Commit Graph

561 Commits (53b7b81b439e96dd594499b18d95abdeee22e97b)

Author SHA1 Message Date
Yamagishi Kazutoshi c25426ca47 Fix Doorkeeper error (#2534)
* Fix Doorkeeper error

* use Doorkeeper::OAuth::Scopes.from_string
8 years ago
Matt Jankowski b48f2cbc8b Catch error when server decryption fails on 2FA (#2512) 8 years ago
Eugen Rochko 88725d6ce8 OEmbed support for PreviewCard (#2337)
* OEmbed support for PreviewCard

* Improve ProviderDiscovery code failure treatment

* Do not crawl links if there is a content warning, since those
don't display a link card anyway

* Reset db schema

* Fresh migrate

* Fix rubocop style issues
Fix #1681 - return existing access token when applicable instead of creating new

* Fix test

* Extract http client to helper

* Improve oembed controller
8 years ago
Matt Jankowski 0618f09939 Add spec coverage and refactor authorize_follows controller (#2505) 8 years ago
alpaca-tc 9317ec8eb1 Localize with i18n for Devise::FailureApp (#2309)
This PR fixes I18n.locale for rake middlewares. Mastodon uses Devise that depends on Warden.
Warden::Manager can be found in rake middleware. It is outside of the controller.

In the case of authentication failed, warden calls throw(:warden). At the time Warden::Manager
delegates request to failure_app to generate response and flash[:alert] after catching it.
Unfortunately, I18n.locale is already reset then because I18n.with_locale is enabled only
inside the controller. If we used I18n.locale=, Devise::FailureApp could get the current locale.
8 years ago
Evan Minto 122d59ac41 Change ActivityPub paging to match spec. Clean up ActivityPub outbox changes. (#2410)
* Change ActivityPub paging to match spec. Clean up ActivityPub outbox changes.

* Fix code style and test failures for OutboxController.

* Attempt to fix CI errors.
8 years ago
Eugen Rochko 8b5179d006 Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents (#2419)
duplicates. Web UI regenerates UUID for that header every time the compose
form is changed or successfully submitted

Also, fix Farsi i18n overwriting the English one
8 years ago
Eugen 17c591ffba Punycode URI normalization (#2370)
* Fix #2119 - Whenever about to send a HTTP request, normalize the URI

* Add test for IDN request in FetchLinkCardService

* Perform IDN normalization on domains before they are stored in the DB
8 years ago
Matt Jankowski a0dd90a397 Return force_ssl to the controller (#2380) 8 years ago
Eugen 501514960a Followers-only post federation (#2111)
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers

* Authorized followers controller, stub for bulk action

* Soft block in the background

* Add simple test for new controller

* Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results,
rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style

* Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account
8 years ago
Evan Minto 66fd8e7821 ActivityPub: Add basic, read-only support for Outboxes, Notes, and Create/Announce Activities (#2197)
* Clean up collapsible components

* Expose user Outboxes and AS2 representations of statuses

* Save work thus far.

* Fix bad merge.

* Save my work

* Clean up pagination.

* First test working.

* Add tests.

* Add Forbidden error template.

* Revert yarn.lock changes.

* Fix code style deviations and use localized instead of hardcoded English text.
8 years ago
Ash Furrow 723f25a999 Admin UI for confirming users (#2245)
* Shows confirmed status in list.

* Adds ability to confirm users in admin UI.

* Added new english translations.

* Addresses feedback from #2245.

* More feedback.
8 years ago
Matt Jankowski ee82d8a876 Move force_ssl check to production config (#2165)
The force_ssl method from controllers does not add all of the options that the
sitewide configuration in a config block does. For example, HSTS enforcement is
not added by the controller method, but is added by this style.
8 years ago
Matt Jankowski 67dea31b0f 2FA controller cleanup (#2296)
* Add spec coverage for settings/two_factor_auth area

* extract setup method for qr code

* Move otp required check to before action

* Merge method only used once

* Remove duplicate view

* Consolidate creation of @codes for backup

* Move settings/2fq#recovery_codes to settings/recovery_codes#create

* Rename settings/two_factor_auth#disable to #destroy

* Add coverage for the otp required path on 2fa#show

* Clean up the recovery codes list styles

* Move settings/two_factor_auth to settings/two_factor_authentication

* Reorganize the settings two factor auth area

Updated to use a flow like:

- settings/two_factor_authentication goes to a #show view which has a button
  either enable or disable 2fa on the account
- the disable button turns off the otp requirement for the user
- the enable button cycles the user secret and redirects to a confirmation page
- the confirmation page is a #new view which shows the QR code for user
- that page posts to #create which verifies the code, and creates the recovery
  codes
- that create action shares a view with a recovery codes controller which can be
  used separately to reset codes if needed
8 years ago
Ashley 05ac28f3e4 Added API for single notification dismissal (#2251)
* Added API backend for notification dismissal

* Added render statement

* Changed statement
8 years ago
Takayoshi Nishida 5e33ad29d4 Fix #2195 - Set locale to error pages (#2255)
* Fix #2195 - Set locale to error pages

* Fix #2195 - Cut duplicate process into one method
8 years ago
Matt Jankowski 2dda356e3f Clean up settings/preferences controller (#2237)
* Add missing fields group on preferences page

