From 339ce1c4e90605b736745b1f04493a247b2627ec Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 8 Mar 2020 15:17:39 +0100 Subject: Add specific rate limits for posting and following (#13172) --- config/initializers/rack_attack.rb | 1 - config/locales/en.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'config') diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index 3cd7ea3a6..8bc1104d4 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -70,7 +70,6 @@ class Rack::Attack req.remote_ip if req.post? && req.path == '/api/v1/accounts' end - # Throttle paging, as it is mainly used for public pages and AP collections throttle('throttle_authenticated_paging', limit: 300, period: 15.minutes) do |req| req.authenticated_user_id if req.paging_request? end diff --git a/config/locales/en.yml b/config/locales/en.yml index 1d2580101..99a80431a 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -725,7 +725,7 @@ en: '422': content: Security verification failed. Are you blocking cookies? title: Security verification failed - '429': Throttled + '429': Too many requests '500': content: We're sorry, but something went wrong on our end. title: This page is not correct -- cgit From 2423d2f6772da39c0a76612dd2be299c445eb9f8 Mon Sep 17 00:00:00 2001 From: ThibG Date: Sun, 8 Mar 2020 16:00:24 +0100 Subject: Add ability to delete files uploaded for settings in admin UI (#13192) * Allow deleting site uploads * Refactor and move links into hints * Fix i18n tests * Fix HTML output of site_upload_delete_hint --- app/controllers/admin/site_uploads_controller.rb | 21 +++++++++++++++++++++ app/helpers/admin/settings_helper.rb | 11 +++++++++++ app/policies/settings_policy.rb | 4 ++++ app/views/admin/settings/edit.html.haml | 6 +++--- config/locales/en.yml | 3 +++ config/routes.rb | 1 + 6 files changed, 43 insertions(+), 3 deletions(-) create mode 100644 app/controllers/admin/site_uploads_controller.rb create mode 100644 app/helpers/admin/settings_helper.rb (limited to 'config') diff --git a/app/controllers/admin/site_uploads_controller.rb b/app/controllers/admin/site_uploads_controller.rb new file mode 100644 index 000000000..cacecedb0 --- /dev/null +++ b/app/controllers/admin/site_uploads_controller.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +module Admin + class SiteUploadsController < BaseController + before_action :set_site_upload + + def destroy + authorize :settings, :destroy? + + @site_upload.destroy! + + redirect_to edit_admin_settings_path, notice: I18n.t('admin.site_uploads.destroyed_msg') + end + + private + + def set_site_upload + @site_upload = SiteUpload.find(params[:id]) + end + end +end diff --git a/app/helpers/admin/settings_helper.rb b/app/helpers/admin/settings_helper.rb new file mode 100644 index 000000000..baf14ab25 --- /dev/null +++ b/app/helpers/admin/settings_helper.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +module Admin::SettingsHelper + def site_upload_delete_hint(hint, var) + upload = SiteUpload.find_by(var: var.to_s) + return hint unless upload + + link = link_to t('admin.site_uploads.delete'), admin_site_upload_path(upload), data: { method: :delete } + safe_join([hint, link], '
'.html_safe) + end +end diff --git a/app/policies/settings_policy.rb b/app/policies/settings_policy.rb index 2dcb79f51..874f97bab 100644 --- a/app/policies/settings_policy.rb +++ b/app/policies/settings_policy.rb @@ -8,4 +8,8 @@ class SettingsPolicy < ApplicationPolicy def show? admin? end + + def destroy? + admin? + end end diff --git a/app/views/admin/settings/edit.html.haml b/app/views/admin/settings/edit.html.haml index d7b493051..dc08f0141 100644 --- a/app/views/admin/settings/edit.html.haml +++ b/app/views/admin/settings/edit.html.haml @@ -30,13 +30,13 @@ .fields-row .fields-row__column.fields-row__column-6.fields-group - = f.input :thumbnail, as: :file, wrapper: :with_block_label, label: t('admin.settings.thumbnail.title'), hint: t('admin.settings.thumbnail.desc_html') + = f.input :thumbnail, as: :file, wrapper: :with_block_label, label: t('admin.settings.thumbnail.title'), hint: site_upload_delete_hint(t('admin.settings.thumbnail.desc_html'), :thumbnail) .fields-row__column.fields-row__column-6.fields-group - = f.input :hero, as: :file, wrapper: :with_block_label, label: t('admin.settings.hero.title'), hint: t('admin.settings.hero.desc_html') + = f.input :hero, as: :file, wrapper: :with_block_label, label: t('admin.settings.hero.title'), hint: site_upload_delete_hint(t('admin.settings.hero.desc_html'), :hero) .fields-row .fields-row__column.fields-row__column-6.fields-group - = f.input :mascot, as: :file, wrapper: :with_block_label, label: t('admin.settings.mascot.title'), hint: t('admin.settings.mascot.desc_html') + = f.input :mascot, as: :file, wrapper: :with_block_label, label: t('admin.settings.mascot.title'), hint: site_upload_delete_hint(t('admin.settings.mascot.desc_html'), :mascot) %hr.spacer/ diff --git a/config/locales/en.yml b/config/locales/en.yml index 99a80431a..8440b471c 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -537,6 +537,9 @@ en: trends: desc_html: Publicly display previously reviewed hashtags that are currently trending title: Trending hashtags + site_uploads: + delete: Delete uploaded file + destroyed_msg: Site upload successfully deleted! statuses: back_to_account: Back to account page batch: diff --git a/config/routes.rb b/config/routes.rb index c22efc1e1..2de31e2db 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -186,6 +186,7 @@ Rails.application.routes.draw do end resource :settings, only: [:edit, :update] + resources :site_uploads, only: [:destroy] resources :invites, only: [:index, :create, :destroy] do collection do -- cgit From fd76955f3942bbd7ec830ab535bc31621cac14a4 Mon Sep 17 00:00:00 2001 From: Bèr Kessels Date: Sun, 8 Mar 2020 16:02:36 +0100 Subject: Code style improvements in JavaScript (#13159) * JS-linter: fix trailing comma's * Configure eslinter to ignore this onchange error. --- app/javascript/mastodon/actions/accounts.js | 2 +- .../mastodon/components/intersection_observer_article.js | 2 +- app/javascript/mastodon/features/blocks/index.js | 2 +- app/javascript/mastodon/features/compose/components/poll_form.js | 1 + app/javascript/mastodon/features/domain_blocks/index.js | 2 +- app/javascript/mastodon/features/favourites/index.js | 2 +- app/javascript/mastodon/features/follow_requests/index.js | 2 +- app/javascript/mastodon/features/followers/index.js | 2 +- app/javascript/mastodon/features/following/index.js | 2 +- app/javascript/mastodon/features/getting_started/index.js | 8 ++++---- app/javascript/mastodon/features/lists/index.js | 2 +- app/javascript/mastodon/features/mutes/index.js | 2 +- app/javascript/mastodon/features/reblogs/index.js | 2 +- app/javascript/mastodon/features/status/components/card.js | 2 +- .../mastodon/features/ui/components/__tests__/column-test.js | 2 +- app/javascript/mastodon/reducers/notifications.js | 4 ++-- app/javascript/mastodon/reducers/timelines.js | 4 ++-- app/javascript/mastodon/selectors/index.js | 2 +- app/javascript/mastodon/service_worker/web_push_notifications.js | 2 +- app/javascript/mastodon/store/configureStore.js | 2 +- config/webpack/development.js | 2 +- config/webpack/shared.js | 4 ++-- 22 files changed, 28 insertions(+), 27 deletions(-) (limited to 'config') diff --git a/app/javascript/mastodon/actions/accounts.js b/app/javascript/mastodon/actions/accounts.js index d4a824e2c..4af36e998 100644 --- a/app/javascript/mastodon/actions/accounts.js +++ b/app/javascript/mastodon/actions/accounts.js @@ -106,7 +106,7 @@ export function fetchAccount(id) { dispatch, getState, db.transaction('accounts', 'read').objectStore('accounts').index('id'), - id + id, ).then(() => db.close(), error => { db.close(); throw error; diff --git a/app/javascript/mastodon/components/intersection_observer_article.js b/app/javascript/mastodon/components/intersection_observer_article.js index e453730ba..124b34b02 100644 --- a/app/javascript/mastodon/components/intersection_observer_article.js +++ b/app/javascript/mastodon/components/intersection_observer_article.js @@ -44,7 +44,7 @@ export default class IntersectionObserverArticle extends React.Component { intersectionObserverWrapper.observe( id, this.node, - this.handleIntersection + this.handleIntersection, ); this.componentMounted = true; diff --git a/app/javascript/mastodon/features/blocks/index.js b/app/javascript/mastodon/features/blocks/index.js index 051431ed2..870c0de09 100644 --- a/app/javascript/mastodon/features/blocks/index.js +++ b/app/javascript/mastodon/features/blocks/index.js @@ -68,7 +68,7 @@ class Blocks extends ImmutablePureComponent { bindToDocument={!multiColumn} > {accountIds.map(id => - + , )} diff --git a/app/javascript/mastodon/features/compose/components/poll_form.js b/app/javascript/mastodon/features/compose/components/poll_form.js index 01df31d3a..fa2b0609e 100644 --- a/app/javascript/mastodon/features/compose/components/poll_form.js +++ b/app/javascript/mastodon/features/compose/components/poll_form.js @@ -155,6 +155,7 @@ class PollForm extends ImmutablePureComponent {
+ {/* eslint-disable-next-line jsx-a11y/no-onchange */}