tarrien/Mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'main' into glitch-soc/merge-upstream

Browse Source 
Conflicts:
- `README.md`:
  Upstream added some text, but our README is completely different.
  Kept our README unchanged.
This commit is contained in:
Claire
2022-01-16 18:11:20 +01:00
parent 07cb948f39 462bc65112
commit b61c3ddff8
24 changed files with 151 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
config/initializers/devise.rb
View File

@@ -1,11 +1,8 @@
require 'devise/strategies/authenticatable'
Warden::Manager.after_set_user except: :fetch do |user, warden|
if user.session_active?(warden.cookies.signed['_session_id'] || warden.raw_session['auth_id'])
session_id = warden.cookies.signed['_session_id'] || warden.raw_session['auth_id']
else
session_id = user.activate_session(warden.request)
end
session_id = warden.cookies.signed['_session_id'] || warden.raw_session['auth_id']
session_id = user.activate_session(warden.request) unless user.session_activations.active?(session_id)
warden.cookies.signed['_session_id'] = {
value: session_id,
@@ -17,9 +14,13 @@ Warden::Manager.after_set_user except: :fetch do |user, warden|
end
Warden::Manager.after_fetch do |user, warden|
if user.session_active?(warden.cookies.signed['_session_id'] || warden.raw_session['auth_id'])
session_id = warden.cookies.signed['_session_id'] || warden.raw_session['auth_id']
if session_id && (session = user.session_activations.find_by(session_id: session_id))
session.update(ip: warden.request.remote_ip) if session.ip != warden.request.remote_ip
warden.cookies.signed['_session_id'] = {
value: warden.cookies.signed['_session_id'] || warden.raw_session['auth_id'],
value: session_id,
expires: 1.year.from_now,
httponly: true,
secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),

2
config/initializers/rack_attack.rb
View File

@@ -55,7 +55,7 @@ class Rack::Attack
end
throttle('throttle_api_media', limit: 30, period: 30.minutes) do |req|
req.authenticated_user_id if req.post? && req.path.start_with?('/api/v1/media')
req.authenticated_user_id if req.post? && req.path.match?('^/api/v\d+/media')
end
throttle('throttle_media_proxy', limit: 30, period: 10.minutes) do |req|