akkoma

Author	SHA1	Message	Date
Mark Felder	765c7e98d2	Respect the TTL returned in OpenGraph tags	2024-06-09 17:36:15 +01:00
Mark Felder	ddbe989461	Fix broken tests	2024-06-09 17:35:47 +01:00
Floatingghost	a924e117fd	Add pool timeouts	2024-06-09 17:20:29 +01:00
Oneric	a3840e7d1f	Raise minimum PostgreSQL version to 12 This lets us: - avoid issues with broken hash indices for PostgreSQL <10 - drop runtime checks and legacy codepaths for <11 in db search - always enable custom query plans for performance optimisation PostgreSQL 11 is already EOL since 2023-11-09, so in theory everyone should already have moved on to 12 anyway.	2024-06-07 16:21:09 +02:00
Floatingghost	c9a03af7c1	Move rescue to the HTTP request itself Some checks failed ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details ci/woodpecker/pr/lint Pipeline failed Details ci/woodpecker/pr/test unknown status Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-06-04 14:30:16 +01:00
Floatingghost	30e13a8785	Don't error on rich media fail Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-04 14:21:40 +01:00
floatingghost	8f97c15b07	Merge pull request 'Preserve Meilisearch’s result ranking' (#772 ) from Oneric/akkoma:search-meili-order into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #772	2024-05-31 14:12:05 +00:00
Floatingghost	3af0c53a86	use proper workers for fetching pins instead of an ad-hoc task (#788 ) Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #788 Co-authored-by: Floatingghost <hannah@coffee-and-dreams.uk> Co-committed-by: Floatingghost <hannah@coffee-and-dreams.uk>	2024-05-31 08:58:52 +00:00
Oneric	65aeaefa41	meilisearch: respect meili’s result ranking Meilisearch is already configured to return results sorted by a particular ranking configured in the meilisearch CLI task. Resorting the returned top results by date partially negates this and runs counter to what someone with tweaked settings expects. Issue and fix identified by AdamK2003 in #579 But instead of using a O(n^2) resorting, this commit directly retrieves results in the correct order from the database. Closes: #579	2024-05-29 23:17:27 +00:00
Floatingghost	66b3248dd3	mix tests probably shouldn't be async Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-05-27 04:03:13 +01:00
Floatingghost	73ead8656a	don't allow emoji formatter to be async Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline failed Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-27 03:25:18 +01:00
Floatingghost	f15eded3e1	Add extra test case for nonsense field, increase timeouts Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-27 02:09:48 +01:00
Floatingghost	da67e69af5	Allow for attachment to be a single object in user data Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-26 17:09:26 +01:00
Floatingghost	b72127b45a	Merge remote-tracking branch 'oneric-sec/media-owner' into develop	2024-05-22 19:36:10 +01:00
Oneric	9a91299f96	Don't try to handle non-media objects as media Trying to display non-media as media crashed the renderer, but when posting a status with a valid, non-media object id the post was still created, but then crashed e.g. timeline rendering. It also crashed C2S inbox reads, so this could not be used to leak private posts.	2024-05-22 20:30:23 +02:00
Oneric	0c2b33458d	Restrict media usage to owners In Mastodon media can only be used by owners and only be associated with a single post. We currently allow media to be associated with several posts and until now did not limit their usage in posts to media owners. However, media update and GET lookup was already limited to owners. (In accordance with allowing media reuse, we also still allow GET lookups of media already used in a post unlike Mastodon) Allowing reuse isn’t problematic per se, but allowing use by non-owners can be problematic if media ids of private-scoped posts can be guessed since creating a new post with this media id will reveal the uploaded file content and alt text. Given media ids are currently just part of a sequentieal series shared with some other objects, guessing media ids is with some persistence indeed feasible. E.g. sampline some public media ids from a real-world instance with 112 total and 61 monthly-active users: 17.465.096 at t0 17.472.673 at t1 = t0 + 4h 17.473.248 