Additionally, ActivityPub::FetchRemoteStatusService no longer parses
activities.
OStatus::Activity::Creation no longer delegates to ActivityPub because
the provided ActivityPub representations are not signed while OStatus
representations are.
* Return sensible HTTP status for ActivityPub inbox processing
* Return sensible HTTP status for salmon slap processing
* Return additional information to debug signature verification failures
* Add pagination in media modal
* Change array name
* Add an element class
* Avoid nested class
* Pull out the active class
* Use map instead of forEach
* Remove parentheses
* yarn manage:translations
* Add Japanese translations for #5170
* Add Japanese translations for #5123
* Add Japanese translations for #5046
* Add Japanese translations for #5099
* Add Japanese translations for #5161
* "項目" -> "絵文字"
aria-label contained body of status with content warning, which should be
hidden by default. Remove the label for the case and other cases due to
consistency.
* Make IdsToBigints (mostly!) non-blocking
This pulls in GitLab's MigrationHelpers, which include code to make
column changes in ways that Postgres can do without locking. In general,
this involves creating a new column, adding an index and any foreign
keys as appropriate, adding a trigger to keep it populated alongside
the old column, and then progressively copying data over to the new
column, before removing the old column and replacing it with the new
one.
A few changes to GitLab's MigrationHelpers were necessary:
* Some changes were made to remove dependencies on other GitLab code.
* We explicitly wait for index creation before forging ahead on column
replacements.
* We use different temporary column names, to avoid running into index
name length limits.
* We rename the generated indices back to what they "should" be after
replacing columns.
* We rename the generated foreign keys to use the new column names when
we had to create them. (This allows the migration to be rolled back
without incident.)
# Big Scary Warning
There are two things here that may trip up large instances:
1. The change for tables' "id" columns is not concurrent. In
particular, the stream_entries table may be big, and does not
concurrently migrate its id column. (On the other hand, x_id type
columns are all concurrent.)
2. This migration will take a long time to run, *but it should not
lock tables during that time* (with the exception of the "id"
columns as described above). That means this should probably be run
in `screen` or some other session that can be run for a long time.
Notably, the migration will take *longer* than it would without
these changes, but the website will still be responsive during that
time.
These changes were tested on a relatively large statuses table (256k
entries), and the service remained responsive during the migration.
Migrations both forward and backward were tested.
* Rubocop fixes
* MigrationHelpers: Support ID columns in some cases
This doesn't work in cases where the ID column is referred to as a
foreign key by another table.
* MigrationHelpers: support foreign keys for ID cols
Note that this does not yet support foreign keys on non-primary-key
columns, but Mastodon also doesn't yet have any that we've needed to
migrate.
This means we can perform fully "concurrent" migrations to change ID
column types, and the IdsToBigints migration can happen with effectively
no downtime. (A few operations require a transaction, such as renaming
columns or deleting them, but these transactions should not block for
noticeable amounts of time.)
The algorithm for generating foreign key names has changed with this,
and therefore all of those changed in schema.rb.
* Provide status, allow for interruptions
The MigrationHelpers now allow restarting the rename of a column if it
was interrupted, by removing the old "new column" and re-starting the
process.
Along with this, they now provide status updates on the changes which
are happening, as well as indications about when the changes can be
safely interrupted (when there are at least 10 seconds estimated to be
left before copying data is complete).
The IdsToBigints migration now also sorts the columns it migrates by
size, starting with the largest tables. This should provide
administrators a worst-case scenario estimate for the length of
migrations: each successive change will get faster, giving admins a
chance to abort early on if they need to run the migration later. The
idea is that this does not force them to try to time interruptions
between smaller migrations.
* Fix column sorting in IdsToBigints
Not a significant change, but it impacts the order of columns in the
database and db/schema.rb.
* Actually pause before IdsToBigints
* Fix order of paginated accounts in FollowerDomainsController
Unordered pagination could result in unexpected behavior.
* Cover Settings::FollowerDomainsController more
Translate "about" page, several settings pages, data export/import,
sessions overview, authorized followers page, account deletion page.
More consistent use of words:
- A toot is a Beitrag.
- An account is a Konto.
Some small improvements.
I see no reason to allow more than that. Usually a redirect is
HTTP->HTTPS, then maybe URL structure changed, but more than that
is highly unlikely to be a legitimate use case.
