Commit Graph

573 Commits

Author SHA1 Message Date
Matt Jankowski
6670e6d33f Add password reset for users from admin accounts area (#1841) 2017-04-15 16:44:59 +02:00
Patrick Figel
df4ff9a8e1 Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
2017-04-15 13:26:03 +02:00
Joachim Viide
ef879a8839 Send initial state in a <script type="application/json"> tag (#1806) 2017-04-15 02:32:42 +02:00
ThibG
a9529d3b4b Allow running mastodon on a different domain as the one used for identifying users (#1267)
* Allow running mastodon on a different domain as the one used for identifying users

* Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing

* Compare to web_domain instead of local_domain when dealing with feeds/API

* Correctly identify mentions to local accounts

Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN.
2017-04-15 02:15:46 +02:00
Matt Jankowski
f5cd138323 Improve i18n chooser (#1804)
* Add locale spec with failing locale plus region check

* Use a more accurate locale when supplied by browser headers

Previously we were using a matching option which would use the first locale
available which matched the locale portion, even if a region was specified.

This changes to first try to find an exact match, and then fall back to the
region, and then fall back to the  default.

* Clean up default_locale method
2017-04-15 01:12:39 +02:00
Matt Jankowski
8b74aa4217 Admin reports controller improvements (#1714)
* Simplify admin/reports controller filtering for index

* Rename parameter to resolved

* Fix issue where reports view could not access filter_link_to

* Add coverage for admin/reports controller

* DRY up resolution of related reports for target account

* Clean up admin/reports routes

* Add Report#statuses method

* DRY up current account action taken params

* Rubocop styles
2017-04-14 11:10:28 +02:00
Matt Jankowski
137100dcf3 Clean up well-known routes/controllers (#1649)
* Add request spec for host meta route returning xml

* Add routing spec for xrd routes

* Update well-known routes

* Move webfinger and host-meta actions to their own controllers
2017-04-13 13:09:07 +02:00
Matt Jankowski
3a9eb81a80 Admin accounts controller cleanup (#1664)
* Remove unused account_params method in admin/accounts controller

* Introduce AccountFilter to find accounts

* Use AccountFilter in admin/accounts controller

* Use more restful routes admin silence and suspension area

* Add admin/silences and admin/suspensions controllers
2017-04-13 13:04:23 +02:00
Matt Jankowski
0e39cc6a35 Settings export refactor (#1646)
* Refactor Export to take an account and know about the export types

* Use Export instance in settings/exports#show
2017-04-13 13:02:02 +02:00
Matt Jankowski
c44a700252 Quick best practice cleanup of views/helpers (#1546)
* Remove trailing whitespace

* Use query methods instead of explicit .blank? checks
2017-04-12 18:24:18 +02:00
Matt Jankowski
aa90798386 Webfinger resource to extract username from resource string (#1607)
* Add WebfingerResource class to extract usernames

* Use WebfingerResource in xrd#webfinger
2017-04-12 18:22:38 +02:00
Matt Jankowski
7f0a865b05 Allow import/export of mutes list (#1541)
* Allow export of mutes list

* Allow importing of mutes list

* Refactor to use Settings::Exports::BaseController and DRY up exports code
2017-04-12 18:20:44 +02:00
Matt Jankowski
dd1ae3b109 Simplify the way the embed view is created (#1590)
* Add coverage for embedded status view

* Refactor embed view to eliminate @external_links variable
2017-04-12 16:12:42 +02:00
Matt Jankowski
b352a8e5d4 Default to json type for webfinger requests (#1583) 2017-04-12 16:03:37 +02:00
Matt Jankowski
3ddd936b03 Refactor exports controller (#1567)
* Add basic coverage for settings/exports controller

* Remove unused @account variable from settings/exports controller

* Add coverage for download export actions

* Remove deprecated `render :text` in favor of `send_data` for csv downloads

* Add model to handle exports

* Use Export class in settings/exports controller

* Simplify settings/exports controller methods

* Move settings/export to more restful routes
2017-04-11 22:00:43 +02:00
Eugen Rochko
2a7602cad4 Merge branch 'master' of https://github.com/blackle/mastodon into blackle-master 2017-04-11 20:43:56 +02:00
blackle
06444bf050 Allow user to disable the boost confirm dialog in preferences 2017-04-11 10:10:16 -04:00
Matt Jankowski
4ada50985a Pagination improvements (#1445)
* Replace will_paginate with kaminari

* Use #page instead of #paginate in controllers

* Replace will_paginate.page_gap with pagination.truncate in i18n

* Customize kaminari views to match prior styles

* Set kaminari options to match prior behavior

* Replace will_paginate with paginate in views
2017-04-11 01:11:41 +02:00
Eugen
2810013b93 API param to exclude notification types from response (#1341)
* Add exclude_types param to /api/v1/notifications

* Exclude notification types in web UI through exclude_types in the API
2017-04-10 23:45:29 +02:00
Matt Jankowski
0687ab8ae3 Clean up generation of account webfinger string (#1477)
* Consolidate webfinger string creation under Account#to_webfinger_s

* Introduce Account#local_username_and_domain for consolidation
2017-04-10 22:58:06 +02:00
Matt Jankowski
dbe9f33fdc Admin base controller (#1465)
* Add Admin::BaseController to wrap admin area

Extracts the setting of the `admin` layout and verifying that users are admins
to a common base class for the admin/ controllers.

* Add basic coverage for admin/reports and admin/settings controllers
2017-04-10 21:27:03 +02:00
Eugen
93db265be7 Do not store last visited URL from API controllers (#1330)
Sign-in redirects you back to last visited URL, but in case of API requests,
this sometimes redirected users to an API URL that, of course, greeted them
with an {"error":"The access token is invalid"}
2017-04-09 22:21:52 +02:00
Eugen
15d442cf9d Fix /api/v1/accounts/update_credentials tests (#1357) 2017-04-09 20:23:14 +02:00
David Authier
f0bd439486 Use HTTP Accept-Language to detect locale (#1166)
* Use HTTP Accept-Language to detect locale

* Fix gem order to comply with codeclimate

* Sort gem to comply with rubocop

* I18n.default_locale fallback when there is no accept-language header
2017-04-09 18:40:24 +02:00
David Celis
d4fe6cd2bf Allow users to update their Account in the API (#1179)
* Allow users to update their Account in the API

It would be nice for API clients to be able to allow users to update
their accounts without having to wrap Mastodon in a web view. This patch
adds an API endpoint to let users submit a PATCH for their account.

