potsda.mn/mastodon
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
16336 commits 19 branches 0 tags 218 MiB
Commit graph

499 commits

Author SHA1 Message Date
Matt Jankowski 42afd30324
Replace Sprockets with Propshaft () 2023-12-06 10:19:24 +00:00
Matt Jankowski a8473f582d
Add zeitwerk inflector for cli->CLI () 2023-11-30 13:55:20 +00:00
Claire 85662a5a57
Change img-src and media-src CSP directives to not include https: () 2023-11-30 13:47:01 +00:00
Matt Jankowski 31bef99b9e
Move lib/mastodon/premailer_webpack_strategy to lib/ () 2023-11-29 10:08:55 +00:00
Matt Jankowski 9429e30d75
Disable sidekiq unique jobs in test env () 2023-11-09 16:19:04 +00:00
Matt Jankowski c875dfc90b
Fix Lint/UnusedBlockArgument cop () 2023-11-09 09:43:26 +00:00
Matt Jankowski 33cc3ae8fa
Fix Style/StabbyLambdaParentheses cop () 2023-11-08 12:01:18 +00:00
Matt Jankowski 02d27de5ce
Move i18n locale configuration to separate initializer () 2023-11-07 15:22:14 +00:00
Matt Jankowski d6f50839e1
Fix RSpec/SpecFilePathFormat cops () 2023-11-06 16:25:40 +00:00
Matt Jankowski 7ef56d6e50
Move json_ld context loaders to config/initializers () 2023-10-31 15:21:23 +00:00
Matt Jankowski 3107a9410c
Silence deprecation warning about secrets/credentials with Devise patch () 2023-10-31 11:10:15 +00:00
Matt Jankowski eae5c7334a
Extract class from CSP configuration/initialization () 2023-10-27 16:20:40 +00:00
Matt Jankowski 4aa05d45fc
Capture minimum postgres version 12 () 2023-10-26 20:35:15 +00:00
Matt Jankowski 9a3d047f3e
Run bin/rails app:update with Rails 7.1 () 2023-10-25 13:56:09 +00:00
Claire 379115e601
Add SELF_DESTRUCT env variable to process self-destructions in the background () 2023-10-23 15:46:21 +00:00
Claire c3e0eb3699
Change Content-Security-Policy to be tighter on media paths () 2023-10-23 14:27:07 +02:00
Matt Jankowski bcd0171e5e
Fix Lint/UselessAssignment cop () 2023-10-19 16:55:06 +02:00
Wladimir Palant 23f8e93c64
Fixes - Allow cross origin request for /nodeinfo/2.0 API () 2023-10-16 13:39:25 +02:00
Renaud Chaput e0da64bb4e
Fix empty ENV variables not using default nil value () 2023-10-13 19:00:53 +02:00
Nick Schonning 85db392464
Autofix Rubocop cops for config/ () 2023-10-03 15:24:12 +02:00
Matt Jankowski 56c0babc0b
Fix rubocop Layout/ArgumentAlignment cop () 2023-09-28 15:48:47 +02:00
Claire 8acc75435b
Change S3 checksum mode to be disabled by default () 2023-09-21 14:00:51 +02:00
Claire a04ae16201
Fix CSP when using ONE_CLICK_SSO_LOGIN () 2023-09-13 19:54:04 +02:00
CSDUMMI 9a70cac9de
Fix by adding the domain of the current SSO provider to the form-action CSP () 2023-09-12 13:04:51 +02:00
Christian Schmidt ea31929776
Fix invalid Content-Type header for WebP images () 2023-09-04 09:46:33 +02:00
Claire 9e26cd5503
Add authorized_fetch server setting in addition to env var () 2023-09-01 15:41:10 +02:00
Christian Schmidt 286a21afdc
Support webpacker live-reloading on Docker () 2023-08-29 10:17:57 +02:00
Renaud Chaput b95867ad1f
Allow setting a custom HTTP method in CacheBuster () 
Co-authored-by: Jorijn Schrijvershof <jorijn@jorijn.com>
 2023-08-18 08:18:40 +02:00
Claire dd049fc37a
Fix ES_PRESET not being applied to Chewy's internal index () 2023-08-14 19:00:56 +02:00
Claire f5778caa3a
Add ES_PRESET option to customize numbers of shards and replicas () 
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
 2023-08-14 17:46:16 +02:00
Claire 4bc0dd751c
Add S3_DISABLE_CHECKSUM_MODE environment variable for compatibility with some S3-compatible providers () 2023-08-10 14:15:18 +02:00
Claire 12c43e4ab5
Re-add StatsD support through the nsa gem () 2023-08-03 20:28:14 +02:00
Emelia Smith e258b4cb64
Refactor: replace whitelist_mode mentions with limited_federation_mode () 2023-08-02 19:32:48 +02:00
Matt Jankowski ad81be6c8e
