Merge branch 'develop' into feature/tag_feed

2019-12-17 09:24:08 +03:00 · 2019-12-17 09:24:08 +03:00 · a879c396bb
parent 22fc271e23 804b961d3c
commit a879c396bb
127 changed files with 2441 additions and 1770 deletions
--- a/.formatter.exs
+++ b/.formatter.exs
@ -1,3 +1,3 @@
 [
-  inputs: ["mix.exs", "{config,lib,test}/**/*.{ex,exs}", "priv/repo/migrations/*.exs"]
+  inputs: ["mix.exs", "{config,lib,test}/**/*.{ex,exs}", "priv/repo/migrations/*.exs", "priv/scrubbers/*.ex"]
 ]
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -28,6 +28,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - **Breaking:** Admin API: Return link alongside with token on password reset
 - **Breaking:** Admin API: `PUT /api/pleroma/admin/reports/:id` is now `PATCH /api/pleroma/admin/reports`, see admin_api.md for details
 - **Breaking:** `/api/pleroma/admin/users/invite_token` now uses `POST`, changed accepted params and returns full invite in json instead of only token string.
 - **Breaking** replying to reports is now "report notes", enpoint changed from `POST /api/pleroma/admin/reports/:id/respond` to `POST /api/pleroma/admin/reports/:id/notes`
 - Admin API: Return `total` when querying for reports
 - Mastodon API: Return `pleroma.direct_conversation_id` when creating a direct message (`POST /api/v1/statuses`)
 - Admin API: Return link alongside with token on password reset
@ -37,9 +38,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mastodon API: Mark the direct conversation as read for the author when they send a new direct message
 - Mastodon API, streaming: Add `pleroma.direct_conversation_id` to the `conversation` stream event payload.
 - Admin API: Render whole status in grouped reports
 - Mastodon API: User timelines will now respect blocks, unless you are getting the user timeline of somebody you blocked (which would be empty otherwise).
 </details>
 ### Added
 - `:chat_limit` option to limit chat characters.
 - Refreshing poll results for remote polls
 - Authentication: Added rate limit for password-authorized actions / login existence checks
 - Static Frontend: Add the ability to render user profiles and notices server-side without requiring JS app.
@ -47,6 +50,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mix task to list all users (`mix pleroma.user list`)
 - Support for `X-Forwarded-For` and similar HTTP headers which used by reverse proxies to pass a real user IP address to the backend. Must not be enabled unless your instance is behind at least one reverse proxy (such as Nginx, Apache HTTPD or Varnish Cache).
 - MRF: New module which handles incoming posts based on their age. By default, all incoming posts that are older than 2 days will be unlisted and not shown to their followers.
 - User notification settings: Add `privacy_option` option.
 - User settings: Add _This account is a_ option.
 - OAuth: admin scopes support (relevant setting: `[:auth, :enforce_oauth_admin_scope_usage]`).
 <details>
  <summary>API Changes</summary>
@ -75,11 +81,20 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Pleroma API: Add Emoji reactions
 - Admin API: Add `/api/pleroma/admin/instances/:instance/statuses` - lists all statuses from a given instance
 - Admin API: `PATCH /api/pleroma/users/confirm_email` to confirm email for multiple users, `PATCH /api/pleroma/users/resend_confirmation_email` to resend confirmation email for multiple users
 - ActivityPub: Configurable `type` field of the actors.
 - Mastodon API: `/api/v1/accounts/:id` has `source/pleroma/actor_type` field.
 - Mastodon API: `/api/v1/update_credentials` accepts `actor_type` field.
 - Captcha: Support native provider
 - Captcha: Enable by default
 </details>
 ### Fixed
 - Report emails now include functional links to profiles of remote user accounts
 - Not being able to log in to some third-party apps when logged in to MastoFE
 - MRF: `Delete` activities being exempt from MRF policies
 - OTP releases: Not being able to configure OAuth expired token cleanup interval
 - OTP releases: Not being able to configure HTML sanitization policy
 - Favorites timeline now ordered by favorite date instead of post date
 <details>
  <summary>API Changes</summary>
--- a/config/config.exs
+++ b/config/config.exs
@ -66,9 +66,11 @@ config :pleroma, Pleroma.Scheduler,
  jobs: scheduled_jobs
 config :pleroma, Pleroma.Captcha,
-  enabled: false,
+  enabled: true,
  seconds_valid: 60,
-  method: Pleroma.Captcha.Kocaptcha
+  method: Pleroma.Captcha.Native
 config :pleroma, Pleroma.Captcha.Kocaptcha, endpoint: "https://captcha.kotobank.ch"
 config :pleroma, :hackney_pools,
  federation: [
@ -84,8 +86,6 @@ config :pleroma, :hackney_pools,
    timeout: 300_000
  ]
 config :pleroma, Pleroma.Captcha.Kocaptcha, endpoint: "https://captcha.kotobank.ch"
 # Upload configuration
 config :pleroma, Pleroma.Upload,
  uploader: Pleroma.Uploaders.Local,
@ -225,6 +225,7 @@ config :pleroma, :instance,
  notify_email: "noreply@example.com",
  description: "A Pleroma instance, an alternative fediverse server",
  limit: 5_000,
  chat_limit: 5_000,
  remote_limit: 100_000,
  upload_limit: 16_000_000,
  avatar_upload_limit: 2_000_000,
@ -562,7 +563,10 @@ config :ueberauth,
       base_path: "/oauth",
       providers: ueberauth_providers
-config :pleroma, :auth, oauth_consumer_strategies: oauth_consumer_strategies
+config :pleroma,
       :auth,
       enforce_oauth_admin_scope_usage: false,
       oauth_consumer_strategies: oauth_consumer_strategies
 config :pleroma, Pleroma.Emails.Mailer, adapter: Swoosh.Adapters.Sendmail, enabled: false
--- a/config/description.exs
+++ b/config/description.exs
@ -2094,6 +2094,15 @@ config :pleroma, :config_description, [
    type: :group,
    description: "Authentication / authorization settings",
    children: [
      %{
        key: :enforce_oauth_admin_scope_usage,
        type: :boolean,
        description:
          "OAuth admin scope requirement toggle. " <>
            "If `true`, admin actions explicitly demand admin OAuth scope(s) presence in OAuth token " <>
            "(client app must support admin scopes). If `false` and token doesn't have admin scope(s)," <>
            "`is_admin` user flag grants access to admin-specific actions."
      },
      %{
        key: :auth_template,
        type: :string,
--- a/config/test.exs
+++ b/config/test.exs
@ -68,7 +68,9 @@ config :pleroma, Oban,
  queues: false,
  prune: :disabled
-config :pleroma, Pleroma.Scheduler, jobs: []
+config :pleroma, Pleroma.Scheduler,
  jobs: [],
  global: false
 config :pleroma, Pleroma.ScheduledActivity,
  daily_user_limit: 2,
--- a/docs/API/admin_api.md
+++ b/docs/API/admin_api.md
@ -2,6 +2,13 @@
 Authentication is required and the user must be an admin.
 Configuration options:
 * `[:auth, :enforce_oauth_admin_scope_usage]` — OAuth admin scope requirement toggle.
    If `true`, admin actions explicitly demand admin OAuth scope(s) presence in OAuth token (client app must support admin scopes).
    If `false` and token doesn't have admin scope(s), `is_admin` user flag grants access to admin-specific actions.
    Note that client app needs to explicitly support admin scopes and request them when obtaining auth token.
 ## `GET /api/pleroma/admin/users`
 ### List users
@ -607,78 +614,29 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
  - On success: `204`, empty response
-## `POST /api/pleroma/admin/reports/:id/respond`
+## `POST /api/pleroma/admin/reports/:id/notes`
-### Respond to a report
+### Create report note
 - Params:
-  - `id`
+  - `id`: required, report id
-  - `status`: required, the message
+  - `content`: required, the message
 - Response:
  - On failure:
    - 400 Bad Request `"Invalid parameters"` when `status` is missing
-    - 403 Forbidden `{"error": "error_msg"}`
+  - On success: `204`, empty response
    - 404 Not Found `"Not found"`
  - On success: JSON, created Mastodon Status entity
-```json
+## `POST /api/pleroma/admin/reports/:report_id/notes/:id`
-{
+
-  "account": { ... },
+### Delete report note
-  "application": {
+
-    "name": "Web",
+- Params:
-    "website": null
+  - `report_id`: required, report id
-  },
+  - `id`: required, note id
-  "bookmarked": false,
+- Response:
-  "card": null,
+  - On failure:
-  "content": "Your claim is going to be closed",
+    - 400 Bad Request `"Invalid parameters"` when `status` is missing
-  "created_at": "2019-05-11T17:13:03.000Z",
+  - On success: `204`, empty response
  "emojis": [],
  "favourited": false,
  "favourites_count": 0,
  "id": "9ihuiSL1405I65TmEq",
  "in_reply_to_account_id": null,
  "in_reply_to_id": null,
  "language": null,
  "media_attachments": [],
  "mentions": [
    {
      "acct": "user",
      "id": "9i6dAJqSGSKMzLG2Lo",
      "url": "https://pleroma.example.org/users/user",
      "username": "user"
    },
    {
      "acct": "admin",
      "id": "9hEkA5JsvAdlSrocam",
      "url": "https://pleroma.example.org/users/admin",
      "username": "admin"
    }
  ],
  "muted": false,
  "pinned": false,
  "pleroma": {
    "content": {
      "text/plain": "Your claim is going to be closed"
    },
    "conversation_id": 35,
    "in_reply_to_account_acct": null,
    "local": true,
    "spoiler_text": {
      "text/plain": ""
    }
  },
  "reblog": null,
  "reblogged": false,
  "reblogs_count": 0,
  "replies_count": 0,
  "sensitive": false,
  "spoiler_text": "",
  "tags": [],
  "uri": "https://pleroma.example.org/objects/cab0836d-9814-46cd-a0ea-529da9db5fcb",
  "url": "https://pleroma.example.org/notice/9ihuiSL1405I65TmEq",
  "visibility": "direct"
 }
 ```
 ## `PUT /api/pleroma/admin/statuses/:id`
--- a/docs/API/differences_in_mastoapi_responses.md
+++ b/docs/API/differences_in_mastoapi_responses.md
@ -66,6 +66,8 @@ Has these additional fields under the `pleroma` object:
 - `show_role`: boolean, nullable, true when the user wants his role (e.g admin, moderator) to be shown
 - `no_rich_text` - boolean, nullable, true when html tags are stripped from all statuses requested from the API
 - `discoverable`: boolean, true when the user allows discovery of the account in search results and other services.
 - `actor_type`: string, the type of this account.
 ## Conversations
@ -103,6 +105,7 @@ The `type` value is `move`. Has an additional field:
 Accepts additional parameters:
 - `exclude_visibilities`: will exclude the notifications for activities with the given visibilities. The parameter accepts an array of visibility types (`public`, `unlisted`, `private`, `direct`). Usage example: `GET /api/v1/notifications?exclude_visibilities[]=direct&exclude_visibilities[]=private`.
 - `with_move`: boolean, when set to `true` will include Move notifications. `false` by default.
 ## POST `/api/v1/statuses`
@ -145,6 +148,8 @@ Additional parameters can be added to the JSON body/Form data:
 - `skip_thread_containment` - if true, skip filtering out broken threads
 - `allow_following_move` - if true, allows automatically follow moved following accounts
 - `pleroma_background_image` - sets the background image of the user.
 - `discoverable` - if true, discovery of this account in search results and other services is allowed.
 - `actor_type` - the type of this account.
 ### Pleroma Settings Store
 Pleroma has mechanism that allows frontends to save blobs of json for each user on the backend. This can be used to save frontend-specific settings for a user that the backend does not need to know about.
--- a/docs/API/pleroma_api.md
+++ b/docs/API/pleroma_api.md
@ -302,6 +302,7 @@ See [Admin-API](admin_api.md)
    * `follows`: BOOLEAN field, receives notifications from people the user follows
    * `remote`: BOOLEAN field, receives notifications from people on remote instances
    * `local`: BOOLEAN field, receives notifications from people on the local instance
    * `privacy_option`: BOOLEAN field. When set to true, it removes the contents of a message from the push notification.
 * Response: JSON. Returns `{"status": "success"}` if the update was successful, otherwise returns `{"error": "error_msg"}`
 ## `/api/pleroma/healthcheck`
--- a/docs/administration/CLI_tasks/config.md
+++ b/docs/administration/CLI_tasks/config.md
@ -3,17 +3,26 @@
 !!! danger
    This is a Work In Progress, not usable just yet.
-Every command should be ran with a prefix, in case of OTP releases it is `./bin/pleroma_ctl config` and in case of source installs it's
+{! backend/administration/CLI_tasks/general_cli_task_info.include !}
 `mix pleroma.config`.
 ## Transfer config from file to DB.
-```sh
+```sh tab="OTP"
-$PREFIX migrate_to_db
+ ./bin/pleroma_ctl config migrate_to_db
 ```
 ```sh tab="From Source"
 mix pleroma.config migrate_to_db
 ```
 ## Transfer config from DB to `config/env.exported_from_db.secret.exs`
-```sh
+```sh tab="OTP"
-$PREFIX migrate_from_db <env>
+ ./bin/pleroma_ctl config migrate_from_db <env>
 ```
 ```sh tab="From Source"
 mix pleroma.config migrate_from_db <env>
 ```
--- a/docs/administration/CLI_tasks/database.md
+++ b/docs/administration/CLI_tasks/database.md
@ -1,6 +1,6 @@
 # Database maintenance tasks
-Every command should be ran with a prefix, in case of OTP releases it is `./bin/pleroma_ctl database` and in case of source installs it's `mix pleroma.database`.
+{! backend/administration/CLI_tasks/general_cli_task_info.include !}
 !!! danger
    These mix tasks can take a long time to complete. Many of them were written to address specific database issues that happened because of bugs in migrations or other specific scenarios. Do not run these tasks "just in case" if everything is fine your instance.
@ -9,8 +9,12 @@ Every command should be ran with a prefix, in case of OTP releases it is `./bin/
 Replaces embedded objects with references to them in the `objects` table. Only needs to be ran once if the instance was created before Pleroma 1.0.5. The reason why this is not a migration is because it could significantly increase the database size after being ran, however after this `VACUUM FULL` will be able to reclaim about 20% (really depends on what is in the database, your mileage may vary) of the db size before the migration.
-```sh
+```sh tab="OTP"
-$PREFIX remove_embedded_objects [<options>]
+./bin/pleroma_ctl database remove_embedded_objects [<options>]
 ```
 ```sh tab="From Source"
 mix pleroma.database remove_embedded_objects [<options>]
 ```
 ### Options
@ -20,11 +24,15 @@ $PREFIX remove_embedded_objects [<options>]
 This will prune remote posts older than 90 days (configurable with [`config :pleroma, :instance, remote_post_retention_days`](../../configuration/cheatsheet.md#instance)) from the database, they will be refetched from source when accessed.
-!!! note
+!!! danger
-    The disk space will only be reclaimed after `VACUUM FULL`
+    The disk space will only be reclaimed after `VACUUM FULL`. You may run out of disk space during the execution of the task or vacuuming if you don't have about 1/3rds of the database size free.
-```sh
+```sh tab="OTP"
-$PREFIX pleroma.database prune_objects [<options>]
+./bin/pleroma_ctl database prune_objects [<options>]
 ```
 ```sh tab="From Source"
 mix pleroma.database prune_objects [<options>]
 ```
 ### Options
@ -34,18 +42,30 @@ $PREFIX pleroma.database prune_objects [<options>]
 Can be safely re-run
-```sh
+```sh tab="OTP"
-$PREFIX bump_all_conversations
+./bin/pleroma_ctl database bump_all_conversations
 ```
 ```sh tab="From Source"
 mix pleroma.database bump_all_conversations
 ```
 ## Remove duplicated items from following and update followers count for all users
-```sh
+```sh tab="OTP"
-$PREFIX update_users_following_followers_counts
+./bin/pleroma_ctl database update_users_following_followers_counts
 ```
 ```sh tab="From Source"
 mix pleroma.database update_users_following_followers_counts
 ```
 ## Fix the pre-existing "likes" collections for all objects
-```sh
+```sh tab="OTP"
-$PREFIX fix_likes_collections
+./bin/pleroma_ctl database fix_likes_collections
 ```
 ```sh tab="From Source"
 mix pleroma.database fix_likes_collections
 ```
--- a/docs/administration/CLI_tasks/digest.md
+++ b/docs/administration/CLI_tasks/digest.md
@ -1,13 +1,24 @@
 # Managing digest emails
-Every command should be ran with a prefix, in case of OTP releases it is `./bin/pleroma_ctl digest` and in case of source installs it's `mix pleroma.digest`.
+
 {! backend/administration/CLI_tasks/general_cli_task_info.include !}
 ## Send digest email since given date (user registration date by default) ignoring user activity status.
-```sh
+```sh tab="OTP"
-$PREFIX test <nickname> [<since_date>]
+ ./bin/pleroma_ctl digest test <nickname> [<since_date>]
 ```
-Example: 
+```sh tab="From Source"
-```sh
+mix pleroma.digest test <nickname> [<since_date>]
 $PREFIX test donaldtheduck 2019-05-20
 ```
 Example: 
 ```sh tab="OTP"
 ./bin/pleroma_ctl digest test donaldtheduck 2019-05-20
 ```
 ```sh tab="From Source"
 mix pleroma.digest test donaldtheduck 2019-05-20
 ```
--- a/docs/administration/CLI_tasks/emoji.md
+++ b/docs/administration/CLI_tasks/emoji.md
@ -1,28 +1,44 @@
 # Managing emoji packs
-Every command should be ran with a prefix, in case of OTP releases it is `./bin/pleroma_ctl emoji` and in case of source installs it's `mix pleroma.emoji`.
+{! backend/administration/CLI_tasks/general_cli_task_info.include !}
 ## Lists emoji packs and metadata specified in the manifest
-```sh
+```sh tab="OTP"
-$PREFIX ls-packs [<options>]
+./bin/pleroma_ctl emoji ls-packs [<options>]
 ```
 ```sh tab="From Source"
 mix pleroma.emoji ls-packs [<options>]
 ```
 ### Options
 - `-m, --manifest PATH/URL` - path to a custom manifest, it can either be an URL starting with `http`, in that case the manifest will be fetched from that address, or a local path
 ## Fetch, verify and install the specified packs from the manifest into `STATIC-DIR/emoji/PACK-NAME`
-```sh
+
-$PREFIX get-packs [<options>] <packs>
+```sh tab="OTP"
 ./bin/pleroma_ctl emoji get-packs [<options>] <packs>
 ```
 ```sh tab="From Source"
 mix pleroma.emoji get-packs [<options>] <packs>
 ```
 ### Options
 - `-m, --manifest PATH/URL` - same as [`ls-packs`](#ls-packs)
 ## Create a new manifest entry and a file list from the specified remote pack file
-```sh
+
-$PREFIX gen-pack PACK-URL
+```sh tab="OTP"
 ./bin/pleroma_ctl emoji gen-pack PACK-URL
 ```
 ```sh tab="From Source"
 mix pleroma.emoji gen-pack PACK-URL
 ```
 Currently, only .zip archives are recognized as remote pack files and packs are therefore assumed to be zip archives. This command is intended to run interactively and will first ask you some basic questions about the pack, then download the remote file and generate an SHA256 checksum for it, then generate an emoji file list for you. 
  The manifest entry will either be written to a newly created `index.json` file or appended to the existing one, *replacing* the old pack with the same name if it was in the file previously.
--- a/docs/administration/CLI_tasks/general_cli_task_info.include
+++ b/docs/administration/CLI_tasks/general_cli_task_info.include
@ -0,0 +1,5 @@
 Every command should be ran as the `pleroma` user from it's home directory. For example if you are superuser, you would have to wrap the command in `su pleroma -s $SHELL -lc "$COMMAND"`.
 ??? note "From source note about `MIX_ENV`"
     The `mix` command should be prefixed with the name of environment your Pleroma server is running in, usually it's `MIX_ENV=prod`
--- a/docs/administration/CLI_tasks/instance.md
+++ b/docs/administration/CLI_tasks/instance.md
@ -1,12 +1,17 @@
 # Managing instance configuration
-Every command should be ran with a prefix, in case of OTP releases it is `./bin/pleroma_ctl instance` and in case of source installs it's `mix pleroma.instance`.
+{! backend/administration/CLI_tasks/general_cli_task_info.include !}
 ## Generate a new configuration file
-```sh
+```sh tab="OTP"
-$PREFIX gen [<options>]
+ ./bin/pleroma_ctl instance gen [<options>]
 ```
 ```sh tab="From Source"
 mix pleroma.instance gen [<options>]
 ```
 If any of the options are left unspecified, you will be prompted interactively.
 ### Options
--- a/docs/administration/CLI_tasks/relay.md
+++ b/docs/administration/CLI_tasks/relay.md
@ -1,30 +1,33 @@
 # Managing relays
-Every command should be ran with a prefix, in case of OTP releases it is `./bin/pleroma_ctl relay` and in case of source installs it's `mix pleroma.relay`.
+{! backend/administration/CLI_tasks/general_cli_task_info.include !}
 ## Follow a relay
-```sh
+
-$PREFIX follow <relay_url>
+```sh tab="OTP"
 ./bin/pleroma_ctl relay follow <relay_url>
 ```
-Example:
+```sh tab="From Source"
-```sh
+mix pleroma.relay follow <relay_url>
 $PREFIX follow https://example.org/relay
 ```
 ## Unfollow a remote relay
-```sh
+```sh tab="OTP"
-$PREFIX unfollow <relay_url>
+./bin/pleroma_ctl relay unfollow <relay_url>
 ```
-Example:
+```sh tab="From Source"
-```sh
+mix pleroma.relay unfollow <relay_url>
 $PREFIX unfollow https://example.org/relay
 ```
 ## List relay subscriptions
-```sh
+```sh tab="OTP"
-$PREFIX list
+./bin/pleroma_ctl relay list
 ```
 ```sh tab="From Source"
 mix pleroma.relay list
 ```
--- a/docs/administration/CLI_tasks/uploads.md
+++ b/docs/administration/CLI_tasks/uploads.md
@ -1,11 +1,16 @@
 # Managing uploads
-Every command should be ran with a prefix, in case of OTP releases it is `./bin/pleroma_ctl uploads` and in case of source installs it's `mix pleroma.uploads`.
