Commit graph

1068 commits

Author SHA1 Message Date
Eugen Rochko
7d8fd050eb Add option to opt out of search engines on public profile/status pages (#4199) 2017-07-14 16:41:02 +02:00
Sorin Davidoi
ecab38fd66 Web Push Notifications (#3243)
* feat: Register push subscription

* feat: Notify when mentioned

* feat: Boost, favourite, reply, follow, follow request

* feat: Notification interaction

* feat: Handle change of public key

* feat: Unsubscribe if things go wrong

* feat: Do not send normal notifications if push is enabled

* feat: Focus client if open

* refactor: Move push logic to WebPushSubscription

* feat: Better title and body

* feat: Localize messages

* chore: Fix lint errors

* feat: Settings

* refactor: Lazy load

* fix: Check if push settings exist

* feat: Device-based preferences

* refactor: Simplify logic

* refactor: Pull request feedback

* refactor: Pull request feedback

* refactor: Create /api/web/push_subscriptions endpoint

* feat: Spec PushSubscriptionController

* refactor: WebPushSubscription => Web::PushSubscription

* feat: Spec Web::PushSubscription

* feat: Display first media attachment

* feat: Support direction

* fix: Stuff broken while rebasing

* refactor: Integration with session activations

* refactor: Cleanup

* refactor: Simplify implementation

* feat: Set VAPID keys via environment

* chore: Comments

* fix: Crash when no alerts

* fix: Set VAPID keys in testing environment

* fix: Follow link

* feat: Notification actions

* fix: Delete previous subscription

* chore: Temporary logs

* refactor: Move migration to a later date

* fix: Fetch the correct session activation and misc bugs

* refactor: Move migration to a later date

* fix: Remove follow request (no notifications)

* feat: Send administrator contact to push service

* feat: Set time-to-live

* fix: Do not show sensitive images

* fix: Reducer crash in error handling

* feat: Add badge

* chore: Fix lint error

* fix: Checkbox label overlap

* fix: Check for payload support

* fix: Rename action "type" (crash in latest Chrome)

* feat: Action to expand notification

* fix: Lint errors

* fix: Unescape notification body

* fix: Do not allow boosting if the status is hidden

* feat: Add VAPID keys to the production sample environment

* fix: Strip HTML tags from status

* refactor: Better error messages

* refactor: Handle browser not implementing the VAPID protocol (Samsung Internet)

* fix: Error when target_status is nil

* fix: Handle lack of image

* fix: Delete reference to invalid subscriptions

* feat: Better error handling

* fix: Unescape HTML characters after tags are striped

* refactor: Simpify code

* fix: Modify to work with #4091

* Sort strings alphabetically

* i18n: Updated Polish translation

it annoys me that it's not fully localized :P

* refactor: Use current_session in PushSubscriptionController

* fix: Rebase mistake

* fix: Set cacheName to mastodon

* refactor: Pull request feedback

* refactor: Remove logging statements

* chore(yarn): Fix conflicts with master

* chore(yarn): Copy latest from master

* chore(yarn): Readd offline-plugin

* refactor: Use save! and update!

* refactor: Send notifications async

* fix: Allow retry when push fails

* fix: Save track for failed pushes

* fix: Minify sw.js

* fix: Remove account_id from fabricator
2017-07-13 22:15:32 +02:00
Eugen Rochko
8abeec1f4f Improve UI of admin site settings (#4163) 2017-07-12 03:24:04 +02:00
Eugen Rochko
903b34fa94 Fix #2848 - Rake task to redownload avatars/headers (#4156)
Can be filtered by a specific domain
Resolves #2292
2017-07-11 17:25:49 +02:00
Eugen Rochko
9fff81f676 Fix #3462 - Require authentication for search API (#4155)
This makes it consistent with /api/v1/accounts/search and
previous behaviour has been an oversight.
2017-07-11 17:08:26 +02:00
Eugen Rochko
49026e27e8 Redesign the landing page, mount public timeline on it (#4122)
* Redesign the landing page, mount public timeline on it

* Adjust the standalone mounted component to the lacking of router

* Adjust auth layout pages to new design

* Fix tests

* Standalone public timeline polling every 5 seconds

* Remove now obsolete translations

* Add responsive design for new landing page

* Address reviews

* Add floating clouds behind frontpage form

* Use access token from public page when available

* Fix mentions and hashtags links, cursor on status content in standalone mode

* Add footer link to source code

* Fix errors on pages that don't embed the component, use classnames

* Fix tests

* Change anonymous autoPlayGif default to false

* When gif autoplay is disabled, hover to play

* Add option to hide the timeline preview

* Slightly improve alt layout

* Add elephant friend to new frontpage

* Display "back to mastodon" in place of "login" when logged in on frontpage

* Change polling time to 3s
2017-07-11 15:27:59 +02:00
STJrInuyasha
098eef3211 Remote following success page (#4129)
* Added a success page to remote following
Includes follow-through links to web (the old redirect target) and back to the remote user's profile

* Use Account.new in spec instead of a fake with only id
(fixes spec)

* Fabricate(:account) over Account.new

* Remove self from the success text
(and all HTML with it)
2017-07-10 18:05:06 +02:00
のら
682d93a869 Add Japanese translation of terms and flash (#4137) 2017-07-10 14:04:05 +02:00
Yamagishi Kazutoshi
865f5170a8 Add setting a always mark media as sensitive (#4136) 2017-07-10 14:00:32 +02:00
Yamagishi Kazutoshi
2ffd2303ee Add attribute for default privacy to verify credentials (#4075)
* Add attribute for default privacy to verify credentials

* add raw_note

* source
2017-07-10 03:29:34 +02:00
Eugen Rochko
0d54e620d9 Replace OEmbed and initial state Rabl templates with serializers (#4110)
* Replace OEmbed Rabl template with serializer

* Replace initial state rabl with serializer
2017-07-08 14:51:05 +02:00
Eugen Rochko
0217e15dd3 Fix #4058 - Use a long-lived cookie to keep track of user-level sessions (#4091)
* Fix #4058 - Use a long-lived cookie to keep track of user-level sessions

* Fix tests, smooth migrate from previous session-based identifier
2017-07-07 23:25:15 +02:00
Eugen Rochko
20e15ecfb3 Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090) 2017-07-07 04:02:06 +02:00
Damien Erambert
387de88e2f Add a setting allowing the use of system's default font in Web UI (#4033)
* add a system_font_ui setting on the server

* Plug the system_font_ui on the front-end

* add EN/FR locales for the new setting

* put Roboto after all other fonts

* remove trailing whitespace so CodeClimate is happy

* fix user_spec.rb

* correctly write user_spect this time

* slightly better way of adding the classes

* add comments to the system-font stack for clarification

* use .system-font for the class instead

* don't use multiple lines for comments

* remove trailing whitespace

* use the classnames module for consistency

* use `mastodon-font-sans-serif` instead of Roboto directly
2017-07-06 22:39:56 +02:00
Yamagishi Kazutoshi
68abc90aec Customizable privacy policy from admin interface (#4062) 2017-07-04 15:19:24 +02:00
Eugen Rochko
d0221b05bc Fix #1624 - Send e-mail notifications to admins about new reports (#3949) 2017-06-27 00:04:00 +02:00
Eugen Rochko
b90a44b6d0 Fix #3910 - Require OTP authentication to disable 2FA (#3935)
* Fix #3910 - Require OTP authentication to disable 2FA. Also, remove ability
to generate new OTP backup codes *after* initial backup codes were handed
out during activation

* Restore recovery code re-generation

* Improve display of some 2FA elements
2017-06-25 23:51:46 +02:00
Eugen Rochko
ad531f90b1 Bind web UI access tokens to sessions (#3940)
* Add overview of active sessions

* Better display of browser/platform name

* Improve how browser information is stored and displayed for sessions overview

* Fix test

* Fix #2347 - Bind web UI access token to session

When you logout, session also destroys the access token, so it's no longer
valid. If access token is destroyed some other way, the session is also
destroyed, requiring a re-login.

Fix #1681 - Add scheduler to remove revoked access tokens and grants

* Fix test
2017-06-25 23:51:32 +02:00
Eugen Rochko
c465c5b3a8 Add overview of active sessions (#3929)
* Add overview of active sessions

* Better display of browser/platform name

* Improve how browser information is stored and displayed for sessions overview

* Fix test
2017-06-25 16:54:30 +02:00
masarakki
d947978192 setting-for-account-deletable (#3852) 2017-06-19 15:12:31 +02:00
Eugen Rochko
8bed91d94c Rename FollowRemoteAccountService to ResolveRemoteAccountService (#3847)
Rename Activitypub to ActivityPub
2017-06-19 01:51:04 +02:00
Eugen Rochko
c883e96d95 Fix account delete form not accepting password, update suspended (#3745)
account before removing content for quicker feedback to end-users
2017-06-14 20:30:12 +02:00
Eugen Rochko
1c7e2ddd65 Account deletion (#3728)
* Add form for account deletion

* If avatar or header are gone from source, remove them

* Add option to have SuspendAccountService remove user record, add tests

* Exclude suspended accounts from search
2017-06-14 18:01:27 +02:00
Eugen Rochko
973d6ef93a Fix #2619 - When redis feed is empty, fall back to database (#3721)
* Fix #2619 - When redis feed is empty, fall back to database

* Use redis value to return feed from database only while RegenerationWorker
hasn't finished running

* Fix specs

* Replace usage of reject!
2017-06-14 13:37:03 +02:00
René Klačan
ecdf17a2d7 Make sure email is case insensitive on all places (#3688)
When case insensitivity is enabled via devise's `config.case_insensitive_keys` then `.find_for_authentication` method needs to be used instead of `.find_by` because second mentioned returns `nil` when valid email with different cases is passed.

More info https://github.com/plataformatec/devise/wiki/How-To:-Use-case-insensitive-emails
2017-06-11 02:29:08 +02:00
Akihiko Odaki (@fn_aki@pawoo.net)
a5729feb11 Improve default language decision and spec (#3351)
* Improve default language decision

This change allows to takes account of accepted language determined by
the user agent even if the custom default locale of the instance is
configured.

* Cover Localized more

* Fix code style
2017-06-10 09:44:02 +02:00
Matt Jankowski
e31cd944c2 Move create/destroy actions for api/v1/statuses to namespace (#3678)
Each of mute, favourite, reblog has been updated to:

- Have a separate controller with just a create and destroy action
- Preserve historical route names to not break the API
- Mild refactoring to break up long methods
2017-06-10 09:39:26 +02:00
Matt Jankowski
dc717cf425 Move reblogged_by and favourited_by actions out of api/v1/statuses and into unique controllers (#3646)
* Add specs for api statuses routes

* Update favourited_by and reblogged_by api routes

* Move methods into new controllers

* Use load_accounts methods to simplify index actions

* Clean up load_accounts methods

* Clean up link header generation

* Check for link headers in specs

* Remove unused actions from api/v1/statuses controller

* Remove specs for moved actions
2017-06-09 14:12:40 -04:00
Eugen Rochko
9eefd60136 Add explit admin actions to (re)subscribe/unsubscribe remote accounts (#3640)
* Add explit admin actions to (re)subscribe/unsubscribe remote accounts
and re-download avatar/header

* Improve how admin NSFW toggle looks
2017-06-08 14:58:22 +02:00
Yamagishi Kazutoshi
5da41e0cae Improve RuboCop rules (compatibility to Code Climate) (#3636)
08f8de84eb/Gemfile.lock (L38)
Code Climate is using RuboCop v0.46.0.

