about summary refs log tree commit diff
path: root/app/services
AgeCommit message (Collapse)Author
2020-12-18Fix resolving accounts sometimes creating duplicate records for a given AP ↵ThibG
id (#15364) * Fix ResolveAccountService accepting mismatching acct: URI * Set attributes that should be updated regardless of suspension * Fix key fetching * Automatically merge remote accounts with duplicate `uri` * Add tests * Add "tootctl accounts fix-duplicates" Finds duplicate accounts sharing a same ActivityPub `id`, re-fetch them and merge them under the canonical `acct:` URI. Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-18Fix follow limit preventing re-following of a moved account (#14207)Eugen Rochko
2020-12-17Improve searching for private toots from URL (#14856)ThibG
* Improve searching for private toots from URL Most of the time, when sharing toots, people use the toot URL rather than the toot URI, which makes sense since it is the user-facing URL. In Mastodon's case, the URL and URI are different, and Mastodon does not have an index on URL, which means searching a private toot by URL is done with a slow query that will only succeed for very recent toots. This change gets rid of the slow query, and attempts to guess the URI from URL instead, as Mastodon's are predictable. * Add tests * Only return status with guessed uri if url matches Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-15Add indication to admin UI of whether a report has been forwarded (#13237)ThibG
* Add indication to admin UI of whether a report has been forwarded * Rework how forwarded status is displayed Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-11-27Fix deletes not reaching every server that interacted with status (#15200)Eugen Rochko
Extract logic for determining ActivityPub inboxes to send deletes to to its own class and explicitly include the person the status replied to (even if not mentioned), people who favourited it, and people who replied to it (though that one is still not recursive)
2020-11-21Undo outgoing follows when suspending a remote account (#15188)ThibG
2020-11-19Fix webfinger redirect handling in ResolveAccountService (#15187)ThibG
* Fix webfinger redirect handling in ResolveAccountService ResolveAccountService#process_webfinger! handled a one-step webfinger redirection, but only accepting the result if it matched the exact URI passed as input, defeating the point of a redirection check. Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`, updating the resulting `acct:` URI with the result of the first webfinger query. * Add tests
2020-11-19Add import/export feature for bookmarks (#14956)ThibG
* Add ability to export bookmarks * Add support for importing bookmarks * Add bookmark import tests * Add bookmarks export test
2020-11-19Fix sending spurious Rejects when processing remote account deletion (#15104)ThibG
* Fix sending spurious Rejects when processing remote account deletion * Make skip_side_effects imply skip_activitypub
2020-11-19Add cache buster feature for media files (#15155)Eugen Rochko
Nginx can be configured to bypass proxy cache when a special header is in the request. If the response is cacheable, it will replace the cache for that request. Proxy caching of media files is desirable when using object storage as a way of minimizing bandwidth costs, but has the drawback of leaving deleted media files for a configured amount of cache time. A cache buster can make those media files immediately unavailable. This especially makes sense when suspending and unsuspending an account.
2020-11-19Fix DMs not appearing into timelines (#15182)ThibG
Fixes #15179
2020-11-08Fix crash in SuspendAccountWorker (#15106)ThibG
* Fix crash in SuspendAccountWorker `follows` is an array thanks to `to_a` * Fix code style issue Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2020-11-08Add support for reversible suspensions through ActivityPub (#14989)Eugen Rochko
2020-11-07Fix crashes in SuspendAccountService/UnsuspendAccountService (#15100)ThibG
* Fix crashes in SuspendAccountService/UnsuspendAccountService * Catch filesystem errors
2020-11-07Fix suspension/unsuspension not working because of FeedManager change (#15099)ThibG
2020-10-23Fix followers synchronization mechanism not being triggered on mentions (#15026)ThibG
e.g. if someone on an instance that previously had followers gets mentioned in a private toot, before this PR, they would not receive a Collection-Synchronization header and may show the toot to the former followers in addition to the mentioned person.
