- cli: followed upstream
- version.rb: followed upstream, since we can use environment variables for the suffix now
- lib/paperclip: chose their spoof detector
- lib/sanitize: merged h1-h6 into supported elements, allowed translated attribute
- config/environments: follow upstream
- config/initializers: follow upstream
- config/application.rb: follow upstream
- config/locales: translations with %{title} prefix were replaced with hardcoded "Mastodon:" prefixes, should be fixed afterwards
it's inconsistent anyway right now
- config/settings: removed settings that were removed in upstream
- config/routes: followed upstream, due to API restructurings. Is there some hometown-specific API stuff that might be missing now?
- spec/: followed upstream, might have lost hometown-specific tests, but I haven't found any on a quick check
- .ruby-version, Gemfile, etc.: upstream
- .github/workflows: upstream
- about: followed upstream, therefore the static homepage is gone :/
- credentials: moved federation into the settings_attributes
- lists: follow upstream, `:is_exclusive` -> `:exclusive`
- statuses: keep local only
- account_statuses_filter: still hide local only posts for anonymous users
- activitypub/activity/create:
- keep activity_pub_type in params
- text: use hometown's way for determining the content
- spoiler: use hometown's mechanism
- feed_manager: use upstream exclusive list mechanism
- plain_text_formatter: use upstream way with html decoding, as I'm not sure whether we still have the Nokogiri library(?) available
problem: might remove tags that we want to keep?
- text_formatter: follow upstream
- account: use upstream MENTION_RE expression
- backup: follow upstream for permission validation
- list: follow upstream, is_exclusive -> exclusive !! WE MIGHT NEED A MIGRATION!
- status: moved set_locality hook to the others
- user: delegates for settings (federation, autoplay, etc.) were removed upstream, follow them
- webhook: follow upstream
- initial_state_serializer: keep max_toot_chars
- list_serializer: follow rename of is_exclusive -> exclusive
Use upstream version, since the translation API got upgraded to v2.
Use upstream version of vote_validator.
- admin/webhooks/_form: add group for template
- settings/preferences/appearance/show: add new input for 'expand_usernames'
check: missing translations, especially for hints
- settings/preferences/other/show: added input groups for no_rss and default_privacy
check: missing translations, especially for hints
- settigngs/profiles: upstream removed verification banner, follow them
Followed upstream changes.
Incorporated upstream changes and put the local_only check back in the correct place.
Ignored hometown changes, take upstream version.
- actions/lists: follow exclusive list naming
- components/column_back_button: follow upstream router refactoring
- components/column_header: follow upstream router refactoring
- components/hashtag: keep hometown behaviour, add href to links
- components/media_gallery: merge alt text indicator into upstream
- components/status: merge timestamp click -> original page
- components/status_action_bar: upstream removed the share button, follow them
- components/status_content:
- still make remote usernames => check: does the new href work?
- make translate button always visible like upstream
- keep hometown-specific changes for Articles and other posts
- features/header: keep header link
- features/account_gallery/components/media_item: keep link
- features/audio/index: keep no media description indicator, merge upstream styles
- features/compose/components/compose_form:
- merge max chars logic
- merge federation dropdown
- features/compose/components/navigation_bar: keep href to profile
- features/compose/components/poll_form: keep "is multiple" toggle
- features/compose/index: keep column header
- features/follow_requests/components/account_authorize: keep external link
- features/list_editor/components/edit_list_form: overwritten from upstream
- features/list_timeline/index: overwritten from upstream
- features/components/follow_request: keep external link
- features/components/notification: keep external link
- features/picture_in_picture/components/footer: keep external link
- features/status/components/detailed_status: keep external link
- features/ui/components/boost_modal: keep external link
- features/ui/index: merge upstream changes
- features/video/: keep no media description indicator
- containers/status_container: overwrite with upstream
- locales: best-effort merge, but I wouldn't trust it. should be normalized in some way.
Conflict resolution:
1. decided to add the build-image workflow, we can adjust it later
2. JS conflicts are just missing semicolons, added them
3. en_GB translations were removed upstream, following them.
There were quite a couple of conflicts, they were resolved in the
following manner:
- Translations: Moved to "publish" as translation, aligns with other
languages
- Options: `trends_as_landing_page` is kept false
- UI: clicking the display name opens the original profile
Potential problems:
1. Not all translations for mails and stuff are prefixed with
`%{title}`, some are, some are hardcoded to `Mastodon`.
