mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-10 01:25:15 +00:00
cbd0ee1d07
* Update devise-two-factor to unreleased fork for Rails 6 support Update tests to match new `rotp` version. * Update nsa gem to unreleased fork for Rails 6 support * Update rails to 6.1.3 and rails-i18n to 6.0 * Update to unreleased fork of pluck_each for Ruby 6 support * Run "rails app:update" * Add missing ActiveStorage config file * Use config.ssl_options instead of removed ApplicationController#force_ssl Disabled force_ssl-related tests as they do not seem to be easily testable anymore. * Fix nonce directives by removing Rails 5 specific monkey-patching * Fix fixture_file_upload deprecation warning * Fix yield-based test failing with Rails 6 * Use Rails 6's index_with when possible * Use ActiveRecord::Cache::Store#delete_multi from Rails 6 This will yield better performances when deleting an account * Disable Rails 6.1's automatic preload link headers Since Rails 6.1, ActionView adds preload links for javascript files in the Links header per default. In our case, that will bloat headers too much and potentially cause issues with reverse proxies. Furhermore, we don't need those links, as we already output them as HTML link tags. * Switch to Rails 6.0 default config * Switch to Rails 6.1 default config * Do not include autoload paths in the load path
145 lines
3.9 KiB
Ruby
145 lines
3.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class ApplicationController < ActionController::Base
|
|
# Prevent CSRF attacks by raising an exception.
|
|
# For APIs, you may want to use :null_session instead.
|
|
protect_from_forgery with: :exception
|
|
|
|
include Localized
|
|
include UserTrackingConcern
|
|
include SessionTrackingConcern
|
|
include CacheConcern
|
|
include DomainControlHelper
|
|
|
|
helper_method :current_account
|
|
helper_method :current_session
|
|
helper_method :current_theme
|
|
helper_method :single_user_mode?
|
|
helper_method :use_seamless_external_login?
|
|
helper_method :whitelist_mode?
|
|
|
|
rescue_from ActionController::RoutingError, with: :not_found
|
|
rescue_from ActionController::InvalidAuthenticityToken, with: :unprocessable_entity
|
|
rescue_from ActionController::UnknownFormat, with: :not_acceptable
|
|
rescue_from ActionController::ParameterMissing, with: :bad_request
|
|
rescue_from Paperclip::AdapterRegistry::NoHandlerError, with: :bad_request
|
|
rescue_from ActiveRecord::RecordNotFound, with: :not_found
|
|
rescue_from Mastodon::NotPermittedError, with: :forbidden
|
|
rescue_from HTTP::Error, OpenSSL::SSL::SSLError, with: :internal_server_error
|
|
rescue_from Mastodon::RaceConditionError, Seahorse::Client::NetworkingError, Stoplight::Error::RedLight, with: :service_unavailable
|
|
rescue_from Mastodon::RateLimitExceededError, with: :too_many_requests
|
|
|
|
before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
|
|
before_action :require_functional!, if: :user_signed_in?
|
|
|
|
skip_before_action :verify_authenticity_token, only: :raise_not_found
|
|
|
|
def raise_not_found
|
|
raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"
|
|
end
|
|
|
|
private
|
|
|
|
def authorized_fetch_mode?
|
|
ENV['AUTHORIZED_FETCH'] == 'true' || Rails.configuration.x.whitelist_mode
|
|
end
|
|
|
|
def public_fetch_mode?
|
|
!authorized_fetch_mode?
|
|
end
|
|
|
|
def store_current_location
|
|
store_location_for(:user, request.url) unless [:json, :rss].include?(request.format&.to_sym)
|
|
end
|
|
|
|
def require_admin!
|
|
forbidden unless current_user&.admin?
|
|
end
|
|
|
|
def require_staff!
|
|
forbidden unless current_user&.staff?
|
|
end
|
|
|
|
def require_functional!
|
|
redirect_to edit_user_registration_path unless current_user.functional?
|
|
end
|
|
|
|
def after_sign_out_path_for(_resource_or_scope)
|
|
new_user_session_path
|
|
end
|
|
|
|
protected
|
|
|
|
def truthy_param?(key)
|
|
ActiveModel::Type::Boolean.new.cast(params[key])
|
|
end
|
|
|
|
def forbidden
|
|
respond_with_error(403)
|
|
end
|
|
|
|
def not_found
|
|
respond_with_error(404)
|
|
end
|
|
|
|
def gone
|
|
respond_with_error(410)
|
|
end
|
|
|
|
def unprocessable_entity
|
|
respond_with_error(422)
|
|
end
|
|
|
|
def not_acceptable
|
|
respond_with_error(406)
|
|
end
|
|
|
|
def bad_request
|
|
respond_with_error(400)
|
|
end
|
|
|
|
def internal_server_error
|
|
respond_with_error(500)
|
|
end
|
|
|
|
def service_unavailable
|
|
respond_with_error(503)
|
|
end
|
|
|
|
def too_many_requests
|
|
respond_with_error(429)
|
|
end
|
|
|
|
def single_user_mode?
|
|
@single_user_mode ||= Rails.configuration.x.single_user_mode && Account.where('id > 0').exists?
|
|
end
|
|
|
|
def use_seamless_external_login?
|
|
Devise.pam_authentication || Devise.ldap_authentication
|
|
end
|
|
|
|
def current_account
|
|
return @current_account if defined?(@current_account)
|
|
|
|
@current_account = current_user&.account
|
|
end
|
|
|
|
def current_session
|
|
return @current_session if defined?(@current_session)
|
|
|
|
@current_session = SessionActivation.find_by(session_id: cookies.signed['_session_id']) if cookies.signed['_session_id'].present?
|
|
end
|
|
|
|
def current_theme
|
|
return Setting.theme unless Themes.instance.names.include? current_user&.setting_theme
|
|
current_user.setting_theme
|
|
end
|
|
|
|
def respond_with_error(code)
|
|
respond_to do |format|
|
|
format.any { render "errors/#{code}", layout: 'error', status: code, formats: [:html] }
|
|
format.json { render json: { error: Rack::Utils::HTTP_STATUS_CODES[code] }, status: code }
|
|
end
|
|
end
|
|
end
|