Merge branch 'master' into feature-limited-visibility-bearcaps

98a2603d · Takeshi Umeda · GitHub · 7cd4ed7d · 087ed843 · 98a2603d
Unverified Commit 98a2603d authored 4 years ago by Takeshi Umeda Committed by GitHub 4 years ago
Expand all Hide whitespace changes
Inline Side-by-side

Showing

with 1121 additions and 528 deletions
+1121 -528
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@@ -30,7 +30,7 @@ plugins:
    channel: eslint-7
  rubocop:
    enabled: true
-    channel: rubocop-0-82
+    channel: rubocop-1-70
  sass-lint:
    enabled: true
 exclude_patterns:

--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
 ---
 name: Bug Report
 about: If something isn't working as expected
-
+labels: bug
 ---

 <!-- Make sure that you are submitting a new bug that was not previously reported or already fixed -->

--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
 ---
 name: Feature Request
 about: I have a suggestion
-
 ---

 <!-- Please use a concise and distinct title for the issue -->

--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -11,7 +11,7 @@ updates:
      interval: weekly
    open-pull-requests-limit: 99
    allow:
-      - dependency-type: all
+      - dependency-type: direct

  - package-ecosystem: bundler
    directory: "/"
@@ -19,4 +19,4 @@ updates:
      interval: weekly
    open-pull-requests-limit: 99
    allow:
-      - dependency-type: all
+      - dependency-type: direct
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -2,7 +2,8 @@ require:
  - rubocop-rails

 AllCops:
-  TargetRubyVersion: 2.4
+  TargetRubyVersion: 2.5
+  NewCops: disable
  Exclude:
  - 'spec/**/*'
  - 'db/**/*'
@@ -25,30 +26,68 @@ Layout/AccessModifierIndentation:
 Layout/EmptyLineAfterMagicComment:
  Enabled: false

+Layout/EmptyLineAfterGuardClause:
+  Enabled: false
+
+Layout/EmptyLinesAroundAttributeAccessor:
+  Enabled: true
+
+Layout/HashAlignment:
+  Enabled: false
+  # EnforcedHashRocketStyle: table
+  # EnforcedColonStyle: table
+
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: true
+
 Layout/SpaceInsideHashLiteralBraces:
  EnforcedStyle: space

+Lint/DeprecatedOpenSSLConstant:
+  Enabled: true
+
+Lint/DuplicateElsifCondition:
+  Enabled: true
+
+Lint/MixedRegexpCaptureTypes:
+  Enabled: true
+
+Lint/RaiseException:
+  Enabled: true
+
+Lint/StructNewOverride:
+  Enabled: true
+
 Lint/UselessAccessModifier:
  ContextCreatingMethods:
    - class_methods

 Metrics/AbcSize:
  Max: 100
+  Exclude:
+    - 'lib/mastodon/*_cli.rb'

 Metrics/BlockLength:
-  Max: 35
+  Max: 55
  Exclude:
    - 'lib/tasks/**/*'
+    - 'lib/mastodon/*_cli.rb'

 Metrics/BlockNesting:
  Max: 3
+  Exclude:
+    - 'lib/mastodon/*_cli.rb'

 Metrics/ClassLength:
  CountComments: false
-  Max: 300
+  Max: 400
+  Exclude:
+    - 'lib/mastodon/*_cli.rb'

 Metrics/CyclomaticComplexity:
  Max: 25
+  Exclude:
+    - 'lib/mastodon/*_cli.rb'

 Layout/LineLength:
  AllowURI: true
@@ -56,7 +95,9 @@ Layout/LineLength:

 Metrics/MethodLength:
  CountComments: false
-  Max: 55
+  Max: 65
+  Exclude:
+    - 'lib/mastodon/*_cli.rb'

 Metrics/ModuleLength:
  CountComments: false
@@ -67,24 +108,29 @@ Metrics/ParameterLists:
  CountKeywordArgs: true

 Metrics/PerceivedComplexity:
-  Max: 20
+  Max: 25

 Naming/MemoizedInstanceVariableName:
  Enabled: false

+Naming/MethodParameterName:
+  Enabled: true
+
 Rails:
  Enabled: true

-Rails/EnumHash:
+Rails/ApplicationController:
  Enabled: false
+  Exclude:
+    - 'app/controllers/well_known/**/*.rb'

-Rails/HasAndBelongsToMany:
+Rails/BelongsTo:
  Enabled: false

-Rails/SkipsModelValidations:
+Rails/ContentTag:
  Enabled: false

-Rails/HttpStatus:
+Rails/EnumHash:
  Enabled: false

 Rails/Exit:
@@ -92,9 +138,60 @@ Rails/Exit:
    - 'lib/mastodon/*'
    - 'lib/cli.rb'

+Rails/FilePath:
+  Enabled: false
+
+Rails/HasAndBelongsToMany:
+  Enabled: false
+
+Rails/HasManyOrHasOneDependent:
+  Enabled: false
+
 Rails/HelperInstanceVariable:
  Enabled: false

+Rails/HttpStatus:
+  Enabled: false
+
+Rails/IndexBy:
+  Enabled: false
+
+Rails/InverseOf:
+  Enabled: false
+
+Rails/LexicallyScopedActionFilter:
+  Enabled: false
+
+Rails/OutputSafety:
+  Enabled: true
+
+Rails/RakeEnvironment:
+  Enabled: false
+
+Rails/RedundantForeignKey:
+  Enabled: false
+
+Rails/SkipsModelValidations:
+  Enabled: false
+
+Rails/UniqueValidationWithoutIndex:
+  Enabled: false
+
+Style/AccessorGrouping:
+  Enabled: true
+
+Style/AccessModifierDeclarations:
+  Enabled: false
+
+Style/ArrayCoercion:
+  Enabled: true
+
+Style/BisectedAttrAccessor:
+  Enabled: true
+
+Style/CaseLikeIf:
+  Enabled: false
+
 Style/ClassAndModuleChildren:
  Enabled: false

@@ -109,6 +206,15 @@ Style/Documentation:
 Style/DoubleNegation:
  Enabled: true

+Style/ExpandPathArguments:
+  Enabled: false
+
+Style/ExponentialNotation:
+  Enabled: true
+
+Style/FormatString:
+  Enabled: false
+
 Style/FormatStringToken:
  Enabled: false

@@ -118,9 +224,33 @@ Style/FrozenStringLiteralComment:
 Style/GuardClause:
  Enabled: false

+Style/HashAsLastArrayItem:
+  Enabled: false
+
+Style/HashEachMethods:
+  Enabled: true
+
+Style/HashLikeCase:
+  Enabled: true
+
+Style/HashTransformKeys:
+  Enabled: true
+
+Style/HashTransformValues:
+  Enabled: false
+
+Style/IfUnlessModifier:
+  Enabled: false
+
+Style/InverseMethods:
+  Enabled: false
+
 Style/Lambda:
  Enabled: false

+Style/MutableConstant:
+  Enabled: false
+
 Style/PercentLiteralDelimiters:
  PreferredDelimiters:
    '%i': '()'
@@ -129,9 +259,36 @@ Style/PercentLiteralDelimiters:
 Style/PerlBackrefs:
  AutoCorrect: false

