Merge branch 'main' into glitch-soc/merge-upstream
Conflicts: - `.github/dependabot.yml`: Updated upstream, removed in glitch-soc to disable noise. Kept removed. - `CODE_OF_CONDUCT.md`: Upstream updated to a new version of the covenant, but I have not read it yet, so kept unchanged. - `Gemfile.lock`: Not a real conflict, one upstream dependency updated textually too close to the glitch-soc only `hcaptcha` dependency. Applied upstream changes. - `app/controllers/admin/base_controller.rb`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `app/controllers/application_controller.rb`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `app/controllers/disputes/base_controller.rb`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `app/controllers/relationships_controller.rb`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `app/controllers/statuses_cleanup_controller.rb`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `app/helpers/application_helper.rb`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `app/javascript/mastodon/features/compose/components/compose_form.jsx`: Upstream added a highlight animation for onboarding, while we changed the max character limit. Applied our local changes on top of upstream's new version. - `app/views/layouts/application.html.haml`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `stylelint.config.js`: Upstream added ignore paths, glitch-soc had extra ignore paths. Added the same paths as upstream.
This commit is contained in:
Claire
@@ -8,7 +8,7 @@ class AboutController < ApplicationController
|
||||
before_action :set_instance_presenter
|
||||
|
||||
def show
|
||||
expires_in 0, public: true unless user_signed_in?
|
||||
expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
@@ -7,8 +7,9 @@ class AccountsController < ApplicationController
|
||||
include AccountControllerConcern
|
||||
include SignatureAuthentication
|
||||
|
||||
vary_by -> { public_fetch_mode? ? 'Accept, Accept-Language, Cookie' : 'Accept, Accept-Language, Cookie, Signature' }
|
||||
|
||||
before_action :require_account_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
|
||||
before_action :set_cache_headers
|
||||
|
||||
skip_around_action :set_locale, if: -> { [:json, :rss].include?(request.format&.to_sym) }
|
||||
skip_before_action :require_functional!, unless: :whitelist_mode?
|
||||
@@ -16,7 +17,7 @@ class AccountsController < ApplicationController
|
||||
def show
|
||||
respond_to do |format|
|
||||
format.html do
|
||||
expires_in 0, public: true unless user_signed_in?
|
||||
expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.hour) unless user_signed_in?
|
||||
|
||||
@rss_url = rss_url
|
||||
end
|
||||
|
||||
@@ -7,10 +7,6 @@ class ActivityPub::BaseController < Api::BaseController
|
||||
|
||||
private
|
||||
|
||||
def set_cache_headers
|
||||
response.headers['Vary'] = 'Signature' if authorized_fetch_mode?
|
||||
end
|
||||
|
||||
def skip_temporary_suspension_response?
|
||||
false
|
||||
end
|
||||
|
||||
@@ -4,11 +4,12 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
|
||||
include SignatureVerification
|
||||
include AccountOwnedConcern
|
||||
|
||||
vary_by -> { 'Signature' if authorized_fetch_mode? }
|
||||
|
||||
before_action :require_account_signature!, if: :authorized_fetch_mode?
|
||||
before_action :set_items
|
||||
before_action :set_size
|
||||
before_action :set_type
|
||||
before_action :set_cache_headers
|
||||
|
||||
def show
|
||||
expires_in 3.minutes, public: public_fetch_mode?
|
||||
|
||||
@@ -4,9 +4,10 @@ class ActivityPub::FollowersSynchronizationsController < ActivityPub::BaseContro
|
||||
include SignatureVerification
|
||||
include AccountOwnedConcern
|
||||
|
||||
vary_by -> { 'Signature' if authorized_fetch_mode? }
|
||||
|
||||
before_action :require_account_signature!
|
||||
before_action :set_items
|
||||
before_action :set_cache_headers
|
||||
|
||||
def show
|
||||
expires_in 0, public: false
|
||||
|
||||
@@ -6,9 +6,10 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
|
||||
include SignatureVerification
|
||||
include AccountOwnedConcern
|
||||
|
||||
vary_by -> { 'Signature' if authorized_fetch_mode? || page_requested? }
|
||||
|
||||
before_action :require_account_signature!, if: :authorized_fetch_mode?
|
||||
before_action :set_statuses
|
||||
before_action :set_cache_headers
|
||||
|
||||
def show
|
||||
if page_requested?
|
||||
@@ -16,6 +17,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
|
||||
else
|
||||
expires_in(3.minutes, public: public_fetch_mode?)
|
||||
end
|
||||
|
||||
render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
|
||||
end
|
||||
|
||||
@@ -80,8 +82,4 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
|
||||
def set_account
|
||||
@account = params[:account_username].present? ? Account.find_local!(username_param) : Account.representative
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.headers['Vary'] = 'Signature' if authorized_fetch_mode? || page_requested?
|
||||
end
|
||||
end
|
||||
|
||||
@@ -7,9 +7,10 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
|
||||
|
||||
DESCENDANTS_LIMIT = 60
|
||||
|
||||
vary_by -> { 'Signature' if authorized_fetch_mode? }
|
||||
|
||||
before_action :require_account_signature!, if: :authorized_fetch_mode?
