about summary refs log tree commit diff
path: root/app/services
AgeCommit message (Collapse)Author
2021-05-04Fix empty home feed before first follow has finished processing (#16152)Eugen Rochko
Change queue of merge worker from pull to default
2021-05-01Fix trying to fetch key from empty URI when verifying HTTP signature (#16100)Eugen Rochko
2021-04-24Change auto-following admin-selected accounts, show in recommendations (#16078)Eugen Rochko
2021-04-21Fix processing of remote Delete activities (#16084)Claire
* Add tests * Ensure deleted statuses are marked as such * Save some redis memory by not storing URIs in delete_upon_arrival values * Avoid possible race condition when processing incoming Deletes * Avoid potential duplicate Delete forwards * Lower lock durations to reduce issues in case of hard crash of the Rails process * Check for `lock.aquired?` and improve comment * Refactor RedisLock usage in app/lib/activitypub * Fix using incorrect or non-existent sender for relaying Deletes
2021-04-17Refactor StatusReachFinder to handle followers and relays as well (#16051)Eugen Rochko
2021-04-17Fix remote reporters not receiving suspend/unsuspend activities (#16050)Eugen Rochko
2021-04-16Fix reports of already suspended accounts being recorded (#16047)Eugen Rochko
2021-04-11Remove spam check and dependency on nilsimsa gem (#16011)Eugen Rochko
2021-03-24Update Mastodon to Rails 6.1 (#15910)Claire
* Update devise-two-factor to unreleased fork for Rails 6 support Update tests to match new `rotp` version. * Update nsa gem to unreleased fork for Rails 6 support * Update rails to 6.1.3 and rails-i18n to 6.0 * Update to unreleased fork of pluck_each for Ruby 6 support * Run "rails app:update" * Add missing ActiveStorage config file * Use config.ssl_options instead of removed ApplicationController#force_ssl Disabled force_ssl-related tests as they do not seem to be easily testable anymore. * Fix nonce directives by removing Rails 5 specific monkey-patching * Fix fixture_file_upload deprecation warning * Fix yield-based test failing with Rails 6 * Use Rails 6's index_with when possible * Use ActiveRecord::Cache::Store#delete_multi from Rails 6 This will yield better performances when deleting an account * Disable Rails 6.1's automatic preload link headers Since Rails 6.1, ActionView adds preload links for javascript files in the Links header per default. In our case, that will bloat headers too much and potentially cause issues with reverse proxies. Furhermore, we don't need those links, as we already output them as HTML link tags. * Switch to Rails 6.0 default config * Switch to Rails 6.1 default config * Do not include autoload paths in the load path
2021-03-04Fix URL scanning in note length validator and preview card fetching (#15827)Claire
* Add tests * Fix URL scanning in note length validator and preview card fetching
2021-03-02Update twitter-text from 1.14 to 3.1.0 and fix toot character counting (#15382)Claire
* Update twitter-text from 1.14 to 3.1.0 * Disable emoji parsing * Properly depend on twitter-text for url detection * Fix some URLs being wrongly detected client-side * Add test for server-side validation of non-autolinkable URLs * Fix server-side status length counting
2021-02-24Change ResolveAccountService's handling of skip_webfinger (#15750)Claire
* Change ResolveAccountService's handling of skip_webfinger Change it so it never makes any webfinger query, as the name would imply. * Add tests * Change FollowService to not take an URI for target_account * Restore domain-block check in FollowService * Fix tests
2021-02-12Fix YouTube embeds failing due to YouTube serving wrong OEmbed URLs (#15716)Eugen Rochko
2021-01-25Fix first return value of FetchLinkCardService.html method (#15630)Takeshi Umeda
2021-01-22Use Enumerable#filter_map in more places (#15527)luigi
2021-01-22Optimize some regex matching (#15528)luigi
* Use Regex#match? * Replace =~ too * Avoid to call match? from Nil * Keep value of Regexp.last_match
2021-01-10Optimize map { ... }.compact calls (#15513)luigi
* Optimize map { ... }.compact using Enumerable#filter_map, supported since Ruby 2.7 * Add poyfill for Enumerable#filter_map
2021-01-07Fix rubocop config and warnings (#15503)abcang
* disable NewCops * update TargetRubyVersion * Fix Lint/MissingSuper for ActiveModelSerializers::Model * Fix Lint/MissingSuper for feed * Fix Lint/FloatComparison * Do not use instance variables
2020-12-26Fix being able to import more than allowed number of follows (#15384)ThibG
* Fix being able to import more than allowed number of follows Without this commit, if someone tries importing a second list of accounts to follow before the first one has been processed, this will queue imports for the two whole lists, even if they exceed the account's allowed number of outgoing follows. This commit changes it so the individual queued imports aren't exempt from the follow limit check (they remain exempt from the rate-limiting check though). * Catch validation errors to not re-queue failed follows Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-24Fix error when changing ACL on missing objects during suspension (#15420)Eugen Rochko
2020-12-24Fix undefined method error when batch-removing statuses with ElasticSearch ↵Eugen Rochko
on (#15421)
2020-12-23Fix mentions not being deleted efficiently (#15416)ThibG
