Commit Graph

640 Commits

Author SHA1 Message Date
ThibG
7fee968e9f Do not fetch preview card for mentioned users () 2018-10-25 18:13:19 +02:00
Eugen Rochko
ddd30f331c
Improve support for aspects/circles ()
* Add silent column to mentions

* Save silent mentions in ActivityPub Create handler and optimize it

Move networking calls out of the database transaction

* Add "limited" visibility level masked as "private" in the API

Unlike DMs, limited statuses are pushed into home feeds. The access
control rules between direct and limited statuses is almost the same,
except for counter and conversation logic

* Ensure silent column is non-null, add spec

* Ensure filters don't check silent mentions for blocks/mutes

As those are "this person is also allowed to see" rather than "this
person is involved", therefore does not warrant filtering

* Clean up code

* Use Status#active_mentions to limit returned mentions

* Fix code style issues

* Use Status#active_mentions in Notification

And remove stream_entry eager-loading from Notification
2018-10-17 17:13:04 +02:00
Quint Guvernator
f5e2e96e95 always allow DMs from staff () 2018-10-16 19:55:05 +02:00
Eugen Rochko
87fdd139b8
Do not push DMs into the home feed ()
* Do not push DMs into the home feed

* Show DMs column after sending a DM, if DMs column is not already shown
2018-10-11 01:31:03 +02:00
Eugen Rochko
774ac47373
Add conversations API ()
* Add conversations API

* Add web UI for conversations

* Add test for conversations API

* Add tests for ConversationAccount

* Improve web UI

* Rename ConversationAccount to AccountConversation

* Remove conversations on block and mute

* Change last_status_id to be a denormalization of status_ids

* Add optimistic locking
2018-10-07 23:44:58 +02:00
Eugen Rochko
7fe137d2f7
Fix link verification for remote accounts () 2018-10-04 15:47:03 +02:00
Eugen Rochko
f92f1ee80a
Support link verification with redirects ()
(e.g. URL shortener)
2018-09-20 00:10:35 +02:00
Yamagishi Kazutoshi
3da1cc7d5e Fix failed profile verification when rel attribute including values other than me () 2018-09-19 16:47:31 +02:00
Eugen Rochko
68833a50d4
Fix VerifyAccountLinksWorker not being queued ()
UX-wise, people expect that saving the profile will re-check links even without changing fields content. Bug-wise, `@account` was undefined.

Regression from 
2018-09-18 23:57:21 +02:00
Eugen Rochko
f4d549d300
Redesign forms, verify link ownership with rel="me" ()
* Verify link ownership with rel="me"

* Add explanation about verification to UI

* Perform link verifications

* Add click-to-copy widget for verification HTML

* Redesign edit profile page

* Redesign forms

* Improve responsive design of settings pages

* Restore landing page sign-up form

* Fix typo

* Support <link> tags, add spec

* Fix links not being verified on first discovery and passive updates
2018-09-18 16:45:58 +02:00
ThibG
bd9e47e9be Handle relative URLs when fetching OEmbed/OpenGraph cards () 2018-09-10 18:26:28 +02:00
Eugen Rochko
c593d6df9c
Add preference for report notification e-mails, skip for duplicates ()
If an unresolved report for the same target account already exists,
no new notification is generated
2018-09-02 00:11:58 +02:00
Eugen Rochko
cabdbb7f9c
Add CLI task for rotating keys ()
* If an Update is signed with known key, skip re-following procedure

Because it means the remote actor did *not* lose their database

* Add CLI method for rotating keys

    bin/tootctl accounts rotate [USERNAME]

Generates a new RSA key per account and sends out an Update activity
signed with the old key.

