You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

610 lines
18 KiB

Account domain blocks (#2381) * Add <ostatus:conversation /> tag to Atom input/output Only uses ref attribute (not href) because href would be the alternate link that's always included also. Creates new conversation for every non-reply status. Carries over conversation for every reply. Keeps remote URIs verbatim, generates local URIs on the fly like the rest of them. * Conversation muting - prevents notifications that reference a conversation (including replies, favourites, reblogs) from being created. API endpoints /api/v1/statuses/:id/mute and /api/v1/statuses/:id/unmute Currently no way to tell when a status/conversation is muted, so the web UI only has a "disable notifications" button, doesn't work as a toggle * Display "Dismiss notifications" on all statuses in notifications column, not just own * Add "muted" as a boolean attribute on statuses JSON For now always false on contained reblogs, since it's only relevant for statuses returned from the notifications endpoint, which are not nested Remove "Disable notifications" from detailed status view, since it's only relevant in the notifications column * Up max class length * Remove pending test for conversation mute * Add tests, clean up * Rename to "mute conversation" and "unmute conversation" * Raise validation error when trying to mute/unmute status without conversation * Adding account domain blocks that filter notifications and public timelines * Add tests for domain blocks in notifications, public timelines Filter reblogs of blocked domains from home * Add API for listing and creating account domain blocks * API for creating/deleting domain blocks, tests for Status#ancestors and Status#descendants, filter domain blocks from them * Filter domains in streaming API * Update account_domain_block_spec.rb
7 years ago
Fix Account model deprecation warnings (#3689) ``` DEPRECATION WARNING: The behavior of `attribute_changed?` inside of after callbacks will be changing in the next version of Rails. The new return value will reflect the behavior of calling the method after `save` returned (e.g. the opposite of what it returns now). To maintain the current behavior, use `saved_change_to_attribute?` instead. (called from block in <class:Account> at /Users/rene/Workspace/personal/ruby/mastodon/app/models/account.rb:60) DEPRECATION WARNING: The behavior of `attribute_changed?` inside of after callbacks will be changing in the next version of Rails. The new return value will reflect the behavior of calling the method after `save` returned (e.g. the opposite of what it returns now). To maintain the current behavior, use `saved_change_to_attribute?` instead. (called from block in <class:Account> at /Users/rene/Workspace/personal/ruby/mastodon/app/models/account.rb:60) DEPRECATION WARNING: The behavior of `attribute_changed?` inside of after callbacks will be changing in the next version of Rails. The new return value will reflect the behavior of calling the method after `save` returned (e.g. the opposite of what it returns now). To maintain the current behavior, use `saved_change_to_attribute?` instead. (called from block in <class:Account> at /Users/rene/Workspace/personal/ruby/mastodon/app/models/account.rb:60) DEPRECATION WARNING: The behavior of `attribute_changed?` inside of after callbacks will be changing in the next version of Rails. The new return value will reflect the behavior of calling the method after `save` returned (e.g. the opposite of what it returns now). To maintain the current behavior, use `saved_change_to_attribute?` instead. (called from block in <class:Account> at /Users/rene/Workspace/personal/ruby/mastodon/app/models/account.rb:61) DEPRECATION WARNING: The behavior of `attribute_changed?` inside of after callbacks will be changing in the next version of Rails. The new return value will reflect the behavior of calling the method after `save` returned (e.g. the opposite of what it returns now). To maintain the current behavior, use `saved_change_to_attribute?` instead. (called from block in <class:Account> at /Users/rene/Workspace/personal/ruby/mastodon/app/models/account.rb:62) DEPRECATION WARNING: The behavior of `attribute_changed?` inside of after callbacks will be changing in the next version of Rails. The new return value will reflect the behavior of calling the method after `save` returned (e.g. the opposite of what it returns now). To maintain the current behavior, use `saved_change_to_attribute?` instead. (called from block in <class:Account> at /Users/rene/Workspace/personal/ruby/mastodon/app/models/account.rb:63) ``` Here's PR describing changes to Dirty API https://github.com/rails/rails/pull/25337
