Merge remote-tracking branch 'parent/main' into upstream-20231204

.rubocop_todo.yml

@@ -26,7 +26,7 @@ Lint/NonLocalExitFromIterator:
 
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
 Metrics/AbcSize:
-  Max: 144
+  Max: 125
 
 # Configuration parameters: CountBlocks, Max.
 Metrics/BlockNesting:
@@ -109,25 +109,11 @@ Rails/ApplicationController:
 # Include: app/models/**/*.rb
 Rails/HasAndBelongsToMany:
   Exclude:
-    - 'app/models/concerns/account_associations.rb'
+    - 'app/models/concerns/account/associations.rb'
     - 'app/models/preview_card.rb'
     - 'app/models/status.rb'
     - 'app/models/tag.rb'
 
-# Configuration parameters: Include.
-# Include: app/models/**/*.rb
-Rails/HasManyOrHasOneDependent:
-  Exclude:
-    - 'app/models/concerns/account_counters.rb'
-    - 'app/models/conversation.rb'
-    - 'app/models/custom_emoji.rb'
-    - 'app/models/custom_emoji_category.rb'
-    - 'app/models/domain_block.rb'
-    - 'app/models/invite.rb'
-    - 'app/models/status.rb'
-    - 'app/models/user.rb'
-    - 'app/models/web/push_subscription.rb'
-
 # Configuration parameters: Include.
 # Include: app/controllers/**/*.rb, app/mailers/**/*.rb
 Rails/LexicallyScopedActionFilter:
@@ -174,7 +160,7 @@ Rails/SkipsModelValidations:
   Exclude:
     - 'app/controllers/admin/invites_controller.rb'
     - 'app/controllers/concerns/session_tracking_concern.rb'
-    - 'app/models/concerns/account_merging.rb'
+    - 'app/models/concerns/account/merging.rb'
     - 'app/models/concerns/expireable.rb'
     - 'app/models/status.rb'
     - 'app/models/trends/links.rb'
@@ -254,7 +240,7 @@ Rails/WhereExists:
     - 'app/lib/feed_manager.rb'
     - 'app/lib/status_cache_hydrator.rb'
     - 'app/lib/suspicious_sign_in_detector.rb'
-    - 'app/models/concerns/account_interactions.rb'
+    - 'app/models/concerns/account/interactions.rb'
     - 'app/models/featured_tag.rb'
     - 'app/models/poll.rb'
     - 'app/models/session_activation.rb'
@@ -309,7 +295,7 @@ Style/FetchEnvVar:
     - 'config/initializers/devise.rb'
     - 'config/initializers/paperclip.rb'
     - 'config/initializers/vapid.rb'
-    - 'lib/mastodon/premailer_webpack_strategy.rb'
+    - 'lib/premailer_webpack_strategy.rb'
     - 'lib/mastodon/redis_config.rb'
     - 'lib/tasks/repo.rake'
     - 'spec/features/profile_spec.rb'
@@ -344,8 +330,8 @@ Style/GuardClause:
     - 'app/lib/request_pool.rb'
     - 'app/lib/webfinger.rb'
     - 'app/lib/webfinger_resource.rb'
-    - 'app/models/concerns/account_counters.rb'
-    - 'app/models/concerns/ldap_authenticable.rb'
+    - 'app/models/concerns/account/counters.rb'
+    - 'app/models/concerns/user/ldap_authenticable.rb'
     - 'app/models/tag.rb'
     - 'app/models/user.rb'
     - 'app/services/fan_out_on_write_service.rb'
@@ -359,8 +345,8 @@ Style/GuardClause:
     - 'config/initializers/devise.rb'
     - 'db/migrate/20170901141119_truncate_preview_cards.rb'
     - 'db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb'
-    - 'lib/devise/two_factor_ldap_authenticatable.rb'
-    - 'lib/devise/two_factor_pam_authenticatable.rb'
+    - 'lib/devise/strategies/two_factor_ldap_authenticatable.rb'
+    - 'lib/devise/strategies/two_factor_pam_authenticatable.rb'
     - 'lib/mastodon/cli/accounts.rb'
     - 'lib/mastodon/cli/maintenance.rb'
     - 'lib/mastodon/cli/media.rb'
@@ -374,8 +360,8 @@ Style/HashAsLastArrayItem:
   Exclude:
     - 'app/controllers/admin/statuses_controller.rb'
     - 'app/controllers/api/v1/statuses_controller.rb'
-    - 'app/models/concerns/account_counters.rb'
-    - 'app/models/concerns/status_threading_concern.rb'
+    - 'app/models/concerns/account/counters.rb'
+    - 'app/models/concerns/status/threading_concern.rb'
     - 'app/models/status.rb'
     - 'app/services/batched_remove_status_service.rb'
     - 'app/services/notify_service.rb'
@@ -488,15 +474,15 @@ Style/RedundantReturn:
 # AllowedMethods: present?, blank?, presence, try, try!
 Style/SafeNavigation:
   Exclude:
-    - 'app/models/concerns/account_finder_concern.rb'
+    - 'app/models/concerns/account/finder_concern.rb'
 