+Style/RedundantAssignment:
+  Enabled: false
+
+Style/RedundantFetchBlock:
+  Enabled: true
+
+Style/RedundantFileExtensionInRequire:
+  Enabled: true
+
+Style/RedundantRegexpCharacterClass:
+  Enabled: false
+
+Style/RedundantRegexpEscape:
+  Enabled: false
+
+Style/RedundantReturn:
+  Enabled: true
+
 Style/RegexpLiteral:
  Enabled: false

+Style/RescueStandardError:
+  Enabled: false
+
+Style/SignalException:
+  Enabled: false
+
+Style/SlicingWithRange:
+  Enabled: true
+
 Style/SymbolArray:
  Enabled: false

@@ -140,3 +297,6 @@ Style/TrailingCommaInArrayLiteral:

 Style/TrailingCommaInHashLiteral:
  EnforcedStyleForMultiline: 'comma'
+
+Style/UnpackFirst:
+  Enabled: false
--- a/.ruby-version
+++ b/.ruby-version
-2.6.6
+2.7.2
--- a/AUTHORS.md
+++ b/AUTHORS.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/Dockerfile
+++ b/Dockerfile
 FROM ubuntu:20.04 as build-dep

 # Use bash for the shell
-SHELL ["bash", "-c"]
+SHELL ["/usr/bin/bash", "-c"]

 # Install Node v12 (LTS)
-ENV NODE_VER="12.16.3"
+ENV NODE_VER="12.20.0"
 RUN ARCH= && \
    dpkgArch="$(dpkg --print-architecture)" && \
  case "${dpkgArch##*-}" in \
@@ -36,10 +36,11 @@ RUN apt update && \
 	./autogen.sh && \
 	./configure --prefix=/opt/jemalloc && \
 	make -j$(nproc) > /dev/null && \
-	make install_bin install_include install_lib
+	make install_bin install_include install_lib && \
+	cd .. && rm -rf jemalloc-$JE_VER $JE_VER.tar.gz

 # Install Ruby
-ENV RUBY_VER="2.6.6"
+ENV RUBY_VER="2.7.2"
 ENV CPPFLAGS="-I/opt/jemalloc/include"
 ENV LDFLAGS="-L/opt/jemalloc/lib/"
 RUN apt update && \
@@ -56,7 +57,8 @@ RUN apt update && \
 	  --disable-install-doc && \
 	ln -s /opt/jemalloc/lib/* /usr/lib/ && \
 	make -j$(nproc) > /dev/null && \
-	make install
+	make install && \
+	cd .. && rm -rf ruby-$RUBY_VER.tar.gz ruby-$RUBY_VER

 ENV PATH="${PATH}:/opt/ruby/bin:/opt/node/bin"

@@ -107,11 +109,14 @@ RUN apt -y --no-install-recommends install \
 	rm -rf /var/lib/apt/lists/*

 # Add tini
-ENV TINI_VERSION="0.18.0"
-ENV TINI_SUM="12d20136605531b09a2c2dac02ccee85e1b874eb322ef6baf7561cd93f93c855"
-ADD https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini /tini
-RUN echo "$TINI_SUM tini" | sha256sum -c -
-RUN chmod +x /tini
+ENV TINI_VERSION="0.19.0"
+RUN dpkgArch="$(dpkg --print-architecture)" && \
+	ARCH=$dpkgArch && \
+	wget https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$ARCH \
+	https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$ARCH.sha256sum && \
+	cat tini-$ARCH.sha256sum | sha256sum -c - && \
+	mv tini-$ARCH /tini && rm tini-$ARCH.sha256sum && \
+	chmod +x /tini

 # Copy over mastodon source, and dependencies from building, and set permissions
 COPY --chown=mastodon:mastodon . /opt/mastodon

--- a/Gemfile
+++ b/Gemfile
@@ -5,22 +5,19 @@ ruby '>= 2.5.0', '< 3.0.0'

 gem 'pkg-config', '~> 1.4'

-gem 'puma', '~> 4.3'
-gem 'rails', '~> 5.2.4.3'
+gem 'puma', '~> 5.1'
+gem 'rails', '~> 5.2.4.4'
 gem 'sprockets', '~> 3.7.2'
-gem 'thor', '~> 0.20'
+gem 'thor', '~> 1.0'
 gem 'rack', '~> 2.2.3'

-gem 'thwait', '~> 0.2.0'
-gem 'e2mmap', '~> 0.1.0'
-
 gem 'hamlit-rails', '~> 0.2'
 gem 'pg', '~> 1.2'
 gem 'makara', '~> 0.4'
 gem 'pghero', '~> 2.7'
 gem 'dotenv-rails', '~> 2.7'

-gem 'aws-sdk-s3', '~> 1.78', require: false
+gem 'aws-sdk-s3', '~> 1.87', require: false
 gem 'fog-core', '<= 2.1.0'
 gem 'fog-openstack', '~> 0.3', require: false
 gem 'paperclip', '~> 6.0'
@@ -30,12 +27,12 @@ gem 'blurhash', '~> 0.1'

 gem 'active_model_serializers', '~> 0.10'
 gem 'addressable', '~> 2.7'
-gem 'bootsnap', '~> 1.4', require: false
+gem 'bootsnap', '~> 1.5', require: false
 gem 'browser'
 gem 'charlock_holmes', '~> 0.7.7'
 gem 'iso-639'
 gem 'chewy', '~> 5.1'
-gem 'cld3', '~> 3.3.0'
+gem 'cld3', '~> 3.4.1'
 gem 'devise', '~> 4.7'
 gem 'devise-two-factor', '~> 3.1'

@@ -43,10 +40,11 @@ group :pam_authentication, optional: true do
  gem 'devise_pam_authenticatable2', '~> 9.2'
 end

-gem 'net-ldap', '~> 0.16'
-gem 'omniauth-cas', '~> 1.1'
+gem 'net-ldap', '~> 0.17'
+gem 'omniauth-cas', '~> 2.0'
 gem 'omniauth-saml', '~> 1.10'
 gem 'omniauth', '~> 1.9'
+gem 'omniauth-rails_csrf_protection', '~> 0.1'