* Clean up settings/preferences controller

* Extract a UserSettingsDecorator
8 years ago
Matt Jankowski 1ada494bb2 Admin settings controller refactor, add specs, cleanup (#2225)
* Add render_views for admin/settings spec

* Add coverage for admin/settings#update

* Add coverage for admin/settings typecasting open_registrations setting

* Simplify how admin/settings finds the value for updating

* Rely on activerecord to not update a value that hasnt changed

* Add coverage for non-existent setting

* Use a constant for boolean settings
8 years ago
Eugen cae2a26ee3 Fix #2120 - Use Status#as_tag_timeline on public hashtag page (#2182)
* Fix #2120 - Use Status#as_tag_timeline on public hashtag page

* Update tags_controller.rb
8 years ago
Matt Jankowski a8e1afc30a Simplify render in controllers (#2144) 8 years ago
Matt Jankowski 8bac0350d1 Restful refactor of accounts/ routes (#2133)
* Add routing specs for accounts followers and following actions

* Use more restful route naming for public account follow pages

Moves two actions:
- accounts#followers to accounts/follower_accounts#index
- accounts#following to accounts/following_accounts#index

Adds routing spec to ensure prior URLs are preserved.
8 years ago
happycoloredbanana 0a7588282a Remove API authentication for public statuses (after review) (#1919) 8 years ago
Matt Jankowski 55e1503522 Instances list in admin (#2095)
* Add admin/instances index action

* Add link to instances admin page

* View lists instances

* Instances, grouped by domain, ordered by count

* Use Account.remote scope

* Extract method: Account.by_domain_accounts
8 years ago
Matt Jankowski 66d8f99a30 Admin reports with accounts (#2092)
* Add a ReportFilter class

* Add reports and targeted_reports relationships to Account

* Use ReportFilter from admin/reports controller

* Link to admin/reports filtered views from admin account show view

* Add indexes to reports.account_id and reports.target_account_id
8 years ago
839 e2a1b574ab Avoid dynamic methods due to processing speed (#2080) 8 years ago
Eugen Rochko 42d54dc9ea Adjust visuals of non-autoplaying GIFV 8 years ago
Eugen Rochko 57d784f1e4 Merge branch 'pause-gif' of git://github.com/patf/mastodon into patf-pause-gif 8 years ago
Matt Jankowski 16d50f60d1 Remove unused methods (#1730)
* Remove unused method #set_counters_maps from api controller

* Remove unused method #set_account_counters_maps from api controller

* Remove unused method Account#followers_domains

* Remove unused User.prolific scope

* Add mastodon:users:admins task to list all admin emails

* Use interpolated query style in Account.triadic_closures

* Coverage for Account.triadic_closures
8 years ago
Matt Jankowski cc1361c149 Media controller specs (#2022)
* Add spec for media controller

* Add MediaAttachment.attached scope

* Simplify methods in media controller
8 years ago
Eugen e43071a2f9 Fix #1897 - Return reblogged: false on unreblog (was wrongly named variable) (#1989) 8 years ago
Matt Jankowski 21a767dcfa Improve handling of HTTP_ACCEPT for webfinger (#2008)
This change includes:

- Improve the spec coverage for incoming request to the webfinger action
- For requests without an accept header (ie, what a browser might look like),
  return a JSON response.
- For requests with an explicit format of xml or json, return that format.
- For requests using an accept header, return that format.

Also adds failing spec showing webfinger does not return xml, which covers the
issue described in: https://github.com/tootsuite/mastodon/issues/1983
8 years ago
Patrick Figel ffb99325ca Add gif auto-play/pause preference
This introduces a new per-user preference called
"Auto-play animated GIFs", which is enabled by default. When a
user disables this setting, gifs in toots become click-to-play.

Previews of animated gifs were changed to display the video play
button so that users can distinguish them from regular images.

This setting also affects account avatars in the detailed account
view, which was changed to use the same hover-to-play mechanism
that is used for animated avatars in timelines.

Fixes #1652
8 years ago
saturday06 d87ee1167e Assign user locale on signup (#1982) 8 years ago
Eugen 6d70a80263 Onboarding modal (#1883)
* Basic onboarding modal that's shown to users once

* Lay out pages 2 through 5, add images, style modals (#1509)

* Lay out pages 2 through 5

Added images and laid out pages 2 through 5 in the jsx file. SCSS will
come, still working on just seeing if this works at all.

* Fix jsx errors, add images to modal pages, style modal pages

* Add animations to onboarding pager changes, improve wording and styling

* Finishing touches on the onboarding

* Add missing propTypes

* Update wording
8 years ago
Matt Jankowski f87b51fda8 I18n health warnings (#1949)
* Rename admin.domain_block to admin.domain_blocks in prep for i18n improvement

* Use implicit controller/action path for i18n in admin/domain_blocks

* Add DomainBlock#accounts has_many

* Avoid i18n health warning for `en` locale by using symbol scope with :count

* Remove unused i18n key: plaintext_secret_html

* Remove unused i18n key two_factor_auth.warning

* Remove final will_paginate i18n keys

* Remove unused key two_factor_auth.recovery_codes

* Remove unused key: admin.reports.comment.none

* Remove unused reports. i18n namespace (moved to admin.reports)

* Ignore keys from locales which override activemodel and activerecord errors

* Revert "Remove unused key: admin.reports.comment.none"

This reverts commit 350ef2685f.

