chore: more closely align things with upstream

3 months ago · 47be7e7b3d
15 changed files with 18 additions and 174 deletions
--- a/.bundler-audit.yml
+++ b/.bundler-audit.yml
@ -1,10 +0,0 @@
---
-ignore:
-  # devise-two-factor advisory about brute-forcing TOTP
-  # We have rate-limits on authentication endpoints in place (including second
-  # factor verification) since Mastodon v3.2.0
-  - CVE-2024-0227
-  # devise-two-factor advisory about generated secrets being weaker than expected
-  # We call `generate_otp_secret` ourselves with a requested length of 32 characters,
-  # which exceeds the recommended remediation of 26 characters, so we're safe
-  - CVE-2024-8796
--- a/.env.production.sample
+++ b/.env.production.sample
@ -88,24 +88,3 @@ S3_ALIAS_HOST=files.example.com
 # -----------------------
 IP_RETENTION_PERIOD=31556952
 SESSION_RETENTION_PERIOD=31556952
-
-# Fetch All Replies Behavior
-# --------------------------
-# When a user expands a post (DetailedStatus view), fetch all of its replies
-# (default: false)
-FETCH_REPLIES_ENABLED=false
-
-# Period to wait between fetching replies (in minutes)
-FETCH_REPLIES_COOLDOWN_MINUTES=15
-
-# Period to wait after a post is first created before fetching its replies (in minutes)
-FETCH_REPLIES_INITIAL_WAIT_MINUTES=5
-
-# Max number of replies to fetch - total, recursively through a whole reply tree
-FETCH_REPLIES_MAX_GLOBAL=1000
-
-# Max number of replies to fetch - for a single post
-FETCH_REPLIES_MAX_SINGLE=500
-
-# Max number of replies Collection pages to fetch - total
-FETCH_REPLIES_MAX_PAGES=500
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@ -75,8 +75,6 @@ class Api::V1::StatusesController < Api::BaseController
    end

    render json: @context, serializer: REST::ContextSerializer, relationships: StatusRelationshipsPresenter.new(statuses, current_user&.account_id)
-
-    ActivityPub::FetchAllRepliesWorker.perform_async(@status.id) if !current_account.nil? && @status.should_fetch_replies?
  end

  def create
--- a/app/javascript/mastodon/polyfills/index.ts
+++ b/app/javascript/mastodon/polyfills/index.ts
@ -2,9 +2,6 @@
 // If there are no polyfills, then this is just Promise.resolve() which means
 // it will execute in the same tick of the event loop (i.e. near-instant).

-// eslint-disable-next-line import/extensions -- This file is virtual so it thinks it has an extension
-import 'vite/modulepreload-polyfill';
-
 import { loadIntlPolyfills } from './intl';

 function importExtraPolyfills() {
--- a/app/javascript/mastodon/svg_select.js
+++ b/app/javascript/mastodon/svg_select.js
@ -1,21 +0,0 @@
-export function svgSelect(light, dark) {
-
-  var svgbg = window.getComputedStyle(document.getElementsByClassName("drawer__inner")[0], null).getPropertyValue("background-color");
-  var rgbArray = ((svgbg.replace(/[^0-9,]/g, "")).split(",")).map(Number).map(x => x/255);
-
-  for ( var i = 0; i < rgbArray.length; ++i ) {
-  			if ( rgbArray[i] <= 0.03928 ) {
-  				rgbArray[i] = rgbArray[i] / 12.92
-	      } else {
-  				rgbArray[i] = Math.pow( ( rgbArray[i] + 0.055 ) / 1.055, 2.4);
-  			}
-  		}
-
-  var luminance = 0.2126 * rgbArray[0] + 0.7152 * rgbArray[1] + 0.0722 * rgbArray[2];
-
-  		if ( luminance <= 0.179 ) {
-  			return light;
-  		} else {
-  		  return dark;
-  		}
-}
--- a/app/serializers/rest/instance_serializer.rb
+++ b/app/serializers/rest/instance_serializer.rb
@ -104,6 +104,21 @@ class REST::InstanceSerializer < ActiveModel::Serializer
        enabled: TranslationService.configured?,
      },