 gem 'color_diff', '~> 0.1'
 gem 'discard', '~> 1.2'
@@ -54,7 +52,6 @@ gem 'doorkeeper', '~> 5.4'
 gem 'ed25519', '~> 1.2'
 gem 'fast_blank', '~> 1.0'
 gem 'fastimage'
-gem 'goldfinger', '~> 2.1'
 gem 'hiredis', '~> 0.6'
 gem 'redis-namespace', '~> 1.8'
 gem 'health_check', git: 'https://github.com/ianheggie/health_check', ref: '0b799ead604f900ed50685e9b2d469cd2befba5b'
@@ -67,12 +64,12 @@ gem 'kaminari', '~> 1.2'
 gem 'link_header', '~> 0.0'
 gem 'mime-types', '~> 3.3.1', require: 'mime/types/columnar'
 gem 'nilsimsa', git: 'https://github.com/witgo/nilsimsa', ref: 'fd184883048b922b176939f851338d0a4971a532'
-gem 'nokogiri', '~> 1.10'
+gem 'nokogiri', '~> 1.11'
 gem 'nsa', '~> 0.2'
 gem 'oj', '~> 3.10'
-gem 'ox', '~> 2.13'
+gem 'ox', '~> 2.14'
 gem 'parslet'
-gem 'parallel', '~> 1.19'
+gem 'parallel', '~> 1.20'
 gem 'posix-spawn'
 gem 'pundit', '~> 2.1'
 gem 'premailer-rails'
@@ -82,9 +79,10 @@ gem 'rails-i18n', '~> 5.1'
 gem 'rails-settings-cached', '~> 0.6'
 gem 'redis', '~> 4.2', require: ['redis', 'redis/connection/hiredis']
 gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
-gem 'rqrcode', '~> 1.1'
-gem 'ruby-progressbar', '~> 1.10'
+gem 'rqrcode', '~> 1.2'
+gem 'ruby-progressbar', '~> 1.11'
 gem 'sanitize', '~> 5.2'
+gem 'scenic', '~> 1.5'
 gem 'sidekiq', '~> 6.1'
 gem 'sidekiq-scheduler', '~> 3.0'
 gem 'sidekiq-unique-jobs', '~> 6.0'
@@ -94,7 +92,7 @@ gem 'simple_form', '~> 5.0'
 gem 'sprockets-rails', '~> 3.2', require: 'sprockets/railtie'
 gem 'stoplight', '~> 2.2.1'
 gem 'strong_migrations', '~> 0.7'
-gem 'tty-prompt', '~> 0.22', require: false
+gem 'tty-prompt', '~> 0.23', require: false
 gem 'twitter-text', '~> 1.14'
 gem 'tzinfo-data', '~> 1.2020'
 gem 'webpacker', '~> 5.2'
@@ -119,30 +117,30 @@ group :production, :test do
 end

 group :test do
-  gem 'capybara', '~> 3.33'
+  gem 'capybara', '~> 3.34'
  gem 'climate_control', '~> 0.2'
-  gem 'faker', '~> 2.13'
+  gem 'faker', '~> 2.15'
  gem 'microformats', '~> 4.2'
  gem 'rails-controller-testing', '~> 1.0'
  gem 'rspec-sidekiq', '~> 3.1'
-  gem 'simplecov', '~> 0.19', require: false
-  gem 'webmock', '~> 3.8'
-  gem 'parallel_tests', '~> 3.1'
+  gem 'simplecov', '~> 0.21', require: false
+  gem 'webmock', '~> 3.11'
+  gem 'parallel_tests', '~> 3.4'
  gem 'rspec_junit_formatter', '~> 0.4'
 end

 group :development do
-  gem 'active_record_query_trace', '~> 1.7'
+  gem 'active_record_query_trace', '~> 1.8'
  gem 'annotate', '~> 3.1'
-  gem 'better_errors', '~> 2.7'
-  gem 'binding_of_caller', '~> 0.7'
+  gem 'better_errors', '~> 2.9'
+  gem 'binding_of_caller', '~> 1.0'
  gem 'bullet', '~> 6.1'
  gem 'letter_opener', '~> 1.7'
  gem 'letter_opener_web', '~> 1.4'
  gem 'memory_profiler'
-  gem 'rubocop', '~> 0.86', require: false
-  gem 'rubocop-rails', '~> 2.6', require: false
-  gem 'brakeman', '~> 4.9', require: false
+  gem 'rubocop', '~> 1.7', require: false
+  gem 'rubocop-rails', '~> 2.9', require: false
+  gem 'brakeman', '~> 4.10', require: false
  gem 'bundler-audit', '~> 0.7', require: false

