Merge branch 'rails' of 0xacab.org:sutty/sutty into issue-14417

.env

@@ -39,3 +39,5 @@ GITLAB_PROJECT=
 GITLAB_TOKEN=
 PGVER=15
 PGPID=/run/postgresql.pid
+PANEL_ACTOR_MENTION=@sutty@sutty.nl
+PANEL_ACTOR_SITE_ID=1

.gitlab-ci.yml

@@ -6,9 +6,15 @@
 - paths:
   - "vendor/ruby"
   - ".bundle"
+  key:
+    files:
+    - "Gemfile.lock"
 .cache-node: &cache-node
 - paths:
   - "node_modules"
+  key:
+    files:
+    - "yarn.lock"
 .cache-task: &cache-task
 - paths:
   - ".task"
@@ -90,7 +96,7 @@ rubocop:
   - *apk-add
   - *disable-hainish
   script:
-  - "./bin/modified_files | ./bin/with_extension rb | xargs -r go-task bundle -- exec rubocop"
+  - "go-task rubocop"
 haml:
   stage: "test"
   cache:
@@ -101,4 +107,4 @@ haml:
   - *apk-add
   - *disable-hainish
   script:
-  - "./bin/modified_files | ./bin/with_extension haml | xargs -r go-task bundle -- exec haml-lint"
+  - "go-task haml-lint"

Gemfile

@@ -37,7 +37,9 @@ gem 'commonmarker'
 gem 'devise'
 gem 'devise-i18n'
 gem 'devise_invitable'
-gem 'distributed-press-api-client', '~> 0.3.0rc0'
+gem 'redis-client'
+gem 'hiredis-client'
+gem 'distributed-press-api-client', '~> 0.4.1'
 gem 'email_address', git: 'https://github.com/fauno/email_address', branch: 'i18n'
 gem 'exception_notification'
 gem 'fast_blank'
@@ -65,6 +67,7 @@ gem 'redis', '~> 4.0', require: %w[redis redis/connection/hiredis]
 gem 'redis-rails'
 gem 'rollups', git: 'https://github.com/fauno/rollup.git', branch: 'update'
 gem 'rubyzip'
+gem 'ruby-brs'
 gem 'rugged', '1.5.0.1'
 gem 'git_clone_url'
 gem 'concurrent-ruby-ext'
@@ -77,6 +80,12 @@ gem 'yaml_db', git: 'https://0xacab.org/sutty/yaml_db.git'
 gem 'kaminari'
 gem 'device_detector'
 gem 'htmlbeautifier'
+gem 'dry-schema'
+gem 'rubanok'
+
+gem 'after_commit_everywhere', '~> 1.0'
+gem 'aasm'
+gem 'que-web'
 
 # database
 gem 'hairtrigger'

Gemfile.lock

@@ -27,73 +27,81 @@ GIT
 GEM
   remote: https://17.3.alpine.gems.sutty.nl/
   specs:
-    actioncable (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    aasm (5.5.0)
+      concurrent-ruby (~> 1.0)
+    actioncable (6.1.7.4)
+      actionpack (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activejob (= 6.1.7.3)
-      activerecord (= 6.1.7.3)
-      activestorage (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actionmailbox (6.1.7.4)
+      actionpack (= 6.1.7.4)
+      activejob (= 6.1.7.4)
+      activerecord (= 6.1.7.4)
+      activestorage (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
       mail (>= 2.7.1)
-    actionmailer (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      actionview (= 6.1.7.3)
-      activejob (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actionmailer (6.1.7.4)
+      actionpack (= 6.1.7.4)
+      actionview (= 6.1.7.4)
+      activejob (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.7.3)
-      actionview (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actionpack (6.1.7.4)
+      actionview (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activerecord (= 6.1.7.3)
-      activestorage (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actiontext (6.1.7.4)
+      actionpack (= 6.1.7.4)
+      activerecord (= 6.1.7.4)
+      activestorage (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
       nokogiri (>= 1.8.5)
-    actionview (6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actionview (6.1.7.4)
+      activesupport (= 6.1.7.4)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.7.3)
-      activesupport (= 6.1.7.3)
+    activejob (6.1.7.4)
+      activesupport (= 6.1.7.4)
       globalid (>= 0.3.6)
-    activemodel (6.1.7.3)
-      activesupport (= 6.1.7.3)
-    activerecord (6.1.7.3)
-      activemodel (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
-    activestorage (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activejob (= 6.1.7.3)
-      activerecord (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    activemodel (6.1.7.4)
+      activesupport (= 6.1.7.4)
+    activerecord (6.1.7.4)
+      activemodel (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
+    activestorage (6.1.7.4)
+      actionpack (= 6.1.7.4)
+      activejob (= 6.1.7.4)
+      activerecord (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.7.3)
+    activesupport (6.1.7.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
       zeitwerk (~> 2.3)
-    addressable (2.8.4)
+    addressable (2.8.6)
       public_suffix (>= 2.0.2, < 6.0)
+    adsp (1.0.10)
+    after_commit_everywhere (1.4.0)
+      activerecord (>= 4.2)
+      activesupport
     ast (2.4.2)
     autoprefixer-rails (10.4.13.0)
       execjs (~> 2)
-    bcrypt (3.1.19-x86_64-linux-musl)
+    base64 (0.2.0)
+    bcrypt (3.1.20-x86_64-linux-musl)
     bcrypt_pbkdf (1.1.0-x86_64-linux-musl)
     benchmark-ips (2.12.0)
+    bigdecimal (3.1.1)
     bindex (0.8.1-x86_64-linux-musl)
     blazer (2.6.5)
       activerecord (>= 5)
@@ -104,7 +112,8 @@ GEM
       autoprefixer-rails (>= 9.1.0)
       popper_js (>= 1.16.1, < 2)
       sassc-rails (>= 2.0.0)
-    brakeman (5.4.1)
+    brakeman (6.1.1)
+      racc
     builder (3.2.4)
     bundler-audit (0.9.1)
       bundler (>= 1.2.0, < 3)
@@ -124,6 +133,7 @@ GEM
     concurrent-ruby (1.2.2)
     concurrent-ruby-ext (1.2.2-x86_64-linux-musl)
       concurrent-ruby (= 1.2.2)
+    connection_pool (2.4.1)
     crass (1.0.6)
     database_cleaner (2.0.2)
       database_cleaner-active_record (>= 2, < 3)
@@ -131,7 +141,7 @@ GEM
       activerecord (>= 5.a)
       database_cleaner-core (~> 2.0.0)
     database_cleaner-core (2.0.1)
-    date (3.3.3-x86_64-linux-musl)
+    date (3.3.4-x86_64-linux-musl)
     dead_end (4.0.0)
     derailed_benchmarks (2.1.2)
       benchmark-ips (~> 2)
@@ -145,8 +155,8 @@ GEM
       rake (> 10, < 14)
       ruby-statistics (>= 2.1)
       thor (>= 0.19, < 2)
-    device_detector (1.1.1)
-    devise (4.9.2)
+    device_detector (1.1.2)
+    devise (4.9.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -154,14 +164,15 @@ GEM
       warden (~> 1.2.3)
     devise-i18n (1.11.0)
       devise (>= 4.9.0)
-    devise_invitable (2.0.8)
+    devise_invitable (2.0.9)
       actionmailer (>= 5.0)
       devise (>= 4.6)
-    distributed-press-api-client (0.3.0rc0)
+    distributed-press-api-client (0.4.1)
       addressable (~> 2.3, >= 2.3.0)
       climate_control
       dry-schema
       httparty (~> 0.18)
+      httparty-cache (~> 0.0.6)
       json (~> 2.1, >= 2.1.0)
       jwt (~> 2.6.0)
     dotenv (2.8.1)
@@ -170,10 +181,10 @@ GEM
       railties (>= 3.2)
     down (5.4.1)
       addressable (~> 2.8)
-    dry-configurable (1.0.1)
+    dry-configurable (1.1.0)
       dry-core (~> 1.0, < 2)
       zeitwerk (~> 2.6)
-    dry-core (1.0.0)
+    dry-core (1.0.1)
       concurrent-ruby (~> 1.0)
       zeitwerk (~> 2.6)
     dry-inflector (1.0.0)
@@ -182,7 +193,7 @@ GEM
       concurrent-ruby (~> 1.0)
       dry-core (~> 1.0, < 2)
       zeitwerk (~> 2.6)
-    dry-schema (1.13.1)
+    dry-schema (1.13.3)
       concurrent-ruby (~> 1.0)
       dry-configurable (~> 1.0, >= 1.0.1)
       dry-core (~> 1.0, < 2)
@@ -190,7 +201,8 @@ GEM
       dry-logic (>= 1.4, < 2)
       dry-types (>= 1.7, < 2)
       zeitwerk (~> 2.6)
-    dry-types (1.7.1)
+    dry-types (1.7.2)
+      bigdecimal (~> 3.0)
       concurrent-ruby (~> 1.0)
       dry-core (~> 1.0)
       dry-inflector (~> 1.0)
@@ -223,25 +235,25 @@ GEM
       ffi (~> 1.0)
     git_clone_url (2.0.0)
       uri-ssh_git (>= 2.0)
-    globalid (1.1.0)
-      activesupport (>= 5.0)
+    globalid (1.2.1)
+      activesupport (>= 6.1)
     groupdate (6.2.1)
       activesupport (>= 5.2)
     hairtrigger (1.0.0)
       activerecord (>= 6.0, < 8)
       ruby2ruby (~> 2.4)
       ruby_parser (~> 3.10)
-    haml (6.1.2-x86_64-linux-musl)
+    haml (6.3.0)
       temple (>= 0.8.2)
       thor
       tilt
     haml-lint (0.999.999)
       haml_lint
-    haml_lint (0.45.0)
-      haml (>= 4.0, < 6.2)
+    haml_lint (0.53.0)
+      haml (>= 5.0)
       parallel (~> 1.10)
       rainbow
-      rubocop (>= 0.50.0)
+      rubocop (>= 1.0)
       sysexits (~> 1.1)
     hamlit (3.0.3-x86_64-linux-musl)
       temple (>= 0.8.2)
@@ -255,11 +267,15 @@ GEM
     heapy (0.2.0)
       thor
     hiredis (0.6.3-x86_64-linux-musl)
+    hiredis-client (0.14.1-x86_64-linux-musl)
+      redis-client (= 0.14.1)
     htmlbeautifier (1.4.2)
     http_parser.rb (0.8.0-x86_64-linux-musl)
     httparty (0.21.0)
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
+    httparty-cache (0.0.6)
+      httparty (~> 0.18)
     i18n (1.14.1)
       concurrent-ruby (~> 1.0)
     icalendar (2.8.0)
@@ -291,7 +307,7 @@ GEM
       terminal-table (~> 2.0)
     jekyll-commonmark (1.4.0)
       commonmarker (~> 0.22)
-    jekyll-images (0.4.1)
+    jekyll-images (0.4.4)
       jekyll (~> 4)
       ruby-filemagic (~> 0.7)
       ruby-vips (~> 2)
@@ -301,7 +317,7 @@ GEM
       sassc (> 2.0.1, < 3.0)
     jekyll-watch (2.2.1)
       listen (~> 3.0)
-    json (2.6.3-x86_64-linux-musl)
+    json (2.7.1-x86_64-linux-musl)
     jwt (2.6.0)
     kaminari (1.2.2)
       activesupport (>= 4.1.0)
@@ -330,12 +346,12 @@ GEM
     loaf (0.10.0)
       railties (>= 3.2)
     lockbox (1.2.0)
-    lograge (0.12.0)
+    lograge (0.14.0)
       actionpack (>= 4)
       activesupport (>= 4)
       railties (>= 4)
       request_store (~> 1.0)
-    loofah (2.21.3)
+    loofah (2.22.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     mail (2.8.1)
@@ -349,36 +365,39 @@ GEM
     method_source (1.0.0)
     mini_histogram (0.3.1)
     mini_magick (4.12.0)
-    mini_mime (1.1.2)
-    mini_portile2 (2.8.2)
-    minitest (5.18.0)
+    mini_mime (1.1.5)
+    mini_portile2 (2.8.5)
+    minitest (5.21.1)
     mobility (1.2.9)
       i18n (>= 0.6.10, < 2)
       request_store (~> 1.0)
     multi_xml (0.6.0)
-    net-imap (0.3.4)
+    mustermann (3.0.0)
+      ruby2_keywords (~> 0.0.1)
+    net-imap (0.4.9)
       date
       net-protocol
     net-pop (0.1.2)
       net-protocol
-    net-protocol (0.2.1)
+    net-protocol (0.2.2)
       timeout
-    net-smtp (0.3.3)
+    net-smtp (0.4.0)
       net-protocol
-    net-ssh (7.1.0)
+    net-ssh (7.2.1)
     netaddr (2.0.6)
-    nio4r (2.5.9-x86_64-linux-musl)
-    nokogiri (1.15.4-x86_64-linux-musl)
+    nio4r (2.7.0-x86_64-linux-musl)
+    nokogiri (1.16.0-x86_64-linux-musl)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     orm_adapter (0.5.0)
     pairing_heap (3.0.1)
-    parallel (1.23.0)
-    parser (3.2.2.1)
+    parallel (1.24.0)
+    parser (3.2.2.3)
       ast (~> 2.4.1)
+      racc
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
-    pg (1.5.3-x86_64-linux-musl)
+    pg (1.5.4-x86_64-linux-musl)
     pg_search (2.3.6)
       activerecord (>= 5.2)
       activesupport (>= 5.2)
@@ -388,55 +407,63 @@ GEM
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (5.0.3)
-    puma (6.3.1-x86_64-linux-musl)
+    public_suffix (5.0.4)
+    puma (6.4.2-x86_64-linux-musl)
       nio4r (~> 2.0)
-    pundit (2.3.0)
+    pundit (2.3.1)
       activesupport (>= 3.0.0)
     que (2.2.1)
-    racc (1.7.1-x86_64-linux-musl)
-    rack (2.2.7)
+    que-web (0.10.0)
+      que (>= 1)
+      sinatra
+    racc (1.7.3-x86_64-linux-musl)
+    rack (2.2.8)
     rack-cors (2.0.1)
       rack (>= 2.0.0)
     rack-mini-profiler (3.1.0)
       rack (>= 1.2.0)
-    rack-proxy (0.7.6)
+    rack-protection (3.2.0)
+      base64 (>= 0.1.0)
+      rack (~> 2.2, >= 2.2.4)
+    rack-proxy (0.7.7)
       rack
     rack-test (2.1.0)
       rack (>= 1.3)
-    rails (6.1.7.3)
-      actioncable (= 6.1.7.3)
-      actionmailbox (= 6.1.7.3)
-      actionmailer (= 6.1.7.3)
-      actionpack (= 6.1.7.3)
-      actiontext (= 6.1.7.3)
-      actionview (= 6.1.7.3)
-      activejob (= 6.1.7.3)
-      activemodel (= 6.1.7.3)
-      activerecord (= 6.1.7.3)
-      activestorage (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    rails (6.1.7.4)
+      actioncable (= 6.1.7.4)
+      actionmailbox (= 6.1.7.4)
+      actionmailer (= 6.1.7.4)
+      actionpack (= 6.1.7.4)
+      actiontext (= 6.1.7.4)
+      actionview (= 6.1.7.4)
+      activejob (= 6.1.7.4)
+      activemodel (= 6.1.7.4)
+      activerecord (= 6.1.7.4)
+      activestorage (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
       bundler (>= 1.15.0)
-      railties (= 6.1.7.3)
+      railties (= 6.1.7.4)
       sprockets-rails (>= 2.0.0)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.5.0)
-      loofah (~> 2.19, >= 2.19.1)
-    rails-i18n (7.0.7)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    rails-i18n (7.0.8)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
     rails_warden (0.6.0)
       warden (>= 1.2.0)
-    railties (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    railties (6.1.7.4)
+      actionpack (= 6.1.7.4)
+      activesupport (= 6.1.7.4)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
     rainbow (3.1.1)
-    rake (13.0.6)
+    rake (13.1.0)
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
@@ -448,6 +475,8 @@ GEM
     redis-activesupport (5.3.0)
       activesupport (>= 3, < 8)
       redis-store (>= 1.3, < 2)
+    redis-client (0.14.1)
+      connection_pool
     redis-rack (2.1.4)
       rack (>= 2.0.8, < 3)
       redis-store (>= 1.2, < 2)
@@ -457,18 +486,19 @@ GEM
       redis-store (>= 1.2, < 2)
     redis-store (1.9.2)
       redis (>= 4, < 6)
-    regexp_parser (2.8.0)
+    regexp_parser (2.9.0)
     request_store (1.5.1)
       rack (>= 1.4)
-    responders (3.1.0)
+    responders (3.1.1)
       actionpack (>= 5.2)
       railties (>= 5.2)
-    rexml (3.2.5)
+    rexml (3.2.6)
     rgl (0.6.3)
       pairing_heap (>= 0.3.0)
       rexml (~> 3.2, >= 3.2.4)
       stream (~> 0.5.3)
     rouge (3.30.0)
+    rubanok (0.5.0)
     rubocop (1.42.0)
       json (~> 2.3)
       parallel (~> 1.10)
@@ -479,17 +509,21 @@ GEM
       rubocop-ast (>= 1.24.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.28.1)
+    rubocop-ast (1.30.0)
       parser (>= 3.2.1.0)
-    rubocop-rails (2.19.1)
+    rubocop-rails (2.23.1)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
+      rubocop-ast (>= 1.30.0, < 2.0)
+    ruby-brs (1.3.3-x86_64-linux-musl)
+      adsp (~> 1.0)
     ruby-filemagic (0.7.3-x86_64-linux-musl)
     ruby-progressbar (1.13.0)
     ruby-statistics (3.0.2)
-    ruby-vips (2.1.4)
+    ruby-vips (2.2.0)
       ffi (~> 1.12)
+    ruby2_keywords (0.0.5)
     ruby2ruby (2.5.0)
       ruby_parser (~> 3.1)
       sexp_processor (~> 4.6)
@@ -516,19 +550,24 @@ GEM
     sexp_processor (4.17.0)
     simpleidn (0.2.1)
       unf (~> 0.1.4)
+    sinatra (3.2.0)
+      mustermann (~> 3.0)
+      rack (~> 2.2, >= 2.2.4)
+      rack-protection (= 3.2.0)
+      tilt (~> 2.0)
     sourcemap (0.1.1)
     spring (4.1.1)
     spring-watcher-listen (2.1.0)
       listen (>= 2.7, < 4.0)
       spring (>= 4)
-    sprockets (4.2.0)
+    sprockets (4.2.1)
       concurrent-ruby (~> 1.0)
       rack (>= 2.2.4, < 4)
     sprockets-rails (3.4.2)
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
-    sqlite3 (1.6.3-x86_64-linux-musl)
+    sqlite3 (1.7.0-x86_64-linux-musl)
       mini_portile2 (~> 2.8.0)
     stackprof (0.2.25-x86_64-linux-musl)
     stream (0.5.5)
@@ -537,13 +576,13 @@ GEM
       jekyll (~> 4)
     symbol-fstring (1.0.2-x86_64-linux-musl)
     sysexits (1.2.0)
-    temple (0.10.1)
+    temple (0.10.3)
     terminal-table (2.0.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
     thor (1.3.0)
-    tilt (2.1.0)
+    tilt (2.3.0)
     timecop (0.9.6)
-    timeout (0.3.2)
+    timeout (0.4.1)
     turbolinks (5.2.1)
       turbolinks-source (~> 5.2)
     turbolinks-source (5.2.0)
@@ -553,7 +592,7 @@ GEM
       execjs (>= 0.3.0, < 3)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.8.2-x86_64-linux-musl)
+    unf_ext (0.0.9-x86_64-linux-musl)
     unicode-display_width (1.8.0)
     uri-ssh_git (2.0.0)
     validates_hostname (1.0.13)
@@ -579,12 +618,14 @@ GEM
     xpath (3.2.0)
       nokogiri (~> 1.8)
     yard (0.9.34)
-    zeitwerk (2.6.8)
+    zeitwerk (2.6.12)
 
