Merge tag 'v4.2.28'

2026-02-25 03:32:41 +00:00 · 2025-12-09 00:33:50 +08:00 · 2025-12-09 00:33:50 +08:00 · df5c2456a2
commit df5c2456a2
parent 336c698c79 998e9cedd3
20 changed files with 45 additions and 23 deletions
--- a/app/controllers/activitypub/replies_controller.rb
+++ b/app/controllers/activitypub/replies_controller.rb
@ -27,7 +27,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
  def set_status
    @status = @account.statuses.find(params[:status_id])
    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

--- a/app/controllers/api/v1/polls/votes_controller.rb
+++ b/app/controllers/api/v1/polls/votes_controller.rb
@ -17,7 +17,7 @@ class Api::V1::Polls::VotesController < Api::BaseController
  def set_poll
    @poll = Poll.attached.find(params[:poll_id])
    authorize @poll.status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

--- a/app/controllers/api/v1/polls_controller.rb
+++ b/app/controllers/api/v1/polls_controller.rb
@ -17,7 +17,7 @@ class Api::V1::PollsController < Api::BaseController
  def set_poll
    @poll = Poll.attached.find(params[:id])
    authorize @poll.status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

--- a/app/controllers/api/v1/statuses/bookmarks_controller.rb
+++ b/app/controllers/api/v1/statuses/bookmarks_controller.rb
@ -25,7 +25,7 @@ class Api::V1::Statuses::BookmarksController < Api::BaseController
    bookmark&.destroy!

    render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, bookmarks_map: { @status.id => false })
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

@ -34,7 +34,7 @@ class Api::V1::Statuses::BookmarksController < Api::BaseController
  def set_status
    @status = Status.find(params[:status_id])
    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end
 end
--- a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
+++ b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
@ -64,7 +64,7 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController
  def set_status
    @status = Status.find(params[:status_id])
    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

--- a/app/controllers/api/v1/statuses/favourites_controller.rb
+++ b/app/controllers/api/v1/statuses/favourites_controller.rb
@ -27,7 +27,7 @@ class Api::V1::Statuses::FavouritesController < Api::BaseController

    relationships = StatusRelationshipsPresenter.new([@status], current_account.id, favourites_map: { @status.id => false }, attributes_map: { @status.id => { favourites_count: count } })
    render json: @status, serializer: REST::StatusSerializer, relationships: relationships
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

@ -36,7 +36,7 @@ class Api::V1::Statuses::FavouritesController < Api::BaseController
  def set_status
    @status = Status.find(params[:status_id])
    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end
 end
--- a/app/controllers/api/v1/statuses/histories_controller.rb
+++ b/app/controllers/api/v1/statuses/histories_controller.rb
@ -20,7 +20,7 @@ class Api::V1::Statuses::HistoriesController < Api::BaseController
  def set_status
    @status = Status.find(params[:status_id])
    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end
 end
--- a/app/controllers/api/v1/statuses/mutes_controller.rb
+++ b/app/controllers/api/v1/statuses/mutes_controller.rb
@ -27,7 +27,7 @@ class Api::V1::Statuses::MutesController < Api::BaseController
  def set_status
    @status = Status.find(params[:status_id])
    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

--- a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
@ -60,7 +60,7 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::BaseController
  def set_status
    @status = Status.find(params[:status_id])
    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

--- a/app/controllers/api/v1/statuses/reblogs_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogs_controller.rb
@ -36,7 +36,7 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController

    relationships = StatusRelationshipsPresenter.new([@status], current_account.id, reblogs_map: { @reblog.id => false }, attributes_map: { @reblog.id => { reblogs_count: count } })
    render json: @reblog, serializer: REST::StatusSerializer, relationships: relationships
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

@ -45,7 +45,7 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController
  def set_reblog
    @reblog = Status.find(params[:status_id])
    authorize @reblog, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

--- a/app/controllers/api/v1/statuses/sources_controller.rb
+++ b/app/controllers/api/v1/statuses/sources_controller.rb
@ -15,7 +15,7 @@ class Api::V1::Statuses::SourcesController < Api::BaseController
  def set_status
    @status = Status.find(params[:status_id])
    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end
 end
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@ -118,7 +118,7 @@ class Api::V1::StatusesController < Api::BaseController
  def set_status
    @status = Status.find(params[:id])
    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

--- a/app/controllers/api/web/embeds_controller.rb
+++ b/app/controllers/api/web/embeds_controller.rb
@ -30,7 +30,7 @@ class Api::Web::EmbedsController < Api::Web::BaseController
  def set_status
    @status = Status.find(params[:id])
    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end
 end
--- a/app/controllers/authorize_interactions_controller.rb
+++ b/app/controllers/authorize_interactions_controller.rb
@ -21,7 +21,7 @@ class AuthorizeInteractionsController < ApplicationController
  def set_resource
    @resource = located_resource
    authorize(@resource, :show?) if @resource.is_a?(Status)
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@ -36,7 +36,7 @@ class MediaController < ApplicationController

  def verify_permitted_status!
    authorize @media_attachment.status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@ -63,7 +63,7 @@ class StatusesController < ApplicationController
  def set_status
    @status = @account.statuses.find(params[:id])
    authorize @status, :show?
-  rescue Mastodon::NotPermittedError
+  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    not_found
  end

--- a/app/lib/activitypub/activity/update.rb
+++ b/app/lib/activitypub/activity/update.rb
@ -1,6 +1,9 @@
 # frozen_string_literal: true

 class ActivityPub::Activity::Update < ActivityPub::Activity
+  # Updates to unknown objects older than that are ignored
+  OBJECT_AGE_THRESHOLD = 1.day
+
  def perform
    @account.schedule_refresh_if_stale!

@ -28,6 +31,9 @@ class ActivityPub::Activity::Update < ActivityPub::Activity

    @status = Status.find_by(uri: object_uri, account_id: @account.id)

+    # Ignore updates for old unknown objects, since those are updates we are not interested in
+    return if @status.nil? && object_too_old?
+
    # We may be getting `Create` and `Update` out of order
    @status ||= ActivityPub::Activity::Create.new(@json, @account, **@options).perform

@ -35,4 +41,10 @@ class ActivityPub::Activity::Update < ActivityPub::Activity

    ActivityPub::ProcessStatusUpdateService.new.call(@status, @json, @object, request_id: @options[:request_id])
  end
+
+  def object_too_old?
+    @object['published'].present? && @object['published'].to_datetime < OBJECT_AGE_THRESHOLD.ago
+  rescue Date::Error
+    false
+  end
 end