|
||||
before_action :set_status
|
||||
before_action :set_cache_headers
|
||||
before_action :set_replies
|
||||
|
||||
def index
|
||||
|
||||
@@ -9,6 +9,8 @@ module Admin
|
||||
|
||||
before_action :set_pack
|
||||
before_action :set_body_classes
|
||||
before_action :set_cache_headers
|
||||
|
||||
after_action :verify_authorized
|
||||
|
||||
private
|
||||
@@ -21,6 +23,10 @@ module Admin
|
||||
use_pack 'admin'
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.cache_control.replace(private: true, no_store: true)
|
||||
end
|
||||
|
||||
def set_user
|
||||
@user = Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
|
||||
end
|
||||
|
||||
@@ -6,13 +6,14 @@ class Api::BaseController < ApplicationController
|
||||
|
||||
include RateLimitHeaders
|
||||
include AccessTokenTrackingConcern
|
||||
include ApiCachingConcern
|
||||
|
||||
skip_before_action :store_current_location
|
||||
skip_before_action :require_functional!, unless: :whitelist_mode?
|
||||
|
||||
before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access?
|
||||
before_action :require_not_suspended!
|
||||
before_action :set_cache_headers
|
||||
|
||||
vary_by 'Authorization'
|
||||
|
||||
protect_from_forgery with: :null_session
|
||||
|
||||
@@ -148,10 +149,6 @@ class Api::BaseController < ApplicationController
|
||||
doorkeeper_authorize!(*scopes) if doorkeeper_token
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.headers['Cache-Control'] = 'private, no-store'
|
||||
end
|
||||
|
||||
def disallow_unauthenticated_api_access?
|
||||
ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.whitelist_mode
|
||||
end
|
||||
|
||||
@@ -6,6 +6,7 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
|
||||
after_action :insert_pagination_headers
|
||||
|
||||
def index
|
||||
cache_if_unauthenticated!
|
||||
@accounts = load_accounts
|
||||
render json: @accounts, each_serializer: REST::AccountSerializer
|
||||
end
|
||||
|
||||
@@ -6,6 +6,7 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
|
||||
after_action :insert_pagination_headers
|
||||
|
||||
def index
|
||||
cache_if_unauthenticated!
|
||||
@accounts = load_accounts
|
||||
render json: @accounts, each_serializer: REST::AccountSerializer
|
||||
end
|
||||
|
||||
@@ -5,6 +5,7 @@ class Api::V1::Accounts::LookupController < Api::BaseController
|
||||
before_action :set_account
|
||||
|
||||
def show
|
||||
cache_if_unauthenticated!
|
||||
render json: @account, serializer: REST::AccountSerializer
|
||||
end
|
||||
|
||||
|
||||
@@ -7,6 +7,7 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
|
||||
after_action :insert_pagination_headers, unless: -> { truthy_param?(:pinned) }
|
||||
|
||||
def index
|
||||
cache_if_unauthenticated!
|
||||
@statuses = load_statuses
|
||||
render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
|
||||
end
|
||||
|
||||
@@ -18,6 +18,7 @@ class Api::V1::AccountsController < Api::BaseController
|
||||
override_rate_limit_headers :follow, family: :follows
|
||||
|
||||
def show
|
||||
cache_if_unauthenticated!
|
||||
render json: @account, serializer: REST::AccountSerializer
|
||||
end
|
||||
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
class Api::V1::CustomEmojisController < Api::BaseController
|
||||
skip_before_action :set_cache_headers
|
||||
vary_by '', unless: :disallow_unauthenticated_api_access?
|
||||
|
||||
def index
|
||||
expires_in 3.minutes, public: true
|
||||
cache_even_if_authenticated! unless disallow_unauthenticated_api_access?
|
||||
render_with_cache(each_serializer: REST::CustomEmojiSerializer) { CustomEmoji.listed.includes(:category) }
|
||||
end
|
||||
end
|
||||
|
||||
@@ -5,6 +5,7 @@ class Api::V1::DirectoriesController < Api::BaseController
|
||||
before_action :set_accounts
|
||||
|
||||
def show
|
||||
cache_if_unauthenticated!
|
||||
render json: @accounts, each_serializer: REST::AccountSerializer
|
||||
end
|
||||
|
||||
|
||||
@@ -3,11 +3,12 @@
|
||||
class Api::V1::Instances::ActivityController < Api::BaseController
|
||||
before_action :require_enabled_api!
|
||||
|
||||
skip_before_action :set_cache_headers
|
||||
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
|
||||
|
||||
vary_by ''
|
||||
|
||||
def show
|
||||
expires_in 1.day, public: true
|
||||
cache_even_if_authenticated!
|
||||
render_with_cache json: :activity, expires_in: 1.day
|
||||
end
|
||||
|
||||
|
||||
@@ -6,8 +6,15 @@ class Api::V1::Instances::DomainBlocksController < Api::BaseController
|
||||
before_action :require_enabled_api!
