Merge branch 'main' into temp3_for-ffxiv-mastodon

Gemfile.lock

@@ -231,7 +231,7 @@ GEM
       tzinfo
     excon (0.110.0)
     fabrication (2.31.0)
-    faker (3.3.1)
+    faker (3.4.1)
       i18n (>= 1.8.11, < 2)
     faraday (1.10.3)
       faraday-em_http (~> 1.0)

app/controllers/api/v1/accounts_controller.rb

@@ -106,11 +106,11 @@ def relationships(**options)
   end
 
   def account_ids
-    Array(accounts_params[:ids]).uniq.map(&:to_i)
+    Array(accounts_params[:id]).uniq.map(&:to_i)
   end
 
   def accounts_params
-    params.permit(ids: [])
+    params.permit(id: [])
   end
 
   def account_params

app/controllers/api/v1/statuses_controller.rb

@@ -141,11 +141,11 @@ def check_statuses_limit
   end
 
   def status_ids
-    Array(statuses_params[:ids]).uniq.map(&:to_i)
+    Array(statuses_params[:id]).uniq.map(&:to_i)
   end
 
   def statuses_params
-    params.permit(ids: [])
+    params.permit(id: [])
   end
 
   def status_params

app/javascript/mastodon/locales/ca.json

@@ -414,6 +414,7 @@
   "limited_account_hint.action": "Mostra el perfil de totes maneres",
   "limited_account_hint.title": "Aquest perfil l'han amagat els moderadors de {domain}.",
   "link_preview.author": "Per {name}",
+  "link_preview.more_from_author": "Més de {name}",
   "lists.account.add": "Afegeix a la llista",
   "lists.account.remove": "Elimina de la llista",
   "lists.delete": "Elimina la llista",

app/javascript/mastodon/locales/es-AR.json

@@ -414,6 +414,7 @@
   "limited_account_hint.action": "Mostrar perfil de todos modos",
   "limited_account_hint.title": "Este perfil fue ocultado por los moderadores de {domain}.",
   "link_preview.author": "Por {name}",
+  "link_preview.more_from_author": "Más de {name}",
   "lists.account.add": "Agregar a lista",
   "lists.account.remove": "Quitar de lista",
   "lists.delete": "Eliminar lista",

app/javascript/mastodon/locales/fi.json

@@ -414,6 +414,7 @@
   "limited_account_hint.action": "Näytä profiili joka tapauksessa",
   "limited_account_hint.title": "Palvelimen {domain} valvojat ovat piilottaneet tämän käyttäjätilin.",
   "link_preview.author": "Julkaissut {name}",
+  "link_preview.more_from_author": "Lisää käyttäjältä {name}",
   "lists.account.add": "Lisää listalle",
   "lists.account.remove": "Poista listalta",
   "lists.delete": "Poista lista",

app/javascript/mastodon/locales/gl.json

@@ -414,6 +414,7 @@
   "limited_account_hint.action": "Mostrar perfil igualmente",
   "limited_account_hint.title": "Este perfil foi agochado pola moderación de {domain}.",
   "link_preview.author": "Por {name}",
+  "link_preview.more_from_author": "Máis de {name}",
   "lists.account.add": "Engadir á listaxe",
   "lists.account.remove": "Eliminar da listaxe",
   "lists.delete": "Eliminar listaxe",

app/javascript/mastodon/locales/it.json

@@ -414,6 +414,7 @@
   "limited_account_hint.action": "Mostra comunque il profilo",
   "limited_account_hint.title": "Questo profilo è stato nascosto dai moderatori di {domain}.",
   "link_preview.author": "Di {name}",
+  "link_preview.more_from_author": "Altro da {name}",
   "lists.account.add": "Aggiungi all'elenco",
   "lists.account.remove": "Rimuovi dall'elenco",
   "lists.delete": "Elimina elenco",

app/javascript/mastodon/locales/ko.json

@@ -414,6 +414,7 @@
   "limited_account_hint.action": "그래도 프로필 보기",
   "limited_account_hint.title": "이 프로필은 {domain}의 중재자에 의해 숨겨진 상태입니다.",
   "link_preview.author": "{name}",
+  "link_preview.more_from_author": "{name} 더 둘러보기",
   "lists.account.add": "리스트에 추가",
   "lists.account.remove": "리스트에서 제거",
   "lists.delete": "리스트 삭제",

