akkoma

Author	SHA1	Message	Date
Oneric	e64f031167	Log number of deleted rows in prune_orphaned_activities This gives feedback when to stop rerunning limited batches. Most of the diff is just adjusting indentation; best reviewed with whitespace-only changes hidden, e.g. `git diff -w`.	2024-05-31 17:16:40 +02:00
Oneric	fa52093bac	Add standalone prune_orphaned_activities CLI task This part of pruning can be very expensive and bog down the whole instance to an unusable sate for a long time. It can thus be desireable to split it from prune_objects and run it on its own in smaller limited batches. If the batches are smaller enough and spaced out a bit, it may even be possible to avoid any downtime. If not, the limit can still help to at least make the downtime duration somewhat more predictable.	2024-05-31 17:16:40 +02:00
Oneric	3126d15ffc	refactor: move prune_orphaned_activities into own function No logic changes. Preparation for standalone orphan pruning.	2024-05-31 17:16:39 +02:00
floatingghost	8f97c15b07	Merge pull request 'Preserve Meilisearch’s result ranking' (#772 ) from Oneric/akkoma:search-meili-order into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #772	2024-05-31 14:12:05 +00:00
Floatingghost	3af0c53a86	use proper workers for fetching pins instead of an ad-hoc task (#788 ) Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #788 Co-authored-by: Floatingghost <hannah@coffee-and-dreams.uk> Co-committed-by: Floatingghost <hannah@coffee-and-dreams.uk>	2024-05-31 08:58:52 +00:00
Oneric	fc7e07f424	meilisearch: enable using search_key All checks were successful ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 Pipeline was successful Details ci/woodpecker/pr/build-arm64 Pipeline was successful Details ci/woodpecker/pr/docs Pipeline was successful Details Using only the admin key works as well currently and Akkoma needs to know the admin key to be able to add new entries etc. However the Meilisearch key descriptions suggest the admin key is not supposed to be used for searches, so let’s not. For compatibility with existings configs, search_key remains optional.	2024-05-29 23:17:27 +00:00
Oneric	59685e25d2	meilisearch: show keys by name not description This makes show-key’s output match our documentation as of Meilisearch 1.8.0-8-g4d5971f343c00d45c11ef0cfb6f61e83a8508208. Since I’m not sure if older versions maybe only provided description, it will fallback to the latter if no name parameter exists.	2024-05-29 23:17:27 +00:00
Oneric	65aeaefa41	meilisearch: respect meili’s result ranking Meilisearch is already configured to return results sorted by a particular ranking configured in the meilisearch CLI task. Resorting the returned top results by date partially negates this and runs counter to what someone with tweaked settings expects. Issue and fix identified by AdamK2003 in #579 But instead of using a O(n^2) resorting, this commit directly retrieves results in the correct order from the database. Closes: #579	2024-05-29 23:17:27 +00:00
Oneric	5d6cb6a459	meilisearch: remove duplicate preload	2024-05-29 23:17:27 +00:00
floatingghost	8afc3bee7a	Merge pull request 'Use /var/tmp for media cache path' (#776 ) from norm/akkoma:nginx-var-tmp into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #776 Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>	2024-05-28 02:05:17 +00:00
floatingghost	72871d4514	Merge pull request 'Drop unused indices' (#767 ) from Oneric/akkoma:purge-unused-indices into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #767	2024-05-28 01:35:18 +00:00
floatingghost	72af38c0e9	Merge pull request 'migrate CI config to v2' (#785 ) from woodpecker-v2 into develop All checks were successful ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details Reviewed-on: #785	2024-05-27 03:32:40 +00:00
Floatingghost	ae19fd90c9	use elixir 1.16 for format checks All checks were successful ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 Pipeline was successful Details ci/woodpecker/pr/build-arm64 Pipeline was successful Details ci/woodpecker/pr/docs Pipeline was successful Details ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details	2024-05-27 04:07:44 +01:00
Floatingghost	66b3248dd3	mix tests probably shouldn't be async Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-05-27 04:03:13 +01:00
Floatingghost	73ead8656a	don't allow emoji formatter to be async Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline failed Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-27 03:25:18 +01:00
Floatingghost	f32a7fd76a	arch is aarch64 now Some checks failed ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline failed Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-27 03:02:02 +01:00
Floatingghost	4078fd655c	migrate CI config to v2 Some checks are pending ci/woodpecker/manual/build-arm64 Pipeline is pending Details ci/woodpecker/manual/lint Pipeline was successful Details ci/woodpecker/manual/test Pipeline was successful Details ci/woodpecker/manual/build-amd64 Pipeline was successful Details ci/woodpecker/manual/docs Pipeline was successful Details	2024-05-27 02:56:05 +01:00