|
||||
before_action :set_domain_blocks
|
||||
|
||||
vary_by '', if: -> { Setting.show_domain_blocks == 'all' }
|
||||
|
||||
def index
|
||||
expires_in 3.minutes, public: true
|
||||
if Setting.show_domain_blocks == 'all'
|
||||
cache_even_if_authenticated!
|
||||
else
|
||||
cache_if_unauthenticated!
|
||||
end
|
||||
|
||||
render json: @domain_blocks, each_serializer: REST::DomainBlockSerializer, with_comment: (Setting.show_domain_blocks_rationale == 'all' || (Setting.show_domain_blocks_rationale == 'users' && user_signed_in?))
|
||||
end
|
||||
|
||||
|
||||
@@ -2,11 +2,19 @@
|
||||
|
||||
class Api::V1::Instances::ExtendedDescriptionsController < Api::BaseController
|
||||
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
|
||||
skip_around_action :set_locale
|
||||
|
||||
before_action :set_extended_description
|
||||
|
||||
vary_by ''
|
||||
|
||||
# Override `current_user` to avoid reading session cookies unless in whitelist mode
|
||||
def current_user
|
||||
super if whitelist_mode?
|
||||
end
|
||||
|
||||
def show
|
||||
expires_in 3.minutes, public: true
|
||||
cache_even_if_authenticated!
|
||||
render json: @extended_description, serializer: REST::ExtendedDescriptionSerializer
|
||||
end
|
||||
|
||||
|
||||
@@ -3,11 +3,18 @@
|
||||
class Api::V1::Instances::PeersController < Api::BaseController
|
||||
before_action :require_enabled_api!
|
||||
|
||||
skip_before_action :set_cache_headers
|
||||
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
|
||||
skip_around_action :set_locale
|
||||
|
||||
vary_by ''
|
||||
|
||||
# Override `current_user` to avoid reading session cookies unless in whitelist mode
|
||||
def current_user
|
||||
super if whitelist_mode?
|
||||
end
|
||||
|
||||
def index
|
||||
expires_in 1.day, public: true
|
||||
cache_even_if_authenticated!
|
||||
render_with_cache(expires_in: 1.day) { Instance.where.not(domain: DomainBlock.select(:domain)).pluck(:domain) }
|
||||
end
|
||||
|
||||
|
||||
@@ -5,8 +5,10 @@ class Api::V1::Instances::PrivacyPoliciesController < Api::BaseController
|
||||
|
||||
before_action :set_privacy_policy
|
||||
|
||||
vary_by ''
|
||||
|
||||
def show
|
||||
expires_in 1.day, public: true
|
||||
cache_even_if_authenticated!
|
||||
render json: @privacy_policy, serializer: REST::PrivacyPolicySerializer
|
||||
end
|
||||
|
||||
|
||||
@@ -2,10 +2,19 @@
|
||||
|
||||
class Api::V1::Instances::RulesController < Api::BaseController
|
||||
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
|
||||
skip_around_action :set_locale
|
||||
|
||||
before_action :set_rules
|
||||
|
||||
vary_by ''
|
||||
|
||||
# Override `current_user` to avoid reading session cookies unless in whitelist mode
|
||||
def current_user
|
||||
super if whitelist_mode?
|
||||
end
|
||||
|
||||
def index
|
||||
cache_even_if_authenticated!
|
||||
render json: @rules, each_serializer: REST::RuleSerializer
|
||||
end
|
||||
|
||||
|
||||
@@ -5,8 +5,10 @@ class Api::V1::Instances::TranslationLanguagesController < Api::BaseController
|
||||
|
||||
before_action :set_languages
|
||||
|
||||
vary_by ''
|
||||
|
||||
def show
|
||||
expires_in 1.day, public: true
|
||||
cache_even_if_authenticated!
|
||||
render json: @languages
|
||||
end
|
||||
|
||||
|
||||
@@ -1,11 +1,18 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
class Api::V1::InstancesController < Api::BaseController
|
||||
skip_before_action :set_cache_headers
|
||||
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
|
||||
skip_around_action :set_locale
|
||||
|
||||
vary_by ''
|
||||
|
||||
# Override `current_user` to avoid reading session cookies unless in whitelist mode
|
||||
def current_user
|
||||
super if whitelist_mode?
|
||||
end
|
||||
|
||||
def show
|
||||
expires_in 3.minutes, public: true
|
||||
cache_even_if_authenticated!
|
||||
render_with_cache json: InstancePresenter.new, serializer: REST::V1::InstanceSerializer, root: 'instance'
|
||||
end
|
||||
end
|
||||
|
||||
@@ -8,6 +8,7 @@ class Api::V1::PollsController < Api::BaseController
|
||||
before_action :refresh_poll
|
||||
|
||||
def show
|
||||
cache_if_unauthenticated!
|
||||
render json: @poll, serializer: REST::PollSerializer, include_results: true
|
||||
end
|
||||
|
||||
|
||||
@@ -8,6 +8,7 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController
|
||||
after_action :insert_pagination_headers
|
||||
|
||||
def index
|
||||
cache_if_unauthenticated!
