AkkomaGang/akkoma
AkkomaGang/akkoma
15
65
Fork 91
Code Issues 173 Pull requests 21 Projects 2 Releases 14 Packages Wiki Activity
15503 commits 26 branches 107 tags 317 MiB
Commit graph

1634 commits

Author SHA1 Message Date
FloatingGhost
61621ebdbc Add tests for extra warnings about media subdomains 2024-04-02 10:54:53 +01:00
Oneric
0648d9ebaa Add mix tasks to detect spoofed posts and users 
At least as far as we can
 2024-03-26 16:05:20 -01:00
Oneric
d441101200 Add mix task to detect uploaded spoof payloads 2024-03-26 16:05:20 -01:00
Oneric
d6d838cbe8 StealEmoji: check remote size before downloading 
To save on bandwith and avoid OOMs with large files.
Ofc, this relies on the remote server
 (a) sending a content-length header and
 (b) being honest about the size.

Common fedi servers seem to provide the header and (b) at least raises
the required privilege of an malicious actor to a server infrastructure
admin of an explicitly allowed host.

A more complete defense which still works when faced with
a malicious server requires changes in upstream Finch;
see https://github.com/sneako/finch/issues/224
 2024-03-18 22:33:10 -01:00
Oneric
fb54c47f0b Update example nginx config 
To account for our subdomain recommendations
 2024-03-18 22:33:10 -01:00
Oneric
fc36b04016 Drop media proxy same-domain default for base_url 
Even more than with user uploads, a same-domain proxy setup bears
significant security risks due to serving untrusted content under
the main domain space.

A risky setup like that should never be the default.
 2024-03-18 22:33:10 -01:00
Oneric
0ec62acb9d Always insert Dedupe upload filter 
This actually was already intended before to eradict all future
path-traversal-style exploits and to fix issues with some
characters like akkoma#610 in 0b2ec0ccee. However, Dedupe and
AnonymizeFilename got mixed up. The latter only anonymises the name
in Content-Disposition headers GET parameters (with link_name),
_not_ the upload path.

Even without Dedupe, the upload path is prefixed by an UUID,
so it _should_ already be hard to guess for attackers. But now
we actually can be sure no path shenanigangs occur, uploads
reliably work and save some disk space.

While this makes the final path predictable, this prediction is
not exploitable. Insertion of a back-reference to the upload
itself requires pulling off a successfull preimage attack against
SHA-256, which is deemed infeasible for the foreseeable futures.

Dedupe was already included in the default list in config.exs
since 28cfb2c37a, but this will get overridde by whatever the
config generated by the "pleroma.instance gen" task chose.

