chore: update URL to git

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

.bundler-audit.yml

@@ -0,0 +1,6 @@
+---
+ignore:
+  # devise-two-factor advisory about brute-forcing TOTP
+  # We have rate-limits on authentication endpoints in place (including second
+  # factor verification) since Mastodon v3.2.0
+  - CVE-2024-0227

.circleci/config.yml

@@ -1,225 +0,0 @@
-version: 2.1
-
-orbs:
-  ruby: circleci/ruby@2.0.0
-  node: circleci/node@5.0.3
-
-executors:
-  default:
-    parameters:
-      ruby-version:
-        type: string
-    docker:
-      - image: cimg/ruby:<< parameters.ruby-version >>
-        environment:
-          BUNDLE_JOBS: 3
-          BUNDLE_RETRY: 3
-          CONTINUOUS_INTEGRATION: true
-          DB_HOST: localhost
-          DB_USER: root
-          DISABLE_SIMPLECOV: true
-          RAILS_ENV: test
-      - image: cimg/postgres:14.5
-        environment:
-          POSTGRES_USER: root
-          POSTGRES_HOST_AUTH_METHOD: trust
-      - image: cimg/redis:7.0
-
-commands:
-  install-system-dependencies:
-    steps:
-      - run:
-          name: Install system dependencies
-          command: |
-            sudo apt-get update
-            sudo apt-get install -y libicu-dev libidn11-dev
-  install-ruby-dependencies:
-    parameters:
-      ruby-version:
-        type: string
-    steps:
-      - run:
-          command: |
-            bundle config clean 'true'
-            bundle config frozen 'true'
-            bundle config without 'development production'
-          name: Set bundler settings
-      - ruby/install-deps:
-          bundler-version: '2.3.26'
-          key: ruby<< parameters.ruby-version >>-gems-v1
-  wait-db:
-    steps:
-      - run:
-          command: dockerize -wait tcp://localhost:5432 -wait tcp://localhost:6379 -timeout 1m
-          name: Wait for PostgreSQL and Redis
-
-jobs:
-  build:
-    docker:
-      - image: cimg/ruby:3.0-node
-        environment:
-          RAILS_ENV: test
-    steps:
-      - checkout
-      - install-system-dependencies
-      - install-ruby-dependencies:
-          ruby-version: '3.0'
-      - node/install-packages:
-          cache-version: v1
-          pkg-manager: yarn
-      - run:
-          command: |
-            export NODE_OPTIONS=--openssl-legacy-provider
-            ./bin/rails assets:precompile
-          name: Precompile assets
-      - persist_to_workspace:
-          paths:
-            - public/assets
-            - public/packs-test
-          root: .
-
-  test:
-    parameters:
-      ruby-version:
-        type: string
-    executor:
-      name: default
-      ruby-version: << parameters.ruby-version >>
-    environment:
-      ALLOW_NOPAM: true
-      PAM_ENABLED: true
-      PAM_DEFAULT_SERVICE: pam_test
-      PAM_CONTROLLED_SERVICE: pam_test_controlled
-    parallelism: 4
-    steps:
-      - checkout
-      - install-system-dependencies
-      - run:
-          command: sudo apt-get install -y ffmpeg imagemagick libpam-dev
-          name: Install additional system dependencies
-      - run:
-          command: bundle config with 'pam_authentication'
-          name: Enable PAM authentication
-      - install-ruby-dependencies:
-          ruby-version: << parameters.ruby-version >>
-      - attach_workspace:
-          at: .
-      - wait-db
-      - run:
-          command: ./bin/rails db:create db:schema:load db:seed
-          name: Load database schema
-      - ruby/rspec-test
-
-  test-migrations:
-    executor:
-      name: default
-      ruby-version: '3.0'
-    steps:
-      - checkout
-      - install-system-dependencies
-      - install-ruby-dependencies:
-          ruby-version: '3.0'
-      - wait-db
-      - run:
-          command: ./bin/rails db:create
-          name: Create database
-      - run:
-          command: ./bin/rails db:migrate VERSION=20171010025614
-          name: Run migrations up to v2.0.0
-      - run:
-          command: ./bin/rails tests:migrations:populate_v2
-          name: Populate database with test data
-      - run:
-          command: ./bin/rails db:migrate VERSION=20180514140000
-          name: Run migrations up to v2.4.0
-      - run:
-          command: ./bin/rails tests:migrations:populate_v2_4
-          name: Populate database with test data
-      - run:
-          command: ./bin/rails db:migrate VERSION=20180707154237
-          name: Run migrations up to v2.4.3
-      - run:
-          command: ./bin/rails tests:migrations:populate_v2_4_3
-          name: Populate database with test data
-      - run:
-          command: ./bin/rails db:migrate
-          name: Run all remaining migrations
-      - run:
-          command: ./bin/rails tests:migrations:check_database
-          name: Check migration result
-
-  test-two-step-migrations:
-    executor:
-      name: default
-      ruby-version: '3.0'
-    steps:
-      - checkout
-      - install-system-dependencies
-      - install-ruby-dependencies:
-          ruby-version: '3.0'
-      - wait-db
-      - run:
-          command: ./bin/rails db:create
-          name: Create database
-      - run:
-          command: ./bin/rails db:migrate VERSION=20171010025614
-          name: Run migrations up to v2.0.0
-      - run:
-          command: ./bin/rails tests:migrations:populate_v2
-          name: Populate database with test data
-      - run:
-          command: ./bin/rails db:migrate VERSION=20180514140000
-          name: Run pre-deployment migrations up to v2.4.0
-          environment:
-            SKIP_POST_DEPLOYMENT_MIGRATIONS: true
-      - run:
-          command: ./bin/rails tests:migrations:populate_v2_4
-          name: Populate database with test data
-      - run:
-          command: ./bin/rails db:migrate VERSION=20180707154237
-          name: Run migrations up to v2.4.3
-          environment:
-            SKIP_POST_DEPLOYMENT_MIGRATIONS: true
-      - run:
-          command: ./bin/rails tests:migrations:populate_v2_4_3
-          name: Populate database with test data
-      - run:
-          command: ./bin/rails db:migrate
-          name: Run all remaining pre-deployment migrations
-          environment:
-            SKIP_POST_DEPLOYMENT_MIGRATIONS: true
-      - run:
-          command: ./bin/rails db:migrate
-          name: Run all post-deployment migrations
-      - run:
-          command: ./bin/rails tests:migrations:check_database
-          name: Check migration result
-
-workflows:
-  version: 2
-  build-and-test:
-    jobs:
-      - build
-      - test:
-          matrix:
-            parameters:
-              ruby-version:
-                - '2.7'
-                - '3.0'
-          name: test-ruby<< matrix.ruby-version >>
-          requires:
-            - build
-      - test-migrations:
-          requires:
-            - build
-      - test-two-step-migrations:
-          requires:
-            - build
-      - node/run:
-          cache-version: v1
-          name: test-webui
-          pkg-manager: yarn
-          requires:
-            - build
-          version: '16.18'
-          yarn-run: test:jest

.codeclimate.yml

@@ -1,39 +0,0 @@
-version: '2'
-checks:
-  argument-count:
-    enabled: false
-  complex-logic:
-    enabled: false
-  file-lines:
-    enabled: false
-  method-complexity:
-    enabled: false
-  method-count:
-    enabled: false
-  method-lines:
-    enabled: false
-  nested-control-flow:
-    enabled: false
-  return-statements:
-    enabled: false
-  similar-code:
-    enabled: false
-  identical-code:
-    enabled: false
-plugins:
-  brakeman:
-    enabled: true
-  bundler-audit:
-    enabled: true
-  eslint:
-    enabled: false
-  rubocop:
-    enabled: false
-  sass-lint:
-    enabled: false
-exclude_patterns:
-  - spec/
-  - vendor/asset/
-
-  - app/javascript/mastodon/locales/**/*.json
-  - config/locales/**/*.yml

.devcontainer/Dockerfile

@@ -1,16 +1,10 @@
-# [Choice] Ruby version (use -bullseye variants on local arm64/Apple Silicon): 3, 3.1, 3.0, 2, 2.7, 2.6, 3-bullseye, 3.1-bullseye, 3.0-bullseye, 2-bullseye, 2.7-bullseye, 2.6-bullseye, 3-buster, 3.1-buster, 3.0-buster, 2-buster, 2.7-buster, 2.6-buster
-ARG VARIANT=3.1-bullseye
-FROM mcr.microsoft.com/vscode/devcontainers/ruby:${VARIANT}
+# For details, see https://github.com/devcontainers/images/tree/main/src/ruby
+FROM mcr.microsoft.com/devcontainers/ruby:1-3.2-bullseye
 
 # Install Rails
 # RUN gem install rails webdrivers
 
-# Default value to allow debug server to serve content over GitHub Codespace's port forwarding service
-# The value is a comma-separated list of allowed domains
-ENV RAILS_DEVELOPMENT_HOSTS=".githubpreview.dev"
-
-# [Choice] Node.js version: lts/*, 18, 16, 14
-ARG NODE_VERSION="lts/*"
+ARG NODE_VERSION="16"
 RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"
 
 # [Optional] Uncomment this section to install additional OS packages.
@@ -22,3 +16,5 @@ RUN gem install foreman
 
 # [Optional] Uncomment this line to install global node packages.
 RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g yarn" 2>&1
+
+COPY welcome-message.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt

.devcontainer/codespaces/devcontainer.json

@@ -0,0 +1,49 @@
+{
+  "name": "Mastodon on GitHub Codespaces",
+  "dockerComposeFile": "../docker-compose.yml",
+  "service": "app",
+  "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
+
+  "features": {
+    "ghcr.io/devcontainers/features/sshd:1": {}
+  },
+
+  "runServices": ["app", "db", "redis"],
+
+  "forwardPorts": [3000, 4000],
+
+  "portsAttributes": {
+    "3000": {
+      "label": "web",
+      "onAutoForward": "notify"
+    },
+    "4000": {
+      "label": "stream",
+      "onAutoForward": "silent"
+    }
+  },
+
+  "otherPortsAttributes": {
+    "onAutoForward": "silent"
+  },
+
+  "remoteEnv": {
+    "LOCAL_DOMAIN": "${localEnv:CODESPACE_NAME}-3000.app.github.dev",
+    "LOCAL_HTTPS": "true",
+    "STREAMING_API_BASE_URL": "https://${localEnv:CODESPACE_NAME}-4000.app.github.dev",
+    "DISABLE_FORGERY_REQUEST_PROTECTION": "true",
+    "ES_ENABLED": "",
+    "LIBRE_TRANSLATE_ENDPOINT": ""
+  },
+
+  "onCreateCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
+  "postCreateCommand": ".devcontainer/post-create.sh",
+  "waitFor": "postCreateCommand",
+
+  "customizations": {
+    "vscode": {
+      "settings": {},
+      "extensions": ["EditorConfig.EditorConfig", "webben.browserslist"]
+    }
+  }
+}

.devcontainer/devcontainer.json

@@ -1,33 +1,40 @@
 {
-  "name": "Mastodon",
+  "name": "Mastodon on local machine",
   "dockerComposeFile": "docker-compose.yml",
   "service": "app",
-  "workspaceFolder": "/mastodon",
-
-  // Set *default* container specific settings.json values on container create.
-  "settings": {},
-
-  // Add the IDs of extensions you want installed when the container is created.
-  "extensions": [
-    "EditorConfig.EditorConfig",
-    "dbaeumer.vscode-eslint",
-    "rebornix.Ruby",
-    "webben.browserslist"
-  ],
+  "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
 
   "features": {
-    "ghcr.io/devcontainers/features/sshd:1": {
-      "version": "latest"
+    "ghcr.io/devcontainers/features/sshd:1": {}
+  },
+
+  "forwardPorts": [3000, 4000],
+
+  "portsAttributes": {
+    "3000": {
+      "label": "web",
+      "onAutoForward": "notify",
+      "requireLocalPort": true
+    },
+    "4000": {
+      "label": "stream",
+      "onAutoForward": "silent",
+      "requireLocalPort": true
     }
   },
 
-  // Use 'forwardPorts' to make a list of ports inside the container available locally.
-  // This can be used to network with other containers or the host.
-  "forwardPorts": [3000, 4000],
+  "otherPortsAttributes": {
+    "onAutoForward": "silent"
+  },
 
-  // Use 'postCreateCommand' to run commands after the container is created.
+  "onCreateCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
   "postCreateCommand": ".devcontainer/post-create.sh",
+  "waitFor": "postCreateCommand",
 
-  // Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
-  "remoteUser": "vscode"
+  "customizations": {
+    "vscode": {
+      "settings": {},
+      "extensions": ["EditorConfig.EditorConfig", "webben.browserslist"]
+    }
+  }
 }

.devcontainer/docker-compose.yml

@@ -5,19 +5,12 @@ services:
     build:
       context: .
       dockerfile: Dockerfile
-      args:
-        # Update 'VARIANT' to pick a version of Ruby: 3, 3.1, 3.0, 2, 2.7, 2.6
-        # Append -bullseye or -buster to pin to an OS version.
-        # Use -bullseye variants on local arm64/Apple Silicon.
-        VARIANT: '3.0-bullseye'
-        # Optional Node.js version to install
-        NODE_VERSION: '16'
     volumes:
-      - ..:/mastodon:cached
+      - ../..:/workspaces:cached
     environment:
       RAILS_ENV: development
       NODE_ENV: development
-
+      BIND: 0.0.0.0
       REDIS_HOST: redis
       REDIS_PORT: '6379'
       DB_HOST: db
@@ -30,10 +23,13 @@ services:
       LIBRE_TRANSLATE_ENDPOINT: http://libretranslate:5000
     # Overrides default command so things don't shut down after the process ends.
     command: sleep infinity
+    ports:
+      - '127.0.0.1:3000:3000'
+      - '127.0.0.1:3035:3035'
+      - '127.0.0.1:4000:4000'
     networks:
       - external_network
       - internal_network
-    user: vscode
 
   db:
     image: postgres:14-alpine
@@ -49,7 +45,7 @@ services:
       - internal_network
 
   redis:
-    image: redis:6-alpine
+    image: redis:7-alpine
     restart: unless-stopped
     volumes:
       - redis-data:/data
@@ -74,15 +70,19 @@ services:
         hard: -1
 
   libretranslate:
-    image: libretranslate/libretranslate:v1.2.9
+    image: libretranslate/libretranslate:v1.3.11
     restart: unless-stopped
+    volumes:
+      - lt-data:/home/libretranslate/.local
     networks:
+      - external_network
       - internal_network
 
 volumes:
   postgres-data:
   redis-data:
   es-data:
+  lt-data:
 
 networks:
   external_network:

.devcontainer/post-create.sh

@@ -3,17 +3,22 @@
 set -e # Fail the whole script on first error
 
 # Fetch Ruby gem dependencies
-bundle install --path vendor/bundle --with='development test'
-
-# Fetch Javascript dependencies
-yarn install
+bundle config path 'vendor/bundle'
+bundle config with 'development test'
+bundle install
 
 # Make Gemfile.lock pristine again
 git checkout -- Gemfile.lock
 
+# Fetch Javascript dependencies
+yarn --frozen-lockfile
+
 # [re]create, migrate, and seed the test database
 RAILS_ENV=test ./bin/rails db:setup
 
+# [re]create, migrate, and seed the development database
+RAILS_ENV=development ./bin/rails db:setup
+
 # Precompile assets for development
 RAILS_ENV=development ./bin/rails assets:precompile
 

.devcontainer/welcome-message.txt

@@ -0,0 +1,8 @@
+👋 Welcome to "Mastodon" in GitHub Codespaces!
+
+🛠️  Your environment is fully setup with all the required software.
+
+🔍 To explore VS Code to its fullest, search using the Command Palette (Cmd/Ctrl + Shift + P or F1).
+
+📝 Edit away, run your app as usual, and we'll automatically make it available for you to access.
+

.editorconfig

@@ -10,3 +10,4 @@ insert_final_newline = true
 charset = utf-8
 indent_style = space
 indent_size = 2
+trim_trailing_whitespace = true

.env.vagrant

@@ -2,3 +2,7 @@ VAGRANT=true
 LOCAL_DOMAIN=mastodon.local
 BIND=0.0.0.0
 DB_HOST=/var/run/postgresql/
+
+ES_ENABLED=true
+ES_HOST=localhost
+ES_PORT=9200

.eslintrc.js

@@ -4,71 +4,65 @@ module.exports = {
   extends: [
     'eslint:recommended',
     'plugin:react/recommended',
+    'plugin:react-hooks/recommended',
     'plugin:jsx-a11y/recommended',
+    'plugin:import/recommended',
+    'plugin:promise/recommended',
+    'plugin:jsdoc/recommended',
+    'plugin:prettier/recommended',
   ],
 
   env: {
     browser: true,
     node: true,
     es6: true,
-    jest: true,
   },
 
   globals: {
     ATTACHMENT_HOST: false,
   },
 
-  parser: '@babel/eslint-parser',
+  parser: '@typescript-eslint/parser',
 
   plugins: [
     'react',
     'jsx-a11y',
     'import',
     'promise',
+    '@typescript-eslint',
+    'formatjs',
   ],
 
   parserOptions: {
     sourceType: 'module',
     ecmaFeatures: {
-      experimentalObjectRestSpread: true,
       jsx: true,
     },
     ecmaVersion: 2021,
+    requireConfigFile: false,
+    babelOptions: {
+      configFile: false,
+      presets: ['@babel/react', '@babel/env'],
+    },
   },
 
   settings: {
     react: {
       version: 'detect',
     },
-    'import/extensions': [
-      '.js',
-    ],
     'import/ignore': [
       'node_modules',
       '\\.(css|scss|json)$',
     ],
     'import/resolver': {
-      node: {
-        paths: ['app/javascript'],
-      },
+      typescript: {},
     },
   },
 
   rules: {
-    'brace-style': 'warn',
-    'comma-dangle': ['error', 'always-multiline'],
-    'comma-spacing': [
-      'warn',
-      {
-        before: false,
-        after: true,
-      },
-    ],
-    'comma-style': ['warn', 'last'],
     'consistent-return': 'error',
     'dot-notation': 'error',
-    eqeqeq: 'error',
-    indent: ['warn', 2],
+    eqeqeq: ['error', 'always', { 'null': 'ignore' }],
     'jsx-quotes': ['error', 'prefer-single'],
     'no-case-declarations': 'off',
     'no-catch-shadow': 'error',
@@ -87,42 +81,43 @@ module.exports = {
       { property: 'substring', message: 'Use .slice instead of .substring.' },
       { property: 'substr', message: 'Use .slice instead of .substr.' },
     ],
+    'no-restricted-syntax': [
+      'error',
+      {
+        // eslint-disable-next-line no-restricted-syntax
+        selector: 'Literal[value=/•/], JSXText[value=/•/]',
+        // eslint-disable-next-line no-restricted-syntax
+        message: "Use '·' (middle dot) instead of '•' (bullet)",
+      },
+    ],
     'no-self-assign': 'off',
-    'no-trailing-spaces': 'warn',
     'no-unused-expressions': 'error',
-    'no-unused-vars': [
+    'no-unused-vars': 'off',
+    '@typescript-eslint/no-unused-vars': [
       'error',
       {
         vars: 'all',
         args: 'after-used',
+        destructuredArrayIgnorePattern: '^_',
         ignoreRestSiblings: true,
       },
     ],
-    'no-useless-escape': 'off',
-    'object-curly-spacing': ['error', 'always'],
-    'padded-blocks': [
-      'error',
-      {
-        classes: 'always',
-      },
-    ],
-    quotes: ['error', 'single'],
-    semi: 'error',
     'valid-typeof': 'error',
 
+    'react/jsx-filename-extension': ['error', { extensions: ['.jsx', 'tsx'] }],
     'react/jsx-boolean-value': 'error',
-    'react/jsx-closing-bracket-location': ['error', 'line-aligned'],
-    'react/jsx-curly-spacing': 'error',
     'react/display-name': 'off',
+    'react/jsx-fragments': ['error', 'syntax'],
     'react/jsx-equals-spacing': 'error',
-    'react/jsx-first-prop-new-line': ['error', 'multiline-multiprop'],
-    'react/jsx-indent': ['error', 2],
     'react/jsx-no-bind': 'error',
+    'react/jsx-no-useless-fragment': 'error',
     'react/jsx-no-target-blank': 'off',
     'react/jsx-tag-spacing': 'error',
+    'react/jsx-uses-react': 'off', // not needed with new JSX transform
     'react/jsx-wrap-multilines': 'error',
     'react/no-deprecated': 'off',
     'react/no-unknown-property': 'off',
+    'react/react-in-jsx-scope': 'off', // not needed with new JSX transform
     'react/self-closing-comp': 'error',
 
     // recommended values found in https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/main/src/index.js
@@ -178,32 +173,212 @@ module.exports = {
       },
     ],
 
