don't send spammy mentions

avoids issues with model caching being incompatible across versions

.buildpacks

@@ -1,3 +1,4 @@
 https://github.com/heroku/heroku-buildpack-apt
 https://github.com/Scalingo/ffmpeg-buildpack
+https://github.com/Scalingo/nodejs-buildpack
 https://github.com/Scalingo/ruby-buildpack

.circleci/config.yml

@@ -3,15 +3,13 @@ version: 2
 aliases:
   - &defaults
     docker:
-      - image: circleci/ruby:2.7-buster-node
+      - image: circleci/ruby:2.6.0-stretch-node
         environment: &ruby_environment
-          BUNDLE_JOBS: 3
-          BUNDLE_RETRY: 3
           BUNDLE_APP_CONFIG: ./.bundle/
-          BUNDLE_PATH: ./vendor/bundle/
           DB_HOST: localhost
           DB_USER: root
           RAILS_ENV: test
+          PARALLEL_TEST_PROCESSORS: 4
           ALLOW_NOPAM: true
           CONTINUOUS_INTEGRATION: true
           DISABLE_SIMPLECOV: true
@@ -33,25 +31,25 @@ aliases:
   - &restore_ruby_dependencies
     restore_cache:
       keys:
-        - v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
-        - v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-
-        - v3-ruby-dependencies-
+        - v2-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
+        - v2-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-
+        - v2-ruby-dependencies-
 
   - &install_steps
     steps:
       - checkout
       - *attach_workspace
+
       - restore_cache:
           keys:
-            - v2-node-dependencies-{{ checksum "yarn.lock" }}
-            - v2-node-dependencies-
-      - run:
-          name: Install yarn dependencies
-          command: yarn install --frozen-lockfile
+            - v1-node-dependencies-{{ checksum "yarn.lock" }}
+            - v1-node-dependencies-
+      - run: yarn install --frozen-lockfile
       - save_cache:
-          key: v2-node-dependencies-{{ checksum "yarn.lock" }}
+          key: v1-node-dependencies-{{ checksum "yarn.lock" }}
           paths:
             - ./node_modules/
+
       - *persist_to_workspace
 
   - &install_system_dependencies
@@ -64,25 +62,14 @@ aliases:
   - &install_ruby_dependencies
       steps:
         - *attach_workspace
+
         - *install_system_dependencies
-        - run:
-            name: Set Ruby version
-            command: ruby -e 'puts RUBY_VERSION' | tee /tmp/.ruby-version
+
+        - run: ruby -e 'puts RUBY_VERSION' | tee /tmp/.ruby-version
         - *restore_ruby_dependencies
-        - run:
-            name: Set bundler settings
-            command: |
-              bundle config --local clean 'true'
-              bundle config --local deployment 'true'
-              bundle config --local with 'pam_authentication'
-              bundle config --local without 'development production'
-              bundle config --local frozen 'true'
-              bundle config --local path $BUNDLE_PATH
-        - run:
-            name: Install bundler dependencies
-            command: bundle check || (bundle install && bundle clean)
+        - run: bundle install --clean --jobs 16 --path ./vendor/bundle/ --retry 3 --with pam_authentication --without development production && bundle clean
         - save_cache:
-            key: v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
+            key: v2-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
             paths:
               - ./.bundle/
               - ./vendor/bundle/
@@ -93,39 +80,39 @@ aliases:
                 - ./mastodon/vendor/bundle/
 
   - &test_steps
-      parallelism: 4
       steps:
         - *attach_workspace
+
         - *install_system_dependencies
+        - run: sudo apt-get install -y ffmpeg
+
         - run:
-            name: Install FFMPEG
-            command: sudo apt-get install -y ffmpeg
+            name: Prepare Tests
+            command: ./bin/rails parallel:create parallel:load_schema parallel:prepare
         - run:
-            name: Load database schema
-            command: ./bin/rails db:create db:schema:load db:seed
-        - run:
-            name: Run rspec in parallel
-            command: |
-              bundle exec rspec --profile 10 \
-                                --format RspecJunitFormatter \
-                                --out test_results/rspec.xml \
-                                --format progress \
-                                $(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)
-        - store_test_results:
-            path: test_results
+            name: Run Tests
+            command: ./bin/retry bundle exec parallel_test ./spec/ --group-by filesize --type rspec
+
 jobs:
   install:
     <<: *defaults
     <<: *install_steps
 
-  install-ruby2.7:
+  install-ruby2.6:
     <<: *defaults
     <<: *install_ruby_dependencies
 
-  install-ruby2.6:
+  install-ruby2.5:
     <<: *defaults
     docker:
-      - image: circleci/ruby:2.6-buster-node
+      - image: circleci/ruby:2.5.3-stretch-node
+        environment: *ruby_environment
+    <<: *install_ruby_dependencies
+
+  install-ruby2.4:
+    <<: *defaults
+    docker:
+      - image: circleci/ruby:2.4.5-stretch-node
         environment: *ruby_environment
     <<: *install_ruby_dependencies
 
@@ -134,116 +121,97 @@ jobs:
     steps:
       - *attach_workspace
       - *install_system_dependencies
-      - run:
-          name: Precompile assets
-          command: ./bin/rails assets:precompile
+      - run: ./bin/rails assets:precompile
       - persist_to_workspace:
           root: ~/projects/
           paths:
               - ./mastodon/public/assets
               - ./mastodon/public/packs-test/
 
-  test-migrations:
-    <<: *defaults
-    docker:
-      - image: circleci/ruby:2.7-buster-node
-        environment: *ruby_environment
-      - image: circleci/postgres:12.2
-        environment:
-          POSTGRES_USER: root
-          POSTGRES_HOST_AUTH_METHOD: trust
-      - image: circleci/redis:5-alpine
-    steps:
-      - *attach_workspace
-      - *install_system_dependencies
-      - run:
-          name: Create database
-          command: ./bin/rails db:create
-      - run:
-          name: Run migrations
-          command: ./bin/rails db:migrate
-
-  test-ruby2.7:
-    <<: *defaults
-    docker:
-      - image: circleci/ruby:2.7-buster-node
-        environment: *ruby_environment
-      - image: circleci/postgres:12.2
-        environment:
-          POSTGRES_USER: root
-          POSTGRES_HOST_AUTH_METHOD: trust
-      - image: circleci/redis:5-alpine
-    <<: *test_steps
-
   test-ruby2.6:
     <<: *defaults
     docker:
-      - image: circleci/ruby:2.6-buster-node
+      - image: circleci/ruby:2.6.0-stretch-node
         environment: *ruby_environment
-      - image: circleci/postgres:12.2
+      - image: circleci/postgres:10.6-alpine
         environment:
           POSTGRES_USER: root
-          POSTGRES_HOST_AUTH_METHOD: trust
-      - image: circleci/redis:5-alpine
+      - image: circleci/redis:5.0.3-alpine3.8
+    <<: *test_steps
+
+  test-ruby2.5:
+    <<: *defaults
+    docker:
+      - image: circleci/ruby:2.5.3-stretch-node
+        environment: *ruby_environment
+      - image: circleci/postgres:10.6-alpine
+        environment:
+          POSTGRES_USER: root
+      - image: circleci/redis:4.0.12-alpine
+    <<: *test_steps
+
+  test-ruby2.4:
+    <<: *defaults
+    docker:
+      - image: circleci/ruby:2.4.5-stretch-node
+        environment: *ruby_environment
+      - image: circleci/postgres:10.6-alpine
+        environment:
+          POSTGRES_USER: root
+      - image: circleci/redis:4.0.12-alpine
     <<: *test_steps
 
   test-webui:
     <<: *defaults
     docker:
-      - image: circleci/node:12-buster
+      - image: circleci/node:8.15.0-stretch
     steps:
       - *attach_workspace
-      - run:
-          name: Run jest
-          command: yarn test:jest
+      - run: ./bin/retry yarn test:jest
 
   check-i18n:
     <<: *defaults
     steps:
       - *attach_workspace
-      - *install_system_dependencies
-      - run:
-          name: Check locale file normalization
-          command: bundle exec i18n-tasks check-normalized
-      - run:
-          name: Check for unused strings
-          command: bundle exec i18n-tasks unused -l en
-      - run:
-          name: Check for wrong string interpolations
-          command: bundle exec i18n-tasks check-consistent-interpolations
-      - run:
-          name: Check that all required locale files exist
-          command: bundle exec rake repo:check_locales_files
+      - run: bundle exec i18n-tasks check-normalized
+      - run: bundle exec i18n-tasks unused
+      - run: bundle exec i18n-tasks missing -t plural
+      - run: bundle exec i18n-tasks check-consistent-interpolations
 
 workflows:
   version: 2
   build-and-test:
     jobs:
       - install
-      - install-ruby2.7:
-          requires:
-            - install
       - install-ruby2.6:
           requires:
             - install
-            - install-ruby2.7
+      - install-ruby2.5:
+          requires:
+            - install
+            - install-ruby2.6
+      - install-ruby2.4:
+          requires:
+            - install
+            - install-ruby2.6
       - build:
           requires:
-            - install-ruby2.7
-      - test-migrations:
-          requires:
-            - install-ruby2.7
-      - test-ruby2.7:
-          requires:
-            - install-ruby2.7
-            - build
+            - install-ruby2.6
       - test-ruby2.6:
           requires:
             - install-ruby2.6
             - build
+      - test-ruby2.5:
+          requires:
+            - install-ruby2.5
+            - build
+      - test-ruby2.4:
+          requires:
+            - install-ruby2.4
+            - build
       - test-webui:
           requires:
             - install
       - check-i18n:
           requires:
-            - install-ruby2.7
+            - install-ruby2.6

.codeclimate.yml

@@ -27,11 +27,11 @@ plugins:
     enabled: true
   eslint:
     enabled: true
-    channel: eslint-7
+    channel: eslint-5
   rubocop:
     enabled: true
-    channel: rubocop-0-92
-  sass-lint:
+    channel: rubocop-0-54
+  scss-lint:
     enabled: true
 exclude_patterns:
 - spec/

.env.nanobox

@@ -11,14 +11,24 @@ DB_NAME=gonano
 DB_PASS=$DATA_DB_PASS
 DB_PORT=5432
 
-# DATABASE_URL=postgresql://$DATA_DB_USER:$DATA_DB_PASS@$DATA_DB_HOST/gonano
+DATABASE_URL=postgresql://$DATA_DB_USER:$DATA_DB_PASS@$DATA_DB_HOST/gonano
 
 # Optional ElasticSearch configuration
 ES_ENABLED=true
 ES_HOST=$DATA_ELASTIC_HOST
 ES_PORT=9200
 
-BIND=0.0.0.0
+# Optimizations
+LD_PRELOAD=/data/lib/libjemalloc.so
+
+# ImageMagick optimizations
+MAGICK_TEMPORARY_PATH=/app/tmp
+MAGICK_MEMORY_LIMIT=128MiB
+MAGICK_MAP_LIMIT=64MiB
+MAGICK_TIME_LIMIT=15
+MAGICK_AREA_LIMIT=16MP
+MAGICK_WIDTH_LIMIT=8KP
+MAGICK_HEIGHT_LIMIT=8KP
 
 # Federation
 # Note: Changing LOCAL_DOMAIN at a later time will cause unwanted side effects, including breaking all existing federation.
@@ -74,7 +84,6 @@ SMTP_PORT=587
 SMTP_LOGIN=$SMTP_LOGIN
 SMTP_PASSWORD=$SMTP_PASSWORD
 SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
-#SMTP_REPLY_TO=
 #SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
 #SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
 #SMTP_AUTH_METHOD=plain
@@ -88,17 +97,9 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
 # PAPERCLIP_ROOT_URL=/system
 
 # Optional asset host for multi-server setups
-# The asset host must allow cross origin request from WEB_DOMAIN or LOCAL_DOMAIN
-# if WEB_DOMAIN is not set. For example, the server may have the
-# following header field:
-# Access-Control-Allow-Origin: https://example.com/
 # CDN_HOST=https://assets.example.com
 
 # S3 (optional)
-# The attachment host must allow cross origin request from WEB_DOMAIN or
-# LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the
-# following header field:
-# Access-Control-Allow-Origin: https://192.168.1.123:9000/
 # S3_ENABLED=true
 # S3_BUCKET=
 # AWS_ACCESS_KEY_ID=
@@ -108,8 +109,6 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
 # S3_HOSTNAME=192.168.1.123:9000
 
 # S3 (Minio Config (optional) Please check Minio instance for details)
-# The attachment host must allow cross origin request - see the description
-# above.
 # S3_ENABLED=true
 # S3_BUCKET=
 # AWS_ACCESS_KEY_ID=
@@ -120,30 +119,12 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
 # S3_ENDPOINT=
 # S3_SIGNATURE_VERSION=
 
-# Google Cloud Storage (optional)
-# Use S3 compatible API. Since GCS does not support Multipart Upload,
-# increase the value of S3_MULTIPART_THRESHOLD to disable Multipart Upload.
-# The attachment host must allow cross origin request - see the description
-# above.
-# S3_ENABLED=true
-# AWS_ACCESS_KEY_ID=
-# AWS_SECRET_ACCESS_KEY=
-# S3_REGION=
-# S3_PROTOCOL=https
-# S3_HOSTNAME=storage.googleapis.com
-# S3_ENDPOINT=https://storage.googleapis.com
-# S3_MULTIPART_THRESHOLD=52428801 # 50.megabytes
-
 # Swift (optional)
-# The attachment host must allow cross origin request - see the description
-# above.
 # SWIFT_ENABLED=true
 # SWIFT_USERNAME=
 # For Keystone V3, the value for SWIFT_TENANT should be the project name
 # SWIFT_TENANT=
 # SWIFT_PASSWORD=
-# Some OpenStack V3 providers require PROJECT_ID (optional)
-# SWIFT_PROJECT_ID=
 # Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid
 # issues with token rate-limiting during high load.
 # SWIFT_AUTH_URL=
@@ -183,11 +164,6 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
 # LDAP_BIND_DN=
 # LDAP_PASSWORD=
 # LDAP_UID=cn
-# LDAP_MAIL=mail
-# LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email}))
-# LDAP_UID_CONVERSION_ENABLED=true
-# LDAP_UID_CONVERSION_SEARCH=., -
-# LDAP_UID_CONVERSION_REPLACE=_
 
 # PAM authentication (optional)
 # PAM authentication uses for the email generation the "email" pam variable
@@ -195,8 +171,8 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
 # The pam environment variable "email" is provided by:
 # https://github.com/devkral/pam_email_extractor
 # PAM_ENABLED=true
-# Fallback email domain for email address generation (LOCAL_DOMAIN by default)
-# PAM_EMAIL_DOMAIN=example.com
+# Fallback Suffix for email address generation (nil by default)
+# PAM_DEFAULT_SUFFIX=pam
 # Name of the pam service (pam "auth" section is evaluated)
 # PAM_DEFAULT_SERVICE=rpam
 # Name of the pam service used for checking if an user can register (pam "account" section is evaluated) (nil (disabled) by default)
@@ -231,8 +207,8 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
 
 # Optional SAML authentication (cf. omniauth-saml)
 # SAML_ENABLED=true
-# SAML_ACS_URL=http://localhost:3000/auth/auth/saml/callback
-# SAML_ISSUER=https://example.com
+# SAML_ACS_URL=
+# SAML_ISSUER=http://localhost:3000/auth/auth/saml/callback
 # SAML_IDP_SSO_TARGET_URL=https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO
 # SAML_IDP_CERT=
 # SAML_IDP_CERT_FINGERPRINT=
@@ -244,14 +220,7 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
 # SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
 # SAML_ATTRIBUTES_STATEMENTS_UID="urn:oid:0.9.2342.19200300.100.1.1"
 # SAML_ATTRIBUTES_STATEMENTS_EMAIL="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
-# SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.16.840.1.113730.3.1.241"
-# SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME="urn:oid:2.5.4.42"
-# SAML_ATTRIBUTES_STATEMENTS_LAST_NAME="urn:oid:2.5.4.4"
+# SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.5.4.42"
 # SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
 # SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
 # SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
-
-# Use HTTP proxy for outgoing request (optional)
-# http_proxy=http://gateway.local:8118
-# Access control for hidden service.
-# ALLOW_ACCESS_TO_HIDDEN_SERVICE=true

.env.production.sample

@@ -1,60 +1,232 @@
-# This is a sample configuration file. You can generate your configuration
-# with the `rake mastodon:setup` interactive setup wizard, but to customize
-# your setup even further, you'll need to edit it manually. This sample does
-# not demonstrate all available configuration options. Please look at
-# https://docs.joinmastodon.org/admin/config/ for the full documentation.
-
-# Federation
-# ----------
-# This identifies your server and cannot be changed safely later
-# ----------
-LOCAL_DOMAIN=example.com
-
-# Redis
-# -----
-REDIS_HOST=localhost
+# Service dependencies
+# You may set REDIS_URL instead for more advanced options
+# You may also set REDIS_NAMESPACE to share Redis between multiple Mastodon servers
+REDIS_HOST=redis
 REDIS_PORT=6379
-
-# PostgreSQL
-# ----------
-DB_HOST=/var/run/postgresql
-DB_USER=mastodon
-DB_NAME=mastodon_production
+# You may set DATABASE_URL instead for more advanced options
+DB_HOST=db
+DB_USER=postgres
+DB_NAME=postgres
 DB_PASS=
 DB_PORT=5432
+# Optional ElasticSearch configuration
+# ES_ENABLED=true
+# ES_HOST=es
+# ES_PORT=9200
 
-# ElasticSearch (optional)
-# ------------------------
-ES_ENABLED=true
-ES_HOST=localhost
-ES_PORT=9200
+# Federation
+# Note: Changing LOCAL_DOMAIN at a later time will cause unwanted side effects, including breaking all existing federation.
+# LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com.
+LOCAL_DOMAIN=example.com
 
-# Secrets
-# -------
-# Make sure to use `rake secret` to generate secrets
-# -------
+# Changing LOCAL_HTTPS in production is no longer supported. (Mastodon will always serve https:// links)
+
+# Use this only if you need to run mastodon on a different domain than the one used for federation.
+# You can read more about this option on https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Serving_a_different_domain.md
+# DO *NOT* USE THIS UNLESS YOU KNOW *EXACTLY* WHAT YOU ARE DOING.
+# WEB_DOMAIN=mastodon.example.com
+
+# Use this if you want to have several aliases handler@example1.com
+# handler@example2.com etc. for the same user. LOCAL_DOMAIN should not
+# be added. Comma separated values
+# ALTERNATE_DOMAINS=example1.com,example2.com
+
+# Application secrets
+# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
 SECRET_KEY_BASE=
 OTP_SECRET=
 
-# Web Push
-# --------
-# Generate with `rake mastodon:webpush:generate_vapid_key`
-# --------
+# VAPID keys (used for push notifications
+# You can generate the keys using the following command (first is the private key, second is the public one)
+# You should only generate this once per instance. If you later decide to change it, all push subscription will
+# be invalidated, requiring the users to access the website again to resubscribe.
+#
+# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
+#
+# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
 VAPID_PRIVATE_KEY=
 VAPID_PUBLIC_KEY=
 
-# Sending mail
-# ------------
+# Registrations
+# Single user mode will disable registrations and redirect frontpage to the first profile
+# SINGLE_USER_MODE=true
+# Prevent registrations with following e-mail domains
+# EMAIL_DOMAIN_BLACKLIST=example1.com|example2.de|etc
+# Only allow registrations with the following e-mail domains
+# EMAIL_DOMAIN_WHITELIST=example1.com|example2.de|etc
+
+# Optionally change default language
+# DEFAULT_LOCALE=de
+
+# E-mail configuration
+# Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers
+# If you want to use an SMTP server without authentication (e.g local Postfix relay)
+# then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and
+# *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).
 SMTP_SERVER=smtp.mailgun.org
 SMTP_PORT=587
 SMTP_LOGIN=
 SMTP_PASSWORD=
-SMTP_FROM_ADDRESS=notificatons@example.com
+SMTP_FROM_ADDRESS=notifications@example.com
+#SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
+#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
+#SMTP_AUTH_METHOD=plain
+#SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt
+#SMTP_OPENSSL_VERIFY_MODE=peer
+#SMTP_ENABLE_STARTTLS_AUTO=true
+#SMTP_TLS=true
 