Signed-off-by: David Celis <me@davidcel.is>

* Add /api/v1/accounts/update_credentials to the API docs

Signed-off-by: David Celis <me@davidcel.is>
2017-04-09 18:33:40 +02:00
Matt Jankowski
e5282e4ec0 Clean up about page (#1282)
* Add InstancePresenter to expose site details

* Clean up about controller, use instance presenter
2017-04-09 14:47:25 +02:00
Eugen
b89f007862 Make public timelines API not require user context/app credentials (#1291)
* Make /api/v1/timelines/public and /api/v1/timelines/tag/:id public
Fix #1156 - respect query params when generating pagination links in API

* Apply pagination fix to more APIs
2017-04-08 23:39:31 +02:00
Eugen
9acdb166e8 Fix #795, fix #704, fix #835 - 2FA requires confirmation to be enabled (#1278)
* Fix #795, fix #704, fix #835 - 2FA requires confirmation to be enabled
TOTP secret is not shown again after 2FA is enabled

* Clean up
2017-04-08 22:20:08 +02:00
Eugen Rochko
4b621188ad Fix #1165 - before_action was called before protect_from_forgery 2017-04-08 02:30:50 +02:00
Eugen Rochko
e3a3422a65 Allow setting of default language through config
Setting of locale in controller extracted to Localized concern,
the doorkeeper authorized applications controller moved under
custom namespace with inclusion of Localized, which resolves the
"it sometimes appears in a different random language" bug
2017-04-07 12:40:26 +02:00
Eugen
6d6a429af8 Rewrite Atom generation from stream entries to use Ox instead of Nokogiri (#1124)
* Rewrite Atom generation from stream entries to use Ox instead of Nokogiri::Builder

StreamEntry is now limited to only statuses, which allows some optimization. Removed
extra queries on AccountsController#show. AtomSerializer instead of AtomBuilderHelper
used in AccountsController#show, StreamEntriesController#show, StreamEntryRenderer
and PubSubHubbub::DistributionWorker

PubSubHubbub::DistributionWorker moves n+1 DomainBlock query to PubSubHubbub::DeliveryWorker
instead.

All Salmon slaps that aren't based on StreamEntry still use AtomBuilderHelper and Nokogiri

