From 8a24bef2e3d5b119fa628273612d0807220e290f Mon Sep 17 00:00:00 2001
From: Jeremy Kescher <jeremy@kescher.at>
Date: Sun, 4 Dec 2022 22:12:02 +0100
Subject: [PATCH 01/18] Fix Redis warnings regarding version 5.0.0

---
 app/lib/delivery_failure_tracker.rb            |  2 +-
 app/lib/feed_manager.rb                        | 16 ++++++++--------
 app/lib/vacuum/statuses_vacuum.rb              |  2 +-
 .../follow_recommendation_suppression.rb       |  4 ++--
 app/models/trends/base.rb                      |  2 +-
 app/services/batched_remove_status_service.rb  | 18 +++++++++---------
 app/workers/scheduler/indexing_scheduler.rb    |  2 +-
 lib/chewy/strategy/mastodon.rb                 |  2 +-
 lib/mastodon/feeds_cli.rb                      |  4 ++--
 spec/lib/delivery_failure_tracker_spec.rb      |  2 +-
 spec/lib/vacuum/feeds_vacuum_spec.rb           |  2 +-
 11 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/app/lib/delivery_failure_tracker.rb b/app/lib/delivery_failure_tracker.rb
index 66c1fd8c00..e27f29129f 100644
--- a/app/lib/delivery_failure_tracker.rb
+++ b/app/lib/delivery_failure_tracker.rb
@@ -10,7 +10,7 @@ class DeliveryFailureTracker
   end
 
   def track_failure!
-    redis.sadd(exhausted_deliveries_key, today)
+    redis.sadd?(exhausted_deliveries_key, today)
     UnavailableDomain.create(domain: @host) if reached_failure_threshold?
   end
 
diff --git a/app/lib/feed_manager.rb b/app/lib/feed_manager.rb
index 9fe9ec346d..8dc4a8c96e 100644
--- a/app/lib/feed_manager.rb
+++ b/app/lib/feed_manager.rb
@@ -322,24 +322,24 @@ class FeedManager
   def clean_feeds!(type, ids)
     reblogged_id_sets = {}
 
-    redis.pipelined do
+    redis.pipelined do |pipeline|
       ids.each do |feed_id|
-        redis.del(key(type, feed_id))
+        pipeline.del(key(type, feed_id))
         reblog_key = key(type, feed_id, 'reblogs')
         # We collect a future for this: we don't block while getting
         # it, but we can iterate over it later.
-        reblogged_id_sets[feed_id] = redis.zrange(reblog_key, 0, -1)
-        redis.del(reblog_key)
+        reblogged_id_sets[feed_id] = pipeline.zrange(reblog_key, 0, -1)
+        pipeline.del(reblog_key)
       end
     end
 
     # Remove all of the reblog tracking keys we just removed the
     # references to.
-    redis.pipelined do
+    redis.pipelined do |pipeline|
       reblogged_id_sets.each do |feed_id, future|
         future.value.each do |reblogged_id|
           reblog_set_key = key(type, feed_id, "reblogs:#{reblogged_id}")
-          redis.del(reblog_set_key)
+          pipeline.del(reblog_set_key)
         end
       end
     end
@@ -519,7 +519,7 @@ class FeedManager
         # REBLOG_FALLOFF most recent statuses, so we note that this
         # is an "extra" reblog, by storing it in reblog_set_key.
         reblog_set_key = key(timeline_type, account_id, "reblogs:#{status.reblog_of_id}")
-        redis.sadd(reblog_set_key, status.id)
+        redis.sadd?(reblog_set_key, status.id)
         return false
       end
     else
@@ -556,7 +556,7 @@ class FeedManager
       # 2. Remove reblog from set of this status's reblogs.
       reblog_set_key = key(timeline_type, account_id, "reblogs:#{status.reblog_of_id}")
 
-      redis.srem(reblog_set_key, status.id)
+      redis.srem?(reblog_set_key, status.id)
       redis.zrem(reblog_key, status.reblog_of_id)
       # 3. Re-insert another reblog or original into the feed if one
       # remains in the set. We could pick a random element, but this
diff --git a/app/lib/vacuum/statuses_vacuum.rb b/app/lib/vacuum/statuses_vacuum.rb
index d1c4e71973..e6237374be 100644
--- a/app/lib/vacuum/statuses_vacuum.rb
+++ b/app/lib/vacuum/statuses_vacuum.rb
@@ -42,6 +42,6 @@ class Vacuum::StatusesVacuum
   end
 
   def remove_from_search_index(status_ids)
-    with_redis { |redis| redis.sadd('chewy:queue:StatusesIndex', status_ids) }
+    with_redis { |redis| redis.sadd?('chewy:queue:StatusesIndex', status_ids) }
   end
 end
diff --git a/app/models/follow_recommendation_suppression.rb b/app/models/follow_recommendation_suppression.rb
index 170506b853..3b503c9c70 100644
--- a/app/models/follow_recommendation_suppression.rb
+++ b/app/models/follow_recommendation_suppression.rb
@@ -19,9 +19,9 @@ class FollowRecommendationSuppression < ApplicationRecord
   private
 
   def remove_follow_recommendations
-    redis.pipelined do
+    redis.pipelined do |pipeline|
       I18n.available_locales.each do |locale|
-        redis.zrem("follow_recommendations:#{locale}", account_id)
+        pipeline.zrem("follow_recommendations:#{locale}", account_id)
       end
     end
   end
diff --git a/app/models/trends/base.rb b/app/models/trends/base.rb
index a189f11f23..3d4f01049f 100644
--- a/app/models/trends/base.rb
+++ b/app/models/trends/base.rb
@@ -60,7 +60,7 @@ class Trends::Base
   end
 
   def record_used_id(id, at_time = Time.now.utc)
-    redis.sadd(used_key(at_time), id)
+    redis.sadd?(used_key(at_time), id)
     redis.expire(used_key(at_time), 1.day.seconds)
   end
 
diff --git a/app/services/batched_remove_status_service.rb b/app/services/batched_remove_status_service.rb
index 2b649ee222..4f68fc6c44 100644
--- a/app/services/batched_remove_status_service.rb
+++ b/app/services/batched_remove_status_service.rb
@@ -48,9 +48,9 @@ class BatchedRemoveStatusService < BaseService
 
     # Cannot be batched
     @status_id_cutoff = Mastodon::Snowflake.id_at(2.weeks.ago)
-    redis.pipelined do
+    redis.pipelined do |pipeline|
       statuses.each do |status|
-        unpush_from_public_timelines(status)
+        unpush_from_public_timelines(pipeline, status)
       end
     end
   end
@@ -73,22 +73,22 @@ class BatchedRemoveStatusService < BaseService
     end
   end
 
-  def unpush_from_public_timelines(status)
+  def unpush_from_public_timelines(pipeline, status)
     return unless status.public_visibility? && status.id > @status_id_cutoff
 
     payload = Oj.dump(event: :delete, payload: status.id.to_s)
 
-    redis.publish('timeline:public', payload)
-    redis.publish(status.local? ? 'timeline:public:local' : 'timeline:public:remote', payload)
+    pipeline.publish('timeline:public', payload)
+    pipeline.publish(status.local? ? 'timeline:public:local' : 'timeline:public:remote', payload)
 
     if status.media_attachments.any?
-      redis.publish('timeline:public:media', payload)
-      redis.publish(status.local? ? 'timeline:public:local:media' : 'timeline:public:remote:media', payload)
+      pipeline.publish('timeline:public:media', payload)
+      pipeline.publish(status.local? ? 'timeline:public:local:media' : 'timeline:public:remote:media', payload)
     end
 
     status.tags.map { |tag| tag.name.mb_chars.downcase }.each do |hashtag|
-      redis.publish("timeline:hashtag:#{hashtag}", payload)
-      redis.publish("timeline:hashtag:#{hashtag}:local", payload) if status.local?
+      pipeline.publish("timeline:hashtag:#{hashtag}", payload)
+      pipeline.publish("timeline:hashtag:#{hashtag}:local", payload) if status.local?
     end
   end
 
diff --git a/app/workers/scheduler/indexing_scheduler.rb b/app/workers/scheduler/indexing_scheduler.rb
index c423966297..d0c5c8f861 100644
--- a/app/workers/scheduler/indexing_scheduler.rb
+++ b/app/workers/scheduler/indexing_scheduler.rb
@@ -16,7 +16,7 @@ class Scheduler::IndexingScheduler
         type.import!(ids)
 
         redis.pipelined do |pipeline|
-          ids.each { |id| pipeline.srem("chewy:queue:#{type.name}", id) }
+          ids.each { |id| pipeline.srem?("chewy:queue:#{type.name}", id) }
         end
       end
     end
diff --git a/lib/chewy/strategy/mastodon.rb b/lib/chewy/strategy/mastodon.rb
index ee8b921865..0be98f6a35 100644
--- a/lib/chewy/strategy/mastodon.rb
+++ b/lib/chewy/strategy/mastodon.rb
@@ -17,7 +17,7 @@ module Chewy
         RedisConfiguration.with do |redis|
           redis.pipelined do |pipeline|
             @stash.each do |type, ids|
-              pipeline.sadd("chewy:queue:#{type.name}", ids)
+              pipeline.sadd?("chewy:queue:#{type.name}", ids)
             end
           end
         end
diff --git a/lib/mastodon/feeds_cli.rb b/lib/mastodon/feeds_cli.rb
index 428d63a446..ebdb6fee47 100644
--- a/lib/mastodon/feeds_cli.rb
+++ b/lib/mastodon/feeds_cli.rb
@@ -54,8 +54,8 @@ module Mastodon
     def clear
       keys = redis.keys('feed:*')
 
-      redis.pipelined do
-        keys.each { |key| redis.del(key) }
+      redis.pipelined do |pipeline|
+        keys.each { |key| pipeline.del(key) }
       end
 
       say('OK', :green)
diff --git a/spec/lib/delivery_failure_tracker_spec.rb b/spec/lib/delivery_failure_tracker_spec.rb
index c8179ebd91..dee9e39bf2 100644
--- a/spec/lib/delivery_failure_tracker_spec.rb
+++ b/spec/lib/delivery_failure_tracker_spec.rb
@@ -22,7 +22,7 @@ describe DeliveryFailureTracker do
 
   describe '#track_failure!' do
     it 'marks URL as unavailable after 7 days of being called' do
-      6.times { |i| redis.sadd('exhausted_deliveries:example.com', i) }
+      6.times { |i| redis.sadd?('exhausted_deliveries:example.com', i) }
       subject.track_failure!
 
       expect(subject.days).to eq 7
diff --git a/spec/lib/vacuum/feeds_vacuum_spec.rb b/spec/lib/vacuum/feeds_vacuum_spec.rb
index 0aec26740f..438eaa6b45 100644
--- a/spec/lib/vacuum/feeds_vacuum_spec.rb
+++ b/spec/lib/vacuum/feeds_vacuum_spec.rb
@@ -11,7 +11,7 @@ RSpec.describe Vacuum::FeedsVacuum do
       redis.zadd(feed_key_for(inactive_user), 1, 1)
       redis.zadd(feed_key_for(active_user), 1, 1)
       redis.zadd(feed_key_for(inactive_user, 'reblogs'), 2, 2)
-      redis.sadd(feed_key_for(inactive_user, 'reblogs:2'), 3)
+      redis.sadd?(feed_key_for(inactive_user, 'reblogs:2'), 3)
 
       subject.perform
     end

From 66a70ebb6e64c97dd9e0b2ffaeaa33aad3a28beb Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Tue, 6 Dec 2022 23:38:03 +0100
Subject: [PATCH 02/18] Fix pre-4.0 admin action logs (#22091)

* Fix BackfillAdminActionLogs post-deployment migration

* Improve migration tests

* Backfill admin action logs again
---
 ...221101190723_backfill_admin_action_logs.rb |  29 ++--
 ...114142_backfill_admin_action_logs_again.rb | 153 ++++++++++++++++++
 db/schema.rb                                  |   2 +-
 lib/tasks/tests.rake                          |  14 +-
 4 files changed, 182 insertions(+), 16 deletions(-)
 create mode 100644 db/post_migrate/20221206114142_backfill_admin_action_logs_again.rb

diff --git a/db/post_migrate/20221101190723_backfill_admin_action_logs.rb b/db/post_migrate/20221101190723_backfill_admin_action_logs.rb
index 9a64d17150..48ef1e6e31 100644
--- a/db/post_migrate/20221101190723_backfill_admin_action_logs.rb
+++ b/db/post_migrate/20221101190723_backfill_admin_action_logs.rb
@@ -79,69 +79,72 @@ class BackfillAdminActionLogs < ActiveRecord::Migration[6.1]
     safety_assured do
       AdminActionLog.includes(:account).where(target_type: 'Account', human_identifier: nil).find_each do |log|
         next if log.account.nil?
-        log.update(human_identifier: log.account.acct)
+        log.update_attribute('human_identifier', log.account.acct)
       end
 
