Update dependency fog-openstack to v1

Gemfile

@@ -16,7 +16,7 @@ gem 'dotenv-rails', '~> 2.8'
 
 gem 'aws-sdk-s3', '~> 1.123', require: false
 gem 'fog-core', '<= 2.4.0'
-gem 'fog-openstack', '~> 0.3', require: false
+gem 'fog-openstack', '~> 1.0', require: false
 gem 'kt-paperclip', '~> 7.2'
 gem 'blurhash', '~> 0.1'
 

Gemfile.lock

@@ -267,19 +267,18 @@ GEM
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
-    fog-core (2.1.0)
+    fog-core (2.3.0)
       builder
-      excon (~> 0.58)
+      excon (~> 0.71)
-      formatador (~> 0.2)
+      formatador (>= 0.2, < 2.0)
       mime-types
     fog-json (1.2.0)
       fog-core
       multi_json (~> 1.10)
-    fog-openstack (0.3.10)
+    fog-openstack (1.1.0)
-      fog-core (>= 1.45, <= 2.1.0)
+      fog-core (~> 2.1)
       fog-json (>= 1.0)
-      ipaddress (>= 0.8)
+    formatador (1.1.0)
-    formatador (0.3.0)
     fugit (1.8.1)
       et-orbi (~> 1, >= 1.2.7)
       raabro (~> 1.4)
@@ -338,7 +337,6 @@ GEM
       rainbow (>= 2.2.2, < 4.0)
       terminal-table (>= 1.5.1)
     idn-ruby (0.1.5)
-    ipaddress (0.8.3)
     jmespath (1.6.2)
     json (2.6.3)
     json-canonicalization (0.3.2)
@@ -800,7 +798,7 @@ DEPENDENCIES
   fast_blank (~> 1.0)
   fastimage
   fog-core (<= 2.4.0)
-  fog-openstack (~> 0.3)
+  fog-openstack (~> 1.0)
   fuubar (~> 2.5)
   haml-rails (~> 2.0)
   haml_lint

app/controllers/api/web/embeds_controller.rb

@@ -1,36 +1,25 @@
 # frozen_string_literal: true
 
 class Api::Web::EmbedsController < Api::Web::BaseController
-  include Authorization
+  before_action :require_user!
 
-  before_action :set_status
+  def create
+    status = StatusFinder.new(params[:url]).status
 
-  def show
+    return not_found if status.hidden?
-    return not_found if @status.hidden?
 
-    if @status.local?
+    render json: status, serializer: OEmbedSerializer, width: 400
-      render json: @status, serializer: OEmbedSerializer, width: 400
+  rescue ActiveRecord::RecordNotFound
-    else
+    oembed = FetchOEmbedService.new.call(params[:url])
-      return not_found unless user_signed_in?
 
-      url = ActivityPub::TagManager.instance.url_for(@status)
+    return not_found if oembed.nil?
-      oembed = FetchOEmbedService.new.call(url)
-      return not_found if oembed.nil?
 
-      begin
+    begin
-        oembed[:html] = Sanitize.fragment(oembed[:html], Sanitize::Config::MASTODON_OEMBED)
+      oembed[:html] = Sanitize.fragment(oembed[:html], Sanitize::Config::MASTODON_OEMBED)
-      rescue ArgumentError
+    rescue ArgumentError
-        return not_found
+      return not_found
-      end
-
-      render json: oembed
     end
-  end
 
-  def set_status
+    render json: oembed
-    @status = Status.find(params[:id])
-    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
-    not_found
   end
 end

app/javascript/mastodon/components/router.tsx

@@ -1,23 +0,0 @@
-import type { PropsWithChildren } from 'react';
-import React from 'react';
-
-import type { History } from 'history';
-import { createBrowserHistory } from 'history';
-import { Router as OriginalRouter } from 'react-router';
-
-import { layoutFromWindow } from 'mastodon/is_mobile';
-
-const browserHistory = createBrowserHistory();
-const originalPush = browserHistory.push.bind(browserHistory);
-
-browserHistory.push = (path: string, state: History.LocationState) => {
-  if (layoutFromWindow() === 'multi-column' && !path.startsWith('/deck')) {
-    originalPush(`/deck${path}`, state);
-  } else {
-    originalPush(path, state);
-  }
-};
-
-export const Router: React.FC<PropsWithChildren> = ({ children }) => {
-  return <OriginalRouter history={browserHistory}>{children}</OriginalRouter>;
-};

