Merge remote-tracking branch 'origin/develop' into shigusegubu-new

Reviewed-on: https://git.pleroma.social/pleroma/pleroma/pulls/7889

.forgejo/issue_template/bug.yaml

@@ -0,0 +1,25 @@
+name: 'Bug report'
+about: 'Report a bug in Pleroma'
+body:
+- type: markdown
+  attributes:
+    value: |
+      ### Precheck
+
+      * For support use https://git.pleroma.social/pleroma/pleroma-support or [community channels](https://git.pleroma.social/pleroma/pleroma#community-channels).
+      * Please do a quick search to ensure no similar bug has been reported before. If the bug has not been addressed after 2 weeks, it's fine to bump it.
+      * Try to ensure that the bug is actually related to the Pleroma backend. For example, if a bug happens in Pleroma-FE but not in Mastodon-FE or mobile clients, it's likely that the bug should be filed in [Pleroma-FE](https://git.pleroma.social/pleroma/pleroma-fe/issues/new) repository.
+- type: textarea
+  id: environment
+  attributes:
+    label: Environment
+    value: |
+      * Installation type (OTP or From Source):
+      * Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): 
+      * Elixir version (`elixir -v` for from source installations, N/A for OTP):
+      * Operating system:
+      * PostgreSQL version (`psql -V`):
+- type: textarea
+  id: bug-description
+  attributes:
+    label: Bug description

.forgejo/pull_request_template.md

@@ -0,0 +1,13 @@
+### Checklist
+
+- [ ] Adding a changelog: In the `changelog.d` directory, create a file named `<code>.<type>`.
+
+<!--
+  `<code>` can be anything, but we recommend using a more or less unique identifier to avoid collisions, such as the branch name.
+
+  `<type>` can be `add`, `change`, `remove`, `fix`, `security` or `skip`. `skip` is only used if there is no user-visible change in the PR (for example, only editing comments in the code). Otherwise, choose a type that corresponds to your change.
+
+  In the file, write the changelog entry. For example, if a PR adds group functionality, we can create a file named `group.add` and write `Add group functionality` in it.
+
+  If one changelog entry is not enough, you may add more. But that might mean you can split it into two PRs. Only use more than one changelog entry if you really need to (for example, when one change in the code fix two different bugs, or when refactoring).
+-->

.gitignore

@@ -56,6 +56,9 @@ pleroma.iml
 # asdf
 .tool-versions
 
+# mise
+mise.toml
+
 # Editor temp files
 *~
 *#

.woodpecker/changelog.yaml

@@ -0,0 +1,19 @@
+when:
+  - event: pull_request
+
+labels:
+  platform: linux/amd64
+
+variables:
+  script_file_entrypoint: &script_file_entrypoint
+    - /bin/sh
+    - -c
+    - 'printf "%s" "$CI_SCRIPT" | base64 -d > /tmp/ci-script.sh && /bin/sh -xe /tmp/ci-script.sh'
+
+steps:
+  check-changelog:
+    image: docker.io/alpine:3.23
+    entrypoint: *script_file_entrypoint
+    commands:
+      - apk add --no-cache git
+      - sh ./tools/check-changelog

.woodpecker/docker-combine.yaml

@@ -0,0 +1,60 @@
+when:
+  - event: push
+    branch: ${CI_REPO_DEFAULT_BRANCH}
+    path: [ "**/*.ex", "**/*.eex", "**/*.exs", "mix.lock", ".woodpecker/**", "Dockerfile" ]
+  - event: tag
+  - event: manual
+    branch: ${CI_REPO_DEFAULT_BRANCH}
+  - event: manual
+    branch: stable
+
+depends_on:
+  - docker
+
+skip_clone: true
+
+labels:
+  platform: linux/amd64
+
+steps:
+  docker-develop-combine:
+    image: git.fluffytail.org/phnt/wpc-docker-tagger:latest
+    when:
+      - event: push
+        branch: ${CI_REPO_DEFAULT_BRANCH}
+      - event: manual
+        branch: ${CI_REPO_DEFAULT_BRANCH}
+    settings: &docker_settings
+      registry: "git.pleroma.social"
+      image: "pleroma/pleroma"
+      architectures: [amd64, arm64]
+      tags:
+        - latest
+        - develop
+        - ${CI_COMMIT_SHA:0:8}
+      username:
+        from_secret: pleroma-ci-user
+      password:
+        from_secret: pleroma-ci-password
+
+  docker-stable-combine:
+    image: git.fluffytail.org/phnt/wpc-docker-tagger:latest
+    when:
+      - evaluate: 'CI_PIPELINE_EVENT == "manual" && CI_COMMIT_BRANCH == "stable" && CI_COMMIT_TAG == ""'
+    settings:
+      <<: *docker_settings
+      tags: &stable_docker_tags
+        - latest
+        - stable
+        - ${CI_COMMIT_SHA:0:8}
+
+  docker-stable-tag-combine:
+    image: git.fluffytail.org/phnt/wpc-docker-tagger:latest
+    when:
+      - event: tag
+      - evaluate: 'CI_PIPELINE_EVENT == "manual" && CI_COMMIT_BRANCH == "stable" && CI_COMMIT_TAG != ""'
+    settings:
+      <<: *docker_settings
+      tags:
+        - <<: *stable_docker_tags
+        - ${CI_COMMIT_TAG}

.woodpecker/docker.yaml

@@ -0,0 +1,96 @@
+when:
+  - event: push
+    branch: ${CI_REPO_DEFAULT_BRANCH}
+    path: [ "**/*.ex", "**/*.eex", "**/*.exs", "mix.lock", ".woodpecker/**", "Dockerfile" ]
+  - event: tag
+  - event: manual
+    branch: ${CI_REPO_DEFAULT_BRANCH}
+  - event: manual
+    branch: stable
+
+matrix:
+  platform:
+    - linux/amd64
+    - linux/arm64
+
+# This is needed for the when clauses below.
+labels:
+  platform: ${platform}
+  memory: 'high'
+
+variables:
+  docker_variables: &docker_variables
+    repo: pleroma/pleroma
+    registry: git.pleroma.social
+    username:
+      from_secret: pleroma-ci-user
+    password:
+      from_secret: pleroma-ci-password
+  kaniko_image: &kaniko_image woodpeckerci/plugin-kaniko:2.3.1
+
+steps:
+  docker-develop-amd64:
+    image: woodpeckerci/plugin-kaniko:2.3.1
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+    settings:
+      <<: *docker_variables
+      tags:
+        - latest-amd64
+        - develop-amd64
+        - ${CI_COMMIT_SHA:0:8}-amd64
+
+  docker-develop-arm64:
+    image: woodpeckerci/plugin-kaniko:2.3.1
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+    settings:
+      <<: *docker_variables
+      tags:
+        - latest-arm64
+        - develop-arm64
+        - ${CI_COMMIT_SHA:0:8}-arm64
+
+  docker-stable-amd64:
+    image: *kaniko_image
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "manual" && CI_COMMIT_BRANCH == "stable" && CI_COMMIT_TAG == ""'
+    settings:
+      <<: *docker_variables
+      tags: &amd64_tags
+        - latest-amd64
+        - stable-amd64
+        - ${CI_COMMIT_SHA:0:8}-amd64
+
+  docker-stable-tag-amd64:
+    image: *kaniko_image
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "tag"'
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "manual" && CI_COMMIT_BRANCH == "stable" && CI_COMMIT_TAG != ""'
+    settings:
+      <<: *docker_variables
+      tags:
+        - <<: *amd64_tags
+        - ${CI_COMMIT_TAG}-amd64
+
+  docker-stable-arm64:
+    image: *kaniko_image
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "manual" && CI_COMMIT_BRANCH == "stable" && CI_COMMIT_TAG == ""'
+    settings:
+      <<: *docker_variables
+      tags: &arm64_tags
+        - latest-arm64
+        - stable-arm64
+        - ${CI_COMMIT_SHA:0:8}-arm64
+
+  docker-stable-tag-arm64:
+    image: *kaniko_image
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "tag"'
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "manual" && CI_COMMIT_BRANCH == "stable" && CI_COMMIT_TAG != ""'
+    settings:
+      <<: *docker_variables
+      tags:
+        - <<: *arm64_tags
+        - ${CI_COMMIT_TAG}-arm64

.woodpecker/lint.yaml

@@ -0,0 +1,77 @@
+when:
+  - event: pull_request
+    path: [ "**/*.ex", "**/*.eex", "**/*.exs", "mix.lock", ".woodpecker/**" ]
+  - event: push
+    branch: ${CI_REPO_DEFAULT_BRANCH}
+    path: [ "**/*.ex", "**/*.eex", "**/*.exs", "mix.lock", ".woodpecker/**" ]
+
+labels:
+  platform: linux/amd64
+
+variables:
+  script_file_entrypoint: &script_file_entrypoint
+    - /bin/sh
+    - -c
+    - 'printf "%s" "$CI_SCRIPT" | base64 -d > /tmp/ci-script.sh && /bin/sh -xe /tmp/ci-script.sh'
+
+steps:
+  mix-format:
+    image: &elixir-image
+      docker.io/elixir:1.15-alpine
+    entrypoint: *script_file_entrypoint
+    failure: ignore
+    commands:
+      - |
+        if ! mix format --check-formatted; then
+          touch fail.stamp
+          exit 1
+        fi
+
+  credo:
+    image: *elixir-image
+    entrypoint: *script_file_entrypoint
+    failure: ignore
+    environment:
+      MIX_ENV: test
+    commands:
+      - apk add --no-cache build-base cmake exiftool ffmpeg file-dev git openssl
+      - adduser -D -h /home/testuser testuser
+      - mkdir -p /home/testuser/.mix /home/testuser/.hex
+      - chown -R testuser:testuser . /home/testuser
+      - su testuser -c "HOME=/home/testuser mix local.hex --force"
+      - su testuser -c "HOME=/home/testuser mix local.rebar --force"
+      - su testuser -c "HOME=/home/testuser mix deps.get"
+      - |
+        if ! su testuser -c "HOME=/home/testuser mix analyze"; then
+          touch fail.stamp
+          exit 1
+        fi
+
+  # cycles:
+  #   image: *elixir-image
+  #   failure: ignore
+  #   commands:
+  #     - apk add --no-cache build-base cmake exiftool ffmpeg file-dev git openssl
+  #     - adduser -D -h /home/testuser testuser
+  #     - mkdir -p /home/testuser/.mix /home/testuser/.hex
+  #     - chown -R testuser:testuser . /home/testuser
+  #     - su testuser -c "HOME=/home/testuser mix local.hex --force"
+  #     - su testuser -c "HOME=/home/testuser mix local.rebar --force"
+  #     - su testuser -c "HOME=/home/testuser mix compile"
+  #     - |
+  #       if ! su testuser -c "HOME=/home/testuser mix xref graph --format cycles --label compile | awk '{print $0} END{exit ($0 != \"No cycles found\")}'"; then
+  #       touch fail.stamp
+  #       exit 1
+  #       fi
+
+  ensure-status:
+    image: *elixir-image
+    entrypoint: *script_file_entrypoint
+    commands: |
+      if test -f fail.stamp; then
+        echo "One or more previous steps fails. Failing workflow..."
+        exit 1
+      else
+        echo "All steps passed"
+        exit 0
+      fi

.woodpecker/otp-musl.yaml

@@ -0,0 +1,292 @@
+when:
+  - event: push
+    branch: ${CI_REPO_DEFAULT_BRANCH}
+    path: [ "**/*.ex", "**/*.eex", "**/*.exs", "mix.lock", ".woodpecker/**" ]
+  - event: tag
+  - event: manual
+    branch: ${CI_REPO_DEFAULT_BRANCH}
+  - event: manual
+    branch: stable
+
+matrix:
+  platform:
+    - linux/amd64
+    - linux/arm
+    - linux/arm64
+
+# This is needed for the when clauses below.
+# When the platform clause is fixed, this might not be needed anymore
+labels:
+  platform: ${platform}
+
+variables:
+  script_file_entrypoint: &script_file_entrypoint
+    - /bin/sh
+    - -c
+    - 'printf "%s" "$CI_SCRIPT" | base64 -d > /tmp/ci-script.sh && /bin/sh -xe /tmp/ci-script.sh'
+  build_cmds: &build_cmds
+    - apk add git build-base cmake file-dev openssl vips-dev zip
+    - echo "import Config" > config/prod.secret.exs
+    - mix local.hex --force
+    - mix local.rebar --force
+    - mix deps.get --only prod
+    - mkdir release
+    - export PLEROMA_BUILD_BRANCH=${CI_COMMIT_BRANCH}
+    - mix release --path release
+  build_image_amd64: &build_image_amd64 docker.io/hexpm/elixir-amd64:1.17.3-erlang-27.3.4.2-alpine-3.22.1
+  build_image_arm: &build_image_arm docker.io/arm32v7/elixir:1.17.3-alpine
+  build_image_arm64: &build_image_arm64 docker.io/hexpm/elixir-arm64:1.17.3-erlang-27.3.4.2-alpine-3.22.1
+  artifacts_uploader_image: &artifacts_uploader_image docker.io/woodpeckercommunity/plugin-gitea-package:0.5.0
+  artifacts_uploader_settings: &artifacts_uploader_settings
+    user:
+      from_secret: pleroma-ci-user
+    password:
+      from_secret: pleroma-ci-password
+    owner: 'pleroma'
+  env: &env
+    MIX_ENV: prod
+    VIX_COMPILATION_MODE: PLATFORM_PROVIDED_LIBVIPS
+
+steps:
+  otp-develop-amd64-musl:
+    image: *build_image_amd64
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+    environment: *env
+    commands: &amd64_build
+      - <<: *build_cmds
+      - zip -9rq ${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-amd64-musl.zip release
+
+  otp-stable-amd64-musl:
+    image: *build_image_amd64
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "manual" && CI_COMMIT_BRANCH == "stable"'
+    environment: *env
+    commands: *amd64_build
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  otp-stable-tag-amd64-musl:
+    image: *build_image_amd64
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "tag"'
+    environment: *env
+    commands:
+      - <<: *build_cmds
+      - zip -9rq stable-${CI_COMMIT_SHA:0:8}-amd64-musl.zip release
+
+  otp-develop-arm-musl:
+    image: *build_image_arm
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+    environment: *env
+    commands: &arm_build
+      - <<: *build_cmds
+      - zip -9rq ${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm-musl.zip release
+
+  otp-stable-arm-musl:
+    image: *build_image_arm
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "manual" && CI_COMMIT_BRANCH == "stable"'
+    environment: *env
+    commands: *arm_build
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  otp-stable-tag-arm-musl:
+    image: *build_image_arm
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "tag"'
+    environment: *env
+    commands:
+      - <<: *build_cmds
+      - zip -9rq stable-${CI_COMMIT_SHA:0:8}-arm-musl.zip release
+
+  otp-develop-arm64-musl:
+    image: *build_image_arm64
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+    environment: *env
+    commands: &arm64_build
+      - <<: *build_cmds
+      - zip -9rq ${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm64-musl.zip release
+
+  otp-stable-arm64-musl:
+    image: *build_image_arm64
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "manual" && CI_COMMIT_BRANCH == "stable"'
+    environment: *env
+    commands: *arm64_build
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  otp-stable-tag-arm64-musl:
+    image: *build_image_arm64
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "tag"'
+    environment: *env
+    commands:
+      - <<: *build_cmds
+      - zip -9rq stable-${CI_COMMIT_SHA:0:8}-arm64-musl.zip release
+
+  upload-artifacts-amd64-musl:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "push" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "manual"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-${CI_COMMIT_BRANCH}-amd64-musl
+      package_version: ${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-amd64-musl
+      file_source: ./${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-amd64-musl.zip
+      file_name: pleroma-${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-amd64-musl.zip
+      update: 'true'
+
+  upload-latest-amd64-musl:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "push" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "manual"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-${CI_COMMIT_BRANCH}-amd64-musl
+      package_version: latest
+      file_source: ./${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-amd64-musl.zip
+      file_name: pleroma.zip
+      update: 'true'
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  upload-artifacts-tag-amd64-musl:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "tag"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-stable-amd64-musl
+      package_version: stable-${CI_COMMIT_SHA:0:8}-amd64-musl
+      file_source: ./stable-${CI_COMMIT_SHA:0:8}-amd64-musl.zip
+      file_name: pleroma-stable-${CI_COMMIT_SHA:0:8}-amd64-musl.zip
+      update: 'true'
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  upload-latest-tag-amd64-musl:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "tag"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-stable-amd64-musl
+      package_version: latest
+      file_source: ./stable-${CI_COMMIT_SHA:0:8}-amd64-musl.zip
+      file_name: pleroma.zip
+      update: 'true'
+
+  upload-artifacts-arm-musl:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "push" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "manual"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-${CI_COMMIT_BRANCH}-arm-musl
+      package_version: ${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm-musl
+      file_source: ./${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm-musl.zip
+      file_name: pleroma-${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm-musl.zip
+      update: 'true'
+
+  upload-latest-arm-musl:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "push" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "manual"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-${CI_COMMIT_BRANCH}-arm-musl
+      package_version: latest
+      file_source: ./${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm-musl.zip
+      file_name: pleroma.zip
+      update: 'true'
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  upload-artifacts-tag-arm-musl:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "tag"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-stable-arm-musl
+      package_version: stable-${CI_COMMIT_SHA:0:8}-arm-musl
+      file_source: ./stable-${CI_COMMIT_SHA:0:8}-arm-musl.zip
+      file_name: pleroma-stable-${CI_COMMIT_SHA:0:8}-arm-musl.zip
+      update: 'true'
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  upload-latest-tag-arm-musl:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "tag"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-stable-arm-musl
+      package_version: latest
+      file_source: ./stable-${CI_COMMIT_SHA:0:8}-arm-musl.zip
+      file_name: pleroma.zip
+      update: 'true'
+
+  upload-artifacts-arm64-musl:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "push" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "manual"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-${CI_COMMIT_BRANCH}-arm64-musl
+      package_version: ${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm64-musl
+      file_source: ./${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm64-musl.zip
+      file_name: pleroma-${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm64-musl.zip
+      update: 'true'
+
+  upload-latest-arm64-musl:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "push" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "manual"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-${CI_COMMIT_BRANCH}-arm64-musl
+      package_version: latest
+      file_source: ./${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm64-musl.zip
+      file_name: pleroma.zip
+      update: 'true'
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  upload-artifacts-tag-arm64-musl:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "tag"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-stable-arm64-musl
+      package_version: stable-${CI_COMMIT_SHA:0:8}-arm64-musl
+      file_source: ./stable-${CI_COMMIT_SHA:0:8}-arm64-musl.zip
+      file_name: pleroma-stable-${CI_COMMIT_SHA:0:8}-arm64-musl.zip
+      update: 'true'
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  upload-latest-tag-arm64-musl:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "tag"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-stable-arm64-musl
+      package_version: latest
+      file_source: ./stable-${CI_COMMIT_SHA:0:8}-arm64-musl.zip
+      file_name: pleroma.zip
+      update: 'true'