       AdminActionLog.includes(user: :account).where(target_type: 'User', human_identifier: nil).find_each do |log|
         next if log.user.nil?
-        log.update(human_identifier: log.user.account.acct, route_param: log.user.account_id)
+        log.update_attribute('human_identifier', log.user.account.acct)
+        log.update_attribute('route_param', log.user.account_id)
       end
 
       Admin::ActionLog.where(target_type: 'Report', human_identifier: nil).in_batches.update_all('human_identifier = target_id::text')
 
       AdminActionLog.includes(:domain_block).where(target_type: 'DomainBlock').find_each do |log|
         next if log.domain_block.nil?
-        log.update(human_identifier: log.domain_block.domain)
+        log.update_attribute('human_identifier', log.domain_block.domain)
       end
 
       AdminActionLog.includes(:domain_allow).where(target_type: 'DomainAllow').find_each do |log|
         next if log.domain_allow.nil?
-        log.update(human_identifier: log.domain_allow.domain)
+        log.update_attribute('human_identifier', log.domain_allow.domain)
       end
 
       AdminActionLog.includes(:email_domain_block).where(target_type: 'EmailDomainBlock').find_each do |log|
         next if log.email_domain_block.nil?
-        log.update(human_identifier: log.email_domain_block.domain)
+        log.update_attribute('human_identifier', log.email_domain_block.domain)
       end
 
       AdminActionLog.includes(:unavailable_domain).where(target_type: 'UnavailableDomain').find_each do |log|
         next if log.unavailable_domain.nil?
-        log.update(human_identifier: log.unavailable_domain.domain)
+        log.update_attribute('human_identifier', log.unavailable_domain.domain)
       end
 
       AdminActionLog.includes(status: :account).where(target_type: 'Status', human_identifier: nil).find_each do |log|
         next if log.status.nil?
-        log.update(human_identifier: log.status.account.acct, permalink: log.status.uri)
+        log.update_attribute('human_identifier', log.status.account.acct)
+        log.update_attribute('permalink', log.status.uri)
       end
 
       AdminActionLog.includes(account_warning: :account).where(target_type: 'AccountWarning', human_identifier: nil).find_each do |log|
         next if log.account_warning.nil?
-        log.update(human_identifier: log.account_warning.account.acct)
+        log.update_attribute('human_identifier', log.account_warning.account.acct)
       end
 
       AdminActionLog.includes(:announcement).where(target_type: 'Announcement', human_identifier: nil).find_each do |log|
         next if log.announcement.nil?
-        log.update(human_identifier: log.announcement.text)
+        log.update_attribute('human_identifier', log.announcement.text)
       end
 
       AdminActionLog.includes(:ip_block).where(target_type: 'IpBlock', human_identifier: nil).find_each do |log|
         next if log.ip_block.nil?
-        log.update(human_identifier: "#{log.ip_block.ip}/#{log.ip_block.ip.prefix}")
+        log.update_attribute('human_identifier', "#{log.ip_block.ip}/#{log.ip_block.ip.prefix}")
       end
 
       AdminActionLog.includes(:custom_emoji).where(target_type: 'CustomEmoji', human_identifier: nil).find_each do |log|
         next if log.custom_emoji.nil?
-        log.update(human_identifier: log.custom_emoji.shortcode)
+        log.update_attribute('human_identifier', log.custom_emoji.shortcode)
       end
 
       AdminActionLog.includes(:canonical_email_block).where(target_type: 'CanonicalEmailBlock', human_identifier: nil).find_each do |log|
         next if log.canonical_email_block.nil?
-        log.update(human_identifier: log.canonical_email_block.canonical_email_hash)
+        log.update_attribute('human_identifier', log.canonical_email_block.canonical_email_hash)
       end
 
       AdminActionLog.includes(appeal: :account).where(target_type: 'Appeal', human_identifier: nil).find_each do |log|
         next if log.appeal.nil?
-        log.update(human_identifier: log.appeal.account.acct, route_param: log.appeal.account_warning_id)
+        log.update_attribute('human_identifier', log.appeal.account.acct)
+        log.update_attribute('route_param', log.appeal.account_warning_id)
       end
     end
   end
diff --git a/db/post_migrate/20221206114142_backfill_admin_action_logs_again.rb b/db/post_migrate/20221206114142_backfill_admin_action_logs_again.rb
new file mode 100644
index 0000000000..279053ab94
--- /dev/null
+++ b/db/post_migrate/20221206114142_backfill_admin_action_logs_again.rb
@@ -0,0 +1,153 @@
+# frozen_string_literal: true
+
+class BackfillAdminActionLogsAgain < ActiveRecord::Migration[6.1]
+  disable_ddl_transaction!
+
+  class Account < ApplicationRecord
+    # Dummy class, to make migration possible across version changes
+    has_one :user, inverse_of: :account
+
+    def local?
+      domain.nil?
+    end
+
+    def acct
+      local? ? username : "#{username}@#{domain}"
+    end
+  end
+
+  class User < ApplicationRecord
+    # Dummy class, to make migration possible across version changes
+    belongs_to :account
+  end
+
+  class Status < ApplicationRecord
+    include RoutingHelper
+
+    # Dummy class, to make migration possible across version changes
+    belongs_to :account
+
+    def local?
+      attributes['local'] || attributes['uri'].nil?
+    end
+
+    def uri
+      local? ? activity_account_status_url(account, self) : attributes['uri']
+    end
+  end
+
+  class DomainBlock < ApplicationRecord; end
+  class DomainAllow < ApplicationRecord; end
+  class EmailDomainBlock < ApplicationRecord; end
+  class UnavailableDomain < ApplicationRecord; end
+
+  class AccountWarning < ApplicationRecord
+    # Dummy class, to make migration possible across version changes
+    belongs_to :account
+  end
+
+  class Announcement < ApplicationRecord; end
+  class IpBlock < ApplicationRecord; end
+  class CustomEmoji < ApplicationRecord; end
+  class CanonicalEmailBlock < ApplicationRecord; end
+
+  class Appeal < ApplicationRecord
+    # Dummy class, to make migration possible across version changes
+    belongs_to :account
+  end
+
+  class AdminActionLog < ApplicationRecord
+    # Dummy class, to make migration possible across version changes
+
+    # Cannot use usual polymorphic support because of namespacing issues
+    belongs_to :status, foreign_key: :target_id
+    belongs_to :account, foreign_key: :target_id
+    belongs_to :user, foreign_key: :user_id
+    belongs_to :domain_block, foreign_key: :target_id
+    belongs_to :domain_allow, foreign_key: :target_id
+    belongs_to :email_domain_block, foreign_key: :target_id
+    belongs_to :unavailable_domain, foreign_key: :target_id
+    belongs_to :account_warning, foreign_key: :target_id
+    belongs_to :announcement, foreign_key: :target_id
+    belongs_to :ip_block, foreign_key: :target_id
+    belongs_to :custom_emoji, foreign_key: :target_id
+    belongs_to :canonical_email_block, foreign_key: :target_id
+    belongs_to :appeal, foreign_key: :target_id
+  end
+
+  def up
+    safety_assured do
+      AdminActionLog.includes(:account).where(target_type: 'Account', human_identifier: nil).find_each do |log|
+        next if log.account.nil?
+        log.update_attribute('human_identifier', log.account.acct)
+      end
+
+      AdminActionLog.includes(user: :account).where(target_type: 'User', human_identifier: nil).find_each do |log|
+        next if log.user.nil?
+        log.update_attribute('human_identifier', log.user.account.acct)
+        log.update_attribute('route_param', log.user.account_id)
+      end
+
+      Admin::ActionLog.where(target_type: 'Report', human_identifier: nil).in_batches.update_all('human_identifier = target_id::text')
+
+      AdminActionLog.includes(:domain_block).where(target_type: 'DomainBlock').find_each do |log|
+        next if log.domain_block.nil?
+        log.update_attribute('human_identifier', log.domain_block.domain)
+      end
+
+      AdminActionLog.includes(:domain_allow).where(target_type: 'DomainAllow').find_each do |log|
+        next if log.domain_allow.nil?
+        log.update_attribute('human_identifier', log.domain_allow.domain)
+      end
+
+      AdminActionLog.includes(:email_domain_block).where(target_type: 'EmailDomainBlock').find_each do |log|
+        next if log.email_domain_block.nil?
+        log.update_attribute('human_identifier', log.email_domain_block.domain)
+      end
+
+      AdminActionLog.includes(:unavailable_domain).where(target_type: 'UnavailableDomain').find_each do |log|
+        next if log.unavailable_domain.nil?
+        log.update_attribute('human_identifier', log.unavailable_domain.domain)
+      end
+
+      AdminActionLog.includes(status: :account).where(target_type: 'Status', human_identifier: nil).find_each do |log|
+        next if log.status.nil?
+        log.update_attribute('human_identifier', log.status.account.acct)
+        log.update_attribute('permalink', log.status.uri)
+      end
+
+      AdminActionLog.includes(account_warning: :account).where(target_type: 'AccountWarning', human_identifier: nil).find_each do |log|
+        next if log.account_warning.nil?
+        log.update_attribute('human_identifier', log.account_warning.account.acct)
+      end
+
+      AdminActionLog.includes(:announcement).where(target_type: 'Announcement', human_identifier: nil).find_each do |log|
+        next if log.announcement.nil?
+        log.update_attribute('human_identifier', log.announcement.text)
+      end
+
+      AdminActionLog.includes(:ip_block).where(target_type: 'IpBlock', human_identifier: nil).find_each do |log|
+        next if log.ip_block.nil?
+        log.update_attribute('human_identifier', "#{log.ip_block.ip}/#{log.ip_block.ip.prefix}")
+      end
+
+      AdminActionLog.includes(:custom_emoji).where(target_type: 'CustomEmoji', human_identifier: nil).find_each do |log|
+        next if log.custom_emoji.nil?
+        log.update_attribute('human_identifier', log.custom_emoji.shortcode)
+      end
+
+      AdminActionLog.includes(:canonical_email_block).where(target_type: 'CanonicalEmailBlock', human_identifier: nil).find_each do |log|
+        next if log.canonical_email_block.nil?
+        log.update_attribute('human_identifier', log.canonical_email_block.canonical_email_hash)
+      end
+
+      AdminActionLog.includes(appeal: :account).where(target_type: 'Appeal', human_identifier: nil).find_each do |log|
+        next if log.appeal.nil?
+        log.update_attribute('human_identifier', log.appeal.account.acct)
+        log.update_attribute('route_param', log.appeal.account_warning_id)
+      end
+    end
+  end
+
+  def down; end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 09d07fcca6..704cef1228 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2022_11_04_133904) do
+ActiveRecord::Schema.define(version: 2022_12_06_114142) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
diff --git a/lib/tasks/tests.rake b/lib/tasks/tests.rake
index 96d2f71127..1dd25abb9b 100644
--- a/lib/tasks/tests.rake
+++ b/lib/tasks/tests.rake
@@ -43,6 +43,16 @@ namespace :tests do
         puts 'CustomFilterKeyword records not created as expected'
         exit(1)
       end
+
+      unless Admin::ActionLog.find_by(target_type: 'DomainBlock', target_id: 1).human_identifier == 'example.org'
+        puts 'Admin::ActionLog domain block records not updated as expected'
+        exit(1)
+      end
+
+      unless Admin::ActionLog.find_by(target_type: 'EmailDomainBlock', target_id: 1).human_identifier == 'example.org'
+        puts 'Admin::ActionLog email domain block records not updated as expected'
+        exit(1)
+      end
     end
 
     desc 'Populate the database with test data for 2.4.3'
@@ -84,8 +94,8 @@ namespace :tests do
         VALUES
           (1, 'destroy', 'Account', 1, now(), now()),
           (1, 'destroy', 'User', 1, now(), now()),
-          (1, 'destroy', 'DomainBlock', 1312, now(), now()),
-          (1, 'destroy', 'EmailDomainBlock', 1312, now(), now()),
+          (1, 'destroy', 'DomainBlock', 1, now(), now()),
+          (1, 'destroy', 'EmailDomainBlock', 1, now(), now()),
           (1, 'destroy', 'Status', 1, now(), now()),
           (1, 'destroy', 'CustomEmoji', 3, now(), now());
       SQL

From 33f06a4ae72176623c57ad3b203aac999ebb2b93 Mon Sep 17 00:00:00 2001
From: Jed Fox <git@jedfox.com>
Date: Tue, 6 Dec 2022 17:54:02 -0500
Subject: [PATCH 03/18] Fix the top border of verified account fields (#22006)

---
 app/javascript/styles/mastodon/components.scss | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss
index 45b1ac5010..79a9a4bd7d 100644
--- a/app/javascript/styles/mastodon/components.scss
+++ b/app/javascript/styles/mastodon/components.scss
@@ -7138,10 +7138,12 @@ noscript {
 