-# File storage (optional)
-# -----------------------
-S3_ENABLED=true
-S3_BUCKET=files.example.com
-AWS_ACCESS_KEY_ID=
-AWS_SECRET_ACCESS_KEY=
-S3_ALIAS_HOST=files.example.com
+# Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.
+# PAPERCLIP_ROOT_PATH=/var/lib/mastodon/public-system
+# PAPERCLIP_ROOT_URL=/system
+
+# Optional asset host for multi-server setups
+# The asset host must allow cross origin request from WEB_DOMAIN or LOCAL_DOMAIN
+# if WEB_DOMAIN is not set. For example, the server may have the
+# following header field:
+# Access-Control-Allow-Origin: https://example.com/
+# CDN_HOST=https://assets.example.com
+
+# S3 (optional)
+# The attachment host must allow cross origin request from WEB_DOMAIN or
+# LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the
+# following header field:
+# Access-Control-Allow-Origin: https://192.168.1.123:9000/
+# S3_ENABLED=true
+# S3_BUCKET=
+# AWS_ACCESS_KEY_ID=
+# AWS_SECRET_ACCESS_KEY=
+# S3_REGION=
+# S3_PROTOCOL=http
+# S3_HOSTNAME=192.168.1.123:9000
+
+# S3 (Minio Config (optional) Please check Minio instance for details)
+# The attachment host must allow cross origin request - see the description
+# above.
+# S3_ENABLED=true
+# S3_BUCKET=
+# AWS_ACCESS_KEY_ID=
+# AWS_SECRET_ACCESS_KEY=
+# S3_REGION=
+# S3_PROTOCOL=https
+# S3_HOSTNAME=
+# S3_ENDPOINT=
+# S3_SIGNATURE_VERSION=
+
+# Swift (optional)
+# The attachment host must allow cross origin request - see the description
+# above.
+# SWIFT_ENABLED=true
+# SWIFT_USERNAME=
+# For Keystone V3, the value for SWIFT_TENANT should be the project name
+# SWIFT_TENANT=
+# SWIFT_PASSWORD=
+# Some OpenStack V3 providers require PROJECT_ID (optional)
+# SWIFT_PROJECT_ID=
+# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid
+# issues with token rate-limiting during high load.
+# SWIFT_AUTH_URL=
+# SWIFT_CONTAINER=
+# SWIFT_OBJECT_URL=
+# SWIFT_REGION=
+# Defaults to 'default'
+# SWIFT_DOMAIN_NAME=
+# Defaults to 60 seconds. Set to 0 to disable
+# SWIFT_CACHE_TTL=
+
+# Optional alias for S3 (e.g. to serve files on a custom domain, possibly using Cloudfront or Cloudflare)
+# S3_ALIAS_HOST=
+
+# Streaming API integration
+# STREAMING_API_BASE_URL=
+
+# Advanced settings
+# If you need to use pgBouncer, you need to disable prepared statements:
+# PREPARED_STATEMENTS=false
+
+# Cluster number setting for streaming API server.
+# If you comment out following line, cluster number will be `numOfCpuCores - 1`.
+STREAMING_CLUSTER_NUM=1
+
+# Docker mastodon user
+# If you use Docker, you may want to assign UID/GID manually.
+# UID=1000
+# GID=1000
+
+# LDAP authentication (optional)
+# LDAP_ENABLED=true
+# LDAP_HOST=localhost
+# LDAP_PORT=389
+# LDAP_METHOD=simple_tls
+# LDAP_BASE=
+# LDAP_BIND_DN=
+# LDAP_PASSWORD=
+# LDAP_UID=cn
+# LDAP_SEARCH_FILTER="%{uid}=%{email}"
+
+# PAM authentication (optional)
+# PAM authentication uses for the email generation the "email" pam variable
+# and optional as fallback PAM_DEFAULT_SUFFIX
+# The pam environment variable "email" is provided by:
+# https://github.com/devkral/pam_email_extractor
+# PAM_ENABLED=true
+# Fallback email domain for email address generation (LOCAL_DOMAIN by default)
+# PAM_EMAIL_DOMAIN=example.com
+# Name of the pam service (pam "auth" section is evaluated)
+# PAM_DEFAULT_SERVICE=rpam
+# Name of the pam service used for checking if an user can register (pam "account" section is evaluated) (nil (disabled) by default)
+# PAM_CONTROLLED_SERVICE=rpam
+
+# Global OAuth settings (optional) :
+# If you have only one strategy, you may want to enable this
+# OAUTH_REDIRECT_AT_SIGN_IN=true
+
+# Optional CAS authentication (cf. omniauth-cas) :
+# CAS_ENABLED=true
+# CAS_URL=https://sso.myserver.com/
+# CAS_HOST=sso.myserver.com/
+# CAS_PORT=443
+# CAS_SSL=true
+# CAS_VALIDATE_URL=
+# CAS_CALLBACK_URL=
+# CAS_LOGOUT_URL=
+# CAS_LOGIN_URL=
+# CAS_UID_FIELD='user'
+# CAS_CA_PATH=
+# CAS_DISABLE_SSL_VERIFICATION=false
+# CAS_UID_KEY='user'
+# CAS_NAME_KEY='name'
+# CAS_EMAIL_KEY='email'
+# CAS_NICKNAME_KEY='nickname'
+# CAS_FIRST_NAME_KEY='firstname'
+# CAS_LAST_NAME_KEY='lastname'
+# CAS_LOCATION_KEY='location'
+# CAS_IMAGE_KEY='image'
+# CAS_PHONE_KEY='phone'
+
+# Optional SAML authentication (cf. omniauth-saml)
+# SAML_ENABLED=true
+# SAML_ACS_URL=
+# SAML_ISSUER=http://localhost:3000/auth/auth/saml/callback
+# SAML_IDP_SSO_TARGET_URL=https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO
+# SAML_IDP_CERT=
+# SAML_IDP_CERT_FINGERPRINT=
+# SAML_NAME_IDENTIFIER_FORMAT=
+# SAML_CERT=
+# SAML_PRIVATE_KEY=
+# SAML_SECURITY_WANT_ASSERTION_SIGNED=true
+# SAML_SECURITY_WANT_ASSERTION_ENCRYPTED=true
+# SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
+# SAML_ATTRIBUTES_STATEMENTS_UID="urn:oid:0.9.2342.19200300.100.1.1"
+# SAML_ATTRIBUTES_STATEMENTS_EMAIL="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
+# SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.16.840.1.113730.3.1.241"
+# SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME="urn:oid:2.5.4.42"
+# SAML_ATTRIBUTES_STATEMENTS_LAST_NAME="urn:oid:2.5.4.4"
+# SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
+# SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
+# SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
+
+# Use HTTP proxy for outgoing request (optional)
+# http_proxy=http://gateway.local:8118
+# Access control for hidden service.
+# ALLOW_ACCESS_TO_HIDDEN_SERVICE=true

.env.test

@@ -1,5 +1,5 @@
 # Node.js
-NODE_ENV=tests
+NODE_ENV=test
 # Federation
 LOCAL_DOMAIN=cb6e6126.ngrok.io
 LOCAL_HTTPS=true

.env.vagrant

@@ -1,4 +1,2 @@
 VAGRANT=true
 LOCAL_DOMAIN=mastodon.local
-BIND=0.0.0.0
-DB_HOST=/var/run/postgresql/

.eslintrc.js

@@ -199,11 +199,6 @@ module.exports = {
     'import/no-unresolved': 'error',
     'import/no-webpack-loader-syntax': 'error',
 
-    'promise/catch-or-return': [
-      'error',
-      {
-        allowFinally: true,
-      },
-    ],
+    'promise/catch-or-return': 'error',
   },
 };

.github/FUNDING.yml

@@ -1,3 +0,0 @@
-patreon: mastodon
-open_collective: mastodon
-github: [Gargron]

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,7 +1,7 @@
 ---
 name: Bug Report
 about: If something isn't working as expected
-labels: bug
+
 ---
 
 <!-- Make sure that you are submitting a new bug that was not previously reported or already fixed -->

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: Mastodon Meta Discussion Board
-    url: https://discourse.joinmastodon.org/
-    about: Please ask and answer questions here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,6 +1,7 @@
 ---
 name: Feature Request
 about: I have a suggestion
+
 ---
 
 <!-- Please use a concise and distinct title for the issue -->

.github/dependabot.yml

@@ -1,22 +0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
-  - package-ecosystem: npm
-    directory: "/"
-    schedule:
-      interval: weekly
-    open-pull-requests-limit: 99
-    allow:
-      - dependency-type: direct
-
-  - package-ecosystem: bundler
-    directory: "/"
-    schedule:
-      interval: weekly
-    open-pull-requests-limit: 99
-    allow:
-      - dependency-type: direct

.github/stale.yml

@@ -1,10 +0,0 @@
-daysUntilStale: 120
-daysUntilClose: 7
-exemptLabels:
-  - security
-staleLabel: wontfix
-markComment: >
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no further activity occurs. Thank you
-  for your contributions.
-only: pulls

.gitignore

@@ -13,40 +13,33 @@
 /db/*.sqlite3-journal
 
 # Ignore all logfiles and tempfiles.
-.eslintcache
 /log/*
 !/log/.keep
 /tmp
-/coverage
-/public/system
-/public/assets
-/public/packs
-/public/packs-test
+coverage
+public/system
+public/assets
+public/packs
+public/packs-test
 .env
 .env.production
-.env.development
-/node_modules/
-/build/
+node_modules/
+build/
 
 # Ignore Vagrant files
 .vagrant/
 
 # Ignore Capistrano customizations
-/config/deploy/*
+config/deploy/*
 
 # Ignore IDE files
 .vscode/
 .idea/
 
 # Ignore postgres + redis + elasticsearch volume optionally created by docker-compose
-/postgres
-/redis
-/elasticsearch
-
-# ignore Helm lockfile, dependency charts, and local values file
-/chart/Chart.lock
-/chart/charts/*.tgz
-/chart/values.yaml
+postgres
+redis
+elasticsearch
 
 # Ignore Apple files
 .DS_Store
@@ -62,8 +55,6 @@ npm-debug.log
 yarn-error.log
 yarn-debug.log
 
-# Ignore vagrant log files
-*-cloudimg-console.log
-
 # Ignore Docker option files
 docker-compose.override.yml
+

.nvmrc

@@ -1 +1 @@
-12
+8

.rubocop.yml

@@ -1,8 +1,5 @@
-require:
-  - rubocop-rails
-
 AllCops:
-  TargetRubyVersion: 2.4
+  TargetRubyVersion: 2.3
   Exclude:
   - 'spec/**/*'
   - 'db/**/*'
@@ -25,78 +22,34 @@ Layout/AccessModifierIndentation:
 Layout/EmptyLineAfterMagicComment:
   Enabled: false
 
-Layout/EmptyLineAfterGuardClause:
-  Enabled: false
-
-Layout/EmptyLinesAroundAttributeAccessor:
-  Enabled: true
-
-Layout/HashAlignment:
-  Enabled: false
-  # EnforcedHashRocketStyle: table
-  # EnforcedColonStyle: table
-
-Layout/SpaceAroundMethodCallOperator:
-  Enabled: true
-
 Layout/SpaceInsideHashLiteralBraces:
   EnforcedStyle: space
 
-Lint/DeprecatedOpenSSLConstant:
-  Enabled: true
-
-Lint/DuplicateElsifCondition:
-  Enabled: true
-
-Lint/MixedRegexpCaptureTypes:
-  Enabled: true
-
-Lint/RaiseException:
-  Enabled: true
-
-Lint/StructNewOverride:
-  Enabled: true
-
-Lint/UselessAccessModifier:
-  ContextCreatingMethods:
-    - class_methods
-
 Metrics/AbcSize:
   Max: 100
-  Exclude:
-    - 'lib/mastodon/*_cli.rb'
 
 Metrics/BlockLength:
-  Max: 55
+  Max: 35
   Exclude:
     - 'lib/tasks/**/*'
-    - 'lib/mastodon/*_cli.rb'
 
 Metrics/BlockNesting:
   Max: 3
-  Exclude:
-    - 'lib/mastodon/*_cli.rb'
 
 Metrics/ClassLength:
   CountComments: false
-  Max: 400
-  Exclude:
-    - 'lib/mastodon/*_cli.rb'
+  Max: 300
 
 Metrics/CyclomaticComplexity:
   Max: 25
-  Exclude:
-    - 'lib/mastodon/*_cli.rb'
 
-Layout/LineLength:
+Metrics/LineLength:
   AllowURI: true
   Enabled: false
 
 Metrics/MethodLength:
   CountComments: false
-  Max: 65
-  Exclude:
-    - 'lib/mastodon/*_cli.rb'
+  Max: 55
 
 Metrics/ModuleLength:
   CountComments: false
@@ -107,29 +60,21 @@ Metrics/ParameterLists:
   CountKeywordArgs: true
 
 Metrics/PerceivedComplexity:
-  Max: 25
+  Max: 20
 
 Naming/MemoizedInstanceVariableName:
   Enabled: false
 
-Naming/MethodParameterName:
-  Enabled: true
-
 Rails:
   Enabled: true
 
-Rails/ApplicationController:
-  Enabled: false
-  Exclude:
-    - 'app/controllers/well_known/**/*.rb'
-
-Rails/BelongsTo:
+Rails/HasAndBelongsToMany:
   Enabled: false
 
-Rails/ContentTag:
+Rails/SkipsModelValidations:
   Enabled: false
 
-Rails/EnumHash:
+Rails/HttpStatus:
   Enabled: false
 
 Rails/Exit:
@@ -137,60 +82,6 @@ Rails/Exit:
     - 'lib/mastodon/*'
     - 'lib/cli.rb'
 
-Rails/FilePath:
-  Enabled: false
-
-Rails/HasAndBelongsToMany:
-  Enabled: false
-
-Rails/HasManyOrHasOneDependent:
-  Enabled: false
-
-Rails/HelperInstanceVariable:
-  Enabled: false
-
-Rails/HttpStatus:
-  Enabled: false
-
-Rails/IndexBy:
-  Enabled: false
-
-Rails/InverseOf:
-  Enabled: false
-
-Rails/LexicallyScopedActionFilter:
-  Enabled: false
-
-Rails/OutputSafety:
-  Enabled: true
-
-Rails/RakeEnvironment:
-  Enabled: false
-
-Rails/RedundantForeignKey:
-  Enabled: false
-
-Rails/SkipsModelValidations:
-  Enabled: false
-
-Rails/UniqueValidationWithoutIndex:
-  Enabled: false
-
-Style/AccessorGrouping:
-  Enabled: true
-
-Style/AccessModifierDeclarations:
-  Enabled: false
-
-Style/ArrayCoercion:
-  Enabled: true
-
-Style/BisectedAttrAccessor:
-  Enabled: true
-
-Style/CaseLikeIf:
-  Enabled: false
-
 Style/ClassAndModuleChildren:
   Enabled: false
 
@@ -205,51 +96,15 @@ Style/Documentation:
 Style/DoubleNegation:
   Enabled: true
 
-Style/ExpandPathArguments:
-  Enabled: false
-
-Style/ExponentialNotation:
-  Enabled: true
-
-Style/FormatString:
-  Enabled: false
-
-Style/FormatStringToken:
-  Enabled: false
-
 Style/FrozenStringLiteralComment:
   Enabled: true
 
 Style/GuardClause:
   Enabled: false
 
-Style/HashAsLastArrayItem:
-  Enabled: false
-
-Style/HashEachMethods:
-  Enabled: true
-
-Style/HashLikeCase:
-  Enabled: true
-
-Style/HashTransformKeys:
-  Enabled: true
-
-Style/HashTransformValues:
-  Enabled: false
-
-Style/IfUnlessModifier:
-  Enabled: false
-
-Style/InverseMethods:
-  Enabled: false
-
 Style/Lambda:
   Enabled: false
 
-Style/MutableConstant:
-  Enabled: false
-
 Style/PercentLiteralDelimiters:
   PreferredDelimiters:
     '%i': '()'
@@ -258,36 +113,9 @@ Style/PercentLiteralDelimiters:
 Style/PerlBackrefs:
   AutoCorrect: false
 
-Style/RedundantAssignment:
-  Enabled: false
-
-Style/RedundantFetchBlock:
-  Enabled: true
-
-Style/RedundantFileExtensionInRequire:
-  Enabled: true
-
-Style/RedundantRegexpCharacterClass:
-  Enabled: false
-
-Style/RedundantRegexpEscape:
-  Enabled: false
-
-Style/RedundantReturn:
-  Enabled: true
-
 Style/RegexpLiteral:
   Enabled: false
 
-Style/RescueStandardError:
-  Enabled: false
-
-Style/SignalException:
-  Enabled: false
-
-Style/SlicingWithRange:
-  Enabled: true
-
 Style/SymbolArray:
   Enabled: false
 
@@ -296,6 +124,3 @@ Style/TrailingCommaInArrayLiteral:
 
 Style/TrailingCommaInHashLiteral:
   EnforcedStyleForMultiline: 'comma'
-
-Style/UnpackFirst:
-  Enabled: false

.ruby-version

@@ -1 +1 @@
-2.7.2
+2.6.1

.sass-lint.yml

@@ -1,37 +0,0 @@
-# Linter Documentation:
-# https://github.com/sasstools/sass-lint/tree/v1.13.1/docs/options
-
-files:
-  include: app/javascript/styles/**/*.scss
-  ignore:
-    - app/javascript/styles/mastodon/reset.scss
-
-rules:
-  # Disallows
-  no-color-literals: 0
-  no-css-comments: 0
-  no-duplicate-properties: 0
-  no-ids: 0
-  no-important: 0
-  no-mergeable-selectors: 0
-  no-misspelled-properties: 0
-  no-qualifying-elements: 0
-  no-transition-all: 0
-  no-vendor-prefixes: 0
-
-  # Nesting
-  force-element-nesting: 0
-  force-attribute-nesting: 0
-  force-pseudo-nesting: 0
-
-  # Name Formats
-  class-name-format: 0
-  leading-zero: 0
-
-  # Style Guide
-  attribute-quotes: 0
-  hex-length: 0
-  indentation: 0
-  nesting-depth: 0
-  property-sort-order: 0
-  quotes: 0

