aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,698 Commits
134 Branches
269 Tags
1.1 GiB
gh-readonly-queue/main/pr-33503-ee1cbda2262cec267c5c774c559d5ea7388cc541
fixes/application_id
main
renovate/core-js-3.x-lockfile
renovate/connection_pool-2.x-lockfile
renovate/node-22.x
features/numeric-identifiers
features/split-in-app-notif
renovate/major-react-monorepo
renovate/react-test-renderer-19.x
renovate/eslint-(non-major)
fixes/onboarding-tweaks
feat/fasp
replace-oj-with-json
renovate/omniauth-packages
renovate/formatjs-monorepo
fixes/notification-trailing-groups
renovate/reduxjs-toolkit-2.x-lockfile
renovate/webpush-digest
feature-streaming-profile
feature-starter-packs
refactor-status-content-typescript
renovate/glob-11.x
fixes/embed-requestAnimationFrame
renovate/immutable-5.x
stable-4.3
stable-4.1
stable-4.2
renovate/major-formatjs-monorepo
features/lock-icon-on-hover-card
feature-language-dropdown-warning
feature-admin-report-forward
feature-reports-batch-actions
fix-admin-dashboard-slow
fix-future-date-trend
redesign/content-warning-filters-4.3
fixes/filtered-follows
remove/trendable-provider-attribution
activitypub/summary-over-name
build-stable-nightly
fixes/notification-excerpt-paragraph
fixes/mastodon-setup-task-redis
fixes/out-of-order-private-posts
fixes/regexp-timeout-optional
fixes/small-otp-secret-length-4.1
fixes/small-otp-secret-length-4.2
fixes/dashboard-quick-access-overflow
fixes/middle-column-size
fix-context-socialweb-miscellany
fixes/detect-missing-indexes2
cleanup/simplify-css
feature-post-layout
features/media-description-in-embedded-status
design/notifications-grid
fix-lookup-domain
flaky-conversations-test
fixes/crash-orphaned-notification
fixes/report-links
features/filtered-dismiss-accept-all
feat/clean-up-notifications
fixes/everyone-role-n+1
redesign/notification-request
experimental/notification-groups-api-shape
fixes/thread-resolve-worker-skip_fetching
spike/resolve-urls-on-click
cleanup/drop-atomuri
fixes/dismissing-notification-requests-dismisses-too-much
revert-system-check
feature-redirect
fix-unusable-hashtag
tests/flaky-tests-performance-logs
feature-grouped-notifications-ui
drop-redis-below-6.2
fix-mute-buttons
features/local-preview-cards-2nd-take
fix-conversations-background
revert-severed-relationships-feature
features/local-preview-cards
stable-3.5
stable-4.0
stable-3.4
releases/v3.5.17
releases/v4.1.13
releases/v4.2.5
version/v4.3.0-alpha.1
fix/build-env
feature-color-scheme
revert/follow-back-mutual
gh-readonly-queue/main/pr-28626-1ad908e0c08c236389967d86b4f238f428de9fef
fixes/per-user-authorized-fetch
fixes/import-many-follows-overlap
fix-web-thread-sort
test-new-container-build
fixes/24px-icons
features/registration-invite-api
fixes/service-worker-caching
fixes/account-refresh-link-verification
feature-like
tests/introduce-error
fixes/lint-fix
fixes/object-has-own-polyfill
fixes/audio-passthrough
fixes/audit-log-external-confirmation