* All Salmon slaps now use Ox instead of Nokogiri. No touch from status on account
2017-04-07 05:56:56 +02:00
Drew DeVault
f7e35d90db Remote follow improvements
This stores the @username@instance you provide in your session and
reuses it the next time you remote follow someone from this instance.
2017-04-04 20:52:31 -04:00
Eugen Rochko
5f54981846 New admin setting: open/close registrations, with custom message, from the admin UI 2017-04-04 15:28:12 +02:00
Eugen Rochko
b510a56c0c Only call regeneration worker after first login after a 14 day break 2017-04-04 02:00:10 +02:00
Eugen Rochko
4c53af64f0 Fix ActionController::Parameters in API issue 2017-04-04 01:33:34 +02:00
Eugen Rochko
68f829e11c Add basic logging of who resolved report 2017-04-03 19:35:00 +02:00
Eugen Rochko
71458dc6df When taking action on a report (silence/suspend), it dismisses all other
reports for that user automatically
2017-04-03 19:19:54 +02:00
Eugen Rochko
b7c1b12367 Make default admin UI page reports. Add admin UI for creating a domain block 2017-04-03 18:55:06 +02:00
Eugen Rochko
2d07cb5771 Catching rack timeout from rails doesn't work 2017-04-02 21:12:18 +02:00
Eugen Rochko
5b12624847 Add proper error page for request timeouts 2017-04-02 19:43:44 +02:00
Eugen Rochko
4b7dca4713 Fix wording "show reblogs" -> "show boosts", order reports chronologically in
admin UI
2017-04-02 16:45:49 +02:00
Eugen Rochko
433cb198fa Fix landing page sign up form ignoring username field 2017-04-02 04:13:22 +02:00
Eugen Rochko
e8875c6046 Import feature for following/blocking lists (addresses #62, #177, #201, #454) 2017-03-30 19:42:33 +02:00
Eugen Rochko
de22c202f5 Add counter caches for a large performance increase on API requests 2017-03-30 15:06:59 +02:00
Eugen Rochko
1c6b02f936 Fix #690 - Webfinger should handle new shortform profile URLs now (nice) 2017-03-28 11:25:43 +02:00
Eugen Rochko
d6ed2eb512 Prettier account and stream entry URLs 2017-03-22 19:55:14 +01:00
Eugen Rochko
05cf086766 New API method: /api/v1/search
Returns accounts, statuses, hashtags arrays
2017-03-22 02:32:27 +01:00
Eugen Rochko
56d998cbdb Export follow/block lists as CSV 2017-03-19 20:29:41 +01:00
Eugen Rochko
08b96f1b9f Fix wrong HTTP status codes on error pages 2017-03-19 20:03:28 +01:00
Eugen Rochko
5cfc9c7487 Forgot to hook up API with the latest method 2017-03-17 21:02:47 +01:00
Eugen Rochko
6be7bde243 Fix #525 - Add instance information API 2017-03-15 23:12:48 +01:00
Eugen
e245115f47 Merge branch 'master' into mastodon-site-api 2017-03-15 22:55:22 +01:00
Eugen Rochko
02349b3269 Obfuscate filenames better, double rate limits 2017-03-14 15:59:21 +01:00
Eugen Rochko
1fb3e8988b Revert earlier fix due to new bug reports 2017-03-06 02:25:41 +01:00
Eugen Rochko
d6cb4bbe99 Performance improvement for profiles 2017-03-06 01:50:35 +01:00
Eugen Rochko
8d93f0ca56 Increase max bitrate of converted webms, slightly optimized counter queries
(Because postgres can tell that count(*) needs no extra checks, but
counting a specific column requires them)
2017-03-05 23:43:58 +01:00
Eugen Rochko
5f4e402204 Improved /api/v1/accounts/:id/statuses with new params: only_media, exclude_replies
Redirect /:username to /users/:username
Redirect /:username/:id to /users/:username/updates/:id
Updated API documentation and sponsors
2017-03-05 17:27:17 +01:00
Eugen Rochko
6b81d10030 Add digest e-mails 2017-03-04 00:00:48 +01:00
Kit Redgrave
442fdbfc53 Mute button progress so far. WIP, doesn't entirely work correctly. 2017-03-01 22:31:21 -06:00
Kibigo
620f70e42c Adds site metadata access to the API 2017-02-27 04:06:25 -08:00
Eugen Rochko
175a9b9caa Fix #104 - Style OAuth authorized applications page
Add ability to search accounts by display name
2017-02-27 00:15:00 +01:00
Eugen Rochko
5f511324b6 Add validation of media attachments, clean up mastodon-own exception classes 2017-02-26 23:23:06 +01:00
Eugen Rochko
063432d7e3 Merge branch 'fix_462' of https://github.com/rmhasan/mastodon into rmhasan-fix_462 2017-02-26 23:09:18 +01:00
Eugen Rochko
3e9d794ea5 Add tuning documentation, add <content> tags back to most salmons,
make status pagination headers generation more lax about next page
existing
2017-02-25 03:34:37 +01:00
Rakib Hasan
9433d03705 Removed try clause from create action in status controller
Using catch statement in api_controller.rb to catch NotPermitted
Exception, and render error message
2017-02-19 08:29:56 +00:00
Rakib Hasan