|
||||
@accounts = load_accounts
|
||||
render json: @accounts, each_serializer: REST::AccountSerializer
|
||||
end
|
||||
|
||||
@@ -7,6 +7,7 @@ class Api::V1::Statuses::HistoriesController < Api::BaseController
|
||||
before_action :set_status
|
||||
|
||||
def show
|
||||
cache_if_unauthenticated!
|
||||
render json: @status.edits.includes(:account, status: [:account]), each_serializer: REST::StatusEditSerializer
|
||||
end
|
||||
|
||||
|
||||
@@ -8,6 +8,7 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::BaseController
|
||||
after_action :insert_pagination_headers
|
||||
|
||||
def index
|
||||
cache_if_unauthenticated!
|
||||
@accounts = load_accounts
|
||||
render json: @accounts, each_serializer: REST::AccountSerializer
|
||||
end
|
||||
|
||||
@@ -24,11 +24,14 @@ class Api::V1::StatusesController < Api::BaseController
|
||||
DESCENDANTS_DEPTH_LIMIT = 20
|
||||
|
||||
def show
|
||||
cache_if_unauthenticated!
|
||||
@status = cache_collection([@status], Status).first
|
||||
render json: @status, serializer: REST::StatusSerializer
|
||||
end
|
||||
|
||||
def context
|
||||
cache_if_unauthenticated!
|
||||
|
||||
ancestors_limit = CONTEXT_LIMIT
|
||||
descendants_limit = CONTEXT_LIMIT
|
||||
descendants_depth_limit = nil
|
||||
|
||||
@@ -8,6 +8,7 @@ class Api::V1::TagsController < Api::BaseController
|
||||
override_rate_limit_headers :follow, family: :follows
|
||||
|
||||
def show
|
||||
cache_if_unauthenticated!
|
||||
render json: @tag, serializer: REST::TagSerializer
|
||||
end
|
||||
|
||||
|
||||
@@ -5,6 +5,7 @@ class Api::V1::Timelines::PublicController < Api::BaseController
|
||||
after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
|
||||
|
||||
def show
|
||||
cache_if_unauthenticated!
|
||||
@statuses = load_statuses
|
||||
render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
|
||||
end
|
||||
|
||||
@@ -5,6 +5,7 @@ class Api::V1::Timelines::TagController < Api::BaseController
|
||||
after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
|
||||
|
||||
def show
|
||||
cache_if_unauthenticated!
|
||||
@statuses = load_statuses
|
||||
render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
|
||||
end
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
class Api::V1::Trends::LinksController < Api::BaseController
|
||||
vary_by 'Authorization, Accept-Language'
|
||||
|
||||
before_action :set_links
|
||||
|
||||
after_action :insert_pagination_headers
|
||||
@@ -8,6 +10,7 @@ class Api::V1::Trends::LinksController < Api::BaseController
|
||||
DEFAULT_LINKS_LIMIT = 10
|
||||
|
||||
def index
|
||||
cache_if_unauthenticated!
|
||||
render json: @links, each_serializer: REST::Trends::LinkSerializer
|
||||
end
|
||||
|
||||
|
||||
@@ -1,11 +1,14 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
class Api::V1::Trends::StatusesController < Api::BaseController
|
||||
vary_by 'Authorization, Accept-Language'
|
||||
|
||||
before_action :set_statuses
|
||||
|
||||
after_action :insert_pagination_headers
|
||||
|
||||
def index
|
||||
cache_if_unauthenticated!
|
||||
render json: @statuses, each_serializer: REST::StatusSerializer
|
||||
end
|
||||
|
||||
|
||||
@@ -8,6 +8,7 @@ class Api::V1::Trends::TagsController < Api::BaseController
|
||||
DEFAULT_TAGS_LIMIT = (ENV['MAX_TRENDING_TAGS'] || 10).to_i
|
||||
|
||||
def index
|
||||
cache_if_unauthenticated!
|
||||
render json: @tags, each_serializer: REST::TagSerializer, relationships: TagRelationshipsPresenter.new(@tags, current_user&.account_id)
|
||||
end
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
class Api::V2::InstancesController < Api::V1::InstancesController
|
||||
def show
|
||||
expires_in 3.minutes, public: true
|
||||
cache_even_if_authenticated!
|
||||
render_with_cache json: InstancePresenter.new, serializer: REST::InstanceSerializer, root: 'instance'
|
||||
end
|
||||
end
|
||||
|
||||
@@ -21,6 +21,8 @@ class ApplicationController < ActionController::Base
|
||||
helper_method :omniauth_only?
|
||||
helper_method :sso_account_settings
|
||||
helper_method :whitelist_mode?
|
||||
helper_method :body_class_string
|
||||
helper_method :skip_csrf_meta_tags?
|
||||
|
||||
rescue_from ActionController::ParameterMissing, Paperclip::AdapterRegistry::NoHandlerError, with: :bad_request
|
||||
rescue_from Mastodon::NotPermittedError, with: :forbidden
|
||||
@@ -37,9 +39,11 @@ class ApplicationController < ActionController::Base
|
||||
service_unavailable
|
||||
end
|
||||
|
||||
before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
|
||||
before_action :store_referrer, except: :raise_not_found, if: :devise_controller?