+{! backend/administration/CLI_tasks/general_cli_task_info.include !}
 ## Migrate uploads from local to remote storage
-```sh
+```sh tab="OTP"
-$PREFIX migrate_local <target_uploader> [<options>]
+ ./bin/pleroma_ctl uploads migrate_local <target_uploader> [<options>]
 ```
 ```sh tab="From Source"
 mix pleroma.uploads migrate_local <target_uploader> [<options>]
 ```
 ### Options
 - `--delete` - delete local uploads after migrating them to the target uploader
--- a/docs/administration/CLI_tasks/user.md
+++ b/docs/administration/CLI_tasks/user.md
@ -1,12 +1,18 @@
 # Managing users
-Every command should be ran with a prefix, in case of OTP releases it is `./bin/pleroma_ctl user` and in case of source installs it's `mix pleroma.user`.
+{! backend/administration/CLI_tasks/general_cli_task_info.include !}
 ## Create a user
-```sh
+
-$PREFIX new <nickname> <email> [<options>]
+```sh tab="OTP"
 ./bin/pleroma_ctl user new <email> [<options>]
 ```
 ```sh tab="From Source"
 mix pleroma.user new <email> [<options>]
 ```
 ### Options
 - `--name <name>` - the user's display name
 - `--bio <bio>` - the user's bio
@ -16,84 +22,159 @@ $PREFIX new <nickname> <email> [<options>]
 - `-y`, `--assume-yes`/`--no-assume-yes` - whether to assume yes to all questions
 ## List local users
-```sh
+```sh tab="OTP"
-$PREFIX list
+ ./bin/pleroma_ctl user list
 ```
-## Generate an invite link
+```sh tab="From Source"
-```sh
+mix pleroma.user list
 $PREFIX invite [<options>]
 ```
 ## Generate an invite link
 ```sh tab="OTP"
 ./bin/pleroma_ctl user invite [<options>]
 ```
 ```sh tab="From Source"
 mix pleroma.user invite [<options>]
 ```
 ### Options
 - `--expires-at DATE` - last day on which token is active (e.g. "2019-04-05")
 - `--max-use NUMBER` - maximum numbers of token uses
 ## List generated invites
-```sh
+```sh tab="OTP"
-$PREFIX invites
+ ./bin/pleroma_ctl user invites
 ```
 ```sh tab="From Source"
 mix pleroma.user invites
 ```
 ## Revoke invite
-```sh
+```sh tab="OTP"
-$PREFIX revoke_invite <token_or_id>
+ ./bin/pleroma_ctl user revoke_invite <token_or_id>
 ```
 ```sh tab="From Source"
 mix pleroma.user revoke_invite <token_or_id>
 ```
 ## Delete a user
-```sh
+```sh tab="OTP"
-$PREFIX rm <nickname>
+ ./bin/pleroma_ctl user rm <nickname>
 ```
 ```sh tab="From Source"
 mix pleroma.user rm <nickname>
 ```
 ## Delete user's posts and interactions
-```sh
+```sh tab="OTP"
-$PREFIX delete_activities <nickname>
+ ./bin/pleroma_ctl user delete_activities <nickname>
 ```
 ```sh tab="From Source"
 mix pleroma.user delete_activities <nickname>
 ```
 ## Sign user out from all applications (delete user's OAuth tokens and authorizations)
-```sh
+```sh tab="OTP"
-$PREFIX sign_out <nickname>
+ ./bin/pleroma_ctl user sign_out <nickname>
 ```
 ```sh tab="From Source"
 mix pleroma.user sign_out <nickname>
 ```
 ## Deactivate or activate a user 
-```sh
+```sh tab="OTP"
-$PREFIX toggle_activated <nickname> 
+ ./bin/pleroma_ctl user toggle_activated <nickname> 
 ```
 ```sh tab="From Source"
 mix pleroma.user toggle_activated <nickname> 
 ```
 ## Unsubscribe local users from a user and deactivate the user
-```sh
+```sh tab="OTP"
-$PREFIX unsubscribe NICKNAME
+ ./bin/pleroma_ctl user unsubscribe NICKNAME
 ```
 ```sh tab="From Source"
 mix pleroma.user unsubscribe NICKNAME
 ```
 ## Unsubscribe local users from an instance and deactivate all accounts on it
-```sh
+```sh tab="OTP"
-$PREFIX unsubscribe_all_from_instance <instance>
+ ./bin/pleroma_ctl user unsubscribe_all_from_instance <instance>
 ```
 ```sh tab="From Source"
 mix pleroma.user unsubscribe_all_from_instance <instance>
 ```
 ## Create a password reset link for user
-```sh
+```sh tab="OTP"
-$PREFIX reset_password <nickname>
+ ./bin/pleroma_ctl user reset_password <nickname>
 ```
-## Set the value of the given user's settings
+```sh tab="From Source"
-```sh
+mix pleroma.user reset_password <nickname>
 $PREFIX set <nickname> [<options>]
 ```
 ## Set the value of the given user's settings
 ```sh tab="OTP"
 ./bin/pleroma_ctl user set <nickname> [<options>]
 ```
 ```sh tab="From Source"
 mix pleroma.user set <nickname> [<options>]
 ```
 ### Options
 - `--locked`/`--no-locked` - whether the user should be locked
 - `--moderator`/`--no-moderator` - whether the user should be a moderator
 - `--admin`/`--no-admin` - whether the user should be an admin
 ## Add tags to a user
-```sh
+```sh tab="OTP"
-$PREFIX tag <nickname> <tags>
+ ./bin/pleroma_ctl user tag <nickname> <tags>
 ```
 ```sh tab="From Source"
 mix pleroma.user tag <nickname> <tags>
 ```
 ## Delete tags from a user
-```sh
+```sh tab="OTP"
-$PREFIX untag <nickname> <tags>
+ ./bin/pleroma_ctl user untag <nickname> <tags>
 ```
-## Toggle confirmation status of the user
+```sh tab="From Source"
-```sh
+mix pleroma.user untag <nickname> <tags>
 $PREFIX toggle_confirmed <nickname>
 ```
 ## Toggle confirmation status of the user
 ```sh tab="OTP"
 ./bin/pleroma_ctl user toggle_confirmed <nickname>
 ```
 ```sh tab="From Source"
 mix pleroma.user toggle_confirmed <nickname>
 ```
--- a/docs/configuration/cheatsheet.md
+++ b/docs/configuration/cheatsheet.md
@ -12,6 +12,7 @@ You shouldn't edit the base config directly to avoid breakages and merge conflic
 * `notify_email`: Email used for notifications.
 * `description`: The instance’s description, can be seen in nodeinfo and ``/api/v1/instance``.
 * `limit`: Posts character limit (CW/Subject included in the counter).
 * `chat_limit`: Character limit of the instance chat messages.
 * `remote_limit`: Hard character limit beyond which remote posts will be dropped.
 * `upload_limit`: File size limit of uploads (except for avatar, background, banner).
 * `avatar_upload_limit`: File size limit of user’s profile avatars.
@ -378,13 +379,19 @@ For each pool, the options are:
 ## Captcha
 ### Pleroma.Captcha
 * `enabled`: Whether the captcha should be shown on registration.
 * `method`: The method/service to use for captcha.
 * `seconds_valid`: The time in seconds for which the captcha is valid.
 ### Captcha providers
 #### Pleroma.Captcha.Native
 A built-in captcha provider. Enabled by default.
 #### Pleroma.Captcha.Kocaptcha
 Kocaptcha is a very simple captcha service with a single API endpoint,
 the source code is here: https://github.com/koto-bank/kocaptcha. The default endpoint
 `https://captcha.kotobank.ch` is hosted by the developer.
--- a/lib/mix/tasks/pleroma/config.ex
+++ b/lib/mix/tasks/pleroma/config.ex
@ -52,7 +52,9 @@ defmodule Mix.Tasks.Pleroma.Config do
      |> Enum.each(fn config ->
        IO.write(
          file,
-          "config :#{config.group}, #{config.key}, #{inspect(Config.from_binary(config.value))}\r\n\r\n"
+          "config :#{config.group}, #{config.key}, #{
            inspect(Config.from_binary(config.value), limit: :infinity)
          }\r\n\r\n"
        )
        if delete? do
--- a/lib/mix/tasks/pleroma/notification_settings.ex
+++ b/lib/mix/tasks/pleroma/notification_settings.ex
@ -0,0 +1,83 @@
 defmodule Mix.Tasks.Pleroma.NotificationSettings do
  @shortdoc "Enable&Disable privacy option for push notifications"
  @moduledoc """
  Example:
  > mix pleroma.notification_settings --privacy-option=false --nickname-users="parallel588"  # set false only for parallel588 user
  > mix pleroma.notification_settings --privacy-option=true # set true for all users
  """
  use Mix.Task
  import Mix.Pleroma
  import Ecto.Query
  def run(args) do
    start_pleroma()
    {options, _, _} =
      OptionParser.parse(
        args,
        strict: [
          privacy_option: :boolean,
          email_users: :string,
          nickname_users: :string
        ]
      )
    privacy_option = Keyword.get(options, :privacy_option)
    if not is_nil(privacy_option) do
      privacy_option
      |> build_query(options)
      |> Pleroma.Repo.update_all([])
    end
    shell_info("Done")
  end
  defp build_query(privacy_option, options) do
    query =
      from(u in Pleroma.User,
        update: [
          set: [
            notification_settings:
              fragment(
                "jsonb_set(notification_settings, '{privacy_option}', ?)",
                ^privacy_option
              )
          ]
        ]
      )
    user_emails =
      options
      |> Keyword.get(:email_users, "")
      |> String.split(",")
      |> Enum.map(&String.trim(&1))
      |> Enum.reject(&(&1 == ""))
    query =
      if length(user_emails) > 0 do
        where(query, [u], u.email in ^user_emails)
      else
        query
      end
    user_nicknames =
      options
      |> Keyword.get(:nickname_users, "")
      |> String.split(",")
      |> Enum.map(&String.trim(&1))
      |> Enum.reject(&(&1 == ""))
    query =
      if length(user_nicknames) > 0 do
        where(query, [u], u.nickname in ^user_nicknames)
      else
        query
      end
    query
  end
 end
--- a/lib/mix/tasks/pleroma/user.ex
+++ b/lib/mix/tasks/pleroma/user.ex
@ -8,7 +8,6 @@ defmodule Mix.Tasks.Pleroma.User do
  alias Ecto.Changeset
  alias Pleroma.User
  alias Pleroma.UserInviteToken
  alias Pleroma.Web.OAuth
  @shortdoc "Manages Pleroma users"
  @moduledoc File.read!("docs/administration/CLI_tasks/user.md")
@ -354,8 +353,7 @@ defmodule Mix.Tasks.Pleroma.User do
    start_pleroma()
    with %User{local: true} = user <- User.get_cached_by_nickname(nickname) do
-      OAuth.Token.delete_user_tokens(user)
+      User.global_sign_out(user)
      OAuth.Authorization.delete_user_authorizations(user)
      shell_info("#{nickname} signed out from all apps.")
    else
@ -373,9 +371,9 @@ defmodule Mix.Tasks.Pleroma.User do
      users
      |> Enum.each(fn user ->
        shell_info(
-          "#{user.nickname} moderator: #{user.info.is_moderator}, admin: #{user.info.is_admin}, locked: #{
+          "#{user.nickname} moderator: #{user.is_moderator}, admin: #{user.is_admin}, locked: #{
-            user.info.locked
+            user.locked
-          }, deactivated: #{user.info.deactivated}"
+          }, deactivated: #{user.deactivated}"
        )
      end)
    end)
@ -393,10 +391,7 @@ defmodule Mix.Tasks.Pleroma.User do
  end
  defp set_admin(user, value) do
-    {:ok, user} =
+    {:ok, user} = User.admin_api_update(user, %{is_admin: value})
      user
      |> Changeset.change(%{is_admin: value})
      |> User.update_and_set_cache()
    shell_info("Admin status of #{user.nickname}: #{user.is_admin}")
    user
--- a/lib/pleroma/activity.ex
+++ b/lib/pleroma/activity.ex
@ -12,6 +12,7 @@ defmodule Pleroma.Activity do
  alias Pleroma.Notification
  alias Pleroma.Object
  alias Pleroma.Repo
  alias Pleroma.ReportNote
  alias Pleroma.ThreadMute
  alias Pleroma.User
@ -48,6 +49,8 @@ defmodule Pleroma.Activity do
    has_one(:user_actor, User, on_delete: :nothing, foreign_key: :id)
    # This is a fake relation, do not use outside of with_preloaded_bookmark/get_bookmark
    has_one(:bookmark, Bookmark)
    # This is a fake relation, do not use outside of with_preloaded_report_notes
    has_many(:report_notes, ReportNote)
    has_many(:notifications, Notification, on_delete: :delete_all)
    # Attention: this is a fake relation, don't try to preload it blindly and expect it to work!
@ -114,6 +117,16 @@ defmodule Pleroma.Activity do
  def with_preloaded_bookmark(query, _), do: query
  def with_preloaded_report_notes(query) do
    from([a] in query,
      left_join: r in ReportNote,
      on: a.id == r.activity_id,
      preload: [report_notes: r]
    )
  end
  def with_preloaded_report_notes(query, _), do: query
  def with_set_thread_muted_field(query, %User{} = user) do
    from([a] in query,
      left_join: tm in ThreadMute,
@ -241,9 +254,10 @@ defmodule Pleroma.Activity do
  def normalize(ap_id) when is_binary(ap_id), do: get_by_ap_id_with_object(ap_id)
  def normalize(_), do: nil
-  def delete_by_ap_id(id) when is_binary(id) do
+  def delete_all_by_object_ap_id(id) when is_binary(id) do
    id
    |> Queries.by_object_id()
    |> Queries.exclude_type("Delete")
    |> select([u], u)
    |> Repo.delete_all()
    |> elem(1)
@ -255,7 +269,7 @@ defmodule Pleroma.Activity do
    |> purge_web_resp_cache()
  end
-  def delete_by_ap_id(_), do: nil
+  def delete_all_by_object_ap_id(_), do: nil
  defp purge_web_resp_cache(%Activity{} = activity) do
    %{path: path} = URI.parse(activity.data["id"])
--- a/lib/pleroma/activity/queries.ex
+++ b/lib/pleroma/activity/queries.ex
@ -64,4 +64,12 @@ defmodule Pleroma.Activity.Queries do
      where: fragment("(?)->>'type' = ?", activity.data, ^activity_type)
    )
  end
  @spec exclude_type(query, String.t()) :: query
  def exclude_type(query \\ Activity, activity_type) do
    from(
      activity in query,
      where: fragment("(?)->>'type' != ?", activity.data, ^activity_type)
    )
  end
 end
--- a/lib/pleroma/activity/search.ex
+++ b/lib/pleroma/activity/search.ex
@ -86,7 +86,7 @@ defmodule Pleroma.Activity.Search do
         {:ok, object} <- Fetcher.fetch_object_from_id(search_query),
         %Activity{} = activity <- Activity.get_create_by_object_ap_id(object.data["id"]),
         true <- Visibility.visible_for_user?(activity, user) do
-      activities ++ [activity]
+      [activity | activities]
    else
      _ -> activities
    end
--- a/lib/pleroma/application.ex
+++ b/lib/pleroma/application.ex
@ -30,6 +30,7 @@ defmodule Pleroma.Application do
  # See http://elixir-lang.org/docs/stable/elixir/Application.html
  # for more information on OTP Applications
  def start(_type, _args) do
    Pleroma.HTML.compile_scrubbers()
    Pleroma.Config.DeprecationWarnings.warn()
    setup_instrumenters()
@ -147,8 +148,6 @@ defmodule Pleroma.Application do
  defp oauth_cleanup_child(_), do: []
  defp chat_child(:test, _), do: []
  defp chat_child(_env, true) do
    [Pleroma.Web.ChatChannel.ChatChannelState]
  end
--- a/lib/pleroma/captcha/native.ex
+++ b/lib/pleroma/captcha/native.ex
@ -0,0 +1,35 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Captcha.Native do
  import Pleroma.Web.Gettext
  alias Pleroma.Captcha.Service
  @behaviour Service
  @impl Service
  def new do
    case Captcha.get() do
      {:timeout} ->
        %{error: dgettext("errors", "Captcha timeout")}
      {:ok, answer_data, img_binary} ->
        %{
          type: :native,
          token: token(),
          url: "data:image/png;base64," <> Base.encode64(img_binary),
          answer_data: answer_data
        }
    end
  end
  @impl Service
  def validate(_token, captcha, captcha) when not is_nil(captcha), do: :ok
  def validate(_token, _captcha, _answer), do: {:error, dgettext("errors", "Invalid CAPTCHA")}
  defp token do
    10
    |> :crypto.strong_rand_bytes()
    |> Base.url_encode64(padding: false)
  end
 end
--- a/lib/pleroma/clippy.ex
+++ b/lib/pleroma/clippy.ex
@ -4,6 +4,7 @@
 defmodule Pleroma.Clippy do
  @moduledoc false
  # No software is complete until they have a Clippy implementation.
  # A ballmer peak _may_ be required to change this module.
--- a/lib/pleroma/config.ex
+++ b/lib/pleroma/config.ex
@ -65,4 +65,16 @@ defmodule Pleroma.Config do
  def oauth_consumer_strategies, do: get([:auth, :oauth_consumer_strategies], [])
  def oauth_consumer_enabled?, do: oauth_consumer_strategies() != []
  def enforce_oauth_admin_scope_usage?, do: !!get([:auth, :enforce_oauth_admin_scope_usage])
  def oauth_admin_scopes(scopes) when is_list(scopes) do
    Enum.flat_map(
      scopes,
      fn scope ->
        ["admin:#{scope}"] ++
          if enforce_oauth_admin_scope_usage?(), do: [], else: [scope]
      end
    )
  end
 end
--- a/lib/pleroma/following_relationship.ex
+++ b/lib/pleroma/following_relationship.ex
@ -121,8 +121,12 @@ defmodule Pleroma.FollowingRelationship do
      Pleroma.Web.CommonAPI.follow(following_relationship.follower, target)
    end)
    |> case do
-      [] -> :ok
+      [] ->
-      _ -> move_following(origin, target)
+        User.update_follower_count(origin)
        :ok
      _ ->
        move_following(origin, target)
    end
  end
 end
--- a/lib/pleroma/html.ex
+++ b/lib/pleroma/html.ex
@ -3,6 +3,25 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.HTML do
  # Scrubbers are compiled on boot so they can be configured in OTP releases
  #  @on_load :compile_scrubbers
  def compile_scrubbers do
    dir = Path.join(:code.priv_dir(:pleroma), "scrubbers")
    dir
    |> File.ls!()
    |> Enum.map(&Path.join(dir, &1))
    |> Kernel.ParallelCompiler.compile()
    |> case do
      {:error, _errors, _warnings} ->
        raise "Compiling scrubbers failed"
      {:ok, _modules, _warnings} ->
        :ok
    end
  end
  defp get_scrubbers(scrubber) when is_atom(scrubber), do: [scrubber]
  defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers
  defp get_scrubbers(_), do: [Pleroma.HTML.Scrubber.Default]
@ -99,215 +118,3 @@ defmodule Pleroma.HTML do
    end)
  end
 end
 defmodule Pleroma.HTML.Scrubber.TwitterText do
  @moduledoc """
  An HTML scrubbing policy which limits to twitter-style text.  Only
  paragraphs, breaks and links are allowed through the filter.
