diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 263dd3c390..2f21564325 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -80,14 +80,12 @@ Rails/WhereExists: - 'app/lib/activitypub/activity/create.rb' - 'app/lib/delivery_failure_tracker.rb' - 'app/lib/feed_manager.rb' - - 'app/lib/status_cache_hydrator.rb' - 'app/lib/suspicious_sign_in_detector.rb' - 'app/models/poll.rb' - 'app/models/session_activation.rb' - 'app/models/status.rb' - 'app/policies/status_policy.rb' - 'app/serializers/rest/announcement_serializer.rb' - - 'app/serializers/rest/tag_serializer.rb' - 'app/services/activitypub/fetch_remote_status_service.rb' - 'app/services/vote_service.rb' - 'app/validators/reaction_validator.rb' @@ -137,7 +135,6 @@ Style/FetchEnvVar: # AllowedMethods: redirect Style/FormatStringToken: Exclude: - - 'app/models/privacy_policy.rb' - 'config/initializers/devise.rb' - 'lib/paperclip/color_extractor.rb' diff --git a/.ruby-version b/.ruby-version index be94e6f53d..b347b11eac 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.2.2 +3.2.3 diff --git a/Dockerfile b/Dockerfile index 96f8b5cd27..119c266b89 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,15 +7,15 @@ ARG TARGETPLATFORM=${TARGETPLATFORM} ARG BUILDPLATFORM=${BUILDPLATFORM} -# Ruby image to use for base image, change with [--build-arg RUBY_VERSION="3.2.2"] -ARG RUBY_VERSION="3.2.2" +# Ruby image to use for base image, change with [--build-arg RUBY_VERSION="3.2.3"] +ARG RUBY_VERSION="3.2.3" # # Node version to use in base image, change with [--build-arg NODE_MAJOR_VERSION="20"] ARG NODE_MAJOR_VERSION="20" # Debian image to use for base image, change with [--build-arg DEBIAN_VERSION="bookworm"] ARG DEBIAN_VERSION="bookworm" # Node image to use for base image based on combined variables (ex: 20-bookworm-slim) FROM docker.io/node:${NODE_MAJOR_VERSION}-${DEBIAN_VERSION}-slim as node -# Ruby image to use for base image based on combined variables (ex: 3.2.2-slim-bookworm) +# Ruby image to use for base image based on combined variables (ex: 3.2.3-slim-bookworm) FROM docker.io/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} as ruby # Resulting version string is vX.X.X-MASTODON_VERSION_PRERELEASE+MASTODON_VERSION_METADATA diff --git a/FEDERATION.md b/FEDERATION.md index e3721d7241..2819fa935a 100644 --- a/FEDERATION.md +++ b/FEDERATION.md @@ -1,19 +1,35 @@ -## ActivityPub federation in Mastodon +# Federation + +## Supported federation protocols and standards + +- [ActivityPub](https://www.w3.org/TR/activitypub/) (Server-to-Server) +- [WebFinger](https://webfinger.net/) +- [Http Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures) +- [NodeInfo](https://nodeinfo.diaspora.software/) + +## Supported FEPs + +- [FEP-67ff: FEDERATION.md](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md) +- [FEP-f1d5: NodeInfo in Fediverse Software](https://codeberg.org/fediverse/fep/src/branch/main/fep/f1d5/fep-f1d5.md) +- [FEP-8fcf: Followers collection synchronization across servers](https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md) +- [FEP-5feb: Search indexing consent for actors](https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md) + +## ActivityPub in Mastodon Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all. -Supported vocabulary: https://docs.joinmastodon.org/spec/activitypub/ +- [Supported ActivityPub vocabulary](https://docs.joinmastodon.org/spec/activitypub/) ### Required extensions -#### Webfinger +#### WebFinger In Mastodon, users are identified by a `username` and `domain` pair (e.g., `Gargron@mastodon.social`). This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings. As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an `acct:` URI that can be resolved via WebFinger. -More information and examples are available at: https://docs.joinmastodon.org/spec/webfinger/ +- [WebFinger information and examples](https://docs.joinmastodon.org/spec/webfinger/) #### HTTP Signatures @@ -21,11 +37,13 @@ In order to authenticate activities, Mastodon relies on HTTP Signatures, signing Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server. -More information on HTTP Signatures, as well as examples, can be found here: https://docs.joinmastodon.org/spec/security/#http +- [HTTP Signatures information and examples](https://docs.joinmastodon.org/spec/security/#http) ### Optional extensions -- Linked-Data Signatures: https://docs.joinmastodon.org/spec/security/#ld -- Bearcaps: https://docs.joinmastodon.org/spec/bearcaps/ -- Followers collection synchronization: https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md -- Search indexing consent for actors: https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md +- [Linked-Data Signatures](https://docs.joinmastodon.org/spec/security/#ld) +- [Bearcaps](https://docs.joinmastodon.org/spec/bearcaps/) + +### Additional documentation + +- [Mastodon documentation](https://docs.joinmastodon.org/) diff --git a/Gemfile.lock b/Gemfile.lock index 6cf0504b51..93931d8724 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -150,7 +150,7 @@ GEM erubi (~> 1.4) parser (>= 2.4) smart_properties - bigdecimal (3.1.5) + bigdecimal (3.1.6) bindata (2.4.15) binding_of_caller (1.0.0) debug_inspector (>= 0.0.1) @@ -398,12 +398,12 @@ GEM activerecord kaminari-core (= 1.2.2) kaminari-core (1.2.2) - kt-paperclip (7.2.1) + kt-paperclip (7.2.2) activemodel (>= 4.2.0) activesupport (>= 4.2.0) marcel (~> 1.0.1) mime-types - terrapin (~> 0.6.0) + terrapin (>= 0.6.0, < 2.0) language_server-protocol (3.17.0.3) launchy (2.5.2) addressable (~> 2.8) @@ -600,8 +600,8 @@ GEM rdf (3.3.1) bcp47_spec (~> 0.2) link_header (~> 0.0, >= 0.0.8) - rdf-normalize (0.6.1) - rdf (~> 3.2) + rdf-normalize (0.7.0) + rdf (~> 3.3) rdoc (6.6.2) psych (>= 4.0.0) redcarpet (3.6.0) diff --git a/app/controllers/activitypub/followers_synchronizations_controller.rb b/app/controllers/activitypub/followers_synchronizations_controller.rb index 976caa3445..d2942104e5 100644 --- a/app/controllers/activitypub/followers_synchronizations_controller.rb +++ b/app/controllers/activitypub/followers_synchronizations_controller.rb @@ -24,7 +24,7 @@ class ActivityPub::FollowersSynchronizationsController < ActivityPub::BaseContro end def set_items - @items = @account.followers.where(Account.arel_table[:uri].matches("#{Account.sanitize_sql_like(uri_prefix)}/%", false, true)).or(@account.followers.where(uri: uri_prefix)).pluck(:uri) + @items = @account.followers.matches_uri_prefix(uri_prefix).pluck(:uri) end def collection_presenter diff --git a/app/controllers/admin/action_logs_controller.rb b/app/controllers/admin/action_logs_controller.rb index 37a00ad225..8b8e83fde7 100644 --- a/app/controllers/admin/action_logs_controller.rb +++ b/app/controllers/admin/action_logs_controller.rb @@ -6,7 +6,7 @@ module Admin def index authorize :audit_log, :index? - @auditable_accounts = Account.where(id: Admin::ActionLog.select('distinct account_id')).select(:id, :username) + @auditable_accounts = Account.auditable.select(:id, :username) end private diff --git a/app/controllers/api/v1/accounts/follower_accounts_controller.rb b/app/controllers/api/v1/accounts/follower_accounts_controller.rb index 21b1095f18..d6a5a7176d 100644 --- a/app/controllers/api/v1/accounts/follower_accounts_controller.rb +++ b/app/controllers/api/v1/accounts/follower_accounts_controller.rb @@ -21,7 +21,7 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController return [] if hide_results? scope = default_accounts - scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil? || current_account.id == @account.id + scope = scope.not_excluded_by_account(current_account) unless current_account.nil? || current_account.id == @account.id scope.merge(paginated_follows).to_a end diff --git a/app/controllers/api/v1/accounts/following_accounts_controller.rb b/app/controllers/api/v1/accounts/following_accounts_controller.rb index 1db521f79c..b8578ef539 100644 --- a/app/controllers/api/v1/accounts/following_accounts_controller.rb +++ b/app/controllers/api/v1/accounts/following_accounts_controller.rb @@ -21,7 +21,7 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController return [] if hide_results? scope = default_accounts - scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil? || current_account.id == @account.id + scope = scope.not_excluded_by_account(current_account) unless current_account.nil? || current_account.id == @account.id scope.merge(paginated_follows).to_a end diff --git a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb index 3cca246ce8..98b69c347f 100644 --- a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb +++ b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb @@ -14,7 +14,7 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::V1::Statuses::Bas def load_accounts scope = default_accounts - scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil? + scope = scope.not_excluded_by_account(current_account) unless current_account.nil? scope.merge(paginated_favourites).to_a end diff --git a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb index dd3e60846b..aacab5f8f4 100644 --- a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb +++ b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb @@ -14,7 +14,7 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::V1::Statuses::Base def load_accounts scope = default_accounts - scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil? + scope = scope.not_excluded_by_account(current_account) unless current_account.nil? scope.merge(paginated_statuses).to_a end diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 1c773511b4..41c8562363 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -1,6 +1,10 @@ # frozen_string_literal: true class Auth::SessionsController < Devise::SessionsController + include Redisable + + MAX_2FA_ATTEMPTS_PER_HOUR = 10 + layout 'auth' skip_before_action :check_self_destruct! @@ -135,9 +139,23 @@ class Auth::SessionsController < Devise::SessionsController session.delete(:attempt_user_updated_at) end + def clear_2fa_attempt_from_user(user) + redis.del(second_factor_attempts_key(user)) + end + + def check_second_factor_rate_limits(user) + attempts, = redis.multi do |multi| + multi.incr(second_factor_attempts_key(user)) + multi.expire(second_factor_attempts_key(user), 1.hour) + end + + attempts >= MAX_2FA_ATTEMPTS_PER_HOUR + end + def on_authentication_success(user, security_measure) @on_authentication_success_called = true + clear_2fa_attempt_from_user(user) clear_attempt_from_session user.update_sign_in!(new_sign_in: true) @@ -168,5 +186,14 @@ class Auth::SessionsController < Devise::SessionsController ip: request.remote_ip, user_agent: request.user_agent ) + + # Only send a notification email every hour at most + return if redis.set("2fa_failure_notification:#{user.id}", '1', ex: 1.hour, get: true).present? + + UserMailer.failed_2fa(user, request.remote_ip, request.user_agent, Time.now.utc).deliver_later! + end + + def second_factor_attempts_key(user) + "2fa_auth_attempts:#{user.id}:#{Time.now.utc.hour}" end end diff --git a/app/controllers/concerns/auth/two_factor_authentication_concern.rb b/app/controllers/concerns/auth/two_factor_authentication_concern.rb index ebd6a93441..edcdd2990f 100644 --- a/app/controllers/concerns/auth/two_factor_authentication_concern.rb +++ b/app/controllers/concerns/auth/two_factor_authentication_concern.rb @@ -66,6 +66,11 @@ module Auth::TwoFactorAuthenticationConcern end def authenticate_with_two_factor_via_otp(user) + if check_second_factor_rate_limits(user) + flash.now[:alert] = I18n.t('users.rate_limited') + return prompt_for_two_factor(user) + end + if valid_otp_attempt?(user) on_authentication_success(user, :otp) else diff --git a/app/helpers/jsonld_helper.rb b/app/helpers/jsonld_helper.rb index ce3ff094f6..b3d0d032c4 100644 --- a/app/helpers/jsonld_helper.rb +++ b/app/helpers/jsonld_helper.rb @@ -155,7 +155,7 @@ module JsonLdHelper end end - def fetch_resource(uri, id, on_behalf_of = nil) + def fetch_resource(uri, id, on_behalf_of = nil, request_options: {}) unless id json = fetch_resource_without_id_validation(uri, on_behalf_of) @@ -164,14 +164,14 @@ module JsonLdHelper uri = json['id'] end - json = fetch_resource_without_id_validation(uri, on_behalf_of) + json = fetch_resource_without_id_validation(uri, on_behalf_of, request_options: request_options) json.present? && json['id'] == uri ? json : nil end - def fetch_resource_without_id_validation(uri, on_behalf_of = nil, raise_on_temporary_error = false) + def fetch_resource_without_id_validation(uri, on_behalf_of = nil, raise_on_temporary_error = false, request_options: {}) on_behalf_of ||= Account.representative - build_request(uri, on_behalf_of).perform do |response| + build_request(uri, on_behalf_of, options: request_options).perform do |response| raise Mastodon::UnexpectedResponseError, response unless response_successful?(response) || response_error_unsalvageable?(response) || !raise_on_temporary_error body_to_json(response.body_with_limit) if response.code == 200 @@ -204,8 +204,8 @@ module JsonLdHelper response.code == 501 || ((400...500).cover?(response.code) && ![401, 408, 429].include?(response.code)) end - def build_request(uri, on_behalf_of = nil) - Request.new(:get, uri).tap do |request| + def build_request(uri, on_behalf_of = nil, options: {}) + Request.new(:get, uri, **options).tap do |request| request.on_behalf_of(on_behalf_of) if on_behalf_of request.add_headers('Accept' => 'application/activity+json, application/ld+json') end diff --git a/app/javascript/flavours/glitch/actions/search.js b/app/javascript/flavours/glitch/actions/search.js index 5bb3aa3a79..7e54740d52 100644 --- a/app/javascript/flavours/glitch/actions/search.js +++ b/app/javascript/flavours/glitch/actions/search.js @@ -170,6 +170,11 @@ export const openURL = routerHistory => (dispatch, getState) => { export const clickSearchResult = (q, type) => (dispatch, getState) => { const previous = getState().getIn(['search', 'recent']); + + if (previous.some(x => x.get('q') === q && x.get('type') === type)) { + return; + } + const me = getState().getIn(['meta', 'me']); const current = previous.add(fromJS({ type, q })).takeLast(4); @@ -198,4 +203,4 @@ export const hydrateSearch = () => (dispatch, getState) => { if (history !== null) { dispatch(updateSearchHistory(history)); } -}; \ No newline at end of file +}; diff --git a/app/javascript/flavours/glitch/features/compose/components/search.jsx b/app/javascript/flavours/glitch/features/compose/components/search.jsx index 70c24d0a42..fa995663f0 100644 --- a/app/javascript/flavours/glitch/features/compose/components/search.jsx +++ b/app/javascript/flavours/glitch/features/compose/components/search.jsx @@ -63,14 +63,14 @@ class Search extends PureComponent { }; defaultOptions = [ - { label: <>has: , action: e => { e.preventDefault(); this._insertText('has:'); } }, - { label: <>is: , action: e => { e.preventDefault(); this._insertText('is:'); } }, - { label: <>language: , action: e => { e.preventDefault(); this._insertText('language:'); } }, - { label: <>from: , action: e => { e.preventDefault(); this._insertText('from:'); } }, - { label: <>before: , action: e => { e.preventDefault(); this._insertText('before:'); } }, - { label: <>during: , action: e => { e.preventDefault(); this._insertText('during:'); } }, - { label: <>after: , action: e => { e.preventDefault(); this._insertText('after:'); } }, - { label: <>in: , action: e => { e.preventDefault(); this._insertText('in:'); } } + { key: 'prompt-has', label: <>has: , action: e => { e.preventDefault(); this._insertText('has:'); } }, + { key: 'prompt-is', label: <>is: , action: e => { e.preventDefault(); this._insertText('is:'); } }, + { key: 'prompt-language', label: <>language: , action: e => { e.preventDefault(); this._insertText('language:'); } }, + { key: 'prompt-from', label: <>from: , action: e => { e.preventDefault(); this._insertText('from:'); } }, + { key: 'prompt-before', label: <>before: , action: e => { e.preventDefault(); this._insertText('before:'); } }, + { key: 'prompt-during', label: <>during: , action: e => { e.preventDefault(); this._insertText('during:'); } }, + { key: 'prompt-after', label: <>after: , action: e => { e.preventDefault(); this._insertText('after:'); } }, + { key: 'prompt-in', label: <>in: , action: e => { e.preventDefault(); this._insertText('in:'); } } ]; setRef = c => { @@ -263,6 +263,8 @@ class Search extends PureComponent { const { recent } = this.props; return recent.toArray().map(search => ({ + key: `${search.get('type')}/${search.get('q')}`, + label: labelForRecentSearch(search), action: () => this.handleRecentSearchClick(search), @@ -347,8 +349,8 @@ class Search extends PureComponent {

- {recent.size > 0 ? this._getOptions().map(({ label, action, forget }, i) => ( - diff --git a/app/javascript/flavours/glitch/store/typed_functions.ts b/app/javascript/flavours/glitch/store/typed_functions.ts index 46a10b8b47..4859b82651 100644 --- a/app/javascript/flavours/glitch/store/typed_functions.ts +++ b/app/javascript/flavours/glitch/store/typed_functions.ts @@ -1,12 +1,11 @@ import { createAsyncThunk } from '@reduxjs/toolkit'; -import type { TypedUseSelectorHook } from 'react-redux'; // eslint-disable-next-line @typescript-eslint/no-restricted-imports import { useDispatch, useSelector } from 'react-redux'; import type { AppDispatch, RootState } from './store'; -export const useAppDispatch: () => AppDispatch = useDispatch; -export const useAppSelector: TypedUseSelectorHook = useSelector; +export const useAppDispatch = useDispatch.withTypes(); +export const useAppSelector = useSelector.withTypes(); export const createAppAsyncThunk = createAsyncThunk.withTypes<{ state: RootState; diff --git a/app/javascript/mastodon/actions/search.js b/app/javascript/mastodon/actions/search.js index 38a089b486..a34a490e76 100644 --- a/app/javascript/mastodon/actions/search.js +++ b/app/javascript/mastodon/actions/search.js @@ -179,6 +179,11 @@ export const openURL = (value, history, onFailure) => (dispatch, getState) => { export const clickSearchResult = (q, type) => (dispatch, getState) => { const previous = getState().getIn(['search', 'recent']); + + if (previous.some(x => x.get('q') === q && x.get('type') === type)) { + return; + } + const me = getState().getIn(['meta', 'me']); const current = previous.add(fromJS({ type, q })).takeLast(4); @@ -207,4 +212,4 @@ export const hydrateSearch = () => (dispatch, getState) => { if (history !== null) { dispatch(updateSearchHistory(history)); } -}; \ No newline at end of file +}; diff --git a/app/javascript/mastodon/features/compose/components/search.jsx b/app/javascript/mastodon/features/compose/components/search.jsx index 0bcc41b929..ca02c23fc4 100644 --- a/app/javascript/mastodon/features/compose/components/search.jsx +++ b/app/javascript/mastodon/features/compose/components/search.jsx @@ -62,14 +62,14 @@ class Search extends PureComponent { }; defaultOptions = [ - { label: <>has: , action: e => { e.preventDefault(); this._insertText('has:'); } }, - { label: <>is: , action: e => { e.preventDefault(); this._insertText('is:'); } }, - { label: <>language: , action: e => { e.preventDefault(); this._insertText('language:'); } }, - { label: <>from: , action: e => { e.preventDefault(); this._insertText('from:'); } }, - { label: <>before: , action: e => { e.preventDefault(); this._insertText('before:'); } }, - { label: <>during: , action: e => { e.preventDefault(); this._insertText('during:'); } }, - { label: <>after: , action: e => { e.preventDefault(); this._insertText('after:'); } }, - { label: <>in: , action: e => { e.preventDefault(); this._insertText('in:'); } } + { key: 'prompt-has', label: <>has: , action: e => { e.preventDefault(); this._insertText('has:'); } }, + { key: 'prompt-is', label: <>is: , action: e => { e.preventDefault(); this._insertText('is:'); } }, + { key: 'prompt-language', label: <>language: , action: e => { e.preventDefault(); this._insertText('language:'); } }, + { key: 'prompt-from', label: <>from: , action: e => { e.preventDefault(); this._insertText('from:'); } }, + { key: 'prompt-before', label: <>before: , action: e => { e.preventDefault(); this._insertText('before:'); } }, + { key: 'prompt-during', label: <>during: , action: e => { e.preventDefault(); this._insertText('during:'); } }, + { key: 'prompt-after', label: <>after: , action: e => { e.preventDefault(); this._insertText('after:'); } }, + { key: 'prompt-in', label: <>in: , action: e => { e.preventDefault(); this._insertText('in:'); } } ]; setRef = c => { @@ -262,6 +262,8 @@ class Search extends PureComponent { const { recent } = this.props; return recent.toArray().map(search => ({ + key: `${search.get('type')}/${search.get('q')}`, + label: labelForRecentSearch(search), action: () => this.handleRecentSearchClick(search), @@ -346,8 +348,8 @@ class Search extends PureComponent {

- {recent.size > 0 ? this._getOptions().map(({ label, action, forget }, i) => ( - diff --git a/app/javascript/mastodon/locales/ast.json b/app/javascript/mastodon/locales/ast.json index 4b555c4829..1467f8891e 100644 --- a/app/javascript/mastodon/locales/ast.json +++ b/app/javascript/mastodon/locales/ast.json @@ -116,7 +116,6 @@ "compose_form.publish_form": "Artículu nuevu", "compose_form.publish_loud": "¡{publish}!", "compose_form.save_changes": "Guardar los cambeos", - "compose_form.spoiler.unmarked": "Text is not hidden", "confirmation_modal.cancel": "Encaboxar", "confirmations.block.block_and_report": "Bloquiar ya informar", "confirmations.block.confirm": "Bloquiar", @@ -146,6 +145,7 @@ "dismissable_banner.community_timeline": "Esta seición contién los artículos públicos más actuales de los perfiles agospiaos nel dominiu {domain}.", "dismissable_banner.dismiss": "Escartar", "dismissable_banner.explore_tags": "Esta seición contién les etiquetes del fediversu que tán ganando popularidá güei. Les etiquetes más usaes polos perfiles apaecen no cimero.", + "dismissable_banner.public_timeline": "Esta seición contién los artículos más nuevos de les persones na web social que les persones de {domain} siguen.", "embed.instructions": "Empotra esti artículu nel to sitiu web pente la copia del códigu d'abaxo.", "embed.preview": "Va apaecer asina:", "emoji_button.activity": "Actividá", @@ -155,6 +155,7 @@ "emoji_button.not_found": "Nun s'atoparon fustaxes que concasen", "emoji_button.objects": "Oxetos", "emoji_button.people": "Persones", + "emoji_button.recent": "D'usu frecuente", "emoji_button.search": "Buscar…", "emoji_button.search_results": "Resultaos de la busca", "emoji_button.symbols": "Símbolos", @@ -217,7 +218,6 @@ "hashtag.column_header.tag_mode.any": "o {additional}", "hashtag.column_header.tag_mode.none": "ensin {additional}", "hashtag.column_settings.select.no_options_message": "Nun s'atopó nenguna suxerencia", - "hashtag.column_settings.tag_toggle": "Include additional tags in this column", "hashtag.counter_by_accounts": "{count, plural, one {{counter} participante} other {{counter} participantes}}", "hashtag.follow": "Siguir a la etiqueta", "hashtag.unfollow": "Dexar de siguir a la etiqueta", @@ -259,7 +259,6 @@ "keyboard_shortcuts.reply": "Responder a un artículu", "keyboard_shortcuts.requests": "Abrir la llista de solicitúes de siguimientu", "keyboard_shortcuts.search": "Enfocar la barra de busca", - "keyboard_shortcuts.spoilers": "to show/hide CW field", "keyboard_shortcuts.start": "Abrir la columna «Entamar»", "keyboard_shortcuts.toggle_sensitivity": "Amosar/anubrir el conteníu multimedia", "keyboard_shortcuts.toot": "Comenzar un artículu nuevu", @@ -412,12 +411,16 @@ "search.quick_action.go_to_hashtag": "Dir a la etiqueta {x}", "search.quick_action.status_search": "Artículos que concasen con {x}", "search.search_or_paste": "Busca o apiega una URL", + "search_popout.language_code": "códigu de llingua ISO", "search_popout.quick_actions": "Aiciones rápides", "search_popout.recent": "Busques de recién", + "search_popout.specific_date": "data específica", + "search_popout.user": "perfil", "search_results.accounts": "Perfiles", "search_results.all": "Too", "search_results.hashtags": "Etiquetes", "search_results.nothing_found": "Nun se pudo atopar nada con esos términos de busca", + "search_results.see_all": "Ver too", "search_results.statuses": "Artículos", "search_results.title": "Busca de: {q}", "server_banner.introduction": "{domain} ye parte de la rede social descentralizada que tien la teunoloxía de {mastodon}.", @@ -460,6 +463,7 @@ "status.replied_to": "En rempuesta a {name}", "status.reply": "Responder", "status.replyAll": "Responder al filu", + "status.report": "Informar de @{name}", "status.sensitive_warning": "Conteníu sensible", "status.show_filter_reason": "Amosar de toes toes", "status.show_less": "Amosar menos", diff --git a/app/javascript/mastodon/locales/ko.json b/app/javascript/mastodon/locales/ko.json index 264781baa3..70ce6611d6 100644 --- a/app/javascript/mastodon/locales/ko.json +++ b/app/javascript/mastodon/locales/ko.json @@ -683,7 +683,7 @@ "status.show_more": "펼치기", "status.show_more_all": "모두 펼치기", "status.show_original": "원본 보기", - "status.title.with_attachments": "{user} 님이 {attachmentCount, plural, one {첨부} other {{attachmentCount}개 첨부}}하여 게시", + "status.title.with_attachments": "{user} 님이 {attachmentCount, plural, one {첨부파일} other {{attachmentCount}개의 첨부파일}}과 함께 게시함", "status.translate": "번역", "status.translated_from_with": "{provider}에 의해 {lang}에서 번역됨", "status.uncached_media_warning": "마리보기 허용되지 않음", diff --git a/app/javascript/mastodon/locales/lad.json b/app/javascript/mastodon/locales/lad.json index 2a911483de..8fde687427 100644 --- a/app/javascript/mastodon/locales/lad.json +++ b/app/javascript/mastodon/locales/lad.json @@ -328,6 +328,7 @@ "interaction_modal.on_another_server": "En otro sirvidor", "interaction_modal.on_this_server": "En este sirvidor", "interaction_modal.sign_in": "No estas konektado kon este sirvidor. Ande tyenes