autonomic-cooperative/hometown
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge tag 'v2.7.0rc1' into instance_only_statuses

Browse Source
This commit is contained in:
Renato "Lond" Cerqueira
2019-01-09 10:47:10 +01:00
parent 237952c10d bc3a6dd597
commit 4207973809
585 changed files with 16065 additions and 8146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/activitypub/collections_controller.rb
View File

@ -31,7 +31,7 @@ class ActivityPub::CollectionsController < Api::BaseController
when 'featured'
@account.pinned_statuses.count
else
raise ActiveRecord::NotFound
raise ActiveRecord::RecordNotFound
end
end
@ -42,7 +42,7 @@ class ActivityPub::CollectionsController < Api::BaseController
scope.merge!(@account.pinned_statuses)
end
else
raise ActiveRecord::NotFound
raise ActiveRecord::RecordNotFound
end
end

36
app/controllers/admin/account_actions_controller.rb Normal file
View File

@ -0,0 +1,36 @@
# frozen_string_literal: true
module Admin
class AccountActionsController < BaseController
before_action :set_account
def new
@account_action = Admin::AccountAction.new(type: params[:type], report_id: params[:report_id], send_email_notification: true)
@warning_presets = AccountWarningPreset.all
end
def create
account_action = Admin::AccountAction.new(resource_params)
account_action.target_account = @account
account_action.current_account = current_account
account_action.save!
if account_action.with_report?
redirect_to admin_reports_path
else
redirect_to admin_account_path(@account.id)
end
end
private
def set_account
@account = Account.find(params[:account_id])
end
def resource_params
params.require(:admin_account_action).permit(:type, :report_id, :warning_preset_id, :text, :send_email_notification)
end
end
end

1
app/controllers/admin/account_moderation_notes_controller.rb
View File

@ -14,6 +14,7 @@ module Admin
else
@account = @account_moderation_note.target_account
@moderation_notes = @account.targeted_moderation_notes.latest
@warnings = @account.targeted_account_warnings.latest.custom
render template: 'admin/accounts/show'
end

41
app/controllers/admin/accounts_controller.rb
View File

@ -2,9 +2,9 @@
module Admin
class AccountsController < BaseController
before_action :set_account, only: [:show, :subscribe, :unsubscribe, :redownload, :remove_avatar, :enable, :disable, :memorialize]
before_action :set_account, only: [:show, :subscribe, :unsubscribe, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize]
before_action :require_remote_account!, only: [:subscribe, :unsubscribe, :redownload]
before_action :require_local_account!, only: [:enable, :disable, :memorialize]
before_action :require_local_account!, only: [:enable, :memorialize]
def index
authorize :account, :index?
@ -13,8 +13,10 @@ module Admin
def show
authorize @account, :show?
@account_moderation_note = current_account.account_moderation_notes.new(target_account: @account)
@moderation_notes = @account.targeted_moderation_notes.latest
@moderation_notes = @account.targeted_moderation_notes.latest
@warnings = @account.targeted_account_warnings.latest.custom
end
def subscribe
@ -43,19 +45,25 @@ module Admin
redirect_to admin_account_path(@account.id)
end
def disable
authorize @account.user, :disable?
@account.user.disable!
log_action :disable, @account.user
def unsilence
authorize @account, :unsilence?
@account.unsilence!
log_action :unsilence, @account
redirect_to admin_account_path(@account.id)
end
def unsuspend
authorize @account, :unsuspend?
@account.unsuspend!
log_action :unsuspend, @account
redirect_to admin_account_path(@account.id)
end
def redownload
authorize @account, :redownload?
@account.reset_avatar!
@account.reset_header!
@account.save!
@account.update!(last_webfingered_at: nil)
ResolveAccountService.new.call(@account)
redirect_to admin_account_path(@account.id)
end
@ -71,6 +79,17 @@ module Admin
redirect_to admin_account_path(@account.id)
end
def remove_header
authorize @account, :remove_header?
@account.header = nil
@account.save!
log_action :remove_header, @account.user
redirect_to admin_account_path(@account.id)
end
private
def set_account
@ -94,8 +113,8 @@ module Admin
:local,
:remote,
:by_domain,
:active,
:silenced,
:alphabetic,
:suspended,
:username,
:display_name,

4
app/controllers/admin/base_controller.rb
View File

@ -15,5 +15,9 @@ module Admin
def set_body_classes
@body_classes = 'admin'
end
def set_user
@user = Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
end
end
end

4
app/controllers/admin/confirmations_controller.rb
View File

@ -25,10 +25,6 @@ module Admin
private
def set_user
@user = Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
end
def check_confirmation
if @user.confirmed?
flash[:error] = I18n.t('admin.accounts.resend_confirmation.already_confirmed')

1
app/controllers/admin/dashboard_controller.rb
View File

@ -28,6 +28,7 @@ module Admin
@pam_enabled = ENV['PAM_ENABLED'] == 'true'
@hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true'
@trending_hashtags = TrendingTags.get(7)
@profile_directory = Setting.profile_directory
end
private

11
app/controllers/admin/domain_blocks_controller.rb
View File

@ -4,14 +4,9 @@ module Admin
class DomainBlocksController < BaseController
before_action :set_domain_block, only: [:show, :destroy]
def index
authorize :domain_block, :index?
@domain_blocks = DomainBlock.page(params[:page])
end
def new
authorize :domain_block, :create?
@domain_block = DomainBlock.new
@domain_block = DomainBlock.new(domain: params[:_domain])
end
def create
@ -22,7 +17,7 @@ module Admin
if @domain_block.save
DomainBlockWorker.perform_async(@domain_block.id)
log_action :create, @domain_block
redirect_to admin_domain_blocks_path, notice: I18n.t('admin.domain_blocks.created_msg')
redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
else
render :new
end
@ -36,7 +31,7 @@ module Admin
authorize @domain_block, :destroy?
UnblockDomainService.new.call(@domain_block, retroactive_unblock?)
log_action :destroy, @domain_block
redirect_to admin_domain_blocks_path, notice: I18n.t('admin.domain_blocks.destroyed_msg')
redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.destroyed_msg')
end
private