  """
  @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
  require FastSanitize.Sanitizer.Meta
  alias FastSanitize.Sanitizer.Meta
  Meta.strip_comments()
  # links
  Meta.allow_tag_with_uri_attributes(:a, ["href", "data-user", "data-tag"], @valid_schemes)
  Meta.allow_tag_with_this_attribute_values(:a, "class", [
    "hashtag",
    "u-url",
    "mention",
    "u-url mention",
    "mention u-url"
  ])
  Meta.allow_tag_with_this_attribute_values(:a, "rel", [
    "tag",
    "nofollow",
    "noopener",
    "noreferrer"
  ])
  Meta.allow_tag_with_these_attributes(:a, ["name", "title"])
  # paragraphs and linebreaks
  Meta.allow_tag_with_these_attributes(:br, [])
  Meta.allow_tag_with_these_attributes(:p, [])
  # microformats
  Meta.allow_tag_with_this_attribute_values(:span, "class", ["h-card"])
  Meta.allow_tag_with_these_attributes(:span, [])
  # allow inline images for custom emoji
  if Pleroma.Config.get([:markup, :allow_inline_images]) do
    # restrict img tags to http/https only, because of MediaProxy.
    Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"])
    Meta.allow_tag_with_these_attributes(:img, [
      "width",
      "height",
      "class",
      "title",
      "alt"
    ])
  end
  Meta.strip_everything_not_covered()
 end
 defmodule Pleroma.HTML.Scrubber.Default do
  @doc "The default HTML scrubbing policy: no "
  require FastSanitize.Sanitizer.Meta
  alias FastSanitize.Sanitizer.Meta
  # credo:disable-for-previous-line
  # No idea how to fix this one…
  @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
  Meta.strip_comments()
  Meta.allow_tag_with_uri_attributes(:a, ["href", "data-user", "data-tag"], @valid_schemes)
  Meta.allow_tag_with_this_attribute_values(:a, "class", [
    "hashtag",
    "u-url",
    "mention",
    "u-url mention",
    "mention u-url"
  ])
  Meta.allow_tag_with_this_attribute_values(:a, "rel", [
    "tag",
    "nofollow",
    "noopener",
    "noreferrer",
    "ugc"
  ])
  Meta.allow_tag_with_these_attributes(:a, ["name", "title"])
  Meta.allow_tag_with_these_attributes(:abbr, ["title"])
  Meta.allow_tag_with_these_attributes(:b, [])
  Meta.allow_tag_with_these_attributes(:blockquote, [])
  Meta.allow_tag_with_these_attributes(:br, [])
  Meta.allow_tag_with_these_attributes(:code, [])
  Meta.allow_tag_with_these_attributes(:del, [])
  Meta.allow_tag_with_these_attributes(:em, [])
  Meta.allow_tag_with_these_attributes(:i, [])
  Meta.allow_tag_with_these_attributes(:li, [])
  Meta.allow_tag_with_these_attributes(:ol, [])
  Meta.allow_tag_with_these_attributes(:p, [])
  Meta.allow_tag_with_these_attributes(:pre, [])
  Meta.allow_tag_with_these_attributes(:strong, [])
  Meta.allow_tag_with_these_attributes(:sub, [])
  Meta.allow_tag_with_these_attributes(:sup, [])
  Meta.allow_tag_with_these_attributes(:u, [])
  Meta.allow_tag_with_these_attributes(:ul, [])
  Meta.allow_tag_with_this_attribute_values(:span, "class", ["h-card"])
  Meta.allow_tag_with_these_attributes(:span, [])
  @allow_inline_images Pleroma.Config.get([:markup, :allow_inline_images])
  if @allow_inline_images do
    # restrict img tags to http/https only, because of MediaProxy.
    Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"])
    Meta.allow_tag_with_these_attributes(:img, [
      "width",
      "height",
      "class",
      "title",
      "alt"
    ])
  end
  if Pleroma.Config.get([:markup, :allow_tables]) do
    Meta.allow_tag_with_these_attributes(:table, [])
    Meta.allow_tag_with_these_attributes(:tbody, [])
    Meta.allow_tag_with_these_attributes(:td, [])
    Meta.allow_tag_with_these_attributes(:th, [])
    Meta.allow_tag_with_these_attributes(:thead, [])
    Meta.allow_tag_with_these_attributes(:tr, [])
  end
  if Pleroma.Config.get([:markup, :allow_headings]) do
    Meta.allow_tag_with_these_attributes(:h1, [])
    Meta.allow_tag_with_these_attributes(:h2, [])
    Meta.allow_tag_with_these_attributes(:h3, [])
    Meta.allow_tag_with_these_attributes(:h4, [])
    Meta.allow_tag_with_these_attributes(:h5, [])
  end
  if Pleroma.Config.get([:markup, :allow_fonts]) do
    Meta.allow_tag_with_these_attributes(:font, ["face"])
  end
  Meta.strip_everything_not_covered()
 end
 defmodule Pleroma.HTML.Transform.MediaProxy do
  @moduledoc "Transforms inline image URIs to use MediaProxy."
  alias Pleroma.Web.MediaProxy
  def before_scrub(html), do: html
  def scrub_attribute(:img, {"src", "http" <> target}) do
    media_url =
      ("http" <> target)
      |> MediaProxy.url()
    {"src", media_url}
  end
  def scrub_attribute(_tag, attribute), do: attribute
  def scrub({:img, attributes, children}) do
    attributes =
      attributes
      |> Enum.map(fn attr -> scrub_attribute(:img, attr) end)
      |> Enum.reject(&is_nil(&1))
    {:img, attributes, children}
  end
  def scrub({:comment, _text, _children}), do: ""
  def scrub({tag, attributes, children}), do: {tag, attributes, children}
  def scrub({_tag, children}), do: children
  def scrub(text), do: text
 end
 defmodule Pleroma.HTML.Scrubber.LinksOnly do
  @moduledoc """
  An HTML scrubbing policy which limits to links only.
  """
  @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
  require FastSanitize.Sanitizer.Meta
  alias FastSanitize.Sanitizer.Meta
  Meta.strip_comments()
  # links
  Meta.allow_tag_with_uri_attributes(:a, ["href"], @valid_schemes)
  Meta.allow_tag_with_this_attribute_values(:a, "rel", [
    "tag",
    "nofollow",
    "noopener",
    "noreferrer",
    "me",
    "ugc"
  ])
  Meta.allow_tag_with_these_attributes(:a, ["name", "title"])
  Meta.strip_everything_not_covered()
 end
--- a/lib/pleroma/moderation_log.ex
+++ b/lib/pleroma/moderation_log.ex
@ -128,17 +128,35 @@ defmodule Pleroma.ModerationLog do
          {:ok, ModerationLog} | {:error, any}
  def insert_log(%{
        actor: %User{} = actor,
-        action: "report_response",
+        action: "report_note",
        subject: %Activity{} = subject,
        text: text
      }) do
    %ModerationLog{
      data: %{
        "actor" => user_to_map(actor),
-        "action" => "report_response",
+        "action" => "report_note",
        "subject" => report_to_map(subject),
-        "text" => text,
+        "text" => text
-        "message" => ""
+      }
    }
    |> insert_log_entry_with_message()
  end
  @spec insert_log(%{actor: User, subject: Activity, action: String.t(), text: String.t()}) ::
          {:ok, ModerationLog} | {:error, any}
  def insert_log(%{
        actor: %User{} = actor,
        action: "report_note_delete",
        subject: %Activity{} = subject,
        text: text
      }) do
    %ModerationLog{
      data: %{
        "actor" => user_to_map(actor),
        "action" => "report_note_delete",
        "subject" => report_to_map(subject),
        "text" => text
      }
    }
    |> insert_log_entry_with_message()
@ -556,12 +574,24 @@ defmodule Pleroma.ModerationLog do
  def get_log_entry_message(%ModerationLog{
        data: %{
          "actor" => %{"nickname" => actor_nickname},
-          "action" => "report_response",
+          "action" => "report_note",
          "subject" => %{"id" => subject_id, "type" => "report"},
          "text" => text
        }
      }) do
-    "@#{actor_nickname} responded with '#{text}' to report ##{subject_id}"
+    "@#{actor_nickname} added note '#{text}' to report ##{subject_id}"
  end
  @spec get_log_entry_message(ModerationLog) :: String.t()
  def get_log_entry_message(%ModerationLog{
        data: %{
          "actor" => %{"nickname" => actor_nickname},
          "action" => "report_note_delete",
          "subject" => %{"id" => subject_id, "type" => "report"},
          "text" => text
        }
      }) do
    "@#{actor_nickname} deleted note '#{text}' from report ##{subject_id}"
  end
  @spec get_log_entry_message(ModerationLog) :: String.t()
--- a/lib/pleroma/notification.ex
+++ b/lib/pleroma/notification.ex
@ -77,6 +77,7 @@ defmodule Pleroma.Notification do
    |> exclude_notification_muted(user, exclude_notification_muted_opts)
    |> exclude_blocked(user, exclude_blocked_opts)
    |> exclude_visibility(opts)
    |> exclude_move(opts)
  end
  defp exclude_blocked(query, user, opts) do
@ -106,16 +107,42 @@ defmodule Pleroma.Notification do
    |> where([n, a, o, tm], is_nil(tm.user_id))
  end
  defp exclude_move(query, %{with_move: true}) do
    query
  end
  defp exclude_move(query, _opts) do
    where(query, [n, a], fragment("?->>'type' != 'Move'", a.data))
  end
  @valid_visibilities ~w[direct unlisted public private]
  defp exclude_visibility(query, %{exclude_visibilities: visibility})
       when is_list(visibility) do
    if Enum.all?(visibility, &(&1 in @valid_visibilities)) do
      query
      |> join(:left, [n, a], mutated_activity in Pleroma.Activity,
        on:
          fragment("?->>'context'", a.data) ==
            fragment("?->>'context'", mutated_activity.data) and
            fragment("(?->>'type' = 'Like' or ?->>'type' = 'Announce')", a.data, a.data) and
            fragment("?->>'type'", mutated_activity.data) == "Create",
        as: :mutated_activity
      )
      |> where(
-        [n, a],
+        [n, a, mutated_activity: mutated_activity],
        not fragment(
-          "activity_visibility(?, ?, ?) = ANY (?)",
+          """
          CASE WHEN (?->>'type') = 'Like' or (?->>'type') = 'Announce'
            THEN (activity_visibility(?, ?, ?) = ANY (?))
            ELSE (activity_visibility(?, ?, ?) = ANY (?)) END
          """,
          a.data,
          a.data,
          mutated_activity.actor,
          mutated_activity.recipients,
          mutated_activity.data,
          ^visibility,
          a.actor,
          a.recipients,
          a.data,
@ -130,17 +157,7 @@ defmodule Pleroma.Notification do
  defp exclude_visibility(query, %{exclude_visibilities: visibility})
       when visibility in @valid_visibilities do
-    query
+    exclude_visibility(query, [visibility])
    |> where(
      [n, a],
      not fragment(
        "activity_visibility(?, ?, ?) = (?)",
        a.actor,
        a.recipients,
        a.data,
        ^visibility
      )
    )
  end
  defp exclude_visibility(query, %{exclude_visibilities: visibility})
@ -338,7 +355,7 @@ defmodule Pleroma.Notification do
  def skip?(
        :followers,
        activity,
-        %{notification_settings: %{"followers" => false}} = user
+        %{notification_settings: %{followers: false}} = user
      ) do
    actor = activity.data["actor"]
    follower = User.get_cached_by_ap_id(actor)
@ -348,14 +365,14 @@ defmodule Pleroma.Notification do
  def skip?(
        :non_followers,
        activity,
-        %{notification_settings: %{"non_followers" => false}} = user
+        %{notification_settings: %{non_followers: false}} = user
      ) do
    actor = activity.data["actor"]
    follower = User.get_cached_by_ap_id(actor)
    !User.following?(follower, user)
  end
-  def skip?(:follows, activity, %{notification_settings: %{"follows" => false}} = user) do
+  def skip?(:follows, activity, %{notification_settings: %{follows: false}} = user) do
    actor = activity.data["actor"]
    followed = User.get_cached_by_ap_id(actor)
    User.following?(user, followed)
@ -364,7 +381,7 @@ defmodule Pleroma.Notification do
  def skip?(
        :non_follows,
        activity,
-        %{notification_settings: %{"non_follows" => false}} = user
+        %{notification_settings: %{non_follows: false}} = user
      ) do
    actor = activity.data["actor"]
    followed = User.get_cached_by_ap_id(actor)
--- a/lib/pleroma/object.ex
+++ b/lib/pleroma/object.ex
@ -23,6 +23,23 @@ defmodule Pleroma.Object do
    timestamps()
  end
  def with_joined_activity(query, activity_type \\ "Create", join_type \\ :inner) do
    object_position = Map.get(query.aliases, :object, 0)
    join(query, join_type, [{object, object_position}], a in Activity,
      on:
        fragment(
          "COALESCE(?->'object'->>'id', ?->>'object') = (? ->> 'id') AND (?->>'type' = ?) ",
          a.data,
          a.data,
          object.data,
          a.data,
          ^activity_type
        ),
      as: :object_activity
    )
  end
  def create(data) do
    Object.change(%Object{}, %{data: data})
    |> Repo.insert()
@ -147,7 +164,7 @@ defmodule Pleroma.Object do
  def delete(%Object{data: %{"id" => id}} = object) do
    with {:ok, _obj} = swap_object_with_tombstone(object),
-         deleted_activity = Activity.delete_by_ap_id(id),
+         deleted_activity = Activity.delete_all_by_object_ap_id(id),
         {:ok, true} <- Cachex.del(:object_cache, "object:#{id}"),
         {:ok, _} <- Cachex.del(:web_resp_cache, URI.parse(id).path) do
      {:ok, object, deleted_activity}
--- a/lib/pleroma/pagination.ex
+++ b/lib/pleroma/pagination.ex
@ -13,60 +13,66 @@ defmodule Pleroma.Pagination do
  alias Pleroma.Repo
  @default_limit 20
  @page_keys ["max_id", "min_id", "limit", "since_id", "order"]
-  def fetch_paginated(query, params, type \\ :keyset)
+  def page_keys, do: @page_keys
-  def fetch_paginated(query, %{"total" => true} = params, :keyset) do
+  def fetch_paginated(query, params, type \\ :keyset, table_binding \\ nil)
  def fetch_paginated(query, %{"total" => true} = params, :keyset, table_binding) do
    total = Repo.aggregate(query, :count, :id)
    %{
      total: total,
-      items: fetch_paginated(query, Map.drop(params, ["total"]), :keyset)
+      items: fetch_paginated(query, Map.drop(params, ["total"]), :keyset, table_binding)
    }
  end
-  def fetch_paginated(query, params, :keyset) do
+  def fetch_paginated(query, params, :keyset, table_binding) do
    options = cast_params(params)
    query
-    |> paginate(options, :keyset)
+    |> paginate(options, :keyset, table_binding)
    |> Repo.all()
    |> enforce_order(options)
  end
-  def fetch_paginated(query, %{"total" => true} = params, :offset) do
+  def fetch_paginated(query, %{"total" => true} = params, :offset, table_binding) do
-    total = Repo.aggregate(query, :count, :id)
+    total =
      query
      |> Ecto.Query.exclude(:left_join)
      |> Repo.aggregate(:count, :id)
    %{
      total: total,
-      items: fetch_paginated(query, Map.drop(params, ["total"]), :offset)
+      items: fetch_paginated(query, Map.drop(params, ["total"]), :offset, table_binding)
    }
  end
-  def fetch_paginated(query, params, :offset) do
+  def fetch_paginated(query, params, :offset, table_binding) do
    options = cast_params(params)
    query
-    |> paginate(options, :offset)
+    |> paginate(options, :offset, table_binding)
    |> Repo.all()
  end
-  def paginate(query, options, method \\ :keyset)
+  def paginate(query, options, method \\ :keyset, table_binding \\ nil)
-  def paginate(query, options, :keyset) do
+  def paginate(query, options, :keyset, table_binding) do
    query
-    |> restrict(:min_id, options)
+    |> restrict(:min_id, options, table_binding)
-    |> restrict(:since_id, options)
+    |> restrict(:since_id, options, table_binding)
-    |> restrict(:max_id, options)
+    |> restrict(:max_id, options, table_binding)
-    |> restrict(:order, options)
+    |> restrict(:order, options, table_binding)
-    |> restrict(:limit, options)
+    |> restrict(:limit, options, table_binding)
  end
-  def paginate(query, options, :offset) do
+  def paginate(query, options, :offset, table_binding) do
    query
-    |> restrict(:order, options)
+    |> restrict(:order, options, table_binding)
-    |> restrict(:offset, options)
+    |> restrict(:offset, options, table_binding)
-    |> restrict(:limit, options)
+    |> restrict(:limit, options, table_binding)
  end
  defp cast_params(params) do
@ -75,7 +81,8 @@ defmodule Pleroma.Pagination do
      since_id: :string,
      max_id: :string,
      offset: :integer,
-      limit: :integer
+      limit: :integer,
      skip_order: :boolean
    }
    params =
@ -88,38 +95,48 @@ defmodule Pleroma.Pagination do
    changeset.changes
  end
-  defp restrict(query, :min_id, %{min_id: min_id}) do
+  defp restrict(query, :min_id, %{min_id: min_id}, table_binding) do
-    where(query, [q], q.id > ^min_id)
+    where(query, [{q, table_position(query, table_binding)}], q.id > ^min_id)
  end
-  defp restrict(query, :since_id, %{since_id: since_id}) do
+  defp restrict(query, :since_id, %{since_id: since_id}, table_binding) do
-    where(query, [q], q.id > ^since_id)
+    where(query, [{q, table_position(query, table_binding)}], q.id > ^since_id)
  end
-  defp restrict(query, :max_id, %{max_id: max_id}) do
+  defp restrict(query, :max_id, %{max_id: max_id}, table_binding) do
-    where(query, [q], q.id < ^max_id)
+    where(query, [{q, table_position(query, table_binding)}], q.id < ^max_id)
  end
-  defp restrict(query, :order, %{min_id: _}) do
+  defp restrict(query, :order, %{skip_order: true}, _), do: query
-    order_by(query, [u], fragment("? asc nulls last", u.id))
+
  defp restrict(query, :order, %{min_id: _}, table_binding) do
    order_by(
      query,
      [{u, table_position(query, table_binding)}],
      fragment("? asc nulls last", u.id)
    )
  end
-  defp restrict(query, :order, _options) do
+  defp restrict(query, :order, _options, table_binding) do
-    order_by(query, [u], fragment("? desc nulls last", u.id))
+    order_by(
      query,
      [{u, table_position(query, table_binding)}],
      fragment("? desc nulls last", u.id)
    )
  end
-  defp restrict(query, :offset, %{offset: offset}) do
+  defp restrict(query, :offset, %{offset: offset}, _table_binding) do
    offset(query, ^offset)
  end
-  defp restrict(query, :limit, options) do
+  defp restrict(query, :limit, options, _table_binding) do
    limit = Map.get(options, :limit, @default_limit)
    query
    |> limit(^limit)
  end
-  defp restrict(query, _, _), do: query
+  defp restrict(query, _, _, _), do: query
  defp enforce_order(result, %{min_id: _}) do
    result
@ -127,4 +144,10 @@ defmodule Pleroma.Pagination do
  end
  defp enforce_order(result, _), do: result
  defp table_position(%Ecto.Query{} = query, binding_name) do
    Map.get(query.aliases, binding_name, 0)
  end
  defp table_position(_, _), do: 0
 end
--- a/lib/pleroma/plugs/oauth_scopes_plug.ex
+++ b/lib/pleroma/plugs/oauth_scopes_plug.ex
@ -6,6 +6,7 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do
  import Plug.Conn
  import Pleroma.Web.Gettext
  alias Pleroma.Config
  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
  @behaviour Plug
@ -15,6 +16,8 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do
  def call(%Plug.Conn{assigns: assigns} = conn, %{scopes: scopes} = options) do
    op = options[:op] || :|
    token = assigns[:token]
    scopes = transform_scopes(scopes, options)
    matched_scopes = token && filter_descendants(scopes, token.scopes)
    cond do
@ -60,6 +63,15 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do
    )
  end
  @doc "Transforms scopes by applying supported options (e.g. :admin)"
  def transform_scopes(scopes, options) do
    if options[:admin] do
      Config.oauth_admin_scopes(scopes)
    else
      scopes
    end
  end
  defp maybe_perform_instance_privacy_check(%Plug.Conn{} = conn, options) do
    if options[:skip_instance_privacy_check] do
      conn
--- a/lib/pleroma/plugs/parsers_plug.ex
+++ b/lib/pleroma/plugs/parsers_plug.ex
@ -0,0 +1,21 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Plugs.Parsers do
  @moduledoc "Initializes Plug.Parsers with upload limit set at boot time"
  @behaviour Plug
  def init(_opts) do
    Plug.Parsers.init(
      parsers: [:urlencoded, :multipart, :json],
      pass: ["*/*"],
      json_decoder: Jason,
      length: Pleroma.Config.get([:instance, :upload_limit]),
      body_reader: {Pleroma.Web.Plugs.DigestPlug, :read_body, []}
    )
  end
  defdelegate call(conn, opts), to: Plug.Parsers
 end
--- a/lib/pleroma/plugs/user_is_admin_plug.ex
+++ b/lib/pleroma/plugs/user_is_admin_plug.ex
@ -5,19 +5,38 @@
 defmodule Pleroma.Plugs.UserIsAdminPlug do
  import Pleroma.Web.TranslationHelpers
  import Plug.Conn
  alias Pleroma.User
  alias Pleroma.Web.OAuth
  def init(options) do
    options
  end
-  def call(%{assigns: %{user: %User{is_admin: true}}} = conn, _) do
+  def call(%{assigns: %{user: %User{is_admin: true}} = assigns} = conn, _) do
-    conn
+    token = assigns[:token]
    cond do
      not Pleroma.Config.enforce_oauth_admin_scope_usage?() ->
        conn
      token && OAuth.Scopes.contains_admin_scopes?(token.scopes) ->
        # Note: checking for _any_ admin scope presence, not necessarily fitting requested action.
        #   Thus, controller must explicitly invoke OAuthScopesPlug to verify scope requirements.
        conn
      true ->
        fail(conn)
    end
  end
  def call(conn, _) do
    fail(conn)
  end
  defp fail(conn) do
    conn
-    |> render_error(:forbidden, "User is not admin.")
+    |> render_error(:forbidden, "User is not an admin or OAuth admin scope is not granted.")
