Merge commit '144a406d332b034caa812ade2629df03ed4898d7' into glitch-soc/merge-upstream

Conflicts:
- `app/views/layouts/application.html.haml`:
  Upstream removed the `crossorigin` attribute from `preload_pack_asset`.
  Glitch-soc had different calls to `preload_pack_asset` because of the
  different theming system.
  Ported the change.
- `app/views/layouts/embedded.html.haml`:
  Upstream removed the `crossorigin` attribute from `preload_pack_asset`.
  Glitch-soc had different calls to `preload_pack_asset` because of the
  different theming system.
  Ported the change.
main-unfiltered
Claire 2023-07-30 13:42:06 +02:00
commit 7635c67450
16 changed files with 226 additions and 67 deletions

View File

@ -1,56 +0,0 @@
name: Bug Report
description: If something isn't working as expected
labels: [bug]
body:
- type: markdown
attributes:
value: |
Make sure that you are submitting a new bug that was not previously reported or already fixed.
Please use a concise and distinct title for the issue.
- type: textarea
attributes:
label: Steps to reproduce the problem
description: What were you trying to do?
value: |
1.
2.
3.
...
validations:
required: true
- type: input
attributes:
label: Expected behaviour
description: What should have happened?
validations:
required: true
- type: input
attributes:
label: Actual behaviour
description: What happened?
validations:
required: true
- type: textarea
attributes:
label: Detailed description
validations:
required: false
- type: textarea
attributes:
label: Specifications
description: |
What version or commit hash of Mastodon did you find this bug in?
If a front-end issue, what browser and operating systems were you using?
placeholder: |
Mastodon 3.5.3 (or Edge)
Ruby 2.7.6 (or v3.1.2)
Node.js 16.18.0
Google Chrome 106.0.5249.119
Firefox 105.0.3
etc...
validations:
required: true

View File

@ -0,0 +1,76 @@
name: Bug Report (Web Interface)
description: If you are using Mastodon's web interface and something is not working as expected
labels: [bug, 'status/to triage', 'area/web interface']
body:
- type: markdown
attributes:
value: |
Make sure that you are submitting a new bug that was not previously reported or already fixed.
Please use a concise and distinct title for the issue.
- type: textarea
attributes:
label: Steps to reproduce the problem
description: What were you trying to do?
value: |
1.
2.
3.
...
validations:
required: true
- type: input
attributes:
label: Expected behaviour
description: What should have happened?
validations:
required: true
- type: input
attributes:
label: Actual behaviour
description: What happened?
validations:
required: true
- type: textarea
attributes:
label: Detailed description
validations:
required: false
- type: input
attributes:
label: Mastodon instance
description: The address of the Mastodon instance where you experienced the issue
placeholder: mastodon.social
validations:
required: true
- type: input
attributes:
label: Mastodon version
description: |
This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627`
placeholder: v4.1.2
validations:
required: true
- type: input
attributes:
label: Browser name and version
description: |
What browser are you using when getting this bug? Please specify the version as well.
placeholder: Firefox 105.0.3
validations:
required: true
- type: input
attributes:
label: Operating system
description: |
What OS are you running? Please specify the version as well.
placeholder: macOS 13.4.1
validations:
required: true
- type: textarea
attributes:
label: Technical details
description: |
Any additional technical details you may have. This can include the full error log, inspector's output…
validations:
required: false

View File

@ -0,0 +1,65 @@
name: Bug Report (server / API)
description: |
If something is not working as expected, but is not from using the web interface.
labels: [bug, 'status/to triage']
body:
- type: markdown
attributes:
value: |
Make sure that you are submitting a new bug that was not previously reported or already fixed.
Please use a concise and distinct title for the issue.
- type: textarea
attributes:
label: Steps to reproduce the problem
description: What were you trying to do?
value: |
1.
2.
3.
...
validations:
required: true
- type: input
attributes:
label: Expected behaviour
description: What should have happened?
validations:
required: true
- type: input
attributes:
label: Actual behaviour
description: What happened?
validations:
required: true
- type: textarea
attributes:
label: Detailed description
validations:
required: false
- type: input
attributes:
label: Mastodon instance
description: The address of the Mastodon instance where you experienced the issue
placeholder: mastodon.social
validations:
required: false
- type: input
attributes:
label: Mastodon version
description: |
This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627`
placeholder: v4.1.2
validations:
required: false
- type: textarea
attributes:
label: Technical details
description: |
Any additional technical details you may have, like logs or error traces
value: |
If this is happening on your own Mastodon server, please fill out those:
- Ruby version: (from `ruby --version`, eg. v3.1.2)
- Node.js version: (from `node --version`, eg. v18.16.0)
validations:
required: false