18
app/controllers/admin/followers_controller.rb Normal file
View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
module Admin
class FollowersController < BaseController
before_action :set_account
PER_PAGE = 40
def index
authorize :account, :index?
@followers = @account.followers.local.recent.page(params[:page]).per(PER_PAGE)
end
def set_account
@account = Account.find(params[:account_id])
end
end
end

27
app/controllers/admin/instances_controller.rb
View File

@ -4,14 +4,21 @@ module Admin
class InstancesController < BaseController
def index
authorize :instance, :index?
@instances = ordered_instances
end
def resubscribe
authorize :instance, :resubscribe?
params.require(:by_domain)
Pubsubhubbub::SubscribeWorker.push_bulk(subscribeable_accounts.pluck(:id))
redirect_to admin_instances_path
def show
authorize :instance, :show?
@instance = Instance.new(Account.by_domain_accounts.find_by(domain: params[:id]) || DomainBlock.find_by!(domain: params[:id]))
@following_count = Follow.where(account: Account.where(domain: params[:id])).count
@followers_count = Follow.where(target_account: Account.where(domain: params[:id])).count
@reports_count = Report.where(target_account: Account.where(domain: params[:id])).count
@blocks_count = Block.where(target_account: Account.where(domain: params[:id])).count
@available = DeliveryFailureTracker.available?(Account.select(:shared_inbox_url).where(domain: params[:id]).first&.shared_inbox_url)
@media_storage = MediaAttachment.where(account: Account.where(domain: params[:id])).sum(:file_file_size)
@domain_block = DomainBlock.find_by(domain: params[:id])
end
private
@ -27,17 +34,11 @@ module Admin
helper_method :paginated_instances
def ordered_instances
paginated_instances.map { |account| Instance.new(account) }
end
def subscribeable_accounts
Account.with_followers.remote.where(domain: params[:by_domain])
paginated_instances.map { |resource| Instance.new(resource) }
end
def filter_params
params.permit(
:domain_name
)
params.permit(:limited)
end
end
end

85
app/controllers/admin/reports_controller.rb
View File

@ -13,75 +13,42 @@ module Admin
authorize @report, :show?
@report_note = @report.notes.new
@report_notes = (@report.notes.latest + @report.history).sort_by(&:created_at)
@report_notes = (@report.notes.latest + @report.history + @report.target_account.targeted_account_warnings.latest.custom).sort_by(&:created_at)
@form = Form::StatusBatch.new
end
def update
def assign_to_self
authorize @report, :update?
process_report
@report.update!(assigned_account_id: current_account.id)
log_action :assigned_to_self, @report
redirect_to admin_report_path(@report)
end
if @report.action_taken?
redirect_to admin_reports_path, notice: I18n.t('admin.reports.resolved_msg')
else
redirect_to admin_report_path(@report)
end
def unassign
authorize @report, :update?
@report.update!(assigned_account_id: nil)
log_action :unassigned, @report
redirect_to admin_report_path(@report)
end
def reopen
authorize @report, :update?
@report.unresolve!
log_action :reopen, @report
redirect_to admin_report_path(@report)
end
def resolve
authorize @report, :update?
@report.resolve!(current_account)
log_action :resolve, @report
redirect_to admin_reports_path, notice: I18n.t('admin.reports.resolved_msg')
end
private
def process_report
case params[:outcome].to_s
when 'assign_to_self'
@report.update!(assigned_account_id: current_account.id)
log_action :assigned_to_self, @report
when 'unassign'
@report.update!(assigned_account_id: nil)
log_action :unassigned, @report
when 'reopen'
@report.unresolve!
log_action :reopen, @report
when 'resolve'
@report.resolve!(current_account)
log_action :resolve, @report
when 'disable'
@report.resolve!(current_account)
@report.target_account.user.disable!
log_action :resolve, @report
log_action :disable, @report.target_account.user
resolve_all_target_account_reports
when 'silence'
@report.resolve!(current_account)
@report.target_account.update!(silenced: true)
log_action :resolve, @report
log_action :silence, @report.target_account
resolve_all_target_account_reports
else
raise ActiveRecord::RecordNotFound
end
@report.reload
end
def resolve_all_target_account_reports
unresolved_reports_for_target_account.update_all(action_taken: true, action_taken_by_account_id: current_account.id)
end
def unresolved_reports_for_target_account
Report.where(
target_account: @report.target_account
).unresolved
end
def filtered_reports
ReportFilter.new(filter_params).results.order(id: :desc).includes(
:account,
:target_account
)
ReportFilter.new(filter_params).results.order(id: :desc).includes(:account, :target_account)
end
def filter_params

6
app/controllers/admin/resets_controller.rb
View File

@ -10,11 +10,5 @@ module Admin
log_action :reset_password, @user
redirect_to admin_accounts_path
end
private
def set_user
@user = Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
end
end
end

6
app/controllers/admin/roles_controller.rb
View File

@ -17,11 +17,5 @@ module Admin
log_action :demote, @user
redirect_to admin_account_path(@user.account_id)
end
private
def set_user
@user = Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
end
end
end

2
app/controllers/admin/settings_controller.rb
View File

@ -26,6 +26,7 @@ module Admin
show_known_fediverse_at_about_page
preview_sensitive_media
custom_css
profile_directory
).freeze
BOOLEAN_SETTINGS = %w(
@ -37,6 +38,7 @@ module Admin
peers_api_enabled
show_known_fediverse_at_about_page
preview_sensitive_media
profile_directory
).freeze
UPLOAD_SETTINGS = %w(

