closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6442 Commits
4 Branches
567 MiB
Tree: 3281df0df1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3281df0df1'
${ noResults }
mastodon/app/controllers/stream_entries_controller.rb

65 lines
1.8 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
8 years ago
Refactoring Grape API methods into normal controllers & other things
8 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Adjusting design of profile and entry pages, linkify mentions in statuses
8 years ago
Refactoring Grape API methods into normal controllers & other things
8 years ago
Fix #24 - Thread resolving for remote statuses This is a big one, so let me enumerate: Accounts as well as stream entry pages now contain Link headers that reference the Atom feed and Webfinger URL for the former and Atom entry for the latter. So you only need to HEAD those resources to get that information, no need to download and parse HTML <link>s. ProcessFeedService will now queue ThreadResolveWorker for each remote status that it cannot find otherwise. Furthermore, entries are now processed in reverse order (from bottom to top) in case a newer entry references a chronologically previous one. ThreadResolveWorker uses FetchRemoteStatusService to obtain a status and attach the child status it was queued for to it. FetchRemoteStatusService looks up the URL, first with a HEAD, tests if it's an Atom feed, in which case it processes it directly. Next for Link headers to the Atom feed, in which case that is fetched and processed. Lastly if it's HTML, it is checked for <link>s to the Atom feed, and if such is found, that is fetched and processed. The account for the status is derived from author/name attribute in the XML and the hostname in the URL (domain). FollowRemoteAccountService and ProcessFeedService are used. This means that potentially threads are resolved recursively until a dead-end is encountered, however it is performed asynchronously over background jobs, so it should be ok.
8 years ago
Add filters for suspended accounts
8 years ago
Allow HTTP caching of atom-rendered public toots (OStatus compatibility) (#6207)
6 years ago
Refactoring Grape API methods into normal controllers & other things
8 years ago
Catching more exceptions that slipped through, removing AR logging from production as it's very verbose and not very useful
8 years ago
Redirect to account status page for page of status stream entry (#7104) Commit 519119f657cf97ec187008a28dba00c1125a9292 missed a change for stream entry page. Instead of duplicating the change, redirect to account status page. It would also help crawlers (of search engines, for example) to understand a stream entry URL and its corresponding status URL points to the same page.
6 years ago
Catching more exceptions that slipped through, removing AR logging from production as it's very verbose and not very useful
8 years ago
Rewrite Atom generation from stream entries to use Ox instead of Nokogiri (#1124) * Rewrite Atom generation from stream entries to use Ox instead of Nokogiri::Builder StreamEntry is now limited to only statuses, which allows some optimization. Removed extra queries on AccountsController#show. AtomSerializer instead of AtomBuilderHelper used in AccountsController#show, StreamEntriesController#show, StreamEntryRenderer and PubSubHubbub::DistributionWorker PubSubHubbub::DistributionWorker moves n+1 DomainBlock query to PubSubHubbub::DeliveryWorker instead. All Salmon slaps that aren't based on StreamEntry still use AtomBuilderHelper and Nokogiri * All Salmon slaps now use Ox instead of Nokogiri. No touch from status on account
7 years ago
Allow HTTP caching of atom-rendered public toots (OStatus compatibility) (#6207)
6 years ago
Fix "Show more" URL on paginated threads for remote statuses (#7285) * Fix URL of "Show more" link in paginated threads (ancestors side) Increase item limits in threads Fix #7268 * Fix "Show more" link in paginated threads (descendants side)
6 years ago
Correct OStatus inflection (Ostatus -> OStatus) (#4255)
7 years ago
Rewrite Atom generation from stream entries to use Ox instead of Nokogiri (#1124) * Rewrite Atom generation from stream entries to use Ox instead of Nokogiri::Builder StreamEntry is now limited to only statuses, which allows some optimization. Removed extra queries on AccountsController#show. AtomSerializer instead of AtomBuilderHelper used in AccountsController#show, StreamEntriesController#show, StreamEntryRenderer and PubSubHubbub::DistributionWorker PubSubHubbub::DistributionWorker moves n+1 DomainBlock query to PubSubHubbub::DeliveryWorker instead. All Salmon slaps that aren't based on StreamEntry still use AtomBuilderHelper and Nokogiri * All Salmon slaps now use Ox instead of Nokogiri. No touch from status on account
7 years ago
Refactoring Grape API methods into normal controllers & other things
8 years ago
Add OEmbed iframe HTML, convert emojis on public pages, increase size of attachment thumbnails
7 years ago
Update status embeds (#4742) - Use statuses controller for embeds instead of stream entries controller - Prefer /@:username/:id/embed URL for embeds - Use /@:username as author_url in OEmbed - Add follow link to embeds which opens web intent in new window - Use redis cache in development - Cache entire embed
7 years ago
Add OEmbed iframe HTML, convert emojis on public pages, increase size of attachment thumbnails
7 years ago
Refactoring Grape API methods into normal controllers & other things
8 years ago
Case-insensitive search by usernames
8 years ago
Refactoring Grape API methods into normal controllers & other things
8 years ago
Fix #24 - Thread resolving for remote statuses This is a big one, so let me enumerate: Accounts as well as stream entry pages now contain Link headers that reference the Atom feed and Webfinger URL for the former and Atom entry for the latter. So you only need to HEAD those resources to get that information, no need to download and parse HTML <link>s. ProcessFeedService will now queue ThreadResolveWorker for each remote status that it cannot find otherwise. Furthermore, entries are now processed in reverse order (from bottom to top) in case a newer entry references a chronologically previous one. ThreadResolveWorker uses FetchRemoteStatusService to obtain a status and attach the child status it was queued for to it. FetchRemoteStatusService looks up the URL, first with a HEAD, tests if it's an Atom feed, in which case it processes it directly. Next for Link headers to the Atom feed, in which case that is fetched and processed. Lastly if it's HTML, it is checked for <link>s to the Atom feed, and if such is found, that is fetched and processed. The account for the status is derived from author/name attribute in the XML and the hostname in the URL (domain). FollowRemoteAccountService and ProcessFeedService are used. This means that potentially threads are resolved recursively until a dead-end is encountered, however it is performed asynchronously over background jobs, so it should be ok.
8 years ago
Add alternate links to ActivityPub resources from HTML/HEAD variants (#4586)
7 years ago
Fix #24 - Thread resolving for remote statuses This is a big one, so let me enumerate: Accounts as well as stream entry pages now contain Link headers that reference the Atom feed and Webfinger URL for the former and Atom entry for the latter. So you only need to HEAD those resources to get that information, no need to download and parse HTML <link>s. ProcessFeedService will now queue ThreadResolveWorker for each remote status that it cannot find otherwise. Furthermore, entries are now processed in reverse order (from bottom to top) in case a newer entry references a chronologically previous one. ThreadResolveWorker uses FetchRemoteStatusService to obtain a status and attach the child status it was queued for to it. FetchRemoteStatusService looks up the URL, first with a HEAD, tests if it's an Atom feed, in which case it processes it directly. Next for Link headers to the Atom feed, in which case that is fetched and processed. Lastly if it's HTML, it is checked for <link>s to the Atom feed, and if such is found, that is fetched and processed. The account for the status is derived from author/name attribute in the XML and the hostname in the URL (domain). FollowRemoteAccountService and ProcessFeedService are used. This means that potentially threads are resolved recursively until a dead-end is encountered, however it is performed asynchronously over background jobs, so it should be ok.
8 years ago
Refactoring Grape API methods into normal controllers & other things
8 years ago
Do not display non-Status stream entries anymore
7 years ago
Adjusting public display of statuses to look similar to logged-in UI, fix #361 with rich OEmbed display via iframe, fix #237 by hiding sensitive content behind a spoiler on public pages
7 years ago
Follow call on locked account creates follow request instead Reflect "requested" relationship in API and UI Reflect inability of private posts to be reblogged in the UI Disable Webfinger for locked accounts
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Refactoring Grape API methods into normal controllers & other things
8 years ago
Add filters for suspended accounts
8 years ago
Fix wrong HTTP status codes on error pages
7 years ago
Add filters for suspended accounts
8 years ago
Refactoring Grape API methods into normal controllers & other things
8 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class StreamEntriesController < ApplicationController
  4.   include Authorization
  5.   include SignatureVerification
  6. 