* Update i18n key reference to match moved location

* Add missing `en` keys to i18n

* Tell i18n-tasks to ignore missing attributes that dont need overwriting

* Add i18n-tasks unused to travis
8 years ago
Eugen 5d710b1139 Make file attachment on MediaAttachment optional (#1865)
Create MediaAttachment but without actual file download when domain is blocked with reject_media set to true
Clean up old media files when creating a new domain block with reject_media set to true
Return remote_url in media attachments API if local file is not present
Undo domain block action in admin UI
Ability to enable reject_media from admin UI
8 years ago
alpaca-tc 00392d3c63 ActiveRecord::NotFound is not defined (#1864) 8 years ago
Marcin Cieślak 1c8477eab2 Give SINGLE_USER a chance to register (#1820)
An attempt to open a brand new Mastodon instance configured
as SINGLE_USER_MODE=true will cause an exception.

Enable temporary registration if we have no users in the database

Fixes #1817
8 years ago
Matt Jankowski 6670e6d33f Add password reset for users from admin accounts area (#1841) 8 years ago
Patrick Figel df4ff9a8e1 Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
8 years ago
Joachim Viide ef879a8839 Send initial state in a <script type="application/json"> tag (#1806) 8 years ago
ThibG a9529d3b4b Allow running mastodon on a different domain as the one used for identifying users (#1267)
* Allow running mastodon on a different domain as the one used for identifying users

* Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing

* Compare to web_domain instead of local_domain when dealing with feeds/API

* Correctly identify mentions to local accounts

Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN.
8 years ago
Matt Jankowski f5cd138323 Improve i18n chooser (#1804)
* Add locale spec with failing locale plus region check

* Use a more accurate locale when supplied by browser headers

Previously we were using a matching option which would use the first locale
available which matched the locale portion, even if a region was specified.

This changes to first try to find an exact match, and then fall back to the
region, and then fall back to the  default.

* Clean up default_locale method
8 years ago
Matt Jankowski 8b74aa4217 Admin reports controller improvements (#1714)
* Simplify admin/reports controller filtering for index

* Rename parameter to resolved

* Fix issue where reports view could not access filter_link_to

* Add coverage for admin/reports controller

* DRY up resolution of related reports for target account

* Clean up admin/reports routes

* Add Report#statuses method

* DRY up current account action taken params

* Rubocop styles
8 years ago
Matt Jankowski 137100dcf3 Clean up well-known routes/controllers (#1649)
* Add request spec for host meta route returning xml

* Add routing spec for xrd routes

* Update well-known routes

* Move webfinger and host-meta actions to their own controllers
8 years ago
Matt Jankowski 3a9eb81a80 Admin accounts controller cleanup (#1664)
* Remove unused account_params method in admin/accounts controller

* Introduce AccountFilter to find accounts

* Use AccountFilter in admin/accounts controller

* Use more restful routes admin silence and suspension area

* Add admin/silences and admin/suspensions controllers
8 years ago
Matt Jankowski 0e39cc6a35 Settings export refactor (#1646)
* Refactor Export to take an account and know about the export types

* Use Export instance in settings/exports#show
8 years ago
Matt Jankowski c44a700252 Quick best practice cleanup of views/helpers (#1546)
* Remove trailing whitespace

* Use query methods instead of explicit .blank? checks
8 years ago
Matt Jankowski aa90798386 Webfinger resource to extract username from resource string (#1607)
* Add WebfingerResource class to extract usernames

* Use WebfingerResource in xrd#webfinger
8 years ago
Matt Jankowski 7f0a865b05 Allow import/export of mutes list (#1541)
* Allow export of mutes list

* Allow importing of mutes list

* Refactor to use Settings::Exports::BaseController and DRY up exports code
8 years ago
Matt Jankowski dd1ae3b109 Simplify the way the embed view is created (#1590)
* Add coverage for embedded status view

* Refactor embed view to eliminate @external_links variable
8 years ago
Matt Jankowski b352a8e5d4 Default to json type for webfinger requests (#1583) 8 years ago
Matt Jankowski 3ddd936b03 Refactor exports controller (#1567)
* Add basic coverage for settings/exports controller

* Remove unused @account variable from settings/exports controller

* Add coverage for download export actions

* Remove deprecated `render :text` in favor of `send_data` for csv downloads

* Add model to handle exports

* Use Export class in settings/exports controller

* Simplify settings/exports controller methods

* Move settings/export to more restful routes
8 years ago
Eugen Rochko 2a7602cad4 Merge branch 'master' of https://github.com/blackle/mastodon into blackle-master 8 years ago
blackle 06444bf050 Allow user to disable the boost confirm dialog in preferences 8 years ago
Matt Jankowski 4ada50985a Pagination improvements (#1445)
* Replace will_paginate with kaminari

