Leatherface/mastodon
1
0
Fork 0
mirror of https://github.com/glitch-soc/mastodon.git synced 2025-12-13 15:58:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit '0ec6c26af3d7dc9a0eeb5631ebb9f56b724aaa8e' into glitch-soc/merge-upstream

Browse Source
This commit is contained in:
Claire
2025-06-20 12:01:02 +02:00
parent 33402722f3 0ec6c26af3
commit f8f458e5e6
11 changed files with 71 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.rubocop_todo.yml
View File

@@ -1,6 +1,6 @@
# This configuration was generated by # This configuration was generated by
# `rubocop --auto-gen-config --auto-gen-only-exclude --no-offense-counts --no-auto-gen-timestamp` # `rubocop --auto-gen-config --auto-gen-only-exclude --no-offense-counts --no-auto-gen-timestamp`
# using RuboCop version 1.76.1. # using RuboCop version 1.76.2.
# The point is for the user to remove these configuration records # The point is for the user to remove these configuration records
# one by one as the offenses are removed from the code base. # one by one as the offenses are removed from the code base.
# Note that changes in the inspected code, or installation of new # Note that changes in the inspected code, or installation of new

2
Gemfile
View File

@@ -111,7 +111,7 @@ group :opentelemetry do
gem 'opentelemetry-instrumentation-concurrent_ruby', '~> 0.22.0', require: false gem 'opentelemetry-instrumentation-concurrent_ruby', '~> 0.22.0', require: false
gem 'opentelemetry-instrumentation-excon', '~> 0.23.0', require: false gem 'opentelemetry-instrumentation-excon', '~> 0.23.0', require: false
gem 'opentelemetry-instrumentation-faraday', '~> 0.27.0', require: false gem 'opentelemetry-instrumentation-faraday', '~> 0.27.0', require: false
gem 'opentelemetry-instrumentation-http', '~> 0.24.0', require: false gem 'opentelemetry-instrumentation-http', '~> 0.25.0', require: false
gem 'opentelemetry-instrumentation-http_client', '~> 0.23.0', require: false gem 'opentelemetry-instrumentation-http_client', '~> 0.23.0', require: false
gem 'opentelemetry-instrumentation-net_http', '~> 0.23.0', require: false gem 'opentelemetry-instrumentation-net_http', '~> 0.23.0', require: false
gem 'opentelemetry-instrumentation-pg', '~> 0.30.0', require: false gem 'opentelemetry-instrumentation-pg', '~> 0.30.0', require: false

