From 42573b76f1ed4ec64a961441b14631c341b752b4 Mon Sep 17 00:00:00 2001 From: ThibG Date: Thu, 23 Aug 2018 00:27:58 +0200 Subject: Do not crash if remote custom emoji does not define updated date (fixes #8376) (#8377) --- app/lib/activitypub/activity/create.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/lib') diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index 00479fd9a..79efc95d3 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -107,7 +107,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity updated = tag['updated'] emoji = CustomEmoji.find_by(shortcode: shortcode, domain: @account.domain) - return unless emoji.nil? || emoji.updated_at >= updated + return unless emoji.nil? || image_url != emoji.image_remote_url || (updated && emoji.updated_at >= updated) emoji ||= CustomEmoji.new(domain: @account.domain, shortcode: shortcode, uri: uri) emoji.image_remote_url = image_url -- cgit From 6cb3514d64ec24b164484f4eb84363b96746d5d6 Mon Sep 17 00:00:00 2001 From: Jakub Mendyk Date: Thu, 23 Aug 2018 14:17:35 +0200 Subject: Add ability to change an instance default theme from the administration panel (#7092) (#8381) * Add default_settings class method to ScopedSettings ScopedSettings was extended to use value of unscoped setting instead of only using defaults set in config/settings.yml for selected settings. This adds possibility for admins to set default values of users' settings, for example default theme (as requested in #7092). * Add ability to change an instance default theme Closes #7092 --- app/controllers/admin/settings_controller.rb | 1 + app/controllers/application_controller.rb | 2 +- app/lib/settings/scoped_settings.rb | 15 +++++++++-- app/models/form/admin_settings.rb | 2 ++ app/views/admin/settings/edit.html.haml | 1 + spec/controllers/application_controller_spec.rb | 33 +++++++++++++++++++++++++ 6 files changed, 51 insertions(+), 3 deletions(-) (limited to 'app/lib') diff --git a/app/controllers/admin/settings_controller.rb b/app/controllers/admin/settings_controller.rb index 3234b194f..23e0444d0 100644 --- a/app/controllers/admin/settings_controller.rb +++ b/app/controllers/admin/settings_controller.rb @@ -16,6 +16,7 @@ module Admin timeline_preview show_staff_badge bootstrap_timeline_accounts + theme thumbnail hero min_invite_role diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index eafe27047..7ddd26ec0 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -95,7 +95,7 @@ class ApplicationController < ActionController::Base end def current_theme - return Setting.default_settings['theme'] unless Themes.instance.names.include? current_user&.setting_theme + return Setting.theme unless Themes.instance.names.include? current_user&.setting_theme current_user.setting_theme end diff --git a/app/lib/settings/scoped_settings.rb b/app/lib/settings/scoped_settings.rb index de4af3009..5ee30825d 100644 --- a/app/lib/settings/scoped_settings.rb +++ b/app/lib/settings/scoped_settings.rb @@ -2,6 +2,10 @@ module Settings class ScopedSettings + DEFAULTING_TO_UNSCOPED = %w( + theme + ).freeze + def initialize(object) @object = object end @@ -50,15 +54,22 @@ module Settings Rails.cache.fetch(Setting.cache_key(key, @object)) do db_val = thing_scoped.find_by(var: key.to_s) if db_val - default_value = Setting.default_settings[key] + default_value = ScopedSettings.default_settings[key] return default_value.with_indifferent_access.merge!(db_val.value) if default_value.is_a?(Hash) db_val.value else - Setting.default_settings[key] + ScopedSettings.default_settings[key] end end end + class << self + def default_settings + defaulting = DEFAULTING_TO_UNSCOPED.map { |k| [k, Setting[k]] }.to_h + Setting.default_settings.merge!