0
0
Commit Graph

743 Commits

Author SHA1 Message Date
Claire
c107375035
Merge pull request from GHSA-7w3c-p9j8-mq3x
* Ensure destruction of OAuth Applications notifies streaming

Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

* Ensure password resets revoke access to Streaming API

* Improve performance of deleting OAuth tokens

---------

Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
2024-02-14 15:15:34 +01:00
Claire
befd534eb8
Merge pull request from GHSA-3fjr-858r-92rw
* Fix insufficient origin validation

* Bump version to v4.0.13
2024-02-01 15:56:46 +01:00
Jakob Gillich
93bb9ae676 Fix importer returning negative row estimates (#27258) 2023-10-10 13:51:14 +02:00
Claire
481e1d4e0e
Fix post translation erroring out (v4.0.x) (#26991) 2023-09-20 15:59:53 +02:00
Claire
5c64f01b19 Fix moderator rights inconsistencies (#26729) 2023-09-19 17:01:32 +02:00
Claire
57acad0e9f Fix crash when encountering invalid URL (#26814) 2023-09-19 17:01:32 +02:00
Nicolai Søborg
871e63edff Fix frame_rate for videos where ffprobe reports 0/0 (#26500) 2023-09-19 17:01:32 +02:00
Claire
9ae857c035
Merge pull request from GHSA-v3xf-c9qf-j667 2023-09-19 16:53:58 +02:00
Emelia Smith
d3e97e8c23 Allow reports with long comments from remote instances, but truncate (#25028) 2023-09-05 18:51:01 +02:00
Claire
a62d9a9a78 Change text extraction in PlainTextFormatter to be faster (#26727) 2023-09-05 18:51:01 +02:00
Claire
fea5640374 Fix incorrect connect timeout in outgoing requests (#26116) 2023-07-31 14:33:14 +02:00
Claire
aca0db4bd6 Change request timeout handling to use a longer deadline (#26055) 2023-07-21 16:07:35 +02:00
Claire
614aaeff41 Fix crash in admin interface when viewing a remote user with verified links (#25796) 2023-07-07 19:36:12 +02:00
Claire
2d42175ef0
Merge pull request from GHSA-55j9-c3mp-6fcq 2023-07-06 15:06:50 +02:00
Claire
3af396e561
Merge pull request from GHSA-9pxv-6qvf-pjwc
* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:24 +02:00
Claire
660845f781 Change profile updates to be sent to recently-mentioned servers (#24852) 2023-07-06 13:45:58 +02:00
Claire
bb87736bf0 Change OpenGraph-based embeds to allow fullscreen (#25058) 2023-07-06 13:45:58 +02:00
Claire
37972fe3c7 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) 2023-07-06 13:45:58 +02:00
Claire
9715a211c7 Add warning for object storage misconfiguration (#24137) 2023-03-16 22:49:35 +01:00
Claire
f834fdaf6a Fix dashboard crash on ElasticSearch server error (#23751) 2023-03-16 11:57:23 +01:00
Christian Schmidt
4ea4c3f49c Unescape HTML entities (#24019) 2023-03-14 10:00:13 +01:00
Claire
71c92d3f56
Fix emoji substitution not applying only to text nodes in backend code (#20641)
Signed-off-by: Claire <claire.github-309c@sitedethib.com>

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-11-14 20:26:21 +01:00
Bearice Ren
28cda42af5
fixes ArgumentError when proxy is used (#20420)
* fixes ArgumentError when proxy is used

* Update app/lib/request.rb

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-11-11 21:31:03 +01:00
Eugen Rochko
f8e8e622e5
Change incoming activity processing to happen in ingress queue (#20264) 2022-11-10 14:21:51 +01:00
James Tucker
78a6b871fe
Improve performance by avoiding regex construction (#20215)
```ruby
10.times { p /#{FOO}/.object_id }
10.times { p FOO_RE.object_id }
```
2022-11-10 05:49:30 +01:00
Claire
c989faaa62
Change Request connection logic to try both IPv6 and IPv4 when available (#20108)
Fixes #19751
2022-11-08 16:36:26 +01:00
James Tucker
833d9c2f1c
Improve performance by avoiding method cache busts (#19957)
Switch to monkey-patching http.rb rather than a runtime extend of each
response, so as to avoid busting the global method cache. A guard is
included that will provide developer feedback in development and test
environments should the monkey patch ever collide.
2022-11-08 04:00:27 +01:00
Claire
3114c826a7
Fix filter handling in status cache hydration (#19963) 2022-11-07 19:47:48 +01:00
Claire
bb89f83cc0
Fix additional issues with status cache hydration (#19747)
* Spare one SQL query when hydrating polls

