Merge pull request #1158 from ThibG/glitch-soc/merge-upstream

Merge upstream changes

Dockerfile

@@ -112,6 +112,7 @@ ENV NODE_ENV="production"
 
 # Tell rails to serve static files
 ENV RAILS_SERVE_STATIC_FILES="true"
+ENV BIND="0.0.0.0"
 
 # Set the run user
 USER mastodon

Gemfile

@@ -5,7 +5,7 @@ ruby '>= 2.4.0', '< 2.7.0'
 
 gem 'pkg-config', '~> 1.3'
 
-gem 'puma', '~> 3.12'
+gem 'puma', '~> 4.0'
 gem 'rails', '~> 5.2.3'
 gem 'thor', '~> 0.20'
 
@@ -59,6 +59,7 @@ gem 'idn-ruby', require: 'idn'
 gem 'kaminari', '~> 1.1'
 gem 'link_header', '~> 0.0'
 gem 'mime-types', '~> 3.2', require: 'mime/types/columnar'
+gem 'nilsimsa', git: 'https://github.com/witgo/nilsimsa', ref: 'fd184883048b922b176939f851338d0a4971a532'
 gem 'nokogiri', '~> 1.10'
 gem 'nsa', '~> 0.2'
 gem 'oj', '~> 3.7'
@@ -67,7 +68,7 @@ gem 'ox', '~> 2.11'
 gem 'posix-spawn', git: 'https://github.com/rtomayko/posix-spawn', ref: '58465d2e213991f8afb13b984854a49fcdcc980c'
 gem 'pundit', '~> 2.0'
 gem 'premailer-rails'
-gem 'rack-attack', '~> 6.0'
+gem 'rack-attack', '~> 6.1'
 gem 'rack-cors', '~> 1.0', require: 'rack/cors'
 gem 'rails-i18n', '~> 5.1'
 gem 'rails-settings-cached', '~> 0.6'

Gemfile.lock

@@ -12,6 +12,13 @@ GIT
  specs:
  http_parser.rb (0.6.1)
 
+GIT
+ remote: https://github.com/witgo/nilsimsa
+ revision: fd184883048b922b176939f851338d0a4971a532
+ ref: fd184883048b922b176939f851338d0a4971a532
+ specs:
+ nilsimsa (1.1.2)
+
 GEM
  remote: https://rubygems.org/
  specs:
@@ -423,12 +430,13 @@ GEM
  pry-rails (0.3.9)
  pry (>= 0.10.4)
  public_suffix (3.1.1)
- puma (3.12.1)
+ puma (4.0.1)
+ nio4r (~> 2.0)
  pundit (2.0.1)
  activesupport (>= 3.0.0)
  raabro (1.1.6)
  rack (2.0.7)
- rack-attack (6.0.0)
+ rack-attack (6.1.0)
  rack (>= 1.0, < 3)
  rack-cors (1.0.3)
  rack-protection (2.0.5)
@@ -534,7 +542,7 @@ GEM
  rainbow (>= 2.2.2, < 4.0)
  ruby-progressbar (~> 1.7)
  unicode-display_width (>= 1.4.0, < 1.7)
- rubocop-rails (2.2.0)
+ rubocop-rails (2.2.1)
  rack (>= 1.1)
  rubocop (>= 0.72.0)
  ruby-progressbar (1.10.1)
@@ -588,7 +596,7 @@ GEM
  stoplight (2.1.3)
  streamio-ffmpeg (3.0.2)
  multi_json (~> 1.8)
- strong_migrations (0.4.0)
+ strong_migrations (0.4.1)
  activerecord (>= 5)
  temple (0.8.1)
  terminal-table (1.8.0)
@@ -708,6 +716,7 @@ DEPENDENCIES
  microformats (~> 4.1)
  mime-types (~> 3.2)
  net-ldap (~> 0.10)
+ nilsimsa!
  nokogiri (~> 1.10)
  nsa (~> 0.2)
  oj (~> 3.7)
@@ -727,9 +736,9 @@ DEPENDENCIES
  private_address_check (~> 0.5)
  pry-byebug (~> 3.7)
  pry-rails (~> 0.3)
- puma (~> 3.12)
+ puma (~> 4.0)
  pundit (~> 2.0)
- rack-attack (~> 6.0)
+ rack-attack (~> 6.1)
  rack-cors (~> 1.0)
  rails (~> 5.2.3)
  rails-controller-testing (~> 1.0)

