<% end %>
diff --git a/app/views/uploads/index.html.erb b/app/views/uploads/index.html.erb
index ecd09acac..84a094a85 100644
--- a/app/views/uploads/index.html.erb
+++ b/app/views/uploads/index.html.erb
@@ -32,7 +32,7 @@
<% if upload.post.present? %>
Size
- <%= link_to "#{upload.post.file_size.to_s(:human_size, precision: 4)} #{upload.post.file_ext}", upload.post.file_url %>
+ <%= link_to "#{upload.post.file_size.to_fs(:human_size, precision: 4)} #{upload.post.file_ext}", upload.post.file_url %>
<% if upload.post.has_dimensions? %>
(<%= upload.post.image_width %>x<%= upload.post.image_height %>)
<% end %>
diff --git a/bin/rails b/bin/rails
index 6fb4e4051..efc037749 100755
--- a/bin/rails
+++ b/bin/rails
@@ -1,4 +1,4 @@
#!/usr/bin/env ruby
-APP_PATH = File.expand_path('../config/application', __dir__)
+APP_PATH = File.expand_path("../config/application", __dir__)
require_relative "../config/boot"
require "rails/commands"
diff --git a/bin/setup b/bin/setup
index 1c0a06078..33ebd5533 100755
--- a/bin/setup
+++ b/bin/setup
@@ -9,8 +9,8 @@ def system!(*args)
end
FileUtils.chdir APP_ROOT do
- # This script is a way to setup or update your development environment automatically.
- # This script is idempotent, so that you can run it at anytime and get an expectable outcome.
+ # This script is a way to set up or update your development environment automatically.
+ # This script is idempotent, so that you can run it at any time and get an expectable outcome.
# Add necessary setup steps to this file.
puts "\n== Copying sample files =="
diff --git a/bin/sprockets b/bin/sprockets
deleted file mode 100755
index 510e03004..000000000
--- a/bin/sprockets
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-#
-# This file was generated by Bundler.
-#
-# The application 'sprockets' is installed as part of a gem, and
-# this file is here to facilitate running it.
-#
-
-require "pathname"
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
- Pathname.new(__FILE__).realpath)
-
-bundle_binstub = File.expand_path("../bundle", __FILE__)
-
-if File.file?(bundle_binstub)
- if File.read(bundle_binstub, 150) =~ /This file was generated by Bundler/
- load(bundle_binstub)
- else
- abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
-Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
- end
-end
-
-require "rubygems"
-require "bundler/setup"
-
-load Gem.bin_path("sprockets", "sprockets")
diff --git a/config/application.rb b/config/application.rb
index 4cf8ac9ea..6d59fb92b 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -1,17 +1,21 @@
-require_relative 'boot'
-require "rails"
-require "active_record/railtie"
-#require "active_storage/engine"
-require "action_controller/railtie"
-require "action_view/railtie"
-require "action_mailer/railtie"
-require "active_job/railtie"
-#require "action_cable/engine"
-#require "action_mailbox/engine"
-#require "action_text/engine"
-require "rails/test_unit/railtie"
-#require "sprockets/railtie"
+require_relative "boot"
+require "rails"
+# Pick the frameworks you want:
+require "active_model/railtie"
+require "active_job/railtie"
+require "active_record/railtie"
+# require "active_storage/engine"
+require "action_controller/railtie"
+require "action_mailer/railtie"
+# require "action_mailbox/engine"
+# require "action_text/engine"
+require "action_view/railtie"
+# require "action_cable/engine"
+require "rails/test_unit/railtie"
+
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
Bundler.require(*Rails.groups)
require_relative "danbooru_default_config"
@@ -22,16 +26,8 @@ require 'elasticsearch/rails/instrumentation'
module Danbooru
class Application < Rails::Application
# Initialize configuration defaults for originally generated Rails version.
- config.load_defaults '6.1'
+ config.load_defaults 6.1
config.active_record.schema_format = :sql
- config.encoding = "utf-8"
- config.filter_parameters += [:password, :password_hash, :api_key]
- #config.assets.enabled = true
- #config.assets.version = '1.0'
- config.autoload_paths += %W(#{config.root}/app/presenters #{config.root}/app/logical #{config.root}/app/mailers #{config.root}/app/indexes)
- config.plugins = [:all]
- config.time_zone = 'UTC'
- config.action_mailer.perform_deliveries = true
config.log_tags = [->(req) {"PID:#{Process.pid}"}]
config.action_controller.action_on_unpermitted_parameters = :raise
config.force_ssl = true
@@ -60,7 +56,15 @@ module Danbooru
host: Danbooru.config.hostname,
}
end
- end
- I18n.enforce_available_locales = false
+ config.i18n.enforce_available_locales = false
+
+ # Configuration for the application, engines, and railties goes here.