27
app/controllers/admin/silences_controller.rb
View File

@ -1,27 +0,0 @@
# frozen_string_literal: true
module Admin
class SilencesController < BaseController
before_action :set_account
def create
authorize @account, :silence?
@account.update!(silenced: true)
log_action :silence, @account
redirect_to admin_accounts_path
end
def destroy
authorize @account, :unsilence?
@account.update!(silenced: false)
log_action :unsilence, @account
redirect_to admin_accounts_path
end
private
def set_account
@account = Account.find(params[:account_id])
end
end
end

9
app/controllers/admin/statuses_controller.rb
View File

@ -22,6 +22,15 @@ module Admin
@form = Form::StatusBatch.new
end
def show
authorize :status, :index?
@statuses = @account.statuses.where(id: params[:id])
authorize @statuses.first, :show?
@form = Form::StatusBatch.new
end
def create
authorize :status, :update?

60
app/controllers/admin/suspensions_controller.rb
View File

@ -1,60 +0,0 @@
# frozen_string_literal: true
module Admin
class SuspensionsController < BaseController
before_action :set_account
def new
@suspension = Form::AdminSuspensionConfirmation.new(report_id: params[:report_id])
end
def create
authorize @account, :suspend?
@suspension = Form::AdminSuspensionConfirmation.new(suspension_params)
if suspension_params[:acct] == @account.acct
resolve_report! if suspension_params[:report_id].present?
perform_suspend!
mark_reports_resolved!
redirect_to admin_accounts_path
else
flash.now[:alert] = I18n.t('admin.suspensions.bad_acct_msg')
render :new
end
end
def destroy
authorize @account, :unsuspend?
@account.unsuspend!
log_action :unsuspend, @account
redirect_to admin_accounts_path
end
private
def set_account
@account = Account.find(params[:account_id])
end
def suspension_params
params.require(:form_admin_suspension_confirmation).permit(:acct, :report_id)
end
def resolve_report!
report = Report.find(suspension_params[:report_id])
report.resolve!(current_account)
log_action :resolve, report
end
def perform_suspend!
@account.suspend!
Admin::SuspensionWorker.perform_async(@account.id)
log_action :suspend, @account
end
def mark_reports_resolved!
Report.where(target_account: @account).unresolved.update_all(action_taken: true, action_taken_by_account_id: current_account.id)
end
end
end

44
app/controllers/admin/tags_controller.rb Normal file
View File

@ -0,0 +1,44 @@
# frozen_string_literal: true
module Admin
class TagsController < BaseController
before_action :set_tags, only: :index
before_action :set_tag, except: :index
before_action :set_filter_params
def index
authorize :tag, :index?
end
def hide
authorize @tag, :hide?
@tag.account_tag_stat.update!(hidden: true)
redirect_to admin_tags_path(@filter_params)
end
def unhide
authorize @tag, :unhide?
@tag.account_tag_stat.update!(hidden: false)
redirect_to admin_tags_path(@filter_params)
end
private
def set_tags
@tags = Tag.discoverable
@tags.merge!(Tag.hidden) if filter_params[:hidden]
end
def set_tag
@tag = Tag.find(params[:id])
end
def set_filter_params
@filter_params = filter_params.to_hash.symbolize_keys
end
def filter_params
params.permit(:hidden)
end
end
end

4
app/controllers/admin/two_factor_authentications_controller.rb
View File

@ -2,7 +2,7 @@
module Admin
class TwoFactorAuthenticationsController < BaseController
before_action :set_user
before_action :set_target_user
def destroy
authorize @user, :disable_2fa?
@ -13,7 +13,7 @@ module Admin
private
def set_user
def set_target_user
@user = User.find(params[:user_id])
end
end

58
app/controllers/admin/warning_presets_controller.rb Normal file
View File

@ -0,0 +1,58 @@
# frozen_string_literal: true
module Admin
class WarningPresetsController < BaseController
before_action :set_warning_preset, except: [:index, :create]
def index
authorize :account_warning_preset, :index?
@warning_presets = AccountWarningPreset.all
@warning_preset = AccountWarningPreset.new
end
def create
authorize :account_warning_preset, :create?
@warning_preset = AccountWarningPreset.new(warning_preset_params)
if @warning_preset.save
redirect_to admin_warning_presets_path
else
@warning_presets = AccountWarningPreset.all
render :index
end
end
def edit
authorize @warning_preset, :update?
end
def update
authorize @warning_preset, :update?
if @warning_preset.update(warning_preset_params)
redirect_to admin_warning_presets_path
else
render :edit
end
end
def destroy
authorize @warning_preset, :destroy?
@warning_preset.destroy!
redirect_to admin_warning_presets_path
end
private
def set_warning_preset
@warning_preset = AccountWarningPreset.find(params[:id])
end
def warning_preset_params
params.require(:account_warning_preset).permit(:text)
end
end
end

12
app/controllers/api/base_controller.rb
View File

@ -68,12 +68,14 @@ class Api::BaseController < ApplicationController
end
def require_user!
if current_user && !current_user.disabled?
set_user_activity
elsif current_user
render json: { error: 'Your login is currently disabled' }, status: 403
else
if !current_user
render json: { error: 'This method requires an authenticated user' }, status: 422
elsif current_user.disabled?
render json: { error: 'Your login is currently disabled' }, status: 403
elsif !current_user.confirmed?
render json: { error: 'Email confirmation is not completed' }, status: 403
else
set_user_activity
end
end