features/banners
refactor/search-query-parser
remove-profile-directory
redesign/notification-settings
feature-separate-hashtags
fixes/self-destruct-throttle
fixes/subdomain-block-4.1.6
redesign/hashtag-column-follow-button
feature-trend-highlights
revert-23460-fixes/activitypub-hashtag
pg15
prevent-unauthenticated-access-tag-timeline
support-rich-oembed
fix-caniuselite-lockfile
track_unsalvageable_errors
add-publish-button-text-site-setting
nolan/button-a11y
i18n/manage-translations
deps/shakapacker
rubocop-fixes
react18
stable-3.3
stable-3.2
stable-3.1
stable-3.0
stable-2.9
stable-2.8
stable-2.7
stable-2.5
stable-2.6
stable-2.4
v0.1.2
v0.1.1
v0.1.0
v0.6
v0.7
v0.8
v0.9
v0.9.9
v1.0
v1.1
v1.1.1
v1.1.2
v1.2
v1.2.1
v1.2.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4rc1
v1.4rc2
v1.4rc3
v1.4rc4
v1.4rc5
v1.4rc6
v1.5.0
v1.5.0rc1
v1.5.0rc2
v1.5.0rc3
v1.5.1
v1.6.0
v1.6.0rc1
v1.6.0rc2
v1.6.0rc3
v1.6.0rc4
v1.6.0rc5
v1.6.1
v2.0.0
v2.0.0rc1
v2.0.0rc2
v2.0.0rc3
v2.0.0rc4
v2.1.0
v2.1.0rc1
v2.1.0rc2
v2.1.0rc3
v2.1.0rc4
v2.1.0rc5
v2.1.0rc6
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.2.0rc1
v2.2.0rc2
v2.3.0
v2.3.0rc1
v2.3.0rc2
v2.3.0rc3
v2.3.1
v2.3.1rc1
v2.3.1rc2
v2.3.1rc3
v2.3.2
v2.3.2rc1
v2.3.2rc2
v2.3.2rc3
v2.3.2rc4
v2.3.2rc5
v2.3.3
v2.4.0
v2.4.0rc1
v2.4.0rc2
v2.4.0rc3
v2.4.0rc4
v2.4.0rc5
v2.4.1
v2.4.1rc1
v2.4.1rc2
v2.4.1rc3
v2.4.1rc4
v2.4.2
v2.4.2rc1
v2.4.2rc2
v2.4.2rc3
v2.4.3
v2.4.3rc1
v2.4.3rc2
v2.4.3rc3
v2.4.4
v2.4.5
v2.5.0
v2.5.0rc1
v2.5.0rc2
v2.5.1
v2.5.2
v2.6.0
v2.6.0rc1
v2.6.0rc2
v2.6.0rc3
v2.6.0rc4
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.0rc1
v2.7.0rc2
v2.7.0rc3
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.8.0
v2.8.0rc1
v2.8.0rc2
v2.8.0rc3
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.9.0
v2.9.0rc1
v2.9.0rc2
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v3.0.0
v3.0.0rc1
v3.0.0rc2
v3.0.0rc3
v3.0.1
v3.0.2
v3.1.0
v3.1.0rc1
v3.1.0rc2
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.2.0
v3.2.0rc1
v3.2.0rc2
v3.2.1
v3.2.2
v3.3.0
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.3.1
v3.3.2
v3.3.3
v3.4.0
v3.4.0rc1
v3.4.0rc2
v3.4.1
v3.4.10
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.5.0
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.1
v3.5.10
v3.5.11
v3.5.12
v3.5.13
v3.5.14
v3.5.15
v3.5.16
v3.5.17
v3.5.18
v3.5.19
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.5.8
v3.5.9
v4.0.0
v4.0.0rc1
v4.0.0rc2
v4.0.0rc3
v4.0.0rc4
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0rc1
v4.1.0rc2
v4.1.0rc3
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.2
v4.1.20
v4.1.21
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.0-beta1
v4.2.0-beta2
v4.2.0-beta3
v4.2.0-rc1
v4.2.0-rc2
v4.2.1
v4.2.10
v4.2.11
v4.2.12
v4.2.13
v4.2.14
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v4.3.0
v4.3.0-beta.1
v4.3.0-beta.2
v4.3.0-rc.1
v4.3.1
v4.3.2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cab4a71248'
${ noResults }
Commit Graph

