Up-to-date dump from main repository

This commit is contained in:
Eugen Rochko 2017-04-11 17:48:27 +02:00
parent 39103b3b46
commit eebeee2b76
9 changed files with 49 additions and 30 deletions

View File

@ -34,10 +34,19 @@ server {
keepalive_timeout 70;
sendfile on;
client_max_body_size 0;
gzip off;
root /home/mastodon/live/public;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
@ -49,7 +58,7 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://localhost:3000;
@ -67,6 +76,7 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass http://localhost:4000;
proxy_buffering off;
@ -121,7 +131,7 @@ It is recommended to use rbenv (exclusively from the `mastodon` user) to install
[2]: https://github.com/rbenv/ruby-build#installation
[3]: https://github.com/rbenv/ruby-build/wiki#suggested-build-environment
Then once `rbenv` is ready, run `rbenv install 2.3.1` to install the Ruby version for Mastodon.
Then once `rbenv` is ready, run `rbenv install 2.4.1` to install the Ruby version for Mastodon.
## Git

View File

@ -1,10 +1,8 @@
# Two Factor Authentication (2FA)
# 2-Factor Authentication
Two Factor Authentication (2FA) is a security mechanism that requires you to enter a computer generated code from your phone every time you log into Mastodon.
2-Factor Authentication is a security mechanism that requires you to enter a computer generated code from your phone every time you log into Mastodon.
We highly recommend that you set up two factor authentication as it prevents malicious users from logging into your account if they obtain your password.
The 2FA protocol used by Mastodon is an implementation of [RFC 6238](https://tools.ietf.org/html/rfc6238), TOTP: Time-Based One-Time Password Algorithm.
We highly recommend that you set up 2-factor authentication as it prevents malicious users from logging into your account if they obtain your password.
## Warning

View File

@ -14,6 +14,6 @@ Some people have started working on apps for the Mastodon API. Here is a list of
|Tooter|Chrome|<https://github.com/ineffyble/tooter>|[@effy@mastodon.social](https://mastodon.social/users/effy)|
|tootstream|CLI|<https://github.com/magicalraccoon/tootstream>|[@Raccoon@mastodon.social](https://mastodon.social/users/Raccoon)|
|HackerNewsBot|CLI|<https://github.com/raymestalez/mastodon-hnbot>|[@rayalez@hackertribe.io](https://hackertribe.io/users/rayalez)|
|Mastodon.tools|Wordpress|<https://github.com/davidlibeau/mastodon-tools>|[@David@mastodon.xyz](https://mastodon.xyz/users/David)|
|Mastodon.tools|Wordpress, web browser, social network|<https://github.com/davidlibeau/mastodon-tools>|[@David@mastodon.xyz](https://mastodon.xyz/users/David)|
If you have a project like this, let me know so I can add it to the list!

View File

@ -17,7 +17,7 @@ There are different ways in which something can be decentralized; in this case,
We are using the OStatus suite of protocols:
1. Webfinger, [RFC 7033](https://tools.ietf.org/html/rfc7033), for user-on-domain lookup
1. Webfinger for user-on-domain lookup
2. Atom feeds with ActivityStreams, Portable Contacts, Threads extensions for the actual content
3. PubSubHubbub for subscribing to Atom feeds
4. Salmon for delivering certain items from the Atom feeds to interested parties such as the mentioned user, author of the status being replied to, person being followed, etc

View File

@ -76,7 +76,7 @@ There is also a list at [instances.mastodon.xyz](https://instances.mastodon.xyz)
| [mastodon.fun](https://mastodon.fun/)|Mastodon for everyone ! |Yes|Yes|
| [oulipo.social](https://oulipo.social/)|An Oulipo Mastodon in which that fifth symbol in Latin script is taboo|Yes|No|
| [indigo.zone](https://indigo.zone)|Open Registrations, General Purpose|Yes|No|
| [mastodon.cloud](https://mastodon.cloud)|An open Mastodon instance with people from all around the world|Yes|Yes|
| [mst3k.interlinked.me](https://mst3k.interlinked.me)|Open registrations, general purpose|Yes|Yes|
We are no longer maintaining this list as instances are popping up too quickly for using GitHub to be a tenable system for tracking them. Please standby while we work on another solution