-    |> halt
+    |> halt()
  end
 end
--- a/lib/pleroma/report_note.ex
+++ b/lib/pleroma/report_note.ex
@ -0,0 +1,48 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.ReportNote do
  use Ecto.Schema
  import Ecto.Changeset
  import Ecto.Query
  alias Pleroma.Activity
  alias Pleroma.Repo
  alias Pleroma.ReportNote
  alias Pleroma.User
  @type t :: %__MODULE__{}
  schema "report_notes" do
    field(:content, :string)
    belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
    belongs_to(:activity, Activity, type: FlakeId.Ecto.CompatType)
    timestamps()
  end
  @spec create(FlakeId.Ecto.CompatType.t(), FlakeId.Ecto.CompatType.t(), String.t()) ::
          {:ok, ReportNote.t()} | {:error, Changeset.t()}
  def create(user_id, activity_id, content) do
    attrs = %{
      user_id: user_id,
      activity_id: activity_id,
      content: content
    }
    %ReportNote{}
    |> cast(attrs, [:user_id, :activity_id, :content])
    |> validate_required([:user_id, :activity_id, :content])
    |> Repo.insert()
  end
  @spec destroy(FlakeId.Ecto.CompatType.t()) ::
          {:ok, ReportNote.t()} | {:error, Changeset.t()}
  def destroy(id) do
    from(r in ReportNote, where: r.id == ^id)
    |> Repo.one()
    |> Repo.delete()
  end
 end
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -127,15 +127,13 @@ defmodule Pleroma.User do
    field(:invisible, :boolean, default: false)
    field(:allow_following_move, :boolean, default: true)
    field(:skip_thread_containment, :boolean, default: false)
    field(:actor_type, :string, default: "Person")
    field(:also_known_as, {:array, :string}, default: [])
-    field(:notification_settings, :map,
+    embeds_one(
-      default: %{
+      :notification_settings,
-        "followers" => true,
+      Pleroma.User.NotificationSetting,
-        "follows" => true,
+      on_replace: :update
        "non_follows" => true,
        "non_followers" => true
      }
    )
    has_many(:notifications, Notification)
@ -349,6 +347,7 @@ defmodule Pleroma.User do
          :following_count,
          :discoverable,
          :invisible,
          :actor_type,
          :also_known_as
        ]
      )
@ -399,6 +398,7 @@ defmodule Pleroma.User do
        :raw_fields,
        :pleroma_settings_store,
        :discoverable,
        :actor_type,
        :also_known_as
      ]
    )
@ -441,6 +441,7 @@ defmodule Pleroma.User do
        :discoverable,
        :hide_followers_count,
        :hide_follows_count,
        :actor_type,
        :also_known_as
      ]
    )
@ -861,6 +862,13 @@ defmodule Pleroma.User do
    |> Repo.all()
  end
  def get_friends_ap_ids(user) do
    user
    |> get_friends_query(nil)
    |> select([u], u.ap_id)
    |> Repo.all()
  end
  def get_friends_ids(user, page \\ nil) do
    user
    |> get_friends_query(page)
@ -1135,7 +1143,8 @@ defmodule Pleroma.User do
  def blocks?(nil, _), do: false
  def blocks?(%User{} = user, %User{} = target) do
-    blocks_user?(user, target) || blocks_domain?(user, target)
+    blocks_user?(user, target) ||
      (!User.following?(user, target) && blocks_domain?(user, target))
  end
  def blocks_user?(%User{} = user, %User{} = target) do
@ -1221,20 +1230,9 @@ defmodule Pleroma.User do
  end
  def update_notification_settings(%User{} = user, settings) do
    settings =
      settings
      |> Enum.map(fn {k, v} -> {k, v in [true, "true", "True", "1"]} end)
      |> Map.new()
    notification_settings =
      user.notification_settings
      |> Map.merge(settings)
      |> Map.take(["followers", "follows", "non_follows", "non_followers"])
    params = %{notification_settings: notification_settings}
    user
-    |> cast(params, [:notification_settings])
+    |> cast(%{notification_settings: settings}, [])
    |> cast_embed(:notification_settings)
    |> validate_required([:notification_settings])
    |> update_and_set_cache()
  end
@ -1849,13 +1847,28 @@ defmodule Pleroma.User do
  end
  def admin_api_update(user, params) do
-    user
+    changeset =
-    |> cast(params, [
+      cast(user, params, [
-      :is_moderator,
+        :is_moderator,
-      :is_admin,
+        :is_admin,
-      :show_role
+        :show_role
-    ])
+      ])
-    |> update_and_set_cache()
+
    with {:ok, updated_user} <- update_and_set_cache(changeset) do
      if user.is_admin && !updated_user.is_admin do
        # Tokens & authorizations containing any admin scopes must be revoked (revoking all).
        # This is an extra safety measure (tokens' admin scopes won't be accepted for non-admins).
        global_sign_out(user)
      end
      {:ok, updated_user}
    end
  end
  @doc "Signs user out of all applications"
  def global_sign_out(user) do
    OAuth.Authorization.delete_user_authorizations(user)
    OAuth.Token.delete_user_tokens(user)
  end
  def mascot_update(user, url) do
--- a/lib/pleroma/user/notification_setting.ex
+++ b/lib/pleroma/user/notification_setting.ex
@ -0,0 +1,40 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.User.NotificationSetting do
  use Ecto.Schema
  import Ecto.Changeset
  @derive Jason.Encoder
  @primary_key false
  embedded_schema do
    field(:followers, :boolean, default: true)
    field(:follows, :boolean, default: true)
    field(:non_follows, :boolean, default: true)
    field(:non_followers, :boolean, default: true)
    field(:privacy_option, :boolean, default: false)
  end
  def changeset(schema, params) do
    schema
    |> cast(prepare_attrs(params), [
      :followers,
      :follows,
      :non_follows,
      :non_followers,
      :privacy_option
    ])
  end
  defp prepare_attrs(params) do
    Enum.reduce(params, %{}, fn
      {k, v}, acc when is_binary(v) ->
        Map.put(acc, k, String.downcase(v))
      {k, v}, acc ->
        Map.put(acc, k, v)
    end)
  end
 end
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@ -456,17 +456,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
    user = User.get_cached_by_ap_id(actor)
    to = (object.data["to"] || []) ++ (object.data["cc"] || [])
-    with {:ok, object, activity} <- Object.delete(object),
+    with create_activity <- Activity.get_create_by_object_ap_id(id),
         data <-
           %{
             "type" => "Delete",
             "actor" => actor,
             "object" => id,
             "to" => to,
-             "deleted_activity_id" => activity && activity.id
+             "deleted_activity_id" => create_activity && create_activity.id
           }
           |> maybe_put("id", activity_id),
         {:ok, activity} <- insert(data, local, false),
         {:ok, object, _create_activity} <- Object.delete(object),
         stream_out_participations(object, user),
         _ <- decrease_replies_count_if_reply(object),
         {:ok, _actor} <- decrease_note_count_if_public(user, object),
@ -748,6 +749,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
      |> Map.put("whole_db", true)
      |> Map.put("pinned_activity_ids", user.pinned_activities)
    params =
      if User.blocks?(reading_user, user) do
        params
      else
        params
        |> Map.put("blocking_user", reading_user)
        |> Map.put("muting_user", reading_user)
      end
    recipients =
      user_activities_recipients(%{
        "godmode" => params["godmode"],
@ -940,6 +950,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
    blocked_ap_ids = opts["blocked_users_ap_ids"] || User.blocked_users_ap_ids(user)
    domain_blocks = user.domain_blocks || []
    following_ap_ids = User.get_friends_ap_ids(user)
    query =
      if has_named_binding?(query, :object), do: query, else: Activity.with_joined_object(query)
@ -954,8 +966,22 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
          activity.data,
          ^blocked_ap_ids
        ),
-      where: fragment("not (split_part(?, '/', 3) = ANY(?))", activity.actor, ^domain_blocks),
+      where:
-      where: fragment("not (split_part(?->>'actor', '/', 3) = ANY(?))", o.data, ^domain_blocks)
+        fragment(
          "(not (split_part(?, '/', 3) = ANY(?))) or ? = ANY(?)",
          activity.actor,
          ^domain_blocks,
          activity.actor,
          ^following_ap_ids
        ),
      where:
        fragment(
          "(not (split_part(?->>'actor', '/', 3) = ANY(?))) or (?->>'actor') = ANY(?)",
          o.data,
          ^domain_blocks,
          o.data,
          ^following_ap_ids
        )
    )
  end
@ -1042,6 +1068,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
    |> Activity.with_preloaded_bookmark(opts["user"])
  end
  defp maybe_preload_report_notes(query, %{"preload_report_notes" => true}) do
    query
    |> Activity.with_preloaded_report_notes()
  end
  defp maybe_preload_report_notes(query, _), do: query
  defp maybe_set_thread_muted_field(query, %{"skip_preload" => true}), do: query
  defp maybe_set_thread_muted_field(query, opts) do
@ -1095,6 +1128,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
    Activity
    |> maybe_preload_objects(opts)
    |> maybe_preload_bookmarks(opts)
    |> maybe_preload_report_notes(opts)
    |> maybe_set_thread_muted_field(opts)
    |> maybe_order(opts)
    |> restrict_recipients(recipients, opts["user"])
@ -1131,6 +1165,25 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
    |> maybe_update_cc(list_memberships, opts["user"])
  end
  @doc """
  Fetch favorites activities of user with order by sort adds to favorites
  """
  @spec fetch_favourites(User.t(), map(), atom()) :: list(Activity.t())
  def fetch_favourites(user, params \\ %{}, pagination \\ :keyset) do
    user.ap_id
    |> Activity.Queries.by_actor()
    |> Activity.Queries.by_type("Like")
    |> Activity.with_joined_object()
    |> Object.with_joined_activity()
    |> select([_like, object, activity], %{activity | object: object})
    |> order_by([like, _, _], desc: like.id)
    |> Pagination.fetch_paginated(
      Map.merge(params, %{"skip_order" => true}),
      pagination,
      :object_activity
    )
  end
  defp maybe_update_cc(activities, list_memberships, %User{ap_id: user_ap_id})
       when is_list(list_memberships) and length(list_memberships) > 0 do
    Enum.map(activities, fn
@ -1207,6 +1260,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
    data = Transmogrifier.maybe_fix_user_object(data)
    discoverable = data["discoverable"] || false
    invisible = data["invisible"] || false
    actor_type = data["type"] || "Person"
    user_data = %{
      ap_id: data["id"],
@ -1222,6 +1276,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
      follower_address: data["followers"],
      following_address: data["following"],
      bio: data["summary"],
      actor_type: actor_type,
      also_known_as: Map.get(data, "alsoKnownAs", [])
    }
--- a/lib/pleroma/web/activity_pub/publisher.ex
+++ b/lib/pleroma/web/activity_pub/publisher.ex
@ -9,6 +9,7 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
  alias Pleroma.HTTP
  alias Pleroma.Instances
  alias Pleroma.Object
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.Relay
  alias Pleroma.Web.ActivityPub.Transmogrifier
@ -188,31 +189,35 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
    recipients = recipients(actor, activity)
-    recipients
+    inboxes =
-    |> Enum.filter(&User.ap_enabled?/1)
+      recipients
-    |> Enum.map(fn %{source_data: data} -> data["inbox"] end)
+      |> Enum.filter(&User.ap_enabled?/1)
-    |> Enum.filter(fn inbox -> should_federate?(inbox, public) end)
+      |> Enum.map(fn %{source_data: data} -> data["inbox"] end)
-    |> Instances.filter_reachable()
+      |> Enum.filter(fn inbox -> should_federate?(inbox, public) end)
-    |> Enum.each(fn {inbox, unreachable_since} ->
+      |> Instances.filter_reachable()
      %User{ap_id: ap_id} =
        Enum.find(recipients, fn %{source_data: data} -> data["inbox"] == inbox end)
-      # Get all the recipients on the same host and add them to cc. Otherwise, a remote
+    Repo.checkout(fn ->
-      # instance would only accept a first message for the first recipient and ignore the rest.
+      Enum.each(inboxes, fn {inbox, unreachable_since} ->
-      cc = get_cc_ap_ids(ap_id, recipients)
+        %User{ap_id: ap_id} =
          Enum.find(recipients, fn %{source_data: data} -> data["inbox"] == inbox end)
-      json =
+        # Get all the recipients on the same host and add them to cc. Otherwise, a remote
-        data
+        # instance would only accept a first message for the first recipient and ignore the rest.
-        |> Map.put("cc", cc)
+        cc = get_cc_ap_ids(ap_id, recipients)
        |> Jason.encode!()
-      Pleroma.Web.Federator.Publisher.enqueue_one(__MODULE__, %{
+        json =
-        inbox: inbox,
+          data
-        json: json,
+          |> Map.put("cc", cc)
-        actor_id: actor.id,
+          |> Jason.encode!()
-        id: activity.data["id"],
+
-        unreachable_since: unreachable_since
+        Pleroma.Web.Federator.Publisher.enqueue_one(__MODULE__, %{
-      })
+          inbox: inbox,
          json: json,
          actor_id: actor.id,
          id: activity.data["id"],
          unreachable_since: unreachable_since
        })
      end)
    end)
  end
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@ -387,7 +387,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
  def handle_incoming(%{"id" => nil}, _options), do: :error
  def handle_incoming(%{"id" => ""}, _options), do: :error
  # length of https:// = 8, should validate better, but good enough for now.
-  def handle_incoming(%{"id" => id}, _options) when not (is_binary(id) and length(id) > 8),
+  def handle_incoming(%{"id" => id}, _options) when is_binary(id) and byte_size(id) < 8,
    do: :error
  # TODO: validate those with a Ecto scheme
--- a/lib/pleroma/web/activity_pub/utils.ex
+++ b/lib/pleroma/web/activity_pub/utils.ex
@ -787,6 +787,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do
      params
      |> Map.put("type", "Flag")
      |> Map.put("skip_preload", true)
      |> Map.put("preload_report_notes", true)
      |> Map.put("total", true)
      |> Map.put("limit", page_size)
      |> Map.put("offset", (page - 1) * page_size)
--- a/lib/pleroma/web/activity_pub/views/user_view.ex
+++ b/lib/pleroma/web/activity_pub/views/user_view.ex
@ -91,7 +91,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do
    %{
      "id" => user.ap_id,
-      "type" => "Person",
+      "type" => user.actor_type,
      "following" => "#{user.ap_id}/following",
      "followers" => "#{user.ap_id}/followers",
      "inbox" => "#{user.ap_id}/inbox",
--- a/lib/pleroma/web/admin_api/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/admin_api_controller.ex
@ -7,6 +7,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
  alias Pleroma.Activity
  alias Pleroma.ModerationLog
  alias Pleroma.Plugs.OAuthScopesPlug
  alias Pleroma.ReportNote
  alias Pleroma.User
  alias Pleroma.UserInviteToken
  alias Pleroma.Web.ActivityPub.ActivityPub
@ -30,13 +31,13 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
  plug(
    OAuthScopesPlug,
-    %{scopes: ["read:accounts"]}
+    %{scopes: ["read:accounts"], admin: true}
    when action in [:list_users, :user_show, :right_get, :invites]
  )
  plug(
    OAuthScopesPlug,
-    %{scopes: ["write:accounts"]}
+    %{scopes: ["write:accounts"], admin: true}
    when action in [
           :get_invite_token,
           :revoke_invite,
@ -58,35 +59,37 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
  plug(
    OAuthScopesPlug,
-    %{scopes: ["read:reports"]} when action in [:list_reports, :report_show]
+    %{scopes: ["read:reports"], admin: true}
    when action in [:list_reports, :report_show]
  )
  plug(
    OAuthScopesPlug,
-    %{scopes: ["write:reports"]}
+    %{scopes: ["write:reports"], admin: true}
    when action in [:report_update_state, :report_respond]
  )
  plug(
    OAuthScopesPlug,
-    %{scopes: ["read:statuses"]} when action == :list_user_statuses
+    %{scopes: ["read:statuses"], admin: true}
    when action == :list_user_statuses
  )
  plug(
    OAuthScopesPlug,
-    %{scopes: ["write:statuses"]}
+    %{scopes: ["write:statuses"], admin: true}
    when action in [:status_update, :status_delete]
  )
  plug(
    OAuthScopesPlug,
-    %{scopes: ["read"]}
+    %{scopes: ["read"], admin: true}
    when action in [:config_show, :migrate_to_db, :migrate_from_db, :list_log]
  )
  plug(
    OAuthScopesPlug,
-    %{scopes: ["write"]}
+    %{scopes: ["write"], admin: true}
    when action in [:relay_follow, :relay_unfollow, :config_update]
  )
@ -238,7 +241,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
      })
    conn
-    |> put_view(StatusView)
+    |> put_view(Pleroma.Web.AdminAPI.StatusView)
    |> render("index.json", %{activities: activities, as: :activity})
  end
@ -641,9 +644,11 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
  def list_reports(conn, params) do
    {page, page_size} = page_params(params)
    reports = Utils.get_reports(params, page, page_size)
    conn
    |> put_view(ReportView)
-    |> render("index.json", %{reports: Utils.get_reports(params, page, page_size)})
+    |> render("index.json", %{reports: reports})
  end
  def list_grouped_reports(conn, _params) do
@ -687,32 +692,39 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
    end
  end
-  def report_respond(%{assigns: %{user: user}} = conn, %{"id" => id} = params) do
+  def report_notes_create(%{assigns: %{user: user}} = conn, %{
-    with false <- is_nil(params["status"]),
+        "id" => report_id,
-         %Activity{} <- Activity.get_by_id(id) do
+        "content" => content
-      params =
+      }) do
-        params
+    with {:ok, _} <- ReportNote.create(user.id, report_id, content) do
        |> Map.put("in_reply_to_status_id", id)
        |> Map.put("visibility", "direct")
      {:ok, activity} = CommonAPI.post(user, params)
      ModerationLog.insert_log(%{
-        action: "report_response",
+        action: "report_note",
        actor: user,
-        subject: activity,
+        subject: Activity.get_by_id(report_id),
-        text: params["status"]
+        text: content
      })
-      conn
+      json_response(conn, :no_content, "")
      |> put_view(StatusView)
      |> render("show.json", %{activity: activity})
    else
-      true ->
+      _ -> json_response(conn, :bad_request, "")
-        {:param_cast, nil}
+    end
  end
-      nil ->
+  def report_notes_delete(%{assigns: %{user: user}} = conn, %{
-        {:error, :not_found}
+        "id" => note_id,
        "report_id" => report_id
      }) do
    with {:ok, note} <- ReportNote.destroy(note_id) do
      ModerationLog.insert_log(%{
        action: "report_note_delete",
        actor: user,
        subject: Activity.get_by_id(report_id),
        text: note.content
      })
      json_response(conn, :no_content, "")
    else
      _ -> json_response(conn, :bad_request, "")
    end
  end
--- a/lib/pleroma/web/admin_api/views/report_view.ex
+++ b/lib/pleroma/web/admin_api/views/report_view.ex
@ -39,7 +39,8 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
      content: content,
      created_at: created_at,
      statuses: StatusView.render("index.json", %{activities: statuses, as: :activity}),
-      state: report.data["state"]
+      state: report.data["state"],
      notes: render(__MODULE__, "index_notes.json", %{notes: report.report_notes})
    }
  end
@ -69,6 +70,28 @@ defmodule Pleroma.Web.AdminAPI.ReportView do
    }
  end
  def render("index_notes.json", %{notes: notes}) when is_list(notes) do
    Enum.map(notes, &render(__MODULE__, "show_note.json", &1))
  end
  def render("index_notes.json", _), do: []
  def render("show_note.json", %{
        id: id,
        content: content,
        user_id: user_id,
        inserted_at: inserted_at
      }) do
    user = User.get_by_id(user_id)
    %{
      id: id,
      content: content,
      user: merge_account_views(user),
      created_at: Utils.to_masto_date(inserted_at)
    }
  end
  defp merge_account_views(%User{} = user) do
    Pleroma.Web.MastodonAPI.AccountView.render("show.json", %{user: user})
    |> Map.merge(Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user}))
--- a/lib/pleroma/web/admin_api/views/status_view.ex
+++ b/lib/pleroma/web/admin_api/views/status_view.ex
@ -0,0 +1,42 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.AdminAPI.StatusView do
  use Pleroma.Web, :view
  require Pleroma.Constants
  alias Pleroma.User
  def render("index.json", opts) do
    render_many(opts.activities, __MODULE__, "show.json", opts)
  end
  def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} = opts) do
    user = get_user(activity.data["actor"])
    Pleroma.Web.MastodonAPI.StatusView.render("show.json", opts)
    |> Map.merge(%{account: merge_account_views(user)})
  end
  defp merge_account_views(%User{} = user) do
    Pleroma.Web.MastodonAPI.AccountView.render("show.json", %{user: user})
    |> Map.merge(Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user}))
  end
  defp merge_account_views(_), do: %{}
  defp get_user(ap_id) do
    cond do
      user = User.get_cached_by_ap_id(ap_id) ->
        user
      user = User.get_by_guessed_nickname(ap_id) ->
        user
      true ->
        User.error_user(ap_id)
    end
  end
 end
--- a/lib/pleroma/web/chat_channel.ex
+++ b/lib/pleroma/web/chat_channel.ex
@ -20,7 +20,7 @@ defmodule Pleroma.Web.ChatChannel do
  def handle_in("new_msg", %{"text" => text}, %{assigns: %{user_name: user_name}} = socket) do
    text = String.trim(text)
-    if String.length(text) > 0 do
+    if String.length(text) in 1..Pleroma.Config.get([:instance, :chat_limit]) do
      author = User.get_cached_by_nickname(user_name)
      author = Pleroma.Web.MastodonAPI.AccountView.render("show.json", user: author)
      message = ChatChannelState.add_message(%{text: text, author: author})
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@ -61,14 +61,7 @@ defmodule Pleroma.Web.Endpoint do
  plug(Plug.RequestId)
  plug(Plug.Logger)
-  plug(
+  plug(Pleroma.Plugs.Parsers)
    Plug.Parsers,
    parsers: [:urlencoded, :multipart, :json],
    pass: ["*/*"],
    json_decoder: Jason,
    length: Pleroma.Config.get([:instance, :upload_limit]),
    body_reader: {Pleroma.Web.Plugs.DigestPlug, :read_body, []}
  )
  plug(Plug.MethodOverride)
  plug(Plug.Head)
--- a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
@ -188,6 +188,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
        {:ok, Map.merge(user.pleroma_settings_store, value)}
      end)
      |> add_if_present(params, "default_scope", :default_scope)
      |> add_if_present(params, "actor_type", :actor_type)
    emojis_text = (user_params["display_name"] || "") <> (user_params["note"] || "")
@ -249,7 +250,11 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
  @doc "GET /api/v1/accounts/:id/statuses"
  def statuses(%{assigns: %{user: reading_user}} = conn, params) do
    with %User{} = user <- User.get_cached_by_nickname_or_id(params["id"], for: reading_user) do
-      params = Map.put(params, "tag", params["tagged"])
+      params =
        params
        |> Map.put("tag", params["tagged"])
        |> Map.delete("godmode")
      activities = ActivityPub.fetch_user_activities(user, reading_user, params)
      conn
--- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
@ -346,15 +346,11 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
  @doc "GET /api/v1/favourites"
  def favourites(%{assigns: %{user: user}} = conn, params) do
    params =
      params
      |> Map.put("type", "Create")
      |> Map.put("favorited_by", user.ap_id)
      |> Map.put("blocking_user", user)
    activities =
-      ActivityPub.fetch_activities([], params)
+      ActivityPub.fetch_favourites(
-      |> Enum.reverse()
+        user,
        Map.take(params, Pleroma.Pagination.page_keys())
      )
    conn
    |> add_link_headers(activities)
--- a/lib/pleroma/web/mastodon_api/mastodon_api.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api.ex
@ -70,7 +70,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPI do
      exclude_types: {:array, :string},
      exclude_visibilities: {:array, :string},
      reblogs: :boolean,
-      with_muted: :boolean
+      with_muted: :boolean,
      with_move: :boolean
    }
    changeset = cast({%{}, param_types}, params, Map.keys(param_types))
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@ -86,7 +86,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
        0
      end
-    bot = (user.source_data["type"] || "Person") in ["Application", "Service"]
+    bot = user.actor_type in ["Application", "Service"]
    emojis =
      (user.source_data["tag"] || [])
@ -137,7 +137,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
        sensitive: false,
        fields: user.raw_fields,
        pleroma: %{
-          discoverable: user.discoverable
+          discoverable: user.discoverable,
          actor_type: user.actor_type
        }
      },
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@ -222,7 +222,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
         {:user_active, true} <- {:user_active, !user.deactivated},
         {:password_reset_pending, false} <-
           {:password_reset_pending, user.password_reset_pending},
-         {:ok, scopes} <- validate_scopes(app, params),
+         {:ok, scopes} <- validate_scopes(app, params, user),
         {:ok, auth} <- Authorization.create_authorization(app, user, scopes),
         {:ok, token} <- Token.exchange_token(app, auth) do
      json(conn, Token.Response.build(user, token))
@ -471,7 +471,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
           {:get_user, (user && {:ok, user}) || Authenticator.get_user(conn)},
         %App{} = app <- Repo.get_by(App, client_id: client_id),
         true <- redirect_uri in String.split(app.redirect_uris),
-         {:ok, scopes} <- validate_scopes(app, auth_attrs),
+         {:ok, scopes} <- validate_scopes(app, auth_attrs, user),
         {:auth_active, true} <- {:auth_active, User.auth_active?(user)} do
      Authorization.create_authorization(app, user, scopes)
    end
@ -487,12 +487,12 @@ defmodule Pleroma.Web.OAuth.OAuthController do
  defp put_session_registration_id(%Plug.Conn{} = conn, registration_id),
    do: put_session(conn, :registration_id, registration_id)
-  @spec validate_scopes(App.t(), map()) ::
+  @spec validate_scopes(App.t(), map(), User.t()) ::
          {:ok, list()} | {:error, :missing_scopes | :unsupported_scopes}
-  defp validate_scopes(app, params) do
+  defp validate_scopes(%App{} = app, params, %User{} = user) do
    params
    |> Scopes.fetch_scopes(app.scopes)
-    |> Scopes.validate(app.scopes)
+    |> Scopes.validate(app.scopes, user)
  end
  def default_redirect_uri(%App{} = app) do
--- a/lib/pleroma/web/oauth/scopes.ex
+++ b/lib/pleroma/web/oauth/scopes.ex
@ -7,6 +7,9 @@ defmodule Pleroma.Web.OAuth.Scopes do
  Functions for dealing with scopes.
