Commit graph

9159 commits

Author SHA1 Message Date
de64c6c54a add selection UI 2023-03-28 12:44:52 +01:00
281c4636fa Merge pull request 'Show bubble_timeline in the api if any instances are set in it' (#502) from foxing/akkoma:foxing-patch-1 into develop
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Reviewed-on: #502
2023-03-21 10:13:41 +00:00
dd44387f1a Add timeline visibility options 2023-03-17 15:33:28 +00:00
fe7045632b also put publicVisibility in preloaded nodeinfo
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2023-03-15 22:59:58 +00:00
9464d50562 Add publicTimelineVisibility to nodeinfo 2023-03-15 22:13:18 +00:00
bd040fe96a Merge branch 'develop' into foxing-patch-1 2023-03-13 03:41:15 +00:00
ba635e97c8 Use enum empty instead
Some checks are pending
ci/woodpecker/pr/woodpecker Pipeline is pending
2023-03-13 03:40:20 +00:00
377d1483b6 Merge pull request 'Apply security patch from pleroma to prevent nested file names being uploaded to the server.' (#507) from foxing/akkoma:foxing-patch-2 into develop
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Reviewed-on: #507
2023-03-13 00:29:51 +00:00
643b8c5f15 ensure we send the right files for preferred fe 2023-03-12 23:59:10 +00:00
3d964a9970 Add frontend preference route 2023-03-12 23:24:07 +00:00
c2ae3273d5 Merge branch 'develop' into foxing-patch-2
All checks were successful
ci/woodpecker/pr/woodpecker Pipeline was successful
2023-03-12 19:23:22 +00:00
3f76de76da Apply Patch
Some checks are pending
ci/woodpecker/pr/woodpecker Pipeline is pending
2023-03-12 19:13:56 +00:00
0c77be9308 don't crash on malformed avatar and banner values
All checks were successful
ci/woodpecker/pr/woodpecker Pipeline was successful
weird values in href will cause base64 encoding to fail later down the
line, so let's make sure the value we're passing on is somewhat sane, or
at the very least a binary

this fixes #482
2023-03-12 18:14:05 +01:00
ilja
6c396fcab4 Remove "default" image description
Some checks are pending
ci/woodpecker/pr/woodpecker Pipeline is pending
When no image description is filled in, Pleroma allowed fallbacks.
Those were (based on a setting) either the filename, or a fixed description.
Neither are good options for image descriptions imo, so here we remove this.

Note that there's two tests removed who supposedly tested something else.
But examining closer, they didn't seem to test what they claimed to test,
so I removed them rather than try to "fix" them.
2023-03-12 08:42:33 +01:00
e17d8f744e Merge branch 'develop' into foxing-patch-1
Some checks are pending
ci/woodpecker/pr/woodpecker Pipeline is pending
2023-03-11 19:09:14 +00:00
70803d7966 Remove mix.env reference 2023-03-11 18:24:44 +00:00
5ca22c2459 ensure we can't have a null in appends 2023-03-11 17:24:49 +00:00
19eb826424 Show bubble_timeline in the api if any instances are set in it, do not show if none are set
Some checks are pending
ci/woodpecker/pr/woodpecker Pipeline is pending
2023-03-11 03:26:48 +00:00
9977588612 we should probably use ||
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2023-03-10 18:49:08 +00:00
e124a109c1 Remove _misskey_reaction matching (#500)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #500
2023-03-10 18:46:49 +00:00
08dfce98be Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2023-03-10 03:51:45 +00:00
b2112302ce Add more information about failed verifications 2023-03-10 03:51:24 +00:00
964a855319 Display Quote posts in the api features list to allow external clients to enable compatibility with it. (#496)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Expose quote posting in the api as a feature.

Copies what the quote post PR for pleroma does to allow external clients to enable and disable features based on the feature-set of the instance.

As far as I am aware, akkoma doesn't allow you to disable quote posting, so this doesn't need anything fancy and it's just a hard on switch.

