update patch to 0.19.1

Merge remote-tracking branch 'aur/main'
upgpkg: 0.19.1-1
2025-05-07 10:30:34 -04:00 · 2025-05-07 10:27:40 -04:00 · 2025-05-07 01:29:51 +00:00 · 2025-04-28 17:37:40 -04:00 · 2025-04-28 17:22:43 -04:00 · 2025-04-27 12:33:51 +12:00
4 changed files with 594 additions and 172 deletions
--- a/.SRCINFO
+++ b/.SRCINFO
@ -1,6 +1,6 @@
 pkgbase = gotosocial
 	pkgdesc = ActivityPub social network server written in Golang
-	pkgver = 0.17.3
+	pkgver = 0.19.1
 	pkgrel = 11
 	url = https://gotosocial.org
 	arch = x86_64
@ -13,11 +13,12 @@ pkgbase = gotosocial
 	depends = glibc
 	options = !lto
 	backup = etc/gotosocial/config.yaml
+	backup = etc/gotosocial/template/2fa.tmpl
 	backup = etc/gotosocial/template/404.tmpl
 	backup = etc/gotosocial/template/about.tmpl
 	backup = etc/gotosocial/template/authorize.tmpl
-	backup = etc/gotosocial/template/confirm_email.tmpl
-	backup = etc/gotosocial/template/confirmed_email.tmpl
+	backup = etc/gotosocial/template/confirm-email.tmpl
+	backup = etc/gotosocial/template/confirmed-email.tmpl
 	backup = etc/gotosocial/template/domain-blocklist.tmpl
 	backup = etc/gotosocial/template/email_confirm.tmpl
 	backup = etc/gotosocial/template/email_new_report.tmpl
@ -30,43 +31,48 @@ pkgbase = gotosocial
 	backup = etc/gotosocial/template/error.tmpl
 	backup = etc/gotosocial/template/finalize.tmpl
 	backup = etc/gotosocial/template/index.tmpl
-	backup = etc/gotosocial/template/index_apps.tmpl
 	backup = etc/gotosocial/template/index_register.tmpl
 	backup = etc/gotosocial/template/index_what_is_this.tmpl
+	backup = etc/gotosocial/template/login-info.tmpl
+	backup = etc/gotosocial/template/login_button.tmpl
+	backup = etc/gotosocial/template/maintenance.tmpl
 	backup = etc/gotosocial/template/oob.tmpl
 	backup = etc/gotosocial/template/page.tmpl
 	backup = etc/gotosocial/template/page_footer.tmpl
 	backup = etc/gotosocial/template/page_header.tmpl
 	backup = etc/gotosocial/template/page_ogmeta.tmpl
 	backup = etc/gotosocial/template/page_stylesheets.tmpl
+	backup = etc/gotosocial/template/profile-gallery.tmpl
 	backup = etc/gotosocial/template/profile.tmpl
+	backup = etc/gotosocial/template/profile_about_user.tmpl
 	backup = etc/gotosocial/template/profile_fields.tmpl
+	backup = etc/gotosocial/template/profile_header.tmpl
 	backup = etc/gotosocial/template/settings.tmpl
 	backup = etc/gotosocial/template/sign-in.tmpl
 	backup = etc/gotosocial/template/sign-up.tmpl
 	backup = etc/gotosocial/template/signed-up.tmpl
 	backup = etc/gotosocial/template/status.tmpl
-	backup = etc/gotosocial/template/status_attachments.tmpl
+	backup = etc/gotosocial/template/status_attachment.tmpl
 	backup = etc/gotosocial/template/status_attributes.tmpl
 	backup = etc/gotosocial/template/status_header.tmpl
 	backup = etc/gotosocial/template/status_info.tmpl
 	backup = etc/gotosocial/template/status_poll.tmpl
 	backup = etc/gotosocial/template/tag.tmpl
 	backup = etc/gotosocial/template/thread.tmpl
-	source = gotosocial::git+https://github.com/superseriousbusiness/gotosocial#tag=v0.17.3
+	source = gotosocial::git+https://github.com/superseriousbusiness/gotosocial#tag=v0.19.1
 	source = sysusers.conf
 	source = tmpfiles.conf
 	source = use-fhs-directories.patch
-	source = support-unix-sockets.patch
-	sha512sums = 029c59888f75f217446a06309db075556a4dfdeafd9b731fa7e0b7a437fca3f030e10029b0f774f04695b16bd7c0504e28e964e8ed280bea1bdce3ec007c67d7
-	sha512sums = 68890539a1285a819d5a2cd755aeabd59a9872926d9c32e5d54faaf2771414f006e568f2f813f3c6fcd9dbeda7b6e57c924d7490521880cb65632e02fabcbd63
+	source = modded.patch
+	sha512sums = cab294e99184ec25888101e04e5753ab9f042711662258e0155619e071750a364f102132682aa44e95fba7a9c10ca3cf00da18537406f8bdfa4ec95e2a74663d
+	sha512sums = 2ff5499a31e12733cb20a9261942ed135fbac327d5a836b8955f3e86c009a603cf965440d9dbe6db64b80d0f652ba56faddb0ef398393b72474d8cf6c438ab80
 	sha512sums = b89fad3073e140f17167515b38942e5b5e2bc2aee03c484e1bb7cf6444f86cb1e2a13a60b101e04d22633d348be073ca26cd309da4746e5062c12b4f3ce4b38a
 	sha512sums = 913a5209487aba06bf1d8ac7c02506a05d01a8e12f172666c84bf6870d6237640d4745617b0f07ea8c9dcf665f4e0d24a0aabef31611909f7e9384ed6e7b7e77
-	sha512sums = 0dabf00f568ea041284789023eccea97863ce6ddb195c94318cf0a932b7c35da9beab9c78eb1c1b9ffa196685fb44eb98e0ad94da96b351644c856d9ac86e24f
-	b2sums = 579a4e16f97aef42dc1952873f5a443476d34d8724c1c401ae6ae6acb1fb0e109ad5045da3597475e8c0816afdb276dc8820f40f6cb82e2426a61a2efceffa8b
-	b2sums = 0a5be7ac18af882c0c89d8e930eb76c2e60bc2c1d5a375ab04e987c7de9a7a3175319c4e5fbc818261141daf5f70d583aebcc2dc197fe3a88047fbfe488ccb94
+	sha512sums = 7a9837521e4765d3b6b509876ccf19a89de6dcafa69e82e436d1c26ca98e416ec012e5323c2d446ef92288821d0c64669076ebe647f72dba4d4d51fc63ffd847
+	b2sums = 773c579ec4f504141dbae393dcaf6cd2b9669f8338d4f01d546def27c05f5899b12b3f7287bcf229743a11335597d6cadd8bc803e076f3558848dcd808d80277
+	b2sums = ccf672731b88fc6700b0b81737790365e1eea0066bad1bbf6b13dac1e5b42af69063838efca47a6d9c16ee3f6308e2e23b92cf79d4226cd88f8551fb7361649b
 	b2sums = 4f65af952441c0f54bb32049a149675e207f8993678423d369c4095c57476464614ac720eccc64d7a93a81268ad7ca41cae75ca7211bd7b78f9035f6e5341f04
