From 4ea041fe6781d815a5ab832d2866b34b161acef1 Mon Sep 17 00:00:00 2001 From: Renaud Chaput Date: Fri, 21 Jul 2023 10:46:12 +0200 Subject: [PATCH 1/4] Improve the bug report templates (#25621) --- .github/ISSUE_TEMPLATE/1.bug_report.yml | 56 -------------- .github/ISSUE_TEMPLATE/1.web_bug_report.yml | 76 +++++++++++++++++++ .../ISSUE_TEMPLATE/2.server_bug_report.yml | 65 ++++++++++++++++ ...ture_request.yml => 3.feature_request.yml} | 0 4 files changed, 141 insertions(+), 56 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE/1.bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/1.web_bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/2.server_bug_report.yml rename .github/ISSUE_TEMPLATE/{2.feature_request.yml => 3.feature_request.yml} (100%) diff --git a/.github/ISSUE_TEMPLATE/1.bug_report.yml b/.github/ISSUE_TEMPLATE/1.bug_report.yml deleted file mode 100644 index 22f51f7bdf..0000000000 --- a/.github/ISSUE_TEMPLATE/1.bug_report.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: Bug Report -description: If something isn't working as expected -labels: [bug] -body: - - type: markdown - attributes: - value: | - Make sure that you are submitting a new bug that was not previously reported or already fixed. - - Please use a concise and distinct title for the issue. - - type: textarea - attributes: - label: Steps to reproduce the problem - description: What were you trying to do? - value: | - 1. - 2. - 3. - ... - validations: - required: true - - type: input - attributes: - label: Expected behaviour - description: What should have happened? - validations: - required: true - - type: input - attributes: - label: Actual behaviour - description: What happened? - validations: - required: true - - type: textarea - attributes: - label: Detailed description - validations: - required: false - - type: textarea - attributes: - label: Specifications - description: | - What version or commit hash of Mastodon did you find this bug in? - - If a front-end issue, what browser and operating systems were you using? - placeholder: | - Mastodon 3.5.3 (or Edge) - Ruby 2.7.6 (or v3.1.2) - Node.js 16.18.0 - - Google Chrome 106.0.5249.119 - Firefox 105.0.3 - - etc... - validations: - required: true diff --git a/.github/ISSUE_TEMPLATE/1.web_bug_report.yml b/.github/ISSUE_TEMPLATE/1.web_bug_report.yml new file mode 100644 index 0000000000..20e27d103c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/1.web_bug_report.yml @@ -0,0 +1,76 @@ +name: Bug Report (Web Interface) +description: If you are using Mastodon's web interface and something is not working as expected +labels: [bug, 'status/to triage', 'area/web interface'] +body: + - type: markdown + attributes: + value: | + Make sure that you are submitting a new bug that was not previously reported or already fixed. + + Please use a concise and distinct title for the issue. + - type: textarea + attributes: + label: Steps to reproduce the problem + description: What were you trying to do? + value: | + 1. + 2. + 3. + ... + validations: + required: true + - type: input + attributes: + label: Expected behaviour + description: What should have happened? + validations: + required: true + - type: input + attributes: + label: Actual behaviour + description: What happened? + validations: + required: true + - type: textarea + attributes: + label: Detailed description + validations: + required: false + - type: input + attributes: + label: Mastodon instance + description: The address of the Mastodon instance where you experienced the issue + placeholder: mastodon.social + validations: + required: true + - type: input + attributes: + label: Mastodon version + description: | + This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627` + placeholder: v4.1.2 + validations: + required: true + - type: input + attributes: + label: Browser name and version + description: | + What browser are you using when getting this bug? Please specify the