diff --git a/config/config.exs b/config/config.exs index 28d93e086..8544dcc0d 100644 --- a/config/config.exs +++ b/config/config.exs @@ -93,10 +93,11 @@ config :pleroma, Pleroma.Web.Endpoint, dispatch: [ {:_, [ - {"/api/v1/streaming", Elixir.Pleroma.Web.MastodonAPI.WebsocketHandler, []}, - {"/socket/websocket", Phoenix.Endpoint.CowboyWebSocket, - {nil, {Pleroma.Web.Endpoint, Pleroma.Web.UserSocket, websocket_config}}}, - {:_, Plug.Adapters.Cowboy.Handler, {Pleroma.Web.Endpoint, []}} + {"/api/v1/streaming", Pleroma.Web.MastodonAPI.WebsocketHandler, []}, + {"/websocket", Phoenix.Endpoint.CowboyWebSocket, + {Phoenix.Transports.WebSocket, + {Pleroma.Web.Endpoint, Pleroma.Web.UserSocket, websocket_config}}}, + {:_, Phoenix.Endpoint.Cowboy2Handler, {Pleroma.Web.Endpoint, []}} ]} ] ], @@ -344,6 +345,16 @@ config :pleroma, Pleroma.Jobs, federator_outgoing: [max_jobs: 50], mailer: [max_jobs: 10] +config :auto_linker, + opts: [ + scheme: true, + extra: true, + class: false, + strip_prefix: false, + new_window: false, + rel: false + ] + config :pleroma, :ldap, enabled: System.get_env("LDAP_ENABLED") == "true", host: System.get_env("LDAP_HOST") || "localhost", diff --git a/docs/Admin-API.md b/docs/Admin-API.md index 016444d58..407647645 100644 --- a/docs/Admin-API.md +++ b/docs/Admin-API.md @@ -1,108 +1,207 @@ # Admin API + Authentication is required and the user must be an admin. -## `/api/pleroma/admin/user` -### Remove a user -* Method `DELETE` -* Params: - * `nickname` -* Response: User’s nickname -### Create a user -* Method: `POST` -* Params: - * `nickname` - * `email` - * `password` -* Response: User’s nickname +## `/api/pleroma/admin/users` -## `/api/pleroma/admin/users/tag` -### Tag a list of users -* Method: `PUT` -* Params: - * `nickname` - * `tags` -### Untag a list of users -* Method: `DELETE` -* Params: - * `nickname` - * `tags` +### List users + +- Method `GET` +- Params: + - `page`: **integer** page number + - `page_size`: **integer** number of users per page (default is `50`) +- Response: -## `/api/pleroma/admin/permission_group/:nickname` -### Get user user permission groups membership -* Method: `GET` -* Params: none -* Response: ```JSON { - "is_moderator": bool, - "is_admin": bool + "page_size": integer, + "count": integer, + "users": [ + { + "deactivated": bool, + "id": integer, + "nickname": string + }, + ... + ] +} +``` + +## `/api/pleroma/admin/users/search?query={query}&local={local}&page={page}&page_size={page_size}` + +### Search users by name or nickname + +- Method `GET` +- Params: + - `query`: **string** search term + - `local`: **bool** whether to return only local users + - `page`: **integer** page number + - `page_size`: **integer** number of users per page (default is `50`) +- Response: + +```JSON +{ + "page_size": integer, + "count": integer, + "users": [ + { + "deactivated": bool, + "id": integer, + "nickname": string + }, + ... + ] +} +``` + +## `/api/pleroma/admin/user` + +### Remove a user + +- Method `DELETE` +- Params: + - `nickname` +- Response: User’s nickname + +### Create a user + +- Method: `POST` +- Params: + - `nickname` + - `email` + - `password` +- Response: User’s nickname + +## `/api/pleroma/admin/users/:nickname/toggle_activation` + +### Toggle user activation + +- Method: `PATCH` +- Params: + - `nickname` +- Response: User’s object + +```JSON +{ + "deactivated": bool, + "id": integer, + "nickname": string +} +``` + +## `/api/pleroma/admin/users/tag` + +### Tag a list of users + +- Method: `PUT` +- Params: + - `nickname` + - `tags` + +### Untag a list of users + +- Method: `DELETE` +- Params: + - `nickname` + - `tags` + +## `/api/pleroma/admin/permission_group/:nickname` + +### Get user user permission groups membership + +- Method: `GET` +- Params: none +- Response: + +```JSON +{ + "is_moderator": bool, + "is_admin": bool } ``` ## `/api/pleroma/admin/permission_group/:nickname/:permission_group` + Note: Available `:permission_group` is currently moderator and admin. 404 is returned when the permission group doesn’t exist. ### Get user user permission groups membership -* Method: `GET` -* Params: none -* Response: + +- Method: `GET` +- Params: none +- Response: + ```JSON { - "is_moderator": bool, - "is_admin": bool + "is_moderator": bool, + "is_admin": bool } ``` + ### Add user in permission group -* Method: `POST` -* Params: none -* Response: - * On failure: ``{"error": "…"}`` - * On success: JSON of the ``user.info`` + +- Method: `POST` +- Params: none +- Response: + - On failure: `{"error": "…"}` + - On success: JSON of the `user.info` + ### Remove user from permission group -* Method: `DELETE` -* Params: none -* Response: - * On failure: ``{"error": "…"}`` - * On success: JSON of the ``user.info`` -* Note: An admin cannot revoke their own admin status. + +- Method: `DELETE` +- Params: none +- Response: + - On failure: `{"error": "…"}` + - On success: JSON of the `user.info` +- Note: An admin cannot revoke their own admin status. ## `/api/pleroma/admin/activation_status/:nickname` ### Active or deactivate a user -* Method: `PUT` -* Params: - * `nickname` - * `status` BOOLEAN field, false value means deactivation. + +- Method: `PUT` +- Params: + - `nickname` + - `status` BOOLEAN field, false value means deactivation. ## `/api/pleroma/admin/relay` + ### Follow a Relay -* Methods: `POST` -* Params: - * `relay_url` -* Response: - * On success: URL of the followed relay + +- Methods: `POST` +- Params: + - `relay_url` +- Response: + - On success: URL of the followed relay + ### Unfollow a Relay -* Methods: `DELETE` -* Params: - * `relay_url` -* Response: - * On success: URL of the unfollowed relay + +- Methods: `DELETE` +- Params: + - `relay_url` +- Response: + - On success: URL of the unfollowed relay ## `/api/pleroma/admin/invite_token` + ### Get a account registeration invite token -* Methods: `GET` -* Params: none -* Response: invite token (base64 string) + +- Methods: `GET` +- Params: none +- Response: invite token (base64 string) ## `/api/pleroma/admin/email_invite` + ### Sends registration invite via email -* Methods: `POST` -* Params: - * `email` - * `name`, optionnal + +- Methods: `POST` +- Params: + - `email` + - `name`, optionnal ## `/api/pleroma/admin/password_reset` + ### Get a password reset token for a given nickname -* Methods: `GET` -* Params: none -* Response: password reset token (base64 string) + +- Methods: `GET` +- Params: none +- Response: password reset token (base64 string) diff --git a/docs/Differences-in-MastodonAPI-Responses.md b/docs/Differences-in-MastodonAPI-Responses.md index f6a5b6461..3026e1173 100644 --- a/docs/Differences-in-MastodonAPI-Responses.md +++ b/docs/Differences-in-MastodonAPI-Responses.md @@ -9,3 +9,7 @@ Pleroma uses 128-bit ids as opposed to Mastodon's 64 bits. However just like Mas ## Attachment cap Some apps operate under the assumption that no more than 4 attachments can be returned or uploaded. Pleroma however does not enforce any limits on attachment count neither when returning the status object nor when posting. + +## Timelines + +Adding the parameter `with_muted=true` to the timeline queries will also return activities by muted (not by blocked!) users. diff --git a/docs/config.md b/docs/config.md index a497fb4ca..d7349d54f 100644 --- a/docs/config.md +++ b/docs/config.md @@ -107,7 +107,7 @@ config :pleroma, Pleroma.Mailer, An example to enable ONLY ExSyslogger (f/ex in ``prod.secret.exs``) with info and debug suppressed: ``` -config :logger, +config :logger, backends: [{ExSyslogger, :ex_syslogger}] config :logger, :ex_syslogger, @@ -301,6 +301,32 @@ For each pool, the options are: * `max_connections` - how much connections a pool can hold * `timeout` - retention duration for connections +## :auto_linker + +Configuration for the `auto_linker` library: + +* `class: "auto-linker"` - specify the class to be added to the generated link. false to clear +* `rel: "noopener noreferrer"` - override the rel attribute. false to clear +* `new_window: true` - set to false to remove `target='_blank'` attribute +* `scheme: false` - Set to true to link urls with schema `http://google.com` +* `truncate: false` - Set to a number to truncate urls longer then the number. Truncated urls will end in `..