tu kuento?", + "interaction_modal.sign_in_hint": "Konsejo: Akel es el sitio adonde te enrejistrates. Si no lo akodras, bushka el mesaj de posta elektronika de bienvenida en tu kuti de arivo. Tambien puedes eskrivir tu nombre de utilizador kompleto (por enshemplo @Mastodon@mastodon.social)", "interaction_modal.title.favourite": "Endika ke te plaze publikasyon de {name}", "interaction_modal.title.follow": "Sige a {name}", "interaction_modal.title.reblog": "Repartaja publikasyon de {name}", @@ -478,6 +479,7 @@ "onboarding.actions.go_to_explore": "Va a los trendes", "onboarding.actions.go_to_home": "Va a tu linya prinsipala", "onboarding.compose.template": "Ke haber, #Mastodon?", + "onboarding.follows.empty": "Malorozamente, no se pueden amostrar rezultados en este momento. Puedes aprovar uzar la bushkeda o navigar por la pajina de eksplorasyon para topar personas a las que segir, o aprovarlo de muevo mas tadre.", "onboarding.follows.title": "Personaliza tu linya prinsipala", "onboarding.profile.discoverable": "Faz ke mi profil apareska en bushkedas", "onboarding.profile.display_name": "Nombre amostrado", @@ -497,7 +499,9 @@ "onboarding.start.title": "Lo logrates!", "onboarding.steps.follow_people.body": "El buto de Mastodon es segir a djente interesante.", "onboarding.steps.follow_people.title": "Personaliza tu linya prinsipala", + "onboarding.steps.publish_status.body": "Puedes introdusirte al mundo con teksto, fotos, videos o anketas {emoji}", "onboarding.steps.publish_status.title": "Eskrive tu primera publikasyon", + "onboarding.steps.setup_profile.body": "Kompleta tu profil para aumentar tus enteraksyones.", "onboarding.steps.setup_profile.title": "Personaliza tu profil", "onboarding.steps.share_profile.body": "Informe a tus amigos komo toparte en Mastodon", "onboarding.steps.share_profile.title": "Partaja tu profil de Mastodon", diff --git a/app/javascript/mastodon/locales/th.json b/app/javascript/mastodon/locales/th.json index b108e581a4..65f27ef061 100644 --- a/app/javascript/mastodon/locales/th.json +++ b/app/javascript/mastodon/locales/th.json @@ -314,7 +314,7 @@ "home.explore_prompt.body": "ฟีดหน้าแรกของคุณจะมีการผสมผสานของโพสต์จากแฮชแท็กที่คุณได้เลือกติดตาม, ผู้คนที่คุณได้เลือกติดตาม และโพสต์ที่เขาดัน หากนั่นรู้สึกเงียบเกินไป คุณอาจต้องการ:", "home.explore_prompt.title": "นี่คือฐานหน้าแรกของคุณภายใน Mastodon", "home.hide_announcements": "ซ่อนประกาศ", - "home.pending_critical_update.body": "โปรดอัปเดตเซิร์ฟเวอร์ Mastodon ของคุณโดยเร็วที่สุดเท่าที่จะทำได้!", + "home.pending_critical_update.body": "โปรดอัปเดตเซิร์ฟเวอร์ Mastodon ของคุณโดยเร็วที่สุดเท่าที่จะเป็นไปได้!", "home.pending_critical_update.link": "ดูการอัปเดต", "home.pending_critical_update.title": "มีการอัปเดตความปลอดภัยสำคัญพร้อมใช้งาน!", "home.show_announcements": "แสดงประกาศ", diff --git a/app/javascript/mastodon/locales/vi.json b/app/javascript/mastodon/locales/vi.json index 9de043bb20..c623caa3fb 100644 --- a/app/javascript/mastodon/locales/vi.json +++ b/app/javascript/mastodon/locales/vi.json @@ -358,7 +358,7 @@ "keyboard_shortcuts.my_profile": "mở hồ sơ của bạn", "keyboard_shortcuts.notifications": "mở thông báo", "keyboard_shortcuts.open_media": "mở ảnh hoặc video", - "keyboard_shortcuts.pinned": "mở những tút đã ghim", + "keyboard_shortcuts.pinned": "Open pinned posts list", "keyboard_shortcuts.profile": "mở trang của người đăng tút", "keyboard_shortcuts.reply": "trả lời", "keyboard_shortcuts.requests": "mở danh sách yêu cầu theo dõi", diff --git a/app/javascript/mastodon/store/typed_functions.ts b/app/javascript/mastodon/store/typed_functions.ts index 46a10b8b47..4859b82651 100644 --- a/app/javascript/mastodon/store/typed_functions.ts +++ b/app/javascript/mastodon/store/typed_functions.ts @@ -1,12 +1,11 @@ import { createAsyncThunk } from '@reduxjs/toolkit'; -import type { TypedUseSelectorHook } from 'react-redux'; // eslint-disable-next-line @typescript-eslint/no-restricted-imports import { useDispatch, useSelector } from 'react-redux'; import type { AppDispatch, RootState } from './store'; -export const useAppDispatch: () => AppDispatch = useDispatch; -export const useAppSelector: TypedUseSelectorHook = useSelector; +export const useAppDispatch = useDispatch.withTypes(); +export const useAppSelector = useSelector.withTypes(); export const createAppAsyncThunk = createAsyncThunk.withTypes<{ state: RootState; diff --git a/app/javascript/styles/mailer.scss b/app/javascript/styles/mailer.scss index bd220bb1a8..a2cbb494b4 100644 --- a/app/javascript/styles/mailer.scss +++ b/app/javascript/styles/mailer.scss @@ -100,9 +100,8 @@ table + p { border-top-right-radius: 12px; height: 140px; vertical-align: bottom; - background-color: #f3f2f5; - background-position: center; - background-size: cover; + background-position: center !important; + background-size: cover !important; } .email-account-banner-inner-td { diff --git a/app/lib/status_cache_hydrator.rb b/app/lib/status_cache_hydrator.rb index 45b50cb379..34f6199ec0 100644 --- a/app/lib/status_cache_hydrator.rb +++ b/app/lib/status_cache_hydrator.rb @@ -26,11 +26,11 @@ class StatusCacheHydrator def hydrate_non_reblog_payload(empty_payload, account_id) empty_payload.tap do |payload| - payload[:favourited] = Favourite.where(account_id: account_id, status_id: @status.id).exists? - payload[:reblogged] = Status.where(account_id: account_id, reblog_of_id: @status.id).exists? - payload[:muted] = ConversationMute.where(account_id: account_id, conversation_id: @status.conversation_id).exists? - payload[:bookmarked] = Bookmark.where(account_id: account_id, status_id: @status.id).exists? - payload[:pinned] = StatusPin.where(account_id: account_id, status_id: @status.id).exists? if @status.account_id == account_id + payload[:favourited] = Favourite.exists?(account_id: account_id, status_id: @status.id) + payload[:reblogged] = Status.exists?(account_id: account_id, reblog_of_id: @status.id) + payload[:muted] = ConversationMute.exists?(account_id: account_id, conversation_id: @status.conversation_id) + payload[:bookmarked] = Bookmark.exists?(account_id: account_id, status_id: @status.id) + payload[:pinned] = StatusPin.exists?(account_id: account_id, status_id: @status.id) if @status.account_id == account_id payload[:filtered] = mapped_applied_custom_filter(account_id, @status) if payload[:poll] @@ -51,11 +51,11 @@ class StatusCacheHydrator # used to create the status, we need to hydrate it here too payload[:reblog][:application] = payload_reblog_application if payload[:reblog][:application].nil? && @status.reblog.account_id == account_id - payload[:reblog][:favourited] = Favourite.where(account_id: account_id, status_id: @status.reblog_of_id).exists? - payload[:reblog][:reblogged] = Status.where(account_id: account_id, reblog_of_id: @status.reblog_of_id).exists? - payload[:reblog][:muted] = ConversationMute.where(account_id: account_id, conversation_id: @status.reblog.conversation_id).exists? - payload[:reblog][:bookmarked] = Bookmark.where(account_id: account_id, status_id: @status.reblog_of_id).exists? - payload[:reblog][:pinned] = StatusPin.where(account_id: account_id, status_id: @status.reblog_of_id).exists? if @status.reblog.account_id == account_id + payload[:reblog][:favourited] = Favourite.exists?(account_id: account_id, status_id: @status.reblog_of_id) + payload[:reblog][:reblogged] = Status.exists?(account_id: account_id, reblog_of_id: @status.reblog_of_id) + payload[:reblog][:muted] = ConversationMute.exists?(account_id: account_id, conversation_id: @status.reblog.conversation_id) + payload[:reblog][:bookmarked] = Bookmark.exists?(account_id: account_id, status_id: @status.reblog_of_id) + payload[:reblog][:pinned] = StatusPin.exists?(account_id: account_id, status_id: @status.reblog_of_id) if @status.reblog.account_id == account_id payload[:reblog][:filtered] = payload[:filtered] if payload[:reblog][:poll] diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb index 432b851b5e..3b1a085cb8 100644 --- a/app/mailers/user_mailer.rb +++ b/app/mailers/user_mailer.rb @@ -191,6 +191,18 @@ class UserMailer < Devise::Mailer end end + def failed_2fa(user, remote_ip, user_agent, timestamp) + @resource = user + @remote_ip = remote_ip + @user_agent = user_agent + @detection = Browser.new(user_agent) + @timestamp = timestamp.to_time.utc + + I18n.with_locale(locale) do + mail subject: default_i18n_subject + end + end + private def default_devise_subject diff --git a/app/models/account.rb b/app/models/account.rb index 5264631785..55eee725d2 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -127,9 +127,11 @@ class Account < ApplicationRecord scope :bots, -> { where(actor_type: %w(Application Service)) } scope :groups, -> { where(actor_type: 'Group') } scope :alphabetic, -> { order(domain: :asc, username: :asc) } + scope :matches_uri_prefix, ->(value) { where(arel_table[:uri].matches("#{sanitize_sql_like(value)}/%", false, true)).or(where(uri: value)) } scope :matches_username, ->(value) { where('lower((username)::text) LIKE lower(?)', "#{value}%") } scope :matches_display_name, ->(value) { where(arel_table[:display_name].matches("#{value}%")) } scope :without_unapproved, -> { left_outer_joins(:user).merge(User.approved.confirmed).or(remote) } + scope :auditable, -> { where(id: Admin::ActionLog.select(:account_id).distinct) } scope :searchable, -> { without_unapproved.without_suspended.where(moved_to_account_id: nil) } scope :discoverable, -> { searchable.without_silenced.where(discoverable: true).joins(:account_stat) } scope :by_recent_status, -> { includes(:account_stat).merge(AccountStat.order('last_status_at DESC NULLS LAST')).references(:account_stat) } diff --git a/app/models/admin/action_log_filter.rb b/app/models/admin/action_log_filter.rb index d413cb386d..f581af74e8 100644 --- a/app/models/admin/action_log_filter.rb +++ b/app/models/admin/action_log_filter.rb @@ -72,7 +72,7 @@ class Admin::ActionLogFilter end def results - scope = latest_action_logs.includes(:target) + scope = latest_action_logs.includes(:target, :account) params.each do |key, value| next if key.to_s == 'page' diff --git a/app/models/privacy_policy.rb b/app/models/privacy_policy.rb index 36cbf18822..c0d6e1b76d 100644 --- a/app/models/privacy_policy.rb +++ b/app/models/privacy_policy.rb @@ -1,66 +1,7 @@ # frozen_string_literal: true class PrivacyPolicy < ActiveModelSerializers::Model - DEFAULT_PRIVACY_POLICY = <<~TXT - This privacy policy describes how %{domain} ("%{domain}", "we", "us") collects, protects and uses the personally identifiable information you may provide through the %{domain} website or its API. The policy also describes the choices available to you regarding our use of your personal information and how you can access and update this information. This policy does not apply to the practices of companies that %{domain} does not own or control, or to individuals that %{domain} does not employ or manage. - - # What information do we collect? - - - **Basic account information**: If you register on this server, you may be asked to enter a username, an e-mail address and a password. You may also enter additional profile information such as a display name and biography, and upload a profile picture and header image. The username, display name, biography, profile picture and header image are always listed publicly. - - **Posts, following and other public information**: The list of people you follow is listed publicly, the same is true for your followers. When you submit a message, the date and time is stored as well as the application you submitted the message from. Messages may contain media attachments, such as pictures and videos. Public and unlisted posts are available publicly. When you feature a post on your profile, that is also publicly available information. Your posts are delivered to your followers, in some cases it means they are delivered to different servers and copies are stored there. When you delete posts, this is likewise delivered to your followers. The action of reblogging or favouriting another post is always public. - - **Direct and followers-only posts**: All posts are stored and processed on the server. Followers-only posts are delivered to your followers and users who are mentioned in them, and direct posts are delivered only to users mentioned in them. In some cases it means they are delivered to different servers and copies are stored there. We make a good faith effort to limit the access to those posts only to authorized persons, but other servers may fail to do so. Therefore it's important to review servers your followers belong to. You may toggle an option to approve and reject new followers manually in the settings. **Please keep in mind that the operators of the server and any receiving server may view such messages**, and that recipients may screenshot, copy or otherwise re-share them. **Do not share any sensitive information over Mastodon.** - - **IPs and other metadata**: When you log in, we record the IP address you log in from, as well as the name of your browser application. All the logged in sessions are available for your review and revocation in the settings. The latest IP address used is stored for up to 12 months. We also may retain server logs which include the IP address of every request to our server. - - # What do we use your information for? - - Any of the information we collect from you may be used in the following ways: - - - To provide the core functionality of Mastodon. You can only interact with other people's content and post your own content when you are logged in. For example, you may follow other people to view their combined posts in your own personalized home timeline. - - To aid moderation of the community, for example comparing your IP address with other known ones to determine ban evasion or other violations. - - The email address you provide may be used to send you information, notifications about other people interacting with your content or sending you messages, and to respond to inquiries, and/or other requests or questions. - - # How do we protect your information? - - We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. Among other things, your browser session, as well as the traffic between your applications and the API, are secured with SSL, and your password is hashed using a strong one-way algorithm. You may enable two-factor authentication to further secure access to your account. - - # What is our data retention policy? - - We will make a good faith effort to: - - - Retain server logs containing the IP address of all requests to this server, in so far as such logs are kept, no more than 90 days. - - Retain the IP addresses associated with registered users no more than 12 months. - - You can request and download an archive of your content, including your posts, media attachments, profile picture, and header image. - - You may irreversibly delete your account at any time. - - # Do we use cookies? - - Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account. - - We use cookies to understand and save your preferences for future visits. - - # Do we disclose any information to outside parties? - - We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. - - Your public content may be downloaded by other servers in the network. Your public and followers-only posts are delivered to the servers where your followers reside, and direct messages are delivered to the servers of the recipients, in so far as those followers or recipients reside on a different server than this. - - When you authorize an application to use your account, depending on the scope of permissions you approve, it may access your public profile information, your following list, your followers, your lists, all your posts, and your favourites. Applications can never access your e-mail address or password. - - # Site usage by children - - If this server is in the EU or the EEA: Our site, products and services are all directed to people who are at least 16 years old. If you are under the age of 16, per the requirements of the GDPR (General Data Protection Regulation) do not use this site. - - If this server is in the USA: Our site, products and services are all directed to people who are at least 13 years old. If you are under the age of 13, per the requirements of COPPA (Children's Online Privacy Protection Act) do not use this site. - - Law requirements can be different if this server is in another jurisdiction. - - ___ - - This document is CC-BY-SA. Originally adapted from the [Discourse privacy policy](https://github.com/discourse/discourse). - TXT - + DEFAULT_PRIVACY_POLICY = Rails.root.join('config', 'templates', 'privacy-policy.md').read DEFAULT_UPDATED_AT = DateTime.new(2022, 10, 7).freeze attributes :updated_at, :text diff --git a/app/serializers/rest/tag_serializer.rb b/app/serializers/rest/tag_serializer.rb index 7801e77d1f..017b572718 100644 --- a/app/serializers/rest/tag_serializer.rb +++ b/app/serializers/rest/tag_serializer.rb @@ -19,7 +19,7 @@ class REST::TagSerializer < ActiveModel::Serializer if instance_options && instance_options[:relationships] instance_options[:relationships].following_map[object.id] || false else - TagFollow.where(tag_id: object.id, account_id: current_user.account_id).exists? + TagFollow.exists?(tag_id: object.id, account_id: current_user.account_id) end end diff --git a/app/services/activitypub/fetch_featured_collection_service.rb b/app/services/activitypub/fetch_featured_collection_service.rb index d2bae08a0e..89c3a1b6c0 100644 --- a/app/services/activitypub/fetch_featured_collection_service.rb +++ b/app/services/activitypub/fetch_featured_collection_service.rb @@ -23,9 +23,9 @@ class ActivityPub::FetchFeaturedCollectionService < BaseService case collection['type'] when 'Collection', 'CollectionPage' - collection['items'] + as_array(collection['items']) when 'OrderedCollection', 'OrderedCollectionPage' - collection['orderedItems'] + as_array(collection['orderedItems']) end end diff --git a/app/services/activitypub/fetch_replies_service.rb b/app/services/activitypub/fetch_replies_service.rb index b5c7759ec5..e2ecdef165 100644 --- a/app/services/activitypub/fetch_replies_service.rb +++ b/app/services/activitypub/fetch_replies_service.rb @@ -26,9 +26,9 @@ class ActivityPub::FetchRepliesService < BaseService case collection['type'] when 'Collection', 'CollectionPage' - collection['items'] + as_array(collection['items']) when 'OrderedCollection', 'OrderedCollectionPage' - collection['orderedItems'] + as_array(collection['orderedItems']) end end @@ -37,7 +37,20 @@ class ActivityPub::FetchRepliesService < BaseService return unless @allow_synchronous_requests return if non_matching_uri_hosts?(@account.uri, collection_or_uri) - fetch_resource_without_id_validation(collection_or_uri, nil, true) + # NOTE: For backward compatibility reasons, Mastodon signs outgoing + # queries incorrectly by default. + # + # While this is relevant for all URLs with query strings, this is + # the only code path where this happens in practice. + # + # Therefore, retry with correct signatures if this fails. + begin + fetch_resource_without_id_validation(collection_or_uri, nil, true) + rescue Mastodon::UnexpectedResponseError => e + raise unless e.response && e.response.code == 401 && Addressable::URI.parse(collection_or_uri).query.present? + + fetch_resource_without_id_validation(collection_or_uri, nil, true, request_options: { with_query_string: true }) + end end def filtered_replies diff --git a/app/services/activitypub/synchronize_followers_service.rb b/app/services/activitypub/synchronize_followers_service.rb index 7ccc917309..f51d671a00 100644 --- a/app/services/activitypub/synchronize_followers_service.rb +++ b/app/services/activitypub/synchronize_followers_service.rb @@ -59,9 +59,9 @@ class ActivityPub::SynchronizeFollowersService < BaseService case collection['type'] when 'Collection', 'CollectionPage' - collection['items'] + as_array(collection['items']) when 'OrderedCollection', 'OrderedCollectionPage' - collection['orderedItems'] + as_array(collection['orderedItems']) end end diff --git a/app/services/keys/query_service.rb b/app/services/keys/query_service.rb index 14c9d9205b..33e13293f3 100644 --- a/app/services/keys/query_service.rb +++ b/app/services/keys/query_service.rb @@ -69,7 +69,7 @@ class Keys::QueryService < BaseService return if json['items'].blank? - @devices = json['items'].map do |device| + @devices = as_array(json['items']).map do |device| Device.new(device_id: device['id'], name: device['name'], identity_key: device.dig('identityKey', 'publicKeyBase64'), fingerprint_key: device.dig('fingerprintKey', 'publicKeyBase64'), claim_url: device['claim']) end rescue HTTP::Error, OpenSSL::SSL::SSLError, Mastodon::Error => e diff --git a/app/views/user_mailer/failed_2fa.html.haml b/app/views/user_mailer/failed_2fa.html.haml new file mode 100644 index 0000000000..e1da35ce06 --- /dev/null +++ b/app/views/user_mailer/failed_2fa.html.haml @@ -0,0 +1,24 @@ += content_for :heading do + = render 'application/mailer/heading', heading_title: t('user_mailer.failed_2fa.title'), heading_subtitle: t('user_mailer.failed_2fa.explanation'), heading_image_url: frontend_asset_url('images/mailer-new/heading/login.png') +%table.email-w-full{ cellspacing: 0, cellpadding: 0, border: 0, role: 'presentation' } + %tr + %td.email-body-padding-td + %table.email-inner-card-table{ cellspacing: 0, cellpadding: 0, border: 0, role: 'presentation' } + %tr + %td.email-inner-card-td.email-prose + %p= t 'user_mailer.failed_2fa.details' + %p + %strong #{t('sessions.ip')}: + = @remote_ip + %br/ + %strong #{t('sessions.browser')}: + %span{ title: @user_agent } + = t 'sessions.description', + browser: t("sessions.browsers.#{@detection.id}", default: @detection.id.to_s), + platform: t("sessions.platforms.#{@detection.platform.id}", default: @detection.platform.id.to_s) + %br/ + %strong #{t('sessions.date')}: + = l(@timestamp.in_time_zone(@resource.time_zone.presence), format: :with_time_zone) + = render 'application/mailer/button', text: t('settings.account_settings'), url: edit_user_registration_url + %p= t 'user_mailer.failed_2fa.further_actions_html', + action: link_to(t('user_mailer.suspicious_sign_in.change_password'), edit_user_registration_url) diff --git a/app/views/user_mailer/failed_2fa.text.erb b/app/views/user_mailer/failed_2fa.text.erb new file mode 100644 index 0000000000..c1dbf7d929 --- /dev/null +++ b/app/views/user_mailer/failed_2fa.text.erb @@ -0,0 +1,15 @@ +<%= t 'user_mailer.failed_2fa.title' %> + +=== + +<%= t 'user_mailer.failed_2fa.explanation' %> + +<%= t 'user_mailer.failed_2fa.details' %> + +<%= t('sessions.ip') %>: <%= @remote_ip %> +<%= t('sessions.browser') %>: <%= t('sessions.description', browser: t("sessions.browsers.#{@detection.id}", default: "#{@detection.id}"), platform: t("sessions.platforms.