aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,376 Commits
119 Branches
265 Tags
1004 MiB
more-explicit-fediverse-actor
redesign/content-warning-filters
main
stable-4.3
remove/trendable-provider-attribution
activitypub/summary-over-name
renovate/definitelytyped-types-(non-major)
renovate/pino-9.x-lockfile
renovate/rubocop-(non-major)
renovate/reduxjs-toolkit-2.x-lockfile
renovate/eslint-(non-major)
renovate/major-react-monorepo
build-stable-nightly
renovate/sass-1.x-lockfile
stable-4.2
fixes/notification-excerpt-paragraph
stable-4.1
renovate/ubuntu-24.x
fixes/mastodon-setup-task-redis
fixes/out-of-order-private-posts
renovate/mime-types-3.x
fixes/regexp-timeout-optional
fixes/small-otp-secret-length-4.1
fixes/small-otp-secret-length-4.2
renovate/express-5.x
renovate/major-formatjs-monorepo
fixes/dashboard-quick-access-overflow
fixes/middle-column-size
fix-context-socialweb-miscellany
cleanup/remove-old-notifications
renovate/omniauth-packages
fixes/detect-missing-indexes2
cleanup/simplify-css
renovate/glob-11.x
feature-post-layout
features/media-description-in-embedded-status
fixes/different-strings-private-messages
design/notifications-grid
fix-lookup-domain
flaky-conversations-test
fixes/crash-orphaned-notification
fixes/report-links
features/filtered-dismiss-accept-all
feat/clean-up-notifications
fixes/everyone-role-n+1
redesign/notification-request
experimental/notification-groups-api-shape
fixes/thread-resolve-worker-skip_fetching
spike/resolve-urls-on-click
cleanup/drop-atomuri
fixes/dismissing-notification-requests-dismisses-too-much
revert-system-check
feature-redirect
fix-unusable-hashtag
tests/flaky-tests-performance-logs
feature-grouped-notifications-ui
drop-redis-below-6.2
fix-mute-buttons
features/local-preview-cards-2nd-take
fix-conversations-background
revert-severed-relationships-feature
features/local-preview-cards
stable-3.5
stable-4.0
stable-3.4
releases/v3.5.17
releases/v4.1.13
releases/v4.2.5
version/v4.3.0-alpha.1
fix/build-env
feature-color-scheme
revert/follow-back-mutual
gh-readonly-queue/main/pr-28626-1ad908e0c08c236389967d86b4f238f428de9fef
fixes/per-user-authorized-fetch
fixes/import-many-follows-overlap
fix-web-thread-sort
test-new-container-build
fixes/24px-icons
features/registration-invite-api
fixes/service-worker-caching
fixes/account-refresh-link-verification
feature-like
fixes/delivery-to-suspended-accounts
tests/introduce-error
fixes/lint-fix
fixes/object-has-own-polyfill
fixes/audio-passthrough
fixes/audit-log-external-confirmation
features/banners
refactor/search-query-parser
remove-profile-directory
redesign/notification-settings
feature-separate-hashtags
fixes/self-destruct-throttle
fixes/subdomain-block-4.1.6
redesign/hashtag-column-follow-button
feature-trend-highlights
revert-23460-fixes/activitypub-hashtag
pg15
prevent-unauthenticated-access-tag-timeline
support-rich-oembed
fix-caniuselite-lockfile
track_unsalvageable_errors
add-publish-button-text-site-setting
nolan/button-a11y
i18n/manage-translations
deps/shakapacker
rubocop-fixes
react18
stable-3.3
stable-3.2
stable-3.1
stable-3.0
stable-2.9
stable-2.8
stable-2.7
stable-2.5
stable-2.6
stable-2.4
v0.1.2
v0.1.1
v0.1.0
v0.6
v0.7
v0.8
v0.9
v0.9.9
v1.0
v1.1
v1.1.1
v1.1.2
v1.2
v1.2.1
v1.2.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4rc1
v1.4rc2
v1.4rc3
v1.4rc4
v1.4rc5
v1.4rc6
v1.5.0
v1.5.0rc1
v1.5.0rc2
v1.5.0rc3
v1.5.1
v1.6.0
v1.6.0rc1
v1.6.0rc2
v1.6.0rc3
v1.6.0rc4
v1.6.0rc5
v1.6.1
v2.0.0
v2.0.0rc1
v2.0.0rc2
v2.0.0rc3
v2.0.0rc4
v2.1.0
v2.1.0rc1
v2.1.0rc2
v2.1.0rc3
v2.1.0rc4
v2.1.0rc5
v2.1.0rc6
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.2.0rc1
v2.2.0rc2
v2.3.0
v2.3.0rc1
v2.3.0rc2
v2.3.0rc3
v2.3.1
v2.3.1rc1
v2.3.1rc2
v2.3.1rc3
v2.3.2
v2.3.2rc1
v2.3.2rc2
v2.3.2rc3
v2.3.2rc4
v2.3.2rc5
v2.3.3
v2.4.0
v2.4.0rc1
v2.4.0rc2
v2.4.0rc3
v2.4.0rc4
v2.4.0rc5
v2.4.1
v2.4.1rc1
v2.4.1rc2
v2.4.1rc3
v2.4.1rc4
v2.4.2
v2.4.2rc1
v2.4.2rc2
v2.4.2rc3
v2.4.3
v2.4.3rc1
v2.4.3rc2
v2.4.3rc3
v2.4.4
v2.4.5
v2.5.0
v2.5.0rc1
v2.5.0rc2
v2.5.1
v2.5.2
v2.6.0
v2.6.0rc1
v2.6.0rc2
v2.6.0rc3
v2.6.0rc4
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.0rc1
v2.7.0rc2
v2.7.0rc3
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.8.0
v2.8.0rc1
v2.8.0rc2
v2.8.0rc3
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.9.0
v2.9.0rc1
v2.9.0rc2
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v3.0.0
v3.0.0rc1
v3.0.0rc2
v3.0.0rc3
v3.0.1
v3.0.2
v3.1.0
v3.1.0rc1
v3.1.0rc2
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.2.0
v3.2.0rc1
v3.2.0rc2
v3.2.1
v3.2.2
v3.3.0
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.3.1
v3.3.2
v3.3.3
v3.4.0
v3.4.0rc1
v3.4.0rc2
v3.4.1
v3.4.10
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.5.0
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.1
v3.5.10
v3.5.11
v3.5.12
v3.5.13
v3.5.14
v3.5.15
v3.5.16
v3.5.17
v3.5.18
v3.5.19
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.5.8
v3.5.9
v4.0.0
v4.0.0rc1
v4.0.0rc2
v4.0.0rc3
v4.0.0rc4
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0rc1
v4.1.0rc2
v4.1.0rc3
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.2
v4.1.20
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.0-beta1
v4.2.0-beta2
v4.2.0-beta3
v4.2.0-rc1
v4.2.0-rc2
v4.2.1
v4.2.10
v4.2.11
v4.2.12
v4.2.13
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v4.3.0
v4.3.0-beta.1
v4.3.0-beta.2
v4.3.0-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '781c7be08b'
${ noResults }
Commit Graph