View File

@ -30,7 +30,7 @@ API overview
- [Instance](#instance)
- [Mention](#mention)
- [Notification](#notification)
- [Relationships](#relationships)
- [Relationship](#relationship)
- [Results](#results)
- [Status](#status)
- [Tag](#tag)
@ -85,6 +85,17 @@ Returns an [Account](#account).
Returns the authenticated user's [Account](#account).
#### Updating the current user:
PATCH /api/v1/accounts/update_credentials
Form data:
- `display_name`: The name to display in the user's profile
- `note`: A new biography for the user
- `avatar`: A base64 encoded image to display as the user's avatar (e.g. `data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUoAAADrCAYAAAA...`)
- `header`: A base64 encoded image to display as the user's header image (e.g. `data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUoAAADrCAYAAAA...`)
#### Getting an account's followers:
GET /api/v1/accounts/:id/followers
@ -110,22 +121,22 @@ Returns an array of [Statuses](#status).
#### Following/unfollowing an account:
POST /api/v1/accounts/:id/follow
POST /api/v1/accounts/:id/unfollow
GET /api/v1/accounts/:id/follow
GET /api/v1/accounts/:id/unfollow
Returns the target [Account](#account).
#### Blocking/unblocking an account:
POST /api/v1/accounts/:id/block
POST /api/v1/accounts/:id/unblock
GET /api/v1/accounts/:id/block
GET /api/v1/accounts/:id/unblock
Returns the target [Account](#account).
#### Muting/unmuting an account:
POST /api/v1/accounts/:id/mute
POST /api/v1/accounts/:id/unmute
GET /api/v1/accounts/:id/mute
GET /api/v1/accounts/:id/unmute
Returns the target [Account](#account).
@ -351,15 +362,15 @@ Returns an empty object.
#### Reblogging/unreblogging a status:
POST /api/vi/statuses/:id/reblog
POST /api/vi/statuses/:id/unreblog
POST /api/v1/statuses/:id/reblog
POST /api/v1/statuses/:id/unreblog
Returns the target [Status](#status).
#### Favouriting/unfavouriting a status:
POST /api/vi/statuses/:id/favourite
POST /api/vi/statuses/:id/unfavourite
POST /api/v1/statuses/:id/favourite
POST /api/v1/statuses/:id/unfavourite
Returns the target [Status](#status).
@ -456,7 +467,7 @@ ___
| `acct` | Equals `username` for local users, includes `@domain` for remote ones |
| `id` | Account ID |
### Notifications
### Notification
| Attribute | Description |
| ------------------------ | ----------- |
@ -464,9 +475,9 @@ ___
| `type` | One of: "mention", "reblog", "favourite", "follow" |
| `created_at` | The time the notification was created |
| `account` | The [Account](#account) sending the notification to the user |
| `status` | The [Status](#status) associated with the notification, if applicible |
| `status` | The [Status](#status) associated with the notification, if applicable |
### Relationships
### Relationship
| Attribute | Description |
| ------------------------ | ----------- |
@ -516,7 +527,7 @@ ___
| `tags` | An array of [Tags](#tag) |
| `application` | [Application](#application) from which the status was posted |
### Tags
### Tag
| Attribute | Description |
| ------------------------ | ----------- |

View File

@ -9,4 +9,4 @@ The API is divided up into access scopes:
- `write`: Post statuses and upload media for statuses
- `follow`: Follow, unfollow, block, unblock
Multiple scopes can be requested during the authorization phase with the `scope` query param (space-separate the scopes).
Multiple scopes can be requested during the authorization phase with the `scope` query param (space-separate the scopes). If you do not specify a `scope` in your authorization request, the resulting access token will default to `read` access.

View File

@ -3,7 +3,7 @@ Testing the API with cURL
Mastodon builds around the idea of being a server first, rather than a client itself. Similarly to how a XMPP chat server communicates with others and with its own clients, Mastodon takes care of federation to other networks, like other Mastodon or GNU Social instances. So Mastodon provides a REST API, and a 3rd-party app system for using it via OAuth2.
You can get a client ID and client secret required for OAuth [via an API end-point](API.md#oauth-apps).
You can get a client ID and client secret required for OAuth [via an API end-point](API.md#apps).
From these two, you will need to acquire an access token. It is possible to do using your account's e-mail and password like this:
@ -13,6 +13,6 @@ The `/oauth/token` path will attempt to login with the given credentials, and th
Use that token in any API requests by setting a header like this:
curl --header "Authorization: Bearer ACCESS_TOKEN_HERE" -sS https://mastodon.social/api/statuses/home
curl --header "Authorization: Bearer ACCESS_TOKEN_HERE" -sS https://mastodon.social/api/v1/timelines/home
Please note that the password-based approach is not recommended especially if you're dealing with other user's accounts and not just your own. Usually you would use the authorization grant approach where you redirect the user to a web page on the original site where they can login and authorize the application and are then redirected back to your application with an access code.

View File

@ -13,4 +13,4 @@ Make sure that you make it possible to see the `acct` of any user in your app (s
## Formatting
The API delivers already formatted HTML to your app. This isn't ideal since not all apps are based on HTML, but this is not fixable as its part of the way OStatus federation works. Most importantly, you get some information on linked entities alongside the HTML of the status body. For example, you get a list of mentioned users, and a list of media attachments, and a list of hashtags. It is possible to convert the HTML to whatever you need in your app by parsing the HTML tags and matching their `href`s to the linked entities. If a match cannot be found, the link must stay a clickable link.
The API delivers already formatted HTML to your app. This isn't ideal since not all apps are based on HTML, but this is not fixable as it's part of the way OStatus federation works. Most importantly, you get some information on linked entities alongside the HTML of the status body. For example, you get a list of mentioned users, and a list of media attachments, and a list of hashtags. It is possible to convert the HTML to whatever you need in your app by parsing the HTML tags and matching their `href`s to the linked entities. If a match cannot be found, the link must stay a clickable link.