       .verified {
         border: 1px solid rgba($valid-value-color, 0.5);
+        margin-top: -1px;
 
         &:first-child {
           border-top-left-radius: 4px;
           border-top-right-radius: 4px;
+          margin-top: 0;
         }
 
         &:last-child {

From f80c3d40e81b0955e4d5d1df76a2eb9efe1e711a Mon Sep 17 00:00:00 2001
From: Mikhail Paulyshka <me@mixaill.net>
Date: Wed, 7 Dec 2022 02:00:56 +0300
Subject: [PATCH 04/18] enable be locale (#22022)

It already has 80+% completion, which is enough for everyday use.
Test instance runs on https://meowstodon.net/
---
 config/application.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/application.rb b/config/application.rb
index 6fa3654d8c..83124cfdac 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -71,6 +71,7 @@ module Mastodon
       :af,
       :ar,
       :ast,
+      :be,
       :bg,
       :bn,
       :br,

From 69137f4a90874442cc5fefdf86dad7c4a4884bdc Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 7 Dec 2022 00:10:53 +0100
Subject: [PATCH 05/18] Fix irreversible and whole_word parameters handling in
 /api/v1/filters (#21988)

Fixes #21965
---
 app/controllers/api/v1/filters_controller.rb  |  6 ++---
 app/models/custom_filter.rb                   |  2 +-
 .../api/v1/filters_controller_spec.rb         | 26 ++++++++++++++++---
 3 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/app/controllers/api/v1/filters_controller.rb b/app/controllers/api/v1/filters_controller.rb
index 149139b40a..772791b255 100644
--- a/app/controllers/api/v1/filters_controller.rb
+++ b/app/controllers/api/v1/filters_controller.rb
@@ -13,7 +13,7 @@ class Api::V1::FiltersController < Api::BaseController
 
   def create
     ApplicationRecord.transaction do
-      filter_category = current_account.custom_filters.create!(resource_params)
+      filter_category = current_account.custom_filters.create!(filter_params)
       @filter = filter_category.keywords.create!(keyword_params)
     end
 
@@ -52,11 +52,11 @@ class Api::V1::FiltersController < Api::BaseController
   end
 
   def resource_params
-    params.permit(:phrase, :expires_in, :irreversible, context: [])
+    params.permit(:phrase, :expires_in, :irreversible, :whole_word, context: [])
   end
 
   def filter_params
-    resource_params.slice(:expires_in, :irreversible, :context)
+    resource_params.slice(:phrase, :expires_in, :irreversible, :context)
   end
 
   def keyword_params
diff --git a/app/models/custom_filter.rb b/app/models/custom_filter.rb
index da2a914934..5a4a974be4 100644
--- a/app/models/custom_filter.rb
+++ b/app/models/custom_filter.rb
@@ -54,7 +54,7 @@ class CustomFilter < ApplicationRecord
   end
 
   def irreversible=(value)
-    self.action = value ? :hide : :warn
+    self.action = ActiveModel::Type::Boolean.new.cast(value) ? :hide : :warn
   end
 
   def irreversible?
diff --git a/spec/controllers/api/v1/filters_controller_spec.rb b/spec/controllers/api/v1/filters_controller_spec.rb
index af1951f0ba..8acb46a007 100644
--- a/spec/controllers/api/v1/filters_controller_spec.rb
+++ b/spec/controllers/api/v1/filters_controller_spec.rb
@@ -22,9 +22,11 @@ RSpec.describe Api::V1::FiltersController, type: :controller do
 
   describe 'POST #create' do
     let(:scopes) { 'write:filters' }
+    let(:irreversible) { true }
+    let(:whole_word)   { false }
 
     before do
-      post :create, params: { phrase: 'magic', context: %w(home), irreversible: true }
+      post :create, params: { phrase: 'magic', context: %w(home), irreversible: irreversible, whole_word: whole_word }
     end
 
     it 'returns http success' do
@@ -34,11 +36,29 @@ RSpec.describe Api::V1::FiltersController, type: :controller do
     it 'creates a filter' do
       filter = user.account.custom_filters.first
       expect(filter).to_not be_nil
-      expect(filter.keywords.pluck(:keyword)).to eq ['magic']
+      expect(filter.keywords.pluck(:keyword, :whole_word)).to eq [['magic', whole_word]]
       expect(filter.context).to eq %w(home)
-      expect(filter.irreversible?).to be true
+      expect(filter.irreversible?).to be irreversible
       expect(filter.expires_at).to be_nil
     end
+
+    context 'with different parameters' do
+      let(:irreversible) { false }
+      let(:whole_word)   { true }
+
+      it 'returns http success' do
+        expect(response).to have_http_status(200)
+      end
+
+      it 'creates a filter' do
+        filter = user.account.custom_filters.first
+        expect(filter).to_not be_nil
+        expect(filter.keywords.pluck(:keyword, :whole_word)).to eq [['magic', whole_word]]
+        expect(filter.context).to eq %w(home)
+        expect(filter.irreversible?).to be irreversible
+        expect(filter.expires_at).to be_nil
+      end
+    end
   end
 
   describe 'GET #show' do

From 98a9347dd735f1d7040175d243b8af8ac3a4ebca Mon Sep 17 00:00:00 2001
From: Jonathan Hawkes <jonathan@thoughtbuilt.com>
Date: Tue, 6 Dec 2022 19:13:14 -0400
Subject: [PATCH 06/18] Update Ubuntu, Node versions, dependencies (#22075)

---
 Vagrantfile | 71 +++++++++++++++++++++++++++++++++--------------------
 1 file changed, 44 insertions(+), 27 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index 3e73d9e470..880cc18495 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -3,16 +3,14 @@
 
 ENV["PORT"] ||= "3000"
 
-$provision = <<SCRIPT
-
-cd /vagrant # This is where the host folder/repo is mounted
+$provisionA = <<SCRIPT
 
 # Add the yarn repo + yarn repo keys
 curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
 sudo apt-add-repository 'deb https://dl.yarnpkg.com/debian/ stable main'
 
 # Add repo for NodeJS
-curl -sL https://deb.nodesource.com/setup_14.x | sudo bash -
+curl -sL https://deb.nodesource.com/setup_16.x | sudo bash -
 
 # Add firewall rule to redirect 80 to PORT and save
 sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port #{ENV["PORT"]}
@@ -33,32 +31,56 @@ sudo apt-get install \
   redis-tools \
   postgresql \
   postgresql-contrib \
-  yarn \
   libicu-dev \
   libidn11-dev \
-  libreadline-dev \
-  libpam0g-dev \
+  libreadline6-dev \
+  autoconf \
+  bison \
+  build-essential \
+  ffmpeg \
+  file \
+  gcc \
+  libffi-dev \
+  libgdbm-dev \
+  libjemalloc-dev \
+  libncurses5-dev \
+  libprotobuf-dev \
+  libssl-dev \
+  libyaml-dev \
+  pkg-config \
+  protobuf-compiler \
+  zlib1g-dev \
   -y
 
 # Install rvm
-read RUBY_VERSION < .ruby-version
+sudo apt-add-repository -y ppa:rael-gc/rvm
+sudo apt-get install rvm -y
 
-curl -sSL https://rvm.io/mpapis.asc | gpg --import
-curl -sSL https://rvm.io/pkuczynski.asc | gpg --import
+sudo usermod -a -G rvm $USER
+
+SCRIPT
 
-curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer | bash -s stable --ruby=$RUBY_VERSION
-source /home/vagrant/.rvm/scripts/rvm
+$provisionB = <<SCRIPT
+
+source "/etc/profile.d/rvm.sh"
 
 # Install Ruby
-rvm reinstall ruby-$RUBY_VERSION --disable-binary
+read RUBY_VERSION < /vagrant/.ruby-version
+rvm install ruby-$RUBY_VERSION --disable-binary
 
 # Configure database
 sudo -u postgres createuser -U postgres vagrant -s
 sudo -u postgres createdb -U postgres mastodon_development
 
-# Install gems and node modules
+cd /vagrant # This is where the host folder/repo is mounted
+
+# Install gems
 gem install bundler foreman
 bundle install
+
+# Install node modules
+sudo corepack enable
+yarn set version classic
 yarn install
 
 # Build Mastodon
@@ -72,18 +94,11 @@ echo 'export $(cat "/vagrant/.env.vagrant" | xargs)' >> ~/.bash_profile
 
 SCRIPT
 
-$start = <<SCRIPT
-
-echo 'To start server'
-echo '  $ vagrant ssh -c "cd /vagrant && foreman start"'
-
-SCRIPT
-
 VAGRANTFILE_API_VERSION = "2"
 
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 
-  config.vm.box = "ubuntu/bionic64"
+  config.vm.box = "ubuntu/focal64"
 
   config.vm.provider :virtualbox do |vb|
     vb.name = "mastodon"
@@ -100,7 +115,6 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
     # Use "virtio" network interfaces for better performance.
     vb.customize ["modifyvm", :id, "--nictype1", "virtio"]
     vb.customize ["modifyvm", :id, "--nictype2", "virtio"]
-
   end
 
   # This uses the vagrant-hostsupdater plugin, and lets you
@@ -118,7 +132,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   end
 
   if config.vm.networks.any? { |type, options| type == :private_network }
-    config.vm.synced_folder ".", "/vagrant", type: "nfs", mount_options: ['rw', 'vers=3', 'tcp', 'actimeo=1']
+    config.vm.synced_folder ".", "/vagrant", type: "nfs", mount_options: ['rw', 'actimeo=1']
   else
     config.vm.synced_folder ".", "/vagrant"
   end
@@ -129,9 +143,12 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   config.vm.network :forwarded_port, guest: 8080, host: 8080
 
   # Full provisioning script, only runs on first 'vagrant up' or with 'vagrant provision'
-  config.vm.provision :shell, inline: $provision, privileged: false
+  config.vm.provision :shell, inline: $provisionA, privileged: false, reset: true
+  config.vm.provision :shell, inline: $provisionB, privileged: false
 
-  # Start up script, runs on every 'vagrant up'
-  config.vm.provision :shell, inline: $start, run: 'always', privileged: false
+  config.vm.post_up_message = <<MESSAGE
+To start server
+  $ vagrant ssh -c "cd /vagrant && foreman start"
+MESSAGE
 
 end

From c8849d6ceecfdb9c18284fcc57a7e29019b4cd05 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 7 Dec 2022 00:15:24 +0100
Subject: [PATCH 07/18] Fix unbounded recursion in account discovery (#22025)

* Fix trying to fetch posts from other users when fetching featured posts

* Rate-limit discovery of new subdomains

* Put a limit on recursively discovering new accounts
---
 Gemfile                                       |  1 +
 Gemfile.lock                                  |  1 +
 app/lib/activitypub/activity/create.rb        |  2 +-
 app/lib/activitypub/activity/update.rb        |  4 +-
 app/models/concerns/domain_materializable.rb  | 15 ++-
 .../fetch_featured_collection_service.rb      |  4 +-
 .../fetch_remote_account_service.rb           |  2 +-
 .../activitypub/fetch_remote_actor_service.rb |  4 +-
 .../fetch_remote_status_service.rb            |  8 +-
 .../activitypub/process_account_service.rb    | 25 ++++-
 .../process_status_update_service.rb          |  5 +-
 .../process_account_service_spec.rb           | 94 +++++++++++++++++++
 12 files changed, 147 insertions(+), 18 deletions(-)

diff --git a/Gemfile b/Gemfile
index acb1ac53cd..a399f51023 100644
--- a/Gemfile
+++ b/Gemfile
@@ -66,6 +66,7 @@ gem 'oj', '~> 3.13'
 gem 'ox', '~> 2.14'
 gem 'parslet'
 gem 'posix-spawn'
+gem 'public_suffix', '~> 5.0'
 gem 'pundit', '~> 2.2'
 gem 'premailer-rails'
 gem 'rack-attack', '~> 6.6'
diff --git a/Gemfile.lock b/Gemfile.lock
index 390f8d9f04..f7d87d2a65 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -819,6 +819,7 @@ DEPENDENCIES
   private_address_check (~> 0.5)
   pry-byebug (~> 3.10)
   pry-rails (~> 0.3)
+  public_suffix (~> 5.0)
   puma (~> 5.6)
   pundit (~> 2.2)
   rack (~> 2.2.4)
diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index 73882e1348..b15e66ca29 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -222,7 +222,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     return if tag['href'].blank?
 
     account = account_from_uri(tag['href'])
-    account = ActivityPub::FetchRemoteAccountService.new.call(tag['href']) if account.nil?
+    account = ActivityPub::FetchRemoteAccountService.new.call(tag['href'], request_id: @options[:request_id]) if account.nil?
 
     return if account.nil?
 
diff --git a/app/lib/activitypub/activity/update.rb b/app/lib/activitypub/activity/update.rb
index 5b3238ece5..e7c3bc9bf8 100644
--- a/app/lib/activitypub/activity/update.rb
+++ b/app/lib/activitypub/activity/update.rb
@@ -18,7 +18,7 @@ class ActivityPub::Activity::Update < ActivityPub::Activity
   def update_account
     return reject_payload! if @account.uri != object_uri
 
-    ActivityPub::ProcessAccountService.new.call(@account.username, @account.domain, @object, signed_with_known_key: true)
+    ActivityPub::ProcessAccountService.new.call(@account.username, @account.domain, @object, signed_with_known_key: true, request_id: @options[:request_id])
   end
 
   def update_status
@@ -28,6 +28,6 @@ class ActivityPub::Activity::Update < ActivityPub::Activity
 
     return if @status.nil?
 
