about summary refs log tree commit diff
path: root/app
AgeCommit message (Collapse)Author
2019-07-19Fix sanitizing lists contents (#11354)ThibG
* Add test * Fix code for sanitizing nested lists stripping all tags
2019-07-19Add ActivityPub actor representing the entire server (#11321)ThibG
* Add support for an instance actor * Skip username validation for local Application accounts * Add migration script to create instance actor * Make Codeclimate happy * Switch to id -99 for instance actor * Remove unused `icon` and `image` attributes from instance actor * Use if/elsif/else instead of return + ternary operator * Add instance actor to fresh installs * Use instance actor as instance representative Use instance actor for forwarding reports, relay operations, and spam auto-reporting. * Seed database in test environment * Fix single-user mode * Fix tests * Fix specs to accomodate for an extra `Account` * Auto-reject follows on instance actor Following an instance actor might make sense, but we are not handling that right now, so auto-reject. * Fix webfinger lookup and serialization for instance actor * Rename instance actor * Make it clear in the HTML view that the instance actor should not be blocked * Raise cache time for instance actor as there's no dynamic content * Re-use /about/more with a flash message for instance actor profile
2019-07-18Fix only one middle dot being recognized in hashtags (#11345)Eugen Rochko
Fix #10934
2019-07-18Add aac, m4a, 3gp to allowed audio formats (#11342)Eugen Rochko
Fix #11186
2019-07-18Change language detection to include hashtags as words (#11341)Eugen Rochko
2019-07-18Fix typo in StatusPolicy (#11344)ThibG
2019-07-17Add setting to disable the anti-spam (#11296)ThibG
* Add environment variable to disable the anti-spam * Move antispam setting to admin settings * Fix typo * antispam → spam_check
2019-07-17Change terms and privacy policy pages to always be accessible (#11334)Eugen Rochko
Fix #11328
2019-07-17Fix custom CSS controller (#11336)ThibG
2019-07-17Extend AUTHORIZED_FETCH mode to user blocks as well (#11332)ThibG
* Extend AUTHORIZED_FETCH mode to user blocks as well * Move decision to deny access to StatusPolicy
2019-07-17Fix caching headers in ActivityPub endpoints (#11331)ThibG
* Fix reverse-proxy caching in public fetch mode * Fix caching in ActivityPub-specific controllers
2019-07-16Remove unused Account#magic_key (#11327)ThibG
2019-07-16Add option to disable real-time updates in web UI (#9984)Eugen Rochko
Fix #9031 Fix #7913
2019-07-15Add periodic removal of older thumbnails for preview cards (#11304)Eugen Rochko
2019-07-15New Crowdin translations (#11153)Eugen Rochko
* New translations activerecord.en.yml (Indonesian) [ci skip] * New translations activerecord.en.yml (Italian) [ci skip] * New translations simple_form.en.yml (Persian) [ci skip] * New translations simple_form.en.yml (Norwegian) [ci skip] * New translations en.yml (Russian) [ci skip] * New translations simple_form.en.yml (Finnish) [ci skip] * New translations en.yml (Serbian (Cyrillic)) [ci skip] * New translations en.yml (Serbian (Latin)) [ci skip] * New translations en.yml (Spanish) [ci skip] * New translations en.yml (Swedish) [ci skip] * New translations en.yml (Tamil) [ci skip] * New translations en.yml (Telugu) [ci skip] * New translations en.yml (Thai) [ci skip] * New translations en.yml (Turkish) [ci skip] * New translations en.yml (Ukrainian) [ci skip] * New translations en.yml (Welsh) [ci skip] * New translations simple_form.en.yml (Dutch) [ci skip] * New translations simple_form.en.yml (Esperanto) [ci skip] * New translations simple_form.en.yml (French) [ci skip] * New translations simple_form.en.yml (Galician) [ci skip] * New translations simple_form.en.yml (Georgian) [ci skip] * New translations simple_form.en.yml (German) [ci skip] * New translations simple_form.en.yml (Greek) [ci skip] * New translations simple_form.en.yml (Hebrew) [ci skip] * New translations simple_form.en.yml (Hungarian) [ci skip] * New translations simple_form.en.yml (Ido) [ci skip] * New translations simple_form.en.yml (Indonesian) [ci skip] * New translations simple_form.en.yml (Italian) [ci skip] * New translations simple_form.en.yml (Korean) [ci skip] * New translations doorkeeper.en.yml (Welsh) [ci skip] * New translations simple_form.en.yml (Occitan) [ci skip] * New translations en.yml (Occitan) [ci skip] * New translations en.yml (Occitan) [ci