#{@detection.platform.id}", default: "#{@detection.platform.id}")) %> +<%= l(@timestamp.in_time_zone(@resource.time_zone.presence), format: :with_time_zone) %> + +<%= t 'user_mailer.failed_2fa.further_actions_html', action: t('user_mailer.suspicious_sign_in.change_password') %> + +=> <%= edit_user_registration_url %> diff --git a/config/locales/ast.yml b/config/locales/ast.yml index a32413cb9a..7e5a4c8876 100644 --- a/config/locales/ast.yml +++ b/config/locales/ast.yml @@ -909,6 +909,7 @@ ast: users: follow_limit_reached: Nun pues siguir a más de %{limit} persones invalid_otp_token: El códigu de l'autenticación en dos pasos nun ye válidu + rate_limited: Fixéronse milenta intentos d'autenticación. Volvi tentalo dempués. seamless_external_login: Aniciesti la sesión pente un serviciu esternu, polo que la configuración de la contraseña ya de la direición de corréu electrónicu nun tán disponibles. signed_in_as: 'Aniciesti la sesión como:' verification: diff --git a/config/locales/bg.yml b/config/locales/bg.yml index 377babe22e..58a5cae2fd 100644 --- a/config/locales/bg.yml +++ b/config/locales/bg.yml @@ -1843,6 +1843,7 @@ bg: go_to_sso_account_settings: Отидете при настройките на акаунта на своя доставчик на идентичност invalid_otp_token: Невалиден код otp_lost_help_html: Ако загубите достъп до двете, то може да се свържете с %{email} + rate_limited: Премного опити за удостоверяване. Опитайте пак по-късно. seamless_external_login: Влезли сте чрез външна услуга, така че настройките за парола и имейл не са налични. signed_in_as: 'Влезли като:' verification: diff --git a/config/locales/ca.yml b/config/locales/ca.yml index 580c4a3ed9..36ebb9785b 100644 --- a/config/locales/ca.yml +++ b/config/locales/ca.yml @@ -1840,6 +1840,7 @@ ca: go_to_sso_account_settings: Ves a la configuració del compte del teu proveïdor d'identitat invalid_otp_token: El codi de dos factors no és correcte otp_lost_help_html: Si has perdut l'accés a tots dos pots contactar per %{email} + rate_limited: Excessius intents d'autenticació, torneu-ho a provar més tard. seamless_external_login: Has iniciat sessió via un servei extern per tant els ajustos de contrasenya i correu electrònic no estan disponibles. signed_in_as: 'Sessió iniciada com a:' verification: diff --git a/config/locales/da.yml b/config/locales/da.yml index e09a6eb2f5..58fd723aef 100644 --- a/config/locales/da.yml +++ b/config/locales/da.yml @@ -1843,6 +1843,7 @@ da: go_to_sso_account_settings: Gå til identitetsudbyderens kontoindstillinger invalid_otp_token: Ugyldig tofaktorkode otp_lost_help_html: Har du mistet adgang til begge, kan du kontakte %{email} + rate_limited: For mange godkendelsesforsøg. Prøv igen senere. seamless_external_login: Du er logget ind via en ekstern tjeneste, så adgangskode- og e-mailindstillinger er utilgængelige. signed_in_as: 'Logget ind som:' verification: diff --git a/config/locales/de.yml b/config/locales/de.yml index dc78b188e2..e177c6d2d1 100644 --- a/config/locales/de.yml +++ b/config/locales/de.yml @@ -1843,6 +1843,7 @@ de: go_to_sso_account_settings: Kontoeinstellungen des Identitätsanbieters aufrufen invalid_otp_token: Ungültiger Code der Zwei-Faktor-Authentisierung (2FA) otp_lost_help_html: Wenn du beides nicht mehr weißt, melde dich bitte bei uns unter der E-Mail-Adresse %{email} + rate_limited: Zu viele Authentisierungsversuche. Bitte versuche es später noch einmal. seamless_external_login: Du bist über einen externen Dienst angemeldet, daher sind Passwort- und E-Mail-Einstellungen nicht verfügbar. signed_in_as: 'Angemeldet als:' verification: diff --git a/config/locales/devise.fi.yml b/config/locales/devise.fi.yml index bedf8a56f6..22fd7ff47b 100644 --- a/config/locales/devise.fi.yml +++ b/config/locales/devise.fi.yml @@ -47,14 +47,19 @@ fi: subject: 'Mastodon: ohjeet salasanan vaihtoon' title: Salasanan vaihto two_factor_disabled: + explanation: Sisäänkirjautuminen on nyt mahdollista pelkällä sähköpostiosoitteella ja salasanalla. subject: 'Mastodon: kaksivaiheinen todennus poistettu käytöstä' + subtitle: Kaksivaiheinen todennus on poistettu käytöstä tililtäsi. title: 2-vaiheinen todennus pois käytöstä two_factor_enabled: + explanation: Sisäänkirjautuminen edellyttää liitetyn TOTP-sovelluksen luomaa aikarajattua kertatunnuslukua. subject: 'Mastodon: kaksivaiheinen todennus otettu käyttöön' + subtitle: Kaksivaiheinen todennus on otettu käyttöön tilillesi. title: 2-vaiheinen todennus käytössä two_factor_recovery_codes_changed: explanation: Uudet palautuskoodit on nyt luotu ja vanhat on mitätöity. subject: 'Mastodon: kaksivaiheisen todennuksen palautuskoodit luotiin uudelleen' + subtitle: Aiemmat palautuskoodit on mitätöity ja tilalle on luotu uudet. title: 2-vaiheisen todennuksen palautuskoodit vaihdettiin unlock_instructions: subject: 'Mastodon: lukituksen poistamisen ohjeet' @@ -68,9 +73,13 @@ fi: subject: 'Mastodon: suojausavain poistettu' title: Yksi suojausavaimistasi on poistettu webauthn_disabled: + explanation: Turva-avaimin kirjautuminen on poistettu käytöstä tililtäsi. + extra: Sisäänkirjautuminen on nyt mahdollista pelkällä palveluun liitetyn TOTP-sovelluksen luomalla aikarajoitteisella kertatunnusluvulla. subject: 'Mastodon: Todennus suojausavaimilla poistettu käytöstä' title: Suojausavaimet poistettu käytöstä webauthn_enabled: + explanation: Turva-avaimella kirjautuminen on otettu käyttöön tilillesi. + extra: Voit nyt kirjautua sisään turva-avaimellasi. subject: 'Mastodon: Todennus suojausavaimella on otettu käyttöön' title: Suojausavaimet käytössä omniauth_callbacks: diff --git a/config/locales/devise.hu.yml b/config/locales/devise.hu.yml index 522ac66ad3..fea56ab24a 100644 --- a/config/locales/devise.hu.yml +++ b/config/locales/devise.hu.yml @@ -47,14 +47,19 @@ hu: subject: 'Mastodon: Jelszóvisszaállítási utasítások' title: Jelszó visszaállítása two_factor_disabled: + explanation: A bejelentkezés most már csupán email címmel és jelszóval lehetséges. subject: Kétlépcsős azonosítás kikapcsolva + subtitle: A kétlépcsős hitelesítés a fiókodhoz ki lett kapcsolva. title: Kétlépcsős hitelesítés kikapcsolva two_factor_enabled: + explanation: Egy párosított TOTP appal generált tokenre lesz szükség a bejelentkezéshez. subject: 'Mastodon: Kétlépcsős azonosítás engedélyezve' + subtitle: A kétlépcsős hitelesítés a fiókodhoz aktiválva lett. title: Kétlépcsős hitelesítés engedélyezve two_factor_recovery_codes_changed: explanation: A korábbi helyreállítási kódok letiltásra és újragenerálásra kerültek. subject: 'Mastodon: Kétlépcsős helyreállítási kódok újból előállítva' + subtitle: A korábbi helyreállítási kódokat letiltottuk, és újakat generáltunk. title: A kétlépcsős kódok megváltoztak unlock_instructions: subject: 'Mastodon: Feloldási utasítások' @@ -68,9 +73,13 @@ hu: subject: 'Mastodon: A biztonsági kulcs törlésre került' title: Az egyik biztonsági kulcsodat törölték webauthn_disabled: + explanation: A biztonsági kulcsokkal történő hitelesítés a fiókodhoz ki lett kapcsolva. + extra: A bejelentkezés most már csak TOTP app által generált tokennel lehetséges. subject: 'Mastodon: A biztonsági kulccsal történő hitelesítés letiltásra került' title: A biztonsági kulcsok letiltásra kerültek webauthn_enabled: + explanation: A biztonsági kulcsokkal történő hitelesítés a fiókodhoz aktiválva lett. + extra: A biztonsági kulcsodat mostantól lehet bejelentkezésre használni. subject: 'Mastodon: A biztonsági kulcsos hitelesítés engedélyezésre került' title: A biztonsági kulcsok engedélyezésre kerültek omniauth_callbacks: diff --git a/config/locales/devise.ie.yml b/config/locales/devise.ie.yml index 97cda4e8c6..332c9da456 100644 --- a/config/locales/devise.ie.yml +++ b/config/locales/devise.ie.yml @@ -52,6 +52,7 @@ ie: subtitle: 2-factor autentication por tui conto ha esset desactivisat. title: 2FA desvalidat two_factor_enabled: + explanation: Un clave generat del acuplat TOTP-aplication nu va esser besonat por aperter session. subject: 'Mastodon: 2-factor autentication activat' subtitle: 2-factor autentication ha esset activisat por tui conto. title: 2FA permisset @@ -73,6 +74,7 @@ ie: title: Un ex tui claves de securitá ha esset deletet webauthn_disabled: explanation: Autentication per clave de securitá ha esset desactivisat por tui conto. + extra: Aperter session es nu possibil solmen per li clave generat del acuplat TOTP-aplication. subject: 'Mastodon: Autentication con claves de securitá desactivisat' title: Claves de securitá desactivisat webauthn_enabled: diff --git a/config/locales/devise.ja.yml b/config/locales/devise.ja.yml index 9a3ffd9c4d..44a9a31839 100644 --- a/config/locales/devise.ja.yml +++ b/config/locales/devise.ja.yml @@ -49,12 +49,12 @@ ja: two_factor_disabled: explanation: メールアドレスとパスワードのみでログイン可能になりました。 subject: 'Mastodon: 二要素認証が無効になりました' - subtitle: 二要素認証が無効になっています。 + subtitle: 今後、アカウントへのログインに二要素認証を要求しません。 title: 二要素認証が無効化されました two_factor_enabled: explanation: ログインには設定済みのTOTPアプリが生成したトークンが必要です。 subject: 'Mastodon: 二要素認証が有効になりました' - subtitle: 二要素認証が有効になりました。 + subtitle: 今後、アカウントへのログインに二要素認証が必要になります。 title: 二要素認証が有効化されました two_factor_recovery_codes_changed: explanation: 以前のリカバリーコードが無効化され、新しいコードが生成されました。 @@ -73,7 +73,7 @@ ja: subject: 'Mastodon: セキュリティキーが削除されました' title: セキュリティキーが削除されました webauthn_disabled: - explanation: セキュリティキー認証が無効になっています。 + explanation: セキュリティキー認証が無効になりました。 extra: 設定済みのTOTPアプリが生成したトークンのみでログインできるようになりました。 subject: 'Mastodon: セキュリティキー認証が無効になりました' title: セキュリティキーは無効になっています diff --git a/config/locales/devise.ko.yml b/config/locales/devise.ko.yml index 88865aec58..0c848e4bac 100644 --- a/config/locales/devise.ko.yml +++ b/config/locales/devise.ko.yml @@ -47,14 +47,19 @@ ko: subject: 'Mastodon: 암호 재설정 설명' title: 암호 재설정 two_factor_disabled: + explanation: 이제 이메일과 암호만 이용해서 로그인이 가능합니다. subject: '마스토돈: 이중 인증 비활성화' + subtitle: 계정에 대한 2단계 인증이 비활성화되었습니다. title: 2FA 비활성화 됨 two_factor_enabled: + explanation: 로그인 하기 위해서는 짝이 되는 TOTP 앱에서 생성한 토큰이 필요합니다. subject: '마스토돈: 이중 인증 활성화' + subtitle: 계정에 대한 2단계 인증이 활성화되었습니다. title: 2FA 활성화 됨 two_factor_recovery_codes_changed: explanation: 이전 복구 코드가 무효화되고 새 코드가 생성되었습니다 subject: '마스토돈: 이중 인증 복구 코드 재생성 됨' + subtitle: 이전 복구 코드가 무효화되고 새 코드가 생성되었습니다. title: 2FA 복구 코드 변경됨 unlock_instructions: subject: '마스토돈: 잠금 해제 방법' @@ -68,9 +73,13 @@ ko: subject: '마스토돈: 보안 키 삭제' title: 보안 키가 삭제되었습니다 webauthn_disabled: + explanation: 계정의 보안 키 인증이 비활성화되었습니다 + extra: 이제 TOTP 앱에서 생성한 토큰을 통해서만 로그인 가능합니다. subject: '마스토돈: 보안 키를 이용한 인증이 비활성화 됨' title: 보안 키 비활성화 됨 webauthn_enabled: + explanation: 계정에 대한 보안키 인증이 활성화되었습니다. + extra: 로그인시 보안키가 사용됩니다. subject: '마스토돈: 보안 키 인증 활성화 됨' title: 보안 키 활성화 됨 omniauth_callbacks: diff --git a/config/locales/devise.lad.yml b/config/locales/devise.lad.yml index bec76d82f9..2b6b8aafb1 100644 --- a/config/locales/devise.lad.yml +++ b/config/locales/devise.lad.yml @@ -47,10 +47,14 @@ lad: subject: 'Mastodon: Instruksyones para reinisyar kod' title: Reinisyar kod two_factor_disabled: + explanation: Agora puedes konektarte kon tu kuento uzando solo tu adreso de posta i kod. subject: 'Mastodon: La autentifikasyon de dos pasos esta inkapasitada' + subtitle: La autentifikasyon en dos pasos para tu kuento tiene sido inkapasitada. title: Autentifikasyon 2FA inkapasitada two_factor_enabled: + explanation: Se rekierira un token djenerado por la aplikasyon TOTP konektada para entrar. subject: 'Mastodon: La autentifikasyon de dos pasos esta kapasitada' + subtitle: La autentifikasyon de dos pasos para tu kuento tiene sido kapasitada. title: Autentifikasyon 2FA aktivada two_factor_recovery_codes_changed: explanation: Los kodiches de rekuperasyon previos tienen sido invalidados i se djeneraron kodiches muevos. @@ -69,9 +73,13 @@ lad: subject: 'Mastodon: Yave de sigurita supremida' title: Una de tus yaves de sigurita tiene sido supremida webauthn_disabled: + explanation: La autentifikasyon kon yaves de sigurita tiene sido inkapasitada para tu kuento. + extra: Agora el inisyo de sesyon solo es posivle utilizando el token djeenerado por la aplikasyon TOTP konektada. subject: 'Mastodon: autentifikasyon kon yaves de sigurita inkapasitada' title: Yaves de sigurita inkapasitadas webauthn_enabled: + explanation: La autentifikasyon kon yave de sigurita tiene sido kapasitada para tu kuento. + extra: Agora tu yave de sigurita puede ser utilizada para konektarte kon tu kuento. subject: 'Mastodon: Autentifikasyon de yave de sigurita aktivada' title: Yaves de sigurita kapasitadas omniauth_callbacks: diff --git a/config/locales/devise.nn.yml b/config/locales/devise.nn.yml index acee9fdcdc..96920d42b5 100644 --- a/config/locales/devise.nn.yml +++ b/config/locales/devise.nn.yml @@ -47,14 +47,19 @@ nn: subject: 'Mastodon: Instuksjonar for å endra passord' title: Attstilling av passord two_factor_disabled: + explanation: Innlogging er nå mulig med kun e-postadresse og passord. subject: 'Mastodon: To-faktor-autentisering deaktivert' + subtitle: To-faktor autentisering for din konto har blitt deaktivert. title: 2FA deaktivert two_factor_enabled: + explanation: En token generert av den sammenkoblede TOTP-appen vil være påkrevd for innlogging. subject: 'Mastodon: To-faktor-autentisering aktivert' + subtitle: Tofaktorautentisering er aktivert for din konto. title: 2FA aktivert two_factor_recovery_codes_changed: explanation: Dei førre gjenopprettingskodane er ugyldige og nye er genererte. subject: 'Mastodon: To-faktor-gjenopprettingskodar har vorte genererte på nytt' + subtitle: De forrige gjenopprettingskodene er gjort ugyldige og nye er generert. title: 2FA-gjenopprettingskodane er endra unlock_instructions: subject: 'Mastodon: Instruksjonar for å opne kontoen igjen' @@ -68,9 +73,13 @@ nn: subject: 'Mastodon: Sikkerheitsnøkkel sletta' title: Ein av sikkerheitsnøklane dine har blitt sletta webauthn_disabled: + explanation: Autentisering med sikkerhetsnøkler er deaktivert for kontoen din. + extra: Innlogging er nå mulig med kun tilgangstoken generert av den sammenkoblede TOTP-appen. subject: 'Mastodon: Autentisering med sikkerheitsnøklar vart skrudd av' title: Sikkerheitsnøklar deaktivert webauthn_enabled: + explanation: Sikkerhetsnøkkelautentisering har blitt aktivert for kontoen din. + extra: Sikkerhetsnøkkelen din kan nå bli brukt for innlogging. subject: 'Mastodon: Sikkerheitsnøkkelsautentisering vart skrudd på' title: Sikkerheitsnøklar aktivert omniauth_callbacks: diff --git a/config/locales/devise.no.yml b/config/locales/devise.no.yml index 0d824da815..961778eaa5 100644 --- a/config/locales/devise.no.yml +++ b/config/locales/devise.no.yml @@ -47,14 +47,19 @@ subject: 'Mastodon: Hvordan nullstille passord' title: Nullstill passord two_factor_disabled: + explanation: Innlogging er nå mulig med kun e-postadresse og passord. subject: 'Mastodon: Tofaktorautentisering deaktivert' + subtitle: To-faktor autentisering for din konto har blitt deaktivert. title: 2FA deaktivert two_factor_enabled: + explanation: En token generert av den sammenkoblede TOTP-appen vil være påkrevd for innlogging. subject: 'Mastodon: Tofaktorautentisering aktivert' + subtitle: Tofaktorautentisering er aktivert for din konto. title: 2FA aktivert two_factor_recovery_codes_changed: explanation: De forrige gjenopprettingskodene er gjort ugyldige og nye er generert. subject: 'Mastodon: Tofaktor-gjenopprettingskoder har blitt generert på nytt' + subtitle: De forrige gjenopprettingskodene er gjort ugyldige og nye er generert. title: 2FA-gjenopprettingskodene ble endret unlock_instructions: subject: 'Mastodon: Instruksjoner for å gjenåpne konto' @@ -68,9 +73,13 @@ subject: 'Mastodon: Sikkerhetsnøkkel slettet' title: En av sikkerhetsnøklene dine har blitt slettet webauthn_disabled: + explanation: Autentisering med sikkerhetsnøkler er deaktivert for kontoen din. + extra: Innlogging er nå mulig med kun tilgangstoken generert av den sammenkoblede TOTP-appen. subject: 'Mastodon: Autentisering med sikkerhetsnøkler ble skrudd av' title: Sikkerhetsnøkler deaktivert webauthn_enabled: + explanation: Sikkerhetsnøkkelautentisering har blitt aktivert for kontoen din. + extra: Sikkerhetsnøkkelen din kan nå bli brukt for innlogging. subject: 'Mastodon: Sikkerhetsnøkkelsautentisering ble skrudd på' title: Sikkerhetsnøkler aktivert omniauth_callbacks: diff --git a/config/locales/devise.sl.yml b/config/locales/devise.sl.yml index 72269e4826..2d567e63f4 100644 --- a/config/locales/devise.sl.yml +++ b/config/locales/devise.sl.yml @@ -47,14 +47,19 @@ sl: subject: 'Mastodon: navodila za ponastavitev gesla' title: Ponastavitev gesla two_factor_disabled: + explanation: Prijava je sedaj mogoče le z uporabo e-poštnega naslova in gesla. subject: 'Mastodon: dvojno preverjanje pristnosti je onemogočeno' + subtitle: Dvo-faktorsko preverjanje pristnosti za vaš račun je bilo onemogočeno. title: 2FA onemogočeno two_factor_enabled: + explanation: Za prijavo bo zahtevan žeton, ustvarjen s povezano aplikacijo TOTP. subject: 'Mastodon: dvojno preverjanje pristnosti je omogočeno' + subtitle: Dvo-faktorsko preverjanje pristnosti za vaš račun je bilo omogočeno. title: 2FA omogočeno two_factor_recovery_codes_changed: explanation: Prejšnje obnovitvene kode so postale neveljavne in ustvarjene so bile nove. subject: 'Mastodon: varnostne obnovitvene kode za dvojno preverjanje pristnosti so ponovno izdelane' + subtitle: Prejšnje kode za obnovitev so bile razveljavljene, ustvarjene pa so bile nove. title: obnovitvene kode 2FA spremenjene unlock_instructions: subject: 'Mastodon: navodila za odklepanje' @@ -68,9 +73,13 @@ sl: subject: 'Mastodon: varnostna koda izbrisana' title: Ena od vaših varnostnih kod je bila izbrisana webauthn_disabled: + explanation: Preverjanje pristnosti z varnostnimi ključi za vaš račun je bilo onemogočeno. + extra: Prijava je sedaj mogoče le z uporabo žetona, ustvarjenega s povezano aplikacijo TOTP. subject: 'Mastodon: overjanje pristnosti z varnosnimi kodami je onemogočeno' title: Varnostne kode onemogočene webauthn_enabled: + explanation: Preverjanje pristnosti z varnostnimi ključi za vaš račun je bilo omogočeno. + extra: Za prijavo sedaj lahko uporabite svoj varnostni ključ. subject: 'Mastodon: preverjanje pristnosti z varnostno kodo je omogočeno' title: Varnostne kode omogočene omniauth_callbacks: diff --git a/config/locales/devise.th.yml b/config/locales/devise.th.yml index 13fdea3fef..40baabcf75 100644 --- a/config/locales/devise.th.yml +++ b/config/locales/devise.th.yml @@ -47,14 +47,19 @@ th: subject: 'Mastodon: คำแนะนำการตั้งรหัสผ่านใหม่' title: การตั้งรหัสผ่านใหม่ two_factor_disabled: + explanation: ตอนนี้สามารถเข้าสู่ระบบได้โดยใช้เพียงที่อยู่อีเมลและรหัสผ่านเท่านั้น subject: 'Mastodon: ปิดใช้งานการรับรองความถูกต้องด้วยสองปัจจัยแล้ว' + subtitle: ปิดใช้งานการรับรองความถูกต้องด้วยสองปัจจัยสำหรับบัญชีของคุณแล้ว title: ปิดใช้งาน 2FA แล้ว two_factor_enabled: + explanation: จะต้องใช้โทเคนที่สร้างโดยแอป TOTP ที่จับคู่สำหรับการเข้าสู่ระบบ subject: 'Mastodon: เปิดใช้งานการรับรองความถูกต้องด้วยสองปัจจัยแล้ว' + subtitle: เปิดใช้งานการรับรองความถูกต้องด้วยสองปัจจัยสำหรับบัญชีของคุณแล้ว title: เปิดใช้งาน 2FA แล้ว two_factor_recovery_codes_changed: - explanation: ยกเลิกรหัสกู้คืนก่อนหน้านี้และสร้างรหัสใหม่แล้ว + explanation: ยกเลิกรหัสกู้คืนก่อนหน้านี้และสร้างรหัสกู้คืนใหม่แล้ว subject: 'Mastodon: สร้างรหัสกู้คืนสองปัจจัยใหม่แล้ว' + subtitle: ยกเลิกรหัสกู้คืนก่อนหน้านี้และสร้างรหัสกู้คืนใหม่แล้ว title: เปลี่ยนรหัสกู้คืน 2FA แล้ว unlock_instructions: subject: 'Mastodon: คำแนะนำการปลดล็อค' @@ -68,9 +73,13 @@ th: subject: 'Mastodon: ลบกุญแจความปลอดภัยแล้ว' title: ลบหนึ่งในกุญแจความปลอดภัยของคุณแล้ว webauthn_disabled: + explanation: ปิดใช้งานการรับรองความถูกต้องด้วยกุญแจความปลอดภัยสำหรับบัญชีของคุณแล้ว + extra: ตอนนี้สามารถเข้าสู่ระบบได้โดยใช้เพียงโทเคนที่สร้างโดยแอป TOTP ที่จับคู่เท่านั้น subject: 'Mastodon: ปิดใช้งานการรับรองความถูกต้องด้วยกุญแจความปลอดภัยแล้ว' title: ปิดใช้งานกุญแจความปลอดภัยแล้ว webauthn_enabled: + explanation: เปิดใช้งานการรับรองความถูกต้องด้วยกุญแจความปลอดภัยสำหรับบัญชีของคุณแล้ว + extra: ตอนนี้สามารถใช้กุญแจความปลอดภัยของคุณสำหรับการเข้าสู่ระบบ subject: 'Mastodon: เปิดใช้งานการรับรองความถูกต้องด้วยกุญแจความปลอดภัยแล้ว' title: เปิดใช้งานกุญแจความปลอดภัยแล้ว omniauth_callbacks: diff --git a/config/locales/doorkeeper.ia.yml b/config/locales/doorkeeper.ia.yml index ec85df24fc..d689354f61 100644 --- a/config/locales/doorkeeper.ia.yml +++ b/config/locales/doorkeeper.ia.yml @@ -17,6 +17,7 @@ ia: index: application: Application delete: Deler + empty: Tu non ha applicationes. name: Nomine new: Nove application show: Monstrar @@ -47,6 +48,7 @@ ia: title: accounts: Contos admin/accounts: Gestion de contos + all: Accesso plen a tu conto de Mastodon bookmarks: Marcapaginas conversations: Conversationes favourites: Favoritos @@ -61,8 +63,15 @@ ia: applications: Applicationes oauth2_provider: Fornitor OAuth2 scopes: + read:favourites: vider tu favoritos + read:lists: vider tu listas + read:notifications: vider tu notificationes + read:statuses: vider tote le messages write:accounts: modificar tu profilo + write:blocks: blocar contos e dominios write:favourites: messages favorite + write:filters: crear filtros write:lists: crear listas + write:media: incargar files de medios write:notifications: rader tu notificationes write:statuses: publicar messages diff --git a/config/locales/en.yml b/config/locales/en.yml index 78820c3b59..83eaaa4552 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1791,6 +1791,12 @@ en: extra: It's now ready for download! subject: Your archive is ready for download title: Archive takeout + failed_2fa: + details: 'Here are details of the sign-in attempt:' + explanation: Someone has tried to sign in to your account but provided an invalid second authentication factor. + further_actions_html: If this wasn't you, we recommend that you %{action} immediately as it may be compromised. + subject: Second factor authentication failure + title: Failed second factor authentication suspicious_sign_in: change_password: change your password details: 'Here are details of the sign-in:' @@ -1844,6 +1850,7 @@ en: go_to_sso_account_settings: Go to your identity provider's account settings invalid_otp_token: Invalid two-factor code otp_lost_help_html: If you lost access to both, you may get in touch with %{email} + rate_limited: Too many authentication attempts, try again later. seamless_external_login: You are logged in via an external service, so password and e-mail settings are not available. signed_in_as: 'Signed in as:' verification: diff --git a/config/locales/eo.yml b/config/locales/eo.yml index 1bcf36700b..beb6aa6d9f 100644 --- a/config/locales/eo.yml +++ b/config/locales/eo.yml @@ -309,6 +309,7 @@ eo: unpublish: Malpublikigi unpublished_msg: Anonco sukcese malpublikigita! updated_msg: Anonco sukcese ĝisdatigis! + critical_update_pending: Kritika ĝisdatigo pritraktotas custom_emojis: assign_category: Atribui kategorion by_domain: Domajno @@ -424,6 +425,7 @@ eo: view: Vidi domajna blokado email_domain_blocks: add_new: Aldoni novan + allow_registrations_with_approval: Permesi aliĝojn kun aprobo attempts_over_week: one: "%{count} provo ekde lasta semajno" other: "%{count} registroprovoj ekde lasta semajno" @@ -770,11 +772,21 @@ eo: approved: Bezonas aprobi por aliĝi none: Neniu povas aliĝi open: Iu povas aliĝi + security: + authorized_fetch: Devigi aŭtentigon de frataraj serviloj + title: Agordoj de la servilo site_uploads: delete: Forigi elŝutitan dosieron destroyed_msg: Reteja alŝuto sukcese forigita! software_updates: + critical_update: Kritika — bonvolu ĝisdatiĝi rapide documentation_link: Lerni pli + release_notes: Eldono-notoj + title: Disponeblaj ĝisdatigoj + type: Tipo + types: + major: Ĉefa eldono + minor: Neĉefa eldono statuses: account: Skribanto application: Aplikaĵo @@ -1259,6 +1271,9 @@ eo: overwrite: Anstataŭigi overwrite_long: Anstataŭigi la nunajn registrojn per la novaj preface: Vi povas importi datumojn, kiujn vi eksportis el alia servilo, kiel liston de homoj, kiujn vi sekvas aŭ blokas. + states: + finished: Finita + unconfirmed: Nekonfirmita success: Viaj datumoj estis sukcese alŝutitaj kaj estos traktitaj kiel planite titles: following: Importado de sekvaj kontoj @@ -1528,6 +1543,7 @@ eo: unknown_browser: Nekonata retumilo weibo: Weibo current_session: Nuna seanco + date: Dato description: "%{browser} en %{platform}" explanation: Ĉi tiuj estas la retumiloj nun ensalutintaj al via Mastodon-konto. ip: IP @@ -1693,6 +1709,7 @@ eo: webauthn: Sekurecaj ŝlosiloj user_mailer: appeal_approved: + action: Konto-agordoj explanation: La apelacio de la admono kontra via konto je %{strike_date} pri sendodato %{appeal_date} aprobitas. subject: Via apelacio de %{date} aprobitas title: Apelacio estis aprobita @@ -1701,6 +1718,7 @@ eo: subject: Via apelacio de %{date} estis malaprobita title: Apelacio estis malaprobita backup_ready: + extra: Estas nun preta por elŝuto! subject: Via arkivo estas preta por elŝutado title: Arkiva elŝuto suspicious_sign_in: @@ -1756,6 +1774,7 @@ eo: go_to_sso_account_settings: Iru al la agordoj de la konto de via identeca provizanto invalid_otp_token: Nevalida kodo de dufaktora aŭtentigo otp_lost_help_html: Se vi perdas aliron al ambaŭ, vi povas kontakti %{email} + rate_limited: Estas tro multaj aŭtentigaj provoj, reprovu poste. seamless_external_login: Vi estas ensalutinta per ekstera servo, do pasvortaj kaj retadresaj agordoj ne estas disponeblaj. signed_in_as: 'Salutinta kiel:' verification: diff --git a/config/locales/es-AR.yml b/config/locales/es-AR.yml index 26c18b5feb..0b6e58db59 100644 --- a/config/locales/es-AR.yml +++ b/config/locales/es-AR.yml @@ -1843,6 +1843,7 @@ es-AR: go_to_sso_account_settings: Andá a la configuración de cuenta de tu proveedor de identidad invalid_otp_token: Código de dos factores no válido otp_lost_help_html: Si perdiste al acceso a ambos, podés ponerte en contacto con %{email} + rate_limited: Demasiados intentos de autenticación; intentá de nuevo más tarde. seamless_external_login: Iniciaste sesión desde un servicio externo, así que la configuración de contraseña y correo electrónico no están disponibles. signed_in_as: 'Iniciaste sesión como:' verification: diff --git a/config/locales/es-MX.yml b/config/locales/es-MX.yml index 32178d0b04..11c327bcca 100644 --- a/config/locales/es-MX.yml +++ b/config/locales/es-MX.yml @@ -1843,6 +1843,7 @@ es-MX: go_to_sso_account_settings: Diríjete a la configuración de la cuenta de su proveedor de identidad invalid_otp_token: Código de dos factores incorrecto otp_lost_help_html: Si perdiste al acceso a ambos, puedes ponerte en contancto con %{email} + rate_limited: Demasiados intentos de autenticación, inténtalo de nuevo más tarde. seamless_external_login: Has iniciado sesión desde un servicio externo, así que los ajustes de contraseña y correo no están disponibles. signed_in_as: 'Sesión iniciada como:' verification: diff --git a/config/locales/es.yml b/config/locales/es.yml index 9235b985fb..4dbb76c526 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -1843,6 +1843,7 @@ es: go_to_sso_account_settings: Diríjase a la configuración de la cuenta de su proveedor de identidad invalid_otp_token: Código de dos factores incorrecto otp_lost_help_html: Si perdiste al acceso a ambos, puedes ponerte en contancto con %{email} + rate_limited: Demasiados intentos de autenticación, inténtalo de nuevo más tarde. seamless_external_login: Has iniciado sesión desde un servicio externo, así que los ajustes de contraseña y correo no están disponibles. signed_in_as: 'Sesión iniciada como:' verification: diff --git a/config/locales/eu.yml b/config/locales/eu.yml index 4b91f7a524..bfa1f829b6 100644 --- a/config/locales/eu.yml +++ b/config/locales/eu.yml @@ -1847,6 +1847,7 @@ eu: go_to_sso_account_settings: Jo zure identitate-hornitzaileko kontuaren ezarpenetara invalid_otp_token: Bi faktoreetako kode baliogabea otp_lost_help_html: 'Bietara sarbidea galdu baduzu, jarri kontaktuan hemen: %{email}' + rate_limited: Autentifikazio saiakera gehiegi, saiatu berriro geroago. seamless_external_login: Kanpo zerbitzu baten bidez hasi duzu saioa, beraz pasahitza eta e-mail ezarpenak ez daude eskuragarri. signed_in_as: 'Saioa honela hasita:' verification: diff --git a/config/locales/fi.yml b/config/locales/fi.yml index a719f3496f..9d8974392f 100644 --- a/config/locales/fi.yml +++ b/config/locales/fi.yml @@ -1608,6 +1608,7 @@ fi: unknown_browser: Tuntematon selain weibo: Weibo current_session: Nykyinen istunto + date: Päiväys description: "%{browser} alustalla %{platform}" explanation: Nämä verkkoselaimet ovat tällä hetkellä kirjautuneena Mastodon-tilillesi. ip: IP-osoite @@ -1774,14 +1775,19 @@ fi: webauthn: Suojausavaimet user_mailer: appeal_approved: + action: Tilin asetukset explanation: Valitus tiliäsi koskevasta varoituksesta %{strike_date} jonka lähetit %{appeal_date} on hyväksytty. Tilisi on jälleen hyvässä kunnossa. subject: Valituksesi %{date} on hyväksytty + subtitle: Tilisi on jälleen normaalissa tilassa. title: Valitus hyväksytty appeal_rejected: explanation: Valitus tiliäsi koskevasta varoituksesta %{strike_date} jonka lähetit %{appeal_date} on hylätty. subject: Valituksesi %{date} on hylätty + subtitle: Vetoomuksesi on hylätty. title: Valitus hylätty backup_ready: + explanation: Olet pyytänyt täyden varmuuskopion Mastodon-tilistäsi. + extra: Se on nyt valmis ladattavaksi! subject: Arkisto on valmiina ladattavaksi title: Arkiston tallennus suspicious_sign_in: @@ -1837,6 +1843,7 @@ fi: go_to_sso_account_settings: Avaa identiteettitarjoajasi tiliasetukset invalid_otp_token: Virheellinen kaksivaiheisen todentamisen koodi otp_lost_help_html: Jos sinulla ei ole pääsyä kumpaankaan, voit ottaa yhteyden osoitteeseen %{email} + rate_limited: Liian monta todennusyritystä. Yritä myöhemmin uudelleen. seamless_external_login: Olet kirjautunut ulkoisen palvelun kautta, joten salasana- ja sähköpostiasetukset eivät ole käytettävissä. signed_in_as: 'Kirjautunut tilillä:' verification: diff --git a/config/locales/fo.yml b/config/locales/fo.yml index 03a525fa5d..dabaf24ba7 100644 --- a/config/locales/fo.yml +++ b/config/locales/fo.yml @@ -1843,6 +1843,7 @@ fo: go_to_sso_account_settings: Far til kontustillingarnar hjá samleikaveitaranum hjá tær invalid_otp_token: Ógyldug tvey-stigs koda otp_lost_help_html: Hevur tú mist atgongd til bæði, so kanst tú koma í samband við %{email} + rate_limited: Ov nógvar samgildisroyndir, royn aftur seinni. seamless_external_login: Tú er ritað/ur inn umvegis eina uttanhýsis tænastu, so loyniorð og teldupoststillingar eru ikki tøkar. signed_in_as: 'Ritað/ur inn sum:' verification: diff --git a/config/locales/gl.yml b/config/locales/gl.yml index 1398f6ad0b..3c43a4e23d 100644 --- a/config/locales/gl.yml +++ b/config/locales/gl.yml @@ -1843,6 +1843,7 @@ gl: go_to_sso_account_settings: Ir aos axustes da conta no teu provedor de identidade invalid_otp_token: O código do segundo factor non é válido otp_lost_help_html: Se perdes o acceso a ambos, podes contactar con %{email} + rate_limited: Demasiados intentos de autenticación, inténtao máis tarde. seamless_external_login: Accedeches a través dun servizo externo, polo que os axustes de contrasinal e email non están dispoñibles. signed_in_as: 'Rexistrada como:' verification: diff --git a/config/locales/he.yml b/config/locales/he.yml index 2969cf33e8..db57912d89 100644 --- a/config/locales/he.yml +++ b/config/locales/he.yml @@ -1907,6 +1907,7 @@ he: go_to_sso_account_settings: מעבר לאפיוני החשבון שלך בשרת הזהות invalid_otp_token: קוד דו-שלבי שגוי otp_lost_help_html: אם איבדת גישה לשניהם, ניתן ליצור קשר ב-%{email} + rate_limited: יותר מדי ניסיונות אימות, נסו שוב מאוחר יותר. seamless_external_login: את.