Change several rules to maintain compatibility.
2017-06-08 13:24:28 +02:00
Matt Jankowski
76f986d07b Clean up for api/base controller (#3629)
* Move ApiController to Api/BaseController

* API controllers inherit from Api::BaseController

* Add coverage for various error cases in api/base controller
2017-06-07 20:09:25 +02:00
Matt Jankowski
9a43a1051a Coverage improvement and concern extraction for rate limit headers in API controller (#3625)
* Coverage for rate limit headers

* Move rate limit headers methods to concern

* Move throttle check to condition on before_action

* Move match_data variable into method

* Move utc timestamp to separate method

* Move header setting into smaller methods

* specs cleanup
2017-06-07 17:23:26 +02:00
Eugen Rochko
143ab47410 Fix #3063 - Add dynamic app manifest (#3563)
* Fix #3063 - Add dynamic app manifest

* Added short_name

* Add background_color
2017-06-06 19:29:42 +02:00
Daigo 3 Dango
e1142e190b Redirect to streaming_api_base_url (#3579)
* Redirect to streaming_api_base_url

When Rails receives a request to streaming API, it most likely
means that there is another host which is configured to respond
to it. This is to redirect clients to that host if
`STREAMING_API_BASE_URL` is set as another host.

* Use the new Ruby 1.9 hash syntax
2017-06-05 12:09:29 +02:00
Naoki Kosaka
13aa805de8 Fix limit_param in favourites_controller.rb (#3553) 2017-06-04 14:52:26 +02:00
takayamaki
aa6740c21b change sidekiq queueing to bulk push (#3536) 2017-06-04 00:11:15 +02:00
ThibG
810dd86991 Ensure well_known controllers use WEB_DOMAIN by including RoutingHelper (#2388)
This fixes #2375.
2017-06-02 22:21:36 +02:00
Akihiko Odaki (@fn_aki@pawoo.net)
2c511bbad4 Spec response for forgery (#3248)
Remove protect_from_forgery in ApiController, which is disabled by the
following skip_before_action, as well.
2017-06-01 20:56:55 +02:00
Matt Jankowski
1066fd1ab5 Spec coverage and refactor for the api/v1/accounts controllers (#3451) 2017-05-31 21:36:24 +02:00
Matt Jankowski
81ce4e4318 Move admin/pubsubhubbub controller to admin/subscriptions (#3442) 2017-05-31 20:39:35 +02:00
Matt Jankowski
deb4ae7392 Add Instance class to list admin records (#3443) 2017-05-31 20:38:44 +02:00
Matt Jankowski
0985a9ff7d Improve spec coverage and clean up api/v1/blocks controller (#3464) 2017-05-31 20:34:51 +02:00
Matt Jankowski
ae721f376a Improve spec coverage and clean up api/v1/follow_requests controller (#3465) 2017-05-31 20:32:11 +02:00
Matt Jankowski
e32b9ecbf6 Improve spec coverage and clean up api/v1/domain_blocks controller (#3466) 2017-05-31 20:31:14 +02:00
Matt Jankowski
7b8b5b9f1e Refactor api/v1/notifications controller (#3470) 2017-05-31 20:30:55 +02:00
Matt Jankowski
6237abaaa3 Improve spec coverage and clean up api/v1/favourites controller (#3472) 2017-05-31 20:30:39 +02:00
Matt Jankowski
3e95a6c9b7 Improve spec coverage and clean up api/v1/mutes controller (#3481) 2017-05-31 20:27:34 +02:00
Matt Jankowski
b89dbac199 Refactor and spec coverage for api/v1/timelines actions (#3482) 2017-05-31 20:27:17 +02:00
Matt Jankowski
12e795d0a7 Refactor api/v1/apps controller (#3471) 2017-05-30 21:16:28 -04:00
Matt Jankowski
cc92e6be3e Refactor api/v1/reports controller (#3469) 2017-05-30 21:13:31 -04:00
Matt Jankowski
3d2927caa2 Refactor api/v1/search controller (#3468) 2017-05-30 21:11:54 -04:00
Matt Jankowski
8b69d8d46d Improve spec coverage and clean up api/v1/media controller (#3467) 2017-05-30 21:11:29 -04:00
Matt Jankowski
5a54a5ba69 Clean up api/subscriptions controller (#3448) 2017-05-31 02:15:09 +02:00
Jack Jennings
4e75c71b3e Add status destroy authorization to policy (#3453)
* Add status destroy authorization to policy

* Create explicit unreblog status authorization
2017-05-30 22:56:31 +02:00
Matt Jankowski
4e89226243 Improve api oembed controller (#3450)
* Add StreamEntryFinder class to parse URLs

* Use StreamEntryFinder and clean up api/oembed controller
2017-05-30 16:30:06 -04:00
Matt Jankowski
0ee8f559ec Clean up api/salmon controller (#3449) 2017-05-30 16:28:58 -04:00
Matt Jankowski
18c81c74e5 Remove exports/base controller in favor of shared concern (#3444) 2017-05-30 19:06:01 +02:00
Jack Jennings
faf53a5a3e Extract authorization policy for viewing statuses (#3150) 2017-05-29 18:22:22 +02:00
Akihiko Odaki
ff2bfea0b3 Remove methods from ObfuscateFilename and spec (#3347)
* Remove methods from ObfuscateFilename

* Spec ObfuscateFilename
2017-05-29 18:14:16 +02:00
Atsushi Yamamoto
4547e3585a Add preference setting for delete toot modal (#3368)
* Set delete_modal preference to true by default
* Does not show confirmation modal if delete_modal is false
* Add ja translation for preference setting page
2017-05-29 17:56:13 +02:00
unarist
f7283b1f0f Fix empty flash message on the settings page (#3345) 2017-05-27 13:04:28 +02:00
Akihiko Odaki
4c8708522a Remove redundant call of recent scope in AccountsController (#3330)
recent is included in paginate_by_max_id.
2017-05-26 16:35:25 +02:00
Akinori MUSHA
8a5d3b2e5d Go to root after login in single user mode (#3289)
In single user mode, visitors are redirected to the single user's
profile page.  So, if you are the owner without a session, you start
from that page, click the login button and authenticate yourself
expecting you'll soon get started with the home page, but in reality
you'll get redirected back to where you started from -- your own
profile page.

This fixes the behavior by redirecting you home after login if you
have started from your own profile page.
2017-05-26 14:14:03 +02:00
unarist
af368a2d12 More use of next link header on account (media) timelines (#3311)
This will reduce requests on who have only few statuses.

- Use next link header to detect more items from first request
- Omit next link header if result items are fewer than requested count
(It had omit it only if result was empty before)
2017-05-25 17:09:13 +02:00
Yamagishi Kazutoshi
09f5091102 Show error message to suspended user (#3281) 2017-05-24 16:39:09 +02:00
unarist
9642bdbe0a Fix following/followers API to return correct link headers (#3268)
Link headers in following/followers API should include follow_id as max_id/since_id.

However, these API use current_user's account_id instead of follow_id from #3167.
This causes irrelevant result on loading more users.
2017-05-23 23:26:23 +02:00
Eugen Rochko
b886ecea5c Fix Devise destroy method being available to delete user record (#3266)
(You may think that we need account deletions, but this way would've just orphaned the db records)
2017-05-23 21:32:42 +02:00
alpaca-tc
46ca699d72 Toggle sensitive from admin page (#3261) 2017-05-23 19:45:43 +02:00
Matt Jankowski
fecc2c2f47 Refactor of API timeline actions (#3263)
- Increase coverage to exercise all parts of each action
- Move into namespace to share common code
- Misc refactor of each action for smaller methods, simpler code
2017-05-23 18:11:39 +02:00
Akihiko Odaki
d670290506 Cover StreamEntriesController more and remove redundant instructions (#3257)
* Cover StreamEntriesController more

* Remove redundant instructions in StreamEntriesController
2017-05-23 15:04:23 +02:00
Akihiko Odaki
4f023cb001 Introduce recent to Follow (#3247)
Introduce recent to Follow, as Account and other models have.
This change also adds specs for the scope and the dependents.
2017-05-23 13:12:19 +02:00
Akihiko Odaki
9cc7a3c209 Cover AccountsController more in spec (#3229)
* Introduce recent scope to Status and StreamEntry

Introduce recent scope to Status and StreamEntry as Account has.

* Cover AccountsController more in AccountsController
2017-05-23 02:53:01 +02:00
Matt Jankowski
4f2a0f546d Coverage for api/web/settings controller (#3238) 2017-05-22 23:12:28 +02:00
Tomonori Murakami
323eeb096c Fix locale bug when change it on preferences (#3223) (#3232) 2017-05-22 17:58:41 +02:00
Immae
ae917bfb23 Allow alternate domains for mastodon handlers (#3187) 2017-05-22 15:40:04 +02:00
Yamagishi Kazutoshi
410a684c3b Change "Account.any?" to "Account.exists?" (#3217) 2017-05-22 15:02:30 +02:00
Akihiko Odaki
cbd9804857 single_user_mode? always returns boolean (#3215)
This change also adds a specification for the method.
2017-05-22 06:00:06 +02:00
Akihiko Odaki
90c8175cb0 Fix mutes_controller error and incorrect statuses_controller report (#3202)
This commit fixes a regression in commit
9d32e7f6d5.
2017-05-21 13:32:13 +02:00
Akihiko Odaki
f23a0655fe Fix regressions in api/v1 (#3178)
The regressions are introduced at commit
9d32e7f6d5 by me (Akihiko Odaki)
2017-05-20 17:48:34 +02:00
Matt Jankowski
1122249e51 Filter languages with opt out (#3175)
* Remove allowed_languages and add filtered_languages

* Use filtered_languages instead of allowed_languages
2017-05-20 17:32:44 +02:00
Yamagishi Kazutoshi
ee5e342a42 Fix block list 500 (#3174) 2017-05-20 17:01:14 +02:00
Akihiko Odaki
9d32e7f6d5 Use joins for account properties (#3167) 2017-05-20 15:13:51 +02:00
Eugen Rochko
5695449335 Add buttons to block and unblock domain (#3127)
* Add buttons to block and unblock domain

* Relationship API now returns "domain_blocking" status for accounts,
rename "block entire domain" to "hide entire domain", fix unblocking domain,
do not block notifications from domain-blocked-but-followed people, do
not send Salmons to domain blocked users

* Add test

* Personal domain blocks shouldn't affect Salmon after all, since in this
direction of communication the control is very thin when it comes to
public stuff. Best stay consistent and not affect federation in this way

* Ignore followers and follow request from domain blocked folks,
ensure account domain blocks are not created for empty domain,
and avoid duplicates in validation

* Purge followers when blocking domain (without soft-blocks, since they
are useless here)

* Add tests, fix local timeline being empty when having any domain blocks
2017-05-19 21:05:32 +02:00
Matt Jankowski
6619cfe934 Conditional validations no longer accept strings for if/unless (#3124) 2017-05-19 03:11:23 +02:00
Eugen Rochko
0cafe62561 Account domain blocks (#2381)
* Add <ostatus:conversation /> tag to Atom input/output

Only uses ref attribute (not href) because href would be
the alternate link that's always included also.

Creates new conversation for every non-reply status. Carries
over conversation for every reply. Keeps remote URIs verbatim,
generates local URIs on the fly like the rest of them.

* Conversation muting - prevents notifications that reference a conversation
(including replies, favourites, reblogs) from being created. API endpoints
/api/v1/statuses/:id/mute and /api/v1/statuses/:id/unmute

Currently no way to tell when a status/conversation is muted, so the web UI
only has a "disable notifications" button, doesn't work as a toggle

* Display "Dismiss notifications" on all statuses in notifications column, not just own

* Add "muted" as a boolean attribute on statuses JSON

For now always false on contained reblogs, since it's only relevant for
statuses returned from the notifications endpoint, which are not nested

Remove "Disable notifications" from detailed status view, since it's
only relevant in the notifications column

* Up max class length

* Remove pending test for conversation mute

* Add tests, clean up

* Rename to "mute conversation" and "unmute conversation"

* Raise validation error when trying to mute/unmute status without conversation

* Adding account domain blocks that filter notifications and public timelines

* Add tests for domain blocks in notifications, public timelines
Filter reblogs of blocked domains from home

* Add API for listing and creating account domain blocks

* API for creating/deleting domain blocks, tests for Status#ancestors
and Status#descendants, filter domain blocks from them

* Filter domains in streaming API

* Update account_domain_block_spec.rb
2017-05-19 01:14:30 +02:00
alpaca-tc
c0791aa647 Add filter to AccountFilter (#2968) 2017-05-17 03:00:34 +02:00
masarakki
523f82db5e use-symbol-in-order (#3081) 2017-05-16 12:10:09 +02:00
Eugen Rochko
5039bc93d5 Feature conversations muting (#3017)
* Add <ostatus:conversation /> tag to Atom input/output

Only uses ref attribute (not href) because href would be
the alternate link that's always included also.