6f9ecd899e revisted fix for #462
Moved validation to services/post_status_service.rb
2017-02-19 08:28:33 +00:00
Rakib Hasan
6d2301988f Fix for issue #462
Modified uploadCompose action to send media ids of attached
media when sending a request. Modified create method in MediaController
to check if when posting a video, there are no other media attached
to the status by looking at the media ids sent from the uploadCompose
action.
2017-02-19 08:28:33 +00:00
Eugen Rochko
5ddad41245 Do not display non-Status stream entries anymore 2017-02-17 02:20:52 +01:00
Eugen Rochko
8132cf8153 Add GET /api/v1/accounts/:id/statuses/media that returns only statuses with media attachments
Make replies default to privacy settings of the status being replied to
2017-02-17 01:30:24 +01:00
Eugen Rochko
d0f087db2d Add UI to view report details, remove reported statuses, quick links to resolve/silence/suspend from report 2017-02-17 00:42:52 +01:00
Eugen Rochko
24ba7c9762 Adding index overview for reports in admin UI 2017-02-16 02:28:10 +01:00
Eugen Rochko
5426f06ac2 Fix admin UI for accounts somewhat 2017-02-15 00:22:58 +01:00
Eugen Rochko
3b81baaaaf Adding POST /api/v1/reports API, and a UI for submitting reports 2017-02-14 20:59:26 +01:00
Eugen Rochko
63886bdc59 Fix #587 - Display TOTP secret next to QR code 2017-02-13 20:56:03 +01:00
Eugen Rochko
0518492158 Stop trying to shoehorn all Salmon updates into the poor database-connected
StreamEntry model. Simply render Salmon slaps as they are needed
2017-02-12 01:19:14 +01:00
Eugen Rochko
149887a0ff Make follow requests federate 2017-02-11 02:58:00 +01:00
Eugen
d96e031dfc Fix #611 - Layout setting in registrations controller 2017-02-08 03:04:29 +01:00
Eugen
9d5fb49cd8 Merge pull request #603 from evanminto/activitypub-account
Expose ActivityStreams 2.0 representation of accounts
2017-02-07 02:08:40 +01:00
Eugen Rochko
714e41d472 Fix preferences save 2017-02-07 00:23:38 +01:00
Eugen Rochko
347a153b3d Add API modifiers to limit returned toots from public/hashtag timelines
to only those from local users; Add link to "extended information" to
getting started in the UI; Add defaults for posting privacy; Change
how publish button looks depending on posting privacy chosen
2017-02-06 23:16:20 +01:00
Evan Minto
94e213c6c1 Reuse existing controller and route 2017-02-06 01:19:26 -08:00
Eugen Rochko
eee8afb0b7 Remove bios from blocked users list, filter out broken entries from API response 2017-02-05 19:39:00 +01:00
Eugen Rochko
77e13c2bc9 Removing failed push notification API, make context loads use cache 2017-02-05 17:51:44 +01:00
Evan Minto
8bd8ea7c04 Remove unnecessary leftover code 2017-02-04 14:49:24 -08:00
Evan Minto
e2fbf8bc74 Add an account endpoint for ActivityPub and link to it on HTML profile pages 2017-02-04 14:46:23 -08:00
Eugen Rochko
d9ca46b464 Cleaning up format of broadcast real-time messages, removing
redis-backed "mentions" timeline as redundant (given notifications)
2017-02-02 00:03:31 +01:00
Eugen Rochko
3f075c7794 API for apps to register for push notifications 2017-01-29 01:30:32 +01:00
Eugen Rochko
23b997ae55 Split 2FA login into two prompts 2017-01-28 20:43:38 +01:00
Eugen Rochko
f4bc9620a9 Update settings to re-use admin layout, one big navigation tree, improve settings forms 2017-01-28 03:56:10 +01:00
Eugen Rochko
ba192f12e3 Added optional two-factor authentication 2017-01-27 20:35:16 +01:00
Eugen Rochko
905c829179 Improve infinite scroll on notifications 2017-01-26 04:30:40 +01:00
Eugen Rochko
999cde94a6 Instead of using spoiler boolean and spoiler_text, simply check for non-blank spoiler_text
Federate spoiler_text using warning attribute on <content /> instead of a <category term="spoiler" />
Clean up schema file from accidental development migrations
2017-01-25 01:29:16 +01:00
Eugen
f8da0dd490 Merge branch 'master' into master 2017-01-24 21:56:06 +01:00
Eugen Rochko
8a880a3d46 Make blocks create entries and unfollows instantly, but do the clean up
in the background instead. Should fix delay where blocked person
can interact with blocker for a short time before background job
gets processed
2017-01-24 21:40:41 +01:00
Eugen Rochko
1f5792c834 API now respects ?limit param as long as it's within 2x default limit 2017-01-24 04:22:10 +01:00
blackle
bf0f6eb62d Implement a click-to-view spoiler system 2017-01-23 21:07:40 -05:00
Eugen Rochko
cca82bf0a2 Move merging/unmerging of timelines into background. Move blocking into
