kmycode · kmycode · Jan 24, 2024 · Jan 22, 2024 · Jan 22, 2024 · Jan 22, 2024
diff --git a/.devcontainer/codespaces/devcontainer.json b/.devcontainer/codespaces/devcontainer.json
@@ -5,7 +5,7 @@
   "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
 
   "features": {
-    "ghcr.io/devcontainers/features/sshd:1": {}
+    "ghcr.io/devcontainers/features/sshd:1": {},
   },
 
   "runServices": ["app", "db", "redis"],
@@ -15,16 +15,16 @@
   "portsAttributes": {
     "3000": {
       "label": "web",
-      "onAutoForward": "notify"
+      "onAutoForward": "notify",
     },
     "4000": {
       "label": "stream",
-      "onAutoForward": "silent"
-    }
+      "onAutoForward": "silent",
+    },
   },
 
   "otherPortsAttributes": {
-    "onAutoForward": "silent"
+    "onAutoForward": "silent",
   },
 
   "remoteEnv": {
@@ -33,7 +33,7 @@
     "STREAMING_API_BASE_URL": "https://${localEnv:CODESPACE_NAME}-4000.app.github.dev",
     "DISABLE_FORGERY_REQUEST_PROTECTION": "true",
     "ES_ENABLED": "",
-    "LIBRE_TRANSLATE_ENDPOINT": ""
+    "LIBRE_TRANSLATE_ENDPOINT": "",
   },
 
   "onCreateCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
@@ -43,7 +43,7 @@
   "customizations": {
     "vscode": {
       "settings": {},
-      "extensions": ["EditorConfig.EditorConfig", "webben.browserslist"]
-    }
-  }
+      "extensions": ["EditorConfig.EditorConfig", "webben.browserslist"],
+    },
+  },
 }
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -5,7 +5,7 @@
   "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
 
   "features": {
-    "ghcr.io/devcontainers/features/sshd:1": {}
+    "ghcr.io/devcontainers/features/sshd:1": {},
   },
 
   "forwardPorts": [3000, 4000],
@@ -14,17 +14,17 @@
     "3000": {
       "label": "web",
       "onAutoForward": "notify",
-      "requireLocalPort": true
+      "requireLocalPort": true,
     },
     "4000": {
       "label": "stream",
       "onAutoForward": "silent",
-      "requireLocalPort": true
-    }
+      "requireLocalPort": true,
+    },
   },
 
   "otherPortsAttributes": {
-    "onAutoForward": "silent"
+    "onAutoForward": "silent",
   },
 
   "onCreateCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
@@ -34,7 +34,7 @@
   "customizations": {
     "vscode": {
       "settings": {},
-      "extensions": ["EditorConfig.EditorConfig", "webben.browserslist"]
-    }
-  }
+      "extensions": ["EditorConfig.EditorConfig", "webben.browserslist"],
+    },
+  },
 }
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
@@ -89,12 +89,7 @@ Rails/WhereExists:
     - 'app/models/status.rb'
     - 'app/policies/status_policy.rb'
     - 'app/serializers/rest/announcement_serializer.rb'
-    - 'app/services/activitypub/fetch_remote_status_service.rb'
-    - 'app/services/vote_service.rb'
-    - 'app/validators/reaction_validator.rb'
-    - 'app/validators/vote_validator.rb'
     - 'app/workers/move_worker.rb'
-    - 'lib/tasks/tests.rake'
     - 'spec/models/account_spec.rb'
     - 'spec/services/activitypub/process_collection_service_spec.rb'
     - 'spec/services/purge_domain_service_spec.rb'

diff --git a/.ruby-version b/.ruby-version
@@ -1 +1 @@
-3.2.2
+3.2.3
diff --git a/Dockerfile b/Dockerfile
@@ -7,15 +7,15 @@
 ARG TARGETPLATFORM=${TARGETPLATFORM}
 ARG BUILDPLATFORM=${BUILDPLATFORM}
 
-# Ruby image to use for base image, change with [--build-arg RUBY_VERSION="3.2.2"]
-ARG RUBY_VERSION="3.2.2"
+# Ruby image to use for base image, change with [--build-arg RUBY_VERSION="3.2.3"]
+ARG RUBY_VERSION="3.2.3"
 # # Node version to use in base image, change with [--build-arg NODE_MAJOR_VERSION="20"]
 ARG NODE_MAJOR_VERSION="20"
 # Debian image to use for base image, change with [--build-arg DEBIAN_VERSION="bookworm"]
 ARG DEBIAN_VERSION="bookworm"
 # Node image to use for base image based on combined variables (ex: 20-bookworm-slim)
 FROM docker.io/node:${NODE_MAJOR_VERSION}-${DEBIAN_VERSION}-slim as node
-# Ruby image to use for base image based on combined variables (ex: 3.2.2-slim-bookworm)
+# Ruby image to use for base image based on combined variables (ex: 3.2.3-slim-bookworm)
 FROM docker.io/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} as ruby
 
