Merge remote-tracking branch 'upstream/main'

Merge pull request #2706 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes up to 1959365c2f
2024-05-14 21:20:27 -05:00 · 2024-05-12 21:35:25 +02:00 · 2024-05-11 22:44:41 +02:00 · 2024-05-11 22:10:56 +02:00 · 2024-05-10 20:00:25 +00:00 · 2024-05-10 19:19:47 +00:00
793 changed files with 13219 additions and 6163 deletions
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@ -70,7 +70,7 @@ services:
        hard: -1

  libretranslate:
-    image: libretranslate/libretranslate:v1.5.6
+    image: libretranslate/libretranslate:v1.5.7
    restart: unless-stopped
    volumes:
      - lt-data:/home/libretranslate/.local
--- a/.env.development
+++ b/.env.development
@ -0,0 +1,4 @@
+# Required by ActiveRecord encryption feature
+ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=fkSxKD2bF396kdQbrP1EJ7WbU7ZgNokR
+ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=r0hvVmzBVsjxC7AMlwhOzmtc36ZCOS1E
+ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=PhdFyyfy5xJ7WVd2lWBpcPScRQHzRTNr
--- a/.env.test
+++ b/.env.test
@ -3,3 +3,8 @@ NODE_ENV=production
 # Federation
 LOCAL_DOMAIN=cb6e6126.ngrok.io
 LOCAL_HTTPS=true
+
+# Required by ActiveRecord encryption feature
+ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=fkSxKD2bF396kdQbrP1EJ7WbU7ZgNokR
+ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=r0hvVmzBVsjxC7AMlwhOzmtc36ZCOS1E
+ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=PhdFyyfy5xJ7WVd2lWBpcPScRQHzRTNr
--- a/.eslintrc.js
+++ b/.eslintrc.js
@ -380,6 +380,7 @@ module.exports = defineConfig({
            "message": "Use typed hooks `useAppDispatch` and `useAppSelector` instead."
          }
        ],
+        "@typescript-eslint/restrict-template-expressions": ['warn', { allowNumber: true }],
        'jsdoc/require-jsdoc': 'off',

        // Those rules set stricter rules for TS files
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@ -141,6 +141,13 @@
      matchUpdateTypes: ['patch', 'minor'],
      groupName: 'RSpec (non-major)',
    },
+    {
+      // Group all opentelemetry-ruby packages in the same PR
+      matchManagers: ['bundler'],
+      matchPackagePrefixes: ['opentelemetry-'],
+      matchUpdateTypes: ['patch', 'minor'],
+      groupName: 'opentelemetry-ruby (non-major)',
+    },
    // Add labels depending on package manager
    { matchManagers: ['npm', 'nvm'], addLabels: ['javascript'] },
    { matchManagers: ['bundler', 'ruby-version'], addLabels: ['ruby'] },
--- a/.github/stylelint-matcher.json
+++ b/.github/stylelint-matcher.json
@ -1,21 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "stylelint",
-      "pattern": [
-        {
-          "regexp": "^([^\\s].*)$",
-          "file": 1
-        },
-        {
-          "regexp": "^\\s+((\\d+):(\\d+))?\\s+(✖|×)\\s+(.*)\\s{2,}(.*)$",
-          "line": 2,
-          "column": 3,
-          "message": 5,
-          "code": 6,
-          "loop": true
-        }
-      ]
-    }
-  ]
-}
--- a/.github/workflows/crowdin-download.yml
+++ b/.github/workflows/crowdin-download.yml
@ -53,7 +53,7 @@ jobs:

      # Create or update the pull request
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6.0.2
+        uses: peter-evans/create-pull-request@v6.0.5
        with:
          commit-message: 'New Crowdin translations'
          title: 'New Crowdin Translations (automated)'
--- a/.github/workflows/lint-css.yml
+++ b/.github/workflows/lint-css.yml
@ -38,9 +38,5 @@ jobs:
      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript

-      - uses: xt0rted/stylelint-problem-matcher@v1
-
-      - run: echo "::add-matcher::.github/stylelint-matcher.json"
-
      - name: Stylelint
-        run: yarn lint:css
+        run: yarn lint:css -f github
--- a/.github/workflows/test-js.yml
+++ b/.github/workflows/test-js.yml
@ -38,5 +38,5 @@ jobs:
      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript

-      - name: Jest testing
+      - name: JavaScript testing
        run: yarn jest --reporters github-actions summary
--- a/.github/workflows/test-ruby.yml
+++ b/.github/workflows/test-ruby.yml
@ -28,6 +28,9 @@ jobs:
    env:
      RAILS_ENV: ${{ matrix.mode }}
      BUNDLE_WITH: ${{ matrix.mode }}
+      ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: precompile_placeholder
+      ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: precompile_placeholder
+      ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: precompile_placeholder
      OTP_SECRET: precompile_placeholder
      SECRET_KEY_BASE: precompile_placeholder

@ -111,10 +114,9 @@ jobs:
      fail-fast: false
      matrix:
        ruby-version:
-          - '3.0'
          - '3.1'
+          - '3.2'
          - '.ruby-version'
-          - '3.3'
    steps:
      - uses: actions/checkout@v4

@ -143,6 +145,8 @@ jobs:
        uses: codecov/codecov-action@v4
        with:
          files: coverage/lcov/mastodon.lcov
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

  test-e2e:
    name: End to End testing
@ -182,15 +186,16 @@ jobs:
      DISABLE_SIMPLECOV: true
      RAILS_ENV: test
      BUNDLE_WITH: test
+      LOCAL_DOMAIN: localhost:3000
+      LOCAL_HTTPS: false

    strategy:
      fail-fast: false
      matrix:
        ruby-version:
-          - '3.0'
          - '3.1'
+          - '3.2'
          - '.ruby-version'
-          - '3.3'

    steps:
      - uses: actions/checkout@v4
@ -212,7 +217,7 @@ jobs:
      - name: Load database schema
        run: './bin/rails db:create db:schema:load db:seed'

-      - run: bundle exec rake spec:system
+      - run: bin/rspec spec/system --tag streaming --tag js

      - name: Archive logs
        uses: actions/upload-artifact@v4
@ -287,10 +292,9 @@ jobs:
      fail-fast: false
      matrix:
        ruby-version:
-          - '3.0'
          - '3.1'
+          - '3.2'
          - '.ruby-version'
-          - '3.3'
        search-image:
          - docker.elastic.co/elasticsearch/elasticsearch:7.17.13
        include:
--- a/.gitignore
+++ b/.gitignore
@ -24,7 +24,6 @@
 /public/packs-test
 .env
 .env.production
-.env.development
 /node_modules/
 /build/

@ -69,3 +68,6 @@ yarn-debug.log

 # Ignore Docker option files
 docker-compose.override.yml
+
+# Ignore dotenv .local files
+.env*.local
--- a/.haml-lint.yml
+++ b/.haml-lint.yml
@ -1,6 +1,5 @@
 exclude:
  - 'vendor/**/*'
-  - lib/templates/haml/scaffold/_form.html.haml

 require:
  - ./lib/linter/haml_middle_dot.rb
@ -11,6 +10,6 @@ linters:
  MiddleDot:
    enabled: true
  LineLength:
-    max: 320
+    max: 300
  ViewLength:
    max: 200 # Override default value of 100 inherited from rubocop
--- a/.nvmrc
+++ b/.nvmrc
@ -1 +1 @@
-20.11
+20.13
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -9,12 +9,13 @@ inherit_mode:
 require:
  - rubocop-rails
  - rubocop-rspec
+  - rubocop-rspec_rails
  - rubocop-performance
  - rubocop-capybara
  - ./lib/linter/rubocop_middle_dot

 AllCops:
-  TargetRubyVersion: 3.0 # Set to minimum supported version of CI
+  TargetRubyVersion: 3.1 # Set to minimum supported version of CI
  DisplayCopNames: true
  DisplayStyleGuide: true
  ExtraDetails: true
@ -39,13 +40,7 @@ Layout/FirstHashElementIndentation:
 # Reason: Currently disabled in .rubocop_todo.yml
 # https://docs.rubocop.org/rubocop/cops_layout.html#layoutlinelength
 Layout/LineLength:
-  Max: 320 # Default of 120 causes a duplicate entry in generated todo file
-
-# Reason:
-# https://docs.rubocop.org/rubocop/cops_lint.html#lintuselessaccessmodifier
-Lint/UselessAccessModifier:
-  ContextCreatingMethods:
-    - class_methods
+  Max: 300 # Default of 120 causes a duplicate entry in generated todo file

 ## Disable most Metrics/*Length cops
 # Reason: those are often triggered and force significant refactors when this happend
@ -86,6 +81,11 @@ Metrics/CyclomaticComplexity:
 Metrics/ParameterLists:
  CountKeywordArgs: false

+# Reason: Prefer seeing a variable name
+# https://docs.rubocop.org/rubocop/cops_naming.html#namingblockforwarding
+Naming/BlockForwarding:
+  EnforcedStyle: explicit
+
 # Reason: Prevailing style is argument file paths
 # https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsfilepath
 Rails/FilePath:
@ -148,11 +148,6 @@ RSpec/NamedSubject:
 RSpec/NotToNot:
  EnforcedStyle: to_not

-# Reason: Prevailing style uses numeric status codes, matches Rails/HttpStatus
-# https://docs.rubocop.org/rubocop-rspec/cops_rspec_rails.html#rspecrailshttpstatus
-RSpec/Rails/HttpStatus:
-  EnforcedStyle: numeric
-
 # Reason: Match overrides from Rspec/FilePath rule above
 # https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecspecfilepathformat
 RSpec/SpecFilePathFormat:
@ -163,6 +158,11 @@ RSpec/SpecFilePathFormat:
    OEmbedController: oembed_controller
    OStatus: ostatus

+# Reason: Prevailing style uses numeric status codes, matches Rails/HttpStatus
+# https://docs.rubocop.org/rubocop-rspec/cops_rspec_rails.html#rspecrailshttpstatus
+RSpecRails/HttpStatus:
+  EnforcedStyle: numeric
+
 # Reason:
 # https://docs.rubocop.org/rubocop/cops_style.html#styleclassandmodulechildren
 Style/ClassAndModuleChildren:
@ -182,10 +182,16 @@ Style/FormatStringToken:
  AllowedMethods:
    - redirect_with_vary

+# Reason: Prevailing style choice
+# https://docs.rubocop.org/rubocop/cops_style.html#stylehashaslastarrayitem
+Style/HashAsLastArrayItem:
+  Enabled: false
+
 # Reason: Enforce modern Ruby style
 # https://docs.rubocop.org/rubocop/cops_style.html#stylehashsyntax
 Style/HashSyntax:
  EnforcedStyle: ruby19_no_mixed_keys
+  EnforcedShorthandSyntax: either

 # Reason:
 # https://docs.rubocop.org/rubocop/cops_style.html#stylenumericliterals
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@ -1,18 +1,11 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --no-exclude-limit --no-offense-counts --no-auto-gen-timestamp`
-# using RuboCop version 1.60.2.
+# using RuboCop version 1.62.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.

-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation, Include.
-# Include: **/*.gemfile, **/Gemfile, **/gems.rb
-Bundler/OrderedGems:
-  Exclude:
-    - 'Gemfile'
-
 Lint/NonLocalExitFromIterator:
  Exclude:
    - 'app/helpers/jsonld_helper.rb'
@ -36,7 +29,7 @@ Metrics/PerceivedComplexity:

 # Configuration parameters: CountAsOne.
 RSpec/ExampleLength:
-  Max: 20 # Override default of 5
+  Max: 18

 RSpec/MultipleExpectations:
  Max: 7
@ -49,27 +42,10 @@ RSpec/MultipleMemoizedHelpers:
 RSpec/NestedGroups:
  Max: 6

-# Configuration parameters: Include.
-# Include: app/models/**/*.rb
-Rails/HasAndBelongsToMany:
-  Exclude:
-    - 'app/models/concerns/account/associations.rb'
-    - 'app/models/status.rb'
-    - 'app/models/tag.rb'
-
 Rails/OutputSafety:
  Exclude:
    - 'config/initializers/simple_form.rb'

-# Configuration parameters: Include.
-# Include: app/models/**/*.rb
-Rails/UniqueValidationWithoutIndex:
-  Exclude:
-    - 'app/models/account_alias.rb'
-    - 'app/models/custom_filter_status.rb'
-    - 'app/models/identity.rb'
-    - 'app/models/webauthn_credential.rb'
-
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 # AllowedMethods: ==, equal?, eql?
@ -78,17 +54,12 @@ Style/ClassEqualityComparison:
    - 'app/helpers/jsonld_helper.rb'
    - 'app/serializers/activitypub/outbox_serializer.rb'

-Style/ClassVars:
-  Exclude:
-    - 'config/initializers/devise.rb'
-
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowedVars.
 Style/FetchEnvVar:
  Exclude:
    - 'app/lib/redis_configuration.rb'
    - 'app/lib/translation_service.rb'
-    - 'config/environments/development.rb'
    - 'config/environments/production.rb'
    - 'config/initializers/2_limited_federation_mode.rb'
    - 'config/initializers/3_omniauth.rb'
@ -98,9 +69,8 @@ Style/FetchEnvVar:
    - 'config/initializers/paperclip.rb'
    - 'config/initializers/vapid.rb'
    - 'lib/mastodon/redis_config.rb'
-    - 'lib/premailer_webpack_strategy.rb'
    - 'lib/tasks/repo.rake'
-    - 'spec/features/profile_spec.rb'
+    - 'spec/system/profile_spec.rb'

 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns.
@ -144,22 +114,8 @@ Style/GuardClause:
    - 'lib/mastodon/cli/accounts.rb'
    - 'lib/mastodon/cli/maintenance.rb'
    - 'lib/mastodon/cli/media.rb'
-    - 'lib/paperclip/attachment_extensions.rb'
    - 'lib/tasks/repo.rake'

-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: braces, no_braces
-Style/HashAsLastArrayItem:
-  Exclude:
-    - 'app/controllers/admin/statuses_controller.rb'
-    - 'app/controllers/api/v1/statuses_controller.rb'
-    - 'app/models/concerns/account/counters.rb'
-    - 'app/models/concerns/status/threading_concern.rb'
-    - 'app/models/status.rb'
-    - 'app/services/batched_remove_status_service.rb'
-    - 'app/services/notify_service.rb'
-
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/HashTransformValues:
  Exclude:
@ -207,13 +163,6 @@ Style/OptionalBooleanParameter:
    - 'app/workers/unfollow_follow_worker.rb'
    - 'lib/mastodon/redis_config.rb'

-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: PreferredDelimiters.
-Style/PercentLiteralDelimiters:
-  Exclude:
-    - 'config/deploy.rb'
-    - 'config/initializers/doorkeeper.rb'
-
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: short, verbose
@ -244,52 +193,12 @@ Style/SafeNavigation:
  Exclude:
    - 'app/models/concerns/account/finder_concern.rb'

-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: only_raise, only_fail, semantic
-Style/SignalException:
-  Exclude:
-    - 'lib/devise/strategies/two_factor_ldap_authenticatable.rb'
-    - 'lib/devise/strategies/two_factor_pam_authenticatable.rb'
-
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Style/SingleArgumentDig:
-  Exclude:
-    - 'lib/webpacker/manifest_extensions.rb'
-
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Mode.
 Style/StringConcatenation:
  Exclude:
    - 'config/initializers/paperclip.rb'

-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline.
-# SupportedStyles: single_quotes, double_quotes
-Style/StringLiterals:
-  Exclude:
-    - 'config/environments/production.rb'
-    - 'config/initializers/backtrace_silencers.rb'
-    - 'config/initializers/http_client_proxy.rb'
-    - 'config/initializers/rack_attack.rb'
-    - 'config/initializers/webauthn.rb'
-    - 'config/routes.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyleForMultiline.
-# SupportedStylesForMultiline: comma, consistent_comma, no_comma
-Style/TrailingCommaInArguments:
-  Exclude:
-    - 'config/initializers/paperclip.rb'
-
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyleForMultiline.
-# SupportedStylesForMultiline: comma, consistent_comma, no_comma
-Style/TrailingCommaInHashLiteral:
-  Exclude:
-    - 'config/environments/production.rb'
-    - 'config/environments/test.rb'
-
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: WordRegex.
 # SupportedStyles: percent, brackets
--- a/.ruby-version
+++ b/.ruby-version
@ -1 +1 @@
-3.2.3
+3.3.1
--- a/19
+++ b/19
@ -1,4 +1,4 @@
-# syntax=docker/dockerfile:1.4
+# syntax=docker/dockerfile:1.7

 # Please see https://docs.docker.com/engine/reference/builder for information about
 # the extended buildx capabilities used in this file.
@ -7,15 +7,15 @@
 ARG TARGETPLATFORM=${TARGETPLATFORM}
 ARG BUILDPLATFORM=${BUILDPLATFORM}

-# Ruby image to use for base image, change with [--build-arg RUBY_VERSION="3.2.3"]
-ARG RUBY_VERSION="3.2.3"
+# Ruby image to use for base image, change with [--build-arg RUBY_VERSION="3.3.1"]
+ARG RUBY_VERSION="3.3.1"
 # # Node version to use in base image, change with [--build-arg NODE_MAJOR_VERSION="20"]
 ARG NODE_MAJOR_VERSION="20"
 # Debian image to use for base image, change with [--build-arg DEBIAN_VERSION="bookworm"]
 ARG DEBIAN_VERSION="bookworm"
 # Node image to use for base image based on combined variables (ex: 20-bookworm-slim)
 FROM docker.io/node:${NODE_MAJOR_VERSION}-${DEBIAN_VERSION}-slim as node
-# Ruby image to use for base image based on combined variables (ex: 3.2.3-slim-bookworm)
+# Ruby image to use for base image based on combined variables (ex: 3.3.1-slim-bookworm)
 FROM docker.io/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} as ruby

 # Resulting version string is vX.X.X-MASTODON_VERSION_PRERELEASE+MASTODON_VERSION_METADATA
@ -29,7 +29,7 @@ ARG MASTODON_VERSION_METADATA=""
 # See: https://docs.joinmastodon.org/admin/config/#rails_serve_static_files
 ARG RAILS_SERVE_STATIC_FILES="true"
 # Allow to use YJIT compiler
-# See: https://github.com/ruby/ruby/blob/v3_2_3/doc/yjit/yjit.md
+# See: https://github.com/ruby/ruby/blob/v3_2_4/doc/yjit/yjit.md
 ARG RUBY_YJIT_ENABLE="1"
 # Timezone used by the Docker container and runtime, change with [--build-arg TZ=Europe/Berlin]
 ARG TZ="Etc/UTC"
@ -205,7 +205,12 @@ ARG TARGETPLATFORM

