1. 28 Feb, 2020 1 commit
  2. 07 Aug, 2019 1 commit
  3. 10 Jul, 2019 1 commit
  4. 09 Jul, 2019 1 commit
  5. 06 Jul, 2019 1 commit
  6. 01 Jul, 2019 1 commit
  7. 21 Jun, 2019 1 commit
    • Eugen Rochko's avatar
      Change domain blocks to automatically support subdomains (#11138) · 707ddf78
      Eugen Rochko authored
      * Change domain blocks to automatically support subdomains
      If a more authoritative domain is blocked (example.com), then the
      same block will be applied to a subdomain (foo.example.com)
      * Match subdomains of existing accounts when blocking/unblocking domains
      * Improve code style
  8. 14 May, 2019 1 commit
    • ThibG's avatar
      Record account suspend/silence time and keep track of domain blocks (#10660) · 14f6ce28
      ThibG authored
      * Record account suspend/silence time and keep track of domain blocks
      * Also unblock users who were suspended/silenced before dates were recorded
      * Add tests
      * Keep track of suspending date for users suspended through the CLI
      * Show accurate number of accounts that would be affected by unsuspending an instance
      * Change migration to set silenced_at and suspended_at
      * Revert "Also unblock users who were suspended/silenced before dates were recorded"
      This reverts commit a015c65d2d1e28c7b7cfab8b3f8cd5fb48b8b71c.
      * Switch from using suspended and silenced to suspended_at and silenced_at
      * Add post-deployment migration script to remove `suspended` and `silenced` columns
      * Use Account#silence! and Account#suspend! instead of updating the underlying property
      * Add silenced_at and suspended_at migration to post-migration
      * Change account fabricator to translate suspended and silenced attributes
      * Minor fixes
      * Make unblocking domains always retroactive
  9. 28 Dec, 2018 1 commit
  10. 08 Nov, 2018 1 commit
    • Eugen Rochko's avatar
      Optimize the process of following someone (#9220) · 6d59dfa1
      Eugen Rochko authored
      * Eliminate extra accounts select query from FollowService
      * Optimistically update follow state in web UI and hide loading bar
      Fix #6205
      * Asynchronize NotifyService in FollowService
      And fix failing test
      * Skip Webfinger resolve routine when called from FollowService if possible
      If an account is ActivityPub, then webfinger re-resolving is not necessary
      when called from FollowService. Improve options of ResolveAccountService
  11. 16 May, 2018 1 commit
  12. 02 May, 2018 1 commit
  13. 02 Apr, 2018 1 commit
  14. 26 Mar, 2018 1 commit
    • Akihiko Odaki's avatar
      Validate HTTP response length while receiving (#6891) · 40e5d230
      Akihiko Odaki authored
      to_s method of HTTP::Response keeps blocking while it receives the whole
      content, no matter how it is big. This means it may waste time to receive
      unacceptably large files. It may also consume memory and disk in the
      process. This solves the inefficency by checking response length while
  15. 24 Mar, 2018 1 commit
  16. 22 Jan, 2018 1 commit
  17. 09 Dec, 2017 1 commit
  18. 17 Nov, 2017 1 commit
  19. 03 Oct, 2017 1 commit
    • Akihiko Odaki's avatar
      Validate id of ActivityPub representations (#5114) · 63f09797
      Akihiko Odaki authored
      Additionally, ActivityPub::FetchRemoteStatusService no longer parses
      OStatus::Activity::Creation no longer delegates to ActivityPub because
      the provided ActivityPub representations are not signed while OStatus
      representations are.
  20. 28 Sep, 2017 1 commit
  21. 17 Sep, 2017 1 commit
  22. 13 Sep, 2017 1 commit
    • ThibG's avatar
      Fix refollowing (#4931) · af00220d
      ThibG authored
      * Make RefollowWorker ActivityPub-only to avoid potential identifier mismatches
      * Don't call RefollowWorker on new accounts
  23. 12 Sep, 2017 1 commit
    • ThibG's avatar
      [WiP] Whenever a remote keypair changes, unfollow them and re-subscribe to … (#4907) · f29918e7
      ThibG authored
      * Whenever a remote keypair changes, unfollow them and re-subscribe to them
      In Mastodon (it could be different for other OStatus or AP-enabled software),
      a keypair change is indicative of whole user (or instance) data loss. In this
      situation, the “new” user might be different, and almost certainly has an empty
      followers list. In this case, Mastodon instances will disagree on follower
      lists, leading to unreliable delivery and “shadow followers”, that is users
      believed by a remote instance to be followers, without the affected user
      Drawbacks of this change are:
      1. If an user legitimately changes public key for some reason without losing
         data (not possible in Mastodon at the moment), they will have their remote
         followers unsubscribed/re-subscribed needlessly.