* Use #page instead of #paginate in controllers

* Replace will_paginate.page_gap with pagination.truncate in i18n

* Customize kaminari views to match prior styles

* Set kaminari options to match prior behavior

* Replace will_paginate with paginate in views
8 years ago
Eugen 2810013b93 API param to exclude notification types from response (#1341)
* Add exclude_types param to /api/v1/notifications

* Exclude notification types in web UI through exclude_types in the API
8 years ago
Matt Jankowski 0687ab8ae3 Clean up generation of account webfinger string (#1477)
* Consolidate webfinger string creation under Account#to_webfinger_s

* Introduce Account#local_username_and_domain for consolidation
8 years ago
Matt Jankowski dbe9f33fdc Admin base controller (#1465)
* Add Admin::BaseController to wrap admin area

Extracts the setting of the `admin` layout and verifying that users are admins
to a common base class for the admin/ controllers.

* Add basic coverage for admin/reports and admin/settings controllers
8 years ago
Eugen 93db265be7 Do not store last visited URL from API controllers (#1330)
Sign-in redirects you back to last visited URL, but in case of API requests,
this sometimes redirected users to an API URL that, of course, greeted them
with an {"error":"The access token is invalid"}
8 years ago
Eugen 15d442cf9d Fix /api/v1/accounts/update_credentials tests (#1357) 8 years ago
David Authier f0bd439486 Use HTTP Accept-Language to detect locale (#1166)
* Use HTTP Accept-Language to detect locale

* Fix gem order to comply with codeclimate

* Sort gem to comply with rubocop

* I18n.default_locale fallback when there is no accept-language header
8 years ago
David Celis d4fe6cd2bf Allow users to update their Account in the API (#1179)
* Allow users to update their Account in the API

It would be nice for API clients to be able to allow users to update
their accounts without having to wrap Mastodon in a web view. This patch
adds an API endpoint to let users submit a PATCH for their account.

Signed-off-by: David Celis <me@davidcel.is>

* Add /api/v1/accounts/update_credentials to the API docs

Signed-off-by: David Celis <me@davidcel.is>
8 years ago
Matt Jankowski e5282e4ec0 Clean up about page (#1282)
* Add InstancePresenter to expose site details

* Clean up about controller, use instance presenter
8 years ago
Eugen b89f007862 Make public timelines API not require user context/app credentials (#1291)
* Make /api/v1/timelines/public and /api/v1/timelines/tag/:id public
Fix #1156 - respect query params when generating pagination links in API

* Apply pagination fix to more APIs
8 years ago
Eugen 9acdb166e8 Fix #795, fix #704, fix #835 - 2FA requires confirmation to be enabled (#1278)
* Fix #795, fix #704, fix #835 - 2FA requires confirmation to be enabled
TOTP secret is not shown again after 2FA is enabled

* Clean up
8 years ago
Eugen Rochko 4b621188ad Fix #1165 - before_action was called before protect_from_forgery 8 years ago
Eugen Rochko e3a3422a65 Allow setting of default language through config
Setting of locale in controller extracted to Localized concern,
the doorkeeper authorized applications controller moved under
custom namespace with inclusion of Localized, which resolves the
"it sometimes appears in a different random language" bug
8 years ago
Eugen 6d6a429af8 Rewrite Atom generation from stream entries to use Ox instead of Nokogiri (#1124)
* Rewrite Atom generation from stream entries to use Ox instead of Nokogiri::Builder

StreamEntry is now limited to only statuses, which allows some optimization. Removed
extra queries on AccountsController#show. AtomSerializer instead of AtomBuilderHelper
used in AccountsController#show, StreamEntriesController#show, StreamEntryRenderer
and PubSubHubbub::DistributionWorker

PubSubHubbub::DistributionWorker moves n+1 DomainBlock query to PubSubHubbub::DeliveryWorker
instead.

All Salmon slaps that aren't based on StreamEntry still use AtomBuilderHelper and Nokogiri

