New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Instance only statuses #8427
[WIP] Instance only statuses #8427
Commits on Sep 3, 2018
Commits on Sep 4, 2018
-
ran yarn build:development && i18n-tasks normalize && yarn manage:translations && i18n-tasks remove-unused
-
-
-
Commits on Oct 1, 2018
Commits on Oct 23, 2018
Commits on Nov 23, 2018
-
Check for empty "last_status" before sorting DM column (mastodon#9207)
* Check for empty "last_status" before sorting * Small touchups for codeclimate
-
-
Optimize the process of following someone (mastodon#9220)
* Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix mastodon#6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService
-
Fix follow limit validator reporting lower number past threshold (mas…
…todon#9230) * Fix follow limit validator reporting lower number past threshold * Avoid floating point follow limit
-
Display amount of freed disk space in tootctl media remove (mastodon#…
…9229) * Display amount of freed disk space in tootctl media remove Fix mastodon#9213 * Fix code style issue
-
Improve ActiveRecord connection in on_worker_boot (mastodon#9238)
This is how it looks in the example in the Puma README
-
-
-
Fix "tootctl media remove" can't count the file size (mastodon#9288)
* Fixed an issue where "tootctl media remove" can not count the file size. * Fixed the problem pointed out by codeclimate.
-
Update Nginx config for Nanobox apps (mastodon#9310)
The Nanobox files have gotten out of sync, a touch, with what Masto needs for Nginx settings. This PR updates them accordingly.
-
WebSub: ATOM before RSS (mastodon#9302)
Hello, The ATOM feed contains the hub declaration for WebSub, but the RSS version does not. RSS/ATOM readers will typically pick whichever version comes first, and will thus not see the WebSub feature. I therefore suggest putting the ATOM version first, as it is more feature-rich than its RSS counterpart is. Clients not compatible with ATOM would not pick it anyway due to the different type attribute. A more complicated alternative would be to declare the WebSub feature in the RSS version as well, using something like the following code, and ensuring that clients subscribed to the RSS version would receive PuSH updates just like those subscribed to the ATOM version. ````xml <rss version="2.0" xmlns:webfeeds="http://webfeeds.org/rss/1.0" xmlns:atom="http://www.w3.org/2005/Atom"> <channel> <atom:link rel="self" type="application/rss+xml" href="https://diaspodon.fr/users/test.rss"/> <atom:link rel="hub" href="https://diaspodon.fr/api/push"/> </channel> </rss> ```
-
Touch account on successful response, change char shown when culled (m…
…astodon#9293) Just the color is not enough change since not everyone uses colored terminals. Touching the account makes it so that the account is not in the threshold window in case of running again
-
Ignore JSON-LD profile in mime type comparison (mastodon#9179)
Ignore JSON-LD profile in mime type comparison
-
Fix connect timeout not being enforced (mastodon#9329)
* Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec
-
Commits on Nov 30, 2018
-
-
Allow hyphens in the middle of remote user names (mastodon#9345)
Fixes mastodon#9309 This only allows hyphens in the middle of a username, much like dots, although I don't have a compelling reason to do so other than keeping the changes minimal.
-
-
Commits on Dec 2, 2018
Commits on Dec 7, 2018
Commits on Jan 9, 2019
Commits on Jan 22, 2019
Commits on Jan 31, 2019
Commits on Feb 17, 2019
-
Bumps copyright year in README.md to 2019 (mastodon#9939)
This is so incredibly small, but assuming this is a needed change. Might want to check year in other files.
-
Fix link color in high-contrast theme, add underlines (mastodon#9949)
Improve sorting of default themes in the dropdown
-
-
Allow most kinds of characters in URL query (fixes mastodon#8408) (ma…
…stodon#8447) * Allow unicode characters in URL query strings Fixes mastodon#8408 * Alternative approach to unicode support in urls Adds PoC/idea to approch this problem.
-
[UI] Fix whitespace being applied to div instead of p (mastodon#9968)
* fix large line breaks * fix ascii art posts
-
Hide misleading “You will be sent a confirmation e-mail” hint from ad…
…min view (mastodon#9973) Thanks @wryk for noticing this issue.
-
-
Only URLs extract with pre-escaped text (mastodon#9991)
* [test] add japanese hashtag testcase * Only URLs extract with pre-escaped text ( mastodon#9989 )
-
Fix IntersectionObserverArticle not hiding some out-of-view items (ma…
…stodon#9982) IntersectionObserverArticle is made to save on RAM by avoiding fully rendering items that are far out of view. However, it did not work for items spawned outside the intersection observer.
