Initial bubble timeline support

2024-01-14 01:22:06 -06:00
2407 changed files with 47007 additions and 70548 deletions
--- a/.browserslistrc
+++ b/.browserslistrc
@ -1,9 +1,7 @@
 [production]
 defaults
-> 0.2%
+not IE 11
 ios >= 15.6
 not dead
 not OperaMini all
 [development]
 supports es6-module
--- a/.bundler-audit.yml
+++ b/.bundler-audit.yml
@ -1,6 +0,0 @@
 ---
 ignore:
  # devise-two-factor advisory about brute-forcing TOTP
  # We have rate-limits on authentication endpoints in place (including second
  # factor verification) since Mastodon v3.2.0
  - CVE-2024-0227
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@ -70,7 +70,7 @@ services:
        hard: -1
  libretranslate:
-    image: libretranslate/libretranslate:v1.5.7
+    image: libretranslate/libretranslate:v1.5.3
    restart: unless-stopped
    volumes:
      - lt-data:/home/libretranslate/.local
--- a/.env.development
+++ b/.env.development
@ -1,4 +0,0 @@
 # Required by ActiveRecord encryption feature
 ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=fkSxKD2bF396kdQbrP1EJ7WbU7ZgNokR
 ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=r0hvVmzBVsjxC7AMlwhOzmtc36ZCOS1E
 ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=PhdFyyfy5xJ7WVd2lWBpcPScRQHzRTNr
--- a/.env.production.sample
+++ b/.env.production.sample
@ -251,11 +251,6 @@ SMTP_FROM_ADDRESS=notifications@example.com
 # Maximum allowed character count
 MAX_TOOT_CHARS=500
 # Maximum allowed hashtags to follow in a feed column
 # Note that setting this value higher may cause significant
 # database load
 MAX_FEED_HASHTAGS=4
 # Maximum number of pinned posts
 MAX_PINNED_TOOTS=5
--- a/.env.test
+++ b/.env.test
@ -3,9 +3,3 @@ NODE_ENV=production
 # Federation
 LOCAL_DOMAIN=cb6e6126.ngrok.io
 LOCAL_HTTPS=true
 # Secret values required by ActiveRecord encryption feature
 # Use `bin/rails db:encryption:init` to generate fresh secrets
 ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=test_determinist_key_DO_NOT_USE_IN_PRODUCTION
 ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=test_salt_DO_NOT_USE_IN_PRODUCTION
 ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=test_primary_key_DO_NOT_USE_IN_PRODUCTION
--- a/.eslintrc.js
+++ b/.eslintrc.js
@ -123,7 +123,7 @@ module.exports = defineConfig({
    'react/react-in-jsx-scope': 'off', // not needed with new JSX transform
    'react/self-closing-comp': 'error',
-    // recommended values found in https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/v6.8.0/src/index.js#L46
+    // recommended values found in https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/main/src/index.js
    'jsx-a11y/accessible-emoji': 'warn',
    'jsx-a11y/click-events-have-key-events': 'off',
    'jsx-a11y/label-has-associated-control': 'off',
@ -165,7 +165,7 @@ module.exports = defineConfig({
    //   },
    // ],
    'jsx-a11y/no-noninteractive-tabindex': 'off',
-    'jsx-a11y/no-onchange': 'off',
+    'jsx-a11y/no-onchange': 'warn',
    // recommended is full 'error'
    'jsx-a11y/no-static-element-interactions': [
      'warn',
@ -176,7 +176,7 @@ module.exports = defineConfig({
      },
    ],
-    // See https://github.com/import-js/eslint-plugin-import/blob/v2.29.1/config/recommended.js
+    // See https://github.com/import-js/eslint-plugin-import/blob/main/config/recommended.js
    'import/extensions': [
      'error',
      'always',
@ -355,6 +355,7 @@ module.exports = defineConfig({
        'plugin:import/typescript',
        'plugin:promise/recommended',
        'plugin:jsdoc/recommended-typescript',
        'plugin:prettier/recommended',
      ],
      parserOptions: {
@ -363,9 +364,6 @@ module.exports = defineConfig({
      },
      rules: {
        // Disable formatting rules that have been enabled in the base config
        'indent': 'off',
        'import/consistent-type-specifier-style': ['error', 'prefer-top-level'],
        '@typescript-eslint/consistent-type-definitions': ['warn', 'interface'],
@ -380,7 +378,6 @@ module.exports = defineConfig({
            "message": "Use typed hooks `useAppDispatch` and `useAppSelector` instead."
          }
        ],
        "@typescript-eslint/restrict-template-expressions": ['warn', { allowNumber: true }],
        'jsdoc/require-jsdoc': 'off',
        // Those rules set stricter rules for TS files
--- a/.github/actions/setup-javascript/action.yml
+++ b/.github/actions/setup-javascript/action.yml
@ -23,7 +23,7 @@ runs:
      shell: bash
      run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
-    - uses: actions/cache@v4
+    - uses: actions/cache@v3
      id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
      with:
        path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
--- a/.github/codecov.yml
+++ b/.github/codecov.yml
@ -1,4 +1,3 @@
 comment: false # Do not leave PR comments
 coverage:
  status:
    project:
@ -9,3 +8,6 @@ coverage:
      default:
        # Github status check is not blocking
        informational: true
 comment:
  # Only write a comment in PR if there are changes
  require_changes: true
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@ -125,29 +125,6 @@
      ],
      groupName: null, // We dont want them to belong to any group
    },
    {
      // Group all RuboCop packages with `rubocop` in the same PR
      matchManagers: ['bundler'],
      matchPackageNames: ['rubocop'],
      matchPackagePrefixes: ['rubocop-'],
      matchUpdateTypes: ['patch', 'minor'],
      groupName: 'RuboCop (non-major)',
    },
    {
      // Group all RSpec packages with `rspec` in the same PR
      matchManagers: ['bundler'],
      matchPackageNames: ['rspec'],
      matchPackagePrefixes: ['rspec-'],
      matchUpdateTypes: ['patch', 'minor'],
      groupName: 'RSpec (non-major)',
    },
    {
      // Group all opentelemetry-ruby packages in the same PR
      matchManagers: ['bundler'],
      matchPackagePrefixes: ['opentelemetry-'],
      matchUpdateTypes: ['patch', 'minor'],
      groupName: 'opentelemetry-ruby (non-major)',
    },
    // Add labels depending on package manager
    { matchManagers: ['npm', 'nvm'], addLabels: ['javascript'] },
    { matchManagers: ['bundler', 'ruby-version'], addLabels: ['ruby'] },
--- a/.github/stylelint-matcher.json
+++ b/.github/stylelint-matcher.json
@ -0,0 +1,21 @@
 {
  "problemMatcher": [
    {
      "owner": "stylelint",
      "pattern": [
        {
          "regexp": "^([^\\s].*)$",
          "file": 1
        },
        {
          "regexp": "^\\s+((\\d+):(\\d+))?\\s+(✖|×)\\s+(.*)\\s{2,}(.*)$",
          "line": 2,
          "column": 3,
          "message": 5,
          "code": 6,
          "loop": true
        }
      ]
    }
  ]
 }
--- a/.github/workflows/build-security.yml
+++ b/.github/workflows/build-security.yml
@ -1,61 +0,0 @@
 name: Build security nightly container image
 on:
  workflow_dispatch:
 permissions:
  contents: read
  packages: write
 jobs:
  compute-suffix:
    runs-on: ubuntu-latest
    steps:
      - id: version_vars
        env:
          TZ: Etc/UTC
        run: |
          echo mastodon_version_prerelease=nightly.$(date --date='next day' +'%Y-%m-%d')-security>> $GITHUB_OUTPUT
    outputs:
      prerelease: ${{ steps.version_vars.outputs.mastodon_version_prerelease }}
  build-image:
    needs: compute-suffix
    uses: ./.github/workflows/build-container-image.yml
    with:
      file_to_build: Dockerfile
      platforms: linux/amd64,linux/arm64
      use_native_arm64_builder: false
      cache: false
      push_to_images: |
        ghcr.io/${{ github.repository_owner }}/mastodon
      version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }}
      labels: |
        org.opencontainers.image.description=Nightly build image used for testing purposes
      flavor: |
        latest=true
      tags: |
        type=raw,value=edge
        type=raw,value=nightly
        type=raw,value=${{ needs.compute-suffix.outputs.prerelease }}
    secrets: inherit
  build-image-streaming:
    needs: compute-suffix
    uses: ./.github/workflows/build-container-image.yml
    with:
      file_to_build: streaming/Dockerfile
      platforms: linux/amd64,linux/arm64
      use_native_arm64_builder: false
      cache: false
      push_to_images: |
        ghcr.io/${{ github.repository_owner }}/mastodon-streaming
      version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }}
      labels: |
        org.opencontainers.image.description=Nightly build image used for testing purposes
      flavor: |
        latest=true
      tags: |
        type=raw,value=edge
        type=raw,value=nightly
        type=raw,value=${{ needs.compute-suffix.outputs.prerelease }}
    secrets: inherit
--- a/.github/workflows/crowdin-download.yml
+++ b/.github/workflows/crowdin-download.yml
@ -53,7 +53,7 @@ jobs:
      # Create or update the pull request
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6.0.5
+        uses: peter-evans/create-pull-request@v5.0.2
        with:
          commit-message: 'New Crowdin translations'
          title: 'New Crowdin Translations (automated)'
--- a/.github/workflows/format-check.yml
+++ b/.github/workflows/format-check.yml
@ -1,18 +0,0 @@
 name: Check formatting
 on:
  push:
  pull_request:
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
        uses: actions/checkout@v4
      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript
      - name: Check formatting with Prettier
        run: yarn format:check
--- a/.github/workflows/lint-css.yml
+++ b/.github/workflows/lint-css.yml
@ -38,5 +38,9 @@ jobs:
      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript
      - uses: xt0rted/stylelint-problem-matcher@v1
      - run: echo "::add-matcher::.github/stylelint-matcher.json"
      - name: Stylelint
-        run: yarn lint:css -f github
+        run: yarn lint:sass
--- a/.github/workflows/lint-haml.yml
+++ b/.github/workflows/lint-haml.yml
@ -36,4 +36,4 @@ jobs:
      - name: Run haml-lint
        run: |
          echo "::add-matcher::.github/workflows/haml-lint-problem-matcher.json"
-          bundle exec haml-lint --reporter github
+          bundle exec haml-lint
--- a/.github/workflows/lint-json.yml
+++ b/.github/workflows/lint-json.yml
@ -0,0 +1,38 @@
 name: JSON Linting
 on:
  push:
    branches-ignore:
      - 'dependabot/**'
      - 'renovate/**'
    paths:
      - 'package.json'
      - 'yarn.lock'
      - '.nvmrc'
      - '.prettier*'
      - '**/*.json'
      - '.github/workflows/lint-json.yml'
      - '!app/javascript/mastodon/locales/*.json'
  pull_request:
    paths:
      - 'package.json'
      - 'yarn.lock'
      - '.nvmrc'
      - '.prettier*'
      - '**/*.json'
      - '.github/workflows/lint-json.yml'
      - '!app/javascript/mastodon/locales/*.json'
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
        uses: actions/checkout@v4
      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript
      - name: Prettier
        run: yarn lint:json
--- a/.github/workflows/lint-md.yml
+++ b/.github/workflows/lint-md.yml
@ -0,0 +1,38 @@
 name: Markdown Linting
 on:
  push:
    branches-ignore:
      - 'dependabot/**'
      - 'renovate/**'
    paths:
      - '.github/workflows/lint-md.yml'
      - '.nvmrc'
      - '.prettier*'
      - '**/*.md'
      - '!AUTHORS.md'
      - 'package.json'
      - 'yarn.lock'
  pull_request:
    paths:
      - '.github/workflows/lint-md.yml'
      - '.nvmrc'
      - '.prettier*'
      - '**/*.md'
      - '!AUTHORS.md'
      - 'package.json'
      - 'yarn.lock'
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
        uses: actions/checkout@v4
      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript
      - name: Prettier
        run: yarn lint:md
--- a/.github/workflows/lint-yml.yml
+++ b/.github/workflows/lint-yml.yml
@ -0,0 +1,40 @@
 name: YML Linting
 on:
  push:
    branches-ignore:
      - 'dependabot/**'
      - 'renovate/**'
    paths:
      - 'package.json'
      - 'yarn.lock'
      - '.nvmrc'
      - '.prettier*'
      - '**/*.yaml'
      - '**/*.yml'
      - '.github/workflows/lint-yml.yml'
      - '!config/locales/*.yml'
  pull_request:
    paths:
      - 'package.json'
      - 'yarn.lock'
      - '.nvmrc'
      - '.prettier*'
      - '**/*.yaml'
      - '**/*.yml'
      - '.github/workflows/lint-yml.yml'
      - '!config/locales/*.yml'
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
        uses: actions/checkout@v4
      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript
      - name: Prettier
        run: yarn lint:yml
--- a/.github/workflows/test-js.yml
+++ b/.github/workflows/test-js.yml
@ -38,5 +38,5 @@ jobs:
      - name: Set up Javascript environment
        uses: ./.github/actions/setup-javascript
-      - name: JavaScript testing
+      - name: Jest testing
        run: yarn jest --reporters github-actions summary
--- a/.github/workflows/test-migrations-one-step.yml
+++ b/.github/workflows/test-migrations-one-step.yml
@ -78,8 +78,23 @@ jobs:
      - name: Create database
        run: './bin/rails db:create'
-      - name: Run historical migrations with data population
+      - name: Run migrations up to v2.0.0
-        run: './bin/rails tests:migrations:prepare_database'
+        run: './bin/rails db:migrate VERSION=20171010025614'
      - name: Populate database with test data
        run: './bin/rails tests:migrations:populate_v2'
      - name: Run migrations up to v2.4.0
        run: './bin/rails db:migrate VERSION=20180514140000'
      - name: Populate database with test data
        run: './bin/rails tests:migrations:populate_v2_4'
      - name: Run migrations up to v2.4.3
        run: './bin/rails db:migrate VERSION=20180707154237'
      - name: Populate database with test data
        run: './bin/rails tests:migrations:populate_v2_4_3'
      - name: Run all remaining migrations
        run: './bin/rails db:migrate'
--- a/.github/workflows/test-migrations-two-step.yml
+++ b/.github/workflows/test-migrations-two-step.yml
@ -45,7 +45,6 @@ jobs:
          --health-retries 5
        ports:
          - 5432:5432
      redis:
        image: redis:7-alpine
        options: >-
@ -78,11 +77,28 @@ jobs:
      - name: Create database
        run: './bin/rails db:create'
-      - name: Run historical migrations with data population
+      - name: Run migrations up to v2.0.0
-        run: './bin/rails tests:migrations:prepare_database'
+        run: './bin/rails db:migrate VERSION=20171010025614'
      - name: Populate database with test data