-    ActivityPub::ProcessStatusUpdateService.new.call(@status, @object)
+    ActivityPub::ProcessStatusUpdateService.new.call(@status, @object, request_id: @options[:request_id])
   end
 end
diff --git a/app/models/concerns/domain_materializable.rb b/app/models/concerns/domain_materializable.rb
index 88337f8c00..0eac6878ed 100644
--- a/app/models/concerns/domain_materializable.rb
+++ b/app/models/concerns/domain_materializable.rb
@@ -3,11 +3,24 @@
 module DomainMaterializable
   extend ActiveSupport::Concern
 
+  include Redisable
+
   included do
     after_create_commit :refresh_instances_view
   end
 
   def refresh_instances_view
-    Instance.refresh unless domain.nil? || Instance.where(domain: domain).exists?
+    return if domain.nil? || Instance.exists?(domain: domain)
+
+    Instance.refresh
+    count_unique_subdomains!
+  end
+
+  def count_unique_subdomains!
+    second_and_top_level_domain = PublicSuffix.domain(domain, ignore_private: true)
+    with_redis do |redis|
+      redis.pfadd("unique_subdomains_for:#{second_and_top_level_domain}", domain)
+      redis.expire("unique_subdomains_for:#{second_and_top_level_domain}", 1.minute.seconds)
+    end
   end
 end
diff --git a/app/services/activitypub/fetch_featured_collection_service.rb b/app/services/activitypub/fetch_featured_collection_service.rb
index 50a187ad98..a746ef4d63 100644
--- a/app/services/activitypub/fetch_featured_collection_service.rb
+++ b/app/services/activitypub/fetch_featured_collection_service.rb
@@ -46,9 +46,9 @@ class ActivityPub::FetchFeaturedCollectionService < BaseService
       next unless item.is_a?(String) || item['type'] == 'Note'
 
       uri = value_or_id(item)
-      next if ActivityPub::TagManager.instance.local_uri?(uri)
+      next if ActivityPub::TagManager.instance.local_uri?(uri) || invalid_origin?(uri)
 
-      status = ActivityPub::FetchRemoteStatusService.new.call(uri, on_behalf_of: local_follower)
+      status = ActivityPub::FetchRemoteStatusService.new.call(uri, on_behalf_of: local_follower, expected_actor_uri: @account.uri, request_id: @options[:request_id])
       next unless status&.account_id == @account.id
 
       status.id
diff --git a/app/services/activitypub/fetch_remote_account_service.rb b/app/services/activitypub/fetch_remote_account_service.rb
index ca7a8c6ca8..7aba8269ea 100644
--- a/app/services/activitypub/fetch_remote_account_service.rb
+++ b/app/services/activitypub/fetch_remote_account_service.rb
@@ -2,7 +2,7 @@
 
 class ActivityPub::FetchRemoteAccountService < ActivityPub::FetchRemoteActorService
   # Does a WebFinger roundtrip on each call, unless `only_key` is true
-  def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true)
+  def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true, request_id: nil)
     actor = super
     return actor if actor.nil? || actor.is_a?(Account)
 
diff --git a/app/services/activitypub/fetch_remote_actor_service.rb b/app/services/activitypub/fetch_remote_actor_service.rb
index db09c38d82..a25fa54c43 100644
--- a/app/services/activitypub/fetch_remote_actor_service.rb
+++ b/app/services/activitypub/fetch_remote_actor_service.rb
@@ -10,7 +10,7 @@ class ActivityPub::FetchRemoteActorService < BaseService
   SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze
 
   # Does a WebFinger roundtrip on each call, unless `only_key` is true
-  def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true)
+  def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true, request_id: nil)
     return if domain_not_allowed?(uri)
     return ActivityPub::TagManager.instance.uri_to_actor(uri) if ActivityPub::TagManager.instance.local_uri?(uri)
 
@@ -35,7 +35,7 @@ class ActivityPub::FetchRemoteActorService < BaseService
 
     check_webfinger! unless only_key
 
-    ActivityPub::ProcessAccountService.new.call(@username, @domain, @json, only_key: only_key, verified_webfinger: !only_key)
+    ActivityPub::ProcessAccountService.new.call(@username, @domain, @json, only_key: only_key, verified_webfinger: !only_key, request_id: request_id)
   rescue Error => e
     Rails.logger.debug "Fetching actor #{uri} failed: #{e.message}"
     raise unless suppress_errors
diff --git a/app/services/activitypub/fetch_remote_status_service.rb b/app/services/activitypub/fetch_remote_status_service.rb
index 8030982450..21b9242f82 100644
--- a/app/services/activitypub/fetch_remote_status_service.rb
+++ b/app/services/activitypub/fetch_remote_status_service.rb
@@ -4,7 +4,8 @@ class ActivityPub::FetchRemoteStatusService < BaseService
   include JsonLdHelper
 
   # Should be called when uri has already been checked for locality
-  def call(uri, id: true, prefetched_body: nil, on_behalf_of: nil)
+  def call(uri, id: true, prefetched_body: nil, on_behalf_of: nil, expected_actor_uri: nil, request_id: nil)
+    @request_id = request_id
     @json = begin
       if prefetched_body.nil?
         fetch_resource(uri, id, on_behalf_of)
@@ -30,6 +31,7 @@ class ActivityPub::FetchRemoteStatusService < BaseService
     end
 
     return if activity_json.nil? || object_uri.nil? || !trustworthy_attribution?(@json['id'], actor_uri)
+    return if expected_actor_uri.present? && actor_uri != expected_actor_uri
     return ActivityPub::TagManager.instance.uri_to_resource(object_uri, Status) if ActivityPub::TagManager.instance.local_uri?(object_uri)
 
     actor = account_from_uri(actor_uri)
@@ -40,7 +42,7 @@ class ActivityPub::FetchRemoteStatusService < BaseService
     # activity as an update rather than create
     activity_json['type'] = 'Update' if equals_or_includes_any?(activity_json['type'], %w(Create)) && Status.where(uri: object_uri, account_id: actor.id).exists?
 
-    ActivityPub::Activity.factory(activity_json, actor).perform
+    ActivityPub::Activity.factory(activity_json, actor, request_id: request_id).perform
   end
 
   private
@@ -52,7 +54,7 @@ class ActivityPub::FetchRemoteStatusService < BaseService
 
   def account_from_uri(uri)
     actor = ActivityPub::TagManager.instance.uri_to_resource(uri, Account)
-    actor = ActivityPub::FetchRemoteAccountService.new.call(uri, id: true) if actor.nil? || actor.possibly_stale?
+    actor = ActivityPub::FetchRemoteAccountService.new.call(uri, id: true, request_id: @request_id) if actor.nil? || actor.possibly_stale?
     actor
   end
 
diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb
index 99bcb38353..2da9096c73 100644
--- a/app/services/activitypub/process_account_service.rb
+++ b/app/services/activitypub/process_account_service.rb
@@ -6,6 +6,9 @@ class ActivityPub::ProcessAccountService < BaseService
   include Redisable
   include Lockable
 
+  SUBDOMAINS_RATELIMIT = 10
+  DISCOVERIES_PER_REQUEST = 400
+
   # Should be called with confirmed valid JSON
   # and WebFinger-resolved username and domain
   def call(username, domain, json, options = {})
@@ -15,9 +18,12 @@ class ActivityPub::ProcessAccountService < BaseService
     @json        = json
     @uri         = @json['id']
     @username    = username
-    @domain      = domain
+    @domain      = TagManager.instance.normalize_domain(domain)
     @collections = {}
 
+    # The key does not need to be unguessable, it just needs to be somewhat unique
+    @options[:request_id] ||= "#{Time.now.utc.to_i}-#{username}@#{domain}"
+
     with_lock("process_account:#{@uri}") do
       @account            = Account.remote.find_by(uri: @uri) if @options[:only_key]
       @account          ||= Account.find_remote(@username, @domain)
@@ -25,7 +31,18 @@ class ActivityPub::ProcessAccountService < BaseService
       @old_protocol       = @account&.protocol
       @suspension_changed = false
 
-      create_account if @account.nil?
+      if @account.nil?
+        with_redis do |redis|
+          return nil if redis.pfcount("unique_subdomains_for:#{PublicSuffix.domain(@domain, ignore_private: true)}") >= SUBDOMAINS_RATELIMIT
+
+          discoveries = redis.incr("discovery_per_request:#{@options[:request_id]}")
+          redis.expire("discovery_per_request:#{@options[:request_id]}", 5.minutes.seconds)
+          return nil if discoveries > DISCOVERIES_PER_REQUEST
+        end
+
+        create_account
+      end
+
       update_account
       process_tags
 
@@ -150,7 +167,7 @@ class ActivityPub::ProcessAccountService < BaseService
   end
 
   def check_featured_collection!
-    ActivityPub::SynchronizeFeaturedCollectionWorker.perform_async(@account.id, { 'hashtag' => @json['featuredTags'].blank? })
+    ActivityPub::SynchronizeFeaturedCollectionWorker.perform_async(@account.id, { 'hashtag' => @json['featuredTags'].blank?, 'request_id' => @options[:request_id] })
   end
 
   def check_featured_tags_collection!
@@ -254,7 +271,7 @@ class ActivityPub::ProcessAccountService < BaseService
 
   def moved_account
     account   = ActivityPub::TagManager.instance.uri_to_resource(@json['movedTo'], Account)
-    account ||= ActivityPub::FetchRemoteAccountService.new.call(@json['movedTo'], id: true, break_on_redirect: true)
+    account ||= ActivityPub::FetchRemoteAccountService.new.call(@json['movedTo'], id: true, break_on_redirect: true, request_id: @options[:request_id])
     account
   end
 
diff --git a/app/services/activitypub/process_status_update_service.rb b/app/services/activitypub/process_status_update_service.rb
index a0605b1a3b..fad19f87fd 100644
--- a/app/services/activitypub/process_status_update_service.rb
+++ b/app/services/activitypub/process_status_update_service.rb
@@ -5,7 +5,7 @@ class ActivityPub::ProcessStatusUpdateService < BaseService
   include Redisable
   include Lockable
 
-  def call(status, json)
+  def call(status, json, request_id: nil)
     raise ArgumentError, 'Status has unsaved changes' if status.changed?
 
