link_header (~> 0.0, >= 0.0.8)
rdf-normalize (0.4.0)
rdf (~> 3.1)
- redis (4.1.3)
+ redcarpet (3.5.0)
+ redis (4.1.4)
redis-actionpack (5.2.0)
actionpack (>= 5, < 7)
redis-rack (>= 2.1.0, < 3)
render :two_factor
end
+ def require_no_authentication
+ super
+ # Delete flash message that isn't entirely useful and may be confusing in
+ # most cases because /web doesn't display/clear flash messages.
+ flash.delete(:alert) if flash[:alert] == I18n.t('devise.failure.already_authenticated')
+ end
+
private
+ def set_pack
+ use_pack 'auth'
+ end
+
def set_instance_presenter
@instance_presenter = InstancePresenter.new
end
end
end
+ def destroy
+ @proof = current_account.identity_proofs.find(params[:id])
+ @proof.destroy!
+ redirect_to settings_identity_proofs_path, success: I18n.t('identity_proofs.removed')
+ end
+
private
+ def check_enabled
+ not_found unless Setting.enable_keybase
+ end
+
def check_required_params
redirect_to settings_identity_proofs_path unless [:provider, :provider_username, :username, :token].all? { |k| params[k].present? }
end
where(language: nil).or where(language: account.chosen_languages)
end
+ def as_direct_timeline(account, limit = 20, max_id = nil, since_id = nil, cache_ids = false)
+ # direct timeline is mix of direct message from_me and to_me.
+ # 2 queries are executed with pagination.
+ # constant expression using arel_table is required for partial index
+
+ # _from_me part does not require any timeline filters
+ query_from_me = where(account_id: account.id)
+ .where(Status.arel_table[:visibility].eq(3))
+ .limit(limit)
+ .order('statuses.id DESC')
+
+ # _to_me part requires mute and block filter.
+ # FIXME: may we check mutes.hide_notifications?
+ query_to_me = Status
+ .joins(:mentions)
+ .merge(Mention.where(account_id: account.id))
+ .where(Status.arel_table[:visibility].eq(3))
+ .limit(limit)
+ .order('mentions.status_id DESC')
+ .not_excluded_by_account(account)
+
+ if max_id.present?
+ query_from_me = query_from_me.where('statuses.id < ?', max_id)
+ query_to_me = query_to_me.where('mentions.status_id < ?', max_id)
+ end
+
+ if since_id.present?
+ query_from_me = query_from_me.where('statuses.id > ?', since_id)
+ query_to_me = query_to_me.where('mentions.status_id > ?', since_id)
+ end
+
+ if cache_ids
+ # returns array of cache_ids object that have id and updated_at
+ (query_from_me.cache_ids.to_a + query_to_me.cache_ids.to_a).uniq(&:id).sort_by(&:id).reverse.take(limit)
+ else
+ # returns ActiveRecord.Relation
+ items = (query_from_me.select(:id).to_a + query_to_me.select(:id).to_a).uniq(&:id).sort_by(&:id).reverse.take(limit)
+ Status.where(id: items.map(&:id))
+ end
+ end
+
def as_public_timeline(account = nil, local_only = false)
- query = timeline_scope(local_only).without_replies
+ query = timeline_scope(local_only)
+ query = query.without_replies unless Setting.show_replies_in_public_timelines
- apply_timeline_filters(query, account, local_only)
+ apply_timeline_filters(query, account, [:local, true].include?(local_only))
end
def as_tag_timeline(tag, account = nil, local_only = false)
private
- def timeline_scope(local_only = false)
- starting_scope = local_only ? Status.local : Status
+ def timeline_scope(scope = false)
+ starting_scope = case scope
+ when :local, true
+ Status.local
+ when :remote
+ Status.remote
+ else
+ Status
+ end
-
- starting_scope
- .with_public_visibility
- .without_reblogs
+ starting_scope = starting_scope.with_public_visibility
+ if Setting.show_reblogs_in_public_timelines
+ starting_scope
+ else
+ starting_scope.without_reblogs
+ end
end
def apply_timeline_filters(query, account, local_only)
%title= content_for?(:page_title) ? safe_join([yield(:page_title).chomp.html_safe, title], ' - ') : title
- = stylesheet_pack_tag 'common', media: 'all'
- = stylesheet_pack_tag current_theme, media: 'all'
- = javascript_pack_tag 'common', integrity: true, crossorigin: 'anonymous'
- = javascript_pack_tag "locale_#{I18n.locale}", integrity: true, crossorigin: 'anonymous'
+ = javascript_pack_tag "locales", integrity: true, crossorigin: 'anonymous'
+ - if @theme
+ - if @theme[:supported_locales].include? I18n.locale.to_s
+ = javascript_pack_tag "locales/#{@theme[:flavour]}/#{I18n.locale}", integrity: true, crossorigin: 'anonymous'
+ - elsif @theme[:supported_locales].include? 'en'
+ = javascript_pack_tag "locales/#{@theme[:flavour]}/en", integrity: true, crossorigin: 'anonymous'
= csrf_meta_tags
+ = stylesheet_link_tag '/inert.css', skip_pipeline: true, media: 'all', id: 'inert-style'
+
+ = yield :header_tags
+
+ -# These must come after :header_tags to ensure our initial state has been defined.