ה מחובר דרך שירות חיצוני, לכן אפשרויות הסיסמא והדוא"ל לא מאופשרות. signed_in_as: 'מחובר בתור:' verification: diff --git a/config/locales/hu.yml b/config/locales/hu.yml index 536af8b6b5..8fce206e9e 100644 --- a/config/locales/hu.yml +++ b/config/locales/hu.yml @@ -1608,6 +1608,7 @@ hu: unknown_browser: Ismeretlen böngésző weibo: Weibo current_session: Jelenlegi munkamenet + date: Dátum description: "%{browser} az alábbi platformon: %{platform}" explanation: Jelenleg az alábbi böngészőkkel vagy bejelentkezve a fiókodba. ip: IP @@ -1774,14 +1775,19 @@ hu: webauthn: Biztonsági kulcsok user_mailer: appeal_approved: + action: Fiók Beállításai explanation: A fiókod %{appeal_date}-i fellebbezése, mely a %{strike_date}-i vétségeddel kapcsolatos, jóváhagyásra került. A fiókod megint makulátlan. subject: A %{date}-i fellebbezésedet jóváhagyták + subtitle: A fiókod ismét használható állapotban van. title: Fellebbezés jóváhagyva appeal_rejected: explanation: A %{appeal_date}-i fellebbezésed, amely a fiókod %{strike_date}-i vétségével kapcsolatos, elutasításra került. subject: A %{date}-i fellebbezésedet visszautasították + subtitle: A fellebbezésedet visszautasították. title: Fellebbezés visszautasítva backup_ready: + explanation: A Mastodon fiókod teljes biztonsági mentését kérted. + extra: Már letöltésre kész! subject: Az adataidról készült archív letöltésre kész title: Archiválás suspicious_sign_in: @@ -1837,6 +1843,7 @@ hu: go_to_sso_account_settings: Ugrás az azonosítási szolgáltatód fiókbeállításaihoz invalid_otp_token: Érvénytelen ellenőrző kód otp_lost_help_html: Ha mindkettőt elvesztetted, kérhetsz segítséget itt %{email} + rate_limited: Túl sok hiteleítési kísérlet történt. Próbáld újra később. seamless_external_login: Külső szolgáltatáson keresztül jelentkeztél be, így a jelszó és e-mail beállítások nem elérhetőek. signed_in_as: Bejelentkezve mint verification: diff --git a/config/locales/ie.yml b/config/locales/ie.yml index c8cd5d5f8d..c77a8f802d 100644 --- a/config/locales/ie.yml +++ b/config/locales/ie.yml @@ -1786,6 +1786,7 @@ ie: subtitle: Tui apelle ha esset rejectet. title: Apelle rejectet backup_ready: + explanation: Tu petit un complet archive de tui conto de Mastodon. extra: It es ja pret a descargar! subject: Tui archive es pret por descargar title: Descargar archive @@ -1842,6 +1843,7 @@ ie: go_to_sso_account_settings: Ear al parametres de conto de tui provisor de identification invalid_otp_token: Ínvalid 2-factor code otp_lost_help_html: Si tu perdit accesse a ambis, tu posse contacter %{email} + rate_limited: Tro mult de provas de autentication, ples provar denov plu tard. seamless_external_login: Tu ha intrat per un servicie external, dunc parametres pri tui passa-parol e email-adresse ne es disponibil. signed_in_as: 'Session apertet quam:' verification: diff --git a/config/locales/is.yml b/config/locales/is.yml index 9f8d5d42dc..b048d5cb00 100644 --- a/config/locales/is.yml +++ b/config/locales/is.yml @@ -1847,6 +1847,7 @@ is: go_to_sso_account_settings: Fara í stillingar aðgangsins hjá auðkennisveitunni þinni invalid_otp_token: Ógildur tveggja-þátta kóði otp_lost_help_html: Ef þú hefur misst aðganginn að hvoru tveggja, geturðu sett þig í samband við %{email} + rate_limited: Of margar tilraunir til auðkenningar, prófaðu aftur síðar. seamless_external_login: Innskráning þín er í gegnum utanaðkomandi þjónustu, þannig að stillingar fyrir lykilorð og tölvupóst eru ekki aðgengilegar. signed_in_as: 'Skráð inn sem:' verification: diff --git a/config/locales/it.yml b/config/locales/it.yml index a17fae4804..adcef9559f 100644 --- a/config/locales/it.yml +++ b/config/locales/it.yml @@ -1845,6 +1845,7 @@ it: go_to_sso_account_settings: Vai alle impostazioni dell'account del tuo provider di identità invalid_otp_token: Codice d'accesso non valido otp_lost_help_html: Se perdessi l'accesso ad entrambi, puoi entrare in contatto con %{email} + rate_limited: Troppi tentativi di autenticazione, per favore riprova più tardi. seamless_external_login: Hai effettuato l'accesso tramite un servizio esterno, quindi le impostazioni di password e e-mail non sono disponibili. signed_in_as: 'Hai effettuato l''accesso come:' verification: diff --git a/config/locales/ja.yml b/config/locales/ja.yml index a68426cb53..c966cbe36f 100644 --- a/config/locales/ja.yml +++ b/config/locales/ja.yml @@ -1813,6 +1813,7 @@ ja: go_to_sso_account_settings: 外部サービスアカウントの設定はこちらで行ってください invalid_otp_token: 二要素認証コードが間違っています otp_lost_help_html: どちらも使用できない場合、%{email}に連絡を取ると解決できるかもしれません + rate_limited: 認証に失敗した回数が多すぎます。時間をおいてからログインしてください。 seamless_external_login: あなたは外部サービスを介してログインしているため、パスワードとメールアドレスの設定は利用できません。 signed_in_as: '下記でログイン中:' verification: diff --git a/config/locales/ko.yml b/config/locales/ko.yml index b0eadc0504..946aa35657 100644 --- a/config/locales/ko.yml +++ b/config/locales/ko.yml @@ -1584,6 +1584,7 @@ ko: unknown_browser: 알 수 없는 브라우저 weibo: 웨이보 current_session: 현재 세션 + date: 날짜 description: "%{platform}의 %{browser}" explanation: 내 마스토돈 계정에 로그인되어 있는 웹 브라우저 목록입니다. ip: IP @@ -1744,14 +1745,19 @@ ko: webauthn: 보안 키 user_mailer: appeal_approved: + action: 계정 설정 explanation: "%{strike_date}에 일어난 중재결정에 대한 소명을 %{appeal_date}에 작성했으며 승낙되었습니다. 당신의 계정은 정상적인 상태로 돌아왔습니다." subject: 귀하가 %{date}에 작성한 소명이 승낙되었습니다 + subtitle: 계정이 다시 정상적인 상태입니다. title: 소명이 받아들여짐 appeal_rejected: explanation: "%{strike_date}에 일어난 중재결정에 대한 소명을 %{appeal_date}에 작성했지만 반려되었습니다." subject: "%{date}에 작성한 소명이 반려되었습니다." + subtitle: 소명이 기각되었습니다. title: 이의 제기가 거절되었습니다 backup_ready: + explanation: 마스토돈 계정에 대한 전체 백업을 요청했습니다 + extra: 다운로드 할 준비가 되었습니다! subject: 아카이브를 다운로드할 수 있습니다 title: 아카이브 테이크아웃 suspicious_sign_in: @@ -1807,6 +1813,7 @@ ko: go_to_sso_account_settings: ID 공급자의 계정 설정으로 이동 invalid_otp_token: 2단계 인증 코드가 올바르지 않습니다 otp_lost_help_html: 만약 양쪽 모두를 잃어버렸다면 %{email}을 통해 복구할 수 있습니다 + rate_limited: 너무 많은 인증 시도가 있었습니다, 잠시 후에 시도하세요. seamless_external_login: 외부 서비스를 이용해 로그인했으므로 이메일과 암호는 설정할 수 없습니다. signed_in_as: '다음과 같이 로그인 중:' verification: diff --git a/config/locales/lad.yml b/config/locales/lad.yml index d1247fc781..5a09c4c609 100644 --- a/config/locales/lad.yml +++ b/config/locales/lad.yml @@ -384,6 +384,7 @@ lad: cancel: Anula confirm: Suspende permanent_action: Si kites la suspensyon no restoraras dingunos datos ni relasyones. + preamble_html: Estas a punto de suspender %{domain} i sus subdomenos. remove_all_data: Esto efasara todo el kontenido, multimedia i datos de profiles de los kuentos en este domeno de tu sirvidor. stop_communication: Tu sirvidor deshara de komunikarse kon estos sirvidores. title: Konfirma bloko de domeno para %{domain} @@ -608,6 +609,7 @@ lad: created_at: Raportado delete_and_resolve: Efasa publikasyones forwarded: Reembiado + forwarded_replies_explanation: Este raporto vyene de un utilizador remoto i es sovre kontenido remoto. Tiene sido reembiado a ti porke el kontenido raportado esta en una repuesta a uno de tus utilizadores. forwarded_to: Reembiado a %{domain} mark_as_resolved: Marka komo rezolvido mark_as_sensitive: Marka komo sensivle @@ -712,6 +714,7 @@ lad: manage_users: Administra utilizadores manage_users_description: Permete a los utilizadores ver los peratim de otros utilizadores i realizar aksyones de moderasyon kontra eyos manage_webhooks: Administrar webhooks + manage_webhooks_description: Permite a los utilizadores konfigurar webhooks para evenimientos administrativos view_audit_log: Mostra defter de revisyon view_audit_log_description: Permete a los utilizadores ver una estoria de aksyones administrativas en el sirvidor view_dashboard: Ve pano @@ -738,6 +741,8 @@ lad: branding: preamble: La marka de tu sirvidor lo desferensia de otros sirvidores de la red. Esta enformasyon puede amostrarse por una varieta de entornos, komo en la enterfaz web de Mastodon, en aplikasyones nativas, en previsualizasiones de atadijos en otros sitios internetikos i en aplikasyones de mesajes, etc. Por esta razon, es mijor mantener esta enformasyon klara, breve i konsiza. title: Marka + captcha_enabled: + title: Solisita ke los muevos utilizadores rezolven un CAPTCHA para konfirmar su konto content_retention: preamble: Kontrola komo el kontenido jenerado por el utilizador se magazina en Mastodon. title: Retensyon de kontenido @@ -765,6 +770,9 @@ lad: approved: Se rekiere achetasion para enrejistrarse none: Permete a los utilizadores trokar la konfigurasyon del sitio open: Kualkiera puede enrejistrarse + security: + authorized_fetch_overridden_hint: Agora no puedes trokar esta konfigurasyon dkee esta sovreeskrita por una variable de entorno. + federation_authentication: Forzamyento de autentifikasyon para la federasyon title: Konfigurasyon del sirvidor site_uploads: delete: Efasa dosya kargada @@ -820,8 +828,13 @@ lad: system_checks: database_schema_check: message_html: Ay migrasyones asperando de la baza de datos. Por favor, egzekutalas para asigurarte de ke la aplikasyon fonksiona komo deveria + elasticsearch_health_red: + message_html: El klaster de Elasticsearch no es sano (estado kolorado), funksyones de bushkeda no estan disponivles + elasticsearch_health_yellow: + message_html: El klaster de Elasticsearch no es sano (estado amariyo), es posivle ke keras investigar la razon elasticsearch_preset: action: Ve dokumentasyon + message_html: Tu klaster de Elasticsearch tiene mas ke un nodo, ama Mastodon no esta konfigurado para uzarlos. elasticsearch_preset_single_node: action: Ve dokumentasyon elasticsearch_running_check: @@ -1012,12 +1025,17 @@ lad: auth: apply_for_account: Solisita un kuento captcha_confirmation: + help_html: Si tyenes problemas kon rezolver el CAPTCHA, puedes kontaktarnos en %{email} i podremos ayudarte. + hint_html: Una koza mas! Tenemos ke konfirmar ke eres umano (para evitar spam!). Rezolve el CAPTCHA abasho i klika "Kontinua". title: Kontrolo de sigurita confirmations: + awaiting_review: Tu adreso de posta tiene sido konfirmado! La taifa de %{domain} esta revizando tu enrejistrasyon. Risiviras un meil si acheten tu kuento! awaiting_review_title: Estamos revizando tu enrejistramiento clicking_this_link: klikando en este atadijo login_link: konektate kon kuento proceed_to_login_html: Agora puedes ir a %{login_link}. + redirect_to_app_html: Seras readresado a la aplikasyon %{app_name}. Si esto no afita, aprova %{clicking_this_link} o regresa manualmente a la aplikasyon. + registration_complete: Tu enrejistrasyon en %{domain} ya esta kompletada! welcome_title: Bienvenido, %{name}! wrong_email_hint: Si este adreso de posta es inkorekto, puedes trokarlo en las preferensyas del kuento. delete_account: Efasa kuento @@ -1054,6 +1072,7 @@ lad: rules: accept: Acheta back: Atras + invited_by: 'Puedes adjuntarte a %{domain} grasyas a la envitasyon de:' preamble: Estas son establesidas i aplikadas por los moderadores de %{domain}. preamble_invited: Antes de kontinuar, por favor reviza las reglas del sirvidor establesidas por los moderatores de %{domain}. title: Algunas reglas bazikas. @@ -1078,6 +1097,7 @@ lad: functional: Tu kuento esta kompletamente funksyonal. pending: Tu solisitasyon esta asperando la revizion por muestros administradores. Esto puede tadrar algun tiempo. Arisiviras una posta elektronika si la solisitasyon sea achetada. redirecting_to: Tu kuento se topa inaktivo porke esta siendo readresado a %{acct}. + self_destruct: Deke %{domain} va a serrarse, solo tendras akseso limitado a tu kuento. view_strikes: Ve amonestamientos pasados kontra tu kuento too_fast: Formulario enviado demaziado rapido, aprovalo de muevo. use_security_key: Uza la yave de sigurita @@ -1271,6 +1291,19 @@ lad: merge_long: Manten rejistros egzistentes i adjusta muevos overwrite: Sobreskrive overwrite_long: Mete muevos rejistros en vez de los aktuales + overwrite_preambles: + blocking_html: Estas a punto de substituyir tu lista de blokos por asta %{total_items} kuentos de %{filename}. + bookmarks_html: Estas a punto de substituyir tus markadores por asta %{total_items} publikasyones ke vinyeron de %{filename}. + domain_blocking_html: Estas a punto de substituyir tu lista de blokos de domeno por asta %{total_items} domenos de %{filename}. + following_html: Estas a punto de segir asta %{total_items} kuentos de %{filename} i deshar de segir todos los otros kuentos. + lists_html: Estas a punto de sustituyir tus listas con el kontenido de %{filename}. Asta %{total_items} kuentos seran adjustados a muevas listas. + muting_html: Estas a punto de substituyir tu lista de kuentos silensyados por asta %{total_items} kuentos de %{filename}. + preambles: + blocking_html: Estas a punto de blokar asta %{total_items} kuentos de %{filename}. + bookmarks_html: Estas a punto de adjustar asta %{total_items} publikasyones de %{filename} a tus markadores. + domain_blocking_html: Estas a punto de blokar asta %{total_items} domenos de %{filename}. + following_html: Estas a punto de segir asta %{total_items} kuentos de %{filename}. + muting_html: Estas a punto de silensyar asta %{total_items} kuentos de %{filename}. preface: Puedes importar siertos datos, komo todas las personas a las kualas estas sigiendo o blokando en tu kuento en esta instansya, dizde dosyas eksportadas de otra instansya. recent_imports: Importasyones resyentes states: @@ -1474,7 +1507,9 @@ lad: public_timelines: Linyas de tiempo publikas privacy: privacy: Privasita + reach: Alkanse search: Bushkeda + title: Privasita i alkanse privacy_policy: title: Politika de privasita reactions: @@ -1711,6 +1746,7 @@ lad: action: Preferensyas de kuento explanation: La apelasyon del amonestamiento kontra tu kuento del %{strike_date} ke mandates el %{appeal_date} fue achetada. Tu kuento se topa de muevo en dobro estado. subject: Tu apelasyon del %{date} fue achetada + subtitle: Tu konto de muevo tiene una reputasyon buena. title: Apelasyon achetada appeal_rejected: explanation: La apelasyon del amonestamiento kontra tu kuento del %{strike_date} ke mandates el %{appeal_date} fue refuzada. @@ -1718,6 +1754,7 @@ lad: subtitle: Tu apelasyon fue refuzada. title: Apelasyon refuzada backup_ready: + extra: Agora esta pronto para abashar! subject: Tu dosya esta pronta para abashar title: Abasha dosya suspicious_sign_in: @@ -1773,6 +1810,8 @@ lad: go_to_sso_account_settings: Va a la konfigurasyon de kuento de tu prokurador de identita invalid_otp_token: Kodiche de dos pasos no valido otp_lost_help_html: Si pedriste akseso a los dos, puedes kontaktarte kon %{email} + rate_limited: Demaziadas provas de autentifikasyon, aprova de muevo dempues. + seamless_external_login: Estas konektado por un servisyo eksterno i estonses la konfigurasyon de kod i konto de posta no estan disponivles. signed_in_as: 'Konektado komo:' verification: here_is_how: Ansina es komo @@ -1785,6 +1824,7 @@ lad: success: Tu yave de sigurita fue adjustada kon sukseso. delete: Efasa delete_confirmation: Estas siguro ke keres efasar esta yave de sigurita? + description_html: Si kapasites autentifikasyon kon yave de sigurita, nesesitaras uno de tus yaves de sigurita para konektarte kon tu kuento. destroy: error: Uvo un problem al efasar tu yave de sigurita. Por favor aprova de muevo. success: Tu yave de sigurita fue efasada kon sukseso. diff --git a/config/locales/nl.yml b/config/locales/nl.yml index 9235b99fed..5ffa788a8c 100644 --- a/config/locales/nl.yml +++ b/config/locales/nl.yml @@ -1843,6 +1843,7 @@ nl: go_to_sso_account_settings: Ga naar de accountinstellingen van je identiteitsprovider invalid_otp_token: Ongeldige tweestaps-toegangscode otp_lost_help_html: Als je toegang tot beiden kwijt bent geraakt, neem dan contact op via %{email} + rate_limited: Te veel authenticatiepogingen, probeer het later opnieuw. seamless_external_login: Je bent ingelogd via een externe dienst, daarom zijn wachtwoorden en e-mailinstellingen niet beschikbaar. signed_in_as: 'Ingelogd als:' verification: diff --git a/config/locales/nn.yml b/config/locales/nn.yml index 914ee7fb04..626252be00 100644 --- a/config/locales/nn.yml +++ b/config/locales/nn.yml @@ -1608,6 +1608,7 @@ nn: unknown_browser: Ukjend nettlesar weibo: Weibo current_session: Noverande økt + date: Dato description: "%{browser} på %{platform}" explanation: Desse nettlesarane er logga inn på Mastodon-kontoen din. ip: IP-adresse @@ -1774,14 +1775,19 @@ nn: webauthn: Sikkerhetsnøkler user_mailer: appeal_approved: + action: Kontoinnstillinger explanation: Apellen på prikken mot din kontor på %{strike_date} som du la inn på %{appeal_date} har blitt godkjend. Din konto er nok ein gong i god stand. subject: Din klage fra %{date} er godkjent + subtitle: Kontoen din er tilbake i god stand. title: Anke godkjend appeal_rejected: explanation: Klagen på advarselen mot din konto den %{strike_date} som du sendte inn den %{appeal_date} har blitt avvist. subject: Din klage fra %{date} er avvist + subtitle: Anken din har blitt avvist. title: Anke avvist backup_ready: + explanation: Du etterspurte en fullstendig sikkerhetskopi av din Mastodon-konto. + extra: Den er nå klar for nedlasting! subject: Arkivet ditt er klart til å lastes ned title: Nedlasting av arkiv suspicious_sign_in: @@ -1837,6 +1843,7 @@ nn: go_to_sso_account_settings: Gå til kontoinnstillingane hjå identitetsleverandøren din invalid_otp_token: Ugyldig tostegskode otp_lost_help_html: Hvis du mistet tilgangen til begge deler, kan du komme i kontakt med %{email} + rate_limited: For mange autentiseringsforsøk, prøv igjen seinare. seamless_external_login: Du er logga inn gjennom eit eksternt reiskap, so passord og e-postinstillingar er ikkje tilgjengelege. signed_in_as: 'Logga inn som:' verification: diff --git a/config/locales/no.yml b/config/locales/no.yml index 61cc89181e..d90aa5bab5 100644 --- a/config/locales/no.yml +++ b/config/locales/no.yml @@ -229,7 +229,7 @@ update_status: Oppdater statusen update_user_role: Oppdater rolle actions: - approve_appeal_html: "%{name} godkjente klagen på modereringa fra %{target}" + approve_appeal_html: "%{name} godkjente anken på moderering fra %{target}" approve_user_html: "%{name} godkjente registrering fra %{target}" assigned_to_self_report_html: "%{name} tildelte rapport %{target} til seg selv" change_email_user_html: "%{name} endret e-postadressen til brukeren %{target}" @@ -266,7 +266,7 @@ enable_user_html: "%{name} aktiverte innlogging for bruker %{target}" memorialize_account_html: "%{name} endret %{target}s konto til en minneside" promote_user_html: "%{name} forfremmet bruker %{target}" - reject_appeal_html: "%{name} avviste moderasjonsavgjørelsesklagen fra %{target}" + reject_appeal_html: "%{name} avviste anken på moderering fra %{target}" reject_user_html: "%{name} avslo registrering fra %{target}" remove_avatar_user_html: "%{name} fjernet %{target} sitt profilbilde" reopen_report_html: "%{name} gjenåpnet rapporten %{target}" @@ -372,8 +372,8 @@ website: Nettside disputes: appeals: - empty: Ingen klager funnet. - title: Klager + empty: Ingen anker funnet. + title: Anker domain_allows: add_new: Hvitelist domene created_msg: Domenet har blitt hvitelistet @@ -692,8 +692,8 @@ invite_users_description: Lar brukere invitere nye personer til serveren manage_announcements: Behandle Kunngjøringer manage_announcements_description: Lar brukere endre kunngjøringer på serveren - manage_appeals: Behandle klager - manage_appeals_description: Lar brukere gjennomgå klager mot modereringsaktiviteter + manage_appeals: Behandle anker + manage_appeals_description: Lar brukere gjennomgå anker mot modereringsaktiviteter manage_blocks: Behandle Blokker manage_blocks_description: Lar brukere blokkere e-postleverandører og IP-adresser manage_custom_emojis: Administrer egendefinerte Emojier @@ -829,8 +829,8 @@ sensitive: "%{name} merket %{target}s konto som følsom" silence: "%{name} begrenset %{target}s konto" suspend: "%{name} suspenderte %{target}s konto" - appeal_approved: Klage tatt til følge - appeal_pending: Klage behandles + appeal_approved: Anket + appeal_pending: Anke behandles appeal_rejected: Anke avvist system_checks: database_schema_check: @@ -975,9 +975,9 @@ sensitive: å merke kontoen sin som følsom silence: for å begrense deres konto suspend: for å avslutte kontoen - body: "%{target} klager på en moderasjonsbeslutning av %{action_taken_by} fra %{date}, noe som var %{type}. De skrev:" - next_steps: Du kan godkjenne klagen for å angre på moderasjonsvedtaket eller ignorere det. - subject: "%{username} klager på en moderasjonsbeslutning for %{instance}" + body: "%{target} anker en moderasjonsbeslutning av %{action_taken_by} fra %{date}, noe som var %{type}. De skrev:" + next_steps: Du kan godkjenne anken for å angre på moderasjonsvedtaket eller ignorere det. + subject: "%{username} anker en moderasjonsbeslutning for %{instance}" new_critical_software_updates: body: Nye kritiske versjoner av Mastodon har blitt utgitt, det kan være fordelaktig å oppdatere så snart som mulig! subject: Kritiske Mastodon-oppdateringer er tilgjengelige for %{instance}! @@ -1161,19 +1161,19 @@ disputes: strikes: action_taken: Handling utført - appeal: Klage - appeal_approved: Denne advarselens klage ble tatt til følge og er ikke lenger gyldig - appeal_rejected: Klagen ble avvist - appeal_submitted_at: Klage levert - appealed_msg: Din klage har blitt levert. Du får beskjed om den blir godkjent. + appeal: Anke + appeal_approved: Denne advarselens anke ble tatt til følge og er ikke lenger gyldig + appeal_rejected: Anken ble avvist + appeal_submitted_at: Anke levert + appealed_msg: Anken din har blitt levert. Du får beskjed om den blir godkjent. appeals: - submit: Lever klage - approve_appeal: Godkjenn klage + submit: Lever anke + approve_appeal: Godkjenn anke associated_report: Tilhørende rapport created_at: Datert description_html: Dette er tiltakene mot din konto og advarsler som har blitt sent til deg av %{instance}-personalet. recipient: Adressert til - reject_appeal: Avvis klage + reject_appeal: Avvis anke status: 'Innlegg #%{id}' status_removed: Innlegg allerede fjernet fra systemet title: "%{action} fra %{date}" @@ -1185,9 +1185,9 @@ sensitive: Merking av konto som sensitiv silence: Begrensning av konto suspend: Suspensjon av konto - your_appeal_approved: Din klage har blitt godkjent - your_appeal_pending: Du har levert en klage - your_appeal_rejected: Din klage har blitt avvist + your_appeal_approved: Anken din har blitt godkjent + your_appeal_pending: Du har levert en anke + your_appeal_rejected: Anken din har blitt avvist domain_validator: invalid_domain: er ikke et gyldig domenenavn edit_profile: @@ -1608,6 +1608,7 @@ unknown_browser: Ukjent Nettleser weibo: Weibo current_session: Nåværende økt + date: Dato description: "%{browser} på %{platform}" explanation: Dette er nettlesere som er pålogget på din Mastodon-konto akkurat nå. ip: IP-adresse @@ -1740,7 +1741,7 @@ sensitive_content: Følsomt innhold strikes: errors: - too_late: Det er for sent å klage på denne advarselen + too_late: Det er for sent å anke denne advarselen tags: does_not_match_previous_name: samsvarer ikke med det forrige navnet themes: @@ -1774,14 +1775,19 @@ webauthn: Sikkerhetsnøkler user_mailer: appeal_approved: - explanation: Klagen på advarselen mot din konto den %{strike_date} som du sendte inn den %{appeal_date} har blitt godkjent. Din konto er nok en gang i god stand. - subject: Din klage fra %{date} er godkjent - title: Klage godkjent + action: Kontoinnstillinger + explanation: Anken på advarselen mot din konto den %{strike_date} som du sendte