     @json                      = json
@@ -15,6 +15,7 @@ class ActivityPub::ProcessStatusUpdateService < BaseService
     @account                   = status.account
     @media_attachments_changed = false
     @poll_changed              = false
+    @request_id                = request_id
 
     # Only native types can be updated at the moment
     return @status if !expected_type? || already_updated_more_recently?
@@ -191,7 +192,7 @@ class ActivityPub::ProcessStatusUpdateService < BaseService
       next if href.blank?
 
       account   = ActivityPub::TagManager.instance.uri_to_resource(href, Account)
-      account ||= ActivityPub::FetchRemoteAccountService.new.call(href)
+      account ||= ActivityPub::FetchRemoteAccountService.new.call(href, request_id: @request_id)
 
       next if account.nil?
 
diff --git a/spec/services/activitypub/process_account_service_spec.rb b/spec/services/activitypub/process_account_service_spec.rb
index 7728b9ba82..2b20d17b1b 100644
--- a/spec/services/activitypub/process_account_service_spec.rb
+++ b/spec/services/activitypub/process_account_service_spec.rb
@@ -109,4 +109,98 @@ RSpec.describe ActivityPub::ProcessAccountService, type: :service do
       end
     end
   end
+
+  context 'discovering many subdomains in a short timeframe' do
+    before do
+      stub_const 'ActivityPub::ProcessAccountService::SUBDOMAINS_RATELIMIT', 5
+    end
+
+    let(:subject) do
+      8.times do |i|
+        domain = "test#{i}.testdomain.com"
+        json = {
+          id: "https://#{domain}/users/1",
+          type: 'Actor',
+          inbox: "https://#{domain}/inbox",
+        }.with_indifferent_access
+        described_class.new.call('alice', domain, json)
+      end
+    end
+
+    it 'creates at least some accounts' do
+      expect { subject }.to change { Account.remote.count }.by_at_least(2)
+    end
+
+    it 'creates no more account than the limit allows' do
+      expect { subject }.to change { Account.remote.count }.by_at_most(5)
+    end
+  end
+
+  context 'accounts referencing other accounts' do
+    before do
+      stub_const 'ActivityPub::ProcessAccountService::DISCOVERIES_PER_REQUEST', 5
+    end
+
+    let(:payload) do
+      {
+        '@context': ['https://www.w3.org/ns/activitystreams'],
+        id: 'https://foo.test/users/1',
+        type: 'Person',
+        inbox: 'https://foo.test/inbox',
+        featured: 'https://foo.test/users/1/featured',
+        preferredUsername: 'user1',
+      }.with_indifferent_access
+    end
+
+    before do
+      8.times do |i|
+        actor_json = {
+          '@context': ['https://www.w3.org/ns/activitystreams'],
+          id: "https://foo.test/users/#{i}",
+          type: 'Person',
+          inbox: 'https://foo.test/inbox',
+          featured: "https://foo.test/users/#{i}/featured",
+          preferredUsername: "user#{i}",
+        }.with_indifferent_access
+        status_json = {
+          '@context': ['https://www.w3.org/ns/activitystreams'],
+          id: "https://foo.test/users/#{i}/status",
+          attributedTo: "https://foo.test/users/#{i}",
+          type: 'Note',
+          content: "@user#{i + 1} test",
+          tag: [
+            {
+              type: 'Mention',
+              href: "https://foo.test/users/#{i + 1}",
+              name: "@user#{i + 1 }",
+            }
+          ],
+          to: [ 'as:Public', "https://foo.test/users/#{i + 1}" ]
+        }.with_indifferent_access
+        featured_json = {
+          '@context': ['https://www.w3.org/ns/activitystreams'],
+          id: "https://foo.test/users/#{i}/featured",
+          type: 'OrderedCollection',
+          totelItems: 1,
+          orderedItems: [status_json],
+        }.with_indifferent_access
+        webfinger = {
+          subject: "acct:user#{i}@foo.test",
+          links: [{ rel: 'self', href: "https://foo.test/users/#{i}" }],
+        }.with_indifferent_access
+        stub_request(:get, "https://foo.test/users/#{i}").to_return(status: 200, body: actor_json.to_json, headers: { 'Content-Type': 'application/activity+json' })
+        stub_request(:get, "https://foo.test/users/#{i}/featured").to_return(status: 200, body: featured_json.to_json, headers: { 'Content-Type': 'application/activity+json' })
+        stub_request(:get, "https://foo.test/users/#{i}/status").to_return(status: 200, body: status_json.to_json, headers: { 'Content-Type': 'application/activity+json' })
+        stub_request(:get, "https://foo.test/.well-known/webfinger?resource=acct:user#{i}@foo.test").to_return(body: webfinger.to_json, headers: { 'Content-Type': 'application/jrd+json' })
+      end
+    end
+
+    it 'creates at least some accounts' do
+      expect { subject.call('user1', 'foo.test', payload) }.to change { Account.remote.count }.by_at_least(2)
+    end
+
+    it 'creates no more account than the limit allows' do
+      expect { subject.call('user1', 'foo.test', payload) }.to change { Account.remote.count }.by_at_most(5)
+    end
+  end
 end

From f6492a7c4d7cd08364ba507911f6b3c3df1c7e70 Mon Sep 17 00:00:00 2001
From: Francis Murillo <evacuee.overlap.vs3op@aleeas.com>
Date: Tue, 6 Dec 2022 23:25:18 +0000
Subject: [PATCH 08/18] Log admin approve and reject account (#22088)

* Log admin approve and reject account

* Add unit tests for approve and reject logging
---
 app/controllers/admin/accounts_controller.rb  |  2 +
 .../api/v1/admin/accounts_controller.rb       |  2 +
 .../admin/accounts_controller_spec.rb         | 81 +++++++++++++++++++
 .../api/v1/admin/accounts_controller_spec.rb  | 18 +++++
 4 files changed, 103 insertions(+)

diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb
index 40bf685c53..9beb8fde6b 100644
--- a/app/controllers/admin/accounts_controller.rb
+++ b/app/controllers/admin/accounts_controller.rb
@@ -55,12 +55,14 @@ module Admin
     def approve
       authorize @account.user, :approve?
       @account.user.approve!
+      log_action :approve, @account.user
       redirect_to admin_accounts_path(status: 'pending'), notice: I18n.t('admin.accounts.approved_msg', username: @account.acct)
     end
 
     def reject
       authorize @account.user, :reject?
       DeleteAccountService.new.call(@account, reserve_email: false, reserve_username: false)
+      log_action :reject, @account.user
       redirect_to admin_accounts_path(status: 'pending'), notice: I18n.t('admin.accounts.rejected_msg', username: @account.acct)
     end
 
diff --git a/app/controllers/api/v1/admin/accounts_controller.rb b/app/controllers/api/v1/admin/accounts_controller.rb
index ae7f7d0762..f483000728 100644
--- a/app/controllers/api/v1/admin/accounts_controller.rb
+++ b/app/controllers/api/v1/admin/accounts_controller.rb
@@ -54,12 +54,14 @@ class Api::V1::Admin::AccountsController < Api::BaseController
   def approve
     authorize @account.user, :approve?
     @account.user.approve!
+    log_action :approve, @account.user
     render json: @account, serializer: REST::Admin::AccountSerializer
   end
 
   def reject
     authorize @account.user, :reject?
     DeleteAccountService.new.call(@account, reserve_email: false, reserve_username: false)
+    log_action :reject, @account.user
     render_empty
   end
 
diff --git a/spec/controllers/admin/accounts_controller_spec.rb b/spec/controllers/admin/accounts_controller_spec.rb
index 1bd51a0c82..81d592dddd 100644
--- a/spec/controllers/admin/accounts_controller_spec.rb
+++ b/spec/controllers/admin/accounts_controller_spec.rb
@@ -147,6 +147,87 @@ RSpec.describe Admin::AccountsController, type: :controller do
     end
   end
 
+  describe 'POST #approve' do
+    subject { post :approve, params: { id: account.id } }
+
+    let(:current_user) { Fabricate(:user, role: role) }
+    let(:account) { user.account }
+    let(:user) { Fabricate(:user) }
+
+    before do
+      account.user.update(approved: false)
+    end
+
+    context 'when user is admin' do
+      let(:role) { UserRole.find_by(name: 'Admin') }
+
+      it 'succeeds in approving account' do
+        is_expected.to redirect_to admin_accounts_path(status: 'pending')
+        expect(user.reload).to be_approved
+      end
+
+      it 'logs action' do
+        is_expected.to have_http_status :found
+
+        log_item = Admin::ActionLog.last
+
+        expect(log_item).to_not be_nil
+        expect(log_item.action).to eq :approve
+        expect(log_item.account_id).to eq current_user.account_id
+        expect(log_item.target_id).to eq account.user.id
+      end
+    end
+
+    context 'when user is not admin' do
+      let(:role) { UserRole.everyone }
+
+      it 'fails to approve account' do
+        is_expected.to have_http_status :forbidden
+        expect(user.reload).not_to be_approved
+      end
+    end
+  end
+
+  describe 'POST #reject' do
+    subject { post :reject, params: { id: account.id } }
+
+    let(:current_user) { Fabricate(:user, role: role) }
+    let(:account) { user.account }
+    let(:user) { Fabricate(:user) }
+
+    before do
+      account.user.update(approved: false)
+    end
+
+    context 'when user is admin' do
+      let(:role) { UserRole.find_by(name: 'Admin') }
+
+      it 'succeeds in rejecting account' do
+        is_expected.to redirect_to admin_accounts_path(status: 'pending')
+      end
+
+      it 'logs action' do
+        is_expected.to have_http_status :found
+
+        log_item = Admin::ActionLog.last
+
+        expect(log_item).to_not be_nil
+        expect(log_item.action).to eq :reject
+        expect(log_item.account_id).to eq current_user.account_id
+        expect(log_item.target_id).to eq account.user.id
+      end
+    end
+
+    context 'when user is not admin' do
+      let(:role) { UserRole.everyone }
+
+      it 'fails to reject account' do
+        is_expected.to have_http_status :forbidden
+        expect(user.reload).not_to be_approved
+      end
+    end
+  end
+
   describe 'POST #redownload' do
     subject { post :redownload, params: { id: account.id } }
 
diff --git a/spec/controllers/api/v1/admin/accounts_controller_spec.rb b/spec/controllers/api/v1/admin/accounts_controller_spec.rb
index cd38030e0c..8d35b86cb2 100644
--- a/spec/controllers/api/v1/admin/accounts_controller_spec.rb
+++ b/spec/controllers/api/v1/admin/accounts_controller_spec.rb
@@ -100,6 +100,15 @@ RSpec.describe Api::V1::Admin::AccountsController, type: :controller do
     it 'approves user' do
       expect(account.reload.user_approved?).to be true
     end
+
+    it 'logs action' do
+      log_item = Admin::ActionLog.last
+
+      expect(log_item).to_not be_nil
+      expect(log_item.action).to eq :approve
+      expect(log_item.account_id).to eq user.account_id
+      expect(log_item.target_id).to eq account.user.id
+    end
   end
 
   describe 'POST #reject' do
@@ -118,6 +127,15 @@ RSpec.describe Api::V1::Admin::AccountsController, type: :controller do
     it 'removes user' do
       expect(User.where(id: account.user.id).count).to eq 0
     end
+
+    it 'logs action' do
+      log_item = Admin::ActionLog.last
+
+      expect(log_item).to_not be_nil
+      expect(log_item.action).to eq :reject
+      expect(log_item.account_id).to eq user.account_id
+      expect(log_item.target_id).to eq account.user.id
+    end
   end
 
   describe 'POST #enable' do

From 51098035ed2f42d949d6ec3f8ecdd5e68e73874d Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 7 Dec 2022 00:25:40 +0100
Subject: [PATCH 09/18] =?UTF-8?q?Fix=20=E2=80=9CSign=20up=E2=80=9D=20butto?=
 =?UTF-8?q?n=20with=20closed=20registrations=20not=20opening=20modal=20on?=
 =?UTF-8?q?=20mobile=20(#22060)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes #20840
---
 .../mastodon/features/ui/components/header.js | 31 +++++++++++++++++--
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/app/javascript/mastodon/features/ui/components/header.js b/app/javascript/mastodon/features/ui/components/header.js
index bbb0ca1c62..1384bebda0 100644
--- a/app/javascript/mastodon/features/ui/components/header.js
+++ b/app/javascript/mastodon/features/ui/components/header.js
@@ -6,6 +6,7 @@ import { registrationsOpen, me } from 'mastodon/initial_state';
 import Avatar from 'mastodon/components/avatar';
 import PropTypes from 'prop-types';
 import { connect } from 'react-redux';
+import { openModal } from 'mastodon/actions/modal';
 
 const Account = connect(state => ({
   account: state.getIn(['accounts', me]),
@@ -15,7 +16,14 @@ const Account = connect(state => ({
   </Link>
 ));
 
-export default @withRouter
+const mapDispatchToProps = (dispatch) => ({
+  openClosedRegistrationsModal() {
+    dispatch(openModal('CLOSED_REGISTRATIONS'));
+  },
+});
+
+export default @connect(null, mapDispatchToProps)
+@withRouter
 class Header extends React.PureComponent {
 
   static contextTypes = {
@@ -23,12 +31,13 @@ class Header extends React.PureComponent {
   };
 
   static propTypes = {
+    openClosedRegistrationsModal: PropTypes.func,
     location: PropTypes.object,
   };
 
   render () {
     const { signedIn } = this.context.identity;
-    const { location } = this.props;
+    const { location, openClosedRegistrationsModal } = this.props;
 
     let content;
 
@@ -40,10 +49,26 @@ class Header extends React.PureComponent {
         </>
       );
     } else {
+      let signupButton;
+
+      if (registrationsOpen) {
+        signupButton = (
+          <a href='/auth/sign_up' className='button button-tertiary'>
+            <FormattedMessage id='sign_in_banner.create_account' defaultMessage='Create account' />
+          </a>
+        );
+      } else {
+        signupButton = (
+          <button className='button button-tertiary' onClick={openClosedRegistrationsModal}>
+            <FormattedMessage id='sign_in_banner.create_account' defaultMessage='Create account' />
+          </button>
+        );
+      }
+
       content = (
         <>
           <a href='/auth/sign_in' className='button'><FormattedMessage id='sign_in_banner.sign_in' defaultMessage='Sign in' /></a>
-          <a href={registrationsOpen ? '/auth/sign_up' : 'https://joinmastodon.org/servers'} className='button button-tertiary'><FormattedMessage id='sign_in_banner.create_account' defaultMessage='Create account' /></a>
+          {signupButton}
         </>
       );
     }