(defaulting) + end + end + protected def thing_scoped diff --git a/app/models/form/admin_settings.rb b/app/models/form/admin_settings.rb index 010cf7fc3..db46cda7b 100644 --- a/app/models/form/admin_settings.rb +++ b/app/models/form/admin_settings.rb @@ -30,6 +30,8 @@ class Form::AdminSettings :show_staff_badge=, :bootstrap_timeline_accounts, :bootstrap_timeline_accounts=, + :theme, + :theme=, :min_invite_role, :min_invite_role=, :activity_api_enabled, diff --git a/app/views/admin/settings/edit.html.haml b/app/views/admin/settings/edit.html.haml index fda6b00f4..b5aa176a2 100644 --- a/app/views/admin/settings/edit.html.haml +++ b/app/views/admin/settings/edit.html.haml @@ -15,6 +15,7 @@ %hr/ .fields-group + = f.input :theme, collection: Themes.instance.names, label_method: lambda { |theme| I18n.t("themes.#{theme}", default: theme) }, wrapper: :with_label, include_blank: false = f.input :thumbnail, as: :file, wrapper: :with_block_label, label: t('admin.settings.thumbnail.title'), hint: t('admin.settings.thumbnail.desc_html') = f.input :hero, as: :file, wrapper: :with_block_label, label: t('admin.settings.hero.title'), hint: t('admin.settings.hero.desc_html') diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index c6c78d3f7..d158625e6 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -92,6 +92,39 @@ describe ApplicationController, type: :controller do end end + describe 'helper_method :current_theme' do + it 'returns "default" when theme wasn\'t changed in admin settings' do + allow(Setting).to receive(:default_settings).and_return({'theme' => 'default'}) + + expect(controller.view_context.current_theme).to eq 'default' + end + + it 'returns instances\'s theme when user is not signed in' do + allow(Setting).to receive(:[]).with('theme').and_return 'contrast' + + expect(controller.view_context.current_theme).to eq 'contrast' + end + + it 'returns instances\'s default theme when user didn\'t set theme' do + current_user = Fabricate(:user) + sign_in current_user + + allow(Setting).to receive(:[]).with('theme').and_return 'contrast' + + expect(controller.view_context.current_theme).to eq 'contrast' + end + + it 'returns user\'s theme when it is set' do + current_user = Fabricate(:user) + current_user.settings['theme'] = 'mastodon-light' + sign_in current_user + + allow(Setting).to receive(:[]).with('theme').and_return 'contrast' + + expect(controller.view_context.current_theme).to eq 'mastodon-light' + end + end + context 'ActionController::RoutingError' do subject do routes.draw { get 'routing_error' => 'anonymous#routing_error' } -- cgit From 95bd0d4528cae7d8b01c82cfaf3b74bef4864c11 Mon Sep 17 00:00:00 2001 From: M Somerville Date: Sat, 25 Aug 2018 12:27:34 +0100 Subject: Support ActivityStreams’ summaryMap. (#8422) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In the same way as contentMap and nameMap. --- app/lib/activitypub/activity/create.rb | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'app/lib') diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index 79efc95d3..f40e1fa3e 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -48,7 +48,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity account: @account, text: text_from_content || '', language: detected_language, - spoiler_text: @object['summary'] || '', + spoiler_text: text_from_summary || '', created_at: @object['published'], override_timestamps: @options[:override_timestamps], reply: @object['inReplyTo'].present?, @@ -193,6 +193,14 @@ class ActivityPub::Activity::Create < ActivityPub::Activity end end + def text_from_summary + if @object['summary'].present? + @object['summary'] + elsif summary_language_map? + @object['summaryMap'].values.first + end + end + def text_from_name if @object['name'].present? @object['name'] @@ -206,6 +214,8 @@ class ActivityPub::Activity::Create < ActivityPub::Activity @object['contentMap'].keys.first elsif name_language_map? @object['nameMap'].keys.first + elsif summary_language_map? + @object['summaryMap'].keys.first elsif supported_object_type? LanguageDetector.instance.detect(text_from_content, @account) end @@ -223,6 +233,10 @@ class ActivityPub::Activity::Create < ActivityPub::Activity end end + def summary_language_map? + @object['summaryMap'].is_a?