396 Commits (781c7be08bee7ce7f4084743e41d2a460685bd1f)

Author SHA1 Message Date
Eugen Rochko c39d7e7b2b
Fix TLS handshake timeout not being enforced (#9381) 
Follow-up to #9329
 6 years ago
Eugen Rochko 43c311b3a1
Fix nil error when no DNS addresses are found for host (#9379) 6 years ago
Eugen Rochko fd8145d232
Fix connect timeout not being enforced (#9329) 
* Fix connect timeout not being enforced

The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.

* Use timeout on each IP attempt, but limit to 2 attempts

* Fix code style issue

* Do not break Request#perform if no block given

* Update method stub in spec for Request

* Move timeout inside the begin/rescue block

* Use Resolv::DNS with timeout of 1 to get IP addresses

* Update Request spec to stub Resolv::DNS instead of Addrinfo

* Fix Resolve::DNS stubs in Request spec
 6 years ago
ThibG 466e3d710c Include replies to list owner and replies to list members in list statuses (#9324) 6 years ago
Eugen Rochko 384e953b75
Revert connect timeout from 1s to 10s (#9319) 
The failure rate in Sidekiq is too high
 6 years ago
Eugen Rochko 9311430ed7
Prevent multiple handlers for Delete of Actor from running (#9292) 6 years ago
Eugen Rochko 8069fd636b
Remove intermediary arrays when creating hash maps from results (#9291) 6 years ago
ThibG 7f5a4be580 Fix emoji update date processing (#9255) 6 years ago
Eugen Rochko 4615512285
Reduce connect timeout limit and limit signature failures by source IP (#9236) 
* Reduce connect timeout from 10s to 1s