 # Resulting version string is vX.X.X-MASTODON_VERSION_PRERELEASE+MASTODON_VERSION_METADATA

diff --git a/FEDERATION.md b/FEDERATION.md
@@ -1,31 +1,49 @@
-## ActivityPub federation in Mastodon
+# Federation
+
+## Supported federation protocols and standards
+
+- [ActivityPub](https://www.w3.org/TR/activitypub/) (Server-to-Server)
+- [WebFinger](https://webfinger.net/)
+- [Http Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures)
+- [NodeInfo](https://nodeinfo.diaspora.software/)
+
+## Supported FEPs
+
+- [FEP-67ff: FEDERATION.md](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md)
+- [FEP-f1d5: NodeInfo in Fediverse Software](https://codeberg.org/fediverse/fep/src/branch/main/fep/f1d5/fep-f1d5.md)
+- [FEP-8fcf: Followers collection synchronization across servers](https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md)
+- [FEP-5feb: Search indexing consent for actors](https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md)
+
+## ActivityPub in Mastodon
 
 Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all.
 
-Supported vocabulary: https://docs.joinmastodon.org/spec/activitypub/
+- [Supported ActivityPub vocabulary](https://docs.joinmastodon.org/spec/activitypub/)
 
 ### Required extensions
 
-#### Webfinger
+#### WebFinger
 
 In Mastodon, users are identified by a `username` and `domain` pair (e.g., `[email protected]`).
 This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings.
 
 As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an `acct:` URI that can be resolved via WebFinger.
 
-More information and examples are available at: https://docs.joinmastodon.org/spec/webfinger/
+- [WebFinger information and examples](https://docs.joinmastodon.org/spec/webfinger/)
 
 #### HTTP Signatures
 
 In order to authenticate activities, Mastodon relies on HTTP Signatures, signing every `POST` and `GET` request to other ActivityPub implementations on behalf of the user authoring an activity (for `POST` requests) or an actor representing the Mastodon server itself (for most `GET` requests).
 
 Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server.
 
-More information on HTTP Signatures, as well as examples, can be found here: https://docs.joinmastodon.org/spec/security/#http
+- [HTTP Signatures information and examples](https://docs.joinmastodon.org/spec/security/#http)
 
 ### Optional extensions
 
-- Linked-Data Signatures: https://docs.joinmastodon.org/spec/security/#ld
-- Bearcaps: https://docs.joinmastodon.org/spec/bearcaps/
-- Followers collection synchronization: https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md
-- Search indexing consent for actors: https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md
+- [Linked-Data Signatures](https://docs.joinmastodon.org/spec/security/#ld)
+- [Bearcaps](https://docs.joinmastodon.org/spec/bearcaps/)
+
+### Additional documentation
+
+- [Mastodon documentation](https://docs.joinmastodon.org/)
diff --git a/app/controllers/activitypub/followers_synchronizations_controller.rb b/app/controllers/activitypub/followers_synchronizations_controller.rb
@@ -24,7 +24,7 @@ def uri_prefix
   end
 
   def set_items
-    @items = @account.followers.where(Account.arel_table[:uri].matches("#{Account.sanitize_sql_like(uri_prefix)}/%", false, true)).or(@account.followers.where(uri: uri_prefix)).pluck(:uri)
+    @items = @account.followers.matches_uri_prefix(uri_prefix).pluck(:uri)
   end
 
   def collection_presenter

diff --git a/app/controllers/api/v1/accounts/follower_accounts_controller.rb b/app/controllers/api/v1/accounts/follower_accounts_controller.rb
@@ -30,7 +30,7 @@ def hide_results?
   end
 
   def default_accounts
-    Account.includes(:active_relationships, :account_stat).references(:active_relationships)
+    Account.includes(:active_relationships, :account_stat, :user).references(:active_relationships)
   end
 
   def paginated_follows

diff --git a/app/controllers/api/v1/accounts/following_accounts_controller.rb b/app/controllers/api/v1/accounts/following_accounts_controller.rb
@@ -30,7 +30,7 @@ def hide_results?
   end
 
   def default_accounts
-    Account.includes(:passive_relationships, :account_stat).references(:passive_relationships)
+    Account.includes(:passive_relationships, :account_stat, :user).references(:passive_relationships)
   end
 