background as well since it's a computationally expensive
2017-01-23 21:29:34 +01:00
Eugen Rochko
f392030ab8 Add /api/v1/notifications/clear, non-existing link cards for statuses will
now return empty hash instead of throwing a 404 error. When following,
merge into timeline will filter statuses
2017-01-23 21:09:27 +01:00
Eugen Rochko
aa9c51a34c Fix a couple unhandled exceptions 2017-01-23 13:56:57 +01:00
Eugen Rochko
a1894786cf Potentially fix notifications issue 2017-01-23 13:43:14 +01:00
Eugen
1953e3b6ed Fix inflection 2017-01-22 23:08:51 +01:00
Eugen Rochko
e22a56183a Improve error page layouting. 500 page has to stay static because it's
used from nginx when Rails fails.
2017-01-21 22:30:47 +01:00
Eugen Rochko
b4a4eb73ae Merge branch 'fix/error-pages' of https://github.com/ineffyble/mastodon into ineffyble-fix/error-pages 2017-01-21 22:20:01 +01:00
Eugen Rochko
3a4b5961be Method to fetch a single notification 2017-01-21 22:14:13 +01:00
Eugen Rochko
f0de621e76 Fix #463 - Fetch and display previews of URLs using OpenGraph tags 2017-01-20 01:00:14 +01:00
Eugen Rochko
98560b232a Don't show loading bar when re-loading already loaded status. Don't even try to fetch ancestors from DB when in_reply_to_id is nil 2017-01-19 11:06:06 +01:00
Eugen Rochko
7d53ee73f3 Fix #238 - Add "favourites" column 2017-01-16 13:28:25 +01:00
Effy Elden
ed41f9f0b1 Add nice error page for CSRF errors/cookie issue, and fix error page handling altogether 2017-01-15 10:30:23 +11:00
Effy Elden
d6bc0e8db4 Add tracking of OAuth app that posted a status, extend OAuth apps to have optional website field, add application details to API, show application name and website on detailed status views. Resolves #11 2017-01-15 08:58:50 +11:00
Eugen Rochko
c01dd089ff Adding about/more page with extended information that can be set up by an admin 2017-01-13 20:16:38 +01:00
Eugen Rochko
e25170f960 Add extended about page stub 2017-01-13 03:24:41 +01:00
Eugen Rochko
2939e9898b Extend rails-settings-cached to merge db-saved hash values with defaults 2017-01-13 02:42:22 +01:00
Eugen Rochko
b11fdc3ae3 Migrate from ledermann/rails-settings to rails-settings-cached which allows global settings
with YAML-defined defaults. Add admin page for editing global settings. Add "site_description"
setting that would show as a paragraph on the frontpage
2017-01-12 20:46:24 +01:00
Eugen Rochko
312c51b5c8 Home column filters 2017-01-10 17:25:10 +01:00
Eugen Rochko
75f80bef10 Persist UI settings, add missing localizations for German 2017-01-09 14:00:55 +01:00
Eugen Rochko
7b9f8766e8 Fix #416 - Generate random unique 14-byte (19 characters) shortcodes
for local attachments, use them in URLs. Check status privacy
before redirecting to actual file.
2017-01-06 00:29:12 +01:00
Eugen Rochko
1bbcd71cd4 Fix #390 - fix redirect after sign-up (to login page instead of homepage) 2017-01-04 15:31:25 +01:00
Eugen Rochko
f79ba2de83 Fix admin UI not loading JS, make sure to strip "acct:" out of remote account's usernames when authorizing follow 2017-01-02 22:31:10 +01:00
Eugen Rochko
75122e162d Fix uri expansion during remote follow 2017-01-02 12:19:02 +01:00
Eugen Rochko
8f47f6a7ec Adding remote follow button 2017-01-01 19:54:34 +01:00
Eugen Rochko
a302e56f9a Add API for retrieving favourites 2016-12-29 20:33:26 +01:00
Eugen Rochko
49834a6e7f Add API for retrieving blocked accounts 2016-12-29 20:12:32 +01:00
Eugen Rochko
8724094ed0 Support remote follow request providing URL instead of acct 2016-12-29 17:23:27 +01:00
Eugen Rochko
d7dc84439c Add ability to use remote follow function on other sites 2016-12-29 16:54:54 +01:00
Eugen Rochko
eca6110fc4 Add preferences for follow request notification e-mails 2016-12-26 22:04:16 +01:00
Eugen Rochko
2146ac91a0 Follow requests send e-mail notifications, but are excluded from notifications API
Better initial state for unlisted/nsfw toggles
2016-12-26 21:52:03 +01:00
Eugen Rochko
3689c119f0 Replacing follow requests in the settings area with in-UI column 2016-12-26 21:33:51 +01:00
Eugen Rochko
004382e4d0 Adding follow requests API 2016-12-26 19:30:45 +01:00
Eugen Rochko
3282448878 Fix #86 - resolve layout breaking on zoom-out on accounts grid 2016-12-26 18:48:33 +01:00
Eugen Rochko
b302b9202b Add page for authorizing/rejecting follow requests 2016-12-23 00:04:52 +01:00
Eugen Rochko
05b13c38b5 Re-enable Webfinger for locked accounts but don't handle "follow" events
coming in via Salmon.