app/controllers/about_controller.rb

@@ -4,13 +4,17 @@ class AboutController < ApplicationController
  before_action :set_pack
  layout 'public'
 
- before_action :set_instance_presenter, only: [:show, :more, :terms]
+ before_action :set_body_classes, only: :show
+ before_action :set_instance_presenter
+ before_action :set_expires_in
 
- def show
- @hide_navbar = true
- end
+ skip_before_action :check_user_permissions, only: [:more, :terms]
 
- def more; end
+ def show; end
+
+ def more
+ flash.now[:notice] = I18n.t('about.instance_actor_flash') if params[:instance_actor]
+ end
 
  def terms; end
 
@@ -32,4 +36,12 @@ def set_pack
  def set_instance_presenter
  @instance_presenter = InstancePresenter.new
  end
+
+ def set_body_classes
+ @hide_navbar = true
+ end
+
+ def set_expires_in
+ expires_in 0, public: true
+ end
 end

app/controllers/accounts_controller.rb

@@ -4,16 +4,17 @@ class AccountsController < ApplicationController
  PAGE_SIZE = 20
 
  include AccountControllerConcern
+ include SignatureAuthentication
 
  before_action :set_cache_headers
+ before_action :set_body_classes
 
  def show
  respond_to do |format|
  format.html do
  use_pack 'public'
- mark_cacheable! unless user_signed_in?
+ expires_in 0, public: true unless user_signed_in?
 
- @body_classes = 'with-modals'
  @pinned_statuses = []
  @endorsed_accounts = @account.endorsed_accounts.to_a.sample(4)
 
@@ -32,30 +33,26 @@ def show
  end
  end
 
- format.atom do
- mark_cacheable!
-
- @entries = @account.stream_entries.where(hidden: false).with_includes.paginate_by_max_id(PAGE_SIZE, params[:max_id], params[:since_id])
- render xml: OStatus::AtomSerializer.render(OStatus::AtomSerializer.new.feed(@account, @entries.reject { |entry| entry.status.nil? || entry.status.local_only? }))
- end
-
  format.rss do
- mark_cacheable!
+ expires_in 0, public: true
 
  @statuses = cache_collection(default_statuses.without_reblogs.without_replies.limit(PAGE_SIZE), Status)
  render xml: RSS::AccountSerializer.render(@account, @statuses)
  end
 
  format.json do
- render_cached_json(['activitypub', 'actor', @account], content_type: 'application/activity+json') do
- ActiveModelSerializers::SerializableResource.new(@account, serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter)
- end
+ expires_in 3.minutes, public: !(authorized_fetch_mode? && signed_request_account.present?)
+ render json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter, fields: restrict_fields_to
  end
  end
  end
 
  private
 
+ def set_body_classes
+ @body_classes = 'with-modals'
+ end
+
  def show_pinned_statuses?
  [replies_requested?, media_requested?, tag_requested?, params[:max_id].present?, params[:min_id].present?].none?
  end
@@ -137,4 +134,12 @@ def filtered_status_page(params)
  filtered_statuses.paginate_by_max_id(PAGE_SIZE, params[:max_id], params[:since_id]).to_a
  end
  end
+
+ def restrict_fields_to
+ if signed_request_account.present? || public_fetch_mode?
+ # Return all fields
+ else
+ %i(id type preferred_username inbox public_key endpoints)
+ end
+ end
 end

app/controllers/activitypub/base_controller.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class ActivityPub::BaseController < Api::BaseController
+ private
+
+ def set_cache_headers
+ response.headers['Vary'] = 'Signature' if authorized_fetch_mode?
+ end
+end

app/controllers/activitypub/collections_controller.rb

@@ -1,30 +1,21 @@
 # frozen_string_literal: true
 
-class ActivityPub::CollectionsController < Api::BaseController
+class ActivityPub::CollectionsController < ActivityPub::BaseController
  include SignatureVerification
+ include AccountOwnedConcern
 