From e538584fbed65ef020c889a21065893df9d23414 Mon Sep 17 00:00:00 2001
From: Yamagishi Kazutoshi <ykzts@desire.sh>
Date: Wed, 7 Dec 2022 08:30:59 +0900
Subject: [PATCH 10/18] See version file in GitHub Actions (#21927)

---
 .github/workflows/check-i18n.yml | 2 +-
 .github/workflows/linter.yml     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/check-i18n.yml b/.github/workflows/check-i18n.yml
index a9d8ea2eae..9a74630607 100644
--- a/.github/workflows/check-i18n.yml
+++ b/.github/workflows/check-i18n.yml
@@ -25,7 +25,7 @@ jobs:
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: '3.0'
+          ruby-version: .ruby-version
           bundler-cache: true
       - name: Check locale file normalization
         run: bundle exec i18n-tasks check-normalized
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 874afc459c..319152e93d 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -53,7 +53,7 @@ jobs:
       - name: Set-up Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: 16.x
+          node-version-file: .nvmrc
           cache: yarn
       - name: Install dependencies
         run: yarn install --frozen-lockfile

From 3d40282f1b7a281d29260c3f7567ccafc9719c2b Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 7 Dec 2022 00:39:36 +0100
Subject: [PATCH 11/18] Change postgres connection timeout (#21790)

---
 config/database.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/database.yml b/config/database.yml
index 127a78abfa..bfb53f21b4 100644
--- a/config/database.yml
+++ b/config/database.yml
@@ -2,6 +2,7 @@ default: &default
   adapter: postgresql
   pool: <%= ENV["DB_POOL"] || ENV['MAX_THREADS'] || 5 %>
   timeout: 5000
+  connect_timeout: 15
   encoding: unicode
   sslmode: <%= ENV['DB_SSLMODE'] || "prefer" %>
 

From 76454cc63803f3619c6c2352abac9646004e32c4 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 7 Dec 2022 00:40:18 +0100
Subject: [PATCH 12/18] Fix UI header overflow on mobile (#21783)

---
 app/javascript/styles/mastodon/components.scss | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss
index 79a9a4bd7d..318e4b3de3 100644
--- a/app/javascript/styles/mastodon/components.scss
+++ b/app/javascript/styles/mastodon/components.scss
@@ -2217,6 +2217,7 @@ $ui-header-height: 55px;
   z-index: 2;
   justify-content: space-between;
   align-items: center;
+  overflow: hidden;
 
   &__logo {
     display: inline-flex;
@@ -2233,10 +2234,15 @@ $ui-header-height: 55px;
     align-items: center;
     gap: 10px;
     padding: 0 10px;
+    overflow: hidden;
 
     .button {
       flex: 0 0 auto;
     }
+
+    .button-tertiary {
+      flex-shrink: 1;
+    }
   }
 }
 

From 21b208afcbb5b1a6f2f49eb6db478fc9a99ad272 Mon Sep 17 00:00:00 2001
From: Juan Xavier Gomez <jgomez@codecademy.com>
Date: Tue, 6 Dec 2022 18:40:37 -0500
Subject: [PATCH 13/18] Fix hidden overflow on interaction modal (#21763)

* Fix hidden overflow on interaction modal

* only update overflow y
---
 app/javascript/styles/mastodon/components.scss | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss
index 318e4b3de3..b56d43000d 100644
--- a/app/javascript/styles/mastodon/components.scss
+++ b/app/javascript/styles/mastodon/components.scss
@@ -7981,7 +7981,8 @@ noscript {
   width: 600px;
   background: $ui-base-color;
   border-radius: 8px;
-  overflow: hidden;
+  overflow-x: hidden;
+  overflow-y: auto;
   position: relative;
   display: block;
   padding: 20px;

From b59fb28e90bc21d6fd1a6bafd13cfbd81ab5be54 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 7 Dec 2022 02:35:39 +0100
Subject: [PATCH 14/18] Fix 500 error when trying to migrate to an invalid
 address (#21462)

* Fix 500 error when trying to migrate to an invalid address

* Add tests
---
 app/models/account_migration.rb       |  2 +-
 app/models/form/redirect.rb           |  2 +-
 spec/models/account_migration_spec.rb | 43 +++++++++++++++++++++++++++
 3 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/app/models/account_migration.rb b/app/models/account_migration.rb
index 16276158d7..fa8cb6013c 100644
--- a/app/models/account_migration.rb
+++ b/app/models/account_migration.rb
@@ -59,7 +59,7 @@ class AccountMigration < ApplicationRecord
 
   def set_target_account
     self.target_account = ResolveAccountService.new.call(acct, skip_cache: true)
-  rescue Webfinger::Error, HTTP::Error, OpenSSL::SSL::SSLError, Mastodon::Error
+  rescue Webfinger::Error, HTTP::Error, OpenSSL::SSL::SSLError, Mastodon::Error, Addressable::URI::InvalidURIError
     # Validation will take care of it
   end
 
diff --git a/app/models/form/redirect.rb b/app/models/form/redirect.rb
index 795fdd057b..3cd5731e6d 100644
--- a/app/models/form/redirect.rb
+++ b/app/models/form/redirect.rb
@@ -32,7 +32,7 @@ class Form::Redirect
 
   def set_target_account
     @target_account = ResolveAccountService.new.call(acct, skip_cache: true)
-  rescue Webfinger::Error, HTTP::Error, OpenSSL::SSL::SSLError, Mastodon::Error
+  rescue Webfinger::Error, HTTP::Error, OpenSSL::SSL::SSLError, Mastodon::Error, Addressable::URI::InvalidURIError
     # Validation will take care of it
   end
 
diff --git a/spec/models/account_migration_spec.rb b/spec/models/account_migration_spec.rb
index 8461b4b28e..5f66fe8da3 100644
--- a/spec/models/account_migration_spec.rb
+++ b/spec/models/account_migration_spec.rb
@@ -1,5 +1,48 @@
 require 'rails_helper'
 
 RSpec.describe AccountMigration, type: :model do
+  describe 'validations' do
+    let(:source_account) { Fabricate(:account) }
+    let(:target_acct)    { target_account.acct }
 
+    let(:subject) { AccountMigration.new(account: source_account, acct: target_acct) }
+
+    context 'with valid properties' do
+      let(:target_account) { Fabricate(:account, username: 'target', domain: 'remote.org') }
+
+      before do
+        target_account.aliases.create!(acct: source_account.acct)
+
+        service_double = double
+        allow(ResolveAccountService).to receive(:new).and_return(service_double)
+        allow(service_double).to receive(:call).with(target_acct, anything).and_return(target_account)
+      end
+
+      it 'passes validations' do
+        expect(subject).to be_valid
+      end
+    end
+
+    context 'with unresolveable account' do
+      let(:target_acct) { 'target@remote' }
+
+      before do
+        service_double = double
+        allow(ResolveAccountService).to receive(:new).and_return(service_double)
+        allow(service_double).to receive(:call).with(target_acct, anything).and_return(nil)
+      end
+
+      it 'has errors on acct field' do
+        expect(subject).to model_have_error_on_field(:acct)
+      end
+    end
+
+    context 'with a space in the domain part' do
+      let(:target_acct) { 'target@remote. org' }
+
+      it 'has errors on acct field' do
+        expect(subject).to model_have_error_on_field(:acct)
+      end
+    end
+  end
 end

From 0e70215c404565e30c78e7d61f6ba0a86159a5eb Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 7 Dec 2022 00:25:40 +0100
Subject: [PATCH 15/18] =?UTF-8?q?[Glitch]=20Fix=20=E2=80=9CSign=20up?=
 =?UTF-8?q?=E2=80=9D=20button=20with=20closed=20registrations=20not=20open?=
 =?UTF-8?q?ing=20modal=20on=20mobile?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Port 51098035ed2f42d949d6ec3f8ecdd5e68e73874d to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
---
 .../glitch/features/ui/components/header.js   | 31 +++++++++++++++++--
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/app/javascript/flavours/glitch/features/ui/components/header.js b/app/javascript/flavours/glitch/features/ui/components/header.js
index 891f7fc078..d9ad949611 100644
--- a/app/javascript/flavours/glitch/features/ui/components/header.js
+++ b/app/javascript/flavours/glitch/features/ui/components/header.js
@@ -7,6 +7,7 @@ import Avatar from 'flavours/glitch/components/avatar';
 import Permalink from 'flavours/glitch/components/permalink';
 import PropTypes from 'prop-types';
 import { connect } from 'react-redux';
+import { openModal } from 'flavours/glitch/actions/modal';
 
 const Account = connect(state => ({
   account: state.getIn(['accounts', me]),
@@ -16,7 +17,14 @@ const Account = connect(state => ({
   </Permalink>
 ));
 
-export default @withRouter
+const mapDispatchToProps = (dispatch) => ({
+  openClosedRegistrationsModal() {
+    dispatch(openModal('CLOSED_REGISTRATIONS'));
+  },
+});
+
+export default @connect(null, mapDispatchToProps)
+@withRouter
 class Header extends React.PureComponent {
 
   static contextTypes = {
@@ -24,12 +32,13 @@ class Header extends React.PureComponent {
   };
 
   static propTypes = {
+    openClosedRegistrationsModal: PropTypes.func,
     location: PropTypes.object,
   };
 
   render () {
     const { signedIn } = this.context.identity;
-    const { location } = this.props;
+    const { location, openClosedRegistrationsModal } = this.props;
 
     let content;
 
@@ -41,10 +50,26 @@ class Header extends React.PureComponent {
         </>
       );
     } else {
+      let signupButton;
+
+      if (registrationsOpen) {
+        signupButton = (
+          <a href='/auth/sign_up' className='button button-tertiary'>
+            <FormattedMessage id='sign_in_banner.create_account' defaultMessage='Create account' />
+          </a>
+        );
+      } else {
+        signupButton = (
+          <button className='button button-tertiary' onClick={openClosedRegistrationsModal}>
+            <FormattedMessage id='sign_in_banner.create_account' defaultMessage='Create account' />
+          </button>
+        );
+      }
+
       content = (
         <>
           <a href='/auth/sign_in' className='button'><FormattedMessage id='sign_in_banner.sign_in' defaultMessage='Sign in' /></a>
-          <a href={registrationsOpen ? '/auth/sign_up' : 'https://joinmastodon.org/servers'} className='button button-tertiary'><FormattedMessage id='sign_in_banner.create_account' defaultMessage='Create account' /></a>
+          {signupButton}
         </>
       );
     }

From 4642f7d83079063754231982a3f5d42fe048654f Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 7 Dec 2022 00:40:18 +0100
Subject: [PATCH 16/18] [Glitch] Fix UI header overflow on mobile

Port 76454cc63803f3619c6c2352abac9646004e32c4 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
---
 .../flavours/glitch/styles/components/columns.scss          | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/javascript/flavours/glitch/styles/components/columns.scss b/app/javascript/flavours/glitch/styles/components/columns.scss
index 71edf7fb3b..42a5919319 100644
--- a/app/javascript/flavours/glitch/styles/components/columns.scss
+++ b/app/javascript/flavours/glitch/styles/components/columns.scss
@@ -65,6 +65,7 @@ $ui-header-height: 55px;
   z-index: 2;
   justify-content: space-between;
   align-items: center;
+  overflow: hidden;
 
   &__logo {
     display: inline-flex;
@@ -81,10 +82,15 @@ $ui-header-height: 55px;
     align-items: center;
     gap: 10px;
     padding: 0 10px;
+    overflow: hidden;
 
     .button {
       flex: 0 0 auto;
     }
+
+    .button-tertiary {
+      flex-shrink: 1;
+    }
   }
 }
 

From 16fb604c52a84a48bb729ea15e7fa8c9568ae118 Mon Sep 17 00:00:00 2001
From: Juan Xavier Gomez <jgomez@codecademy.com>
Date: Tue, 6 Dec 2022 18:40:37 -0500
Subject: [PATCH 17/18] [Glitch] Fix hidden overflow on interaction modal

Port 21b208afcbb5b1a6f2f49eb6db478fc9a99ad272 to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
---
 app/javascript/flavours/glitch/styles/components/modal.scss | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/javascript/flavours/glitch/styles/components/modal.scss b/app/javascript/flavours/glitch/styles/components/modal.scss
index ab86091700..8ba8bec102 100644
--- a/app/javascript/flavours/glitch/styles/components/modal.scss
+++ b/app/javascript/flavours/glitch/styles/components/modal.scss
@@ -1306,7 +1306,8 @@ img.modal-warning {
   width: 600px;
   background: $ui-base-color;
   border-radius: 8px;
-  overflow: hidden;
+  overflow-x: hidden;
+  overflow-y: auto;
   position: relative;
   display: block;
   padding: 20px;