* All Salmon slaps now use Ox instead of Nokogiri. No touch from status on account
8 years ago
Drew DeVault f7e35d90db Remote follow improvements
This stores the @username@instance you provide in your session and
reuses it the next time you remote follow someone from this instance.
8 years ago
Eugen Rochko 5f54981846 New admin setting: open/close registrations, with custom message, from the admin UI 8 years ago
Eugen Rochko b510a56c0c Only call regeneration worker after first login after a 14 day break 8 years ago
Eugen Rochko 4c53af64f0 Fix ActionController::Parameters in API issue 8 years ago
Eugen Rochko 68f829e11c Add basic logging of who resolved report 8 years ago
Eugen Rochko 71458dc6df When taking action on a report (silence/suspend), it dismisses all other
reports for that user automatically
8 years ago
Eugen Rochko b7c1b12367 Make default admin UI page reports. Add admin UI for creating a domain block 8 years ago
Eugen Rochko 2d07cb5771 Catching rack timeout from rails doesn't work 8 years ago
Eugen Rochko 5b12624847 Add proper error page for request timeouts 8 years ago
Eugen Rochko 4b7dca4713 Fix wording "show reblogs" -> "show boosts", order reports chronologically in
admin UI
8 years ago
Eugen Rochko 433cb198fa Fix landing page sign up form ignoring username field 8 years ago
Eugen Rochko e8875c6046 Import feature for following/blocking lists (addresses #62, #177, #201, #454) 8 years ago
Eugen Rochko de22c202f5 Add counter caches for a large performance increase on API requests 8 years ago
Eugen Rochko 1c6b02f936 Fix #690 - Webfinger should handle new shortform profile URLs now (nice) 8 years ago
Eugen Rochko d6ed2eb512 Prettier account and stream entry URLs 8 years ago
Eugen Rochko 05cf086766 New API method: /api/v1/search
Returns accounts, statuses, hashtags arrays
8 years ago
Eugen Rochko 56d998cbdb Export follow/block lists as CSV 8 years ago
Eugen Rochko 08b96f1b9f Fix wrong HTTP status codes on error pages 8 years ago
Eugen Rochko 5cfc9c7487 Forgot to hook up API with the latest method 8 years ago
Eugen Rochko 6be7bde243 Fix #525 - Add instance information API 8 years ago
Eugen e245115f47 Merge branch 'master' into mastodon-site-api 8 years ago
Eugen Rochko 02349b3269 Obfuscate filenames better, double rate limits 8 years ago
Eugen Rochko 1fb3e8988b Revert earlier fix due to new bug reports 8 years ago
Eugen Rochko d6cb4bbe99 Performance improvement for profiles 8 years ago
Eugen Rochko 8d93f0ca56 Increase max bitrate of converted webms, slightly optimized counter queries
(Because postgres can tell that count(*) needs no extra checks, but
counting a specific column requires them)
8 years ago
Eugen Rochko 5f4e402204 Improved /api/v1/accounts/:id/statuses with new params: only_media, exclude_replies
Redirect /:username to /users/:username
Redirect /:username/:id to /users/:username/updates/:id
Updated API documentation and sponsors
8 years ago
Eugen Rochko 6b81d10030 Add digest e-mails 8 years ago
Kit Redgrave 442fdbfc53 Mute button progress so far. WIP, doesn't entirely work correctly. 8 years ago
Kibigo 620f70e42c Adds site metadata access to the API 8 years ago
Eugen Rochko 175a9b9caa Fix #104 - Style OAuth authorized applications page
Add ability to search accounts by display name
8 years ago
Eugen Rochko 5f511324b6 Add validation of media attachments, clean up mastodon-own exception classes 8 years ago
Eugen Rochko 063432d7e3 Merge branch 'fix_462' of https://github.com/rmhasan/mastodon into rmhasan-fix_462 8 years ago
Eugen Rochko 3e9d794ea5 Add tuning documentation, add <content> tags back to most salmons,
make status pagination headers generation more lax about next page
existing
8 years ago
Rakib Hasan 9433d03705 Removed try clause from create action in status controller
Using catch statement in api_controller.rb to catch NotPermitted
Exception, and render error message
8 years ago
Rakib Hasan 6f9ecd899e revisted fix for #462
Moved validation to services/post_status_service.rb
8 years ago
Rakib Hasan 6d2301988f Fix for issue #462
Modified uploadCompose action to send media ids of attached
media when sending a request. Modified create method in MediaController
to check if when posting a video, there are no other media attached
to the status by looking at the media ids sent from the uploadCompose
action.
8 years ago
Eugen Rochko 5ddad41245 Do not display non-Status stream entries anymore 8 years ago
Eugen Rochko 8132cf8153 Add GET /api/v1/accounts/:id/statuses/media that returns only statuses with media attachments
Make replies default to privacy settings of the status being replied to
8 years ago
Eugen Rochko d0f087db2d Add UI to view report details, remove reported statuses, quick links to resolve/silence/suspend from report 8 years ago
Eugen Rochko 24ba7c9762 Adding index overview for reports in admin UI 8 years ago
Eugen Rochko 5426f06ac2 Fix admin UI for accounts somewhat 8 years ago
Eugen Rochko 3b81baaaaf Adding POST /api/v1/reports API, and a UI for submitting reports 8 years ago
Eugen Rochko 63886bdc59 Fix #587 - Display TOTP secret next to QR code 8 years ago
Eugen Rochko 0518492158 Stop trying to shoehorn all Salmon updates into the poor database-connected
StreamEntry model. Simply render Salmon slaps as they are needed
8 years ago
Eugen Rochko 149887a0ff Make follow requests federate 8 years ago
Eugen d96e031dfc Fix #611 - Layout setting in registrations controller 8 years ago
Eugen 9d5fb49cd8 Merge pull request #603 from evanminto/activitypub-account
Expose ActivityStreams 2.0 representation of accounts
8 years ago
Eugen Rochko 714e41d472 Fix preferences save 8 years ago
Eugen Rochko 347a153b3d Add API modifiers to limit returned toots from public/hashtag timelines
to only those from local users; Add link to "extended information" to
getting started in the UI; Add defaults for posting privacy; Change
how publish button looks depending on posting privacy chosen
