about summary refs log tree commit diff
path: root/app/services
AgeCommit message (Collapse)Author
2017-09-28If HTTP signature is wrong and webfinger cache is stale, retry with resolve ↵Eugen Rochko
(#5129) If the signature could not be verified and the webfinger of the account was last retrieved longer than the cache period, try re-resolving the account and then attempting to verify the signature again
2017-09-28Flush body when POST requests (#5128)abcang
2017-09-28Merge commit 'b9f59ebcc68e9da0a7158741a1a2ef3564e1321e' into merging-upstreamOndřej Hruška
2017-09-28Merge commit '4aea3f88a6d30f102a79c2da7fcfac96465ba1a8' into merging-upstreamOndřej Hruška
2017-09-26Follow-up to #4582 and #5027, removing dead code (#5101)Eugen Rochko
2017-09-26Fix #5059 - Stop processing payload if it's from local account (#5100)Eugen Rochko
2017-09-26Send streaming API delete to people mentioned in status (#5103)Eugen Rochko
- Previously they wouldn't receive it unless they were author's followers - Skip unpush from public/hashtag timelines if status wasn't public in the first place
2017-09-20Change IDs to strings rather than numbers in API JSON output (#5019)aschmitz
* Fix JavaScript interface with long IDs Somewhat predictably, the JS interface handled IDs as numbers, which in JS are IEEE double-precision floats. This loses some precision when working with numbers as large as those generated by the new ID scheme, so we instead handle them here as strings. This is relatively simple, and doesn't appear to have caused any problems, but should definitely be tested more thoroughly than the built-in tests. Several days of use appear to support this working properly. BREAKING CHANGE: The major(!) change here is that IDs are now returned as strings by the REST endpoints, rather than as integers. In practice, relatively few changes were required to make the existing JS UI work with this change, but it will likely hit API clients pretty hard: it's an entirely different type to consume. (The one API client I tested, Tusky, handles this with no problems, however.) Twitter ran into this issue when introducing Snowflake IDs, and decided to instead introduce an `id_str` field in JSON responses. I have opted to *not* do that, and instead force all IDs to 64-bit integers represented by strings in one go. (I believe Twitter exacerbated their problem by rolling out the changes three times: once for statuses, once for DMs, and once for user IDs, as well as by leaving an integer ID value in JSON. As they said, "If you’re using the `id` field with JSON in a Javascript-related language, there is a very high likelihood that the integers will be silently munged by Javascript interpreters. In most cases, this will result in behavior such as being unable to load or delete a specific direct message, because the ID you're sending to the API is different than the actual identifier associated with the message." [1]) However, given that this is a significant change for API users, alternatives or a transition time may be appropriate. 1: https://blog.twitter.com/developer/en_us/a/2011/direct-messages-going-snowflake-on-sep-30-2011.html * Additional fixes for stringified IDs in JSON These should be the last two. These were identified using eslint to try to identify any plain casts to JavaScript numbers. (Some such casts are legitimate, but these were not.) Adding the following to .eslintrc.yml will identify casts to numbers: ~~~ no-restricted-syntax: - warn - selector: UnaryExpression[operator='+'] > :not(Literal) message: Avoid the use of unary + - selector: CallExpression[callee.name='Number'] message: Casting with Number() may coerce string IDs to numbers ~~~ The remaining three casts appear legitimate: two casts to array indices, one in a server to turn an environment variable into a number. * Back out RelationshipsController Change This was made to make a test a bit less flakey, but has nothing to do with this branch. * Change internal streaming payloads to stringified IDs as well Per https://github.com/tootsuite/mastodon/pull/5019#issuecomment-330736452 we need these changes to send deleted status IDs as strings, not integers.