Currently no way to prevent remote follows, but they will only receive public
and unlisted posts
2016-12-22 23:17:57 +01:00
Eugen Rochko
b891a81008 Follow call on locked account creates follow request instead
Reflect "requested" relationship in API and UI
Reflect inability of private posts to be reblogged in the UI
Disable Webfinger for locked accounts
2016-12-22 23:03:57 +01:00
Eugen Rochko
2d2154ba75 Add "locked" flag to accounts, prevent blocked users from following, force-unfollow blocked users 2016-12-22 21:34:19 +01:00
Eugen Rochko
80e02b90e4 Private visibility on statuses prevents non-followers from seeing those
Filters out hidden stream entries from Atom feed
Blocks now generate hidden stream entries, can be used to federate blocks
Private statuses cannot be reblogged (generates generic 422 error for now)
POST /api/v1/statuses now takes visibility=(public|unlisted|private) param instead of unlisted boolean
Statuses JSON now contains visibility=(public|unlisted|private) field
2016-12-21 20:04:13 +01:00
Eugen Rochko
e09d3a2c66 Fix #249 - use window.location hack to let people login from sandboxed iOS homescreen 2016-12-21 00:13:13 +01:00
Eugen Rochko
0542773bca Make unfavouriting async to prevent timeout errors from leaving orphaned records behind 2016-12-19 09:12:29 +01:00
Eugen Rochko
5ae1b39ec9 Adjusting public display of statuses to look similar to logged-in UI,
fix #361 with rich OEmbed display via iframe, fix #237 by hiding sensitive
content behind a spoiler on public pages
2016-12-18 19:47:11 +01:00
Eugen Rochko
aed25932b5 Add OEmbed iframe HTML, convert emojis on public pages, increase size of attachment thumbnails 2016-12-18 15:20:39 +01:00
Eugen Rochko
76ec907993 Improved admin UI 2016-12-13 13:42:10 +01:00
Eugen Rochko
f978b06dd1 Add suspend account functionality to admin UI 2016-12-06 18:22:59 +01:00
Eugen Rochko
f406e01fcf Add filters for suspended accounts 2016-12-06 18:03:30 +01:00
Eugen Rochko
1357c1cb3d Add single user mode 2016-12-06 17:19:26 +01:00
Eugen Rochko
39cc9fde8a Add account suspension 2016-12-05 22:59:30 +01:00
Eugen Rochko
9d9f796130 Adding more to admin accounts UI 2016-12-04 18:10:40 +01:00
Eugen Rochko
d236dcded2 Fix public tags page 2016-12-04 16:56:45 +01:00
Eugen Rochko
5abf64d647 Add "next" pagination to public profiles 2016-12-03 19:30:13 +01:00
Eugen Rochko
ec44cff9a2 Admin accounts page lists accounts 2016-12-03 19:08:07 +01:00
Eugen Rochko
816284d739 Fix #248 - Reload all accounts when fetching from cache 2016-12-03 18:21:26 +01:00
Eugen Rochko
1d0321fc45 Fix pt translations, improve pre-cache queries, removing will_paginate
from accounts/tags because it's a terribly inefficient way to paginate
large sets of data
2016-12-01 16:26:25 +01:00
Eugen Rochko
6ff93845d5 Add basic OEmbed provider API, fix #247 2016-11-30 23:01:03 +01:00
Eugen Rochko
14bd46946d Per-status control for unlisted mode, also federation for unlisted mode
Fix #233, fix #268
2016-11-30 21:34:59 +01:00
Eugen Rochko
a21bcac9e1 Further abstract caching for includes 2016-11-30 15:57:56 +01:00
Eugen Rochko
356d3874eb Normalize localizations, add stub for admin/accounts 2016-11-30 15:32:26 +01:00
Eugen Rochko
ff21ff1489 Make User#current_sign_in_at actually track when user was last active,
by updating it at least every 24h if the user visits the site
2016-11-30 15:17:03 +01:00
Eugen Rochko
7e90772c92 Unify collection caching code 2016-11-29 15:49:39 +01:00
Eugen Rochko
93a90cd9c3 Delete statuses asynchronously but provide instant feedback in the API 2016-11-29 15:32:25 +01:00
Eugen Rochko
3ba6531611 Fix setting of confirmed=true on successful confirmation 2016-11-28 19:24:49 +01:00
Eugen Rochko
27fc49d745 Add simple admin overview of PuSH subscriptions 2016-11-28 18:45:13 +01:00
Eugen Rochko
2d2c81765b Adding embedded PuSH server 2016-11-28 13:36:47 +01:00
Eugen Rochko
4495baf451 X-RateLimit-Reset formatted with iso8601 2016-11-25 15:21:22 +01:00
Eugen Rochko
8a3745a4df Remove stale entries from cache results 2016-11-25 13:25:40 +01:00
Eugen Rochko
71401659b8 Fix #65 - Options to block notifications from people you don't follow/who don't follow you 2016-11-25 13:13:16 +01:00
Eugen Rochko
8efa081f21 Remove Neo4J 2016-11-24 23:46:27 +01:00
Eugen Rochko
8e34bed7cc Mini Profiler not working well, remove it 2016-11-24 19:59:11 +01:00
Alyssa Ross
cefef2c571 Extract filename obfuscation into module 2016-11-24 00:30:58 +00:00
Andrea Faulds
7161f91313 Rename media to avoid exposing filename (fixes #207) 2016-11-23 21:03:03 +00:00
Eugen Rochko
79a0135869 Cache accounts/:id/statuses and single statuses too 2016-11-23 19:00:43 +01:00
Eugen Rochko
0603971894 Adding sensitive marker to statuses in API 2016-11-23 10:46:48 +01:00
Eugen Rochko
4bdb6a0eaf Rename "publish" to "toot" in english locale, fix lightbox showing old image
before loading new one, cache notifications API, fix missing follow button
on public profiles
2016-11-23 09:20:34 +01:00
Eugen Rochko
cf912e01fd Implement includes caching for timelines APIs 2016-11-23 08:34:35 +01:00
Eugen Rochko
5c78547198 More query optimizations 2016-11-22 23:18:54 +01:00
Eugen Rochko
fc90d38893 Moving some counter queries out of subqueries in the API 2016-11-22 22:59:54 +01:00
Eugen Rochko
45c7ee39b3 Remove unneeded indices, improve error handling in background workers, don't needlessly reload reblogged status, send Devise e-mails asynchronously 2016-11-22 17:32:51 +01:00
Eugen Rochko
1788164352 Local accounts can control "silenced" attribute which removes them from public timeline 2016-11-21 23:06:41 +01:00
Eugen Rochko
627a85f4e4 Better error message in doorkeeper json response 2016-11-21 16:19:35 +01:00
Eugen Rochko
f88ca4a206 Performance improvement for notifications API 2016-11-21 16:10:42 +01:00
Eugen Rochko
52119104b9 Remove some n+1 queries from notifications API 2016-11-21 15:16:04 +01:00
Eugen Rochko
e8c27767aa Remove orphaned notifications, add scopes param to app create API 2016-11-21 14:59:13 +01:00
Eugen Rochko
fb48cc3b74 Desktop notifications 2016-11-21 10:24:50 +01:00
Eugen Rochko
da2ef4d676 Adding unified streamable notifications 2016-11-20 19:39:58 +01:00
Eugen Rochko
7dea6a23f7 Move Salmon processing to background as well as PuSH 2016-11-18 23:24:57 +01:00
Eugen Rochko
2c766bd4b4 Add user locale setting 2016-11-16 17:56:31 +01:00
Eugen Rochko
3ce6ac0ce2 Adding some localizations 2016-11-15 23:02:57 +01:00
Eugen Rochko
4f07fb1f0a Fix #144 - Filter statuses from blocked users out of ancestors/descendants results 2016-11-15 17:33:41 +01:00
Eugen Rochko
fdc17bea58 Fix rubocop issues, introduce usage of frozen literal to improve performance 2016-11-15 16:56:29 +01:00
Eugen Rochko
a91c3ef6ce Delegate processing of incoming PuSH data to background workers 2016-11-15 15:43:33 +01:00
Eugen Rochko
cea28e0c1d Fix wrong link header on followers API, wrong link in tabs component, order
account results
2016-11-14 01:19:25 +01:00
Eugen Rochko
afded319d2 Add limit to search results 2016-11-12 14:49:28 +01:00
Eugen Rochko
09218d4c01 Use full-text search for autosuggestions 2016-11-12 14:36:10 +01:00
Eugen Rochko
17903c6dae Improve filtering of public/hashtag timelines, both in backlog and real-time 2016-11-10 00:03:33 +01:00
Eugen Rochko
448ab18a20 Replace setting custom CORS headers with rack-cors, set it on /oauth/token endpoint 2016-11-09 18:06:01 +01:00
Eugen Rochko
b13e7dda1f API pagination for all collections using Link header 2016-11-09 17:48:44 +01:00
Eugen Rochko
9aecc0f48a Move timelines API from statuses to its own controller, add a check for
resources that require a user context vs those that don't (such as public timeline)