8 years ago
Evan Minto 94e213c6c1 Reuse existing controller and route 8 years ago
Eugen Rochko eee8afb0b7 Remove bios from blocked users list, filter out broken entries from API response 8 years ago
Eugen Rochko 77e13c2bc9 Removing failed push notification API, make context loads use cache 8 years ago
Evan Minto 8bd8ea7c04 Remove unnecessary leftover code 8 years ago
Evan Minto e2fbf8bc74 Add an account endpoint for ActivityPub and link to it on HTML profile pages 8 years ago
Eugen Rochko d9ca46b464 Cleaning up format of broadcast real-time messages, removing
redis-backed "mentions" timeline as redundant (given notifications)
8 years ago
Eugen Rochko 3f075c7794 API for apps to register for push notifications 8 years ago
Eugen Rochko 23b997ae55 Split 2FA login into two prompts 8 years ago
Eugen Rochko f4bc9620a9 Update settings to re-use admin layout, one big navigation tree, improve settings forms 8 years ago
Eugen Rochko ba192f12e3 Added optional two-factor authentication 8 years ago
Eugen Rochko 905c829179 Improve infinite scroll on notifications 8 years ago
Eugen Rochko 999cde94a6 Instead of using spoiler boolean and spoiler_text, simply check for non-blank spoiler_text
Federate spoiler_text using warning attribute on <content /> instead of a <category term="spoiler" />
Clean up schema file from accidental development migrations
8 years ago
Eugen f8da0dd490 Merge branch 'master' into master 8 years ago
Eugen Rochko 8a880a3d46 Make blocks create entries and unfollows instantly, but do the clean up
in the background instead. Should fix delay where blocked person
can interact with blocker for a short time before background job
gets processed
8 years ago
Eugen Rochko 1f5792c834 API now respects ?limit param as long as it's within 2x default limit 8 years ago
blackle bf0f6eb62d Implement a click-to-view spoiler system 8 years ago
Eugen Rochko cca82bf0a2 Move merging/unmerging of timelines into background. Move blocking into
background as well since it's a computationally expensive
8 years ago
Eugen Rochko f392030ab8 Add /api/v1/notifications/clear, non-existing link cards for statuses will
now return empty hash instead of throwing a 404 error. When following,
merge into timeline will filter statuses
8 years ago
Eugen Rochko aa9c51a34c Fix a couple unhandled exceptions 8 years ago
Eugen Rochko a1894786cf Potentially fix notifications issue 8 years ago
Eugen 1953e3b6ed Fix inflection 8 years ago
Eugen Rochko e22a56183a Improve error page layouting. 500 page has to stay static because it's
used from nginx when Rails fails.
8 years ago
Eugen Rochko b4a4eb73ae Merge branch 'fix/error-pages' of https://github.com/ineffyble/mastodon into ineffyble-fix/error-pages 8 years ago
Eugen Rochko 3a4b5961be Method to fetch a single notification 8 years ago
Eugen Rochko f0de621e76 Fix #463 - Fetch and display previews of URLs using OpenGraph tags 8 years ago
Eugen Rochko 98560b232a Don't show loading bar when re-loading already loaded status. Don't even try to fetch ancestors from DB when in_reply_to_id is nil 8 years ago
Eugen Rochko 7d53ee73f3 Fix #238 - Add "favourites" column 8 years ago
Effy Elden ed41f9f0b1 Add nice error page for CSRF errors/cookie issue, and fix error page handling altogether 8 years ago
Effy Elden d6bc0e8db4 Add tracking of OAuth app that posted a status, extend OAuth apps to have optional website field, add application details to API, show application name and website on detailed status views. Resolves #11 8 years ago
Eugen Rochko c01dd089ff Adding about/more page with extended information that can be set up by an admin 8 years ago
Eugen Rochko e25170f960 Add extended about page stub 8 years ago
Eugen Rochko 2939e9898b Extend rails-settings-cached to merge db-saved hash values with defaults 8 years ago
Eugen Rochko b11fdc3ae3 Migrate from ledermann/rails-settings to rails-settings-cached which allows global settings
with YAML-defined defaults. Add admin page for editing global settings. Add "site_description"
setting that would show as a paragraph on the frontpage
8 years ago
Eugen Rochko 312c51b5c8 Home column filters 8 years ago
Eugen Rochko 75f80bef10 Persist UI settings, add missing localizations for German 8 years ago
Eugen Rochko 7b9f8766e8 Fix #416 - Generate random unique 14-byte (19 characters) shortcodes
for local attachments, use them in URLs. Check status privacy
before redirecting to actual file.
8 years ago
Eugen Rochko 1bbcd71cd4 Fix #390 - fix redirect after sign-up (to login page instead of homepage) 8 years ago
Eugen Rochko f79ba2de83 Fix admin UI not loading JS, make sure to strip "acct:" out of remote account's usernames when authorizing follow 8 years ago
Eugen Rochko 75122e162d Fix uri expansion during remote follow 8 years ago
Eugen Rochko 8f47f6a7ec Adding remote follow button 8 years ago
Eugen Rochko a302e56f9a Add API for retrieving favourites 8 years ago
Eugen Rochko 49834a6e7f Add API for retrieving blocked accounts 8 years ago
Eugen Rochko 8724094ed0 Support remote follow request providing URL instead of acct 8 years ago
Eugen Rochko d7dc84439c Add ability to use remote follow function on other sites 8 years ago
Eugen Rochko eca6110fc4 Add preferences for follow request notification e-mails 8 years ago
Eugen Rochko 2146ac91a0 Follow requests send e-mail notifications, but are excluded from notifications API
Better initial state for unlisted/nsfw toggles
8 years ago
Eugen Rochko 3689c119f0 Replacing follow requests in the settings area with in-UI column 8 years ago
Eugen Rochko 004382e4d0 Adding follow requests API 8 years ago
Eugen Rochko 3282448878 Fix #86 - resolve layout breaking on zoom-out on accounts grid 8 years ago
Eugen Rochko b302b9202b Add page for authorizing/rejecting follow requests 8 years ago
Eugen Rochko 05b13c38b5 Re-enable Webfinger for locked accounts but don't handle "follow" events
coming in via Salmon.