+      timelines_access: {
+        live_feeds: {
+          local: Setting.local_live_feed_access,
+          remote: Setting.remote_live_feed_access,
+        },
+        hashtag_feeds: {
+          local: Setting.local_topic_feed_access,
+          remote: Setting.remote_topic_feed_access,
+        },
+        trending_link_feeds: {
+          local: Setting.local_topic_feed_access,
+          remote: Setting.remote_topic_feed_access,
+        },
+      },
+
      limited_federation: limited_federation?,
    }
  end
--- a/app/services/fetch_link_card_service.rb
+++ b/app/services/fetch_link_card_service.rb
@ -15,9 +15,6 @@ class FetchLinkCardService < BaseService
    )
  }iox

-  # URL size limit to safely store in PosgreSQL's unique indexes
-  BYTESIZE_LIMIT = 2692
-
  def call(status)
    @status       = status
    @original_url = parse_urls
@ -94,7 +91,7 @@ class FetchLinkCardService < BaseService

  def bad_url?(uri)
    # Avoid local instance URLs and invalid URLs
-    uri.host.blank? || TagManager.instance.local_url?(uri.to_s) || !%w(http https).include?(uri.scheme) || uri.to_s.bytesize > BYTESIZE_LIMIT
+    uri.host.blank? || TagManager.instance.local_url?(uri.to_s) || !%w(http https).include?(uri.scheme)
  end

  def mention_link?(anchor)
--- a/app/views/about/_domain_blocks.html.haml
+++ b/app/views/about/_domain_blocks.html.haml
@ -1,12 +0,0 @@
-%table
-  %thead
-    %tr
-      %th= t('about.unavailable_content_description.domain')
-      %th= t('about.unavailable_content_description.reason')
-  %tbody
-    - domain_blocks.each do |domain_block|
-      %tr
-        %td.nowrap
-          %span{ title: "SHA-256: #{domain_block.domain_digest}" }= domain_block.public_domain
-        %td
-          = domain_block.public_comment if display_blocks_rationale?
--- a/app/views/admin/settings/discovery/show.html.haml
+++ b/app/views/admin/settings/discovery/show.html.haml
@ -57,8 +57,6 @@

  %h4= t('admin.settings.discovery.privacy')

-  %h4= t('admin.settings.discovery.privacy')
-
  .fields-group
    = f.input :noindex,
              as: :boolean,
--- a/app/views/layouts/admin.html.haml
+++ b/app/views/layouts/admin.html.haml
@ -10,10 +10,8 @@
    .sidebar-wrapper
      .sidebar-wrapper__inner
        .sidebar
-          .logo
-            %h2
-              = link_to root_path, class: 'brand' do
-                = site_title
+          = link_to root_path do
+            = site_title

