Commit Graph

104 Commits

Author SHA1 Message Date
f57cda3855 Merge tag 'v3.4.0' into hometown-dev 2021-05-17 13:48:27 -07:00
d0fc69d721 Further improve the media attached status query for accounts (#16106) 2021-04-26 18:57:46 +02:00
1f47511023 Improve media attached status query (#16105) 2021-04-25 06:34:48 +02:00
4fe7cfc4be Merge tag 'v1.0.5+3.2.0' into hometown-v1.0.5+3.3.0 2021-04-22 16:37:11 -07:00
c9e8e1739c replace all instances of "ends_with?" with "end_with?" (#15745)
The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method.
Using the latter makes the code less brittle.
2021-02-19 09:56:14 +01:00
cb085b4c44 Merge tag 'v3.3.0' into instance_only_statuses 2020-12-27 11:19:14 +01:00
48bef17cc9 Fix slow distinct queries where grouped queries are faster (#15287)
About 2x speed-up on inboxes query
2020-12-07 12:08:30 +01:00
92c4d909a0 Merge tag 'v3.2.1' into instance_only_statuses 2020-11-19 22:47:16 +01:00
3134691948 Add support for reversible suspensions through ActivityPub (#14989) 2020-11-08 00:28:39 +01:00
aecdaf5a8c Do not serve account actors at all in limited federation mode (#14800)
* Do not serve account actors at all in limited federation mode

When an account is fetched without a signature from an allowed instance,
return an error.

This isn't really an improvement in security, as the only information that was
previously returned was required protocol-level info, and the only personal bit
was the existence of the account. The existence of the account can still be
checked by issuing a webfinger query, as those are accepted without signatures.

However, this change makes it so that unallowed instances won't create account
records on their end when they find a reference to an unknown account.

The previous behavior of rendering a limited list of fields, instead of not
rendering the actor at all, was in order to prevent situations in which two
instances in Authorized Fetch mode or Limited Federation mode would fail to
reach each other because resolving an account would require a signed query…
from an account which can only be fetched with a signed query itself. However,
this should now be fine as fetching accounts is done by signing on behalf of
the special instance actor, which does not require any kind of valid signature
to be fetched.

* Fix tests
2020-10-19 14:45:12 +02:00
cd4ec7cd74 Do not serve account actors at all in limited federation mode (#14800)
* Do not serve account actors at all in limited federation mode

When an account is fetched without a signature from an allowed instance,
return an error.

This isn't really an improvement in security, as the only information that was
previously returned was required protocol-level info, and the only personal bit
was the existence of the account. The existence of the account can still be
checked by issuing a webfinger query, as those are accepted without signatures.

However, this change makes it so that unallowed instances won't create account
records on their end when they find a reference to an unknown account.

The previous behavior of rendering a limited list of fields, instead of not
rendering the actor at all, was in order to prevent situations in which two
instances in Authorized Fetch mode or Limited Federation mode would fail to
reach each other because resolving an account would require a signed query…
from an account which can only be fetched with a signed query itself. However,
this should now be fine as fetching accounts is done by signing on behalf of
the special instance actor, which does not require any kind of valid signature
to be fetched.

* Fix tests
2020-09-14 13:04:29 +02:00
64ef37b89d Introduce ApplicationController#cache_collection_paginated_by_id (#14677)
* Replace incorrect use of distinct with group

Some uses of ActiveRecord::QueryMethods#distinct pass field names but they
are incorrect for the current version of Rails.

ActiveRecord::QueryMethods#group provides the expected behavior and
benefits performance. See commit 6da24aad4cafdef8d8a2c92bac2002a5fc2fe9c8.

* Introduce ApplicationController#cache_collection_paginated_by_id

ApplicationController#cache_collection_paginated_by_id fuses
ApplicationController#cache_collection and Paginable.paginate_by_id.

An advantage of this method is that it prevents from modifying scope which
Paginable.paginate_by_id may provide.
ApplicationController#cache_collection always return an array and there
is no possibility of the scope modification. It is also clear for a
programmer, considering the implication of "cache".

