From ab009985035dcad87cfd2bfaafaa76f6a03291e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Nov 2020 02:21:28 +0900 Subject: Bump webpack-merge from 4.2.2 to 5.0.9 (#14424) * Bump webpack-merge from 4.2.2 to 5.0.9 Bumps [webpack-merge](https://github.com/survivejs/webpack-merge) from 4.2.2 to 5.0.9. - [Release notes](https://github.com/survivejs/webpack-merge/releases) - [Changelog](https://github.com/survivejs/webpack-merge/blob/master/CHANGELOG.md) - [Commits](https://github.com/survivejs/webpack-merge/compare/v4.2.2...v5.0.9) Signed-off-by: dependabot[bot] * Fix import path Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi --- config/webpack/development.js | 2 +- config/webpack/production.js | 2 +- config/webpack/tests.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'config') diff --git a/config/webpack/development.js b/config/webpack/development.js index 774ecbc07..c3cf1b655 100644 --- a/config/webpack/development.js +++ b/config/webpack/development.js @@ -1,6 +1,6 @@ // Note: You must restart bin/webpack-dev-server for changes to take effect -const merge = require('webpack-merge'); +const { merge } = require('webpack-merge'); const sharedConfig = require('./shared'); const { settings, output } = require('./configuration'); diff --git a/config/webpack/production.js b/config/webpack/production.js index f2f216422..f1d0dabae 100644 --- a/config/webpack/production.js +++ b/config/webpack/production.js @@ -2,7 +2,7 @@ const path = require('path'); const { URL } = require('url'); -const merge = require('webpack-merge'); +const { merge } = require('webpack-merge'); const { BundleAnalyzerPlugin } = require('webpack-bundle-analyzer'); const OfflinePlugin = require('offline-plugin'); const TerserPlugin = require('terser-webpack-plugin'); diff --git a/config/webpack/tests.js b/config/webpack/tests.js index 8b56eb92f..f9d39f1b8 100644 --- a/config/webpack/tests.js +++ b/config/webpack/tests.js @@ -1,6 +1,6 @@ // Note: You must restart bin/webpack-dev-server for changes to take effect -const merge = require('webpack-merge'); +const { merge } = require('webpack-merge'); const sharedConfig = require('./shared.js'); module.exports = merge(sharedConfig, { -- cgit From d6fe0c94ca48a10d579cf5ec321c33c6124b402d Mon Sep 17 00:00:00 2001 From: Takeshi Umeda Date: Thu, 5 Nov 2020 04:45:01 +0900 Subject: Add account sensitized (#14361) * Add account sensitized * Fix i18n normalize * Fix description and spec * Fix spec * Fix wording --- app/controllers/admin/accounts_controller.rb | 7 +++++++ app/controllers/api/v1/admin/accounts_controller.rb | 8 ++++++++ app/helpers/statuses_helper.rb | 8 ++++++++ app/lib/activitypub/activity/create.rb | 2 +- app/models/account.rb | 14 ++++++++++++++ app/models/account_warning.rb | 2 +- app/models/admin/account_action.rb | 9 +++++++++ app/models/admin/action_log_filter.rb | 2 ++ app/policies/account_policy.rb | 8 ++++++++ app/serializers/activitypub/note_serializer.rb | 4 ++++ app/serializers/rest/status_serializer.rb | 8 ++++++++ app/views/admin/accounts/show.html.haml | 7 +++++++ app/views/statuses/_detailed_status.html.haml | 6 +++--- app/views/statuses/_simple_status.html.haml | 6 +++--- config/locales/en.yml | 10 ++++++++++ config/locales/ja.yml | 10 ++++++++++ config/locales/simple_form.en.yml | 1 + config/locales/simple_form.ja.yml | 1 + config/routes.rb | 2 ++ .../20200614002136_add_sensitized_to_accounts.rb | 5 +++++ db/schema.rb | 1 + .../api/v1/admin/accounts_controller_spec.rb | 18 ++++++++++++++++++ spec/models/admin/account_action_spec.rb | 8 ++++---- spec/policies/account_policy_spec.rb | 2 +- 24 files changed, 136 insertions(+), 13 deletions(-) create mode 100644 db/migrate/20200614002136_add_sensitized_to_accounts.rb (limited to 'config') diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb index b9b75727d..1dd7430e0 100644 --- a/app/controllers/admin/accounts_controller.rb +++ b/app/controllers/admin/accounts_controller.rb @@ -53,6 +53,13 @@ module Admin redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.destroyed_msg', username: @account.acct) end + def unsensitive + authorize @account, :unsensitive? + @account.unsensitize! + log_action :unsensitive, @account + redirect_to admin_account_path(@account.id) + end + def unsilence authorize @account, :unsilence? @account.unsilence! diff --git a/app/controllers/api/v1/admin/accounts_controller.rb b/app/controllers/api/v1/admin/accounts_controller.rb index 3af572f25..63cc521ed 100644 --- a/app/controllers/api/v1/admin/accounts_controller.rb +++ b/app/controllers/api/v1/admin/accounts_controller.rb @@ -22,6 +22,7 @@ class Api::V1::Admin::AccountsController < Api::BaseController active pending disabled + sensitized silenced suspended username @@ -68,6 +69,13 @@ class Api::V1::Admin::AccountsController < Api::BaseController render json: @account, serializer: REST::Admin::AccountSerializer end + def unsensitive + authorize @account, :unsensitive? + @account.unsensitize! + log_action :unsensitive, @account + render json: @account, serializer: REST::Admin::AccountSerializer + end + def unsilence authorize @account, :unsilence? @account.unsilence! diff --git a/app/helpers/statuses_helper.rb b/app/helpers/statuses_helper.rb index a51597cf3..adb7918c5 100644 --- a/app/helpers/statuses_helper.rb +++ b/app/helpers/statuses_helper.rb @@ -117,6 +117,14 @@ module StatusesHelper end end + def sensitized?(status, account) + if !account.nil? && account.id == status.account_id + status.sensitive + else + status.account.sensitized? || status.sensitive + end + end + private def simplified_text(text) diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index f275feefc..c77f237f9 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -111,7 +111,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity created_at: @object['published'], override_timestamps: @options[:override_timestamps], reply: @object['inReplyTo'].present?, - sensitive: @object['sensitive'] || false, + sensitive: @account.sensitized? || @object['sensitive'] || false, visibility: visibility_from_audience, thread: replied_to_status, conversation: conversation_from_uri(@object['conversation']), diff --git a/app/models/account.rb b/app/models/account.rb index 59d338f5a..d2112a13d 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -50,6 +50,7 @@ # avatar_storage_schema_version :integer # header_storage_schema_version :integer # devices_url :string +# sensitized_at :datetime # class Account < ApplicationRecord @@ -92,6 +93,7 @@ class Account < ApplicationRecord scope :partitioned, -> { order(Arel.sql('row_number() over (partition by domain)')) } scope :silenced, -> { where.not(silenced_at: nil) } scope :suspended, -> { where.not(suspended_at: nil) } + scope :sensitized, -> { where.not(sensitized_at: nil) } scope :without_suspended, -> { where(suspended_at: nil) } scope :without_silenced, -> { where(silenced_at: nil) } scope :recent, -> { reorder(id: :desc) } @@ -234,6 +236,18 @@ class Account < ApplicationRecord end end + def sensitized? + sensitized_at.present? + end + + def sensitize!