version as well. + placeholder: Firefox 105.0.3 + validations: + required: true + - type: input + attributes: + label: Operating system + description: | + What OS are you running? Please specify the version as well. + placeholder: macOS 13.4.1 + validations: + required: true + - type: textarea + attributes: + label: Technical details + description: | + Any additional technical details you may have. This can include the full error log, inspector's output… + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/2.server_bug_report.yml b/.github/ISSUE_TEMPLATE/2.server_bug_report.yml new file mode 100644 index 0000000000..49d5f57209 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/2.server_bug_report.yml @@ -0,0 +1,65 @@ +name: Bug Report (server / API) +description: | + If something is not working as expected, but is not from using the web interface. +labels: [bug, 'status/to triage'] +body: + - type: markdown + attributes: + value: | + Make sure that you are submitting a new bug that was not previously reported or already fixed. + + Please use a concise and distinct title for the issue. + - type: textarea + attributes: + label: Steps to reproduce the problem + description: What were you trying to do? + value: | + 1. + 2. + 3. + ... + validations: + required: true + - type: input + attributes: + label: Expected behaviour + description: What should have happened? + validations: + required: true + - type: input + attributes: + label: Actual behaviour + description: What happened? + validations: + required: true + - type: textarea + attributes: + label: Detailed description + validations: + required: false + - type: input + attributes: + label: Mastodon instance + description: The address of the Mastodon instance where you experienced the issue + placeholder: mastodon.social + validations: + required: false + - type: input + attributes: + label: Mastodon version + description: | + This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627` + placeholder: v4.1.2 + validations: + required: false + - type: textarea + attributes: + label: Technical details + description: | + Any additional technical details you may have, like logs or error traces + value: | + If this is happening on your own Mastodon server, please fill out those: + - Ruby version: (from `ruby --version`, eg. v3.1.2) + - Node.js version: (from `node --version`, eg. v18.16.0) + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/2.feature_request.yml b/.github/ISSUE_TEMPLATE/3.feature_request.yml similarity index 100% rename from .github/ISSUE_TEMPLATE/2.feature_request.yml rename to .github/ISSUE_TEMPLATE/3.feature_request.yml From 42698b4c5c4f33b50e47e271eb37e0aba3e08147 Mon Sep 17 00:00:00 2001 From: Renaud Chaput Date: Fri, 21 Jul 2023 11:14:26 +0200 Subject: [PATCH 2/4] Fix the crossorigin attribute (#26096) --- app/views/layouts/application.html.haml | 2 +- app/views/layouts/embedded.html.haml | 2 +- app/views/shared/_web_app.html.haml | 6 +++--- config/webpack/shared.js | 1 + lib/webpacker/helper_extensions.rb | 9 ++++++++- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index f2d7af4961..4fe2f18bfb 100755 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -29,7 +29,7 @@ = stylesheet_pack_tag 'common', media: 'all', crossorigin: 'anonymous' = stylesheet_pack_tag current_theme, media: 'all', crossorigin: 'anonymous' = javascript_pack_tag 'common', crossorigin: 'anonymous' - = preload_pack_asset "locale/#{I18n.locale}-json.js", crossorigin: 'anonymous' + = preload_pack_asset "locale/#{I18n.locale}-json.js" = csrf_meta_tags unless skip_csrf_meta_tags? %meta{ name: 'style-nonce', content: request.content_security_policy_nonce } diff --git a/app/views/layouts/embedded.html.haml b/app/views/layouts/embedded.html.haml index 53e1fd7932..d8aa522d80 100644 --- a/app/views/layouts/embedded.html.haml +++ b/app/views/layouts/embedded.html.haml @@ -14,7 +14,7 @@ = stylesheet_pack_tag 'common', media: 