app/javascript/mastodon/locales/pl.json

@@ -414,6 +414,7 @@
   "limited_account_hint.action": "Pokaż profil mimo to",
   "limited_account_hint.title": "Ten profil został ukryty przez moderatorów {domain}.",
   "link_preview.author": "{name}",
+  "link_preview.more_from_author": "Więcej od {name}",
   "lists.account.add": "Dodaj do listy",
   "lists.account.remove": "Usunąć z listy",
   "lists.delete": "Usuń listę",

app/javascript/mastodon/locales/pt-BR.json

@@ -414,6 +414,7 @@
   "limited_account_hint.action": "Exibir perfil mesmo assim",
   "limited_account_hint.title": "Este perfil foi ocultado pelos moderadores do {domain}.",
   "link_preview.author": "Por {name}",
+  "link_preview.more_from_author": "Mais de {name}",
   "lists.account.add": "Adicionar à lista",
   "lists.account.remove": "Remover da lista",
   "lists.delete": "Excluir lista",

app/javascript/mastodon/locales/pt-PT.json

@@ -414,6 +414,7 @@
   "limited_account_hint.action": "Exibir perfil mesmo assim",
   "limited_account_hint.title": "Este perfil foi ocultado pelos moderadores de {domain}.",
   "link_preview.author": "Por {name}",
+  "link_preview.more_from_author": "Mais de {name}",
   "lists.account.add": "Adicionar à lista",
   "lists.account.remove": "Remover da lista",
   "lists.delete": "Eliminar lista",

app/javascript/mastodon/locales/sl.json

@@ -414,6 +414,7 @@
   "limited_account_hint.action": "Vseeno pokaži profil",
   "limited_account_hint.title": "Profil so moderatorji strežnika {domain} skrili.",
   "link_preview.author": "Avtor_ica {name}",
+  "link_preview.more_from_author": "Več od {name}",
   "lists.account.add": "Dodaj na seznam",
   "lists.account.remove": "Odstrani s seznama",
   "lists.delete": "Izbriši seznam",

app/javascript/mastodon/locales/vi.json

@@ -414,6 +414,7 @@
   "limited_account_hint.action": "Vẫn cứ xem",
   "limited_account_hint.title": "Người này đã bị ẩn bởi quản trị viên của {domain}.",
   "link_preview.author": "Bởi {name}",
+  "link_preview.more_from_author": "Thêm từ {name}",
   "lists.account.add": "Thêm vào danh sách",
   "lists.account.remove": "Xóa khỏi danh sách",
   "lists.delete": "Xóa danh sách",

app/javascript/mastodon/locales/zh-CN.json

@@ -414,6 +414,7 @@
   "limited_account_hint.action": "仍要显示个人资料",
   "limited_account_hint.title": "此账号资料已被 {domain} 管理员隐藏。",
   "link_preview.author": "由 {name}",
+  "link_preview.more_from_author": "查看 {name} 的更多内容",
   "lists.account.add": "添加到列表",
   "lists.account.remove": "从列表中移除",
   "lists.delete": "删除列表",

app/javascript/mastodon/locales/zh-TW.json

@@ -414,6 +414,7 @@
   "limited_account_hint.action": "一律顯示個人檔案",
   "limited_account_hint.title": "此個人檔案已被 {domain} 的管理員隱藏。",
   "link_preview.author": "來自 {name}",
+  "link_preview.more_from_author": "來自 {name} 之更多內容",
   "lists.account.add": "新增至列表",
   "lists.account.remove": "自列表中移除",
   "lists.delete": "刪除列表",

app/workers/scheduler/vacuum_scheduler.rb

@@ -22,7 +22,6 @@ def vacuum_operations
       preview_cards_vacuum,
       backups_vacuum,
       access_tokens_vacuum,
-      applications_vacuum,
       feeds_vacuum,
       imports_vacuum,
     ]
@@ -56,10 +55,6 @@ def imports_vacuum
     Vacuum::ImportsVacuum.new
   end
 
-  def applications_vacuum
-    Vacuum::ApplicationsVacuum.new
-  end
-
   def content_retention_policy
     ContentRetentionPolicy.current
   end

config/initializers/rack_attack.rb

@@ -105,6 +105,10 @@ def paging_request?
     req.authenticated_user_id if (req.post? && req.path.match?(API_DELETE_REBLOG_REGEX)) || (req.delete? && req.path.match?(API_DELETE_STATUS_REGEX))
   end
 