.scss-lint.yml

@@ -0,0 +1,264 @@
+# Linter Documentation:
+# https://github.com/brigade/scss-lint/blob/v0.42.2/lib/scss_lint/linter/README.md
+
+scss_files: 'app/javascript/styles/**/*.scss'
+
+exclude:
+  - app/javascript/styles/reset.scss
+
+linters:
+  # Reports when you use improper spacing around ! (the "bang") in !default,
+  # !global, !important, and !optional flags.
+  BangFormat:
+    enabled: false
+
+  # Whether or not to prefer `border: 0` over `border: none`.
+  BorderZero:
+    enabled: false
+
+  # Reports when you define a rule set using a selector with chained classes
+  # (a.k.a. adjoining classes).
+  ChainedClasses:
+    enabled: false
+
+  # Prefer hexadecimal color codes over color keywords.
+  # (e.g. `color: green` is a color keyword)
+  ColorKeyword:
+    enabled: false
+
+  # Prefer color literals (keywords or hexadecimal codes) to be used only in
+  # variable declarations. They should be referred to via variables everywhere
+  # else.
+  ColorVariable:
+    enabled: true
+
+  # Which form of comments to prefer in CSS.
+  Comment:
+    enabled: false
+
+  # Reports @debug statements (which you probably left behind accidentally).
+  DebugStatement:
+    enabled: false
+
+  # Rule sets should be ordered as follows:
+  # - @extend declarations
+  # - @include declarations without inner @content
+  # - properties, @include declarations with inner @content
+  # - nested rule sets.
+  DeclarationOrder:
+    enabled: false
+
+  # `scss-lint:disable` control comments should be preceded by a comment
+  # explaining why these linters are being disabled for this file.
+  # See https://github.com/brigade/scss-lint#disabling-linters-via-source for
+  # more information.
+  DisableLinterReason:
+    enabled: true
+
+  # Reports when you define the same property twice in a single rule set.
+  DuplicateProperty:
+    enabled: false
+
+  # Separate rule, function, and mixin declarations with empty lines.
+  EmptyLineBetweenBlocks:
+    enabled: true
+
+  # Reports when you have an empty rule set.
+  EmptyRule:
+    enabled: true
+
+  # Reports when you have an @extend directive.
+  ExtendDirective:
+    enabled: false
+
+  # Files should always have a final newline. This results in better diffs
+  # when adding lines to the file, since SCM systems such as git won't
+  # think that you touched the last line.
+  FinalNewline:
+    enabled: false
+
+  # HEX colors should use three-character values where possible.
+  HexLength:
+    enabled: false
+
+  # HEX color values should use lower-case colors to differentiate between
+  # letters and numbers, e.g. `#E3E3E3` vs. `#e3e3e3`.
+  HexNotation:
+    enabled: true
+
+  # Avoid using ID selectors.
+  IdSelector:
+    enabled: false
+
+  # The basenames of @imported SCSS partials should not begin with an
+  # underscore and should not include the filename extension.
+  ImportPath:
+    enabled: false
+
+  # Avoid using !important in properties. It is usually indicative of a
+  # misunderstanding of CSS specificity and can lead to brittle code.
+  ImportantRule:
+    enabled: false
+
+  # Indentation should always be done in increments of 2 spaces.
+  Indentation:
+    enabled: true
+    width: 2
+
+  # Don't write leading zeros for numeric values with a decimal point.
+  LeadingZero:
+    enabled: false
+
+  # Reports when you define the same selector twice in a single sheet.
+  MergeableSelector:
+    enabled: false
+
+  # Functions, mixins, variables, and placeholders should be declared
+  # with all lowercase letters and hyphens instead of underscores.
+  NameFormat:
+    enabled: false
+
+  # Avoid nesting selectors too deeply.
+  NestingDepth:
+    enabled: false
+
+  # Always use placeholder selectors in @extend.
+  PlaceholderInExtend:
+    enabled: false
+
+  # Sort properties in a strict order.
+  PropertySortOrder:
+    enabled: false
+
+  # Reports when you use an unknown or disabled CSS property
+  # (ignoring vendor-prefixed properties).
+  PropertySpelling:
+    enabled: false
+
+  # Configure which units are allowed for property values.
+  PropertyUnits:
+    enabled: false
+
+  # Pseudo-elements, like ::before, and ::first-letter, should be declared
+  # with two colons. Pseudo-classes, like :hover and :first-child, should
+  # be declared with one colon.
+  PseudoElement:
+    enabled: true
+
+  # Avoid qualifying elements in selectors (also known as "tag-qualifying").
+  QualifyingElement:
+    enabled: false
+
+  # Don't write selectors with a depth of applicability greater than 3.
+  SelectorDepth:
+    enabled: false
+
+  # Selectors should always use hyphenated-lowercase, rather than camelCase or
+  # snake_case.
+  SelectorFormat:
+    enabled: false
+    convention: hyphenated_lowercase
+
+  # Prefer the shortest shorthand form possible for properties that support it.
+  Shorthand:
+    enabled: true
+
+  # Each property should have its own line, except in the special case of
+  # single line rulesets.
+  SingleLinePerProperty:
+    enabled: true
+    allow_single_line_rule_sets: true
+
+  # Split selectors onto separate lines after each comma, and have each
+  # individual selector occupy a single line.
+  SingleLinePerSelector:
+    enabled: true
+
+  # Commas in lists should be followed by a space.
+  SpaceAfterComma:
+    enabled: false
+
+  # Properties should be formatted with a single space separating the colon
+  # from the property's value.
+  SpaceAfterPropertyColon:
+    enabled: true
+
+  # Properties should be formatted with no space between the name and the
+  # colon.
+  SpaceAfterPropertyName:
+    enabled: true
+
+  # Variables should be formatted with a single space separating the colon
+  # from the variable's value.
+  SpaceAfterVariableColon:
+    enabled: true
+
+  # Variables should be formatted with no space between the name and the
+  # colon.
+  SpaceAfterVariableName:
+    enabled: false
+
+  # Operators should be formatted with a single space on both sides of an
+  # infix operator.
+  SpaceAroundOperator:
+    enabled: true
+
+  # Opening braces should be preceded by a single space.
+  SpaceBeforeBrace:
+    enabled: true
+
+  # Parentheses should not be padded with spaces.
+  SpaceBetweenParens:
+    enabled: false
+
+  # Enforces that string literals should be written with a consistent form
+  # of quotes (single or double).
+  StringQuotes:
+    enabled: false
+
+  # Property values, @extend, @include, and @import directives, and variable
+  # declarations should always end with a semicolon.
+  TrailingSemicolon:
+    enabled: true
+
+  # Reports lines containing trailing whitespace.
+  TrailingWhitespace:
+    enabled: true
+
+  # Don't write trailing zeros for numeric values with a decimal point.
+  TrailingZero:
+    enabled: false
+
+  # Don't use the `all` keyword to specify transition properties.
+  TransitionAll:
+    enabled: false
+
+  # Numeric values should not contain unnecessary fractional portions.
+  UnnecessaryMantissa:
+    enabled: false
+
+  # Do not use parent selector references (&) when they would otherwise
+  # be unnecessary.
+  UnnecessaryParentReference:
+    enabled: false
+
+  # URLs should be valid and not contain protocols or domain names.
+  UrlFormat:
+    enabled: true
+
+  # URLs should always be enclosed within quotes.
+  UrlQuotes:
+    enabled: true
+
+  # Properties, like color and font, are easier to read and maintain
+  # when defined using variables rather than literals.
+  VariableForProperty:
+    enabled: false
+
+  # Avoid vendor prefixes. Or rather: don't write them yourself.
+  VendorPrefix:
+    enabled: false
+
+  # Omit length units on zero values, e.g. `0px` vs. `0`.
+  ZeroUnit:
+    enabled: true

.yarnclean

@@ -43,4 +43,4 @@ Gruntfile.js
 
 # for specific ignore
 !.svgo.yml
-!sass-lint/**/*.yml
+

Aptfile

@@ -5,6 +5,7 @@ libidn11
 libidn11-dev
 libpq-dev
 libprotobuf-dev
+libssl-dev
 libxdamage1
 libxfixes3
 protobuf-compiler

CONTRIBUTING.md

@@ -14,13 +14,13 @@ If your contributions are accepted into Mastodon, you can request to be paid thr
 
 ## Bug reports
 
-Bug reports and feature suggestions must use descriptive and concise titles and be submitted to [GitHub Issues](https://github.com/tootsuite/mastodon/issues). Please use the search function to make sure that you are not submitting duplicates, and that a similar report or request has not already been resolved or rejected.
+Bug reports and feature suggestions can be submitted to [GitHub Issues](https://github.com/tootsuite/mastodon/issues). Please make sure that you are not submitting duplicates, and that a similar report or request has not already been resolved or rejected in the past using the search function. Please also use descriptive, concise titles.
 
 ## Translations
 
-You can submit translations via [Crowdin](https://crowdin.com/project/mastodon). They are periodically merged into the codebase.
+You can submit translations via [Weblate](https://weblate.joinmastodon.org/). They are periodically merged into the codebase.
 
-[![Crowdin](https://d322cqt584bo4o.cloudfront.net/mastodon/localized.svg)](https://crowdin.com/project/mastodon)
+[![Mastodon translation statistics by language](https://weblate.joinmastodon.org/widgets/mastodon/-/multi-auto.svg)](https://weblate.joinmastodon.org/)
 
 ## Pull requests
 

Dockerfile

@@ -1,34 +1,26 @@
-FROM ubuntu:20.04 as build-dep
+FROM ubuntu:18.04 as build-dep
 
 # Use bash for the shell
 SHELL ["bash", "-c"]
 
-# Install Node v12 (LTS)
-ENV NODE_VER="12.20.0"
-RUN ARCH= && \
-    dpkgArch="$(dpkg --print-architecture)" && \
-  case "${dpkgArch##*-}" in \
-    amd64) ARCH='x64';; \
-    ppc64el) ARCH='ppc64le';; \
-    s390x) ARCH='s390x';; \
-    arm64) ARCH='arm64';; \
-    armhf) ARCH='armv7l';; \
-    i386) ARCH='x86';; \
-    *) echo "unsupported architecture"; exit 1 ;; \
-  esac && \
-    echo "Etc/UTC" > /etc/localtime && \
+# Install Node
+ENV NODE_VER="8.15.0"
+RUN	echo "Etc/UTC" > /etc/localtime && \
 	apt update && \
-	apt -y install wget python && \
+	apt -y dist-upgrade && \
+	apt -y install wget make gcc g++ python && \
 	cd ~ && \
-	wget https://nodejs.org/download/release/v$NODE_VER/node-v$NODE_VER-linux-$ARCH.tar.gz && \
-	tar xf node-v$NODE_VER-linux-$ARCH.tar.gz && \
-	rm node-v$NODE_VER-linux-$ARCH.tar.gz && \
-	mv node-v$NODE_VER-linux-$ARCH /opt/node
+	wget https://nodejs.org/download/release/v$NODE_VER/node-v$NODE_VER.tar.gz && \
+	tar xf node-v$NODE_VER.tar.gz && \
+	cd node-v$NODE_VER && \
+	./configure --prefix=/opt/node && \
+	make -j$(nproc) > /dev/null && \
+	make install
 
 # Install jemalloc
-ENV JE_VER="5.2.1"
+ENV JE_VER="5.1.0"
 RUN apt update && \
-	apt -y install make autoconf gcc g++ && \
+	apt -y install autoconf && \
 	cd ~ && \
 	wget https://github.com/jemalloc/jemalloc/archive/$JE_VER.tar.gz && \
 	tar xf $JE_VER.tar.gz && \
@@ -36,11 +28,10 @@ RUN apt update && \
 	./autogen.sh && \
 	./configure --prefix=/opt/jemalloc && \
 	make -j$(nproc) > /dev/null && \
-	make install_bin install_include install_lib && \
-	cd .. && rm -rf jemalloc-$JE_VER $JE_VER.tar.gz
+	make install_bin install_include install_lib
 
-# Install Ruby
-ENV RUBY_VER="2.7.2"
+# Install ruby
+ENV RUBY_VER="2.6.1"
 ENV CPPFLAGS="-I/opt/jemalloc/include"
 ENV LDFLAGS="-L/opt/jemalloc/lib/"
 RUN apt update && \
@@ -57,8 +48,7 @@ RUN apt update && \
 	  --disable-install-doc && \
 	ln -s /opt/jemalloc/lib/* /usr/lib/ && \
 	make -j$(nproc) > /dev/null && \
-	make install && \
-	cd .. && rm -rf ruby-$RUBY_VER.tar.gz ruby-$RUBY_VER
+	make install
 
 ENV PATH="${PATH}:/opt/ruby/bin:/opt/node/bin"
 
@@ -71,12 +61,10 @@ RUN npm install -g yarn && \
 COPY Gemfile* package.json yarn.lock /opt/mastodon/
 
 RUN cd /opt/mastodon && \
-  bundle config set deployment 'true' && \
-  bundle config set without 'development test' && \
-	bundle install -j$(nproc) && \
+	bundle install -j$(nproc) --deployment --without development test && \
 	yarn install --pure-lockfile
 
-FROM ubuntu:20.04
+FROM ubuntu:18.04
 
 # Copy over all the langs needed for runtime
 COPY --from=build-dep /opt/node /opt/node
@@ -92,43 +80,40 @@ ARG GID=991
 RUN apt update && \
 	echo "Etc/UTC" > /etc/localtime && \
 	ln -s /opt/jemalloc/lib/* /usr/lib/ && \
+	apt -y dist-upgrade && \
 	apt install -y whois wget && \
 	addgroup --gid $GID mastodon && \
 	useradd -m -u $UID -g $GID -d /opt/mastodon mastodon && \
 	echo "mastodon:`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 | mkpasswd -s -m sha-256`" | chpasswd
 
-# Install mastodon runtime deps
+# Install masto runtime deps
 RUN apt -y --no-install-recommends install \
 	  libssl1.1 libpq5 imagemagick ffmpeg \
-	  libicu66 libprotobuf17 libidn11 libyaml-0-2 \
-	  file ca-certificates tzdata libreadline8 && \
+	  libicu60 libprotobuf10 libidn11 libyaml-0-2 \
+	  file ca-certificates tzdata libreadline7 && \
 	apt -y install gcc && \
 	ln -s /opt/mastodon /mastodon && \
 	gem install bundler && \
 	rm -rf /var/cache && \
-	rm -rf /var/lib/apt/lists/*
+	rm -rf /var/lib/apt
 
 # Add tini
-ENV TINI_VERSION="0.19.0"
-RUN dpkgArch="$(dpkg --print-architecture)" && \
-	ARCH=$dpkgArch && \
-	wget https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$ARCH \
-	https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$ARCH.sha256sum && \
-	cat tini-$ARCH.sha256sum | sha256sum -c - && \
-	mv tini-$ARCH /tini && rm tini-$ARCH.sha256sum && \
-	chmod +x /tini
+ENV TINI_VERSION="0.18.0"
+ENV TINI_SUM="12d20136605531b09a2c2dac02ccee85e1b874eb322ef6baf7561cd93f93c855"
+ADD https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini /tini
+RUN echo "$TINI_SUM tini" | sha256sum -c -
+RUN chmod +x /tini
 
-# Copy over mastodon source, and dependencies from building, and set permissions
+# Copy over masto source, and dependencies from building, and set permissions
 COPY --chown=mastodon:mastodon . /opt/mastodon
 COPY --from=build-dep --chown=mastodon:mastodon /opt/mastodon /opt/mastodon
 
-# Run mastodon services in prod mode
+# Run masto services in prod mode
 ENV RAILS_ENV="production"
 ENV NODE_ENV="production"
 
 # Tell rails to serve static files
 ENV RAILS_SERVE_STATIC_FILES="true"
-ENV BIND="0.0.0.0"
 
 # Set the run user
 USER mastodon
@@ -141,4 +126,3 @@ RUN cd ~ && \
 # Set the work dir and the container entry point
 WORKDIR /opt/mastodon
 ENTRYPOINT ["/tini", "--"]
-EXPOSE 3000 4000

Gemfile

@@ -1,23 +1,21 @@
 # frozen_string_literal: true
 
 source 'https://rubygems.org'
-ruby '>= 2.5.0', '< 3.0.0'
+ruby '>= 2.4.0', '< 2.7.0'
 
-gem 'pkg-config', '~> 1.4'
+gem 'pkg-config', '~> 1.3'
 
-gem 'puma', '~> 5.0'
-gem 'rails', '~> 5.2.4.4'
-gem 'sprockets', '~> 3.7.2'
-gem 'thor', '~> 1.0'
-gem 'rack', '~> 2.2.3'
+gem 'puma', '~> 3.12'
+gem 'rails', '~> 5.2.3'
+gem 'thor', '~> 0.20'
 
 gem 'hamlit-rails', '~> 0.2'
-gem 'pg', '~> 1.2'
+gem 'pg', '~> 1.1'
 gem 'makara', '~> 0.4'
-gem 'pghero', '~> 2.7'
+gem 'pghero', '~> 2.2'
 gem 'dotenv-rails', '~> 2.7'
 
-gem 'aws-sdk-s3', '~> 1.85', require: false
+gem 'aws-sdk-s3', '~> 1.36', require: false
 gem 'fog-core', '<= 2.1.0'
 gem 'fog-openstack', '~> 0.3', require: false
 gem 'paperclip', '~> 6.0'
@@ -26,90 +24,83 @@ gem 'streamio-ffmpeg', '~> 3.0'
 gem 'blurhash', '~> 0.1'
 
 gem 'active_model_serializers', '~> 0.10'
-gem 'addressable', '~> 2.7'
-gem 'bootsnap', '~> 1.5', require: false
+gem 'addressable', '~> 2.6'
+gem 'bootsnap', '~> 1.4', require: false
 gem 'browser'
-gem 'charlock_holmes', '~> 0.7.7'
+gem 'charlock_holmes', '~> 0.7.6'
 gem 'iso-639'
-gem 'chewy', '~> 5.1'
-gem 'cld3', '~> 3.3.0'
-gem 'devise', '~> 4.7'
-gem 'devise-two-factor', '~> 3.1'
+gem 'chewy', '~> 5.0'
+gem 'cld3', '~> 3.2.4'
+gem 'devise', '~> 4.6'
+gem 'devise-two-factor', '~> 3.0'
 
 group :pam_authentication, optional: true do
   gem 'devise_pam_authenticatable2', '~> 9.2'
 end
 
-gem 'net-ldap', '~> 0.16'
-gem 'omniauth-cas', '~> 2.0'
+gem 'net-ldap', '~> 0.10'
+gem 'omniauth-cas', '~> 1.1'
 gem 'omniauth-saml', '~> 1.10'
 gem 'omniauth', '~> 1.9'
-gem 'omniauth-rails_csrf_protection', '~> 0.1'
 
-gem 'color_diff', '~> 0.1'
-gem 'discard', '~> 1.2'
-gem 'doorkeeper', '~> 5.4'
-gem 'ed25519', '~> 1.2'
+gem 'doorkeeper', '~> 5.1'
 gem 'fast_blank', '~> 1.0'
 gem 'fastimage'
+gem 'goldfinger', '~> 2.1'
 gem 'hiredis', '~> 0.6'
-gem 'redis-namespace', '~> 1.8'
-gem 'health_check', git: 'https://github.com/ianheggie/health_check', ref: '0b799ead604f900ed50685e9b2d469cd2befba5b'
+gem 'redis-namespace', '~> 1.5'
 gem 'htmlentities', '~> 4.3'
-gem 'http', '~> 4.4'
+gem 'http', '~> 3.3'
 gem 'http_accept_language', '~> 2.1'
-gem 'httplog', '~> 1.4.3'
+gem 'http_parser.rb', '~> 0.6', git: 'https://github.com/tmm1/http_parser.rb', ref: '54b17ba8c7d8d20a16dfc65d1775241833219cf2'
+gem 'httplog', '~> 1.2'
 gem 'idn-ruby', require: 'idn'
-gem 'kaminari', '~> 1.2'
+gem 'kaminari', '~> 1.1'
 gem 'link_header', '~> 0.0'
-gem 'mime-types', '~> 3.3.1', require: 'mime/types/columnar'
-gem 'nilsimsa', git: 'https://github.com/witgo/nilsimsa', ref: 'fd184883048b922b176939f851338d0a4971a532'
+gem 'mime-types', '~> 3.2', require: 'mime/types/columnar'
 gem 'nokogiri', '~> 1.10'
 gem 'nsa', '~> 0.2'
-gem 'oj', '~> 3.10'
-gem 'ox', '~> 2.13'
-gem 'parslet'
-gem 'parallel', '~> 1.20'
-gem 'posix-spawn'
-gem 'pundit', '~> 2.1'
+gem 'oj', '~> 3.7'
+gem 'ostatus2', '~> 2.0'
+gem 'ox', '~> 2.10'
+gem 'posix-spawn', git: 'https://github.com/rtomayko/posix-spawn', ref: '58465d2e213991f8afb13b984854a49fcdcc980c'
+gem 'pundit', '~> 2.0'
 gem 'premailer-rails'
-gem 'rack-attack', '~> 6.3'
-gem 'rack-cors', '~> 1.1', require: 'rack/cors'
+gem 'rack-attack', '~> 6.0'
+gem 'rack-cors', '~> 1.0', require: 'rack/cors'
 gem 'rails-i18n', '~> 5.1'
 gem 'rails-settings-cached', '~> 0.6'
-gem 'redis', '~> 4.2', require: ['redis', 'redis/connection/hiredis']
+gem 'redis', '~> 4.1', require: ['redis', 'redis/connection/hiredis']
 gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
-gem 'rqrcode', '~> 1.1'
-gem 'ruby-progressbar', '~> 1.10'
-gem 'sanitize', '~> 5.2'
-gem 'scenic', '~> 1.5'
-gem 'sidekiq', '~> 6.1'
+gem 'rqrcode', '~> 0.10'
+gem 'sanitize', '~> 5.0'
+gem 'sidekiq', '~> 5.2'
 gem 'sidekiq-scheduler', '~> 3.0'
 gem 'sidekiq-unique-jobs', '~> 6.0'
 gem 'sidekiq-bulk', '~>0.2.0'
-gem 'simple-navigation', '~> 4.1'
-gem 'simple_form', '~> 5.0'
+gem 'simple-navigation', '~> 4.0'
+gem 'simple_form', '~> 4.1'
 gem 'sprockets-rails', '~> 3.2', require: 'sprockets/railtie'
-gem 'stoplight', '~> 2.2.1'
-gem 'strong_migrations', '~> 0.7'
-gem 'tty-prompt', '~> 0.22', require: false
+gem 'stoplight', '~> 2.1.3'
+gem 'strong_migrations', '~> 0.3'
+gem 'tty-command', '~> 0.8', require: false
+gem 'tty-prompt', '~> 0.18', require: false
 gem 'twitter-text', '~> 1.14'
-gem 'tzinfo-data', '~> 1.2020'
-gem 'webpacker', '~> 5.2'
+gem 'tzinfo-data', '~> 1.2019'
+gem 'webpacker', '~> 4.0'
 gem 'webpush'
-gem 'webauthn', '~> 3.0.0.alpha1'
 