* Improve tests

* Fix more discrepancies

* Fix possible crash when the status has no application set
2022-11-04 20:01:33 +01:00
Claire
03b991de6c
Fix various issues with store hydration (#19746)
- Improve tests
- Fix possible crash when application of a reblogged post isn't set
- Fix discrepancies around favourited and reblogged attributes
- Fix discrepancies around pinned attribute
- Fix polls not being hydrated
2022-11-04 19:33:16 +01:00
Claire
c2170991c7
Fix reblogs being discarded after the reblogged status (#19731) 2022-11-04 16:31:44 +01:00
Eugen Rochko
5f9e47be34
Add caching for payload serialization during fan-out (#19642) 2022-11-04 13:21:06 +01:00
Eugen Rochko
1546538de9
Fix improperly checking for blocked domain on followed hashtags (#19472)
Fix #19469
2022-10-26 20:40:56 +02:00
Eugen Rochko
bf0ab3e0fa
Fix vacuum scheduler missing lock, locks never expiring (#19458)
Remove vacuuming of orphaned preview cards
2022-10-26 12:10:48 +02:00
Eugen Rochko
8f07381856
Revert "Remove preference to aggregate reblogs in home/list feeds (#18112)" (#19463)
This reverts commit af396fa35f.
2022-10-26 09:10:18 +02:00
Claire
30453fab80
Add mention of the translation provider when translating a post (#19433) 2022-10-24 18:37:57 +02:00
Claire
8046cf34d6
Change “Translate” button to only show up when a translation backend is configured (#19434)
* Change “Translate” button to only show up when a translation backend is configured

Fixes #19346

* Add `translation` attribute to /api/v2/instance to expose whether the translation feature is enabled

Fixes #19328
2022-10-24 18:30:58 +02:00
Takeshi Umeda
1d34eff63f
Add featured tag add/remove activity handler (#19408) 2022-10-22 11:49:41 +02:00
Eugen Rochko
839f893168
Change public accounts pages to mount the web UI (#19319)
* Change public accounts pages to mount the web UI

* Fix handling of remote usernames in routes

- When logged in, serve web app
- When logged out, redirect to permalink
- Fix `app-body` class not being set sometimes due to name conflict

* Fix missing `multiColumn` prop

* Fix failing test

* Use `discoverable` attribute to control indexing directives

* Fix `<ColumnLoading />` not using `multiColumn`

* Add `noindex` to accounts in REST API

* Change noindex directive to not be rendered by default before a route is mounted

* Add loading indicator for detailed status in web UI

* Fix missing indicator appearing while account is loading in web UI
2022-10-20 14:35:29 +02:00
Eugen Rochko
43b5d5e38d
Add logged-out access to the web UI (#18961) 2022-09-29 04:39:33 +02:00
Yamagishi Kazutoshi
d86dd067ce
Fix auto detect language for translate service (#19244) 2022-09-27 23:33:56 +02:00
Eugen Rochko
5c9abdeff1
Add retention policy for cached content and media (#19232) 2022-09-27 03:08:19 +02:00
Eugen Rochko
0d6b878808
Add user content translations with configurable backends (#19218) 2022-09-23 23:00:12 +02:00
Claire
8cf7006d4e
Refactor ActivityPub handling to prepare for non-Account actors (#19212)
* Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService

ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is
specifically required to be an Account

* Refactor SignatureVerification to allow non-Account actors

* fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService

* Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors

* Refactor inbound ActivityPub payload processing to accept non-Account actors

* Refactor inbound ActivityPub processing to accept activities relayed through non-Account

* Refactor how Account key URIs are built

* Refactor Request and drop unused key_id_format parameter

* Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`
2022-09-21 22:45:57 +02:00
Eugen Rochko
50948b46aa
Add ability to filter followed accounts' posts by language (#19095) 2022-09-20 23:51:21 +02:00
Claire
1145dbd327
Improve error reporting and logging when processing remote accounts (#15605)
* Add a more descriptive PrivateNetworkAddressError exception class

* Remove unnecessary exception class to rescue clause

* Remove unnecessary include to JsonLdHelper

* Give more neutral error message when too many webfinger redirects

* Remove unnecessary guard condition

* Rework how “ActivityPub::FetchRemoteAccountService” handles errors

Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteAccountService#call (default/previous behavior).

* Rework how “ActivityPub::FetchRemoteKeyService” handles errors

Add “suppress_errors” keyword argument to avoid raising errors in
ActivityPub::FetchRemoteKeyService#call (default/previous behavior).

* Fix Webfinger::RedirectError not being a subclass of Webfinger::Error

* Add suppress_errors option to ResolveAccountService

Defaults to true (to preserve previous behavior). If set to false,
errors will be raised instead of caught, allowing the caller to be
informed of what went wrong.

* Return more precise error when failing to fetch account signing AP payloads

* Add tests

* Fixes

* Refactor error handling a bit

* Fix various issues

* Add specific error when provided Digest is not 256 bits of base64-encoded data

* Please CodeClimate

* Improve webfinger error reporting
2022-09-20 23:30:26 +02:00
Eugen Rochko
af396fa35f
Remove preference to aggregate reblogs in home/list feeds (#18112) 2022-08-25 23:38:36 +02:00
Jeong Arm
861b35dd54
Support "http_hidden_proxy" ENV var for hidden service only proxy (#18427)
* Support "http_hidden_proxy" ENV var for hidden service only proxy

* Fallback to http_proxy if http_hidden_proxy is not set
2022-08-25 04:41:14 +02:00
Mashiro
656ac99ef0
Fix ambiguous column names in tootctl search deploy (#18993) 2022-08-17 22:07:12 +01:00
Eugen Rochko
c3f0621a59
Add ability to follow hashtags (#18809) 2022-07-17 13:49:29 +02:00