app/javascript/mastodon/components/status_action_bar.jsx

@@ -258,7 +258,7 @@ class StatusActionBar extends ImmutablePureComponent {
       menu.push({ text: intl.formatMessage(messages.share), action: this.handleShareClick });
     }
 
-    if (publicStatus && (signedIn || !isRemote)) {
+    if (publicStatus) {
       menu.push({ text: intl.formatMessage(messages.embed), action: this.handleEmbed });
     }
 

app/javascript/mastodon/containers/mastodon.jsx

@@ -2,7 +2,7 @@ import PropTypes from 'prop-types';
 import { PureComponent } from 'react';
 
 import { Helmet } from 'react-helmet';
-import { Route } from 'react-router-dom';
+import { BrowserRouter, Route } from 'react-router-dom';
 
 import { Provider as ReduxProvider } from 'react-redux';
 
@@ -12,7 +12,6 @@ import { fetchCustomEmojis } from 'mastodon/actions/custom_emojis';
 import { hydrateStore } from 'mastodon/actions/store';
 import { connectUserStream } from 'mastodon/actions/streaming';
 import ErrorBoundary from 'mastodon/components/error_boundary';
-import { Router } from 'mastodon/components/router';
 import UI from 'mastodon/features/ui';
 import initialState, { title as siteTitle } from 'mastodon/initial_state';
 import { IntlProvider } from 'mastodon/locales';
@@ -76,11 +75,11 @@ export default class Mastodon extends PureComponent {
       <IntlProvider>
         <ReduxProvider store={store}>
           <ErrorBoundary>
-            <Router>
+            <BrowserRouter>
               <ScrollContext shouldUpdateScroll={this.shouldUpdateScroll}>
                 <Route path='/' component={UI} />
               </ScrollContext>
-            </Router>
+            </BrowserRouter>
 
             <Helmet defaultTitle={title} titleTemplate={`%s - ${title}`} />
           </ErrorBoundary>

app/javascript/mastodon/containers/status_container.jsx

@@ -139,7 +139,7 @@ const mapDispatchToProps = (dispatch, { intl, contextType }) => ({
     dispatch(openModal({
       modalType: 'EMBED',
       modalProps: {
-        id: status.get('id'),
+        url: status.get('url'),
         onError: error => dispatch(showAlertForError(error)),
       },
     }));

app/javascript/mastodon/features/getting_started/index.jsx

@@ -142,7 +142,7 @@ class GettingStarted extends ImmutablePureComponent {
 
           {!multiColumn && <div className='flex-spacer' />}
 
-          <LinkFooter multiColumn />
+          <LinkFooter />
         </div>
 
         {(multiColumn && showTrends) && <TrendsContainer />}

app/javascript/mastodon/features/status/components/action_bar.jsx

@@ -205,7 +205,7 @@ class ActionBar extends PureComponent {
       menu.push({ text: intl.formatMessage(messages.share), action: this.handleShare });
     }
 
-    if (publicStatus && (signedIn || !isRemote)) {
+    if (publicStatus) {
       menu.push({ text: intl.formatMessage(messages.embed), action: this.handleEmbed });
     }
 

app/javascript/mastodon/features/status/containers/detailed_status_container.js

@@ -110,7 +110,7 @@ const mapDispatchToProps = (dispatch, { intl }) => ({
     dispatch(openModal({
       modalType: 'EMBED',
       modalProps: {
-        id: status.get('id'),
+        url: status.get('url'),
         onError: error => dispatch(showAlertForError(error)),
       },
     }));

app/javascript/mastodon/features/status/index.jsx

@@ -449,7 +449,7 @@ class Status extends ImmutablePureComponent {
   handleEmbed = (status) => {
     this.props.dispatch(openModal({
       modalType: 'EMBED',
-      modalProps: { id: status.get('id') },
+      modalProps: { url: status.get('url') },
     }));
   };
 