 RUN \
 # Use Ruby on Rails to create Mastodon assets
-  OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder bundle exec rails assets:precompile; \
+  ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=precompile_placeholder \
+  ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=precompile_placeholder \
+  ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=precompile_placeholder \
+  OTP_SECRET=precompile_placeholder \
+  SECRET_KEY_BASE=precompile_placeholder \
+  bundle exec rails assets:precompile; \
 # Cleanup temporary files
  rm -fr /opt/mastodon/tmp;

@ -257,4 +262,4 @@ USER mastodon
 # Expose default Puma ports
 EXPOSE 3000
 # Set container tini as default entry point
-ENTRYPOINT ["/usr/bin/tini", "--"]
+ENTRYPOINT ["/usr/bin/tini", "--"]
--- a/62
+++ b/62
@ -1,28 +1,28 @@
 # frozen_string_literal: true

 source 'https://rubygems.org'
-ruby '>= 3.0.0'
+ruby '>= 3.1.0'

-gem 'puma', '~> 6.3'
-gem 'rails', '~> 7.1.1'
 gem 'propshaft'
-gem 'thor', '~> 1.2'
+gem 'puma', '~> 6.3'
 gem 'rack', '~> 2.2.7'
+gem 'rails', '~> 7.1.1'
+gem 'thor', '~> 1.2'

 # For why irb is in the Gemfile, see: https://ruby.social/@st0012/111444685161478182
 gem 'irb', '~> 1.8'

+gem 'dotenv'
 gem 'haml-rails', '~>2.0'
 gem 'pg', '~> 1.5'
 gem 'pghero'
-gem 'dotenv-rails', '~> 2.8'

 gem 'aws-sdk-s3', '~> 1.123', require: false
+gem 'blurhash', '~> 0.1'
 gem 'fog-core', '<= 2.4.0'
 gem 'fog-openstack', '~> 1.0', require: false
 gem 'kt-paperclip', '~> 7.2'
 gem 'md-paperclip-azure', '~> 2.2', require: false
-gem 'blurhash', '~> 0.1'

 gem 'active_model_serializers', '~> 0.10'
 gem 'addressable', '~> 2.8'
@ -31,7 +31,7 @@ gem 'browser'
 gem 'charlock_holmes', '~> 0.7.7'
 gem 'chewy', '~> 7.3'
 gem 'devise', '~> 4.9'
-gem 'devise-two-factor', '~> 4.1'
+gem 'devise-two-factor'

 group :pam_authentication, optional: true do
  gem 'devise_pam_authenticatable2', '~> 9.2'
@ -39,11 +39,11 @@ end

 gem 'net-ldap', '~> 0.18'

-gem 'omniauth-cas', '~> 3.0.0.beta.1'
-gem 'omniauth-saml', '~> 2.0'
-gem 'omniauth_openid_connect', '~> 0.6.1'
 gem 'omniauth', '~> 2.0'
+gem 'omniauth-cas', '~> 3.0.0.beta.1'
+gem 'omniauth_openid_connect', '~> 0.6.1'
 gem 'omniauth-rails_csrf_protection', '~> 1.0'
+gem 'omniauth-saml', '~> 2.0'

 gem 'color_diff', '~> 0.1'
 gem 'csv', '~> 3.2'
@ -53,50 +53,49 @@ gem 'ed25519', '~> 1.3'
 gem 'fast_blank', '~> 1.0'
 gem 'fastimage'
 gem 'hiredis', '~> 0.6'
-gem 'redis-namespace', '~> 1.10'
 gem 'htmlentities', '~> 4.3'
-gem 'http', '~> 5.1'
+gem 'http', '~> 5.2.0'
 gem 'http_accept_language', '~> 2.1'
 gem 'httplog', '~> 1.6.2'
-gem 'i18n', '1.14.1' # TODO: Remove version when resolved: https://github.com/glebm/i18n-tasks/issues/552 / https://github.com/ruby-i18n/i18n/pull/688
+gem 'i18n'
 gem 'idn-ruby', require: 'idn'
 gem 'inline_svg'
 gem 'kaminari', '~> 1.2'
 gem 'link_header', '~> 0.0'
+gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
 gem 'mime-types', '~> 3.5.0', require: 'mime/types/columnar'
 gem 'nokogiri', '~> 1.15'
 gem 'nsa'
 gem 'oj', '~> 3.14'
 gem 'ox', '~> 2.14'
 gem 'parslet'
-gem 'posix-spawn'
+gem 'premailer-rails'
 gem 'public_suffix', '~> 5.0'
 gem 'pundit', '~> 2.3'
-gem 'premailer-rails'
 gem 'rack-attack', '~> 6.6'
 gem 'rack-cors', '~> 2.0', require: 'rack/cors'
 gem 'rails-i18n', '~> 7.0'
 gem 'redcarpet', '~> 3.6'
 gem 'redis', '~> 4.5', require: ['redis', 'redis/connection/hiredis']
-gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
+gem 'redis-namespace', '~> 1.10'
 gem 'rqrcode', '~> 2.2'
 gem 'ruby-progressbar', '~> 1.13'
 gem 'sanitize', '~> 6.0'
 gem 'scenic', '~> 1.7'
 gem 'sidekiq', '~> 6.5'
+gem 'sidekiq-bulk', '~> 0.2.0'
 gem 'sidekiq-scheduler', '~> 5.0'
 gem 'sidekiq-unique-jobs', '~> 7.1'
-gem 'sidekiq-bulk', '~> 0.2.0'
-gem 'simple-navigation', '~> 4.4'
 gem 'simple_form', '~> 5.2'
-gem 'stoplight', '~> 3.0.1'
+gem 'simple-navigation', '~> 4.4'
+gem 'stoplight', '~> 4.1'
 gem 'strong_migrations', '1.8.0'
 gem 'tty-prompt', '~> 0.23', require: false
 gem 'twitter-text', '~> 3.1.0'
 gem 'tzinfo-data', '~> 1.2023'
+gem 'webauthn', '~> 3.0'
 gem 'webpacker', '~> 5.4'
 gem 'webpush', github: 'ClearlyClaire/webpush', ref: 'f14a4d52e201128b1b00245d11b6de80d6cfdcd9'
-gem 'webauthn', '~> 3.0'

 gem 'json-ld'
 gem 'json-ld-preloaded', '~> 3.2'
@ -104,6 +103,24 @@ gem 'rdf-normalize', '~> 0.5'

 gem 'private_address_check', '~> 0.5'

+group :opentelemetry do
+  gem 'opentelemetry-exporter-otlp', '~> 0.26.3', require: false
+  gem 'opentelemetry-instrumentation-active_job', '~> 0.7.1', require: false
+  gem 'opentelemetry-instrumentation-active_model_serializers', '~> 0.20.1', require: false
+  gem 'opentelemetry-instrumentation-concurrent_ruby', '~> 0.21.2', require: false
+  gem 'opentelemetry-instrumentation-excon', '~> 0.22.0', require: false
+  gem 'opentelemetry-instrumentation-faraday', '~> 0.24.1', require: false
+  gem 'opentelemetry-instrumentation-http', '~> 0.23.2', require: false
+  gem 'opentelemetry-instrumentation-http_client', '~> 0.22.3', require: false
+  gem 'opentelemetry-instrumentation-net_http', '~> 0.22.4', require: false
+  gem 'opentelemetry-instrumentation-pg', '~> 0.27.1', require: false
+  gem 'opentelemetry-instrumentation-rack', '~> 0.24.1', require: false
+  gem 'opentelemetry-instrumentation-rails', '~> 0.30.0', require: false
+  gem 'opentelemetry-instrumentation-redis', '~> 0.25.3', require: false
+  gem 'opentelemetry-instrumentation-sidekiq', '~> 0.25.2', require: false
+  gem 'opentelemetry-sdk', '~> 1.4', require: false
+end
+
 group :test do
  # Adds RSpec Error/Warning annotations to GitHub PRs on the Files tab
  gem 'rspec-github', '~> 2.4', require: false
@ -198,13 +215,14 @@ group :production do
  gem 'lograge', '~> 0.12'
 end

+gem 'cocoon', '~> 1.2'
 gem 'concurrent-ruby', require: false
 gem 'connection_pool', require: false
 gem 'xorcist', '~> 1.1'

-gem 'cocoon', '~> 1.2'
-
 gem 'net-http', '~> 0.4.0'
 gem 'rubyzip', '~> 2.3'

