Improve remote profile disclaimer (#4342 )

* Improve remote profile disclaimer * yarn run manage:translations
Use the "m" version of the logo for favicons (#4345 )
2017-07-24 20:05:29 +02:00 · 2017-07-24 19:54:59 +02:00 · 2017-07-24 19:54:39 +02:00 · 2017-07-24 17:56:50 +02:00 · 2017-07-24 17:15:35 +02:00 · 2017-07-24 17:15:15 +02:00
912 changed files with 25610 additions and 11289 deletions
--- a/.babelrc
+++ b/.babelrc
@@ -14,14 +14,16 @@
  ],
  "plugins": [
    "syntax-dynamic-import",
-    "transform-object-rest-spread",
+    ["transform-object-rest-spread", { "useBuiltIns": true }],
    "transform-decorators-legacy",
    "transform-class-properties",
    [
      "react-intl",
      {
        "messagesDir": "./build/messages"
      }
-    ]
+    ],
    "preval"
  ],
  "env": {
    "development": {
@@ -43,6 +45,7 @@
            ]
          }
        ],
        "transform-react-inline-elements",
        [
          "transform-runtime",
          {
--- a/.dockerignore
+++ b/.dockerignore
@@ -2,6 +2,7 @@
 .env.*
 public/system
 public/assets
 public/packs
 node_modules
 storybook
 neo4j
--- a/.env.nanobox
+++ b/.env.nanobox
@@ -11,6 +11,8 @@ DB_NAME=gonano
 DB_PASS=$DATA_DB_PASS
 DB_PORT=5432
 DATABASE_URL=postgresql://$DATA_DB_USER:$DATA_DB_PASS@$DATA_DB_HOST/gonano
 # Federation
 # Note: Changing LOCAL_DOMAIN or LOCAL_HTTPS at a later time will cause unwanted side effects.
 # LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com.
@@ -67,7 +69,7 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
 # PAPERCLIP_ROOT_URL=/system
 # Optional asset host for multi-server setups
-# CDN_HOST=assets.example.com
+# CDN_HOST=https://assets.example.com
 # S3 (optional)
 # S3_ENABLED=true
--- a/.env.production.sample
+++ b/.env.production.sample
@@ -31,6 +31,17 @@ PAPERCLIP_SECRET=
 SECRET_KEY_BASE=
 OTP_SECRET=
 # VAPID keys (used for push notifications
 # You can generate the keys using the following command (first is the private key, second is the public one)
 # You should only generate this once per instance. If you later decide to change it, all push subscription will
 # be invalidated, requiring the users to access the website again to resubscribe.
 #
 # Generate with `rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
 #
 # For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
 VAPID_PRIVATE_KEY=
 VAPID_PUBLIC_KEY=
 # Registrations
 # Single user mode will disable registrations and redirect frontpage to the first profile
 # SINGLE_USER_MODE=true
@@ -65,7 +76,7 @@ SMTP_FROM_ADDRESS=notifications@example.com
 # PAPERCLIP_ROOT_URL=/system
 # Optional asset host for multi-server setups
-# CDN_HOST=assets.example.com
+# CDN_HOST=https://assets.example.com
 # S3 (optional)
 # S3_ENABLED=true
--- a/.eslintrc.yml
+++ b/.eslintrc.yml
@@ -1,7 +1,9 @@
 ---
 root: true
 env:
  browser: true
-  node: false
+  node: true
  es6: true
 parser: babel-eslint
@@ -21,22 +23,10 @@ parserOptions:
 rules:
  no-cond-assign: error
  no-console: warn
  no-irregular-whitespace: error
  no-unreachable: error
  valid-typeof: error
  consistent-return: error
  dot-notation: error
  eqeqeq: error
  no-fallthrough: error
  no-unused-expressions: error
  strict: off
  no-catch-shadow: error
  indent:
  - warn
  - 2
  brace-style: warn
  comma-dangle:
  - error
  - always-multiline
  comma-spacing:
  - warn
  - before: false
@@ -44,22 +34,70 @@ rules:
  comma-style:
  - warn
  - last
  consistent-return: error
  dot-notation: error
  eqeqeq: error
  indent:
  - warn
  - 2
  jsx-quotes:
  - error
  - prefer-single
  no-catch-shadow: error
  no-cond-assign: error
  no-console:
  - warn
  - allow:
    - error
  no-fallthrough: error
  no-irregular-whitespace: error
  no-mixed-spaces-and-tabs: warn
  no-nested-ternary: warn
  no-trailing-spaces: warn
-  semi: error
+  no-undef: error
  no-unreachable: error
  no-unused-expressions: error
  no-unused-vars:
  - error
  - vars: all
    args: after-used
    ignoreRestSiblings: true
  object-curly-spacing:
  - error
  - always
  padded-blocks:
  - error
  - classes: always
-  comma-dangle:
+  quotes:
  - error
-  - always-multiline
+  - single
  semi: error
  strict: off
  valid-typeof: error
-  react/jsx-wrap-multilines: error
+  react/jsx-boolean-value: error
  react/jsx-closing-bracket-location:
  - error
  - line-aligned
  react/jsx-curly-spacing: error
  react/jsx-equals-spacing: error
  react/jsx-first-prop-new-line:
  - error
  - multiline-multiprop
  react/jsx-indent:
  - error
  - 2
  react/jsx-no-bind: error
-  react/self-closing-comp: error
+  react/jsx-no-duplicate-props: error
-  react/prop-types: error
+  react/jsx-no-undef: error
  react/jsx-tag-spacing: error
  react/jsx-uses-react: error
  react/jsx-uses-vars: error
  react/jsx-wrap-multilines: error
  react/no-multi-comp: off
  react/no-string-refs: error
  react/prop-types: error
  react/self-closing-comp: error
  jsx-a11y/accessible-emoji: warn
  jsx-a11y/anchor-has-content: warn
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,14 @@
 *                             text=auto eol=lf
 *.eot                         -text
 *.gif                         -text
 *.gz                          -text
 *.ico                         -text
 *.jpg                         -text
 *.mp3                         -text
 *.ogg                         -text
 *.png                         -text
 *.ttf                         -text
 *.webm                        -text
 *.woff                        -text
 *.woff2                       -text
 spec/fixtures/requests/**     -text !eol
--- a/.gitignore
+++ b/.gitignore
@@ -20,6 +20,8 @@ coverage
 public/system
 public/assets
 public/packs
 public/packs-test
 public/sw.js
 .env
 .env.production
 node_modules/
@@ -33,6 +35,7 @@ config/deploy/*
 # Ignore IDE files
 .vscode/
 .idea/
 # Ignore postgres + redis volume optionally created by docker-compose
 postgres
--- a/.postcssrc.yml
+++ b/.postcssrc.yml
@@ -6,3 +6,4 @@ plugins:
      - last 2 versions
      - IE >= 11
      - iOS >= 9
  postcss-object-fit-images: {}
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -1,26 +1,35 @@
-Rails:
+AllCops:
-  Enabled: true
+  TargetRubyVersion: 2.3
  Exclude:
  - 'spec/**/*'
  - 'db/**/*'
  - 'app/views/**/*'
  - 'config/**/*'
  - 'bin/*'
  - 'Rakefile'
  - 'node_modules/**/*'
  - 'Vagrantfile'
  - 'vendor/**/*'
-Style/PerlBackrefs:
+Bundler/OrderedGems:
  AutoCorrect: false
 Style/ClassAndModuleChildren:
  Enabled: false
-Metrics/BlockNesting:
+Layout/AccessModifierIndentation:
-  Max: 2
+  EnforcedStyle: indent
-Metrics/LineLength:
+Layout/EmptyLineAfterMagicComment:
  AllowURI: true
  Enabled: false
-Metrics/MethodLength:
+Layout/SpaceInsideHashLiteralBraces:
-  CountComments: false
+  EnforcedStyle: space
  Max: 10
 Metrics/AbcSize:
  Max: 100
 Metrics/BlockLength:
  Exclude:
    - 'lib/tasks/**/*'
 Metrics/BlockNesting:
  Max: 3
@@ -31,22 +40,36 @@ Metrics/ClassLength:
 Metrics/CyclomaticComplexity:
  Max: 15
 Metrics/LineLength:
  AllowURI: true
  Enabled: false
 Metrics/MethodLength:
  CountComments: false
  Max: 55
 Metrics/ModuleLength:
  CountComments: false
  Max: 200
 Metrics/PerceivedComplexity:
  Max: 10
 Metrics/ParameterLists:
  Max: 4
  CountKeywordArgs: true
-Style/AccessModifierIndentation:
+Metrics/PerceivedComplexity:
-  EnforcedStyle: indent
+  Max: 10
 Rails:
  Enabled: true
 Rails/HasAndBelongsToMany:
  Enabled: false
 Rails/SkipsModelValidations:
  Enabled: false
 Style/ClassAndModuleChildren:
  Enabled: false
 Style/CollectionMethods:
  Enabled: true
@@ -62,36 +85,25 @@ Style/DoubleNegation:
 Style/FrozenStringLiteralComment:
  Enabled: true
-Style/SpaceInsideHashLiteralBraces:
+Style/GuardClause:
  EnforcedStyle: space
 Style/TrailingCommaInLiteral:
  EnforcedStyleForMultiline: 'comma'
 Style/RegexpLiteral:
  Enabled: false
 Style/Lambda:
  Enabled: false
-Style/GuardClause:
+Style/PercentLiteralDelimiters:
  PreferredDelimiters:
    '%i': '()'
    '%w': '()'
 Style/PerlBackrefs:
  AutoCorrect: false
 Style/RegexpLiteral:
  Enabled: false
-Rails/HasAndBelongsToMany:
+Style/SymbolArray:
  Enabled: false
-Bundler/OrderedGems:
+Style/TrailingCommaInLiteral:
-  Enabled: false
+  EnforcedStyleForMultiline: 'comma'
 AllCops:
  TargetRubyVersion: 2.3
  Exclude:
  - 'spec/**/*'
  - 'db/**/*'
  - 'app/views/**/*'
  - 'config/**/*'
  - 'bin/*'
  - 'Rakefile'
  - 'node_modules/**/*'
  - 'Vagrantfile'
  - 'vendor/**/*'
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,8 +4,10 @@ cache:
  yarn: true
  directories:
  - node_modules
  - public/assets
  - public/packs-test
 dist: trusty
-sudo: false
+sudo: required
 notifications:
  email: false
@@ -30,6 +32,7 @@ addons:
    - g++-6
    - libprotobuf-dev
    - protobuf-compiler
    - libicu-dev
 rvm:
  - 2.3.4
@@ -50,6 +53,6 @@ before_script:
  - ln -s /usr/bin/x86_64-linux-gnu-g++-6 "$HOME/g++"
 script:
-  - bundle exec parallel_test spec/ --group-by filesize --type rspec
+  - travis_retry bundle exec parallel_test spec/ --group-by filesize --type rspec
  - npm test
  - bundle exec i18n-tasks unused
--- a/2
+++ b/2
@@ -3,3 +3,5 @@ libprotobuf-dev
 ffmpeg
 libxdamage1
 libxfixes3
 libicu-dev
 libidn11-dev
--- a/7
+++ b/7
@@ -12,9 +12,12 @@ EXPOSE 3000 4000
 WORKDIR /mastodon
 RUN echo "@edge https://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories \
 && echo "@edge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
 && apk -U upgrade \
 && apk add -t build-dependencies \
    build-base \
    icu-dev \
    libidn-dev \
    libxml2-dev \
    libxslt-dev \
    postgresql-dev \
@@ -25,7 +28,9 @@ RUN echo "@edge https://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/reposit
    ffmpeg \
    file \
    git \
    icu-libs \
    imagemagick@edge \
    libidn \
    libpq \
    libxml2 \
    libxslt \
@@ -34,7 +39,7 @@ RUN echo "@edge https://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/reposit
    protobuf \
    su-exec \
    tini \
- && npm install -g npm@3 && npm install -g yarn \
+    yarn@edge \
 && update-ca-certificates \
 && rm -rf /tmp/* /var/cache/apk/*
--- a/22
+++ b/22
@@ -6,7 +6,7 @@ ruby '>= 2.3.0', '< 2.5.0'
 gem 'pkg-config', '~> 1.2'
 gem 'puma', '~> 3.8'
-gem 'rails', '~> 5.0'
+gem 'rails', '~> 5.1.0'
 gem 'uglifier', '~> 3.2'
 gem 'hamlit-rails', '~> 0.2'
@@ -18,26 +18,32 @@ gem 'aws-sdk', '~> 2.9'
 gem 'paperclip', '~> 5.1'
 gem 'paperclip-av-transcoder', '~> 0.6'
 gem 'active_model_serializers', '~> 0.10'
 gem 'addressable', '~> 2.5'
-gem 'bootsnap', '~> 0.3'
+gem 'bootsnap'
 gem 'browser'
 gem 'charlock_holmes', '~> 0.7.3'
 gem 'cld3', '~> 3.1'
 gem 'devise', '~> 4.2'
 gem 'devise-two-factor', '~> 3.0'
 gem 'doorkeeper', '~> 4.2'
 gem 'fast_blank', '~> 1.0'
-gem 'goldfinger', '~> 1.2'
+gem 'goldfinger', '~> 2.0'
 gem 'hiredis', '~> 0.6'
 gem 'redis-namespace', '~> 1.5'
 gem 'htmlentities', '~> 4.3'
 gem 'http', '~> 2.2'
 gem 'http_accept_language', '~> 2.1'
 gem 'httplog', '~> 0.99'
 gem 'idn-ruby', require: 'idn'
 gem 'kaminari', '~> 1.0'
 gem 'link_header', '~> 0.0'
 gem 'mime-types', '~> 3.1'
 gem 'nokogiri', '~> 1.7'
 gem 'oj', '~> 3.0'
 gem 'ostatus2', '~> 2.0'
 gem 'ox', '~> 2.5'
 gem 'pundit', '~> 1.1'
 gem 'rabl', '~> 0.13'
 gem 'rack-attack', '~> 5.0'
 gem 'rack-cors', '~> 0.4', require: 'rack/cors'
@@ -45,19 +51,22 @@ gem 'rack-timeout', '~> 0.4'
 gem 'rails-i18n', '~> 5.0'
 gem 'rails-settings-cached', '~> 0.6'
 gem 'redis', '~> 3.3', require: ['redis', 'redis/connection/hiredis']
 gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
 gem 'rqrcode', '~> 0.10'
 gem 'ruby-oembed', '~> 0.12', require: 'oembed'
 gem 'sanitize', '~> 4.4'
 gem 'sidekiq', '~> 5.0'
 gem 'sidekiq-scheduler', '~> 2.1'
 gem 'sidekiq-unique-jobs', '~> 5.0'
 gem 'sidekiq-bulk', '~>0.1.1'
 gem 'simple-navigation', '~> 4.0'
 gem 'simple_form', '~> 3.4'
 gem 'sprockets-rails', '~> 3.2', require: 'sprockets/railtie'
 gem 'statsd-instrument', '~> 2.1'
 gem 'twitter-text', '~> 1.14'
 gem 'tzinfo-data', '~> 1.2017'
-gem 'webpacker', '~> 1.2'
+gem 'webpacker', '~> 2.0'
 gem 'webpush'
 group :development, :test do
  gem 'fabrication', '~> 2.16'
@@ -69,8 +78,9 @@ end
 group :test do
  gem 'capybara', '~> 2.14'
  gem 'climate_control', '~> 0.2'
  gem 'faker', '~> 1.7'
-  gem 'microformats2', '~> 3.0'
+  gem 'microformats', '~> 4.0'
  gem 'rails-controller-testing', '~> 1.0'
  gem 'rspec-sidekiq', '~> 3.0'
  gem 'simplecov', '~> 0.14', require: false
@@ -86,7 +96,7 @@ group :development do
  gem 'bullet', '~> 5.5'
  gem 'letter_opener', '~> 1.4'
  gem 'letter_opener_web', '~> 1.3'
-  gem 'rubocop', '~> 0.48', require: false
+  gem 'rubocop', require: false
  gem 'brakeman', '~> 3.6', require: false
  gem 'bundler-audit', '~> 0.5', require: false
  gem 'scss_lint', '~> 0.53', require: false
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,64 +1,69 @@
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (5.0.3)
+    actioncable (5.1.2)
-      actionpack (= 5.0.3)
+      actionpack (= 5.1.2)
-      nio4r (>= 1.2, < 3.0)
+      nio4r (~> 2.0)
      websocket-driver (~> 0.6.1)
-    actionmailer (5.0.3)
+    actionmailer (5.1.2)
-      actionpack (= 5.0.3)
+      actionpack (= 5.1.2)
-      actionview (= 5.0.3)
+      actionview (= 5.1.2)
-      activejob (= 5.0.3)
+      activejob (= 5.1.2)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 2.0)