  """
  alias Pleroma.Plugs.OAuthScopesPlug
  alias Pleroma.User
  @doc """
  Fetch scopes from request params.
@ -53,15 +56,38 @@ defmodule Pleroma.Web.OAuth.Scopes do
  @doc """
  Validates scopes.
  """
-  @spec validate(list() | nil, list()) ::
+  @spec validate(list() | nil, list(), User.t()) ::
          {:ok, list()} | {:error, :missing_scopes | :unsupported_scopes}
-  def validate([], _app_scopes), do: {:error, :missing_scopes}
+  def validate(blank_scopes, _app_scopes, _user) when blank_scopes in [nil, []],
-  def validate(nil, _app_scopes), do: {:error, :missing_scopes}
+    do: {:error, :missing_scopes}
-  def validate(scopes, app_scopes) do
+  def validate(scopes, app_scopes, %User{} = user) do
-    case Pleroma.Plugs.OAuthScopesPlug.filter_descendants(scopes, app_scopes) do
+    with {:ok, _} <- ensure_scopes_support(scopes, app_scopes),
         {:ok, scopes} <- authorize_admin_scopes(scopes, app_scopes, user) do
      {:ok, scopes}
    end
  end
  defp ensure_scopes_support(scopes, app_scopes) do
    case OAuthScopesPlug.filter_descendants(scopes, app_scopes) do
      ^scopes -> {:ok, scopes}
      _ -> {:error, :unsupported_scopes}
    end
  end
  defp authorize_admin_scopes(scopes, app_scopes, %User{} = user) do
    if user.is_admin || !contains_admin_scopes?(scopes) || !contains_admin_scopes?(app_scopes) do
      {:ok, scopes}
    else
      # Gracefully dropping admin scopes from requested scopes if user isn't an admin (not raising)
      scopes = scopes -- OAuthScopesPlug.filter_descendants(scopes, ["admin"])
      validate(scopes, app_scopes, user)
    end
  end
  def contains_admin_scopes?(scopes) do
    scopes
    |> OAuthScopesPlug.filter_descendants(["admin"])
    |> Enum.any?()
  end
 end
--- a/lib/pleroma/web/oauth/token/clean_worker.ex
+++ b/lib/pleroma/web/oauth/token/clean_worker.ex
@ -11,11 +11,6 @@ defmodule Pleroma.Web.OAuth.Token.CleanWorker do
  @ten_seconds 10_000
  @one_day 86_400_000
  @interval Pleroma.Config.get(
              [:oauth2, :clean_expired_tokens_interval],
              @one_day
            )
  alias Pleroma.Web.OAuth.Token
  alias Pleroma.Workers.BackgroundWorker
@ -29,8 +24,9 @@ defmodule Pleroma.Web.OAuth.Token.CleanWorker do
  @doc false
  def handle_info(:perform, state) do
    BackgroundWorker.enqueue("clean_expired_tokens", %{})
    interval = Pleroma.Config.get([:oauth2, :clean_expired_tokens_interval], @one_day)
-    Process.send_after(self(), :perform, @interval)
+    Process.send_after(self(), :perform, interval)
    {:noreply, state}
  end
--- a/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex
@ -7,7 +7,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIController do
  plug(
    OAuthScopesPlug,
-    %{scopes: ["write"]}
+    %{scopes: ["write"], admin: true}
    when action in [
           :create,
           :delete,
--- a/lib/pleroma/web/push/impl.ex
+++ b/lib/pleroma/web/push/impl.ex
@ -22,8 +22,8 @@ defmodule Pleroma.Web.Push.Impl do
  @spec perform(Notification.t()) :: list(any) | :error
  def perform(
        %{
-          activity: %{data: %{"type" => activity_type}, id: activity_id} = activity,
+          activity: %{data: %{"type" => activity_type}} = activity,
-          user_id: user_id
+          user: %User{id: user_id}
        } = notif
      )
      when activity_type in @types do
@ -39,18 +39,17 @@ defmodule Pleroma.Web.Push.Impl do
    for subscription <- fetch_subsriptions(user_id),
        get_in(subscription.data, ["alerts", type]) do
      %{
        title: format_title(notif),
        access_token: subscription.token.token,
        body: format_body(notif, actor, object),
        notification_id: notif.id,
        notification_type: type,
        icon: avatar_url,
        preferred_locale: "en",
        pleroma: %{
-          activity_id: activity_id,
+          activity_id: notif.activity.id,
          direct_conversation_id: direct_conversation_id
        }
      }
      |> Map.merge(build_content(notif, actor, object))
      |> Jason.encode!()
      |> push_message(build_sub(subscription), gcm_api_key, subscription)
    end
@ -100,6 +99,24 @@ defmodule Pleroma.Web.Push.Impl do
    }
  end
  def build_content(
        %{
          activity: %{data: %{"directMessage" => true}},
          user: %{notification_settings: %{privacy_option: true}}
        },
        actor,
        _
      ) do
    %{title: "New Direct Message", body: "@#{actor.nickname}"}
  end
  def build_content(notif, actor, object) do
    %{
      title: format_title(notif),
      body: format_body(notif, actor, object)
    }
  end
  def format_body(
        %{activity: %{data: %{"type" => "Create"}}},
        actor,
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -187,7 +187,8 @@ defmodule Pleroma.Web.Router do
    get("/grouped_reports", AdminAPIController, :list_grouped_reports)
    get("/reports/:id", AdminAPIController, :report_show)
    patch("/reports", AdminAPIController, :reports_update)
-    post("/reports/:id/respond", AdminAPIController, :report_respond)
+    post("/reports/:id/notes", AdminAPIController, :report_notes_create)
    delete("/reports/:report_id/notes/:id", AdminAPIController, :report_notes_delete)
    put("/statuses/:id", AdminAPIController, :status_update)
    delete("/statuses/:id", AdminAPIController, :status_delete)
@ -530,7 +531,10 @@ defmodule Pleroma.Web.Router do
    get("/users/:nickname", Feed.UserController, :feed_redirect, as: :user_feed)
    get("/tags/:tag", Feed.TagController, :feed, as: :tag_feed)
  end
  scope "/", Pleroma.Web do
    pipe_through(:browser)
    get("/mailer/unsubscribe/:token", Mailer.SubscriptionController, :unsubscribe)
  end
--- a/lib/pleroma/workers/web_pusher_worker.ex
+++ b/lib/pleroma/workers/web_pusher_worker.ex
@ -13,7 +13,7 @@ defmodule Pleroma.Workers.WebPusherWorker do
    notification =
      Notification
      |> Repo.get(notification_id)
-      |> Repo.preload([:activity])
+      |> Repo.preload([:activity, :user])
    Pleroma.Web.Push.Impl.perform(notification)
  end
--- a/mix.exs
+++ b/mix.exs
@ -163,6 +163,9 @@ defmodule Pleroma.Mixfile do
      {:remote_ip,
       git: "https://git.pleroma.social/pleroma/remote_ip.git",
       ref: "825dc00aaba5a1b7c4202a532b696b595dd3bcb3"},
      {:captcha,
       git: "https://git.pleroma.social/pleroma/elixir-libraries/elixir-captcha.git",
       ref: "c3c795c55f6b49d79d6ac70a0f91e525099fc3e2"},
      {:mox, "~> 0.5", only: :test}
    ] ++ oauth_deps()
  end
--- a/mix.lock
+++ b/mix.lock
@ -8,6 +8,7 @@
  "bunt": {:hex, :bunt, "0.2.0", "951c6e801e8b1d2cbe58ebbd3e616a869061ddadcc4863d0a2182541acae9a38", [:mix], [], "hexpm"},
  "cachex": {:hex, :cachex, "3.0.3", "4e2d3e05814a5738f5ff3903151d5c25636d72a3527251b753f501ad9c657967", [:mix], [{:eternal, "~> 1.2", [hex: :eternal, repo: "hexpm", optional: false]}, {:unsafe, "~> 1.0", [hex: :unsafe, repo: "hexpm", optional: false]}], "hexpm"},
  "calendar": {:hex, :calendar, "0.17.6", "ec291cb2e4ba499c2e8c0ef5f4ace974e2f9d02ae9e807e711a9b0c7850b9aee", [:mix], [{:tzdata, "~> 0.5.20 or ~> 0.1.201603 or ~> 1.0", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm"},
  "captcha": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/elixir-captcha.git", "c3c795c55f6b49d79d6ac70a0f91e525099fc3e2", [ref: "c3c795c55f6b49d79d6ac70a0f91e525099fc3e2"]},
  "certifi": {:hex, :certifi, "2.5.1", "867ce347f7c7d78563450a18a6a28a8090331e77fa02380b4a21962a65d36ee5", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm"},
  "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm"},
  "comeonin": {:hex, :comeonin, "4.1.2", "3eb5620fd8e35508991664b4c2b04dd41e52f1620b36957be837c1d7784b7592", [:mix], [{:argon2_elixir, "~> 1.2", [hex: :argon2_elixir, repo: "hexpm", optional: true]}, {:bcrypt_elixir, "~> 0.12.1 or ~> 1.0", [hex: :bcrypt_elixir, repo: "hexpm", optional: true]}, {:pbkdf2_elixir, "~> 0.12", [hex: :pbkdf2_elixir, repo: "hexpm", optional: true]}], "hexpm"},
@ -36,8 +37,8 @@
  "ex_machina": {:hex, :ex_machina, "2.3.0", "92a5ad0a8b10ea6314b876a99c8c9e3f25f4dde71a2a835845b136b9adaf199a", [:mix], [{:ecto, "~> 2.2 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:ecto_sql, "~> 3.0", [hex: :ecto_sql, repo: "hexpm", optional: true]}], "hexpm"},
  "ex_syslogger": {:git, "https://github.com/slashmili/ex_syslogger.git", "f3963399047af17e038897c69e20d552e6899e1d", [tag: "1.4.0"]},
  "excoveralls": {:hex, :excoveralls, "0.11.2", "0c6f2c8db7683b0caa9d490fb8125709c54580b4255ffa7ad35f3264b075a643", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm"},
-  "fast_html": {:hex, :fast_html, "0.99.4", "d80812664f0429607e1d880fba0ef04da87a2e4fa596701bcaae17953535695c", [:make, :mix], [], "hexpm"},
+  "fast_html": {:hex, :fast_html, "1.0.1", "5bc7df4dc4607ec2c314c16414e4111d79a209956c4f5df96602d194c61197f9", [:make, :mix], [], "hexpm"},
-  "fast_sanitize": {:hex, :fast_sanitize, "0.1.4", "6c2e7203ca2f8275527a3021ba6e9d5d4ee213a47dc214a97c128737c9e56df1", [:mix], [{:fast_html, "~> 0.99", [hex: :fast_html, repo: "hexpm", optional: false]}, {:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"},
+  "fast_sanitize": {:hex, :fast_sanitize, "0.1.6", "60a5ae96879956dea409a91a77f5dd2994c24cc10f80eefd8f9892ee4c0c7b25", [:mix], [{:fast_html, "~> 1.0", [hex: :fast_html, repo: "hexpm", optional: false]}, {:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"},
  "flake_id": {:hex, :flake_id, "0.1.0", "7716b086d2e405d09b647121a166498a0d93d1a623bead243e1f74216079ccb3", [:mix], [{:base62, "~> 1.2", [hex: :base62, repo: "hexpm", optional: false]}, {:ecto, ">= 2.0.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm"},
  "floki": {:hex, :floki, "0.23.1", "e100306ce7d8841d70a559748e5091542e2cfc67ffb3ade92b89a8435034dab1", [:mix], [{:html_entities, "~> 0.5.0", [hex: :html_entities, repo: "hexpm", optional: false]}], "hexpm"},
  "gen_smtp": {:hex, :gen_smtp, "0.15.0", "9f51960c17769b26833b50df0b96123605a8024738b62db747fece14eb2fbfcc", [:rebar3], [], "hexpm"},
--- a/priv/repo/migrations/20191123030554_add_activitypub_actor_type.exs
+++ b/priv/repo/migrations/20191123030554_add_activitypub_actor_type.exs
@ -0,0 +1,9 @@
 defmodule Pleroma.Repo.Migrations.AddActivitypubActorType do
  use Ecto.Migration
  def change do
    alter table("users") do
      add(:actor_type, :string, null: false, default: "Person")
    end
  end
 end
--- a/priv/repo/migrations/20191203043610_create_report_notes.exs
+++ b/priv/repo/migrations/20191203043610_create_report_notes.exs
@ -0,0 +1,13 @@
 defmodule Pleroma.Repo.Migrations.CreateReportNotes do
  use Ecto.Migration
  def change do
    create_if_not_exists table(:report_notes) do
      add(:user_id, references(:users, type: :uuid))
      add(:activity_id, references(:activities, type: :uuid))
      add(:content, :string)
      timestamps()
    end
  end
 end
--- a/priv/scrubbers/default.ex
+++ b/priv/scrubbers/default.ex
@ -0,0 +1,93 @@
 defmodule Pleroma.HTML.Scrubber.Default do
  @doc "The default HTML scrubbing policy: no "
  require FastSanitize.Sanitizer.Meta
  alias FastSanitize.Sanitizer.Meta
  # credo:disable-for-previous-line
  # No idea how to fix this one…
  @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
  Meta.strip_comments()
  Meta.allow_tag_with_uri_attributes(:a, ["href", "data-user", "data-tag"], @valid_schemes)
  Meta.allow_tag_with_this_attribute_values(:a, "class", [
    "hashtag",
    "u-url",
    "mention",
    "u-url mention",
    "mention u-url"
  ])
  Meta.allow_tag_with_this_attribute_values(:a, "rel", [
    "tag",
    "nofollow",
    "noopener",
    "noreferrer",
    "ugc"
  ])
  Meta.allow_tag_with_these_attributes(:a, ["name", "title"])
  Meta.allow_tag_with_these_attributes(:abbr, ["title"])
  Meta.allow_tag_with_these_attributes(:b, [])
  Meta.allow_tag_with_these_attributes(:blockquote, [])
  Meta.allow_tag_with_these_attributes(:br, [])
  Meta.allow_tag_with_these_attributes(:code, [])
  Meta.allow_tag_with_these_attributes(:del, [])
  Meta.allow_tag_with_these_attributes(:em, [])
  Meta.allow_tag_with_these_attributes(:i, [])
  Meta.allow_tag_with_these_attributes(:li, [])
  Meta.allow_tag_with_these_attributes(:ol, [])
  Meta.allow_tag_with_these_attributes(:p, [])
  Meta.allow_tag_with_these_attributes(:pre, [])
  Meta.allow_tag_with_these_attributes(:strong, [])
  Meta.allow_tag_with_these_attributes(:sub, [])
  Meta.allow_tag_with_these_attributes(:sup, [])
  Meta.allow_tag_with_these_attributes(:u, [])
  Meta.allow_tag_with_these_attributes(:ul, [])
  Meta.allow_tag_with_this_attribute_values(:span, "class", ["h-card"])
  Meta.allow_tag_with_these_attributes(:span, [])
  @allow_inline_images Pleroma.Config.get([:markup, :allow_inline_images])
  if @allow_inline_images do
    # restrict img tags to http/https only, because of MediaProxy.
    Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"])
    Meta.allow_tag_with_these_attributes(:img, [
      "width",
      "height",
      "class",
      "title",
      "alt"
    ])
  end
  if Pleroma.Config.get([:markup, :allow_tables]) do
    Meta.allow_tag_with_these_attributes(:table, [])
    Meta.allow_tag_with_these_attributes(:tbody, [])
    Meta.allow_tag_with_these_attributes(:td, [])
    Meta.allow_tag_with_these_attributes(:th, [])
    Meta.allow_tag_with_these_attributes(:thead, [])
    Meta.allow_tag_with_these_attributes(:tr, [])
  end
  if Pleroma.Config.get([:markup, :allow_headings]) do
    Meta.allow_tag_with_these_attributes(:h1, [])
    Meta.allow_tag_with_these_attributes(:h2, [])
    Meta.allow_tag_with_these_attributes(:h3, [])
    Meta.allow_tag_with_these_attributes(:h4, [])
    Meta.allow_tag_with_these_attributes(:h5, [])
  end
  if Pleroma.Config.get([:markup, :allow_fonts]) do
    Meta.allow_tag_with_these_attributes(:font, ["face"])
  end
  Meta.strip_everything_not_covered()
 end
--- a/priv/scrubbers/links_only.ex
+++ b/priv/scrubbers/links_only.ex
@ -0,0 +1,27 @@
 defmodule Pleroma.HTML.Scrubber.LinksOnly do
  @moduledoc """
  An HTML scrubbing policy which limits to links only.
  """
  @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
  require FastSanitize.Sanitizer.Meta
  alias FastSanitize.Sanitizer.Meta
  Meta.strip_comments()
  # links
  Meta.allow_tag_with_uri_attributes(:a, ["href"], @valid_schemes)
  Meta.allow_tag_with_this_attribute_values(:a, "rel", [
    "tag",
    "nofollow",
    "noopener",
    "noreferrer",
    "me",
    "ugc"
  ])
  Meta.allow_tag_with_these_attributes(:a, ["name", "title"])
  Meta.strip_everything_not_covered()
 end
--- a/priv/scrubbers/media_proxy.ex
+++ b/priv/scrubbers/media_proxy.ex
@ -0,0 +1,32 @@
 defmodule Pleroma.HTML.Transform.MediaProxy do
  @moduledoc "Transforms inline image URIs to use MediaProxy."
  alias Pleroma.Web.MediaProxy
  def before_scrub(html), do: html
  def scrub_attribute(:img, {"src", "http" <> target}) do
    media_url =
      ("http" <> target)
      |> MediaProxy.url()
    {"src", media_url}
  end
  def scrub_attribute(_tag, attribute), do: attribute
  def scrub({:img, attributes, children}) do
    attributes =
      attributes
      |> Enum.map(fn attr -> scrub_attribute(:img, attr) end)
      |> Enum.reject(&is_nil(&1))
    {:img, attributes, children}
  end
  def scrub({:comment, _text, _children}), do: ""
  def scrub({tag, attributes, children}), do: {tag, attributes, children}
  def scrub({_tag, children}), do: children
  def scrub(text), do: text
 end
--- a/priv/scrubbers/twitter_text.ex
+++ b/priv/scrubbers/twitter_text.ex
@ -0,0 +1,57 @@
 defmodule Pleroma.HTML.Scrubber.TwitterText do
  @moduledoc """
  An HTML scrubbing policy which limits to twitter-style text.  Only
  paragraphs, breaks and links are allowed through the filter.
