Bump lograge from 0.12.0 to 0.13.0

Bumps [lograge](https://github.com/roidrage/lograge) from 0.12.0 to 0.13.0. - [Release notes](https://github.com/roidrage/lograge/releases) - [Changelog](https://github.com/roidrage/lograge/blob/master/CHANGELOG.md) - [Commits](https://github.com/roidrage/lograge/compare/v0.12.0...v0.13.0) --- updated-dependencies: - dependency-name: lograge dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
2023-07-31 14:51:07 +00:00
7 changed files with 32 additions and 114 deletions
--- a/2
+++ b/2
@ -151,7 +151,7 @@ group :development do
 end

 group :production do
-  gem 'lograge', '~> 0.12'
+  gem 'lograge', '~> 0.13'
 end

 gem 'concurrent-ruby', require: false
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -312,7 +312,7 @@ GEM
    httplog (1.6.2)
      rack (>= 2.0)
      rainbow (>= 2.0.0)
-    i18n (1.12.0)
+    i18n (1.14.1)
      concurrent-ruby (~> 1.0)
    i18n-tasks (1.0.12)
      activesupport (>= 4.0.2)
@ -380,14 +380,14 @@ GEM
    llhttp-ffi (0.4.0)
      ffi-compiler (~> 1.0)
      rake (~> 13.0)
-    lograge (0.12.0)
+    lograge (0.13.0)
      actionpack (>= 4)
      activesupport (>= 4)
      railties (>= 4)
      request_store (~> 1.0)
-    loofah (2.19.1)
+    loofah (2.21.3)
      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
+      nokogiri (>= 1.12.0)
    mail (2.8.1)
      mini_mime (>= 0.1.1)
      net-imap
@ -405,8 +405,8 @@ GEM
      mime-types-data (~> 3.2015)
    mime-types-data (3.2022.0105)
    mini_mime (1.1.2)
-    mini_portile2 (2.8.2)
-    minitest (5.17.0)
+    mini_portile2 (2.8.4)
+    minitest (5.19.0)
    msgpack (1.6.0)
    multi_json (1.15.0)
    multipart-post (2.1.1)
@ -496,7 +496,7 @@ GEM
    pundit (2.3.0)
      activesupport (>= 3.0.0)
    raabro (1.4.0)
-    racc (1.6.2)
+    racc (1.7.1)
    rack (2.2.7)
    rack-attack (6.6.1)
      rack (>= 1.0, < 3)
@ -531,11 +531,13 @@ GEM
      actionpack (>= 5.0.1.rc1)
      actionview (>= 5.0.1.rc1)
      activesupport (>= 5.0.1.rc1)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rails-dom-testing (2.1.1)
+      activesupport (>= 5.0.0)
+      minitest
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.5.0)
-      loofah (~> 2.19, >= 2.19.1)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
    rails-i18n (6.0.0)
      i18n (>= 0.7, < 2)
      railties (>= 6.0.0, < 7)
@ -754,7 +756,7 @@ GEM
    xorcist (1.1.3)
    xpath (3.2.0)
      nokogiri (~> 1.8)
-    zeitwerk (2.6.8)
+    zeitwerk (2.6.10)

 PLATFORMS
  ruby
@ -816,7 +818,7 @@ DEPENDENCIES
  letter_opener (~> 1.8)
  letter_opener_web (~> 2.0)
  link_header (~> 0.0)
-  lograge (~> 0.12)
+  lograge (~> 0.13)
  makara (~> 0.5)
  mario-redis-lock (~> 1.2)
  memory_profiler
--- a/app/controllers/api/v1/json_ld_controller.rb
+++ b/app/controllers/api/v1/json_ld_controller.rb
@ -1,7 +1,6 @@
 # frozen_string_literal: true

 require "faraday"
-require "uri"

 class Api::V1::JsonLdController < Api::BaseController
  include ActionController::Live
@ -10,40 +9,6 @@ class Api::V1::JsonLdController < Api::BaseController
    render json: { error: e.to_s }, status: 422
  end

-  before_action :require_user!
-
-  REQUEST_TARGET = '(request-target)'
-
-  def signature(headers)
-    account = Account.representative
-
-    key_id = ActivityPub::TagManager.instance.key_uri_for(account)
-    algorithm = 'rsa-sha256'
-    signed_string = headers.map { |key, value| "#{key.downcase}: #{value}" }.join("\n")
-    signature = Base64.strict_encode64(account.keypair.sign(OpenSSL::Digest.new('SHA256'), signed_string))
-
-    "keyId=\"#{key_id}\",algorithm=\"#{algorithm}\",headers=\"#{headers.keys.join(' ').downcase}\",signature=\"#{signature}\""
-  end
-
-  def signed_headers(url_string)
-    if url_string.include?(".well-known")
-      return {'Accept': 'application/jrd+json'}
-    end
-
-    url = URI.parse(url_string)
-    tmp_headers = {
-      'Date': Time.now.utc.httpdate,
-      'Host': url.host,
-      'Accept': 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
-    }
-    tmp_headers[REQUEST_TARGET] = "get #{url_string.delete_prefix("#{url.scheme}://#{url.host}")}"
-    additional_headers = {
-      'Signature': signature(tmp_headers),
-      'User-Agent': Mastodon::Version.user_agent,
-    }
-    tmp_headers.merge(additional_headers).except(REQUEST_TARGET)
-  end
-
  def show
    url = params[:url]

@ -52,12 +17,13 @@ class Api::V1::JsonLdController < Api::BaseController
    Thread.new {
      begin
        conn = Faraday::Connection.new
+        conn.options.timeout = 5