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: only_raise, only_fail, semantic
 Style/SignalException:
   Exclude:
-    - 'lib/devise/two_factor_ldap_authenticatable.rb'
-    - 'lib/devise/two_factor_pam_authenticatable.rb'
+    - 'lib/devise/strategies/two_factor_ldap_authenticatable.rb'
+    - 'lib/devise/strategies/two_factor_pam_authenticatable.rb'
 
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SingleArgumentDig:

Dockerfile

@@ -247,7 +247,9 @@ RUN \
 RUN \
 # Pre-create and chown system volume to Mastodon user
   mkdir -p /opt/mastodon/public/system; \
-  chown mastodon:mastodon /opt/mastodon/public/system;
+  chown mastodon:mastodon /opt/mastodon/public/system; \
+# Set Mastodon user as owner of tmp folder
+  chown -R mastodon:mastodon /opt/mastodon/tmp;
 
 # Set the running user for resulting container
 USER mastodon

Gemfile.lock

@@ -245,7 +245,7 @@ GEM
     docile (1.4.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (5.6.7)
+    doorkeeper (5.6.8)
       railties (>= 5)
     dotenv (2.8.1)
     dotenv-rails (2.8.1)
@@ -522,7 +522,7 @@ GEM
     pastel (0.8.0)
       tty-color (~> 0.5)
     pg (1.5.4)
-    pghero (3.3.4)
+    pghero (3.4.0)
       activerecord (>= 6)
     posix-spawn (0.3.15)
     premailer (1.21.0)
@@ -617,7 +617,7 @@ GEM
     redlock (1.3.2)
       redis (>= 3.0.0, < 6.0)
     regexp_parser (2.8.2)
-    reline (0.4.0)
+    reline (0.4.1)
       io-console (~> 0.5)
     request_store (1.5.1)
       rack (>= 1.4)

Vagrantfile

@@ -10,7 +10,11 @@ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
 sudo apt-add-repository 'deb https://dl.yarnpkg.com/debian/ stable main'
 
 # Add repo for NodeJS
-curl -sL https://deb.nodesource.com/setup_16.x | sudo bash -
+sudo mkdir -p /etc/apt/keyrings
+curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
+NODE_MAJOR=20
+echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list
+sudo apt-get update
 
 # Add firewall rule to redirect 80 to PORT and save
 sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port #{ENV["PORT"]}

app/controllers/accounts_controller.rb

@@ -52,7 +52,7 @@ def default_statuses
   end
 
   def only_media_scope
-    Status.joins(:media_attachments).merge(@account.media_attachments.reorder(nil)).group(:id)
+    Status.joins(:media_attachments).merge(@account.media_attachments).group(:id)
   end
 
   def no_replies_scope

app/controllers/admin/account_moderation_notes_controller.rb

@@ -16,7 +16,7 @@ def create
         @moderation_notes = @account.targeted_moderation_notes.latest
         @warnings         = @account.strikes.custom.latest
 
-        render template: 'admin/accounts/show'
+        render 'admin/accounts/show'
       end
     end
 

app/controllers/admin/action_logs_controller.rb

@@ -6,7 +6,7 @@ class ActionLogsController < BaseController
 
     def index
       authorize :audit_log, :index?
-      @auditable_accounts = Account.where(id: Admin::ActionLog.reorder(nil).select('distinct account_id')).select(:id, :username)
+      @auditable_accounts = Account.where(id: Admin::ActionLog.select('distinct account_id')).select(:id, :username)
     end
 
     private

app/controllers/admin/export_domain_allows_controller.rb

@@ -4,7 +4,7 @@
 
 module Admin
   class ExportDomainAllowsController < BaseController
-    include AdminExportControllerConcern
+    include Admin::ExportControllerConcern
 
     before_action :set_dummy_import!, only: [:new]
 

app/controllers/admin/export_domain_blocks_controller.rb

@@ -4,7 +4,7 @@
 
 module Admin
   class ExportDomainBlocksController < BaseController
-    include AdminExportControllerConcern
+    include Admin::ExportControllerConcern
 
     before_action :set_dummy_import!, only: [:new]
 

app/controllers/admin/relays_controller.rb

@@ -24,7 +24,7 @@ def create
         @relay.enable!
         redirect_to admin_relays_path
       else
-        render action: :new
+        render :new
       end
     end
 

app/controllers/admin/report_notes_controller.rb

@@ -26,7 +26,7 @@ def create
         @form         = Admin::StatusBatchAction.new
         @statuses     = @report.statuses.with_includes
 
-        render template: 'admin/reports/show'
+        render 'admin/reports/show'
       end
     end
 

app/controllers/api/base_controller.rb

@@ -4,9 +4,9 @@ class Api::BaseController < ApplicationController
   DEFAULT_STATUSES_LIMIT       = 20
   DEFAULT_ACCOUNTS_LIMIT       = 40
 