7 years ago
Account domain blocks (#2381) * Add <ostatus:conversation /> tag to Atom input/output Only uses ref attribute (not href) because href would be the alternate link that's always included also. Creates new conversation for every non-reply status. Carries over conversation for every reply. Keeps remote URIs verbatim, generates local URIs on the fly like the rest of them. * Conversation muting - prevents notifications that reference a conversation (including replies, favourites, reblogs) from being created. API endpoints /api/v1/statuses/:id/mute and /api/v1/statuses/:id/unmute Currently no way to tell when a status/conversation is muted, so the web UI only has a "disable notifications" button, doesn't work as a toggle * Display "Dismiss notifications" on all statuses in notifications column, not just own * Add "muted" as a boolean attribute on statuses JSON For now always false on contained reblogs, since it's only relevant for statuses returned from the notifications endpoint, which are not nested Remove "Disable notifications" from detailed status view, since it's only relevant in the notifications column * Up max class length * Remove pending test for conversation mute * Add tests, clean up * Rename to "mute conversation" and "unmute conversation" * Raise validation error when trying to mute/unmute status without conversation * Adding account domain blocks that filter notifications and public timelines * Add tests for domain blocks in notifications, public timelines Filter reblogs of blocked domains from home * Add API for listing and creating account domain blocks * API for creating/deleting domain blocks, tests for Status#ancestors and Status#descendants, filter domain blocks from them * Filter domains in streaming API * Update account_domain_block_spec.rb
7 years ago
Add follower synchronization mechanism (#14510) * Add support for followers synchronization on the receiving end Check the `collectionSynchronization` attribute on `Create` and `Announce` activities and synchronize followers from provided collection if possible. * Add tests for followers synchronization on the receiving end * Add support for follower synchronization on the sender's end * Add tests for the sending end * Switch from AS attributes to HTTP header Replace the custom `collectionSynchronization` ActivityStreams attribute by an HTTP header (`X-AS-Collection-Synchronization`) with the same syntax as the `Signature` header and the following fields: - `collectionId` to specify which collection to synchronize - `digest` for the SHA256 hex-digest of the list of followers known on the receiving instance (where “receiving instance” is determined by accounts sharing the same host name for their ActivityPub actor `id`) - `url` of a collection that should be fetched by the instance actor Internally, move away from the webfinger-based `domain` attribute and use account `uri` prefix to group accounts. * Add environment variable to disable followers synchronization Since the whole mechanism relies on some new preconditions that, in some extremely rare cases, might not be met, add an environment variable (DISABLE_FOLLOWERS_SYNCHRONIZATION) to disable the mechanism altogether and avoid followers being incorrectly removed. The current conditions are: 1. all managed accounts' actor `id` and inbox URL have the same URI scheme and netloc. 