2020-10-23Fix account processing failing because of large collections (#15027)ThibG
Fixes #15025
2020-10-21Add follower synchronization mechanism (#14510)ThibG
* Add support for followers synchronization on the receiving end Check the `collectionSynchronization` attribute on `Create` and `Announce` activities and synchronize followers from provided collection if possible. * Add tests for followers synchronization on the receiving end * Add support for follower synchronization on the sender's end * Add tests for the sending end * Switch from AS attributes to HTTP header Replace the custom `collectionSynchronization` ActivityStreams attribute by an HTTP header (`X-AS-Collection-Synchronization`) with the same syntax as the `Signature` header and the following fields: - `collectionId` to specify which collection to synchronize - `digest` for the SHA256 hex-digest of the list of followers known on the receiving instance (where “receiving instance” is determined by accounts sharing the same host name for their ActivityPub actor `id`) - `url` of a collection that should be fetched by the instance actor Internally, move away from the webfinger-based `domain` attribute and use account `uri` prefix to group accounts. * Add environment variable to disable followers synchronization Since the whole mechanism relies on some new preconditions that, in some extremely rare cases, might not be met, add an environment variable (DISABLE_FOLLOWERS_SYNCHRONIZATION) to disable the mechanism altogether and avoid followers being incorrectly removed. The current conditions are: 1. all managed accounts' actor `id` and inbox URL have the same URI scheme and netloc. 2. all accounts whose actor `id` or inbox URL share the same URI scheme and netloc as a managed account must be managed by the same Mastodon instance as well. As far as Mastodon is concerned, breaking those preconditions require extensive configuration changes in the reverse proxy and might also cause other issues. Therefore, this environment variable provides a way out for people with highly unusual configurations, and can be safely ignored for the overwhelming majority of Mastodon administrators. * Only set follower synchronization header on non-public statuses This is to avoid unnecessary computations and allow Follow-related activities to be handled by the usual codepath instead of going through the synchronization mechanism (otherwise, any Follow/Undo/Accept activity would trigger the synchronization mechanism even if processing the activity itself would be enough to re-introduce synchronization) * Change how ActivityPub::SynchronizeFollowersService handles follow requests If the remote lists a local follower which we only know has sent a follow request, consider the follow request as accepted instead of sending an Undo. * Integrate review feeback - rename X-AS-Collection-Synchronization to Collection-Synchronization - various minor refactoring and code style changes * Only select required fields when computing followers_hash * Use actor URI rather than webfinger domain in synchronization endpoint * Change hash computation to be a XOR of individual hashes Makes it much easier to be memory-efficient, and avoid sorting discrepancy issues. * Marginally improve followers_hash computation speed * Further improve hash computation performances by using pluck_each
2020-10-13Add duration parameter to muting. (#13831)OSAMU SATO
* Adding duration to muting. * Remove useless checks
2020-10-12Add IP-based rules (#14963)Eugen Rochko
2020-10-08Remove dependency on goldfinger gem (#14919)Eugen Rochko
There are edge cases where requests to certain hosts timeout when using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now that we no longer need to support OStatus servers, webfinger logic is so simple that there is no point encapsulating it in a gem, so we can just use our own Request class. With that, we benefit from more robust timeout code and IPv4/IPv6 resolution. Fix #14091
2020-09-18Add option to be notified when a followed user posts (#13546)Eugen Rochko
* Add bell button Fix #4890 * Remove duplicate type from post-deployment migration * Fix legacy class type mappings * Improve query performance with better index * Fix validation * Remove redundant index from notifications
2020-09-15Change account suspensions to be reversible by default (#14726)Eugen Rochko
2020-09-08Refactor feed manager (#14761)Eugen Rochko
2020-09-07Refactor how public and tag timelines are queried (#14728)Eugen Rochko
2020-09-01Change own direct-visibility statuses to be in the home feed again (#14711)Eugen Rochko
And remove highlighting in web UI Full circle from #8940
2020-09-01Bump rubocop from 0.86.0 to 0.88.0 (#14412)dependabot[bot]
* Bump rubocop from 0.86.0 to 0.88.0 Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.86.0 to 0.88.0. - [Release notes](https://github.com/rubocop-hq/rubocop/releases) - [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.86.0...v0.88.0) Signed-off-by: dependabot[bot] <support@github.com> * Fix for latest RuboCop Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2020-08-31Fix limited follower id in fan-out-on-write service (#14709)Takeshi Umeda
2020-08-30Fix inefficiencies in fan-out-on-write service (#14682)Eugen Rochko
2020-08-25Use Status.group instead of Status.distinct in HashQueryService (#14662)Akihiko Odaki
DISTINCT clause removes duplicated records according to all the selected attributes. In reality, it can remove duplicated records only looking at statuses.id, but the clause confuses the query planner and yields insufficient performance. The behavior is also problematic if the scope produced by HashQueryService is used to query columns without id (using pluck method, for example). The scope is expected to contain unique statuses, but the uniquness will be evaluated with some arbitrary columns other than id. GROUP BY clause resolves those problem by explicitly specifying the column to take into account for the record distinction. A workaround for the problem of DISTINCT clause in Api::V1::Timelines::TagController is no longer necessary and removed.
