Commit Graph

86 Commits

Author SHA1 Message Date
Eugen Rochko 1618b68bfa HTTP signatures (#4146)
* Add Request class with HTTP signature generator

Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06

* Add HTTP signature verification concern

* Add test for SignatureVerification concern

* Add basic test for Request class

* Make PuSH subscribe/unsubscribe requests use new Request class

Accidentally fix lease_seconds not being set and sent properly, and
change the new minimum subscription duration to 1 day

* Make all PuSH workers use new Request class

* Make Salmon sender use new Request class

* Make FetchLinkService use new Request class

* Make FetchAtomService use the new Request class

* Make Remotable use the new Request class

* Make ResolveRemoteAccountService use the new Request class

* Add more tests

* Allow +-30 seconds window for signed request to remain valid

* Disable time window validation for signed requests, restore 7 days
as PuSH subscription duration (which was previous default due to a bug)
2017-07-14 20:41:49 +02:00
Eugen Rochko e6c81a635b Fix #2848 - Rake task to redownload avatars/headers (#4156)
Can be filtered by a specific domain
Resolves #2292
2017-07-11 17:25:49 +02:00
abcang a6d02cff36 Rescue exceptions caused by FetchLinkCardService (#4045) 2017-07-03 11:03:34 +02:00
abcang 1273fbf86e Rescue Addressable::URI::InvalidURIError at Remotable (#4017) 2017-06-30 13:38:36 +02:00
Akihiko Odaki (@fn_aki@pawoo.net) e27f792c24 Some minor change and spec for Account (#3813)
* Introduce domains method to Account relation

Account had followers_domains method, which was excessively specific.
Let relation of Account have domains method instead.

* Move follow_mapping in Account to AccountInteractions

* Introduce shared examples for AccountAvatar inclusion

* Cover Account more
2017-06-22 18:34:27 +02:00
Yamagishi Kazutoshi 0a0b9a271a Improve RuboCop rules (compatibility to Code Climate) (#3636)
08f8de84eb/Gemfile.lock (L38)
Code Climate is using RuboCop v0.46.0.

Change several rules to maintain compatibility.
2017-06-08 13:24:28 +02:00
Matt Jankowski 6201f96b8a Introduce StatusThreadingConcern (#3490)
* Add a StatusFilter class to identify visibility of statuses by accounts

* Extract StatusThreadingConcern from Status

* Clarify purpose of checking for nil account
2017-06-05 16:07:44 +02:00
Akihiko Odaki (@fn_aki@pawoo.net) 19084d3c6c Remove Targetable (#3548) 2017-06-04 14:56:10 +02:00
Matt Jankowski d1e08bd38c Handle nil and blank cases in Account finders (#3500) 2017-06-01 08:20:36 -04:00
Matt Jankowski 2cc3111a77 Expand spec coverage and refactor the `Account.find_` methods (#3485)
* Move specs for account finder methods to concern spec

* Move account finder methods to concern

* Improve spec wording

* Use more explicit comparison to ensure correct return value

* Add coverage for .find_local! and .find_remote!

* Add some methods to the finder

* Use arel on matching_username method

* Avoid ternary in matching domain method

* Simplify finder methods

* Use an AccountFinder class to simplify lookup
2017-05-31 20:28:45 +02:00
Akihiko Odaki 2af5cd96fe Fix mutes_controller error and incorrect statuses_controller report (#3202)
This commit fixes a regression in commit
f554807563.
2017-05-21 13:32:13 +02:00
Eugen Rochko f1ab70649b Add buttons to block and unblock domain (#3127)
* Add buttons to block and unblock domain

* Relationship API now returns "domain_blocking" status for accounts,
rename "block entire domain" to "hide entire domain", fix unblocking domain,
do not block notifications from domain-blocked-but-followed people, do
not send Salmons to domain blocked users

* Add test

* Personal domain blocks shouldn't affect Salmon after all, since in this
direction of communication the control is very thin when it comes to
public stuff. Best stay consistent and not affect federation in this way

* Ignore followers and follow request from domain blocked folks,
ensure account domain blocks are not created for empty domain,
and avoid duplicates in validation

* Purge followers when blocking domain (without soft-blocks, since they
are useless here)

* Add tests, fix local timeline being empty when having any domain blocks
2017-05-19 21:05:32 +02:00
alpaca-tc 198ae3e366 Define instance method outside #included (#3128) 2017-05-19 11:41:45 +02:00
Eugen Rochko 620d0d8029 Account domain blocks (#2381)
* Add <ostatus:conversation /> tag to Atom input/output

Only uses ref attribute (not href) because href would be
the alternate link that's always included also.

Creates new conversation for every non-reply status. Carries
over conversation for every reply. Keeps remote URIs verbatim,
generates local URIs on the fly like the rest of them.