View File

@ -291,6 +291,7 @@ RSpec/LetSetup:
- 'spec/controllers/oauth/tokens_controller_spec.rb' - 'spec/controllers/oauth/tokens_controller_spec.rb'
- 'spec/controllers/settings/imports_controller_spec.rb' - 'spec/controllers/settings/imports_controller_spec.rb'
- 'spec/lib/activitypub/activity/delete_spec.rb' - 'spec/lib/activitypub/activity/delete_spec.rb'
- 'spec/lib/vacuum/applications_vacuum_spec.rb'
- 'spec/lib/vacuum/preview_cards_vacuum_spec.rb' - 'spec/lib/vacuum/preview_cards_vacuum_spec.rb'
- 'spec/models/account_spec.rb' - 'spec/models/account_spec.rb'
- 'spec/models/account_statuses_cleanup_policy_spec.rb' - 'spec/models/account_statuses_cleanup_policy_spec.rb'

View File

@ -4,6 +4,8 @@ module ApplicationExtension
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do included do
has_many :created_users, class_name: 'User', foreign_key: 'created_by_application_id', inverse_of: :created_by_application
validates :name, length: { maximum: 60 } validates :name, length: { maximum: 60 }
validates :website, url: true, length: { maximum: 2_000 }, if: :website? validates :website, url: true, length: { maximum: 2_000 }, if: :website?
validates :redirect_uri, length: { maximum: 2_000 } validates :redirect_uri, length: { maximum: 2_000 }

View File

@ -0,0 +1,10 @@
# frozen_string_literal: true
class Vacuum::ApplicationsVacuum
def perform
Doorkeeper::Application.where(owner_id: nil)
.where.missing(:created_users, :access_tokens, :access_grants)
.where(created_at: ...1.day.ago)
.in_batches.delete_all
end
end

View File

@ -5,7 +5,7 @@ class ApplicationRecord < ActiveRecord::Base
include Remotable include Remotable
connects_to database: { writing: :primary, reading: :read } connects_to database: { writing: :primary, reading: ENV['DB_REPLICA_NAME'] || ENV['READ_DATABASE_URL'] ? :read : :primary }
class << self class << self
def update_index(_type_name, *_args, &_block) def update_index(_type_name, *_args, &_block)

View File

@ -29,9 +29,9 @@
= javascript_pack_tag "common", crossorigin: 'anonymous' = javascript_pack_tag "common", crossorigin: 'anonymous'
- if @theme - if @theme
- if @theme[:supported_locales].include? I18n.locale.to_s - if @theme[:supported_locales].include? I18n.locale.to_s
= preload_pack_asset "locales/#{@theme[:flavour]}/#{I18n.locale}-json.js", crossorigin: 'anonymous' = preload_pack_asset "locales/#{@theme[:flavour]}/#{I18n.locale}-json.js"
- elsif @theme[:supported_locales].include? 'en' - elsif @theme[:supported_locales].include? 'en'
= preload_pack_asset "locales/#{@theme[:flavour]}/en-json.js", crossorigin: 'anonymous' = preload_pack_asset "locales/#{@theme[:flavour]}/en-json.js"
= csrf_meta_tags unless skip_csrf_meta_tags? = csrf_meta_tags unless skip_csrf_meta_tags?
%meta{ name: 'style-nonce', content: request.content_security_policy_nonce } %meta{ name: 'style-nonce', content: request.content_security_policy_nonce }

View File

@ -15,9 +15,9 @@
= javascript_pack_tag 'common', crossorigin: 'anonymous' = javascript_pack_tag 'common', crossorigin: 'anonymous'
- if @theme - if @theme
- if @theme[:supported_locales].include? I18n.locale.to_s - if @theme[:supported_locales].include? I18n.locale.to_s
= preload_pack_asset "locales/#{@theme[:flavour]}/#{I18n.locale}-json.js", crossorigin: 'anonymous' = preload_pack_asset "locales/#{@theme[:flavour]}/#{I18n.locale}-json.js"
- elsif @theme[:supported_locales].include? 'en' - elsif @theme[:supported_locales].include? 'en'
= preload_pack_asset "locales/#{@theme[:flavour]}/en-json.js", crossorigin: 'anonymous' = preload_pack_asset "locales/#{@theme[:flavour]}/en-json.js"
= render partial: 'layouts/theme', object: @core = render partial: 'layouts/theme', object: @core
= render partial: 'layouts/theme', object: @theme = render partial: 'layouts/theme', object: @theme