2. all accounts whose actor `id` or inbox URL share the same URI scheme and netloc as a managed account must be managed by the same Mastodon instance as well. As far as Mastodon is concerned, breaking those preconditions require extensive configuration changes in the reverse proxy and might also cause other issues. Therefore, this environment variable provides a way out for people with highly unusual configurations, and can be safely ignored for the overwhelming majority of Mastodon administrators. * Only set follower synchronization header on non-public statuses This is to avoid unnecessary computations and allow Follow-related activities to be handled by the usual codepath instead of going through the synchronization mechanism (otherwise, any Follow/Undo/Accept activity would trigger the synchronization mechanism even if processing the activity itself would be enough to re-introduce synchronization) * Change how ActivityPub::SynchronizeFollowersService handles follow requests If the remote lists a local follower which we only know has sent a follow request, consider the follow request as accepted instead of sending an Undo. * Integrate review feeback - rename X-AS-Collection-Synchronization to Collection-Synchronization - various minor refactoring and code style changes * Only select required fields when computing followers_hash * Use actor URI rather than webfinger domain in synchronization endpoint * Change hash computation to be a XOR of individual hashes Makes it much easier to be memory-efficient, and avoid sorting discrepancy issues. * Marginally improve followers_hash computation speed * Further improve hash computation performances by using pluck_each
4 years ago
Add follower synchronization mechanism (#14510) * Add support for followers synchronization on the receiving end Check the `collectionSynchronization` attribute on `Create` and `Announce` activities and synchronize followers from provided collection if possible. * Add tests for followers synchronization on the receiving end * Add support for follower synchronization on the sender's end * Add tests for the sending end * Switch from AS attributes to HTTP header Replace the custom `collectionSynchronization` ActivityStreams attribute by an HTTP header (`X-AS-Collection-Synchronization`) with the same syntax as the `Signature` header and the following fields: - `collectionId` to specify which collection to synchronize - `digest` for the SHA256 hex-digest of the list of followers known on the receiving instance (where “receiving instance” is determined by accounts sharing the same host name for their ActivityPub actor `id`) - `url` of a collection that should be fetched by the instance actor Internally, move away from the webfinger-based `domain` attribute and use account `uri` prefix to group accounts. * Add environment variable to disable followers synchronization Since the whole mechanism relies on some new preconditions that, in some extremely rare cases, might not be met, add an environment variable (DISABLE_FOLLOWERS_SYNCHRONIZATION) to disable the mechanism altogether and avoid followers being incorrectly removed. The current conditions are: 1. all managed accounts' actor `id` and inbox URL have the same URI scheme and netloc. 2. all accounts whose actor `id` or inbox URL share the same URI scheme and netloc as a managed account must be managed by the same Mastodon instance as well. As far as Mastodon is concerned, breaking those preconditions require extensive configuration changes in the reverse proxy and might also cause other issues. Therefore, this environment variable provides a way out for people with highly unusual configurations, and can be safely ignored for the overwhelming majority of Mastodon administrators. * Only set follower synchronization header on non-public statuses This is to avoid unnecessary computations and allow Follow-related activities to be handled by the usual codepath instead of going through the synchronization mechanism (otherwise, any Follow/Undo/Accept activity would trigger the synchronization mechanism even if processing the activity itself would be enough to re-introduce synchronization) * Change how ActivityPub::SynchronizeFollowersService handles follow requests If the remote lists a local follower which we only know has sent a follow request, consider the follow request as accepted instead of sending an Undo. * Integrate review feeback - rename X-AS-Collection-Synchronization to Collection-Synchronization - various minor refactoring and code style changes * Only select required fields when computing followers_hash * Use actor URI rather than webfinger domain in synchronization endpoint * Change hash computation to be a XOR of individual hashes Makes it much easier to be memory-efficient, and avoid sorting discrepancy issues. * Marginally improve followers_hash computation speed * Further improve hash computation performances by using pluck_each
