Compare commits

base: AkkomaGang:pre-rebase

Branches Tags

AkkomaGang:develop

AkkomaGang:stable

AkkomaGang:db-prune-beastmode-level-aggression

AkkomaGang:better-stats

AkkomaGang:translations

AkkomaGang:customizable-docker-db

AkkomaGang:static-adminfe

AkkomaGang:bad-uploader-config-warning

AkkomaGang:docker

AkkomaGang:user-expiry-backfill

AkkomaGang:config-db-keys

AkkomaGang:ensure-scrubbers-loaded

AkkomaGang:otp26

AkkomaGang:code-shaking-does-not-go-brr

AkkomaGang:elixir1.15

AkkomaGang:circleci

AkkomaGang:backup-fixes

AkkomaGang:mod-task

AkkomaGang:policy

AkkomaGang:mrf-coolness

AkkomaGang:frontend-switcher-9000

AkkomaGang:contentMap

AkkomaGang:language-on-posts

AkkomaGang:rabbit

AkkomaGang:credo-on-pr

AkkomaGang:unify-http

AkkomaGang:normalise-markup-by-default

AkkomaGang:buildx

AkkomaGang:v3.15.2

AkkomaGang:v3.15.1

AkkomaGang:v3.15.0

AkkomaGang:v3.14.1

AkkomaGang:v3.14.0

AkkomaGang:v2.8.0

AkkomaGang:v2.7.1

AkkomaGang:v3.13.3

AkkomaGang:v2.7.0

AkkomaGang:v3.13.2

AkkomaGang:v2.6.3

AkkomaGang:v3.13.1

AkkomaGang:v3.13.0

AkkomaGang:snac-3.12.1.2

AkkomaGang:v3.12.2

AkkomaGang:snac-3.12.1.1

AkkomaGang:v3.12.1

AkkomaGang:v3.12.0

AkkomaGang:v3.11.0

AkkomaGang:v2.6.2

AkkomaGang:v2.6.1

AkkomaGang:2.6.1

AkkomaGang:v2.6.0

AkkomaGang:v2.5.5

AkkomaGang:v3.10.4

AkkomaGang:v3.10.3

AkkomaGang:v3.10.2

AkkomaGang:v3.10.1

AkkomaGang:v3.10.0

AkkomaGang:v2.5.4

AkkomaGang:v2.5.3

AkkomaGang:v3.9.3

AkkomaGang:v3.9.2

AkkomaGang:v3.9.1

AkkomaGang:V3.9.0

AkkomaGang:2023.05

AkkomaGang:v3.8.0

AkkomaGang:v3.7.1

AkkomaGang:v3.7.0

AkkomaGang:v3.6.0

AkkomaGang:v3.5.0

AkkomaGang:v2.4.5

AkkomaGang:v3.4.0

AkkomaGang:v3.3.1

AkkomaGang:v2.4.4

AkkomaGang:v3.3.0

AkkomaGang:v3.2.3

AkkomaGang:v3.2.2

AkkomaGang:v3.2.1

AkkomaGang:stable-202209

AkkomaGang:v3.2.0

AkkomaGang:v3.1.0

AkkomaGang:stable-2022.07

AkkomaGang:v3.0.0

AkkomaGang:v0.0.1

AkkomaGang:v2.5.2-6

AkkomaGang:v2.5.2-5

AkkomaGang:v2.5.2-4

AkkomaGang:v2.5.2-3

AkkomaGang:v2.5.2-2

AkkomaGang:v2.5.2-1

AkkomaGang:v2.5.2

AkkomaGang:v2.5.1

AkkomaGang:v2.5.0-8

AkkomaGang:v2.5.0-7

AkkomaGang:v2.5.0-6

AkkomaGang:v2.5.0-5

AkkomaGang:v2.5.0-4

AkkomaGang:v2.5.0-3

AkkomaGang:v2.5.0-2

AkkomaGang:v2.5.0-1

AkkomaGang:v2.5.0

AkkomaGang:v2.4.3

AkkomaGang:pre-rebase

AkkomaGang:v2.4.2

AkkomaGang:v2.4.1

AkkomaGang:v2.4.0

AkkomaGang:soapbox-v1.1.1

AkkomaGang:soapbox-v1.1.0

AkkomaGang:soapbox-v1.0.0

AkkomaGang:v2.3.0

AkkomaGang:v2.2.2

AkkomaGang:v2.2.1

AkkomaGang:v2.2.0

AkkomaGang:v2.1.2

AkkomaGang:v2.1.1

AkkomaGang:v2.1.0

AkkomaGang:v2.0.7

AkkomaGang:v2.0.6

AkkomaGang:v2.0.5

AkkomaGang:v2.0.4

AkkomaGang:v2.0.3

AkkomaGang:v2.0.2

AkkomaGang:v2.0.1

AkkomaGang:v2.0.0

AkkomaGang:v1.1.9

AkkomaGang:v1.1.8

AkkomaGang:v1.1.7

AkkomaGang:v1.1.6

AkkomaGang:v1.1.5

AkkomaGang:v1.1.4

AkkomaGang:v1.1.3

AkkomaGang:v1.1.2

AkkomaGang:v1.1.1

AkkomaGang:v1.1.0

AkkomaGang:v1.0.91

AkkomaGang:v1.0.90

AkkomaGang:v1.0.7

AkkomaGang:v1.0.6

AkkomaGang:v1.0.5

AkkomaGang:v1.0.4

AkkomaGang:v1.0.3

AkkomaGang:v1.0.2

AkkomaGang:v1.0.1

AkkomaGang:v1.0.0

AkkomaGang:v0.9.0

...