 	b2sums = 9edd4520fb99856feb82d01935588add7f805aa180f2ed0fe169cb26576bc2e1d2c1e6ab11604d977cec6a4ad8f1d5be1413e1a366de59b89c5b869136538f8c
-	b2sums = 4f73bfcac274e10e0378aebbd6792bb22eb9be028f9ab2f62605d4ee29cfaa400217afe94d71b5961c54b98dab79966116462c352653d4842a55dcd214ee4625
+	b2sums = 9958c7a20249ced130963fd5cfc9c8750ee4b98554a404f62d2d488298008a7e891bc136fab2373bdbb82534881e8407430f08ff519138fb649e93052e197c11

 pkgname = gotosocial
--- a/38
+++ b/38
@ -3,7 +3,7 @@
 # Contributor: Stefan Husmann <stefan-husmann@t-online.de>

 pkgname=gotosocial
-pkgver=0.17.3
+pkgver=0.19.1
 pkgrel=11
 pkgdesc='ActivityPub social network server written in Golang'
 arch=('x86_64')
@ -14,11 +14,12 @@ makedepends=('git' 'go' 'yarn' 'nodejs' 'go-swagger')
 options=('!lto')
 backup=(
  'etc/gotosocial/config.yaml'
+  'etc/gotosocial/template/2fa.tmpl'
  'etc/gotosocial/template/404.tmpl'
  'etc/gotosocial/template/about.tmpl'
  'etc/gotosocial/template/authorize.tmpl'
-  'etc/gotosocial/template/confirm_email.tmpl'
-  'etc/gotosocial/template/confirmed_email.tmpl'
+  'etc/gotosocial/template/confirm-email.tmpl'
+  'etc/gotosocial/template/confirmed-email.tmpl'
  'etc/gotosocial/template/domain-blocklist.tmpl'
  'etc/gotosocial/template/email_confirm.tmpl'
  'etc/gotosocial/template/email_new_report.tmpl'
@ -31,23 +32,28 @@ backup=(
  'etc/gotosocial/template/error.tmpl'
  'etc/gotosocial/template/finalize.tmpl'
  'etc/gotosocial/template/index.tmpl'
-  'etc/gotosocial/template/index_apps.tmpl'
  'etc/gotosocial/template/index_register.tmpl'
  'etc/gotosocial/template/index_what_is_this.tmpl'
+  'etc/gotosocial/template/login-info.tmpl'
+  'etc/gotosocial/template/login_button.tmpl'
+  'etc/gotosocial/template/maintenance.tmpl'
  'etc/gotosocial/template/oob.tmpl'
  'etc/gotosocial/template/page.tmpl'
  'etc/gotosocial/template/page_footer.tmpl'
  'etc/gotosocial/template/page_header.tmpl'
  'etc/gotosocial/template/page_ogmeta.tmpl'
  'etc/gotosocial/template/page_stylesheets.tmpl'
+  'etc/gotosocial/template/profile-gallery.tmpl'
  'etc/gotosocial/template/profile.tmpl'
+  'etc/gotosocial/template/profile_about_user.tmpl'
  'etc/gotosocial/template/profile_fields.tmpl'
+  'etc/gotosocial/template/profile_header.tmpl'
  'etc/gotosocial/template/settings.tmpl'
  'etc/gotosocial/template/sign-in.tmpl'
  'etc/gotosocial/template/sign-up.tmpl'
  'etc/gotosocial/template/signed-up.tmpl'
  'etc/gotosocial/template/status.tmpl'
-  'etc/gotosocial/template/status_attachments.tmpl'
+  'etc/gotosocial/template/status_attachment.tmpl'
  'etc/gotosocial/template/status_attributes.tmpl'
  'etc/gotosocial/template/status_header.tmpl'
  'etc/gotosocial/template/status_info.tmpl'
@ -60,24 +66,18 @@ source=(
  'sysusers.conf'
  'tmpfiles.conf'
  'use-fhs-directories.patch'
-  'support-unix-sockets.patch'
+  'modded.patch'
 )
-sha512sums=('029c59888f75f217446a06309db075556a4dfdeafd9b731fa7e0b7a437fca3f030e10029b0f774f04695b16bd7c0504e28e964e8ed280bea1bdce3ec007c67d7'
-            '68890539a1285a819d5a2cd755aeabd59a9872926d9c32e5d54faaf2771414f006e568f2f813f3c6fcd9dbeda7b6e57c924d7490521880cb65632e02fabcbd63'
+sha512sums=('cab294e99184ec25888101e04e5753ab9f042711662258e0155619e071750a364f102132682aa44e95fba7a9c10ca3cf00da18537406f8bdfa4ec95e2a74663d'
+            '2ff5499a31e12733cb20a9261942ed135fbac327d5a836b8955f3e86c009a603cf965440d9dbe6db64b80d0f652ba56faddb0ef398393b72474d8cf6c438ab80'
            'b89fad3073e140f17167515b38942e5b5e2bc2aee03c484e1bb7cf6444f86cb1e2a13a60b101e04d22633d348be073ca26cd309da4746e5062c12b4f3ce4b38a'
            '913a5209487aba06bf1d8ac7c02506a05d01a8e12f172666c84bf6870d6237640d4745617b0f07ea8c9dcf665f4e0d24a0aabef31611909f7e9384ed6e7b7e77'
-            '0dabf00f568ea041284789023eccea97863ce6ddb195c94318cf0a932b7c35da9beab9c78eb1c1b9ffa196685fb44eb98e0ad94da96b351644c856d9ac86e24f')
-b2sums=('579a4e16f97aef42dc1952873f5a443476d34d8724c1c401ae6ae6acb1fb0e109ad5045da3597475e8c0816afdb276dc8820f40f6cb82e2426a61a2efceffa8b'
-        '0a5be7ac18af882c0c89d8e930eb76c2e60bc2c1d5a375ab04e987c7de9a7a3175319c4e5fbc818261141daf5f70d583aebcc2dc197fe3a88047fbfe488ccb94'
+            '7a9837521e4765d3b6b509876ccf19a89de6dcafa69e82e436d1c26ca98e416ec012e5323c2d446ef92288821d0c64669076ebe647f72dba4d4d51fc63ffd847')
+b2sums=('773c579ec4f504141dbae393dcaf6cd2b9669f8338d4f01d546def27c05f5899b12b3f7287bcf229743a11335597d6cadd8bc803e076f3558848dcd808d80277'
+        'ccf672731b88fc6700b0b81737790365e1eea0066bad1bbf6b13dac1e5b42af69063838efca47a6d9c16ee3f6308e2e23b92cf79d4226cd88f8551fb7361649b'
        '4f65af952441c0f54bb32049a149675e207f8993678423d369c4095c57476464614ac720eccc64d7a93a81268ad7ca41cae75ca7211bd7b78f9035f6e5341f04'
        '9edd4520fb99856feb82d01935588add7f805aa180f2ed0fe169cb26576bc2e1d2c1e6ab11604d977cec6a4ad8f1d5be1413e1a366de59b89c5b869136538f8c'
-        '4f73bfcac274e10e0378aebbd6792bb22eb9be028f9ab2f62605d4ee29cfaa400217afe94d71b5961c54b98dab79966116462c352653d4842a55dcd214ee4625')
-
-pkgver() {
-  cd "$pkgname"
-
-  git describe --tags | sed 's/^v//'
-}
+        '9958c7a20249ced130963fd5cfc9c8750ee4b98554a404f62d2d488298008a7e891bc136fab2373bdbb82534881e8407430f08ff519138fb649e93052e197c11')

