Merge commit '71db616fed' into kb_migration

app/controllers/api/v1/bookmarks_controller.rb

@@ -21,7 +21,7 @@ class Api::V1::BookmarksController < Api::BaseController
   end
 
   def results
-    @_results ||= account_bookmarks.joins(:status).eager_load(:status).to_a_paginated_by_id(
+    @results ||= account_bookmarks.joins(:status).eager_load(:status).to_a_paginated_by_id(
       limit_param(DEFAULT_STATUSES_LIMIT),
       params_slice(:max_id, :since_id, :min_id)
     )

app/controllers/api/v1/favourites_controller.rb

@@ -21,7 +21,7 @@ class Api::V1::FavouritesController < Api::BaseController
   end
 
   def results
-    @_results ||= account_favourites.joins(:status).eager_load(:status).to_a_paginated_by_id(
+    @results ||= account_favourites.joins(:status).eager_load(:status).to_a_paginated_by_id(
       limit_param(DEFAULT_STATUSES_LIMIT),
       params_slice(:max_id, :since_id, :min_id)
     )

app/controllers/api/v1/markers_controller.rb

@@ -7,7 +7,10 @@ class Api::V1::MarkersController < Api::BaseController
   before_action :require_user!
 
   def index
-    @markers = current_user.markers.where(timeline: Array(params[:timeline])).index_by(&:timeline)
+    with_read_replica do
+      @markers = current_user.markers.where(timeline: Array(params[:timeline])).index_by(&:timeline)
+    end
+
     render json: serialize_map(@markers)
   end
 

app/controllers/api/v1/notifications_controller.rb

@@ -9,8 +9,12 @@ class Api::V1::NotificationsController < Api::BaseController
   DEFAULT_NOTIFICATIONS_LIMIT = 40
 
   def index
-    @notifications = load_notifications
-    render json: @notifications, each_serializer: REST::NotificationSerializer, relationships: StatusRelationshipsPresenter.new(target_statuses_from_notifications, current_user&.account_id)
+    with_read_replica do
+      @notifications = load_notifications
+      @relationships = StatusRelationshipsPresenter.new(target_statuses_from_notifications, current_user&.account_id)
+    end
+
+    render json: @notifications, each_serializer: REST::NotificationSerializer, relationships: @relationships
   end
 
   def show

app/controllers/api/v1/reports_controller.rb

@@ -23,6 +23,6 @@ class Api::V1::ReportsController < Api::BaseController
   end
 
   def report_params
-    params.permit(:account_id, :comment, :category, :forward, status_ids: [], rule_ids: [])
+    params.permit(:account_id, :comment, :category, :forward, forward_to_domains: [], status_ids: [], rule_ids: [])
   end
 end

app/controllers/api/v1/timelines/home_controller.rb

@@ -6,11 +6,14 @@ class Api::V1::Timelines::HomeController < Api::BaseController
   after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
 
   def show
-    @statuses = load_statuses
+    with_read_replica do
+      @statuses = load_statuses
+      @relationships = StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
+    end
 
     render json: @statuses,
            each_serializer: REST::StatusSerializer,
-           relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id),
+           relationships: @relationships,
            status: account_home_feed.regenerating? ? 206 : 200
   end
 

app/controllers/api/web/embeds_controller.rb

@@ -1,25 +1,36 @@
 # frozen_string_literal: true
 
 class Api::Web::EmbedsController < Api::Web::BaseController
-  before_action :require_user!
+  include Authorization
 
-  def create
-    status = StatusFinder.new(params[:url]).status
+  before_action :set_status
 
-    return not_found if status.hidden?
+  def show
+    return not_found if @status.hidden?
 
-    render json: status, serializer: OEmbedSerializer, width: 400
-  rescue ActiveRecord::RecordNotFound
-    oembed = FetchOEmbedService.new.call(params[:url])
+    if @status.local?
+      render json: @status, serializer: OEmbedSerializer, width: 400
+    else
+      return not_found unless user_signed_in?
 
-    return not_found if oembed.nil?
+      url = ActivityPub::TagManager.instance.url_for(@status)
+      oembed = FetchOEmbedService.new.call(url)
+      return not_found if oembed.nil?
 
-    begin
-      oembed[:html] = Sanitize.fragment(oembed[:html], Sanitize::Config::MASTODON_OEMBED)
-    rescue ArgumentError
-      return not_found
+      begin
+        oembed[:html] = Sanitize.fragment(oembed[:html], Sanitize::Config::MASTODON_OEMBED)
+      rescue ArgumentError
+        return not_found
+      end
+
+      render json: oembed
     end
+  end
 
-    render json: oembed
+  def set_status
+    @status = Status.find(params[:id])
+    authorize @status, :show?
+  rescue Mastodon::NotPermittedError
+    not_found
   end
 end

app/controllers/application_controller.rb

@@ -10,6 +10,7 @@ class ApplicationController < ActionController::Base
   include SessionTrackingConcern
   include CacheConcern
   include DomainControlHelper
+  include DatabaseHelper
 
   helper_method :current_account
   helper_method :current_session

app/controllers/auth/sessions_controller.rb

@@ -124,7 +124,7 @@ class Auth::SessionsController < Devise::SessionsController
     redirect_to new_user_session_path, alert: I18n.t('devise.failure.timeout')
   end
 
-  def set_attempt_session(user)
+  def register_attempt_in_session(user)
     session[:attempt_user_id]         = user.id
     session[:attempt_user_updated_at] = user.updated_at.to_s
   end

app/controllers/concerns/rate_limit_headers.rb

@@ -61,7 +61,7 @@ module RateLimitHeaders
   end
 
   def request_time
-    @_request_time ||= Time.now.utc
+    @request_time ||= Time.now.utc
   end
 
   def reset_period_offset

app/controllers/concerns/two_factor_authentication_concern.rb

@@ -75,7 +75,7 @@ module TwoFactorAuthenticationConcern
   end
 
   def prompt_for_two_factor(user)
-    set_attempt_session(user)
+    register_attempt_in_session(user)
 
     @body_classes     = 'lighter'
     @webauthn_enabled = user.webauthn_enabled?