Merge remote-tracking branch 'parent/stable-4.2' into kb-draft-5.25-lts

2024-09-30 21:41:34 +09:00 · 2024-09-30 21:41:34 +09:00 · c33fea88b2
commit c33fea88b2
parent 3c851f2d21 7e47439787
15 changed files with 68 additions and 38 deletions
--- a/app/controllers/activitypub/replies_controller.rb
+++ b/app/controllers/activitypub/replies_controller.rb
@ -14,7 +14,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
  before_action :set_replies

  def index
-    expires_in 0, public: public_fetch_mode?
+    expires_in 0, public: @status.distributable? && public_fetch_mode?
    render json: replies_collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json', skip_activities: true
  end

--- a/app/lib/activitypub/linked_data_signature.rb
+++ b/app/lib/activitypub/linked_data_signature.rb
@ -4,6 +4,7 @@ class ActivityPub::LinkedDataSignature
  include JsonLdHelper

  CONTEXT = 'https://w3id.org/identity/v1'
+  SIGNATURE_CONTEXT = 'https://w3id.org/security/v1'

  def initialize(json)
    @json = json.with_indifferent_access
@ -46,7 +47,13 @@ class ActivityPub::LinkedDataSignature

    signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), to_be_signed))

-    @json.merge('signature' => options.merge('signatureValue' => signature))
+    # Mastodon's context is either an array or a single URL
+    context_with_security = Array(@json['@context'])
+    context_with_security << 'https://w3id.org/security/v1'
+    context_with_security.uniq!
+    context_with_security = context_with_security.first if context_with_security.size == 1
+
+    @json.merge('signature' => options.merge('signatureValue' => signature), '@context' => context_with_security)
  end

  private
--- a/app/lib/admin/system_check/software_version_check.rb
+++ b/app/lib/admin/system_check/software_version_check.rb
@ -14,14 +14,16 @@ class Admin::SystemCheck::SoftwareVersionCheck < Admin::SystemCheck::BaseCheck
  def message
    if software_updates.any?(&:urgent?)
      Admin::SystemCheck::Message.new(:software_version_critical_check, nil, admin_software_updates_path, true)
-    else
+    elsif software_updates.any?(&:patch_type?)
      Admin::SystemCheck::Message.new(:software_version_patch_check, nil, admin_software_updates_path)
+    else
+      Admin::SystemCheck::Message.new(:software_version_check, nil, admin_software_updates_path)
    end
  end

  private

  def software_updates
-    @software_updates ||= SoftwareUpdate.pending_to_a.filter { |update| update.urgent? || update.patch_type? }
+    @software_updates ||= SoftwareUpdate.pending_to_a
  end
 end
--- a/app/lib/feed_manager.rb
+++ b/app/lib/feed_manager.rb
@ -594,7 +594,7 @@ class FeedManager
      arr = crutches[:active_mentions][s.id] || []
      arr.push(s.account_id)

-      if s.reblog?
+      if s.reblog? && s.reblog.present?
        arr.push(s.reblog.account_id)
        arr.concat(crutches[:active_mentions][s.reblog_of_id] || [])
      end
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@ -77,7 +77,7 @@ class Request
    @url         = Addressable::URI.parse(url).normalize
    @http_client = options.delete(:http_client)
    @allow_local = options.delete(:allow_local)
-    @full_path   = options.delete(:with_query_string)
+    @full_path   = !options.delete(:omit_query_string)
    @options     = options.merge(socket_class: use_proxy? || @allow_local ? ProxySocket : Socket)
    @options     = @options.merge(timeout_class: PerOperationWithDeadline, timeout_options: TIMEOUT)
    @options     = @options.merge(proxy_url) if use_proxy?
--- a/app/models/account.rb
+++ b/app/models/account.rb
@ -69,8 +69,8 @@ class Account < ApplicationRecord

  BACKGROUND_REFRESH_INTERVAL = 1.week.freeze

-  USERNAME_RE   = /[a-z0-9_]+([a-z0-9_.-]+[a-z0-9_]+)?/i
-  MENTION_RE    = %r{(?<![=/[:word:]])@((#{USERNAME_RE})(?:@[[:word:].-]+[[:word:]]+)?)}
+  USERNAME_RE   = /[a-z0-9_]+([.-]+[a-z0-9_]+)*/i
+  MENTION_RE    = %r{(?<![=/[:word:]])@((#{USERNAME_RE})(?:@[[:word:]]+([.-]+[[:word:]]+)*)?)}
  URL_PREFIX_RE = %r{\Ahttp(s?)://[^/]+}
  USERNAME_ONLY_RE = /\A#{USERNAME_RE}\z/i

--- a/app/services/activitypub/fetch_replies_service.rb
+++ b/app/services/activitypub/fetch_replies_service.rb
@ -49,7 +49,7 @@ class ActivityPub::FetchRepliesService < BaseService
    rescue Mastodon::UnexpectedResponseError => e
      raise unless e.response && e.response.code == 401 && Addressable::URI.parse(collection_or_uri).query.present?

-      fetch_resource_without_id_validation(collection_or_uri, nil, true, request_options: { with_query_string: true })
+      fetch_resource_without_id_validation(collection_or_uri, nil, true, request_options: { omit_query_string: false })
    end
  end