2
app/controllers/api/v1/accounts/credentials_controller.rb
View File

@ -21,7 +21,7 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
private
def account_params
params.permit(:display_name, :note, :avatar, :header, :locked, :bot, fields_attributes: [:name, :value])
params.permit(:display_name, :note, :avatar, :header, :locked, :bot, :discoverable, fields_attributes: [:name, :value])
end
def user_settings_params

2
app/controllers/api/v1/accounts/follower_accounts_controller.rb
View File

@ -25,7 +25,7 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
end
def default_accounts
Account.includes(:active_relationships).references(:active_relationships)
Account.includes(:active_relationships, :account_stat).references(:active_relationships)
end
def paginated_follows

2
app/controllers/api/v1/accounts/following_accounts_controller.rb
View File

@ -25,7 +25,7 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
end
def default_accounts
Account.includes(:passive_relationships).references(:passive_relationships)
Account.includes(:passive_relationships, :account_stat).references(:passive_relationships)
end
def paginated_follows

12
app/controllers/api/v1/accounts/statuses_controller.rb
View File

@ -1,7 +1,7 @@
# frozen_string_literal: true
class Api::V1::Accounts::StatusesController < Api::BaseController
before_action -> { doorkeeper_authorize! :read, :'read:statuses' }
before_action -> { authorize_if_got_token! :read, :'read:statuses' }
before_action :set_account
after_action :insert_pagination_headers
@ -28,13 +28,11 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
def account_statuses
statuses = truthy_param?(:pinned) ? pinned_scope : permitted_account_statuses
statuses = statuses.paginate_by_id(
limit_param(DEFAULT_STATUSES_LIMIT),
params_slice(:max_id, :since_id, :min_id)
)
statuses = statuses.paginate_by_id(limit_param(DEFAULT_STATUSES_LIMIT), params_slice(:max_id, :since_id, :min_id))
statuses.merge!(only_media_scope) if truthy_param?(:only_media)
statuses.merge!(no_replies_scope) if truthy_param?(:exclude_replies)
statuses.merge!(no_reblogs_scope) if truthy_param?(:exclude_reblogs)
statuses
end
@ -65,6 +63,10 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
Status.without_replies
end
def no_reblogs_scope
Status.without_reblogs
end
def pagination_params(core_params)
params.slice(:limit, :only_media, :exclude_replies).permit(:limit, :only_media, :exclude_replies).merge(core_params)
end

26
app/controllers/api/v1/accounts_controller.rb
View File

@ -1,14 +1,16 @@
# frozen_string_literal: true
class Api::V1::AccountsController < Api::BaseController
before_action -> { authorize_if_got_token! :read, :'read:accounts' }, except: [:follow, :unfollow, :block, :unblock, :mute, :unmute]
before_action -> { authorize_if_got_token! :read, :'read:accounts' }, except: [:create, :follow, :unfollow, :block, :unblock, :mute, :unmute]
before_action -> { doorkeeper_authorize! :follow, :'write:follows' }, only: [:follow, :unfollow]
before_action -> { doorkeeper_authorize! :follow, :'write:mutes' }, only: [:mute, :unmute]
before_action -> { doorkeeper_authorize! :follow, :'write:blocks' }, only: [:block, :unblock]
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:create]
before_action :require_user!, except: [:show]
before_action :set_account
before_action :require_user!, except: [:show, :create]
before_action :set_account, except: [:create]
before_action :check_account_suspension, only: [:show]
before_action :check_enabled_registrations, only: [:create]
respond_to :json
@ -16,6 +18,16 @@ class Api::V1::AccountsController < Api::BaseController
render json: @account, serializer: REST::AccountSerializer
end
def create
token = AppSignUpService.new.call(doorkeeper_token.application, account_params)
response = Doorkeeper::OAuth::TokenResponse.new(token)
headers.merge!(response.headers)
self.response_body = Oj.dump(response.body)
self.status = response.status
end
def follow
FollowService.new.call(current_user.account, @account, reblogs: truthy_param?(:reblogs))
@ -62,4 +74,12 @@ class Api::V1::AccountsController < Api::BaseController
def check_account_suspension
gone if @account.suspended?
end
def account_params
params.permit(:username, :email, :password, :agreement, :locale)
end
def check_enabled_registrations
forbidden if single_user_mode? || !Setting.open_registrations
end
end

2
app/controllers/api/v1/blocks_controller.rb
View File

@ -19,7 +19,7 @@ class Api::V1::BlocksController < Api::BaseController
end
def paginated_blocks
@paginated_blocks ||= Block.eager_load(:target_account)
@paginated_blocks ||= Block.eager_load(target_account: :account_stat)
.where(account: current_account)
.paginate_by_max_id(
limit_param(DEFAULT_ACCOUNTS_LIMIT),

4
app/controllers/api/v1/custom_emojis_controller.rb
View File

@ -4,6 +4,8 @@ class Api::V1::CustomEmojisController < Api::BaseController
respond_to :json
def index
render json: CustomEmoji.local.where(disabled: false), each_serializer: REST::CustomEmojiSerializer
render_cached_json('api:v1:custom_emojis', expires_in: 1.minute) do
ActiveModelSerializers::SerializableResource.new(CustomEmoji.local.where(disabled: false), each_serializer: REST::CustomEmojiSerializer)
end
end
end

2
app/controllers/api/v1/endorsements_controller.rb
View File

@ -27,7 +27,7 @@ class Api::V1::EndorsementsController < Api::BaseController
end
def endorsed_accounts
current_account.endorsed_accounts
current_account.endorsed_accounts.includes(:account_stat)
end
def insert_pagination_headers