.woodpecker/otp.yaml

@@ -0,0 +1,293 @@
+when:
+  - event: push
+    branch: ${CI_REPO_DEFAULT_BRANCH}
+    path: [ "**/*.ex", "**/*.eex", "**/*.exs", "mix.lock", ".woodpecker/**" ]
+  - event: tag
+  - event: manual
+    branch: ${CI_REPO_DEFAULT_BRANCH}
+  - event: manual
+    branch: stable
+
+matrix:
+  platform:
+    - linux/amd64
+    - linux/arm
+    - linux/arm64
+
+# This is needed for the when clauses below.
+# When the platform clause is fixed, this might not be needed anymore
+labels:
+  platform: ${platform}
+
+variables:
+  script_file_entrypoint: &script_file_entrypoint
+    - /bin/sh
+    - -c
+    - 'printf "%s" "$CI_SCRIPT" | base64 -d > /tmp/ci-script.sh && /bin/sh -xe /tmp/ci-script.sh'
+  build_cmds: &build_cmds
+    - apt-get update && apt-get install -y cmake libmagic-dev libvips-dev erlang-dev git build-essential zip
+    - echo "import Config" > config/prod.secret.exs
+    - mix local.hex --force
+    - mix local.rebar --force
+    - mix deps.get --only prod
+    - mkdir release
+    - export PLEROMA_BUILD_BRANCH=${CI_COMMIT_BRANCH}
+    - mix release --path release
+  build_image_amd64: &build_image_amd64 docker.io/hexpm/elixir-amd64:1.17.3-erlang-27.3.4.2-ubuntu-noble-20250716
+  build_image_arm: &build_image_arm docker.io/arm32v7/elixir:1.17.3
+  build_image_arm64: &build_image_arm64 docker.io/hexpm/elixir-arm64:1.17.3-erlang-27.3.4.2-ubuntu-noble-20250716
+  artifacts_uploader_image: &artifacts_uploader_image docker.io/woodpeckercommunity/plugin-gitea-package:0.5.0
+  artifacts_uploader_settings: &artifacts_uploader_settings
+    user:
+      from_secret: pleroma-ci-user
+    password:
+      from_secret: pleroma-ci-password
+    owner: 'pleroma'
+  env: &env
+    MIX_ENV: prod
+    VIX_COMPILATION_MODE: PLATFORM_PROVIDED_LIBVIPS
+    DEBIAN_FRONTEND: noninteractive
+
+steps:
+  otp-develop-amd64:
+    image: *build_image_amd64
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+    environment: *env
+    commands: &amd64_build
+      - <<: *build_cmds
+      - zip -9rq ${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-amd64.zip release
+
+  otp-stable-amd64:
+    image: *build_image_amd64
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "manual" && CI_COMMIT_BRANCH == "stable"'
+    environment: *env
+    commands: *amd64_build
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  otp-stable-tag-amd64:
+    image: *build_image_amd64
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "tag"'
+    environment: *env
+    commands:
+      - <<: *build_cmds
+      - zip -9rq stable-${CI_COMMIT_SHA:0:8}-amd64.zip release
+
+  otp-develop-arm:
+    image: *build_image_arm
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+    environment: *env
+    commands: &arm_build
+      - <<: *build_cmds
+      - zip -9rq ${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm.zip release
+
+  otp-stable-arm:
+    image: *build_image_arm
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "manual" && CI_COMMIT_BRANCH == "stable"'
+    environment: *env
+    commands: *arm_build
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  otp-stable-tag-arm:
+    image: *build_image_arm
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "tag"'
+    environment: *env
+    commands:
+      - <<: *build_cmds
+      - zip -9rq stable-${CI_COMMIT_SHA:0:8}-arm.zip release
+
+  otp-develop-arm64:
+    image: *build_image_arm64
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+    environment: *env
+    commands: &arm64_build
+      - <<: *build_cmds
+      - zip -9rq ${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm64.zip release
+
+  otp-stable-arm64:
+    image: *build_image_arm64
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "manual" && CI_COMMIT_BRANCH == "stable"'
+    environment: *env
+    commands: *arm64_build
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  otp-stable-tag-arm64:
+    image: *build_image_arm64
+    entrypoint: *script_file_entrypoint
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "tag"'
+    environment: *env
+    commands:
+      - <<: *build_cmds
+      - zip -9rq stable-${CI_COMMIT_SHA:0:8}-arm64.zip release
+
+  upload-artifacts-amd64:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "push" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "manual"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-${CI_COMMIT_BRANCH}-amd64
+      package_version: ${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-amd64
+      file_source: ./${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-amd64.zip
+      file_name: pleroma-${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-amd64.zip
+      update: 'true'
+
+  upload-latest-amd64:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "push" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "manual"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-${CI_COMMIT_BRANCH}-amd64
+      package_version: latest
+      file_source: ./${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-amd64.zip
+      file_name: pleroma.zip
+      update: 'true'
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  upload-artifacts-tag-amd64:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "tag"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-stable-amd64
+      package_version: stable-${CI_COMMIT_SHA:0:8}-amd64
+      file_source: ./stable-${CI_COMMIT_SHA:0:8}-amd64.zip
+      file_name: pleroma-stable-${CI_COMMIT_SHA:0:8}-amd64.zip
+      update: 'true'
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  upload-latest-tag-amd64:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/amd64" && CI_PIPELINE_EVENT == "tag"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-stable-amd64
+      package_version: latest
+      file_source: ./stable-${CI_COMMIT_SHA:0:8}-amd64.zip
+      file_name: pleroma.zip
+      update: 'true'
+
+  upload-artifacts-arm:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "push" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "manual"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-${CI_COMMIT_BRANCH}-arm
+      package_version: ${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm
+      file_source: ./${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm.zip
+      file_name: pleroma-${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm.zip
+      update: 'true'
+
+  upload-latest-arm:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "push" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "manual"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-${CI_COMMIT_BRANCH}-arm
+      package_version: latest
+      file_source: ./${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm.zip
+      file_name: pleroma.zip
+      update: 'true'
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  upload-artifacts-tag-arm:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "tag"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-stable-arm
+      package_version: stable-${CI_COMMIT_SHA:0:8}-arm
+      file_source: ./stable-${CI_COMMIT_SHA:0:8}-arm.zip
+      file_name: pleroma-stable-${CI_COMMIT_SHA:0:8}-arm.zip
+      update: 'true'
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  upload-latest-tag-arm:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm" && CI_PIPELINE_EVENT == "tag"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-stable-arm
+      package_version: latest
+      file_source: ./stable-${CI_COMMIT_SHA:0:8}-arm.zip
+      file_name: pleroma.zip
+      update: 'true'
+
+  upload-artifacts-arm64:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "push" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "manual"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-${CI_COMMIT_BRANCH}-arm64
+      package_version: ${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm64
+      file_source: ./${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm64.zip
+      file_name: pleroma-${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm64.zip
+      update: 'true'
+
+  upload-latest-arm64:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "push" && CI_COMMIT_BRANCH == "${CI_REPO_DEFAULT_BRANCH}"'
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "manual"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-${CI_COMMIT_BRANCH}-arm64
+      package_version: latest
+      file_source: ./${CI_COMMIT_BRANCH}-${CI_COMMIT_SHA:0:8}-arm64.zip
+      file_name: pleroma.zip
+      update: 'true'
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  upload-artifacts-tag-arm64:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "tag"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-stable-arm64
+      package_version: stable-${CI_COMMIT_SHA:0:8}-arm64
+      file_source: ./stable-${CI_COMMIT_SHA:0:8}-arm64.zip
+      file_name: pleroma-stable-${CI_COMMIT_SHA:0:8}-arm64.zip
+      update: 'true'
+
+  # Tag events don't have CI_COMMIT_BRANCH set, hardcode stable
+  upload-latest-tag-arm64:
+    image: *artifacts_uploader_image
+    when:
+      - evaluate: 'platform == "linux/arm64" && CI_PIPELINE_EVENT == "tag"'
+    settings:
+      <<: *artifacts_uploader_settings
+      package_name: pleroma-otp-stable-arm64
+      package_version: latest
+      file_source: ./stable-${CI_COMMIT_SHA:0:8}-arm64.zip
+      file_name: pleroma.zip
+      update: 'true'

.woodpecker/unit-testing-elixir-1.15.yaml

@@ -0,0 +1,44 @@
+when:
+  - event: pull_request
+    path: [ "**/*.ex", "**/*.eex", "**/*.exs", "mix.lock", ".woodpecker/**" ]
+  - event: push
+    branch: ${CI_REPO_DEFAULT_BRANCH}
+    path: [ "**/*.ex", "**/*.eex", "**/*.exs", "mix.lock", ".woodpecker/**" ]
+
+depends_on:
+  - lint
+
+labels:
+  platform: linux/amd64
+
+variables:
+  script_file_entrypoint: &script_file_entrypoint
+    - /bin/sh
+    - -c
+    - 'printf "%s" "$CI_SCRIPT" | base64 -d > /tmp/ci-script.sh && /bin/sh -xe /tmp/ci-script.sh'
+
+steps:
+  unit-testing-elixir-1.15:
+    image: elixir:1.15-alpine
+    entrypoint: *script_file_entrypoint
+    environment:
+      MIX_ENV: test
+      DB_HOST: postgres
+      DB_PORT: 5432
+    commands:
+      - apk add --no-cache build-base cmake exiftool ffmpeg file-dev git openssl
+      - adduser -D -h /home/testuser testuser
+      - mkdir -p /home/testuser/.mix /home/testuser/.hex
+      - chown -R testuser:testuser . /home/testuser
+      - su testuser -c "HOME=/home/testuser mix local.hex --force"
+      - su testuser -c "HOME=/home/testuser mix local.rebar --force"
+      - su testuser -c "HOME=/home/testuser mix deps.get"
+      - su testuser -c "HOME=/home/testuser mix pleroma.test_runner --preload-modules"
+
+services:
+  postgres:
+    image: postgres:13-alpine
+    environment:
+      POSTGRES_DB: pleroma_test
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres

.woodpecker/unit-testing-elixir-1.18.yaml

@@ -0,0 +1,44 @@
+when:
+  - event: pull_request
+    path: [ "**/*.ex", "**/*.eex", "**/*.exs", "mix.lock", ".woodpecker/**" ]
+  - event: push
+    branch: ${CI_REPO_DEFAULT_BRANCH}
+    path: [ "**/*.ex", "**/*.eex", "**/*.exs", "mix.lock", ".woodpecker/**" ]
+
+depends_on:
+  - lint
+
+labels:
+  platform: linux/amd64
+
+variables:
+  script_file_entrypoint: &script_file_entrypoint
+    - /bin/sh
+    - -c
+    - 'printf "%s" "$CI_SCRIPT" | base64 -d > /tmp/ci-script.sh && /bin/sh -xe /tmp/ci-script.sh'
+
+steps:
+  unit-testing-elixir-1.18:
+    image: elixir:1.18-otp-27-alpine
+    entrypoint: *script_file_entrypoint
+    environment:
+      MIX_ENV: test
+      DB_HOST: postgres
+      DB_PORT: 5432
+    commands:
+      - apk add --no-cache build-base cmake exiftool ffmpeg file-dev git openssl
+      - adduser -D -h /home/testuser testuser
+      - mkdir -p /home/testuser/.mix /home/testuser/.hex
+      - chown -R testuser:testuser . /home/testuser
+      - su testuser -c "HOME=/home/testuser mix local.hex --force"
+      - su testuser -c "HOME=/home/testuser mix local.rebar --force"
+      - su testuser -c "HOME=/home/testuser mix deps.get"
+      - su testuser -c "HOME=/home/testuser mix pleroma.test_runner --preload-modules"
+
+services:
+  postgres:
+    image: postgres:13-alpine
+    environment:
+      POSTGRES_DB: pleroma_test
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres

CHANGELOG.md

@@ -4,6 +4,60 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## 2.10.2
+
+### Security
+
+- ActivityPub: Fixed failed-signature inbox retry handling and signer identity checks to prevent spoofed remote activities from being processed
+
+## 2.10.1
+
+### Changed
+
+- Move avatar_description and header_description fields to the account object
+- Update Bandit to 1.10.4
+- No-op code correctness improvements detected by Elixir 1.19 compiler
+- Downgrade Hackney to 1.20.1
+- Use a custom redirect handler to ensure MediaProxy redirects are followed with Hackney
+- Update Hackney, the default HTTP client, to the latest release which supports Happy Eyeballs for improved IPv6 federation
+- Paginate follow requests
+- Moved Phoenix LiveDashboard to /pleroma/live_dashboard
+- Add mute/block expiry to the relationship object
+- Filter indexable activities before inserting indexing jobs into the queue.
+
+### Added
+
+- Allow assigning users to reports
+- Allow fine-grained announce visibilities
+- Add immutable tag on cache-control header for several endpoints that's serving the same exact things.
+- Add reasonable defaults for :database_config_whitelist
+- Support lists `exclusive` param
+- Add v1/instance/domain_blocks endpoint
+- Add /api/v2/instance profile fields limits info used by Mastodon
+- Added Oban Web dashboard located at /pleroma/oban
+- Add instructions on how to run a release in docker, to make it easier to run on older distros.
+
+### Fixed
+
+- Fix the daily email digest job which was not executing
+- Encode custom emoji URLs in EmojiReact activity tags.
+- Gopher: Fix Ranch listener not being stopped properly on Pleroma restart when database configuration is enabled
+- Fix fetching Hubzilla Actors with alsoKnownAs as string
+- Fix /phoenix/live_dashboard redirect not working when user added a path segment
+- Fix 404 error codes for missing static files
+- Fix OAuth app registration to accept `redirect_uris` as an array of strings (RFC 7591), while keeping backwards compatibility with string input.
+- Correct old migrations for expiring activities and user access tokens.
+- Federate `votersCount` correctly
+- DB prune: Check if user follows hashtag with no objects before deletion
+- Stop the rate limiter from crashing when run with wrong settings.
+- Restore embeds route
+- ReverseProxy: Recursively follow redirects until redirect_limit is reached
+- Fix compilation with vips-8.18.0 with bumping to vix 0.36.0
+
+### Removed
+
+- Docs: Removed outdated, incorrect, unmaintained and inappropriate installation documentation (Arch, NetBSD, NixOS)
+
 ## 2.10
 
 ### Security

README.md

@@ -1,4 +1,4 @@
-<img src="https://git.pleroma.social/pleroma/pleroma/uploads/8cec84f5a084d887339f57deeb8a293e/pleroma-banner-vector-nopad-notext.svg" width="300px" />
+<img src="https://git.pleroma.social/attachments/06a95f5a-7cac-42ad-8b1d-1483f1739f38" width="300px" />
 
 ## About 
 

changelog.d/context-cleanup.skip

@@ -0,0 +1 @@
+litepub-0.1.jsonld cleanup

changelog.d/emoji-reaction-url-escape.fix

@@ -1 +0,0 @@
-Encode custom emoji URLs in EmojiReact activity tags.

changelog.d/hackney-mediaproxy.change

@@ -1 +0,0 @@
-Use a custom redirect handler to ensure MediaProxy redirects are followed with Hackney

changelog.d/hackney.change

@@ -1 +0,0 @@
-Update Hackney, the default HTTP client, to the latest release which supports Happy Eyeballs for improved IPv6 federation

changelog.d/inappropriate-docs.remove

@@ -1 +0,0 @@
-Docs: Removed outdated, incorrect, unmaintained and inappropriate installation documentation (Arch, NetBSD, NixOS)

changelog.d/instance-domain-blocks.add

@@ -1 +0,0 @@
-Add v1/instance/domain_blocks endpoint

changelog.d/mfm-backend.add

@@ -0,0 +1 @@
+Add backend support for Misskey Markdown (MFM) posts

changelog.d/oauth-registration-redirect_uris.fix

@@ -1 +0,0 @@
-Fix OAuth app registration to accept `redirect_uris` as an array of strings (RFC 7591), while keeping backwards compatibility with string input.

changelog.d/oban-web.add

@@ -1 +0,0 @@
-Added Oban Web dashboard located at /pleroma/oban

changelog.d/paginate-follow-requests.change

@@ -1 +0,0 @@
-Paginate follow requests

changelog.d/phoenix-livedashboard-move.change

@@ -1 +0,0 @@
-Moved Phoenix LiveDashboard to /pleroma/live_dashboard

changelog.d/pleroma-fe-link.fix

@@ -0,0 +1 @@
+Updated Pleroma-FE build URL after Forgejo migration

changelog.d/poll-voters-count-inflation.fix

@@ -0,0 +1 @@
+Fix votersCount inflation when same voter picks multiple options

changelog.d/reduce-flaky-tests.skip

@@ -1 +0,0 @@
-Reduce the number of flaky tests by making them sync if they affect the global state, and silence noisy test output.

changelog.d/release-to-docker.add

@@ -1 +0,0 @@
-Add instructions on how to run a release in docker, to make it easier to run on older distros.

changelog.d/vix-0.36.0.fix

@@ -1 +0,0 @@
-Fix compilation with vips-8.18.0 with bumping to vix 0.36.0

config/config.exs

@@ -203,7 +203,8 @@ config :pleroma, :instance,
     "text/plain",
     "text/html",
     "text/markdown",
-    "text/bbcode"
+    "text/bbcode",
+    "text/x.misskeymarkdown"
   ],
   autofollowed_nicknames: [],
   autofollowing_nicknames: [],
@@ -775,7 +776,7 @@ config :pleroma, :frontends,
       "name" => "pleroma-fe",
       "git" => "https://git.pleroma.social/pleroma/pleroma-fe",
       "build_url" =>
-        "https://git.pleroma.social/pleroma/pleroma-fe/-/jobs/artifacts/${ref}/download?job=build",
+        "https://git.pleroma.social/api/packages/pleroma/generic/pleroma-fe-builds/${ref}/latest.zip",
       "ref" => "develop"
     },
     "fedi-fe" => %{
@@ -960,6 +961,15 @@ config :pleroma, Pleroma.Search.QdrantSearch,
     vectors: %{size: 384, distance: "Cosine"}
   }
 
+config :pleroma, :database_config_whitelist, [
+  {:pleroma},
+  {:cors_plug},
+  {:ex_aws, :s3},
+  {:mime},
+  {:prometheus, Pleroma.Web.Endpoint.MetricsExporter},
+  {:web_push_encryption, :vapid_details}
+]
+
 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
 import_config "#{Mix.env()}.exs"

config/description.exs

@@ -815,7 +815,8 @@ config :pleroma, :config_description, [
           "text/plain",
           "text/html",
           "text/markdown",
-          "text/bbcode"
+          "text/bbcode",
+          "text/x.misskeymarkdown"
         ]
       },
       %{
@@ -1394,7 +1395,13 @@ config :pleroma, :config_description, [
             label: "Post Content Type",
             type: {:dropdown, :atom},
             description: "Default post formatting option",
-            suggestions: ["text/plain", "text/html", "text/markdown", "text/bbcode"]
+            suggestions: [
+              "text/plain",
+              "text/html",
+              "text/markdown",
+              "text/bbcode",
+              "text/x.misskeymarkdown"
+            ]
           },
           %{
             key: :redirectRootNoLogin,

docs/administration/CLI_tasks/config.md

@@ -169,4 +169,18 @@ This forcibly removes any enabled MRF that does not exist and will fix the abili
 === "From Source"
     ```sh
     mix pleroma.config fix_mrf_policies
-    ```
+    ```
+
+## Remove non-whitelisted configs from the database
+
+This removes any configuration value that is not explicitly whitelisted by `:pleroma, :database_config_whitelist`. Might be useful after updating the whitelist.
+
+=== "OTP"
+    ```sh
+    ./bin/pleroma_ctl config filter_whitelisted
+    ```
+
+=== "From Source"
+    ```sh
+    mix pleroma.config filter_whitelisted
+    ```

docs/configuration/cheatsheet.md

@@ -1132,8 +1132,9 @@ Boolean, enables/disables in-database configuration. Read [Transferring the conf
 
 List of valid configuration sections which are allowed to be configured from the
 database. Settings stored in the database before the whitelist is configured are
-still applied, so it is suggested to only use the whitelist on instances that
-have not migrated the config to the database.
+still applied. Consider running the `mix pleroma.config filter_whitelisted` task
+after updating the whitelist. Read [Remove non-whitelisted configs from the database](../administration/CLI_tasks/config.md#remove-non-whitelisted-configs-from-the-database)
+for more information.
 
