Commit graph

192 commits

Author SHA1 Message Date
Eugen Rochko
c99f41dc3c Improve ActivityPub representations (#3844)
* Improve webfinger templates and make tests more flexible

* Clean up AS2 representation of actor

* Refactor outbox

* Create activities representation

* Add representations of followers/following collections, do not redirect /users/:username route if format is empty

* Remove unused translations

* ActivityPub endpoint for single statuses, add ActivityPub::TagManager for better
URL/URI generation

* Add ActivityPub::TagManager#to

* Represent all attachments as Document instead of Image/Video specifically
(Because for remote ones we may not know for sure)

Add mentions and hashtags representation to AP notes

* Add AP-resolvable hashtag URIs

* Use ActiveModelSerializers for ActivityPub

* Clean up unused translations

* Separate route for object and activity

* Adjust cc/to matrices

* Add to/cc to activities, ensure announce activity embeds target status and
not the wrapper status, add "id" to all collections
2017-07-15 03:01:39 +02:00
Yamagishi Kazutoshi
7be29a500d Add Rake task for generate VAPID key (#4195)
* Add Rake task for generate VAPID key

* edit config/initializers/vapid.rb
2017-07-14 12:13:43 +02:00
Sorin Davidoi
ecab38fd66 Web Push Notifications (#3243)
* feat: Register push subscription

* feat: Notify when mentioned

* feat: Boost, favourite, reply, follow, follow request

* feat: Notification interaction

* feat: Handle change of public key

* feat: Unsubscribe if things go wrong

* feat: Do not send normal notifications if push is enabled

* feat: Focus client if open

* refactor: Move push logic to WebPushSubscription

* feat: Better title and body

* feat: Localize messages

* chore: Fix lint errors

* feat: Settings

* refactor: Lazy load

* fix: Check if push settings exist

* feat: Device-based preferences

* refactor: Simplify logic

* refactor: Pull request feedback

* refactor: Pull request feedback

* refactor: Create /api/web/push_subscriptions endpoint

* feat: Spec PushSubscriptionController

* refactor: WebPushSubscription => Web::PushSubscription

* feat: Spec Web::PushSubscription

* feat: Display first media attachment

* feat: Support direction

* fix: Stuff broken while rebasing

* refactor: Integration with session activations

* refactor: Cleanup

* refactor: Simplify implementation

* feat: Set VAPID keys via environment

* chore: Comments

* fix: Crash when no alerts

* fix: Set VAPID keys in testing environment

* fix: Follow link

* feat: Notification actions

* fix: Delete previous subscription

* chore: Temporary logs

* refactor: Move migration to a later date

* fix: Fetch the correct session activation and misc bugs

* refactor: Move migration to a later date

* fix: Remove follow request (no notifications)

* feat: Send administrator contact to push service

* feat: Set time-to-live

* fix: Do not show sensitive images

* fix: Reducer crash in error handling

* feat: Add badge

* chore: Fix lint error

* fix: Checkbox label overlap

* fix: Check for payload support

* fix: Rename action "type" (crash in latest Chrome)

* feat: Action to expand notification

* fix: Lint errors

* fix: Unescape notification body

* fix: Do not allow boosting if the status is hidden

* feat: Add VAPID keys to the production sample environment

* fix: Strip HTML tags from status

* refactor: Better error messages

* refactor: Handle browser not implementing the VAPID protocol (Samsung Internet)

* fix: Error when target_status is nil

* fix: Handle lack of image

* fix: Delete reference to invalid subscriptions

* feat: Better error handling

* fix: Unescape HTML characters after tags are striped

* refactor: Simpify code

* fix: Modify to work with #4091

* Sort strings alphabetically

* i18n: Updated Polish translation

it annoys me that it's not fully localized :P

* refactor: Use current_session in PushSubscriptionController

* fix: Rebase mistake

* fix: Set cacheName to mastodon

* refactor: Pull request feedback

* refactor: Remove logging statements

* chore(yarn): Fix conflicts with master

* chore(yarn): Copy latest from master

* chore(yarn): Readd offline-plugin

* refactor: Use save! and update!

