akkoma

Author	SHA1	Message	Date
Floatingghost	f15eded3e1	Add extra test case for nonsense field, increase timeouts Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-27 02:09:48 +01:00
Floatingghost	da67e69af5	Allow for attachment to be a single object in user data Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-26 17:09:26 +01:00
Oneric	b0a46c1e2e	Normalise public adressing to fix federation Some checks are pending ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details Due to JSON-LD compaction the full address of public scope may also occur in shorter forms and the spec requires us to treat them all equivalently. To save us the pain of repeatedly checking for all variants internally, normalise inbound data to just one form. See note at: https://www.w3.org/TR/activitypub/#public-addressing This needs to happen very early, even before the other addressing fixes else an earlier validator will reject the object. This in turn required to move the list-tpye normalisation earlier as well, but since I was unsure about putting empty lists into the data when no such field existed before, I excluded this case and thus the later fixing had to be kept as well. Fixes: #670	2024-04-25 18:45:16 +02:00
floatingghost	764dbeded4	Merge pull request 'Accept all standard actor types' (#751 ) from Oneric/akkoma:all-actor-types into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #751	2024-04-24 17:09:02 +00:00
Oneric	83f75c3e93	Accept all standard actor types Some checks failed ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-04-23 18:14:34 +02:00
Floatingghost	92168fa5a1	Merge remote-tracking branch 'origin/develop' into who-wants-to-yeet-c2s-i-want-to-yeet-c2s Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-04-23 14:37:05 +01:00
Floatingghost	3e199242b0	remove upload_media from AP representation Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-04-23 14:35:52 +01:00
Floatingghost	1ed975636b	Keep READ endpoints, purge WRITE Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-04-19 11:06:01 +01:00
Floatingghost	ddb8a5ef73	yeet AP C2S support literally nothing uses C2S AP, and it's another route into core systems which requires analysis and maintenance. A second API is just extra surface for potentially bad things so let's take it out back and obliterate it	2024-04-16 13:55:03 +01:00
Floatingghost	2fc25980d1	fix pattern matching in fetch errors Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-04-13 23:55:26 +01:00
Floatingghost	49ed27cd96	require logger	2024-04-13 22:25:31 +01:00
Mark Felder	d69cba1b93	Remove duplicate log messages from Transmogrifier Object fetch errors are logged in the fetcher module	2024-04-12 20:31:31 +01:00
Mark Felder	eeed051a0f	Fix detection of user follower collection being private We were overzealous with matching on a raw error from the object fetch that should have never been relied on like this. If we can't fetch successfully we should assume that the collection is private. Building a more expressive and universal error struct to match on may be something to consider.	2024-04-12 20:29:11 +01:00
Floatingghost	df25d86999	Cleaned up FEP-fffd commits a bit Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-04-12 18:50:57 +01:00
floatingghost	4887df12d7	Merge pull request 'Allow for url to be a list' (#718 ) from helge/akkoma:develop into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #718	2024-04-12 17:39:38 +00:00
floatingghost	e6ca2b4d2a	Merge pull request 'Fix array-less EmojiReacts' (#739 ) from Oneric/akkoma:tag-arrayless into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #739	2024-04-12 17:26:07 +00:00
floatingghost	8e60177466	Merge pull request 'MRF.InlineQuotePolicy: Add link to post URL, not ID' (#733 ) from erincandescent/akkoma:quote-url into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #733	2024-04-12 17:02:52 +00:00
Erin Shepherd	75d9e2b375	MRF.InlineQuotePolicy: Add link to post URL, not ID Some checks failed ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline failed Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details "id" is used for the canonical link to the AS2 representation of an object. "url" is typically used for the canonical link to the HTTP representation. It is what we use, for example, when following the "external source" link in the frontend. However, it's not the link we include in the post contents for quote posts. Using URL instead means we include a more user-friendly URL for Mastodon, and a working (in the browser) URL for Threads	2024-04-12 13:23:50 +02:00
Oneric	462225880a	Accept EmojiReacts with non-array tag Some checks failed ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline failed Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details JSON-LD compaction strips the array since it’s just one object Fixes: #720	2024-04-09 04:04:16 +02:00
floatingghost	554f19a9ed	Merge pull request 'Refresh Users much more aggressively when processing Move activities' (#714 ) from erincandescent/akkoma:move-bust-cache into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #714	2024-04-03 10:03:14 +00:00