-    actionpack (5.0.3)
+    actionpack (5.1.2)
-      actionview (= 5.0.3)
+      actionview (= 5.1.2)
-      activesupport (= 5.0.3)
+      activesupport (= 5.1.2)
      rack (~> 2.0)
      rack-test (~> 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.0.3)
+    actionview (5.1.2)
-      activesupport (= 5.0.3)
+      activesupport (= 5.1.2)
      builder (~> 3.1)
-      erubis (~> 2.7.0)
+      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.3)
    active_model_serializers (0.10.6)
      actionpack (>= 4.1, < 6)
      activemodel (>= 4.1, < 6)
      case_transform (>= 0.2)
      jsonapi-renderer (>= 0.1.1.beta1, < 0.2)
    active_record_query_trace (1.5.4)
-    activejob (5.0.3)
+    activejob (5.1.2)
-      activesupport (= 5.0.3)
+      activesupport (= 5.1.2)
      globalid (>= 0.3.6)
-    activemodel (5.0.3)
+    activemodel (5.1.2)
-      activesupport (= 5.0.3)
+      activesupport (= 5.1.2)
-    activerecord (5.0.3)
+    activerecord (5.1.2)
-      activemodel (= 5.0.3)
+      activemodel (= 5.1.2)
-      activesupport (= 5.0.3)
+      activesupport (= 5.1.2)
-      arel (~> 7.0)
+      arel (~> 8.0)
-    activesupport (5.0.3)
+    activesupport (5.1.2)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (~> 0.7)
      minitest (~> 5.1)
      tzinfo (~> 1.1)
    addressable (2.5.1)
      public_suffix (~> 2.0, >= 2.0.2)
-    airbrussh (1.2.0)
+    airbrussh (1.3.0)
      sshkit (>= 1.6.1, != 1.7.0)
-    annotate (2.7.1)
+    annotate (2.7.2)
      activerecord (>= 3.2, < 6.0)
-      rake (>= 10.4, < 12.0)
+      rake (>= 10.4, < 13.0)
-    arel (7.1.4)
+    arel (8.0.0)
    ast (2.3.0)
    attr_encrypted (3.0.3)
      encryptor (~> 3.0.0)
    av (0.9.0)
      cocaine (~> 0.5.3)
-    aws-sdk (2.9.21)
+    aws-sdk (2.10.6)
-      aws-sdk-resources (= 2.9.21)
+      aws-sdk-resources (= 2.10.6)
-    aws-sdk-core (2.9.21)
+    aws-sdk-core (2.10.6)
      aws-sigv4 (~> 1.0)
      jmespath (~> 1.0)
-    aws-sdk-resources (2.9.21)
+    aws-sdk-resources (2.10.6)
-      aws-sdk-core (= 2.9.21)
+      aws-sdk-core (= 2.10.6)
    aws-sigv4 (1.0.0)
    bcrypt (3.1.11)
    better_errors (2.1.1)
@@ -67,9 +72,10 @@ GEM
      rack (>= 0.9.0)
    binding_of_caller (0.7.2)
      debug_inspector (>= 0.0.1)
-    bootsnap (0.3.0)
+    bootsnap (1.1.1)
      msgpack (~> 1.0)
-    brakeman (3.6.1)
+    brakeman (3.6.2)
    browser (2.4.0)
    builder (3.2.3)
    bullet (5.5.1)
      activesupport (>= 3.0.0)
@@ -77,7 +83,7 @@ GEM
    bundler-audit (0.5.0)
      bundler (~> 1.2)
      thor (~> 0.18)
-    capistrano (3.8.1)
+    capistrano (3.8.2)
      airbrussh (>= 1.0.0)
      i18n
      rake (>= 10.0.0)
@@ -85,7 +91,7 @@ GEM
    capistrano-bundler (1.2.0)
      capistrano (~> 3.1)
      sshkit (~> 1.2)
-    capistrano-rails (1.2.3)
+    capistrano-rails (1.3.0)
      capistrano (~> 3.1)
      capistrano-bundler (~> 1.1)
    capistrano-rbenv (2.1.1)
@@ -93,15 +99,18 @@ GEM
      sshkit (~> 1.3)
    capistrano-yarn (2.0.2)
      capistrano (~> 3.0)
-    capybara (2.14.0)
+    capybara (2.14.4)
      addressable
      mime-types (>= 1.16)
      nokogiri (>= 1.3.3)
      rack (>= 1.0.0)
      rack-test (>= 0.5.4)
      xpath (~> 2.0)
    case_transform (0.2)
      activesupport
    charlock_holmes (0.7.3)
    chunky_png (1.3.8)
-    cld3 (3.1.2)
+    cld3 (3.1.3)
      ffi (>= 1.1.0, < 1.10.0)
    climate_control (0.2.0)
    cocaine (0.5.8)
@@ -130,7 +139,7 @@ GEM
    docile (1.1.5)
    domain_name (0.5.20170404)
      unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (4.2.5)
+    doorkeeper (4.2.6)
      railties (>= 4.2)
    dotenv (2.2.1)
    dotenv-rails (2.2.1)
@@ -141,8 +150,9 @@ GEM
      thread
      thread_safe
    encryptor (3.0.0)
    erubi (1.6.1)
    erubis (2.7.0)
-    et-orbi (1.0.4)
+    et-orbi (1.0.5)
      tzinfo
    execjs (2.7.0)
    fabrication (2.16.1)
@@ -155,11 +165,12 @@ GEM
      ruby-progressbar (~> 1.4)
    globalid (0.4.0)
      activesupport (>= 4.2.0)
-    goldfinger (1.2.0)
+    goldfinger (2.0.0)
-      addressable (~> 2.4)
+      addressable (~> 2.5)
-      http (~> 2.0)
+      http (~> 2.2)
-      nokogiri (~> 1.6)
+      nokogiri (~> 1.8)
-    hamlit (2.8.1)
+      oj (~> 3.0)
    hamlit (2.8.4)
      temple (>= 0.8.0)
      thor
      tilt
@@ -171,6 +182,7 @@ GEM
    hashdiff (0.3.4)
    highline (1.7.8)
    hiredis (0.6.1)
    hkdf (0.3.0)
    htmlentities (4.3.4)
    http (2.2.2)
      addressable (~> 2.3)
@@ -180,12 +192,12 @@ GEM
    http-cookie (1.0.3)
      domain_name (~> 0.5)
    http-form_data (1.0.3)
-    http_accept_language (2.1.0)
+    http_accept_language (2.1.1)
    http_parser.rb (0.6.0)
-    httplog (0.99.3)
+    httplog (0.99.4)
      colorize
      rack
-    i18n (0.8.1)
+    i18n (0.8.4)
    i18n-tasks (0.9.15)
      activesupport (>= 4.0.2)
      ast (>= 2.1.0)
@@ -196,8 +208,11 @@ GEM
      parser (>= 2.2.3.0)
      rainbow (~> 2.2)
      terminal-table (>= 1.5.1)
    idn-ruby (0.1.0)
    jmespath (1.3.1)
    json (2.1.0)
    jsonapi-renderer (0.1.2)
    jwt (1.5.6)
    kaminari (1.0.1)
      activesupport (>= 4.1.0)
      kaminari-actionview (= 1.0.1)
@@ -225,32 +240,34 @@ GEM
      railties (>= 4, < 5.2)
    loofah (2.0.3)
      nokogiri (>= 1.5.9)
-    mail (2.6.5)
+    mail (2.6.6)
      mime-types (>= 1.16, < 4)
    mario-redis-lock (1.2.0)
      redis (~> 3, >= 3.0.5)
    method_source (0.8.2)
-    microformats2 (3.1.0)
+    microformats (4.0.7)
      json
      nokogiri
    mime-types (3.1)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2016.0521)
    mimemagic (0.3.2)
-    mini_portile2 (2.1.0)
+    mini_portile2 (2.2.0)
    minitest (5.10.2)
    msgpack (1.1.0)
    multi_json (1.12.1)
    net-scp (1.2.1)
      net-ssh (>= 2.6.5)
    net-ssh (4.1.0)
-    nio4r (2.0.0)
+    nio4r (2.1.0)
-    nokogiri (1.7.2)
+    nokogiri (1.8.0)
-      mini_portile2 (~> 2.1.0)
+      mini_portile2 (~> 2.2.0)
-    nokogumbo (1.4.11)
+    nokogumbo (1.4.13)
      nokogiri
-    oj (3.0.9)
+    oj (3.2.0)
-    openssl (2.0.3)
+    openssl (2.0.4)
    orm_adapter (0.5.0)
-    ostatus2 (2.0.0)
+    ostatus2 (2.0.1)
      addressable (~> 2.4)
      http (~> 2.0)
      nokogiri (~> 1.6)
@@ -270,10 +287,10 @@ GEM
      parallel
    parser (2.4.0.0)
      ast (~> 2.2)
-    pg (0.20.0)
+    pg (0.21.0)
    pghero (1.7.0)
      activerecord
-    pkg-config (1.2.0)
+    pkg-config (1.2.3)
    powerpack (0.1.1)
    pry (0.10.4)
      coderay (~> 1.1.0)
@@ -282,7 +299,9 @@ GEM
    pry-rails (0.3.6)
      pry (>= 0.10.4)
    public_suffix (2.0.5)
-    puma (3.8.2)
+    puma (3.9.1)
    pundit (1.1.0)
      activesupport (>= 3.0.0)
    rabl (0.13.1)
      activesupport (>= 2.3.14)
    rack (2.0.3)
@@ -294,17 +313,17 @@ GEM
    rack-test (0.6.3)
      rack (>= 1.0)
    rack-timeout (0.4.2)
-    rails (5.0.3)
+    rails (5.1.2)
-      actioncable (= 5.0.3)
+      actioncable (= 5.1.2)
-      actionmailer (= 5.0.3)
+      actionmailer (= 5.1.2)
-      actionpack (= 5.0.3)
+      actionpack (= 5.1.2)
-      actionview (= 5.0.3)
+      actionview (= 5.1.2)
-      activejob (= 5.0.3)
+      activejob (= 5.1.2)
-      activemodel (= 5.0.3)
+      activemodel (= 5.1.2)
-      activerecord (= 5.0.3)
+      activerecord (= 5.1.2)
-      activesupport (= 5.0.3)
+      activesupport (= 5.1.2)
      bundler (>= 1.3.0, < 2.0)
-      railties (= 5.0.3)
+      railties (= 5.1.2)
      sprockets-rails (>= 2.0.0)
    rails-controller-testing (1.0.2)
      actionpack (~> 5.x, >= 5.0.1)
@@ -320,15 +339,15 @@ GEM
      railties (~> 5.0)
    rails-settings-cached (0.6.5)
      rails (>= 4.2.0)
-    railties (5.0.3)
+    railties (5.1.2)
-      actionpack (= 5.0.3)
+      actionpack (= 5.1.2)
-      activesupport (= 5.0.3)
+      activesupport (= 5.1.2)
      method_source
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
    rainbow (2.2.2)
      rake
-    rake (11.3.0)
+    rake (12.0.0)
    redis (3.3.3)
    redis-actionpack (5.0.1)
      actionpack (>= 4.0, < 6)
@@ -370,11 +389,12 @@ GEM
      rspec-expectations (~> 3.6.0)
      rspec-mocks (~> 3.6.0)
      rspec-support (~> 3.6.0)
-    rspec-sidekiq (3.0.1)
+    rspec-sidekiq (3.0.3)
      rspec-core (~> 3.0, >= 3.0.0)
      sidekiq (>= 2.4.0)
    rspec-support (3.6.0)
-    rubocop (0.48.1)
+    rubocop (0.49.1)
      parallel (~> 1.10)
      parser (>= 2.3.3.1, < 3.0)
      powerpack (~> 0.1)
      rainbow (>= 1.99.1, < 3.0)
@@ -382,23 +402,26 @@ GEM
      unicode-display_width (~> 1.0, >= 1.0.1)
    ruby-oembed (0.12.0)
    ruby-progressbar (1.8.1)
-    rufus-scheduler (3.4.0)
+    rufus-scheduler (3.4.2)
      et-orbi (~> 1.0)
    safe_yaml (1.0.4)
-    sanitize (4.4.0)
+    sanitize (4.5.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.4.4)
      nokogumbo (~> 1.4.1)
    sass (3.4.24)
-    scss_lint (0.53.0)
+    scss_lint (0.54.0)
      rake (>= 0.9, < 13)
      sass (~> 3.4.20)
-    sidekiq (5.0.0)
+    sidekiq (5.0.3)
      concurrent-ruby (~> 1.0)
      connection_pool (~> 2.2, >= 2.2.0)
      rack-protection (>= 1.5.0)
      redis (~> 3.3, >= 3.3.3)
-    sidekiq-scheduler (2.1.4)
+    sidekiq-bulk (0.1.1)
      activesupport
      sidekiq
    sidekiq-scheduler (2.1.7)
      redis (~> 3)
      rufus-scheduler (~> 3.2)
      sidekiq (>= 3)
@@ -435,7 +458,7 @@ GEM
    thread (0.2.2)
    thread_safe (0.3.6)
    tilt (2.0.7)
-    twitter-text (1.14.5)
+    twitter-text (1.14.6)
      unf (~> 0.1.0)
    tzinfo (1.2.3)
      thread_safe (~> 0.1)
@@ -446,7 +469,7 @@ GEM
    unf (0.1.4)
      unf_ext
    unf_ext (0.0.7.4)
-    unicode-display_width (1.2.1)
+    unicode-display_width (1.3.0)
    uniform_notifier (1.10.0)
    warden (1.2.7)
      rack (>= 1.0)
@@ -454,28 +477,33 @@ GEM
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
      hashdiff
-    webpacker (1.2)
+    webpacker (2.0)
      activesupport (>= 4.2)
      multi_json (~> 1.2)
      railties (>= 4.2)
    webpush (0.3.2)
      hkdf (~> 0.2)
      jwt
    websocket-driver (0.6.5)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.2)
-    xpath (2.0.0)
+    xpath (2.1.0)
      nokogiri (~> 1.3)
 PLATFORMS
  ruby
 DEPENDENCIES
  active_model_serializers (~> 0.10)
  active_record_query_trace (~> 1.5)
  addressable (~> 2.5)
  annotate (~> 2.7)
  aws-sdk (~> 2.9)
  better_errors (~> 2.1)
  binding_of_caller (~> 0.7)
-  bootsnap (~> 0.3)
+  bootsnap
  brakeman (~> 3.6)
  browser
  bullet (~> 5.5)
  bundler-audit (~> 0.5)
  capistrano (~> 3.8)
@@ -483,7 +511,9 @@ DEPENDENCIES
  capistrano-rbenv (~> 2.1)
  capistrano-yarn (~> 2.0)
  capybara (~> 2.14)
  charlock_holmes (~> 0.7.3)
  cld3 (~> 3.1)
  climate_control (~> 0.2)
  devise (~> 4.2)
  devise-two-factor (~> 3.0)
  doorkeeper (~> 4.2)
@@ -492,7 +522,7 @@ DEPENDENCIES
  faker (~> 1.7)
  fast_blank (~> 1.0)
  fuubar (~> 2.2)
-  goldfinger (~> 1.2)
+  goldfinger (~> 2.0)
  hamlit-rails (~> 0.2)
  hiredis (~> 0.6)
  htmlentities (~> 4.3)
@@ -500,12 +530,15 @@ DEPENDENCIES
  http_accept_language (~> 2.1)
  httplog (~> 0.99)
  i18n-tasks (~> 0.9)
  idn-ruby
  kaminari (~> 1.0)
  letter_opener (~> 1.4)
  letter_opener_web (~> 1.3)
  link_header (~> 0.0)
  lograge (~> 0.5)
-  microformats2 (~> 3.0)
+  mario-redis-lock (~> 1.2)
  microformats (~> 4.0)
  mime-types (~> 3.1)
  nokogiri (~> 1.7)
  oj (~> 3.0)
  ostatus2 (~> 2.0)
@@ -518,11 +551,12 @@ DEPENDENCIES
  pkg-config (~> 1.2)
  pry-rails (~> 0.3)
  puma (~> 3.8)
  pundit (~> 1.1)
  rabl (~> 0.13)
  rack-attack (~> 5.0)
  rack-cors (~> 0.4)
  rack-timeout (~> 0.4)
-  rails (~> 5.0)
+  rails (~> 5.1.0)
  rails-controller-testing (~> 1.0)
  rails-i18n (~> 5.0)
  rails-settings-cached (~> 0.6)
@@ -532,11 +566,12 @@ DEPENDENCIES
  rqrcode (~> 0.10)
  rspec-rails (~> 3.6)
  rspec-sidekiq (~> 3.0)
-  rubocop (~> 0.48)
+  rubocop
  ruby-oembed (~> 0.12)
  sanitize (~> 4.4)
  scss_lint (~> 0.53)
  sidekiq (~> 5.0)
  sidekiq-bulk (~> 0.1.1)
  sidekiq-scheduler (~> 2.1)
  sidekiq-unique-jobs (~> 5.0)
  simple-navigation (~> 4.0)
@@ -548,10 +583,11 @@ DEPENDENCIES
  tzinfo-data (~> 1.2017)
  uglifier (~> 3.2)
  webmock (~> 3.0)
-  webpacker (~> 1.2)
+  webpacker (~> 2.0)
  webpush
 RUBY VERSION
   ruby 2.4.1p111
 BUNDLED WITH
-   1.14.6
+   1.15.2
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-Mastodon
+![Mastodon](https://i.imgur.com/NhZc40l.png)
 ========
 [![Build Status](http://img.shields.io/travis/tootsuite/mastodon.svg)][travis]
@@ -13,7 +13,7 @@ An alternative implementation of the GNU social project. Based on [ActivityStrea
 Click on the screenshot to watch a demo of the UI:
-[![Screenshot](http://puu.sh/vMcvm/290f459dd4.jpg)][youtube_demo]
+[![Screenshot](https://i.imgur.com/pG3Nnz3.jpg)][youtube_demo]
 [youtube_demo]: https://www.youtube.com/watch?v=YO1jQ8_rAMU
--- a/7
+++ b/7
@@ -35,6 +35,8 @@ sudo apt-get install \
  postgresql-contrib \
  protobuf-compiler \
  yarn \
  libicu-dev \
  libidn11-dev \
  libprotobuf-dev \
  libreadline-dev \
  -y
@@ -42,9 +44,12 @@ sudo apt-get install \
 # Install rvm
 read RUBY_VERSION < .ruby-version
 gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
-curl -sSL https://get.rvm.io | bash -s stable --ruby=$RUBY_VERSION
+curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer | bash -s stable --ruby=$RUBY_VERSION
 source /home/vagrant/.rvm/scripts/rvm
 # Install Ruby
 rvm install ruby-$RUBY_VERSION