Creates new conversation for every non-reply status. Carries
over conversation for every reply. Keeps remote URIs verbatim,
generates local URIs on the fly like the rest of them.

* Conversation muting - prevents notifications that reference a conversation
(including replies, favourites, reblogs) from being created. API endpoints
/api/v1/statuses/:id/mute and /api/v1/statuses/:id/unmute

Currently no way to tell when a status/conversation is muted, so the web UI
only has a "disable notifications" button, doesn't work as a toggle

* Display "Dismiss notifications" on all statuses in notifications column, not just own

* Add "muted" as a boolean attribute on statuses JSON

For now always false on contained reblogs, since it's only relevant for
statuses returned from the notifications endpoint, which are not nested

Remove "Disable notifications" from detailed status view, since it's
only relevant in the notifications column

* Up max class length

* Remove pending test for conversation mute

* Add tests, clean up

* Rename to "mute conversation" and "unmute conversation"

* Raise validation error when trying to mute/unmute status without conversation
2017-05-15 03:04:13 +02:00
Matt Jankowski
735c5098c5 Specs for API push controller, with refactor (#2926)
* Coverage for api push controller

* Refactor the api/push controller
2017-05-09 00:44:30 +02:00
HANATANI Takuma
d19f86f596 Remove unnecessary keep file. (#2902) 2017-05-08 15:01:19 +02:00
alpaca-tc
1f1ce0291f Refactor domain_blocks_controller (#2843)
* Set domain_block by before_action

* Cast value with ActiveRecord::Type

* Batch update
2017-05-06 17:03:34 +02:00
rch850
4a930bd556 Use null as default oEmbed height (#2842)
Height 640 is too big for most toots.
Twitter use null value to support flexible height.
2017-05-06 16:31:43 +02:00
alpaca-tc
102c829f16 Optimize follower_accounts and following_accounts (#2820) 2017-05-06 04:03:07 +02:00
Matt Jankowski
232b822d86 Replace best_in_place editor on admin settings page (#2789)
* Remove best_in_place

* Replace best_in_place usage with rails helpers

* Move admin/settings#index to #edit action

* Remove click_to__edit from i18n
2017-05-04 18:12:44 +02:00
Eugen Rochko
91a8a5eab8 Fix #2706 - Always respond with 200 to PuSH payloads (#2733)
Fix #2196 - Respond with 201 when Salmon accepted, 400 when unverified
Fix #2629 - Correctly handle confirm_domain? for local accounts
Unify rules for extracting author acct from XML, prefer <email>, fall back
to <name> + <uri> (see also #2017, #2172)
2017-05-03 17:02:18 +02:00
Matt Jankowski
129e06f0b3 Auth sign out (#2511)
* Add a spec for signing out

* Add spec showing that suspended user gets a 403 forbidden on sign out

* Allow suspended account users to sign out
2017-05-02 23:37:58 +02:00
Kaylee
fae1ed48e3 Add option to disable two factor auth in admin accounts panel. (#2584)
* Add option to disable two factor auth in admin accounts panel.
Closes #2578

* Add @mjankowski's suggestions.
* Moves destroy actions behind User#disable_two_factor!
* Adds spec coverage for Admin:TwoFactorAuthenticationsController and User#disable_two_factor!
2017-05-02 21:07:12 +02:00
Matt Jankowski
4645d95ffc Add admin area view partials for each record type (#2700) 2017-05-02 20:56:28 +02:00
Matt Jankowski
fdd7ee1cc7 Coverage for remote follows (#2694)
* Add coverage for create with empty acct value

* Add coverage for create with webfinger failure

* Add coverage for create with webfinger providing bad values

* Add coverage for create when webfinger is good

* Add coverage for session[:remote_follow] having data

* Simplify how remote follow pulls acct from session

* Remote follow behaves more like model

* Move the discovery portions of remote follow out of controller

* Check for suspended accounts
2017-05-02 00:44:23 +02:00
Matt Jankowski
52b2a25ace Error responses cleanup (#2692)
* Use respond_with_error for forbidden errors

* Wrap up common error code into single method
2017-05-01 22:24:36 +02:00
Matt Jankowski
c44ef23e50 Filter on allowed user language preferences (#2361)
* Naive approached to timeline filtering

* Convert allowed_languages into a db column

* Allow users to choose languages to see statuses in

* Style list items as two columns

* Add a hint to explain language filtering preference
2017-05-01 17:42:13 +02:00
yhirano
18e4933432 Fix Rubocop offences (#2630)
* disable Bundler/OrderedGems

* fix rubocop Lint/UselessAssignment

* fix rubocop Style/BlockDelimiters

* fix rubocop Style/AlignHash

* fix rubocop Style/AlignParameters, Style/EachWithObject

* fix rubocop Style/SpaceInLambdaLiteral
2017-05-01 16:31:02 +02:00
Matt Jankowski
a5c8ffcaf9 Extract user tracking into concern (#2600) 2017-04-30 00:28:16 +02:00
Matt Jankowski
54450f75d3 More coverage yes more even more (#2627)
* Add coverage for admin/confirmations controller

* Coverage for statuses controller show action

* Add coverage for admin/domain_blocks controller

* Add coverage for settings/profiles#update
2017-04-30 00:25:38 +02:00
yhirano
7c65bcbdb7 Downgrade rubocop 0.48.1 => 0.46.0 (#2628)
* downgrade rubocop 0.48.1 => 0.46.0

* exclude vendor/**/* from rubocop target files

* add frozen_string_literal comment line

* fix percent literal delimited by ( and )

* fix alignment

* remove comment disabling unknown cop
2017-04-30 00:23:45 +02:00
alpaca-tc
a846db0ed3 Remove uneeded ORDER BY query (#2615) 2017-04-29 10:50:10 +02:00
Matt Jankowski
7662a68de1 Return missing page when tag does not exist (#2563) 2017-04-28 15:11:21 +02:00
Yamagishi Kazutoshi
c69e74d9ba Fix Doorkeeper error (#2534)
* Fix Doorkeeper error

* use Doorkeeper::OAuth::Scopes.from_string
2017-04-27 18:04:28 +02:00
Matt Jankowski
b17d7a1f85 Catch error when server decryption fails on 2FA (#2512) 2017-04-27 15:18:21 +02:00
Eugen Rochko
4a7dc4fadc OEmbed support for PreviewCard (#2337)
* OEmbed support for PreviewCard

* Improve ProviderDiscovery code failure treatment

* Do not crawl links if there is a content warning, since those
don't display a link card anyway

* Reset db schema

* Fresh migrate

* Fix rubocop style issues
Fix #1681 - return existing access token when applicable instead of creating new

* Fix test

* Extract http client to helper

* Improve oembed controller
2017-04-27 14:42:22 +02:00
Matt Jankowski
6712d98c58 Add spec coverage and refactor authorize_follows controller (#2505) 2017-04-27 00:19:53 +02:00
alpaca-tc
31d49716c6 Localize with i18n for Devise::FailureApp (#2309)
This PR fixes I18n.locale for rake middlewares. Mastodon uses Devise that depends on Warden.
Warden::Manager can be found in rake middleware. It is outside of the controller.

In the case of authentication failed, warden calls throw(:warden). At the time Warden::Manager
delegates request to failure_app to generate response and flash[:alert] after catching it.
Unfortunately, I18n.locale is already reset then because I18n.with_locale is enabled only
inside the controller. If we used I18n.locale=, Devise::FailureApp could get the current locale.
2017-04-25 15:06:41 +02:00
Evan Minto
1b5966ad07 Change ActivityPub paging to match spec. Clean up ActivityPub outbox changes. (#2410)
* Change ActivityPub paging to match spec. Clean up ActivityPub outbox changes.

* Fix code style and test failures for OutboxController.

* Attempt to fix CI errors.
2017-04-25 15:06:06 +02:00
Eugen Rochko
553d6a1ea6 Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents (#2419)
duplicates. Web UI regenerates UUID for that header every time the compose
form is changed or successfully submitted

Also, fix Farsi i18n overwriting the English one
2017-04-25 15:04:49 +02:00
Eugen
87f7a3922c Punycode URI normalization (#2370)
* Fix #2119 - Whenever about to send a HTTP request, normalize the URI

* Add test for IDN request in FetchLinkCardService

* Perform IDN normalization on domains before they are stored in the DB
2017-04-25 02:47:31 +02:00
Matt Jankowski
f93d4d340d Return force_ssl to the controller (#2380) 2017-04-24 02:44:05 +02:00
Eugen
f89e26bdd5 Followers-only post federation (#2111)
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers

* Authorized followers controller, stub for bulk action

* Soft block in the background

* Add simple test for new controller

* Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results,
rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style

* Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account
2017-04-24 00:38:37 +02:00
Evan Minto
227f45402d ActivityPub: Add basic, read-only support for Outboxes, Notes, and Create/Announce Activities (#2197)
* Clean up collapsible components

* Expose user Outboxes and AS2 representations of statuses

* Save work thus far.

* Fix bad merge.

* Save my work

* Clean up pagination.

* First test working.

* Add tests.

* Add Forbidden error template.

* Revert yarn.lock changes.

* Fix code style deviations and use localized instead of hardcoded English text.
2017-04-23 05:21:10 +02:00
Ash Furrow
eb7db6f8da Admin UI for confirming users (#2245)
* Shows confirmed status in list.

* Adds ability to confirm users in admin UI.

* Added new english translations.

* Addresses feedback from #2245.

* More feedback.
2017-04-23 04:43:42 +02:00
Matt Jankowski
04e2d502e0 Move force_ssl check to production config (#2165)
The force_ssl method from controllers does not add all of the options that the
sitewide configuration in a config block does. For example, HSTS enforcement is
not added by the controller method, but is added by this style.
2017-04-23 04:22:22 +02:00
Matt Jankowski
502eef6f8d 2FA controller cleanup (#2296)
* Add spec coverage for settings/two_factor_auth area

* extract setup method for qr code

* Move otp required check to before action

* Merge method only used once

* Remove duplicate view

* Consolidate creation of @codes for backup

* Move settings/2fq#recovery_codes to settings/recovery_codes#create

* Rename settings/two_factor_auth#disable to #destroy

* Add coverage for the otp required path on 2fa#show

* Clean up the recovery codes list styles

* Move settings/two_factor_auth to settings/two_factor_authentication

* Reorganize the settings two factor auth area

Updated to use a flow like:

- settings/two_factor_authentication goes to a #show view which has a button
  either enable or disable 2fa on the account
- the disable button turns off the otp requirement for the user
- the enable button cycles the user secret and redirects to a confirmation page
- the confirmation page is a #new view which shows the QR code for user
- that page posts to #create which verifies the code, and creates the recovery
  codes
- that create action shares a view with a recovery codes controller which can be
  used separately to reset codes if needed
2017-04-22 04:23:17 +02:00
Ashley
b970cf6988 Added API for single notification dismissal (#2251)
* Added API backend for notification dismissal

* Added render statement

* Changed statement
2017-04-22 02:30:35 +02:00
Takayoshi Nishida
3ba9a8c1db Fix #2195 - Set locale to error pages (#2255)
* Fix #2195 - Set locale to error pages

* Fix #2195 - Cut duplicate process into one method
2017-04-21 18:11:20 +02:00
Matt Jankowski
be1ecde300 Clean up settings/preferences controller (#2237)
* Add missing fields group on preferences page