5814 Commits (cab4a712482cd8ffb3e5013627ce1c323cc28cfb)

Author SHA1 Message Date
ThibG ca56527140
Add follower synchronization mechanism (#14510) 
* Add support for followers synchronization on the receiving end

Check the `collectionSynchronization` attribute on `Create` and `Announce`
activities and synchronize followers from provided collection if possible.

* Add tests for followers synchronization on the receiving end

* Add support for follower synchronization on the sender's end

* Add tests for the sending end

* Switch from AS attributes to HTTP header

Replace the custom `collectionSynchronization` ActivityStreams attribute by
an HTTP header (`X-AS-Collection-Synchronization`) with the same syntax as
the `Signature` header and the following fields:
- `collectionId` to specify which collection to synchronize
- `digest` for the SHA256 hex-digest of the list of followers known on the
   receiving instance (where “receiving instance” is determined by accounts
   sharing the same host name for their ActivityPub actor `id`)
- `url` of a collection that should be fetched by the instance actor

Internally, move away from the webfinger-based `domain` attribute and use
account `uri` prefix to group accounts.

* Add environment variable to disable followers synchronization

Since the whole mechanism relies on some new preconditions that, in some
extremely rare cases, might not be met, add an environment variable
(DISABLE_FOLLOWERS_SYNCHRONIZATION) to disable the mechanism altogether and
avoid followers being incorrectly removed.

The current conditions are:
1. all managed accounts' actor `id` and inbox URL have the same URI scheme and
   netloc.
2. all accounts whose actor `id` or inbox URL share the same URI scheme and
   netloc as a managed account must be managed by the same Mastodon instance
   as well.

As far as Mastodon is concerned, breaking those preconditions require extensive
configuration changes in the reverse proxy and might also cause other issues.

Therefore, this environment variable provides a way out for people with highly
unusual configurations, and can be safely ignored for the overwhelming majority
of Mastodon administrators.

* Only set follower synchronization header on non-public statuses

This is to avoid unnecessary computations and allow Follow-related
activities to be handled by the usual codepath instead of going through
the synchronization mechanism (otherwise, any Follow/Undo/Accept activity
would trigger the synchronization mechanism even if processing the activity
itself would be enough to re-introduce synchronization)

* Change how ActivityPub::SynchronizeFollowersService handles follow requests

If the remote lists a local follower which we only know has sent a follow
request, consider the follow request as accepted instead of sending an Undo.

* Integrate review feeback

- rename X-AS-Collection-Synchronization to Collection-Synchronization
- various minor refactoring and code style changes

* Only select required fields when computing followers_hash

* Use actor URI rather than webfinger domain in synchronization endpoint

* Change hash computation to be a XOR of individual hashes

Makes it much easier to be memory-efficient, and avoid sorting discrepancy issues.

* Marginally improve followers_hash computation speed

* Further improve hash computation performances by using pluck_each
 4 years ago
abcang 9649ca0fbe
Removed disabling comments for Style/MethodMissingSuper (#15014) 
* Removed disabling comments for Style/MethodMissingSuper

* Update rubocop for codeclimate
 4 years ago
Josh Leeb-du Toit 0c24f4dce2
Add support for Gemini urls (#15013) 
This PR updates the `valid_url` regex and sanitizer allowlist to provide
support for Gemini urls.

Closes #14991
 4 years ago
mayaeh 4130aef29c
Fix translation string (#14986) 4 years ago
mayaeh fb5f3be18f
Fix strings that could not be translated (#14980) 4 years ago
Eugen Rochko a69ca29473
Change how missing desktop notifications permission is displayed (#14985) 
Add missing controls for new notification type
 4 years ago
Takeshi Umeda b4c4af18dc
Fix a bear check when the activity object is nil (#14981) 4 years ago
ThibG 4c45b43cb8
Change how CDN_HOST is passed down to make assets build reproducible (#14381) 
* Change how CDN_HOST is passed down to make assets build reproducible

* Change webpacker/webpack configuration to dynamically load publicPath based on meta header

* Fix embedded layout missing the cdn-host meta header
 4 years ago
OSAMU SATO 96761752ec
Add duration parameter to muting. (#13831) 
* Adding duration to muting.