(date = Time.now.utc) + update!(sensitized_at: date) + end + + def unsensitize! + update!(sensitized_at: nil) + end + def memorialize! update!(memorial: true) end diff --git a/app/models/account_warning.rb b/app/models/account_warning.rb index 157e6c04d..5efc924d5 100644 --- a/app/models/account_warning.rb +++ b/app/models/account_warning.rb @@ -13,7 +13,7 @@ # class AccountWarning < ApplicationRecord - enum action: %i(none disable silence suspend), _suffix: :action + enum action: %i(none disable sensitive silence suspend), _suffix: :action belongs_to :account, inverse_of: :account_warnings belongs_to :target_account, class_name: 'Account', inverse_of: :targeted_account_warnings diff --git a/app/models/admin/account_action.rb b/app/models/admin/account_action.rb index c4ac09520..11ce737f3 100644 --- a/app/models/admin/account_action.rb +++ b/app/models/admin/account_action.rb @@ -8,6 +8,7 @@ class Admin::AccountAction TYPES = %w( none disable + sensitive silence suspend ).freeze @@ -64,6 +65,8 @@ class Admin::AccountAction case type when 'disable' handle_disable! + when 'sensitive' + handle_sensitive! when 'silence' handle_silence! when 'suspend' @@ -109,6 +112,12 @@ class Admin::AccountAction target_account.user&.disable! end + def handle_sensitive! + authorize(target_account, :sensitive?) + log_action(:sensitive, target_account) + target_account.sensitize! + end + def handle_silence! authorize(target_account, :silence?) log_action(:silence, target_account) diff --git a/app/models/admin/action_log_filter.rb b/app/models/admin/action_log_filter.rb index 0ba7e1609..3a1b67e06 100644 --- a/app/models/admin/action_log_filter.rb +++ b/app/models/admin/action_log_filter.rb @@ -35,9 +35,11 @@ class Admin::ActionLogFilter reopen_report: { target_type: 'Report', action: 'reopen' }.freeze, reset_password_user: { target_type: 'User', action: 'reset_password' }.freeze, resolve_report: { target_type: 'Report', action: 'resolve' }.freeze, + sensitive_account: { target_type: 'Account', action: 'sensitive' }.freeze, silence_account: { target_type: 'Account', action: 'silence' }.freeze, suspend_account: { target_type: 'Account', action: 'suspend' }.freeze, unassigned_report: { target_type: 'Report', action: 'unassigned' }.freeze, + unsensitive_account: { target_type: 'Account', action: 'unsensitive' }.freeze, unsilence_account: { target_type: 'Account', action: 'unsilence' }.freeze, unsuspend_account: { target_type: 'Account', action: 'unsuspend' }.freeze, update_announcement: { target_type: 'Announcement', action: 'update' }.freeze, diff --git a/app/policies/account_policy.rb b/app/policies/account_policy.rb index 1b105e92a..679119075 100644 --- a/app/policies/account_policy.rb +++ b/app/policies/account_policy.rb @@ -25,6 +25,14 @@ class AccountPolicy < ApplicationPolicy staff? end + def sensitive? + staff? && !record.user&.staff? + end + + def unsensitive? + staff? + end + def silence? staff? && !record.user&.staff? end diff --git a/app/serializers/activitypub/note_serializer.rb b/app/serializers/activitypub/note_serializer.rb index f26fd93a4..6f9e1ca63 100644 --- a/app/serializers/activitypub/note_serializer.rb +++ b/app/serializers/activitypub/note_serializer.rb @@ -95,6 +95,10 @@ class ActivityPub::NoteSerializer < ActivityPub::Serializer ActivityPub::TagManager.instance.cc(object) end + def sensitive + object.account.sensitized? || object.sensitive + end + def virtual_tags object.active_mentions.to_a.sort_by(&:id) + object.tags + object.emojis end diff --git a/app/serializers/rest/status_serializer.rb b/app/serializers/rest/status_serializer.rb index 0109de882..bb6df90b7 100644 --- a/app/serializers/rest/status_serializer.rb +++ b/app/serializers/rest/status_serializer.rb @@ -58,6 +58,14 @@ class REST::StatusSerializer < ActiveModel::Serializer end end + def sensitive + if current_user? && current_user.account_id == object.account_id + object.sensitive + else + object.account.sensitized? || object.sensitive + end + end + def uri ActivityPub::TagManager.instance.uri_for(object) end diff --git a/app/views/admin/accounts/show.html.haml b/app/views/admin/accounts/show.html.haml index f0a216f6b..d5978eddd 100644 --- a/app/views/admin/accounts/show.html.haml +++ b/app/views/admin/accounts/show.html.haml @@ -69,6 +69,8 @@ = t('admin.accounts.confirming') - elsif @account.local? && !@account.user_approved? = t('admin.accounts.pending') + - elsif @account.sensitized? + = t('admin.accounts.sensitive') - else = t('admin.accounts.no_limits_imposed') .dashboard__counters__label= t 'admin.accounts.login_status' @@ -192,6 +194,11 @@ - else = link_to t('admin.accounts.disable'), new_admin_account_action_path(@account.id, type: 'disable'), class: 'button' if can?(:disable, @account.user) + - if @account.sensitized? + = link_to t('admin.accounts.undo_sensitized'), unsensitive_admin_account_path(@account.id), method: :post, class: 'button' if can?(:unsensitive, @account) + - elsif !@account.local? || @account.user_approved? + = link_to t('admin.accounts.sensitive'), new_admin_account_action_path(@account.id, type: 'sensitive'), class: 'button' if can?(:sensitive, @account) + - if @account.silenced? = link_to t('admin.accounts.undo_silenced'), unsilence_admin_account_path(@account.id), method: :post, class: 'button' if can?(:unsilence, @account) - elsif !@account.local? || @account.user_approved? diff --git a/app/views/statuses/_detailed_status.html.haml b/app/views/statuses/_detailed_status.html.haml index b3e9c44fc..a4dd8534f 100644 --- a/app/views/statuses/_detailed_status.html.haml +++ b/app/views/statuses/_detailed_status.html.haml @@ -29,17 +29,17 @@ - if !status.media_attachments.empty? - if status.media_attachments.first.video? - video = status.media_attachments.first - = react_component :video, src: full_asset_url(video.file.url(:original)), preview: full_asset_url(video.thumbnail.present? ? video.thumbnail.url : video.file.url(:small)), blurhash: video.blurhash, sensitive: status.sensitive?, width: 670, height: 380, detailed: true, inline: true, alt: video.description do + = react_component :video, src: full_asset_url(video.file.url(:original)), preview: full_asset_url(video.thumbnail.present? ? video.thumbnail.url : video.file.url(:small)), blurhash: video.blurhash, sensitive: sensitized?