closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5340 Commits
4 Branches
567 MiB
Tree: 4694dcfe16
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4694dcfe16'
${ noResults }
mastodon/app/controllers/application_controller.rb

199 lines
6.2 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
8 years ago
Initial commit
8 years ago
Fixing FanOutOnWriteService, fixing Sidekiq not having enough DB connections in the pool, adding a throttle of 60rpm per IP, adding mini profiler, adding admin status to users
8 years ago
Return force_ssl to the controller (#2380)
7 years ago
Fix #1165 - before_action was called before protect_from_forgery
7 years ago
Extract user tracking into concern (#2600)
7 years ago
Make file attachment on MediaAttachment optional (#1865) Create MediaAttachment but without actual file download when domain is blocked with reject_media set to true Clean up old media files when creating a new domain block with reject_media set to true Return remote_url in media attachments API if local file is not present Undo domain block action in admin UI Ability to enable reject_media from admin UI
7 years ago
Bind web UI access tokens to sessions (#3940) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test * Fix #2347 - Bind web UI access token to session When you logout, session also destroys the access token, so it's no longer valid. If access token is destroyed some other way, the session is also destroyed, requiring a re-login. Fix #1681 - Add scheduler to remove revoked access tokens and grants * Fix test
7 years ago
Rename themes -> flavours ? ?
7 years ago
Skins support
7 years ago
Make file attachment on MediaAttachment optional (#1865) Create MediaAttachment but without actual file download when domain is blocked with reject_media set to true Clean up old media files when creating a new domain block with reject_media set to true Return remote_url in media attachments API if local file is not present Undo domain block action in admin UI Ability to enable reject_media from admin UI
7 years ago
Adding React.js, Redux, revamping dashboard
8 years ago
Fix local follows, 404 in logs
8 years ago
Add nice error page for CSRF errors/cookie issue, and fix error page handling altogether
7 years ago
Add moderator role and add pundit policies for admin actions (#5635) * Add moderator role and add pundit policies for admin actions * Add rake task for turning user into mod and revoking it again * Fix handling of unauthorized exception * Deliver new report e-mails to staff, not just admins * Add promote/demote to admin UI, hide some actions conditionally * Fix unused i18n
7 years ago
Fix local follows, 404 in logs
8 years ago
Fix sign-in redirecting "back" to a missing image because missing static files hit the raise_not_found method
8 years ago
Add filters for suspended accounts
8 years ago
Redirect after sign in to previous page (unless it's a sign in/up/etc page)
8 years ago
Fix local follows, 404 in logs
8 years ago
Improve code style
8 years ago
Fix local follows, 404 in logs
8 years ago
Redirect after sign in to previous page (unless it's a sign in/up/etc page)
8 years ago
Return force_ssl to the controller (#2380)
7 years ago
Redirect after sign in to previous page (unless it's a sign in/up/etc page)
8 years ago
Add simple admin overview of PuSH subscriptions
8 years ago
Add moderator role and add pundit policies for admin actions (#5635) * Add moderator role and add pundit policies for admin actions * Add rake task for turning user into mod and revoking it again * Fix handling of unauthorized exception * Deliver new report e-mails to staff, not just admins * Add promote/demote to admin UI, hide some actions conditionally * Fix unused i18n
7 years ago
Add filters for suspended accounts
8 years ago
Show error message to suspended user (#3281)
7 years ago
Add filters for suspended accounts
8 years ago
Add "signed in as" header to some pages (#4523)
7 years ago
Skins support
7 years ago
Finalized theme loading and stuff
7 years ago
Fix common packs when other pack also there
7 years ago
Rename themes -> flavours ? ?
7 years ago
Finalized theme loading and stuff
7 years ago
Skins support
7 years ago
Javascript intl8n flavour support
7 years ago
Finalized theme loading and stuff
7 years ago
Skins support
7 years ago
Finalized theme loading and stuff
7 years ago
Skins support
7 years ago
Finalized theme loading and stuff
7 years ago
Rename themes -> flavours ? ?
7 years ago
Finalized theme loading and stuff
7 years ago
Skins support
7 years ago
Javascript intl8n flavour support
7 years ago
Finalized theme loading and stuff
7 years ago
Skins support
7 years ago
Finalized theme loading and stuff
7 years ago
Skins support
7 years ago
Rename themes -> flavours ? ?
7 years ago
Skins shouldn't apply to fallback flavours
7 years ago
Finalized theme loading and stuff
7 years ago
Skins shouldn't apply to fallback flavours