` +* `strip_prefix: true` - Strip the scheme prefix +* `extra: false` - link urls with rarely used schemes (magnet, ipfs, irc, etc.) + +Example: + +```exs +config :auto_linker, + opts: [ + scheme: true, + extra: true, + class: false, + strip_prefix: false, + new_window: false, + rel: false + ] +``` + ## :ldap * `enabled`: enables LDAP authentication diff --git a/installation/pleroma-apache.conf b/installation/pleroma-apache.conf index d5e75044f..2beb7c4cc 100644 --- a/installation/pleroma-apache.conf +++ b/installation/pleroma-apache.conf @@ -1,6 +1,7 @@ # default Apache site config for Pleroma # # needed modules: define headers proxy proxy_http proxy_wstunnel rewrite ssl +# optional modules: cache cache_disk # # Simple installation instructions: # 1. Install your TLS certificate, possibly using Let's Encrypt. @@ -8,6 +9,14 @@ # 3. This assumes a Debian style Apache config. Copy this file to # /etc/apache2/sites-available/ and then add a symlink to it in # /etc/apache2/sites-enabled/ by running 'a2ensite pleroma-apache.conf', then restart Apache. +# +# Optional: enable disk-based caching for the media proxy +# For details, see https://git.pleroma.social/pleroma/pleroma/wikis/How%20to%20activate%20mediaproxy +# +# 1. Create the directory listed below as the CacheRoot, and make sure +# the Apache user can write to it. +# 2. Configure Apache's htcacheclean to clean the directory periodically. +# 3. Run 'a2enmod cache cache_disk' and restart Apache. Define servername example.tld @@ -34,6 +43,15 @@ CustomLog ${APACHE_LOG_DIR}/access.log combined SSLCompression off SSLSessionTickets off + # uncomment the following to enable mediaproxy caching on disk + # + # CacheRoot /var/cache/apache2/mod_cache_disk + # CacheDirLevels 1 + # CacheDirLength 2 + # CacheEnable disk /proxy + # CacheLock on + # + RewriteEngine On RewriteCond %{HTTP:Connection} Upgrade [NC] RewriteCond %{HTTP:Upgrade} websocket [NC] diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index a3d55e4bf..8709f2cb7 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -11,7 +11,9 @@ proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cac server { server_name example.tld; + listen 80; + listen [::]:80; return 301 https://$server_name$request_uri; # Uncomment this if you need to use the 'webroot' method with certbot. Make sure @@ -29,7 +31,10 @@ server { ssl_session_cache shared:ssl_session_cache:10m; server { + server_name example.tld; + listen 443 ssl http2; + listen [::]:443 ssl http2; ssl_session_timeout 5m; ssl_trusted_certificate /etc/letsencrypt/live/example.tld/fullchain.pem; @@ -48,8 +53,6 @@ server { ssl_stapling on; ssl_stapling_verify on; - server_name example.tld; - gzip_vary on; gzip_proxied any; gzip_comp_level 6; diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index f31aafa0d..048c032ed 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -8,33 +8,51 @@ defmodule Pleroma.Formatter do alias Pleroma.User alias Pleroma.Web.MediaProxy - @tag_regex ~r/((?<=[^&])|\A)(\#)(\w+)/u @markdown_characters_regex ~r/(`|\*|_|{|}|[|]|\(|\)|#|\+|-|\.|!)/ + @link_regex ~r{((?:http(s)?:\/\/)?[\w.-]+(?:\.[\w\.-]+)+[\w\-\._~%:/?#[\]@!\$&'\(\)\*\+,;=.]+)|[0-9a-z+\-\.]+:[0-9a-z$-_.+!*'(),]+}ui - # Modified from https://www.w3.org/TR/html5/forms.html#valid-e-mail-address - @mentions_regex ~r/@[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]*@?[a-zA-Z0-9_-](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*/u + @auto_linker_config hashtag: true, + hashtag_handler: &Pleroma.Formatter.hashtag_handler/4, + mention: true, + mention_handler: &Pleroma.Formatter.mention_handler/4 - def parse_tags(text, data \\ %{}) do - Regex.scan(@tag_regex, text) - |> Enum.map(fn ["#" <> tag = full_tag | _] -> {full_tag, String.downcase(tag)} end) - |> (fn map -> - if data["sensitive"] in [true, "True", "true", "1"], - do: [{"#nsfw", "nsfw"}] ++ map, - else: map - end).() + def mention_handler("@" <> nickname, buffer, opts, acc) do + case User.get_cached_by_nickname(nickname) do + %User{id: id} = user -> + ap_id = get_ap_id(user) + nickname_text = get_nickname_text(nickname, opts) |> maybe_escape(opts) + + link = + "@#{ + nickname_text + }" + + {link, %{acc | mentions: MapSet.put(acc.mentions, {"@" <> nickname, user})}} + + _ -> + {buffer, acc} + end end - @doc "Parses mentions text and returns list {nickname, user}." - @spec parse_mentions(binary()) :: list({binary(), User.t()}) - def parse_mentions(text) do - Regex.scan(@mentions_regex, text) - |> List.flatten() - |> Enum.uniq() - |> Enum.map(fn nickname -> - with nickname <- String.trim_leading(nickname, "@"), - do: {"@" <> nickname, User.get_cached_by_nickname(nickname)} - end) - |> Enum.filter(fn {_match, user} -> user end) + def hashtag_handler("#" <> tag = tag_text, _buffer, _opts, acc) do + tag = String.downcase(tag) + url = "#{Pleroma.Web.base_url()}/tag/#{tag}" + link = "" + + {link, %{acc | tags: MapSet.put(acc.tags, {tag_text, tag})}} + end + + @doc """ + Parses a text and replace plain text links with HTML. Returns a tuple with a result text, mentions, and hashtags. + """ + @spec linkify(String.t(), keyword()) :: + {String.t(), [{String.t(), User.t()}], [{String.t(), String.t()}]} + def linkify(text, options \\ []) do + options = options ++ @auto_linker_config + acc = %{mentions: MapSet.new(), tags: MapSet.new()} + {text, %{mentions: mentions, tags: tags}} = AutoLinker.link_map(text, acc, options) + + {text, MapSet.to_list(mentions), MapSet.to_list(tags)} end def emojify(text) do @@ -48,9 +66,7 @@ defmodule Pleroma.Formatter do emoji = HTML.strip_tags(emoji) file = HTML.strip_tags(file) - String.replace( - text, - ":#{emoji}:", + html = if not strip do "#{emoji} Enum.join("") end - @doc """ - Escapes a special characters in mention names. - """ - @spec mentions_escape(String.t(), list({String.t(), any()})) :: String.t() - def mentions_escape(text, mentions) do - mentions - |> Enum.reduce(text, fn {name, _}, acc -> - escape_name = String.replace(name, @markdown_characters_regex, "\\\\\\1") - String.replace(acc, name, escape_name) - end) - end - - @doc "changes scheme:... urls to html links" - def add_links({subs, text}) do - links = - text - |> String.split([" ", "\t", "
