about summary refs log tree commit diff
path: root/app/services
AgeCommit message (Collapse)Author
2020-10-21Add follower synchronization mechanism (#14510)ThibG
* Add support for followers synchronization on the receiving end Check the `collectionSynchronization` attribute on `Create` and `Announce` activities and synchronize followers from provided collection if possible. * Add tests for followers synchronization on the receiving end * Add support for follower synchronization on the sender's end * Add tests for the sending end * Switch from AS attributes to HTTP header Replace the custom `collectionSynchronization` ActivityStreams attribute by an HTTP header (`X-AS-Collection-Synchronization`) with the same syntax as the `Signature` header and the following fields: - `collectionId` to specify which collection to synchronize - `digest` for the SHA256 hex-digest of the list of followers known on the receiving instance (where “receiving instance” is determined by accounts sharing the same host name for their ActivityPub actor `id`) - `url` of a collection that should be fetched by the instance actor Internally, move away from the webfinger-based `domain` attribute and use account `uri` prefix to group accounts. * Add environment variable to disable followers synchronization Since the whole mechanism relies on some new preconditions that, in some extremely rare cases, might not be met, add an environment variable (DISABLE_FOLLOWERS_SYNCHRONIZATION) to disable the mechanism altogether and avoid followers being incorrectly removed. The current conditions are: 1. all managed accounts' actor `id` and inbox URL have the same URI scheme and netloc. 2. all accounts whose actor `id` or inbox URL share the same URI scheme and netloc as a managed account must be managed by the same Mastodon instance as well. As far as Mastodon is concerned, breaking those preconditions require extensive configuration changes in the reverse proxy and might also cause other issues. Therefore, this environment variable provides a way out for people with highly unusual configurations, and can be safely ignored for the overwhelming majority of Mastodon administrators. * Only set follower synchronization header on non-public statuses This is to avoid unnecessary computations and allow Follow-related activities to be handled by the usual codepath instead of going through the synchronization mechanism (otherwise, any Follow/Undo/Accept activity would trigger the synchronization mechanism even if processing the activity itself would be enough to re-introduce synchronization) * Change how ActivityPub::SynchronizeFollowersService handles follow requests If the remote lists a local follower which we only know has sent a follow request, consider the follow request as accepted instead of sending an Undo. * Integrate review feeback - rename X-AS-Collection-Synchronization to Collection-Synchronization - various minor refactoring and code style changes * Only select required fields when computing followers_hash * Use actor URI rather than webfinger domain in synchronization endpoint * Change hash computation to be a XOR of individual hashes Makes it much easier to be memory-efficient, and avoid sorting discrepancy issues. * Marginally improve followers_hash computation speed * Further improve hash computation performances by using pluck_each
2020-10-13Add duration parameter to muting. (#13831)OSAMU SATO
* Adding duration to muting. * Remove useless checks
2020-10-12Add IP-based rules (#14963)Eugen Rochko
2020-10-08Remove dependency on goldfinger gem (#14919)Eugen Rochko
There are edge cases where requests to certain hosts timeout when using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now that we no longer need to support OStatus servers, webfinger logic is so simple that there is no point encapsulating it in a gem, so we can just use our own Request class. With that, we benefit from more robust timeout code and IPv4/IPv6 resolution. Fix #14091
2020-09-18Add option to be notified when a followed user posts (#13546)Eugen Rochko