 Example:
 ```elixir

docs/development/API/admin_api.md

@@ -665,6 +665,7 @@ Status: 404
   - *optional* `limit`: **integer** the number of records to retrieve
   - *optional* `page`: **integer** page number
   - *optional* `page_size`: **integer** number of log entries per page (default is `50`)
+  - *optional* `assigned_account`: **string** assigned account ID
 - Response:
   - On failure: 403 Forbidden error `{"error": "error_msg"}` when requested by anonymous or non-admin
   - On success: JSON, returns a list of reports, where:
@@ -749,6 +750,7 @@ Status: 404
         "url": "https://pleroma.example.org/users/lain",
         "username": "lain"
       },
+      "assigned_account": null,
       "content": "Please delete it",
       "created_at": "2019-04-29T19:48:15.000Z",
       "id": "9iJGOv1j8hxuw19bcm",
@@ -868,6 +870,37 @@ Status: 404
   ]
 ```
 
+- Response:
+  - On failure:
+    - 400 Bad Request, JSON:
+
+    ```json
+      [
+        {
+          `id`, // report id
+          `error` // error message
+        }
+      ]
+    ```
+
+  - On success: `204`, empty response
+
+## `POST /api/v1/pleroma/admin/reports/assign_account`
+
+### Assign account to one or multiple reports
+
+- Params:
+
+```json
+  `reports`: [
+    {
+      `id`, // required, report id
+      `nickname` // account nickname, use null to unassign account
+    },
+    ...
+  ]
+```
+
 - Response:
   - On failure:
     - 400 Bad Request, JSON:

docs/development/API/differences_in_mastoapi_responses.md

@@ -74,7 +74,7 @@ Pleroma does not process remote images and therefore cannot include fields such
 
 The `GET /api/v1/bookmarks` endpoint accepts optional parameter `folder_id` for bookmark folder ID.
 
-The `POST /api/v1/statuses/:id/bookmark` endpoint accepts optional parameter `folder_id` for bookmark folder ID.
+The `POST /api/v1/statuses/:id/bookmark` endpoint accepts optional parameter `folder_id` for bookmark folder ID. Bookmarking an already bookmarked post will update the folder association, or remove it if `folder_id` is omitted or `null`.
 
 ## Accounts
 
@@ -127,8 +127,6 @@ Has these additional fields under the `pleroma` object:
 - `notification_settings`: object, can be absent. See `/api/v1/pleroma/notification_settings` for the parameters/keys returned.
 - `accepts_chat_messages`: boolean, but can be null if we don't have that information about a user
 - `favicon`: nullable URL string, Favicon image of the user's instance
-- `avatar_description`: string, image description for user avatar, defaults to empty string
-- `header_description`: string, image description for user banner, defaults to empty string
 
 ### Source
 

docs/development/API/pleroma_api.md

@@ -690,6 +690,7 @@ Audio scrobbling in Pleroma is **deprecated**.
   * `album`: the album of the media playing [optional]
   * `artist`: the artist of the media playing [optional]
   * `length`: the length of the media playing [optional]
+  * `external_link`: a URL referencing the media playing [optional]
 * Response: the newly created media metadata entity representing the Listen activity
 
 # Emoji Reactions

lib/mix/tasks/pleroma/config.ex

@@ -234,6 +234,61 @@ defmodule Mix.Tasks.Pleroma.Config do
     end)
   end
 
+  # Removes non-whitelisted configuration sections
+  def run(["filter_whitelisted" | rest]) do
+    {options, [], []} =
+      OptionParser.parse(
+        rest,
+        strict: [force: :boolean],
+        aliases: [f: :force]
+      )
+
+    force = Keyword.get(options, :force, false)
+
+    start_pleroma()
+
+    whitelisted_configs = Pleroma.Config.get(:database_config_whitelist)
+
+    if whitelisted_configs in [nil, false] do
+      shell_error("No unwanted settings in ConfigDB. No changes made.")
+    else
+      whitelisted_groups =
+        whitelisted_configs
+        |> Enum.filter(fn
+          {_group} -> true
+          _ -> false
+        end)
+        |> Enum.map(fn {group} -> group end)
+
+      whitelisted_keys =
+        whitelisted_configs
+        |> Enum.filter(fn
+          {_group, _key} -> true
+          _ -> false
+        end)
+
+      filtered =
+        from(c in ConfigDB)
+        |> Repo.all()
+        |> Enum.filter(&not_whitelisted?(&1, whitelisted_groups, whitelisted_keys))
+
+      if not Enum.empty?(filtered) do
+        shell_info("The following settings will be removed from ConfigDB:\n")
+        Enum.each(filtered, &dump(&1))
+
+        if force or shell_prompt("Are you sure you want to continue?", "n") in ~w(Yn Y y) do
+          filtered_ids = Enum.map(filtered, fn %{id: id} -> id end)
+
+          Repo.delete_all(from(c in ConfigDB, where: c.id in ^filtered_ids))
+        else
+          shell_error("No changes made.")
+        end
+      else
+        shell_error("No unwanted settings in ConfigDB. No changes made.")
+      end
+    end
+  end
+
   @spec migrate_to_db(Path.t() | nil) :: any()
   def migrate_to_db(file_path \\ nil) do
     with :ok <- Pleroma.Config.DeprecationWarnings.warn() do
@@ -434,4 +489,9 @@ defmodule Mix.Tasks.Pleroma.Config do
     Ecto.Adapters.SQL.query!(Repo, "TRUNCATE config;")
     Ecto.Adapters.SQL.query!(Repo, "ALTER SEQUENCE config_id_seq RESTART;")
   end
+
+  defp not_whitelisted?(%{group: group, key: key}, whitelisted_groups, whitelisted_keys) do
+    not Enum.member?(whitelisted_groups, group) and
+      not Enum.member?(whitelisted_keys, {group, key})
+  end
 end

lib/mix/tasks/pleroma/database.ex

@@ -226,7 +226,12 @@ defmodule Mix.Tasks.Pleroma.Database do
     DELETE FROM hashtags AS ht
     WHERE NOT EXISTS (
       SELECT 1 FROM hashtags_objects hto
-      WHERE ht.id = hto.hashtag_id)
+      WHERE ht.id = hto.hashtag_id
+    )
+    AND NOT EXISTS (
+      SELECT 1 FROM user_follows_hashtag ufh
+      WHERE ht.id = ufh.hashtag_id
+    )
     """
     |> Repo.query()
 

lib/mix/tasks/pleroma/openapi_spec.ex

@@ -22,7 +22,7 @@ defmodule Mix.Tasks.Pleroma.OpenapiSpec do
     else
       {_, errors} ->
         IO.puts(IO.ANSI.format([:red, :bright, "Spec check failed, errors:"]))
-        Enum.map(errors, &IO.puts/1)
+        Enum.each(errors, &IO.puts/1)
 
         raise "Spec check failed"
     end

lib/mix/tasks/pleroma/search/meilisearch.ex

@@ -72,7 +72,7 @@ defmodule Mix.Tasks.Pleroma.Search.Meilisearch do
           query,
           timeout: :infinity
         )
-        |> Stream.map(&Pleroma.Search.Meilisearch.object_to_search_data/1)
+        |> Stream.map(&Pleroma.Search.object_to_search_data/1)
         |> Stream.filter(fn o -> not is_nil(o) end)
         |> Stream.chunk_every(chunk_size)
         |> Stream.transform(0, fn objects, acc ->

lib/pleroma/activity/html.ex

@@ -38,7 +38,7 @@ defmodule Pleroma.Activity.HTML do
 
   def invalidate_cache_for(activity_id) do
     keys = get_cache_keys_for(activity_id)
-    Enum.map(keys, &@cachex.del(:scrubber_cache, &1))
+    Enum.each(keys, &@cachex.del(:scrubber_cache, &1))
     @cachex.del(:scrubber_management_cache, activity_id)
   end
 

lib/pleroma/bookmark.ex

@@ -19,7 +19,7 @@ defmodule Pleroma.Bookmark do
   schema "bookmarks" do
     belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
     belongs_to(:activity, Activity, type: FlakeId.Ecto.CompatType)
-    belongs_to(:folder, BookmarkFolder, type: FlakeId.Ecto.CompatType)
+    belongs_to(:folder, BookmarkFolder, type: FlakeId.Ecto.Type)
 
     timestamps()
   end
@@ -38,7 +38,7 @@ defmodule Pleroma.Bookmark do
     |> validate_required([:user_id, :activity_id])
     |> unique_constraint(:activity_id, name: :bookmarks_user_id_activity_id_index)
     |> Repo.insert(
-      on_conflict: [set: [folder_id: folder_id]],
+      on_conflict: [set: [folder_id: folder_id, updated_at: NaiveDateTime.utc_now()]],
       conflict_target: [:user_id, :activity_id]
     )
   end
@@ -76,11 +76,4 @@ defmodule Pleroma.Bookmark do
     |> Repo.one()
     |> Repo.delete()
   end
-
-  def set_folder(bookmark, folder_id) do
-    bookmark
-    |> cast(%{folder_id: folder_id}, [:folder_id])
-    |> validate_required([:folder_id])
-    |> Repo.update()
-  end
 end

lib/pleroma/bookmark_folder.ex

@@ -14,7 +14,7 @@ defmodule Pleroma.BookmarkFolder do
   alias Pleroma.User
 
   @type t :: %__MODULE__{}
-  @primary_key {:id, FlakeId.Ecto.CompatType, autogenerate: true}
+  @primary_key {:id, FlakeId.Ecto.Type, autogenerate: true}
 
   schema "bookmark_folders" do
     field(:name, :string)

lib/pleroma/config_db.ex

@@ -10,6 +10,7 @@ defmodule Pleroma.ConfigDB do
   import Pleroma.Web.Gettext
 
   alias __MODULE__
+  alias Pleroma.EctoType.Config.RateLimit
   alias Pleroma.Repo
 
   @type t :: %__MODULE__{}
@@ -60,8 +61,59 @@ defmodule Pleroma.ConfigDB do
     |> cast(params, [:key, :group, :value])
     |> validate_required([:key, :group, :value])
     |> unique_constraint(:key, name: :config_group_key_index)
+    |> validate_rate_limit()
   end
 
+  defp validate_rate_limit(changeset) do
+    group = get_field(changeset, :group)
+    key = get_field(changeset, :key)
+
+    if group == :pleroma and key == :rate_limit do
+      value = get_field(changeset, :value)
+
+      case normalize_rate_limit(value) do
+        {:ok, normalized_value} ->
+          put_change(changeset, :value, normalized_value)
+
+        {:error, {limiter_name, reason}} ->
+          add_error(
+            changeset,
+            :value,
+            "invalid :rate_limit value for #{inspect(limiter_name)}: #{reason}"
+          )
+      end
+    else
+      changeset
+    end
+  end
+
+  defp normalize_rate_limit(nil), do: {:ok, nil}
+
+  defp normalize_rate_limit(%{} = value), do: normalize_rate_limit(Map.to_list(value))
+
+  defp normalize_rate_limit(value) when is_list(value) do
+    if Keyword.keyword?(value) do
+      value
+      |> Enum.reduce_while({:ok, []}, fn {limiter_name, limiter_value}, {:ok, acc} ->
+        case RateLimit.cast_with_error(limiter_value) do
+          {:ok, normalized_limiter_value} ->
+            {:cont, {:ok, [{limiter_name, normalized_limiter_value} | acc]}}
+
+          {:error, reason} ->
+            {:halt, {:error, {limiter_name, reason}}}
+        end
+      end)
+      |> case do
+        {:ok, acc} -> {:ok, Enum.reverse(acc)}
+        {:error, _} = error -> error
+      end
+    else
+      {:error, {:rate_limit, "must be a keyword list"}}
+    end
+  end
+
+  defp normalize_rate_limit(_), do: {:error, {:rate_limit, "must be a keyword list"}}
+
   defp create(params) do
     %ConfigDB{}
     |> changeset(params)

lib/pleroma/constants.ex

@@ -22,13 +22,14 @@ defmodule Pleroma.Constants do
       "generator",
       "rules",
       "language",
-      "voters"
+      "voters",
+      "assigned_account"
     ]
   )
 
   const(static_only_files,
     do:
-      ~w(index.html robots.txt static static-fe finmoji emoji packs sounds images instance sw.js sw-pleroma.js favicon.png schemas doc embed.js embed.css)
+      ~w(index.html robots.txt static static-fe finmoji emoji packs sounds images instance sw.js sw-pleroma.js schemas doc embed.js embed.css)
   )
 
   const(status_updatable_fields,

lib/pleroma/ecto_type/config/rate_limit.ex

@@ -0,0 +1,71 @@
+# Pleroma: A lightweight social networking server
+# Copyright © Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.EctoType.Config.RateLimit do
+  @moduledoc false
+
+  use Ecto.Type
+
+  @type t ::
+          nil
+          | {non_neg_integer(), non_neg_integer()}
+          | [{non_neg_integer(), non_neg_integer()}]
+
+  @impl true
+  def type, do: :term
+
+  @impl true
+  def cast(value) do
+    case cast_with_error(value) do
+      {:ok, normalized} -> {:ok, normalized}
+      {:error, _reason} -> :error
+    end
+  end
+
+  @impl true
+  def load(value), do: cast(value)
+
+  @impl true
+  def dump(value), do: cast(value)
+
+  @spec cast_with_error(term()) :: {:ok, t()} | {:error, String.t()}
+  def cast_with_error(nil), do: {:ok, nil}
+
+  def cast_with_error({scale, limit}) do
+    with {:ok, scale} <- parse_integer(scale, "scale"),
+         {:ok, limit} <- parse_integer(limit, "limit"),
+         true <- scale >= 1 and limit >= 1 do
+      {:ok, {scale, limit}}
+    else
+      false -> {:error, "scale and limit must be >= 1"}
+      {:error, reason} -> {:error, reason}
+    end
+  end
+
+  def cast_with_error([{_, _} = unauth, {_, _} = auth]) do
+    with {:ok, unauth} <- cast_with_error(unauth),
+         {:ok, auth} <- cast_with_error(auth) do
+      {:ok, [unauth, auth]}
+    else
+      {:error, reason} -> {:error, reason}
+    end
+  end
+
+  def cast_with_error(_),
+    do:
+      {:error, "must be a {scale, limit} tuple, a [{scale, limit}, {scale, limit}] list, or nil"}
+
+  defp parse_integer(value, _label) when is_integer(value), do: {:ok, value}
+
+  defp parse_integer(value, label) when is_binary(value) do
+    value = String.trim(value)
+
+    case Integer.parse(value) do
+      {number, ""} -> {:ok, number}
+      _ -> {:error, "#{label} must be an integer"}
+    end
+  end
+
+  defp parse_integer(_value, label), do: {:error, "#{label} must be an integer"}
+end

lib/pleroma/formatter.ex

@@ -127,6 +127,13 @@ defmodule Pleroma.Formatter do
     Earmark.as_html!(text, %Earmark.Options{compact_output: true, smartypants: false})
   end
 
+  def markdown_to_html(text, opts) do
+    Earmark.as_html!(
+      text,
+      %Earmark.Options{compact_output: true, smartypants: false} |> Map.merge(opts)
+    )
+  end
+
   def html_escape({text, mentions, hashtags}, type) do
     {html_escape(text, type), mentions, hashtags}
   end
@@ -135,6 +142,10 @@ defmodule Pleroma.Formatter do
     HTML.filter_tags(text)
   end
 
+  def html_escape(text, "text/x.misskeymarkdown") do
+    HTML.filter_tags(text)
+  end
+
   def html_escape(text, "text/plain") do
     Regex.split(@link_regex, text, include_captures: true)
     |> Enum.map_every(2, fn chunk ->

lib/pleroma/frontend.ex

@@ -75,8 +75,8 @@ defmodule Pleroma.Frontend do
   end
 
   defp download_build(frontend_info, dest) do
-    Logger.info("Downloading pre-built bundle for #{frontend_info["name"]}")
     url = String.replace(frontend_info["build_url"], "${ref}", frontend_info["ref"])
+    Logger.info("Downloading pre-built bundle for #{frontend_info["name"]} from #{url}")
 
     with {:ok, %{status: 200, body: zip_body}} <-
            Pleroma.HTTP.get(url, [], pool: :media, recv_timeout: 120_000) do

lib/pleroma/gopher/server.ex

@@ -21,10 +21,13 @@ defmodule Pleroma.Gopher.Server do
 
   def init([ip, port]) do
     Logger.info("Starting gopher server on #{port}")
+    Process.flag(:trap_exit, true)
+
+    listener = :gopher
 