2
app/controllers/api/v1/follow_requests_controller.rb
View File

@ -33,7 +33,7 @@ class Api::V1::FollowRequestsController < Api::BaseController
end
def default_accounts
Account.includes(:follow_requests).references(:follow_requests)
Account.includes(:follow_requests, :account_stat).references(:follow_requests)
end
def paginated_follow_requests

4
app/controllers/api/v1/lists/accounts_controller.rb
View File

@ -37,9 +37,9 @@ class Api::V1::Lists::AccountsController < Api::BaseController
def load_accounts
if unlimited?
@list.accounts.all
@list.accounts.includes(:account_stat).all
else
@list.accounts.paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id])
@list.accounts.includes(:account_stat).paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id])
end
end

77
app/controllers/api/v1/scheduled_statuses_controller.rb Normal file
View File

@ -0,0 +1,77 @@
# frozen_string_literal: true
class Api::V1::ScheduledStatusesController < Api::BaseController
include Authorization
before_action -> { doorkeeper_authorize! :read, :'read:statuses' }, except: [:update, :destroy]
before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only: [:update, :destroy]
before_action :set_statuses, only: :index
before_action :set_status, except: :index
after_action :insert_pagination_headers, only: :index
def index
render json: @statuses, each_serializer: REST::ScheduledStatusSerializer
end
def show
render json: @status, serializer: REST::ScheduledStatusSerializer
end
def update
@status.update!(scheduled_status_params)
render json: @status, serializer: REST::ScheduledStatusSerializer
end
def destroy
@status.destroy!
render_empty
end
private
def set_statuses
@statuses = current_account.scheduled_statuses.paginate_by_id(limit_param(DEFAULT_STATUSES_LIMIT), params_slice(:max_id, :since_id, :min_id))
end
def set_status
@status = current_account.scheduled_statuses.find(params[:id])
end
def scheduled_status_params
params.permit(:scheduled_at)
end
def pagination_params(core_params)
params.slice(:limit).permit(:limit).merge(core_params)
end
def insert_pagination_headers
set_pagination_headers(next_path, prev_path)
end
def next_path
if records_continue?
api_v1_scheduled_statuses_url pagination_params(max_id: pagination_max_id)
end
end
def prev_path
unless @statuses.empty?
api_v1_scheduled_statuses_url pagination_params(min_id: pagination_since_id)
end
end
def records_continue?
@statuses.size == limit_param(DEFAULT_STATUSES_LIMIT)
end
def pagination_max_id
@statuses.last.id
end
def pagination_since_id
@statuses.first.id
end
end

2
app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
View File

@ -22,7 +22,7 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController
def default_accounts
Account
.includes(:favourites)
.includes(:favourites, :account_stat)
.references(:favourites)
.where(favourites: { status_id: @status.id })
end

2
app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
View File

@ -21,7 +21,7 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::BaseController
end
def default_accounts
Account.includes(:statuses).references(:statuses)
Account.includes(:statuses, :account_stat).references(:statuses)
end
def paginated_statuses

9
app/controllers/api/v1/statuses_controller.rb
View File

@ -45,17 +45,18 @@ class Api::V1::StatusesController < Api::BaseController
def create
@status = PostStatusService.new.call(current_user.account,
status_params[:status],
status_params[:in_reply_to_id].blank? ? nil : Status.find(status_params[:in_reply_to_id]),
text: status_params[:status],
thread: status_params[:in_reply_to_id].blank? ? nil : Status.find(status_params[:in_reply_to_id]),
media_ids: status_params[:media_ids],
sensitive: status_params[:sensitive],
spoiler_text: status_params[:spoiler_text],
visibility: status_params[:visibility],
scheduled_at: status_params[:scheduled_at],
application: doorkeeper_token.application,
idempotency: request.headers['Idempotency-Key'],
local_only: status_params[:local_only])
render json: @status, serializer: REST::StatusSerializer
render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
end
def destroy
@ -78,7 +79,7 @@ class Api::V1::StatusesController < Api::BaseController
end
def status_params
params.permit(:status, :in_reply_to_id, :sensitive, :spoiler_text, :visibility, :local_only, media_ids: [])
params.permit(:status, :in_reply_to_id, :sensitive, :spoiler_text, :visibility, :scheduled_at, :local_only, media_ids: [])
end
def pagination_params(core_params)

2
app/controllers/api/v1/timelines/tag_controller.rb
View File

@ -45,7 +45,7 @@ class Api::V1::Timelines::TagController < Api::BaseController
end
def tag_timeline_statuses
Status.as_tag_timeline(@tag, current_account, truthy_param?(:local))
HashtagQueryService.new.call(@tag, params.slice(:any, :all, :none), current_account, truthy_param?(:local))
end
def insert_pagination_headers

1
app/controllers/api/web/embeds_controller.rb
View File

@ -10,6 +10,7 @@ class Api::Web::EmbedsController < Api::Web::BaseController
render json: status, serializer: OEmbedSerializer, width: 400
rescue ActiveRecord::RecordNotFound
oembed = FetchOEmbedService.new.call(params[:url])
oembed[:html] = Formatter.instance.sanitize(oembed[:html], Sanitize::Config::MASTODON_OEMBED) if oembed[:html].present?
if oembed
render json: oembed

10
app/controllers/auth/confirmations_controller.rb
View File

@ -6,9 +6,9 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
before_action :set_body_classes
before_action :set_user, only: [:finish_signup]
# GET/PATCH /users/:id/finish_signup
def finish_signup
return unless request.patch? && params[:user]
if @user.update(user_params)
@user.skip_reconfirmation!
bypass_sign_in(@user)
@ -31,4 +31,12 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
def user_params
params.require(:user).permit(:email)
end
def after_confirmation_path_for(_resource_name, user)
if user.created_by_application && truthy_param?(:redirect_to_app)
user.created_by_application.redirect_uri
else
super
end
end
end