7 years ago
Finalized theme loading and stuff
7 years ago
Skins support
7 years ago
Finalized theme loading and stuff
7 years ago
Skins shouldn't apply to fallback flavours
7 years ago
Finalized theme loading and stuff
7 years ago
Rename themes -> flavours ? ?
7 years ago
Finalized theme loading and stuff
7 years ago
Fix tests
8 years ago
Error responses cleanup (#2692) * Use respond_with_error for forbidden errors * Wrap up common error code into single method
7 years ago
Fix local follows, 404 in logs
8 years ago
Error responses cleanup (#2692) * Use respond_with_error for forbidden errors * Wrap up common error code into single method
7 years ago
Add nice error page for CSRF errors/cookie issue, and fix error page handling altogether
7 years ago
Error responses cleanup (#2692) * Use respond_with_error for forbidden errors * Wrap up common error code into single method
7 years ago
ActivityPub: Add basic, read-only support for Outboxes, Notes, and Create/Announce Activities (#2197) * Clean up collapsible components * Expose user Outboxes and AS2 representations of statuses * Save work thus far. * Fix bad merge. * Save my work * Clean up pagination. * First test working. * Add tests. * Add Forbidden error template. * Revert yarn.lock changes. * Fix code style deviations and use localized instead of hardcoded English text.
7 years ago
Add nice error page for CSRF errors/cookie issue, and fix error page handling altogether
7 years ago
Error responses cleanup (#2692) * Use respond_with_error for forbidden errors * Wrap up common error code into single method
7 years ago
Catching more exceptions that slipped through, removing AR logging from production as it's very verbose and not very useful
8 years ago
Give SINGLE_USER a chance to register (#1820) An attempt to open a brand new Mastodon instance configured as SINGLE_USER_MODE=true will cause an exception. Enable temporary registration if we have no users in the database Fixes #1817
7 years ago
Change "Account.any?" to "Account.exists?" (#3217)
7 years ago
Give SINGLE_USER a chance to register (#1820) An attempt to open a brand new Mastodon instance configured as SINGLE_USER_MODE=true will cause an exception. Enable temporary registration if we have no users in the database Fixes #1817
7 years ago
Fix tests
8 years ago
Rename "publish" to "toot" in english locale, fix lightbox showing old image before loading new one, cache notifications API, fix missing follow button on public profiles
8 years ago
Fix tests
8 years ago
Unify collection caching code
8 years ago
Bind web UI access tokens to sessions (#3940) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test * Fix #2347 - Bind web UI access token to session When you logout, session also destroys the access token, so it's no longer valid. If access token is destroyed some other way, the session is also destroyed, requiring a re-login. Fix #1681 - Add scheduler to remove revoked access tokens and grants * Fix test
7 years ago
Fix #4058 - Use a long-lived cookie to keep track of user-level sessions (#4091) * Fix #4058 - Use a long-lived cookie to keep track of user-level sessions * Fix tests, smooth migrate from previous session-based identifier
7 years ago
Bind web UI access tokens to sessions (#3940) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test * Fix #2347 - Bind web UI access token to session When you logout, session also destroys the access token, so it's no longer valid. If access token is destroyed some other way, the session is also destroyed, requiring a re-login. Fix #1681 - Add scheduler to remove revoked access tokens and grants * Fix test
7 years ago
Rename themes -> flavours ? ?
7 years ago
Skins support
7 years ago
Rename themes -> flavours ? ?
7 years ago
Skins support
7 years ago
Unify collection caching code
8 years ago
Further abstract caching for includes
8 years ago
Fix #248 - Reload all accounts when fetching from cache
8 years ago
Unify collection caching code
8 years ago
Fix #248 - Reload all accounts when fetching from cache
8 years ago
Unify collection caching code
8 years ago
Fix some rubocop style issues (#5730)
7 years ago
Unify collection caching code
8 years ago
Fix #2195 - Set locale to error pages (#2255) * Fix #2195 - Set locale to error pages * Fix #2195 - Cut duplicate process into one method
7 years ago
Error responses cleanup (#2692) * Use respond_with_error for forbidden errors * Wrap up common error code into single method
7 years ago
Fix #2195 - Set locale to error pages (#2255) * Fix #2195 - Set locale to error pages * Fix #2195 - Cut duplicate process into one method
7 years ago
Initial commit
8 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class ApplicationController < ActionController::Base
  4.   # Prevent CSRF attacks by raising an exception.
  5.   # For APIs, you may want to use :null_session instead.
  6.   protect_from_forgery with: :exception
  7. 