-
Fix timeline jumps (mastodon#10001)
* Avoid two-step rendering of statuses as much as possible Cache width shared by Video player, MediaGallery and Cards at the ScrollableList level, pass it down through StatusList and Notifications. * Adjust scroll when new preview cards appear * Adjust scroll when statuses above the current scroll position are deleted
-
Add support for IPv6 only MXes in Email validation (mastodon#10009)
* Add support for IPv6 only MXes * Fixed email validator tests
-
-
Add tight rate-limit for API deletions (mastodon#10042)
Deletions take a lot of resources to execute and cause a lot of federation traffic, so it makes sense to decrease the number someone can queue up through the API. 30 per 30 minutes
-
Create Redisable#redis (mastodon#9633)
* Create Redisable * Use #redis instead of Redis.current
-
Alternative handling of private self-boosts (mastodon#9998)
* When self-boosting, embed original toot into Announce serialization * Process unknown self-boosts from Announce object if it is more than an URI * Add some self-boost specs * Only serialize private toots in self-Announces
-
Filter incoming Create activities by relation to local activity (mast…
…odon#10005) Reject those from accounts with no local followers, from relays that are not enabled, which do not address local accounts and are not replies to accounts that do have local followers
-
Filter incoming Announce activities by relation to local activity (ma…
…stodon#10041) * Filter incoming Announce activities by relation to local activity Reject if announcer is not followed by local accounts, and is not from an enabled relay, and the object is not a local status Follow-up to mastodon#10005 * Fix tests
-
Change robots.txt to exclude some URLs (mastodon#10037)
- Exclude static assets - Exclude uploaded files - Exclude alternate versions of the profile page - Exclude media proxy URLs
-
Change robots.txt to exclude only media proxy URLs (mastodon#10038)
* Revert "Change robots.txt to exclude some URLs (mastodon#10037)" This reverts commit 80161f4. * Let's block media_proxy /media_proxy/ is a dynamic route used for requesting uncached media, so it's probably bad to let crawlers use it * misleading comment
-
Improve image description user experience (mastodon#10036)
* Add image descriptions to searchable post content. * Allow multi-line image descriptions. * Request image descriptions in the same query as posts when creating the search index. (see mastodon#10036 (comment))
-
-
Commits on Feb 19, 2019
Commits on Apr 13, 2019
Commits on Apr 30, 2019
Commits on May 7, 2019
Commits on May 19, 2019
-
-
Fix some colors of high contrast theme (mastodon#10711)
* Fix "nothing here" text color of high contrast * Fix counter border color of high contrast
-
-
Improve poll link accessibility (mastodon#10720)
* Add distinction between hover and active/focus states * Resolves mastodon#10198
-
Change icon and label depending on whether media is marked as sensiti…
…ve (mastodon#10748) * Change icon and label depending on whether media is marked as sensitive * WiP use a checkbox
-
Fix some colors in light theme (mastodon#10754)
* Fix typo in light theme * Fix background color of empty column
-
Adds click-able div that expands status (mastodon#10733) (mastodon#10766
-
-
Commits on May 24, 2019
-
Retry ActivityPub inbox delivery on HTTP 401 and 408 errors (mastodon…
…#10812) HTTP 401 responses returned by Mastodon's inbox controller may be temporary if, for instance, the requesting user's actor/key json could not be retrieved in a timely fashion. This changes allow retries instead of dropping the message entirely. Also added HTTP 408 as that error is by nature temporary.
-
Move signature verification stoplight to the requests themselves (mas…
…todon#10813) * Move signature verification stoplight to the requests themselves This avoids blocking messages from known keys for 5 minutes when only one fails… * Put the stoplight on the actual client IP, not a potential reverse proxy
-
Improve streaming server security (mastodon#10818)
* Check OAuth token scopes in the streaming API * Use Sec-WebSocket-Protocol instead of query string to pass WebSocket token Inspired by kubevirt/kubevirt#1242
-
Commits on Jun 3, 2019
Commits on Jun 25, 2019
Commits on Jun 30, 2019
Commits on Aug 6, 2019
-
Fix account URI in UpdatePollSerializer (mastodon#11194)
* Fix account URI in UpdatePollSerializer Fixes mastodon#11185 * Add specs
-
Fix BackupService crashing when an attachment is missing (mastodon#11241
) * Fix BackupService crashing when an attachment is missing For various reasons such as admin error or out-of-sync media and database backups, it might be possible for local attachments to be lost. This commit allows the BackupService to continue its work even if some media file is missing. * Change error message
-
Fix invites not being disabled upon account suspension (mastodon#11412)
* Disable invite links from disabled/suspended users * Add has_many invites relationship to users * Destroy unused invites when suspending an account
-
Fix expiration date of filters being set to “Never” when editing them (…
…mastodon#11204) When editing a custom filter, select the shortest preset duration that still covers the remaining time of that filter. Fixes mastodon#9506
-
Remove unused StatsD code and expose StatsD as a global variable (mas…
…todon#11232) The instrumentation code was used for StatsD metrics collection prior to the switch to the nsa gem and should have been removed at that point as it no longer does anything at all