app/javascript/mastodon/features/ui/components/embed_modal.jsx

@@ -14,7 +14,7 @@ const messages = defineMessages({
 class EmbedModal extends ImmutablePureComponent {
 
   static propTypes = {
-    id: PropTypes.string.isRequired,
+    url: PropTypes.string.isRequired,
     onClose: PropTypes.func.isRequired,
     onError: PropTypes.func.isRequired,
     intl: PropTypes.object.isRequired,
@@ -26,11 +26,11 @@ class EmbedModal extends ImmutablePureComponent {
   };
 
   componentDidMount () {
-    const { id } = this.props;
+    const { url } = this.props;
 
     this.setState({ loading: true });
 
-    api().get(`/api/web/embeds/${id}`).then(res => {
+    api().post('/api/web/embed', { url }).then(res => {
       this.setState({ loading: false, oembed: res.data });
 
       const iframeDocument = this.iframe.contentWindow.document;

app/javascript/mastodon/features/ui/components/link_footer.jsx

@@ -38,7 +38,6 @@ class LinkFooter extends PureComponent {
   };
 
   static propTypes = {
-    multiColumn: PropTypes.bool,
     onLogout: PropTypes.func.isRequired,
     intl: PropTypes.object.isRequired,
   };
@@ -54,7 +53,6 @@ class LinkFooter extends PureComponent {
 
   render () {
     const { signedIn, permissions } = this.context.identity;
-    const { multiColumn } = this.props;
 
     const canInvite = signedIn && ((permissions & PERMISSION_INVITE_USERS) === PERMISSION_INVITE_USERS);
     const canProfileDirectory = profileDirectory;
@@ -66,7 +64,7 @@ class LinkFooter extends PureComponent {
         <p>
           <strong>{domain}</strong>:
           {' '}
-          <Link to='/about' target={multiColumn ? '_blank' : undefined}><FormattedMessage id='footer.about' defaultMessage='About' /></Link>
+          <Link to='/about'><FormattedMessage id='footer.about' defaultMessage='About' /></Link>
           {statusPageUrl && (
             <>
               {DividingCircle}
@@ -86,7 +84,7 @@ class LinkFooter extends PureComponent {
             </>
           )}
           {DividingCircle}
-          <Link to='/privacy-policy' target={multiColumn ? '_blank' : undefined}><FormattedMessage id='footer.privacy_policy' defaultMessage='Privacy policy' /></Link>
+          <Link to='/privacy-policy'><FormattedMessage id='footer.privacy_policy' defaultMessage='Privacy policy' /></Link>
         </p>
 
         <p>

app/javascript/mastodon/features/ui/components/navigation_panel.jsx

@@ -8,7 +8,6 @@ import { Link } from 'react-router-dom';
 import { WordmarkLogo } from 'mastodon/components/logo';
 import NavigationPortal from 'mastodon/components/navigation_portal';
 import { timelinePreview, trendsEnabled } from 'mastodon/initial_state';
-import { transientSingleColumn } from 'mastodon/is_mobile';
 
 import ColumnLink from './column_link';
 import DisabledAccountBanner from './disabled_account_banner';
@@ -30,7 +29,6 @@ const messages = defineMessages({
   followsAndFollowers: { id: 'navigation_bar.follows_and_followers', defaultMessage: 'Follows and followers' },
   about: { id: 'navigation_bar.about', defaultMessage: 'About' },
   search: { id: 'navigation_bar.search', defaultMessage: 'Search' },
-  advancedInterface: { id: 'navigation_bar.advanced_interface', defaultMessage: 'Open in advanced web interface' },
 });
 
 class NavigationPanel extends Component {
@@ -56,12 +54,6 @@ class NavigationPanel extends Component {
       <div className='navigation-panel'>
         <div className='navigation-panel__logo'>
           <Link to='/' className='column-link column-link--logo'><WordmarkLogo /></Link>
-
-          {transientSingleColumn && (
-            <a href={`/deck${location.pathname}`} className='button button--block'>
-              {intl.formatMessage(messages.advancedInterface)}
-            </a>
-          )}
           <hr />
         </div>
 

app/javascript/mastodon/features/ui/index.jsx

@@ -126,11 +126,11 @@ class SwitchingColumnsArea extends PureComponent {
   static propTypes = {
     children: PropTypes.node,
     location: PropTypes.object,
-    singleColumn: PropTypes.bool,
+    mobile: PropTypes.bool,
   };
 