* Key rotation: Space out Update fan-outs every 5 minutes per 1000 accounts

* Skip suspended accounts in key rotation
2018-08-26 20:21:03 +02:00
Eugen Rochko
8adf485c0f
Bump interactions count when a follow happens () 2018-08-26 20:02:45 +02:00
Eugen Rochko
55c856c522
Delay e-mail notifications by 2 minutes ()
Fix 
2018-08-26 16:53:19 +02:00
ThibG
42573b76f1 Do not crash if remote custom emoji does not define updated date (fixes ) () 2018-08-23 00:27:58 +02:00
Eugen Rochko
802cf6a4c5
Improve federated ID validation ()
* Fix URI not being sufficiently validated with prefetched JSON

* Add additional id validation to OStatus documents, when possible
2018-08-22 20:55:14 +02:00
Eugen Rochko
1b282299df
Add favourites to archive takeout ()
Remove experimental key export
2018-08-22 19:33:10 +02:00
Eugen Rochko
d98de8ada7
Get rid of all batch order warnings () 2018-08-21 12:25:50 +02:00
Eugen Rochko
6226aa83d7
Increase reach of Delete->Actor activities ()
Fix 
2018-08-20 13:28:05 +02:00
ThibG
abc5548cca Do not process outgoing mentions to suspended accounts () 2018-08-18 19:42:13 +02:00
ThibG
1ee675d68b Use correct activity id in Accept when receiving duplicate Follow (fixes ) () 2018-08-17 14:08:17 +02:00
ThibG
af912fb308 Allow accessing local private/DM messages by URL ()
* Allow accessing local private/DM messages by URL

(Provided the user pasting the URL is authorized to see the toot, obviously)

* Fix SearchServiceSpec tests
2018-08-15 19:33:36 +02:00
Eugen Rochko
cc94b1d95a Prevent ActivityPub movedTo recursion ()
Fix 
2018-07-28 17:14:55 -04:00
Eugen Rochko
a23ac107e4
Fix activity:interactions counter to count all interactions () 2018-07-16 18:35:43 +02:00
Eugen Rochko
e55dce3176
Add federation relay support ()
* Add federation relay support

* Add admin UI for managing relays

* Include actor on relay-related activities

* Fix i18n
2018-07-13 02:16:06 +02:00
Eugen Rochko
8461cd4bb5
Send undo of boost to original poster if reblog ()
Fix 
2018-07-05 20:57:50 +02:00
Eugen Rochko
b0968623fa
Fix check for PotentialFriendshipTracker when replying () 2018-07-03 05:00:44 +02:00
Eugen Rochko
da8fe8079e
Re-add follow recommendations API ()
* Re-add follow recommendations API

    GET /api/v1/suggestions

Removed in 8efa081f21 due to Neo4J
dependency. The algorithm uses triadic closures, takes into account
suspensions, blocks, mutes, domain blocks, excludes locked and moved
accounts, and prefers more recently updated accounts.

* Track interactions with people you don't follow

Replying to, favouriting and reblogging someone you're not following
will make them show up in follow recommendations. The interactions
have different weights:

- Replying is 1
- Favouriting is 10 (decidedly positive interaction, but private)
- Reblogging is 20

Following them, muting or blocking will remove them from the list,
obviously.

* Remove triadic closures, ensure potential friendships are trimmed
2018-07-03 01:47:56 +02:00
Eugen Rochko
a58ec29631
Allow selecting default posting language instead of auto-detect ()
* Allow selecting default posting language instead of auto-detect

* Enable default language setting in credentials API

* Fix form saving
2018-06-17 18:57:31 +02:00
Eugen Rochko
ca85658975
Add autofollow option to invites ()
* Add autofollow option to invites

* Trigger CodeClimate rebuild
2018-06-15 18:00:23 +02:00
Eugen Rochko
c3b3594305
Remove placeholder text for media-only toots ()
Ref: cfa9b6e13a

This breaks compatibility with pre-2.3.0 Mastodon and older
software, but at the time of writing the network is >80% above
that version.

Compatibility broken only for toots with no text.
2018-06-15 15:51:51 +02:00
Eugen Rochko
10f51c9886
Fix domain hiding logic ()
* Send rejections to followers when user hides domain they're on

* Use account domain blocks for "authorized followers" action

Replace soft-blocking (block & unblock) behaviour with follow rejection

* Split sync and async work of account domain blocking

Do not create domain block when removing followers by domain, that
is probably unexpected from the user's perspective.

* Adjust confirmation message for domain block

* yarn manage:translations
2018-06-09 22:46:54 +02:00
Yamagishi Kazutoshi
e3fb528d12 Skip processing when HEAD method returns 501 () 2018-06-04 13:42:53 +02:00
Akihiko Odaki
5bf5003384 Do not mark remote status sensitive even if spoiler text is present ()
Old statuses and statuses from Pawoo, which runs a modified version of
Mastodon, may not have been marked sensitive even if spoiler text is
present.