+    // See https://github.com/import-js/eslint-plugin-import/blob/main/config/recommended.js
     'import/extensions': [
       'error',
       'always',
       {
         js: 'never',
+        jsx: 'never',
+        mjs: 'never',
+        ts: 'never',
+        tsx: 'never',
       },
     ],
+    'import/first': 'error',
     'import/newline-after-import': 'error',
+    'import/no-anonymous-default-export': 'error',
     'import/no-extraneous-dependencies': [
       'error',
       {
         devDependencies: [
           'config/webpack/**',
+          'app/javascript/mastodon/performance.js',
           'app/javascript/mastodon/test_setup.js',
           'app/javascript/**/__tests__/**',
         ],
       },
     ],
-    'import/no-unresolved': 'error',
+    'import/no-amd': 'error',
+    'import/no-commonjs': 'error',
+    'import/no-import-module-exports': 'error',
+    'import/no-relative-packages': 'error',
+    'import/no-self-import': 'error',
+    'import/no-useless-path-segments': 'error',
     'import/no-webpack-loader-syntax': 'error',
 
+    'import/order': [
+      'error',
+      {
+        alphabetize: { order: 'asc' },
+        'newlines-between': 'always',
+        groups: [
+          'builtin',
+          'external',
+          'internal',
+          'parent',
+          ['index', 'sibling'],
+          'object',
+        ],
+        pathGroups: [
+          // React core packages
+          {
+            pattern: '{react,react-dom,react-dom/client,prop-types}',
+            group: 'builtin',
+            position: 'after',
+          },
+          // I18n
+          {
+            pattern: '{react-intl,intl-messageformat}',
+            group: 'builtin',
+            position: 'after',
+          },
+          // Common React utilities
+          {
+            pattern: '{classnames,react-helmet,react-router-dom}',
+            group: 'external',
+            position: 'before',
+          },
+          // Immutable / Redux / data store
+          {
+            pattern: '{immutable,react-redux,react-immutable-proptypes,react-immutable-pure-component,reselect}',
+            group: 'external',
+            position: 'before',
+          },
+          // Internal packages
+          {
+            pattern: '{mastodon/**}',
+            group: 'internal',
+            position: 'after',
+          },
+        ],
+        pathGroupsExcludedImportTypes: [],
+      },
+    ],
+
+    'promise/always-return': 'off',
     'promise/catch-or-return': [
       'error',
       {
         allowFinally: true,
       },
     ],
+    'promise/no-callback-in-promise': 'off',
+    'promise/no-nesting': 'off',
+    'promise/no-promise-in-callback': 'off',
+
+    'formatjs/blocklist-elements': 'error',
+    'formatjs/enforce-default-message': ['error', 'literal'],
+    'formatjs/enforce-description': 'off', // description values not currently used
+    'formatjs/enforce-id': 'off', // Explicit IDs are used in the project
+    'formatjs/enforce-placeholders': 'off', // Issues in short_number.jsx
+    'formatjs/enforce-plural-rules': 'error',
+    'formatjs/no-camel-case': 'off', // disabledAccount is only non-conforming
+    'formatjs/no-complex-selectors': 'error',
+    'formatjs/no-emoji': 'error',
+    'formatjs/no-id': 'off', // IDs are used for translation keys
+    'formatjs/no-invalid-icu': 'error',
+    'formatjs/no-literal-string-in-jsx': 'off', // Should be looked at, but mainly flagging punctuation outside of strings
+    'formatjs/no-multiple-plurals': 'off', // Only used by hashtag.jsx
+    'formatjs/no-multiple-whitespaces': 'error',
+    'formatjs/no-offset': 'error',
+    'formatjs/no-useless-message': 'error',
+    'formatjs/prefer-formatted-message': 'error',
+    'formatjs/prefer-pound-in-plural': 'error',
+
+    'jsdoc/check-types': 'off',
+    'jsdoc/no-undefined-types': 'off',
+    'jsdoc/require-jsdoc': 'off',
+    'jsdoc/require-param-description': 'off',
+    'jsdoc/require-property-description': 'off',
+    'jsdoc/require-returns-description': 'off',
+    'jsdoc/require-returns': 'off',
   },
+
+  overrides: [
+    {
+      files: [
+        '*.config.js',
+        '.*rc.js',
+        'ide-helper.js',
+        'config/webpack/**/*',
+        'config/formatjs-formatter.js',
+      ],
+
+      env: {
+        commonjs: true,
+      },
+
+      parserOptions: {
+        sourceType: 'script',
+      },
+
+      rules: {
+        'import/no-commonjs': 'off',
+      },
+    },
+    {
+      files: [
+        '**/*.ts',
+        '**/*.tsx',
+      ],
+
+      extends: [
+        'eslint:recommended',
+        'plugin:@typescript-eslint/strict-type-checked',
+        'plugin:@typescript-eslint/stylistic-type-checked',
+        'plugin:react/recommended',
+        'plugin:react-hooks/recommended',
+        'plugin:jsx-a11y/recommended',
+        'plugin:import/recommended',
+        'plugin:import/typescript',
+        'plugin:promise/recommended',
+        'plugin:jsdoc/recommended-typescript',
+        'plugin:prettier/recommended',
+      ],
+
+      parserOptions: {
+        project: true,
+        tsconfigRootDir: __dirname,
+      },
+
+      rules: {
+        'import/consistent-type-specifier-style': ['error', 'prefer-top-level'],
+
+        '@typescript-eslint/consistent-type-definitions': ['warn', 'interface'],
+        '@typescript-eslint/consistent-type-exports': 'error',
+        '@typescript-eslint/consistent-type-imports': 'error',
+        "@typescript-eslint/prefer-nullish-coalescing": ['error', {ignorePrimitives: {boolean: true}}],
+
+        'jsdoc/require-jsdoc': 'off',
+
+        // Those rules set stricter rules for TS files
+        // to enforce better practices when converting from JS
+        'import/no-default-export': 'warn',
+        'react/prefer-stateless-function': 'warn',
+        'react/function-component-definition': ['error', { namedComponents: 'arrow-function' }],
+        'react/jsx-uses-react': 'off', // not needed with new JSX transform
+        'react/react-in-jsx-scope': 'off', // not needed with new JSX transform
+        'react/prop-types': 'off',
+      },
+    },
+    {
+      files: [
+        '**/__tests__/*.js',
+        '**/__tests__/*.jsx',
+      ],
+
+      env: {
+        jest: true,
+      },
+    },
+    {
+      files: [
+        'streaming/**/*',
+      ],
+      rules: {
+        'import/no-commonjs': 'off',
+      },
+    },
+  ],
 };

.gitea/workflows/build.yml

@@ -0,0 +1,29 @@
+---
+name: Build Image for Deployment
+on:
+  push:
+    tags:
+      - '**pvz**'
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container: ghcr.io/catthehacker/ubuntu:act-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+
+      - name: Login to gitea container registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.wir-sind-auch-menschen.de
+          username: alice-bot
+          password: ${{ secrets.GT_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: git.wir-sind-auch-menschen.de/paravielfalt/mastodon:${{ gitea.ref_name }}

.github/FUNDING.yml

@@ -1,3 +0,0 @@
-patreon: mastodon
-open_collective: mastodon
-custom: https://sponsor.joinmastodon.org

.github/ISSUE_TEMPLATE/1.bug_report.yml

@@ -1,56 +0,0 @@
-name: Bug Report
-description: If something isn't working as expected
-labels: [bug]
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Make sure that you are submitting a new bug that was not previously reported or already fixed.
-
-        Please use a concise and distinct title for the issue.
-  - type: textarea
-    attributes:
-      label: Steps to reproduce the problem
-      description: What were you trying to do?
-      value: |
-        1.
-        2.
-        3.
-        ...
-    validations:
-      required: true
-  - type: input
-    attributes:
-      label: Expected behaviour
-      description: What should have happened?
-    validations:
-      required: true
-  - type: input
-    attributes:
-      label: Actual behaviour
-      description: What happened?
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Detailed description
-    validations:
-      required: false
-  - type: textarea
-    attributes:
-      label: Specifications
-      description: |
-        What version or commit hash of Mastodon did you find this bug in?
-
-        If a front-end issue, what browser and operating systems were you using?
-      placeholder: |
-        Mastodon 3.5.3 (or Edge)
-        Ruby 2.7.6 (or v3.1.2)
-        Node.js 16.18.0
-
-        Google Chrome 106.0.5249.119
-        Firefox 105.0.3
-
-        etc...
-    validations:
-      required: true

.github/ISSUE_TEMPLATE/2.feature_request.yml

@@ -1,22 +0,0 @@
-name: Feature Request
-description: I have a suggestion
-labels: [suggestion]
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Please use a concise and distinct title for the issue.
-
-        Consider: Could it be implemented as a 3rd party app using the REST API instead?
-  - type: textarea
-    attributes:
-      label: Pitch
-      description: Describe your idea for a feature. Make sure it has not already been suggested/implemented/turned down before.
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Motivation
-      description: Why do you think this feature is needed? Who would benefit from it?
-    validations:
-      required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: GitHub Discussions
-    url: https://github.com/mastodon/mastodon/discussions
-    about: Please ask and answer questions here.

.github/dependabot.yml

@@ -1,30 +0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
-  - package-ecosystem: npm
-    directory: '/'
-    schedule:
-      interval: weekly
-    open-pull-requests-limit: 99
-    allow:
-      - dependency-type: direct
-
-  - package-ecosystem: bundler
-    directory: '/'
-    schedule:
-      interval: weekly
-    open-pull-requests-limit: 99
-    allow:
-      - dependency-type: direct
-
-  - package-ecosystem: github-actions
-    directory: '/'
-    schedule:
-      interval: weekly
-    open-pull-requests-limit: 99
-    allow:
-      - dependency-type: direct

.github/stale.yml

@@ -1,10 +0,0 @@
-daysUntilStale: 120
-daysUntilClose: 7
-exemptLabels:
-  - security
-staleLabel: wontfix
-markComment: >
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no further activity occurs. Thank you
-  for your contributions.
-only: pulls

.github/stylelint-matcher.json

@@ -1,21 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "stylelint",
-      "pattern": [
-        {
-          "regexp": "^([^\\s].*)$",
-          "file": 1
-        },
-        {
-          "regexp": "^\\s+((\\d+):(\\d+))?\\s+(✖|×)\\s+(.*)\\s{2,}(.*)$",
-          "line": 2,
-          "column": 3,
-          "message": 5,
-          "code": 6,
-          "loop": true
-        }
-      ]
-    }
-  ]
-}

.github/workflows/build-image.yml

@@ -1,54 +0,0 @@
-name: Build container image
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'main'
-    tags:
-      - '*'
-  pull_request:
-    paths:
-      - .github/workflows/build-image.yml
-      - Dockerfile
-permissions:
-  contents: read
-
-jobs:
-  build-image:
-    runs-on: ubuntu-latest
-
-    concurrency:
-      group: ${{ github.ref }}
-      cancel-in-progress: true
-
-    steps:
-      - uses: actions/checkout@v3
-      - uses: hadolint/hadolint-action@v3.1.0
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-        if: github.event_name != 'pull_request'
-      - uses: docker/metadata-action@v4
-        id: meta
-        with:
-          images: tootsuite/mastodon
-          flavor: |
-            latest=auto
-          tags: |
-            type=edge,branch=main
-            type=pep440,pattern={{raw}}
-            type=pep440,pattern=v{{major}}.{{minor}}
-            type=ref,event=pr
-      - uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          provenance: false
-          builder: ${{ steps.buildx.outputs.name }}
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max

.github/workflows/check-i18n.yml

@@ -1,37 +0,0 @@
-name: Check i18n
-
-on:
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
-
-env:
-  RAILS_ENV: test
-
-permissions:
-  contents: read
-
-jobs:
-  check-i18n:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install system dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y libicu-dev libidn11-dev
-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: .ruby-version
-          bundler-cache: true
-      - name: Check locale file normalization
-        run: bundle exec i18n-tasks check-normalized
-      - name: Check for unused strings
-        run: bundle exec i18n-tasks unused
-      - name: Check for wrong string interpolations
-        run: bundle exec i18n-tasks check-consistent-interpolations
-      - name: Check that all required locale files exist
-        run: bundle exec rake repo:check_locales_files

.github/workflows/codeql.yml

@@ -1,62 +0,0 @@
-name: 'CodeQL'
-
-on:
-  push:
-    branches: ['main']
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: ['main']
-  schedule:
-    - cron: '22 6 * * 1'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: ['javascript', 'ruby']
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
-        with:
-          languages: ${{ matrix.language }}
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
-
-          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-          # queries: security-extended,security-and-quality
-
-      # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below)
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
-
-      # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-      #   If the Autobuild fails above, remove it and uncomment the following three lines.
-      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-      # - run: |
-      #   echo "Run, Build Application using script"
-      #   ./location_of_script_within_repo/buildscript.sh
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
-        with:
-          category: '/language:${{matrix.language}}'

.github/workflows/lint-css.yml

@@ -1,48 +0,0 @@
-name: CSS Linting
-on:
-  push:
-    branches-ignore:
-      - 'dependabot/**'
-    paths:
-      - 'package.json'
-      - 'yarn.lock'
-      - '.prettier*'
-      - 'stylelint.config.js'
-      - '**/*.css'
-      - '**/*.scss'
-      - '.github/workflows/lint-css.yml'
-      - '.github/stylelint-matcher.json'
-
-  pull_request:
-    paths:
-      - 'package.json'
-      - 'yarn.lock'
-      - '.prettier*'
-      - 'stylelint.config.js'
-      - '**/*.css'
-      - '**/*.scss'
-      - '.github/workflows/lint-css.yml'
-      - '.github/stylelint-matcher.json'
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Clone repository
-        uses: actions/checkout@v3
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v3
-        with:
-          cache: yarn
-
-      - name: Install all yarn packages
-        run: yarn --frozen-lockfile
-
-      - uses: xt0rted/stylelint-problem-matcher@v1
-
-      - run: echo "::add-matcher::.github/stylelint-matcher.json"
-
-      - name: Stylelint
-        run: yarn test:lint:sass

.github/workflows/lint-js.yml

@@ -1,40 +0,0 @@
-name: JavaScript Linting
-on:
-  push:
-    branches-ignore:
-      - 'dependabot/**'
-    paths:
-      - 'package.json'
-      - 'yarn.lock'
-      - '.prettier*'
-      - '.eslint*'
-      - '**/*.js'
-      - '.github/workflows/lint-js.yml'
-
-  pull_request:
-    paths:
-      - 'package.json'
-      - 'yarn.lock'
-      - '.prettier*'
-      - '.eslint*'
-      - '**/*.js'
-      - '.github/workflows/lint-js.yml'
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Clone repository
-        uses: actions/checkout@v3
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v3
-        with:
-          cache: yarn
-
-      - name: Install all yarn packages
-        run: yarn --frozen-lockfile
-
-      - name: ESLint
-        run: yarn test:lint:js

.github/workflows/lint-json.yml

@@ -1,40 +0,0 @@
-name: JSON Linting
-on:
-  push:
-    branches-ignore:
-      - 'dependabot/**'
-    paths:
-      - 'package.json'
-      - 'yarn.lock'
-      - '.prettier*'
-      - '**/*.json'
-      - '.github/workflows/lint-json.yml'
-      - '!app/javascript/mastodon/locales/*.json'
-
-  pull_request:
-    paths:
-      - 'package.json'
-      - 'yarn.lock'
-      - '.prettier*'
-      - '**/*.json'
-      - '.github/workflows/lint-json.yml'
-      - '!app/javascript/mastodon/locales/*.json'
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Clone repository
-        uses: actions/checkout@v3
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v3
-        with:
-          cache: yarn
-
-      - name: Install all yarn packages
-        run: yarn --frozen-lockfile
-
-      - name: Prettier
-        run: yarn prettier --check "**/*.json"

.github/workflows/lint-ruby.yml

@@ -1,41 +0,0 @@
-name: Ruby Linting
-on:
-  push:
-    branches-ignore:
-      - 'dependabot/**'
-    paths:
-      - 'Gemfile*'
-      - '.rubocop.yml'
-      - '**/*.rb'
-      - '**/*.rake'
-      - '.github/workflows/lint-ruby.yml'
-
-  pull_request:
-    paths:
-      - 'Gemfile*'
-      - '.rubocop.yml'
-      - '**/*.rb'
-      - '**/*.rake'
-      - '.github/workflows/lint-ruby.yml'
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Set-up RuboCop Problem Mathcher
-        uses: r7kamura/rubocop-problem-matchers-action@v1
-
-      - name: Run rubocop
-        uses: github/super-linter@v4
-        env:
-          DEFAULT_BRANCH: main
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          LINTER_RULES_PATH: .
-          RUBY_CONFIG_FILE: .rubocop.yml
-          VALIDATE_ALL_CODEBASE: false
-          VALIDATE_RUBY: true

.github/workflows/lint-yml.yml

@@ -1,42 +0,0 @@
-name: YML Linting
-on:
-  push:
-    branches-ignore:
-      - 'dependabot/**'
-    paths:
-      - 'package.json'
-      - 'yarn.lock'
-      - '.prettier*'
-      - '**/*.yaml'
-      - '**/*.yml'
-      - '.github/workflows/lint-yml.yml'
-      - '!config/locales/*.yml'
-
-  pull_request:
-    paths:
-      - 'package.json'
-      - 'yarn.lock'
-      - '.prettier*'
-      - '**/*.yaml'
-      - '**/*.yml'
-      - '.github/workflows/lint-yml.yml'
-      - '!config/locales/*.yml'
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Clone repository
-        uses: actions/checkout@v3
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v3
-        with:
-          cache: yarn
-
-      - name: Install all yarn packages
-        run: yarn --frozen-lockfile
-
-      - name: Prettier
-        run: yarn prettier --check "**/*.{yml,yaml}"

.github/workflows/rebase-needed.yml

@@ -1,17 +0,0 @@
-name: PR Needs Rebase
-
-on:
-  push:
-  pull_request_target:
-    types: [synchronize]
-
-jobs:
-  label-rebase-needed:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check for merge conflicts
-        uses: eps1lon/actions-label-merge-conflict@releases/2.x
-        with:
-          dirtyLabel: 'rebase needed :construction:'
-          repoToken: '${{ secrets.GITHUB_TOKEN }}'
-          commentOnDirty: This pull request has merge conflicts that must be resolved before it can be merged.