2017-09-19Introduce OStatus::TagManager (#5008)Akihiko Odaki
2017-09-19Fix incomplete account records being read (#4998)Eugen Rochko
* Fix incomplete account records being read - Put account processing into redis lock - Do not save until record is complete * Fix spaces
2017-09-19Admin interface for listing, adding and removing custom emojis (#5002)Eugen Rochko
* Admin interface for listing, adding and removing custom emojis * Only display local ones in the list
2017-09-17Fix an error when actor json couldn't be fetched in ↵unarist
ResolveRemoteAccountService (#4979) * Fix an error when actor json couldn't be fetched in ResolveRemoteAccountService * Add specs
2017-09-16Fix filterable_languages method of SettingsHelper (#4966)Akihiko Odaki
2017-09-14Enable to recognize most kinds of characters as URL paths (#4941)ふぁぼ原
2017-09-13Refactor handling of default params for muting to make code cleanerSurinna Curtis
2017-09-13Less gross passing of notifications flagSurinna Curtis
2017-09-13Add support for muting notifications in MuteServiceSurinna Curtis
2017-09-13block notifications in notify_service from hard muted accountsSurinna Curtis
2017-09-14Support OpenGraph video embeds (#4897)Eugen Rochko
* Support OpenGraph video embeds It's not really OpenGraph, it's twitter:player property, but it's not OEmbed so that fits. For example, this allows Twitch clips to be displayed as embeds. Also, fixes glitch-soc/mastodon#135 * Fix invalid OpenGraph cards being saved through attaching and revisit URLs after 14 days
2017-09-14Fix refollowing (#4931)ThibG
* Make RefollowWorker ActivityPub-only to avoid potential identifier mismatches * Don't call RefollowWorker on new accounts
2017-09-13Fix #4917 - Add missing suspend checks (#4921)Eugen Rochko
2017-09-12[WiP] Whenever a remote keypair changes, unfollow them and re-subscribe to ↵ThibG
… (#4907) * Whenever a remote keypair changes, unfollow them and re-subscribe to them In Mastodon (it could be different for other OStatus or AP-enabled software), a keypair change is indicative of whole user (or instance) data loss. In this situation, the “new” user might be different, and almost certainly has an empty followers list. In this case, Mastodon instances will disagree on follower lists, leading to unreliable delivery and “shadow followers”, that is users believed by a remote instance to be followers, without the affected user knowing. Drawbacks of this change are: 1. If an user legitimately changes public key for some reason without losing data (not possible in Mastodon at the moment), they will have their remote followers unsubscribed/re-subscribed needlessly. 2. Depending of the number of remote followers, this may generate quite some traffic. 3. If the user change is an attempt at usurpation, the remote followers will unknowingly follow the usurper. Note that this is *not* a change of behavior, Mastodon already behaves like that, although delivery might be unreliable, and the usurper would not have known the former user's followers. * Rename ResubscribeWorker to RefollowWorker * Process followers in batches
2017-09-10Merge tag 'v1.6.0' into sync/upstreamDavid Yip
2017-09-10Default follows for new users (#4871)Eugen Rochko
When a new user confirms their e-mail, bootstrap their home timeline by automatically following a set of accounts. By default, all local admin accounts (that are unlocked). Can be customized by new admin setting (comma-separated usernames, local and unlocked only)
2017-09-09Merge tag 'v1.6.0rc4' into sync/upstream-1.6.0rc4David Yip
Conflicts: app/javascript/mastodon/features/getting_started/index.js app/javascript/packs/public.js app/javascript/styles/components.scss
2017-09-09Merge tag 'v1.6.0rc3' into sync/upstreamDavid Yip
2017-09-09Merge branch 'origin/master' into sync/upstreamDavid Yip
Conflicts: app/javascript/mastodon/components/status_list.js app/javascript/mastodon/features/notifications/index.js app/javascript/mastodon/features/ui/components/modal_root.js app/javascript/mastodon/features/ui/components/onboarding_modal.js app/javascript/mastodon/features/ui/index.js app/javascript/styles/about.scss app/javascript/styles/accounts.scss app/javascript/styles/components.scss app/presenters/instance_presenter.rb app/services/post_status_service.rb app/services/reblog_service.rb app/views/about/more.html.haml app/views/about/show.html.haml app/views/accounts/_header.html.haml config/webpack/loaders/babel.js spec/controllers/api/v1/accounts/credentials_controller_spec.rb
2017-09-09Fix errors preventing UnsubscribeService from working (#4866)Eugen Rochko
2017-09-09Add missing reject_media check before avatar download via ActivityPub (#4862)Eugen Rochko