(Hash) && !@object['summaryMap'].empty? + end + def content_language_map? @object['contentMap'].is_a?(Hash) && !@object['contentMap'].empty? end -- cgit From b4ba4b1b5da8d3c7a63ee41c2a440767e1e23104 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 26 Aug 2018 00:33:57 +0200 Subject: Spread out crawling randomly to avoid DDoSing the link (#8445) * Spread out crawling randomly to avoid DDoSing the link Fix #4486 * Remove trailing whitespace --- app/lib/activitypub/activity.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'app/lib') diff --git a/app/lib/activitypub/activity.rb b/app/lib/activitypub/activity.rb index 03476920b..3a39b723e 100644 --- a/app/lib/activitypub/activity.rb +++ b/app/lib/activitypub/activity.rb @@ -104,7 +104,9 @@ class ActivityPub::Activity def crawl_links(status) return if status.spoiler_text? - LinkCrawlWorker.perform_async(status.id) + + # Spread out crawling randomly to avoid DDoSing the link + LinkCrawlWorker.perform_in(rand(1..59).seconds, status.id) end def distribute_to_followers(status) -- cgit From da13fa50215c5153ee199eb8e70e7fa030523a00 Mon Sep 17 00:00:00 2001 From: Quint Guvernator Date: Sun, 26 Aug 2018 13:22:46 -0400 Subject: Fix low-hanging rubocop gripes (#8458) * rubocop: quit being so picky * rubocop: miscellany * rubocop: prefer present to blank --- .rubocop.yml | 6 +++++ .../api/v1/lists/accounts_controller.rb | 2 +- app/controllers/api/v1/lists_controller.rb | 2 +- app/lib/feed_manager.rb | 2 +- app/mailers/user_mailer.rb | 2 +- app/models/concerns/expireable.rb | 2 +- app/models/user.rb | 4 ++-- lib/tasks/db.rake | 2 +- lib/tasks/mastodon.rake | 28 ++++++++++------------ 9 files changed, 26 insertions(+), 24 deletions(-) (limited to 'app/lib') diff --git a/.rubocop.yml b/.rubocop.yml index 4f9e09b43..4ba5903bd 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -62,6 +62,9 @@ Metrics/ParameterLists: Metrics/PerceivedComplexity: Max: 20 +Naming/MemoizedInstanceVariableName: + Enabled: false + Rails: Enabled: true @@ -71,6 +74,9 @@ Rails/HasAndBelongsToMany: Rails/SkipsModelValidations: Enabled: false +Rails/HttpStatus: + Enabled: false + Style/ClassAndModuleChildren: Enabled: false diff --git a/app/controllers/api/v1/lists/accounts_controller.rb b/app/controllers/api/v1/lists/accounts_controller.rb index 19de56732..ec4477034 100644 --- a/app/controllers/api/v1/lists/accounts_controller.rb +++ b/app/controllers/api/v1/lists/accounts_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class Api::V1::Lists::AccountsController < Api::BaseController - before_action -> { doorkeeper_authorize! :read, :'read:lists' }, only: [:show] + before_action -> { doorkeeper_authorize! :read, :'read:lists' }, only: [:show] before_action -> { doorkeeper_authorize! :write, :'write:lists' }, except: [:show] before_action :require_user! diff --git a/app/controllers/api/v1/lists_controller.rb b/app/controllers/api/v1/lists_controller.rb index b42b8b971..054172bee 100644 --- a/app/controllers/api/v1/lists_controller.rb +++ b/app/controllers/api/v1/lists_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class Api::V1::ListsController < Api::BaseController - before_action -> { doorkeeper_authorize! :read, :'read:lists' }, only: [:index, :show] + before_action -> { doorkeeper_authorize! :read, :'read:lists' }, only: [:index, :show] before_action -> { doorkeeper_authorize! :write, :'write:lists' }, except: [:index, :show] before_action :require_user! diff --git a/app/lib/feed_manager.rb b/app/lib/feed_manager.rb index 14cba70dc..b59a9f1cd 100644 --- a/app/lib/feed_manager.rb +++ b/app/lib/feed_manager.rb @@ -288,7 +288,7 @@ class FeedManager # remains in the set. We could pick a random element, but this # set should generally be small, and it seems ideal to show the # oldest potential such reblog. - other_reblog = redis.smembers(reblog_set_key).map(&:to_i).sort.first + other_reblog = redis.smembers(reblog_set_key).map(&:to_i).min redis.zadd(timeline_key, other_reblog, other_reblog) if other_reblog diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb index 9848c34a2..aa76b4dfe 100644 --- a/app/mailers/user_mailer.rb +++ b/app/mailers/user_mailer.rb @@ -16,7 +16,7 @@ class UserMailer < Devise::Mailer return if @resource.disabled? I18n.with_locale(@resource.locale || I18n.default_locale) do - mail to: @resource.unconfirmed_email.blank? ? @resource.email : @resource.unconfirmed_email, + mail to: @resource.unconfirmed_email.presence || @resource.email, subject: I18n.t(@resource.pending_reconfirmation? ? 'devise.mailer.reconfirmation_instructions.subject' : 'devise.mailer.confirmation_instructions.subject', instance: @instance), template_name: @resource.pending_reconfirmation? ? 'reconfirmation_instructions' : 'confirmation_instructions' end diff --git a/app/models/concerns/expireable.rb b/app/models/concerns/expireable.rb index 444ccdfdb..2c0631476 100644 --- a/app/models/concerns/expireable.rb +++ b/app/models/concerns/expireable.rb @@ -9,7 +9,7 @@ module Expireable attr_reader :expires_in def expires_in=(interval) - self.expires_at = interval.to_i.seconds.from_now unless interval.blank? + self.expires_at = interval.to_i.seconds.from_now if interval.present? @expires_in = interval end diff --git a/app/models/user.rb b/app/models/user.rb index 75b7e9e7c..25f77ed14 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -98,7 +98,7 @@ class User < ApplicationRecord :reduce_motion, :system_font_ui, :noindex, :theme, :display_sensitive_media, :hide_network, :default_language, to: :settings, prefix: :setting, allow_nil: false - attr_accessor :invite_code + attr_reader :invite_code def pam_conflict(_) # block pam login tries on traditional account @@ -258,7 +258,7 @@ class User < ApplicationRecord end def invite_code=(code) - self.invite = Invite.find_by(code: code) unless code.blank? + self.invite = Invite.find_by(code: code) if code.present? @invite_code = code end diff --git a/lib/tasks/db.rake b/lib/tasks/db.rake index 32039c31d..b76e90131 100644 --- a/lib/tasks/db.rake +++ b/lib/tasks/db.rake @@ -18,7 +18,7 @@ def each_schema_load_environment # needing to do the same, and we can't even use the same method # to do it. - if Rails.env == 'development' + if Rails.env.development? test_conf = ActiveRecord::Base.configurations['test'] if test_conf['database']&.present? diff --git a/lib/tasks/mastodon.rake b/lib/tasks/mastodon.rake index 7455478b6..649a22a0b 100644 --- a/lib/tasks/mastodon.rake +++ b/lib/tasks/mastodon.rake @@ -280,14 +280,14 @@ namespace :mastodon do begin ActionMailer::Base.smtp_settings = { - :port => env['SMTP_PORT'], - :address => env['SMTP_SERVER'], - :user_name => env['SMTP_LOGIN'].presence, - :password => env['SMTP_PASSWORD'].presence, - :domain => env['LOCAL_DOMAIN'], - :authentication => env['SMTP_AUTH_METHOD'] == 'none' ? nil : env['SMTP_AUTH_METHOD'] || :plain, - :openssl_verify_mode => env['SMTP_OPENSSL_VERIFY_MODE'], - :enable_starttls_auto => true, + port: env['SMTP_PORT'], + address: env['SMTP_SERVER'], + user_name: env['SMTP_LOGIN'].presence, + password: env['SMTP_PASSWORD'].presence, + domain: env['LOCAL_DOMAIN'], + authentication: env['SMTP_AUTH_METHOD'] == 'none' ? nil : env['SMTP_AUTH_METHOD'] || :plain, + openssl_verify_mode: env['SMTP_OPENSSL_VERIFY_MODE'], + enable_starttls_auto: true, } ActionMailer::Base.default_options = { @@ -326,13 +326,11 @@ namespace :mastodon do if prompt.yes?