Up-to-date dump from main repository

Running-Mastodon/Production-guide.md

@@ -34,10 +34,19 @@ server {
   keepalive_timeout    70;
   sendfile             on;
   client_max_body_size 0;
-  gzip off;
 
   root /home/mastodon/live/public;
 
+  gzip on;
+  gzip_disable "msie6";
+  gzip_vary on;
+  gzip_proxied any;
+  gzip_comp_level 6;
+  gzip_buffers 16 8k;
+  gzip_http_version 1.1;
+  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
 
   location / {
@@ -49,7 +58,7 @@ server {
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto https;
-
+    proxy_set_header Proxy "";
     proxy_pass_header Server;
 
     proxy_pass http://localhost:3000;
@@ -67,6 +76,7 @@ server {
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto https;
+    proxy_set_header Proxy "";
 
     proxy_pass http://localhost:4000;
     proxy_buffering off;
@@ -121,7 +131,7 @@ It is recommended to use rbenv (exclusively from the `mastodon` user) to install
 [2]: https://github.com/rbenv/ruby-build#installation
 [3]: https://github.com/rbenv/ruby-build/wiki#suggested-build-environment
 
-Then once `rbenv` is ready, run `rbenv install 2.3.1` to install the Ruby version for Mastodon.
+Then once `rbenv` is ready, run `rbenv install 2.4.1` to install the Ruby version for Mastodon.
 
 ## Git
 

Using-Mastodon/2FA.md

@@ -1,10 +1,8 @@
-# Two Factor Authentication (2FA)
+# 2-Factor Authentication
 
-Two Factor Authentication (2FA) is a security mechanism that requires you to enter a computer generated code from your phone every time you log into Mastodon.
+2-Factor Authentication is a security mechanism that requires you to enter a computer generated code from your phone every time you log into Mastodon.
 
-We highly recommend that you set up two factor authentication as it prevents malicious users from logging into your account if they obtain your password.
-
-The 2FA protocol used by Mastodon is an implementation of [RFC 6238](https://tools.ietf.org/html/rfc6238), TOTP: Time-Based One-Time Password Algorithm.
+We highly recommend that you set up 2-factor authentication as it prevents malicious users from logging into your account if they obtain your password.
 
 ## Warning
 

Using-Mastodon/Apps.md

@@ -14,6 +14,6 @@ Some people have started working on apps for the Mastodon API. Here is a list of
 |Tooter|Chrome|<https://github.com/ineffyble/tooter>|[@effy@mastodon.social](https://mastodon.social/users/effy)|
 |tootstream|CLI|<https://github.com/magicalraccoon/tootstream>|[@Raccoon@mastodon.social](https://mastodon.social/users/Raccoon)|
 |HackerNewsBot|CLI|<https://github.com/raymestalez/mastodon-hnbot>|[@rayalez@hackertribe.io](https://hackertribe.io/users/rayalez)|
-|Mastodon.tools|Wordpress|<https://github.com/davidlibeau/mastodon-tools>|[@David@mastodon.xyz](https://mastodon.xyz/users/David)|
+|Mastodon.tools|Wordpress, web browser, social network|<https://github.com/davidlibeau/mastodon-tools>|[@David@mastodon.xyz](https://mastodon.xyz/users/David)|
 
 If you have a project like this, let me know so I can add it to the list!

Using-Mastodon/FAQ.md

@@ -17,7 +17,7 @@ There are different ways in which something can be decentralized; in this case,
 
 We are using the OStatus suite of protocols:
 
-1. Webfinger, [RFC 7033](https://tools.ietf.org/html/rfc7033), for user-on-domain lookup
+1. Webfinger for user-on-domain lookup
 2. Atom feeds with ActivityStreams, Portable Contacts, Threads extensions for the actual content
 3. PubSubHubbub for subscribing to Atom feeds
 4. Salmon for delivering certain items from the Atom feeds to interested parties such as the mentioned user, author of the status being replied to, person being followed, etc

Using-Mastodon/List-of-Mastodon-instances.md

@@ -76,7 +76,7 @@ There is also a list at [instances.mastodon.xyz](https://instances.mastodon.xyz)
 | [mastodon.fun](https://mastodon.fun/)|Mastodon for everyone ! |Yes|Yes|
 | [oulipo.social](https://oulipo.social/)|An Oulipo Mastodon in which that fifth symbol in Latin script is taboo|Yes|No|
 | [indigo.zone](https://indigo.zone)|Open Registrations, General Purpose|Yes|No|
+| [mastodon.cloud](https://mastodon.cloud)|An open Mastodon instance with people from all around the world|Yes|Yes|
 | [mst3k.interlinked.me](https://mst3k.interlinked.me)|Open registrations, general purpose|Yes|Yes|
 
-
 We are no longer maintaining this list as instances are popping up too quickly for using GitHub to be a tenable system for tracking them. Please standby while we work on another solution

Using-the-API/API.md

@@ -30,7 +30,7 @@ API overview
   - [Instance](#instance)
   - [Mention](#mention)
   - [Notification](#notification)
-  - [Relationships](#relationships)
+  - [Relationship](#relationship)
   - [Results](#results)
   - [Status](#status)
   - [Tag](#tag)
@@ -85,6 +85,17 @@ Returns an [Account](#account).
 
 Returns the authenticated user's [Account](#account).
 
+#### Updating the current user:
+
+    PATCH /api/v1/accounts/update_credentials
+
+Form data:
+
+- `display_name`: The name to display in the user's profile
+- `note`: A new biography for the user
+- `avatar`: A base64 encoded image to display as the user's avatar (e.g. `data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUoAAADrCAYAAAA...`)
+- `header`: A base64 encoded image to display as the user's header image (e.g. `data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUoAAADrCAYAAAA...`)
+
 #### Getting an account's followers:
 
     GET /api/v1/accounts/:id/followers
@@ -110,22 +121,22 @@ Returns an array of [Statuses](#status).
 