20
Gemfile.lock
View File

@@ -90,7 +90,9 @@ GEM
public_suffix (>= 2.0.2, < 7.0) public_suffix (>= 2.0.2, < 7.0)
aes_key_wrap (1.1.0) aes_key_wrap (1.1.0)
android_key_attestation (0.3.0) android_key_attestation (0.3.0)
annotaterb (4.15.0) annotaterb (4.16.0)
activerecord (>= 6.0.0)
activesupport (>= 6.0.0)
ast (2.4.3) ast (2.4.3)
attr_required (1.0.2) attr_required (1.0.2)
aws-eventstream (1.3.2) aws-eventstream (1.3.2)
@@ -178,7 +180,7 @@ GEM
database_cleaner-core (~> 2.0.0) database_cleaner-core (~> 2.0.0)
database_cleaner-core (2.0.1) database_cleaner-core (2.0.1)
date (3.4.1) date (3.4.1)
debug (1.10.0) debug (1.11.0)
irb (~> 1.10) irb (~> 1.10)
reline (>= 0.3.8) reline (>= 0.3.8)
debug_inspector (1.2.0) debug_inspector (1.2.0)
@@ -222,6 +224,7 @@ GEM
mail (~> 2.7) mail (~> 2.7)
email_validator (2.2.4) email_validator (2.2.4)
activemodel activemodel
erb (5.0.1)
erubi (1.13.1) erubi (1.13.1)
et-orbi (1.2.11) et-orbi (1.2.11)
tzinfo tzinfo
@@ -236,7 +239,7 @@ GEM
logger logger
faraday-follow_redirects (0.3.0) faraday-follow_redirects (0.3.0)
faraday (>= 1, < 3) faraday (>= 1, < 3)
faraday-httpclient (2.0.1) faraday-httpclient (2.0.2)
httpclient (>= 2.2) httpclient (>= 2.2)
faraday-net_http (3.4.0) faraday-net_http (3.4.0)
net-http (>= 0.5.0) net-http (>= 0.5.0)
@@ -550,7 +553,7 @@ GEM
opentelemetry-instrumentation-faraday (0.27.0) opentelemetry-instrumentation-faraday (0.27.0)
opentelemetry-api (~> 1.0) opentelemetry-api (~> 1.0)
opentelemetry-instrumentation-base (~> 0.23.0) opentelemetry-instrumentation-base (~> 0.23.0)
opentelemetry-instrumentation-http (0.24.0) opentelemetry-instrumentation-http (0.25.0)
opentelemetry-api (~> 1.0) opentelemetry-api (~> 1.0)
opentelemetry-instrumentation-base (~> 0.23.0) opentelemetry-instrumentation-base (~> 0.23.0)
opentelemetry-instrumentation-http_client (0.23.0) opentelemetry-instrumentation-http_client (0.23.0)
@@ -705,7 +708,8 @@ GEM
link_header (~> 0.0, >= 0.0.8) link_header (~> 0.0, >= 0.0.8)
rdf-normalize (0.7.0) rdf-normalize (0.7.0)
rdf (~> 3.3) rdf (~> 3.3)
rdoc (6.13.1) rdoc (6.14.0)
erb
psych (>= 4.0.0) psych (>= 4.0.0)
redcarpet (3.6.1) redcarpet (3.6.1)
redis (4.8.1) redis (4.8.1)
@@ -757,7 +761,7 @@ GEM
rspec-mocks (~> 3.0) rspec-mocks (~> 3.0)
sidekiq (>= 5, < 9) sidekiq (>= 5, < 9)
rspec-support (3.13.3) rspec-support (3.13.3)
rubocop (1.76.1) rubocop (1.76.2)
json (~> 2.3) json (~> 2.3)
language_server-protocol (~> 3.17.0.2) language_server-protocol (~> 3.17.0.2)
lint_roller (~> 1.1.0) lint_roller (~> 1.1.0)
@@ -765,7 +769,7 @@ GEM
parser (>= 3.3.0.2) parser (>= 3.3.0.2)
rainbow (>= 2.2.2, < 4.0) rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 2.9.3, < 3.0) regexp_parser (>= 2.9.3, < 3.0)
rubocop-ast (>= 1.45.0, < 2.0) rubocop-ast (>= 1.45.1, < 2.0)
ruby-progressbar (~> 1.7) ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 4.0) unicode-display_width (>= 2.4.0, < 4.0)
rubocop-ast (1.45.1) rubocop-ast (1.45.1)
@@ -1027,7 +1031,7 @@ DEPENDENCIES
opentelemetry-instrumentation-concurrent_ruby (~> 0.22.0) opentelemetry-instrumentation-concurrent_ruby (~> 0.22.0)
opentelemetry-instrumentation-excon (~> 0.23.0) opentelemetry-instrumentation-excon (~> 0.23.0)
opentelemetry-instrumentation-faraday (~> 0.27.0) opentelemetry-instrumentation-faraday (~> 0.27.0)
opentelemetry-instrumentation-http (~> 0.24.0) opentelemetry-instrumentation-http (~> 0.25.0)
opentelemetry-instrumentation-http_client (~> 0.23.0) opentelemetry-instrumentation-http_client (~> 0.23.0)
opentelemetry-instrumentation-net_http (~> 0.23.0) opentelemetry-instrumentation-net_http (~> 0.23.0)
opentelemetry-instrumentation-pg (~> 0.30.0) opentelemetry-instrumentation-pg (~> 0.30.0)

2
app/controllers/concerns/signature_verification.rb
View File

@@ -82,7 +82,7 @@ module SignatureVerification
end end
def actor_from_key_id def actor_from_key_id
key_id = signature_key_id key_id = signed_request.key_id
domain = key_id.start_with?('acct:') ? key_id.split('@').last : key_id domain = key_id.start_with?('acct:') ? key_id.split('@').last : key_id
if domain_not_allowed?(domain) if domain_not_allowed?(domain)