        run: './bin/rails tests:migrations:populate_v2'
      - name: Run pre-deployment migrations up to v2.4.0
        run: './bin/rails db:migrate VERSION=20180514140000'
        env:
          SKIP_POST_DEPLOYMENT_MIGRATIONS: true
      - name: Populate database with test data
        run: './bin/rails tests:migrations:populate_v2_4'
      - name: Run migrations up to v2.4.3
        run: './bin/rails db:migrate VERSION=20180707154237'
        env:
          SKIP_POST_DEPLOYMENT_MIGRATIONS: true
      - name: Populate database with test data
        run: './bin/rails tests:migrations:populate_v2_4_3'
      - name: Run all remaining pre-deployment migrations
        run: './bin/rails db:migrate'
        env:
--- a/.github/workflows/test-ruby.yml
+++ b/.github/workflows/test-ruby.yml
@ -28,9 +28,6 @@ jobs:
    env:
      RAILS_ENV: ${{ matrix.mode }}
      BUNDLE_WITH: ${{ matrix.mode }}
      ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: precompile_placeholder
      ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: precompile_placeholder
      ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: precompile_placeholder
      OTP_SECRET: precompile_placeholder
      SECRET_KEY_BASE: precompile_placeholder
@ -55,7 +52,7 @@ jobs:
        run: |
          tar --exclude={"*.br","*.gz"} -zcf artifacts.tar.gz public/assets public/packs*
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v3
        if: matrix.mode == 'test'
        with:
          path: |-
@ -114,13 +111,13 @@ jobs:
      fail-fast: false
      matrix:
        ruby-version:
          - '3.0'
          - '3.1'
          - '3.2'
          - '.ruby-version'
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
        with:
          path: './'
          name: ${{ github.sha }}
@ -142,11 +139,9 @@ jobs:
      - name: Upload coverage reports to Codecov
        if: matrix.ruby-version == '.ruby-version'
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v3
        with:
          files: coverage/lcov/mastodon.lcov
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
  test-e2e:
    name: End to End testing
@ -186,21 +181,19 @@ jobs:
      DISABLE_SIMPLECOV: true
      RAILS_ENV: test
      BUNDLE_WITH: test
      LOCAL_DOMAIN: localhost:3000
      LOCAL_HTTPS: false
    strategy:
      fail-fast: false
      matrix:
        ruby-version:
          - '3.0'
          - '3.1'
          - '3.2'
          - '.ruby-version'
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
        with:
          path: './public'
          name: ${{ github.sha }}
@ -217,21 +210,21 @@ jobs:
      - name: Load database schema
        run: './bin/rails db:create db:schema:load db:seed'
-      - run: bin/rspec spec/system --tag streaming --tag js
+      - run: bundle exec rake spec:system
      - name: Archive logs
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        if: failure()
        with:
          name: e2e-logs-${{ matrix.ruby-version }}
          path: log/
      - name: Archive test screenshots
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        if: failure()
        with:
          name: e2e-screenshots
-          path: tmp/capybara/
+          path: tmp/screenshots/
  test-search:
    name: Elastic Search integration testing
@ -264,8 +257,8 @@ jobs:
        ports:
          - 6379:6379
-      elasticsearch:
+      search:
-        image: ${{ contains(matrix.search-image, 'elasticsearch') && matrix.search-image || '' }}
+        image: ${{ matrix.search-image }}
        env:
          discovery.type: single-node
          xpack.security.enabled: false
@ -277,20 +270,6 @@ jobs:
        ports:
          - 9200:9200
      opensearch:
        image: ${{ contains(matrix.search-image, 'opensearch') && matrix.search-image || '' }}
        env:
          discovery.type: single-node
          DISABLE_INSTALL_DEMO_CONFIG: true
          DISABLE_SECURITY_PLUGIN: true
        options: >-
          --health-cmd "curl http://localhost:9200/_cluster/health"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 10
        ports:
          - 9200:9200
    env:
      DB_HOST: localhost
      DB_USER: postgres
@ -306,21 +285,19 @@ jobs:
      fail-fast: false
      matrix:
        ruby-version:
          - '3.0'
          - '3.1'
          - '3.2'
          - '.ruby-version'
        search-image:
          - docker.elastic.co/elasticsearch/elasticsearch:7.17.13
        include:
          - ruby-version: '.ruby-version'
            search-image: docker.elastic.co/elasticsearch/elasticsearch:8.10.2
          - ruby-version: '.ruby-version'
            search-image: opensearchproject/opensearch:2
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
        with:
          path: './public'
          name: ${{ github.sha }}
@ -340,15 +317,15 @@ jobs:
      - run: bin/rspec --tag search
      - name: Archive logs
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        if: failure()
        with:
          name: test-search-logs-${{ matrix.ruby-version }}
          path: log/
      - name: Archive test screenshots
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        if: failure()
        with:
          name: test-search-screenshots
-          path: tmp/capybara/
+          path: tmp/screenshots/
--- a/.gitignore
+++ b/.gitignore
@ -24,6 +24,7 @@
 /public/packs-test
 .env
 .env.production
 .env.development
 /node_modules/
 /build/
@ -68,6 +69,3 @@ yarn-debug.log
 # Ignore Docker option files
 docker-compose.override.yml
 # Ignore dotenv .local files
 .env*.local
--- a/.haml-lint.yml
+++ b/.haml-lint.yml
@ -1,5 +1,8 @@
 inherits_from: .haml-lint_todo.yml
 exclude:
  - 'vendor/**/*'
  - lib/templates/haml/scaffold/_form.html.haml
 require:
  - ./lib/linter/haml_middle_dot.rb
@ -10,6 +13,4 @@ linters:
  MiddleDot:
    enabled: true
  LineLength:
-    max: 300
+    max: 320
  ViewLength:
    max: 200 # Override default value of 100 inherited from rubocop
--- a/.haml-lint_todo.yml
+++ b/.haml-lint_todo.yml
@ -0,0 +1,13 @@
 # This configuration was generated by
 # `haml-lint --auto-gen-config`
 # on 2024-01-09 11:30:07 -0500 using Haml-Lint version 0.53.0.
 # The point is for the user to remove these configuration records
 # one by one as the lints are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of Haml-Lint, may require this file to be generated again.
 linters:
  # Offense count: 1
  LineLength:
    exclude:
      - 'app/views/admin/roles/_form.html.haml'
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@ -1 +1,4 @@
 #!/bin/sh
 . "$(dirname "$0")/_/husky.sh"
 yarn lint-staged
--- a/.nvmrc
+++ b/.nvmrc
@ -1 +1 @@
-20.13
+20.11
--- a/.prettierignore
+++ b/.prettierignore
@ -54,13 +54,6 @@
 # Ignore Docker option files
 docker-compose.override.yml
 # Ignore public
 /public/assets
 /public/emoji
 /public/packs
 /public/packs-test
 /public/system
 # Ignore emoji map file
 /app/javascript/mastodon/features/emoji/emoji_map.json
@ -81,7 +74,6 @@ app/javascript/styles/mastodon/reset.scss
 # Ignore the generated AUTHORS.md
 AUTHORS.md
 # Process a few selected JS files
 !lint-staged.config.js
 # Ignore glitch-soc emoji map file
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -9,13 +9,12 @@ inherit_mode:
 require:
  - rubocop-rails
  - rubocop-rspec
  - rubocop-rspec_rails
  - rubocop-performance
  - rubocop-capybara
  - ./lib/linter/rubocop_middle_dot
 AllCops:
-  TargetRubyVersion: 3.1 # Set to minimum supported version of CI
+  TargetRubyVersion: 3.0 # Set to minimum supported version of CI
  DisplayCopNames: true
  DisplayStyleGuide: true
  ExtraDetails: true
@ -40,7 +39,13 @@ Layout/FirstHashElementIndentation:
 # Reason: Currently disabled in .rubocop_todo.yml
 # https://docs.rubocop.org/rubocop/cops_layout.html#layoutlinelength
 Layout/LineLength:
-  Max: 300 # Default of 120 causes a duplicate entry in generated todo file
+  Max: 320 # Default of 120 causes a duplicate entry in generated todo file
 # Reason:
 # https://docs.rubocop.org/rubocop/cops_lint.html#lintuselessaccessmodifier
 Lint/UselessAccessModifier:
  ContextCreatingMethods:
    - class_methods
 ## Disable most Metrics/*Length cops
 # Reason: those are often triggered and force significant refactors when this happend
@ -81,11 +86,6 @@ Metrics/CyclomaticComplexity:
 Metrics/ParameterLists:
  CountKeywordArgs: false
 # Reason: Prefer seeing a variable name
 # https://docs.rubocop.org/rubocop/cops_naming.html#namingblockforwarding
 Naming/BlockForwarding:
  EnforcedStyle: explicit
 # Reason: Prevailing style is argument file paths
 # https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsfilepath
 Rails/FilePath:
@ -96,26 +96,16 @@ Rails/FilePath:
 Rails/HttpStatus:
  EnforcedStyle: numeric
-# Reason: Conflicts with `Lint/UselessMethodDefinition` for inherited controller actions
+# Reason: Allowed in `tootctl` CLI code and in boot ENV checker
-# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railslexicallyscopedactionfilter
+# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsexit
-Rails/LexicallyScopedActionFilter:
+Rails/Exit:
  Exclude:
-    - 'app/controllers/auth/*'
+    - 'config/boot.rb'
    - 'lib/mastodon/cli/*.rb'
 # Reason: These tasks are doing local work which do not need full env loaded
 # https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsrakeenvironment
 Rails/RakeEnvironment:
  Exclude:
    - 'lib/tasks/auto_annotate_models.rake'
    - 'lib/tasks/emojis.rake'
    - 'lib/tasks/mastodon.rake'
    - 'lib/tasks/repo.rake'
    - 'lib/tasks/statistics.rake'
 # Reason: There are appropriate times to use these features
 # https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsskipsmodelvalidations
 Rails/SkipsModelValidations:
-  Enabled: false
+  Exclude:
    - 'db/*migrate/**/*'
 # Reason: We want to preserve the ability to migrate from arbitrary old versions,
 # and cannot guarantee that every installation has run every migration as they upgrade.
@ -128,11 +118,6 @@ Rails/UnusedIgnoredColumns:
 Rails/NegateInclude:
  Enabled: false
 # Reason: Enforce default limit, but allow some elements to span lines
 # https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecexamplelength
 RSpec/ExampleLength:
  CountAsOne: ['array', 'heredoc', 'method_call']
 # Reason: Deprecated cop, will be removed in 3.0, replaced by SpecFilePathFormat
 # https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecfilepath
 RSpec/FilePath:
@ -148,6 +133,11 @@ RSpec/NamedSubject:
 RSpec/NotToNot:
  EnforcedStyle: to_not
 # Reason: Prevailing style uses numeric status codes, matches Rails/HttpStatus
 # https://docs.rubocop.org/rubocop-rspec/cops_rspec_rails.html#rspecrailshttpstatus
 RSpec/Rails/HttpStatus:
  EnforcedStyle: numeric
 # Reason: Match overrides from Rspec/FilePath rule above
 # https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecspecfilepathformat
 RSpec/SpecFilePathFormat:
@ -158,11 +148,6 @@ RSpec/SpecFilePathFormat:
    OEmbedController: oembed_controller
    OStatus: ostatus
 # Reason: Prevailing style uses numeric status codes, matches Rails/HttpStatus
 # https://docs.rubocop.org/rubocop-rspec/cops_rspec_rails.html#rspecrailshttpstatus
 RSpecRails/HttpStatus:
  EnforcedStyle: numeric
 # Reason:
 # https://docs.rubocop.org/rubocop/cops_style.html#styleclassandmodulechildren
 Style/ClassAndModuleChildren:
@ -173,25 +158,10 @@ Style/ClassAndModuleChildren:
 Style/Documentation:
  Enabled: false
 # Reason: Route redirects are not token-formatted and must be skipped
 # https://docs.rubocop.org/rubocop/cops_style.html#styleformatstringtoken
 Style/FormatStringToken:
  inherit_mode:
    merge:
      - AllowedMethods # The rubocop-rails config adds `redirect`
  AllowedMethods:
    - redirect_with_vary
 # Reason: Prevailing style choice
 # https://docs.rubocop.org/rubocop/cops_style.html#stylehashaslastarrayitem
 Style/HashAsLastArrayItem:
  Enabled: false
 # Reason: Enforce modern Ruby style
 # https://docs.rubocop.org/rubocop/cops_style.html#stylehashsyntax
 Style/HashSyntax:
  EnforcedStyle: ruby19_no_mixed_keys
  EnforcedShorthandSyntax: either
 # Reason:
 # https://docs.rubocop.org/rubocop/cops_style.html#stylenumericliterals
@ -211,16 +181,16 @@ Style/PercentLiteralDelimiters:
 Style/RedundantBegin:
  Enabled: false
 # Reason: Prevailing style choice
 # https://docs.rubocop.org/rubocop/cops_style.html#styleredundantfetchblock
 Style/RedundantFetchBlock:
  Enabled: false
 # Reason: Overridden to reduce implicit StandardError rescues
 # https://docs.rubocop.org/rubocop/cops_style.html#stylerescuestandarderror
 Style/RescueStandardError:
  EnforcedStyle: implicit
 # Reason: Simplify some spec layouts
 # https://docs.rubocop.org/rubocop/cops_style.html#stylesemicolon
 Style/Semicolon:
  AllowAsExpressionSeparator: true
 # Reason: Originally disabled for CodeClimate, and no config consensus has been found
 # https://docs.rubocop.org/rubocop/cops_style.html#stylesymbolarray
 Style/SymbolArray:
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@ -1,11 +1,25 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --no-exclude-limit --no-offense-counts --no-auto-gen-timestamp`
-# using RuboCop version 1.63.5.
+# using RuboCop version 1.59.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation, Include.
 # Include: **/*.gemfile, **/Gemfile, **/gems.rb
 Bundler/OrderedGems:
  Exclude:
    - 'Gemfile'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
 # URISchemes: http, https
 Layout/LineLength:
  Exclude:
    - 'app/models/account.rb'
 Lint/NonLocalExitFromIterator:
  Exclude:
    - 'app/helpers/jsonld_helper.rb'
@ -29,10 +43,10 @@ Metrics/PerceivedComplexity:
 # Configuration parameters: CountAsOne.
 RSpec/ExampleLength:
-  Max: 18
+  Max: 22
 RSpec/MultipleExpectations:
-  Max: 7
+  Max: 8
 # Configuration parameters: AllowSubject.
 RSpec/MultipleMemoizedHelpers:
@ -42,10 +56,113 @@ RSpec/MultipleMemoizedHelpers:
 RSpec/NestedGroups:
  Max: 6
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasAndBelongsToMany:
  Exclude:
    - 'app/models/concerns/account/associations.rb'
    - 'app/models/status.rb'
    - 'app/models/tag.rb'
 # Configuration parameters: Include.
 # Include: app/controllers/**/*.rb, app/mailers/**/*.rb
 Rails/LexicallyScopedActionFilter:
  Exclude:
    - 'app/controllers/auth/passwords_controller.rb'
    - 'app/controllers/auth/registrations_controller.rb'
 Rails/OutputSafety:
  Exclude:
    - 'config/initializers/simple_form.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Include.