inn den %{appeal_date} har blitt godkjent. Din konto er nok en gang i god stand. + subject: Anken din fra %{date} er godkjent + subtitle: Kontoen din er tilbake i god stand. + title: Anke godkjent appeal_rejected: - explanation: Klagen på advarselen mot din konto den %{strike_date} som du sendte inn den %{appeal_date} har blitt avvist. - subject: Din klage fra %{date} er avvist - title: Klage avvist + explanation: Anken på advarselen mot din konto den %{strike_date} som du sendte inn den %{appeal_date} har blitt avvist. + subject: Anken din fra %{date} er avvist + subtitle: Anken din har blitt avvist. + title: Anke avvist backup_ready: + explanation: Du etterspurte en fullstendig sikkerhetskopi av din Mastodon-konto. + extra: Den er nå klar for nedlasting! subject: Arkivet ditt er klart til å lastes ned title: Nedlasting av arkiv suspicious_sign_in: @@ -1792,8 +1798,8 @@ subject: Din konto ble tatt i bruk fra en ny IP-adresse title: En ny pålogging warning: - appeal: Lever en klage - appeal_description: Hvis du mener dette er feil, kan du sende inn en klage til personalet i %{instance}. + appeal: Lever en anke + appeal_description: Hvis du mener dette er feil, kan du sende inn en anke til personalet i %{instance}. categories: spam: Søppelpost violation: Innholdet bryter følgende retningslinjer for fellesskapet @@ -1837,6 +1843,7 @@ go_to_sso_account_settings: Gå til din identitetsleverandørs kontoinnstillinger invalid_otp_token: Ugyldig to-faktorkode otp_lost_help_html: Hvis du mistet tilgangen til begge deler, kan du komme i kontakt med %{email} + rate_limited: For mange autentiseringsforsøk, prøv igjen senere. seamless_external_login: Du er logget inn via en ekstern tjeneste, så passord og e-post innstillinger er ikke tilgjengelige. signed_in_as: 'Innlogget som:' verification: diff --git a/config/locales/pl.yml b/config/locales/pl.yml index 8a973b71c7..4d8fde8f4f 100644 --- a/config/locales/pl.yml +++ b/config/locales/pl.yml @@ -1907,6 +1907,7 @@ pl: go_to_sso_account_settings: Przejdź do ustawień konta dostawcy tożsamości invalid_otp_token: Kod uwierzytelniający jest niepoprawny otp_lost_help_html: Jeżeli utracisz dostęp do obu, możesz skontaktować się z %{email} + rate_limited: Zbyt wiele prób uwierzytelnienia. Spróbuj ponownie później. seamless_external_login: Zalogowano z użyciem zewnętrznej usługi, więc ustawienia hasła i adresu e-mail nie są dostępne. signed_in_as: 'Zalogowano jako:' verification: diff --git a/config/locales/pt-PT.yml b/config/locales/pt-PT.yml index fc1e3e6367..2e077b37a8 100644 --- a/config/locales/pt-PT.yml +++ b/config/locales/pt-PT.yml @@ -1843,6 +1843,7 @@ pt-PT: go_to_sso_account_settings: Ir para as definições de conta do seu fornecedor de identidade invalid_otp_token: Código de autenticação inválido otp_lost_help_html: Se perdeu o acesso a ambos, pode entrar em contacto com %{email} + rate_limited: Demasiadas tentativas de autenticação, tente novamente mais tarde. seamless_external_login: Tu estás ligado via um serviço externo. Por isso, as configurações da palavra-passe e do e-mail não estão disponíveis. signed_in_as: 'Registado como:' verification: diff --git a/config/locales/simple_form.no.yml b/config/locales/simple_form.no.yml index ca2020e21e..7651792212 100644 --- a/config/locales/simple_form.no.yml +++ b/config/locales/simple_form.no.yml @@ -36,7 +36,7 @@ starts_at: Valgfritt. I tilfellet din kunngjøring er bundet til en spesifikk tidsramme text: Du kan bruke innlegg-syntaks. Vennligst vær oppmerksom på plassen som kunngjøringen vil ta opp på brukeren sin skjerm appeal: - text: Du kan kun klage på en advarsel en gang + text: Du kan kun anke en advarsel en gang defaults: autofollow: Folk som lager en konto gjennom invitasjonen, vil automatisk følge deg avatar: PNG, GIF eller JPG. Maksimalt %{size}. Vil bli nedskalert til %{dimensions}px @@ -282,7 +282,7 @@ sign_up_requires_approval: Begrens påmeldinger severity: Oppføring notification_emails: - appeal: Noen klager på en moderator sin avgjørelse + appeal: Noen anker en moderator sin avgjørelse digest: Send sammendrag på e-post favourite: Send e-post når noen setter din status som favoritt follow: Send e-post når noen følger deg diff --git a/config/locales/sk.yml b/config/locales/sk.yml index fdd64b5bb7..c639bbe1a6 100644 --- a/config/locales/sk.yml +++ b/config/locales/sk.yml @@ -633,6 +633,7 @@ sk: documentation_link: Zisti viac release_notes: Poznámky k vydaniu title: Dostupné aktualizácie + type: Druh types: major: Hlavné vydanie patch: Opravné vydanie - opravy a jednoducho uplatniteľné zmeny @@ -641,6 +642,7 @@ sk: account: Autor application: Aplikácia back_to_account: Späť na účet + back_to_report: Späť na stránku hlásenia batch: remove_from_report: Vymaž z hlásenia report: Hlásenie @@ -730,6 +732,7 @@ sk: new_appeal: actions: none: varovanie + silence: obmedziť ich účet new_pending_account: body: Podrobnosti o novom účte sú uvedené nižšie. Môžeš túto registračnú požiadavku buď prijať, alebo zamietnúť. subject: Nový účet očakáva preverenie na %{instance} (%{username}) @@ -1277,6 +1280,7 @@ sk: follow_limit_reached: Nemôžeš následovať viac ako %{limit} ľudí invalid_otp_token: Neplatný kód pre dvojfaktorovú autentikáciu otp_lost_help_html: Pokiaľ si stratil/a prístup k obom, môžeš dať vedieť %{email} + rate_limited: Príliš veľa pokusov o overenie, skús to znova neskôr. seamless_external_login: Si prihlásená/ý cez externú službu, takže nastavenia hesla a emailu ti niesú prístupné. signed_in_as: 'Prihlásená/ý ako:' verification: diff --git a/config/locales/sl.yml b/config/locales/sl.yml index 1a0afe034f..ba707f49eb 100644 --- a/config/locales/sl.yml +++ b/config/locales/sl.yml @@ -1907,6 +1907,7 @@ sl: go_to_sso_account_settings: Pojdite na nastavitve svojega računa ponudnika identitete invalid_otp_token: Neveljavna dvofaktorska koda otp_lost_help_html: Če ste izgubili dostop do obeh, stopite v stik z %{email} + rate_limited: Preveč poskusov preverjanja pristnosti, poskusite kasneje. seamless_external_login: Prijavljeni ste prek zunanje storitve, tako da nastavitve gesla in e-pošte niso na voljo. signed_in_as: 'Vpisani kot:' verification: diff --git a/config/locales/sr-Latn.yml b/config/locales/sr-Latn.yml index fc1239bedf..39c9f2f873 100644 --- a/config/locales/sr-Latn.yml +++ b/config/locales/sr-Latn.yml @@ -1875,6 +1875,7 @@ sr-Latn: go_to_sso_account_settings: Idite na podešavanja naloga svog dobavljača identiteta invalid_otp_token: Neispravni dvofaktorski kod otp_lost_help_html: Ako izgubite pristup za oba, možete stupiti u kontakt sa %{email} + rate_limited: Previše pokušaja autentifikacije, pokušajte ponovo kasnije. seamless_external_login: Prijavljeni ste putem spoljašnje usluge, tako da lozinka i podešavanja E-pošte nisu dostupni. signed_in_as: 'Prijavljen/a kao:' verification: diff --git a/config/locales/sr.yml b/config/locales/sr.yml index 4e5e58c859..0cf35c14cc 100644 --- a/config/locales/sr.yml +++ b/config/locales/sr.yml @@ -1875,6 +1875,7 @@ sr: go_to_sso_account_settings: Идите на подешавања налога свог добављача идентитета invalid_otp_token: Неисправни двофакторски код otp_lost_help_html: Ако изгубите приступ за оба, можете ступити у контакт са %{email} + rate_limited: Превише покушаја аутентификације, покушајте поново касније. seamless_external_login: Пријављени сте путем спољашње услуге, тако да лозинка и подешавања Е-поште нису доступни. signed_in_as: 'Пријављен/а као:' verification: diff --git a/config/locales/sv.yml b/config/locales/sv.yml index d4657e9743..3a82f29d2f 100644 --- a/config/locales/sv.yml +++ b/config/locales/sv.yml @@ -1842,6 +1842,7 @@ sv: go_to_sso_account_settings: Gå till din identitetsleverantörs kontoinställningar invalid_otp_token: Ogiltig tvåfaktorskod otp_lost_help_html: Om du förlorat åtkomst till båda kan du komma i kontakt med %{email} + rate_limited: För många autentiseringsförsök, försök igen senare. seamless_external_login: Du är inloggad via en extern tjänst, inställningar för lösenord och e-post är därför inte tillgängliga. signed_in_as: 'Inloggad som:' verification: diff --git a/config/locales/th.yml b/config/locales/th.yml index 7bea8f9de8..ac5cfbacf5 100644 --- a/config/locales/th.yml +++ b/config/locales/th.yml @@ -847,7 +847,7 @@ th: message_html: ไม่มีกระบวนการ Sidekiq ที่กำลังทำงานสำหรับคิว %{value} โปรดตรวจทานการกำหนดค่า Sidekiq ของคุณ software_version_critical_check: action: ดูการอัปเดตที่พร้อมใช้งาน - message_html: มีการอัปเดต Mastodon สำคัญพร้อมใช้งาน โปรดอัปเดตโดยเร็วที่สุดเท่าที่จะทำได้ + message_html: มีการอัปเดต Mastodon สำคัญพร้อมใช้งาน โปรดอัปเดตโดยเร็วที่สุดเท่าที่จะเป็นไปได้ software_version_patch_check: action: ดูการอัปเดตที่พร้อมใช้งาน message_html: มีการอัปเดต Mastodon ที่แก้ไขข้อบกพร่องพร้อมใช้งาน @@ -961,7 +961,7 @@ th: next_steps: คุณสามารถอนุมัติการอุทธรณ์เพื่อเลิกทำการตัดสินใจในการควบคุม หรือเพิกเฉยต่อการอุทธรณ์ subject: "%{username} กำลังอุทธรณ์การตัดสินใจในการควบคุมใน %{instance}" new_critical_software_updates: - body: มีการปล่อยรุ่น Mastodon สำคัญใหม่ คุณอาจต้องการอัปเดตโดยเร็วที่สุดเท่าที่จะทำได้! + body: มีการปล่อยรุ่น Mastodon สำคัญใหม่ คุณอาจต้องการอัปเดตโดยเร็วที่สุดเท่าที่จะเป็นไปได้! subject: การอัปเดต Mastodon สำคัญพร้อมใช้งานสำหรับ %{instance}! new_pending_account: body: รายละเอียดของบัญชีใหม่อยู่ด้านล่าง คุณสามารถอนุมัติหรือปฏิเสธใบสมัครนี้ @@ -1582,6 +1582,7 @@ th: unknown_browser: เบราว์เซอร์ที่ไม่รู้จัก weibo: Weibo current_session: เซสชันปัจจุบัน + date: วันที่ description: "%{browser} ใน %{platform}" explanation: นี่คือเว็บเบราว์เซอร์ที่เข้าสู่ระบบบัญชี Mastodon ของคุณในปัจจุบัน ip: IP @@ -1742,14 +1743,19 @@ th: webauthn: กุญแจความปลอดภัย user_mailer: appeal_approved: + action: การตั้งค่าบัญชี explanation: อนุมัติการอุทธรณ์การดำเนินการต่อบัญชีของคุณเมื่อ %{strike_date} ที่คุณได้ส่งเมื่อ %{appeal_date} แล้ว บัญชีของคุณอยู่ในสถานะที่ดีอีกครั้งหนึ่ง subject: อนุมัติการอุทธรณ์ของคุณจาก %{date} แล้ว + subtitle: บัญชีของคุณอยู่ในสถานะที่ดีอีกครั้งหนึ่ง title: อนุมัติการอุทธรณ์แล้ว appeal_rejected: explanation: ปฏิเสธการอุทธรณ์การดำเนินการต่อบัญชีของคุณเมื่อ %{strike_date} ที่คุณได้ส่งเมื่อ %{appeal_date} แล้ว subject: ปฏิเสธการอุทธรณ์ของคุณจาก %{date} แล้ว + subtitle: ปฏิเสธการอุทธรณ์ของคุณแล้ว title: ปฏิเสธการอุทธรณ์แล้ว backup_ready: + explanation: คุณได้ขอข้อมูลสำรองแบบเต็มของบัญชี Mastodon ของคุณ + extra: ตอนนี้ข้อมูลสำรองพร้อมสำหรับการดาวน์โหลดแล้ว! subject: การเก็บถาวรของคุณพร้อมสำหรับการดาวน์โหลดแล้ว title: การส่งออกการเก็บถาวร suspicious_sign_in: @@ -1805,6 +1811,7 @@ th: go_to_sso_account_settings: ไปยังการตั้งค่าบัญชีของผู้ให้บริการข้อมูลประจำตัวของคุณ invalid_otp_token: รหัสสองปัจจัยไม่ถูกต้อง otp_lost_help_html: หากคุณสูญเสียการเข้าถึงทั้งสองอย่าง คุณสามารถติดต่อ %{email} + rate_limited: มีความพยายามในการรับรองความถูกต้องมากเกินไป ลองอีกครั้งในภายหลัง seamless_external_login: คุณได้เข้าสู่ระบบผ่านบริการภายนอก ดังนั้นจึงไม่มีการตั้งค่ารหัสผ่านและอีเมล signed_in_as: 'ลงชื่อเข้าเป็น:' verification: diff --git a/config/locales/tr.yml b/config/locales/tr.yml index 99b5e782ce..3b74c4eaa1 100644 --- a/config/locales/tr.yml +++ b/config/locales/tr.yml @@ -1843,6 +1843,7 @@ tr: go_to_sso_account_settings: Kimlik sağlayıcı hesap ayarlarına gidin invalid_otp_token: Geçersiz iki adımlı doğrulama kodu otp_lost_help_html: Her ikisine de erişiminizi kaybettiyseniz, %{email} ile irtibata geçebilirsiniz + rate_limited: Çok fazla kimlik doğrulama denemesi. Daha sonra tekrar deneyin. seamless_external_login: Harici bir servis aracılığıyla oturum açtınız, bu nedenle parola ve e-posta ayarları mevcut değildir. signed_in_as: 'Oturum açtı:' verification: diff --git a/config/locales/uk.yml b/config/locales/uk.yml index a80fbf1404..40a858d72a 100644 --- a/config/locales/uk.yml +++ b/config/locales/uk.yml @@ -1903,6 +1903,7 @@ uk: go_to_sso_account_settings: Перейдіть до налаштувань облікового запису постачальника ідентифікації invalid_otp_token: Введено неправильний код otp_lost_help_html: Якщо ви втратили доступ до обох, ви можете отримати доступ з %{email} + rate_limited: Занадто багато спроб з'єднання. Спробуйте ще раз пізніше. seamless_external_login: Ви увійшли за допомогою зовнішнього сервісу, тому налаштування паролю та електронної пошти недоступні. signed_in_as: 'Ви увійшли як:' verification: diff --git a/config/locales/vi.yml b/config/locales/vi.yml index dabb73a475..3817b18f07 100644 --- a/config/locales/vi.yml +++ b/config/locales/vi.yml @@ -1811,6 +1811,7 @@ vi: go_to_sso_account_settings: Thiết lập tài khoản nhà cung cấp danh tính invalid_otp_token: Mã xác minh 2 bước không hợp lệ otp_lost_help_html: Nếu bạn mất quyền truy cập vào cả hai, bạn có thể đăng nhập bằng %{email} + rate_limited: Quá nhiều lần thử, vui lòng thử lại sau. seamless_external_login: Bạn đã đăng nhập thông qua một dịch vụ bên ngoài, vì vậy mật khẩu và email không khả dụng. signed_in_as: 'Đăng nhập bằng:' verification: diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml index 6611510b7d..80bb5653ca 100644 --- a/config/locales/zh-CN.yml +++ b/config/locales/zh-CN.yml @@ -1811,6 +1811,7 @@ zh-CN: go_to_sso_account_settings: 转到您的身份提供商进行账户设置 invalid_otp_token: 输入的双因素认证代码无效 otp_lost_help_html: 如果你不慎丢失了所有的代码,请联系 %{email} 寻求帮助 + rate_limited: 验证尝试次数过多,请稍后再试。 seamless_external_login: 因为你是通过外部服务登录的,所以密码和电子邮件地址设置都不可用。 signed_in_as: 当前登录的账户: verification: diff --git a/config/locales/zh-HK.yml b/config/locales/zh-HK.yml index 4b682f9358..ac32c03e95 100644 --- a/config/locales/zh-HK.yml +++ b/config/locales/zh-HK.yml @@ -1811,6 +1811,7 @@ zh-HK: go_to_sso_account_settings: 前往你身份提供者的帳號設定 invalid_otp_token: 雙重認證碼不正確 otp_lost_help_html: 如果這兩者你均無法登入,你可以聯繫 %{email} + rate_limited: 嘗試認證次數太多,請稍後再試。 seamless_external_login: 因為你正在使用第三方服務登入,所以不能設定密碼和電郵。 signed_in_as: 目前登入的帳戶: verification: diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml index dd17de7ef1..6662e44cdc 100644 --- a/config/locales/zh-TW.yml +++ b/config/locales/zh-TW.yml @@ -1813,6 +1813,7 @@ zh-TW: go_to_sso_account_settings: 前往您的身分提供商 (identity provider) 之帳號設定 invalid_otp_token: 兩階段認證碼不正確 otp_lost_help_html: 如果您無法存取這兩者,您可以透過 %{email} 與我們聯繫 + rate_limited: 身份驗證嘗試太多次,請稍後再試。 seamless_external_login: 由於您是由外部系統登入,所以不能設定密碼與電子郵件。 signed_in_as: 目前登入的帳號: verification: diff --git a/config/templates/privacy-policy.md b/config/templates/privacy-policy.md new file mode 100644 index 0000000000..9e042af80a --- /dev/null +++ b/config/templates/privacy-policy.md @@ -0,0 +1,128 @@ +This privacy policy describes how %{domain}s ("%{domain}s", "we", "us") +collects, protects and uses the personally identifiable information you may +provide through the %{domain}s website or its API. The policy also +describes the choices available to you regarding our use of your personal +information and how you can access and update this information. This policy +does not apply to the practices of companies that %{domain}s does not own +or control, or to individuals that %{domain}s does not employ or manage. + +# What information do we collect? + +- **Basic account information**: If you register on this server, you may be + asked to enter a username, an e-mail address and a password. You may also + enter additional profile information such as a display name and biography, and + upload a profile picture and header image. The username, display name, + biography, profile picture and header image are always listed publicly. +- **Posts, following and other public information**: The list of people you + follow is listed publicly, the same is true for your followers. When you + submit a message, the date and time is stored as well as the application you + submitted the message from. Messages may contain media attachments, such as + pictures and videos. Public and unlisted posts are available publicly. When + you feature a post on your profile, that is also publicly available + information. Your posts are delivered to your followers, in some cases it + means they are delivered to different servers and copies are stored there. + When you delete posts, this is likewise delivered to your followers. The + action of reblogging or favouriting another post is always public. +- **Direct and followers-only posts**: All posts are stored and processed on the + server. Followers-only posts are delivered to your followers and users who are + mentioned in them, and direct posts are delivered only to users mentioned in + them. In some cases it means they are delivered to different servers and + copies are stored there. We make a good faith effort to limit the access to + those posts only to authorized persons, but other servers may fail to do so. + Therefore it's important to review servers your followers belong to. You may + toggle an option to approve and reject new followers manually in the settings. + **Please keep in mind that the operators of the server and any receiving + server may view such messages**, and that recipients may screenshot, copy or + otherwise re-share them. **Do not share any sensitive information over + Mastodon.** +- **IPs and other metadata**: When you log in, we record the IP address you log + in from, as well as the name of your browser application. All the logged in + sessions are available for your review and revocation in the settings. The + latest IP address used is stored for up to 12 months. We also may retain + server logs which include the IP address of every request to our server. + +# What do we use your information for? + +Any of the information we collect from you may be used in the following ways: + +- To provide the core functionality of Mastodon. You can only interact with + other people's content and post your own content when you are logged in. For + example, you may follow other people to view their combined posts in your own + personalized home timeline. +- To aid moderation of the community, for example comparing your IP address with + other known ones to determine ban evasion or other violations. +- The email address you provide may be used to send you information, + notifications about other people interacting with your content or sending you + messages, and to respond to inquiries, and/or other requests or questions. + +# How do we protect your information? + +We implement a variety of security measures to maintain the safety of your +personal information when you enter, submit, or access your personal +information. Among other things, your browser session, as well as the traffic +between your applications and the API, are secured with SSL, and your password +is hashed using a strong one-way algorithm. You may enable two-factor +authentication to further secure access to your account. + +# What is our data retention policy? + +We will make a good faith effort to: + +- Retain server logs containing the IP address of all requests to this server, + in so far as such logs are kept, no more than 90 days. +- Retain the IP addresses associated with registered users no more than 12 + months. + +You can request and download an archive of your content, including your posts, +media attachments, profile picture, and header image. + +You may irreversibly delete your account at any time. + +# Do we use cookies? + +Yes. Cookies are small files that a site or its service provider transfers to +your computer's hard drive through your Web browser (if you allow). These +cookies enable the site to recognize your browser and, if you have a registered +account, associate it with your registered account. + +We use cookies to understand and save your preferences for future visits. + +# Do we disclose any information to outside parties? + +We do not sell, trade, or otherwise transfer to outside parties your personally +identifiable information. This does not include trusted third parties who assist +us in operating our site, conducting our business, or servicing you, so long as +those parties agree to keep this information confidential. We may also release +your information when we believe release is appropriate to comply with the law, +enforce our site policies, or protect ours or others rights, property, or +safety. + +Your public content may be downloaded by other servers in the network. Your +public and followers-only posts are delivered to the servers where your +followers reside, and direct messages are delivered to the servers of the +recipients, in so far as those followers or recipients reside on a different +server than this. + +When you authorize an application to use your account, depending on the scope of +permissions you approve, it may access your public profile information, your +following list, your followers, your lists, all your posts, and your favourites. +Applications can never access your e-mail address or password. + +# Site usage by children + +If this server is in the EU or the EEA: Our site, products and services are all +directed to people who are at least 16 years old. If you are under the age of +16, per the requirements of the GDPR (General Data Protection Regulation) do not +use this site. + +If this server is in the USA: Our site, products and services are all directed +to people who are at least 13 years old. If you are under the age of 13, per the +requirements of COPPA (Children's Online Privacy Protection Act) do not use this +site. + +Law requirements can be different if this server is in another jurisdiction. + +--- + +This document is CC-BY-SA. Originally adapted from the [Discourse privacy +policy](https://github.com/discourse/discourse). diff --git a/lib/paperclip/response_with_limit_adapter.rb b/lib/paperclip/response_with_limit_adapter.rb index deb89717a4..ff7a938abb 100644 --- a/lib/paperclip/response_with_limit_adapter.rb +++ b/lib/paperclip/response_with_limit_adapter.rb @@ -16,7 +16,7 @@ module Paperclip private def cache_current_values - @original_filename = filename_from_content_disposition.presence || filename_from_path.presence || 'data' + @original_filename = truncated_filename @tempfile = copy_to_tempfile(@target) @content_type = ContentTypeDetector.new(@tempfile.path).detect @size = File.size(@tempfile) @@ -43,6 +43,13 @@ module Paperclip source.response.connection.close end + def truncated_filename + filename = filename_from_content_disposition.presence || filename_from_path.presence || 'data' + extension = File.extname(filename) + basename = File.basename(filename, extension) + [basename[...20], extension[..4]].compact_blank.join + end + def filename_from_content_disposition disposition = @target.response.headers['content-disposition'] disposition&.match(/filename="([^"]*)"/)&.captures&.first diff --git a/lib/tasks/db.rake b/lib/tasks/db.rake index 3bc526bd21..4208c2ae4b 100644 --- a/lib/tasks/db.rake +++ b/lib/tasks/db.rake @@ -16,8 +16,8 @@ namespace :db do end task pre_migration_check: :environment do - version = ActiveRecord::Base.connection.select_one("SELECT current_setting('server_version_num') AS v")['v'].to_i - abort 'This version of Mastodon requires PostgreSQL 9.5 or newer. Please update PostgreSQL before updating Mastodon' if version < 90_500 + version = ActiveRecord::Base.connection.database_version + abort 'This version of Mastodon requires PostgreSQL 12.0 or newer. Please update PostgreSQL before updating Mastodon.' if version < 120_000 end Rake::Task['db:migrate'].enhance(['db:pre_migration_check']) diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb index e3f2b278bd..b663f55afa 100644 --- a/spec/controllers/auth/sessions_controller_spec.rb +++ b/spec/controllers/auth/sessions_controller_spec.rb @@ -262,6 +262,40 @@ RSpec.describe Auth::SessionsController do end end + context 'when repeatedly using an invalid TOTP code before using a valid code' do + before do + stub_const('Auth::SessionsController::MAX_2FA_ATTEMPTS_PER_HOUR', 2) + + # Travel to the beginning of an hour to avoid crossing rate-limit buckets + travel_to '2023-12-20T10:00:00Z' + end + + it 'does not log the user in' do + Auth::SessionsController::MAX_2FA_ATTEMPTS_PER_HOUR.times do + post :create, params: { user: { otp_attempt: '1234' } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s } + expect(controller.current_user).to be_nil + end + + post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s } + + expect(controller.current_user).to be_nil + expect(flash[:alert]).to match I18n.t('users.rate_limited') + end + + it 'sends a suspicious sign-in mail', :sidekiq_inline do + Auth::SessionsController::MAX_2FA_ATTEMPTS_PER_HOUR.times do + post :create, params: { user: { otp_attempt: '1234' } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s } + expect(controller.current_user).to be_nil + end + + post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s } + + expect(UserMailer.deliveries.size).to eq(1) + expect(UserMailer.deliveries.first.to.first).to eq(user.email) + expect(UserMailer.deliveries.first.subject).to eq(I18n.t('user_mailer.failed_2fa.subject')) + end + end + context 'when using a valid OTP' do before do post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s } diff --git a/spec/mailers/previews/user_mailer_preview.rb b/spec/mailers/previews/user_mailer_preview.rb index 098c9cd901..2722538e1a 100644 --- a/spec/mailers/previews/user_mailer_preview.rb +++ b/spec/mailers/previews/user_mailer_preview.rb @@ -93,4 +93,9 @@ class UserMailerPreview < ActionMailer::Preview def suspicious_sign_in UserMailer.suspicious_sign_in(User.first, '127.0.0.1', 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0', Time.now.utc) end + + # Preview this email at http://localhost:3000/rails/mailers/user_mailer/failed_2fa + def failed_2fa + UserMailer.failed_2fa(User.first, '127.0.0.1', 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0', Time.now.utc) + end end diff --git a/spec/mailers/user_mailer_spec.rb b/spec/mailers/user_mailer_spec.rb index 4a43928248..404b834702 100644 --- a/spec/mailers/user_mailer_spec.rb +++ b/spec/mailers/user_mailer_spec.rb @@ -135,6 +135,24 @@ describe UserMailer do 'user_mailer.suspicious_sign_in.subject' end + describe '#failed_2fa' do + let(:ip) { '192.168.0.1' } + let(:agent) { 'NCSA_Mosaic/2.0 (Windows 3.1)' } + let(:timestamp) { Time.now.utc } + let(:mail) { described_class.failed_2fa(receiver, ip, agent, timestamp) } + + it 'renders failed 2FA notification' do + receiver.update!