  7.   layout 'public'
  8. 

  9.   before_action :set_account
  10.   before_action :set_stream_entry
  11.   before_action :set_link_headers
  12.   before_action :check_account_suspension
  13.   before_action :set_cache_headers
  14. 

  15.   def show
  16.     respond_to do |format|
  17.       format.html do
  18.         redirect_to short_account_status_url(params[:account_username], @stream_entry.activity) if @type == 'status'
  19.       end
  20. 

  21.       format.atom do
  22.         unless @stream_entry.hidden?
  23.           skip_session!
  24.           expires_in 3.minutes, public: true
  25.         end
  26. 

  27.         render xml: OStatus::AtomSerializer.render(OStatus::AtomSerializer.new.entry(@stream_entry, true))
  28.       end
  29.     end
  30.   end
  31. 

  32.   def embed
  33.     redirect_to embed_short_account_status_url(@account, @stream_entry.activity), status: 301

  34.   end
  35. 

  36.   private
  37. 

  38.   def set_account
  39.     @account = Account.find_local!(params[:account_username])
  40.   end
  41. 

  42.   def set_link_headers
  43.     response.headers['Link'] = LinkHeader.new(
  44.       [
  45.         [account_stream_entry_url(@account, @stream_entry, format: 'atom'), [%w(rel alternate), %w(type application/atom+xml)]],
  46.         [ActivityPub::TagManager.instance.uri_for(@stream_entry.activity), [%w(rel alternate), %w(type application/activity+json)]],
  47.       ]
  48.     )
  49.   end
  50. 

  51.   def set_stream_entry
  52.     @stream_entry = @account.stream_entries.where(activity_type: 'Status').find(params[:id])
  53.     @type         = @stream_entry.activity_type.downcase
  54. 

  55.     raise ActiveRecord::RecordNotFound if @stream_entry.activity.nil?
  56.     authorize @stream_entry.activity, :show? if @stream_entry.hidden?
  57.   rescue Mastodon::NotPermittedError
  58.     # Reraise in order to get a 404
  59.     raise ActiveRecord::RecordNotFound
  60.   end
  61. 

  62.   def check_account_suspension
  63.     gone if @account.suspended?
  64.   end
  65. end