      2. Depending of the number of remote followers, this may generate quite some
      3. If the user change is an attempt at usurpation, the remote followers will
         unknowingly follow the usurper. Note that this is *not* a change of
         behavior, Mastodon already behaves like that, although delivery might be
         unreliable, and the usurper would not have known the former user's
      * Rename ResubscribeWorker to RefollowWorker
      * Process followers in batches
  24. 14 Aug, 2017 1 commit
  25. 08 Aug, 2017 1 commit
    • Eugen Rochko's avatar
      Add ActivityPub inbox (#4216) · dd7ef0dc
      Eugen Rochko authored
      * Add ActivityPub inbox
      * Handle ActivityPub deletes
      * Handle ActivityPub creates
      * Handle ActivityPub announces
      * Stubs for handling all activities that need to be handled
      * Add ActivityPub actor resolving
      * Handle conversation URI passing in ActivityPub
      * Handle content language in ActivityPub
      * Send accept header when fetching actor, handle JSON parse errors
      * Test for ActivityPub::FetchRemoteAccountService
      * Handle public key and icon/image when embedded/as array/as resolvable URI
      * Implement ActivityPub::FetchRemoteStatusService
      * Add stubs for more interactions
      * Undo activities implemented
      * Handle out of order activities
      * Hook up ActivityPub to ResolveRemoteAccountService, handle
      Update Account activities
      * Add fragment IDs to all transient activity serializers
      * Add tests and fixes
      * Add stubs for missing tests
      * Add more tests
      * Add more tests
  26. 19 Jul, 2017 2 commits
    • Eugen Rochko's avatar
      Fix webfinger retries (#4275) · 1fcdaafa
      Eugen Rochko authored
      * Do not raise unretryable exceptions in ResolveRemoteAccountService
      * Removed fatal exceptions from ResolveRemoteAccountService
      Exceptions that cannot be retried should not be raised. New exception
      class for those that can be retried (Mastodon::UnexpectedResponseError)
    • Eugen Rochko's avatar
      Refactor ResolveRemoteAccountService (#4258) · 8400bee3
      Eugen Rochko authored
      * Refactor ResolveRemoteAccountService
      * Remove trailing whitespace
      * Use redis locks around critical ResolveRemoteAccountService code
      * Add test for race condition of lock
  27. 14 Jul, 2017 1 commit
    • Eugen Rochko's avatar
      HTTP signatures (#4146) · 1618b68b
      Eugen Rochko authored
      * Add Request class with HTTP signature generator
      Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06
      * Add HTTP signature verification concern
      * Add test for SignatureVerification concern
      * Add basic test for Request class
      * Make PuSH subscribe/unsubscribe requests use new Request class
      Accidentally fix lease_seconds not being set and sent properly, and
      change the new minimum subscription duration to 1 day
      * Make all PuSH workers use new Request class
      * Make Salmon sender use new Request class
      * Make FetchLinkService use new Request class
      * Make FetchAtomService use the new Request class
      * Make Remotable use the new Request class
      * Make ResolveRemoteAccountService use the new Request class
      * Add more tests
      * Allow +-30 seconds window for signed request to remain valid
      * Disable time window validation for signed requests, restore 7 days
      as PuSH subscription duration (which was previous default due to a bug)
  28. 18 Jun, 2017 1 commit
  29. 15 Jun, 2017 1 commit
  30. 08 Jun, 2017 1 commit
  31. 06 May, 2017 1 commit
  32. 27 Apr, 2017 1 commit
    • Eugen Rochko's avatar
      OEmbed support for PreviewCard (#2337) · 88725d6c
      Eugen Rochko authored
      * OEmbed support for PreviewCard
      * Improve ProviderDiscovery code failure treatment
      * Do not crawl links if there is a content warning, since those
      don't display a link card anyway
      * Reset db schema
      * Fresh migrate
      * Fix rubocop style issues
      Fix #1681 - return existing access token when applicable instead of creating new
      * Fix test
      * Extract http client to helper
      * Improve oembed controller
  33. 25 Apr, 2017 1 commit
    • Eugen's avatar
      Punycode URI normalization (#2370) · 17c591ff
      Eugen authored
      * Fix #2119 - Whenever about to send a HTTP request, normalize the URI
      * Add test for IDN request in FetchLinkCardService
      * Perform IDN normalization on domains before they are stored in the DB
  34. 19 Apr, 2017 1 commit
  35. 16 Apr, 2017 1 commit
  36. 15 Apr, 2017 1 commit
    • ThibG's avatar
      Refresh webfinger (#1323) · 31f0bcf8
      ThibG authored
      * Refresh local info for remote accounts when webfinger returns new values
      It only refreshes account info if one of the URLs or the public-key changes,
      in which cases it refreshes the full info, re-downloading the feeds from that
      Some special handling should probably be done when the public key changes,
      but I have been unable to find any use for it in Mastodon yet.
      * Re-fetch remote users we aren't subscribed to.
      This might induce performance issues, we might want to only do that for users
      we explicitly attempted to subscribe but failed to.
      * Refactor changes
      * Do not refresh existing remote account details more than once a day
      * Avoid re-fetching webfinger info in tests unless otherwise specified
  37. 08 Apr, 2017 1 commit
    • Yann GUERN's avatar
      #1141 on remote follow · 485d75a8
      Yann GUERN authored
      The async action is send before persist, account.id not yet generated
      Pull queue receive 'nil' so no profile update.
  38. 07 Apr, 2017 1 commit
  39. 05 Apr, 2017 1 commit