|
||||
before_action :require_functional!, if: :user_signed_in?
|
||||
|
||||
before_action :set_cache_control_defaults
|
||||
|
||||
skip_before_action :verify_authenticity_token, only: :raise_not_found
|
||||
|
||||
def raise_not_found
|
||||
@@ -56,14 +60,25 @@ class ApplicationController < ActionController::Base
|
||||
!authorized_fetch_mode?
|
||||
end
|
||||
|
||||
def store_current_location
|
||||
store_location_for(:user, request.url) unless [:json, :rss].include?(request.format&.to_sym)
|
||||
def store_referrer
|
||||
return if request.referer.blank?
|
||||
|
||||
redirect_uri = URI(request.referer)
|
||||
return if redirect_uri.path.start_with?('/auth')
|
||||
|
||||
stored_url = redirect_uri.to_s if redirect_uri.host == request.host && redirect_uri.port == request.port
|
||||
|
||||
store_location_for(:user, stored_url)
|
||||
end
|
||||
|
||||
def require_functional!
|
||||
redirect_to edit_user_registration_path unless current_user.functional?
|
||||
end
|
||||
|
||||
def skip_csrf_meta_tags?
|
||||
false
|
||||
end
|
||||
|
||||
def after_sign_out_path_for(_resource_or_scope)
|
||||
if ENV['OMNIAUTH_ONLY'] == 'true' && ENV['OIDC_ENABLED'] == 'true'
|
||||
'/auth/auth/openid_connect/logout'
|
||||
@@ -127,7 +142,7 @@ class ApplicationController < ActionController::Base
|
||||
end
|
||||
|
||||
def sso_account_settings
|
||||
ENV.fetch('SSO_ACCOUNT_SETTINGS')
|
||||
ENV.fetch('SSO_ACCOUNT_SETTINGS', nil)
|
||||
end
|
||||
|
||||
def current_account
|
||||
@@ -142,6 +157,10 @@ class ApplicationController < ActionController::Base
|
||||
@current_session = SessionActivation.find_by(session_id: cookies.signed['_session_id']) if cookies.signed['_session_id'].present?
|
||||
end
|
||||
|
||||
def body_class_string
|
||||
@body_classes || ''
|
||||
end
|
||||
|
||||
def respond_with_error(code)
|
||||
respond_to do |format|
|
||||
format.any do
|
||||
@@ -151,4 +170,8 @@ class ApplicationController < ActionController::Base
|
||||
format.json { render json: { error: Rack::Utils::HTTP_STATUS_CODES[code] }, status: code }
|
||||
end
|
||||
end
|
||||
|
||||
def set_cache_control_defaults
|
||||
response.cache_control.replace(private: true, no_store: true)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -157,6 +157,6 @@ class Auth::RegistrationsController < Devise::RegistrationsController
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.headers['Cache-Control'] = 'private, no-store'
|
||||
response.cache_control.replace(private: true, no_store: true)
|
||||
end
|
||||
end
|
||||
|
||||
13
app/controllers/concerns/api_caching_concern.rb
Normal file
13
app/controllers/concerns/api_caching_concern.rb
Normal file
@@ -0,0 +1,13 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
module ApiCachingConcern
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
def cache_if_unauthenticated!
|
||||
expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?
|
||||
end
|
||||
|
||||
def cache_even_if_authenticated!
|
||||
expires_in(5.minutes, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless whitelist_mode?
|
||||
end
|
||||
end
|
||||
@@ -155,8 +155,30 @@ module CacheConcern
|
||||
end
|
||||
end
|
||||
|
||||
class_methods do
|
||||
def vary_by(value, **kwargs)
|
||||
before_action(**kwargs) do |controller|
|
||||
response.headers['Vary'] = value.respond_to?(:call) ? controller.instance_exec(&value) : value
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
included do
|
||||
after_action :enforce_cache_control!
|
||||
end
|
||||
|
||||
# Prevents high-entropy headers such as `Cookie`, `Signature` or `Authorization`
|
||||
# from being used as cache keys, while allowing to `Vary` on them (to not serve
|
||||
# anonymous cached data to authenticated requests when authentication matters)
|
||||
def enforce_cache_control!
|
||||
vary = response.headers['Vary']&.split&.map { |x| x.strip.downcase }
|
||||
return unless vary.present? && %w(cookie authorization signature).any? { |header| vary.include?(header) && request.headers[header].present? }
|
||||
|
||||
response.cache_control.replace(private: true, no_store: true)
|
||||
end
|
||||
|
||||
def render_with_cache(**options)
|
||||
raise ArgumentError, 'only JSON render calls are supported' unless options.key?(:json) || block_given?
|
||||
raise ArgumentError, 'Only JSON render calls are supported' unless options.key?(:json) || block_given?