As a regression from the recent optimizations, mentions were left untouched until `account.destroy`, which would then delete them individually, and executing queries to find and delete associated notifications, resulting in a massive slowdown. Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-23Fix trying to privatize empty media attachments (#15414)Eugen Rochko
2020-12-23Improve performances of deleting favourites when deleting accounts (#15412)ThibG
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-23Fix BatchedRemoveStatusService not working without ES in rails console (#15408)ThibG
Not a huge deal but may cause surprising failures in custom scripts and development. Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-22Improve account deletion performances further (#15407)ThibG
* Delete status records by batches of 50 * Do not precompute values that are only used once * Do not generate redis events for removal of public toots older than two weeks * Filter reported toots a priori for polls and status deletion * Do not process reblogs when cleaning up public timelines As in Mastodon proper, reblogs don't appear in public TLs * Clean the deleted account's own feed in one go * Refactor Account#clean_feed_manager and List#clean_feed_manager * Delete instead of destroy a few more associations * Fix preloading Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-22Fix batch order warnings in BatchedRemoveStatusService (#15409)ThibG
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-22Fix unnecessary queries when batch-removing statuses, 100x faster (#15387)Eugen Rochko
2020-12-21Fix some notifications not being deleted on poll/status deletion (#15402)ThibG
* Fix deleting polls not deleting notifications * Fix fav notification deletion when deleting a toot * Refactor DeleteAccountService spec * Add DeleteAccountService tests for other associations and notifications * Add favourite handling spec in status removal Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-20Fix AccountDeletionWorker crashing and clogging sidekiq queues (#15380)ThibG
* Fix account deletion workers being queued multiple times for a single account * Fix poll votes being unnecessarily instantiated on poll deletion * Fix favourites being unnecessarily instantiated on status deletion * Remove inaccurate comments * Delete polls instead of destroying them Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-18Fix resolving accounts sometimes creating duplicate records for a given AP ↵ThibG
id (#15364) * Fix ResolveAccountService accepting mismatching acct: URI * Set attributes that should be updated regardless of suspension * Fix key fetching * Automatically merge remote accounts with duplicate `uri` * Add tests * Add "tootctl accounts fix-duplicates" Finds duplicate accounts sharing a same ActivityPub `id`, re-fetch them and merge them under the canonical `acct:` URI. Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-18Fix follow limit preventing re-following of a moved account (#14207)Eugen Rochko
2020-12-17Improve searching for private toots from URL (#14856)ThibG
* Improve searching for private toots from URL Most of the time, when sharing toots, people use the toot URL rather than the toot URI, which makes sense since it is the user-facing URL. In Mastodon's case, the URL and URI are different, and Mastodon does not have an index on URL, which means searching a private toot by URL is done with a slow query that will only succeed for very recent toots. This change gets rid of the slow query, and attempts to guess the URI from URL instead, as Mastodon's are predictable. * Add tests * Only return status with guessed uri if url matches Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-15Add indication to admin UI of whether a report has been forwarded (#13237)ThibG
* Add indication to admin UI of whether a report has been forwarded * Rework how forwarded status is displayed Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-11-27Fix deletes not reaching every server that interacted with status (#15200)Eugen Rochko
Extract logic for determining ActivityPub inboxes to send deletes to to its own class and explicitly include the person the status replied to (even if not mentioned), people who favourited it, and people who replied to it (though that one is still not recursive)
2020-11-21Undo outgoing follows when suspending a remote account (#15188)ThibG
2020-11-19Fix webfinger redirect handling in ResolveAccountService (#15187)ThibG
* Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
2020-11-19Add import/export feature for bookmarks (#14956)ThibG
* Add ability to export bookmarks * Add support for importing bookmarks * Add bookmark import tests * Add bookmarks export test
2020-11-19Fix sending spurious Rejects when processing remote account deletion (#15104)ThibG
* Fix sending spurious Rejects when processing remote account deletion * Make skip_side_effects imply skip_activitypub
2020-11-19Add cache buster feature for media files (#15155)Eugen Rochko
Nginx can be configured to bypass proxy cache when a special header is in the request. If the response is cacheable, it will replace the cache for that request. Proxy caching of media files is desirable when using object storage as a way of minimizing bandwidth costs, but has the drawback of leaving deleted media files for a configured amount of cache time. A cache buster can make those media files immediately unavailable. This especially makes sense when suspending and unsuspending an account.