This includes all changes made in
https://github.com/mastodon/mastodon/releases/tag/v4.0.7 and
https://github.com/mastodon/mastodon/releases/tag/v4.0.8 and therefore
requires:
⚠️ Restart of all Mastodon processes, especially the Streaming
API
There was a conflict during the merge inside the `streaming/index.js`,
which was related to the following snippet:
```js
// Only send local-only statuses to logged-in users
if (payload.local_only && !req.accountId) {
log.silly(req.requestId, `Message ${payload.id} filtered because it was local-only`);
return;
}
```
I've placed it at the same spot where it was previously, so everything
should work as before. ~~**However, I still need to test those changes,
which is what I'll be doing after submitting this PR as draft.**~~
Checked the changes against our instance, everything is working as
expected as logged-in user. Haven't checked the public timelines where
the above snippet would be relevant, as we are using `AUTHORIZED_FETCH`
and I would like to keep it enabled. ^^
If the base branch is not correct, feel free to change it.
Everything is already deployed on queer.group and working fine there.
---------
Co-authored-by: Michael Stanclift <mx@vmstan.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Co-authored-by: Renaud Chaput <renchap@gmail.com>
Co-authored-by: Daniel M Brasil <danielmbrasil@protonmail.com>
Co-authored-by: yufushiro <62991447+yufushiro@users.noreply.github.com>
Co-authored-by: Nicolai Søborg <NicolaiSoeborg@users.noreply.github.com>
* fix(status): remove send usage for private unlink_from_conversations
- make unlink_from_conversations public method
- rename unlink_from_conversations to unlink_from_conversations!
- fix send call on private method in statuses_vacuum and batched_remove_status_service
* fix(feeds_vacuum): replace find_in_batches with in_batches
because active record query results should be a little more efficient than
itterating with map and each. Postgres can grasp such lists of ids much quicker
than ruby can.
Will probably make allmost no difference, but cannot hurt either.
* refactor(statuses_vacuum): remove dead code - unused
Method is not called inside class and private.
Clean up dead code.
* refactor(statuses_vacuum): make retention_period present test explicit
This private method only hides functionality.
It is best practice to be as explicit as possible.
* refactor(statuses_vacuum): improve query performance
- fix statuses_scope having sub-select for Account.remote scope by
`joins(:account).merge(Account.remote)`
- fix statuses_scope unnecessary use of `Status.arel_table[:id].lt`
because it is inexplicit, bad practice and even slower than normal
`.where('statuses.id < ?'`
- fix statuses_scope remove select(:id, :visibility) for having reusable
active record query batches (no re queries)
- fix vacuum_statuses! to use in_batches instead of find_in_batches,
because in_batches delivers a full blown active record query result,
in stead of an array - no requeries necessary
- send(:unlink_from_conversations) not to perform another db query, but
reuse the in_batches result instead.
- remove now obsolete remove_from_account_conversations method
- remove_from_search_index uses array of ids, instead of mapping
the ids from an array - this should be more efficient
- use the in_batches scope to call delete_all, instead of running
another db query for this - because it is again more efficient
- add TODO comment for calling models private method with send
* refactor(status): simplify unlink_from_conversations
- add `has_many through:` relation mentioned_accounts
- use model scope local instead of method call `Status#local?`
- more readable add account to inbox_owners when account.local?
* refactor(status): searchable_by way less sub selects
These queries all included a sub-select. Doing the same with a joins
should be more efficient.
Since this method does 5 such queries, this should be significant,
since it technically halves the query count.
