diff --git a/.github/ISSUE_TEMPLATE/1.bug_report.yml b/.github/ISSUE_TEMPLATE/1.bug_report.yml deleted file mode 100644 index 22f51f7bd..000000000 --- a/.github/ISSUE_TEMPLATE/1.bug_report.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: Bug Report -description: If something isn't working as expected -labels: [bug] -body: - - type: markdown - attributes: - value: | - Make sure that you are submitting a new bug that was not previously reported or already fixed. - - Please use a concise and distinct title for the issue. - - type: textarea - attributes: - label: Steps to reproduce the problem - description: What were you trying to do? - value: | - 1. - 2. - 3. - ... - validations: - required: true - - type: input - attributes: - label: Expected behaviour - description: What should have happened? - validations: - required: true - - type: input - attributes: - label: Actual behaviour - description: What happened? - validations: - required: true - - type: textarea - attributes: - label: Detailed description - validations: - required: false - - type: textarea - attributes: - label: Specifications - description: | - What version or commit hash of Mastodon did you find this bug in? - - If a front-end issue, what browser and operating systems were you using? - placeholder: | - Mastodon 3.5.3 (or Edge) - Ruby 2.7.6 (or v3.1.2) - Node.js 16.18.0 - - Google Chrome 106.0.5249.119 - Firefox 105.0.3 - - etc... - validations: - required: true diff --git a/.github/ISSUE_TEMPLATE/1.web_bug_report.yml b/.github/ISSUE_TEMPLATE/1.web_bug_report.yml new file mode 100644 index 000000000..20e27d103 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/1.web_bug_report.yml @@ -0,0 +1,76 @@ +name: Bug Report (Web Interface) +description: If you are using Mastodon's web interface and something is not working as expected +labels: [bug, 'status/to triage', 'area/web interface'] +body: + - type: markdown + attributes: + value: | + Make sure that you are submitting a new bug that was not previously reported or already fixed. + + Please use a concise and distinct title for the issue. + - type: textarea + attributes: + label: Steps to reproduce the problem + description: What were you trying to do? + value: | + 1. + 2. + 3. + ... + validations: + required: true + - type: input + attributes: + label: Expected behaviour + description: What should have happened? + validations: + required: true + - type: input + attributes: + label: Actual behaviour + description: What happened? + validations: + required: true + - type: textarea + attributes: + label: Detailed description + validations: + required: false + - type: input + attributes: + label: Mastodon instance + description: The address of the Mastodon instance where you experienced the issue + placeholder: mastodon.social + validations: + required: true + - type: input + attributes: + label: Mastodon version + description: | + This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627` + placeholder: v4.1.2 + validations: + required: true + - type: input + attributes: + label: Browser name and version + description: | + What browser are you using when getting this bug? Please specify the version as well. + placeholder: Firefox 105.0.3 + validations: + required: true + - type: input + attributes: + label: Operating system + description: | + What OS are you running? Please specify the version as well. + placeholder: macOS 13.4.1 + validations: + required: true + - type: textarea + attributes: + label: Technical details + description: | + Any additional technical details you may have. This can include the full error log, inspector's output… + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/2.server_bug_report.yml b/.github/ISSUE_TEMPLATE/2.server_bug_report.yml new file mode 100644 index 000000000..49d5f5720 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/2.server_bug_report.yml @@ -0,0 +1,65 @@ +name: Bug Report (server / API) +description: | + If something is not working as expected, but is not from using the web interface. +labels: [bug, 'status/to triage'] +body: + - type: markdown + attributes: + value: | + Make sure that you are submitting a new bug that was not previously reported or already fixed. + + Please use a concise and distinct title for the issue. + - type: textarea + attributes: + label: Steps to reproduce the problem + description: What were you trying to do? + value: | + 1. + 2. + 3. + ... + validations: + required: true + - type: input + attributes: + label: Expected behaviour + description: What should have happened? + validations: + required: true + - type: input + attributes: + label: Actual behaviour + description: What happened? + validations: + required: true + - type: textarea + attributes: + label: Detailed description + validations: + required: false + - type: input + attributes: + label: Mastodon instance + description: The address of the Mastodon instance where you experienced the issue + placeholder: mastodon.social + validations: + required: false + - type: input + attributes: + label: Mastodon version + description: | + This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627` + placeholder: v4.1.2 + validations: + required: false + - type: textarea + attributes: + label: Technical details + description: | + Any additional technical details you may have, like logs or error traces + value: | + If this is happening on your own Mastodon server, please fill out those: + - Ruby version: (from `ruby --version`, eg. v3.1.2) + - Node.js version: (from `node --version`, eg. v18.16.0) + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/2.feature_request.yml b/.github/ISSUE_TEMPLATE/3.feature_request.yml similarity index 100% rename from .github/ISSUE_TEMPLATE/2.feature_request.yml rename to .github/ISSUE_TEMPLATE/3.feature_request.yml diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 4fdc346f3..5a951bad7 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -291,6 +291,7 @@ RSpec/LetSetup: - 'spec/controllers/oauth/tokens_controller_spec.rb' - 'spec/controllers/settings/imports_controller_spec.rb' - 'spec/lib/activitypub/activity/delete_spec.rb' + - 'spec/lib/vacuum/applications_vacuum_spec.rb' - 'spec/lib/vacuum/preview_cards_vacuum_spec.rb' - 'spec/models/account_spec.rb' - 'spec/models/account_statuses_cleanup_policy_spec.rb' diff --git a/app/lib/application_extension.rb b/app/lib/application_extension.rb index 4de69c1ea..fb442e2c2 100644 --- a/app/lib/application_extension.rb +++ b/app/lib/application_extension.rb @@ -4,6 +4,8 @@ module ApplicationExtension extend ActiveSupport::Concern included do + has_many :created_users, class_name: 'User', foreign_key: 'created_by_application_id', inverse_of: :created_by_application + validates :name, length: { maximum: 60 } validates :website, url: true, length: { maximum: 2_000 }, if: :website? validates :redirect_uri, length: { maximum: 2_000 } diff --git a/app/lib/vacuum/applications_vacuum.rb b/app/lib/vacuum/applications_vacuum.rb new file mode 100644 index 000000000..ba88655f1 --- /dev/null +++ b/app/lib/vacuum/applications_vacuum.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +class Vacuum::ApplicationsVacuum + def perform + Doorkeeper::Application.where(owner_id: nil) + .where.missing(:created_users, :access_tokens, :access_grants) + .where(created_at: ...1.day.ago) + .in_batches.delete_all + end +end diff --git a/app/models/application_record.rb b/app/models/application_record.rb index 23e0af3a2..efff5cdad 100644 --- a/app/models/application_record.rb +++ b/app/models/application_record.rb @@ -5,7 +5,7 @@ class ApplicationRecord < ActiveRecord::Base include Remotable - connects_to database: { writing: :primary, reading: :read } + connects_to database: { writing: :primary, reading: ENV['DB_REPLICA_NAME'] || ENV['READ_DATABASE_URL'] ? :read : :primary } class << self def update_index(_type_name, *_args, &_block) diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index 7e77ea383..2267ec529 100755 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -29,9 +29,9 @@ = javascript_pack_tag "common", crossorigin: 'anonymous' - if @theme - if @theme[:supported_locales].include? I18n.locale.to_s - = preload_pack_asset "locales/#{@theme[:flavour]}/#{I18n.locale}-json.js", crossorigin: 'anonymous' + = preload_pack_asset "locales/#{@theme[:flavour]}/#{I18n.locale}-json.js" - elsif @theme[:supported_locales].include? 'en' - = preload_pack_asset "locales/#{@theme[:flavour]}/en-json.js", crossorigin: 'anonymous' + = preload_pack_asset "locales/#{@theme[:flavour]}/en-json.js" = csrf_meta_tags unless skip_csrf_meta_tags? %meta{ name: 'style-nonce', content: request.content_security_policy_nonce } diff --git a/app/views/layouts/embedded.html.haml b/app/views/layouts/embedded.html.haml index 545e4f538..42f61a180 100644 --- a/app/views/layouts/embedded.html.haml +++ b/app/views/layouts/embedded.html.haml @@ -15,9 +15,9 @@ = javascript_pack_tag 'common', crossorigin: 'anonymous' - if @theme - if @theme[:supported_locales].include? I18n.locale.to_s - = preload_pack_asset "locales/#{@theme[:flavour]}/#{I18n.locale}-json.js", crossorigin: 'anonymous' + = preload_pack_asset "locales/#{@theme[:flavour]}/#{I18n.locale}-json.js" - elsif @theme[:supported_locales].include? 'en' - = preload_pack_asset "locales/#{@theme[:flavour]}/en-json.js", crossorigin: 'anonymous' + = preload_pack_asset "locales/#{@theme[:flavour]}/en-json.js" = render partial: 'layouts/theme', object: @core = render partial: 'layouts/theme', object: @theme diff --git a/app/views/media/player.html.haml b/app/views/media/player.html.haml index 486c177a4..d34e15538 100644 --- a/app/views/media/player.html.haml +++ b/app/views/media/player.html.haml @@ -3,9 +3,9 @@ = javascript_pack_tag 'common', crossorigin: 'anonymous' - if @theme - if @theme[:supported_locales].include? I18n.locale.to_s - = preload_pack_asset "locales/#{@theme[:flavour]}/#{I18n.locale}-json.js", crossorigin: 'anonymous' + = preload_pack_asset "locales/#{@theme[:flavour]}/#{I18n.locale}-json.js" - elsif @theme[:supported_locales].include? 