If the signature could not be verified and the webfinger of the account
was last retrieved longer than the cache period, try re-resolving the
account and then attempting to verify the signature again
* Fix#117 - Add ability to specify alternative text for media attachments
- POST /api/v1/media accepts `description` straight away
- PUT /api/v1/media/:id to update `description` (only for unattached ones)
- Serialized as `name` of Document object in ActivityPub
- Uploads form adjusted for better performance and description input
* Add tests
* Change undo button blend mode to difference
- Previously they wouldn't receive it unless they were author's
followers
- Skip unpush from public/hashtag timelines if status wasn't
public in the first place
- 500.html generated with admin-set default locale if set
- Error page `<title>` includes Mastodon site title
- 500 title changed to "This page is not
correct" (ref: <https://www.youtube.com/watch?v=2VCAP_seh1A>)
- 500 content appended with "on our end" to make clear it's
not user's fault
A new rake task emojis:generate downloads a full list of valid
unicode sequences from unicode.org and checks it against existing
Twemoji files, finally generating a map from each sequence to the
existing file (e.g. when there's multiple ways an emoji can be
expressed). The map is dumped into app/javascript/mastodon/emoji_map.json
That file is loaded by emojione_light.js (now a misnomer) which
decorates it further with shortcodes taken from emoji-mart's index.
We added horizontal layout to preview card for wide image. However, max height of the thumbnail is still limited to 120px and it makes nearly square images to too small for that layout.
This PR increases max height as well as max width.
* Add emoji autosuggest
Some credit goes to glitch-soc/mastodon#149
* Remove server-side shortcode->unicode conversion
* Insert shortcode when suggestion is custom emoji
* Remove remnant of server-side emojis
* Update style of autosuggestions
* Fix wrong emoji filenames generated in autosuggest item
* Do not lazy load emoji picker, as that no longer works
* Fix custom emoji autosuggest
* Fix multiple "Custom" categories getting added to emoji index, only add once
Currently we're using a list of MIME types for `accept` attribute on `input[type="file"]` for filter options of file picker, and actual file extensions will be infered by browsers. However, infered extensions may not include our expected items. For example, "image/jpeg" seems to be infered to
only ".jfif" extension in Firefox.
To ensure common file extensions are in the list, this PR adds file extensions in addition to MIME types. Also having items in both format is encouraged by HTML5 spec.
https://www.w3.org/TR/html5/forms.html#file-upload-state-(type=file)
* Fix JavaScript interface with long IDs
Somewhat predictably, the JS interface handled IDs as numbers, which in
JS are IEEE double-precision floats. This loses some precision when
working with numbers as large as those generated by the new ID scheme,
so we instead handle them here as strings. This is relatively simple,
and doesn't appear to have caused any problems, but should definitely
be tested more thoroughly than the built-in tests. Several days of use
appear to support this working properly.
BREAKING CHANGE:
The major(!) change here is that IDs are now returned as strings by the
REST endpoints, rather than as integers. In practice, relatively few
changes were required to make the existing JS UI work with this change,
but it will likely hit API clients pretty hard: it's an entirely
different type to consume. (The one API client I tested, Tusky, handles
this with no problems, however.)
Twitter ran into this issue when introducing Snowflake IDs, and decided
to instead introduce an `id_str` field in JSON responses. I have opted
to *not* do that, and instead force all IDs to 64-bit integers
represented by strings in one go. (I believe Twitter exacerbated their
problem by rolling out the changes three times: once for statuses, once
for DMs, and once for user IDs, as well as by leaving an integer ID
value in JSON. As they said, "If you’re using the `id` field with JSON
in a Javascript-related language, there is a very high likelihood that
the integers will be silently munged by Javascript interpreters. In most
cases, this will result in behavior such as being unable to load or
delete a specific direct message, because the ID you're sending to the
API is different than the actual identifier associated with the
message." [1]) However, given that this is a significant change for API
users, alternatives or a transition time may be appropriate.
1: https://blog.twitter.com/developer/en_us/a/2011/direct-messages-going-snowflake-on-sep-30-2011.html
* Additional fixes for stringified IDs in JSON
These should be the last two. These were identified using eslint to try
to identify any plain casts to JavaScript numbers. (Some such casts are
legitimate, but these were not.)
Adding the following to .eslintrc.yml will identify casts to numbers:
~~~
no-restricted-syntax:
- warn
- selector: UnaryExpression[operator='+'] > :not(Literal)
message: Avoid the use of unary +
- selector: CallExpression[callee.name='Number']
message: Casting with Number() may coerce string IDs to numbers
~~~
The remaining three casts appear legitimate: two casts to array indices,
one in a server to turn an environment variable into a number.
* Back out RelationshipsController Change
This was made to make a test a bit less flakey, but has nothing to
do with this branch.
* Change internal streaming payloads to stringified IDs as well
Per
https://github.com/tootsuite/mastodon/pull/5019#issuecomment-330736452
we need these changes to send deleted status IDs as strings, not
integers.