From 859db01268bdae0d423ccf97fbeef87eb4f13f0d Mon Sep 17 00:00:00 2001
From: Michal Dvorak <michal.dvorak@lummox.cz>
Date: Thu, 8 Dec 2022 10:38:52 +0100
Subject: [PATCH 18/18] initial translation of Glitch-specific texts into Czech
 (#1997)

---
 app/javascript/flavours/glitch/locales/cs.js  | 175 +++++++++++++++++-
 app/javascript/flavours/glitch/names.yml      |   8 +
 app/javascript/flavours/vanilla/names.yml     |   8 +
 .../skins/glitch/contrast/names.yml           |   4 +
 .../skins/glitch/mastodon-light/names.yml     |   4 +
 .../skins/vanilla/contrast/names.yml          |   4 +
 .../skins/vanilla/mastodon-light/names.yml    |   4 +
 app/javascript/skins/vanilla/win95/names.yml  |   4 +
 config/locales-glitch/cs.yml                  |  41 ++++
 config/locales-glitch/simple_form.cs.yml      |  27 +++
 10 files changed, 278 insertions(+), 1 deletion(-)
 create mode 100644 config/locales-glitch/cs.yml
 create mode 100644 config/locales-glitch/simple_form.cs.yml

diff --git a/app/javascript/flavours/glitch/locales/cs.js b/app/javascript/flavours/glitch/locales/cs.js
index ac7db03275..e789facb0b 100644
--- a/app/javascript/flavours/glitch/locales/cs.js
+++ b/app/javascript/flavours/glitch/locales/cs.js
@@ -1,7 +1,180 @@
 import inherited from 'mastodon/locales/cs.json';
 
 const messages = {
-  //  No translations available.
+  'about.fork_disclaimer': 'Glitch-soc je svobodný software s otevřeným zdrojovým kódem založený na Mastodonu.',
+  'settings.layout_opts': 'Možnosti rozvržení',
+  'settings.layout': 'Rozložení:',
+  'layout.current_is': 'Nastavené rozložení je:',
+  'layout.auto': 'Automatické',
+  'layout.desktop': 'Desktop',
+  'layout.mobile': 'Mobil',
+  'layout.hint.auto': 'Vybrat rozložení automaticky v závislosti na nastavení “Povolit pokročilé webové rozhraní” a velikosti obrazovky.',
+  'layout.hint.desktop': 'Použít vícesloupcové rozložení nezávisle na nastavení “Povolit pokročilé webové rozhraní” a velikosti obrazovky.',
+  'layout.hint.single': 'Použít jednosloupcové rozložení nezávisle na nastavení “Povolit pokročilé webové rozhraní” a velikosti obrazovky.',
+  'navigation_bar.app_settings': 'Nastavení aplikace',
+  'navigation_bar.featured_users': 'Vybraní uživatelé',
+  'endorsed_accounts_editor.endorsed_accounts': 'Vybrané účty',
+  'navigation_bar.info': 'Rozšířené informace',
+  'navigation_bar.misc': 'Různé',
+  'navigation_bar.keyboard_shortcuts': 'Klávesové zkratky',
+  'getting_started.onboarding': 'Ukaž mi to tu', 
+  'onboarding.skip': 'Přeskočit',
+  'onboarding.next': 'Další',
+  'onboarding.done': 'Hotovo',
+  'onboarding.page_one.federation': '{domain} je \'instance\' Mastodonu. Mastodon je síť nezávislých serverů, které jsou spolu propojené do jedné velké sociální sítě. Těmto serverům říkáme instance.',
+  'onboarding.page_one.handle': 'Jste na instanci {domain}, takže celá adresa vašeho profilu je {handle}',
+  'onboarding.page_one.welcome': 'Vítá vás {domain}!',
+  'onboarding.page_two.compose': 'Příspěvky se píší v levém sloupci. Pomocí ikon pod příspěvkem k němu můžete připojit obrázky, změnit úroveň soukromí nebo přidat varování o obsahu.',
+  'onboarding.page_three.search': 'Pomocí vyhledávací lišty můžete hledat lidi nebo hashtagy. Pokud hledáte někoho z jiné instance, musíte použít celou adresu jeho profilu.',
+  'onboarding.page_three.profile': 'Upravte si svůj profil a nastavte si profilový obrázek, jméno, a krátký text o sobě. Naleznete tam i další možnosti nastavení.',
+  'onboarding.page_four.home': 'Domovská časová osa zobrazuje příspěvky od lidí, které sledujete.',
+  'onboarding.page_four.notifications': 'Notifikace se zobrazí, když s vámi někdo interaguje.',
+  'onboarding.page_five.public_timelines': 'Místní časová osa zobrazuje veřejné příspěvky všech uživatelů instance {domain}. Federovaná časová osa zobrazí příspěvky od všech, koho uživatelé instance {domain} sledují. Tyto veřejné časové osy jsou skvělý způsob, jak objevit nové lidi.',
+  'onboarding.page_six.almost_done': 'Skoro hotovo...',
+  'onboarding.page_six.github': 'Na serveru {domain} běží Glitchsoc. Glitchsoc je přátelský {fork} programu {Mastodon}, a je kompatibilní s jakoukoliv jinou mastodoní instancí nebo aplikací. Glitchsoc je zcela svobodný a má otevřený zdrojový kód. Na stránce {github} můžete hlásit chyby, žádat o nové funkce, nebo ke kódu vlastnoručně přispět.',
+  'onboarding.page_six.apps_available': 'Jsou dostupné {apps} pro iOS, Android i jiné platformy.',
+  'onboarding.page_six.various_app': 'mobilní aplikace',
+  'onboarding.page_six.appetoot': 'Veselé mastodonění!',
+  'settings.auto_collapse': 'Automaticky sbalit',
+  'settings.auto_collapse_all': 'Všechno',
+  'settings.auto_collapse_lengthy': 'Dlouhé příspěvky',
+  'settings.auto_collapse_media': 'Příspěvky s přílohami',
+  'settings.auto_collapse_notifications': 'Oznámení',
+  'settings.auto_collapse_reblogs': 'Boosty',
+  'settings.auto_collapse_replies': 'Odpovědi',
+  'settings.show_action_bar': 'Zobrazit ve sbalených příspěvcích tlačítka s akcemi',
+  'settings.close': 'Zavřít',
+  'settings.collapsed_statuses': 'Sbalené příspěvky',
+  'settings.confirm_boost_missing_media_description': 'Zobrazit potvrzovací dialog před boostnutím příspěvku s chybějícími popisky obrázků',
+  'boost_modal.missing_description': 'Příspěvek obsahuje obrázky bez popisků',
+  'settings.enable_collapsed': 'Povolit sbalené příspěvky',
+  'settings.enable_collapsed_hint': 'U sbalených příspěvků je část jejich obsahu skrytá, aby zabraly méně místa na obrazovce. (Tohle není stejná funkce jako varování o obsahu.)',
+  'settings.general': 'Obecné',
+  'settings.hicolor_privacy_icons': 'Barevné ikony soukromí',
+  'settings.hicolor_privacy_icons.hint': 'Zobrazit ikony úrovně soukromí příspěvků v jasných, snadno rozlišitelných barvách',
+  'settings.image_backgrounds': 'Obrázkové pozadí',
+  'settings.image_backgrounds_media': 'Náhled médií ve sbalených příspěvcích',
+  'settings.image_backgrounds_media_hint': 'Pokud jsou k příspěvku přiložena média, použije se první z nich jako pozadí', 
+  'settings.image_backgrounds_users': 'Nastavit sbaleným příspěvkům obrázkové pozadí',
+  'settings.inline_preview_cards': 'Zobrazit v časové ose náhledy externích odkazů',
+  'settings.media': 'Média',
+  'settings.media_letterbox': 'Neořezávat obrázky',
+  'settings.media_letterbox_hint': 'Místo výřezu obrázku zobrazit obrázek celý, doplněný podle potřeby o prázdné okraje',
+  'settings.media_fullwidth': 'Zobrazit náhledy v plné šířce',
+  'settings.notifications_opts': 'Možnosti oznámení',
+  'settings.notifications.tab_badge': 'Zobrazit počet nepřečtených oznámení',
+  'settings.notifications.tab_badge.hint': 'Počet nepřečtených oznámení se viditelně zobrazí na hlavní stránce (pokud není seznam oznámení viditelný)',
+  'settings.notifications.favicon_badge': 'Zobrazit počet na ikoně serveru',
+  'settings.notifications.favicon_badge.hint': 'Zobrazí počet nepřečtených oznámení na ikoně serveru',
+  'settings.preferences': 'Předvolby',
+  'settings.rewrite_mentions': 'Přepsat zmínky v zobrazených příspěvcích',
+  'settings.rewrite_mentions_no': 'Nepřepisovat zmínky',
+  'settings.rewrite_mentions_acct': 'Přepsat uživatelským jménem a doménou (pokud je účet na jiném serveru)',
+  'settings.rewrite_mentions_username': 'Přepsat uživatelským jménem',
+  'settings.show_reply_counter': 'Zobrazit odhad počtu odpovědí',
+  'settings.status_icons': 'Ikony u příspěvků',
+  'settings.status_icons_language': 'Indikace jazyk',
+  'settings.status_icons_reply': 'Indikace odpovědi',
+  'settings.status_icons_local_only': 'Indikace lokálního příspěvku',
+  'settings.status_icons_media': 'Indikace obrázků a anket',
+  'settings.status_icons_visibility': 'Indikace úrovně soukromí',
+  'settings.tag_misleading_links': 'Označit zavádějící odkazy',
+  'settings.tag_misleading_links.hint': 'Zobrazit skutečný cíl u každého odkazu, který ho explicitně nezmiňuje',
+  'settings.wide_view': 'Široké sloupce (pouze v režimu Desktop)',
+  'settings.wide_view_hint': 'Sloupce se roztáhnout, aby lépe vyplnily dostupný prostor.',
+  'settings.navbar_under': 'Navigační lišta vespod (pouze v režimu Mobil)',
+  'settings.compose_box_opts': 'Editační pole',
+  'settings.always_show_spoilers_field': 'Vždy zobrazit pole pro varování o obsahu',
+  'settings.prepend_cw_re': 'Při odpovídání přidat před varování o obsahu “re: ”',
+  'settings.preselect_on_reply': 'Při odpovědi označit uživatelská jména',
+  'settings.preselect_on_reply_hint': 'Při odpovídání na konverzaci s více účastníky se jména všech kromě prvního označí, aby šla jednoduše smazat',
+  'settings.confirm_missing_media_description': 'Zobrazit potvrzovací dialog při odesílání příspěvku, ve kterém chybí popisky obrázků',
+  'settings.confirm_before_clearing_draft': 'Zobrazit potvrzovací dialog před přepsáním právě vytvářené zprávy',
+  'settings.show_content_type_choice': 'Zobrazit volbu formátu příspěvku',
+  'settings.side_arm': 'Vedlejší odesílací tlačítko:',
+  'settings.side_arm.none': 'Žádné',
+  'settings.side_arm_reply_mode': 'Při odpovídání na příspěvek by vedlejší odesílací tlačítko mělo:',  
+  'settings.side_arm_reply_mode.keep': 'Použít svou nastavenou úroveň soukromí',
+  'settings.side_arm_reply_mode.copy': 'Použít úroveň soukromí příspěvku, na který odpovídáte',
+  'settings.side_arm_reply_mode.restrict': 'Zvýšit úroveň soukromí nejméně na úroveň příspěvku, na který odpovídáte',  
+  'settings.content_warnings': 'Varování o obsahu',
+  'settings.content_warnings_shared_state': 'Zobrazit/schovat všechny kopie naráz',
+  'settings.content_warnings_shared_state_hint': 'Tlačítko varování o obsahu bude mít efekt na všechny kopie příspěvku naráz, stejně jako na běžném Mastodonu. Nebude pak možné automaticky sbalit jakoukoliv kopii příspěvku, která má rozbalené varování o obsahu',
+  'settings.content_warnings_media_outside': 'Zobrazit obrázky a videa mimo varování o obsahu',
+  'settings.content_warnings_media_outside_hint': 'Obrázky a videa z příspěvku s varováním o obsahu se zobrazí se separátním přepínačem zobrazení, stejně jako na běžném Mastodonu.',
+  'settings.content_warnings_unfold_opts': 'Možnosti automatického rozbalení',
+  'settings.enable_content_warnings_auto_unfold': 'Vždy rozbalit příspěvky označené varováním o obsahu',
+  'settings.deprecated_setting': 'Tato možnost se nyní nastavuje v {settings_page_link}',
+  'settings.shared_settings_link': 'předvolbách Mastodonu',
+  'settings.content_warnings_filter': 'Tato varování o obsahu automaticky nerozbalovat:',
+  'settings.content_warnings.regexp': 'Regulární výraz',
+  'settings.media_reveal_behind_cw': 'Automaticky zobrazit média označená varováním o obsahu',
+  'settings.pop_in_player': 'Povolit plovoucí okno přehrávače',
+  'settings.pop_in_position': 'Pozice plovoucího okna:',
+  'settings.pop_in_left': 'Vlevo',
+  'settings.pop_in_right': 'Vpravo',
+ 
+  
+  'status.collapse': 'Sbalit',
+  'status.uncollapse': 'Rozbalit',  
+  'status.in_reply_to': 'Tento příspěvek je odpověď',
+  'status.has_preview_card': 'Obsahuje náhled odkazu',
+  'status.has_pictures': 'Obsahuje obrázky',
+  'status.is_poll': 'Tento příspěvek je anketa',
+  'status.has_video': 'Obsahuje video',
+  'status.has_audio': 'Obsahuje audio',
+  'status.local_only': 'Viditelné pouze z vaší instance',
+
+  'media_gallery.sensitive': 'Citlivý obsah',
+
+  'favourite_modal.combo': 'Příště můžete pro přeskočení stisknout {combo}',
+
+  'home.column_settings.show_direct': 'Zobrazit přímé zprávy',
+
+  'notification_purge.start': 'Čistící režim',
+  'notifications.mark_as_read': 'Označit všechna oznámení jako přečtená',
+
+  'notification.markForDeletion': 'Označit pro smazání',
+  'notifications.clear': 'Vymazat všechna oznámení',
+  'notifications.marked_clear_confirmation': 'Určitě chcete trvale smazat všechna vybraná oznámení?',
+  'notifications.marked_clear': 'Smazat vybraná oznámení',
+
+  'notification_purge.btn_all': 'Vybrat\nvše',
+  'notification_purge.btn_none': 'Nevybrat\nnic',
+  'notification_purge.btn_invert': 'Obrátit\nvýběr',
+  'notification_purge.btn_apply': 'Smazat\nvybrané',
+
+  'compose.attach.upload': 'Nahrát soubor',
+  'compose.attach.doodle': 'Něco namalovat',
+  'compose.attach': 'Připojit...',
+
+  'advanced_options.local-only.short': 'Lokální příspěvek',
+  'advanced_options.local-only.long': 'Neposílat na jiné servery',
+  'advanced_options.local-only.tooltip': 'Tento příspěvek je pouze lokální',
+  'advanced_options.icon_title': 'Pokročilá nastavení',
+  'advanced_options.threaded_mode.short': 'Režim vlákna',
+  'advanced_options.threaded_mode.long': 'Po odeslání automaticky otevře pole pro odpověď',
+  'advanced_options.threaded_mode.tooltip': 'Režim vlákna je zapnutý',
+  
+  'home.column_settings.advanced': 'Pokročilé',
+  'home.column_settings.filter_regex': 'Filtrovat podle regulárních výrazů',
+  
+  'compose_form.poll.single_choice': 'Povolit jednu odpověď',
+  'compose_form.poll.multiple_choices': 'Povolit více odpovědí',
+  
+  'compose.content-type.plain': 'Prostý text',
+  'content-type.change': 'Formát příspěvku',
+  'compose_form.spoiler': 'Přidat varování o obsahu',
+  
+  'direct.group_by_conversations': 'Seskupit do konverzací',
+  'column.toot': 'Příspěvky a odpovědi',
+  'confirmation_modal.do_not_ask_again': 'Příště se už neptat',
+  
+  'keyboard_shortcuts.bookmark': 'Přidat do záložek',
+  'keyboard_shortcuts.toggle_collapse': 'Sbalit/rozbalit příspěvek',
+  'keyboard_shortcuts.secondary_toot': 'Odeslat příspěvek s druhotným nastavením soukromí',
+  
+  'column.subheading': 'Různé',
 };
 