 # Configure database
 sudo -u postgres createuser -U postgres vagrant -s
 sudo -u postgres createdb -U postgres mastodon_development
--- a/app.json
+++ b/app.json
@@ -2,7 +2,7 @@
  "name": "Mastodon",
  "description": "A GNU Social-compatible microblogging server",
  "repository": "https://github.com/tootsuite/mastodon",
-  "logo": "https://github.com/tootsuite/mastodon/raw/master/app/assets/images/logo.png",
+  "logo": "https://github.com/tootsuite/mastodon/raw/master/app/javascript/images/logo.svg",
  "env": {
    "HEROKU": {
      "description": "Leave this as true",
--- a/app/controllers/about_controller.rb
+++ b/app/controllers/about_controller.rb
@@ -2,9 +2,12 @@
 class AboutController < ApplicationController
  before_action :set_body_classes
-  before_action :set_instance_presenter, only: [:show, :more]
+  before_action :set_instance_presenter, only: [:show, :more, :terms]
-  def show; end
+  def show
    serializable_resource = ActiveModelSerializers::SerializableResource.new(InitialStatePresenter.new(initial_state_params), serializer: InitialStateSerializer)
    @initial_state_json   = serializable_resource.to_json
  end
  def more; end
@@ -15,6 +18,7 @@ class AboutController < ApplicationController
  def new_user
    User.new.tap(&:build_account)
  end
  helper_method :new_user
  def set_instance_presenter
@@ -24,4 +28,11 @@ class AboutController < ApplicationController
  def set_body_classes
    @body_classes = 'about-body'
  end
  def initial_state_params
    {
      settings: {},
      token: current_session&.token,
    }
  end
 end
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -2,6 +2,7 @@
 class AccountsController < ApplicationController
  include AccountControllerConcern
  include SignatureVerification
  def show
    respond_to do |format|
@@ -12,10 +13,12 @@ class AccountsController < ApplicationController
      format.atom do
        @entries = @account.stream_entries.where(hidden: false).with_includes.paginate_by_max_id(20, params[:max_id], params[:since_id])
-        render xml: AtomSerializer.render(AtomSerializer.new.feed(@account, @entries.to_a))
+        render xml: OStatus::AtomSerializer.render(OStatus::AtomSerializer.new.feed(@account, @entries.to_a))
      end
-      format.activitystreams2
+      format.json do
        render json: @account, serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter
      end
    end
  end
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@@ -0,0 +1,27 @@
 # frozen_string_literal: true
 class ActivityPub::OutboxesController < Api::BaseController
  before_action :set_account
  def show
    @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(20, params[:max_id], params[:since_id])
    @statuses = cache_collection(@statuses, Status)
    render json: outbox_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter
  end
  private
  def set_account
    @account = Account.find_local!(params[:account_username])
  end
  def outbox_presenter
    ActivityPub::CollectionPresenter.new(
      id: account_outbox_url(@account),
      type: :ordered,
      size: @account.statuses_count,
      items: @statuses
    )
  end
 end
--- a/app/controllers/admin/accounts_controller.rb
+++ b/app/controllers/admin/accounts_controller.rb
@@ -2,16 +2,43 @@
 module Admin
  class AccountsController < BaseController
    before_action :set_account, only: [:show, :subscribe, :unsubscribe, :redownload]
    before_action :require_remote_account!, only: [:subscribe, :unsubscribe, :redownload]
    def index
      @accounts = filtered_accounts.page(params[:page])
    end
-    def show
+    def show; end
-      @account = Account.find(params[:id])
+
    def subscribe
      Pubsubhubbub::SubscribeWorker.perform_async(@account.id)
      redirect_to admin_account_path(@account.id)
    end
    def unsubscribe
      UnsubscribeService.new.call(@account)
      redirect_to admin_account_path(@account.id)
    end
    def redownload
      @account.reset_avatar!
      @account.reset_header!
      @account.save!
      redirect_to admin_account_path(@account.id)
    end
    private
    def set_account
      @account = Account.find(params[:id])
    end
    def require_remote_account!
      redirect_to admin_account_path(@account.id) if @account.local?
    end
    def filtered_accounts
      AccountFilter.new(filter_params).results
    end
--- a/app/controllers/admin/instances_controller.rb
+++ b/app/controllers/admin/instances_controller.rb
@@ -3,13 +3,29 @@
 module Admin
  class InstancesController < BaseController
    def index
-      @instances = ordered_instances.page(params[:page])
+      @instances = ordered_instances
    end
    def resubscribe
      params.require(:by_domain)
      Pubsubhubbub::SubscribeWorker.push_bulk(subscribeable_accounts.pluck(:id))
      redirect_to admin_instances_path
    end
    private
    def paginated_instances
      Account.remote.by_domain_accounts.page(params[:page])
    end
    helper_method :paginated_instances
    def ordered_instances
-      Account.remote.by_domain_accounts
+      paginated_instances.map { |account| Instance.new(account) }
    end
    def subscribeable_accounts
      Account.with_followers.remote.where(domain: params[:by_domain])
    end
  end
 end
--- a/app/controllers/admin/pubsubhubbub_controller.rb
+++ b/app/controllers/admin/pubsubhubbub_controller.rb
@@ -1,9 +0,0 @@
 # frozen_string_literal: true
 module Admin
  class PubsubhubbubController < BaseController
    def index
      @subscriptions = Subscription.order(id: :desc).includes(:account).page(params[:page])
    end
  end
 end
--- a/app/controllers/admin/reported_statuses_controller.rb
+++ b/app/controllers/admin/reported_statuses_controller.rb
@@ -2,8 +2,17 @@
 module Admin
  class ReportedStatusesController < BaseController
    include Authorization
    before_action :set_report
-    before_action :set_status
+    before_action :set_status, only: [:update, :destroy]
    def create
      @form = Form::StatusBatch.new(form_status_batch_params)
      flash[:alert] = t('admin.statuses.failed_to_execute') unless @form.save
      redirect_to admin_report_path(@report)
    end
    def update
      @status.update(status_params)
@@ -11,8 +20,9 @@ module Admin
    end
    def destroy
      authorize @status, :destroy?
      RemovalWorker.perform_async(@status.id)
-      redirect_to admin_report_path(@report)
+      render json: @status
    end
    private
@@ -21,6 +31,10 @@ module Admin
      params.require(:status).permit(:sensitive)
    end
    def form_status_batch_params
      params.require(:form_status_batch).permit(:action, status_ids: [])
    end
    def set_report
      @report = Report.find(params[:report_id])
    end
--- a/app/controllers/admin/reports_controller.rb
+++ b/app/controllers/admin/reports_controller.rb
@@ -8,7 +8,9 @@ module Admin
      @reports = filtered_reports.page(params[:page])
    end
-    def show; end
+    def show
      @form = Form::StatusBatch.new
    end
    def update
      process_report
--- a/app/controllers/admin/settings_controller.rb
+++ b/app/controllers/admin/settings_controller.rb
@@ -8,13 +8,21 @@ module Admin
      site_title
      site_description
      site_extended_description
      site_terms
      open_registrations
      closed_registrations_message
      open_deletion
      timeline_preview
    ).freeze
    BOOLEAN_SETTINGS = %w(
      open_registrations
      open_deletion
      timeline_preview
    ).freeze
    BOOLEAN_SETTINGS = %w(open_registrations).freeze
    def edit
-      @settings = Setting.all_as_records
+      @admin_settings = Form::AdminSettings.new
    end
    def update
@@ -23,19 +31,19 @@ module Admin
        setting.update(value: value_for_update(key, value))
      end
-      flash[:notice] = 'Success!'
+      flash[:notice] = I18n.t('generic.changes_saved_msg')
      redirect_to edit_admin_settings_path
    end
    private
    def settings_params
-      params.permit(ADMIN_SETTINGS)
+      params.require(:form_admin_settings).permit(ADMIN_SETTINGS)
    end
    def value_for_update(key, value)
      if BOOLEAN_SETTINGS.include?(key)
-        value == 'true'
+        value == '1'
      else
        value
      end
--- a/app/controllers/admin/statuses_controller.rb
+++ b/app/controllers/admin/statuses_controller.rb
@@ -0,0 +1,69 @@
 # frozen_string_literal: true
 module Admin
  class StatusesController < BaseController
    include Authorization
    helper_method :current_params
    before_action :set_account
    before_action :set_status, only: [:update, :destroy]
    PAR_PAGE = 20
    def index
      @statuses = @account.statuses
      if params[:media]
        account_media_status_ids = @account.media_attachments.attached.reorder(nil).select(:status_id).distinct
        @statuses.merge!(Status.where(id: account_media_status_ids))
      end
      @statuses = @statuses.preload(:media_attachments, :mentions).page(params[:page]).per(PAR_PAGE)
      @form = Form::StatusBatch.new
    end
    def create
      @form = Form::StatusBatch.new(form_status_batch_params)
      flash[:alert] = t('admin.statuses.failed_to_execute') unless @form.save
      redirect_to admin_account_statuses_path(@account.id, current_params)
    end
    def update
      @status.update(status_params)
      redirect_to admin_account_statuses_path(@account.id, current_params)
    end
    def destroy
      authorize @status, :destroy?
      RemovalWorker.perform_async(@status.id)
      render json: @status
    end
    private
    def status_params
      params.require(:status).permit(:sensitive)
    end
    def form_status_batch_params
      params.require(:form_status_batch).permit(:action, status_ids: [])
    end
    def set_status
      @status = @account.statuses.find(params[:id])
    end
    def set_account
      @account = Account.find(params[:account_id])
    end
    def current_params
      page = (params[:page] || 1).to_i
      {
        media: params[:media],
        page: page > 1 && page,
      }.select { |_, value| value.present? }
    end
  end
 end
--- a/app/controllers/admin/subscriptions_controller.rb
+++ b/app/controllers/admin/subscriptions_controller.rb
@@ -0,0 +1,19 @@
 # frozen_string_literal: true
 module Admin
  class SubscriptionsController < BaseController
    def index
      @subscriptions = ordered_subscriptions.page(requested_page)
    end
    private
    def ordered_subscriptions
      Subscription.order(id: :desc).includes(:account)
    end
    def requested_page
      params[:page].to_i
    end
  end
 end
--- a/app/controllers/api/activitypub/activities_controller.rb
+++ b/app/controllers/api/activitypub/activities_controller.rb
@@ -1,25 +0,0 @@
 # frozen_string_literal: true
 class Api::Activitypub::ActivitiesController < ApiController
  # before_action :set_follow, only: [:show_follow]
  before_action :set_status, only: [:show_status]
  respond_to :activitystreams2
  # Show a status in AS2 format, as either an Announce (reblog) or a Create (post) activity.
  def show_status
    return forbidden unless @status.permitted?
    if @status.reblog?
      render :show_status_announce
    else
      render :show_status_create
    end
  end
  private
  def set_status
    @status = Status.find(params[:id])
  end
 end
--- a/app/controllers/api/activitypub/notes_controller.rb
+++ b/app/controllers/api/activitypub/notes_controller.rb
@@ -1,17 +0,0 @@
 # frozen_string_literal: true
 class Api::Activitypub::NotesController < ApiController
  before_action :set_status
  respond_to :activitystreams2
  def show
    forbidden unless @status.permitted?
  end
  private
  def set_status
    @status = Status.find(params[:id])
  end
 end
--- a/app/controllers/api/activitypub/outbox_controller.rb
+++ b/app/controllers/api/activitypub/outbox_controller.rb
@@ -1,69 +0,0 @@
 # frozen_string_literal: true
 class Api::Activitypub::OutboxController < ApiController
  before_action :set_account
  respond_to :activitystreams2
  def show
    if params[:max_id] || params[:since_id]
      show_outbox_page
    else
      show_base_outbox
    end
  end
  private
  def show_base_outbox
    @statuses = Status.as_outbox_timeline(@account)
    @statuses = cache_collection(@statuses)
    set_maps(@statuses)
    set_first_last_page(@statuses)
    render :show
  end
  def show_outbox_page
    all_statuses = Status.as_outbox_timeline(@account)
    @statuses = all_statuses.paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
    all_statuses = cache_collection(all_statuses)
    @statuses = cache_collection(@statuses)
    set_maps(@statuses)
    set_first_last_page(all_statuses)
    @next_page_url = api_activitypub_outbox_url(pagination_params(max_id: @statuses.last.id))    unless @statuses.empty?
    @prev_page_url = api_activitypub_outbox_url(pagination_params(since_id: @statuses.first.id)) unless @statuses.empty?
    @paginated = @next_page_url || @prev_page_url
    @part_of_url = api_activitypub_outbox_url
    set_pagination_headers(@next_page_url, @prev_page_url)
    render :show_page
  end
  def cache_collection(raw)
    super(raw, Status)
  end
  def set_account
    @account = Account.find(params[:id])
  end
  def set_first_last_page(statuses) # rubocop:disable Style/AccessorMethodName
    return if statuses.empty?