5
app/javascript/mastodon/components/status_banner.tsx
View File

@@ -8,6 +8,10 @@ export enum BannerVariant {
Filter = 'filter', Filter = 'filter',
} }
const stopPropagation: MouseEventHandler = (e) => {
e.stopPropagation();
};
export const StatusBanner: React.FC<{ export const StatusBanner: React.FC<{
children: React.ReactNode; children: React.ReactNode;
variant: BannerVariant; variant: BannerVariant;
@@ -38,6 +42,7 @@ export const StatusBanner: React.FC<{
: 'content-warning content-warning--filter' : 'content-warning content-warning--filter'
} }
onClick={forwardClick} onClick={forwardClick}
onMouseUp={stopPropagation}
> >
<p id={descriptionId}>{children}</p> <p id={descriptionId}>{children}</p>

1
app/javascript/styles/mastodon/_variables.scss
View File

@@ -96,6 +96,7 @@ $media-modal-media-max-width: 100%;
$media-modal-media-max-height: 80%; $media-modal-media-max-height: 80%;
$no-gap-breakpoint: 1175px; $no-gap-breakpoint: 1175px;
$mobile-menu-breakpoint: 760px;
$mobile-breakpoint: 630px; $mobile-breakpoint: 630px;
$no-columns-breakpoint: 600px; $no-columns-breakpoint: 600px;

25
app/javascript/styles/mastodon/components.scss
View File

@@ -294,7 +294,7 @@
&:hover, &:hover,
&:active, &:active,
&:focus { &:focus-visible {
color: lighten($action-button-color, 7%); color: lighten($action-button-color, 7%);
background-color: rgba($action-button-color, 0.15); background-color: rgba($action-button-color, 0.15);
} }
@@ -314,7 +314,7 @@
&:hover, &:hover,
&:active, &:active,
&:focus { &:focus-visible {
color: darken($lighter-text-color, 7%); color: darken($lighter-text-color, 7%);
background-color: rgba($lighter-text-color, 0.15); background-color: rgba($lighter-text-color, 0.15);
} }
@@ -334,7 +334,7 @@
&:hover, &:hover,
&:active, &:active,
&:focus { &:focus-visible {
color: $highlight-text-color; color: $highlight-text-color;
background-color: transparent; background-color: transparent;
} }
@@ -2863,17 +2863,18 @@ a.account__display-name {
} }
.ui__navigation-bar { .ui__navigation-bar {
position: sticky; position: fixed;
bottom: 0; bottom: 0;
background: var(--background-color);
backdrop-filter: var(--background-filter);
border-top: 1px solid var(--background-border-color);
z-index: 3; z-index: 3;
display: flex; display: flex;
align-items: center; align-items: center;
justify-content: space-between; justify-content: space-between;
width: 100%;
gap: 8px; gap: 8px;
padding-bottom: env(safe-area-inset-bottom); padding-bottom: env(safe-area-inset-bottom);
background: var(--background-color);
backdrop-filter: var(--background-filter);
border-top: 1px solid var(--background-border-color);
.layout-multiple-columns & { .layout-multiple-columns & {
display: none; display: none;
@@ -2984,11 +2985,20 @@ a.account__display-name {
} }
.ui { .ui {
--mobile-bottom-nav-height: 55px;
--last-content-item-border-width: 2px;
flex: 0 0 auto; flex: 0 0 auto;
display: flex; display: flex;
flex-direction: column; flex-direction: column;
width: 100%; width: 100%;
height: 100%; height: 100%;
@media (max-width: #{$mobile-menu-breakpoint - 1}) {
padding-bottom: calc(
var(--mobile-bottom-nav-height) - var(--last-content-item-border-width)
);
}
} }
.drawer { .drawer {
@@ -3475,6 +3485,7 @@ a.account__display-name {
&__header { &__header {
display: flex; display: flex;
align-items: center; align-items: center;
padding-inline-end: 4px;
&__sep { &__sep {
width: 0; width: 0;