* Add bell button Fix #4890 * Remove duplicate type from post-deployment migration * Fix legacy class type mappings * Improve query performance with better index * Fix validation * Remove redundant index from notifications
2020-09-15Change account suspensions to be reversible by default (#14726)Eugen Rochko
2020-09-08Refactor feed manager (#14761)Eugen Rochko
2020-09-07Refactor how public and tag timelines are queried (#14728)Eugen Rochko
2020-09-01Change own direct-visibility statuses to be in the home feed again (#14711)Eugen Rochko
And remove highlighting in web UI Full circle from #8940
2020-09-01Bump rubocop from 0.86.0 to 0.88.0 (#14412)dependabot[bot]
* Bump rubocop from 0.86.0 to 0.88.0 Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.86.0 to 0.88.0. - [Release notes](https://github.com/rubocop-hq/rubocop/releases) - [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.86.0...v0.88.0) Signed-off-by: dependabot[bot] <support@github.com> * Fix for latest RuboCop Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2020-08-31Fix limited follower id in fan-out-on-write service (#14709)Takeshi Umeda
2020-08-30Fix inefficiencies in fan-out-on-write service (#14682)Eugen Rochko
2020-08-25Use Status.group instead of Status.distinct in HashQueryService (#14662)Akihiko Odaki
DISTINCT clause removes duplicated records according to all the selected attributes. In reality, it can remove duplicated records only looking at statuses.id, but the clause confuses the query planner and yields insufficient performance. The behavior is also problematic if the scope produced by HashQueryService is used to query columns without id (using pluck method, for example). The scope is expected to contain unique statuses, but the uniquness will be evaluated with some arbitrary columns other than id. GROUP BY clause resolves those problem by explicitly specifying the column to take into account for the record distinction. A workaround for the problem of DISTINCT clause in Api::V1::Timelines::TagController is no longer necessary and removed.
2020-07-26Fix following restriction not working when exact match in account search ↵Takeshi Umeda
(#14394)
2020-07-23Fix duplicate notification and delivery of mentions (#14378)Takeshi Umeda
2020-07-19Fix movie width and frame_rate returning nil (#14357)Takeshi Umeda
* Fix movie width and frame_rate returning nil * Add StreamValidationError and raise * Fix code style
2020-07-15Fix removing allowed domains being done synchronously (#14302)ThibG
* Fix removing allowed domains being done synchronously * Add tests
2020-07-13Fix account domain block not properly unfollowing accounts from domain (#14304)Eugen Rochko
Fix #14303
2020-07-12Fix removing a DomainAllow rule wiping known accounts in open federation ↵ThibG
mode (#14298) Fixes #14296
2020-07-07Change User-Agent of link preview fetching service to include "Bot" (#14248)Eugen Rochko
This forces Twitter to render OpenGraph tags in the response
2020-06-29Add customizable thumbnails for audio and video attachments (#14145)Eugen Rochko
- Change audio files to not be stripped of metadata - Automatically extract cover art from audio if it exists - Add `thumbnail` parameter to `POST /api/v1/media`, `POST /api/v2/media` and `PUT /api/v1/media/:id` - Add `icon` to represent it in attachments in ActivityPub - Fix `preview_url` containing URL of missing missing image when there is no thumbnail instead of null - Fix duration of audio not being displayed on public pages until the file is loaded
2020-06-09Make domain block/silence/reject-media code more robust (#13424)ThibG
* Split media cleanup from reject-media domain blocks to its own service * Slightly improve ClearDomainMediaService error handling * Lower DomainClearMediaWorker to lowest-priority queue * Do not catch ActiveRecord::RecordNotFound in domain block workers * Fix DomainBlockWorker spec labels * Add some specs * Change domain blocks to immediately mark accounts as suspended Rather than doing so sequentially, account after account, while cleaning their data. This doesn't change much about the time the block takes to complete, but it immediately prevents interaction with the blocked domain, while up to now, it would only be guaranteed when the process ends.