+ #
+ # These settings can be overridden in specific environments using the files
+ # in config/environments, which are processed later.
+ #
+ # config.time_zone = "Central Time (US & Canada)"
+ # config.eager_load_paths << Rails.root.join("extras")
+ end
end
diff --git a/config/boot.rb b/config/boot.rb
index 3cda23b4d..988a5ddc4 100644
--- a/config/boot.rb
+++ b/config/boot.rb
@@ -1,4 +1,4 @@
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
require "bundler/setup" # Set up gems listed in the Gemfile.
require "bootsnap/setup" # Speed up boot time by caching expensive operations.
diff --git a/config/danbooru_default_config.rb b/config/danbooru_default_config.rb
index 3f1c0b591..4dd1b7540 100644
--- a/config/danbooru_default_config.rb
+++ b/config/danbooru_default_config.rb
@@ -9,11 +9,7 @@ module Danbooru
# The name of this Danbooru.
def app_name
- if CurrentUser.safe_mode?
- "e926"
- else
- "e621"
- end
+ "e621"
end
def description
@@ -281,16 +277,8 @@ fart'
end
# Users cannot search for more than X regular tags at a time.
- def base_tag_query_limit
- 20
- end
-
def tag_query_limit
- if CurrentUser.user.present?
- CurrentUser.user.tag_query_limit
- else
- base_tag_query_limit
- end
+ 40
end
# Return true if the given tag shouldn't count against the user's tag search limit.
@@ -420,7 +408,7 @@ fart'
# base_url - where to serve files from (default: http://#{hostname}/data)
# hierarchical: false - store files in a single directory
# hierarchical: true - store files in a hierarchical directory structure, based on the MD5 hash
- StorageManager::Local.new(base_url: "#{CurrentUser.root_url}/", base_dir: "#{Rails.root}/public/data", hierarchical: true)
+ StorageManager::Local.new(base_dir: "#{Rails.root}/public/data", hierarchical: true)
# Select the storage method based on the post's id and type (preview, large, or original).
# StorageManager::Hybrid.new do |id, md5, file_ext, type|
diff --git a/config/environment.rb b/config/environment.rb
index f38575b7c..efd84d945 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -1,5 +1,5 @@
# Load the Rails application.
-require_relative 'application'
+require_relative "application"
Dotenv.load(Rails.root + ".env.local")
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 53d506df0..755bfb9eb 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -14,10 +14,13 @@ Rails.application.configure do
# Show full error reports.
config.consider_all_requests_local = true
+ # Enable server timing
+ config.server_timing = true
+
# Enable/disable caching. By default caching is disabled.
# Run rails dev:cache to toggle caching.
# Does not affect the cache_store
- if Rails.root.join('tmp', 'caching-dev.txt').exist?
+ if Rails.root.join("tmp/caching-dev.txt").exist?
config.action_controller.perform_caching = true
config.action_controller.enable_fragment_cache_logging = true
@@ -55,10 +58,6 @@ Rails.application.configure do
# Annotate rendered view with file names.
# config.action_view.annotate_rendered_view_with_filenames = true
- # Use an evented file watcher to asynchronously detect changes in source code,
- # routes, locales, etc. This feature depends on the listen gem.
- config.file_watcher = ActiveSupport::EventedFileUpdateChecker
-
# Uncomment if you wish to allow Action Cable access from any origin.
# config.action_cable.disable_request_forgery_protection = true
diff --git a/config/environments/production.rb b/config/environments/production.rb
index d6084af4f..dd9789d83 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -22,14 +22,14 @@ Rails.application.configure do
# Disable serving static files from the `/public` folder by default since
# Apache or NGINX already handles this.
- config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
+ config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present?
# Enable serving of images, stylesheets, and JavaScripts from an asset server.
- # config.asset_host = 'http://assets.example.com'
+ # config.asset_host = "http://assets.example.com"
# Specifies the header that your server uses for sending files.
- # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
- # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
+ # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache
+ # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
@@ -77,7 +77,7 @@ Rails.application.configure do
# Use a different logger for distributed setups.
# require "syslog/logger"
- # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')
+ # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name")
if ENV["RAILS_LOG_TO_STDOUT"].present?
logger = ActiveSupport::Logger.new(STDOUT)
@@ -87,25 +87,4 @@ Rails.application.configure do
# Do not dump schema after migrations.
config.active_record.dump_schema_after_migration = false
-
- # Inserts middleware to perform automatic connection switching.