  gem 'capistrano', '~> 3.14'
@@ -160,3 +158,6 @@ end

 gem 'concurrent-ruby', require: false
 gem 'connection_pool', require: false
+
+gem 'xorcist', '~> 1.1'
+gem 'pluck_each', '~> 0.1.3'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -16,49 +16,49 @@ GIT
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (5.2.4.3)
-      actionpack (= 5.2.4.3)
+    actioncable (5.2.4.4)
+      actionpack (= 5.2.4.4)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
-    actionmailer (5.2.4.3)
-      actionpack (= 5.2.4.3)
-      actionview (= 5.2.4.3)
-      activejob (= 5.2.4.3)
+    actionmailer (5.2.4.4)
+      actionpack (= 5.2.4.4)
+      actionview (= 5.2.4.4)
+      activejob (= 5.2.4.4)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 2.0)
-    actionpack (5.2.4.3)
-      actionview (= 5.2.4.3)
-      activesupport (= 5.2.4.3)
+    actionpack (5.2.4.4)
+      actionview (= 5.2.4.4)
+      activesupport (= 5.2.4.4)
      rack (~> 2.0, >= 2.0.8)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.4.3)
-      activesupport (= 5.2.4.3)
+    actionview (5.2.4.4)
+      activesupport (= 5.2.4.4)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    active_model_serializers (0.10.10)
-      actionpack (>= 4.1, < 6.1)
-      activemodel (>= 4.1, < 6.1)
+    active_model_serializers (0.10.12)
+      actionpack (>= 4.1, < 6.2)
+      activemodel (>= 4.1, < 6.2)
      case_transform (>= 0.2)
      jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
-    active_record_query_trace (1.7)
-    activejob (5.2.4.3)
-      activesupport (= 5.2.4.3)
+    active_record_query_trace (1.8)
+    activejob (5.2.4.4)
+      activesupport (= 5.2.4.4)
      globalid (>= 0.3.6)
-    activemodel (5.2.4.3)
-      activesupport (= 5.2.4.3)
-    activerecord (5.2.4.3)
-      activemodel (= 5.2.4.3)
-      activesupport (= 5.2.4.3)
+    activemodel (5.2.4.4)
+      activesupport (= 5.2.4.4)
+    activerecord (5.2.4.4)
+      activemodel (= 5.2.4.4)
+      activesupport (= 5.2.4.4)
      arel (>= 9.0)
-    activestorage (5.2.4.3)
-      actionpack (= 5.2.4.3)
-      activerecord (= 5.2.4.3)
+    activestorage (5.2.4.4)
+      actionpack (= 5.2.4.4)
+      activerecord (= 5.2.4.4)
      marcel (~> 0.3.1)
-    activesupport (5.2.4.3)
+    activesupport (5.2.4.4)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 0.7, < 2)
      minitest (~> 5.1)
@@ -79,38 +79,37 @@ GEM
      cocaine (~> 0.5.3)
    awrence (1.1.1)
    aws-eventstream (1.1.0)
-    aws-partitions (1.358.0)
-    aws-sdk-core (3.104.4)
+    aws-partitions (1.413.0)
+    aws-sdk-core (3.110.0)
      aws-eventstream (~> 1, >= 1.0.2)
      aws-partitions (~> 1, >= 1.239.0)
      aws-sigv4 (~> 1.1)
      jmespath (~> 1.0)
-    aws-sdk-kms (1.36.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+    aws-sdk-kms (1.40.0)
+      aws-sdk-core (~> 3, >= 3.109.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.78.0)
-      aws-sdk-core (~> 3, >= 3.104.3)
+    aws-sdk-s3 (1.87.0)
+      aws-sdk-core (~> 3, >= 3.109.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.1)
    aws-sigv4 (1.2.2)
      aws-eventstream (~> 1, >= 1.0.2)
-    bcrypt (3.1.15)
-    better_errors (2.7.1)
+    bcrypt (3.1.16)
+    better_errors (2.9.1)
      coderay (>= 1.0.0)
      erubi (>= 1.0.0)
      rack (>= 0.9.0)
-    bigdecimal (2.0.0)
    bindata (2.4.8)
-    binding_of_caller (0.8.0)
+    binding_of_caller (1.0.0)
      debug_inspector (>= 0.0.1)
    blurhash (0.1.4)
      ffi (~> 1.10.0)
-    bootsnap (1.4.8)
+    bootsnap (1.5.1)
      msgpack (~> 1.0)
-    brakeman (4.9.0)
+    brakeman (4.10.1)
    browser (4.2.0)
    builder (3.2.4)
-    bullet (6.1.0)
+    bullet (6.1.2)
      activesupport (>= 3.0.0)
      uniform_notifier (~> 1.11)
    bundler-audit (0.7.0.1)
@@ -132,7 +131,7 @@ GEM
      sshkit (~> 1.3)
    capistrano-yarn (2.0.2)
      capistrano (~> 3.0)
-    capybara (3.33.0)
+    capybara (3.34.0)
      addressable
      mini_mime (>= 0.1.3)
      nokogiri (~> 1.8)
@@ -148,9 +147,9 @@ GEM
      activesupport (>= 4.0)
      elasticsearch (>= 2.0.0)
      elasticsearch-dsl
-    chunky_png (1.3.12)
-    cld3 (3.3.0)
-      ffi (>= 1.1.0, < 1.12.0)
+    chunky_png (1.3.15)
+    cld3 (3.4.1)
+      ffi (>= 1.1.0, < 1.15.0)
    climate_control (0.2.0)
    cocaine (0.5.8)
      climate_control (>= 0.0.3, < 1.0)
@@ -161,13 +160,13 @@ GEM
    cose (1.0.0)
      cbor (~> 0.5.9)
      openssl-signature_algorithm (~> 0.4.0)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
+    crack (0.4.5)
+      rexml
    crass (1.0.6)
    css_parser (1.7.1)
      addressable
-    debug_inspector (0.0.3)
-    devise (4.7.2)
+    debug_inspector (1.0.0)
+    devise (4.7.3)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 4.1.0)
@@ -185,7 +184,7 @@ GEM
    diff-lcs (1.4.4)
    discard (1.2.0)
      activerecord (>= 4.2, < 7)
-    docile (1.3.2)
+    docile (1.3.4)
    domain_name (0.5.20190701)
      unf (>= 0.0.5, < 1.0.0)
    doorkeeper (5.4.0)
@@ -206,17 +205,17 @@ GEM
      faraday (~> 1)
      multi_json
    encryptor (3.0.0)
-    erubi (1.9.0)
+    erubi (1.10.0)
    et-orbi (1.2.4)
      tzinfo
    excon (0.76.0)
    fabrication (2.21.1)
-    faker (2.13.0)
+    faker (2.15.1)
      i18n (>= 1.6, < 2)
    faraday (1.0.1)
      multipart-post (>= 1.2, < 3)
    fast_blank (1.0.0)
-    fastimage (2.2.0)
+    fastimage (2.2.1)
    ffi (1.10.0)
    ffi-compiler (1.0.1)
      ffi (>= 1.0.0)
@@ -234,20 +233,15 @@ GEM
      fog-json (>= 1.0)
      ipaddress (>= 0.8)