- before_action :set_account
+ before_action :require_signature!, if: :authorized_fetch_mode?
  before_action :set_size
  before_action :set_statuses
  before_action :set_cache_headers
 
  def show
- render_cached_json(['activitypub', 'collection', @account, params[:id]], content_type: 'application/activity+json') do
- ActiveModelSerializers::SerializableResource.new(
- collection_presenter,
- serializer: ActivityPub::CollectionSerializer,
- adapter: ActivityPub::Adapter,
- skip_activities: true
- )
- end
+ expires_in 3.minutes, public: public_fetch_mode?
+ render json: collection_presenter, content_type: 'application/activity+json', serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, skip_activities: true
  end
 
  private
 
- def set_account
- @account = Account.find_local!(params[:account_username])
- end
-
  def set_statuses
  @statuses = scope_for_collection
  @statuses = cache_collection(@statuses, Status)

app/controllers/activitypub/inboxes_controller.rb

@@ -3,38 +3,42 @@
 class ActivityPub::InboxesController < Api::BaseController
  include SignatureVerification
  include JsonLdHelper
+ include AccountOwnedConcern
 
- before_action :set_account
+ before_action :skip_unknown_actor_delete
+ before_action :require_signature!
 
  def create
- if unknown_deleted_account?
- head 202
- elsif signed_request_account
- upgrade_account
- process_payload
- head 202
- else
- render plain: signature_verification_failure_reason, status: 401
- end
+ upgrade_account
+ process_payload
+ head 202
  end
 
  private
 
+ def skip_unknown_actor_delete
+ head 202 if unknown_deleted_account?
+ end
+
  def unknown_deleted_account?
  json = Oj.load(body, mode: :strict)
- json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
+ json.is_a?(Hash) && json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
  rescue Oj::ParseError
  false
  end
 
- def set_account
- @account = Account.find_local!(params[:account_username]) if params[:account_username]
+ def account_required?
+ params[:account_username].present?
  end
 
  def body
  return @body if defined?(@body)
- @body = request.body.read.force_encoding('UTF-8')
+
+ @body = request.body.read
+ @body.force_encoding('UTF-8') if @body.present?
+
  request.body.rewind if request.body.respond_to?(:rewind)
+
  @body
  end
 
@@ -44,7 +48,6 @@ def upgrade_account
  ResolveAccountWorker.perform_async(signed_request_account.acct)
  end
 
- Pubsubhubbub::UnsubscribeWorker.perform_async(signed_request_account.id) if signed_request_account.subscribed?
  DeliveryFailureTracker.track_inverse_success!(signed_request_account)
  end
 

app/controllers/activitypub/outboxes_controller.rb

@@ -1,26 +1,22 @@
 # frozen_string_literal: true
 
-class ActivityPub::OutboxesController < Api::BaseController
+class ActivityPub::OutboxesController < ActivityPub::BaseController
  LIMIT = 20
 
  include SignatureVerification
+ include AccountOwnedConcern
 
- before_action :set_account
+ before_action :require_signature!, if: :authorized_fetch_mode?
  before_action :set_statuses
  before_action :set_cache_headers
 
  def show
- expires_in 1.minute, public: true unless page_requested?
-
+ expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode?)
  render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
  end
 
  private
 
- def set_account
- @account = Account.find_local!(params[:account_username])
- end
-
  def outbox_presenter
  if page_requested?
  ActivityPub::CollectionPresenter.new(