'all', crossorigin: 'anonymous' = stylesheet_pack_tag Setting.default_settings['theme'], media: 'all', crossorigin: 'anonymous' = javascript_pack_tag 'common', integrity: true, crossorigin: 'anonymous' - = preload_pack_asset "locale/#{I18n.locale}-json.js", crossorigin: 'anonymous' + = preload_pack_asset "locale/#{I18n.locale}-json.js" = render_initial_state = javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous' %body.embed diff --git a/app/views/shared/_web_app.html.haml b/app/views/shared/_web_app.html.haml index 9a1c3dc0bf..e9ca541691 100644 --- a/app/views/shared/_web_app.html.haml +++ b/app/views/shared/_web_app.html.haml @@ -1,8 +1,8 @@ - content_for :header_tags do - if user_signed_in? - = preload_pack_asset 'features/compose.js', crossorigin: 'anonymous' - = preload_pack_asset 'features/home_timeline.js', crossorigin: 'anonymous' - = preload_pack_asset 'features/notifications.js', crossorigin: 'anonymous' + = preload_pack_asset 'features/compose.js' + = preload_pack_asset 'features/home_timeline.js' + = preload_pack_asset 'features/notifications.js' %meta{ name: 'initialPath', content: request.path } %meta{ name: 'applicationServerKey', content: Rails.configuration.x.vapid_public_key } diff --git a/config/webpack/shared.js b/config/webpack/shared.js index bb6ae74c33..3b69282d53 100644 --- a/config/webpack/shared.js +++ b/config/webpack/shared.js @@ -34,6 +34,7 @@ module.exports = { chunkFilename: 'js/[name]-[chunkhash].chunk.js', hotUpdateChunkFilename: 'js/[id]-[hash].hot-update.js', hashFunction: 'sha256', + crossOriginLoading: 'anonymous', path: output.path, publicPath: output.publicPath, }, diff --git a/lib/webpacker/helper_extensions.rb b/lib/webpacker/helper_extensions.rb index 8f46d76313..3872e3d86d 100644 --- a/lib/webpacker/helper_extensions.rb +++ b/lib/webpacker/helper_extensions.rb @@ -13,7 +13,14 @@ module Webpacker::HelperExtensions def preload_pack_asset(name, **options) src, integrity = current_webpacker_instance.manifest.lookup!(name, with_integrity: true) - preload_link_tag(src, options.merge(integrity: integrity)) + + # This attribute will only work if the assets are on a different domain. + # And Webpack will (correctly) only add it in this case, so we need to conditionally set it here + # otherwise the preloaded request and the real request will have different crossorigin values + # and the preloaded file wont be loaded + crossorigin = 'anonymous' if Rails.configuration.action_controller.asset_host.present? + + preload_link_tag(src, options.merge(integrity: integrity, crossorigin: crossorigin)) end end From 5cbc402687a99511b8fa20b1541a774c0428be16 Mon Sep 17 00:00:00 2001 From: Claire Date: Fri, 21 Jul 2023 11:30:53 +0200 Subject: [PATCH 3/4] Fix replica being used even if not explicitly defined (#26074) --- app/models/application_record.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/application_record.rb b/app/models/application_record.rb index 23e0af3a2a..efff5cdad5 100644 --- a/app/models/application_record.rb +++ b/app/models/application_record.rb @@ -5,7 +5,7 @@ class ApplicationRecord < ActiveRecord::Base include Remotable - connects_to database: { writing: :primary, reading: :read } + connects_to database: { writing: :primary, reading: ENV['DB_REPLICA_NAME'] || ENV['READ_DATABASE_URL'] ? :read : :primary } class << self def update_index(_type_name, *_args, &_block) From 144a406d332b034caa812ade2629df03ed4898d7 Mon Sep 17 00:00:00 2001 From: Claire Date: Fri, 21 Jul 2023 13:13:16 +0200 Subject: [PATCH 4/4] Clean up unused application records (#24871) --- .rubocop_todo.yml | 1 + app/lib/application_extension.rb | 2 + app/lib/vacuum/applications_vacuum.rb | 10 +++++ app/workers/scheduler/vacuum_scheduler.rb | 5 +++ spec/lib/vacuum/applications_vacuum_spec.rb | 48 +++++++++++++++++++++ 5 files changed, 66 insertions(+) create mode 100644 app/lib/vacuum/applications_vacuum.rb create mode 100644 spec/lib/vacuum/applications_vacuum_spec.rb diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 32fb99b772..71e8623ec5 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -289,6 +289,7 @@ RSpec/LetSetup: - 'spec/controllers/oauth/tokens_controller_spec.rb' - 'spec/controllers/settings/imports_controller_spec.rb' - 'spec/lib/activitypub/activity/delete_spec.rb' + - 'spec/lib/vacuum/applications_vacuum_spec.rb' - 'spec/lib/vacuum/preview_cards_vacuum_spec.rb' - 'spec/models/account_spec.rb' - 'spec/models/account_statuses_cleanup_policy_spec.rb' diff --git a/app/lib/application_extension.rb b/app/lib/application_extension.rb index 4de69c1ead..fb442e2c2d 100644 --- a/app/lib/application_extension.rb +++ b/app/lib/application_extension.rb @@ -4,6 +4,8 @@ module ApplicationExtension extend ActiveSupport::Concern included do + has_many :created_users, class_name: 'User', foreign_key: 'created_by_application_id', inverse_of: :created_by_application + validates :name, length: { maximum: 60 } validates :website, url: true, length: { maximum: 2_000 }, if: :website? validates :redirect_uri, length: { maximum: 2_000 } diff --git a/app/lib/vacuum/applications_vacuum.rb b/app/lib/vacuum/applications_vacuum.rb new file mode 100644 index 0000000000..ba88655f16 --- /dev/null +++ b/app/lib/vacuum/applications_vacuum.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +class Vacuum::ApplicationsVacuum + def perform + Doorkeeper::Application.where(owner_id: nil) + .where.missing(:created_users, :access_tokens, :access_grants) + .where(created_at: ...1.day.ago) + .in_batches.delete_all + end +end diff --git a/app/workers/scheduler/vacuum_scheduler.rb b/app/workers/scheduler/vacuum_scheduler.rb index 9e884caefd..9c040f6e47 100644 --- a/app/workers/scheduler/vacuum_scheduler.rb +++ b/app/workers/scheduler/vacuum_scheduler.rb @@ -22,6 +22,7 @@ class Scheduler::VacuumScheduler preview_cards_vacuum, backups_vacuum, access_tokens_vacuum, + applications_vacuum, feeds_vacuum, imports_vacuum, ] @@ -55,6 +56,10 @@ class Scheduler::VacuumScheduler Vacuum::ImportsVacuum.new end + def applications_vacuum + Vacuum::ApplicationsVacuum.new + end + def content_retention_policy ContentRetentionPolicy.current end diff --git a/spec/lib/vacuum/applications_vacuum_spec.rb b/spec/lib/vacuum/applications_vacuum_spec.rb new file mode 100644 index 0000000000..d30311ab13 --- /dev/null +++ b/spec/lib/vacuum/applications_vacuum_spec.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe Vacuum::ApplicationsVacuum do + subject { described_class.new } + + describe '#perform' do + let!(:app1) { Fabricate(:application, created_at: 1.month.ago) } + let!(:app2) { Fabricate(:application, created_at: 1.month.ago) } + let!(:app3) { Fabricate(:application, created_at: 1.month.ago) } + let!(:app4) { Fabricate(:application, created_at: 1.month.ago, owner: Fabricate(:user)) } + let!(:app5) { Fabricate(:application, created_at: 1.month.ago) } + let!(:app6) { Fabricate(:application, created_at: 1.hour.ago) } + + let!(:active_access_token) { Fabricate(:access_token, application: app1) } + let!(:active_access_grant) { Fabricate(:access_grant, application: app2) } + let!(:user) { Fabricate(:user, created_by_application: app3) } + + before do + subject.perform + end + + it 'does not delete applications with valid access tokens' do + expect { app1.reload }.to_not raise_error + end + + it 'does not delete applications with valid access grants' do + expect { app2.reload }.to_not raise_error + end + + it 'does not delete applications that were used to create users' do + expect { app3.reload }.to_not raise_error + end + + it 'does not delete owned applications' do + expect { app4.reload }.to_not raise_error + end + + it 'does not delete applications registered less than a day ago' do + expect { app6.reload }.to_not raise_error + end + + it 'deletes unused applications' do + expect { app5.reload }.to raise_error ActiveRecord::RecordNotFound + end + end +end