* Add support for selecting a theme
* Fix codeclimate issues
* Look up site default style if current user is not available due to e.g. not being logged in
* Remove outdated comment in common.js
* Address requested changes in themes PR
* Fix codeclimate issues
* Explicitly check current_account in application controller and only check theme availability if non-nil
* codeclimate
* explicit precedence with &&
* Fix code style in application_controller according to @nightpool's suggestion, use default style in embedded.html.haml
* codeclimate: indentation + return
* Custom emoji
- In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />`
- In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }`
- In REST API: Status object includes `emojis` array (`shortcode`, `url`)
- Domain blocks with reject media stop emojis
- Emoji file up to 50KB
- Web UI handles custom emojis
- Static pages render custom emojis as `<img />` tags
Side effects:
- Undo #4500 optimization, as I needed to modify it to restore
shortcode handling in emojify()
- Formatter#plaintext should now make sure stripped out line-breaks
and paragraphs are replaced with newlines
* Fix emoji at the start not being converted
* So Spanish. Much changes. Wow.
* Some little fixes
* Updated es.yml, and fixed some ortographical errors
* Some little changes to simple_form.es.yml
* Yeah, so much translations
* Spanish e-mail messages
* Remove unused message
We had returned `nil` for that case, but this raises an error instead, as a wrong usage of the method.
This method is currently only used in ActivitySerializer.
* zh-*: transition from "like" back to "fav"
This commit reverts the translation for the yellow-star "fav" button
back to "fav" in Chinese. Some ambuiguity between "like" and "fav" is
deliberately used in zh-TW/HK by using the existing phrase "最爱"
(favorite (adj.), lit. love-most) instead of "收藏" (favourite (v.),
"collect") in some instances.
Fixes#3511.
* zh-*: apply suggestions for PR #4557
* zh-cn: de-monetize ya account
In Chinese two separate characters, 账 and 帐, can be used to spell the
word for account (账/帐户). However, the one with a 贝 on the left is
evolved from the latter specifically for monetary purposes. Since
people usually can't figure out which one to use, it might be a good
idea to use the original not-so-money one.
* zh-*: complete jsx translation
* Adjust landing pages 2
Fix styles of terms page
Remove action buttons from timeline in about page
Adjust styles of short description
Adjust form inputs
Set autocomplete off for username and email box in registration form. Remove line breakings.
* Revert removing action buttons
`Status#reply?` may returns true even if the thread is missing.
e.g. the replied status was deleted or couldn't be fetched.
Then it raises NoMethodError on various AP json serialization.
This issue won't happen on Atom serialization because it checks thread
existence using `StreamEntry#threaded?` instead.
* Fix behavior while the button is invisible
e.g. pointer cursor, couldn't open contextmenu
* Avoid rendering the button to remove blank space if no more items are available or no items are rendered
* Revert "Enable UniqueRetryJobMiddleware even when called from sidekiq worker (#4836)"
This reverts commit 6859d4c028.
* Revert "Do not execute the job with the same arguments as the retry job (#4814)"
This reverts commit be7ffa2d75.
* l10n update for Redesign video player (#4911)
* Update videp
* Update
I hope this time format works well.
* One missing string
* Update time format
I'd like the complete name of the month in the Long format and the short one in the short format.
I hope it works now
* Support OpenGraph video embeds
It's not really OpenGraph, it's twitter:player property, but it's
not OEmbed so that fits. For example, this allows Twitch clips to
be displayed as embeds.
Also, fixesglitch-soc/mastodon#135
* Fix invalid OpenGraph cards being saved through attaching and
revisit URLs after 14 days
* Redesign video player
* Use new video player on static public pages too
* Use media gallery component on static public pages too
* Pause video when hiding it
* Full-screen sizing on WebKit
* Add aria labels to video player buttons
* Display link card on public status page
* Fix fullscreen from modal sizing issue
* Remove contain: strict property to fix fullscreen from columns
* Fix ActivityPub handling of replies when LOCAL_DOMAIN ≠ WEB_DOMAIN (#4895)
For all intents and purposes, `local_url?` is used to check if an URL refers
to the Web UI or the various API endpoints of the local instances. Those things
reside on `WEB_DOMAIN` and not `LOCAL_DOMAIN`.