* Clean up settings/preferences controller

* Extract a UserSettingsDecorator
2017-04-21 03:26:52 +02:00
Matt Jankowski
696f4794fd Admin settings controller refactor, add specs, cleanup (#2225)
* Add render_views for admin/settings spec

* Add coverage for admin/settings#update

* Add coverage for admin/settings typecasting open_registrations setting

* Simplify how admin/settings finds the value for updating

* Rely on activerecord to not update a value that hasnt changed

* Add coverage for non-existent setting

* Use a constant for boolean settings
2017-04-20 17:18:09 +02:00
Eugen
f29afaa268 Fix #2120 - Use Status#as_tag_timeline on public hashtag page (#2182)
* Fix #2120 - Use Status#as_tag_timeline on public hashtag page

* Update tags_controller.rb
2017-04-20 03:54:02 +02:00
Matt Jankowski
7a1129892c Simplify render in controllers (#2144) 2017-04-19 15:37:42 +02:00
Matt Jankowski
9a8134cea6 Restful refactor of accounts/ routes (#2133)
* Add routing specs for accounts followers and following actions

* Use more restful route naming for public account follow pages

Moves two actions:
- accounts#followers to accounts/follower_accounts#index
- accounts#following to accounts/following_accounts#index

Adds routing spec to ensure prior URLs are preserved.
2017-04-19 13:52:37 +02:00
happycoloredbanana
9026426b4d Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00
Matt Jankowski
ce5cb2b81c Instances list in admin (#2095)
* Add admin/instances index action

* Add link to instances admin page

* View lists instances

* Instances, grouped by domain, ordered by count

* Use Account.remote scope

* Extract method: Account.by_domain_accounts
2017-04-18 21:09:07 +02:00
Matt Jankowski
4b6be67e85 Admin reports with accounts (#2092)
* Add a ReportFilter class

* Add reports and targeted_reports relationships to Account

* Use ReportFilter from admin/reports controller

* Link to admin/reports filtered views from admin account show view

* Add indexes to reports.account_id and reports.target_account_id
2017-04-18 19:36:18 +02:00
839
95e8ab21a1 Avoid dynamic methods due to processing speed (#2080) 2017-04-18 15:57:46 +02:00
Eugen Rochko
a398b93bbc Adjust visuals of non-autoplaying GIFV 2017-04-18 01:57:50 +02:00
Eugen Rochko
336fd904db Merge branch 'pause-gif' of git://github.com/patf/mastodon into patf-pause-gif 2017-04-18 01:25:50 +02:00
Matt Jankowski
7a7a2d591f Remove unused methods (#1730)
* Remove unused method #set_counters_maps from api controller

* Remove unused method #set_account_counters_maps from api controller

* Remove unused method Account#followers_domains

* Remove unused User.prolific scope

* Add mastodon:users:admins task to list all admin emails

* Use interpolated query style in Account.triadic_closures

* Coverage for Account.triadic_closures
2017-04-18 01:21:55 +02:00
Matt Jankowski
47cc8462e3 Media controller specs (#2022)
* Add spec for media controller

* Add MediaAttachment.attached scope

* Simplify methods in media controller
2017-04-17 20:02:00 +02:00
Eugen
e0a36782b4 Fix #1897 - Return reblogged: false on unreblog (was wrongly named variable) (#1989) 2017-04-17 19:58:38 +02:00
Matt Jankowski
fd9d43b6e2 Improve handling of HTTP_ACCEPT for webfinger (#2008)
This change includes:

- Improve the spec coverage for incoming request to the webfinger action
- For requests without an accept header (ie, what a browser might look like),
  return a JSON response.
- For requests with an explicit format of xml or json, return that format.
- For requests using an accept header, return that format.

Also adds failing spec showing webfinger does not return xml, which covers the
issue described in: https://github.com/tootsuite/mastodon/issues/1983
2017-04-17 19:58:03 +02:00
Patrick Figel
2fb1f07888 Add gif auto-play/pause preference
This introduces a new per-user preference called
"Auto-play animated GIFs", which is enabled by default. When a
user disables this setting, gifs in toots become click-to-play.

Previews of animated gifs were changed to display the video play
button so that users can distinguish them from regular images.

This setting also affects account avatars in the detailed account
view, which was changed to use the same hover-to-play mechanism
that is used for animated avatars in timelines.

Fixes #1652
2017-04-17 12:14:03 +02:00
saturday06
abf70be71e Assign user locale on signup (#1982) 2017-04-17 10:29:08 +02:00
Eugen
40b37104fd Onboarding modal (#1883)
* Basic onboarding modal that's shown to users once

* Lay out pages 2 through 5, add images, style modals (#1509)

* Lay out pages 2 through 5

Added images and laid out pages 2 through 5 in the jsx file. SCSS will
come, still working on just seeing if this works at all.

* Fix jsx errors, add images to modal pages, style modal pages

* Add animations to onboarding pager changes, improve wording and styling

* Finishing touches on the onboarding

* Add missing propTypes

* Update wording
2017-04-16 20:32:00 +02:00
Matt Jankowski
fff8d92577 I18n health warnings (#1949)
* Rename admin.domain_block to admin.domain_blocks in prep for i18n improvement

* Use implicit controller/action path for i18n in admin/domain_blocks

* Add DomainBlock#accounts has_many

* Avoid i18n health warning for `en` locale by using symbol scope with :count

* Remove unused i18n key: plaintext_secret_html

* Remove unused i18n key two_factor_auth.warning

* Remove final will_paginate i18n keys

* Remove unused key two_factor_auth.recovery_codes

* Remove unused key: admin.reports.comment.none

* Remove unused reports. i18n namespace (moved to admin.reports)

* Ignore keys from locales which override activemodel and activerecord errors

* Revert "Remove unused key: admin.reports.comment.none"

This reverts commit 350ef2685fadc069e619bb6d1066190de195d942.

* Update i18n key reference to match moved location

* Add missing `en` keys to i18n

* Tell i18n-tasks to ignore missing attributes that dont need overwriting

* Add i18n-tasks unused to travis
2017-04-16 19:37:01 +02:00
Eugen
ba6b4c6e62 Make file attachment on MediaAttachment optional (#1865)
Create MediaAttachment but without actual file download when domain is blocked with reject_media set to true
Clean up old media files when creating a new domain block with reject_media set to true
Return remote_url in media attachments API if local file is not present
Undo domain block action in admin UI
Ability to enable reject_media from admin UI
2017-04-16 12:51:30 +02:00
alpaca-tc
752d057494 ActiveRecord::NotFound is not defined (#1864) 2017-04-15 21:17:59 +02:00
Marcin Cieślak
d67b8e90ea Give SINGLE_USER a chance to register (#1820)
An attempt to open a brand new Mastodon instance configured
as SINGLE_USER_MODE=true will cause an exception.

Enable temporary registration if we have no users in the database

Fixes #1817
2017-04-15 16:46:27 +02:00
Matt Jankowski
c0f0bcf17d Add password reset for users from admin accounts area (#1841) 2017-04-15 16:44:59 +02:00
Patrick Figel
15b393201e Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
2017-04-15 13:26:03 +02:00
Joachim Viide
cbf0e1b1c8 Send initial state in a <script type="application/json"> tag (#1806) 2017-04-15 02:32:42 +02:00
ThibG
c45c67c2ac Allow running mastodon on a different domain as the one used for identifying users (#1267)
* Allow running mastodon on a different domain as the one used for identifying users

* Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing

* Compare to web_domain instead of local_domain when dealing with feeds/API

* Correctly identify mentions to local accounts

Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN.
2017-04-15 02:15:46 +02:00
Matt Jankowski
20170cb4f3 Improve i18n chooser (#1804)
* Add locale spec with failing locale plus region check

* Use a more accurate locale when supplied by browser headers

Previously we were using a matching option which would use the first locale
available which matched the locale portion, even if a region was specified.

This changes to first try to find an exact match, and then fall back to the
region, and then fall back to the  default.

* Clean up default_locale method
2017-04-15 01:12:39 +02:00
Matt Jankowski
22f1d9099a Admin reports controller improvements (#1714)
* Simplify admin/reports controller filtering for index

* Rename parameter to resolved

* Fix issue where reports view could not access filter_link_to

* Add coverage for admin/reports controller

* DRY up resolution of related reports for target account

* Clean up admin/reports routes

* Add Report#statuses method

* DRY up current account action taken params

* Rubocop styles
2017-04-14 11:10:28 +02:00
Matt Jankowski
d8789124ae Clean up well-known routes/controllers (#1649)
* Add request spec for host meta route returning xml

* Add routing spec for xrd routes

* Update well-known routes

* Move webfinger and host-meta actions to their own controllers
2017-04-13 13:09:07 +02:00
Matt Jankowski
26ea2f70bd Admin accounts controller cleanup (#1664)
* Remove unused account_params method in admin/accounts controller

* Introduce AccountFilter to find accounts

* Use AccountFilter in admin/accounts controller

* Use more restful routes admin silence and suspension area

* Add admin/silences and admin/suspensions controllers
2017-04-13 13:04:23 +02:00
Matt Jankowski
0a6cfca260 Settings export refactor (#1646)
* Refactor Export to take an account and know about the export types

* Use Export instance in settings/exports#show
2017-04-13 13:02:02 +02:00
Matt Jankowski
d1ebb63c54 Quick best practice cleanup of views/helpers (#1546)
* Remove trailing whitespace

* Use query methods instead of explicit .blank? checks
2017-04-12 18:24:18 +02:00
Matt Jankowski
9d1d8797fd Webfinger resource to extract username from resource string (#1607)
* Add WebfingerResource class to extract usernames

* Use WebfingerResource in xrd#webfinger
2017-04-12 18:22:38 +02:00
Matt Jankowski
bf7306636e Allow import/export of mutes list (#1541)
* Allow export of mutes list

* Allow importing of mutes list

* Refactor to use Settings::Exports::BaseController and DRY up exports code
2017-04-12 18:20:44 +02:00
Matt Jankowski
ca70fe5ae7 Simplify the way the embed view is created (#1590)
* Add coverage for embedded status view

* Refactor embed view to eliminate @external_links variable
2017-04-12 16:12:42 +02:00
Matt Jankowski
c27253cbb6 Default to json type for webfinger requests (#1583) 2017-04-12 16:03:37 +02:00
Matt Jankowski
63e46e27f0 Refactor exports controller (#1567)
* Add basic coverage for settings/exports controller

* Remove unused @account variable from settings/exports controller

* Add coverage for download export actions

* Remove deprecated `render :text` in favor of `send_data` for csv downloads

* Add model to handle exports

* Use Export class in settings/exports controller

* Simplify settings/exports controller methods

* Move settings/export to more restful routes
2017-04-11 22:00:43 +02:00
Eugen Rochko
b440b2a9ee Merge branch 'master' of https://github.com/blackle/mastodon into blackle-master 2017-04-11 20:43:56 +02:00
blackle
e7d77f4e13 Allow user to disable the boost confirm dialog in preferences 2017-04-11 10:10:16 -04:00
Matt Jankowski
fcec9fcd99 Pagination improvements (#1445)
* Replace will_paginate with kaminari

* Use #page instead of #paginate in controllers

* Replace will_paginate.page_gap with pagination.truncate in i18n

* Customize kaminari views to match prior styles

* Set kaminari options to match prior behavior

* Replace will_paginate with paginate in views
2017-04-11 01:11:41 +02:00
Eugen
68f3ce7d0c API param to exclude notification types from response (#1341)
* Add exclude_types param to /api/v1/notifications

* Exclude notification types in web UI through exclude_types in the API
2017-04-10 23:45:29 +02:00
Matt Jankowski
874a240a58 Clean up generation of account webfinger string (#1477)
* Consolidate webfinger string creation under Account#to_webfinger_s

* Introduce Account#local_username_and_domain for consolidation
2017-04-10 22:58:06 +02:00
Matt Jankowski
8d0a4b7200 Admin base controller (#1465)
* Add Admin::BaseController to wrap admin area

Extracts the setting of the `admin` layout and verifying that users are admins
to a common base class for the admin/ controllers.