(locale: nil) + + expect(mail) + .to be_present + .and(have_body_text(I18n.t('user_mailer.failed_2fa.explanation'))) + end + + include_examples 'localized subject', + 'user_mailer.failed_2fa.subject' + end + describe '#appeal_approved' do let(:appeal) { Fabricate(:appeal, account: receiver.account, approved_at: Time.now.utc) } let(:mail) { described_class.appeal_approved(receiver, appeal) } diff --git a/spec/models/account_spec.rb b/spec/models/account_spec.rb index d360d934d6..7ef5ca94cc 100644 --- a/spec/models/account_spec.rb +++ b/spec/models/account_spec.rb @@ -835,6 +835,50 @@ RSpec.describe Account do end describe 'scopes' do + describe 'matches_uri_prefix' do + let!(:alice) { Fabricate :account, domain: 'host.example', uri: 'https://host.example/user/a' } + let!(:bob) { Fabricate :account, domain: 'top-level.example', uri: 'https://top-level.example' } + + it 'returns accounts which start with the value' do + results = described_class.matches_uri_prefix('https://host.example') + + expect(results.size) + .to eq(1) + expect(results) + .to include(alice) + .and not_include(bob) + end + + it 'returns accounts which equal the value' do + results = described_class.matches_uri_prefix('https://top-level.example') + + expect(results.size) + .to eq(1) + expect(results) + .to include(bob) + .and not_include(alice) + end + end + + describe 'auditable' do + let!(:alice) { Fabricate :account } + let!(:bob) { Fabricate :account } + + before do + 2.times { Fabricate :action_log, account: alice } + end + + it 'returns distinct accounts with action log records' do + results = described_class.auditable + + expect(results.size) + .to eq(1) + expect(results) + .to include(alice) + .and not_include(bob) + end + end + describe 'alphabetic' do it 'sorts by alphabetic order of domain and username' do matches = [ diff --git a/spec/controllers/api/v1/accounts/follower_accounts_controller_spec.rb b/spec/requests/api/v1/accounts/follower_accounts_spec.rb similarity index 69% rename from spec/controllers/api/v1/accounts/follower_accounts_controller_spec.rb rename to spec/requests/api/v1/accounts/follower_accounts_spec.rb index 510a47566b..7ff92d6a48 100644 --- a/spec/controllers/api/v1/accounts/follower_accounts_controller_spec.rb +++ b/spec/requests/api/v1/accounts/follower_accounts_spec.rb @@ -2,11 +2,11 @@ require 'rails_helper' -describe Api::V1::Accounts::FollowerAccountsController do - render_views - +describe 'API V1 Accounts FollowerAccounts' do let(:user) { Fabricate(:user) } - let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:accounts') } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } + let(:scopes) { 'read:accounts' } + let(:headers) { { 'Authorization' => "Bearer #{token.token}" } } let(:account) { Fabricate(:account) } let(:alice) { Fabricate(:account) } let(:bob) { Fabricate(:account) } @@ -14,12 +14,11 @@ describe Api::V1::Accounts::FollowerAccountsController do before do alice.follow!(account) bob.follow!(account) - allow(controller).to receive(:doorkeeper_token) { token } end - describe 'GET #index' do + describe 'GET /api/v1/accounts/:acount_id/followers' do it 'returns accounts following the given account', :aggregate_failures do - get :index, params: { account_id: account.id, limit: 2 } + get "/api/v1/accounts/#{account.id}/followers", params: { limit: 2 }, headers: headers expect(response).to have_http_status(200) expect(body_as_json.size).to eq 2 @@ -28,7 +27,7 @@ describe Api::V1::Accounts::FollowerAccountsController do it 'does not return blocked users', :aggregate_failures do user.account.block!(bob) - get :index, params: { account_id: account.id, limit: 2 } + get "/api/v1/accounts/#{account.id}/followers", params: { limit: 2 }, headers: headers expect(response).to have_http_status(200) expect(body_as_json.size).to eq 1 @@ -41,7 +40,7 @@ describe Api::V1::Accounts::FollowerAccountsController do end it 'hides results' do - get :index, params: { account_id: account.id, limit: 2 } + get "/api/v1/accounts/#{account.id}/followers", params: { limit: 2 }, headers: headers expect(body_as_json.size).to eq 0 end end @@ -51,7 +50,7 @@ describe Api::V1::Accounts::FollowerAccountsController do it 'returns all accounts, including muted accounts' do account.mute!(bob) - get :index, params: { account_id: account.id, limit: 2 } + get "/api/v1/accounts/#{account.id}/followers", params: { limit: 2 }, headers: headers expect(body_as_json.size).to eq 2 expect([body_as_json[0][:id], body_as_json[1][:id]]).to contain_exactly(alice.id.to_s, bob.id.to_s) diff --git a/spec/controllers/api/v1/accounts/following_accounts_controller_spec.rb b/spec/requests/api/v1/accounts/following_accounts_spec.rb similarity index 69% rename from spec/controllers/api/v1/accounts/following_accounts_controller_spec.rb rename to spec/requests/api/v1/accounts/following_accounts_spec.rb index a7d07a6bec..b343a48654 100644 --- a/spec/controllers/api/v1/accounts/following_accounts_controller_spec.rb +++ b/spec/requests/api/v1/accounts/following_accounts_spec.rb @@ -2,11 +2,11 @@ require 'rails_helper' -describe Api::V1::Accounts::FollowingAccountsController do - render_views - +describe 'API V1 Accounts FollowingAccounts' do let(:user) { Fabricate(:user) } - let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read:accounts') } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } + let(:scopes) { 'read:accounts' } + let(:headers) { { 'Authorization' => "Bearer #{token.token}" } } let(:account) { Fabricate(:account) } let(:alice) { Fabricate(:account) } let(:bob) { Fabricate(:account) } @@ -14,12 +14,11 @@ describe Api::V1::Accounts::FollowingAccountsController do before do account.follow!(alice) account.follow!(bob) - allow(controller).to receive(:doorkeeper_token) { token } end - describe 'GET #index' do + describe 'GET /api/v1/accounts/:account_id/following' do it 'returns accounts followed by the given account', :aggregate_failures do - get :index, params: { account_id: account.id, limit: 2 } + get "/api/v1/accounts/#{account.id}/following", params: { limit: 2 }, headers: headers expect(response).to have_http_status(200) expect(body_as_json.size).to eq 2 @@ -28,7 +27,7 @@ describe Api::V1::Accounts::FollowingAccountsController do it 'does not return blocked users', :aggregate_failures do user.account.block!(bob) - get :index, params: { account_id: account.id, limit: 2 } + get "/api/v1/accounts/#{account.id}/following", params: { limit: 2 }, headers: headers expect(response).to have_http_status(200) expect(body_as_json.size).to eq 1 @@ -41,7 +40,7 @@ describe Api::V1::Accounts::FollowingAccountsController do end it 'hides results' do - get :index, params: { account_id: account.id, limit: 2 } + get "/api/v1/accounts/#{account.id}/following", params: { limit: 2 }, headers: headers expect(body_as_json.size).to eq 0 end end @@ -51,7 +50,7 @@ describe Api::V1::Accounts::FollowingAccountsController do it 'returns all accounts, including muted accounts' do account.mute!(bob) - get :index, params: { account_id: account.id, limit: 2 } + get "/api/v1/accounts/#{account.id}/following", params: { limit: 2 }, headers: headers expect(body_as_json.size).to eq 2 expect([body_as_json[0][:id], body_as_json[1][:id]]).to contain_exactly(alice.id.to_s, bob.id.to_s) diff --git a/spec/controllers/api/v1/statuses/favourited_by_accounts_controller_spec.rb b/spec/requests/api/v1/statuses/favourited_by_accounts_spec.rb similarity index 52% rename from spec/controllers/api/v1/statuses/favourited_by_accounts_controller_spec.rb rename to spec/requests/api/v1/statuses/favourited_by_accounts_spec.rb index 01816743e5..44296f4c37 100644 --- a/spec/controllers/api/v1/statuses/favourited_by_accounts_controller_spec.rb +++ b/spec/requests/api/v1/statuses/favourited_by_accounts_spec.rb @@ -2,21 +2,21 @@ require 'rails_helper' -RSpec.describe Api::V1::Statuses::FavouritedByAccountsController do - render_views - - let(:user) { Fabricate(:user) } - let(:app) { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') } - let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, application: app, scopes: 'read:accounts') } +RSpec.describe 'API V1 Statuses Favourited by Accounts' do + let(:user) { Fabricate(:user) } + let(:scopes) { 'read:accounts' } + # let(:app) { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } + let(:headers) { { 'Authorization' => "Bearer #{token.token}" } } let(:alice) { Fabricate(:account) } let(:bob) { Fabricate(:account) } context 'with an oauth token' do - before do - allow(controller).to receive(:doorkeeper_token) { token } + subject do + get "/api/v1/statuses/#{status.id}/favourited_by", headers: headers, params: { limit: 2 } end - describe 'GET #index' do + describe 'GET /api/v1/statuses/:status_id/favourited_by' do let(:status) { Fabricate(:status, account: user.account) } before do @@ -24,30 +24,38 @@ RSpec.describe Api::V1::Statuses::FavouritedByAccountsController do Favourite.create!(account: bob, status: status) end - it 'returns http success' do - get :index, params: { status_id: status.id, limit: 2 } - expect(response).to have_http_status(200) - expect(response.headers['Link'].links.size).to eq(2) - end + it 'returns http success and accounts who favourited the status' do + subject - it 'returns accounts who favorited the status' do - get :index, params: { status_id: status.id, limit: 2 } - expect(body_as_json.size).to eq 2 - expect([body_as_json[0][:id], body_as_json[1][:id]]).to contain_exactly(alice.id.to_s, bob.id.to_s) + expect(response) + .to have_http_status(200) + expect(response.headers['Link'].links.size) + .to eq(2) + + expect(body_as_json.size) + .to eq(2) + expect(body_as_json) + .to contain_exactly( + include(id: alice.id.to_s), + include(id: bob.id.to_s) + ) end it 'does not return blocked users' do user.account.block!(bob) - get :index, params: { status_id: status.id, limit: 2 } - expect(body_as_json.size).to eq 1 - expect(body_as_json[0][:id]).to eq alice.id.to_s + + subject + + expect(body_as_json.size) + .to eq 1 + expect(body_as_json.first[:id]).to eq(alice.id.to_s) end end end context 'without an oauth token' do - before do - allow(controller).to receive(:doorkeeper_token).and_return(nil) + subject do + get "/api/v1/statuses/#{status.id}/favourited_by", params: { limit: 2 } end context 'with a private status' do @@ -59,7 +67,8 @@ RSpec.describe Api::V1::Statuses::FavouritedByAccountsController do end it 'returns http unauthorized' do - get :index, params: { status_id: status.id } + subject + expect(response).to have_http_status(404) end end @@ -74,7 +83,8 @@ RSpec.describe Api::V1::Statuses::FavouritedByAccountsController do end it 'returns http success' do - get :index, params: { status_id: status.id } + subject + expect(response).to have_http_status(200) end end diff --git a/spec/controllers/api/v1/statuses/reblogged_by_accounts_controller_spec.rb b/spec/requests/api/v1/statuses/reblogged_by_accounts_spec.rb similarity index 57% rename from spec/controllers/api/v1/statuses/reblogged_by_accounts_controller_spec.rb rename to spec/requests/api/v1/statuses/reblogged_by_accounts_spec.rb index 0d15cca75c..6f99ce9464 100644 --- a/spec/controllers/api/v1/statuses/reblogged_by_accounts_controller_spec.rb +++ b/spec/requests/api/v1/statuses/reblogged_by_accounts_spec.rb @@ -2,21 +2,20 @@ require 'rails_helper' -RSpec.describe Api::V1::Statuses::RebloggedByAccountsController do - render_views - - let(:user) { Fabricate(:user) } - let(:app) { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') } - let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, application: app, scopes: 'read:accounts') } +RSpec.describe 'API V1 Statuses Reblogged by Accounts' do + let(:user) { Fabricate(:user) } + let(:scopes) { 'read:accounts' } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } + let(:headers) { { 'Authorization' => "Bearer #{token.token}" } } let(:alice) { Fabricate(:account) } let(:bob) { Fabricate(:account) } context 'with an oauth token' do - before do - allow(controller).to receive(:doorkeeper_token) { token } + subject do + get "/api/v1/statuses/#{status.id}/reblogged_by", headers: headers, params: { limit: 2 } end - describe 'GET #index' do + describe 'GET /api/v1/statuses/:status_id/reblogged_by' do let(:status) { Fabricate(:status, account: user.account) } before do @@ -25,27 +24,37 @@ RSpec.describe Api::V1::Statuses::RebloggedByAccountsController do end it 'returns accounts who reblogged the status', :aggregate_failures do - get :index, params: { status_id: status.id, limit: 2 } + subject - expect(response).to have_http_status(200) - expect(response.headers['Link'].links.size).to eq(2) + expect(response) + .to have_http_status(200) + expect(response.headers['Link'].links.size) + .to eq(2) - expect(body_as_json.size).to eq 2 - expect([body_as_json[0][:id], body_as_json[1][:id]]).to contain_exactly(alice.id.to_s, bob.id.to_s) + expect(body_as_json.size) + .to eq(2) + expect(body_as_json) + .to contain_exactly( + include(id: alice.id.to_s), + include(id: bob.id.to_s) + ) end it 'does not return blocked users' do user.account.block!(bob) - get :index, params: { status_id: status.id, limit: 2 } - expect(body_as_json.size).to eq 1 - expect(body_as_json[0][:id]).to eq alice.id.to_s + + subject + + expect(body_as_json.size) + .to eq 1 + expect(body_as_json.first[:id]).to eq(alice.id.to_s) end end end context 'without an oauth token' do - before do - allow(controller).to receive(:doorkeeper_token).and_return(nil) + subject do + get "/api/v1/statuses/#{status.id}/reblogged_by", params: { limit: 2 } end context 'with a private status' do @@ -57,7 +66,8 @@ RSpec.describe Api::V1::Statuses::RebloggedByAccountsController do end it 'returns http unauthorized' do - get :index, params: { status_id: status.id } + subject + expect(response).to have_http_status(404) end end @@ -72,7 +82,8 @@ RSpec.describe Api::V1::Statuses::RebloggedByAccountsController do end it 'returns http success' do - get :index, params: { status_id: status.id } + subject + expect(response).to have_http_status(200) end end diff --git a/spec/services/activitypub/fetch_featured_collection_service_spec.rb b/spec/services/activitypub/fetch_featured_collection_service_spec.rb index a98108cea3..b9e95b825f 100644 --- a/spec/services/activitypub/fetch_featured_collection_service_spec.rb +++ b/spec/services/activitypub/fetch_featured_collection_service_spec.rb @@ -31,7 +31,7 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do } end - let(:status_json_pinned_unknown_unreachable) do + let(:status_json_pinned_unknown_reachable) do { '@context': 'https://www.w3.org/ns/activitystreams', type: 'Note', @@ -75,7 +75,7 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do stub_request(:get, 'https://example.com/account/pinned/known').to_return(status: 200, body: Oj.dump(status_json_pinned_known)) stub_request(:get, 'https://example.com/account/pinned/unknown-inlined').to_return(status: 200, body: Oj.dump(status_json_pinned_unknown_inlined)) stub_request(:get, 'https://example.com/account/pinned/unknown-unreachable').to_return(status: 404) - stub_request(:get, 'https://example.com/account/pinned/unknown-reachable').to_return(status: 200, body: Oj.dump(status_json_pinned_unknown_unreachable)) + stub_request(:get, 'https://example.com/account/pinned/unknown-reachable').to_return(status: 200, body: Oj.dump(status_json_pinned_unknown_reachable)) stub_request(:get, 'https://example.com/account/collections/featured').to_return(status: 200, body: Oj.dump(featured_with_null)) subject.call(actor, note: true, hashtag: false) @@ -115,6 +115,21 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do end it_behaves_like 'sets pinned posts' + + context 'when there is a single item, with the array compacted away' do + let(:items) { 'https://example.com/account/pinned/unknown-reachable' } + + before do + stub_request(:get, 'https://example.com/account/pinned/unknown-reachable').to_return(status: 200, body: Oj.dump(status_json_pinned_unknown_reachable)) + subject.call(actor, note: true, hashtag: false) + end + + it 'sets expected posts as pinned posts' do + expect(actor.pinned_statuses.pluck(:uri)).to contain_exactly( + 'https://example.com/account/pinned/unknown-reachable' + ) + end + end end context 'when the endpoint is a paginated Collection' do @@ -136,6 +151,21 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do end it_behaves_like 'sets pinned posts' + + context 'when there is a single item, with the array compacted away' do + let(:items) { 'https://example.com/account/pinned/unknown-reachable' } + + before do + stub_request(:get, 'https://example.com/account/pinned/unknown-reachable').to_return(status: 200, body: Oj.dump(status_json_pinned_unknown_reachable)) + subject.call(actor, note: true, hashtag: false) + end + + it 'sets expected posts as pinned posts' do + expect(actor.pinned_statuses.pluck(:uri)).to contain_exactly( + 'https://example.com/account/pinned/unknown-reachable' + ) + end + end end end end diff --git a/spec/services/activitypub/fetch_replies_service_spec.rb b/spec/services/activitypub/fetch_replies_service_spec.rb index d7716dd4ef..a76b996c20 100644 --- a/spec/services/activitypub/fetch_replies_service_spec.rb +++ b/spec/services/activitypub/fetch_replies_service_spec.rb @@ -34,6 +34,18 @@ RSpec.describe ActivityPub::FetchRepliesService, type: :service do describe '#call' do context 'when the payload is a Collection with inlined replies' do + context 'when there is a single reply, with the array compacted away' do + let(:items) { 'http://example.com/self-reply-1' } + + it 'queues the expected worker' do + allow(FetchReplyWorker).to receive(:push_bulk) + + subject.call(status, payload) + + expect(FetchReplyWorker).to have_received(:push_bulk).with(['http://example.com/self-reply-1']) + end + end + context 'when passing the collection itself' do it 'spawns workers for up to 5 replies on the same server' do allow(FetchReplyWorker).to receive(:push_bulk) diff --git a/streaming/.eslintrc.js b/streaming/.eslintrc.js index 5e2d233c68..188ebb512d 100644 --- a/streaming/.eslintrc.js +++ b/streaming/.eslintrc.js @@ -15,7 +15,18 @@ module.exports = defineConfig({ ecmaVersion: 2021, }, rules: { + // In the streaming server we need to delete some variables to ensure + // garbage collection takes place on the values referenced by those objects; + // The alternative is to declare the variable as nullable, but then we need + // to assert it's in existence before every use, which becomes much harder + // to maintain. + 'no-delete-var': 'off', + + // The streaming server is written in commonjs, not ESM for now: 'import/no-commonjs': 'off', + + // This overrides the base configuration for this rule to pick up + // dependencies for the streaming server from the correct package.json file. 'import/no-extraneous-dependencies': [ 'error', { diff --git a/streaming/index.js b/streaming/index.js index 0c234fa0c5..0d7bf2fc81 100644 --- a/streaming/index.js +++ b/streaming/index.js @@ -10,14 +10,13 @@ const dotenv = require('dotenv'); const express = require('express'); const Redis = require('ioredis'); const { JSDOM } = require('jsdom'); -const log = require('npmlog'); const pg = require('pg'); const dbUrlToConfig = require('pg-connection-string').parse; -const uuid = require('uuid'); const WebSocket = require('ws'); +const { logger, httpLogger, initializeLogLevel, attachWebsocketHttpLogger, createWebsocketLogger } = require('./logging'); const { setupMetrics } = require('./metrics'); -const { isTruthy } = require("./utils"); +const { isTruthy, normalizeHashtag, firstParam } = require("./utils"); const environment = process.env.NODE_ENV || 'development'; @@ -28,15 +27,30 @@ dotenv.config({ path: path.resolve(__dirname, path.join('..', dotenvFile)) }); -log.level = process.env.LOG_LEVEL || 'verbose'; +initializeLogLevel(process.env, environment); + +/** + * Declares the result type for accountFromToken / accountFromRequest. + * + * Note: This is here because jsdoc doesn't like importing types that + * are nested in functions + * @typedef ResolvedAccount + * @property {string} accessTokenId + * @property {string[]} scopes + * @property {string} accountId + * @property {string[]} chosenLanguages + * @property {string} deviceId + */ /** * @param {Object.} config */ const createRedisClient = async (config) => { const { redisParams, redisUrl } = config; + // @ts-ignore const client = new Redis(redisUrl, redisParams); - client.on('error', (err) => log.error('Redis Client Error!', err)); + // @ts-ignore + client.on('error', (err) => logger.error({ err }, 'Redis Client Error!')); return client; }; @@ -61,12 +75,12 @@ const parseJSON = (json, req) => { */ if (req) { if (req.accountId) { - log.warn(req.requestId, `Error parsing message from user ${req.accountId}: ${err}`); + req.log.error({ err }, `Error parsing message from user ${req.accountId}`); } else { - log.silly(req.requestId, `Error parsing message from ${req.remoteAddress}: ${err}`); + req.log.error({ err }, `Error parsing message from ${req.remoteAddress}`); } } else { - log.warn(`Error parsing message from redis: ${err}`); + logger.error({ err }, `Error parsing message from redis`); } return null; } @@ -105,6 +119,7 @@ const pgConfigFromEnv = (env) => { baseConfig.password = env.DB_PASS; } } else { + // @ts-ignore baseConfig = pgConfigs[environment]; if (env.DB_SSLMODE) { @@ -149,6 +164,7 @@ const redisConfigFromEnv = (env) => { // redisParams.path takes precedence over host and port. if (env.REDIS_URL && env.REDIS_URL.startsWith('unix://')) { + // @ts-ignore redisParams.path = env.REDIS_URL.slice(7); } @@ -195,6 +211,7 @@ const startServer = async () => { app.set('trust proxy', process.env.TRUSTED_PROXY_IP ? process.env.TRUSTED_PROXY_IP.split(/(?:\s*,\s*|\s+)/) : 'loopback,uniquelocal'); + app.use(httpLogger); app.use(cors()); // Handle eventsource & other http requests: @@ -202,32 +219,37 @@ const startServer = async () => { // Handle upgrade requests: server.on('upgrade', async function handleUpgrade(request, socket, head) { + // Setup the HTTP logger, since websocket upgrades don't get the usual http + // logger. This decorates the `request` object. + attachWebsocketHttpLogger(request); + + request.log.info("HTTP Upgrade Requested"); + /** @param {Error} err */ const onSocketError = (err) => { - log.error(`Error with websocket upgrade: ${err}`); + request.log.error({ error: err }, err.message); }; socket.on('error', onSocketError); - // Authenticate: - try { - await accountFromRequest(request); - } catch (err) { - log.error(`Error authenticating request: ${err}`); + /** @type {ResolvedAccount} */ + let resolvedAccount; + try { + resolvedAccount = await accountFromRequest(request); + } catch (err) { // Unfortunately for using the on('upgrade') setup, we need to manually // write a HTTP Response to the Socket to close the connection upgrade // attempt, so the following code is to handle all of that. const statusCode = err.status ?? 401; - /** @type {Record} */ + /** @type {Record} */ const headers = { 'Connection': 'close', 'Content-Type': 'text/plain', 'Content-Length': 0, 'X-Request-Id': request.id, - // TODO: Send the error message via header so it can be debugged in - // developer tools + 'X-Error-Message': err.status ? err.toString() : 'An unexpected error occurred' }; // Ensure the socket is closed once we've finished writing to it: @@ -238,15 +260,28 @@ const startServer = async () => { // Write the HTTP response manually: socket.end(`HTTP/1.1 ${statusCode} ${http.STATUS_CODES[statusCode]}\r\n${Object.keys(headers).map((key) => `${key}: ${headers[key]}`).join('\r\n')}\r\n\r\n`); + // Finally, log the error: + request.log.error({ + err, + res: { + statusCode, + headers + } + }, err.toString()); + return; } + // Remove the error handler, wss.handleUpgrade has its own: + socket.removeListener('error', onSocketError); + wss.handleUpgrade(request, socket, head, function done(ws) { - // Remove the error handler: - socket.removeListener('error', onSocketError); + request.log.info("Authenticated request & upgraded to WebSocket connection"); + + const wsLogger = createWebsocketLogger(request, resolvedAccount); // Start the connection: - wss.emit('connection', ws, request); + wss.emit('connection', ws, request, wsLogger); }); }); @@ -273,9 +308,9 @@ const startServer = async () => { // When checking metrics in the browser, the favicon is requested this // prevents the request from falling through to the API Router, which would // error for this endpoint: - app.get('/favicon.ico', (req, res) => res.status(404).end()); + app.get('/favicon.ico', (_req, res) => res.status(404).end()); - app.get('/api/v1/streaming/health', (req, res) => { + app.get('/api/v1/streaming/health', (_req, res) => { res.writeHead(200, { 'Content-Type': 'text/plain' }); res.end('OK'); }); @@ -285,7 +320,7 @@ const startServer = async () => { res.set('Content-Type', metrics.register.contentType); res.end(await metrics.register.metrics()); } catch (ex) { - log.error(ex); + req.log.error(ex); res.status(500).end(); } }); @@ -319,7 +354,7 @@ const startServer = async () => { const callbacks = subs[channel]; - log.silly(`New message on channel ${redisPrefix}${channel}`); + logger.debug(`New message on channel ${redisPrefix}${channel}`); if (!callbacks) { return; @@ -343,17 +378,16 @@ const startServer = async () => { * @param {SubscriptionListener} callback */ const subscribe = (channel, callback) => { - log.silly(`Adding listener for ${channel}`); + logger.debug(`Adding listener for ${channel}`); subs[channel] = subs[channel] || []; if (subs[channel].length === 0) { - log.verbose(`Subscribe ${channel}`); + logger.debug(`Subscribe ${channel}`); redisSubscribeClient.subscribe(channel, (err, count) => { if (err) { - log.error(`Error subscribing to ${channel}`); - } - else { + logger.error(`Error subscribing to ${channel}`); + } else if (typeof count === 'number') { redisSubscriptions.set(count); } }); @@ -367,7 +401,7 @@ const startServer = async () => { * @param {SubscriptionListener} callback */ const unsubscribe = (channel, callback) => { - log.silly(`Removing listener for ${channel}`); + logger.debug(`Removing listener for ${channel}`); if (!subs[channel]) { return; @@ -376,12 +410,11 @@ const startServer = async () => { subs[channel] = subs[channel].filter(item => item !