diff --git a/Gemfile b/Gemfile index 77b9c743be..fbc3ad9e29 100644 --- a/Gemfile +++ b/Gemfile @@ -58,10 +58,13 @@ group :development do gem 'rubocop', require: false gem 'better_errors' gem 'binding_of_caller' - gem 'rack-mini-profiler' gem 'letter_opener' end group :production do gem 'rails_12factor' end + +group :development, :production do + gem 'rack-mini-profiler' +end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d83690e1b9..d5eaecdb16 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,4 +2,11 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception + + # Profiling + before_action do + if current_user && current_user.admin? + Rack::MiniProfiler.authorize_request + end + end end diff --git a/app/lib/feed_manager.rb b/app/lib/feed_manager.rb index eaa9393d5e..a19d06a85a 100644 --- a/app/lib/feed_manager.rb +++ b/app/lib/feed_manager.rb @@ -6,6 +6,7 @@ class FeedManager end def self.filter_status?(status, follower) + replied_to_user = status.reply? ? status.thread.account : nil (status.reply? && !(follower.id = replied_to_user.id || follower.following?(replied_to_user))) end end diff --git a/app/models/user.rb b/app/models/user.rb index b17eabcc4d..a80efb50d1 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -7,4 +7,8 @@ class User < ActiveRecord::Base validates :account, presence: true has_many :oauth_applications, class_name: 'Doorkeeper::Application', as: :owner + + def admin? + self.admin + end end diff --git a/app/services/fan_out_on_write_service.rb b/app/services/fan_out_on_write_service.rb index 4bb3f0a10c..c8c775b937 100644 --- a/app/services/fan_out_on_write_service.rb +++ b/app/services/fan_out_on_write_service.rb @@ -3,7 +3,7 @@ class FanOutOnWriteService < BaseService # @param [Status] status def call(status) deliver_to_self(status) if status.account.local? - deliver_to_followers(status, status.reply? ? status.thread.account : nil) + deliver_to_followers(status) deliver_to_mentioned(status) end @@ -13,7 +13,7 @@ class FanOutOnWriteService < BaseService push(:home, status.account.id, status) end - def deliver_to_followers(status, replied_to_user) + def deliver_to_followers(status) status.account.followers.each do |follower| next if !follower.local? || FeedManager.filter_status?(status, follower) push(:home, follower.id, status) diff --git a/config/database.yml b/config/database.yml index 259244e6f4..de67804d2a 100644 --- a/config/database.yml +++ b/config/database.yml @@ -1,6 +1,6 @@ default: &default adapter: postgresql - pool: 5 + pool: 25 timeout: 5000 encoding: unicode diff --git a/config/initializers/rack-attack.rb b/config/initializers/rack-attack.rb index fc2b56c875..15fc6b351d 100644 --- a/config/initializers/rack-attack.rb +++ b/config/initializers/rack-attack.rb @@ -1,3 +1,5 @@ class Rack::Attack - # TODO + throttle('req/ip', limit: 300, period: 5.minutes) do |req| + req.ip + end end diff --git a/config/routes.rb b/config/routes.rb index 0dde9f111e..e9e662ed0c 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,7 +1,7 @@ require 'sidekiq/web' Rails.application.routes.draw do - authenticate :user do + authenticate :user, lambda { |u| u.admin? } do mount Sidekiq::Web => '/sidekiq' end diff --git a/db/migrate/20160325130944_add_admin_to_users.rb b/db/migrate/20160325130944_add_admin_to_users.rb new file mode 100644 index 0000000000..e386d33dda --- /dev/null +++ b/db/migrate/20160325130944_add_admin_to_users.rb @@ -0,0 +1,5 @@ +class AddAdminToUsers < ActiveRecord::Migration + def change + add_column :users, :admin, :boolean, default: false + end +end diff --git a/db/schema.rb b/db/schema.rb index d6702b36e9..03d336d5a8 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20160322193748) do +ActiveRecord::Schema.define(version: 20160325130944) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -143,19 +143,20 @@ ActiveRecord::Schema.define(version: 20160322193748) do add_index "stream_entries", ["activity_id", "activity_type"], name: "index_stream_entries_on_activity_id_and_activity_type", using: :btree create_table "users", force: :cascade do |t| - t.string "email", default: "", null: false - t.integer "account_id", null: false - t.datetime "created_at", null: false - t.datetime "updated_at", null: false - t.string "encrypted_password", default: "", null: false + t.string "email", default: "", null: false + t.integer "account_id", null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.string "encrypted_password", default: "", null: false t.string "reset_password_token" t.datetime "reset_password_sent_at" t.datetime "remember_created_at" - t.integer "sign_in_count", default: 0, null: false + t.integer "sign_in_count", default: 0, null: false t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" t.inet "current_sign_in_ip" t.inet "last_sign_in_ip" + t.boolean "admin", default: false end add_index "users", ["account_id"], name: "index_users_on_account_id", using: :btree