skip] * New translations simple_form.en.yml (Japanese) [ci skip] * New translations simple_form.en.yml (Japanese) [ci skip] * New translations simple_form.en.yml (Japanese) [ci skip] * New translations simple_form.en.yml (Japanese) [ci skip] * New translations simple_form.en.yml (Japanese) [ci skip] * New translations en.json (Italian) [ci skip] * New translations simple_form.en.yml (Greek) [ci skip] * New translations simple_form.en.yml (Czech) [ci skip] * New translations simple_form.en.yml (Basque) [ci skip] * New translations en.yml (Thai) [ci skip] * New translations simple_form.en.yml (German) [ci skip] * New translations en.yml (Polish) [ci skip] * New translations simple_form.en.yml (Polish) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations doorkeeper.en.yml (Chinese Simplified) [ci skip] * New translations simple_form.en.yml (Japanese) [ci skip] * New translations simple_form.en.yml (Thai) [ci skip] * New translations en.json (Thai) [ci skip] * New translations simple_form.en.yml (Slovak) [ci skip] * New translations simple_form.en.yml (Corsican) [ci skip] * New translations simple_form.en.yml (Corsican) [ci skip] * New translations simple_form.en.yml (Chinese Simplified) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations simple_form.en.yml (Chinese Simplified) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations simple_form.en.yml (Chinese Simplified) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.yml (Slovenian) [ci skip] * New translations en.yml (Slovenian) [ci skip] * New translations en.yml (Slovenian) [ci skip] * New translations en.yml (Slovenian) [ci skip] * New translations en.yml (Slovenian) [ci skip] * New translations en.yml (Slovenian) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations simple_form.en.yml (Chinese Simplified) [ci skip] * New translations simple_form.en.yml (Galician) [ci skip] * New translations en.json (Galician) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations en.yml (Occitan) [ci skip] * New translations en.json (Portuguese, Brazilian) [ci skip] * New translations en.json (Portuguese, Brazilian) [ci skip] * New translations en.json (Spanish) [ci skip] * New translations en.json (Spanish) [ci skip] * New translations en.json (Spanish) [ci skip] * New translations en.json (Spanish) [ci skip] * New translations en.yml (Occitan) [ci skip] * New translations doorkeeper.en.yml (Welsh) [ci skip] * New translations en.json (Spanish) [ci skip] * New translations en.json (Spanish) [ci skip] * New translations simple_form.en.yml (Welsh) [ci skip] * New translations activerecord.en.yml (Welsh) [ci skip] * New translations en.yml (Slovak) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations en.yml (Occitan) [ci skip] * New translations en.yml (Occitan) [ci skip] * New translations en.yml (Albanian) [ci skip] * New translations activerecord.en.yml (Serbian (Latin)) [ci skip] * New translations doorkeeper.en.yml (Serbian (Latin)) [ci skip] * New translations devise.en.yml (Serbian (Latin)) [ci skip] * New translations en.yml (Arabic) [ci skip] * New translations en.yml (Basque) [ci skip] * New translations en.yml (Esperanto) [ci skip] * New translations en.yml (Hebrew) [ci skip] * New translations en.yml (Greek) [ci skip] * New translations en.yml (German) [ci skip] * New translations en.yml (Georgian) [ci skip] * New translations en.yml (Galician) [ci skip] * New translations en.yml (French) [ci skip] * New translations en.yml (Finnish) [ci skip] * New translations en.yml (Dutch) [ci skip] * New translations en.yml (Danish) [ci skip] * New translations en.yml (Corsican) [ci skip] * New translations en.yml (Chinese Traditional, Hong Kong) [ci skip] * New translations en.yml (Chinese Traditional) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations en.yml (Catalan) [ci skip] * New translations en.yml (Hungarian) [ci skip] * New translations en.yml (Indonesian) [ci skip] * New translations en.yml (Czech) [ci skip] * New translations simple_form.en.yml (Serbian (Latin)) [ci skip] * New translations en.yml (Italian) [ci skip] * New translations en.yml (Persian) [ci skip] * New translations en.yml (Serbian (Latin)) [ci skip] * New translations en.yml (Serbian (Cyrillic)) [ci skip] * New translations en.yml (Russian) [ci skip] * New translations en.yml (Portuguese, Brazilian) [ci skip] * New translations en.yml (Portuguese) [ci skip] * New translations