 PLATFORMS
   x86_64-linux-musl
 
 DEPENDENCIES
+  aasm
+  after_commit_everywhere (~> 1.0)
   bcrypt (~> 3.1.7)
   bcrypt_pbkdf
   blazer
@@ -601,9 +642,10 @@ DEPENDENCIES
   devise
   devise-i18n
   devise_invitable
-  distributed-press-api-client (~> 0.3.0rc0)
+  distributed-press-api-client (~> 0.4.1)
   dotenv-rails
   down
+  dry-schema
   ed25519
   email_address!
   exception_notification
@@ -617,6 +659,7 @@ DEPENDENCIES
   haml-lint
   hamlit-rails
   hiredis
+  hiredis-client
   htmlbeautifier
   httparty
   icalendar
@@ -645,16 +688,20 @@ DEPENDENCIES
   puma
   pundit
   que
+  que-web
   rack-cors
   rack-mini-profiler
   rails (~> 6.1.0)
   rails-i18n
   rails_warden
   redis (~> 4.0)
+  redis-client
   redis-rails
   rgl
   rollups!
+  rubanok
   rubocop-rails
+  ruby-brs
   rubyzip
   rugged (= 1.5.0.1)
   safe_yaml

Procfile

@@ -10,3 +10,4 @@ cleanup: bundle exec rake cleanup:everything
 emergency_cleanup: bundle exec rake cleanup:everything BEFORE=7
 stats: bundle exec rake stats:process_all
 que: daemonize -c /srv/ -p /srv/tmp/que.pid -u rails /usr/local/bin/syslogize bundle exec que
+fediblock: bundle exec rails activity_pub:fediblocks

Taskfile.yaml

@@ -183,3 +183,15 @@ tasks:
     - "{{.HAINISH}} gem install bundler-audit"
     status:
     - "test -f ../hain/usr/bin/bundler-audit"
+  rubocop:
+    desc: "Ruby linting"
+    deps:
+    - "gems"
+    cmds:
+    - "./bin/modified_files | ./bin/with_extension rb | xargs -r {{.HAINISH}} bundle exec rubocop {{.CLI_ARGS}}"
+  haml-lint:
+    desc: "HAML linting"
+    deps:
+    - "gems"
+    cmds:
+    - "./bin/modified_files | ./bin/with_extension haml | xargs -r {{.HAINISH}} bundle exec haml-lint {{.CLI_ARGS}}"

app/assets/stylesheets/application.scss

@@ -32,6 +32,22 @@ $sizes: (
 @import "bootstrap";
 @import "editor";
 
+@each $color, $rgb in $theme-colors {
+  .#{$color} {
+    color: var(--#{$color});
+
+    &:focus {
+      color: var(--#{$color});
+    }
+
+    ::-moz-selection,
+    ::selection {
+      background: var(--#{$color});
+      color: white;
+    }
+  }
+}
+
 .editor {
   .editor-content {
     figure {
@@ -577,3 +593,31 @@ $bezier: cubic-bezier(0.75, 0, 0.25, 1);
     }
   }
 }
+// details styles
+
+.details {
+	& > summary {
+		list-style: none;
+		cursor: pointer;
+
+    .hide-when-open {
+      display: inline;
+    }
+
+    .show-when-open {
+      display: none;
+    }
+  }
+
+  &[open] {
+		& > summary {
+      .hide-when-open {
+        display: none;
+      }
+
+      .show-when-open {
+        display: inline;
+      }
+		}
+	}
+}

app/assets/stylesheets/dark.scss

@@ -8,6 +8,10 @@ $cyan: #13fefe;
   --color: #{$cyan};
 }
 
+.btn {
+  background-color: $white;
+}
+
 .btn-secondary {
   background-color: $white;
   color: $black;
@@ -26,3 +30,5 @@ $cyan: #13fefe;
     box-shadow: 0 0 0 0.2rem $cyan;
   }
 }
+
+

app/controllers/activity_pubs_controller.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+# Gestiona acciones de moderación
+class ActivityPubsController < ApplicationController
+  include ModerationConcern
+
+  ActivityPub.events.each do |event|
+    define_method(event) do
+      authorize activity_pub
+
+      if event == :report
+        remote_flag_params(activity_pub).tap do |p|
+          activity_pub.remote_flag_id = p[:remote_flag_attributes][:id]
+          activity_pub.update(p)
+        end
+      end
+
+      message =
+        if activity_pub.public_send(:"may_#{event}?") && activity_pub.public_send(:"#{event}!")
+          :success
+        else
+          :error
+        end
+
+      flash[message] = I18n.t("activity_pubs.#{event}.#{message}")
+
+      redirect_to_moderation_queue!
+    end
+  end
+
+  def action_on_several
+    redirect_to_moderation_queue!
+
+    activity_pubs = site.activity_pubs.where(id: params[:activity_pub])
+
+    return if activity_pubs.count.zero?
+
+    authorize activity_pubs
+
+    action = params[:activity_pub_action].to_sym
+    method = :"#{action}_all!"
+    may    = :"may_#{action}?"
+
+    return unless ActivityPub.events.include? action
+
+    # Crear una sola remote flag por autore
+    ActivityPub.transaction do
+      if action == :report
+        message = remote_flag_params(activity_pubs.first).dig(:remote_flag_attributes, :message)
+
+        activity_pubs.distinct.pluck(:actor_id).each do |actor_id|
+          remote_flag = ActivityPub::RemoteFlag.find_or_initialize_by(actor_id: actor_id, site_id: site.id)
+          remote_flag.message = message
+          # Lo estamos actualizando, con lo que lo vamos a volver a enviar
+          remote_flag.requeue if remote_flag.persisted?
+          remote_flag.save
+          # XXX: Idealmente todas las ActivityPub que enviamos pueden
+          # cambiar de estado, pero chequeamos de todas formas.
+          remote_flag.activity_pubs << (activity_pubs.where(actor_id: actor_id).to_a.select { |a| a.public_send(may) })
+        end
+      end
+
+      message = activity_pubs.public_send(method) ? :success : :error
+
+      flash[message] = I18n.t("activity_pubs.action_on_several.#{message}")
+    end
+  end
+
+  private
+
+  def activity_pub
+    @activity_pub ||= site.activity_pubs.find(params[:activity_pub_id])
+  end
+end

app/controllers/actor_moderations_controller.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+# Gestiona la cola de moderación de actores
+class ActorModerationsController < ApplicationController
+  include ModerationConcern
+  include ModerationFiltersConcern
+
+  before_action :authenticate_usuarie!
+
+  breadcrumb -> { current_usuarie.email }, :edit_usuarie_registration_path
+  breadcrumb 'sites.index', :sites_path, match: :exact
+
+  ActorModeration.events.each do |actor_event|
+    define_method(actor_event) do
+      authorize actor_moderation
+
+      # Crea una RemoteFlag si se envían los parámetros adecuados
+      if actor_event == :report
+        remote_flag_params(actor_moderation).tap do |p|
+          actor_moderation.remote_flag_id = p[:remote_flag_attributes][:id]
+          actor_moderation.update(p)
+        end
+      end
+
+      message =
+        if actor_moderation.public_send(:"may_#{actor_event}?") && actor_moderation.public_send(:"#{actor_event}!")
+          :success
+        else
+          :error
+        end
+
+      flash[message] = I18n.t("actor_moderations.#{actor_event}.#{message}")
+
+      redirect_to_moderation_queue!
+    end
+  end
+
+  # Ver el perfil remoto
+  def show
+    breadcrumb site.title, site_posts_path(site)
+    breadcrumb I18n.t('moderation_queue.index.title'), site_moderation_queue_path(site)
+
+    @remote_profile = actor_moderation.actor.content
+    @moderation_queue = rubanok_process(site.activity_pubs.where(actor_id: actor_moderation.actor_id),
+                                        with: ActivityPubProcessor)
+
+    breadcrumb @remote_profile['name'] || actor_moderation.actor.mention || actor_moderation.actor.uri, ''
+  end
+
+  def action_on_several
+    redirect_to_moderation_queue!
+
+    actor_moderations = site.actor_moderations.where(id: params[:actor_moderation])
+
+    return if actor_moderations.count.zero?
+
+    authorize actor_moderations
+
+    action = params[:actor_moderation_action].to_sym
+    method = :"#{action}_all!"
+    may    = :"may_#{action}?"
+
+    return unless ActorModeration.events.include? action
+
+    ActorModeration.transaction do
+      if action == :report
+        actor_moderations.find_each do |actor_moderation|
+          next unless actor_moderation.public_send(may)
+
+          actor_moderation.update(actor_moderation_params(actor_moderation))
+        end
+      end
+
+      message = actor_moderations.public_send(method) ? :success : :error
+
+      flash[message] = I18n.t("actor_moderations.action_on_several.#{message}")
+    end
+  end
+
+  private
+
+  def actor_moderation
+    @actor_moderation ||= site.actor_moderations.find(params[:actor_moderation_id] || params[:id])
+  end
+end