2020-07-26Fix following restriction not working when exact match in account search ↵Takeshi Umeda
(#14394)
2020-07-23Fix duplicate notification and delivery of mentions (#14378)Takeshi Umeda
2020-07-19Fix movie width and frame_rate returning nil (#14357)Takeshi Umeda
* Fix movie width and frame_rate returning nil * Add StreamValidationError and raise * Fix code style
2020-07-15Fix removing allowed domains being done synchronously (#14302)ThibG
* Fix removing allowed domains being done synchronously * Add tests
2020-07-13Fix account domain block not properly unfollowing accounts from domain (#14304)Eugen Rochko
Fix #14303
2020-07-12Fix removing a DomainAllow rule wiping known accounts in open federation ↵ThibG
mode (#14298) Fixes #14296
2020-07-07Change User-Agent of link preview fetching service to include "Bot" (#14248)Eugen Rochko
This forces Twitter to render OpenGraph tags in the response
2020-06-29Add customizable thumbnails for audio and video attachments (#14145)Eugen Rochko
- Change audio files to not be stripped of metadata - Automatically extract cover art from audio if it exists - Add `thumbnail` parameter to `POST /api/v1/media`, `POST /api/v2/media` and `PUT /api/v1/media/:id` - Add `icon` to represent it in attachments in ActivityPub - Fix `preview_url` containing URL of missing missing image when there is no thumbnail instead of null - Fix duration of audio not being displayed on public pages until the file is loaded
2020-06-09Make domain block/silence/reject-media code more robust (#13424)ThibG
* Split media cleanup from reject-media domain blocks to its own service * Slightly improve ClearDomainMediaService error handling * Lower DomainClearMediaWorker to lowest-priority queue * Do not catch ActiveRecord::RecordNotFound in domain block workers * Fix DomainBlockWorker spec labels * Add some specs * Change domain blocks to immediately mark accounts as suspended Rather than doing so sequentially, account after account, while cleaning their data. This doesn't change much about the time the block takes to complete, but it immediately prevents interaction with the blocked domain, while up to now, it would only be guaranteed when the process ends.
2020-06-09Fix performance of follow import (#13836)Takeshi Umeda
2020-06-03Fix activity not being signed (#13948)Takeshi Umeda
2020-06-02Add E2EE API (#13820)Eugen Rochko
2020-05-14Fix hashtag search performing account search as well (#13758)ThibG
2020-05-12Fix not publishing update of remote timeline (#13745)Takeshi Umeda
* Fix not publishing update of remote timeline * fix @ missing * if/unless to if/else
2020-05-10Refactor monkey-patching of Goldfinger (#12561)Eugen Rochko
2020-04-25Fix not being able to resolve public resources in development environment ↵Eugen Rochko
(#13505)
2020-04-02Fix returning results when searching for URL with non-zero offset (#13377)Eugen Rochko
Fix #13083
2020-03-30Fix incorrect deletion of local accounts imported by overwriting (#13350)Takeshi Umeda
2020-03-25Fix media not being marked sensitive when client sets a CW but no text (#13277)ThibG
Mastodon enforces the “sensitive” flag on media attachments whenever a toot is posted with a Content Warning. However, it does so *after* potentially converting the Content Warning to toot text (when there is no toot text), which leads to inconsistent and surprising behavior for API clients. This commit fixes this inconsistency.
2020-03-12Fix some timeouts when searching URLs by limiting some database queries (#13253)ThibG
Only look up private toots from database if the request failed because of 401, 403 or 404 errors, as those may indicate a private toot, rather than something that isn't a toot or cannot be processed.