Such statuses are still not marked sensitve if they are local or
arrived before version upgrade. Marking recently fetched remote status
sensitive contradicts the behavior.

Considering what people expected when they authored such statuses, this
change removes the sensitivity enforcement.
2018-06-04 04:46:14 +02:00
Eugen Rochko
1e938b966e
Exclude unlisted, private and direct toots from affecting trends () 2018-05-31 16:47:28 +02:00
Eugen Rochko
a7d726c383
Improve counter caches on Status and Account ()
Do not touch statuses_count on accounts table when mass-destroying
statuses to reduce load when removing accounts, same for
reblogs_count and favourites_count

Do not count statuses with direct visibility in statuses_count

Fix 
2018-05-30 02:50:23 +02:00
Eugen Rochko
461542784b
Reduce wasted work in RemoveStatusService due to inactive followers () 2018-05-29 22:55:33 +02:00
Eugen Rochko
9bd23dc4e5
Track trending tags ()
* Track trending tags

- Half-life of 1 day
- Historical usage in daily buckets (last 7 days stored)
- GET /api/v1/trends

Fix 

* Add trends to web UI

* Don't render compose form on search route, adjust search results header

* Disqualify tag from trends if it's in disallowed hashtags setting

* Count distinct accounts using tag, ignore silenced accounts
2018-05-27 21:45:30 +02:00
Eugen Rochko
32d4372381
Use #any? instead of #exists? when checking media attachments ()
If media_attachments are not loaded, SQL query is the same, but
the #exists? method performs SQL query even if preloaded
2018-05-21 16:01:16 +02:00
Yamagishi Kazutoshi
7403e5d306 Add media timeline () 2018-05-21 12:43:38 +02:00
Akihiko Odaki
55fd55714a Raise Mastodon::RaceConditionError if Redis lock failed ()
An explicit error allows user agents to know the error and Sidekiq to
retry.
2018-05-16 12:29:45 +02:00
unarist
d47091eb97 Fix custom emoji handling in UpdateRemoteProfileService (OStatus) ()
This patch fixes NoMethodError and others in RemoteProfileUpdateWorker.
2018-05-15 16:03:34 +02:00
Wiktor
7fe2993b87 Fix account URI when updating ActivityPub account ()
Updates account `uri` field on each call to `update_account` instead of
only once during `create_account` to mirror the same behavior in OStatus
`ResolveAccountService` class [0].

ActivityPub accounts are identified using `@username` and `@domain` pair
instead of URI since .

This fixes : a bug when the account identified by `@username` and
`@domain` changes its URI.

[0]:
03b69ebc45/app/services/resolve_account_service.rb (L121)
2018-05-14 22:56:45 +02:00
abcang
3793e598d0 Call media.present? because media may be nil () 2018-05-14 12:51:53 +02:00
ThibG
7467361d70 Fetch boosted statuses on behalf of a follower (fixes ) ()
When an ActivityPub Announce is processed and the boosted toot is not known,
fetch it on behalf of one of the booster's followers. This is to allow
fetching self-boosts of previously-unknown private toots.

If fetching on behalf of a user fails, try fetching it anonymously: the
selected follower of a boosting user may be banned by the boosted toot's
author.
2018-05-12 16:48:32 +02:00
Eugen Rochko
b4fb766b23
Add REST API for Web Push Notifications subscriptions ()
- POST /api/v1/push/subscription
- PUT /api/v1/push/subscription
- DELETE /api/v1/push/subscription
- New OAuth scope: "push" (required for the above methods)
2018-05-11 11:49:12 +02:00
Yamagishi Kazutoshi
d2ee48977c Rescue Mastodon::LengthValidationError in FetchLinkCardService () 2018-05-09 08:39:08 +02:00
Surinna Curtis
01dfd6dbc8 Take the first recognized actor_type. () 2018-05-08 13:30:04 +02:00
ThibG
993e68a7dd Fix hashtags not being federated on mentions (fixes ) () 2018-05-08 03:36:59 +02:00
Eugen Rochko
42cd363542
Bot nameplates ()
* Store actor type in database