app/controllers/api/v1/activity_pub/remote_flags_controller.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Api
+  module V1
+    module ActivityPub
+      # Devuelve los reportes remotos hechos
+      #
+      # @todo Verificar la firma. Por ahora no es necesario porque no es
+      # posible obtener remotamente todos los reportes y se identifican por
+      # UUIDv4.
+      class RemoteFlagsController < BaseController
+        skip_forgery_protection
+
+        def show
+          render json: (remote_flag&.content || {}), content_type: 'application/activity+json'
+        end
+
+        private
+
+        # @return [ActivityPub::RemoteFlag,nil]
+        def remote_flag
+          @remote_flag ||= ::ActivityPub::RemoteFlag.find(params[:id])
+        end
+      end
+    end
+  end
+end

app/controllers/api/v1/contact_controller.rb

@@ -18,7 +18,7 @@ module Api
 
         # Si todo salió bien, enviar los correos y redirigir al sitio.
         # El sitio nos dice a dónde tenemos que ir.
-        ContactJob.perform_later site.id,
+        ContactJob.perform_later site,
                                  params[:form],
                                  contact_params.to_h.symbolize_keys,
                                  params[:redirect]

app/controllers/api/v1/notices_controller.rb

@@ -11,7 +11,7 @@ module Api
       # respondemos con lo mismo.
       def create
         if (site&.airbrake_valid? airbrake_token) && !detected_device.bot?
-          BacktraceJob.perform_later site_id: params[:site_id],
+          BacktraceJob.perform_later site: site,
                                      params: airbrake_params.to_h
         end
 

app/controllers/api/v1/webhooks/concerns/webhook_concern.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module Api
+  module V1
+    module Webhooks
+      module Concerns
+        # Helpers para webhooks
+        module WebhookConcern
+          extend ActiveSupport::Concern
+
+          included do
+            skip_before_action :verify_authenticity_token
+
+            # Responde con forbidden si falla la validación del token
+            rescue_from ActiveRecord::RecordNotFound, with: :platforms_answer
+            rescue_from ActiveRecord::RecordInvalid, with: :platforms_answer
+
+            private
+
+            # Valida el token que envía la plataforma en el webhook
+            #
+            # @return [String]
+            def token
+              @token ||=
+                begin
+                  header  = request.headers
+                  token   = header['X-Social-Inbox'].presence
+                  token ||= header['X-Gitlab-Token'].presence
+                  token ||= token_from_signature(header['X-Gitea-Signature'].presence)
+                  token ||= token_from_signature(header['X-Hub-Signature-256'].presence, 'sha256=')
+                  token
+                ensure
+                  raise ActiveRecord::RecordNotFound, 'Proveedor no soportado' if token.blank?
+                end
+            end
+
+            # Valida token a partir de firma
+            #
+            # @param signature [String,nil]
+            # @param prepend [String]
+            # @return [String, nil]
+            def token_from_signature(signature, prepend = '')
+              return if signature.nil?
+
+              payload = request.raw_post
+
+              site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token|
+                new_signature = prepend + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload)
+
+                ActiveSupport::SecurityUtils.secure_compare(new_signature, signature.to_s)
+              end
+            end
+
+            # Encuentra el sitio a partir de la URL
+            #
+            # @return [Site]
+            def site
+              @site ||= Site.find_by_name!(params[:site_id])
+            end
+
+            # Encuentra le usuarie
+            #
+            # @return [Site]
+            def usuarie
+              @usuarie ||= site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie
+            end
+
+            # Respuesta de error a plataformas
+            def platforms_answer(exception)
+              ExceptionNotifier.notify_exception(exception, data: { headers: request.headers.to_h })
+
+              head :forbidden
+            end
+          end
+        end
+      end
+    end
+  end
+end

app/controllers/api/v1/webhooks/pull_controller.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Api
+  module V1
+    module Webhooks
+      # Recibe webhooks y lanza un PullJob
+      class PullController < BaseController
+        include Api::V1::Webhooks::Concerns::WebhookConcern
+
+        # Trae los cambios a partir de un post de Webhooks:
+        # (Gitlab, Github, Gitea, etc)
+        #
+        # @return [nil]
+        def pull
+          message = I18n.with_locale(site.default_locale) do
+            I18n.t('webhooks.pull.message')
+          end
+
+          GitPullJob.perform_later(site, usuarie, message)
+          head :ok
+        end
+      end
+    end
+  end
+end

app/controllers/api/v1/webhooks/social_inbox_controller.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module Api
+  module V1
+    module Webhooks
+      # Recibe webhooks de la Social Inbox
+      #
+      # @see {https://www.w3.org/TR/activitypub/}
+      class SocialInboxController < BaseController
+        include Api::V1::Webhooks::Concerns::WebhookConcern
+
+        # Validar que el token sea correcto
+        before_action :usuarie
+
+        # Cuando una actividad ingresa en la cola de moderación, la
+        # recibimos por acá
+        #
+        # Vamos a recibir Create, Update, Delete, Follow, Undo,
+        # Announce, Like y obtener el objeto dentro de cada una para
+        # guardar un estado asociado al sitio.
+        #
+        # El objeto del estado puede ser un objeto o une actore,
+        # dependiendo de la actividad.
+        def moderationqueued
+          process! :paused
+
+          head :accepted
+        end
+
+        # Cuando la Social Inbox acepta una actividad, la recibimos
+        # igual y la guardamos por si cambiamos de idea.
+        def onapproved
+          process! :approved
+
+          head :accepted
+        end
+
+        # Cuando la Social Inbox rechaza una actividad, la recibimos
+        # igual y la guardamos por si cambiamos de idea.
+        def onrejected
+          process! :rejected
+
+          head :accepted
+        end
+
+        private
+
+        # Envía la actividad para procesamiento por separado.
+        #
+        # @param initial_state [Symbol]
+        def process!(initial_state)
+          ::ActivityPub::ProcessJob
+            .set(wait: ApplicationJob.random_wait)
+            .perform_later(site: site, body: request.raw_post, initial_state: initial_state)
+        end
+      end
+    end
+  end
+end

app/controllers/api/v1/webhooks_controller.rb

@@ -1,77 +0,0 @@
-# frozen_string_literal: true
-
-module Api
-  module V1
-    # Recibe webhooks y lanza un PullJob
-    class WebhooksController < BaseController
-      # responde con forbidden si falla la validación del token
-      rescue_from ActiveRecord::RecordNotFound, with: :platforms_answer
-
-      # Trae los cambios a partir de un post de Webhooks:
-      # (Gitlab, Github, Gitea, etc)
-      #
-      # @return [nil]
-      def pull
-        message = I18n.with_locale(site.default_locale) do
-          I18n.t('webhooks.pull.message')
-        end
-
-        GitPullJob.perform_later(site, usuarie, message)
-        head :ok
-      end
-
-      private
-
-      # encuentra el sitio a partir de la url
-      def site
-        @site ||= Site.find_by_name!(params[:site_id])
-      end
-
-      # valida el token que envía la plataforma del webhook
-      #
-      # @return [String]
-      def token
-        @token ||=
-          begin
-            # Gitlab
-            if request.headers['X-Gitlab-Token'].present?
-              request.headers['X-Gitlab-Token']
-            # Github
-            elsif request.headers['X-Hub-Signature-256'].present?
-              token_from_signature(request.headers['X-Hub-Signature-256'], 'sha256=')
-            # Gitea
-            elsif request.headers['X-Gitea-Signature'].present?
-              token_from_signature(request.headers['X-Gitea-Signature'])
-            else
-              raise ActiveRecord::RecordNotFound, 'proveedor no soportado'
-            end
-          end
-      end
-
-      # valida token a partir de firma de webhook
-      #
-      # @return [String, Boolean]
-      def token_from_signature(signature, prepend = '')
-        payload = request.body.read
-        site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token|
-          new_signature = prepend + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload)
-          ActiveSupport::SecurityUtils.secure_compare(new_signature, signature.to_s)
-        end.tap do |t|
-          raise ActiveRecord::RecordNotFound, 'token no encontrado' if t.nil?
-        end
-      end
-
-      # encuentra le usuarie
-      def usuarie
-        @usuarie ||= site.roles.find_by!(temporal: false, rol: 'usuarie', token: token).usuarie
-      end
-
-      # respuesta de error a plataformas
-      def platforms_answer(exception)
-        ExceptionNotifier.notify_exception(exception, data: { headers: request.headers.to_h })
-
-        head :forbidden
-      end
-    end
-  end
-end

app/controllers/application_controller.rb

@@ -3,7 +3,7 @@
 # Forma de ingreso a Sutty
 class ApplicationController < ActionController::Base
   include ExceptionHandler
-  include Pundit
+  include Pundit::Authorization
 
   protect_from_forgery with: :null_session, prepend: true
 
@@ -11,13 +11,10 @@ class ApplicationController < ActionController::Base
   before_action :configure_permitted_parameters, if: :devise_controller?
   before_action :notify_unconfirmed_email, unless: :devise_controller?
   around_action :set_locale
-
-  rescue_from Pundit::NilPolicyError, with: :page_not_found
-  rescue_from ActionController::RoutingError, with: :page_not_found
-  rescue_from ActionController::ParameterMissing, with: :page_not_found
+  after_action :store_location!
 
   before_action do
-    Rack::MiniProfiler.authorize_request if current_usuarie&.email&.ends_with?('@' + ENV.fetch('SUTTY', 'sutty.nl'))
+    Rack::MiniProfiler.authorize_request if current_usuarie&.email&.ends_with?("@#{ENV.fetch('SUTTY', 'sutty.nl')}")
   end
 
   # No tenemos índice de sutty, vamos directamente a ver el listado de
@@ -61,9 +58,7 @@ class ApplicationController < ActionController::Base
   def current_locale
     locale = params[:change_locale_to]
 
-    if locale.present? && I18n.locale_available?(locale)
-      session[:locale] = params[:change_locale_to]
-    end
+    session[:locale] = params[:change_locale_to] if locale.present? && I18n.locale_available?(locale)
 
     session[:locale] || current_usuarie&.lang || I18n.locale
   end
@@ -75,11 +70,6 @@ class ApplicationController < ActionController::Base
     I18n.with_locale(current_locale, &action)
   end
 
-  # Muestra una página 404
-  def page_not_found
-    render 'application/page_not_found', status: :not_found
-  end
-
   # Necesario para poder acceder a Blazer.  Solo les usuaries de este
   # sitio pueden acceder al panel.
   def require_usuarie
@@ -115,6 +105,16 @@ class ApplicationController < ActionController::Base
   def after_sign_in_path_for(resource)
     session[:locale] = nil
 
-    sites_path
+    super
+  end
+
+  # Guardar la ubicación para que devise redirija a donde íbamos, a
+  # menos que estemos recibiendo información o intentando ingresar.
+  def store_location!
+    return if request.xhr?
+    return unless request.request_method_symbol == :GET
+    return if devise_controller? && !is_a?(Devise::RegistrationsController) && params[:action] != 'edit'
+
+    session[:usuarie_return_to] = request.fullpath
   end
 end

app/controllers/concerns/exception_handler.rb

@@ -12,13 +12,31 @@ module ExceptionHandler
     rescue_from PageNotFound, with: :page_not_found
     rescue_from ActionController::RoutingError, with: :page_not_found
     rescue_from Pundit::NilPolicyError, with: :page_not_found
+    rescue_from Pundit::NilPolicyError, with: :page_not_found
+    rescue_from ActionController::RoutingError, with: :page_not_found
+    rescue_from ActionController::ParameterMissing, with: :page_not_found
   end
 
   def site_not_found
+    reset_response!
+
+    flash[:error] = I18n.t('errors.site_not_found')
+
     redirect_to sites_path
   end
 
   def page_not_found
-    send_file Rails.root.join('public', '404.html')
+    reset_response!
+
+    render 'application/page_not_found', status: :not_found
+  end
+
+  private
+
+  def reset_response!
+    self.response_body = nil
+    @_response_body = nil
+
+    headers.delete('Location')
   end
 end

app/controllers/concerns/moderation_concern.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module ModerationConcern
+  extend ActiveSupport::Concern
+
+  included do
+    private
+
+    def redirect_to_moderation_queue!
+      redirect_back fallback_location: site_moderation_queue_path(**(session[:moderation_queue_filters] || {}))
+    end
+
+    # @return [String]
+    def panel_actor_mention
+      @panel_actor_mention ||= ENV.fetch('PANEL_ACTOR_MENTION', '@sutty@sutty.nl')
+    end
+
+    def remote_flag_params(model)
+      remote_flag = ActivityPub::RemoteFlag.find_by(actor_id: model.actor_id)
+
+      { remote_flag_attributes: { id: remote_flag&.id, message: ''.dup } }.tap do |p|
+        p[:remote_flag_attributes][:site_id] = model.site_id
+        p[:remote_flag_attributes][:actor_id] = model.actor_id
+
+        I18n.available_locales.each do |locale|
+          p[:remote_flag_attributes][:message].tap do |m|
+            m << I18n.t(locale)
+            m << ': '
+            m << I18n.t('remote_flags.report_message', locale: locale, panel_actor_mention: panel_actor_mention)
+            m << '\n\n'
+          end
+        end
+      end
+    end
+  end
+end

app/controllers/concerns/moderation_filters_concern.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module ModerationFiltersConcern
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :store_filters_in_session!, only: %i[index show]
+
+    private
+
+    def store_filters_in_session!
+      session[:moderation_queue_filters] = params.permit(:instance_state, :actor_state, :activity_pub_state)
+    end
+  end
+end

app/controllers/env_controller.rb

@@ -4,7 +4,7 @@ class EnvController < ActionController::Base
   skip_before_action :verify_authenticity_token
 
   def index
-    @site = Site.find_by_name('panel')
+    @site = Site.find_by_name('panel') || Site.first
 
