Merge branch 'qiitadon' into qiitadon-v1.5.0

Conflicts:
      Gemfile.lock
      README.md
      app/controllers/admin/settings_controller.rb
      app/javascript/mastodon/features/ui/index.js
      app/javascript/mastodon/locales/en.json
      app/javascript/mastodon/locales/ja.json
      app/javascript/packs/public.js
      app/models/user.rb
      app/presenters/instance_presenter.rb
      app/views/about/_links.html.haml
      app/views/about/_registration.html.haml
      app/views/about/show.html.haml
      app/views/admin/settings/edit.html.haml
      app/views/api/v1/accounts/show.rabl
      app/views/auth/registrations/edit.html.haml
      app/views/home/initial_state.json.rabl
      config/locales/en.yml
      config/locales/ja.yml
      config/routes.rb
      public/android-chrome-192x192.png
      public/apple-touch-icon.png
      public/favicon.ico

.env.production.sample

@@ -112,6 +112,11 @@ SMTP_FROM_ADDRESS=notifications@example.com
 # If you comment out following line, cluster number will be `numOfCpuCores - 1`.
 STREAMING_CLUSTER_NUM=1
 
+SENTRY_DSN=
+
+QIITA_CLIENT_ID=
+QIITA_CLIENT_SECRET=
+
 # Docker mastodon user
 # If you use Docker, you may want to assign UID/GID manually.
 # UID=1000

.env.sample

@@ -0,0 +1,35 @@
+# Service dependencies
+REDIS_HOST=redis
+REDIS_PORT=6379
+# REDIS_DB=0
+DB_HOST=db
+DB_USER=postgres
+DB_PASS=
+
+# Federation
+LOCAL_DOMAIN=localhost:3000
+LOCAL_HTTPS=false
+
+# Application secrets
+# Generate each with the `rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
+PAPERCLIP_SECRET=RANDOM_STRING
+SECRET_KEY_BASE=RANDOM_STRING
+OTP_SECRET=RANDOM_STRING
+
+# VAPID keys (used for push notifications
+# You can generate the keys using the following command (first is the private key, second is the public one)
+# You should only generate this once per instance. If you later decide to change it, all push subscription will
+# be invalidated, requiring the users to access the website again to resubscribe.
+#
+# Generate with `rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
+#
+# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
+VAPID_PRIVATE_KEY=
+VAPID_PUBLIC_KEY=
+
+# Cluster number setting for streaming API server.
+# If you comment out following line, cluster number will be `numOfCpuCores - 1`.
+STREAMING_CLUSTER_NUM=1
+
+QIITA_CLIENT_ID=
+QIITA_CLIENT_SECRET=

Dockerfile-development

@@ -0,0 +1,50 @@
+FROM ruby:2.4.1-alpine
+
+LABEL maintainer="https://github.com/increments/mastodon" \
+      description="A GNU Social-compatible microblogging server"
+
+ENV UID=991 GID=991
+
+EXPOSE 3000 4000
+
+WORKDIR /mastodon
+
+RUN echo "@edge https://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories \
+ && apk -U upgrade \
+ && apk add -t build-dependencies \
+    build-base \
+    libxml2-dev \
+    libxslt-dev \
+    postgresql-dev \
+    protobuf-dev \
+    python \
+ && apk add \
+    ca-certificates \
+    ffmpeg \
+    file \
+    git \
+    imagemagick@edge \
+    libpq \
+    libxml2 \
+    libxslt \
+    nodejs-npm@edge \
+    nodejs@edge \
+    protobuf \
+    su-exec \
+    tini \
+ && npm install -g npm@3 && npm install -g yarn \
+ && update-ca-certificates \
+ && rm -rf /tmp/* /var/cache/apk/*
+
+COPY Gemfile Gemfile.lock package.json yarn.lock /mastodon/
+
+RUN bundle install \
+ && yarn --ignore-optional
+
+COPY . /mastodon
+
+COPY docker_entrypoint.sh /usr/local/bin/run
+
+RUN chmod +x /usr/local/bin/run
+
+ENTRYPOINT ["/usr/local/bin/run"]