-
Fix
alerts
booleans not being typecast correctly in push subscripti……on (mastodon#11343) * Fix `alerts` booleans not being typecast correctly in push subscription Fix mastodon#10789 * Fix typo
-
Optimize makeGetStatus (mastodon#11211)
* Optimize makeGetStatus Because `ImmutableList.filter` always returns a new object and `createSelector` memoizes based on object identity, the selector returned by `makeGetStatus` would *always* execute. To avoid that, we wrap `getFilters` into a new memoizer that memoizes based on deep equality, thus returning the same object as long as the filters haven't changed, allowing the memoization of `makeGetStatus` to work. Furthermore, we memoize the compiled regexs instead of recomputing them each time the selector is called. * Fix memoized result being cleared too often * Make notifications use memoized getFiltersRegex
-
Fix boosting & unboosting preventing a boost from appearing in the TL (…
…mastodon#11405) * Fix boosting & unboosting preventing a boost from appearing in the TL * Add tests * Avoids side effects when aggregate_reblogs isn't true
-
Apply filters to poll options (mastodon#11174)
* Apply filters to poll options in WebUI Fixes mastodon#11128 * Apply filters to poll options server-side * Add poll options to searchable text
-
Add message telling FTS is disabled when no toot can be found because…
… of this (mastodon#11112) * Add message telling FTS is disabled when no toot can be found because of this Fixes mastodon#11082 * Remove info icon and reword message
-
When sending a toot, ensure a CW is only set if the CW field is visib…
…le (mastodon#11206) In some occasions, such as the browser or a browser extension auto-filling the existing but disabled/hidden CW field, a CW can be set without the user knowing.
-
When deleting & redrafting a poll, fill in closest expires_in (mastod…
…on#11203) Use the smallest preset expires_in such that the new poll would not expire before the old one. In the typical case of a quick delete & redraft, this results in using the same poll duration. Fixes mastodon#10567
-
Only scroll to the compose form if it's not horizontally in the viewp…
…ort (mastodon#11246) Avoids jumping the scroll around vertically when giving it focus and editing long toots.
-
Display custom emoji in bio field names (mastodon#11350)
Already displayed in public pages, but not WebUI
-
Play animated custom emoji on hover (mastodon#11348)
* Play animated custom emoji on hover in status * Play animated custom emoji on hover in display names * Play animated custom emoji on hover in bios/bio fields * Add support for animation on hover on public pages emojis too * Fix tests * Code style cleanup
Commits on Aug 9, 2019
-
Change the retry limit in error of web push notification (mastodon#11292
-
Fix sanitizing lists contents (mastodon#11354)
* Add test * Fix code for sanitizing nested lists stripping all tags
-
Added logout to dropdown menu (mastodon#11353)
* Added logout to dropdown menu * Triggering build-and-test with empty commit as it seems it failed due to some internal failure * Looks fine, ready to review * Added changes from review * method can be null without any problems * Also target can be null
-
Disallow numeric-only hashtags (mastodon#11363)
* Add spec covering numeric-only hashtags * Fix hashtag regex
-
Bind servers to 0.0.0.0 in Procfile (mastodon#11378)
* Bind to 0.0.0.0 * Make Procfile common to main and streaming apps
-
-
-
Improve dropdown menu keyboard navigation (mastodon#11491)
* Allow selecting menu items with the space bar in status dropdown menus * Fix modals opened by keyboard navigation being immediately closed * Fix menu items triggering modal actions * Add Tab trapping inside dropdown menu * Give focus back to last focused element when status dropdown menu closes
-
Improve keyboard navigation in privacy dropdown (mastodon#11492)
* Trap tab in privacy dropdown * Give focus back to last focused element when privacy dropdown menu closes * Actually give back focus to the element that had it before clicking the dropdown
-
Improve focus handling with dropdown menus (mastodon#11511)
- Focus first item when activated via keyboard - When the dropdown menu closes, give back the focus to the actual element which was focused prior to opening the menu
-
Fix “read more” button behing hidden (regression from mastodon#11404) (…
…mastodon#11522) * Fix “read more” button behing hidden (regression from mastodon#11404) This has the side-effect of putting the “Read more” button below possibly trunctated polls instead of putting the poll below the “Read more” * Remove dead code
-
Commits on Aug 10, 2019
Commits on Oct 21, 2019
Commits on Feb 21, 2020
Commits on Jul 7, 2020
-
Fix other sessions not being logged out on password change
While OAuth tokens were immediately revoked, accessing the home controller immediately generated new OAuth tokens and "revived" the session due to a combination of using remember_me tokens and overwriting the `authenticate_user!` method
-
Change rate limits for various paths
- Rate limit login attempts by target account - Rate limit password resets and e-mail re-confirmations by target account - Rate limit sign-up/login attempts, password resets, and e-mail re-confirmations by IP like before
-
Fix media attachment enumeration
Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>
-
Commits on Jul 15, 2020
Commits on Jul 27, 2020
Commits on Oct 19, 2020
-