   def paginated_follows

diff --git a/app/controllers/api/v1/blocks_controller.rb b/app/controllers/api/v1/blocks_controller.rb
@@ -17,7 +17,7 @@ def load_accounts
   end
 
   def paginated_blocks
-    @paginated_blocks ||= Block.eager_load(target_account: :account_stat)
+    @paginated_blocks ||= Block.eager_load(target_account: [:account_stat, :user])
                                .joins(:target_account)
                                .merge(Account.without_suspended)
                                .where(account: current_account)

diff --git a/app/controllers/api/v1/directories_controller.rb b/app/controllers/api/v1/directories_controller.rb
@@ -27,7 +27,7 @@ def accounts_scope
       scope.merge!(local_account_scope) if local_accounts?
       scope.merge!(account_exclusion_scope) if current_account
       scope.merge!(account_domain_block_scope) if current_account && !local_accounts?
-    end
+    end.includes(:account_stat, user: :role)
   end
 
   def local_accounts?

diff --git a/app/controllers/api/v1/endorsements_controller.rb b/app/controllers/api/v1/endorsements_controller.rb
@@ -25,7 +25,7 @@ def load_accounts
   end
 
   def endorsed_accounts
-    current_account.endorsed_accounts.includes(:account_stat).without_suspended
+    current_account.endorsed_accounts.includes(:account_stat, :user).without_suspended
   end
 
   def insert_pagination_headers

diff --git a/app/controllers/api/v1/follow_requests_controller.rb b/app/controllers/api/v1/follow_requests_controller.rb
@@ -37,7 +37,7 @@ def load_accounts
   end
 
   def default_accounts
-    Account.without_suspended.includes(:follow_requests, :account_stat).references(:follow_requests)
+    Account.without_suspended.includes(:follow_requests, :account_stat, :user).references(:follow_requests)
   end
 
   def paginated_follow_requests

diff --git a/app/controllers/api/v1/lists/accounts_controller.rb b/app/controllers/api/v1/lists/accounts_controller.rb
@@ -37,9 +37,9 @@ def set_list
 
   def load_accounts
     if unlimited?
-      @list.accounts.without_suspended.includes(:account_stat).all
+      @list.accounts.without_suspended.includes(:account_stat, :user).all
     else
-      @list.accounts.without_suspended.includes(:account_stat).paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id])
+      @list.accounts.without_suspended.includes(:account_stat, :user).paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id])
     end
   end
 

diff --git a/app/controllers/api/v1/mutes_controller.rb b/app/controllers/api/v1/mutes_controller.rb
@@ -17,7 +17,7 @@ def load_accounts
   end
 
   def paginated_mutes
-    @paginated_mutes ||= Mute.eager_load(:target_account)
+    @paginated_mutes ||= Mute.eager_load(target_account: [:account_stat, :user])
                              .joins(:target_account)
                              .merge(Account.without_suspended)
                              .where(account: current_account)

diff --git a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
@@ -14,14 +14,14 @@ def index
 
   def load_accounts
     scope = default_accounts
-    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil?
+    scope = scope.not_excluded_by_account(current_account) unless current_account.nil?
     scope.merge(paginated_favourites).to_a
   end
 
   def default_accounts
     Account
       .without_suspended
-      .includes(:favourites, :account_stat)
+      .includes(:favourites, :account_stat, :user)
       .references(:favourites)
       .where(favourites: { status_id: @status.id })
   end

diff --git a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
@@ -14,12 +14,12 @@ def index
 
   def load_accounts
     scope = default_accounts
-    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil?
+    scope = scope.not_excluded_by_account(current_account) unless current_account.nil?
     scope.merge(paginated_statuses).to_a
   end
 
   def default_accounts
-    Account.without_suspended.includes(:statuses, :account_stat).references(:statuses)
+    Account.without_suspended.includes(:statuses, :account_stat, :user).references(:statuses)
   end
 
   def paginated_statuses

diff --git a/app/controllers/api/v2/filters_controller.rb b/app/controllers/api/v2/filters_controller.rb
@@ -35,7 +35,7 @@ def destroy
   private
 
   def set_filters
-    @filters = current_account.custom_filters.includes(:keywords)
+    @filters = current_account.custom_filters.includes(:keywords, :statuses)
   end
 
   def set_filter

diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
@@ -181,6 +181,11 @@ def on_authentication_failure(user, security_measure, failure_reason)
       ip: request.remote_ip,
       user_agent: request.user_agent
     )
+
+    # Only send a notification email every hour at most
+    return if redis.set("2fa_failure_notification:#{user.id}", '1', ex: 1.hour, get: true).present?
+
+    UserMailer.failed_2fa(user, request.remote_ip, request.user_agent, Time.now.utc).deliver_later!
   end
 
