Merge commit '71db616fed' into kb_migration

config/initializers/0_post_deployment_migrations.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Post deployment migrations are included by default. This file must be loaded
 # before other initializers as Rails may otherwise memoize a list of migrations
 # excluding the post deployment migrations.

config/initializers/active_model_serializers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 ActiveModelSerializers.config.tap do |config|
   config.default_includes = '**'
 end

config/initializers/application_controller_renderer.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Be sure to restart your server when you modify this file.
 
 # ActiveSupport::Reloader.to_prepare do

config/initializers/assets.rb

@@ -1,13 +1,16 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Version of your assets, change this if you want to expire all your assets.
 Rails.application.config.assets.version = '1.0'
 
-# Add additional assets to the asset load path
-# Rails.application.config.assets.paths << 'node_modules'
+# Add additional assets to the asset load path.
+# Rails.application.config.assets.paths << Emoji.images_path
 
 # Precompile additional assets.
-# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
-# Rails.application.config.assets.precompile += %w()
+# application.js, application.css, and all non-JS/CSS in the app/assets
+# folder are already added.
+# Rails.application.config.assets.precompile += %w( admin.js admin.css )
 
 Rails.application.config.assets.initialize_on_precompile = true

config/initializers/backtrace_silencers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.

config/initializers/cache_logging.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Log cache errors with Rail's logger
 # This used to be the default in old Rails versions: https://github.com/rails/rails/commit/7fcf8590e788cef8b64cc266f75931c418902ca9#diff-f0748f0be8a653eea13369ebb1cadabcad71ede7cfaf20282447e64329817befL86
 Rails.cache.logger = Rails.logger

config/initializers/chewy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 enabled         = ENV['ES_ENABLED'] == 'true'
 host            = ENV.fetch('ES_HOST') { 'localhost' }
 port            = ENV.fetch('ES_PORT') { 9200 }

config/initializers/content_security_policy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Define an application-wide content security policy
 # For further information see the following documentation
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

config/initializers/cookie_rotator.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+Rails.application.config.after_initialize do
+  Rails.application.config.action_dispatch.cookies_rotations.tap do |cookies|
+    authenticated_encrypted_cookie_salt = Rails.application.config.action_dispatch.authenticated_encrypted_cookie_salt
+    signed_cookie_salt = Rails.application.config.action_dispatch.signed_cookie_salt
+
+    secret_key_base = Rails.application.secret_key_base
+
+    key_generator = ActiveSupport::KeyGenerator.new(
+      secret_key_base, iterations: 1000, hash_digest_class: OpenSSL::Digest::SHA1
+    )
+    key_len = ActiveSupport::MessageEncryptor.key_len
+
+    old_encrypted_secret = key_generator.generate_key(authenticated_encrypted_cookie_salt, key_len)
+    old_signed_secret = key_generator.generate_key(signed_cookie_salt)
+
+    cookies.rotate :encrypted, old_encrypted_secret
+    cookies.rotate :signed, old_signed_secret
+  end
+end

config/initializers/cookies_serializer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Specify a serializer for the signed and encrypted cookie jars.

config/initializers/cors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Avoid CORS issues when API is called from the frontend app.

config/initializers/devise.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'devise/strategies/authenticatable'
 
 Warden::Manager.after_set_user except: :fetch do |user, warden|

config/initializers/doorkeeper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Doorkeeper.configure do
   # Change the ORM that doorkeeper will use (needs plugins)
   orm :active_record

config/initializers/fast_blank.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 if String.method_defined?(:blank_as?)
   class String
     alias blank? blank_as?