* Add bot nameplate to web UI, add setting to preferences, API, AP
Fix 

* Fix code style issues
2018-05-07 09:31:07 +02:00
Eugen Rochko
0f0cc3f2eb
Support explicitly supplying language code for status via REST API () 2018-05-07 09:30:53 +02:00
Eugen Rochko
c947e2e4c5
Fix handling of malformed ActivityPub payloads when URIs are nil ()
* Fix handling of malformed ActivityPub payloads when URIs are nil

* Gracefully handle JSON-LD canonicalization failures
2018-05-05 18:22:34 +02:00
Eugen Rochko
c73ce7b695
Store home feeds for 7 days instead of 14 ()
* Store home feeds for 7 days instead of 14

Reduces workload for status fan-out to active followers

* Fix test for user model
2018-05-05 00:54:24 +02:00
Eugen Rochko
658cbc9425
Improve PostStatusService performance ()
Offload creation of local notifications to a worker. Remove two
redundant SQL queries from ProcessMentionsService, remove n+1
XML/JSON serialization via memoization
2018-05-02 22:10:57 +02:00
Eugen Rochko
cb5b5cb5f7
Slightly reduce RAM usage ()
* No need to re-require sidekiq plugins, they are required via Gemfile

* Add derailed_benchmarks tool, no need to require TTY gems in Gemfile

* Replace ruby-oembed with FetchOEmbedService

Reduce startup by 45382 allocated objects

* Remove preloaded JSON-LD in favour of caching HTTP responses

Reduce boot RAM by about 6 MiB

* Fix tests

* Fix test suite by stubbing out JSON-LD contexts
2018-05-02 18:58:48 +02:00
abcang
71a7cea73f Keep notification when muting_notifications is true ()
* Keep notification when muting_notifications is true

* Retrun mute object

* Fix test
2018-05-02 16:14:51 +02:00
Eugen Rochko
f62539ce5c
Remove most behaviour disparities between blocks and mutes ()
* Remove most behaviour disparities between blocks and mutes

The only differences between block and mute should be:

- Mutes can optionally NOT affect notifications
- Mutes should not be visible to the muted

Fix 
Fix 

* Do not allow boosting someone you blocked

Fix 

* Do not allow favouriting someone you blocked

* Fix nil error in StatusPolicy
2018-05-02 15:50:20 +02:00
Eugen Rochko
965345316f
Guard against nil URLs in Request class ()
Fix 
2018-05-02 15:44:22 +02:00
Surinna Curtis
dc786c0cf4 Support Actors/Statuses with multiple types ()
* Add equals_or_includes_any? helper in JsonLdHelper

* Support arrays in JSON-LD type fields for actors/tags/objects.

* Spec for resolving accounts with extension types

* Style tweaks for codeclimate
2018-05-02 12:40:24 +02:00
Emelia Smith
495303d9b8 Prevent suspended accounts from appearing in AccountSearchService () 2018-04-23 21:27:18 +02:00
Eugen Rochko
75c4ab9d12
Remove "nsfw" category for sensitive statuses in OStatus serializer ()
Fix 
2018-04-22 22:09:03 +02:00
Eugen Rochko
ff87d1bc3e
Rescue SSL errors when processing mentions, remove useless line () 2018-04-19 00:53:31 +02:00
Kaito Sinclaire
156b916caf Direct messages column ()
* Added a timeline for Direct statuses
* Lists all Direct statuses you've sent and received
* Displayed in Getting Started
* Streaming server support for direct TL

* Changes to match other timelines in 2.0
2018-04-18 13:09:06 +02:00
ThibG
1c379b7ef4 Remove extra spaces from search API queries and public account headers (fixes ) () 2018-04-16 17:19:04 +02:00
Eugen Rochko
78ed4ab75f
Add bio fields ()
* Add bio fields

- Fix 
- Fix 
- Fix 

* Display bio fields in web UI

* Fix output of links and missing fields

* Federate bio fields over ActivityPub as PropertyValue

* Improve how the fields are stored, add to Edit profile form

* Add rel=me to links in fields

Fix 
2018-04-14 12:41:08 +02:00
Eugen Rochko
778562c223
Ensure SynchronizeFeaturedCollectionWorker is unique and clean up ()
* Ensure SynchronizeFeaturedCollectionWorker is unique and clean up