    @first_page_url = api_activitypub_outbox_url(max_id: statuses.first.id + 1)
    @last_page_url = api_activitypub_outbox_url(since_id: statuses.last.id - 1)
  end
  def pagination_params(core_params)
    params.permit(:local, :limit).merge(core_params)
  end
 end
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -1,16 +1,14 @@
 # frozen_string_literal: true
-class ApiController < ApplicationController
+class Api::BaseController < ApplicationController
  DEFAULT_STATUSES_LIMIT = 20
  DEFAULT_ACCOUNTS_LIMIT = 40
-  protect_from_forgery with: :null_session
+  include RateLimitHeaders
  skip_before_action :verify_authenticity_token
  skip_before_action :store_current_location
  before_action :set_rate_limit_headers
  rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
    render json: { error: e.to_s }, status: 422
  end
@@ -19,11 +17,7 @@ class ApiController < ApplicationController
    render json: { error: 'Record not found' }, status: 404
  end
-  rescue_from Goldfinger::Error do
+  rescue_from HTTP::Error, Mastodon::UnexpectedResponseError do
    render json: { error: 'Remote account could not be resolved' }, status: 422
  end
  rescue_from HTTP::Error do
    render json: { error: 'Remote data could not be fetched' }, status: 503
  end
@@ -45,17 +39,6 @@ class ApiController < ApplicationController
  protected
  def set_rate_limit_headers
    return if request.env['rack.attack.throttle_data'].nil?
    now        = Time.now.utc
    match_data = request.env['rack.attack.throttle_data']['api']
    response.headers['X-RateLimit-Limit']     = match_data[:limit].to_s
    response.headers['X-RateLimit-Remaining'] = (match_data[:limit] - match_data[:count]).to_s
    response.headers['X-RateLimit-Reset']     = (now + (match_data[:period] - now.to_i % match_data[:period])).iso8601(6)
  end
  def set_pagination_headers(next_path = nil, prev_path = nil)
    links = []
    links << [next_path, [%w(rel next)]] if next_path
--- a/app/controllers/api/oembed_controller.rb
+++ b/app/controllers/api/oembed_controller.rb
@@ -1,33 +1,24 @@
 # frozen_string_literal: true
-class Api::OEmbedController < ApiController
+class Api::OEmbedController < Api::BaseController
  respond_to :json
  def show
-    @stream_entry = stream_entry_from_url(params[:url])
+    @stream_entry = find_stream_entry.stream_entry
-    @width        = params[:maxwidth].present?  ? params[:maxwidth].to_i  : 400
+    render json: @stream_entry, serializer: OEmbedSerializer, width: maxwidth_or_default, height: maxheight_or_default
    @height       = params[:maxheight].present? ? params[:maxheight].to_i : nil
  end
  private
-  def stream_entry_from_url(url)
+  def find_stream_entry
-    params = Rails.application.routes.recognize_path(url)
+    StreamEntryFinder.new(params[:url])
    raise ActiveRecord::RecordNotFound unless recognized_stream_entry_url?(params)
    stream_entry(params)
  end
-  def recognized_stream_entry_url?(params)
+  def maxwidth_or_default
-    %w(stream_entries statuses).include?(params[:controller]) && params[:action] == 'show'
+    (params[:maxwidth].presence || 400).to_i
  end
-  def stream_entry(params)
+  def maxheight_or_default
-    if params[:controller] == 'stream_entries'
+    params[:maxheight].present? ? params[:maxheight].to_i : nil
      StreamEntry.find(params[:id])
    else
      Status.find(params[:id]).stream_entry
    end
  end
 end
--- a/app/controllers/api/push_controller.rb
+++ b/app/controllers/api/push_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
-class Api::PushController < ApiController
+class Api::PushController < Api::BaseController
  include SignatureVerification
  def update
    response, status = process_push_request
    render plain: response, status: status
@@ -11,7 +13,7 @@ class Api::PushController < ApiController
  def process_push_request
    case hub_mode
    when 'subscribe'
-      Pubsubhubbub::SubscribeService.new.call(account_from_topic, hub_callback, hub_secret, hub_lease_seconds)
+      Pubsubhubbub::SubscribeService.new.call(account_from_topic, hub_callback, hub_secret, hub_lease_seconds, verified_domain)
    when 'unsubscribe'
      Pubsubhubbub::UnsubscribeService.new.call(account_from_topic, hub_callback)
    else
@@ -57,6 +59,10 @@ class Api::PushController < ApiController
    TagManager.instance.web_domain?(hub_topic_domain)
  end
  def verified_domain
    return signed_request_account.domain if signed_request_account
  end
  def hub_topic_domain
    hub_topic_uri.host + (hub_topic_uri.port ? ":#{hub_topic_uri.port}" : '')
  end
--- a/app/controllers/api/salmon_controller.rb
+++ b/app/controllers/api/salmon_controller.rb
@@ -1,14 +1,12 @@
 # frozen_string_literal: true
-class Api::SalmonController < ApiController
+class Api::SalmonController < Api::BaseController
  before_action :set_account
  respond_to :txt
  def update
-    payload = request.body.read
+    if verify_payload?
-
+      process_salmon
    if !payload.nil? && verify?(payload)
      SalmonWorker.perform_async(@account.id, payload.force_encoding('UTF-8'))
      head 201
    else
      head 202
@@ -21,7 +19,15 @@ class Api::SalmonController < ApiController
    @account = Account.find(params[:id])
  end
-  def verify?(payload)
+  def payload
-    VerifySalmonService.new.call(payload)
+    @_payload ||= request.body.read
  end
  def verify_payload?
    payload.present? && VerifySalmonService.new.call(payload)
  end
  def process_salmon
    SalmonWorker.perform_async(@account.id, payload.force_encoding('UTF-8'))
  end
 end
--- a/app/controllers/api/subscriptions_controller.rb
+++ b/app/controllers/api/subscriptions_controller.rb
@@ -1,22 +1,19 @@
 # frozen_string_literal: true
-class Api::SubscriptionsController < ApiController
+class Api::SubscriptionsController < Api::BaseController
  before_action :set_account
  respond_to :txt
  def show
-    if @account.subscription(api_subscription_url(@account.id)).valid?(params['hub.topic'])
+    if subscription.valid?(params['hub.topic'])
-      @account.update(subscription_expires_at: Time.now.utc + (params['hub.lease_seconds'] || 86_400).to_i.seconds)
+      @account.update(subscription_expires_at: future_expires)
-      render plain: HTMLEntities.new.encode(params['hub.challenge']), status: 200
+      render plain: encoded_challenge, status: 200
    else
      head 404
    end
  end
  def update
    body = request.body.read
    subscription = @account.subscription(api_subscription_url(@account.id))
    if subscription.verify(body, request.headers['HTTP_X_HUB_SIGNATURE'])
      ProcessingWorker.perform_async(@account.id, body.force_encoding('UTF-8'))
    end
@@ -26,6 +23,28 @@ class Api::SubscriptionsController < ApiController
  private
  def subscription
    @_subscription ||= @account.subscription(
      api_subscription_url(@account.id)
    )
  end
  def body
    @_body ||= request.body.read
  end
  def encoded_challenge
    HTMLEntities.new.encode(params['hub.challenge'])
  end
  def future_expires
    Time.now.utc + lease_seconds_or_default
  end
  def lease_seconds_or_default
    (params['hub.lease_seconds'] || 1.day).to_i.seconds
  end
  def set_account
    @account = Account.find(params[:id])
  end
--- a/app/controllers/api/v1/accounts/credentials_controller.rb
+++ b/app/controllers/api/v1/accounts/credentials_controller.rb
@@ -0,0 +1,23 @@
 # frozen_string_literal: true
 class Api::V1::Accounts::CredentialsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :write }, only: [:update]
  before_action :require_user!
  def show
    @account = current_account
    render json: @account, serializer: REST::CredentialAccountSerializer
  end
  def update
    current_account.update!(account_params)
    @account = current_account
    render json: @account, serializer: REST::CredentialAccountSerializer
  end
  private
  def account_params
    params.permit(:display_name, :note, :avatar, :header)
  end
 end
--- a/app/controllers/api/v1/accounts/follower_accounts_controller.rb
+++ b/app/controllers/api/v1/accounts/follower_accounts_controller.rb
@@ -0,0 +1,68 @@
 # frozen_string_literal: true
 class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read }
  before_action :set_account
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @accounts = load_accounts
    render json: @accounts, each_serializer: REST::AccountSerializer
  end
  private
  def set_account
    @account = Account.find(params[:account_id])
  end
  def load_accounts
    default_accounts.merge(paginated_follows).to_a
  end
  def default_accounts
    Account.includes(:active_relationships).references(:active_relationships)
  end
  def paginated_follows
    Follow.where(target_account: @account).paginate_by_max_id(
      limit_param(DEFAULT_ACCOUNTS_LIMIT),
      params[:max_id],
      params[:since_id]
    )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    if records_continue?
      api_v1_account_followers_url pagination_params(max_id: pagination_max_id)
    end
  end
  def prev_path
    unless @accounts.empty?
      api_v1_account_followers_url pagination_params(since_id: pagination_since_id)
    end
  end
  def pagination_max_id
    @accounts.last.active_relationships.first.id
  end
  def pagination_since_id
    @accounts.first.active_relationships.first.id
  end
  def records_continue?
    @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
  end
  def pagination_params(core_params)
    params.permit(:limit).merge(core_params)
  end
 end
--- a/app/controllers/api/v1/accounts/following_accounts_controller.rb
+++ b/app/controllers/api/v1/accounts/following_accounts_controller.rb
@@ -0,0 +1,68 @@
 # frozen_string_literal: true
 class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read }
  before_action :set_account
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @accounts = load_accounts
    render json: @accounts, each_serializer: REST::AccountSerializer
  end
  private
  def set_account
    @account = Account.find(params[:account_id])
  end
  def load_accounts
    default_accounts.merge(paginated_follows).to_a
  end
  def default_accounts
    Account.includes(:passive_relationships).references(:passive_relationships)
  end
  def paginated_follows
    Follow.where(account: @account).paginate_by_max_id(
      limit_param(DEFAULT_ACCOUNTS_LIMIT),
      params[:max_id],
      params[:since_id]
    )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    if records_continue?
      api_v1_account_following_index_url pagination_params(max_id: pagination_max_id)
    end
  end
  def prev_path
    unless @accounts.empty?
      api_v1_account_following_index_url pagination_params(since_id: pagination_since_id)
    end
  end
  def pagination_max_id
    @accounts.last.passive_relationships.first.id
  end
  def pagination_since_id
    @accounts.first.passive_relationships.first.id
  end
  def records_continue?
    @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
  end
  def pagination_params(core_params)
    params.permit(:limit).merge(core_params)
  end
 end
--- a/app/controllers/api/v1/accounts/relationships_controller.rb
+++ b/app/controllers/api/v1/accounts/relationships_controller.rb
@@ -0,0 +1,23 @@
 # frozen_string_literal: true
 class Api::V1::Accounts::RelationshipsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read }
  before_action :require_user!
  respond_to :json
  def index
    @accounts = Account.where(id: account_ids).select('id')
    render json: @accounts, each_serializer: REST::RelationshipSerializer, relationships: relationships
  end
  private
  def relationships
    AccountRelationshipsPresenter.new(@accounts, current_user.account_id)
  end
  def account_ids
    @_account_ids ||= Array(params[:id]).map(&:to_i)
  end
 end
--- a/app/controllers/api/v1/accounts/search_controller.rb
+++ b/app/controllers/api/v1/accounts/search_controller.rb
@@ -0,0 +1,28 @@
 # frozen_string_literal: true
 class Api::V1::Accounts::SearchController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read }
  before_action :require_user!
  respond_to :json
  def show
    @accounts = account_search
    render json: @accounts, each_serializer: REST::AccountSerializer
  end
  private
  def account_search
    AccountSearchService.new.call(
      params[:q],
      limit_param(DEFAULT_ACCOUNTS_LIMIT),
      resolving_search?,
      current_account
    )
  end
  def resolving_search?
    params[:resolve] == 'true'
  end
 end
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@@ -0,0 +1,91 @@
 # frozen_string_literal: true
 class Api::V1::Accounts::StatusesController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read }
  before_action :set_account
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @statuses = load_statuses
    render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
  end
  private
  def set_account
    @account = Account.find(params[:account_id])
  end
  def load_statuses
    cached_account_statuses
  end
  def cached_account_statuses
    cache_collection account_statuses, Status
  end
  def account_statuses
    default_statuses.tap do |statuses|
      statuses.merge!(only_media_scope) if params[:only_media]
      statuses.merge!(no_replies_scope) if params[:exclude_replies]
    end
  end
  def default_statuses
    permitted_account_statuses.paginate_by_max_id(
      limit_param(DEFAULT_STATUSES_LIMIT),
      params[:max_id],
      params[:since_id]
    )
  end
  def permitted_account_statuses
    @account.statuses.permitted_for(@account, current_account)
  end
  def only_media_scope
    Status.where(id: account_media_status_ids)
  end
  def account_media_status_ids
    @account.media_attachments.attached.reorder(nil).select(:status_id).distinct
  end
  def no_replies_scope
    Status.without_replies
  end
  def pagination_params(core_params)
    params.permit(:limit, :only_media, :exclude_replies).merge(core_params)
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    if records_continue?
      api_v1_account_statuses_url pagination_params(max_id: pagination_max_id)
    end
  end
  def prev_path
    unless @statuses.empty?
      api_v1_account_statuses_url pagination_params(since_id: pagination_since_id)
    end
  end
  def records_continue?
    @statuses.size == limit_param(DEFAULT_STATUSES_LIMIT)
  end
  def pagination_max_id
    @statuses.last.id
  end
  def pagination_since_id
    @statuses.first.id
  end
 end
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -1,132 +1,45 @@
 # frozen_string_literal: true
-class Api::V1::AccountsController < ApiController
+class Api::V1::AccountsController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read }, except: [:follow, :unfollow, :block, :unblock, :mute, :unmute, :update_credentials]
+  before_action -> { doorkeeper_authorize! :read }, except: [:follow, :unfollow, :block, :unblock, :mute, :unmute]
  before_action -> { doorkeeper_authorize! :follow }, only: [:follow, :unfollow, :block, :unblock, :mute, :unmute]
-  before_action -> { doorkeeper_authorize! :write }, only: [:update_credentials]
+  before_action :require_user!, except: [:show]
-  before_action :require_user!, except: [:show, :following, :followers, :statuses]
+  before_action :set_account
  before_action :set_account, except: [:verify_credentials, :update_credentials, :suggestions, :search]
  respond_to :json
-  def show; end
+  def show
-
+    render json: @account, serializer: REST::AccountSerializer
  def verify_credentials
    @account = current_user.account
    render :show
  end
  def update_credentials
    current_account.update!(account_params)
    @account = current_account
    render :show
  end
  def following
    @accounts = Account.includes(:passive_relationships)
                       .references(:passive_relationships)
                       .merge(Follow.where(account: @account)
                                    .paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id]))
                       .to_a
    next_path = following_api_v1_account_url(pagination_params(max_id: @accounts.last.passive_relationships.first.id))     if @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
    prev_path = following_api_v1_account_url(pagination_params(since_id: @accounts.first.passive_relationships.first.id)) unless @accounts.empty?
    set_pagination_headers(next_path, prev_path)
    render :index
  end
  def followers
    @accounts = Account.includes(:active_relationships)
                       .references(:active_relationships)
                       .merge(Follow.where(target_account: @account)
                                    .paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT),
                                                        params[:max_id],
                                                        params[:since_id]))
                       .to_a
    next_path = followers_api_v1_account_url(pagination_params(max_id: @accounts.last.active_relationships.first.id))     if @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
    prev_path = followers_api_v1_account_url(pagination_params(since_id: @accounts.first.active_relationships.first.id)) unless @accounts.empty?
    set_pagination_headers(next_path, prev_path)
    render :index
  end
  def statuses
    @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
    @statuses = @statuses.where(id: MediaAttachment.where(account: @account).where.not(status_id: nil).reorder('').select('distinct status_id')) if params[:only_media]
    @statuses = @statuses.without_replies if params[:exclude_replies]
    @statuses = cache_collection(@statuses, Status)
    set_maps(@statuses)
    next_path = statuses_api_v1_account_url(statuses_pagination_params(max_id: @statuses.last.id))    if @statuses.size == limit_param(DEFAULT_STATUSES_LIMIT)
    prev_path = statuses_api_v1_account_url(statuses_pagination_params(since_id: @statuses.first.id)) unless @statuses.empty?