* Add basic coverage for admin/reports and admin/settings controllers
2017-04-10 21:27:03 +02:00
Eugen
5c57f15503 Do not store last visited URL from API controllers (#1330)
Sign-in redirects you back to last visited URL, but in case of API requests,
this sometimes redirected users to an API URL that, of course, greeted them
with an {"error":"The access token is invalid"}
2017-04-09 22:21:52 +02:00
Eugen
47a3702db4 Fix /api/v1/accounts/update_credentials tests (#1357) 2017-04-09 20:23:14 +02:00
David Authier
9252133084 Use HTTP Accept-Language to detect locale (#1166)
* Use HTTP Accept-Language to detect locale

* Fix gem order to comply with codeclimate

* Sort gem to comply with rubocop

* I18n.default_locale fallback when there is no accept-language header
2017-04-09 18:40:24 +02:00
David Celis
6e0b4032b3 Allow users to update their Account in the API (#1179)
* Allow users to update their Account in the API

It would be nice for API clients to be able to allow users to update
their accounts without having to wrap Mastodon in a web view. This patch
adds an API endpoint to let users submit a PATCH for their account.

Signed-off-by: David Celis <me@davidcel.is>

* Add /api/v1/accounts/update_credentials to the API docs

Signed-off-by: David Celis <me@davidcel.is>
2017-04-09 18:33:40 +02:00
Matt Jankowski
41b79ae693 Clean up about page (#1282)
* Add InstancePresenter to expose site details

* Clean up about controller, use instance presenter
2017-04-09 14:47:25 +02:00
Eugen
3047a8da74 Make public timelines API not require user context/app credentials (#1291)
* Make /api/v1/timelines/public and /api/v1/timelines/tag/:id public
Fix #1156 - respect query params when generating pagination links in API

* Apply pagination fix to more APIs
2017-04-08 23:39:31 +02:00
Eugen
b532134503 Fix #795, fix #704, fix #835 - 2FA requires confirmation to be enabled (#1278)
* Fix #795, fix #704, fix #835 - 2FA requires confirmation to be enabled
TOTP secret is not shown again after 2FA is enabled

* Clean up
2017-04-08 22:20:08 +02:00
Eugen Rochko
07f42f0824 Fix #1165 - before_action was called before protect_from_forgery 2017-04-08 02:30:50 +02:00
Eugen Rochko
9bb84337a7 Allow setting of default language through config
Setting of locale in controller extracted to Localized concern,
the doorkeeper authorized applications controller moved under
custom namespace with inclusion of Localized, which resolves the
"it sometimes appears in a different random language" bug
2017-04-07 12:40:26 +02:00
Eugen
24c77e57b2 Rewrite Atom generation from stream entries to use Ox instead of Nokogiri (#1124)
* Rewrite Atom generation from stream entries to use Ox instead of Nokogiri::Builder

StreamEntry is now limited to only statuses, which allows some optimization. Removed
extra queries on AccountsController#show. AtomSerializer instead of AtomBuilderHelper
used in AccountsController#show, StreamEntriesController#show, StreamEntryRenderer
and PubSubHubbub::DistributionWorker

PubSubHubbub::DistributionWorker moves n+1 DomainBlock query to PubSubHubbub::DeliveryWorker
instead.

All Salmon slaps that aren't based on StreamEntry still use AtomBuilderHelper and Nokogiri

* All Salmon slaps now use Ox instead of Nokogiri. No touch from status on account
2017-04-07 05:56:56 +02:00
Drew DeVault
932b0b2f1f Remote follow improvements
This stores the @username@instance you provide in your session and
reuses it the next time you remote follow someone from this instance.
2017-04-04 20:52:31 -04:00
Eugen Rochko
353a30810c New admin setting: open/close registrations, with custom message, from the admin UI 2017-04-04 15:28:12 +02:00
Eugen Rochko
7a56845060 Only call regeneration worker after first login after a 14 day break 2017-04-04 02:00:10 +02:00
Eugen Rochko
24793cdbaa Fix ActionController::Parameters in API issue 2017-04-04 01:33:34 +02:00
Eugen Rochko
c9ffa7ab1d Add basic logging of who resolved report 2017-04-03 19:35:00 +02:00
Eugen Rochko
ceaafb22d3 When taking action on a report (silence/suspend), it dismisses all other
reports for that user automatically
2017-04-03 19:19:54 +02:00
Eugen Rochko
6ebe31e716 Make default admin UI page reports. Add admin UI for creating a domain block 2017-04-03 18:55:06 +02:00
Eugen Rochko
1ee4c6415c Catching rack timeout from rails doesn't work 2017-04-02 21:12:18 +02:00
Eugen Rochko
00e99e58db Add proper error page for request timeouts 2017-04-02 19:43:44 +02:00
Eugen Rochko
f04816f005 Fix wording "show reblogs" -> "show boosts", order reports chronologically in
admin UI
2017-04-02 16:45:49 +02:00
Eugen Rochko
e407ed24a6 Fix landing page sign up form ignoring username field 2017-04-02 04:13:22 +02:00
Eugen Rochko
244da78105 Import feature for following/blocking lists (addresses #62, #177, #201, #454) 2017-03-30 19:42:33 +02:00
Eugen Rochko
96e58cf289 Add counter caches for a large performance increase on API requests 2017-03-30 15:06:59 +02:00
Eugen Rochko
a4ce8b09fb Fix #690 - Webfinger should handle new shortform profile URLs now (nice) 2017-03-28 11:25:43 +02:00
Eugen Rochko
b3cb765a94 Prettier account and stream entry URLs 2017-03-22 19:55:14 +01:00
Eugen Rochko
3893f75a51 New API method: /api/v1/search
Returns accounts, statuses, hashtags arrays
2017-03-22 02:32:27 +01:00
Eugen Rochko
b339e488fe Export follow/block lists as CSV 2017-03-19 20:29:41 +01:00
Eugen Rochko
20d91848cf Fix wrong HTTP status codes on error pages 2017-03-19 20:03:28 +01:00
Eugen Rochko
844eda88fe Forgot to hook up API with the latest method 2017-03-17 21:02:47 +01:00
Eugen Rochko
c97f817e40 Fix #525 - Add instance information API 2017-03-15 23:12:48 +01:00
Eugen
6599b27b2b Merge branch 'master' into mastodon-site-api 2017-03-15 22:55:22 +01:00
Eugen Rochko
453d65e6da Obfuscate filenames better, double rate limits 2017-03-14 15:59:21 +01:00
Eugen Rochko
250beb1971 Revert earlier fix due to new bug reports 2017-03-06 02:25:41 +01:00
Eugen Rochko
dea8e95d14 Performance improvement for profiles 2017-03-06 01:50:35 +01:00
Eugen Rochko
42b6d5aca5 Increase max bitrate of converted webms, slightly optimized counter queries
(Because postgres can tell that count(*) needs no extra checks, but
counting a specific column requires them)
2017-03-05 23:43:58 +01:00
Eugen Rochko
d1e1f26878 Improved /api/v1/accounts/:id/statuses with new params: only_media, exclude_replies
Redirect /:username to /users/:username
Redirect /:username/:id to /users/:username/updates/:id
Updated API documentation and sponsors
2017-03-05 17:27:17 +01:00
Eugen Rochko
0cb5a2a0a7 Add digest e-mails 2017-03-04 00:00:48 +01:00
Kit Redgrave
4554ccd5d0 Mute button progress so far. WIP, doesn't entirely work correctly. 2017-03-01 22:31:21 -06:00
Kibigo
b39356835b Adds site metadata access to the API 2017-02-27 04:06:25 -08:00
Eugen Rochko
a741049a77 Fix #104 - Style OAuth authorized applications page
Add ability to search accounts by display name
2017-02-27 00:15:00 +01:00
Eugen Rochko
ff8a080d40 Add validation of media attachments, clean up mastodon-own exception classes 2017-02-26 23:23:06 +01:00
Eugen Rochko
128dcdf68a Merge branch 'fix_462' of https://github.com/rmhasan/mastodon into rmhasan-fix_462 2017-02-26 23:09:18 +01:00
Eugen Rochko
5157e25aab Add tuning documentation, add <content> tags back to most salmons,
make status pagination headers generation more lax about next page
existing
2017-02-25 03:34:37 +01:00
Rakib Hasan
2e10c9861e Removed try clause from create action in status controller
Using catch statement in api_controller.rb to catch NotPermitted
Exception, and render error message
2017-02-19 08:29:56 +00:00
Rakib Hasan
008c95b3b9 revisted fix for #462
Moved validation to services/post_status_service.rb
2017-02-19 08:28:33 +00:00
Rakib Hasan
11dc0a1cbc Fix for issue #462
Modified uploadCompose action to send media ids of attached
media when sending a request. Modified create method in MediaController
to check if when posting a video, there are no other media attached
to the status by looking at the media ids sent from the uploadCompose
action.
2017-02-19 08:28:33 +00:00
Eugen Rochko
3d291bcc55 Do not display non-Status stream entries anymore 2017-02-17 02:20:52 +01:00
Eugen Rochko
7f9d6d0160 Add GET /api/v1/accounts/:id/statuses/media that returns only statuses with media attachments
Make replies default to privacy settings of the status being replied to
2017-02-17 01:30:24 +01:00
Eugen Rochko
0613d66df8 Add UI to view report details, remove reported statuses, quick links to resolve/silence/suspend from report 2017-02-17 00:42:52 +01:00
Eugen Rochko
6917e53fe0 Adding index overview for reports in admin UI 2017-02-16 02:28:10 +01:00
Eugen Rochko
513a78d67b Fix admin UI for accounts somewhat 2017-02-15 00:22:58 +01:00
Eugen Rochko
2cc31b3194 Adding POST /api/v1/reports API, and a UI for submitting reports 2017-02-14 20:59:26 +01:00
Eugen Rochko
a83dc927d8 Fix #587 - Display TOTP secret next to QR code 2017-02-13 20:56:03 +01:00
Eugen Rochko
f9f8f52fe9 Stop trying to shoehorn all Salmon updates into the poor database-connected
StreamEntry model. Simply render Salmon slaps as they are needed
2017-02-12 01:19:14 +01:00
Eugen Rochko
59c8c2b28a Make follow requests federate 2017-02-11 02:58:00 +01:00
Eugen
92a90de2af Fix #611 - Layout setting in registrations controller 2017-02-08 03:04:29 +01:00
Eugen
7037774d6e Merge pull request #603 from evanminto/activitypub-account
Expose ActivityStreams 2.0 representation of accounts
2017-02-07 02:08:40 +01:00
Eugen Rochko
af82038b98 Fix preferences save 2017-02-07 00:23:38 +01:00
Eugen Rochko
b1f2683ecc Add API modifiers to limit returned toots from public/hashtag timelines
to only those from local users; Add link to "extended information" to
getting started in the UI; Add defaults for posting privacy; Change
how publish button looks depending on posting privacy chosen
2017-02-06 23:16:20 +01:00
Evan Minto
db7affbf5b Reuse existing controller and route 2017-02-06 01:19:26 -08:00
Eugen Rochko
e4a55302d2 Remove bios from blocked users list, filter out broken entries from API response 2017-02-05 19:39:00 +01:00
Eugen Rochko
2f126b1225 Removing failed push notification API, make context loads use cache 2017-02-05 17:51:44 +01:00
Evan Minto
e02bfd0aa2 Remove unnecessary leftover code 2017-02-04 14:49:24 -08:00
Evan Minto
b56d24ed71 Add an account endpoint for ActivityPub and link to it on HTML profile pages 2017-02-04 14:46:23 -08:00
Eugen Rochko
727d236fcc Cleaning up format of broadcast real-time messages, removing
redis-backed "mentions" timeline as redundant (given notifications)
2017-02-02 00:03:31 +01:00
Eugen Rochko
9327d05bf7 API for apps to register for push notifications 2017-01-29 01:30:32 +01:00
Eugen Rochko
c58da52e9f Split 2FA login into two prompts 2017-01-28 20:43:38 +01:00
Eugen Rochko
557de8e24c Update settings to re-use admin layout, one big navigation tree, improve settings forms 2017-01-28 03:56:10 +01:00
Eugen Rochko
9b8670c939 Added optional two-factor authentication 2017-01-27 20:35:16 +01:00
Eugen Rochko
2efefb380b Improve infinite scroll on notifications 2017-01-26 04:30:40 +01:00
Eugen Rochko
959e064186 Instead of using spoiler boolean and spoiler_text, simply check for non-blank spoiler_text
Federate spoiler_text using warning attribute on <content /> instead of a <category term="spoiler" />
Clean up schema file from accidental development migrations
2017-01-25 01:29:16 +01:00
Eugen
c7778752e3 Merge branch 'master' into master 2017-01-24 21:56:06 +01:00
Eugen Rochko
ea8b548ee9 Make blocks create entries and unfollows instantly, but do the clean up
in the background instead. Should fix delay where blocked person
can interact with blocker for a short time before background job
gets processed
2017-01-24 21:40:41 +01:00
Eugen Rochko
b4ec84067a API now respects ?limit param as long as it's within 2x default limit 2017-01-24 04:22:10 +01:00
blackle
e25fc71c2c Implement a click-to-view spoiler system 2017-01-23 21:07:40 -05:00
Eugen Rochko
98660a76d9 Move merging/unmerging of timelines into background. Move blocking into
background as well since it's a computationally expensive
2017-01-23 21:29:34 +01:00
Eugen Rochko
4d39cc7bf9 Add /api/v1/notifications/clear, non-existing link cards for statuses will
now return empty hash instead of throwing a 404 error. When following,
merge into timeline will filter statuses
2017-01-23 21:09:27 +01:00
Eugen Rochko
55d6cd41e6 Fix a couple unhandled exceptions 2017-01-23 13:56:57 +01:00
Eugen Rochko
4cbca05197 Potentially fix notifications issue 2017-01-23 13:43:14 +01:00
Eugen
20cb576da1 Fix inflection 2017-01-22 23:08:51 +01:00
Eugen Rochko
2c29cc400e Improve error page layouting. 500 page has to stay static because it's
used from nginx when Rails fails.
2017-01-21 22:30:47 +01:00
Eugen Rochko
280348f1e0 Merge branch 'fix/error-pages' of https://github.com/ineffyble/mastodon into ineffyble-fix/error-pages 2017-01-21 22:20:01 +01:00
Eugen Rochko
f4836b9077 Method to fetch a single notification 2017-01-21 22:14:13 +01:00
Eugen Rochko
f748a91ec7 Fix #463 - Fetch and display previews of URLs using OpenGraph tags 2017-01-20 01:00:14 +01:00
Eugen Rochko
a88f9a5ca9 Don't show loading bar when re-loading already loaded status. Don't even try to fetch ancestors from DB when in_reply_to_id is nil 2017-01-19 11:06:06 +01:00
Eugen Rochko
f4d7f4c687 Fix #238 - Add "favourites" column 2017-01-16 13:28:25 +01:00
Effy Elden
80f186cdf0 Add nice error page for CSRF errors/cookie issue, and fix error page handling altogether 2017-01-15 10:30:23 +11:00
Effy Elden
8e0c1914fb Add tracking of OAuth app that posted a status, extend OAuth apps to have optional website field, add application details to API, show application name and website on detailed status views. Resolves #11 2017-01-15 08:58:50 +11:00
Eugen Rochko
f2667139ad Adding about/more page with extended information that can be set up by an admin 2017-01-13 20:16:38 +01:00
Eugen Rochko
533448be42 Add extended about page stub 2017-01-13 03:24:41 +01:00
Eugen Rochko
6d98465db2 Extend rails-settings-cached to merge db-saved hash values with defaults 2017-01-13 02:42:22 +01:00
Eugen Rochko
7e7c2bbb0f Migrate from ledermann/rails-settings to rails-settings-cached which allows global settings
with YAML-defined defaults. Add admin page for editing global settings. Add "site_description"
setting that would show as a paragraph on the frontpage
2017-01-12 20:46:24 +01:00
Eugen Rochko
c8bcd413e2 Home column filters 2017-01-10 17:25:10 +01:00
Eugen Rochko
4293e132d1 Persist UI settings, add missing localizations for German 2017-01-09 14:00:55 +01:00
Eugen Rochko
0df070596e Fix #416 - Generate random unique 14-byte (19 characters) shortcodes
for local attachments, use them in URLs. Check status privacy
before redirecting to actual file.
2017-01-06 00:29:12 +01:00
Eugen Rochko
800f6cf6a3 Fix #390 - fix redirect after sign-up (to login page instead of homepage) 2017-01-04 15:31:25 +01:00
Eugen Rochko
6ef2b5d1c7 Fix admin UI not loading JS, make sure to strip "acct:" out of remote account's usernames when authorizing follow 2017-01-02 22:31:10 +01:00
Eugen Rochko
3e6b5d67dd Fix uri expansion during remote follow 2017-01-02 12:19:02 +01:00
Eugen Rochko
df2f14d2dd Adding remote follow button 2017-01-01 19:54:34 +01:00
Eugen Rochko
6a20c13009 Add API for retrieving favourites 2016-12-29 20:33:26 +01:00
Eugen Rochko
2bc6e7c96e Add API for retrieving blocked accounts 2016-12-29 20:12:32 +01:00
Eugen Rochko
4030321d95 Support remote follow request providing URL instead of acct 2016-12-29 17:23:27 +01:00
Eugen Rochko
57f6f80838 Add ability to use remote follow function on other sites 2016-12-29 16:54:54 +01:00
Eugen Rochko
fde1917a54 Add preferences for follow request notification e-mails 2016-12-26 22:04:16 +01:00
Eugen Rochko
cef68b9b1c Follow requests send e-mail notifications, but are excluded from notifications API
Better initial state for unlisted/nsfw toggles
2016-12-26 21:52:03 +01:00
Eugen Rochko
6a54df90c8 Replacing follow requests in the settings area with in-UI column 2016-12-26 21:33:51 +01:00
Eugen Rochko
ef9e827c54 Adding follow requests API 2016-12-26 19:30:45 +01:00
Eugen Rochko
d253b0dec6 Fix #86 - resolve layout breaking on zoom-out on accounts grid 2016-12-26 18:48:33 +01:00
Eugen Rochko
302051ffcb Add page for authorizing/rejecting follow requests 2016-12-23 00:04:52 +01:00
Eugen Rochko
77cd58545d Re-enable Webfinger for locked accounts but don't handle "follow" events
coming in via Salmon.