compare: AkkomaGang:develop

Branches Tags

AkkomaGang:develop

AkkomaGang:stable

AkkomaGang:db-prune-beastmode-level-aggression

AkkomaGang:better-stats

AkkomaGang:translations

AkkomaGang:customizable-docker-db

AkkomaGang:static-adminfe

AkkomaGang:bad-uploader-config-warning

AkkomaGang:docker

AkkomaGang:user-expiry-backfill

AkkomaGang:config-db-keys

AkkomaGang:ensure-scrubbers-loaded

AkkomaGang:otp26

AkkomaGang:code-shaking-does-not-go-brr

AkkomaGang:elixir1.15

AkkomaGang:circleci

AkkomaGang:backup-fixes

AkkomaGang:mod-task

AkkomaGang:policy

AkkomaGang:mrf-coolness

AkkomaGang:frontend-switcher-9000

AkkomaGang:contentMap

AkkomaGang:language-on-posts

AkkomaGang:rabbit

AkkomaGang:credo-on-pr

AkkomaGang:unify-http

AkkomaGang:normalise-markup-by-default

AkkomaGang:buildx

AkkomaGang:v3.15.2

AkkomaGang:v3.15.1

AkkomaGang:v3.15.0

AkkomaGang:v3.14.1

AkkomaGang:v3.14.0

AkkomaGang:v2.8.0

AkkomaGang:v2.7.1

AkkomaGang:v3.13.3

AkkomaGang:v2.7.0

AkkomaGang:v3.13.2

AkkomaGang:v2.6.3

AkkomaGang:v3.13.1

AkkomaGang:v3.13.0

AkkomaGang:snac-3.12.1.2

AkkomaGang:v3.12.2

AkkomaGang:snac-3.12.1.1

AkkomaGang:v3.12.1

AkkomaGang:v3.12.0

AkkomaGang:v3.11.0

AkkomaGang:v2.6.2

AkkomaGang:v2.6.1

AkkomaGang:2.6.1

AkkomaGang:v2.6.0

AkkomaGang:v2.5.5

AkkomaGang:v3.10.4

AkkomaGang:v3.10.3

AkkomaGang:v3.10.2

AkkomaGang:v3.10.1

AkkomaGang:v3.10.0

AkkomaGang:v2.5.4

AkkomaGang:v2.5.3

AkkomaGang:v3.9.3

AkkomaGang:v3.9.2

AkkomaGang:v3.9.1

AkkomaGang:V3.9.0

AkkomaGang:2023.05

AkkomaGang:v3.8.0

AkkomaGang:v3.7.1

AkkomaGang:v3.7.0

AkkomaGang:v3.6.0

AkkomaGang:v3.5.0

AkkomaGang:v2.4.5

AkkomaGang:v3.4.0

AkkomaGang:v3.3.1

AkkomaGang:v2.4.4

AkkomaGang:v3.3.0

AkkomaGang:v3.2.3

AkkomaGang:v3.2.2

AkkomaGang:v3.2.1

AkkomaGang:stable-202209

AkkomaGang:v3.2.0

AkkomaGang:v3.1.0

AkkomaGang:stable-2022.07

AkkomaGang:v3.0.0

AkkomaGang:v0.0.1

AkkomaGang:v2.5.2-6

AkkomaGang:v2.5.2-5

AkkomaGang:v2.5.2-4

AkkomaGang:v2.5.2-3

AkkomaGang:v2.5.2-2

AkkomaGang:v2.5.2-1

AkkomaGang:v2.5.2

AkkomaGang:v2.5.1

AkkomaGang:v2.5.0-8

AkkomaGang:v2.5.0-7

AkkomaGang:v2.5.0-6

AkkomaGang:v2.5.0-5

AkkomaGang:v2.5.0-4

AkkomaGang:v2.5.0-3

AkkomaGang:v2.5.0-2

AkkomaGang:v2.5.0-1

AkkomaGang:v2.5.0

AkkomaGang:v2.4.3

AkkomaGang:pre-rebase

AkkomaGang:v2.4.2

AkkomaGang:v2.4.1

AkkomaGang:v2.4.0

AkkomaGang:soapbox-v1.1.1

AkkomaGang:soapbox-v1.1.0

AkkomaGang:soapbox-v1.0.0

AkkomaGang:v2.3.0

AkkomaGang:v2.2.2

AkkomaGang:v2.2.1

AkkomaGang:v2.2.0

AkkomaGang:v2.1.2

AkkomaGang:v2.1.1

AkkomaGang:v2.1.0

AkkomaGang:v2.0.7

AkkomaGang:v2.0.6

AkkomaGang:v2.0.5

AkkomaGang:v2.0.4

AkkomaGang:v2.0.3

AkkomaGang:v2.0.2

AkkomaGang:v2.0.1

AkkomaGang:v2.0.0

AkkomaGang:v1.1.9

AkkomaGang:v1.1.8

AkkomaGang:v1.1.7

AkkomaGang:v1.1.6

AkkomaGang:v1.1.5

AkkomaGang:v1.1.4

AkkomaGang:v1.1.3

AkkomaGang:v1.1.2

AkkomaGang:v1.1.1

AkkomaGang:v1.1.0

AkkomaGang:v1.0.91

AkkomaGang:v1.0.90

AkkomaGang:v1.0.7

AkkomaGang:v1.0.6

AkkomaGang:v1.0.5

AkkomaGang:v1.0.4

AkkomaGang:v1.0.3

AkkomaGang:v1.0.2

AkkomaGang:v1.0.1

AkkomaGang:v1.0.0

AkkomaGang:v0.9.0

1683 commits

pre-rebase ... develop

Author	SHA1	Message	Date
floatingghost	6a6d4254d5	Merge pull request 'api/statuses: allow expires_in to override user-level status_ttl_default' (#899) from Oneric/akkoma:expires_in_overriding_default_status_ttl into develop ... Reviewed-on: #899	2025-04-09 12:24:26 +00:00
