Improve documentation for :public
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
This commit is contained in:
parent
55436d5823
commit
1135a91f97
5 changed files with 36 additions and 23 deletions
|
@ -691,8 +691,8 @@
|
|||
key: :public,
|
||||
type: :boolean,
|
||||
description:
|
||||
"Makes the client API in authenticated mode-only except for user-profiles." <>
|
||||
" Useful for disabling the Local Timeline and The Whole Known Network. " <>
|
||||
"Switching this on will allow unauthenticated users access to all public resources on your instance" <>
|
||||
" Switching it off is useful for disabling the Local Timeline and The Whole Known Network. " <>
|
||||
" Note: when setting to `false`, please also check `:restrict_unauthenticated` setting."
|
||||
},
|
||||
%{
|
||||
|
@ -2998,8 +2998,7 @@
|
|||
key: :restrict_unauthenticated,
|
||||
label: "Restrict Unauthenticated",
|
||||
type: :group,
|
||||
description:
|
||||
"Disallow viewing timelines, user profiles and statuses for unauthenticated users.",
|
||||
description: "Disallow unauthenticated viewing of timelines, user profiles and statuses.",
|
||||
children: [
|
||||
%{
|
||||
key: :timelines,
|
||||
|
@ -3009,12 +3008,12 @@
|
|||
%{
|
||||
key: :local,
|
||||
type: :boolean,
|
||||
description: "Disallow view public timeline."
|
||||
description: "Disallow viewing the public timeline."
|
||||
},
|
||||
%{
|
||||
key: :federated,
|
||||
type: :boolean,
|
||||
description: "Disallow view federated timeline."
|
||||
description: "Disallow viewing the whole known network timeline."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -3026,29 +3025,29 @@
|
|||
%{
|
||||
key: :local,
|
||||
type: :boolean,
|
||||
description: "Disallow view local user profiles."
|
||||
description: "Disallow viewing local user profiles."
|
||||
},
|
||||
%{
|
||||
key: :remote,
|
||||
type: :boolean,
|
||||
description: "Disallow view remote user profiles."
|
||||
description: "Disallow viewing remote user profiles."
|
||||
}
|
||||
]
|
||||
},
|
||||
%{
|
||||
key: :activities,
|
||||
type: :map,
|
||||
description: "Settings for statuses.",
|
||||
description: "Settings for posts.",
|
||||
children: [
|
||||
%{
|
||||
key: :local,
|
||||
type: :boolean,
|
||||
description: "Disallow view local statuses."
|
||||
description: "Disallow viewing local posts."
|
||||
},
|
||||
%{
|
||||
key: :remote,
|
||||
type: :boolean,
|
||||
description: "Disallow view remote statuses."
|
||||
description: "Disallow viewing remote posts."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -33,7 +33,8 @@ To add configuration to your config file, you can copy it from the base config.
|
|||
* `federation_incoming_replies_max_depth`: Max. depth of reply-to activities fetching on incoming federation, to prevent out-of-memory situations while fetching very long threads. If set to `nil`, threads of any depth will be fetched. Lower this value if you experience out-of-memory crashes.
|
||||
* `federation_reachability_timeout_days`: Timeout (in days) of each external federation target being unreachable prior to pausing federating to it.
|
||||
* `allow_relay`: Permits remote instances to subscribe to all public posts of your instance. This may increase the visibility of your instance.
|
||||
* `public`: Makes the client API in authenticated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. Note that there is a dependent setting restricting or allowing unauthenticated access to specific resources, see `restrict_unauthenticated` for more details.
|
||||
* `public`: Allows unauthenticated access to public resources on your instance. This is essentially used as the default value for `:restrict_unauthenticated`.
|
||||
See `restrict_unauthenticated` for more details.
|
||||
* `quarantined_instances`: *DEPRECATED* ActivityPub instances where activities will not be sent. They can still reach there via other means, we just won't send them.
|
||||
* `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML).