-gem 'json-ld'
-gem 'json-ld-preloaded', '~> 3.1'
-gem 'rdf-normalize', '~> 0.4'
+gem 'json-ld', '~> 3.0'
+gem 'json-ld-preloaded', '~> 3.0'
+gem 'rdf-normalize', '~> 0.3'
 
 group :development, :test do
-  gem 'fabrication', '~> 2.21'
-  gem 'fuubar', '~> 2.5'
+  gem 'fabrication', '~> 2.20'
+  gem 'fuubar', '~> 2.3'
   gem 'i18n-tasks', '~> 0.9', require: false
-  gem 'pry-byebug', '~> 3.9'
+  gem 'pry-byebug', '~> 3.7'
   gem 'pry-rails', '~> 0.3'
-  gem 'rspec-rails', '~> 4.0'
+  gem 'rspec-rails', '~> 3.8'
 end
 
 group :production, :test do
@@ -117,37 +108,37 @@ group :production, :test do
 end
 
 group :test do
-  gem 'capybara', '~> 3.33'
+  gem 'capybara', '~> 3.18'
   gem 'climate_control', '~> 0.2'
-  gem 'faker', '~> 2.14'
-  gem 'microformats', '~> 4.2'
+  gem 'faker', '~> 1.9'
+  gem 'microformats', '~> 4.1'
   gem 'rails-controller-testing', '~> 1.0'
-  gem 'rspec-sidekiq', '~> 3.1'
-  gem 'simplecov', '~> 0.19', require: false
-  gem 'webmock', '~> 3.10'
-  gem 'parallel_tests', '~> 3.4'
-  gem 'rspec_junit_formatter', '~> 0.4'
+  gem 'rspec-sidekiq', '~> 3.0'
+  gem 'simplecov', '~> 0.16', require: false
+  gem 'webmock', '~> 3.5'
+  gem 'parallel_tests', '~> 2.28'
 end
 
 group :development do
-  gem 'active_record_query_trace', '~> 1.8'
-  gem 'annotate', '~> 3.1'
-  gem 'better_errors', '~> 2.9'
+  gem 'active_record_query_trace', '~> 1.6'
+  gem 'annotate', '~> 2.7'
+  gem 'better_errors', '~> 2.5'
   gem 'binding_of_caller', '~> 0.7'
-  gem 'bullet', '~> 6.1'
+  gem 'bullet', '~> 6.0'
   gem 'letter_opener', '~> 1.7'
-  gem 'letter_opener_web', '~> 1.4'
+  gem 'letter_opener_web', '~> 1.3'
   gem 'memory_profiler'
-  gem 'rubocop', '~> 1.3', require: false
-  gem 'rubocop-rails', '~> 2.8', require: false
-  gem 'brakeman', '~> 4.10', require: false
-  gem 'bundler-audit', '~> 0.7', require: false
+  gem 'rubocop', '~> 0.68', require: false
+  gem 'brakeman', '~> 4.5', require: false
+  gem 'bundler-audit', '~> 0.6', require: false
+  gem 'scss_lint', '~> 0.58', require: false
 
-  gem 'capistrano', '~> 3.14'
-  gem 'capistrano-rails', '~> 1.6'
-  gem 'capistrano-rbenv', '~> 2.2'
+  gem 'capistrano', '~> 3.11'
+  gem 'capistrano-rails', '~> 1.4'
+  gem 'capistrano-rbenv', '~> 2.1'
   gem 'capistrano-yarn', '~> 2.0'
 
+  gem 'derailed_benchmarks'
   gem 'stackprof'
 end
 
@@ -157,7 +148,3 @@ group :production do
 end
 
 gem 'concurrent-ruby', require: false
-gem 'connection_pool', require: false
-
-gem 'xorcist', '~> 1.1'
-gem 'pluck_each', '~> 0.1.3'

Procfile

@@ -1,14 +1,2 @@
-web: bin/heroku-web
+web: bundle exec puma -C config/puma.rb
 worker: bundle exec sidekiq
-
-# For the streaming API, you need a separate app that shares Postgres and Redis:
-#
-# heroku create
-# heroku buildpacks:add heroku/nodejs
-# heroku config:set RUN_STREAMING=true
-# heroku addons:attach <main-app>::DATABASE
-# heroku addons:attach <main-app>::REDIS
-#
-# and let the main app use the separate app:
-#
-# heroku config:set STREAMING_API_BASE_URL=wss://<streaming-app>.herokuapp.com -a <main-app>

README.md

@@ -4,16 +4,16 @@
 [![GitHub release](https://img.shields.io/github/release/tootsuite/mastodon.svg)][releases]
 [![Build Status](https://img.shields.io/circleci/project/github/tootsuite/mastodon.svg)][circleci]
 [![Code Climate](https://img.shields.io/codeclimate/maintainability/tootsuite/mastodon.svg)][code_climate]
-[![Crowdin](https://d322cqt584bo4o.cloudfront.net/mastodon/localized.svg)][crowdin]
+[![Translation status](https://weblate.joinmastodon.org/widgets/mastodon/-/svg-badge.svg)][weblate]
 [![Docker Pulls](https://img.shields.io/docker/pulls/tootsuite/mastodon.svg)][docker]
 
 [releases]: https://github.com/tootsuite/mastodon/releases
 [circleci]: https://circleci.com/gh/tootsuite/mastodon
 [code_climate]: https://codeclimate.com/github/tootsuite/mastodon
-[crowdin]: https://crowdin.com/project/mastodon
+[weblate]: https://weblate.joinmastodon.org/engage/mastodon/
 [docker]: https://hub.docker.com/r/tootsuite/mastodon/
 
-Mastodon is a **free, open-source social network server** based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, video. All Mastodon servers are interoperable as a federated network (users on one server can seamlessly communicate with users from another one, including non-Mastodon software that implements ActivityPub)!
+Mastodon is a **free, open-source social network server** based on ActivityPub. Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. All servers of Mastodon are interoperable as a federated network, i.e. users on one server can seamlessly communicate with users from another one. This includes non-Mastodon software that also implements ActivityPub!
 
 Click below to **learn more** in a video:
 
@@ -55,7 +55,7 @@ Private posts, locked accounts, phrase filtering, muting, blocking and all sorts
 
 **OAuth2 and a straightforward REST API**
 
-Mastodon acts as an OAuth2 provider so 3rd party apps can use the REST and Streaming APIs, resulting in a rich app ecosystem with a lot of choices!
+Mastodon acts as an OAuth2 provider so 3rd party apps can use the REST and Streaming APIs, resulting in a rich app ecosystem with a lot of choice!
 
 ## Deployment
 
@@ -68,25 +68,25 @@ Mastodon acts as an OAuth2 provider so 3rd party apps can use the REST and Strea
 **Requirements:**
 
 - **PostgreSQL** 9.5+
-- **Redis** 4+
-- **Ruby** 2.5+
-- **Node.js** 10.13+
+- **Redis**
+- **Ruby** 2.4+
+- **Node.js** 8+
 
-The repository includes deployment configurations for **Docker and docker-compose**, but also a few specific platforms like **Heroku**, **Scalingo**, and **Nanobox**. The [**stand-alone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the documentation.
+The repository includes deployment configurations for **Docker and docker-compose**, but also a few specific platforms like **Heroku**, **Scalingo**, and **Nanobox**. The [**stand-alone** installation guide](https://docs.joinmastodon.org/administration/installation/) is available in the documentation.
 
 A **Vagrant** configuration is included for development purposes.
 
 ## Contributing
 
-Mastodon is **free, open-source software** licensed under **AGPLv3**.
+Mastodon is **free, open source software** licensed under **AGPLv3**.
 
-You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository, or submit translations using Crowdin. To get started, take a look at [CONTRIBUTING.md](CONTRIBUTING.md). If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
+You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository, or submit translations using Weblate. To get started, take a look at [CONTRIBUTING.md](CONTRIBUTING.md). If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
 
 **IRC channel**: #mastodon on irc.freenode.net
 
 ## License
 
-Copyright (C) 2016-2020 Eugen Rochko & other Mastodon contributors (see [AUTHORS.md](AUTHORS.md))
+Copyright (C) 2016-2019 Eugen Rochko & other Mastodon contributors (see [AUTHORS.md](AUTHORS.md))
 
 This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
 

SECURITY.md

@@ -1,12 +0,0 @@
-# Security Policy
-
-## Supported Versions
-
-| Version | Supported          |
-| ------- | ------------------ |
-| 3.1.x   | :white_check_mark: |
-| < 3.1   | :x:                |
-
-## Reporting a Vulnerability
-
-hello@joinmastodon.org

Vagrantfile

@@ -12,7 +12,7 @@ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
 sudo apt-add-repository 'deb https://dl.yarnpkg.com/debian/ stable main'
 
 # Add repo for NodeJS
-curl -sL https://deb.nodesource.com/setup_10.x | sudo bash -
+curl -sL https://deb.nodesource.com/setup_8.x | sudo bash -
 
 # Add firewall rule to redirect 80 to PORT and save
 sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port #{ENV["PORT"]}
@@ -91,7 +91,7 @@ VAGRANTFILE_API_VERSION = "2"
 
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 
-  config.vm.box = "ubuntu/bionic64"
+  config.vm.box = "ubuntu/xenial64"
 
   config.vm.provider :virtualbox do |vb|
     vb.name = "mastodon"

app.json

@@ -13,6 +13,15 @@
       "description": "The domain that your Mastodon instance will run on (this can be appname.herokuapp.com or a custom domain)",
       "required": true
     },
+    "LOCAL_HTTPS": {
+      "description": "Will your domain support HTTPS? (Automatic for herokuapp, requires manual configuration for custom domains)",
+      "value": "false",
+      "required": true
+    },
+    "PAPERCLIP_SECRET": {
+      "description": "The secret key for storing media files",
+      "generator": "secret"
+    },
     "SECRET_KEY_BASE": {
       "description": "The secret key base",
       "generator": "secret"
@@ -88,6 +97,9 @@
     {
       "url": "https://github.com/heroku/heroku-buildpack-apt"
     },
+    {
+      "url": "heroku/nodejs"
+    },
     {
       "url": "heroku/ruby"
     }

app/chewy/accounts_index.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-class AccountsIndex < Chewy::Index
-  settings index: { refresh_interval: '5m' }, analysis: {
-    analyzer: {
-      content: {
-        tokenizer: 'whitespace',
-        filter: %w(lowercase asciifolding cjk_width),
-      },
-
-      edge_ngram: {
-        tokenizer: 'edge_ngram',
-        filter: %w(lowercase asciifolding cjk_width),
-      },
-    },
-
-    tokenizer: {
-      edge_ngram: {
-        type: 'edge_ngram',
-        min_gram: 1,
-        max_gram: 15,
-      },
-    },
-  }
-
-  define_type ::Account.searchable.includes(:account_stat), delete_if: ->(account) { account.destroyed? || !account.searchable? } do
-    root date_detection: false do
-      field :id, type: 'long'
-
-      field :display_name, type: 'text', analyzer: 'content' do
-        field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
-      end
-
-      field :acct, type: 'text', analyzer: 'content', value: ->(account) { [account.username, account.domain].compact.join('@') } do
-        field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
-      end
-
-      field :following_count, type: 'long', value: ->(account) { account.following.local.count }
-      field :followers_count, type: 'long', value: ->(account) { account.followers.local.count }
-      field :last_status_at, type: 'date', value: ->(account) { account.last_status_at || account.created_at }
-    end
-  end
-end

app/chewy/statuses_index.rb

@@ -31,24 +31,19 @@ class StatusesIndex < Chewy::Index
     },
   }
 
-  define_type ::Status.unscoped.kept.without_reblogs.includes(:media_attachments, :preloadable_poll) do
+  define_type ::Status.unscoped.without_reblogs.includes(:media_attachments) do
     crutch :mentions do |collection|
-      data = ::Mention.where(status_id: collection.map(&:id)).where(account: Account.local, silent: false).pluck(:status_id, :account_id)
+      data = ::Mention.where(status_id: collection.map(&:id)).pluck(:status_id, :account_id)
       data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
     end
 
     crutch :favourites do |collection|
-      data = ::Favourite.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
+      data = ::Favourite.where(status_id: collection.map(&:id)).pluck(:status_id, :account_id)
       data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
     end
 
     crutch :reblogs do |collection|
-      data = ::Status.where(reblog_of_id: collection.map(&:id)).where(account: Account.local).pluck(:reblog_of_id, :account_id)
-      data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
-    end
-
-    crutch :bookmarks do |collection|
-      data = ::Bookmark.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
+      data = ::Status.where(reblog_of_id: collection.map(&:id)).pluck(:reblog_of_id, :account_id)
       data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
     end
 
@@ -56,7 +51,7 @@ class StatusesIndex < Chewy::Index
       field :id, type: 'long'
       field :account_id, type: 'long'
 
-      field :text, type: 'text', value: ->(status) { [status.spoiler_text, Formatter.instance.plaintext(status)].concat(status.media_attachments.map(&:description)).concat(status.preloadable_poll ? status.preloadable_poll.options : []).join("\n\n") } do
+      field :text, type: 'text', value: ->(status) { [status.spoiler_text, Formatter.instance.plaintext(status)].concat(status.media_attachments.map(&:description)).join("\n\n") } do
         field :stemmed, type: 'text', analyzer: 'content'
       end
 

app/chewy/tags_index.rb

@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-
-class TagsIndex < Chewy::Index
-  settings index: { refresh_interval: '15m' }, analysis: {
-    analyzer: {
-      content: {
-        tokenizer: 'keyword',
-        filter: %w(lowercase asciifolding cjk_width),
-      },
-
-      edge_ngram: {
-        tokenizer: 'edge_ngram',
-        filter: %w(lowercase asciifolding cjk_width),
-      },
-    },
-
-    tokenizer: {
-      edge_ngram: {
-        type: 'edge_ngram',
-        min_gram: 2,
-        max_gram: 15,
-      },
-    },
-  }
-
-  define_type ::Tag.listable, delete_if: ->(tag) { tag.destroyed? || !tag.listable? } do
-    root date_detection: false do
-      field :name, type: 'text', analyzer: 'content' do
-        field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
-      end
-
-      field :reviewed, type: 'boolean', value: ->(tag) { tag.reviewed? }
-      field :usage, type: 'long', value: ->(tag) { tag.history.reduce(0) { |total, day| total + day[:accounts].to_i } }
-      field :last_status_at, type: 'date', value: ->(tag) { tag.last_status_at || tag.created_at }
-    end
-  end
-end

app/controllers/about_controller.rb

@@ -1,51 +1,22 @@
 # frozen_string_literal: true
 
 class AboutController < ApplicationController
-  include RegistrationSpamConcern
-
   layout 'public'
 
-  before_action :require_open_federation!, only: [:show, :more]
-  before_action :set_body_classes, only: :show
-  before_action :set_instance_presenter
-  before_action :set_expires_in, only: [:more, :terms]
-  before_action :set_registration_form_time, only: :show
+  before_action :set_instance_presenter, only: [:show, :more, :terms]
 
-  skip_before_action :require_functional!, only: [:more, :terms]
-
-  def show; end
-
-  def more
-    flash.now[:notice] = I18n.t('about.instance_actor_flash') if params[:instance_actor]
-
-    toc_generator = TOCGenerator.new(@instance_presenter.site_extended_description)
-
-    @contents          = toc_generator.html
-    @table_of_contents = toc_generator.toc
-    @blocks            = DomainBlock.with_user_facing_limitations.by_severity if display_blocks?
+  def show
+    serializable_resource = ActiveModelSerializers::SerializableResource.new(InitialStatePresenter.new(initial_state_params), serializer: InitialStateSerializer)
+    @initial_state_json   = serializable_resource.to_json
+    @hide_navbar = true
   end
 
+  def more; end
+
   def terms; end
 
-  helper_method :display_blocks?
-  helper_method :display_blocks_rationale?
-  helper_method :public_fetch_mode?
-  helper_method :new_user
-
   private
 
-  def require_open_federation!
-    not_found if whitelist_mode?
-  end
-
-  def display_blocks?
-    Setting.show_domain_blocks == 'all' || (Setting.show_domain_blocks == 'users' && user_signed_in?)
-  end
-
-  def display_blocks_rationale?
-    Setting.show_domain_blocks_rationale == 'all' || (Setting.show_domain_blocks_rationale == 'users' && user_signed_in?)
-  end
-
   def new_user
     User.new.tap do |user|
       user.build_account
@@ -53,15 +24,16 @@ class AboutController < ApplicationController
     end
   end
 
+  helper_method :new_user
+
   def set_instance_presenter
     @instance_presenter = InstancePresenter.new
   end
-
-  def set_body_classes
-    @hide_navbar = true
-  end
-
-  def set_expires_in
-    expires_in 0, public: true
-  end
+ 
+    def initial_state_params
+      {
+        settings: { known_fediverse: Setting.show_known_fediverse_at_about_page },
+        token: current_session&.token,
+      }
+    end
 end

app/controllers/account_follow_controller.rb

@@ -6,7 +6,7 @@ class AccountFollowController < ApplicationController
   before_action :authenticate_user!
 
   def create
-    FollowService.new.call(current_user.account, @account, with_rate_limit: true)
+    FollowService.new.call(current_user.account, @account.acct)
     redirect_to account_path(@account)
   end
 end

app/controllers/accounts_controller.rb

@@ -1,27 +1,20 @@
 # frozen_string_literal: true
 
 class AccountsController < ApplicationController
-  PAGE_SIZE     = 20
-  PAGE_SIZE_MAX = 200
+  PAGE_SIZE = 20
 
   include AccountControllerConcern
-  include SignatureAuthentication
 
-  before_action :require_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
   before_action :set_cache_headers
-  before_action :set_body_classes
-
-  skip_around_action :set_locale, if: -> { [:json, :rss].include?(request.format&.to_sym) }
-  skip_before_action :require_functional!, unless: :whitelist_mode?
 
   def show
     respond_to do |format|
       format.html do
-        expires_in 0, public: true unless user_signed_in?
+        mark_cacheable! unless user_signed_in?
 
+        @body_classes      = 'with-modals'
         @pinned_statuses   = []
         @endorsed_accounts = @account.endorsed_accounts.to_a.sample(4)
-        @featured_hashtags = @account.featured_tags.order(statuses_count: :desc)
 
         if current_account && @account.blocking?(current_account)
           @statuses = []
@@ -29,8 +22,8 @@ class AccountsController < ApplicationController
         end
 
         @pinned_statuses = cache_collection(@account.pinned_statuses, Status) if show_pinned_statuses?
-        @statuses        = cached_filtered_status_page
-        @rss_url         = rss_url
+        @statuses        = filtered_status_page(params)
+        @statuses        = cache_collection(@statuses, Status)
 
         unless @statuses.empty?
           @older_url = older_url if @statuses.last.id > filtered_statuses.last.id
@@ -38,28 +31,32 @@ class AccountsController < ApplicationController
         end
       end
 
-      format.rss do
-        expires_in 1.minute, public: true
+      format.atom do
+        mark_cacheable!
 