* Limit failing signature verifications per source IP
 6 years ago
Eugen Rochko be202f9377
Accept the same payload in multiple inboxes and deliver (#9150) 6 years ago
m.b 2b18f5f85d Add Page AP type support (#9121) 6 years ago
ThibG e53cc673e7 Ignore invalid hashtags on remote statuses instead of rejecting them (#9118) 
Fixes #9115
 6 years ago
ThibG 82e7988afc Fix missing `mention` argument when processing incoming Create activities (#9114) 
* Fix missing `mention` argument when processing incoming Create activities

* Fix typo (param → params)
 6 years ago
Eugen Rochko d4cf963749
Allow inbox owner to view implicitly targeted ActivityPub payload (#9093) 
Fix #9091
 6 years ago
Eugen Rochko fd5285658f
Add option to block reports from domain (#8830) 6 years ago
Eugen Rochko ddd30f331c
Improve support for aspects/circles (#8950) 
* Add silent column to mentions

* Save silent mentions in ActivityPub Create handler and optimize it

Move networking calls out of the database transaction

* Add "limited" visibility level masked as "private" in the API

Unlike DMs, limited statuses are pushed into home feeds. The access
control rules between direct and limited statuses is almost the same,
except for counter and conversation logic

* Ensure silent column is non-null, add spec

* Ensure filters don't check silent mentions for blocks/mutes

As those are "this person is also allowed to see" rather than "this
person is involved", therefore does not warrant filtering

* Clean up code

* Use Status#active_mentions to limit returned mentions

* Fix code style issues

* Use Status#active_mentions in Notification

And remove stream_entry eager-loading from Notification
 6 years ago
Eugen Rochko 21ad21cb50
Improve signature verification safeguards (#8959) 
* Downcase signed_headers string before building the signed string

The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.

Thankfully, I don't know of any such client.

* Revert "Remove dead code (#8919)"

This reverts commit a00ce8c92c.

* Restore time window checking, change it to 12 hours

By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.

* Escape users' URLs when formatting them

Fixes possible HTML injection

* Escape all string interpolations in Formatter class

Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls

* Fix code style issues
 6 years ago
Eugen Rochko 61d44dd11f
Fix typo in ActivityPub Create handler (#8952) 
Regression from #8951
 6 years ago
Eugen Rochko 790d3bc637
Move network calls out of transaction in ActivityPub handler (#8951) 
Mention and emoji code may perform network calls, but does not need
to do that inside the database transaction. This may improve availability
of database connections when using pgBouncer in transaction mode.
 6 years ago
Eugen Rochko 774ac47373
Add conversations API (#8832) 
* Add conversations API

* Add web UI for conversations

* Add test for conversations API

* Add tests for ConversationAccount

* Improve web UI

* Rename ConversationAccount to AccountConversation

* Remove conversations on block and mute

* Change last_status_id to be a denormalization of status_ids

* Add optimistic locking
 6 years ago
Jeong Arm 144d73730d Leave unknown language as nil if account is remote (#8861) 
* Force use language detector if account is remote

* Set unknown remote toot's language as nil
 6 years ago
ThibG ba444797d2 Fix handling of ActivityPub activities lacking some attributes (#8864) 6 years ago
Eugen Rochko ef69c655cc
Fix class autoloading issue in ActivityPub::Activity::Create (#8820) 6 years ago
cbayerlein 4b78546135 Exclude replies from list timelines (#8683) 
* Changed list behaviour

I added the following line to the FeedManager (app/lib/feed_manager.rb) in the push_to_list function:

`return false if status.reply?`

Now all posts that are replies are filtered out, so that now only "genuine" posts are displayed in the list.

This is a first approach to solve issue #5916

* Update feed_manager.rb

As suggested by @Gargron
 6 years ago
ふぁぼ原 f7a6f9489d Add a new preference to always hide all media (#8569) 6 years ago
Matt Sweetman 1889526e23 Add user preference to always expand toots marked with content warnings (#8762) 6 years ago
Eugen Rochko f4d549d300
Redesign forms, verify link ownership with rel="me" (#8703) 
* Verify link ownership with rel="me"

* Add explanation about verification to UI

* Perform link verifications

* Add click-to-copy widget for verification HTML

* Redesign edit profile page

* Redesign forms

* Improve responsive design of settings pages

* Restore landing page sign-up form

* Fix typo

* Support <link> tags, add spec

* Fix links not being verified on first discovery and passive updates
 6 years ago
Renato "Lond" Cerqueira fe56d26f7b Fix autoplay issue with spoiler tag (#8540) 
Add tests to avoid similar issues in the future
 6 years ago
Eugen Rochko e3764bdb52
Do not sign useless User-Agent or Accept-Encoding headers (#8533) 
Fix #8080
 6 years ago
Renato "Lond" Cerqueira 11658d8653 Add animate custom emoji param to embed pages (#8507) 
* Add animate custom emoji param to embed pages