- # The `database_selector` hash is used to pass options to the DatabaseSelector
- # middleware. The `delay` is used to determine how long to wait after a write
- # to send a subsequent read to the primary.
- #
- # The `database_resolver` class is used by the middleware to determine which
- # database is appropriate to use based on the time delay.
- #
- # The `database_resolver_context` class is used by the middleware to set
- # timestamps for the last write to the primary. The resolver uses the context
- # class timestamps to determine how long to wait before reading from the
- # replica.
- #
- # By default Rails will store a last write timestamp in the session. The
- # DatabaseSelector middleware is designed as such you can define your own
- # strategy for connection switching and pass that into the middleware through
- # these configuration options.
- # config.active_record.database_selector = { delay: 2.seconds }
- # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver
- # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session
end
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 090cd19c1..bc90e9edd 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -8,17 +8,18 @@ require "active_support/core_ext/integer/time"
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
+ # Turn false under Spring and add config.action_view.cache_template_loading = true.
config.cache_classes = true
- # Do not eager load code on boot. This avoids loading your whole application
- # just for the purpose of running a single test. If you are using a tool that
- # preloads Rails for running tests, you may have to set it to true.
- config.eager_load = false
+ # Eager loading loads your whole application. When running a single test locally,
+ # this probably isn't necessary. It's a good idea to do in a continuous integration
+ # system, or in some way before deploying your code.
+ config.eager_load = ENV["CI"].present?
# Configure public file server for tests with Cache-Control for performance.
config.public_file_server.enabled = true
config.public_file_server.headers = {
- 'Cache-Control' => "public, max-age=#{1.hour.to_i}"
+ "Cache-Control" => "public, max-age=#{1.hour.to_i}"
}
# Show full error reports and disable caching.
@@ -52,9 +53,4 @@ Rails.application.configure do
# Annotate rendered view with file names.
# config.action_view.annotate_rendered_view_with_filenames = true
-
-
- # config.logger = Logger.new(STDOUT)
- # config.log_level = :info
-
end
diff --git a/config/initializers/active_record_api_extensions.rb b/config/initializers/active_record_api_extensions.rb
index a67535e6d..dbc9d618e 100644
--- a/config/initializers/active_record_api_extensions.rb
+++ b/config/initializers/active_record_api_extensions.rb
@@ -1 +1,3 @@
-Elasticsearch::Model::Response::Response.__send__ :include, Danbooru::Paginator::ElasticsearchExtensions
+Rails.configuration.to_prepare do
+ Elasticsearch::Model::Response::Response.__send__ :include, Danbooru::Paginator::ElasticsearchExtensions
+end
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index f6e90fb12..3634ffad4 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -1,36 +1,31 @@
# Be sure to restart your server when you modify this file.
-# Define an application-wide content security policy
-# For further information see the following documentation
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+# Define an application-wide content security policy.
+# See the Securing Rails Applications Guide for more information:
+# https://guides.rubyonrails.org/security.html#content-security-policy-header
- Rails.application.config.content_security_policy do |policy|
- policy.default_src :self
- policy.script_src :self, 'ads.dragonfru.it', 'js-agent.newrelic.com', 'bam.nr-data.net', 'https://www.google.com/recaptcha/', 'https://www.gstatic.com/recaptcha/', 'https://www.recaptcha.net/'
- policy.style_src :self, :unsafe_inline
- policy.connect_src :self, 'ads.dragonfru.it', 'bam.nr-data.net', 'plausible.dragonfru.it'
- policy.object_src :self, 'static1.e621.net', 'static1.e926.net'
- policy.media_src :self, 'static1.e621.net', 'static1.e926.net'
- policy.frame_ancestors :none
- policy.frame_src 'https://www.google.com/recaptcha/', 'https://www.recaptcha.net/'
- policy.font_src :self
- policy.img_src :self, :data, 'static1.e621.net', 'static1.e926.net', 'ads.dragonfru.it'
- policy.child_src :none
- policy.form_action :self, 'discord.e621.net', 'discord.com'
-# # If you are using webpack-dev-server then specify webpack-dev-server host
-# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
+Rails.application.configure do
+ config.content_security_policy do |policy|
+ policy.default_src :self