I tried to get one for the bubble tl to work also, but I'm not quite sure how to do it so that it switches off the feature when the bubble tl is disabled. I would argue that it could and ideally should be done as well though.

I also discovered a pretty tame bug in the testing of it, that deleting the DB entry for the bubble tl does not stop the bubble TL from actually working and it will continue to display the panel on the about page, I'll just leave it as a note here.

Reviewed-on: #496
Co-authored-by: foxing <foxing@noreply.akkoma>
Co-committed-by: foxing <foxing@noreply.akkoma>
2023-03-09 20:40:28 +00:00
8a4437d2be Allow expires_at in filter requests
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Fixes #492
2023-03-09 19:13:14 +00:00
87d5e5b06a Allow moderators to get the admin scope again
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Fixes #463
2023-03-08 17:39:35 +00:00
b88e6560e0 Reblog content should be ""
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
ci/woodpecker/pr/woodpecker Pipeline is pending
Fixes #450
2023-03-02 11:04:27 +00:00
ilja
57eef6d764 prune_objects can prune orphaned activities who reference an array of objects
E.g. Flag activities have an array of objects

We prune the activity when NONE of the objects can be found

Note that the cost of finding and deleting these is ~4x higher than finding and deleting the non-array ones

Only string:
Delete on activities  (cost=506573.48..506580.38 rows=0 width=0)

Only Array:
Delete on activities  (cost=3570359.68..4276365.34 rows=0 width=0)

(They are still executed separately, so the total cost is the sum of the two)
2023-02-26 14:41:50 +01:00
ilja
a7ec6e039c prune_objects can prune orphaned activities
We add an option to also prune remote activities who don't have existing objects any more they reference.
Rn, we only check for activities who only reference one object, not an array or embeded object.
2023-02-26 14:41:50 +01:00
d3089ec399 Ensure we can update contentMap on update
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2023-02-23 11:00:55 +00:00
ilja
b4952a81fe Interpret \n as newline for MFM
Markdown doesn't generally consider `\n` a newline,
but Misskey does for MFM.

Now we do to for MFM (and not for Markdown) :)
2023-02-18 19:56:11 +01:00
ilja
b71db2f82d create_service_actor is now type Application
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This is used for internal fetch and for relay. Both represent the instance and therefore are an aplication.
2023-02-04 21:00:21 +00:00
aeb68a0ad1 paginate follow requests (#460)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
matches https://docs.joinmastodon.org/methods/follow_requests/#get mostly

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #460
2023-02-04 20:51:17 +00:00
54fdf3a5de Use any custom WebFinger domain for page metadata
All checks were successful
ci/woodpecker/pr/woodpecker Pipeline was successful
2023-01-22 16:26:41 -08:00
d394ab0a8a Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2023-01-15 18:58:26 +00:00
90088cce11 Support TLD wildcards in MRF matches
Fixes #431
2023-01-15 18:57:49 +00:00
63ce25f32c Merge pull request 'Correct og:description tag in static-fe' (#373) from sfr/akkoma:fix/og-description into develop
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Reviewed-on: #373
2023-01-15 18:15:20 +00:00
sfr
20cd8a0fc4 URL encode remote emoji pack names (#362)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
fix #246

Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: #362
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2023-01-15 18:14:04 +00:00
7ca9ce9d67 fix: Give error message to users when address has already been validated
Some checks failed
ci/woodpecker/pr/woodpecker Pipeline failed
Plus other errors.
2023-01-12 22:08:10 +01:00
ff5793198f add inbound language test
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2023-01-11 15:42:13 +00:00
78c44f31ca fix no-language-specified federation
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2023-01-11 15:25:34 +00:00
22068f0853 fix unused variable warnings
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
ci/woodpecker/pr/woodpecker Pipeline was successful
2023-01-10 10:58:17 +00:00
cc63a89b5d Fix tests 2023-01-10 10:29:17 +00:00
f86bf16430 Add language support on /api/v1/statuses 2023-01-10 10:29:17 +00:00
7695010268 Prune Objects --keep-threads option (#350)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
This adds an option to the prune_objects mix task.
The original way deleted all non-local public posts older than a certain time frame.
Here we add a different query which you can call using the option --keep-threads.