* refactor: Send notifications async

* fix: Allow retry when push fails

* fix: Save track for failed pushes

* fix: Minify sw.js

* fix: Remove account_id from fabricator
2017-07-13 22:15:32 +02:00
Eugen Rochko
8abeec1f4f Improve UI of admin site settings (#4163) 2017-07-12 03:24:04 +02:00
Eugen Rochko
0217e15dd3 Fix #4058 - Use a long-lived cookie to keep track of user-level sessions (#4091)
* Fix #4058 - Use a long-lived cookie to keep track of user-level sessions

* Fix tests, smooth migrate from previous session-based identifier
2017-07-07 23:25:15 +02:00
Yamagishi Kazutoshi
46a69513d4 Add recursive object support to API response (#4095) 2017-07-07 14:12:16 +02:00
Eugen Rochko
c465c5b3a8 Add overview of active sessions (#3929)
* Add overview of active sessions

* Better display of browser/platform name

* Improve how browser information is stored and displayed for sessions overview

* Fix test
2017-06-25 16:54:30 +02:00
Sorin Davidoi
1280559503 Revocable sessions (#3616)
* feat: Revocable sessions

* fix: Tests using sign_in

* feat: Configuration entry for the maximum number of session activations
2017-06-23 18:50:53 +02:00
Eugen Rochko
8bed91d94c Rename FollowRemoteAccountService to ResolveRemoteAccountService (#3847)
Rename Activitypub to ActivityPub
2017-06-19 01:51:04 +02:00
Matt Jankowski
eea027c5c2 Update Rails to version 5.1.1 (#3121)
* Update rails to version 5.1.1

* Run `rails app:update`

* Remove the override of polymorphic activity relationship

* Silence warning about otp_secret attribute being unknown to rails

* We will only introduce form_with where we want to use remote data
2017-06-01 20:53:37 +02:00
Immae
ae917bfb23 Allow alternate domains for mastodon handlers (#3187) 2017-05-22 15:40:04 +02:00
Clworld
2214d1ecd7 Set config.cache_store in environments file. (#3219)
* Set config.cache_store in application.rb

* Set config.cache_store in environments.

* fix code format.
2017-05-22 15:01:02 +02:00
Eugen Rochko
d9797075e2 Adjust REDIS_URL usage in node_redis (#3183)
Resolves #2780
2017-05-20 21:06:09 +02:00
Eugen Rochko
9ade22cd04 Improve language filter preferences look (#3184) 2017-05-20 19:42:44 +02:00
beatrix
f88ff75a8d namespace redis usage (#2869)
* add redis-namespace gem

* namespace redis usage

* refactor redis namespace code to be less intrusive

previously : would be prepended to keys when the
REDIS_NAMESPACE env var was not set

now if it is not set the namespacing functions are
not used at all, which should prevent disruptions
when instances update.

* fix redis namespace variable style in streaming js

* remove trailing space

* final redis namespace style fix
2017-05-07 19:42:32 +02:00
alpaca-tc
3ceb700ea2 Fixes unknown mime type (#2822) 2017-05-05 21:32:14 +02:00
Akihiko Odaki
8546649425 Use ws protocol in streaming API base URL (#2606) 2017-05-04 15:55:13 +02:00
alpaca-tc
62738bf1a9 Localize 'throttled' (#2755) 2017-05-03 23:36:19 +02:00
Eugen Rochko
0951a2f9f3 Clean up redis configuration. Allow using REDIS_URL to set advanced (#2732)
connection options instead of setting REDIS_HOST etc individually

Close #1986
2017-05-03 23:18:13 +02:00
Eugen Rochko
ef2af79a48 Replace sprockets/browserify with Webpack (#2617)
* Replace browserify with webpack

* Add react-intl-translations-manager

* Do not minify in development, add offline-plugin for ServiceWorker background cache updates