   UNSAFE_componentWillMount () {
-    if (this.props.singleColumn) {
+    if (this.props.mobile) {
       document.body.classList.toggle('layout-single-column', true);
       document.body.classList.toggle('layout-multiple-columns', false);
     } else {
@@ -144,9 +144,9 @@ class SwitchingColumnsArea extends PureComponent {
       this.node.handleChildrenContentChange();
     }
 
-    if (prevProps.singleColumn !== this.props.singleColumn) {
+    if (prevProps.mobile !== this.props.mobile) {
-      document.body.classList.toggle('layout-single-column', this.props.singleColumn);
+      document.body.classList.toggle('layout-single-column', this.props.mobile);
-      document.body.classList.toggle('layout-multiple-columns', !this.props.singleColumn);
+      document.body.classList.toggle('layout-multiple-columns', !this.props.mobile);
     }
   }
 
@@ -157,17 +157,16 @@ class SwitchingColumnsArea extends PureComponent {
   };
 
   render () {
-    const { children, singleColumn } = this.props;
+    const { children, mobile } = this.props;
     const { signedIn } = this.context.identity;
-    const pathName = this.props.location.pathname;
 
     let redirect;
 
     if (signedIn) {
-      if (singleColumn) {
+      if (mobile) {
         redirect = <Redirect from='/' to='/home' exact />;
       } else {
-        redirect = <Redirect from='/' to='/deck/getting-started' exact />;
+        redirect = <Redirect from='/' to='/getting-started' exact />;
       }
     } else if (singleUserMode && owner && initialState?.accounts[owner]) {
       redirect = <Redirect from='/' to={`/@${initialState.accounts[owner].username}`} exact />;
@@ -178,13 +177,10 @@ class SwitchingColumnsArea extends PureComponent {
     }
 
     return (
-      <ColumnsAreaContainer ref={this.setRef} singleColumn={singleColumn}>
+      <ColumnsAreaContainer ref={this.setRef} singleColumn={mobile}>
         <WrappedSwitch>
           {redirect}
 
-          {singleColumn ? <Redirect from='/deck' to='/home' exact /> : null}
-          {singleColumn && pathName.startsWith('/deck/') ? <Redirect from={pathName} to={pathName.slice(5)} /> : null}
-
           <WrappedRoute path='/getting-started' component={GettingStarted} content={children} />
           <WrappedRoute path='/keyboard-shortcuts' component={KeyboardShortcuts} content={children} />
           <WrappedRoute path='/about' component={About} content={children} />
@@ -577,7 +573,7 @@ class UI extends PureComponent {
         <div className={classNames('ui', { 'is-composing': isComposing })} ref={this.setRef} style={{ pointerEvents: dropdownMenuIsOpen ? 'none' : null }}>
           <Header />
 
-          <SwitchingColumnsArea location={location} singleColumn={layout === 'mobile' || layout === 'single-column'}>
+          <SwitchingColumnsArea location={location} mobile={layout === 'mobile' || layout === 'single-column'}>
             {children}
           </SwitchingColumnsArea>
 

app/javascript/mastodon/features/ui/util/react_router_helpers.jsx

@@ -11,21 +11,13 @@ import BundleContainer from '../containers/bundle_container';
 