(status, current_account), width: 670, height: 380, detailed: true, inline: true, alt: video.description do = render partial: 'statuses/attachment_list', locals: { attachments: status.media_attachments } - elsif status.media_attachments.first.audio? - audio = status.media_attachments.first = react_component :audio, src: full_asset_url(audio.file.url(:original)), poster: full_asset_url(audio.thumbnail.present? ? audio.thumbnail.url : status.account.avatar_static_url), backgroundColor: audio.file.meta.dig('colors', 'background'), foregroundColor: audio.file.meta.dig('colors', 'foreground'), accentColor: audio.file.meta.dig('colors', 'accent'), width: 670, height: 380, alt: audio.description, duration: audio.file.meta.dig('original', 'duration') do = render partial: 'statuses/attachment_list', locals: { attachments: status.media_attachments } - else - = react_component :media_gallery, height: 380, sensitive: status.sensitive?, standalone: true, autoplay: autoplay, media: status.media_attachments.map { |a| ActiveModelSerializers::SerializableResource.new(a, serializer: REST::MediaAttachmentSerializer).as_json } do + = react_component :media_gallery, height: 380, sensitive: sensitized?(status, current_account), standalone: true, autoplay: autoplay, media: status.media_attachments.map { |a| ActiveModelSerializers::SerializableResource.new(a, serializer: REST::MediaAttachmentSerializer).as_json } do = render partial: 'statuses/attachment_list', locals: { attachments: status.media_attachments } - elsif status.preview_card - = react_component :card, sensitive: status.sensitive?, 'maxDescription': 160, card: ActiveModelSerializers::SerializableResource.new(status.preview_card, serializer: REST::PreviewCardSerializer).as_json + = react_component :card, sensitive: sensitized?(status, current_account), 'maxDescription': 160, card: ActiveModelSerializers::SerializableResource.new(status.preview_card, serializer: REST::PreviewCardSerializer).as_json .detailed-status__meta %data.dt-published{ value: status.created_at.to_time.iso8601 } diff --git a/app/views/statuses/_simple_status.html.haml b/app/views/statuses/_simple_status.html.haml index 7408749cc..192192700 100644 --- a/app/views/statuses/_simple_status.html.haml +++ b/app/views/statuses/_simple_status.html.haml @@ -35,17 +35,17 @@ - if !status.media_attachments.empty? - if status.media_attachments.first.video? - video = status.media_attachments.first - = react_component :video, src: full_asset_url(video.file.url(:original)), preview: full_asset_url(video.thumbnail.present? ? video.thumbnail.url : video.file.url(:small)), blurhash: video.blurhash, sensitive: status.sensitive?, width: 610, height: 343, inline: true, alt: video.description do + = react_component :video, src: full_asset_url(video.file.url(:original)), preview: full_asset_url(video.thumbnail.present? ? video.thumbnail.url : video.file.url(:small)), blurhash: video.blurhash, sensitive: sensitized?(status, current_account), width: 610, height: 343, inline: true, alt: video.description do = render partial: 'statuses/attachment_list', locals: { attachments: status.media_attachments } - elsif status.media_attachments.first.audio? - audio = status.media_attachments.first = react_component :audio, src: full_asset_url(audio.file.url(:original)), poster: full_asset_url(audio.thumbnail.present? ? audio.thumbnail.url : status.account.avatar_static_url), backgroundColor: audio.file.meta.dig('colors', 'background'), foregroundColor: audio.file.meta.dig('colors', 'foreground'), accentColor: audio.file.meta.dig('colors', 'accent'), width: 610, height: 343, alt: audio.description, duration: audio.file.meta.dig('original', 'duration') do = render partial: 'statuses/attachment_list', locals: { attachments: status.media_attachments } - else - = react_component :media_gallery, height: 343, sensitive: status.sensitive?, autoplay: autoplay, media: status.media_attachments.map { |a| ActiveModelSerializers::SerializableResource.new(a, serializer: REST::MediaAttachmentSerializer).as_json } do + = react_component :media_gallery, height: 343, sensitive: sensitized?(status, current_account), autoplay: autoplay, media: status.media_attachments.map { |a| ActiveModelSerializers::SerializableResource.new(a, serializer: REST::MediaAttachmentSerializer).as_json } do = render partial: 'statuses/attachment_list', locals: { attachments: status.media_attachments } - elsif status.preview_card - = react_component :card, sensitive: status.sensitive?, 'maxDescription': 160, card: ActiveModelSerializers::SerializableResource.new(status.preview_card, serializer: REST::PreviewCardSerializer).as_json + = react_component :card, sensitive: sensitized?(status, current_account), 'maxDescription': 160, card: ActiveModelSerializers::SerializableResource.new(status.preview_card, serializer: REST::PreviewCardSerializer).as_json - if !status.in_reply_to_id.nil? && status.in_reply_to_account_id == status.account.id = link_to ActivityPub::TagManager.instance.url_for(status), class: 'status__content__read-more-button', target: stream_link_target, rel: 'noopener noreferrer' do diff --git a/config/locales/en.yml b/config/locales/en.yml index 084006a2a..c962bc532 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -188,6 +188,8 @@ en: search: Search search_same_email_domain: Other users with the same e-mail domain search_same_ip: Other users with the same IP + sensitive: Sensitive + sensitized: marked as sensitive shared_inbox_url: Shared inbox URL show: created_reports: Made reports @@ -202,6 +204,7 @@ en: time_in_queue: Waiting in queue %{time} title: Accounts unconfirmed_email: Unconfirmed email + undo_sensitized: Undo sensitive undo_silenced: Undo silence undo_suspension: Undo suspension unsilenced_msg: Successfully unlimited %{username}'s account @@ -243,9 +246,11 @@ en: reopen_report: Reopen Report reset_password_user: Reset Password resolve_report: Resolve Report + sensitive_account: Mark the media in your account as sensitive silence_account: Silence Account suspend_account: Suspend Account unassigned_report: Unassign Report + unsensitive_account: Unmark the media in your account as sensitive unsilence_account: Unsilence Account unsuspend_account: Unsuspend Account update_announcement: Update Announcement @@ -281,9 +286,11 @@ en: reopen_report: "%{name} reopened report %{target}" reset_password_user: "%{name} reset password of user %{target}" resolve_report: "%{name} resolved report %{target}" + sensitive_account: "%{name} marked %{target}'s media as sensitive" silence_account: "%{name} silenced %{target}'s account" suspend_account: "%{name} suspended %{target}'s account" unassigned_report: "%{name} unassigned report %{target}" + unsensitive_account: "%{name} unmarked %{target}'s media as sensitive" unsilence_account: "%{name} unsilenced %{target}'s account" unsuspend_account: "%{name} unsuspended %{target}'s account" update_announcement: "%{name} updated announcement %{target}" @@ -1339,6 +1346,7 @@ en: warning: explanation: disable: You can no longer login to your account or use it in any other way, but your profile and other data remains intact. + sensitive: Your uploaded media files and linked media will be treated as sensitive. silence: You can still use your account but only people who are already following you will see your toots on this server, and you may be excluded from various public listings. However, others may still manually follow you. suspend: You can no longer use your account, and your profile and other data are no longer accessible. You can still login to request a backup of your data until the data is fully removed, but we will retain some data to prevent you from evading the suspension. get_in_touch: You can reply to this e-mail to get in touch with the staff of %{instance}. @@ -1347,11 +1355,13 @@ en: subject: disable: Your account %{acct} has been frozen none: Warning for %{acct} + sensitive: Your account %{acct} posting media has been marked as sensitive silence: Your account %{acct} has been limited suspend: Your account %{acct} has been suspended title: disable: Account frozen none: Warning + sensitive: Your media has been marked as sensitive silence: Account limited suspend: Account suspended welcome: diff --git a/config/locales/ja.yml b/config/locales/ja.yml index fb6255546..fd9ec9427 100644 --- a/config/locales/ja.yml +++ b/config/locales/ja.yml @@ -172,6 +172,8 @@ ja: search: 検索 search_same_email_domain: 同じドメインのメールアドレスを使用しているユーザー search_same_ip: 同じ IP のユーザーを検索 + sensitive: 閲覧注意 + sensitized: 閲覧注意済み shared_inbox_url: Shared inbox URL show: created_reports: このアカウントで作られた通報 @@ -184,6 +186,7 @@ ja: time_in_queue: "%{time} 待ち" title: アカウント unconfirmed_email: 確認待ちのメールアドレス + undo_sensitized: 閲覧注意から戻す undo_silenced: サイレンスから戻す undo_suspension: 停止から戻す unsubscribe: 購読の解除 @@ -220,9 +223,11 @@ ja: reopen_report: 通報を再度開く reset_password_user: パスワードをリセット resolve_report: 通報を解決済みにする + sensitive_account: アカウントのメディアを閲覧注意にマーク silence_account: アカウントをサイレンス suspend_account: アカウントを停止 unassigned_report: 通報の担当を解除 + unsensitive_account: アカウントのメディアの閲覧注意マークを解除 unsilence_account: アカウントのサイレンスを解除 unsuspend_account: アカウントの停止を解除 update_announcement: お知らせを更新 @@ -256,9 +261,11 @@ ja: reopen_report: "%{name} さんが通報 %{target} を再び開きました" reset_password_user: "%{name} さんが %{target} さんのパスワードをリセットしました" resolve_report: "%{name} さんが通報 %{target} を解決済みにしました" + sensitive_account: "%{name} さんが %{target} さんのメディアを閲覧注意にマークしました" silence_account: "%{name} さんが %{target} さんをサイレンスにしました" suspend_account: "%{name} さんが %{target} さんを停止しました" unassigned_report: "%{name} さんが通報 %{target} の担当を外しました" + unsensitive_account: "%{name} さんが %{target} さんのメディアの閲覧注意を解除しました" unsilence_account: "%{name} さんが %{target} さんのサイレンスを解除しました" unsuspend_account: "%{name} さんが %{target} さんの停止を解除しました" update_announcement: "%{name} さんがお知らせ %{target} を更新しました" @@ -1271,6 +1278,7 @@ ja: warning: explanation: disable: アカウントが凍結されている間、データはそのまま残りますが、凍結が解除されるまでは何の操作もできません。 + sensitive: あなたのアップロードしたメディアファイルとリンク先のメディアは、閲覧注意として扱われます。 silence: あなたのアカウントは制限されていますが、あなたをフォローしているユーザーのみ、このサーバー上の投稿を見ることができます。そしてあなたは様々な公開リストから除外されるかもしれません。ただし、他のユーザーは手動であなたをフォローすることができます。 suspend: あなたのアカウントは停止されています。あなたの投稿とアップロードされたメディアファイルは、このサーバーとあなたのフォロワーが参加していたサーバーから完全に削除されました。 get_in_touch: このメールに返信することで %{instance} のスタッフと連絡を取ることができます。 @@ -1279,11 +1287,13 @@ ja: subject: disable: あなたのアカウント %{acct} は凍結されました none: "%{acct} に対する警告" + sensitive: あなたのアカウント %{acct} の投稿メディアは閲覧注意とマークされました silence: あなたのアカウント %{acct} はサイレンスにされました suspend: あなたのアカウント %{acct} は停止されました title: disable: アカウントが凍結されました none: 警告 + sensitive: あなたのメディアが閲覧注意とマークされました silence: アカウントがサイレンスにされました suspend: アカウントが停止されました welcome: diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml index b69487953..46a4759a8 100644 --- a/config/locales/simple_form.en.yml +++ b/config/locales/simple_form.en.yml @@ -100,6 +100,7 @@ en: types: disable: Freeze none: Send a warning + sensitive: Sensitive silence: Limit suspend: Suspend warning_preset_id: Use a warning preset diff --git a/config/locales/simple_form.ja.yml b/config/locales/simple_form.ja.yml index bbc0b5fd7..00f469b87 100644 --- a/config/locales/simple_form.ja.yml +++ b/config/locales/simple_form.ja.yml @@ -91,6 +91,7 @@ ja: types: disable: ログインを無効化 none: 何もしない + sensitive: 閲覧注意 silence: サイレンス suspend: 停止しアカウントのデータを恒久的に削除する warning_preset_id: プリセット警告文を使用 diff --git a/config/routes.rb b/config/routes.rb index e0ef23723..54c76799c 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -236,6 +236,7 @@ Rails.application.routes.draw do resources :accounts, only: [:index, :show, :destroy] do member do post :enable + post :unsensitive post :unsilence post :unsuspend post :redownload @@ -476,6 +477,7 @@ Rails.application.routes.draw do resources :accounts, only: [:index, :show, :destroy] do member do post :enable + post :unsensitive post :unsilence post :unsuspend post :approve diff --git a/db/migrate/20200614002136_add_sensitized_to_accounts.rb b/db/migrate/20200614002136_add_sensitized_to_accounts.rb new file mode 100644 index 000000000..bc2dfcb63 --- /dev/null +++ b/db/migrate/20200614002136_add_sensitized_to_accounts.rb @@ -0,0 +1,5 @@ +class AddSensitizedToAccounts < ActiveRecord::Migration[5.2] + def change + add_column :accounts, :sensitized_at, :datetime + end +end diff --git a/db/schema.rb b/db/schema.rb index 262e25b3b..5ff6b6300 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -189,6 +189,7 @@ ActiveRecord::Schema.define(version: 2020_10_08_220312) do t.integer "avatar_storage_schema_version" t.integer "header_storage_schema_version" t.string "devices_url" + t.datetime "sensitized_at" t.index "(((setweight(to_tsvector('simple'::regconfig, (display_name)::text), 'A'::\"char\") || setweight(to_tsvector('simple'::regconfig, (username)::text), 'B'::\"char\")) || setweight(to_tsvector('simple'::regconfig, (COALESCE(domain, ''::character varying))::text), 'C'::\"char\")))", name: "search_index", using: :gin t.index "lower((username)::text), COALESCE(lower((domain)::text), ''::text)", name: "index_accounts_on_username_and_domain_lower", unique: true t.index ["moved_to_account_id"], name: "index_accounts_on_moved_to_account_id" diff --git a/spec/controllers/api/v1/admin/accounts_controller_spec.rb b/spec/controllers/api/v1/admin/accounts_controller_spec.rb index f3f9946ba..89cadb222 100644 --- a/spec/controllers/api/v1/admin/accounts_controller_spec.rb +++ b/spec/controllers/api/v1/admin/accounts_controller_spec.rb @@ -127,6 +127,24 @@ RSpec.describe Api::V1::Admin::AccountsController, type: :controller do end end + describe 'POST #unsensitive' do + before do + account.touch(:sensitized_at) + post :unsensitive, params: { id: account.id } + end + + it_behaves_like 'forbidden for wrong scope', 'write:statuses' + it_behaves_like 'forbidden for wrong role', 