AkkomaGang/akkoma
AkkomaGang/akkoma
15
66
Fork 94
Code Issues 180 Pull requests 28 Projects 2 Releases 14 Packages Wiki Activity
15488 commits 27 branches 108 tags 341 MiB
Commit graph

869 commits

Author SHA1 Message Date
Oneric
59a142e0b0 Never fetch resource from ourselves 
If it’s not already in the database,
it must be counterfeit (or just not exists at all)

Changed test URLs were only ever used from "local: false" users anyway.
 2024-03-25 14:05:05 -01:00
Oneric
d6d838cbe8 StealEmoji: check remote size before downloading 
To save on bandwith and avoid OOMs with large files.
Ofc, this relies on the remote server
 (a) sending a content-length header and
 (b) being honest about the size.

Common fedi servers seem to provide the header and (b) at least raises
the required privilege of an malicious actor to a server infrastructure
admin of an explicitly allowed host.

A more complete defense which still works when faced with
a malicious server requires changes in upstream Finch;
see https://github.com/sneako/finch/issues/224
 2024-03-18 22:33:10 -01:00
Oneric
6d003e1acd test/steal_emoji: consolidate configuration setup 2024-03-18 22:33:10 -01:00
Oneric
d1ce5fd911 test/steal_emoji: reduce code duplication with mock macro 2024-03-18 22:33:10 -01:00
Oneric
ee5ce87825 test: use pack functions to check for emoji 
The hardocded path and filenames assumptions
will be broken with the next commit.
 2024-03-18 22:33:10 -01:00
Oneric
a8c6c780b4 StealEmoji: use Content-Type and reject non-images 
E.g. *key’s emoji URLs typically don’t have file extensions, but
until now we just slapped ".png" at its end hoping for the best.

Furthermore, this gives us a chance to actually reject non-images,
which before was not feasible exatly due to those extension-less URLs
 2024-03-18 22:33:10 -01:00
Oneric
0ec62acb9d Always insert Dedupe upload filter 
This actually was already intended before to eradict all future
path-traversal-style exploits and to fix issues with some
characters like akkoma#610 in 0b2ec0ccee. However, Dedupe and
AnonymizeFilename got mixed up. The latter only anonymises the name
in Content-Disposition headers GET parameters (with link_name),
_not_ the upload path.

Even without Dedupe, the upload path is prefixed by an UUID,
so it _should_ already be hard to guess for attackers. But now
we actually can be sure no path shenanigangs occur, uploads
reliably work and save some disk space.

While this makes the final path predictable, this prediction is
not exploitable. Insertion of a back-reference to the upload
itself requires pulling off a successfull preimage attack against
SHA-256, which is deemed infeasible for the foreseeable futures.

Dedupe was already included in the default list in config.exs
since 28cfb2c37a, but this will get overridde by whatever the
config generated by the "pleroma.instance gen" task chose.

Upload+delete tests running in parallel using Dedupe might be flaky, but
this was already true before and needs its own commit to fix eventually.
 2024-03-18 22:33:10 -01:00
floatingghost
7d61fb0906 Merge pull request 'Fix static-fe Twitter metadata / URL previews' (#700) from Oneric/akkoma:staticfe-metadata into develop
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details 
Reviewed-on: #700
 2024-02-24 13:42:55 +00:00
Oneric
c08f49d88e Add tests for static-fe metadata tags
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
2024-02-21 00:33:32 +00:00
Haelwenn (lanodan) Monnier
7d94476dd6 StealEmojiPolicy: Sanitize shortcodes
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details 
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3245
 2024-02-20 11:19:00 +01:00
floatingghost
289f93f5a2 Merge pull request 'Return last_status_at as date, not datetime' (#681) from katafrakt/akkoma:fix-last-status-at into develop
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details 
Reviewed-on: #681
 2024-02-17 11:37:19 +00:00
Oneric
e99e2407f3 Add background_removal to SimplePolicy MRF
Some checks failed
ci/woodpecker/pr/lint Pipeline was successful
Details
ci/woodpecker/pr/test Pipeline failed
Details
ci/woodpecker/pr/build-arm64 unknown status
Details
ci/woodpecker/pr/build-amd64 unknown status
Details
ci/woodpecker/pr/docs unknown status
Details
2024-02-16 16:36:45 +01:00
Oneric
7622aa27ca Federate user profile background 
Currently our own frontend doesn’t show backgrounds of other users, this
property is already publicly readable via REST API and likely was always
intended to be shown and federated.