Oneric	984e5a121a	api/statuses: allow expires_in to override user-level status_ttl_default ... Fixes: #898	2025-04-08 23:43:59 +02:00
floatingghost	ff3aaa73ee	Merge pull request 'exiftool/strip: hide warnings from log' (#883) from Oneric/akkoma:exiftool-hide-warning into develop ... Reviewed-on: #883	2025-03-31 10:28:55 +00:00
floatingghost	3d032493eb	Merge pull request 'fix: docs: arch linux split erlang package' (#879) from a/akkoma:develop into develop ... Reviewed-on: #879	2025-03-31 10:27:26 +00:00
a	ab9a4ce0d5	remove specific split packages, refer only to erlang-headless or erlang	2025-03-19 20:15:57 +00:00
a	699c051101	erlang-headless now exists	2025-03-19 03:15:07 +00:00
Oneric	7ffbe2ad26	upload/filter/exiftool/strip: hide warnings from log	2025-03-18 01:01:47 +01:00
a	dcfae9bfbf	erlang-os_mon as well	2025-03-12 20:27:27 +00:00
a	efb901bdb5	fix: docs: arch linux split erlang package	2025-03-12 20:15:34 +00:00
Floatingghost	74182abb5b	bump version	2025-03-11 20:48:27 +00:00
floatingghost	0a9cf8fa8b	Merge pull request 'Test lowest and highest language versions, elixir 1.18 support' (#875) from ci-testing-all-versions into develop ... Reviewed-on: #875	2025-03-11 20:47:54 +00:00
Oneric	066d5b48ed	Fix Content-Type sanitisation for emoji and local uploads ... This was accidentally broken in c8e0f7848b due to a one-letter mistake in the plug option name and an absence of tests. Therefore it was once again possible to serve e.g. Javascript or CSS payloads via uploads and emoji. However due to other protections it was still NOT possible for anyone to serve any payload with an ActivityPub Content-Type. With the CSP policy hardening from previous JS payload exloits predating the Content-Type sanitisation, there is currently no known way of abusing this weakened Content-Type sanitisation, but should be fixed regardless. This commit fixes the option name and adds tests to ensure such a regression doesn't occur again in the future. Reported-by: Lain Soykaf <lain@lain.com>	2025-03-10 19:45:26 +01:00
Floatingghost	4a05b2d643	we do actually want to start oban-met...	2025-03-02 13:36:52 +00:00
Floatingghost	93200a8073	use latest ASDF instructions	2025-03-02 13:36:14 +00:00
Floatingghost	41a4ed1db5	specify correct version	2025-03-02 13:17:52 +00:00
Floatingghost	8e789c6236	1.14.1 min version	2025-03-02 13:07:03 +00:00
Floatingghost	184c62359f	drop back to 1.14/OTP25	2025-03-02 13:04:10 +00:00
Floatingghost	829af03042	we don't support otp24, bump to 25	2025-03-02 12:19:14 +00:00
Floatingghost	842414b927	run the lint task on the latest version	2025-03-02 11:56:15 +00:00
Floatingghost	f176294d6d	elixir 1.18 formatting	2025-03-02 11:54:00 +00:00
Floatingghost	b1c0b9e01a	test lowest and highest supported versions on PR	2025-03-02 11:49:41 +00:00
Floatingghost	fc2c740008	dependency upgrade	2025-03-02 11:34:09 +00:00
Floatingghost	9da2cb881e	upgrade oban migrations to v12	2025-03-02 11:32:40 +00:00
Floatingghost	522a168af6	force signatures for pinned posts	2025-03-01 17:27:45 +00:00
Floatingghost	59ea358e52	bump version	2025-03-01 16:36:04 +00:00
Floatingghost	d62808e4b6	move /outbox to signed pipeline	2025-03-01 16:28:12 +00:00
Floatingghost	7ccc560e4d	prepare 2025.03 release	2025-03-01 12:19:43 +00:00
Floatingghost	a47b02cb69	Merge remote-tracking branch 'oneric-sec/sec-2024-12' into develop	2025-03-01 12:13:17 +00:00
Floatingghost	6222936673	use akk.dev mfm parser	2025-03-01 12:10:23 +00:00