+ policy.script_src :self, 'ads.dragonfru.it', 'js-agent.newrelic.com', 'bam.nr-data.net', 'https://www.google.com/recaptcha/', 'https://www.gstatic.com/recaptcha/', 'https://www.recaptcha.net/'
+ policy.style_src :self, :unsafe_inline
+ policy.connect_src :self, 'ads.dragonfru.it', 'bam.nr-data.net', 'plausible.dragonfru.it'
+ policy.object_src :self, 'static1.e621.net', 'static1.e926.net'
+ policy.media_src :self, 'static1.e621.net', 'static1.e926.net'
+ policy.frame_ancestors :none
+ policy.frame_src 'https://www.google.com/recaptcha/', 'https://www.recaptcha.net/'
+ policy.font_src :self
+ policy.img_src :self, :data, 'static1.e621.net', 'static1.e926.net', 'ads.dragonfru.it'
+ policy.child_src :none
+ policy.form_action :self, 'discord.e621.net', 'discord.com'
+ # Specify URI for violation reports
+ # policy.report_uri "/csp-violation-report-endpoint"
+ end
-# # Specify URI for violation reports
-# policy.report_uri "/csp-violation"
- end
+ # Generate session nonces for permitted importmap and inline scripts
+ config.content_security_policy_nonce_generator = ->(request) { SecureRandom.base64(16) }
+ config.content_security_policy_nonce_directives = %w(script-src)
-# If you are using UJS then enable automatic nonce generation
- Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
-
-# Set the nonce only to specific directives
- Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
-
-# Report CSP violations to a specified URI
-# For further information see the following documentation:
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
- Rails.application.config.content_security_policy_report_only = false
+ # Report violations without enforcing the policy.
+ config.content_security_policy_report_only = false
+end
diff --git a/config/initializers/cookies_serializer.rb b/config/initializers/cookies_serializer.rb
deleted file mode 100644
index 5a6a32d37..000000000
--- a/config/initializers/cookies_serializer.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Specify a serializer for the signed and encrypted cookie jars.
-# Valid options are :json, :marshal, and :hybrid.
-Rails.application.config.action_dispatch.cookies_serializer = :json
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
index 3b1c1b5ed..e5a82f162 100644
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@@ -7,9 +7,9 @@
# Rails.application.config.middleware.insert_before 0, Rack::Cors do
# allow do
-# origins 'example.com'
+# origins "example.com"
#
-# resource '*',
+# resource "*",
# headers: :any,
# methods: [:get, :post, :put, :patch, :delete, :options, :head]
# end
diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb
index fcffd9514..adc6568ce 100644
--- a/config/initializers/filter_parameter_logging.rb
+++ b/config/initializers/filter_parameter_logging.rb
@@ -1,6 +1,8 @@
# Be sure to restart your server when you modify this file.
-# Configure sensitive parameters which will be filtered from the log file.
+# Configure parameters to be filtered from the log file. Use this to limit dissemination of
+# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported
+# notations and behaviors.
Rails.application.config.filter_parameters += [
- :password, :passw, :api_key, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
+ :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
]
diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb
index ac033bf9d..3860f659e 100644
--- a/config/initializers/inflections.rb
+++ b/config/initializers/inflections.rb
@@ -4,13 +4,13 @@
# are locale specific, and you may define rules for as many different
# locales as you wish. All of these examples are active by default:
# ActiveSupport::Inflector.inflections(:en) do |inflect|
-# inflect.plural /^(ox)$/i, '\1en'
-# inflect.singular /^(ox)en/i, '\1'
-# inflect.irregular 'person', 'people'
+# inflect.plural /^(ox)$/i, "\\1en"
+# inflect.singular /^(ox)en/i, "\\1"
+# inflect.irregular "person", "people"
# inflect.uncountable %w( fish sheep )
# end
# These inflection rules are supported but not enabled by default:
# ActiveSupport::Inflector.inflections(:en) do |inflect|
-# inflect.acronym 'RESTful'
+# inflect.acronym "RESTful"
# end
diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb
new file mode 100644
index 000000000..277fde1da
--- /dev/null
+++ b/config/initializers/new_framework_defaults_7_0.rb
@@ -0,0 +1,135 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file eases your Rails 7.0 framework defaults upgrade.
+#
+# Uncomment each configuration one by one to switch to the new default.
+# Once your application is ready to run with all new defaults, you can remove
+# this file and set the `config.load_defaults` to `7.0`.
+#
+# Read the Guide for Upgrading Ruby on Rails for more info on each option.
+# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html
+
+# `button_to` view helper will render `