Currently no way to prevent remote follows, but they will only receive public
and unlisted posts
2016-12-22 23:17:57 +01:00
Eugen Rochko
238233440f Follow call on locked account creates follow request instead
Reflect "requested" relationship in API and UI
Reflect inability of private posts to be reblogged in the UI
Disable Webfinger for locked accounts
2016-12-22 23:03:57 +01:00
Eugen Rochko
09a477c782 Add "locked" flag to accounts, prevent blocked users from following, force-unfollow blocked users 2016-12-22 21:34:19 +01:00
Eugen Rochko
d417da7d3a Private visibility on statuses prevents non-followers from seeing those
Filters out hidden stream entries from Atom feed
Blocks now generate hidden stream entries, can be used to federate blocks
Private statuses cannot be reblogged (generates generic 422 error for now)
POST /api/v1/statuses now takes visibility=(public|unlisted|private) param instead of unlisted boolean
Statuses JSON now contains visibility=(public|unlisted|private) field
2016-12-21 20:04:13 +01:00
Eugen Rochko
090e3a245d Fix #249 - use window.location hack to let people login from sandboxed iOS homescreen 2016-12-21 00:13:13 +01:00
Eugen Rochko
b2945b025f Make unfavouriting async to prevent timeout errors from leaving orphaned records behind 2016-12-19 09:12:29 +01:00
Eugen Rochko
346aae50b0 Adjusting public display of statuses to look similar to logged-in UI,
fix #361 with rich OEmbed display via iframe, fix #237 by hiding sensitive
content behind a spoiler on public pages
2016-12-18 19:47:11 +01:00
Eugen Rochko
6d7f3be2f6 Add OEmbed iframe HTML, convert emojis on public pages, increase size of attachment thumbnails 2016-12-18 15:20:39 +01:00
Eugen Rochko
66e08d880c Improved admin UI 2016-12-13 13:42:10 +01:00
Eugen Rochko
88218c83d5 Add suspend account functionality to admin UI 2016-12-06 18:22:59 +01:00
Eugen Rochko
7752662f97 Add filters for suspended accounts 2016-12-06 18:03:30 +01:00
Eugen Rochko
5522606989 Add single user mode 2016-12-06 17:19:26 +01:00
Eugen Rochko
ca0757a6cf Add account suspension 2016-12-05 22:59:30 +01:00
Eugen Rochko
68586258ca Adding more to admin accounts UI 2016-12-04 18:10:40 +01:00
Eugen Rochko
7c81e7e9c7 Fix public tags page 2016-12-04 16:56:45 +01:00
Eugen Rochko
b506010b4f Add "next" pagination to public profiles 2016-12-03 19:30:13 +01:00
Eugen Rochko
fb61dd14c5 Admin accounts page lists accounts 2016-12-03 19:08:07 +01:00
Eugen Rochko
2d4ce8a867 Fix #248 - Reload all accounts when fetching from cache 2016-12-03 18:21:26 +01:00
Eugen Rochko
8260628fc8 Fix pt translations, improve pre-cache queries, removing will_paginate
from accounts/tags because it's a terribly inefficient way to paginate
large sets of data
2016-12-01 16:26:25 +01:00
Eugen Rochko
a8814a19dc Add basic OEmbed provider API, fix #247 2016-11-30 23:01:03 +01:00
Eugen Rochko
8d4ef0b6c3 Per-status control for unlisted mode, also federation for unlisted mode
Fix #233, fix #268
2016-11-30 21:34:59 +01:00
Eugen Rochko
1bb1ec3b8d Further abstract caching for includes 2016-11-30 15:57:56 +01:00
Eugen Rochko
329b2a326d Normalize localizations, add stub for admin/accounts 2016-11-30 15:32:26 +01:00
Eugen Rochko
015cd99f41 Make User#current_sign_in_at actually track when user was last active,
by updating it at least every 24h if the user visits the site
2016-11-30 15:17:03 +01:00
Eugen Rochko
bee7aeaea5 Unify collection caching code 2016-11-29 15:49:39 +01:00
Eugen Rochko
d26b8f3cce Delete statuses asynchronously but provide instant feedback in the API 2016-11-29 15:32:25 +01:00
Eugen Rochko
02da8fdcbe Fix setting of confirmed=true on successful confirmation 2016-11-28 19:24:49 +01:00
Eugen Rochko
f37efe8e56 Add simple admin overview of PuSH subscriptions 2016-11-28 18:45:13 +01:00
Eugen Rochko
b5ad0eb4ea Adding embedded PuSH server 2016-11-28 13:36:47 +01:00
Eugen Rochko
abeccf6eb2 X-RateLimit-Reset formatted with iso8601 2016-11-25 15:21:22 +01:00
Eugen Rochko
666eda7256 Remove stale entries from cache results 2016-11-25 13:25:40 +01:00
Eugen Rochko
ea0846645a Fix #65 - Options to block notifications from people you don't follow/who don't follow you 2016-11-25 13:13:16 +01:00
Eugen Rochko
30f9e9e624 Remove Neo4J 2016-11-24 23:46:27 +01:00
Eugen Rochko
8ab2fcbb2c Mini Profiler not working well, remove it 2016-11-24 19:59:11 +01:00
Alyssa Ross
cb06801b21 Extract filename obfuscation into module 2016-11-24 00:30:58 +00:00
Andrea Faulds
66a20701b7 Rename media to avoid exposing filename (fixes #207) 2016-11-23 21:03:03 +00:00
Eugen Rochko
d78962c1ed Cache accounts/:id/statuses and single statuses too 2016-11-23 19:00:43 +01:00
Eugen Rochko
65d6191147 Adding sensitive marker to statuses in API 2016-11-23 10:46:48 +01:00
Eugen Rochko
c60df460af Rename "publish" to "toot" in english locale, fix lightbox showing old image
before loading new one, cache notifications API, fix missing follow button
on public profiles
2016-11-23 09:20:34 +01:00
Eugen Rochko
dda6354c76 Implement includes caching for timelines APIs 2016-11-23 08:34:35 +01:00
Eugen Rochko
f6a975af8b More query optimizations 2016-11-22 23:18:54 +01:00
Eugen Rochko
30010a6dbd Moving some counter queries out of subqueries in the API 2016-11-22 22:59:54 +01:00
Eugen Rochko
f07b0dc82f Remove unneeded indices, improve error handling in background workers, don't needlessly reload reblogged status, send Devise e-mails asynchronously 2016-11-22 17:32:51 +01:00
Eugen Rochko
74df3ba1d7 Local accounts can control "silenced" attribute which removes them from public timeline 2016-11-21 23:06:41 +01:00
Eugen Rochko
0aeae195cb Better error message in doorkeeper json response 2016-11-21 16:19:35 +01:00
Eugen Rochko
0a68464995 Performance improvement for notifications API 2016-11-21 16:10:42 +01:00
Eugen Rochko
4d100a1b36 Remove some n+1 queries from notifications API 2016-11-21 15:16:04 +01:00
Eugen Rochko
83cdfefa7d Remove orphaned notifications, add scopes param to app create API 2016-11-21 14:59:13 +01:00
Eugen Rochko
80d58c6c04 Desktop notifications 2016-11-21 10:24:50 +01:00
Eugen Rochko
38025dfea3 Adding unified streamable notifications 2016-11-20 19:39:58 +01:00
Eugen Rochko
fbaddca49e Move Salmon processing to background as well as PuSH 2016-11-18 23:24:57 +01:00
Eugen Rochko
b8e6ca45e5 Add user locale setting 2016-11-16 17:56:31 +01:00
Eugen Rochko
0e956910c3 Adding some localizations 2016-11-15 23:02:57 +01:00
Eugen Rochko
c6f5eb8aa7 Fix #144 - Filter statuses from blocked users out of ancestors/descendants results 2016-11-15 17:33:41 +01:00
Eugen Rochko
e71b152d89 Fix rubocop issues, introduce usage of frozen literal to improve performance 2016-11-15 16:56:29 +01:00
Eugen Rochko
a7332acba3 Delegate processing of incoming PuSH data to background workers 2016-11-15 15:43:33 +01:00
Eugen Rochko
19ea717b3c Fix wrong link header on followers API, wrong link in tabs component, order
account results
2016-11-14 01:19:25 +01:00
Eugen Rochko
6206f75837 Add limit to search results 2016-11-12 14:49:28 +01:00
Eugen Rochko
cbfa28b9cc Use full-text search for autosuggestions 2016-11-12 14:36:10 +01:00
Eugen Rochko
6d9f8ee11e Improve filtering of public/hashtag timelines, both in backlog and real-time 2016-11-10 00:03:33 +01:00
Eugen Rochko
a6667f7f58 Replace setting custom CORS headers with rack-cors, set it on /oauth/token endpoint 2016-11-09 18:06:01 +01:00
Eugen Rochko
beb36e24fe API pagination for all collections using Link header 2016-11-09 17:48:44 +01:00
Eugen Rochko
d98b43cf56 Move timelines API from statuses to its own controller, add a check for
resources that require a user context vs those that don't (such as public timeline)