     stale? @site if @site
   end

app/controllers/fediblock_states_controller.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+# Estado de las listas de bloqueo en cada sitio
+class FediblockStatesController < ApplicationController
+  # Realiza cambios en las listas de bloqueo
+  def action_on_several
+    # Encontrar todas y deshabilitar las que no se enviaron
+    site.fediblock_states.all.find_each do |fediblock_state|
+      if fediblock_states_ids.include? fediblock_state.id
+        fediblock_state.enable! if fediblock_state.may_enable?
+      elsif fediblock_state.may_disable?
+        fediblock_state.disable!
+      end
+
+      flash[:success] = I18n.t('fediblock_states.action_on_several.success')
+    rescue Exception => e
+      ExceptionNotifier.notify_exception(e, data: { site: site.name })
+
+      flash.delete(:success)
+      flash[:error] = I18n.t('fediblock_states.action_on_several.error')
+    end
+
+    # Bloquear otras instancias
+    if custom_blocklist.present?
+      if ActivityPub::InstanceModerationJob.perform_now(site: site, hostnames: custom_blocklist)
+        flash[:success] = I18n.t('fediblock_states.action_on_several.custom_blocklist_success')
+      else
+        flash[:error] = I18n.t('fediblock_states.action_on_several.custom_blocklist_error')
+      end
+    end
+
+    redirect_to site_moderation_queue_path
+  end
+
+  private
+
+  def fediblock_states_ids
+    params[:fediblock_states_ids] || []
+  end
+
+  # La lista de hostnames
+  def custom_blocklist
+    @custom_blocklist ||= fediblocks_states_params[:custom_blocklist].split("\n").map(&:strip).select(&:present?)
+  end
+
+  def fediblocks_states_params
+    @fediblocks_states_params ||= params.permit(:custom_blocklist, fediblock_states_ids: [])
+  end
+end

app/controllers/instance_moderations_controller.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+# Actualiza la relación entre un sitio y una instancia
+class InstanceModerationsController < ApplicationController
+  include ModerationConcern
+
+  InstanceModeration.events.each do |event|
+    define_method(event) do
+      authorize instance_moderation
+
+      message =
+        if instance_moderation.public_send(:"may_#{event}?") && instance_moderation.public_send(:"#{event}!")
+          :success
+        else
+          :error
+        end
+
+      flash[message] = I18n.t("instance_moderations.#{event}.#{message}")
+
+      redirect_to_moderation_queue!
+    end
+  end
+
+  def action_on_several
+    redirect_to_moderation_queue!
+
+    instance_moderations = site.instance_moderations.where(id: params[:instance_moderation])
+
+    return if instance_moderations.count.zero?
+
+    authorize instance_moderations
+
+    action = params[:instance_moderation_action].to_sym
+    method = :"#{action}_all!"
+
+    return unless InstanceModeration.events.include? action
+
+    InstanceModeration.transaction do
+      message = instance_moderations.public_send(method) ? :success : :error
+
+      flash[:message] = I18n.t("instance_moderations.action_on_several.#{message}")
+    end
+  end
+
+  private
+
+  # @return [InstanceModeration]
+  def instance_moderation
+    @instance_moderation ||= site.instance_moderations.find(params[:instance_moderation_id])
+  end
+end

app/controllers/moderation_queue_controller.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+# Cola de moderación de ActivityPub
+class ModerationQueueController < ApplicationController
+  include ModerationFiltersConcern
+
+  before_action :authenticate_usuarie!
+
+  breadcrumb -> { current_usuarie.email }, :edit_usuarie_registration_path
+  breadcrumb 'sites.index', :sites_path, match: :exact
+
+  # Cola de moderación viendo todo el sitio
+  def index
+    authorize ModerationQueue.new(site)
+    breadcrumb site.title, site_posts_path(site)
+    breadcrumb I18n.t('moderation_queue.index.title'), ''
+
+    site.moderation_checked!
+
+    # @todo cambiar el estado por query
+    @activity_pubs = site.activity_pubs
+    @instance_moderations = rubanok_process(site.instance_moderations, with: InstanceModerationProcessor)
+    @actor_moderations = rubanok_process(site.actor_moderations, with: ActorModerationProcessor)
+    @moderation_queue = rubanok_process(site.activity_pubs, with: ActivityPubProcessor)
+  end
+end

app/controllers/sites_controller.rb

@@ -15,6 +15,19 @@ class SitesController < ApplicationController
     fresh_when @sites
   end
 
+  # Genera la caja del estado para HTMX
+  def status
+    authorize site
+
+    render('sites/status', layout: false) if stale? site
+  end
+
+  def button
+    authorize site
+
+    render('sites/build', layout: false)
+  end
+
   # No tenemos propiedades de un sitio aún, así que vamos al listado de
   # artículos
   def show

app/helpers/application_helper.rb

@@ -13,7 +13,7 @@ module ApplicationHelper
     root = names.shift
 
     names.each do |n|
-      root += '[' + n.to_s + ']'
+      root += "[#{n}]"
     end
 
     [root, name]
@@ -22,7 +22,7 @@ module ApplicationHelper
   def plain_field_name_for(*names)
     root, name = field_name_for(*names)
 
-    root + '[' + name.to_s + ']'
+    "#{root}[#{name}]"
   end
 
   def distance_of_time_in_words_if_more_than_a_minute(seconds)
@@ -33,10 +33,24 @@ module ApplicationHelper
     end
   end
 
-  # Devuelve todas las etiquetas HTML que queremos mantener
-  def all_html_tags
-    %w[h1 h2 h3 h4 h5 h6 p a ul ol li table tr td th tbody thead
-       tfoot em strong sup blockquote cite pre section article]
+  # Sanitizador que elimina todo
+  #
+  # @param html [String]
+  # @return [String]
+  def text_plain(html)
+    sanitize(html, tags: [], attributes: [])
+  end
+
+  # Sanitizador con etiquetas y atributos por defecto
+  #
+  # @param html [String]
+  # @param options [Hash]
+  # @return [String]
+  def sanitize(html, options = {})
+    options[:tags] ||= Sutty::ALLOWED_TAGS
+    options[:attributes] ||= Sutty::ALLOWED_ATTRIBUTES
+
+    super(html, options)
   end
 
   # Genera HTML y limpia etiquetas innecesarias

app/helpers/moderation_queue_helper.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module ModerationQueueHelper
+  def filter_states(**args)
+    params.permit(:instance_state, :actor_state, :activity_pub_state).merge(**args)
+  end
+
+  def active?(states, state_name, state)
+    if params[state_name].present?
+      params[state_name] == state.to_s
+    else
+      states.first == state
+    end
+  end
+end

app/javascript/controllers/details_controller.js

@@ -0,0 +1,17 @@
+import { Controller } from "stimulus";
+
+export default class extends Controller {
+  static targets = [];
+
+  connect() {
+    const state = window.sessionStorage.getItem(this.element.id);
+
+    if (state === "open") {
+      this.element.setAttribute("open", true);
+    }
+  }
+
+  store(event = undefined) {
+    window.sessionStorage.setItem(this.element.id, event.newState);
+  }
+}

app/javascript/controllers/dropdown_controller.js

@@ -0,0 +1,106 @@
+import { Controller } from "stimulus";
+
+// https://getbootstrap.com/docs/4.6/components/dropdowns/#single-button
+export default class extends Controller {
+  static targets = ["dropdown", "button", "item"];
+
+  // Al iniciar el controlador
+  connect() {
+    // Llevar la cuenta del item con foco
+    this.data.set("item", -1);
+
+    // Gestionar las teclas
+    this.keydownEvent = this.keydown.bind(this);
+    this.element.addEventListener("keydown", this.keydownEvent);
+
+    // Gestionar el foco
+    this.focusinEvent = this.focusin.bind(this);
+  }
+
+  // Al eliminar el controlador (al pasar a otra página)
+  disconnect() {
+    // Eliminar la gestión de teclas
+    this.element.removeEventListener("keydown", this.keydownEvent);
+    // Eliminar la gestión del foco
+    document.removeEventListener("focusin", this.focusinEvent);
+  }
+
+  // Mostrar u ocultar
+  toggle(event) {
+    (this.buttonTarget.ariaExpanded === "false") ? this.show() : this.hide();
+  }
+
+  // Mostrar
+  show() {
+    this.buttonTarget.ariaExpanded = "true";
+    this.element.classList.add("show");
+    this.dropdownTarget.classList.add("show");
+
+    // Activar la gestión del foco
+    document.addEventListener("focusin", this.focusinEvent);
+  }
+
+  // Ocultar
+  hide() {
+    this.buttonTarget.ariaExpanded = "false";
+    this.element.classList.remove("show");
+    this.dropdownTarget.classList.remove("show");
+    // Volver al inicio el foco de items
+    this.data.set("item", -1);
+
+    // Desactivar la gestión del foco
+    document.removeEventListener("focusin", this.focusinEvent);
+  }
+
+  // Gestionar el foco
+  focusin(event) {
+    const item = this.itemTargets.find(x => x === event.target);
+
+    // Si el foco se coloca sobre elementos del controlador, no hacer
+    // nada
+    if (event.target === this.buttonTarget || item) {
+      // Si es un item, el comportamiento de las flechas verticales y el
+      // Tab tiene que ser igual
+      if (item) this.data.set("item", this.itemTargets.indexOf(item));
+
+      return;
+    }
+
+    // De lo contrario, ocultar
+    this.hide();
+  }
+
+  // Gestionar las teclas
+  keydown(event) {
+    const initial = parseInt(this.data.get("item"));
+    let item = initial;
+
+    switch (event.keyCode) {
+      case 27:
+        // Esc cierra el menú y devuelve el foco
+        this.hide();
+        this.buttonTarget.focus();
+        break;
+      case 38:
+        // Moverse hacia arriba con tope en el primer item
+        if (item > -1) item--;
+
+        break;
+      case 40:
+        // Moverse hacia abajo con tope en el último ítem, si el
+        // dropdown estaba cerrado, abrirlo.
+        if (item === -1) this.show();
+        if (item <= this.itemTargets.length) item++;
+
+        break;
+    }
+
+    // Si cambió la posición del ítem, darle foco y actualizar el
+    // contador.
+    if (initial !== item) {
+      this.itemTargets[item]?.focus();
+
+      this.data.set("item", item);
+    }
+  }
+}

app/javascript/controllers/select_all_controller.js

@@ -0,0 +1,11 @@
+import { Controller } from "stimulus";
+
+export default class extends Controller {
+  static targets = ["toggle", "input"];
+
+  toggle(event = undefined) {
+    this.inputTargets.forEach(input => {
+      input.checked = this.toggleTarget.checked;
+    });
+  }
+}

app/javascript/etc/htmx_abort.js

@@ -0,0 +1,7 @@
+// Cancela las peticiones pendientes de htmx para todos los elementos al
+// cambiar de página.
+document.addEventListener("turbolinks:click", () => {
+  for (const hx of document.querySelectorAll("[hx-get]")) {
+    window.htmx.trigger(hx, "htmx:abort");
+  }
+});

app/javascript/etc/index.js

@@ -7,3 +7,4 @@ import './timezone'
 import './turbolinks-anchors'
 import './validation'
 import './new_editor'
+import './htmx_abort'

app/javascript/packs/application.js

@@ -9,9 +9,16 @@ try {
     host: window.env.PANEL_URL
   });
 
+  const ignoredErrors = ["htmx:afterRequest", "htmx:sendAbort"];
+
   console.originalError = console.error;
   console.error = (...e) => {
-    window.airbrake.notify(e.join(" "));
+    const msg = e.join(" ");
+
+    if (!ignoredErrors.some(x => msg.includes(x))) {
+      window.airbrake.notify(e.join(" "));
+    }
+
     return console.originalError(...e);
   };
 } catch(e) {
@@ -33,3 +40,5 @@ import 'chartkick/chart.js'
 Rails.start()
 Turbolinks.start()
 ActiveStorage.start()
+
+window.htmx = require('htmx.org/dist/htmx.js')

app/jobs/activity_pub/fediblock_fetch_job.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  # Se encarga de mantener las listas de bloqueo actualizadas.  Luego de
+  # actualizar el listado de instancias, bloquea las instancias en cada
+  # sitio que tenga el fediblock habilitado.
+  class FediblockFetchJob < ApplicationJob
+    self.priority = 50
+
+    def perform
+      ActivityPub::Fediblock.find_each do |fediblock|
+        fediblock.process!
+
+        hostnames_added = fediblock.hostnames - fediblock.hostnames_was
+
+        # No hacer nada si no cambió con respecto a la versión anterior
+        next if hostnames_added.empty?
+
+        ActivityPub::FediblockUpdatedJob.perform_later(fediblock: fediblock, hostnames: hostnames_added)
+      rescue ActivityPub::Fediblock::FediblockDownloadError => e
+        ExceptionNotifier.notify_exception(e, data: { fediblock: fediblock.title })
+      end
+    end
+  end
+end

app/jobs/activity_pub/fediblock_updated_job.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+# Se encarga de mantener sincronizadas las listas de instancias
+# de los fediblocks con los sitios que las tengan activadas.
+#
+# También va a asociar las listas con todos los sitios que tengan la
+# Social Inbox habilitada.
+class ActivityPub
+  class FediblockUpdatedJob < ApplicationJob
+    self.priority = 50
+
+    # @param :fediblock [ActivityPub::Fediblock]
+    # @param :hostnames [Array<String>]
+    def perform(fediblock:, hostnames:)
+      instances = ActivityPub::Instance.where(hostname: hostnames)
+
+      # Todos los sitios con la Social Inbox habilitada
+      Site.where(id: DeploySocialDistributedPress.pluck(:site_id)).find_each do |site|
+        # Crea el estado si no existía
+        fediblock_state = site.fediblock_states.find_or_create_by(fediblock: fediblock)
+
+        # No hace nada con los deshabilitados
+        next unless fediblock_state.enabled?
+
+        ActivityPub::InstanceModerationJob.perform_later(site: site, hostnames: hostnames)
+      end
+    end
+  end
+end