Update rubocop rules for linelength () 2023-07-28 23:11:45 +02:00
Matt Jankowski bada7a65aa
Ignore long line in regex initializer () 2023-07-26 09:45:27 +02:00
Claire e5f1000ad1
Fix CSP headers being unintendedly wide () 2023-07-21 13:34:15 +02:00
Claire 934c7b33d1
Change default KeyGenerator digest to SHA1 to fix cookies in rolling upgrades () 2023-07-21 13:17:43 +02:00
Misty De Méo b848ba3867
Paperclip: add support for Azure blob storage () 2023-07-19 09:02:49 +02:00
Matt Jankowski ce43ed144c
Rails 7.0 update () 2023-07-13 09:36:07 +02:00
Matt Jankowski 2e1391fdd2
Fix Naming/MemoizedInstanceVariableName cop () 2023-07-12 10:08:51 +02:00
Nick Schonning 1d557305d2
Enable Rubocop Style/FrozenStringLiteralComment () 2023-07-12 09:47:08 +02:00
Kurtis Rainbolt-Greene e4cfe4b3db
First pass at multi-database for read replica using Rails native adapter () 
Co-authored-by: emilweth <7402764+emilweth@users.noreply.github.com>
 2023-07-08 19:45:36 +02:00
Claire dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm 
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
 2023-07-06 15:05:05 +02:00
Eugen Rochko ba06a2f104
Revert "Rails 7 update" () 2023-07-02 11:14:22 +02:00
Matt Jankowski 50c2a03695
Rails 7 update () 2023-07-02 10:38:53 +02:00
Claire f378f10404
Fix compatibility of recent migration with PostgreSQL 10 () 2023-06-07 01:53:50 +02:00
Nick Schonning c66250abf1
Autofix Rubocop Regex Style rules () 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-06-06 14:50:51 +02:00
Claire e428670e61
Fix CSP headers when S3_ALIAS_HOST includes a path component () 2023-06-05 17:35:05 +02:00
Matt Jankowski e49819142f
Remove unmaintained nsa gem () 2023-06-05 01:57:05 +02:00
Claire 94329f28e1
Change wording of “Content cache retention period” setting to highlight destructive implications () 2023-06-02 18:09:08 +02:00
Renaud Chaput 942d850b0a
Allow carets in URL search params () 2023-06-01 12:14:49 +02:00
Nick Schonning c0b9664a31
Autofix Rubocop spacing in config () 2023-05-22 13:17:56 +02:00
Nick Schonning cee4369cf5
Autofix Rubocop Lint/AmbiguousOperatorPrecedence () 2023-05-16 10:51:59 +02:00
Matt Jankowski d9a958fcf7
Fix Performance/RedundantMerge cop () 2023-05-04 05:25:43 +02:00
Matt Jankowski d902a707a3
Fix Rails/CompactBlank cop () 2023-04-30 14:07:21 +02:00
Matt Jankowski 5a2aa06a51
Fix Rails/Present cop () 2023-04-30 06:47:50 +02:00
Nick Schonning 49fad26eca
Drop EOL Ruby 2.7 () 2023-04-27 01:46:18 +02:00
Nick Schonning 4687967176
Autofix Rubocop Style/NumericLiterals () 2023-04-23 22:30:07 +02:00
Claire 5c499f54e3
Change root Chewy strategy to emit a warning instead of erroring out in production mode () 2023-04-03 15:05:39 +02:00
Nick Schonning 500d6f93be
Autofix Rubocop Style/IdenticalConditionalBranches () 2023-03-31 09:33:52 +02:00
Eugen Rochko a9b5598c97
Change user settings to be stored in a more optimal way () 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2023-03-30 14:44:00 +02:00
Claire e084b5b82d
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support () 2023-03-27 17:07:37 +02:00
Claire f432db7b9f
Fix sidekiq jobs not triggering Elasticsearch index updates () 2023-03-12 23:47:55 +01:00
Jean byroot Boussier 922837dc96
Upgrade to latest redis-rb 4.x and fix deprecations () 
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
 2023-03-04 16:38:28 +01:00
Jamie Hoyle de137e6bb0
Added support for specifying S3 storage classes in environment () 2023-03-03 20:53:37 +01:00
Eugen Rochko c6ef56fd5e
Change rate limits to 1,500/5m per user, 300/5m per app () 2023-02-02 00:07:49 +01:00
luzpaz 596923da4a
Fix typos in source documentation () 
Fixed 2 source comment/documentation typos
 2022-12-15 15:57:26 +01:00
Claire d587a268fd
Add logging for Rails cache timeouts () 
* Reduce redis cache store connect timeout from default 20 seconds to 5 seconds