 export default Object.assign({}, inherited, messages);
diff --git a/app/javascript/flavours/glitch/names.yml b/app/javascript/flavours/glitch/names.yml
index 68db3a73e3..f35b457e10 100644
--- a/app/javascript/flavours/glitch/names.yml
+++ b/app/javascript/flavours/glitch/names.yml
@@ -6,6 +6,14 @@ en:
   skins:
     glitch:
       default: Default
+cs:
+  flavours:
+    glitch:
+      description: Výchozí rozhraní instancí GlitchSoc.
+      name: Glitch
+  skins:
+    glitch:
+      default: Výchozí
 pl:
   flavours:
     glitch:
diff --git a/app/javascript/flavours/vanilla/names.yml b/app/javascript/flavours/vanilla/names.yml
index 0e3f43ed03..9b7fc189d4 100644
--- a/app/javascript/flavours/vanilla/names.yml
+++ b/app/javascript/flavours/vanilla/names.yml
@@ -6,6 +6,14 @@ en:
   skins:
     vanilla:
       default: Default
+cs:
+  flavours:
+    vanilla:
+      description: Standardní rozhraní Mastodonu. Některé funkce GlitchSoc v něm nejsou podporované.
+      name: Standardní Mastodon
+  skins:
+    vanilla:
+      default: Výchozí
 pl:
   flavours:
     vanilla:
diff --git a/app/javascript/skins/glitch/contrast/names.yml b/app/javascript/skins/glitch/contrast/names.yml
index 570e30d3b1..5e73574395 100644
--- a/app/javascript/skins/glitch/contrast/names.yml
+++ b/app/javascript/skins/glitch/contrast/names.yml
@@ -2,6 +2,10 @@ en:
   skins:
     glitch:
       contrast: High contrast
+cs:
+  skins:
+    glitch:
+      contrast: Vysoký kontrast
 es:
   skins:
     glitch:
diff --git a/app/javascript/skins/glitch/mastodon-light/names.yml b/app/javascript/skins/glitch/mastodon-light/names.yml
index 891271e6e8..a2c20548f6 100644
--- a/app/javascript/skins/glitch/mastodon-light/names.yml
+++ b/app/javascript/skins/glitch/mastodon-light/names.yml
@@ -2,6 +2,10 @@ en:
   skins:
     glitch:
       mastodon-light: Mastodon (light)
+cs:
+  skins:
+    glitch:
+      mastodon-light: Mastodon (světlý)
 es:
   skins:
     glitch:
diff --git a/app/javascript/skins/vanilla/contrast/names.yml b/app/javascript/skins/vanilla/contrast/names.yml
index da89747427..51d23f72d7 100644
--- a/app/javascript/skins/vanilla/contrast/names.yml
+++ b/app/javascript/skins/vanilla/contrast/names.yml
@@ -2,6 +2,10 @@ en:
   skins:
     vanilla:
       contrast: High contrast
+cs:
+  skins:
+    vanilla:
+      contrast: Vysoký kontrast
 es:
   skins:
     vanilla:
diff --git a/app/javascript/skins/vanilla/mastodon-light/names.yml b/app/javascript/skins/vanilla/mastodon-light/names.yml
index 5e41d1051d..fc6721e15c 100644
--- a/app/javascript/skins/vanilla/mastodon-light/names.yml
+++ b/app/javascript/skins/vanilla/mastodon-light/names.yml
@@ -2,6 +2,10 @@ en:
   skins:
     vanilla:
       mastodon-light: Mastodon (light)
+cs:
+  skins:
+    vanilla:
+      mastodon-light: Mastodon (světlý)
 es:
   skins:
     glitch:
diff --git a/app/javascript/skins/vanilla/win95/names.yml b/app/javascript/skins/vanilla/win95/names.yml
index 2083084a27..53b771c5e4 100644
--- a/app/javascript/skins/vanilla/win95/names.yml
+++ b/app/javascript/skins/vanilla/win95/names.yml
@@ -2,3 +2,7 @@ en:
   skins:
     vanilla:
       win95: Ｍａｓｔｏ95
+cs:
+  skins:
+    vanilla:
+      win95: Windows 95
diff --git a/config/locales-glitch/cs.yml b/config/locales-glitch/cs.yml
new file mode 100644
index 0000000000..08c56ef3e6
--- /dev/null
+++ b/config/locales-glitch/cs.yml
@@ -0,0 +1,41 @@
+---
+cs:
+  admin:
+    custom_emojis:
+      batch_copy_error: 'Při kopírování některých emoji došlo k chybě: %{message}'
+      batch_error: 'Došlo k chybě: %{message}'
+    settings:
+      captcha_enabled:
+        desc_html: Tato funkce používá externí skripty služby hCaptcha, což může být problém z hlediska bezpečí a ochrany dat. Také to může <strong>některým (hlavně postiženým) lidem registrační proces výrazně zkomplikovat</strong>. Z tohoto důvodu prosím raději zvažte jiné možnosti, jako je schvalování registrací nebo registrace pouze pro zvané.<br>Uživatelům pozvaným skrze omezenou pozvánku se CAPTCHA nezobrazí.
+        title: Vyžadovat po nových uživatelích opsání textu z obrázku (CAPTCHA)
+      enable_keybase:
+        desc_html: Uživatelé budou moci potvrdit svou identitu pomocí Keybase
+        title: Zapnout potvrzování pomocí Keybase
+      flavour_and_skin:
+        title: Rozhraní a styl
+      other:
+        preamble: Různá nastavení glitch-soc, která se nevešla do jiných kategorií.
+        title: Jiné
+      outgoing_spoilers:
+        desc_html: Při federování příspěvků se přidá toto varování o obsahu příspěvkům, které žádné nemají. To může být užitečné, pokud je váš server zaměřen na specifický obsah, pro který by jiné servery mohly varování o obsahu vyžadovat. Připojená média budou označena jako citlivá.
+        title: Varování o obsahu pro odesílané příspěvky
+      hide_followers_count:
+        desc_html: Nezobrazovat na uživatelských profilech počet sledujících
+        title: Schovat počet sledujících
+      show_reblogs_in_public_timelines:
+        desc_html: Veřejné boosty veřejných příspěvků se zobrazí na místní a federované časové ose.
+        title: Zobrazovat ve veřejných časových osách boosty
+      show_replies_in_public_timelines:
+        desc_html: Na místní a federované časové ose se kromě odpovědí autora na vlastní příspěvky (vláken) zobrazí i ostatní veřejné odpovědi.
+        title: Zobrazovat ve veřejných časových osách odpovědi
+      trending_status_cw:
+        desc_html: Zobrazovat v rámci trendů (pokud jsou zapnuté) i příspěvky s varováním o obsahu. Změny tohoto nastavení se neprojeví retroaktivně.
+        title: Povolit v trendech příspěvky s varováním o obsahu
+  auth:
+    captcha_confirmation:
+      hint_html: Už jen poslední krok! Pro potvrzení svého účtu opište prosím text z obrázku (CAPTCHA). Pokud máte dotazy nebo potřebujete s potvrzením pomoct, můžete <a href="/about/more">kontaktovat administrátora</a>.
+      title: Ověření uživatele
+  generic:
+    use_this: Použít
+  settings:
+    flavours: Rozhraní
diff --git a/config/locales-glitch/simple_form.cs.yml b/config/locales-glitch/simple_form.cs.yml
new file mode 100644
index 0000000000..f655fed9f5
--- /dev/null
+++ b/config/locales-glitch/simple_form.cs.yml
@@ -0,0 +1,27 @@
+---
+cs:
+  simple_form:
+    glitch_only: glitch-soc
+    hints:
+      defaults:
+        fields: Na svém profilu můžete mít zobrazeno několik položek (max. %{count}) jako tabulku
+        setting_default_content_type_html: Předpokládat, že nové příspěvky jsou napsané v HTML, pokud není uvedeno jinak
+        setting_default_content_type_markdown: Předpokládat, že nové příspěvky používají pro formátování Markdown, pokud není uvedeno jinak
+        setting_default_content_type_plain: Předpokládat, že nové příspěvky nejsou nijak formátované, pokud není uvedeno jinak (standardní chování Mastodonu)
+        setting_default_language: Jazyk vašich příspěvků lze detekovat automaticky, ale není to vždycky přesné
+        setting_hide_followers_count: Počet vašich sledujících se nebude nikomu zobrazovat, ani vám. Některé aplikace mohou zobrazit negativní počet sledujících.
+        setting_skin: Aplikuje barevný styl na zvolené rozhraní Mastodonu
+    labels:
+      defaults:
+        setting_default_content_type: Výchozí formát příspěvků
+        setting_default_content_type_html: HTML
+        setting_default_content_type_markdown: Markdown
+        setting_default_content_type_plain: Prostý text
+        setting_favourite_modal: Před oblíbením příspěvku zobrazit potvrzovací dialog (pouze pro rozhraní Glitch)
+        setting_hide_followers_count: Skrýt počet vašich sledujících
+        setting_skin: Styl
+        setting_system_emoji_font: Použít výchozí emoji systému (pouze pro rozhraní Glitch)
+      notification_emails:
+        trending_tag: Nový populární hashtag vyžaduje schválení
+        trending_link: Nový populární odkaz vyžaduje schválení
+        trending_status: Nový populární příspěvek vyžaduje schválení