app/jobs/activity_pub/fetch_job.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+# Obtiene o actualiza el contenido de un objeto, usando las credenciales
+# del sitio.
+#
+# XXX: Esto usa las credenciales del sitio para volver el objeto
+# disponible para todo el CMS.  Asumimos que el objeto devuelto es el
+# mismo para todo el mundo y las credenciales solo son para
+# autenticación.
+class ActivityPub
+  class FetchJob < ApplicationJob
+    self.priority = 50
+
+    attr_reader :object, :response
+
+    # Notificar errores de JSON con el contenido, tomar los errores de
+    # validación y conexión como errores temporales y notificar todo lo
+    # demás sin reintentar.
+    #
+    # @param error [Exception]
+    # @return [Bool]
+    discard_on(FastJsonparser::ParseError) do |error|
+      ExceptionNotifier.notify_exception(error, data: { site: site.name, object: object.uri, body: response.body })
+    end
+
+    retry_on ActiveRecord::RecordInvalid
+    retry_on SocketError, wait: ApplicationJob.random_wait
+    retry_on SystemCallError, wait: ApplicationJob.random_wait
+    retry_on Net::OpenTimeout, wait: ApplicationJob.random_wait
+    retry_on OpenSSL::OpenSSLError, wait: ApplicationJob.random_wait
+
+    def perform(site:, object_id:)
+      ActivityPub::Object.transaction do
+        @site = site
+        @object = ::ActivityPub::Object.find(object_id)
+
+        return if object.blank?
+        return if object.activity_pubs.where(aasm_state: 'removed').count.positive?
+
+        @response = site.social_inbox.dereferencer.get(uri: object.uri)
+
+        # @todo Fallar cuando la respuesta no funcione?
+        # @todo Eliminar en 410 Gone
+        return unless response.success?
+        # Ignorar si ya la caché fue revalidada y ya teníamos el
+        # contenido
+        return if response.hit? && object.content.present?
+
+        current_type = object.type
+        content = FastJsonparser.parse(response.body)
+
+        # Modificar atómicamente
+        ::ActivityPub::Object.lock.find(object_id).update!(content: content,
+                                                           type: ActivityPub::Object.type_from(content).name)
+
+        object = ::ActivityPub::Object.find(object_id)
+        # Actualiza la mención
+        object.actor&.save! if object.actor_type?
+
+        # Arreglar las relaciones con actividades también
+        ActivityPub.where(object_id: object.id).update_all(object_type: object.type, updated_at: Time.now)
+      end
+    end
+  end
+end

app/jobs/activity_pub/inbox_job.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  class InboxJob < ApplicationJob
+    self.priority = 10
+
+    # @param :site [Site]
+    # @param :activity [String]
+    # @param :action [Symbol]
+    def perform(site:, activity:, action:)
+      response = site.social_inbox.inbox.public_send(action, id: activity)
+
+      raise response.body unless response.success?
+    end
+  end
+end

app/jobs/activity_pub/instance_fetch_job.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  # Obtiene o actualiza los datos de una instancia.  Usamos un cliente
+  # de ActivityPub porque la instancia podría estar en federación
+  # limitada.
+  class InstanceFetchJob < ApplicationJob
+    self.priority = 100
+
+    def perform(site:, instance:)
+      %w[/api/v2/instance /api/v1/instance].each do |api|
+        uri = SocialInbox.generate_uri(instance.hostname) do |u|
+          u.path = api
+        end
+
+        response = site.social_inbox.dereferencer.get(uri: uri)
+
+        next unless response.success?
+        # @todo Validate schema
+        next unless response.parsed_response.is_a?(DistributedPress::V1::Social::ReferencedObject)
+
+        instance.update(content: response.parsed_response.object)
+
+        break
+      rescue BRS::BaseError,
+             Errno::ECONNREFUSED,
+             HTTParty::Error,
+             JSON::JSONError,
+             Net::OpenTimeout,
+             OpenSSL::OpenSSLError,
+             SocketError,
+             Errno::ENETUNREACH => e
+        ExceptionNotifier.notify_exception(e, data: { instance: uri })
+        break
+      end
+    end
+  end
+end

app/jobs/activity_pub/instance_moderation_job.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  # Bloquea varias instancias de una sola vez
+  class InstanceModerationJob < ApplicationJob
+    # @param :site [Site]
+    # @param :hostnames [Array<String>]
+    # @param :perform_remotely [Bool]
+    def perform(site:, hostnames:, perform_remotely: true)
+      # Crear las instancias que no existan todavía
+      hostnames.each do |hostname|
+        ActivityPub::Instance.lock.find_or_create_by(hostname: hostname)
+      end
+
+      instances = ActivityPub::Instance.where(hostname: hostnames)
+
+      Site.transaction do
+        # Crea todas las moderaciones de instancia con un estado por
+        # defecto si no existen
+        instances.find_each do |instance|
+          # Esto bloquea cada una individualmente en la Social Inbox,
+          # idealmente son pocas instancias las que aparecen.
+          site.instance_moderations.lock.find_or_create_by(instance: instance)
+        end
+
+        scope = site.instance_moderations.where(instance_id: instances.ids)
+
+        if perform_remotely
+          scope.block_all!
+        else
+          scope.block_all_without_callbacks!
+        end
+
+        ActivityPub::SyncListsJob.perform_later(site: site)
+      end
+    end
+  end
+end

app/jobs/activity_pub/process_job.rb

@@ -0,0 +1,145 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  # Procesar las actividades a medida que llegan
+  class ProcessJob < ApplicationJob
+    attr_reader :body
+
+    retry_on ActiveRecord::RecordInvalid
+
+    # Procesa la actividad en segundo plano
+    #
+    # @param :body [String]
+    # @param :initial_state [Symbol,String]
+    def perform(site:, body:, initial_state: :paused)
+      @site = site
+      @body = body
+
+      ActiveRecord::Base.connection_pool.with_connection do
+        ::ActivityPub.transaction do
+          # Crea todos los registros necesarios y actualiza el estado
+          actor.present?
+          instance.present?
+          object.present?
+          activity_pub.present?
+          activity_pub.update(aasm_state: initial_state)
+
+          activity.update_activity_pub_state!
+        end
+      end
+    end
+
+    private
+
+    # Si el objeto ya viene incorporado en la actividad o lo tenemos
+    # que traer remotamente.
+    #
+    # @return [Bool]
+    def object_embedded?
+      @object_embedded ||= original_activity[:object].is_a?(Hash)
+    end
+
+    # Encuentra la URI del objeto o falla si no la encuentra.
+    #
+    # @return [String]
+    def object_uri
+      @object_uri ||= ::ActivityPub.uri_from_object(original_activity[:object])
+    ensure
+      raise ActiveRecord::RecordNotFound, 'object id missing' if @object_uri.blank?
+    end
+
+    # Atajo a la instancia
+    #
+    # @return [ActivityPub::Instance]
+    def instance
+      actor.instance
+    end
+
+    # Genera un objeto a partir de la actividad.  Si el objeto ya
+    # existe, actualiza su contenido.  Si el objeto no viene
+    # incorporado, obtenemos el contenido más tarde.
+    #
+    # @return [ActivityPub::Object]
+    def object
+      @object ||= ::ActivityPub::Object.lock.find_or_initialize_by(uri: object_uri).tap do |o|
+        o.lock! if o.persisted?
+        o.content = original_object if object_embedded?
+
+        o.save!
+
+        # XXX: el objeto necesita ser guardado antes de poder
+        # procesarlo.  No usamos GlobalID porque el tipo de objeto
+        # cambia y produce un error de deserialización.
+        ::ActivityPub::FetchJob.perform_later(site: site, object_id: o.id) unless object_embedded?
+      end
+    end
+
+    # Genera el seguimiento del estado del objeto con respecto al
+    # sitio.
+    #
+    # @return [ActivityPub]
+    def activity_pub
+      @activity_pub ||= site.activity_pubs.lock.find_or_create_by!(site: site, actor: actor, instance: instance,
+                                                                   object_id: object.id, object_type: object.type)
+    end
+
+    # Crea la actividad y la vincula con el estado
+    #
+    # @return [ActivityPub::Activity]
+    def activity
+      @activity ||=
+        ::ActivityPub::Activity
+        .type_from(original_activity)
+        .lock
+        .find_or_initialize_by(uri: original_activity[:id], activity_pub: activity_pub, actor: actor).tap do |a|
+          a.lock! if a.persisted?
+          a.content = original_activity.dup
+          a.content[:object] = object.uri
+          a.save!
+        end
+    end
+
+    # Actor, si no hay instancia, la crea en el momento, junto con
+    # su estado de moderación.
+    #
+    # @return [Actor]
+    def actor
+      @actor ||= ::ActivityPub::Actor.lock.find_or_initialize_by(uri: original_activity[:actor]).tap do |a|
+        a.lock! if a.persisted?
+
+        unless a.instance
+          a.instance = ::ActivityPub::Instance.lock.find_or_create_by(hostname: URI.parse(a.uri).hostname)
+
+          ::ActivityPub::InstanceFetchJob.perform_later(site: site, instance: a.instance)
+        end
+
+        site.instance_moderations.lock.find_or_create_by(instance: a.instance)
+        a.save!
+
+        site.actor_moderations.lock.find_or_create_by(actor: a)
+
+        ::ActivityPub::FetchJob.perform_later(site: site, object_id: a.object.id)
+      end
+    end
+
+    # @return [Hash,String]
+    def original_object
+      @original_object ||= original_activity[:object].dup.tap do |o|
+        o[:@context] = original_activity[:@context].dup
+      end
+    end
+
+    # Descubre la actividad recibida, generando un error si la
+    # actividad no está dirigida a nosotres.
+    #
+    # @todo Validar formato con Dry::Schema
+    # @return [Hash]
+    def original_activity
+      @original_activity ||= FastJsonparser.parse(body).tap do |activity|
+        raise '@context missing' unless activity[:@context].present?
+        raise 'id missing' unless activity[:id].present?
+        raise 'object missing' unless activity[:object].present?
+      end
+    end
+  end
+end

app/jobs/activity_pub/remote_flag_job.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+# Envía un reporte directamente a la instancia remota
+#
+# @todo El panel debería ser su propia instancia y firmar sus propios
+# mensajes.
+# @todo Como la Social Inbox no soporta enviar actividades
+# a destinataries que no sean seguidores, enviamos el reporte
+# directamente a la instancia.
+# @see {https://github.com/hyphacoop/social.distributed.press/issues/14}
+class ActivityPub
+  class RemoteFlagJob < ApplicationJob
+    self.priority = 30
+
+    def perform(remote_flag:)
+      return unless remote_flag.may_queue?
+
+      inbox = remote_flag.actor&.content&.[]('inbox')
+
+      raise 'Inbox is missing for actor' if inbox.blank?
+
+      remote_flag.queue!
+
+      uri = URI.parse(inbox)
+      client = remote_flag.main_site.social_inbox.client_for(uri.origin)
+      response = client.post(endpoint: uri.path, body: remote_flag.content)
+
+      raise 'No se pudo enviar el reporte' unless response.success?
+
+      remote_flag.report!
+    rescue Exception => e
+      ExceptionNotifier.notify_exception(e, data: { remote_flag: remote_flag.id, response: response.parsed_response })
+      remote_flag.resend!
+      raise
+    end
+  end
+end

app/jobs/activity_pub/sync_lists_job.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  # Sincroniza las listas de bloqueo y permitidas con el estado actual
+  # de la base de datos.
+  class SyncListsJob < ApplicationJob
+    # Siempre correr al final
+    self.priority = 100
+
+    attr_reader :logs
+
+    # Ejecuta todas las requests y consolida los posibles errores.
+    #
+    # @param site [Site]
+    def run(site:)
+      @logs = {}
+
+      instance_scope = site.instance_moderations.joins(:instance)
+      actor_scope = site.actor_moderations.joins(:actor)
+
+      blocklist = wildcardize(instance_scope.blocked.pluck(:hostname)) + actor_scope.blocked.distinct.pluck(:mention).compact + actor_scope.reported.distinct.pluck(:mention).compact
+      allowlist = wildcardize(instance_scope.allowed.pluck(:hostname)) + actor_scope.allowed.distinct.pluck(:mention).compact
+      pauselist = wildcardize(instance_scope.paused.pluck(:hostname)) + actor_scope.paused.distinct.pluck(:mention).compact
+
+      if blocklist.present?
+        Rails.logger.info "Bloqueando: #{blocklist.join(', ')}"
+        process(:blocked) { site.social_inbox.allowlist.delete(list: blocklist) }
+        process(:blocked) { site.social_inbox.blocklist.post(list: blocklist) }
+      end
+
+      if allowlist.present?
+        Rails.logger.info "Permitiendo: #{allowlist.join(', ')}"
+        process(:allowed) { site.social_inbox.blocklist.delete(list: allowlist) }
+        process(:allowed) { site.social_inbox.allowlist.post(list: allowlist) }
+      end
+
+      if pauselist.present?
+        Rails.logger.info "Pausando: #{pauselist.join(', ')}"
+        process(:paused) { site.social_inbox.blocklist.delete(list: pauselist) }
+        process(:paused) { site.social_inbox.allowlist.delete(list: pauselist) }
+      end
+
+      # Si alguna falló, reintentar
+      raise if logs.present?
+    rescue Exception => e
+      ExceptionNotifier.notify_exception(e,
+                                         data: { site: site.name, logs: logs, blocklist: blocklist,
+                                                 allowlist: allowlist, pauselist: pauselist })
+
+      raise
+    end
+
+    private
+
+    def process(stage)
+      response = yield
+
+      return if response.success?
+
+      logs[stage] ||= []
+      logs[stage] << { body: response.body, code: response.code }
+    end
+
+    # @params hostnames [Array<String>]
+    # @return [Array<String>]
+    def wildcardize(hostnames)
+      hostnames.map do |hostname|
+        "@*@#{hostname}"
+      end
+    end
+  end
+end

app/jobs/application_job.rb

@@ -4,9 +4,21 @@
 class ApplicationJob < ActiveJob::Base
   include Que::ActiveJob::JobExtensions
 
-  private
+  # Esperar una cantidad random de segundos primos, para que no se
+  # superpongan tareas
+  #
+  # @return [Array<Integer>]
+  RANDOM_WAIT = [3, 5, 7, 11, 13].freeze
 
-  def site
-    @site ||= Site.find @params[:site_id]
+  # @return [ActiveSupport::Duration]
+  def self.random_wait
+    RANDOM_WAIT.sample.seconds
+  end
+
+  attr_reader :site
+
+  # Si falla por cualquier cosa informar y descartar
+  discard_on(Exception) do |job, error|
+    ExceptionNotifier.notify_exception(error, data: { job: job })
   end
 end

app/jobs/backtrace_job.rb

@@ -6,10 +6,10 @@ class BacktraceJob < ApplicationJob
 
   EMPTY_SOURCEMAP = { 'mappings' => '' }.freeze
 
-  attr_reader :params, :site_id
+  attr_reader :params
 
-  def perform(site_id:, params:)
-    @site_id = site_id
+  def perform(site:, params:)
+    @site = site
     @params = params
 
     unless sources.empty?
@@ -44,10 +44,6 @@ class BacktraceJob < ApplicationJob
 
   private
 
-  def site
-    @site ||= Site.find_by_id(site_id)
-  end
-
   # Obtiene todos los archivos del backtrace solo si los puede descargar
   # desde fuentes seguras.
   #
@@ -59,9 +55,7 @@ class BacktraceJob < ApplicationJob
                    x['backtrace']
                  end.flatten.map do |x|
                    x['file'].split('@').last
-                 end.uniq.select do |x|
-                   %r{\Ahttps://} =~ x
-                 end
+                 end.uniq.grep(%r{\Ahttps://})
   end
 