 prepare() {
  cd "$pkgname"
@ -85,7 +85,7 @@ prepare() {
  # create directory for build output
  mkdir build

-  patch -p1 -i "$srcdir/support-unix-sockets.patch"
+  patch -p1 -i "$srcdir/modded.patch"
  # download dependencies
  export GOPATH="${srcdir}"
  go mod download
--- a/support-unix-sockets.patch
+++ b/support-unix-sockets.patch
@ -1,28 +1,5 @@
-From 6d28643f94db3af7eaa934780c478452e2c707c6 Mon Sep 17 00:00:00 2001
-From: Balakrishnan Balasubramanian <git.user@balki.me>
-Date: Thu, 9 May 2024 00:04:42 -0400
-Subject: [PATCH] Support listening on unix sockets
-
-1. bind-address now accepts unix socket paths
-2. Add config option trusted-platform
---
- example/config.yaml                   |  13 +-
- go.mod                                |   1 +
- go.sum                                |   2 +
- internal/config/config.go             |   1 +
- internal/config/helpers.gen.go        |  25 +++
- internal/router/router.go             |  20 ++
- vendor/go.balki.me/anyhttp/LICENSE    | 201 +++++++++++++++++++
- vendor/go.balki.me/anyhttp/README.md  |  77 ++++++++
- vendor/go.balki.me/anyhttp/anyhttp.go | 269 ++++++++++++++++++++++++++
- vendor/modules.txt                    |   3 +
- 10 files changed, 609 insertions(+), 3 deletions(-)
- create mode 100644 vendor/go.balki.me/anyhttp/LICENSE
- create mode 100644 vendor/go.balki.me/anyhttp/README.md
- create mode 100644 vendor/go.balki.me/anyhttp/anyhttp.go
-
 diff --git a/example/config.yaml b/example/config.yaml
-index 644b51575..6ea35672a 100644
+index 17a57b857..bf645a364 100644
 --- a/example/config.yaml
 +++ b/example/config.yaml
@@ -105,13 +105,13 @@ account-domain: ""
@ -65,32 +42,32 @@ index 644b51575..6ea35672a 100644
 db-address: ""
 
 diff --git a/go.mod b/go.mod
-index 2b7ab98fd..5b09f7696 100644
+index 4169208ed..60b3a1281 100644
 --- a/go.mod
 +++ b/go.mod
-@@ -63,6 +63,7 @@ require (
- 	github.com/uptrace/bun/extra/bunotel v1.2.1
+@@ -74,6 +74,7 @@ require (
+ 	github.com/uptrace/bun/extra/bunotel v1.2.11
 	github.com/wagslane/go-password-validator v0.3.0
- 	github.com/yuin/goldmark v1.7.8
-+	go.balki.me/anyhttp v0.3.0
- 	go.opentelemetry.io/otel v1.29.0
- 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0
- 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.29.0
+ 	github.com/yuin/goldmark v1.7.11
+	go.balki.me/anyhttp v0.5.0
+ 	go.opentelemetry.io/otel v1.35.0
+ 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0
+ 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0
 diff --git a/go.sum b/go.sum
-index 72e252234..ff8cf88c0 100644
+index 597cee716..532e99852 100644
 --- a/go.sum
 +++ b/go.sum
-@@ -623,6 +623,8 @@ github.com/yuin/goldmark v1.7.8 h1:iERMLn0/QJeHFhxSt3p6PeN9mGnvIKSpG9YYorDMnic=
- github.com/yuin/goldmark v1.7.8/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
- gitlab.com/NyaaaWhatsUpDoc/sqlite v1.33.1-concurrency-workaround h1:pFMJnlc1PuH+jcVz4vz53vcpnoZG+NqFBr3qikDmEB4=
- gitlab.com/NyaaaWhatsUpDoc/sqlite v1.33.1-concurrency-workaround/go.mod h1:pXV2xHxhzXZsgT/RtTFAPY6JJDEvOTcTdwADQCCWD4k=
-+go.balki.me/anyhttp v0.3.0 h1:WtBQ0rnkg567sX/O4ij/+qBbdCIUt5VURSe718sITBY=
-+go.balki.me/anyhttp v0.3.0/go.mod h1:JhfekOIjgVODoVqUCficjpIgmB3wwlB7jhN0eN2EZ/s=
- go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
- go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
- go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+@@ -489,6 +489,8 @@ github.com/yuin/goldmark v1.7.11 h1:ZCxLyDMtz0nT2HFfsYG8WZ47Trip2+JyLysKcMYE5bo=
+ github.com/yuin/goldmark v1.7.11/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
+ gitlab.com/NyaaaWhatsUpDoc/sqlite v1.37.0-concurrency-workaround h1:QbfrBqNKgAFSSK89fYf547vxDQuz8p6iJUzzAMrusNk=
+ gitlab.com/NyaaaWhatsUpDoc/sqlite v1.37.0-concurrency-workaround/go.mod h1:5YiWv+YviqGMuGw4V+PNplcyaJ5v+vQd7TQOgkACoJM=
+go.balki.me/anyhttp v0.5.0 h1:uys0oRciBpZfwtxXAevScKy6amIQBXyDrcV0EtGF5zo=
+go.balki.me/anyhttp v0.5.0/go.mod h1:JhfekOIjgVODoVqUCficjpIgmB3wwlB7jhN0eN2EZ/s=
+ go.mongodb.org/mongo-driver v1.17.3 h1:TQyXhnsWfWtgAhMtOgtYHMTkZIfBTpMTsMnd9ZBeHxQ=
+ go.mongodb.org/mongo-driver v1.17.3/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
+ go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 diff --git a/internal/config/config.go b/internal/config/config.go
-index 9001b61d0..a59bffc7d 100644
+index b9804d404..331d41139 100644
 --- a/internal/config/config.go
 +++ b/internal/config/config.go
@@ -58,6 +58,7 @@ type Configuration struct {
@ -101,8 +78,28 @@ index 9001b61d0..a59bffc7d 100644
 	SoftwareVersion    string   `name:"software-version" usage:""`
 
 	DbType                     string        `name:"db-type" usage:"Database type: eg., postgres"`
+@@ -193,6 +194,8 @@ type Configuration struct {
+ 	AdminMediaListRemoteOnly bool   `name:"remote-only" usage:"list only remote attachments/emojis; if specified then local-only cannot also be true"`
+ 
+ 	RequestIDHeader string `name:"request-id-header" usage:"Header to extract the Request ID from. Eg.,'X-Request-Id'."`
+
+	KalaclistaAllowedUnauthorizedGet bool `name:"kalaclista-allowed-unauthorized-get" usage:"unlock AUTHOZIED_FETCH (aka Secure mode in Mastodon) mode."`