 gem 'hcaptcha', '~> 7.1'
+
+gem 'mail', '~> 2.8'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -97,22 +97,20 @@ GEM
      activerecord (>= 3.2, < 8.0)
      rake (>= 10.4, < 14.0)
    ast (2.4.2)
-    attr_encrypted (4.0.0)
-      encryptor (~> 3.0.0)
-    attr_required (1.0.1)
+    attr_required (1.0.2)
    awrence (1.2.1)
    aws-eventstream (1.3.0)
-    aws-partitions (1.873.0)
-    aws-sdk-core (3.190.1)
+    aws-partitions (1.922.0)
+    aws-sdk-core (3.194.1)
      aws-eventstream (~> 1, >= 1.3.0)
      aws-partitions (~> 1, >= 1.651.0)
      aws-sigv4 (~> 1.8)
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.75.0)
-      aws-sdk-core (~> 3, >= 3.188.0)
+    aws-sdk-kms (1.80.0)
+      aws-sdk-core (~> 3, >= 3.193.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.142.0)
-      aws-sdk-core (~> 3, >= 3.189.0)
+    aws-sdk-s3 (1.149.1)
+      aws-sdk-core (~> 3, >= 3.194.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.8)
    aws-sigv4 (1.8.0)
@ -132,17 +130,10 @@ GEM
      erubi (>= 1.0.0)
      rack (>= 0.9.0)
      rouge (>= 1.0.0)
-    better_html (2.0.2)
-      actionview (>= 6.0)
-      activesupport (>= 6.0)
-      ast (~> 2.0)
-      erubi (~> 1.4)
-      parser (>= 2.4)
-      smart_properties
-    bigdecimal (3.1.7)
-    bindata (2.4.15)
-    binding_of_caller (1.0.0)
-      debug_inspector (>= 0.0.1)
+    bigdecimal (3.1.8)
+    bindata (2.5.0)
+    binding_of_caller (1.0.1)
+      debug_inspector (>= 1.2.0)
    blurhash (0.1.7)
    bootsnap (1.18.3)
      msgpack (~> 1.2)
@ -167,11 +158,11 @@ GEM
      xpath (~> 3.2)
    case_transform (0.2)
      activesupport
-    cbor (0.5.9.6)
+    cbor (0.5.9.8)
    charlock_holmes (0.7.7)
-    chewy (7.5.1)
+    chewy (7.6.0)
      activesupport (>= 5.2)
-      elasticsearch (>= 7.12.0, < 7.14.0)
+      elasticsearch (>= 7.14.0, < 8)
      elasticsearch-dsl
    chunky_png (1.4.0)
    climate_control (1.2.0)
@ -182,31 +173,30 @@ GEM
    cose (1.3.0)
      cbor (~> 0.5.9)
      openssl-signature_algorithm (~> 1.0)
-    crack (0.4.6)
+    crack (1.0.0)
      bigdecimal
      rexml
    crass (1.0.6)
-    css_parser (1.14.0)
+    css_parser (1.17.1)
      addressable
-    csv (3.2.8)
+    csv (3.3.0)
    database_cleaner-active_record (2.1.0)
      activerecord (>= 5.a)
      database_cleaner-core (~> 2.0.0)
    database_cleaner-core (2.0.1)
    date (3.3.4)
-    debug (1.9.1)
+    debug (1.9.2)
      irb (~> 1.10)
      reline (>= 0.3.8)
-    debug_inspector (1.1.0)
-    devise (4.9.3)
+    debug_inspector (1.2.0)
+    devise (4.9.4)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 4.1.0)
      responders
      warden (~> 1.2.3)
-    devise-two-factor (4.1.1)
+    devise-two-factor (5.0.0)
      activesupport (~> 7.0)
-      attr_encrypted (>= 1.3, < 5, != 2)
      devise (~> 4.0)
      railties (~> 7.0)
      rotp (~> 6.0)
@ -217,36 +207,31 @@ GEM
    discard (1.3.0)
      activerecord (>= 4.2, < 8)
    docile (1.4.0)
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
+    domain_name (0.6.20240107)
    doorkeeper (5.6.9)
      railties (>= 5)
-    dotenv (2.8.1)
-    dotenv-rails (2.8.1)
-      dotenv (= 2.8.1)
-      railties (>= 3.2)
+    dotenv (3.1.2)
    drb (2.2.1)
    ed25519 (1.3.0)
-    elasticsearch (7.13.3)
-      elasticsearch-api (= 7.13.3)
-      elasticsearch-transport (= 7.13.3)
-    elasticsearch-api (7.13.3)
+    elasticsearch (7.17.10)
+      elasticsearch-api (= 7.17.10)
+      elasticsearch-transport (= 7.17.10)
+    elasticsearch-api (7.17.10)
      multi_json
    elasticsearch-dsl (0.1.10)
-    elasticsearch-transport (7.13.3)
-      faraday (~> 1)
+    elasticsearch-transport (7.17.10)
+      faraday (>= 1, < 3)
      multi_json
    email_spec (2.2.2)
      htmlentities (~> 4.3.3)
      launchy (~> 2.1)
      mail (~> 2.7)
-    encryptor (3.0.0)
    erubi (1.12.0)
-    et-orbi (1.2.7)
+    et-orbi (1.2.11)
      tzinfo
-    excon (0.109.0)
+    excon (0.110.0)
    fabrication (2.31.0)
-    faker (3.2.3)
+    faker (3.3.1)
      i18n (>= 1.8.11, < 2)
    faraday (1.10.3)
      faraday-em_http (~> 1.0)
@ -274,10 +259,10 @@ GEM
    faraday_middleware (1.2.0)
      faraday (~> 1.0)
    fast_blank (1.0.1)
-    fastimage (2.3.0)
-    ffi (1.15.5)
-    ffi-compiler (1.0.1)
-      ffi (>= 1.0.0)
+    fastimage (2.3.1)
+    ffi (1.16.3)
+    ffi-compiler (1.3.2)
+      ffi (>= 1.15.5)
      rake
    fog-core (2.4.0)
      builder
@ -291,7 +276,7 @@ GEM
      fog-core (~> 2.1)
      fog-json (>= 1.0)
    formatador (1.1.0)
-    fugit (1.8.1)
+    fugit (1.10.1)
      et-orbi (~> 1, >= 1.2.7)
      raabro (~> 1.4)
    fuubar (2.5.1)
@ -299,6 +284,9 @@ GEM
      ruby-progressbar (~> 1.4)
    globalid (1.2.1)
      activesupport (>= 6.1)
+    google-protobuf (3.25.3)
+    googleapis-common-protos-types (1.14.0)
+      google-protobuf (~> 3.18)
    haml (6.3.0)
      temple (>= 0.8.2)
      thor
@ -308,7 +296,7 @@ GEM
      activesupport (>= 5.1)
      haml (>= 4.0.6)
      railties (>= 5.1)
-    haml_lint (0.57.0)
+    haml_lint (0.58.0)
      haml (>= 5.0)
      parallel (~> 1.10)
      rainbow
@ -318,15 +306,16 @@ GEM
    hashie (5.0.0)
    hcaptcha (7.1.0)
      json
-    highline (2.1.0)
+    highline (3.0.1)
    hiredis (0.6.3)
    hkdf (0.3.0)
    htmlentities (4.3.4)
-    http (5.1.1)
+    http (5.2.0)
      addressable (~> 2.8)
+      base64 (~> 0.1)
      http-cookie (~> 1.0)
      http-form_data (~> 2.2)
-      llhttp-ffi (~> 0.4.0)
+      llhttp-ffi (~> 0.5.0)
    http-cookie (1.0.5)
      domain_name (~> 0.5)
    http-form_data (2.3.0)
@ -335,12 +324,11 @@ GEM
    httplog (1.6.3)
      rack (>= 2.0)
      rainbow (>= 2.0.0)
-    i18n (1.14.1)
+    i18n (1.14.5)
      concurrent-ruby (~> 1.0)
-    i18n-tasks (1.0.13)
+    i18n-tasks (1.0.14)
      activesupport (>= 4.0.2)
      ast (>= 2.1.0)
-      better_html (>= 1.0, < 3.0)
      erubi
      highline (>= 2.0.0)
      i18n
@ -353,11 +341,11 @@ GEM
      activesupport (>= 3.0)
      nokogiri (>= 1.6)
    io-console (0.7.2)
-    irb (1.12.0)
-      rdoc
+    irb (1.13.1)
+      rdoc (>= 4.0.0)
      reline (>= 0.4.2)
    jmespath (1.6.2)
-    json (2.7.1)
+    json (2.7.2)
    json-canonicalization (1.0.0)
    json-jwt (1.15.3.1)
      activesupport (>= 4.2)
@ -374,7 +362,7 @@ GEM
    json-ld-preloaded (3.3.0)
      json-ld (~> 3.3)
      rdf (~> 3.3)
-    json-schema (4.2.0)
+    json-schema (4.3.0)
      addressable (>= 2.8)
    jsonapi-renderer (0.2.2)
    jwt (2.7.1)
@ -399,15 +387,15 @@ GEM
    language_server-protocol (3.17.0.3)
    launchy (2.5.2)
      addressable (~> 2.8)
-    letter_opener (1.8.1)
-      launchy (>= 2.2, < 3)
+    letter_opener (1.10.0)
+      launchy (>= 2.2, < 4)
    letter_opener_web (2.0.0)
      actionmailer (>= 5.2)
      letter_opener (~> 1.7)
      railties (>= 5.2)
      rexml
    link_header (0.0.8)
-    llhttp-ffi (0.4.0)
+    llhttp-ffi (0.5.0)
      ffi-compiler (~> 1.0)
      rake (~> 13.0)
    lograge (0.14.0)
@ -423,7 +411,7 @@ GEM
      net-imap
      net-pop
      net-smtp
-    marcel (1.0.2)
+    marcel (1.0.4)
    mario-redis-lock (1.2.1)
      redis (>= 3.0.5)
    matrix (0.4.2)
@ -434,13 +422,13 @@ GEM
    memory_profiler (1.0.1)
    mime-types (3.5.2)
      mime-types-data (~> 3.2015)
-    mime-types-data (3.2023.1205)
+    mime-types-data (3.2024.0305)
    mini_mime (1.1.5)
-    mini_portile2 (2.8.5)
+    mini_portile2 (2.8.6)
    minitest (5.22.3)
    msgpack (1.7.2)
    multi_json (1.15.0)
-    multipart-post (2.3.0)
+    multipart-post (2.4.0)
    mutex_m (0.2.0)
    net-http (0.4.1)
      uri
@ -454,10 +442,10 @@ GEM
      net-protocol
    net-protocol (0.2.2)
      timeout
-    net-smtp (0.4.0.1)
+    net-smtp (0.5.0)
      net-protocol
-    nio4r (2.5.9)
-    nokogiri (1.16.3)
+    nio4r (2.7.1)
+    nokogiri (1.16.4)
      mini_portile2 (~> 2.8.2)
      racc (~> 1.4)
    nsa (0.3.0)
@ -498,10 +486,100 @@ GEM
    openssl (3.2.0)
    openssl-signature_algorithm (1.3.0)
      openssl (> 2.0)
+    opentelemetry-api (1.2.5)
+    opentelemetry-common (0.20.1)
+      opentelemetry-api (~> 1.0)
+    opentelemetry-exporter-otlp (0.26.3)
+      google-protobuf (~> 3.14)
+      googleapis-common-protos-types (~> 1.3)
+      opentelemetry-api (~> 1.1)
+      opentelemetry-common (~> 0.20)
+      opentelemetry-sdk (~> 1.2)
+      opentelemetry-semantic_conventions
+    opentelemetry-helpers-sql-obfuscation (0.1.0)
+      opentelemetry-common (~> 0.20)
+    opentelemetry-instrumentation-action_pack (0.9.0)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+      opentelemetry-instrumentation-rack (~> 0.21)
+    opentelemetry-instrumentation-action_view (0.7.0)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-instrumentation-active_support (~> 0.1)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-active_job (0.7.1)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-active_model_serializers (0.20.1)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-active_record (0.7.2)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-active_support (0.5.1)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-base (0.22.3)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-registry (~> 0.1)
+    opentelemetry-instrumentation-concurrent_ruby (0.21.3)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-excon (0.22.1)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-common (~> 0.20.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-faraday (0.24.2)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-common (~> 0.20.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-http (0.23.3)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-http_client (0.22.4)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-common (~> 0.20.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-net_http (0.22.4)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-common (~> 0.20.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-pg (0.27.2)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-helpers-sql-obfuscation
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-rack (0.24.3)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-common (~> 0.20.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-rails (0.30.1)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-instrumentation-action_pack (~> 0.9.0)
+      opentelemetry-instrumentation-action_view (~> 0.7.0)
+      opentelemetry-instrumentation-active_job (~> 0.7.0)
+      opentelemetry-instrumentation-active_record (~> 0.7.0)
+      opentelemetry-instrumentation-active_support (~> 0.5.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-redis (0.25.4)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-common (~> 0.20.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-instrumentation-sidekiq (0.25.3)
+      opentelemetry-api (~> 1.0)
+      opentelemetry-common (~> 0.20.0)
+      opentelemetry-instrumentation-base (~> 0.22.1)
+    opentelemetry-registry (0.3.1)
+      opentelemetry-api (~> 1.1)
+    opentelemetry-sdk (1.4.1)
+      opentelemetry-api (~> 1.1)
+      opentelemetry-common (~> 0.20)
+      opentelemetry-registry (~> 0.2)
+      opentelemetry-semantic_conventions
+    opentelemetry-semantic_conventions (1.10.0)
+      opentelemetry-api (~> 1.0)
    orm_adapter (0.5.0)
    ox (2.14.18)
    parallel (1.24.0)
-    parser (3.3.0.5)
+    parser (3.3.1.0)
      ast (~> 2.4.1)
      racc
    parslet (2.0.0)
@ -510,8 +588,7 @@ GEM
    pg (1.5.6)
    pghero (3.4.1)
      activerecord (>= 6)
-    posix-spawn (0.3.15)
-    premailer (1.21.0)
+    premailer (1.23.0)
      addressable
      css_parser (>= 1.12.0)
      htmlentities (>= 4.0.0)
@ -527,10 +604,10 @@ GEM
      railties (>= 7.0.0)
    psych (5.1.2)
      stringio
-    public_suffix (5.0.4)
+    public_suffix (5.0.5)
    puma (6.4.2)
      nio4r (~> 2.0)
-    pundit (2.3.1)
+    pundit (2.3.2)
      activesupport (>= 3.0.0)
    raabro (1.4.0)
    racc (1.7.3)
@ -548,7 +625,7 @@ GEM
    rack-protection (3.2.0)
      base64 (>= 0.1.0)
      rack (~> 2.2, >= 2.2.4)
-    rack-proxy (0.7.6)
+    rack-proxy (0.7.7)
      rack
    rack-session (1.0.2)
      rack (< 3)
@ -594,7 +671,7 @@ GEM
      thor (~> 1.0, >= 1.2.2)
      zeitwerk (~> 2.6)
    rainbow (3.1.1)
-    rake (13.1.0)
+    rake (13.2.1)
    rdf (3.3.1)
      bcp47_spec (~> 0.2)
      link_header (~> 0.0, >= 0.0.8)
@ -609,16 +686,16 @@ GEM
    redlock (1.3.2)
      redis (>= 3.0.0, < 6.0)
    regexp_parser (2.9.0)
-    reline (0.4.3)
+    reline (0.5.6)
      io-console (~> 0.5)
-    request_store (1.5.1)
+    request_store (1.6.0)
      rack (>= 1.4)
    responders (3.1.1)
      actionpack (>= 5.2)
      railties (>= 5.2)
    rexml (3.2.6)
    rotp (6.3.0)
-    rouge (4.1.2)
+    rouge (4.2.1)
    rpam2 (4.0.2)
    rqrcode (2.2.0)
      chunky_png (~> 1.0)
@ -642,13 +719,13 @@ GEM
      rspec-expectations (~> 3.13)
      rspec-mocks (~> 3.13)
      rspec-support (~> 3.13)
-    rspec-sidekiq (4.1.0)
+    rspec-sidekiq (4.2.0)
      rspec-core (~> 3.0)
      rspec-expectations (~> 3.0)
      rspec-mocks (~> 3.0)
      sidekiq (>= 5, < 8)
    rspec-support (3.13.1)
-    rubocop (1.62.1)
+    rubocop (1.63.5)
      json (~> 2.3)
      language_server-protocol (>= 3.17.0)
      parallel (~> 1.10)
@ -659,27 +736,30 @@ GEM
      rubocop-ast (>= 1.31.1, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.31.2)
-      parser (>= 3.3.0.4)
+    rubocop-ast (1.31.3)
+      parser (>= 3.3.1.0)
    rubocop-capybara (2.20.0)
      rubocop (~> 1.41)
    rubocop-factory_bot (2.25.1)
      rubocop (~> 1.41)
-    rubocop-performance (1.20.2)
+    rubocop-performance (1.21.0)
      rubocop (>= 1.48.1, < 2.0)
-      rubocop-ast (>= 1.30.0, < 2.0)
-    rubocop-rails (2.24.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rails (2.24.1)
      activesupport (>= 4.2.0)
      rack (>= 1.1)
      rubocop (>= 1.33.0, < 2.0)
      rubocop-ast (>= 1.31.1, < 2.0)
-    rubocop-rspec (2.27.1)
+    rubocop-rspec (2.29.2)
      rubocop (~> 1.40)
      rubocop-capybara (~> 2.17)
      rubocop-factory_bot (~> 2.22)
+      rubocop-rspec_rails (~> 2.28)
+    rubocop-rspec_rails (2.28.3)
+      rubocop (~> 1.40)
    ruby-prof (1.7.0)
    ruby-progressbar (1.13.0)
-    ruby-saml (1.15.0)
+    ruby-saml (1.16.0)
      nokogiri (>= 1.13.10)
      rexml
    ruby2_keywords (0.0.5)
@ -691,10 +771,10 @@ GEM
    sanitize (6.1.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.12.0)
-    scenic (1.7.0)
+    scenic (1.8.0)
      activerecord (>= 4.0.0)
      railties (>= 4.0.0)
-    selenium-webdriver (4.18.1)
+    selenium-webdriver (4.20.1)
      base64 (~> 0.2)
      rexml (~> 3.2, >= 3.2.5)
      rubyzip (>= 1.2.2, < 3.0)
@ -728,10 +808,9 @@ GEM
    simplecov-html (0.12.3)
    simplecov-lcov (0.8.0)
    simplecov_json_formatter (0.1.4)
-    smart_properties (1.17.0)
    stackprof (0.2.26)
    statsd-ruby (1.5.0)
-    stoplight (3.0.2)
+    stoplight (4.1.0)
      redlock (~> 1.0)
    stringio (3.1.0)
    strong_migrations (1.8.0)
@ -746,7 +825,7 @@ GEM
      unicode-display_width (>= 1.1.1, < 3)
    terrapin (1.0.1)
      climate_control
-    test-prof (1.3.2)
+    test-prof (1.3.3)
    thor (1.3.1)
    tilt (2.3.0)
    timeout (0.4.1)
@ -763,7 +842,7 @@ GEM
      tty-cursor (~> 0.7)
      tty-screen (~> 0.8)
      wisper (~> 2.0)
-    tty-screen (0.8.1)
+    tty-screen (0.8.2)
    twitter-text (3.1.0)
      idn-ruby
      unf (~> 0.1.0)
@ -773,9 +852,9 @@ GEM
      tzinfo (>= 1.0.0)
    unf (0.1.4)
      unf_ext
-    unf_ext (0.0.8.2)
+    unf_ext (0.0.9.1)
    unicode-display_width (2.5.0)
-    uri (0.12.2)
+    uri (0.13.0)
    validate_email (0.1.6)
      activemodel (>= 3.0)
      mail (>= 2.2.5)
@ -796,7 +875,7 @@ GEM
    webfinger (1.2.0)
      activesupport
      httpclient (>= 2.4)
-    webmock (3.22.0)
+    webmock (3.23.0)
      addressable (>= 2.8.0)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
@ -843,11 +922,11 @@ DEPENDENCIES
  database_cleaner-active_record
  debug (~> 1.8)
  devise (~> 4.9)
-  devise-two-factor (~> 4.1)
+  devise-two-factor
  devise_pam_authenticatable2 (~> 9.2)
  discard (~> 1.2)
  doorkeeper (~> 5.6)
-  dotenv-rails (~> 2.8)
+  dotenv
  ed25519 (~> 1.3)
  email_spec
  fabrication (~> 2.30)
@ -862,10 +941,10 @@ DEPENDENCIES
  hcaptcha (~> 7.1)
  hiredis (~> 0.6)
  htmlentities (~> 4.3)
-  http (~> 5.1)
+  http (~> 5.2.0)
  http_accept_language (~> 2.1)
  httplog (~> 1.6.2)
-  i18n (= 1.14.1)
+  i18n
  i18n-tasks (~> 1.0)
  idn-ruby
  inline_svg
@ -879,6 +958,7 @@ DEPENDENCIES
  letter_opener_web (~> 2.0)
  link_header (~> 0.0)
  lograge (~> 0.12)
+  mail (~> 2.8)
  mario-redis-lock (~> 1.2)
  md-paperclip-azure (~> 2.2)
  memory_profiler
@ -893,11 +973,25 @@ DEPENDENCIES
  omniauth-rails_csrf_protection (~> 1.0)
  omniauth-saml (~> 2.0)
  omniauth_openid_connect (~> 0.6.1)
+  opentelemetry-exporter-otlp (~> 0.26.3)
+  opentelemetry-instrumentation-active_job (~> 0.7.1)
+  opentelemetry-instrumentation-active_model_serializers (~> 0.20.1)
+  opentelemetry-instrumentation-concurrent_ruby (~> 0.21.2)
+  opentelemetry-instrumentation-excon (~> 0.22.0)
+  opentelemetry-instrumentation-faraday (~> 0.24.1)
+  opentelemetry-instrumentation-http (~> 0.23.2)
+  opentelemetry-instrumentation-http_client (~> 0.22.3)
+  opentelemetry-instrumentation-net_http (~> 0.22.4)
+  opentelemetry-instrumentation-pg (~> 0.27.1)
+  opentelemetry-instrumentation-rack (~> 0.24.1)
+  opentelemetry-instrumentation-rails (~> 0.30.0)
+  opentelemetry-instrumentation-redis (~> 0.25.3)
+  opentelemetry-instrumentation-sidekiq (~> 0.25.2)
+  opentelemetry-sdk (~> 1.4)
  ox (~> 2.14)
  parslet
  pg (~> 1.5)
  pghero
-  posix-spawn
  premailer-rails
  private_address_check (~> 0.5)
  propshaft
@ -939,7 +1033,7 @@ DEPENDENCIES
  simplecov (~> 0.22)
  simplecov-lcov (~> 0.8)
  stackprof
-  stoplight (~> 3.0.1)
+  stoplight (~> 4.1)
  strong_migrations (= 1.8.0)
  test-prof
  thor (~> 1.2)
@ -953,7 +1047,7 @@ DEPENDENCIES
  xorcist (~> 1.1)

 RUBY VERSION
-   ruby 3.2.2p53
+   ruby 3.3.1p55

 BUNDLED WITH
-   2.5.4
+   2.5.9
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-# <img src="https://github.com/TheEssem/mastodon/raw/main/app/javascript/icons/android-chrome-256x256.png" width="128"> Chuckya
+# <img src="https://github.com/TheEssem/mastodon/raw/main/public/chuckya.png" width="128"> Chuckya

 Chuckya is a close-to-upstream soft fork of Mastodon Glitch Edition (more commonly known as glitch-soc) that aims to introduce more experimental features/fixes with the goal of making the overall experience more enjoyable. Although it's mainly developed for and used on the [wetdry.world](https://wetdry.world) instance, it can be deployed by any server admin as a drop-in, backwards-compatible replacement for Mastodon.

@ -15,7 +15,6 @@ Here are some of the changes compared to glitch-soc:
 - Allows dashes in custom emote names
 - Emojis can be put side-by-side
 - Minor media attachment tweaks
- Custom favicon

 Changes previously in Chuckya that made their way into vanilla Mastodon:

@ -112,8 +111,8 @@ Mastodon acts as an OAuth2 provider, so 3rd party apps can use the REST and Stre

 - **PostgreSQL** 12+
 - **Redis** 4+
- **Ruby** 3.0+
- **Node.js** 16+
+- **Ruby** 3.1+
+- **Node.js** 18+

 The repository includes deployment configurations for **Docker and docker-compose** as well as specific platforms like **Heroku**, **Scalingo**, and **Nanobox**. For Helm charts, reference the [mastodon/chart repository](https://github.com/mastodon/chart). The [**standalone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the documentation.

@ -134,10 +133,12 @@ A **Vagrant** configuration is included for development purposes. To use it, com
 To set up **MacOS** for native development, complete the following steps:

 - Use a Ruby version manager to install the specified version from `.ruby-version`
+- Run `bundle` to install required gems
 - Run `brew install postgresql@14 redis imagemagick libidn` to install required dependencies
 - Navigate to Mastodon's root directory and run `brew install nvm` then `nvm use` to use the version from `.nvmrc`
+- Run `yarn` to install required packages
 - Run `corepack enable && corepack prepare`
- Run `bundle exec rails db:setup` (optionally prepend `RAILS_ENV=development` to target the dev environment)
+- Run `RAILS_ENV=development bundle exec rails db:setup`
 - Finally, run `bin/dev` which will launch the local services via `overmind` (if installed) or `foreman`

 ### Docker
--- a/1
+++ b/1
@ -173,6 +173,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

  # Otherwise, you can access the site at http://localhost:3000 and http://localhost:4000 , http://localhost:8080
  config.vm.network :forwarded_port, guest: 3000, host: 3000
+  config.vm.network :forwarded_port, guest: 3035, host: 3035
  config.vm.network :forwarded_port, guest: 4000, host: 4000
  config.vm.network :forwarded_port, guest: 8080, host: 8080
  config.vm.network :forwarded_port, guest: 9200, host: 9200
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@ -46,7 +46,7 @@ class AccountsController < ApplicationController
  end

  def default_statuses
-    @account.statuses.not_local_only.where(visibility: [:public, :unlisted])
+    @account.statuses.not_local_only.distributable_visibility
  end

  def only_media_scope
--- a/app/controllers/activitypub/replies_controller.rb
+++ b/app/controllers/activitypub/replies_controller.rb
@ -31,7 +31,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController

  def set_replies
    @replies = only_other_accounts? ? Status.where.not(account_id: @account.id).joins(:account).merge(Account.without_suspended) : @account.statuses
-    @replies = @replies.where(in_reply_to_id: @status.id, visibility: [:public, :unlisted])
+    @replies = @replies.distributable_visibility.where(in_reply_to_id: @status.id)
    @replies = @replies.paginate_by_min_id(DESCENDANTS_LIMIT, params[:min_id])
  end

--- a/app/controllers/admin/base_controller.rb
+++ b/app/controllers/admin/base_controller.rb
@ -7,7 +7,6 @@ module Admin

    layout 'admin'

-    before_action :set_pack
    before_action :set_body_classes
    before_action :set_cache_headers

@ -19,10 +18,6 @@ module Admin
      @body_classes = 'admin'
    end

-    def set_pack
-      use_pack 'admin'
-    end
-
    def set_cache_headers
      response.cache_control.replace(private: true, no_store: true)
    end
--- a/app/controllers/admin/domain_allows_controller.rb
+++ b/app/controllers/admin/domain_allows_controller.rb
@ -25,6 +25,8 @@ class Admin::DomainAllowsController < Admin::BaseController
  def destroy
    authorize @domain_allow, :destroy?
    UnallowDomainService.new.call(@domain_allow)
+    log_action :destroy, @domain_allow
+
    redirect_to admin_instances_path, notice: I18n.t('admin.domain_allows.destroyed_msg')
  end

--- a/app/controllers/admin/site_uploads_controller.rb
+++ b/app/controllers/admin/site_uploads_controller.rb
@ -9,7 +9,7 @@ module Admin

      @site_upload.destroy!

-      redirect_to admin_settings_path, notice: I18n.t('admin.site_uploads.destroyed_msg')
+      redirect_back fallback_location: admin_settings_path, notice: I18n.t('admin.site_uploads.destroyed_msg')
    end

    private
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@ -9,6 +9,7 @@ class Api::BaseController < ApplicationController
  include Api::CachingConcern
  include Api::ContentSecurityPolicy
  include Api::ErrorHandling
+  include Api::Pagination

  skip_before_action :require_functional!, unless: :limited_federation_mode?