floatingghost	d65cd1b141	Merge pull request 'Add oban web dashboard' (#871) from oban_web into develop ... Reviewed-on: #871	2025-02-27 12:07:36 +00:00
floatingghost	d7dd34f263	Merge pull request 'Use FEP-c16b: Formatting MFM functions' (#823) from ilja/akkoma:use_fep-c16b_formatting_mfm_functions into develop ... Reviewed-on: #823	2025-02-27 12:03:22 +00:00
Floatingghost	c2f60c9228	add a snapshot test for api prefixes	2025-02-23 16:51:48 +00:00
Floatingghost	13d650602b	update deps	2025-02-23 16:32:55 +00:00
Floatingghost	a49f04bb4e	Merge branch 'develop' into oban_web	2025-02-23 16:16:48 +00:00
Floatingghost	da7998e89e	put oban route under a known prefix	2025-02-23 16:16:17 +00:00
ilja space	dce07f05d9	Merge branch 'develop' of https://akkoma.dev/AkkomaGang/akkoma into use_fep-c16b_formatting_mfm_functions	2025-02-23 10:13:44 +01:00
Oneric	7c23793e55	changelog: add entries for preceding commits	2025-02-21 19:37:27 +01:00
Oneric	8243fc0ef4	federation: strip internal fields from incoming updates and history ... When note editing support was added, it was omitted to strip internal fields from edited notes and their history. This was uncovered due to Mastodon inlining the like count as a "likes" collection conflicting with our internal "likes" list causing validation failures. In a spot check with likes/like_count it was not possible to inject those internal fields into the local db via Update, but this was not extensively tested for all fields and avenues. Similarly address normalisation did not normalise addressing in the object history, although this was never at risk of being exploitable. The revision history of the Pleroma MR adding edit support reveals recusrive stripping was intentionally avoided, since it will end up removing e.g. emoji from outgoing activities. This appears to still be true. However, all current internal fields ("pleroma_interal" appears to be unused) contain data already publicised otherwise anyway. In the interest of fixing a federation bug (and at worst potential data injection) quickly outgoing stripping is left non-recursive for now. Of course the ultimate fix here is to not mix remote and internal data into the same map in the first place, but unfortunately having a single map of all truth is a core assumption of *oma's AP doc processing. Changing this is a masive undertaking and not suitable for providing a short-term fix.	2025-02-21 19:37:27 +01:00
Oneric	11ad4711eb	signing_key: don't retrieve superfluous fields when loading ap_id	2025-02-21 19:37:27 +01:00
Oneric	d8e40173bf	http_signatures: tweak order of route aliases ... We expect most requests to be made for the actual canonical ID, so check this one first (starting without query headers matching the predominant albeit spec-breaking version). Also avoid unnecessary rerewrites of the digest header on each route alias by just setting it once before iterating through aliases.	2025-02-21 19:37:27 +01:00
Oneric	9cc5fe9a5f	signature: refetch key upon verification failure ... This matches behaviour prioir to the SigningKey migration and the expected semantics of the http_signatures lib. Additionally add a min interval paramter, to avoid refetch floods on bugs causing incompatible signatures (like e.g. currently with Bridgy)	2025-02-21 19:37:27 +01:00
floatingghost	355263858c	Merge pull request 'Expose Port IO stats via Prometheus' (#869) from Oneric/akkoma:io-telemetry into develop ... Reviewed-on: #869	2025-02-21 15:28:09 +00:00