  """
  @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
  require FastSanitize.Sanitizer.Meta
  alias FastSanitize.Sanitizer.Meta
  Meta.strip_comments()
  # links
  Meta.allow_tag_with_uri_attributes(:a, ["href", "data-user", "data-tag"], @valid_schemes)
  Meta.allow_tag_with_this_attribute_values(:a, "class", [
    "hashtag",
    "u-url",
    "mention",
    "u-url mention",
    "mention u-url"
  ])
  Meta.allow_tag_with_this_attribute_values(:a, "rel", [
    "tag",
    "nofollow",
    "noopener",
    "noreferrer"
  ])
  Meta.allow_tag_with_these_attributes(:a, ["name", "title"])
  # paragraphs and linebreaks
  Meta.allow_tag_with_these_attributes(:br, [])
  Meta.allow_tag_with_these_attributes(:p, [])
  # microformats
  Meta.allow_tag_with_this_attribute_values(:span, "class", ["h-card"])
  Meta.allow_tag_with_these_attributes(:span, [])
  # allow inline images for custom emoji
  if Pleroma.Config.get([:markup, :allow_inline_images]) do
    # restrict img tags to http/https only, because of MediaProxy.
    Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"])
    Meta.allow_tag_with_these_attributes(:img, [
      "width",
      "height",
      "class",
      "title",
      "alt"
    ])
  end
  Meta.strip_everything_not_covered()
 end
--- a/priv/static/index.html
+++ b/priv/static/index.html
@ -1 +1 @@
-<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,user-scalable=no"><title>Pleroma</title><!--server-generated-meta--><link rel=icon type=image/png href=/favicon.png><link rel=stylesheet href=/static/font/css/fontello.css><link rel=stylesheet href=/static/font/css/animation.css><link href=/static/css/vendors~app.b2603a50868c68a1c192.css rel=stylesheet><link href=/static/css/app.fd71461124f3eb029b1b.css rel=stylesheet></head><body class=hidden><noscript>To use Pleroma, please enable JavaScript.</noscript><div id=app></div><script type=text/javascript src=/static/js/vendors~app.76db8e4cdf29decd5cab.js></script><script type=text/javascript src=/static/js/app.d20ca27d22d74eb7bce0.js></script></body></html>
+<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,user-scalable=no"><title>Pleroma</title><!--server-generated-meta--><link rel=icon type=image/png href=/favicon.png><link href=/static/css/vendors~app.b2603a50868c68a1c192.css rel=stylesheet><link href=/static/css/app.ae04505b31bb0ee2765e.css rel=stylesheet><link href=/static/fontello.1576166651574.css rel=stylesheet></head><body class=hidden><noscript>To use Pleroma, please enable JavaScript.</noscript><div id=app></div><script type=text/javascript src=/static/js/vendors~app.3f1ed7a4fdfc37ee27a7.js></script><script type=text/javascript src=/static/js/app.a9b3f4c3e79baf3fa8b7.js></script></body></html>
--- a/priv/static/static/css/app.ae04505b31bb0ee2765e.css
+++ b/priv/static/static/css/app.ae04505b31bb0ee2765e.css
@ -99,4 +99,4 @@
  font-size: 14px;
 }
-/*# sourceMappingURL=app.fd71461124f3eb029b1b.css.map*/
+/*# sourceMappingURL=app.ae04505b31bb0ee2765e.css.map*/
--- a/priv/static/static/css/app.ae04505b31bb0ee2765e.css.map
+++ b/priv/static/static/css/app.ae04505b31bb0ee2765e.css.map
@ -1 +1 @@
-{"version":3,"sources":["webpack:///./src/hocs/with_load_more/with_load_more.scss","webpack:///./src/components/tab_switcher/tab_switcher.scss","webpack:///./src/hocs/with_subscription/with_subscription.scss"],"names":[],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,C;ACTA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,C;AClFA;AACA;AACA;AACA;AACA;AACA;AACA,C","file":"static/css/app.fd71461124f3eb029b1b.css","sourcesContent":[".with-load-more-footer {\n  padding: 10px;\n  text-align: center;\n  border-top: 1px solid;\n  border-top-color: #222;\n  border-top-color: var(--border, #222);\n}\n.with-load-more-footer .error {\n  font-size: 14px;\n}",".tab-switcher {\n  display: -ms-flexbox;\n  display: flex;\n  -ms-flex-direction: column;\n      flex-direction: column;\n}\n.tab-switcher .contents {\n  -ms-flex: 1 0 auto;\n      flex: 1 0 auto;\n  min-height: 0px;\n}\n.tab-switcher .contents .hidden {\n  display: none;\n}\n.tab-switcher .contents.scrollable-tabs {\n  -ms-flex-preferred-size: 0;\n      flex-basis: 0;\n  overflow-y: auto;\n}\n.tab-switcher .tabs {\n  display: -ms-flexbox;\n  display: flex;\n  position: relative;\n  width: 100%;\n  overflow-y: hidden;\n  overflow-x: auto;\n  padding-top: 5px;\n  box-sizing: border-box;\n}\n.tab-switcher .tabs::after, .tab-switcher .tabs::before {\n  display: block;\n  content: \"\";\n  -ms-flex: 1 1 auto;\n      flex: 1 1 auto;\n  border-bottom: 1px solid;\n  border-bottom-color: #222;\n  border-bottom-color: var(--border, #222);\n}\n.tab-switcher .tabs .tab-wrapper {\n  height: 28px;\n  position: relative;\n  display: -ms-flexbox;\n  display: flex;\n  -ms-flex: 0 0 auto;\n      flex: 0 0 auto;\n}\n.tab-switcher .tabs .tab-wrapper .tab {\n  width: 100%;\n  min-width: 1px;\n  position: relative;\n  border-bottom-left-radius: 0;\n  border-bottom-right-radius: 0;\n  padding: 6px 1em;\n  padding-bottom: 99px;\n  margin-bottom: -93px;\n  white-space: nowrap;\n}\n.tab-switcher .tabs .tab-wrapper .tab:not(.active) {\n  z-index: 4;\n}\n.tab-switcher .tabs .tab-wrapper .tab:not(.active):hover {\n  z-index: 6;\n}\n.tab-switcher .tabs .tab-wrapper .tab.active {\n  background: transparent;\n  z-index: 5;\n}\n.tab-switcher .tabs .tab-wrapper .tab img {\n  max-height: 26px;\n  vertical-align: top;\n  margin-top: -5px;\n}\n.tab-switcher .tabs .tab-wrapper:not(.active)::after {\n  content: \"\";\n  position: absolute;\n  left: 0;\n  right: 0;\n  bottom: 0;\n  z-index: 7;\n  border-bottom: 1px solid;\n  border-bottom-color: #222;\n  border-bottom-color: var(--border, #222);\n}",".with-subscription-loading {\n  padding: 10px;\n  text-align: center;\n}\n.with-subscription-loading .error {\n  font-size: 14px;\n}"],"sourceRoot":""}
+{"version":3,"sources":["webpack:///./src/hocs/with_load_more/with_load_more.scss","webpack:///./src/components/tab_switcher/tab_switcher.scss","webpack:///./src/hocs/with_subscription/with_subscription.scss"],"names":[],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,C;ACTA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,C;AClFA;AACA;AACA;AACA;AACA;AACA;AACA,C","file":"static/css/app.ae04505b31bb0ee2765e.css","sourcesContent":[".with-load-more-footer {\n  padding: 10px;\n  text-align: center;\n  border-top: 1px solid;\n  border-top-color: #222;\n  border-top-color: var(--border, #222);\n}\n.with-load-more-footer .error {\n  font-size: 14px;\n}",".tab-switcher {\n  display: -ms-flexbox;\n  display: flex;\n  -ms-flex-direction: column;\n      flex-direction: column;\n}\n.tab-switcher .contents {\n  -ms-flex: 1 0 auto;\n      flex: 1 0 auto;\n  min-height: 0px;\n}\n.tab-switcher .contents .hidden {\n  display: none;\n}\n.tab-switcher .contents.scrollable-tabs {\n  -ms-flex-preferred-size: 0;\n      flex-basis: 0;\n  overflow-y: auto;\n}\n.tab-switcher .tabs {\n  display: -ms-flexbox;\n  display: flex;\n  position: relative;\n  width: 100%;\n  overflow-y: hidden;\n  overflow-x: auto;\n  padding-top: 5px;\n  box-sizing: border-box;\n}\n.tab-switcher .tabs::after, .tab-switcher .tabs::before {\n  display: block;\n  content: \"\";\n  -ms-flex: 1 1 auto;\n      flex: 1 1 auto;\n  border-bottom: 1px solid;\n  border-bottom-color: #222;\n  border-bottom-color: var(--border, #222);\n}\n.tab-switcher .tabs .tab-wrapper {\n  height: 28px;\n  position: relative;\n  display: -ms-flexbox;\n  display: flex;\n  -ms-flex: 0 0 auto;\n      flex: 0 0 auto;\n}\n.tab-switcher .tabs .tab-wrapper .tab {\n  width: 100%;\n  min-width: 1px;\n  position: relative;\n  border-bottom-left-radius: 0;\n  border-bottom-right-radius: 0;\n  padding: 6px 1em;\n  padding-bottom: 99px;\n  margin-bottom: -93px;\n  white-space: nowrap;\n}\n.tab-switcher .tabs .tab-wrapper .tab:not(.active) {\n  z-index: 4;\n}\n.tab-switcher .tabs .tab-wrapper .tab:not(.active):hover {\n  z-index: 6;\n}\n.tab-switcher .tabs .tab-wrapper .tab.active {\n  background: transparent;\n  z-index: 5;\n}\n.tab-switcher .tabs .tab-wrapper .tab img {\n  max-height: 26px;\n  vertical-align: top;\n  margin-top: -5px;\n}\n.tab-switcher .tabs .tab-wrapper:not(.active)::after {\n  content: \"\";\n  position: absolute;\n  left: 0;\n  right: 0;\n  bottom: 0;\n  z-index: 7;\n  border-bottom: 1px solid;\n  border-bottom-color: #222;\n  border-bottom-color: var(--border, #222);\n}",".with-subscription-loading {\n  padding: 10px;\n  text-align: center;\n}\n.with-subscription-loading .error {\n  font-size: 14px;\n}"],"sourceRoot":""}
--- a/priv/static/static/font/LICENSE.txt
+++ b/priv/static/static/font/LICENSE.txt
@ -1,39 +0,0 @@
 Font license info
 ## Font Awesome
   Copyright (C) 2016 by Dave Gandy
   Author:    Dave Gandy
   License:   SIL ()
   Homepage:  http://fortawesome.github.com/Font-Awesome/
 ## Entypo
   Copyright (C) 2012 by Daniel Bruce
   Author:    Daniel Bruce
   License:   SIL (http://scripts.sil.org/OFL)
   Homepage:  http://www.entypo.com
 ## Iconic
   Copyright (C) 2012 by P.J. Onori
   Author:    P.J. Onori
   License:   SIL (http://scripts.sil.org/OFL)
   Homepage:  http://somerandomdude.com/work/iconic/
 ## Fontelico
   Copyright (C) 2012 by Fontello project
   Author:    Crowdsourced, for Fontello project
   License:   SIL (http://scripts.sil.org/OFL)
   Homepage:  http://fontello.com
--- a/priv/static/static/font/README.txt
+++ b/priv/static/static/font/README.txt
@ -1,75 +0,0 @@
 This webfont is generated by http://fontello.com open source project.
 ================================================================================
 Please, note, that you should obey original font licenses, used to make this
 webfont pack. Details available in LICENSE.txt file.
 - Usually, it's enough to publish content of LICENSE.txt file somewhere on your
  site in "About" section.
 - If your project is open-source, usually, it will be ok to make LICENSE.txt
  file publicly available in your repository.
 - Fonts, used in Fontello, don't require a clickable link on your site.
  But any kind of additional authors crediting is welcome.
 ================================================================================
 Comments on archive content
 ---------------------------
 - /font/* - fonts in different formats
 - /css/*  - different kinds of css, for all situations. Should be ok with 
  twitter bootstrap. Also, you can skip <i> style and assign icon classes
  directly to text elements, if you don't mind about IE7.
 - demo.html - demo file, to show your webfont content
 - LICENSE.txt - license info about source fonts, used to build your one.
 - config.json - keeps your settings. You can import it back into fontello
  anytime, to continue your work
 Why so many CSS files ?
 -----------------------
 Because we like to fit all your needs :)
 - basic file, <your_font_name>.css - is usually enough, it contains @font-face
  and character code definitions
 - *-ie7.css - if you need IE7 support, but still don't wish to put char codes
  directly into html
 - *-codes.css and *-ie7-codes.css - if you like to use your own @font-face
  rules, but still wish to benefit from css generation. That can be very
  convenient for automated asset build systems. When you need to update font -
  no need to manually edit files, just override old version with archive
  content. See fontello source code for examples.
 - *-embedded.css - basic css file, but with embedded WOFF font, to avoid
  CORS issues in Firefox and IE9+, when fonts are hosted on the separate domain.
  We strongly recommend to resolve this issue by `Access-Control-Allow-Origin`
  server headers. But if you ok with dirty hack - this file is for you. Note,
  that data url moved to separate @font-face to avoid problems with <IE9, when
  string is too long.
 - animate.css - use it to get ideas about spinner rotation animation.
 Attention for server setup
 --------------------------
 You MUST setup server to reply with proper `mime-types` for font files -
 otherwise some browsers will fail to show fonts.
 Usually, `apache` already has necessary settings, but `nginx` and other
 webservers should be tuned. Here is list of mime types for our file extensions:
 - `application/vnd.ms-fontobject` - eot
 - `application/x-font-woff` - woff
 - `application/x-font-ttf` - ttf
 - `image/svg+xml` - svg
--- a/priv/static/static/font/css/animation.css
+++ b/priv/static/static/font/css/animation.css
@ -1,85 +0,0 @@
 /*
   Animation example, for spinners
 */
 .animate-spin {
  -moz-animation: spin 2s infinite linear;
  -o-animation: spin 2s infinite linear;
  -webkit-animation: spin 2s infinite linear;
  animation: spin 2s infinite linear;
  display: inline-block;
 }
@-moz-keyframes spin {
  0% {
    -moz-transform: rotate(0deg);
    -o-transform: rotate(0deg);
    -webkit-transform: rotate(0deg);
    transform: rotate(0deg);
  }
  100% {
    -moz-transform: rotate(359deg);
    -o-transform: rotate(359deg);
    -webkit-transform: rotate(359deg);
    transform: rotate(359deg);
  }
 }
@-webkit-keyframes spin {
  0% {
    -moz-transform: rotate(0deg);
    -o-transform: rotate(0deg);
    -webkit-transform: rotate(0deg);
    transform: rotate(0deg);
  }
  100% {
    -moz-transform: rotate(359deg);
    -o-transform: rotate(359deg);
    -webkit-transform: rotate(359deg);
    transform: rotate(359deg);
  }
 }
@-o-keyframes spin {
  0% {
    -moz-transform: rotate(0deg);
    -o-transform: rotate(0deg);
    -webkit-transform: rotate(0deg);
    transform: rotate(0deg);
  }
  100% {
    -moz-transform: rotate(359deg);
    -o-transform: rotate(359deg);
    -webkit-transform: rotate(359deg);
    transform: rotate(359deg);
  }
 }
@-ms-keyframes spin {
  0% {
    -moz-transform: rotate(0deg);
    -o-transform: rotate(0deg);
    -webkit-transform: rotate(0deg);
    transform: rotate(0deg);
  }
  100% {
    -moz-transform: rotate(359deg);
    -o-transform: rotate(359deg);
    -webkit-transform: rotate(359deg);
    transform: rotate(359deg);
  }
 }
@keyframes spin {
  0% {
    -moz-transform: rotate(0deg);
    -o-transform: rotate(0deg);
    -webkit-transform: rotate(0deg);
    transform: rotate(0deg);
  }
  100% {
    -moz-transform: rotate(359deg);
    -o-transform: rotate(359deg);
    -webkit-transform: rotate(359deg);
    transform: rotate(359deg);
  }
 }
--- a/priv/static/static/font/css/fontello-codes.css
+++ b/priv/static/static/font/css/fontello-codes.css
@ -1,48 +0,0 @@
 .icon-cancel:before { content: '\e800'; } /* '' */
 .icon-upload:before { content: '\e801'; } /* '' */
 .icon-star:before { content: '\e802'; } /* '' */
 .icon-star-empty:before { content: '\e803'; } /* '' */
 .icon-retweet:before { content: '\e804'; } /* '' */
 .icon-eye-off:before { content: '\e805'; } /* '' */
 .icon-search:before { content: '\e806'; } /* '' */
 .icon-cog:before { content: '\e807'; } /* '' */
 .icon-logout:before { content: '\e808'; } /* '' */
 .icon-down-open:before { content: '\e809'; } /* '' */
 .icon-attach:before { content: '\e80a'; } /* '' */
 .icon-picture:before { content: '\e80b'; } /* '' */
 .icon-video:before { content: '\e80c'; } /* '' */
 .icon-right-open:before { content: '\e80d'; } /* '' */
 .icon-left-open:before { content: '\e80e'; } /* '' */
 .icon-up-open:before { content: '\e80f'; } /* '' */
 .icon-bell-ringing-o:before { content: '\e810'; } /* '' */
 .icon-lock:before { content: '\e811'; } /* '' */
 .icon-globe:before { content: '\e812'; } /* '' */
 .icon-brush:before { content: '\e813'; } /* '' */
 .icon-attention:before { content: '\e814'; } /* '' */
 .icon-plus:before { content: '\e815'; } /* '' */
 .icon-adjust:before { content: '\e816'; } /* '' */
 .icon-edit:before { content: '\e817'; } /* '' */
 .icon-pencil:before { content: '\e818'; } /* '' */
 .icon-pin:before { content: '\e819'; } /* '' */
 .icon-wrench:before { content: '\e81a'; } /* '' */
 .icon-chart-bar:before { content: '\e81b'; } /* '' */
 .icon-zoom-in:before { content: '\e81c'; } /* '' */
 .icon-spin3:before { content: '\e832'; } /* '' */
 .icon-spin4:before { content: '\e834'; } /* '' */
 .icon-link-ext:before { content: '\f08e'; } /* '' */
 .icon-link-ext-alt:before { content: '\f08f'; } /* '' */
 .icon-menu:before { content: '\f0c9'; } /* '' */
 .icon-mail-alt:before { content: '\f0e0'; } /* '' */
 .icon-gauge:before { content: '\f0e4'; } /* '' */
 .icon-comment-empty:before { content: '\f0e5'; } /* '' */
 .icon-bell-alt:before { content: '\f0f3'; } /* '' */
 .icon-plus-squared:before { content: '\f0fe'; } /* '' */
 .icon-reply:before { content: '\f112'; } /* '' */
 .icon-smile:before { content: '\f118'; } /* '' */
 .icon-lock-open-alt:before { content: '\f13e'; } /* '' */
 .icon-ellipsis:before { content: '\f141'; } /* '' */
 .icon-play-circled:before { content: '\f144'; } /* '' */
 .icon-thumbs-up-alt:before { content: '\f164'; } /* '' */
 .icon-binoculars:before { content: '\f1e5'; } /* '' */
 .icon-user-plus:before { content: '\f234'; } /* '' */
--- a/priv/static/static/font/css/fontello-embedded.css
+++ b/priv/static/static/font/css/fontello-embedded.css
--- a/priv/static/static/font/css/fontello-ie7-codes.css
+++ b/priv/static/static/font/css/fontello-ie7-codes.css
@ -1,48 +0,0 @@
 .icon-cancel { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe800;&nbsp;'); }
 .icon-upload { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe801;&nbsp;'); }
 .icon-star { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe802;&nbsp;'); }
 .icon-star-empty { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe803;&nbsp;'); }
 .icon-retweet { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe804;&nbsp;'); }
 .icon-eye-off { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe805;&nbsp;'); }
 .icon-search { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe806;&nbsp;'); }
 .icon-cog { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe807;&nbsp;'); }
 .icon-logout { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe808;&nbsp;'); }
 .icon-down-open { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe809;&nbsp;'); }
 .icon-attach { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe80a;&nbsp;'); }
 .icon-picture { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe80b;&nbsp;'); }
 .icon-video { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe80c;&nbsp;'); }
 .icon-right-open { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe80d;&nbsp;'); }
 .icon-left-open { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe80e;&nbsp;'); }
 .icon-up-open { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe80f;&nbsp;'); }
 .icon-bell-ringing-o { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe810;&nbsp;'); }
 .icon-lock { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe811;&nbsp;'); }
 .icon-globe { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe812;&nbsp;'); }
 .icon-brush { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe813;&nbsp;'); }
 .icon-attention { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe814;&nbsp;'); }
 .icon-plus { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe815;&nbsp;'); }
 .icon-adjust { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe816;&nbsp;'); }
 .icon-edit { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe817;&nbsp;'); }
 .icon-pencil { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe818;&nbsp;'); }
 .icon-pin { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe819;&nbsp;'); }
 .icon-wrench { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe81a;&nbsp;'); }
 .icon-chart-bar { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe81b;&nbsp;'); }
 .icon-zoom-in { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe81c;&nbsp;'); }
 .icon-spin3 { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe832;&nbsp;'); }
 .icon-spin4 { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe834;&nbsp;'); }
 .icon-link-ext { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf08e;&nbsp;'); }
 .icon-link-ext-alt { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf08f;&nbsp;'); }