   # Descarga y devuelve los datos de un archivo

app/jobs/contact_job.rb

@@ -5,10 +5,8 @@ class ContactJob < ApplicationJob
   # @param [Integer]
   # @param [String]
   # @param [Hash]
-  def perform(site_id, form_name, form, origin = nil)
-    # Retrocompabilidad al actualizar a 2.7.1
-    # @see ApplicationJob#site
-    @params = { site_id: site_id }
+  def perform(site, form_name, form, origin = nil)
+    @site = site
 
     # Sanitizar los valores
     form.each_key do |key|
@@ -23,7 +21,7 @@ class ContactJob < ApplicationJob
     usuaries.each_slice(10) do |u|
       ContactMailer.with(form_name: form_name,
                          form: form,
-                         site_id: site_id,
+                         site: site,
                          usuaries_emails: u,
                          origin: origin)
                    .notify_usuaries.deliver_now

app/jobs/deploy_job.rb

@@ -11,44 +11,36 @@ class DeployJob < ApplicationJob
   # Lanzar lo antes posible
   self.priority = 10
 
-  def handle_error(error)
-    case error
-    when DeployAlreadyRunningException then retry_in 1.minute
-    when DeployTimedOutException then expire
-    else super
-    end
-  end
+  retry_on DeployAlreadyRunningException, wait: 1.minute
+  discard_on DeployTimedOutException
 
   # rubocop:disable Metrics/MethodLength
   def perform(site, notify: true, time: Time.now, output: false)
-    @output = output
+    @site = site
 
     ActiveRecord::Base.connection_pool.with_connection do
-      @site = Site.find(site)
-
       # Si ya hay una tarea corriendo, aplazar esta.  Si estuvo
       # esperando más de 10 minutos, recuperar el estado anterior.
       #
       # Como el trabajo actual se aplaza al siguiente, arrastrar la
       # hora original para poder ir haciendo timeouts.
-      if @site.building?
+      if site.building?
         notify = false
 
-        if 10.minutes.ago >= time
-          raise DeployTimedOutException,
-                "#{@site.name} la tarea estuvo más de 10 minutos esperando, volviendo al estado original"
-        else
-          raise DeployAlreadyRunningException
-        end
+        raise DeployAlreadyRunningException unless 10.minutes.ago >= time
+
+        raise DeployTimedOutException,
+              "#{site.name} la tarea estuvo más de 10 minutos esperando, volviendo al estado original"
+
       end
 
       @deployed = {}
-      @site.update status: 'building'
-      @site.deployment_list.each do |d|
+      site.update status: 'building'
+      site.deployment_list.each do |d|
         begin
           raise DeployException, 'Una dependencia falló' if failed_dependencies? d
 
-          status = d.deploy(output: @output)
+          status = d.deploy(output: output)
           seconds = d.build_stats.last.try(:seconds) || 0
           size = d.size
           urls = d.urls.map do |url|
@@ -57,9 +49,7 @@ class DeployJob < ApplicationJob
             nil
           end.compact
 
-          if d == @site.deployment_list.last && !status
-            raise DeployException, 'Falló la compilación'
-          end
+          raise DeployException, 'Falló la compilación' if d == site.deployment_list.last && !status
         rescue StandardError => e
           status = false
           seconds ||= 0
@@ -78,9 +68,9 @@ class DeployJob < ApplicationJob
         }
       end
 
-      return unless @output
+      return unless output
 
-      puts (Terminal::Table.new do |t|
+      puts(Terminal::Table.new do |t|
         t << (%w[type] + @deployed.values.first.keys)
         t.add_separator
         @deployed.each do |type, row|
@@ -88,12 +78,12 @@ class DeployJob < ApplicationJob
         end
       end)
     ensure
-      if @site.present?
-        @site.update status: 'waiting'
+      if site.present?
+        site.update status: 'waiting'
 
         notify_usuaries if notify
 
-        puts "\a" if @output
+        puts "\a" if output
       end
     end
   end
@@ -123,7 +113,7 @@ class DeployJob < ApplicationJob
   # @param :deploy [Deploy]
   def notify_exception(exception, deploy = nil)
     data = {
-      site: @site.id,
+      site: site.name,
       deploy: deploy&.type,
       log: deploy&.build_stats&.last&.log,
       failed_dependencies: (failed_dependencies(deploy) if deploy)
@@ -133,8 +123,10 @@ class DeployJob < ApplicationJob
   end
 
   def notify_usuaries
-    @site.roles.where(rol: 'usuarie', temporal: false).pluck(:usuarie_id).each do |usuarie|
-      DeployMailer.with(usuarie: usuarie, site: @site.id)
+    usuarie_ids = site.roles.where(rol: 'usuarie', temporal: false).pluck(:usuarie_id)
+
+    Usuarie.where(id: usuarie_ids).find_each do |usuarie|
+      DeployMailer.with(usuarie: usuarie, site: site)
                   .deployed(@deployed)
                   .deliver_now
     end

app/jobs/git_pull_job.rb

@@ -7,6 +7,8 @@ class GitPullJob < ApplicationJob
   # @param :usuarie [Usuarie]
   # @return [nil]
   def perform(site, usuarie)
+    @site = site
+
     return unless site.repository.origin
     return unless site.repository.fetch.positive?
 

app/jobs/git_push_job.rb

@@ -6,6 +6,8 @@ class GitPushJob < ApplicationJob
   # @param :site [Site]
   # @return [nil]
   def perform(site)
-    site.repository.push if site.repository.origin 
+    @site = site
+
+    site.repository.push if site.repository.origin
   end
-end
+end

app/jobs/maintenance_job.rb

@@ -15,8 +15,7 @@
 # Lo mismo para salir de mantenimiento, agregando el atributo
 # are_we_back: true al crear el Maintenance.
 class MaintenanceJob < ApplicationJob
-  def perform(maintenance_id:)
-    maintenance = Maintenance.find(maintenance_id)
+  def perform(maintenance:)
     # Decidir cuál vamos a enviar según el estado de Maintenance
     mailer = maintenance.are_we_back ? :were_back : :notice
 

app/jobs/periodic_job.rb

@@ -6,9 +6,6 @@ class PeriodicJob < ApplicationJob
 
   STARTING_INTERVAL = Stat::INTERVALS.first
 
-  # Tener el sitio a mano
-  attr_reader :site
-
   # Descartar y notificar si pasó algo más.
   #
   # XXX: En realidad deberíamos seguir reintentando?

app/jobs/stat_collection_job.rb

@@ -7,8 +7,8 @@ class StatCollectionJob < PeriodicJob
 
   STAT_NAME = 'stat_collection_job'
 
-  def perform(site_id:, once: true)
-    @site = Site.find site_id
+  def perform(site:, once: true)
+    @site = site
     beginning = beginning_of_interval
     stat = site.stats.create! name: STAT_NAME
 
@@ -22,7 +22,7 @@ class StatCollectionJob < PeriodicJob
       rollup.average(:seconds)
     end
 
-    dimensions = { site_id: site_id }
+    dimensions = { site_id: site.id }
 
     reduce_rollup(name: 'builds', operation: :sum, dimensions: dimensions)
     reduce_rollup(name: 'space_used', operation: :average, dimensions: dimensions)

app/jobs/uri_collection_job.rb

@@ -16,8 +16,8 @@ class UriCollectionJob < PeriodicJob
   IMAGES = %w[.png .jpg .jpeg .gif .webp .jfif].freeze
   STAT_NAME = 'uri_collection_job'
 
-  def perform(site_id:, once: true)
-    @site = Site.find site_id
+  def perform(site:, once: true)
+    @site = site
 
     # Obtener el principio del intervalo anterior
     beginning_of_interval

app/lib/jekyll/readers/data_reader_decorator.rb

@@ -14,6 +14,8 @@ module Jekyll
       extend ActiveSupport::Concern
 
       included do
+        DATA_EXTENSIONS = %w[.yaml .yml .json .csv .tsv].freeze
+
         def read_data_to(dir, data)
           return unless File.directory?(dir) && !@entry_filter.symlink?(dir)
 
@@ -24,7 +26,7 @@ module Jekyll
 
             if File.directory?(path)
               read_data_to(path, data[sanitize_filename(entry)] = {})
-            else
+            elsif DATA_EXTENSIONS.include?(File.extname(entry))
               key = sanitize_filename(File.basename(entry, ".*"))
               data[key] = read_data_file(path)
             end

app/mailers/application_mailer.rb

@@ -10,7 +10,7 @@ class ApplicationMailer < ActionMailer::Base
   private
 
   def site
-    @site ||= Site.find @params[:site_id]
+    @site ||= @params[:site]
   end
 
   def inline_logo!

app/mailers/deploy_mailer.rb

@@ -13,8 +13,7 @@ class DeployMailer < ApplicationMailer
 
   # rubocop:disable Metrics/AbcSize
   def deployed(deploys = {})
-    usuarie = Usuarie.find(params[:usuarie])
-    site = usuarie.sites.find(params[:site])
+    usuarie = params[:usuarie]
     hostname = site.hostname
     deploys ||= {}
 

app/mailers/invitadx_mailer.rb

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-class InvitadxMailer < ApplicationMailer
-  def confirmation_required
-    @invitadx = params[:invitadx]
-    @site = params[:site]
-    mail from: "#{@site.config.dig('title')} <#{ENV.fetch('DEFAULT_FROM', 'sutty@kefir.red')}>", to: @invitadx.email, subject: t('.subject')
-  end
-end

app/models/activity_pub.rb

@@ -0,0 +1,152 @@
+# frozen_string_literal: true
+
+# = ActivityPub =
+#
+# El registro de actividades recibidas y su estado.  Cuando recibimos
+# una actividad, puede estar destinada a varies actores dentro de Sutty,
+# con lo que generamos una cola para cada une.
+#
+#
+# @todo Ya que une actore puede hacer varias actividades sobre el mismo
+# objeto, lo correcto sería que la actividad a moderar sea una sola en
+# lugar de una lista acumulativa. Es decir cada ActivityPub representa
+# el estado del conjunto (Actor, Object, Activity)
+#
+# @see {https://www.w3.org/TR/activitypub/#client-to-server-interactions}
+class ActivityPub < ApplicationRecord
+  IGNORED_EVENTS = %i[pause remove].freeze
+  IGNORED_STATES = %i[removed].freeze
+
+  include AASM
+
+  belongs_to :instance
+  belongs_to :site
+  belongs_to :object, polymorphic: true
+  belongs_to :actor
+  belongs_to :remote_flag, optional: true, class_name: 'ActivityPub::RemoteFlag'
+  has_many :activities
+
+  validates :site_id, presence: true
+  validates :object_id, presence: true
+  validates :aasm_state, presence: true, inclusion: { in: %w[paused approved rejected reported removed] }
+
+  accepts_nested_attributes_for :remote_flag
+
+  # Encuentra la URI de un objeto
+  #
+  # @return [String, nil]
+  def self.uri_from_object(object)
+    case object
+    when Array then uri_from_object(object.first)
+    when String then object
+    when Hash then (object['id'] || object[:id])
+    end
+  end
+
+  # Obtiene el campo `url` de diversas formas. Si es una String, asumir
+  # que es una URL, si es un Hash, asumir que es un Link, si es un
+  # Array de Strings, obtener la primera, si es de Hash, obtener el
+  # primer link con rel=canonical y mediaType=text/html
+  #
+  # De lo contrario devolver el ID.
+  #
+  # @todo Refactorizar
+  # @param object [Hash]
+  # @return [String]
+  def self.url_from_object(object)
+    raise unless object.respond_to?(:[])
+
+    url =
+      case object['url']
+      when String then object['url']
+      when Hash then object['href']
+      # Esto es un lío porque queremos saber si es un Array<Hash> o
+      # Array<String> o mezcla y obtener el que más nos convenga o
+      # adivinar uno.
+      when Array
+        links = object['url'].map.with_index do |link, _i|
+          case link
+          when Hash then link
+          else { 'href' => link.to_s }
+          end
+        end
+
+        links.find do |link|
+          link['rel'] == 'canonical' && link['mediaType'] == 'text/html'
+        end&.[]('href') || links.first&.[]('href')
+      end
+
+    url || object['id']
+  end
+
+  aasm do
+    # Todavía no hay una decisión sobre el objeto
+    state :paused, initial: true
+    # Le usuarie aprobó el objeto
+    state :approved
+    # Le usuarie rechazó el objeto
+    state :rejected
+    # Le usuarie reportó el objeto
+    state :reported
+    # Le actore eliminó el objeto
+    state :removed
+
+    # Gestionar todos los errores
+    error_on_all_events do |e|
+      ExceptionNotifier.notify_exception(e,
+                                         data: { site: site.name, activity_pub: id, activity: activities.first.uri })
+    end
+
+    # Se puede volver a pausa en caso de actualización remota, para
+    # revisar los cambios.
+    event :pause do
+      transitions to: :paused
+    end
+
+    # Recibir una acción de eliminación, eliminar el contenido de la
+    # base de datos. Esto elimina el contenido para todos los sitios
+    # porque estamos respetando lo que pidió le actore.
+    event :remove do
+      transitions to: :removed
+
+      after do
+        next if object.blank?
+
+        object.update(content: {}) unless object.content.empty?
+      end
+    end
+
+    # La actividad se aprueba, informándole a la Social Inbox que está
+    # aprobada. También recibimos la aprobación via
+    # webhook a modo de confirmación.
+    event :approve do
+      transitions from: %i[paused], to: :approved
+
+      after do
+        ActivityPub::InboxJob.perform_later(site: site, activity: activities.first.uri, action: :accept)
+      end
+    end
+
+    # La actividad fue rechazada
+    event :reject do
+      transitions from: %i[paused approved], to: :rejected
+
+      after do
+        ActivityPub::InboxJob.perform_later(site: site, activity: activities.first.uri, action: :reject)
+      end
+    end
+
+    # Reportarla implica rechazarla
+    event :report do
+      transitions from: %i[paused approved rejected], to: :reported
+
+      after do
+        ActivityPub::InboxJob.perform_later(site: site, activity: activities.first.uri, action: :reject)
+        ActivityPub::RemoteFlagJob.perform_later(remote_flag: remote_flag) if remote_flag.waiting?
+      end
+    end
+  end
+
+  # Definir eventos en masa
+  include AasmEventsConcern
+end