This method can also emit more efficient queries by using
Cacheable.cache_ids before calling Paginable.paginate_by_id.
2020-08-28 12:31:56 +02:00
52cb64a183 Merge tag 'v3.2.0' into hometown-dev 2020-08-11 13:56:04 -07:00
8126ac030e Merge tag 'v3.2.0' into instance_only_statuses 2020-07-27 22:21:35 +02:00
06b6353483 Merge tag 'v3.1.5' into instance_only_statuses 2020-07-15 20:13:00 +02:00
ac8a788370 Fix functional user requirements in whitelist mode (#14093)
Fixes #14092
2020-06-19 19:18:47 +02:00
8b6d97fb7c Add limit parameter to rss (#13743) 2020-06-09 00:18:47 +02:00
c7a78558ea Fixing merge & local pinned post leak 2020-05-16 13:01:41 -07:00
877a478466 Merge tag 'v3.1.4' into hometown-dev 2020-05-15 15:34:04 -07:00
5cff7910c2 Add more ActivityPub controller tests (#13590) 2020-05-03 22:19:24 +02:00
988b0493fe Add more tests for ActivityPub controllers (#13585) 2020-05-03 16:30:36 +02:00
3f20f4a4ba Merge tag 'v3.1.2' into hometown-dev 2020-03-02 10:01:54 -08:00
d8e9bae482 Fix account JSON/RSS not being cacheable due to wrong mime type comparison (#13116)
`request.format` is not a symbol but a `Mime::Type`, so the condition actually
never matched, and a session was created even for those requests, preventing
caching.
2020-02-19 22:31:53 +01:00
a42a98bc67 Merge tag 'v3.0.1' into instance_only_statuses 2019-10-21 09:14:53 +02:00
699f53c464 Fix RSS caching (but disable localization) (#12054) 2019-10-02 18:30:33 +02:00
fa7dd5c2cd Fix featured hashtag URL being interpreted as media or with_replies (#12048)
Fix #12034
2019-10-02 04:53:17 +02:00
de5305a3a5 Fix redirecting non-functional accounts on public pages (#11978)
Fix #11969
2019-09-28 01:33:27 +02:00
9e1d28f48e Add an RSS feed tagged to a public profile page (#10502)
* Add featured tag support to rss feed on public account page

* fix codeing style
2019-08-18 20:54:36 +02:00
b348c9b0db Add explanation to featured hashtags page and profile (#11586) 2019-08-17 18:07:52 +02:00
646f96d448 Fix ActivityPub and REST API queries setting cookies and preventing caching (#11539)
Regression from #8657
2019-08-11 22:59:40 +02:00
c669bb42ba Add (back) rails-level JSON caching (#11333) 2019-07-21 22:32:16 +02:00
5bf67ca913 Add ActivityPub secure mode (#11269)
* Add HTTP signature requirement for served ActivityPub resources

* Change `SECURE_MODE` to `AUTHORIZED_FETCH`

* Add 'Signature' to 'Vary' header and improve code style

* Improve code style by adding `public_fetch_mode?` method
2019-07-11 20:11:09 +02:00
63c7fe8e48 Refactor controllers for statuses, accounts, and more (#11249) 2019-07-08 12:03:45 +02:00
b851456139 Remove Atom feeds and old URLs in the form of GET /:username/updates/:id (#11247) 2019-07-07 16:16:51 +02:00
f0a512c7ca Merge tag 'v2.9.2' into instance_only_statuses 2019-06-25 19:44:59 +02:00
cac9110533 Cleanup various controllers (#10972)
* Remove skip_session! as it is not supported in Rails 5

* Minor cleanup in StreamEntriesController

* Remove redundant mark_cacheable! calls
2019-06-05 14:02:59 +02:00
546581d2ba Merge tag 'v2.8.0' into instance_only_statuses 2019-04-13 23:55:06 +02:00
c3d1594576 Reduce server load caused by anonymous viewing. (#9059)
Do not start a session if the current user is not logged in for public-facing pages.

Mark pages that don't care about sessions as publicly cacheable.

Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow.

Fixes #9035.
2019-03-17 15:39:25 +01:00
51e154f5e8 Admission-based registrations mode (#10250)
Fix #6856
Fix #6951
2019-03-14 05:28:30 +01:00
06663fcf87 Fix tagged param not being normalized before querying tags (#10249) 2019-03-13 13:02:13 +01:00
5bffb53a76 Fix it as tagged_request of accounts_controller is not addressable_uri (#9976) 2019-02-05 15:11:11 +01:00
2557cb2f95 Fix pinned statuses being shown in a featured hashtag (#9971) 2019-02-05 00:27:18 +01:00
364f2ff9aa Add featured hashtags to profiles (#9755)
* Add hashtag filter to profiles

GET /@:username/tagged/:hashtag
GET /api/v1/accounts/:id/statuses?tagged=:hashtag

* Display featured hashtags on public profile

* Use separate model for featured tags

* Update featured hashtag counters on-write

* Limit featured tags to 10
2019-02-04 04:25:59 +01:00
469294d293 Hide local statuses from user atom and from unlogged users 2018-09-04 21:52:16 +02:00
ffaa814bbe Use backend from glitch-soc for instance-only toots 2018-09-03 21:22:29 +02:00
9e75aa30cd Unuse ActiveRecord::Base#cache_key (#8185)
* Unuse ActiveRecord::Base#cache_key

* Enable cache_versioning

* Call cache_collection
2018-08-19 15:52:38 +02:00
f2404de871 Public profile endorsements (accounts picked by profile owner) (#8146) 2018-08-09 09:56:53 +02:00
4da03a298a Do not show pinned toots when min_id is set (#8111) 2018-08-01 17:57:02 +02:00
60df87f6f0 Compensate for scrollbar disappearing when media modal visible (#8100)
* Compensate for scrollbar disappearing when media modal visible

Make auth pages backgrounds lighter

* Fix typo
2018-07-31 01:14:33 +02:00
9d4710ed00 Add RSS feeds for end-users (#7259)
* Add RSS feed for accounts

* Add RSS feeds for hashtags

* Fix code style issues

* Fix code style issues
2018-04-25 02:10:02 +02:00