 # Include: **/Rakefile, **/*.rake
 Rails/RakeEnvironment:
  Exclude:
    - 'lib/tasks/auto_annotate_models.rake'
    - 'lib/tasks/db.rake'
    - 'lib/tasks/emojis.rake'
    - 'lib/tasks/mastodon.rake'
    - 'lib/tasks/repo.rake'
    - 'lib/tasks/statistics.rake'
 # Configuration parameters: ForbiddenMethods, AllowedMethods.
 # ForbiddenMethods: decrement!, decrement_counter, increment!, increment_counter, insert, insert!, insert_all, insert_all!, toggle!, touch, touch_all, update_all, update_attribute, update_column, update_columns, update_counters, upsert, upsert_all
 Rails/SkipsModelValidations:
  Exclude:
    - 'app/controllers/admin/invites_controller.rb'
    - 'app/controllers/concerns/session_tracking_concern.rb'
    - 'app/models/concerns/account/merging.rb'
    - 'app/models/concerns/expireable.rb'
    - 'app/models/status.rb'
    - 'app/models/trends/links.rb'
    - 'app/models/trends/preview_card_batch.rb'
    - 'app/models/trends/preview_card_provider_batch.rb'
    - 'app/models/trends/status_batch.rb'
    - 'app/models/trends/statuses.rb'
    - 'app/models/trends/tag_batch.rb'
    - 'app/models/trends/tags.rb'
    - 'app/models/user.rb'
    - 'app/services/activitypub/process_status_update_service.rb'
    - 'app/services/approve_appeal_service.rb'
    - 'app/services/block_domain_service.rb'
    - 'app/services/delete_account_service.rb'
    - 'app/services/process_mentions_service.rb'
    - 'app/services/unallow_domain_service.rb'
    - 'app/services/unblock_domain_service.rb'
    - 'app/services/update_status_service.rb'
    - 'app/workers/activitypub/post_upgrade_worker.rb'
    - 'app/workers/move_worker.rb'
    - 'app/workers/scheduler/ip_cleanup_scheduler.rb'
    - 'app/workers/scheduler/scheduled_statuses_scheduler.rb'
    - 'lib/mastodon/cli/accounts.rb'
    - 'lib/mastodon/cli/maintenance.rb'
    - 'spec/lib/activitypub/activity/follow_spec.rb'
    - 'spec/services/follow_service_spec.rb'
    - 'spec/services/update_account_service_spec.rb'
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/UniqueValidationWithoutIndex:
  Exclude:
    - 'app/models/account_alias.rb'
    - 'app/models/custom_filter_status.rb'
    - 'app/models/identity.rb'
    - 'app/models/webauthn_credential.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: exists, where
 Rails/WhereExists:
  Exclude:
    - 'app/controllers/activitypub/inboxes_controller.rb'
    - 'app/controllers/admin/email_domain_blocks_controller.rb'
    - 'app/lib/activitypub/activity/create.rb'
    - 'app/lib/delivery_failure_tracker.rb'
    - 'app/lib/feed_manager.rb'
    - 'app/lib/status_cache_hydrator.rb'
    - 'app/lib/suspicious_sign_in_detector.rb'
    - 'app/models/concerns/account/interactions.rb'
    - 'app/models/featured_tag.rb'
    - 'app/models/poll.rb'
    - 'app/models/session_activation.rb'
    - 'app/models/status.rb'
    - 'app/models/user.rb'
    - 'app/policies/status_policy.rb'
    - 'app/serializers/rest/announcement_serializer.rb'
    - 'app/serializers/rest/tag_serializer.rb'
    - 'app/services/activitypub/fetch_remote_status_service.rb'
    - 'app/services/vote_service.rb'
    - 'app/validators/reaction_validator.rb'
    - 'app/validators/vote_validator.rb'
    - 'app/workers/move_worker.rb'
    - 'lib/tasks/tests.rake'
    - 'spec/models/account_spec.rb'
    - 'spec/services/activitypub/process_collection_service_spec.rb'
    - 'spec/services/purge_domain_service_spec.rb'
    - 'spec/services/unallow_domain_service_spec.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 # AllowedMethods: ==, equal?, eql?
@ -54,12 +171,17 @@ Style/ClassEqualityComparison:
    - 'app/helpers/jsonld_helper.rb'
    - 'app/serializers/activitypub/outbox_serializer.rb'
 Style/ClassVars:
  Exclude:
    - 'config/initializers/devise.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowedVars.
 Style/FetchEnvVar:
  Exclude:
    - 'app/lib/redis_configuration.rb'
    - 'app/lib/translation_service.rb'
    - 'config/environments/development.rb'
    - 'config/environments/production.rb'
    - 'config/initializers/2_limited_federation_mode.rb'
    - 'config/initializers/3_omniauth.rb'
@ -69,8 +191,9 @@ Style/FetchEnvVar:
    - 'config/initializers/paperclip.rb'
    - 'config/initializers/vapid.rb'
    - 'lib/mastodon/redis_config.rb'
    - 'lib/premailer_webpack_strategy.rb'
    - 'lib/tasks/repo.rake'
-    - 'spec/system/profile_spec.rb'
+    - 'spec/features/profile_spec.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns.
@ -78,6 +201,7 @@ Style/FetchEnvVar:
 # AllowedMethods: redirect
 Style/FormatStringToken:
  Exclude:
    - 'app/models/privacy_policy.rb'
    - 'config/initializers/devise.rb'
    - 'lib/paperclip/color_extractor.rb'
@ -91,6 +215,10 @@ Style/GlobalStdStream:
 # Configuration parameters: MinBodyLength, AllowConsecutiveConditionals.
 Style/GuardClause:
  Exclude:
    - 'app/controllers/admin/confirmations_controller.rb'
    - 'app/controllers/auth/confirmations_controller.rb'
    - 'app/controllers/auth/passwords_controller.rb'
    - 'app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb'
    - 'app/lib/activitypub/activity/block.rb'
    - 'app/lib/request.rb'
    - 'app/lib/request_pool.rb'
@ -114,14 +242,35 @@ Style/GuardClause:
    - 'lib/mastodon/cli/accounts.rb'
    - 'lib/mastodon/cli/maintenance.rb'
    - 'lib/mastodon/cli/media.rb'
    - 'lib/paperclip/attachment_extensions.rb'
    - 'lib/tasks/repo.rake'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: braces, no_braces
 Style/HashAsLastArrayItem:
  Exclude:
    - 'app/controllers/admin/statuses_controller.rb'
    - 'app/controllers/api/v1/statuses_controller.rb'
    - 'app/models/concerns/account/counters.rb'
    - 'app/models/concerns/status/threading_concern.rb'
    - 'app/models/status.rb'
    - 'app/services/batched_remove_status_service.rb'
    - 'app/services/notify_service.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/HashTransformValues:
  Exclude:
    - 'app/serializers/rest/web_push_subscription_serializer.rb'
    - 'app/services/import_service.rb'
 # This cop supports safe autocorrection (--autocorrect).
 Style/IfUnlessModifier:
  Exclude:
    - 'config/environments/production.rb'
    - 'config/initializers/devise.rb'
    - 'config/initializers/ffmpeg.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/MapToHash:
  Exclude:
@ -156,6 +305,13 @@ Style/OptionalBooleanParameter:
    - 'app/workers/unfollow_follow_worker.rb'
    - 'lib/mastodon/redis_config.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: PreferredDelimiters.
 Style/PercentLiteralDelimiters:
  Exclude:
    - 'config/deploy.rb'
    - 'config/initializers/doorkeeper.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: short, verbose
@ -169,6 +325,16 @@ Style/RedundantConstantBase:
    - 'config/environments/production.rb'
    - 'config/initializers/sidekiq.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: SafeForConstants.
 Style/RedundantFetchBlock:
  Exclude:
    - 'config/initializers/1_hosts.rb'
    - 'config/initializers/chewy.rb'
    - 'config/initializers/devise.rb'
    - 'config/initializers/paperclip.rb'
    - 'config/puma.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods, MaxChainLength.
 # AllowedMethods: present?, blank?, presence, try, try!
@ -176,12 +342,59 @@ Style/SafeNavigation:
  Exclude:
    - 'app/models/concerns/account/finder_concern.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: only_raise, only_fail, semantic
 Style/SignalException:
  Exclude:
    - 'lib/devise/strategies/two_factor_ldap_authenticatable.rb'
    - 'lib/devise/strategies/two_factor_pam_authenticatable.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SingleArgumentDig:
  Exclude:
    - 'lib/webpacker/manifest_extensions.rb'
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Mode.
 Style/StringConcatenation:
  Exclude:
    - 'config/initializers/paperclip.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline.
 # SupportedStyles: single_quotes, double_quotes
 Style/StringLiterals:
  Exclude:
    - 'config/environments/production.rb'
    - 'config/initializers/backtrace_silencers.rb'
    - 'config/initializers/http_client_proxy.rb'
    - 'config/initializers/rack_attack.rb'
    - 'config/initializers/webauthn.rb'
    - 'config/routes.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, AllowSafeAssignment.
 # SupportedStyles: require_parentheses, require_no_parentheses, require_parentheses_when_complex
 Style/TernaryParentheses:
  Exclude:
    - 'config/environments/development.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyleForMultiline.
 # SupportedStylesForMultiline: comma, consistent_comma, no_comma
 Style/TrailingCommaInArguments:
  Exclude:
    - 'config/initializers/paperclip.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyleForMultiline.
 # SupportedStylesForMultiline: comma, consistent_comma, no_comma
 Style/TrailingCommaInHashLiteral:
  Exclude:
    - 'config/environments/production.rb'
    - 'config/environments/test.rb'
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: WordRegex.
 # SupportedStyles: percent, brackets
--- a/.ruby-version
+++ b/.ruby-version
@ -1 +1 @@
-3.3.1
+3.2.2
--- a/.simplecov
+++ b/.simplecov
@ -0,0 +1,22 @@
 # frozen_string_literal: true
 if ENV['CI']
  require 'simplecov-lcov'
  SimpleCov::Formatter::LcovFormatter.config.report_with_single_file = true
  SimpleCov.formatter = SimpleCov::Formatter::LcovFormatter
 else
  SimpleCov.formatter = SimpleCov::Formatter::HTMLFormatter
 end
 SimpleCov.start 'rails' do
  enable_coverage :branch
  add_filter 'lib/linter'
  add_group 'Libraries', 'lib'
  add_group 'Policies', 'app/policies'
  add_group 'Presenters', 'app/presenters'
  add_group 'Serializers', 'app/serializers'
  add_group 'Services', 'app/services'
  add_group 'Validators', 'app/validators'
 end
--- a/.solargraph.yml
+++ b/.solargraph.yml
@ -1,23 +0,0 @@
 ---
 include:
  - '**/*.rb'
 exclude:
  - spec/**/*
  - test/**/*
  - vendor/**/*
  - '.bundle/**/*'
 require: []
 domains: []
 reporters:
  - rubocop
  - require_not_found
 formatter:
  rubocop:
    cops: safe
    except: []
    only: []
    extra_args: []
 require_paths: []
 plugins:
  - solargraph-rails
 max_files: 5000
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,101 +2,6 @@
 All notable changes to this project will be documented in this file.
 ## [4.2.7] - 2024-02-16
 ### Fixed
 - Fix OmniAuth tests and edge cases in error handling ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29201), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/29207))
 - Fix new installs by upgrading to the latest release of the `nsa` gem, instead of a no longer existing commit ([mjankowski](https://github.com/mastodon/mastodon/pull/29065))
 ### Security
 - Fix insufficient checking of remote posts ([GHSA-jhrq-qvrm-qr36](https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36))
 ## [4.2.6] - 2024-02-14
 ### Security
 - Update the `sidekiq-unique-jobs` dependency (see [GHSA-cmh9-rx85-xj38](https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38))
  In addition, we have disabled the web interface for `sidekiq-unique-jobs` out of caution.
  If you need it, you can re-enable it by setting `ENABLE_SIDEKIQ_UNIQUE_JOBS_UI=true`.
  If you only need to clear all locks, you can now use `bundle exec rake sidekiq_unique_jobs:delete_all_locks`.
 - Update the `nokogiri` dependency (see [GHSA-xc9x-jj77-9p9j](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j))
 - Disable administrative Doorkeeper routes ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/29187))
 - Fix ongoing streaming sessions not being invalidated when applications get deleted in some cases ([GHSA-7w3c-p9j8-mq3x](https://github.com/mastodon/mastodon/security/advisories/GHSA-7w3c-p9j8-mq3x))
  In some rare cases, the streaming server was not notified of access tokens revocation on application deletion.
 - Change external authentication behavior to never reattach a new identity to an existing user by default ([GHSA-vm39-j3vx-pch3](https://github.com/mastodon/mastodon/security/advisories/GHSA-vm39-j3vx-pch3))
  Up until now, Mastodon has allowed new identities from external authentication providers to attach to an existing local user based on their verified e-mail address.
  This allowed upgrading users from a database-stored password to an external authentication provider, or move from one authentication provider to another.
  However, this behavior may be unexpected, and means that when multiple authentication providers are configured, the overall security would be that of the least secure authentication provider.
  For these reasons, this behavior is now locked under the `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH` environment variable.
  In addition, regardless of this environment variable, Mastodon will refuse to attach two identities from the same authentication provider to the same account.
 ## [4.2.5] - 2024-02-01
 ### Security
 - Fix insufficient origin validation (CVE-2024-23832, [GHSA-3fjr-858r-92rw](https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw))
 ## [4.2.4] - 2024-01-24
 ### Fixed
 - Fix error when processing remote files with unusually long names ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/28823))
 - Fix processing of compacted single-item JSON-LD collections ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/28816))
 - Retry 401 errors on replies fetching ([ShadowJonathan](https://github.com/mastodon/mastodon/pull/28788))
 - Fix `RecordNotUnique` errors in LinkCrawlWorker ([tribela](https://github.com/mastodon/mastodon/pull/28748))
 - Fix Mastodon not correctly processing HTTP Signatures with query strings ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/28443), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/28476))
 - Fix potential redirection loop of streaming endpoint ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/28665))
 - Fix streaming API redirection ignoring the port of `streaming_api_base_url` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/28558))
 - Fix error when processing link preview with an array as `inLanguage` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/28252))
 - Fix unsupported time zone or locale preventing sign-up ([Gargron](https://github.com/mastodon/mastodon/pull/28035))
 - Fix "Hide these posts from home" list setting not refreshing when switching lists ([brianholley](https://github.com/mastodon/mastodon/pull/27763))
 - Fix missing background behind dismissable banner in web UI ([Gargron](https://github.com/mastodon/mastodon/pull/27479))
 - Fix line wrapping of language selection button with long locale codes ([gunchleoc](https://github.com/mastodon/mastodon/pull/27100), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/27127))
 - Fix `Undo Announce` activity not being sent to non-follower authors ([MitarashiDango](https://github.com/mastodon/mastodon/pull/18482))
 - Fix N+1s because of association preloaders not actually getting called ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/28339))
 - Fix empty column explainer getting cropped under certain conditions ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/28337))
 - Fix `LinkCrawlWorker` error when encountering empty OEmbed response ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/28268))
 - Fix call to inefficient `delete_matched` cache method in domain blocks ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/28367))
 ### Security
 - Add rate-limit of TOTP authentication attempts at controller level ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/28801))
 ## [4.2.3] - 2023-12-05
 ### Fixed
 - Fix dependency on `json-canonicalization` version that has been made unavailable since last release
 ## [4.2.2] - 2023-12-04
 ### Changed
 - Change dismissed banners to be stored server-side ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27055))
 - Change GIF max matrix size error to explicitly mention GIF files ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27927))
 - Change `Follow` activities delivery to bypass availability check ([ShadowJonathan](https://github.com/mastodon/mastodon/pull/27586))
 - Change single-column navigation notice to be displayed outside of the logo container ([renchap](https://github.com/mastodon/mastodon/pull/27462), [renchap](https://github.com/mastodon/mastodon/pull/27476))
 - Change Content-Security-Policy to be tighter on media paths ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26889))
 - Change post language code to include country code when relevant ([gunchleoc](https://github.com/mastodon/mastodon/pull/27099), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/27207))
 ### Fixed
 - Fix upper border radius of onboarding columns ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27890))
 - Fix incoming status creation date not being restricted to standard ISO8601 ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27655), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/28081))
 - Fix some posts from threads received out-of-order sometimes not being inserted into timelines ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27653))
 - Fix posts from force-sensitized accounts being able to trend ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27620))
 - Fix error when trying to delete already-deleted file with OpenStack Swift ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27569))
 - Fix batch attachment deletion when using OpenStack Swift ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27554))
 - Fix processing LDSigned activities from actors with unknown public keys ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27474))
 - Fix error and incorrect URLs in `/api/v1/accounts/:id/featured_tags` for remote accounts ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27459))
 - Fix report processing notice not mentioning the report number when performing a custom action ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27442))
 - Fix handling of `inLanguage` attribute in preview card processing ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27423))
 - Fix own posts being removed from home timeline when unfollowing a used hashtag ([kmycode](https://github.com/mastodon/mastodon/pull/27391))
 - Fix some link anchors being recognized as hashtags ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27271), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/27584))
 - Fix format-dependent redirects being cached regardless of requested format ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/27634))