    formatador (0.2.5)
-    fugit (1.3.8)
+    fugit (1.3.9)
      et-orbi (~> 1.1, >= 1.1.8)
      raabro (~> 1.3)
-    fuubar (2.5.0)
+    fuubar (2.5.1)
      rspec-core (~> 3.0)
      ruby-progressbar (~> 1.4)
    globalid (0.4.2)
      activesupport (>= 4.2.0)
-    goldfinger (2.1.1)
-      addressable (~> 2.5)
-      http (~> 4.0)
-      nokogiri (~> 1.8)
-      oj (~> 3.0)
-    hamlit (2.11.0)
+    hamlit (2.13.0)
      temple (>= 0.8.2)
      thor
      tilt
@@ -280,7 +274,7 @@ GEM
      rainbow (>= 2.0.0)
    i18n (1.8.5)
      concurrent-ruby (~> 1.0)
-    i18n-tasks (0.9.31)
+    i18n-tasks (0.9.33)
      activesupport (>= 4.0.2)
      ast (>= 2.1.0)
      erubi
@@ -296,14 +290,14 @@ GEM
    jmespath (1.4.0)
    json (2.3.1)
    json-canonicalization (0.2.0)
-    json-ld (3.1.4)
+    json-ld (3.1.7)
      htmlentities (~> 4.3)
      json-canonicalization (~> 0.2)
      link_header (~> 0.0, >= 0.0.8)
      multi_json (~> 1.14)
      rack (~> 2.0)
      rdf (~> 3.1)
-    json-ld-preloaded (3.1.3)
+    json-ld-preloaded (3.1.4)
      json-ld (~> 3.1)
      rdf (~> 3.1)
    jsonapi-renderer (0.2.2)
@@ -334,7 +328,7 @@ GEM
      activesupport (>= 4)
      railties (>= 4)
      request_store (~> 1.0)
-    loofah (2.6.0)
+    loofah (2.8.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.1)
@@ -345,9 +339,9 @@ GEM
      mimemagic (~> 0.3.2)
    mario-redis-lock (1.2.1)
      redis (>= 3.0.5)
-    memory_profiler (0.9.14)
+    memory_profiler (1.0.0)
    method_source (1.0.0)
-    microformats (4.2.0)
+    microformats (4.2.1)
      json (~> 2.2)
      nokogiri (~> 1.10)
    mime-types (3.3.1)
@@ -355,18 +349,19 @@ GEM
    mime-types-data (3.2020.0512)
    mimemagic (0.3.5)
    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.1)
+    mini_portile2 (2.5.0)
+    minitest (5.14.2)
    msgpack (1.3.3)
    multi_json (1.15.0)
    multipart-post (2.1.1)
-    net-ldap (0.16.3)
+    net-ldap (0.17.0)
    net-scp (3.0.0)
      net-ssh (>= 2.6.5, < 7.0.0)
    net-ssh (6.1.0)
-    nio4r (2.5.2)
-    nokogiri (1.10.10)
-      mini_portile2 (~> 2.4.0)
+    nio4r (2.5.4)
+    nokogiri (1.11.0)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
    nokogumbo (2.0.2)
      nokogiri (~> 1.8, >= 1.8.4)
    nsa (0.2.7)
@@ -374,22 +369,24 @@ GEM
      concurrent-ruby (~> 1.0, >= 1.0.2)
      sidekiq (>= 3.5)
      statsd-ruby (~> 1.4, >= 1.4.0)
-    oj (3.10.12)
-      bigdecimal (>= 1.0, < 3)
+    oj (3.10.18)
    omniauth (1.9.1)
      hashie (>= 3.4.6)
      rack (>= 1.6.2, < 3)
-    omniauth-cas (1.1.1)
+    omniauth-cas (2.0.0)
      addressable (~> 2.3)
      nokogiri (~> 1.5)
      omniauth (~> 1.2)
-    omniauth-saml (1.10.2)
+    omniauth-rails_csrf_protection (0.1.2)
+      actionpack (>= 4.2)
+      omniauth (>= 1.3.1)
+    omniauth-saml (1.10.3)
      omniauth (~> 1.3, >= 1.3.2)
      ruby-saml (~> 1.9)
    openssl (2.2.0)
    openssl-signature_algorithm (0.4.0)
    orm_adapter (0.5.0)
-    ox (2.13.2)
+    ox (2.14.0)
    paperclip (6.0.0)
      activemodel (>= 4.2.0)
      activesupport (>= 4.2.0)
@@ -399,20 +396,23 @@ GEM
    paperclip-av-transcoder (0.6.4)
      av (~> 0.9.0)
      paperclip (>= 2.5.2)
-    parallel (1.19.2)
-    parallel_tests (3.1.0)
+    parallel (1.20.1)
+    parallel_tests (3.4.0)
      parallel
-    parser (2.7.1.4)
+    parser (3.0.0.0)
      ast (~> 2.4.1)
    parslet (2.0.0)
    pastel (0.8.0)
      tty-color (~> 0.5)
    pg (1.2.3)
-    pghero (2.7.0)
+    pghero (2.7.3)
      activerecord (>= 5)
-    pkg-config (1.4.2)
+    pkg-config (1.4.4)
+    pluck_each (0.1.3)
+      activerecord (> 3.2.0)
+      activesupport (> 3.0.0)
    posix-spawn (0.3.15)
-    premailer (1.13.1)
+    premailer (1.14.2)
      addressable
      css_parser (>= 1.6.0)
      htmlentities (>= 4.0.0)
@@ -428,12 +428,13 @@ GEM
      pry (~> 0.13.0)
    pry-rails (0.3.9)
      pry (>= 0.10.4)
-    public_suffix (4.0.5)
-    puma (4.3.5)
+    public_suffix (4.0.6)
+    puma (5.1.1)
      nio4r (~> 2.0)
    pundit (2.1.0)
      activesupport (>= 3.0.0)
-    raabro (1.3.1)
+    raabro (1.3.3)
+    racc (1.5.2)
    rack (2.2.3)
    rack-attack (6.3.1)
      rack (>= 1.0, < 3)
@@ -443,18 +444,18 @@ GEM
      rack
    rack-test (1.1.0)
      rack (>= 1.0, < 3)
-    rails (5.2.4.3)
-      actioncable (= 5.2.4.3)
-      actionmailer (= 5.2.4.3)
-      actionpack (= 5.2.4.3)
-      actionview (= 5.2.4.3)
-      activejob (= 5.2.4.3)
-      activemodel (= 5.2.4.3)
-      activerecord (= 5.2.4.3)
-      activestorage (= 5.2.4.3)
-      activesupport (= 5.2.4.3)
+    rails (5.2.4.4)
+      actioncable (= 5.2.4.4)
+      actionmailer (= 5.2.4.4)
+      actionpack (= 5.2.4.4)
+      actionview (= 5.2.4.4)
+      activejob (= 5.2.4.4)
+      activemodel (= 5.2.4.4)
+      activerecord (= 5.2.4.4)
+      activestorage (= 5.2.4.4)
+      activesupport (= 5.2.4.4)
      bundler (>= 1.3.0)
-      railties (= 5.2.4.3)
+      railties (= 5.2.4.4)
      sprockets-rails (>= 2.0.0)
    rails-controller-testing (1.0.5)
      actionpack (>= 5.0.1.rc1)
@@ -470,20 +471,20 @@ GEM
      railties (>= 5.0, < 6)
    rails-settings-cached (0.6.6)
      rails (>= 4.2.0)
-    railties (5.2.4.3)
-      actionpack (= 5.2.4.3)
-      activesupport (= 5.2.4.3)
+    railties (5.2.4.4)
+      actionpack (= 5.2.4.4)
+      activesupport (= 5.2.4.4)
      method_source
      rake (>= 0.8.7)
      thor (>= 0.19.0, < 2.0)
    rainbow (3.0.0)
-    rake (13.0.1)
-    rdf (3.1.5)
+    rake (13.0.3)
+    rdf (3.1.8)