* Adjust tests and dependencies

* Fix production deployments

* Fix tests

* More optimizations

* Improve travis cache for npm stuff

* Re-run travis

* Add back support for custom.scss as before

* Remove offline-plugin and babili

* Fix issue with Immutable.List().unshift(...values) not working as expected

* Make travis load schema instead of running all migrations in sequence

* Fix missing React import in WarningContainer. Optimize rendering performance by using ImmutablePureComponent instead of
React.PureComponent. ImmutablePureComponent uses Immutable.is() to compare props. Replace dynamic callback bindings in
<UI />

* Add react definitions to places that use JSX

* Add Procfile.dev for running rails, webpack and streaming API at the same time
2017-05-03 02:04:16 +02:00
Tristan Mahé
19881e24fe allow localhost to bypass the ratelimit (#2554) 2017-04-30 00:27:49 +02:00
yhirano
f7883d0f32 Change permission from 0755 to 0644 (#2536)
* chmod -x assets.rb

* chmod -x assets/fonts

* raname extname from jpeg to jpg
2017-04-27 19:29:41 +02:00
Eugen Rochko
4a7dc4fadc OEmbed support for PreviewCard (#2337)
* OEmbed support for PreviewCard

* Improve ProviderDiscovery code failure treatment

* Do not crawl links if there is a content warning, since those
don't display a link card anyway

* Reset db schema

* Fresh migrate

* Fix rubocop style issues
Fix #1681 - return existing access token when applicable instead of creating new

* Fix test

* Extract http client to helper

* Improve oembed controller
2017-04-27 14:42:22 +02:00
ばん
824d37671c fix can toot whitespace (#2218) 2017-04-22 19:48:55 +02:00
Ash Furrow
9b1a881d40 Removes timestamp from URLs. (#2185) 2017-04-20 03:54:24 +02:00
tmyt
2e1e061f24 Make configuarable s3_permissions for paperclip (#2139) 2017-04-19 14:20:36 +02:00
Yamagishi Kazutoshi
a3358f438f Change to switch signature version for Amazon S3 (#2124) 2017-04-19 14:18:50 +02:00
Eugen
21816d08ec Fix #1642, fix #1912 - Dictate content-type file extension (#2078)
* Fix #1642, fix #1912 - Previous change (#1718) did not modify how original file was saved on upload

* Fix for when file is missing
2017-04-18 23:15:44 +02:00
Eugen
e47b32072f Add rate limits for logins and sign-ups by IP (5 in 5 minutes) (#2079)
* Add rate limits for logins and sign-ups by IP (5 in 5 minutes)
Should be enough for normal attempts

* Add rate limit for forgotten password form as well
2017-04-18 22:29:14 +02:00
Joachim Viide
c923b8bb63 Leave out the "Expires" header from S3 uploads (#1886) 2017-04-16 04:01:58 +02:00
Naouak
85ff7666f3 Check for a custom css file to help customization of instances (#1368)
* User can create a custom.scss to customize their instance without modifying gitted files.

* Add documentation for customization.

* Forgot the helper file

* Fix Style to pass codeclimate

* Requests from maintainer.
2017-04-15 22:47:48 +02:00
Patrick Figel
15b393201e Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
2017-04-15 13:26:03 +02:00
Les Orchard
492e8ec00e Add REDIS_DB env variable to configure Redis database (#1366) 2017-04-15 02:21:13 +02:00
ThibG
c45c67c2ac Allow running mastodon on a different domain as the one used for identifying users (#1267)
* Allow running mastodon on a different domain as the one used for identifying users

* Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing

* Compare to web_domain instead of local_domain when dealing with feeds/API

* Correctly identify mentions to local accounts

Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN.
2017-04-15 02:15:46 +02:00
Valentin Lorentz
5da8581563 Custom Paperclip path. (#778)
* Custom Paperclip path.

* Document PAPERCLIP_ROOT.