* Log cache store errors
 2022-11-27 20:37:37 +01:00
Claire 7955d4b959
Add form-action CSP directive () 2022-11-17 10:55:03 +01:00
trwnh a2931d19ae
Add missing admin scopes (fix ) () 2022-11-17 10:50:21 +01:00
Eugen Rochko 43b0b2f3f4
Fix wrong directive unsafe-wasm-eval to wasm-unsafe-eval () 2022-11-15 03:39:06 +01:00
prplecake b46b7c3d5e
Use "unsafe-wasm-eval" instead of "unsafe-eval" in script-src CSP () 
* Add "unsafe-eval" to script-src CSP

* Use 'unsafe-wasm-eval' instead of 'unsafe-eval'
 2022-11-15 03:22:38 +01:00
Eugen Rochko 21fd25a269
Fix rate limiting for paths with formats () 2022-11-14 20:26:31 +01:00
Matt Corallo 9d039209cc
Add Cache-Control header to openstack-stored files () 
When storing files in S3, paperclip is configured with a Cache-Control header
indicating the file is immutable, however no such header was added when using
OpenStack storage.

Luckily Paperclip's fog integration makes this trivial, with a simple
`fog_file` `Cache-Control` default doing the trick.
 2022-11-14 05:26:49 +01:00
David Hewitt 290d78cea4
Allow unsetting x-amz-acl S3 Permission headers () 
Some "S3 Compatible" storage providers (Cloudflare R2 is one such example) don't support setting ACLs on individual uploads with the `x-amz-acl` header, and instead just have a visibility for the whole bucket. To support uploads to such providers without getting unsupported errors back, lets use a black `S3_PERMISSION` env var to indicate that these headers shouldn't be sent.

This is tested as working with Cloudflare R2.
 2022-11-13 06:57:10 +01:00
prplecake aafbc82d88
Add "unsafe-eval" to script-src CSP () 2022-10-26 19:23:16 +02:00
Eugen Rochko bf0ab3e0fa
Fix vacuum scheduler missing lock, locks never expiring () 
Remove vacuuming of orphaned preview cards
 2022-10-26 12:10:48 +02:00
Eugen Rochko 0d6b878808
Add user content translations with configurable backends () 2022-09-23 23:00:12 +02:00
Eugen Rochko 546672e292
Change "Allow trends without prior review" setting to include statuses () 
* Change "Allow trends without prior review" setting to include posts

* Fix i18n-tasks
 2022-08-28 04:00:39 +02:00
Jeong Arm 861b35dd54
Support "http_hidden_proxy" ENV var for hidden service only proxy () 
* Support "http_hidden_proxy" ENV var for hidden service only proxy

* Fallback to http_proxy if http_hidden_proxy is not set
 2022-08-25 04:41:14 +02:00
Eugen Rochko e7aa2be828
Change how hashtags are normalized () 
* Change how hashtags are normalized

* Fix tests
 2022-07-13 15:03:28 +02:00
Claire ae4f068a84
Fix CAS_DISPLAY_NAME, SAML_DISPLAY_NAME and OIDC_DISPLAY_NAME being ignored () 2022-06-01 19:22:55 +02:00
Eugen Rochko 96129c2f10
Fix confirmation redirect to app without Location header () 2022-05-26 22:03:54 +02:00
Eugen Rochko 679b7158e3
Change search indexing to use batches to minimize resource usage () 2022-05-18 23:29:14 +02:00
Eugen Rochko 7b0fe4aef9
Fix opening and closing Redis connections instead of using a pool () 
* Fix opening and closing Redis connections instead of using a pool

