74182abb5b
bump version
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test/1 Pipeline was successful
ci/woodpecker/push/test/2 Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
2025-03-11 20:48:27 +00:00
0a9cf8fa8b
Merge pull request 'Test lowest and highest language versions, elixir 1.18 support' ( #875 ) from ci-testing-all-versions into develop
...
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test/1 Pipeline was successful
ci/woodpecker/push/test/2 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline failed
ci/woodpecker/push/build-arm64 Pipeline failed
ci/woodpecker/push/docs unknown status
Reviewed-on: #875
2025-03-11 20:47:54 +00:00
066d5b48ed
Fix Content-Type sanitisation for emoji and local uploads
...
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline failed
ci/woodpecker/push/build-amd64 Pipeline failed
ci/woodpecker/push/docs unknown status
This was accidentally broken in c8e0f7848b
2025-03-10 19:45:26 +01:00
4a05b2d643
we do actually want to start oban-met...
ci/woodpecker/push/test/1 Pipeline was successful
ci/woodpecker/push/test/2 Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/pr/lint Pipeline was successful
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/pr/test/2 Pipeline was successful
ci/woodpecker/pr/test/1 Pipeline was successful
ci/woodpecker/pr/build-arm64 Pipeline was successful
ci/woodpecker/pr/build-amd64 Pipeline was successful
ci/woodpecker/pr/docs Pipeline was successful
ci/woodpecker/pull_request_closed/build-amd64 Pipeline was successful
ci/woodpecker/pull_request_closed/lint Pipeline was successful
ci/woodpecker/pull_request_closed/test/1 Pipeline was successful
ci/woodpecker/pull_request_closed/test/2 Pipeline was successful
ci/woodpecker/pull_request_closed/build-arm64 Pipeline was successful
ci/woodpecker/pull_request_closed/docs Pipeline was successful
2025-03-02 13:36:52 +00:00
93200a8073
use latest ASDF instructions
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test/2 Pipeline was successful
ci/woodpecker/push/test/1 Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/pr/test/2 unknown status
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/pr/lint Pipeline failed
ci/woodpecker/pr/test/1 unknown status
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/docs unknown status
2025-03-02 13:36:14 +00:00
41a4ed1db5
specify correct version
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/pr/test/1 unknown status
ci/woodpecker/pr/test/2 unknown status
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/push/test/1 Pipeline was successful
ci/woodpecker/push/test/2 Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/pr/lint Pipeline failed
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/docs unknown status
2025-03-02 13:17:52 +00:00
8e789c6236
1.14.1 min version
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/pr/build-amd64 Pipeline is pending approval
ci/woodpecker/pr/build-arm64 Pipeline is pending approval
ci/woodpecker/pr/docs Pipeline is pending approval
ci/woodpecker/pr/lint Pipeline is pending approval
ci/woodpecker/pr/test/1 Pipeline is pending approval
ci/woodpecker/pr/test/2 Pipeline is pending approval
ci/woodpecker/push/test/1 Pipeline was successful
ci/woodpecker/push/test/2 Pipeline was successful
2025-03-02 13:07:03 +00:00
184c62359f
drop back to 1.14/OTP25
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/test/2 Pipeline was successful
ci/woodpecker/push/test/1 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/docs unknown status
ci/woodpecker/pr/lint Pipeline failed
ci/woodpecker/pr/test/1 unknown status
ci/woodpecker/pr/test/2 unknown status
ci/woodpecker/pr/build-arm64 unknown status
2025-03-02 13:04:10 +00:00
829af03042
we don't support otp24, bump to 25
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test/2 Pipeline was successful
ci/woodpecker/push/test/1 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/pr/lint Pipeline was successful
ci/woodpecker/pr/test/2 Pipeline was successful
ci/woodpecker/pr/test/1 Pipeline was successful
ci/woodpecker/pr/build-arm64 Pipeline was successful
ci/woodpecker/pr/build-amd64 Pipeline was successful
ci/woodpecker/pr/docs Pipeline was successful
2025-03-02 12:19:14 +00:00
842414b927
run the lint task on the latest version
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test/1 Pipeline was successful
ci/woodpecker/push/test/2 Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/pr/lint Pipeline was successful
ci/woodpecker/pr/test/1 Pipeline failed
ci/woodpecker/pr/test/2 Pipeline was successful
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/docs unknown status
2025-03-02 11:56:15 +00:00
f176294d6d
elixir 1.18 formatting
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test/2 Pipeline was successful
ci/woodpecker/push/test/1 Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/pr/lint Pipeline failed
ci/woodpecker/pr/test/1 unknown status
ci/woodpecker/pr/test/2 unknown status
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/docs unknown status
ci/woodpecker/pr/build-arm64 unknown status
2025-03-02 11:54:00 +00:00
b1c0b9e01a
test lowest and highest supported versions on PR
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test/1 Pipeline was successful
ci/woodpecker/push/test/2 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
2025-03-02 11:49:41 +00:00
fc2c740008
dependency upgrade
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
2025-03-02 11:34:09 +00:00
9da2cb881e
upgrade oban migrations to v12
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/docs unknown status
ci/woodpecker/push/build-arm64 Pipeline failed
ci/woodpecker/push/build-amd64 Pipeline failed
2025-03-02 11:32:40 +00:00
522a168af6
force signatures for pinned posts
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
2025-03-01 17:27:45 +00:00
59ea358e52
bump version
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
2025-03-01 16:36:04 +00:00
d62808e4b6
move /outbox to signed pipeline
2025-03-01 16:28:12 +00:00
7ccc560e4d
prepare 2025.03 release
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
2025-03-01 12:19:43 +00:00
a47b02cb69
Merge remote-tracking branch 'oneric-sec/sec-2024-12' into develop
2025-03-01 12:13:17 +00:00
6222936673
use akk.dev mfm parser
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/docs unknown status
ci/woodpecker/push/build-amd64 Pipeline failed
2025-03-01 12:10:23 +00:00
d65cd1b141
Merge pull request 'Add oban web dashboard' ( #871 ) from oban_web into develop
...