 ## [4.2.1] - 2023-10-10
 ### Added
--- a/19
+++ b/19
@ -1,4 +1,4 @@
-# syntax=docker/dockerfile:1.7
+# syntax=docker/dockerfile:1.4
 # Please see https://docs.docker.com/engine/reference/builder for information about
 # the extended buildx capabilities used in this file.
@ -7,20 +7,20 @@
 ARG TARGETPLATFORM=${TARGETPLATFORM}
 ARG BUILDPLATFORM=${BUILDPLATFORM}
-# Ruby image to use for base image, change with [--build-arg RUBY_VERSION="3.3.1"]
+# Ruby image to use for base image, change with [--build-arg RUBY_VERSION="3.2.2"]
-ARG RUBY_VERSION="3.3.1"
+ARG RUBY_VERSION="3.2.2"
 # # Node version to use in base image, change with [--build-arg NODE_MAJOR_VERSION="20"]
 ARG NODE_MAJOR_VERSION="20"
 # Debian image to use for base image, change with [--build-arg DEBIAN_VERSION="bookworm"]
 ARG DEBIAN_VERSION="bookworm"
 # Node image to use for base image based on combined variables (ex: 20-bookworm-slim)
 FROM docker.io/node:${NODE_MAJOR_VERSION}-${DEBIAN_VERSION}-slim as node
-# Ruby image to use for base image based on combined variables (ex: 3.3.1-slim-bookworm)
+# Ruby image to use for base image based on combined variables (ex: 3.2.2-slim-bookworm)
 FROM docker.io/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} as ruby
 # Resulting version string is vX.X.X-MASTODON_VERSION_PRERELEASE+MASTODON_VERSION_METADATA
 # Example: v4.2.0-nightly.2023.11.09+something
-# Overwrite existence of 'alpha.0' in version.rb [--build-arg MASTODON_VERSION_PRERELEASE="nightly.2023.11.09"]
+# Overwrite existance of 'alpha.0' in version.rb [--build-arg MASTODON_VERSION_PRERELEASE="nightly.2023.11.09"]
 ARG MASTODON_VERSION_PRERELEASE=""
 # Append build metadata or fork information to version.rb [--build-arg MASTODON_VERSION_METADATA="something"]
 ARG MASTODON_VERSION_METADATA=""
@ -29,7 +29,7 @@ ARG MASTODON_VERSION_METADATA=""
 # See: https://docs.joinmastodon.org/admin/config/#rails_serve_static_files
 ARG RAILS_SERVE_STATIC_FILES="true"
 # Allow to use YJIT compiler
-# See: https://github.com/ruby/ruby/blob/v3_2_4/doc/yjit/yjit.md
+# See: https://github.com/ruby/ruby/blob/master/doc/yjit/yjit.md
 ARG RUBY_YJIT_ENABLE="1"
 # Timezone used by the Docker container and runtime, change with [--build-arg TZ=Europe/Berlin]
 ARG TZ="Etc/UTC"
@ -205,12 +205,7 @@ ARG TARGETPLATFORM
 RUN \
 # Use Ruby on Rails to create Mastodon assets
-  ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=precompile_placeholder \
+  OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder bundle exec rails assets:precompile; \
  ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=precompile_placeholder \
  ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=precompile_placeholder \
  OTP_SECRET=precompile_placeholder \
  SECRET_KEY_BASE=precompile_placeholder \
  bundle exec rails assets:precompile; \
 # Cleanup temporary files
  rm -fr /opt/mastodon/tmp;
--- a/FEDERATION.md
+++ b/FEDERATION.md
@ -1,35 +1,19 @@
-# Federation
+## ActivityPub federation in Mastodon
 ## Supported federation protocols and standards
 - [ActivityPub](https://www.w3.org/TR/activitypub/) (Server-to-Server)
 - [WebFinger](https://webfinger.net/)
 - [Http Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures)
 - [NodeInfo](https://nodeinfo.diaspora.software/)
 ## Supported FEPs
 - [FEP-67ff: FEDERATION.md](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md)
 - [FEP-f1d5: NodeInfo in Fediverse Software](https://codeberg.org/fediverse/fep/src/branch/main/fep/f1d5/fep-f1d5.md)
 - [FEP-8fcf: Followers collection synchronization across servers](https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md)
 - [FEP-5feb: Search indexing consent for actors](https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md)
 ## ActivityPub in Mastodon
 Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all.
- [Supported ActivityPub vocabulary](https://docs.joinmastodon.org/spec/activitypub/)
+Supported vocabulary: https://docs.joinmastodon.org/spec/activitypub/
 ### Required extensions
-#### WebFinger
+#### Webfinger
 In Mastodon, users are identified by a `username` and `domain` pair (e.g., `Gargron@mastodon.social`).
 This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings.
 As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an `acct:` URI that can be resolved via WebFinger.
- [WebFinger information and examples](https://docs.joinmastodon.org/spec/webfinger/)
+More information and examples are available at: https://docs.joinmastodon.org/spec/webfinger/
 #### HTTP Signatures
@ -37,13 +21,11 @@ In order to authenticate activities, Mastodon relies on HTTP Signatures, signing
 Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server.
- [HTTP Signatures information and examples](https://docs.joinmastodon.org/spec/security/#http)
+More information on HTTP Signatures, as well as examples, can be found here: https://docs.joinmastodon.org/spec/security/#http
 ### Optional extensions
- [Linked-Data Signatures](https://docs.joinmastodon.org/spec/security/#ld)
+- Linked-Data Signatures: https://docs.joinmastodon.org/spec/security/#ld
- [Bearcaps](https://docs.joinmastodon.org/spec/bearcaps/)
+- Bearcaps: https://docs.joinmastodon.org/spec/bearcaps/
-
+- Followers collection synchronization: https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md
-### Additional documentation
+- Search indexing consent for actors: https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md
 - [Mastodon documentation](https://docs.joinmastodon.org/)
--- a/91
+++ b/91
@ -1,37 +1,37 @@
 # frozen_string_literal: true
 source 'https://rubygems.org'
-ruby '>= 3.1.0'
+ruby '>= 3.0.0'
 gem 'propshaft'
 gem 'puma', '~> 6.3'
 gem 'rack', '~> 2.2.7'
 gem 'rails', '~> 7.1.1'
 gem 'propshaft'
 gem 'thor', '~> 1.2'
 gem 'rack', '~> 2.2.7'
 # For why irb is in the Gemfile, see: https://ruby.social/@st0012/111444685161478182
 gem 'irb', '~> 1.8'
 gem 'dotenv'
 gem 'haml-rails', '~>2.0'
 gem 'pg', '~> 1.5'
 gem 'pghero'
 gem 'dotenv-rails', '~> 2.8'
 gem 'aws-sdk-s3', '~> 1.123', require: false
 gem 'blurhash', '~> 0.1'
 gem 'fog-core', '<= 2.4.0'
 gem 'fog-openstack', '~> 1.0', require: false
 gem 'kt-paperclip', '~> 7.2'
 gem 'md-paperclip-azure', '~> 2.2', require: false
 gem 'blurhash', '~> 0.1'
 gem 'active_model_serializers', '~> 0.10'
 gem 'addressable', '~> 2.8'
-gem 'bootsnap', '~> 1.18.0', require: false
+gem 'bootsnap', '~> 1.17.0', require: false
 gem 'browser'
-gem 'charlock_holmes', github: 'TheEssem/charlock_holmes', ref: '226932af4b03eb60d2e31d58b6c3efd72a3ace68'
+gem 'charlock_holmes', '~> 0.7.7'
 gem 'chewy', '~> 7.3'
 gem 'devise', '~> 4.9'
-gem 'devise-two-factor'
+gem 'devise-two-factor', '~> 4.1'
 group :pam_authentication, optional: true do
  gem 'devise_pam_authenticatable2', '~> 9.2'
@ -39,11 +39,12 @@ end
 gem 'net-ldap', '~> 0.18'
-gem 'omniauth', '~> 2.0'
+# TODO: Point back at released omniauth-cas gem when new version is released
-gem 'omniauth-cas', '~> 3.0.0.beta.1'
+gem 'omniauth-cas', github: 'dlindahl/omniauth-cas', ref: '9d9d3a91b316c55d49ab6e621977f2067010c5bf'
 gem 'omniauth_openid_connect', '~> 0.6.1'
 gem 'omniauth-rails_csrf_protection', '~> 1.0'
 gem 'omniauth-saml', '~> 2.0'
 gem 'omniauth_openid_connect', '~> 0.6.1'
 gem 'omniauth', '~> 2.0'
 gem 'omniauth-rails_csrf_protection', '~> 1.0'
 gem 'color_diff', '~> 0.1'
 gem 'csv', '~> 3.2'
@ -53,49 +54,48 @@ gem 'ed25519', '~> 1.3'
 gem 'fast_blank', '~> 1.0'
 gem 'fastimage'
 gem 'hiredis', '~> 0.6'
 gem 'redis-namespace', '~> 1.10'
 gem 'htmlentities', '~> 4.3'
-gem 'http', '~> 5.2.0'
+gem 'http', '~> 5.1'
 gem 'http_accept_language', '~> 2.1'
 gem 'httplog', '~> 1.6.2'
 gem 'i18n'
 gem 'idn-ruby', require: 'idn'
 gem 'inline_svg'
 gem 'kaminari', '~> 1.2'
 gem 'link_header', '~> 0.0'
 gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
 gem 'mime-types', '~> 3.5.0', require: 'mime/types/columnar'
 gem 'nokogiri', '~> 1.15'
-gem 'nsa'
+gem 'nsa', github: 'jhawthorn/nsa', ref: 'e020fcc3a54d993ab45b7194d89ab720296c111b'
 gem 'oj', '~> 3.14'
 gem 'ox', '~> 2.14'
 gem 'parslet'
-gem 'premailer-rails'
+gem 'posix-spawn'
 gem 'public_suffix', '~> 5.0'
 gem 'pundit', '~> 2.3'
 gem 'premailer-rails'
 gem 'rack-attack', '~> 6.6'
 gem 'rack-cors', '~> 2.0', require: 'rack/cors'
 gem 'rails-i18n', '~> 7.0'
 gem 'redcarpet', '~> 3.6'
 gem 'redis', '~> 4.5', require: ['redis', 'redis/connection/hiredis']
-gem 'redis-namespace', '~> 1.10'
+gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
 gem 'rqrcode', '~> 2.2'
 gem 'ruby-progressbar', '~> 1.13'
 gem 'sanitize', '~> 6.0'
 gem 'scenic', '~> 1.7'
 gem 'sidekiq', '~> 6.5'
 gem 'sidekiq-bulk', '~> 0.2.0'
 gem 'sidekiq-scheduler', '~> 5.0'
 gem 'sidekiq-unique-jobs', '~> 7.1'
-gem 'simple_form', '~> 5.2'
+gem 'sidekiq-bulk', '~> 0.2.0'
 gem 'simple-navigation', '~> 4.4'
-gem 'stoplight', '~> 4.1'
+gem 'simple_form', '~> 5.2'
-gem 'strong_migrations', '1.8.0'
+gem 'stoplight', '~> 3.0.1'
 gem 'strong_migrations', '1.7.0'
 gem 'tty-prompt', '~> 0.23', require: false
 gem 'twitter-text', '~> 3.1.0'
 gem 'tzinfo-data', '~> 1.2023'
 gem 'webauthn', '~> 3.0'
 gem 'webpacker', '~> 5.4'
 gem 'webpush', github: 'ClearlyClaire/webpush', ref: 'f14a4d52e201128b1b00245d11b6de80d6cfdcd9'
 gem 'webauthn', '~> 3.0'
 gem 'json-ld'
 gem 'json-ld-preloaded', '~> 3.2'
@ -103,24 +103,6 @@ gem 'rdf-normalize', '~> 0.5'
 gem 'private_address_check', '~> 0.5'
 group :opentelemetry do
  gem 'opentelemetry-exporter-otlp', '~> 0.26.3', require: false
  gem 'opentelemetry-instrumentation-active_job', '~> 0.7.1', require: false
  gem 'opentelemetry-instrumentation-active_model_serializers', '~> 0.20.1', require: false
  gem 'opentelemetry-instrumentation-concurrent_ruby', '~> 0.21.2', require: false
  gem 'opentelemetry-instrumentation-excon', '~> 0.22.0', require: false
  gem 'opentelemetry-instrumentation-faraday', '~> 0.24.1', require: false
  gem 'opentelemetry-instrumentation-http', '~> 0.23.2', require: false
  gem 'opentelemetry-instrumentation-http_client', '~> 0.22.3', require: false
  gem 'opentelemetry-instrumentation-net_http', '~> 0.22.4', require: false
  gem 'opentelemetry-instrumentation-pg', '~> 0.27.1', require: false
  gem 'opentelemetry-instrumentation-rack', '~> 0.24.1', require: false
  gem 'opentelemetry-instrumentation-rails', '~> 0.30.0', require: false
  gem 'opentelemetry-instrumentation-redis', '~> 0.25.3', require: false
  gem 'opentelemetry-instrumentation-sidekiq', '~> 0.25.2', require: false
  gem 'opentelemetry-sdk', '~> 1.4', require: false
 end
 group :test do
  # Adds RSpec Error/Warning annotations to GitHub PRs on the Files tab
  gem 'rspec-github', '~> 2.4', require: false
@ -131,8 +113,8 @@ group :test do
  # RSpec helpers for email specs
  gem 'email_spec'
-  # Extra RSpec extension methods and helpers for sidekiq
+  # Extra RSpec extenion methods and helpers for sidekiq
-  gem 'rspec-sidekiq', '~> 5.0'
+  gem 'rspec-sidekiq', '~> 4.0'
  # Browser integration testing
  gem 'capybara', '~> 3.39'
@ -142,7 +124,13 @@ group :test do
  gem 'database_cleaner-active_record'
  # Used to mock environment variables
-  gem 'climate_control'
+  gem 'climate_control', '~> 0.2'
  # Generating fake data for specs
  gem 'faker', '~> 3.2'
  # Generate test objects for specs
  gem 'fabrication', '~> 2.30'
  # Add back helpers functions removed in Rails 5.1
  gem 'rails-controller-testing', '~> 1.0'
@ -178,7 +166,7 @@ group :development do
  # Preview mail in the browser
  gem 'letter_opener', '~> 1.8'
-  gem 'letter_opener_web', '~> 3.0'
+  gem 'letter_opener_web', '~> 2.0'
  # Security analysis CLI tools
  gem 'brakeman', '~> 6.0', require: false
@ -195,12 +183,6 @@ group :development, :test do
  # Interactive Debugging tools
  gem 'debug', '~> 1.8'
  # Generate fake data values
  gem 'faker', '~> 3.2'
  # Generate factory objects
  gem 'fabrication', '~> 2.30'
  # Profiling tools
  gem 'memory_profiler', require: false
  gem 'ruby-prof', require: false
@ -215,14 +197,13 @@ group :production do
  gem 'lograge', '~> 0.12'
 end
 gem 'cocoon', '~> 1.2'
 gem 'concurrent-ruby', require: false
 gem 'connection_pool', require: false
 gem 'xorcist', '~> 1.1'
 gem 'cocoon', '~> 1.2'
 gem 'net-http', '~> 0.4.0'
 gem 'rubyzip', '~> 2.3'
 gem 'hcaptcha', '~> 7.1'
 gem 'mail', '~> 2.8'
--- a/Gemfile.lock
+++ b/Gemfile.lock
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-# <img src="https://github.com/TheEssem/mastodon/raw/main/public/chuckya.png" width="128"> Chuckya
+# <img src="https://github.com/TheEssem/mastodon/raw/main/app/javascript/icons/android-chrome-256x256.png" width="128"> Chuckya
 Chuckya is a close-to-upstream soft fork of Mastodon Glitch Edition (more commonly known as glitch-soc) that aims to introduce more experimental features/fixes with the goal of making the overall experience more enjoyable. Although it's mainly developed for and used on the [wetdry.world](https://wetdry.world) instance, it can be deployed by any server admin as a drop-in, backwards-compatible replacement for Mastodon.