2017-09-09Fix #4852 - Check if already requested from FollowService (#4855)Eugen Rochko
2017-09-09Fix #4850 - When visibility missing from API call to toot, fallback to user ↵Eugen Rochko
preference (#4861)
2017-09-08Fetch statuses/following/followers numbers from ActivityPub collections (#4840)Eugen Rochko
2017-09-05Fix mentions in direct statuses not being delivered via AP (#4806)Eugen Rochko
2017-09-04Fix some ActivityPub JSON bugs (#4796)Eugen Rochko
- Fix assumption that `url` is always a string. Handle it if it's an array of strings, array of objects, object, or string, both for accounts and for objects - `sharedInbox` is actually supposed to be under `endpoints`, handle both cases and adjust the serializer
2017-09-02Rename "locked" to "manuallyApprovesFollowers" in ActivityPub (#4779)Eugen Rochko
See: <https://www.w3.org/wiki/Activity_Streams_extensions#as:manuallyApprovesFollowers>
2017-09-02Make "unfollow" undo pending outgoing follow request too (#4781)Eugen Rochko
* Make "unfollow" undo pending outgoing follow request too * Add cancel button to web UI when awaiting follow request approval * Make the hourglass button do the cancelling
2017-09-02Define missing JSON-LD properties (#4767)Eugen Rochko
Using _: property names is discouraged, as in the future, canonicalization may throw an error when encountering that instead of discarding it silently like it does now. We are defining some ActivityStreams properties which we expect to land in ActivityStreams eventually, to ensure that future versions of Mastodon will remain compatible with this even once that happens. Those would be `locked`, `sensitive` and `Hashtag` We are defining a custom context inline for some properties which we do not expect to land in any other context. `atomUri`, `inReplyToAtomUri` and `conversation` are part of the custom defined OStatus context.
2017-09-01Avoid sending some ActivityPub payloads if the receiver will get them ↵Eugen Rochko
through distribution (#4739)
2017-09-01Make PreviewCard records reuseable between statuses (#4642)Eugen Rochko
* Make PreviewCard records reuseable between statuses **Warning!** Migration truncates preview_cards tablec * Allow a wider thumbnail for link preview, display it in horizontal layout (#4648) * Delete preview cards files before truncating * Rename old table instead of truncating it * Add mastodon:maintenance:remove_deprecated_preview_cards * Ignore deprecated_preview_cards in schema definition * Fix null behaviour
2017-08-31Don't process ActivityPub payload if signature is invalid (#4752)unarist
* Don't process ActivityPub payload if signature is invalid * Fix style issue
2017-08-31Guarantee Subscription service first account has proper URL details (#4732)James
* Guarantee Subscription service first account has proper URL details Subscription Service potentially could break if the first user suspended themselves, creating a situation where the urls that populate throughout subscription service's PuSH request would cause the remote API to throw 503 errors. Guaranteeing that the first account picked is not suspended prevents this problem. * Fix style issue
2017-08-30Forward ActivityPub creates that reply to local statuses (#4709)Eugen Rochko
* Forward ActivityPub creates that reply to local statuses * Fix test * Fix wrong signers
2017-08-29Serialize ActivityPub alternate link into OStatus deletes, handle it (#4730)Eugen Rochko
Requires moving Atom rendering from DistributionWorker (where `stream_entry.status` is already nil) to inline (where `stream_entry.status.destroyed?` is true) and distributing that. Unfortunately, such XML renderings can no longer be easily chained together into one payload of n items.
2017-08-28Fix deletion of status which has been reblogged (#4728)unarist
2017-08-26Add ActivityPub serializer for Undo of Announce (#4703)Eugen Rochko
2017-08-26Add handling of Linked Data Signatures in payloads (#4687)Eugen Rochko
* Add handling of Linked Data Signatures in payloads * Add a way to sign JSON, fix canonicalization of signature options * Fix signatureValue encoding, send out signed JSON when distributing * Add missing security context
2017-08-26authorize-follow-requests-after-unlocking (#4658)masarakki
2017-08-24Add configuration to disable private status federation over PuSH (#4582)Eugen Rochko
2017-08-24Fetch reblogs as Announce activity instead of Note object (#4672)unarist
* Process Create / Announce activity in FetchRemoteStatusService * Use activity URL in ActivityPub for reblogs * Redirect to the original status on StatusesController#show
2017-08-23Fix accessing to XML attribute in FetchAtomService (#4668)unarist