|
||||
|
||||
key = options.delete(:key) || [[params[:controller], params[:action]].join('/'), options[:json].respond_to?(:cache_key) ? options[:json].cache_key : nil, options[:fields].nil? ? nil : options[:fields].join(',')].compact.join(':')
|
||||
expires_in = options.delete(:expires_in) || 3.minutes
|
||||
@@ -176,10 +198,6 @@ module CacheConcern
|
||||
end
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.headers['Vary'] = public_fetch_mode? ? 'Accept' : 'Accept, Signature'
|
||||
end
|
||||
|
||||
def cache_collection(raw, klass)
|
||||
return raw unless klass.respond_to?(:with_includes)
|
||||
|
||||
|
||||
@@ -7,6 +7,12 @@ module WebAppControllerConcern
|
||||
prepend_before_action :redirect_unauthenticated_to_permalinks!
|
||||
before_action :set_pack
|
||||
before_action :set_app_body_class
|
||||
|
||||
vary_by 'Accept, Accept-Language, Cookie'
|
||||
end
|
||||
|
||||
def skip_csrf_meta_tags?
|
||||
current_user.nil?
|
||||
end
|
||||
|
||||
def set_app_body_class
|
||||
|
||||
@@ -1,18 +1,8 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
class CustomCssController < ApplicationController
|
||||
skip_before_action :store_current_location
|
||||
skip_before_action :require_functional!
|
||||
skip_before_action :update_user_sign_in
|
||||
skip_before_action :set_session_activity
|
||||
|
||||
skip_around_action :set_locale
|
||||
|
||||
before_action :set_cache_headers
|
||||
|
||||
class CustomCssController < ActionController::Base # rubocop:disable Rails/ApplicationController
|
||||
def show
|
||||
expires_in 3.minutes, public: true
|
||||
request.session_options[:skip] = true
|
||||
render content_type: 'text/css'
|
||||
end
|
||||
end
|
||||
|
||||
@@ -10,6 +10,7 @@ class Disputes::BaseController < ApplicationController
|
||||
before_action :set_body_classes
|
||||
before_action :authenticate_user!
|
||||
before_action :set_pack
|
||||
before_action :set_cache_headers
|
||||
|
||||
private
|
||||
|
||||
@@ -20,4 +21,8 @@ class Disputes::BaseController < ApplicationController
|
||||
def set_body_classes
|
||||
@body_classes = 'admin'
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.cache_control.replace(private: true, no_store: true)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -2,15 +2,12 @@
|
||||
|
||||
class EmojisController < ApplicationController
|
||||
before_action :set_emoji
|
||||
before_action :set_cache_headers
|
||||
|
||||
vary_by -> { 'Signature' if authorized_fetch_mode? }
|
||||
|
||||
def show
|
||||
respond_to do |format|
|
||||
format.json do
|
||||
expires_in 3.minutes, public: true
|
||||
render_with_cache json: @emoji, content_type: 'application/activity+json', serializer: ActivityPub::EmojiSerializer, adapter: ActivityPub::Adapter
|
||||
end
|
||||
end
|
||||
expires_in 3.minutes, public: true
|
||||
render_with_cache json: @emoji, content_type: 'application/activity+json', serializer: ActivityPub::EmojiSerializer, adapter: ActivityPub::Adapter
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
@@ -8,6 +8,7 @@ class Filters::StatusesController < ApplicationController
|
||||
before_action :set_status_filters
|
||||
before_action :set_pack
|
||||
before_action :set_body_classes
|
||||
before_action :set_cache_headers
|
||||
|
||||
PER_PAGE = 20
|
||||
|
||||
@@ -49,4 +50,8 @@ class Filters::StatusesController < ApplicationController
|
||||
def set_body_classes
|
||||
@body_classes = 'admin'
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.cache_control.replace(private: true, no_store: true)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -7,6 +7,7 @@ class FiltersController < ApplicationController
|
||||
before_action :set_filter, only: [:edit, :update, :destroy]
|
||||
before_action :set_pack
|
||||
before_action :set_body_classes
|
||||
before_action :set_cache_headers
|
||||
|
||||
def index
|
||||
@filters = current_account.custom_filters.includes(:keywords, :statuses).order(:phrase)
|
||||
@@ -59,4 +60,8 @@ class FiltersController < ApplicationController
|
||||
def set_body_classes
|
||||
@body_classes = 'admin'
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.cache_control.replace(private: true, no_store: true)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -5,8 +5,9 @@ class FollowerAccountsController < ApplicationController
|
||||
include SignatureVerification
|
||||
include WebAppControllerConcern
|
||||
|
||||
vary_by -> { public_fetch_mode? ? 'Accept, Accept-Language, Cookie' : 'Accept, Accept-Language, Cookie, Signature' }
|
||||
|
||||
before_action :require_account_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
|
||||
before_action :set_cache_headers
|
||||
|
||||
skip_around_action :set_locale, if: -> { request.format == :json }
|
||||
skip_before_action :require_functional!, unless: :whitelist_mode?
|
||||
@@ -14,7 +15,7 @@ class FollowerAccountsController < ApplicationController
|
||||
def index
|
||||
respond_to do |format|
|
||||
format.html do
|
||||
expires_in 0, public: true unless user_signed_in?