/api/v1/statuses/public   -> /api/v1/timelines/public
/api/v1/statuses/home     -> /api/v1/timelines/home
/api/v1/statuses/mentions -> /api/v1/timelines/mentions
/api/v1/statuses/tag/:tag -> /api/v1/timelines/tag/:tag
2016-11-08 23:29:08 +01:00
Eugen Rochko
a698b767c1 Fix linking of remote hashtags in UI, add public view of hashtags 2016-11-05 17:44:14 +01:00
Eugen Rochko
48b9619439 Adding hashtags 2016-11-05 17:13:14 +01:00
Eugen Rochko
62292797ec Adding hashtag model 2016-11-04 19:12:59 +01:00
Eugen Rochko
3731230c6d Allow @username@domain/@username in follow form, prevent duplicate accounts
created via remote look-up when domains differ but point to the same resource
2016-11-03 16:57:44 +01:00
Eugen Rochko
e4671adc25 Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status 2016-11-03 14:50:22 +01:00
Eugen Rochko
562044f36a Need to disable caching again due to bug in Rabl 2016-11-03 13:59:31 +01:00
Eugen Rochko
9467b900a2 Make cookies https-only if LOCAL_HTTPS is true, set X-Frame-Options to DENY,
add permissive CORS to API controllers
2016-11-02 12:58:15 +01:00
Eugen Rochko
dd03118098 Fix follow icon changing plus to minus, add terms page stub 2016-11-01 18:05:55 +01:00
Eugen Rochko
fa1cc2d05a Limit returned followees/followers by API to 40 for now 2016-10-30 15:14:07 +01:00
Eugen Rochko
e0a197650a Adding common followers API, fixing fallback query again 2016-10-29 01:29:19 +02:00
Eugen Rochko
b746a931a5 Fix OAuth authorization redirect 2016-10-23 12:05:55 +02:00
Eugen Rochko
a9e40a3d80 Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limiting
to the API
2016-10-22 19:39:44 +02:00
Eugen Rochko
04bbc57690 Fix #100 - Add "back" button to certain views
Also fix reloading of timelines after merge-type events
2016-10-19 18:20:19 +02:00
Eugen Rochko
43df35213e Improving all forms 2016-10-18 16:37:15 +02:00
Eugen Rochko
2e0a38d07c Added e-mail edit field to settings, proper format default for webfinger 2016-10-18 03:34:26 +02:00
Eugen Rochko
d5e086a47b Adding application/jrd+json webfinger resource 2016-10-18 02:54:49 +02:00
Eugen Rochko
de1f3aab86 Fix #16 - Optimize n+1 queries when checking reblogged/favourited values for status lists in API 2016-10-16 19:10:16 +02:00
Eugen Rochko
e21a3fe0cd Adding sync of follow relationships to Neo4J, accounts/suggestions API 2016-10-14 23:10:07 +02:00
Eugen Rochko
7a6d95f70c E-mail preferences page 2016-10-14 02:28:49 +02:00
Eugen Rochko
33f7e1cf99 Shorten rendered links (strip protocol and www, truncate to 30 chars), redirect
to sign in page after sign up instead of root path which redirects to /about
2016-10-13 16:51:34 +02:00
Eugen Rochko
157f03f8bd No-op for Salmons without body, fail fast if Webfinger does not contain
all required resource links (profile page, salmon, atom feed, magic key)
2016-10-13 13:41:06 +02:00
Eugen Rochko
68eed8c61f Stop logging incoming Atom 2016-10-10 18:16:39 +02:00
Eugen Rochko
f49ed8c819 Log incoming Atom from PuSH 2016-10-10 17:40:28 +02:00
Eugen Rochko
427ba27641 Public timeline to exclude users you blocked 2016-10-09 15:15:21 +02:00
Eugen Rochko
22a8801dbc Adding domain blocks 2016-10-09 14:48:59 +02:00
Eugen Rochko
1f650d327d Adding public timeline 2016-10-07 16:00:11 +02:00
Eugen Rochko
943c69c65d Fix #73 - Click on in-UI profile avatar/name to open public profile 2016-10-06 23:15:50 +02:00
Eugen Rochko
3554d638b3 Fix #72 - add follow/unfollow button to public profiles 2016-10-06 21:27:58 +02:00
Eugen Rochko
15d01a5e08 Better comparison of "local" domain 2016-10-06 16:36:16 +02:00
Eugen Rochko
b60430fe8f Fix sign-in redirecting "back" to a missing image because missing static files hit the raise_not_found method 2016-10-06 15:42:00 +02:00
Eugen Rochko
2f5b205916 Catch Paperclip errors on /api/v1/media, return early from update profile service if XML given is nil 2016-10-06 14:40:15 +02:00
Eugen Rochko
fe77921e47 Catching more exceptions that slipped through, removing AR logging from
production as it's very verbose and not very useful
2016-10-05 13:26:44 +02:00
Eugen Rochko
7b9a4af311 API for blocking and unblocking 2016-10-03 18:17:06 +02:00
Eugen Rochko
2c9e672ee2 Integrating block relationships into the API (read-only for now) 2016-10-03 17:16:58 +02:00
Eugen Rochko
9d59d7b463 Adding a block model and filter mentions from blocked users (fix #60) 2016-10-03 17:12:13 +02:00
Eugen Rochko
fc198a8b4c Adding e-mail confirmations 2016-10-03 16:51:00 +02:00
Eugen Rochko
188c6f326b Making public pages responsive, removing reblogs/favs counts from them 2016-10-03 00:26:00 +02:00
Eugen Rochko
9fd3d7b6cd Add since_id param to feeds 2016-10-02 22:35:27 +02:00
Eugen Rochko
a0f85774c4 Redirect after sign in to previous page (unless it's a sign in/up/etc page) 2016-10-02 17:11:08 +02:00
Eugen Rochko
6d7290f47c Add API for getting info about authenticated user: /api/v1/accounts/verify_credentials 2016-10-02 16:14:21 +02:00
Eugen Rochko
96ad9b0db1 Meaningful validation errors in API response 2016-09-30 22:31:16 +02:00
Eugen Rochko
62b057b085 Adjust client registration API 2016-09-30 00:03:08 +02:00
Eugen Rochko
ef2b50c9ac Deleting statuses from UI 2016-09-30 00:00:45 +02:00
Eugen Rochko
927333f4f8 Improve code style 2016-09-29 21:28:21 +02:00
Eugen Rochko
e63aebff7a Adding landing page 2016-09-27 23:12:33 +02:00
Eugen Rochko
4f9b7432dd Fix #52 - Add API versioning (v1) 2016-09-27 16:59:08 +02:00
Eugen Rochko
7e14eefc81 Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app
registration API
2016-09-26 23:56:53 +02:00
Eugen Rochko
693383234c Improved style of settings page 2016-09-25 15:48:20 +02:00
Eugen Rochko
3f9708edc4 Change output of api/accounts/:id/follow and unfollow to return relationship
Track relationship in redux state. Display follow/unfollow and following-back
information on account view (unstyled)
2016-09-23 20:23:26 +02:00
Eugen Rochko
c6d893a71d Uploading/undoing media modifies status text. Also: status text trimmed before validation 2016-09-22 21:39:53 +02:00
Eugen Rochko
c0e9603c92 Fix #50 - Order ancestors/descendants by tree path 2016-09-21 23:18:28 +02:00
Eugen Rochko
e46abc71ca Fix notifications in UI, added new API for fetching account relationships 2016-09-21 22:07:18 +02:00
Eugen Rochko
4bec613897 Fix #24 - Thread resolving for remote statuses
This is a big one, so let me enumerate:

Accounts as well as stream entry pages now contain Link headers that
reference the Atom feed and Webfinger URL for the former and Atom entry
for the latter. So you only need to HEAD those resources to get that
information, no need to download and parse HTML <link>s.

ProcessFeedService will now queue ThreadResolveWorker for each remote
status that it cannot find otherwise. Furthermore, entries are now
processed in reverse order (from bottom to top) in case a newer entry
references a chronologically previous one.

ThreadResolveWorker uses FetchRemoteStatusService to obtain a status
and attach the child status it was queued for to it.

FetchRemoteStatusService looks up the URL, first with a HEAD, tests
if it's an Atom feed, in which case it processes it directly. Next
for Link headers to the Atom feed, in which case that is fetched
and processed. Lastly if it's HTML, it is checked for <link>s to the Atom
feed, and if such is found, that is fetched and processed. The account for
the status is derived from author/name attribute in the XML and the hostname
in the URL (domain). FollowRemoteAccountService and ProcessFeedService
are used.

This means that potentially threads are resolved recursively until a dead-end
is encountered, however it is performed asynchronously over background jobs,
so it should be ok.
2016-09-21 01:50:31 +02:00
Eugen Rochko
1d2856c2af Since GNU Social hubs don't seem to return a hub.lease_seconds param in the subscription confirmation request,
we'll have to default that value to the GS "minimum" (from their code) which is 24 hours.
2016-09-20 03:24:04 +02:00
Eugen Rochko
246330493b More debugging for PuSH confirmations 2016-09-20 03:18:55 +02:00
Eugen Rochko
a66d34878c Add more logging to PuSH callback 2016-09-20 03:12:23 +02:00
Eugen Rochko
608a2bfffc Upgrade to PubSubHubbub 0.4 (removing verify_token) 2016-09-20 02:43:20 +02:00
Eugen Rochko
059ebbf48d Separate PuSH subscriptions from following, add mastodon:push:refresh task,
respect hub.lease_seconds (fix #46)
2016-09-20 00:43:36 +02:00
Eugen Rochko
adffc7a495 Fix #43 2016-09-18 12:28:49 +02:00
Eugen Rochko
bd5ad304ba Adding media controller, 1 webm/compose form allowed, previews generated 2016-09-17 17:47:26 +02:00
Eugen Rochko
0e9c1a297a Improved error handling for FollowRemoteService 2016-09-17 17:03:36 +02:00
Eugen Rochko
8c0b19012b Fix #41, debug #42 2016-09-17 16:36:10 +02:00
Eugen Rochko
5b0cef9781 Setting up preliminary "detailed" routes in the UI, new API end-point for fetching status context 2016-09-16 00:21:51 +02:00
Eugen Rochko
d6a64f45fd Adding a notification stack for error messages 2016-09-12 19:20:55 +02:00
Eugen Rochko
762157ee4e Fix for single status pages 2016-09-08 21:23:29 +02:00
Eugen Rochko
85d89b472d Optimized n+1 queries in accounts Atom and HTML views
Added stack trace for SQL queries in development
Removed badly thought out accounts/lookup API
2016-09-08 20:36:01 +02:00
Eugen Rochko
509c18eb13 Fix local follows, 404 in logs 2016-09-08 02:40:51 +02:00
Eugen Rochko
0f4bc56719 Improving production logs, removing n+1 on media attachments in atom,
adding attachments display to static views
2016-09-08 01:24:26 +02:00
Eugen Rochko
eec0dc46a6 PostStatusService can attach media to status, ProcessFeedService likewise 2016-09-05 18:39:53 +02:00
Eugen Rochko
ae1fac0062 Add API to upload media attachments 2016-09-05 17:46:36 +02:00
Eugen Rochko
b5ebf99439 Possibly fix issue with stale favourite/reblog information after API call 2016-09-04 21:28:48 +02:00
Eugen Rochko
54ea7f5dfe Case-insensitive search by usernames 2016-09-04 21:06:04 +02:00
Eugen Rochko
92afd29650 The frontend will now be an OAuth app, auto-authorized. The frontend will use an access token for API requests
Adding better errors for the API controllers, posting a simple status works from the frontend now
2016-08-26 19:12:19 +02:00
Eugen Rochko
bc0692d75b Removing mini-profiler that doesn't work, formatting timelines a bit better 2016-08-24 19:23:37 +02:00
Eugen Rochko
49520d6e62 Adding React.js, Redux, revamping dashboard 2016-08-24 17:56:44 +02:00
Eugen Rochko
8985f8e66c Fixing more configuration issues with ActionCable 2016-08-18 18:39:35 +02:00
Eugen Rochko
8459acd123 Fix for force SSL issue with websockets 2016-08-18 17:48:57 +02:00
Eugen Rochko
6426819b6f Fix tests 2016-08-18 17:22:44 +02:00
Eugen Rochko
6deb9f966e Live timelines using ActionCable 2016-08-18 15:49:51 +02:00
Eugen Rochko
10ba09f546 Upgrade to Rails 5.0.0.1 2016-08-17 17:58:00 +02:00
Eugen Rochko
ff2cbc0753 Remember me enabled by default 2016-03-28 00:06:52 +02:00
Eugen Rochko
85b00d19b8 Moving Salmon notifications to background processing, fixing mini-profiler
behaviour with Turbolinks enabled, optimizing Rabl for production
2016-03-26 13:42:10 +01:00
Eugen Rochko
da4b675aca Fix favourite handling in ProcessInteractionService 2016-03-26 01:34:12 +01:00
Eugen Rochko
43bb8a25e7 Remember user logins by default 2016-03-26 01:14:37 +01:00
Eugen Rochko
5764d52b04 Fix Sidekiq pooling issues. Remove API docs from homepage, replace with
a basic home timeline
2016-03-25 16:10:14 +01:00
Eugen Rochko
e24bfbde1a Fixing FanOutOnWriteService, fixing Sidekiq not having enough DB connections
in the pool, adding a throttle of 60rpm per IP, adding mini profiler, adding
admin status to users
2016-03-25 14:12:24 +01:00
Eugen Rochko
a08e724476 Fix subscriptions:clear task, refactor feeds, refactor streamable activites
and atom feed generation to some extent, as well as the way mentions are
stored
2016-03-25 02:13:30 +01:00
Eugen Rochko
9594f0e858 Fix preloading 2016-03-24 13:28:11 +01:00
Eugen Rochko
0f5bbb999c Pre-loading polymorphic associations for Atom feeds 2016-03-24 13:21:53 +01:00
Eugen Rochko
7e58303a8d Limit Atom feeds to 20 items by default, add pagination by max_id
(But there are no Atom feed pagination elements yet)
2016-03-24 12:49:34 +01:00
Eugen Rochko
082e1cbe5a Fix default max_id query in paginate_by_max_id 2016-03-22 21:53:33 +01:00
Eugen Rochko
12559b01ea Add pagination by max_id instead of offset/limit 2016-03-22 21:38:47 +01:00
Eugen Rochko
f14f462eaf Adding Turbolinks, adding status posting form on homepage 2016-03-21 18:26:47 +01:00
Eugen Rochko
c28971c70c Fixed the lookup API method 2016-03-21 17:33:04 +01:00
Eugen Rochko
02696a063e Change default avatar, redirect to home after sign up 2016-03-21 17:18:30 +01:00
Eugen Rochko
9d55529318 Fix text color in dashboard inputs, sanitize remote status content in UI,
simplify FanOutOnWriteService, add /api/accounts/lookup method
2016-03-21 17:02:16 +01:00
Eugen Rochko
7e00a21ea6 Small optimizations in Atom feeds 2016-03-21 10:31:20 +01:00
Eugen Rochko
19a259915e Security update 2016-03-21 10:08:19 +01:00
Eugen Rochko
2ba6537f52 Escape PuSH challenge and change subscriptions and salmon APIs to text/plain 2016-03-21 09:24:29 +01:00
Eugen Rochko
b640f35621 Writing out more tests, fixed some bugs 2016-03-20 13:03:06 +01:00
Eugen Rochko
e14b76c7cb On following/followers pages, show most recent first 2016-03-19 22:54:40 +01:00
Eugen Rochko
71ae4dd3d2 Adding public following and followers pages, fix #3 2016-03-19 14:02:30 +01:00
Eugen Rochko
c349200761 Removing some unused gems, adding pagination to profiles, fix #10 2016-03-19 12:49:34 +01:00
Eugen Rochko
9a7485d034 Fix typo on /api/accounts/:id/statuses, fix potential case-sensitivity issue
when registering incoming status mentions, add Travis CI file
2016-03-18 23:23:19 +01:00
Eugen Rochko
323474c97e Fix #2, add rake task for PuSH-unsubscribing from remote users who have no
local followers. Remote users' usernames SHOULD be case-sensitive
2016-03-17 12:02:45 +01:00
Eugen Rochko
9cb690c706 Access tokens no longer expire, case-insensitive local username validation, as well as case-insensitive Webfinger look-up 2016-03-16 18:29:52 +01:00
Eugen Rochko
6fec8afc3f Bind oauth applications to users 2016-03-14 17:49:13 +01:00