Fix account search showing results from domains hidden by user

Fix #8586

.browserslistrc

@@ -1,7 +0,0 @@
-[production]
-defaults
-not IE 11
-not dead
-
-[development]
-supports es6-module

.bundler-audit.yml

@@ -1,6 +0,0 @@
----
-ignore:
-  # devise-two-factor advisory about brute-forcing TOTP
-  # We have rate-limits on authentication endpoints in place (including second
-  # factor verification) since Mastodon v3.2.0
-  - CVE-2024-0227

.circleci/config.yml

@@ -0,0 +1,249 @@
+version: 2
+
+aliases:
+  - &defaults
+    docker:
+      - image: circleci/ruby:2.7-buster-node
+        environment: &ruby_environment
+          BUNDLE_JOBS: 3
+          BUNDLE_RETRY: 3
+          BUNDLE_APP_CONFIG: ./.bundle/
+          BUNDLE_PATH: ./vendor/bundle/
+          DB_HOST: localhost
+          DB_USER: root
+          RAILS_ENV: test
+          ALLOW_NOPAM: true
+          CONTINUOUS_INTEGRATION: true
+          DISABLE_SIMPLECOV: true
+          PAM_ENABLED: true
+          PAM_DEFAULT_SERVICE: pam_test
+          PAM_CONTROLLED_SERVICE: pam_test_controlled
+    working_directory: ~/projects/mastodon/
+
+  - &attach_workspace
+    attach_workspace:
+      at: ~/projects/
+
+  - &persist_to_workspace
+    persist_to_workspace:
+      root: ~/projects/
+      paths:
+        - ./mastodon/
+
+  - &restore_ruby_dependencies
+    restore_cache:
+      keys:
+        - v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
+        - v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-
+        - v3-ruby-dependencies-
+
+  - &install_steps
+    steps:
+      - checkout
+      - *attach_workspace
+      - restore_cache:
+          keys:
+            - v2-node-dependencies-{{ checksum "yarn.lock" }}
+            - v2-node-dependencies-
+      - run:
+          name: Install yarn dependencies
+          command: yarn install --frozen-lockfile
+      - save_cache:
+          key: v2-node-dependencies-{{ checksum "yarn.lock" }}
+          paths:
+            - ./node_modules/
+      - *persist_to_workspace
+
+  - &install_system_dependencies
+      run:
+        name: Install system dependencies
+        command: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev libprotobuf-dev protobuf-compiler
+
+  - &install_ruby_dependencies
+      steps:
+        - *attach_workspace
+        - *install_system_dependencies
+        - run:
+            name: Set Ruby version
+            command: ruby -e 'puts RUBY_VERSION' | tee /tmp/.ruby-version
+        - *restore_ruby_dependencies
+        - run:
+            name: Set bundler settings
+            command: |
+              bundle config --local clean 'true'
+              bundle config --local deployment 'true'
+              bundle config --local with 'pam_authentication'
+              bundle config --local without 'development production'
+              bundle config --local frozen 'true'
+              bundle config --local path $BUNDLE_PATH
+        - run:
+            name: Install bundler dependencies
+            command: bundle check || (bundle install && bundle clean)
+        - save_cache:
+            key: v3-ruby-dependencies-{{ checksum "/tmp/.ruby-version" }}-{{ checksum "Gemfile.lock" }}
+            paths:
+              - ./.bundle/
+              - ./vendor/bundle/
+        - persist_to_workspace:
+            root: ~/projects/
+            paths:
+                - ./mastodon/.bundle/
+                - ./mastodon/vendor/bundle/
+
+  - &test_steps
+      parallelism: 4
+      steps:
+        - *attach_workspace
+        - *install_system_dependencies
+        - run:
+            name: Install FFMPEG
+            command: sudo apt-get install -y ffmpeg
+        - run:
+            name: Load database schema
+            command: ./bin/rails db:create db:schema:load db:seed
+        - run:
+            name: Run rspec in parallel
+            command: |
+              bundle exec rspec --profile 10 \
+                                --format RspecJunitFormatter \
+                                --out test_results/rspec.xml \
+                                --format progress \
+                                $(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)
+        - store_test_results:
+            path: test_results
+jobs:
+  install:
+    <<: *defaults
+    <<: *install_steps
+
+  install-ruby2.7:
+    <<: *defaults
+    <<: *install_ruby_dependencies
+
+  install-ruby2.6:
+    <<: *defaults
+    docker:
+      - image: circleci/ruby:2.6-buster-node
+        environment: *ruby_environment
+    <<: *install_ruby_dependencies
+
+  build:
+    <<: *defaults
+    steps:
+      - *attach_workspace
+      - *install_system_dependencies
+      - run:
+          name: Precompile assets
+          command: ./bin/rails assets:precompile
+      - persist_to_workspace:
+          root: ~/projects/
+          paths:
+              - ./mastodon/public/assets
+              - ./mastodon/public/packs-test/
+
+  test-migrations:
+    <<: *defaults
+    docker:
+      - image: circleci/ruby:2.7-buster-node
+        environment: *ruby_environment
+      - image: circleci/postgres:12.2
+        environment:
+          POSTGRES_USER: root
+          POSTGRES_HOST_AUTH_METHOD: trust
+      - image: circleci/redis:5-alpine
+    steps:
+      - *attach_workspace
+      - *install_system_dependencies
+      - run:
+          name: Create database
+          command: ./bin/rails db:create
+      - run:
+          name: Run migrations
+          command: ./bin/rails db:migrate
+
+  test-ruby2.7:
+    <<: *defaults
+    docker:
+      - image: circleci/ruby:2.7-buster-node
+        environment: *ruby_environment
+      - image: circleci/postgres:12.2
+        environment:
+          POSTGRES_USER: root
+          POSTGRES_HOST_AUTH_METHOD: trust
+      - image: circleci/redis:5-alpine
+    <<: *test_steps
+
+  test-ruby2.6:
+    <<: *defaults
+    docker:
+      - image: circleci/ruby:2.6-buster-node
+        environment: *ruby_environment
+      - image: circleci/postgres:12.2
+        environment:
+          POSTGRES_USER: root
+          POSTGRES_HOST_AUTH_METHOD: trust
+      - image: circleci/redis:5-alpine
+    <<: *test_steps
+
+  test-webui:
+    <<: *defaults
+    docker:
+      - image: circleci/node:12-buster
+    steps:
+      - *attach_workspace
+      - run:
+          name: Run jest
+          command: yarn test:jest
+
+  check-i18n:
+    <<: *defaults
+    steps:
+      - *attach_workspace
+      - *install_system_dependencies
+      - run:
+          name: Check locale file normalization
+          command: bundle exec i18n-tasks check-normalized
+      - run:
+          name: Check for unused strings
+          command: bundle exec i18n-tasks unused -l en
+      - run:
+          name: Check for wrong string interpolations
+          command: bundle exec i18n-tasks check-consistent-interpolations
+      - run:
+          name: Check that all required locale files exist
+          command: bundle exec rake repo:check_locales_files
+
+workflows:
+  version: 2
+  build-and-test:
+    jobs:
+      - install
+      - install-ruby2.7:
+          requires:
+            - install
+      - install-ruby2.6:
+          requires:
+            - install
+            - install-ruby2.7
+      - build:
+          requires:
+            - install-ruby2.7
+      - test-migrations:
+          requires:
+            - install-ruby2.7
+      - test-ruby2.7:
+          requires:
+            - install-ruby2.7
+            - build
+      - test-ruby2.6:
+          requires:
+            - install-ruby2.6
+            - build
+      - test-webui:
+          requires:
+            - install
+      - check-i18n:
+          requires:
+            - install-ruby2.7

.codeclimate.yml

@@ -0,0 +1,38 @@
+version: "2"
+checks:
+  argument-count:
+    enabled: false
+  complex-logic:
+    enabled: false
+  file-lines:
+    enabled: false
+  method-complexity:
+    enabled: false
+  method-count:
+    enabled: false
+  method-lines:
+    enabled: false
+  nested-control-flow:
+    enabled: false
+  return-statements:
+    enabled: false
+  similar-code:
+    enabled: false
+  identical-code:
+    enabled: false
+plugins:
+  brakeman:
+    enabled: true
+  bundler-audit:
+    enabled: true
+  eslint:
+    enabled: true
+    channel: eslint-7
+  rubocop:
+    enabled: true
+    channel: rubocop-0-82
+  sass-lint:
+    enabled: true
+exclude_patterns:
+- spec/
+- vendor/asset

.devcontainer/Dockerfile

@@ -1,20 +0,0 @@
-# For details, see https://github.com/devcontainers/images/tree/main/src/ruby
-FROM mcr.microsoft.com/devcontainers/ruby:1-3.2-bullseye
-
-# Install Rails
-# RUN gem install rails webdrivers
-
-ARG NODE_VERSION="16"
-RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"
-
-# [Optional] Uncomment this section to install additional OS packages.
-RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
-    && apt-get -y install --no-install-recommends libicu-dev libidn11-dev ffmpeg imagemagick libpam-dev
-
-# [Optional] Uncomment this line to install additional gems.
-RUN gem install foreman
-
-# [Optional] Uncomment this line to install global node packages.
-RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g yarn" 2>&1
-
-COPY welcome-message.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt

.devcontainer/codespaces/devcontainer.json

@@ -1,49 +0,0 @@
-{
-  "name": "Mastodon on GitHub Codespaces",
-  "dockerComposeFile": "../docker-compose.yml",
-  "service": "app",
-  "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
-
-  "features": {
-    "ghcr.io/devcontainers/features/sshd:1": {}
-  },
-
-  "runServices": ["app", "db", "redis"],
-
-  "forwardPorts": [3000, 4000],
-
-  "portsAttributes": {
-    "3000": {
-      "label": "web",
-      "onAutoForward": "notify"
-    },
-    "4000": {
-      "label": "stream",
-      "onAutoForward": "silent"
-    }
-  },
-
-  "otherPortsAttributes": {
-    "onAutoForward": "silent"
-  },
-
-  "remoteEnv": {
-    "LOCAL_DOMAIN": "${localEnv:CODESPACE_NAME}-3000.app.github.dev",
-    "LOCAL_HTTPS": "true",
-    "STREAMING_API_BASE_URL": "https://${localEnv:CODESPACE_NAME}-4000.app.github.dev",
-    "DISABLE_FORGERY_REQUEST_PROTECTION": "true",
-    "ES_ENABLED": "",
-    "LIBRE_TRANSLATE_ENDPOINT": ""
-  },
-
-  "onCreateCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
-  "postCreateCommand": ".devcontainer/post-create.sh",
-  "waitFor": "postCreateCommand",
-
-  "customizations": {
-    "vscode": {
-      "settings": {},
-      "extensions": ["EditorConfig.EditorConfig", "webben.browserslist"]
-    }
-  }
-}

.devcontainer/devcontainer.json

@@ -1,40 +0,0 @@
-{
-  "name": "Mastodon on local machine",
-  "dockerComposeFile": "docker-compose.yml",
-  "service": "app",
-  "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
-
-  "features": {
-    "ghcr.io/devcontainers/features/sshd:1": {}
-  },
-
-  "forwardPorts": [3000, 4000],
-
-  "portsAttributes": {
-    "3000": {
-      "label": "web",
-      "onAutoForward": "notify",
-      "requireLocalPort": true
-    },
-    "4000": {
-      "label": "stream",
-      "onAutoForward": "silent",
-      "requireLocalPort": true
-    }
-  },
-
-  "otherPortsAttributes": {
-    "onAutoForward": "silent"
-  },
-
-  "onCreateCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
-  "postCreateCommand": ".devcontainer/post-create.sh",
-  "waitFor": "postCreateCommand",
-
-  "customizations": {
-    "vscode": {
-      "settings": {},
-      "extensions": ["EditorConfig.EditorConfig", "webben.browserslist"]
-    }
-  }
-}

.devcontainer/docker-compose.yml

@@ -1,90 +0,0 @@
-version: '3'
-
-services:
-  app:
-    build:
-      context: .
-      dockerfile: Dockerfile
-    volumes:
-      - ../..:/workspaces:cached
-    environment:
-      RAILS_ENV: development
-      NODE_ENV: development
-      BIND: 0.0.0.0
-      REDIS_HOST: redis
-      REDIS_PORT: '6379'
-      DB_HOST: db
-      DB_USER: postgres
-      DB_PASS: postgres
-      DB_PORT: '5432'
-      ES_ENABLED: 'true'
-      ES_HOST: es
-      ES_PORT: '9200'
-      LIBRE_TRANSLATE_ENDPOINT: http://libretranslate:5000
-    # Overrides default command so things don't shut down after the process ends.
-    command: sleep infinity
-    ports:
-      - '127.0.0.1:3000:3000'
-      - '127.0.0.1:3035:3035'
-      - '127.0.0.1:4000:4000'
-    networks:
-      - external_network
-      - internal_network
-
-  db:
-    image: postgres:14-alpine
-    restart: unless-stopped
-    volumes:
-      - postgres-data:/var/lib/postgresql/data
-    environment:
-      POSTGRES_USER: postgres
-      POSTGRES_DB: postgres
-      POSTGRES_PASSWORD: postgres
-      POSTGRES_HOST_AUTH_METHOD: trust
-    networks:
-      - internal_network
-
-  redis:
-    image: redis:7-alpine
-    restart: unless-stopped
-    volumes:
-      - redis-data:/data
-    networks:
-      - internal_network
-
-  es:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
-    restart: unless-stopped
-    environment:
-      ES_JAVA_OPTS: -Xms512m -Xmx512m
-      cluster.name: es-mastodon
-      discovery.type: single-node
-      bootstrap.memory_lock: 'true'
-    volumes:
-      - es-data:/usr/share/elasticsearch/data
-    networks:
-      - internal_network
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-
-  libretranslate:
-    image: libretranslate/libretranslate:v1.3.11
-    restart: unless-stopped
-    volumes:
-      - lt-data:/home/libretranslate/.local
-    networks:
-      - external_network
-      - internal_network
-
-volumes:
-  postgres-data:
-  redis-data:
-  es-data:
-  lt-data:
-
-networks:
-  external_network:
-  internal_network:
-    internal: true

.devcontainer/post-create.sh

@@ -1,26 +0,0 @@
-#!/bin/bash
-
-set -e # Fail the whole script on first error
-
-# Fetch Ruby gem dependencies
-bundle config path 'vendor/bundle'
-bundle config with 'development test'
-bundle install
-
-# Make Gemfile.lock pristine again
-git checkout -- Gemfile.lock
-
-# Fetch Javascript dependencies
-yarn --frozen-lockfile
-
-# [re]create, migrate, and seed the test database
-RAILS_ENV=test ./bin/rails db:setup
-
-# [re]create, migrate, and seed the development database
-RAILS_ENV=development ./bin/rails db:setup
-
-# Precompile assets for development
-RAILS_ENV=development ./bin/rails assets:precompile
-
-# Precompile assets for test
-RAILS_ENV=test NODE_ENV=tests ./bin/rails assets:precompile

.devcontainer/welcome-message.txt

@@ -1,8 +0,0 @@
-👋 Welcome to "Mastodon" in GitHub Codespaces!
-
-🛠️  Your environment is fully setup with all the required software.
-
-🔍 To explore VS Code to its fullest, search using the Command Palette (Cmd/Ctrl + Shift + P or F1).
-
-📝 Edit away, run your app as usual, and we'll automatically make it available for you to access.
-

.dockerignore

@@ -1,10 +1,6 @@
 .bundle
 .env
 .env.*
-.git
-.gitattributes
-.gitignore
-.github
 public/system
 public/assets
 public/packs
@@ -15,7 +11,5 @@ vendor/bundle
 *.swp
 *~
 postgres
-postgres14
 redis
 elasticsearch
-chart

.editorconfig

@@ -10,4 +10,3 @@ insert_final_newline = true
 charset = utf-8
 indent_style = space
 indent_size = 2
-trim_trailing_whitespace = true

.env.nanobox

@@ -0,0 +1,257 @@
+# Service dependencies
+# You may set REDIS_URL instead for more advanced options
+REDIS_HOST=$DATA_REDIS_HOST
+REDIS_PORT=6379
+# REDIS_DB=0
+
+# You may set DATABASE_URL instead for more advanced options
+DB_HOST=$DATA_DB_HOST
+DB_USER=$DATA_DB_USER
+DB_NAME=gonano
+DB_PASS=$DATA_DB_PASS
+DB_PORT=5432
+
+# DATABASE_URL=postgresql://$DATA_DB_USER:$DATA_DB_PASS@$DATA_DB_HOST/gonano
+
+# Optional ElasticSearch configuration
+ES_ENABLED=true
+ES_HOST=$DATA_ELASTIC_HOST
+ES_PORT=9200
+
+BIND=0.0.0.0
+
+# Federation
+# Note: Changing LOCAL_DOMAIN at a later time will cause unwanted side effects, including breaking all existing federation.
+# LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com.
+LOCAL_DOMAIN=${APP_NAME}.nanoapp.io
+
+# Changing LOCAL_HTTPS in production is no longer supported. (Mastodon will always serve https:// links)
+
+# Use this only if you need to run mastodon on a different domain than the one used for federation.
+# You can read more about this option on https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Serving_a_different_domain.md
+# DO *NOT* USE THIS UNLESS YOU KNOW *EXACTLY* WHAT YOU ARE DOING.
+# WEB_DOMAIN=mastodon.example.com
+
+# Use this if you want to have several aliases handler@example1.com
+# handler@example2.com etc. for the same user. LOCAL_DOMAIN should not
+# be added. Comma separated values
+# ALTERNATE_DOMAINS=example1.com,example2.com
+
+# Application secrets
+# Generate each with the `rake secret` task (`nanobox run bundle exec rake secret`)
+SECRET_KEY_BASE=$SECRET_KEY_BASE
+OTP_SECRET=$OTP_SECRET
+
+# VAPID keys (used for push notifications)
+# You can generate the keys using the following command (first is the private key, second is the public one)
+# You should only generate this once per instance. If you later decide to change it, all push subscription will
+# be invalidated, requiring the users to access the website again to resubscribe.
+#
+# Generate with `rake mastodon:webpush:generate_vapid_key` task (`nanobox run bundle exec rake mastodon:webpush:generate_vapid_key`)
+#
+# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
+VAPID_PRIVATE_KEY=$VAPID_PRIVATE_KEY
+VAPID_PUBLIC_KEY=$VAPID_PUBLIC_KEY
+
+# Registrations
+# Single user mode will disable registrations and redirect frontpage to the first profile
+# SINGLE_USER_MODE=true
+# Prevent registrations with following e-mail domains
+# EMAIL_DOMAIN_BLACKLIST=example1.com|example2.de|etc
+# Only allow registrations with the following e-mail domains
+# EMAIL_DOMAIN_WHITELIST=example1.com|example2.de|etc
+
+# Optionally change default language
+# DEFAULT_LOCALE=de
+
+# E-mail configuration
+# Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers
+# If you want to use an SMTP server without authentication (e.g local Postfix relay)
+# then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and
+# *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).
+SMTP_SERVER=$SMTP_SERVER
+SMTP_PORT=587
+SMTP_LOGIN=$SMTP_LOGIN
+SMTP_PASSWORD=$SMTP_PASSWORD
+SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
+#SMTP_REPLY_TO=
+#SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
+#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
+#SMTP_AUTH_METHOD=plain
+#SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt
+#SMTP_OPENSSL_VERIFY_MODE=peer
+#SMTP_ENABLE_STARTTLS_AUTO=true
+#SMTP_TLS=true
+
+# Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.
+# PAPERCLIP_ROOT_PATH=/var/lib/mastodon/public-system
+# PAPERCLIP_ROOT_URL=/system
+
+# Optional asset host for multi-server setups
+# The asset host must allow cross origin request from WEB_DOMAIN or LOCAL_DOMAIN
+# if WEB_DOMAIN is not set. For example, the server may have the
+# following header field:
+# Access-Control-Allow-Origin: https://example.com/
+# CDN_HOST=https://assets.example.com
+
+# S3 (optional)
+# The attachment host must allow cross origin request from WEB_DOMAIN or
+# LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the
+# following header field:
+# Access-Control-Allow-Origin: https://192.168.1.123:9000/
+# S3_ENABLED=true
+# S3_BUCKET=
+# AWS_ACCESS_KEY_ID=
+# AWS_SECRET_ACCESS_KEY=
+# S3_REGION=
+# S3_PROTOCOL=http
+# S3_HOSTNAME=192.168.1.123:9000
+
+# S3 (Minio Config (optional) Please check Minio instance for details)
+# The attachment host must allow cross origin request - see the description
+# above.
+# S3_ENABLED=true
+# S3_BUCKET=
+# AWS_ACCESS_KEY_ID=
+# AWS_SECRET_ACCESS_KEY=
+# S3_REGION=
+# S3_PROTOCOL=https
+# S3_HOSTNAME=
+# S3_ENDPOINT=
+# S3_SIGNATURE_VERSION=
+
+# Google Cloud Storage (optional)
+# Use S3 compatible API. Since GCS does not support Multipart Upload,
+# increase the value of S3_MULTIPART_THRESHOLD to disable Multipart Upload.
+# The attachment host must allow cross origin request - see the description
+# above.
+# S3_ENABLED=true
+# AWS_ACCESS_KEY_ID=
+# AWS_SECRET_ACCESS_KEY=
+# S3_REGION=
+# S3_PROTOCOL=https
+# S3_HOSTNAME=storage.googleapis.com
+# S3_ENDPOINT=https://storage.googleapis.com
+# S3_MULTIPART_THRESHOLD=52428801 # 50.megabytes
+
+# Swift (optional)
+# The attachment host must allow cross origin request - see the description
+# above.
+# SWIFT_ENABLED=true
+# SWIFT_USERNAME=
+# For Keystone V3, the value for SWIFT_TENANT should be the project name
+# SWIFT_TENANT=
+# SWIFT_PASSWORD=
+# Some OpenStack V3 providers require PROJECT_ID (optional)
+# SWIFT_PROJECT_ID=
+# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid
+# issues with token rate-limiting during high load.
+# SWIFT_AUTH_URL=
+# SWIFT_CONTAINER=
+# SWIFT_OBJECT_URL=
+# SWIFT_REGION=
+# Defaults to 'default'
+# SWIFT_DOMAIN_NAME=
+# Defaults to 60 seconds. Set to 0 to disable
+# SWIFT_CACHE_TTL=
+
+# Optional alias for S3 (e.g. to serve files on a custom domain, possibly using Cloudfront or Cloudflare)
+# S3_ALIAS_HOST=
+
+# Streaming API integration
+# STREAMING_API_BASE_URL=
+
+# Advanced settings
+# If you need to use pgBouncer, you need to disable prepared statements:
+# PREPARED_STATEMENTS=false
+
+# Cluster number setting for streaming API server.
+# If you comment out following line, cluster number will be `numOfCpuCores - 1`.
+# STREAMING_CLUSTER_NUM=1
+
+# Docker mastodon user
+# If you use Docker, you may want to assign UID/GID manually.
+# UID=1000
+# GID=1000
+
+# LDAP authentication (optional)
+# LDAP_ENABLED=true
+# LDAP_HOST=localhost
+# LDAP_PORT=389
+# LDAP_METHOD=simple_tls
+# LDAP_BASE=
+# LDAP_BIND_DN=
+# LDAP_PASSWORD=
+# LDAP_UID=cn
+# LDAP_MAIL=mail
+# LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email}))
+# LDAP_UID_CONVERSION_ENABLED=true
+# LDAP_UID_CONVERSION_SEARCH=., -
+# LDAP_UID_CONVERSION_REPLACE=_
+
+# PAM authentication (optional)
+# PAM authentication uses for the email generation the "email" pam variable
+# and optional as fallback PAM_DEFAULT_SUFFIX
+# The pam environment variable "email" is provided by:
+# https://github.com/devkral/pam_email_extractor
+# PAM_ENABLED=true
+# Fallback email domain for email address generation (LOCAL_DOMAIN by default)
+# PAM_EMAIL_DOMAIN=example.com
+# Name of the pam service (pam "auth" section is evaluated)
+# PAM_DEFAULT_SERVICE=rpam
+# Name of the pam service used for checking if an user can register (pam "account" section is evaluated) (nil (disabled) by default)
+# PAM_CONTROLLED_SERVICE=rpam
+
+# Global OAuth settings (optional) :
+# If you have only one strategy, you may want to enable this
+# OAUTH_REDIRECT_AT_SIGN_IN=true
+
+# Optional CAS authentication (cf. omniauth-cas) :
+# CAS_ENABLED=true
+# CAS_URL=https://sso.myserver.com/
+# CAS_HOST=sso.myserver.com/
+# CAS_PORT=443
+# CAS_SSL=true
+# CAS_VALIDATE_URL=
+# CAS_CALLBACK_URL=
+# CAS_LOGOUT_URL=
+# CAS_LOGIN_URL=
+# CAS_UID_FIELD='user'
+# CAS_CA_PATH=
+# CAS_DISABLE_SSL_VERIFICATION=false
+# CAS_UID_KEY='user'
+# CAS_NAME_KEY='name'
+# CAS_EMAIL_KEY='email'
+# CAS_NICKNAME_KEY='nickname'
+# CAS_FIRST_NAME_KEY='firstname'
+# CAS_LAST_NAME_KEY='lastname'
+# CAS_LOCATION_KEY='location'
+# CAS_IMAGE_KEY='image'
+# CAS_PHONE_KEY='phone'
+
+# Optional SAML authentication (cf. omniauth-saml)
+# SAML_ENABLED=true
+# SAML_ACS_URL=http://localhost:3000/auth/auth/saml/callback
+# SAML_ISSUER=https://example.com
+# SAML_IDP_SSO_TARGET_URL=https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO
+# SAML_IDP_CERT=
+# SAML_IDP_CERT_FINGERPRINT=
+# SAML_NAME_IDENTIFIER_FORMAT=
+# SAML_CERT=
+# SAML_PRIVATE_KEY=
+# SAML_SECURITY_WANT_ASSERTION_SIGNED=true
+# SAML_SECURITY_WANT_ASSERTION_ENCRYPTED=true
+# SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
+# SAML_ATTRIBUTES_STATEMENTS_UID="urn:oid:0.9.2342.19200300.100.1.1"
+# SAML_ATTRIBUTES_STATEMENTS_EMAIL="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
+# SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.16.840.1.113730.3.1.241"
+# SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME="urn:oid:2.5.4.42"
+# SAML_ATTRIBUTES_STATEMENTS_LAST_NAME="urn:oid:2.5.4.4"
+# SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
+# SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
+# SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
+
+# Use HTTP proxy for outgoing request (optional)
+# http_proxy=http://gateway.local:8118
+# Access control for hidden service.
+# ALLOW_ACCESS_TO_HIDDEN_SERVICE=true

.env.production.sample

@@ -4,12 +4,6 @@
 # not demonstrate all available configuration options. Please look at
 # https://docs.joinmastodon.org/admin/config/ for the full documentation.
 