We query from the activities table all context id's where
    1. the newest activity with this context is still old
    2. none of the activities with this context is is local
    3. none of the activities with this context is bookmarked
and delete all objects with these contexts.

The idea is that posts with local activities (posts, replies, likes, repeats...) may be interesting to keep.
Besides that, a post lives in a certain context (the thread), so we keep the whole thread as well.

Caveats:
* ~~Quotes have a different context. Therefore, when someone quotes a post, it's possible the quoted post will still be deleted.~~ fixed in #379
* Although undocumented (in docs/docs/administration/CLI_tasks/database.md/#prune-old-remote-posts-from-the-database), the 'normal' delete action still kept old remote non-public posts. I added an option to keep this behaviour, but this also means that you now have to explicitly provide that option. **This could be considered a breaking change!**
* ~~Note that this removes from the objects table, but not from the activities.~~ See #427 for that.

Some statistics from explain analyse:
(cost=1402845.92..1933782.00 rows=3810907 width=62) (actual time=2562455.486..2562455.495 rows=0 loops=1)
 Planning Time: 505.327 ms
 Trigger for constraint chat_message_references_object_id_fkey: time=651939.797 calls=921740
 Trigger for constraint deliveries_object_id_fkey: time=52036.009 calls=921740
 Trigger for constraint hashtags_objects_object_id_fkey: time=20665.778 calls=921740
 Execution Time: 3287933.902 ms

***
**TODO**
1. [x] **Question:** Is it OK to keep it like this in regard to quote posts? If not (ie post quoted by local users should also be kept), should we give quotes the same context as the post they are quoting? (If we don't want to give them the same context, I'll have to see how/if I can do it without being too costly)
    * See #379
2. [x] **Question:** the "original" query only deletes public posts (this is undocumented, but you can check the code). This new one doesn't care for scope. From the docs I get that the idea is that posts can be refetched when needed. But I have from a trusted source that Pleroma can't refetch non-public posts. I assume that's the reason why they are kept here. I see different options to deal with this
    1. ~~We keep it as currently implemented and just don't care about scope with this option~~
    2. ~~We add logic to not delete non-public posts either (I'll have to see how costly that becomes)~~
    3. We add an extra --keep-non-public parameter. This is technically speaking breakage (you didn't have to provide a param before for this, now you do), but I'm inclined to not care much because it wasn't documented nor tested in the first place.
3. [x] See if we can do the query using Elixir
4. [x] Test on a bigger DB to see that we don't run into a timeout
5. [x] Add docs

Co-authored-by: ilja <git@ilja.space>
Reviewed-on: #350
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2023-01-09 22:15:41 +00:00
357f80a714 Merge pull request 'Changed references of "Pleroma" to "Akkoma" in email text' (#428) from knova/akkoma:develop into develop
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Reviewed-on: #428
2023-01-09 22:13:45 +00:00
a8cd859ef9 Use actual ISO8601 timestamps for masto API (#425)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Some users post posts with spoofed timestamp, and some clients will have issues with certain dates. Tusky for example crashes if the date is any sooner than 1 BCE (“year zero” in the representation).

I limited the range of what is considered a valid date to be somewhere between the years 1583 and 9999 (inclusive).

The numbers have been chosen because:

- ISO 8601 only allows years before 1583 with “mutual agreement”
- Years after 9999 could cause issues with certain clients as well