@ -15,6 +15,7 @@ Here are some of the changes compared to glitch-soc:
 - Allows dashes in custom emote names
 - Emojis can be put side-by-side
 - Minor media attachment tweaks
 - Custom favicon
 Changes previously in Chuckya that made their way into vanilla Mastodon:
@ -26,157 +27,15 @@ Original glitch-soc readme is below.
 # Mastodon Glitch Edition
-[![Ruby Testing](https://github.com/glitch-soc/mastodon/actions/workflows/test-ruby.yml/badge.svg)](https://github.com/glitch-soc/mastodon/actions/workflows/test-ruby.yml)
+> Now with automated deploys!
 [![Crowdin](https://badges.crowdin.net/glitch-soc/localized.svg)][glitch-crowdin]
-[glitch-crowdin]: https://crowdin.com/project/glitch-soc
+[![Build Status](https://img.shields.io/circleci/project/github/glitch-soc/mastodon.svg)][circleci]
 [![Code Climate](https://img.shields.io/codeclimate/maintainability/glitch-soc/mastodon.svg)][code_climate]
 [circleci]: https://circleci.com/gh/glitch-soc/mastodon
 [code_climate]: https://codeclimate.com/github/glitch-soc/mastodon
 So here's the deal: we all work on this code, and anyone who uses that does so absolutely at their own risk. can you dig it?
 - You can view documentation for this project at [glitch-soc.github.io/docs/](https://glitch-soc.github.io/docs/).
 - And contributing guidelines are available [here](CONTRIBUTING.md) and [here](https://glitch-soc.github.io/docs/contributing/).
 Mastodon Glitch Edition is a fork of [Mastodon](https://github.com/mastodon/mastodon). Upstream's README file is reproduced below.
 ---
 <h1><picture>
  <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true">
  <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true">
  <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34">
 </picture></h1>
 [![GitHub release](https://img.shields.io/github/release/mastodon/mastodon.svg)][releases]
 [![Ruby Testing](https://github.com/mastodon/mastodon/actions/workflows/test-ruby.yml/badge.svg)](https://github.com/mastodon/mastodon/actions/workflows/test-ruby.yml)
 [![Crowdin](https://d322cqt584bo4o.cloudfront.net/mastodon/localized.svg)][crowdin]
 [releases]: https://github.com/mastodon/mastodon/releases
 [crowdin]: https://crowdin.com/project/mastodon
 Mastodon is a **free, open-source social network server** based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, and video. All Mastodon servers are interoperable as a federated network (users on one server can seamlessly communicate with users from another one, including non-Mastodon software that implements ActivityPub!)
 Click below to **learn more** in a video:
 [![Screenshot](https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/ezgif-2-60f1b00403.gif)][youtube_demo]
 [youtube_demo]: https://www.youtube.com/watch?v=IPSbNdBmWKE
 ## Navigation
 - [Project homepage 🐘](https://joinmastodon.org)
 - [Support the development via Patreon][patreon]
 - [View sponsors](https://joinmastodon.org/sponsors)
 - [Blog](https://blog.joinmastodon.org)
 - [Documentation](https://docs.joinmastodon.org)
 - [Roadmap](https://joinmastodon.org/roadmap)
 - [Official Docker image](https://github.com/mastodon/mastodon/pkgs/container/mastodon)
 - [Browse Mastodon servers](https://joinmastodon.org/communities)
 - [Browse Mastodon apps](https://joinmastodon.org/apps)
 [patreon]: https://www.patreon.com/mastodon
 ## Features
 <img src="/app/javascript/images/elephant_ui_working.svg?raw=true" align="right" width="30%" />
 ### No vendor lock-in: Fully interoperable with any conforming platform
 It doesn't have to be Mastodon; whatever implements ActivityPub is part of the social network! [Learn more](https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/)
 ### Real-time, chronological timeline updates
 Updates of people you're following appear in real-time in the UI via WebSockets. There's a firehose view as well!
 ### Media attachments like images and short videos
 Upload and view images and WebM/MP4 videos attached to the updates. Videos with no audio track are treated like GIFs; normal videos loop continuously!
 ### Safety and moderation tools
 Mastodon includes private posts, locked accounts, phrase filtering, muting, blocking, and all sorts of other features, along with a reporting and moderation system. [Learn more](https://blog.joinmastodon.org/2018/07/cage-the-mastodon/)
 ### OAuth2 and a straightforward REST API
 Mastodon acts as an OAuth2 provider, so 3rd party apps can use the REST and Streaming APIs. This results in a rich app ecosystem with a lot of choices!
 ## Deployment
 ### Tech stack
 - **Ruby on Rails** powers the REST API and other web pages
 - **React.js** and Redux are used for the dynamic parts of the interface
 - **Node.js** powers the streaming API
 ### Requirements
 - **PostgreSQL** 12+
 - **Redis** 4+
 - **Ruby** 3.1+
 - **Node.js** 18+
 The repository includes deployment configurations for **Docker and docker-compose** as well as specific platforms like **Heroku**, **Scalingo**, and **Nanobox**. For Helm charts, reference the [mastodon/chart repository](https://github.com/mastodon/chart). The [**standalone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the documentation.
 ## Development
 ### Vagrant
 A **Vagrant** configuration is included for development purposes. To use it, complete the following steps:
 - Install Vagrant and Virtualbox
 - Install the `vagrant-hostsupdater` plugin: `vagrant plugin install vagrant-hostsupdater`
 - Run `vagrant up`
 - Run `vagrant ssh -c "cd /vagrant && bin/dev"`
 - Open `http://mastodon.local` in your browser
 ### MacOS
 To set up **MacOS** for native development, complete the following steps:
 - Use a Ruby version manager to install the specified version from `.ruby-version`
 - Run `bundle` to install required gems
 - Run `brew install postgresql@14 redis imagemagick libidn` to install required dependencies
 - Navigate to Mastodon's root directory and run `brew install nvm` then `nvm use` to use the version from `.nvmrc`
 - Run `yarn` to install required packages
 - Run `corepack enable && corepack prepare`
 - Run `RAILS_ENV=development bundle exec rails db:setup`
 - Finally, run `bin/dev` which will launch the local services via `overmind` (if installed) or `foreman`
 ### Docker
 For development with **Docker**, complete the following steps:
 - Install Docker Desktop
 - Run `docker compose -f .devcontainer/docker-compose.yml up -d`
 - Run `docker compose -f .devcontainer/docker-compose.yml exec app .devcontainer/post-create.sh`
 - Finally, run `docker compose -f .devcontainer/docker-compose.yml exec app bin/dev`
 If you are using an IDE with [support for the Development Container specification](https://containers.dev/supporting), it will run the above `docker compose` commands automatically. For **Visual Studio Code** this requires the [Dev Container extension](https://containers.dev/supporting#dev-containers).
 ### GitHub Codespaces
 To get you coding in just a few minutes, GitHub Codespaces provides a web-based version of Visual Studio Code and a cloud-hosted development environment fully configured with the software needed for this project..
 - Click this button to create a new codespace:<br>
  [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://github.com/codespaces/new?hide_repo_select=true&ref=main&repo=52281283&devcontainer_path=.devcontainer%2Fcodespaces%2Fdevcontainer.json)
 - Wait for the environment to build. This will take a few minutes.
 - When the editor is ready, run `bin/dev` in the terminal.
 - After a few seconds, a popup will appear with a button labeled _Open in Browser_. This will open Mastodon.
 - On the _Ports_ tab, right click on the “stream” row and select _Port visibility_ → _Public_.
 ## Contributing
 Mastodon is **free, open-source software** licensed under **AGPLv3**.
 You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository or submit translations using Crowdin. To get started, take a look at [CONTRIBUTING.md](CONTRIBUTING.md). If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
 **IRC channel**: #mastodon on irc.libera.chat
 ## License
 Copyright (C) 2016-2024 Eugen Rochko & other Mastodon contributors (see [AUTHORS.md](AUTHORS.md))
 This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
 This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
 You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
--- a/3
+++ b/3
@ -173,7 +173,6 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  # Otherwise, you can access the site at http://localhost:3000 and http://localhost:4000 , http://localhost:8080
  config.vm.network :forwarded_port, guest: 3000, host: 3000
  config.vm.network :forwarded_port, guest: 3035, host: 3035
  config.vm.network :forwarded_port, guest: 4000, host: 4000
  config.vm.network :forwarded_port, guest: 8080, host: 8080
  config.vm.network :forwarded_port, guest: 9200, host: 9200
@ -189,7 +188,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.post_up_message = <<MESSAGE
 To start server
-  $ vagrant ssh -c "cd /vagrant && bin/dev"
+  $ vagrant ssh -c "cd /vagrant && foreman start"
 MESSAGE
 end
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@ -25,7 +25,7 @@ class AccountsController < ApplicationController
        limit     = params[:limit].present? ? [params[:limit].to_i, PAGE_SIZE_MAX].min : PAGE_SIZE
        @statuses = filtered_statuses.without_reblogs.limit(limit)
-        @statuses = preload_collection(@statuses, Status)
+        @statuses = cache_collection(@statuses, Status)
      end
      format.json do
@ -46,7 +46,7 @@ class AccountsController < ApplicationController
  end
  def default_statuses
-    @account.statuses.not_local_only.distributable_visibility
+    @account.statuses.not_local_only.where(visibility: [:public, :unlisted])
  end
  def only_media_scope
--- a/app/controllers/activitypub/base_controller.rb
+++ b/app/controllers/activitypub/base_controller.rb
@ -1,9 +1,6 @@
 # frozen_string_literal: true
 class ActivityPub::BaseController < Api::BaseController
  include SignatureVerification
  include AccountOwnedConcern
  skip_before_action :require_authenticated_user!
  skip_before_action :require_not_suspended!
  skip_around_action :set_locale
--- a/app/controllers/activitypub/claims_controller.rb
+++ b/app/controllers/activitypub/claims_controller.rb
@ -1,6 +1,9 @@
 # frozen_string_literal: true
 class ActivityPub::ClaimsController < ActivityPub::BaseController
  include SignatureVerification
  include AccountOwnedConcern
  skip_before_action :authenticate_user!
  before_action :require_account_signature!
--- a/app/controllers/activitypub/collections_controller.rb
+++ b/app/controllers/activitypub/collections_controller.rb
@ -1,6 +1,9 @@
 # frozen_string_literal: true
 class ActivityPub::CollectionsController < ActivityPub::BaseController
  include SignatureVerification
  include AccountOwnedConcern
  vary_by -> { 'Signature' if authorized_fetch_mode? }
  before_action :require_account_signature!, if: :authorized_fetch_mode?
@ -18,7 +21,7 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
  def set_items
    case params[:id]
    when 'featured'
-      @items = for_signed_account { preload_collection(@account.pinned_statuses.not_local_only, Status) }
+      @items = for_signed_account { cache_collection(@account.pinned_statuses.not_local_only, Status) }
      @items = @items.map { |item| item.distributable? ? item : ActivityPub::TagManager.instance.uri_for(item) }
    when 'tags'
      @items = for_signed_account { @account.featured_tags }
--- a/app/controllers/activitypub/followers_synchronizations_controller.rb
+++ b/app/controllers/activitypub/followers_synchronizations_controller.rb
@ -1,6 +1,9 @@
 # frozen_string_literal: true
 class ActivityPub::FollowersSynchronizationsController < ActivityPub::BaseController
  include SignatureVerification
  include AccountOwnedConcern
  vary_by -> { 'Signature' if authorized_fetch_mode? }
  before_action :require_account_signature!
@ -21,7 +24,7 @@ class ActivityPub::FollowersSynchronizationsController < ActivityPub::BaseContro
  end
  def set_items
-    @items = @account.followers.matches_uri_prefix(uri_prefix).pluck(:uri)
+    @items = @account.followers.where(Account.arel_table[:uri].matches("#{Account.sanitize_sql_like(uri_prefix)}/%", false, true)).or(@account.followers.where(uri: uri_prefix)).pluck(:uri)
  end
  def collection_presenter
--- a/app/controllers/activitypub/inboxes_controller.rb
+++ b/app/controllers/activitypub/inboxes_controller.rb
@ -1,7 +1,9 @@
 # frozen_string_literal: true
 class ActivityPub::InboxesController < ActivityPub::BaseController
  include SignatureVerification
  include JsonLdHelper
  include AccountOwnedConcern
  before_action :skip_unknown_actor_activity
  before_action :require_actor_signature!
@ -22,7 +24,7 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
  def unknown_affected_account?
    json = Oj.load(body, mode: :strict)
-    json.is_a?(Hash) && %w(Delete Update).include?(json['type']) && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.exists?(uri: json['actor'])
+    json.is_a?(Hash) && %w(Delete Update).include?(json['type']) && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
  rescue Oj::ParseError
    false
  end
@ -60,10 +62,11 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
    return if raw_params.blank? || ENV['DISABLE_FOLLOWERS_SYNCHRONIZATION'] == 'true' || signed_request_account.nil?
    # Re-using the syntax for signature parameters
-    params = SignatureParser.parse(raw_params)
+    tree   = SignatureParamsParser.new.parse(raw_params)
    params = SignatureParamsTransformer.new.apply(tree)
    ActivityPub::PrepareFollowersSynchronizationService.new.call(signed_request_account, params)
-  rescue SignatureParser::ParsingError
+  rescue Parslet::ParseFailed
    Rails.logger.warn 'Error parsing Collection-Synchronization header'
  end
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@ -3,6 +3,9 @@
 class ActivityPub::OutboxesController < ActivityPub::BaseController
  LIMIT = 20
  include SignatureVerification
  include AccountOwnedConcern
  vary_by -> { 'Signature' if authorized_fetch_mode? || page_requested? }
  before_action :require_account_signature!, if: :authorized_fetch_mode?
@ -60,7 +63,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
  def set_statuses
    return unless page_requested?
-    @statuses = preload_collection_paginated_by_id(
+    @statuses = cache_collection_paginated_by_id(
      AccountStatusesFilter.new(@account, signed_request_account).results,
      Status,
      LIMIT,
--- a/app/controllers/activitypub/replies_controller.rb
+++ b/app/controllers/activitypub/replies_controller.rb
@ -1,7 +1,9 @@
 # frozen_string_literal: true
 class ActivityPub::RepliesController < ActivityPub::BaseController
  include SignatureVerification
  include Authorization
  include AccountOwnedConcern
  DESCENDANTS_LIMIT = 60
@ -31,7 +33,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
  def set_replies
    @replies = only_other_accounts? ? Status.where.not(account_id: @account.id).joins(:account).merge(Account.without_suspended) : @account.statuses
-    @replies = @replies.distributable_visibility.where(in_reply_to_id: @status.id)
+    @replies = @replies.where(in_reply_to_id: @status.id, visibility: [:public, :unlisted])
    @replies = @replies.paginate_by_min_id(DESCENDANTS_LIMIT, params[:min_id])
  end
--- a/app/controllers/admin/accounts_controller.rb
+++ b/app/controllers/admin/accounts_controller.rb
@ -128,7 +128,7 @@ module Admin
    def unblock_email
      authorize @account, :unblock_email?