Oneric	a7b4e4bfd9	signature: distinguish error sources and log fetch issues	2025-02-14 22:10:25 +01:00
Oneric	51642a90c5	signature: drop unecessary round trip over user ... We already got the key.	2025-02-14 22:10:25 +01:00
Oneric	bc79bd0edf	cosmetic/test/user: replace deprecated clear_config syntax	2025-02-14 22:10:25 +01:00
Oneric	ee61ce61a7	changelog: summarise preceeding changes	2025-02-14 22:10:25 +01:00
Oneric	8a0d130976	Add tests for SigninKey module	2025-02-14 22:10:25 +01:00
Oneric	898b98e5dd	db: drop legacy key fields in users table	2025-02-14 22:10:25 +01:00
Oneric	ea2de1f28a	signing_key: ensure only one key per user exists ... Fixes: AkkomaGang/akkoma issue 858	2025-02-14 22:10:25 +01:00
Oneric	2a4587f201	Fix SigningKey db schema	2025-02-14 22:10:25 +01:00
Oneric	3460f41776	Fix user updates ... User updates broke with the migration to separate signing keys since user data carries signing keys but we didn't allow the association data to be updated.	2025-02-14 22:10:25 +01:00
Oneric	cc5c1bb10c	signing_key: cleanup code ... In particular this avoids an unecessary roundtrip over user_id when searching a key via its primary key_id	2025-02-14 22:10:25 +01:00
Oneric	70fe99d196	Prevent key-actor mapping poisoning and key take overs ... Previously there were mainly two attack vectors: - for raw keys the owner <-> key mapping wasn't verified at all - keys were retrieved with refetching allowed and only the top-level ID was sanitised while usually keys are but a subobject This reintroduces public key checks in the user actor, previously removed in 9728e2f8f7 but now adapted to account for the new mapping mechanism.	2025-02-14 22:10:25 +01:00
Oneric	366065c0f6	fetcher: split out core object fetch validation ... To allow reuse for adapted key validation logic	2025-02-14 22:10:25 +01:00
Oneric	b5fa8c6d09	readme: drop mention of YunoHost package ... It’s no longer listed in the catalogue and the git repo wasn't updated in over a year	2025-02-14 22:10:25 +01:00
Oneric	d68a5f6c56	Protected against counterfeit local docs being posted ... Only possible if actor keys leaked first thus log with alert level	2025-02-14 22:10:25 +01:00
Oneric	4231345f4e	cosmetic/emoji/pack: fix spelling ... There might be further debate about "emoji" vs "emojis" for the plural but a grep shows the latter is already widely used in our codebase.	2025-02-14 22:10:25 +01:00
Oneric	96fe080e6e	Convert all raw :zip usage to SafeZip ... Notably at least two instances were not properly guarded from path traversal attack before and are only now fixed by using SafeZip: - frontend installation did never check for malicious paths. But given a malicious froontend could already, e.g. steal all user tokens even without this, in the real world admins should only use frontends from trusted sources and the practical implications are minimal - the emoji pack update/upload API taking a ZIP file did not protect against path traversal. While atm only admins can use these emoji endpoints, emoji packs are typically considered "harmless" and used without prior verification from various sources. Thus this appears more concerning.	2025-02-14 22:10:25 +01:00
Oneric	7151ef4718	Add SafeZip module ... This will replace all the slightly different safety workarounds at different ZIP handling sites and ensure safety is actually consistently enforced everywhere while also making code cleaner and easiert to follow.	2025-02-14 22:10:25 +01:00