 // Small wrapper to pass multiColumn to the route components
 export class WrappedSwitch extends PureComponent {
-  static contextTypes = {
-    router: PropTypes.object,
-  };
 
   render () {
     const { multiColumn, children } = this.props;
-    const { location } = this.context.router.route;
-
-    const decklessLocation = multiColumn && location.pathname.startsWith('/deck')
-      ? {...location, pathname: location.pathname.slice(5)}
-      : location;
 
     return (
-      <Switch location={decklessLocation}>
+      <Switch>
-        {Children.map(children, child => child ? cloneElement(child, { multiColumn }) : null)}
+        {Children.map(children, child => cloneElement(child, { multiColumn }))}
       </Switch>
     );
   }

app/javascript/mastodon/initial_state.js

@@ -94,13 +94,6 @@ const element = document.getElementById('initial-state');
 /** @type {InitialState | undefined} */
 const initialState = element?.textContent && JSON.parse(element.textContent);
 
-/** @type {string} */
-const initialPath = document.querySelector("head meta[name=initialPath]")?.getAttribute("content") ?? '';
-/** @type {boolean} */
-export const hasMultiColumnPath = initialPath === '/'
-  || initialPath === '/getting-started'
-  || initialPath.startsWith('/deck');
-
 /**
  * @template {keyof InitialStateMeta} K
  * @param {K} prop

app/javascript/mastodon/is_mobile.ts

@@ -1,21 +1,19 @@
 import { supportsPassiveEvents } from 'detect-passive-events';
 
-import { forceSingleColumn, hasMultiColumnPath } from './initial_state';
+import { forceSingleColumn } from './initial_state';
 
 const LAYOUT_BREAKPOINT = 630;
 
 export const isMobile = (width: number) => width <= LAYOUT_BREAKPOINT;
 
-export const transientSingleColumn = !forceSingleColumn && !hasMultiColumnPath;
-
 export type LayoutType = 'mobile' | 'single-column' | 'multi-column';
 export const layoutFromWindow = (): LayoutType => {
   if (isMobile(window.innerWidth)) {
     return 'mobile';
-  } else if (!forceSingleColumn && !transientSingleColumn) {
+  } else if (forceSingleColumn) {
-    return 'multi-column';
-  } else {
     return 'single-column';
+  } else {
+    return 'multi-column';
   }
 };
 

app/javascript/mastodon/locales/en.json

@@ -385,7 +385,6 @@
   "mute_modal.hide_notifications": "Hide notifications from this user?",
   "mute_modal.indefinite": "Indefinite",
   "navigation_bar.about": "About",
-  "navigation_bar.advanced_interface": "Open in advanced web interface",
   "navigation_bar.blocks": "Blocked users",
   "navigation_bar.bookmarks": "Bookmarks",
   "navigation_bar.community_timeline": "Local timeline",

app/javascript/mastodon/locales/fr.json

@@ -368,7 +368,6 @@
   "mute_modal.hide_notifications": "Masquer les notifications de cette personne ?",
   "mute_modal.indefinite": "Indéfinie",
   "navigation_bar.about": "À propos",
-  "navigation_bar.advanced_interface": "Ouvrir dans l’interface avancée",
   "navigation_bar.blocks": "Comptes bloqués",
   "navigation_bar.bookmarks": "Marque-pages",
   "navigation_bar.community_timeline": "Fil public local",

app/javascript/styles/mastodon/components.scss

@@ -1423,7 +1423,6 @@ body > [data-popper-placement] {
 .detailed-status__link {
   color: inherit;
   text-decoration: none;
-  white-space: nowrap;
 }
 
 .detailed-status__favorites,

app/models/status.rb

@@ -103,9 +103,7 @@ class Status < ApplicationRecord
   scope :not_domain_blocked_by_account, ->(account) { account.excluded_from_timeline_domains.blank? ? left_outer_joins(:account) : left_outer_joins(:account).where('accounts.domain IS NULL OR accounts.domain NOT IN (?)', account.excluded_from_timeline_domains) }
   scope :tagged_with_all, lambda { |tag_ids|
     Array(tag_ids).map(&:to_i).reduce(self) do |result, id|
-      result.where(<<~SQL.squish, tag_id: id)
+      result.joins("INNER JOIN statuses_tags t#{id} ON t#{id}.status_id = statuses.id AND t#{id}.tag_id = #{id}")
-        EXISTS(SELECT 1 FROM statuses_tags WHERE statuses_tags.status_id = statuses.id AND statuses_tags.tag_id = :tag_id)
-      SQL
     end
   }
   scope :tagged_with_none, lambda { |tag_ids|

app/views/shared/_web_app.html.haml

@@ -3,7 +3,6 @@
     = preload_pack_asset 'features/compose.js', crossorigin: 'anonymous'
     = preload_pack_asset 'features/home_timeline.js', crossorigin: 'anonymous'
     = preload_pack_asset 'features/notifications.js', crossorigin: 'anonymous'
-    %meta{ name: 'initialPath', content: request.path }
 