+ }
+ 
+ type HTTPClientConfiguration struct {
+diff --git a/internal/config/defaults.go b/internal/config/defaults.go
+index 57c64db44..c19864002 100644
+--- a/internal/config/defaults.go
+++ b/internal/config/defaults.go
+@@ -234,4 +234,6 @@
+ 	RequestIDHeader: "X-Request-Id",
+ 
+ 	LogClientIP: true,
+
+	KalaclistaAllowedUnauthorizedGet: false,
+ }
 diff --git a/internal/config/helpers.gen.go b/internal/config/helpers.gen.go
-index 2a7e5b6ad..c95c5f312 100644
+index f063cbf93..cdb5a663f 100644
 --- a/internal/config/helpers.gen.go
 +++ b/internal/config/helpers.gen.go
@@ -350,6 +350,31 @@ func GetTrustedProxies() []string { return global.GetTrustedProxies() }
@ -137,8 +134,122 @@ index 2a7e5b6ad..c95c5f312 100644
 // GetSoftwareVersion safely fetches the Configuration value for state's 'SoftwareVersion' field
 func (st *ConfigState) GetSoftwareVersion() (v string) {
 	st.mutex.RLock()
+@@ -4681,3 +4706,28 @@ func GetRequestIDHeader() string { return global.GetRequestIDHeader() }
+ 
+ // SetRequestIDHeader safely sets the value for global configuration 'RequestIDHeader' field
+ func SetRequestIDHeader(v string) { global.SetRequestIDHeader(v) }
+
+// GetKalaclistaAllowedUnauthorizedGet safely fetches the Configuration value for state's 'KalaclistaAllowedUnauthorizedGet' field
+func (st *ConfigState) GetKalaclistaAllowedUnauthorizedGet() (v bool) {
+	st.mutex.RLock()
+	v = st.config.KalaclistaAllowedUnauthorizedGet
+	st.mutex.RUnlock()
+	return
+}
+
+// SetKalaclistaAllowedUnauthorizedGet safely sets the Configuration value for state's 'KalaclistaAllowedUnauthorizedGet' field
+func (st *ConfigState) SetKalaclistaAllowedUnauthorizedGet(v bool) {
+	st.mutex.Lock()
+	defer st.mutex.Unlock()
+	st.config.KalaclistaAllowedUnauthorizedGet = v
+	st.reloadToViper()
+}
+
+// KalaclistaAllowedUnauthorizedGetFlag returns the flag name for the 'KalaclistaAllowedUnauthorizedGet' field
+func KalaclistaAllowedUnauthorizedGetFlag() string { return "kalaclista-allowed-unauthorized-get" }
+
+// GetKalaclistaAllowedUnauthorizedGet safely fetches the value for global configuration 'KalaclistaAllowedUnauthorizedGet' field
+func GetKalaclistaAllowedUnauthorizedGet() bool { return global.GetKalaclistaAllowedUnauthorizedGet() }
+
+// SetKalaclistaAllowedUnauthorizedGet safely sets the value for global configuration 'KalaclistaAllowedUnauthorizedGet' field
+func SetKalaclistaAllowedUnauthorizedGet(v bool) { global.SetKalaclistaAllowedUnauthorizedGet(v) }
+diff --git a/internal/processing/fedi/common.go b/internal/processing/fedi/common.go
+index 9059aef39..6e9a22b59 100644
+--- a/internal/processing/fedi/common.go
+++ b/internal/processing/fedi/common.go
+@@ -20,8 +20,10 @@
+ import (
+ 	"context"
+ 	"errors"
+	"net/http"
+ 	"net/url"
+ 
+	"code.superseriousbusiness.org/gotosocial/internal/config"
+ 	"code.superseriousbusiness.org/gotosocial/internal/db"
+ 	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
+ 	"code.superseriousbusiness.org/gotosocial/internal/gtsmodel"
+@@ -51,6 +53,12 @@ func (p *Processor) authenticate(ctx context.Context, requestedUser string) (*co
+ 	// get requesting account, dereferencing if necessary.
+ 	pubKeyAuth, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUser)
+ 	if errWithCode != nil {
+		if config.GetKalaclistaAllowedUnauthorizedGet() && errWithCode.Code() == http.StatusUnauthorized {
+			return &commonAuth{
+				receivingAcct: receiver,
+			}, nil
+		}
+
+ 		return nil, errWithCode
+ 	}
+ 
+diff --git a/internal/processing/fedi/emoji.go b/internal/processing/fedi/emoji.go
+index 8db8b48ea..d7e503f7d 100644
+--- a/internal/processing/fedi/emoji.go
+++ b/internal/processing/fedi/emoji.go
+@@ -20,14 +20,20 @@
+ import (
+ 	"context"
+ 	"fmt"
+	"net/http"
+ 
+ 	"code.superseriousbusiness.org/gotosocial/internal/ap"
+	"code.superseriousbusiness.org/gotosocial/internal/config"
+ 	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
+ )
+ 
+ // EmojiGet handles the GET for a federated emoji originating from this instance.
+ func (p *Processor) EmojiGet(ctx context.Context, requestedEmojiID string) (interface{}, gtserror.WithCode) {
+ 	if _, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, ""); errWithCode != nil {
+		if !(config.GetKalaclistaAllowedUnauthorizedGet() && errWithCode.Code() == http.StatusUnauthorized) {
+			return nil, errWithCode
+		}
+
+ 		return nil, errWithCode
+ 	}
+ 
+diff --git a/internal/processing/fedi/user.go b/internal/processing/fedi/user.go
+index 53dfd6022..7d976a523 100644
+--- a/internal/processing/fedi/user.go
+++ b/internal/processing/fedi/user.go
+@@ -21,9 +21,11 @@
+ 	"context"
+ 	"errors"
+ 	"fmt"
+	"net/http"
+ 	"net/url"
+ 
+ 	"code.superseriousbusiness.org/gotosocial/internal/ap"
+	"code.superseriousbusiness.org/gotosocial/internal/config"
+ 	"code.superseriousbusiness.org/gotosocial/internal/db"
+ 	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
+ 	"code.superseriousbusiness.org/gotosocial/internal/uris"
+@@ -67,6 +69,15 @@ func (p *Processor) UserGet(ctx context.Context, requestedUsername string, reque
+ 	// we can serve a more complete profile.