     {:ok, _pid} =
       :ranch.start_listener(
-        :gopher,
+        listener,
         :ranch_tcp,
         %{
           num_acceptors: 100,
@@ -35,7 +38,11 @@ defmodule Pleroma.Gopher.Server do
         []
       )
 
-    {:ok, %{ip: ip, port: port}}
+    {:ok, %{ip: ip, port: port, listener: listener}}
+  end
+
+  def terminate(_reason, state) do
+    :ranch.stop_listener(state.listener)
   end
 end
 

lib/pleroma/list.ex

@@ -17,13 +17,14 @@ defmodule Pleroma.List do
     field(:title, :string)
     field(:following, {:array, :string}, default: [])
     field(:ap_id, :string)
+    field(:exclusive, :boolean, default: false)
 
     timestamps()
   end
 
-  def title_changeset(list, attrs \\ %{}) do
+  def update_changeset(list, attrs \\ %{}) do
     list
-    |> cast(attrs, [:title])
+    |> cast(attrs, [:title, :exclusive])
     |> validate_required([:title])
   end
 
@@ -91,14 +92,14 @@ defmodule Pleroma.List do
     |> Repo.all()
   end
 
-  def rename(%Pleroma.List{} = list, title) do
+  def update(%Pleroma.List{} = list, params) do
     list
-    |> title_changeset(%{title: title})
+    |> update_changeset(params)
     |> Repo.update()
   end
 
-  def create(title, %User{} = creator) do
-    changeset = title_changeset(%Pleroma.List{user_id: creator.id}, %{title: title})
+  def create(params, %User{} = creator) do
+    changeset = update_changeset(%Pleroma.List{user_id: creator.id}, params)
 
     if changeset.valid? do
       Repo.transaction(fn ->
@@ -149,4 +150,14 @@ defmodule Pleroma.List do
   end
 
   def member?(_, _), do: false
+
+  def get_exclusive_list_members(%User{id: user_id}) do
+    Pleroma.List
+    |> where([l], l.user_id == ^user_id)
+    |> where([l], l.exclusive == true)
+    |> select([l], l.following)
+    |> Repo.all()
+    |> List.flatten()
+    |> Enum.uniq()
+  end
 end

lib/pleroma/marker.ex

@@ -78,7 +78,7 @@ defmodule Pleroma.Marker do
 
   defp get_marker(user, timeline) do
     case Repo.find_resource(get_query(user, timeline)) do
-      {:ok, marker} -> %__MODULE__{marker | user: user}
+      {:ok, %__MODULE__{} = marker} -> %{marker | user: user}
       _ -> %__MODULE__{timeline: timeline, user_id: user.id}
     end
   end

lib/pleroma/mfa/changeset.ex

@@ -8,7 +8,8 @@ defmodule Pleroma.MFA.Changeset do
   alias Pleroma.User
 
   def disable(%Ecto.Changeset{} = changeset, force \\ false) do
-    settings =
+    %Settings{} =
+      settings =
       changeset
       |> Ecto.Changeset.apply_changes()
       |> MFA.fetch_settings()
@@ -20,20 +21,20 @@ defmodule Pleroma.MFA.Changeset do
     end
   end
 
-  def disable_totp(%User{multi_factor_authentication_settings: settings} = user) do
+  def disable_totp(%User{multi_factor_authentication_settings: %Settings{} = settings} = user) do
     user
     |> put_change(%Settings{settings | totp: %Settings.TOTP{}})
   end
 
-  def confirm_totp(%User{multi_factor_authentication_settings: settings} = user) do
-    totp_settings = %Settings.TOTP{settings.totp | confirmed: true}
+  def confirm_totp(%User{multi_factor_authentication_settings: %Settings{} = settings} = user) do
+    totp_settings = %Settings.TOTP{(%Settings.TOTP{} = settings.totp) | confirmed: true}
 
     user
     |> put_change(%Settings{settings | totp: totp_settings, enabled: true})
   end
 
   def setup_totp(%User{} = user, attrs) do
-    mfa_settings = MFA.fetch_settings(user)
+    %Settings{} = mfa_settings = MFA.fetch_settings(user)
 
     totp_settings =
       %Settings.TOTP{}
@@ -46,7 +47,7 @@ defmodule Pleroma.MFA.Changeset do
   def cast_backup_codes(%User{} = user, codes) do
     user
     |> put_change(%Settings{
-      user.multi_factor_authentication_settings
+      (%Settings{} = user.multi_factor_authentication_settings)
       | backup_codes: codes
     })
   end

lib/pleroma/moderation_log.ex

@@ -132,11 +132,18 @@ defmodule Pleroma.ModerationLog do
   end
 
   def insert_log(%{actor: %User{}, action: action, subject: %Activity{} = subject} = attrs)
-      when action in ["report_note_delete", "report_update", "report_note"] do
+      when action in [
+             "report_note_delete",
+             "report_update",
+             "report_note",
+             "report_unassigned",
+             "report_assigned"
+           ] do
     data =
       attrs
       |> prepare_log_data
       |> Pleroma.Maps.put_if_present("text", attrs[:text])
+      |> Pleroma.Maps.put_if_present("assigned_account", attrs[:assigned_account])
       |> Map.merge(%{"subject" => report_to_map(subject)})
 
     insert_log_entry_with_message(%ModerationLog{data: data})
@@ -441,6 +448,35 @@ defmodule Pleroma.ModerationLog do
       " with '#{state}' state"
   end
 
+  def get_log_entry_message(
+        %ModerationLog{
+          data: %{
+            "actor" => %{"nickname" => actor_nickname},
+            "action" => "report_assigned",
+            "subject" => %{"id" => subject_id, "type" => "report"},
+            "assigned_account" => assigned_account
+          }
+        } = log
+      ) do
+    "@#{actor_nickname} assigned report ##{subject_id}" <>
+      subject_actor_nickname(log, " (on user ", ")") <>
+      " to user #{assigned_account}"
+  end
+
+  def get_log_entry_message(
+        %ModerationLog{
+          data: %{
+            "actor" => %{"nickname" => actor_nickname},
+            "action" => "report_unassigned",
+            "subject" => %{"id" => subject_id, "type" => "report"}
+          }
+        } = log
+      ) do
+    "@#{actor_nickname} unassigned report ##{subject_id}" <>
+      subject_actor_nickname(log, " (on user ", ")") <>
+      " from a user"
+  end
+
   def get_log_entry_message(
         %ModerationLog{
           data: %{

lib/pleroma/object.ex

@@ -372,12 +372,28 @@ defmodule Pleroma.Object do
             option
         end)
 
-      voters = [actor | object.data["voters"] || []] |> Enum.uniq()
+      existing_voters = object.data["voters"] || []
+      voters = [actor | existing_voters] |> Enum.uniq()
+      new_voter? = actor not in existing_voters
+      existing_voters_count = object.data["votersCount"]
+
+      voters_count =
+        cond do
+          is_integer(existing_voters_count) and new_voter? ->
+            existing_voters_count + 1
+
+          is_integer(existing_voters_count) ->
+            existing_voters_count
+
+          true ->
+            length(voters)
+        end
 
       data =
         object.data
         |> Map.put(key, options)
         |> Map.put("voters", voters)
+        |> Map.put("votersCount", voters_count)
 
       object
       |> Object.change(%{data: data})

lib/pleroma/release_tasks.ex

@@ -5,7 +5,10 @@
 defmodule Pleroma.ReleaseTasks do
   @repo Pleroma.Repo
 
-  def run(args) do
+  # TODO: Kept for some backwards compatibility with buggy pleroma_ctl,
+  # if a mismatch between pleroma_ctl and Pleroma accidentaly happens.
+  # Remove in the future.
+  def run(args) when is_binary(args) do
     [task | args] = String.split(args)
 
     case task do
@@ -16,6 +19,20 @@ defmodule Pleroma.ReleaseTasks do
     end
   end
 
+  # HACK: Script arguments need to be received as a list, otherwise (quoted) arguments with
+  # whitespace will be broken. Previously the broken string form above was used,
+  # escaping in the shell does not help.
+  def run(args) when is_list(args) do
+    [task | args] = args
+
+    case task do
+      "migrate" -> migrate(args)
+      "create" -> create()
+      "rollback" -> rollback(args)
+      task -> mix_task(task, args)
+    end
+  end
+
   def find_module(task) do
     module_name =
       task

lib/pleroma/reverse_proxy.ex

@@ -12,7 +12,7 @@ defmodule Pleroma.ReverseProxy do
   @keep_resp_headers @resp_cache_headers ++
                        ~w(content-length content-type content-disposition content-encoding) ++
                        ~w(content-range accept-ranges vary)
-  @default_cache_control_header "public, max-age=1209600"
+  @default_cache_control_header "public, max-age=1209600, immutable"
   @valid_resp_codes [200, 206, 304]
   @max_read_duration :timer.seconds(30)
   @max_body_length :infinity

lib/pleroma/reverse_proxy/client/hackney.ex

@@ -4,6 +4,9 @@
 
 defmodule Pleroma.ReverseProxy.Client.Hackney do
   @behaviour Pleroma.ReverseProxy.Client
+  @redirect_limit 5
+
+  require Logger
 
   # In-app redirect handler to avoid Hackney redirect bugs:
   # - https://github.com/benoitc/hackney/issues/527 (relative/protocol-less redirects can crash Hackney)
@@ -31,26 +34,15 @@ defmodule Pleroma.ReverseProxy.Client.Hackney do
 
     if opts[:follow_redirect] != false do
       {_state, req_opts} = Access.get_and_update(opts, :follow_redirect, fn a -> {a, false} end)
+      env = %{method: method, headers: headers, body: body, req_opts: req_opts}
       res = :hackney.request(method, url, headers, body, req_opts)
 
       case res do
         {:ok, code, resp_headers, _client} when code in @redirect_statuses ->
-          :hackney.request(
-            method,
-            absolute_redirect_url(url, resp_headers),
-            headers,
-            body,
-            req_opts
-          )
+          redirect(url, resp_headers, env, @redirect_limit)
 
         {:ok, code, resp_headers} when code in @redirect_statuses ->
-          :hackney.request(
-            method,
-            absolute_redirect_url(url, resp_headers),
-            headers,
-            body,
-            req_opts
-          )
+          redirect(url, resp_headers, env, @redirect_limit)
 
         _ ->
           res
@@ -71,4 +63,32 @@ defmodule Pleroma.ReverseProxy.Client.Hackney do
 
   @impl true
   def close(ref), do: :hackney.close(ref)
+
+  defp redirect(url, resp_headers, env, limit) when limit == 0 do
+    new_url = absolute_redirect_url(url, resp_headers)
+
+    Logger.debug(
+      "#{__MODULE__}: Handling redirect #{url} -> #{new_url}; redirect limit was reached - returning response after final redirect"
+    )
+
+    :hackney.request(env.method, new_url, env.headers, env.body, env.req_opts)
+  end
+
+  defp redirect(url, resp_headers, env, limit) do
+    new_url = absolute_redirect_url(url, resp_headers)
+    Logger.debug("#{__MODULE__}: handling redirect #{url} -> #{new_url}; limit = #{limit}")
+
+    res = :hackney.request(env.method, new_url, env.headers, env.body, env.req_opts)
+
+    case res do
+      {:ok, code, new_resp_headers, _client} when code in @redirect_statuses ->
+        redirect(new_url, new_resp_headers, env, limit - 1)
+
+      {:ok, code, new_resp_headers} when code in @redirect_statuses ->
+        redirect(new_url, new_resp_headers, env, limit - 1)
+
+      _ ->
+        res
+    end
+  end
 end

lib/pleroma/search.ex

@@ -1,11 +1,28 @@
 defmodule Pleroma.Search do
+  alias Pleroma.Activity
+  alias Pleroma.Object
+  alias Pleroma.Web.ActivityPub.Visibility
   alias Pleroma.Workers.SearchIndexingWorker
 
-  def add_to_index(%Pleroma.Activity{id: activity_id}) do
-    SearchIndexingWorker.new(%{"op" => "add_to_index", "activity" => activity_id})
-    |> Oban.insert()
+  @spec add_to_index(Activity.t()) :: {:ok, Oban.Job.t() | :noop} | {:error, Oban.Job.changeset()}
+  def add_to_index(%Activity{id: activity_id, object: %Object{} = object} = activity) do
+    with {_, true} <- {:indexable, indexable?(activity)},
+         {_, "public"} <- {:visibility, Visibility.get_visibility(object)} do
+      SearchIndexingWorker.new(%{"op" => "add_to_index", "activity" => activity_id})
+      |> Oban.insert()
+    else
+      _ -> {:ok, :noop}
+    end
   end
 
+  def add_to_index(%Activity{id: activity_id}) do
+    case Activity.get_by_id_with_object(activity_id) do
+      %Activity{} = preloaded -> add_to_index(preloaded)
+      _ -> {:ok, :noop}
+    end
+  end
+
+  @spec remove_from_index(Object.t()) :: {:ok, Oban.Job.t()} | {:error, Oban.Job.changeset()}
   def remove_from_index(%Pleroma.Object{id: object_id}) do
     SearchIndexingWorker.new(%{"op" => "remove_from_index", "object" => object_id})
     |> Oban.insert()
@@ -20,4 +37,44 @@ defmodule Pleroma.Search do
     search_module = Pleroma.Config.get([Pleroma.Search, :module])
     search_module.healthcheck_endpoints()
   end
+
+  def object_to_search_data(%Object{} = object) do
+    data = object.data
+
+    content_str =
+      case data["content"] do
+        [nil | rest] -> to_string(rest)
+        str -> str
+      end
+
+    content =
+      with {:ok, scrubbed} <-
+             FastSanitize.Sanitizer.scrub(content_str, Pleroma.HTML.Scrubber.SearchIndexing),
+           trimmed <- String.trim(scrubbed) do
+        trimmed
+      end
+
+    # Make sure we have a non-empty string
+    if content != "" do
+      {:ok, published, _} = DateTime.from_iso8601(data["published"])
+
+      %{
+        id: object.id,
+        content: content,
+        ap: data["id"],
+        published: published |> DateTime.to_unix()
+      }
+    end
+  end
+
+  defp indexable?(%Activity{
+         data: %{"type" => "Create"},
+         object: %Object{
+           data: %{"content" => content, "published" => published, "type" => "Note"}
+         }
+       })
+       when not is_nil(content) and content not in ["", "."] and not is_nil(published),
+       do: true
+
+  defp indexable?(_), do: false
 end

lib/pleroma/search/meilisearch.ex

@@ -4,6 +4,8 @@ defmodule Pleroma.Search.Meilisearch do
 
   alias Pleroma.Activity
   alias Pleroma.Config.Getting, as: Config
+  alias Pleroma.Object
+  alias Pleroma.Search
 
   import Pleroma.Search.DatabaseSearch
   import Ecto.Query
@@ -118,66 +120,24 @@ defmodule Pleroma.Search.Meilisearch do
     end
   end
 
-  def object_to_search_data(object) do
-    # Only index public or unlisted Notes
-    if not is_nil(object) and object.data["type"] == "Note" and
-         not is_nil(object.data["content"]) and
-         not is_nil(object.data["published"]) and
-         (Pleroma.Constants.as_public() in object.data["to"] or
-            Pleroma.Constants.as_public() in object.data["cc"]) and
-         object.data["content"] not in ["", "."] do
-      data = object.data
-
-      content_str =
-        case data["content"] do
-          [nil | rest] -> to_string(rest)
-          str -> str
-        end
-
-      content =
-        with {:ok, scrubbed} <-
-               FastSanitize.Sanitizer.scrub(content_str, Pleroma.HTML.Scrubber.SearchIndexing),
-             trimmed <- String.trim(scrubbed) do
-          trimmed
-        end
-
-      # Make sure we have a non-empty string
-      if content != "" do
-        {:ok, published, _} = DateTime.from_iso8601(data["published"])
-
-        %{
-          id: object.id,
-          content: content,
-          ap: data["id"],
-          published: published |> DateTime.to_unix()
-        }
-      end
-    end
-  end
-
   @impl true
-  def add_to_index(activity) do
-    maybe_search_data = object_to_search_data(activity.object)
+  def add_to_index(%Activity{object: %Object{} = object} = activity) do
+    search_data = Search.object_to_search_data(object)
 
-    if activity.data["type"] == "Create" and maybe_search_data do
-      result =
-        meili_put(
-          "/indexes/objects/documents",
-          [maybe_search_data]
-        )
+    result =
+      meili_put(
+        "/indexes/objects/documents",
+        [search_data]
+      )
 
-      with {:ok, %{"status" => "enqueued"}} <- result do
-        # Added successfully
-        :ok
-      else
-        _ ->
-          # There was an error, report it
-          Logger.error("Failed to add activity #{activity.id} to index: #{inspect(result)}")
-          {:error, result}
-      end
-    else
-      # The post isn't something we can search, that's ok
+    with {:ok, %{"status" => "enqueued"}} <- result do
+      # Added successfully
       :ok
+    else
+      _ ->
+        # There was an error, report it
+        Logger.error("Failed to add activity #{activity.id} to index: #{inspect(result)}")
+        {:error, result}
     end
   end
 

lib/pleroma/search/qdrant_search.ex

@@ -4,11 +4,12 @@ defmodule Pleroma.Search.QdrantSearch do
 
   alias Pleroma.Activity
   alias Pleroma.Config.Getting, as: Config
+  alias Pleroma.Object
+  alias Pleroma.Search
 
   alias __MODULE__.OpenAIClient
   alias __MODULE__.QdrantClient
 
-  import Pleroma.Search.Meilisearch, only: [object_to_search_data: 1]
   import Pleroma.Search.DatabaseSearch, only: [maybe_fetch: 3]
 
   @impl true
@@ -82,23 +83,18 @@ defmodule Pleroma.Search.QdrantSearch do
   end
 
   @impl true
-  def add_to_index(activity) do
-    # This will only index public or unlisted notes
-    maybe_search_data = object_to_search_data(activity.object)
+  def add_to_index(%Activity{object: %Object{} = object} = activity) do
+    search_data = Search.object_to_search_data(object)
 
-    if activity.data["type"] == "Create" and maybe_search_data do
-      with {:ok, embedding} <- get_embedding(maybe_search_data.content),
-           {:ok, %{status: 200}} <-
-             QdrantClient.put(
-               "/collections/posts/points",
-               build_index_payload(activity, embedding)
-             ) do
-        :ok
-      else
-        e -> {:error, e}
-      end
-    else
+    with {:ok, embedding} <- get_embedding(search_data.content),
+         {:ok, %{status: 200}} <-
+           QdrantClient.put(
+             "/collections/posts/points",
+             build_index_payload(activity, embedding)
+           ) do
       :ok
+    else
+      e -> {:error, e}
     end
   end
 

lib/pleroma/upload.ex

@@ -93,7 +93,7 @@ defmodule Pleroma.Upload do
   def store(upload, opts \\ []) do
     opts = get_opts(opts)
 