app/models/activity_pub/activity.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+# = Activity =
+#
+# Lleva un registro de las actividades que nos piden hacer remotamente.
+#
+# Las actividades pueden tener distintos destinataries (sitios/actores).
+#
+# @todo Obtener el contenido del objeto dinámicamente si no existe
+# localmente, por ejemplo cuando la actividad crea un objeto pero lo
+# envía como referencia en lugar de anidarlo.
+#
+# @see {https://www.w3.org/TR/activitypub/#client-to-server-interactions}
+class ActivityPub
+  class Activity < ApplicationRecord
+    include ActivityPub::Concerns::JsonLdConcern
+
+    belongs_to :activity_pub
+    belongs_to :actor, touch: true
+    has_one :object, through: :activity_pub
+
+    validates :activity_pub_id, presence: true
+    # Las actividades son únicas con respecto a su estado
+    validates :uri, presence: true, url: true, uniqueness: { scope: :activity_pub_id, message: 'estado duplicado' }
+
+    # Siempre en orden descendiente para saber el último estado
+    default_scope -> { order(created_at: :desc) }
+
+    # Cambia la máquina de estados según el tipo de actividad
+    def update_activity_pub_state!
+      nil
+    end
+  end
+end

app/models/activity_pub/activity/announce.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  class Activity
+    # Boost
+    class Announce < ActivityPub::Activity; end
+  end
+end

app/models/activity_pub/activity/create.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  class Activity
+    class Create < ActivityPub::Activity; end
+  end
+end

app/models/activity_pub/activity/delete.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  class Activity
+    class Delete < ActivityPub::Activity
+      # Los Delete se refieren a objetos.  Al eliminar un objeto,
+      # cancelamos todas las actividades que tienen relacionadas.
+      #
+      # XXX: La actividad tiene una firma, pero la implementación no
+      # está recomendada
+      #
+      # @todo Validar que le Actor corresponda con los objetos. Esto ya
+      # lo haría la Social Inbox por nosotres.
+      # @see {https://docs.joinmastodon.org/spec/security/#ld}
+      def update_activity_pub_state!
+        ActiveRecord::Base.connection_pool.with_connection do
+          ActivityPub.transaction do
+            object = ActivityPub::Object.find_by(uri: ActivityPub.uri_from_object(content['object']))
+
+            if object.present?
+              object.activity_pubs.find_each do |activity_pub|
+                activity_pub.remove! if activity_pub.may_remove?
+              end
+
+              # Encontrar todas las acciones de moderación de le actore
+              # eliminade y moverlas a eliminar.
+              if (actor = ActivityPub::Actor.find_by(uri: object.uri)).present?
+                ActorModeration.where(actor_id: actor.id).remove_all!
+              end
+            end
+
+            activity_pub.remove! if activity_pub.may_remove?
+          end
+        end
+      end
+    end
+  end
+end

app/models/activity_pub/activity/flag.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  class Activity
+    class Flag < ActivityPub::Activity; end
+  end
+end

app/models/activity_pub/activity/follow.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+# = Follow =
+#
+# Una actividad de seguimiento se refiere siempre a une actore (el
+# sitio) y proviene de otre actore.
+#
+# Por ahora las solicitudes de seguimiento se auto-aprueban.
+class ActivityPub
+  class Activity
+    class Follow < ActivityPub::Activity
+      # Auto-aprobar la solicitud de seguimiento
+      def update_activity_pub_state!
+        activity_pub.approve! if activity_pub.may_approve?
+      end
+    end
+  end
+end

app/models/activity_pub/activity/generic.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  class Activity
+    class Generic < ActivityPub::Activity; end
+  end
+end

app/models/activity_pub/activity/like.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  class Activity
+    # Like
+    class Like < ActivityPub::Activity; end
+  end
+end

app/models/activity_pub/activity/undo.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+# = Undo =
+#
+# Deshace una actividad, dependiendo de la actividad a la que se
+# refiere.
+class ActivityPub
+  class Activity
+    class Undo < ActivityPub::Activity
+      # Una actividad de deshacer tiene anidada como objeto la actividad
+      # a deshacer.  Para respetar la voluntad de le actore remote,
+      # tendríamos que eliminar cualquier actividad pendiente sobre el
+      # objeto.
+      #
+      # Sin embargo, estas acciones nunca deberían llegar a nuestra
+      # Inbox.
+      #
+      # @todo Validar que le Actor corresponda con los objetos. Esto ya
+      # lo haría la Social Inbox por nosotres.
+      # @see {https://github.com/hyphacoop/social.distributed.press/issues/43}
+      def update_activity_pub_state!
+        ActivityPub.transaction do
+          ActivityPub::Activity.find_by(uri: content['object'])&.activity_pub&.remove!
+          activity_pub.remove!
+        end
+      end
+    end
+  end
+end

app/models/activity_pub/activity/update.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  class Activity
+    class Update < ActivityPub::Activity
+      # Si estamos actualizando el objeto, tenemos que devolverlo a estado
+      # de moderación
+      def update_activity_pub_state!
+        activity_pub.pause! if activity_pub.approved?
+      end
+    end
+  end
+end

app/models/activity_pub/actor.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+# = Actor =
+#
+# Actor es la entidad que realiza acciones en ActivityPub
+#
+# @todo Obtener el perfil dinámicamente
+class ActivityPub
+  class Actor < ApplicationRecord
+    include ActivityPub::Concerns::JsonLdConcern
+
+    belongs_to :instance
+    has_many :actor_moderation
+    has_many :activity_pubs, as: :object
+    has_many :activities
+    has_many :remote_flags
+
+    # Les actores son únicxs a toda la base de datos
+    validates :uri, presence: true, url: true, uniqueness: true
+
+    before_save :mentionize!
+
+    # Obtiene el nombre de la Actor como mención, solo si obtuvimos el
+    # contenido de antemano.
+    #
+    # @return [String, nil]
+    def mentionize!
+      return if mention.present?
+      return if content['preferredUsername'].blank?
+      return if instance.blank?
+
+      self.mention ||= "@#{content['preferredUsername']}@#{instance.hostname}"
+    end
+
+    def object
+      @object ||= ActivityPub::Object.lock.find_or_create_by(uri: uri)
+    end
+
+    def content
+      object.content
+    end
+  end
+end

app/models/activity_pub/concerns/json_ld_concern.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  module Concerns
+    module JsonLdConcern
+      extend ActiveSupport::Concern
+
+      included do
+        # Cuando asignamos contenido, obtener la URI si no lo hicimos ya
+        before_save :uri_from_content!, unless: :uri?
+
+        # Obtiene un tipo de actividad a partir del tipo informado
+        #
+        # @param object [Hash]
+        # @return [Activity]
+        def self.type_from(object)
+          raise NameError unless object.is_a?(Hash)
+
+          "#{model_name.name}::#{object[:type].presence || 'Generic'}".constantize
+        rescue NameError
+          model_name.name.constantize::Generic
+        end
+
+        private
+
+        def uri_from_content!
+          self.uri = content[:id]
+        end
+      end
+    end
+  end
+end

app/models/activity_pub/fediblock.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+require 'httparty'
+
+# Listas de bloqueo y sus URLs de descarga
+class ActivityPub
+  class Fediblock < ApplicationRecord
+    class Client
+      include ::HTTParty
+
+      # @param url [String]
+      # @return [HTTParty::Response]
+      def get(url)
+        self.class.get(url, parser: csv_parser)
+      end
+
+      # Procesa el CSV
+      #
+      # @return [Proc]
+      def csv_parser
+        @csv_parser ||=
+          begin
+            require 'csv'
+
+            proc do |body, _|
+              CSV.parse(body, headers: true)
+            end
+          end
+      end
+    end
+
+    class FediblockDownloadError < ::StandardError; end
+
+    validates_presence_of :title, :url, :format
+    validates_inclusion_of :format, in: %w[mastodon fediblock none]
+
+    HOSTNAME_HEADERS = {
+      'mastodon' => '#domain',
+      'fediblock' => 'domain'
+    }.freeze
+
+    def client
+      @client ||= Client.new
+    end
+
+    # Todas las instancias de este fediblock
+    def instances
+      ActivityPub::Instance.where(hostname: hostnames)
+    end
+
+    # Descarga la lista y crea las instancias con el estado necesario
+    def process!
+      response = client.get(download_url)
+
+      raise FediblockDownloadError unless response.success?
+
+      Fediblock.transaction do
+        csv = response.parsed_response
+        process_csv! csv
+
+        update(hostnames: csv.map { |r| r[hostname_header] })
+      end
+    end
+
+    private
+
+    def hostname_header
+      HOSTNAME_HEADERS[format]
+    end
+
+    # Crea o encuentra instancias que ya existían y las bloquea
+    #
+    # @param csv [CSV::Table]
+    def process_csv!(csv)
+      csv.each do |row|
+        ActivityPub::Instance.find_or_create_by(hostname: row[hostname_header]).tap do |i|
+          i.block! if i.may_block?
+        end
+      end
+    end
+  end
+end

app/models/activity_pub/instance.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+# = Instance =
+#
+# Representa cada instancia del fediverso que interactúa con la Social
+# Inbox.
+class ActivityPub
+  class Instance < ApplicationRecord
+    include AASM
+
+    validates :aasm_state, presence: true, inclusion: { in: %w[paused allowed blocked] }
+    validates :hostname, uniqueness: true, hostname: { allow_numeric_hostname: true }
+
+    has_many :activity_pubs
+    has_many :actors
+    has_many :instance_moderations
+
+    # XXX: Mantenemos esto por si queremos bloquear una instancia a
+    # nivel general
+    aasm do
+      state :paused, initial: true
+      state :allowed
+      state :blocked
+
+      # Al pasar una instancia a bloqueo, quiere decir que todos los
+      # sitios adoptan esta lista
+      event :block do
+        transitions from: %i[paused allowed], to: :blocked
+      end
+    end
+
+    def list_name
+      "@*@#{hostname}"
+    end
+
+    def uri
+      @uri ||= "https://#{hostname}/"
+    end
+  end
+end

app/models/activity_pub/object.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+# Almacena objetos de ActivityPub, como Note, Article, etc.
+class ActivityPub
+  class Object < ApplicationRecord
+    include ActivityPub::Concerns::JsonLdConcern
+
+    before_validation :type_from_content!, unless: :type?
+
+    # Los objetos son únicos a toda la base de datos
+    validates :uri, presence: true, url: true, uniqueness: true
+    validate :uri_is_content_id?, if: :content?
+
+    has_many :activity_pubs, as: :object
+
+    # Encontrar le Actor por su relación con el objeto
+    #
+    # @return [ActivityPub::Actor,nil]
+    def actor
+      ActivityPub::Actor.find_by(uri: actor_uri)
+    end
+
+    # @return [String]
+    def actor_uri
+      content['attributedTo']
+    end
+
+    def actor_type?
+      false
+    end
+
+    def object_type?
+      true
+    end
+
+    # Poder explorar propiedades remotas
+    #
+    # @return [DistributedPress::V1::Social::ReferencedObject]
+    def referenced(site)
+      require 'distributed_press/v1/social/referenced_object'
+
+      @referenced ||= DistributedPress::V1::Social::ReferencedObject.new(object: content,
+                                                                         dereferencer: site.social_inbox.dereferencer)
+    end
+
+    private
+
+    def uri_is_content_id?
+      return if uri == content['id']
+
+      errors.add(:activity_pub_objects, 'El ID del objeto no coincide con su URI')
+    end
+
+    # Encuentra el tipo a partir del contenido, si existe.
+    #
+    # XXX: Si el objeto es una actividad, esto siempre va a ser
+    # Generic
+    def type_from_content!
+      self.type =
+        begin
+          "ActivityPub::Object::#{content['type'].presence || 'Generic'}".constantize
+        rescue NameError
+          ActivityPub::Object::Generic
+        end
+    end
+  end
+end

app/models/activity_pub/object/application.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+# = Application =
+#
+# Una aplicación o instancia
+class ActivityPub
+  class Object
+    class Application < ActivityPub::Object
+      include Concerns::ActorTypeConcern
+    end
+  end
+end

app/models/activity_pub/object/article.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Article =
+#
+# Representa artículos
+class ActivityPub
+  class Object
+    class Article < ActivityPub::Object; end
+  end
+end

app/models/activity_pub/object/audio.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Audio =
+#
+# Representa artículos
+class ActivityPub
+  class Object
+    class Audio < ActivityPub::Object; end
+  end
+end

app/models/activity_pub/object/concerns/actor_type_concern.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  class Object
+    module Concerns
+      module ActorTypeConcern
+        extend ActiveSupport::Concern
+
+        included do
+          # La URI de le Actor en este caso es la misma id
+          #
+          # @return [String]
+          def actor_uri
+            uri
+          end
+
+          # El objeto referencia a une Actor
+          #
+          # @see {https://www.w3.org/TR/activitystreams-vocabulary/#actor-types}
+          def actor_type?
+            true
+          end
+
+          # El objeto es un objeto
+          #
+          # @see {https://www.w3.org/TR/activitystreams-vocabulary/#object-types}
+          def object_type?
+            false
+          end
+        end
+      end
+    end
+  end
+end

app/models/activity_pub/object/document.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Document =
+#
+# Representa artículos
+class ActivityPub
+  class Object
+    class Document < ActivityPub::Object; end
+  end
+end

app/models/activity_pub/object/event.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Event =
+#
+# Representa artículos
+class ActivityPub
+  class Object
+    class Event < ActivityPub::Object; end
+  end
+end

app/models/activity_pub/object/generic.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+# = Generic =
+class ActivityPub
+  class Object
+    class Generic < ActivityPub::Object; end
+  end
+end

app/models/activity_pub/object/group.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Group =
+class ActivityPub
+  class Object
+    class Group < ActivityPub::Object
+      include Concerns::ActorTypeConcern
+    end
+  end
+end