   %meta{ name: 'applicationServerKey', content: Rails.configuration.x.vapid_public_key }
 

config/brakeman.ignore

@@ -1,5 +1,28 @@
 {
   "ignored_warnings": [
+    {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "19df3740b8d02a9fe0eb52c939b4b87d3a2a591162a6adfa8d64e9c26aeebe6d",
+      "check_name": "SQL",
+      "message": "Possible SQL injection",
+      "file": "app/models/status.rb",
+      "line": 106,
+      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "result.joins(\"INNER JOIN statuses_tags t#{id} ON t#{id}.status_id = statuses.id AND t#{id}.tag_id = #{id}\")",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Status",
+        "method": null
+      },
+      "user_input": "id",
+      "confidence": "Weak",
+      "cwe_id": [
+        89
+      ],
+      "note": ""
+    },
     {
       "warning_type": "Cross-Site Scripting",
       "warning_code": 2,
@@ -183,6 +206,6 @@
       "note": ""
     }
   ],
-  "updated": "2023-07-12 11:20:51 -0400",
+  "updated": "2023-07-11 16:08:58 +0200",
   "brakeman_version": "6.0.0"
 }

config/routes.rb

@@ -30,7 +30,6 @@ Rails.application.routes.draw do
     /mutes
     /followed_tags
     /statuses/(*any)
-    /deck/(*any)
   ).freeze
 
   root 'home#index'

config/routes/api.rb

@@ -296,7 +296,7 @@ namespace :api, format: false do
 
   namespace :web do
     resource :settings, only: [:update]
-    resources :embeds, only: [:show]
+    resource :embed, only: [:create]
     resources :push_subscriptions, only: [:create] do
       member do
         put :update

package.json

@@ -106,7 +106,6 @@
     "react-overlays": "^5.2.1",
     "react-redux": "^8.0.4",
     "react-redux-loading-bar": "^5.0.4",
-    "react-router": "^4.3.1",
     "react-router-dom": "^4.1.1",
     "react-router-scroll-4": "^1.0.0-beta.1",
     "react-select": "^5.7.3",

spec/controllers/api/web/embeds_controller_spec.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe Api::Web::EmbedsController do
+  render_views
+
+  let(:user) { Fabricate(:user) }
+
+  before { sign_in user }
+
+  describe 'POST #create' do
+    subject(:body) { JSON.parse(response.body, symbolize_names: true) }
+
+    let(:response) { post :create, params: { url: url } }
+
+    context 'when successfully finds status' do
+      let(:status) { Fabricate(:status) }
+      let(:url) { "http://#{Rails.configuration.x.web_domain}/@#{status.account.username}/#{status.id}" }
+
+      it 'returns a right response' do
+        expect(response).to have_http_status 200
+        expect(body[:author_name]).to eq status.account.username
+      end
+    end
+
+    context 'when fails to find status' do
+      let(:url) { 'https://host.test/oembed.html' }
+      let(:service_instance) { instance_double(FetchOEmbedService) }
+
+      before do
+        allow(FetchOEmbedService).to receive(:new) { service_instance }
+        allow(service_instance).to receive(:call) { call_result }
+      end
+
+      context 'when successfully fetching oembed' do
+        let(:call_result) { { result: :ok } }
+
+        it 'returns a right response' do
+          expect(response).to have_http_status 200
+          expect(body[:result]).to eq 'ok'
+        end
+      end
+
+      context 'when fails to fetch oembed' do
+        let(:call_result) { nil }
+
+        it 'returns a right response' do
+          expect(response).to have_http_status 404
+        end
+      end
+    end
+  end
+end