          .sidebar__toggle
            .sidebar__toggle__logo
--- a/spec/controllers/oauth/authorized_applications_controller_spec.rb
+++ b/spec/controllers/oauth/authorized_applications_controller_spec.rb
@ -64,13 +64,5 @@ RSpec.describe OAuth::AuthorizedApplicationsController do
      expect(redis_pipeline_stub)
        .to have_received(:publish).with("timeline:access_token:#{access_token.id}", '{"event":"kill"}')
    end
-
-    it 'removes the web_push_subscription' do
-      expect { web_push_subscription.reload }.to raise_error(ActiveRecord::RecordNotFound)
-    end
-
-    it 'sends a session kill payload to the streaming server' do
-      expect(redis_pipeline_stub).to have_received(:publish).with("timeline:access_token:#{access_token.id}", '{"event":"kill"}')
-    end
  end
 end
--- a/spec/lib/activitypub/activity/delete_spec.rb
+++ b/spec/lib/activitypub/activity/delete_spec.rb
@ -120,61 +120,4 @@ RSpec.describe ActivityPub::Activity::Delete do
      end
    end
  end
-
-  context 'when the deleted object is an account' do
-    let(:json) do
-      {
-        '@context': 'https://www.w3.org/ns/activitystreams',
-        id: 'foo',
-        type: 'Delete',
-        actor: ActivityPub::TagManager.instance.uri_for(sender),
-        object: ActivityPub::TagManager.instance.uri_for(sender),
-        signature: 'foo',
-      }.with_indifferent_access
-    end
-
-    describe '#perform' do
-      subject { described_class.new(json, sender) }
-
-      let(:service) { instance_double(DeleteAccountService, call: true) }
-
-      before do
-        allow(DeleteAccountService).to receive(:new).and_return(service)
-      end
-
-      it 'calls the account deletion service' do
-        subject.perform
-
-        expect(service)
-          .to have_received(:call).with(sender, { reserve_username: false, skip_activitypub: true })
-      end
-    end
-  end
-
-  context 'when the deleted object is a quote authorization' do
-    let(:quoter) { Fabricate(:account, domain: 'b.example.com') }
-    let(:status) { Fabricate(:status, account: quoter) }
-    let(:quoted_status) { Fabricate(:status, account: sender, uri: 'https://example.com/statuses/1234') }
-    let!(:quote) { Fabricate(:quote, approval_uri: 'https://example.com/approvals/1234', state: :accepted, status: status, quoted_status: quoted_status) }
-
-    let(:json) do
-      {
-        '@context': 'https://www.w3.org/ns/activitystreams',
-        id: 'foo',
-        type: 'Delete',
-        actor: ActivityPub::TagManager.instance.uri_for(sender),
-        object: quote.approval_uri,
-        signature: 'foo',
-      }.with_indifferent_access
-    end
-
-    describe '#perform' do
-      subject { described_class.new(json, sender) }
-
-      it 'revokes the authorization' do
-        expect { subject.perform }
-          .to change { quote.reload.state }.to('revoked')
-      end
-    end
-  end
 end
--- a/spec/lib/link_details_extractor_spec.rb
+++ b/spec/lib/link_details_extractor_spec.rb
@ -102,12 +102,6 @@ RSpec.describe LinkDetailsExtractor do
            language: eq('en')
          )
      end
-
-      describe '#language' do
-        it 'returns the language from structured data' do
-          expect(subject.language).to eq 'en'
-        end
-      end
    end

    context 'when is wrapped in CDATA tags' do
--- a/spec/services/fetch_link_card_service_spec.rb
+++ b/spec/services/fetch_link_card_service_spec.rb
@ -235,19 +235,6 @@ RSpec.describe FetchLinkCardService do
      end
    end

-    context 'with an URL too long for PostgreSQL unique indexes' do
-      let(:url) { "http://example.com/#{'a' * 2674}" }
-      let(:status) { Fabricate(:status, text: url) }
-
-      it 'does not fetch the URL' do
-        expect(a_request(:get, url)).to_not have_been_made
-      end
-
-      it 'does not create a preview card' do
-        expect(status.preview_card).to be_nil
-      end
-    end
-
    context 'with a URL of a page with oEmbed support' do
      let(:html) { '<!doctype html><title>Hello world</title><link rel="alternate" type="application/json+oembed" href="http://example.com/oembed?url=http://example.com/html">' }
      let(:status) { Fabricate(:status, text: 'http://example.com/html') }
--- a/spec/services/notify_service_spec.rb
+++ b/spec/services/notify_service_spec.rb
@ -18,17 +18,6 @@ RSpec.describe NotifyService do
    expect { subject }.to_not change(Notification, :count)
  end

-  context 'when the sender is a local moderator' do
-    let(:sender) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')).account }
-    let(:type) { :mention }
-    let(:activity) { Fabricate(:mention, account: recipient, status: Fabricate(:status, account: sender)) }
-
-    it 'does notify when the sender is blocked' do
-      recipient.block!(sender)
-      expect { subject }.to change(Notification, :count).by(1)
-    end
-  end
-
  it 'does not notify when sender is muted with hide_notifications' do
    recipient.mute!(sender, notifications: true)
    expect { subject }.to_not change(Notification, :count)