   def second_factor_attempts_key(user)

diff --git a/app/javascript/mastodon/locales/ast.json b/app/javascript/mastodon/locales/ast.json
@@ -116,7 +116,6 @@
   "compose_form.publish_form": "Artículu nuevu",
   "compose_form.publish_loud": "¡{publish}!",
   "compose_form.save_changes": "Guardar los cambeos",
-  "compose_form.spoiler.unmarked": "Text is not hidden",
   "confirmation_modal.cancel": "Encaboxar",
   "confirmations.block.block_and_report": "Bloquiar ya informar",
   "confirmations.block.confirm": "Bloquiar",
@@ -146,6 +145,7 @@
   "dismissable_banner.community_timeline": "Esta seición contién los artículos públicos más actuales de los perfiles agospiaos nel dominiu {domain}.",
   "dismissable_banner.dismiss": "Escartar",
   "dismissable_banner.explore_tags": "Esta seición contién les etiquetes del fediversu que tán ganando popularidá güei. Les etiquetes más usaes polos perfiles apaecen no cimero.",
+  "dismissable_banner.public_timeline": "Esta seición contién los artículos más nuevos de les persones na web social que les persones de {domain} siguen.",
   "embed.instructions": "Empotra esti artículu nel to sitiu web pente la copia del códigu d'abaxo.",
   "embed.preview": "Va apaecer asina:",
   "emoji_button.activity": "Actividá",
@@ -155,6 +155,7 @@
   "emoji_button.not_found": "Nun s'atoparon fustaxes que concasen",
   "emoji_button.objects": "Oxetos",
   "emoji_button.people": "Persones",
+  "emoji_button.recent": "D'usu frecuente",
   "emoji_button.search": "Buscar…",
   "emoji_button.search_results": "Resultaos de la busca",
   "emoji_button.symbols": "Símbolos",
@@ -217,7 +218,6 @@
   "hashtag.column_header.tag_mode.any": "o {additional}",
   "hashtag.column_header.tag_mode.none": "ensin {additional}",
   "hashtag.column_settings.select.no_options_message": "Nun s'atopó nenguna suxerencia",
-  "hashtag.column_settings.tag_toggle": "Include additional tags in this column",
   "hashtag.counter_by_accounts": "{count, plural, one {{counter} participante} other {{counter} participantes}}",
   "hashtag.follow": "Siguir a la etiqueta",
   "hashtag.unfollow": "Dexar de siguir a la etiqueta",
@@ -259,7 +259,6 @@
   "keyboard_shortcuts.reply": "Responder a un artículu",
   "keyboard_shortcuts.requests": "Abrir la llista de solicitúes de siguimientu",
   "keyboard_shortcuts.search": "Enfocar la barra de busca",
-  "keyboard_shortcuts.spoilers": "to show/hide CW field",
   "keyboard_shortcuts.start": "Abrir la columna «Entamar»",
   "keyboard_shortcuts.toggle_sensitivity": "Amosar/anubrir el conteníu multimedia",
   "keyboard_shortcuts.toot": "Comenzar un artículu nuevu",
@@ -412,12 +411,16 @@
   "search.quick_action.go_to_hashtag": "Dir a la etiqueta {x}",
   "search.quick_action.status_search": "Artículos que concasen con {x}",
   "search.search_or_paste": "Busca o apiega una URL",
+  "search_popout.language_code": "códigu de llingua ISO",
   "search_popout.quick_actions": "Aiciones rápides",
   "search_popout.recent": "Busques de recién",
+  "search_popout.specific_date": "data específica",
+  "search_popout.user": "perfil",
   "search_results.accounts": "Perfiles",
   "search_results.all": "Too",
   "search_results.hashtags": "Etiquetes",
   "search_results.nothing_found": "Nun se pudo atopar nada con esos términos de busca",
+  "search_results.see_all": "Ver too",
   "search_results.statuses": "Artículos",
   "search_results.title": "Busca de: {q}",
   "server_banner.introduction": "{domain} ye parte de la rede social descentralizada que tien la teunoloxía de {mastodon}.",
@@ -460,6 +463,7 @@
   "status.replied_to": "En rempuesta a {name}",
   "status.reply": "Responder",
   "status.replyAll": "Responder al filu",
+  "status.report": "Informar de @{name}",
   "status.sensitive_warning": "Conteníu sensible",
   "status.show_filter_reason": "Amosar de toes toes",
   "status.show_less": "Amosar menos",