 .icon-menu { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf0c9;&nbsp;'); }
 .icon-mail-alt { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf0e0;&nbsp;'); }
 .icon-gauge { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf0e4;&nbsp;'); }
 .icon-comment-empty { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf0e5;&nbsp;'); }
 .icon-bell-alt { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf0f3;&nbsp;'); }
 .icon-plus-squared { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf0fe;&nbsp;'); }
 .icon-reply { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf112;&nbsp;'); }
 .icon-smile { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf118;&nbsp;'); }
 .icon-lock-open-alt { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf13e;&nbsp;'); }
 .icon-ellipsis { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf141;&nbsp;'); }
 .icon-play-circled { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf144;&nbsp;'); }
 .icon-thumbs-up-alt { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf164;&nbsp;'); }
 .icon-binoculars { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf1e5;&nbsp;'); }
 .icon-user-plus { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf234;&nbsp;'); }
--- a/priv/static/static/font/css/fontello-ie7.css
+++ b/priv/static/static/font/css/fontello-ie7.css
@ -1,59 +0,0 @@
 [class^="icon-"], [class*=" icon-"] {
  font-family: 'fontello';
  font-style: normal;
  font-weight: normal;
  /* fix buttons height */
  line-height: 1em;
  /* you can be more comfortable with increased icons size */
  /* font-size: 120%; */
 }
 .icon-cancel { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe800;&nbsp;'); }
 .icon-upload { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe801;&nbsp;'); }
 .icon-star { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe802;&nbsp;'); }
 .icon-star-empty { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe803;&nbsp;'); }
 .icon-retweet { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe804;&nbsp;'); }
 .icon-eye-off { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe805;&nbsp;'); }
 .icon-search { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe806;&nbsp;'); }
 .icon-cog { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe807;&nbsp;'); }
 .icon-logout { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe808;&nbsp;'); }
 .icon-down-open { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe809;&nbsp;'); }
 .icon-attach { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe80a;&nbsp;'); }
 .icon-picture { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe80b;&nbsp;'); }
 .icon-video { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe80c;&nbsp;'); }
 .icon-right-open { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe80d;&nbsp;'); }
 .icon-left-open { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe80e;&nbsp;'); }
 .icon-up-open { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe80f;&nbsp;'); }
 .icon-bell-ringing-o { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe810;&nbsp;'); }
 .icon-lock { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe811;&nbsp;'); }
 .icon-globe { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe812;&nbsp;'); }
 .icon-brush { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe813;&nbsp;'); }
 .icon-attention { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe814;&nbsp;'); }
 .icon-plus { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe815;&nbsp;'); }
 .icon-adjust { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe816;&nbsp;'); }
 .icon-edit { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe817;&nbsp;'); }
 .icon-pencil { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe818;&nbsp;'); }
 .icon-pin { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe819;&nbsp;'); }
 .icon-wrench { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe81a;&nbsp;'); }
 .icon-chart-bar { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe81b;&nbsp;'); }
 .icon-zoom-in { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe81c;&nbsp;'); }
 .icon-spin3 { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe832;&nbsp;'); }
 .icon-spin4 { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xe834;&nbsp;'); }
 .icon-link-ext { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf08e;&nbsp;'); }
 .icon-link-ext-alt { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf08f;&nbsp;'); }
 .icon-menu { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf0c9;&nbsp;'); }
 .icon-mail-alt { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf0e0;&nbsp;'); }
 .icon-gauge { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf0e4;&nbsp;'); }
 .icon-comment-empty { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf0e5;&nbsp;'); }
 .icon-bell-alt { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf0f3;&nbsp;'); }
 .icon-plus-squared { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf0fe;&nbsp;'); }
 .icon-reply { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf112;&nbsp;'); }
 .icon-smile { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf118;&nbsp;'); }
 .icon-lock-open-alt { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf13e;&nbsp;'); }
 .icon-ellipsis { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf141;&nbsp;'); }
 .icon-play-circled { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf144;&nbsp;'); }
 .icon-thumbs-up-alt { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf164;&nbsp;'); }
 .icon-binoculars { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf1e5;&nbsp;'); }
 .icon-user-plus { *zoom: expression( this.runtimeStyle['zoom'] = '1', this.innerHTML = '&#xf234;&nbsp;'); }
--- a/priv/static/static/font/css/fontello.css
+++ b/priv/static/static/font/css/fontello.css
@ -1,104 +0,0 @@
@font-face {
  font-family: 'fontello';
  src: url('../font/fontello.eot?70867224');
  src: url('../font/fontello.eot?70867224#iefix') format('embedded-opentype'),
       url('../font/fontello.woff2?70867224') format('woff2'),
       url('../font/fontello.woff?70867224') format('woff'),
       url('../font/fontello.ttf?70867224') format('truetype'),
       url('../font/fontello.svg?70867224#fontello') format('svg');
  font-weight: normal;
  font-style: normal;
 }
 /* Chrome hack: SVG is rendered more smooth in Windozze. 100% magic, uncomment if you need it. */
 /* Note, that will break hinting! In other OS-es font will be not as sharp as it could be */
 /*
@media screen and (-webkit-min-device-pixel-ratio:0) {
  @font-face {
    font-family: 'fontello';
    src: url('../font/fontello.svg?70867224#fontello') format('svg');
  }
 }
 */
 [class^="icon-"]:before, [class*=" icon-"]:before {
  font-family: "fontello";
  font-style: normal;
  font-weight: normal;
  speak: none;
  display: inline-block;
  text-decoration: inherit;
  width: 1em;
  margin-right: .2em;
  text-align: center;
  /* opacity: .8; */
  /* For safety - reset parent styles, that can break glyph codes*/
  font-variant: normal;
  text-transform: none;
  /* fix buttons height, for twitter bootstrap */
  line-height: 1em;
  /* Animation center compensation - margins should be symmetric */
  /* remove if not needed */
  margin-left: .2em;
  /* you can be more comfortable with increased icons size */
  /* font-size: 120%; */
  /* Font smoothing. That was taken from TWBS */
  -webkit-font-smoothing: antialiased;
  -moz-osx-font-smoothing: grayscale;
  /* Uncomment for 3D effect */
  /* text-shadow: 1px 1px 1px rgba(127, 127, 127, 0.3); */
 }
 .icon-cancel:before { content: '\e800'; } /* '' */
 .icon-upload:before { content: '\e801'; } /* '' */
 .icon-star:before { content: '\e802'; } /* '' */
 .icon-star-empty:before { content: '\e803'; } /* '' */
 .icon-retweet:before { content: '\e804'; } /* '' */
 .icon-eye-off:before { content: '\e805'; } /* '' */
 .icon-search:before { content: '\e806'; } /* '' */
 .icon-cog:before { content: '\e807'; } /* '' */
 .icon-logout:before { content: '\e808'; } /* '' */
 .icon-down-open:before { content: '\e809'; } /* '' */
 .icon-attach:before { content: '\e80a'; } /* '' */
 .icon-picture:before { content: '\e80b'; } /* '' */
 .icon-video:before { content: '\e80c'; } /* '' */
 .icon-right-open:before { content: '\e80d'; } /* '' */
 .icon-left-open:before { content: '\e80e'; } /* '' */
 .icon-up-open:before { content: '\e80f'; } /* '' */
 .icon-bell-ringing-o:before { content: '\e810'; } /* '' */
 .icon-lock:before { content: '\e811'; } /* '' */
 .icon-globe:before { content: '\e812'; } /* '' */
 .icon-brush:before { content: '\e813'; } /* '' */
 .icon-attention:before { content: '\e814'; } /* '' */
 .icon-plus:before { content: '\e815'; } /* '' */
 .icon-adjust:before { content: '\e816'; } /* '' */
 .icon-edit:before { content: '\e817'; } /* '' */
 .icon-pencil:before { content: '\e818'; } /* '' */
 .icon-pin:before { content: '\e819'; } /* '' */
 .icon-wrench:before { content: '\e81a'; } /* '' */
 .icon-chart-bar:before { content: '\e81b'; } /* '' */
 .icon-zoom-in:before { content: '\e81c'; } /* '' */
 .icon-spin3:before { content: '\e832'; } /* '' */
 .icon-spin4:before { content: '\e834'; } /* '' */
 .icon-link-ext:before { content: '\f08e'; } /* '' */
 .icon-link-ext-alt:before { content: '\f08f'; } /* '' */
 .icon-menu:before { content: '\f0c9'; } /* '' */
 .icon-mail-alt:before { content: '\f0e0'; } /* '' */
 .icon-gauge:before { content: '\f0e4'; } /* '' */
 .icon-comment-empty:before { content: '\f0e5'; } /* '' */
 .icon-bell-alt:before { content: '\f0f3'; } /* '' */
 .icon-plus-squared:before { content: '\f0fe'; } /* '' */
 .icon-reply:before { content: '\f112'; } /* '' */
 .icon-smile:before { content: '\f118'; } /* '' */
 .icon-lock-open-alt:before { content: '\f13e'; } /* '' */
 .icon-ellipsis:before { content: '\f141'; } /* '' */
 .icon-play-circled:before { content: '\f144'; } /* '' */
 .icon-thumbs-up-alt:before { content: '\f164'; } /* '' */
 .icon-binoculars:before { content: '\f1e5'; } /* '' */
 .icon-user-plus:before { content: '\f234'; } /* '' */
--- a/priv/static/static/font/demo.html
+++ b/priv/static/static/font/demo.html
@ -1,374 +0,0 @@
 <!DOCTYPE html>
 <html>
  <head><!--[if lt IE 9]><script language="javascript" type="text/javascript" src="//html5shim.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
    <meta charset="UTF-8"><style>/*
 * Bootstrap v2.2.1
 *
 * Copyright 2012 Twitter, Inc
 * Licensed under the Apache License v2.0
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Designed and built with all the love in the world @twitter by @mdo and @fat.
 */
 .clearfix {
  *zoom: 1;
 }
 .clearfix:before,
 .clearfix:after {
  display: table;
  content: "";
  line-height: 0;
 }
 .clearfix:after {
  clear: both;
 }
 html {
  font-size: 100%;
  -webkit-text-size-adjust: 100%;
  -ms-text-size-adjust: 100%;
 }
 a:focus {
  outline: thin dotted #333;
  outline: 5px auto -webkit-focus-ring-color;
  outline-offset: -2px;
 }
 a:hover,
 a:active {
  outline: 0;
 }
 button,
 input,
 select,
 textarea {
  margin: 0;
  font-size: 100%;
  vertical-align: middle;
 }
 button,
 input {
  *overflow: visible;
  line-height: normal;
 }
 button::-moz-focus-inner,
 input::-moz-focus-inner {
  padding: 0;
  border: 0;
 }
 body {
  margin: 0;
  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
  font-size: 14px;
  line-height: 20px;
  color: #333;
  background-color: #fff;
 }
 a {
  color: #08c;
  text-decoration: none;
 }
 a:hover {
  color: #005580;
  text-decoration: underline;
 }
 .row {
  margin-left: -20px;
  *zoom: 1;
 }
 .row:before,
 .row:after {
  display: table;
  content: "";
  line-height: 0;
 }
 .row:after {
  clear: both;
 }
 [class*="span"] {
  float: left;
  min-height: 1px;
  margin-left: 20px;
 }
 .container,
 .navbar-static-top .container,
 .navbar-fixed-top .container,
 .navbar-fixed-bottom .container {
  width: 940px;
 }
 .span12 {
  width: 940px;
 }
 .span11 {
  width: 860px;
 }
 .span10 {
  width: 780px;
 }
 .span9 {
  width: 700px;
 }
 .span8 {
  width: 620px;
 }
 .span7 {
  width: 540px;
 }
 .span6 {
  width: 460px;
 }
 .span5 {
  width: 380px;
 }
 .span4 {
  width: 300px;
 }
 .span3 {
  width: 220px;
 }
 .span2 {
  width: 140px;
 }
 .span1 {
  width: 60px;
 }
 [class*="span"].pull-right,
 .row-fluid [class*="span"].pull-right {
  float: right;
 }
 .container {
  margin-right: auto;
  margin-left: auto;
  *zoom: 1;
 }
 .container:before,
 .container:after {
  display: table;
  content: "";
  line-height: 0;
 }
 .container:after {
  clear: both;
 }
 p {
  margin: 0 0 10px;
 }
 .lead {
  margin-bottom: 20px;
  font-size: 21px;
  font-weight: 200;
  line-height: 30px;
 }
 small {
  font-size: 85%;
 }
 h1 {
  margin: 10px 0;
  font-family: inherit;
  font-weight: bold;
  line-height: 20px;
  color: inherit;
  text-rendering: optimizelegibility;
 }
 h1 small {
  font-weight: normal;
  line-height: 1;
  color: #999;
 }
 h1 {
  line-height: 40px;
 }
 h1 {
  font-size: 38.5px;
 }
 h1 small {
  font-size: 24.5px;
 }
 body {
  margin-top: 90px;
 }
 .header {
  position: fixed;
  top: 0;
  left: 50%;
  margin-left: -480px;
  background-color: #fff;
  border-bottom: 1px solid #ddd;
  padding-top: 10px;
  z-index: 10;
 }
 .footer {
  color: #ddd;
  font-size: 12px;
  text-align: center;
  margin-top: 20px;
 }
 .footer a {
  color: #ccc;
  text-decoration: underline;
 }
 .the-icons {
  font-size: 14px;
  line-height: 24px;
 }
 .switch {
  position: absolute;
  right: 0;
  bottom: 10px;
  color: #666;
 }
 .switch input {
  margin-right: 0.3em;
 }
 .codesOn .i-name {
  display: none;
 }
 .codesOn .i-code {
  display: inline;
 }
 .i-code {
  display: none;
 }
@font-face {
      font-family: 'fontello';
      src: url('./font/fontello.eot?56851497');
      src: url('./font/fontello.eot?56851497#iefix') format('embedded-opentype'),
           url('./font/fontello.woff?56851497') format('woff'),
           url('./font/fontello.ttf?56851497') format('truetype'),
           url('./font/fontello.svg?56851497#fontello') format('svg');
      font-weight: normal;
      font-style: normal;
    }
    .demo-icon
    {
      font-family: "fontello";
      font-style: normal;
      font-weight: normal;
      speak: none;
      display: inline-block;
      text-decoration: inherit;
      width: 1em;
      margin-right: .2em;
      text-align: center;
      /* opacity: .8; */
      /* For safety - reset parent styles, that can break glyph codes*/
      font-variant: normal;
      text-transform: none;
      /* fix buttons height, for twitter bootstrap */
      line-height: 1em;
      /* Animation center compensation - margins should be symmetric */
      /* remove if not needed */
      margin-left: .2em;
      /* You can be more comfortable with increased icons size */
      /* font-size: 120%; */
      /* Font smoothing. That was taken from TWBS */
      -webkit-font-smoothing: antialiased;
      -moz-osx-font-smoothing: grayscale;
      /* Uncomment for 3D effect */
      /* text-shadow: 1px 1px 1px rgba(127, 127, 127, 0.3); */
    }
     </style>
    <link rel="stylesheet" href="css/animation.css"><!--[if IE 7]><link rel="stylesheet" href="css/" + font.fontname + "-ie7.css"><![endif]-->
    <script>
      function toggleCodes(on) {
        var obj = document.getElementById('icons');
        if (on) {
          obj.className += ' codesOn';
        } else {
          obj.className = obj.className.replace(' codesOn', '');
        }
      }
    </script>
  </head>
  <body>
    <div class="container header">
      <h1>fontello <small>font demo</small></h1>
      <label class="switch">
        <input type="checkbox" onclick="toggleCodes(this.checked)">show codes
      </label>
    </div>
    <div class="container" id="icons">
      <div class="row">
        <div class="the-icons span3" title="Code: 0xe800"><i class="demo-icon icon-cancel">&#xe800;</i> <span class="i-name">icon-cancel</span><span class="i-code">0xe800</span></div>
        <div class="the-icons span3" title="Code: 0xe801"><i class="demo-icon icon-upload">&#xe801;</i> <span class="i-name">icon-upload</span><span class="i-code">0xe801</span></div>
        <div class="the-icons span3" title="Code: 0xe802"><i class="demo-icon icon-star">&#xe802;</i> <span class="i-name">icon-star</span><span class="i-code">0xe802</span></div>
        <div class="the-icons span3" title="Code: 0xe803"><i class="demo-icon icon-star-empty">&#xe803;</i> <span class="i-name">icon-star-empty</span><span class="i-code">0xe803</span></div>
      </div>
      <div class="row">
        <div class="the-icons span3" title="Code: 0xe804"><i class="demo-icon icon-retweet">&#xe804;</i> <span class="i-name">icon-retweet</span><span class="i-code">0xe804</span></div>
        <div class="the-icons span3" title="Code: 0xe805"><i class="demo-icon icon-eye-off">&#xe805;</i> <span class="i-name">icon-eye-off</span><span class="i-code">0xe805</span></div>
        <div class="the-icons span3" title="Code: 0xe806"><i class="demo-icon icon-search">&#xe806;</i> <span class="i-name">icon-search</span><span class="i-code">0xe806</span></div>
        <div class="the-icons span3" title="Code: 0xe807"><i class="demo-icon icon-cog">&#xe807;</i> <span class="i-name">icon-cog</span><span class="i-code">0xe807</span></div>
      </div>
      <div class="row">
        <div class="the-icons span3" title="Code: 0xe808"><i class="demo-icon icon-logout">&#xe808;</i> <span class="i-name">icon-logout</span><span class="i-code">0xe808</span></div>
        <div class="the-icons span3" title="Code: 0xe809"><i class="demo-icon icon-down-open">&#xe809;</i> <span class="i-name">icon-down-open</span><span class="i-code">0xe809</span></div>
        <div class="the-icons span3" title="Code: 0xe80a"><i class="demo-icon icon-attach">&#xe80a;</i> <span class="i-name">icon-attach</span><span class="i-code">0xe80a</span></div>
        <div class="the-icons span3" title="Code: 0xe80b"><i class="demo-icon icon-picture">&#xe80b;</i> <span class="i-name">icon-picture</span><span class="i-code">0xe80b</span></div>
      </div>
      <div class="row">
        <div class="the-icons span3" title="Code: 0xe80c"><i class="demo-icon icon-video">&#xe80c;</i> <span class="i-name">icon-video</span><span class="i-code">0xe80c</span></div>
        <div class="the-icons span3" title="Code: 0xe80d"><i class="demo-icon icon-right-open">&#xe80d;</i> <span class="i-name">icon-right-open</span><span class="i-code">0xe80d</span></div>
        <div class="the-icons span3" title="Code: 0xe80e"><i class="demo-icon icon-left-open">&#xe80e;</i> <span class="i-name">icon-left-open</span><span class="i-code">0xe80e</span></div>
        <div class="the-icons span3" title="Code: 0xe80f"><i class="demo-icon icon-up-open">&#xe80f;</i> <span class="i-name">icon-up-open</span><span class="i-code">0xe80f</span></div>
      </div>
      <div class="row">
        <div class="the-icons span3" title="Code: 0xe810"><i class="demo-icon icon-bell-ringing-o">&#xe810;</i> <span class="i-name">icon-bell-ringing-o</span><span class="i-code">0xe810</span></div>
        <div class="the-icons span3" title="Code: 0xe811"><i class="demo-icon icon-lock">&#xe811;</i> <span class="i-name">icon-lock</span><span class="i-code">0xe811</span></div>
        <div class="the-icons span3" title="Code: 0xe812"><i class="demo-icon icon-globe">&#xe812;</i> <span class="i-name">icon-globe</span><span class="i-code">0xe812</span></div>
        <div class="the-icons span3" title="Code: 0xe813"><i class="demo-icon icon-brush">&#xe813;</i> <span class="i-name">icon-brush</span><span class="i-code">0xe813</span></div>
      </div>
      <div class="row">
        <div class="the-icons span3" title="Code: 0xe814"><i class="demo-icon icon-attention">&#xe814;</i> <span class="i-name">icon-attention</span><span class="i-code">0xe814</span></div>
        <div class="the-icons span3" title="Code: 0xe815"><i class="demo-icon icon-plus">&#xe815;</i> <span class="i-name">icon-plus</span><span class="i-code">0xe815</span></div>