+  throttle('throttle_oauth_application_registrations/ip', limit: 5, period: 10.minutes) do |req|
+    req.throttleable_remote_ip if req.post? && req.path == '/api/v1/apps'
+  end
+
   throttle('throttle_sign_up_attempts/ip', limit: 25, period: 5.minutes) do |req|
     req.throttleable_remote_ip if req.post? && req.path_matches?('/auth')
   end

lib/mastodon/sidekiq_middleware.rb

@@ -8,6 +8,7 @@ def call(*, &block)
   rescue Mastodon::HostValidationError
     # Do not retry
   rescue => e
+    clean_up_elasticsearch_connections!
     limit_backtrace_and_raise(e)
   ensure
     clean_up_sockets!
@@ -25,6 +26,32 @@ def clean_up_sockets!
     clean_up_statsd_socket!
   end
 
+  # This is a hack to immediately free up unused Elasticsearch connections.
+  #
+  # Indeed, Chewy creates one `Elasticsearch::Client` instance per thread,
+  # and each such client manages its long-lasting connection to
+  # Elasticsearch.
+  #
+  # As far as I know, neither `chewy`,  `elasticsearch-transport` or even
+  # `faraday` provide a reliable way to immediately close a connection, and
+  # rely on the underlying object to be garbage-collected instead.
+  #
+  # Furthermore, `sidekiq` creates a new thread each time a job throws an
+  # exception, meaning that each failure will create a new connection, and
+  # the old one will only be closed on full garbage collection.
+  def clean_up_elasticsearch_connections!
+    return unless Chewy.enabled? && Chewy.current[:chewy_client].present?
+
+    Chewy.client.transport.transport.connections.each do |connection|
+      # NOTE: This bit of code is tailored for the HTTPClient Faraday adapter
+      connection.connection.app.instance_variable_get(:@client)&.reset_all
+    end
+
+    Chewy.current.delete(:chewy_client)
+  rescue
+    nil
+  end
+
   def clean_up_redis_socket!
     RedisConfiguration.pool.checkin if Thread.current[:redis]
     Thread.current[:redis] = nil

spec/config/initializers/rack/attack_spec.rb

@@ -131,4 +131,22 @@ def increment_counter
       it_behaves_like 'throttled endpoint'
     end
   end
+
+  describe 'throttle excessive oauth application registration requests by IP address' do
+    let(:throttle) { 'throttle_oauth_application_registrations/ip' }
+    let(:limit)  { 5 }
+    let(:period) { 10.minutes }
+    let(:path)   { '/api/v1/apps' }
+    let(:params) do
+      {
+        client_name: 'Throttle Test',
+        redirect_uris: 'urn:ietf:wg:oauth:2.0:oob',
+        scopes: 'read',
+      }
+    end
+
+    let(:request) { -> { post path, params: params, headers: { 'REMOTE_ADDR' => remote_ip } } }
+
+    it_behaves_like 'throttled endpoint'
+  end
 end

spec/requests/api/v1/accounts_spec.rb

@@ -8,13 +8,13 @@
   let(:token)   { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
   let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
 
-  describe 'GET /api/v1/accounts?ids[]=:id' do
+  describe 'GET /api/v1/accounts?id[]=:id' do
     let(:account) { Fabricate(:account) }
     let(:other_account) { Fabricate(:account) }
     let(:scopes) { 'read:accounts' }
 
     it 'returns expected response' do
-      get '/api/v1/accounts', headers: headers, params: { ids: [account.id, other_account.id, 123_123] }
+      get '/api/v1/accounts', headers: headers, params: { id: [account.id, other_account.id, 123_123] }
 
       expect(response).to have_http_status(200)
       expect(body_as_json).to contain_exactly(

spec/requests/api/v1/statuses_spec.rb

@@ -9,13 +9,13 @@
     let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, application: client_app, scopes: scopes) }
     let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
 
-    describe 'GET /api/v1/statuses?ids[]=:id' do
+    describe 'GET /api/v1/statuses?id[]=:id' do
       let(:status) { Fabricate(:status) }
       let(:other_status) { Fabricate(:status) }
       let(:scopes) { 'read:statuses' }
 
       it 'returns expected response' do
-        get '/api/v1/statuses', headers: headers, params: { ids: [status.id, other_status.id, 123_123] }
+        get '/api/v1/statuses', headers: headers, params: { id: [status.id, other_status.id, 123_123] }
 
         expect(response).to have_http_status(200)
         expect(body_as_json).to contain_exactly(