-  include RateLimitHeaders
-  include AccessTokenTrackingConcern
-  include ApiCachingConcern
+  include Api::RateLimitHeaders
+  include Api::AccessTokenTrackingConcern
+  include Api::CachingConcern
   include Api::ContentSecurityPolicy
 
   skip_before_action :require_functional!, unless: :limited_federation_mode?
@@ -64,7 +64,7 @@ class Api::BaseController < ApplicationController
   end
 
   def doorkeeper_unauthorized_render_options(error: nil)
-    { json: { error: (error.try(:description) || 'Not authorized') } }
+    { json: { error: error.try(:description) || 'Not authorized' } }
   end
 
   def doorkeeper_forbidden_render_options(*)
@@ -105,7 +105,7 @@ def require_authenticated_user!
   end
 
   def require_not_suspended!
-    render json: { error: 'Your login is currently disabled' }, status: 403 if current_user&.account&.suspended?
+    render json: { error: 'Your login is currently disabled' }, status: 403 if current_user&.account&.unavailable?
   end
 
   def require_user!

app/controllers/api/v1/accounts/follower_accounts_controller.rb

@@ -26,7 +26,7 @@ def load_accounts
   end
 
   def hide_results?
-    @account.suspended? || (@account.hides_followers? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
+    @account.unavailable? || (@account.hides_followers? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
   end
 
   def default_accounts

app/controllers/api/v1/accounts/following_accounts_controller.rb

@@ -26,7 +26,7 @@ def load_accounts
   end
 
   def hide_results?
-    @account.suspended? || (@account.hides_following? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
+    @account.unavailable? || (@account.hides_following? && current_account&.id != @account.id) || (current_account && @account.blocking?(current_account))
   end
 
   def default_accounts

app/controllers/api/v1/accounts/statuses_controller.rb

@@ -21,7 +21,7 @@ def set_account
   end
 
   def load_statuses
-    @account.suspended? ? [] : cached_account_statuses
+    @account.unavailable? ? [] : cached_account_statuses
   end
 
   def cached_account_statuses

app/controllers/api/v1/accounts_controller.rb

@@ -49,7 +49,7 @@ def block
   end
 
   def mute
-    MuteService.new.call(current_user.account, @account, notifications: truthy_param?(:notifications), duration: (params[:duration]&.to_i || 0))
+    MuteService.new.call(current_user.account, @account, notifications: truthy_param?(:notifications), duration: params[:duration].to_i)
     render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
   end
 

app/controllers/api/v2/search_controller.rb

@@ -8,6 +8,11 @@ class Api::V2::SearchController < Api::BaseController
   before_action -> { authorize_if_got_token! :read, :'read:search' }
   before_action :validate_search_params!
 
+  with_options unless: :user_signed_in? do
+    before_action :query_pagination_error, if: :pagination_requested?
+    before_action :remote_resolve_error, if: :remote_resolve_requested?
+  end
+
   def index
     @search = Search.new(search_results)
     render json: @search, serializer: REST::SearchSerializer
@@ -21,20 +26,38 @@ def index
 
   def validate_search_params!
     params.require(:q)
+  end
+
+  def query_pagination_error
+    render json: { error: 'Search queries pagination is not supported without authentication' }, status: 401
+  end
 
-    return if user_signed_in?
+  def remote_resolve_error
+    render json: { error: 'Search queries that resolve remote resources are not supported without authentication' }, status: 401
+  end
 
-    return render json: { error: 'Search queries pagination is not supported without authentication' }, status: 401 if params[:offset].present?
+  def remote_resolve_requested?
+    truthy_param?(:resolve)
+  end
 
-    render json: { error: 'Search queries that resolve remote resources are not supported without authentication' }, status: 401 if truthy_param?(:resolve)
+  def pagination_requested?
+    params[:offset].present?
   end
 
   def search_results
     SearchService.new.call(
       params[:q],
       current_account,
       limit_param(RESULTS_LIMIT),
-      search_params.merge(resolve: truthy_param?(:resolve), exclude_unreviewed: truthy_param?(:exclude_unreviewed), following: truthy_param?(:following))
+      combined_search_params
+    )
+  end
+
+  def combined_search_params
+    search_params.merge(
+      resolve: truthy_param?(:resolve),
+      exclude_unreviewed: truthy_param?(:exclude_unreviewed),
+      following: truthy_param?(:following)
     )
   end
 

app/controllers/auth/confirmations_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Auth::ConfirmationsController < Devise::ConfirmationsController
-  include CaptchaConcern
+  include Auth::CaptchaConcern
 
   layout 'auth'
 

app/controllers/auth/registrations_controller.rb

@@ -2,7 +2,7 @@
 
 class Auth::RegistrationsController < Devise::RegistrationsController
   include RegistrationHelper
-  include RegistrationSpamConcern
+  include Auth::RegistrationSpamConcern
 
   layout :determine_layout
 
@@ -120,7 +120,7 @@ def set_strikes
   end
 
   def require_not_suspended!
-    forbidden if current_account.suspended?
+    forbidden if current_account.unavailable?
   end
 
   def set_rules

app/controllers/auth/sessions_controller.rb

@@ -10,7 +10,7 @@ class Auth::SessionsController < Devise::SessionsController
 
   prepend_before_action :check_suspicious!, only: [:create]
 
-  include TwoFactorAuthenticationConcern
+  include Auth::TwoFactorAuthenticationConcern
 
   before_action :set_body_classes