/api/v1/statuses/public   -> /api/v1/timelines/public
/api/v1/statuses/home     -> /api/v1/timelines/home
/api/v1/statuses/mentions -> /api/v1/timelines/mentions
/api/v1/statuses/tag/:tag -> /api/v1/timelines/tag/:tag
2016-11-08 23:29:08 +01:00
Eugen Rochko
814907e870 Fix linking of remote hashtags in UI, add public view of hashtags 2016-11-05 17:44:14 +01:00
Eugen Rochko
cb22dce970 Adding hashtags 2016-11-05 17:13:14 +01:00
Eugen Rochko
082e57fc13 Adding hashtag model 2016-11-04 19:12:59 +01:00
Eugen Rochko
4c3885b952 Allow @username@domain/@username in follow form, prevent duplicate accounts
created via remote look-up when domains differ but point to the same resource
2016-11-03 16:57:44 +01:00
Eugen Rochko
7a527c947d Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status 2016-11-03 14:50:22 +01:00
Eugen Rochko
695f62e49e Need to disable caching again due to bug in Rabl 2016-11-03 13:59:31 +01:00
Eugen Rochko
e7035a4d39 Make cookies https-only if LOCAL_HTTPS is true, set X-Frame-Options to DENY,
add permissive CORS to API controllers
2016-11-02 12:58:15 +01:00
Eugen Rochko
36470feeb2 Fix follow icon changing plus to minus, add terms page stub 2016-11-01 18:05:55 +01:00
Eugen Rochko
95e65d883a Limit returned followees/followers by API to 40 for now 2016-10-30 15:14:07 +01:00
Eugen Rochko
38cacac4b0 Adding common followers API, fixing fallback query again 2016-10-29 01:29:19 +02:00
Eugen Rochko
cab1211ef7 Fix OAuth authorization redirect 2016-10-23 12:05:55 +02:00
Eugen Rochko
6657414266 Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limiting
to the API
2016-10-22 19:39:44 +02:00
Eugen Rochko
4470966cd9 Fix #100 - Add "back" button to certain views
Also fix reloading of timelines after merge-type events
2016-10-19 18:20:19 +02:00
Eugen Rochko
be98addccc Improving all forms 2016-10-18 16:37:15 +02:00
Eugen Rochko
683c42724f Added e-mail edit field to settings, proper format default for webfinger 2016-10-18 03:34:26 +02:00
Eugen Rochko
02613aef3b Adding application/jrd+json webfinger resource 2016-10-18 02:54:49 +02:00
Eugen Rochko
41aae40927 Fix #16 - Optimize n+1 queries when checking reblogged/favourited values for status lists in API 2016-10-16 19:10:16 +02:00
Eugen Rochko
5860094354 Adding sync of follow relationships to Neo4J, accounts/suggestions API 2016-10-14 23:10:07 +02:00
Eugen Rochko
588cb77e9f E-mail preferences page 2016-10-14 02:28:49 +02:00
Eugen Rochko
84495615b4 Shorten rendered links (strip protocol and www, truncate to 30 chars), redirect
to sign in page after sign up instead of root path which redirects to /about
2016-10-13 16:51:34 +02:00
Eugen Rochko
405f7f0541 No-op for Salmons without body, fail fast if Webfinger does not contain
all required resource links (profile page, salmon, atom feed, magic key)
2016-10-13 13:41:06 +02:00
Eugen Rochko
ad2a5cc79f Stop logging incoming Atom 2016-10-10 18:16:39 +02:00
Eugen Rochko
4f406d89b1 Log incoming Atom from PuSH 2016-10-10 17:40:28 +02:00
Eugen Rochko
102eab0ac9 Public timeline to exclude users you blocked 2016-10-09 15:15:21 +02:00
Eugen Rochko
9bf5a73968 Adding domain blocks 2016-10-09 14:48:59 +02:00
Eugen Rochko
c3f5dfeabb Adding public timeline 2016-10-07 16:00:11 +02:00
Eugen Rochko
93aa4085a2 Fix #73 - Click on in-UI profile avatar/name to open public profile 2016-10-06 23:15:50 +02:00
Eugen Rochko
10395fd275 Fix #72 - add follow/unfollow button to public profiles 2016-10-06 21:27:58 +02:00
Eugen Rochko
b23c4b488c Better comparison of "local" domain 2016-10-06 16:36:16 +02:00
Eugen Rochko
c02bdd64a0 Fix sign-in redirecting "back" to a missing image because missing static files hit the raise_not_found method 2016-10-06 15:42:00 +02:00
Eugen Rochko
96cc77ce55 Catch Paperclip errors on /api/v1/media, return early from update profile service if XML given is nil 2016-10-06 14:40:15 +02:00
Eugen Rochko
fe77921e47 Catching more exceptions that slipped through, removing AR logging from
production as it's very verbose and not very useful
2016-10-05 13:26:44 +02:00
Eugen Rochko
7b9a4af311 API for blocking and unblocking 2016-10-03 18:17:06 +02:00
Eugen Rochko
2c9e672ee2 Integrating block relationships into the API (read-only for now) 2016-10-03 17:16:58 +02:00
Eugen Rochko
9d59d7b463 Adding a block model and filter mentions from blocked users (fix #60) 2016-10-03 17:12:13 +02:00
Eugen Rochko
fc198a8b4c Adding e-mail confirmations 2016-10-03 16:51:00 +02:00
Eugen Rochko
188c6f326b Making public pages responsive, removing reblogs/favs counts from them 2016-10-03 00:26:00 +02:00
Eugen Rochko
9fd3d7b6cd Add since_id param to feeds 2016-10-02 22:35:27 +02:00
Eugen Rochko
a0f85774c4 Redirect after sign in to previous page (unless it's a sign in/up/etc page) 2016-10-02 17:11:08 +02:00
Eugen Rochko
6d7290f47c Add API for getting info about authenticated user: /api/v1/accounts/verify_credentials 2016-10-02 16:14:21 +02:00
Eugen Rochko
96ad9b0db1 Meaningful validation errors in API response 2016-09-30 22:31:16 +02:00
Eugen Rochko
62b057b085 Adjust client registration API 2016-09-30 00:03:08 +02:00
Eugen Rochko
ef2b50c9ac Deleting statuses from UI 2016-09-30 00:00:45 +02:00
Eugen Rochko
927333f4f8 Improve code style 2016-09-29 21:28:21 +02:00
Eugen Rochko
e63aebff7a Adding landing page 2016-09-27 23:12:33 +02:00
Eugen Rochko
4f9b7432dd Fix #52 - Add API versioning (v1) 2016-09-27 16:59:08 +02:00
Eugen Rochko
7e14eefc81 Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app
registration API
2016-09-26 23:56:53 +02:00
Eugen Rochko
693383234c Improved style of settings page 2016-09-25 15:48:20 +02:00
Eugen Rochko
3f9708edc4 Change output of api/accounts/:id/follow and unfollow to return relationship
Track relationship in redux state. Display follow/unfollow and following-back
information on account view (unstyled)
2016-09-23 20:23:26 +02:00
Eugen Rochko
c6d893a71d Uploading/undoing media modifies status text. Also: status text trimmed before validation 2016-09-22 21:39:53 +02:00
Eugen Rochko
c0e9603c92 Fix #50 - Order ancestors/descendants by tree path 2016-09-21 23:18:28 +02:00
Eugen Rochko
e46abc71ca Fix notifications in UI, added new API for fetching account relationships 2016-09-21 22:07:18 +02:00
Eugen Rochko
4bec613897 Fix #24 - Thread resolving for remote statuses
This is a big one, so let me enumerate:

Accounts as well as stream entry pages now contain Link headers that
reference the Atom feed and Webfinger URL for the former and Atom entry
for the latter. So you only need to HEAD those resources to get that
information, no need to download and parse HTML <link>s.

ProcessFeedService will now queue ThreadResolveWorker for each remote
status that it cannot find otherwise. Furthermore, entries are now
processed in reverse order (from bottom to top) in case a newer entry
references a chronologically previous one.

ThreadResolveWorker uses FetchRemoteStatusService to obtain a status
and attach the child status it was queued for to it.