-        limit     = params[:limit].present? ? [params[:limit].to_i, PAGE_SIZE_MAX].min : PAGE_SIZE
-        @statuses = filtered_statuses.without_reblogs.limit(limit)
-        @statuses = cache_collection(@statuses, Status)
-        render xml: RSS::AccountSerializer.render(@account, @statuses, params[:tag])
+        @entries = @account.stream_entries.where(hidden: false).with_includes.paginate_by_max_id(PAGE_SIZE, params[:max_id], params[:since_id])
+        render xml: OStatus::AtomSerializer.render(OStatus::AtomSerializer.new.feed(@account, @entries.reject { |entry| entry.status.nil? }))
+      end
+
+      format.rss do
+        mark_cacheable!
+
+        @statuses = cache_collection(default_statuses.without_reblogs.without_replies.limit(PAGE_SIZE), Status)
+        render xml: RSS::AccountSerializer.render(@account, @statuses)
       end
 
       format.json do
-        expires_in 3.minutes, public: !(authorized_fetch_mode? && signed_request_account.present?)
-        render_with_cache json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter
+        mark_cacheable!
+
+        render_cached_json(['activitypub', 'actor', @account], content_type: 'application/activity+json') do
+          ActiveModelSerializers::SerializableResource.new(@account, serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter)
+        end
       end
     end
   end
 
   private
 
-  def set_body_classes
-    @body_classes = 'with-modals'
-  end
-
   def show_pinned_statuses?
     [replies_requested?, media_requested?, tag_requested?, params[:max_id].present?, params[:min_id].present?].none?
   end
@@ -81,7 +78,7 @@ class AccountsController < ApplicationController
   end
 
   def account_media_status_ids
-    @account.media_attachments.attached.reorder(nil).select(:status_id).group(:status_id)
+    @account.media_attachments.attached.reorder(nil).select(:status_id).distinct
   end
 
   def no_replies_scope
@@ -102,18 +99,6 @@ class AccountsController < ApplicationController
     params[:username]
   end
 
-  def skip_temporary_suspension_response?
-    request.format == :json
-  end
-
-  def rss_url
-    if tag_requested?
-      short_account_tag_url(@account, params[:tag], format: 'rss')
-    else
-      short_account_url(@account, format: 'rss')
-    end
-  end
-
   def older_url
     pagination_url(max_id: @statuses.last.id)
   end
@@ -135,27 +120,22 @@ class AccountsController < ApplicationController
   end
 
   def media_requested?
-    request.path.split('.').first.ends_with?('/media') && !tag_requested?
+    request.path.ends_with?('/media')
   end
 
   def replies_requested?
-    request.path.split('.').first.ends_with?('/with_replies') && !tag_requested?
+    request.path.ends_with?('/with_replies')
   end
 
   def tag_requested?
-    request.path.split('.').first.ends_with?(Addressable::URI.parse("/tagged/#{params[:tag]}").normalize)
+    request.path.ends_with?(Addressable::URI.parse("/tagged/#{params[:tag]}").normalize)
   end
 
-  def cached_filtered_status_page
-    cache_collection_paginated_by_id(
-      filtered_statuses,
-      Status,
-      PAGE_SIZE,
-      params_slice(:max_id, :min_id, :since_id)
-    )
-  end
-
-  def params_slice(*keys)
-    params.slice(*keys).permit(*keys)
+  def filtered_status_page(params)
+    if params[:min_id].present?
+      filtered_statuses.paginate_by_min_id(PAGE_SIZE, params[:min_id]).reverse
+    else
+      filtered_statuses.paginate_by_max_id(PAGE_SIZE, params[:max_id], params[:since_id]).to_a
+    end
   end
 end

app/controllers/activitypub/base_controller.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-class ActivityPub::BaseController < Api::BaseController
-  skip_before_action :require_authenticated_user!
-
-  private
-
-  def set_cache_headers
-    response.headers['Vary'] = 'Signature' if authorized_fetch_mode?
-  end
-
-  def skip_temporary_suspension_response?
-    false
-  end
-end

app/controllers/activitypub/claims_controller.rb

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-
-class ActivityPub::ClaimsController < ActivityPub::BaseController
-  include SignatureVerification
-  include AccountOwnedConcern
-
-  skip_before_action :authenticate_user!
-
-  before_action :require_signature!
-  before_action :set_claim_result
-
-  def create
-    render json: @claim_result, serializer: ActivityPub::OneTimeKeySerializer
-  end
-
-  private
-
-  def set_claim_result
-    @claim_result = ::Keys::ClaimService.new.call(@account.id, params[:id])
-  end
-end

app/controllers/activitypub/collections_controller.rb

@@ -1,73 +1,63 @@
 # frozen_string_literal: true
 
-class ActivityPub::CollectionsController < ActivityPub::BaseController
+class ActivityPub::CollectionsController < Api::BaseController
   include SignatureVerification
-  include AccountOwnedConcern
 
-  before_action :require_signature!, if: :authorized_fetch_mode?
-  before_action :set_items
+  before_action :set_account
   before_action :set_size
-  before_action :set_type
+  before_action :set_statuses
   before_action :set_cache_headers
 
   def show
-    expires_in 3.minutes, public: public_fetch_mode?
-    render_with_cache json: collection_presenter, content_type: 'application/activity+json', serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter
+    skip_session!
+
+    render_cached_json(['activitypub', 'collection', @account, params[:id]], content_type: 'application/activity+json') do
+      ActiveModelSerializers::SerializableResource.new(
+        collection_presenter,
+        serializer: ActivityPub::CollectionSerializer,
+        adapter: ActivityPub::Adapter,
+        skip_activities: true
+      )
+    end
   end
 
   private
 
-  def set_items
-    case params[:id]
-    when 'featured'
-      @items = for_signed_account { cache_collection(@account.pinned_statuses, Status) }
-    when 'tags'
-      @items = for_signed_account { @account.featured_tags }
-    when 'devices'
-      @items = @account.devices
-    else
-      not_found
-    end
+  def set_account
+    @account = Account.find_local!(params[:account_username])
+  end
+
+  def set_statuses
+    @statuses = scope_for_collection
+    @statuses = cache_collection(@statuses, Status)
   end
 
   def set_size
     case params[:id]
-    when 'featured', 'devices', 'tags'
-      @size = @items.size
+    when 'featured'
+      @account.pinned_statuses.count
     else
-      not_found
+      raise ActiveRecord::RecordNotFound
     end
   end
 
-  def set_type
+  def scope_for_collection
     case params[:id]
     when 'featured'
-      @type = :ordered
-    when 'devices', 'tags'
-      @type = :unordered
+      @account.statuses.permitted_for(@account, signed_request_account).tap do |scope|
+        scope.merge!(@account.pinned_statuses)
+      end
     else
-      not_found
+      raise ActiveRecord::RecordNotFound
     end
   end
 
   def collection_presenter
     ActivityPub::CollectionPresenter.new(
       id: account_collection_url(@account, params[:id]),
-      type: @type,
+      type: :ordered,
       size: @size,
-      items: @items
+      items: @statuses
     )
   end
-
-  def for_signed_account
-    # Because in public fetch mode we cache the response, there would be no
-    # benefit from performing the check below, since a blocked account or domain
-    # would likely be served the cache from the reverse proxy anyway
-
-    if authorized_fetch_mode? && !signed_request_account.nil? && (@account.blocking?(signed_request_account) || (!signed_request_account.domain.nil? && @account.domain_blocking?(signed_request_account.domain)))
-      []
-    else
-      yield
-    end
-  end
 end

app/controllers/activitypub/followers_synchronizations_controller.rb

@@ -1,36 +0,0 @@
-# frozen_string_literal: true
-
-class ActivityPub::FollowersSynchronizationsController < ActivityPub::BaseController
-  include SignatureVerification
-  include AccountOwnedConcern
-
-  before_action :require_signature!
-  before_action :set_items
-  before_action :set_cache_headers
-
-  def show
-    expires_in 0, public: false
-    render json: collection_presenter,
-           serializer: ActivityPub::CollectionSerializer,
-           adapter: ActivityPub::Adapter,
-           content_type: 'application/activity+json'
-  end
-
-  private
-
-  def uri_prefix
-    signed_request_account.uri[/http(s?):\/\/[^\/]+\//]
-  end
-
-  def set_items
-    @items = @account.followers.where(Account.arel_table[:uri].matches(uri_prefix + '%', false, true)).pluck(:uri)
-  end
-
-  def collection_presenter
-    ActivityPub::CollectionPresenter.new(
-      id: account_followers_synchronization_url(@account),
-      type: :ordered,
-      items: @items
-    )
-  end
-end

app/controllers/activitypub/inboxes_controller.rb

@@ -1,50 +1,40 @@
 # frozen_string_literal: true
 
-class ActivityPub::InboxesController < ActivityPub::BaseController
+class ActivityPub::InboxesController < Api::BaseController
   include SignatureVerification
   include JsonLdHelper
-  include AccountOwnedConcern
 
-  before_action :skip_unknown_actor_delete
-  before_action :require_signature!
-  skip_before_action :authenticate_user!
+  before_action :set_account
 
   def create
-    upgrade_account
-    process_collection_synchronization
-    process_payload
-    head 202
+    if unknown_deleted_account?
+      head 202
+    elsif signed_request_account
+      upgrade_account
+      process_payload
+      head 202
+    else
+      render plain: signature_verification_failure_reason, status: 401
+    end
   end
 
   private
 
-  def skip_unknown_actor_delete
-    head 202 if unknown_deleted_account?
-  end
-
   def unknown_deleted_account?
     json = Oj.load(body, mode: :strict)
-    json.is_a?(Hash) && json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
+    json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
   rescue Oj::ParseError
     false
   end
 
-  def account_required?
-    params[:account_username].present?
-  end
-
-  def skip_temporary_suspension_response?
-    true
+  def set_account
+    @account = Account.find_local!(params[:account_username]) if params[:account_username]
   end
 
   def body
     return @body if defined?(@body)
-
-    @body = request.body.read
-    @body.force_encoding('UTF-8') if @body.present?
-
+    @body = request.body.read.force_encoding('UTF-8')
     request.body.rewind if request.body.respond_to?(:rewind)
-
     @body
   end
 
@@ -54,20 +44,8 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
       ResolveAccountWorker.perform_async(signed_request_account.acct)
     end
 
-    DeliveryFailureTracker.reset!(signed_request_account.inbox_url)
-  end
-
-  def process_collection_synchronization
-    raw_params = request.headers['Collection-Synchronization']
-    return if raw_params.blank? || ENV['DISABLE_FOLLOWERS_SYNCHRONIZATION'] == 'true'
-
-    # Re-using the syntax for signature parameters
-    tree   = SignatureParamsParser.new.parse(raw_params)
-    params = SignatureParamsTransformer.new.apply(tree)
-
-    ActivityPub::PrepareFollowersSynchronizationService.new.call(signed_request_account, params)
-  rescue Parslet::ParseFailed
-    Rails.logger.warn 'Error parsing Collection-Synchronization header'
+    Pubsubhubbub::UnsubscribeWorker.perform_async(signed_request_account.id) if signed_request_account.subscribed?
+    DeliveryFailureTracker.track_inverse_success!(signed_request_account)
   end
 
   def process_payload

app/controllers/activitypub/outboxes_controller.rb

@@ -1,28 +1,35 @@
 # frozen_string_literal: true
 
-class ActivityPub::OutboxesController < ActivityPub::BaseController
+class ActivityPub::OutboxesController < Api::BaseController
   LIMIT = 20
 
   include SignatureVerification
-  include AccountOwnedConcern
 
-  before_action :require_signature!, if: :authorized_fetch_mode?
+  before_action :set_account
   before_action :set_statuses
   before_action :set_cache_headers
 
   def show
-    expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode? && !(signed_request_account.present? && page_requested?))
+    unless page_requested?
+      skip_session!
+      expires_in 1.minute, public: true
+    end
+
     render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
   end
 
   private
 
+  def set_account
+    @account = Account.find_local!(params[:account_username])
+  end
+
   def outbox_presenter
     if page_requested?
       ActivityPub::CollectionPresenter.new(
-        id: outbox_url(page_params),
+        id: account_outbox_url(@account, page_params),
         type: :ordered,
-        part_of: outbox_url,
+        part_of: account_outbox_url(@account),
         prev: prev_page,
         next: next_page,
         items: @statuses
@@ -32,20 +39,12 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
         id: account_outbox_url(@account),
         type: :ordered,
         size: @account.statuses_count,
-        first: outbox_url(page: true),
-        last: outbox_url(page: true, min_id: 0)
+        first: account_outbox_url(@account, page: true),
+        last: account_outbox_url(@account, page: true, min_id: 0)
       )
     end
   end
 
-  def outbox_url(**kwargs)
-    if params[:account_username].present?
-      account_outbox_url(@account, **kwargs)
-    else
-      instance_actor_outbox_url(**kwargs)
-    end
-  end
-
   def next_page
     account_outbox_url(@account, page: true, max_id: @statuses.last.id) if @statuses.size == LIMIT
   end
@@ -57,23 +56,16 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   def set_statuses
     return unless page_requested?
 
-    @statuses = cache_collection_paginated_by_id(
-      @account.statuses.permitted_for(@account, signed_request_account),
-      Status,
-      LIMIT,
-      params_slice(:max_id, :min_id, :since_id)
-    )
+    @statuses = @account.statuses.permitted_for(@account, signed_request_account)
+    @statuses = params[:min_id].present? ? @statuses.paginate_by_min_id(LIMIT, params[:min_id]).reverse : @statuses.paginate_by_max_id(LIMIT, params[:max_id])
+    @statuses = cache_collection(@statuses, Status)
   end
 
   def page_requested?
-    truthy_param?(:page)
+    params[:page] == 'true'
   end
 
   def page_params
     { page: true, max_id: params[:max_id], min_id: params[:min_id] }.compact
   end
-
-  def set_account
-    @account = params[:account_username].present? ? Account.find_local!(username_param) : Account.representative
-  end
 end

app/controllers/activitypub/replies_controller.rb

@@ -1,80 +0,0 @@
-# frozen_string_literal: true
-
-class ActivityPub::RepliesController < ActivityPub::BaseController
-  include SignatureVerification
-  include Authorization
-  include AccountOwnedConcern
-
-  DESCENDANTS_LIMIT = 60
-
-  before_action :require_signature!, if: :authorized_fetch_mode?
-  before_action :set_status
-  before_action :set_cache_headers
-  before_action :set_replies
-
-  def index
-    expires_in 0, public: public_fetch_mode?
-    render json: replies_collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json', skip_activities: true
-  end
-
-  private
-
-  def pundit_user
-    signed_request_account
-  end
-
-  def set_status
-    @status = @account.statuses.find(params[:status_id])
-    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
-    not_found
-  end
-
-  def set_replies
-    @replies = only_other_accounts? ? Status.where.not(account_id: @account.id).joins(:account).merge(Account.without_suspended) : @account.statuses
-    @replies = @replies.where(in_reply_to_id: @status.id, visibility: [:public, :unlisted])
-    @replies = @replies.paginate_by_min_id(DESCENDANTS_LIMIT, params[:min_id])
-  end
-
-  def replies_collection_presenter
-    page = ActivityPub::CollectionPresenter.new(
-      id: account_status_replies_url(@account, @status, page_params),
-      type: :unordered,
-      part_of: account_status_replies_url(@account, @status),
-      next: next_page,
-      items: @replies.map { |status| status.local? ? status : status.uri }
-    )
-
-    return page if page_requested?
-
-    ActivityPub::CollectionPresenter.new(
-      id: account_status_replies_url(@account, @status),
-      type: :unordered,
-      first: page
-    )
-  end
-
-  def page_requested?
-    truthy_param?(:page)
-  end
-
-  def only_other_accounts?
-    truthy_param?(:only_other_accounts)
-  end
-
-  def next_page
-    only_other_accounts = !(@replies&.last&.account_id == @account.id && @replies.size == DESCENDANTS_LIMIT)
-
-    account_status_replies_url(
-      @account,
-      @status,
-      page: true,
-      min_id: only_other_accounts && !only_other_accounts? ? nil : @replies&.last&.id,
-      only_other_accounts: only_other_accounts
-    )
-  end
-
-  def page_params
-    params_slice(:only_other_accounts, :min_id).merge(page: true)
-  end
-end

app/controllers/admin/account_actions_controller.rb

@@ -5,7 +5,7 @@ module Admin
     before_action :set_account
 
     def new
-      @account_action  = Admin::AccountAction.new(type: params[:type], report_id: params[:report_id], send_email_notification: true, include_statuses: true)
+      @account_action  = Admin::AccountAction.new(type: params[:type], report_id: params[:report_id], send_email_notification: true)
       @warning_presets = AccountWarningPreset.all
     end
 
@@ -30,7 +30,7 @@ module Admin
     end
 
     def resource_params
-      params.require(:admin_account_action).permit(:type, :report_id, :warning_preset_id, :text, :send_email_notification, :include_statuses)
+      params.require(:admin_account_action).permit(:type, :report_id, :warning_preset_id, :text, :send_email_notification)
     end
   end
 end

app/controllers/admin/accounts_controller.rb

@@ -2,8 +2,8 @@
 
 module Admin
   class AccountsController < BaseController
-    before_action :set_account, except: [:index]
-    before_action :require_remote_account!, only: [:redownload]
+    before_action :set_account, only: [:show, :subscribe, :unsubscribe, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize, :approve, :reject]
+    before_action :require_remote_account!, only: [:subscribe, :unsubscribe, :redownload]
     before_action :require_local_account!, only: [:enable, :memorialize, :approve, :reject]
 
     def index
@@ -14,65 +14,61 @@ module Admin
     def show
       authorize @account, :show?
 
-      @deletion_request        = @account.deletion_request
       @account_moderation_note = current_account.account_moderation_notes.new(target_account: @account)
       @moderation_notes        = @account.targeted_moderation_notes.latest
       @warnings                = @account.targeted_account_warnings.latest.custom
-      @domain_block            = DomainBlock.rule_for(@account.domain)
+    end
+
+    def subscribe
+      authorize @account, :subscribe?
+      Pubsubhubbub::SubscribeWorker.perform_async(@account.id)
+      redirect_to admin_account_path(@account.id)
+    end
+
+    def unsubscribe
+      authorize @account, :unsubscribe?
+      Pubsubhubbub::UnsubscribeWorker.perform_async(@account.id)
+      redirect_to admin_account_path(@account.id)
     end
 
     def memorialize
       authorize @account, :memorialize?
       @account.memorialize!
       log_action :memorialize, @account
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.memorialized_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     def enable
       authorize @account.user, :enable?
       @account.user.enable!
       log_action :enable, @account.user
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.enabled_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     def approve
       authorize @account.user, :approve?
       @account.user.approve!
-      redirect_to admin_pending_accounts_path, notice: I18n.t('admin.accounts.approved_msg', username: @account.acct)
+      redirect_to admin_accounts_path(pending: '1')
     end
 
     def reject
       authorize @account.user, :reject?
-      DeleteAccountService.new.call(@account, reserve_email: false, reserve_username: false)
-      redirect_to admin_pending_accounts_path, notice: I18n.t('admin.accounts.rejected_msg', username: @account.acct)
-    end
-
-    def destroy
-      authorize @account, :destroy?
-      Admin::AccountDeletionWorker.perform_async(@account.id)
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.destroyed_msg', username: @account.acct)
-    end
-
-    def unsensitive
-      authorize @account, :unsensitive?
-      @account.unsensitize!
-      log_action :unsensitive, @account
-      redirect_to admin_account_path(@account.id)
+      SuspendAccountService.new.call(@account, including_user: true, destroy: true, skip_distribution: true)
+      redirect_to admin_accounts_path(pending: '1')
     end
 
     def unsilence
       authorize @account, :unsilence?
       @account.unsilence!
       log_action :unsilence, @account
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.unsilenced_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     def unsuspend
       authorize @account, :unsuspend?
       @account.unsuspend!
-      Admin::UnsuspensionWorker.perform_async(@account.id)
       log_action :unsuspend, @account
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.unsuspended_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     def redownload
@@ -81,7 +77,7 @@ module Admin
       @account.update!(last_webfingered_at: nil)
       ResolveAccountService.new.call(@account)
 