2020-11-19Fix DMs not appearing into timelines (#15182)ThibG
Fixes #15179
2020-11-08Fix crash in SuspendAccountWorker (#15106)ThibG
* Fix crash in SuspendAccountWorker `follows` is an array thanks to `to_a` * Fix code style issue Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2020-11-08Add support for reversible suspensions through ActivityPub (#14989)Eugen Rochko
2020-11-07Fix crashes in SuspendAccountService/UnsuspendAccountService (#15100)ThibG
* Fix crashes in SuspendAccountService/UnsuspendAccountService * Catch filesystem errors
2020-11-07Fix suspension/unsuspension not working because of FeedManager change (#15099)ThibG
2020-10-23Fix followers synchronization mechanism not being triggered on mentions (#15026)ThibG
e.g. if someone on an instance that previously had followers gets mentioned in a private toot, before this PR, they would not receive a Collection-Synchronization header and may show the toot to the former followers in addition to the mentioned person.
2020-10-23Fix account processing failing because of large collections (#15027)ThibG
Fixes #15025
2020-10-21Add follower synchronization mechanism (#14510)ThibG
* Add support for followers synchronization on the receiving end Check the `collectionSynchronization` attribute on `Create` and `Announce` activities and synchronize followers from provided collection if possible. * Add tests for followers synchronization on the receiving end * Add support for follower synchronization on the sender's end * Add tests for the sending end * Switch from AS attributes to HTTP header Replace the custom `collectionSynchronization` ActivityStreams attribute by an HTTP header (`X-AS-Collection-Synchronization`) with the same syntax as the `Signature` header and the following fields: - `collectionId` to specify which collection to synchronize - `digest` for the SHA256 hex-digest of the list of followers known on the receiving instance (where “receiving instance” is determined by accounts sharing the same host name for their ActivityPub actor `id`) - `url` of a collection that should be fetched by the instance actor Internally, move away from the webfinger-based `domain` attribute and use account `uri` prefix to group accounts. * Add environment variable to disable followers synchronization Since the whole mechanism relies on some new preconditions that, in some extremely rare cases, might not be met, add an environment variable (DISABLE_FOLLOWERS_SYNCHRONIZATION) to disable the mechanism altogether and avoid followers being incorrectly removed. The current conditions are: 1. all managed accounts' actor `id` and inbox URL have the same URI scheme and netloc. 2. all accounts whose actor `id` or inbox URL share the same URI scheme and netloc as a managed account must be managed by the same Mastodon instance as well. As far as Mastodon is concerned, breaking those preconditions require extensive configuration changes in the reverse proxy and might also cause other issues. Therefore, this environment variable provides a way out for people with highly unusual configurations, and can be safely ignored for the overwhelming majority of Mastodon administrators. * Only set follower synchronization header on non-public statuses This is to avoid unnecessary computations and allow Follow-related activities to be handled by the usual codepath instead of going through the synchronization mechanism (otherwise, any Follow/Undo/Accept activity would trigger the synchronization mechanism even if processing the activity itself would be enough to re-introduce synchronization) * Change how ActivityPub::SynchronizeFollowersService handles follow requests If the remote lists a local follower which we only know has sent a follow request, consider the follow request as accepted instead of sending an Undo. * Integrate review feeback - rename X-AS-Collection-Synchronization to Collection-Synchronization - various minor refactoring and code style changes * Only select required fields when computing followers_hash * Use actor URI rather than webfinger domain in synchronization endpoint * Change hash computation to be a XOR of individual hashes Makes it much easier to be memory-efficient, and avoid sorting discrepancy issues. * Marginally improve followers_hash computation speed * Further improve hash computation performances by using pluck_each
2020-10-13Add duration parameter to muting. (#13831)OSAMU SATO
* Adding duration to muting. * Remove useless checks
2020-10-12Add IP-based rules (#14963)Eugen Rochko