-      CanonicalEmailBlock.matching_account(@account).delete_all
+      CanonicalEmailBlock.where(reference_account: @account).delete_all
      log_action :unblock_email, @account
--- a/app/controllers/admin/action_logs_controller.rb
+++ b/app/controllers/admin/action_logs_controller.rb
@ -6,7 +6,7 @@ module Admin
    def index
      authorize :audit_log, :index?
-      @auditable_accounts = Account.auditable.select(:id, :username)
+      @auditable_accounts = Account.where(id: Admin::ActionLog.select('distinct account_id')).select(:id, :username)
    end
    private
--- a/app/controllers/admin/base_controller.rb
+++ b/app/controllers/admin/base_controller.rb
@ -7,6 +7,7 @@ module Admin
    layout 'admin'
    before_action :set_pack
    before_action :set_body_classes
    before_action :set_cache_headers
@ -18,6 +19,10 @@ module Admin
      @body_classes = 'admin'
    end
    def set_pack
      use_pack 'admin'
    end
    def set_cache_headers
      response.cache_control.replace(private: true, no_store: true)
    end
--- a/app/controllers/admin/confirmations_controller.rb
+++ b/app/controllers/admin/confirmations_controller.rb
@ -3,11 +3,11 @@
 module Admin
  class ConfirmationsController < BaseController
    before_action :set_user
-    before_action :redirect_confirmed_user, only: [:resend], if: :user_confirmed?
+    before_action :check_confirmation, only: [:resend]
    def create
      authorize @user, :confirm?
-      @user.mark_email_as_confirmed!
+      @user.confirm!
      log_action :confirm, @user
      redirect_to admin_accounts_path
    end
@ -25,13 +25,11 @@ module Admin
    private
-    def redirect_confirmed_user
+    def check_confirmation
      if @user.confirmed?
        flash[:error] = I18n.t('admin.accounts.resend_confirmation.already_confirmed')
        redirect_to admin_accounts_path
      end
    def user_confirmed?
      @user.confirmed?
    end
  end
 end
--- a/app/controllers/admin/domain_allows_controller.rb
+++ b/app/controllers/admin/domain_allows_controller.rb
@ -25,8 +25,6 @@ class Admin::DomainAllowsController < Admin::BaseController
  def destroy
    authorize @domain_allow, :destroy?
    UnallowDomainService.new.call(@domain_allow)
    log_action :destroy, @domain_allow
    redirect_to admin_instances_path, notice: I18n.t('admin.domain_allows.destroyed_msg')
  end
--- a/app/controllers/admin/email_domain_blocks_controller.rb
+++ b/app/controllers/admin/email_domain_blocks_controller.rb
@ -38,7 +38,7 @@ module Admin
          log_action :create, @email_domain_block
          (@email_domain_block.other_domains || []).uniq.each do |domain|
-            next if EmailDomainBlock.exists?(domain: domain)
+            next if EmailDomainBlock.where(domain: domain).exists?
            other_email_domain_block = EmailDomainBlock.create!(domain: domain, allow_with_approval: @email_domain_block.allow_with_approval, parent: @email_domain_block)
            log_action :create, other_email_domain_block
--- a/app/controllers/admin/export_domain_blocks_controller.rb
+++ b/app/controllers/admin/export_domain_blocks_controller.rb
@ -49,7 +49,7 @@ module Admin
        next
      end
-      @warning_domains = instances_from_imported_blocks.pluck(:domain)
+      @warning_domains = Instance.where(domain: @domain_blocks.map(&:domain)).where('EXISTS (SELECT 1 FROM follows JOIN accounts ON follows.account_id = accounts.id OR follows.target_account_id = accounts.id WHERE accounts.domain = instances.domain)').pluck(:domain)
    rescue ActionController::ParameterMissing
      flash.now[:alert] = I18n.t('admin.export_domain_blocks.no_file')
      set_dummy_import!
@ -58,10 +58,6 @@ module Admin
    private
    def instances_from_imported_blocks
      Instance.with_domain_follows(@domain_blocks.map(&:domain))
    end
    def export_filename
      'domain_blocks.csv'
    end
--- a/app/controllers/admin/rules_controller.rb
+++ b/app/controllers/admin/rules_controller.rb
@ -53,7 +53,7 @@ module Admin
    end
    def resource_params
-      params.require(:rule).permit(:text, :hint, :priority)
+      params.require(:rule).permit(:text, :priority)
    end
  end
 end
--- a/app/controllers/admin/site_uploads_controller.rb
+++ b/app/controllers/admin/site_uploads_controller.rb
@ -9,7 +9,7 @@ module Admin
      @site_upload.destroy!
-      redirect_back fallback_location: admin_settings_path, notice: I18n.t('admin.site_uploads.destroyed_msg')
+      redirect_to admin_settings_path, notice: I18n.t('admin.site_uploads.destroyed_msg')
    end
    private
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@ -8,8 +8,6 @@ class Api::BaseController < ApplicationController
  include Api::AccessTokenTrackingConcern
  include Api::CachingConcern
  include Api::ContentSecurityPolicy
  include Api::ErrorHandling
  include Api::Pagination
  skip_before_action :require_functional!, unless: :limited_federation_mode?
@ -20,6 +18,51 @@ class Api::BaseController < ApplicationController
  protect_from_forgery with: :null_session
  rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
    render json: { error: e.to_s }, status: 422
  end
  rescue_from ActiveRecord::RecordNotUnique do
    render json: { error: 'Duplicate record' }, status: 422
  end
  rescue_from Date::Error do
    render json: { error: 'Invalid date supplied' }, status: 422
  end
  rescue_from ActiveRecord::RecordNotFound do
    render json: { error: 'Record not found' }, status: 404
  end
  rescue_from HTTP::Error, Mastodon::UnexpectedResponseError do
    render json: { error: 'Remote data could not be fetched' }, status: 503
  end
  rescue_from OpenSSL::SSL::SSLError do
    render json: { error: 'Remote SSL certificate could not be verified' }, status: 503
  end
  rescue_from Mastodon::NotPermittedError do
    render json: { error: 'This action is not allowed' }, status: 403
  end
  rescue_from Seahorse::Client::NetworkingError do |e|
    Rails.logger.warn "Storage server error: #{e}"
    render json: { error: 'There was a temporary problem serving your request, please try again' }, status: 503
  end
  rescue_from Mastodon::RaceConditionError, Stoplight::Error::RedLight do
    render json: { error: 'There was a temporary problem serving your request, please try again' }, status: 503
  end
  rescue_from Mastodon::RateLimitExceededError do
    render json: { error: I18n.t('errors.429') }, status: 429
  end
  rescue_from ActionController::ParameterMissing, Mastodon::InvalidParameterError do |e|
    render json: { error: e.to_s }, status: 400
  end
  def doorkeeper_unauthorized_render_options(error: nil)
    { json: { error: error.try(:description) || 'Not authorized' } }
  end
@ -30,6 +73,13 @@ class Api::BaseController < ApplicationController
  protected
  def set_pagination_headers(next_path = nil, prev_path = nil)
    links = []
    links << [next_path, [%w(rel next)]] if next_path
    links << [prev_path, [%w(rel prev)]] if prev_path
    response.headers['Link'] = LinkHeader.new(links) unless links.empty?
  end
  def limit_param(default_limit)
    return default_limit unless params[:limit]
@ -58,6 +108,10 @@ class Api::BaseController < ApplicationController
    render json: { error: 'Your login is currently disabled' }, status: 403 if current_user&.account&.unavailable?
  end
  def require_valid_pagination_options!
    render json: { error: 'Pagination values for `offset` and `limit` must be positive' }, status: 400 if pagination_options_invalid?
  end
  def require_user!
    if !current_user
      render json: { error: 'This method requires an authenticated user' }, status: 422
@ -86,6 +140,10 @@ class Api::BaseController < ApplicationController
  private
  def pagination_options_invalid?
    params.slice(:limit, :offset).values.map(&:to_i).any?(&:negative?)
  end
  def respond_with_error(code)
    render json: { error: Rack::Utils::HTTP_STATUS_CODES[code] }, status: code
  end
--- a/app/controllers/api/v1/accounts/credentials_controller.rb
+++ b/app/controllers/api/v1/accounts/credentials_controller.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: true
 class Api::V1::Accounts::CredentialsController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read, :'read:accounts', :'read:me' }, except: [:update]
+  before_action -> { doorkeeper_authorize! :read, :'read:accounts' }, except: [:update]
  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update]
  before_action :require_user!
--- a/app/controllers/api/v1/accounts/follower_accounts_controller.rb
+++ b/app/controllers/api/v1/accounts/follower_accounts_controller.rb
@ -21,7 +21,7 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
    return [] if hide_results?
    scope = default_accounts
-    scope = scope.not_excluded_by_account(current_account) unless current_account.nil? || current_account.id == @account.id
+    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil? || current_account.id == @account.id
    scope.merge(paginated_follows).to_a
  end
@ -30,7 +30,7 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
  end
  def default_accounts
-    Account.includes(:active_relationships, :account_stat, :user).references(:active_relationships)
+    Account.includes(:active_relationships, :account_stat).references(:active_relationships)
  end
  def paginated_follows
@ -41,6 +41,10 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
    )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_account_followers_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
--- a/app/controllers/api/v1/accounts/following_accounts_controller.rb
+++ b/app/controllers/api/v1/accounts/following_accounts_controller.rb
@ -21,7 +21,7 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
    return [] if hide_results?
    scope = default_accounts
-    scope = scope.not_excluded_by_account(current_account) unless current_account.nil? || current_account.id == @account.id
+    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil? || current_account.id == @account.id
    scope.merge(paginated_follows).to_a
  end
@ -30,7 +30,7 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
  end
  def default_accounts
-    Account.includes(:passive_relationships, :account_stat, :user).references(:passive_relationships)
+    Account.includes(:passive_relationships, :account_stat).references(:passive_relationships)
  end
  def paginated_follows
@ -41,6 +41,10 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
    )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_account_following_index_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@ -4,7 +4,7 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
  before_action -> { authorize_if_got_token! :read, :'read:statuses' }
  before_action :set_account
-  after_action :insert_pagination_headers
+  after_action :insert_pagination_headers, unless: -> { truthy_param?(:pinned) }
  def index
    cache_if_unauthenticated!
@ -19,11 +19,11 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
  end
  def load_statuses
-    @account.unavailable? ? [] : preloaded_account_statuses
+    @account.unavailable? ? [] : cached_account_statuses
  end
-  def preloaded_account_statuses
+  def cached_account_statuses
-    preload_collection_paginated_by_id(
+    cache_collection_paginated_by_id(
      AccountStatusesFilter.new(@account, current_account, params).results,
      Status,
      limit_param(DEFAULT_STATUSES_LIMIT),
@ -35,6 +35,10 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
    params.slice(:limit, *AccountStatusesFilter::KEYS).permit(:limit, *AccountStatusesFilter::KEYS).merge(core_params)
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_account_statuses_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
@ -47,7 +51,11 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
    @statuses.size == limit_param(DEFAULT_STATUSES_LIMIT)
  end
-  def pagination_collection
+  def pagination_max_id
-    @statuses
+    @statuses.last.id
  end
  def pagination_since_id
    @statuses.first.id
  end
 end
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@ -9,22 +9,16 @@ class Api::V1::AccountsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :follow, :write, :'write:blocks' }, only: [:block, :unblock]
  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:create]
-  before_action :require_user!, except: [:index, :show, :create]
+  before_action :require_user!, except: [:show, :create]
-  before_action :set_account, except: [:index, :create]
+  before_action :set_account, except: [:create]
-  before_action :set_accounts, only: [:index]
+  before_action :check_account_approval, except: [:create]
-  before_action :check_account_approval, except: [:index, :create]
+  before_action :check_account_confirmation, except: [:create]
  before_action :check_account_confirmation, except: [:index, :create]
  before_action :check_enabled_registrations, only: [:create]
  before_action :check_accounts_limit, only: [:index]
  skip_before_action :require_authenticated_user!, only: :create
  override_rate_limit_headers :follow, family: :follows
  def index
    render json: @accounts, each_serializer: REST::AccountSerializer
  end
  def show
    cache_if_unauthenticated!
    render json: @account, serializer: REST::AccountSerializer
@ -85,10 +79,6 @@ class Api::V1::AccountsController < Api::BaseController
    @account = Account.find(params[:id])
  end
  def set_accounts
    @accounts = Account.where(id: account_ids).without_unapproved
  end
  def check_account_approval
    raise(ActiveRecord::RecordNotFound) if @account.local? && @account.user_pending?
  end
@ -97,22 +87,10 @@ class Api::V1::AccountsController < Api::BaseController
    raise(ActiveRecord::RecordNotFound) if @account.local? && !@account.user_confirmed?
  end
  def check_accounts_limit
    raise(Mastodon::ValidationError) if account_ids.size > DEFAULT_ACCOUNTS_LIMIT
  end
  def relationships(**options)
    AccountRelationshipsPresenter.new([@account], current_user.account_id, **options)
  end
  def account_ids
    Array(accounts_params[:ids]).uniq.map(&:to_i)
  end
  def accounts_params
    params.permit(ids: [])
  end
  def account_params
    params.permit(:username, :email, :password, :agreement, :locale, :reason, :time_zone, :invite_code)
  end
--- a/app/controllers/api/v1/admin/accounts_controller.rb
+++ b/app/controllers/api/v1/admin/accounts_controller.rb
@ -125,6 +125,10 @@ class Api::V1::Admin::AccountsController < Api::BaseController
    translated_params
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_admin_accounts_url(pagination_params(max_id: pagination_max_id)) if records_continue?
  end
@ -133,8 +137,12 @@ class Api::V1::Admin::AccountsController < Api::BaseController
    api_v1_admin_accounts_url(pagination_params(min_id: pagination_since_id)) unless @accounts.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @accounts
+    @accounts.last.id
  end
  def pagination_since_id
    @accounts.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/admin/canonical_email_blocks_controller.rb
+++ b/app/controllers/api/v1/admin/canonical_email_blocks_controller.rb
@ -65,6 +65,10 @@ class Api::V1::Admin::CanonicalEmailBlocksController < Api::BaseController
    @canonical_email_block = CanonicalEmailBlock.find(params[:id])
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_admin_canonical_email_blocks_url(pagination_params(max_id: pagination_max_id)) if records_continue?
  end
@ -73,8 +77,12 @@ class Api::V1::Admin::CanonicalEmailBlocksController < Api::BaseController
    api_v1_admin_canonical_email_blocks_url(pagination_params(min_id: pagination_since_id)) unless @canonical_email_blocks.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @canonical_email_blocks
+    @canonical_email_blocks.last.id
  end
  def pagination_since_id
    @canonical_email_blocks.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/admin/domain_allows_controller.rb
+++ b/app/controllers/api/v1/admin/domain_allows_controller.rb
@ -61,6 +61,10 @@ class Api::V1::Admin::DomainAllowsController < Api::BaseController
    DomainAllow.all
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_admin_domain_allows_url(pagination_params(max_id: pagination_max_id)) if records_continue?
  end
@ -69,8 +73,12 @@ class Api::V1::Admin::DomainAllowsController < Api::BaseController
    api_v1_admin_domain_allows_url(pagination_params(min_id: pagination_since_id)) unless @domain_allows.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @domain_allows
+    @domain_allows.last.id
  end
  def pagination_since_id
    @domain_allows.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/admin/domain_blocks_controller.rb
+++ b/app/controllers/api/v1/admin/domain_blocks_controller.rb
@ -29,11 +29,10 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
  def create
    authorize :domain_block, :create?