4 years ago
8 years ago
  1. # frozen_string_literal: true
  2. # == Schema Information
  3. #
  4. # Table name: accounts
  5. #
  6. # id :bigint(8) not null, primary key
  7. # username :string default(""), not null
  8. # domain :string
  9. # private_key :text
  10. # public_key :text default(""), not null
  11. # created_at :datetime not null
  12. # updated_at :datetime not null
  13. # note :text default(""), not null
  14. # display_name :string default(""), not null
  15. # uri :string default(""), not null
  16. # url :string
  17. # avatar_file_name :string
  18. # avatar_content_type :string
  19. # avatar_file_size :integer
  20. # avatar_updated_at :datetime
  21. # header_file_name :string
  22. # header_content_type :string
  23. # header_file_size :integer
  24. # header_updated_at :datetime
  25. # avatar_remote_url :string
  26. # locked :boolean default(FALSE), not null
  27. # header_remote_url :string default(""), not null
  28. # last_webfingered_at :datetime
  29. # inbox_url :string default(""), not null
  30. # outbox_url :string default(""), not null
  31. # shared_inbox_url :string default(""), not null
  32. # followers_url :string default(""), not null
  33. # protocol :integer default("ostatus"), not null
  34. # memorial :boolean default(FALSE), not null
  35. # moved_to_account_id :bigint(8)
  36. # featured_collection_url :string
  37. # fields :jsonb
  38. # actor_type :string
  39. # discoverable :boolean
  40. # also_known_as :string is an Array
  41. # silenced_at :datetime
  42. # suspended_at :datetime
  43. # hide_collections :boolean
  44. # avatar_storage_schema_version :integer
  45. # header_storage_schema_version :integer
  46. # devices_url :string
  47. # suspension_origin :integer
  48. # sensitized_at :datetime
  49. # trendable :boolean
  50. # reviewed_at :datetime
  51. # requested_review_at :datetime
  52. #
  53. class Account < ApplicationRecord
  54. self.ignored_columns = %w(
  55. subscription_expires_at
  56. secret
  57. remote_url
  58. salmon_url
  59. hub_url
  60. trust_level
  61. )
  62. USERNAME_RE = /[a-z0-9_]+([a-z0-9_\.-]+[a-z0-9_]+)?/i
  63. MENTION_RE = /(?<=^|[^\/[:word:]])@((#{USERNAME_RE})(?:@[[:word:]\.\-]+[[:word:]]+)?)/i
  64. URL_PREFIX_RE = /\Ahttp(s?):\/\/[^\/]+/
  65. include Attachmentable
  66. include AccountAssociations
  67. include AccountAvatar
  68. include AccountFinderConcern
  69. include AccountHeader
  70. include AccountInteractions
  71. include Paginable
  72. include AccountCounters
  73. include DomainNormalizable
  74. include DomainMaterializable
  75. include AccountMerging
  76. enum protocol: [:ostatus, :activitypub]
  77. enum suspension_origin: [:local, :remote], _prefix: true
  78. validates :username, presence: true
  79. validates_with UniqueUsernameValidator, if: -> { will_save_change_to_username? }
  80. # Remote user validations
  81. validates :username, format: { with: /\A#{USERNAME_RE}\z/i }, if: -> { !local? && will_save_change_to_username? }
  82. # Local user validations
  83. validates :username, format: { with: /\A[a-z0-9_]+\z/i }, length: { maximum: 30 }, if: -> { local? && will_save_change_to_username? && actor_type != 'Application' }
  84. validates_with UnreservedUsernameValidator, if: -> { local? && will_save_change_to_username? }
  85. validates :display_name, length: { maximum: 30 }, if: -> { local? && will_save_change_to_display_name? }
  86. validates :note, note_length: { maximum: 500 }, if: -> { local? && will_save_change_to_note? }
  87. validates :fields, length: { maximum: 4 }, if: -> { local? && will_save_change_to_fields? }
  88. scope :remote, -> { where.not(domain: nil) }
  89. scope :local, -> { where(domain: nil) }
  90. scope :partitioned, -> { order(Arel.sql('row_number() over (partition by domain)')) }
  91. scope :silenced, -> { where.not(silenced_at: nil) }
  92. scope :suspended, -> { where.not(suspended_at: nil) }
  93. scope :sensitized, -> { where.not(sensitized_at: nil) }
  94. scope :without_suspended, -> { where(suspended_at: nil) }
  95. scope :without_silenced, -> { where(silenced_at: nil) }