.haml-lint.yml

@@ -1,108 +1,14 @@
-# Whether to ignore frontmatter at the beginning of HAML documents for
-# frameworks such as Jekyll/Middleman
-skip_frontmatter: false
+inherits_from: .haml-lint_todo.yml
 
 exclude:
   - 'vendor/**/*'
-  - 'spec/**/*'
-  - 'lib/templates/**/*'
-  - 'app/views/kaminari/**/*'
+  - lib/templates/haml/scaffold/_form.html.haml
+
+require:
+  - ./lib/linter/haml_middle_dot.rb
 
 linters:
   AltText:
-    enabled: false
-
-  ClassAttributeWithStaticValue:
     enabled: true
-
-  ClassesBeforeIds:
-    enabled: true
-
-  ConsecutiveComments:
-    enabled: true
-
-  ConsecutiveSilentScripts:
-    enabled: true
-    max_consecutive: 2
-
-  EmptyObjectReference:
-    enabled: true
-
-  EmptyScript:
-    enabled: true
-
-  FinalNewline:
-    enabled: true
-    present: true
-
-  HtmlAttributes:
-    enabled: true
-
-  ImplicitDiv:
-    enabled: true
-
-  LeadingCommentSpace:
-    enabled: true
-
-  LineLength:
-    enabled: false
-    max: 80
-
-  MultilinePipe:
-    enabled: true
-
-  MultilineScript:
-    enabled: true
-
-  ObjectReferenceAttributes:
-    enabled: true
-
-  RuboCop:
-    enabled: true
-    # These cops are incredibly noisy when it comes to HAML templates, so we
-    # ignore them.
-    ignored_cops:
-      - Lint/BlockAlignment
-      - Lint/EndAlignment
-      - Lint/Void
-      - Metrics/BlockLength
-      - Metrics/LineLength
-      - Style/AlignParameters
-      - Style/BlockNesting
-      - Style/ElseAlignment
-      - Style/EndOfLine
-      - Style/FileName
-      - Style/FinalNewline
-      - Style/FrozenStringLiteralComment
-      - Style/IfUnlessModifier
-      - Style/IndentationWidth
-      - Style/Next
-      - Style/TrailingBlankLines
-      - Style/TrailingWhitespace
-      - Style/WhileUntilModifier
-
-  RubyComments:
-    enabled: true
-
-  SpaceBeforeScript:
-    enabled: true
-
-  SpaceInsideHashAttributes:
-    enabled: true
-    style: space
-
-  Indentation:
-    enabled: true
-    character: space # or tab
-
-  TagName:
-    enabled: true
-
-  TrailingWhitespace:
-    enabled: true
-
-  UnnecessaryInterpolation:
-    enabled: true
-
-  UnnecessaryStringOutput:
+  MiddleDot:
     enabled: true

.haml-lint_todo.yml

@@ -0,0 +1,47 @@
+# This configuration was generated by
+# `haml-lint --auto-gen-config`
+# on 2023-07-20 09:47:50 -0400 using Haml-Lint version 0.48.0.
+# The point is for the user to remove these configuration records
+# one by one as the lints are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of Haml-Lint, may require this file to be generated again.
+
+linters:
+  # Offense count: 951
+  LineLength:
+    enabled: false
+
+  # Offense count: 22
+  UnnecessaryStringOutput:
+    enabled: false
+
+  # Offense count: 57
+  RuboCop:
+    enabled: false
+
+  # Offense count: 3
+  ViewLength:
+    exclude:
+      - 'app/views/admin/accounts/show.html.haml'
+      - 'app/views/admin/reports/show.html.haml'
+      - 'app/views/disputes/strikes/show.html.haml'
+
+  # Offense count: 32
+  InstanceVariables:
+    exclude:
+      - 'app/views/admin/reports/_actions.html.haml'
+      - 'app/views/admin/roles/_form.html.haml'
+      - 'app/views/admin/webhooks/_form.html.haml'
+      - 'app/views/auth/registrations/_status.html.haml'
+      - 'app/views/auth/sessions/two_factor/_otp_authentication_form.html.haml'
+      - 'app/views/authorize_interactions/_post_follow_actions.html.haml'
+      - 'app/views/invites/_form.html.haml'
+      - 'app/views/relationships/_account.html.haml'
+      - 'app/views/shared/_og.html.haml'
+
+  # Offense count: 3
+  IdNames:
+    exclude:
+      - 'app/views/authorize_interactions/error.html.haml'
+      - 'app/views/oauth/authorizations/error.html.haml'
+      - 'app/views/shared/_error_messages.html.haml'

.husky/pre-commit

@@ -0,0 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+yarn lint-staged

.nvmrc

@@ -1 +1 @@
-16
+20.7

.prettierignore

@@ -51,15 +51,8 @@
 *~
 *.swp
 
-# Ignore npm debug log
-npm-debug.log
-
-# Ignore yarn log files
-yarn-error.log
-yarn-debug.log
-
-# Ignore vagrant log files
-*-cloudimg-console.log
+# Ignore log files
+*.log
 
 # Ignore Docker option files
 docker-compose.override.yml
@@ -68,5 +61,18 @@ docker-compose.override.yml
 /app/javascript/mastodon/features/emoji/emoji_map.json
 
 # Ignore locale files
-/app/javascript/mastodon/locales
+/app/javascript/mastodon/locales/*.json
 /config/locales
+
+# Ignore vendored CSS reset
+app/javascript/styles/mastodon/reset.scss
+
+# Ignore Javascript pending https://github.com/mastodon/mastodon/pull/23631
+*.js
+*.jsx
+
+# Ignore HTML till cleaned and included in CI
+*.html
+
+# Ignore the generated AUTHORS.md
+AUTHORS.md

.prettierrc.js

@@ -1,3 +1,4 @@
 module.exports = {
-  singleQuote: true
+  singleQuote: true,
+  jsxSingleQuote: true
 }

.profile

@@ -1 +1 @@
-LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/app/.apt/lib/x86_64-linux-gnu:/app/.apt/usr/lib/x86_64-linux-gnu/mesa:/app/.apt/usr/lib/x86_64-linux-gnu/pulseaudio
+LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/app/.apt/lib/x86_64-linux-gnu:/app/.apt/usr/lib/x86_64-linux-gnu/mesa:/app/.apt/usr/lib/x86_64-linux-gnu/pulseaudio:/app/.apt/usr/lib/x86_64-linux-gnu/openblas-pthread

.rubocop.yml

@@ -1,479 +1,202 @@
+# Can be removed once all rules are addressed or moved to this file as documented overrides
+inherit_from: .rubocop_todo.yml
+
+# Used for merging with exclude lists with .rubocop_todo.yml
+inherit_mode:
+  merge:
+    - Exclude
+
 require:
   - rubocop-rails
   - rubocop-rspec
   - rubocop-performance
+  - rubocop-capybara
+  - ./lib/linter/rubocop_middle_dot
 
 AllCops:
-  TargetRubyVersion: 2.7
+  TargetRubyVersion: 3.0 # Set to minimum supported version of CI
   DisplayCopNames: true
   DisplayStyleGuide: true
   ExtraDetails: true
   UseCache: true
   CacheRootDirectory: tmp
-  NewCops: enable
+  NewCops: enable # Opt-in to newly added rules
   Exclude:
     - db/schema.rb
-    - 'app/views/**/*'
-    - 'config/**/*'
     - 'bin/*'
-    - 'Rakefile'
     - 'node_modules/**/*'
     - 'Vagrantfile'
     - 'vendor/**/*'
-    - 'lib/json_ld/*'
+    - 'lib/json_ld/*' # Generated files
     - 'lib/templates/**/*'
 
-Bundler/OrderedGems:
-  Enabled: false
-
-Layout/AccessModifierIndentation:
-  EnforcedStyle: indent
-
-Layout/EmptyLineAfterMagicComment:
-  Enabled: false
-
-Layout/EmptyLineAfterGuardClause:
-  Enabled: false
-
-Layout/EmptyLineBetweenDefs:
-  AllowAdjacentOneLineDefs: true
-
-Layout/EmptyLinesAroundAttributeAccessor:
-  Enabled: true
-
+# Reason: Prefer Hashes without extreme indentation
+# https://docs.rubocop.org/rubocop/cops_layout.html#layoutfirsthashelementindentation
 Layout/FirstHashElementIndentation:
   EnforcedStyle: consistent
 
-Layout/HashAlignment:
-  Enabled: false
-
-Layout/SpaceAroundMethodCallOperator:
-  Enabled: true
-
-Layout/SpaceInsideHashLiteralBraces:
-  EnforcedStyle: space
-
-Lint/DeprecatedOpenSSLConstant:
-  Enabled: true
-
-Lint/DuplicateElsifCondition:
-  Enabled: true
-
-Lint/MixedRegexpCaptureTypes:
-  Enabled: true
-
-Lint/RaiseException:
-  Enabled: true
-
-Lint/StructNewOverride:
-  Enabled: true
+# Reason: Currently disabled in .rubocop_todo.yml
+# https://docs.rubocop.org/rubocop/cops_layout.html#layoutlinelength
+Layout/LineLength:
+  Max: 320 # Default of 120 causes a duplicate entry in generated todo file
 
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_lint.html#lintuselessaccessmodifier
 Lint/UselessAccessModifier:
   ContextCreatingMethods:
     - class_methods
 
-Metrics/AbcSize:
-  Max: 34 # RuboCop default 17
-  Exclude:
-    - 'lib/**/*cli*.rb'
-    - db/*migrate/**/*
-    - lib/paperclip/color_extractor.rb
-    - app/workers/scheduler/follow_recommendations_scheduler.rb
-    - app/services/activitypub/fetch*_service.rb
-    - lib/paperclip/**/*
-  CountRepeatedAttributes: false
-  AllowedMethods:
-    - update_media_attachments!
-    - account_link_to
-    - attempt_oembed
-    - build_crutches
-    - calculate_scores
-    - cc
-    - dump_actor!
-    - filter_from_home?
-    - hydrate
-    - import_bookmarks!
-    - import_relationships!
-    - initialize
-    - link_to_mention
-    - log_target
-    - matches_time_window?
-    - parse_metadata
-    - perform_statuses_search!
-    - privatize_media_attachments!
-    - process_update
-    - publish_media_attachments!
-    - remotable_attachment
-    - render_initial_state
-    - render_with_cache
-    - searchable_by
-    - self.cached_filters_for
-    - set_fetchable_attributes!
-    - signed_request_actor
-    - statuses_to_delete
-    - update_poll!
+## Disable most Metrics/*Length cops
+# Reason: those are often triggered and force significant refactors when this happend
+#         but the team feel they are not really improving the code quality.
 
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsblocklength
 Metrics/BlockLength:
-  Max: 55
-  Exclude:
-    - 'lib/mastodon/*_cli.rb'
-  CountComments: false
-  CountAsOne: [array, heredoc]
-  AllowedMethods:
-    - task
-    - namespace
-    - class_methods
-    - included
-
-Metrics/BlockNesting:
-  Max: 3
-  Exclude:
-    - 'lib/mastodon/*_cli.rb'
+  Enabled: false
 
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsclasslength
 Metrics/ClassLength:
-  CountComments: false
-  Max: 500
-  CountAsOne: [array, heredoc]
-  Exclude:
-    - 'lib/mastodon/*_cli.rb'
-
-Metrics/CyclomaticComplexity:
-  Max: 12
-  Exclude:
-    - lib/mastodon/*cli*.rb
-    - db/*migrate/**/*
-  AllowedMethods:
-    - attempt_oembed
-    - blocked?
-    - build_crutches
-    - calculate_scores
-    - cc
-    - discover_endpoint!
-    - filter_from_home?
-    - hydrate
-    - klass
-    - link_to_mention
-    - log_target
-    - matches_time_window?
-    - patch_for_forwarding!
-    - preprocess_attributes!
-    - process_update
-    - remotable_attachment
-    - scan_text!
-    - self.cached_filters_for
-    - set_fetchable_attributes!
-    - setup_redis_env_url
-    - update_media_attachments!
-
-Layout/LineLength:
-  Max: 140 # RuboCop default 120
-  AllowHeredoc: true
-  AllowURI: true
-  IgnoreCopDirectives: true
-  AllowedPatterns:
-    # Allow comments to be long lines
-    - !ruby/regexp / \# .*$/
-    - !ruby/regexp /^\# .*$/
-  Exclude:
-    - lib/**/*cli*.rb
-    - db/*migrate/**/*
-    - db/seeds/**/*
+  Enabled: false
 
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsmethodlength
 Metrics/MethodLength:
-  CountComments: false
-  CountAsOne: [array, heredoc]
-  Max: 25 # RuboCop default 10
-  Exclude:
-    - 'lib/mastodon/*_cli.rb'
-  AllowedMethods:
-    - account_link_to
-    - attempt_oembed
-    - body_with_limit
-    - build_crutches
-    - cached_filters_for
-    - calculate_scores
-    - check_webfinger!
-    - clean_feeds!
-    - collection_items
-    - collection_presenter
-    - copy_account_notes!
-    - deduplicate_accounts!
-    - deduplicate_conversations!
-    - deduplicate_local_accounts!
-    - deduplicate_statuses!
-    - deduplicate_tags!
-    - deduplicate_users!
-    - discover_endpoint!
-    - extract_extra_uris_with_indices
-    - extract_hashtags_with_indices
-    - extract_mentions_or_lists_with_indices
-    - filter_from_home?
-    - from_elasticsearch
-    - handle_explicit_update!
-    - handle_mark_as_sensitive!
-    - hsl_to_rgb
-    - import_bookmarks!
-    - import_domain_blocks!
-    - import_relationships!
-    - ldap_options
-    - matches_time_window?
-    - outbox_presenter
-    - pam_get_user
-    - parallelize_with_progress
-    - parse_and_transform
-    - patch_for_forwarding!
-    - populate_home
-    - post_process_style
-    - preload_cache_collection_target_statuses
-    - privatize_media_attachments!
-    - provides_callback_for
-    - publish_media_attachments!
-    - relevant_account_timestamp
-    - remotable_attachment
-    - rgb_to_hsl
-    - rss_status_content_format
-    - set_fetchable_attributes!
-    - setup_redis_env_url
-    - signed_request_actor
-    - to_preview_card_attributes
-    - upgrade_storage_filesystem
-    - upgrade_storage_s3
-    - user_settings_params
-    - hydrate
-    - cc
-    - self_destruct
+  Enabled: false
 
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsmodulelength
 Metrics/ModuleLength:
-  CountComments: false
-  Max: 200
-  CountAsOne: [array, heredoc]
+  Enabled: false
 
+## End Disable Metrics/*Length cops
+
+# Reason: Currently disabled in .rubocop_todo.yml
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsabcsize
+Metrics/AbcSize:
+  Exclude:
+    - 'lib/mastodon/cli/*.rb'
+    - db/*migrate/**/*
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsblocknesting
+Metrics/BlockNesting:
+  Exclude:
+    - 'lib/mastodon/cli/*.rb'
+
+# Reason: Currently disabled in .rubocop_todo.yml
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricscyclomaticcomplexity
+Metrics/CyclomaticComplexity:
+  Exclude:
+    - lib/mastodon/cli/*.rb
+    - db/*migrate/**/*
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsparameterlists
 Metrics/ParameterLists:
-  Max: 5 # RuboCop default 5
-  CountKeywordArgs: true # RuboCop default true
-  MaxOptionalParameters: 3 # RuboCop default 3
-  Exclude:
-    - app/models/concerns/account_interactions.rb
-    - app/services/activitypub/fetch_remote_account_service.rb
-    - app/services/activitypub/fetch_remote_actor_service.rb
+  CountKeywordArgs: false
 
-Metrics/PerceivedComplexity:
-  Max: 16 # RuboCop default 8
-  AllowedMethods:
-    - attempt_oembed
-    - build_crutches
-    - calculate_scores
-    - deduplicate_users!
-    - discover_endpoint!
-    - filter_from_home?
-    - hydrate
-    - patch_for_forwarding!
-    - process_update
-    - remove_orphans
-    - update_media_attachments!
+# Reason: Prevailing style is argument file paths
+# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsfilepath
+Rails/FilePath:
+  EnforcedStyle: arguments
 
-Naming/MemoizedInstanceVariableName:
-  Enabled: false
-
-Naming/MethodParameterName:
-  Enabled: true
-
-Rails:
-  Enabled: true
-
-Rails/ApplicationController:
-  Enabled: false
-  Exclude:
-    - 'app/controllers/well_known/**/*.rb'
-
-Rails/BelongsTo:
-  Enabled: false
-
-Rails/ContentTag:
-  Enabled: false
-
-Rails/EnumHash:
-  Enabled: false
+# Reason: Prevailing style uses numeric status codes, matches RSpec/Rails/HttpStatus
+# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railshttpstatus
+Rails/HttpStatus:
+  EnforcedStyle: numeric
 
+# Reason: Allowed in `tootctl` CLI code and in boot ENV checker
+# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsexit
 Rails/Exit:
   Exclude:
-    - 'lib/mastodon/*'
-    - 'lib/cli.rb'
+    - 'config/boot.rb'
+    - 'lib/mastodon/cli/*.rb'
 
-Rails/FilePath:
-  Enabled: false
+# Reason: Some single letter camel case files shouldn't be split
+# https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecfilepath
+RSpec/FilePath:
+  CustomTransform:
+    ActivityPub: activitypub # Ignore the snake_case due to the amount of files to rename
+    DeepL: deepl
+    FetchOEmbedService: fetch_oembed_service
+    JsonLdHelper: jsonld_helper
+    OEmbedController: oembed_controller
+    OStatus: ostatus
+    NodeInfoController: nodeinfo_controller # NodeInfo isn't snake_cased for any of the instances
+  Exclude:
+    - 'spec/config/initializers/rack_attack_spec.rb' # namespaces usually have separate folder
+    - 'spec/lib/sanitize_config_spec.rb' # namespaces usually have separate folder
 
-Rails/HasAndBelongsToMany:
-  Enabled: false
+# Reason:
+# https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecnamedsubject
+RSpec/NamedSubject:
+  EnforcedStyle: named_only
 
-Rails/HasManyOrHasOneDependent:
-  Enabled: false
+# Reason: Prevailing style choice
+# https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecnottonot
+RSpec/NotToNot:
+  EnforcedStyle: to_not
 
-Rails/HelperInstanceVariable:
-  Enabled: false
-
-Rails/HttpStatus:
-  Enabled: false
-
-Rails/IndexBy:
-  Enabled: false
-
-Rails/InverseOf:
-  Enabled: false
-
-Rails/LexicallyScopedActionFilter:
-  Enabled: false
-
-Rails/OutputSafety:
-  Enabled: true
-
-Rails/RakeEnvironment:
-  Enabled: false
-
-Rails/RedundantForeignKey:
-  Enabled: false
-
-Rails/SkipsModelValidations:
-  Enabled: false
-
-Rails/UniqueValidationWithoutIndex:
-  Enabled: false
-
-Style/AccessorGrouping:
-  Enabled: true
-
-Style/AccessModifierDeclarations:
-  Enabled: false
-
-Style/ArrayCoercion:
-  Enabled: true
-
-Style/BisectedAttrAccessor:
-  Enabled: true
-
-Style/CaseLikeIf:
-  Enabled: false
+# Reason: Prevailing style uses numeric status codes, matches Rails/HttpStatus
+# https://docs.rubocop.org/rubocop-rspec/cops_rspec_rails.html#rspecrailshttpstatus
+RSpec/Rails/HttpStatus:
+  EnforcedStyle: numeric
 
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#styleclassandmodulechildren
 Style/ClassAndModuleChildren:
   Enabled: false
 
-Style/CollectionMethods:
-  Enabled: true
-  PreferredMethods:
-    find_all: 'select'
-
+# Reason: Classes mostly self-document with their names
+# https://docs.rubocop.org/rubocop/cops_style.html#styledocumentation
 Style/Documentation:
   Enabled: false
 
-Style/DoubleNegation:
-  Enabled: true
-
-Style/ExpandPathArguments:
-  Enabled: false
-
-Style/ExponentialNotation:
-  Enabled: true
-
-Style/FormatString:
-  Enabled: false
-
-Style/FormatStringToken:
-  Enabled: false
-
-Style/FrozenStringLiteralComment:
-  Enabled: true
-
-Style/GuardClause:
-  Enabled: false
-
-Style/HashAsLastArrayItem:
-  Enabled: false
-
-Style/HashEachMethods:
-  Enabled: true
-
-Style/HashLikeCase:
-  Enabled: true
-
-Style/HashTransformKeys:
-  Enabled: true
-
-Style/HashTransformValues:
-  Enabled: false
-
+# Reason: Enforce modern Ruby style
+# https://docs.rubocop.org/rubocop/cops_style.html#stylehashsyntax
 Style/HashSyntax:
-  Enabled: true
   EnforcedStyle: ruby19_no_mixed_keys
 
-Style/IfUnlessModifier:
-  Enabled: false
-
-Style/InverseMethods:
-  Enabled: false
-
-Style/Lambda:
-  Enabled: false
-
-Style/MutableConstant:
-  Enabled: false
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#stylenumericliterals
+Style/NumericLiterals:
+  AllowedPatterns:
+    - \d{4}_\d{2}_\d{2}_\d{6} # For DB migration date version number readability
 
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#stylepercentliteraldelimiters
 Style/PercentLiteralDelimiters:
   PreferredDelimiters:
     '%i': '()'
     '%w': '()'
 
-Style/PerlBackrefs:
-  AutoCorrect: false
-
-Style/RedundantFetchBlock:
-  Enabled: true
-
-Style/RedundantFileExtensionInRequire:
-  Enabled: true
-
-Style/RedundantRegexpCharacterClass:
-  Enabled: false
-
-Style/RedundantRegexpEscape:
-  Enabled: false
-
-Style/RedundantReturn:
-  Enabled: true
-
+# Reason: Prefer less indentation in conditional assignments
+# https://docs.rubocop.org/rubocop/cops_style.html#styleredundantbegin
 Style/RedundantBegin:
   Enabled: false
 
-Style/RegexpLiteral:
-  Enabled: false
-
+# Reason: Overridden to reduce implicit StandardError rescues
+# https://docs.rubocop.org/rubocop/cops_style.html#stylerescuestandarderror
 Style/RescueStandardError:
-  Enabled: true
+  EnforcedStyle: implicit
 
-Style/SignalException:
-  Enabled: false
-
-Style/SlicingWithRange:
-  Enabled: true
+# Reason: Simplify some spec layouts
+# https://docs.rubocop.org/rubocop/cops_style.html#stylesemicolon
+Style/Semicolon:
+  AllowAsExpressionSeparator: true
 
+# Reason: Originally disabled for CodeClimate, and no config consensus has been found
+# https://docs.rubocop.org/rubocop/cops_style.html#stylesymbolarray
 Style/SymbolArray:
   Enabled: false
 
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#styletrailingcommainarrayliteral
 Style/TrailingCommaInArrayLiteral:
   EnforcedStyleForMultiline: 'comma'
 
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#styletrailingcommainhashliteral
 Style/TrailingCommaInHashLiteral:
   EnforcedStyleForMultiline: 'comma'
 