spec/requests/api/web/embeds_spec.rb

@@ -1,161 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-RSpec.describe '/api/web/embed' do
-  subject { get "/api/web/embeds/#{id}", headers: headers }
-
-  context 'when accessed anonymously' do
-    let(:headers) { {} }
-
-    context 'when the requested status is local' do
-      let(:id) { status.id }
-
-      context 'when the requested status is public' do
-        let(:status) { Fabricate(:status, visibility: :public) }
-
-        it 'returns JSON with an html attribute' do
-          subject
-
-          expect(response).to have_http_status(200)
-          expect(body_as_json[:html]).to be_present
-        end
-      end
-
-      context 'when the requested status is private' do
-        let(:status) { Fabricate(:status, visibility: :private) }
-
-        it 'returns http not found' do
-          subject
-
-          expect(response).to have_http_status(404)
-        end
-      end
-    end
-
-    context 'when the requested status is remote' do
-      let(:remote_account) { Fabricate(:account, domain: 'example.com') }
-      let(:status)         { Fabricate(:status, visibility: :public, account: remote_account, url: 'https://example.com/statuses/1') }
-      let(:id)             { status.id }
-
-      it 'returns http not found' do
-        subject
-
-        expect(response).to have_http_status(404)
-      end
-    end
-
-    context 'when the requested status does not exist' do
-      let(:id) { -1 }
-
-      it 'returns http not found' do
-        subject
-
-        expect(response).to have_http_status(404)
-      end
-    end
-  end
-
-  context 'with an API token' do
-    let(:user)    { Fabricate(:user) }
-    let(:token)   { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') }
-    let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
-
-    context 'when the requested status is local' do
-      let(:id) { status.id }
-
-      context 'when the requested status is public' do
-        let(:status) { Fabricate(:status, visibility: :public) }
-
-        it 'returns JSON with an html attribute' do
-          subject
-
-          expect(response).to have_http_status(200)
-          expect(body_as_json[:html]).to be_present
-        end
-
-        context 'when the requesting user is blocked' do
-          before do
-            status.account.block!(user.account)
-          end
-
-          it 'returns http not found' do
-            subject
-
-            expect(response).to have_http_status(404)
-          end
-        end
-      end
-
-      context 'when the requested status is private' do
-        let(:status) { Fabricate(:status, visibility: :private) }
-
-        before do
-          user.account.follow!(status.account)
-        end
-
-        it 'returns http not found' do
-          subject
-
-          expect(response).to have_http_status(404)
-        end
-      end
-    end
-
-    context 'when the requested status is remote' do
-      let(:remote_account) { Fabricate(:account, domain: 'example.com') }
-      let(:status)         { Fabricate(:status, visibility: :public, account: remote_account, url: 'https://example.com/statuses/1') }
-      let(:id)             { status.id }
-
-      let(:service_instance) { instance_double(FetchOEmbedService) }
-
-      before do
-        allow(FetchOEmbedService).to receive(:new) { service_instance }
-        allow(service_instance).to receive(:call) { call_result }
-      end
-
-      context 'when the requesting user is blocked' do
-        before do
-          status.account.block!(user.account)
-        end
-
-        it 'returns http not found' do
-          subject
-
-          expect(response).to have_http_status(404)
-        end
-      end
-
-      context 'when successfully fetching OEmbed' do
-        let(:call_result) { { html: 'ok' } }
-
-        it 'returns JSON with an html attribute' do
-          subject
-
-          expect(response).to have_http_status(200)
-          expect(body_as_json[:html]).to be_present
-        end
-      end
-
-      context 'when failing to fetch OEmbed' do
-        let(:call_result) { nil }
-
-        it 'returns http not found' do
-          subject
-
-          expect(response).to have_http_status(404)
-        end
-      end
-    end
-
-    context 'when the requested status does not exist' do
-      let(:id) { -1 }
-
-      it 'returns http not found' do
-        subject
-
-        expect(response).to have_http_status(404)
-      end
-    end
-  end
-end