@ -29,21 +30,6 @@ class Api::BaseController < ApplicationController

  protected

-  def pagination_max_id
-    pagination_collection.last.id
-  end
-
-  def pagination_since_id
-    pagination_collection.first.id
-  end
-
-  def set_pagination_headers(next_path = nil, prev_path = nil)
-    links = []
-    links << [next_path, [%w(rel next)]] if next_path
-    links << [prev_path, [%w(rel prev)]] if prev_path
-    response.headers['Link'] = LinkHeader.new(links) unless links.empty?
-  end
-
  def limit_param(default_limit)
    return default_limit unless params[:limit]

@ -72,10 +58,6 @@ class Api::BaseController < ApplicationController
    render json: { error: 'Your login is currently disabled' }, status: 403 if current_user&.account&.unavailable?
  end

-  def require_valid_pagination_options!
-    render json: { error: 'Pagination values for `offset` and `limit` must be positive' }, status: 400 if pagination_options_invalid?
-  end
-
  def require_user!
    if !current_user
      render json: { error: 'This method requires an authenticated user' }, status: 422
@ -104,14 +86,6 @@ class Api::BaseController < ApplicationController

  private

-  def insert_pagination_headers
-    set_pagination_headers(next_path, prev_path)
-  end
-
-  def pagination_options_invalid?
-    params.slice(:limit, :offset).values.map(&:to_i).any?(&:negative?)
-  end
-
  def respond_with_error(code)
    render json: { error: Rack::Utils::HTTP_STATUS_CODES[code] }, status: code
  end
--- a/app/controllers/api/v1/accounts/credentials_controller.rb
+++ b/app/controllers/api/v1/accounts/credentials_controller.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: true

 class Api::V1::Accounts::CredentialsController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read, :'read:accounts' }, except: [:update]
+  before_action -> { doorkeeper_authorize! :read, :'read:accounts', :'read:me' }, except: [:update]
  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update]
  before_action :require_user!

--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@ -9,16 +9,22 @@ class Api::V1::AccountsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :follow, :write, :'write:blocks' }, only: [:block, :unblock]
  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:create]

-  before_action :require_user!, except: [:show, :create]
-  before_action :set_account, except: [:create]
-  before_action :check_account_approval, except: [:create]
-  before_action :check_account_confirmation, except: [:create]
+  before_action :require_user!, except: [:index, :show, :create]
+  before_action :set_account, except: [:index, :create]
+  before_action :set_accounts, only: [:index]
+  before_action :check_account_approval, except: [:index, :create]
+  before_action :check_account_confirmation, except: [:index, :create]
  before_action :check_enabled_registrations, only: [:create]
+  before_action :check_accounts_limit, only: [:index]

  skip_before_action :require_authenticated_user!, only: :create

  override_rate_limit_headers :follow, family: :follows

+  def index
+    render json: @accounts, each_serializer: REST::AccountSerializer
+  end
+
  def show
    cache_if_unauthenticated!
    render json: @account, serializer: REST::AccountSerializer
@ -79,6 +85,10 @@ class Api::V1::AccountsController < Api::BaseController
    @account = Account.find(params[:id])
  end

+  def set_accounts
+    @accounts = Account.where(id: account_ids).without_unapproved
+  end
+
  def check_account_approval
    raise(ActiveRecord::RecordNotFound) if @account.local? && @account.user_pending?
  end
@ -87,10 +97,22 @@ class Api::V1::AccountsController < Api::BaseController
    raise(ActiveRecord::RecordNotFound) if @account.local? && !@account.user_confirmed?
  end

+  def check_accounts_limit
+    raise(Mastodon::ValidationError) if account_ids.size > DEFAULT_ACCOUNTS_LIMIT
+  end
+
  def relationships(**options)
    AccountRelationshipsPresenter.new([@account], current_user.account_id, **options)
  end

+  def account_ids
+    Array(accounts_params[:ids]).uniq.map(&:to_i)
+  end
+
+  def accounts_params
+    params.permit(ids: [])
+  end
+
  def account_params
    params.permit(:username, :email, :password, :agreement, :locale, :reason, :time_zone, :invite_code)
  end
--- a/app/controllers/api/v1/admin/domain_blocks_controller.rb
+++ b/app/controllers/api/v1/admin/domain_blocks_controller.rb
@ -29,10 +29,11 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
  def create
    authorize :domain_block, :create?

+    @domain_block = DomainBlock.new(resource_params)
    existing_domain_block = resource_params[:domain].present? ? DomainBlock.rule_for(resource_params[:domain]) : nil
-    return render json: existing_domain_block, serializer: REST::Admin::ExistingDomainBlockErrorSerializer, status: 422 if existing_domain_block.present?
+    return render json: existing_domain_block, serializer: REST::Admin::ExistingDomainBlockErrorSerializer, status: 422 if conflicts_with_existing_block?(@domain_block, existing_domain_block)

-    @domain_block = DomainBlock.create!(resource_params)
+    @domain_block.save!
    DomainBlockWorker.perform_async(@domain_block.id)
    log_action :create, @domain_block
    render json: @domain_block, serializer: REST::Admin::DomainBlockSerializer
@ -55,6 +56,10 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController

  private

+  def conflicts_with_existing_block?(domain_block, existing_domain_block)
+    existing_domain_block.present? && (existing_domain_block.domain == TagManager.instance.normalize_domain(domain_block.domain) || !domain_block.stricter_than?(existing_domain_block))
+  end
+
  def set_domain_blocks
    @domain_blocks = filtered_domain_blocks.order(id: :desc).to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
  end
--- a/app/controllers/api/v1/featured_tags/suggestions_controller.rb
+++ b/app/controllers/api/v1/featured_tags/suggestions_controller.rb
@ -12,10 +12,6 @@ class Api::V1::FeaturedTags::SuggestionsController < Api::BaseController
  private

  def set_recently_used_tags
-    @recently_used_tags = Tag.recently_used(current_account).where.not(id: featured_tag_ids).limit(10)
-  end
-
-  def featured_tag_ids
-    current_account.featured_tags.pluck(:tag_id)
+    @recently_used_tags = Tag.suggestions_for_account(current_account).limit(10)
  end
 end
--- a/app/controllers/api/v1/push/subscriptions_controller.rb
+++ b/app/controllers/api/v1/push/subscriptions_controller.rb
@ -1,9 +1,12 @@
 # frozen_string_literal: true

 class Api::V1::Push::SubscriptionsController < Api::BaseController
+  include Redisable
+  include Lockable
+
  before_action -> { doorkeeper_authorize! :push }
  before_action :require_user!
-  before_action :set_push_subscription
+  before_action :set_push_subscription, only: [:show, :update]
  before_action :check_push_subscription, only: [:show, :update]

  def show
@ -11,16 +14,18 @@ class Api::V1::Push::SubscriptionsController < Api::BaseController
  end

  def create
-    @push_subscription&.destroy!
+    with_redis_lock("push_subscription:#{current_user.id}") do
+      destroy_web_push_subscriptions!

-    @push_subscription = Web::PushSubscription.create!(
-      endpoint: subscription_params[:endpoint],
-      key_p256dh: subscription_params[:keys][:p256dh],
-      key_auth: subscription_params[:keys][:auth],
-      data: data_params,
-      user_id: current_user.id,
-      access_token_id: doorkeeper_token.id
-    )
+      @push_subscription = Web::PushSubscription.create!(
+        endpoint: subscription_params[:endpoint],
+        key_p256dh: subscription_params[:keys][:p256dh],
+        key_auth: subscription_params[:keys][:auth],
+        data: data_params,
+        user_id: current_user.id,
+        access_token_id: doorkeeper_token.id
+      )
+    end

    render json: @push_subscription, serializer: REST::WebPushSubscriptionSerializer
  end
@ -31,14 +36,18 @@ class Api::V1::Push::SubscriptionsController < Api::BaseController
  end

  def destroy
-    @push_subscription&.destroy!
+    destroy_web_push_subscriptions!
    render_empty
  end

  private

+  def destroy_web_push_subscriptions!
+    doorkeeper_token.web_push_subscriptions.destroy_all
+  end
+
  def set_push_subscription
-    @push_subscription = Web::PushSubscription.find_by(access_token_id: doorkeeper_token.id)
+    @push_subscription = doorkeeper_token.web_push_subscriptions.first
  end

  def check_push_subscription
--- a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
@ -23,7 +23,7 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::V1::Statuses::Base
  end

  def paginated_statuses
-    Status.where(reblog_of_id: @status.id).where(visibility: [:public, :unlisted]).paginate_by_max_id(
+    Status.where(reblog_of_id: @status.id).distributable_visibility.paginate_by_max_id(
      limit_param(DEFAULT_ACCOUNTS_LIMIT),
      params[:max_id],
      params[:since_id]
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@ -5,9 +5,11 @@ class Api::V1::StatusesController < Api::BaseController

  before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :update, :destroy]
  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :update, :destroy]
-  before_action :require_user!, except:  [:show, :context]
-  before_action :set_status, only:       [:show, :context]
-  before_action :set_thread, only:       [:create]
+  before_action :require_user!, except:      [:index, :show, :context]
+  before_action :set_statuses, only:         [:index]
+  before_action :set_status, only:           [:show, :context]
+  before_action :set_thread, only:           [:create]
+  before_action :check_statuses_limit, only: [:index]

  override_rate_limit_headers :create, family: :statuses
  override_rate_limit_headers :update, family: :statuses
@ -23,6 +25,11 @@ class Api::V1::StatusesController < Api::BaseController
  DESCENDANTS_LIMIT       = 60
  DESCENDANTS_DEPTH_LIMIT = 20

+  def index
+    @statuses = cache_collection(@statuses, Status)
+    render json: @statuses, each_serializer: REST::StatusSerializer
+  end
+
  def show
    cache_if_unauthenticated!
    @status = cache_collection([@status], Status).first
@ -113,6 +120,10 @@ class Api::V1::StatusesController < Api::BaseController

  private

+  def set_statuses
+    @statuses = Status.permitted_statuses_from_ids(status_ids, current_account)
+  end
+
  def set_status
    @status = Status.find(params[:id])
    authorize @status, :show?
@ -127,6 +138,18 @@ class Api::V1::StatusesController < Api::BaseController
    render json: { error: I18n.t('statuses.errors.in_reply_not_found') }, status: 404
  end

+  def check_statuses_limit
+    raise(Mastodon::ValidationError) if status_ids.size > DEFAULT_STATUSES_LIMIT
+  end
+
+  def status_ids
+    Array(statuses_params[:ids]).uniq.map(&:to_i)
+  end
+
+  def statuses_params
+    params.permit(ids: [])
+  end
+
  def status_params
    params.permit(
      :status,
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -19,6 +19,7 @@ class ApplicationController < ActionController::Base
  helper_method :current_session
  helper_method :current_flavour
  helper_method :current_skin
+  helper_method :current_theme
  helper_method :single_user_mode?
  helper_method :use_seamless_external_login?
  helper_method :omniauth_only?
@ -164,10 +165,7 @@ class ApplicationController < ActionController::Base

  def respond_with_error(code)
    respond_to do |format|
-      format.any do
-        use_pack 'error'
-        render "errors/#{code}", layout: 'error', status: code, formats: [:html]
-      end
+      format.any  { render "errors/#{code}", layout: 'error', status: code, formats: [:html] }
      format.json { render json: { error: Rack::Utils::HTTP_STATUS_CODES[code] }, status: code }
    end
  end
@ -176,10 +174,7 @@ class ApplicationController < ActionController::Base
    return unless self_destruct?

    respond_to do |format|
-      format.any do
-        use_pack 'error'
-        render 'errors/self_destruct', layout: 'auth', status: 410, formats: [:html]
-      end
+      format.any  { render 'errors/self_destruct', layout: 'auth', status: 410, formats: [:html] }
      format.json { render json: { error: Rack::Utils::HTTP_STATUS_CODES[410] }, status: 410 }
    end
  end
--- a/app/controllers/auth/challenges_controller.rb
+++ b/app/controllers/auth/challenges_controller.rb
@ -5,7 +5,6 @@ class Auth::ChallengesController < ApplicationController

  layout 'auth'

-  before_action :set_pack
  before_action :authenticate_user!

  skip_before_action :check_self_destruct!
@ -21,10 +20,4 @@ class Auth::ChallengesController < ApplicationController
      render_challenge
    end
  end
-
-  private
-
-  def set_pack
-    use_pack 'auth'
-  end
 end
--- a/app/controllers/auth/confirmations_controller.rb
+++ b/app/controllers/auth/confirmations_controller.rb
@ -6,7 +6,6 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
  layout 'auth'

  before_action :set_body_classes
-  before_action :set_pack
  before_action :set_confirmation_user!, only: [:show, :confirm_captcha]
  before_action :redirect_confirmed_user, if: :signed_in_confirmed_user?

@ -66,10 +65,6 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
    @confirmation_user.nil? || @confirmation_user.confirmed?
  end

-  def set_pack
-    use_pack 'auth'
-  end
-
  def redirect_confirmed_user
    redirect_to(current_user.approved? ? root_path : edit_user_registration_path)
  end
--- a/app/controllers/auth/passwords_controller.rb
+++ b/app/controllers/auth/passwords_controller.rb
@ -3,7 +3,6 @@
 class Auth::PasswordsController < Devise::PasswordsController
  skip_before_action :check_self_destruct!
  before_action :redirect_invalid_reset_token, only: :edit, unless: :reset_password_token_is_valid?
-  before_action :set_pack
  before_action :set_body_classes

  layout 'auth'
@ -32,8 +31,4 @@ class Auth::PasswordsController < Devise::PasswordsController
  def reset_password_token_is_valid?
    resource_class.with_reset_password_token(params[:reset_password_token]).present?
  end
-
-  def set_pack
-    use_pack 'auth'
-  end
 end
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@ -9,7 +9,6 @@ class Auth::RegistrationsController < Devise::RegistrationsController
  before_action :set_invite, only: [:new, :create]
  before_action :check_enabled_registrations, only: [:new, :create]
  before_action :configure_sign_up_params, only: [:create]
-  before_action :set_pack
  before_action :set_sessions, only: [:edit, :update]
  before_action :set_strikes, only: [:edit, :update]
  before_action :set_body_classes, only: [:new, :create, :edit, :update]
@ -97,10 +96,6 @@ class Auth::RegistrationsController < Devise::RegistrationsController

  private

-  def set_pack
-    use_pack %w(edit update).include?(action_name) ? 'admin' : 'auth'
-  end
-
  def set_body_classes
    @body_classes = %w(edit update).include?(action_name) ? 'admin' : 'lighter'
  end
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@ -12,7 +12,6 @@ class Auth::SessionsController < Devise::SessionsController
  skip_before_action :require_functional!
  skip_before_action :update_user_sign_in

-  prepend_before_action :set_pack
  prepend_before_action :check_suspicious!, only: [:create]

  include Auth::TwoFactorAuthenticationConcern
@ -104,10 +103,6 @@ class Auth::SessionsController < Devise::SessionsController

  private

-  def set_pack
-    use_pack 'auth'
-  end
-
  def set_body_classes
    @body_classes = 'lighter'
  end
--- a/app/controllers/auth/setup_controller.rb
+++ b/app/controllers/auth/setup_controller.rb
@ -3,7 +3,6 @@
 class Auth::SetupController < ApplicationController
  layout 'auth'

-  before_action :set_pack
  before_action :authenticate_user!
  before_action :require_unconfirmed_or_pending!
  before_action :set_body_classes
@ -43,8 +42,4 @@ class Auth::SetupController < ApplicationController
  def user_params
    params.require(:user).permit(:email)
  end
-
-  def set_pack
-    use_pack 'sign_up'
-  end
 end
--- a/app/controllers/concerns/api/pagination.rb
+++ b/app/controllers/concerns/api/pagination.rb
@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Api::Pagination
+  extend ActiveSupport::Concern
+
+  protected
+
+  def pagination_max_id
+    pagination_collection.last.id
+  end
+
+  def pagination_since_id
+    pagination_collection.first.id
+  end
+
+  def set_pagination_headers(next_path = nil, prev_path = nil)
+    links = []
+    links << [next_path, [%w(rel next)]] if next_path
+    links << [prev_path, [%w(rel prev)]] if prev_path
+    response.headers['Link'] = LinkHeader.new(links) unless links.empty?
+  end
+
+  def require_valid_pagination_options!
+    render json: { error: 'Pagination values for `offset` and `limit` must be positive' }, status: 400 if pagination_options_invalid?
+  end
+
+  private
+
+  def insert_pagination_headers
+    set_pagination_headers(next_path, prev_path)
+  end
+
+  def pagination_options_invalid?
+    params.slice(:limit, :offset).values.map(&:to_i).any?(&:negative?)
+  end
+end
--- a/app/controllers/concerns/auth/two_factor_authentication_concern.rb
+++ b/app/controllers/concerns/auth/two_factor_authentication_concern.rb
@ -83,8 +83,6 @@ module Auth::TwoFactorAuthenticationConcern
  def prompt_for_two_factor(user)
    register_attempt_in_session(user)

-    use_pack 'auth'
-
    @body_classes     = 'lighter'
    @webauthn_enabled = user.webauthn_enabled?
    @scheme_type      = if user.webauthn_enabled? && user_params[:otp_attempt].blank?
--- a/app/controllers/concerns/cache_concern.rb
+++ b/app/controllers/concerns/cache_concern.rb
@ -46,27 +46,19 @@ module CacheConcern
    end
  end

+  # TODO: Rename this method, as it does not perform any caching anymore.
  def cache_collection(raw, klass)
-    return raw unless klass.respond_to?(:with_includes)
+    return raw unless klass.respond_to?(:preload_cacheable_associations)

-    raw = raw.cache_ids.to_a if raw.is_a?(ActiveRecord::Relation)
-    return [] if raw.empty?
+    records = raw.to_a

-    cached_keys_with_value = Rails.cache.read_multi(*raw).transform_keys(&:id)
+    klass.preload_cacheable_associations(records)

-    uncached_ids = raw.map(&:id) - cached_keys_with_value.keys
-
-    klass.reload_stale_associations!(cached_keys_with_value.values) if klass.respond_to?(:reload_stale_associations!)
-
-    unless uncached_ids.empty?
-      uncached = klass.where(id: uncached_ids).with_includes.index_by(&:id)
-      Rails.cache.write_multi(uncached.values.to_h { |i| [i, i] })
-    end
-
-    raw.filter_map { |item| cached_keys_with_value[item.id] || uncached[item.id] }
+    records
  end

+  # TODO: Rename this method, as it does not perform any caching anymore.
  def cache_collection_paginated_by_id(raw, klass, limit, options)
-    cache_collection raw.cache_ids.to_a_paginated_by_id(limit, options), klass
+    cache_collection raw.to_a_paginated_by_id(limit, options), klass
  end
 end
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@ -66,7 +66,7 @@ module SignatureVerification
    compare_signed_string = build_signed_string(include_query_string: false)
    return actor unless verify_signature(actor, signature, compare_signed_string).nil?

-    actor = stoplight_wrap_request { actor_refresh_key!(actor) }
+    actor = stoplight_wrapper.run { actor_refresh_key!(actor) }

    raise SignatureVerificationError, "Could not refresh public key #{signature_params['keyId']}" if actor.nil?