* Add PAPERCLIP_ROOT_URL (and rename PAPERCLIP_ROOT to PAPERCLIP_ROOT_PATH).
2017-04-15 02:07:21 +02:00
Yusuke Abe
f3ae46a512 Add filename extension to paperclip (#1718) 2017-04-13 21:52:56 +02:00
Matt Jankowski
d1ebb63c54 Quick best practice cleanup of views/helpers (#1546)
* Remove trailing whitespace

* Use query methods instead of explicit .blank? checks
2017-04-12 18:24:18 +02:00
Yann GUERN
dc7ea0225a Avoid user enumeration with devise paranoid mode (#1527) 2017-04-11 14:21:15 +02:00
Matt Jankowski
fcec9fcd99 Pagination improvements (#1445)
* Replace will_paginate with kaminari

* Use #page instead of #paginate in controllers

* Replace will_paginate.page_gap with pagination.truncate in i18n

* Customize kaminari views to match prior styles

* Set kaminari options to match prior behavior

* Replace will_paginate with paginate in views
2017-04-11 01:11:41 +02:00
Matt Jankowski
b4950a59bb Version bumps for ruby and misc gems (#1159)
* Update rspec-rails to version 3.5.2

* Update addressable to version 2.5.1

* Update autoprefixer-rails to version 6.7.7.1

* Update bullet to version 5.5.1

* Update domain_name to version 0.5.20170404

* Update letter_opener_web to version 1.3.1

* Upate redis-rails to version 5.0.2

* Update active_record_query_trace to version 1.5.4

* Update capistrano-rails to version 1.2.3

* Update dotenv-rails to version 2.2.0

* Update pg to version 0.20.0

* Update tilt to version 2.0.7

* Update warden to version 1.2.7

* Update tins to version 1.13.2

* Update terminal-table to version 1.7.3

* Update oj to version 2.18.5

* Update simplecov to version 0.14.1

* Update uglifier to version 3.1.13

* Update hashdiff to version 0.3.2

* Update webmock to version 2.3.2

* Update devise to version 4.2.1

* Use ruby version 2.4.1

* Update sass to version 3.4.23

* Update puma to version 3.8.2

* Update will_paginate to version 3.1.5

* Update font-awesome-rails to version 4.7.0.1

* Update fuubar to version 2.2.0

* Update pry-rails to version 0.3.6

* Update simple-navigation to version 4.0.5

* Update rubocop to version 0.48.1

* Update doorkeeper to version 4.2.5

* Update faker to version 1.7.3

* Update aws-sdk to version 2.9.5

* Update fabrication to version 2.16.1

* Update hamlit-rails to version 0.2.0

* Update http to version 2.2.1

* Update httplog to version 0.99.2

* Update sidekiq to version 4.2.10

* Update rspec-sidekiq to version 3.0.0

* Update pghero to version 1.6.4

* Update rack-cors to version 0.4.1

* Update i18n-tasks to version 0.9.13

* Update ruby-oembed to version 0.12.0

* Update jquery-rails to version 4.3.1

* Update simple_form to version 3.4.0

* Update react-rails to version 1.11.0

* Update aws-sdk to version 2.9.6

* Update sidekiq-unique-jobs to version 5.0.0

* Update uglifier to version 3.2.0
2017-04-10 22:47:41 +02:00
Eugen Rochko
06e3d9bdd8 Make sure Rabl is using Oj 2017-04-05 19:29:30 +02:00
Pete Keen
f28fcf9080 [#817] Add email whitelist
This adds the ability to filter user signup with a whitelist
instead of or in addition to a blacklist.