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.redownloaded_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     def remove_avatar
@@ -92,7 +88,7 @@ module Admin
 
       log_action :remove_avatar, @account.user
 
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.removed_avatar_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     def remove_header
@@ -103,7 +99,7 @@ module Admin
 
       log_action :remove_header, @account.user
 
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.removed_header_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     private
@@ -125,7 +121,20 @@ module Admin
     end
 
     def filter_params
-      params.slice(*AccountFilter::KEYS).permit(*AccountFilter::KEYS)
+      params.permit(
+        :local,
+        :remote,
+        :by_domain,
+        :active,
+        :pending,
+        :silenced,
+        :suspended,
+        :username,
+        :display_name,
+        :email,
+        :ip,
+        :staff
+      )
     end
   end
 end

app/controllers/admin/action_logs_controller.rb

@@ -2,18 +2,8 @@
 
 module Admin
   class ActionLogsController < BaseController
-    before_action :set_action_logs
-
-    def index; end
-
-    private
-
-    def set_action_logs
-      @action_logs = Admin::ActionLogFilter.new(filter_params).results.page(params[:page])
-    end
-
-    def filter_params
-      params.slice(:page, *Admin::ActionLogFilter::KEYS).permit(:page, *Admin::ActionLogFilter::KEYS)
+    def index
+      @action_logs = Admin::ActionLog.page(params[:page])
     end
   end
 end

app/controllers/admin/announcements_controller.rb

@@ -1,88 +0,0 @@
-# frozen_string_literal: true
-
-class Admin::AnnouncementsController < Admin::BaseController
-  before_action :set_announcements, only: :index
-  before_action :set_announcement, except: [:index, :new, :create]
-
-  def index
-    authorize :announcement, :index?
-  end
-
-  def new
-    authorize :announcement, :create?
-
-    @announcement = Announcement.new
-  end
-
-  def create
-    authorize :announcement, :create?
-
-    @announcement = Announcement.new(resource_params)
-
-    if @announcement.save
-      PublishScheduledAnnouncementWorker.perform_async(@announcement.id) if @announcement.published?
-      log_action :create, @announcement
-      redirect_to admin_announcements_path, notice: @announcement.published? ? I18n.t('admin.announcements.published_msg') : I18n.t('admin.announcements.scheduled_msg')
-    else
-      render :new
-    end
-  end
-
-  def edit
-    authorize :announcement, :update?
-  end
-
-  def update
-    authorize :announcement, :update?
-
-    if @announcement.update(resource_params)
-      PublishScheduledAnnouncementWorker.perform_async(@announcement.id) if @announcement.published?
-      log_action :update, @announcement
-      redirect_to admin_announcements_path, notice: I18n.t('admin.announcements.updated_msg')
-    else
-      render :edit
-    end
-  end
-
-  def publish
-    authorize :announcement, :update?
-    @announcement.publish!
-    PublishScheduledAnnouncementWorker.perform_async(@announcement.id)
-    log_action :update, @announcement
-    redirect_to admin_announcements_path, notice: I18n.t('admin.announcements.published_msg')
-  end
-
-  def unpublish
-    authorize :announcement, :update?
-    @announcement.unpublish!
-    UnpublishAnnouncementWorker.perform_async(@announcement.id)
-    log_action :update, @announcement
-    redirect_to admin_announcements_path, notice: I18n.t('admin.announcements.unpublished_msg')
-  end
-
-  def destroy
-    authorize :announcement, :destroy?
-    @announcement.destroy!
-    UnpublishAnnouncementWorker.perform_async(@announcement.id) if @announcement.published?
-    log_action :destroy, @announcement
-    redirect_to admin_announcements_path, notice: I18n.t('admin.announcements.destroyed_msg')
-  end
-
-  private
-
-  def set_announcements
-    @announcements = AnnouncementFilter.new(filter_params).results.reverse_chronological.page(params[:page])
-  end
-
-  def set_announcement
-    @announcement = Announcement.find(params[:id])
-  end
-
-  def filter_params
-    params.slice(*AnnouncementFilter::KEYS).permit(*AnnouncementFilter::KEYS)
-  end
-
-  def resource_params
-    params.require(:announcement).permit(:text, :scheduled_at, :starts_at, :ends_at, :all_day)
-  end
-end

app/controllers/admin/custom_emojis_controller.rb

@@ -2,16 +2,19 @@
 
 module Admin
   class CustomEmojisController < BaseController
+    before_action :set_custom_emoji, except: [:index, :new, :create]
+    before_action :set_filter_params
+
+    include ObfuscateFilename
+    obfuscate_filename [:custom_emoji, :image]
+
     def index
       authorize :custom_emoji, :index?
-
       @custom_emojis = filtered_custom_emojis.eager_load(:local_counterpart).page(params[:page])
-      @form          = Form::CustomEmojiBatch.new
     end
 
     def new
       authorize :custom_emoji, :create?
-
       @custom_emoji = CustomEmoji.new
     end
 
@@ -28,19 +31,69 @@ module Admin
       end
     end
 
-    def batch
-      @form = Form::CustomEmojiBatch.new(form_custom_emoji_batch_params.merge(current_account: current_account, action: action_from_button))
-      @form.save
-    rescue ActionController::ParameterMissing
-      flash[:alert] = I18n.t('admin.accounts.no_account_selected')
-    rescue Mastodon::NotPermittedError
-      flash[:alert] = I18n.t('admin.custom_emojis.not_permitted')
-    ensure
-      redirect_to admin_custom_emojis_path(filter_params)
+    def update
+      authorize @custom_emoji, :update?
+
+      if @custom_emoji.update(resource_params)
+        log_action :update, @custom_emoji
+        flash[:notice] = I18n.t('admin.custom_emojis.updated_msg')
+      else
+        flash[:alert] =  I18n.t('admin.custom_emojis.update_failed_msg')
+      end
+      redirect_to admin_custom_emojis_path(page: params[:page], **@filter_params)
+    end
+
+    def destroy
+      authorize @custom_emoji, :destroy?
+      @custom_emoji.destroy!
+      log_action :destroy, @custom_emoji
+      flash[:notice] = I18n.t('admin.custom_emojis.destroyed_msg')
+      redirect_to admin_custom_emojis_path(page: params[:page], **@filter_params)
+    end
+
+    def copy
+      authorize @custom_emoji, :copy?
+
+      emoji = CustomEmoji.find_or_initialize_by(domain: nil,
+                                                shortcode: @custom_emoji.shortcode)
+      emoji.image = @custom_emoji.image
+
+      if emoji.save
+        log_action :create, emoji
+        flash[:notice] = I18n.t('admin.custom_emojis.copied_msg')
+      else
+        flash[:alert] = I18n.t('admin.custom_emojis.copy_failed_msg')
+      end
+
+      redirect_to admin_custom_emojis_path(page: params[:page], **@filter_params)
+    end
+
+    def enable
+      authorize @custom_emoji, :enable?
+      @custom_emoji.update!(disabled: false)
+      log_action :enable, @custom_emoji
+      flash[:notice] = I18n.t('admin.custom_emojis.enabled_msg')
+      redirect_to admin_custom_emojis_path(page: params[:page], **@filter_params)
+    end
+
+    def disable
+      authorize @custom_emoji, :disable?
+      @custom_emoji.update!(disabled: true)
+      log_action :disable, @custom_emoji
+      flash[:notice] = I18n.t('admin.custom_emojis.disabled_msg')
+      redirect_to admin_custom_emojis_path(page: params[:page], **@filter_params)
     end
 
     private
 
+    def set_custom_emoji
+      @custom_emoji = CustomEmoji.find(params[:id])
+    end
+
+    def set_filter_params
+      @filter_params = filter_params.to_hash.symbolize_keys
+    end
+
     def resource_params
       params.require(:custom_emoji).permit(:shortcode, :image, :visible_in_picker)
     end
@@ -50,29 +103,12 @@ module Admin
     end
 
     def filter_params
-      params.slice(:page, *CustomEmojiFilter::KEYS).permit(:page, *CustomEmojiFilter::KEYS)
-    end
-
-    def action_from_button
-      if params[:update]
-        'update'
-      elsif params[:list]
-        'list'
-      elsif params[:unlist]
-        'unlist'
-      elsif params[:enable]
-        'enable'
-      elsif params[:disable]
-        'disable'
-      elsif params[:copy]
-        'copy'
-      elsif params[:delete]
-        'delete'
-      end
-    end
-
-    def form_custom_emoji_batch_params
-      params.require(:form_custom_emoji_batch).permit(:action, :category_id, :category_name, custom_emoji_ids: [])
+      params.permit(
+        :local,
+        :remote,
+        :by_domain,
+        :shortcode
+      )
     end
   end
 end

app/controllers/admin/dashboard_controller.rb

@@ -5,7 +5,6 @@ module Admin
   class DashboardController < BaseController
     def index
       @users_count           = User.count
-      @pending_users_count   = User.pending.count
       @registrations_week    = Redis.current.get("activity:accounts:local:#{current_week}") || 0
       @logins_week           = Redis.current.pfcount("activity:logins:#{current_week}")
       @interactions_week     = Redis.current.get("activity:interactions:#{current_week}") || 0
@@ -20,7 +19,7 @@ module Admin
       @redis_version         = redis_info['redis_version']
       @reports_count         = Report.unresolved.count
       @queue_backlog         = Sidekiq::Stats.new.enqueued
-      @recent_users          = User.confirmed.recent.includes(:account).limit(8)
+      @recent_users          = User.confirmed.recent.includes(:account).limit(4)
       @database_size         = ActiveRecord::Base.connection.execute('SELECT pg_database_size(current_database())').first['pg_database_size']
       @redis_size            = redis_info['used_memory']
       @ldap_enabled          = ENV['LDAP_ENABLED'] == 'true'
@@ -28,14 +27,9 @@ module Admin
       @saml_enabled          = ENV['SAML_ENABLED'] == 'true'
       @pam_enabled           = ENV['PAM_ENABLED'] == 'true'
       @hidden_service        = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true'
-      @trending_hashtags     = TrendingTags.get(10, filtered: false)
-      @pending_tags_count    = Tag.pending_review.count
-      @authorized_fetch      = authorized_fetch_mode?
-      @whitelist_enabled     = whitelist_mode?
+      @trending_hashtags     = TrendingTags.get(7)
       @profile_directory     = Setting.profile_directory
       @timeline_preview      = Setting.timeline_preview
-      @spam_check_enabled    = Setting.spam_check_enabled
-      @trends_enabled        = Setting.trends
     end
 
     private
@@ -45,13 +39,7 @@ module Admin
     end
 
     def redis_info
-      @redis_info ||= begin
-        if Redis.current.is_a?(Redis::Namespace)
-          Redis.current.redis.info
-        else
-          Redis.current.info
-        end
-      end
+      @redis_info ||= Redis.current.info
     end
   end
 end

app/controllers/admin/domain_allows_controller.rb

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-
-class Admin::DomainAllowsController < Admin::BaseController
-  before_action :set_domain_allow, only: [:destroy]
-
-  def new
-    authorize :domain_allow, :create?
-
-    @domain_allow = DomainAllow.new(domain: params[:_domain])
-  end
-
-  def create
-    authorize :domain_allow, :create?
-
-    @domain_allow = DomainAllow.new(resource_params)
-
-    if @domain_allow.save
-      log_action :create, @domain_allow
-      redirect_to admin_instances_path, notice: I18n.t('admin.domain_allows.created_msg')
-    else
-      render :new
-    end
-  end
-
-  def destroy
-    authorize @domain_allow, :destroy?
-    UnallowDomainService.new.call(@domain_allow)
-    redirect_to admin_instances_path, notice: I18n.t('admin.domain_allows.destroyed_msg')
-  end
-
-  private
-
-  def set_domain_allow
-    @domain_allow = DomainAllow.find(params[:id])
-  end
-
-  def resource_params
-    params.require(:domain_allow).permit(:domain)
-  end
-end

app/controllers/admin/domain_blocks_controller.rb

@@ -2,26 +2,22 @@
 
 module Admin
   class DomainBlocksController < BaseController
-    before_action :set_domain_block, only: [:show, :destroy, :edit, :update]
+    before_action :set_domain_block, only: [:show, :destroy]
 
     def new
       authorize :domain_block, :create?
       @domain_block = DomainBlock.new(domain: params[:_domain])
     end
 
-    def edit
-      authorize :domain_block, :create?
-    end
-
     def create
       authorize :domain_block, :create?
 
       @domain_block = DomainBlock.new(resource_params)
-      existing_domain_block = resource_params[:domain].present? ? DomainBlock.rule_for(resource_params[:domain]) : nil
+      existing_domain_block = resource_params[:domain].present? ? DomainBlock.find_by(domain: resource_params[:domain]) : nil
 
       if existing_domain_block.present? && !@domain_block.stricter_than?(existing_domain_block)
         @domain_block.save
-        flash.now[:alert] = I18n.t('admin.domain_blocks.existing_domain_block_html', name: existing_domain_block.domain, unblock_url: admin_domain_block_path(existing_domain_block)).html_safe # rubocop:disable Rails/OutputSafety
+        flash[:alert] = I18n.t('admin.domain_blocks.existing_domain_block_html', name: existing_domain_block.domain, unblock_url: admin_domain_block_path(existing_domain_block)).html_safe # rubocop:disable Rails/OutputSafety
         @domain_block.errors[:domain].clear
         render :new
       else
@@ -29,7 +25,6 @@ module Admin
           @domain_block = existing_domain_block
           @domain_block.update(resource_params)
         end
-
         if @domain_block.save
           DomainBlockWorker.perform_async(@domain_block.id)
           log_action :create, @domain_block
@@ -40,29 +35,13 @@ module Admin
       end
     end
 
-    def update
-      authorize :domain_block, :update?
-
-      @domain_block.update(update_params)
-
-      severity_changed = @domain_block.severity_changed?
-
-      if @domain_block.save
-        DomainBlockWorker.perform_async(@domain_block.id, severity_changed)
-        log_action :update, @domain_block
-        redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
-      else
-        render :edit
-      end
-    end
-
     def show
       authorize @domain_block, :show?
     end
 
     def destroy
       authorize @domain_block, :destroy?
-      UnblockDomainService.new.call(@domain_block)
+      UnblockDomainService.new.call(@domain_block, retroactive_unblock?)
       log_action :destroy, @domain_block
       redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.destroyed_msg')
     end
@@ -73,12 +52,12 @@ module Admin
       @domain_block = DomainBlock.find(params[:id])
     end
 
-    def update_params
-      params.require(:domain_block).permit(:severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
+    def resource_params
+      params.require(:domain_block).permit(:domain, :severity, :reject_media, :reject_reports, :retroactive)
     end
 
-    def resource_params
-      params.require(:domain_block).permit(:domain, :severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
+    def retroactive_unblock?
+      ActiveRecord::Type.lookup(:boolean).cast(resource_params[:retroactive])
     end
   end
 end

app/controllers/admin/email_domain_blocks_controller.rb

@@ -6,12 +6,12 @@ module Admin
 
     def index
       authorize :email_domain_block, :index?
-      @email_domain_blocks = EmailDomainBlock.where(parent_id: nil).includes(:children).order(id: :desc).page(params[:page])
+      @email_domain_blocks = EmailDomainBlock.page(params[:page])
     end
 
     def new
       authorize :email_domain_block, :create?
-      @email_domain_block = EmailDomainBlock.new(domain: params[:_domain])
+      @email_domain_block = EmailDomainBlock.new
     end
 
     def create
@@ -21,28 +21,6 @@ module Admin
 
       if @email_domain_block.save
         log_action :create, @email_domain_block
-
-        if @email_domain_block.with_dns_records?
-          hostnames = []
-          ips       = []
-
-          Resolv::DNS.open do |dns|
-            dns.timeouts = 5
-
-            hostnames = dns.getresources(@email_domain_block.domain, Resolv::DNS::Resource::IN::MX).to_a.map { |e| e.exchange.to_s }
-
-            ([@email_domain_block.domain] + hostnames).uniq.each do |hostname|
-              ips.concat(dns.getresources(hostname, Resolv::DNS::Resource::IN::A).to_a.map { |e| e.address.to_s })
-              ips.concat(dns.getresources(hostname, Resolv::DNS::Resource::IN::AAAA).to_a.map { |e| e.address.to_s })
-            end
-          end
-
-          (hostnames + ips).each do |hostname|
-            another_email_domain_block = EmailDomainBlock.new(domain: hostname, parent: @email_domain_block)
-            log_action :create, another_email_domain_block if another_email_domain_block.save
-          end
-        end
-
         redirect_to admin_email_domain_blocks_path, notice: I18n.t('admin.email_domain_blocks.created_msg')
       else
         render :new
@@ -63,7 +41,7 @@ module Admin
     end
 
     def resource_params
-      params.require(:email_domain_block).permit(:domain, :with_dns_records)
+      params.require(:email_domain_block).permit(:domain)
     end
   end
 end

app/controllers/admin/followers_controller.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Admin
+  class FollowersController < BaseController
+    before_action :set_account
+
+    PER_PAGE = 40
+
+    def index
+      authorize :account, :index?
+      @followers = @account.followers.local.recent.page(params[:page]).per(PER_PAGE)
+    end
+
+    def set_account
+      @account = Account.find(params[:account_id])
+    end
+  end
+end

app/controllers/admin/instances_controller.rb

@@ -2,33 +2,43 @@
 
 module Admin
   class InstancesController < BaseController
-    before_action :set_instances, only: :index
-    before_action :set_instance, only: :show
-
     def index
       authorize :instance, :index?
+
+      @instances = ordered_instances
     end
 
     def show
       authorize :instance, :show?
+
+      @instance        = Instance.new(Account.by_domain_accounts.find_by(domain: params[:id]) || DomainBlock.find_by!(domain: params[:id]))
+      @following_count = Follow.where(account: Account.where(domain: params[:id])).count
+      @followers_count = Follow.where(target_account: Account.where(domain: params[:id])).count
+      @reports_count   = Report.where(target_account: Account.where(domain: params[:id])).count
+      @blocks_count    = Block.where(target_account: Account.where(domain: params[:id])).count
+      @available       = DeliveryFailureTracker.available?(Account.select(:shared_inbox_url).where(domain: params[:id]).first&.shared_inbox_url)
+      @media_storage   = MediaAttachment.where(account: Account.where(domain: params[:id])).sum(:file_file_size)
+      @domain_block    = DomainBlock.find_by(domain: params[:id])
     end
 
     private
 
-    def set_instance
-      @instance = Instance.find(params[:id])
-    end
-
-    def set_instances
-      @instances = filtered_instances.page(params[:page])
-    end
-
     def filtered_instances
-      InstanceFilter.new(whitelist_mode? ? { allowed: true } : filter_params).results
+      InstanceFilter.new(filter_params).results
+    end
+
+    def paginated_instances
+      filtered_instances.page(params[:page])
+    end
+
+    helper_method :paginated_instances
+
+    def ordered_instances
+      paginated_instances.map { |resource| Instance.new(resource) }
     end
 
     def filter_params
-      params.slice(*InstanceFilter::KEYS).permit(*InstanceFilter::KEYS)
+      params.permit(:limited, :by_domain)
     end
   end
 end

app/controllers/admin/invites_controller.rb

@@ -47,7 +47,7 @@ module Admin
     end
 
     def filter_params
-      params.slice(*InviteFilter::KEYS).permit(*InviteFilter::KEYS)
+      params.permit(:available, :expired)
     end
   end
 end

app/controllers/admin/ip_blocks_controller.rb

@@ -1,56 +0,0 @@
-# frozen_string_literal: true
-
-module Admin
-  class IpBlocksController < BaseController
-    def index
-      authorize :ip_block, :index?
-
-      @ip_blocks = IpBlock.page(params[:page])
-      @form      = Form::IpBlockBatch.new
-    end
-
-    def new
-      authorize :ip_block, :create?
-
-      @ip_block = IpBlock.new(ip: '', severity: :no_access, expires_in: 1.year)
-    end
-
-    def create
-      authorize :ip_block, :create?
-
-      @ip_block = IpBlock.new(resource_params)
-
-      if @ip_block.save
-        log_action :create, @ip_block
-        redirect_to admin_ip_blocks_path, notice: I18n.t('admin.ip_blocks.created_msg')
-      else
-        render :new
-      end
-    end
-
-    def batch
-      @form = Form::IpBlockBatch.new(form_ip_block_batch_params.merge(current_account: current_account, action: action_from_button))
-      @form.save
-    rescue ActionController::ParameterMissing
-      flash[:alert] = I18n.t('admin.ip_blocks.no_ip_block_selected')
-    rescue Mastodon::NotPermittedError
-      flash[:alert] = I18n.t('admin.custom_emojis.not_permitted')
-    ensure
-      redirect_to admin_ip_blocks_path
-    end
-
-    private
-
-    def resource_params
-      params.require(:ip_block).permit(:ip, :severity, :comment, :expires_in)
-    end
-
-    def action_from_button
-      'delete' if params[:delete]
-    end
-
-    def form_ip_block_batch_params
-      params.require(:form_ip_block_batch).permit(ip_block_ids: [])
-    end
-  end
-end

app/controllers/admin/relationships_controller.rb

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-module Admin
-  class RelationshipsController < BaseController
-    before_action :set_account
-
-    PER_PAGE = 40
-
-    def index
-      authorize :account, :index?
-
-      @accounts = RelationshipFilter.new(@account, filter_params).results.page(params[:page]).per(PER_PAGE)
-    end
-
-    private
-
-    def set_account
-      @account = Account.find(params[:account_id])
-    end
-
-    def filter_params
-      params.slice(*RelationshipFilter::KEYS).permit(*RelationshipFilter::KEYS)
-    end
-  end
-end

app/controllers/admin/relays_controller.rb

@@ -3,7 +3,6 @@
 module Admin
   class RelaysController < BaseController
     before_action :set_relay, except: [:index, :new, :create]
-    before_action :require_signatures_enabled!, only: [:new, :create, :enable]
 
     def index
       authorize :relay, :update?
@@ -12,7 +11,7 @@ module Admin
 
     def new
       authorize :relay, :update?
-      @relay = Relay.new
+      @relay = Relay.new(inbox_url: Relay::PRESET_RELAY)
     end
 
     def create
@@ -55,9 +54,5 @@ module Admin
     def resource_params
       params.require(:relay).permit(:inbox_url)
     end
-
-    def require_signatures_enabled!
-      redirect_to admin_relays_path, alert: I18n.t('admin.relays.signatures_not_enabled') if authorized_fetch_mode?
-    end
   end
 end

app/controllers/admin/report_notes_controller.rb

@@ -5,10 +5,10 @@ module Admin
     before_action :set_report_note, only: [:destroy]
 
     def create
-      authorize :report_note, :create?
+      authorize ReportNote, :create?
 