* Change local_url? spec, as all URLs handled by Mastodon are based on WEB_DOMAIN
* Whenever a remote keypair changes, unfollow them and re-subscribe to them
In Mastodon (it could be different for other OStatus or AP-enabled software),
a keypair change is indicative of whole user (or instance) data loss. In this
situation, the “new” user might be different, and almost certainly has an empty
followers list. In this case, Mastodon instances will disagree on follower
lists, leading to unreliable delivery and “shadow followers”, that is users
believed by a remote instance to be followers, without the affected user
knowing.
Drawbacks of this change are:
1. If an user legitimately changes public key for some reason without losing
data (not possible in Mastodon at the moment), they will have their remote
followers unsubscribed/re-subscribed needlessly.
2. Depending of the number of remote followers, this may generate quite some
traffic.
3. If the user change is an attempt at usurpation, the remote followers will
unknowingly follow the usurper. Note that this is *not* a change of
behavior, Mastodon already behaves like that, although delivery might be
unreliable, and the usurper would not have known the former user's
followers.
* Rename ResubscribeWorker to RefollowWorker
* Process followers in batches
This PR adds section for protocol specific information, then always show
both of OStatus and ActivityPub. Specifically, this will help admins to
check PuSH subscription status and unsubscribe manually, even `protocol`
has been changed.
This also includes below changes:
* Add `overflow: hidden` to prevent float leaking
* Add missing fields for ActivityPub
They are marked as read-only by Rails, but we know what we are doing,
so we are un-marking them as such.
The mastodon:maintenance:update_counter_caches task is not really
supposed to be run anymore (it was a one-time thing during an upgrade)
however, just in case, I have modified it to not touch ActivityPub
accounts.
Also, no point writing to logger from these rake tasks, since they
are not to be run from cron. Better to give stdout feedback.
When a new user confirms their e-mail, bootstrap their home timeline
by automatically following a set of accounts. By default, all local
admin accounts (that are unlocked). Can be customized by new admin
setting (comma-separated usernames, local and unlocked only)
Resolved:
* Lot of redundant renders while mouse moving
* Scroll jumping when timeline loaded
* Scroll position isn't kept when statuses below the scrollTop was deleted then new status arrived
Unresolved:
* Scroll position isn't kept when statuses over the scrollTop was deleted then new status arrived
-> It needs to know which statuses are over the scrollTop
* New status indicator should be active when new statuses arrived while mouse moved recently
-> It needs a) update indicator in ScrollableList, or b) set scrollTop status while mouse moving
To reflect status posting immediately, we've inserted the status into timelines directly. However, status insertion changes "latest status", and it means next timeline refresh only fetches statuses since the inserted status. This behavior is very bad for disconnected timeline and mobile views.
After this patch, it refreshes timeline for disconnected timelines, instead of direct insertion.
In before, the method uses stream_entry id as status id, so replied status was wrongly selected.
This PR uses StatusFinder which was introduced with `Api::Web::EmbedsController`.
* Fix language filter codes
CLD3 returns BCP-47 language identifier, filter settings expect
identifiers in the ISO 639-1 format. Convert between formats,
and exclude duplicate languages from filter choices (zh-CN->zh)
* Fix zh name
* Add Pinned_toot_section
* Fix add frozen_string_literal
* Fix delete no need controller and tests
* Fix replace query strings to axios params
* Fix change value to accountId and disabling more button
* Decouple Status#local? from uri being nil
* Replace on-the-fly URI generation with stored URIs
- Generate URI in after_save hook for local statuses
- Use static value in TagManager when available, fallback to tag format
- Make TagManager use ActivityPub::TagManager to understand new format
- Adjust tests
* Use other heuristic for locality of old statuses, do not perform long query
* Exclude tombstone stream entries from Atom feed
* Prevent nil statuses from landing in Pubsubhubbub::DistributionWorker
* Fix URI not being saved (#4818)
* Add more specs for Status
* Save generated uri immediately
and also fix method order to minimize diff.
* Fix alternate HTML URL in Atom
* Fix tests
* Remove not-null constraint from statuses migration to speed it up
* Adjust status embeds
Adjust styles of embed code. Adjust styles of embed pages. Fix overflow of embed-modal.
* Remove trailing whitespace
* Using width from the variable
- Fix assumption that `url` is always a string. Handle it if it's an
array of strings, array of objects, object, or string, both for
accounts and for objects
- `sharedInbox` is actually supposed to be under `endpoints`, handle
both cases and adjust the serializer
* Make "unfollow" undo pending outgoing follow request too
* Add cancel button to web UI when awaiting follow request approval
* Make the hourglass button do the cancelling
* Raise an error for remote url in StatusFinder
Previous implementation had allowed remote url with status id which also exists on local.
Then that bug leads /api/web/embed to return wrong embed url.