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
Reviewed-on: #871
2025-02-27 12:07:36 +00:00
d7dd34f263
Merge pull request 'Use FEP-c16b: Formatting MFM functions' ( #823 ) from ilja/akkoma:use_fep-c16b_formatting_mfm_functions into develop
...
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline failed
ci/woodpecker/push/build-amd64 Pipeline failed
ci/woodpecker/push/docs unknown status
Reviewed-on: #823
2025-02-27 12:03:22 +00:00
c2f60c9228
add a snapshot test for api prefixes
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline is running
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/pr/lint Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/pr/build-arm64 Pipeline was successful
ci/woodpecker/pr/build-amd64 Pipeline was successful
ci/woodpecker/pr/docs Pipeline was successful
ci/woodpecker/pull_request_closed/lint Pipeline was successful
ci/woodpecker/pull_request_closed/build-amd64 Pipeline was successful
ci/woodpecker/pull_request_closed/docs Pipeline was successful
ci/woodpecker/pull_request_closed/test Pipeline was successful
ci/woodpecker/pull_request_closed/build-arm64 Pipeline was successful
2025-02-23 16:51:48 +00:00
13d650602b
update deps
ci/woodpecker/pr/build-amd64 Pipeline is pending approval
ci/woodpecker/pr/build-arm64 Pipeline is pending approval
ci/woodpecker/pr/docs Pipeline is pending approval
ci/woodpecker/pr/lint Pipeline is pending approval
ci/woodpecker/pr/test Pipeline is pending approval
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
2025-02-23 16:32:55 +00:00
a49f04bb4e
Merge branch 'develop' into oban_web
2025-02-23 16:16:48 +00:00
da7998e89e
put oban route under a known prefix
2025-02-23 16:16:17 +00:00
ilja space
dce07f05d9
Merge branch 'develop' of https://akkoma.dev/AkkomaGang/akkoma into use_fep-c16b_formatting_mfm_functions
ci/woodpecker/pr/build-amd64 Pipeline is pending approval
ci/woodpecker/pr/build-arm64 Pipeline is pending approval
ci/woodpecker/pr/docs Pipeline is pending approval
ci/woodpecker/pr/lint Pipeline is pending approval
ci/woodpecker/pr/test Pipeline is pending approval
ci/woodpecker/pull_request_closed/lint Pipeline was successful
ci/woodpecker/pull_request_closed/test Pipeline was successful
ci/woodpecker/pull_request_closed/build-amd64 Pipeline was successful
ci/woodpecker/pull_request_closed/build-arm64 Pipeline was successful
ci/woodpecker/pull_request_closed/docs Pipeline was successful
2025-02-23 10:13:44 +01:00
7c23793e55
changelog: add entries for preceding commits
2025-02-21 19:37:27 +01:00
8243fc0ef4
federation: strip internal fields from incoming updates and history
...
When note editing support was added, it was omitted to strip internal
fields from edited notes and their history.
This was uncovered due to Mastodon inlining the like count as a "likes"
collection conflicting with our internal "likes" list causing validation
failures. In a spot check with likes/like_count it was not possible to
inject those internal fields into the local db via Update, but this
was not extensively tested for all fields and avenues.
Similarly address normalisation did not normalise addressing in the
object history, although this was never at risk of being exploitable.
The revision history of the Pleroma MR adding edit support reveals
recusrive stripping was intentionally avoided, since it will end up
removing e.g. emoji from outgoing activities. This appears to still
be true. However, all current internal fields ("pleroma_interal"
appears to be unused) contain data already publicised otherwise anyway.