('Prepare the database now?') prompt.say 'Running `RAILS_ENV=production rails db:setup` ...' - prompt.say "\n" + prompt.say "\n\n" if cmd.run!({ RAILS_ENV: 'production', SAFETY_ASSURED: 1 }, :rails, 'db:setup').failure? - prompt.say "\n" prompt.error 'That failed! Perhaps your configuration is not right' else - prompt.say "\n" prompt.ok 'Done!' end end @@ -343,13 +341,11 @@ namespace :mastodon do if prompt.yes?('Compile the assets now?') prompt.say 'Running `RAILS_ENV=production rails assets:precompile` ...' - prompt.say "\n" + prompt.say "\n\n" if cmd.run!({ RAILS_ENV: 'production' }, :rails, 'assets:precompile').failure? - prompt.say "\n" prompt.error 'That failed! Maybe you need swap space?' else - prompt.say "\n" prompt.say 'Done!' end end @@ -715,10 +711,10 @@ namespace :mastodon do pastel = Pastel.new duplicate_masters.each do |account| - puts pastel.yellow("First of their name: ") + pastel.bold(account.username) + " (#{admin_account_url(account.id)})" + puts pastel.yellow('First of their name: ') + pastel.bold(account.username) + " (#{admin_account_url(account.id)})" Account.where('lower(username) = ?', account.username.downcase).where.not(id: account.id).each do |duplicate| - puts " " + pastel.red("Duplicate: ") + admin_account_url(duplicate.id) + puts ' ' + pastel.red('Duplicate: ') + admin_account_url(duplicate.id) end end end -- cgit From cabdbb7f9c1df8007749d07a2e186bb3ad35f62b Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 26 Aug 2018 20:21:03 +0200 Subject: Add CLI task for rotating keys (#8466) * If an Update is signed with known key, skip re-following procedure Because it means the remote actor did *not* lose their database * Add CLI method for rotating keys bin/tootctl accounts rotate [USERNAME] Generates a new RSA key per account and sends out an Update activity signed with the old key. * Key rotation: Space out Update fan-outs every 5 minutes per 1000 accounts * Skip suspended accounts in key rotation --- app/lib/activitypub/activity/update.rb | 2 +- app/lib/activitypub/linked_data_signature.rb | 5 +- app/lib/request.rb | 5 +- .../activitypub/process_account_service.rb | 5 +- app/workers/activitypub/delivery_worker.rb | 5 +- .../activitypub/update_distribution_worker.rb | 5 +- lib/cli.rb | 9 ++-- lib/mastodon/accounts_cli.rb | 55 ++++++++++++++++++++++ lib/mastodon/emoji_cli.rb | 2 +- lib/mastodon/media_cli.rb | 2 +- 10 files changed, 79 insertions(+), 16 deletions(-) create mode 100644 lib/mastodon/accounts_cli.rb (limited to 'app/lib') diff --git a/app/lib/activitypub/activity/update.rb b/app/lib/activitypub/activity/update.rb index aa5907f03..6eebc3b5c 100644 --- a/app/lib/activitypub/activity/update.rb +++ b/app/lib/activitypub/activity/update.rb @@ -11,6 +11,6 @@ class ActivityPub::Activity::Update < ActivityPub::Activity def update_account return if @account.uri != object_uri - ActivityPub::ProcessAccountService.new.call(@account.username, @account.domain, @object) + ActivityPub::ProcessAccountService.new.call(@account.username, @account.domain, @object, signed_with_known_key: true) end end diff --git a/app/lib/activitypub/linked_data_signature.rb b/app/lib/activitypub/linked_data_signature.rb index 16142a6ff..f52a8f406 100644 --- a/app/lib/activitypub/linked_data_signature.rb +++ b/app/lib/activitypub/linked_data_signature.rb @@ -32,7 +32,7 @@ class ActivityPub::LinkedDataSignature end end - def sign!(creator) + def sign!