"]) - |> Enum.filter(fn word -> String.starts_with?(word, @valid_schemes) end) - |> Enum.filter(fn word -> Regex.match?(@link_regex, word) end) - |> Enum.map(fn url -> {Ecto.UUID.generate(), url} end) - |> Enum.sort_by(fn {_, url} -> -String.length(url) end) - - uuid_text = - links - |> Enum.reduce(text, fn {uuid, url}, acc -> String.replace(acc, url, uuid) end) - - subs = - subs ++ - Enum.map(links, fn {uuid, url} -> - {uuid, "#{url}"} - end) - - {subs, uuid_text} - end - - @doc "Adds the links to mentioned users" - def add_user_links({subs, text}, mentions, options \\ []) do - mentions = - mentions - |> Enum.sort_by(fn {name, _} -> -String.length(name) end) - |> Enum.map(fn {name, user} -> {name, user, Ecto.UUID.generate()} end) - - uuid_text = - mentions - |> Enum.reduce(text, fn {match, _user, uuid}, text -> - String.replace(text, match, uuid) - end) - - subs = - subs ++ - Enum.map(mentions, fn {match, %User{id: id, ap_id: ap_id, info: info}, uuid} -> - ap_id = - if is_binary(info.source_data["url"]) do - info.source_data["url"] - else - ap_id - end - - nickname = - if options[:format] == :full do - User.full_nickname(match) - else - User.local_nickname(match) - end - - {uuid, - "" <> - "@#{nickname}"} - end) - - {subs, uuid_text} - end - - @doc "Adds the hashtag links" - def add_hashtag_links({subs, text}, tags) do - tags = - tags - |> Enum.sort_by(fn {name, _} -> -String.length(name) end) - |> Enum.map(fn {name, short} -> {name, short, Ecto.UUID.generate()} end) - - uuid_text = - tags - |> Enum.reduce(text, fn {match, _short, uuid}, text -> - String.replace(text, ~r/((?<=[^&])|(\A))#{match}/, uuid) - end) - - subs = - subs ++ - Enum.map(tags, fn {tag_text, tag, uuid} -> - url = - "" - - {uuid, url} - end) - - {subs, uuid_text} - end - - def finalize({subs, text}) do - Enum.reduce(subs, text, fn {uuid, replacement}, result_text -> - String.replace(result_text, uuid, replacement) - end) - end - def truncate(text, max_length \\ 200, omission \\ "...") do # Remove trailing whitespace text = Regex.replace(~r/([^ \t\r\n])([ \t]+$)/u, text, "\\g{1}") @@ -211,4 +119,16 @@ defmodule Pleroma.Formatter do String.slice(text, 0, length_with_omission) <> omission end end + + defp get_ap_id(%User{info: %{source_data: %{"url" => url}}}) when is_binary(url), do: url + defp get_ap_id(%User{ap_id: ap_id}), do: ap_id + + defp get_nickname_text(nickname, %{mentions_format: :full}), do: User.full_nickname(nickname) + defp get_nickname_text(nickname, _), do: User.local_nickname(nickname) + + defp maybe_escape(str, %{mentions_escape: true}) do + String.replace(str, @markdown_characters_regex, "\\\\\\1") + end + + defp maybe_escape(str, _), do: str end diff --git a/lib/pleroma/gopher/server.ex b/lib/pleroma/gopher/server.ex index 32cb817d2..ba9614029 100644 --- a/lib/pleroma/gopher/server.ex +++ b/lib/pleroma/gopher/server.ex @@ -37,6 +37,7 @@ end defmodule Pleroma.Gopher.Server.ProtocolHandler do alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.ActivityPub.Visibility alias Pleroma.Activity alias Pleroma.HTML alias Pleroma.User @@ -110,7 +111,7 @@ defmodule Pleroma.Gopher.Server.ProtocolHandler do def response("/notices/" <> id) do with %Activity{} = activity <- Repo.get(Activity, id), - true <- ActivityPub.is_public?(activity) do + true <- Visibility.is_public?(activity) do activities = ActivityPub.fetch_activities_for_context(activity.data["context"]) |> render_activities diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index c98b942ff..50e7e7ccd 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -22,6 +22,7 @@ defmodule Pleroma.User do alias Pleroma.Web.OAuth alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.RelMe require Logger @@ -547,11 +548,8 @@ defmodule Pleroma.User do end def get_followers_query(user, page) do - from( - u in get_followers_query(user, nil), - limit: 20, - offset: ^((page - 1) * 20) - ) + from(u in get_followers_query(user, nil)) + |> paginate(page, 20) end def get_followers_query(user), do: get_followers_query(user, nil) @@ -577,11 +575,8 @@ defmodule Pleroma.User do end def get_friends_query(user, page) do - from( - u in get_friends_query(user, nil), - limit: 20, - offset: ^((page - 1) * 20) - ) + from(u in get_friends_query(user, nil)) + |> paginate(page, 20) end def get_friends_query(user), do: get_friends_query(user, nil) @@ -613,71 +608,65 @@ defmodule Pleroma.User do ), where: fragment( - "? @> ?", + "coalesce((?)->'object'->>'id', (?)->>'object') = ?", a.data, - ^%{"object" => user.ap_id} + a.data, + ^user.ap_id ) ) end - def update_follow_request_count(%User{} = user) do - subquery = + def get_follow_requests(%User{} = user) do + users = user |> User.get_follow_requests_query() - |> select([a], %{count: count(a.id)}) - - User - |> where(id: ^user.id) - |> join(:inner, [u], s in subquery(subquery)) - |> update([u, s], - set: [ - info: - fragment( - "jsonb_set(?, '{follow_request_count}', ?::varchar::jsonb, true)", - u.info, - s.count - ) - ] - ) - |> Repo.update_all([], returning: true) - |> case do - {1, [user]} -> {:ok, user} - _ -> {:error, user} - end - end - - def get_follow_requests(%User{} = user) do - q = get_follow_requests_query(user) - reqs = Repo.all(q) - - users = - Enum.map(reqs, fn req -> req.actor end) - |> Enum.uniq() - |> Enum.map(fn ap_id -> get_by_ap_id(ap_id) end) - |> Enum.filter(fn u -> !is_nil(u) end) - |> Enum.filter(fn u -> !following?(u, user) end) + |> join(:inner, [a], u in User, a.actor == u.ap_id) + |> where([a, u], not fragment("? @> ?", u.following, ^[user.follower_address])) + |> group_by([a, u], u.id) + |> select([a, u], u) + |> Repo.all() {:ok, users} end def increase_note_count(%User{} = user) do - info_cng = User.Info.add_to_note_count(user.info, 1) - - cng = - change(user) - |> put_embed(:info, info_cng) - - update_and_set_cache(cng) + User + |> where(id: ^user.id) + |> update([u], + set: [ + info: + fragment( + "jsonb_set(?, '{note_count}', ((?->>'note_count')::int + 1)::varchar::jsonb, true)", + u.info, + u.info + ) + ] + ) + |> Repo.update_all([], returning: true) + |> case do + {1, [user]} -> set_cache(user) + _ -> {:error, user} + end end def decrease_note_count(%User{} = user) do - info_cng = User.Info.add_to_note_count(user.info, -1) - - cng = - change(user) - |> put_embed(:info, info_cng) - - update_and_set_cache(cng) + User + |> where(id: ^user.id) + |> update([u], + set: [ + info: + fragment( + "jsonb_set(?, '{note_count}', (greatest(0, (?->>'note_count')::int - 1))::varchar::jsonb, true)", + u.info, + u.info + ) + ] + ) + |> Repo.update_all([], returning: true) + |> case do + {1, [user]} -> set_cache(user) + _ -> {:error, user} + end end def update_note_count(%User{} = user) do @@ -701,24 +690,29 @@ defmodule Pleroma.User do def update_follower_count(%User{} = user) do follower_count_query = - from( - u in User, - where: ^user.follower_address in u.following, - where: u.id != ^user.id, - select: count(u.id) - ) + User + |> where([u], ^user.follower_address in u.following) + |> where([u], u.id != ^user.id) + |> select([u], %{count: count(u.id)}) - follower_count = Repo.one(follower_count_query) - - info_cng = - user.info - |> User.Info.set_follower_count(follower_count) - - cng = - change(user) - |> put_embed(:info, info_cng) - - update_and_set_cache(cng) + User + |> where(id: ^user.id) + |> join(:inner, [u], s in subquery(follower_count_query)) + |> update([u, s], + set: [ + info: + fragment( + "jsonb_set(?, '{follower_count}', ?::varchar::jsonb, true)", + u.info, + s.count + ) + ] + ) + |> Repo.update_all([], returning: true) + |> case do + {1, [user]} -> set_cache(user) + _ -> {:error, user} + end end def get_users_from_set_query(ap_ids, false) do @@ -755,6 +749,46 @@ defmodule Pleroma.User do Repo.all(query) end + @spec search_for_admin(binary(), %{ + admin: Pleroma.User.t(), + local: boolean(), + page: number(), + page_size: number() + }) :: {:ok, [Pleroma.User.t()], number()} + def search_for_admin(term, %{admin: admin, local: local, page: page, page_size: page_size}) do + term = String.trim_leading(term, "@") + + local_paginated_query = + User + |> maybe_local_user_query(local) + |> paginate(page, page_size) + + search_query = fts_search_subquery(term, local_paginated_query) + + count = + term + |> fts_search_subquery() + |> maybe_local_user_query(local) + |> Repo.aggregate(:count, :id) + + {:ok, do_search(search_query, admin), count} + end + + @spec all_for_admin(number(), number()) :: {:ok, [Pleroma.User.t()], number()} + def all_for_admin(page, page_size) do + query = from(u in User, order_by: u.id) + + paginated_query = + query + |> paginate(page, page_size) + + count = + query + |> Repo.aggregate(:count, :id) + + {:ok, Repo.all(paginated_query), count} + end + def search(query, resolve \\ false, for_user \\ nil) do # Strip the beginning @ off if there is a query query = String.trim_leading(query, "@") @@ -788,9 +822,9 @@ defmodule Pleroma.User do boost_search_results(results, for_user) end - defp fts_search_subquery(query) do + defp fts_search_subquery(term, query \\ User) do processed_query = - query + term |> String.replace(~r/\W+/, " ") |> String.trim() |> String.split() @@ -798,7 +832,7 @@ defmodule Pleroma.User do |> Enum.join(" | ") from( - u in User, + u in query, select_merge: %{ search_rank: fragment( @@ -828,19 +862,19 @@ defmodule Pleroma.User do ) end - defp trigram_search_subquery(query) do + defp trigram_search_subquery(term) do from( u in User, select_merge: %{ search_rank: fragment( "similarity(?, trim(? || ' ' || coalesce(?, '')))", - ^query, + ^term, u.nickname, u.name ) }, - where: fragment("trim(? || ' ' || coalesce(?, '')) % ?", u.nickname, u.name, ^query) + where: fragment("trim(? || ' ' || coalesce(?, '')) % ?", u.nickname, u.name, ^term) ) end @@ -954,6 +988,7 @@ defmodule Pleroma.User do update_and_set_cache(cng) end + def mutes?