi Kazutoshi
* Add unfollow modal * unfollowing someone * remove unnecessary prop
2017-07-18Introduce Ostatus name space (#4164)Akihiko Odaki
* Wrap methods of ProcessFeedService::ProcessEntry in classes This is a change same with 425acecfdb15093a265b191120fb2d4e4c4135c4, except that it has the following changes: * Revert irrelevant change in find_or_create_conversation * Fix error handling for RemoteActivity * Introduce Ostatus name space
2017-07-15Optimize uri normalization (#4212)ThibG
* Add dependency on idn-ruby to speed up URI normalization * Use normalized_host instead of normalize.host when applicable When we are only interested in the normalized host, calling normalized_host avoids normalizing the other components of the URI as well as creating a new object
2017-07-15Improve ActivityPub representations (#3844)Eugen Rochko
* Improve webfinger templates and make tests more flexible * Clean up AS2 representation of actor * Refactor outbox * Create activities representation * Add representations of followers/following collections, do not redirect /users/:username route if format is empty * Remove unused translations * ActivityPub endpoint for single statuses, add ActivityPub::TagManager for better URL/URI generation * Add ActivityPub::TagManager#to * Represent all attachments as Document instead of Image/Video specifically (Because for remote ones we may not know for sure) Add mentions and hashtags representation to AP notes * Add AP-resolvable hashtag URIs * Use ActiveModelSerializers for ActivityPub * Clean up unused translations * Separate route for object and activity * Adjust cc/to matrices * Add to/cc to activities, ensure announce activity embeds target status and not the wrapper status, add "id" to all collections
2017-07-14Fix subsequent replies to unresolved status not being filtered from home (#4190)Eugen Rochko
Resolves #4177 - smaller changeset
2017-07-14HTTP signatures (#4146)Eugen Rochko
* Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
2017-07-14Add option to opt out of search engines on public profile/status pages (#4199)Eugen Rochko
2017-07-10Add setting a always mark media as sensitive (#4136)Yamagishi Kazutoshi