(creator, sign_with: nil) options = { 'type' => 'RsaSignature2017', 'creator' => [ActivityPub::TagManager.instance.uri_for(creator), '#main-key'].join, @@ -42,8 +42,9 @@ class ActivityPub::LinkedDataSignature options_hash = hash(options.without('type', 'id', 'signatureValue').merge('@context' => CONTEXT)) document_hash = hash(@json.without('signature')) to_be_signed = options_hash + document_hash + keypair = sign_with.present? ? OpenSSL::PKey::RSA.new(sign_with) : creator.keypair - signature = Base64.strict_encode64(creator.keypair.sign(OpenSSL::Digest::SHA256.new, to_be_signed)) + signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest::SHA256.new, to_be_signed)) @json.merge('signature' => options.merge('signatureValue' => signature)) end diff --git a/app/lib/request.rb b/app/lib/request.rb index 576ed23ca..21bdaa700 100644 --- a/app/lib/request.rb +++ b/app/lib/request.rb @@ -22,10 +22,11 @@ class Request set_digest! if options.key?(:body) end - def on_behalf_of(account, key_id_format = :acct) + def on_behalf_of(account, key_id_format = :acct, sign_with: nil) raise ArgumentError unless account.local? @account = account + @keypair = sign_with.present? ? OpenSSL::PKey::RSA.new(sign_with) : @account.keypair @key_id_format = key_id_format self @@ -70,7 +71,7 @@ class Request def signature algorithm = 'rsa-sha256' - signature = Base64.strict_encode64(@account.keypair.sign(OpenSSL::Digest::SHA256.new, signed_string)) + signature = Base64.strict_encode64(@keypair.sign(OpenSSL::Digest::SHA256.new, signed_string)) "keyId=\"#{key_id}\",algorithm=\"#{algorithm}\",headers=\"#{signed_headers}\",signature=\"#{signature}\"" end diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb index ac19bf933..670a0e4d6 100644 --- a/app/services/activitypub/process_account_service.rb +++ b/app/services/activitypub/process_account_service.rb @@ -5,9 +5,10 @@ class ActivityPub::ProcessAccountService < BaseService # Should be called with confirmed valid JSON # and WebFinger-resolved username and domain - def call(username, domain, json) + def call(username, domain, json, options = {}) return if json['inbox'].blank? || unsupported_uri_scheme?(json['id']) + @options = options @json = json @uri = @json['id'] @username = username @@ -31,7 +32,7 @@ class ActivityPub::ProcessAccountService < BaseService return if @account.nil? after_protocol_change! if protocol_changed? - after_key_change! if key_changed? + after_key_change! if key_changed? && !@options[:signed_with_known_key] check_featured_collection! if @account.featured_collection_url.present? @account diff --git a/app/workers/activitypub/delivery_worker.rb b/app/workers/activitypub/delivery_worker.rb index 323a9f85b..adbb496d9 100644 --- a/app/workers/activitypub/delivery_worker.rb +++ b/app/workers/activitypub/delivery_worker.rb @@ -10,7 +10,8 @@ class ActivityPub::DeliveryWorker HEADERS = { 'Content-Type' => 'application/activity+json' }.freeze - def perform(json, source_account_id, inbox_url) + def perform(json, source_account_id, inbox_url, options = {}) + @options = options.with_indifferent_access @json = json @source_account = Account.find(source_account_id) @inbox_url = inbox_url @@ -27,7 +28,7 @@ class ActivityPub::DeliveryWorker def build_request request = Request.new(:post, @inbox_url, body: @json) - request.on_behalf_of(@source_account, :uri) + request.on_behalf_of(@source_account, :uri, sign_with: @options[:sign_with]) request.add_headers(HEADERS) end diff --git a/app/workers/activitypub/update_distribution_worker.rb b/app/workers/activitypub/update_distribution_worker.rb index bbda69305..b9e5ff064 100644 --- a/app/workers/activitypub/update_distribution_worker.rb +++ b/app/workers/activitypub/update_distribution_worker.rb @@ -5,7 +5,8 @@ class ActivityPub::UpdateDistributionWorker sidekiq_options queue: 'push' - def perform(account_id) + def perform(account_id, options = {}) + @options = options.with_indifferent_access @account = Account.find(account_id) ActivityPub::DeliveryWorker.push_bulk(inboxes) do |inbox_url| @@ -26,7 +27,7 @@ class ActivityPub::UpdateDistributionWorker end def signed_payload - @signed_payload ||= Oj.dump(ActivityPub::LinkedDataSignature.new(payload).sign!