@ -226,10 +226,10 @@ module SignatureVerification
    end

    if key_id.start_with?('acct:')
-      stoplight_wrap_request { ResolveAccountService.new.call(key_id.delete_prefix('acct:'), suppress_errors: false) }
+      stoplight_wrapper.run { ResolveAccountService.new.call(key_id.delete_prefix('acct:'), suppress_errors: false) }
    elsif !ActivityPub::TagManager.instance.local_uri?(key_id)
      account   = ActivityPub::TagManager.instance.uri_to_actor(key_id)
-      account ||= stoplight_wrap_request { ActivityPub::FetchRemoteKeyService.new.call(key_id, suppress_errors: false) }
+      account ||= stoplight_wrapper.run { ActivityPub::FetchRemoteKeyService.new.call(key_id, suppress_errors: false) }
      account
    end
  rescue Mastodon::PrivateNetworkAddressError => e
@ -238,12 +238,11 @@ module SignatureVerification
    raise SignatureVerificationError, e.message
  end

-  def stoplight_wrap_request(&block)
-    Stoplight("source:#{request.remote_ip}", &block)
+  def stoplight_wrapper
+    Stoplight("source:#{request.remote_ip}")
      .with_threshold(1)
      .with_cool_off_time(5.minutes.seconds)
      .with_error_handler { |error, handle| error.is_a?(HTTP::Error) || error.is_a?(OpenSSL::SSL::SSLError) ? handle.call(error) : raise(error) }
-      .run
  end

  def actor_refresh_key!(actor)
--- a/app/controllers/concerns/theming_concern.rb
+++ b/app/controllers/concerns/theming_concern.rb
@ -3,87 +3,22 @@
 module ThemingConcern
  extend ActiveSupport::Concern

-  def use_pack(pack_name)
-    @core = resolve_pack_with_common(Themes.instance.core, pack_name)
-    @theme = resolve_pack_with_common(Themes.instance.flavour(current_flavour), pack_name, current_skin)
-  end
-
  private

  def current_flavour
-    [current_user&.setting_flavour, Setting.flavour, 'glitch', 'vanilla'].find { |flavour| Themes.instance.flavours.include?(flavour) }
+    @current_flavour ||= [current_user&.setting_flavour, Setting.flavour, 'glitch', 'vanilla'].find { |flavour| Themes.instance.flavours.include?(flavour) }
  end

  def current_skin
-    skins = Themes.instance.skins_for(current_flavour)
-    [current_user&.setting_skin, Setting.skin, 'default'].find { |skin| skins.include?(skin) }
-  end
-
-  def valid_pack_data?(data, pack_name)
-    data['pack'].is_a?(Hash) && data['pack'][pack_name].present?
-  end
-
-  def nil_pack(data)
-    {
-      use_common: true,
-      flavour: data['name'],
-      pack: nil,
-      preload: nil,
-      skin: nil,
-      supported_locales: data['locales'],
-    }
-  end
-
-  def pack(data, pack_name, skin)
-    pack_data = {
-      use_common: true,
-      flavour: data['name'],
-      pack: pack_name,
-      preload: nil,
-      skin: nil,
-      supported_locales: data['locales'],
-    }
-
-    return pack_data unless data['pack'][pack_name].is_a?(Hash)
-
-    pack_data[:use_common] = false if data['pack'][pack_name]['use_common'] == false
-    pack_data[:pack] = nil unless data['pack'][pack_name]['filename']
-
-    preloads = data['pack'][pack_name]['preload']
-    pack_data[:preload] = [preloads] if preloads.is_a?(String)
-    pack_data[:preload] = preloads if preloads.is_a?(Array)
-
-    if skin != 'default' && data['skin'][skin]
-      pack_data[:skin] = skin if data['skin'][skin].include?(pack_name)
-    elsif data['pack'][pack_name]['stylesheet']
-      pack_data[:skin] = 'default'
+    @current_skin ||= begin
+      skins = Themes.instance.skins_for(current_flavour)
+      [current_user&.setting_skin, Setting.skin, 'system', 'default'].find { |skin| skins.include?(skin) }
    end
-
-    pack_data
  end

-  def resolve_pack(data, pack_name, skin)
-    return pack(data, pack_name, skin) if valid_pack_data?(data, pack_name)
-    return if data['name'].blank?
-
-    fallbacks = []
-    if data.key?('fallback')
-      fallbacks = data['fallback'] if data['fallback'].is_a?(Array)
-      fallbacks = [data['fallback']] if data['fallback'].is_a?(String)
-    elsif data['name'] != Setting.default_settings['flavour']
-      fallbacks = [Setting.default_settings['flavour']]
-    end
-
-    fallbacks.each do |fallback|
-      return resolve_pack(Themes.instance.flavour(fallback), pack_name, skin) if Themes.instance.flavour(fallback)
-    end
-
-    nil
-  end
-
-  def resolve_pack_with_common(data, pack_name, skin = 'default')
-    result = resolve_pack(data, pack_name, skin) || nil_pack(data)
-    result[:common] = resolve_pack(data, 'common', skin) if result.delete(:use_common)
-    result
+  def current_theme
+    # NOTE: this is slightly different from upstream, as it's a derived value used
+    # for the sole purpose of pointing to the appropriate stylesheet pack
+    [current_flavour, current_skin]
  end
 end
--- a/app/controllers/concerns/web_app_controller_concern.rb
+++ b/app/controllers/concerns/web_app_controller_concern.rb
@ -7,7 +7,6 @@ module WebAppControllerConcern
    vary_by 'Accept, Accept-Language, Cookie'

    before_action :redirect_unauthenticated_to_permalinks!
-    before_action :set_pack
    before_action :set_app_body_class
  end

@ -37,8 +36,4 @@ module WebAppControllerConcern
      end
    end
  end
-
-  def set_pack
-    use_pack 'home'
-  end
 end
--- a/app/controllers/disputes/base_controller.rb
+++ b/app/controllers/disputes/base_controller.rb
@ -9,15 +9,10 @@ class Disputes::BaseController < ApplicationController

  before_action :set_body_classes
  before_action :authenticate_user!
-  before_action :set_pack
  before_action :set_cache_headers

  private

-  def set_pack
-    use_pack 'admin'
-  end
-
  def set_body_classes
    @body_classes = 'admin'
  end
--- a/app/controllers/filters/statuses_controller.rb
+++ b/app/controllers/filters/statuses_controller.rb
@ -6,7 +6,6 @@ class Filters::StatusesController < ApplicationController
  before_action :authenticate_user!
  before_action :set_filter
  before_action :set_status_filters
-  before_action :set_pack
  before_action :set_body_classes
  before_action :set_cache_headers

@ -27,10 +26,6 @@ class Filters::StatusesController < ApplicationController

  private

-  def set_pack
-    use_pack 'admin'
-  end
-
  def set_filter
    @filter = current_account.custom_filters.find(params[:filter_id])
  end
--- a/app/controllers/filters_controller.rb
+++ b/app/controllers/filters_controller.rb
@ -5,7 +5,6 @@ class FiltersController < ApplicationController

  before_action :authenticate_user!
  before_action :set_filter, only: [:edit, :update, :destroy]
-  before_action :set_pack
  before_action :set_body_classes
  before_action :set_cache_headers

@ -45,10 +44,6 @@ class FiltersController < ApplicationController

  private

-  def set_pack
-    use_pack 'settings'
-  end
-
  def set_filter
    @filter = current_account.custom_filters.find(params[:id])
  end
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@ -6,7 +6,6 @@ class InvitesController < ApplicationController
  layout 'admin'

  before_action :authenticate_user!
-  before_action :set_pack
  before_action :set_body_classes
  before_action :set_cache_headers

@ -40,10 +39,6 @@ class InvitesController < ApplicationController

  private

-  def set_pack
-    use_pack 'settings'
-  end
-
  def invites
    current_user.invites.order(id: :desc)
  end
--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@ -10,7 +10,6 @@ class MediaController < ApplicationController
  before_action :verify_permitted_status!
  before_action :check_playable, only: :player
  before_action :allow_iframing, only: :player
-  before_action :set_pack, only: :player

  content_security_policy only: :player do |policy|
    policy.frame_ancestors(false)
@ -48,8 +47,4 @@ class MediaController < ApplicationController
  def allow_iframing
    response.headers.delete('X-Frame-Options')
  end
-
-  def set_pack
-    use_pack 'public'
-  end
 end
--- a/app/controllers/oauth/authorizations_controller.rb
+++ b/app/controllers/oauth/authorizations_controller.rb
@ -5,7 +5,6 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController

  before_action :store_current_location
  before_action :authenticate_resource_owner!
-  before_action :set_pack
  before_action :set_cache_headers

  content_security_policy do |p|
@ -20,10 +19,6 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
    store_location_for(:user, request.url)
  end

-  def set_pack
-    use_pack 'auth'
-  end
-
  def render_success
    if skip_authorization? || (matching_token? && !truthy_param?('force_login'))
      redirect_or_render authorize_response
--- a/app/controllers/oauth/authorized_applications_controller.rb
+++ b/app/controllers/oauth/authorized_applications_controller.rb
@ -5,7 +5,6 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio

  before_action :store_current_location
  before_action :authenticate_resource_owner!
-  before_action :set_pack
  before_action :require_not_suspended!, only: :destroy
  before_action :set_body_classes
  before_action :set_cache_headers
@ -31,10 +30,6 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
    store_location_for(:user, request.url)
  end

-  def set_pack
-    use_pack 'settings'
-  end
-
  def require_not_suspended!
    forbidden if current_account.unavailable?
  end
--- a/app/controllers/redirect/base_controller.rb
+++ b/app/controllers/redirect/base_controller.rb
@ -3,7 +3,6 @@
 class Redirect::BaseController < ApplicationController
  vary_by 'Accept-Language'

-  before_action :set_pack
  before_action :set_resource
  before_action :set_app_body_class

@ -22,8 +21,4 @@ class Redirect::BaseController < ApplicationController
  def set_resource
    raise NotImplementedError
  end
-
-  def set_pack
-    use_pack 'public'
-  end
 end
--- a/app/controllers/relationships_controller.rb
+++ b/app/controllers/relationships_controller.rb
@ -5,7 +5,6 @@ class RelationshipsController < ApplicationController

  before_action :authenticate_user!
  before_action :set_accounts, only: :show
-  before_action :set_pack
  before_action :set_relationships, only: :show
  before_action :set_body_classes
  before_action :set_cache_headers
@ -73,10 +72,6 @@ class RelationshipsController < ApplicationController
    @body_classes = 'admin'
  end

-  def set_pack
-    use_pack 'admin'
-  end
-
  def set_cache_headers
    response.cache_control.replace(private: true, no_store: true)
  end
--- a/app/controllers/settings/base_controller.rb
+++ b/app/controllers/settings/base_controller.rb
@ -1,7 +1,6 @@
 # frozen_string_literal: true

 class Settings::BaseController < ApplicationController
-  before_action :set_pack
  layout 'admin'

  before_action :authenticate_user!
@ -10,10 +9,6 @@ class Settings::BaseController < ApplicationController

  private

-  def set_pack
-    use_pack 'settings'
-  end
-
  def set_body_classes
    @body_classes = 'admin'
  end
--- a/app/controllers/settings/featured_tags_controller.rb
+++ b/app/controllers/settings/featured_tags_controller.rb
@ -38,7 +38,7 @@ class Settings::FeaturedTagsController < Settings::BaseController
  end

  def set_recently_used_tags
-    @recently_used_tags = Tag.recently_used(current_account).where.not(id: @featured_tags.map(&:id)).limit(10)
+    @recently_used_tags = Tag.suggestions_for_account(current_account).limit(10)
  end

  def featured_tag_params
--- a/app/controllers/settings/imports_controller.rb
+++ b/app/controllers/settings/imports_controller.rb
@ -31,7 +31,7 @@ class Settings::ImportsController < Settings::BaseController
  def show; end

  def failures
-    @bulk_import = current_account.bulk_imports.where(state: :finished).find(params[:id])
+    @bulk_import = current_account.bulk_imports.state_finished.find(params[:id])

    respond_to do |format|
      format.csv do
@ -92,7 +92,7 @@ class Settings::ImportsController < Settings::BaseController
  end

  def set_bulk_import
-    @bulk_import = current_account.bulk_imports.where(state: :unconfirmed).find(params[:id])
+    @bulk_import = current_account.bulk_imports.state_unconfirmed.find(params[:id])
  end

  def set_recent_imports
--- a/app/controllers/settings/login_activities_controller.rb
+++ b/app/controllers/settings/login_activities_controller.rb
@ -7,10 +7,4 @@ class Settings::LoginActivitiesController < Settings::BaseController
  def index
    @login_activities = LoginActivity.where(user: current_user).order(id: :desc).page(params[:page])
  end
-
-  private
-
-  def set_pack
-    use_pack 'settings'
-  end
 end
--- a/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
@ -85,10 +85,6 @@ module Settings

      private

-      def set_pack
-        use_pack 'auth'
-      end
-
      def redirect_invalid_otp
        flash[:error] = t('webauthn_credentials.otp_required')
        redirect_to settings_two_factor_authentication_methods_path
--- a/app/controllers/shares_controller.rb
+++ b/app/controllers/shares_controller.rb
@ -4,17 +4,12 @@ class SharesController < ApplicationController
  layout 'modal'

  before_action :authenticate_user!
-  before_action :set_pack
  before_action :set_body_classes

  def show; end

  private

-  def set_pack
-    use_pack 'share'
-  end
-
  def set_body_classes
    @body_classes = 'modal-layout compose-standalone'
  end
--- a/app/controllers/statuses_cleanup_controller.rb
+++ b/app/controllers/statuses_cleanup_controller.rb
@ -6,7 +6,6 @@ class StatusesCleanupController < ApplicationController
  before_action :authenticate_user!
  before_action :set_policy
  before_action :set_body_classes
-  before_action :set_pack
  before_action :set_cache_headers

  def show; end
@ -27,10 +26,6 @@ class StatusesCleanupController < ApplicationController

  private

-  def set_pack
-    use_pack 'settings'
-  end
-
  def set_policy
    @policy = current_account.statuses_cleanup_policy || current_account.build_statuses_cleanup_policy(enabled: false)
  end
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@ -41,7 +41,6 @@ class StatusesController < ApplicationController
  end

  def embed
-    use_pack 'embed'
    return not_found if @status.hidden? || @status.reblog?

    expires_in 180, public: true
--- a/app/controllers/well_known/oauth_metadata_controller.rb
+++ b/app/controllers/well_known/oauth_metadata_controller.rb
@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module WellKnown
+  class OauthMetadataController < ActionController::Base # rubocop:disable Rails/ApplicationController
+    include CacheConcern
+
+    # Prevent `active_model_serializer`'s `ActionController::Serialization` from calling `current_user`
+    # and thus re-issuing session cookies
+    serialization_scope nil
+
+    def show
+      # Due to this document potentially changing between Mastodon versions (as
+      # new OAuth scopes are added), we don't use expires_in to cache upstream,
+      # instead just caching in the rails cache:
+      render_with_cache(
+        json: ::OauthMetadataPresenter.new,
+        serializer: ::OauthMetadataSerializer,
+        content_type: 'application/json',
+        expires_in: 15.minutes
+      )
+    end
+  end
+end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -113,6 +113,14 @@ module ApplicationHelper
    content_tag(:i, nil, attributes.merge(class: class_names.join(' ')))
  end

+  def material_symbol(icon, attributes = {})
+    inline_svg_tag(
+      "400-24px/#{icon}.svg",
+      class: %w(icon).concat(attributes[:class].to_s.split),
+      role: :img
+    )
+  end
+
  def check_icon
    inline_svg_tag 'check.svg'
  end
@ -233,6 +241,32 @@ module ApplicationHelper
    EmojiFormatter.new(html, custom_emojis, other_options.merge(animate: prefers_autoplay?)).to_s
  end

+  def site_icon_path(type, size = '48')
+    icon = SiteUpload.find_by(var: type)
+    return nil unless icon
+
+    icon.file.url(size)
+  end
+
+  # glitch-soc addition to handle the multiple flavors
+  def preload_locale_pack
+    supported_locales = Themes.instance.flavour(current_flavour)['locales']
+    preload_pack_asset "locales/#{current_flavour}/#{I18n.locale}-json.js" if supported_locales.include?(I18n.locale.to_s)
+  end
+
+  def flavoured_javascript_pack_tag(pack_name, **options)
+    javascript_pack_tag("flavours/#{current_flavour}/#{pack_name}", **options)
+  end
+
+  def flavoured_stylesheet_pack_tag(pack_name, **options)
+    stylesheet_pack_tag("flavours/#{current_flavour}/#{pack_name}", **options)
+  end
+
+  def preload_signed_in_js_packs
+    preload_files = Themes.instance.flavour(current_flavour)&.fetch('signed_in_preload', nil) || []
+    safe_join(preload_files.map { |entry| preload_pack_asset entry })
+  end
+
  private

  def storage_host_var
--- a/app/helpers/branding_helper.rb
+++ b/app/helpers/branding_helper.rb
@ -19,6 +19,6 @@ module BrandingHelper
  end

  def render_logo
-    image_pack_tag('logo.svg', alt: 'Mastodon', class: 'logo logo--icon')
+    image_tag(frontend_asset_path('images/logo.svg'), alt: 'Mastodon', class: 'logo logo--icon')
  end
 end
--- a/app/helpers/context_helper.rb
+++ b/app/helpers/context_helper.rb
@ -49,13 +49,11 @@ module ContextHelper
  end

  def serialized_context(named_contexts_map, context_extensions_map)
-    context_array = []
-
    named_contexts     = named_contexts_map.keys
    context_extensions = context_extensions_map.keys