config/initializers/ffmpeg.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 if ENV['FFMPEG_BINARY'].present?
   FFMPEG.ffmpeg_binary = ENV['FFMPEG_BINARY']
 end

config/initializers/filter_parameter_logging.rb

@@ -1,4 +1,10 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
-# Configure sensitive parameters which will be filtered from the log file.
-Rails.application.config.filter_parameters += [:password, :private_key, :public_key, :otp_attempt]
+# Configure parameters to be filtered from the log file. Use this to limit dissemination of
+# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported
+# notations and behaviors.
+Rails.application.config.filter_parameters += [
+  :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
+]

config/initializers/http_client_proxy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Rails.application.configure do
   config.x.http_client_proxy = {}
 

config/initializers/httplog.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 HttpLog.configure do |config|
   config.logger = Rails.logger
   config.color = { color: :yellow }

config/initializers/inflections.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Add new inflection rules using the following format. Inflections

config/initializers/mail_delivery_job.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 ActionMailer::MailDeliveryJob.class_eval do
   discard_on ActiveJob::DeserializationError
 end

config/initializers/makara.rb

@@ -1,2 +0,0 @@
-Makara::Cookie::DEFAULT_OPTIONS[:same_site] = :lax
-Makara::Cookie::DEFAULT_OPTIONS[:secure]    = Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'

config/initializers/mime_types.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 Mime::Type.register 'application/json', :json, %w(text/x-json application/jsonrequest application/jrd+json application/activity+json application/ld+json)

config/initializers/new_framework_defaults_7_0.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# TODO
+# The Rails 7.0 framework default here is to set this true. However, we have a
+# location in devise that redirects where we don't have an easy ability to
+# override a method or set a config option, but where the redirect does not
+# provide this option.
+# https://github.com/heartcombo/devise/blob/v4.9.2/app/controllers/devise/confirmations_controller.rb#L28
+# Once a solution is found, this line can be removed.
+Rails.application.config.action_controller.raise_on_open_redirects = false

config/initializers/oj.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 Oj.default_options = { mode: :compat, time_format: :ruby, use_to_json: true }

config/initializers/omniauth.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Rails.application.config.middleware.use OmniAuth::Builder do
   # Vanilla omniauth strategies
 end

config/initializers/open_uri_redirection.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'open-uri'
 
 module OpenURI

config/initializers/permissions_policy.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Define an application-wide HTTP permissions policy. For further
 # information see https://developers.google.com/web/updates/2018/06/feature-policy
 #

config/initializers/pghero.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 PgHero.show_migrations = Rails.env.development?

config/initializers/preload_link_headers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Since Rails 6.1, ActionView adds preload links for javascript files
 # in the Links header per default.
 

config/initializers/premailer_rails.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative '../../lib/mastodon/premailer_webpack_strategy'
 
 Premailer::Rails.config.merge!(remove_ids: true,

config/initializers/rack_attack.rb

@@ -5,9 +5,9 @@ require 'doorkeeper/grape/authorization_decorator'
 class Rack::Attack
   class Request
     def authenticated_token
-      return @token if defined?(@token)
+      return @authenticated_token if defined?(@authenticated_token)
 
-      @token = Doorkeeper::OAuth::Token.authenticate(
+      @authenticated_token = Doorkeeper::OAuth::Token.authenticate(
         Doorkeeper::Grape::AuthorizationDecorator.new(self),
         *Doorkeeper.configuration.access_token_methods
       )

config/initializers/rack_attack_logging.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 ActiveSupport::Notifications.subscribe(/rack_attack/) do |_name, _start, _finish, _request_id, payload|
   req = payload[:request]
 

config/initializers/redis.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 Redis.sadd_returns_boolean = false

config/initializers/session_store.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 Rails.application.config.session_store :cookie_store,

config/initializers/simple_form.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Use this setup block to configure all options available in SimpleForm.
 
 module AppendComponent

config/initializers/stoplight.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'stoplight'
 
 Rails.application.reloader.to_prepare do

config/initializers/trusted_proxies.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   class Request
     def trusted_proxy?(ip)

config/initializers/twitter_regex.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Twitter::TwitterText
   class Configuration
     def emoji_parsing_enabled

config/initializers/webauthn.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 WebAuthn.configure do |config|
   # This value needs to match `window.location.origin` evaluated by
   # the User Agent during registration and authentication ceremonies.

config/initializers/wrap_parameters.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # This file contains settings for ActionController::ParamsWrapper which