Co-authored-by: Charlotte 🦝 Delenk <lotte@chir.rs>
Reviewed-on: #425
Co-authored-by: darkkirb <lotte@chir.rs>
Co-committed-by: darkkirb <lotte@chir.rs>
2023-01-09 22:12:28 +00:00
13d943667e Changed references of "Pleroma" to "Akkoma" in email text
Some checks are pending
ci/woodpecker/pr/woodpecker Pipeline is pending
I know this is probably small peanuts in the grand scheme of things, but it bugged me when I was messing around with my own Akkoma instance.
2023-01-08 03:29:09 +00:00
f2b925f32c
exiftool doesn’t support JPEG XL either
Some checks are pending
ci/woodpecker/pr/woodpecker Pipeline is pending
2023-01-07 14:49:58 +01:00
b98fe4476c fix "exiftool not support svg files' (#421)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Faced with this issue today, Pleroma responds with status 400 (Bad request) if Exiftool.StripLocation is added to the list of filter modules for uploads. Here is logs:

```
13:27:25.201 [info] POST /api/v1/media

13:27:25.232 request_id=FzdspaAnrA6cyv0APgVR [error] Elixir.Pleroma.Upload.Filter: Filter Elixir.Pleroma.Upload.Filter.Exiftool.StripLocation failed: {:error, "Elixir.Pleroma.Upload.Filter.Exiftool.StripLocation: %ErlangError{original: :enoent}"}

13:27:25.232 request_id=FzdspaAnrA6cyv0APgVR [error] Elixir.Pleroma.Upload store (using Pleroma.Uploaders.Local) failed: "Elixir.Pleroma.Upload.Filter.Exiftool.StripLocation: %ErlangError{original: :enoent}"
```

# This fix solves this problem.

Reviewed-on: #421
Co-authored-by: ihor <ikandreew@gmail.com>
Co-committed-by: ihor <ikandreew@gmail.com>
2023-01-05 15:22:48 +00:00
336d06b2a8 Significantly tighten HTTP CSP
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2023-01-02 15:21:19 +00:00
57e51fe62c Migrate Pleroma.Web to phoenix 1.6 formats
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2023-01-02 03:29:02 +00:00
6e646c4cbc Use a genserver to periodically fetch metrics
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
ci/woodpecker/pr/woodpecker Pipeline was successful
Ref https://github.com/beam-telemetry/telemetry_metrics_prometheus_core/issues/52
2023-01-01 18:32:14 +00:00
c4b46ca460 Add /api/v1/followed_tags
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/pr/woodpecker Pipeline was successful
2022-12-31 18:09:34 +00:00
745e15468e Use same context for quote posts as the post that's being quoted (#379)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
See #350 (comment)

When making quotes through Mast-API, they will now have the same context as the quoted post. This also results in them being showed when fetching the thread. I checked Misskey to see how it's there, and they show the quotes there as well, see e.g. <https://mk.toast.cafe/notes/98u1g0tulg>.

An example from Akkoma:

Co-authored-by: ilja <git@ilja.space>
Reviewed-on: #379
Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-12-31 18:09:27 +00:00
b8f280b4b5 Rich media doesn't need to be a map
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-31 03:53:52 +00:00
bf7ff6a337 Put rich media processing in a Task
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-30 20:11:53 +00:00
Sol Fisher Romanoff
1d884fd914
Correct og:description tag in static-fe
All checks were successful
ci/woodpecker/pr/woodpecker Pipeline was successful
2022-12-30 07:14:54 +02:00
5d4c291d52 update references to pleroma in docs
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-30 03:43:35 +00:00
9be6caf125 argon2 password hashing (#406)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #406
2022-12-30 02:46:58 +00:00
a5e98083f2 Add link verification in profile fields (#405)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #405
2022-12-29 20:56:06 +00:00
5a405bdadf document dump_to_file and load_from_file
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-29 20:00:04 +00:00
d1bf8aa9ed Add dump_to_file and load_from_file tasks 2022-12-29 19:56:35 +00:00
af7c3fab98 Do not crash on invalid atom in configDB
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-21 00:16:39 +00:00
Atsuko Karagi
4a78c431cf Simplified HTTP signature processing
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-19 20:41:48 +00:00
Atsuko Karagi
e17c71a389 Respect restrict_unauthenticated in /api/v1/accounts/lookup 2022-12-19 20:32:16 +00:00
c092fc9fd6 Add translation module for Argos Translate (#351)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Argos Translate is a Python module for translation and can be used as a command line tool.

This is also the engine for LibreTranslate, for which we already have a module.
Here we can use the engine directly from our server without doing requests to a third party or having to install our own LibreTranslate webservice (obviously you do have to install Argos Translate).