|
||||
expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.hour) unless user_signed_in?
|
||||
end
|
||||
|
||||
format.json do
|
||||
|
||||
@@ -5,8 +5,9 @@ class FollowingAccountsController < ApplicationController
|
||||
include SignatureVerification
|
||||
include WebAppControllerConcern
|
||||
|
||||
vary_by -> { public_fetch_mode? ? 'Accept, Accept-Language, Cookie' : 'Accept, Accept-Language, Cookie, Signature' }
|
||||
|
||||
before_action :require_account_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
|
||||
before_action :set_cache_headers
|
||||
|
||||
skip_around_action :set_locale, if: -> { request.format == :json }
|
||||
skip_before_action :require_functional!, unless: :whitelist_mode?
|
||||
@@ -14,7 +15,7 @@ class FollowingAccountsController < ApplicationController
|
||||
def index
|
||||
respond_to do |format|
|
||||
format.html do
|
||||
expires_in 0, public: true unless user_signed_in?
|
||||
expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.hour) unless user_signed_in?
|
||||
end
|
||||
|
||||
format.json do
|
||||
|
||||
@@ -6,7 +6,7 @@ class HomeController < ApplicationController
|
||||
before_action :set_instance_presenter
|
||||
|
||||
def index
|
||||
expires_in 0, public: true unless user_signed_in?
|
||||
expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
@@ -1,10 +1,13 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
class InstanceActorsController < ApplicationController
|
||||
include AccountControllerConcern
|
||||
class InstanceActorsController < ActivityPub::BaseController
|
||||
vary_by ''
|
||||
|
||||
skip_before_action :check_account_confirmation
|
||||
skip_around_action :set_locale
|
||||
serialization_scope nil
|
||||
|
||||
before_action :set_account
|
||||
skip_before_action :require_functional!
|
||||
skip_before_action :update_user_sign_in
|
||||
|
||||
def show
|
||||
expires_in 10.minutes, public: true
|
||||
|
||||
@@ -8,6 +8,7 @@ class InvitesController < ApplicationController
|
||||
before_action :authenticate_user!
|
||||
before_action :set_pack
|
||||
before_action :set_body_classes
|
||||
before_action :set_cache_headers
|
||||
|
||||
def index
|
||||
authorize :invite, :create?
|
||||
@@ -54,4 +55,8 @@ class InvitesController < ApplicationController
|
||||
def set_body_classes
|
||||
@body_classes = 'admin'
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.cache_control.replace(private: true, no_store: true)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
class ManifestsController < ApplicationController
|
||||
skip_before_action :store_current_location
|
||||
skip_before_action :require_functional!
|
||||
class ManifestsController < ActionController::Base # rubocop:disable Rails/ApplicationController
|
||||
# Prevent `active_model_serializer`'s `ActionController::Serialization` from calling `current_user`
|
||||
# and thus re-issuing session cookies
|
||||
serialization_scope nil
|
||||
|
||||
def show
|
||||
expires_in 3.minutes, public: true
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
class MediaController < ApplicationController
|
||||
include Authorization
|
||||
|
||||
skip_before_action :store_current_location
|
||||
skip_before_action :require_functional!, unless: :whitelist_mode?
|
||||
|
||||
before_action :authenticate_user!, if: :whitelist_mode?
|
||||
|
||||
@@ -6,7 +6,6 @@ class MediaProxyController < ApplicationController
|
||||
include Redisable
|
||||
include Lockable
|
||||
|
||||
skip_before_action :store_current_location
|
||||
skip_before_action :require_functional!
|
||||
|
||||
before_action :authenticate_user!, if: :whitelist_mode?
|
||||
|
||||
@@ -39,6 +39,6 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.headers['Cache-Control'] = 'private, no-store'
|
||||
response.cache_control.replace(private: true, no_store: true)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -8,6 +8,7 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
|
||||
before_action :set_pack
|
||||
before_action :require_not_suspended!, only: :destroy
|
||||
before_action :set_body_classes
|
||||
before_action :set_cache_headers
|
||||
|
||||
skip_before_action :require_functional!
|
||||
|
||||
@@ -35,4 +36,8 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
|
||||
def require_not_suspended!
|
||||
forbidden if current_account.suspended?
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.cache_control.replace(private: true, no_store: true)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -8,7 +8,7 @@ class PrivacyController < ApplicationController
|
||||
before_action :set_instance_presenter
|
||||
|
||||
def show
|
||||
expires_in 0, public: true if current_account.nil?
|
||||
expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
@@ -8,6 +8,7 @@ class RelationshipsController < ApplicationController
|
||||
before_action :set_pack
|
||||
before_action :set_relationships, only: :show
|
||||
before_action :set_body_classes
|
||||
before_action :set_cache_headers
|
||||
|
||||
helper_method :following_relationship?, :followed_by_relationship?, :mutual_relationship?