-# Note that this file accepts slightly different syntax depending on whether
-# you are using `docker-compose` or not. In particular, if you use
-# `docker-compose`, the value of each declared variable will be taken verbatim,
-# including surrounding quotes.
-# See: https://github.com/mastodon/mastodon/issues/16895
-
 # Federation
 # ----------
 # This identifies your server and cannot be changed safely later
@@ -29,14 +23,11 @@ DB_NAME=mastodon_production
 DB_PASS=
 DB_PORT=5432
 
-# Elasticsearch (optional)
+# ElasticSearch (optional)
 # ------------------------
 ES_ENABLED=true
 ES_HOST=localhost
 ES_PORT=9200
-# Authentication for ES (optional)
-ES_USER=elastic
-ES_PASS=password
 
 # Secrets
 # -------
@@ -54,11 +45,11 @@ VAPID_PUBLIC_KEY=
 
 # Sending mail
 # ------------
-SMTP_SERVER=
+SMTP_SERVER=smtp.mailgun.org
 SMTP_PORT=587
 SMTP_LOGIN=
 SMTP_PASSWORD=
-SMTP_FROM_ADDRESS=notifications@example.com
+SMTP_FROM_ADDRESS=notificatons@example.com
 
 # File storage (optional)
 # -----------------------
@@ -67,11 +58,3 @@ S3_BUCKET=files.example.com
 AWS_ACCESS_KEY_ID=
 AWS_SECRET_ACCESS_KEY=
 S3_ALIAS_HOST=files.example.com
-
-# IP and session retention
-# -----------------------
-# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
-# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
-# -----------------------
-IP_RETENTION_PERIOD=31556952
-SESSION_RETENTION_PERIOD=31556952

.env.vagrant

@@ -2,7 +2,3 @@ VAGRANT=true
 LOCAL_DOMAIN=mastodon.local
 BIND=0.0.0.0
 DB_HOST=/var/run/postgresql/
-
-ES_ENABLED=true
-ES_HOST=localhost
-ES_PORT=9200

.eslintrc.js

@@ -1,71 +1,71 @@
 module.exports = {
   root: true,
 
-  extends: [
-    'eslint:recommended',
-    'plugin:react/recommended',
-    'plugin:react-hooks/recommended',
-    'plugin:jsx-a11y/recommended',
-    'plugin:import/recommended',
-    'plugin:promise/recommended',
-    'plugin:jsdoc/recommended',
-    'plugin:prettier/recommended',
-  ],
-
   env: {
     browser: true,
     node: true,
     es6: true,
+    jest: true,
   },
 
   globals: {
     ATTACHMENT_HOST: false,
   },
 
-  parser: '@typescript-eslint/parser',
+  parser: 'babel-eslint',
 
   plugins: [
     'react',
     'jsx-a11y',
     'import',
     'promise',
-    '@typescript-eslint',
-    'formatjs',
   ],
 
   parserOptions: {
     sourceType: 'module',
     ecmaFeatures: {
+      experimentalObjectRestSpread: true,
       jsx: true,
     },
-    ecmaVersion: 2021,
-    requireConfigFile: false,
-    babelOptions: {
-      configFile: false,
-      presets: ['@babel/react', '@babel/env'],
-    },
+    ecmaVersion: 2018,
   },
 
   settings: {
     react: {
       version: 'detect',
     },
+    'import/extensions': [
+      '.js',
+    ],
     'import/ignore': [
       'node_modules',
       '\\.(css|scss|json)$',
     ],
     'import/resolver': {
-      typescript: {},
+      node: {
+        paths: ['app/javascript'],
+      },
     },
   },
 
   rules: {
+    'brace-style': 'warn',
+    'comma-dangle': ['error', 'always-multiline'],
+    'comma-spacing': [
+      'warn',
+      {
+        before: false,
+        after: true,
+      },
+    ],
+    'comma-style': ['warn', 'last'],
     'consistent-return': 'error',
     'dot-notation': 'error',
-    eqeqeq: ['error', 'always', { 'null': 'ignore' }],
+    eqeqeq: 'error',
+    indent: ['warn', 2],
     'jsx-quotes': ['error', 'prefer-single'],
-    'no-case-declarations': 'off',
     'no-catch-shadow': 'error',
+    'no-cond-assign': 'error',
     'no-console': [
       'warn',
       {
@@ -75,75 +75,86 @@ module.exports = {
         ],
       },
     ],
-    'no-empty': 'off',
-    'no-restricted-properties': [
-      'error',
-      { property: 'substring', message: 'Use .slice instead of .substring.' },
-      { property: 'substr', message: 'Use .slice instead of .substr.' },
-    ],
-    'no-restricted-syntax': [
-      'error',
-      {
-        // eslint-disable-next-line no-restricted-syntax
-        selector: 'Literal[value=/•/], JSXText[value=/•/]',
-        // eslint-disable-next-line no-restricted-syntax
-        message: "Use '·' (middle dot) instead of '•' (bullet)",
-      },
-    ],
-    'no-self-assign': 'off',
+    'no-fallthrough': 'error',
+    'no-irregular-whitespace': 'error',
+    'no-mixed-spaces-and-tabs': 'warn',
+    'no-nested-ternary': 'warn',
+    'no-trailing-spaces': 'warn',
+    'no-undef': 'error',
+    'no-unreachable': 'error',
     'no-unused-expressions': 'error',
-    'no-unused-vars': 'off',
-    '@typescript-eslint/no-unused-vars': [
+    'no-unused-vars': [
       'error',
       {
         vars: 'all',
         args: 'after-used',
-        destructuredArrayIgnorePattern: '^_',
         ignoreRestSiblings: true,
       },
     ],
+    'object-curly-spacing': ['error', 'always'],
+    'padded-blocks': [
+      'error',
+      {
+        classes: 'always',
+      },
+    ],
+    quotes: ['error', 'single'],
+    semi: 'error',
+    strict: 'off',
     'valid-typeof': 'error',
 
-    'react/jsx-filename-extension': ['error', { extensions: ['.jsx', 'tsx'] }],
     'react/jsx-boolean-value': 'error',
-    'react/display-name': 'off',
-    'react/jsx-fragments': ['error', 'syntax'],
+    'react/jsx-closing-bracket-location': ['error', 'line-aligned'],
+    'react/jsx-curly-spacing': 'error',
     'react/jsx-equals-spacing': 'error',
+    'react/jsx-first-prop-new-line': ['error', 'multiline-multiprop'],
+    'react/jsx-indent': ['error', 2],
     'react/jsx-no-bind': 'error',
-    'react/jsx-no-useless-fragment': 'error',
-    'react/jsx-no-target-blank': 'off',
+    'react/jsx-no-duplicate-props': 'error',
+    'react/jsx-no-undef': 'error',
     'react/jsx-tag-spacing': 'error',
-    'react/jsx-uses-react': 'off', // not needed with new JSX transform
+    'react/jsx-uses-react': 'error',
+    'react/jsx-uses-vars': 'error',
     'react/jsx-wrap-multilines': 'error',
-    'react/no-deprecated': 'off',
-    'react/no-unknown-property': 'off',
-    'react/react-in-jsx-scope': 'off', // not needed with new JSX transform
+    'react/no-multi-comp': 'off',
+    'react/no-string-refs': 'error',
+    'react/prop-types': 'error',
     'react/self-closing-comp': 'error',
 
-    // recommended values found in https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/main/src/index.js
     'jsx-a11y/accessible-emoji': 'warn',
-    'jsx-a11y/click-events-have-key-events': 'off',
-    'jsx-a11y/label-has-associated-control': 'off',
-    'jsx-a11y/media-has-caption': 'off',
-    'jsx-a11y/no-autofocus': 'off',
-    // recommended rule is:
-    // 'jsx-a11y/no-interactive-element-to-noninteractive-role': [
-    //   'error',
-    //   {
-    //     tr: ['none', 'presentation'],
-    //     canvas: ['img'],
-    //   },
-    // ],
-    'jsx-a11y/no-interactive-element-to-noninteractive-role': 'off',
-    // recommended rule is:
-    // 'jsx-a11y/no-noninteractive-element-interactions': [
-    //   'error',
-    //   {
-    //     body: ['onError', 'onLoad'],
-    //     iframe: ['onError', 'onLoad'],
-    //     img: ['onError', 'onLoad'],
-    //   },
-    // ],
+    'jsx-a11y/alt-text': 'warn',
+    'jsx-a11y/anchor-has-content': 'warn',
+    'jsx-a11y/anchor-is-valid': [
+      'warn',
+      {
+        components: [
+          'Link',
+          'NavLink',
+        ],
+        specialLink: [
+          'to',
+        ],
+        aspect: [
+          'noHref',
+          'invalidHref',
+          'preferButton',
+        ],
+      },
+    ],
+    'jsx-a11y/aria-activedescendant-has-tabindex': 'warn',
+    'jsx-a11y/aria-props': 'warn',
+    'jsx-a11y/aria-proptypes': 'warn',
+    'jsx-a11y/aria-role': 'warn',
+    'jsx-a11y/aria-unsupported-elements': 'warn',
+    'jsx-a11y/heading-has-content': 'warn',
+    'jsx-a11y/html-has-lang': 'warn',
+    'jsx-a11y/iframe-has-title': 'warn',
+    'jsx-a11y/img-redundant-alt': 'warn',
+    'jsx-a11y/interactive-supports-focus': 'warn',
+    'jsx-a11y/label-has-for': 'off',
+    'jsx-a11y/mouse-events-have-key-events': 'warn',
+    'jsx-a11y/no-access-key': 'warn',
+    'jsx-a11y/no-distracting-elements': 'warn',
     'jsx-a11y/no-noninteractive-element-interactions': [
       'warn',
       {
@@ -152,18 +163,8 @@ module.exports = {
         ],
       },
     ],
-    // recommended rule is:
-    // 'jsx-a11y/no-noninteractive-tabindex': [
-    //   'error',
-    //   {
-    //     tags: [],
-    //     roles: ['tabpanel'],
-    //     allowExpressionValues: true,
-    //   },
-    // ],
-    'jsx-a11y/no-noninteractive-tabindex': 'off',
     'jsx-a11y/no-onchange': 'warn',
-    // recommended is full 'error'
+    'jsx-a11y/no-redundant-roles': 'warn',
     'jsx-a11y/no-static-element-interactions': [
       'warn',
       {
@@ -172,213 +173,37 @@ module.exports = {
         ],
       },
     ],
+    'jsx-a11y/role-has-required-aria-props': 'warn',
+    'jsx-a11y/role-supports-aria-props': 'off',
+    'jsx-a11y/scope': 'warn',
+    'jsx-a11y/tabindex-no-positive': 'warn',
 
-    // See https://github.com/import-js/eslint-plugin-import/blob/main/config/recommended.js
     'import/extensions': [
       'error',
       'always',
       {
         js: 'never',
-        jsx: 'never',
-        mjs: 'never',
-        ts: 'never',
-        tsx: 'never',
       },
     ],
-    'import/first': 'error',
     'import/newline-after-import': 'error',
-    'import/no-anonymous-default-export': 'error',
     'import/no-extraneous-dependencies': [
       'error',
       {
         devDependencies: [
           'config/webpack/**',
-          'app/javascript/mastodon/performance.js',
           'app/javascript/mastodon/test_setup.js',
           'app/javascript/**/__tests__/**',
         ],
       },
     ],
-    'import/no-amd': 'error',
-    'import/no-commonjs': 'error',
-    'import/no-import-module-exports': 'error',
-    'import/no-relative-packages': 'error',
-    'import/no-self-import': 'error',
-    'import/no-useless-path-segments': 'error',
+    'import/no-unresolved': 'error',
     'import/no-webpack-loader-syntax': 'error',
 
-    'import/order': [
-      'error',
-      {
-        alphabetize: { order: 'asc' },
-        'newlines-between': 'always',
-        groups: [
-          'builtin',
-          'external',
-          'internal',
-          'parent',
-          ['index', 'sibling'],
-          'object',
-        ],
-        pathGroups: [
-          // React core packages
-          {
-            pattern: '{react,react-dom,react-dom/client,prop-types}',
-            group: 'builtin',
-            position: 'after',
-          },
-          // I18n
-          {
-            pattern: '{react-intl,intl-messageformat}',
-            group: 'builtin',
-            position: 'after',
-          },
-          // Common React utilities
-          {
-            pattern: '{classnames,react-helmet,react-router-dom}',
-            group: 'external',
-            position: 'before',
-          },
-          // Immutable / Redux / data store
-          {
-            pattern: '{immutable,react-redux,react-immutable-proptypes,react-immutable-pure-component,reselect}',
-            group: 'external',
-            position: 'before',
-          },
-          // Internal packages
-          {
-            pattern: '{mastodon/**}',
-            group: 'internal',
-            position: 'after',
-          },
-        ],
-        pathGroupsExcludedImportTypes: [],
-      },
-    ],
-
-    'promise/always-return': 'off',
     'promise/catch-or-return': [
       'error',
       {
         allowFinally: true,
       },
     ],
-    'promise/no-callback-in-promise': 'off',
-    'promise/no-nesting': 'off',
-    'promise/no-promise-in-callback': 'off',
-
-    'formatjs/blocklist-elements': 'error',
-    'formatjs/enforce-default-message': ['error', 'literal'],
-    'formatjs/enforce-description': 'off', // description values not currently used
-    'formatjs/enforce-id': 'off', // Explicit IDs are used in the project
-    'formatjs/enforce-placeholders': 'off', // Issues in short_number.jsx
-    'formatjs/enforce-plural-rules': 'error',
-    'formatjs/no-camel-case': 'off', // disabledAccount is only non-conforming
-    'formatjs/no-complex-selectors': 'error',
-    'formatjs/no-emoji': 'error',
-    'formatjs/no-id': 'off', // IDs are used for translation keys
-    'formatjs/no-invalid-icu': 'error',
-    'formatjs/no-literal-string-in-jsx': 'off', // Should be looked at, but mainly flagging punctuation outside of strings
-    'formatjs/no-multiple-plurals': 'off', // Only used by hashtag.jsx
-    'formatjs/no-multiple-whitespaces': 'error',
-    'formatjs/no-offset': 'error',
-    'formatjs/no-useless-message': 'error',
-    'formatjs/prefer-formatted-message': 'error',
-    'formatjs/prefer-pound-in-plural': 'error',
-
-    'jsdoc/check-types': 'off',
-    'jsdoc/no-undefined-types': 'off',
-    'jsdoc/require-jsdoc': 'off',
-    'jsdoc/require-param-description': 'off',
-    'jsdoc/require-property-description': 'off',
-    'jsdoc/require-returns-description': 'off',
-    'jsdoc/require-returns': 'off',
   },
-
-  overrides: [
-    {
-      files: [
-        '*.config.js',
-        '.*rc.js',
-        'ide-helper.js',
-        'config/webpack/**/*',
-        'config/formatjs-formatter.js',
-      ],
-
-      env: {
-        commonjs: true,
-      },
-
-      parserOptions: {
-        sourceType: 'script',
-      },
-
-      rules: {
-        'import/no-commonjs': 'off',
-      },
-    },
-    {
-      files: [
-        '**/*.ts',
-        '**/*.tsx',
-      ],
-
-      extends: [
-        'eslint:recommended',
-        'plugin:@typescript-eslint/strict-type-checked',
-        'plugin:@typescript-eslint/stylistic-type-checked',
-        'plugin:react/recommended',
-        'plugin:react-hooks/recommended',
-        'plugin:jsx-a11y/recommended',
-        'plugin:import/recommended',
-        'plugin:import/typescript',
-        'plugin:promise/recommended',
-        'plugin:jsdoc/recommended-typescript',
-        'plugin:prettier/recommended',
-      ],
-
-      parserOptions: {
-        project: true,
-        tsconfigRootDir: __dirname,
-      },
-
-      rules: {
-        'import/consistent-type-specifier-style': ['error', 'prefer-top-level'],
-
-        '@typescript-eslint/consistent-type-definitions': ['warn', 'interface'],
-        '@typescript-eslint/consistent-type-exports': 'error',
-        '@typescript-eslint/consistent-type-imports': 'error',
-        "@typescript-eslint/prefer-nullish-coalescing": ['error', {ignorePrimitives: {boolean: true}}],
-
-        'jsdoc/require-jsdoc': 'off',
-
-        // Those rules set stricter rules for TS files
-        // to enforce better practices when converting from JS
-        'import/no-default-export': 'warn',
-        'react/prefer-stateless-function': 'warn',
-        'react/function-component-definition': ['error', { namedComponents: 'arrow-function' }],
-        'react/jsx-uses-react': 'off', // not needed with new JSX transform
-        'react/react-in-jsx-scope': 'off', // not needed with new JSX transform
-        'react/prop-types': 'off',
-      },
-    },
-    {
-      files: [
-        '**/__tests__/*.js',
-        '**/__tests__/*.jsx',
-      ],
-
-      env: {
-        jest: true,
-      },
-    },
-    {
-      files: [
-        'streaming/**/*',
-      ],
-      rules: {
-        'import/no-commonjs': 'off',
-      },
-    },
-  ],
 };

.gitea/workflows/build.yml

@@ -1,29 +0,0 @@
----
-name: Build Image for Deployment
-on:
-  push:
-    tags:
-      - '**pvz**'
-  workflow_dispatch:
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    container: ghcr.io/catthehacker/ubuntu:act-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - uses: docker/setup-buildx-action@v3
-
-      - name: Login to gitea container registry
-        uses: docker/login-action@v3
-        with:
-          registry: git.wir-sind-auch-menschen.de
-          username: alice-bot
-          password: ${{ secrets.GT_TOKEN }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          push: true
-          tags: git.wir-sind-auch-menschen.de/paravielfalt/mastodon:${{ gitea.ref_name }}

.github/CODEOWNERS

@@ -0,0 +1,32 @@
+# CODEOWNERS for tootsuite/mastodon
+
+# Translators
+# To add translator, copy these lines, replace `fr` with appropriate language code and replace `@żelipapą` with user's GitHub nickname preceded by `@` sign or e-mail address.
+# /app/javascript/mastodon/locales/fr.json @żelipapą
+# /app/views/user_mailer/*.fr.html.erb @żelipapą
+# /app/views/user_mailer/*.fr.text.erb @żelipapą
+# /config/locales/*.fr.yml @żelipapą
+# /config/locales/fr.yml @żelipapą
+
+# Polish
+/app/javascript/mastodon/locales/pl.json @m4sk1n
+/app/views/user_mailer/*.pl.html.erb @m4sk1n
+/app/views/user_mailer/*.pl.text.erb @m4sk1n
+/config/locales/*.pl.yml @m4sk1n
+/config/locales/pl.yml @m4sk1n
+
+# French
+/app/javascript/mastodon/locales/fr.json @aldarone
+/app/javascript/mastodon/locales/whitelist_fr.json @aldarone
+/app/views/user_mailer/*.fr.html.erb @aldarone
+/app/views/user_mailer/*.fr.text.erb @aldarone
+/config/locales/*.fr.yml @aldarone
+/config/locales/fr.yml @aldarone
+
+# Dutch
+/app/javascript/mastodon/locales/nl.json @jeroenpraat
+/app/javascript/mastodon/locales/whitelist_nl.json @jeroenpraat
+/app/views/user_mailer/*.nl.html.erb @jeroenpraat
+/app/views/user_mailer/*.nl.text.erb @jeroenpraat
+/config/locales/*.nl.yml @jeroenpraat
+/config/locales/nl.yml @jeroenpraat

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+patreon: mastodon
+open_collective: mastodon
+github: [Gargron]

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,27 @@
+---
+name: Bug Report
+about: If something isn't working as expected
+
+---
+
+<!-- Make sure that you are submitting a new bug that was not previously reported or already fixed -->
+
+<!-- Please use a concise and distinct title for the issue -->
+
+### Expected behaviour
+
+<!-- What should have happened? -->
+
+### Actual behaviour
+
+<!-- What happened? -->
+
+### Steps to reproduce the problem
+
+<!-- What were you trying to do? -->
+
+### Specifications
+
+<!-- What version or commit hash of Mastodon did you find this bug in? -->
+
+<!-- If a front-end issue, what browser and operating systems were you using? -->

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Mastodon Meta Discussion Board
+    url: https://discourse.joinmastodon.org/
+    about: Please ask and answer questions here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Feature Request
+about: I have a suggestion
+
+---
+
+<!-- Please use a concise and distinct title for the issue -->
+
+<!-- Consider: Could it be implemented as a 3rd party app using the REST API instead? -->
+
+### Pitch
+
+<!-- Describe your idea for a feature. Make sure it has not already been suggested/implemented/turned down before -->
+
+### Motivation
+
+<!-- Why do you think this feature is needed? Who would benefit from it? -->

.github/ISSUE_TEMPLATE/support.md

@@ -0,0 +1,10 @@
+---
+name: Support
+about: Ask for help with your deployment
+
+---
+
+We primarily use GitHub as a bug and feature tracker. For usage questions, troubleshooting of deployments and other individual technical assistance, please use one of the resources below:
+
+- https://discourse.joinmastodon.org
+- #mastodon on irc.freenode.net

.github/dependabot.yml

@@ -0,0 +1,22 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: npm
+    directory: "/"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 99
+    allow:
+      - dependency-type: all
+
+  - package-ecosystem: bundler
+    directory: "/"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 99
+    allow:
+      - dependency-type: all

.github/stale.yml

@@ -0,0 +1,10 @@
+daysUntilStale: 120
+daysUntilClose: 7
+exemptLabels:
+  - security
+staleLabel: wontfix
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+only: pulls

.gitignore

@@ -40,10 +40,14 @@
 
 # Ignore postgres + redis + elasticsearch volume optionally created by docker-compose
 /postgres
-/postgres14
 /redis
 /elasticsearch
 
+# ignore Helm lockfile, dependency charts, and local values file
+/chart/Chart.lock
+/chart/charts/*.tgz
+/chart/values.yaml
+
 # Ignore Apple files
 .DS_Store
 

.haml-lint.yml

@@ -1,14 +1,108 @@
-inherits_from: .haml-lint_todo.yml
+# Whether to ignore frontmatter at the beginning of HAML documents for
+# frameworks such as Jekyll/Middleman
+skip_frontmatter: false
 
 exclude:
   - 'vendor/**/*'
-  - lib/templates/haml/scaffold/_form.html.haml
-
-require:
-  - ./lib/linter/haml_middle_dot.rb
+  - 'spec/**/*'
+  - 'lib/templates/**/*'
+  - 'app/views/kaminari/**/*'
 
 linters:
   AltText:
+    enabled: false
+
+  ClassAttributeWithStaticValue:
     enabled: true
-  MiddleDot:
+
+  ClassesBeforeIds:
+    enabled: true
+
+  ConsecutiveComments:
+    enabled: true
+
+  ConsecutiveSilentScripts:
+    enabled: true
+    max_consecutive: 2
+
+  EmptyObjectReference:
+    enabled: true
+
+  EmptyScript:
+    enabled: true
+
+  FinalNewline:
+    enabled: true
+    present: true
+
+  HtmlAttributes:
+    enabled: true
+
+  ImplicitDiv:
+    enabled: true
+
+  LeadingCommentSpace:
+    enabled: true
+
+  LineLength:
+    enabled: false
+    max: 80
+
+  MultilinePipe:
+    enabled: true
+
+  MultilineScript:
+    enabled: true
+
+  ObjectReferenceAttributes:
+    enabled: true
+
+  RuboCop:
+    enabled: true
+    # These cops are incredibly noisy when it comes to HAML templates, so we
+    # ignore them.
+    ignored_cops:
+      - Lint/BlockAlignment
+      - Lint/EndAlignment
+      - Lint/Void
+      - Metrics/BlockLength
+      - Metrics/LineLength
+      - Style/AlignParameters
+      - Style/BlockNesting
+      - Style/ElseAlignment
+      - Style/EndOfLine
+      - Style/FileName
+      - Style/FinalNewline
+      - Style/FrozenStringLiteralComment
+      - Style/IfUnlessModifier
+      - Style/IndentationWidth
+      - Style/Next
+      - Style/TrailingBlankLines
+      - Style/TrailingWhitespace
+      - Style/WhileUntilModifier
+
+  RubyComments:
+    enabled: true
+
+  SpaceBeforeScript:
+    enabled: true
+
+  SpaceInsideHashAttributes:
+    enabled: true
+    style: space
+
+  Indentation:
+    enabled: true
+    character: space # or tab
+
+  TagName:
+    enabled: true
+
+  TrailingWhitespace:
+    enabled: true
+
+  UnnecessaryInterpolation:
+    enabled: true
+
+  UnnecessaryStringOutput:
     enabled: true

.haml-lint_todo.yml

@@ -1,47 +0,0 @@
-# This configuration was generated by
-# `haml-lint --auto-gen-config`
-# on 2023-07-20 09:47:50 -0400 using Haml-Lint version 0.48.0.
-# The point is for the user to remove these configuration records
-# one by one as the lints are removed from the code base.
-# Note that changes in the inspected code, or installation of new
-# versions of Haml-Lint, may require this file to be generated again.
-
-linters:
-  # Offense count: 951
-  LineLength:
-    enabled: false
-
-  # Offense count: 22
-  UnnecessaryStringOutput:
-    enabled: false
-
-  # Offense count: 57
-  RuboCop:
-    enabled: false
-
-  # Offense count: 3
-  ViewLength:
-    exclude:
-      - 'app/views/admin/accounts/show.html.haml'
-      - 'app/views/admin/reports/show.html.haml'
-      - 'app/views/disputes/strikes/show.html.haml'
-
-  # Offense count: 32
-  InstanceVariables:
-    exclude:
-      - 'app/views/admin/reports/_actions.html.haml'
-      - 'app/views/admin/roles/_form.html.haml'
-      - 'app/views/admin/webhooks/_form.html.haml'
-      - 'app/views/auth/registrations/_status.html.haml'
-      - 'app/views/auth/sessions/two_factor/_otp_authentication_form.html.haml'
-      - 'app/views/authorize_interactions/_post_follow_actions.html.haml'
-      - 'app/views/invites/_form.html.haml'
-      - 'app/views/relationships/_account.html.haml'
-      - 'app/views/shared/_og.html.haml'
-
-  # Offense count: 3
-  IdNames:
-    exclude:
-      - 'app/views/authorize_interactions/error.html.haml'
-      - 'app/views/oauth/authorizations/error.html.haml'
-      - 'app/views/shared/_error_messages.html.haml'

.husky/pre-commit

@@ -1,4 +0,0 @@
-#!/bin/sh
-. "$(dirname "$0")/_/husky.sh"
-
-yarn lint-staged

.nvmrc

@@ -1 +1 @@
-20.7
+12

.prettierignore

@@ -1,78 +0,0 @@
-# See https://help.github.com/articles/ignoring-files for more about ignoring files.
-#
-# If you find yourself ignoring temporary files generated by your text editor
-# or operating system, you probably want to add a global ignore instead:
-#   git config --global core.excludesfile '~/.gitignore_global'
-
-# Ignore bundler config and downloaded libraries.
-/.bundle
-/vendor/bundle
-
-# Ignore the default SQLite database.
-/db/*.sqlite3
-/db/*.sqlite3-journal
-
-# Ignore all logfiles and tempfiles.
-.eslintcache
-/log/*
-!/log/.keep
-/tmp
-/coverage
-/public/system
-/public/assets
-/public/packs
-/public/packs-test
-.env
-.env.production
-.env.development
-/node_modules/
-/build/
-
-# Ignore Vagrant files
-.vagrant/
-
-# Ignore Capistrano customizations
-/config/deploy/*
-
-# Ignore IDE files
-.vscode/
-.idea/
-
-# Ignore postgres + redis + elasticsearch volume optionally created by docker-compose
-/postgres
-/postgres14
-/redis
-/elasticsearch
-
-# Ignore Apple files
-.DS_Store
-
-# Ignore vim files
-*~
-*.swp
-
-# Ignore log files
-*.log
-
-# Ignore Docker option files
-docker-compose.override.yml
-
-# Ignore emoji map file
-/app/javascript/mastodon/features/emoji/emoji_map.json
-
-# Ignore locale files
-/app/javascript/mastodon/locales/*.json
-/config/locales
-
-# Ignore vendored CSS reset
-app/javascript/styles/mastodon/reset.scss
-
-# Ignore Javascript pending https://github.com/mastodon/mastodon/pull/23631
-*.js
-*.jsx
-
-# Ignore HTML till cleaned and included in CI
-*.html
-
-# Ignore the generated AUTHORS.md
-AUTHORS.md

.prettierrc.js

@@ -1,4 +0,0 @@
-module.exports = {
-  singleQuote: true,
-  jsxSingleQuote: true
-}

.profile

@@ -1 +1 @@
-LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/app/.apt/lib/x86_64-linux-gnu:/app/.apt/usr/lib/x86_64-linux-gnu/mesa:/app/.apt/usr/lib/x86_64-linux-gnu/pulseaudio:/app/.apt/usr/lib/x86_64-linux-gnu/openblas-pthread
+LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/app/.apt/lib/x86_64-linux-gnu:/app/.apt/usr/lib/x86_64-linux-gnu/mesa:/app/.apt/usr/lib/x86_64-linux-gnu/pulseaudio

