akkoma

Author	SHA1	Message	Date
Floatingghost	cba2c5725f	Filter emoji reaction accounts by domain blocks	2024-06-15 15:05:52 +01:00
floatingghost	b03edb4ff4	Merge pull request 'Fix StealEmoji’s max size check' (#793 ) from Oneric/akkoma:emojistealer_contentlength into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #793	2024-06-12 17:09:05 +00:00
Floatingghost	4d6fb43cbd	No need to spawn() any more Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 Pipeline was successful Details ci/woodpecker/pr/build-arm64 Pipeline was successful Details ci/woodpecker/pr/docs Pipeline was successful Details	2024-06-12 02:09:24 +01:00
Floatingghost	ad52135bf5	Convert rich media backfill to oban task Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-06-11 18:06:51 +01:00
Floatingghost	9c5feb81aa	fix tests Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline failed Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details ci/woodpecker/pr/build-arm64 unknown status Details	2024-06-09 21:26:29 +01:00
Floatingghost	a360836ce3	fix oembed test	2024-06-09 21:17:12 +01:00
Floatingghost	840c70c4fa	remove prints Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-06-09 18:52:09 +01:00
Floatingghost	c65379afea	attempt to fix some tests Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-06-09 18:45:38 +01:00
Floatingghost	16bed0562d	Fix tests	2024-06-09 18:28:00 +01:00
Mark Felder	a801dd7b07	Fix module struct matching	2024-06-09 17:38:28 +01:00
Mark Felder	1e86da43f5	Credo	2024-06-09 17:38:24 +01:00
Mark Felder	411831458c	Credo	2024-06-09 17:38:18 +01:00
Mark Felder	56463b2121	Fix compile warning warning: "else" clauses will never match because all patterns in "with" will always match lib/pleroma/web/rich_media/parser/ttl/opengraph.ex:10	2024-06-09 17:38:12 +01:00
Mark Felder	2f5eb79473	Mastodon API: Remove deprecated GET /api/v1/statuses/:id/card endpoint Removed back in 2019 https://github.com/mastodon/mastodon/pull/11213	2024-06-09 17:38:06 +01:00
Mark Felder	4746f98851	Fix broken Rich Media parsing when the image URL is a relative path	2024-06-09 17:36:28 +01:00
Mark Felder	765c7e98d2	Respect the TTL returned in OpenGraph tags	2024-06-09 17:36:15 +01:00
Floatingghost	4a3dd5f65e	lost in cherry-pick	2024-06-09 17:34:41 +01:00
Mark Felder	bfe4152385	Increase the :max_body for Rich Media to 5MB Websites are increasingly getting more bloated with tricks like inlining content (e.g., CNN.com) which puts pages at or above 5MB. This value may still be too low.	2024-06-09 17:34:29 +01:00
Mark Felder	5da9cbd8a5	RichMedia refactor Rich Media parsing was previously handled on-demand with a 2 second HTTP request timeout and retained only in Cachex. Every time a Pleroma instance is restarted it will have to request and parse the data for each status with a URL detected. When fetching a batch of statuses they were processed in parallel to attempt to keep the maximum latency at 2 seconds, but often resulted in a timeline appearing to hang during loading due to a URL that could not be successfully reached. URLs which had images links that expire (Amazon AWS) were parsed and inserted with a TTL to ensure the image link would not break. Rich Media data is now cached in the database and fetched asynchronously. Cachex is used as a read-through cache. When the data becomes available we stream an update to the clients. If the result is returned quickly the experience is almost seamless. Activities were already processed for their Rich Media data during ingestion to warm the cache, so users should not normally encounter the asynchronous loading of the Rich Media data. Implementation notes: - The async worker is a Task with a globally unique process name to prevent duplicate processing of the same URL - The Task will attempt to fetch the data 3 times with increasing sleep time between attempts - The HTTP request obeys the default HTTP request timeout value instead of 2 seconds - URLs that cannot be successfully parsed due to an unexpected error receives a negative cache entry for 15 minutes - URLs that fail with an expected error will receive a negative cache with no TTL - Activities that have no detected URLs insert a nil value in the Cachex :scrubber_cache so we do not repeat parsing the object content with Floki every time the activity is rendered - Expiring image URLs are handled with an Oban job - There is no automatic cleanup of the Rich Media data in the database, but it is safe to delete at any time - The post draft/preview feature makes the URL processing synchronous so the rendered post preview will have an accurate rendering Overall performance of timelines and creating new posts which contain URLs is greatly improved.	2024-06-09 17:33:48 +01:00
Floatingghost	a924e117fd	Add pool timeouts	2024-06-09 17:20:29 +01:00
Oneric	2180d068ae	Raise log level for start failures All checks were successful ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 Pipeline was successful Details ci/woodpecker/pr/build-arm64 Pipeline was successful Details ci/woodpecker/pr/docs Pipeline was successful Details	2024-06-07 16:21:21 +02:00