       @report_note = current_account.report_notes.new(resource_params)
-      @report      = @report_note.report
+      @report = @report_note.report
 
       if @report_note.save
         if params[:create_and_resolve]
@@ -26,8 +26,9 @@ module Admin
 
         redirect_to admin_report_path(@report), notice: I18n.t('admin.report_notes.created_msg')
       else
-        @report_notes = (@report.notes.latest + @report.history + @report.target_account.targeted_account_warnings.latest.custom).sort_by(&:created_at)
-        @form         = Form::StatusBatch.new
+        @report_notes = @report.notes.latest
+        @report_history = @report.history
+        @form = Form::StatusBatch.new
 
         render template: 'admin/reports/show'
       end

app/controllers/admin/reports_controller.rb

@@ -52,7 +52,11 @@ module Admin
     end
 
     def filter_params
-      params.slice(*ReportFilter::KEYS).permit(*ReportFilter::KEYS)
+      params.permit(
+        :account_id,
+        :resolved,
+        :target_account_id
+      )
     end
 
     def set_report

app/controllers/admin/site_uploads_controller.rb

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-
-module Admin
-  class SiteUploadsController < BaseController
-    before_action :set_site_upload
-
-    def destroy
-      authorize :settings, :destroy?
-
-      @site_upload.destroy!
-
-      redirect_to edit_admin_settings_path, notice: I18n.t('admin.site_uploads.destroyed_msg')
-    end
-
-    private
-
-    def set_site_upload
-      @site_upload = SiteUpload.find(params[:id])
-    end
-  end
-end

app/controllers/admin/statuses_controller.rb

@@ -14,7 +14,7 @@ module Admin
       @statuses = @account.statuses.where(visibility: [:public, :unlisted])
 
       if params[:media]
-        account_media_status_ids = @account.media_attachments.attached.reorder(nil).select(:status_id).group(:status_id)
+        account_media_status_ids = @account.media_attachments.attached.reorder(nil).select(:status_id).distinct
         @statuses.merge!(Status.where(id: account_media_status_ids))
       end
 

app/controllers/admin/tags_controller.rb

@@ -2,102 +2,43 @@
 
 module Admin
   class TagsController < BaseController
-    before_action :set_tag, except: [:index, :batch, :approve_all, :reject_all]
-    before_action :set_usage_by_domain, except: [:index, :batch, :approve_all, :reject_all]
-    before_action :set_counters, except: [:index, :batch, :approve_all, :reject_all]
+    before_action :set_tags, only: :index
+    before_action :set_tag, except: :index
+    before_action :set_filter_params
 
     def index
       authorize :tag, :index?
-
-      @tags = filtered_tags.page(params[:page])
-      @form = Form::TagBatch.new
     end
 
-    def batch
-      @form = Form::TagBatch.new(form_tag_batch_params.merge(current_account: current_account, action: action_from_button))
-      @form.save
-    rescue ActionController::ParameterMissing
-      flash[:alert] = I18n.t('admin.accounts.no_account_selected')
-    ensure
-      redirect_to admin_tags_path(filter_params)
+    def hide
+      authorize @tag, :hide?
+      @tag.account_tag_stat.update!(hidden: true)
+      redirect_to admin_tags_path(@filter_params)
     end
 
-    def approve_all
-      Form::TagBatch.new(current_account: current_account, tag_ids: Tag.pending_review.pluck(:id), action: 'approve').save
-      redirect_to admin_tags_path(filter_params)
-    end
-
-    def reject_all
-      Form::TagBatch.new(current_account: current_account, tag_ids: Tag.pending_review.pluck(:id), action: 'reject').save
-      redirect_to admin_tags_path(filter_params)
-    end
-
-    def show
-      authorize @tag, :show?
-    end
-
-    def update
-      authorize @tag, :update?
-
-      if @tag.update(tag_params.merge(reviewed_at: Time.now.utc))
-        redirect_to admin_tag_path(@tag.id), notice: I18n.t('admin.tags.updated_msg')
-      else
-        render :show
-      end
+    def unhide
+      authorize @tag, :unhide?
+      @tag.account_tag_stat.update!(hidden: false)
+      redirect_to admin_tags_path(@filter_params)
     end
 
     private
 
+    def set_tags
+      @tags = Tag.discoverable
+      @tags.merge!(Tag.hidden) if filter_params[:hidden]
+    end
+
     def set_tag
       @tag = Tag.find(params[:id])
     end
 
-    def set_usage_by_domain
-      @usage_by_domain = @tag.statuses
-                             .with_public_visibility
-                             .excluding_silenced_accounts
-                             .where(Status.arel_table[:id].gteq(Mastodon::Snowflake.id_at(Time.now.utc.beginning_of_day)))
-                             .joins(:account)
-                             .group('accounts.domain')
-                             .reorder('statuses_count desc')
-                             .pluck('accounts.domain, count(*) AS statuses_count')
-    end
-
-    def set_counters
-      @accounts_today = @tag.history.first[:accounts]
-      @accounts_week  = Redis.current.pfcount(*current_week_days.map { |day| "activity:tags:#{@tag.id}:#{day}:accounts" })
-    end
-
-    def filtered_tags
-      TagFilter.new(filter_params).results
+    def set_filter_params
+      @filter_params = filter_params.to_hash.symbolize_keys
     end
 
     def filter_params
-      params.slice(:page, *TagFilter::KEYS).permit(:page, *TagFilter::KEYS)
-    end
-
-    def tag_params
-      params.require(:tag).permit(:name, :trendable, :usable, :listable)
-    end
-
-    def current_week_days
-      now = Time.now.utc.beginning_of_day.to_date
-
-      (Date.commercial(now.cwyear, now.cweek)..now).map do |date|
-        date.to_time(:utc).beginning_of_day.to_i
-      end
-    end
-
-    def form_tag_batch_params
-      params.require(:form_tag_batch).permit(:action, tag_ids: [])
-    end
-
-    def action_from_button
-      if params[:approve]
-        'approve'
-      elsif params[:reject]
-        'reject'
-      end
+      params.permit(:hidden)
     end
   end
 end

app/controllers/admin/two_factor_authentications_controller.rb

@@ -8,7 +8,6 @@ module Admin
       authorize @user, :disable_2fa?
       @user.disable_two_factor!
       log_action :disable_2fa, @user
-      UserMailer.two_factor_disabled(@user).deliver_later!
       redirect_to admin_accounts_path
     end
 

app/controllers/admin/warning_presets_controller.rb

@@ -7,7 +7,7 @@ module Admin
     def index
       authorize :account_warning_preset, :index?
 
-      @warning_presets = AccountWarningPreset.alphabetic
+      @warning_presets = AccountWarningPreset.all
       @warning_preset  = AccountWarningPreset.new
     end
 
@@ -19,7 +19,7 @@ module Admin
       if @warning_preset.save
         redirect_to admin_warning_presets_path
       else
-        @warning_presets = AccountWarningPreset.alphabetic
+        @warning_presets = AccountWarningPreset.all
         render :index
       end
     end
@@ -52,7 +52,7 @@ module Admin
     end
 
     def warning_preset_params
-      params.require(:account_warning_preset).permit(:title, :text)
+      params.require(:account_warning_preset).permit(:text)
     end
   end
 end

app/controllers/api/base_controller.rb

@@ -7,23 +7,16 @@ class Api::BaseController < ApplicationController
   include RateLimitHeaders
 
   skip_before_action :store_current_location
-  skip_before_action :require_functional!, unless: :whitelist_mode?
+  skip_before_action :check_user_permissions
 
-  before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access?
   before_action :set_cache_headers
 
   protect_from_forgery with: :null_session
 
-  skip_around_action :set_locale
-
   rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
     render json: { error: e.to_s }, status: 422
   end
 
-  rescue_from ActiveRecord::RecordNotUnique do
-    render json: { error: 'Duplicate record' }, status: 422
-  end
-
   rescue_from ActiveRecord::RecordNotFound do
     render json: { error: 'Record not found' }, status: 404
   end
@@ -40,18 +33,6 @@ class Api::BaseController < ApplicationController
     render json: { error: 'This action is not allowed' }, status: 403
   end
 
-  rescue_from Mastodon::RaceConditionError, Seahorse::Client::NetworkingError, Stoplight::Error::RedLight do
-    render json: { error: 'There was a temporary problem serving your request, please try again' }, status: 503
-  end
-
-  rescue_from Mastodon::RateLimitExceededError do
-    render json: { error: I18n.t('errors.429') }, status: 429
-  end
-
-  rescue_from ActionController::ParameterMissing do |e|
-    render json: { error: e.to_s }, status: 400
-  end
-
   def doorkeeper_unauthorized_render_options(error: nil)
     { json: { error: (error.try(:description) || 'Not authorized') } }
   end
@@ -71,7 +52,6 @@ class Api::BaseController < ApplicationController
 
   def limit_param(default_limit)
     return default_limit unless params[:limit]
-
     [params[:limit].to_i.abs, default_limit * 2].min
   end
 
@@ -89,21 +69,17 @@ class Api::BaseController < ApplicationController
     nil
   end
 
-  def require_authenticated_user!
-    render json: { error: 'This method requires an authenticated user' }, status: 401 unless current_user
-  end
-
   def require_user!
     if !current_user
       render json: { error: 'This method requires an authenticated user' }, status: 422
+    elsif current_user.disabled?
+      render json: { error: 'Your login is currently disabled' }, status: 403
     elsif !current_user.confirmed?
       render json: { error: 'Your login is missing a confirmed e-mail address' }, status: 403
     elsif !current_user.approved?
       render json: { error: 'Your login is currently pending approval' }, status: 403
-    elsif !current_user.functional?
-      render json: { error: 'Your login is currently disabled' }, status: 403
     else
-      update_user_sign_in
+      set_user_activity
     end
   end
 
@@ -118,8 +94,4 @@ class Api::BaseController < ApplicationController
   def set_cache_headers
     response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
   end
-
-  def disallow_unauthenticated_api_access?
-    authorized_fetch_mode?
-  end
 end

app/controllers/api/oembed_controller.rb

@@ -1,25 +1,15 @@
 # frozen_string_literal: true
 
 class Api::OEmbedController < Api::BaseController
-  skip_before_action :require_authenticated_user!
-
-  before_action :set_status
-  before_action :require_public_status!
+  respond_to :json
 
   def show
+    @status = status_finder.status
     render json: @status, serializer: OEmbedSerializer, width: maxwidth_or_default, height: maxheight_or_default
   end
 
   private
 
-  def set_status
-    @status = status_finder.status
-  end
-
-  def require_public_status!
-    not_found if @status.hidden?
-  end
-
   def status_finder
     StatusFinder.new(params[:url])
   end

app/controllers/api/proofs_controller.rb

@@ -1,11 +1,10 @@
 # frozen_string_literal: true
 
 class Api::ProofsController < Api::BaseController
-  include AccountOwnedConcern
-
-  skip_before_action :require_authenticated_user!
-
+  before_action :set_account
   before_action :set_provider
+  before_action :check_account_approval
+  before_action :check_account_suspension
 
   def index
     render json: @account, serializer: @provider.serializer_class
@@ -17,7 +16,15 @@ class Api::ProofsController < Api::BaseController
     @provider = ProofProvider.find(params[:provider]) || raise(ActiveRecord::RecordNotFound)
   end
 
-  def username_param
-    params[:username]
+  def set_account
+    @account = Account.find_local!(params[:username])
+  end
+
+  def check_account_approval
+    not_found if @account.user_pending?
+  end
+
+  def check_account_suspension
+    gone if @account.suspended?
   end
 end

app/controllers/api/push_controller.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+class Api::PushController < Api::BaseController
+  include SignatureVerification
+
+  def update
+    response, status = process_push_request
+    render plain: response, status: status
+  end
+
+  private
+
+  def process_push_request
+    case hub_mode
+    when 'subscribe'
+      Pubsubhubbub::SubscribeService.new.call(account_from_topic, hub_callback, hub_secret, hub_lease_seconds, verified_domain)
+    when 'unsubscribe'
+      Pubsubhubbub::UnsubscribeService.new.call(account_from_topic, hub_callback)
+    else
+      ["Unknown mode: #{hub_mode}", 422]
+    end
+  end
+
+  def hub_mode
+    params['hub.mode']
+  end
+
+  def hub_topic
+    params['hub.topic']
+  end
+
+  def hub_callback
+    params['hub.callback']
+  end
+
+  def hub_lease_seconds
+    params['hub.lease_seconds']
+  end
+
+  def hub_secret
+    params['hub.secret']
+  end
+
+  def account_from_topic
+    if hub_topic.present? && local_domain? && account_feed_path?
+      Account.find_local(hub_topic_params[:username])
+    end
+  end
+
+  def hub_topic_params
+    @_hub_topic_params ||= Rails.application.routes.recognize_path(hub_topic_uri.path)
+  end
+
+  def hub_topic_uri
+    @_hub_topic_uri ||= Addressable::URI.parse(hub_topic).normalize
+  end
+
+  def local_domain?
+    TagManager.instance.web_domain?(hub_topic_domain)
+  end
+
+  def verified_domain
+    return signed_request_account.domain if signed_request_account
+  end
+
+  def hub_topic_domain
+    hub_topic_uri.host + (hub_topic_uri.port ? ":#{hub_topic_uri.port}" : '')
+  end
+
+  def account_feed_path?
+    hub_topic_params[:controller] == 'accounts' && hub_topic_params[:action] == 'show' && hub_topic_params[:format] == 'atom'
+  end
+end

app/controllers/api/salmon_controller.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+class Api::SalmonController < Api::BaseController
+  include SignatureVerification
+
+  before_action :set_account
+  respond_to :txt
+
+  def update
+    if verify_payload?
+      process_salmon
+      head 202
+    elsif payload.present?
+      render plain: signature_verification_failure_reason, status: 401
+    else
+      head 400
+    end
+  end
+
+  private
+
+  def set_account
+    @account = Account.find(params[:id])
+  end
+
+  def payload
+    @_payload ||= request.body.read
+  end
+
+  def verify_payload?
+    payload.present? && VerifySalmonService.new.call(payload)
+  end
+
+  def process_salmon
+    SalmonWorker.perform_async(@account.id, payload.force_encoding('UTF-8'))
+  end
+end

app/controllers/api/subscriptions_controller.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+class Api::SubscriptionsController < Api::BaseController
+  before_action :set_account
+  respond_to :txt
+
+  def show
+    if subscription.valid?(params['hub.topic'])
+      @account.update(subscription_expires_at: future_expires)
+      render plain: encoded_challenge, status: 200
+    else
+      head 404
+    end
+  end
+
+  def update
+    if subscription.verify(body, request.headers['HTTP_X_HUB_SIGNATURE'])
+      ProcessingWorker.perform_async(@account.id, body.force_encoding('UTF-8'))
+    end
+
+    head 200
+  end
+
+  private
+
+  def subscription
+    @_subscription ||= @account.subscription(
+      api_subscription_url(@account.id)
+    )
+  end
+
+  def body
+    @_body ||= request.body.read
+  end
+
+  def encoded_challenge
+    HTMLEntities.new.encode(params['hub.challenge'])
+  end
+
+  def future_expires
+    Time.now.utc + lease_seconds_or_default
+  end
+
+  def lease_seconds_or_default
+    (params['hub.lease_seconds'] || 1.day).to_i.seconds
+  end
+
+  def set_account
+    @account = Account.find(params[:id])
+  end
+end

app/controllers/api/v1/accounts/credentials_controller.rb

@@ -25,7 +25,7 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
   end
 
   def user_settings_params
-    return nil if params[:source].blank?
+    return nil unless params.key?(:source)
 
     source_params = params.require(:source)
 

app/controllers/api/v1/accounts/featured_tags_controller.rb

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::Accounts::FeaturedTagsController < Api::BaseController
-  before_action :set_account
-  before_action :set_featured_tags
-
-  respond_to :json
-
-  def index
-    render json: @featured_tags, each_serializer: REST::FeaturedTagSerializer
-  end
-
-  private
-
-  def set_account
-    @account = Account.find(params[:account_id])
-  end
-
-  def set_featured_tags
-    @featured_tags = @account.suspended? ? [] : @account.featured_tags
-  end
-end

app/controllers/api/v1/accounts/follower_accounts_controller.rb

@@ -5,6 +5,8 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
   before_action :set_account
   after_action :insert_pagination_headers
 
+  respond_to :json
+
   def index
     @accounts = load_accounts
     render json: @accounts, each_serializer: REST::AccountSerializer
@@ -19,13 +21,11 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
   def load_accounts
     return [] if hide_results?
 
-    scope = default_accounts
-    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil? || current_account.id == @account.id
-    scope.merge(paginated_follows).to_a
+    default_accounts.merge(paginated_follows).to_a
   end
 
   def hide_results?
-    @account.suspended? || (@account.hides_followers? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
+    (@account.user_hides_network? && current_account.id != @account.id) || (current_account && @account.blocking?(current_account))
   end
 
   def default_accounts

app/controllers/api/v1/accounts/following_accounts_controller.rb

@@ -5,6 +5,8 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
   before_action :set_account
   after_action :insert_pagination_headers
 
+  respond_to :json
+
   def index
     @accounts = load_accounts
     render json: @accounts, each_serializer: REST::AccountSerializer
@@ -19,13 +21,11 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
   def load_accounts
     return [] if hide_results?
 
-    scope = default_accounts
-    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil? || current_account.id == @account.id
-    scope.merge(paginated_follows).to_a
+    default_accounts.merge(paginated_follows).to_a
   end
 
   def hide_results?
-    @account.suspended? || (@account.hides_following? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
+    (@account.user_hides_network? && current_account.id != @account.id) || (current_account && @account.blocking?(current_account))
   end
 
   def default_accounts

app/controllers/api/v1/accounts/identity_proofs_controller.rb

@@ -4,8 +4,10 @@ class Api::V1::Accounts::IdentityProofsController < Api::BaseController
   before_action :require_user!
   before_action :set_account
 
+  respond_to :json
+
   def index
-    @proofs = @account.suspended? ? [] : @account.identity_proofs.active
+    @proofs = @account.identity_proofs.active
     render json: @proofs, each_serializer: REST::IdentityProofSerializer
   end
 

app/controllers/api/v1/accounts/lists_controller.rb

@@ -5,8 +5,10 @@ class Api::V1::Accounts::ListsController < Api::BaseController
   before_action :require_user!
   before_action :set_account
 
+  respond_to :json
+
   def index
-    @lists = @account.suspended? ? [] : @account.lists.where(account: current_account)
+    @lists = @account.lists.where(account: current_account)
     render json: @lists, each_serializer: REST::ListSerializer
   end
 

app/controllers/api/v1/accounts/notes_controller.rb

@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::Accounts::NotesController < Api::BaseController
-  include Authorization
-
-  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }
-  before_action :require_user!
-  before_action :set_account
-
-  def create
-    if params[:comment].blank?
-      AccountNote.find_by(account: current_account, target_account: @account)&.destroy
-    else
-      @note = AccountNote.find_or_initialize_by(account: current_account, target_account: @account)
-      @note.comment = params[:comment]
-      @note.save! if @note.changed?
-    end
-    render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships_presenter
-  end
-
-  private
-
-  def set_account
-    @account = Account.find(params[:account_id])
-  end
-
-  def relationships_presenter
-    AccountRelationshipsPresenter.new([@account.id], current_user.account_id)
-  end
-end

app/controllers/api/v1/accounts/pins_controller.rb

@@ -7,6 +7,8 @@ class Api::V1::Accounts::PinsController < Api::BaseController
   before_action :require_user!
   before_action :set_account
 
+  respond_to :json
+
   def create
     AccountPin.create!(account: current_account, target_account: @account)
     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships_presenter

app/controllers/api/v1/accounts/relationships_controller.rb

@@ -4,8 +4,10 @@ class Api::V1::Accounts::RelationshipsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :read, :'read:follows' }
   before_action :require_user!
 
+  respond_to :json
+
   def index
-    accounts = Account.without_suspended.where(id: account_ids).select('id')
+    accounts = Account.where(id: account_ids).select('id')
     # .where doesn't guarantee that our results are in the same order
     # we requested them, so return the "right" order to the requestor.
     @accounts = accounts.index_by(&:id).values_at(*account_ids).compact

app/controllers/api/v1/accounts/search_controller.rb

@@ -4,6 +4,8 @@ class Api::V1::Accounts::SearchController < Api::BaseController
   before_action -> { doorkeeper_authorize! :read, :'read:accounts' }
   before_action :require_user!
 