'en' - = preload_pack_asset "locales/#{@theme[:flavour]}/en-json.js", crossorigin: 'anonymous' + = preload_pack_asset "locales/#{@theme[:flavour]}/en-json.js" = render partial: 'layouts/theme', object: @core = render partial: 'layouts/theme', object: @theme diff --git a/app/views/shared/_web_app.html.haml b/app/views/shared/_web_app.html.haml index 67f3ff9b4..598079fe3 100644 --- a/app/views/shared/_web_app.html.haml +++ b/app/views/shared/_web_app.html.haml @@ -1,8 +1,8 @@ - content_for :header_tags do - if user_signed_in? - = preload_pack_asset 'features/compose.js', crossorigin: 'anonymous' - = preload_pack_asset 'features/home_timeline.js', crossorigin: 'anonymous' - = preload_pack_asset 'features/notifications.js', crossorigin: 'anonymous' + = preload_pack_asset 'features/compose.js' + = preload_pack_asset 'features/home_timeline.js' + = preload_pack_asset 'features/notifications.js' %meta{ name: 'initialPath', content: request.path } %meta{ name: 'applicationServerKey', content: Rails.configuration.x.vapid_public_key } diff --git a/app/workers/scheduler/vacuum_scheduler.rb b/app/workers/scheduler/vacuum_scheduler.rb index 9e884caef..9c040f6e4 100644 --- a/app/workers/scheduler/vacuum_scheduler.rb +++ b/app/workers/scheduler/vacuum_scheduler.rb @@ -22,6 +22,7 @@ class Scheduler::VacuumScheduler preview_cards_vacuum, backups_vacuum, access_tokens_vacuum, + applications_vacuum, feeds_vacuum, imports_vacuum, ] @@ -55,6 +56,10 @@ class Scheduler::VacuumScheduler Vacuum::ImportsVacuum.new end + def applications_vacuum + Vacuum::ApplicationsVacuum.new + end + def content_retention_policy ContentRetentionPolicy.current end diff --git a/config/webpack/shared.js b/config/webpack/shared.js index 768bd7bf3..b82c5d5be 100644 --- a/config/webpack/shared.js +++ b/config/webpack/shared.js @@ -60,6 +60,7 @@ module.exports = { chunkFilename: 'js/[name]-[chunkhash].chunk.js', hotUpdateChunkFilename: 'js/[id]-[hash].hot-update.js', hashFunction: 'sha256', + crossOriginLoading: 'anonymous', path: output.path, publicPath: output.publicPath, }, diff --git a/lib/webpacker/helper_extensions.rb b/lib/webpacker/helper_extensions.rb index 8f46d7631..3872e3d86 100644 --- a/lib/webpacker/helper_extensions.rb +++ b/lib/webpacker/helper_extensions.rb @@ -13,7 +13,14 @@ module Webpacker::HelperExtensions def preload_pack_asset(name, **options) src, integrity = current_webpacker_instance.manifest.lookup!(name, with_integrity: true) - preload_link_tag(src, options.merge(integrity: integrity)) + + # This attribute will only work if the assets are on a different domain. + # And Webpack will (correctly) only add it in this case, so we need to conditionally set it here + # otherwise the preloaded request and the real request will have different crossorigin values + # and the preloaded file wont be loaded + crossorigin = 'anonymous' if Rails.configuration.action_controller.asset_host.present? + + preload_link_tag(src, options.merge(integrity: integrity, crossorigin: crossorigin)) end end diff --git a/spec/lib/vacuum/applications_vacuum_spec.rb b/spec/lib/vacuum/applications_vacuum_spec.rb new file mode 100644 index 000000000..d30311ab1 --- /dev/null +++ b/spec/lib/vacuum/applications_vacuum_spec.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe Vacuum::ApplicationsVacuum do + subject { described_class.new } + + describe '#perform' do + let!(:app1) { Fabricate(:application, created_at: 1.month.ago) } + let!(:app2) { Fabricate(:application, created_at: 1.month.ago) } + let!(:app3) { Fabricate(:application, created_at: 1.month.ago) } + let!(:app4) { Fabricate(:application, created_at: 1.month.ago, owner: Fabricate(:user)) } + let!(:app5) { Fabricate(:application, created_at: 1.month.ago) } + let!(:app6) { Fabricate(:application, created_at: 1.hour.ago) } + + let!(:active_access_token) { Fabricate(:access_token, application: app1) } + let!(:active_access_grant) { Fabricate(:access_grant, application: app2) } + let!(:user) { Fabricate(:user, created_by_application: app3) } + + before do + subject.perform + end + + it 'does not delete applications with valid access tokens' do + expect { app1.reload }.to_not raise_error + end + + it 'does not delete applications with valid access grants' do + expect { app2.reload }.to_not raise_error + end + + it 'does not delete applications that were used to create users' do + expect { app3.reload }.to_not raise_error + end + + it 'does not delete owned applications' do + expect { app4.reload }.to_not raise_error + end + + it 'does not delete applications registered less than a day ago' do + expect { app6.reload }.to_not raise_error + end + + it 'deletes unused applications' do + expect { app5.reload }.to raise_error ActiveRecord::RecordNotFound + end + end +end