* Remove useless checks
 4 years ago
ThibG f54ca3d08e
Fix browser notification permission request logic (#13543) 
* Add notification permission handling code

* Request notification permission when enabling any notification setting

* Add badge to notification settings when permissions insufficient

* Disable alerts by default, requesting permission and enable them on onboarding
 4 years ago
Eugen Rochko 5e1364c448
Add IP-based rules (#14963) 4 years ago
ThibG dc52a778e1
Fix issue checking for last unread notification when there are gaps (#14960) 4 years ago
ThibG dac3e362fd
Fix unread notification marker not updating when mounting column (#14954) 4 years ago
Eugen Rochko 7d985f2aac
Remove dependency on goldfinger gem (#14919) 
There are edge cases where requests to certain hosts timeout when
using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now
that we no longer need to support OStatus servers, webfinger logic
is so simple that there is no point encapsulating it in a gem, so
we can just use our own Request class. With that, we benefit from
more robust timeout code and IPv4/IPv6 resolution.

Fix #14091
 4 years ago
ThibG 63770d3aac
Ignore alt-key hotkeys in text fields (#14942) 
Fixes #14862

This used to be the case until #13987, which introduced a hotkey to toggle
the Content Warning field.

Unfortunately, MacOS relies on the “alt” key for many things, including
composing text (see #14862), therefore, even if that makes the CW toggle
hotkey significantly less useful, it makes sense to not interfere with
composing toots.
 4 years ago
mayaeh 5a9ad221bf
Update translation files (#14920) 4 years ago
Eugen Rochko a549415868
Fix regressions in icon buttons in web UI (#14915) 4 years ago
Takeshi Umeda bec8b12bb5
Fix mark as read in notifications to be saved immediately (#14907) 
* Fix mark as read in notifications to be saved immediately

* fix code style
 4 years ago
ThibG 65136600e3
Fix logging out on mobile (#14901) 
Fixes #14900
 4 years ago
ThibG 78e45a5285
Add option to disable swiping motions across the WebUI (#13885) 
Fixes #13882
 4 years ago
Takeshi Umeda f5d08f2417
Fix unread notification markers (#14897) 4 years ago
ThibG 82951920f7
Fix bell button causing a brief “Cancel follow request” on locked accounts (#14896) 4 years ago
Eugen Rochko d88a79b456
Add pop-out player for audio/video in web UI (#14870) 
Fix #11160
 4 years ago
ThibG d60290044e
Add environment variable to allow requests to some private addresses (#14722) 4 years ago
ThibG ff89025979
Add unread notification markers (#14818) 
* Add unread notification markers

Fixes #14804

* Allow IntersectionObserverArticle's children to be updated
 4 years ago
Jeremy Rose 03b6b034b9
add og:published_time to opengraph meta tags (#14865) 4 years ago
Takeshi Umeda b655a7f88f
Fix a slow query for TagFeed (#14861) 
* Fix a slow query for TagFeed

* rename tags to tag_ids
 4 years ago
Takeshi Umeda 070026e634
Fix method of the DELETE DATA button (#14855) 4 years ago
Eugen Rochko 8c8bf0289f
Fix not being able to enable status notifications in Web Push API (#14822) 4 years ago
Eugen Rochko 974b1b79ce
Add option to be notified when a followed user posts (#13546) 
* Add bell button