Gemfile

@@ -41,6 +41,8 @@ gem 'link_header', '~> 0.0'
 gem 'mime-types', '~> 3.1'
 gem 'nokogiri', '~> 1.7'
 gem 'oj', '~> 3.0'
+gem 'omniauth', '~> 1.6'
+gem 'omniauth_qiita', '~> 0.1'
 gem 'ostatus2', '~> 2.0'
 gem 'ox', '~> 2.5'
 gem 'pundit', '~> 1.1'
@@ -55,6 +57,7 @@ gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
 gem 'rqrcode', '~> 0.10'
 gem 'ruby-oembed', '~> 0.12', require: 'oembed'
 gem 'sanitize', '~> 4.4'
+gem 'sentry-raven', '~> 2.4'
 gem 'sidekiq', '~> 5.0'
 gem 'sidekiq-scheduler', '~> 2.1'
 gem 'sidekiq-unique-jobs', '~> 5.0'

Gemfile.lock

@@ -158,6 +158,8 @@ GEM
     fabrication (2.16.1)
     faker (1.7.3)
       i18n (~> 0.5)
+    faraday (0.11.0)
+      multipart-post (>= 1.2, < 3)
     fast_blank (1.0.0)
     ffi (1.9.18)
     fuubar (2.2.0)
@@ -180,6 +182,7 @@ GEM
       hamlit (>= 1.2.0)
       railties (>= 4.0.1)
     hashdiff (0.3.4)
+    hashie (3.5.5)
     highline (1.7.8)
     hiredis (0.6.1)
     hkdf (0.3.0)
@@ -256,6 +259,8 @@ GEM
     minitest (5.10.2)
     msgpack (1.1.0)
     multi_json (1.12.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
     net-scp (1.2.1)
       net-ssh (>= 2.6.5)
     net-ssh (4.1.0)
@@ -264,7 +269,22 @@ GEM
       mini_portile2 (~> 2.2.0)
     nokogumbo (1.4.13)
       nokogiri
+    oauth2 (1.3.1)
+      faraday (>= 0.8, < 0.12)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
     oj (3.2.0)
+    omniauth (1.6.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-oauth2 (1.4.0)
+      oauth2 (~> 1.0)
+      omniauth (~> 1.2)
+    omniauth_qiita (0.1.0)
+      multi_json (~> 1.10)
+      omniauth-oauth2 (~> 1.2)
     openssl (2.0.4)
     orm_adapter (0.5.0)
     ostatus2 (2.0.1)
@@ -413,6 +433,8 @@ GEM
     scss_lint (0.54.0)
       rake (>= 0.9, < 13)
       sass (~> 3.4.20)
+    sentry-raven (2.4.0)
+      faraday (>= 0.7.6, < 1.0)
     sidekiq (5.0.3)
       concurrent-ruby (~> 1.0)
       connection_pool (~> 2.2, >= 2.2.0)
@@ -541,6 +563,8 @@ DEPENDENCIES
   mime-types (~> 3.1)
   nokogiri (~> 1.7)
   oj (~> 3.0)
+  omniauth (~> 1.6)
+  omniauth_qiita (~> 0.1)
   ostatus2 (~> 2.0)
   ox (~> 2.5)
   paperclip (~> 5.1)
@@ -570,6 +594,7 @@ DEPENDENCIES
   ruby-oembed (~> 0.12)
   sanitize (~> 4.4)
   scss_lint (~> 0.53)
+  sentry-raven (~> 2.4)
   sidekiq (~> 5.0)
   sidekiq-bulk (~> 0.1.1)
   sidekiq-scheduler (~> 2.1)

README.md

@@ -1,5 +1,7 @@
+**Please read this page to develop -> https://github.com/increments/mastodon/wiki**
+
 ![Mastodon](https://i.imgur.com/NhZc40l.png)
-========
+=======
 
 [![Build Status](http://img.shields.io/travis/tootsuite/mastodon.svg)][travis]
 [![Code Climate](https://img.shields.io/codeclimate/github/tootsuite/mastodon.svg)][code_climate]

app/controllers/admin/settings_controller.rb

@@ -19,6 +19,7 @@ class SettingsController < BaseController
       open_registrations
       open_deletion
       timeline_preview
+      prohibit_registrations_except_qiita_oauth
     ).freeze
 