FetchRemoteStatusService looks up the URL, first with a HEAD, tests
if it's an Atom feed, in which case it processes it directly. Next
for Link headers to the Atom feed, in which case that is fetched
and processed. Lastly if it's HTML, it is checked for <link>s to the Atom
feed, and if such is found, that is fetched and processed. The account for
the status is derived from author/name attribute in the XML and the hostname
in the URL (domain). FollowRemoteAccountService and ProcessFeedService
are used.

This means that potentially threads are resolved recursively until a dead-end
is encountered, however it is performed asynchronously over background jobs,
so it should be ok.
2016-09-21 01:50:31 +02:00
Eugen Rochko
1d2856c2af Since GNU Social hubs don't seem to return a hub.lease_seconds param in the subscription confirmation request,
we'll have to default that value to the GS "minimum" (from their code) which is 24 hours.
2016-09-20 03:24:04 +02:00
Eugen Rochko
246330493b More debugging for PuSH confirmations 2016-09-20 03:18:55 +02:00
Eugen Rochko
a66d34878c Add more logging to PuSH callback 2016-09-20 03:12:23 +02:00
Eugen Rochko
608a2bfffc Upgrade to PubSubHubbub 0.4 (removing verify_token) 2016-09-20 02:43:20 +02:00
Eugen Rochko
059ebbf48d Separate PuSH subscriptions from following, add mastodon:push:refresh task,
respect hub.lease_seconds (fix #46)
2016-09-20 00:43:36 +02:00
Eugen Rochko
adffc7a495 Fix #43 2016-09-18 12:28:49 +02:00
Eugen Rochko
bd5ad304ba Adding media controller, 1 webm/compose form allowed, previews generated 2016-09-17 17:47:26 +02:00
Eugen Rochko
0e9c1a297a Improved error handling for FollowRemoteService 2016-09-17 17:03:36 +02:00
Eugen Rochko
8c0b19012b Fix #41, debug #42 2016-09-17 16:36:10 +02:00
Eugen Rochko
5b0cef9781 Setting up preliminary "detailed" routes in the UI, new API end-point for fetching status context 2016-09-16 00:21:51 +02:00
Eugen Rochko
d6a64f45fd Adding a notification stack for error messages 2016-09-12 19:20:55 +02:00
Eugen Rochko
762157ee4e Fix for single status pages 2016-09-08 21:23:29 +02:00
Eugen Rochko
85d89b472d Optimized n+1 queries in accounts Atom and HTML views
Added stack trace for SQL queries in development
Removed badly thought out accounts/lookup API
2016-09-08 20:36:01 +02:00
Eugen Rochko
509c18eb13 Fix local follows, 404 in logs 2016-09-08 02:40:51 +02:00
Eugen Rochko
0f4bc56719 Improving production logs, removing n+1 on media attachments in atom,
adding attachments display to static views
2016-09-08 01:24:26 +02:00
Eugen Rochko
eec0dc46a6 PostStatusService can attach media to status, ProcessFeedService likewise 2016-09-05 18:39:53 +02:00
Eugen Rochko
ae1fac0062 Add API to upload media attachments 2016-09-05 17:46:36 +02:00
Eugen Rochko
b5ebf99439 Possibly fix issue with stale favourite/reblog information after API call 2016-09-04 21:28:48 +02:00
Eugen Rochko
54ea7f5dfe Case-insensitive search by usernames 2016-09-04 21:06:04 +02:00
Eugen Rochko
92afd29650 The frontend will now be an OAuth app, auto-authorized. The frontend will use an access token for API requests
Adding better errors for the API controllers, posting a simple status works from the frontend now
2016-08-26 19:12:19 +02:00
Eugen Rochko
bc0692d75b Removing mini-profiler that doesn't work, formatting timelines a bit better 2016-08-24 19:23:37 +02:00
Eugen Rochko
49520d6e62 Adding React.js, Redux, revamping dashboard 2016-08-24 17:56:44 +02:00
Eugen Rochko
8985f8e66c Fixing more configuration issues with ActionCable 2016-08-18 18:39:35 +02:00
Eugen Rochko
8459acd123 Fix for force SSL issue with websockets 2016-08-18 17:48:57 +02:00
Eugen Rochko
6426819b6f Fix tests 2016-08-18 17:22:44 +02:00
Eugen Rochko
6deb9f966e Live timelines using ActionCable 2016-08-18 15:49:51 +02:00
Eugen Rochko
10ba09f546 Upgrade to Rails 5.0.0.1 2016-08-17 17:58:00 +02:00
Eugen Rochko
ff2cbc0753 Remember me enabled by default 2016-03-28 00:06:52 +02:00
Eugen Rochko
85b00d19b8 Moving Salmon notifications to background processing, fixing mini-profiler
behaviour with Turbolinks enabled, optimizing Rabl for production
2016-03-26 13:42:10 +01:00
Eugen Rochko
da4b675aca Fix favourite handling in ProcessInteractionService 2016-03-26 01:34:12 +01:00
Eugen Rochko
43bb8a25e7 Remember user logins by default 2016-03-26 01:14:37 +01:00
Eugen Rochko
5764d52b04 Fix Sidekiq pooling issues. Remove API docs from homepage, replace with
a basic home timeline
2016-03-25 16:10:14 +01:00
Eugen Rochko
e24bfbde1a Fixing FanOutOnWriteService, fixing Sidekiq not having enough DB connections
in the pool, adding a throttle of 60rpm per IP, adding mini profiler, adding
admin status to users
2016-03-25 14:12:24 +01:00
Eugen Rochko
a08e724476 Fix subscriptions:clear task, refactor feeds, refactor streamable activites
and atom feed generation to some extent, as well as the way mentions are
stored
2016-03-25 02:13:30 +01:00
Eugen Rochko
9594f0e858 Fix preloading 2016-03-24 13:28:11 +01:00
Eugen Rochko
0f5bbb999c Pre-loading polymorphic associations for Atom feeds 2016-03-24 13:21:53 +01:00
Eugen Rochko
7e58303a8d Limit Atom feeds to 20 items by default, add pagination by max_id
(But there are no Atom feed pagination elements yet)
2016-03-24 12:49:34 +01:00
Eugen Rochko
082e1cbe5a Fix default max_id query in paginate_by_max_id 2016-03-22 21:53:33 +01:00
Eugen Rochko
12559b01ea Add pagination by max_id instead of offset/limit 2016-03-22 21:38:47 +01:00
Eugen Rochko
f14f462eaf Adding Turbolinks, adding status posting form on homepage 2016-03-21 18:26:47 +01:00
Eugen Rochko
c28971c70c Fixed the lookup API method 2016-03-21 17:33:04 +01:00
Eugen Rochko
02696a063e Change default avatar, redirect to home after sign up 2016-03-21 17:18:30 +01:00
Eugen Rochko
9d55529318 Fix text color in dashboard inputs, sanitize remote status content in UI,
simplify FanOutOnWriteService, add /api/accounts/lookup method
2016-03-21 17:02:16 +01:00
Eugen Rochko
7e00a21ea6 Small optimizations in Atom feeds 2016-03-21 10:31:20 +01:00
Eugen Rochko
19a259915e Security update 2016-03-21 10:08:19 +01:00
Eugen Rochko
2ba6537f52 Escape PuSH challenge and change subscriptions and salmon APIs to text/plain 2016-03-21 09:24:29 +01:00
Eugen Rochko
b640f35621 Writing out more tests, fixed some bugs 2016-03-20 13:03:06 +01:00
Eugen Rochko
e14b76c7cb On following/followers pages, show most recent first 2016-03-19 22:54:40 +01:00
Eugen Rochko
71ae4dd3d2 Adding public following and followers pages, fix #3 2016-03-19 14:02:30 +01:00
Eugen Rochko
c349200761 Removing some unused gems, adding pagination to profiles, fix #10 2016-03-19 12:49:34 +01:00
Eugen Rochko
9a7485d034 Fix typo on /api/accounts/:id/statuses, fix potential case-sensitivity issue
when registering incoming status mentions, add Travis CI file
2016-03-18 23:23:19 +01:00
Eugen Rochko
323474c97e Fix #2, add rake task for PuSH-unsubscribing from remote users who have no
local followers. Remote users' usernames SHOULD be case-sensitive
2016-03-17 12:02:45 +01:00
Eugen Rochko
9cb690c706 Access tokens no longer expire, case-insensitive local username validation, as well as case-insensitive Webfinger look-up 2016-03-16 18:29:52 +01:00
Eugen Rochko
6fec8afc3f Bind oauth applications to users 2016-03-14 17:49:13 +01:00
Eugen Rochko
3441361568 Adding simple_form, adding profile settings, header image 2016-03-12 20:47:22 +01:00
Eugen Rochko
1aa477ac2f Customized more doorkeeper views, only logged in users can create oauth apps 2016-03-12 19:46:06 +01:00
Eugen Rochko
aab9f57e36 Adding config for puma, dashboard layout, fixing some queries 2016-03-12 16:21:53 +01:00
Eugen Rochko
447cfef62d Improving feed queries, switching API to doorkeeper authentication 2016-03-11 16:47:36 +01:00
Eugen Rochko
6c4c84b161 Distrubute statuses as a fan-out-on-write system, with optional precomputing 2016-03-08 20:20:45 +01:00
Eugen Rochko
fe57f6330f API methods for retrieving home and mentions timelines 2016-03-07 13:25:26 +01:00
Eugen Rochko
f099bc6091 Adding API for favouriting a status 2016-03-07 12:58:42 +01:00
Eugen Rochko
ab6696e855 Adding doorkeeper, adding a REST API
POST /api/statuses                  Params: status (text contents), in_reply_to_id (optional)
GET  /api/statuses/:id
POST /api/statuses/:id/reblog

GET  /api/accounts/:id
GET  /api/accounts/:id/following
GET  /api/accounts/:id/followers
POST /api/accounts/:id/follow
POST /api/accounts/:id/unfollow

POST /api/follows                  Params: uri (e.g. user@domain)

OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
2016-03-07 12:42:33 +01:00
Eugen Rochko
3824c58853 Adding GNU Public license, adding home timeline, reblog/favourite counters 2016-03-06 17:52:23 +01:00
Eugen Rochko
c605b828b5 Adding routes to follow, unfollow, favourite and reblog (locally known models) 2016-03-06 12:51:55 +01:00
Eugen Rochko
aab330eb2d Adjusting design of public pages, optimizing account page queries 2016-03-06 12:34:39 +01:00
Eugen Rochko
ab80ebdeec Adjusting design of profile and entry pages, linkify mentions in statuses 2016-03-05 23:42:40 +01:00
Eugen Rochko
6045b6cb18 Customizing devise views and controllers 2016-03-05 22:43:05 +01:00
Eugen Rochko
3b4e04dc32 Fixing some bugs, adding pending test examples 2016-03-05 12:50:59 +01:00
Eugen Rochko
23d08c6749 Changing the use of config constants to the Rails configuration object 2016-02-29 20:06:39 +01:00
Eugen Rochko
0e8f59c16f Refactoring Grape API methods into normal controllers & other things 2016-02-29 19:42:08 +01:00
Eugen Rochko
47d50b0e39 A lot of fixes from a live test 2016-02-28 15:46:29 +01:00
Eugen Rochko
24646d5769 Adding views for the profile and entry pages 2016-02-26 20:48:20 +01:00
Eugen Rochko
fa33750105 Adding reblogs, favourites, improving atom generation 2016-02-23 19:17:37 +01:00
Eugen Rochko
2bc48e9064 Individual atom entries 2016-02-22 19:11:07 +01:00
Eugen Rochko
1dad72bf13 Fixes and general progress 2016-02-22 18:10:30 +01:00
Eugen Rochko
709c6685a9 Made some progress 2016-02-22 16:00:20 +01:00
Eugen Rochko
9c4856bdb1 Initial commit 2016-02-20 22:53:20 +01:00