    @domain_block = DomainBlock.new(resource_params)
    existing_domain_block = resource_params[:domain].present? ? DomainBlock.rule_for(resource_params[:domain]) : nil
-    return render json: existing_domain_block, serializer: REST::Admin::ExistingDomainBlockErrorSerializer, status: 422 if conflicts_with_existing_block?(@domain_block, existing_domain_block)
+    return render json: existing_domain_block, serializer: REST::Admin::ExistingDomainBlockErrorSerializer, status: 422 if existing_domain_block.present?
-    @domain_block.save!
+    @domain_block = DomainBlock.create!(resource_params)
    DomainBlockWorker.perform_async(@domain_block.id)
    log_action :create, @domain_block
    render json: @domain_block, serializer: REST::Admin::DomainBlockSerializer
@ -56,10 +55,6 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
  private
  def conflicts_with_existing_block?(domain_block, existing_domain_block)
    existing_domain_block.present? && (existing_domain_block.domain == TagManager.instance.normalize_domain(domain_block.domain) || !domain_block.stricter_than?(existing_domain_block))
  end
  def set_domain_blocks
    @domain_blocks = filtered_domain_blocks.order(id: :desc).to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
  end
@ -77,6 +72,10 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
    params.permit(:severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_admin_domain_blocks_url(pagination_params(max_id: pagination_max_id)) if records_continue?
  end
@ -85,8 +84,12 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
    api_v1_admin_domain_blocks_url(pagination_params(min_id: pagination_since_id)) unless @domain_blocks.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @domain_blocks
+    @domain_blocks.last.id
  end
  def pagination_since_id
    @domain_blocks.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/admin/email_domain_blocks_controller.rb
+++ b/app/controllers/api/v1/admin/email_domain_blocks_controller.rb
@ -58,6 +58,10 @@ class Api::V1::Admin::EmailDomainBlocksController < Api::BaseController
    params.permit(:domain, :allow_with_approval)
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_admin_email_domain_blocks_url(pagination_params(max_id: pagination_max_id)) if records_continue?
  end
@ -66,8 +70,12 @@ class Api::V1::Admin::EmailDomainBlocksController < Api::BaseController
    api_v1_admin_email_domain_blocks_url(pagination_params(min_id: pagination_since_id)) unless @email_domain_blocks.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @email_domain_blocks
+    @email_domain_blocks.last.id
  end
  def pagination_since_id
    @email_domain_blocks.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/admin/ip_blocks_controller.rb
+++ b/app/controllers/api/v1/admin/ip_blocks_controller.rb
@ -63,6 +63,10 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
    params.permit(:ip, :severity, :comment, :expires_in)
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_admin_ip_blocks_url(pagination_params(max_id: pagination_max_id)) if records_continue?
  end
@ -71,8 +75,12 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
    api_v1_admin_ip_blocks_url(pagination_params(min_id: pagination_since_id)) unless @ip_blocks.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @ip_blocks
+    @ip_blocks.last.id
  end
  def pagination_since_id
    @ip_blocks.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/admin/reports_controller.rb
+++ b/app/controllers/api/v1/admin/reports_controller.rb
@ -35,7 +35,6 @@ class Api::V1::Admin::ReportsController < Api::BaseController
  def update
    authorize @report, :update?
    @report.update!(report_params)
    log_action :update, @report
    render json: @report, serializer: REST::Admin::ReportSerializer
  end
@ -89,6 +88,10 @@ class Api::V1::Admin::ReportsController < Api::BaseController
    params.permit(*FILTER_PARAMS)
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_admin_reports_url(pagination_params(max_id: pagination_max_id)) if records_continue?
  end
@ -97,8 +100,12 @@ class Api::V1::Admin::ReportsController < Api::BaseController
    api_v1_admin_reports_url(pagination_params(min_id: pagination_since_id)) unless @reports.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @reports
+    @reports.last.id
  end
  def pagination_since_id
    @reports.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/admin/tags_controller.rb
+++ b/app/controllers/api/v1/admin/tags_controller.rb
@ -44,6 +44,10 @@ class Api::V1::Admin::TagsController < Api::BaseController
    params.permit(:display_name, :trendable, :usable, :listable)
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_admin_tags_url(pagination_params(max_id: pagination_max_id)) if records_continue?
  end
@ -52,8 +56,12 @@ class Api::V1::Admin::TagsController < Api::BaseController
    api_v1_admin_tags_url(pagination_params(min_id: pagination_since_id)) unless @tags.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @tags
+    @tags.last.id
  end
  def pagination_since_id
    @tags.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/admin/trends/links/preview_card_providers_controller.rb
+++ b/app/controllers/api/v1/admin/trends/links/preview_card_providers_controller.rb
@ -42,6 +42,10 @@ class Api::V1::Admin::Trends::Links::PreviewCardProvidersController < Api::BaseC
    @providers = PreviewCardProvider.all.to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_admin_trends_links_preview_card_providers_url(pagination_params(max_id: pagination_max_id)) if records_continue?
  end
@ -50,8 +54,12 @@ class Api::V1::Admin::Trends::Links::PreviewCardProvidersController < Api::BaseC
    api_v1_admin_trends_links_preview_card_providers_url(pagination_params(min_id: pagination_since_id)) unless @providers.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @providers
+    @providers.last.id
  end
  def pagination_since_id
    @providers.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/annual_reports_controller.rb
+++ b/app/controllers/api/v1/annual_reports_controller.rb
@ -1,30 +0,0 @@
 # frozen_string_literal: true
 class Api::V1::AnnualReportsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read, :'read:accounts' }, only: :index
  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, except: :index
  before_action :require_user!
  before_action :set_annual_report, except: :index
  def index
    with_read_replica do
      @presenter = AnnualReportsPresenter.new(GeneratedAnnualReport.where(account_id: current_account.id).pending)
      @relationships = StatusRelationshipsPresenter.new(@presenter.statuses, current_account.id)
    end
    render json: @presenter,
           serializer: REST::AnnualReportsSerializer,
           relationships: @relationships
  end
  def read
    @annual_report.view!
    render_empty
  end
  private
  def set_annual_report
    @annual_report = GeneratedAnnualReport.find_by!(account_id: current_account.id, year: params[:id])
  end
 end
--- a/app/controllers/api/v1/apps/credentials_controller.rb
+++ b/app/controllers/api/v1/apps/credentials_controller.rb
@ -4,6 +4,6 @@ class Api::V1::Apps::CredentialsController < Api::BaseController
  def show
    return doorkeeper_render_error unless valid_doorkeeper_token?
-    render json: doorkeeper_token.application, serializer: REST::ApplicationSerializer
+    render json: doorkeeper_token.application, serializer: REST::ApplicationSerializer, fields: %i(name website vapid_key client_id scopes)
  end
 end
--- a/app/controllers/api/v1/apps_controller.rb
+++ b/app/controllers/api/v1/apps_controller.rb
@ -5,7 +5,7 @@ class Api::V1::AppsController < Api::BaseController
  def create
    @app = Doorkeeper::Application.create!(application_options)
-    render json: @app, serializer: REST::CredentialApplicationSerializer
+    render json: @app, serializer: REST::ApplicationSerializer
  end
  private
@ -24,6 +24,6 @@ class Api::V1::AppsController < Api::BaseController
  end
  def app_params
-    params.permit(:client_name, :scopes, :website, :redirect_uris, redirect_uris: [])
+    params.permit(:client_name, :redirect_uris, :scopes, :website)
  end
 end
--- a/app/controllers/api/v1/blocks_controller.rb
+++ b/app/controllers/api/v1/blocks_controller.rb
@ -17,7 +17,7 @@ class Api::V1::BlocksController < Api::BaseController
  end
  def paginated_blocks
-    @paginated_blocks ||= Block.eager_load(target_account: [:account_stat, :user])
+    @paginated_blocks ||= Block.eager_load(target_account: :account_stat)
                               .joins(:target_account)
                               .merge(Account.without_suspended)
                               .where(account: current_account)
@ -28,6 +28,10 @@ class Api::V1::BlocksController < Api::BaseController
                               )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_blocks_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
@ -36,8 +40,12 @@ class Api::V1::BlocksController < Api::BaseController
    api_v1_blocks_url pagination_params(since_id: pagination_since_id) unless paginated_blocks.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    paginated_blocks
+    paginated_blocks.last.id
  end
  def pagination_since_id
    paginated_blocks.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/bookmarks_controller.rb
+++ b/app/controllers/api/v1/bookmarks_controller.rb
@ -13,11 +13,11 @@ class Api::V1::BookmarksController < Api::BaseController
  private
  def load_statuses
-    preloaded_bookmarks
+    cached_bookmarks
  end
-  def preloaded_bookmarks
+  def cached_bookmarks
-    preload_collection(results.map(&:status), Status)
+    cache_collection(results.map(&:status), Status)
  end
  def results
@ -31,6 +31,10 @@ class Api::V1::BookmarksController < Api::BaseController
    current_account.bookmarks
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_bookmarks_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
@ -39,8 +43,12 @@ class Api::V1::BookmarksController < Api::BaseController
    api_v1_bookmarks_url pagination_params(min_id: pagination_since_id) unless results.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    results
+    results.last.id
  end
  def pagination_since_id
    results.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/conversations_controller.rb
+++ b/app/controllers/api/v1/conversations_controller.rb
@ -53,6 +53,10 @@ class Api::V1::ConversationsController < Api::BaseController
                       .to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_conversations_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
--- a/app/controllers/api/v1/crypto/encrypted_messages_controller.rb
+++ b/app/controllers/api/v1/crypto/encrypted_messages_controller.rb
@ -29,6 +29,10 @@ class Api::V1::Crypto::EncryptedMessagesController < Api::BaseController
    @encrypted_messages = @current_device.encrypted_messages.to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_crypto_encrypted_messages_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
@ -37,8 +41,12 @@ class Api::V1::Crypto::EncryptedMessagesController < Api::BaseController
    api_v1_crypto_encrypted_messages_url pagination_params(min_id: pagination_since_id) unless @encrypted_messages.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @encrypted_messages
+    @encrypted_messages.last.id
  end
  def pagination_since_id
    @encrypted_messages.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/directories_controller.rb
+++ b/app/controllers/api/v1/directories_controller.rb
@ -27,7 +27,7 @@ class Api::V1::DirectoriesController < Api::BaseController
      scope.merge!(local_account_scope) if local_accounts?
      scope.merge!(account_exclusion_scope) if current_account
      scope.merge!(account_domain_block_scope) if current_account && !local_accounts?
-    end.includes(:account_stat, user: :role)
+    end
  end
  def local_accounts?
--- a/app/controllers/api/v1/domain_blocks_controller.rb
+++ b/app/controllers/api/v1/domain_blocks_controller.rb
@ -38,6 +38,10 @@ class Api::V1::DomainBlocksController < Api::BaseController
    current_account.domain_blocks
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_domain_blocks_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
@ -46,8 +50,12 @@ class Api::V1::DomainBlocksController < Api::BaseController
    api_v1_domain_blocks_url pagination_params(since_id: pagination_since_id) unless @blocks.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @blocks
+    @blocks.last.id
  end
  def pagination_since_id
    @blocks.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/endorsements_controller.rb
+++ b/app/controllers/api/v1/endorsements_controller.rb
@ -25,7 +25,11 @@ class Api::V1::EndorsementsController < Api::BaseController
  end
  def endorsed_accounts
-    current_account.endorsed_accounts.includes(:account_stat, :user).without_suspended
+    current_account.endorsed_accounts.includes(:account_stat).without_suspended
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
@ -40,8 +44,12 @@ class Api::V1::EndorsementsController < Api::BaseController
    api_v1_endorsements_url pagination_params(since_id: pagination_since_id) unless @accounts.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @accounts
+    @accounts.last.id
  end
  def pagination_since_id
    @accounts.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/favourites_controller.rb
+++ b/app/controllers/api/v1/favourites_controller.rb
@ -13,11 +13,11 @@ class Api::V1::FavouritesController < Api::BaseController
  private
  def load_statuses
-    preloaded_favourites
+    cached_favourites
  end
-  def preloaded_favourites
+  def cached_favourites
-    preload_collection(results.map(&:status), Status)
+    cache_collection(results.map(&:status), Status)
  end
  def results
@ -31,6 +31,10 @@ class Api::V1::FavouritesController < Api::BaseController
    current_account.favourites
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_favourites_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
@ -39,8 +43,12 @@ class Api::V1::FavouritesController < Api::BaseController
    api_v1_favourites_url pagination_params(min_id: pagination_since_id) unless results.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    results
+    results.last.id
  end
  def pagination_since_id
    results.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/featured_tags/suggestions_controller.rb
+++ b/app/controllers/api/v1/featured_tags/suggestions_controller.rb
@ -12,6 +12,6 @@ class Api::V1::FeaturedTags::SuggestionsController < Api::BaseController
  private
  def set_recently_used_tags
-    @recently_used_tags = Tag.suggestions_for_account(current_account).limit(10)
+    @recently_used_tags = Tag.recently_used(current_account).where.not(id: current_account.featured_tags).limit(10)
  end
 end
--- a/app/controllers/api/v1/follow_requests_controller.rb
+++ b/app/controllers/api/v1/follow_requests_controller.rb
@ -37,7 +37,7 @@ class Api::V1::FollowRequestsController < Api::BaseController
  end
  def default_accounts
-    Account.without_suspended.includes(:follow_requests, :account_stat, :user).references(:follow_requests)
+    Account.without_suspended.includes(:follow_requests, :account_stat).references(:follow_requests)
  end
  def paginated_follow_requests
@ -48,6 +48,10 @@ class Api::V1::FollowRequestsController < Api::BaseController
    )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_follow_requests_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
--- a/app/controllers/api/v1/followed_tags_controller.rb
+++ b/app/controllers/api/v1/followed_tags_controller.rb
@ -22,6 +22,10 @@ class Api::V1::FollowedTagsController < Api::BaseController
    )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_followed_tags_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
@ -30,8 +34,12 @@ class Api::V1::FollowedTagsController < Api::BaseController
    api_v1_followed_tags_url pagination_params(since_id: pagination_since_id) unless @results.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @results
+    @results.last.id
  end
  def pagination_since_id
    @results.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/lists/accounts_controller.rb
+++ b/app/controllers/api/v1/lists/accounts_controller.rb
@ -37,9 +37,9 @@ class Api::V1::Lists::AccountsController < Api::BaseController
  def load_accounts
    if unlimited?
-      @list.accounts.without_suspended.includes(:account_stat, :user).all
+      @list.accounts.without_suspended.includes(:account_stat).all
    else
-      @list.accounts.without_suspended.includes(:account_stat, :user).paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id])
+      @list.accounts.without_suspended.includes(:account_stat).paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id])
    end
  end
@ -55,6 +55,10 @@ class Api::V1::Lists::AccountsController < Api::BaseController
    params.permit(account_ids: [])
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    return if unlimited?
@ -67,8 +71,12 @@ class Api::V1::Lists::AccountsController < Api::BaseController
    api_v1_list_accounts_url pagination_params(since_id: pagination_since_id) unless @accounts.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @accounts
+    @accounts.last.id
  end
  def pagination_since_id
    @accounts.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/markers_controller.rb
+++ b/app/controllers/api/v1/markers_controller.rb
@ -19,7 +19,7 @@ class Api::V1::MarkersController < Api::BaseController
      @markers = {}
      resource_params.each_pair do |timeline, timeline_params|
-        @markers[timeline] = current_user.markers.find_or_create_by(timeline: timeline)
+        @markers[timeline] = current_user.markers.find_or_initialize_by(timeline: timeline)
        @markers[timeline].update!(timeline_params)
      end
    end
--- a/app/controllers/api/v1/mutes_controller.rb
+++ b/app/controllers/api/v1/mutes_controller.rb
@ -17,7 +17,7 @@ class Api::V1::MutesController < Api::BaseController
  end
  def paginated_mutes
-    @paginated_mutes ||= Mute.eager_load(target_account: [:account_stat, :user])
+    @paginated_mutes ||= Mute.eager_load(:target_account)
                             .joins(:target_account)
                             .merge(Account.without_suspended)
                             .where(account: current_account)
@ -28,6 +28,10 @@ class Api::V1::MutesController < Api::BaseController
                             )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_mutes_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
@ -36,8 +40,12 @@ class Api::V1::MutesController < Api::BaseController
    api_v1_mutes_url pagination_params(since_id: pagination_since_id) unless paginated_mutes.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    paginated_mutes
+    paginated_mutes.last.id
  end
  def pagination_since_id
    paginated_mutes.first.id
  end
  def records_continue?