en.yml (Polish) [ci skip] * New translations en.yml (Occitan) [ci skip] * New translations en.yml (Slovenian) [ci skip] * New translations en.yml (Norwegian) [ci skip] * New translations en.yml (Lithuanian) [ci skip] * New translations en.yml (Korean) [ci skip] * New translations en.yml (Kazakh) [ci skip] * New translations en.yml (Japanese) [ci skip] * New translations en.yml (Slovak) [ci skip] * New translations en.yml (Spanish) [ci skip] * New translations en.yml (Swedish) [ci skip] * New translations en.yml (Welsh) [ci skip] * New translations en.yml (Ukrainian) [ci skip] * New translations en.yml (Turkish) [ci skip] * New translations en.yml (Thai) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations devise.en.yml (Chinese Simplified) [ci skip] * New translations en.json (Russian) [ci skip] * New translations en.json (Russian) [ci skip] * New translations en.json (Russian) [ci skip] * New translations en.json (Russian) [ci skip] * New translations en.json (Russian) [ci skip] * New translations en.yml (Basque) [ci skip] * New translations simple_form.en.yml (Basque) [ci skip] * New translations en.yml (Basque) [ci skip] * New translations doorkeeper.en.yml (Basque) [ci skip] * New translations en.json (Korean) [ci skip] * New translations doorkeeper.en.yml (Slovak) [ci skip] * New translations en.yml (Finnish) [ci skip] * New translations en.yml (Esperanto) [ci skip] * New translations en.yml (Dutch) [ci skip] * New translations en.yml (Danish) [ci skip] * New translations en.yml (Corsican) [ci skip] * New translations en.yml (Chinese Traditional, Hong Kong) [ci skip] * New translations en.yml (Chinese Simplified) [ci skip] * New translations en.yml (Catalan) [ci skip] * New translations en.yml (Chinese Traditional) [ci skip] * New translations en.yml (Basque) [ci skip] * New translations en.yml (Asturian) [ci skip] * New translations en.yml (Arabic) [ci skip] * New translations en.yml (Albanian) [ci skip] * New translations en.yml (Czech) [ci skip] * New translations en.yml (French) [ci skip] * New translations en.yml (Galician) [ci skip] * New translations en.yml (Georgian) [ci skip] * New translations en.yml (German) [ci skip] * New translations en.yml (Greek) [ci skip] * New translations en.yml (Hungarian) [ci skip] * New translations en.yml (Italian) [ci skip] * New translations en.yml (Japanese) [ci skip] * New translations en.yml (Kazakh) [ci skip] * New translations en.yml (Korean) [ci skip] * New translations en.yml (Lithuanian) [ci skip] * New translations en.yml (Occitan) [ci skip] * New translations en.yml (Persian) [ci skip] * New translations en.yml (Polish) [ci skip] * New translations en.yml (Portuguese) [ci skip] * New translations en.yml (Portuguese, Brazilian) [ci skip] * New translations en.yml (Serbian (Cyrillic)) [ci skip] * New translations en.yml (Russian) [ci skip] * New translations en.yml (Slovak) [ci skip] * New translations en.yml (Spanish) [ci skip] * New translations en.yml (Swedish) [ci skip] * New translations en.yml (Thai) [ci skip] * New translations en.yml (Ukrainian) [ci skip] * New translations en.yml (Welsh) [ci skip] * New translations en.yml (Russian) [ci skip] * New translations simple_form.en.yml (Russian) [ci skip] * New translations simple_form.en.yml (Russian) [ci skip] * New translations en.json (Thai) [ci skip] * New translations en.json (Thai) [ci skip] * New translations simple_form.en.yml (Thai) [ci skip] * New translations simple_form.en.yml (Thai) [ci skip] * New translations en.json (Spanish) [ci skip] * New translations en.yml (Spanish) [ci skip] * New translations en.yml (Spanish) [ci skip] * New translations en.yml (Spanish) [ci skip] * New translations en.yml (Spanish) [ci skip] * New translations en.yml (Spanish) [ci skip] * New translations doorkeeper.en.yml (Spanish) [ci skip] * New translations doorkeeper.en.yml (Spanish) [ci skip] * New translations en.json (Spanish) [ci skip] * New translations en.yml (Spanish) [ci skip] * New translations en.yml (Spanish) [ci skip] * New translations simple_form.en.yml (Spanish) [ci skip] * New translations simple_form.en.yml (Spanish) [ci skip] * New translations simple_form.en.yml (Spanish) [ci skip] * New translations doorkeeper.en.yml (Spanish) [ci skip] * New translations en.json (Slovak) [ci skip] * New translations devise.en.yml (Slovak) [ci skip] * New translations doorkeeper.en.yml (Slovak) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.json (Chinese Simplified) [ci skip] * New translations en.yml (Slovak) [ci skip] * New translations simple_form.en.yml (Japanese) [ci skip] * New translations en.json (Bengali) [ci skip] * New translations en.json (Bengali) [ci skip] * New translations en.json (Bengali) [ci skip] * New translations en.json (Bengali) [ci skip] * New translations en.json (Bengali) [ci skip] * New translations en.json (Bengali) [ci skip] * New translations en.json (Bengali) [ci skip] * New translations en.json (Bengali) [ci skip] * New translations en.json (Bengali) [ci skip] * New translations en.json (Bengali) [ci skip] * New translations en.json (Bengali) [ci skip] * New translations activerecord.en.yml (Bengali) [ci skip] * New translations devise.en.yml (Bengali) [ci skip] * New translations devise.en.yml (Bengali) [ci skip] * New translations devise.en.yml (Bengali) [ci skip] * New translations devise.en.yml (Bengali) [ci skip] * New translations devise.en.yml (Bengali) [ci skip] * New translations devise.en.yml (Bengali) [ci skip] * i18n-tasks normalize * yarn manage:translations
2019-07-15Disable LDSigning when AUTHORIZED_FETCH is set to true (#11295)ThibG
2019-07-15Fix leaking private statuses the admin account follows (#11300)ThibG
Now that the request is signed, it can return private toots. Do not leak them.
2019-07-13Add a spam check (#11217)Eugen Rochko
* Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
2019-07-12Change the retry limit in error of web push notification (#11292)han@highemelry
- Change the maximum count of retry for web push notification (Default -> 5). - In case of high load of subscribe server, the retries will be repeated many times. - Because the retries occupy the default queue, maximum retry count should be reduced.
2019-07-11Add ActivityPub secure mode (#11269)Eugen Rochko
* Add HTTP signature requirement for served ActivityPub resources * Change `SECURE_MODE` to `AUTHORIZED_FETCH` * Add 'Signature' to 'Vary' header and improve code style * Improve code style by adding `public_fetch_mode?` method
2019-07-11Fix BlockService trying to reject incorrect follow request (#11288)ThibG
Fixes #11148
2019-07-11Add HTTP signatures to all outgoing ActivityPub GET requests (#11284)Eugen Rochko
2019-07-10Refactor fetching of remote resources (#11251)Eugen Rochko
2019-07-10Drop magic-public-key from webfinger replies as it's only used for OStatus ↵ThibG
(#11280)
2019-07-10Fix handling of webfinger redirects in ResolveAccountService (#11279)ThibG
2019-07-10Fix activity being rendered within activity due to caching (#11271)Eugen Rochko
Fix #11270
2019-07-09Refactor domain block checks (#11268)Eugen Rochko
2019-07-08Fix Status.remote scope matching *all* statuses (#11265)ThibG
2019-07-08Remove unused remote unfollow controller (#11250)Eugen Rochko
2019-07-08Refactor controllers for statuses, accounts, and more (#11249)Eugen Rochko
2019-07-08Fix BackupService crashing when an attachment is missing (#11241)ThibG
* Fix BackupService crashing when an attachment is missing For various reasons such as admin error or out-of-sync media and database backups, it might be possible for local attachments to be lost. This commit allows the BackupService to continue its work even if some media file is missing. * Change error message
2019-07-07Remove Atom feeds and old URLs in the form of `GET /:username/updates/:id` ↵Eugen Rochko
(#11247)
2019-07-07Fix URLs appearing twice in errors of ActivityPub::DeliveryWorker (#11231)Eugen Rochko
2019-07-07Fix support for HTTP proxies (#11245)ThibG
* Disable incorrect check for hidden services in Socket Hidden services can only be accessed with an HTTP proxy, in which case the host seen by the Socket class will be the proxy, not the target host. Hidden services are already filtered in `Request#initialize`. * Use our Socket class to connect to HTTP proxies Avoid the timeout logic being bypassed * Add support for IP addresses in Request::Socket * Refactor a bit, no need to keep the DNS resolver around
2019-07-06Remove Salmon and PubSubHubbub (#11205)Eugen Rochko
* Remove Salmon and PubSubHubbub endpoints * Add error when trying to follow OStatus accounts * Fix new accounts not being created in ResolveAccountService
2019-07-06Only scroll to the compose form if it's not horizontally in the viewport ↵ThibG
(#11246) Avoids jumping the scroll around vertically when giving it focus and editing long toots.