(nil, _), do: false def mutes?(user, %{ap_id: ap_id}), do: Enum.member?(user.info.mutes, ap_id) def blocks?(user, %{ap_id: ap_id}) do @@ -997,9 +1032,13 @@ defmodule Pleroma.User do update_and_set_cache(cng) end - def local_user_query do + def maybe_local_user_query(query, local) do + if local, do: local_user_query(query), else: query + end + + def local_user_query(query \\ User) do from( - u in User, + u in query, where: u.local == true, where: not is_nil(u.nickname) ) @@ -1187,9 +1226,6 @@ defmodule Pleroma.User do def parse_bio(bio, _user) when bio == "", do: bio def parse_bio(bio, user) do - mentions = Formatter.parse_mentions(bio) - tags = Formatter.parse_tags(bio) - emoji = (user.info.source_data["tag"] || []) |> Enum.filter(fn %{"type" => t} -> t == "Emoji" end) @@ -1197,8 +1233,15 @@ defmodule Pleroma.User do {String.trim(name, ":"), url} end) + # TODO: get profile URLs other than user.ap_id + profile_urls = [user.ap_id] + bio - |> CommonUtils.format_input(mentions, tags, "text/plain", user_links: [format: :full]) + |> CommonUtils.format_input("text/plain", + mentions_format: :full, + rel: &RelMe.maybe_put_rel_me(&1, profile_urls) + ) + |> elem(0) |> Formatter.emojify(emoji) end @@ -1293,4 +1336,11 @@ defmodule Pleroma.User do ) |> Repo.all() end + + defp paginate(query, page, page_size) do + from(u in query, + limit: ^page_size, + offset: ^((page - 1) * page_size) + ) + end end diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index 00a0f6df3..818b64645 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -12,7 +12,6 @@ defmodule Pleroma.User.Info do field(:source_data, :map, default: %{}) field(:note_count, :integer, default: 0) field(:follower_count, :integer, default: 0) - field(:follow_request_count, :integer, default: 0) field(:locked, :boolean, default: false) field(:confirmation_pending, :boolean, default: false) field(:confirmation_token, :string, default: nil) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 7e153f396..783491b67 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -18,6 +18,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do import Ecto.Query import Pleroma.Web.ActivityPub.Utils + import Pleroma.Web.ActivityPub.Visibility require Logger @@ -80,6 +81,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do defp check_remote_limit(_), do: true + def increase_note_count_if_public(actor, object) do + if is_public?(object), do: User.increase_note_count(actor), else: {:ok, actor} + end + + def decrease_note_count_if_public(actor, object) do + if is_public?(object), do: User.decrease_note_count(actor), else: {:ok, actor} + end + def insert(map, local \\ true) when is_map(map) do with nil <- Activity.normalize(map), map <- lazy_put_activity_defaults(map), @@ -162,7 +171,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do ), {:ok, activity} <- insert(create_data, local), # Changing note count prior to enqueuing federation task in order to avoid race conditions on updating user.info - {:ok, _actor} <- User.increase_note_count(actor), + {:ok, _actor} <- increase_note_count_if_public(actor, activity), :ok <- maybe_federate(activity) do {:ok, activity} end @@ -174,8 +183,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do with data <- %{"to" => to, "type" => "Accept", "actor" => actor.ap_id, "object" => object}, {:ok, activity} <- insert(data, local), - :ok <- maybe_federate(activity), - _ <- User.update_follow_request_count(actor) do + :ok <- maybe_federate(activity) do {:ok, activity} end end @@ -186,8 +194,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do with data <- %{"to" => to, "type" => "Reject", "actor" => actor.ap_id, "object" => object}, {:ok, activity} <- insert(data, local), - :ok <- maybe_federate(activity), - _ <- User.update_follow_request_count(actor) do + :ok <- maybe_federate(activity) do {:ok, activity} end end @@ -285,8 +292,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do def follow(follower, followed, activity_id \\ nil, local \\ true) do with data <- make_follow_data(follower, followed, activity_id), {:ok, activity} <- insert(data, local), - :ok <- maybe_federate(activity), - _ <- User.update_follow_request_count(followed) do + :ok <- maybe_federate(activity) do {:ok, activity} end end @@ -296,8 +302,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do {:ok, follow_activity} <- update_follow_state(follow_activity, "cancelled"), unfollow_data <- make_unfollow_data(follower, followed, follow_activity, activity_id), {:ok, activity} <- insert(unfollow_data, local), - :ok <- maybe_federate(activity), - _ <- User.update_follow_request_count(followed) do + :ok <- maybe_federate(activity) do {:ok, activity} end end @@ -315,7 +320,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do with {:ok, _} <- Object.delete(object), {:ok, activity} <- insert(data, local), # Changing note count prior to enqueuing federation task in order to avoid race conditions on updating user.info - {:ok, _actor} <- User.decrease_note_count(user), + {:ok, _actor} <- decrease_note_count_if_public(user, object), :ok <- maybe_federate(activity) do {:ok, activity} end @@ -419,6 +424,30 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do @valid_visibilities ~w[direct unlisted public private] + defp restrict_visibility(query, %{visibility: visibility}) + when is_list(visibility) do + if Enum.all?(visibility, &(&1 in @valid_visibilities)) do + query = + from( + a in query, + where: + fragment( + "activity_visibility(?, ?, ?) = ANY (?)", + a.actor, + a.recipients, + a.data, + ^visibility + ) + ) + + Ecto.Adapters.SQL.to_sql(:all, Repo, query) + + query + else + Logger.error("Could not restrict visibility to #{visibility}") + end + end + defp restrict_visibility(query, %{visibility: visibility}) when visibility in @valid_visibilities do query = @@ -601,6 +630,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do defp restrict_reblogs(query, _), do: query + defp restrict_muted(query, %{"with_muted" => val}) when val in [true, "true", "1"], do: query + defp restrict_muted(query, %{"muting_user" => %User{info: info}}) do mutes = info.mutes @@ -825,7 +856,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do date = NaiveDateTime.utc_now() - |> Timex.format!("{WDshort}, {D} {Mshort} {YYYY} {h24}:{m}:{s} GMT") + |> Timex.format!("{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT") signature = Pleroma.Web.HTTPSignatures.sign(actor, %{ @@ -912,57 +943,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end end - def is_public?(%Object{data: %{"type" => "Tombstone"}}), do: false - def is_public?(%Object{data: data}), do: is_public?(data) - def is_public?(%Activity{data: data}), do: is_public?(data) - def is_public?(%{"directMessage" => true}), do: false - - def is_public?(data) do - "https://www.w3.org/ns/activitystreams#Public" in (data["to"] ++ (data["cc"] || [])) - end - - def is_private?