|
||||
|
||||
@@ -75,4 +76,8 @@ class RelationshipsController < ApplicationController
|
||||
def set_pack
|
||||
use_pack 'admin'
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.cache_control.replace(private: true, no_store: true)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -19,7 +19,7 @@ class Settings::BaseController < ApplicationController
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.headers['Cache-Control'] = 'private, no-store'
|
||||
response.cache_control.replace(private: true, no_store: true)
|
||||
end
|
||||
|
||||
def require_not_suspended!
|
||||
|
||||
@@ -7,6 +7,7 @@ class StatusesCleanupController < ApplicationController
|
||||
before_action :set_policy
|
||||
before_action :set_body_classes
|
||||
before_action :set_pack
|
||||
before_action :set_cache_headers
|
||||
|
||||
def show; end
|
||||
|
||||
@@ -41,4 +42,8 @@ class StatusesCleanupController < ApplicationController
|
||||
def set_body_classes
|
||||
@body_classes = 'admin'
|
||||
end
|
||||
|
||||
def set_cache_headers
|
||||
response.cache_control.replace(private: true, no_store: true)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -6,11 +6,12 @@ class StatusesController < ApplicationController
|
||||
include Authorization
|
||||
include AccountOwnedConcern
|
||||
|
||||
vary_by -> { public_fetch_mode? ? 'Accept, Accept-Language, Cookie' : 'Accept, Accept-Language, Cookie, Signature' }
|
||||
|
||||
before_action :require_account_signature!, only: [:show, :activity], if: -> { request.format == :json && authorized_fetch_mode? }
|
||||
before_action :set_status
|
||||
before_action :set_instance_presenter
|
||||
before_action :redirect_to_original, only: :show
|
||||
before_action :set_cache_headers
|
||||
before_action :set_body_classes, only: :embed
|
||||
|
||||
after_action :set_link_headers
|
||||
@@ -29,7 +30,7 @@ class StatusesController < ApplicationController
|
||||
end
|
||||
|
||||
format.json do
|
||||
expires_in 3.minutes, public: @status.distributable? && public_fetch_mode?
|
||||
expires_in 3.minutes, public: true if @status.distributable? && public_fetch_mode?
|
||||
render_with_cache json: @status, content_type: 'application/activity+json', serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter
|
||||
end
|
||||
end
|
||||
|
||||
@@ -7,6 +7,8 @@ class TagsController < ApplicationController
|
||||
PAGE_SIZE = 20
|
||||
PAGE_SIZE_MAX = 200
|
||||
|
||||
vary_by -> { public_fetch_mode? ? 'Accept, Accept-Language, Cookie' : 'Accept, Accept-Language, Cookie, Signature' }
|
||||
|
||||
before_action :require_account_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
|
||||
before_action :authenticate_user!, if: :whitelist_mode?
|
||||
before_action :set_local
|
||||
@@ -19,7 +21,7 @@ class TagsController < ApplicationController
|
||||
def show
|
||||
respond_to do |format|
|
||||
format.html do
|
||||
expires_in 0, public: true unless user_signed_in?
|
||||
expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.hour) unless user_signed_in?
|
||||
end
|
||||
|
||||
format.rss do
|
||||
|
||||
@@ -1,11 +1,9 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
module WellKnown
|
||||
class HostMetaController < ActionController::Base
|
||||
class HostMetaController < ActionController::Base # rubocop:disable Rails/ApplicationController
|
||||
include RoutingHelper
|
||||
|
||||
before_action { response.headers['Vary'] = 'Accept' }
|
||||
|
||||
def show
|
||||
@webfinger_template = "#{webfinger_url}?resource={uri}"
|
||||
expires_in 3.days, public: true
|
||||
|
||||
@@ -1,10 +1,12 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
module WellKnown
|
||||
class NodeInfoController < ActionController::Base
|
||||
class NodeInfoController < ActionController::Base # rubocop:disable Rails/ApplicationController
|
||||
include CacheConcern
|
||||
|
||||
before_action { response.headers['Vary'] = 'Accept' }
|
||||
# Prevent `active_model_serializer`'s `ActionController::Serialization` from calling `current_user`
|
||||
# and thus re-issuing session cookies
|
||||
serialization_scope nil
|
||||
|
||||
def index
|
||||
expires_in 3.days, public: true
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
module WellKnown
|
||||
class WebfingerController < ActionController::Base
|
||||
class WebfingerController < ActionController::Base # rubocop:disable Rails/ApplicationController
|
||||
include RoutingHelper
|
||||
|
||||
before_action :set_account
|
||||
@@ -34,7 +34,12 @@ module WellKnown
|
||||
end
|
||||
|
||||
def check_account_suspension
|
||||
expires_in(3.minutes, public: true) && gone if @account.suspended_permanently?
|
||||
gone if @account.suspended_permanently?
|
||||
end
|
||||
|
||||
def gone
|
||||
expires_in(3.minutes, public: true)
|
||||
head 410
|
||||
end
|
||||
|
||||
def bad_request
|
||||
@@ -46,9 +51,5 @@ module WellKnown
|
||||
expires_in(3.minutes, public: true)
|
||||
head 404
|
||||
end
|
||||
|
||||
def gone
|
||||
head 410
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user