-    with {:ok, upload} <- prepare_upload(upload, opts),
+    with {:ok, %__MODULE__{} = upload} <- prepare_upload(upload, opts),
          upload = %__MODULE__{upload | path: upload.path || "#{upload.id}/#{upload.name}"},
          {:ok, upload} <- Pleroma.Upload.Filter.filter(opts.filters, upload),
          description = get_description(upload),

lib/pleroma/user/backup.ex

@@ -342,7 +342,7 @@ defmodule Pleroma.User.Backup do
       dir,
       "outbox",
       fn a ->
-        with {:ok, activity} <- Transmogrifier.prepare_outgoing(a.data) do
+        with {:ok, activity} <- Transmogrifier.prepare_activity(a.data) do
           {:ok, Map.delete(activity, "@context")}
         end
       end

lib/pleroma/user_relationship.ex

@@ -45,7 +45,7 @@ defmodule Pleroma.UserRelationship do
       do: exists?(unquote(relationship_type), source, target)
 
     # `def get_block_expire_date/2`, `def get_mute_expire_date/2`,
-    #   `def get_reblog_mute_expire_date/2`, `def get_notification_mute_exists?/2`,
+    #   `def get_reblog_mute_expire_date/2`, `def get_notification_mute_expire_date/2`,
     #   `def get_inverse_subscription_expire_date/2`, `def get_inverse_endorsement_expire_date/2`
     def unquote(:"get_#{relationship_type}_expire_date")(source, target),
       do: get_expire_date(unquote(relationship_type), source, target)

lib/pleroma/utils.ex

@@ -17,7 +17,7 @@ defmodule Pleroma.Utils do
     dir
     |> File.ls!()
     |> Enum.map(&Path.join(dir, &1))
-    |> Kernel.ParallelCompiler.compile()
+    |> Kernel.ParallelCompiler.compile(return_diagnostics: true)
   end
 
   @doc """

lib/pleroma/web/activity_pub/activity_pub.ex

@@ -1003,6 +1003,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
 
   defp restrict_state(query, _), do: query
 
+  defp restrict_assigned_account(query, %{assigned_account: assigned_account}) do
+    from(activity in query,
+      where: fragment("?->>'assigned_account' = ?", activity.data, ^assigned_account)
+    )
+  end
+
+  defp restrict_assigned_account(query, _), do: query
+
   defp restrict_favorited_by(query, %{favorited_by: ap_id}) do
     from(
       [_activity, object] in query,
@@ -1471,6 +1479,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
       |> restrict_actor(opts)
       |> restrict_type(opts)
       |> restrict_state(opts)
+      |> restrict_assigned_account(opts)
       |> restrict_favorited_by(opts)
       |> restrict_blocked(restrict_blocked_opts)
       |> restrict_blockers_visibility(opts)
@@ -1609,6 +1618,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
   defp normalize_image(urls) when is_list(urls), do: urls |> List.first() |> normalize_image()
   defp normalize_image(_), do: nil
 
+  defp normalize_also_known_as(urls) when is_list(urls), do: urls
+  defp normalize_also_known_as(url) when is_binary(url), do: [url]
+  defp normalize_also_known_as(nil), do: []
+
   defp maybe_put_description(map, %{"name" => description}) when is_binary(description) do
     Map.put(map, "name", description)
   end
@@ -1664,44 +1677,80 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
 
     show_birthday = !!birthday
 
-    # if WebFinger request was already done, we probably have acct, otherwise
-    # we request WebFinger here
-    nickname = additional[:nickname_from_acct] || generate_nickname(data)
+    with {:ok, nickname} <- nickname_from_actor(data, additional) do
+      {:ok,
+       %{
+         ap_id: data["id"],
+         uri: get_actor_url(data["url"]),
+         banner: normalize_image(data["image"]),
+         fields: fields,
+         emoji: emojis,
+         is_locked: is_locked,
+         is_discoverable: is_discoverable,
+         invisible: invisible,
+         avatar: normalize_image(data["icon"]),
+         name: data["name"],
+         follower_address: data["followers"],
+         following_address: data["following"],
+         featured_address: featured_address,
+         bio: data["summary"] || "",
+         actor_type: actor_type,
+         also_known_as: normalize_also_known_as(data["alsoKnownAs"]),
+         public_key: public_key,
+         inbox: data["inbox"],
+         shared_inbox: shared_inbox,
+         accepts_chat_messages: accepts_chat_messages,
+         birthday: birthday,
+         show_birthday: show_birthday,
+         pinned_objects: pinned_objects,
+         nickname: nickname
+       }}
+    end
+  end
 
-    %{
-      ap_id: data["id"],
-      uri: get_actor_url(data["url"]),
-      banner: normalize_image(data["image"]),
-      fields: fields,
-      emoji: emojis,
-      is_locked: is_locked,
-      is_discoverable: is_discoverable,
-      invisible: invisible,
-      avatar: normalize_image(data["icon"]),
-      name: data["name"],
-      follower_address: data["followers"],
-      following_address: data["following"],
-      featured_address: featured_address,
-      bio: data["summary"] || "",
-      actor_type: actor_type,
-      also_known_as: Map.get(data, "alsoKnownAs", []),
-      public_key: public_key,
-      inbox: data["inbox"],
-      shared_inbox: shared_inbox,
-      accepts_chat_messages: accepts_chat_messages,
-      birthday: birthday,
-      show_birthday: show_birthday,
-      pinned_objects: pinned_objects,
-      nickname: nickname
-    }
+  defp nickname_from_actor(data, additional) do
+    generated = generated_nickname(data)
+
+    case additional[:nickname_from_acct] do
+      ^generated when is_binary(generated) ->
+        {:ok, generated}
+
+      acct when is_binary(acct) ->
+        with ^acct <- webfinger_nickname(data) do
+          {:ok, acct}
+        else
+          _ -> {:error, {:webfinger_actor_mismatch, acct, data["id"]}}
+        end
+
+      _ ->
+        {:ok, generate_nickname(data)}
+    end
+  end
+
+  defp generated_nickname(%{"preferredUsername" => username, "id" => ap_id})
+       when is_binary(username) and is_binary(ap_id) do
+    case URI.parse(ap_id) do
+      %URI{host: host} when is_binary(host) -> "#{username}@#{host}"
+      _ -> nil
+    end
+  end
+
+  defp generated_nickname(_), do: nil
+
+  defp webfinger_nickname(data) do
+    with generated when is_binary(generated) <- generated_nickname(data),
+         {:ok, %{"subject" => "acct:" <> acct, "ap_id" => ap_id}} <- WebFinger.finger(generated),
+         true <- ap_id == data["id"] do
+      acct
+    end
   end
 
   defp generate_nickname(%{"preferredUsername" => username} = data) when is_binary(username) do
-    generated = "#{username}@#{URI.parse(data["id"]).host}"
+    generated = generated_nickname(data)
 
     if Config.get([WebFinger, :update_nickname_on_user_fetch]) do
-      case WebFinger.finger(generated) do
-        {:ok, %{"subject" => "acct:" <> acct}} -> acct
+      case webfinger_nickname(data) do
+        acct when is_binary(acct) -> acct
         _ -> generated
       end
     else
@@ -1781,9 +1830,11 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
   defp collection_private(_data), do: {:ok, true}
 
   def user_data_from_user_object(data, additional \\ []) do
-    with {:ok, data} <- MRF.filter(data) do
-      {:ok, object_to_user_data(data, additional)}
+    with {:ok, data} <- MRF.filter(data),
+         {:ok, data} <- object_to_user_data(data, additional) do
+      {:ok, data}
     else
+      {:error, _} = e -> e
       e -> {:error, e}
     end
   end

lib/pleroma/web/activity_pub/activity_pub_controller.ex

@@ -348,7 +348,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
   end
 
   def inbox(%{assigns: %{valid_signature: false}} = conn, params) do
-    Federator.incoming_ap_doc(%{
+    Federator.incoming_failed_signature_ap_doc(%{
       method: conn.method,
       req_headers: conn.req_headers,
       request_path: conn.request_path,

lib/pleroma/web/activity_pub/builder.ex

@@ -332,21 +332,18 @@ defmodule Pleroma.Web.ActivityPub.Builder do
 
   @spec announce(User.t(), Object.t(), keyword()) :: {:ok, map(), keyword()}
   def announce(actor, object, options \\ []) do
-    public? = Keyword.get(options, :public, false)
+    visibility = Keyword.get(options, :visibility, "public")
 
-    to =
-      cond do
-        actor.ap_id == Relay.ap_id() ->
-          [actor.follower_address]
-
-        public? and Visibility.local_public?(object) ->
-          [actor.follower_address, object.data["actor"], Utils.as_local_public()]
-
-        public? ->
-          [actor.follower_address, object.data["actor"], Pleroma.Constants.as_public()]
-
-        true ->
-          [actor.follower_address, object.data["actor"]]
+    {to, cc} =
+      if actor.ap_id == Relay.ap_id() do
+        {[actor.follower_address], []}
+      else
+        Pleroma.Web.CommonAPI.Utils.get_to_and_cc_for_visibility(
+          visibility,
+          actor.follower_address,
+          nil,
+          [object.data["actor"]]
+        )
       end
 
     {:ok,
@@ -355,6 +352,7 @@ defmodule Pleroma.Web.ActivityPub.Builder do
        "actor" => actor.ap_id,
        "object" => object.data["id"],
        "to" => to,
+       "cc" => cc,
        "context" => object.data["context"],
        "type" => "Announce",
        "published" => Utils.make_date()

lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex

@@ -6,9 +6,12 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
   use Ecto.Schema
 
   alias Pleroma.EctoType.ActivityPub.ObjectValidators
+  alias Pleroma.HTML
+  alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes
   alias Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations
   alias Pleroma.Web.ActivityPub.Transmogrifier
+  alias Pleroma.Web.CommonAPI.Utils
 
   import Ecto.Changeset
 
@@ -26,6 +29,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
     end
 
     field(:replies, {:array, ObjectValidators.ObjectID}, default: [])
+    field(:source, :map)
   end
 
   def cast_and_apply(data) do
@@ -80,6 +84,113 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
 
   def fix_attachments(data), do: data
 
+  defp remote_mention_resolver(
+         %{"id" => ap_id, "tag" => tags},
+         "@" <> nickname = mention,
+         buffer,
+         opts,
+         acc
+       )
+       when is_binary(ap_id) and is_list(tags) do
+    initial_host =
+      ap_id
+      |> URI.parse()
+      |> Map.get(:host)
+
+    with mention_tag when not is_nil(mention_tag) <-
+           Enum.find(tags, &mention_tag?(&1, mention, initial_host)),
+         href when is_binary(href) <- mention_tag["href"],
+         %User{} = user <- User.get_cached_by_ap_id(href) do
+      link = Pleroma.Formatter.mention_from_user(user, opts)
+      {link, %{acc | mentions: MapSet.put(acc.mentions, {"@" <> nickname, user})}}
+    else
+      _ -> {buffer, acc}
+    end
+  end
+
+  defp remote_mention_resolver(_object, _mention, buffer, _opts, acc), do: {buffer, acc}
+
+  defp mention_tag?(%{"type" => "Mention", "name" => name}, mention, initial_host)
+       when is_binary(name) do
+    name == mention || mention == "#{name}@#{initial_host}"
+  end
+
+  defp mention_tag?(_tag, _mention, _initial_host), do: false
+
+  defp scrub_content(%{"content" => content} = object) when is_binary(content) do
+    Map.put(object, "content", HTML.filter_tags(content))
+  end
+
+  defp scrub_content(object), do: object
+
+  defp mfm_parse_limit do
+    min(Pleroma.Config.get([:instance, :limit]), Pleroma.Config.get([:instance, :remote_limit]))
+  end
+
+  defp normalize_source(%{"source" => source} = object) when is_binary(source) do
+    object
+    |> Map.put("source", %{"content" => source})
+    |> normalize_source()
+  end
+
+  defp normalize_source(%{"source" => source} = object) when is_map(source) do
+    source =
+      case source["content"] do
+        content when is_binary(content) ->
+          if String.length(content) <= mfm_parse_limit() do
+            source
+          else
+            Map.delete(source, "content")
+          end
+
+        nil ->
+          source
+
+        _ ->
+          Map.delete(source, "content")
+      end
+
+    Map.put(object, "source", source)
+  end
+
+  defp normalize_source(object), do: object
+
+  defp fix_misskey_content(%{"htmlMfm" => true, "content" => content} = object)
+       when is_binary(content) do
+    Map.put(object, "content", HTML.filter_tags(content))
+  end
+
+  defp fix_misskey_content(%{"htmlMfm" => true} = object), do: object
+
+  defp fix_misskey_content(
+         %{"source" => %{"mediaType" => "text/x.misskeymarkdown", "content" => content}} = object
+       )
+       when is_binary(content) do
+    mention_handler = fn nick, buffer, opts, acc ->
+      remote_mention_resolver(object, nick, buffer, opts, acc)
+    end
+
+    {linked, _mentions, _tags} =
+      Utils.format_input(content, "text/x.misskeymarkdown", mention_handler: mention_handler)
+
+    Map.put(object, "content", linked)
+  end
+
+  defp fix_misskey_content(%{"source" => %{"mediaType" => "text/x.misskeymarkdown"}} = object),
+    do: scrub_content(object)
+
+  defp fix_misskey_content(%{"_misskey_content" => content} = object) when is_binary(content) do
+    object
+    |> Map.put("source", %{
+      "content" => content,
+      "mediaType" => "text/x.misskeymarkdown"
+    })
+    |> Map.delete("_misskey_content")
+    |> fix_misskey_content()
+  end
+
+  defp fix_misskey_content(object), do: object
+
   defp fix(data) do
     data
     |> CommonFixes.fix_actor()
@@ -88,6 +199,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
     |> fix_tag()
     |> fix_replies()
     |> fix_attachments()
+    |> normalize_source()
+    |> fix_misskey_content()
     |> CommonFixes.fix_quote_url()
     |> CommonFixes.fix_likes()
     |> Transmogrifier.fix_emoji()

lib/pleroma/web/activity_pub/object_validators/common_fields.ex

@@ -32,6 +32,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFields do
     quote bind_quoted: binding() do
       field(:content, :string)
       field(:contentMap, ObjectValidators.ContentLanguageMap)
+      field(:htmlMfm, :boolean)
 
       field(:published, ObjectValidators.DateTime)
       field(:updated, ObjectValidators.DateTime)

lib/pleroma/web/activity_pub/object_validators/question_validator.ex

@@ -28,6 +28,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.QuestionValidator do
     end
 
     field(:closed, ObjectValidators.DateTime)
+    field(:votersCount, :integer)
     field(:voters, {:array, ObjectValidators.ObjectID}, default: [])
     field(:nonAnonymous, :boolean)
     embeds_many(:anyOf, QuestionOptionsValidator)

lib/pleroma/web/activity_pub/object_validators/update_validator.ex

@@ -75,15 +75,40 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateValidator do
     end
   end
 
-  # For remote Updates, verify the host is the same.
+  # For remote Updates, verify the Actor is the same
   def validate_updating_rights_remote(cng) do
     with actor = get_field(cng, :actor),
          object = get_field(cng, :object),
          {:ok, object_id} <- ObjectValidators.ObjectID.cast(object),
-         actor_uri <- URI.parse(actor),
-         object_uri <- URI.parse(object_id),
-         true <- actor_uri.host == object_uri.host do
-      cng
+         entity <-
+           Object.normalize(object_id, fetch: false) || User.get_cached_by_ap_id(object_id) do
+      case entity do
+        # Actor must own Object to update it
+        %Object{} ->
+          if actor == entity.data["actor"] do
+            cng
+          else
+            cng
+            |> add_error(:object, "Can't be updated by this actor")
+          end
+
+        # Actor must only be allowed to update itself
+        %User{} ->
+          if actor == entity.ap_id do
+            cng
+          else
+            cng
+            |> add_error(:object, "Can't be updated by this actor")
+          end
+
+        nil ->
+          cng
+          |> add_error(:object, "Can't be updated by this actor")
+
+        _ ->
+          cng
+          |> add_error(:object, "Update is neither for Object or Actor")
+      end
     else
       _e ->
         cng

lib/pleroma/web/activity_pub/publisher.ex

@@ -79,7 +79,7 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
   Determine if an activity can be represented by running it through Transmogrifier.
   """
   def representable?(%Activity{} = activity) do
-    with {:ok, _data} <- @transmogrifier_impl.prepare_outgoing(activity.data) do
+    with {:ok, _data} <- @transmogrifier_impl.prepare_activity(activity.data) do
       true
     else
       _e ->
@@ -102,14 +102,14 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
     Logger.debug("Federating #{ap_id} to #{inbox}")
     uri = %{path: path} = URI.parse(inbox)
 
-    {:ok, data} = @transmogrifier_impl.prepare_outgoing(activity.data)
+    {:ok, data} = @transmogrifier_impl.prepare_activity(activity.data)
 
     {actor, data} =
       with {_, false} <- {:actor_changed?, data["actor"] != activity.data["actor"]} do
         {actor, data}
       else
         {:actor_changed?, true} ->
-          # If prepare_outgoing changes the actor, re-get it from the db
+          # If prepare_activity changes the actor, re-get it from the db
           new_actor = User.get_cached_by_ap_id(data["actor"])
           {new_actor, data}
       end

lib/pleroma/web/activity_pub/transmogrifier.ex

@@ -783,7 +783,13 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
 
   def set_replies(obj_data), do: obj_data
 
-  # Prepares the object of an outgoing create activity.
+  defp set_voters_count(%{"voters" => [_ | _] = voters} = obj) do
+    Map.merge(obj, %{"votersCount" => length(voters)})
+  end
+
+  defp set_voters_count(obj), do: obj
+
+  # Prepares and sanitizes the object for federation.
   def prepare_object(object) do
     object
     |> add_hashtags
@@ -795,6 +801,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     |> set_reply_to_uri
     |> set_quote_url
     |> set_replies
+    |> set_voters_count
     |> CommonFixes.maybe_add_content_map()
     |> strip_internal_fields
     |> strip_internal_tags
@@ -824,7 +831,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
   #  internal -> Mastodon
   #  """
 
-  def prepare_outgoing(%{"type" => activity_type, "object" => object_id} = data)
+  def prepare_activity(%{"type" => activity_type, "object" => object_id} = data)
       when activity_type in ["Create", "Listen"] do
     object =
       object_id
@@ -840,7 +847,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     {:ok, data}
   end
 