== callback); if (subs[channel].length === 0) { - log.verbose(`Unsubscribe ${channel}`); + logger.debug(`Unsubscribe ${channel}`); redisSubscribeClient.unsubscribe(channel, (err, count) => { if (err) { - log.error(`Error unsubscribing to ${channel}`); - } - else { + logger.error(`Error unsubscribing to ${channel}`); + } else if (typeof count === 'number') { redisSubscriptions.set(count); } }); @@ -390,45 +423,13 @@ const startServer = async () => { }; /** - * @param {any} req - * @param {any} res - * @param {function(Error=): void} next - */ - const setRequestId = (req, res, next) => { - req.requestId = uuid.v4(); - res.header('X-Request-Id', req.requestId); - - next(); - }; - - /** - * @param {any} req - * @param {any} res - * @param {function(Error=): void} next - */ - const setRemoteAddress = (req, res, next) => { - req.remoteAddress = req.connection.remoteAddress; - - next(); - }; - - /** - * @param {any} req + * @param {http.IncomingMessage & ResolvedAccount} req * @param {string[]} necessaryScopes * @returns {boolean} */ const isInScope = (req, necessaryScopes) => req.scopes.some(scope => necessaryScopes.includes(scope)); - /** - * @typedef ResolvedAccount - * @property {string} accessTokenId - * @property {string[]} scopes - * @property {string} accountId - * @property {string[]} chosenLanguages - * @property {string} deviceId - */ - /** * @param {string} token * @param {any} req @@ -441,6 +442,7 @@ const startServer = async () => { return; } + // @ts-ignore client.query('SELECT oauth_access_tokens.id, oauth_access_tokens.resource_owner_id, users.account_id, users.chosen_languages, oauth_access_tokens.scopes, devices.device_id FROM oauth_access_tokens INNER JOIN users ON oauth_access_tokens.resource_owner_id = users.id LEFT OUTER JOIN devices ON oauth_access_tokens.id = devices.access_token_id WHERE oauth_access_tokens.token = $1 AND oauth_access_tokens.revoked_at IS NULL LIMIT 1', [token], (err, result) => { done(); @@ -451,6 +453,7 @@ const startServer = async () => { if (result.rows.length === 0) { err = new Error('Invalid access token'); + // @ts-ignore err.status = 401; reject(err); @@ -485,6 +488,7 @@ const startServer = async () => { if (!authorization && !accessToken) { const err = new Error('Missing access token'); + // @ts-ignore err.status = 401; reject(err); @@ -529,15 +533,16 @@ const startServer = async () => { }; /** - * @param {any} req + * @param {http.IncomingMessage & ResolvedAccount} req + * @param {import('pino').Logger} logger * @param {string|undefined} channelName * @returns {Promise.} */ - const checkScopes = (req, channelName) => new Promise((resolve, reject) => { - log.silly(req.requestId, `Checking OAuth scopes for ${channelName}`); + const checkScopes = (req, logger, channelName) => new Promise((resolve, reject) => { + logger.debug(`Checking OAuth scopes for ${channelName}`); // When accessing public channels, no scopes are needed - if (PUBLIC_CHANNELS.includes(channelName)) { + if (channelName && PUBLIC_CHANNELS.includes(channelName)) { resolve(); return; } @@ -564,6 +569,7 @@ const startServer = async () => { } const err = new Error('Access token does not cover required scopes'); + // @ts-ignore err.status = 401; reject(err); @@ -577,38 +583,40 @@ const startServer = async () => { /** * @param {any} req * @param {SystemMessageHandlers} eventHandlers - * @returns {function(object): void} + * @returns {SubscriptionListener} */ const createSystemMessageListener = (req, eventHandlers) => { return message => { + if (!message?.event) { + return; + } + const { event } = message; - log.silly(req.requestId, `System message for ${req.accountId}: ${event}`); + req.log.debug(`System message for ${req.accountId}: ${event}`); if (event === 'kill') { - log.verbose(req.requestId, `Closing connection for ${req.accountId} due to expired access token`); + req.log.debug(`Closing connection for ${req.accountId} due to expired access token`); eventHandlers.onKill(); } else if (event === 'filters_changed') { - log.verbose(req.requestId, `Invalidating filters cache for ${req.accountId}`); + req.log.debug(`Invalidating filters cache for ${req.accountId}`); req.cachedFilters = null; } }; }; /** - * @param {any} req - * @param {any} res + * @param {http.IncomingMessage & ResolvedAccount} req + * @param {http.OutgoingMessage} res */ const subscribeHttpToSystemChannel = (req, res) => { const accessTokenChannelId = `timeline:access_token:${req.accessTokenId}`; const systemChannelId = `timeline:system:${req.accountId}`; const listener = createSystemMessageListener(req, { - onKill() { res.end(); }, - }); res.on('close', () => { @@ -641,13 +649,14 @@ const startServer = async () => { // the connection, as there's nothing to stream back if (!channelName) { const err = new Error('Unknown channel requested'); + // @ts-ignore err.status = 400; next(err); return; } - accountFromRequest(req).then(() => checkScopes(req, channelName)).then(() => { + accountFromRequest(req).then(() => checkScopes(req, req.log, channelName)).then(() => { subscribeHttpToSystemChannel(req, res); }).then(() => { next(); @@ -663,22 +672,28 @@ const startServer = async () => { * @param {function(Error=): void} next */ const errorMiddleware = (err, req, res, next) => { - log.error(req.requestId, err.toString()); + req.log.error({ err }, err.toString()); if (res.headersSent) { next(err); return; } - res.writeHead(err.status || 500, { 'Content-Type': 'application/json' }); - res.end(JSON.stringify({ error: err.status ? err.toString() : 'An unexpected error occurred' })); + const hasStatusCode = Object.hasOwnProperty.call(err, 'status'); + // @ts-ignore + const statusCode = hasStatusCode ? err.status : 500; + const errorMessage = hasStatusCode ? err.toString() : 'An unexpected error occurred'; + + res.writeHead(statusCode, { 'Content-Type': 'application/json' }); + res.end(JSON.stringify({ error: errorMessage })); }; /** - * @param {array} arr + * @param {any[]} arr * @param {number=} shift * @returns {string} */ + // @ts-ignore const placeholders = (arr, shift = 0) => arr.map((_, i) => `$${i + 1 + shift}`).join(', '); /** @@ -695,6 +710,7 @@ const startServer = async () => { return; } + // @ts-ignore client.query('SELECT id, account_id FROM lists WHERE id = $1 LIMIT 1', [listId], (err, result) => { done(); @@ -709,8 +725,9 @@ const startServer = async () => { }); /** - * @param {string[]} ids - * @param {any} req + * @param {string[]} channelIds + * @param {http.IncomingMessage & ResolvedAccount} req + * @param {import('pino').Logger} log * @param {function(string, string): void} output * @param {undefined | function(string[], SubscriptionListener): void} attachCloseHandler * @param {'websocket' | 'eventsource'} destinationType @@ -718,26 +735,34 @@ const startServer = async () => { * @param {boolean=} allowLocalOnly * @returns {SubscriptionListener} */ - const streamFrom = (ids, req, output, attachCloseHandler, destinationType, needsFiltering = false, allowLocalOnly = false) => { - const accountId = req.accountId || req.remoteAddress; - - log.verbose(req.requestId, `Starting stream from ${ids.join(', ')} for ${accountId}`); + const streamFrom = (channelIds, req, log, output, attachCloseHandler, destinationType, needsFiltering = false, allowLocalOnly = false) => { + log.info({ channelIds }, `Starting stream`); + /** + * @param {string} event + * @param {object|string} payload + */ const transmit = (event, payload) => { // TODO: Replace "string"-based delete payloads with object payloads: const encodedPayload = typeof payload === 'object' ? JSON.stringify(payload) : payload; messagesSent.labels({ type: destinationType }).inc(1); - log.silly(req.requestId, `Transmitting for ${accountId}: ${event} ${encodedPayload}`); + log.debug({ event, payload }, `Transmitting ${event} to ${req.accountId}`); + output(event, encodedPayload); }; // The listener used to process each message off the redis subscription, // message here is an object with an `event` and `payload` property. Some // events also include a queued_at value, but this is being removed shortly. + /** @type {SubscriptionListener} */ const listener = message => { + if (!message?.event || !message?.payload) { + return; + } + const { event, payload } = message; // Only send local-only statuses to logged-in users @@ -766,7 +791,7 @@ const startServer = async () => { // Filter based on language: if (Array.isArray(req.chosenLanguages) && payload.language !== null && req.chosenLanguages.indexOf(payload.language) === -1) { - log.silly(req.requestId, `Message ${payload.id} filtered by language (${payload.language})`); + log.debug(`Message ${payload.id} filtered by language (${payload.language})`); return; } @@ -777,6 +802,7 @@ const startServer = async () => { } // Filter based on domain blocks, blocks, mutes, or custom filters: + // @ts-ignore const targetAccountIds = [payload.account.id].concat(payload.mentions.map(item => item.id)); const accountDomain = payload.account.acct.split('@')[1]; @@ -788,6 +814,7 @@ const startServer = async () => { } const queries = [ + // @ts-ignore client.query(`SELECT 1 FROM blocks WHERE (account_id = $1 AND target_account_id IN (${placeholders(targetAccountIds, 2)})) @@ -800,10 +827,13 @@ const startServer = async () => { ]; if (accountDomain) { + // @ts-ignore queries.push(client.query('SELECT 1 FROM account_domain_blocks WHERE account_id = $1 AND domain = $2', [req.accountId, accountDomain])); } + // @ts-ignore if (!payload.filtered && !req.cachedFilters) { + // @ts-ignore queries.push(client.query('SELECT filter.id AS id, filter.phrase AS title, filter.context AS context, filter.expires_at AS expires_at, filter.action AS filter_action, keyword.keyword AS keyword, keyword.whole_word AS whole_word FROM custom_filter_keywords keyword JOIN custom_filters filter ON keyword.custom_filter_id = filter.id WHERE filter.account_id = $1 AND (filter.expires_at IS NULL OR filter.expires_at > NOW())', [req.accountId])); } @@ -826,9 +856,11 @@ const startServer = async () => { // Handling for constructing the custom filters and caching them on the request // TODO: Move this logic out of the message handling lifecycle + // @ts-ignore if (!req.cachedFilters) { const filterRows = values[accountDomain ? 2 : 1].rows; + // @ts-ignore req.cachedFilters = filterRows.reduce((cache, filter) => { if (cache[filter.id]) { cache[filter.id].keywords.push([filter.keyword, filter.whole_word]); @@ -858,7 +890,9 @@ const startServer = async () => { // needs to be done in a separate loop as the database returns one // filterRow per keyword, so we need all the keywords before // constructing the regular expression + // @ts-ignore Object.keys(req.cachedFilters).forEach((key) => { + // @ts-ignore req.cachedFilters[key].regexp = new RegExp(req.cachedFilters[key].keywords.map(([keyword, whole_word]) => { let expr = keyword.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'); @@ -879,13 +913,16 @@ const startServer = async () => { // Apply cachedFilters against the payload, constructing a // `filter_results` array of FilterResult entities + // @ts-ignore if (req.cachedFilters) { const status = payload; // TODO: Calculate searchableContent in Ruby on Rails: + // @ts-ignore const searchableContent = ([status.spoiler_text || '', status.content].concat((status.poll && status.poll.options) ? status.poll.options.map(option => option.title) : [])).concat(status.media_attachments.map(att => att.description)).join('\n\n').replace(//g, '\n').replace(/<\/p>

/g, '\n\n'); const searchableTextContent = JSDOM.fragment(searchableContent).textContent; const now = new Date(); + // @ts-ignore const filter_results = Object.values(req.cachedFilters).reduce((results, cachedFilter) => { // Check the filter hasn't expired before applying: if (cachedFilter.expires_at !== null && cachedFilter.expires_at < now) { @@ -933,12 +970,12 @@ const startServer = async () => { }); }; - ids.forEach(id => { + channelIds.forEach(id => { subscribe(`${redisPrefix}${id}`, listener); }); if (typeof attachCloseHandler === 'function') { - attachCloseHandler(ids.map(id => `${redisPrefix}${id}`), listener); + attachCloseHandler(channelIds.map(id => `${redisPrefix}${id}`), listener); } return listener; @@ -950,8 +987,6 @@ const startServer = async () => { * @returns {function(string, string): void} */ const streamToHttp = (req, res) => { - const accountId = req.accountId || req.remoteAddress; - const channelName = channelNameFromPath(req); connectedClients.labels({ type: 'eventsource' }).inc(); @@ -970,7 +1005,8 @@ const startServer = async () => { const heartbeat = setInterval(() => res.write(':thump\n'), 15000); req.on('close', () => { - log.verbose(req.requestId, `Ending stream for ${accountId}`); + req.log.info({ accountId: req.accountId }, `Ending stream`); + // We decrement these counters here instead of in streamHttpEnd as in that // method we don't have knowledge of the channel names connectedClients.labels({ type: 'eventsource' }).dec(); @@ -1014,15 +1050,15 @@ const startServer = async () => { */ const streamToWs = (req, ws, streamName) => (event, payload) => { if (ws.readyState !== ws.OPEN) { - log.error(req.requestId, 'Tried writing to closed socket'); + req.log.error('Tried writing to closed socket'); return; } const message = JSON.stringify({ stream: streamName, event, payload }); - ws.send(message, (/** @type {Error} */ err) => { + ws.send(message, (/** @type {Error|undefined} */ err) => { if (err) { - log.error(req.requestId, `Failed to send to websocket: ${err}`); + req.log.error({err}, `Failed to send to websocket`); } }); }; @@ -1039,20 +1075,19 @@ const startServer = async () => { app.use(api); - api.use(setRequestId); - api.use(setRemoteAddress); - api.use(authenticationMiddleware); api.use(errorMiddleware); api.get('/api/v1/streaming/*', (req, res) => { + // @ts-ignore channelNameToIds(req, channelNameFromPath(req), req.query).then(({ channelIds, options }) => { const onSend = streamToHttp(req, res); const onEnd = streamHttpEnd(req, subscriptionHeartbeat(channelIds)); - streamFrom(channelIds, req, onSend, onEnd, 'eventsource', options.needsFiltering, options.allowLocalOnly); + // @ts-ignore + streamFrom(channelIds, req, req.log, onSend, onEnd, 'eventsource', options.needsFiltering, options.allowLocalOnly); }).catch(err => { - log.verbose(req.requestId, 'Subscription error:', err.toString()); + res.log.info({ err }, 'Subscription error:', err.toString()); httpNotFound(res); }); }); @@ -1082,34 +1117,6 @@ const startServer = async () => { return arr; }; - /** - * See app/lib/ascii_folder.rb for the canon definitions - * of these constants - */ - const NON_ASCII_CHARS = 'ÀÁÂÃÄÅàáâãäåĀāĂ㥹ÇçĆćĈĉĊċČčÐðĎďĐđÈÉÊËèéêëĒēĔĕĖėĘęĚěĜĝĞğĠġĢģĤĥĦħÌÍÎÏìíîïĨĩĪīĬĭĮįİıĴĵĶķĸĹĺĻļĽľĿŀŁłÑñŃńŅņŇňʼnŊŋÒÓÔÕÖØòóôõöøŌōŎŏŐőŔŕŖŗŘřŚśŜŝŞşŠšſŢţŤťŦŧÙÚÛÜùúûüŨũŪūŬŭŮůŰűŲųŴŵÝýÿŶŷŸŹźŻżŽž'; - const EQUIVALENT_ASCII_CHARS = 'AAAAAAaaaaaaAaAaAaCcCcCcCcCcDdDdDdEEEEeeeeEeEeEeEeEeGgGgGgGgHhHhIIIIiiiiIiIiIiIiIiJjKkkLlLlLlLlLlNnNnNnNnnNnOOOOOOooooooOoOoOoRrRrRrSsSsSsSssTtTtTtUUUUuuuuUuUuUuUuUuUuWwYyyYyYZzZzZz'; - - /** - * @param {string} str - * @returns {string} - */ - const foldToASCII = str => { - const regex = new RegExp(NON_ASCII_CHARS.split('').join('|'), 'g'); - - return str.replace(regex, match => { - const index = NON_ASCII_CHARS.indexOf(match); - return EQUIVALENT_ASCII_CHARS[index]; - }); - }; - - /** - * @param {string} str - * @returns {string} - */ - const normalizeHashtag = str => { - return foldToASCII(str.normalize('NFKC').toLowerCase()).replace(/[^\p{L}\p{N}_\u00b7\u200c]/gu, ''); - }; - /** * @param {any} req * @param {string} name @@ -1218,6 +1225,7 @@ const startServer = async () => { break; case 'list': + // @ts-ignore authorizeListAccess(params.list, req).then(() => { resolve({ channelIds: [`timeline:list:${params.list}`], @@ -1239,9 +1247,9 @@ const startServer = async () => { * @returns {string[]} */ const streamNameFromChannelName = (channelName, params) => { - if (channelName === 'list') { + if (channelName === 'list' && params.list) { return [channelName, params.list]; - } else if (['hashtag', 'hashtag:local'].includes(channelName)) { + } else if (['hashtag', 'hashtag:local'].includes(channelName) && params.tag) { return [channelName, params.tag]; } else { return [channelName]; @@ -1250,8 +1258,9 @@ const startServer = async () => { /** * @typedef WebSocketSession - * @property {WebSocket} websocket - * @property {http.IncomingMessage} request + * @property {WebSocket & { isAlive: boolean}} websocket + * @property {http.IncomingMessage & ResolvedAccount} request + * @property {import('pino').Logger} logger * @property {Object.} subscriptions */ @@ -1261,8 +1270,8 @@ const startServer = async () => { * @param {StreamParams} params * @returns {void} */ - const subscribeWebsocketToChannel = ({ socket, request, subscriptions }, channelName, params) => { - checkScopes(request, channelName).then(() => channelNameToIds(request, channelName, params)).then(({ + const subscribeWebsocketToChannel = ({ websocket, request, logger, subscriptions }, channelName, params) => { + checkScopes(request, logger, channelName).then(() => channelNameToIds(request, channelName, params)).then(({ channelIds, options, }) => { @@ -1270,9 +1279,9 @@ const startServer = async () => { return; } - const onSend = streamToWs(request, socket, streamNameFromChannelName(channelName, params)); + const onSend = streamToWs(request, websocket, streamNameFromChannelName(channelName, params)); const stopHeartbeat = subscriptionHeartbeat(channelIds); - const listener = streamFrom(channelIds, request, onSend, undefined, 'websocket', options.needsFiltering, options.allowLocalOnly); + const listener = streamFrom(channelIds, request, logger, onSend, undefined, 'websocket', options.needsFiltering, options.allowLocalOnly); connectedChannels.labels({ type: 'websocket', channel: channelName }).inc(); @@ -1282,14 +1291,17 @@ const startServer = async () => { stopHeartbeat, }; }).catch(err => { - log.verbose(request.requestId, 'Subscription error:', err.toString()); - socket.send(JSON.stringify({ error: err.toString() })); + logger.error({ err }, 'Subscription error'); + websocket.send(JSON.stringify({ error: err.toString() })); }); }; - - const removeSubscription = (subscriptions, channelIds, request) => { - log.verbose(request.requestId, `Ending stream from ${channelIds.join(', ')} for ${request.accountId}`); + /** + * @param {WebSocketSession} session + * @param {string[]} channelIds + */ + const removeSubscription = ({ request, logger, subscriptions }, channelIds) => { + logger.info({ channelIds, accountId: request.accountId }, `Ending stream`); const subscription = subscriptions[channelIds.join(';')]; @@ -1313,16 +1325,17 @@ const startServer = async () => { * @param {StreamParams} params * @returns {void} */ - const unsubscribeWebsocketFromChannel = ({ socket, request, subscriptions }, channelName, params) => { + const unsubscribeWebsocketFromChannel = (session, channelName, params) => { + const { websocket, request, logger } = session; + channelNameToIds(request, channelName, params).then(({ channelIds }) => { - removeSubscription(subscriptions, channelIds, request); + removeSubscription(session, channelIds); }).catch(err => { - log.verbose(request.requestId, 'Unsubscribe error:', err); + logger.error({err}, 'Unsubscribe error'); // If we have a socket that is alive and open still, send the error back to the client: - // FIXME: In other parts of the code ws === socket - if (socket.isAlive && socket.readyState === socket.OPEN) { - socket.send(JSON.stringify({ error: "Error unsubscribing from channel" })); + if (websocket.isAlive && websocket.readyState === websocket.OPEN) { + websocket.send(JSON.stringify({ error: "Error unsubscribing from channel" })); } }); }; @@ -1330,16 +1343,14 @@ const startServer = async () => { /** * @param {WebSocketSession} session */ - const subscribeWebsocketToSystemChannel = ({ socket, request, subscriptions }) => { + const subscribeWebsocketToSystemChannel = ({ websocket, request, subscriptions }) => { const accessTokenChannelId = `timeline:access_token:${request.accessTokenId}`; const systemChannelId = `timeline:system:${request.accountId}`; const listener = createSystemMessageListener(request, { - onKill() { - socket.close(); + websocket.close(); }, - }); subscribe(`${redisPrefix}${accessTokenChannelId}`, listener); @@ -1362,32 +1373,17 @@ const startServer = async () => { connectedChannels.labels({ type: 'websocket', channel: 'system' }).inc(2); }; - /** - * @param {string|string[]} arrayOrString - * @returns {string} - */ - const firstParam = arrayOrString => { - if (Array.isArray(arrayOrString)) { - return arrayOrString[0]; - } else { - return arrayOrString; - } - }; - /** * @param {WebSocket & { isAlive: boolean }} ws - * @param {http.IncomingMessage} req + * @param {http.IncomingMessage & ResolvedAccount} req + * @param {import('pino').Logger} log */ - function onConnection(ws, req) { + function onConnection(ws, req, log) { // Note: url.parse could throw, which would terminate the connection, so we // increment the connected clients metric straight away when we establish // the connection, without waiting: connectedClients.labels({ type: 'websocket' }).inc(); - // Setup request properties: - req.requestId = uuid.v4(); - req.remoteAddress = ws._socket.remoteAddress; - // Setup connection keep-alive state: ws.isAlive = true; ws.on('pong', () => { @@ -1398,8 +1394,9 @@ const startServer = async () => { * @type {WebSocketSession} */ const session = { - socket: ws, + websocket: ws, request: req, + logger: log, subscriptions: {}, }; @@ -1407,27 +1404,30 @@ const startServer = async () => { const subscriptions = Object.keys(session.subscriptions); subscriptions.forEach(channelIds => { - removeSubscription(session.subscriptions, channelIds.split(';'), req); + removeSubscription(session, channelIds.split(';')); }); // Decrement the metrics for connected clients: connectedClients.labels({ type: 'websocket' }).dec(); - // ensure garbage collection: - session.socket = null; - session.request = null; - session.subscriptions = {}; + // We need to delete the session object as to ensure it correctly gets + // garbage collected, without doing this we could accidentally hold on to + // references to the websocket, the request, and the logger, causing + // memory leaks. + // + // @ts-ignore + delete session; }); // Note: immediately after the `error` event is emitted, the `close` event // is emitted. As such, all we need to do is log the error here. - ws.on('error', (err) => { - log.error('websocket', err.toString()); + ws.on('error', (/** @type {Error} */ err) => { + log.error(err); }); ws.on('message', (data, isBinary) => { if (isBinary) { - log.warn('websocket', 'Received binary data, closing connection'); + log.warn('Received binary data, closing connection'); ws.close(1003, 'The mastodon streaming server does not support binary messages'); return; } @@ -1462,18 +1462,20 @@ const startServer = async () => { setInterval(() => { wss.clients.forEach(ws => { + // @ts-ignore if (ws.isAlive === false) { ws.terminate(); return; } + // @ts-ignore ws.isAlive = false; ws.ping('', false); }); }, 30000); attachServerWithConfig(server, address => { - log.warn(`Streaming API now listening on ${address}`); + logger.info(`Streaming API now listening on ${address}`); }); const onExit = () => { @@ -1481,8 +1483,10 @@ const startServer = async () => { process.exit(0); }; + /** @param {Error} err */ const onError = (err) => { - log.error(err); + logger.error(err); + server.close(); process.exit(0); }; @@ -1506,7 +1510,7 @@ const attachServerWithConfig = (server, onSuccess) => { } }); } else { - server.listen(+process.env.PORT || 4000, process.env.BIND || '127.0.0.1', () => { + server.listen(+(process.env.PORT || 4000), process.env.BIND || '127.0.0.1', () => { if (onSuccess) { onSuccess(`${server.address().address}:${server.address().port}`); } diff --git a/streaming/logging.js b/streaming/logging.js new file mode 100644 index 0000000000..64ee474875 --- /dev/null +++ b/streaming/logging.js @@ -0,0 +1,119 @@ +const { pino } = require('pino'); +const { pinoHttp, stdSerializers: pinoHttpSerializers } = require('pino-http'); +const uuid = require('uuid'); + +/** + * Generates the Request ID for logging and setting on responses + * @param {http.IncomingMessage} req + * @param {http.ServerResponse} [res] + * @returns {import("pino-http").ReqId} + */ +function generateRequestId(req, res) { + if (req.id) { + return req.id; + } + + req.id = uuid.v4(); + + // Allow for usage with WebSockets: + if (res) { + res.setHeader('X-Request-Id', req.id); + } + + return req.id; +} + +/** + * Request log sanitizer to prevent logging access tokens in URLs + * @param {http.IncomingMessage} req + */ +function sanitizeRequestLog(req) { + const log = pinoHttpSerializers.req(req); + if (typeof log.url === 'string' && log.url.includes('access_token')) { + // Doorkeeper uses SecureRandom.urlsafe_base64 per RFC 6749 / RFC 6750 + log.url = log.url.replace(/(access_token)=([a-zA-Z0-9\-_]+)/gi, '$1=[Redacted]'); + } + return log; +} + +const logger = pino({ + name: "streaming", + // Reformat the log level to a string: + formatters: { + level: (label) => { + return { + level: label + }; + }, + }, + redact: { + paths: [ + 'req.headers["sec-websocket-key"]', + // Note: we currently pass the AccessToken via the websocket