Merge commit 'e1d7efadc04dd0826c6bcfe43325688566e13881' into glitch-soc/merge-upstream

Conflicts:
- `app/models/status.rb`:
  Upstream refactored `visibility` handling to a concern, while glitch-soc had
  custom code adjacent to some of the changed lines.
  Applied upstream's changes.
- `lib/mastodon/version.rb`:
  Upstream moved some definitions to `config/mastodon.yml`, while glitch-soc's
  default github repository had been modified.
  Applied upstream's changes and updated `config/mastodon.yml` accordingly.

app/lib/activitypub/activity/announce.rb

@@ -3,6 +3,7 @@
 class ActivityPub::Activity::Announce < ActivityPub::Activity
   def perform
     return reject_payload! if delete_arrived_first?(@json['id']) || !related_to_local_activity?
+    return reject_payload! if @object.nil?
 
     with_redis_lock("announce:#{value_or_id(@object)}") do
       original_status = status_from_object

app/lib/activitypub/tag_manager.rb

@@ -86,8 +86,34 @@ class ActivityPub::TagManager
     account_status_shares_url(target.account, target)
   end
 
-  def followers_uri_for(target)
-    target.local? ? account_followers_url(target) : target.followers_url.presence
+  def following_uri_for(target, ...)
+    raise ArgumentError, 'target must be a local account' unless target.local?
+
+    account_following_index_url(target, ...)
+  end
+
+  def followers_uri_for(target, ...)
+    return target.followers_url.presence unless target.local?
+
+    account_followers_url(target, ...)
+  end
+
+  def collection_uri_for(target, ...)
+    raise NotImplementedError unless target.local?
+
+    account_collection_url(target, ...)
+  end
+
+  def inbox_uri_for(target)
+    raise NotImplementedError unless target.local?
+
+    target.instance_actor? ? instance_actor_inbox_url : account_inbox_url(target)
+  end
+
+  def outbox_uri_for(target, ...)
+    raise NotImplementedError unless target.local?
+
+    target.instance_actor? ? instance_actor_outbox_url(...) : account_outbox_url(target, ...)
   end
 
   # Primary audience of a status
@@ -99,7 +125,7 @@ class ActivityPub::TagManager
     when 'public'
       [COLLECTIONS[:public]]
     when 'unlisted', 'private'
-      [account_followers_url(status.account)]
+      [followers_uri_for(status.account)]
     when 'direct', 'limited'
       if status.account.silenced?
         # Only notify followers if the account is locally silenced
@@ -133,7 +159,7 @@ class ActivityPub::TagManager
 
     case status.visibility
     when 'public'
-      cc << account_followers_url(status.account)
+      cc << followers_uri_for(status.account)
     when 'unlisted'
       cc << COLLECTIONS[:public]
     end

app/lib/web_push_request.rb

@@ -2,7 +2,8 @@
 
 class WebPushRequest
   SIGNATURE_ALGORITHM = 'p256ecdsa'
-  AUTH_HEADER = 'WebPush'
+  LEGACY_AUTH_HEADER = 'WebPush'
+  STANDARD_AUTH_HEADER = 'vapid'
   PAYLOAD_EXPIRATION = 24.hours
   JWT_ALGORITHM = 'ES256'
   JWT_TYPE = 'JWT'
@@ -10,6 +11,7 @@ class WebPushRequest
   attr_reader :web_push_subscription
 
   delegate(
+    :standard,
     :endpoint,
     :key_auth,
     :key_p256dh,
@@ -24,20 +26,36 @@ class WebPushRequest
     @audience ||= Addressable::URI.parse(endpoint).normalized_site
   end
 
-  def authorization_header
-    [AUTH_HEADER, encoded_json_web_token].join(' ')
+  def legacy_authorization_header
+    [LEGACY_AUTH_HEADER, encoded_json_web_token].join(' ')
   end
 
   def crypto_key_header
     [SIGNATURE_ALGORITHM, vapid_key.public_key_for_push_header].join('=')
   end
 
-  def encrypt(payload)
+  def legacy_encrypt(payload)
+    Webpush::Legacy::Encryption.encrypt(payload, key_p256dh, key_auth)
+  end
+
+  def standard_authorization_header
+    [STANDARD_AUTH_HEADER, standard_vapid_value].join(' ')
+  end
+
+  def standard_encrypt(payload)
     Webpush::Encryption.encrypt(payload, key_p256dh, key_auth)
   end
 
+  def legacy
+    !standard
+  end
+
   private
 
+  def standard_vapid_value
+    "t=#{encoded_json_web_token},k=#{vapid_key.public_key_for_push_header}"
+  end
+
   def encoded_json_web_token
     JWT.encode(
       web_token_payload,