Fix #4890

* Remove duplicate type from post-deployment migration

* Fix legacy class type mappings

* Improve query performance with better index

* Fix validation

* Remove redundant index from notifications
 4 years ago
ThibG eaea2311aa
Fix home TL marker code mishandling gaps (#14809) 4 years ago
ThibG aab867b0e8
Fix notification filter bar incorrectly filtering gaps (#14808) 4 years ago
kawaguchi 5d3c8baa9a
Fix validates :sign_count of WebauthnCredential (#14806) 4 years ago
Eugen Rochko ed099d8bdc
Change account suspensions to be reversible by default (#14726) 4 years ago
Eugen Rochko bbcbf12215
Fix unreadable placeholder text color in high contrast theme in web UI (#14803) 
Fix #14717
 4 years ago
ThibG b67caf9be4
Add paragraph about browser add-ons when encountering some errors (#14801) 
* Add paragraph about browser add-ons when encountering some errors

When a crash is caused by a NotFoundError exception, add a paragraph
to the error page mentioning browser add-ons.

Indeed, crashes with NotFoundError are often caused by browser extensions
messing with the DOM in ways React.JS can't recover from (e.g. issues #13325
and #14731).

* Reword error messages
 4 years ago
ThibG cd4ec7cd74
Do not serve account actors at all in limited federation mode (#14800) 
* Do not serve account actors at all in limited federation mode

When an account is fetched without a signature from an allowed instance,
return an error.

This isn't really an improvement in security, as the only information that was
previously returned was required protocol-level info, and the only personal bit
was the existence of the account. The existence of the account can still be
checked by issuing a webfinger query, as those are accepted without signatures.

However, this change makes it so that unallowed instances won't create account
records on their end when they find a reference to an unknown account.

The previous behavior of rendering a limited list of fields, instead of not
rendering the actor at all, was in order to prevent situations in which two
instances in Authorized Fetch mode or Limited Federation mode would fail to
reach each other because resolving an account would require a signed query…
from an account which can only be fetched with a signed query itself. However,
this should now be fine as fetching accounts is done by signing on behalf of
the special instance actor, which does not require any kind of valid signature
to be fetched.

* Fix tests
 4 years ago
Eugen Rochko 42c4322ce7
Fix reported statuses not being included in warning e-mail (#14778) 4 years ago
tateisu fa0c71f0d9
allow pagination by min_id and max_id (#14776) 
* allow pagination by min_id and max_id

* also AccountConversation allows min_id,max_id pair

* also home,list TL allows min_id,max_id pair
 4 years ago
Eugen Rochko 4e4b3a0c8e
Refactor settings controllers (#14767) 
- Disallow suspended accounts from revoking sessions and apps
- Allow suspended accounts to access exports
 4 years ago
Eugen Rochko e6b272e5c9
Change REST API to return empty data for suspended accounts (#14765) 4 years ago
ThibG 91eecd1b3c
Add border around 🕺 emoji (#14769) 
Fixes #14768
 4 years ago
Eugen Rochko fcb9350ff8
Change web UI to show empty profile for suspended accounts (#14766) 4 years ago
Eugen Rochko 65760f59df
Refactor feed manager (#14761) 4 years ago
ThibG 517af45e32
Fix multiple boosts of a same toot erroneously appearing in TL (#14759) 
* Check for and record reblog info atomically

Instead of using ZREVRANK to determine whether a reblog is a new reblog or not,
use ZADD's NX option to perform the check/addition option atomically.

* Replace ZREVRANK call with ZSCORE key which is more efficient

* Make tests a bit stricter

* Fix off-by-one
 4 years ago
abcang e79d719e92
Changed tag most_used to recently_used (#14760) 4 years ago
Eugen Rochko e8bc187845
Refactor how public and tag timelines are queried (#14728) 4 years ago
Eugen Rochko a6121a159c
Remove obsolete IndexedDB operations from web UI (#14730) 
Storing objects in IndexedDB was disabled in #7932, but we were
still trying to read objects from it before making an API call
 4 years ago
Takeshi Umeda 272aa4a109
Fix direct visibility style for light theme (#14727) 4 years ago
ThibG abee40b232
Add outbox attribute to instance actor (#14721) 
It's not useful for now, but it's required by ActivityPub
 4 years ago