-        api_response = conn.get(url, nil, signed_headers(url))
+        api_response = conn.get(url, nil, {'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'})

        max_redirects = 5
        while api_response.status == 301 || api_response.status == 302 and max_redirects > 0 do
-          api_response = conn.get(api_response.headers['Location'], nil, signed_headers(api_response.headers['Location']))
+          api_response = conn.get(api_response.headers['Location'], nil, {'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'})
          max_redirects -= 1
        end

--- a/app/views/shared/_og.html.haml
+++ b/app/views/shared/_og.html.haml
@ -1,14 +1,14 @@
 - thumbnail     = @instance_presenter.thumbnail
- description = 'Learn ActivityPub interactively, by seeing protocol interactions visualized in real time'
+- description ||= @instance_presenter.description.presence || strip_tags(t('about.about_mastodon_html'))

 %meta{ name: 'description', content: description }/

-= opengraph 'og:site_name', 'ActivityPub Academy - A learning resource for ActivityPub'
+= opengraph 'og:site_name', t('about.hosted_on', domain: site_hostname)
 = opengraph 'og:url', url_for(only_path: false)
 = opengraph 'og:type', 'website'
-= opengraph 'og:title', 'ActivityPub Academy'
+= opengraph 'og:title', @instance_presenter.title
 = opengraph 'og:description', description
-= opengraph 'og:image', full_asset_url(thumbnail&.file&.url(:'@1x') || asset_pack_path('media/images/academy-mascot.webp', protocol: :request))
-= opengraph 'og:image:width', thumbnail ? thumbnail.meta['width'] : '500'
-= opengraph 'og:image:height', thumbnail ? thumbnail.meta['height'] : '573'
+= opengraph 'og:image', full_asset_url(thumbnail&.file&.url(:'@1x') || asset_pack_path('media/images/preview.png', protocol: :request))
+= opengraph 'og:image:width', thumbnail ? thumbnail.meta['width'] : '1200'
+= opengraph 'og:image:height', thumbnail ? thumbnail.meta['height'] : '630'
 = opengraph 'twitter:card', 'summary_large_image'
--- a/app/workers/scheduler/old_account_cleanup_scheduler.rb
+++ b/app/workers/scheduler/old_account_cleanup_scheduler.rb
@ -28,13 +28,17 @@ class Scheduler::OldAccountCleanupScheduler
      .where("domain IS NULL")
      # id -99 is the instance actor
      .where("id <> -99")
-      # only delete accounts whose username contains underscores (those are auto-generated)
-      .where("username LIKE '%\\_%'")
+      # don't delete admin
+      .where("username <> 'admin'")
+      # don't delete crepels
+      .where("username <> 'crepels'")
+      # don't delete alice
+      .where("username <> 'alice'")
      .where("created_at < ?", 1.day.ago)
      .order(created_at: :asc)
      .limit(MAX_DELETIONS_PER_JOB)
      .each do |account|
-        AccountDeletionWorker.perform_async(account.id, { 'reserve_username' => false })
+        AccountDeletionWorker.perform_async(account.id, { :reserve_username => false })
      end
  end
 end
--- a/dist/nginx.conf
+++ b/dist/nginx.conf
@ -114,27 +114,6 @@ server {
    tcp_nodelay on;
  }

-  location ^~ /api/v1/json_ld {
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto https;
-    proxy_set_header Proxy "";
-    proxy_pass_header Server;
-
-    proxy_pass http://backend;
-    proxy_redirect off;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection '';
-
-    proxy_cache off;
-    proxy_buffering off;
-    chunked_transfer_encoding off;
-
-    tcp_nodelay on;
-  }
-
  location ^~ /api/v1/activity_log {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
--- a/spec/workers/scheduler/old_account_cleanup_scheduler_spec.rb
+++ b/spec/workers/scheduler/old_account_cleanup_scheduler_spec.rb
@ -1,33 +0,0 @@
-require 'json'
-require 'rails_helper'
-
-RSpec.describe Scheduler::OldAccountCleanupScheduler do
-  subject { described_class.new }
-  let!(:generated_user) { Fabricate(:account, username: 'containing_underscore', created_at: 25.hours.ago) }
-  let!(:alice) { Fabricate(:account, username: 'alice', created_at: 25.hours.ago) }
-  let!(:generated_user_other_instance) { Fabricate(:account, username: 'containing_underscore', domain: 'example.com', created_at: 25.hours.ago) }
-  let!(:instance_actor) { Fabricate(:account, id: 99, created_at: 25.hours.ago) }
-
-  describe '#perform' do
-    it 'removes auto-generated user-accounts that are older than one day' do
-      expect { subject.perform }.to change { Account.exists?(generated_user.id) }.from(true).to(false)
-    end
-
-    it 'does not remove auto-generated user-accounts that are younger than one day' do
-      generated_user.update!(created_at: 23.hours.ago)
-      expect { subject.perform }.not_to change { Account.exists?(generated_user.id) }.from(true)
-    end
-
-    it 'does not remove accounts with underscores from other instances' do
-      expect { subject.perform }.not_to change { Account.exists?(generated_user_other_instance.id) }.from(true)
-    end
-
-    it 'does not remove accounts without underscores' do
-      expect { subject.perform }.not_to change { Account.exists?(alice.id) }.from(true)
-    end
-
-    it 'does not remove instance actor' do
-      expect { subject.perform }.not_to change { Account.exists?(instance_actor.id) }.from(true)
-    end
-  end
-end