  8.   force_ssl if: :https_enabled?
  9. 

  10.   include Localized
  11.   include UserTrackingConcern
  12. 

  13.   helper_method :current_account
  14.   helper_method :current_session
  15.   helper_method :current_flavour
  16.   helper_method :current_skin
  17.   helper_method :single_user_mode?
  18. 

  19.   rescue_from ActionController::RoutingError, with: :not_found
  20.   rescue_from ActiveRecord::RecordNotFound, with: :not_found
  21.   rescue_from ActionController::InvalidAuthenticityToken, with: :unprocessable_entity
  22.   rescue_from Mastodon::NotPermittedError, with: :forbidden
  23. 

  24.   before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
  25.   before_action :check_suspension, if: :user_signed_in?
  26. 

  27.   def raise_not_found
  28.     raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"
  29.   end
  30. 

  31.   private
  32. 

  33.   def https_enabled?
  34.     Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'
  35.   end
  36. 

  37.   def store_current_location
  38.     store_location_for(:user, request.url)
  39.   end
  40. 

  41.   def require_admin!
  42.     redirect_to root_path unless current_user&.admin?
  43.   end
  44. 

  45.   def require_staff!
  46.     redirect_to root_path unless current_user&.staff?
  47.   end
  48. 

  49.   def check_suspension
  50.     forbidden if current_user.account.suspended?
  51.   end
  52. 

  53.   def after_sign_out_path_for(_resource_or_scope)
  54.     new_user_session_path
  55.   end
  56. 

  57.   def pack(data, pack_name, skin = 'default')
  58.     return nil unless pack?(data, pack_name)
  59.     pack_data = {
  60.       common: pack_name == 'common' ? nil : resolve_pack(data['name'] ? Themes.instance.flavour(current_flavour) : Themes.instance.core, 'common', skin),
  61.       flavour: data['name'],
  62.       pack: pack_name,
  63.       preload: nil,
  64.       skin: nil,
  65.       supported_locales: data['locales'],
  66.     }
  67.     if data['pack'][pack_name].is_a?(Hash)
  68.       pack_data[:common] = nil if data['pack'][pack_name]['use_common'] == false
  69.       pack_data[:pack] = nil unless data['pack'][pack_name]['filename']
  70.       if data['pack'][pack_name]['preload']
  71.         pack_data[:preload] = [data['pack'][pack_name]['preload']] if data['pack'][pack_name]['preload'].is_a?(String)
  72.         pack_data[:preload] = data['pack'][pack_name]['preload'] if data['pack'][pack_name]['preload'].is_a?(Array)
  73.       end
  74.       if skin != 'default' && data['skin'][skin]
  75.         pack_data[:skin] = skin if data['skin'][skin].include?(pack_name)
  76.       else  #  default skin
  77.         pack_data[:skin] = 'default' if data['pack'][pack_name]['stylesheet']
  78.       end
  79.     end
  80.     pack_data
  81.   end
  82. 

  83.   def pack?(data, pack_name)
  84.     if data['pack'].is_a?(Hash) && data['pack'].key?(pack_name)
  85.       return true if data['pack'][pack_name].is_a?(String) || data['pack'][pack_name].is_a?(Hash)
  86.     end
  87.     false
  88.   end
  89. 