-Style/UnpackFirst:
-  Enabled: false
-
-RSpec/ScatteredSetup:
-  Enabled: false
-RSpec/ImplicitExpect:
-  Enabled: false
-RSpec/NamedSubject:
-  Enabled: false
-RSpec/DescribeClass:
-  Enabled: false
-RSpec/LetSetup:
-  Enabled: false
+Style/MiddleDot:
+  Enabled: true

.rubocop_todo.yml

@@ -0,0 +1,842 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config --auto-gen-only-exclude --no-exclude-limit --no-offense-counts --no-auto-gen-timestamp`
+# using RuboCop version 1.56.1.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation, Include.
+# Include: **/*.gemfile, **/Gemfile, **/gems.rb
+Bundler/OrderedGems:
+  Exclude:
+    - 'Gemfile'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, IndentationWidth.
+# SupportedStyles: with_first_argument, with_fixed_indentation
+Layout/ArgumentAlignment:
+  Exclude:
+    - 'config/initializers/cors.rb'
+    - 'config/initializers/session_store.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowMultipleStyles, EnforcedHashRocketStyle, EnforcedColonStyle, EnforcedLastArgumentHashStyle.
+# SupportedHashRocketStyles: key, separator, table
+# SupportedColonStyles: key, separator, table
+# SupportedLastArgumentHashStyles: always_inspect, always_ignore, ignore_implicit, ignore_explicit
+Layout/HashAlignment:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/rack_attack.rb'
+    - 'config/routes.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowDoxygenCommentStyle, AllowGemfileRubyComment.
+Layout/LeadingCommentSpace:
+  Exclude:
+    - 'config/application.rb'
+    - 'config/initializers/3_omniauth.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
+# URISchemes: http, https
+Layout/LineLength:
+  Exclude:
+    - 'app/models/account.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: require_no_space, require_space
+Layout/SpaceInLambdaLiteral:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/content_security_policy.rb'
+
+# Configuration parameters: AllowComments, AllowEmptyLambdas.
+Lint/EmptyBlock:
+  Exclude:
+    - 'spec/controllers/api/v2/search_controller_spec.rb'
+    - 'spec/fabricators/access_token_fabricator.rb'
+    - 'spec/fabricators/conversation_fabricator.rb'
+    - 'spec/fabricators/system_key_fabricator.rb'
+    - 'spec/lib/activitypub/adapter_spec.rb'
+    - 'spec/models/user_role_spec.rb'
+
+Lint/NonLocalExitFromIterator:
+  Exclude:
+    - 'app/helpers/jsonld_helper.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Lint/OrAssignmentToConstant:
+  Exclude:
+    - 'lib/sanitize_ext/sanitize_config.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments.
+Lint/UnusedBlockArgument:
+  Exclude:
+    - 'config/initializers/content_security_policy.rb'
+    - 'config/initializers/doorkeeper.rb'
+    - 'config/initializers/paperclip.rb'
+    - 'config/initializers/simple_form.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Lint/UselessAssignment:
+  Exclude:
+    - 'app/services/activitypub/process_status_update_service.rb'
+    - 'config/initializers/3_omniauth.rb'
+    - 'db/migrate/20190511134027_add_silenced_at_suspended_at_to_accounts.rb'
+    - 'db/post_migrate/20190511152737_remove_suspended_silenced_account_fields.rb'
+    - 'spec/controllers/api/v1/favourites_controller_spec.rb'
+    - 'spec/controllers/concerns/account_controller_concern_spec.rb'
+    - 'spec/helpers/jsonld_helper_spec.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/domain_block_spec.rb'
+    - 'spec/models/status_spec.rb'
+    - 'spec/models/user_spec.rb'
+    - 'spec/models/webauthn_credentials_spec.rb'
+    - 'spec/services/account_search_service_spec.rb'
+    - 'spec/services/post_status_service_spec.rb'
+    - 'spec/services/precompute_feed_service_spec.rb'
+    - 'spec/services/resolve_url_service_spec.rb'
+    - 'spec/views/statuses/show.html.haml_spec.rb'
+
+# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
+Metrics/AbcSize:
+  Max: 144
+
+# Configuration parameters: CountBlocks, Max.
+Metrics/BlockNesting:
+  Exclude:
+    - 'lib/tasks/mastodon.rake'
+
+# Configuration parameters: AllowedMethods, AllowedPatterns.
+Metrics/CyclomaticComplexity:
+  Max: 25
+
+# Configuration parameters: AllowedMethods, AllowedPatterns.
+Metrics/PerceivedComplexity:
+  Max: 27
+
+# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers, AllowedPatterns.
+# SupportedStyles: snake_case, normalcase, non_integer
+# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339, x86_64
+Naming/VariableNumber:
+  Exclude:
+    - 'db/migrate/20180106000232_add_index_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
+    - 'db/migrate/20180514140000_revert_index_change_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
+    - 'db/migrate/20190820003045_update_statuses_index.rb'
+    - 'db/migrate/20190823221802_add_local_index_to_statuses.rb'
+    - 'db/migrate/20200119112504_add_public_index_to_statuses.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/domain_block_spec.rb'
+    - 'spec/models/user_spec.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: SafeMultiline.
+Performance/DeletePrefix:
+  Exclude:
+    - 'app/models/featured_tag.rb'
+
+Performance/MapMethodChain:
+  Exclude:
+    - 'app/models/feed.rb'
+    - 'lib/mastodon/cli/maintenance.rb'
+    - 'spec/services/bulk_import_service_spec.rb'
+    - 'spec/services/import_service_spec.rb'
+
+RSpec/AnyInstance:
+  Exclude:
+    - 'spec/controllers/activitypub/inboxes_controller_spec.rb'
+    - 'spec/controllers/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/admin/resets_controller_spec.rb'
+    - 'spec/controllers/admin/settings/branding_controller_spec.rb'
+    - 'spec/controllers/api/v1/media_controller_spec.rb'
+    - 'spec/controllers/auth/sessions_controller_spec.rb'
+    - 'spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb'
+    - 'spec/controllers/settings/two_factor_authentication/recovery_codes_controller_spec.rb'
+    - 'spec/lib/request_spec.rb'
+    - 'spec/lib/status_filter_spec.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/setting_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/validators/follow_limit_validator_spec.rb'
+    - 'spec/workers/activitypub/delivery_worker_spec.rb'
+    - 'spec/workers/web/push_notification_worker_spec.rb'
+
+# Configuration parameters: CountAsOne.
+RSpec/ExampleLength:
+  Max: 22
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: implicit, each, example
+RSpec/HookArgument:
+  Exclude:
+    - 'spec/controllers/api/v1/streaming_controller_spec.rb'
+    - 'spec/controllers/well_known/webfinger_controller_spec.rb'
+    - 'spec/helpers/instance_helper_spec.rb'
+    - 'spec/models/user_spec.rb'
+    - 'spec/rails_helper.rb'
+    - 'spec/serializers/activitypub/note_serializer_spec.rb'
+    - 'spec/serializers/activitypub/update_poll_serializer_spec.rb'
+    - 'spec/services/import_service_spec.rb'
+
+# Configuration parameters: AssignmentOnly.
+RSpec/InstanceVariable:
+  Exclude:
+    - 'spec/controllers/api/v1/streaming_controller_spec.rb'
+    - 'spec/controllers/auth/confirmations_controller_spec.rb'
+    - 'spec/controllers/auth/passwords_controller_spec.rb'
+    - 'spec/controllers/auth/sessions_controller_spec.rb'
+    - 'spec/controllers/concerns/export_controller_concern_spec.rb'
+    - 'spec/controllers/home_controller_spec.rb'
+    - 'spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb'
+    - 'spec/controllers/statuses_cleanup_controller_spec.rb'
+    - 'spec/models/concerns/account_finder_concern_spec.rb'
+    - 'spec/models/concerns/account_interactions_spec.rb'
+    - 'spec/models/public_feed_spec.rb'
+    - 'spec/serializers/activitypub/note_serializer_spec.rb'
+    - 'spec/serializers/activitypub/update_poll_serializer_spec.rb'
+    - 'spec/services/remove_status_service_spec.rb'
+    - 'spec/services/search_service_spec.rb'
+    - 'spec/services/unblock_domain_service_spec.rb'
+
+RSpec/LetSetup:
+  Exclude:
+    - 'spec/controllers/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/admin/action_logs_controller_spec.rb'
+    - 'spec/controllers/admin/instances_controller_spec.rb'
+    - 'spec/controllers/admin/reports/actions_controller_spec.rb'
+    - 'spec/controllers/admin/statuses_controller_spec.rb'
+    - 'spec/controllers/api/v1/accounts/statuses_controller_spec.rb'
+    - 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/api/v1/filters_controller_spec.rb'
+    - 'spec/controllers/api/v1/followed_tags_controller_spec.rb'
+    - 'spec/controllers/api/v2/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/api/v2/filters/keywords_controller_spec.rb'
+    - 'spec/controllers/api/v2/filters/statuses_controller_spec.rb'
+    - 'spec/controllers/auth/confirmations_controller_spec.rb'
+    - 'spec/controllers/auth/passwords_controller_spec.rb'
+    - 'spec/controllers/auth/sessions_controller_spec.rb'
+    - 'spec/controllers/follower_accounts_controller_spec.rb'
+    - 'spec/controllers/following_accounts_controller_spec.rb'
+    - 'spec/controllers/oauth/authorized_applications_controller_spec.rb'
+    - 'spec/controllers/oauth/tokens_controller_spec.rb'
+    - 'spec/controllers/settings/imports_controller_spec.rb'
+    - 'spec/lib/activitypub/activity/delete_spec.rb'
+    - 'spec/lib/vacuum/applications_vacuum_spec.rb'
+    - 'spec/lib/vacuum/preview_cards_vacuum_spec.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/account_statuses_cleanup_policy_spec.rb'
+    - 'spec/models/canonical_email_block_spec.rb'
+    - 'spec/models/status_spec.rb'
+    - 'spec/models/user_spec.rb'
+    - 'spec/services/account_statuses_cleanup_service_spec.rb'
+    - 'spec/services/activitypub/fetch_featured_collection_service_spec.rb'
+    - 'spec/services/activitypub/fetch_remote_status_service_spec.rb'
+    - 'spec/services/activitypub/process_account_service_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/services/batched_remove_status_service_spec.rb'
+    - 'spec/services/block_domain_service_spec.rb'
+    - 'spec/services/bulk_import_service_spec.rb'
+    - 'spec/services/delete_account_service_spec.rb'
+    - 'spec/services/import_service_spec.rb'
+    - 'spec/services/notify_service_spec.rb'
+    - 'spec/services/remove_status_service_spec.rb'
+    - 'spec/services/report_service_spec.rb'
+    - 'spec/services/resolve_account_service_spec.rb'
+    - 'spec/services/suspend_account_service_spec.rb'
+    - 'spec/services/unallow_domain_service_spec.rb'
+    - 'spec/services/unsuspend_account_service_spec.rb'
+    - 'spec/workers/scheduler/user_cleanup_scheduler_spec.rb'
+
+RSpec/MessageChain:
+  Exclude:
+    - 'spec/controllers/api/v1/media_controller_spec.rb'
+    - 'spec/models/concerns/remotable_spec.rb'
+    - 'spec/models/session_activation_spec.rb'
+    - 'spec/models/setting_spec.rb'
+
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: have_received, receive
+RSpec/MessageSpies:
+  Exclude:
+    - 'spec/controllers/admin/accounts_controller_spec.rb'
+    - 'spec/helpers/admin/account_moderation_notes_helper_spec.rb'
+    - 'spec/lib/webfinger_resource_spec.rb'
+    - 'spec/models/admin/account_action_spec.rb'
+    - 'spec/models/concerns/remotable_spec.rb'
+    - 'spec/models/follow_request_spec.rb'
+    - 'spec/models/identity_spec.rb'
+    - 'spec/models/session_activation_spec.rb'
+    - 'spec/models/setting_spec.rb'
+    - 'spec/services/activitypub/fetch_replies_service_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/spec_helper.rb'
+    - 'spec/validators/status_length_validator_spec.rb'
+
+RSpec/MultipleExpectations:
+  Max: 8
+
+# Configuration parameters: AllowSubject.
+RSpec/MultipleMemoizedHelpers:
+  Max: 21
+
+# Configuration parameters: AllowedGroups.
+RSpec/NestedGroups:
+  Max: 6
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Rails/ApplicationController:
+  Exclude:
+    - 'app/controllers/health_controller.rb'
+
+# Configuration parameters: Include.
+# Include: db/**/*.rb
+Rails/CreateTableWithTimestamps:
+  Exclude:
+    - 'db/migrate/20170508230434_create_conversation_mutes.rb'
+    - 'db/migrate/20170823162448_create_status_pins.rb'
+    - 'db/migrate/20171116161857_create_list_accounts.rb'
+    - 'db/migrate/20180929222014_create_account_conversations.rb'
+    - 'db/migrate/20181007025445_create_pghero_space_stats.rb'
+    - 'db/migrate/20190103124649_create_scheduled_statuses.rb'
+    - 'db/migrate/20220824233535_create_status_trends.rb'
+    - 'db/migrate/20221006061337_create_preview_card_trends.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Severity.
+Rails/DuplicateAssociation:
+  Exclude:
+    - 'app/serializers/activitypub/collection_serializer.rb'
+    - 'app/serializers/activitypub/note_serializer.rb'
+
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/HasAndBelongsToMany:
+  Exclude:
+    - 'app/models/concerns/account_associations.rb'
+    - 'app/models/preview_card.rb'
+    - 'app/models/status.rb'
+    - 'app/models/tag.rb'
+
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/HasManyOrHasOneDependent:
+  Exclude:
+    - 'app/models/concerns/account_counters.rb'
+    - 'app/models/conversation.rb'
+    - 'app/models/custom_emoji.rb'
+    - 'app/models/custom_emoji_category.rb'
+    - 'app/models/domain_block.rb'
+    - 'app/models/invite.rb'
+    - 'app/models/status.rb'
+    - 'app/models/user.rb'
+    - 'app/models/web/push_subscription.rb'
+
+Rails/I18nLocaleTexts:
+  Exclude:
+    - 'lib/tasks/mastodon.rake'
+    - 'spec/helpers/flashes_helper_spec.rb'
+
+# Configuration parameters: Include.
+# Include: app/controllers/**/*.rb, app/mailers/**/*.rb
+Rails/LexicallyScopedActionFilter:
+  Exclude:
+    - 'app/controllers/auth/passwords_controller.rb'
+    - 'app/controllers/auth/registrations_controller.rb'
+    - 'app/controllers/auth/sessions_controller.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Rails/NegateInclude:
+  Exclude:
+    - 'app/controllers/concerns/signature_verification.rb'
+    - 'app/helpers/jsonld_helper.rb'
+    - 'app/lib/activitypub/activity/create.rb'
+    - 'app/lib/activitypub/activity/move.rb'
+    - 'app/lib/feed_manager.rb'
+    - 'app/lib/link_details_extractor.rb'
+    - 'app/models/concerns/attachmentable.rb'
+    - 'app/models/concerns/remotable.rb'
+    - 'app/models/custom_filter.rb'
+    - 'app/services/activitypub/process_status_update_service.rb'
+    - 'app/services/fetch_link_card_service.rb'
+    - 'app/services/search_service.rb'
+    - 'app/workers/web/push_notification_worker.rb'
+    - 'lib/paperclip/color_extractor.rb'
+
+Rails/OutputSafety:
+  Exclude:
+    - 'config/initializers/simple_form.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Include.
+# Include: **/Rakefile, **/*.rake
+Rails/RakeEnvironment:
+  Exclude:
+    - 'lib/tasks/auto_annotate_models.rake'
+    - 'lib/tasks/db.rake'
+    - 'lib/tasks/emojis.rake'
+    - 'lib/tasks/mastodon.rake'
+    - 'lib/tasks/repo.rake'
+    - 'lib/tasks/statistics.rake'
+
+# Configuration parameters: Include.
+# Include: db/**/*.rb
+Rails/ReversibleMigration:
+  Exclude:
+    - 'db/migrate/20160223164502_make_uris_nullable_in_statuses.rb'
+    - 'db/migrate/20161122163057_remove_unneeded_indexes.rb'
+    - 'db/migrate/20170205175257_remove_devices.rb'
+    - 'db/migrate/20170322143850_change_primary_key_to_bigint_on_statuses.rb'
+    - 'db/migrate/20170520145338_change_language_filter_to_opt_out.rb'
+    - 'db/migrate/20170609145826_remove_default_language_from_statuses.rb'
+    - 'db/migrate/20170711225116_fix_null_booleans.rb'
+    - 'db/migrate/20171129172043_add_index_on_stream_entries.rb'
+    - 'db/migrate/20171212195226_remove_duplicate_indexes_in_lists.rb'
+    - 'db/migrate/20171226094803_more_faster_index_on_notifications.rb'
+    - 'db/migrate/20180106000232_add_index_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
+    - 'db/migrate/20180617162849_remove_unused_indexes.rb'
+    - 'db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb'
+
+# Configuration parameters: ForbiddenMethods, AllowedMethods.
+# ForbiddenMethods: decrement!, decrement_counter, increment!, increment_counter, insert, insert!, insert_all, insert_all!, toggle!, touch, touch_all, update_all, update_attribute, update_column, update_columns, update_counters, upsert, upsert_all
+Rails/SkipsModelValidations:
+  Exclude:
+    - 'app/controllers/admin/invites_controller.rb'
+    - 'app/controllers/concerns/session_tracking_concern.rb'
+    - 'app/models/concerns/account_merging.rb'
+    - 'app/models/concerns/expireable.rb'
+    - 'app/models/status.rb'
+    - 'app/models/trends/links.rb'
+    - 'app/models/trends/preview_card_batch.rb'
+    - 'app/models/trends/preview_card_provider_batch.rb'
+    - 'app/models/trends/status_batch.rb'
+    - 'app/models/trends/statuses.rb'
+    - 'app/models/trends/tag_batch.rb'
+    - 'app/models/trends/tags.rb'
+    - 'app/models/user.rb'
+    - 'app/services/activitypub/process_status_update_service.rb'
+    - 'app/services/approve_appeal_service.rb'
+    - 'app/services/block_domain_service.rb'
+    - 'app/services/delete_account_service.rb'
+    - 'app/services/process_mentions_service.rb'
+    - 'app/services/unallow_domain_service.rb'
+    - 'app/services/unblock_domain_service.rb'
+    - 'app/services/update_status_service.rb'
+    - 'app/workers/activitypub/post_upgrade_worker.rb'
+    - 'app/workers/move_worker.rb'
+    - 'app/workers/scheduler/ip_cleanup_scheduler.rb'
+    - 'app/workers/scheduler/scheduled_statuses_scheduler.rb'
+    - 'db/migrate/20161203164520_add_from_account_id_to_notifications.rb'
+    - 'db/migrate/20170105224407_add_shortcode_to_media_attachments.rb'
+    - 'db/migrate/20170209184350_add_reply_to_statuses.rb'
+    - 'db/migrate/20170304202101_add_type_to_media_attachments.rb'
+    - 'db/migrate/20180528141303_fix_accounts_unique_index.rb'
+    - 'db/migrate/20180609104432_migrate_web_push_subscriptions2.rb'
+    - 'db/migrate/20181207011115_downcase_custom_emoji_domains.rb'
+    - 'db/migrate/20190511134027_add_silenced_at_suspended_at_to_accounts.rb'
+    - 'db/migrate/20191007013357_update_pt_locales.rb'
+    - 'db/migrate/20220316233212_update_kurdish_locales.rb'
+    - 'db/post_migrate/20190511152737_remove_suspended_silenced_account_fields.rb'
+    - 'db/post_migrate/20200917193528_migrate_notifications_type.rb'
+    - 'db/post_migrate/20201017234926_fill_account_suspension_origin.rb'
+    - 'db/post_migrate/20220617202502_migrate_roles.rb'
+    - 'db/post_migrate/20221101190723_backfill_admin_action_logs.rb'
+    - 'db/post_migrate/20221206114142_backfill_admin_action_logs_again.rb'
+    - 'lib/mastodon/cli/accounts.rb'
+    - 'lib/mastodon/cli/main.rb'
+    - 'lib/mastodon/cli/maintenance.rb'
+    - 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
+    - 'spec/lib/activitypub/activity/follow_spec.rb'
+    - 'spec/services/follow_service_spec.rb'
+    - 'spec/services/update_account_service_spec.rb'
+
+# Configuration parameters: Include.
+# Include: db/**/*.rb
+Rails/ThreeStateBooleanColumn:
+  Exclude:
+    - 'db/migrate/20160325130944_add_admin_to_users.rb'
+    - 'db/migrate/20161123093447_add_sensitive_to_statuses.rb'
+    - 'db/migrate/20170123203248_add_reject_media_to_domain_blocks.rb'
+    - 'db/migrate/20170127165745_add_devise_two_factor_to_users.rb'
+    - 'db/migrate/20170209184350_add_reply_to_statuses.rb'
+    - 'db/migrate/20170330163835_create_imports.rb'
+    - 'db/migrate/20170905165803_add_local_to_statuses.rb'
+    - 'db/migrate/20181203021853_add_discoverable_to_accounts.rb'
+    - 'db/migrate/20190509164208_add_by_moderator_to_tombstone.rb'
+    - 'db/migrate/20190805123746_add_capabilities_to_tags.rb'
+    - 'db/migrate/20191212163405_add_hide_collections_to_accounts.rb'
+    - 'db/migrate/20200309150742_add_forwarded_to_reports.rb'
+    - 'db/migrate/20210609202149_create_login_activities.rb'
+    - 'db/migrate/20210621221010_add_skip_sign_in_token_to_users.rb'
+    - 'db/migrate/20211031031021_create_preview_card_providers.rb'
+    - 'db/migrate/20211115032527_add_trendable_to_preview_cards.rb'
+    - 'db/migrate/20220202200743_add_trendable_to_accounts.rb'
+    - 'db/migrate/20220202200926_add_trendable_to_statuses.rb'
+    - 'db/migrate/20220303000827_add_ordered_media_attachment_ids_to_status_edits.rb'
+
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/UniqueValidationWithoutIndex:
+  Exclude:
+    - 'app/models/account_alias.rb'
+    - 'app/models/custom_filter_status.rb'
+    - 'app/models/identity.rb'
+    - 'app/models/webauthn_credential.rb'
+
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/UnusedIgnoredColumns:
+  Exclude:
+    - 'app/models/account.rb'
+    - 'app/models/account_stat.rb'
+    - 'app/models/admin/action_log.rb'
+    - 'app/models/custom_filter.rb'
+    - 'app/models/email_domain_block.rb'
+    - 'app/models/report.rb'
+    - 'app/models/status_edit.rb'
+    - 'app/models/user.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: exists, where
+Rails/WhereExists:
+  Exclude:
+    - 'app/controllers/activitypub/inboxes_controller.rb'
+    - 'app/controllers/admin/email_domain_blocks_controller.rb'
+    - 'app/controllers/auth/registrations_controller.rb'
+    - 'app/lib/activitypub/activity/create.rb'
+    - 'app/lib/delivery_failure_tracker.rb'
+    - 'app/lib/feed_manager.rb'
+    - 'app/lib/status_cache_hydrator.rb'
+    - 'app/lib/suspicious_sign_in_detector.rb'
+    - 'app/models/concerns/account_interactions.rb'
+    - 'app/models/featured_tag.rb'
+    - 'app/models/poll.rb'
+    - 'app/models/session_activation.rb'
+    - 'app/models/status.rb'
+    - 'app/models/user.rb'
+    - 'app/policies/status_policy.rb'
+    - 'app/serializers/rest/announcement_serializer.rb'
+    - 'app/serializers/rest/tag_serializer.rb'
+    - 'app/services/activitypub/fetch_remote_status_service.rb'
+    - 'app/services/app_sign_up_service.rb'
+    - 'app/services/vote_service.rb'
+    - 'app/validators/reaction_validator.rb'
+    - 'app/validators/vote_validator.rb'
+    - 'app/workers/move_worker.rb'
+    - 'db/migrate/20190529143559_preserve_old_layout_for_existing_users.rb'
+    - 'lib/tasks/tests.rake'
+    - 'spec/models/account_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/services/purge_domain_service_spec.rb'
+    - 'spec/services/unallow_domain_service_spec.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowOnConstant, AllowOnSelfClass.
+Style/CaseEquality:
+  Exclude:
+    - 'config/initializers/trusted_proxies.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowedMethods, AllowedPatterns.
+# AllowedMethods: ==, equal?, eql?
+Style/ClassEqualityComparison:
+  Exclude:
+    - 'app/helpers/jsonld_helper.rb'
+    - 'app/serializers/activitypub/outbox_serializer.rb'
+
+Style/ClassVars:
+  Exclude:
+    - 'config/initializers/devise.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/CombinableLoops:
+  Exclude:
+    - 'app/models/form/custom_emoji_batch.rb'
+    - 'app/models/form/ip_block_batch.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowedVars.
+Style/FetchEnvVar:
+  Exclude:
+    - 'app/lib/redis_configuration.rb'
+    - 'app/lib/translation_service.rb'
+    - 'config/environments/development.rb'
+    - 'config/environments/production.rb'
+    - 'config/initializers/2_limited_federation_mode.rb'
+    - 'config/initializers/3_omniauth.rb'
+    - 'config/initializers/blacklists.rb'
+    - 'config/initializers/cache_buster.rb'
+    - 'config/initializers/content_security_policy.rb'
+    - 'config/initializers/devise.rb'
+    - 'config/initializers/paperclip.rb'
+    - 'config/initializers/vapid.rb'
+    - 'lib/mastodon/premailer_webpack_strategy.rb'
+    - 'lib/mastodon/redis_config.rb'
+    - 'lib/tasks/repo.rake'
+    - 'spec/features/profile_spec.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns.
+# SupportedStyles: annotated, template, unannotated
+# AllowedMethods: redirect
+Style/FormatStringToken:
+  Exclude:
+    - 'app/models/privacy_policy.rb'
+    - 'config/initializers/devise.rb'
+    - 'lib/paperclip/color_extractor.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/GlobalStdStream:
+  Exclude:
+    - 'config/boot.rb'
+    - 'config/environments/development.rb'
+    - 'config/environments/production.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: MinBodyLength, AllowConsecutiveConditionals.
+Style/GuardClause:
+  Exclude:
+    - 'app/controllers/admin/confirmations_controller.rb'
+    - 'app/controllers/auth/confirmations_controller.rb'
+    - 'app/controllers/auth/passwords_controller.rb'
+    - 'app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb'
+    - 'app/lib/activitypub/activity/block.rb'
+    - 'app/lib/request.rb'
+    - 'app/lib/request_pool.rb'
+    - 'app/lib/webfinger.rb'
+    - 'app/lib/webfinger_resource.rb'
+    - 'app/models/concerns/account_counters.rb'
+    - 'app/models/concerns/ldap_authenticable.rb'
+    - 'app/models/tag.rb'
+    - 'app/models/user.rb'
+    - 'app/services/fan_out_on_write_service.rb'
+    - 'app/services/post_status_service.rb'
+    - 'app/services/process_hashtags_service.rb'
+    - 'app/workers/move_worker.rb'
+    - 'app/workers/redownload_avatar_worker.rb'
+    - 'app/workers/redownload_header_worker.rb'
+    - 'app/workers/redownload_media_worker.rb'
+    - 'app/workers/remote_account_refresh_worker.rb'
+    - 'config/initializers/devise.rb'
+    - 'db/migrate/20170901141119_truncate_preview_cards.rb'
+    - 'db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb'
+    - 'lib/devise/two_factor_ldap_authenticatable.rb'
+    - 'lib/devise/two_factor_pam_authenticatable.rb'
+    - 'lib/mastodon/cli/accounts.rb'
+    - 'lib/mastodon/cli/maintenance.rb'
+    - 'lib/mastodon/cli/media.rb'
+    - 'lib/paperclip/attachment_extensions.rb'
+    - 'lib/tasks/repo.rake'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: braces, no_braces
+Style/HashAsLastArrayItem:
+  Exclude:
+    - 'app/controllers/admin/statuses_controller.rb'
+    - 'app/controllers/api/v1/statuses_controller.rb'
+    - 'app/models/concerns/account_counters.rb'
+    - 'app/models/concerns/status_threading_concern.rb'
+    - 'app/models/status.rb'
+    - 'app/services/batched_remove_status_service.rb'
+    - 'app/services/notify_service.rb'
+    - 'db/migrate/20181024224956_migrate_account_conversations.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/HashTransformValues:
+  Exclude:
+    - 'app/serializers/rest/web_push_subscription_serializer.rb'
+    - 'app/services/import_service.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+Style/IfUnlessModifier:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/devise.rb'
+    - 'config/initializers/ffmpeg.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: InverseMethods, InverseBlocks.
+Style/InverseMethods:
+  Exclude:
+    - 'app/models/custom_filter.rb'
+    - 'app/services/update_account_service.rb'
+    - 'spec/controllers/activitypub/replies_controller_spec.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: line_count_dependent, lambda, literal
+Style/Lambda:
+  Exclude:
+    - 'config/initializers/simple_form.rb'
+    - 'config/routes.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/MapToHash:
+  Exclude:
+    - 'app/models/status.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: literals, strict
+Style/MutableConstant:
+  Exclude:
+    - 'app/models/tag.rb'
+    - 'app/services/delete_account_service.rb'
+    - 'lib/mastodon/migration_warning.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+Style/NilLambda:
+  Exclude:
+    - 'config/initializers/paperclip.rb'
+
+# Configuration parameters: AllowedMethods.
+# AllowedMethods: respond_to_missing?
+Style/OptionalBooleanParameter:
+  Exclude:
+    - 'app/helpers/admin/account_moderation_notes_helper.rb'
+    - 'app/helpers/jsonld_helper.rb'
+    - 'app/lib/admin/system_check/message.rb'
+    - 'app/lib/request.rb'
+    - 'app/lib/webfinger.rb'
+    - 'app/services/block_domain_service.rb'
+    - 'app/services/fetch_resource_service.rb'
+    - 'app/workers/domain_block_worker.rb'
+    - 'app/workers/unfollow_follow_worker.rb'
+    - 'lib/mastodon/redis_config.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: PreferredDelimiters.
+Style/PercentLiteralDelimiters:
+  Exclude:
+    - 'config/deploy.rb'
+    - 'config/initializers/doorkeeper.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: short, verbose
+Style/PreferredHashMethods:
+  Exclude:
+    - 'config/initializers/paperclip.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+Style/RedundantConstantBase:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/sidekiq.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: SafeForConstants.
+Style/RedundantFetchBlock:
+  Exclude:
+    - 'config/initializers/1_hosts.rb'
+    - 'config/initializers/chewy.rb'
+    - 'config/initializers/devise.rb'
+    - 'config/initializers/paperclip.rb'
+    - 'config/puma.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowMultipleReturnValues.
+Style/RedundantReturn:
+  Exclude:
+    - 'app/controllers/api/v1/directories_controller.rb'
+    - 'app/controllers/auth/confirmations_controller.rb'
+    - 'app/lib/ostatus/tag_manager.rb'
+    - 'app/models/form/import.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods, MaxChainLength.
+# AllowedMethods: present?, blank?, presence, try, try!
+Style/SafeNavigation:
+  Exclude:
+    - 'app/models/concerns/account_finder_concern.rb'
+    - 'app/models/status.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: only_raise, only_fail, semantic
+Style/SignalException:
+  Exclude:
+    - 'lib/devise/two_factor_ldap_authenticatable.rb'
+    - 'lib/devise/two_factor_pam_authenticatable.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/SingleArgumentDig:
+  Exclude:
+    - 'lib/webpacker/manifest_extensions.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: require_parentheses, require_no_parentheses
+Style/StabbyLambdaParentheses:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/content_security_policy.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+Style/StderrPuts:
+  Exclude:
+    - 'config/boot.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Mode.
+Style/StringConcatenation:
+  Exclude:
+    - 'config/initializers/paperclip.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline.
+# SupportedStyles: single_quotes, double_quotes
+Style/StringLiterals:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/backtrace_silencers.rb'
+    - 'config/initializers/http_client_proxy.rb'
+    - 'config/initializers/rack_attack.rb'
+    - 'config/initializers/webauthn.rb'
+    - 'config/routes.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AllowMethodsWithArguments, AllowedMethods, AllowedPatterns, AllowComments.
+# AllowedMethods: define_method, mail, respond_to
+Style/SymbolProc:
+  Exclude:
+    - 'config/initializers/3_omniauth.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, AllowSafeAssignment.
+# SupportedStyles: require_parentheses, require_no_parentheses, require_parentheses_when_complex
+Style/TernaryParentheses:
+  Exclude:
+    - 'config/environments/development.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyleForMultiline.
+# SupportedStylesForMultiline: comma, consistent_comma, no_comma
+Style/TrailingCommaInArguments:
+  Exclude:
+    - 'config/initializers/paperclip.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyleForMultiline.
+# SupportedStylesForMultiline: comma, consistent_comma, no_comma
+Style/TrailingCommaInHashLiteral:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/environments/test.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, MinSize, WordRegex.
+# SupportedStyles: percent, brackets
+Style/WordArray:
+  Exclude:
+    - 'app/helpers/languages_helper.rb'
+    - 'config/initializers/cors.rb'
+    - 'spec/controllers/settings/imports_controller_spec.rb'
+    - 'spec/models/form/import_spec.rb'

