Commit Graph

85 Commits (dbb1ee269fa4a6ee097dfea5f77bb2c9428af93b)

Author SHA1 Message Date
Eugen Rochko 9311430ed7
Prevent multiple handlers for Delete of Actor from running (#9292) 6 years ago
ThibG 7f5a4be580 Fix emoji update date processing (#9255) 6 years ago
Eugen Rochko be202f9377
Accept the same payload in multiple inboxes and deliver (#9150) 6 years ago
m.b 2b18f5f85d Add Page AP type support (#9121) 6 years ago
ThibG e53cc673e7 Ignore invalid hashtags on remote statuses instead of rejecting them (#9118)
Fixes #9115
6 years ago
ThibG 82e7988afc Fix missing `mention` argument when processing incoming Create activities (#9114)
* Fix missing `mention` argument when processing incoming Create activities

* Fix typo (param → params)
6 years ago
Eugen Rochko d4cf963749
Allow inbox owner to view implicitly targeted ActivityPub payload (#9093)
Fix #9091
6 years ago
Eugen Rochko fd5285658f
Add option to block reports from domain (#8830) 6 years ago
Eugen Rochko ddd30f331c
Improve support for aspects/circles (#8950)
* Add silent column to mentions

* Save silent mentions in ActivityPub Create handler and optimize it

Move networking calls out of the database transaction

* Add "limited" visibility level masked as "private" in the API

Unlike DMs, limited statuses are pushed into home feeds. The access
control rules between direct and limited statuses is almost the same,
except for counter and conversation logic

* Ensure silent column is non-null, add spec

* Ensure filters don't check silent mentions for blocks/mutes

As those are "this person is also allowed to see" rather than "this
person is involved", therefore does not warrant filtering

* Clean up code

* Use Status#active_mentions to limit returned mentions

* Fix code style issues

* Use Status#active_mentions in Notification

And remove stream_entry eager-loading from Notification
6 years ago
Eugen Rochko 61d44dd11f
Fix typo in ActivityPub Create handler (#8952)
Regression from #8951
6 years ago
Eugen Rochko 790d3bc637
Move network calls out of transaction in ActivityPub handler (#8951)
Mention and emoji code may perform network calls, but does not need
to do that inside the database transaction. This may improve availability
of database connections when using pgBouncer in transaction mode.
6 years ago
ThibG ba444797d2 Fix handling of ActivityPub activities lacking some attributes (#8864) 6 years ago
Eugen Rochko ef69c655cc
Fix class autoloading issue in ActivityPub::Activity::Create (#8820) 6 years ago
Eugen Rochko f4d549d300
Redesign forms, verify link ownership with rel="me" (#8703)
* Verify link ownership with rel="me"

* Add explanation about verification to UI

* Perform link verifications

* Add click-to-copy widget for verification HTML

* Redesign edit profile page

* Redesign forms

* Improve responsive design of settings pages

* Restore landing page sign-up form

* Fix typo

* Support <link> tags, add spec

* Fix links not being verified on first discovery and passive updates
6 years ago
Eugen Rochko cabdbb7f9c
Add CLI task for rotating keys (#8466)
* If an Update is signed with known key, skip re-following procedure

Because it means the remote actor did *not* lose their database

* Add CLI method for rotating keys

    bin/tootctl accounts rotate [USERNAME]

Generates a new RSA key per account and sends out an Update activity
signed with the old key.

* Key rotation: Space out Update fan-outs every 5 minutes per 1000 accounts

* Skip suspended accounts in key rotation
6 years ago
M Somerville 95bd0d4528 Support ActivityStreams’ summaryMap. (#8422)
In the same way as contentMap and nameMap.
6 years ago
ThibG 42573b76f1 Do not crash if remote custom emoji does not define updated date (fixes #8376) (#8377) 6 years ago
ThibG 59f7f4c923 Implement Undo { Accept { Follow } } (fixes #8234) (#8245)
* Add Follow#revoke_request!

* Implement Undo { Accept { Follow } } (fixes #8234)
6 years ago
ThibG 1ee675d68b Use correct activity id in Accept when receiving duplicate Follow (fixes #8218) (#8244) 6 years ago
Eugen Rochko 39e361a56d
Expect relays to answer with accept/reject (#8179) 7 years ago
Eugen Rochko 6ba7d9d0d9
Do not accept ActivityPub follow requests from blocked user (#7756)
* Do not accept ActivityPub follow requests from blocked user

Fix #7745

* Deliver auto-rejection immediately when follow-requested by blocked account

* Fix trailing whitespace
7 years ago
Eugen Rochko 1e938b966e
Exclude unlisted, private and direct toots from affecting trends (#7686) 7 years ago
Eugen Rochko ab36e0ef72 Record trending tags from ActivityPub, too (#7647) 7 years ago
ThibG cdbdf7f98b Ignore multiple occurrences of a hashtag within a status (fixes #7585) (#7606) 7 years ago
Eugen Rochko 57b503d4ef
Resolve unknown status from Add activity, skip Remove if unknown (#7526)
Fix #7518
7 years ago
Akihiko Odaki 55fd55714a Raise Mastodon::RaceConditionError if Redis lock failed (#7511)
An explicit error allows user agents to know the error and Sidekiq to
retry.
7 years ago
ThibG 7467361d70 Fetch boosted statuses on behalf of a follower (fixes #7426) (#7459)
When an ActivityPub Announce is processed and the boosted toot is not known,
fetch it on behalf of one of the booster's followers. This is to allow
fetching self-boosts of previously-unknown private toots.