     def edit

app/controllers/auth/omniauth_callbacks_controller.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  include AfterSignInPathLeadable
+
+  def qiita
+    auth_hash = request.env['omniauth.auth']
+
+    if current_user
+      qiita_authorization = QiitaAuthorization.find_or_initialize_by(uid: auth_hash[:uid]) do |qiita_authorization|
+        qiita_authorization.token = auth_hash[:credentials][:token]
+        qiita_authorization.user = current_user
+      end
+
+      if qiita_authorization.save
+        flash[:notice] = I18n.t('omniauth_callbacks.success')
+      else
+        flash[:alert] = I18n.t('omniauth_callbacks.failure')
+      end
+      redirect_to after_sign_in_path_for(current_user)
+    else
+      if authorization = QiitaAuthorization.find_by(uid: auth_hash[:uid])
+        sign_in(authorization.user)
+        redirect_to after_sign_in_path_for(authorization.user)
+      else
+        store_omniauth_data
+        redirect_to new_user_oauth_registration_path
+      end
+    end
+  end
+
+  private
+
+  def store_omniauth_data
+    session[:devise_omniauth_auth] = request.env['omniauth.auth']
+    session[:devise_omniauth_origin] = request.env['omniauth.origin']
+  end
+
+  # @override
+  def location_after_sign_in
+    request.env['omniauth.origin'].presence || stored_location_for(:user)
+  end
+end

app/controllers/auth/registrations_controller.rb

@@ -34,7 +34,15 @@ def after_inactive_sign_up_path_for(_resource)
   end
 
   def check_enabled_registrations
-    redirect_to root_path if single_user_mode? || !Setting.open_registrations
+    redirect_to root_path if single_user_mode? || !Setting.open_registrations || Setting.prohibit_registrations_except_qiita_oauth
+  end
+
+  def update_resource(resource, params)
+    if resource.try(:has_dummy_password?)
+      resource.update_without_current_password(params)
+    else
+      super
+    end
   end
 
   private

app/controllers/concerns/after_sign_in_path_leadable.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module AfterSignInPathLeadable
+  extend ActiveSupport::Concern
+
+  protected
+
+  def after_sign_in_path_for(resource)
+    after_sign_in_path = resolve_url(location_after_sign_in)
+
+    if home_paths(resource).include?((after_sign_in_path || '').split('?').first)
+      root_path
+    else
+      after_sign_in_path || root_path
+    end
+  end
+
+  private
+
+  def home_paths(resource)
+    paths = [about_path]
+    if single_user_mode? && resource.is_a?(User)
+      paths << short_account_path(username: resource.account)
+    end
+    paths
+  end
+
+  def resolve_url(url)
+    uri = URI.parse(url)
+    if !uri.host || uri.host == request.host
+      uri.query ? "#{uri.path}?#{uri.query}" : uri.path
+    else
+      nil
+    end
+  rescue URI::InvalidURIError => e
+    nil
+  end
+
+  def location_after_sign_in
+    fail NotImplementedError
+  end
+end

app/controllers/oauth_registrations_controller.rb

@@ -0,0 +1,46 @@
+class OauthRegistrationsController < DeviseController
+  include AfterSignInPathLeadable
+  layout 'auth'
+
+  before_action :check_enabled_registrations
+  before_action :require_omniauth_auth
+  before_action :require_no_authentication
+
+  def new
+    @oauth_registration = Form::OauthRegistration.from_omniauth_auth(omniauth_auth)
+  end
+
+  def create
+    @oauth_registration = Form::OauthRegistration.from_omniauth_auth(omniauth_auth)
+    @oauth_registration.assign_attributes(
+      params.require(:form_oauth_registration).permit(:email, :username, :password, :password_confirmation).merge(locale: I18n.locale)
+    )
+
+    if @oauth_registration.save
+      sign_in(@oauth_registration.user)
+      redirect_to after_sign_in_path_for(@oauth_registration.user)
+      flash[:notice] = I18n.t('oauth_registration.success')
+    else
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def omniauth_auth
+    @omniauth_auth ||= session[:devise_omniauth_auth].try(:deep_symbolize_keys)
+  end
+
+  def check_enabled_registrations
+    redirect_to root_path if single_user_mode? || !Setting.open_registrations
+  end
+
+  def require_omniauth_auth
+    redirect_to root_path unless omniauth_auth
+  end
+
+  # @override
+  def location_after_sign_in
+    session[:devise_omniauth_origin].presence || stored_location_for(:user)
+  end
+end

app/controllers/settings/qiita_authorizations_controller.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class Settings::QiitaAuthorizationsController < ApplicationController
+  layout 'admin'
+
+  before_action :authenticate_user!
+
+  def show
+    @account = current_account
+    @qiita_authorization = current_account.user.qiita_authorization
+  end
+end

app/helpers/theme_helper.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module ThemeHelper
+  def theme_param
+    params[:theme] == 'dark' ? 'dark' : 'light'
+  end
+
+  def theme_class_name
+    "theme-#{theme_param}"
+  end
+end