1
app/controllers/auth/registrations_controller.rb
View File

@ -26,6 +26,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
resource.locale = I18n.locale
resource.invite_code = params[:invite_code] if resource.invite_code.blank?
resource.agreement = true
resource.build_account if resource.account.nil?
end

21
app/controllers/concerns/remote_account_controller_concern.rb
View File

@ -1,21 +0,0 @@
# frozen_string_literal: true
module RemoteAccountControllerConcern
extend ActiveSupport::Concern
included do
layout 'public'
before_action :set_account
before_action :check_account_suspension
end
private
def set_account
@account = Account.find_remote!(params[:acct])
end
def check_account_suspension
gone if @account.suspended?
end
end

53
app/controllers/concerns/signature_verification.rb
View File

@ -43,7 +43,13 @@ module SignatureVerification
return
end
account = account_from_key_id(signature_params['keyId'])
account_stoplight = Stoplight("source:#{request.ip}") { account_from_key_id(signature_params['keyId']) }
.with_fallback { nil }
.with_threshold(1)
.with_cool_off_time(5.minutes.seconds)
.with_error_handler { |error, handle| error.is_a?(HTTP::Error) ? handle.call(error) : raise(error) }
account = account_stoplight.run
if account.nil?
@signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
@ -54,23 +60,26 @@ module SignatureVerification
signature = Base64.decode64(signature_params['signature'])
compare_signed_string = build_signed_string(signature_params['headers'])
if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
@signed_request_account = account
@signed_request_account
elsif account.possibly_stale?
account = account.refresh!
return account unless verify_signature(account, signature, compare_signed_string).nil?
if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
@signed_request_account = account
@signed_request_account
else
@signature_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}"
@signed_request_account = nil
end
else
@signature_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}"
account_stoplight = Stoplight("source:#{request.ip}") { account.possibly_stale? ? account.refresh! : account_refresh_key(account) }
.with_fallback { nil }
.with_threshold(1)
.with_cool_off_time(5.minutes.seconds)
.with_error_handler { |error, handle| error.is_a?(HTTP::Error) ? handle.call(error) : raise(error) }
account = account_stoplight.run
if account.nil?
@signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
@signed_request_account = nil
return
end
return account unless verify_signature(account, signature, compare_signed_string).nil?
@signature_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}"
@signed_request_account = nil
end
def request_body
@ -79,6 +88,15 @@ module SignatureVerification
private
def verify_signature(account, signature, compare_signed_string)
if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
@signed_request_account = account
@signed_request_account
end
rescue OpenSSL::PKey::RSAError
nil
end
def build_signed_string(signed_headers)
signed_headers = 'date' if signed_headers.blank?
@ -125,4 +143,9 @@ module SignatureVerification
account
end
end
def account_refresh_key(account)
return if account.local? || !account.activitypub?
ActivityPub::FetchRemoteAccountService.new.call(account.uri, only_key: true)
end
end

43
app/controllers/directories_controller.rb Normal file
View File

@ -0,0 +1,43 @@
# frozen_string_literal: true
class DirectoriesController < ApplicationController
layout 'public'
before_action :check_enabled
before_action :set_instance_presenter
before_action :set_tag, only: :show
before_action :set_tags
before_action :set_accounts
def index
render :index
end
def show
render :index
end
private
def check_enabled
return not_found unless Setting.profile_directory
end
def set_tag
@tag = Tag.discoverable.find_by!(name: params[:id].downcase)
end
def set_tags
@tags = Tag.discoverable.limit(30)
end
def set_accounts
@accounts = Account.discoverable.page(params[:page]).per(40).tap do |query|
query.merge!(Account.tagged_with(@tag.id)) if @tag
end
end
def set_instance_presenter
@instance_presenter = InstancePresenter.new
end
end

5
app/controllers/media_controller.rb
View File

@ -6,12 +6,17 @@ class MediaController < ApplicationController
before_action :set_media_attachment
before_action :verify_permitted_status!
content_security_policy only: :player do |p|
p.frame_ancestors(false)
end
def show
redirect_to @media_attachment.file.url(:original)
end
def player
@body_classes = 'player'
response.headers['X-Frame-Options'] = 'ALLOWALL'
raise ActiveRecord::RecordNotFound unless @media_attachment.video? || @media_attachment.gifv?
end

5
app/controllers/remote_interaction_controller.rb
View File

@ -5,6 +5,7 @@ class RemoteInteractionController < ApplicationController
layout 'modal'
before_action :set_interaction_type
before_action :set_status
before_action :set_body_classes
@ -45,4 +46,8 @@ class RemoteInteractionController < ApplicationController
@body_classes = 'modal-layout'
@hide_header = true
end
def set_interaction_type
@interaction_type = %w(reply reblog favourite).include?(params[:type]) ? params[:type] : 'reply'
end
end

7
app/controllers/settings/applications_controller.rb
View File

@ -1,12 +1,11 @@
# frozen_string_literal: true
class Settings::ApplicationsController < ApplicationController
class Settings::ApplicationsController < Settings::BaseController
layout 'admin'
before_action :authenticate_user!
before_action :set_application, only: [:show, :update, :destroy, :regenerate]
before_action :prepare_scopes, only: [:create, :update]
before_action :set_body_classes
def index
@applications = current_user.applications.order(id: :desc).page(params[:page])
@ -70,8 +69,4 @@ class Settings::ApplicationsController < ApplicationController
scopes = params.fetch(:doorkeeper_application, {}).fetch(:scopes, nil)
params[:doorkeeper_application][:scopes] = scopes.join(' ') if scopes.is_a? Array
end
def set_body_classes
@body_classes = 'admin'
end
end