-  def prepare_outgoing(%{"type" => "Update", "object" => %{"type" => objtype} = object} = data)
+  def prepare_activity(%{"type" => "Update", "object" => %{"type" => objtype} = object} = data)
       when objtype in Pleroma.Constants.updatable_object_types() do
     data =
       data
@@ -851,7 +858,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     {:ok, data}
   end
 
-  def prepare_outgoing(%{"type" => "Update", "object" => %{"type" => objtype} = object} = data)
+  def prepare_activity(%{"type" => "Update", "object" => %{"type" => objtype} = object} = data)
       when objtype in Pleroma.Constants.actor_types() do
     object =
       object
@@ -868,11 +875,11 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     {:ok, data}
   end
 
-  def prepare_outgoing(%{"type" => "Update", "object" => %{}} = data) do
+  def prepare_activity(%{"type" => "Update", "object" => %{}} = data) do
     raise "Requested to serve an Update for non-updateable object type:  #{inspect(data)}"
   end
 
-  def prepare_outgoing(%{"type" => "Announce", "actor" => ap_id, "object" => object_id} = data) do
+  def prepare_activity(%{"type" => "Announce", "actor" => ap_id, "object" => object_id} = data) do
     object =
       object_id
       |> Object.normalize(fetch: false)
@@ -895,7 +902,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
 
   # Mastodon Accept/Reject requires a non-normalized object containing the actor URIs,
   # because of course it does.
-  def prepare_outgoing(%{"type" => "Accept"} = data) do
+  def prepare_activity(%{"type" => "Accept"} = data) do
     with follow_activity <- Activity.normalize(data["object"]) do
       object = %{
         "actor" => follow_activity.actor,
@@ -913,7 +920,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     end
   end
 
-  def prepare_outgoing(%{"type" => "Reject"} = data) do
+  def prepare_activity(%{"type" => "Reject"} = data) do
     with follow_activity <- Activity.normalize(data["object"]) do
       object = %{
         "actor" => follow_activity.actor,
@@ -931,7 +938,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     end
   end
 
-  def prepare_outgoing(%{"type" => "Flag"} = data) do
+  def prepare_activity(%{"type" => "Flag"} = data) do
     with {:ok, stripped_activity} <- Utils.strip_report_status_data(data),
          stripped_activity <- Utils.maybe_anonymize_reporter(stripped_activity),
          stripped_activity <- Map.merge(stripped_activity, Utils.make_json_ld_header()) do
@@ -939,7 +946,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
     end
   end
 
-  def prepare_outgoing(%{"type" => _type} = data) do
+  def prepare_activity(%{"type" => _type} = data) do
     data =
       data
       |> strip_internal_fields

lib/pleroma/web/activity_pub/transmogrifier/api.ex

@@ -7,5 +7,5 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.API do
   Behaviour for the subset of Transmogrifier used by Publisher.
   """
 
-  @callback prepare_outgoing(map()) :: {:ok, map()} | {:error, term()}
+  @callback prepare_activity(map()) :: {:ok, map()} | {:error, term()}
 end

lib/pleroma/web/activity_pub/utils.ex

@@ -120,7 +120,8 @@ defmodule Pleroma.Web.ActivityPub.Utils do
         "https://www.w3.org/ns/activitystreams",
         "#{Endpoint.url()}/schemas/litepub-0.1.jsonld",
         %{
-          "@language" => get_language(data)
+          "@language" => get_language(data),
+          "htmlMfm" => "https://w3id.org/fep/c16b#htmlMfm"
         }
       ]
     }
@@ -863,6 +864,34 @@ defmodule Pleroma.Web.ActivityPub.Utils do
 
   def update_report_state(_, _), do: {:error, "Unsupported state"}
 
+  def assign_report_to_account(%Activity{} = activity, nil = _account) do
+    new_data = Map.delete(activity.data, "assigned_account")
+
+    activity
+    |> Changeset.change(data: new_data)
+    |> Repo.update()
+  end
+
+  def assign_report_to_account(%Activity{} = activity, account) do
+    new_data = Map.put(activity.data, "assigned_account", account)
+
+    activity
+    |> Changeset.change(data: new_data)
+    |> Repo.update()
+  end
+
+  def assign_report_to_account(activity_ids, account) do
+    activities_num = length(activity_ids)
+
+    from(a in Activity, where: a.id in ^activity_ids)
+    |> update(set: [data: fragment("jsonb_set(data, '{assigned_account}', ?)", ^account)])
+    |> Repo.update_all([])
+    |> case do
+      {^activities_num, _} -> :ok
+      _ -> {:error, activity_ids}
+    end
+  end
+
   def strip_report_status_data(%Activity{} = activity) do
     with {:ok, new_data} <- strip_report_status_data(activity.data) do
       {:ok, %{activity | data: new_data}}

lib/pleroma/web/activity_pub/views/object_view.ex

@@ -19,7 +19,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectView do
   end
 
   def render("object.json", %{object: %Activity{} = activity}) do
-    {:ok, ap_data} = Transmogrifier.prepare_outgoing(activity.data)
+    {:ok, ap_data} = Transmogrifier.prepare_activity(activity.data)
     ap_data
   end
 

lib/pleroma/web/activity_pub/views/user_view.ex

@@ -35,32 +35,14 @@ defmodule Pleroma.Web.ActivityPub.UserView do
   def render("endpoints.json", _), do: %{}
 
   def render("service.json", %{user: user}) do
-    {:ok, _, public_key} = Keys.keys_from_pem(user.keys)
-    public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
-    public_key = :public_key.pem_encode([public_key])
-
-    endpoints = render("endpoints.json", %{user: user})
-
-    %{
-      "id" => user.ap_id,
+    Map.merge(common_actor_fields(user), %{
       "type" => "Application",
-      "following" => "#{user.ap_id}/following",
-      "followers" => "#{user.ap_id}/followers",
-      "inbox" => "#{user.ap_id}/inbox",
-      "outbox" => "#{user.ap_id}/outbox",
       "name" => "Pleroma",
       "summary" =>
         "An internal service actor for this Pleroma instance.  No user-serviceable parts inside.",
-      "url" => user.ap_id,
       "manuallyApprovesFollowers" => false,
-      "publicKey" => %{
-        "id" => "#{user.ap_id}#main-key",
-        "owner" => user.ap_id,
-        "publicKeyPem" => public_key
-      },
-      "endpoints" => endpoints,
       "invisible" => User.invisible?(user)
-    }
+    })
     |> Map.merge(Utils.make_json_ld_header())
   end
 
@@ -77,13 +59,8 @@ defmodule Pleroma.Web.ActivityPub.UserView do
   end
 
   def render("user.json", %{user: user}) do
-    {:ok, _, public_key} = Keys.keys_from_pem(user.keys)
-    public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
-    public_key = :public_key.pem_encode([public_key])
     user = User.sanitize_html(user)
 
-    endpoints = render("endpoints.json", %{user: user})
-
     emoji_tags = Transmogrifier.take_emoji_tags(user)
 
     fields = Enum.map(user.fields, &Map.put(&1, "type", "PropertyValue"))
@@ -102,25 +79,9 @@ defmodule Pleroma.Web.ActivityPub.UserView do
         do: Date.to_iso8601(user.birthday),
         else: nil
 
-    %{
-      "id" => user.ap_id,
-      "type" => user.actor_type,
-      "following" => "#{user.ap_id}/following",
-      "followers" => "#{user.ap_id}/followers",
-      "inbox" => "#{user.ap_id}/inbox",
-      "outbox" => "#{user.ap_id}/outbox",
+    Map.merge(common_actor_fields(user), %{
       "featured" => "#{user.ap_id}/collections/featured",
       "preferredUsername" => user.nickname,
-      "name" => user.name,
-      "summary" => user.bio,
-      "url" => user.ap_id,
-      "manuallyApprovesFollowers" => user.is_locked,
-      "publicKey" => %{
-        "id" => "#{user.ap_id}#main-key",
-        "owner" => user.ap_id,
-        "publicKeyPem" => public_key
-      },
-      "endpoints" => endpoints,
       "attachment" => fields,
       "tag" => emoji_tags,
       # Note: key name is indeed "discoverable" (not an error)
@@ -130,7 +91,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do
       "vcard:bday" => birthday,
       "webfinger" => "acct:#{User.full_nickname(user)}",
       "published" => Pleroma.Web.CommonAPI.Utils.to_masto_date(user.inserted_at)
-    }
+    })
     |> Map.merge(
       maybe_make_image(
         &User.avatar_url/2,
@@ -283,7 +244,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do
       }) do
     collection =
       Enum.map(activities, fn activity ->
-        {:ok, data} = Transmogrifier.prepare_outgoing(activity.data)
+        {:ok, data} = Transmogrifier.prepare_activity(activity.data)
         data
       end)
 
@@ -309,6 +270,33 @@ defmodule Pleroma.Web.ActivityPub.UserView do
     |> Map.merge(Utils.make_json_ld_header())
   end
 
+  defp common_actor_fields(%User{} = user) do
+    endpoints = render("endpoints.json", %{user: user})
+
+    {:ok, _, public_key} = Keys.keys_from_pem(user.keys)
+    public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
+    public_key = :public_key.pem_encode([public_key])
+
+    %{
+      "id" => user.ap_id,
+      "type" => user.actor_type,
+      "following" => "#{user.ap_id}/following",
+      "followers" => "#{user.ap_id}/followers",
+      "inbox" => "#{user.ap_id}/inbox",
+      "outbox" => "#{user.ap_id}/outbox",
+      "name" => user.name,
+      "summary" => user.bio,
+      "url" => user.ap_id,
+      "manuallyApprovesFollowers" => user.is_locked,
+      "endpoints" => endpoints,
+      "publicKey" => %{
+        "id" => "#{user.ap_id}#main-key",
+        "owner" => user.ap_id,
+        "publicKeyPem" => public_key
+      }
+    }
+  end
+
   defp maybe_put_total_items(map, false, _total), do: map
 
   defp maybe_put_total_items(map, true, total) do

lib/pleroma/web/admin_api/controllers/config_controller.ex

@@ -174,6 +174,8 @@ defmodule Pleroma.Web.AdminAPI.ConfigController do
     end
   end
 
+  defp whitelisted_config?(":pleroma", ":database_config_whitelist"), do: false
+
   defp whitelisted_config?(group, key) do
     if whitelisted_configs = Config.get(:database_config_whitelist) do
       Enum.any?(whitelisted_configs, fn

lib/pleroma/web/admin_api/controllers/report_controller.ex

@@ -10,6 +10,7 @@ defmodule Pleroma.Web.AdminAPI.ReportController do
   alias Pleroma.Activity
   alias Pleroma.ModerationLog
   alias Pleroma.ReportNote
+  alias Pleroma.User
   alias Pleroma.Web.ActivityPub.Utils
   alias Pleroma.Web.AdminAPI
   alias Pleroma.Web.AdminAPI.Report
@@ -24,7 +25,7 @@ defmodule Pleroma.Web.AdminAPI.ReportController do
   plug(
     OAuthScopesPlug,
     %{scopes: ["admin:write:reports"]}
-    when action in [:update, :notes_create, :notes_delete]
+    when action in [:update, :assign_account, :notes_create, :notes_delete]
   )
 
   action_fallback(AdminAPI.FallbackController)
@@ -79,6 +80,22 @@ defmodule Pleroma.Web.AdminAPI.ReportController do
     end
   end
 
+  def assign_account(
+        %{
+          assigns: %{user: admin},
+          private: %{open_api_spex: %{body_params: %{reports: reports}}}
+        } = conn,
+        _
+      ) do
+    result = Enum.map(reports, &do_assign_account(&1, admin))
+
+    if Enum.any?(result, &Map.has_key?(&1, :error)) do
+      json_response(conn, :bad_request, result)
+    else
+      json_response(conn, :no_content, "")
+    end
+  end
+
   def notes_create(
         %{
           assigns: %{user: user},
@@ -131,4 +148,40 @@ defmodule Pleroma.Web.AdminAPI.ReportController do
       _ -> json_response(conn, :bad_request, "")
     end
   end
+
+  defp do_assign_account(%{assigned_account: nil, id: id}, admin) do
+    with {:ok, activity} <- CommonAPI.assign_report_to_account(id, nil),
+         report <- Activity.get_by_id_with_user_actor(activity.id) do
+      ModerationLog.insert_log(%{
+        action: "report_unassigned",
+        actor: admin,
+        subject: activity,
+        subject_actor: report.user_actor
+      })
+
+      activity
+    else
+      {:error, message} ->
+        %{id: id, error: message}
+    end
+  end
+
+  defp do_assign_account(%{assigned_account: assigned_account, id: id}, admin) do
+    with %User{id: account} = user <- User.get_cached_by_nickname(assigned_account),
+         {:ok, activity} <- CommonAPI.assign_report_to_account(id, account),
+         report <- Activity.get_by_id_with_user_actor(activity.id) do
+      ModerationLog.insert_log(%{
+        action: "report_assigned",
+        actor: admin,
+        subject: activity,
+        subject_actor: report.user_actor,
+        assigned_account: user.nickname
+      })
+
+      activity
+    else
+      {:error, message} ->
+        %{id: id, error: message}
+    end
+  end
 end

lib/pleroma/web/admin_api/report.ex

@@ -13,6 +13,11 @@ defmodule Pleroma.Web.AdminAPI.Report do
     user = User.get_cached_by_ap_id(actor)
     account = User.get_cached_by_ap_id(account_ap_id)
 
+    assigned_account =
+      if Map.has_key?(report.data, "assigned_account") do
+        User.get_cached_by_id(report.data["assigned_account"])
+      end
+
     statuses =
       status_ap_ids
       |> Enum.reject(&is_nil(&1))
@@ -26,7 +31,13 @@ defmodule Pleroma.Web.AdminAPI.Report do
             Activity.get_by_ap_id_with_object(act)
       end)
 
-    %{report: report, user: user, account: account, statuses: statuses}
+    %{
+      report: report,
+      user: user,
+      account: account,
+      statuses: statuses,
+      assigned_account: assigned_account
+    }
   end
 
   defp make_fake_activity(act, user) do

lib/pleroma/web/admin_api/views/report_view.ex

@@ -26,7 +26,13 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
     }
   end
 
-  def render("show.json", %{report: report, user: user, account: account, statuses: statuses}) do
+  def render("show.json", %{
+        report: report,
+        user: user,
+        account: account,
+        statuses: statuses,
+        assigned_account: assigned_account
+      }) do
     created_at = Utils.to_masto_date(report.data["published"])
 
     content =
@@ -36,6 +42,11 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
         nil
       end
 
+    assigned_account =
+      if assigned_account do
+        merge_account_views(assigned_account)
+      end
+
     %{
       id: report.id,
       account: merge_account_views(account),
@@ -49,7 +60,8 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
         }),
       state: report.data["state"],
       notes: render(__MODULE__, "index_notes.json", %{notes: report.report_notes}),
-      rules: rules(Map.get(report.data, "rules", nil))
+      rules: rules(Map.get(report.data, "rules", nil)),
+      assigned_account: assigned_account
     }
   end
 

lib/pleroma/web/api_spec/cast_and_validate.ex

@@ -106,7 +106,14 @@ defmodule Pleroma.Web.ApiSpec.CastAndValidate do
     OpenApiSpex.cast_and_validate(spec, operation, conn, content_type, cast_opts)
   end
 
-  defp cast_and_validate(spec, operation, conn, content_type, false = _strict, cast_opts) do
+  defp cast_and_validate(
+         spec,
+         operation,
+         %Conn{} = conn,
+         content_type,
+         false = _strict,
+         cast_opts
+       ) do
     case OpenApiSpex.cast_and_validate(spec, operation, conn, content_type) do
       {:ok, conn} ->
         {:ok, conn}

lib/pleroma/web/api_spec/operations/admin/report_operation.ex

@@ -53,6 +53,12 @@ defmodule Pleroma.Web.ApiSpec.Admin.ReportOperation do
           :query,
           %Schema{type: :integer, default: 50},
           "Number number of log entries per page"
+        ),
+        Operation.parameter(
+          :assigned_account,
+          :query,
+          %Schema{type: :string},
+          "Filter by assigned account ID"
         )
         | admin_api_params()
       ],
@@ -103,6 +109,22 @@ defmodule Pleroma.Web.ApiSpec.Admin.ReportOperation do
     }
   end
 
+  def assign_account_operation do
+    %Operation{
+      tags: ["Report management"],
+      summary: "Assign account to specified reports",
+      operationId: "AdminAPI.ReportController.assign_account",
+      security: [%{"oAuth" => ["admin:write:reports"]}],
+      parameters: admin_api_params(),
+      requestBody: request_body("Parameters", assign_account_request(), required: true),
+      responses: %{
+        204 => no_content_response(),
+        400 => Operation.response("Bad Request", "application/json", update_400_response()),
+        403 => Operation.response("Forbidden", "application/json", ApiError)
+      }
+    }
+  end
+
   def notes_create_operation do
     %Operation{
       tags: ["Report management"],
@@ -186,7 +208,10 @@ defmodule Pleroma.Web.ApiSpec.Admin.ReportOperation do
               hint: %Schema{type: :string, nullable: true}
             }
           }
-        }
+        },
+        assigned_account:
+          account_admin()
+          |> Map.put(:nullable, true)
       }
     }
   end
@@ -242,6 +267,34 @@ defmodule Pleroma.Web.ApiSpec.Admin.ReportOperation do
     }
   end
 