 #### Following/unfollowing an account:
 
-    POST /api/v1/accounts/:id/follow
-    POST /api/v1/accounts/:id/unfollow
+    GET /api/v1/accounts/:id/follow
+    GET /api/v1/accounts/:id/unfollow
 
 Returns the target [Account](#account).
 
 #### Blocking/unblocking an account:
 
-    POST /api/v1/accounts/:id/block
-    POST /api/v1/accounts/:id/unblock
+    GET /api/v1/accounts/:id/block
+    GET /api/v1/accounts/:id/unblock
 
 Returns the target [Account](#account).
 
 #### Muting/unmuting an account:
 
-    POST /api/v1/accounts/:id/mute
-    POST /api/v1/accounts/:id/unmute
+    GET /api/v1/accounts/:id/mute
+    GET /api/v1/accounts/:id/unmute
 
 Returns the target [Account](#account).
 
@@ -351,15 +362,15 @@ Returns an empty object.
 
 #### Reblogging/unreblogging a status:
 
-    POST /api/vi/statuses/:id/reblog
-    POST /api/vi/statuses/:id/unreblog
+    POST /api/v1/statuses/:id/reblog
+    POST /api/v1/statuses/:id/unreblog
 
 Returns the target [Status](#status).
 
 #### Favouriting/unfavouriting a status:
 
-    POST /api/vi/statuses/:id/favourite
-    POST /api/vi/statuses/:id/unfavourite
+    POST /api/v1/statuses/:id/favourite
+    POST /api/v1/statuses/:id/unfavourite
 
 Returns the target [Status](#status).
 
@@ -456,17 +467,17 @@ ___
 | `acct`                   | Equals `username` for local users, includes `@domain` for remote ones |
 | `id`                     | Account ID |
 
-### Notifications
+### Notification
 
 | Attribute                | Description |
 | ------------------------ | ----------- |
 | `id`                     | The notification ID |
 | `type`                   | One of: "mention", "reblog", "favourite", "follow" |
 | `created_at`             | The time the notification was created |
 | `account`                | The [Account](#account) sending the notification to the user |
-| `status`                 | The [Status](#status) associated with the notification, if applicible |
+| `status`                 | The [Status](#status) associated with the notification, if applicable |
 
-### Relationships
+### Relationship
 
 | Attribute                | Description |
 | ------------------------ | ----------- |
@@ -516,7 +527,7 @@ ___
 | `tags`                   | An array of [Tags](#tag) |
 | `application`            | [Application](#application) from which the status was posted |
 
-### Tags
+### Tag
 
 | Attribute                | Description |
 | ------------------------ | ----------- |

Using-the-API/OAuth-details.md

@@ -9,4 +9,4 @@ The API is divided up into access scopes:
 - `write`: Post statuses and upload media for statuses
 - `follow`: Follow, unfollow, block, unblock
 
-Multiple scopes can be requested during the authorization phase with the `scope` query param (space-separate the scopes).
+Multiple scopes can be requested during the authorization phase with the `scope` query param (space-separate the scopes). If you do not specify a `scope` in your authorization request, the resulting access token will default to `read` access.

Using-the-API/Testing-with-cURL.md

@@ -3,7 +3,7 @@ Testing the API with cURL
 
 Mastodon builds around the idea of being a server first, rather than a client itself. Similarly to how a XMPP chat server communicates with others and with its own clients, Mastodon takes care of federation to other networks, like other Mastodon or GNU Social instances. So Mastodon provides a REST API, and a 3rd-party app system for using it via OAuth2.
 
-You can get a client ID and client secret required for OAuth [via an API end-point](API.md#oauth-apps).
+You can get a client ID and client secret required for OAuth [via an API end-point](API.md#apps).
 
 From these two, you will need to acquire an access token. It is possible to do using your account's e-mail and password like this:
 
@@ -13,6 +13,6 @@ The `/oauth/token` path will attempt to login with the given credentials, and th
 
 Use that token in any API requests by setting a header like this:
 
-    curl --header "Authorization: Bearer ACCESS_TOKEN_HERE" -sS https://mastodon.social/api/statuses/home
+    curl --header "Authorization: Bearer ACCESS_TOKEN_HERE" -sS https://mastodon.social/api/v1/timelines/home
 
 Please note that the password-based approach is not recommended especially if you're dealing with other user's accounts and not just your own. Usually you would use the authorization grant approach where you redirect the user to a web page on the original site where they can login and authorize the application and are then redirected back to your application with an access code.

Using-the-API/Tips-for-app-developers.md

@@ -13,4 +13,4 @@ Make sure that you make it possible to see the `acct` of any user in your app (s
 
 ## Formatting
 
-The API delivers already formatted HTML to your app. This isn't ideal since not all apps are based on HTML, but this is not fixable as its part of the way OStatus federation works. Most importantly, you get some information on linked entities alongside the HTML of the status body. For example, you get a list of mentioned users, and a list of media attachments, and a list of hashtags. It is possible to convert the HTML to whatever you need in your app by parsing the HTML tags and matching their `href`s to the linked entities. If a match cannot be found, the link must stay a clickable link.
+The API delivers already formatted HTML to your app. This isn't ideal since not all apps are based on HTML, but this is not fixable as it's part of the way OStatus federation works. Most importantly, you get some information on linked entities alongside the HTML of the status body. For example, you get a list of mentioned users, and a list of media attachments, and a list of hashtags. It is possible to convert the HTML to whatever you need in your app by parsing the HTML tags and matching their `href`s to the linked entities. If a match cannot be found, the link must stay a clickable link.