        <div class="the-icons span3" title="Code: 0xe816"><i class="demo-icon icon-adjust">&#xe816;</i> <span class="i-name">icon-adjust</span><span class="i-code">0xe816</span></div>
        <div class="the-icons span3" title="Code: 0xe817"><i class="demo-icon icon-edit">&#xe817;</i> <span class="i-name">icon-edit</span><span class="i-code">0xe817</span></div>
      </div>
      <div class="row">
        <div class="the-icons span3" title="Code: 0xe818"><i class="demo-icon icon-pencil">&#xe818;</i> <span class="i-name">icon-pencil</span><span class="i-code">0xe818</span></div>
        <div class="the-icons span3" title="Code: 0xe819"><i class="demo-icon icon-pin">&#xe819;</i> <span class="i-name">icon-pin</span><span class="i-code">0xe819</span></div>
        <div class="the-icons span3" title="Code: 0xe81a"><i class="demo-icon icon-wrench">&#xe81a;</i> <span class="i-name">icon-wrench</span><span class="i-code">0xe81a</span></div>
        <div class="the-icons span3" title="Code: 0xe81b"><i class="demo-icon icon-chart-bar">&#xe81b;</i> <span class="i-name">icon-chart-bar</span><span class="i-code">0xe81b</span></div>
      </div>
      <div class="row">
        <div class="the-icons span3" title="Code: 0xe81c"><i class="demo-icon icon-zoom-in">&#xe81c;</i> <span class="i-name">icon-zoom-in</span><span class="i-code">0xe81c</span></div>
        <div class="the-icons span3" title="Code: 0xe832"><i class="demo-icon icon-spin3 animate-spin">&#xe832;</i> <span class="i-name">icon-spin3</span><span class="i-code">0xe832</span></div>
        <div class="the-icons span3" title="Code: 0xe834"><i class="demo-icon icon-spin4 animate-spin">&#xe834;</i> <span class="i-name">icon-spin4</span><span class="i-code">0xe834</span></div>
        <div class="the-icons span3" title="Code: 0xf08e"><i class="demo-icon icon-link-ext">&#xf08e;</i> <span class="i-name">icon-link-ext</span><span class="i-code">0xf08e</span></div>
      </div>
      <div class="row">
        <div class="the-icons span3" title="Code: 0xf08f"><i class="demo-icon icon-link-ext-alt">&#xf08f;</i> <span class="i-name">icon-link-ext-alt</span><span class="i-code">0xf08f</span></div>
        <div class="the-icons span3" title="Code: 0xf0c9"><i class="demo-icon icon-menu">&#xf0c9;</i> <span class="i-name">icon-menu</span><span class="i-code">0xf0c9</span></div>
        <div class="the-icons span3" title="Code: 0xf0e0"><i class="demo-icon icon-mail-alt">&#xf0e0;</i> <span class="i-name">icon-mail-alt</span><span class="i-code">0xf0e0</span></div>
        <div class="the-icons span3" title="Code: 0xf0e4"><i class="demo-icon icon-gauge">&#xf0e4;</i> <span class="i-name">icon-gauge</span><span class="i-code">0xf0e4</span></div>
      </div>
      <div class="row">
        <div class="the-icons span3" title="Code: 0xf0e5"><i class="demo-icon icon-comment-empty">&#xf0e5;</i> <span class="i-name">icon-comment-empty</span><span class="i-code">0xf0e5</span></div>
        <div class="the-icons span3" title="Code: 0xf0f3"><i class="demo-icon icon-bell-alt">&#xf0f3;</i> <span class="i-name">icon-bell-alt</span><span class="i-code">0xf0f3</span></div>
        <div class="the-icons span3" title="Code: 0xf0fe"><i class="demo-icon icon-plus-squared">&#xf0fe;</i> <span class="i-name">icon-plus-squared</span><span class="i-code">0xf0fe</span></div>
        <div class="the-icons span3" title="Code: 0xf112"><i class="demo-icon icon-reply">&#xf112;</i> <span class="i-name">icon-reply</span><span class="i-code">0xf112</span></div>
      </div>
      <div class="row">
        <div class="the-icons span3" title="Code: 0xf118"><i class="demo-icon icon-smile">&#xf118;</i> <span class="i-name">icon-smile</span><span class="i-code">0xf118</span></div>
        <div class="the-icons span3" title="Code: 0xf13e"><i class="demo-icon icon-lock-open-alt">&#xf13e;</i> <span class="i-name">icon-lock-open-alt</span><span class="i-code">0xf13e</span></div>
        <div class="the-icons span3" title="Code: 0xf141"><i class="demo-icon icon-ellipsis">&#xf141;</i> <span class="i-name">icon-ellipsis</span><span class="i-code">0xf141</span></div>
        <div class="the-icons span3" title="Code: 0xf144"><i class="demo-icon icon-play-circled">&#xf144;</i> <span class="i-name">icon-play-circled</span><span class="i-code">0xf144</span></div>
      </div>
      <div class="row">
        <div class="the-icons span3" title="Code: 0xf164"><i class="demo-icon icon-thumbs-up-alt">&#xf164;</i> <span class="i-name">icon-thumbs-up-alt</span><span class="i-code">0xf164</span></div>
        <div class="the-icons span3" title="Code: 0xf1e5"><i class="demo-icon icon-binoculars">&#xf1e5;</i> <span class="i-name">icon-binoculars</span><span class="i-code">0xf1e5</span></div>
        <div class="the-icons span3" title="Code: 0xf234"><i class="demo-icon icon-user-plus">&#xf234;</i> <span class="i-name">icon-user-plus</span><span class="i-code">0xf234</span></div>
      </div>
    </div>
    <div class="container footer">Generated by <a href="http://fontello.com">fontello.com</a></div>
  </body>
 </html>
--- a/priv/static/static/font/font/fontello.woff2
+++ b/priv/static/static/font/font/fontello.woff2
--- a/priv/static/static/font/fontello.1576166651574.eot
+++ b/priv/static/static/font/fontello.1576166651574.eot
--- a/priv/static/static/font/fontello.1576166651574.svg
+++ b/priv/static/static/font/fontello.1576166651574.svg
--- a/priv/static/static/font/fontello.1576166651574.ttf
+++ b/priv/static/static/font/fontello.1576166651574.ttf
--- a/priv/static/static/font/fontello.1576166651574.woff
+++ b/priv/static/static/font/fontello.1576166651574.woff
--- a/priv/static/static/font/fontello.1576166651574.woff2
+++ b/priv/static/static/font/fontello.1576166651574.woff2
--- a/priv/static/static/fontello.1576166651574.css
+++ b/priv/static/static/fontello.1576166651574.css
@ -0,0 +1,124 @@
@font-face {
 	font-family: "Icons";
 	src: url("./font/fontello.1576166651574.eot");
 	src: url("./font/fontello.1576166651574.eot") format("embedded-opentype"),
 		url("./font/fontello.1576166651574.woff2") format("woff2"),
 		url("./font/fontello.1576166651574.woff") format("woff"),
 		url("./font/fontello.1576166651574.ttf") format("truetype"),
 		url("./font/fontello.1576166651574.svg") format("svg");
 	font-weight: normal;
 	font-style: normal;
 }
 [class^="icon-"]::before,
 [class*=" icon-"]::before {
 	font-family: "Icons";
 	font-style: normal;
 	font-weight: normal;
 	speak: none;
 	display: inline-block;
 	text-decoration: inherit;
 	width: 1em;
 	margin-right: .2em;
 	text-align: center;
 	font-variant: normal;
 	text-transform: none;
 	line-height: 1em;
 	margin-left: .2em;
 	-webkit-font-smoothing: antialiased;
 	-moz-osx-font-smoothing: grayscale;
 }
 .icon-spin4::before { content: "\e834"; }
 .icon-cancel::before { content: "\e800"; }
 .icon-upload::before { content: "\e801"; }
 .icon-spin3::before { content: "\e832"; }
 .icon-reply::before { content: "\f112"; }
 .icon-star::before { content: "\e802"; }
 .icon-star-empty::before { content: "\e803"; }
 .icon-retweet::before { content: "\e804"; }
 .icon-eye-off::before { content: "\e805"; }
 .icon-binoculars::before { content: "\f1e5"; }
 .icon-cog::before { content: "\e807"; }
 .icon-user-plus::before { content: "\f234"; }
 .icon-menu::before { content: "\f0c9"; }
 .icon-logout::before { content: "\e808"; }
 .icon-down-open::before { content: "\e809"; }
 .icon-attach::before { content: "\e80a"; }
 .icon-link-ext::before { content: "\f08e"; }
 .icon-link-ext-alt::before { content: "\f08f"; }
 .icon-picture::before { content: "\e80b"; }
 .icon-video::before { content: "\e80c"; }
 .icon-right-open::before { content: "\e80d"; }
 .icon-left-open::before { content: "\e80e"; }
 .icon-up-open::before { content: "\e80f"; }
 .icon-comment-empty::before { content: "\f0e5"; }
 .icon-mail-alt::before { content: "\f0e0"; }
 .icon-lock::before { content: "\e811"; }
 .icon-lock-open-alt::before { content: "\f13e"; }
 .icon-globe::before { content: "\e812"; }
 .icon-brush::before { content: "\e813"; }
 .icon-search::before { content: "\e806"; }
 .icon-adjust::before { content: "\e816"; }
 .icon-thumbs-up-alt::before { content: "\f164"; }
 .icon-attention::before { content: "\e814"; }
 .icon-plus-squared::before { content: "\f0fe"; }
 .icon-plus::before { content: "\e815"; }
 .icon-edit::before { content: "\e817"; }
 .icon-play-circled::before { content: "\f144"; }
 .icon-pencil::before { content: "\e818"; }
 .icon-chart-bar::before { content: "\e81b"; }
 .icon-smile::before { content: "\f118"; }
 .icon-bell-alt::before { content: "\f0f3"; }
 .icon-wrench::before { content: "\e81a"; }
 .icon-pin::before { content: "\e819"; }
 .icon-ellipsis::before { content: "\f141"; }
 .icon-bell-ringing-o::before { content: "\e810"; }
 .icon-zoom-in::before { content: "\e81c"; }
 .icon-gauge::before { content: "\f0e4"; }
--- a/priv/static/static/font/config.json
+++ b/priv/static/static/font/config.json
--- a/priv/static/static/js/app.4ab7097a5650339b9e3d.js
+++ b/priv/static/static/js/app.4ab7097a5650339b9e3d.js
--- a/priv/static/static/js/app.4ab7097a5650339b9e3d.js.map
+++ b/priv/static/static/js/app.4ab7097a5650339b9e3d.js.map
--- a/priv/static/static/js/app.a9b3f4c3e79baf3fa8b7.js
+++ b/priv/static/static/js/app.a9b3f4c3e79baf3fa8b7.js
--- a/priv/static/static/js/app.a9b3f4c3e79baf3fa8b7.js.map
+++ b/priv/static/static/js/app.a9b3f4c3e79baf3fa8b7.js.map
--- a/priv/static/static/js/app.d20ca27d22d74eb7bce0.js
+++ b/priv/static/static/js/app.d20ca27d22d74eb7bce0.js
--- a/priv/static/static/js/app.d20ca27d22d74eb7bce0.js.map
+++ b/priv/static/static/js/app.d20ca27d22d74eb7bce0.js.map
--- a/priv/static/static/js/vendors~app.3f1ed7a4fdfc37ee27a7.js
+++ b/priv/static/static/js/vendors~app.3f1ed7a4fdfc37ee27a7.js
--- a/priv/static/static/js/vendors~app.3f1ed7a4fdfc37ee27a7.js.map
+++ b/priv/static/static/js/vendors~app.3f1ed7a4fdfc37ee27a7.js.map
--- a/priv/static/sw-pleroma.js
+++ b/priv/static/sw-pleroma.js
@ -1,4 +1,4 @@
-var serviceWorkerOption = {"assets":["/static/img/nsfw.74818f9.png","/static/css/app.fd71461124f3eb029b1b.css","/static/js/app.d20ca27d22d74eb7bce0.js","/static/css/vendors~app.b2603a50868c68a1c192.css","/static/js/vendors~app.76db8e4cdf29decd5cab.js","/static/js/2.c96b30ae9f2d3f46f0ad.js"]};
+var serviceWorkerOption = {"assets":["/static/fontello.1576166651574.css","/static/font/fontello.1576166651574.eot","/static/font/fontello.1576166651574.svg","/static/font/fontello.1576166651574.ttf","/static/font/fontello.1576166651574.woff","/static/font/fontello.1576166651574.woff2","/static/img/nsfw.74818f9.png","/static/css/app.ae04505b31bb0ee2765e.css","/static/js/app.a9b3f4c3e79baf3fa8b7.js","/static/css/vendors~app.b2603a50868c68a1c192.css","/static/js/vendors~app.3f1ed7a4fdfc37ee27a7.js","/static/js/2.c96b30ae9f2d3f46f0ad.js"]};
        !function(e){var n={};function t(r){if(n[r])return n[r].exports;var o=n[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,t),o.l=!0,o.exports}t.m=e,t.c=n,t.d=function(e,n,r){t.o(e,n)||Object.defineProperty(e,n,{enumerable:!0,get:r})},t.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},t.t=function(e,n){if(1&n&&(e=t(e)),8&n)return e;if(4&n&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(t.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&n&&"string"!=typeof e)for(var o in e)t.d(r,o,function(n){return e[n]}.bind(null,o));return r},t.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return t.d(n,"a",n),n},t.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},t.p="/",t(t.s=0)}([function(e,n,t){"use strict";var r,o=t(1),i=(r=o)&&r.__esModule?r:{default:r};function a(){return clients.matchAll({includeUncontrolled:!0}).then(function(e){return e.filter(function(e){return"window"===e.type})})}self.addEventListener("push",function(e){e.data&&e.waitUntil(i.default.getItem("vuex-lz").then(function(e){return e.config.webPushNotifications}).then(function(n){return n&&a().then(function(n){var t=e.data.json();if(0===n.length)return self.registration.showNotification(t.title,t)})}))}),self.addEventListener("notificationclick",function(e){e.notification.close(),e.waitUntil(a().then(function(e){for(var n=0;n<e.length;n++){var t=e[n];if("/"===t.url&&"focus"in t)return t.focus()}if(clients.openWindow)return clients.openWindow("/")}))})},function(e,n){
 /*!
--- a/priv/static/sw.js
+++ b/priv/static/sw.js
--- a/test/captcha_test.exs
+++ b/test/captcha_test.exs
@ -8,6 +8,7 @@ defmodule Pleroma.CaptchaTest do
  import Tesla.Mock
  alias Pleroma.Captcha.Kocaptcha
  alias Pleroma.Captcha.Native
  @ets_options [:ordered_set, :private, :named_table, {:read_concurrency, true}]
@ -43,4 +44,21 @@ defmodule Pleroma.CaptchaTest do
             ) == :ok
    end
  end
  describe "Native" do
    test "new and validate" do
      new = Native.new()
      assert %{
               answer_data: answer,
               token: token,
               type: :native,
               url: "data:image/png;base64," <> _
             } = new
      assert is_binary(answer)
      assert :ok = Native.validate(token, answer, answer)
      assert {:error, "Invalid CAPTCHA"} == Native.validate(token, answer, answer <> "foobar")
    end
  end
 end
--- a/Show more
+++ b/Show more
		`@ -1 +1 @@`
			<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,user-scalable=no"><title>Pleroma</title><!--server-generated-meta--><link rel=icon type=image/png href=/favicon.png><link rel=stylesheet href=/static/font/css/fontello.css><link rel=stylesheet href=/static/font/css/animation.css><link href=/static/css/vendors~app.b2603a50868c68a1c192.css rel=stylesheet><link href=/static/css/app.fd71461124f3eb029b1b.css rel=stylesheet></head><body class=hidden><noscript>To use Pleroma, please enable JavaScript.</noscript><div id=app></div><script type=text/javascript src=/static/js/vendors~app.76db8e4cdf29decd5cab.js></script><script type=text/javascript src=/static/js/app.d20ca27d22d74eb7bce0.js></script></body></html>				<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,user-scalable=no"><title>Pleroma</title><!--server-generated-meta--><link rel=icon type=image/png href=/favicon.png><link href=/static/css/vendors~app.b2603a50868c68a1c192.css rel=stylesheet><link href=/static/css/app.ae04505b31bb0ee2765e.css rel=stylesheet><link href=/static/fontello.1576166651574.css rel=stylesheet></head><body class=hidden><noscript>To use Pleroma, please enable JavaScript.</noscript><div id=app></div><script type=text/javascript src=/static/js/vendors~app.3f1ed7a4fdfc37ee27a7.js></script><script type=text/javascript src=/static/js/app.a9b3f4c3e79baf3fa8b7.js></script></body></html>
		`@ -1 +1 @@`
			{"version":3,"sources":["webpack:///./src/hocs/with_load_more/with_load_more.scss","webpack:///./src/components/tab_switcher/tab_switcher.scss","webpack:///./src/hocs/with_subscription/with_subscription.scss"],"names":[],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,C;ACTA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,C;AClFA;AACA;AACA;AACA;AACA;AACA;AACA,C","file":"static/css/app.fd71461124f3eb029b1b.css","sourcesContent":[".with-load-more-footer {\n padding: 10px;\n text-align: center;\n border-top: 1px solid;\n border-top-color: #222;\n border-top-color: var(--border, #222);\n}\n.with-load-more-footer .error {\n font-size: 14px;\n}",".tab-switcher {\n display: -ms-flexbox;\n display: flex;\n -ms-flex-direction: column;\n flex-direction: column;\n}\n.tab-switcher .contents {\n -ms-flex: 1 0 auto;\n flex: 1 0 auto;\n min-height: 0px;\n}\n.tab-switcher .contents .hidden {\n display: none;\n}\n.tab-switcher .contents.scrollable-tabs {\n -ms-flex-preferred-size: 0;\n flex-basis: 0;\n overflow-y: auto;\n}\n.tab-switcher .tabs {\n display: -ms-flexbox;\n display: flex;\n position: relative;\n width: 100%;\n overflow-y: hidden;\n overflow-x: auto;\n padding-top: 5px;\n box-sizing: border-box;\n}\n.tab-switcher .tabs::after, .tab-switcher .tabs::before {\n display: block;\n content: \"\";\n -ms-flex: 1 1 auto;\n flex: 1 1 auto;\n border-bottom: 1px solid;\n border-bottom-color: #222;\n border-bottom-color: var(--border, #222);\n}\n.tab-switcher .tabs .tab-wrapper {\n height: 28px;\n position: relative;\n display: -ms-flexbox;\n display: flex;\n -ms-flex: 0 0 auto;\n flex: 0 0 auto;\n}\n.tab-switcher .tabs .tab-wrapper .tab {\n width: 100%;\n min-width: 1px;\n position: relative;\n border-bottom-left-radius: 0;\n border-bottom-right-radius: 0;\n padding: 6px 1em;\n padding-bottom: 99px;\n margin-bottom: -93px;\n white-space: nowrap;\n}\n.tab-switcher .tabs .tab-wrapper .tab:not(.active) {\n z-index: 4;\n}\n.tab-switcher .tabs .tab-wrapper .tab:not(.active):hover {\n z-index: 6;\n}\n.tab-switcher .tabs .tab-wrapper .tab.active {\n background: transparent;\n z-index: 5;\n}\n.tab-switcher .tabs .tab-wrapper .tab img {\n max-height: 26px;\n vertical-align: top;\n margin-top: -5px;\n}\n.tab-switcher .tabs .tab-wrapper:not(.active)::after {\n content: \"\";\n position: absolute;\n left: 0;\n right: 0;\n bottom: 0;\n z-index: 7;\n border-bottom: 1px solid;\n border-bottom-color: #222;\n border-bottom-color: var(--border, #222);\n}",".with-subscription-loading {\n padding: 10px;\n text-align: center;\n}\n.with-subscription-loading .error {\n font-size: 14px;\n}"],"sourceRoot":""}				{"version":3,"sources":["webpack:///./src/hocs/with_load_more/with_load_more.scss","webpack:///./src/components/tab_switcher/tab_switcher.scss","webpack:///./src/hocs/with_subscription/with_subscription.scss"],"names":[],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,C;ACTA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,C;AClFA;AACA;AACA;AACA;AACA;AACA;AACA,C","file":"static/css/app.ae04505b31bb0ee2765e.css","sourcesContent":[".with-load-more-footer {\n padding: 10px;\n text-align: center;\n border-top: 1px solid;\n border-top-color: #222;\n border-top-color: var(--border, #222);\n}\n.with-load-more-footer .error {\n font-size: 14px;\n}",".tab-switcher {\n display: -ms-flexbox;\n display: flex;\n -ms-flex-direction: column;\n flex-direction: column;\n}\n.tab-switcher .contents {\n -ms-flex: 1 0 auto;\n flex: 1 0 auto;\n min-height: 0px;\n}\n.tab-switcher .contents .hidden {\n display: none;\n}\n.tab-switcher .contents.scrollable-tabs {\n -ms-flex-preferred-size: 0;\n flex-basis: 0;\n overflow-y: auto;\n}\n.tab-switcher .tabs {\n display: -ms-flexbox;\n display: flex;\n position: relative;\n width: 100%;\n overflow-y: hidden;\n overflow-x: auto;\n padding-top: 5px;\n box-sizing: border-box;\n}\n.tab-switcher .tabs::after, .tab-switcher .tabs::before {\n display: block;\n content: \"\";\n -ms-flex: 1 1 auto;\n flex: 1 1 auto;\n border-bottom: 1px solid;\n border-bottom-color: #222;\n border-bottom-color: var(--border, #222);\n}\n.tab-switcher .tabs .tab-wrapper {\n height: 28px;\n position: relative;\n display: -ms-flexbox;\n display: flex;\n -ms-flex: 0 0 auto;\n flex: 0 0 auto;\n}\n.tab-switcher .tabs .tab-wrapper .tab {\n width: 100%;\n min-width: 1px;\n position: relative;\n border-bottom-left-radius: 0;\n border-bottom-right-radius: 0;\n padding: 6px 1em;\n padding-bottom: 99px;\n margin-bottom: -93px;\n white-space: nowrap;\n}\n.tab-switcher .tabs .tab-wrapper .tab:not(.active) {\n z-index: 4;\n}\n.tab-switcher .tabs .tab-wrapper .tab:not(.active):hover {\n z-index: 6;\n}\n.tab-switcher .tabs .tab-wrapper .tab.active {\n background: transparent;\n z-index: 5;\n}\n.tab-switcher .tabs .tab-wrapper .tab img {\n max-height: 26px;\n vertical-align: top;\n margin-top: -5px;\n}\n.tab-switcher .tabs .tab-wrapper:not(.active)::after {\n content: \"\";\n position: absolute;\n left: 0;\n right: 0;\n bottom: 0;\n z-index: 7;\n border-bottom: 1px solid;\n border-bottom-color: #222;\n border-bottom-color: var(--border, #222);\n}",".with-subscription-loading {\n padding: 10px;\n text-align: center;\n}\n.with-subscription-loading .error {\n font-size: 14px;\n}"],"sourceRoot":""}