floatingghost	5bdef8c724	Merge pull request 'Allow for attachment to be a single object in user data' (#783 ) from single-attachment into develop Some checks are pending ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/test/1 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test/2 Pipeline is pending Details ci/woodpecker/push/test/3 Pipeline is pending Details ci/woodpecker/push/test/4 Pipeline is pending Details Reviewed-on: #783	2024-05-27 01:44:53 +00:00
floatingghost	cdc918c8f1	Merge pull request 'Document AP and nodeinfo extensions' (#778 ) from Oneric/akkoma:doc_ap-extensions into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #778	2024-05-27 01:34:58 +00:00
Floatingghost	f15eded3e1	Add extra test case for nonsense field, increase timeouts Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-27 02:09:48 +01:00
Oneric	05eda169fe	Document AP and nodeinfo extensions Some checks are pending ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details And while add it point to this via a top-level FEDERATION.md document as standardised by FEP-67ff. Also add a few missing descriptions to the config cheatsheet and move the recently removed C2S extension into an appropiate subsection.	2024-05-26 19:04:06 +02:00
floatingghost	3ce855cbde	Merge pull request 'Fix Exiftool stderr being read as an image description' (#782 ) from norm/akkoma:fix-exiftool-description into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #782	2024-05-26 16:11:12 +00:00
Floatingghost	da67e69af5	Allow for attachment to be a single object in user data Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-26 17:09:26 +01:00
Norm	c2d3221be3	Fix Exiftool stderr being read as an image description Some checks are pending ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details Fixes: #773	2024-05-23 14:44:17 -04:00
Floatingghost	5e92f955ac	bump version All checks were successful ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details	2024-05-22 19:42:25 +01:00
Floatingghost	b72127b45a	Merge remote-tracking branch 'oneric-sec/media-owner' into develop	2024-05-22 19:36:10 +01:00
Oneric	9a91299f96	Don't try to handle non-media objects as media Trying to display non-media as media crashed the renderer, but when posting a status with a valid, non-media object id the post was still created, but then crashed e.g. timeline rendering. It also crashed C2S inbox reads, so this could not be used to leak private posts.	2024-05-22 20:30:23 +02:00
Oneric	fbd961c747	Drop activity_type override for uploads Afaict this was never used, but keeping this (in theory) possible hinders detecting which objects are actually media uploads and which proper ActivityPub objects. It was originally added as part of upload support itself in `02d3dc6869` without being used and `git log -S:activity_type` and `git log -Sactivity_type:` don't find any other commits using this.	2024-05-22 20:30:23 +02:00
Oneric	0c2b33458d	Restrict media usage to owners In Mastodon media can only be used by owners and only be associated with a single post. We currently allow media to be associated with several posts and until now did not limit their usage in posts to media owners. However, media update and GET lookup was already limited to owners. (In accordance with allowing media reuse, we also still allow GET lookups of media already used in a post unlike Mastodon) Allowing reuse isn’t problematic per se, but allowing use by non-owners can be problematic if media ids of private-scoped posts can be guessed since creating a new post with this media id will reveal the uploaded file content and alt text. Given media ids are currently just part of a sequentieal series shared with some other objects, guessing media ids is with some persistence indeed feasible. E.g. sampline some public media ids from a real-world instance with 112 total and 61 monthly-active users: 17.465.096 at t0 17.472.673 at t1 = t0 + 4h 17.473.248 at t2 = t1 + 20min This gives about 30 new ids per minute of which most won't be local media but remote and local posts, poll answers etc. Assuming the default ratelimit of 15 post actions per 10s, scraping all media for the 4h interval takes about 84 minutes and scraping the 20min range mere 6.3 minutes. (Until the preceding commit, post updates were not rate limited at all, allowing even faster scraping.) If an attacker can infer (e.g. via reply to a follower-only post not accessbile to the attacker) some sensitive information was uploaded during a specific time interval and has some pointers regarding the nature of the information, identifying the specific upload out of all scraped media for this timerange is not impossible. Thus restrict media usage to owners. Checking ownership just in ActivitDraft would already be sufficient, since when a scheduled status actually gets posted it goes through ActivityDraft again, but would erroneously return a success status when scheduling an illegal post. Independently discovered and fixed by mint in Pleroma `1afde067b1`	2024-05-22 20:30:18 +02:00