* Conversation muting - prevents notifications that reference a conversation
(including replies, favourites, reblogs) from being created. API endpoints
/api/v1/statuses/:id/mute and /api/v1/statuses/:id/unmute

Currently no way to tell when a status/conversation is muted, so the web UI
only has a "disable notifications" button, doesn't work as a toggle

* Display "Dismiss notifications" on all statuses in notifications column, not just own

* Add "muted" as a boolean attribute on statuses JSON

For now always false on contained reblogs, since it's only relevant for
statuses returned from the notifications endpoint, which are not nested

Remove "Disable notifications" from detailed status view, since it's
only relevant in the notifications column

* Up max class length

* Remove pending test for conversation mute

* Add tests, clean up

* Rename to "mute conversation" and "unmute conversation"

* Raise validation error when trying to mute/unmute status without conversation

* Adding account domain blocks that filter notifications and public timelines

* Add tests for domain blocks in notifications, public timelines
Filter reblogs of blocked domains from home

* Add API for listing and creating account domain blocks

* API for creating/deleting domain blocks, tests for Status#ancestors
and Status#descendants, filter domain blocks from them

* Filter domains in streaming API

* Update account_domain_block_spec.rb
2017-05-19 01:14:30 +02:00
Yamagishi Kazutoshi 79ef8b3653 Fetch remote image using http.rb (#3114) 2017-05-18 15:43:10 +02:00
Eugen Rochko 58bcd50f7f Fix #1426 - Trim long usernames in public follower/following lists (#2993)
Fix #2221 - Catch OpenSSL exceptions when loading remote avatars/headers/attachments
Don't strip "rel" attribute from <a> tags when sanitizing (microformats)
2017-05-11 23:14:00 +02:00
Matt Jankowski 4e05751346 Move account header and avatar methods to a concern (#2825) 2017-05-05 21:37:02 +02:00
alpaca-tc ee3e0a93f4 Fixes unknown mime type (#2822) 2017-05-05 21:32:14 +02:00
yhirano 3988f2dade Fix Rubocop offences (#2630)
* disable Bundler/OrderedGems

* fix rubocop Lint/UselessAssignment

* fix rubocop Style/BlockDelimiters

* fix rubocop Style/AlignHash

* fix rubocop Style/AlignParameters, Style/EachWithObject

* fix rubocop Style/SpaceInLambdaLiteral
2017-05-01 16:31:02 +02:00
Yamagishi Kazutoshi 1899cf5f04 Detect extension for preview card (#2679)
* Detect extension for preview card

* next
2017-05-01 16:20:57 +02:00
tackeyy fc34e0e191 Remove .keep in models (#1892) 2017-04-16 16:28:52 +02:00
Eugen Rochko 94d2182717 Resolve issue with rendering authorize/reject Salmon slaps 2017-02-11 19:42:05 +01:00
Eugen Rochko 80e02b90e4 Private visibility on statuses prevents non-followers from seeing those
Filters out hidden stream entries from Atom feed
Blocks now generate hidden stream entries, can be used to federate blocks
Private statuses cannot be reblogged (generates generic 422 error for now)
POST /api/v1/statuses now takes visibility=(public|unlisted|private) param instead of unlisted boolean
Statuses JSON now contains visibility=(public|unlisted|private) field
2016-12-21 20:04:13 +01:00
Eugen Rochko 816284d739 Fix #248 - Reload all accounts when fetching from cache 2016-12-03 18:21:26 +01:00
Eugen Rochko 14bd46946d Per-status control for unlisted mode, also federation for unlisted mode
Fix #233, fix #268
2016-11-30 21:34:59 +01:00
Eugen Rochko a21bcac9e1 Further abstract caching for includes 2016-11-30 15:57:56 +01:00
Alyssa Ross cefef2c571 Extract filename obfuscation into module 2016-11-24 00:30:58 +00:00
Eugen Rochko fdc17bea58 Fix rubocop issues, introduce usage of frozen literal to improve performance 2016-11-15 16:56:29 +01:00
Eugen Rochko b13e7dda1f API pagination for all collections using Link header 2016-11-09 17:48:44 +01:00
Eugen Rochko b5c6d00afa Fix #99 - public timeline not just reblogs, fix #98 infinite scrolling issues 2016-10-17 01:23:41 +02:00
Eugen Rochko 9fd3d7b6cd Add since_id param to feeds 2016-10-02 22:35:27 +02:00
Eugen Rochko 927333f4f8 Improve code style 2016-09-29 21:28:21 +02:00
Eugen Rochko a706f1af04 Don't generate stream entries for streamables of remote accounts 2016-09-24 14:42:29 +02:00
Eugen Rochko a08e724476 Fix subscriptions:clear task, refactor feeds, refactor streamable activites
and atom feed generation to some extent, as well as the way mentions are
stored
2016-03-25 02:13:30 +01:00
Eugen Rochko 0f5bbb999c Pre-loading polymorphic associations for Atom feeds 2016-03-24 13:21:53 +01:00
Eugen Rochko 9c4856bdb1 Initial commit 2016-02-20 22:53:20 +01:00