Improve documentation for :public
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending

This commit is contained in:
FloatingGhost 2022-12-03 22:23:45 +00:00
parent 55436d5823
commit 1135a91f97
5 changed files with 36 additions and 23 deletions

View file

@ -691,8 +691,8 @@
key: :public, key: :public,
type: :boolean, type: :boolean,
description: description:
"Makes the client API in authenticated mode-only except for user-profiles." <> "Switching this on will allow unauthenticated users access to all public resources on your instance" <>
" Useful for disabling the Local Timeline and The Whole Known Network. " <> " Switching it off is useful for disabling the Local Timeline and The Whole Known Network. " <>
" Note: when setting to `false`, please also check `:restrict_unauthenticated` setting." " Note: when setting to `false`, please also check `:restrict_unauthenticated` setting."
}, },
%{ %{
@ -2998,8 +2998,7 @@
key: :restrict_unauthenticated, key: :restrict_unauthenticated,
label: "Restrict Unauthenticated", label: "Restrict Unauthenticated",
type: :group, type: :group,
description: description: "Disallow unauthenticated viewing of timelines, user profiles and statuses.",
"Disallow viewing timelines, user profiles and statuses for unauthenticated users.",
children: [ children: [
%{ %{
key: :timelines, key: :timelines,
@ -3009,12 +3008,12 @@
%{ %{
key: :local, key: :local,
type: :boolean, type: :boolean,
description: "Disallow view public timeline." description: "Disallow viewing the public timeline."
}, },
%{ %{
key: :federated, key: :federated,
type: :boolean, type: :boolean,
description: "Disallow view federated timeline." description: "Disallow viewing the whole known network timeline."
} }
] ]
}, },
@ -3026,29 +3025,29 @@
%{ %{
key: :local, key: :local,
type: :boolean, type: :boolean,
description: "Disallow view local user profiles." description: "Disallow viewing local user profiles."
}, },
%{ %{
key: :remote, key: :remote,
type: :boolean, type: :boolean,
description: "Disallow view remote user profiles." description: "Disallow viewing remote user profiles."
} }
] ]
}, },
%{ %{
key: :activities, key: :activities,
type: :map, type: :map,
description: "Settings for statuses.", description: "Settings for posts.",
children: [ children: [
%{ %{
key: :local, key: :local,
type: :boolean, type: :boolean,
description: "Disallow view local statuses." description: "Disallow viewing local posts."
}, },
%{ %{
key: :remote, key: :remote,
type: :boolean, type: :boolean,
description: "Disallow view remote statuses." description: "Disallow viewing remote posts."
} }
] ]
} }

View file

@ -33,7 +33,8 @@ To add configuration to your config file, you can copy it from the base config.
* `federation_incoming_replies_max_depth`: Max. depth of reply-to activities fetching on incoming federation, to prevent out-of-memory situations while fetching very long threads. If set to `nil`, threads of any depth will be fetched. Lower this value if you experience out-of-memory crashes. * `federation_incoming_replies_max_depth`: Max. depth of reply-to activities fetching on incoming federation, to prevent out-of-memory situations while fetching very long threads. If set to `nil`, threads of any depth will be fetched. Lower this value if you experience out-of-memory crashes.
* `federation_reachability_timeout_days`: Timeout (in days) of each external federation target being unreachable prior to pausing federating to it. * `federation_reachability_timeout_days`: Timeout (in days) of each external federation target being unreachable prior to pausing federating to it.
* `allow_relay`: Permits remote instances to subscribe to all public posts of your instance. This may increase the visibility of your instance. * `allow_relay`: Permits remote instances to subscribe to all public posts of your instance. This may increase the visibility of your instance.
* `public`: Makes the client API in authenticated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. Note that there is a dependent setting restricting or allowing unauthenticated access to specific resources, see `restrict_unauthenticated` for more details. * `public`: Allows unauthenticated access to public resources on your instance. This is essentially used as the default value for `:restrict_unauthenticated`.
See `restrict_unauthenticated` for more details.
* `quarantined_instances`: *DEPRECATED* ActivityPub instances where activities will not be sent. They can still reach there via other means, we just won't send them. * `quarantined_instances`: *DEPRECATED* ActivityPub instances where activities will not be sent. They can still reach there via other means, we just won't send them.
* `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML). * `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML).
* `extended_nickname_format`: Set to `true` to use extended local nicknames format (allows underscores/dashes). This will break federation with * `extended_nickname_format`: Set to `true` to use extended local nicknames format (allows underscores/dashes). This will break federation with
@ -1094,7 +1095,7 @@ config :pleroma, :database_config_whitelist, [
### :restrict_unauthenticated ### :restrict_unauthenticated
Restrict access for unauthenticated users to timelines (public and federated), user profiles and statuses. Restrict access for unauthenticated users to timelines (public and federated), user profiles and posts.
* `timelines`: public and federated timelines * `timelines`: public and federated timelines
* `local`: public timeline * `local`: public timeline
@ -1102,13 +1103,24 @@ Restrict access for unauthenticated users to timelines (public and federated), u
* `profiles`: user profiles * `profiles`: user profiles
* `local` * `local`
* `remote` * `remote`
* `activities`: statuses * `activities`: posts
* `local` * `local`
* `remote` * `remote`
Note: when `:instance, :public` is set to `false`, all `:restrict_unauthenticated` items be effectively set to `true` by default. If you'd like to allow unauthenticated access to specific API endpoints on a private instance, please explicitly set `:restrict_unauthenticated` to non-default value in `config/prod.secret.exs`. #### When :instance, :public is `true`
Note: setting `restrict_unauthenticated/timelines/local` to `true` has no practical sense if `restrict_unauthenticated/timelines/federated` is set to `false` (since local public activities will still be delivered to unauthenticated users as part of federated timeline). When your instance is in "public" mode, all public resources (users, posts, timelines) are accessible to unauthenticated users.
Turning any of the `:restrict_unauthenticated` options to `true` will restrict access to the corresponding resources.
#### When :instance, :public is `false`
When `:instance, :public` is set to `false`, all of the `:restrict_unauthenticated` options will effectively be set to `true` by default,
meaning that only authenticated users will be able to access the corresponding resources.
If you'd like to allow unauthenticated access to specific resources, you can turn these settings to `false`.
**Note**: setting `restrict_unauthenticated/timelines/local` to `true` has no practical sense if `restrict_unauthenticated/timelines/federated` is set to `false` (since local public activities will still be delivered to unauthenticated users as part of federated timeline).
## Pleroma.Web.ApiSpec.CastAndValidate ## Pleroma.Web.ApiSpec.CastAndValidate

View file

@ -6,7 +6,6 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AcceptRejectValidator do
use Ecto.Schema use Ecto.Schema
alias Pleroma.Activity alias Pleroma.Activity
alias Pleroma.Object
alias Pleroma.User alias Pleroma.User
import Ecto.Changeset import Ecto.Changeset

View file

@ -15,6 +15,9 @@ def perform(_job) do
Logger.info("Pruning old deletes") Logger.info("Pruning old deletes")
ActivityPruner.prune_deletes() ActivityPruner.prune_deletes()
Logger.info("Pruning old follow requests")
ActivityPruner.prune_stale_follow_requests()
Logger.info("Pruning old undos") Logger.info("Pruning old undos")
ActivityPruner.prune_undos() ActivityPruner.prune_undos()