Upload+delete tests running in parallel using Dedupe might be flaky, but
this was already true before and needs its own commit to fix eventually.
 2024-03-18 22:33:10 -01:00
Oneric
fef773ca35 Drop media base_url default and recommend different domain 
Same-domain setups enabled now at least two exploits,
so they ought to be discouraged and definitely not be the default.
 2024-03-18 22:33:10 -01:00
floatingghost
cdf73e0ac8 Merge pull request 'Better document database differences for Pleroma migrations' (#699) from Oneric/akkoma:doc_pleroma-migration-db into develop
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details 
Reviewed-on: #699
 2024-02-24 04:33:43 +00:00
floatingghost
967e6b8ade Merge pull request 'Docs: Add description for mrf_reject_newly_created_account_notes' (#695) from YokaiRick/akkoma:doc_mrf_reject_acc_notes into develop
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details 
Reviewed-on: #695
 2024-02-24 04:31:28 +00:00
Oneric
bff2812a93 More prominently document db migrations in migrations from Pleroma
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details 
By now most instance will run a version past 2022-08 but the guide
only documented it for from source installs and Pleroma develop.
 2024-02-23 23:54:14 +01:00
Oneric
7964272c98 Document how to avoid data loss on migration from Pleroma 2024-02-23 23:54:09 +01:00
rick
c25cfe9b7a fixed spelling
Some checks failed
ci/woodpecker/pr/lint Pipeline was successful
Details
ci/woodpecker/pr/test Pipeline failed
Details
ci/woodpecker/pr/build-arm64 unknown status
Details
ci/woodpecker/pr/build-amd64 unknown status
Details
ci/woodpecker/pr/docs unknown status
Details
2024-02-19 23:25:20 +01:00
Oneric
41dd37d796 doc/cheatsheet: add missing MRFs
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details 
Or mentions of MRFs in the main list
whose options were already documented.
 2024-02-19 23:15:47 +01:00
Oneric
9830d54fa1 doc/cheatsheet: sort main MRF list alphabetically 
It is too cumbersome to find a specific policy atm
or to check if all are docuemtned yet.
Trivial placeholder policies are excluded from this.
 2024-02-19 23:15:30 +01:00
Oneric
f254e4f530 doc/cheatsheet: add missing MRF config detail docs 
And remove “on by default” text from individual entries.
They are now laready in the “on by default” section.
 2024-02-19 23:14:44 +01:00
Oneric
da4190c46e doc/cheatsheet: split out always active MRFs 
It doesn’t make sense to add/remove them from the policies list
 2024-02-19 23:14:24 +01:00
Oneric
7a2d68c3ab doc/cheatsheet: add link to ActivityExpiration config details 2024-02-19 23:14:07 +01:00
Oneric
8e7a89605d doc/cheatsheet: move MRF policies key to end of section 
This makes it easier to spot the transparency options
 2024-02-19 23:13:48 +01:00
Oneric
1640d19448 doc/cheatsheet: move :activitypub section ahead 
Else it is too easy to mistake for another MRF policy.
 2024-02-19 23:13:25 +01:00
Oneric
8f1776a8a7 Purge leftovers from FollowBot MRF 
It was dropped in 9db4c2429f
 2024-02-19 23:13:05 +01:00
Oneric
1ec6e193e6 doc: clarify RejectNewlyCreated uses local account discovery 2024-02-19 23:12:41 +01:00
stefan230
b4c832471c docs/docs/configuration/cheatsheet.md aktualisiert 
fixed up some grammer / wording. removed a setence and made wording more in line with what I could find in Admin-FE (especially wording of "rejecting" vs. dropping)
 2024-02-17 22:09:47 +00:00
rick
db49daa4a5 make it clearer what it affects
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
2024-02-17 22:57:56 +01:00
rick
718104117f fix link
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
2024-02-17 22:34:55 +01:00
rick
12e7d0a25c added doc for mrf_reject_newly_created_account_notes 2024-02-17 22:25:12 +01:00
Erin Shepherd
7a0e27a746 Disable busy waits in the default OTP vm.args configuration.
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details 
This vastly reduces idle CPU usage, which should generally be beneficial
for most small-to-medium sized instances.

Additionally update the documentation to specify how to override the vm.args
file for OTP installs
 2024-02-17 13:21:56 +01:00
Oneric
e99e2407f3 Add background_removal to SimplePolicy MRF
Some checks failed
ci/woodpecker/pr/lint Pipeline was successful
Details
ci/woodpecker/pr/test Pipeline failed
Details
ci/woodpecker/pr/build-arm64 unknown status
Details
ci/woodpecker/pr/build-amd64 unknown status
Details
ci/woodpecker/pr/docs unknown status
Details
2024-02-16 16:36:45 +01:00
FloatingGhost
0ed815b8a1 Merge branch 'followback' into develop
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details
2024-02-16 13:27:40 +00:00
Oneric
cda597a05c doc: fix Akkoma identification name
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details 
Akkoma stopped pretending to be Pleroma here when the mix project name
was changed in c07fcdbf2b.
 2024-02-15 16:25:59 +01:00
Oneric
711043f57d Document bubble timeline API 
It was added in cb6e7359af.
 2024-02-15 16:04:33 +01:00
Oneric
6bb455702d Document Akkoma API 2024-02-15 16:04:33 +01:00
Oneric
7493d8f49d Document live dashboard 2024-02-15 16:04:33 +01:00
Oneric
376f6b15ca Add ability to auto-approve followbacks
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details 
Resolves: #148
 2024-02-13 15:42:37 +01:00
Oneric
13e62b4e51 Fix schema and docs for status_ttl_days and instance 
Fixes misspelling and omission of and example in commit
0cfd5b4e89 which added the
status_ttl_property. This was the only place this commit
referred to the property as note_ttl_days.