One thing that's currently still missing from Argos Translate is auto-detection of languages (see <https://github.com/argosopentech/argos-translate/issues/9>). For now, when no source language is provided, we just return the text unchanged, supposedly translated from the target language. That way you get a near immediate response in pleroma-fe when clicking Translate, after which you can select the source language from a dropdown.

Argos Translate also doesn't seem to handle html very well. Therefore we give admins the option to strip the html before translating. I made this an option because I'm unsure if/how this will change in the future.

Co-authored-by: ilja <git@ilja.space>
Reviewed-on: #351
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-12-19 13:06:39 +00:00
233c4bb3ba revert 28ab09d377
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
revert Remove unused dependencies
2022-12-19 02:34:46 +00:00
28ab09d377 Remove unused dependencies
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-19 02:26:04 +00:00
3d546409b2 remove now-unused test
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-17 23:21:24 +00:00
52d8183787 drop admin scopes on create app instead of rejecting 2022-12-17 23:14:49 +00:00
dcac8adb3d Add option to modify HTTP pool size
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-16 18:33:00 +00:00
7b76fdeed3 update stats every 5 minutes 2022-12-16 17:22:56 +00:00
b91e671c0d add remote user count for the heck of it 2022-12-16 17:22:26 +00:00
1f5bc4d68a remove unused variable 2022-12-16 12:36:34 +00:00
9a320ba814 make 2fa UI less awful
Some checks failed
ci/woodpecker/push/woodpecker Pipeline is pending
ci/woodpecker/pr/woodpecker Pipeline failed
2022-12-16 11:50:25 +00:00
48d302a60f allow disabling prometheus entirely
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-16 11:17:04 +00:00
d1a0d93bf7 document prometheus 2022-12-16 10:24:36 +00:00
c2054f82ab allow users with admin:metrics to read app metrics
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-16 03:32:51 +00:00
b8be8192fb do not allow non-admins to register tokens with admin scopes
this didn't actually _do_ anything in the past,
the users would be prevented from accessing the resource,
but they shouldn't be able to even create them
2022-12-16 03:25:14 +00:00
e2320f870e Add prometheus metrics to router
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-15 02:02:07 +00:00
Tim Buchwaldt
29584197bb Measure stats-data 2022-12-15 01:04:56 +00:00
Tim Buchwaldt
63be819661 Take tesla telemetry 2022-12-15 01:04:56 +00:00
Tim Buchwaldt
0995fa1410 Track oban failures 2022-12-15 01:04:56 +00:00
Tim Buchwaldt
f8d3383179 Fix oban tags 2022-12-15 01:04:56 +00:00
Tim Buchwaldt
a06bb694c1 Listen to loopback 2022-12-15 01:04:56 +00:00
Tim Buchwaldt
1e9c2cd8ef Fix buckets for query timing 2022-12-15 01:04:56 +00:00
Tim Buchwaldt
33243c56e5 Start adding telemetry 2022-12-15 01:04:55 +00:00
07a48b9293 giant massive dep upgrade and dialyxir-found error emporium (#371)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #371
2022-12-14 12:38:48 +00:00
duponin
3e9c0b380a
Return 413 when an actor's banner or background exceeds the size limit 2022-12-12 17:28:14 -05:00
duponin
c9304962c3
Uploading an avatar media exceeding max size returns a 413
Until now it was returning a 500 because the upload plug were going
through the changeset and ending in the JSON encoder, which raised
because struct has to @derive the encoder.
2022-12-12 17:28:09 -05:00
77e9a52450 allow http AS profile in ld+json header
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-12 19:06:04 +00:00
9c71782861 Test removed HTTP adapter
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-11 23:50:31 +00:00
503827a3d9 Allow mock in http adapter checking
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-11 23:33:58 +00:00
f752126427 Remove quack, ensure adapter is finch
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-11 23:22:35 +00:00
e6da301296 Add diagnostics http
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-11 22:57:18 +00:00
9d9c26b833 Ensure Gun is Gone 2022-12-11 19:26:21 +00:00
affc910372 Remove hackney/gun in favour of finch 2022-12-11 19:19:31 +00:00
68894089e8 Do not fetch anything from blocked instances
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-10 00:09:45 +00:00
a1515f9a60 Add some extra info around possible nils
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-09 23:45:51 +00:00
2144ce5188 Merge pull request 'Magical patches' (#357) from magical-patches into develop
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Reviewed-on: #357
2022-12-09 21:12:49 +00:00
739ed14f54 Revert "mandate published on notes"
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/pr/woodpecker Pipeline was successful
This reverts commit e49b583147.
2022-12-09 20:59:26 +00:00
e49b583147 mandate published on notes
Some checks failed
ci/woodpecker/push/woodpecker Pipeline is pending
ci/woodpecker/pr/woodpecker Pipeline failed
fixes #356
2022-12-09 20:27:54 +00:00
f5a315f04c Add URL and code to :not_found errors
Ref #355
2022-12-09 20:13:31 +00:00
bc265bfd54 Underscore unused variable 2022-12-09 20:04:48 +00:00
dcf58a3c53 Do not pass transient undo-y activities through MRF 2022-12-09 20:01:38 +00:00
9db4c2429f Remove FollowBotPolicy 2022-12-09 19:59:27 +00:00
6f83ae27aa extend reject MRF to check if originating instance is blocked 2022-12-09 19:57:29 +00:00
4c0911592b
Skip posts in indexer where publish date is nil
Some checks are pending
ci/woodpecker/pr/woodpecker Pipeline is pending
2022-12-09 20:56:39 +01:00
d5828f1c5e Merge remote-tracking branch 'ilja/fix_tagpolicy_to_also_work_on_updates' into develop
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-09 10:31:22 +00:00
0eaec57d3f mix format
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-09 10:24:38 +00:00
ilja
1f863f0a36 Fix MRF policies to also work with Update
Some checks failed
ci/woodpecker/pr/woodpecker Pipeline failed
Objects who got updated would just pass through several of the MRF policies, undoing moderation in some situations.
In the relevant cases we now check not only for Create activities, but also Update activities.