Oneric	48b3a35793	Update user reference after fetch Since we always followed redirects (and until recently allowed fuzzy id matches), the ap_id of the received object might differ from the iniital fetch url. This lead to us mistakenly trying to insert a new user with the same nickname, ap_id, etc as an existing user (which will fail due to uniqueness constraints) instead of updating the existing one.	2024-03-25 14:05:05 -01:00
Oneric	f07eb4cb55	Sanity check fetched user data In order to properly process incoming notes we need to be able to map the key id back to an actor. Also, check collections actually belong to the same server. Key ids of Hubzilla and Bridgy samples were updated to what modern versions of those output. If anything still uses the old format, we would not be able to verify their posts anyway.	2024-03-25 14:05:05 -01:00
Oneric	d6d838cbe8	StealEmoji: check remote size before downloading To save on bandwith and avoid OOMs with large files. Ofc, this relies on the remote server (a) sending a content-length header and (b) being honest about the size. Common fedi servers seem to provide the header and (b) at least raises the required privilege of an malicious actor to a server infrastructure admin of an explicitly allowed host. A more complete defense which still works when faced with a malicious server requires changes in upstream Finch; see https://github.com/sneako/finch/issues/224	2024-03-18 22:33:10 -01:00
Oneric	a4fa2ec9af	StealEmoji: make final paths infeasible to predict Certain attacks rely on predictable paths for their payloads. If we weren’t so overly lax in our (id, URL) check, the current counterfeit activity exploit would be one of those. It seems plausible for future attacks to hinge on or being made easier by predictable paths too. In general, letting remote actors place arbitrary data at a path within our domain of their choosing (sans prefix) just doesn’t seem like a good idea. Using fully random filenames would have worked as well, but this is less friendly for admins checking emoji dirs. The generated suffix should still be more than enough; an attacker needs on average 140 trillion attempts to correctly guess the final path.	2024-03-18 22:33:10 -01:00
Oneric	d1c4d07404	Convert StealEmoji to pack.json This will decouple filenames from shortcodes and allow more image formats to work instead of only those included in the auto-load glob. (Albeit we still saved other formats to disk, wasting space) Furthermore, this will allow us to make final URL paths infeasible to predict.	2024-03-18 22:33:10 -01:00
Oneric	5b126567bb	StealEmoji: drop superfluous basename Since 3 commits ago we restrict shortcodes to a subset of the POSIX Portable Filename Character Set, therefore this can never have a directory component.	2024-03-18 22:33:10 -01:00
Oneric	a8c6c780b4	StealEmoji: use Content-Type and reject non-images E.g. *key’s emoji URLs typically don’t have file extensions, but until now we just slapped ".png" at its end hoping for the best. Furthermore, this gives us a chance to actually reject non-images, which before was not feasible exatly due to those extension-less URLs	2024-03-18 22:33:10 -01:00
Oneric	111cdb0d86	Split steal_emoji function for better readability	2024-03-18 22:33:10 -01:00
Norm	af041db6dc	Limit emoji stealer to alphanum, dash, or underscore characters As suggested in `b387f4a1c1`, only steal emoji with alphanumerc, dash, or underscore characters. Also consolidate all validation logic into a single function. === Taken from akkoma#703 with cosmetic tweaks This matches our existing validation logic from Pleroma.Emoji, and apart from excluding the dot also POSIX’s Portable Filename Character Set making it always safe for use in filenames. Mastodon is even stricter also disallowing U+002D HYPEN-MINUS and requiring at least two characters. Given both we and Mastodon reject shortcodes excluded by this anyway, this doesn’t seem like a loss.	2024-03-18 22:33:10 -01:00
Helge	5d89e0c917	Allow for url to be a list Some checks failed ci/woodpecker/pr/lint Pipeline failed Details ci/woodpecker/pr/test unknown status Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details This solves interoperability issues, see: - https://git.pleroma.social/pleroma/pleroma/-/issues/3253 - https://socialhub.activitypub.rocks/t/fep-fffd-proxy-objects/3172/30?u=helge - https://data.funfedi.dev/0.1.1/#url-parameter	2024-03-03 09:11:45 +01:00
Erin Shepherd	f18e2ba42c	Refresh Users much more aggressively when processing Move activities Some checks failed ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline failed Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details The default refresh interval of 1 day is woefully inadequate here; users expect to be able to add the alias to their new account and press the move button on their old account and have it work. This allows callers to specify a maximum age before a refetch is triggered. We set that to 5s for the move code, as a nice compromise between Making Things Work and ensuring that this can't be used to hammer a remote server	2024-02-29 21:14:53 +01:00