.rubocop.yml

@@ -1,202 +1,142 @@
-# Can be removed once all rules are addressed or moved to this file as documented overrides
-inherit_from: .rubocop_todo.yml
-
-# Used for merging with exclude lists with .rubocop_todo.yml
-inherit_mode:
-  merge:
-    - Exclude
-
 require:
   - rubocop-rails
-  - rubocop-rspec
-  - rubocop-performance
-  - rubocop-capybara
-  - ./lib/linter/rubocop_middle_dot
 
 AllCops:
-  TargetRubyVersion: 3.0 # Set to minimum supported version of CI
-  DisplayCopNames: true
-  DisplayStyleGuide: true
-  ExtraDetails: true
-  UseCache: true
-  CacheRootDirectory: tmp
-  NewCops: enable # Opt-in to newly added rules
+  TargetRubyVersion: 2.4
   Exclude:
-    - db/schema.rb
-    - 'bin/*'
-    - 'node_modules/**/*'
-    - 'Vagrantfile'
-    - 'vendor/**/*'
-    - 'lib/json_ld/*' # Generated files
-    - 'lib/templates/**/*'
+  - 'spec/**/*'
+  - 'db/**/*'
+  - 'app/views/**/*'
+  - 'config/**/*'
+  - 'bin/*'
+  - 'Rakefile'
+  - 'node_modules/**/*'
+  - 'Vagrantfile'
+  - 'vendor/**/*'
+  - 'lib/json_ld/*'
+  - 'lib/templates/**/*'
 
-# Reason: Prefer Hashes without extreme indentation
-# https://docs.rubocop.org/rubocop/cops_layout.html#layoutfirsthashelementindentation
-Layout/FirstHashElementIndentation:
-  EnforcedStyle: consistent
+Bundler/OrderedGems:
+  Enabled: false
 
-# Reason: Currently disabled in .rubocop_todo.yml
-# https://docs.rubocop.org/rubocop/cops_layout.html#layoutlinelength
-Layout/LineLength:
-  Max: 320 # Default of 120 causes a duplicate entry in generated todo file
+Layout/AccessModifierIndentation:
+  EnforcedStyle: indent
+
+Layout/EmptyLineAfterMagicComment:
+  Enabled: false
+
+Layout/SpaceInsideHashLiteralBraces:
+  EnforcedStyle: space
 
-# Reason:
-# https://docs.rubocop.org/rubocop/cops_lint.html#lintuselessaccessmodifier
 Lint/UselessAccessModifier:
   ContextCreatingMethods:
     - class_methods
 
-## Disable most Metrics/*Length cops
-# Reason: those are often triggered and force significant refactors when this happend
-#         but the team feel they are not really improving the code quality.
-
-# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsblocklength
-Metrics/BlockLength:
-  Enabled: false
-
-# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsclasslength
-Metrics/ClassLength:
-  Enabled: false
-
-# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsmethodlength
-Metrics/MethodLength:
-  Enabled: false
-
-# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsmodulelength
-Metrics/ModuleLength:
-  Enabled: false
-
-## End Disable Metrics/*Length cops
-
-# Reason: Currently disabled in .rubocop_todo.yml
-# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsabcsize
 Metrics/AbcSize:
-  Exclude:
-    - 'lib/mastodon/cli/*.rb'
-    - db/*migrate/**/*
+  Max: 100
+
+Metrics/BlockLength:
+  Max: 35
+  Exclude:
+    - 'lib/tasks/**/*'
 
-# Reason:
-# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsblocknesting
 Metrics/BlockNesting:
-  Exclude:
-    - 'lib/mastodon/cli/*.rb'
+  Max: 3
+
+Metrics/ClassLength:
+  CountComments: false
+  Max: 300
 
-# Reason: Currently disabled in .rubocop_todo.yml
-# https://docs.rubocop.org/rubocop/cops_metrics.html#metricscyclomaticcomplexity
 Metrics/CyclomaticComplexity:
-  Exclude:
-    - lib/mastodon/cli/*.rb
-    - db/*migrate/**/*
+  Max: 25
+
+Layout/LineLength:
+  AllowURI: true
+  Enabled: false
+
+Metrics/MethodLength:
+  CountComments: false
+  Max: 55
+
+Metrics/ModuleLength:
+  CountComments: false
+  Max: 200
 
-# Reason:
-# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsparameterlists
 Metrics/ParameterLists:
-  CountKeywordArgs: false
+  Max: 5
+  CountKeywordArgs: true
 
-# Reason: Prevailing style is argument file paths
-# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsfilepath
-Rails/FilePath:
-  EnforcedStyle: arguments
+Metrics/PerceivedComplexity:
+  Max: 20
+
+Naming/MemoizedInstanceVariableName:
+  Enabled: false
+
+Rails:
+  Enabled: true
+
+Rails/EnumHash:
+  Enabled: false
+
+Rails/HasAndBelongsToMany:
+  Enabled: false
+
+Rails/SkipsModelValidations:
+  Enabled: false
 
-# Reason: Prevailing style uses numeric status codes, matches RSpec/Rails/HttpStatus
-# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railshttpstatus
 Rails/HttpStatus:
-  EnforcedStyle: numeric
+  Enabled: false
 
-# Reason: Allowed in `tootctl` CLI code and in boot ENV checker
-# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsexit
 Rails/Exit:
   Exclude:
-    - 'config/boot.rb'
-    - 'lib/mastodon/cli/*.rb'
+    - 'lib/mastodon/*'
+    - 'lib/cli.rb'
 
-# Reason: Some single letter camel case files shouldn't be split
-# https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecfilepath
-RSpec/FilePath:
-  CustomTransform:
-    ActivityPub: activitypub # Ignore the snake_case due to the amount of files to rename
-    DeepL: deepl
-    FetchOEmbedService: fetch_oembed_service
-    JsonLdHelper: jsonld_helper
-    OEmbedController: oembed_controller
-    OStatus: ostatus
-    NodeInfoController: nodeinfo_controller # NodeInfo isn't snake_cased for any of the instances
-  Exclude:
-    - 'spec/config/initializers/rack_attack_spec.rb' # namespaces usually have separate folder
-    - 'spec/lib/sanitize_config_spec.rb' # namespaces usually have separate folder
+Rails/HelperInstanceVariable:
+  Enabled: false
 
-# Reason:
-# https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecnamedsubject
-RSpec/NamedSubject:
-  EnforcedStyle: named_only
-
-# Reason: Prevailing style choice
-# https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecnottonot
-RSpec/NotToNot:
-  EnforcedStyle: to_not
-
-# Reason: Prevailing style uses numeric status codes, matches Rails/HttpStatus
-# https://docs.rubocop.org/rubocop-rspec/cops_rspec_rails.html#rspecrailshttpstatus
-RSpec/Rails/HttpStatus:
-  EnforcedStyle: numeric
-
-# Reason:
-# https://docs.rubocop.org/rubocop/cops_style.html#styleclassandmodulechildren
 Style/ClassAndModuleChildren:
   Enabled: false
 
-# Reason: Classes mostly self-document with their names
-# https://docs.rubocop.org/rubocop/cops_style.html#styledocumentation
+Style/CollectionMethods:
+  Enabled: true
+  PreferredMethods:
+    find_all: 'select'
+
 Style/Documentation:
   Enabled: false
 
-# Reason: Enforce modern Ruby style
-# https://docs.rubocop.org/rubocop/cops_style.html#stylehashsyntax
-Style/HashSyntax:
-  EnforcedStyle: ruby19_no_mixed_keys
+Style/DoubleNegation:
+  Enabled: true
 
-# Reason:
-# https://docs.rubocop.org/rubocop/cops_style.html#stylenumericliterals
-Style/NumericLiterals:
-  AllowedPatterns:
-    - \d{4}_\d{2}_\d{2}_\d{6} # For DB migration date version number readability
+Style/FormatStringToken:
+  Enabled: false
+
+Style/FrozenStringLiteralComment:
+  Enabled: true
+
+Style/GuardClause:
+  Enabled: false
+
+Style/Lambda:
+  Enabled: false
 
-# Reason:
-# https://docs.rubocop.org/rubocop/cops_style.html#stylepercentliteraldelimiters
 Style/PercentLiteralDelimiters:
   PreferredDelimiters:
     '%i': '()'
     '%w': '()'
 
-# Reason: Prefer less indentation in conditional assignments
-# https://docs.rubocop.org/rubocop/cops_style.html#styleredundantbegin
-Style/RedundantBegin:
+Style/PerlBackrefs:
+  AutoCorrect: false
+
+Style/RegexpLiteral:
   Enabled: false
 
-# Reason: Overridden to reduce implicit StandardError rescues
-# https://docs.rubocop.org/rubocop/cops_style.html#stylerescuestandarderror
-Style/RescueStandardError:
-  EnforcedStyle: implicit
-
-# Reason: Simplify some spec layouts
-# https://docs.rubocop.org/rubocop/cops_style.html#stylesemicolon
-Style/Semicolon:
-  AllowAsExpressionSeparator: true
-
-# Reason: Originally disabled for CodeClimate, and no config consensus has been found
-# https://docs.rubocop.org/rubocop/cops_style.html#stylesymbolarray
 Style/SymbolArray:
   Enabled: false
 
-# Reason:
-# https://docs.rubocop.org/rubocop/cops_style.html#styletrailingcommainarrayliteral
 Style/TrailingCommaInArrayLiteral:
   EnforcedStyleForMultiline: 'comma'
 
-# Reason:
-# https://docs.rubocop.org/rubocop/cops_style.html#styletrailingcommainhashliteral
 Style/TrailingCommaInHashLiteral:
   EnforcedStyleForMultiline: 'comma'
-
-Style/MiddleDot:
-  Enabled: true

.rubocop_todo.yml

@@ -1,842 +0,0 @@
-# This configuration was generated by
-# `rubocop --auto-gen-config --auto-gen-only-exclude --no-exclude-limit --no-offense-counts --no-auto-gen-timestamp`
-# using RuboCop version 1.56.1.
-# The point is for the user to remove these configuration records
-# one by one as the offenses are removed from the code base.
-# Note that changes in the inspected code, or installation of new
-# versions of RuboCop, may require this file to be generated again.
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation, Include.
-# Include: **/*.gemfile, **/Gemfile, **/gems.rb
-Bundler/OrderedGems:
-  Exclude:
-    - 'Gemfile'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, IndentationWidth.
-# SupportedStyles: with_first_argument, with_fixed_indentation
-Layout/ArgumentAlignment:
-  Exclude:
-    - 'config/initializers/cors.rb'
-    - 'config/initializers/session_store.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowMultipleStyles, EnforcedHashRocketStyle, EnforcedColonStyle, EnforcedLastArgumentHashStyle.
-# SupportedHashRocketStyles: key, separator, table
-# SupportedColonStyles: key, separator, table
-# SupportedLastArgumentHashStyles: always_inspect, always_ignore, ignore_implicit, ignore_explicit
-Layout/HashAlignment:
-  Exclude:
-    - 'config/environments/production.rb'
-    - 'config/initializers/rack_attack.rb'
-    - 'config/routes.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowDoxygenCommentStyle, AllowGemfileRubyComment.
-Layout/LeadingCommentSpace:
-  Exclude:
-    - 'config/application.rb'
-    - 'config/initializers/3_omniauth.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
-# URISchemes: http, https
-Layout/LineLength:
-  Exclude:
-    - 'app/models/account.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: require_no_space, require_space
-Layout/SpaceInLambdaLiteral:
-  Exclude:
-    - 'config/environments/production.rb'
-    - 'config/initializers/content_security_policy.rb'
-
-# Configuration parameters: AllowComments, AllowEmptyLambdas.
-Lint/EmptyBlock:
-  Exclude:
-    - 'spec/controllers/api/v2/search_controller_spec.rb'
-    - 'spec/fabricators/access_token_fabricator.rb'
-    - 'spec/fabricators/conversation_fabricator.rb'
-    - 'spec/fabricators/system_key_fabricator.rb'
-    - 'spec/lib/activitypub/adapter_spec.rb'
-    - 'spec/models/user_role_spec.rb'
-
-Lint/NonLocalExitFromIterator:
-  Exclude:
-    - 'app/helpers/jsonld_helper.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Lint/OrAssignmentToConstant:
-  Exclude:
-    - 'lib/sanitize_ext/sanitize_config.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments.
-Lint/UnusedBlockArgument:
-  Exclude:
-    - 'config/initializers/content_security_policy.rb'
-    - 'config/initializers/doorkeeper.rb'
-    - 'config/initializers/paperclip.rb'
-    - 'config/initializers/simple_form.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Lint/UselessAssignment:
-  Exclude:
-    - 'app/services/activitypub/process_status_update_service.rb'
-    - 'config/initializers/3_omniauth.rb'
-    - 'db/migrate/20190511134027_add_silenced_at_suspended_at_to_accounts.rb'
-    - 'db/post_migrate/20190511152737_remove_suspended_silenced_account_fields.rb'
-    - 'spec/controllers/api/v1/favourites_controller_spec.rb'
-    - 'spec/controllers/concerns/account_controller_concern_spec.rb'
-    - 'spec/helpers/jsonld_helper_spec.rb'
-    - 'spec/models/account_spec.rb'
-    - 'spec/models/domain_block_spec.rb'
-    - 'spec/models/status_spec.rb'
-    - 'spec/models/user_spec.rb'
-    - 'spec/models/webauthn_credentials_spec.rb'
-    - 'spec/services/account_search_service_spec.rb'
-    - 'spec/services/post_status_service_spec.rb'
-    - 'spec/services/precompute_feed_service_spec.rb'
-    - 'spec/services/resolve_url_service_spec.rb'
-    - 'spec/views/statuses/show.html.haml_spec.rb'
-
-# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
-Metrics/AbcSize:
-  Max: 144
-
-# Configuration parameters: CountBlocks, Max.
-Metrics/BlockNesting:
-  Exclude:
-    - 'lib/tasks/mastodon.rake'
-
-# Configuration parameters: AllowedMethods, AllowedPatterns.
-Metrics/CyclomaticComplexity:
-  Max: 25
-
-# Configuration parameters: AllowedMethods, AllowedPatterns.
-Metrics/PerceivedComplexity:
-  Max: 27
-
-# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers, AllowedPatterns.
-# SupportedStyles: snake_case, normalcase, non_integer
-# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339, x86_64
-Naming/VariableNumber:
-  Exclude:
-    - 'db/migrate/20180106000232_add_index_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
-    - 'db/migrate/20180514140000_revert_index_change_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
-    - 'db/migrate/20190820003045_update_statuses_index.rb'
-    - 'db/migrate/20190823221802_add_local_index_to_statuses.rb'
-    - 'db/migrate/20200119112504_add_public_index_to_statuses.rb'
-    - 'spec/models/account_spec.rb'
-    - 'spec/models/domain_block_spec.rb'
-    - 'spec/models/user_spec.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: SafeMultiline.
-Performance/DeletePrefix:
-  Exclude:
-    - 'app/models/featured_tag.rb'
-
-Performance/MapMethodChain:
-  Exclude:
-    - 'app/models/feed.rb'
-    - 'lib/mastodon/cli/maintenance.rb'
-    - 'spec/services/bulk_import_service_spec.rb'
-    - 'spec/services/import_service_spec.rb'
-
-RSpec/AnyInstance:
-  Exclude:
-    - 'spec/controllers/activitypub/inboxes_controller_spec.rb'
-    - 'spec/controllers/admin/accounts_controller_spec.rb'
-    - 'spec/controllers/admin/resets_controller_spec.rb'
-    - 'spec/controllers/admin/settings/branding_controller_spec.rb'
-    - 'spec/controllers/api/v1/media_controller_spec.rb'
-    - 'spec/controllers/auth/sessions_controller_spec.rb'
-    - 'spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb'
-    - 'spec/controllers/settings/two_factor_authentication/recovery_codes_controller_spec.rb'
-    - 'spec/lib/request_spec.rb'
-    - 'spec/lib/status_filter_spec.rb'
-    - 'spec/models/account_spec.rb'
-    - 'spec/models/setting_spec.rb'
-    - 'spec/services/activitypub/process_collection_service_spec.rb'
-    - 'spec/validators/follow_limit_validator_spec.rb'
-    - 'spec/workers/activitypub/delivery_worker_spec.rb'
-    - 'spec/workers/web/push_notification_worker_spec.rb'
-
-# Configuration parameters: CountAsOne.
-RSpec/ExampleLength:
-  Max: 22
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: implicit, each, example
-RSpec/HookArgument:
-  Exclude:
-    - 'spec/controllers/api/v1/streaming_controller_spec.rb'
-    - 'spec/controllers/well_known/webfinger_controller_spec.rb'
-    - 'spec/helpers/instance_helper_spec.rb'
-    - 'spec/models/user_spec.rb'
-    - 'spec/rails_helper.rb'
-    - 'spec/serializers/activitypub/note_serializer_spec.rb'
-    - 'spec/serializers/activitypub/update_poll_serializer_spec.rb'
-    - 'spec/services/import_service_spec.rb'
-
-# Configuration parameters: AssignmentOnly.
-RSpec/InstanceVariable:
-  Exclude:
-    - 'spec/controllers/api/v1/streaming_controller_spec.rb'
-    - 'spec/controllers/auth/confirmations_controller_spec.rb'
-    - 'spec/controllers/auth/passwords_controller_spec.rb'
-    - 'spec/controllers/auth/sessions_controller_spec.rb'
-    - 'spec/controllers/concerns/export_controller_concern_spec.rb'
-    - 'spec/controllers/home_controller_spec.rb'
-    - 'spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb'
-    - 'spec/controllers/statuses_cleanup_controller_spec.rb'
-    - 'spec/models/concerns/account_finder_concern_spec.rb'
-    - 'spec/models/concerns/account_interactions_spec.rb'
-    - 'spec/models/public_feed_spec.rb'
-    - 'spec/serializers/activitypub/note_serializer_spec.rb'
-    - 'spec/serializers/activitypub/update_poll_serializer_spec.rb'
-    - 'spec/services/remove_status_service_spec.rb'
-    - 'spec/services/search_service_spec.rb'
-    - 'spec/services/unblock_domain_service_spec.rb'
-
-RSpec/LetSetup:
-  Exclude:
-    - 'spec/controllers/admin/accounts_controller_spec.rb'
-    - 'spec/controllers/admin/action_logs_controller_spec.rb'
-    - 'spec/controllers/admin/instances_controller_spec.rb'
-    - 'spec/controllers/admin/reports/actions_controller_spec.rb'
-    - 'spec/controllers/admin/statuses_controller_spec.rb'
-    - 'spec/controllers/api/v1/accounts/statuses_controller_spec.rb'
-    - 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
-    - 'spec/controllers/api/v1/filters_controller_spec.rb'
-    - 'spec/controllers/api/v1/followed_tags_controller_spec.rb'
-    - 'spec/controllers/api/v2/admin/accounts_controller_spec.rb'
-    - 'spec/controllers/api/v2/filters/keywords_controller_spec.rb'
-    - 'spec/controllers/api/v2/filters/statuses_controller_spec.rb'
-    - 'spec/controllers/auth/confirmations_controller_spec.rb'
-    - 'spec/controllers/auth/passwords_controller_spec.rb'
-    - 'spec/controllers/auth/sessions_controller_spec.rb'
-    - 'spec/controllers/follower_accounts_controller_spec.rb'
-    - 'spec/controllers/following_accounts_controller_spec.rb'
-    - 'spec/controllers/oauth/authorized_applications_controller_spec.rb'
-    - 'spec/controllers/oauth/tokens_controller_spec.rb'
-    - 'spec/controllers/settings/imports_controller_spec.rb'
-    - 'spec/lib/activitypub/activity/delete_spec.rb'
-    - 'spec/lib/vacuum/applications_vacuum_spec.rb'
-    - 'spec/lib/vacuum/preview_cards_vacuum_spec.rb'
-    - 'spec/models/account_spec.rb'
-    - 'spec/models/account_statuses_cleanup_policy_spec.rb'
-    - 'spec/models/canonical_email_block_spec.rb'
-    - 'spec/models/status_spec.rb'
-    - 'spec/models/user_spec.rb'
-    - 'spec/services/account_statuses_cleanup_service_spec.rb'
-    - 'spec/services/activitypub/fetch_featured_collection_service_spec.rb'
-    - 'spec/services/activitypub/fetch_remote_status_service_spec.rb'
-    - 'spec/services/activitypub/process_account_service_spec.rb'
-    - 'spec/services/activitypub/process_collection_service_spec.rb'
-    - 'spec/services/batched_remove_status_service_spec.rb'
-    - 'spec/services/block_domain_service_spec.rb'
-    - 'spec/services/bulk_import_service_spec.rb'
-    - 'spec/services/delete_account_service_spec.rb'
-    - 'spec/services/import_service_spec.rb'
-    - 'spec/services/notify_service_spec.rb'
-    - 'spec/services/remove_status_service_spec.rb'
-    - 'spec/services/report_service_spec.rb'
-    - 'spec/services/resolve_account_service_spec.rb'
-    - 'spec/services/suspend_account_service_spec.rb'
-    - 'spec/services/unallow_domain_service_spec.rb'
-    - 'spec/services/unsuspend_account_service_spec.rb'
-    - 'spec/workers/scheduler/user_cleanup_scheduler_spec.rb'
-
-RSpec/MessageChain:
-  Exclude:
-    - 'spec/controllers/api/v1/media_controller_spec.rb'
-    - 'spec/models/concerns/remotable_spec.rb'
-    - 'spec/models/session_activation_spec.rb'
-    - 'spec/models/setting_spec.rb'
-
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: have_received, receive
-RSpec/MessageSpies:
-  Exclude:
-    - 'spec/controllers/admin/accounts_controller_spec.rb'
-    - 'spec/helpers/admin/account_moderation_notes_helper_spec.rb'
-    - 'spec/lib/webfinger_resource_spec.rb'
-    - 'spec/models/admin/account_action_spec.rb'
-    - 'spec/models/concerns/remotable_spec.rb'
-    - 'spec/models/follow_request_spec.rb'
-    - 'spec/models/identity_spec.rb'
-    - 'spec/models/session_activation_spec.rb'
-    - 'spec/models/setting_spec.rb'
-    - 'spec/services/activitypub/fetch_replies_service_spec.rb'
-    - 'spec/services/activitypub/process_collection_service_spec.rb'
-    - 'spec/spec_helper.rb'
-    - 'spec/validators/status_length_validator_spec.rb'
-
-RSpec/MultipleExpectations:
-  Max: 8
-
-# Configuration parameters: AllowSubject.
-RSpec/MultipleMemoizedHelpers:
-  Max: 21
-
-# Configuration parameters: AllowedGroups.
-RSpec/NestedGroups:
-  Max: 6
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Rails/ApplicationController:
-  Exclude:
-    - 'app/controllers/health_controller.rb'
-
-# Configuration parameters: Include.
-# Include: db/**/*.rb
-Rails/CreateTableWithTimestamps:
-  Exclude:
-    - 'db/migrate/20170508230434_create_conversation_mutes.rb'
-    - 'db/migrate/20170823162448_create_status_pins.rb'
-    - 'db/migrate/20171116161857_create_list_accounts.rb'
-    - 'db/migrate/20180929222014_create_account_conversations.rb'
-    - 'db/migrate/20181007025445_create_pghero_space_stats.rb'
-    - 'db/migrate/20190103124649_create_scheduled_statuses.rb'
-    - 'db/migrate/20220824233535_create_status_trends.rb'
-    - 'db/migrate/20221006061337_create_preview_card_trends.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: Severity.
-Rails/DuplicateAssociation:
-  Exclude:
-    - 'app/serializers/activitypub/collection_serializer.rb'
-    - 'app/serializers/activitypub/note_serializer.rb'
-
-# Configuration parameters: Include.
-# Include: app/models/**/*.rb
-Rails/HasAndBelongsToMany:
-  Exclude:
-    - 'app/models/concerns/account_associations.rb'
-    - 'app/models/preview_card.rb'
-    - 'app/models/status.rb'
-    - 'app/models/tag.rb'
-
-# Configuration parameters: Include.
-# Include: app/models/**/*.rb
-Rails/HasManyOrHasOneDependent:
-  Exclude:
-    - 'app/models/concerns/account_counters.rb'
-    - 'app/models/conversation.rb'
-    - 'app/models/custom_emoji.rb'
-    - 'app/models/custom_emoji_category.rb'
-    - 'app/models/domain_block.rb'
-    - 'app/models/invite.rb'
-    - 'app/models/status.rb'
-    - 'app/models/user.rb'
-    - 'app/models/web/push_subscription.rb'
-
-Rails/I18nLocaleTexts:
-  Exclude:
-    - 'lib/tasks/mastodon.rake'
-    - 'spec/helpers/flashes_helper_spec.rb'
-
-# Configuration parameters: Include.
-# Include: app/controllers/**/*.rb, app/mailers/**/*.rb
-Rails/LexicallyScopedActionFilter:
-  Exclude:
-    - 'app/controllers/auth/passwords_controller.rb'
-    - 'app/controllers/auth/registrations_controller.rb'
-    - 'app/controllers/auth/sessions_controller.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Rails/NegateInclude:
-  Exclude:
-    - 'app/controllers/concerns/signature_verification.rb'
-    - 'app/helpers/jsonld_helper.rb'
-    - 'app/lib/activitypub/activity/create.rb'
-    - 'app/lib/activitypub/activity/move.rb'
-    - 'app/lib/feed_manager.rb'
-    - 'app/lib/link_details_extractor.rb'
-    - 'app/models/concerns/attachmentable.rb'
-    - 'app/models/concerns/remotable.rb'
-    - 'app/models/custom_filter.rb'
-    - 'app/services/activitypub/process_status_update_service.rb'
-    - 'app/services/fetch_link_card_service.rb'
-    - 'app/services/search_service.rb'
-    - 'app/workers/web/push_notification_worker.rb'
-    - 'lib/paperclip/color_extractor.rb'
-
-Rails/OutputSafety:
-  Exclude:
-    - 'config/initializers/simple_form.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: Include.
-# Include: **/Rakefile, **/*.rake
-Rails/RakeEnvironment:
-  Exclude:
-    - 'lib/tasks/auto_annotate_models.rake'
-    - 'lib/tasks/db.rake'
-    - 'lib/tasks/emojis.rake'
-    - 'lib/tasks/mastodon.rake'
-    - 'lib/tasks/repo.rake'
-    - 'lib/tasks/statistics.rake'
-
-# Configuration parameters: Include.
-# Include: db/**/*.rb
-Rails/ReversibleMigration:
-  Exclude:
-    - 'db/migrate/20160223164502_make_uris_nullable_in_statuses.rb'
-    - 'db/migrate/20161122163057_remove_unneeded_indexes.rb'
-    - 'db/migrate/20170205175257_remove_devices.rb'
-    - 'db/migrate/20170322143850_change_primary_key_to_bigint_on_statuses.rb'
-    - 'db/migrate/20170520145338_change_language_filter_to_opt_out.rb'
-    - 'db/migrate/20170609145826_remove_default_language_from_statuses.rb'
-    - 'db/migrate/20170711225116_fix_null_booleans.rb'
-    - 'db/migrate/20171129172043_add_index_on_stream_entries.rb'
-    - 'db/migrate/20171212195226_remove_duplicate_indexes_in_lists.rb'
-    - 'db/migrate/20171226094803_more_faster_index_on_notifications.rb'
-    - 'db/migrate/20180106000232_add_index_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
-    - 'db/migrate/20180617162849_remove_unused_indexes.rb'
-    - 'db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb'
-
-# Configuration parameters: ForbiddenMethods, AllowedMethods.
-# ForbiddenMethods: decrement!, decrement_counter, increment!, increment_counter, insert, insert!, insert_all, insert_all!, toggle!, touch, touch_all, update_all, update_attribute, update_column, update_columns, update_counters, upsert, upsert_all
-Rails/SkipsModelValidations:
-  Exclude:
-    - 'app/controllers/admin/invites_controller.rb'
-    - 'app/controllers/concerns/session_tracking_concern.rb'
-    - 'app/models/concerns/account_merging.rb'
-    - 'app/models/concerns/expireable.rb'
-    - 'app/models/status.rb'
-    - 'app/models/trends/links.rb'
-    - 'app/models/trends/preview_card_batch.rb'
-    - 'app/models/trends/preview_card_provider_batch.rb'
-    - 'app/models/trends/status_batch.rb'
-    - 'app/models/trends/statuses.rb'
-    - 'app/models/trends/tag_batch.rb'
-    - 'app/models/trends/tags.rb'
-    - 'app/models/user.rb'
-    - 'app/services/activitypub/process_status_update_service.rb'
-    - 'app/services/approve_appeal_service.rb'
-    - 'app/services/block_domain_service.rb'
-    - 'app/services/delete_account_service.rb'
-    - 'app/services/process_mentions_service.rb'
-    - 'app/services/unallow_domain_service.rb'
-    - 'app/services/unblock_domain_service.rb'
-    - 'app/services/update_status_service.rb'
-    - 'app/workers/activitypub/post_upgrade_worker.rb'
-    - 'app/workers/move_worker.rb'
-    - 'app/workers/scheduler/ip_cleanup_scheduler.rb'
-    - 'app/workers/scheduler/scheduled_statuses_scheduler.rb'
-    - 'db/migrate/20161203164520_add_from_account_id_to_notifications.rb'
-    - 'db/migrate/20170105224407_add_shortcode_to_media_attachments.rb'
-    - 'db/migrate/20170209184350_add_reply_to_statuses.rb'
-    - 'db/migrate/20170304202101_add_type_to_media_attachments.rb'
-    - 'db/migrate/20180528141303_fix_accounts_unique_index.rb'
-    - 'db/migrate/20180609104432_migrate_web_push_subscriptions2.rb'
-    - 'db/migrate/20181207011115_downcase_custom_emoji_domains.rb'
-    - 'db/migrate/20190511134027_add_silenced_at_suspended_at_to_accounts.rb'
-    - 'db/migrate/20191007013357_update_pt_locales.rb'
-    - 'db/migrate/20220316233212_update_kurdish_locales.rb'
-    - 'db/post_migrate/20190511152737_remove_suspended_silenced_account_fields.rb'
-    - 'db/post_migrate/20200917193528_migrate_notifications_type.rb'
-    - 'db/post_migrate/20201017234926_fill_account_suspension_origin.rb'
-    - 'db/post_migrate/20220617202502_migrate_roles.rb'
-    - 'db/post_migrate/20221101190723_backfill_admin_action_logs.rb'
-    - 'db/post_migrate/20221206114142_backfill_admin_action_logs_again.rb'
-    - 'lib/mastodon/cli/accounts.rb'
-    - 'lib/mastodon/cli/main.rb'
-    - 'lib/mastodon/cli/maintenance.rb'
-    - 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
-    - 'spec/lib/activitypub/activity/follow_spec.rb'
-    - 'spec/services/follow_service_spec.rb'
-    - 'spec/services/update_account_service_spec.rb'
-
-# Configuration parameters: Include.
-# Include: db/**/*.rb
-Rails/ThreeStateBooleanColumn:
-  Exclude:
-    - 'db/migrate/20160325130944_add_admin_to_users.rb'
-    - 'db/migrate/20161123093447_add_sensitive_to_statuses.rb'
-    - 'db/migrate/20170123203248_add_reject_media_to_domain_blocks.rb'
-    - 'db/migrate/20170127165745_add_devise_two_factor_to_users.rb'
-    - 'db/migrate/20170209184350_add_reply_to_statuses.rb'
-    - 'db/migrate/20170330163835_create_imports.rb'
-    - 'db/migrate/20170905165803_add_local_to_statuses.rb'
-    - 'db/migrate/20181203021853_add_discoverable_to_accounts.rb'
-    - 'db/migrate/20190509164208_add_by_moderator_to_tombstone.rb'
-    - 'db/migrate/20190805123746_add_capabilities_to_tags.rb'
-    - 'db/migrate/20191212163405_add_hide_collections_to_accounts.rb'
-    - 'db/migrate/20200309150742_add_forwarded_to_reports.rb'
-    - 'db/migrate/20210609202149_create_login_activities.rb'
-    - 'db/migrate/20210621221010_add_skip_sign_in_token_to_users.rb'
-    - 'db/migrate/20211031031021_create_preview_card_providers.rb'
-    - 'db/migrate/20211115032527_add_trendable_to_preview_cards.rb'
-    - 'db/migrate/20220202200743_add_trendable_to_accounts.rb'
-    - 'db/migrate/20220202200926_add_trendable_to_statuses.rb'
-    - 'db/migrate/20220303000827_add_ordered_media_attachment_ids_to_status_edits.rb'
-
-# Configuration parameters: Include.
-# Include: app/models/**/*.rb
-Rails/UniqueValidationWithoutIndex:
-  Exclude:
-    - 'app/models/account_alias.rb'
-    - 'app/models/custom_filter_status.rb'
-    - 'app/models/identity.rb'
-    - 'app/models/webauthn_credential.rb'
-
-# Configuration parameters: Include.
-# Include: app/models/**/*.rb
-Rails/UnusedIgnoredColumns:
-  Exclude:
-    - 'app/models/account.rb'
-    - 'app/models/account_stat.rb'
-    - 'app/models/admin/action_log.rb'
-    - 'app/models/custom_filter.rb'
-    - 'app/models/email_domain_block.rb'
-    - 'app/models/report.rb'
-    - 'app/models/status_edit.rb'
-    - 'app/models/user.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: exists, where
-Rails/WhereExists:
-  Exclude:
-    - 'app/controllers/activitypub/inboxes_controller.rb'
-    - 'app/controllers/admin/email_domain_blocks_controller.rb'
-    - 'app/controllers/auth/registrations_controller.rb'
-    - 'app/lib/activitypub/activity/create.rb'
-    - 'app/lib/delivery_failure_tracker.rb'
-    - 'app/lib/feed_manager.rb'
-    - 'app/lib/status_cache_hydrator.rb'
-    - 'app/lib/suspicious_sign_in_detector.rb'
-    - 'app/models/concerns/account_interactions.rb'
-    - 'app/models/featured_tag.rb'
-    - 'app/models/poll.rb'
-    - 'app/models/session_activation.rb'
-    - 'app/models/status.rb'
-    - 'app/models/user.rb'
-    - 'app/policies/status_policy.rb'
-    - 'app/serializers/rest/announcement_serializer.rb'
-    - 'app/serializers/rest/tag_serializer.rb'
-    - 'app/services/activitypub/fetch_remote_status_service.rb'
-    - 'app/services/app_sign_up_service.rb'
-    - 'app/services/vote_service.rb'
-    - 'app/validators/reaction_validator.rb'
-    - 'app/validators/vote_validator.rb'
-    - 'app/workers/move_worker.rb'
-    - 'db/migrate/20190529143559_preserve_old_layout_for_existing_users.rb'
-    - 'lib/tasks/tests.rake'
-    - 'spec/models/account_spec.rb'
-    - 'spec/services/activitypub/process_collection_service_spec.rb'
-    - 'spec/services/purge_domain_service_spec.rb'
-    - 'spec/services/unallow_domain_service_spec.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowOnConstant, AllowOnSelfClass.
-Style/CaseEquality:
-  Exclude:
-    - 'config/initializers/trusted_proxies.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowedMethods, AllowedPatterns.
-# AllowedMethods: ==, equal?, eql?
-Style/ClassEqualityComparison:
-  Exclude:
-    - 'app/helpers/jsonld_helper.rb'
-    - 'app/serializers/activitypub/outbox_serializer.rb'
-
-Style/ClassVars:
-  Exclude:
-    - 'config/initializers/devise.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Style/CombinableLoops:
-  Exclude:
-    - 'app/models/form/custom_emoji_batch.rb'
-    - 'app/models/form/ip_block_batch.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowedVars.
-Style/FetchEnvVar:
-  Exclude:
-    - 'app/lib/redis_configuration.rb'
-    - 'app/lib/translation_service.rb'
-    - 'config/environments/development.rb'
-    - 'config/environments/production.rb'
-    - 'config/initializers/2_limited_federation_mode.rb'
-    - 'config/initializers/3_omniauth.rb'
-    - 'config/initializers/blacklists.rb'
-    - 'config/initializers/cache_buster.rb'
-    - 'config/initializers/content_security_policy.rb'
-    - 'config/initializers/devise.rb'
-    - 'config/initializers/paperclip.rb'
-    - 'config/initializers/vapid.rb'
-    - 'lib/mastodon/premailer_webpack_strategy.rb'
-    - 'lib/mastodon/redis_config.rb'
-    - 'lib/tasks/repo.rake'
-    - 'spec/features/profile_spec.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns.
-# SupportedStyles: annotated, template, unannotated
-# AllowedMethods: redirect
-Style/FormatStringToken:
-  Exclude:
-    - 'app/models/privacy_policy.rb'
-    - 'config/initializers/devise.rb'
-    - 'lib/paperclip/color_extractor.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Style/GlobalStdStream:
-  Exclude:
-    - 'config/boot.rb'
-    - 'config/environments/development.rb'
-    - 'config/environments/production.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: MinBodyLength, AllowConsecutiveConditionals.
-Style/GuardClause:
-  Exclude:
-    - 'app/controllers/admin/confirmations_controller.rb'
-    - 'app/controllers/auth/confirmations_controller.rb'
-    - 'app/controllers/auth/passwords_controller.rb'
-    - 'app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb'
-    - 'app/lib/activitypub/activity/block.rb'
-    - 'app/lib/request.rb'
-    - 'app/lib/request_pool.rb'
-    - 'app/lib/webfinger.rb'
-    - 'app/lib/webfinger_resource.rb'
-    - 'app/models/concerns/account_counters.rb'
-    - 'app/models/concerns/ldap_authenticable.rb'
-    - 'app/models/tag.rb'
-    - 'app/models/user.rb'
-    - 'app/services/fan_out_on_write_service.rb'
-    - 'app/services/post_status_service.rb'
-    - 'app/services/process_hashtags_service.rb'
-    - 'app/workers/move_worker.rb'
-    - 'app/workers/redownload_avatar_worker.rb'
-    - 'app/workers/redownload_header_worker.rb'
-    - 'app/workers/redownload_media_worker.rb'
-    - 'app/workers/remote_account_refresh_worker.rb'
-    - 'config/initializers/devise.rb'
-    - 'db/migrate/20170901141119_truncate_preview_cards.rb'
-    - 'db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb'
-    - 'lib/devise/two_factor_ldap_authenticatable.rb'
-    - 'lib/devise/two_factor_pam_authenticatable.rb'
-    - 'lib/mastodon/cli/accounts.rb'
-    - 'lib/mastodon/cli/maintenance.rb'
-    - 'lib/mastodon/cli/media.rb'
-    - 'lib/paperclip/attachment_extensions.rb'
-    - 'lib/tasks/repo.rake'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: braces, no_braces
-Style/HashAsLastArrayItem:
-  Exclude:
-    - 'app/controllers/admin/statuses_controller.rb'
-    - 'app/controllers/api/v1/statuses_controller.rb'
-    - 'app/models/concerns/account_counters.rb'
-    - 'app/models/concerns/status_threading_concern.rb'
-    - 'app/models/status.rb'
-    - 'app/services/batched_remove_status_service.rb'
-    - 'app/services/notify_service.rb'
-    - 'db/migrate/20181024224956_migrate_account_conversations.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Style/HashTransformValues:
-  Exclude:
-    - 'app/serializers/rest/web_push_subscription_serializer.rb'
-    - 'app/services/import_service.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-Style/IfUnlessModifier:
-  Exclude:
-    - 'config/environments/production.rb'
-    - 'config/initializers/devise.rb'
-    - 'config/initializers/ffmpeg.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: InverseMethods, InverseBlocks.
-Style/InverseMethods:
-  Exclude:
-    - 'app/models/custom_filter.rb'
-    - 'app/services/update_account_service.rb'
-    - 'spec/controllers/activitypub/replies_controller_spec.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: line_count_dependent, lambda, literal
-Style/Lambda:
-  Exclude:
-    - 'config/initializers/simple_form.rb'
-    - 'config/routes.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Style/MapToHash:
-  Exclude:
-    - 'app/models/status.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: literals, strict
-Style/MutableConstant:
-  Exclude:
-    - 'app/models/tag.rb'
-    - 'app/services/delete_account_service.rb'
-    - 'lib/mastodon/migration_warning.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-Style/NilLambda:
-  Exclude:
-    - 'config/initializers/paperclip.rb'
-
-# Configuration parameters: AllowedMethods.
-# AllowedMethods: respond_to_missing?
-Style/OptionalBooleanParameter:
-  Exclude:
-    - 'app/helpers/admin/account_moderation_notes_helper.rb'
-    - 'app/helpers/jsonld_helper.rb'
-    - 'app/lib/admin/system_check/message.rb'
-    - 'app/lib/request.rb'
-    - 'app/lib/webfinger.rb'
-    - 'app/services/block_domain_service.rb'
-    - 'app/services/fetch_resource_service.rb'
-    - 'app/workers/domain_block_worker.rb'
-    - 'app/workers/unfollow_follow_worker.rb'
-    - 'lib/mastodon/redis_config.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: PreferredDelimiters.
-Style/PercentLiteralDelimiters:
-  Exclude:
-    - 'config/deploy.rb'
-    - 'config/initializers/doorkeeper.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: short, verbose
-Style/PreferredHashMethods:
-  Exclude:
-    - 'config/initializers/paperclip.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-Style/RedundantConstantBase:
-  Exclude:
-    - 'config/environments/production.rb'
-    - 'config/initializers/sidekiq.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: SafeForConstants.
-Style/RedundantFetchBlock:
-  Exclude:
-    - 'config/initializers/1_hosts.rb'
-    - 'config/initializers/chewy.rb'
-    - 'config/initializers/devise.rb'
-    - 'config/initializers/paperclip.rb'
-    - 'config/puma.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowMultipleReturnValues.
-Style/RedundantReturn:
-  Exclude:
-    - 'app/controllers/api/v1/directories_controller.rb'
-    - 'app/controllers/auth/confirmations_controller.rb'
-    - 'app/lib/ostatus/tag_manager.rb'
-    - 'app/models/form/import.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods, MaxChainLength.
-# AllowedMethods: present?, blank?, presence, try, try!
-Style/SafeNavigation:
-  Exclude:
-    - 'app/models/concerns/account_finder_concern.rb'
-    - 'app/models/status.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: only_raise, only_fail, semantic
-Style/SignalException:
-  Exclude:
-    - 'lib/devise/two_factor_ldap_authenticatable.rb'
-    - 'lib/devise/two_factor_pam_authenticatable.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Style/SingleArgumentDig:
-  Exclude:
-    - 'lib/webpacker/manifest_extensions.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: require_parentheses, require_no_parentheses
-Style/StabbyLambdaParentheses:
-  Exclude:
-    - 'config/environments/production.rb'
-    - 'config/initializers/content_security_policy.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-Style/StderrPuts:
-  Exclude:
-    - 'config/boot.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: Mode.
-Style/StringConcatenation:
-  Exclude:
-    - 'config/initializers/paperclip.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline.
-# SupportedStyles: single_quotes, double_quotes
-Style/StringLiterals:
-  Exclude:
-    - 'config/environments/production.rb'
-    - 'config/initializers/backtrace_silencers.rb'
-    - 'config/initializers/http_client_proxy.rb'
-    - 'config/initializers/rack_attack.rb'
-    - 'config/initializers/webauthn.rb'
-    - 'config/routes.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: AllowMethodsWithArguments, AllowedMethods, AllowedPatterns, AllowComments.
-# AllowedMethods: define_method, mail, respond_to
-Style/SymbolProc:
-  Exclude:
-    - 'config/initializers/3_omniauth.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, AllowSafeAssignment.
-# SupportedStyles: require_parentheses, require_no_parentheses, require_parentheses_when_complex
-Style/TernaryParentheses:
-  Exclude:
-    - 'config/environments/development.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyleForMultiline.
-# SupportedStylesForMultiline: comma, consistent_comma, no_comma
-Style/TrailingCommaInArguments:
-  Exclude:
-    - 'config/initializers/paperclip.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyleForMultiline.
-# SupportedStylesForMultiline: comma, consistent_comma, no_comma
-Style/TrailingCommaInHashLiteral:
-  Exclude:
-    - 'config/environments/production.rb'
-    - 'config/environments/test.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, MinSize, WordRegex.
-# SupportedStyles: percent, brackets
-Style/WordArray:
-  Exclude:
-    - 'app/helpers/languages_helper.rb'
-    - 'config/initializers/cors.rb'
-    - 'spec/controllers/settings/imports_controller_spec.rb'
-    - 'spec/models/form/import_spec.rb'