This is how it was:
```ruby
[3] pry(main)> Status.first.mentions.where(account: Account.local, silent: false).explain
Status Load (1.6ms) SELECT "statuses".* FROM "statuses" WHERE "statuses"."deleted_at" IS NULL ORDER BY "statuses"."id" DESC LIMIT $1 [["LIMIT", 1]]
Mention Load (1.5ms) SELECT "mentions".* FROM "mentions" WHERE "mentions"."status_id" = $1 AND "mentions"."account_id" IN (SELECT "accounts"."id" FROM "accounts" WHERE "accounts"."domain" IS NULL) AND "mentions"."silent" = $2 [["status_id", 109382923142288414], ["silent", false]]
=> EXPLAIN for: SELECT "mentions".* FROM "mentions" WHERE "mentions"."status_id" = $1 AND "mentions"."account_id" IN (SELECT "accounts"."id" FROM "accounts" WHERE "accounts"."domain" IS NULL) AND "mentions"."silent" = $2 [["status_id", 109382923142288414], ["silent", false]]
QUERY PLAN
------------------------------------------------------------------------------------------------------------------
Nested Loop (cost=0.15..23.08 rows=1 width=41)
-> Seq Scan on accounts (cost=0.00..10.90 rows=1 width=8)
Filter: (domain IS NULL)
-> Index Scan using index_mentions_on_account_id_and_status_id on mentions (cost=0.15..8.17 rows=1 width=41)
Index Cond: ((account_id = accounts.id) AND (status_id = '109382923142288414'::bigint))
Filter: (NOT silent)
(6 rows)
```
This is how it is with this change:
```ruby
[4] pry(main)> Status.first.mentions.joins(:account).merge(Account.local).active.explain
Status Load (1.7ms) SELECT "statuses".* FROM "statuses" WHERE "statuses"."deleted_at" IS NULL ORDER BY "statuses"."id" DESC LIMIT $1 [["LIMIT", 1]]
Mention Load (0.7ms) SELECT "mentions".* FROM "mentions" INNER JOIN "accounts" ON "accounts"."id" = "mentions"."account_id" WHERE "mentions"."status_id" = $1 AND "accounts"."domain" IS NULL AND "mentions"."silent" = $2 [["status_id", 109382923142288414], ["silent", false]]
=> EXPLAIN for: SELECT "mentions".* FROM "mentions" INNER JOIN "accounts" ON "accounts"."id" = "mentions"."account_id" WHERE "mentions"."status_id" = $1 AND "accounts"."domain" IS NULL AND "mentions"."silent" = $2 [["status_id", 109382923142288414], ["silent", false]]
QUERY PLAN
------------------------------------------------------------------------------------------------------------------
Nested Loop (cost=0.15..23.08 rows=1 width=41)
-> Seq Scan on accounts (cost=0.00..10.90 rows=1 width=8)
Filter: (domain IS NULL)
-> Index Scan using index_mentions_on_account_id_and_status_id on mentions (cost=0.15..8.17 rows=1 width=41)
Index Cond: ((account_id = accounts.id) AND (status_id = '109382923142288414'::bigint))
Filter: (NOT silent)
(6 rows)
```
In the absence of an opt-in to multiple specific languages in the
preferences, it makes more sense to filter by the user's presumed
language only (interface language or `lang` override)
* Fix edits with no actual changes being allowed locally
* Fix edits with no actual changes being allowed through ActivityPub
* Fix false positive changes caused by description processing in model
* Fix not recording poll expiration update
* Fix test
* Revert changes to ProcessStatusUpdateService
* Various fixes and improvements
* Fix code style issues
* Various changes and improvements
* Add guard clause
* Change how changes to media attachments are stored for edits
Fix not being able to re-order media attachments
* Fix not broadcasting updates when polls/media is changed through ActivityPub
* Various fixes and improvements
* Update app/models/report.rb
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Add tracking of media attachment description changes
* Change poll in status edit to have a structure closer to the real one
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Fix performance of account timelines
* Various fixes and improvements
* Fix duplicate results being returned
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Fix grouping for pinned statuses scope
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
* Add trending statuses
* Fix dangling items with stale scores in localized sets
* Various fixes and improvements
- Change approve_all/reject_all to approve_accounts/reject_accounts
- Change Trends::Query methods to not mutate the original query
- Change Trends::Query#skip to offset
- Change follow recommendations to be refreshed in a transaction
* Add tests for trending statuses filtering behaviour
* Fix not applying filtering scope in controller
* Add notifications when a reblogged status has been updated
* Change wording to say "edit" instead of "update" and add missing controls
* Replace previous update notifications with the most up-to-date one
* Add editing for published statuses
* Fix change of multiple-choice boolean in poll not resetting votes
* Remove the ability to update existing media attachments for now
* Fix error-prone SQL queries in Account search
While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.
This PR parameterises the `to_tsquery` input to make the query more robust.
* Harden code for Status#tagged_with_all and Status#tagged_with_none
Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.
* Remove unneeded spaces surrounding tsquery term
* Please CodeClimate
* Move advanced_search_for SQL template to its own function
This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.
* Add tests covering tagged_with, tagged_with_all and tagged_with_none
* Rewrite tagged_with_none to avoid multiple joins and make it more robust
* Remove obsolete brakeman warnings
* Revert "Remove unneeded spaces surrounding tsquery term"
The two queries are not strictly equivalent.
This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
* Add support for editing for published statuses
* Fix references to stripped-out code
* Various fixes and improvements
* Further fixes and improvements
* Fix updates being potentially sent to unauthorized recipients
* Various fixes and improvements
* Fix wrong words in test
* Fix notifying accounts that were tagged but were not in the audience
* Fix mistake