Commit Graph

9496 Commits

Author SHA1 Message Date
ThibG d63c3c0cef Improve streaming server security (#10818)
* Check OAuth token scopes in the streaming API

* Use Sec-WebSocket-Protocol instead of query string to pass WebSocket token

Inspired by https://github.com/kubevirt/kubevirt/issues/1242
2019-05-24 15:21:42 +02:00
ThibG 72bf354e97
Merge pull request #1067 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
2019-05-23 22:01:34 +02:00
Thibaut Girka d6a7d62dc6 Do not share a single Redcarpet::Markdown object across threads
There are apparently thread-safety issues: https://github.com/vmg/redcarpet/pull/672
2019-05-23 21:19:44 +02:00
Thibaut Girka bf988123ba Merge branch 'master' into glitch-soc/merge-upstream 2019-05-23 21:18:27 +02:00
ThibG c394d3cb25
Merge pull request #1065 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
2019-05-23 20:49:18 +02:00
Eugen Rochko 84dc21d55d
Various improvements to single column layout (#10809)
- Add potential side panels to single column layout
- Hide FAB on large screens
2019-05-23 20:01:10 +02:00
ThibG 9a5561a5b8 Fix possible race condition when processing statuses (#10815) 2019-05-23 20:00:39 +02:00
nzws a1143a19c0 [Glitch] Fix stacking order of emoji picker
Port 8a378d4c3d to glitch-soc

Signed-off-by: Thibaut Girka <thib@sitedethib.com>
2019-05-23 19:16:42 +02:00
Thibaut Girka c0dc247bce Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- app/models/account.rb
- app/views/settings/profiles/show.html.haml
- spec/controllers/api/v1/accounts/credentials_controller_spec.rb

Conflicts were due to an increase in account bio length upstream, which
is already covered in glitch-soc through `MAX_BIO_CHARS`.
2019-05-23 19:01:30 +02:00
ThibG 89d600bedb Move signature verification stoplight to the requests themselves (#10813)
* Move signature verification stoplight to the requests themselves

This avoids blocking messages from known keys for 5 minutes when only one fails…

* Put the stoplight on the actual client IP, not a potential reverse proxy
2019-05-23 15:22:39 +02:00
Yamagishi Kazutoshi 369eb63321 Add sponsor button to GitHub web UI (#10814)
- https://help.github.com/en/articles/displaying-a-sponsor-button-in-your-repository
2019-05-23 15:00:54 +02:00
ThibG 9efcca3c54 Retry ActivityPub inbox delivery on HTTP 401 and 408 errors (#10812)
HTTP 401 responses returned by Mastodon's inbox controller may
be temporary if, for instance, the requesting user's actor/key json
could not be retrieved in a timely fashion. This changes allow retries
instead of dropping the message entirely.

Also added HTTP 408 as that error is by nature temporary.
2019-05-23 15:00:30 +02:00
Thibaut Girka 0744d6e571 Make headers font size proportional 2019-05-23 12:41:38 +02:00
Thibaut Girka 7c609bdab9 Allow rel=tag in status text
Fixes tag links in local Markdown or HTML-authored statuses
2019-05-23 12:28:33 +02:00
Eugen Rochko 9ddeb30f90
Add `forceSingleColumn` prop to `<UI />` (#10807)
* Move TabsBar rendering logic from CSS to the ColumnsArea component

* Add forceSingleColumn mode

* Add unread notifications counter to tabs bar

* Add toggle to control `forceSingleColumn`

* Increase paddings in mobile layout responsively at large sizes
2019-05-23 01:35:22 +02:00
abcang ca6c93a2f5 Migrate from uws to cws (#10805) 2019-05-22 18:19:16 +02:00
nzws 8a378d4c3d Fix stacking order of emoji picker (#10801) 2019-05-22 18:00:34 +02:00
dependabot[bot] ce8de3a6e5 Bump aws-sdk-s3 from 1.39.0 to 1.40.0 (#10803)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.39.0 to 1.40.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/v1.39.0...v1.40.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-22 22:31:05 +09:00
dependabot[bot] bc23de458e Bump rubocop from 0.69.0 to 0.70.0 (#10802)
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.69.0 to 0.70.0.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.69.0...v0.70.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-22 22:09:10 +09:00
dxwc ee0e68e97a i18n: Complete frontend Bengali translation (#10800)
* i18n: Complete frontend Bengali translation

* run yarn manage:translations
2019-05-22 10:00:58 +09:00
Thibaut Girka 2332b3f146 Fix local text/html toots not being sanitized 2019-05-21 23:12:43 +02:00
trwnh e3b39ea4a4 Update remote bio test from 160 to 500 (#10799) 2019-05-21 13:29:06 +02:00
Paul Woolcock 0c933c1b8c Add `account_id` param to `GET /api/v1/notifications` (#10796)
* Add `from_account` to notifications API

this adds the ability to filter notifications by the account they
originated from

* passing a non-existent user should cause none to be returned

* Fix codeclimate warnings

* fix more codeclimate warnings

* make requested changes:

* use account id instead of user@domain
* name the param `account_id` instead of `from_account`