+ = render partial: 'layouts/theme', object: @core
+ = render partial: 'layouts/theme', object: @theme
+
- if Setting.custom_css.present?
= stylesheet_link_tag custom_css_path, media: 'all'
# For further information see the following documentation
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
-def host_to_url(str)
- "http#{Rails.configuration.x.use_https ? 's' : ''}://#{str}" unless str.blank?
-end
-
-base_host = Rails.configuration.x.web_domain
-
-assets_host = Rails.configuration.action_controller.asset_host
-assets_host ||= host_to_url(base_host)
-
-media_host = host_to_url(ENV['S3_ALIAS_HOST'])
-media_host ||= host_to_url(ENV['S3_CLOUDFRONT_HOST'])
-media_host ||= host_to_url(ENV['S3_HOSTNAME']) if ENV['S3_ENABLED'] == 'true'
-media_host ||= assets_host
-
-Rails.application.config.content_security_policy do |p|
- p.base_uri :none
- p.default_src :none
- p.frame_ancestors :none
- p.font_src :self, assets_host
- p.img_src :self, :https, :data, :blob, assets_host
- p.style_src :self, assets_host
- p.media_src :self, :https, :data, assets_host
- p.frame_src :self, :https
- p.manifest_src :self, assets_host
-
- if Rails.env.development?
- webpacker_urls = %w(ws http).map { |protocol| "#{protocol}#{Webpacker.dev_server.https? ? 's' : ''}://#{Webpacker.dev_server.host_with_port}" }
-
- p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url, *webpacker_urls
- p.script_src :self, :unsafe_inline, :unsafe_eval, assets_host
- p.child_src :self, :blob, assets_host
- p.worker_src :self, :blob, assets_host
+if Rails.env.production?
+ assets_host = Rails.configuration.action_controller.asset_host || "https://#{ENV['WEB_DOMAIN'] || ENV['LOCAL_DOMAIN']}"
+ data_hosts = [assets_host]
+
+ if ENV['S3_ENABLED'] == 'true'
+ attachments_host = "https://#{ENV['S3_ALIAS_HOST'] || ENV['S3_CLOUDFRONT_HOST'] || ENV['S3_HOSTNAME'] || "s3-#{ENV['S3_REGION'] || 'us-east-1'}.amazonaws.com"}"
+ attachments_host = "https://#{Addressable::URI.parse(attachments_host).host}"
+ elsif ENV['SWIFT_ENABLED'] == 'true'
+ attachments_host = ENV['SWIFT_OBJECT_URL']
+ attachments_host = "https://#{Addressable::URI.parse(attachments_host).host}"
else
- p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url
- p.script_src :self, assets_host
- p.child_src :self, :blob, assets_host
- p.worker_src :self, :blob, assets_host
+ attachments_host = nil
+ end
+
+ data_hosts << attachments_host unless attachments_host.nil?
+
+ if ENV['PAPERCLIP_ROOT_URL']
+ url = Addressable::URI.parse(assets_host) + ENV['PAPERCLIP_ROOT_URL']
+ data_hosts << "https://#{url.host}"
+ end
+
+ data_hosts.concat(ENV['EXTRA_DATA_HOSTS'].split('|')) if ENV['EXTRA_DATA_HOSTS']
+
+ data_hosts.uniq!
+
+ Rails.application.config.content_security_policy do |p|
+ p.base_uri :none
+ p.default_src :none
+ p.frame_ancestors :none
+ p.script_src :self, assets_host
+ p.font_src :self, assets_host
+ p.img_src :self, :data, :blob, *data_hosts
- p.style_src :self, :unsafe_inline, assets_host
++ p.style_src :self, assets_host
+ p.media_src :self, :data, *data_hosts
+ p.frame_src :self, :https
+ p.child_src :self, :blob, assets_host
+ p.worker_src :self, :blob, assets_host
+ p.connect_src :self, :blob, :data, Rails.configuration.x.streaming_api_base_url, *data_hosts
+ p.manifest_src :self, assets_host
end
end
cat aescling's git repositories / mastodon.git / commitdiff