|
||||
* `extended_nickname_format`: Set to `true` to use extended local nicknames format (allows underscores/dashes). This will break federation with
|
||||
|
@ -1094,7 +1095,7 @@ config :pleroma, :database_config_whitelist, [
|
|||
|
||||
### :restrict_unauthenticated
|
||||
|
||||
Restrict access for unauthenticated users to timelines (public and federated), user profiles and statuses.
|
||||
Restrict access for unauthenticated users to timelines (public and federated), user profiles and posts.
|
||||
|
||||
* `timelines`: public and federated timelines
|
||||
* `local`: public timeline
|
||||
|
@ -1102,13 +1103,24 @@ Restrict access for unauthenticated users to timelines (public and federated), u
|
|||
* `profiles`: user profiles
|
||||
* `local`
|
||||
* `remote`
|
||||
* `activities`: statuses
|
||||
* `activities`: posts
|
||||
* `local`
|
||||
* `remote`
|
||||
|
||||
Note: when `:instance, :public` is set to `false`, all `:restrict_unauthenticated` items be effectively set to `true` by default. If you'd like to allow unauthenticated access to specific API endpoints on a private instance, please explicitly set `:restrict_unauthenticated` to non-default value in `config/prod.secret.exs`.
|
||||
#### When :instance, :public is `true`
|
||||
|
||||
Note: setting `restrict_unauthenticated/timelines/local` to `true` has no practical sense if `restrict_unauthenticated/timelines/federated` is set to `false` (since local public activities will still be delivered to unauthenticated users as part of federated timeline).
|
||||
When your instance is in "public" mode, all public resources (users, posts, timelines) are accessible to unauthenticated users.
|
||||
|
||||
Turning any of the `:restrict_unauthenticated` options to `true` will restrict access to the corresponding resources.
|
||||
|
||||
#### When :instance, :public is `false`
|
||||
|
||||
When `:instance, :public` is set to `false`, all of the `:restrict_unauthenticated` options will effectively be set to `true` by default,
|
||||
meaning that only authenticated users will be able to access the corresponding resources.
|
||||
|
||||
If you'd like to allow unauthenticated access to specific resources, you can turn these settings to `false`.
|
||||
|
||||
**Note**: setting `restrict_unauthenticated/timelines/local` to `true` has no practical sense if `restrict_unauthenticated/timelines/federated` is set to `false` (since local public activities will still be delivered to unauthenticated users as part of federated timeline).
|
||||
|
||||
## Pleroma.Web.ApiSpec.CastAndValidate
|
||||
|
||||
|
|
|
@ -6,7 +6,6 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AcceptRejectValidator do
|
|||
use Ecto.Schema
|
||||
|
||||
alias Pleroma.Activity
|
||||
alias Pleroma.Object
|
||||
alias Pleroma.User
|
||||
|
||||
import Ecto.Changeset
|
||||
|
|
|
@ -13,14 +13,14 @@ def render("manifest.json", _params) do
|
|||
description: Config.get([:instance, :description]),
|
||||
icons: [
|
||||
%{
|
||||
src: "/static/logo.svg",
|
||||
type: "image/svg+xml"
|
||||
src: "/static/logo.svg",
|
||||
type: "image/svg+xml"
|
||||
},
|
||||
%{
|
||||
src: "/static/logo-512.png",
|
||||
sizes: "512x512",
|
||||
type: "image/png",
|
||||
purpose: "maskable"
|
||||
src: "/static/logo-512.png",
|
||||
sizes: "512x512",
|
||||
type: "image/png",
|
||||
purpose: "maskable"
|
||||
}
|
||||
],
|
||||
theme_color: Config.get([:manifest, :theme_color]),
|
||||
|
|
|
@ -15,6 +15,9 @@ def perform(_job) do
|
|||
Logger.info("Pruning old deletes")
|
||||
ActivityPruner.prune_deletes()
|
||||
|
||||
Logger.info("Pruning old follow requests")
|
||||
ActivityPruner.prune_stale_follow_requests()
|
||||
|
||||
Logger.info("Pruning old undos")
|
||||
ActivityPruner.prune_undos()
|
||||
|
||||
|
|
Loading…
Reference in a new issue