  96. scope :without_instance_actor, -> { where.not(id: -99) }
  97. scope :recent, -> { reorder(id: :desc) }
  98. scope :bots, -> { where(actor_type: %w(Application Service)) }
  99. scope :groups, -> { where(actor_type: 'Group') }
  100. scope :alphabetic, -> { order(domain: :asc, username: :asc) }
  101. scope :matches_username, ->(value) { where(arel_table[:username].matches("#{value}%")) }
  102. scope :matches_display_name, ->(value) { where(arel_table[:display_name].matches("#{value}%")) }
  103. scope :matches_domain, ->(value) { where(arel_table[:domain].matches("%#{value}%")) }
  104. scope :searchable, -> { without_suspended.where(moved_to_account_id: nil) }
  105. scope :discoverable, -> { searchable.without_silenced.where(discoverable: true).left_outer_joins(:account_stat) }
  106. scope :followable_by, ->(account) { joins(arel_table.join(Follow.arel_table, Arel::Nodes::OuterJoin).on(arel_table[:id].eq(Follow.arel_table[:target_account_id]).and(Follow.arel_table[:account_id].eq(account.id))).join_sources).where(Follow.arel_table[:id].eq(nil)).joins(arel_table.join(FollowRequest.arel_table, Arel::Nodes::OuterJoin).on(arel_table[:id].eq(FollowRequest.arel_table[:target_account_id]).and(FollowRequest.arel_table[:account_id].eq(account.id))).join_sources).where(FollowRequest.arel_table[:id].eq(nil)) }
  107. scope :by_recent_status, -> { order(Arel.sql('(case when account_stats.last_status_at is null then 1 else 0 end) asc, account_stats.last_status_at desc, accounts.id desc')) }
  108. scope :by_recent_sign_in, -> { order(Arel.sql('(case when users.current_sign_in_at is null then 1 else 0 end) asc, users.current_sign_in_at desc, accounts.id desc')) }
  109. scope :popular, -> { order('account_stats.followers_count desc') }
  110. scope :by_domain_and_subdomains, ->(domain) { where(domain: domain).or(where(arel_table[:domain].matches('%.' + domain))) }
  111. scope :not_excluded_by_account, ->(account) { where.not(id: account.excluded_from_timeline_account_ids) }
  112. scope :not_domain_blocked_by_account, ->(account) { where(arel_table[:domain].eq(nil).or(arel_table[:domain].not_in(account.excluded_from_timeline_domains))) }
  113. delegate :email,
  114. :unconfirmed_email,
  115. :current_sign_in_at,
  116. :created_at,
  117. :sign_up_ip,
  118. :confirmed?,
  119. :approved?,
  120. :pending?,
  121. :disabled?,
  122. :unconfirmed_or_pending?,
  123. :role,
  124. :admin?,
  125. :moderator?,
  126. :staff?,
  127. :locale,
  128. :hides_network?,
  129. :shows_application?,
  130. to: :user,
  131. prefix: true,
  132. allow_nil: true
  133. delegate :chosen_languages, to: :user, prefix: false, allow_nil: true
  134. update_index('accounts', :self)
  135. def local?
  136. domain.nil?
  137. end
  138. def moved?
  139. moved_to_account_id.present?
  140. end
  141. def bot?
  142. %w(Application Service).include? actor_type
  143. end
  144. def instance_actor?
  145. id == -99
  146. end
  147. alias bot bot?
  148. def bot=(val)
  149. self.actor_type = ActiveModel::Type::Boolean.new.cast(val) ? 'Service' : 'Person'
  150. end
  151. def group?
  152. actor_type == 'Group'
  153. end
  154. alias group group?
  155. def acct
  156. local? ? username : "#{username}@#{domain}"
  157. end
  158. def pretty_acct
  159. local? ? username : "#{username}@#{Addressable::IDNA.to_unicode(domain)}"
  160. end
  161. def local_username_and_domain
  162. "#{username}@#{Rails.configuration.x.local_domain}"
  163. end
  164. def local_followers_count
  165. Follow.where(target_account_id: id).count
  166. end
  167. def to_webfinger_s
  168. "acct:#{local_username_and_domain}"
  169. end
  170. def searchable?
  171. !(suspended? || moved?)
  172. end
  173. def possibly_stale?
  174. last_webfingered_at.nil? || last_webfingered_at <= 1.day.ago
  175. end
  176. def refresh!
  177. ResolveAccountService.new.call(acct) unless local?
  178. end
  179. def silenced?
  180. silenced_at.present?
  181. end
  182. def silence!(date = Time.now.utc)
  183. update!(silenced_at: date)
  184. end
  185. def unsilence!
  186. update!(silenced_at: nil)
  187. end
  188. def suspended?
  189. suspended_at.present? && !instance_actor?
  190. end
  191. def suspended_permanently?
  192. suspended? && deletion_request.nil?