    set_pagination_headers(next_path, prev_path)
  end
  def follow
    FollowService.new.call(current_user.account, @account.acct)
-    set_relationship
+    render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
    render :relationship
  end
  def block
    BlockService.new.call(current_user.account, @account)
-
+    render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
    @following       = { @account.id => false }
    @followed_by     = { @account.id => false }
    @blocking        = { @account.id => true }
    @requested       = { @account.id => false }
    @muting          = { @account.id => current_account.muting?(@account.id) }
    @domain_blocking = { @account.id => current_account.domain_blocking?(@account.domain) }
    render :relationship
  end
  def mute
    MuteService.new.call(current_user.account, @account)
-    set_relationship
+    render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
    render :relationship
  end
  def unfollow
    UnfollowService.new.call(current_user.account, @account)
-    set_relationship
+    render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
    render :relationship
  end
  def unblock
    UnblockService.new.call(current_user.account, @account)
-    set_relationship
+    render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
    render :relationship
  end
  def unmute
    UnmuteService.new.call(current_user.account, @account)
-    set_relationship
+    render json: @account, serializer: REST::RelationshipSerializer, relationships: relationships
    render :relationship
  end
  def relationships
    ids = params[:id].is_a?(Enumerable) ? params[:id].map(&:to_i) : [params[:id].to_i]
    @accounts        = Account.where(id: ids).select('id')
    @following       = Account.following_map(ids, current_user.account_id)
    @followed_by     = Account.followed_by_map(ids, current_user.account_id)
    @blocking        = Account.blocking_map(ids, current_user.account_id)
    @muting          = Account.muting_map(ids, current_user.account_id)
    @requested       = Account.requested_map(ids, current_user.account_id)
    @domain_blocking = Account.domain_blocking_map(ids, current_user.account_id)
  end
  def search
    @accounts = AccountSearchService.new.call(params[:q], limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:resolve] == 'true', current_account)
    render :index
  end
  private
@@ -135,24 +48,7 @@ class Api::V1::AccountsController < ApiController
    @account = Account.find(params[:id])
  end
-  def set_relationship
+  def relationships
-    @following       = Account.following_map([@account.id], current_user.account_id)
+    AccountRelationshipsPresenter.new([@account.id], current_user.account_id)
    @followed_by     = Account.followed_by_map([@account.id], current_user.account_id)
    @blocking        = Account.blocking_map([@account.id], current_user.account_id)
    @muting          = Account.muting_map([@account.id], current_user.account_id)
    @requested       = Account.requested_map([@account.id], current_user.account_id)
    @domain_blocking = Account.domain_blocking_map([@account.id], current_user.account_id)
  end
  def pagination_params(core_params)
    params.permit(:limit).merge(core_params)
  end
  def statuses_pagination_params(core_params)
    params.permit(:limit, :only_media, :exclude_replies).merge(core_params)
  end
  def account_params
    params.permit(:display_name, :note, :avatar, :header)
  end
 end
--- a/app/controllers/api/v1/apps_controller.rb
+++ b/app/controllers/api/v1/apps_controller.rb
@@ -1,14 +1,28 @@
 # frozen_string_literal: true
-class Api::V1::AppsController < ApiController
+class Api::V1::AppsController < Api::BaseController
  respond_to :json
  def create
-    @app = Doorkeeper::Application.create!(name: app_params[:client_name], redirect_uri: app_params[:redirect_uris], scopes: (app_params[:scopes] || Doorkeeper.configuration.default_scopes), website: app_params[:website])
+    @app = Doorkeeper::Application.create!(application_options)
    render json: @app, serializer: REST::ApplicationSerializer
  end
  private
  def application_options
    {
      name: app_params[:client_name],
      redirect_uri: app_params[:redirect_uris],
      scopes: app_scopes_or_default,
      website: app_params[:website],
    }
  end
  def app_scopes_or_default
    app_params[:scopes] || Doorkeeper.configuration.default_scopes
  end
  def app_params
    params.permit(:client_name, :redirect_uris, :scopes, :website)
  end
--- a/app/controllers/api/v1/blocks_controller.rb
+++ b/app/controllers/api/v1/blocks_controller.rb
@@ -1,26 +1,63 @@
 # frozen_string_literal: true
-class Api::V1::BlocksController < ApiController
+class Api::V1::BlocksController < Api::BaseController
  before_action -> { doorkeeper_authorize! :follow }
  before_action :require_user!
  after_action :insert_pagination_headers
  respond_to :json
  def index
-    @accounts = Account.includes(:blocked_by)
+    @accounts = load_accounts
-                       .references(:blocked_by)
+    render json: @accounts, each_serializer: REST::AccountSerializer
                       .merge(Block.where(account: current_account)
                                   .paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id]))
                       .to_a
    next_path = api_v1_blocks_url(pagination_params(max_id: @accounts.last.blocked_by_ids.last))     if @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
    prev_path = api_v1_blocks_url(pagination_params(since_id: @accounts.first.blocked_by_ids.first)) unless @accounts.empty?
    set_pagination_headers(next_path, prev_path)
  end
  private
  def load_accounts
    default_accounts.merge(paginated_blocks).to_a
  end
  def default_accounts
    Account.includes(:blocked_by).references(:blocked_by)
  end
  def paginated_blocks
    Block.where(account: current_account).paginate_by_max_id(
      limit_param(DEFAULT_ACCOUNTS_LIMIT),
      params[:max_id],
      params[:since_id]
    )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    if records_continue?
      api_v1_blocks_url pagination_params(max_id: pagination_max_id)
    end
  end
  def prev_path
    unless @accounts.empty?
      api_v1_blocks_url pagination_params(since_id: pagination_since_id)
    end
  end
  def pagination_max_id
    @accounts.last.blocked_by_ids.last
  end
  def pagination_since_id
    @accounts.first.blocked_by_ids.first
  end
  def records_continue?
    @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
  end
  def pagination_params(core_params)
    params.permit(:limit).merge(core_params)
  end
--- a/app/controllers/api/v1/domain_blocks_controller.rb
+++ b/app/controllers/api/v1/domain_blocks_controller.rb
@@ -1,18 +1,16 @@
 # frozen_string_literal: true
-class Api::V1::DomainBlocksController < ApiController
+class Api::V1::DomainBlocksController < Api::BaseController
  BLOCK_LIMIT = 100
  before_action -> { doorkeeper_authorize! :follow }
  before_action :require_user!
  after_action :insert_pagination_headers, only: :show
  respond_to :json
  def show
-    @blocks = AccountDomainBlock.where(account: current_account).paginate_by_max_id(limit_param(100), params[:max_id], params[:since_id])
+    @blocks = load_domain_blocks
    next_path = api_v1_domain_blocks_url(pagination_params(max_id: @blocks.last.id))    if @blocks.size == limit_param(100)
    prev_path = api_v1_domain_blocks_url(pagination_params(since_id: @blocks.first.id)) unless @blocks.empty?
    set_pagination_headers(next_path, prev_path)
    render json: @blocks.map(&:domain)
  end
@@ -28,6 +26,46 @@ class Api::V1::DomainBlocksController < ApiController
  private
  def load_domain_blocks
    account_domain_blocks.paginate_by_max_id(
      limit_param(BLOCK_LIMIT),
      params[:max_id],
      params[:since_id]
    )
  end
  def account_domain_blocks
    current_account.domain_blocks
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    if records_continue?
      api_v1_domain_blocks_url pagination_params(max_id: pagination_max_id)
    end
  end
  def prev_path
    unless @blocks.empty?
      api_v1_domain_blocks_url pagination_params(since_id: pagination_since_id)
    end
  end
  def pagination_max_id
    @blocks.last.id
  end
  def pagination_since_id
    @blocks.first.id
  end
  def records_continue?
    @blocks.size == limit_param(BLOCK_LIMIT)
  end
  def pagination_params(core_params)
    params.permit(:limit).merge(core_params)
  end
--- a/app/controllers/api/v1/favourites_controller.rb
+++ b/app/controllers/api/v1/favourites_controller.rb
@@ -1,25 +1,72 @@
 # frozen_string_literal: true
-class Api::V1::FavouritesController < ApiController
+class Api::V1::FavouritesController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read }
  before_action :require_user!
  after_action :insert_pagination_headers
  respond_to :json
  def index
-    results   = Favourite.where(account: current_account).paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
+    @statuses = load_statuses
-    @statuses = cache_collection(Status.where(id: results.map(&:status_id)), Status)
+    render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
    set_maps(@statuses)
    next_path = api_v1_favourites_url(pagination_params(max_id: results.last.id))    if results.size == limit_param(DEFAULT_STATUSES_LIMIT)
    prev_path = api_v1_favourites_url(pagination_params(since_id: results.first.id)) unless results.empty?
    set_pagination_headers(next_path, prev_path)
  end
  private
  def load_statuses
    cached_favourites
  end
  def cached_favourites
    cache_collection(
      Status.where(
        id: results.map(&:status_id)
      ),
      Status
    )
  end
  def results
    @_results ||= account_favourites.paginate_by_max_id(
      limit_param(DEFAULT_STATUSES_LIMIT),
      params[:max_id],
      params[:since_id]
    )
  end
  def account_favourites
    current_account.favourites
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    if records_continue?
      api_v1_favourites_url pagination_params(max_id: pagination_max_id)
    end
  end
  def prev_path
    unless results.empty?
      api_v1_favourites_url pagination_params(since_id: pagination_since_id)
    end
  end
  def pagination_max_id
    results.last.id
  end
  def pagination_since_id
    results.first.id
  end
  def records_continue?
    results.size == limit_param(DEFAULT_STATUSES_LIMIT)
  end
  def pagination_params(core_params)
    params.permit(:limit).merge(core_params)
  end
--- a/app/controllers/api/v1/follow_requests_controller.rb
+++ b/app/controllers/api/v1/follow_requests_controller.rb
@@ -1,34 +1,75 @@
 # frozen_string_literal: true
-class Api::V1::FollowRequestsController < ApiController
+class Api::V1::FollowRequestsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :follow }
  before_action :require_user!
  after_action :insert_pagination_headers, only: :index
  def index
-    @accounts = Account.includes(:follow_requests)
+    @accounts = load_accounts
-                       .references(:follow_requests)
+    render json: @accounts, each_serializer: REST::AccountSerializer
                       .merge(FollowRequest.where(target_account: current_account)
                                           .paginate_by_max_id(DEFAULT_ACCOUNTS_LIMIT, params[:max_id], params[:since_id]))
                       .to_a
    next_path = api_v1_follow_requests_url(pagination_params(max_id: @accounts.last.follow_requests.last.id))     if @accounts.size == DEFAULT_ACCOUNTS_LIMIT
    prev_path = api_v1_follow_requests_url(pagination_params(since_id: @accounts.first.follow_requests.first.id)) unless @accounts.empty?
    set_pagination_headers(next_path, prev_path)
  end
  def authorize
-    AuthorizeFollowService.new.call(Account.find(params[:id]), current_account)
+    AuthorizeFollowService.new.call(account, current_account)
    render_empty
  end
  def reject
-    RejectFollowService.new.call(Account.find(params[:id]), current_account)
+    RejectFollowService.new.call(account, current_account)
    render_empty
  end
  private
  def account
    Account.find(params[:id])
  end
  def load_accounts
    default_accounts.merge(paginated_follow_requests).to_a
  end
  def default_accounts
    Account.includes(:follow_requests).references(:follow_requests)
  end
  def paginated_follow_requests
    FollowRequest.where(target_account: current_account).paginate_by_max_id(
      limit_param(DEFAULT_ACCOUNTS_LIMIT),
      params[:max_id],
      params[:since_id]
    )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    if records_continue?
      api_v1_follow_requests_url pagination_params(max_id: pagination_max_id)
    end
  end
  def prev_path
    unless @accounts.empty?
      api_v1_follow_requests_url pagination_params(since_id: pagination_since_id)
    end
  end
  def pagination_max_id
    @accounts.last.follow_requests.last.id
  end
  def pagination_since_id
    @accounts.first.follow_requests.first.id
  end
  def records_continue?
    @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
  end
  def pagination_params(core_params)
    params.permit(:limit).merge(core_params)
  end
--- a/app/controllers/api/v1/follows_controller.rb
+++ b/app/controllers/api/v1/follows_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-class Api::V1::FollowsController < ApiController
+class Api::V1::FollowsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :follow }
  before_action :require_user!
@@ -10,7 +10,7 @@ class Api::V1::FollowsController < ApiController
    raise ActiveRecord::RecordNotFound if follow_params[:uri].blank?
    @account = FollowService.new.call(current_user.account, target_uri).try(:target_account)
-    render :show
+    render json: @account, serializer: REST::AccountSerializer
  end
  private
--- a/app/controllers/api/v1/instances_controller.rb
+++ b/app/controllers/api/v1/instances_controller.rb
@@ -1,7 +1,9 @@
 # frozen_string_literal: true
-class Api::V1::InstancesController < ApiController
+class Api::V1::InstancesController < Api::BaseController
  respond_to :json
-  def show; end
+  def show
    render json: {}, serializer: REST::InstanceSerializer
  end
 end
--- a/app/controllers/api/v1/media_controller.rb
+++ b/app/controllers/api/v1/media_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-class Api::V1::MediaController < ApiController
+class Api::V1::MediaController < Api::BaseController
  before_action -> { doorkeeper_authorize! :write }
  before_action :require_user!
@@ -10,11 +10,12 @@ class Api::V1::MediaController < ApiController
  respond_to :json
  def create
-    @media = MediaAttachment.create!(account: current_user.account, file: media_params[:file])
+    @media = current_account.media_attachments.create!(file: media_params[:file])
    render json: @media, serializer: REST::MediaAttachmentSerializer
  rescue Paperclip::Errors::NotIdentifiedByImageMagickError
-    render json: { error: 'File type of uploaded media could not be verified' }, status: 422
+    render json: file_type_error, status: 422
  rescue Paperclip::Error
-    render json: { error: 'Error processing thumbnail for uploaded media' }, status: 500
+    render json: processing_error, status: 500
  end
  private
@@ -22,4 +23,12 @@ class Api::V1::MediaController < ApiController
  def media_params
    params.permit(:file)
  end
  def file_type_error
    { error: 'File type of uploaded media could not be verified' }
  end
  def processing_error
    { error: 'Error processing thumbnail for uploaded media' }
  end
 end
--- a/app/controllers/api/v1/mutes_controller.rb
+++ b/app/controllers/api/v1/mutes_controller.rb
@@ -1,26 +1,63 @@
 # frozen_string_literal: true
-class Api::V1::MutesController < ApiController
+class Api::V1::MutesController < Api::BaseController
  before_action -> { doorkeeper_authorize! :follow }
  before_action :require_user!
  after_action :insert_pagination_headers
  respond_to :json
  def index
-    @accounts = Account.includes(:muted_by)
+    @accounts = load_accounts
-                       .references(:muted_by)
+    render json: @accounts, each_serializer: REST::AccountSerializer
                       .merge(Mute.where(account: current_account)
                                  .paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id]))
                       .to_a
    next_path = api_v1_mutes_url(pagination_params(max_id: @accounts.last.muted_by_ids.last))     if @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
    prev_path = api_v1_mutes_url(pagination_params(since_id: @accounts.first.muted_by_ids.first)) unless @accounts.empty?
    set_pagination_headers(next_path, prev_path)
  end
  private
  def load_accounts
    default_accounts.merge(paginated_mutes).to_a
  end
  def default_accounts
    Account.includes(:muted_by).references(:muted_by)
  end
  def paginated_mutes
    Mute.where(account: current_account).paginate_by_max_id(
      limit_param(DEFAULT_ACCOUNTS_LIMIT),
      params[:max_id],
      params[:since_id]
    )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    if records_continue?
      api_v1_mutes_url pagination_params(max_id: pagination_max_id)
    end
  end
  def prev_path
    unless @accounts.empty?
      api_v1_mutes_url pagination_params(since_id: pagination_since_id)
    end
  end
  def pagination_max_id
    @accounts.last.muted_by_ids.last
  end
  def pagination_since_id
    @accounts.first.muted_by_ids.first
  end
  def records_continue?