* Rename param, use it for avatars and gifs

* Fix issues pointed by codeclimate and breaking test

* Ignore brakeman warning
 6 years ago
Eugen Rochko cabdbb7f9c
Add CLI task for rotating keys (#8466) 
* If an Update is signed with known key, skip re-following procedure

Because it means the remote actor did *not* lose their database

* Add CLI method for rotating keys

    bin/tootctl accounts rotate [USERNAME]

Generates a new RSA key per account and sends out an Update activity
signed with the old key.

* Key rotation: Space out Update fan-outs every 5 minutes per 1000 accounts

* Skip suspended accounts in key rotation
 6 years ago
Quint Guvernator da13fa5021 Fix low-hanging rubocop gripes (#8458) 
* rubocop: quit being so picky

* rubocop: miscellany

* rubocop: prefer present to blank
 6 years ago
Eugen Rochko b4ba4b1b5d
Spread out crawling randomly to avoid DDoSing the link (#8445) 
* Spread out crawling randomly to avoid DDoSing the link

Fix #4486

* Remove trailing whitespace
 6 years ago
M Somerville 95bd0d4528 Support ActivityStreams’ summaryMap. (#8422) 
In the same way as contentMap and nameMap.
 6 years ago
Jakub Mendyk 6cb3514d64 Add ability to change an instance default theme from the administration panel (#7092) (#8381) 
* Add default_settings class method to ScopedSettings

ScopedSettings was extended to use value of unscoped setting instead of
only using defaults set in config/settings.yml for selected settings.
This adds possibility for admins to set default values of users' settings,
for example default theme (as requested in #7092).

* Add ability to change an instance default theme

Closes #7092
 6 years ago
ThibG 42573b76f1 Do not crash if remote custom emoji does not define updated date (fixes #8376) (#8377) 6 years ago
Eugen Rochko 802cf6a4c5
Improve federated ID validation (#8372) 
* Fix URI not being sufficiently validated with prefetched JSON

* Add additional id validation to OStatus documents, when possible
 6 years ago
ThibG 59f7f4c923 Implement Undo { Accept { Follow } } (fixes #8234) (#8245) 
* Add Follow#revoke_request!

* Implement Undo { Accept { Follow } } (fixes #8234)
 6 years ago
ThibG 1ee675d68b Use correct activity id in Accept when receiving duplicate Follow (fixes #8218) (#8244) 6 years ago
Eugen Rochko 39e361a56d
Expect relays to answer with accept/reject (#8179) 6 years ago
ThibG c52bcc0331 Serialize text-less statuses as '.' over OStatus (fixes #7856) (#8126) 6 years ago
Eugen Rochko 07b799468d
Fix incorrect context definition for the "featured" keyword (#8090) 
* Fix incorrect context definition for the "featured" keyword

Fix #8077

* Adjust context definition for movedTo
 6 years ago
Eugen Rochko a23ac107e4
Fix activity:interactions counter to count all interactions (#8037) 6 years ago
Eugen Rochko 8f64b17d98 Whitelist dat/ipfs/gopher links in sanitizer (#8034) 
Fix #7994
 6 years ago
Eugen Rochko 2354b10eb5
Add admin dashboard (#8029) 6 years ago
Eugen Rochko 38e9662d78
Disable language detection for texts shorter than 140 characters (#8010) 
If the input text is blank after preparation (only mention, or
only URL, or empty as in a media post), then use nil as language,
since it's OK to show to everyone.

Otherwise, always fall back to the server's default locale
 6 years ago
Eugen Rochko 47c59591e0 Do not count self in potential friendships (#8014) 6 years ago
Eugen Rochko 20fefdb714
Make whole-word filter regex consistent between Ruby and JS (#7987) 6 years ago
ThibG 1ca4e51eb3 Add option to not consider word boundaries when processing keyword filtering (#7975) 
* Add option to not consider word boundaries when filtering phrases

* Add a few tests for keyword/phrase filtering
 6 years ago
Eugen Rochko 404c7702ec
In keyword filter, account for reblogs, HTML and whole-words (#7960) 
* In keyword filter, account for reblogs, HTML and whole-words

* Match whole words in JS filter, too

* Fix typo
 6 years ago