In the interest of fixing a federation bug (and at worst potential data
injection) quickly outgoing stripping is left non-recursive for now.
Of course the ultimate fix here is to not mix remote and internal data
into the same map in the first place, but unfortunately having a single
map of all truth is a core assumption of *oma's AP doc processing.
Changing this is a masive undertaking and not suitable for providing
a short-term fix.
2025-02-21 19:37:27 +01:00
11ad4711eb
signing_key: don't retrieve superfluous fields when loading ap_id
2025-02-21 19:37:27 +01:00
d8e40173bf
http_signatures: tweak order of route aliases
...
We expect most requests to be made for the actual canonical ID,
so check this one first (starting without query headers matching the
predominant albeit spec-breaking version).
Also avoid unnecessary rerewrites of the digest header on each route
alias by just setting it once before iterating through aliases.
2025-02-21 19:37:27 +01:00
9cc5fe9a5f
signature: refetch key upon verification failure
...
This matches behaviour prioir to the SigningKey migration
and the expected semantics of the http_signatures lib.
Additionally add a min interval paramter, to avoid
refetch floods on bugs causing incompatible signatures
(like e.g. currently with Bridgy)
2025-02-21 19:37:27 +01:00
355263858c
Merge pull request 'Expose Port IO stats via Prometheus' ( #869 ) from Oneric/akkoma:io-telemetry into develop
...
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
Reviewed-on: #869
2025-02-21 15:28:09 +00:00
a7b4e4bfd9
signature: distinguish error sources and log fetch issues
2025-02-14 22:10:25 +01:00
51642a90c5
signature: drop unecessary round trip over user
...
We already got the key.
2025-02-14 22:10:25 +01:00
bc79bd0edf
cosmetic/test/user: replace deprecated clear_config syntax
2025-02-14 22:10:25 +01:00
ee61ce61a7
changelog: summarise preceeding changes
2025-02-14 22:10:25 +01:00
8a0d130976
Add tests for SigninKey module
2025-02-14 22:10:25 +01:00
898b98e5dd
db: drop legacy key fields in users table
2025-02-14 22:10:25 +01:00
ea2de1f28a
signing_key: ensure only one key per user exists
...
Fixes: AkkomaGang/akkoma issue 858
2025-02-14 22:10:25 +01:00
2a4587f201
Fix SigningKey db schema
2025-02-14 22:10:25 +01:00
3460f41776
Fix user updates
...
User updates broke with the migration to separate signing keys
since user data carries signing keys but we didn't allow the
association data to be updated.
2025-02-14 22:10:25 +01:00
cc5c1bb10c
signing_key: cleanup code
...
In particular this avoids an unecessary roundtrip
over user_id when searching a key via its primary key_id
2025-02-14 22:10:25 +01:00
70fe99d196
Prevent key-actor mapping poisoning and key take overs
...
Previously there were mainly two attack vectors:
- for raw keys the owner <-> key mapping wasn't verified at all
- keys were retrieved with refetching allowed
and only the top-level ID was sanitised while
usually keys are but a subobject
This reintroduces public key checks in the user actor,
previously removed in 9728e2f8f7
2025-02-14 22:10:25 +01:00
366065c0f6
fetcher: split out core object fetch validation
...
To allow reuse for adapted key validation logic
2025-02-14 22:10:25 +01:00
b5fa8c6d09
readme: drop mention of YunoHost package
...
It’s no longer listed in the catalogue and
the git repo wasn't updated in over a year
2025-02-14 22:10:25 +01:00
d68a5f6c56
Protected against counterfeit local docs being posted
...
Only possible if actor keys leaked first
thus log with alert level
2025-02-14 22:10:25 +01:00
4231345f4e
cosmetic/emoji/pack: fix spelling
...
There might be further debate about "emoji" vs "emojis" for the plural
but a grep shows the latter is already widely used in our codebase.
2025-02-14 22:10:25 +01:00
96fe080e6e
Convert all raw :zip usage to SafeZip
...
Notably at least two instances were not properly guarded from path
traversal attack before and are only now fixed by using SafeZip:
- frontend installation did never check for malicious paths.
But given a malicious froontend could already, e.g. steal
all user tokens even without this, in the real world
admins should only use frontends from trusted sources
and the practical implications are minimal
- the emoji pack update/upload API taking a ZIP file
did not protect against path traversal. While atm
only admins can use these emoji endpoints, emoji
packs are typically considered "harmless" and used
without prior verification from various sources.
Thus this appears more concerning.
2025-02-14 22:10:25 +01:00
7151ef4718
Add SafeZip module
...
This will replace all the slightly different safety workarounds at
different ZIP handling sites and ensure safety is actually consistently
enforced everywhere while also making code cleaner and easiert to
follow.
2025-02-14 22:10:25 +01:00