  193. end
  194. def suspended_temporarily?
  195. suspended? && deletion_request.present?
  196. end
  197. def suspend!(date: Time.now.utc, origin: :local, block_email: true)
  198. transaction do
  199. create_deletion_request!
  200. update!(suspended_at: date, suspension_origin: origin)
  201. create_canonical_email_block! if block_email
  202. end
  203. end
  204. def unsuspend!
  205. transaction do
  206. deletion_request&.destroy!
  207. update!(suspended_at: nil, suspension_origin: nil)
  208. destroy_canonical_email_block!
  209. end
  210. end
  211. def sensitized?
  212. sensitized_at.present?
  213. end
  214. def sensitize!(date = Time.now.utc)
  215. update!(sensitized_at: date)
  216. end
  217. def unsensitize!
  218. update!(sensitized_at: nil)
  219. end
  220. def memorialize!
  221. update!(memorial: true)
  222. end
  223. def sign?
  224. true
  225. end
  226. def previous_strikes_count
  227. strikes.where(overruled_at: nil).count
  228. end
  229. def keypair
  230. @keypair ||= OpenSSL::PKey::RSA.new(private_key || public_key)
  231. end
  232. def tags_as_strings=(tag_names)
  233. hashtags_map = Tag.find_or_create_by_names(tag_names).index_by(&:name)
  234. # Remove hashtags that are to be deleted
  235. tags.each do |tag|
  236. if hashtags_map.key?(tag.name)
  237. hashtags_map.delete(tag.name)
  238. else
  239. tags.delete(tag)
  240. end
  241. end
  242. # Add hashtags that were so far missing
  243. hashtags_map.each_value do |tag|
  244. tags << tag
  245. end
  246. end
  247. def also_known_as
  248. self[:also_known_as] || []
  249. end
  250. def fields
  251. (self[:fields] || []).map do |f|
  252. Field.new(self, f)
  253. rescue
  254. nil
  255. end.compact
  256. end
  257. def fields_attributes=(attributes)
  258. fields = []
  259. old_fields = self[:fields] || []
  260. old_fields = [] if old_fields.is_a?(Hash)
  261. if attributes.is_a?(Hash)
  262. attributes.each_value do |attr|
  263. next if attr[:name].blank?
  264. previous = old_fields.find { |item| item['value'] == attr[:value] }
  265. if previous && previous['verified_at'].present?
  266. attr[:verified_at] = previous['verified_at']
  267. end
  268. fields << attr
  269. end
  270. end
  271. self[:fields] = fields
  272. end
  273. DEFAULT_FIELDS_SIZE = 4
  274. def build_fields
  275. return if fields.size >= DEFAULT_FIELDS_SIZE
  276. tmp = self[:fields] || []
  277. tmp = [] if tmp.is_a?(Hash)
  278. (DEFAULT_FIELDS_SIZE - tmp.size).times do
  279. tmp << { name: '', value: '' }
  280. end
  281. self.fields = tmp
  282. end
  283. def save_with_optional_media!
  284. save!
  285. rescue ActiveRecord::RecordInvalid
  286. self.avatar = nil
  287. self.header = nil
  288. save!
  289. end
  290. def hides_followers?
  291. hide_collections?
  292. end
  293. def hides_following?
  294. hide_collections?
  295. end
  296. def object_type
  297. :person
  298. end
  299. def to_param
  300. username
  301. end
  302. def excluded_from_timeline_account_ids
  303. Rails.cache.fetch("exclude_account_ids_for:#{id}") { block_relationships.pluck(:target_account_id) + blocked_by_relationships.pluck(:account_id) + mute_relationships.pluck(:target_account_id) }
  304. end
  305. def excluded_from_timeline_domains
  306. Rails.cache.fetch("exclude_domains_for:#{id}") { domain_blocks.pluck(:domain) }
  307. end
  308. def preferred_inbox_url
  309. shared_inbox_url.presence || inbox_url
  310. end
  311. def synchronization_uri_prefix
  312. return 'local' if local?