at t2 = t1 + 20min This gives about 30 new ids per minute of which most won't be local media but remote and local posts, poll answers etc. Assuming the default ratelimit of 15 post actions per 10s, scraping all media for the 4h interval takes about 84 minutes and scraping the 20min range mere 6.3 minutes. (Until the preceding commit, post updates were not rate limited at all, allowing even faster scraping.) If an attacker can infer (e.g. via reply to a follower-only post not accessbile to the attacker) some sensitive information was uploaded during a specific time interval and has some pointers regarding the nature of the information, identifying the specific upload out of all scraped media for this timerange is not impossible. Thus restrict media usage to owners. Checking ownership just in ActivitDraft would already be sufficient, since when a scheduled status actually gets posted it goes through ActivityDraft again, but would erroneously return a success status when scheduling an illegal post. Independently discovered and fixed by mint in Pleroma `1afde067b1`	2024-05-22 20:30:18 +02:00
Floatingghost	842cac2a50	ensure we mock_global	2024-05-22 19:30:03 +01:00
Lain Soykaf	3e1f5e5372	WebFingerControllerTest: Restore host after test.	2024-05-22 19:27:51 +01:00
marcin mikołajczak	3a21293970	Fix tests Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2024-05-22 19:27:31 +01:00
marcin mikołajczak	0d66237205	Fix validate_webfinger when running a different domain for Webfinger Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2024-05-22 19:20:02 +01:00
Oneric	94e9c8f48a	Purge unused media description update on post In MastoAPI media descriptions are updated via the media update API not upon post creation or post update. This functionality was originally added about 6 years ago in `ba93396649` which was part of https://git.pleroma.social/pleroma/pleroma/-/merge_requests/626 and https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/450. They introduced image descriptions to the front- and backend, but predate adoption of Mastodon API. For a while adding an `descriptions` array on post creation might have continued to work as an undocumented Pleroma extension to Masto API, but at latest when OpenAPI specs were added for those endpoints four years ago in `7803a85d2c`, these codepaths ceased to be used. The API specs don’t list a `descriptions` parameter and any unknown parameters are stripped out. The attachments_from_ids function is only called from ScheduledActivity and ActivityDraft.create with the latter only being called by CommonAPI.{post,update} whihc in turn are only called from ScheduledActivity again, MastoAPI controller and without any attachment or description parameter WelcomeMessage. Therefore no codepath can contain a descriptions parameter.	2024-05-22 20:18:08 +02:00
lain	50403351f4	add impostor test for webfinger	2024-05-22 19:17:34 +01:00
Alex Gleason	a953b1d927	Prevent spoofing webfinger	2024-05-22 19:08:37 +01:00
floatingghost	76ded10a70	Merge pull request 'Backoff on HTTP requests when 429 is recieved' (#762 ) from backoff-http into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #762	2024-05-11 04:38:47 +00:00
Floatingghost	4457928e32	duct-tape fix for #438 Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details we really need to make this less manual	2024-05-11 05:30:18 +01:00
Floatingghost	ea6bc8a7c5	add a test for 503-rate-limiting Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 Pipeline was successful Details ci/woodpecker/pr/build-arm64 Pipeline was successful Details ci/woodpecker/pr/docs Pipeline was successful Details	2024-05-06 23:36:00 +01:00
Floatingghost	bd74693db6	additionally support retry-after values Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-05-06 23:34:48 +01:00
Floatingghost	f531484063	Merge branch 'develop' into backoff-http Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-04-26 19:06:18 +01:00
Floatingghost	ec7e9da734	Correct ttl syntax for new cachex	2024-04-26 19:05:12 +01:00
FloatingGhost	3c384c1b76	Add ratelimit backoff to HTTP get	2024-04-26 19:01:12 +01:00
FloatingGhost	2437a3e9ba	add test for backoff	2024-04-26 19:01:01 +01:00
Floatingghost	828158ef49	Merge remote-tracking branch 'oneric/fedfix-public-ld' into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-04-26 18:49:31 +01:00