I checked which ones checked explicitly on type Create using `grep '"type" => "Create"' lib/pleroma/web/activity_pub/mrf/*`.

The following from that list have not been changed:
* lib/pleroma/web/activity_pub/mrf/follow_bot_policy.ex
    * Not relevant for moderation
* lib/pleroma/web/activity_pub/mrf/keyword_policy.ex
    * Already had a test for Update
* lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
    * In practice only relevant when fetching old objects (e.g. through Like or Announce). These are always wrapped in a Create.
* lib/pleroma/web/activity_pub/mrf/reject_non_public.ex
    * We don't allow changing scope with Update, so not relevant here
2022-12-08 23:22:05 +01:00
ilja
ce517ff4e5 Fix tagpolicy to also work with Update
Some checks are pending
ci/woodpecker/pr/woodpecker Pipeline is pending
Objects who got updated would just pass the TagPolicy, undoing the moderation that was set in place for the Actor.
Now we check not only for Create activities, but also Update activities.
2022-12-08 21:53:42 +01:00
cb3ccf5f47 Add check for null reply_to_user
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-07 13:41:12 +00:00
1afba64464 Redirect to standard FE if logged in
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-12-07 13:35:00 +00:00
c7369d6d03 GOOGLE
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-07 11:41:24 +00:00
sfr
7c4b415929 static-fe overhaul (#236)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
makes static-fe look more like pleroma-fe, with the stylesheets matching pleroma-dark and pleroma-light based on `prefers-color-scheme`.