* Fix Redis connections not being returned to the pool in CLI commands
 2022-04-29 22:43:07 +02:00
Claire 8284110c55
Fix stoplight not using REDIS_NAMESPACE () 2022-04-28 18:11:31 +02:00
Eugen Rochko 3917353645
Fix single Redis connection being used across all threads () 
* Fix single Redis connection being used across all Sidekiq threads

* Fix tests
 2022-04-28 17:47:34 +02:00
Eugen Rochko 6e418bf346
Fix cookies secure flag being set when served over Tor () 2022-04-08 12:47:18 +02:00
Holger 39b489ba4c
fix: s3_force_single_request not parsed () 2022-04-01 23:56:23 +02:00
Eugen Rochko cefa526c6d
Refactor formatter () 
* Refactor formatter

* Move custom emoji pre-rendering logic to view helpers

* Move more methods out of Formatter

* Fix code style issues

* Remove Formatter

* Add inline poll options to RSS feeds

* Remove unused helper method

* Fix code style issues

* Various fixes and improvements

* Fix test
 2022-03-26 02:53:34 +01:00
Claire 895212bb2f
Fix PgHero suggesting migrations () 
* Fix PgHero suggesting migrations

Fixes 

* Keep migration suggestions in development env
 2022-03-15 20:27:49 +01:00
Yamagishi Kazutoshi eb9a7e3626
Fix LetterOpennerWeb CSP () 2022-03-14 19:20:40 +01:00
dependabot[bot] 46ad7fea9d
Bump rack-attack from 6.5.0 to 6.6.0 () 
* Bump rack-attack from 6.5.0 to 6.6.0

Bumps [rack-attack](https://github.com/rack/rack-attack) from 6.5.0 to 6.6.0.
- [Release notes](https://github.com/rack/rack-attack/releases)
- [Changelog](https://github.com/rack/rack-attack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rack/rack-attack/compare/v6.5.0...v6.6.0)

---
updated-dependencies:
- dependency-name: rack-attack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix usage of deprecated API

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
 2022-03-12 09:23:53 +01:00
chandrn7 a6ed6845c9
Allow login through OpenID Connect () 
* added OpenID Connect as an SSO option

* minor fixes

* added comments, removed an option that shouldn't be set

* fixed Gemfile.lock

* added newline to end of Gemfile.lock

* removed tab from Gemfile.lock

* remove chomp

* codeclimate changes and small name change to make function's purpose clearer

* codeclimate fix

* added SSO buttons to /about page

* minor refactor

* minor style change

* removed spurious change

* removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth

* minor changes
 2022-03-09 12:07:35 +01:00
Josh Soref b5329e0035
Spelling () 
* spelling: account

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: affiliated

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: appearance

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: autosuggest

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: cacheable

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: component

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: conversations

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: domain.example

Clarify what's distinct and use RFC friendly domain space.

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: environment

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: exceeds

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: functional

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: inefficiency

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: not

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: notifications

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: occurring

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: position

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: progress

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: promotable

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: reblogging

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: repetitive

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: resolve

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: saturated

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: similar

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: strategies

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: success

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: targeting

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: thumbnails

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: unauthorized

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: unsensitizes

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: validations

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

* spelling: various

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2022-03-06 22:51:40 +01:00
luzpaz 73f5e4a1d9
Fix various typos () 
Found via `codespell -q 3 -S ./CHANGELOG.md,./AUTHORS.md,./config/locales,./app/javascript/mastodon/locales -L ba,keypair,medias,ro`
 2022-02-22 20:14:17 +01:00
Claire 8603a07504
Fix error when trying to register () 2022-02-21 14:55:38 +01:00
zunda f9e7f2e409
Avoid return within block () 
This prevents the error: LocalJumpError (unexpected return)
 2022-02-18 20:21:21 +01:00
Jeong Arm 1de2e3f980
Throttle IPv6 signup for subnet () 2022-02-18 13:51:51 +01:00
Claire cfa583fa71
Remove support for OAUTH_REDIRECT_AT_SIGN_IN () 
Fixes 

Introduced in , OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by  from
appearing, and completely broke with the introduction of .

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.
 2022-01-23 15:50:41 +01:00