FloatingGhost	3111181d3c	mix format All checks were successful ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details	2024-02-20 15:09:04 +00:00
Erin Shepherd	b387f4a1c1	Don't steal emoji who's shortcodes have dots or colons in their name Some checks failed ci/woodpecker/pr/lint Pipeline failed Details ci/woodpecker/pr/test unknown status Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details Mastodon at the very least seems to prevent the creation of emoji with dots in their name (and refuses to accept them in federation). It feels like being cautious in what we accept is reasonable here. Colons are the emoji separator and so obviously should be blocked. Perhaps instead of filtering out things like this we should just do a regex match on `[a-zA-Z0-9_-]`? But that's plausibly a decision for another day Perhaps we should also have a centralised "is this a valid emoji shortcode?" function	2024-02-20 11:33:55 +01:00
Haelwenn (lanodan) Monnier	7d94476dd6	StealEmojiPolicy: Sanitize shortcodes Some checks are pending ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3245	2024-02-20 11:19:00 +01:00
Oneric	e99e2407f3	Add background_removal to SimplePolicy MRF Some checks failed ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline failed Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-02-16 16:36:45 +01:00
Oneric	7622aa27ca	Federate user profile background Currently our own frontend doesn’t show backgrounds of other users, this property is already publicly readable via REST API and likely was always intended to be shown and federated. Recently Sharkey added support for profile backgrounds and immediately made them federate and be displayed to others. We use the same AP field as Sharkey here which should make it interoperable both ways out-of-the-box. Ref.: `4e64397635`	2024-02-16 16:35:51 +01:00
Oneric	376f6b15ca	Add ability to auto-approve followbacks Some checks are pending ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details Resolves: #148	2024-02-13 15:42:37 +01:00
Oneric	e47c50666d	Fix obfuscation of short domains Fixes #645	2024-02-02 14:50:13 +00:00
Yonle	8a0e797cff	ap userview: add outbox field. Signed-off-by: Yonle <yonle@lecturify.net>	2023-12-15 16:31:51 +00:00
FloatingGhost	98f0820ca4	MIX FORMAT All checks were successful ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details	2023-08-15 23:26:22 +01:00
FloatingGhost	9bc0345e57	AND THAT ONE TOO AND ALL	2023-08-15 23:26:08 +01:00
FloatingGhost	f3cc60b202	INBOX NEEDS TO BE A FULL URL YOU IDIOT AM BAKA I SHOULD JUST COMMIT SUDOKU RIGHT NOW	2023-08-15 23:23:59 +01:00
FloatingGhost	063e3c0d34	Disallow nil hosts in should_federate All checks were successful ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details	2023-08-15 23:12:04 +01:00
FloatingGhost	6cb40bee26	Migrate to phoenix 1.7 (#626 ) All checks were successful ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details Closes #612 Co-authored-by: tusooa <tusooa@kazv.moe> Reviewed-on: #626 Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Co-committed-by: FloatingGhost <hannah@coffee-and-dreams.uk>	2023-08-15 10:22:18 +00:00
FloatingGhost	98cb255d12	Support elixir1.15 Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/test Pipeline failed Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/docs unknown status Details OTP builds to 1.15 Changelog entry Ensure policies are fully loaded Fix :warn use main branch for linkify Fix warn in tests Migrations for phoenix 1.17 Revert "Migrations for phoenix 1.17" This reverts commit `6a3b2f15b7`. Oban upgrade Add default empty whitelist mix format limit test to amd64 OTP 26 tests for 1.15 use OTP_VERSION tag baka just 1.15 Massive deps update Update locale, deps Mix format shell???? multiline??? ? max cases 1 use assert_recieve don't put_env in async tests don't async conn/fs tests mix format FIx some uploader issues Fix tests	2023-08-03 17:44:09 +01:00
FloatingGhost	fa23098093	Merge branch 'develop' into arm All checks were successful ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 Pipeline was successful Details ci/woodpecker/pr/docs Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 Pipeline was successful Details	2023-07-27 14:01:11 +01:00
floatingghost	6db8ab7c94	Merge pull request 'Varied selection of Pleroma cherry-picks' (#567 ) from XxXCertifiedForkliftDriverXxX/akkoma:cherry-picks into develop Some checks are pending ci/woodpecker/push/woodpecker Pipeline is pending Details Reviewed-on: #567	2023-07-27 12:53:56 +00:00
FloatingGhost	34601065c3	Mix format Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/test Pipeline failed Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2023-07-20 17:34:05 +01:00
FloatingGhost	33e7ae7637	Allow nil attachments All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2023-07-17 20:03:31 +01:00
Hélène	3227ebf1e1	CommonFixes: more predictable context generation `context` fields for objects and activities can now be generated based on the object/activity `inReplyTo` field or its ActivityPub ID, as a fallback method in cases where `context` fields are missing for incoming activities and objects.	2023-06-14 16:22:26 +00:00

1 2 3 4 5 ...

2187 commits