Currently no way to prevent remote follows, but they will only receive public
and unlisted posts
8 years ago
Eugen Rochko b891a81008 Follow call on locked account creates follow request instead
Reflect "requested" relationship in API and UI
Reflect inability of private posts to be reblogged in the UI
Disable Webfinger for locked accounts
8 years ago
Eugen Rochko 2d2154ba75 Add "locked" flag to accounts, prevent blocked users from following, force-unfollow blocked users 8 years ago
Eugen Rochko 80e02b90e4 Private visibility on statuses prevents non-followers from seeing those
Filters out hidden stream entries from Atom feed
Blocks now generate hidden stream entries, can be used to federate blocks
Private statuses cannot be reblogged (generates generic 422 error for now)
POST /api/v1/statuses now takes visibility=(public|unlisted|private) param instead of unlisted boolean
Statuses JSON now contains visibility=(public|unlisted|private) field
8 years ago
Eugen Rochko e09d3a2c66 Fix #249 - use window.location hack to let people login from sandboxed iOS homescreen 8 years ago
Eugen Rochko 0542773bca Make unfavouriting async to prevent timeout errors from leaving orphaned records behind 8 years ago
Eugen Rochko 5ae1b39ec9 Adjusting public display of statuses to look similar to logged-in UI,
fix #361 with rich OEmbed display via iframe, fix #237 by hiding sensitive
content behind a spoiler on public pages
8 years ago
Eugen Rochko aed25932b5 Add OEmbed iframe HTML, convert emojis on public pages, increase size of attachment thumbnails 8 years ago
Eugen Rochko 76ec907993 Improved admin UI 8 years ago
Eugen Rochko f978b06dd1 Add suspend account functionality to admin UI 8 years ago
Eugen Rochko f406e01fcf Add filters for suspended accounts 8 years ago
Eugen Rochko 1357c1cb3d Add single user mode 8 years ago
Eugen Rochko 39cc9fde8a Add account suspension 8 years ago
Eugen Rochko 9d9f796130 Adding more to admin accounts UI 8 years ago
Eugen Rochko d236dcded2 Fix public tags page 8 years ago
Eugen Rochko 5abf64d647 Add "next" pagination to public profiles 8 years ago
Eugen Rochko ec44cff9a2 Admin accounts page lists accounts 8 years ago
Eugen Rochko 816284d739 Fix #248 - Reload all accounts when fetching from cache 8 years ago
Eugen Rochko 1d0321fc45 Fix pt translations, improve pre-cache queries, removing will_paginate
from accounts/tags because it's a terribly inefficient way to paginate
large sets of data
8 years ago
Eugen Rochko 6ff93845d5 Add basic OEmbed provider API, fix #247 8 years ago
Eugen Rochko 14bd46946d Per-status control for unlisted mode, also federation for unlisted mode
Fix #233, fix #268
8 years ago
Eugen Rochko a21bcac9e1 Further abstract caching for includes 8 years ago
Eugen Rochko 356d3874eb Normalize localizations, add stub for admin/accounts 8 years ago
Eugen Rochko ff21ff1489 Make User#current_sign_in_at actually track when user was last active,
by updating it at least every 24h if the user visits the site
8 years ago
Eugen Rochko 7e90772c92 Unify collection caching code 8 years ago
Eugen Rochko 93a90cd9c3 Delete statuses asynchronously but provide instant feedback in the API 8 years ago
Eugen Rochko 3ba6531611 Fix setting of confirmed=true on successful confirmation 8 years ago
Eugen Rochko 27fc49d745 Add simple admin overview of PuSH subscriptions 8 years ago
Eugen Rochko 2d2c81765b Adding embedded PuSH server 8 years ago
Eugen Rochko 4495baf451 X-RateLimit-Reset formatted with iso8601 8 years ago
Eugen Rochko 8a3745a4df Remove stale entries from cache results 8 years ago
Eugen Rochko 71401659b8 Fix #65 - Options to block notifications from people you don't follow/who don't follow you 8 years ago
Eugen Rochko 8efa081f21 Remove Neo4J 8 years ago
Eugen Rochko 8e34bed7cc Mini Profiler not working well, remove it 8 years ago
Alyssa Ross cefef2c571 Extract filename obfuscation into module 8 years ago
Andrea Faulds 7161f91313 Rename media to avoid exposing filename (fixes #207) 8 years ago
Eugen Rochko 79a0135869 Cache accounts/:id/statuses and single statuses too 8 years ago
Eugen Rochko 0603971894 Adding sensitive marker to statuses in API 8 years ago
Eugen Rochko 4bdb6a0eaf Rename "publish" to "toot" in english locale, fix lightbox showing old image
before loading new one, cache notifications API, fix missing follow button
on public profiles
8 years ago
Eugen Rochko cf912e01fd Implement includes caching for timelines APIs 8 years ago
Eugen Rochko 5c78547198 More query optimizations 8 years ago
Eugen Rochko fc90d38893 Moving some counter queries out of subqueries in the API 8 years ago
Eugen Rochko 45c7ee39b3 Remove unneeded indices, improve error handling in background workers, don't needlessly reload reblogged status, send Devise e-mails asynchronously 8 years ago
Eugen Rochko 1788164352 Local accounts can control "silenced" attribute which removes them from public timeline 8 years ago
Eugen Rochko 627a85f4e4 Better error message in doorkeeper json response 8 years ago
Eugen Rochko f88ca4a206 Performance improvement for notifications API 8 years ago
Eugen Rochko 52119104b9 Remove some n+1 queries from notifications API 8 years ago
Eugen Rochko e8c27767aa Remove orphaned notifications, add scopes param to app create API 8 years ago
Eugen Rochko fb48cc3b74 Desktop notifications 8 years ago
Eugen Rochko da2ef4d676 Adding unified streamable notifications 8 years ago
Eugen Rochko 7dea6a23f7 Move Salmon processing to background as well as PuSH 8 years ago
Eugen Rochko 2c766bd4b4 Add user locale setting 8 years ago
Eugen Rochko 3ce6ac0ce2 Adding some localizations 8 years ago
Eugen Rochko 4f07fb1f0a Fix #144 - Filter statuses from blocked users out of ancestors/descendants results 8 years ago
Eugen Rochko fdc17bea58 Fix rubocop issues, introduce usage of frozen literal to improve performance 8 years ago
Eugen Rochko a91c3ef6ce Delegate processing of incoming PuSH data to background workers 8 years ago
Eugen Rochko cea28e0c1d Fix wrong link header on followers API, wrong link in tabs component, order
account results
8 years ago
Eugen Rochko afded319d2 Add limit to search results 8 years ago
Eugen Rochko 09218d4c01 Use full-text search for autosuggestions 8 years ago
Eugen Rochko 17903c6dae Improve filtering of public/hashtag timelines, both in backlog and real-time 8 years ago
Eugen Rochko 448ab18a20 Replace setting custom CORS headers with rack-cors, set it on /oauth/token endpoint 8 years ago
Eugen Rochko b13e7dda1f API pagination for all collections using Link header 8 years ago
Eugen Rochko 9aecc0f48a Move timelines API from statuses to its own controller, add a check for
resources that require a user context vs those that don't (such as public timeline)