- [x] navbar
- [x] about sidebar
- [x] background image
- [x] statuses
  - [x] "reply to" or "edited" tags
- [x] accounts
  - [x] show more / show less
  - [x] posts / with replies / media / followers / following
    - [x] followers/following would require user card snippets
  - [x] admin/bot indicators
- [x] attachments
  - [x] nsfw attachments
- [x] fontawesome icons
- [x] clean up and sort css
- [x] add pleroma-light
- [x] replace hardcoded strings

also i forgot
- [x] repeated headers

how it looks + sneak peek at statuses:
![](https://akkoma.dev/attachments/c0d3a025-6987-4630-8eb9-5f4db6858359)

Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: #236
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2022-12-07 11:20:53 +00:00
09326ffa56 Diagnostics tasks (#348)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
a bunch of ways to get query plans to help with debugging

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #348
2022-12-07 11:12:34 +00:00
b058df3faa Allow dashes in domain name search
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-06 10:57:10 +00:00
d55de5debf Remerge of hashtag following (#341)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
this time with less idiot

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #341
2022-12-05 12:58:48 +00:00
ec6bf8c3f7 revert 4a94c9a31e
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
revert Add ability to follow hashtags (#336)

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #336
2022-12-04 20:04:09 +00:00
4a94c9a31e Add ability to follow hashtags (#336)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #336
2022-12-04 17:36:59 +00:00
6b882a2c0b Purge Rejected Follow requests in daily task (#334)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #334
2022-12-03 23:17:43 +00:00
1409f91d50 Add maskable to logo
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-12-02 12:00:56 +00:00
94b469cab0 Merge pull request 'Add PWA config' (#329) from pwa into develop
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Reviewed-on: #329
2022-12-02 11:13:29 +00:00
8d6cc6cb65 Resolve follow activity from accept/reject without ID (#328)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #328
2022-12-02 11:12:37 +00:00
bbf2e3f445 Add PWA info 2022-12-02 11:10:35 +00:00
db60640c5b Fixing up deletes a bit (#327)
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #327
2022-12-01 15:00:53 +00:00
0cfd5b4e89 Add ability to set a default post expiry (#321)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #321
2022-11-28 13:34:54 +00:00
ee7059c9cf Spin off imports into n oban jobs
Some checks failed
ci/woodpecker/push/woodpecker Pipeline is pending
ci/woodpecker/pr/woodpecker Pipeline failed
2022-11-27 21:45:41 +00:00
98a21debf9 normalise markup by default (#316)
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
why was this _not_ default?

honestly i'm surprised pleroma hasn't exploded yet

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #316
2022-11-26 21:06:20 +00:00
e3085c495c fix tests broken by relay defaults changing (#314)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #314
2022-11-26 20:45:47 +00:00
@r3g_5z@plem.sapphic.site
565ead8397 minor-changes (#313)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Only real change here is making MRF rejects log as debug instead of info (#234)

I don't know if it's the best way to do it, but it seems it's just MRF using this and almost always this is intended.

The rest are just minor docs changes and syncing the restricted nicknames stuff.

I compiled and ran my changes with Docker and they all work.

Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: #313
Co-authored-by: @r3g_5z@plem.sapphic.site <june@girlboss.ceo>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@girlboss.ceo>
2022-11-26 19:27:58 +00:00
a90c45b7e9 Add Signed Fetch Statistics (#312)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Close #304.

Notes:
 - This patch was made on top of Pleroma develop, so I created a separate cachex worker for request signature actions, instead of Akkoma's instance cache. If that is a merge blocker, I can attempt to move logic around for that.
 - Regarding the `has_request_signatures: true -> false` state transition: I think that is a higher level thing (resetting instance state on new instance actor key) which is separate from the changes relevant to this one.

Co-authored-by: Luna <git@l4.pm>
Reviewed-on: #312
Co-authored-by: @luna@f.l4.pm <akkoma@l4.pm>
Co-committed-by: @luna@f.l4.pm <akkoma@l4.pm>
2022-11-26 19:22:56 +00:00
2fe1484ed3 http timeout config (#307)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Ref https://meta.akkoma.dev/t/increase-timeout-on-libretranslate-request-how/156/2

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #307
2022-11-24 12:27:16 +00:00
ave
1c4ca20ff7 Change follow_operation schema to use type BooleanLike (#301)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Changes follow_operation schema to use BooleanLike instead of :boolean so that strings like "0" and "1" (used by mastodon.py) can be accepted. Rest of file uses the same. For more info please see https://git.pleroma.social/pleroma/pleroma/-/issues/2999