.ruby-gemset

@@ -1 +0,0 @@
-mastodon

.ruby-version

@@ -1 +1 @@
-3.2.3
+2.6.6

.sass-lint.yml

@@ -0,0 +1,37 @@
+# Linter Documentation:
+# https://github.com/sasstools/sass-lint/tree/v1.13.1/docs/options
+
+files:
+  include: app/javascript/styles/**/*.scss
+  ignore:
+    - app/javascript/styles/mastodon/reset.scss
+
+rules:
+  # Disallows
+  no-color-literals: 0
+  no-css-comments: 0
+  no-duplicate-properties: 0
+  no-ids: 0
+  no-important: 0
+  no-mergeable-selectors: 0
+  no-misspelled-properties: 0
+  no-qualifying-elements: 0
+  no-transition-all: 0
+  no-vendor-prefixes: 0
+
+  # Nesting
+  force-element-nesting: 0
+  force-attribute-nesting: 0
+  force-pseudo-nesting: 0
+
+  # Name Formats
+  class-name-format: 0
+  leading-zero: 0
+
+  # Style Guide
+  attribute-quotes: 0
+  hex-length: 0
+  indentation: 0
+  nesting-depth: 0
+  property-sort-order: 0
+  quotes: 0

.yarnclean

@@ -44,6 +44,3 @@ Gruntfile.js
 # for specific ignore
 !.svgo.yml
 !sass-lint/**/*.yml
-
-# breaks lint-staged or generally anything using https://github.com/eemeli/yaml/issues/384
-!**/yaml/dist/**/doc

Aptfile

@@ -1,5 +1,28 @@
 ffmpeg
-libopenblas0-pthread
+libicu[0-9][0-9]
+libicu-dev
+libidn11
+libidn11-dev
 libpq-dev
+libprotobuf-dev
 libxdamage1
 libxfixes3
+protobuf-compiler
+zlib1g-dev
+libcairo2
+libcroco3
+libdatrie1
+libgdk-pixbuf2.0-0
+libgraphite2-3
+libharfbuzz0b
+libpango-1.0-0
+libpangocairo-1.0-0
+libpangoft2-1.0-0
+libpixman-1-0
+librsvg2-2
+libthai-data
+libthai0
+libvpx5
+libxcb-render0
+libxcb-shm0
+libxrender1

CODE_OF_CONDUCT.md

@@ -2,131 +2,45 @@
 
 ## Our Pledge
 
-We as members, contributors, and leaders pledge to make participation in our
-community a harassment-free experience for everyone, regardless of age, body
-size, visible or invisible disability, ethnicity, sex characteristics, gender
-identity and expression, level of experience, education, socio-economic status,
-nationality, personal appearance, race, caste, color, religion, or sexual
-identity and orientation.
-
-We pledge to act and interact in ways that contribute to an open, welcoming,
-diverse, inclusive, and healthy community.
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
 
 ## Our Standards
 
-Examples of behavior that contributes to a positive environment for our
-community include:
+Examples of behavior that contributes to creating a positive environment include:
 
-- Demonstrating empathy and kindness toward other people
-- Being respectful of differing opinions, viewpoints, and experiences
-- Giving and gracefully accepting constructive feedback
-- Accepting responsibility and apologizing to those affected by our mistakes,
-  and learning from the experience
-- Focusing on what is best not just for us as individuals, but for the overall
-  community
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
 
-Examples of unacceptable behavior include:
+Examples of unacceptable behavior by participants include:
 
-- The use of sexualized language or imagery, and sexual attention or advances of
-  any kind
-- Trolling, insulting or derogatory comments, and personal or political attacks
-- Public or private harassment
-- Publishing others' private information, such as a physical or email address,
-  without their explicit permission
-- Other conduct which could reasonably be considered inappropriate in a
-  professional setting
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
 
-## Enforcement Responsibilities
+## Our Responsibilities
 
-Community leaders are responsible for clarifying and enforcing our standards of
-acceptable behavior and will take appropriate and fair corrective action in
-response to any behavior that they deem inappropriate, threatening, offensive,
-or harmful.
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
 
-Community leaders have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions that are
-not aligned to this Code of Conduct, and will communicate reasons for moderation
-decisions when appropriate.
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
 
 ## Scope
 
-This Code of Conduct applies within all community spaces, and also applies when
-an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official e-mail address,
-posting via an official social media account, or acting as an appointed
-representative at an online or offline event.
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported to the community leaders responsible for enforcement at
-[hello@joinmastodon.org](mailto:hello@joinmastodon.org).
-All complaints will be reviewed and investigated promptly and fairly.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at eugen@zeonfederated.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
 
-All community leaders are obligated to respect the privacy and security of the
-reporter of any incident.
-
-## Enforcement Guidelines
-
-Community leaders will follow these Community Impact Guidelines in determining
-the consequences for any action they deem in violation of this Code of Conduct:
-
-### 1. Correction
-
-**Community Impact**: Use of inappropriate language or other behavior deemed
-unprofessional or unwelcome in the community.
-
-**Consequence**: A private, written warning from community leaders, providing
-clarity around the nature of the violation and an explanation of why the
-behavior was inappropriate. A public apology may be requested.
-
-### 2. Warning
-
-**Community Impact**: A violation through a single incident or series of
-actions.
-
-**Consequence**: A warning with consequences for continued behavior. No
-interaction with the people involved, including unsolicited interaction with
-those enforcing the Code of Conduct, for a specified period of time. This
-includes avoiding interactions in community spaces as well as external channels
-like social media. Violating these terms may lead to a temporary or permanent
-ban.
-
-### 3. Temporary Ban
-
-**Community Impact**: A serious violation of community standards, including
-sustained inappropriate behavior.
-
-**Consequence**: A temporary ban from any sort of interaction or public
-communication with the community for a specified period of time. No public or
-private interaction with the people involved, including unsolicited interaction
-with those enforcing the Code of Conduct, is allowed during this period.
-Violating these terms may lead to a permanent ban.
-
-### 4. Permanent Ban
-
-**Community Impact**: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior, harassment of an
-individual, or aggression toward or disparagement of classes of individuals.
-
-**Consequence**: A permanent ban from any sort of public interaction within the
-community.
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
 
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage],
-version 2.1, available at
-[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
 
-Community Impact Guidelines were inspired by
-[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
-
-For answers to common questions about this code of conduct, see the FAQ at
-[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
-[https://www.contributor-covenant.org/translations][translations].
-
-[homepage]: https://www.contributor-covenant.org
-[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
-[Mozilla CoC]: https://github.com/mozilla/diversity
-[FAQ]: https://www.contributor-covenant.org/faq
-[translations]: https://www.contributor-covenant.org/translations
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

CONTRIBUTING.md

@@ -1,4 +1,5 @@
-# Contributing
+Contributing
+============
 
 Thank you for considering contributing to Mastodon 🐘
 
@@ -13,7 +14,7 @@ If your contributions are accepted into Mastodon, you can request to be paid thr
 
 ## Bug reports
 
-Bug reports and feature suggestions must use descriptive and concise titles and be submitted to [GitHub Issues](https://github.com/mastodon/mastodon/issues). Please use the search function to make sure that you are not submitting duplicates, and that a similar report or request has not already been resolved or rejected.
+Bug reports and feature suggestions must use descriptive and concise titles and be submitted to [GitHub Issues](https://github.com/tootsuite/mastodon/issues). Please use the search function to make sure that you are not submitting duplicates, and that a similar report or request has not already been resolved or rejected.
 
 ## Translations
 
@@ -23,17 +24,9 @@ You can submit translations via [Crowdin](https://crowdin.com/project/mastodon).
 
 ## Pull requests
 
-**Please use clean, concise titles for your pull requests.** Unless the pull request is about refactoring code, updating dependencies or other internal tasks, assume that the person reading the pull request title is not a programmer or Mastodon developer, but instead a Mastodon user or server administrator, and **try to describe your change or fix from their perspective**. We use commit squashing, so the final commit in the main branch will carry the title of the pull request, and commits from the main branch are fed into the changelog. The changelog is separated into [keepachangelog.com categories](https://keepachangelog.com/en/1.0.0/), and while that spec does not prescribe how the entries ought to be named, for easier sorting, start your pull request titles using one of the verbs "Add", "Change", "Deprecate", "Remove", or "Fix" (present tense).
+Please use clean, concise titles for your pull requests. We use commit squashing, so the final commit in the master branch will carry the title of the pull request.
 
-Example:
-
-| Not ideal                            | Better                                                        |
-| ------------------------------------ | ------------------------------------------------------------- |
-| Fixed NoMethodError in RemovalWorker | Fix nil error when removing statuses caused by race condition |
-
-It is not always possible to phrase every change in such a manner, but it is desired.
-
-**The smaller the set of changes in the pull request is, the quicker it can be reviewed and merged.** Splitting tasks into multiple smaller pull requests is often preferable.
+The smaller the set of changes in the pull request is, the quicker it can be reviewed and merged. Splitting tasks into multiple smaller pull requests is often preferable.
 
 **Pull requests that do not pass automated checks may not be reviewed**. In particular, you need to keep in mind:
 
@@ -43,4 +36,4 @@ It is not always possible to phrase every change in such a manner, but it is des
 
 ## Documentation
 
-The [Mastodon documentation](https://docs.joinmastodon.org) is a statically generated site. You can [submit merge requests to mastodon/documentation](https://github.com/mastodon/documentation).
+The [Mastodon documentation](https://docs.joinmastodon.org) is a statically generated site. You can [submit merge requests to mastodon/docs](https://source.joinmastodon.org/mastodon/docs).