    @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
  end
  def pagination_params(core_params)
    params.permit(:limit).merge(core_params)
  end
--- a/app/controllers/api/v1/notifications_controller.rb
+++ b/app/controllers/api/v1/notifications_controller.rb
@@ -1,42 +1,80 @@
 # frozen_string_literal: true
-class Api::V1::NotificationsController < ApiController
+class Api::V1::NotificationsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read }
  before_action :require_user!
  after_action :insert_pagination_headers, only: :index
  respond_to :json
  DEFAULT_NOTIFICATIONS_LIMIT = 15
  def index
-    @notifications = Notification.where(account: current_account).browserable(exclude_types).paginate_by_max_id(limit_param(DEFAULT_NOTIFICATIONS_LIMIT), params[:max_id], params[:since_id])
+    @notifications = load_notifications
-    @notifications = cache_collection(@notifications, Notification)
+    render json: @notifications, each_serializer: REST::NotificationSerializer, relationships: StatusRelationshipsPresenter.new(target_statuses_from_notifications, current_user&.account_id)
    statuses       = @notifications.select { |n| !n.target_status.nil? }.map(&:target_status)
    set_maps(statuses)
    next_path = api_v1_notifications_url(pagination_params(max_id: @notifications.last.id))    unless @notifications.empty?
    prev_path = api_v1_notifications_url(pagination_params(since_id: @notifications.first.id)) unless @notifications.empty?
    set_pagination_headers(next_path, prev_path)
  end
  def show
-    @notification = Notification.where(account: current_account).find(params[:id])
+    @notification = current_account.notifications.find(params[:id])
    render json: @notification, serializer: REST::NotificationSerializer
  end
  def clear
-    Notification.where(account: current_account).delete_all
+    current_account.notifications.delete_all
    render_empty
  end
  def dismiss
-    Notification.find_by!(account: current_account, id: params[:id]).destroy!
+    current_account.notifications.find_by!(id: params[:id]).destroy!
    render_empty
  end
  private
  def load_notifications
    cache_collection paginated_notifications, Notification
  end
  def paginated_notifications
    browserable_account_notifications.paginate_by_max_id(
      limit_param(DEFAULT_NOTIFICATIONS_LIMIT),
      params[:max_id],
      params[:since_id]
    )
  end
  def browserable_account_notifications
    current_account.notifications.browserable(exclude_types)
  end
  def target_statuses_from_notifications
    @notifications.reject { |notification| notification.target_status.nil? }.map(&:target_status)
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    unless @notifications.empty?
      api_v1_notifications_url pagination_params(max_id: pagination_max_id)
    end
  end
  def prev_path
    unless @notifications.empty?
      api_v1_notifications_url pagination_params(since_id: pagination_since_id)
    end
  end
  def pagination_max_id
    @notifications.last.id
  end
  def pagination_since_id
    @notifications.first.id
  end
  def exclude_types
    val = params.permit(exclude_types: [])[:exclude_types] || []
    val = [val] unless val.is_a?(Enumerable)
--- a/app/controllers/api/v1/reports_controller.rb
+++ b/app/controllers/api/v1/reports_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-class Api::V1::ReportsController < ApiController
+class Api::V1::ReportsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read }, except: [:create]
  before_action -> { doorkeeper_authorize! :write }, only:  [:create]
  before_action :require_user!
@@ -8,22 +8,36 @@ class Api::V1::ReportsController < ApiController
  respond_to :json
  def index
-    @reports = Report.where(account: current_account)
+    @reports = current_account.reports
    render json: @reports, each_serializer: REST::ReportSerializer
  end
  def create
-    status_ids = report_params[:status_ids].is_a?(Enumerable) ? report_params[:status_ids] : [report_params[:status_ids]]
+    @report = current_account.reports.create!(
      target_account: reported_account,
      status_ids: reported_status_ids,
      comment: report_params[:comment]
    )
-    @report = Report.create!(account: current_account,
+    User.admins.includes(:account).each { |u| AdminMailer.new_report(u.account, @report).deliver_later }
                             target_account: Account.find(report_params[:account_id]),
                             status_ids: Status.find(status_ids).pluck(:id),
                             comment: report_params[:comment])
-    render :show
+    render json: @report, serializer: REST::ReportSerializer
  end
  private
  def reported_status_ids
    Status.find(status_ids).pluck(:id)
  end
  def status_ids
    Array(report_params[:status_ids])
  end
  def reported_account
    Account.find(report_params[:account_id])
  end
  def report_params
    params.permit(:account_id, :comment, status_ids: [])
  end
--- a/app/controllers/api/v1/search_controller.rb
+++ b/app/controllers/api/v1/search_controller.rb
@@ -1,9 +1,30 @@
 # frozen_string_literal: true
-class Api::V1::SearchController < ApiController
+class Api::V1::SearchController < Api::BaseController
  RESULTS_LIMIT = 5
  before_action -> { doorkeeper_authorize! :read }
  before_action :require_user!
  respond_to :json
  def index
-    @search = OpenStruct.new(SearchService.new.call(params[:q], 5, params[:resolve] == 'true', current_account))
+    @search = Search.new(search_results)
    render json: @search, serializer: REST::SearchSerializer
  end
  private
  def search_results
    SearchService.new.call(
      params[:q],
      RESULTS_LIMIT,
      resolving_search?,
      current_account
    )
  end
  def resolving_search?
    params[:resolve] == 'true'
  end
 end
--- a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
+++ b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
@@ -0,0 +1,82 @@
 # frozen_string_literal: true
 class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController
  include Authorization
  before_action :authorize_if_got_token
  before_action :set_status
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @accounts = load_accounts
    render json: @accounts, each_serializer: REST::AccountSerializer
  end
  private
  def load_accounts
    default_accounts.merge(paginated_favourites).to_a
  end
  def default_accounts
    Account
      .includes(:favourites)
      .references(:favourites)
      .where(favourites: { status_id: @status.id })
  end
  def paginated_favourites
    Favourite.paginate_by_max_id(
      limit_param(DEFAULT_ACCOUNTS_LIMIT),
      params[:max_id],
      params[:since_id]
    )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    if records_continue?
      api_v1_status_favourited_by_index_url pagination_params(max_id: pagination_max_id)
    end
  end
  def prev_path
    unless @accounts.empty?
      api_v1_status_favourited_by_index_url pagination_params(since_id: pagination_since_id)
    end
  end
  def pagination_max_id
    @accounts.last.favourites.last.id
  end
  def pagination_since_id
    @accounts.first.favourites.first.id
  end
  def records_continue?
    @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
  end
  def set_status
    @status = Status.find(params[:status_id])
    authorize @status, :show?
  rescue Mastodon::NotPermittedError
    # Reraise in order to get a 404 instead of a 403 error code
    raise ActiveRecord::RecordNotFound
  end
  def authorize_if_got_token
    request_token = Doorkeeper::OAuth::Token.from_request(request, *Doorkeeper.configuration.access_token_methods)
    doorkeeper_authorize! :read if request_token
  end
  def pagination_params(core_params)
    params.permit(:limit).merge(core_params)
  end
 end
--- a/app/controllers/api/v1/statuses/favourites_controller.rb
+++ b/app/controllers/api/v1/statuses/favourites_controller.rb
@@ -0,0 +1,38 @@
 # frozen_string_literal: true
 class Api::V1::Statuses::FavouritesController < Api::BaseController
  include Authorization
  before_action -> { doorkeeper_authorize! :write }
  before_action :require_user!
  respond_to :json
  def create
    @status = favourited_status
    render json: @status, serializer: REST::StatusSerializer
  end
  def destroy
    @status = requested_status
    @favourites_map = { @status.id => false }
    UnfavouriteWorker.perform_async(current_user.account_id, @status.id)
    render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_user&.account_id, favourites_map: @favourites_map)
  end
  private
  def favourited_status
    service_result.status.reload
  end
  def service_result
    FavouriteService.new.call(current_user.account, requested_status)
  end
  def requested_status
    Status.find(params[:status_id])
  end
 end
--- a/app/controllers/api/v1/statuses/mutes_controller.rb
+++ b/app/controllers/api/v1/statuses/mutes_controller.rb
@@ -0,0 +1,41 @@
 # frozen_string_literal: true
 class Api::V1::Statuses::MutesController < Api::BaseController
  include Authorization
  before_action -> { doorkeeper_authorize! :write }
  before_action :require_user!
  before_action :set_status
  before_action :set_conversation
  respond_to :json
  def create
    current_account.mute_conversation!(@conversation)
    @mutes_map = { @conversation.id => true }
    render json: @status, serializer: REST::StatusSerializer
  end
  def destroy
    current_account.unmute_conversation!(@conversation)
    @mutes_map = { @conversation.id => false }
    render json: @status, serializer: REST::StatusSerializer
  end
  private
  def set_status
    @status = Status.find(params[:status_id])
    authorize @status, :show?
  rescue Mastodon::NotPermittedError
    # Reraise in order to get a 404 instead of a 403 error code
    raise ActiveRecord::RecordNotFound
  end
  def set_conversation
    @conversation = @status.conversation
    raise Mastodon::ValidationError if @conversation.nil?
  end
 end
--- a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
@@ -0,0 +1,79 @@
 # frozen_string_literal: true
 class Api::V1::Statuses::RebloggedByAccountsController < Api::BaseController
  include Authorization
  before_action :authorize_if_got_token
  before_action :set_status
  after_action :insert_pagination_headers
  respond_to :json
  def index
    @accounts = load_accounts
    render json: @accounts, each_serializer: REST::AccountSerializer
  end
  private
  def load_accounts
    default_accounts.merge(paginated_statuses).to_a
  end
  def default_accounts
    Account.includes(:statuses).references(:statuses)
  end
  def paginated_statuses
    Status.where(reblog_of_id: @status.id).paginate_by_max_id(
      limit_param(DEFAULT_ACCOUNTS_LIMIT),
      params[:max_id],
      params[:since_id]
    )
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def next_path
    if records_continue?
      api_v1_status_reblogged_by_index_url pagination_params(max_id: pagination_max_id)
    end
  end
  def prev_path
    unless @accounts.empty?
      api_v1_status_reblogged_by_index_url pagination_params(since_id: pagination_since_id)
    end
  end
  def pagination_max_id
    @accounts.last.statuses.last.id
  end
  def pagination_since_id
    @accounts.first.statuses.first.id
  end
  def records_continue?
    @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
  end
  def set_status
    @status = Status.find(params[:status_id])
    authorize @status, :show?
  rescue Mastodon::NotPermittedError
    # Reraise in order to get a 404 instead of a 403 error code
    raise ActiveRecord::RecordNotFound
  end
  def authorize_if_got_token
    request_token = Doorkeeper::OAuth::Token.from_request(request, *Doorkeeper.configuration.access_token_methods)
    doorkeeper_authorize! :read if request_token
  end
  def pagination_params(core_params)
    params.permit(:limit).merge(core_params)
  end
 end
--- a/app/controllers/api/v1/statuses/reblogs_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogs_controller.rb
@@ -0,0 +1,35 @@
 # frozen_string_literal: true
 class Api::V1::Statuses::ReblogsController < Api::BaseController
  include Authorization
  before_action -> { doorkeeper_authorize! :write }
  before_action :require_user!
  respond_to :json
  def create
    @status = ReblogService.new.call(current_user.account, status_for_reblog)
    render json: @status, serializer: REST::StatusSerializer
  end
  def destroy
    @status = status_for_destroy.reblog
    @reblogs_map = { @status.id => false }
    authorize status_for_destroy, :unreblog?
    RemovalWorker.perform_async(status_for_destroy.id)
    render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_user&.account_id, reblogs_map: @reblogs_map)
  end
  private
  def status_for_reblog
    Status.find params[:status_id]
  end
  def status_for_destroy
    current_user.account.statuses.where(reblog_of_id: params[:status_id]).first!
  end
 end
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -1,17 +1,19 @@
 # frozen_string_literal: true
-class Api::V1::StatusesController < ApiController
+class Api::V1::StatusesController < Api::BaseController
-  before_action :authorize_if_got_token, except:            [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite, :mute, :unmute]
+  include Authorization
-  before_action -> { doorkeeper_authorize! :write }, only:  [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite, :mute, :unmute]
+
-  before_action :require_user!, except:  [:show, :context, :card, :reblogged_by, :favourited_by]
+  before_action :authorize_if_got_token, except:            [:create, :destroy]
-  before_action :set_status, only:       [:show, :context, :card, :reblogged_by, :favourited_by, :mute, :unmute]
+  before_action -> { doorkeeper_authorize! :write }, only:  [:create, :destroy]
-  before_action :set_conversation, only: [:mute, :unmute]
+  before_action :require_user!, except:  [:show, :context, :card]
  before_action :set_status, only:       [:show, :context, :card]
  respond_to :json
  def show
    cached  = Rails.cache.read(@status.cache_key)
    @status = cached unless cached.nil?
    render json: @status, serializer: REST::StatusSerializer
  end
  def context
@@ -20,45 +22,20 @@ class Api::V1::StatusesController < ApiController
    loaded_ancestors    = cache_collection(ancestors_results, Status)
    loaded_descendants  = cache_collection(descendants_results, Status)
-    @context = OpenStruct.new(ancestors: loaded_ancestors, descendants: loaded_descendants)
+    @context = Context.new(ancestors: loaded_ancestors, descendants: loaded_descendants)
-    statuses = [@status] + @context[:ancestors] + @context[:descendants]
+    statuses = [@status] + @context.ancestors + @context.descendants
-    set_maps(statuses)
+    render json: @context, serializer: REST::ContextSerializer, relationships: StatusRelationshipsPresenter.new(statuses, current_user&.account_id)
  end
  def card
    @card = PreviewCard.find_by(status: @status)
-    render_empty if @card.nil?
+
    if @card.nil?
      render_empty
    else
      render json: @card, serializer: REST::PreviewCardSerializer
    end
  def reblogged_by
    @accounts = Account.includes(:statuses)
                       .references(:statuses)
                       .merge(Status.where(reblog_of_id: @status.id)
                                    .paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id]))
                       .to_a
    next_path = reblogged_by_api_v1_status_url(pagination_params(max_id: @accounts.last.statuses.last.id))     if @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
    prev_path = reblogged_by_api_v1_status_url(pagination_params(since_id: @accounts.first.statuses.first.id)) unless @accounts.empty?
    set_pagination_headers(next_path, prev_path)
    render :accounts
  end
  def favourited_by
    @accounts = Account.includes(:favourites)
                       .references(:favourites)
                       .where(favourites: { status_id: @status.id })
                       .merge(Favourite.paginate_by_max_id(limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:max_id], params[:since_id]))
                       .to_a
    next_path = favourited_by_api_v1_status_url(pagination_params(max_id: @accounts.last.favourites.last.id))     if @accounts.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
    prev_path = favourited_by_api_v1_status_url(pagination_params(since_id: @accounts.first.favourites.first.id)) unless @accounts.empty?
    set_pagination_headers(next_path, prev_path)
    render :accounts
  end
  def create
@@ -72,70 +49,26 @@ class Api::V1::StatusesController < ApiController
                                         application: doorkeeper_token.application,
                                         idempotency: request.headers['Idempotency-Key'])
-    render :show
+    render json: @status, serializer: REST::StatusSerializer
  end
  def destroy
    @status = Status.where(account_id: current_user.account).find(params[:id])
    authorize @status, :destroy?
    RemovalWorker.perform_async(@status.id)
    render_empty
  end
  def reblog
    @status = ReblogService.new.call(current_user.account, Status.find(params[:id]))
    render :show
  end
  def unreblog
    reblog       = Status.where(account_id: current_user.account, reblog_of_id: params[:id]).first!
    @status      = reblog.reblog
    @reblogs_map = { @status.id => false }
    RemovalWorker.perform_async(reblog.id)
    render :show
  end
  def favourite
    @status = FavouriteService.new.call(current_user.account, Status.find(params[:id])).status.reload
    render :show
  end
  def unfavourite
    @status         = Status.find(params[:id])
    @favourites_map = { @status.id => false }
    UnfavouriteWorker.perform_async(current_user.account_id, @status.id)
    render :show
  end
  def mute
    current_account.mute_conversation!(@conversation)
    @mutes_map = { @conversation.id => true }
    render :show
  end
  def unmute
    current_account.unmute_conversation!(@conversation)
    @mutes_map = { @conversation.id => false }
    render :show
  end
  private
  def set_status
    @status = Status.find(params[:id])
-    raise ActiveRecord::RecordNotFound unless @status.permitted?(current_account)
+    authorize @status, :show?