'user' + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + it 'unsensitives account' do + expect(account.reload.sensitized?).to be false + end + end + describe 'POST #unsilence' do before do account.touch(:silenced_at) diff --git a/spec/models/admin/account_action_spec.rb b/spec/models/admin/account_action_spec.rb index 87fc28500..2366b9ca4 100644 --- a/spec/models/admin/account_action_spec.rb +++ b/spec/models/admin/account_action_spec.rb @@ -115,16 +115,16 @@ RSpec.describe Admin::AccountAction, type: :model do context 'account.local?' do let(:account) { Fabricate(:account, domain: nil) } - it 'returns ["none", "disable", "silence", "suspend"]' do - expect(subject).to eq %w(none disable silence suspend) + it 'returns ["none", "disable", "sensitive", "silence", "suspend"]' do + expect(subject).to eq %w(none disable sensitive silence suspend) end end context '!account.local?' do let(:account) { Fabricate(:account, domain: 'hoge.com') } - it 'returns ["silence", "suspend"]' do - expect(subject).to eq %w(silence suspend) + it 'returns ["sensitive", "silence", "suspend"]' do + expect(subject).to eq %w(sensitive silence suspend) end end end diff --git a/spec/policies/account_policy_spec.rb b/spec/policies/account_policy_spec.rb index 6648b0888..d27e9d5b0 100644 --- a/spec/policies/account_policy_spec.rb +++ b/spec/policies/account_policy_spec.rb @@ -8,7 +8,7 @@ RSpec.describe AccountPolicy do let(:admin) { Fabricate(:user, admin: true).account } let(:john) { Fabricate(:user).account } - permissions :index?, :show?, :unsuspend?, :unsilence?, :remove_avatar?, :remove_header? do + permissions :index?, :show?, :unsuspend?, :unsensitive?, :unsilence?, :remove_avatar?, :remove_header? do context 'staff' do it 'permits' do expect(subject).to permit(admin) -- cgit From 68d4b2b83e124719f8473489ee8c1743ca848dc4 Mon Sep 17 00:00:00 2001 From: Mélanie Chauvel Date: Wed, 4 Nov 2020 21:15:45 +0100 Subject: Display “Show newer” and “Show older” instead of “Show more” in public pages (#15052) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/helpers/statuses_helper.rb | 8 ++++++-- app/views/accounts/show.html.haml | 4 ++-- app/views/statuses/_status.html.haml | 8 ++++---- config/locales/en.yml | 2 ++ 4 files changed, 14 insertions(+), 8 deletions(-) (limited to 'config') diff --git a/app/helpers/statuses_helper.rb b/app/helpers/statuses_helper.rb index adb7918c5..daed9048f 100644 --- a/app/helpers/statuses_helper.rb +++ b/app/helpers/statuses_helper.rb @@ -4,8 +4,12 @@ module StatusesHelper EMBEDDED_CONTROLLER = 'statuses' EMBEDDED_ACTION = 'embed' - def link_to_more(url) - link_to t('statuses.show_more'), url, class: 'load-more load-gap' + def link_to_newer(url) + link_to t('statuses.show_newer'), url, class: 'load-more load-gap' + end + + def link_to_older(url) + link_to t('statuses.show_older'), url, class: 'load-more load-gap' end def nothing_here(extra_classes = '') diff --git a/app/views/accounts/show.html.haml b/app/views/accounts/show.html.haml index c9688ea88..1a81b96f6 100644 --- a/app/views/accounts/show.html.haml +++ b/app/views/accounts/show.html.haml @@ -39,12 +39,12 @@ = render partial: 'statuses/status', collection: @pinned_statuses, as: :status, locals: { pinned: true } - if @newer_url - .entry= link_to_more @newer_url + .entry= link_to_newer @newer_url = render partial: 'statuses/status', collection: @statuses, as: :status - if @older_url - .entry= link_to_more @older_url + .entry= link_to_older @older_url .column-1 - if @account.memorial? diff --git a/app/views/statuses/_status.html.haml b/app/views/statuses/_status.html.haml index 0e3652503..650f9b679 100644 --- a/app/views/statuses/_status.html.haml +++ b/app/views/statuses/_status.html.haml @@ -17,7 +17,7 @@ - if status.reply? && include_threads - if @next_ancestor .entry{ class: entry_classes } - = link_to_more ActivityPub::TagManager.instance.url_for(@next_ancestor) + = link_to_older ActivityPub::TagManager.instance.url_for(@next_ancestor) = render partial: 'statuses/status', collection: @ancestors, as: :status, locals: { is_predecessor: true, direct_reply_id: status.in_reply_to_id }, autoplay: autoplay @@ -44,16 +44,16 @@ - if include_threads - if @since_descendant_thread_id .entry{ class: entry_classes } - = link_to_more short_account_status_url(status.account.username, status, max_descendant_thread_id: @since_descendant_thread_id + 1) + = link_to_newer short_account_status_url(status.account.username, status, max_descendant_thread_id: @since_descendant_thread_id + 1) - @descendant_threads.each do |thread| = render partial: 'statuses/status', collection: thread[:statuses], as: :status, locals: { is_successor: true, parent_id: status.id }, autoplay: autoplay - if thread[:next_status] .entry{ class: entry_classes } - = link_to_more ActivityPub::TagManager.instance.url_for(thread[:next_status]) + = link_to_newer ActivityPub::TagManager.instance.url_for(thread[:next_status]) - if @next_descendant_thread .entry{ class: entry_classes } - = link_to_more short_account_status_url(status.account.username, status, since_descendant_thread_id: @max_descendant_thread_id - 1) + = link_to_newer short_account_status_url(status.account.username, status, since_descendant_thread_id: @max_descendant_thread_id - 1) - if include_threads && !embedded_view? && !user_signed_in? .entry{ class: entry_classes } diff --git a/config/locales/en.yml b/config/locales/en.yml index c962bc532..047ba36ac 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1210,6 +1210,8 @@ en: other: "%{count} votes" vote: Vote show_more: Show more + show_newer: Show newer + show_older: Show older show_thread: Show thread sign_in_to_participate: Sign in to participate in the conversation title: '%{name}: "%{quote}"' -- cgit From 9b1f2a4b61660f9a8be62f6296d97a856e376059 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Fri, 6 Nov 2020 11:56:31 +0100 Subject: Add subresource integrity for JS and CSS assets (#15096) Fix #2744 --- app/views/about/more.html.haml | 2 +- app/views/admin/action_logs/index.html.haml | 2 +- app/views/admin/custom_emojis/index.html.haml | 2 +- app/views/admin/domain_allows/new.html.haml | 2 +- app/views/admin/domain_blocks/edit.html.haml | 2 +- app/views/admin/domain_blocks/new.html.haml | 2 +- app/views/admin/ip_blocks/index.html.haml | 2 +- app/views/admin/pending_accounts/index.html.haml | 2 +- app/views/admin/reports/show.html.haml | 2 +- app/views/admin/settings/edit.html.haml | 2 +- app/views/admin/statuses/index.html.haml | 2 +- app/views/admin/tags/index.html.haml | 2 +- app/views/auth/sessions/two_factor.html.haml | 2 +- app/views/home/index.html.haml | 10 +++++----- app/views/layouts/admin.html.haml | 2 +- app/views/layouts/application.html.haml | 8 ++++---- app/views/layouts/auth.html.haml | 2 +- app/views/layouts/embedded.html.haml | 