+ 	pubKeyAuth, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
+ 	if errWithCode != nil {
+		if config.GetKalaclistaAllowedUnauthorizedGet() && errWithCode.Code() == http.StatusUnauthorized {
+			person, err := p.converter.AccountToAS(ctx, receiver)
+			if err != nil {
+				err := gtserror.Newf("error converting account: %w", err)
+				return nil, gtserror.NewErrorInternalError(err)
+			}
+
+			return data(person)
+		}
+ 		return nil, errWithCode // likely 401
+ 	}
+ 
 diff --git a/internal/router/router.go b/internal/router/router.go
-index cf9033059..e952d383c 100644
+index 45419807d..7ef90e297 100644
 --- a/internal/router/router.go
 +++ b/internal/router/router.go
@@ -23,6 +23,7 @@
@ -148,16 +259,16 @@ index cf9033059..e952d383c 100644
 +	"strings"
 	"time"
 
- 	"codeberg.org/gruf/go-bytesize"
+ 	"code.superseriousbusiness.org/gotosocial/internal/config"
@@ -31,6 +32,7 @@
- 	"github.com/superseriousbusiness/gotosocial/internal/config"
- 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- 	"github.com/superseriousbusiness/gotosocial/internal/log"
+ 	"codeberg.org/gruf/go-bytesize"
+ 	"codeberg.org/gruf/go-debug"
+ 	"github.com/gin-gonic/gin"
 +	"go.balki.me/anyhttp"
 	"golang.org/x/crypto/acme/autocert"
 )
 
-@@ -74,6 +76,11 @@ func New(ctx context.Context) (*Router, error) {
+@@ -75,6 +77,11 @@ func New(ctx context.Context) (*Router, error) {
 	engine.MaxMultipartMemory = maxMultipartMemory
 	engine.HandleMethodNotAllowed = true
 
@ -169,7 +280,7 @@ index cf9033059..e952d383c 100644
 	// Set up client IP forwarding via
 	// trusted x-forwarded-* headers.
 	trustedProxies := config.GetTrustedProxies()
-@@ -134,6 +141,7 @@ func (r *Router) Start() error {
+@@ -135,6 +142,7 @@ func (r *Router) Start() error {
 		certFile  = config.GetTLSCertificateChain()
 		keyFile   = config.GetTLSCertificateKey()
 		leEnabled = config.GetLetsEncryptEnabled()
@ -177,14 +288,14 @@ index cf9033059..e952d383c 100644
 	)
 
 	switch {
-@@ -154,6 +162,18 @@ func (r *Router) Start() error {
+@@ -155,6 +163,18 @@ func (r *Router) Start() error {
 			return err
 		}
 
 +	// TLS handled by reverse proxy connecting using unix socket
-+	case strings.HasPrefix(bindAddr, "unix/"):
+	case strings.HasPrefix(bindAddr, "unix?"):
 +		listen, err = func() (func() error, error) {
-+			_, listener, err := anyhttp.GetListener(bindAddr)
+			listener, _, _, err := anyhttp.GetListener(bindAddr)
 +			if err != nil {
 +				return nil, err
 +			}
@ -405,10 +516,10 @@ index 000000000..ad2653ac1
 +   limitations under the License.
 diff --git a/vendor/go.balki.me/anyhttp/README.md b/vendor/go.balki.me/anyhttp/README.md
 new file mode 100644
-index 000000000..7e9b11922
+index 000000000..85bce6fc3
 --- /dev/null
 +++ b/vendor/go.balki.me/anyhttp/README.md
-@@ -0,0 +1,77 @@
+@@ -0,0 +1,80 @@
 +Create http server listening on unix sockets and systemd socket activated fds
 +
 +## Quick Usage
@ -428,56 +539,57 @@ index 000000000..7e9b11922
 +
 +Syntax
 +
-+    unix/<path to socket>
+    unix?path=<socket_path>&mode=<socket file mode>&remove_existing=<true|false>
 +
 +Examples
 +
-+    unix/relative/path.sock
-+    unix//var/run/app/absolutepath.sock
+    unix?path=relative/path.sock
+    unix?path=/var/run/app/absolutepath.sock
+    unix?path=/run/app.sock&mode=600&remove_existing=false
+
+| option          | description                                    | default  |
+|-----------------|------------------------------------------------|----------|
+| path            | path to unix socket                            | Required |
+| mode            | socket file mode                               | 666      |
+| remove_existing | Whether to remove existing socket file or fail | true     |
 +
 +### Systemd Socket activated fd:
 +
 +Syntax
 +
-+    sysd/fdidx/<fd index starting at 0>
-+    sysd/fdname/<fd name set using FileDescriptorName socket setting >
+    sysd?idx=<fd index>&name=<fd name>&check_pid=<true|false>&unset_env=<true|false>&idle_timeout=<duration>
+
+Only one of `idx` or `name` has to be set
 +
 +Examples:
 +
 +    # First (or only) socket fd passed to app
-+    sysd/fdidx/0
+    sysd?idx=0
 +
 +    # Socket with FileDescriptorName
-+    sysd/fdname/myapp
+    sysd?name=myapp
 +
-+    # Using default name
-+    sysd/fdname/myapp.socket
+    # Using default name and auto shutdown if no requests received in last 30 minutes
+    sysd?name=myapp.socket&idle_timeout=30m
 +
-+### TCP port
+| option       | description                                                                                | default          |
+|--------------|--------------------------------------------------------------------------------------------|------------------|
+| name         | Name configured via FileDescriptorName or socket file name                                 | Required         |
+| idx          | FD Index. Actual fd num will be 3 + idx                                                    | Required         |
+| idle_timeout | time to wait before shutdown. [syntax][0]                                                  | no auto shutdown |
+| check_pid    | Check process PID matches LISTEN_PID                                                       | true             |
+| unset_env    | Unsets the LISTEN\* environment variables, so they don't get passed to any child processes | true             |
 +
-+If the address is a number less than 65536, it is assumed as a port and passed
-+as `http.ListenAndServe(":<port>",...)` Anything else is directly passed to
-+`http.ListenAndServe` as well. Below examples should work
+### TCP
+
+If the address is not one of above, it is assumed to be tcp and passed to `http.ListenAndServe`.