Oneric	a3840e7d1f	Raise minimum PostgreSQL version to 12 This lets us: - avoid issues with broken hash indices for PostgreSQL <10 - drop runtime checks and legacy codepaths for <11 in db search - always enable custom query plans for performance optimisation PostgreSQL 11 is already EOL since 2023-11-09, so in theory everyone should already have moved on to 12 anyway.	2024-06-07 16:21:09 +02:00
Oneric	df27567d99	mrf/steal_emoji: display download_unknown_size in admin-fe All checks were successful ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 Pipeline was successful Details ci/woodpecker/pr/build-arm64 Pipeline was successful Details ci/woodpecker/pr/docs Pipeline was successful Details Fixes omission in `d6d838cbe8`	2024-06-05 20:14:10 +02:00
Oneric	be5440c5e8	mrf/steal_emoji: fix size limit check Headers are strings, but this expected to already get an int thus always failing the comparison if the header was set. Fixes mistake in `d6d838cbe8`	2024-06-05 20:11:53 +02:00
Floatingghost	0f65dd3ebe	remove pointless logger Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 Pipeline was successful Details ci/woodpecker/pr/build-arm64 Pipeline was successful Details ci/woodpecker/pr/docs Pipeline was successful Details	2024-06-04 14:34:59 +01:00
Floatingghost	38d09cb0ce	remove now-pointless clause Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-06-04 14:34:18 +01:00
Floatingghost	c9a03af7c1	Move rescue to the HTTP request itself Some checks failed ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details ci/woodpecker/pr/lint Pipeline failed Details ci/woodpecker/pr/test unknown status Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-06-04 14:30:16 +01:00
Floatingghost	0f7ae0fa21	am i baka Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-04 14:26:33 +01:00
Floatingghost	30e13a8785	Don't error on rich media fail Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-04 14:21:40 +01:00
Floatingghost	778b213945	enqueue pin fetches after changeset validation Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-01 08:25:35 +01:00
floatingghost	8f97c15b07	Merge pull request 'Preserve Meilisearch’s result ranking' (#772 ) from Oneric/akkoma:search-meili-order into develop Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #772	2024-05-31 14:12:05 +00:00
Floatingghost	3af0c53a86	use proper workers for fetching pins instead of an ad-hoc task (#788 ) Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details Reviewed-on: #788 Co-authored-by: Floatingghost <hannah@coffee-and-dreams.uk> Co-committed-by: Floatingghost <hannah@coffee-and-dreams.uk>	2024-05-31 08:58:52 +00:00
Oneric	fc7e07f424	meilisearch: enable using search_key All checks were successful ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-amd64 Pipeline was successful Details ci/woodpecker/pr/build-arm64 Pipeline was successful Details ci/woodpecker/pr/docs Pipeline was successful Details Using only the admin key works as well currently and Akkoma needs to know the admin key to be able to add new entries etc. However the Meilisearch key descriptions suggest the admin key is not supposed to be used for searches, so let’s not. For compatibility with existings configs, search_key remains optional.	2024-05-29 23:17:27 +00:00
Oneric	59685e25d2	meilisearch: show keys by name not description This makes show-key’s output match our documentation as of Meilisearch 1.8.0-8-g4d5971f343c00d45c11ef0cfb6f61e83a8508208. Since I’m not sure if older versions maybe only provided description, it will fallback to the latter if no name parameter exists.	2024-05-29 23:17:27 +00:00
Oneric	65aeaefa41	meilisearch: respect meili’s result ranking Meilisearch is already configured to return results sorted by a particular ranking configured in the meilisearch CLI task. Resorting the returned top results by date partially negates this and runs counter to what someone with tweaked settings expects. Issue and fix identified by AdamK2003 in #579 But instead of using a O(n^2) resorting, this commit directly retrieves results in the correct order from the database. Closes: #579	2024-05-29 23:17:27 +00:00
Oneric	5d6cb6a459	meilisearch: remove duplicate preload	2024-05-29 23:17:27 +00:00
floatingghost	5bdef8c724	Merge pull request 'Allow for attachment to be a single object in user data' (#783 ) from single-attachment into develop Some checks are pending ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/test/1 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test/2 Pipeline is pending Details ci/woodpecker/push/test/3 Pipeline is pending Details ci/woodpecker/push/test/4 Pipeline is pending Details Reviewed-on: #783	2024-05-27 01:44:53 +00:00
Floatingghost	f15eded3e1	Add extra test case for nonsense field, increase timeouts Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-27 02:09:48 +01:00
Floatingghost	da67e69af5	Allow for attachment to be a single object in user data Some checks failed ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details	2024-05-26 17:09:26 +01:00