--- a/app/controllers/api/v1/notifications/policies_controller.rb
+++ b/app/controllers/api/v1/notifications/policies_controller.rb
@ -1,37 +0,0 @@
 # frozen_string_literal: true
 class Api::V1::Notifications::PoliciesController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read, :'read:notifications' }, only: :show
  before_action -> { doorkeeper_authorize! :write, :'write:notifications' }, only: :update
  before_action :require_user!
  before_action :set_policy
  def show
    render json: @policy, serializer: REST::NotificationPolicySerializer
  end
  def update
    @policy.update!(resource_params)
    render json: @policy, serializer: REST::NotificationPolicySerializer
  end
  private
  def set_policy
    @policy = NotificationPolicy.find_or_initialize_by(account: current_account)
    with_read_replica do
      @policy.summarize!
    end
  end
  def resource_params
    params.permit(
      :filter_not_following,
      :filter_not_followers,
      :filter_new_accounts,
      :filter_private_mentions
    )
  end
 end
--- a/app/controllers/api/v1/notifications/requests_controller.rb
+++ b/app/controllers/api/v1/notifications/requests_controller.rb
@ -1,75 +0,0 @@
 # frozen_string_literal: true
 class Api::V1::Notifications::RequestsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read, :'read:notifications' }, only: :index
  before_action -> { doorkeeper_authorize! :write, :'write:notifications' }, except: :index
  before_action :require_user!
  before_action :set_request, except: :index
  after_action :insert_pagination_headers, only: :index
  def index
    with_read_replica do
      @requests = load_requests
      @relationships = relationships
    end
    render json: @requests, each_serializer: REST::NotificationRequestSerializer, relationships: @relationships
  end
  def show
    render json: @request, serializer: REST::NotificationRequestSerializer
  end
  def accept
    AcceptNotificationRequestService.new.call(@request)
    render_empty
  end
  def dismiss
    @request.update!(dismissed: true)
    render_empty
  end
  private
  def load_requests
    requests = NotificationRequest.where(account: current_account).where(dismissed: truthy_param?(:dismissed) || false).includes(:last_status, from_account: [:account_stat, :user]).to_a_paginated_by_id(
      limit_param(DEFAULT_ACCOUNTS_LIMIT),
      params_slice(:max_id, :since_id, :min_id)
    )
    NotificationRequest.preload_cache_collection(requests) do |statuses|
      preload_collection(statuses, Status)
    end
  end
  def relationships
    StatusRelationshipsPresenter.new(@requests.map(&:last_status), current_user&.account_id)
  end
  def set_request
    @request = NotificationRequest.where(account: current_account).find(params[:id])
  end
  def next_path
    api_v1_notifications_requests_url pagination_params(max_id: pagination_max_id) unless @requests.empty?
  end
  def prev_path
    api_v1_notifications_requests_url pagination_params(min_id: pagination_since_id) unless @requests.empty?
  end
  def pagination_max_id
    @requests.last.id
  end
  def pagination_since_id
    @requests.first.id
  end
  def pagination_params(core_params)
    params.slice(:dismissed).permit(:dismissed).merge(core_params)
  end
 end
--- a/app/controllers/api/v1/notifications_controller.rb
+++ b/app/controllers/api/v1/notifications_controller.rb
@ -50,7 +50,7 @@ class Api::V1::NotificationsController < Api::BaseController
    )
    Notification.preload_cache_collection_target_statuses(notifications) do |target_statuses|
-      preload_collection(target_statuses, Status)
+      cache_collection(target_statuses, Status)
    end
  end
@ -58,8 +58,7 @@ class Api::V1::NotificationsController < Api::BaseController
    current_account.notifications.without_suspended.browserable(
      types: Array(browserable_params[:types]),
      exclude_types: Array(browserable_params[:exclude_types]),
-      from_account_id: browserable_params[:account_id],
+      from_account_id: browserable_params[:account_id]
      include_filtered: truthy_param?(:include_filtered)
    )
  end
@ -67,6 +66,10 @@ class Api::V1::NotificationsController < Api::BaseController
    @notifications.reject { |notification| notification.target_status.nil? }.map(&:target_status)
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_notifications_url pagination_params(max_id: pagination_max_id) unless @notifications.empty?
  end
@ -75,15 +78,19 @@ class Api::V1::NotificationsController < Api::BaseController
    api_v1_notifications_url pagination_params(min_id: pagination_since_id) unless @notifications.empty?
  end
-  def pagination_collection
+  def pagination_max_id
-    @notifications
+    @notifications.last.id
  end
  def pagination_since_id
    @notifications.first.id
  end
  def browserable_params
-    params.permit(:account_id, :include_filtered, types: [], exclude_types: [])
+    params.permit(:account_id, types: [], exclude_types: [])
  end
  def pagination_params(core_params)
-    params.slice(:limit, :account_id, :types, :exclude_types, :include_filtered).permit(:limit, :account_id, :include_filtered, types: [], exclude_types: []).merge(core_params)
+    params.slice(:limit, :account_id, :types, :exclude_types).permit(:limit, :account_id, types: [], exclude_types: []).merge(core_params)
  end
 end
--- a/app/controllers/api/v1/peers/search_controller.rb
+++ b/app/controllers/api/v1/peers/search_controller.rb
@ -27,7 +27,7 @@ class Api::V1::Peers::SearchController < Api::BaseController
      @domains = InstancesIndex.query(function_score: {
        query: {
          prefix: {
-            domain: normalized_domain,
+            domain: TagManager.instance.normalize_domain(params[:q].strip),
          },
        },
@ -37,18 +37,11 @@ class Api::V1::Peers::SearchController < Api::BaseController
        },
      }).limit(10).pluck(:domain)
    else
-      domain = normalized_domain
+      domain = params[:q].strip
-      @domains = Instance.searchable.domain_starts_with(domain).limit(10).pluck(:domain)
+      domain = TagManager.instance.normalize_domain(domain)
      @domains = Instance.searchable.where(Instance.arel_table[:domain].matches("#{Instance.sanitize_sql_like(domain)}%", false, true)).limit(10).pluck(:domain)
    end
  rescue Addressable::URI::InvalidURIError
    @domains = []
  end
  def normalized_domain
    TagManager.instance.normalize_domain(query_value)
  end
  def query_value
    params[:q].strip
  end
 end
--- a/app/controllers/api/v1/push/subscriptions_controller.rb
+++ b/app/controllers/api/v1/push/subscriptions_controller.rb
@ -1,12 +1,9 @@
 # frozen_string_literal: true
 class Api::V1::Push::SubscriptionsController < Api::BaseController
  include Redisable
  include Lockable
  before_action -> { doorkeeper_authorize! :push }
  before_action :require_user!
-  before_action :set_push_subscription, only: [:show, :update]
+  before_action :set_push_subscription
  before_action :check_push_subscription, only: [:show, :update]
  def show
@ -14,8 +11,7 @@ class Api::V1::Push::SubscriptionsController < Api::BaseController
  end
  def create
-    with_redis_lock("push_subscription:#{current_user.id}") do
+    @push_subscription&.destroy!
      destroy_web_push_subscriptions!
    @push_subscription = Web::PushSubscription.create!(
      endpoint: subscription_params[:endpoint],
@ -25,7 +21,6 @@ class Api::V1::Push::SubscriptionsController < Api::BaseController
      user_id: current_user.id,
      access_token_id: doorkeeper_token.id
    )
    end
    render json: @push_subscription, serializer: REST::WebPushSubscriptionSerializer
  end
@ -36,18 +31,14 @@ class Api::V1::Push::SubscriptionsController < Api::BaseController
  end
  def destroy
-    destroy_web_push_subscriptions!
+    @push_subscription&.destroy!
    render_empty
  end
  private
  def destroy_web_push_subscriptions!
    doorkeeper_token.web_push_subscriptions.destroy_all
  end
  def set_push_subscription
-    @push_subscription = doorkeeper_token.web_push_subscriptions.first
+    @push_subscription = Web::PushSubscription.find_by(access_token_id: doorkeeper_token.id)
  end
  def check_push_subscription
--- a/app/controllers/api/v1/scheduled_statuses_controller.rb
+++ b/app/controllers/api/v1/scheduled_statuses_controller.rb
@ -47,6 +47,10 @@ class Api::V1::ScheduledStatusesController < Api::BaseController
    params.slice(:limit).permit(:limit).merge(core_params)
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_scheduled_statuses_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
@ -59,7 +63,11 @@ class Api::V1::ScheduledStatusesController < Api::BaseController
    @statuses.size == limit_param(DEFAULT_STATUSES_LIMIT)
  end
-  def pagination_collection
+  def pagination_max_id
-    @statuses
+    @statuses.last.id
  end
  def pagination_since_id
    @statuses.first.id
  end
 end
--- a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
+++ b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
@ -14,14 +14,14 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::V1::Statuses::Bas
  def load_accounts
    scope = default_accounts
-    scope = scope.not_excluded_by_account(current_account) unless current_account.nil?
+    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil?
    scope.merge(paginated_favourites).to_a
  end
  def default_accounts
    Account
      .without_suspended
-      .includes(:favourites, :account_stat, :user)
+      .includes(:favourites, :account_stat)
      .references(:favourites)
      .where(favourites: { status_id: @status.id })
  end
@ -34,6 +34,10 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::V1::Statuses::Bas
    )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_status_favourited_by_index_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
--- a/app/controllers/api/v1/statuses/reactions_controller.rb
+++ b/app/controllers/api/v1/statuses/reactions_controller.rb
@ -1,8 +1,11 @@
 # frozen_string_literal: true
-class Api::V1::Statuses::ReactionsController < Api::V1::Statuses::BaseController
+class Api::V1::Statuses::ReactionsController < Api::BaseController
  include Authorization
  before_action -> { doorkeeper_authorize! :write, :'write:favourites' }
  before_action :require_user!
  before_action :set_status
  def create
    ReactService.new.call(current_account, @status, params[:id])
@ -16,4 +19,13 @@ class Api::V1::Statuses::ReactionsController < Api::V1::Statuses::BaseController
  rescue Mastodon::NotPermittedError
    not_found
  end
  private
  def set_status
    @status = Status.find(params[:status_id])
    authorize @status, :show?
  rescue Mastodon::NotPermittedError
    not_found
  end
 end
--- a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
@ -14,22 +14,26 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::V1::Statuses::Base
  def load_accounts
    scope = default_accounts
-    scope = scope.not_excluded_by_account(current_account) unless current_account.nil?
+    scope = scope.where.not(id: current_account.excluded_from_timeline_account_ids) unless current_account.nil?
    scope.merge(paginated_statuses).to_a
  end
  def default_accounts
-    Account.without_suspended.includes(:statuses, :account_stat, :user).references(:statuses)
+    Account.without_suspended.includes(:statuses, :account_stat).references(:statuses)
  end
  def paginated_statuses
-    Status.where(reblog_of_id: @status.id).distributable_visibility.paginate_by_max_id(
+    Status.where(reblog_of_id: @status.id).where(visibility: [:public, :unlisted]).paginate_by_max_id(
      limit_param(DEFAULT_ACCOUNTS_LIMIT),
      params[:max_id],
      params[:since_id]
    )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    api_v1_status_reblogged_by_index_url pagination_params(max_id: pagination_max_id) if records_continue?
  end
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@ -5,11 +5,9 @@ class Api::V1::StatusesController < Api::BaseController
  before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :update, :destroy]
  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :update, :destroy]
-  before_action :require_user!, except:      [:index, :show, :context]
+  before_action :require_user!, except:  [:show, :context]
  before_action :set_statuses, only:         [:index]
  before_action :set_status, only:       [:show, :context]
  before_action :set_thread, only:       [:create]
  before_action :check_statuses_limit, only: [:index]
  override_rate_limit_headers :create, family: :statuses
  override_rate_limit_headers :update, family: :statuses
@ -25,14 +23,9 @@ class Api::V1::StatusesController < Api::BaseController
  DESCENDANTS_LIMIT       = 60
  DESCENDANTS_DEPTH_LIMIT = 20
  def index
    @statuses = preload_collection(@statuses, Status)
    render json: @statuses, each_serializer: REST::StatusSerializer
  end
  def show
    cache_if_unauthenticated!
-    @status = preload_collection([@status], Status).first
+    @status = cache_collection([@status], Status).first
    render json: @status, serializer: REST::StatusSerializer
  end
@ -51,8 +44,8 @@ class Api::V1::StatusesController < Api::BaseController
    ancestors_results   = @status.in_reply_to_id.nil? ? [] : @status.ancestors(ancestors_limit, current_account)
    descendants_results = @status.descendants(descendants_limit, current_account, descendants_depth_limit)
-    loaded_ancestors    = preload_collection(ancestors_results, Status)
+    loaded_ancestors    = cache_collection(ancestors_results, Status)
-    loaded_descendants  = preload_collection(descendants_results, Status)
+    loaded_descendants  = cache_collection(descendants_results, Status)
    @context = Context.new(ancestors: loaded_ancestors, descendants: loaded_descendants)
    statuses = [@status] + @context.ancestors + @context.descendants
@ -79,9 +72,13 @@ class Api::V1::StatusesController < Api::BaseController
      with_rate_limit: true
    )
-    render json: @status, serializer: serializer_for_status
+    render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
  rescue PostStatusService::UnexpectedMentionsError => e
-    render json: unexpected_accounts_error_json(e), status: 422
+    unexpected_accounts = ActiveModel::Serializer::CollectionSerializer.new(
      e.accounts,
      serializer: REST::AccountSerializer
    )
    render json: { error: e.message, unexpected_accounts: unexpected_accounts }, status: 422
  end
  def update
@ -120,10 +117,6 @@ class Api::V1::StatusesController < Api::BaseController
  private
  def set_statuses
    @statuses = Status.permitted_statuses_from_ids(status_ids, current_account)
  end
  def set_status
    @status = Status.find(params[:id])
    authorize @status, :show?
@ -138,18 +131,6 @@ class Api::V1::StatusesController < Api::BaseController
    render json: { error: I18n.t('statuses.errors.in_reply_not_found') }, status: 404
  end
  def check_statuses_limit
    raise(Mastodon::ValidationError) if status_ids.size > DEFAULT_STATUSES_LIMIT
  end
  def status_ids
    Array(statuses_params[:ids]).uniq.map(&:to_i)
  end
  def statuses_params
    params.permit(ids: [])
  end
  def status_params
    params.permit(
      :status,
@ -177,21 +158,6 @@ class Api::V1::StatusesController < Api::BaseController
    )
  end
  def serializer_for_status
    @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
  end
  def unexpected_accounts_error_json(error)
    {
      error: error.message,
      unexpected_accounts: serialized_accounts(error.accounts),
    }
  end
  def serialized_accounts(accounts)
    ActiveModel::Serializer::CollectionSerializer.new(accounts, serializer: REST::AccountSerializer)
  end
  def pagination_params(core_params)
    params.slice(:limit).permit(:limit).merge(core_params)
  end
--- a/Show more
+++ b/Show more