4
app/lib/emoji_formatter.rb
View File

@@ -46,12 +46,12 @@ class EmojiFormatter
if inside_shortname && text[i] == ':' if inside_shortname && text[i] == ':'
inside_shortname = false inside_shortname = false
shortcode = text[shortname_start_index + 1..i - 1] shortcode = text[(shortname_start_index + 1)..(i - 1)]
char_after = text[i + 1] char_after = text[i + 1]
next unless (char_after.nil? || !DISALLOWED_BOUNDING_REGEX.match?(char_after)) && (emoji = emoji_map[shortcode]) next unless (char_after.nil? || !DISALLOWED_BOUNDING_REGEX.match?(char_after)) && (emoji = emoji_map[shortcode])
result << tree.document.create_text_node(text[last_index..shortname_start_index - 1]) if shortname_start_index.positive? result << tree.document.create_text_node(text[last_index..(shortname_start_index - 1)]) if shortname_start_index.positive?
result << tree.document.fragment(tag_for_emoji(shortcode, emoji)) result << tree.document.fragment(tag_for_emoji(shortcode, emoji))
last_index = i + 1 last_index = i + 1

2
app/lib/text_formatter.rb
View File

@@ -58,7 +58,7 @@ class TextFormatter
prefix = url.match(URL_PREFIX_REGEX).to_s prefix = url.match(URL_PREFIX_REGEX).to_s
display_url = url[prefix.length, 30] display_url = url[prefix.length, 30]
suffix = url[prefix.length + 30..] suffix = url[(prefix.length + 30)..]
cutoff = url[prefix.length..].length > 30 cutoff = url[prefix.length..].length > 30
if suffix && suffix.length == 1 # revert truncation to account for ellipsis if suffix && suffix.length == 1 # revert truncation to account for ellipsis

4
config/initializers/ffmpeg.rb
View File

@@ -1,6 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
Rails.application.configure do Rails.application.configure do
config.x.ffmpeg_binary = ENV['FFMPEG_BINARY'] || 'ffmpeg' config.x.ffmpeg_binary = ENV.fetch('FFMPEG_BINARY', 'ffmpeg')
config.x.ffprobe_binary = ENV['FFPROBE_BINARY'] || 'ffprobe' config.x.ffprobe_binary = ENV.fetch('FFPROBE_BINARY', 'ffprobe')
end end

27
spec/requests/signature_verification_spec.rb
View File

@@ -352,6 +352,33 @@ RSpec.describe 'signature verification concern' do
end end
end end
# TODO: Remove when feature is enabled
context 'with an HTTP Message Signature (final RFC version) when support is disabled' do
before { Fabricate(:account, domain: 'remote.domain', uri: 'https://remote.domain/users/bob', private_key: nil, public_key: actor_keypair.public_key.to_pem) }
context 'with a valid signature on a GET request' do
let(:signature_input) do
'sig1=("@method" "@target-uri");created=1703066400;keyid="https://remote.domain/users/bob#main-key"'
end
let(:signature_header) do
'sig1=:WfM6q/qBqhUyqPUDt9metjadJGtLLpmMTBzk/t+R3byKe4/TGAXC6vBB/M6NsD5qv8GCmQGtisCMQxJQO0IGODGzi+Jv+eqDJ50agMVXNV6nUOzY44c4/XTPoI98qyx1oEMa4Hefy3vSYKq96iDVAc+RDLCMTeGP3wn9wizjD1SNmU0RZI1bTB+eCkywMP9mM5zXzUOYF+Qkuf+WdEpPR1XUGPlnqfdvPalcKVfaI/VThBjI91D/lmUGoa69x4EBEHM+aJmW6086e7/dVh+FndKkdGfXslZXFZKi2flTGQZgEWLn948SqAaJQROkJg8B14Sb1NONS1qZBhK3Mum8Pg==:' # rubocop:disable Layout/LineLength
end
it 'cannot verify signature', :aggregate_failures do
get '/activitypub/signature_required', headers: {
'Host' => 'www.example.com',
'Signature-Input' => signature_input,
'Signature' => signature_header,
}
expect(response).to have_http_status(401)
expect(response.parsed_body).to match(
error: 'Error parsing signature parameters'
)
end
end
end
context 'with an HTTP Message Signature (final RFC version)', feature: :http_message_signatures do context 'with an HTTP Message Signature (final RFC version)', feature: :http_message_signatures do
context 'with a known account' do context 'with a known account' do
let!(:actor) { Fabricate(:account, domain: 'remote.domain', uri: 'https://remote.domain/users/bob', private_key: nil, public_key: actor_keypair.public_key.to_pem) } let!(:actor) { Fabricate(:account, domain: 'remote.domain', uri: 'https://remote.domain/users/bob', private_key: nil, public_key: actor_keypair.public_key.to_pem) }