      hamster (~> 3.0)
      link_header (~> 0.0, >= 0.0.8)
    rdf-normalize (0.4.0)
      rdf (~> 3.1)
-    redis (4.2.1)
+    redis (4.2.5)
    redis-actionpack (5.2.0)
      actionpack (>= 5, < 7)
      redis-rack (>= 2.1.0, < 3)
@@ -502,7 +503,7 @@ GEM
      redis-store (>= 1.2, < 2)
    redis-store (1.9.0)
      redis (>= 4, < 5)
-    regexp_parser (1.7.1)
+    regexp_parser (1.8.2)
    request_store (1.5.0)
      rack (>= 1.4)
    responders (3.0.1)
@@ -511,62 +512,64 @@ GEM
    rexml (3.2.4)
    rotp (2.1.2)
    rpam2 (4.0.2)
-    rqrcode (1.1.2)
+    rqrcode (1.2.0)
      chunky_png (~> 1.0)
-      rqrcode_core (~> 0.1)
-    rqrcode_core (0.1.2)
-    rspec-core (3.9.2)
-      rspec-support (~> 3.9.3)
-    rspec-expectations (3.9.2)
+      rqrcode_core (~> 0.2)
+    rqrcode_core (0.2.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.1)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.1)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-rails (4.0.1)
+      rspec-support (~> 3.10.0)
+    rspec-rails (4.0.2)
      actionpack (>= 4.2)
      activesupport (>= 4.2)
      railties (>= 4.2)
-      rspec-core (~> 3.9)
-      rspec-expectations (~> 3.9)
-      rspec-mocks (~> 3.9)
-      rspec-support (~> 3.9)
+      rspec-core (~> 3.10)
+      rspec-expectations (~> 3.10)
+      rspec-mocks (~> 3.10)
+      rspec-support (~> 3.10)
    rspec-sidekiq (3.1.0)
      rspec-core (~> 3.0, >= 3.0.0)
      sidekiq (>= 2.4.0)
-    rspec-support (3.9.3)
+    rspec-support (3.10.1)
    rspec_junit_formatter (0.4.1)
      rspec-core (>= 2, < 4, != 2.12.0)
-    rubocop (0.86.0)
+    rubocop (1.7.0)
      parallel (~> 1.10)
-      parser (>= 2.7.0.1)
+      parser (>= 2.7.1.5)
      rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.7)
+      regexp_parser (>= 1.8, < 3.0)
      rexml
-      rubocop-ast (>= 0.0.3, < 1.0)
+      rubocop-ast (>= 1.2.0, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (0.3.0)
-      parser (>= 2.7.1.4)
-    rubocop-rails (2.6.0)
+    rubocop-ast (1.3.0)
+      parser (>= 2.7.1.5)
+    rubocop-rails (2.9.1)
      activesupport (>= 4.2.0)
      rack (>= 1.1)
-      rubocop (>= 0.82.0)
-    ruby-progressbar (1.10.1)
+      rubocop (>= 0.90.0, < 2.0)
+    ruby-progressbar (1.11.0)
    ruby-saml (1.11.0)
      nokogiri (>= 1.5.10)
    rufus-scheduler (3.6.0)
      fugit (~> 1.1, >= 1.1.6)
-    safe_yaml (1.0.5)
    safety_net_attestation (0.4.0)
      jwt (~> 2.0)
    sanitize (5.2.1)
      crass (~> 1.0.2)
      nokogiri (>= 1.8.0)
      nokogumbo (~> 2.0)
+    scenic (1.5.4)
+      activerecord (>= 4.0.0)
+      railties (>= 4.0.0)
    securecompare (1.0.0)
    semantic_range (2.3.0)
-    sidekiq (6.1.1)
+    sidekiq (6.1.2)
      connection_pool (>= 2.2.2)
      rack (~> 2.0)
      redis (>= 4.2.0)
@@ -579,42 +582,44 @@ GEM
      sidekiq (>= 3)
      thwait
      tilt (>= 1.4.0)
-    sidekiq-unique-jobs (6.0.22)
+    sidekiq-unique-jobs (6.0.25)
      concurrent-ruby (~> 1.0, >= 1.0.5)
      sidekiq (>= 4.0, < 7.0)
-      thor (~> 0)
+      thor (>= 0.20, < 2.0)
    simple-navigation (4.1.0)
      activesupport (>= 2.3.2)
-    simple_form (5.0.2)
+    simple_form (5.0.3)
      actionpack (>= 5.0)
      activemodel (>= 5.0)
-    simplecov (0.19.0)
+    simplecov (0.21.0)
      docile (~> 1.1)
      simplecov-html (~> 0.11)
-    simplecov-html (0.12.2)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.2)
    sprockets (3.7.2)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
+    sprockets-rails (3.2.2)
      actionpack (>= 4.0)
      activesupport (>= 4.0)
      sprockets (>= 3.0.0)
    sshkit (1.21.0)
      net-scp (>= 1.1.2)
      net-ssh (>= 2.8.0)
-    stackprof (0.2.15)
+    stackprof (0.2.16)
    statsd-ruby (1.4.0)
    stoplight (2.2.1)
    streamio-ffmpeg (3.0.2)
      multi_json (~> 1.8)
-    strong_migrations (0.7.1)
+    strong_migrations (0.7.4)
      activerecord (>= 5)
    temple (0.8.2)
-    terminal-table (1.8.0)
+    terminal-table (2.0.0)
      unicode-display_width (~> 1.1, >= 1.1.1)
    terrapin (0.6.0)
      climate_control (>= 0.0.3, < 1.0)
-    thor (0.20.3)
+    thor (1.0.1)
    thread_safe (0.3.6)
    thwait (0.2.0)
      e2mmap
@@ -622,29 +627,29 @@ GEM
    tpm-key_attestation (0.9.0)
      bindata (~> 2.4)
      openssl-signature_algorithm (~> 0.4.0)
-    tty-color (0.5.2)
+    tty-color (0.6.0)
    tty-cursor (0.7.1)
-    tty-prompt (0.22.0)
+    tty-prompt (0.23.0)
      pastel (~> 0.8)
      tty-reader (~> 0.8)
-    tty-reader (0.8.0)
+    tty-reader (0.9.0)
      tty-cursor (~> 0.7)
      tty-screen (~> 0.8)
      wisper (~> 2.0)
    tty-screen (0.8.1)
    twitter-text (1.14.7)
      unf (~> 0.1.0)
-    tzinfo (1.2.7)
+    tzinfo (1.2.9)
      thread_safe (~> 0.1)
-    tzinfo-data (1.2020.1)
+    tzinfo-data (1.2020.6)
      tzinfo (>= 1.0.0)
    unf (0.1.4)
      unf_ext
    unf_ext (0.0.7.7)
    unicode-display_width (1.7.0)
    uniform_notifier (1.13.0)
-    warden (1.2.8)
-      rack (>= 2.0.6)
+    warden (1.2.9)
+      rack (>= 2.0.9)
    webauthn (3.0.0.alpha1)
      android_key_attestation (~> 0.3.0)
      awrence (~> 1.1)
@@ -655,7 +660,7 @@ GEM
      safety_net_attestation (~> 0.4.0)
      securecompare (~> 1.0)
      tpm-key_attestation (~> 0.9.0)
-    webmock (3.8.3)
+    webmock (3.11.0)
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
@@ -671,6 +676,7 @@ GEM
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    wisper (2.0.1)
+    xorcist (1.1.2)
    xpath (3.2.0)
      nokogiri (~> 1.8)