11
app/controllers/settings/base_controller.rb Normal file
View File

@ -0,0 +1,11 @@
# frozen_string_literal: true
class Settings::BaseController < ApplicationController
before_action :set_body_classes
private
def set_body_classes
@body_classes = 'admin'
end
end

7
app/controllers/settings/deletes_controller.rb
View File

@ -1,11 +1,10 @@
# frozen_string_literal: true
class Settings::DeletesController < ApplicationController
class Settings::DeletesController < Settings::BaseController
layout 'admin'
before_action :check_enabled_deletion
before_action :authenticate_user!
before_action :set_body_classes
def show
@confirmation = Form::DeleteConfirmation.new
@ -30,8 +29,4 @@ class Settings::DeletesController < ApplicationController
def delete_params
params.require(:form_delete_confirmation).permit(:password)
end
def set_body_classes
@body_classes = 'admin'
end
end

19
app/controllers/settings/exports/blocked_domains_controller.rb Normal file
View File

@ -0,0 +1,19 @@
# frozen_string_literal: true
module Settings
module Exports
class BlockedDomainsController < ApplicationController
include ExportControllerConcern
def index
send_export_file
end
private
def export_data
@export.to_blocked_domains_csv
end
end
end
end

19
app/controllers/settings/exports/lists_controller.rb Normal file
View File

@ -0,0 +1,19 @@
# frozen_string_literal: true
module Settings
module Exports
class ListsController < ApplicationController
include ExportControllerConcern
def index
send_export_file
end
private
def export_data
@export.to_lists_csv
end
end
end
end

9
app/controllers/settings/exports_controller.rb
View File

@ -1,12 +1,11 @@
# frozen_string_literal: true
class Settings::ExportsController < ApplicationController
class Settings::ExportsController < Settings::BaseController
include Authorization
layout 'admin'
before_action :authenticate_user!
before_action :set_body_classes
def show
@export = Export.new(current_account)
@ -21,10 +20,4 @@ class Settings::ExportsController < ApplicationController
redirect_to settings_export_path
end
private
def set_body_classes
@body_classes = 'admin'
end
end

7
app/controllers/settings/follower_domains_controller.rb
View File

@ -1,10 +1,9 @@
# frozen_string_literal: true
class Settings::FollowerDomainsController < ApplicationController
class Settings::FollowerDomainsController < Settings::BaseController
layout 'admin'
before_action :authenticate_user!
before_action :set_body_classes
def show
@account = current_account
@ -26,8 +25,4 @@ class Settings::FollowerDomainsController < ApplicationController
def bulk_params
params.permit(select: [])
end
def set_body_classes
@body_classes = 'admin'
end
end

7
app/controllers/settings/imports_controller.rb
View File

@ -1,11 +1,10 @@
# frozen_string_literal: true
class Settings::ImportsController < ApplicationController
class Settings::ImportsController < Settings::BaseController
layout 'admin'
before_action :authenticate_user!
before_action :set_account
before_action :set_body_classes
def show
@import = Import.new
@ -32,8 +31,4 @@ class Settings::ImportsController < ApplicationController
def import_params
params.require(:import).permit(:data, :type)
end
def set_body_classes
@body_classes = 'admin'
end
end

7
app/controllers/settings/migrations_controller.rb
View File

@ -1,10 +1,9 @@
# frozen_string_literal: true
class Settings::MigrationsController < ApplicationController
class Settings::MigrationsController < Settings::BaseController
layout 'admin'
before_action :authenticate_user!
before_action :set_body_classes
def show
@migration = Form::Migration.new(account: current_account.moved_to_account)
@ -32,8 +31,4 @@ class Settings::MigrationsController < ApplicationController
current_account.moved_to_account_id != @migration.account&.id &&
current_account.id != @migration.account&.id
end
def set_body_classes
@body_classes = 'admin'
end
end

7
app/controllers/settings/notifications_controller.rb
View File

@ -1,10 +1,9 @@
# frozen_string_literal: true
class Settings::NotificationsController < ApplicationController
class Settings::NotificationsController < Settings::BaseController
layout 'admin'
before_action :authenticate_user!
before_action :set_body_classes
def show; end
@ -30,8 +29,4 @@ class Settings::NotificationsController < ApplicationController
interactions: %i(must_be_follower must_be_following must_be_following_dm)
)
end
def set_body_classes
@body_classes = 'admin'
end
end

8
app/controllers/settings/preferences_controller.rb
View File

@ -1,10 +1,9 @@
# frozen_string_literal: true
class Settings::PreferencesController < ApplicationController
class Settings::PreferencesController < Settings::BaseController
layout 'admin'
before_action :authenticate_user!
before_action :set_body_classes
def show; end
@ -49,12 +48,9 @@ class Settings::PreferencesController < ApplicationController
:setting_noindex,
:setting_theme,
:setting_hide_network,
:setting_aggregate_reblogs,
notification_emails: %i(follow follow_request reblog favourite mention digest report),
interactions: %i(must_be_follower must_be_following)
)
end
def set_body_classes
@body_classes = 'admin'
end
end

9
app/controllers/settings/profiles_controller.rb
View File

@ -1,13 +1,12 @@
# frozen_string_literal: true
class Settings::ProfilesController < ApplicationController
class Settings::ProfilesController < Settings::BaseController
include ObfuscateFilename
layout 'admin'
before_action :authenticate_user!
before_action :set_account
before_action :set_body_classes
obfuscate_filename [:account, :avatar]
obfuscate_filename [:account, :header]
@ -29,14 +28,10 @@ class Settings::ProfilesController < ApplicationController
private
def account_params
params.require(:account).permit(:display_name, :note, :avatar, :header, :locked, :bot, fields_attributes: [:name, :value])
params.require(:account).permit(:display_name, :note, :avatar, :header, :locked, :bot, :discoverable, fields_attributes: [:name, :value])
end
def set_account
@account = current_user.account
end
def set_body_classes
@body_classes = 'admin'
end
end