subprotocol + // field, an anti-pattern, but this ensures it doesn't end up in logs. + 'req.headers["sec-websocket-protocol"]', + 'req.headers.authorization', + 'req.headers.cookie', + 'req.query.access_token' + ] + } +}); + +const httpLogger = pinoHttp({ + logger, + genReqId: generateRequestId, + serializers: { + req: sanitizeRequestLog + } +}); + +/** + * Attaches a logger to the request object received by http upgrade handlers + * @param {http.IncomingMessage} request + */ +function attachWebsocketHttpLogger(request) { + generateRequestId(request); + + request.log = logger.child({ + req: sanitizeRequestLog(request), + }); +} + +/** + * Creates a logger instance for the Websocket connection to use. + * @param {http.IncomingMessage} request + * @param {import('./index.js').ResolvedAccount} resolvedAccount + */ +function createWebsocketLogger(request, resolvedAccount) { + // ensure the request.id is always present. + generateRequestId(request); + + return logger.child({ + req: { + id: request.id + }, + account: { + id: resolvedAccount.accountId ?? null + } + }); +} + +exports.logger = logger; +exports.httpLogger = httpLogger; +exports.attachWebsocketHttpLogger = attachWebsocketHttpLogger; +exports.createWebsocketLogger = createWebsocketLogger; + +/** + * Initializes the log level based on the environment + * @param {Object} env + * @param {string} environment + */ +exports.initializeLogLevel = function initializeLogLevel(env, environment) { + if (env.LOG_LEVEL && Object.keys(logger.levels.values).includes(env.LOG_LEVEL)) { + logger.level = env.LOG_LEVEL; + } else if (environment === 'development') { + logger.level = 'debug'; + } else { + logger.level = 'info'; + } +}; diff --git a/streaming/package.json b/streaming/package.json index 149055ca1b..3f76e25786 100644 --- a/streaming/package.json +++ b/streaming/package.json @@ -20,10 +20,11 @@ "dotenv": "^16.0.3", "express": "^4.18.2", "ioredis": "^5.3.2", - "jsdom": "^23.0.0", - "npmlog": "^7.0.1", + "jsdom": "^24.0.0", "pg": "^8.5.0", "pg-connection-string": "^2.6.0", + "pino": "^8.17.2", + "pino-http": "^9.0.0", "prom-client": "^15.0.0", "uuid": "^9.0.0", "ws": "^8.12.1" @@ -31,11 +32,11 @@ "devDependencies": { "@types/cors": "^2.8.16", "@types/express": "^4.17.17", - "@types/npmlog": "^7.0.0", "@types/pg": "^8.6.6", "@types/uuid": "^9.0.0", "@types/ws": "^8.5.9", "eslint-define-config": "^2.0.0", + "pino-pretty": "^10.3.1", "typescript": "^5.0.4" }, "optionalDependencies": { diff --git a/streaming/utils.js b/streaming/utils.js index ad8dd4889f..7b87a1d14c 100644 --- a/streaming/utils.js +++ b/streaming/utils.js @@ -20,3 +20,50 @@ const isTruthy = value => value && !FALSE_VALUES.includes(value); exports.isTruthy = isTruthy; + + +/** + * See app/lib/ascii_folder.rb for the canon definitions + * of these constants + */ +const NON_ASCII_CHARS = 'ÀÁÂÃÄÅàáâãäåĀāĂ㥹ÇçĆćĈĉĊċČčÐðĎďĐđÈÉÊËèéêëĒēĔĕĖėĘęĚěĜĝĞğĠġĢģĤĥĦħÌÍÎÏìíîïĨĩĪīĬĭĮįİıĴĵĶķĸĹĺĻļĽľĿŀŁłÑñŃńŅņŇňʼnŊŋÒÓÔÕÖØòóôõöøŌōŎŏŐőŔŕŖŗŘřŚśŜŝŞşŠšſŢţŤťŦŧÙÚÛÜùúûüŨũŪūŬŭŮůŰűŲųŴŵÝýÿŶŷŸŹźŻżŽž'; +const EQUIVALENT_ASCII_CHARS = 'AAAAAAaaaaaaAaAaAaCcCcCcCcCcDdDdDdEEEEeeeeEeEeEeEeEeGgGgGgGgHhHhIIIIiiiiIiIiIiIiIiJjKkkLlLlLlLlLlNnNnNnNnnNnOOOOOOooooooOoOoOoRrRrRrSsSsSsSssTtTtTtUUUUuuuuUuUuUuUuUuUuWwYyyYyYZzZzZz'; + +/** + * @param {string} str + * @returns {string} + */ +function foldToASCII(str) { + const regex = new RegExp(NON_ASCII_CHARS.split('').join('|'), 'g'); + + return str.replace(regex, function(match) { + const index = NON_ASCII_CHARS.indexOf(match); + return EQUIVALENT_ASCII_CHARS[index]; + }); +} + +exports.foldToASCII = foldToASCII; + +/** + * @param {string} str + * @returns {string} + */ +function normalizeHashtag(str) { + return foldToASCII(str.normalize('NFKC').toLowerCase()).replace(/[^\p{L}\p{N}_\u00b7\u200c]/gu, ''); +} + +exports.normalizeHashtag = normalizeHashtag; + +/** + * @param {string|string[]} arrayOrString + * @returns {string} + */ +function firstParam(arrayOrString) { + if (Array.isArray(arrayOrString)) { + return arrayOrString[0]; + } else { + return arrayOrString; + } +} + +exports.firstParam = firstParam; diff --git a/yarn.lock b/yarn.lock index 5864c1a3f9..26c1de2b75 100644 --- a/yarn.lock +++ b/yarn.lock @@ -42,17 +42,6 @@ __metadata: languageName: node linkType: hard -"@asamuzakjp/dom-selector@npm:^2.0.1": - version: 2.0.1 - resolution: "@asamuzakjp/dom-selector@npm:2.0.1" - dependencies: - bidi-js: "npm:^1.0.3" - css-tree: "npm:^2.3.1" - is-potential-custom-element-name: "npm:^1.0.1" - checksum: 232895f16f2f9dfc637764df2529084d16e1c122057766a79b16e1d40808e09fffae28c0f0cc8376f8a1564a85dba9d4b2f140a9a0b65f4f95c960192b797037 - languageName: node - linkType: hard - "@babel/code-frame@npm:^7.0.0, @babel/code-frame@npm:^7.10.4, @babel/code-frame@npm:^7.12.13, @babel/code-frame@npm:^7.22.13, @babel/code-frame@npm:^7.23.5": version: 7.23.5 resolution: "@babel/code-frame@npm:7.23.5" @@ -2539,7 +2528,6 @@ __metadata: dependencies: "@types/cors": "npm:^2.8.16" "@types/express": "npm:^4.17.17" - "@types/npmlog": "npm:^7.0.0" "@types/pg": "npm:^8.6.6" "@types/uuid": "npm:^9.0.0" "@types/ws": "npm:^8.5.9" @@ -2549,10 +2537,12 @@ __metadata: eslint-define-config: "npm:^2.0.0" express: "npm:^4.18.2" ioredis: "npm:^5.3.2" - jsdom: "npm:^23.0.0" - npmlog: "npm:^7.0.1" + jsdom: "npm:^24.0.0" pg: "npm:^8.5.0" pg-connection-string: "npm:^2.6.0" + pino: "npm:^8.17.2" + pino-http: "npm:^9.0.0" + pino-pretty: "npm:^10.3.1" prom-client: "npm:^15.0.0" typescript: "npm:^5.0.4" utf-8-validate: "npm:^6.0.3" @@ -3341,15 +3331,6 @@ __metadata: languageName: node linkType: hard -"@types/npmlog@npm:^7.0.0": - version: 7.0.0 - resolution: "@types/npmlog@npm:7.0.0" - dependencies: - "@types/node": "npm:*" - checksum: e94cb1d7dc6b1251d58d0a3cbf0c5b9e9b7c7649774cf816b9277fc10e1a09e65f2854357c4972d04d477f8beca3c8accb5e8546d594776e59e35ddfee79aff2 - languageName: node - linkType: hard - "@types/object-assign@npm:^4.0.30": version: 4.0.33 resolution: "@types/object-assign@npm:4.0.33" @@ -3555,13 +3536,13 @@ __metadata: linkType: hard "@types/react@npm:*, @types/react@npm:16 || 17 || 18, @types/react@npm:>=16.9.11, @types/react@npm:^18.2.7": - version: 18.2.47 - resolution: "@types/react@npm:18.2.47" + version: 18.2.48 + resolution: "@types/react@npm:18.2.48" dependencies: "@types/prop-types": "npm:*" "@types/scheduler": "npm:*" csstype: "npm:^3.0.2" - checksum: e98ea1827fe60636d0f7ce206397159a29fc30613fae43e349e32c10ad3c0b7e0ed2ded2f3239e07bd5a3cba8736b6114ba196acccc39905ca4a06f56a8d2841 + checksum: 7e89f18ea2928b1638f564b156d692894dcb9352a7e0a807873c97e858abe1f23dbd165a25dd088a991344e973fdeef88ba5724bfb64504b74072cbc9c220c3a languageName: node linkType: hard @@ -4327,13 +4308,6 @@ __metadata: languageName: node linkType: hard -"aproba@npm:^1.0.3 || ^2.0.0": - version: 2.0.0 - resolution: "aproba@npm:2.0.0" - checksum: d06e26384a8f6245d8c8896e138c0388824e259a329e0c9f196b4fa533c82502a6fd449586e3604950a0c42921832a458bb3aa0aa9f0ba449cfd4f50fd0d09b5 - languageName: node - linkType: hard - "are-docs-informative@npm:^0.0.2": version: 0.0.2 resolution: "are-docs-informative@npm:0.0.2" @@ -4341,16 +4315,6 @@ __metadata: languageName: node linkType: hard -"are-we-there-yet@npm:^4.0.0": - version: 4.0.0 - resolution: "are-we-there-yet@npm:4.0.0" - dependencies: - delegates: "npm:^1.0.0" - readable-stream: "npm:^4.1.0" - checksum: 760008e32948e9f738c5a288792d187e235fee0f170e042850bc7ff242f2a499f3f2874d6dd43ac06f5d9f5306137bc51bbdd4ae0bb11379c58b01678e0f684d - languageName: node - linkType: hard - "argparse@npm:^1.0.7": version: 1.0.10 resolution: "argparse@npm:1.0.10" @@ -4672,6 +4636,13 @@ __metadata: languageName: node linkType: hard +"atomic-sleep@npm:^1.0.0": + version: 1.0.0 + resolution: "atomic-sleep@npm:1.0.0" + checksum: e329a6665512736a9bbb073e1761b4ec102f7926cce35037753146a9db9c8104f5044c1662e4a863576ce544fb8be27cd2be6bc8c1a40147d03f31eb1cfb6e8a + languageName: node + linkType: hard + "atrament@npm:0.2.4": version: 0.2.4 resolution: "atrament@npm:0.2.4" @@ -4976,15 +4947,6 @@ __metadata: languageName: node linkType: hard -"bidi-js@npm:^1.0.3": - version: 1.0.3 - resolution: "bidi-js@npm:1.0.3" - dependencies: - require-from-string: "npm:^2.0.2" - checksum: fdddea4aa4120a34285486f2267526cd9298b6e8b773ad25e765d4f104b6d7437ab4ba542e6939e3ac834a7570bcf121ee2cf6d3ae7cd7082c4b5bedc8f271e1 - languageName: node - linkType: hard - "big-integer@npm:^1.6.44": version: 1.6.51 resolution: "big-integer@npm:1.6.51" @@ -5773,15 +5735,6 @@ __metadata: languageName: node linkType: hard -"color-support@npm:^1.1.3": - version: 1.1.3 - resolution: "color-support@npm:1.1.3" - bin: - color-support: bin.js - checksum: 8ffeaa270a784dc382f62d9be0a98581db43e11eee301af14734a6d089bd456478b1a8b3e7db7ca7dc5b18a75f828f775c44074020b51c05fc00e6d0992b1cc6 - languageName: node - linkType: hard - "colord@npm:^2.9.1, colord@npm:^2.9.3": version: 2.9.3 resolution: "colord@npm:2.9.3" @@ -5789,7 +5742,7 @@ __metadata: languageName: node linkType: hard -"colorette@npm:^2.0.20": +"colorette@npm:^2.0.20, colorette@npm:^2.0.7": version: 2.0.20 resolution: "colorette@npm:2.0.20" checksum: e94116ff33b0ff56f3b83b9ace895e5bf87c2a7a47b3401b8c3f3226e050d5ef76cf4072fb3325f9dc24d1698f9b730baf4e05eeaf861d74a1883073f4c98a40 @@ -5921,13 +5874,6 @@ __metadata: languageName: node linkType: hard -"console-control-strings@npm:^1.1.0": - version: 1.1.0 - resolution: "console-control-strings@npm:1.1.0" - checksum: 7ab51d30b52d461412cd467721bb82afe695da78fff8f29fe6f6b9cbaac9a2328e27a22a966014df9532100f6dd85370460be8130b9c677891ba36d96a343f50 - languageName: node - linkType: hard - "constants-browserify@npm:^1.0.0": version: 1.0.0 resolution: "constants-browserify@npm:1.0.0" @@ -6003,9 +5949,9 @@ __metadata: linkType: hard "core-js@npm:^3.30.2": - version: 3.35.0 - resolution: "core-js@npm:3.35.0" - checksum: 1d545ff4406f2afa5e681f44b45ed5f7f119d158b380234d5aa7787ce7e47fc7a635b98b74c28c766ba8191e3db8c2316ad6ab4ff1ddecbc3fd618413a52c29c + version: 3.35.1 + resolution: "core-js@npm:3.35.1" + checksum: ebc8e22c36d13bcf2140cbc1d8ad65d1b08192bff4c43ade70c72eac103cb4dcfbc521f2b1ad1c74881b0a4353e64986537893ae4f07888e49228340efa13ae6 languageName: node linkType: hard @@ -6455,6 +6401,13 @@ __metadata: languageName: node linkType: hard +"dateformat@npm:^4.6.3": + version: 4.6.3 + resolution: "dateformat@npm:4.6.3" + checksum: e2023b905e8cfe2eb8444fb558562b524807a51cdfe712570f360f873271600b5c94aebffaf11efb285e2c072264a7cf243eadb68f3eba0f8cc85fb86cd25df6 + languageName: node + linkType: hard + "debounce@npm:^1.2.1": version: 1.2.1 resolution: "debounce@npm:1.2.1" @@ -6690,13 +6643,6 @@ __metadata: languageName: node linkType: hard -"delegates@npm:^1.0.0": - version: 1.0.0 - resolution: "delegates@npm:1.0.0" - checksum: ba05874b91148e1db4bf254750c042bf2215febd23a6d3cda2e64896aef79745fbd4b9996488bd3cafb39ce19dbce0fd6e3b6665275638befffe1c9b312b91b5 - languageName: node - linkType: hard - "denque@npm:^2.1.0": version: 2.1.0 resolution: "denque@npm:2.1.0" @@ -6965,9 +6911,9 @@ __metadata: linkType: hard "dotenv@npm:^16.0.3": - version: 16.3.1 - resolution: "dotenv@npm:16.3.1" - checksum: b95ff1bbe624ead85a3cd70dbd827e8e06d5f05f716f2d0cbc476532d54c7c9469c3bc4dd93ea519f6ad711cb522c00ac9a62b6eb340d5affae8008facc3fbd7 + version: 16.3.2 + resolution: "dotenv@npm:16.3.2" + checksum: a87d62cef0810b670cb477db1a24a42a093b6b428c9e65c185ce1d6368ad7175234b13547718ba08da18df43faae4f814180cc0366e11be1ded2277abc4dd22e languageName: node linkType: hard @@ -7969,6 +7915,13 @@ __metadata: languageName: node linkType: hard +"fast-copy@npm:^3.0.0": + version: 3.0.1 + resolution: "fast-copy@npm:3.0.1" + checksum: a8310dbcc4c94ed001dc3e0bbc3c3f0491bb04e6c17163abe441a54997ba06cdf1eb532c2f05e54777c6f072c84548c23ef0ecd54665cd611be1d42f37eca258 + languageName: node + linkType: hard + "fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3": version: 3.1.3 resolution: "fast-deep-equal@npm:3.1.3" @@ -8010,6 +7963,20 @@ __metadata: languageName: node linkType: hard +"fast-redact@npm:^3.1.1": + version: 3.3.0 + resolution: "fast-redact@npm:3.3.0" + checksum: d81562510681e9ba6404ee5d3838ff5257a44d2f80937f5024c099049ff805437d0fae0124458a7e87535cc9dcf4de305bb075cab8f08d6c720bbc3447861b4e + languageName: node + linkType: hard + +"fast-safe-stringify@npm:^2.1.1": + version: 2.1.1 + resolution: "fast-safe-stringify@npm:2.1.1" + checksum: d90ec1c963394919828872f21edaa3ad6f1dddd288d2bd4e977027afff09f5db40f94e39536d4646f7e01761d704d72d51dce5af1b93717f3489ef808f5f4e4d + languageName: node + linkType: hard + "fastest-levenshtein@npm:^1.0.16": version: 1.0.16 resolution: "fastest-levenshtein@npm:1.0.16" @@ -8431,22 +8398,6 @@ __metadata: languageName: node linkType: hard -"gauge@npm:^5.0.0": - version: 5.0.1 - resolution: "gauge@npm:5.0.1" - dependencies: - aproba: "npm:^1.0.3 || ^2.0.0" - color-support: "npm:^1.1.3" - console-control-strings: "npm:^1.1.0" - has-unicode: "npm:^2.0.1" - signal-exit: "npm:^4.0.1" - string-width: "npm:^4.2.3" - strip-ansi: "npm:^6.0.1" - wide-align: "npm:^1.1.5" - checksum: 845f9a2534356cd0e9c1ae590ed471bbe8d74c318915b92a34e8813b8d3441ca8e0eb0fa87a48081e70b63b84d398c5e66a13b8e8040181c10b9d77e9fe3287f - languageName: node - linkType: hard - "gensync@npm:^1.0.0-beta.2": version: 1.0.0-beta.2 resolution: "gensync@npm:1.0.0-beta.2" @@ -8795,13 +8746,6 @@ __metadata: languageName: node linkType: hard -"has-unicode@npm:^2.0.1": - version: 2.0.1 - resolution: "has-unicode@npm:2.0.1" - checksum: ebdb2f4895c26bb08a8a100b62d362e49b2190bcfd84b76bc4be1a3bd4d254ec52d0dd9f2fbcc093fc5eb878b20c52146f9dfd33e2686ed28982187be593b47c - languageName: node - linkType: hard - "has-value@npm:^0.3.1": version: 0.3.1 resolution: "has-value@npm:0.3.1" @@ -8878,6 +8822,13 @@ __metadata: languageName: node linkType: hard +"help-me@npm:^5.0.0": + version: 5.0.0 + resolution: "help-me@npm:5.0.0" + checksum: 054c0e2e9ae2231c85ab5e04f75109b9d068ffcc54e58fb22079822a5ace8ff3d02c66fd45379c902ad5ab825e5d2e1451fcc2f7eab1eb49e7d488133ba4cacb + languageName: node + linkType: hard + "history@npm:^4.10.1, history@npm:^4.9.0": version: 4.10.1 resolution: "history@npm:4.10.1" @@ -10594,6 +10545,13 @@ __metadata: languageName: node linkType: hard +"joycon@npm:^3.1.1": + version: 3.1.1 + resolution: "joycon@npm:3.1.1" + checksum: 131fb1e98c9065d067fd49b6e685487ac4ad4d254191d7aa2c9e3b90f4e9ca70430c43cad001602bdbdabcf58717d3b5c5b7461c1bd8e39478c8de706b3fe6ae + languageName: node + linkType: hard + "jpeg-autorotate@npm:^7.1.1": version: 7.1.1 resolution: "jpeg-autorotate@npm:7.1.1" @@ -10692,11 +10650,10 @@ __metadata: languageName: node linkType: hard -"jsdom@npm:^23.0.0": - version: 23.2.0 - resolution: "jsdom@npm:23.2.0" +"jsdom@npm:^24.0.0": + version: 24.0.0 + resolution: "jsdom@npm:24.0.0" dependencies: - "@asamuzakjp/dom-selector": "npm:^2.0.1" cssstyle: "npm:^4.0.1" data-urls: "npm:^5.0.0" decimal.js: "npm:^10.4.3" @@ -10705,6 +10662,7 @@ __metadata: http-proxy-agent: "npm:^7.0.0" https-proxy-agent: "npm:^7.0.2" is-potential-custom-element-name: "npm:^1.0.1" + nwsapi: "npm:^2.2.7" parse5: "npm:^7.1.2" rrweb-cssom: "npm:^0.6.0" saxes: "npm:^6.0.0" @@ -10722,7 +10680,7 @@ __metadata: peerDependenciesMeta: canvas: optional: true - checksum: b062af50f7be59d914ba75236b7817c848ef3cd007aea1d6b8020a41eb263b7d5bd2652298106e9756b56892f773d990598778d02adab7d0d0d8e58726fc41d3 + checksum: 7b35043d7af39ad6dcaef0fa5679d8c8a94c6c9b6cc4a79222b7c9987d57ab7150c50856684ae56b473ab28c7d82aec0fb7ca19dcbd4c3f46683c807d717a3af languageName: node linkType: hard @@ -11990,18 +11948,6 @@ __metadata: languageName: node linkType: hard -"npmlog@npm:^7.0.1": - version: 7.0.1 - resolution: "npmlog@npm:7.0.1" - dependencies: - are-we-there-yet: "npm:^4.0.0" - console-control-strings: "npm:^1.1.0" - gauge: "npm:^5.0.0" - set-blocking: "npm:^2.0.0" - checksum: d4e6a2aaa7b5b5d2e2ed8f8ac3770789ca0691a49f3576b6a8c97d560a4c3305d2c233a9173d62be737e6e4506bf9e89debd6120a3843c1d37315c34f90fef71 - languageName: node - linkType: hard - "nth-check@npm:^1.0.2": version: 1.0.2 resolution: "nth-check@npm:1.0.2" @@ -12020,7 +11966,7 @@ __metadata: languageName: node linkType: hard -"nwsapi@npm:^2.2.2": +"nwsapi@npm:^2.2.2, nwsapi@npm:^2.2.7": version: 2.2.7 resolution: "nwsapi@npm:2.2.7" checksum: 44be198adae99208487a1c886c0a3712264f7bbafa44368ad96c003512fed2753d4e22890ca1e6edb2690c3456a169f2a3c33bfacde1905cf3bf01c7722464db @@ -12174,6 +12120,13 @@ __metadata: languageName: node linkType: hard +"on-exit-leak-free@npm:^2.1.0": + version: 2.1.2 + resolution: "on-exit-leak-free@npm:2.1.2" + checksum: faea2e1c9d696ecee919026c32be8d6a633a7ac1240b3b87e944a380e8a11dc9c95c4a1f8fb0568de7ab8db3823e790f12bda45296b1d111e341aad3922a0570 + languageName: node + linkType: hard + "on-finished@npm:2.4.1": version: 2.4.1 resolution: "on-finished@npm:2.4.1" @@ -12741,6 +12694,80 @@ __metadata: languageName: node linkType: hard +"pino-abstract-transport@npm:^1.0.0, pino-abstract-transport@npm:v1.1.0": + version: 1.1.0 + resolution: "pino-abstract-transport@npm:1.1.0" + dependencies: + readable-stream: "npm:^4.0.0" + split2: "npm:^4.0.0" + checksum: 6e9b9d5a2c0a37f91ecaf224d335daae1ae682b1c79a05b06ef9e0f0a5d289f8e597992217efc857796dae6f1067e9b4882f95c6228ff433ddc153532cae8aca + languageName: node + linkType: hard + +"pino-http@npm:^9.0.0": + version: 9.0.0 + resolution: "pino-http@npm:9.0.0" + dependencies: + get-caller-file: "npm:^2.0.5" + pino: "npm:^8.17.1" + pino-std-serializers: "npm:^6.2.2" + process-warning: "npm:^3.0.0" + checksum: 05496cb76cc9908658e50c4620fbdf7b0b5d99fb529493d601c3e4635b0bf7ce12b8a8eed7b5b520089f643b099233d61dd71f7cdfad8b66e59b9b81d79b6512 + languageName: node + linkType: hard + +"pino-pretty@npm:^10.3.1": + version: 10.3.1 + resolution: "pino-pretty@npm:10.3.1" + dependencies: + colorette: "npm:^2.0.7" + dateformat: "npm:^4.6.3" + fast-copy: "npm:^3.0.0" + fast-safe-stringify: "npm:^2.1.1" + help-me: "npm:^5.0.0" + joycon: "npm:^3.1.1" + minimist: "npm:^1.2.6" + on-exit-leak-free: "npm:^2.1.0" + pino-abstract-transport: "npm:^1.0.0" + pump: "npm:^3.0.0" + readable-stream: "npm:^4.0.0" + secure-json-parse: "npm:^2.4.0" + sonic-boom: "npm:^3.0.0" + strip-json-comments: "npm:^3.1.1" + bin: + pino-pretty: bin.js + checksum: 6964fba5acc7a9f112e4c6738d602e123daf16cb5f6ddc56ab4b6bb05059f28876d51da8f72358cf1172e95fa12496b70465431a0836df693c462986d050686b + languageName: node + linkType: hard + +"pino-std-serializers@npm:^6.0.0, pino-std-serializers@npm:^6.2.2": + version: 6.2.2 + resolution: "pino-std-serializers@npm:6.2.2" + checksum: 8f1c7f0f0d8f91e6c6b5b2a6bfb48f06441abeb85f1c2288319f736f9c6d814fbeebe928d2314efc2ba6018fa7db9357a105eca9fc99fc1f28945a8a8b28d3d5 + languageName: node + linkType: hard + +"pino@npm:^8.17.1, pino@npm:^8.17.2": + version: 8.17.2 + resolution: "pino@npm:8.17.2" + dependencies: + atomic-sleep: "npm:^1.0.0" + fast-redact: "npm:^3.1.1" + on-exit-leak-free: "npm:^2.1.0" + pino-abstract-transport: "npm:v1.1.0" + pino-std-serializers: "npm:^6.0.0" + process-warning: "npm:^3.0.0" + quick-format-unescaped: "npm:^4.0.3" + real-require: "npm:^0.2.0" + safe-stable-stringify: "npm:^2.3.1" + sonic-boom: "npm:^3.7.0" + thread-stream: "npm:^2.0.0" + bin: + pino: bin.js + checksum: 9e55af6cd9d1833a4dbe64924fc73163295acd3c988a9c7db88926669f2574ab7ec607e8487b6dd71dbdad2d7c1c1aac439f37e59233f37220b1a9d88fa2ce01 + languageName: node + linkType: hard + "pirates@npm:^4.0.4": version: 4.0.6 resolution: "pirates@npm:4.0.6" @@ -13343,6 +13370,13 @@ __metadata: languageName: node linkType: hard +"process-warning@npm:^3.0.0": + version: 3.0.0 + resolution: "process-warning@npm:3.0.0" + checksum: 60f3c8ddee586f0706c1e6cb5aa9c86df05774b9330d792d7c8851cf0031afd759d665404d07037e0b4901b55c44a423f07bdc465c63de07d8d23196bb403622 + languageName: node + linkType: hard + "process@npm:^0.11.10": version: 0.11.10 resolution: "process@npm:0.11.10" @@ -13520,6 +13554,13 @@ __metadata: languageName: node linkType: hard +"quick-format-unescaped@npm:^4.0.3": + version: 4.0.4 + resolution: "quick-format-unescaped@npm:4.0.4" + checksum: fe5acc6f775b172ca5b4373df26f7e4fd347975578199e7d74b2ae4077f0af05baa27d231de1e80e8f72d88275ccc6028568a7a8c9ee5e7368ace0e18eff93a4 + languageName: node + linkType: hard + "raf@npm:^3.1.0": version: 3.4.1 resolution: "raf@npm:3.4.1" @@ -13762,8 +13803,8 @@ __metadata: linkType: hard "react-redux@npm:^9.0.4": - version: 9.0.4 - resolution: "react-redux@npm:9.0.4" + version: 9.1.0 + resolution: "react-redux@npm:9.1.0" dependencies: "@types/use-sync-external-store": "npm:^0.0.3" use-sync-external-store: "npm:^1.0.0" @@ -13779,7 +13820,7 @@ __metadata: optional: true redux: optional: true - checksum: 23af10014b129aeb051de729bde01de21175170b860deefb7ad83483feab5816253f770a4cea93333fc22a53ac9ac699b27f5c3705c388dab53dbcb2906a571a + checksum: 53161b5dc4d109020fbc42d26906ace92fed9ba1d7ab6274af60e9c0684583d20d1c8ec6d58601ac7b833c6468a652bbf3d4a102149d1793cb8a28b05b042f73 languageName: node linkType: hard @@ -14015,15 +14056,16 @@ __metadata: languageName: node linkType: hard -"readable-stream@npm:^4.1.0": - version: 4.4.0 - resolution: "readable-stream@npm:4.4.0" +"readable-stream@npm:^4.0.0": + version: 4.4.2 + resolution: "readable-stream@npm:4.4.2" dependencies: abort-controller: "npm:^3.0.0" buffer: "npm:^6.0.3" events: "npm:^3.3.0" process: "npm:^0.11.10" - checksum: 83f5a11285e5ebefb7b22a43ea77a2275075639325b4932a328a1fb0ee2475b83b9cc94326724d71c6aa3b60fa87e2b16623530b1cac34f3825dcea0996fdbe4 + string_decoder: "npm:^1.3.0" + checksum: cf7cc8daa2b57872d120945a20a1458c13dcb6c6f352505421115827b18ac4df0e483ac1fe195cb1f5cd226e1073fc55b92b569269d8299e8530840bcdbba40c languageName: node linkType: hard @@ -14047,6 +14089,13 @@ __metadata: languageName: node linkType: hard +"real-require@npm:^0.2.0": + version: 0.2.0 + resolution: "real-require@npm:0.2.0" + checksum: 23eea5623642f0477412ef8b91acd3969015a1501ed34992ada0e3af521d3c865bb2fe4cdbfec5fe4b505f6d1ef6a03e5c3652520837a8c3b53decff7e74b6a0 + languageName: node + linkType: hard + "redent@npm:^3.0.0": version: 3.0.0 resolution: "redent@npm:3.0.0" @@ -14592,6 +14641,13 @@ __metadata: languageName: node linkType: hard +"safe-stable-stringify@npm:^2.3.1": + version: 2.4.3 + resolution: "safe-stable-stringify@npm:2.4.3" + checksum: 81dede06b8f2ae794efd868b1e281e3c9000e57b39801c6c162267eb9efda17bd7a9eafa7379e1f1cacd528d4ced7c80d7460ad26f62ada7c9e01dec61b2e768 + languageName: node + linkType: hard + "safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0, safer-buffer@npm:^2.1.0": version: 2.1.2 resolution: "safer-buffer@npm:2.1.2" @@ -14625,15 +14681,15 @@ __metadata: linkType: hard "sass@npm:^1.62.1": - version: 1.69.7 - resolution: "sass@npm:1.69.7" + version: 1.70.0 + resolution: "sass@npm:1.70.0" dependencies: chokidar: "npm:>=3.0.0 <4.0.0" immutable: "npm:^4.0.0" source-map-js: "npm:>=0.6.2 <2.0.0" bin: sass: sass.js - checksum: 773d0938e7d4ff3972d3fda3132f34fe98a2f712e028a58e28fecd615434795eff3266eddc38d5e13f03b90c0d6360d0e737b30bff2949a47280c64a18e0fb18 + checksum: 7c309ee1c096d591746d122da9f1ebd65b4c4b3a60c2cc0ec720fd98fe1205fa8b44c9f563d113b9fdfeb25af1e32ec9b3e048bd4b8e05d267f020953bd7baf0 languageName: node linkType: hard @@ -14705,6 +14761,13 @@ __metadata: languageName: node linkType: hard +"secure-json-parse@npm:^2.4.0": + version: 2.7.0 + resolution: "secure-json-parse@npm:2.7.0" + checksum: f57eb6a44a38a3eeaf3548228585d769d788f59007454214fab9ed7f01fbf2e0f1929111da6db28cf0bcc1a2e89db5219a59e83eeaec3a54e413a0197ce879e4 + languageName: node + linkType: hard + "select-hose@npm:^2.0.0": version: 2.0.0 resolution: "select-hose@npm:2.0.0" @@ -15108,6 +15171,15 @@ __metadata: languageName: node linkType: hard +"sonic-boom@npm:^3.0.0, sonic-boom@npm:^3.7.0": + version: 3.7.0 + resolution: "sonic-boom@npm:3.7.0" + dependencies: + atomic-sleep: "npm:^1.0.0" + checksum: 57a3d560efb77f4576db111168ee2649c99e7869fda6ce0ec2a4e5458832d290ba58d74b073ddb5827d9a30f96d23cff79157993d919e1a6d5f28d8b6391c7f0 + languageName: node + linkType: hard + "source-list-map@npm:^2.0.0": version: 2.0.1 resolution: "source-list-map@npm:2.0.1" @@ -15266,7 +15338,7 @@ __metadata: languageName: node linkType: hard -"split2@npm:^4.1.0": +"split2@npm:^4.0.0, split2@npm:^4.1.0": version: 4.2.0 resolution: "split2@npm:4.2.0" checksum: b292beb8ce9215f8c642bb68be6249c5a4c7f332fc8ecadae7be5cbdf1ea95addc95f0459ef2e7ad9d45fd1064698a097e4eb211c83e772b49bc0ee423e91534 @@ -15431,7 +15503,7 @@ __metadata: languageName: node linkType: hard -"string-width-cjs@npm:string-width@^4.2.0, string-width@npm:^1.0.2 || 2 || 3 || 4, string-width@npm:^4.1.0, string-width@npm:^4.2.0, string-width@npm:^4.2.3": +"string-width-cjs@npm:string-width@^4.2.0, string-width@npm:^4.1.0, string-width@npm:^4.2.0, string-width@npm:^4.2.3": version: 4.2.3 resolution: "string-width@npm:4.2.3" dependencies: @@ -15524,7 +15596,7 @@ __metadata: languageName: node linkType: hard -"string_decoder@npm:^1.0.0, string_decoder@npm:^1.1.1": +"string_decoder@npm:^1.0.0, string_decoder@npm:^1.1.1, string_decoder@npm:^1.3.0": version: 1.3.0 resolution: "string_decoder@npm:1.3.0" dependencies: @@ -16070,6 +16142,15 @@ __metadata: languageName: node linkType: hard +"thread-stream@npm:^2.0.0": + version: 2.4.1 + resolution: "thread-stream@npm:2.4.1" + dependencies: + real-require: "npm:^0.2.0" + checksum: ce29265810b9550ce896726301ff006ebfe96b90292728f07cfa4c379740585583046e2a8018afc53aca66b18fed12b33a84f3883e7ebc317185f6682898b8f8 + languageName: node + linkType: hard + "thunky@npm:^1.0.2": version: 1.1.0 resolution: "thunky@npm:1.1.0" @@ -17307,15 +17388,6 @@ __metadata: languageName: node linkType: hard -"wide-align@npm:^1.1.5": - version: 1.1.5 - resolution: "wide-align@npm:1.1.5" - dependencies: - string-width: "npm:^1.0.2 || 2 || 3 || 4" - checksum: 1d9c2a3e36dfb09832f38e2e699c367ef190f96b82c71f809bc0822c306f5379df87bab47bed27ea99106d86447e50eb972d3c516c2f95782807a9d082fbea95 - languageName: node - linkType: hard - "wildcard@npm:^2.0.0": version: 2.0.1 resolution: "wildcard@npm:2.0.1"