2019-07-06Fix option to send e-mail notification about account action always being ↵Eugen Rochko
true (#11242)
2019-07-05Fix HTTP requests to IPv6 hosts (#11240)ThibG
2019-07-05Remove deprecated REST API `GET /api/v1/statuses/:id/card` (#11213)Eugen Rochko
2019-07-05Remove deprecated REST API `GET /api/v1/timelines/direct` (#11212)Eugen Rochko
2019-07-02Memoize ancestorIds and descendantIds in detailed status view (#11234)ThibG
2019-07-02Fix statsd UDP sockets not being cleaned up in Sidekiq (#11230)Eugen Rochko
2019-07-02Change ActivityPub::DeliveryWorker to not retry HTTP 501 errors (#11233)Eugen Rochko
2019-07-02When deleting & redrafting a poll, fill in closest expires_in (#11203)ThibG
Use the smallest preset expires_in such that the new poll would not expire before the old one. In the typical case of a quick delete & redraft, this results in using the same poll duration. Fixes #10567
2019-07-02Add request pool to improve delivery performance (#10353)Eugen Rochko
* Add request pool to improve delivery performance Fix #7909 * Ensure connection is closed when exception interrupts execution * Remove Timeout#timeout from socket connection * Fix infinite retrial loop on HTTP::ConnectionError * Close sockets on failure, reduce idle time to 90 seconds * Add MAX_REQUEST_POOL_SIZE option to limit concurrent connections to the same server * Use a shared pool size, 512 by default, to stay below open file limit * Add some tests * Add more tests * Reduce MAX_IDLE_TIME from 90 to 30 seconds, reap every 30 seconds * Use a shared pool that returns preferred connection but re-purposes other ones when needed * Fix wrong connection being returned on subsequent calls within the same thread * Reduce mutex calls on flushes from 2 to 1 and add test for reaping
2019-07-01Change domain block behaviour to prevent creation of accounts from suspended ↵Eugen Rochko
domains (#11219)
2019-06-30Fix expiration date of filters being set to “Never” when editing them ↵ThibG
(#11204) When editing a custom filter, select the shortest preset duration that still covers the remaining time of that filter. Fixes #9506
2019-06-30Fix support for MP4 files that are actually M4V files (#11210)Eugen Rochko
Resolve #11187
2019-06-30Optimize makeGetStatus (#11211)ThibG
* Optimize makeGetStatus Because `ImmutableList.filter` always returns a new object and `createSelector` memoizes based on object identity, the selector returned by `makeGetStatus` would *always* execute. To avoid that, we wrap `getFilters` into a new memoizer that memoizes based on deep equality, thus returning the same object as long as the filters haven't changed, allowing the memoization of `makeGetStatus` to work. Furthermore, we memoize the compiled regexs instead of recomputing them each time the selector is called. * Fix memoized result being cleared too often * Make notifications use memoized getFiltersRegex
2019-06-29When sending a toot, ensure a CW is only set if the CW field is visible (#11206)ThibG
In some occasions, such as the browser or a browser extension auto-filling the existing but disabled/hidden CW field, a CW can be set without the user knowing.