  90.   def nil_pack(data, pack_name, skin = 'default')
  91.     {
  92.       common: pack_name == 'common' ? nil : resolve_pack(data['name'] ? Themes.instance.flavour(current_flavour) : Themes.instance.core, 'common', skin),
  93.       flavour: data['name'],
  94.       pack: nil,
  95.       preload: nil,
  96.       skin: nil,
  97.       supported_locales: data['locales'],
  98.     }
  99.   end
  100. 

  101.   def resolve_pack(data, pack_name, skin = 'default')
  102.     result = pack(data, pack_name, skin)
  103.     unless result
  104.       if data['name'] && data.key?('fallback')
  105.         if data['fallback'].nil?
  106.           return nil_pack(data, pack_name, skin)
  107.         elsif data['fallback'].is_a?(String) && Themes.instance.flavour(data['fallback'])
  108.           return resolve_pack(Themes.instance.flavour(data['fallback']), pack_name)
  109.         elsif data['fallback'].is_a?(Array)
  110.           data['fallback'].each do |fallback|
  111.             return resolve_pack(Themes.instance.flavour(fallback), pack_name) if Themes.instance.flavour(fallback)
  112.           end
  113.         end
  114.         return nil_pack(data, pack_name, skin)
  115.       end
  116.       return data.key?('name') && data['name'] != Setting.default_settings['flavour'] ? resolve_pack(Themes.instance.flavour(Setting.default_settings['flavour']), pack_name) : nil_pack(data, pack_name, skin)
  117.     end
  118.     result
  119.   end
  120. 

  121.   def use_pack(pack_name)
  122.     @core = resolve_pack(Themes.instance.core, pack_name)
  123.     @theme = resolve_pack(Themes.instance.flavour(current_flavour), pack_name, current_skin)
  124.   end
  125. 

  126.   protected
  127. 

  128.   def forbidden
  129.     respond_with_error(403)
  130.   end
  131. 

  132.   def not_found
  133.     respond_with_error(404)
  134.   end
  135. 

  136.   def gone
  137.     respond_with_error(410)
  138.   end
  139. 

  140.   def unprocessable_entity
  141.     respond_with_error(422)
  142.   end
  143. 

  144.   def single_user_mode?
  145.     @single_user_mode ||= Rails.configuration.x.single_user_mode && Account.exists?
  146.   end
  147. 

  148.   def current_account
  149.     @current_account ||= current_user.try(:account)
  150.   end
  151. 

  152.   def current_session
  153.     @current_session ||= SessionActivation.find_by(session_id: cookies.signed['_session_id'])
  154.   end
  155. 

  156.   def current_flavour
  157.     return Setting.default_settings['flavour'] unless Themes.instance.flavours.include? current_user&.setting_flavour
  158.     current_user.setting_flavour
  159.   end
  160. 

  161.   def current_skin
  162.     return 'default' unless Themes.instance.skins_for(current_flavour).include? current_user&.setting_skin
  163.     current_user.setting_skin
  164.   end
  165. 

  166.   def cache_collection(raw, klass)
  167.     return raw unless klass.respond_to?(:with_includes)
  168. 

  169.     raw                    = raw.cache_ids.to_a if raw.is_a?(ActiveRecord::Relation)
  170.     uncached_ids           = []
  171.     cached_keys_with_value = Rails.cache.read_multi(*raw.map(&:cache_key))
  172. 

  173.     raw.each do |item|
  174.       uncached_ids << item.id unless cached_keys_with_value.key?(item.cache_key)
  175.     end
  176. 

  177.     klass.reload_stale_associations!(cached_keys_with_value.values) if klass.respond_to?(:reload_stale_associations!)
  178. 

  179.     unless uncached_ids.empty?
  180.       uncached = klass.where(id: uncached_ids).with_includes.map { |item| [item.id, item] }.to_h
  181. 

  182.       uncached.each_value do |item|
  183.         Rails.cache.write(item.cache_key, item)
  184.       end
  185.     end
  186. 

  187.     raw.map { |item| cached_keys_with_value[item.cache_key] || uncached[item.id] }.compact
  188.   end
  189. 

  190.   def respond_with_error(code)
  191.     respond_to do |format|
  192.       format.any  { head code }
  193.       format.html do
  194.         set_locale
  195.         render "errors/#{code}", layout: 'error', status: code
  196.       end
  197.     end
  198.   end
  199. end