+  defp assign_account_request do
+    %Schema{
+      type: :object,
+      required: [:reports],
+      properties: %{
+        reports: %Schema{
+          type: :array,
+          items: %Schema{
+            type: :object,
+            properties: %{
+              id: %Schema{allOf: [FlakeID], description: "Required, report ID"},
+              assigned_account: %Schema{
+                type: :string,
+                description: "User nickname",
+                nullable: true
+              }
+            }
+          },
+          example: %{
+            "reports" => [
+              %{"id" => "123", "assigned_account" => "pleroma"}
+            ]
+          }
+        }
+      }
+    }
+  end
+
   defp update_400_response do
     %Schema{
       type: :array,

lib/pleroma/web/api_spec/operations/instance_operation.ex

@@ -342,6 +342,18 @@ defmodule Pleroma.Web.ApiSpec.InstanceOperation do
                 max_pinned_statuses: %Schema{
                   type: :integer,
                   description: "The maximum number of pinned statuses for each account."
+                },
+                max_profile_fields: %Schema{
+                  type: :integer,
+                  description: "The maximum number of custom profile fields allowed to be set."
+                },
+                profile_field_name_limit: %Schema{
+                  type: :integer,
+                  description: "The maximum size of a profile field name, in characters."
+                },
+                profile_field_value_limit: %Schema{
+                  type: :integer,
+                  description: "The maximum size of a profile field value, in characters."
                 }
               }
             },

lib/pleroma/web/api_spec/operations/list_operation.ex

@@ -36,7 +36,7 @@ defmodule Pleroma.Web.ApiSpec.ListOperation do
       summary: "Create a list",
       description: "Fetch the list with the given ID. Used for verifying the title of a list.",
       operationId: "ListController.create",
-      requestBody: create_update_request(),
+      requestBody: create_request(),
       security: [%{"oAuth" => ["write:lists"]}],
       responses: %{
         200 => Operation.response("List", "application/json", List),
@@ -68,7 +68,7 @@ defmodule Pleroma.Web.ApiSpec.ListOperation do
       description: "Change the title of a list",
       operationId: "ListController.update",
       parameters: [id_param()],
-      requestBody: create_update_request(),
+      requestBody: update_request(),
       security: [%{"oAuth" => ["write:lists"]}],
       responses: %{
         200 => Operation.response("List", "application/json", List),
@@ -164,14 +164,18 @@ defmodule Pleroma.Web.ApiSpec.ListOperation do
     )
   end
 
-  defp create_update_request do
+  defp create_request do
     request_body(
       "Parameters",
       %Schema{
-        description: "POST body for creating or updating a List",
+        description: "POST body for creating a List",
         type: :object,
         properties: %{
-          title: %Schema{type: :string, description: "List title"}
+          title: %Schema{type: :string, description: "List title"},
+          exclusive: %Schema{
+            type: :boolean,
+            description: "Whether members of the list should be removed from the “Home” feed"
+          }
         },
         required: [:title]
       },
@@ -179,6 +183,24 @@ defmodule Pleroma.Web.ApiSpec.ListOperation do
     )
   end
 
+  defp update_request do
+    request_body(
+      "Parameters",
+      %Schema{
+        description: "PUT body for updating a List",
+        type: :object,
+        properties: %{
+          title: %Schema{type: :string, description: "List title"},
+          exclusive: %Schema{
+            type: :boolean,
+            description: "Whether members of the list should be removed from the “Home” feed"
+          }
+        }
+      },
+      required: true
+    )
+  end
+
   defp add_remove_accounts_request(required) when is_boolean(required) do
     request_body(
       "Parameters",

lib/pleroma/web/api_spec/operations/pleroma_util_operation.ex

@@ -2,7 +2,7 @@
 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
-defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
+defmodule Pleroma.Web.ApiSpec.PleromaUtilOperation do
   alias OpenApiSpex.Operation
   alias OpenApiSpex.Schema
   alias Pleroma.Web.ApiSpec.Schemas.ApiError
@@ -19,7 +19,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
     %Operation{
       tags: ["Custom emojis"],
       summary: "List all custom emojis",
-      operationId: "UtilController.emoji",
+      operationId: "PleromaAPI.UtilController.emoji",
       parameters: [],
       responses: %{
         200 =>
@@ -48,7 +48,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
     %Operation{
       tags: ["Others"],
       summary: "Dump frontend configurations",
-      operationId: "UtilController.frontend_configurations",
+      operationId: "PleromaAPI.UtilController.frontend_configurations",
       parameters: [],
       responses: %{
         200 =>
@@ -70,7 +70,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
       tags: ["Account credentials"],
       summary: "Change account password",
       security: [%{"oAuth" => ["write:accounts"]}],
-      operationId: "UtilController.change_password",
+      operationId: "PleromaAPI.UtilController.change_password",
       requestBody: request_body("Parameters", change_password_request(), required: true),
       responses: %{
         200 =>
@@ -106,7 +106,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
       tags: ["Account credentials"],
       summary: "Change account email",
       security: [%{"oAuth" => ["write:accounts"]}],
-      operationId: "UtilController.change_email",
+      operationId: "PleromaAPI.UtilController.change_email",
       requestBody: request_body("Parameters", change_email_request(), required: true),
       responses: %{
         200 =>
@@ -141,7 +141,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
       tags: ["Settings"],
       summary: "Update Notification Settings",
       security: [%{"oAuth" => ["write:accounts"]}],
-      operationId: "UtilController.update_notification_settings",
+      operationId: "PleromaAPI.UtilController.update_notification_settings",
       parameters: [
         Operation.parameter(
           :block_from_strangers,
@@ -173,7 +173,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
       tags: ["Account credentials"],
       summary: "Disable Account",
       security: [%{"oAuth" => ["write:accounts"]}],
-      operationId: "UtilController.disable_account",
+      operationId: "PleromaAPI.UtilController.disable_account",
       parameters: [
         Operation.parameter(:password, :query, :string, "Password")
       ],
@@ -193,7 +193,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
       tags: ["Account credentials"],
       summary: "Delete Account",
       security: [%{"oAuth" => ["write:accounts"]}],
-      operationId: "UtilController.delete_account",
+      operationId: "PleromaAPI.UtilController.delete_account",
       parameters: [
         Operation.parameter(:password, :query, :string, "Password")
       ],
@@ -212,7 +212,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
   def captcha_operation do
     %Operation{
       summary: "Get a captcha",
-      operationId: "UtilController.captcha",
+      operationId: "PleromaAPI.UtilController.captcha",
       tags: ["Others"],
       parameters: [],
       responses: %{
@@ -226,7 +226,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
       tags: ["Account credentials"],
       summary: "Move account",
       security: [%{"oAuth" => ["write:accounts"]}],
-      operationId: "UtilController.move_account",
+      operationId: "PleromaAPI.UtilController.move_account",
       requestBody: request_body("Parameters", move_account_request(), required: true),
       responses: %{
         200 =>
@@ -262,7 +262,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
       tags: ["Account credentials"],
       summary: "List account aliases",
       security: [%{"oAuth" => ["read:accounts"]}],
-      operationId: "UtilController.list_aliases",
+      operationId: "PleromaAPI.UtilController.list_aliases",
       responses: %{
         200 =>
           Operation.response("Success", "application/json", %Schema{
@@ -286,7 +286,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
       tags: ["Account credentials"],
       summary: "Add an alias to this account",
       security: [%{"oAuth" => ["write:accounts"]}],
-      operationId: "UtilController.add_alias",
+      operationId: "PleromaAPI.UtilController.add_alias",
       requestBody: request_body("Parameters", add_alias_request(), required: true),
       responses: %{
         200 =>
@@ -326,7 +326,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
       tags: ["Account credentials"],
       summary: "Delete an alias from this account",
       security: [%{"oAuth" => ["write:accounts"]}],
-      operationId: "UtilController.delete_alias",
+      operationId: "PleromaAPI.UtilController.delete_alias",
       requestBody: request_body("Parameters", delete_alias_request(), required: true),
       responses: %{
         200 =>
@@ -366,7 +366,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
       tags: ["Others"],
       summary: "Quick status check on the instance",
       security: [%{"oAuth" => ["write:accounts"]}],
-      operationId: "UtilController.healthcheck",
+      operationId: "PleromaAPI.UtilController.healthcheck",
       parameters: [],
       responses: %{
         200 => Operation.response("Healthy", "application/json", %Schema{type: :object}),
@@ -376,52 +376,6 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
     }
   end
 
-  def remote_subscribe_operation do
-    %Operation{
-      tags: ["Remote interaction"],
-      summary: "Remote Subscribe",
-      operationId: "UtilController.remote_subscribe",
-      parameters: [],
-      responses: %{200 => Operation.response("Web Page", "test/html", %Schema{type: :string})}
-    }
-  end
-
-  def remote_interaction_operation do
-    %Operation{
-      tags: ["Remote interaction"],
-      summary: "Remote interaction",
-      operationId: "UtilController.remote_interaction",
-      requestBody: request_body("Parameters", remote_interaction_request(), required: true),
-      responses: %{
-        200 =>
-          Operation.response("Remote interaction URL", "application/json", %Schema{type: :object})
-      }
-    }
-  end
-
-  defp remote_interaction_request do
-    %Schema{
-      title: "RemoteInteractionRequest",
-      description: "POST body for remote interaction",
-      type: :object,
-      required: [:ap_id, :profile],
-      properties: %{
-        ap_id: %Schema{type: :string, description: "Profile or status ActivityPub ID"},
-        profile: %Schema{type: :string, description: "Remote profile webfinger"}
-      }
-    }
-  end
-
-  def show_subscribe_form_operation do
-    %Operation{
-      tags: ["Remote interaction"],
-      summary: "Show remote subscribe form",
-      operationId: "UtilController.show_subscribe_form",
-      parameters: [],
-      responses: %{200 => Operation.response("Web Page", "test/html", %Schema{type: :string})}
-    }
-  end
-
   defp delete_account_request do
     %Schema{
       title: "AccountDeleteRequest",

lib/pleroma/web/api_spec/operations/remote_interaction_operation.ex

@@ -0,0 +1,99 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ApiSpec.RemoteInteractionOperation do
+  alias OpenApiSpex.Operation
+  alias OpenApiSpex.Schema
+
+  import Pleroma.Web.ApiSpec.Helpers
+
+  def open_api_operation(action) do
+    operation = String.to_existing_atom("#{action}_operation")
+    apply(__MODULE__, operation, [])
+  end
+
+  def remote_interaction_operation do
+    %Operation{
+      tags: ["Remote interaction"],
+      summary: "Remote interaction",
+      operationId: "RemoteInteractionController.remote_interaction",
+      requestBody: request_body("Parameters", remote_interaction_request(), required: true),
+      responses: %{
+        200 =>
+          Operation.response("Remote interaction URL", "application/json", %Schema{type: :object})
+      }
+    }
+  end
+
+  defp remote_interaction_request do
+    %Schema{
+      title: "RemoteInteractionRequest",
+      description: "POST body for remote interaction",
+      type: :object,
+      required: [:ap_id, :profile],
+      properties: %{
+        ap_id: %Schema{type: :string, description: "Profile or status ActivityPub ID"},
+        profile: %Schema{type: :string, description: "Remote profile webfinger"}
+      }
+    }
+  end
+
+  def follow_operation do
+    %Operation{
+      tags: ["Remote interaction"],
+      summary: "Display follow form",
+      operationId: "RemoteInteractionController.follow",
+      parameters: [],
+      responses: %{
+        200 => Operation.response("Web Page", "text/html", %Schema{type: :string}),
+        302 => Operation.response("Redirect to the status page", nil, nil)
+      }
+    }
+  end
+
+  def do_follow_operation do
+    %Operation{
+      tags: ["Remote interaction"],
+      summary: "Perform follow activity",
+      operationId: "RemoteInteractionController.do_follow",
+      parameters: [],
+      responses: %{
+        200 => Operation.response("Web page", "text/html", %Schema{type: :string}),
+        302 => Operation.response("Redirect to the account page", nil, nil)
+      }
+    }
+  end
+
+  def authorize_interaction_operation do
+    %Operation{
+      tags: ["Remote interaction"],
+      summary: "Authorize remote interaction",
+      operationId: "RemoteInteractionController.authorize_interaction",
+      parameters: [],
+      responses: %{
+        302 => Operation.response("Redirect to remote_interaction path", nil, nil)
+      }
+    }
+  end
+
+  def show_subscribe_form_operation do
+    %Operation{
+      tags: ["Remote interaction"],
+      summary: "Show remote subscribe form",
+      operationId: "RemoteInteractionController.show_subscribe_form",
+      parameters: [],
+      responses: %{200 => Operation.response("Web Page", "text/html", %Schema{type: :string})}
+    }
+  end
+
+  def remote_subscribe_operation do
+    %Operation{
+      tags: ["Remote interaction"],
+      summary: "Remote Subscribe",
+      operationId: "RemoteInteractionController.remote_subscribe",
+      parameters: [],
+      responses: %{200 => Operation.response("Web Page", "text/html", %Schema{type: :string})}
+    }
+  end
+end

lib/pleroma/web/api_spec/render_error.ex

@@ -17,11 +17,11 @@ defmodule Pleroma.Web.ApiSpec.RenderError do
   def call(conn, errors) do
     errors =
       Enum.map(errors, fn
-        %{name: nil, reason: :invalid_enum} = err ->
-          %OpenApiSpex.Cast.Error{err | name: err.value}
+        %OpenApiSpex.Cast.Error{name: nil, reason: :invalid_enum} = err ->
+          %{err | name: err.value}
 
-        %{name: nil} = err ->
-          %OpenApiSpex.Cast.Error{err | name: List.last(err.path)}
+        %OpenApiSpex.Cast.Error{name: nil} = err ->
+          %{err | name: List.last(err.path)}
 
         err ->
           err

lib/pleroma/web/api_spec/schemas/account.ex

@@ -21,6 +21,7 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Account do
       acct: %Schema{type: :string},
       avatar_static: %Schema{type: :string, format: :uri},
       avatar: %Schema{type: :string, format: :uri},
+      avatar_description: %Schema{type: :string},
       bot: %Schema{type: :boolean},
       created_at: %Schema{type: :string, format: "date-time"},
       display_name: %Schema{type: :string},
@@ -31,6 +32,7 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Account do
       following_count: %Schema{type: :integer},
       header_static: %Schema{type: :string, format: :uri},
       header: %Schema{type: :string, format: :uri},
+      header_description: %Schema{type: :string},
       id: FlakeID,
       locked: %Schema{type: :boolean},
       note: %Schema{type: :string, format: :html},
@@ -111,8 +113,8 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Account do
             nullable: true,
             description: "Favicon image of the user's instance"
           },
-          avatar_description: %Schema{type: :string},
-          header_description: %Schema{type: :string}
+          avatar_description: %Schema{type: :string, deprecated: true},
+          header_description: %Schema{type: :string, deprecated: true}
         }
       },
       source: %Schema{

lib/pleroma/web/api_spec/schemas/account_relationship.ex

@@ -26,7 +26,9 @@ defmodule Pleroma.Web.ApiSpec.Schemas.AccountRelationship do
       requested: %Schema{type: :boolean},
       showing_reblogs: %Schema{type: :boolean},
       subscribing: %Schema{type: :boolean},
-      notifying: %Schema{type: :boolean}
+      notifying: %Schema{type: :boolean},
+      mute_expires_at: %Schema{type: :string, format: "date-time", nullable: true},
+      block_expires_at: %Schema{type: :string, format: "date-time", nullable: true}
     },
     example: %{
       "blocked_by" => false,

lib/pleroma/web/api_spec/schemas/bookmark_folder.ex

@@ -15,12 +15,18 @@ defmodule Pleroma.Web.ApiSpec.Schemas.BookmarkFolder do
     properties: %{
       id: FlakeID,
       name: %Schema{type: :string, description: "Folder name"},
-      emoji: %Schema{type: :string, description: "Folder emoji", nullable: true}
+      emoji: %Schema{type: :string, description: "Folder emoji", nullable: true},
+      emoji_url: %Schema{
+        type: :string,
+        description: "URL of the folder emoji if it's a custom emoji, null otherwise",
+        nullable: true
+      }
     },
     example: %{
       "id" => "9toJCu5YZW7O7gfvH6",
       "name" => "Read later",
-      "emoji" => nil
+      "emoji" => nil,
+      "emoji_url" => nil
     }
   })
 end

lib/pleroma/web/api_spec/schemas/list.ex

@@ -13,7 +13,11 @@ defmodule Pleroma.Web.ApiSpec.Schemas.List do
     type: :object,
     properties: %{
       id: %Schema{type: :string, description: "The internal database ID of the list"},
-      title: %Schema{type: :string, description: "The user-defined title of the list"}
+      title: %Schema{type: :string, description: "The user-defined title of the list"},
+      exclusive: %Schema{
+        type: :boolean,
+        description: "Whether members of the list should be removed from the “Home” feed"
+      }
     },
     example: %{
       "id" => "12249",

lib/pleroma/web/common_api.ex

@@ -222,8 +222,8 @@ defmodule Pleroma.Web.CommonAPI do
     with %Activity{data: %{"type" => "Create"}} = activity <- Activity.get_by_id(id),
          object = %Object{} <- Object.normalize(activity, fetch: false),
          {_, nil} <- {:existing_announce, Utils.get_existing_announce(user.ap_id, object)},
-         public = public_announce?(object, params),
-         {:ok, announce, _} <- Builder.announce(user, object, public: public),
+         visibility = announce_visibility(object, params),
+         {:ok, announce, _} <- Builder.announce(user, object, visibility: visibility),
          {:ok, activity, _} <- Pipeline.common_pipeline(announce, local: true) do
       {:ok, activity}
     else
@@ -407,13 +407,11 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
-  defp public_announce?(_, %{visibility: visibility})
-       when visibility in ~w{public unlisted private direct},
-       do: visibility in ~w(public unlisted)
+  def announce_visibility(_, %{visibility: visibility})
+      when visibility in ~w{public unlisted private direct local},
+      do: visibility
 
-  defp public_announce?(object, _) do
-    Visibility.public?(object)
-  end
+  def announce_visibility(object, _), do: Visibility.get_visibility(object)
 
   @spec get_visibility(map(), map() | nil, Participation.t() | nil) ::
           {String.t() | nil, String.t() | nil}
@@ -709,6 +707,22 @@ defmodule Pleroma.Web.CommonAPI do
     end
   end
 
+  def assign_report_to_account(activity_ids, user) when is_list(activity_ids) do
+    case Utils.assign_report_to_account(activity_ids, user) do
+      :ok -> {:ok, activity_ids}
+      _ -> {:error, dgettext("errors", "Could not assign account")}
+    end
+  end
+
+  def assign_report_to_account(activity_id, user) do
+    with %Activity{} = activity <- Activity.get_by_id(activity_id) do
+      Utils.assign_report_to_account(activity, user)
+    else
+      nil -> {:error, :not_found}
+      _ -> {:error, dgettext("errors", "Could not assign account")}
+    end
+  end
+
   @spec update_activity_scope(String.t(), map()) :: {:ok, any()} | {:error, any()}
   def update_activity_scope(activity_id, opts \\ %{}) do
     with %Activity{} = activity <- Activity.get_by_id_with_object(activity_id),

lib/pleroma/web/common_api/activity_draft.ex

@@ -88,7 +88,7 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
     |> validate()
   end
 
-  defp listen_object(draft) do
+  defp listen_object(%__MODULE__{} = draft) do
     object =
       draft.params
       |> Map.take([:album, :artist, :title, :length])
@@ -99,34 +99,34 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
       |> Map.put("cc", draft.cc)
       |> Map.put("actor", draft.user.ap_id)
 