Recently Sharkey added support for profile backgrounds and
immediately made them federate and be displayed to others.
We use the same AP field as Sharkey here which should make
it interoperable both ways out-of-the-box.

Ref.: 4e64397635
 2024-02-16 16:35:51 +01:00
FloatingGhost
0ed815b8a1 Merge branch 'followback' into develop
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details
2024-02-16 13:27:40 +00:00
floatingghost
c5dcd07e08 Merge pull request 'Fix OpenAPI spec for preferred_frontend endpoint' (#680) from katafrakt/akkoma:fix-openapi-spec-for-preferred-frontend into develop
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details 
Reviewed-on: #680
 2024-02-16 12:21:00 +00:00
Oneric
376f6b15ca Add ability to auto-approve followbacks
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details 
Resolves: #148
 2024-02-13 15:42:37 +01:00
Paweł Świątkowski
df21b61829
Return last_status_at as date, not datetime
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
2024-02-05 21:42:15 +01:00
floatingghost
e97d08ee98 Merge pull request 'MRF transparency: don’t forget to obfuscate short domains' (#676) from Oneric/akkoma:mrf-obfuscation into develop
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details 
Reviewed-on: #676
 2024-02-05 08:43:43 +00:00
Paweł Świątkowski
d7d159c49f
Fix OpenAPI spec for preferred_frontend endpoint
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details 
The spec was copied from another endpoint, including the operation id,
leading to scrubbing the valid parameters from the request and simply
not working.
 2024-02-03 14:27:45 +01:00
Oneric
e47c50666d Fix obfuscation of short domains 
Fixes #645
 2024-02-02 14:50:13 +00:00
Aria
77000b8ffd update tests for oauth consumer
Some checks failed
ci/woodpecker/pr/lint Pipeline was successful
Details
ci/woodpecker/pr/test Pipeline was successful
Details
ci/woodpecker/pr/build-arm64 unknown status
Details
ci/woodpecker/pr/build-amd64 unknown status
Details
ci/woodpecker/pr/docs unknown status
Details
2023-12-17 21:48:19 +00:00
Lain Soykaf
c3098e9c56 UserViewTest: Add basice service actor test. 2023-12-15 16:31:51 +00:00
FloatingGhost
033b7b04e0 update captcha version
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details
2023-10-20 13:30:29 +01:00
FloatingGhost
063e3c0d34 Disallow nil hosts in should_federate
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
Details
ci/woodpecker/push/test Pipeline was successful
Details
ci/woodpecker/push/build-arm64 Pipeline was successful
Details
ci/woodpecker/push/build-amd64 Pipeline was successful
Details
ci/woodpecker/push/docs Pipeline was successful
Details
2023-08-15 23:12:04 +01:00
FloatingGhost
6cb40bee26 Migrate to phoenix 1.7 (#626)
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
Details
ci/woodpecker/push/test Pipeline was successful
Details
ci/woodpecker/push/build-arm64 Pipeline was successful
Details
ci/woodpecker/push/build-amd64 Pipeline was successful
Details
ci/woodpecker/push/docs Pipeline was successful
Details 
Closes #612

Co-authored-by: tusooa <tusooa@kazv.moe>
Reviewed-on: #626
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Co-committed-by: FloatingGhost <hannah@coffee-and-dreams.uk>
 2023-08-15 10:22:18 +00:00
Joshua Goins
c22ecac567 mastodon_api: Add /api/v1/preferences endpoint
Some checks failed
ci/woodpecker/pr/test Pipeline was successful
Details
ci/woodpecker/pr/build-arm64 unknown status
Details
ci/woodpecker/pr/build-amd64 unknown status
Details
ci/woodpecker/pr/docs unknown status
Details 
Implements the preferences endpoint in the Mastodon API, but returns
default values for most of the preferences right now. The only supported
preference we can access is default post visibility, and a relevant test
is added as well.
 2023-08-12 09:28:24 -04:00
FloatingGhost
0c21341156 Fix signature checking
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
2023-08-07 16:17:17 +01:00
FloatingGhost
7825798e32 Add XML matcher 2023-08-07 11:12:14 +01:00
FloatingGhost
650c0c0f62 Allow max_id to be at the end of the querystring 2023-08-06 16:44:25 +01:00
mae
d868348fac Completely disable xml entity resolution
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
2023-08-05 12:32:05 +00:00
FloatingGhost
9c7409808f Add unit test for external entity loading
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details
2023-08-04 22:24:32 +01:00
FloatingGhost
0b2ec0ccee Enable AnonymizeFilenames on all uploads
Some checks failed
ci/woodpecker/push/test Pipeline was successful
Details
ci/woodpecker/push/build-amd64 Pipeline failed
Details
ci/woodpecker/push/docs unknown status
Details
ci/woodpecker/push/build-arm64 Pipeline was successful
Details
2023-08-04 15:37:15 +01:00
FloatingGhost
723bd123a0 Correct ordering for block/mutes 2023-08-04 15:18:07 +01:00
FloatingGhost
64e233ca20 Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
FloatingGhost
f4fe4fcbcc More static stuff
Some checks failed
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline failed
Details
ci/woodpecker/pr/build-arm64 unknown status
Details
ci/woodpecker/pr/build-amd64 unknown status
Details
ci/woodpecker/pr/docs unknown status
Details
2023-08-03 23:00:30 +01:00
FloatingGhost
02071ab9b4 bah
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details
2023-08-03 18:40:13 +01:00
FloatingGhost
98cb255d12 Support elixir1.15
Some checks failed
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline failed
Details
ci/woodpecker/pr/build-amd64 unknown status
Details
ci/woodpecker/pr/build-arm64 unknown status
Details
ci/woodpecker/pr/docs unknown status
Details 
OTP builds to 1.15