7
app/controllers/settings/sessions_controller.rb
View File

@ -1,8 +1,7 @@
# frozen_string_literal: true
class Settings::SessionsController < ApplicationController
class Settings::SessionsController < Settings::BaseController
before_action :set_session, only: :destroy
before_action :set_body_classes
def destroy
@session.destroy!
@ -15,8 +14,4 @@ class Settings::SessionsController < ApplicationController
def set_session
@session = current_user.session_activations.find(params[:id])
end
def set_body_classes
@body_classes = 'admin'
end
end

7
app/controllers/settings/two_factor_authentication/confirmations_controller.rb
View File

@ -2,12 +2,11 @@
module Settings
module TwoFactorAuthentication
class ConfirmationsController < ApplicationController
class ConfirmationsController < BaseController
layout 'admin'
before_action :authenticate_user!
before_action :ensure_otp_secret
before_action :set_body_classes
def new
prepare_two_factor_form
@ -44,10 +43,6 @@ module Settings
def ensure_otp_secret
redirect_to settings_two_factor_authentication_path unless current_user.otp_secret
end
def set_body_classes
@body_classes = 'admin'
end
end
end
end

9
app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
View File

@ -2,11 +2,10 @@
module Settings
module TwoFactorAuthentication
class RecoveryCodesController < ApplicationController
class RecoveryCodesController < BaseController
layout 'admin'
before_action :authenticate_user!
before_action :set_body_classes
def create
@recovery_codes = current_user.generate_otp_backup_codes!
@ -14,12 +13,6 @@ module Settings
flash[:notice] = I18n.t('two_factor_authentication.recovery_codes_regenerated')
render :index
end
private
def set_body_classes
@body_classes = 'admin'
end
end
end
end

7
app/controllers/settings/two_factor_authentications_controller.rb
View File

@ -1,12 +1,11 @@
# frozen_string_literal: true
module Settings
class TwoFactorAuthenticationsController < ApplicationController
class TwoFactorAuthenticationsController < BaseController
layout 'admin'
before_action :authenticate_user!
before_action :verify_otp_required, only: [:create]
before_action :set_body_classes
def show
@confirmation = Form::TwoFactorConfirmation.new
@ -44,9 +43,5 @@ module Settings
current_user.validate_and_consume_otp!(confirmation_params[:code]) ||
current_user.invalidate_otp_backup_code!(confirmation_params[:code])
end
def set_body_classes
@body_classes = 'admin'
end
end
end

24
app/controllers/statuses_controller.rb
View File

@ -65,12 +65,13 @@ class StatusesController < ApplicationController
private
def create_descendant_thread(depth, statuses)
def create_descendant_thread(starting_depth, statuses)
depth = starting_depth + statuses.size
if depth < DESCENDANTS_DEPTH_LIMIT
{ statuses: statuses }
{ statuses: statuses, starting_depth: starting_depth }
else
next_status = statuses.pop
{ statuses: statuses, next_status: next_status }
{ statuses: statuses, starting_depth: starting_depth, next_status: next_status }
end
end
@ -101,16 +102,19 @@ class StatusesController < ApplicationController
@descendant_threads = []
if descendants.present?
statuses = [descendants.first]
depth = 1
statuses = [descendants.first]
starting_depth = 0
descendants.drop(1).each_with_index do |descendant, index|
if descendants[index].id == descendant.in_reply_to_id
depth += 1
statuses << descendant
else
@descendant_threads << create_descendant_thread(depth, statuses)
@descendant_threads << create_descendant_thread(starting_depth, statuses)
# The thread is broken, assume it's a reply to the root status
starting_depth = 0
# ... unless we can find its ancestor in one of the already-processed threads
@descendant_threads.reverse_each do |descendant_thread|
statuses = descendant_thread[:statuses]
@ -119,18 +123,16 @@ class StatusesController < ApplicationController
end
if index.present?
depth += index - statuses.size
starting_depth = descendant_thread[:starting_depth] + index + 1
break
end
depth -= statuses.size
end
statuses = [descendant]
end
end
@descendant_threads << create_descendant_thread(depth, statuses)
@descendant_threads << create_descendant_thread(starting_depth, statuses)
end
@max_descendant_thread_id = @descendant_threads.pop[:statuses].first.id if descendants.size >= DESCENDANTS_LIMIT

7
app/controllers/tags_controller.rb
View File

@ -16,14 +16,15 @@ class TagsController < ApplicationController
end
format.rss do
@statuses = Status.as_tag_timeline(@tag).limit(PAGE_SIZE)
@statuses = HashtagQueryService.new.call(@tag, params.slice(:any, :all, :none)).limit(PAGE_SIZE)
@statuses = cache_collection(@statuses, Status)
render xml: RSS::TagSerializer.render(@tag, @statuses)
end
format.json do
@statuses = Status.as_tag_timeline(@tag, current_account, params[:local]).paginate_by_max_id(PAGE_SIZE, params[:max_id])
@statuses = HashtagQueryService.new.call(@tag, params.slice(:any, :all, :none), current_account, params[:local])
.paginate_by_max_id(PAGE_SIZE, params[:max_id])
@statuses = cache_collection(@statuses, Status)
render json: collection_presenter,
@ -46,7 +47,7 @@ class TagsController < ApplicationController
def collection_presenter
ActivityPub::CollectionPresenter.new(
id: tag_url(@tag),
id: tag_url(@tag, params.slice(:any, :all, :none)),
type: :ordered,
size: @tag.statuses.count,
items: @statuses.map { |s| ActivityPub::TagManager.instance.uri_for(s) }