View File

@ -3,9 +3,9 @@
= javascript_pack_tag 'common', crossorigin: 'anonymous' = javascript_pack_tag 'common', crossorigin: 'anonymous'
- if @theme - if @theme
- if @theme[:supported_locales].include? I18n.locale.to_s - if @theme[:supported_locales].include? I18n.locale.to_s
= preload_pack_asset "locales/#{@theme[:flavour]}/#{I18n.locale}-json.js", crossorigin: 'anonymous' = preload_pack_asset "locales/#{@theme[:flavour]}/#{I18n.locale}-json.js"
- elsif @theme[:supported_locales].include? 'en' - elsif @theme[:supported_locales].include? 'en'
= preload_pack_asset "locales/#{@theme[:flavour]}/en-json.js", crossorigin: 'anonymous' = preload_pack_asset "locales/#{@theme[:flavour]}/en-json.js"
= render partial: 'layouts/theme', object: @core = render partial: 'layouts/theme', object: @core
= render partial: 'layouts/theme', object: @theme = render partial: 'layouts/theme', object: @theme

View File

@ -1,8 +1,8 @@
- content_for :header_tags do - content_for :header_tags do
- if user_signed_in? - if user_signed_in?
= preload_pack_asset 'features/compose.js', crossorigin: 'anonymous' = preload_pack_asset 'features/compose.js'
= preload_pack_asset 'features/home_timeline.js', crossorigin: 'anonymous' = preload_pack_asset 'features/home_timeline.js'
= preload_pack_asset 'features/notifications.js', crossorigin: 'anonymous' = preload_pack_asset 'features/notifications.js'
%meta{ name: 'initialPath', content: request.path } %meta{ name: 'initialPath', content: request.path }
%meta{ name: 'applicationServerKey', content: Rails.configuration.x.vapid_public_key } %meta{ name: 'applicationServerKey', content: Rails.configuration.x.vapid_public_key }

View File

@ -22,6 +22,7 @@ class Scheduler::VacuumScheduler
preview_cards_vacuum, preview_cards_vacuum,
backups_vacuum, backups_vacuum,
access_tokens_vacuum, access_tokens_vacuum,
applications_vacuum,
feeds_vacuum, feeds_vacuum,
imports_vacuum, imports_vacuum,
] ]
@ -55,6 +56,10 @@ class Scheduler::VacuumScheduler
Vacuum::ImportsVacuum.new Vacuum::ImportsVacuum.new
end end
def applications_vacuum
Vacuum::ApplicationsVacuum.new
end
def content_retention_policy def content_retention_policy
ContentRetentionPolicy.current ContentRetentionPolicy.current
end end

View File

@ -60,6 +60,7 @@ module.exports = {
chunkFilename: 'js/[name]-[chunkhash].chunk.js', chunkFilename: 'js/[name]-[chunkhash].chunk.js',
hotUpdateChunkFilename: 'js/[id]-[hash].hot-update.js', hotUpdateChunkFilename: 'js/[id]-[hash].hot-update.js',
hashFunction: 'sha256', hashFunction: 'sha256',
crossOriginLoading: 'anonymous',
path: output.path, path: output.path,
publicPath: output.publicPath, publicPath: output.publicPath,
}, },

View File

@ -13,7 +13,14 @@ module Webpacker::HelperExtensions
def preload_pack_asset(name, **options) def preload_pack_asset(name, **options)
src, integrity = current_webpacker_instance.manifest.lookup!(name, with_integrity: true) src, integrity = current_webpacker_instance.manifest.lookup!(name, with_integrity: true)
preload_link_tag(src, options.merge(integrity: integrity))
# This attribute will only work if the assets are on a different domain.
# And Webpack will (correctly) only add it in this case, so we need to conditionally set it here
# otherwise the preloaded request and the real request will have different crossorigin values
# and the preloaded file wont be loaded
crossorigin = 'anonymous' if Rails.configuration.action_controller.asset_host.present?
preload_link_tag(src, options.merge(integrity: integrity, crossorigin: crossorigin))
end end
end end

View File

@ -0,0 +1,48 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe Vacuum::ApplicationsVacuum do
subject { described_class.new }
describe '#perform' do
let!(:app1) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app2) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app3) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app4) { Fabricate(:application, created_at: 1.month.ago, owner: Fabricate(:user)) }
let!(:app5) { Fabricate(:application, created_at: 1.month.ago) }
let!(:app6) { Fabricate(:application, created_at: 1.hour.ago) }
let!(:active_access_token) { Fabricate(:access_token, application: app1) }
let!(:active_access_grant) { Fabricate(:access_grant, application: app2) }
let!(:user) { Fabricate(:user, created_by_application: app3) }
before do
subject.perform
end
it 'does not delete applications with valid access tokens' do
expect { app1.reload }.to_not raise_error
end
it 'does not delete applications with valid access grants' do
expect { app2.reload }.to_not raise_error
end
it 'does not delete applications that were used to create users' do
expect { app3.reload }.to_not raise_error
end
it 'does not delete owned applications' do
expect { app4.reload }.to_not raise_error
end
it 'does not delete applications registered less than a day ago' do
expect { app6.reload }.to_not raise_error
end
it 'deletes unused applications' do
expect { app5.reload }.to raise_error ActiveRecord::RecordNotFound
end
end
end