(@account)) + @signed_payload ||= Oj.dump(ActivityPub::LinkedDataSignature.new(payload).sign!(@account, sign_with: @options[:sign_with])) end def payload diff --git a/lib/cli.rb b/lib/cli.rb index c7dae0276..60bff4147 100644 --- a/lib/cli.rb +++ b/lib/cli.rb @@ -3,13 +3,16 @@ require 'thor' require_relative 'mastodon/media_cli' require_relative 'mastodon/emoji_cli' - +require_relative 'mastodon/accounts_cli' module Mastodon class CLI < Thor - desc 'media SUBCOMMAND ...ARGS', 'manage media files' + desc 'media SUBCOMMAND ...ARGS', 'Manage media files' subcommand 'media', Mastodon::MediaCLI - desc 'emoji SUBCOMMAND ...ARGS', 'manage custom emoji' + desc 'emoji SUBCOMMAND ...ARGS', 'Manage custom emoji' subcommand 'emoji', Mastodon::EmojiCLI + + desc 'accounts SUBCOMMAND ...ARGS', 'Manage accounts' + subcommand 'accounts', Mastodon::AccountsCLI end end diff --git a/lib/mastodon/accounts_cli.rb b/lib/mastodon/accounts_cli.rb new file mode 100644 index 000000000..83b69549d --- /dev/null +++ b/lib/mastodon/accounts_cli.rb @@ -0,0 +1,55 @@ +# frozen_string_literal: true + +require 'rubygems/package' +require_relative '../../config/boot' +require_relative '../../config/environment' +require_relative 'cli_helper' + +module Mastodon + class AccountsCLI < Thor + option :all, type: :boolean + desc 'rotate [USERNAME]', 'Generate and broadcast new keys' + long_desc <<-LONG_DESC + Generate and broadcast new RSA keys as part of security + maintenance. + + With the --all option, all local accounts will be subject + to the rotation. Otherwise, and by default, only a single + account specified by the USERNAME argument will be + processed. + LONG_DESC + def rotate(username = nil) + if options[:all] + processed = 0 + delay = 0 + + Account.local.without_suspended.find_in_batches do |accounts| + accounts.each do |account| + rotate_keys_for_account(account, delay) + processed += 1 + say('.', :green, false) + end + + delay += 5.minutes + end + + say + say("OK, rotated keys for #{processed} accounts", :green) + elsif username.present? + rotate_keys_for_account(Account.find_local(username)) + say('OK', :green) + else + say('No account(s) given', :red) + end + end + + private + + def rotate_keys_for_account(account, delay = 0) + old_key = account.private_key + new_key = OpenSSL::PKey::RSA.new(2048).to_pem + account.update(private_key: new_key) + ActivityPub::UpdateDistributionWorker.perform_in(delay, account.id, sign_with: old_key) + end + end +end diff --git a/lib/mastodon/emoji_cli.rb b/lib/mastodon/emoji_cli.rb index 71f8b2cc7..0a773c771 100644 --- a/lib/mastodon/emoji_cli.rb +++ b/lib/mastodon/emoji_cli.rb @@ -13,7 +13,7 @@ module Mastodon option :suffix option :overwrite, type: :boolean option :unlisted, type: :boolean - desc 'import PATH', 'import emoji from a TAR archive at PATH' + desc 'import PATH', 'Import emoji from a TAR archive at PATH' long_desc <<-LONG_DESC Imports custom emoji from a TAR archive specified by PATH. diff --git a/lib/mastodon/media_cli.rb b/lib/mastodon/media_cli.rb index 00bd662f4..ee28270da 100644 --- a/lib/mastodon/media_cli.rb +++ b/lib/mastodon/media_cli.rb @@ -10,7 +10,7 @@ module Mastodon class MediaCLI < Thor option :days, type: :numeric, default: 7 option :background, type: :boolean, default: false - desc 'remove', 'remove remote media files' + desc 'remove', 'Remove remote media files' long_desc <<-DESC Removes locally cached copies of media attachments from other servers. -- cgit