-    named_contexts.each do |key|
-      context_array << NAMED_CONTEXT_MAP[key]
+    context_array = named_contexts.map do |key|
+      NAMED_CONTEXT_MAP[key]
    end

    extensions = context_extensions.each_with_object({}) do |key, h|
--- a/app/helpers/theme_helper.rb
+++ b/app/helpers/theme_helper.rb
@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module ThemeHelper
+  def theme_style_tags(flavour_and_skin)
+    flavour, theme = flavour_and_skin
+
+    if theme == 'system'
+      stylesheet_pack_tag("skins/#{flavour}/mastodon-light", media: 'not all and (prefers-color-scheme: dark)', crossorigin: 'anonymous') +
+        stylesheet_pack_tag("skins/#{flavour}/default", media: '(prefers-color-scheme: dark)', crossorigin: 'anonymous')
+    else
+      stylesheet_pack_tag "skins/#{flavour}/#{theme}", media: 'all', crossorigin: 'anonymous'
+    end
+  end
+
+  def theme_color_tags(flavour_and_skin)
+    _, theme = flavour_and_skin
+
+    if theme == 'system'
+      tag.meta(name: 'theme-color', content: Themes::THEME_COLORS[:dark], media: '(prefers-color-scheme: dark)') +
+        tag.meta(name: 'theme-color', content: Themes::THEME_COLORS[:light], media: '(prefers-color-scheme: light)')
+    else
+      tag.meta name: 'theme-color', content: theme_color_for(theme)
+    end
+  end
+
+  private
+
+  def theme_color_for(theme)
+    theme == 'mastodon-light' ? Themes::THEME_COLORS[:light] : Themes::THEME_COLORS[:dark]
+  end
+end
--- a/app/javascript/core/auth.js
+++ b/app/javascript/core/auth.js
@ -1,3 +0,0 @@
-import 'packs/public-path';
-import './settings';
-import './two_factor_authentication';
--- a/app/javascript/core/common.js
+++ b/app/javascript/core/common.js
@ -1,6 +0,0 @@
-//  This file will be loaded on all pages, regardless of theme.
-
-import 'packs/public-path';
-import 'font-awesome/css/font-awesome.css';
-
-require.context('../images/', true);
--- a/app/javascript/core/embed.ts
+++ b/app/javascript/core/embed.ts
@ -1,41 +0,0 @@
-//  This file will be loaded on embed pages, regardless of theme.
-
-import 'packs/public-path';
-import ready from '../mastodon/ready';
-
-interface SetHeightMessage {
-  type: 'setHeight';
-  id: string;
-  height: number;
-}
-
-function isSetHeightMessage(data: unknown): data is SetHeightMessage {
-  if (
-    data &&
-    typeof data === 'object' &&
-    'type' in data &&
-    data.type === 'setHeight'
-  )
-    return true;
-  else return false;
-}
-
-window.addEventListener('message', (e) => {
-  // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- typings are not correct, it can be null in very rare cases
-  if (!e.data || !isSetHeightMessage(e.data) || !window.parent) return;
-
-  const data = e.data;
-
-  ready(() => {
-    window.parent.postMessage(
-      {
-        type: 'setHeight',
-        id: data.id,
-        height: document.getElementsByTagName('html')[0].scrollHeight,
-      },
-      '*',
-    );
-  }).catch((e) => {
-    console.error('Error in setHeightMessage postMessage', e);
-  });
-});
--- a/app/javascript/core/settings.ts
+++ b/app/javascript/core/settings.ts
@ -1,70 +0,0 @@
-//  This file will be loaded on settings pages, regardless of theme.
-
-import 'packs/public-path';
-import Rails from '@rails/ujs';
-
-Rails.delegate(
-  document,
-  '#edit_profile input[type=file]',
-  'change',
-  ({ target }) => {
-    if (!(target instanceof HTMLInputElement)) return;
-
-    const avatar = document.querySelector<HTMLImageElement>(
-      `img#${target.id}-preview`,
-    );
-
-    if (!avatar) return;
-
-    let file: File | undefined;
-    if (target.files) file = target.files[0];
-
-    const url = file ? URL.createObjectURL(file) : avatar.dataset.originalSrc;
-
-    if (url) avatar.src = url;
-  },
-);
-
-Rails.delegate(document, '.input-copy input', 'click', ({ target }) => {
-  if (!(target instanceof HTMLInputElement)) return;
-
-  target.focus();
-  target.select();
-  target.setSelectionRange(0, target.value.length);
-});
-
-Rails.delegate(document, '.input-copy button', 'click', ({ target }) => {
-  if (!(target instanceof HTMLButtonElement)) return;
-
-  const input = target.parentNode?.querySelector<HTMLInputElement>(
-    '.input-copy__wrapper input',
-  );
-
-  if (!input) return;
-
-  const oldReadOnly = input.readOnly;
-
-  input.readOnly = false;
-  input.focus();
-  input.select();
-  input.setSelectionRange(0, input.value.length);
-
-  try {
-    if (document.execCommand('copy')) {
-      input.blur();
-
-      const parent = target.parentElement;
-
-      if (!parent) return;
-      parent.classList.add('copied');
-
-      setTimeout(() => {
-        parent.classList.remove('copied');
-      }, 700);
-    }
-  } catch (err) {
-    console.error(err);
-  }
-
-  input.readOnly = oldReadOnly;
-});
--- a/app/javascript/core/theme.yml
+++ b/app/javascript/core/theme.yml
@ -1,24 +0,0 @@
-#  These packs will be loaded on every appropriate page, regardless of
-#  theme.
-pack:
-  about:
-  admin: admin.ts
-  auth: auth.js
-  common:
-    filename: common.js
-    stylesheet: true
-  embed: embed.ts
-  error:
-  home:
-  inert:
-    filename: inert.js
-    stylesheet: true
-  mailer:
-    filename: mailer.js
-    stylesheet: true
-  modal:
-  public:
-  settings: settings.ts
-  sign_up:
-  share:
-  remote_interaction_helper: remote_interaction_helper.ts
--- a/app/javascript/core/two_factor_authentication.js
+++ b/app/javascript/core/two_factor_authentication.js
@ -1,121 +0,0 @@
-import 'packs/public-path';
-
-import * as WebAuthnJSON from '@github/webauthn-json';
-import axios from 'axios';
-
-import ready from '../mastodon/ready';
-import 'regenerator-runtime/runtime';
-
-function getCSRFToken() {
-  var CSRFSelector = document.querySelector('meta[name="csrf-token"]');
-  if (CSRFSelector) {
-    return CSRFSelector.getAttribute('content');
-  } else {
-    return null;
-  }
-}
-
-function hideFlashMessages() {
-  Array.from(document.getElementsByClassName('flash-message')).forEach(function(flashMessage) {
-    flashMessage.classList.add('hidden');
-  });
-}
-
-function callback(url, body) {
-  axios.post(url, JSON.stringify(body), {
-    headers: {
-      'Content-Type': 'application/json',
-      'Accept': 'application/json',
-      'X-CSRF-Token': getCSRFToken(),
-    },
-    credentials: 'same-origin',
-  }).then(function(response) {
-    window.location.replace(response.data.redirect_path);
-  }).catch(function(error) {
-    if (error.response.status === 422) {
-      const errorMessage = document.getElementById('security-key-error-message');
-      errorMessage.classList.remove('hidden');
-      console.error(error.response.data.error);
-    } else {
-      console.error(error);
-    }
-  });
-}
-
-ready(() => {
-  if (!WebAuthnJSON.supported()) {
-    const unsupported_browser_message = document.getElementById('unsupported-browser-message');
-    if (unsupported_browser_message) {
-      unsupported_browser_message.classList.remove('hidden');
-      document.querySelector('.btn.js-webauthn').disabled = true;
-    }
-  }
-
-
-  const webAuthnCredentialRegistrationForm = document.getElementById('new_webauthn_credential');
-  if (webAuthnCredentialRegistrationForm) {
-    webAuthnCredentialRegistrationForm.addEventListener('submit', (event) => {
-      event.preventDefault();
-
-      var nickname = event.target.querySelector('input[name="new_webauthn_credential[nickname]"]');
-      if (nickname.value) {
-        axios.get('/settings/security_keys/options')
-          .then((response) => {
-            const credentialOptions = response.data;
-
-            WebAuthnJSON.create({ 'publicKey': credentialOptions }).then((credential) => {
-              var params = { 'credential': credential, 'nickname': nickname.value };
-              callback('/settings/security_keys', params);
-            }).catch((error) => {
-              const errorMessage = document.getElementById('security-key-error-message');
-              errorMessage.classList.remove('hidden');
-              console.error(error);
-            });
-          }).catch((error) => {
-            console.error(error.response.data.error);
-          });
-      } else {
-        nickname.focus();
-      }
-    });
-  }
-
-  const webAuthnCredentialAuthenticationForm = document.getElementById('webauthn-form');
-  if (webAuthnCredentialAuthenticationForm) {
-    webAuthnCredentialAuthenticationForm.addEventListener('submit', (event) => {
-      event.preventDefault();
-
-      axios.get('sessions/security_key_options')
-        .then((response) => {
-          const credentialOptions = response.data;
-
-          WebAuthnJSON.get({ 'publicKey': credentialOptions }).then((credential) => {
-            var params = { 'user': { 'credential': credential } };
-            callback('sign_in', params);
-          }).catch((error) => {
-            const errorMessage = document.getElementById('security-key-error-message');
-            errorMessage.classList.remove('hidden');
-            console.error(error);
-          });
-        }).catch((error) => {
-          console.error(error.response.data.error);
-        });
-    });
-
-    const otpAuthenticationForm = document.getElementById('otp-authentication-form');
-
-    const linkToOtp = document.getElementById('link-to-otp');
-    linkToOtp.addEventListener('click', () => {
-      webAuthnCredentialAuthenticationForm.classList.add('hidden');
-      otpAuthenticationForm.classList.remove('hidden');
-      hideFlashMessages();
-    });
-
-    const linkToWebAuthn = document.getElementById('link-to-webauthn');
-    linkToWebAuthn.addEventListener('click', () => {
-      otpAuthenticationForm.classList.add('hidden');
-      webAuthnCredentialAuthenticationForm.classList.remove('hidden');
-      hideFlashMessages();
-    });
-  }
-});
--- a/app/javascript/entrypoints/admin.tsx
+++ b/app/javascript/entrypoints/admin.tsx
@ -1,6 +1,5 @@
-//  This file will be loaded on admin pages, regardless of theme.
-
-import 'packs/public-path';
+import './public-path';
+import { createRoot } from 'react-dom/client';

 import Rails from '@rails/ujs';

@ -261,6 +260,31 @@ Rails.delegate(
  },
 );

+async function mountReactComponent(element: Element) {
+  const componentName = element.getAttribute('data-admin-component');
+  const stringProps = element.getAttribute('data-props');
+
+  if (!stringProps) return;
+
+  const componentProps = JSON.parse(stringProps) as object;
+
+  const { default: AdminComponent } = await import(
+    '@/mastodon/containers/admin_component'
+  );
+
+  const { default: Component } = (await import(
+    `@/mastodon/components/admin/${componentName}`
+  )) as { default: React.ComponentType };
+
+  const root = createRoot(element);
+
+  root.render(
+    <AdminComponent>
+      <Component {...componentProps} />
+    </AdminComponent>,
+  );
+}
+
 ready(() => {
  const domainBlockSeveritySelect = document.querySelector<HTMLSelectElement>(
    'select#domain_block_severity',
@ -335,6 +359,10 @@ ready(() => {
  if (announcementStartsAt) {
    setAnnouncementEndsAttributes(announcementStartsAt);
  }
-}).catch((reason) => {
+
+  document.querySelectorAll('[data-admin-component]').forEach((element) => {
+    void mountReactComponent(element);
+  });
+}).catch((reason: unknown) => {
  throw reason;
 });
--- a/app/javascript/entrypoints/application.ts
+++ b/app/javascript/entrypoints/application.ts
@ -1,5 +1,5 @@
 import './public-path';
-import main from "mastodon/main";
+import main from 'mastodon/main';

 import { start } from '../mastodon/common';
 import { loadLocale } from '../mastodon/locales';
@ -10,6 +10,6 @@ start();
 loadPolyfills()
  .then(loadLocale)
  .then(main)
-  .catch(e => {
+  .catch((e: unknown) => {
    console.error(e);
  });
--- a/app/javascript/entrypoints/common.js
+++ b/app/javascript/entrypoints/common.js
@ -0,0 +1,5 @@
+/* This file is a hack to have something more reliable than the upstream `common` tag
+  that is implicitly generated as the common chunk through webpack's `splitChunks` config */
+
+import './public-path';
+import 'font-awesome/css/font-awesome.css';
--- a/app/javascript/entrypoints/error.ts
+++ b/app/javascript/entrypoints/error.ts
@ -2,7 +2,9 @@ import './public-path';
 import ready from '../mastodon/ready';

 ready(() => {
-  const image = document.querySelector('img');
+  const image = document.querySelector<HTMLImageElement>('img');
+
+  if (!image) return;

  image.addEventListener('mouseenter', () => {
    image.src = '/oops.gif';
@ -11,4 +13,6 @@ ready(() => {
  image.addEventListener('mouseleave', () => {
    image.src = '/oops.png';
  });
+}).catch((e: unknown) => {
+  console.error(e);
 });
--- a/app/javascript/entrypoints/inert.ts
+++ b/app/javascript/entrypoints/inert.ts
--- a/app/javascript/entrypoints/mailer.ts
+++ b/app/javascript/entrypoints/mailer.ts
--- a/app/javascript/entrypoints/public-path.ts
+++ b/app/javascript/entrypoints/public-path.ts
@ -2,7 +2,7 @@
 // to share the same assets regardless of instance configuration.
 // See https://webpack.js.org/guides/public-path/#on-the-fly

-function removeOuterSlashes(string) {
+function removeOuterSlashes(string: string) {
  return string.replace(/^\/*/, '').replace(/\/*$/, '');
 }

@ -15,7 +15,9 @@ function formatPublicPath(host = '', path = '') {
  return `${formattedHost}/${formattedPath}/`;
 }

-const cdnHost = document.querySelector('meta[name=cdn-host]');
+const cdnHost = document.querySelector<HTMLMetaElement>('meta[name=cdn-host]');

-// eslint-disable-next-line no-undef
-__webpack_public_path__ = formatPublicPath(cdnHost ? cdnHost.content : '', process.env.PUBLIC_OUTPUT_PATH);
+__webpack_public_path__ = formatPublicPath(
+  cdnHost ? cdnHost.content : '',
+  process.env.PUBLIC_OUTPUT_PATH,
+);
--- a/app/javascript/entrypoints/public.tsx
+++ b/app/javascript/entrypoints/public.tsx
@ -37,6 +37,43 @@ const messages = defineMessages({
  },
 });

+interface SetHeightMessage {
+  type: 'setHeight';
+  id: string;
+  height: number;
+}
+
+function isSetHeightMessage(data: unknown): data is SetHeightMessage {
+  if (
+    data &&
+    typeof data === 'object' &&
+    'type' in data &&
+    data.type === 'setHeight'
+  )
+    return true;
+  else return false;
+}
+
+window.addEventListener('message', (e) => {
+  // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- typings are not correct, it can be null in very rare cases
+  if (!e.data || !isSetHeightMessage(e.data) || !window.parent) return;
+
+  const data = e.data;
+
+  ready(() => {
+    window.parent.postMessage(
+      {
+        type: 'setHeight',
+        id: data.id,
+        height: document.getElementsByTagName('html')[0].scrollHeight,
+      },
+      '*',
+    );
+  }).catch((e: unknown) => {
+    console.error('Error in setHeightMessage postMessage', e);
+  });
+});
+
 function loaded() {
  const { messages: localeData } = getLocale();

@ -169,7 +206,7 @@ function loaded() {

        return true;
      })
-      .catch((error) => {
+      .catch((error: unknown) => {
        console.error(error);
      });
  }
@ -288,6 +325,72 @@ function loaded() {
    });
 }

+Rails.delegate(
+  document,
+  '#edit_profile input[type=file]',
+  'change',
+  ({ target }) => {
+    if (!(target instanceof HTMLInputElement)) return;
+
+    const avatar = document.querySelector<HTMLImageElement>(
+      `img#${target.id}-preview`,
+    );
+
+    if (!avatar) return;
+
+    let file: File | undefined;
+    if (target.files) file = target.files[0];
+
+    const url = file ? URL.createObjectURL(file) : avatar.dataset.originalSrc;
+
+    if (url) avatar.src = url;
+  },
+);
+
+Rails.delegate(document, '.input-copy input', 'click', ({ target }) => {
+  if (!(target instanceof HTMLInputElement)) return;
+
+  target.focus();
+  target.select();
+  target.setSelectionRange(0, target.value.length);
+});
+
+Rails.delegate(document, '.input-copy button', 'click', ({ target }) => {
+  if (!(target instanceof HTMLButtonElement)) return;
+
+  const input = target.parentNode?.querySelector<HTMLInputElement>(
+    '.input-copy__wrapper input',
+  );
+
+  if (!input) return;
+
+  const oldReadOnly = input.readOnly;
+
+  input.readOnly = false;
+  input.focus();
+  input.select();
+  input.setSelectionRange(0, input.value.length);
+
+  try {
+    if (document.execCommand('copy')) {
+      input.blur();
+
+      const parent = target.parentElement;
+
+      if (!parent) return;
+      parent.classList.add('copied');
+
+      setTimeout(() => {
+        parent.classList.remove('copied');
+      }, 700);
+    }
+  } catch (err) {
+    console.error(err);
+  }
+
+  input.readOnly = oldReadOnly;
+});
+
 const toggleSidebar = () => {
  const sidebar = document.querySelector<HTMLUListElement>('.sidebar ul');
  const toggleButton = document.querySelector<HTMLAnchorElement>(
@ -345,7 +448,7 @@ Rails.delegate(document, '#registration_new_user,#new_user', 'submit', () => {
 });

 function main() {
-  ready(loaded).catch((error) => {
+  ready(loaded).catch((error: unknown) => {
    console.error(error);
  });
 }
@ -354,6 +457,6 @@ loadPolyfills()
  .then(loadLocale)
  .then(main)
  .then(loadKeyboardExtensions)
-  .catch((error) => {
+  .catch((error: unknown) => {
    console.error(error);
  });
--- a/app/javascript/entrypoints/remote_interaction_helper.ts
+++ b/app/javascript/entrypoints/remote_interaction_helper.ts
@ -8,7 +8,7 @@ and performs no other task.