4 ++-- app/views/layouts/error.html.haml | 8 ++++---- app/views/layouts/modal.html.haml | 2 +- app/views/layouts/public.html.haml | 2 +- app/views/media/player.html.haml | 2 +- app/views/public_timelines/show.html.haml | 2 +- app/views/relationships/show.html.haml | 2 +- .../webauthn_credentials/new.html.haml | 2 +- app/views/shares/show.html.haml | 2 +- app/views/tags/show.html.haml | 2 +- config/application.rb | 2 ++ config/webpack/shared.js | 3 ++- lib/webpacker/helper_extensions.rb | 20 ++++++++++++++++++++ lib/webpacker/manifest_extensions.rb | 17 +++++++++++++++++ 31 files changed, 79 insertions(+), 39 deletions(-) create mode 100644 lib/webpacker/helper_extensions.rb create mode 100644 lib/webpacker/manifest_extensions.rb (limited to 'config') diff --git a/app/views/about/more.html.haml b/app/views/about/more.html.haml index 4152a3601..c2168e1f5 100644 --- a/app/views/about/more.html.haml +++ b/app/views/about/more.html.haml @@ -2,7 +2,7 @@ = site_hostname - content_for :header_tags do - = javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous' + = javascript_pack_tag 'public', crossorigin: 'anonymous' = render partial: 'shared/og' .grid-4 diff --git a/app/views/admin/action_logs/index.html.haml b/app/views/admin/action_logs/index.html.haml index 99f756762..e7d9054d9 100644 --- a/app/views/admin/action_logs/index.html.haml +++ b/app/views/admin/action_logs/index.html.haml @@ -2,7 +2,7 @@ = t('admin.action_logs.title') - content_for :header_tags do - = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' + = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' = form_tag admin_action_logs_url, method: 'GET', class: 'simple_form' do = hidden_field_tag :target_account_id, params[:target_account_id] if params[:target_account_id].present? diff --git a/app/views/admin/custom_emojis/index.html.haml b/app/views/admin/custom_emojis/index.html.haml index 1cbc36f97..bfec0407e 100644 --- a/app/views/admin/custom_emojis/index.html.haml +++ b/app/views/admin/custom_emojis/index.html.haml @@ -2,7 +2,7 @@ = t('admin.custom_emojis.title') - content_for :header_tags do - = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' + = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' - if can?(:create, :custom_emoji) - content_for :heading_actions do diff --git a/app/views/admin/domain_allows/new.html.haml b/app/views/admin/domain_allows/new.html.haml index 52599857a..249a961ce 100644 --- a/app/views/admin/domain_allows/new.html.haml +++ b/app/views/admin/domain_allows/new.html.haml @@ -1,5 +1,5 @@ - content_for :header_tags do - = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' + = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' - content_for :page_title do = t('admin.domain_allows.add_new') diff --git a/app/views/admin/domain_blocks/edit.html.haml b/app/views/admin/domain_blocks/edit.html.haml index 29e47ef3b..d5868070a 100644 --- a/app/views/admin/domain_blocks/edit.html.haml +++ b/app/views/admin/domain_blocks/edit.html.haml @@ -1,5 +1,5 @@ - content_for :header_tags do - = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' + = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' - content_for :page_title do = t('admin.domain_blocks.edit') diff --git a/app/views/admin/domain_blocks/new.html.haml b/app/views/admin/domain_blocks/new.html.haml index ed1581936..f503f9b77 100644 --- a/app/views/admin/domain_blocks/new.html.haml +++ b/app/views/admin/domain_blocks/new.html.haml @@ -1,5 +1,5 @@ - content_for :header_tags do - = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' + = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' - content_for :page_title do = t('.title') diff --git a/app/views/admin/ip_blocks/index.html.haml b/app/views/admin/ip_blocks/index.html.haml index a282a4cfe..d5b983de9 100644 --- a/app/views/admin/ip_blocks/index.html.haml +++ b/app/views/admin/ip_blocks/index.html.haml @@ -2,7 +2,7 @@ = t('admin.ip_blocks.title') - content_for :header_tags do - = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' + = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' - if can?(:create, :ip_block) - content_for :heading_actions do diff --git a/app/views/admin/pending_accounts/index.html.haml b/app/views/admin/pending_accounts/index.html.haml index 79ae4a320..8384a1c9f 100644 --- a/app/views/admin/pending_accounts/index.html.haml +++ b/app/views/admin/pending_accounts/index.html.haml @@ -2,7 +2,7 @@ = t('admin.pending_accounts.title', count: User.pending.count) - content_for :header_tags do - = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' + = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' = form_for(@form, url: batch_admin_pending_accounts_path) do |f| = hidden_field_tag :page, params[:page] || 1 diff --git a/app/views/admin/reports/show.html.haml b/app/views/admin/reports/show.html.haml index 0d563eea7..2681419ca 100644 --- a/app/views/admin/reports/show.html.haml +++ b/app/views/admin/reports/show.html.haml @@ -1,5 +1,5 @@ - content_for :header_tags do - = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' + = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' - content_for :page_title do = t('admin.reports.report', id: @report.id) diff --git a/app/views/admin/settings/edit.html.haml b/app/views/admin/settings/edit.html.haml index f37775aa9..9e28766b1 100644 --- a/app/views/admin/settings/edit.html.haml +++ b/app/views/admin/settings/edit.html.haml @@ -1,5 +1,5 @@ - content_for :header_tags do - = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' + = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' - content_for :page_title do = t('admin.settings.title') diff --git a/app/views/admin/statuses/index.html.haml b/app/views/admin/statuses/index.html.haml index f1169a2fd..c39ba9071 100644 --- a/app/views/admin/statuses/index.html.haml +++ b/app/views/admin/statuses/index.html.haml @@ -1,5 +1,5 @@ - content_for :header_tags do - = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' + = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' - content_for :page_title do = t('admin.statuses.title') diff --git a/app/views/admin/tags/index.html.haml b/app/views/admin/tags/index.html.haml index f888a311d..d7719d45d 100644 --- a/app/views/admin/tags/index.html.haml +++ b/app/views/admin/tags/index.html.haml @@ -2,7 +2,7 @@ = t('admin.tags.title') - content_for :header_tags do - = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' + = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' .filters .filter-subset diff --git a/app/views/auth/sessions/two_factor.html.haml b/app/views/auth/sessions/two_factor.html.haml index f2f6fe19d..b897a0422 100644 --- a/app/views/auth/sessions/two_factor.html.haml +++ b/app/views/auth/sessions/two_factor.html.haml @@ -1,7 +1,7 @@ - content_for :page_title do = t('auth.login') -=javascript_pack_tag 'two_factor_authentication', integrity: true, crossorigin: 'anonymous' +=javascript_pack_tag 'two_factor_authentication', crossorigin: 'anonymous' - if @webauthn_enabled = render partial: 'auth/sessions/two_factor/webauthn_form', locals: { hidden: @scheme_type != 'webauthn' } diff --git a/app/views/home/index.html.haml b/app/views/home/index.html.haml index 30c7aab19..94cc782b2 100644 --- a/app/views/home/index.html.haml +++ b/app/views/home/index.html.haml @@ -1,12 +1,12 @@ - content_for :header_tags do - = preload_link_tag asset_pack_path('features/getting_started.js'), crossorigin: 'anonymous' - = preload_link_tag asset_pack_path('features/compose.js'), crossorigin: 'anonymous' - = preload_link_tag asset_pack_path('features/home_timeline.js'), crossorigin: 'anonymous' - = preload_link_tag asset_pack_path('features/notifications.js'), crossorigin: 'anonymous' + = preload_pack_asset 'features/getting_started.js', crossorigin: 'anonymous' + = preload_pack_asset 'features/compose.js', crossorigin: 'anonymous' + = preload_pack_asset 'features/home_timeline.js', crossorigin: 'anonymous' + = preload_pack_asset 'features/notifications.js', crossorigin: 'anonymous' %meta{name: 'applicationServerKey', content: Rails.configuration.x.vapid_public_key} = render_initial_state - = javascript_pack_tag 'application', integrity: true, crossorigin: 'anonymous' + = javascript_pack_tag 'application', crossorigin: 'anonymous' .app-holder#mastodon{ data: { props: Oj.dump(default_props) } } %noscript diff --git a/app/views/layouts/admin.html.haml b/app/views/layouts/admin.html.haml index b1a2d0617..62716ab1e 100644 --- a/app/views/layouts/admin.html.haml +++ b/app/views/layouts/admin.html.haml @@ -1,6 +1,6 @@ - content_for :header_tags do = render_initial_state - = javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous' + = javascript_pack_tag 'public', crossorigin: 'anonymous' - content_for :content do .admin-wrapper diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index 1f10f40c0..9501207e0 100755 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -21,10 +21,10 @@ %title= content_for?(:page_title) ? safe_join([yield(:page_title).chomp.html_safe, title], ' - ') : title - = stylesheet_pack_tag 'common', media: 'all' - = stylesheet_pack_tag current_theme, media: 'all' - = javascript_pack_tag 'common', integrity: true, crossorigin: 'anonymous' - = javascript_pack_tag "locale_#{I18n.locale}", integrity: true, crossorigin: 'anonymous' + = stylesheet_pack_tag 'common', media: 'all', crossorigin: 'anonymous' + = stylesheet_pack_tag current_theme, media: 'all', crossorigin: 'anonymous' + = javascript_pack_tag 'common', crossorigin: 'anonymous' + = javascript_pack_tag "locale_#{I18n.locale}", crossorigin: 'anonymous' = csrf_meta_tags %meta{ name: 'style-nonce', content: request.content_security_policy_nonce } diff --git a/app/views/layouts/auth.html.haml b/app/views/layouts/auth.html.haml index 585e24655..0ea3bbe3b 100644 --- a/app/views/layouts/auth.html.haml +++ b/app/views/layouts/auth.html.haml @@ -1,5 +1,5 @@ - content_for :header_tags do - = javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous' + = javascript_pack_tag 'public', crossorigin: 'anonymous' - content_for :content do .container-alt diff --git a/app/views/layouts/embedded.html.haml b/app/views/layouts/embedded.html.haml index 37051e70c..e4311d342 100644 --- a/app/views/layouts/embedded.html.haml +++ b/app/views/layouts/embedded.html.haml @@ -11,8 +11,8 @@ - if storage_host? %link{ rel: 'dns-prefetch', href: storage_host }/ - = stylesheet_pack_tag 'common', media: 'all' - = stylesheet_pack_tag Setting.default_settings['theme'], media: 'all' + = stylesheet_pack_tag 'common', media: 'all', crossorigin: 'anonymous' + = stylesheet_pack_tag Setting.default_settings['theme'], media: 'all', crossorigin: 'anonymous' = javascript_pack_tag 'common', integrity: true, crossorigin: 'anonymous' = javascript_pack_tag "locale_#{I18n.locale}", integrity: true, crossorigin: 'anonymous' = render_initial_state diff --git a/app/views/layouts/error.html.haml b/app/views/layouts/error.html.haml index 25c85abf9..852a0c69b 100644 --- a/app/views/layouts/error.html.haml +++ b/app/views/layouts/error.html.haml @@ -5,10 +5,10 @@ %meta{ charset: 'utf-8' }/ %title= safe_join([yield(:page_title), Setting.default_settings['site_title']], ' - ') %meta{ content: 'width=device-width,initial-scale=1', name: 'viewport' }/ - = stylesheet_pack_tag 'common', media: 'all' - = stylesheet_pack_tag Setting.default_settings['theme'], media: 'all' - = javascript_pack_tag 'common', integrity: true, crossorigin: 'anonymous' - = javascript_pack_tag 'error', integrity: true, crossorigin: 'anonymous' + = stylesheet_pack_tag 'common', media: 'all', crossorigin: 'anonymous' + = stylesheet_pack_tag Setting.default_settings['theme'], media: 'all', crossorigin: 'anonymous' + = javascript_pack_tag 'common', crossorigin: 'anonymous' + = javascript_pack_tag 'error', crossorigin: 'anonymous' %body.error .dialog .dialog__illustration diff --git a/app/views/layouts/modal.html.haml b/app/views/layouts/modal.html.haml index 2ef49e413..e74e2c0e3 100644 --- a/app/views/layouts/modal.html.haml +++ b/app/views/layouts/modal.html.haml @@ -1,5 +1,5 @@ - content_for :header_tags do - = javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous' + = javascript_pack_tag 'public', crossorigin: 'anonymous' - content_for :content do - if user_signed_in? && !@hide_header diff --git a/app/views/layouts/public.html.haml b/app/views/layouts/public.html.haml index a2c4e5deb..e63cf0848 100644 --- a/app/views/layouts/public.html.haml +++ b/app/views/layouts/public.html.haml @@ -1,6 +1,6 @@ - content_for :header_tags do = render_initial_state - = javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous' + = javascript_pack_tag 'public', crossorigin: 'anonymous' - content_for :content do .public-layout diff --git a/app/views/media/player.html.haml b/app/views/media/player.html.haml index ae47750e9..92428ca94 100644 --- a/app/views/media/player.html.haml +++ b/app/views/media/player.html.haml @@ -1,6 +1,6 @@ - content_for :header_tags do = render_initial_state - = javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous' + = javascript_pack_tag 'public', crossorigin: 'anonymous' - if @media_attachment.video? = react_component :video, src: @media_attachment.file.url(:original), preview: @media_attachment.thumbnail.present? ? @media_attachment.thumbnail.url : @media_attachment.file.url(:small), blurhash: @media_attachment.blurhash, width: 670, height: 380, editable: true, detailed: true, inline: true, alt: @media_attachment.description do diff --git a/app/views/public_timelines/show.html.haml b/app/views/public_timelines/show.html.haml index 5e536a235..3325be5bf 