Changelog entry

Ensure policies are fully loaded

Fix :warn

use main branch for linkify

Fix warn in tests

Migrations for phoenix 1.17

Revert "Migrations for phoenix 1.17"

This reverts commit 6a3b2f15b7.

Oban upgrade

Add default empty whitelist

mix format

limit test to amd64

OTP 26 tests for 1.15

use OTP_VERSION tag

baka

just 1.15

Massive deps update

Update locale, deps

Mix format

shell????

multiline???

?

max cases 1

use assert_recieve

don't put_env in async tests

don't async conn/fs tests

mix format

FIx some uploader issues

Fix tests
 2023-08-03 17:44:09 +01:00
FloatingGhost
b65aafe1e3 Fix tests breaking on config changes 2023-08-02 12:05:30 +01:00
Walter Huf
c38f1aefb1 Add unit tests for Utils.user_name_string
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
2023-07-28 07:35:00 -07:00
Walter Huf
1377ec33fe Add a unit test for custom WebFinger domain
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
2023-07-27 09:01:46 -07:00
Weblate
eba3cce77b Update translation files
Some checks failed
ci/woodpecker/push/test Pipeline was successful
Details
ci/woodpecker/push/build-arm64 Pipeline failed
Details
ci/woodpecker/push/docs unknown status
Details
ci/woodpecker/push/build-amd64 Pipeline failed
Details 
Updated by "Squash Git commits" hook in Weblate.

Translation: Pleroma fe/Akkoma Backend (Config Descriptions)
Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/
 2023-07-27 13:14:05 +00:00
floatingghost
6db8ab7c94 Merge pull request 'Varied selection of Pleroma cherry-picks' (#567) from XxXCertifiedForkliftDriverXxX/akkoma:cherry-picks into develop
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Details 
Reviewed-on: #567
 2023-07-27 12:53:56 +00:00
FloatingGhost
c63ae73bc0 Add embed controller tests 2023-07-17 19:18:21 +01:00
FloatingGhost
8fe29bf5d2 Exclude deactivated users from emoji reaction lists
Some checks failed
ci/woodpecker/push/woodpecker Pipeline is pending
Details
ci/woodpecker/pr/woodpecker Pipeline failed
Details
2023-07-17 17:53:03 +01:00
XxXCertifiedForkliftDriverXxX
07b478dc49 Implement blocklists for MediaProxy
Some checks are pending
ci/woodpecker/pr/woodpecker Pipeline is pending
Details
2023-06-26 15:18:31 +02:00
tusooa
c0a01e73cf Enforce unauth restrictions for public streaming endpoints
Some checks failed
ci/woodpecker/pr/woodpecker Pipeline failed
Details
2023-06-14 22:45:19 +00:00
tusooa
fee6e2aac4 Fix deleting banned users' statuses 2023-06-14 22:45:19 +00:00
Haelwenn (lanodan) Monnier
8669a0abcb UploadedMedia: Increase readability via ~s sigil 2023-06-14 22:45:19 +00:00
Haelwenn (lanodan) Monnier
37b0d774fa UploadedMedia: Add missing disposition_type to Content-Disposition 
Set it to `inline` because the vast majority of what's sent is multimedia
content while `attachment` would have the side-effect of triggering a
download dialog.

Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3114
 2023-06-14 22:45:19 +00:00
tusooa
1def80c2e7 Fix existing tests 2023-06-14 22:45:19 +00:00