.ruby-version

@@ -1 +1 @@
-3.0.4
+3.2.3

.yarnclean

@@ -44,3 +44,6 @@ Gruntfile.js
 # for specific ignore
 !.svgo.yml
 !sass-lint/**/*.yml
+
+# breaks lint-staged or generally anything using https://github.com/eemeli/yaml/issues/384
+!**/yaml/dist/**/doc

Aptfile

@@ -1,4 +1,5 @@
 ffmpeg
+libopenblas0-pthread
 libpq-dev
 libxdamage1
 libxfixes3

CODE_OF_CONDUCT.md

@@ -2,45 +2,131 @@
 
 ## Our Pledge
 
-In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
 
 ## Our Standards
 
-Examples of behavior that contributes to creating a positive environment include:
+Examples of behavior that contributes to a positive environment for our
+community include:
 
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the overall
+  community
 
-Examples of unacceptable behavior by participants include:
+Examples of unacceptable behavior include:
 
-* The use of sexualized language or imagery and unwelcome sexual attention or advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a professional setting
+- The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
 
-## Our Responsibilities
+## Enforcement Responsibilities
 
-Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
 
-Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
 
 ## Scope
 
-This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at eugen@zeonfederated.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[hello@joinmastodon.org](mailto:hello@joinmastodon.org).
+All complaints will be reviewed and investigated promptly and fairly.
 
-Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
 
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [https://contributor-covenant.org/version/1/4][version]
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
 
-[homepage]: https://contributor-covenant.org
-[version]: https://contributor-covenant.org/version/1/4/
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

CONTRIBUTING.md

@@ -1,5 +1,4 @@
-Contributing
-============
+# Contributing
 
 Thank you for considering contributing to Mastodon 🐘
 
@@ -28,9 +27,9 @@ You can submit translations via [Crowdin](https://crowdin.com/project/mastodon).
 
 Example:
 
-|Not ideal|Better|
-|---|----|
-|Fixed NoMethodError in RemovalWorker|Fix nil error when removing statuses caused by race condition|
+| Not ideal                            | Better                                                        |
+| ------------------------------------ | ------------------------------------------------------------- |
+| Fixed NoMethodError in RemovalWorker | Fix nil error when removing statuses caused by race condition |
 
 It is not always possible to phrase every change in such a manner, but it is desired.
 
@@ -42,8 +41,6 @@ It is not always possible to phrase every change in such a manner, but it is des
 - Code style rules (rubocop, eslint)
 - Normalization of locale files (i18n-tasks)
 
-**Note**: You may need to log in and authorise the GitHub account your fork of this repository belongs to with CircleCI to enable some of the automated checks to run.
-
 ## Documentation
 
 The [Mastodon documentation](https://docs.joinmastodon.org) is a statically generated site. You can [submit merge requests to mastodon/documentation](https://github.com/mastodon/documentation).

Capfile

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'capistrano/setup'
 require 'capistrano/deploy'
 require 'capistrano/scm/git'

Dockerfile

@@ -1,8 +1,8 @@
 # syntax=docker/dockerfile:1.4
-# This needs to be bullseye-slim because the Ruby image is built on bullseye-slim
-ARG NODE_VERSION="16.18.1-bullseye-slim"
+# This needs to be bookworm-slim because the Ruby image is built on bookworm-slim
+ARG NODE_VERSION="20.6-bookworm-slim"
 
-FROM ghcr.io/moritzheiber/ruby-jemalloc:3.0.4-slim as ruby
+FROM ghcr.io/moritzheiber/ruby-jemalloc:3.2.3-slim as ruby
 FROM node:${NODE_VERSION} as build
 
 COPY --link --from=ruby /opt/ruby /opt/ruby
@@ -17,11 +17,11 @@ COPY Gemfile* package.json yarn.lock /opt/mastodon/
 
 # hadolint ignore=DL3008
 RUN apt-get update && \
+    apt-get -yq dist-upgrade && \
     apt-get install -y --no-install-recommends build-essential \
-        ca-certificates \
         git \
         libicu-dev \
-        libidn11-dev \
+        libidn-dev \
         libpq-dev \
         libjemalloc-dev \
         zlib1g-dev \
@@ -37,10 +37,15 @@ RUN apt-get update && \
     bundle config set --local without 'development test' && \
     bundle config set silence_root_warning true && \
     bundle install -j"$(nproc)" && \
-    yarn install --pure-lockfile --network-timeout 600000
+    yarn install --pure-lockfile --production --network-timeout 600000 && \
+    yarn cache clean
 
 FROM node:${NODE_VERSION}
 
+# Use those args to specify your own version flags & suffixes
+ARG MASTODON_VERSION_PRERELEASE=""
+ARG MASTODON_VERSION_METADATA=""
+
 ARG UID="991"
 ARG GID="991"
 
@@ -51,7 +56,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 ENV DEBIAN_FRONTEND="noninteractive" \
     PATH="${PATH}:/opt/ruby/bin:/opt/mastodon/bin"
 
-# Ignoreing these here since we don't want to pin any versions and the Debian image removes apt-get content after use
+# Ignoring these here since we don't want to pin any versions and the Debian image removes apt-get content after use
 # hadolint ignore=DL3008,DL3009
 RUN apt-get update && \
     echo "Etc/UTC" > /etc/localtime && \
@@ -60,13 +65,13 @@ RUN apt-get update && \
     apt-get -y --no-install-recommends install whois \
         wget \
         procps \
-        libssl1.1 \
+        libssl3 \
         libpq5 \
         imagemagick \
         ffmpeg \
         libjemalloc2 \
-        libicu67 \
-        libidn11 \
+        libicu72 \
+        libidn12 \
         libyaml-0-2 \
         file \
         ca-certificates \
@@ -84,15 +89,16 @@ COPY --chown=mastodon:mastodon --from=build /opt/mastodon /opt/mastodon
 ENV RAILS_ENV="production" \
     NODE_ENV="production" \
     RAILS_SERVE_STATIC_FILES="true" \
-    BIND="0.0.0.0"
+    BIND="0.0.0.0" \
+    MASTODON_VERSION_PRERELEASE="${MASTODON_VERSION_PRERELEASE}" \
+    MASTODON_VERSION_METADATA="${MASTODON_VERSION_METADATA}"
 
 # Set the run user
 USER mastodon
 WORKDIR /opt/mastodon
 
 # Precompile assets
-RUN OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile && \
-    yarn cache clean
+RUN OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile
 
 # Set the work dir and the container entry point
 ENTRYPOINT ["/usr/bin/tini", "--"]

FEDERATION.md

@@ -27,4 +27,5 @@ More information on HTTP Signatures, as well as examples, can be found here: htt
 
 - Linked-Data Signatures: https://docs.joinmastodon.org/spec/security/#ld
 - Bearcaps: https://docs.joinmastodon.org/spec/bearcaps/
-- Followers collection synchronization: https://git.activitypub.dev/ActivityPubDev/Fediverse-Enhancement-Proposals/src/branch/main/feps/fep-8fcf.md
+- Followers collection synchronization: https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md
+- Search indexing consent for actors: https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md

Gemfile

@@ -1,27 +1,24 @@
 # frozen_string_literal: true
 
 source 'https://rubygems.org'
-ruby '>= 2.7.0', '< 3.1.0'
+ruby '>= 3.0.0'
 
-gem 'pkg-config', '~> 1.5'
-gem 'rexml', '~> 3.2'
-
-gem 'puma', '~> 5.6'
-gem 'rails', '~> 6.1.7'
+gem 'puma', '~> 6.3'
+gem 'rails', '~> 7.0'
 gem 'sprockets', '~> 3.7.2'
 gem 'thor', '~> 1.2'
-gem 'rack', '~> 2.2.6'
+gem 'rack', '~> 2.2.7'
 
-gem 'hamlit-rails', '~> 0.2'
-gem 'pg', '~> 1.4'
-gem 'makara', '~> 0.5'
+gem 'haml-rails', '~>2.0'
+gem 'pg', '~> 1.5'
 gem 'pghero'
 gem 'dotenv-rails', '~> 2.8'
 