+
+Examples:
 +
 +    :http
 +    :8888
 +    127.0.0.1:8080
 +
-+## Idle server auto shutdown
-+
-+When using systemd socket activation, idle servers can be shut down to save on
-+resources.  They will be restarted with socket activation when new request
-+arrives. Quick example for the case. (Error checking skipped for brevity)
-+
-+```go
-+addrType, httpServer, done, _ := anyhttp.Serve(addr, idle.WrapHandler(nil))
-+if addrType == anyhttp.SystemdFD {
-+    idle.Wait(30 * time.Minute)
-+    httpServer.Shutdown(context.TODO())
-+}
-+<-done
-+```
-+
 +## Documentation
 +
 +https://pkg.go.dev/go.balki.me/anyhttp
@ -486,35 +598,42 @@ index 000000000..7e9b11922
 +
 +  * https://gist.github.com/teknoraver/5ffacb8757330715bcbcc90e6d46ac74#file-unixhttpd-go
 +  * https://github.com/coreos/go-systemd/tree/main/activation
+
+[0]: https://pkg.go.dev/time#ParseDuration
 diff --git a/vendor/go.balki.me/anyhttp/anyhttp.go b/vendor/go.balki.me/anyhttp/anyhttp.go
 new file mode 100644
-index 000000000..5c0615442
+index 000000000..8d316a78f
 --- /dev/null
 +++ b/vendor/go.balki.me/anyhttp/anyhttp.go
-@@ -0,0 +1,269 @@
+@@ -0,0 +1,440 @@
 +// Package anyhttp has helpers to serve http from unix sockets and systemd socket activated fds
 +package anyhttp
 +
 +import (
+	"context"
 +	"errors"
 +	"fmt"
 +	"io/fs"
 +	"net"
 +	"net/http"
+	"net/url"
 +	"os"
 +	"strconv"
 +	"strings"
 +	"sync"
 +	"syscall"
+	"time"
+
+	"go.balki.me/anyhttp/idle"
 +)
 +
 +// AddressType of the address passed
 +type AddressType string
 +
 +var (
-+	// UnixSocket - address is a unix socket, e.g. unix//run/foo.sock
+	// UnixSocket - address is a unix socket, e.g. unix?path=/run/foo.sock
 +	UnixSocket AddressType = "UnixSocket"
-+	// SystemdFD - address is a systemd fd, e.g. sysd/fdname/myapp.socket
+	// SystemdFD - address is a systemd fd, e.g. sysd?name=myapp.socket
 +	SystemdFD AddressType = "SystemdFD"
 +	// TCP - address is a TCP address, e.g. :1234
 +	TCP AddressType = "TCP"
@ -591,6 +710,8 @@ index 000000000..5c0615442
 +	CheckPID bool
 +	// Unsets the LISTEN* environment variables, so they don't get passed to any child processes
 +	UnsetEnv bool
+	// Shutdown http server if no requests received for below timeout
+	IdleTimeout *time.Duration
 +}
 +
 +// DefaultSysdConfig has the default values for SysdConfig
@ -690,69 +811,86 @@ index 000000000..5c0615442
 +	return nil, errors.New("neither FDIndex nor FDName set")
 +}
 +
-+// GetListener gets a unix or systemd socket listener
-+func GetListener(addr string) (AddressType, net.Listener, error) {
-+	if strings.HasPrefix(addr, "unix/") {
-+		usc := NewUnixSocketConfig(strings.TrimPrefix(addr, "unix/"))
-+		l, err := usc.GetListener()
-+		return UnixSocket, l, err
-+	}
+// GetListener is low level function for use with non-http servers. e.g. tcp, smtp
+// Caller should handle idle timeout if needed
+func GetListener(addr string) (net.Listener, AddressType, any /* cfg */, error) {
 +
-+	if strings.HasPrefix(addr, "sysd/fdidx/") {
-+		idx, err := strconv.Atoi(strings.TrimPrefix(addr, "sysd/fdidx/"))
+	addrType, unixSocketConfig, sysdConfig, perr := parseAddress(addr)
+	if perr != nil {
+		return nil, Unknown, nil, perr
+	}
+	if unixSocketConfig != nil {
+		listener, err := unixSocketConfig.GetListener()
 +		if err != nil {
-+			return Unknown, nil, fmt.Errorf("invalid fdidx, addr:%q err: %w", addr, err)
+			return nil, Unknown, nil, err
 +		}
-+		sysdc := NewSysDConfigWithFDIdx(idx)
-+		l, err := sysdc.GetListener()
-+		return SystemdFD, l, err
-+	}
-+
-+	if strings.HasPrefix(addr, "sysd/fdname/") {
-+		sysdc := NewSysDConfigWithFDName(strings.TrimPrefix(addr, "sysd/fdname/"))
-+		l, err := sysdc.GetListener()
-+		return SystemdFD, l, err
-+	}
-+
-+	if port, err := strconv.Atoi(addr); err == nil {
-+		if port > 0 && port < 65536 {
-+			addr = fmt.Sprintf(":%v", port)
-+		} else {
-+			return Unknown, nil, fmt.Errorf("invalid port: %v", port)
+		return listener, addrType, unixSocketConfig, nil
+	} else if sysdConfig != nil {
+		listener, err := sysdConfig.GetListener()
+		if err != nil {
+			return nil, Unknown, nil, err
 +		}
+		return listener, addrType, sysdConfig, nil
 +	}
-+
 +	if addr == "" {
 +		addr = ":http"
 +	}
-+
-+	l, err := net.Listen("tcp", addr)
-+	return TCP, l, err
+	listener, err := net.Listen("tcp", addr)
+	return listener, TCP, nil, err
 +}
 +
-+// Serve creates and serve a http server.
-+func Serve(addr string, h http.Handler) (AddressType, *http.Server, <-chan error, error) {
-+	addrType, listener, err := GetListener(addr)
+type ServerCtx struct {
+	AddressType      AddressType
+	Listener         net.Listener
+	Server           *http.Server
+	Idler            idle.Idler
+	Done             <-chan error
+	UnixSocketConfig *UnixSocketConfig
+	SysdConfig       *SysdConfig
+}
+
+func (s *ServerCtx) Wait() error {
+	return <-s.Done
+}
+
+func (s *ServerCtx) Addr() net.Addr {
+	return s.Listener.Addr()
+}
+
+func (s *ServerCtx) Shutdown(ctx context.Context) error {
+	err := s.Server.Shutdown(ctx)
 +	if err != nil {
-+		return addrType, nil, nil, err
+		return err
 +	}
-+	srv := &http.Server{Handler: h}
-+	done := make(chan error)
-+	go func() {
-+		done <- srv.Serve(listener)
-+		close(done)
-+	}()
-+	return addrType, srv, done, nil
+	return <-s.Done
+}
+
+// ServeTLS creates and serves a HTTPS server.
+func ServeTLS(addr string, h http.Handler, certFile string, keyFile string) (*ServerCtx, error) {
+	return serve(addr, h, certFile, keyFile)
+}
+
+// Serve creates and serves a HTTP server.