Capfile

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-
 require 'capistrano/setup'
 require 'capistrano/deploy'
 require 'capistrano/scm/git'

Dockerfile

@@ -1,105 +1,139 @@
-# syntax=docker/dockerfile:1.4
-# This needs to be bookworm-slim because the Ruby image is built on bookworm-slim
-ARG NODE_VERSION="20.6-bookworm-slim"
+FROM ubuntu:20.04 as build-dep
 
-FROM ghcr.io/moritzheiber/ruby-jemalloc:3.2.3-slim as ruby
-FROM node:${NODE_VERSION} as build
+# Use bash for the shell
+SHELL ["bash", "-c"]
 
-COPY --link --from=ruby /opt/ruby /opt/ruby
+# Install Node v12 (LTS)
+ENV NODE_VER="12.16.3"
+RUN ARCH= && \
+    dpkgArch="$(dpkg --print-architecture)" && \
+  case "${dpkgArch##*-}" in \
+    amd64) ARCH='x64';; \
+    ppc64el) ARCH='ppc64le';; \
+    s390x) ARCH='s390x';; \
+    arm64) ARCH='arm64';; \
+    armhf) ARCH='armv7l';; \
+    i386) ARCH='x86';; \
+    *) echo "unsupported architecture"; exit 1 ;; \
+  esac && \
+    echo "Etc/UTC" > /etc/localtime && \
+	apt update && \
+	apt -y install wget python && \
+	cd ~ && \
+	wget https://nodejs.org/download/release/v$NODE_VER/node-v$NODE_VER-linux-$ARCH.tar.gz && \
+	tar xf node-v$NODE_VER-linux-$ARCH.tar.gz && \
+	rm node-v$NODE_VER-linux-$ARCH.tar.gz && \
+	mv node-v$NODE_VER-linux-$ARCH /opt/node
 
-ENV DEBIAN_FRONTEND="noninteractive" \
-    PATH="${PATH}:/opt/ruby/bin"
+# Install jemalloc
+ENV JE_VER="5.2.1"
+RUN apt update && \
+	apt -y install make autoconf gcc g++ && \
+	cd ~ && \
+	wget https://github.com/jemalloc/jemalloc/archive/$JE_VER.tar.gz && \
+	tar xf $JE_VER.tar.gz && \
+	cd jemalloc-$JE_VER && \
+	./autogen.sh && \
+	./configure --prefix=/opt/jemalloc && \
+	make -j$(nproc) > /dev/null && \
+	make install_bin install_include install_lib
 
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+# Install Ruby
+ENV RUBY_VER="2.6.6"
+ENV CPPFLAGS="-I/opt/jemalloc/include"
+ENV LDFLAGS="-L/opt/jemalloc/lib/"
+RUN apt update && \
+	apt -y install build-essential \
+		bison libyaml-dev libgdbm-dev libreadline-dev \
+		libncurses5-dev libffi-dev zlib1g-dev libssl-dev && \
+	cd ~ && \
+	wget https://cache.ruby-lang.org/pub/ruby/${RUBY_VER%.*}/ruby-$RUBY_VER.tar.gz && \
+	tar xf ruby-$RUBY_VER.tar.gz && \
+	cd ruby-$RUBY_VER && \
+	./configure --prefix=/opt/ruby \
+	  --with-jemalloc \
+	  --with-shared \
+	  --disable-install-doc && \
+	ln -s /opt/jemalloc/lib/* /usr/lib/ && \
+	make -j$(nproc) > /dev/null && \
+	make install
+
+ENV PATH="${PATH}:/opt/ruby/bin:/opt/node/bin"
+
+RUN npm install -g yarn && \
+	gem install bundler && \
+	apt update && \
+	apt -y install git libicu-dev libidn11-dev \
+	libpq-dev libprotobuf-dev protobuf-compiler
 
-WORKDIR /opt/mastodon
 COPY Gemfile* package.json yarn.lock /opt/mastodon/
 
-# hadolint ignore=DL3008
-RUN apt-get update && \
-    apt-get -yq dist-upgrade && \
-    apt-get install -y --no-install-recommends build-essential \
-        git \
-        libicu-dev \
-        libidn-dev \
-        libpq-dev \
-        libjemalloc-dev \
-        zlib1g-dev \
-        libgdbm-dev \
-        libgmp-dev \
-        libssl-dev \
-        libyaml-0-2 \
-        ca-certificates \
-        libreadline8 \
-        python3 \
-        shared-mime-info && \
-    bundle config set --local deployment 'true' && \
-    bundle config set --local without 'development test' && \
-    bundle config set silence_root_warning true && \
-    bundle install -j"$(nproc)" && \
-    yarn install --pure-lockfile --production --network-timeout 600000 && \
-    yarn cache clean
+RUN cd /opt/mastodon && \
+  bundle config set deployment 'true' && \
+  bundle config set without 'development test' && \
+	bundle install -j$(nproc) && \
+	yarn install --pure-lockfile
 
-FROM node:${NODE_VERSION}
+FROM ubuntu:20.04
 
-# Use those args to specify your own version flags & suffixes
-ARG MASTODON_VERSION_PRERELEASE=""
-ARG MASTODON_VERSION_METADATA=""
+# Copy over all the langs needed for runtime
+COPY --from=build-dep /opt/node /opt/node
+COPY --from=build-dep /opt/ruby /opt/ruby
+COPY --from=build-dep /opt/jemalloc /opt/jemalloc
 
-ARG UID="991"
-ARG GID="991"
+# Add more PATHs to the PATH
+ENV PATH="${PATH}:/opt/ruby/bin:/opt/node/bin:/opt/mastodon/bin"
 
-COPY --link --from=ruby /opt/ruby /opt/ruby
+# Create the mastodon user
+ARG UID=991
+ARG GID=991
+RUN apt update && \
+	echo "Etc/UTC" > /etc/localtime && \
+	ln -s /opt/jemalloc/lib/* /usr/lib/ && \
+	apt install -y whois wget && \
+	addgroup --gid $GID mastodon && \
+	useradd -m -u $UID -g $GID -d /opt/mastodon mastodon && \
+	echo "mastodon:`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 | mkpasswd -s -m sha-256`" | chpasswd
 
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+# Install mastodon runtime deps
+RUN apt -y --no-install-recommends install \
+	  libssl1.1 libpq5 imagemagick ffmpeg \
+	  libicu66 libprotobuf17 libidn11 libyaml-0-2 \
+	  file ca-certificates tzdata libreadline8 && \
+	apt -y install gcc && \
+	ln -s /opt/mastodon /mastodon && \
+	gem install bundler && \
+	rm -rf /var/cache && \
+	rm -rf /var/lib/apt/lists/*
 
-ENV DEBIAN_FRONTEND="noninteractive" \
-    PATH="${PATH}:/opt/ruby/bin:/opt/mastodon/bin"
-
-# Ignoring these here since we don't want to pin any versions and the Debian image removes apt-get content after use
-# hadolint ignore=DL3008,DL3009
-RUN apt-get update && \
-    echo "Etc/UTC" > /etc/localtime && \
-    groupadd -g "${GID}" mastodon && \
-    useradd -l -u "$UID" -g "${GID}" -m -d /opt/mastodon mastodon && \
-    apt-get -y --no-install-recommends install whois \
-        wget \
-        procps \
-        libssl3 \
-        libpq5 \
-        imagemagick \
-        ffmpeg \
-        libjemalloc2 \
-        libicu72 \
-        libidn12 \
-        libyaml-0-2 \
-        file \
-        ca-certificates \
-        tzdata \
-        libreadline8 \
-        tini && \
-    ln -s /opt/mastodon /mastodon
-
-# Note: no, cleaning here since Debian does this automatically
-# See the file /etc/apt/apt.conf.d/docker-clean within the Docker image's filesystem
+# Add tini
+ENV TINI_VERSION="0.18.0"
+ENV TINI_SUM="12d20136605531b09a2c2dac02ccee85e1b874eb322ef6baf7561cd93f93c855"
+ADD https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini /tini
+RUN echo "$TINI_SUM tini" | sha256sum -c -
+RUN chmod +x /tini
 
+# Copy over mastodon source, and dependencies from building, and set permissions
 COPY --chown=mastodon:mastodon . /opt/mastodon
-COPY --chown=mastodon:mastodon --from=build /opt/mastodon /opt/mastodon
+COPY --from=build-dep --chown=mastodon:mastodon /opt/mastodon /opt/mastodon
 
-ENV RAILS_ENV="production" \
-    NODE_ENV="production" \
-    RAILS_SERVE_STATIC_FILES="true" \
-    BIND="0.0.0.0" \
-    MASTODON_VERSION_PRERELEASE="${MASTODON_VERSION_PRERELEASE}" \
-    MASTODON_VERSION_METADATA="${MASTODON_VERSION_METADATA}"
+# Run mastodon services in prod mode
+ENV RAILS_ENV="production"
+ENV NODE_ENV="production"
+
+# Tell rails to serve static files
+ENV RAILS_SERVE_STATIC_FILES="true"
+ENV BIND="0.0.0.0"
 
 # Set the run user
 USER mastodon
-WORKDIR /opt/mastodon
 
 # Precompile assets
-RUN OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile
+RUN cd ~ && \
+	OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile && \
+	yarn cache clean
 
 # Set the work dir and the container entry point
-ENTRYPOINT ["/usr/bin/tini", "--"]
+WORKDIR /opt/mastodon
+ENTRYPOINT ["/tini", "--"]
 EXPOSE 3000 4000

FEDERATION.md

@@ -1,31 +0,0 @@
-## ActivityPub federation in Mastodon
-
-Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all.
-
-Supported vocabulary: https://docs.joinmastodon.org/spec/activitypub/
-
-### Required extensions
-
-#### Webfinger
-
-In Mastodon, users are identified by a `username` and `domain` pair (e.g., `Gargron@mastodon.social`).
-This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings.
-
-As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an `acct:` URI that can be resolved via WebFinger.
-
-More information and examples are available at: https://docs.joinmastodon.org/spec/webfinger/
-
-#### HTTP Signatures
-
-In order to authenticate activities, Mastodon relies on HTTP Signatures, signing every `POST` and `GET` request to other ActivityPub implementations on behalf of the user authoring an activity (for `POST` requests) or an actor representing the Mastodon server itself (for most `GET` requests).
-
-Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server.
-
-More information on HTTP Signatures, as well as examples, can be found here: https://docs.joinmastodon.org/spec/security/#http
-
-### Optional extensions
-
-- Linked-Data Signatures: https://docs.joinmastodon.org/spec/security/#ld
-- Bearcaps: https://docs.joinmastodon.org/spec/bearcaps/
-- Followers collection synchronization: https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md
-- Search indexing consent for actors: https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md

Gemfile

@@ -1,207 +1,162 @@
 # frozen_string_literal: true
 
 source 'https://rubygems.org'
-ruby '>= 3.0.0'
+ruby '>= 2.5.0', '< 3.0.0'
 
-gem 'puma', '~> 6.3'
-gem 'rails', '~> 7.0'
+gem 'pkg-config', '~> 1.4'
+
+gem 'puma', '~> 4.3'
+gem 'rails', '~> 5.2.4.3'
 gem 'sprockets', '~> 3.7.2'
-gem 'thor', '~> 1.2'
-gem 'rack', '~> 2.2.7'
+gem 'thor', '~> 0.20'
+gem 'rack', '~> 2.2.3'
 
-gem 'haml-rails', '~>2.0'
-gem 'pg', '~> 1.5'
-gem 'pghero'
-gem 'dotenv-rails', '~> 2.8'
+gem 'thwait', '~> 0.2.0'
+gem 'e2mmap', '~> 0.1.0'
 
-gem 'aws-sdk-s3', '~> 1.123', require: false
-gem 'fog-core', '<= 2.4.0'
+gem 'hamlit-rails', '~> 0.2'
+gem 'pg', '~> 1.2'
+gem 'makara', '~> 0.4'
+gem 'pghero', '~> 2.7'
+gem 'dotenv-rails', '~> 2.7'
+
+gem 'aws-sdk-s3', '~> 1.78', require: false
+gem 'fog-core', '<= 2.1.0'
 gem 'fog-openstack', '~> 0.3', require: false
-gem 'kt-paperclip', '~> 7.2'
-gem 'md-paperclip-azure', '~> 2.2', require: false
+gem 'paperclip', '~> 6.0'
+gem 'paperclip-av-transcoder', '~> 0.6'
+gem 'streamio-ffmpeg', '~> 3.0'
 gem 'blurhash', '~> 0.1'
 
 gem 'active_model_serializers', '~> 0.10'
-gem 'addressable', '~> 2.8'
-gem 'bootsnap', '~> 1.16.0', require: false
+gem 'addressable', '~> 2.7'
+gem 'bootsnap', '~> 1.4', require: false
 gem 'browser'
 gem 'charlock_holmes', '~> 0.7.7'
-gem 'chewy', '~> 7.3'
-gem 'devise', '~> 4.9'
-gem 'devise-two-factor', '~> 4.1'
+gem 'iso-639'
+gem 'chewy', '~> 5.1'
+gem 'cld3', '~> 3.3.0'
+gem 'devise', '~> 4.7'
+gem 'devise-two-factor', '~> 3.1'
 
 group :pam_authentication, optional: true do
   gem 'devise_pam_authenticatable2', '~> 9.2'
 end
 
-gem 'net-ldap', '~> 0.18'
-
-# TODO: Point back at released omniauth-cas gem when PR merged
-# https://github.com/dlindahl/omniauth-cas/pull/68
-gem 'omniauth-cas', github: 'stanhu/omniauth-cas', ref: '4211e6d05941b4a981f9a36b49ec166cecd0e271'
-gem 'omniauth-saml', '~> 2.0'
-gem 'omniauth_openid_connect', '~> 0.6.1'
-gem 'omniauth', '~> 2.0'
-gem 'omniauth-rails_csrf_protection', '~> 1.0'
+gem 'net-ldap', '~> 0.16'
+gem 'omniauth-cas', '~> 1.1'
+gem 'omniauth-saml', '~> 1.10'
+gem 'omniauth', '~> 1.9'
 
 gem 'color_diff', '~> 0.1'
 gem 'discard', '~> 1.2'
-gem 'doorkeeper', '~> 5.6'
-gem 'ed25519', '~> 1.3'
+gem 'doorkeeper', '~> 5.4'
+gem 'ed25519', '~> 1.2'
 gem 'fast_blank', '~> 1.0'
 gem 'fastimage'
+gem 'goldfinger', '~> 2.1'
 gem 'hiredis', '~> 0.6'
-gem 'redis-namespace', '~> 1.10'
+gem 'redis-namespace', '~> 1.8'
+gem 'health_check', git: 'https://github.com/ianheggie/health_check', ref: '0b799ead604f900ed50685e9b2d469cd2befba5b'
 gem 'htmlentities', '~> 4.3'
-gem 'http', '~> 5.1'
+gem 'http', '~> 4.4'
 gem 'http_accept_language', '~> 2.1'
-gem 'httplog', '~> 1.6.2'
+gem 'httplog', '~> 1.4.3'
 gem 'idn-ruby', require: 'idn'
 gem 'kaminari', '~> 1.2'
 gem 'link_header', '~> 0.0'
-gem 'mime-types', '~> 3.5.0', require: 'mime/types/columnar'
-gem 'nokogiri', '~> 1.15'
-gem 'nsa'
-gem 'oj', '~> 3.14'
-gem 'ox', '~> 2.14'
+gem 'mime-types', '~> 3.3.1', require: 'mime/types/columnar'
+gem 'nilsimsa', git: 'https://github.com/witgo/nilsimsa', ref: 'fd184883048b922b176939f851338d0a4971a532'
+gem 'nokogiri', '~> 1.10'
+gem 'nsa', '~> 0.2'
+gem 'oj', '~> 3.10'
+gem 'ox', '~> 2.13'
 gem 'parslet'
-gem 'public_suffix', '~> 5.0'
-gem 'pundit', '~> 2.3'
+gem 'parallel', '~> 1.19'
+gem 'posix-spawn'
+gem 'pundit', '~> 2.1'
 gem 'premailer-rails'
-gem 'rack-attack', '~> 6.6'
-gem 'rack-cors', '~> 2.0', require: 'rack/cors'
-gem 'rails-i18n', '~> 7.0'
-gem 'rails-settings-cached', '~> 0.6', git: 'https://github.com/mastodon/rails-settings-cached.git', branch: 'v0.6.6-aliases-true'
-gem 'redcarpet', '~> 3.6'
-gem 'redis', '~> 4.5', require: ['redis', 'redis/connection/hiredis']
+gem 'rack-attack', '~> 6.3'
+gem 'rack-cors', '~> 1.1', require: 'rack/cors'
+gem 'rails-i18n', '~> 5.1'
+gem 'rails-settings-cached', '~> 0.6'
+gem 'redis', '~> 4.2', require: ['redis', 'redis/connection/hiredis']
 gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
-gem 'rqrcode', '~> 2.2'
-gem 'ruby-progressbar', '~> 1.13'
-gem 'sanitize', '~> 6.0'
-gem 'scenic', '~> 1.7'
-gem 'sidekiq', '~> 6.5'
-gem 'sidekiq-scheduler', '~> 5.0'
-gem 'sidekiq-unique-jobs', '~> 7.1'
-gem 'sidekiq-bulk', '~> 0.2.0'
-gem 'simple-navigation', '~> 4.4'
-gem 'simple_form', '~> 5.2'
-gem 'sprockets-rails', '~> 3.4', require: 'sprockets/railtie'
-gem 'stoplight', '~> 3.0.1'
-gem 'strong_migrations', '~> 0.8'
-gem 'tty-prompt', '~> 0.23', require: false
-gem 'twitter-text', '~> 3.1.0'
-gem 'tzinfo-data', '~> 1.2023'
-gem 'webpacker', '~> 5.4'
-gem 'webpush', github: 'ClearlyClaire/webpush', ref: 'f14a4d52e201128b1b00245d11b6de80d6cfdcd9'
-gem 'webauthn', '~> 3.0'
+gem 'rqrcode', '~> 1.1'
+gem 'ruby-progressbar', '~> 1.10'
+gem 'sanitize', '~> 5.2'
+gem 'sidekiq', '~> 6.1'
+gem 'sidekiq-scheduler', '~> 3.0'
+gem 'sidekiq-unique-jobs', '~> 6.0'
+gem 'sidekiq-bulk', '~>0.2.0'
+gem 'simple-navigation', '~> 4.1'
+gem 'simple_form', '~> 5.0'
+gem 'sprockets-rails', '~> 3.2', require: 'sprockets/railtie'
+gem 'stoplight', '~> 2.2.1'
+gem 'strong_migrations', '~> 0.7'
+gem 'tty-prompt', '~> 0.22', require: false
+gem 'twitter-text', '~> 1.14'
+gem 'tzinfo-data', '~> 1.2020'
+gem 'webpacker', '~> 5.2'
+gem 'webpush'
+gem 'webauthn', '~> 3.0.0.alpha1'
 
 gem 'json-ld'
-gem 'json-ld-preloaded', '~> 3.2'
-gem 'rdf-normalize', '~> 0.5'
+gem 'json-ld-preloaded', '~> 3.1'
+gem 'rdf-normalize', '~> 0.4'
 
-gem 'private_address_check', '~> 0.5'
+group :development, :test do
+  gem 'fabrication', '~> 2.21'
+  gem 'fuubar', '~> 2.5'
+  gem 'i18n-tasks', '~> 0.9', require: false
+  gem 'pry-byebug', '~> 3.9'
+  gem 'pry-rails', '~> 0.3'
+  gem 'rspec-rails', '~> 4.0'
+end
+
+group :production, :test do
+  gem 'private_address_check', '~> 0.5'
+end
 
 group :test do
-  # Used to split testing into chunks in CI
-  gem 'rspec_chunked', '~> 0.6'
-
-  # RSpec progress bar formatter
-  gem 'fuubar', '~> 2.5'
-
-  # Extra RSpec extenion methods and helpers for sidekiq
-  gem 'rspec-sidekiq', '~> 4.0'
-
-  # Browser integration testing
-  gem 'capybara', '~> 3.39'
-  gem 'selenium-webdriver'
-
-  # Used to reset the database between system tests
-  gem 'database_cleaner-active_record'
-
-  # Used to mock environment variables
+  gem 'capybara', '~> 3.33'
   gem 'climate_control', '~> 0.2'
-
-  # Generating fake data for specs
-  gem 'faker', '~> 3.2'
-
-  # Generate test objects for specs
-  gem 'fabrication', '~> 2.30'
-
-  # Add back helpers functions removed in Rails 5.1
+  gem 'faker', '~> 2.13'
+  gem 'microformats', '~> 4.2'
   gem 'rails-controller-testing', '~> 1.0'
-
-  # Validate schemas in specs
-  gem 'json-schema', '~> 4.0'
-
-  # Test harness fo rack components
-  gem 'rack-test', '~> 2.1'
-
-  # Coverage formatter for RSpec test if DISABLE_SIMPLECOV is false
-  gem 'simplecov', '~> 0.22', require: false
-
-  # Stub web requests for specs
-  gem 'webmock', '~> 3.18'
+  gem 'rspec-sidekiq', '~> 3.1'
+  gem 'simplecov', '~> 0.19', require: false
+  gem 'webmock', '~> 3.8'
+  gem 'parallel_tests', '~> 3.1'
+  gem 'rspec_junit_formatter', '~> 0.4'
 end
 
 group :development do
-  # Code linting CLI and plugins
-  gem 'rubocop', require: false
-  gem 'rubocop-capybara', require: false
-  gem 'rubocop-performance', require: false
-  gem 'rubocop-rails', require: false
-  gem 'rubocop-rspec', require: false
+  gem 'active_record_query_trace', '~> 1.7'
+  gem 'annotate', '~> 3.1'
+  gem 'better_errors', '~> 2.7'
+  gem 'binding_of_caller', '~> 0.7'
+  gem 'bullet', '~> 6.1'
+  gem 'letter_opener', '~> 1.7'
+  gem 'letter_opener_web', '~> 1.4'
+  gem 'memory_profiler'
+  gem 'rubocop', '~> 0.86', require: false
+  gem 'rubocop-rails', '~> 2.6', require: false
+  gem 'brakeman', '~> 4.9', require: false
+  gem 'bundler-audit', '~> 0.7', require: false
 
-  # Annotates modules with schema
-  gem 'annotate', '~> 3.2'
-
-  # Enhanced error message pages for development
-  gem 'better_errors', '~> 2.9'
-  gem 'binding_of_caller', '~> 1.0'
-
-  # Preview mail in the browser
-  gem 'letter_opener', '~> 1.8'
-  gem 'letter_opener_web', '~> 2.0'
-
-  # Security analysis CLI tools
-  gem 'brakeman', '~> 6.0', require: false
-  gem 'bundler-audit', '~> 0.9', require: false
-
-  # Linter CLI for HAML files
-  gem 'haml_lint', require: false
-
-  # Deployment automation
-  gem 'capistrano', '~> 3.17'
+  gem 'capistrano', '~> 3.14'
   gem 'capistrano-rails', '~> 1.6'
   gem 'capistrano-rbenv', '~> 2.2'
   gem 'capistrano-yarn', '~> 2.0'
 
-  # Validate missing i18n keys
-  gem 'i18n-tasks', '~> 1.0', require: false
-end
-
-group :development, :test do
-  # Profiling tools
-  gem 'memory_profiler', require: false
-  gem 'ruby-prof', require: false
-  gem 'stackprof', require: false
-  gem 'test-prof'
-
-  # RSpec runner for rails
-  gem 'rspec-rails', '~> 6.0'
+  gem 'stackprof'
 end
 
 group :production do
-  gem 'lograge', '~> 0.12'
+  gem 'lograge', '~> 0.11'
+  gem 'redis-rails', '~> 5.0'
 end
 
 gem 'concurrent-ruby', require: false
 gem 'connection_pool', require: false
-gem 'xorcist', '~> 1.1'
-gem 'cocoon', '~> 1.2'
-
-gem 'net-http', '~> 0.3.2'
-gem 'rubyzip', '~> 2.3'
-
-gem 'hcaptcha', '~> 7.1'
-
-gem 'mail', '~> 2.8'

Procfile.dev

@@ -1,4 +1,4 @@
-web: env PORT=3000 RAILS_ENV=development bundle exec puma -C config/puma.rb
-sidekiq: env PORT=3000 RAILS_ENV=development bundle exec sidekiq
+web: env PORT=3000 bundle exec puma -C config/puma.rb
+sidekiq: env PORT=3000 bundle exec sidekiq
 stream: env PORT=4000 yarn run start
-webpack: bin/webpack-dev-server
+webpack: ./bin/webpack-dev-server --listen-host 0.0.0.0

README.md

@@ -1,23 +1,95 @@
-# Mastodon - Paravielfalt Edition
+![Mastodon](https://i.imgur.com/NhZc40l.png)
+========
 
-Dieses Repository enthält den Quellcode für [paravielfalt.zone](https://paravielfalt.zone).
+[![GitHub release](https://img.shields.io/github/release/tootsuite/mastodon.svg)][releases]
+[![Build Status](https://img.shields.io/circleci/project/github/tootsuite/mastodon.svg)][circleci]
+[![Code Climate](https://img.shields.io/codeclimate/maintainability/tootsuite/mastodon.svg)][code_climate]
+[![Crowdin](https://d322cqt584bo4o.cloudfront.net/mastodon/localized.svg)][crowdin]
+[![Docker Pulls](https://img.shields.io/docker/pulls/tootsuite/mastodon.svg)][docker]
 
-Die Instanz basiert auf Mastodon und ist vom offiziellen Quellcode-Repository geforkt: <https://github.com/mastodon/mastodon>.
+[releases]: https://github.com/tootsuite/mastodon/releases
+[circleci]: https://circleci.com/gh/tootsuite/mastodon
+[code_climate]: https://codeclimate.com/github/tootsuite/mastodon
+[crowdin]: https://crowdin.com/project/mastodon
+[docker]: https://hub.docker.com/r/tootsuite/mastodon/
 
-## Änderungsübersicht
+Mastodon is a **free, open-source social network server** based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, video. All Mastodon servers are interoperable as a federated network (users on one server can seamlessly communicate with users from another one, including non-Mastodon software that implements ActivityPub)!
 