If fetching on behalf of a user fails, try fetching it anonymously: the
selected follower of a boosting user may be banned by the boosted toot's
author.
7 years ago
Eugen Rochko 6793bec4c6
Store URIs of follows, follow requests and blocks for ActivityPub (#7160)
Same URI passed between follow request and follow, since they are
the same thing in ActivityPub. Local URIs are generated during
creation using UUIDs and are passed to serializers.
7 years ago
ThibG a24605961a Fixes/do not override timestamps (#7336)
* Revert "Fixes/do not override timestamps (#7331)"

This reverts commit 581a5c9d29.

* Document Snowflake ID corner-case a bit more

Snowflake IDs are used for two purposes: making object identifiers harder to
guess and ensuring they are in chronological order. For this reason, they
are based on the `created_at` attribute of the object.

Unfortunately, inserting items with older snowflakes IDs will break the
assumption of consumers of the paging APIs that new items will always have
a greater identifier than the last seen one.

* Add `override_timestamps` virtual attribute to not correlate snowflake ID with created_at
7 years ago
ThibG 581a5c9d29 Fixes/do not override timestamps (#7331)
* Do not override timestamps for incoming toots

* Remove every reference to override_timestamps

Statuses are now created with the announced publishing date
and are only pushed to timelines if that date is at most
6 hours earlier than the time at which it is processed.
7 years ago
ThibG d0cdd5cf94 Accept actor object updates from all supported actor types (#7312) 7 years ago
Surinna Curtis dc786c0cf4 Support Actors/Statuses with multiple types (#7305)
* Add equals_or_includes_any? helper in JsonLdHelper

* Support arrays in JSON-LD type fields for actors/tags/objects.

* Spec for resolving accounts with extension types

* Style tweaks for codeclimate
7 years ago
Eugen Rochko b5726def55
Forward deletes on the same path as reply forwarding (#7058)
* Forward deletes on the same path as reply forwarding

* Remove trailing whitespace
7 years ago
ThibG e573bb0990 Fix compatibility with PeerTube (#6968)
* Support fetching objects of convertible types by URL (fixes #6924)

* Ignore invalid hashtags
7 years ago
ThibG 9ed5eebd7c Do not ignore unknown media attachments, only skip them (#6948)
That way, they are displayed in a list below the corresponding toot.
7 years ago
Eugen Rochko f02411da40
Ignore media validation when attaching to status during processing (#6822)
Fix #6821
7 years ago
MitarashiDango 6dcf96271e fix validation error (media only status) (#6684)
* fix validation error (media only status)

* Incorporating review suggestions

* Reflect similar fix to OStatus side

* Fix not to include media in transaction

* Restore the limit of the number of media

* Fix not to return nil
7 years ago
Eugen Rochko e6520c0270
Fix #6657 - Use target instead of origin in Remove activity (#6664) 7 years ago
Eugen Rochko 9110db41c5
Federate pinned statuses over ActivityPub (#6610)
* Federate pinned statuses over ActivityPub

* Display pinned toots in web UI

Fix #6117

* Fix migration

* Fix tests

* Update outbox_serializer.rb

* Update remove_serializer.rb

* Update add_serializer.rb

* Update fetch_featured_collection_service.rb
7 years ago
Eugen Rochko e852872846
Fix #5708: Reject->Follow will remove the follow if it exists (#6571) 7 years ago
Eugen Rochko 41a01bec23
Federated reports (#6570)
* Fix #2176: Federated reports

* UI for federated reports

* Add spec for ActivityPub Flag handler

* Add spec for ReportService
7 years ago
Eugen Rochko 90f12f2e5a
Focal points (#6520)
* Add focus param to media API, center thumbnails on focus point

* Add UI for setting a focal point

* Improve focal point icon on upload item

* Use focal point in upload preview

* Add focalPoint property to ActivityPub

* Don't show focal point button for non-image attachments
7 years ago
Akihiko Odaki 0be9a1e321 Accept ActivityPub announce from the author of the original note (#6236) 7 years ago
Eugen Rochko 35b84985a8
Skip ActivityPub Announces of non-public objects (#6230)
* Skip ActivityPub Announces of non-public objects

* Skip OStatus reblogs of non-public statuses
7 years ago
Eugen Rochko dbda87c31f
Revert #5772 (#6221) 7 years ago
Eugen Rochko e4a241abef
Fix bad URL schemes being accepted (#6219)
* Fix actors accepting invalid URI schemes or different host between URI and URL

* Fix statuses accepting invalid URI scheme or different host to actor

* Adjust tests to new requirements

* Improve readability of mismatching_origin?/invalid_origin? methods
7 years ago
puckipedia 0eff42d688 Move Article from supported to converted types (#6218) 7 years ago
Akihiko Odaki 161c72d66d Allow to dereference Follow object for ActivityPub (#5772)
* Allow to dereference Follow object for ActivityPub

* Accept IRI as object representation for Accept activity
7 years ago
Eugen Rochko d60fd87e01
Don't leave behind husk of remotely-deleted profile (#6159)
There's no reason for an Account record to persist after Delete->Actor is received. SuspendAccountService is necessary to make sure deleted toots get sent over streaming API properly and home feeds get cleaned up. By removing Account record, we can ensure that if in the future the account is restored remotely (or username reused), it can start with a clean slate.
7 years ago
abcang 3caec1ecc2 Save media outside transaction (#5959) 7 years ago