* Don't use `return` in a lambda
2019-05-21 13:28:49 +02:00
dependabot[bot] 4d65740663 Bump httplog from 1.2.2 to 1.3.0 (#10795)
Bumps [httplog](https://github.com/trusche/httplog) from 1.2.2 to 1.3.0.
- [Release notes](https://github.com/trusche/httplog/releases)
- [Changelog](https://github.com/trusche/httplog/blob/master/CHANGELOG.md)
- [Commits](https://github.com/trusche/httplog/commits/v1.3.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-21 15:41:15 +09:00
Thibaut Girka 4fbce23992 Refactor contentType selection in glitch composer 2019-05-20 10:27:31 +02:00
Marek Ľach f261dadefa Update sk.yml (#10788)
* Update sk.yml

* Update sk.yml

* Update sk.yml

* Update sk.yml

* Update sk.yml

* Update sk.yml

* normalize
2019-05-20 15:42:19 +09:00
dependabot[bot] 77e2b68b66 Bump lograge from 0.11.0 to 0.11.1 (#10793)
Bumps [lograge](https://github.com/roidrage/lograge) from 0.11.0 to 0.11.1.
- [Release notes](https://github.com/roidrage/lograge/releases)
- [Changelog](https://github.com/roidrage/lograge/blob/master/CHANGELOG.md)
- [Commits](https://github.com/roidrage/lograge/compare/v0.11.0...v0.11.1)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-20 15:19:56 +09:00
dependabot[bot] ace6bd3570 Bump capybara from 3.20.0 to 3.20.2 (#10794)
Bumps [capybara](https://github.com/teamcapybara/capybara) from 3.20.0 to 3.20.2.
- [Release notes](https://github.com/teamcapybara/capybara/releases)
- [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md)
- [Commits](https://github.com/teamcapybara/capybara/compare/3.20.0...3.20.2)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-20 15:18:28 +09:00
Thibaut Girka 2cd7bfac23 Use glitch-soc's poll component instead of upstream's 2019-05-19 23:24:53 +02:00
trwnh a6caf919e2 Change bio limit from 160 to 500 (#10790)
* Change note_length validator from 160 to 500

* Change input maxlength from 160 to 500

* update bio test from 160 to 500

* Multiply a string 30 times instead of 10
2019-05-19 22:51:44 +02:00
ThibG 0998e3ade8
Merge pull request #1055 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
2019-05-19 22:07:42 +02:00
Thibaut Girka 08a2af27c3 Merge branch 'master' into glitch-soc/merge-upstream 2019-05-19 21:53:44 +02:00
ThibG 46811f92e4
Merge pull request #1054 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
2019-05-19 21:52:27 +02:00
ThibG ae18386558 Fix “invited by” not showing up for invited accounts in admin interface (#10791) 2019-05-19 21:40:36 +02:00
Marek Ľach 37a04c329c sk.yml grammar update (#10786)
* sk.yml grammar update

* bundle exec i18n-tasks normalize
2019-05-20 02:27:32 +09:00
Hinaloe bb9d7fad9f fix `isSubmitting` prop case (#10785) 2019-05-19 18:41:41 +02:00
Thibaut Girka f509815379 Merge branch 'master' into glitch-soc/merge-upstream 2019-05-19 17:46:31 +02:00
Marek Ľach 692e7cea2a Small corrections for sk translation (#10784) 2019-05-19 22:42:10 +09:00
ThibG 4edf5213dc Add post-deployment migration script to delete public-boosts-of-private-toots (#10783) 2019-05-19 13:49:31 +02:00
Shlee ab829d4aa8 Upgrade redis in docker-compose.yml from 4 to 5 (#9063) 2019-05-19 11:29:26 +02:00
Aditoo17 5ff06af2d2 I18n: Update Czech translation (#10781) 2019-05-19 14:39:16 +09:00
Ben Lubar 2f3e4a64be add og:image:alt for media attachments in embeds (#10779) 2019-05-18 20:57:45 +02:00
Eugen Rochko 6fe474837c
Change poll options to alphabetic letters when status text is hidden (#10685)
Fix #10569
2019-05-18 14:41:16 +02:00
Yusuke Nakamura 2c12620adb Remove 'Weblate' from CONTRIBUTING.md (#10778)
The mastodon project no longer used weblate to translate UI
sentences. (ref #10385)
2019-05-18 14:40:55 +02:00
ThibG 4beb8d7788
Merge pull request #1053 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
2019-05-18 10:18:52 +02:00
Thibaut Girka 6e227ecb04 Merge branch 'master' into glitch-soc/merge-upstream 2019-05-18 10:04:32 +02:00
ThibG a1519a8ef5 Prevent from publicly boosting one's own private toots (#10775) 2019-05-18 00:28:51 +02:00
Thibaut Girka 9ca21e93cc Minor optimization 2019-05-17 23:51:14 +02:00
Thibaut Girka 56245a2a72 Export fallback content type and use it as default in WebUI 2019-05-17 23:51:14 +02:00
Thibaut Girka dd5bf40b97 Properly escape HTML in code blocks 2019-05-17 23:51:14 +02:00