-gem 'aws-sdk-s3', '~> 1.119', require: false
+gem 'aws-sdk-s3', '~> 1.123', require: false
 gem 'fog-core', '<= 2.4.0'
 gem 'fog-openstack', '~> 0.3', require: false
-gem 'kt-paperclip', '~> 7.1'
+gem 'kt-paperclip', '~> 7.2'
+gem 'md-paperclip-azure', '~> 2.2', require: false
 gem 'blurhash', '~> 0.1'
 
 gem 'active_model_serializers', '~> 0.10'
@@ -29,20 +26,23 @@ gem 'addressable', '~> 2.8'
 gem 'bootsnap', '~> 1.16.0', require: false
 gem 'browser'
 gem 'charlock_holmes', '~> 0.7.7'
-gem 'chewy', '~> 7.2'
-gem 'devise', '~> 4.8'
-gem 'devise-two-factor', '~> 4.0'
+gem 'chewy', '~> 7.3'
+gem 'devise', '~> 4.9'
+gem 'devise-two-factor', '~> 4.1'
 
 group :pam_authentication, optional: true do
   gem 'devise_pam_authenticatable2', '~> 9.2'
 end
 
-gem 'net-ldap', '~> 0.17'
-gem 'omniauth-cas', '~> 2.0'
-gem 'omniauth-saml', '~> 1.10'
-gem 'gitlab-omniauth-openid-connect', '~>0.10.1', require: 'omniauth_openid_connect'
-gem 'omniauth', '~> 1.9'
-gem 'omniauth-rails_csrf_protection', '~> 0.1'
+gem 'net-ldap', '~> 0.18'
+
+# TODO: Point back at released omniauth-cas gem when PR merged
+# https://github.com/dlindahl/omniauth-cas/pull/68
+gem 'omniauth-cas', github: 'stanhu/omniauth-cas', ref: '4211e6d05941b4a981f9a36b49ec166cecd0e271'
+gem 'omniauth-saml', '~> 2.0'
+gem 'omniauth_openid_connect', '~> 0.6.1'
+gem 'omniauth', '~> 2.0'
+gem 'omniauth-rails_csrf_protection', '~> 1.0'
 
 gem 'color_diff', '~> 0.1'
 gem 'discard', '~> 1.2'
@@ -59,95 +59,135 @@ gem 'httplog', '~> 1.6.2'
 gem 'idn-ruby', require: 'idn'
 gem 'kaminari', '~> 1.2'
 gem 'link_header', '~> 0.0'
-gem 'mime-types', '~> 3.4.1', require: 'mime/types/columnar'
-gem 'nokogiri', '~> 1.14'
-gem 'nsa', '~> 0.2'
-gem 'oj', '~> 3.13'
+gem 'mime-types', '~> 3.5.0', require: 'mime/types/columnar'
+gem 'nokogiri', '~> 1.15'
+gem 'nsa'
+gem 'oj', '~> 3.14'
 gem 'ox', '~> 2.14'
 gem 'parslet'
-gem 'posix-spawn'
 gem 'public_suffix', '~> 5.0'
 gem 'pundit', '~> 2.3'
 gem 'premailer-rails'
 gem 'rack-attack', '~> 6.6'
-gem 'rack-cors', '~> 1.1', require: 'rack/cors'
-gem 'rails-i18n', '~> 6.0'
-gem 'rails-settings-cached', '~> 0.6'
+gem 'rack-cors', '~> 2.0', require: 'rack/cors'
+gem 'rails-i18n', '~> 7.0'
+gem 'rails-settings-cached', '~> 0.6', git: 'https://github.com/mastodon/rails-settings-cached.git', branch: 'v0.6.6-aliases-true'
 gem 'redcarpet', '~> 3.6'
 gem 'redis', '~> 4.5', require: ['redis', 'redis/connection/hiredis']
 gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
-gem 'rqrcode', '~> 2.1'
-gem 'ruby-progressbar', '~> 1.11'
+gem 'rqrcode', '~> 2.2'
+gem 'ruby-progressbar', '~> 1.13'
 gem 'sanitize', '~> 6.0'
 gem 'scenic', '~> 1.7'
 gem 'sidekiq', '~> 6.5'
-gem 'sidekiq-scheduler', '~> 4.0'
+gem 'sidekiq-scheduler', '~> 5.0'
 gem 'sidekiq-unique-jobs', '~> 7.1'
 gem 'sidekiq-bulk', '~> 0.2.0'
 gem 'simple-navigation', '~> 4.4'
 gem 'simple_form', '~> 5.2'
 gem 'sprockets-rails', '~> 3.4', require: 'sprockets/railtie'
 gem 'stoplight', '~> 3.0.1'
-gem 'strong_migrations', '~> 0.7'
+gem 'strong_migrations', '~> 0.8'
 gem 'tty-prompt', '~> 0.23', require: false
 gem 'twitter-text', '~> 3.1.0'
-gem 'tzinfo-data', '~> 1.2022'
+gem 'tzinfo-data', '~> 1.2023'
 gem 'webpacker', '~> 5.4'
 gem 'webpush', github: 'ClearlyClaire/webpush', ref: 'f14a4d52e201128b1b00245d11b6de80d6cfdcd9'
-gem 'webauthn', '~> 2.5'
+gem 'webauthn', '~> 3.0'
 
 gem 'json-ld'
 gem 'json-ld-preloaded', '~> 3.2'
 gem 'rdf-normalize', '~> 0.5'
 
-group :development, :test do
-  gem 'fabrication', '~> 2.30'
-  gem 'fuubar', '~> 2.5'
-  gem 'i18n-tasks', '~> 1.0', require: false
-  gem 'pry-byebug', '~> 3.10'
-  gem 'pry-rails', '~> 0.3'
-  gem 'rspec-rails', '~> 5.1'
-  gem 'rubocop-performance', require: false
-  gem 'rubocop-rails', require: false
-  gem 'rubocop-rspec', require: false
-  gem 'rubocop', require: false
-end
-
-group :production, :test do
-  gem 'private_address_check', '~> 0.5'
-end
+gem 'private_address_check', '~> 0.5'
 
 group :test do
-  gem 'capybara', '~> 3.38'
+  # Used to split testing into chunks in CI
+  gem 'rspec_chunked', '~> 0.6'
+
+  # RSpec progress bar formatter
+  gem 'fuubar', '~> 2.5'
+
+  # Extra RSpec extenion methods and helpers for sidekiq
+  gem 'rspec-sidekiq', '~> 4.0'
+
+  # Browser integration testing
+  gem 'capybara', '~> 3.39'
+  gem 'selenium-webdriver'
+
+  # Used to reset the database between system tests
+  gem 'database_cleaner-active_record'
+
+  # Used to mock environment variables
   gem 'climate_control', '~> 0.2'
-  gem 'faker', '~> 3.1'
-  gem 'json-schema', '~> 3.0'
-  gem 'rack-test', '~> 2.0'  
+
+  # Generating fake data for specs
+  gem 'faker', '~> 3.2'
+
+  # Generate test objects for specs
+  gem 'fabrication', '~> 2.30'
+
+  # Add back helpers functions removed in Rails 5.1
   gem 'rails-controller-testing', '~> 1.0'
-  gem 'rspec_junit_formatter', '~> 0.6'
-  gem 'rspec-sidekiq', '~> 3.1'
+
+  # Validate schemas in specs
+  gem 'json-schema', '~> 4.0'
+
+  # Test harness fo rack components
+  gem 'rack-test', '~> 2.1'
+
+  # Coverage formatter for RSpec test if DISABLE_SIMPLECOV is false
   gem 'simplecov', '~> 0.22', require: false
+
+  # Stub web requests for specs
   gem 'webmock', '~> 3.18'
 end
 
 group :development do
-  gem 'active_record_query_trace', '~> 1.8'
+  # Code linting CLI and plugins
+  gem 'rubocop', require: false
+  gem 'rubocop-capybara', require: false
+  gem 'rubocop-performance', require: false
+  gem 'rubocop-rails', require: false
+  gem 'rubocop-rspec', require: false
+
+  # Annotates modules with schema
   gem 'annotate', '~> 3.2'
+
+  # Enhanced error message pages for development
   gem 'better_errors', '~> 2.9'
   gem 'binding_of_caller', '~> 1.0'
-  gem 'bullet', '~> 7.0'
+
+  # Preview mail in the browser
   gem 'letter_opener', '~> 1.8'
   gem 'letter_opener_web', '~> 2.0'
-  gem 'memory_profiler'
-  gem 'brakeman', '~> 5.4', require: false
+
+  # Security analysis CLI tools
+  gem 'brakeman', '~> 6.0', require: false
   gem 'bundler-audit', '~> 0.9', require: false
 
+  # Linter CLI for HAML files
+  gem 'haml_lint', require: false
+
+  # Deployment automation
   gem 'capistrano', '~> 3.17'
   gem 'capistrano-rails', '~> 1.6'
   gem 'capistrano-rbenv', '~> 2.2'
   gem 'capistrano-yarn', '~> 2.0'
 
-  gem 'stackprof'
+  # Validate missing i18n keys
+  gem 'i18n-tasks', '~> 1.0', require: false
+end
+
+group :development, :test do
+  # Profiling tools
+  gem 'memory_profiler', require: false
+  gem 'ruby-prof', require: false
+  gem 'stackprof', require: false
+  gem 'test-prof'
+
+  # RSpec runner for rails
+  gem 'rspec-rails', '~> 6.0'
 end
 
 group :production do
@@ -158,3 +198,10 @@ gem 'concurrent-ruby', require: false
 gem 'connection_pool', require: false
 gem 'xorcist', '~> 1.1'
 gem 'cocoon', '~> 1.2'
+
+gem 'net-http', '~> 0.3.2'
+gem 'rubyzip', '~> 2.3'
+
+gem 'hcaptcha', '~> 7.1'
+
+gem 'mail', '~> 2.8'

Procfile.dev

@@ -1,4 +1,4 @@
 web: env PORT=3000 RAILS_ENV=development bundle exec puma -C config/puma.rb
 sidekiq: env PORT=3000 RAILS_ENV=development bundle exec sidekiq
 stream: env PORT=4000 yarn run start
-webpack: ./bin/webpack-dev-server --listen-host 0.0.0.0
+webpack: bin/webpack-dev-server

README.md

@@ -1,104 +1,23 @@
-<h1><picture>
-  <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true">
-  <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true">
-  <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34">
-</picture></h1>
+# Mastodon - Paravielfalt Edition
 
-[![GitHub release](https://img.shields.io/github/release/mastodon/mastodon.svg)][releases]
-[![Build Status](https://img.shields.io/circleci/project/github/mastodon/mastodon.svg)][circleci]
-[![Code Climate](https://img.shields.io/codeclimate/maintainability/mastodon/mastodon.svg)][code_climate]
-[![Crowdin](https://d322cqt584bo4o.cloudfront.net/mastodon/localized.svg)][crowdin]
-[![Docker Pulls](https://img.shields.io/docker/pulls/tootsuite/mastodon.svg)][docker]
+Dieses Repository enthält den Quellcode für [paravielfalt.zone](https://paravielfalt.zone).
 
-[releases]: https://github.com/mastodon/mastodon/releases
-[circleci]: https://circleci.com/gh/mastodon/mastodon
-[code_climate]: https://codeclimate.com/github/mastodon/mastodon
-[crowdin]: https://crowdin.com/project/mastodon
-[docker]: https://hub.docker.com/r/tootsuite/mastodon/
+Die Instanz basiert auf Mastodon und ist vom offiziellen Quellcode-Repository geforkt: <https://github.com/mastodon/mastodon>.
 
-Mastodon is a **free, open-source social network server** based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, video. All Mastodon servers are interoperable as a federated network (users on one server can seamlessly communicate with users from another one, including non-Mastodon software that implements ActivityPub!)
+## Änderungsübersicht
 
-Click below to **learn more** in a video:
+Gegenüber der Mastodon-Standardinstallation gibt es folgende Änderungen.
 
-[![Screenshot](https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/ezgif-2-60f1b00403.gif)][youtube_demo]
+- Zeichenlimit von 500 auf 1500 Zeichen erhöht
 
-[youtube_demo]: https://www.youtube.com/watch?v=IPSbNdBmWKE
+[Vollständige Liste aller Änderungen](https://git.wir-sind-auch-menschen.de/paravielfalt/mastodon/compare/stable-4.1...paravielfalt-4.1).
 
-## Navigation
+## Neue Version bauen
 
-- [Project homepage 🐘](https://joinmastodon.org)
-- [Support the development via Patreon][patreon]
-- [View sponsors](https://joinmastodon.org/sponsors)
-- [Blog](https://blog.joinmastodon.org)
-- [Documentation](https://docs.joinmastodon.org)
-- [Browse Mastodon servers](https://joinmastodon.org/communities)
-- [Browse Mastodon apps](https://joinmastodon.org/apps)
+```sh
+git tag v4.2.0-pvz$(date '+%y%m%d%H%M')
+```
 
-[patreon]: https://www.patreon.com/mastodon
-
-## Features
-
-<img src="/app/javascript/images/elephant_ui_working.svg?raw=true" align="right" width="30%" />
-
-### No vendor lock-in: Fully interoperable with any conforming platform
-
-It doesn't have to be Mastodon; whatever implements ActivityPub is part of the social network! [Learn more](https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/)
-
-### Real-time, chronological timeline updates
-
-Updates of people you're following appear in real-time in the UI via WebSockets. There's a firehose view as well!
-
-### Media attachments like images and short videos
-
-Upload and view images and WebM/MP4 videos attached to the updates. Videos with no audio track are treated like GIFs; normal videos loop continuously!
-
-### Safety and moderation tools
-
-Mastodon includes private posts, locked accounts, phrase filtering, muting, blocking and all sorts of other features, along with a reporting and moderation system. [Learn more](https://blog.joinmastodon.org/2018/07/cage-the-mastodon/)
-
-### OAuth2 and a straightforward REST API
-
-Mastodon acts as an OAuth2 provider, so 3rd party apps can use the REST and Streaming APIs. This results in a rich app ecosystem with a lot of choices!
-
-## Deployment
-
-### Tech stack:
-
-- **Ruby on Rails** powers the REST API and other web pages
-- **React.js** and Redux are used for the dynamic parts of the interface
-- **Node.js** powers the streaming API
-
-### Requirements:
-
-- **PostgreSQL** 9.5+
-- **Redis** 4+
-- **Ruby** 2.7+
-- **Node.js** 14+
-
-The repository includes deployment configurations for **Docker and docker-compose** as well as specific platforms like **Heroku**, **Scalingo**, and **Nanobox**. For Helm charts, reference the [mastodon/chart repository](https://github.com/mastodon/chart). The [**standalone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the documentation.
-
-A **Vagrant** configuration is included for development purposes. To use it, complete following steps:
-
-- Install Vagrant and Virtualbox
-- Install the `vagrant-hostsupdater` plugin: `vagrant plugin install vagrant-hostsupdater`
-- Run `vagrant up`
-- Run `vagrant ssh -c "cd /vagrant && foreman start"`
-- Open `http://mastodon.local` in your browser
-
-## Contributing
-
-Mastodon is **free, open-source software** licensed under **AGPLv3**.
-
-You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository or submit translations using Crowdin. To get started, take a look at [CONTRIBUTING.md](CONTRIBUTING.md). If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
-
-**IRC channel**: #mastodon on irc.libera.chat
-
-## License
-
-Copyright (C) 2016-2022 Eugen Rochko & other Mastodon contributors (see [AUTHORS.md](AUTHORS.md))
-
-This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
-
-You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
+```sh
+git push --tag
+```

Rakefile

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
-require File.expand_path('../config/application', __FILE__)
+require File.expand_path('config/application', __dir__)
 
 Rails.application.load_tasks

SECURITY.md

@@ -1,8 +1,11 @@
 # Security Policy
 
-If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can reach us at <security@joinmastodon.org>.
+If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can either:
 
-You should *not* report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
+- open a [Github security issue on the Mastodon project](https://github.com/mastodon/mastodon/security/advisories/new)
+- reach us at <security@joinmastodon.org>
+
+You should _not_ report such issues on public GitHub issues or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
 
 ## Scope
 
@@ -11,7 +14,7 @@ A "vulnerability in Mastodon" is a vulnerability in the code distributed through
 ## Supported Versions
 
 | Version | Supported |
-| ------- | ----------|
-| 4.0.x   | Yes       |
-| 3.5.x   | Yes       |
-| < 3.5   | No        |
+| ------- | --------- |
+| 4.2.x   | Yes       |
+| 4.1.x   | Yes       |
+| < 4.1   | No        |

Vagrantfile

@@ -60,6 +60,38 @@ sudo usermod -a -G rvm $USER
 
 SCRIPT
 
+$provisionElasticsearch = <<SCRIPT
+# Install Elastic Search
+sudo apt install openjdk-17-jre-headless -y
+sudo wget -O /usr/share/keyrings/elasticsearch.asc https://artifacts.elastic.co/GPG-KEY-elasticsearch
+sudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/elasticsearch.asc] https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'
+sudo apt update
+sudo apt install elasticsearch -y
+
+sudo systemctl daemon-reload
+sudo systemctl enable --now elasticsearch
+
+echo 'path.data: /var/lib/elasticsearch
+path.logs: /var/log/elasticsearch
+network.host: 0.0.0.0
+http.port: 9200
+discovery.seed_hosts: ["localhost"]
+cluster.initial_master_nodes: ["node-1"]
+xpack.security.enabled: false' > /etc/elasticsearch/elasticsearch.yml
+
+sudo systemctl restart elasticsearch
+
+# Install Kibana
+sudo apt install kibana -y
+sudo systemctl enable --now kibana
+
+echo 'server.host: "0.0.0.0"
+elasticsearch.hosts: ["http://localhost:9200"]' > /etc/kibana/kibana.yml
+
+sudo systemctl restart kibana
+
+SCRIPT
+
 $provisionB = <<SCRIPT
 
 source "/etc/profile.d/rvm.sh"
@@ -102,10 +134,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 
   config.vm.provider :virtualbox do |vb|
     vb.name = "mastodon"
-    vb.customize ["modifyvm", :id, "--memory", "2048"]
-    # Increase the number of CPUs. Uncomment and adjust to
-    # increase performance
-    # vb.customize ["modifyvm", :id, "--cpus", "3"]
+    vb.customize ["modifyvm", :id, "--memory", "8192"]
+    vb.customize ["modifyvm", :id, "--cpus", "3"]
 
     # Disable VirtualBox DNS proxy to skip long-delay IPv6 resolutions.
     # https://github.com/mitchellh/vagrant/issues/1172
@@ -141,9 +171,15 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   config.vm.network :forwarded_port, guest: 3000, host: 3000
   config.vm.network :forwarded_port, guest: 4000, host: 4000
   config.vm.network :forwarded_port, guest: 8080, host: 8080
+  config.vm.network :forwarded_port, guest: 9200, host: 9200
+  config.vm.network :forwarded_port, guest: 9300, host: 9300
+  config.vm.network :forwarded_port, guest: 9243, host: 9243
+  config.vm.network :forwarded_port, guest: 5601, host: 5601
 
   # Full provisioning script, only runs on first 'vagrant up' or with 'vagrant provision'
   config.vm.provision :shell, inline: $provisionA, privileged: false, reset: true
+  # Run with elevated privileges for Elasticsearch installation
+  config.vm.provision :shell, inline: $provisionElasticsearch, privileged: true
   config.vm.provision :shell, inline: $provisionB, privileged: false
 
   config.vm.post_up_message = <<MESSAGE

app/chewy/accounts_index.rb

@@ -1,10 +1,42 @@
 # frozen_string_literal: true
 
 class AccountsIndex < Chewy::Index
-  settings index: { refresh_interval: '30s' }, analysis: {
+  include DatetimeClampingConcern
+
+  settings index: index_preset(refresh_interval: '30s'), analysis: {
+    filter: {
+      english_stop: {
+        type: 'stop',
+        stopwords: '_english_',
+      },
+
+      english_stemmer: {
+        type: 'stemmer',
+        language: 'english',
+      },
+
+      english_possessive_stemmer: {
+        type: 'stemmer',
+        language: 'possessive_english',
+      },
+    },
+
     analyzer: {
-      content: {
-        tokenizer: 'whitespace',
+      natural: {
+        tokenizer: 'standard',
+        filter: %w(
+          lowercase
+          asciifolding
+          cjk_width
+          elision
+          english_possessive_stemmer
+          english_stop
+          english_stemmer
+        ),
+      },
+
+      verbatim: {
+        tokenizer: 'standard',
         filter: %w(lowercase asciifolding cjk_width),
       },
 