+  respond_to :json
+
   def show
     @accounts = account_search
     render json: @accounts, each_serializer: REST::AccountSerializer

app/controllers/api/v1/accounts/statuses_controller.rb

@@ -3,8 +3,9 @@
 class Api::V1::Accounts::StatusesController < Api::BaseController
   before_action -> { authorize_if_got_token! :read, :'read:statuses' }
   before_action :set_account
+  after_action :insert_pagination_headers
 
-  after_action :insert_pagination_headers, unless: -> { truthy_param?(:pinned) }
+  respond_to :json
 
   def index
     @statuses = load_statuses
@@ -18,23 +19,23 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
   end
 
   def load_statuses
-    @account.suspended? ? [] : cached_account_statuses
+    cached_account_statuses
   end
 
   def cached_account_statuses
+    cache_collection account_statuses, Status
+  end
+
+  def account_statuses
     statuses = truthy_param?(:pinned) ? pinned_scope : permitted_account_statuses
+    statuses = statuses.paginate_by_id(limit_param(DEFAULT_STATUSES_LIMIT), params_slice(:max_id, :since_id, :min_id))
 
     statuses.merge!(only_media_scope) if truthy_param?(:only_media)
     statuses.merge!(no_replies_scope) if truthy_param?(:exclude_replies)
     statuses.merge!(no_reblogs_scope) if truthy_param?(:exclude_reblogs)
     statuses.merge!(hashtag_scope)    if params[:tagged].present?
 
-    cache_collection_paginated_by_id(
-      statuses,
-      Status,
-      limit_param(DEFAULT_STATUSES_LIMIT),
-      params_slice(:max_id, :since_id, :min_id)
-    )
+    statuses
   end
 
   def permitted_account_statuses
@@ -42,12 +43,20 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
   end
 
   def only_media_scope
-    Status.joins(:media_attachments).merge(@account.media_attachments.reorder(nil)).group(:id)
+    Status.where(id: account_media_status_ids)
+  end
+
+  def account_media_status_ids
+    # `SELECT DISTINCT id, updated_at` is too slow, so pluck ids at first, and then select id, updated_at with ids.
+    # Also, Avoid getting slow by not narrowing down by `statuses.account_id`.
+    # When narrowing down by `statuses.account_id`, `index_statuses_20180106` will be used
+    # and the table will be joined by `Merge Semi Join`, so the query will be slow.
+    @account.statuses.joins(:media_attachments).merge(@account.media_attachments).permitted_for(@account, current_account)
+            .paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
+            .reorder(id: :desc).distinct(:id).pluck(:id)
   end
 
   def pinned_scope
-    return Status.none if @account.blocking?(current_account)
-
     @account.pinned_statuses
   end
 

app/controllers/api/v1/accounts_controller.rb

@@ -9,18 +9,17 @@ class Api::V1::AccountsController < Api::BaseController
 
   before_action :require_user!, except: [:show, :create]
   before_action :set_account, except: [:create]
+  before_action :check_account_suspension, only: [:show]
   before_action :check_enabled_registrations, only: [:create]
 
-  skip_before_action :require_authenticated_user!, only: :create
-
-  override_rate_limit_headers :follow, family: :follows
+  respond_to :json
 
   def show
     render json: @account, serializer: REST::AccountSerializer
   end
 
   def create
-    token    = AppSignUpService.new.call(doorkeeper_token.application, request.remote_ip, account_params)
+    token    = AppSignUpService.new.call(doorkeeper_token.application, account_params)
     response = Doorkeeper::OAuth::TokenResponse.new(token)
 
     headers.merge!(response.headers)
@@ -30,8 +29,9 @@ class Api::V1::AccountsController < Api::BaseController
   end
 
   def follow
-    follow  = FollowService.new.call(current_user.account, @account, reblogs: params.key?(:reblogs) ? truthy_param?(:reblogs) : nil, notify: params.key?(:notify) ? truthy_param?(:notify) : nil, with_rate_limit: true)
-    options = @account.locked? || current_user.account.silenced? ? {} : { following_map: { @account.id => { reblogs: follow.show_reblogs?, notify: follow.notify? } }, requested_map: { @account.id => false } }
+    FollowService.new.call(current_user.account, @account, reblogs: truthy_param?(:reblogs))
+
+    options = @account.locked? ? {} : { following_map: { @account.id => { reblogs: truthy_param?(:reblogs) } }, requested_map: { @account.id => false } }
 
     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships(options)
   end
@@ -42,7 +42,7 @@ class Api::V1::AccountsController < Api::BaseController
   end
 
   def mute
-    MuteService.new.call(current_user.account, @account, notifications: truthy_param?(:notifications), duration: (params[:duration] || 0))
+    MuteService.new.call(current_user.account, @account, notifications: truthy_param?(:notifications))
     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
   end
 
@@ -71,8 +71,12 @@ class Api::V1::AccountsController < Api::BaseController
     AccountRelationshipsPresenter.new([@account.id], current_user.account_id, options)
   end
 
+  def check_account_suspension
+    gone if @account.suspended?
+  end
+
   def account_params
-    params.permit(:username, :email, :password, :agreement, :locale, :reason)
+    params.permit(:username, :email, :password, :agreement, :locale)
   end
 
   def check_enabled_registrations

app/controllers/api/v1/admin/account_actions_controller.rb

@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::Admin::AccountActionsController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:accounts' }
-  before_action :require_staff!
-  before_action :set_account
-
-  def create
-    account_action                 = Admin::AccountAction.new(resource_params)
-    account_action.target_account  = @account
-    account_action.current_account = current_account
-    account_action.save!
-
-    render_empty
-  end
-
-  private
-
-  def set_account
-    @account = Account.find(params[:account_id])
-  end
-
-  def resource_params
-    params.permit(
-      :type,
-      :report_id,
-      :warning_preset_id,
-      :text,
-      :send_email_notification
-    )
-  end
-end

app/controllers/api/v1/admin/accounts_controller.rb

@@ -1,143 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::Admin::AccountsController < Api::BaseController
-  include Authorization
-  include AccountableConcern
-
-  LIMIT = 100
-
-  before_action -> { doorkeeper_authorize! :'admin:read', :'admin:read:accounts' }, only: [:index, :show]
-  before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:accounts' }, except: [:index, :show]
-  before_action :require_staff!
-  before_action :set_accounts, only: :index
-  before_action :set_account, except: :index
-  before_action :require_local_account!, only: [:enable, :approve, :reject]
-
-  after_action :insert_pagination_headers, only: :index
-
-  FILTER_PARAMS = %i(
-    local
-    remote
-    by_domain
-    active
-    pending
-    disabled
-    sensitized
-    silenced
-    suspended
-    username
-    display_name
-    email
-    ip
-    staff
-  ).freeze
-
-  PAGINATION_PARAMS = (%i(limit) + FILTER_PARAMS).freeze
-
-  def index
-    authorize :account, :index?
-    render json: @accounts, each_serializer: REST::Admin::AccountSerializer
-  end
-
-  def show
-    authorize @account, :show?
-    render json: @account, serializer: REST::Admin::AccountSerializer
-  end
-
-  def enable
-    authorize @account.user, :enable?
-    @account.user.enable!
-    log_action :enable, @account.user
-    render json: @account, serializer: REST::Admin::AccountSerializer
-  end
-
-  def approve
-    authorize @account.user, :approve?
-    @account.user.approve!
-    render json: @account, serializer: REST::Admin::AccountSerializer
-  end
-
-  def reject
-    authorize @account.user, :reject?
-    DeleteAccountService.new.call(@account, reserve_email: false, reserve_username: false)
-    render json: @account, serializer: REST::Admin::AccountSerializer
-  end
-
-  def destroy
-    authorize @account, :destroy?
-    Admin::AccountDeletionWorker.perform_async(@account.id)
-    render json: @account, serializer: REST::Admin::AccountSerializer
-  end
-
-  def unsensitive
-    authorize @account, :unsensitive?
-    @account.unsensitize!
-    log_action :unsensitive, @account
-    render json: @account, serializer: REST::Admin::AccountSerializer
-  end
-
-  def unsilence
-    authorize @account, :unsilence?
-    @account.unsilence!
-    log_action :unsilence, @account
-    render json: @account, serializer: REST::Admin::AccountSerializer
-  end
-
-  def unsuspend
-    authorize @account, :unsuspend?
-    @account.unsuspend!
-    Admin::UnsuspensionWorker.perform_async(@account.id)
-    log_action :unsuspend, @account
-    render json: @account, serializer: REST::Admin::AccountSerializer
-  end
-
-  private
-
-  def set_accounts
-    @accounts = filtered_accounts.order(id: :desc).includes(user: [:invite_request, :invite]).to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
-  end
-
-  def set_account
-    @account = Account.find(params[:id])
-  end
-
-  def filtered_accounts
-    AccountFilter.new(filter_params).results
-  end
-
-  def filter_params
-    params.permit(*FILTER_PARAMS)
-  end
-
-  def insert_pagination_headers
-    set_pagination_headers(next_path, prev_path)
-  end
-
-  def next_path
-    api_v1_admin_accounts_url(pagination_params(max_id: pagination_max_id)) if records_continue?
-  end
-
-  def prev_path
-    api_v1_admin_accounts_url(pagination_params(min_id: pagination_since_id)) unless @accounts.empty?
-  end
-
-  def pagination_max_id
-    @accounts.last.id
-  end
-
-  def pagination_since_id
-    @accounts.first.id
-  end
-
-  def records_continue?
-    @accounts.size == limit_param(LIMIT)
-  end
-
-  def pagination_params(core_params)
-    params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
-  end
-
-  def require_local_account!
-    forbidden unless @account.local? && @account.user.present?
-  end
-end

app/controllers/api/v1/admin/reports_controller.rb

@@ -1,108 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::Admin::ReportsController < Api::BaseController
-  include Authorization
-  include AccountableConcern
-
-  LIMIT = 100
-
-  before_action -> { doorkeeper_authorize! :'admin:read', :'admin:read:reports' }, only: [:index, :show]
-  before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:reports' }, except: [:index, :show]
-  before_action :require_staff!
-  before_action :set_reports, only: :index
-  before_action :set_report, except: :index
-
-  after_action :insert_pagination_headers, only: :index
-
-  FILTER_PARAMS = %i(
-    resolved
-    account_id
-    target_account_id
-  ).freeze
-
-  PAGINATION_PARAMS = (%i(limit) + FILTER_PARAMS).freeze
-
-  def index
-    authorize :report, :index?
-    render json: @reports, each_serializer: REST::Admin::ReportSerializer
-  end
-
-  def show
-    authorize @report, :show?
-    render json: @report, serializer: REST::Admin::ReportSerializer
-  end
-
-  def assign_to_self
-    authorize @report, :update?
-    @report.update!(assigned_account_id: current_account.id)
-    log_action :assigned_to_self, @report
-    render json: @report, serializer: REST::Admin::ReportSerializer
-  end
-
-  def unassign
-    authorize @report, :update?
-    @report.update!(assigned_account_id: nil)
-    log_action :unassigned, @report
-    render json: @report, serializer: REST::Admin::ReportSerializer
-  end
-
-  def reopen
-    authorize @report, :update?
-    @report.unresolve!
-    log_action :reopen, @report
-    render json: @report, serializer: REST::Admin::ReportSerializer
-  end
-
-  def resolve
-    authorize @report, :update?
-    @report.resolve!(current_account)
-    log_action :resolve, @report
-    render json: @report, serializer: REST::Admin::ReportSerializer
-  end
-
-  private
-
-  def set_reports
-    @reports = filtered_reports.order(id: :desc).with_accounts.to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
-  end
-
-  def set_report
-    @report = Report.find(params[:id])
-  end
-
-  def filtered_reports
-    ReportFilter.new(filter_params).results
-  end
-
-  def filter_params
-    params.permit(*FILTER_PARAMS)
-  end
-
-  def insert_pagination_headers
-    set_pagination_headers(next_path, prev_path)
-  end
-
-  def next_path
-    api_v1_admin_reports_url(pagination_params(max_id: pagination_max_id)) if records_continue?
-  end
-
-  def prev_path
-    api_v1_admin_reports_url(pagination_params(min_id: pagination_since_id)) unless @reports.empty?
-  end
-
-  def pagination_max_id
-    @reports.last.id
-  end
-
-  def pagination_since_id
-    @reports.first.id
-  end
-
-  def records_continue?
-    @reports.size == limit_param(LIMIT)
-  end
-
-  def pagination_params(core_params)
-    params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
-  end
-end

app/controllers/api/v1/announcements/reactions_controller.rb

@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::Announcements::ReactionsController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :write, :'write:favourites' }
-  before_action :require_user!
-
-  before_action :set_announcement
-  before_action :set_reaction, except: :update
-
-  def update
-    @announcement.announcement_reactions.create!(account: current_account, name: params[:id])
-    render_empty
-  end
-
-  def destroy
-    @reaction.destroy!
-    render_empty
-  end
-
-  private
-
-  def set_reaction
-    @reaction = @announcement.announcement_reactions.where(account: current_account).find_by!(name: params[:id])
-  end
-
-  def set_announcement
-    @announcement = Announcement.published.find(params[:announcement_id])
-  end
-end

app/controllers/api/v1/announcements_controller.rb

@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::AnnouncementsController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: :dismiss
-  before_action :require_user!
-  before_action :set_announcements, only: :index
-  before_action :set_announcement, except: :index
-
-  def index
-    render json: @announcements, each_serializer: REST::AnnouncementSerializer
-  end
-
-  def dismiss
-    AnnouncementMute.find_or_create_by!(account: current_account, announcement: @announcement)
-    render_empty
-  end
-
-  private
-
-  def set_announcements
-    @announcements = begin
-      Announcement.published.chronological
-    end
-  end
-
-  def set_announcement
-    @announcement = Announcement.published.find(params[:id])
-  end
-end

app/controllers/api/v1/apps/credentials_controller.rb

@@ -3,6 +3,8 @@
 class Api::V1::Apps::CredentialsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :read }
 
+  respond_to :json
+
   def show
     render json: doorkeeper_token.application, serializer: REST::ApplicationSerializer, fields: %i(name website vapid_key)
   end

app/controllers/api/v1/apps_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
 class Api::V1::AppsController < Api::BaseController
-  skip_before_action :require_authenticated_user!
-
   def create
     @app = Doorkeeper::Application.create!(application_options)
     render json: @app, serializer: REST::ApplicationSerializer

app/controllers/api/v1/blocks_controller.rb

@@ -5,6 +5,8 @@ class Api::V1::BlocksController < Api::BaseController
   before_action :require_user!
   after_action :insert_pagination_headers
 
+  respond_to :json
+
   def index
     @accounts = load_accounts
     render json: @accounts, each_serializer: REST::AccountSerializer
@@ -18,8 +20,6 @@ class Api::V1::BlocksController < Api::BaseController
 
   def paginated_blocks
     @paginated_blocks ||= Block.eager_load(target_account: :account_stat)
-                               .joins(:target_account)
-                               .merge(Account.without_suspended)
                                .where(account: current_account)
                                .paginate_by_max_id(
                                  limit_param(DEFAULT_ACCOUNTS_LIMIT),

app/controllers/api/v1/bookmarks_controller.rb

@@ -1,61 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::BookmarksController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read, :'read:bookmarks' }
-  before_action :require_user!
-  after_action :insert_pagination_headers
-
-  def index
-    @statuses = load_statuses
-    render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
-  end
-
-  private
-
-  def load_statuses
-    cached_bookmarks
-  end
-
-  def cached_bookmarks
-    cache_collection(results.map(&:status), Status)
-  end
-
-  def results
-    @_results ||= account_bookmarks.eager_load(:status).to_a_paginated_by_id(
-      limit_param(DEFAULT_STATUSES_LIMIT),
-      params_slice(:max_id, :since_id, :min_id)
-    )
-  end
-
-  def account_bookmarks
-    current_account.bookmarks
-  end
-
-  def insert_pagination_headers
-    set_pagination_headers(next_path, prev_path)
-  end
-
-  def next_path
-    api_v1_bookmarks_url pagination_params(max_id: pagination_max_id) if records_continue?
-  end
-
-  def prev_path
-    api_v1_bookmarks_url pagination_params(min_id: pagination_since_id) unless results.empty?
-  end
-
-  def pagination_max_id
-    results.last.id
-  end
-
-  def pagination_since_id
-    results.first.id
-  end
-
-  def records_continue?
-    results.size == limit_param(DEFAULT_STATUSES_LIMIT)
-  end
-
-  def pagination_params(core_params)
-    params.slice(:limit).permit(:limit).merge(core_params)
-  end
-end

app/controllers/api/v1/conversations_controller.rb

@@ -9,6 +9,8 @@ class Api::V1::ConversationsController < Api::BaseController
   before_action :set_conversation, except: :index
   after_action :insert_pagination_headers, only: :index
 
+  respond_to :json
+
   def index
     @conversations = paginated_conversations
     render json: @conversations, each_serializer: REST::ConversationSerializer
@@ -32,7 +34,7 @@ class Api::V1::ConversationsController < Api::BaseController
 
   def paginated_conversations
     AccountConversation.where(account: current_account)
-                       .to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
+                       .paginate_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
   end
 
   def insert_pagination_headers

app/controllers/api/v1/crypto/deliveries_controller.rb

@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::Crypto::DeliveriesController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :crypto }
-  before_action :require_user!
-  before_action :set_current_device
-
-  def create
-    devices.each do |device_params|
-      DeliverToDeviceService.new.call(current_account, @current_device, device_params)
-    end
-
-    render_empty
-  end
-
-  private
-
-  def set_current_device
-    @current_device = Device.find_by!(access_token: doorkeeper_token)
-  end
-
-  def resource_params
-    params.require(:device)
-    params.permit(device: [:account_id, :device_id, :type, :body, :hmac])
-  end
-
-  def devices
-    Array(resource_params[:device])
-  end
-end

app/controllers/api/v1/crypto/encrypted_messages_controller.rb

@@ -1,59 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::Crypto::EncryptedMessagesController < Api::BaseController
-  LIMIT = 80
-
-  before_action -> { doorkeeper_authorize! :crypto }
-  before_action :require_user!
-  before_action :set_current_device
-
-  before_action :set_encrypted_messages,    only: :index
-  after_action  :insert_pagination_headers, only: :index
-
-  def index
-    render json: @encrypted_messages, each_serializer: REST::EncryptedMessageSerializer
-  end
-
-  def clear
-    @current_device.encrypted_messages.up_to(params[:up_to_id]).delete_all
-    render_empty
-  end
-
-  private
-
-  def set_current_device
-    @current_device = Device.find_by!(access_token: doorkeeper_token)
-  end
-
-  def set_encrypted_messages
-    @encrypted_messages = @current_device.encrypted_messages.to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
-  end
-
-  def insert_pagination_headers
-    set_pagination_headers(next_path, prev_path)
-  end
-
-  def next_path
-    api_v1_crypto_encrypted_messages_url pagination_params(max_id: pagination_max_id) if records_continue?
-  end
-
-  def prev_path
-    api_v1_crypto_encrypted_messages_url pagination_params(min_id: pagination_since_id) unless @encrypted_messages.empty?
-  end
-
-  def pagination_max_id
-    @encrypted_messages.last.id
-  end
-
-  def pagination_since_id
-    @encrypted_messages.first.id
-  end
-
-  def records_continue?
-    @encrypted_messages.size == limit_param(LIMIT)
-  end
-
-  def pagination_params(core_params)
-    params.slice(:limit).permit(:limit).merge(core_params)
-  end
-end

app/controllers/api/v1/crypto/keys/claims_controller.rb

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::Crypto::Keys::ClaimsController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :crypto }
-  before_action :require_user!
-  before_action :set_claim_results
-
-  def create
-    render json: @claim_results, each_serializer: REST::Keys::ClaimResultSerializer
-  end
-
-  private
-
-  def set_claim_results
-    @claim_results = devices.map { |device_params| ::Keys::ClaimService.new.call(current_account, device_params[:account_id], device_params[:device_id]) }.compact
-  end
-
-  def resource_params
-    params.permit(device: [:account_id, :device_id])
-  end
-
-  def devices
-    Array(resource_params[:device])
-  end
-end

app/controllers/api/v1/crypto/keys/counts_controller.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-class Api::V1::Crypto::Keys::CountsController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :crypto }
-  before_action :require_user!
-  before_action :set_current_device
-
-  def show
-    render json: { one_time_keys: @current_device.one_time_keys.count }
-  end
-
-  private
-
-  def set_current_device
-    @current_device = Device.find_by!(access_token: doorkeeper_token)
-  end
-end