Fix 

* Fix code style issue
2018-04-13 01:27:22 +02:00
Renato "Lond" Cerqueira
0c52654b52 When creating status, if no sensitive status is given, use default ()
Clients using the API that do not provide the sensitive flag are always
posting with false sensitive option.
2018-04-09 23:02:42 +02:00
Nolan Lawson
6ff3b3e4db Fix nil account issue in ProcessAccountService () 2018-04-03 13:08:11 +02:00
Eugen Rochko
f890d2a766
Support all ActivityPub actor types ()
Fix 
2018-04-02 02:10:53 +02:00
David Underwood
123a343d11 [WIP] Enable custom emoji on account pages and in the sidebar ()
Federate custom emojis with accounts
2018-04-01 23:55:42 +02:00
ThibG
e573bb0990 Fix compatibility with PeerTube ()
* Support fetching objects of convertible types by URL (fixes )

* Ignore invalid hashtags
2018-03-30 15:44:54 +02:00
Akihiko Odaki
40e5d2303b Validate HTTP response length while receiving ()
to_s method of HTTP::Response keeps blocking while it receives the whole
content, no matter how it is big. This means it may waste time to receive
unacceptably large files. It may also consume memory and disk in the
process. This solves the inefficency by checking response length while
receiving.
2018-03-26 14:02:10 +02:00
Akihiko Odaki
54b273bf99 Close http connection in perform method of Request class ()
HTTP connections must be explicitly closed in many cases, and letting
perform method close connections makes its callers less redundant and
prevent them from forgetting to close connections.
2018-03-24 12:49:54 +01:00
Eugen Rochko
9381a7d9d5
Use username/domain to match existing accounts in ActivityPub ()
See also: , 
2018-03-20 14:57:46 +01:00
nightpool
566ace2d64 Add entropy to download filenames ()
pretty quick fix, and with the 1 week expiration i don't think we need to be too worried about the existing files

closes 
2018-03-17 17:39:28 +01:00
Eugen Rochko
510c9049c7
For now, put a "." into no-text statuses with media for backcompat () 2018-03-08 08:20:49 +01:00
Eugen Rochko
64db9ed5f6
After blocking domain with reject_media, invalidate cache ()
Media attachments are part of the association cache of statuses,
since they are presumed to be immutable. Unless this cache is
cleared manually, the statuses will continue to look like they
have media embedded.
2018-03-08 06:59:42 +01:00
Eugen Rochko
cfa9b6e13a
Remove text requirement when media attached from statuses () 2018-03-07 08:28:52 +01:00
Eugen Rochko
9110db41c5
Federate pinned statuses over ActivityPub ()
* Federate pinned statuses over ActivityPub

* Display pinned toots in web UI

Fix 

* Fix migration

* Fix tests

* Update outbox_serializer.rb

* Update remove_serializer.rb

* Update add_serializer.rb

* Update fetch_featured_collection_service.rb
2018-03-04 09:19:11 +01:00
Aboobacker MK
49092945ab Fix 500 while searching after deleting a post ()
Fixes 
2018-03-03 19:45:06 +01:00
Eugen Rochko
41a01bec23
Federated reports ()
* Fix : Federated reports

* UI for federated reports

* Add spec for ActivityPub Flag handler

* Add spec for ReportService
2018-02-28 06:54:55 +01:00
Eugen Rochko
61ed133fea
Account archive download ()
* Fix : Account archive download

* Export actor and private key in the archive

* Optimize BackupService

- Add conversation to cached associations of status, because
  somehow it was forgotten and is source of N+1 queries
- Explicitly call GC between batches of records being fetched
  (Model class allocations are the worst offender)
- Stream media files into the tar in 1MB chunks
  (Do not allocate media file (up to 8MB) as string into memory)
- Use #bytesize instead of #size to calculate file size for JSON
  (Fix FileOverflow error)
- Segment media into subfolders by status ID because apparently
  GIF-to-MP4 media are all named "media.mp4" for some reason

* Keep uniquely generated filename in Paperclip::GifTranscoder

* Ensure dumped files do not overwrite each other by maintaing directory partitions

* Give tar archives a good name

* Add scheduler to remove week-old backups

* Fix code style issue
2018-02-21 23:21:32 +01:00
Eugen Rochko
f7765acf9d
Fix : Click card to embed external content () 2018-02-15 07:04:28 +01:00
Eugen Rochko
3ebc0ad4d3
Full-text search for authorized statuses ()
* Add full-text search for authorized statuses