100644 --- a/app/views/public_timelines/show.html.haml +++ b/app/views/public_timelines/show.html.haml @@ -3,7 +3,7 @@ - content_for :header_tags do %meta{ name: 'robots', content: 'noindex' }/ - = javascript_pack_tag 'about', integrity: true, crossorigin: 'anonymous' + = javascript_pack_tag 'about', crossorigin: 'anonymous' .page-header %h1= t('about.see_whats_happening') diff --git a/app/views/relationships/show.html.haml b/app/views/relationships/show.html.haml index 099bb3202..4b1e4fd63 100644 --- a/app/views/relationships/show.html.haml +++ b/app/views/relationships/show.html.haml @@ -2,7 +2,7 @@ = t('settings.relationships') - content_for :header_tags do - = javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous' + = javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous' .filters .filter-subset diff --git a/app/views/settings/two_factor_authentication/webauthn_credentials/new.html.haml b/app/views/settings/two_factor_authentication/webauthn_credentials/new.html.haml index 0b23bb689..1148d5ed7 100644 --- a/app/views/settings/two_factor_authentication/webauthn_credentials/new.html.haml +++ b/app/views/settings/two_factor_authentication/webauthn_credentials/new.html.haml @@ -13,4 +13,4 @@ .actions = f.button :button, t('webauthn_credentials.add'), class: 'js-webauthn', type: :submit -= javascript_pack_tag 'two_factor_authentication', integrity: true, crossorigin: 'anonymous' += javascript_pack_tag 'two_factor_authentication', crossorigin: 'anonymous' diff --git a/app/views/shares/show.html.haml b/app/views/shares/show.html.haml index f2f5479a7..1c0bbf676 100644 --- a/app/views/shares/show.html.haml +++ b/app/views/shares/show.html.haml @@ -1,5 +1,5 @@ - content_for :header_tags do = render_initial_state - = javascript_pack_tag 'share', integrity: true, crossorigin: 'anonymous' + = javascript_pack_tag 'share', crossorigin: 'anonymous' #mastodon-compose{ data: { props: Oj.dump(default_props) } } diff --git a/app/views/tags/show.html.haml b/app/views/tags/show.html.haml index 19dadd36a..beeeb56f2 100644 --- a/app/views/tags/show.html.haml +++ b/app/views/tags/show.html.haml @@ -5,7 +5,7 @@ %meta{ name: 'robots', content: 'noindex' }/ %link{ rel: 'alternate', type: 'application/rss+xml', href: tag_url(@tag, format: 'rss') }/ - = javascript_pack_tag 'about', integrity: true, crossorigin: 'anonymous' + = javascript_pack_tag 'about', crossorigin: 'anonymous' = render 'og' .page-header diff --git a/config/application.rb b/config/application.rb index ad6cf82d7..bf467d6c3 100644 --- a/config/application.rb +++ b/config/application.rb @@ -22,6 +22,8 @@ require_relative '../lib/mastodon/version' require_relative '../lib/devise/two_factor_ldap_authenticatable' require_relative '../lib/devise/two_factor_pam_authenticatable' require_relative '../lib/chewy/strategy/custom_sidekiq' +require_relative '../lib/webpacker/manifest_extensions' +require_relative '../lib/webpacker/helper_extensions' Dotenv::Railtie.load diff --git a/config/webpack/shared.js b/config/webpack/shared.js index 667652809..05828aebe 100644 --- a/config/webpack/shared.js +++ b/config/webpack/shared.js @@ -79,7 +79,8 @@ module.exports = { chunkFilename: 'css/[name]-[contenthash:8].chunk.css', }), new AssetsManifestPlugin({ - integrity: false, + integrity: true, + integrityHashes: ['sha256'], entrypoints: true, writeToDisk: true, publicPath: true, diff --git a/lib/webpacker/helper_extensions.rb b/lib/webpacker/helper_extensions.rb new file mode 100644 index 000000000..8f46d7631 --- /dev/null +++ b/lib/webpacker/helper_extensions.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +module Webpacker::HelperExtensions + def javascript_pack_tag(name, **options) + src, integrity = current_webpacker_instance.manifest.lookup!(name, type: :javascript, with_integrity: true) + javascript_include_tag(src, options.merge(integrity: integrity)) + end + + def stylesheet_pack_tag(name, **options) + src, integrity = current_webpacker_instance.manifest.lookup!(name, type: :stylesheet, with_integrity: true) + stylesheet_link_tag(src, options.merge(integrity: integrity)) + end + + def preload_pack_asset(name, **options) + src, integrity = current_webpacker_instance.manifest.lookup!(name, with_integrity: true) + preload_link_tag(src, options.merge(integrity: integrity)) + end +end + +Webpacker::Helper.prepend(Webpacker::HelperExtensions) diff --git a/lib/webpacker/manifest_extensions.rb b/lib/webpacker/manifest_extensions.rb new file mode 100644 index 000000000..789eb81cc --- /dev/null +++ b/lib/webpacker/manifest_extensions.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +module Webpacker::ManifestExtensions + def lookup(name, pack_type = {}) + asset = super + + if pack_type[:with_integrity] && asset.respond_to?(:dig) + [asset.dig('src'), asset.dig('integrity')] + elsif asset.respond_to?(:dig) + asset.dig('src') + else + asset + end + end +end + +Webpacker::Manifest.prepend(Webpacker::ManifestExtensions) -- cgit From acc1c038610a82d8470acde6753716da0dc4b1fa Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Fri, 6 Nov 2020 11:57:14 +0100 Subject: Fix cookies not having a SameSite attribute (#15098) --- config/initializers/devise.rb | 2 ++ config/initializers/makara.rb | 2 ++ config/initializers/session_store.rb | 6 +++++- 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 config/initializers/makara.rb (limited to 'config') diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 59e69ad37..ef612e177 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -10,6 +10,7 @@ Warden::Manager.after_set_user except: :fetch do |user, warden| expires: 1.year.from_now, httponly: true, secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'), + same_site: :lax, } end @@ -20,6 +21,7 @@ Warden::Manager.after_fetch do |user, warden| expires: 1.year.from_now, httponly: true, secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'), + same_site: :lax, } else warden.logout diff --git a/config/initializers/makara.rb b/config/initializers/makara.rb new file mode 100644 index 000000000..dc88fa63c --- /dev/null +++ b/config/initializers/makara.rb @@ -0,0 +1,2 @@ +Makara::Cookie::DEFAULT_OPTIONS[:same_site] = :lax +Makara::Cookie::DEFAULT_OPTIONS[:secure] = Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true' diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 3dc0edd6f..e5d1be4c6 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,3 +1,7 @@ # Be sure to restart your server when you modify this file. -Rails.application.config.session_store :cookie_store, key: '_mastodon_session', secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true') +Rails.application.config.session_store :cookie_store, { + key: '_mastodon_session', + secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'), + same_site: :lax, +} -- cgit