  313. @synchronization_uri_prefix ||= "#{uri[URL_PREFIX_RE]}/"
  314. end
  315. def requires_review?
  316. reviewed_at.nil?
  317. end
  318. def reviewed?
  319. reviewed_at.present?
  320. end
  321. def requested_review?
  322. requested_review_at.present?
  323. end
  324. def requires_review_notification?
  325. requires_review? && !requested_review?
  326. end
  327. class Field < ActiveModelSerializers::Model
  328. attributes :name, :value, :verified_at, :account
  329. def initialize(account, attributes)
  330. @original_field = attributes
  331. string_limit = account.local? ? 255 : 2047
  332. super(
  333. account: account,
  334. name: attributes['name'].strip[0, string_limit],
  335. value: attributes['value'].strip[0, string_limit],
  336. verified_at: attributes['verified_at']&.to_datetime,
  337. )
  338. end
  339. def verified?
  340. verified_at.present?
  341. end
  342. def value_for_verification
  343. @value_for_verification ||= begin
  344. if account.local?
  345. value
  346. else
  347. ActionController::Base.helpers.strip_tags(value)
  348. end
  349. end
  350. end
  351. def verifiable?
  352. value_for_verification.present? && value_for_verification.start_with?('http://', 'https://')
  353. end
  354. def mark_verified!
  355. self.verified_at = Time.now.utc
  356. @original_field['verified_at'] = verified_at
  357. end
  358. def to_h
  359. { name: name, value: value, verified_at: verified_at }
  360. end
  361. end
  362. class << self
  363. DISALLOWED_TSQUERY_CHARACTERS = /['?\\:‘’]/.freeze
  364. TEXTSEARCH = "(setweight(to_tsvector('simple', accounts.display_name), 'A') || setweight(to_tsvector('simple', accounts.username), 'B') || setweight(to_tsvector('simple', coalesce(accounts.domain, '')), 'C'))"
  365. def readonly_attributes
  366. super - %w(statuses_count following_count followers_count)
  367. end
  368. def inboxes
  369. urls = reorder(nil).where(protocol: :activitypub).group(:preferred_inbox_url).pluck(Arel.sql("coalesce(nullif(accounts.shared_inbox_url, ''), accounts.inbox_url) AS preferred_inbox_url"))
  370. DeliveryFailureTracker.without_unavailable(urls)
  371. end
  372. def search_for(terms, limit = 10, offset = 0)
  373. tsquery = generate_query_for_search(terms)
  374. sql = <<-SQL.squish
  375. SELECT
  376. accounts.*,
  377. ts_rank_cd(#{TEXTSEARCH}, to_tsquery('simple', :tsquery), 32) AS rank
  378. FROM accounts
  379. WHERE to_tsquery('simple', :tsquery) @@ #{TEXTSEARCH}
  380. AND accounts.suspended_at IS NULL
  381. AND accounts.moved_to_account_id IS NULL
  382. ORDER BY rank DESC
  383. LIMIT :limit OFFSET :offset
  384. SQL
  385. records = find_by_sql([sql, limit: limit, offset: offset, tsquery: tsquery])
  386. ActiveRecord::Associations::Preloader.new.preload(records, :account_stat)
  387. records
  388. end
  389. def advanced_search_for(terms, account, limit = 10, following = false, offset = 0)
  390. tsquery = generate_query_for_search(terms)
  391. sql = advanced_search_for_sql_template(following)
  392. records = find_by_sql([sql, id: account.id, limit: limit, offset: offset, tsquery: tsquery])
  393. ActiveRecord::Associations::Preloader.new.preload(records, :account_stat)
  394. records
  395. end
  396. def from_text(text)
  397. return [] if text.blank?
  398. text.scan(MENTION_RE).map { |match| match.first.split('@', 2) }.uniq.filter_map do |(username, domain)|
  399. domain = begin
  400. if TagManager.instance.local_domain?(domain)
  401. nil
  402. else
  403. TagManager.instance.normalize_domain(domain)
  404. end
  405. end
  406. EntityCache.instance.mention(username, domain)
  407. end
  408. end
  409. private
  410. def generate_query_for_search(unsanitized_terms)
  411. terms = unsanitized_terms.gsub(DISALLOWED_TSQUERY_CHARACTERS, ' ')
  412. # The final ":*" is for prefix search.