@@ -26,18 +58,13 @@ class AccountsIndex < Chewy::Index
   index_scope ::Account.searchable.includes(:account_stat)
 
   root date_detection: false do
-    field :id, type: 'long'
-
-    field :display_name, type: 'text', analyzer: 'content' do
-      field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
-    end
-
-    field :acct, type: 'text', analyzer: 'content', value: ->(account) { [account.username, account.domain].compact.join('@') } do
-      field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
-    end
-
-    field :following_count, type: 'long', value: ->(account) { account.following_count }
-    field :followers_count, type: 'long', value: ->(account) { account.followers_count }
-    field :last_status_at, type: 'date', value: ->(account) { account.last_status_at || account.created_at }
+    field(:id, type: 'long')
+    field(:following_count, type: 'long')
+    field(:followers_count, type: 'long')
+    field(:properties, type: 'keyword', value: ->(account) { account.searchable_properties })
+    field(:last_status_at, type: 'date', value: ->(account) { clamp_date(account.last_status_at || account.created_at) })
+    field(:display_name, type: 'text', analyzer: 'verbatim') { field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'verbatim' }
+    field(:username, type: 'text', analyzer: 'verbatim', value: ->(account) { [account.username, account.domain].compact.join('@') }) { field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'verbatim' }
+    field(:text, type: 'text', analyzer: 'verbatim', value: ->(account) { account.searchable_text }) { field :stemmed, type: 'text', analyzer: 'natural' }
   end
 end

app/chewy/concerns/datetime_clamping_concern.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module DatetimeClampingConcern
+  extend ActiveSupport::Concern
+
+  MIN_ISO8601_DATETIME = '0000-01-01T00:00:00Z'.to_datetime.freeze
+  MAX_ISO8601_DATETIME = '9999-12-31T23:59:59Z'.to_datetime.freeze
+
+  class_methods do
+    def clamp_date(datetime)
+      datetime.clamp(MIN_ISO8601_DATETIME, MAX_ISO8601_DATETIME)
+    end
+  end
+end

app/chewy/instances_index.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class InstancesIndex < Chewy::Index
+  settings index: index_preset(refresh_interval: '30s')
+
+  index_scope ::Instance.searchable
+
+  root date_detection: false do
+    field :domain, type: 'text', index_prefixes: { min_chars: 1, max_chars: 5 }
+    field :accounts_count, type: 'long'
+  end
+end

app/chewy/public_statuses_index.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+class PublicStatusesIndex < Chewy::Index
+  include DatetimeClampingConcern
+
+  settings index: index_preset(refresh_interval: '30s', number_of_shards: 5), analysis: {
+    filter: {
+      english_stop: {
+        type: 'stop',
+        stopwords: '_english_',
+      },
+
+      english_stemmer: {
+        type: 'stemmer',
+        language: 'english',
+      },
+
+      english_possessive_stemmer: {
+        type: 'stemmer',
+        language: 'possessive_english',
+      },
+    },
+
+    analyzer: {
+      verbatim: {
+        tokenizer: 'uax_url_email',
+        filter: %w(lowercase),
+      },
+
+      content: {
+        tokenizer: 'standard',
+        filter: %w(
+          lowercase
+          asciifolding
+          cjk_width
+          elision
+          english_possessive_stemmer
+          english_stop
+          english_stemmer
+        ),
+      },
+
+      hashtag: {
+        tokenizer: 'keyword',
+        filter: %w(
+          word_delimiter_graph
+          lowercase
+          asciifolding
+          cjk_width
+        ),
+      },
+    },
+  }
+
+  index_scope ::Status.unscoped
+                      .kept
+                      .indexable
+                      .includes(:media_attachments, :preloadable_poll, :preview_cards, :tags)
+
+  root date_detection: false do
+    field(:id, type: 'long')
+    field(:account_id, type: 'long')
+    field(:text, type: 'text', analyzer: 'verbatim', value: ->(status) { status.searchable_text }) { field(:stemmed, type: 'text', analyzer: 'content') }
+    field(:tags, type: 'text', analyzer: 'hashtag', value: ->(status) { status.tags.map(&:display_name) })
+    field(:language, type: 'keyword')
+    field(:properties, type: 'keyword', value: ->(status) { status.searchable_properties })
+    field(:created_at, type: 'date', value: ->(status) { clamp_date(status.created_at) })
+  end
+end

app/chewy/statuses_index.rb

@@ -1,75 +1,67 @@
 # frozen_string_literal: true
 
 class StatusesIndex < Chewy::Index
-  include FormattingHelper
+  include DatetimeClampingConcern
 
-  settings index: { refresh_interval: '30s' }, analysis: {
+  settings index: index_preset(refresh_interval: '30s', number_of_shards: 5), analysis: {
     filter: {
       english_stop: {
         type: 'stop',
         stopwords: '_english_',
       },
+
       english_stemmer: {
         type: 'stemmer',
         language: 'english',
       },
+
       english_possessive_stemmer: {
         type: 'stemmer',
         language: 'possessive_english',
       },
     },
+
     analyzer: {
-      content: {
+      verbatim: {
         tokenizer: 'uax_url_email',
+        filter: %w(lowercase),
+      },
+
+      content: {
+        tokenizer: 'standard',
         filter: %w(
-          english_possessive_stemmer
           lowercase
           asciifolding
           cjk_width
+          elision
+          english_possessive_stemmer
           english_stop
           english_stemmer
         ),
       },
+
+      hashtag: {
+        tokenizer: 'keyword',
+        filter: %w(
+          word_delimiter_graph
+          lowercase
+          asciifolding
+          cjk_width
+        ),
+      },
     },
   }
 
-  # We do not use delete_if option here because it would call a method that we
-  # expect to be called with crutches without crutches, causing n+1 queries
-  index_scope ::Status.unscoped.kept.without_reblogs.includes(:media_attachments, :preloadable_poll)
-
-  crutch :mentions do |collection|
-    data = ::Mention.where(status_id: collection.map(&:id)).where(account: Account.local, silent: false).pluck(:status_id, :account_id)
-    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
-  end
-
-  crutch :favourites do |collection|
-    data = ::Favourite.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
-    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
-  end
-
-  crutch :reblogs do |collection|
-    data = ::Status.where(reblog_of_id: collection.map(&:id)).where(account: Account.local).pluck(:reblog_of_id, :account_id)
-    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
-  end
-
-  crutch :bookmarks do |collection|
-    data = ::Bookmark.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
-    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
-  end
-
-  crutch :votes do |collection|
-    data = ::PollVote.joins(:poll).where(poll: { status_id: collection.map(&:id) }).where(account: Account.local).pluck(:status_id, :account_id)
-    data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
-  end
+  index_scope ::Status.unscoped.kept.without_reblogs.includes(:media_attachments, :preview_cards, :local_mentioned, :local_favorited, :local_reblogged, :local_bookmarked, :tags, preloadable_poll: :local_voters), delete_if: ->(status) { status.searchable_by.empty? }
 
   root date_detection: false do
-    field :id, type: 'long'
-    field :account_id, type: 'long'
-
-    field :text, type: 'text', value: ->(status) { status.searchable_text } do
-      field :stemmed, type: 'text', analyzer: 'content'
-    end
-
-    field :searchable_by, type: 'long', value: ->(status, crutches) { status.searchable_by(crutches) }
+    field(:id, type: 'long')
+    field(:account_id, type: 'long')
+    field(:text, type: 'text', analyzer: 'verbatim', value: ->(status) { status.searchable_text }) { field(:stemmed, type: 'text', analyzer: 'content') }
+    field(:tags, type: 'text', analyzer: 'hashtag',  value: ->(status) { status.tags.map(&:display_name) })
+    field(:searchable_by, type: 'long', value: ->(status) { status.searchable_by })
+    field(:language, type: 'keyword')
+    field(:properties, type: 'keyword', value: ->(status) { status.searchable_properties })
+    field(:created_at, type: 'date', value: ->(status) { clamp_date(status.created_at) })
   end
 end

app/chewy/tags_index.rb

@@ -1,16 +1,27 @@
 # frozen_string_literal: true
 
 class TagsIndex < Chewy::Index
-  settings index: { refresh_interval: '30s' }, analysis: {
+  include DatetimeClampingConcern
+
+  settings index: index_preset(refresh_interval: '30s'), analysis: {
     analyzer: {
       content: {
         tokenizer: 'keyword',
-        filter: %w(lowercase asciifolding cjk_width),
+        filter: %w(
+          word_delimiter_graph
+          lowercase
+          asciifolding
+          cjk_width
+        ),
       },
 
       edge_ngram: {
         tokenizer: 'edge_ngram',
-        filter: %w(lowercase asciifolding cjk_width),
+        filter: %w(
+          lowercase
+          asciifolding
+          cjk_width
+        ),
       },
     },
 
@@ -30,12 +41,9 @@ class TagsIndex < Chewy::Index
   end
 
   root date_detection: false do
-    field :name, type: 'text', analyzer: 'content' do
-      field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
-    end
-
-    field :reviewed, type: 'boolean', value: ->(tag) { tag.reviewed? }
-    field :usage, type: 'long', value: ->(tag, crutches) { tag.history.aggregate(crutches.time_period).accounts }
-    field :last_status_at, type: 'date', value: ->(tag) { tag.last_status_at || tag.created_at }
+    field(:name, type: 'text', analyzer: 'content', value: :display_name) { field(:edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content') }
+    field(:reviewed, type: 'boolean', value: ->(tag) { tag.reviewed? })
+    field(:usage, type: 'long', value: ->(tag, crutches) { tag.history.aggregate(crutches.time_period).accounts })
+    field(:last_status_at, type: 'date', value: ->(tag) { clamp_date(tag.last_status_at || tag.created_at) })
   end
 end

app/controllers/about_controller.rb

@@ -8,7 +8,7 @@ class AboutController < ApplicationController
   before_action :set_instance_presenter
 
   def show
-    expires_in 0, public: true unless user_signed_in?
+    expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?
   end
 
   private

app/controllers/accounts_controller.rb

@@ -7,16 +7,17 @@ class AccountsController < ApplicationController
   include AccountControllerConcern
   include SignatureAuthentication
 
+  vary_by -> { public_fetch_mode? ? 'Accept, Accept-Language, Cookie' : 'Accept, Accept-Language, Cookie, Signature' }
+
   before_action :require_account_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
-  before_action :set_cache_headers
 
   skip_around_action :set_locale, if: -> { [:json, :rss].include?(request.format&.to_sym) }
-  skip_before_action :require_functional!, unless: :whitelist_mode?
+  skip_before_action :require_functional!, unless: :limited_federation_mode?
 
   def show
     respond_to do |format|
       format.html do
-        expires_in 0, public: true unless user_signed_in?
+        expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.hour) unless user_signed_in?
 
         @rss_url = rss_url
       end

app/controllers/activitypub/base_controller.rb

@@ -7,10 +7,6 @@ class ActivityPub::BaseController < Api::BaseController
 
   private
 
-  def set_cache_headers
-    response.headers['Vary'] = 'Signature' if authorized_fetch_mode?
-  end
-
   def skip_temporary_suspension_response?
     false
   end

app/controllers/activitypub/collections_controller.rb

@@ -4,11 +4,12 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
   include SignatureVerification
   include AccountOwnedConcern
 
+  vary_by -> { 'Signature' if authorized_fetch_mode? }
+
   before_action :require_account_signature!, if: :authorized_fetch_mode?
   before_action :set_items
   before_action :set_size
   before_action :set_type
-  before_action :set_cache_headers
 
   def show
     expires_in 3.minutes, public: public_fetch_mode?

app/controllers/activitypub/followers_synchronizations_controller.rb

@@ -4,9 +4,10 @@ class ActivityPub::FollowersSynchronizationsController < ActivityPub::BaseContro
   include SignatureVerification
   include AccountOwnedConcern
 
+  vary_by -> { 'Signature' if authorized_fetch_mode? }
+
   before_action :require_account_signature!
   before_action :set_items
-  before_action :set_cache_headers
 
   def show
     expires_in 0, public: false

app/controllers/activitypub/outboxes_controller.rb

@@ -6,9 +6,10 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   include SignatureVerification
   include AccountOwnedConcern
 
+  vary_by -> { 'Signature' if authorized_fetch_mode? || page_requested? }
+
   before_action :require_account_signature!, if: :authorized_fetch_mode?
   before_action :set_statuses
-  before_action :set_cache_headers
 
   def show
     if page_requested?
@@ -16,6 +17,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
     else
       expires_in(3.minutes, public: public_fetch_mode?)
     end
+
     render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
   end
 
@@ -80,8 +82,4 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   def set_account
     @account = params[:account_username].present? ? Account.find_local!(username_param) : Account.representative
   end
-
-  def set_cache_headers
-    response.headers['Vary'] = 'Signature' if authorized_fetch_mode? || page_requested?
-  end
 end

app/controllers/activitypub/replies_controller.rb

@@ -7,9 +7,10 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
 
   DESCENDANTS_LIMIT = 60
 
+  vary_by -> { 'Signature' if authorized_fetch_mode? }
+
   before_action :require_account_signature!, if: :authorized_fetch_mode?
   before_action :set_status
-  before_action :set_cache_headers
   before_action :set_replies
 
   def index

app/controllers/admin/account_actions_controller.rb

@@ -21,7 +21,7 @@ module Admin
       account_action.save!
 
       if account_action.with_report?
-        redirect_to admin_reports_path, notice: I18n.t('admin.reports.processed_msg', id: params[:report_id])
+        redirect_to admin_reports_path, notice: I18n.t('admin.reports.processed_msg', id: resource_params[:report_id])
       else
         redirect_to admin_account_path(@account.id)
       end

app/controllers/admin/announcements_controller.rb

@@ -14,6 +14,10 @@ class Admin::AnnouncementsController < Admin::BaseController
     @announcement = Announcement.new
   end
 
+  def edit
+    authorize :announcement, :update?
+  end
+
   def create
     authorize :announcement, :create?
 
@@ -28,10 +32,6 @@ class Admin::AnnouncementsController < Admin::BaseController
     end
   end
 
-  def edit
-    authorize :announcement, :update?
-  end
-
   def update
     authorize :announcement, :update?
 

app/controllers/admin/base_controller.rb

@@ -8,6 +8,8 @@ module Admin
     layout 'admin'
 
     before_action :set_body_classes
+    before_action :set_cache_headers
+
     after_action :verify_authorized
 
     private
@@ -16,6 +18,10 @@ module Admin
       @body_classes = 'admin'
     end
 
+    def set_cache_headers
+      response.cache_control.replace(private: true, no_store: true)
+    end
+
     def set_user
       @user = Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
     end

app/controllers/admin/dashboard_controller.rb

@@ -14,17 +14,5 @@ module Admin
       @pending_tags_count    = Tag.pending_review.count
       @pending_appeals_count = Appeal.pending.count
     end
-
-    private
-
-    def redis_info
-      @redis_info ||= begin
-        if redis.is_a?(Redis::Namespace)
-          redis.redis.info
-        else
-          redis.info
-        end
-      end
-    end
   end
 end

app/controllers/admin/domain_allows_controller.rb

@@ -25,6 +25,8 @@ class Admin::DomainAllowsController < Admin::BaseController
   def destroy
     authorize @domain_allow, :destroy?
     UnallowDomainService.new.call(@domain_allow)
+    log_action :destroy, @domain_allow
+
     redirect_to admin_instances_path, notice: I18n.t('admin.domain_allows.destroyed_msg')
   end
 

app/controllers/admin/domain_blocks_controller.rb

@@ -2,7 +2,7 @@
 
 module Admin
   class DomainBlocksController < BaseController
-    before_action :set_domain_block, only: [:show, :destroy, :edit, :update]
+    before_action :set_domain_block, only: [:destroy, :edit, :update]
 
     def batch
       authorize :domain_block, :create?
@@ -31,31 +31,41 @@ module Admin
       @domain_block = DomainBlock.new(resource_params)
       existing_domain_block = resource_params[:domain].present? ? DomainBlock.rule_for(resource_params[:domain]) : nil
 
+      # Disallow accidentally downgrading a domain block
       if existing_domain_block.present? && !@domain_block.stricter_than?(existing_domain_block)
         @domain_block.save
-        flash.now[:alert] = I18n.t('admin.domain_blocks.existing_domain_block_html', name: existing_domain_block.domain, unblock_url: admin_domain_block_path(existing_domain_block)).html_safe # rubocop:disable Rails/OutputSafety
+        flash.now[:alert] = I18n.t('admin.domain_blocks.existing_domain_block_html', name: existing_domain_block.domain, unblock_url: admin_domain_block_path(existing_domain_block)).html_safe
         @domain_block.errors.delete(:domain)
-        render :new
-      else
-        if existing_domain_block.present?
-          @domain_block = existing_domain_block
-          @domain_block.update(resource_params)
-        end
+        return render :new
+      end
 
-        if @domain_block.save
-          DomainBlockWorker.perform_async(@domain_block.id)
-          log_action :create, @domain_block
-          redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
-        else
-          render :new
-        end
+      # Allow transparently upgrading a domain block
+      if existing_domain_block.present? && existing_domain_block.domain == TagManager.instance.normalize_domain(@domain_block.domain.strip)
+        @domain_block = existing_domain_block
+        @domain_block.assign_attributes(resource_params)
+      end
+
+      # Require explicit confirmation when suspending
+      return render :confirm_suspension if requires_confirmation?
+
+      if @domain_block.save
+        DomainBlockWorker.perform_async(@domain_block.id)
+        log_action :create, @domain_block
+        redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
+      else
+        render :new
       end
     end
 
     def update
       authorize :domain_block, :update?
 
-      if @domain_block.update(update_params)
+      @domain_block.assign_attributes(update_params)
+
+      # Require explicit confirmation when suspending
+      return render :confirm_suspension if requires_confirmation?
+
+      if @domain_block.save
         DomainBlockWorker.perform_async(@domain_block.id, @domain_block.severity_previously_changed?)
         log_action :update, @domain_block
         redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
@@ -90,9 +100,11 @@ module Admin
     end
 
     def action_from_button
-      if params[:save]
-        'save'
-      end
+      'save' if params[:save]
+    end
+
+    def requires_confirmation?
+      @domain_block.valid? && (@domain_block.new_record? || @domain_block.severity_changed?) && @domain_block.severity.to_s == 'suspend' && !params[:confirm]
     end
   end
 end

app/controllers/admin/email_domain_blocks_controller.rb

@@ -2,8 +2,6 @@
 
 module Admin
   class EmailDomainBlocksController < BaseController
-    before_action :set_email_domain_block, only: [:show, :destroy]
-
     def index
       authorize :email_domain_block, :index?
 
@@ -59,10 +57,6 @@ module Admin
 
     private
 
-    def set_email_domain_block
-      @email_domain_block = EmailDomainBlock.find(params[:id])
-    end
-
     def set_resolved_records
       Resolv::DNS.open do |dns|
         dns.timeouts = 5

app/controllers/admin/instances_controller.rb

@@ -65,7 +65,7 @@ module Admin
     end
 
     def filtered_instances
-      InstanceFilter.new(whitelist_mode? ? { allowed: true } : filter_params).results
+      InstanceFilter.new(limited_federation_mode? ? { allowed: true } : filter_params).results
     end
 
     def filter_params

app/controllers/admin/roles_controller.rb

@@ -16,6 +16,10 @@ module Admin
       @role = UserRole.new
     end
 
+    def edit
+      authorize @role, :update?
+    end
+
     def create
       authorize :user_role, :create?
 
@@ -30,10 +34,6 @@ module Admin
       end
     end
 
-    def edit
-      authorize @role, :update?
-    end
-
     def update
       authorize @role, :update?
 

app/controllers/admin/rules_controller.rb

@@ -11,6 +11,10 @@ module Admin
       @rule  = Rule.new
     end
 
+    def edit
+      authorize @rule, :update?
+    end
+
     def create
       authorize :rule, :create?
 
@@ -24,10 +28,6 @@ module Admin
       end
     end
 
-    def edit
-      authorize @rule, :update?
-    end
-
     def update
       authorize @rule, :update?
 

app/controllers/admin/software_updates_controller.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Admin
+  class SoftwareUpdatesController < BaseController
+    before_action :check_enabled!
+
+    def index
+      authorize :software_update, :index?
+      @software_updates = SoftwareUpdate.all.sort_by(&:gem_version)
+    end
+
+    private
+
+    def check_enabled!
+      not_found unless SoftwareUpdate.check_enabled?
+    end
+  end
+end

app/controllers/admin/warning_presets_controller.rb

@@ -11,6 +11,10 @@ module Admin
       @warning_preset  = AccountWarningPreset.new
     end
 
+    def edit
+      authorize @warning_preset, :update?
+    end
+
     def create
       authorize :account_warning_preset, :create?
 
@@ -24,10 +28,6 @@ module Admin
       end
     end
 
-    def edit
-      authorize @warning_preset, :update?
-    end
-
     def update
       authorize @warning_preset, :update?
 

app/controllers/admin/webhooks_controller.rb

@@ -10,16 +10,25 @@ module Admin
       @webhooks = Webhook.page(params[:page])
     end
 
+    def show
+      authorize @webhook, :show?
+    end
+
     def new
       authorize :webhook, :create?
 
       @webhook = Webhook.new
     end
 
+    def edit
+      authorize @webhook, :update?
+    end
+
     def create
       authorize :webhook, :create?
 