-  end
+  rescue Mastodon::NotPermittedError
-
+    # Reraise in order to get a 404 instead of a 403 error code
-  def set_conversation
+    raise ActiveRecord::RecordNotFound
    @conversation = @status.conversation
    raise Mastodon::ValidationError if @conversation.nil?
  end
  def status_params
--- a/app/controllers/api/v1/streaming_controller.rb
+++ b/app/controllers/api/v1/streaming_controller.rb
@@ -0,0 +1,15 @@
 # frozen_string_literal: true
 class Api::V1::StreamingController < Api::BaseController
  respond_to :json
  def index
    if Rails.configuration.x.streaming_api_base_url != request.host
      uri = URI.parse(request.url)
      uri.host = URI.parse(Rails.configuration.x.streaming_api_base_url).host
      redirect_to uri.to_s, status: 301
    else
      raise ActiveRecord::RecordNotFound
    end
  end
 end
--- a/app/controllers/api/v1/timelines/base_controller.rb
+++ b/app/controllers/api/v1/timelines/base_controller.rb
@@ -1,30 +0,0 @@
 # frozen_string_literal: true
 module Api::V1::Timelines
  class BaseController < ApiController
    respond_to :json
    after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
    private
    def cache_collection(raw)
      super(raw, Status)
    end
    def pagination_params(core_params)
      params.permit(:local, :limit).merge(core_params)
    end
    def insert_pagination_headers
      set_pagination_headers(next_path, prev_path)
    end
    def next_path
      raise 'Override in child controllers'
    end
    def prev_path
      raise 'Override in child controllers'
    end
  end
 end
--- a/app/controllers/api/v1/timelines/home_controller.rb
+++ b/app/controllers/api/v1/timelines/home_controller.rb
@@ -1,24 +1,25 @@
 # frozen_string_literal: true
-module Api::V1::Timelines
+class Api::V1::Timelines::HomeController < Api::BaseController
  class HomeController < BaseController
  before_action -> { doorkeeper_authorize! :read }, only: [:show]
  before_action :require_user!, only: [:show]
  after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
  respond_to :json
  def show
    @statuses = load_statuses
    render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
  end
  private
  def load_statuses
-      cached_home_statuses.tap do |statuses|
+    cached_home_statuses
        set_maps(statuses)
      end
  end
  def cached_home_statuses
-      cache_collection home_statuses
+    cache_collection home_statuses, Status
  end
  def home_statuses
@@ -33,12 +34,27 @@ module Api::V1::Timelines
    Feed.new(:home, current_account)
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def pagination_params(core_params)
    params.permit(:local, :limit).merge(core_params)
  end
  def next_path
-      api_v1_timelines_home_url pagination_params(max_id: @statuses.last.id)
+    api_v1_timelines_home_url pagination_params(max_id: pagination_max_id)
  end
  def prev_path
-      api_v1_timelines_home_url pagination_params(since_id: @statuses.first.id)
+    api_v1_timelines_home_url pagination_params(since_id: pagination_since_id)
  end
  def pagination_max_id
    @statuses.last.id
  end
  def pagination_since_id
    @statuses.first.id
  end
 end
--- a/app/controllers/api/v1/timelines/public_controller.rb
+++ b/app/controllers/api/v1/timelines/public_controller.rb
@@ -1,21 +1,23 @@
 # frozen_string_literal: true
-module Api::V1::Timelines
+class Api::V1::Timelines::PublicController < Api::BaseController
-  class PublicController < BaseController
+  after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
  respond_to :json
  def show
    @statuses = load_statuses
    render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
  end
  private
  def load_statuses
-      cached_public_statuses.tap do |statuses|
+    cached_public_statuses
        set_maps(statuses)
      end
  end
  def cached_public_statuses
-      cache_collection public_statuses
+    cache_collection public_statuses, Status
  end
  def public_statuses
@@ -30,12 +32,27 @@ module Api::V1::Timelines
    Status.as_public_timeline(current_account, params[:local])
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def pagination_params(core_params)
    params.permit(:local, :limit).merge(core_params)
  end
  def next_path
-      api_v1_timelines_public_url pagination_params(max_id: @statuses.last.id)
+    api_v1_timelines_public_url pagination_params(max_id: pagination_max_id)
  end
  def prev_path
-      api_v1_timelines_public_url pagination_params(since_id: @statuses.first.id)
+    api_v1_timelines_public_url pagination_params(since_id: pagination_since_id)
  end
  def pagination_max_id
    @statuses.last.id
  end
  def pagination_since_id
    @statuses.first.id
  end
 end
--- a/app/controllers/api/v1/timelines/tag_controller.rb
+++ b/app/controllers/api/v1/timelines/tag_controller.rb
@@ -1,11 +1,14 @@
 # frozen_string_literal: true
-module Api::V1::Timelines
+class Api::V1::Timelines::TagController < Api::BaseController
  class TagController < BaseController
  before_action :load_tag
  after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
  respond_to :json
  def show
    @statuses = load_statuses
    render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
  end
  private
@@ -15,13 +18,11 @@ module Api::V1::Timelines
  end
  def load_statuses
-      cached_tagged_statuses.tap do |statuses|
+    cached_tagged_statuses
        set_maps(statuses)
      end
  end
  def cached_tagged_statuses
-      cache_collection tagged_statuses
+    cache_collection tagged_statuses, Status
  end
  def tagged_statuses
@@ -40,12 +41,27 @@ module Api::V1::Timelines
    Status.as_tag_timeline(@tag, current_account, params[:local])
  end
  def insert_pagination_headers
    set_pagination_headers(next_path, prev_path)
  end
  def pagination_params(core_params)
    params.permit(:local, :limit).merge(core_params)
  end
  def next_path
-      api_v1_timelines_tag_url params[:id], pagination_params(max_id: @statuses.last.id)
+    api_v1_timelines_tag_url params[:id], pagination_params(max_id: pagination_max_id)
  end
  def prev_path
-      api_v1_timelines_tag_url params[:id], pagination_params(since_id: @statuses.first.id)
+    api_v1_timelines_tag_url params[:id], pagination_params(since_id: pagination_since_id)
  end
  def pagination_max_id
    @statuses.last.id
  end
  def pagination_since_id
    @statuses.first.id
  end
 end
--- a/app/controllers/api/web/push_subscriptions_controller.rb
+++ b/app/controllers/api/web/push_subscriptions_controller.rb
@@ -0,0 +1,52 @@
 # frozen_string_literal: true
 class Api::Web::PushSubscriptionsController < Api::BaseController
  respond_to :json
  before_action :require_user!
  def create
    params.require(:subscription).require(:endpoint)
    params.require(:subscription).require(:keys).require([:auth, :p256dh])
    active_session = current_session
    unless active_session.web_push_subscription.nil?
      active_session.web_push_subscription.destroy!
      active_session.update!(web_push_subscription: nil)
    end
    # Mobile devices do not support regular notifications, so we enable push notifications by default
    alerts_enabled = active_session.detection.device.mobile? || active_session.detection.device.tablet?
    data = {
      alerts: {
        follow: alerts_enabled,
        favourite: alerts_enabled,
        reblog: alerts_enabled,
        mention: alerts_enabled,
      },
    }
    web_subscription = ::Web::PushSubscription.create!(
      endpoint: params[:subscription][:endpoint],
      key_p256dh: params[:subscription][:keys][:p256dh],
      key_auth: params[:subscription][:keys][:auth],
      data: data
    )
    active_session.update!(web_push_subscription: web_subscription)
    render json: web_subscription.as_payload
  end
  def update
    params.require([:id, :data])
    web_subscription = ::Web::PushSubscription.find(params[:id])
    web_subscription.update!(data: params[:data])
    render json: web_subscription.as_payload
  end
 end
--- a/app/controllers/api/web/settings_controller.rb
+++ b/app/controllers/api/web/settings_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-class Api::Web::SettingsController < ApiController
+class Api::Web::SettingsController < Api::BaseController
  respond_to :json
  before_action :require_user!
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -11,6 +11,7 @@ class ApplicationController < ActionController::Base
  include UserTrackingConcern
  helper_method :current_account
  helper_method :current_session
  helper_method :single_user_mode?
  rescue_from ActionController::RoutingError, with: :not_found
@@ -68,6 +69,10 @@ class ApplicationController < ActionController::Base
    @current_account ||= current_user.try(:account)
  end
  def current_session
    @current_session ||= SessionActivation.find_by(session_id: cookies.signed['_session_id'])
  end
  def cache_collection(raw, klass)
    return raw unless klass.respond_to?(:with_includes)
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@@ -5,6 +5,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
  before_action :check_enabled_registrations, only: [:new, :create]
  before_action :configure_sign_up_params, only: [:create]
  before_action :set_sessions, only: [:edit, :update]
  def destroy
    not_found
@@ -41,4 +42,8 @@ class Auth::RegistrationsController < Devise::RegistrationsController
  def determine_layout
    %w(edit update).include?(action_name) ? 'admin' : 'auth'
  end
  def set_sessions
    @sessions = current_user.session_activations
  end
 end
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -27,7 +27,7 @@ class Auth::SessionsController < Devise::SessionsController
    if session[:otp_user_id]
      User.find(session[:otp_user_id])
    elsif user_params[:email]
-      User.find_by(email: user_params[:email])
+      User.find_for_authentication(email: user_params[:email])
    end
  end
--- a/app/controllers/authorize_follows_controller.rb
+++ b/app/controllers/authorize_follows_controller.rb
@@ -15,7 +15,7 @@ class AuthorizeFollowsController < ApplicationController
    if @account.nil?
      render :error
    else
-      redirect_to web_url("accounts/#{@account.id}")
+      render :success
    end
  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    render :error
@@ -40,7 +40,7 @@ class AuthorizeFollowsController < ApplicationController
  end
  def account_from_remote_follow
-    FollowRemoteAccountService.new.call(acct_without_prefix)
+    ResolveRemoteAccountService.new.call(acct_without_prefix)
  end
  def acct_param_is_url?
--- a/app/controllers/concerns/authorization.rb
+++ b/app/controllers/concerns/authorization.rb
@@ -0,0 +1,22 @@
 # frozen_string_literal: true
 module Authorization
  extend ActiveSupport::Concern
  include Pundit
  def pundit_user
    current_account
  end
  def authorize(*)
    super
  rescue Pundit::NotAuthorizedError
    raise Mastodon::NotPermittedError
  end
  def authorize_with(user, record, query)
    Pundit.authorize(user, record, query)
  rescue Pundit::NotAuthorizedError
    raise Mastodon::NotPermittedError
  end
 end
--- a/app/controllers/concerns/export_controller_concern.rb
+++ b/app/controllers/concerns/export_controller_concern.rb
@@ -0,0 +1,30 @@
 # frozen_string_literal: true
 module ExportControllerConcern
  extend ActiveSupport::Concern
  included do
    before_action :authenticate_user!
    before_action :load_export
  end
  private
  def load_export
    @export = Export.new(current_account)
  end
  def send_export_file
    respond_to do |format|
      format.csv { send_data export_data, filename: export_filename }
    end
  end
  def export_data
    raise 'Override in controller'
  end
  def export_filename
    "#{controller_name}.csv"
  end
 end
--- a/app/controllers/concerns/localized.rb
+++ b/app/controllers/concerns/localized.rb
@@ -17,12 +17,24 @@ module Localized
  end
  def default_locale
-    ENV.fetch('DEFAULT_LOCALE') do
+    request_locale || env_locale || I18n.default_locale
      user_supplied_locale || I18n.default_locale
    end
  end
-  def user_supplied_locale
+  def env_locale
-    http_accept_language.language_region_compatible_from(I18n.available_locales)
+    ENV['DEFAULT_LOCALE']
  end
  def request_locale
    preferred_locale || compatible_locale
  end
  def preferred_locale
    http_accept_language.preferred_language_from([env_locale]) ||
      http_accept_language.preferred_language_from(I18n.available_locales)
  end
  def compatible_locale
    http_accept_language.compatible_language_from([env_locale]) ||
      http_accept_language.compatible_language_from(I18n.available_locales)
  end
 end
--- a/app/controllers/concerns/obfuscate_filename.rb
+++ b/app/controllers/concerns/obfuscate_filename.rb
@@ -4,19 +4,13 @@ module ObfuscateFilename
  extend ActiveSupport::Concern
  class_methods do
    def obfuscate_filename(*args)
      before_action { obfuscate_filename(*args) }
    end
  end
    def obfuscate_filename(path)
      before_action do
        file = params.dig(*path)
-    return if file.nil?
+        next if file.nil?
-    file.original_filename = secure_token + File.extname(file.original_filename)
+        file.original_filename = SecureRandom.hex(8) + File.extname(file.original_filename)
      end
    end
  def secure_token(length = 16)
    SecureRandom.hex(length / 2)
  end
 end
--- a/app/controllers/concerns/rate_limit_headers.rb
+++ b/app/controllers/concerns/rate_limit_headers.rb
@@ -0,0 +1,57 @@
 # frozen_string_literal: true
 module RateLimitHeaders
  extend ActiveSupport::Concern
  included do
    before_action :set_rate_limit_headers, if: :rate_limited_request?
  end
  private
  def set_rate_limit_headers
    apply_header_limit
    apply_header_remaining
    apply_header_reset
  end
  def rate_limited_request?
    !request.env['rack.attack.throttle_data'].nil?
  end
  def apply_header_limit
    response.headers['X-RateLimit-Limit'] = rate_limit_limit
  end
  def rate_limit_limit
    api_throttle_data[:limit].to_s
  end
  def apply_header_remaining
    response.headers['X-RateLimit-Remaining'] = rate_limit_remaining
  end
  def rate_limit_remaining
    (api_throttle_data[:limit] - api_throttle_data[:count]).to_s
  end
  def apply_header_reset
    response.headers['X-RateLimit-Reset'] = rate_limit_reset
  end
  def rate_limit_reset
    (request_time + reset_period_offset).iso8601(6)
  end
  def api_throttle_data
    request.env['rack.attack.throttle_data']['api']
  end
  def request_time
    @_request_time ||= Time.now.utc
  end
  def reset_period_offset
    api_throttle_data[:period] - request_time.to_i % api_throttle_data[:period]
  end
 end
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -0,0 +1,87 @@
 # frozen_string_literal: true
 # Implemented according to HTTP signatures (Draft 6)
 # <https://tools.ietf.org/html/draft-cavage-http-signatures-06>
 module SignatureVerification
  extend ActiveSupport::Concern
  def signed_request?
    request.headers['Signature'].present?
  end
  def signed_request_account
    return @signed_request_account if defined?(@signed_request_account)
    unless signed_request?
      @signed_request_account = nil
      return
    end
    raw_signature    = request.headers['Signature']
    signature_params = {}
    raw_signature.split(',').each do |part|
      parsed_parts = part.match(/([a-z]+)="([^"]+)"/i)
      next if parsed_parts.nil? || parsed_parts.size != 3
      signature_params[parsed_parts[1]] = parsed_parts[2]
    end
    if incompatible_signature?(signature_params)
      @signed_request_account = nil
      return
    end
    account = ResolveRemoteAccountService.new.call(signature_params['keyId'].gsub(/\Aacct:/, ''))
    if account.nil?