2020-06-09Fix performance of follow import (#13836)Takeshi Umeda
2020-06-03Fix activity not being signed (#13948)Takeshi Umeda
2020-06-02Add E2EE API (#13820)Eugen Rochko
2020-05-14Fix hashtag search performing account search as well (#13758)ThibG
2020-05-12Fix not publishing update of remote timeline (#13745)Takeshi Umeda
* Fix not publishing update of remote timeline * fix @ missing * if/unless to if/else
2020-05-10Refactor monkey-patching of Goldfinger (#12561)Eugen Rochko
2020-04-25Fix not being able to resolve public resources in development environment ↵Eugen Rochko
(#13505)
2020-04-02Fix returning results when searching for URL with non-zero offset (#13377)Eugen Rochko
Fix #13083
2020-03-30Fix incorrect deletion of local accounts imported by overwriting (#13350)Takeshi Umeda
2020-03-25Fix media not being marked sensitive when client sets a CW but no text (#13277)ThibG
Mastodon enforces the “sensitive” flag on media attachments whenever a toot is posted with a Content Warning. However, it does so *after* potentially converting the Content Warning to toot text (when there is no toot text), which leads to inconsistent and surprising behavior for API clients. This commit fixes this inconsistency.
2020-03-12Fix some timeouts when searching URLs by limiting some database queries (#13253)ThibG
Only look up private toots from database if the request failed because of 401, 403 or 404 errors, as those may indicate a private toot, rather than something that isn't a toot or cannot be processed.
2020-03-09Add federation support for the "hide network" preference (#11673)ThibG
* Change ActivityPub follower/following collections to not link first page * Add support for hiding followers and following of remote users * Switch to using a single `hide_collections` column * Address code style remarks
2020-03-08Change local media attachments to perform heavy processing asynchronously ↵Eugen Rochko
(#13210) Fix #9106
2020-03-08Fix public posts from silenced accounts not being changed to unlisted ↵ThibG
visibility (#13096)
2020-03-08Fix error when searching for URLs that contain the mention syntax (#13151)ThibG
Fixes #13150
2020-03-08Add specific rate limits for posting and following (#13172)Eugen Rochko
2020-02-24Fix misleading error when attempting to re-send a pending follow request ↵ThibG
(#13133) Fixes #13131
2020-02-24Fix backups failing when files are missing from media attachments (#13146)ThibG
Fixes #13123
2020-02-24Fix duplicate accounts being created when fetching an account for its key ↵ThibG
only (#13147) Fixes #13136 When a user's canonical acct domain is different from its id's domain (WEB_DOMAIN ≠ LOCAL_DOMAIN), two webfinger queries are required to find the canonical domain from the URI. However, we skip webfinger queries when updating only the key of a remote user, which led to the creation of a duplicate account, using the URI's domain instead of the canonical acct: one.
2020-02-22Fix previously OStatus-based accounts not being detected as ActivityPub (#13129)ThibG
2020-01-12Fix invalid votes from the API being accepted (#12601)ThibG
* Fix invalid votes from the API being accepted Fixes #12556 - Ensure `choice` is an integer instead of silently converting to 0 - Ensure `choice` corresponds to an actual choice of the poll * Please CodeClimate
2020-01-11Clarify keyword arguments with ** (#12769)Daigo 3 Dango
This change is to suppress the warning below on on ruby-2.7.0: - warning: Using the last argument as keyword parameters is deprecated; maybe ** should be added to the call https://www.ruby-lang.org/en/news/2019/12/12/separation-of-positional-and-keyword-arguments-in-ruby-3-0/
2020-01-10Use quality values in Accept field to explicitly prefer JSON over HTML (#12806)ThibG
2020-01-03Fix URL search not returning private toots user has access to (#12742)ThibG
2019-12-30Fix IDN mentions not being processed, IDN domains not being rendered (#12715)Eugen Rochko
This changes the REST API to return unicode domains in the `acct` attribute instead of punycode, and to render unicode instead of punycode on public HTML pages as well. Fix #7812, fix #12246
2019-12-30Fix backups stopping due to read timeouts (#12281)chr v1.x
* Make BackupService resilient to read timeouts If an attachment read times out, assume that the resources is inaccessible and continue the backup without it. This fixes #12280. * Both errors on one line
2019-12-18Fix link crawler not specifying accepted content-type (#12646)ThibG
The link crawler expects HTML documents, so set the `Accept` header accordingly. Fixes #12618
2019-12-18Add signature to exported status (#12649)Takeshi Umeda