* Fix oembed_controller_spec
* UploadArea should only preventDefault for Escape
This will make accessibility for some things less effortful, since we won't have to define a prior event handler to do whatever should be happening by default.
* Remove workaround for fixed bug in SettingToggle
SettingToggle was toggling itself in response to keydown of space, and then the keyup was doing it again
Using _: property names is discouraged, as in the future,
canonicalization may throw an error when encountering that instead
of discarding it silently like it does now.
We are defining some ActivityStreams properties which we expect
to land in ActivityStreams eventually, to ensure that future versions
of Mastodon will remain compatible with this even once that happens.
Those would be `locked`, `sensitive` and `Hashtag`
We are defining a custom context inline for some properties which we
do not expect to land in any other context. `atomUri`, `inReplyToAtomUri`
and `conversation` are part of the custom defined OStatus context.
* Fix a style issue on the public profile page for some mobile browsers
Signed-off-by: Cygnan <email@cygnan.com>
* Set padding-bottom to 20px
Signed-off-by: Cygnan <email@cygnan.com>
* Make PreviewCard records reuseable between statuses
**Warning!** Migration truncates preview_cards tablec
* Allow a wider thumbnail for link preview, display it in horizontal layout (#4648)
* Delete preview cards files before truncating
* Rename old table instead of truncating it
* Add mastodon:maintenance:remove_deprecated_preview_cards
* Ignore deprecated_preview_cards in schema definition
* Fix null behaviour
- Ask for desktop notifications after 1 minute of use instead of
instantly
- Ask for protocol handler permission after 5 minutes of use
instead of instantly
* Make the fr locales up-to-date with the last changes (new profile view, applications)
* Use the same wording for toots in fr.yml and fr.json
* Translate the pin related strings
* Translate pin-related locales on the front-end
* Add missing locales in doorkeeper.fr.yml and remove un-used ones
* Change "posts" back to "status" in the /about/more page in fr.yml
* Fix typos for "status" in fr.yml
* fix typo for "status" in fr.json
* Remove duplicate string
* Non-breaking space before punctuation
* 'Better' translation for "unpin"
* Put back 'pouet' where it was already
* Fix
* Fix
* Refactor Web::PushSubscription, remove welcome message
* Add missing helper
* Use locale of the receiver on push notifications (#4519)
* Remove unused translations
* Fix dir on notifications
Currently, private / direct posts via OStatus from AP compatible instance will be dropped due to failing to fetch AP version.
So this fallbacks to OStatus handling:
* when failed to fetch ActivityPub version
* when status is neither :public nor :unlisted
This will make accessibility for some things less effortful, since we won't have to define a prior event handler to do whatever should be happening by default.
* Guarantee Subscription service first account has proper URL details
Subscription Service potentially could break if the first user suspended
themselves, creating a situation where the urls that populate throughout
subscription service's PuSH request would cause the remote API to throw 503 errors.
Guaranteeing that the first account picked is not suspended prevents this problem.
* Fix style issue
- Use statuses controller for embeds instead of stream entries controller
- Prefer /@:username/:id/embed URL for embeds
- Use /@:username as author_url in OEmbed
- Add follow link to embeds which opens web intent in new window
- Use redis cache in development
- Cache entire embed
Requires moving Atom rendering from DistributionWorker (where
`stream_entry.status` is already nil) to inline (where
`stream_entry.status.destroyed?` is true) and distributing that.
Unfortunately, such XML renderings can no longer be easily chained
together into one payload of n items.
Commit 9d1f8b9d6a scrolls the columns area
when the route changes since the user is likely to want to see the
rightmost column in such cases.
However, redirection is automatic and does not indicate users' intension.
Do not scroll the columns area due to one.
* Adjust "signed in as" pages
Fix min-width
Set width of .account-header .name
To apply text-overflow and overflow settings
Set overflow for detailed-status__display-name
* Remove trailing whitespace
* Adjust account-grid in public profiles
Full-width card on mobile UI. Set break-word for long name and ID. Fix margin.
* Reduce padding-bottom of public profiles
* Revive next prev buttons in mobile public profiles
In followers followees pages.
* Revert break-word for username
* Fix overflow of display_name
Need re-setting text-overflow and overflow in display: block;
SerializarbleResource#as_json serializes to Symbol keyed Hash, but current
implementation of LinkedDataSignature expects String keyed Hash.
So it generates broken payload.
* Add handling of Linked Data Signatures in payloads
* Add a way to sign JSON, fix canonicalization of signature options
* Fix signatureValue encoding, send out signed JSON when distributing
* Add missing security context
* Added new translations of error messages, block and mute domains and users
* Added new translations of error messages, block and mute domains and users