(I'm also sending this here as I'm not hopeful about upstream not ignoring  it)

Co-authored-by: ave <ave@ave.zone>
Reviewed-on: #301
Co-authored-by: ave <ave@noreply.akkoma>
Co-committed-by: ave <ave@noreply.akkoma>
2022-11-24 11:27:01 +00:00
6223e2ea3e Merge pull request 'Additional timeline query improvements from upstream' (#291) from norm/akkoma:timeline-query-improvements into develop
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Reviewed-on: #291
2022-11-20 21:53:24 +00:00
@r3g_5z@plem.sapphic.site
0e4c201f8d HTTP header improvements (#294)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
- Drop Expect-CT

Expect-CT has been redundant since 2018 when Certificate Transparency became mandated and required for all CAs and browsers. This header is only implemented in Chrome and is now deprecated. HTTP header analysers do not check this anymore as this is enforced by default. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT

- Raise HSTS to 2 years and explicitly preload

The longer age for HSTS, the better. Header analysers prefer 2 years over 1 year now as free TLS is very common using Let's Encrypt.
For HSTS to be fully effective, you need to submit your root domain (domain.tld) to https://hstspreload.org. However, a requirement for this is the "preload" directive in Strict-Transport-Security. If you do not have "preload", it will reject your domain.

- Drop X-Download-Options

This is an IE8-era header when Adobe products used to use the IE engine for making outbound web requests to embed webpages in things like Adobe Acrobat (PDFs). Modern apps are using Microsoft Edge WebView2 or Chromium Embedded Framework. No modern browser checks or header analyser check for this.

- Set base-uri to 'none'

This is to specify the domain for relative links (`<base>` HTML tag). pleroma-fe does not use this and it's an incredibly niche tag.

I use all of these myself on my instance by rewriting the headers with zero problems. No breakage observed.

I have not compiled my Elixr changes, but I don't see why they'd break.

Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: #294
Co-authored-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
2022-11-20 21:20:06 +00:00
r3g_5z
f90552f62e
Drop XSS auditor
All checks were successful
ci/woodpecker/pr/woodpecker Pipeline was successful
It's deprecated, removed in some, by all modern browsers and is known
to create XSS vulnerabilities in itself.

Signed-off-by: r3g_5z <june@terezi.dev>
2022-11-19 20:40:20 -05:00
0022fa7d49
Add same optimized join for excluding invisible users
Some checks failed
ci/woodpecker/pr/woodpecker Pipeline failed
2022-11-19 15:12:24 -05:00
11fc1beba5
Fix reports which do not have a user
The check for deactivated users was being applied to report activities.
2022-11-19 15:12:16 -05:00
e1e0d5d759 microblogpub federation fixes (#288)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #288
2022-11-18 11:14:35 +00:00
Haelwenn (lanodan) Monnier
3e0a5851e5 Set instance reachable on fetch
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2022-11-15 17:23:47 +00:00
2a1f17e3ed and i yoink (#275)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Co-authored-by: Mark Felder <feld@feld.me>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #275
2022-11-14 15:07:26 +00:00
c1127e321b Add configurable timeline per oban job (#273)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Heavily inspired by https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3777

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #273
2022-11-13 23:55:51 +00:00
89dbc7177b Chores for 2022.11
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
ci/woodpecker/pr/woodpecker Pipeline is pending
2022-11-11 16:12:04 +00:00
ac0c00cdee Add media sources to connect-src if media proxy is enabled
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2022-11-10 17:26:51 +00:00
bab1ab5b6c strip \r and \r from content-disposition filenames 2022-11-10 11:54:12 +00:00
cc6a076202 Include requested_by in relationship (#260)
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #260
2022-11-10 03:16:32 +00:00
0681a26dbb Remove unused pattern
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-11-08 13:54:43 +00:00
4e8ab0deeb fix count of poll voters
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
2022-11-08 13:50:04 +00:00