Partially fixes the omitted schema update of the instance metadata addition
from commit b7e8ce2350. A proper full schema
for nodeinfo is still missing.
 2024-02-13 15:39:52 +01:00
floatingghost
e97d08ee98 Merge pull request 'MRF transparency: don’t forget to obfuscate short domains' (#676) from Oneric/akkoma:mrf-obfuscation into develop
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details 
Reviewed-on: #676
 2024-02-05 08:43:43 +00:00
Oneric
3cd882528e More prominently document MRF transparency and obfuscation
All checks were successful
ci/woodpecker/pr/lint Pipeline was successful
Details
ci/woodpecker/pr/test Pipeline was successful
Details
ci/woodpecker/pr/build-amd64 Pipeline was successful
Details
ci/woodpecker/pr/build-arm64 Pipeline was successful
Details
ci/woodpecker/pr/docs Pipeline was successful
Details 
And point to the cheat sheet for all other MRF policies
and their configuration details.
 2024-02-02 14:50:21 +00:00
Aria
a074be24ca add bit about frontend configuration to oauth consumer docs 2023-12-17 19:36:27 +00:00
FloatingGhost
74d5e22fc5 fix robotstxt on OTP
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details
2023-12-15 16:23:20 +00:00
floatingghost
bc22ea50ab Merge pull request 'docs: Fixed wrong command for robots_txt CLI task' (#632) from yukijoou/akkoma:docs-robotstxt-fix into develop
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details 
Reviewed-on: #632
 2023-12-15 16:21:17 +00:00
FloatingGhost
fb700a956a correct link 2023-11-02 11:40:19 +00:00
yuki joou
32422a7a04 docs: Fixed wrong command for robots_txt CLI task
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details 
This is according to the error message displayed when trying to run the
command in the current version of the docs
 2023-08-18 13:25:52 +00:00
y0nei
0617090743
Note about Docker installations in backup section
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
2023-08-17 16:51:53 +02:00
FloatingGhost
f7ea0a1248 bump OTP required
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details
2023-08-16 23:01:02 +01:00
FloatingGhost
6139c3346d Add extra rollbacks to pleroma develop
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/lint Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details
2023-08-16 22:49:23 +01:00
YokaiRick
76ba400c6d nginx subdir is missing in otp builds
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
2023-08-12 22:09:32 +00:00
YokaiRick
655c282de3 update docs nginx subdir in akkoma/installation is gone 2023-08-12 21:59:30 +00:00
Norm
9a7c30fc90
Update OTP docs to mention arm64 in prerequisites
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
2023-08-05 10:39:03 -04:00
Sandra Snan
2556f44219 Fix typo in frontend management docs
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
Details
ci/woodpecker/push/build-arm64 Pipeline is pending
Details
ci/woodpecker/push/docs Pipeline is pending
Details
ci/woodpecker/push/test Pipeline is pending
Details
2023-08-04 22:34:39 +01:00
FloatingGhost
8fd74548ff Combine ubuntu and debian builds
Some checks failed
ci/woodpecker/push/test Pipeline was successful
Details
ci/woodpecker/push/build-amd64 Pipeline failed
Details
ci/woodpecker/push/build-arm64 Pipeline failed
Details
ci/woodpecker/push/docs unknown status
Details
2023-08-04 20:37:17 +01:00