Fixes #817
2017-04-04 11:20:15 -04:00
Eugen Rochko
00e99e58db Add proper error page for request timeouts 2017-04-02 19:43:44 +02:00
leopku
11f8faa6ba 🔧 S3 protocol from ENV
add support for reading S3 protocol from ENV
also add S3_HOSTNAME in .env.production.sample
2017-03-23 15:44:55 +08:00
Eugen Rochko
a19062b726 Federate header images, fix open-uri http->https redirection error 2017-03-18 22:51:20 +01:00
Eugen Rochko
453d65e6da Obfuscate filenames better, double rate limits 2017-03-14 15:59:21 +01:00
Eugen Rochko
250beb1971 Revert earlier fix due to new bug reports 2017-03-06 02:25:41 +01:00
Eugen Rochko
65b49d95b7 Make the paperclip filename interpolator smarter about the :original style
If an :original gets converted into another format, it would get saved as
original_filename *anyway*, so generating the extension is pointless and
yields bad results for when you change the style definition later. This way,
old gifs will still have correct URLs
2017-03-05 23:03:49 +01:00
Eugen Rochko
03ce24d3bf Update service timeout setting from 15s to 90s 2017-02-13 20:42:02 +01:00
Eugen
7037774d6e Merge pull request #603 from evanminto/activitypub-account
Expose ActivityStreams 2.0 representation of accounts
2017-02-07 02:08:40 +01:00
Evan Minto
db7affbf5b Reuse existing controller and route 2017-02-06 01:19:26 -08:00
Eugen Rochko
9bd2b6be86 Make the streaming API also handle websockets (because trying to get the browser EventSource interface to
work flawlessly was a nightmare). WARNING: This commit makes the web UI connect to the streaming API instead
of ActionCable like before. This means that if you are upgrading, you should set that up beforehand.
2017-02-04 00:34:31 +01:00
Eugen Rochko
557de8e24c Update settings to re-use admin layout, one big navigation tree, improve settings forms 2017-01-28 03:56:10 +01:00
Eugen Rochko
0bf8c1b5d8 Do not automatically login after password reset, as it would circumvent two-factor auth (if enabled)
Do not require e-mail address changes to be re-confirmed, it's only trouble for no real benefit
2017-01-27 20:35:16 +01:00
Eugen Rochko
9b8670c939 Added optional two-factor authentication 2017-01-27 20:35:16 +01:00
Eugen Rochko
8008b60324 Fix key names in statsd 2017-01-26 19:46:52 +01:00
Eugen Rochko
fd23876e75 Improve StatsD instrumentation 2017-01-26 19:08:05 +01:00
Eugen Rochko
4bd0286045 Fix up timeout, improve contrast on "show more", add responsive style
for extremely wide monitors
2017-01-26 18:48:56 +01:00
Eugen
f80c55b591 Fix error 2017-01-22 23:07:31 +01:00
Eugen Rochko
e161d2acdc Override Rack::Request to use the same trusted proxy settings as Rails 2017-01-22 21:01:28 +01:00
Eugen Rochko
f748a91ec7 Fix #463 - Fetch and display previews of URLs using OpenGraph tags 2017-01-20 01:00:14 +01:00
Eugen Rochko
86264a950c Add optional StatsD performance tracking 2017-01-18 23:44:29 +01:00
Effy Elden
a898072d76 Add Heroku deployment support 2017-01-17 22:00:03 +11:00
Effy Elden
db40fd4641 Change default S3 ACL string used by Paperclip from 'public' (which is invalid) to 'public-read' 2017-01-15 20:58:46 +11:00
Eugen Rochko
f29df16eea Fix Paperclip timeout setting. Fix bug introduced in #437 2017-01-08 19:12:54 +01:00
Eugen Rochko
438446b397 Add read timeout to paperclip when it's downloading remote images 2017-01-07 15:43:56 +01:00
Eugen Rochko
238233440f Follow call on locked account creates follow request instead
Reflect "requested" relationship in API and UI
Reflect inability of private posts to be reblogged in the UI
Disable Webfinger for locked accounts