 */

-import 'packs/public-path';
+import './public-path';

 import axios from 'axios';

--- a/app/javascript/entrypoints/share.tsx
+++ b/app/javascript/entrypoints/share.tsx
@ -2,7 +2,7 @@ import './public-path';
 import { createRoot } from 'react-dom/client';

 import { start } from '../mastodon/common';
-import ComposeContainer  from '../mastodon/containers/compose_container';
+import ComposeContainer from '../mastodon/containers/compose_container';
 import { loadPolyfills } from '../mastodon/polyfills';
 import ready from '../mastodon/ready';

@ -16,7 +16,7 @@ function loaded() {

    if (!attr) return;

-    const props = JSON.parse(attr);
+    const props = JSON.parse(attr) as object;
    const root = createRoot(mountNode);

    root.render(<ComposeContainer {...props} />);
@ -24,9 +24,13 @@ function loaded() {
 }

 function main() {
-  ready(loaded);
+  ready(loaded).catch((error: unknown) => {
+    console.error(error);
+  });
 }

-loadPolyfills().then(main).catch(error => {
-  console.error(error);
-});
+loadPolyfills()
+  .then(main)
+  .catch((error: unknown) => {
+    console.error(error);
+  });
--- a/app/javascript/entrypoints/sign_up.ts
+++ b/app/javascript/entrypoints/sign_up.ts
@ -0,0 +1,48 @@
+import './public-path';
+import axios from 'axios';
+
+import ready from '../mastodon/ready';
+
+async function checkConfirmation() {
+  const response = await axios.get('/api/v1/emails/check_confirmation');
+
+  if (response.data) {
+    window.location.href = '/start';
+  }
+}
+
+ready(() => {
+  setInterval(() => {
+    void checkConfirmation();
+  }, 5000);
+
+  document
+    .querySelectorAll<HTMLButtonElement>('button.timer-button')
+    .forEach((button) => {
+      let counter = 30;
+
+      const container = document.createElement('span');
+
+      const updateCounter = () => {
+        container.innerText = ` (${counter})`;
+      };
+
+      updateCounter();
+
+      const countdown = setInterval(() => {
+        counter--;
+
+        if (counter === 0) {
+          button.disabled = false;
+          button.removeChild(container);
+          clearInterval(countdown);
+        } else {
+          updateCounter();
+        }
+      }, 1000);
+
+      button.appendChild(container);
+    });
+}).catch((e: unknown) => {
+  throw e;
+});
--- a/app/javascript/entrypoints/two_factor_authentication.ts
+++ b/app/javascript/entrypoints/two_factor_authentication.ts
@ -0,0 +1,197 @@
+import * as WebAuthnJSON from '@github/webauthn-json';
+import axios, { AxiosError } from 'axios';
+
+import ready from '../mastodon/ready';
+
+import 'regenerator-runtime/runtime';
+
+type PublicKeyCredentialCreationOptionsJSON =
+  WebAuthnJSON.CredentialCreationOptionsJSON['publicKey'];
+
+function exceptionHasAxiosError(
+  error: unknown,
+): error is AxiosError<{ error: unknown }> {
+  return (
+    error instanceof AxiosError &&
+    typeof error.response?.data === 'object' &&
+    'error' in error.response.data
+  );
+}
+
+function logAxiosResponseError(error: unknown) {
+  if (exceptionHasAxiosError(error)) console.error(error);
+}
+
+function getCSRFToken() {
+  return document
+    .querySelector<HTMLMetaElement>('meta[name="csrf-token"]')
+    ?.getAttribute('content');
+}
+
+function hideFlashMessages() {
+  document.querySelectorAll('.flash-message').forEach((flashMessage) => {
+    flashMessage.classList.add('hidden');
+  });
+}
+
+async function callback(
+  url: string,
+  body:
+    | {
+        credential: WebAuthnJSON.PublicKeyCredentialWithAttestationJSON;
+        nickname: string;
+      }
+    | {
+        user: { credential: WebAuthnJSON.PublicKeyCredentialWithAssertionJSON };
+      },
+) {
+  try {
+    const response = await axios.post<{ redirect_path: string }>(
+      url,
+      JSON.stringify(body),
+      {
+        headers: {
+          'Content-Type': 'application/json',
+          Accept: 'application/json',
+          'X-CSRF-Token': getCSRFToken(),
+        },
+      },
+    );
+
+    window.location.replace(response.data.redirect_path);
+  } catch (error) {
+    if (error instanceof AxiosError && error.response?.status === 422) {
+      const errorMessage = document.getElementById(
+        'security-key-error-message',
+      );
+      errorMessage?.classList.remove('hidden');
+
+      logAxiosResponseError(error);
+    } else {
+      console.error(error);
+    }
+  }
+}
+
+async function handleWebauthnCredentialRegistration(nickname: string) {
+  try {
+    const response = await axios.get<PublicKeyCredentialCreationOptionsJSON>(
+      '/settings/security_keys/options',
+    );
+
+    const credentialOptions = response.data;
+
+    try {
+      const credential = await WebAuthnJSON.create({
+        publicKey: credentialOptions,
+      });
+
+      const params = {
+        credential: credential,
+        nickname: nickname,
+      };
+
+      await callback('/settings/security_keys', params);
+    } catch (error) {
+      const errorMessage = document.getElementById(
+        'security-key-error-message',
+      );
+      errorMessage?.classList.remove('hidden');
+      console.error(error);
+    }
+  } catch (error) {
+    logAxiosResponseError(error);
+  }
+}
+
+async function handleWebauthnCredentialAuthentication() {
+  try {
+    const response = await axios.get<PublicKeyCredentialCreationOptionsJSON>(
+      'sessions/security_key_options',
+    );
+
+    const credentialOptions = response.data;
+
+    try {
+      const credential = await WebAuthnJSON.get({
+        publicKey: credentialOptions,
+      });
+
+      const params = { user: { credential: credential } };
+      void callback('sign_in', params);
+    } catch (error) {
+      const errorMessage = document.getElementById(
+        'security-key-error-message',
+      );
+      errorMessage?.classList.remove('hidden');
+      console.error(error);
+    }
+  } catch (error) {
+    logAxiosResponseError(error);
+  }
+}
+
+ready(() => {
+  if (!WebAuthnJSON.supported()) {
+    const unsupported_browser_message = document.getElementById(
+      'unsupported-browser-message',
+    );
+    if (unsupported_browser_message) {
+      unsupported_browser_message.classList.remove('hidden');
+      const button = document.querySelector<HTMLButtonElement>(
+        'button.btn.js-webauthn',
+      );
+      if (button) button.disabled = true;
+    }
+  }
+
+  const webAuthnCredentialRegistrationForm =
+    document.querySelector<HTMLFormElement>('form#new_webauthn_credential');
+  if (webAuthnCredentialRegistrationForm) {
+    webAuthnCredentialRegistrationForm.addEventListener('submit', (event) => {
+      event.preventDefault();
+
+      if (!(event.target instanceof HTMLFormElement)) return;
+
+      const nickname = event.target.querySelector<HTMLInputElement>(
+        'input[name="new_webauthn_credential[nickname]"]',
+      );
+
+      if (nickname?.value) {
+        void handleWebauthnCredentialRegistration(nickname.value);
+      } else {
+        nickname?.focus();
+      }
+    });
+  }
+
+  const webAuthnCredentialAuthenticationForm =
+    document.getElementById('webauthn-form');
+  if (webAuthnCredentialAuthenticationForm) {
+    webAuthnCredentialAuthenticationForm.addEventListener('submit', (event) => {
+      event.preventDefault();
+      void handleWebauthnCredentialAuthentication();
+    });
+
+    const otpAuthenticationForm = document.getElementById(
+      'otp-authentication-form',
+    );
+
+    const linkToOtp = document.getElementById('link-to-otp');
+
+    linkToOtp?.addEventListener('click', () => {
+      webAuthnCredentialAuthenticationForm.classList.add('hidden');
+      otpAuthenticationForm?.classList.remove('hidden');
+      hideFlashMessages();
+    });
+
+    const linkToWebAuthn = document.getElementById('link-to-webauthn');
+    linkToWebAuthn?.addEventListener('click', () => {
+      otpAuthenticationForm?.classList.add('hidden');
+      webAuthnCredentialAuthenticationForm.classList.remove('hidden');
+      hideFlashMessages();
+    });
+  }
+}).catch((e: unknown) => {
+  throw e;
+});
--- a/app/javascript/flavours/glitch/actions/boosts.js
+++ b/app/javascript/flavours/glitch/actions/boosts.js
@ -1,32 +0,0 @@
-import { openModal } from './modal';
-
-export const BOOSTS_INIT_MODAL = 'BOOSTS_INIT_MODAL';
-export const BOOSTS_CHANGE_PRIVACY = 'BOOSTS_CHANGE_PRIVACY';
-
-export function initBoostModal(props) {
-  return (dispatch, getState) => {
-    const default_privacy = getState().getIn(['compose', 'default_privacy']);
-
-    const privacy = props.status.get('visibility') === 'private' ? 'private' : default_privacy;
-
-    dispatch({
-      type: BOOSTS_INIT_MODAL,
-      privacy,
-    });
-
-    dispatch(openModal({
-      modalType: 'BOOST',
-      modalProps: props,
-    }));
-  };
-}
-
-
-export function changeBoostPrivacy(privacy) {
-  return dispatch => {
-    dispatch({
-      type: BOOSTS_CHANGE_PRIVACY,
-      privacy,
-    });
-  };
-}
--- a/app/javascript/flavours/glitch/actions/markers.js
+++ b/app/javascript/flavours/glitch/actions/markers.js
@ -1,152 +0,0 @@
-import { List as ImmutableList } from 'immutable';
-
-import { debounce } from 'lodash';
-
-import api from '../api';
-import { compareId } from '../compare_id';
-
-export const MARKERS_FETCH_REQUEST = 'MARKERS_FETCH_REQUEST';
-export const MARKERS_FETCH_SUCCESS = 'MARKERS_FETCH_SUCCESS';
-export const MARKERS_FETCH_FAIL    = 'MARKERS_FETCH_FAIL';
-export const MARKERS_SUBMIT_SUCCESS = 'MARKERS_SUBMIT_SUCCESS';
-
-export const synchronouslySubmitMarkers = () => (dispatch, getState) => {
-  const accessToken = getState().getIn(['meta', 'access_token'], '');
-  const params      = _buildParams(getState());
-
-  if (Object.keys(params).length === 0 || accessToken === '') {
-    return;
-  }
-
-  // The Fetch API allows us to perform requests that will be carried out
-  // after the page closes. But that only works if the `keepalive` attribute
-  // is supported.
-  if (window.fetch && 'keepalive' in new Request('')) {
-    fetch('/api/v1/markers', {
-      keepalive: true,
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'Authorization': `Bearer ${accessToken}`,
-      },
-      body: JSON.stringify(params),
-    });
-
-    return;
-  } else if (navigator && navigator.sendBeacon) {
-    // Failing that, we can use sendBeacon, but we have to encode the data as
-    // FormData for DoorKeeper to recognize the token.
-    const formData = new FormData();
-
-    formData.append('bearer_token', accessToken);
-
-    for (const [id, value] of Object.entries(params)) {
-      formData.append(`${id}[last_read_id]`, value.last_read_id);
-    }
-
-    if (navigator.sendBeacon('/api/v1/markers', formData)) {
-      return;
-    }
-  }
-
-  // If neither Fetch nor sendBeacon worked, try to perform a synchronous
-  // request.
-  try {
-    const client = new XMLHttpRequest();
-
-    client.open('POST', '/api/v1/markers', false);
-    client.setRequestHeader('Content-Type', 'application/json');
-    client.setRequestHeader('Authorization', `Bearer ${accessToken}`);
-    client.send(JSON.stringify(params));
-  } catch (e) {
-    // Do not make the BeforeUnload handler error out
-  }
-};
-
-const _buildParams = (state) => {
-  const params = {};
-
-  const lastHomeId         = state.getIn(['timelines', 'home', 'items'], ImmutableList()).find(item => item !== null);
-  const lastNotificationId = state.getIn(['notifications', 'lastReadId']);
-
-  if (lastHomeId && compareId(lastHomeId, state.getIn(['markers', 'home'])) > 0) {
-    params.home = {
-      last_read_id: lastHomeId,
-    };
-  }
-
-  if (lastNotificationId && lastNotificationId !== '0' && compareId(lastNotificationId, state.getIn(['markers', 'notifications'])) > 0) {
-    params.notifications = {
-      last_read_id: lastNotificationId,
-    };
-  }
-
-  return params;
-};
-
-const debouncedSubmitMarkers = debounce((dispatch, getState) => {
-  const accessToken = getState().getIn(['meta', 'access_token'], '');
-  const params      = _buildParams(getState());
-
-  if (Object.keys(params).length === 0 || accessToken === '') {
-    return;
-  }
-
-  api(getState).post('/api/v1/markers', params).then(() => {
-    dispatch(submitMarkersSuccess(params));
-  }).catch(() => {});
-}, 300000, { leading: true, trailing: true });
-
-export function submitMarkersSuccess({ home, notifications }) {
-  return {
-    type: MARKERS_SUBMIT_SUCCESS,
-    home: (home || {}).last_read_id,
-    notifications: (notifications || {}).last_read_id,
-  };
-}
-
-export function submitMarkers(params = {}) {
-  const result = (dispatch, getState) => debouncedSubmitMarkers(dispatch, getState);
-
-  if (params.immediate === true) {
-    debouncedSubmitMarkers.flush();
-  }
-
-  return result;
-}
-
-export const fetchMarkers = () => (dispatch, getState) => {
-  const params = { timeline: ['notifications'] };
-
-  dispatch(fetchMarkersRequest());
-
-  api(getState).get('/api/v1/markers', { params }).then(response => {
-    dispatch(fetchMarkersSuccess(response.data));
-  }).catch(error => {
-    dispatch(fetchMarkersFail(error));
-  });
-};
-
-export function fetchMarkersRequest() {
-  return {
-    type: MARKERS_FETCH_REQUEST,
-    skipLoading: true,
-  };
-}
-
-export function fetchMarkersSuccess(markers) {
-  return {
-    type: MARKERS_FETCH_SUCCESS,
-    markers,
-    skipLoading: true,
-  };
-}
-
-export function fetchMarkersFail(error) {
-  return {
-    type: MARKERS_FETCH_FAIL,
-    error,
-    skipLoading: true,
-    skipAlert: true,
-  };
-}
--- a/app/javascript/flavours/glitch/actions/markers.ts
+++ b/app/javascript/flavours/glitch/actions/markers.ts
@ -0,0 +1,147 @@
+import { debounce } from 'lodash';
+
+import type { MarkerJSON } from 'flavours/glitch/api_types/markers';
+import type { AppDispatch, RootState } from 'flavours/glitch/store';
+import { createAppAsyncThunk } from 'flavours/glitch/store/typed_functions';
+
+import api, { authorizationTokenFromState } from '../api';
+import { compareId } from '../compare_id';
+
+export const synchronouslySubmitMarkers = createAppAsyncThunk(
+  'markers/submit',
+  async (_args, { getState }) => {
+    const accessToken = authorizationTokenFromState(getState);
+    const params = buildPostMarkersParams(getState());
+
+    if (Object.keys(params).length === 0 || !accessToken) {
+      return;
+    }
+
+    // The Fetch API allows us to perform requests that will be carried out
+    // after the page closes. But that only works if the `keepalive` attribute
+    // is supported.
+    if ('fetch' in window && 'keepalive' in new Request('')) {
+      await fetch('/api/v1/markers', {
+        keepalive: true,
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          Authorization: `Bearer ${accessToken}`,
+        },
+        body: JSON.stringify(params),
+      });
+
+      return;
+      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
+    } else if ('navigator' && 'sendBeacon' in navigator) {
+      // Failing that, we can use sendBeacon, but we have to encode the data as
+      // FormData for DoorKeeper to recognize the token.
+      const formData = new FormData();
+
+      formData.append('bearer_token', accessToken);
+
+      for (const [id, value] of Object.entries(params)) {
+        if (value.last_read_id)
+          formData.append(`${id}[last_read_id]`, value.last_read_id);
+      }
+
+      if (navigator.sendBeacon('/api/v1/markers', formData)) {
+        return;
+      }
+    }
+
+    // If neither Fetch nor sendBeacon worked, try to perform a synchronous
+    // request.
+    try {
+      const client = new XMLHttpRequest();
+
+      client.open('POST', '/api/v1/markers', false);
+      client.setRequestHeader('Content-Type', 'application/json');
+      client.setRequestHeader('Authorization', `Bearer ${accessToken}`);
+      client.send(JSON.stringify(params));
+    } catch (e) {
+      // Do not make the BeforeUnload handler error out
+    }
+  },
+);
+
+interface MarkerParam {
+  last_read_id?: string;
+}
+
+function getLastNotificationId(state: RootState): string | undefined {
+  // @ts-expect-error state.notifications is not yet typed
+  // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-unsafe-call
+  return state.getIn(['notifications', 'lastReadId']);
+}
+
+const buildPostMarkersParams = (state: RootState) => {
+  const params = {} as { home?: MarkerParam; notifications?: MarkerParam };
+
+  const lastNotificationId = getLastNotificationId(state);
+
+  if (
+    lastNotificationId &&
+    lastNotificationId !== '0' &&
+    compareId(lastNotificationId, state.markers.notifications) > 0
+  ) {
+    params.notifications = {
+      last_read_id: lastNotificationId,
+    };
+  }
+
+  return params;
+};
+
+export const submitMarkersAction = createAppAsyncThunk<{
+  home: string | undefined;
+  notifications: string | undefined;
+}>('markers/submitAction', async (_args, { getState }) => {
+  const accessToken = authorizationTokenFromState(getState);
+  const params = buildPostMarkersParams(getState());
+
+  if (Object.keys(params).length === 0 || accessToken === '') {
+    return { home: undefined, notifications: undefined };
+  }
+
+  await api(getState).post<MarkerJSON>('/api/v1/markers', params);
+
+  return {
+    home: params.home?.last_read_id,
+    notifications: params.notifications?.last_read_id,
+  };
+});
+
+const debouncedSubmitMarkers = debounce(
+  (dispatch: AppDispatch) => {
+    void dispatch(submitMarkersAction());
+  },
+  300000,
+  {
+    leading: true,
+    trailing: true,
+  },
+);
+
+export const submitMarkers = createAppAsyncThunk(
+  'markers/submit',
+  (params: { immediate?: boolean }, { dispatch }) => {
+    debouncedSubmitMarkers(dispatch);
+
+    if (params.immediate) {
+      debouncedSubmitMarkers.flush();
+    }
+  },
+);
+
+export const fetchMarkers = createAppAsyncThunk(
+  'markers/fetch',
+  async (_args, { getState }) => {
+    const response = await api(getState).get<Record<string, MarkerJSON>>(
+      `/api/v1/markers`,
+      { params: { timeline: ['notifications'] } },
+    );
+
+    return { markers: response.data };
+  },
+);
--- a/app/javascript/flavours/glitch/actions/picture_in_picture.js
+++ b/app/javascript/flavours/glitch/actions/picture_in_picture.js
@ -1,46 +0,0 @@
-// @ts-check
-
-export const PICTURE_IN_PICTURE_DEPLOY = 'PICTURE_IN_PICTURE_DEPLOY';
-export const PICTURE_IN_PICTURE_REMOVE = 'PICTURE_IN_PICTURE_REMOVE';
-
-/**
- * @typedef MediaProps
- * @property {string} src
- * @property {boolean} muted
- * @property {number} volume
- * @property {number} currentTime
- * @property {string} poster
- * @property {string} backgroundColor
- * @property {string} foregroundColor
- * @property {string} accentColor
- */
-
-/**
- * @param {string} statusId
- * @param {string} accountId
- * @param {string} playerType
- * @param {MediaProps} props
- * @returns {object}
- */
-export const deployPictureInPicture = (statusId, accountId, playerType, props) => {
-  // @ts-expect-error
-  return (dispatch, getState) => {
-    // Do not open a player for a toot that does not exist
-    if (getState().hasIn(['statuses', statusId])) {
-      dispatch({
-        type: PICTURE_IN_PICTURE_DEPLOY,
-        statusId,
-        accountId,
-        playerType,
-        props,
-      });
-    }
-  };
-};
-
-/*
- * @return {object}
- */
-export const removePictureInPicture = () => ({
-  type: PICTURE_IN_PICTURE_REMOVE,
-});
--- a/app/javascript/flavours/glitch/actions/picture_in_picture.ts
+++ b/app/javascript/flavours/glitch/actions/picture_in_picture.ts
@ -0,0 +1,31 @@
+import { createAction } from '@reduxjs/toolkit';
+
+import type { PIPMediaProps } from 'flavours/glitch/reducers/picture_in_picture';
+import { createAppAsyncThunk } from 'flavours/glitch/store/typed_functions';
+
+interface DeployParams {
+  statusId: string;
+  accountId: string;
+  playerType: 'audio' | 'video';
+  props: PIPMediaProps;
+}
+
+export const removePictureInPicture = createAction('pip/remove');
+
+export const deployPictureInPictureAction =
+  createAction<DeployParams>('pip/deploy');
+
+export const deployPictureInPicture = createAppAsyncThunk(
+  'pip/deploy',
+  (args: DeployParams, { dispatch, getState }) => {
+    const { statusId } = args;
+
+    // Do not open a player for a toot that does not exist
+
+    // @ts-expect-error state.statuses is not yet typed
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-call
+    if (getState().hasIn(['statuses', statusId])) {
+      dispatch(deployPictureInPictureAction(args));
+    }
+  },
+);
--- a/app/javascript/flavours/glitch/api.ts
+++ b/app/javascript/flavours/glitch/api.ts
@ -29,9 +29,14 @@ const setCSRFHeader = () => {

 void ready(setCSRFHeader);