  413. # The trailing space does not seem to fit any purpose, but `to_tsquery`
  414. # behaves differently with and without a leading space if the terms start
  415. # with `./`, `../`, or `.. `. I don't understand why, so, in doubt, keep
  416. # the same query.
  417. "' #{terms} ':*"
  418. end
  419. def advanced_search_for_sql_template(following)
  420. if following
  421. <<-SQL.squish
  422. WITH first_degree AS (
  423. SELECT target_account_id
  424. FROM follows
  425. WHERE account_id = :id
  426. UNION ALL
  427. SELECT :id
  428. )
  429. SELECT
  430. accounts.*,
  431. (count(f.id) + 1) * ts_rank_cd(#{TEXTSEARCH}, to_tsquery('simple', :tsquery), 32) AS rank
  432. FROM accounts
  433. LEFT OUTER JOIN follows AS f ON (accounts.id = f.account_id AND f.target_account_id = :id)
  434. WHERE accounts.id IN (SELECT * FROM first_degree)
  435. AND to_tsquery('simple', :tsquery) @@ #{TEXTSEARCH}
  436. AND accounts.suspended_at IS NULL
  437. AND accounts.moved_to_account_id IS NULL
  438. GROUP BY accounts.id
  439. ORDER BY rank DESC
  440. LIMIT :limit OFFSET :offset
  441. SQL
  442. else
  443. <<-SQL.squish
  444. SELECT
  445. accounts.*,
  446. (count(f.id) + 1) * ts_rank_cd(#{TEXTSEARCH}, to_tsquery('simple', :tsquery), 32) AS rank
  447. FROM accounts
  448. LEFT OUTER JOIN follows AS f ON (accounts.id = f.account_id AND f.target_account_id = :id) OR (accounts.id = f.target_account_id AND f.account_id = :id)
  449. WHERE to_tsquery('simple', :tsquery) @@ #{TEXTSEARCH}
  450. AND accounts.suspended_at IS NULL
  451. AND accounts.moved_to_account_id IS NULL
  452. GROUP BY accounts.id
  453. ORDER BY rank DESC
  454. LIMIT :limit OFFSET :offset
  455. SQL
  456. end
  457. end
  458. end
  459. def emojis
  460. @emojis ||= CustomEmoji.from_text(emojifiable_text, domain)
  461. end
  462. before_create :generate_keys
  463. before_validation :prepare_contents, if: :local?
  464. before_validation :prepare_username, on: :create
  465. before_destroy :clean_feed_manager
  466. private
  467. def prepare_contents
  468. display_name&.strip!
  469. note&.strip!
  470. end
  471. def prepare_username
  472. username&.squish!
  473. end
  474. def generate_keys
  475. return unless local? && private_key.blank? && public_key.blank?
  476. keypair = OpenSSL::PKey::RSA.new(2048)
  477. self.private_key = keypair.to_pem
  478. self.public_key = keypair.public_key.to_pem
  479. end
  480. def normalize_domain
  481. return if local?
  482. super
  483. end
  484. def emojifiable_text
  485. [note, display_name, fields.map(&:name), fields.map(&:value)].join(' ')
  486. end
  487. def clean_feed_manager
  488. FeedManager.instance.clean_feeds!(:home, [id])
  489. end
  490. def create_canonical_email_block!
  491. return unless local? && user_email.present?
  492. begin
  493. CanonicalEmailBlock.create(reference_account: self, email: user_email)
  494. rescue ActiveRecord::RecordNotUnique
  495. # A canonical e-mail block may already exist for the same e-mail
  496. end
  497. end
  498. def destroy_canonical_email_block!
  499. return unless local?
  500. CanonicalEmailBlock.where(reference_account: self).delete_all
  501. end
  502. end