       @webhook = Webhook.new(resource_params)
+      @webhook.current_account = current_account
 
       if @webhook.save
         redirect_to admin_webhook_path(@webhook)
@@ -28,21 +37,15 @@ module Admin
       end
     end
 
-    def show
-      authorize @webhook, :show?
-    end
-
-    def edit
-      authorize @webhook, :update?
-    end
-
     def update
       authorize @webhook, :update?
 
+      @webhook.current_account = current_account
+
       if @webhook.update(resource_params)
         redirect_to admin_webhook_path(@webhook)
       else
-        render :show
+        render :edit
       end
     end
 
@@ -71,7 +74,7 @@ module Admin
     end
 
     def resource_params
-      params.require(:webhook).permit(:url, events: [])
+      params.require(:webhook).permit(:url, :template, events: [])
     end
   end
 end

app/controllers/api/base_controller.rb

@@ -6,13 +6,14 @@ class Api::BaseController < ApplicationController
 
   include RateLimitHeaders
   include AccessTokenTrackingConcern
+  include ApiCachingConcern
 
-  skip_before_action :store_current_location
-  skip_before_action :require_functional!, unless: :whitelist_mode?
+  skip_before_action :require_functional!, unless: :limited_federation_mode?
 
   before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access?
   before_action :require_not_suspended!
-  before_action :set_cache_headers
+
+  vary_by 'Authorization'
 
   protect_from_forgery with: :null_session
 
@@ -148,12 +149,8 @@ class Api::BaseController < ApplicationController
     doorkeeper_authorize!(*scopes) if doorkeeper_token
   end
 
-  def set_cache_headers
-    response.headers['Cache-Control'] = 'private, no-store'
-  end
-
   def disallow_unauthenticated_api_access?
-    ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.whitelist_mode
+    ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.limited_federation_mode
   end
 
   private

app/controllers/api/v1/accounts/credentials_controller.rb

@@ -13,7 +13,7 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
   def update
     @account = current_account
     UpdateAccountService.new.call(@account, account_params, raise_error: true)
-    UserSettingsDecorator.new(current_user).update(user_settings_params) if user_settings_params
+    current_user.update(user_params) if user_params
     ActivityPub::UpdateDistributionWorker.perform_async(@account.id)
     render json: @account, serializer: REST::CredentialAccountSerializer
   end
@@ -30,19 +30,22 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
       :bot,
       :discoverable,
       :hide_collections,
+      :indexable,
       fields_attributes: [:name, :value]
     )
   end
 
-  def user_settings_params
+  def user_params
     return nil if params[:source].blank?
 
     source_params = params.require(:source)
 
     {
-      'setting_default_privacy' => source_params.fetch(:privacy, @account.user.setting_default_privacy),
-      'setting_default_sensitive' => source_params.fetch(:sensitive, @account.user.setting_default_sensitive),
-      'setting_default_language' => source_params.fetch(:language, @account.user.setting_default_language),
+      settings_attributes: {
+        default_privacy: source_params.fetch(:privacy, @account.user.setting_default_privacy),
+        default_sensitive: source_params.fetch(:sensitive, @account.user.setting_default_sensitive),
+        default_language: source_params.fetch(:language, @account.user.setting_default_language),
+      },
     }
   end
 end

app/controllers/api/v1/accounts/follower_accounts_controller.rb

@@ -6,6 +6,7 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
   after_action :insert_pagination_headers
 
   def index
+    cache_if_unauthenticated!
     @accounts = load_accounts
     render json: @accounts, each_serializer: REST::AccountSerializer
   end
@@ -45,15 +46,11 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
   end
 
   def next_path
-    if records_continue?
-      api_v1_account_followers_url pagination_params(max_id: pagination_max_id)
-    end
+    api_v1_account_followers_url pagination_params(max_id: pagination_max_id) if records_continue?
   end
 
   def prev_path
-    unless @accounts.empty?
-      api_v1_account_followers_url pagination_params(since_id: pagination_since_id)
-    end
+    api_v1_account_followers_url pagination_params(since_id: pagination_since_id) unless @accounts.empty?
   end
 
   def pagination_max_id

app/controllers/api/v1/accounts/following_accounts_controller.rb

@@ -6,6 +6,7 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
   after_action :insert_pagination_headers
 
   def index
+    cache_if_unauthenticated!
     @accounts = load_accounts
     render json: @accounts, each_serializer: REST::AccountSerializer
   end
@@ -45,15 +46,11 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
   end
 
   def next_path
-    if records_continue?
-      api_v1_account_following_index_url pagination_params(max_id: pagination_max_id)
-    end
+    api_v1_account_following_index_url pagination_params(max_id: pagination_max_id) if records_continue?
   end
 
   def prev_path
-    unless @accounts.empty?
-      api_v1_account_following_index_url pagination_params(since_id: pagination_since_id)
-    end
+    api_v1_account_following_index_url pagination_params(since_id: pagination_since_id) unless @accounts.empty?
   end
 
   def pagination_max_id

app/controllers/api/v1/accounts/lookup_controller.rb

@@ -5,6 +5,7 @@ class Api::V1::Accounts::LookupController < Api::BaseController
   before_action :set_account
 
   def show
+    cache_if_unauthenticated!
     render json: @account, serializer: REST::AccountSerializer
   end
 

app/controllers/api/v1/accounts/notes_controller.rb

@@ -25,6 +25,6 @@ class Api::V1::Accounts::NotesController < Api::BaseController
   end
 
   def relationships_presenter
-    AccountRelationshipsPresenter.new([@account.id], current_user.account_id)
+    AccountRelationshipsPresenter.new([@account], current_user.account_id)
   end
 end

app/controllers/api/v1/accounts/pins_controller.rb

@@ -25,6 +25,6 @@ class Api::V1::Accounts::PinsController < Api::BaseController
   end
 
   def relationships_presenter
-    AccountRelationshipsPresenter.new([@account.id], current_user.account_id)
+    AccountRelationshipsPresenter.new([@account], current_user.account_id)
   end
 end

app/controllers/api/v1/accounts/relationships_controller.rb

@@ -5,11 +5,10 @@ class Api::V1::Accounts::RelationshipsController < Api::BaseController
   before_action :require_user!
 
   def index
-    accounts = Account.without_suspended.where(id: account_ids).select('id')
+    @accounts = Account.without_suspended.where(id: account_ids).select(:id, :domain).to_a
     # .where doesn't guarantee that our results are in the same order
     # we requested them, so return the "right" order to the requestor.
-    @accounts = accounts.index_by(&:id).values_at(*account_ids).compact
-    render json: @accounts, each_serializer: REST::RelationshipSerializer, relationships: relationships
+    render json: @accounts.index_by(&:id).values_at(*account_ids).compact, each_serializer: REST::RelationshipSerializer, relationships: relationships
   end
 
   private

app/controllers/api/v1/accounts/statuses_controller.rb

@@ -7,6 +7,7 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
   after_action :insert_pagination_headers, unless: -> { truthy_param?(:pinned) }
 
   def index
+    cache_if_unauthenticated!
     @statuses = load_statuses
     render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
   end
@@ -39,15 +40,11 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
   end
 
   def next_path
-    if records_continue?
-      api_v1_account_statuses_url pagination_params(max_id: pagination_max_id)
-    end
+    api_v1_account_statuses_url pagination_params(max_id: pagination_max_id) if records_continue?
   end
 
   def prev_path
-    unless @statuses.empty?
-      api_v1_account_statuses_url pagination_params(min_id: pagination_since_id)
-    end
+    api_v1_account_statuses_url pagination_params(min_id: pagination_since_id) unless @statuses.empty?
   end
 
   def records_continue?

app/controllers/api/v1/accounts_controller.rb

@@ -18,6 +18,7 @@ class Api::V1::AccountsController < Api::BaseController
   override_rate_limit_headers :follow, family: :follows
 
   def show
+    cache_if_unauthenticated!
     render json: @account, serializer: REST::AccountSerializer
   end
 
@@ -30,7 +31,7 @@ class Api::V1::AccountsController < Api::BaseController
     self.response_body = Oj.dump(response.body)
     self.status        = response.status
   rescue ActiveRecord::RecordInvalid => e
-    render json: ValidationErrorFormatter.new(e, 'account.username': :username, 'invite_request.text': :reason).as_json, status: :unprocessable_entity
+    render json: ValidationErrorFormatter.new(e, 'account.username': :username, 'invite_request.text': :reason).as_json, status: 422
   end
 
   def follow
@@ -85,11 +86,11 @@ class Api::V1::AccountsController < Api::BaseController
   end
 
   def relationships(**options)
-    AccountRelationshipsPresenter.new([@account.id], current_user.account_id, **options)
+    AccountRelationshipsPresenter.new([@account], current_user.account_id, **options)
   end
 
   def account_params
-    params.permit(:username, :email, :password, :agreement, :locale, :reason)
+    params.permit(:username, :email, :password, :agreement, :locale, :reason, :time_zone)
   end
 
   def check_enabled_registrations

app/controllers/api/v1/admin/accounts_controller.rb

@@ -120,9 +120,7 @@ class Api::V1::Admin::AccountsController < Api::BaseController
       translated_params[:status] = status.to_s if params[status].present?
     end
 
-    if params[:staff].present?
-      translated_params[:role_ids] = UserRole.that_can(:manage_reports).map(&:id)
-    end
+    translated_params[:role_ids] = UserRole.that_can(:manage_reports).map(&:id) if params[:staff].present?
 
     translated_params
   end

app/controllers/api/v1/admin/canonical_email_blocks_controller.rb

@@ -58,7 +58,7 @@ class Api::V1::Admin::CanonicalEmailBlocksController < Api::BaseController
   end
 
   def set_canonical_email_blocks_from_test
-    @canonical_email_blocks = CanonicalEmailBlock.matching_email(params[:email])
+    @canonical_email_blocks = CanonicalEmailBlock.matching_email(params.require(:email))
   end
 
   def set_canonical_email_block

app/controllers/api/v1/admin/domain_allows_controller.rb

@@ -16,19 +16,6 @@ class Api::V1::Admin::DomainAllowsController < Api::BaseController
 
   PAGINATION_PARAMS = %i(limit).freeze
 
-  def create
-    authorize :domain_allow, :create?
-
-    @domain_allow = DomainAllow.find_by(resource_params)
-
-    if @domain_allow.nil?
-      @domain_allow = DomainAllow.create!(resource_params)
-      log_action :create, @domain_allow
-    end
-
-    render json: @domain_allow, serializer: REST::Admin::DomainAllowSerializer
-  end
-
   def index
     authorize :domain_allow, :index?
     render json: @domain_allows, each_serializer: REST::Admin::DomainAllowSerializer
@@ -39,6 +26,19 @@ class Api::V1::Admin::DomainAllowsController < Api::BaseController
     render json: @domain_allow, serializer: REST::Admin::DomainAllowSerializer
   end
 
+  def create
+    authorize :domain_allow, :create?
+
+    @domain_allow = DomainAllow.find_by(domain: resource_params[:domain])
+
+    if @domain_allow.nil?
+      @domain_allow = DomainAllow.create!(resource_params)
+      log_action :create, @domain_allow
+    end
+
+    render json: @domain_allow, serializer: REST::Admin::DomainAllowSerializer
+  end
+
   def destroy
     authorize @domain_allow, :destroy?
     UnallowDomainService.new.call(@domain_allow)

app/controllers/api/v1/admin/domain_blocks_controller.rb

@@ -16,18 +16,6 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
 
   PAGINATION_PARAMS = %i(limit).freeze
 
-  def create
-    authorize :domain_block, :create?
-
-    existing_domain_block = resource_params[:domain].present? ? DomainBlock.rule_for(resource_params[:domain]) : nil
-    return render json: existing_domain_block, serializer: REST::Admin::ExistingDomainBlockErrorSerializer, status: 422 if existing_domain_block.present?
-
-    @domain_block = DomainBlock.create!(resource_params)
-    DomainBlockWorker.perform_async(@domain_block.id)
-    log_action :create, @domain_block
-    render json: @domain_block, serializer: REST::Admin::DomainBlockSerializer
-  end
-
   def index
     authorize :domain_block, :index?
     render json: @domain_blocks, each_serializer: REST::Admin::DomainBlockSerializer
@@ -38,6 +26,19 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
     render json: @domain_block, serializer: REST::Admin::DomainBlockSerializer
   end
 
+  def create
+    authorize :domain_block, :create?
+
+    @domain_block = DomainBlock.new(resource_params)
+    existing_domain_block = resource_params[:domain].present? ? DomainBlock.rule_for(resource_params[:domain]) : nil
+    return render json: existing_domain_block, serializer: REST::Admin::ExistingDomainBlockErrorSerializer, status: 422 if conflicts_with_existing_block?(@domain_block, existing_domain_block)
+
+    @domain_block.save!
+    DomainBlockWorker.perform_async(@domain_block.id)
+    log_action :create, @domain_block
+    render json: @domain_block, serializer: REST::Admin::DomainBlockSerializer
+  end
+
   def update
     authorize @domain_block, :update?
     @domain_block.update!(domain_block_params)
@@ -55,6 +56,10 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
 
   private
 
+  def conflicts_with_existing_block?(domain_block, existing_domain_block)
+    existing_domain_block.present? && (existing_domain_block.domain == TagManager.instance.normalize_domain(domain_block.domain) || !domain_block.stricter_than?(existing_domain_block))
+  end
+
   def set_domain_blocks
     @domain_blocks = filtered_domain_blocks.order(id: :desc).to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
   end

app/controllers/api/v1/admin/email_domain_blocks_controller.rb

@@ -18,15 +18,6 @@ class Api::V1::Admin::EmailDomainBlocksController < Api::BaseController
     limit
   ).freeze
 
-  def create
-    authorize :email_domain_block, :create?
-
-    @email_domain_block = EmailDomainBlock.create!(resource_params)
-    log_action :create, @email_domain_block
-
-    render json: @email_domain_block, serializer: REST::Admin::EmailDomainBlockSerializer
-  end
-
   def index
     authorize :email_domain_block, :index?
     render json: @email_domain_blocks, each_serializer: REST::Admin::EmailDomainBlockSerializer
@@ -37,6 +28,15 @@ class Api::V1::Admin::EmailDomainBlocksController < Api::BaseController
     render json: @email_domain_block, serializer: REST::Admin::EmailDomainBlockSerializer
   end
 
+  def create
+    authorize :email_domain_block, :create?
+
+    @email_domain_block = EmailDomainBlock.create!(resource_params)
+    log_action :create, @email_domain_block
+
+    render json: @email_domain_block, serializer: REST::Admin::EmailDomainBlockSerializer
+  end
+
   def destroy
     authorize @email_domain_block, :destroy?
     @email_domain_block.destroy!

app/controllers/api/v1/admin/ip_blocks_controller.rb

@@ -18,13 +18,6 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
     limit
   ).freeze
 
-  def create
-    authorize :ip_block, :create?
-    @ip_block = IpBlock.create!(resource_params)
-    log_action :create, @ip_block
-    render json: @ip_block, serializer: REST::Admin::IpBlockSerializer
-  end
-
   def index
     authorize :ip_block, :index?
     render json: @ip_blocks, each_serializer: REST::Admin::IpBlockSerializer
@@ -35,6 +28,13 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
     render json: @ip_block, serializer: REST::Admin::IpBlockSerializer
   end
 
+  def create
+    authorize :ip_block, :create?
+    @ip_block = IpBlock.create!(resource_params)
+    log_action :create, @ip_block
+    render json: @ip_block, serializer: REST::Admin::IpBlockSerializer
+  end
+
   def update
     authorize @ip_block, :update?
     @ip_block.update(resource_params)

app/controllers/api/v1/admin/tags_controller.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+class Api::V1::Admin::TagsController < Api::BaseController
+  include Authorization
+  before_action -> { authorize_if_got_token! :'admin:read' }, only: [:index, :show]
+  before_action -> { authorize_if_got_token! :'admin:write' }, only: :update
+
+  before_action :set_tags, only: :index
+  before_action :set_tag, except: :index
+
+  after_action :insert_pagination_headers, only: :index
+  after_action :verify_authorized
+
+  LIMIT = 100
+  PAGINATION_PARAMS = %i(limit).freeze
+
+  def index
+    authorize :tag, :index?
+    render json: @tags, each_serializer: REST::Admin::TagSerializer
+  end
+
+  def show
+    authorize @tag, :show?
+    render json: @tag, serializer: REST::Admin::TagSerializer
+  end
+
+  def update
+    authorize @tag, :update?
+    @tag.update!(tag_params.merge(reviewed_at: Time.now.utc))
+    render json: @tag, serializer: REST::Admin::TagSerializer
+  end
+
+  private
+
+  def set_tag
+    @tag = Tag.find(params[:id])
+  end
+
+  def set_tags
+    @tags = Tag.all.to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
+  end
+
+  def tag_params
+    params.permit(:display_name, :trendable, :usable, :listable)
+  end
+
+  def insert_pagination_headers
+    set_pagination_headers(next_path, prev_path)
+  end
+
+  def next_path
+    api_v1_admin_tags_url(pagination_params(max_id: pagination_max_id)) if records_continue?
+  end
+
+  def prev_path
+    api_v1_admin_tags_url(pagination_params(min_id: pagination_since_id)) unless @tags.empty?
+  end
+
+  def pagination_max_id
+    @tags.last.id
+  end
+
+  def pagination_since_id
+    @tags.first.id
+  end
+
+  def records_continue?
+    @tags.size == limit_param(LIMIT)
+  end
+
+  def pagination_params(core_params)
+    params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
+  end
+end

app/controllers/api/v1/admin/trends/links/preview_card_providers_controller.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+class Api::V1::Admin::Trends::Links::PreviewCardProvidersController < Api::BaseController
+  include Authorization
+
+  LIMIT = 100
+
+  before_action -> { authorize_if_got_token! :'admin:read' }, only: :index
+  before_action -> { authorize_if_got_token! :'admin:write' }, except: :index
+  before_action :set_providers, only: :index
+
+  after_action :verify_authorized
+  after_action :insert_pagination_headers, only: :index
+
+  PAGINATION_PARAMS = %i(limit).freeze
+
+  def index
+    authorize :preview_card_provider, :index?
+
+    render json: @providers, each_serializer: REST::Admin::Trends::Links::PreviewCardProviderSerializer
+  end
+
+  def approve
+    authorize :preview_card_provider, :review?
+
+    provider = PreviewCardProvider.find(params[:id])
+    provider.update(trendable: true, reviewed_at: Time.now.utc)
+    render json: provider, serializer: REST::Admin::Trends::Links::PreviewCardProviderSerializer
+  end
+
+  def reject
+    authorize :preview_card_provider, :review?
+
+    provider = PreviewCardProvider.find(params[:id])
+    provider.update(trendable: false, reviewed_at: Time.now.utc)
+    render json: provider, serializer: REST::Admin::Trends::Links::PreviewCardProviderSerializer
+  end
+
+  private
+
+  def set_providers
+    @providers = PreviewCardProvider.all.to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
+  end
+
+  def insert_pagination_headers
+    set_pagination_headers(next_path, prev_path)
+  end
+
+  def next_path
+    api_v1_admin_trends_links_preview_card_providers_url(pagination_params(max_id: pagination_max_id)) if records_continue?
+  end
+
+  def prev_path
+    api_v1_admin_trends_links_preview_card_providers_url(pagination_params(min_id: pagination_since_id)) unless @providers.empty?
+  end
+
+  def pagination_max_id
+    @providers.last.id
+  end
+
+  def pagination_since_id
+    @providers.first.id
+  end
+
+  def records_continue?
+    @providers.size == limit_param(LIMIT)
+  end
+
+  def pagination_params(core_params)
+    params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
+  end
+end

app/controllers/api/v1/admin/trends/links_controller.rb

@@ -1,7 +1,36 @@
 # frozen_string_literal: true
 
 class Api::V1::Admin::Trends::LinksController < Api::V1::Trends::LinksController
-  before_action -> { authorize_if_got_token! :'admin:read' }
+  include Authorization
+
+  before_action -> { authorize_if_got_token! :'admin:read' }, only: :index
+  before_action -> { authorize_if_got_token! :'admin:write' }, except: :index
+
+  after_action :verify_authorized, except: :index
+
+  def index
+    if current_user&.can?(:manage_taxonomies)
+      render json: @links, each_serializer: REST::Admin::Trends::LinkSerializer
+    else
+      super
+    end
+  end
+
+  def approve
+    authorize :preview_card, :review?
+
+    link = PreviewCard.find(params[:id])
+    link.update(trendable: true)
+    render json: link, serializer: REST::Admin::Trends::LinkSerializer
+  end
+
+  def reject
+    authorize :preview_card, :review?
+
+    link = PreviewCard.find(params[:id])
+    link.update(trendable: false)
+    render json: link, serializer: REST::Admin::Trends::LinkSerializer
+  end
 
   private