app/models/activity_pub/object/image.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Image =
+#
+# Representa artículos
+class ActivityPub
+  class Object
+    class Image < ActivityPub::Object; end
+  end
+end

app/models/activity_pub/object/note.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Note =
+#
+# Representa notas, el tipo más común de objeto del Fediverso.
+class ActivityPub
+  class Object
+    class Note < ActivityPub::Object; end
+  end
+end

app/models/activity_pub/object/organization.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+# = Organization =
+#
+# Una organización
+class ActivityPub
+  class Object
+    class Organization < ActivityPub::Object
+      include Concerns::ActorTypeConcern
+    end
+  end
+end

app/models/activity_pub/object/page.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Page =
+#
+# Representa artículos
+class ActivityPub
+  class Object
+    class Page < ActivityPub::Object; end
+  end
+end

app/models/activity_pub/object/person.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+# = Person =
+#
+# Una persona, el perfil de une actore
+class ActivityPub
+  class Object
+    class Person < ActivityPub::Object
+      include Concerns::ActorTypeConcern
+    end
+  end
+end

app/models/activity_pub/object/place.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Place =
+#
+# Representa artículos
+class ActivityPub
+  class Object
+    class Place < ActivityPub::Object; end
+  end
+end

app/models/activity_pub/object/profile.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Profile =
+#
+# Representa artículos
+class ActivityPub
+  class Object
+    class Profile < ActivityPub::Object; end
+  end
+end

app/models/activity_pub/object/relationship.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Relationship =
+#
+# Representa artículos
+class ActivityPub
+  class Object
+    class Relationship < ActivityPub::Object; end
+  end
+end

app/models/activity_pub/object/service.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Service =
+class ActivityPub
+  class Object
+    class Service < ActivityPub::Object
+      include Concerns::ActorTypeConcern
+    end
+  end
+end

app/models/activity_pub/object/tombstone.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Tombstone =
+#
+# Representa artículos
+class ActivityPub
+  class Object
+    class Tombstone < ActivityPub::Object; end
+  end
+end

app/models/activity_pub/object/video.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# = Video =
+#
+# Representa artículos
+class ActivityPub
+  class Object
+    class Video < ActivityPub::Object; end
+  end
+end

app/models/activity_pub/remote_flag.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+class ActivityPub
+  class RemoteFlag < ApplicationRecord
+    IGNORED_EVENTS = [].freeze
+    IGNORED_STATES = [].freeze
+
+    include AASM
+
+    aasm do
+      state :waiting, initial: true
+      state :queued
+      state :sent
+
+      event :queue do
+        transitions from: :waiting, to: :queued
+      end
+
+      event :report do
+        transitions from: :queued, to: :sent
+      end
+
+      event :resend do
+        transitions from: :sent, to: :waiting
+      end
+    end
+
+    # Definir eventos en masa
+    include AasmEventsConcern
+
+    belongs_to :actor
+    belongs_to :site
+
+    has_one :actor_moderation
+    has_many :activity_pubs
+    # XXX: source_type es obligatorio para el `through`
+    has_many :objects, through: :activity_pubs, source_type: 'ActivityPub::Object::Note'
+
+    # Genera la actividad a enviar
+    def content
+      {
+        '@context' => 'https://www.w3.org/ns/activitystreams',
+        'id' => Rails.application.routes.url_helpers.v1_activity_pub_remote_flag_url(self,
+                                                                                     host: site.social_inbox_hostname),
+        'type' => 'Flag',
+        'actor' => main_site.social_inbox.actor_id,
+        'content' => message.to_s,
+        'object' => [actor.uri] + objects.pluck(:uri)
+      }
+    end
+
+    # Este es el sitio principal que actúa como origen del reporte.
+    # Tiene que tener la Social Inbox habilitada al mismo tiempo.
+    #
+    # @return [Site]
+    def main_site
+      @main_site ||= Site.find(ENV.fetch('PANEL_ACTOR_SITE_ID', 1))
+    end
+  end
+end

app/models/actor_moderation.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+# Mantiene la relación entre Site y Actor
+class ActorModeration < ApplicationRecord
+  IGNORED_EVENTS = %i[remove].freeze
+  IGNORED_STATES = %i[removed].freeze
+
+  include AASM
+
+  belongs_to :site
+  belongs_to :remote_flag, optional: true, class_name: 'ActivityPub::RemoteFlag'
+  belongs_to :actor, class_name: 'ActivityPub::Actor'
+
+  accepts_nested_attributes_for :remote_flag
+
+  aasm do
+    state :paused, initial: true
+    state :allowed
+    state :blocked
+    state :reported
+    state :removed
+
+    error_on_all_events do |e|
+      ExceptionNotifier.notify_exception(e, data: { site: site.name, actor: actor.uri, actor_moderation: id })
+    end
+
+    event :pause do
+      transitions from: %i[allowed blocked reported], to: :paused, after: :synchronize!
+    end
+
+    # Al permitir una cuenta no se permiten todos los comentarios
+    # pendientes de moderación que ya hizo.
+    event :allow do
+      transitions from: %i[paused blocked reported], to: :allowed, after: :synchronize!
+    end
+
+    # Al bloquear una cuenta no se bloquean todos los comentarios
+    # pendientes de moderación que hizo.
+    event :block do
+      transitions from: %i[paused allowed], to: :blocked, after: :synchronize!
+    end
+
+    # Al reportar, necesitamos asociar una RemoteFlag para poder
+    # enviarla.
+    event :report do
+      transitions from: %i[pause allowed blocked], to: :reported, after: :synchronize!
+
+      after do
+        ActivityPub::RemoteFlagJob.perform_later(remote_flag: remote_flag) if remote_flag.waiting?
+      end
+    end
+
+    # Si un perfil es eliminado remotamente, tenemos que dejar de
+    # mostrarlo y todas sus actividades.
+    event :remove do
+      transitions to: :removed
+
+      after do
+        site.activity_pubs.where(actor_id: actor_id).remove_all!
+      end
+    end
+  end
+
+  # Definir eventos en masa
+  include AasmEventsConcern
+
+  def synchronize!
+    ActivityPub::SyncListsJob.perform_later(site: site)
+  end
+end

app/models/application_record.rb

@@ -2,4 +2,11 @@
 
 class ApplicationRecord < ActiveRecord::Base
   self.abstract_class = true
+
+  # Obtener una lista filtrada de atributos al momento de serializar
+  #
+  # @return [String]
+  def to_yaml(options = {})
+    self.class.inspection_filter.filter(serializable_hash).to_yaml(options)
+  end
 end

app/models/concerns/aasm_events_concern.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module AasmEventsConcern
+  extend ActiveSupport::Concern
+
+  included do
+    # Todos los eventos de la máquina de estados
+    #
+    # @return [Array<Symbol>]
+    def self.events
+      aasm.events.map(&:name) - self::IGNORED_EVENTS
+    end
+
+    # Encuentra todos los eventos que se pueden ejecutar con el filtro
+    # actual.
+    #
+    # @return [Array<Symbol>]
+    def self.transitionable_events(current_state)
+      events.select do |event|
+        aasm.events.find { |x| x.name == event }.transitions_from_state? current_state
+      end
+    end
+
+    # Todos los estados de la máquina de estados
+    #
+    # @return [Array<Symbol>]
+    def self.states
+      aasm.states.map(&:name) - self::IGNORED_STATES
+    end
+
+    # Define un método que cambia el estado para todos los objetos del
+    # scope actual.
+    #
+    # @return [Bool] Si hubo al menos un error, devuelve false.
+    aasm.events.map(&:name).each do |event|
+      define_singleton_method(:"#{event}_all!") do
+        successes = []
+
+        find_each do |object|
+          successes << (object.public_send(:"may_#{event}?") && object.public_send(:"#{event}!"))
+        end
+
+        successes.all?
+      end
+
+      # Ejecuta la transición del evento en la base de datos sin
+      # ejecutar los callbacks, sin modificar los items del scope que no
+      # pueden transicionar.
+      #
+      # @return [Integer] Registros modificados
+      define_singleton_method(:"#{event}_all_without_callbacks!") do
+        aasm_event = aasm.events.find { |e| e.name == event }
+        to_state = aasm_event.transitions.map(&:to).first
+        from_states = aasm_event.transitions.map(&:from)
+
+        unscope(where: :aasm_state).where(aasm_state: from_states).update_all(aasm_state: to_state,
+                                                                              updated_at: Time.now)
+      end
+    end
+  end
+end

app/models/concerns/tienda.rb

@@ -5,7 +5,7 @@ module Tienda
   extend ActiveSupport::Concern
 
   included do
-    encrypts :tienda_api_key
+    has_encrypted :tienda_api_key
 
     def tienda?
       tienda_api_key.present? && tienda_url.present?
@@ -17,7 +17,7 @@ module Tienda
 
       return t if new_record?
 
-      t.blank? ? 'https://' + name + '.' + ENV.fetch('TIENDA', 'tienda.sutty.nl') : t
+      t.blank? ? "https://#{name}.#{ENV.fetch('TIENDA', 'tienda.sutty.nl')}" : t
     end
   end
 end

app/models/deploy.rb

@@ -10,10 +10,12 @@ require 'open3'
 # :attributes`.
 class Deploy < ApplicationRecord
   belongs_to :site
+  belongs_to :rol
+
   has_many :build_stats, dependent: :destroy
 
-  DEPENDENCIES = []
-  SOFT_DEPENDENCIES = []
+  DEPENDENCIES = [].freeze
+  SOFT_DEPENDENCIES = [].freeze
 
   def deploy(**)
     raise NotImplementedError
@@ -72,7 +74,7 @@ class Deploy < ApplicationRecord
                       'HOME' => home_dir,
                       'PATH' => paths.join(':'),
                       'JEKYLL_ENV' => Rails.env,
-                      'LANG' => ENV['LANG'],
+                      'LANG' => ENV.fetch('LANG', nil)
                     })
   end
 
@@ -137,7 +139,7 @@ class Deploy < ApplicationRecord
   # provisto con el archivo como parámetro
   #
   # @param :content [String]
-  def with_tempfile(content, &block)
+  def with_tempfile(content)
     Tempfile.create(SecureRandom.hex) do |file|
       file.write content.to_s
       file.rewind

app/models/deploy_distributed_press.rb

@@ -12,7 +12,7 @@ require 'distributed_press/v1/client/site'
 # Al ser publicado, envía los archivos en un tarball y actualiza la
 # información.
 class DeployDistributedPress < Deploy
-  store :values, accessors: %i[hostname remote_site_id remote_info], coder: JSON
+  store :values, accessors: %i[hostname remote_site_id remote_info distributed_press_publisher_id], coder: JSON
 
   before_create :create_remote_site!
   before_destroy :delete_remote_site!
@@ -87,7 +87,7 @@ class DeployDistributedPress < Deploy
   # @return [Array]
   def gateway_urls
     remote_info.dig(:distributed_press, :links)&.values&.map do |protocol|
-      [ protocol[:link], protocol[:gateway] ]
+      [protocol[:link]]
     end&.flatten&.compact&.select do |link|
       link.include? '://'
     end || []
@@ -95,12 +95,14 @@ class DeployDistributedPress < Deploy
 
   # El cliente de la API
   #
-  # TODO: cuando soportemos más, tiene que haber una relación entre
-  # DeployDistributedPress y DistributedPressPublisher.
-  #
   # @return [DistributedPressPublisher]
   def publisher
-    @publisher ||= DistributedPressPublisher.last
+    @publisher ||=
+      if distributed_press_publisher_id
+        DistributedPressPublisher.find(distributed_press_publisher_id)
+      else
+        DistributedPressPublisher.find_by_default(true)
+      end
   end
 
   # El cliente para actualizar el sitio

app/models/deploy_social_distributed_press.rb

@@ -5,7 +5,7 @@ require 'distributed_press/v1/social/client'
 # Publicar novedades al Fediverso
 class DeploySocialDistributedPress < Deploy
   # Solo luego de publicar remotamente
-  DEPENDENCIES = %i[deploy_distributed_press deploy_rsync deploy_full_rsync]
+  DEPENDENCIES = %i[deploy_distributed_press deploy_rsync deploy_full_rsync].freeze
 
   # Envía las notificaciones
   def deploy(output: false)
@@ -13,7 +13,10 @@ class DeploySocialDistributedPress < Deploy
       key = Shellwords.escape file.path
       dest = Shellwords.escape destination
 
-      run %(bundle exec jekyll notify --trace --key #{key} --destination "#{dest}"), output: output
+      run(%(bundle exec jekyll notify --trace --key #{key} --destination "#{dest}"), output: output).tap do |_|
+        create_hooks!
+        enable_fediblocks!
+      end
     end
   end
 
@@ -52,4 +55,50 @@ class DeploySocialDistributedPress < Deploy
   def flags_for_build(**args)
     "--key #{Shellwords.escape args[:private_key].path}"
   end
+
+  private
+
+  # Crea los hooks en la Social Inbox para que nos avise de actividades
+  # nuevas
+  #
+  # @return [nil]
+  def create_hooks!
+    hook_client = site.social_inbox.hook
+    webhook_class = DistributedPress::V1::Social::Schemas::Webhook
+
+    hook_client.class::EVENTS.each do |event|
+      event_url = :"v1_site_webhooks_#{event}_url"
+
+      webhook =
+        webhook_class.new.call({
+                                 method: 'POST',
+                                 url: Rails.application.routes.url_helpers.public_send(
+                                   event_url, site_id: site.name, host: site.social_inbox_hostname
+                                 ),
+                                 headers: {
+                                   'X-Social-Inbox': rol.token
+                                 }
+                               })
+
+      raise ArgumentError, webhook.errors.messages if webhook.failure?
+
+      response = hook_client.put(event: event, hook: webhook)
+
+      raise ArgumentError, response.body unless response.success?
+    rescue ArgumentError => e
+      ExceptionNotifier.notify_exception(e, data: { site_id: site.name, usuarie_id: rol.usuarie_id })
+    end
+  end
+
+  # Habilita todos los fediblocks disponibles.
+  #
+  # @todo Hacer que algunos sean opcionales
+  # @todo Mover a un Job
+  def enable_fediblocks!
+    ActivityPub::Fediblock.find_each do |fediblock|
+      site.fediblock_states.find_or_create_by(fediblock: fediblock).tap do |state|
+        state.enable! if state.may_enable?
+      end
+    end
+  end
 end