Norm	c2d3221be3	Fix Exiftool stderr being read as an image description Some checks are pending ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details Fixes: #773	2024-05-23 14:44:17 -04:00
Floatingghost	b72127b45a	Merge remote-tracking branch 'oneric-sec/media-owner' into develop	2024-05-22 19:36:10 +01:00
Oneric	9a91299f96	Don't try to handle non-media objects as media Trying to display non-media as media crashed the renderer, but when posting a status with a valid, non-media object id the post was still created, but then crashed e.g. timeline rendering. It also crashed C2S inbox reads, so this could not be used to leak private posts.	2024-05-22 20:30:23 +02:00
Oneric	fbd961c747	Drop activity_type override for uploads Afaict this was never used, but keeping this (in theory) possible hinders detecting which objects are actually media uploads and which proper ActivityPub objects. It was originally added as part of upload support itself in `02d3dc6869` without being used and `git log -S:activity_type` and `git log -Sactivity_type:` don't find any other commits using this.	2024-05-22 20:30:23 +02:00
Oneric	0c2b33458d	Restrict media usage to owners In Mastodon media can only be used by owners and only be associated with a single post. We currently allow media to be associated with several posts and until now did not limit their usage in posts to media owners. However, media update and GET lookup was already limited to owners. (In accordance with allowing media reuse, we also still allow GET lookups of media already used in a post unlike Mastodon) Allowing reuse isn’t problematic per se, but allowing use by non-owners can be problematic if media ids of private-scoped posts can be guessed since creating a new post with this media id will reveal the uploaded file content and alt text. Given media ids are currently just part of a sequentieal series shared with some other objects, guessing media ids is with some persistence indeed feasible. E.g. sampline some public media ids from a real-world instance with 112 total and 61 monthly-active users: 17.465.096 at t0 17.472.673 at t1 = t0 + 4h 17.473.248 at t2 = t1 + 20min This gives about 30 new ids per minute of which most won't be local media but remote and local posts, poll answers etc. Assuming the default ratelimit of 15 post actions per 10s, scraping all media for the 4h interval takes about 84 minutes and scraping the 20min range mere 6.3 minutes. (Until the preceding commit, post updates were not rate limited at all, allowing even faster scraping.) If an attacker can infer (e.g. via reply to a follower-only post not accessbile to the attacker) some sensitive information was uploaded during a specific time interval and has some pointers regarding the nature of the information, identifying the specific upload out of all scraped media for this timerange is not impossible. Thus restrict media usage to owners. Checking ownership just in ActivitDraft would already be sufficient, since when a scheduled status actually gets posted it goes through ActivityDraft again, but would erroneously return a success status when scheduling an illegal post. Independently discovered and fixed by mint in Pleroma `1afde067b1`	2024-05-22 20:30:18 +02:00
marcin mikołajczak	3a21293970	Fix tests Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2024-05-22 19:27:31 +01:00
marcin mikołajczak	0d66237205	Fix validate_webfinger when running a different domain for Webfinger Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2024-05-22 19:20:02 +01:00
Oneric	6ef6b2a289	Apply rate limits to status updates	2024-05-22 20:18:08 +02:00
Oneric	94e9c8f48a	Purge unused media description update on post In MastoAPI media descriptions are updated via the media update API not upon post creation or post update. This functionality was originally added about 6 years ago in `ba93396649` which was part of https://git.pleroma.social/pleroma/pleroma/-/merge_requests/626 and https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/450. They introduced image descriptions to the front- and backend, but predate adoption of Mastodon API. For a while adding an `descriptions` array on post creation might have continued to work as an undocumented Pleroma extension to Masto API, but at latest when OpenAPI specs were added for those endpoints four years ago in `7803a85d2c`, these codepaths ceased to be used. The API specs don’t list a `descriptions` parameter and any unknown parameters are stripped out. The attachments_from_ids function is only called from ScheduledActivity and ActivityDraft.create with the latter only being called by CommonAPI.{post,update} whihc in turn are only called from ScheduledActivity again, MastoAPI controller and without any attachment or description parameter WelcomeMessage. Therefore no codepath can contain a descriptions parameter.	2024-05-22 20:18:08 +02:00
Oneric	873aa9da1c	activity_draft: mark new/2 as private	2024-05-22 20:18:08 +02:00
Oneric	34a48cb87f	scheduled_activity: mark private functions as private And remove unused due_activities/1	2024-05-22 20:18:08 +02:00

1 2 3 4 5 ...

9363 commits