- Search API will return statuses that match the query
- Only for logged in users
- Only if you are author of the status,
- Or you were mentioned in it
- Or you favourited or reblogged it
- Configuration over `ES_ENABLED`, `ES_HOST`, `ES_PORT`, `ES_PREFIX`
- Run `rails chewy:deploy` to create & populate index

Fix 
Fix 
Fix 

* Add commented out docker-compose configuration for ES container

* Optimize index import, filter search results

* Add basic normalization to the index

* Add better stemming and normalization to the index

* Skip webfinger request if search query includes both @ and a space

* Fix code style

* Visually separate search result sections

* Fix code style issues
2018-02-09 23:04:47 +01:00
abcang
7e5c433dfc Fix saving of oEmbed image () 2018-02-02 11:57:59 +01:00
Akihiko Odaki
613e7c7521 Rename ResolveRemoteAccountService to ResolveAccountService ()
The service used to be named ResolveRemoteAccountService resolves local
accounts as well.
2018-01-22 14:25:09 +01:00
Akihiko Odaki
17cecd75ca Rename FetchRemoteResourceService to ResolveURLService ()
The service used to be named FetchRemoteResourceService resolves local
URL as well.
2018-01-22 14:24:22 +01:00
Renato "Lond" Cerqueira
e56404be41 When must_be_following_dm is on, only notify if recipient dm'ed user ()
* When must_be_following_dm is on, only notify if recipient dm'ed user
Currently, when must_be_following_dm is on, if a user sends a direct
message replying to any status from the recipient, the recipient gets a
notification. This should not be the case, as if the recipient posted
something publicly this can be used to spam their notifications.

* Refactor replied_to_status_is_direct_message?
Following suggestion in PR
2018-01-18 16:12:10 +01:00
Eugen Rochko
7badad7797
Fix home regeneration ()
* Fix regeneration marker not being removed after completion

* Return HTTP 206 from /api/v1/timelines/home if regeneration in progress
Prioritize RegenerationWorker by putting it into default queue

* Display loading indicator and poll home timeline while it regenerates

* Add graphic to regeneration message

* Make "not found" indicator consistent with home regeneration
2018-01-17 23:56:03 +01:00
puckipedia
74c1c9ec01 Allow attributedTo in a status to be an embedded object () 2018-01-15 06:51:46 +01:00
Eugen Rochko
e4a241abef
Fix bad URL schemes being accepted ()
* Fix actors accepting invalid URI schemes or different host between URI and URL

* Fix statuses accepting invalid URI scheme or different host to actor

* Adjust tests to new requirements

* Improve readability of mismatching_origin?/invalid_origin? methods
2018-01-08 05:00:23 +01:00
ThibG
a594139115 When fetching an ActivityPub-enabled status, do not re-request it as text/html () 2018-01-05 22:42:50 +01:00
Eugen Rochko
02ba03d6db
Send one Delete of Actor in ActivityPub when account is suspended () 2018-01-04 14:40:49 +01:00
Eugen Rochko
7d4f4f9aab
Fix FetchAtomService not finding alternatives if there's a Link header ()
without them, such as is the case with GNU social

Fixes the ability to find GNU social accounts via URL in search and
when using remote follow function
2018-01-04 04:56:04 +01:00
Eugen Rochko
d319b3dbe4
Update moved-to property when it's removed too ()
* Fix  - Update moved-to property when it's removed too

* Remove trailing whitespace
2018-01-03 00:38:20 +01:00
ThibG
cea98e0c12 Reduce the number of synchronous resolves when posting toots () 2017-12-22 02:15:08 +01:00
Eugen Rochko
a8deb6648b
Fix redundant HTTP request in FetchLinkCardService () 2017-12-13 12:15:28 +01:00
Eugen Rochko
5706fe18c2
Fix - NameError (regression from ) ()
* Fix  - NameError (regression from )

* Fix
2017-12-13 04:12:38 +01:00
Akihiko Odaki
f9f6918148 Store preview image for embedded photo in preview cards ()
The preview image would be useful to embed in timeline.
2017-12-12 15:54:38 +01:00