@@ -679,15 +685,15 @@ PLATFORMS

 DEPENDENCIES
  active_model_serializers (~> 0.10)
-  active_record_query_trace (~> 1.7)
+  active_record_query_trace (~> 1.8)
  addressable (~> 2.7)
  annotate (~> 3.1)
-  aws-sdk-s3 (~> 1.78)
-  better_errors (~> 2.7)
-  binding_of_caller (~> 0.7)
+  aws-sdk-s3 (~> 1.87)
+  better_errors (~> 2.9)
+  binding_of_caller (~> 1.0)
  blurhash (~> 0.1)
-  bootsnap (~> 1.4)
-  brakeman (~> 4.9)
+  bootsnap (~> 1.5)
+  brakeman (~> 4.10)
  browser
  bullet (~> 6.1)
  bundler-audit (~> 0.7)
@@ -695,10 +701,10 @@ DEPENDENCIES
  capistrano-rails (~> 1.6)
  capistrano-rbenv (~> 2.2)
  capistrano-yarn (~> 2.0)
-  capybara (~> 3.33)
+  capybara (~> 3.34)
  charlock_holmes (~> 0.7.7)
  chewy (~> 5.1)
-  cld3 (~> 3.3.0)
+  cld3 (~> 3.4.1)
  climate_control (~> 0.2)
  color_diff (~> 0.1)
  concurrent-ruby
@@ -709,16 +715,14 @@ DEPENDENCIES
  discard (~> 1.2)
  doorkeeper (~> 5.4)
  dotenv-rails (~> 2.7)
-  e2mmap (~> 0.1.0)
  ed25519 (~> 1.2)
  fabrication (~> 2.21)
-  faker (~> 2.13)
+  faker (~> 2.15)
  fast_blank (~> 1.0)
  fastimage
  fog-core (<= 2.1.0)
  fog-openstack (~> 0.3)
  fuubar (~> 2.5)
-  goldfinger (~> 2.1)
  hamlit-rails (~> 0.2)
  health_check!
  hiredis (~> 0.6)
@@ -741,34 +745,36 @@ DEPENDENCIES
  memory_profiler
  microformats (~> 4.2)
  mime-types (~> 3.3.1)
-  net-ldap (~> 0.16)
+  net-ldap (~> 0.17)
  nilsimsa!
-  nokogiri (~> 1.10)
+  nokogiri (~> 1.11)
  nsa (~> 0.2)
  oj (~> 3.10)
  omniauth (~> 1.9)
-  omniauth-cas (~> 1.1)
+  omniauth-cas (~> 2.0)
+  omniauth-rails_csrf_protection (~> 0.1)
  omniauth-saml (~> 1.10)
-  ox (~> 2.13)
+  ox (~> 2.14)
  paperclip (~> 6.0)
  paperclip-av-transcoder (~> 0.6)
-  parallel (~> 1.19)
-  parallel_tests (~> 3.1)
+  parallel (~> 1.20)
+  parallel_tests (~> 3.4)
  parslet
  pg (~> 1.2)
  pghero (~> 2.7)
  pkg-config (~> 1.4)
+  pluck_each (~> 0.1.3)
  posix-spawn
  premailer-rails
  private_address_check (~> 0.5)
  pry-byebug (~> 3.9)
  pry-rails (~> 0.3)
-  puma (~> 4.3)
+  puma (~> 5.1)
  pundit (~> 2.1)
  rack (~> 2.2.3)
  rack-attack (~> 6.3)
  rack-cors (~> 1.1)
-  rails (~> 5.2.4.3)
+  rails (~> 5.2.4.4)
  rails-controller-testing (~> 1.0)
  rails-i18n (~> 5.1)
  rails-settings-cached (~> 0.6)
@@ -776,33 +782,34 @@ DEPENDENCIES
  redis (~> 4.2)
  redis-namespace (~> 1.8)
  redis-rails (~> 5.0)
-  rqrcode (~> 1.1)
+  rqrcode (~> 1.2)
  rspec-rails (~> 4.0)
  rspec-sidekiq (~> 3.1)
  rspec_junit_formatter (~> 0.4)
-  rubocop (~> 0.86)
-  rubocop-rails (~> 2.6)
-  ruby-progressbar (~> 1.10)
+  rubocop (~> 1.7)
+  rubocop-rails (~> 2.9)
+  ruby-progressbar (~> 1.11)
  sanitize (~> 5.2)
+  scenic (~> 1.5)
  sidekiq (~> 6.1)
  sidekiq-bulk (~> 0.2.0)
  sidekiq-scheduler (~> 3.0)
  sidekiq-unique-jobs (~> 6.0)
  simple-navigation (~> 4.1)
  simple_form (~> 5.0)
-  simplecov (~> 0.19)
+  simplecov (~> 0.21)
  sprockets (~> 3.7.2)
  sprockets-rails (~> 3.2)
  stackprof
  stoplight (~> 2.2.1)
  streamio-ffmpeg (~> 3.0)
  strong_migrations (~> 0.7)
-  thor (~> 0.20)
-  thwait (~> 0.2.0)
-  tty-prompt (~> 0.22)
+  thor (~> 1.0)
+  tty-prompt (~> 0.23)
  twitter-text (~> 1.14)
  tzinfo-data (~> 1.2020)
  webauthn (~> 3.0.0.alpha1)
-  webmock (~> 3.8)
+  webmock (~> 3.11)
  webpacker (~> 5.2)
  webpush
+  xorcist (~> 1.1)
--- a/Procfile.dev
+++ b/Procfile.dev
-web: env PORT=3000 bundle exec puma -C config/puma.rb
-sidekiq: env PORT=3000 bundle exec sidekiq
+web: env PORT=3000 RAILS_ENV=development bundle exec puma -C config/puma.rb
+sidekiq: env PORT=3000 RAILS_ENV=development bundle exec sidekiq
 stream: env PORT=4000 yarn run start
 webpack: ./bin/webpack-dev-server --listen-host 0.0.0.0
--- a/app/controllers/about_controller.rb
+++ b/app/controllers/about_controller.rb
 # frozen_string_literal: true

 class AboutController < ApplicationController
+  include RegistrationSpamConcern
+
  layout 'public'

  before_action :require_open_federation!, only: [:show, :more]
  before_action :set_body_classes, only: :show
  before_action :set_instance_presenter
-  before_action :set_expires_in, only: [:show, :more, :terms]
+  before_action :set_expires_in, only: [:more, :terms]
+  before_action :set_registration_form_time, only: :show

  skip_before_action :require_functional!, only: [:more, :terms]


--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -7,6 +7,7 @@ class AccountsController < ApplicationController
  include AccountControllerConcern
  include SignatureAuthentication

+  before_action :require_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
  before_action :set_cache_headers
  before_action :set_body_classes

@@ -48,7 +49,7 @@ class AccountsController < ApplicationController

      format.json do
        expires_in 3.minutes, public: !(authorized_fetch_mode? && signed_request_account.present?)
-        render_with_cache json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter, fields: restrict_fields_to
+        render_with_cache json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter
      end
    end
  end
@@ -80,7 +81,7 @@ class AccountsController < ApplicationController
  end

  def account_media_status_ids
-    @account.media_attachments.attached.reorder(nil).select(:status_id).distinct
+    @account.media_attachments.attached.reorder(nil).select(:status_id).group(:status_id)
  end

  def no_replies_scope
@@ -101,6 +102,10 @@ class AccountsController < ApplicationController
    params[:username]
  end

+  def skip_temporary_suspension_response?
+    request.format == :json
+  end
+
  def rss_url
    if tag_requested?
      short_account_tag_url(@account, params[:tag], format: 'rss')
@@ -153,12 +158,4 @@ class AccountsController < ApplicationController
  def params_slice(*keys)
    params.slice(*keys).permit(*keys)
  end
-
-  def restrict_fields_to
-    if signed_request_account.present? || public_fetch_mode?
-      # Return all fields
-    else
-      %i(id type preferred_username inbox public_key endpoints)
-    end
-  end
 end
--- a/app/controllers/activitypub/base_controller.rb
+++ b/app/controllers/activitypub/base_controller.rb
@@ -8,4 +8,8 @@ class ActivityPub::BaseController < Api::BaseController
  def set_cache_headers
    response.headers['Vary'] = 'Signature' if authorized_fetch_mode?
  end
+
+  def skip_temporary_suspension_response?
+    false
+  end
 end
--- a/app/controllers/activitypub/collections_controller.rb
+++ b/app/controllers/activitypub/collections_controller.rb
@@ -12,7 +12,7 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController

  def show
    expires_in 3.minutes, public: public_fetch_mode?
-    render_with_cache json: collection_presenter, content_type: 'application/activity+json', serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, skip_activities: true
+    render_with_cache json: collection_presenter, content_type: 'application/activity+json', serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter
  end