+export const authorizationTokenFromState = (getState?: GetState) => {
+  return (
+    getState && (getState().meta.get('access_token', '') as string | false)
+  );
+};
+
 const authorizationHeaderFromState = (getState?: GetState) => {
-  const accessToken =
-    getState && (getState().meta.get('access_token', '') as string);
+  const accessToken = authorizationTokenFromState(getState);

  if (!accessToken) {
    return {};
--- a/app/javascript/flavours/glitch/api_types/markers.ts
+++ b/app/javascript/flavours/glitch/api_types/markers.ts
@ -0,0 +1,7 @@
+// See app/serializers/rest/account_serializer.rb
+
+export interface MarkerJSON {
+  last_read_id: string;
+  version: string;
+  updated_at: string;
+}
--- a/app/javascript/flavours/glitch/api_types/media_attachments.ts
+++ b/app/javascript/flavours/glitch/api_types/media_attachments.ts
@ -0,0 +1,22 @@
+// See app/serializers/rest/media_attachment_serializer.rb
+
+export type MediaAttachmentType =
+  | 'image'
+  | 'gifv'
+  | 'video'
+  | 'unknown'
+  | 'audio';
+
+export interface ApiMediaAttachmentJSON {
+  id: string;
+  type: MediaAttachmentType;
+  url: string;
+  preview_url: string;
+  remoteUrl: string;
+  preview_remote_url: string;
+  text_url: string;
+  // TODO: how to define this?
+  meta: unknown;
+  description?: string;
+  blurhash: string;
+}
--- a/app/javascript/flavours/glitch/api_types/polls.ts
+++ b/app/javascript/flavours/glitch/api_types/polls.ts
@ -0,0 +1,23 @@
+import type { ApiCustomEmojiJSON } from './custom_emoji';
+
+// See app/serializers/rest/poll_serializer.rb
+
+export interface ApiPollOptionJSON {
+  title: string;
+  votes_count: number;
+}
+
+export interface ApiPollJSON {
+  id: string;
+  expires_at: string;
+  expired: boolean;
+  multiple: boolean;
+  votes_count: number;
+  voters_count: number;
+
+  options: ApiPollOptionJSON[];
+  emojis: ApiCustomEmojiJSON[];
+
+  voted: boolean;
+  own_votes: number[];
+}
--- a/app/javascript/flavours/glitch/api_types/statuses.ts
+++ b/app/javascript/flavours/glitch/api_types/statuses.ts
@ -0,0 +1,95 @@
+// See app/serializers/rest/status_serializer.rb
+
+import type { ApiAccountJSON } from './accounts';
+import type { ApiCustomEmojiJSON } from './custom_emoji';
+import type { ApiMediaAttachmentJSON } from './media_attachments';
+import type { ApiPollJSON } from './polls';
+
+// See app/modals/status.rb
+export type StatusVisibility =
+  | 'public'
+  | 'unlisted'
+  | 'private'
+  // | 'limited' // This is never exposed to the API (they become `private`)
+  | 'direct';
+
+export interface ApiStatusApplicationJSON {
+  name: string;
+  website: string;
+}
+
+export interface ApiTagJSON {
+  name: string;
+  url: string;
+}
+
+export interface ApiMentionJSON {
+  id: string;
+  username: string;
+  url: string;
+  acct: string;
+}
+
+export interface ApiPreviewCardJSON {
+  url: string;
+  title: string;
+  description: string;
+  language: string;
+  type: string;
+  author_name: string;
+  author_url: string;
+  provider_name: string;
+  provider_url: string;
+  html: string;
+  width: number;
+  height: number;
+  image: string;
+  image_description: string;
+  embed_url: string;
+  blurhash: string;
+  published_at: string;
+}
+
+export interface ApiStatusJSON {
+  id: string;
+  created_at: string;
+  in_reply_to_id?: string;
+  in_reply_to_account_id?: string;
+  sensitive: boolean;
+  spoiler_text?: string;
+  visibility: StatusVisibility;
+  language: string;
+  uri: string;
+  url: string;
+  replies_count: number;
+  reblogs_count: number;
+  favorites_count: number;
+  edited_at?: string;
+
+  favorited?: boolean;
+  reblogged?: boolean;
+  muted?: boolean;
+  bookmarked?: boolean;
+  pinned?: boolean;
+
+  // filtered: FilterResult[]
+  filtered: unknown; // TODO
+  content?: string;
+  text?: string;
+
+  reblog?: ApiStatusJSON;
+  application?: ApiStatusApplicationJSON;
+  account: ApiAccountJSON;
+  media_attachments: ApiMediaAttachmentJSON[];
+  mentions: ApiMentionJSON[];
+
+  tags: ApiTagJSON[];
+  emojis: ApiCustomEmojiJSON[];
+
+  card?: ApiPreviewCardJSON;
+  poll?: ApiPollJSON;
+
+  // glitch-soc additions
+  local_only?: boolean;
+  content_type?: string;
+}
--- a/app/javascript/flavours/glitch/common.js
+++ b/app/javascript/flavours/glitch/common.js
@ -0,0 +1,12 @@
+import Rails from '@rails/ujs';
+import 'font-awesome/css/font-awesome.css';
+
+export function start() {
+  require.context('@/images/', true, /\.(jpg|png|svg)$/);
+
+  try {
+    Rails.start();
+  } catch (e) {
+    // If called twice
+  }
+}
--- a/app/javascript/flavours/glitch/components/account.jsx
+++ b/app/javascript/flavours/glitch/components/account.jsx
@ -1,16 +1,18 @@
 import PropTypes from 'prop-types';
+import { useCallback } from 'react';

-import { defineMessages, injectIntl, FormattedMessage } from 'react-intl';
+import { defineMessages, useIntl, FormattedMessage } from 'react-intl';

 import classNames from 'classnames';

 import ImmutablePropTypes from 'react-immutable-proptypes';
-import ImmutablePureComponent from 'react-immutable-pure-component';

+import MoreHorizIcon from '@/material-icons/400-24px/more_horiz.svg?react';
 import { EmptyAccount } from 'flavours/glitch/components/empty_account';
 import { ShortNumber } from 'flavours/glitch/components/short_number';
 import { VerifiedBadge } from 'flavours/glitch/components/verified_badge';

+import DropdownMenuContainer from '../containers/dropdown_menu_container';
 import { me } from '../initial_state';

 import { Avatar } from './avatar';
@ -30,153 +32,153 @@ const messages = defineMessages({
  unmute_notifications: { id: 'account.unmute_notifications_short', defaultMessage: 'Unmute notifications' },
  mute: { id: 'account.mute_short', defaultMessage: 'Mute' },
  block: { id: 'account.block_short', defaultMessage: 'Block' },
+  more: { id: 'status.more', defaultMessage: 'More' },
 });

-class Account extends ImmutablePureComponent {
+const Account = ({ size = 46, account, onFollow, onBlock, onMute, onMuteNotifications, hidden, minimal, defaultAction, withBio }) => {
+  const intl = useIntl();

-  static propTypes = {
-    size: PropTypes.number,
-    account: ImmutablePropTypes.record,
-    onFollow: PropTypes.func,
-    onBlock: PropTypes.func,
-    onMute: PropTypes.func,
-    onMuteNotifications: PropTypes.func,
-    intl: PropTypes.object.isRequired,
-    hidden: PropTypes.bool,
-    minimal: PropTypes.bool,
-    defaultAction: PropTypes.string,
-    withBio: PropTypes.bool,
-  };
+  const handleFollow = useCallback(() => {
+    onFollow(account);
+  }, [onFollow, account]);

-  static defaultProps = {
-    size: 46,
-  };
+  const handleBlock = useCallback(() => {
+    onBlock(account);
+  }, [onBlock, account]);

-  handleFollow = () => {
-    this.props.onFollow(this.props.account);
-  };
+  const handleMute = useCallback(() => {
+    onMute(account);
+  }, [onMute, account]);

-  handleBlock = () => {
-    this.props.onBlock(this.props.account);
-  };
+  const handleMuteNotifications = useCallback(() => {
+    onMuteNotifications(account, true);
+  }, [onMuteNotifications, account]);

-  handleMute = () => {
-    this.props.onMute(this.props.account);
-  };
+  const handleUnmuteNotifications = useCallback(() => {
+    onMuteNotifications(account, false);
+  }, [onMuteNotifications, account]);

-  handleMuteNotifications = () => {
-    this.props.onMuteNotifications(this.props.account, true);
-  };
-
-  handleUnmuteNotifications = () => {
-    this.props.onMuteNotifications(this.props.account, false);
-  };
-
-  render () {
-    const { account, intl, hidden, withBio, defaultAction, size, minimal } = this.props;
-
-    if (!account) {
-      return <EmptyAccount size={size} minimal={minimal} />;
-    }
-
-    if (hidden) {
-      return (
-        <>
-          {account.get('display_name')}
-          {account.get('username')}
-        </>
-      );
-    }
-
-    let buttons;
-
-    if (account.get('id') !== me && account.get('relationship', null) !== null) {
-      const following = account.getIn(['relationship', 'following']);
-      const requested = account.getIn(['relationship', 'requested']);
-      const blocking  = account.getIn(['relationship', 'blocking']);
-      const muting  = account.getIn(['relationship', 'muting']);
-
-      if (requested) {
-        buttons = <Button text={intl.formatMessage(messages.cancel_follow_request)} onClick={this.handleFollow} />;
-      } else if (blocking) {
-        buttons = <Button text={intl.formatMessage(messages.unblock)} onClick={this.handleBlock} />;
-      } else if (muting) {
-        let hidingNotificationsButton;
-
-        if (account.getIn(['relationship', 'muting_notifications'])) {
-          hidingNotificationsButton = <Button text={intl.formatMessage(messages.unmute_notifications)} onClick={this.handleUnmuteNotifications} />;
-        } else {
-          hidingNotificationsButton = <Button text={intl.formatMessage(messages.mute_notifications)} onClick={this.handleMuteNotifications} />;
-        }
-
-        buttons = (
-          <>
-            <Button text={intl.formatMessage(messages.unmute)} onClick={this.handleMute} />
-            {hidingNotificationsButton}
-          </>
-        );
-      } else if (defaultAction === 'mute') {
-        buttons = <Button title={intl.formatMessage(messages.mute)} onClick={this.handleMute} />;
-      } else if (defaultAction === 'block') {
-        buttons = <Button text={intl.formatMessage(messages.block)} onClick={this.handleBlock} />;
-      } else if (!account.get('suspended') && !account.get('moved') || following) {
-        buttons = <Button text={intl.formatMessage(following ? messages.unfollow : messages.follow)} onClick={this.handleFollow} />;
-      }
-    }
-
-    let muteTimeRemaining;
-
-    if (account.get('mute_expires_at')) {
-      muteTimeRemaining = <>· <RelativeTimestamp timestamp={account.get('mute_expires_at')} futureDate /></>;
-    }
-
-    let verification;
-
-    const firstVerifiedField = account.get('fields').find(item => !!item.get('verified_at'));
-
-    if (firstVerifiedField) {
-      verification = <VerifiedBadge link={firstVerifiedField.get('value')} />;
-    }
+  if (!account) {
+    return <EmptyAccount size={size} minimal={minimal} />;
+  }

+  if (hidden) {
    return (
-      <div className={classNames('account', { 'account--minimal': minimal })}>
-        <div className='account__wrapper'>
-          <Permalink key={account.get('id')} className='account__display-name' title={account.get('acct')} href={account.get('url')} to={`/@${account.get('acct')}`}>
-            <div className='account__avatar-wrapper'>
-              <Avatar account={account} size={size} />
-            </div>
-
-            <div className='account__contents'>
-              <DisplayName account={account} />
-              {!minimal && (
-                <div className='account__details'>
-                  {account.get('followers_count') !== -1 && (
-                    <ShortNumber value={account.get('followers_count')} renderer={FollowersCounter} />
-                  )} {verification} {muteTimeRemaining}
-                </div>
-              )}
-            </div>
-          </Permalink>
-
-          {!minimal && (
-            <div className='account__relationship'>
-              {buttons}
-            </div>
-          )}
-        </div>
-
-        {withBio && (account.get('note').length > 0 ? (
-          <div
-            className='account__note translate'
-            dangerouslySetInnerHTML={{ __html: account.get('note_emojified') }}
-          />
-        ) : (
-          <div className='account__note account__note--missing'><FormattedMessage id='account.no_bio' defaultMessage='No description provided.' /></div>
-        ))}
-      </div>
+      <>
+        {account.get('display_name')}
+        {account.get('username')}
+      </>
    );
  }

-}
+  let buttons;

-export default injectIntl(Account);
+  if (account.get('id') !== me && account.get('relationship', null) !== null) {
+    const following = account.getIn(['relationship', 'following']);
+    const requested = account.getIn(['relationship', 'requested']);
+    const blocking  = account.getIn(['relationship', 'blocking']);
+    const muting  = account.getIn(['relationship', 'muting']);
+
+    if (requested) {
+      buttons = <Button text={intl.formatMessage(messages.cancel_follow_request)} onClick={handleFollow} />;
+    } else if (blocking) {
+      buttons = <Button text={intl.formatMessage(messages.unblock)} onClick={handleBlock} />;
+    } else if (muting) {
+      let menu;
+
+      if (account.getIn(['relationship', 'muting_notifications'])) {
+        menu = [{ text: intl.formatMessage(messages.unmute_notifications), action: handleUnmuteNotifications }];
+      } else {
+        menu = [{ text: intl.formatMessage(messages.mute_notifications), action: handleMuteNotifications }];
+      }
+
+      buttons = (
+        <>
+          <DropdownMenuContainer
+            items={menu}
+            icon='ellipsis-h'
+            iconComponent={MoreHorizIcon}
+            direction='right'
+            title={intl.formatMessage(messages.more)}
+          />
+
+          <Button text={intl.formatMessage(messages.unmute)} onClick={handleMute} />
+        </>
+      );
+    } else if (defaultAction === 'mute') {
+      buttons = <Button title={intl.formatMessage(messages.mute)} onClick={handleMute} />;
+    } else if (defaultAction === 'block') {
+      buttons = <Button text={intl.formatMessage(messages.block)} onClick={handleBlock} />;
+    } else if (!account.get('suspended') && !account.get('moved') || following) {
+      buttons = <Button text={intl.formatMessage(following ? messages.unfollow : messages.follow)} onClick={handleFollow} />;
+    }
+  }
+
+  let muteTimeRemaining;
+
+  if (account.get('mute_expires_at')) {
+    muteTimeRemaining = <>· <RelativeTimestamp timestamp={account.get('mute_expires_at')} futureDate /></>;
+  }
+
+  let verification;
+
+  const firstVerifiedField = account.get('fields').find(item => !!item.get('verified_at'));
+
+  if (firstVerifiedField) {
+    verification = <VerifiedBadge link={firstVerifiedField.get('value')} />;
+  }
+
+  return (
+    <div className={classNames('account', { 'account--minimal': minimal })}>
+      <div className='account__wrapper'>
+        <Permalink key={account.get('id')} className='account__display-name' title={account.get('acct')} href={account.get('url')} to={`/@${account.get('acct')}`}>
+          <div className='account__avatar-wrapper'>
+            <Avatar account={account} size={size} />
+          </div>
+
+          <div className='account__contents'>
+            <DisplayName account={account} />
+            {!minimal && (
+              <div className='account__details'>
+                {account.get('followers_count') !== -1 && (
+                  <ShortNumber value={account.get('followers_count')} renderer={FollowersCounter} />
+                )} {verification} {muteTimeRemaining}
+              </div>
+            )}
+          </div>
+        </Permalink>
+
+        {!minimal && (
+          <div className='account__relationship'>
+            {buttons}
+          </div>
+        )}
+      </div>
+
+      {withBio && (account.get('note').length > 0 ? (
+        <div
+          className='account__note translate'
+          dangerouslySetInnerHTML={{ __html: account.get('note_emojified') }}
+        />
+      ) : (
+        <div className='account__note account__note--missing'><FormattedMessage id='account.no_bio' defaultMessage='No description provided.' /></div>
+      ))}
+    </div>
+  );
+};
+
+Account.propTypes = {
+  size: PropTypes.number,
+  account: ImmutablePropTypes.record,
+  onFollow: PropTypes.func,
+  onBlock: PropTypes.func,
+  onMute: PropTypes.func,
+  onMuteNotifications: PropTypes.func,
+  intl: PropTypes.object.isRequired,
+  hidden: PropTypes.bool,
+  minimal: PropTypes.bool,
+  defaultAction: PropTypes.string,
+  withBio: PropTypes.bool,
+};
+
+export default Account;
--- a/app/javascript/flavours/glitch/components/badge.jsx
+++ b/app/javascript/flavours/glitch/components/badge.jsx
@ -7,7 +7,7 @@ import PersonIcon from '@/material-icons/400-24px/person.svg?react';
 import SmartToyIcon from '@/material-icons/400-24px/smart_toy.svg?react';


-export const Badge = ({ icon, label, domain, roleId }) => (
+export const Badge = ({ icon = <PersonIcon />, label, domain, roleId }) => (
  <div className='account-role' data-account-role-id={roleId}>
    {icon}
    {label}
@ -22,10 +22,6 @@ Badge.propTypes = {
  roleId: PropTypes.string
 };

-Badge.defaultProps = {
-  icon: <PersonIcon />,
-};
-
 export const GroupBadge = () => (
  <Badge icon={<GroupsIcon />} label={<FormattedMessage id='account.badges.group' defaultMessage='Group' />} />
 );
--- a/Show more
+++ b/Show more
 @ -1 +1 @@
 .11
 .13
 @ -1 +1 @@
 .2.3
 .3.1