(activity) do - unless is_public?(activity) do - follower_address = User.get_cached_by_ap_id(activity.data["actor"]).follower_address - Enum.any?(activity.data["to"], &(&1 == follower_address)) - else - false - end - end - - def is_direct?(%Activity{data: %{"directMessage" => true}}), do: true - def is_direct?(%Object{data: %{"directMessage" => true}}), do: true - - def is_direct?(activity) do - !is_public?(activity) && !is_private?(activity) - end - - def visible_for_user?(activity, nil) do - is_public?(activity) - end - - def visible_for_user?(activity, user) do - x = [user.ap_id | user.following] - y = activity.data["to"] ++ (activity.data["cc"] || []) - visible_for_user?(activity, nil) || Enum.any?(x, &(&1 in y)) - end - - # guard - def entire_thread_visible_for_user?(nil, _user), do: false - - # child - def entire_thread_visible_for_user?( - %Activity{data: %{"object" => %{"inReplyTo" => parent_id}}} = tail, - user - ) - when is_binary(parent_id) do - parent = Activity.get_in_reply_to_activity(tail) - visible_for_user?(tail, user) && entire_thread_visible_for_user?(parent, user) - end - - # root - def entire_thread_visible_for_user?(tail, user), do: visible_for_user?(tail, user) - # filter out broken threads def contain_broken_threads(%Activity{} = activity, %User{} = user) do entire_thread_visible_for_user?(activity, user) diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index 2bea51311..ff924a536 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -11,6 +11,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do alias Pleroma.Web.ActivityPub.ObjectView alias Pleroma.Web.ActivityPub.UserView alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.ActivityPub.Visibility alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.ActivityPub.Transmogrifier alias Pleroma.Web.ActivityPub.Utils @@ -49,7 +50,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do def object(conn, %{"uuid" => uuid}) do with ap_id <- o_status_url(conn, :object, uuid), %Object{} = object <- Object.get_cached_by_ap_id(ap_id), - {_, true} <- {:public?, ActivityPub.is_public?(object)} do + {_, true} <- {:public?, Visibility.is_public?(object)} do conn |> put_resp_header("content-type", "application/activity+json") |> json(ObjectView.render("object.json", %{object: object})) @@ -62,7 +63,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do def object_likes(conn, %{"uuid" => uuid, "page" => page}) do with ap_id <- o_status_url(conn, :object, uuid), %Object{} = object <- Object.get_cached_by_ap_id(ap_id), - {_, true} <- {:public?, ActivityPub.is_public?(object)}, + {_, true} <- {:public?, Visibility.is_public?(object)}, likes <- Utils.get_object_likes(object) do {page, _} = Integer.parse(page) @@ -78,7 +79,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do def object_likes(conn, %{"uuid" => uuid}) do with ap_id <- o_status_url(conn, :object, uuid), %Object{} = object <- Object.get_cached_by_ap_id(ap_id), - {_, true} <- {:public?, ActivityPub.is_public?(object)}, + {_, true} <- {:public?, Visibility.is_public?(object)}, likes <- Utils.get_object_likes(object) do conn |> put_resp_header("content-type", "application/activity+json") @@ -92,7 +93,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do def activity(conn, %{"uuid" => uuid}) do with ap_id <- o_status_url(conn, :activity, uuid), %Activity{} = activity <- Activity.normalize(ap_id), - {_, true} <- {:public?, ActivityPub.is_public?(activity)} do + {_, true} <- {:public?, Visibility.is_public?(activity)} do conn |> put_resp_header("content-type", "application/activity+json") |> json(ObjectView.render("object.json", %{object: activity})) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 41d89a02b..88007aa16 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -12,6 +12,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do alias Pleroma.Repo alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Utils + alias Pleroma.Web.ActivityPub.Visibility import Ecto.Query @@ -489,7 +490,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do with actor <- get_actor(data), %User{} = actor <- User.get_or_fetch_by_ap_id(actor), {:ok, object} <- get_obj_helper(object_id) || fetch_obj_helper(object_id), - public <- ActivityPub.is_public?(data), + public <- Visibility.is_public?(data), {:ok, activity, _object} <- ActivityPub.announce(actor, object, id, false, public) do {:ok, activity} else diff --git a/lib/pleroma/web/activity_pub/visibility.ex b/lib/pleroma/web/activity_pub/visibility.ex new file mode 100644 index 000000000..db52fe933 --- /dev/null +++ b/lib/pleroma/web/activity_pub/visibility.ex @@ -0,0 +1,56 @@ +defmodule Pleroma.Web.ActivityPub.Visibility do + alias Pleroma.Activity + alias Pleroma.Object + alias Pleroma.User + + def is_public?(%Object{data: %{"type" => "Tombstone"}}), do: false + def is_public?(%Object{data: data}), do: is_public?(data) + def is_public?(%Activity{data: data}), do: is_public?(data) + def is_public?(%{"directMessage" => true}), do: false + + def is_public?(data) do + "https://www.w3.org/ns/activitystreams#Public" in (data["to"] ++ (data["cc"] || [])) + end + + def is_private?(activity) do + unless is_public?(activity) do + follower_address = User.get_cached_by_ap_id(activity.data["actor"]).follower_address + Enum.any?(activity.data["to"], &(&1 == follower_address)) + else + false + end + end + + def is_direct?(%Activity{data: %{"directMessage" => true}}), do: true + def is_direct?(%Object{data: %{"directMessage" => true}}), do: true + + def is_direct?(activity) do + !is_public?(activity) && !is_private?(activity) + end + + def visible_for_user?(activity, nil) do + is_public?(activity) + end + + def visible_for_user?(activity, user) do + x = [user.ap_id | user.following] + y = [activity.actor] ++ activity.data["to"] ++ (activity.data["cc"] || []) + visible_for_user?(activity, nil) || Enum.any?(x, &(&1 in y)) + end + + # guard + def entire_thread_visible_for_user?(nil, _user), do: false + + # child + def entire_thread_visible_for_user?( + %Activity{data: %{"object" => %{"inReplyTo" => parent_id}}} = tail, + user + ) + when is_binary(parent_id) do + parent = Activity.get_in_reply_to_activity(tail) + visible_for_user?(tail, user) && entire_thread_visible_for_user?(parent, user) + end + + # root + def entire_thread_visible_for_user?(tail, user), do: visible_for_user?(tail, user) +end diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 9ec50bb90..aae02cab8 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -3,9 +3,12 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.AdminAPI.AdminAPIController do + @users_page_size 50 + use Pleroma.Web, :controller alias Pleroma.User alias Pleroma.Web.ActivityPub.Relay + alias Pleroma.Web.MastodonAPI.Admin.AccountView import Pleroma.Web.ControllerHelper, only: [json_response: 3] @@ -41,6 +44,15 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do |> json(user.nickname) end + def user_toggle_activation(conn, %{"nickname" => nickname}) do + user = User.get_by_nickname(nickname) + + {:ok, updated_user} = User.deactivate(user, !user.info.deactivated) + + conn + |> json(AccountView.render("show.json", %{user: updated_user})) + end + def tag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do with {:ok, _} <- User.tag(nicknames, tags), do: json_response(conn, :no_content, "") @@ -51,6 +63,42 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do do: json_response(conn, :no_content, "") end + def list_users(conn, params) do + {page, page_size} = page_params(params) + + with {:ok, users, count} <- User.all_for_admin(page, page_size), + do: + conn + |> json( + AccountView.render("index.json", + users: users, + count: count, + page_size: page_size + ) + ) + end + + def search_users(%{assigns: %{user: admin}} = conn, %{"query" => query} = params) do + {page, page_size} = page_params(params) + + with {:ok, users, count} <- + User.search_for_admin(query, %{ + admin: admin, + local: params["local"] == "true", + page: page, + page_size: page_size + }), + do: + conn + |> json( + AccountView.render("index.json", + users: users, + count: count, + page_size: page_size + ) + ) + end + def right_add(conn, %{"permission_group" => permission_group, "nickname" => nickname}) when permission_group in ["moderator", "admin"] do user = User.get_by_nickname(nickname) @@ -194,4 +242,26 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do |> put_status(500) |> json("Something went wrong") end + + defp page_params(params) do + {get_page(params["page"]), get_page_size(params["page_size"])} + end + + defp get_page(page_string) when is_nil(page_string), do: 1 + + defp get_page(page_string) do + case Integer.parse(page_string) do + {page, _} -> page + :error -> 1 + end + end + + defp get_page_size(page_size_string) when is_nil(page_size_string), do: @users_page_size + + defp get_page_size(page_size_string) do + case Integer.parse(page_size_string) do + {page_size, _} -> page_size + :error -> @users_page_size + end + end end diff --git a/lib/pleroma/web/auth/authenticator.ex b/lib/pleroma/web/auth/authenticator.ex new file mode 100644 index 000000000..82267c595 --- /dev/null +++ b/lib/pleroma/web/auth/authenticator.ex @@ -0,0 +1,25 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Auth.Authenticator do + alias Pleroma.User + + def implementation do + Pleroma.Config.get( + Pleroma.Web.Auth.Authenticator, + Pleroma.Web.Auth.PleromaAuthenticator + ) + end + + @callback get_user(Plug.Conn.t()) :: {:ok, User.t()} | {:error, any()} + def get_user(plug), do: implementation().get_user(plug) + + @callback handle_error(Plug.Conn.t(), any()) :: any() + def handle_error(plug, error), do: implementation().handle_error(plug, error) + + @callback auth_template() :: String.t() | nil + def auth_template do + implementation().auth_template() || Pleroma.Config.get(:auth_template, "show.html") + end +end diff --git a/lib/pleroma/web/auth/pleroma_authenticator.ex b/lib/pleroma/web/auth/pleroma_authenticator.ex new file mode 100644 index 000000000..3cc19af01 --- /dev/null +++ b/lib/pleroma/web/auth/pleroma_authenticator.ex @@ -0,0 +1,28 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Auth.PleromaAuthenticator do + alias Pleroma.User + alias Comeonin.Pbkdf2 + + @behaviour Pleroma.Web.Auth.Authenticator + + def get_user(%Plug.Conn{} = conn) do + %{"authorization" => %{"name" => name, "password" => password}} = conn.params + + with {_, %User{} = user} <- {:user, User.get_by_nickname_or_email(name)}, + {_, true} <- {:checkpw, Pbkdf2.checkpw(password, user.password_hash)} do + {:ok, user} + else + error -> + {:error, error} + end + end + + def handle_error(%Plug.Conn{} = _conn, error) do + error + end + + def auth_template, do: nil +end diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index e788337cc..7114d6de6 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -82,40 +82,20 @@ defmodule Pleroma.Web.CommonAPI do def get_visibility(_), do: "public" - defp get_content_type(content_type) do - if Enum.member?(Pleroma.Config.get([:instance, :allowed_post_formats]), content_type) do - content_type - else - "text/plain" - end - end - def post(user, %{"status" => status} = data) do visibility = get_visibility(data) limit = Pleroma.Config.get([:instance, :limit]) with status <- String.trim(status), attachments <- attachments_from_ids(data), - mentions <- Formatter.parse_mentions(status), inReplyTo <- get_replied_to_activity(data["in_reply_to_status_id"]), - {to, cc} <- to_for_user_and_mentions(user, mentions, inReplyTo, visibility), - tags <- Formatter.parse_tags(status, data), - content_html <- + {content_html, mentions, tags} <- make_content_html( status, - mentions, attachments, - tags, - get_content_type(data["content_type"]), - Enum.member?( - [true, "true"], - Map.get( - data, - "no_attachment_links", - Pleroma.Config.get([:instance, :no_attachment_links], false) - ) - ) + data ), + {to, cc} <- to_for_user_and_mentions(user, mentions, inReplyTo, visibility), context <- make_context(inReplyTo), cw <- data["spoiler_text"], full_payload <- String.trim(status <> (data["spoiler_text"] || "")), @@ -247,7 +227,7 @@ defmodule Pleroma.Web.CommonAPI do def report(user, data) do with {:account_id, %{"account_id" => account_id}} <- {:account_id, data}, {:account, %User{} = account} <- {:account, User.get_by_id(account_id)}, - {:ok, content_html} <- make_report_content_html(data["comment"]), + {:ok, {content_html, _, _}} <- make_report_content_html(data["comment"]), {:ok, statuses} <- get_report_statuses(account, data), {:ok, activity} <- ActivityPub.flag(%{ diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 1d3a314ce..e4b9102c5 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -10,7 +10,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do alias Pleroma.Object alias Pleroma.Repo alias Pleroma.User - alias Pleroma.Web + alias Pleroma.Config alias Pleroma.Web.Endpoint alias Pleroma.Web.MediaProxy alias Pleroma.Web.ActivityPub.Utils @@ -100,24 +100,45 @@ defmodule Pleroma.Web.CommonAPI.Utils do def make_content_html( status, - mentions, attachments, - tags, - content_type, - no_attachment_links \\ false + data ) do + no_attachment_links = + data + |> Map.get("no_attachment_links", Config.get([:instance, :no_attachment_links])) + |> Kernel.in([true, "true"]) + + content_type = get_content_type(data["content_type"]) + status - |> format_input(mentions, tags, content_type) + |> format_input(content_type) |> maybe_add_attachments(attachments, no_attachment_links) + |> maybe_add_nsfw_tag(data) end + defp get_content_type(content_type) do + if Enum.member?(Config.get([:instance, :allowed_post_formats]), content_type) do + content_type + else + "text/plain" + end + end + + defp maybe_add_nsfw_tag({text, mentions, tags}, %{"sensitive" => sensitive}) + when sensitive in [true, "True", "true", "1"] do + {text, mentions, [{"#nsfw", "nsfw"} | tags]} + end + + defp maybe_add_nsfw_tag(data, _), do: data + def make_context(%Activity{data: %{"context" => context}}), do: context def make_context(_), do: Utils.generate_context_id() - def maybe_add_attachments(text, _attachments, true = _no_links), do: text + def maybe_add_attachments(parsed, _attachments, true = _no_links), do: parsed - def maybe_add_attachments(text, attachments, _no_links) do - add_attachments(text, attachments) + def maybe_add_attachments({text, mentions, tags}, attachments, _no_links) do + text = add_attachments(text, attachments) + {text, mentions, tags} end def add_attachments(text, attachments) do @@ -135,56 +156,39 @@ defmodule Pleroma.Web.CommonAPI.Utils do Enum.join([text | attachment_text], "
") end - def format_input(text, mentions, tags, format, options \\ []) + def format_input(text, format, options \\ []) @doc """ Formatting text to plain text. """ - def format_input(text, mentions, tags, "text/plain", options) do + def format_input(text, "text/plain", options) do text |> Formatter.html_escape("text/plain") - |> String.replace(~r/\r?\n/, "
") - |> (&{[], &1}).() - |> Formatter.add_links() - |> Formatter.add_user_links(mentions, options[:user_links] || []) - |> Formatter.add_hashtag_links(tags) - |> Formatter.finalize() + |> Formatter.linkify(options) + |> (fn {text, mentions, tags} -> + {String.replace(text, ~r/\r?\n/, "