  private
@@ -20,17 +20,9 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
  def set_items
    case params[:id]
    when 'featured'
-      @items = begin
-        # Because in public fetch mode we cache the response, there would be no
-        # benefit from performing the check below, since a blocked account or domain
-        # would likely be served the cache from the reverse proxy anyway
-
-        if authorized_fetch_mode? && !signed_request_account.nil? && (@account.blocking?(signed_request_account) || (!signed_request_account.domain.nil? && @account.domain_blocking?(signed_request_account.domain)))
-          []
-        else
-          cache_collection(@account.pinned_statuses, Status)
-        end
-      end
+      @items = for_signed_account { cache_collection(@account.pinned_statuses, Status) }
+    when 'tags'
+      @items = for_signed_account { @account.featured_tags }
    when 'devices'
      @items = @account.devices
    else
@@ -40,7 +32,7 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController

  def set_size
    case params[:id]
-    when 'featured', 'devices'
+    when 'featured', 'devices', 'tags'
      @size = @items.size
    else
      not_found
@@ -51,7 +43,7 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
    case params[:id]
    when 'featured'
      @type = :ordered
-    when 'devices'
+    when 'devices', 'tags'
      @type = :unordered
    else
      not_found
@@ -66,4 +58,16 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
      items: @items
    )
  end
+
+  def for_signed_account
+    # Because in public fetch mode we cache the response, there would be no
+    # benefit from performing the check below, since a blocked account or domain
+    # would likely be served the cache from the reverse proxy anyway
+
+    if authorized_fetch_mode? && !signed_request_account.nil? && (@account.blocking?(signed_request_account) || (!signed_request_account.domain.nil? && @account.domain_blocking?(signed_request_account.domain)))
+      []
+    else
+      yield
+    end
+  end
 end
--- a/app/controllers/activitypub/followers_synchronizations_controller.rb
+++ b/app/controllers/activitypub/followers_synchronizations_controller.rb
+# frozen_string_literal: true
+
+class ActivityPub::FollowersSynchronizationsController < ActivityPub::BaseController
+  include SignatureVerification
+  include AccountOwnedConcern
+
+  before_action :require_signature!
+  before_action :set_items
+  before_action :set_cache_headers
+
+  def show
+    expires_in 0, public: false
+    render json: collection_presenter,
+           serializer: ActivityPub::CollectionSerializer,
+           adapter: ActivityPub::Adapter,
+           content_type: 'application/activity+json'
+  end
+
+  private
+
+  def uri_prefix
+    signed_request_account.uri[/http(s?):\/\/[^\/]+\//]
+  end
+
+  def set_items
+    @items = @account.followers.where(Account.arel_table[:uri].matches(uri_prefix + '%', false, true)).pluck(:uri)
+  end
+
+  def collection_presenter
+    ActivityPub::CollectionPresenter.new(
+      id: account_followers_synchronization_url(@account),
+      type: :ordered,
+      items: @items
+    )
+  end
+end
--- a/app/controllers/activitypub/inboxes_controller.rb
+++ b/app/controllers/activitypub/inboxes_controller.rb
@@ -5,25 +5,26 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
  include JsonLdHelper
  include AccountOwnedConcern

-  before_action :skip_unknown_actor_delete
+  before_action :skip_unknown_actor_activity
  before_action :require_signature!
  skip_before_action :authenticate_user!

  def create
    upgrade_account
+    process_collection_synchronization
    process_payload
    head 202
  end

  private

-  def skip_unknown_actor_delete
-    head 202 if unknown_deleted_account?
+  def skip_unknown_actor_activity
+    head 202 if unknown_affected_account?
  end

-  def unknown_deleted_account?
+  def unknown_affected_account?
    json = Oj.load(body, mode: :strict)
-    json.is_a?(Hash) && json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
+    json.is_a?(Hash) && %w(Delete Update).include?(json['type']) && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
  rescue Oj::ParseError
    false
  end
@@ -32,6 +33,10 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
    params[:account_username].present?
  end

+  def skip_temporary_suspension_response?
+    true
+  end
+
  def body
    return @body if defined?(@body)

@@ -52,6 +57,19 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
    DeliveryFailureTracker.reset!(signed_request_account.inbox_url)
  end

+  def process_collection_synchronization
+    raw_params = request.headers['Collection-Synchronization']
+    return if raw_params.blank? || ENV['DISABLE_FOLLOWERS_SYNCHRONIZATION'] == 'true'
+
+    # Re-using the syntax for signature parameters
+    tree   = SignatureParamsParser.new.parse(raw_params)
+    params = SignatureParamsTransformer.new.apply(tree)
+
+    ActivityPub::PrepareFollowersSynchronizationService.new.call(signed_request_account, params)
+  rescue Parslet::ParseFailed
+    Rails.logger.warn 'Error parsing Collection-Synchronization header'
+  end
+
  def process_payload
    ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body, @account&.id)
  end

--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@@ -20,9 +20,9 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
  def outbox_presenter
    if page_requested?
      ActivityPub::CollectionPresenter.new(
-        id: account_outbox_url(@account, page_params),
+        id: outbox_url(page_params),
        type: :ordered,
-        part_of: account_outbox_url(@account),
+        part_of: outbox_url,
        prev: prev_page,
        next: next_page,
        items: @statuses
@@ -32,12 +32,20 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
        id: account_outbox_url(@account),
        type: :ordered,
        size: @account.statuses_count,
-        first: account_outbox_url(@account, page: true),
-        last: account_outbox_url(@account, page: true, min_id: 0)
+        first: outbox_url(page: true),
+        last: outbox_url(page: true, min_id: 0)
      )
    end
  end

+  def outbox_url(**kwargs)
+    if params[:account_username].present?
+      account_outbox_url(@account, **kwargs)
+    else
+      instance_actor_outbox_url(**kwargs)
+    end
+  end
+
  def next_page
    account_outbox_url(@account, page: true, max_id: @statuses.last.id) if @statuses.size == LIMIT
  end
@@ -49,9 +57,8 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
  def set_statuses
    return unless page_requested?

-    @statuses = @account.statuses.permitted_for(@account, signed_request_account)
    @statuses = cache_collection_paginated_by_id(
-      @statuses,
+      @account.statuses.permitted_for(@account, signed_request_account),
      Status,
      LIMIT,
      params_slice(:max_id, :min_id, :since_id)
@@ -65,4 +72,8 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
  def page_params
    { page: true, max_id: params[:max_id], min_id: params[:min_id] }.compact
  end
+
+  def set_account
+    @account = params[:account_username].present? ? Account.find_local!(username_param) : Account.representative
+  end
 end
--- a/app/controllers/activitypub/replies_controller.rb
+++ b/app/controllers/activitypub/replies_controller.rb
@@ -31,7 +31,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
  end

  def set_replies
-    @replies = only_other_accounts? ? Status.where.not(account_id: @account.id) : @account.statuses
+    @replies = only_other_accounts? ? Status.where.not(account_id: @account.id).joins(:account).merge(Account.without_suspended) : @account.statuses
    @replies = @replies.where(in_reply_to_id: @status.id, visibility: [:public, :unlisted])
    @replies = @replies.paginate_by_min_id(DESCENDANTS_LIMIT, params[:min_id])
  end