-    %__MODULE__{draft | object: object}
+    %{draft | object: object}
   end
 
-  defp put_params(draft, params) do
+  defp put_params(%__MODULE__{} = draft, params) do
     params = Map.put_new(params, :in_reply_to_status_id, params[:in_reply_to_id])
-    %__MODULE__{draft | params: params}
+    %{draft | params: params}
   end
 
-  defp status(%{params: %{status: status}} = draft) do
-    %__MODULE__{draft | status: String.trim(status)}
+  defp status(%__MODULE__{params: %{status: status}} = draft) do
+    %{draft | status: String.trim(status)}
   end
 
-  defp summary(%{params: params} = draft) do
-    %__MODULE__{draft | summary: Map.get(params, :spoiler_text, "")}
+  defp summary(%__MODULE__{params: params} = draft) do
+    %{draft | summary: Map.get(params, :spoiler_text, "")}
   end
 
-  defp full_payload(%{status: status, summary: summary} = draft) do
+  defp full_payload(%__MODULE__{status: status, summary: summary} = draft) do
     full_payload = String.trim(status <> summary)
 
     case Utils.validate_character_limit(full_payload, draft.attachments) do
-      :ok -> %__MODULE__{draft | full_payload: full_payload}
+      :ok -> %{draft | full_payload: full_payload}
       {:error, message} -> add_error(draft, message)
     end
   end
 
-  defp attachments(%{params: params} = draft) do
+  defp attachments(%__MODULE__{params: params} = draft) do
     attachments = Utils.attachments_from_ids(params, draft.user)
-    draft = %__MODULE__{draft | attachments: attachments}
+    draft = %{draft | attachments: attachments}
 
     case Utils.validate_attachments_count(attachments) do
       :ok -> draft
@@ -134,9 +134,10 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
     end
   end
 
-  defp in_reply_to(%{params: %{in_reply_to_status_id: ""}} = draft), do: draft
+  defp in_reply_to(%__MODULE__{params: %{in_reply_to_status_id: ""}} = draft), do: draft
 
-  defp in_reply_to(%{params: %{in_reply_to_status_id: id}} = draft) when is_binary(id) do
+  defp in_reply_to(%__MODULE__{params: %{in_reply_to_status_id: id}} = draft)
+       when is_binary(id) do
     # If a post was deleted all its activities (except the newly added Delete) are purged too,
     # thus lookup by Create db ID will yield nil just as if it never existed in the first place.
     #
@@ -148,7 +149,7 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
     with %Activity{} = activity <- Activity.get_by_id(id),
          true <- Visibility.visible_for_user?(activity, draft.user),
          {_, type} when type in ["Create", "Announce"] <- {:type, activity.data["type"]} do
-      %__MODULE__{draft | in_reply_to: activity}
+      %{draft | in_reply_to: activity}
     else
       nil ->
         add_error(draft, dgettext("errors", "Cannot reply to a deleted status"))
@@ -166,40 +167,43 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
     end
   end
 
-  defp in_reply_to(%{params: %{in_reply_to_status_id: %Activity{} = in_reply_to}} = draft) do
-    %__MODULE__{draft | in_reply_to: in_reply_to}
+  defp in_reply_to(
+         %__MODULE__{params: %{in_reply_to_status_id: %Activity{} = in_reply_to}} = draft
+       ) do
+    %{draft | in_reply_to: in_reply_to}
   end
 
   defp in_reply_to(draft), do: draft
 
-  defp quote_post(%{params: %{quoted_status_id: id}} = draft) when not_empty_string(id) do
+  defp quote_post(%__MODULE__{params: %{quoted_status_id: id}} = draft)
+       when not_empty_string(id) do
     case Activity.get_by_id_with_object(id) do
       %Activity{} = activity ->
-        %__MODULE__{draft | quote_post: activity}
+        %{draft | quote_post: activity}
 
       _ ->
         draft
     end
   end
 
-  defp quote_post(%{params: %{quote_id: id}} = draft) when not_empty_string(id) do
+  defp quote_post(%__MODULE__{params: %{quote_id: id}} = draft) when not_empty_string(id) do
     quote_post(%{draft | params: Map.put(draft.params, :quoted_status_id, id)})
   end
 
   defp quote_post(draft), do: draft
 
-  defp in_reply_to_conversation(draft) do
+  defp in_reply_to_conversation(%__MODULE__{} = draft) do
     in_reply_to_conversation = Participation.get(draft.params[:in_reply_to_conversation_id])
-    %__MODULE__{draft | in_reply_to_conversation: in_reply_to_conversation}
+    %{draft | in_reply_to_conversation: in_reply_to_conversation}
   end
 
-  defp visibility(%{params: params} = draft) do
+  defp visibility(%__MODULE__{params: params} = draft) do
     case CommonAPI.get_visibility(params, draft.in_reply_to, draft.in_reply_to_conversation) do
       {visibility, "direct"} when visibility != "direct" ->
         add_error(draft, dgettext("errors", "The message visibility must be direct"))
 
       {visibility, _} ->
-        %__MODULE__{draft | visibility: visibility}
+        %{draft | visibility: visibility}
     end
   end
 
@@ -215,7 +219,7 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
     false
   end
 
-  defp quoting_visibility(%{quote_post: %Activity{}} = draft) do
+  defp quoting_visibility(%__MODULE__{quote_post: %Activity{}} = draft) do
     with %Object{} = object <- Object.normalize(draft.quote_post, fetch: false),
          true <- can_quote?(draft, object, Visibility.get_visibility(object)) do
       draft
@@ -226,24 +230,24 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
 
   defp quoting_visibility(draft), do: draft
 
-  defp expires_at(draft) do
+  defp expires_at(%__MODULE__{} = draft) do
     case CommonAPI.check_expiry_date(draft.params[:expires_in]) do
-      {:ok, expires_at} -> %__MODULE__{draft | expires_at: expires_at}
+      {:ok, expires_at} -> %{draft | expires_at: expires_at}
       {:error, message} -> add_error(draft, message)
     end
   end
 
-  defp poll(draft) do
+  defp poll(%__MODULE__{} = draft) do
     case Utils.make_poll_data(draft.params) do
       {:ok, {poll, poll_emoji}} ->
-        %__MODULE__{draft | extra: poll, emoji: Map.merge(draft.emoji, poll_emoji)}
+        %{draft | extra: poll, emoji: Map.merge(draft.emoji, poll_emoji)}
 
       {:error, message} ->
         add_error(draft, message)
     end
   end
 
-  defp content(%{mentions: mentions} = draft) do
+  defp content(%__MODULE__{mentions: mentions} = draft) do
     {content_html, mentioned_users, tags} = Utils.make_content_html(draft)
 
     mentioned_ap_ids =
@@ -254,25 +258,25 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
       |> Kernel.++(mentioned_ap_ids)
       |> Utils.get_addressed_users(draft.params[:to])
 
-    %__MODULE__{draft | content_html: content_html, mentions: mentions, tags: tags}
+    %{draft | content_html: content_html, mentions: mentions, tags: tags}
   end
 
-  defp to_and_cc(draft) do
+  defp to_and_cc(%__MODULE__{} = draft) do
     {to, cc} = Utils.get_to_and_cc(draft)
-    %__MODULE__{draft | to: to, cc: cc}
+    %{draft | to: to, cc: cc}
   end
 
-  defp context(draft) do
+  defp context(%__MODULE__{} = draft) do
     context = Utils.make_context(draft.in_reply_to, draft.in_reply_to_conversation)
-    %__MODULE__{draft | context: context}
+    %{draft | context: context}
   end
 
-  defp sensitive(draft) do
+  defp sensitive(%__MODULE__{} = draft) do
     sensitive = draft.params[:sensitive]
-    %__MODULE__{draft | sensitive: sensitive}
+    %{draft | sensitive: sensitive}
   end
 
-  defp language(draft) do
+  defp language(%__MODULE__{} = draft) do
     language =
       with language <- draft.params[:language],
            true <- good_locale_code?(language) do
@@ -281,10 +285,10 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
         _ -> LanguageDetector.detect(draft.content_html <> " " <> draft.summary)
       end
 
-    %__MODULE__{draft | language: language}
+    %{draft | language: language}
   end
 
-  defp object(draft) do
+  defp object(%__MODULE__{} = draft) do
     emoji = Map.merge(Pleroma.Emoji.Formatter.get_emoji_map(draft.full_payload), draft.emoji)
 
     # Sometimes people create posts with subject containing emoji,
@@ -313,6 +317,7 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
 
     emoji = Map.merge(emoji, summary_emoji)
 
+    media_type = Utils.get_content_type(draft.params[:content_type])
     {:ok, note_data, _meta} = Builder.note(draft)
 
     object =
@@ -320,20 +325,24 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
       |> Map.put("emoji", emoji)
       |> Map.put("source", %{
         "content" => draft.status,
-        "mediaType" => Utils.get_content_type(draft.params[:content_type])
+        "mediaType" => media_type
       })
+      |> maybe_put("htmlMfm", true, media_type == "text/x.misskeymarkdown")
       |> Map.put("generator", draft.params[:generator])
       |> Map.put("language", draft.language)
 
-    %__MODULE__{draft | object: object}
+    %{draft | object: object}
   end
 
-  defp preview?(draft) do
+  defp maybe_put(map, key, value, true), do: Map.put(map, key, value)
+  defp maybe_put(map, _key, _value, _condition), do: map
+
+  defp preview?(%__MODULE__{} = draft) do
     preview? = Pleroma.Web.Utils.Params.truthy_param?(draft.params[:preview])
-    %__MODULE__{draft | preview?: preview?}
+    %{draft | preview?: preview?}
   end
 
-  defp changes(draft) do
+  defp changes(%__MODULE__{} = draft) do
     direct? = draft.visibility == "direct"
     additional = %{"cc" => draft.cc, "directMessage" => direct?}
 
@@ -353,14 +362,14 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do
       }
       |> Utils.maybe_add_list_data(draft.user, draft.visibility)
 
-    %__MODULE__{draft | changes: changes}
+    %{draft | changes: changes}
   end
 
   defp with_valid(%{valid?: true} = draft, func), do: func.(draft)
   defp with_valid(draft, _func), do: draft
 
-  defp add_error(draft, message) do
-    %__MODULE__{draft | valid?: false, errors: [message | draft.errors]}
+  defp add_error(%__MODULE__{} = draft, message) do
+    %{draft | valid?: false, errors: [message | draft.errors]}
   end
 
   defp validate(%{valid?: true} = draft), do: {:ok, draft}

lib/pleroma/web/common_api/utils.ex

@@ -75,48 +75,70 @@ defmodule Pleroma.Web.CommonAPI.Utils do
     {Enum.map(participation.recipients, & &1.ap_id), []}
   end
 
-  def get_to_and_cc(%{visibility: visibility} = draft) when visibility in ["public", "local"] do
-    to =
-      case visibility do
-        "public" -> [Pleroma.Constants.as_public() | draft.mentions]
-        "local" -> [Utils.as_local_public() | draft.mentions]
+  def get_to_and_cc(%{visibility: visibility} = draft) do
+    # If the OP is a DM already, add the implicit actor
+    mentions =
+      if visibility == "direct" && draft.in_reply_to && Visibility.direct?(draft.in_reply_to) do
+        Enum.uniq([draft.in_reply_to.data["actor"] | draft.mentions])
+      else
+        draft.mentions
       end
 
-    cc = [draft.user.follower_address]
-
-    if draft.in_reply_to do
-      {Enum.uniq([draft.in_reply_to.data["actor"] | to]), cc}
-    else
-      {to, cc}
-    end
+    get_to_and_cc_for_visibility(
+      visibility,
+      draft.user.follower_address,
+      draft.in_reply_to && draft.in_reply_to.data["actor"],
+      mentions
+    )
   end
 
-  def get_to_and_cc(%{visibility: "unlisted"} = draft) do
-    to = [draft.user.follower_address | draft.mentions]
-    cc = [Pleroma.Constants.as_public()]
+  def get_to_and_cc_for_visibility("public", follower_collection, parent_actor, mentions) do
+    scope_addr = Pleroma.Constants.as_public()
 
-    if draft.in_reply_to do
-      {Enum.uniq([draft.in_reply_to.data["actor"] | to]), cc}
-    else
-      {to, cc}
-    end
+    to =
+      if parent_actor,
+        do: Enum.uniq([parent_actor, scope_addr | mentions]),
+        else: [scope_addr | mentions]
+
+    {to, [follower_collection]}
   end
 
-  def get_to_and_cc(%{visibility: "private"} = draft) do
-    {to, cc} = get_to_and_cc(struct(draft, visibility: "direct"))
-    {[draft.user.follower_address | to], cc}
+  def get_to_and_cc_for_visibility("local", follower_collection, parent_actor, mentions) do
+    recipients =
+      if parent_actor,
+        do: Enum.uniq([parent_actor | mentions]),
+        else: mentions
+
+    to = [
+      Utils.as_local_public()
+      | Enum.filter(recipients, fn addr ->
+          String.starts_with?(addr, Pleroma.Web.Endpoint.url() <> "/")
+        end)
+    ]
+
+    {to, [follower_collection]}
   end
 
-  def get_to_and_cc(%{visibility: "direct"} = draft) do
-    # If the OP is a DM already, add the implicit actor.
-    if draft.in_reply_to && Visibility.direct?(draft.in_reply_to) do
-      {Enum.uniq([draft.in_reply_to.data["actor"] | draft.mentions]), []}
-    else
-      {draft.mentions, []}
-    end
+  def get_to_and_cc_for_visibility("unlisted", follower_collection, parent_actor, mentions) do
+    to =
+      if parent_actor,
+        do: Enum.uniq([parent_actor, follower_collection | mentions]),
+        else: [follower_collection | mentions]
+
+    {to, [Pleroma.Constants.as_public()]}
   end
 
-  def get_to_and_cc(%{visibility: {:list, _}, mentions: mentions}), do: {mentions, []}
+  def get_to_and_cc_for_visibility("private", follower_collection, _, mentions) do
+    {[follower_collection | mentions], []}
+  end
+
+  def get_to_and_cc_for_visibility("direct", _, _, mentions) do
+    {mentions, []}
+  end
+
+  def get_to_and_cc_for_visibility({:list, _}, _, _, mentions) do
+    {mentions, []}
+  end
 
   def get_addressed_users(_, to) when is_list(to) do
     User.get_ap_ids_by_nicknames(to)
@@ -300,6 +322,14 @@ defmodule Pleroma.Web.CommonAPI.Utils do
     |> Formatter.linkify(options)
   end
 
+  def format_input(text, "text/x.misskeymarkdown", options) do
+    text
+    |> Formatter.markdown_to_html(%{breaks: true})
+    |> safe_mfm_to_html()
+    |> Formatter.linkify(options)
+    |> Formatter.html_escape("text/x.misskeymarkdown")
+  end
+
   def format_input(text, "text/markdown", options) do
     text
     |> Formatter.mentions_escape(options)
@@ -308,6 +338,16 @@ defmodule Pleroma.Web.CommonAPI.Utils do
     |> Formatter.html_escape("text/html")
   end
 
+  defp safe_mfm_to_html(html) do
+    html
+    |> MfmParser.Parser.parse()
+    |> MfmParser.Encoder.to_html()
+  rescue
+    _ -> html
+  catch
+    _, _ -> html
+  end
+
   def format_naive_asctime(date) do
     date |> DateTime.from_naive!("Etc/UTC") |> format_asctime
   end

lib/pleroma/web/embed_controller.ex

@@ -20,6 +20,7 @@ defmodule Pleroma.Web.EmbedController do
       conn
       |> delete_resp_header("x-frame-options")
       |> delete_resp_header("content-security-policy")
+      |> put_layout({Pleroma.Web.LayoutView, :embed})
       |> render("show.html",
         activity: activity,
         author: User.sanitize_html(author),

lib/pleroma/web/endpoint.ex

@@ -46,8 +46,10 @@ defmodule Pleroma.Web.Endpoint do
   plug(Pleroma.Web.Plugs.HTTPSecurityPlug)
   plug(Pleroma.Web.Plugs.UploadedMedia)
 
-  @static_cache_control "public, max-age=1209600"
+  @static_cache_control "public, max-age=1209600, immutable"
   @static_cache_disabled "public, no-cache"
+  # cache for a day
+  @favicon_cache_control "public, max=age=86400, immutable"
 
   # InstanceStatic needs to be before Plug.Static to be able to override shipped-static files
   # If you're adding new paths to `only:` you'll need to configure them in InstanceStatic as well
@@ -64,6 +66,15 @@ defmodule Pleroma.Web.Endpoint do
     }
   )
 
+  plug(Pleroma.Web.Plugs.FaviconPlug,
+    at: "/",
+    only: ["favicon.png"],
+    cache_control_for_etags: @favicon_cache_control,
+    headers: %{
+      "cache-control" => @favicon_cache_control
+    }
+  )
+
   plug(Pleroma.Web.Plugs.InstanceStatic,
     at: "/",
     gzip: true,

lib/pleroma/web/fallback/redirect_controller.ex

@@ -29,9 +29,18 @@ defmodule Pleroma.Web.Fallback.RedirectController do
     )
   end
 
-  def live_dashboard(conn, _params) do
+  def live_dashboard(conn, %{"path" => path}) do
+    query_params = conn.query_string
+
+    redirect_path =
+      if query_params == "" do
+        "/pleroma/live_dashboard/#{path}"
+      else
+        "/pleroma/live_dashboard/#{path}?#{query_params}"
+      end
+
     conn
-    |> redirect(to: "/pleroma/live_dashboard")
+    |> redirect(to: redirect_path)
   end
 
   def redirector(conn, _params, code \\ 200) do

lib/pleroma/web/federator.ex

@@ -11,6 +11,7 @@ defmodule Pleroma.Web.Federator do
   alias Pleroma.Web.ActivityPub.Utils
   alias Pleroma.Workers.PublisherWorker
   alias Pleroma.Workers.ReceiverWorker
+  alias Pleroma.Workers.SignatureRetryWorker
 
   require Logger
 
@@ -35,12 +36,21 @@ defmodule Pleroma.Web.Federator do
   end
 
   # Client API
-  def incoming_ap_doc(%{params: params, req_headers: req_headers}) do
-    ReceiverWorker.new(
+  def incoming_failed_signature_ap_doc(%{
+        method: method,
+        params: params,
+        req_headers: req_headers,
+        request_path: request_path,
+        query_string: query_string
+      }) do
+    SignatureRetryWorker.new(
       %{
-        "op" => "incoming_ap_doc",
+        "op" => "incoming_failed_signature_ap_doc",
+        "method" => method,
         "req_headers" => req_headers,
         "params" => params,
+        "request_path" => request_path,
+        "query_string" => query_string,
         "timeout" => :timer.seconds(20)
       },
       priority: 2