"), mentions, tags} + end).() end @doc """ Formatting text to html. """ - def format_input(text, mentions, _tags, "text/html", options) do + def format_input(text, "text/html", options) do text |> Formatter.html_escape("text/html") - |> (&{[], &1}).() - |> Formatter.add_user_links(mentions, options[:user_links] || []) - |> Formatter.finalize() + |> Formatter.linkify(options) end @doc """ Formatting text to markdown. """ - def format_input(text, mentions, tags, "text/markdown", options) do + def format_input(text, "text/markdown", options) do + options = Keyword.put(options, :mentions_escape, true) + text - |> Formatter.mentions_escape(mentions) - |> Earmark.as_html!() + |> Formatter.linkify(options) + |> (fn {text, mentions, tags} -> {Earmark.as_html!(text), mentions, tags} end).() |> Formatter.html_escape("text/html") - |> (&{[], &1}).() - |> Formatter.add_user_links(mentions, options[:user_links] || []) - |> Formatter.add_hashtag_links(tags) - |> Formatter.finalize() - end - - def add_tag_links(text, tags) do - tags = - tags - |> Enum.sort_by(fn {tag, _} -> -String.length(tag) end) - - Enum.reduce(tags, text, fn {full, tag}, text -> - url = "" - String.replace(text, full, url) - end) end def make_note_data( @@ -323,13 +327,13 @@ defmodule Pleroma.Web.CommonAPI.Utils do def maybe_extract_mentions(_), do: [] - def make_report_content_html(nil), do: {:ok, nil} + def make_report_content_html(nil), do: {:ok, {nil, [], []}} def make_report_content_html(comment) do max_size = Pleroma.Config.get([:instance, :max_report_comment_size], 1000) if String.length(comment) <= max_size do - {:ok, format_input(comment, [], [], "text/plain")} + {:ok, format_input(comment, "text/plain")} else {:error, "Comment must be up to #{max_size} characters"} end diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index d4e2a9742..fbfe97dbc 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -9,6 +9,7 @@ defmodule Pleroma.Web.Federator do alias Pleroma.Web.Websub alias Pleroma.Web.Salmon alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.ActivityPub.Visibility alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.ActivityPub.Transmogrifier alias Pleroma.Web.ActivityPub.Utils @@ -94,7 +95,7 @@ defmodule Pleroma.Web.Federator do with actor when not is_nil(actor) <- User.get_cached_by_ap_id(activity.data["actor"]) do {:ok, actor} = WebFinger.ensure_keys_present(actor) - if ActivityPub.is_public?(activity) do + if Visibility.is_public?(activity) do if OStatus.is_representable?(activity) do Logger.info(fn -> "Sending #{activity.data["id"]} out via WebSub" end) Websub.publish(Pleroma.Web.OStatus.feed_path(actor), actor, activity) diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 60738301b..056be49b0 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -27,6 +27,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do alias Pleroma.Web.MastodonAPI.ReportView alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Utils + alias Pleroma.Web.ActivityPub.Visibility alias Pleroma.Web.OAuth.App alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Token @@ -307,7 +308,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def get_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Activity{} = activity <- Repo.get(Activity, id), - true <- ActivityPub.visible_for_user?(activity, user) do + true <- Visibility.visible_for_user?(activity, user) do conn |> put_view(StatusView) |> try_render("status.json", %{activity: activity, for: user}) @@ -449,7 +450,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def bookmark_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Activity{} = activity <- Repo.get(Activity, id), %User{} = user <- User.get_by_nickname(user.nickname), - true <- ActivityPub.visible_for_user?(activity, user), + true <- Visibility.visible_for_user?(activity, user), {:ok, user} <- User.bookmark(user, activity.data["object"]["id"]) do conn |> put_view(StatusView) @@ -460,7 +461,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def unbookmark_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Activity{} = activity <- Repo.get(Activity, id), %User{} = user <- User.get_by_nickname(user.nickname), - true <- ActivityPub.visible_for_user?(activity, user), + true <- Visibility.visible_for_user?(activity, user), {:ok, user} <- User.unbookmark(user, activity.data["object"]["id"]) do conn |> put_view(StatusView) @@ -867,7 +868,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do if Regex.match?(~r/https?:/, query) do with {:ok, object} <- ActivityPub.fetch_object_from_id(query), %Activity{} = activity <- Activity.get_create_by_object_ap_id(object.data["id"]), - true <- ActivityPub.visible_for_user?(activity, user) do + true <- Visibility.visible_for_user?(activity, user) do [activity] else _e -> [] @@ -893,7 +894,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do - accounts = User.search(query, params["resolve"] == "true", user) + accounts = User.search(query, resolve: params["resolve"] == "true", for_user: user) statuses = status_search(user, query) @@ -918,7 +919,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do - accounts = User.search(query, params["resolve"] == "true", user) + accounts = User.search(query, resolve: params["resolve"] == "true", for_user: user) statuses = status_search(user, query) @@ -940,7 +941,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def account_search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do - accounts = User.search(query, params["resolve"] == "true", user) + accounts = User.search(query, resolve: params["resolve"] == "true", for_user: user) res = AccountView.render("accounts.json", users: accounts, for: user, as: :user) @@ -1518,9 +1519,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end - def status_card(conn, %{"id" => status_id}) do + def status_card(%{assigns: %{user: user}} = conn, %{"id" => status_id}) do with %Activity{} = activity <- Repo.get(Activity, status_id), - true <- ActivityPub.is_public?(activity) do + true <- Visibility.visible_for_user?(activity, user) do data = StatusView.render( "card.json", diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 8fdefdebd..c32f27be2 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -32,7 +32,11 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do } end - def render("relationship.json", %{user: user, target: target}) do + def render("relationship.json", %{user: nil, target: _target}) do + %{} + end + + def render("relationship.json", %{user: %User{} = user, target: %User{} = target}) do follow_activity = Pleroma.Web.ActivityPub.Utils.fetch_latest_follow(user, target) requested = @@ -85,6 +89,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do bio = HTML.filter_tags(user.bio, User.html_filter_policy(opts[:for])) + relationship = render("relationship.json", %{user: opts[:for], target: user}) + %{ id: to_string(user.id), username: username_from_nickname(user.nickname), @@ -115,7 +121,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do confirmation_pending: user_info.confirmation_pending, tags: user.tags, is_moderator: user.info.is_moderator, - is_admin: user.info.is_admin + is_admin: user.info.is_admin, + relationship: relationship } } end diff --git a/lib/pleroma/web/mastodon_api/views/admin/account_view.ex b/lib/pleroma/web/mastodon_api/views/admin/account_view.ex new file mode 100644 index 000000000..74ca13564 --- /dev/null +++ b/lib/pleroma/web/mastodon_api/views/admin/account_view.ex @@ -0,0 +1,25 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.MastodonAPI.Admin.AccountView do + use Pleroma.Web, :view + + alias Pleroma.Web.MastodonAPI.Admin.AccountView + + def render("index.json", %{users: users, count: count, page_size: page_size}) do + %{ + users: render_many(users, AccountView, "show.json", as: :user), + count: count, + page_size: page_size + } + end + + def render("show.json", %{user: user}) do + %{ + "id" => user.id, + "nickname" => user.nickname, + "deactivated" => user.info.deactivated + } + end +end diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index b90e4252a..3468c0e1c 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -168,7 +168,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do reblogged: present?