-Gegenüber der Mastodon-Standardinstallation gibt es folgende Änderungen.
+Click below to **learn more** in a video:
 
-- Zeichenlimit von 500 auf 1500 Zeichen erhöht
+[![Screenshot](https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/ezgif-2-60f1b00403.gif)][youtube_demo]
 
-[Vollständige Liste aller Änderungen](https://git.wir-sind-auch-menschen.de/paravielfalt/mastodon/compare/stable-4.1...paravielfalt-4.1).
+[youtube_demo]: https://www.youtube.com/watch?v=IPSbNdBmWKE
 
-## Neue Version bauen
+## Navigation
 
-```sh
-git tag v4.2.0-pvz$(date '+%y%m%d%H%M')
-```
+- [Project homepage 🐘](https://joinmastodon.org)
+- [Support the development via Patreon][patreon]
+- [View sponsors](https://joinmastodon.org/sponsors)
+- [Blog](https://blog.joinmastodon.org)
+- [Documentation](https://docs.joinmastodon.org)
+- [Browse Mastodon servers](https://joinmastodon.org/#getting-started)
+- [Browse Mastodon apps](https://joinmastodon.org/apps)
 
-```sh
-git push --tag
-```
+[patreon]: https://www.patreon.com/mastodon
+
+## Features
+
+<img src="https://docs.joinmastodon.org/elephant.svg" align="right" width="30%" />
+
+**No vendor lock-in: Fully interoperable with any conforming platform**
+
+It doesn't have to be Mastodon, whatever implements ActivityPub is part of the social network! [Learn more](https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/)
+
+**Real-time, chronological timeline updates**
+
+See the updates of people you're following appear in real-time in the UI via WebSockets. There's a firehose view as well!
+
+**Media attachments like images and short videos**
+
+Upload and view images and WebM/MP4 videos attached to the updates. Videos with no audio track are treated like GIFs; normal videos are looped - like vines!
+
+**Safety and moderation tools**
+
+Private posts, locked accounts, phrase filtering, muting, blocking and all sorts of other features, along with a reporting and moderation system. [Learn more](https://blog.joinmastodon.org/2018/07/cage-the-mastodon/)
+
+**OAuth2 and a straightforward REST API**
+
+Mastodon acts as an OAuth2 provider so 3rd party apps can use the REST and Streaming APIs, resulting in a rich app ecosystem with a lot of choices!
+
+## Deployment
+
+**Tech stack:**
+
+- **Ruby on Rails** powers the REST API and other web pages
+- **React.js** and Redux are used for the dynamic parts of the interface
+- **Node.js** powers the streaming API
+
+**Requirements:**
+
+- **PostgreSQL** 9.5+
+- **Redis** 4+
+- **Ruby** 2.5+
+- **Node.js** 10.13+
+
+The repository includes deployment configurations for **Docker and docker-compose**, but also a few specific platforms like **Heroku**, **Scalingo**, and **Nanobox**. The [**stand-alone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the documentation.
+
+A **Vagrant** configuration is included for development purposes.
+
+## Contributing
+
+Mastodon is **free, open-source software** licensed under **AGPLv3**.
+
+You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository, or submit translations using Crowdin. To get started, take a look at [CONTRIBUTING.md](CONTRIBUTING.md). If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
+
+**IRC channel**: #mastodon on irc.freenode.net
+
+## License
+
+Copyright (C) 2016-2020 Eugen Rochko & other Mastodon contributors (see [AUTHORS.md](AUTHORS.md))
+
+This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

Rakefile

@@ -1,8 +1,6 @@
-# frozen_string_literal: true
-
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
-require File.expand_path('config/application', __dir__)
+require File.expand_path('../config/application', __FILE__)
 
 Rails.application.load_tasks

SECURITY.md

@@ -1,20 +1,12 @@
 # Security Policy
 
-If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can either:
-
-- open a [Github security issue on the Mastodon project](https://github.com/mastodon/mastodon/security/advisories/new)
-- reach us at <security@joinmastodon.org>
-
-You should _not_ report such issues on public GitHub issues or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
-
-## Scope
-
-A "vulnerability in Mastodon" is a vulnerability in the code distributed through our main source code repository on GitHub. Vulnerabilities that are specific to a given installation (e.g. misconfiguration) should be reported to the owner of that installation and not us.
-
 ## Supported Versions
 
-| Version | Supported |
-| ------- | --------- |
-| 4.2.x   | Yes       |
-| 4.1.x   | Yes       |
-| < 4.1   | No        |
+| Version | Supported          |
+| ------- | ------------------ |
+| 3.1.x   | :white_check_mark: |
+| < 3.1   | :x:                |
+
+## Reporting a Vulnerability
+
+hello@joinmastodon.org

Vagrantfile

@@ -3,14 +3,16 @@
 
 ENV["PORT"] ||= "3000"
 
-$provisionA = <<SCRIPT
+$provision = <<SCRIPT
+
+cd /vagrant # This is where the host folder/repo is mounted
 
 # Add the yarn repo + yarn repo keys
 curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
 sudo apt-add-repository 'deb https://dl.yarnpkg.com/debian/ stable main'
 
 # Add repo for NodeJS
-curl -sL https://deb.nodesource.com/setup_16.x | sudo bash -
+curl -sL https://deb.nodesource.com/setup_10.x | sudo bash -
 
 # Add firewall rule to redirect 80 to PORT and save
 sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port #{ENV["PORT"]}
@@ -31,111 +33,72 @@ sudo apt-get install \
   redis-tools \
   postgresql \
   postgresql-contrib \
+  protobuf-compiler \
+  yarn \
   libicu-dev \
   libidn11-dev \
-  libreadline6-dev \
-  autoconf \
-  bison \
-  build-essential \
-  ffmpeg \
-  file \
-  gcc \
-  libffi-dev \
-  libgdbm-dev \
-  libjemalloc-dev \
-  libncurses5-dev \
   libprotobuf-dev \
-  libssl-dev \
-  libyaml-dev \
-  pkg-config \
-  protobuf-compiler \
-  zlib1g-dev \
+  libreadline-dev \
+  libpam0g-dev \
   -y
 
 # Install rvm
-sudo apt-add-repository -y ppa:rael-gc/rvm
-sudo apt-get install rvm -y
+read RUBY_VERSION < .ruby-version
 
-sudo usermod -a -G rvm $USER
+gpg_command="gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB"
+$($gpg_command)
+if [ $? -ne 0 ];then
+  echo "GPG command failed, This prevented RVM from installing."
+  echo "Retrying once..." && $($gpg_command)
+  if [ $? -ne 0 ];then
+    echo "GPG failed for the second time, please ensure network connectivity."
+    echo "Exiting..." && exit 1
+  fi
+fi
 
-SCRIPT
-
-$provisionElasticsearch = <<SCRIPT
-# Install Elastic Search
-sudo apt install openjdk-17-jre-headless -y
-sudo wget -O /usr/share/keyrings/elasticsearch.asc https://artifacts.elastic.co/GPG-KEY-elasticsearch
-sudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/elasticsearch.asc] https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'
-sudo apt update
-sudo apt install elasticsearch -y
-
-sudo systemctl daemon-reload
-sudo systemctl enable --now elasticsearch
-
-echo 'path.data: /var/lib/elasticsearch
-path.logs: /var/log/elasticsearch
-network.host: 0.0.0.0
-http.port: 9200
-discovery.seed_hosts: ["localhost"]
-cluster.initial_master_nodes: ["node-1"]
-xpack.security.enabled: false' > /etc/elasticsearch/elasticsearch.yml
-
-sudo systemctl restart elasticsearch
-
-# Install Kibana
-sudo apt install kibana -y
-sudo systemctl enable --now kibana
-
-echo 'server.host: "0.0.0.0"
-elasticsearch.hosts: ["http://localhost:9200"]' > /etc/kibana/kibana.yml
-
-sudo systemctl restart kibana
-
-SCRIPT
-
-$provisionB = <<SCRIPT
-
-source "/etc/profile.d/rvm.sh"
+curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer | bash -s stable --ruby=$RUBY_VERSION
+source /home/vagrant/.rvm/scripts/rvm
 
 # Install Ruby
-read RUBY_VERSION < /vagrant/.ruby-version
-rvm install ruby-$RUBY_VERSION --disable-binary
+rvm reinstall ruby-$RUBY_VERSION --disable-binary
 
 # Configure database
 sudo -u postgres createuser -U postgres vagrant -s
 sudo -u postgres createdb -U postgres mastodon_development
 
-cd /vagrant # This is where the host folder/repo is mounted
-
-# Install gems
+# Install gems and node modules
 gem install bundler foreman
 bundle install
-
-# Install node modules
-sudo corepack enable
-yarn set version classic
 yarn install
 
 # Build Mastodon
-export RAILS_ENV=development 
 export $(cat ".env.vagrant" | xargs)
 bundle exec rails db:setup
 
 # Configure automatic loading of environment variable
-echo 'export RAILS_ENV=development' >> ~/.bash_profile
 echo 'export $(cat "/vagrant/.env.vagrant" | xargs)' >> ~/.bash_profile
 
 SCRIPT
 
+$start = <<SCRIPT
+
+echo 'To start server'
+echo '  $ vagrant ssh -c "cd /vagrant && foreman start"'
+
+SCRIPT
+
 VAGRANTFILE_API_VERSION = "2"
 
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 
-  config.vm.box = "ubuntu/focal64"
+  config.vm.box = "ubuntu/bionic64"
 
   config.vm.provider :virtualbox do |vb|
     vb.name = "mastodon"
-    vb.customize ["modifyvm", :id, "--memory", "8192"]
-    vb.customize ["modifyvm", :id, "--cpus", "3"]
+    vb.customize ["modifyvm", :id, "--memory", "2048"]
+    # Increase the number of CPUs. Uncomment and adjust to
+    # increase performance
+    # vb.customize ["modifyvm", :id, "--cpus", "3"]
 
     # Disable VirtualBox DNS proxy to skip long-delay IPv6 resolutions.
     # https://github.com/mitchellh/vagrant/issues/1172
@@ -145,6 +108,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
     # Use "virtio" network interfaces for better performance.
     vb.customize ["modifyvm", :id, "--nictype1", "virtio"]
     vb.customize ["modifyvm", :id, "--nictype2", "virtio"]
+
   end
 
   # This uses the vagrant-hostsupdater plugin, and lets you
@@ -162,7 +126,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   end
 
   if config.vm.networks.any? { |type, options| type == :private_network }
-    config.vm.synced_folder ".", "/vagrant", type: "nfs", mount_options: ['rw', 'actimeo=1']
+    config.vm.synced_folder ".", "/vagrant", type: "nfs", mount_options: ['rw', 'vers=3', 'tcp', 'actimeo=1']
   else
     config.vm.synced_folder ".", "/vagrant"
   end
@@ -171,20 +135,11 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   config.vm.network :forwarded_port, guest: 3000, host: 3000
   config.vm.network :forwarded_port, guest: 4000, host: 4000
   config.vm.network :forwarded_port, guest: 8080, host: 8080
-  config.vm.network :forwarded_port, guest: 9200, host: 9200
-  config.vm.network :forwarded_port, guest: 9300, host: 9300
-  config.vm.network :forwarded_port, guest: 9243, host: 9243
-  config.vm.network :forwarded_port, guest: 5601, host: 5601
 
   # Full provisioning script, only runs on first 'vagrant up' or with 'vagrant provision'
-  config.vm.provision :shell, inline: $provisionA, privileged: false, reset: true
-  # Run with elevated privileges for Elasticsearch installation
-  config.vm.provision :shell, inline: $provisionElasticsearch, privileged: true
-  config.vm.provision :shell, inline: $provisionB, privileged: false
+  config.vm.provision :shell, inline: $provision, privileged: false
 
-  config.vm.post_up_message = <<MESSAGE
-To start server
-  $ vagrant ssh -c "cd /vagrant && foreman start"
-MESSAGE
+  # Start up script, runs on every 'vagrant up'
+  config.vm.provision :shell, inline: $start, run: 'always', privileged: false
 
 end

app.json

@@ -1,8 +1,8 @@
 {
   "name": "Mastodon",
   "description": "A GNU Social-compatible microblogging server",
-  "repository": "https://github.com/mastodon/mastodon",
-  "logo": "https://github.com/mastodon.png",
+  "repository": "https://github.com/tootsuite/mastodon",
+  "logo": "https://github.com/tootsuite.png",
   "env": {
     "HEROKU": {
       "description": "Leave this as true",
@@ -79,13 +79,8 @@
       "description": "SMTP server certificate verification mode. Defaults is 'peer'.",
       "required": false
     },
-    "SMTP_ENABLE_STARTTLS": {
-      "description": "Enable STARTTLS? Default is 'auto'.",
-      "value": "auto",
-      "required": false
-    },
     "SMTP_ENABLE_STARTTLS_AUTO": {
-      "description": "Enable STARTTLS if SMTP server supports it? Deprecated by SMTP_ENABLE_STARTTLS.",
+      "description": "Enable STARTTLS if SMTP server supports it? Default is true.",
       "required": false
     }
   },
@@ -100,5 +95,8 @@
   "scripts": {
     "postdeploy": "bundle exec rails db:migrate && bundle exec rails db:seed"
   },
-  "addons": ["heroku-postgresql", "heroku-redis"]
+  "addons": [
+    "heroku-postgresql",
+    "heroku-redis"
+  ]
 }

app/chewy/accounts_index.rb

@@ -1,42 +1,10 @@
 # frozen_string_literal: true
 
 class AccountsIndex < Chewy::Index
-  include DatetimeClampingConcern
-
-  settings index: index_preset(refresh_interval: '30s'), analysis: {
-    filter: {
-      english_stop: {
-        type: 'stop',
-        stopwords: '_english_',
-      },
-
-      english_stemmer: {
-        type: 'stemmer',
-        language: 'english',
-      },
-
-      english_possessive_stemmer: {
-        type: 'stemmer',
-        language: 'possessive_english',
-      },
-    },
-
+  settings index: { refresh_interval: '5m' }, analysis: {
     analyzer: {
-      natural: {
-        tokenizer: 'standard',
-        filter: %w(
-          lowercase
-          asciifolding
-          cjk_width
-          elision
-          english_possessive_stemmer
-          english_stop
-          english_stemmer
-        ),
-      },
-
-      verbatim: {
-        tokenizer: 'standard',
+      content: {
+        tokenizer: 'whitespace',
         filter: %w(lowercase asciifolding cjk_width),
       },
 
@@ -55,16 +23,21 @@ class AccountsIndex < Chewy::Index
     },
   }
 
-  index_scope ::Account.searchable.includes(:account_stat)
+  define_type ::Account.searchable.includes(:account_stat), delete_if: ->(account) { account.destroyed? || !account.searchable? } do
+    root date_detection: false do
+      field :id, type: 'long'
 
-  root date_detection: false do
-    field(:id, type: 'long')
-    field(:following_count, type: 'long')
-    field(:followers_count, type: 'long')
-    field(:properties, type: 'keyword', value: ->(account) { account.searchable_properties })
-    field(:last_status_at, type: 'date', value: ->(account) { clamp_date(account.last_status_at || account.created_at) })
-    field(:display_name, type: 'text', analyzer: 'verbatim') { field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'verbatim' }
-    field(:username, type: 'text', analyzer: 'verbatim', value: ->(account) { [account.username, account.domain].compact.join('@') }) { field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'verbatim' }
-    field(:text, type: 'text', analyzer: 'verbatim', value: ->(account) { account.searchable_text }) { field :stemmed, type: 'text', analyzer: 'natural' }
+      field :display_name, type: 'text', analyzer: 'content' do
+        field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
+      end
+
+      field :acct, type: 'text', analyzer: 'content', value: ->(account) { [account.username, account.domain].compact.join('@') } do
+        field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
+      end
+
+      field :following_count, type: 'long', value: ->(account) { account.following.local.count }
+      field :followers_count, type: 'long', value: ->(account) { account.followers.local.count }
+      field :last_status_at, type: 'date', value: ->(account) { account.last_status_at || account.created_at }
+    end
   end
 end

app/chewy/concerns/datetime_clamping_concern.rb

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-module DatetimeClampingConcern
-  extend ActiveSupport::Concern
-
-  MIN_ISO8601_DATETIME = '0000-01-01T00:00:00Z'.to_datetime.freeze
-  MAX_ISO8601_DATETIME = '9999-12-31T23:59:59Z'.to_datetime.freeze
-
-  class_methods do
-    def clamp_date(datetime)
-      datetime.clamp(MIN_ISO8601_DATETIME, MAX_ISO8601_DATETIME)
-    end
-  end
-end

app/chewy/instances_index.rb

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-
-class InstancesIndex < Chewy::Index
-  settings index: index_preset(refresh_interval: '30s')
-
-  index_scope ::Instance.searchable
-
-  root date_detection: false do
-    field :domain, type: 'text', index_prefixes: { min_chars: 1, max_chars: 5 }
-    field :accounts_count, type: 'long'
-  end
-end

app/chewy/public_statuses_index.rb

@@ -1,69 +0,0 @@
-# frozen_string_literal: true
-
-class PublicStatusesIndex < Chewy::Index
-  include DatetimeClampingConcern
-
-  settings index: index_preset(refresh_interval: '30s', number_of_shards: 5), analysis: {
-    filter: {
-      english_stop: {
-        type: 'stop',
-        stopwords: '_english_',
-      },
-
-      english_stemmer: {
-        type: 'stemmer',
-        language: 'english',
-      },
-
-      english_possessive_stemmer: {
-        type: 'stemmer',
-        language: 'possessive_english',
-      },
-    },
-
-    analyzer: {
-      verbatim: {
-        tokenizer: 'uax_url_email',
-        filter: %w(lowercase),
-      },
-
-      content: {
-        tokenizer: 'standard',
-        filter: %w(
-          lowercase
-          asciifolding
-          cjk_width
-          elision
-          english_possessive_stemmer
-          english_stop
-          english_stemmer
-        ),
-      },
-
-      hashtag: {
-        tokenizer: 'keyword',
-        filter: %w(
-          word_delimiter_graph
-          lowercase
-          asciifolding
-          cjk_width
-        ),
-      },
-    },
-  }
-
-  index_scope ::Status.unscoped
-                      .kept
-                      .indexable
-                      .includes(:media_attachments, :preloadable_poll, :preview_cards, :tags)
-
-  root date_detection: false do
-    field(:id, type: 'long')
-    field(:account_id, type: 'long')
-    field(:text, type: 'text', analyzer: 'verbatim', value: ->(status) { status.searchable_text }) { field(:stemmed, type: 'text', analyzer: 'content') }
-    field(:tags, type: 'text', analyzer: 'hashtag', value: ->(status) { status.tags.map(&:display_name) })
-    field(:language, type: 'keyword')
-    field(:properties, type: 'keyword', value: ->(status) { status.searchable_properties })
-    field(:created_at, type: 'date', value: ->(status) { clamp_date(status.created_at) })
-  end
-end

app/chewy/statuses_index.rb

@@ -1,67 +1,66 @@
 # frozen_string_literal: true
 
 class StatusesIndex < Chewy::Index
-  include DatetimeClampingConcern
-
-  settings index: index_preset(refresh_interval: '30s', number_of_shards: 5), analysis: {
+  settings index: { refresh_interval: '15m' }, analysis: {
     filter: {
       english_stop: {
         type: 'stop',
         stopwords: '_english_',
       },
-
       english_stemmer: {
         type: 'stemmer',
         language: 'english',
       },
-
       english_possessive_stemmer: {
         type: 'stemmer',
         language: 'possessive_english',
       },
     },
-
     analyzer: {
-      verbatim: {
-        tokenizer: 'uax_url_email',
-        filter: %w(lowercase),
-      },
-
       content: {
-        tokenizer: 'standard',
+        tokenizer: 'uax_url_email',
         filter: %w(
+          english_possessive_stemmer
           lowercase
           asciifolding
           cjk_width
-          elision
-          english_possessive_stemmer
           english_stop
           english_stemmer
         ),
       },
-
-      hashtag: {
-        tokenizer: 'keyword',
-        filter: %w(
-          word_delimiter_graph
-          lowercase
-          asciifolding
-          cjk_width
-        ),
-      },
     },
   }
 
-  index_scope ::Status.unscoped.kept.without_reblogs.includes(:media_attachments, :preview_cards, :local_mentioned, :local_favorited, :local_reblogged, :local_bookmarked, :tags, preloadable_poll: :local_voters), delete_if: ->(status) { status.searchable_by.empty? }
+  define_type ::Status.unscoped.kept.without_reblogs.includes(:media_attachments, :preloadable_poll) do
+    crutch :mentions do |collection|
+      data = ::Mention.where(status_id: collection.map(&:id)).where(account: Account.local, silent: false).pluck(:status_id, :account_id)
+      data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
+    end
 
-  root date_detection: false do
-    field(:id, type: 'long')
-    field(:account_id, type: 'long')
-    field(:text, type: 'text', analyzer: 'verbatim', value: ->(status) { status.searchable_text }) { field(:stemmed, type: 'text', analyzer: 'content') }
-    field(:tags, type: 'text', analyzer: 'hashtag',  value: ->(status) { status.tags.map(&:display_name) })
-    field(:searchable_by, type: 'long', value: ->(status) { status.searchable_by })
-    field(:language, type: 'keyword')
-    field(:properties, type: 'keyword', value: ->(status) { status.searchable_properties })
-    field(:created_at, type: 'date', value: ->(status) { clamp_date(status.created_at) })
+    crutch :favourites do |collection|
+      data = ::Favourite.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
+      data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
+    end
+
+    crutch :reblogs do |collection|
+      data = ::Status.where(reblog_of_id: collection.map(&:id)).where(account: Account.local).pluck(:reblog_of_id, :account_id)
+      data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
+    end
+
+    crutch :bookmarks do |collection|
+      data = ::Bookmark.where(status_id: collection.map(&:id)).where(account: Account.local).pluck(:status_id, :account_id)
+      data.each.with_object({}) { |(id, name), result| (result[id] ||= []).push(name) }
+    end
+
+    root date_detection: false do
+      field :id, type: 'long'
+      field :account_id, type: 'long'
+
+      field :text, type: 'text', value: ->(status) { [status.spoiler_text, Formatter.instance.plaintext(status)].concat(status.media_attachments.map(&:description)).concat(status.preloadable_poll ? status.preloadable_poll.options : []).join("\n\n") } do
+        field :stemmed, type: 'text', analyzer: 'content'
+      end
+
+      field :searchable_by, type: 'long', value: ->(status, crutches) { status.searchable_by(crutches) }
+    end
   end
 end

app/chewy/tags_index.rb

@@ -1,27 +1,16 @@
 # frozen_string_literal: true
 
 class TagsIndex < Chewy::Index
-  include DatetimeClampingConcern
-
-  settings index: index_preset(refresh_interval: '30s'), analysis: {
+  settings index: { refresh_interval: '15m' }, analysis: {
     analyzer: {
       content: {
         tokenizer: 'keyword',
-        filter: %w(
-          word_delimiter_graph
-          lowercase
-          asciifolding
-          cjk_width
-        ),
+        filter: %w(lowercase asciifolding cjk_width),
       },
 
       edge_ngram: {
         tokenizer: 'edge_ngram',
-        filter: %w(
-          lowercase
-          asciifolding
-          cjk_width
-        ),
+        filter: %w(lowercase asciifolding cjk_width),
       },
     },
 
@@ -34,16 +23,15 @@ class TagsIndex < Chewy::Index
     },
   }
 
-  index_scope ::Tag.listable
+  define_type ::Tag.listable, delete_if: ->(tag) { tag.destroyed? || !tag.listable? } do
+    root date_detection: false do
+      field :name, type: 'text', analyzer: 'content' do
+        field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content'
+      end
 
-  crutch :time_period do
-    7.days.ago.to_date..0.days.ago.to_date
-  end
-
-  root date_detection: false do
-    field(:name, type: 'text', analyzer: 'content', value: :display_name) { field(:edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content') }
-    field(:reviewed, type: 'boolean', value: ->(tag) { tag.reviewed? })
-    field(:usage, type: 'long', value: ->(tag, crutches) { tag.history.aggregate(crutches.time_period).accounts })
-    field(:last_status_at, type: 'date', value: ->(tag) { clamp_date(tag.last_status_at || tag.created_at) })
+      field :reviewed, type: 'boolean', value: ->(tag) { tag.reviewed? }
+      field :usage, type: 'long', value: ->(tag) { tag.history.reduce(0) { |total, day| total + day[:accounts].to_i } }
+      field :last_status_at, type: 'date', value: ->(tag) { tag.last_status_at || tag.created_at }
+    end
   end
 end

app/controllers/about_controller.rb

@@ -1,19 +1,64 @@
 # frozen_string_literal: true
 
 class AboutController < ApplicationController
-  include WebAppControllerConcern
-
-  skip_before_action :require_functional!
+  layout 'public'
 
+  before_action :require_open_federation!, only: [:show, :more]
+  before_action :set_body_classes, only: :show
   before_action :set_instance_presenter
+  before_action :set_expires_in, only: [:show, :more, :terms]
 
-  def show
-    expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?
+  skip_before_action :require_functional!, only: [:more, :terms]
+
+  def show; end
+
+  def more
+    flash.now[:notice] = I18n.t('about.instance_actor_flash') if params[:instance_actor]
+
+    toc_generator = TOCGenerator.new(@instance_presenter.site_extended_description)
+
+    @contents          = toc_generator.html
+    @table_of_contents = toc_generator.toc
+    @blocks            = DomainBlock.with_user_facing_limitations.by_severity if display_blocks?
   end
 
+  def terms; end
+
+  helper_method :display_blocks?
+  helper_method :display_blocks_rationale?
+  helper_method :public_fetch_mode?
+  helper_method :new_user
+
   private
 
+  def require_open_federation!
+    not_found if whitelist_mode?
+  end
+
+  def display_blocks?
+    Setting.show_domain_blocks == 'all' || (Setting.show_domain_blocks == 'users' && user_signed_in?)
+  end
+
+  def display_blocks_rationale?
+    Setting.show_domain_blocks_rationale == 'all' || (Setting.show_domain_blocks_rationale == 'users' && user_signed_in?)
+  end
+
+  def new_user
+    User.new.tap do |user|
+      user.build_account
+      user.build_invite_request
+    end
+  end
+
   def set_instance_presenter
     @instance_presenter = InstancePresenter.new
   end
+
+  def set_body_classes
+    @hide_navbar = true
+  end
+
+  def set_expires_in
+    expires_in 0, public: true
+  end
 end

app/controllers/account_follow_controller.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class AccountFollowController < ApplicationController
+  include AccountControllerConcern
+
+  before_action :authenticate_user!
+
+  def create
+    FollowService.new.call(current_user.account, @account, with_rate_limit: true)
+    redirect_to account_path(@account)
+  end
+end

app/controllers/account_unfollow_controller.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class AccountUnfollowController < ApplicationController
+  include AccountControllerConcern
+
+  before_action :authenticate_user!
+
+  def create
+    UnfollowService.new.call(current_user.account, @account)
+    redirect_to account_path(@account)
+  end
+end

app/controllers/accounts_controller.rb

@@ -7,19 +7,34 @@ class AccountsController < ApplicationController
   include AccountControllerConcern
   include SignatureAuthentication
 
-  vary_by -> { public_fetch_mode? ? 'Accept, Accept-Language, Cookie' : 'Accept, Accept-Language, Cookie, Signature' }
-
-  before_action :require_account_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
+  before_action :set_cache_headers
+  before_action :set_body_classes
 
   skip_around_action :set_locale, if: -> { [:json, :rss].include?(request.format&.to_sym) }
-  skip_before_action :require_functional!, unless: :limited_federation_mode?
+  skip_before_action :require_functional!, unless: :whitelist_mode?
 
   def show
     respond_to do |format|
       format.html do
-        expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.hour) unless user_signed_in?
+        expires_in 0, public: true unless user_signed_in?
 
-        @rss_url = rss_url
+        @pinned_statuses   = []
+        @endorsed_accounts = @account.endorsed_accounts.to_a.sample(4)
+        @featured_hashtags = @account.featured_tags.order(statuses_count: :desc)
+
+        if current_account && @account.blocking?(current_account)
+          @statuses = []
+          return
+        end
+
+        @pinned_statuses = cache_collection(@account.pinned_statuses, Status) if show_pinned_statuses?
+        @statuses        = cached_filtered_status_page
+        @rss_url         = rss_url
+
+        unless @statuses.empty?
+          @older_url = older_url if @statuses.last.id > filtered_statuses.last.id
+          @newer_url = newer_url if @statuses.first.id < filtered_statuses.first.id
+        end
       end
 
       format.rss do
@@ -28,17 +43,26 @@ class AccountsController < ApplicationController
         limit     = params[:limit].present? ? [params[:limit].to_i, PAGE_SIZE_MAX].min : PAGE_SIZE
         @statuses = filtered_statuses.without_reblogs.limit(limit)
         @statuses = cache_collection(@statuses, Status)
+        render xml: RSS::AccountSerializer.render(@account, @statuses, params[:tag])
       end
 
       format.json do
         expires_in 3.minutes, public: !(authorized_fetch_mode? && signed_request_account.present?)
-        render_with_cache json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter
+        render_with_cache json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter, fields: restrict_fields_to
       end
     end
   end
 
   private
 
+  def set_body_classes
+    @body_classes = 'with-modals'
+  end
+
+  def show_pinned_statuses?
+    [replies_requested?, media_requested?, tag_requested?, params[:max_id].present?, params[:min_id].present?].none?
+  end
+
   def filtered_statuses
     default_statuses.tap do |statuses|
       statuses.merge!(hashtag_scope)    if tag_requested?
@@ -52,7 +76,11 @@ class AccountsController < ApplicationController
   end
 
   def only_media_scope
-    Status.joins(:media_attachments).merge(@account.media_attachments.reorder(nil)).group(:id)
+    Status.where(id: account_media_status_ids)
+  end
+
+  def account_media_status_ids
+    @account.media_attachments.attached.reorder(nil).select(:status_id).distinct
   end
 
   def no_replies_scope
@@ -73,10 +101,6 @@ class AccountsController < ApplicationController
     params[:username]
   end
 
-  def skip_temporary_suspension_response?
-    request.format == :json
-  end
-
   def rss_url
     if tag_requested?
       short_account_tag_url(@account, params[:tag], format: 'rss')
@@ -85,16 +109,36 @@ class AccountsController < ApplicationController
     end
   end
 
+  def older_url
+    pagination_url(max_id: @statuses.last.id)
+  end
+
+  def newer_url
+    pagination_url(min_id: @statuses.first.id)
+  end
+
+  def pagination_url(max_id: nil, min_id: nil)
+    if tag_requested?
+      short_account_tag_url(@account, params[:tag], max_id: max_id, min_id: min_id)
+    elsif media_requested?
+      short_account_media_url(@account, max_id: max_id, min_id: min_id)
+    elsif replies_requested?
+      short_account_with_replies_url(@account, max_id: max_id, min_id: min_id)
+    else
+      short_account_url(@account, max_id: max_id, min_id: min_id)
+    end
+  end
+
   def media_requested?
-    request.path.split('.').first.end_with?('/media') && !tag_requested?
+    request.path.split('.').first.ends_with?('/media') && !tag_requested?
   end
 
   def replies_requested?
-    request.path.split('.').first.end_with?('/with_replies') && !tag_requested?
+    request.path.split('.').first.ends_with?('/with_replies') && !tag_requested?
   end
 
   def tag_requested?
-    request.path.split('.').first.end_with?(Addressable::URI.parse("/tagged/#{params[:tag]}").normalize)
+    request.path.split('.').first.ends_with?(Addressable::URI.parse("/tagged/#{params[:tag]}").normalize)
   end
 
   def cached_filtered_status_page
@@ -109,4 +153,12 @@ class AccountsController < ApplicationController
   def params_slice(*keys)
     params.slice(*keys).permit(*keys)
   end
+
+  def restrict_fields_to
+    if signed_request_account.present? || public_fetch_mode?
+      # Return all fields
+    else
+      %i(id type preferred_username inbox public_key endpoints)
+    end
+  end
 end

app/controllers/activitypub/base_controller.rb

@@ -2,12 +2,10 @@
 
 class ActivityPub::BaseController < Api::BaseController
   skip_before_action :require_authenticated_user!
-  skip_before_action :require_not_suspended!
-  skip_around_action :set_locale
 
   private
 
-  def skip_temporary_suspension_response?
-    false
+  def set_cache_headers
+    response.headers['Vary'] = 'Signature' if authorized_fetch_mode?
   end
 end

app/controllers/activitypub/claims_controller.rb

@@ -6,7 +6,7 @@ class ActivityPub::ClaimsController < ActivityPub::BaseController
 
   skip_before_action :authenticate_user!
 