+func Serve(addr string, h http.Handler) (*ServerCtx, error) {
+	return serve(addr, h, "", "")
 +}
 +
 +// ListenAndServe is the drop-in replacement for `http.ListenAndServe`.
 +// Supports unix and systemd sockets in addition
 +func ListenAndServe(addr string, h http.Handler) error {
-+	_, _, done, err := Serve(addr, h)
+	ctx, err := Serve(addr, h)
 +	if err != nil {
 +		return err
 +	}
-+	return <-done
+	return ctx.Wait()
+}
+
+func ListenAndServeTLS(addr string, certFile string, keyFile string, h http.Handler) error {
+	ctx, err := ServeTLS(addr, h, certFile, keyFile)
+	if err != nil {
+		return err
+	}
+	return ctx.Wait()
 +}
 +
 +// UnsetSystemdListenVars unsets the LISTEN* environment variables so they are not passed to any child processes
@ -761,20 +899,298 @@ index 000000000..5c0615442
 +	_ = os.Unsetenv("LISTEN_FDS")
 +	_ = os.Unsetenv("LISTEN_FDNAMES")
 +}
+
+func parseAddress(addr string) (addrType AddressType, usc *UnixSocketConfig, sysc *SysdConfig, err error) {
+	usc = nil
+	sysc = nil
+	err = nil
+	u, err := url.Parse(addr)
+	if err != nil {
+		return TCP, nil, nil, nil
+	}
+	if u.Path == "unix" {
+		duc := DefaultUnixSocketConfig
+		usc = &duc
+		addrType = UnixSocket
+		for key, val := range u.Query() {
+			if len(val) != 1 {
+				err = fmt.Errorf("unix socket address error. Multiple %v found: %v", key, val)
+				return
+			}
+			if key == "path" {
+				usc.SocketPath = val[0]
+			} else if key == "mode" {
+				if _, serr := fmt.Sscanf(val[0], "%o", &usc.SocketMode); serr != nil {
+					err = fmt.Errorf("unix socket address error. Bad mode: %v, err: %w", val, serr)
+					return
+				}
+			} else if key == "remove_existing" {
+				if removeExisting, berr := strconv.ParseBool(val[0]); berr == nil {
+					usc.RemoveExisting = removeExisting
+				} else {
+					err = fmt.Errorf("unix socket address error. Bad remove_existing: %v, err: %w", val, berr)
+					return
+				}
+			} else {
+				err = fmt.Errorf("unix socket address error. Bad option; key: %v, val: %v", key, val)
+				return
+			}
+		}
+		if usc.SocketPath == "" {
+			err = fmt.Errorf("unix socket address error. Missing path; addr: %v", addr)
+			return
+		}
+	} else if u.Path == "sysd" {
+		dsc := DefaultSysdConfig
+		sysc = &dsc
+		addrType = SystemdFD
+		for key, val := range u.Query() {
+			if len(val) != 1 {
+				err = fmt.Errorf("systemd socket fd address error. Multiple %v found: %v", key, val)
+				return
+			}
+			if key == "name" {
+				sysc.FDName = &val[0]
+			} else if key == "idx" {
+				if idx, ierr := strconv.Atoi(val[0]); ierr == nil {
+					sysc.FDIndex = &idx
+				} else {
+					err = fmt.Errorf("systemd socket fd address error. Bad idx: %v, err: %w", val, ierr)
+					return
+				}
+			} else if key == "check_pid" {
+				if checkPID, berr := strconv.ParseBool(val[0]); berr == nil {
+					sysc.CheckPID = checkPID
+				} else {
+					err = fmt.Errorf("systemd socket fd address error. Bad check_pid: %v, err: %w", val, berr)
+					return
+				}
+			} else if key == "unset_env" {
+				if unsetEnv, berr := strconv.ParseBool(val[0]); berr == nil {
+					sysc.UnsetEnv = unsetEnv
+				} else {
+					err = fmt.Errorf("systemd socket fd address error. Bad unset_env: %v, err: %w", val, berr)
+					return
+				}
+			} else if key == "idle_timeout" {
+				if timeout, terr := time.ParseDuration(val[0]); terr == nil {
+					sysc.IdleTimeout = &timeout
+				} else {
+					err = fmt.Errorf("systemd socket fd address error. Bad idle_timeout: %v, err: %w", val, terr)
+					return
+				}
+			} else {
+				err = fmt.Errorf("systemd socket fd address error. Bad option; key: %v, val: %v", key, val)
+				return
+			}
+		}
+		if (sysc.FDIndex == nil) == (sysc.FDName == nil) {
+			err = fmt.Errorf("systemd socket fd address error. Exactly only one of name and idx has to be set. name: %v, idx: %v", sysc.FDName, sysc.FDIndex)
+			return
+		}
+	} else {
+		// Just assume as TCP address
+		return TCP, nil, nil, nil
+	}
+	return
+}
+
+func serve(addr string, h http.Handler, certFile string, keyFile string) (*ServerCtx, error) {
+
+	serveFn := func() func(ctx *ServerCtx) error {
+		if certFile != "" {
+			return func(ctx *ServerCtx) error {
+				return ctx.Server.ServeTLS(ctx.Listener, certFile, keyFile)
+			}
+		}
+		return func(ctx *ServerCtx) error {
+			return ctx.Server.Serve(ctx.Listener)
+		}
+	}()
+	var ctx ServerCtx
+	var err error
+	var cfg any
+
+	ctx.Listener, ctx.AddressType, cfg, err = GetListener(addr)
+	if err != nil {
+		return nil, err
+	}
+	switch ctx.AddressType {
+	case UnixSocket:
+		ctx.UnixSocketConfig = cfg.(*UnixSocketConfig)
+	case SystemdFD:
+		ctx.SysdConfig = cfg.(*SysdConfig)
+	}
+	errChan := make(chan error)
+	ctx.Done = errChan
+	if ctx.AddressType == SystemdFD && ctx.SysdConfig.IdleTimeout != nil {
+		ctx.Idler = idle.CreateIdler(*ctx.SysdConfig.IdleTimeout)
+		ctx.Server = &http.Server{Handler: idle.WrapIdlerHandler(ctx.Idler, h)}
+		waitErrChan := make(chan error)
+		go func() {
+			waitErrChan <- serveFn(&ctx)
+		}()
+		go func() {
+			select {
+			case err := <-waitErrChan:
+				errChan <- err
+			case <-ctx.Idler.Chan():
+				errChan <- ctx.Server.Shutdown(context.TODO())
+			}
+		}()
+	} else {
+		ctx.Server = &http.Server{Handler: h}
+		go func() {
+			errChan <- serveFn(&ctx)
+		}()
+	}
+	return &ctx, nil
+}