(repeated), favourited: present?(favorited), bookmarked: present?(bookmarked), - muted: CommonAPI.thread_muted?(user, activity), + muted: CommonAPI.thread_muted?(user, activity) || User.mutes?(opts[:for], user), pinned: pinned?(activity, user), sensitive: sensitive, spoiler_text: object["summary"] || "", diff --git a/lib/pleroma/web/mastodon_api/websocket_handler.ex b/lib/pleroma/web/mastodon_api/websocket_handler.ex index ea75070c4..8efe2efd5 100644 --- a/lib/pleroma/web/mastodon_api/websocket_handler.ex +++ b/lib/pleroma/web/mastodon_api/websocket_handler.ex @@ -9,7 +9,7 @@ defmodule Pleroma.Web.MastodonAPI.WebsocketHandler do alias Pleroma.Repo alias Pleroma.User - @behaviour :cowboy_websocket_handler + @behaviour :cowboy_websocket @streams [ "public", @@ -26,37 +26,37 @@ defmodule Pleroma.Web.MastodonAPI.WebsocketHandler do # Handled by periodic keepalive in Pleroma.Web.Streamer. @timeout :infinity - def init(_type, _req, _opts) do - {:upgrade, :protocol, :cowboy_websocket} - end - - def websocket_init(_type, req, _opts) do - with {qs, req} <- :cowboy_req.qs(req), - params <- :cow_qs.parse_qs(qs), + def init(%{qs: qs} = req, state) do + with params <- :cow_qs.parse_qs(qs), access_token <- List.keyfind(params, "access_token", 0), {_, stream} <- List.keyfind(params, "stream", 0), {:ok, user} <- allow_request(stream, access_token), topic when is_binary(topic) <- expand_topic(stream, params) do - send(self(), :subscribe) - {:ok, req, %{user: user, topic: topic}, @timeout} + {:cowboy_websocket, req, %{user: user, topic: topic}, %{idle_timeout: @timeout}} else {:error, code} -> Logger.debug("#{__MODULE__} denied connection: #{inspect(code)} - #{inspect(req)}") {:ok, req} = :cowboy_req.reply(code, req) - {:shutdown, req} + {:ok, req, state} error -> Logger.debug("#{__MODULE__} denied connection: #{inspect(error)} - #{inspect(req)}") - {:shutdown, req} + {:ok, req} = :cowboy_req.reply(400, req) + {:ok, req, state} end end - # We never receive messages. - def websocket_handle(_frame, req, state) do - {:ok, req, state} + def websocket_init(state) do + send(self(), :subscribe) + {:ok, state} end - def websocket_info(:subscribe, req, state) do + # We never receive messages. + def websocket_handle(_frame, state) do + {:ok, state} + end + + def websocket_info(:subscribe, state) do Logger.debug( "#{__MODULE__} accepted websocket connection for user #{ (state.user || %{id: "anonymous"}).id @@ -64,14 +64,14 @@ defmodule Pleroma.Web.MastodonAPI.WebsocketHandler do ) Pleroma.Web.Streamer.add_socket(state.topic, streamer_socket(state)) - {:ok, req, state} + {:ok, state} end - def websocket_info({:text, message}, req, state) do - {:reply, {:text, message}, req, state} + def websocket_info({:text, message}, state) do + {:reply, {:text, message}, state} end - def websocket_terminate(reason, _req, state) do + def terminate(reason, _req, state) do Logger.debug( "#{__MODULE__} terminating websocket connection for user #{ (state.user || %{id: "anonymous"}).id diff --git a/lib/pleroma/web/metadata/twitter_card.ex b/lib/pleroma/web/metadata/twitter_card.ex index d672b397f..a0be383e5 100644 --- a/lib/pleroma/web/metadata/twitter_card.ex +++ b/lib/pleroma/web/metadata/twitter_card.ex @@ -66,9 +66,7 @@ defmodule Pleroma.Web.Metadata.Providers.TwitterCard do end end - defp build_attachments(id, z = %{data: %{"attachment" => attachments}}) do - IO.puts(inspect(z)) - + defp build_attachments(id, %{data: %{"attachment" => attachments}}) do Enum.reduce(attachments, [], fn attachment, acc -> rendered_tags = Enum.reduce(attachment["url"], [], fn url, acc -> diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 654beb2c4..c2b6dd477 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do use Pleroma.Web, :controller + alias Pleroma.Web.Auth.Authenticator alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Token alias Pleroma.Web.OAuth.App @@ -24,27 +25,25 @@ defmodule Pleroma.Web.OAuth.OAuthController do available_scopes = (app && app.scopes) || [] scopes = oauth_scopes(params, nil) || available_scopes - render(conn, "show.html", %{ + render(conn, Authenticator.auth_template(), %{ response_type: params["response_type"], client_id: params["client_id"], available_scopes: available_scopes, scopes: scopes, redirect_uri: params["redirect_uri"], - state: params["state"] + state: params["state"], + params: params }) end def create_authorization(conn, %{ "authorization" => %{ - "name" => name, - "password" => password, "client_id" => client_id, "redirect_uri" => redirect_uri } = auth_params }) do - with %User{} = user <- User.get_by_nickname_or_email(name), - true <- Pbkdf2.checkpw(password, user.password_hash), + with {_, {:ok, %User{} = user}} <- {:get_user, Authenticator.get_user(conn)}, %App{} = app <- Repo.get_by(App, client_id: client_id), true <- redirect_uri in String.split(app.redirect_uris), scopes <- oauth_scopes(auth_params, []), @@ -53,9 +52,9 @@ defmodule Pleroma.Web.OAuth.OAuthController do {:missing_scopes, false} <- {:missing_scopes, scopes == []}, {:auth_active, true} <- {:auth_active, User.auth_active?(user)}, {:ok, auth} <- Authorization.create_authorization(app, user, scopes) do - # Special case: Local MastodonFE. redirect_uri = if redirect_uri == "." do + # Special case: Local MastodonFE mastodon_api_url(conn, :login) else redirect_uri @@ -97,7 +96,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do |> authorize(auth_params) error -> - error + Authenticator.handle_error(conn, error) end end @@ -114,7 +113,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do refresh_token: token.refresh_token, created_at: DateTime.to_unix(inserted_at), expires_in: 60 * 10, - scope: Enum.join(token.scopes) + scope: Enum.join(token.scopes, " ") } json(conn, response) diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex index df723f638..4e963774a 100644 --- a/lib/pleroma/web/ostatus/ostatus_controller.ex +++ b/lib/pleroma/web/ostatus/ostatus_controller.ex @@ -9,6 +9,7 @@ defmodule Pleroma.Web.OStatus.OStatusController do alias Pleroma.Object alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.ActivityPub.Visibility alias Pleroma.Web.ActivityPub.ActivityPubController alias Pleroma.Web.ActivityPub.ObjectView alias Pleroma.Web.OStatus.ActivityRepresenter @@ -102,7 +103,7 @@ defmodule Pleroma.Web.OStatus.OStatusController do else with id <- o_status_url(conn, :object, uuid), {_, %Activity{} = activity} <- {:activity, Activity.get_create_by_object_ap_id(id)}, - {_, true} <- {:public?, ActivityPub.is_public?(activity)}, + {_, true} <- {:public?, Visibility.is_public?(activity)}, %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do case get_format(conn) do "html" -> redirect(conn, to: "/notice/#{activity.id}") @@ -127,7 +128,7 @@ defmodule Pleroma.Web.OStatus.OStatusController do else with id <- o_status_url(conn, :activity, uuid), {_, %Activity{} = activity} <- {:activity, Activity.normalize(id)}, - {_, true} <- {:public?, ActivityPub.is_public?(activity)}, + {_, true} <- {:public?, Visibility.is_public?(activity)}, %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do case format = get_format(conn) do "html" -> redirect(conn, to: "/notice/#{activity.id}") @@ -148,7 +149,7 @@ defmodule Pleroma.Web.OStatus.OStatusController do def notice(conn, %{"id" => id}) do with {_, %Activity{} = activity} <- {:activity, Activity.get_by_id(id)}, - {_, true} <- {:public?, ActivityPub.is_public?(activity)}, + {_, true} <- {:public?, Visibility.is_public?(activity)}, %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do case format = get_format(conn) do "html" -> @@ -191,7 +192,7 @@ defmodule Pleroma.Web.OStatus.OStatusController do # Returns an HTML embedded