Oneric	5ee0fb18cb	exiftool: make stripped tags configurable	2024-04-26 18:57:24 +02:00
Oneric	b0a46c1e2e	Normalise public adressing to fix federation Some checks are pending ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details Due to JSON-LD compaction the full address of public scope may also occur in shorter forms and the spec requires us to treat them all equivalently. To save us the pain of repeatedly checking for all variants internally, normalise inbound data to just one form. See note at: https://www.w3.org/TR/activitypub/#public-addressing This needs to happen very early, even before the other addressing fixes else an earlier validator will reject the object. This in turn required to move the list-tpye normalisation earlier as well, but since I was unsure about putting empty lists into the data when no such field existed before, I excluded this case and thus the later fixing had to be kept as well. Fixes: #670	2024-04-25 18:45:16 +02:00
floatingghost	b1c6621e66	Merge pull request 'Read image description from EXIF data' (#744 ) from timorl/akkoma:elseinspe into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #744	2024-04-25 12:52:31 +00:00
floatingghost	764dbeded4	Merge pull request 'Accept all standard actor types' (#751 ) from Oneric/akkoma:all-actor-types into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #751	2024-04-24 17:09:02 +00:00
floatingghost	1e48a37545	Merge pull request 'Remove unused AP C2S endpoints' (#749 ) from who-wants-to-yeet-c2s-i-want-to-yeet-c2s into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #749	2024-04-24 16:59:58 +00:00
Oneric	83f75c3e93	Accept all standard actor types Some checks failed ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-04-23 18:14:34 +02:00
Floatingghost	92168fa5a1	Merge remote-tracking branch 'origin/develop' into who-wants-to-yeet-c2s-i-want-to-yeet-c2s Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-04-23 14:37:05 +01:00
Oneric	20c22eb159	Fix flaky expires_at tests Some checks failed ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/docs unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details The API parameter is not a timestamp but an offset. If a sufficient amount of time passes between the tests expires_at calculation and the internal calculation during processing of the request the strict equality assertion fails. (Either a direct assertion or indirect via job lookup). To avoid this lower comparison granularity.	2024-04-21 21:08:53 +00:00
timorl	3f54945033	Fix the one test that wasn't just being flaky Some checks failed ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-04-21 19:43:26 +02:00
timorl	2a9db73b4c	Merge branch 'develop' into elseinspe	2024-04-19 17:11:55 +02:00
Floatingghost	1ed975636b	Keep READ endpoints, purge WRITE Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-04-19 11:06:01 +01:00
timorl	cd7af81896	Rename StripLocation to StripMetadata for temporal-proofing reasons Some checks are pending ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-04-16 20:37:00 +02:00
Floatingghost	ddb8a5ef73	yeet AP C2S support literally nothing uses C2S AP, and it's another route into core systems which requires analysis and maintenance. A second API is just extra surface for potentially bad things so let's take it out back and obliterate it	2024-04-16 13:55:03 +01:00
Floatingghost	123db1abc4	Merge branch 'develop' into failed-fetch-processing Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-04-16 12:35:54 +01:00
timorl	59d32c10d9	Formatting	2024-04-16 08:02:13 +02:00
timorl	b144218dce	Merge branch 'develop' into elseinspe Some checks failed ci/woodpecker/pr/lint Pipeline failed Details ci/woodpecker/pr/test unknown status Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-04-14 20:31:33 +02:00
Floatingghost	2fc25980d1	fix pattern matching in fetch errors Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-04-13 23:55:26 +01:00
floatingghost	c1f0b6b875	Merge pull request 'Accept body parameters for /api/pleroma/notification_settings' (#738 ) from Oneric/akkoma:notif-setting-parameters into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #738	2024-04-13 22:55:02 +00:00

1 2 3 4 5 ...

5800 commits