-  before_action :require_account_signature!
+  before_action :require_signature!
   before_action :set_claim_result
 
   def create

app/controllers/activitypub/collections_controller.rb

@@ -4,16 +4,15 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
   include SignatureVerification
   include AccountOwnedConcern
 
-  vary_by -> { 'Signature' if authorized_fetch_mode? }
-
-  before_action :require_account_signature!, if: :authorized_fetch_mode?
+  before_action :require_signature!, if: :authorized_fetch_mode?
   before_action :set_items
   before_action :set_size
   before_action :set_type
+  before_action :set_cache_headers
 
   def show
     expires_in 3.minutes, public: public_fetch_mode?
-    render_with_cache json: collection_presenter, content_type: 'application/activity+json', serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter
+    render_with_cache json: collection_presenter, content_type: 'application/activity+json', serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, skip_activities: true
   end
 
   private
@@ -21,10 +20,17 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
   def set_items
     case params[:id]
     when 'featured'
-      @items = for_signed_account { cache_collection(@account.pinned_statuses, Status) }
-      @items = @items.map { |item| item.distributable? ? item : ActivityPub::TagManager.instance.uri_for(item) }
-    when 'tags'
-      @items = for_signed_account { @account.featured_tags }
+      @items = begin
+        # Because in public fetch mode we cache the response, there would be no
+        # benefit from performing the check below, since a blocked account or domain
+        # would likely be served the cache from the reverse proxy anyway
+
+        if authorized_fetch_mode? && !signed_request_account.nil? && (@account.blocking?(signed_request_account) || (!signed_request_account.domain.nil? && @account.domain_blocking?(signed_request_account.domain)))
+          []
+        else
+          cache_collection(@account.pinned_statuses, Status)
+        end
+      end
     when 'devices'
       @items = @account.devices
     else
@@ -34,7 +40,7 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
 
   def set_size
     case params[:id]
-    when 'featured', 'devices', 'tags'
+    when 'featured', 'devices'
       @size = @items.size
     else
       not_found
@@ -45,7 +51,7 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
     case params[:id]
     when 'featured'
       @type = :ordered
-    when 'devices', 'tags'
+    when 'devices'
       @type = :unordered
     else
       not_found
@@ -60,16 +66,4 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
       items: @items
     )
   end
-
-  def for_signed_account
-    # Because in public fetch mode we cache the response, there would be no
-    # benefit from performing the check below, since a blocked account or domain
-    # would likely be served the cache from the reverse proxy anyway
-
-    if authorized_fetch_mode? && !signed_request_account.nil? && (@account.blocking?(signed_request_account) || (!signed_request_account.domain.nil? && @account.domain_blocking?(signed_request_account.domain)))
-      []
-    else
-      yield
-    end
-  end
 end

app/controllers/activitypub/followers_synchronizations_controller.rb

@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-
-class ActivityPub::FollowersSynchronizationsController < ActivityPub::BaseController
-  include SignatureVerification
-  include AccountOwnedConcern
-
-  vary_by -> { 'Signature' if authorized_fetch_mode? }
-
-  before_action :require_account_signature!
-  before_action :set_items
-
-  def show
-    expires_in 0, public: false
-    render json: collection_presenter,
-           serializer: ActivityPub::CollectionSerializer,
-           adapter: ActivityPub::Adapter,
-           content_type: 'application/activity+json'
-  end
-
-  private
-
-  def uri_prefix
-    signed_request_account.uri[Account::URL_PREFIX_RE]
-  end
-
-  def set_items
-    @items = @account.followers.where(Account.arel_table[:uri].matches("#{Account.sanitize_sql_like(uri_prefix)}/%", false, true)).or(@account.followers.where(uri: uri_prefix)).pluck(:uri)
-  end
-
-  def collection_presenter
-    ActivityPub::CollectionPresenter.new(
-      id: account_followers_synchronization_url(@account),
-      type: :ordered,
-      items: @items
-    )
-  end
-end

app/controllers/activitypub/inboxes_controller.rb

@@ -5,26 +5,25 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
   include JsonLdHelper
   include AccountOwnedConcern
 
-  before_action :skip_unknown_actor_activity
-  before_action :require_actor_signature!
+  before_action :skip_unknown_actor_delete
+  before_action :require_signature!
   skip_before_action :authenticate_user!
 
   def create
     upgrade_account
-    process_collection_synchronization
     process_payload
     head 202
   end
 
   private
 
-  def skip_unknown_actor_activity
-    head 202 if unknown_affected_account?
+  def skip_unknown_actor_delete
+    head 202 if unknown_deleted_account?
   end
 
-  def unknown_affected_account?
+  def unknown_deleted_account?
     json = Oj.load(body, mode: :strict)
-    json.is_a?(Hash) && %w(Delete Update).include?(json['type']) && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
+    json.is_a?(Hash) && json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
   rescue Oj::ParseError
     false
   end
@@ -33,10 +32,6 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
     params[:account_username].present?
   end
 
-  def skip_temporary_suspension_response?
-    true
-  end
-
   def body
     return @body if defined?(@body)
 
@@ -49,28 +44,15 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
   end
 
   def upgrade_account
-    if signed_request_account&.ostatus?
+    if signed_request_account.ostatus?
       signed_request_account.update(last_webfingered_at: nil)
       ResolveAccountWorker.perform_async(signed_request_account.acct)
     end
 
-    DeliveryFailureTracker.reset!(signed_request_actor.inbox_url)
-  end
-
-  def process_collection_synchronization
-    raw_params = request.headers['Collection-Synchronization']
-    return if raw_params.blank? || ENV['DISABLE_FOLLOWERS_SYNCHRONIZATION'] == 'true' || signed_request_account.nil?
-
-    # Re-using the syntax for signature parameters
-    tree   = SignatureParamsParser.new.parse(raw_params)
-    params = SignatureParamsTransformer.new.apply(tree)
-
-    ActivityPub::PrepareFollowersSynchronizationService.new.call(signed_request_account, params)
-  rescue Parslet::ParseFailed
-    Rails.logger.warn 'Error parsing Collection-Synchronization header'
+    DeliveryFailureTracker.reset!(signed_request_account.inbox_url)
   end
 
   def process_payload
-    ActivityPub::ProcessingWorker.perform_async(signed_request_actor.id, body, @account&.id, signed_request_actor.class.name)
+    ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body, @account&.id)
   end
 end

app/controllers/activitypub/outboxes_controller.rb

@@ -6,18 +6,12 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   include SignatureVerification
   include AccountOwnedConcern
 
-  vary_by -> { 'Signature' if authorized_fetch_mode? || page_requested? }
-
-  before_action :require_account_signature!, if: :authorized_fetch_mode?
+  before_action :require_signature!, if: :authorized_fetch_mode?
   before_action :set_statuses
+  before_action :set_cache_headers
 
   def show
-    if page_requested?
-      expires_in(1.minute, public: public_fetch_mode? && signed_request_account.nil?)
-    else
-      expires_in(3.minutes, public: public_fetch_mode?)
-    end
-
+    expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode? && !(signed_request_account.present? && page_requested?))
     render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
   end
 
@@ -26,45 +20,38 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   def outbox_presenter
     if page_requested?
       ActivityPub::CollectionPresenter.new(
-        id: outbox_url(**page_params),
+        id: account_outbox_url(@account, page_params),
         type: :ordered,
-        part_of: outbox_url,
+        part_of: account_outbox_url(@account),
         prev: prev_page,
         next: next_page,
         items: @statuses
       )
     else
       ActivityPub::CollectionPresenter.new(
-        id: outbox_url,
+        id: account_outbox_url(@account),
         type: :ordered,
         size: @account.statuses_count,
-        first: outbox_url(page: true),
-        last: outbox_url(page: true, min_id: 0)
+        first: account_outbox_url(@account, page: true),
+        last: account_outbox_url(@account, page: true, min_id: 0)
       )
     end
   end
 
-  def outbox_url(**kwargs)
-    if params[:account_username].present?
-      account_outbox_url(@account, **kwargs)
-    else
-      instance_actor_outbox_url(**kwargs)
-    end
-  end
-
   def next_page
-    outbox_url(page: true, max_id: @statuses.last.id) if @statuses.size == LIMIT
+    account_outbox_url(@account, page: true, max_id: @statuses.last.id) if @statuses.size == LIMIT
   end
 
   def prev_page
-    outbox_url(page: true, min_id: @statuses.first.id) unless @statuses.empty?
+    account_outbox_url(@account, page: true, min_id: @statuses.first.id) unless @statuses.empty?
   end
 
   def set_statuses
     return unless page_requested?
 
+    @statuses = @account.statuses.permitted_for(@account, signed_request_account)
     @statuses = cache_collection_paginated_by_id(
-      AccountStatusesFilter.new(@account, signed_request_account).results,
+      @statuses,
       Status,
       LIMIT,
       params_slice(:max_id, :min_id, :since_id)
@@ -78,8 +65,4 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   def page_params
     { page: true, max_id: params[:max_id], min_id: params[:min_id] }.compact
   end
-
-  def set_account
-    @account = params[:account_username].present? ? Account.find_local!(username_param) : Account.representative
-  end
 end

app/controllers/activitypub/replies_controller.rb

@@ -7,10 +7,9 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
 
   DESCENDANTS_LIMIT = 60
 
-  vary_by -> { 'Signature' if authorized_fetch_mode? }
-
-  before_action :require_account_signature!, if: :authorized_fetch_mode?
+  before_action :require_signature!, if: :authorized_fetch_mode?
   before_action :set_status
+  before_action :set_cache_headers
   before_action :set_replies
 
   def index
@@ -32,7 +31,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
   end
 
   def set_replies
-    @replies = only_other_accounts? ? Status.where.not(account_id: @account.id).joins(:account).merge(Account.without_suspended) : @account.statuses
+    @replies = only_other_accounts? ? Status.where.not(account_id: @account.id) : @account.statuses
     @replies = @replies.where(in_reply_to_id: @status.id, visibility: [:public, :unlisted])
     @replies = @replies.paginate_by_min_id(DESCENDANTS_LIMIT, params[:min_id])
   end
@@ -64,29 +63,15 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
   end
 
   def next_page
-    if only_other_accounts?
-      # Only consider remote accounts
-      return nil if @replies.size < DESCENDANTS_LIMIT
+    only_other_accounts = !(@replies&.last&.account_id == @account.id && @replies.size == DESCENDANTS_LIMIT)
 
-      account_status_replies_url(
-        @account,
-        @status,
-        page: true,
-        min_id: @replies&.last&.id,
-        only_other_accounts: true
-      )
-    else
-      # For now, we're serving only self-replies, but next page might be other accounts
-      next_only_other_accounts = @replies&.last&.account_id != @account.id || @replies.size < DESCENDANTS_LIMIT
-
-      account_status_replies_url(
-        @account,
-        @status,
-        page: true,
-        min_id: next_only_other_accounts ? nil : @replies&.last&.id,
-        only_other_accounts: next_only_other_accounts
-      )
-    end
+    account_status_replies_url(
+      @account,
+      @status,
+      page: true,
+      min_id: only_other_accounts && !only_other_accounts? ? nil : @replies&.last&.id,
+      only_other_accounts: only_other_accounts
+    )
   end
 
   def page_params

app/controllers/admin/account_actions_controller.rb

@@ -5,15 +5,11 @@ module Admin
     before_action :set_account
 
     def new
-      authorize @account, :show?
-
       @account_action  = Admin::AccountAction.new(type: params[:type], report_id: params[:report_id], send_email_notification: true, include_statuses: true)
       @warning_presets = AccountWarningPreset.all
     end
 
     def create
-      authorize @account, :show?
-
       account_action                 = Admin::AccountAction.new(resource_params)
       account_action.target_account  = @account
       account_action.current_account = current_account
@@ -21,7 +17,7 @@ module Admin
       account_action.save!
 
       if account_action.with_report?
-        redirect_to admin_reports_path, notice: I18n.t('admin.reports.processed_msg', id: resource_params[:report_id])
+        redirect_to admin_reports_path
       else
         redirect_to admin_account_path(@account.id)
       end

app/controllers/admin/account_moderation_notes_controller.rb

@@ -14,7 +14,7 @@ module Admin
       else
         @account          = @account_moderation_note.target_account
         @moderation_notes = @account.targeted_moderation_notes.latest
-        @warnings         = @account.strikes.custom.latest
+        @warnings         = @account.targeted_account_warnings.latest.custom
 
         render template: 'admin/accounts/show'
       end

app/controllers/admin/accounts_controller.rb

@@ -2,96 +2,61 @@
 
 module Admin
   class AccountsController < BaseController
-    before_action :set_account, except: [:index, :batch]
+    before_action :set_account, only: [:show, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize, :approve, :reject]
     before_action :require_remote_account!, only: [:redownload]
     before_action :require_local_account!, only: [:enable, :memorialize, :approve, :reject]
 
     def index
       authorize :account, :index?
-
       @accounts = filtered_accounts.page(params[:page])
-      @form     = Form::AccountBatch.new
-    end
-
-    def batch
-      authorize :account, :index?
-
-      @form = Form::AccountBatch.new(form_account_batch_params)
-      @form.current_account = current_account
-      @form.action = action_from_button
-      @form.select_all_matching = params[:select_all_matching]
-      @form.query = filtered_accounts
-      @form.save
-    rescue ActionController::ParameterMissing
-      flash[:alert] = I18n.t('admin.accounts.no_account_selected')
-    ensure
-      redirect_to admin_accounts_path(filter_params)
     end
 
     def show
       authorize @account, :show?
 
-      @deletion_request        = @account.deletion_request
       @account_moderation_note = current_account.account_moderation_notes.new(target_account: @account)
       @moderation_notes        = @account.targeted_moderation_notes.latest
-      @warnings                = @account.strikes.includes(:target_account, :account, :appeal).latest
-      @domain_block            = DomainBlock.rule_for(@account.domain)
+      @warnings                = @account.targeted_account_warnings.latest.custom
     end
 
     def memorialize
       authorize @account, :memorialize?
       @account.memorialize!
       log_action :memorialize, @account
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.memorialized_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     def enable
       authorize @account.user, :enable?
       @account.user.enable!
       log_action :enable, @account.user
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.enabled_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     def approve
       authorize @account.user, :approve?
       @account.user.approve!
-      log_action :approve, @account.user
-      redirect_to admin_accounts_path(status: 'pending'), notice: I18n.t('admin.accounts.approved_msg', username: @account.acct)
+      redirect_to admin_pending_accounts_path
     end
 
     def reject
       authorize @account.user, :reject?
-      DeleteAccountService.new.call(@account, reserve_email: false, reserve_username: false)
-      log_action :reject, @account.user
-      redirect_to admin_accounts_path(status: 'pending'), notice: I18n.t('admin.accounts.rejected_msg', username: @account.acct)
-    end
-
-    def destroy
-      authorize @account, :destroy?
-      Admin::AccountDeletionWorker.perform_async(@account.id)
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.destroyed_msg', username: @account.acct)
-    end
-
-    def unsensitive
-      authorize @account, :unsensitive?
-      @account.unsensitize!
-      log_action :unsensitive, @account
-      redirect_to admin_account_path(@account.id)
+      SuspendAccountService.new.call(@account, reserve_email: false, reserve_username: false)
+      redirect_to admin_pending_accounts_path
     end
 
     def unsilence
       authorize @account, :unsilence?
       @account.unsilence!
       log_action :unsilence, @account
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.unsilenced_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     def unsuspend
       authorize @account, :unsuspend?
       @account.unsuspend!
-      Admin::UnsuspensionWorker.perform_async(@account.id)
       log_action :unsuspend, @account
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.unsuspended_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     def redownload
@@ -100,7 +65,7 @@ module Admin
       @account.update!(last_webfingered_at: nil)
       ResolveAccountService.new.call(@account)
 
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.redownloaded_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     def remove_avatar
@@ -111,7 +76,7 @@ module Admin
 
       log_action :remove_avatar, @account.user
 
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.removed_avatar_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     def remove_header
@@ -122,17 +87,7 @@ module Admin
 
       log_action :remove_header, @account.user
 
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.removed_header_msg', username: @account.acct)
-    end
-
-    def unblock_email
-      authorize @account, :unblock_email?
-
-      CanonicalEmailBlock.where(reference_account: @account).delete_all
-
-      log_action :unblock_email, @account
-
-      redirect_to admin_account_path(@account.id), notice: I18n.t('admin.accounts.unblocked_email_msg', username: @account.acct)
+      redirect_to admin_account_path(@account.id)
     end
 
     private
@@ -150,25 +105,11 @@ module Admin
     end
 
     def filtered_accounts
-      AccountFilter.new(filter_params.with_defaults(order: 'recent')).results
+      AccountFilter.new(filter_params).results
     end
 
     def filter_params
-      params.slice(:page, *AccountFilter::KEYS).permit(:page, *AccountFilter::KEYS)
-    end
-
-    def form_account_batch_params
-      params.require(:form_account_batch).permit(:action, account_ids: [])
-    end
-
-    def action_from_button
-      if params[:suspend]
-        'suspend'
-      elsif params[:approve]
-        'approve'
-      elsif params[:reject]
-        'reject'
-      end
+      params.slice(*AccountFilter::KEYS).permit(*AccountFilter::KEYS)
     end
   end
 end

app/controllers/admin/action_logs_controller.rb

@@ -4,10 +4,7 @@ module Admin
   class ActionLogsController < BaseController
     before_action :set_action_logs
 
-    def index
-      authorize :audit_log, :index?
-      @auditable_accounts = Account.where(id: Admin::ActionLog.reorder(nil).select('distinct account_id')).select(:id, :username)
-    end
+    def index; end
 
     private
 

app/controllers/admin/announcements_controller.rb

@@ -14,10 +14,6 @@ class Admin::AnnouncementsController < Admin::BaseController
     @announcement = Announcement.new
   end
 
-  def edit
-    authorize :announcement, :update?
-  end
-
   def create
     authorize :announcement, :create?
 
@@ -32,6 +28,10 @@ class Admin::AnnouncementsController < Admin::BaseController
     end
   end
 
+  def edit
+    authorize :announcement, :update?
+  end
+
   def update
     authorize :announcement, :update?
 
@@ -71,7 +71,7 @@ class Admin::AnnouncementsController < Admin::BaseController
   private
 
   def set_announcements
-    @announcements = AnnouncementFilter.new(filter_params).results.reverse_chronological.page(params[:page])
+    @announcements = AnnouncementFilter.new(filter_params).results.page(params[:page])
   end
 
   def set_announcement

app/controllers/admin/base_controller.rb

@@ -7,10 +7,8 @@ module Admin
 
     layout 'admin'
 
+    before_action :require_staff!
     before_action :set_body_classes
-    before_action :set_cache_headers
-
-    after_action :verify_authorized
 
     private
 
@@ -18,10 +16,6 @@ module Admin
       @body_classes = 'admin'
     end
 
-    def set_cache_headers
-      response.cache_control.replace(private: true, no_store: true)
-    end
-
     def set_user
       @user = Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
     end

app/controllers/admin/confirmations_controller.rb

@@ -17,7 +17,7 @@ module Admin
 
       @user.resend_confirmation_instructions
 
-      log_action :resend, @user
+      log_action :confirm, @user
 
       flash[:notice] = I18n.t('admin.accounts.resend_confirmation.success')
       redirect_to admin_accounts_path

app/controllers/admin/custom_emojis_controller.rb

@@ -29,12 +29,10 @@ module Admin
     end
 
     def batch
-      authorize :custom_emoji, :index?
-
       @form = Form::CustomEmojiBatch.new(form_custom_emoji_batch_params.merge(current_account: current_account, action: action_from_button))
       @form.save
     rescue ActionController::ParameterMissing
-      flash[:alert] = I18n.t('admin.custom_emojis.no_emoji_selected')
+      flash[:alert] = I18n.t('admin.accounts.no_account_selected')
     rescue Mastodon::NotPermittedError
       flash[:alert] = I18n.t('admin.custom_emojis.not_permitted')
     ensure

app/controllers/admin/dashboard_controller.rb

@@ -1,18 +1,57 @@
 # frozen_string_literal: true
+require 'sidekiq/api'
 
 module Admin
   class DashboardController < BaseController
-    include Redisable
-
     def index
-      authorize :dashboard, :index?
-
-      @system_checks         = Admin::SystemCheck.perform(current_user)
-      @time_period           = (29.days.ago.to_date...Time.now.utc.to_date)
+      @users_count           = User.count
       @pending_users_count   = User.pending.count
-      @pending_reports_count = Report.unresolved.count
+      @registrations_week    = Redis.current.get("activity:accounts:local:#{current_week}") || 0
+      @logins_week           = Redis.current.pfcount("activity:logins:#{current_week}")
+      @interactions_week     = Redis.current.get("activity:interactions:#{current_week}") || 0
+      @relay_enabled         = Relay.enabled.exists?
+      @single_user_mode      = Rails.configuration.x.single_user_mode
+      @registrations_enabled = Setting.registrations_mode != 'none'
+      @deletions_enabled     = Setting.open_deletion
+      @invites_enabled       = Setting.min_invite_role == 'user'
+      @search_enabled        = Chewy.enabled?
+      @version               = Mastodon::Version.to_s
+      @database_version      = ActiveRecord::Base.connection.execute('SELECT VERSION()').first['version'].match(/\A(?:PostgreSQL |)([^\s]+).*\z/)[1]
+      @redis_version         = redis_info['redis_version']
+      @reports_count         = Report.unresolved.count
+      @queue_backlog         = Sidekiq::Stats.new.enqueued
+      @recent_users          = User.confirmed.recent.includes(:account).limit(8)
+      @database_size         = ActiveRecord::Base.connection.execute('SELECT pg_database_size(current_database())').first['pg_database_size']
+      @redis_size            = redis_info['used_memory']
+      @ldap_enabled          = ENV['LDAP_ENABLED'] == 'true'
+      @cas_enabled           = ENV['CAS_ENABLED'] == 'true'
+      @saml_enabled          = ENV['SAML_ENABLED'] == 'true'
+      @pam_enabled           = ENV['PAM_ENABLED'] == 'true'
+      @hidden_service        = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true'
+      @trending_hashtags     = TrendingTags.get(10, filtered: false)
       @pending_tags_count    = Tag.pending_review.count
-      @pending_appeals_count = Appeal.pending.count
+      @authorized_fetch      = authorized_fetch_mode?
+      @whitelist_enabled     = whitelist_mode?
+      @profile_directory     = Setting.profile_directory
+      @timeline_preview      = Setting.timeline_preview
+      @spam_check_enabled    = Setting.spam_check_enabled
+      @trends_enabled        = Setting.trends
+    end
+
+    private
+
+    def current_week
+      @current_week ||= Time.now.utc.to_date.cweek
+    end
+
+    def redis_info
+      @redis_info ||= begin
+        if Redis.current.is_a?(Redis::Namespace)
+          Redis.current.redis.info
+        else
+          Redis.current.info
+        end
+      end
     end
   end
 end

app/controllers/admin/disputes/appeals_controller.rb

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-
-class Admin::Disputes::AppealsController < Admin::BaseController
-  before_action :set_appeal, except: :index
-
-  def index
-    authorize :appeal, :index?
-
-    @appeals = filtered_appeals.page(params[:page])
-  end
-
-  def approve
-    authorize @appeal, :approve?
-    log_action :approve, @appeal
-    ApproveAppealService.new.call(@appeal, current_account)
-    redirect_to disputes_strike_path(@appeal.strike)
-  end
-
-  def reject
-    authorize @appeal, :approve?
-    log_action :reject, @appeal
-    @appeal.reject!(current_account)
-    UserMailer.appeal_rejected(@appeal.account.user, @appeal)
-    redirect_to disputes_strike_path(@appeal.strike)
-  end
-
-  private
-
-  def filtered_appeals
-    Admin::AppealFilter.new(filter_params.with_defaults(status: 'pending')).results.includes(strike: :account)
-  end
-
-  def filter_params
-    params.slice(:page, *Admin::AppealFilter::KEYS).permit(:page, *Admin::AppealFilter::KEYS)
-  end
-
-  def set_appeal
-    @appeal = Appeal.find(params[:id])
-  end
-end

app/controllers/admin/domain_allows_controller.rb

@@ -25,8 +25,6 @@ class Admin::DomainAllowsController < Admin::BaseController
   def destroy
     authorize @domain_allow, :destroy?
     UnallowDomainService.new.call(@domain_allow)
-    log_action :destroy, @domain_allow
-
     redirect_to admin_instances_path, notice: I18n.t('admin.domain_allows.destroyed_msg')
   end
 

app/controllers/admin/domain_blocks_controller.rb

@@ -2,19 +2,7 @@
 
 module Admin
   class DomainBlocksController < BaseController
-    before_action :set_domain_block, only: [:destroy, :edit, :update]
-
-    def batch
-      authorize :domain_block, :create?
-      @form = Form::DomainBlockBatch.new(form_domain_block_batch_params.merge(current_account: current_account, action: action_from_button))
-      @form.save
-    rescue ActionController::ParameterMissing
-      flash[:alert] = I18n.t('admin.domain_blocks.no_domain_block_selected')
-    rescue Mastodon::NotPermittedError
-      flash[:alert] = I18n.t('admin.domain_blocks.not_permitted')
-    else
-      redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
-    end
+    before_action :set_domain_block, only: [:show, :destroy, :edit, :update]
 
     def new
       authorize :domain_block, :create?
@@ -31,49 +19,46 @@ module Admin
       @domain_block = DomainBlock.new(resource_params)
       existing_domain_block = resource_params[:domain].present? ? DomainBlock.rule_for(resource_params[:domain]) : nil
 
-      # Disallow accidentally downgrading a domain block
       if existing_domain_block.present? && !@domain_block.stricter_than?(existing_domain_block)
         @domain_block.save
-        flash.now[:alert] = I18n.t('admin.domain_blocks.existing_domain_block_html', name: existing_domain_block.domain, unblock_url: admin_domain_block_path(existing_domain_block)).html_safe
-        @domain_block.errors.delete(:domain)
-        return render :new
-      end
-
-      # Allow transparently upgrading a domain block
-      if existing_domain_block.present? && existing_domain_block.domain == TagManager.instance.normalize_domain(@domain_block.domain.strip)
-        @domain_block = existing_domain_block
-        @domain_block.assign_attributes(resource_params)
-      end
-
-      # Require explicit confirmation when suspending
-      return render :confirm_suspension if requires_confirmation?
-
-      if @domain_block.save
-        DomainBlockWorker.perform_async(@domain_block.id)
-        log_action :create, @domain_block
-        redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
-      else
+        flash.now[:alert] = I18n.t('admin.domain_blocks.existing_domain_block_html', name: existing_domain_block.domain, unblock_url: admin_domain_block_path(existing_domain_block)).html_safe # rubocop:disable Rails/OutputSafety
+        @domain_block.errors[:domain].clear
         render :new
+      else
+        if existing_domain_block.present?
+          @domain_block = existing_domain_block
+          @domain_block.update(resource_params)
+        end
+        if @domain_block.save
+          DomainBlockWorker.perform_async(@domain_block.id)
+          log_action :create, @domain_block
+          redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
+        else
+          render :new
+        end
       end
     end
 
     def update
-      authorize :domain_block, :update?
+      authorize :domain_block, :create?
 