      @signed_request_account = nil
      return
    end
    signature             = Base64.decode64(signature_params['signature'])
    compare_signed_string = build_signed_string(signature_params['headers'])
    if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
      @signed_request_account = account
      @signed_request_account
    else
      @signed_request_account = nil
    end
  end
  private
  def build_signed_string(signed_headers)
    signed_headers = 'date' if signed_headers.blank?
    signed_headers.split(' ').map do |signed_header|
      if signed_header == Request::REQUEST_TARGET
        "#{Request::REQUEST_TARGET}: #{request.method.downcase} #{request.path}"
      else
        "#{signed_header}: #{request.headers[to_header_name(signed_header)]}"
      end
    end.join("\n")
  end
  def matches_time_window?
    begin
      time_sent = DateTime.httpdate(request.headers['Date'])
    rescue ArgumentError
      return false
    end
    (Time.now.utc - time_sent).abs <= 30
  end
  def to_header_name(name)
    name.split(/-/).map(&:capitalize).join('-')
  end
  def incompatible_signature?(signature_params)
    signature_params['keyId'].blank? ||
      signature_params['signature'].blank? ||
      signature_params['algorithm'].blank? ||
      signature_params['algorithm'] != 'rsa-sha256' ||
      !signature_params['keyId'].start_with?('acct:')
  end
 end
--- a/app/controllers/concerns/user_tracking_concern.rb
+++ b/app/controllers/concerns/user_tracking_concern.rb
@@ -17,7 +17,7 @@ module UserTrackingConcern
    current_user.update_tracked_fields!(request)
    # Regenerate feed if needed
-    RegenerationWorker.perform_async(current_user.account_id) if user_needs_feed_update?
+    regenerate_feed! if user_needs_feed_update?
  end
  def user_needs_sign_in_update?
@@ -27,4 +27,9 @@ module UserTrackingConcern
  def user_needs_feed_update?
    current_user.last_sign_in_at < REGENERATE_FEED_DAYS.days.ago
  end
  def regenerate_feed!
    Redis.current.setnx("account:#{current_user.account_id}:regeneration", true) == 1 && Redis.current.expire("account:#{current_user.account_id}:regeneration", 3_600 * 24)
    RegenerationWorker.perform_async(current_user.account_id)
  end
 end
--- a/app/controllers/follower_accounts_controller.rb
+++ b/app/controllers/follower_accounts_controller.rb
@@ -5,5 +5,24 @@ class FollowerAccountsController < ApplicationController
  def index
    @follows = Follow.where(target_account: @account).recent.page(params[:page]).per(FOLLOW_PER_PAGE).preload(:account)
    respond_to do |format|
      format.html
      format.json do
        render json: collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter
      end
    end
  end
  private
  def collection_presenter
    ActivityPub::CollectionPresenter.new(
      id: account_followers_url(@account),
      type: :ordered,
      size: @account.followers_count,
      items: @follows.map { |f| ActivityPub::TagManager.instance.uri_for(f.account) }
    )
  end
 end
--- a/app/controllers/following_accounts_controller.rb
+++ b/app/controllers/following_accounts_controller.rb
@@ -5,5 +5,24 @@ class FollowingAccountsController < ApplicationController
  def index
    @follows = Follow.where(account: @account).recent.page(params[:page]).per(FOLLOW_PER_PAGE).preload(:target_account)
    respond_to do |format|
      format.html
      format.json do
        render json: collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter
      end
    end
  end
  private
  def collection_presenter
    ActivityPub::CollectionPresenter.new(
      id: account_following_index_url(@account),
      type: :ordered,
      size: @account.following_count,
      items: @follows.map { |f| ActivityPub::TagManager.instance.uri_for(f.target_account) }
    )
  end
 end
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -2,13 +2,10 @@
 class HomeController < ApplicationController
  before_action :authenticate_user!
  before_action :set_initial_state_json
  def index
    @body_classes = 'app-body'
    @token                  = find_or_create_access_token.token
    @web_settings           = Web::Setting.find_by(user: current_user)&.data || {}
    @admin                  = Account.find_local(Setting.site_contact_username)
    @streaming_api_base_url = Rails.configuration.x.streaming_api_base_url
  end
  private
@@ -17,13 +14,18 @@ class HomeController < ApplicationController
    redirect_to(single_user_mode? ? account_path(Account.first) : about_path) unless user_signed_in?
  end
-  def find_or_create_access_token
+  def set_initial_state_json
-    Doorkeeper::AccessToken.find_or_create_for(
+    serializable_resource = ActiveModelSerializers::SerializableResource.new(InitialStatePresenter.new(initial_state_params), serializer: InitialStateSerializer)
-      Doorkeeper::Application.where(superapp: true).first,
+    @initial_state_json   = serializable_resource.to_json
-      current_user.id,
+  end
-      Doorkeeper::OAuth::Scopes.from_string('read write follow'),
+
-      Doorkeeper.configuration.access_token_expires_in,
+  def initial_state_params
-      Doorkeeper.configuration.refresh_token_enabled?
+    {
-    )
+      settings: Web::Setting.find_by(user: current_user)&.data || {},
      push_subscription: current_account.user.web_push_subscription(current_session),
      current_account: current_account,
      token: current_session.token,
      admin: Account.find_local(Setting.site_contact_username),
    }
  end
 end
--- a/app/controllers/manifests_controller.rb
+++ b/app/controllers/manifests_controller.rb
@@ -0,0 +1,11 @@
 # frozen_string_literal: true
 class ManifestsController < ApplicationController
  before_action :set_instance_presenter
  def show; end
  def set_instance_presenter
    @instance_presenter = InstancePresenter.new
  end
 end
--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 class MediaController < ApplicationController
  include Authorization
  before_action :verify_permitted_status
  def show
@@ -14,6 +16,9 @@ class MediaController < ApplicationController
  end
  def verify_permitted_status
-    raise ActiveRecord::RecordNotFound unless media_attachment.status.permitted?(current_account)
+    authorize media_attachment.status, :show?
  rescue Mastodon::NotPermittedError
    # Reraise in order to get a 404 instead of a 403 error code
    raise ActiveRecord::RecordNotFound
  end
 end
--- a/app/controllers/settings/deletes_controller.rb
+++ b/app/controllers/settings/deletes_controller.rb
@@ -0,0 +1,32 @@
 # frozen_string_literal: true
 class Settings::DeletesController < ApplicationController
  layout 'admin'
  before_action :check_enabled_deletion
  before_action :authenticate_user!
  def show
    @confirmation = Form::DeleteConfirmation.new
  end
  def destroy
    if current_user.valid_password?(delete_params[:password])
      Admin::SuspensionWorker.perform_async(current_user.account_id, true)
      sign_out
      redirect_to new_user_session_path, notice: I18n.t('deletes.success_msg')
    else
      redirect_to settings_delete_path, alert: I18n.t('deletes.bad_password_msg')
    end
  end
  private
  def check_enabled_deletion
    redirect_to root_path unless Setting.open_deletion
  end
  def delete_params
    params.require(:form_delete_confirmation).permit(:password)
  end
 end
--- a/app/controllers/settings/exports/base_controller.rb
+++ b/app/controllers/settings/exports/base_controller.rb
@@ -1,23 +0,0 @@
 # frozen_string_literal: true
 module Settings
  module Exports
    class BaseController < ApplicationController
      before_action :authenticate_user!
      def index
        @export = Export.new(current_account)
        respond_to do |format|
          format.csv { send_data export_data, filename: export_filename }
        end
      end
      private
      def export_filename
        "#{controller_name}.csv"
      end
    end
  end
 end
--- a/app/controllers/settings/exports/blocked_accounts_controller.rb
+++ b/app/controllers/settings/exports/blocked_accounts_controller.rb
@@ -2,7 +2,13 @@
 module Settings
  module Exports
-    class BlockedAccountsController < BaseController
+    class BlockedAccountsController < ApplicationController
      include ExportControllerConcern
      def index
        send_export_file
      end
      private
      def export_data
--- a/app/controllers/settings/exports/following_accounts_controller.rb
+++ b/app/controllers/settings/exports/following_accounts_controller.rb
@@ -2,7 +2,13 @@
 module Settings
  module Exports
-    class FollowingAccountsController < BaseController
+    class FollowingAccountsController < ApplicationController
      include ExportControllerConcern
      def index
        send_export_file
      end
      private
      def export_data
--- a/app/controllers/settings/exports/muted_accounts_controller.rb
+++ b/app/controllers/settings/exports/muted_accounts_controller.rb
@@ -2,7 +2,13 @@
 module Settings
  module Exports
-    class MutedAccountsController < BaseController
+    class MutedAccountsController < ApplicationController
      include ExportControllerConcern
      def index
        send_export_file
      end
      private
      def export_data
--- a/app/controllers/settings/follower_domains_controller.rb
+++ b/app/controllers/settings/follower_domains_controller.rb
@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 require 'sidekiq-bulk'
 class Settings::FollowerDomainsController < ApplicationController
  layout 'admin'
@@ -13,8 +15,8 @@ class Settings::FollowerDomainsController < ApplicationController
  def update
    domains = bulk_params[:select] || []
-    domains.each do |domain|
+    SoftBlockDomainFollowersWorker.push_bulk(domains) do |domain|
-      SoftBlockDomainFollowersWorker.perform_async(current_account.id, domain)
+      [current_account.id, domain]
    end
    redirect_to settings_follower_domains_path, notice: I18n.t('followers.success', count: domains.size)
--- a/app/controllers/settings/preferences_controller.rb
+++ b/app/controllers/settings/preferences_controller.rb
@@ -34,8 +34,13 @@ class Settings::PreferencesController < ApplicationController
  def user_settings_params
    params.require(:user).permit(
      :setting_default_privacy,
      :setting_default_sensitive,
      :setting_unfollow_modal,
      :setting_boost_modal,
      :setting_delete_modal,
      :setting_auto_play_gif,
      :setting_system_font_ui,
      :setting_noindex,
      notification_emails: %i(follow follow_request reblog favourite mention digest),
      interactions: %i(must_be_follower must_be_following)
    )
--- a/app/controllers/settings/sessions_controller.rb
+++ b/app/controllers/settings/sessions_controller.rb
@@ -0,0 +1,17 @@
 # frozen_string_literal: true
 class Settings::SessionsController < ApplicationController
  before_action :set_session, only: :destroy
  def destroy
    @session.destroy!
    flash[:notice] = I18n.t('sessions.revoke_success')
    redirect_to edit_user_registration_path
  end
  private
  def set_session
    @session = current_user.session_activations.find(params[:id])
  end
 end
--- a/app/controllers/settings/two_factor_authentications_controller.rb
+++ b/app/controllers/settings/two_factor_authentications_controller.rb
@@ -7,7 +7,9 @@ module Settings
    before_action :authenticate_user!
    before_action :verify_otp_required, only: [:create]
-    def show; end
+    def show
      @confirmation = Form::TwoFactorConfirmation.new
    end
    def create
      current_user.otp_secret = User.generate_otp_secret(32)
@@ -16,13 +18,23 @@ module Settings
    end
    def destroy
      if current_user.validate_and_consume_otp!(confirmation_params[:code])
        current_user.otp_required_for_login = false
        current_user.save!
        redirect_to settings_two_factor_authentication_path
      else
        flash.now[:alert] = I18n.t('two_factor_authentication.wrong_code')
        @confirmation = Form::TwoFactorConfirmation.new
        render :show
      end
    end
    private
    def confirmation_params
      params.require(:form_two_factor_confirmation).permit(:code)
    end
    def verify_otp_required
      redirect_to settings_two_factor_authentication_path if current_user.otp_required_for_login?
    end
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 class StatusesController < ApplicationController
  include Authorization
  layout 'public'
  before_action :set_account
@@ -9,12 +11,24 @@ class StatusesController < ApplicationController
  before_action :check_account_suspension
  def show
    respond_to do |format|
      format.html do
        @ancestors   = @status.reply? ? cache_collection(@status.ancestors(current_account), Status) : []
        @descendants = cache_collection(@status.descendants(current_account), Status)
        render 'stream_entries/show'
      end
      format.json do
        render json: @status, serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter
      end
    end
  end
  def activity
    render json: @status, serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter
  end
  private
  def set_account
@@ -30,7 +44,10 @@ class StatusesController < ApplicationController
    @stream_entry = @status.stream_entry
    @type         = @stream_entry.activity_type.downcase
-    raise ActiveRecord::RecordNotFound unless @status.permitted?(current_account)
+    authorize @status, :show?
  rescue Mastodon::NotPermittedError
    # Reraise in order to get a 404
    raise ActiveRecord::RecordNotFound
  end
  def check_account_suspension
--- a/app/controllers/stream_entries_controller.rb
+++ b/app/controllers/stream_entries_controller.rb
@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 class StreamEntriesController < ApplicationController
  include Authorization
  include SignatureVerification
  layout 'public'
  before_action :set_account
@@ -16,7 +19,7 @@ class StreamEntriesController < ApplicationController
      end
      format.atom do
-        render xml: AtomSerializer.render(AtomSerializer.new.entry(@stream_entry, true))
+        render xml: OStatus::AtomSerializer.render(OStatus::AtomSerializer.new.entry(@stream_entry, true))
      end
    end
  end
@@ -42,7 +45,11 @@ class StreamEntriesController < ApplicationController
    @stream_entry = @account.stream_entries.where(activity_type: 'Status').find(params[:id])
    @type         = @stream_entry.activity_type.downcase
-    raise ActiveRecord::RecordNotFound if @stream_entry.activity.nil? || (@stream_entry.hidden? && !@stream_entry.activity.permitted?(current_account))
+    raise ActiveRecord::RecordNotFound if @stream_entry.activity.nil?
    authorize @stream_entry.activity, :show? if @stream_entry.hidden?
  rescue Mastodon::NotPermittedError
    # Reraise in order to get a 404
    raise ActiveRecord::RecordNotFound
  end
  def check_account_suspension
--- a/app/controllers/tags_controller.rb
+++ b/app/controllers/tags_controller.rb
@@ -5,7 +5,26 @@ class TagsController < ApplicationController
  def show
    @tag      = Tag.find_by!(name: params[:id].downcase)
-    @statuses = @tag.nil? ? [] : Status.as_tag_timeline(@tag, current_account, params[:local]).paginate_by_max_id(20, params[:max_id])
+    @statuses = Status.as_tag_timeline(@tag, current_account, params[:local]).paginate_by_max_id(20, params[:max_id])
    @statuses = cache_collection(@statuses, Status)
    respond_to do |format|
      format.html
      format.json do
        render json: collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter
      end
    end
  end
  private
  def collection_presenter
    ActivityPub::CollectionPresenter.new(
      id: tag_url(@tag),
      type: :ordered,
      size: @tag.statuses.count,
      items: @statuses.map { |s| ActivityPub::TagManager.instance.uri_for(s) }
    )
  end
 end
--- a/app/controllers/well_known/host_meta_controller.rb
+++ b/app/controllers/well_known/host_meta_controller.rb
@@ -2,6 +2,8 @@
 module WellKnown
  class HostMetaController < ApplicationController
    include RoutingHelper
    def show
      @webfinger_template = "#{webfinger_url}?resource={uri}"
--- a/app/controllers/well_known/webfinger_controller.rb
+++ b/app/controllers/well_known/webfinger_controller.rb
@@ -2,6 +2,8 @@
 module WellKnown
  class WebfingerController < ApplicationController
    include RoutingHelper
    def show
      @account = Account.find_local!(username_from_resource)
      @canonical_account_uri = @account.to_webfinger_s
--- a/app/helpers/activitystreams2_builder_helper.rb
+++ b/app/helpers/activitystreams2_builder_helper.rb
@@ -1,8 +0,0 @@
 # frozen_string_literal: true
 module Activitystreams2BuilderHelper
  # Gets a usable name for an account, using display name or username.
  def account_name(account)
    account.display_name.presence || account.username
  end
 end
--- a/app/helpers/admin/filter_helper.rb
+++ b/app/helpers/admin/filter_helper.rb
@@ -6,15 +6,21 @@ module Admin::FilterHelper
  FILTERS = ACCOUNT_FILTERS + REPORT_FILTERS
-  def filter_link_to(text, more_params)
+  def filter_link_to(text, link_to_params, link_class_params = link_to_params)
-    new_url = filtered_url_for(more_params)
+    new_url = filtered_url_for(link_to_params)
-    link_to text, new_url, class: filter_link_class(new_url)
+    new_class = filtered_url_for(link_class_params)
    link_to text, new_url, class: filter_link_class(new_class)
  end
  def table_link_to(icon, text, path, options = {})
    link_to safe_join([fa_icon(icon), text]), path, options.merge(class: 'table-action-link')
  end
  def selected?(more_params)
    new_url = filtered_url_for(more_params)
    filter_link_class(new_url) == 'selected' ? true : false
  end
  private
  def filter_params(more_params)
--- a/Show More
+++ b/Show More