/api/v1/statuses/public   -> /api/v1/timelines/public
/api/v1/statuses/home     -> /api/v1/timelines/home
/api/v1/statuses/mentions -> /api/v1/timelines/mentions
/api/v1/statuses/tag/:tag -> /api/v1/timelines/tag/:tag
8 years ago
Eugen Rochko a698b767c1 Fix linking of remote hashtags in UI, add public view of hashtags 8 years ago
Eugen Rochko 48b9619439 Adding hashtags 8 years ago
Eugen Rochko 62292797ec Adding hashtag model 8 years ago
Eugen Rochko 3731230c6d Allow @username@domain/@username in follow form, prevent duplicate accounts
created via remote look-up when domains differ but point to the same resource
8 years ago
Eugen Rochko e4671adc25 Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status 8 years ago
Eugen Rochko 562044f36a Need to disable caching again due to bug in Rabl 8 years ago
Eugen Rochko 9467b900a2 Make cookies https-only if LOCAL_HTTPS is true, set X-Frame-Options to DENY,
add permissive CORS to API controllers
8 years ago
Eugen Rochko dd03118098 Fix follow icon changing plus to minus, add terms page stub 8 years ago
Eugen Rochko fa1cc2d05a Limit returned followees/followers by API to 40 for now 8 years ago
Eugen Rochko e0a197650a Adding common followers API, fixing fallback query again 8 years ago
Eugen Rochko b746a931a5 Fix OAuth authorization redirect 8 years ago
Eugen Rochko a9e40a3d80 Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limiting
to the API
8 years ago
Eugen Rochko 04bbc57690 Fix #100 - Add "back" button to certain views
Also fix reloading of timelines after merge-type events
8 years ago
Eugen Rochko 43df35213e Improving all forms 8 years ago
Eugen Rochko 2e0a38d07c Added e-mail edit field to settings, proper format default for webfinger 8 years ago
Eugen Rochko d5e086a47b Adding application/jrd+json webfinger resource 8 years ago
Eugen Rochko de1f3aab86 Fix #16 - Optimize n+1 queries when checking reblogged/favourited values for status lists in API 8 years ago
Eugen Rochko e21a3fe0cd Adding sync of follow relationships to Neo4J, accounts/suggestions API 8 years ago
Eugen Rochko 7a6d95f70c E-mail preferences page 8 years ago