-      @domain_block.assign_attributes(update_params)
+      @domain_block.update(update_params)
 
-      # Require explicit confirmation when suspending
-      return render :confirm_suspension if requires_confirmation?
+      severity_changed = @domain_block.severity_changed?
 
       if @domain_block.save
-        DomainBlockWorker.perform_async(@domain_block.id, @domain_block.severity_previously_changed?)
-        log_action :update, @domain_block
+        DomainBlockWorker.perform_async(@domain_block.id, severity_changed)
+        log_action :create, @domain_block
         redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
       else
         render :edit
       end
     end
 
+    def show
+      authorize @domain_block, :show?
+    end
+
     def destroy
       authorize @domain_block, :destroy?
       UnblockDomainService.new.call(@domain_block)
@@ -88,23 +73,11 @@ module Admin
     end
 
     def update_params
-      params.require(:domain_block).permit(:severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
+      params.require(:domain_block).permit(:severity, :reject_media, :reject_reports, :private_comment, :public_comment)
     end
 
     def resource_params
-      params.require(:domain_block).permit(:domain, :severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
-    end
-
-    def form_domain_block_batch_params
-      params.require(:form_domain_block_batch).permit(domain_blocks_attributes: [:enabled, :domain, :severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate])
-    end
-
-    def action_from_button
-      'save' if params[:save]
-    end
-
-    def requires_confirmation?
-      @domain_block.valid? && (@domain_block.new_record? || @domain_block.severity_changed?) && @domain_block.severity.to_s == 'suspend' && !params[:confirm]
+      params.require(:domain_block).permit(:domain, :severity, :reject_media, :reject_reports, :private_comment, :public_comment)
     end
   end
 end

app/controllers/admin/email_domain_blocks_controller.rb

@@ -2,24 +2,11 @@
 
 module Admin
   class EmailDomainBlocksController < BaseController
+    before_action :set_email_domain_block, only: [:show, :destroy]
+
     def index
       authorize :email_domain_block, :index?
-
       @email_domain_blocks = EmailDomainBlock.where(parent_id: nil).includes(:children).order(id: :desc).page(params[:page])
-      @form                = Form::EmailDomainBlockBatch.new
-    end
-
-    def batch
-      authorize :email_domain_block, :index?
-
-      @form = Form::EmailDomainBlockBatch.new(form_email_domain_block_batch_params.merge(current_account: current_account, action: action_from_button))
-      @form.save
-    rescue ActionController::ParameterMissing
-      flash[:alert] = I18n.t('admin.email_domain_blocks.no_email_domain_block_selected')
-    rescue Mastodon::NotPermittedError
-      flash[:alert] = I18n.t('admin.email_domain_blocks.not_permitted')
-    ensure
-      redirect_to admin_email_domain_blocks_path
     end
 
     def new
@@ -32,52 +19,51 @@ module Admin
 
       @email_domain_block = EmailDomainBlock.new(resource_params)
 
-      if action_from_button == 'save'
-        EmailDomainBlock.transaction do
-          @email_domain_block.save!
-          log_action :create, @email_domain_block
+      if @email_domain_block.save
+        log_action :create, @email_domain_block
 
-          (@email_domain_block.other_domains || []).uniq.each do |domain|
-            next if EmailDomainBlock.where(domain: domain).exists?
+        if @email_domain_block.with_dns_records?
+          hostnames = []
+          ips       = []
 
-            other_email_domain_block = EmailDomainBlock.create!(domain: domain, parent: @email_domain_block)
-            log_action :create, other_email_domain_block
+          Resolv::DNS.open do |dns|
+            dns.timeouts = 5
+
+            hostnames = dns.getresources(@email_domain_block.domain, Resolv::DNS::Resource::IN::MX).to_a.map { |e| e.exchange.to_s }
+
+            ([@email_domain_block.domain] + hostnames).uniq.each do |hostname|
+              ips.concat(dns.getresources(hostname, Resolv::DNS::Resource::IN::A).to_a.map { |e| e.address.to_s })
+              ips.concat(dns.getresources(hostname, Resolv::DNS::Resource::IN::AAAA).to_a.map { |e| e.address.to_s })
+            end
+          end
+
+          (hostnames + ips).each do |hostname|
+            another_email_domain_block = EmailDomainBlock.new(domain: hostname, parent: @email_domain_block)
+            log_action :create, another_email_domain_block if another_email_domain_block.save
           end
         end
 
         redirect_to admin_email_domain_blocks_path, notice: I18n.t('admin.email_domain_blocks.created_msg')
       else
-        set_resolved_records
         render :new
       end
-    rescue ActiveRecord::RecordInvalid
-      set_resolved_records
-      render :new
+    end
+
+    def destroy
+      authorize @email_domain_block, :destroy?
+      @email_domain_block.destroy!
+      log_action :destroy, @email_domain_block
+      redirect_to admin_email_domain_blocks_path, notice: I18n.t('admin.email_domain_blocks.destroyed_msg')
     end
 
     private
 
-    def set_resolved_records
-      Resolv::DNS.open do |dns|
-        dns.timeouts = 5
-        @resolved_records = dns.getresources(@email_domain_block.domain, Resolv::DNS::Resource::IN::MX).to_a
-      end
+    def set_email_domain_block
+      @email_domain_block = EmailDomainBlock.find(params[:id])
     end
 
     def resource_params
-      params.require(:email_domain_block).permit(:domain, other_domains: [])
-    end
-
-    def form_email_domain_block_batch_params
-      params.require(:form_email_domain_block_batch).permit(email_domain_block_ids: [])
-    end
-
-    def action_from_button
-      if params[:delete]
-        'delete'
-      elsif params[:save]
-        'save'
-      end
+      params.require(:email_domain_block).permit(:domain, :with_dns_records)
     end
   end
 end

app/controllers/admin/export_domain_allows_controller.rb

@@ -1,58 +0,0 @@
-# frozen_string_literal: true
-
-require 'csv'
-
-module Admin
-  class ExportDomainAllowsController < BaseController
-    include AdminExportControllerConcern
-
-    before_action :set_dummy_import!, only: [:new]
-
-    def new
-      authorize :domain_allow, :create?
-    end
-
-    def export
-      authorize :instance, :index?
-      send_export_file
-    end
-
-    def import
-      authorize :domain_allow, :create?
-      begin
-        @import = Admin::Import.new(import_params)
-        return render :new unless @import.validate
-
-        @import.csv_rows.each do |row|
-          domain = row['#domain'].strip
-          next if DomainAllow.allowed?(domain)
-
-          domain_allow = DomainAllow.new(domain: domain)
-          log_action :create, domain_allow if domain_allow.save
-        end
-        flash[:notice] = I18n.t('admin.domain_allows.created_msg')
-      rescue ActionController::ParameterMissing
-        flash[:error] = I18n.t('admin.export_domain_allows.no_file')
-      end
-      redirect_to admin_instances_path
-    end
-
-    private
-
-    def export_filename
-      'domain_allows.csv'
-    end
-
-    def export_headers
-      %w(#domain)
-    end
-
-    def export_data
-      CSV.generate(headers: export_headers, write_headers: true) do |content|
-        DomainAllow.allowed_domains.each do |instance|
-          content << [instance.domain]
-        end
-      end
-    end
-  end
-end

app/controllers/admin/export_domain_blocks_controller.rb

@@ -1,77 +0,0 @@
-# frozen_string_literal: true
-
-require 'csv'
-
-module Admin
-  class ExportDomainBlocksController < BaseController
-    include AdminExportControllerConcern
-
-    before_action :set_dummy_import!, only: [:new]
-
-    def new
-      authorize :domain_block, :create?
-    end
-
-    def export
-      authorize :instance, :index?
-      send_export_file
-    end
-
-    def import
-      authorize :domain_block, :create?
-
-      @import = Admin::Import.new(import_params)
-      return render :new unless @import.validate
-
-      @global_private_comment = I18n.t('admin.export_domain_blocks.import.private_comment_template', source: @import.data_file_name, date: I18n.l(Time.now.utc))
-
-      @form = Form::DomainBlockBatch.new
-      @domain_blocks = @import.csv_rows.filter_map do |row|
-        domain = row['#domain'].strip
-        next if DomainBlock.rule_for(domain).present?
-
-        domain_block = DomainBlock.new(domain: domain,
-                                       severity: row.fetch('#severity', :suspend),
-                                       reject_media: row.fetch('#reject_media', false),
-                                       reject_reports: row.fetch('#reject_reports', false),
-                                       private_comment: @global_private_comment,
-                                       public_comment: row['#public_comment'],
-                                       obfuscate: row.fetch('#obfuscate', false))
-
-        if domain_block.invalid?
-          flash.now[:alert] = I18n.t('admin.export_domain_blocks.invalid_domain_block', error: domain_block.errors.full_messages.join(', '))
-          next
-        end
-
-        domain_block
-      rescue ArgumentError => e
-        flash.now[:alert] = I18n.t('admin.export_domain_blocks.invalid_domain_block', error: e.message)
-        next
-      end
-
-      @warning_domains = Instance.where(domain: @domain_blocks.map(&:domain)).where('EXISTS (SELECT 1 FROM follows JOIN accounts ON follows.account_id = accounts.id OR follows.target_account_id = accounts.id WHERE accounts.domain = instances.domain)').pluck(:domain)
-    rescue ActionController::ParameterMissing
-      flash.now[:alert] = I18n.t('admin.export_domain_blocks.no_file')
-      set_dummy_import!
-      render :new
-    end
-
-    private
-
-    def export_filename
-      'domain_blocks.csv'
-    end
-
-    def export_headers
-      %w(#domain #severity #reject_media #reject_reports #public_comment #obfuscate)
-    end
-
-    def export_data
-      CSV.generate(headers: export_headers, write_headers: true) do |content|
-        DomainBlock.with_limitations.each do |instance|
-          content << [instance.domain, instance.severity, instance.reject_media, instance.reject_reports, instance.public_comment, instance.obfuscate]
-        end
-      end
-    end
-  end
-end

app/controllers/admin/follow_recommendations_controller.rb

@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-
-module Admin
-  class FollowRecommendationsController < BaseController
-    before_action :set_language
-
-    def show
-      authorize :follow_recommendation, :show?
-
-      @form     = Form::AccountBatch.new
-      @accounts = filtered_follow_recommendations
-    end
-
-    def update
-      authorize :follow_recommendation, :show?
-
-      @form = Form::AccountBatch.new(form_account_batch_params.merge(current_account: current_account, action: action_from_button))
-      @form.save
-    rescue ActionController::ParameterMissing
-      # Do nothing
-    ensure
-      redirect_to admin_follow_recommendations_path(filter_params)
-    end
-
-    private
-
-    def set_language
-      @language = follow_recommendation_filter.language
-    end
-
-    def filtered_follow_recommendations
-      follow_recommendation_filter.results
-    end
-
-    def follow_recommendation_filter
-      @follow_recommendation_filter ||= FollowRecommendationFilter.new(filter_params)
-    end
-
-    def form_account_batch_params
-      params.require(:form_account_batch).permit(:action, account_ids: [])
-    end
-
-    def filter_params
-      params.slice(*FollowRecommendationFilter::KEYS).permit(*FollowRecommendationFilter::KEYS)
-    end
-
-    def action_from_button
-      if params[:suppress]
-        'suppress_follow_recommendation'
-      elsif params[:unsuppress]
-        'unsuppress_follow_recommendation'
-      end
-    end
-  end
-end

app/controllers/admin/instances_controller.rb

@@ -2,70 +2,63 @@
 
 module Admin
   class InstancesController < BaseController
-    before_action :set_instances, only: :index
-    before_action :set_instance, except: :index
+    before_action :set_domain_block, only: :show
+    before_action :set_domain_allow, only: :show
+    before_action :set_instance, only: :show
 
     def index
       authorize :instance, :index?
-      preload_delivery_failures!
+
+      @instances = ordered_instances
     end
 
     def show
       authorize :instance, :show?
-      @time_period = (6.days.ago.to_date...Time.now.utc.to_date)
-    end
 
-    def destroy
-      authorize :instance, :destroy?
-      Admin::DomainPurgeWorker.perform_async(@instance.domain)
-      log_action :destroy, @instance
-      redirect_to admin_instances_path, notice: I18n.t('admin.instances.destroyed_msg', domain: @instance.domain)
-    end
-
-    def clear_delivery_errors
-      authorize :delivery, :clear_delivery_errors?
-      @instance.delivery_failure_tracker.clear_failures!
-      redirect_to admin_instance_path(@instance.domain)
-    end
-
-    def restart_delivery
-      authorize :delivery, :restart_delivery?
-
-      if @instance.unavailable?
-        @instance.delivery_failure_tracker.track_success!
-        log_action :destroy, @instance.unavailable_domain
-      end
-
-      redirect_to admin_instance_path(@instance.domain)
-    end
-
-    def stop_delivery
-      authorize :delivery, :stop_delivery?
-      unavailable_domain = UnavailableDomain.create!(domain: @instance.domain)
-      log_action :create, unavailable_domain
-      redirect_to admin_instance_path(@instance.domain)
+      @following_count = Follow.where(account: Account.where(domain: params[:id])).count
+      @followers_count = Follow.where(target_account: Account.where(domain: params[:id])).count
+      @reports_count   = Report.where(target_account: Account.where(domain: params[:id])).count
+      @blocks_count    = Block.where(target_account: Account.where(domain: params[:id])).count
+      @available       = DeliveryFailureTracker.available?(params[:id])
+      @media_storage   = MediaAttachment.where(account: Account.where(domain: params[:id])).sum(:file_file_size)
+      @private_comment = @domain_block&.private_comment
+      @public_comment  = @domain_block&.public_comment
     end
 
     private
 
+    def set_domain_block
+      @domain_block = DomainBlock.rule_for(params[:id])
+    end
+
+    def set_domain_allow
+      @domain_allow = DomainAllow.rule_for(params[:id])
+    end
+
     def set_instance
-      @instance = Instance.find(TagManager.instance.normalize_domain(params[:id]&.strip))
-    end
+      resource   = Account.by_domain_accounts.find_by(domain: params[:id])
+      resource ||= @domain_block
+      resource ||= @domain_allow
 
-    def set_instances
-      @instances = filtered_instances.page(params[:page])
-    end
-
-    def preload_delivery_failures!
-      warning_domains_map = DeliveryFailureTracker.warning_domains_map(@instances.map(&:domain))
-
-      @instances.each do |instance|
-        instance.failure_days = warning_domains_map[instance.domain]
+      if resource
+        @instance = Instance.new(resource)
+      else
+        not_found
       end
     end
 
     def filtered_instances
-      InstanceFilter.new(limited_federation_mode? ? { allowed: true } : filter_params).results
+      InstanceFilter.new(whitelist_mode? ? { allowed: true } : filter_params).results
+    end
+
+    def paginated_instances
+      filtered_instances.page(params[:page])
+    end
+
+    helper_method :paginated_instances
+
+    def ordered_instances
+      paginated_instances.map { |resource| Instance.new(resource) }
     end
 
     def filter_params

app/controllers/admin/ip_blocks_controller.rb

@@ -1,58 +0,0 @@
-# frozen_string_literal: true
-
-module Admin
-  class IpBlocksController < BaseController
-    def index
-      authorize :ip_block, :index?
-
-      @ip_blocks = IpBlock.order(ip: :asc).page(params[:page])
-      @form      = Form::IpBlockBatch.new
-    end
-
-    def new
-      authorize :ip_block, :create?
-
-      @ip_block = IpBlock.new(ip: '', severity: :no_access, expires_in: 1.year)
-    end
-
-    def create
-      authorize :ip_block, :create?
-
-      @ip_block = IpBlock.new(resource_params)
-
-      if @ip_block.save
-        log_action :create, @ip_block
-        redirect_to admin_ip_blocks_path, notice: I18n.t('admin.ip_blocks.created_msg')
-      else
-        render :new
-      end
-    end
-
-    def batch
-      authorize :ip_block, :index?
-
-      @form = Form::IpBlockBatch.new(form_ip_block_batch_params.merge(current_account: current_account, action: action_from_button))
-      @form.save
-    rescue ActionController::ParameterMissing
-      flash[:alert] = I18n.t('admin.ip_blocks.no_ip_block_selected')
-    rescue Mastodon::NotPermittedError
-      flash[:alert] = I18n.t('admin.custom_emojis.not_permitted')
-    ensure
-      redirect_to admin_ip_blocks_path
-    end
-
-    private
-
-    def resource_params
-      params.require(:ip_block).permit(:ip, :severity, :comment, :expires_in)
-    end
-
-    def action_from_button
-      'delete' if params[:delete]
-    end
-
-    def form_ip_block_batch_params
-      params.require(:form_ip_block_batch).permit(ip_block_ids: [])
-    end
-  end
-end

app/controllers/admin/pending_accounts_controller.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Admin
+  class PendingAccountsController < BaseController
+    before_action :set_accounts, only: :index
+
+    def index
+      @form = Form::AccountBatch.new
+    end
+
+    def batch
+      @form = Form::AccountBatch.new(form_account_batch_params.merge(current_account: current_account, action: action_from_button))
+      @form.save
+    rescue ActionController::ParameterMissing
+      flash[:alert] = I18n.t('admin.accounts.no_account_selected')
+    ensure
+      redirect_to admin_pending_accounts_path(current_params)
+    end
+
+    def approve_all
+      Form::AccountBatch.new(current_account: current_account, account_ids: User.pending.pluck(:account_id), action: 'approve').save
+      redirect_to admin_pending_accounts_path(current_params)
+    end
+
+    def reject_all
+      Form::AccountBatch.new(current_account: current_account, account_ids: User.pending.pluck(:account_id), action: 'reject').save
+      redirect_to admin_pending_accounts_path(current_params)
+    end
+
+    private
+
+    def set_accounts
+      @accounts = Account.joins(:user).merge(User.pending.recent).includes(user: :invite_request).page(params[:page])
+    end
+
+    def form_account_batch_params
+      params.require(:form_account_batch).permit(:action, account_ids: [])
+    end
+
+    def action_from_button
+      if params[:approve]
+        'approve'
+      elsif params[:reject]
+        'reject'
+      end
+    end
+
+    def current_params
+      params.slice(:page).permit(:page)
+    end
+  end
+end

app/controllers/admin/relationships_controller.rb

@@ -7,10 +7,9 @@ module Admin
     PER_PAGE = 40
 
     def index
-      authorize @account, :show?
+      authorize :account, :index?
 
-      @accounts = RelationshipFilter.new(@account, filter_params).results.includes(:account_stat, user: [:ips, :invite_request]).page(params[:page]).per(PER_PAGE)
-      @form     = Form::AccountBatch.new
+      @accounts = RelationshipFilter.new(@account, filter_params).results.page(params[:page]).per(PER_PAGE)
     end
 
     private

app/controllers/admin/relays_controller.rb

@@ -3,7 +3,7 @@
 module Admin
   class RelaysController < BaseController
     before_action :set_relay, except: [:index, :new, :create]
-    before_action :warn_signatures_not_enabled!, only: [:new, :create, :enable]
+    before_action :require_signatures_enabled!, only: [:new, :create, :enable]
 
     def index
       authorize :relay, :update?
@@ -56,8 +56,8 @@ module Admin
       params.require(:relay).permit(:inbox_url)
     end
 
-    def warn_signatures_not_enabled!
-      flash.now[:error] = I18n.t('admin.relays.signatures_not_enabled') if authorized_fetch_mode?
+    def require_signatures_enabled!
+      redirect_to admin_relays_path, alert: I18n.t('admin.relays.signatures_not_enabled') if authorized_fetch_mode?
     end
   end
 end

app/controllers/admin/report_notes_controller.rb

@@ -14,17 +14,20 @@ module Admin
         if params[:create_and_resolve]
           @report.resolve!(current_account)
           log_action :resolve, @report
-        elsif params[:create_and_unresolve]
+
+          redirect_to admin_reports_path, notice: I18n.t('admin.reports.resolved_msg')
+          return
+        end
+
+        if params[:create_and_unresolve]
           @report.unresolve!
           log_action :reopen, @report
         end
 
-        redirect_to after_create_redirect_path, notice: I18n.t('admin.report_notes.created_msg')
+        redirect_to admin_report_path(@report), notice: I18n.t('admin.report_notes.created_msg')
       else
-        @report_notes = @report.notes.includes(:account).order(id: :desc)
-        @action_logs  = @report.history.includes(:target)
-        @form         = Admin::StatusBatchAction.new
-        @statuses     = @report.statuses.with_includes
+        @report_notes = (@report.notes.latest + @report.history + @report.target_account.targeted_account_warnings.latest.custom).sort_by(&:created_at)
+        @form         = Form::StatusBatch.new
 
         render template: 'admin/reports/show'
       end
@@ -38,14 +41,6 @@ module Admin
 
     private
 
-    def after_create_redirect_path
-      if params[:create_and_resolve]
-        admin_reports_path
-      else
-        admin_report_path(@report)
-      end
-    end
-
     def resource_params
       params.require(:report_note).permit(
         :content,

app/controllers/admin/reported_statuses_controller.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Admin
+  class ReportedStatusesController < BaseController
+    before_action :set_report
+
+    def create
+      authorize :status, :update?
+
+      @form         = Form::StatusBatch.new(form_status_batch_params.merge(current_account: current_account, action: action_from_button))
+      flash[:alert] = I18n.t('admin.statuses.failed_to_execute') unless @form.save
+
+      redirect_to admin_report_path(@report)
+    rescue ActionController::ParameterMissing
+      flash[:alert] = I18n.t('admin.statuses.no_status_selected')
+
+      redirect_to admin_report_path(@report)
+    end
+
+    private
+
+    def status_params
+      params.require(:status).permit(:sensitive)
+    end
+
+    def form_status_batch_params
+      params.require(:form_status_batch).permit(status_ids: [])
+    end
+
+    def action_from_button
+      if params[:nsfw_on]
+        'nsfw_on'
+      elsif params[:nsfw_off]
+        'nsfw_off'
+      elsif params[:delete]
+        'delete'
+      end
+    end
+
+    def set_report
+      @report = Report.find(params[:report_id])
+    end
+  end
+end

app/controllers/admin/reports/actions_controller.rb

@@ -1,63 +0,0 @@
-# frozen_string_literal: true
-
-class Admin::Reports::ActionsController < Admin::BaseController
-  before_action :set_report
-
-  def preview
-    authorize @report, :show?
-    @moderation_action = action_from_button
-  end
-
-  def create
-    authorize @report, :show?
-
-    case action_from_button
-    when 'delete', 'mark_as_sensitive'
-      status_batch_action = Admin::StatusBatchAction.new(
-        type: action_from_button,
-        status_ids: @report.status_ids,
-        current_account: current_account,
-        report_id: @report.id,
-        send_email_notification: !@report.spam?,
-        text: params[:text]
-      )
-
-      status_batch_action.save!
-    when 'silence', 'suspend'
-      account_action = Admin::AccountAction.new(
-        type: action_from_button,
-        report_id: @report.id,
-        target_account: @report.target_account,
-        current_account: current_account,
-        send_email_notification: !@report.spam?,
-        text: params[:text]
-      )
-
-      account_action.save!
-    else
-      return redirect_to admin_report_path(@report), alert: I18n.t('admin.reports.unknown_action_msg', action: action_from_button)
-    end
-
-    redirect_to admin_reports_path, notice: I18n.t('admin.reports.processed_msg', id: @report.id)
-  end
-
-  private
-
-  def set_report
-    @report = Report.find(params[:report_id])
-  end
-
-  def action_from_button
-    if params[:delete]
-      'delete'
-    elsif params[:mark_as_sensitive]
-      'mark_as_sensitive'
-    elsif params[:silence]
-      'silence'
-    elsif params[:suspend]
-      'suspend'
-    elsif params[:moderation_action]
-      params[:moderation_action]
-    end
-  end
-end

app/controllers/admin/reports_controller.rb

@@ -13,10 +13,8 @@ module Admin
       authorize @report, :show?
 
       @report_note  = @report.notes.new
-      @report_notes = @report.notes.includes(:account).order(id: :desc)
-      @action_logs  = @report.history.includes(:target)
-      @form         = Admin::StatusBatchAction.new
-      @statuses     = @report.statuses.with_includes
+      @report_notes = (@report.notes.latest + @report.history + @report.target_account.targeted_account_warnings.latest.custom).sort_by(&:created_at)
+      @form         = Form::StatusBatch.new
     end
 
     def assign_to_self

app/controllers/admin/resets_controller.rb

@@ -6,9 +6,9 @@ module Admin
 
     def create
       authorize @user, :reset_password?
-      @user.reset_password!
+      @user.send_reset_password_instructions
       log_action :reset_password, @user
-      redirect_to admin_account_path(@user.account_id)
+      redirect_to admin_accounts_path
     end
   end
 end

app/controllers/admin/roles_controller.rb

@@ -2,66 +2,20 @@
 
 module Admin
   class RolesController < BaseController
-    before_action :set_role, except: [:index, :new, :create]
+    before_action :set_user
 
-    def index
-      authorize :user_role, :index?
-
-      @roles = UserRole.order(position: :desc).page(params[:page])
+    def promote
+      authorize @user, :promote?
+      @user.promote!
+      log_action :promote, @user
+      redirect_to admin_account_path(@user.account_id)
     end
 
-    def new
-      authorize :user_role, :create?
-
-      @role = UserRole.new
-    end
-
-    def edit
-      authorize @role, :update?
-    end
-
-    def create
-      authorize :user_role, :create?
-
-      @role = UserRole.new(resource_params)
-      @role.current_account = current_account
-
-      if @role.save
-        log_action :create, @role
-        redirect_to admin_roles_path
-      else
-        render :new
-      end
-    end
-
-    def update
-      authorize @role, :update?
-
-      @role.current_account = current_account
-
-      if @role.update(resource_params)
-        log_action :update, @role
-        redirect_to admin_roles_path
-      else
-        render :edit
-      end
-    end
-
-    def destroy
-      authorize @role, :destroy?
-      @role.destroy!
-      log_action :destroy, @role
-      redirect_to admin_roles_path
-    end
-
-    private
-
-    def set_role
-      @role = UserRole.find(params[:id])
-    end
-
-    def resource_params
-      params.require(:user_role).permit(:name, :color, :highlighted, :position, permissions_as_keys: [])
+    def demote
+      authorize @user, :demote?
+      @user.demote!
+      log_action :demote, @user
+      redirect_to admin_account_path(@user.account_id)
     end
   end
 end

app/controllers/admin/rules_controller.rb

@@ -1,59 +0,0 @@
-# frozen_string_literal: true
-
-module Admin
-  class RulesController < BaseController
-    before_action :set_rule, except: [:index, :create]
-
-    def index
-      authorize :rule, :index?
-
-      @rules = Rule.ordered
-      @rule  = Rule.new
-    end
-
-    def edit
-      authorize @rule, :update?
-    end
-
-    def create
-      authorize :rule, :create?
-
-      @rule = Rule.new(resource_params)
-
-      if @rule.save
-        redirect_to admin_rules_path
-      else
-        @rules = Rule.ordered
-        render :index
-      end
-    end
-
-    def update
-      authorize @rule, :update?
-
-      if @rule.update(resource_params)
-        redirect_to admin_rules_path
-      else
-        render :edit
-      end
-    end
-
-    def destroy
-      authorize @rule, :destroy?
-
-      @rule.discard
-
-      redirect_to admin_rules_path
-    end
-
-    private
-
-    def set_rule
-      @rule = Rule.find(params[:id])
-    end
-
-    def resource_params
-      params.require(:rule).permit(:text, :priority)
-    end
-  end
-end