Floatingghost	842cac2a50	ensure we mock_global	2024-05-22 19:30:03 +01:00
Lain Soykaf	3e1f5e5372	WebFingerControllerTest: Restore host after test.	2024-05-22 19:27:51 +01:00
marcin mikołajczak	3a21293970	Fix tests Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2024-05-22 19:27:31 +01:00
marcin mikołajczak	0d66237205	Fix validate_webfinger when running a different domain for Webfinger Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2024-05-22 19:20:02 +01:00
Oneric	6ef6b2a289	Apply rate limits to status updates	2024-05-22 20:18:08 +02:00
Oneric	94e9c8f48a	Purge unused media description update on post In MastoAPI media descriptions are updated via the media update API not upon post creation or post update. This functionality was originally added about 6 years ago in `ba93396649` which was part of https://git.pleroma.social/pleroma/pleroma/-/merge_requests/626 and https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/450. They introduced image descriptions to the front- and backend, but predate adoption of Mastodon API. For a while adding an `descriptions` array on post creation might have continued to work as an undocumented Pleroma extension to Masto API, but at latest when OpenAPI specs were added for those endpoints four years ago in `7803a85d2c`, these codepaths ceased to be used. The API specs don’t list a `descriptions` parameter and any unknown parameters are stripped out. The attachments_from_ids function is only called from ScheduledActivity and ActivityDraft.create with the latter only being called by CommonAPI.{post,update} whihc in turn are only called from ScheduledActivity again, MastoAPI controller and without any attachment or description parameter WelcomeMessage. Therefore no codepath can contain a descriptions parameter.	2024-05-22 20:18:08 +02:00
Oneric	873aa9da1c	activity_draft: mark new/2 as private	2024-05-22 20:18:08 +02:00
Oneric	34a48cb87f	scheduled_activity: mark private functions as private And remove unused due_activities/1	2024-05-22 20:18:08 +02:00
lain	50403351f4	add impostor test for webfinger	2024-05-22 19:17:34 +01:00
Alex Gleason	a953b1d927	Prevent spoofing webfinger	2024-05-22 19:08:37 +01:00
Norm	bb29c5bed2	Update tor/i2p guide Some checks are pending ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details Direct users to add in the appropriate headers and update the listening port instead of copy/pasting a config that's already outdated and probably would otherwise have to be synced with the main example nginx config.	2024-05-16 19:08:02 -04:00
Norm	bc46f3da4c	Update mediaproxy howto Since the configuration options on the nginx side already exist in the sample config, there's no need to tell users to copy-paste those settings in again.	2024-05-16 19:06:59 -04:00
Norm	7e709768c3	Use /var/tmp for media cache path in apache/nginx configs The /var/tmp directory is not mounted as tmpfs unlike /tmp which is mounted as such on some distros like Fedora or Arch. Since there isn't really a benefit to having the cache on tmpfs, this change should allow for a larger cache if needed without worrying about running out of RAM.	2024-05-15 20:42:48 -04:00
floatingghost	76ded10a70	Merge pull request 'Backoff on HTTP requests when 429 is recieved' (#762 ) from backoff-http into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #762	2024-05-11 04:38:47 +00:00
Floatingghost	4457928e32	duct-tape fix for #438 Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details we really need to make this less manual	2024-05-11 05:30:18 +01:00
floatingghost	ee03149ba1	Merge pull request 'Fix Exiftool migration id' (#763 ) from Oneric/akkoma:fix-migration-timeline-exifdesc into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #763	2024-05-06 22:51:05 +00:00
Floatingghost	ea6bc8a7c5	add a test for 503-rate-limiting Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 Pipeline was successful Details ci/woodpecker/pr/build-arm64 Pipeline was successful Details ci/woodpecker/pr/docs Pipeline was successful Details	2024-05-06 23:36:00 +01:00
Floatingghost	bd74693db6	additionally support retry-after values Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-05-06 23:34:48 +01:00
Oneric	5256678901	Fix Exiftool migration id Some checks are pending ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details Applying works fine with a 20220220135625 version, but it won’t be rolled back in the right order. Fortunately this action is idempotent so we can just rename and reapply it with a new id. To also not break large-scale rollbacks past 2022 for anyone who already applied it with the old id, keep a stub migration.	2024-05-07 00:16:21 +02:00
floatingghost	fdeecc7b4c	Merge pull request 'Update clients list in docs' (#761 ) from norm/akkoma:docs-clients-update into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #761	2024-05-06 21:33:26 +00:00
floatingghost	51482c4fe8	Merge pull request 'Remove remaining Dokku files' (#766 ) from norm/akkoma:remove-dokku into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #766	2024-05-06 21:33:16 +00:00

1 2 3 4 5 ...

15791 commits