+diff --git a/vendor/go.balki.me/anyhttp/idle/idle.go b/vendor/go.balki.me/anyhttp/idle/idle.go
+new file mode 100644
+index 000000000..ee3d81ff1
+--- /dev/null
+++ b/vendor/go.balki.me/anyhttp/idle/idle.go
+@@ -0,0 +1,127 @@
+// Package idle helps to gracefully shutdown idle (typically http) servers
+package idle
+
+import (
+	"fmt"
+	"net/http"
+	"sync/atomic"
+	"time"
+)
+
+var (
+	// For simple servers without backgroud jobs, global singleton for simpler API
+	// Enter/Exit worn't work for global idler as Enter may be called before Wait, use CreateIdler in those cases
+	gIdler atomic.Pointer[idler]
+)
+
+// Wait waits till the server is idle and returns. i.e. no Ticks in last <timeout> duration
+func Wait(timeout time.Duration) error {
+	i := CreateIdler(timeout).(*idler)
+	ok := gIdler.CompareAndSwap(nil, i)
+	if !ok {
+		return fmt.Errorf("idler already waiting")
+	}
+	i.Wait()
+	return nil
+}
+
+// Tick records the current time. This will make the server not idle until next Tick or timeout
+func Tick() {
+	i := gIdler.Load()
+	if i != nil {
+		i.Tick()
+	}
+}
+
+// WrapHandler calls Tick() before processing passing request to http.Handler
+func WrapHandler(h http.Handler) http.Handler {
+	if h == nil {
+		h = http.DefaultServeMux
+	}
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		Tick()
+		h.ServeHTTP(w, r)
+	})
+}
+
+// WrapIdlerHandler calls idler.Tick() before processing passing request to http.Handler
+func WrapIdlerHandler(i Idler, h http.Handler) http.Handler {
+	if h == nil {
+		h = http.DefaultServeMux
+	}
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		i.Tick()
+		h.ServeHTTP(w, r)
+	})
+}
+
+// Idler helps manage idle servers
+type Idler interface {
+	// Tick records the current time. This will make the server not idle until next Tick or timeout
+	Tick()
+
+	// Wait waits till the server is idle and returns. i.e. no Ticks in last <timeout> duration
+	Wait()
+
+	// For long running background jobs, use Enter to record start time. Wait will not return while there are active jobs running
+	Enter()
+
+	// Exit records end of a background job
+	Exit()
+
+	// Get the channel to wait yourself
+	Chan() <-chan struct{}
+}
+
+type idler struct {
+	lastTick atomic.Pointer[time.Time]
+	c        chan struct{}
+	active   atomic.Int64
+}
+
+func (i *idler) Enter() {
+	i.active.Add(1)
+}
+
+func (i *idler) Exit() {
+	i.Tick()
+	i.active.Add(-1)
+}
+
+// CreateIdler creates an Idler with given timeout
+func CreateIdler(timeout time.Duration) Idler {
+	i := &idler{}
+	i.c = make(chan struct{})
+	i.Tick()
+	go func() {
+		for {
+			if i.active.Load() != 0 {
+				time.Sleep(timeout)
+				continue
+			}
+			t := *i.lastTick.Load()
+			now := time.Now()
+			dur := t.Add(timeout).Sub(now)
+			if dur == dur.Abs() {
+				time.Sleep(dur)
+				continue
+			}
+			break
+		}
+		close(i.c)
+	}()
+	return i
+}
+
+func (i *idler) Tick() {
+	now := time.Now()
+	i.lastTick.Store(&now)
+}
+
+func (i *idler) Wait() {
+	<-i.c
+}
+
+func (i *idler) Chan() <-chan struct{} {
+	return i.c
+}
 diff --git a/vendor/modules.txt b/vendor/modules.txt
-index 10c1e595c..78fb14705 100644
+index 276f0f17c..ec3ecb43d 100644
 --- a/vendor/modules.txt
 +++ b/vendor/modules.txt
-@@ -963,6 +963,9 @@ github.com/yuin/goldmark/renderer
+@@ -968,6 +968,10 @@ github.com/yuin/goldmark/renderer
 github.com/yuin/goldmark/renderer/html
 github.com/yuin/goldmark/text
 github.com/yuin/goldmark/util
-+# go.balki.me/anyhttp v0.3.0
+# go.balki.me/anyhttp v0.5.0
 +## explicit; go 1.20
 +go.balki.me/anyhttp
- # go.mongodb.org/mongo-driver v1.14.0
+go.balki.me/anyhttp/idle
+ # go.mongodb.org/mongo-driver v1.17.3
 ## explicit; go 1.18
 go.mongodb.org/mongo-driver/bson
-- 
-2.47.1
-
--- a/sysusers.conf
+++ b/sysusers.conf
@ -1 +1 @@
-u gotosocial - "gotosocial daemon user" /var/lib/gotosocial
+u! gotosocial - "gotosocial daemon user" /var/lib/gotosocial
Author	SHA1	Message	Date
Balakrishnan Balasubramanian	ddb049b558	update patch to 0.19.1	2025-05-07 10:30:34 -04:00
Balakrishnan Balasubramanian	d093e3fcb2	Merge remote-tracking branch 'aur/main'	2025-05-07 10:27:40 -04:00
George Rawlinson	3266938652	upgpkg: 0.19.1-1	2025-05-07 01:29:51 +00:00
Balakrishnan Balasubramanian	fef593f4aa	update patch to latest version	2025-04-28 17:37:40 -04:00
Balakrishnan Balasubramanian	7db82fad46	Merge remote-tracking branch 'aur/main'	2025-04-28 17:22:43 -04:00
George Rawlinson	e889e49d02	upgpkg: 0.19.0-1	2025-04-27 12:33:51 +12:00
Balakrishnan Balasubramanian	3894d3b818	Merge remote-tracking branch 'aur/main'	2025-03-21 21:41:41 -04:00
Jelle van der Waa	7179c0b2d8	upgpkg: 0.18.3-1	2025-03-21 20:36:18 +01:00
Balakrishnan Balasubramanian	85847aba04	Rename to modded patch	2025-03-14 16:54:14 -04:00
Balakrishnan Balasubramanian	0382f924da	Merge remote-tracking branch 'aur/main'	2025-03-14 16:48:34 -04:00
George Rawlinson	d64c8f34b6	upgpkg: 0.18.2-1	2025-03-13 20:19:46 +13:00
George Rawlinson	c6556d33f4	fix: switch to fully-locked sysuser account https://archlinux.org/todo/change-sysusers-to-fully-locked-system-accounts/	2025-03-04 12:37:51 +13:00
Balakrishnan Balasubramanian	aac0f5d327	Update unix socket support for v0.18.1	2025-02-25 17:55:42 -05:00
Jelle van der Waa	e0bad33f24	upgpkg: 0.18.1-1	2025-02-24 14:15:01 +01:00
Jelle van der Waa	d48988c207	upgpkg: 0.18.0-1	2025-02-23 10:09:07 +01:00
Jelle van der Waa	247cc9f5ec	upgpkg: 0.17.4-1	2025-02-15 11:00:26 +01:00