2016-12-22 23:03:57 +01:00
Eugen Rochko
7855a9b58b Don't use rack timeout in any but production environments 2016-12-21 19:10:40 +01:00
Eugen Rochko
9d4f96f440 Removing external hub completely, fix #333 fixing digit-only hashtags,
removing web app capability from non-webapp pages
2016-12-18 12:24:37 +01:00
Eugen Rochko
4a167885b2 Fix paperclip config 2016-12-07 17:19:29 +01:00
Eugen Rochko
311f2354cf Update Paperclip config to allow plugging in Minio instead of AWS 2016-12-07 16:59:18 +01:00
Eugen Rochko
5522606989 Add single user mode 2016-12-06 17:19:26 +01:00
Eugen Rochko
e5e702a976 Adding configurable e-mail blacklist 2016-12-04 19:07:02 +01:00
Eugen Rochko
f6b99b05d3 Do not use expiring links after all 2016-12-04 13:02:43 +01:00
Eugen Rochko
595f592304 Do not autoplay videos, display play button instead. Use expiring links when using S3. Do not keep originals
for avatars/headers, resize avatars down to 120x120 instead of 300x300. Set cache headers on S3 stuff, also
make it private (aka only accessible via expiring links to prevent hotlinking)
2016-12-04 12:28:10 +01:00
Eugen Rochko
e20d57a9e6 Fix cloudfront config 2016-12-03 22:12:22 +01:00
Eugen Rochko
b245dc1575 Add Cloudfront support 2016-12-03 22:08:15 +01:00
Eugen Rochko
67db2cd871 Upgrade Paperclip to 5, AWS-SDK to 2, do not generate medium/small versions of avatars 2016-11-29 14:20:15 +01:00
Eugen Rochko
3c1c2b0e06 Adding rack timeout of 30sec, PuSH jobs moved to push queue so they
can be processed separately
2016-11-29 02:07:14 +01:00
Eugen Rochko
56b9edd476 Don't rate-limit PuSH endpoints 2016-11-29 00:44:11 +01:00
Eugen Rochko
79075e1303 Fix URLs in inline-rendered XML 2016-11-29 00:26:01 +01:00
Eugen
4d3cd93221 Fix URLs in ApplicationController.renderer 2016-11-28 21:21:05 +01:00
Eugen Rochko
de5764c372 Fix reset date format when rate limited 2016-11-25 18:20:47 +01:00
Eugen Rochko
30f9e9e624 Remove Neo4J 2016-11-24 23:46:27 +01:00
Eugen Rochko
8ab2fcbb2c Mini Profiler not working well, remove it 2016-11-24 19:59:11 +01:00
Eugen Rochko
30010a6dbd Moving some counter queries out of subqueries in the API 2016-11-22 22:59:54 +01:00
Eugen Rochko
0e0b4f9e59 i18n for devise mailer too 2016-11-16 18:25:21 +01:00
Eugen Rochko
1b61e404b4 Localizations for most server-side strings 2016-11-16 00:55:33 +01:00
Eugen Rochko
e71b152d89 Fix rubocop issues, introduce usage of frozen literal to improve performance 2016-11-15 16:56:29 +01:00
Eugen Rochko
46191e7071 Adding Emoji One 2016-11-08 21:46:29 +01:00
Eugen Rochko
9da30e31c8 Fix region setting for AWS gem 2016-11-08 18:55:46 +01:00
Eugen Rochko
8f0869876b Improved configuration from ENV, cleaned up timeline filter methods
to be more readable, add extra logging to process feed service
2016-11-07 23:20:52 +01:00
Eugen Rochko
89e887b44a Fix insecure S3 URLs 2016-11-06 20:59:06 +01:00
Eugen Rochko
54b9a42b3a Fix URL configuration when S3 is enabled 2016-11-06 20:43:16 +01:00
Eugen Rochko
ec43fb73ed Improve S3 config 2016-11-06 18:55:20 +01:00
Eugen Rochko
eb6ad973d1 Adding optional S3, fail-mastodon 2016-11-06 18:35:46 +01:00
Eugen Rochko
e7035a4d39 Make cookies https-only if LOCAL_HTTPS is true, set X-Frame-Options to DENY,
add permissive CORS to API controllers
2016-11-02 12:58:15 +01:00
Eugen Rochko
ff0eca7337 Restrict access to oauth/applications to admins only 2016-10-23 12:08:52 +02:00
Eugen Rochko
6657414266 Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limiting
to the API
2016-10-22 19:39:44 +02:00
Eugen Rochko
be98addccc Improving all forms 2016-10-18 16:37:15 +02:00