Do not serve account actors at all in limited federation mode (mastod…
…on#14800) * Do not serve account actors at all in limited federation mode When an account is fetched without a signature from an allowed instance, return an error. This isn't really an improvement in security, as the only information that was previously returned was required protocol-level info, and the only personal bit was the existence of the account. The existence of the account can still be checked by issuing a webfinger query, as those are accepted without signatures. However, this change makes it so that unallowed instances won't create account records on their end when they find a reference to an unknown account. The previous behavior of rendering a limited list of fields, instead of not rendering the actor at all, was in order to prevent situations in which two instances in Authorized Fetch mode or Limited Federation mode would fail to reach each other because resolving an account would require a signed query… from an account which can only be fetched with a signed query itself. However, this should now be fine as fetching accounts is done by signing on behalf of the special instance actor, which does not require any kind of valid signature to be fetched. * Fix tests
-
Fix handling of Reject Follow when a matching follow relationship exi…
…sts (mastodon#14479) * Add tests * Fix handling of Reject Follow when a matching follow relationship exists Regression from mastodon#12199
-
Remove dependency on goldfinger gem (mastodon#14919)
There are edge cases where requests to certain hosts timeout when using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now that we no longer need to support OStatus servers, webfinger logic is so simple that there is no point encapsulating it in a gem, so we can just use our own Request class. With that, we benefit from more robust timeout code and IPv4/IPv6 resolution. Fix mastodon#14091
-
Change content-type to be always computed from file data (mastodon#14452
) * Change content-type to be always computed from file data Restore previous behavior, detecting the content-type isn't very expensive, and some instances may serve files as application/octet-stream regardless of their true type, making fetching media from them fail, while it used to work pre-3.2.0. * Add test
-
-
Fix thumbnail color extraction (mastodon#14464)
* Fix contrast calculation for thumbnail color extraction Luminance calculation was using 0-255 RGB values instead of 0-1 sRGB values, leading to incorrectly-computed contrast values. Since we use ColorDiff already, just use its XYZ colorspace conversion code to get the value. * Require at least 3:1 contrast for both accent and foreground colors * Lower required contrast for the accent color
-
Add support for inlined objects in activity audience (mastodon#14514)
* Add support for inlined objects in activity audience * Add tests
-
Fix: also use custom private boost icon for detailed status (mastodon…
…#14471) * use custom private boost icon for detail status * only use className
-
Fix dereferencing remote statuses not using the correct account (mast…
…odon#14656) Follow-up to mastodon#14359 In the case of limited toots, the receiver may not be explicitly part of the audience. If a specific user's inbox URI was specified, it makes sense to dereference the toot from the corresponding user, instead of trying to find someone in the explicit audience.
-
Add support for latest HTTP Signatures spec draft (mastodon#14556)
* Add support for latest HTTP Signatures spec draft https://www.ietf.org/id/draft-ietf-httpbis-message-signatures-00.html - add support for the “hs2019” signature algorithm (assumed to be equivalent to RSA-SHA256, since we do not have a mechanism to specify the algorithm within the key metadata yet) - add support for (created) and (expires) pseudo-headers and related signature parameters, when using the hs2019 signature algorithm - adjust default “headers” parameter while being backwards-compatible with previous implementation - change the acceptable time window logic from 12 hours surrounding the “date” header to accepting signatures created up to 1 hour in the future and expiring up to 1 hour in the past (but only allowing expiration dates up to 12 hours after the creation date) This doesn't conform with the current draft, as it doesn't permit accounting for clock skew. This, however, should be addressed in a next version of the draft: httpwg/http-extensions#1235 * Add additional signature requirements * Rewrite signature params parsing using Parslet * Make apparent which signature algorithm Mastodon on verification failure Mastodon uses RSASSA-PKCS1-v1_5, which is not recommended for new applications, and new implementers may thus unknowingly use RSASSA-PSS. * Add workaround for PeerTube's invalid signature header The previous parser allowed incorrect Signature headers, such as those produced by old versions of the `http-signature` node.js package, and seemingly used by PeerTube. This commit adds a workaround for that. * Fix `signature_key_id` raising an exception Previously, parsing failures would result in `signature_key_id` being nil, but the parser changes made that result in an exception. This commit changes the `signature_key_id` method to return `nil` in case of parsing failures. * Move extra HTTP signature helper methods to private methods * Relax (request-target) requirement to (request-target) || digest This lets requests from Plume work without lowering security significantly.
-