Oneric	c8e0f7848b	Migrate back to upstream Plug.Static ... Commit a924e117fd bumped the plug package to 1.16.0 which includes our upstream patch. Resolves: #734	2025-02-14 22:10:25 +01:00
Oneric	98c7e9534e	Drop obsolete APNG mime override ... Commit 9d2c558f64 bumped to a mime package version including the upstream fix.	2025-02-14 22:10:25 +01:00
Oneric	1c2eb4d799	cosmetic/object: drop is_ prefix from is_tombstone_object? ... The question mark suffix already implies it being an indicator function	2025-02-14 22:10:25 +01:00
Oneric	7998a00346	cosmetic/rich_media/parser: fix typo	2025-02-14 22:10:25 +01:00
floatingghost	4c41f8c286	Merge pull request 'Improve stat queries and ReceiverWorker logic' (#862) from Oneric/akkoma:perf_tweaks_stats+jobs into develop ... Reviewed-on: #862	2025-02-14 19:22:35 +00:00
Oneric	f0a99b4595	article_note_validator: fix handling of Mastodon-style replies collections ... The first collection page is (sometimes?) inlined which caused crashes when attempting to log the fetch failure. But there’s no need to fetch and we can treat it like the other inline collection	2025-02-14 18:49:51 +01:00
Oneric	a1c841a122	federation.md: list FEP-dc88 formatting mathematics ... Implemented by #642	2025-02-14 18:49:51 +01:00
Oneric	1b09b9fc22	static_fe: fix HTML quotation for upload alt text ... Reported by riley on IRC	2025-02-14 18:49:51 +01:00
Oneric	46148c0825	Don't return garbage on failed collection fetches ... And for now treat partial fetches as a success, since for all current users partial collection data is better than no data at all. If an error occurred while fetching a page, this previously returned a bogus {:ok, {:error, _}} success, causing the error to be attached to the object as an reply list subsequently leading to the whole post getting rejected during validation. Also the pinned collection caller did not actually handle the preexisting error case resulting in process crashes.	2025-02-14 18:49:51 +01:00
Oneric	4701aa2a38	receiver_worker: log processes crashes ... Oban cataches crashes to handle job failure and retry, thus it never bubbles up all the way and nothing is logged by default. For better debugging, catch and log any crashes.	2025-02-14 18:46:19 +01:00
Oneric	fb3de8045a	Expose Port IO stats via Prometheus	2025-01-27 20:00:30 +01:00
Floatingghost	b2b63ad89f	add oban web	2025-01-17 09:38:09 +00:00
ilja space	d56165c71e	Merge branch 'develop' of https://akkoma.dev/AkkomaGang/akkoma into use_fep-c16b_formatting_mfm_functions	2025-01-12 07:59:40 +01:00
Oneric	8fa51700d4	changelog: summarise preceeding perf tweaks	2025-01-07 20:27:28 +01:00
Oneric	2ddff7e386	transmogrifier: gracefully ignore Delete of unknown objects ... It's quite common to receive spurious Deletes, so we neither want to waste resources on retrying nor spam "invalid AP" logs	2025-01-07 20:27:28 +01:00
Oneric	cd8e6a4235	transmogrifier: gracefully ignore duplicated object deletes ... The object lookup is later repeated in the validator, but due to caching shouldn't incur any noticeable performance impact. It’s actually preferable to check here, since it avoids the otherwise occuring user lookup and overhead from starting and aborting a transaction	2025-01-07 20:27:28 +01:00
Oneric	ac2327c8fc	transmogrfier: be more selective about Delete retry ... If something else renders the Delete invalid, there’s no point in retrying anyway	2025-01-07 20:27:28 +01:00
Oneric	92bf93a4f7	transmogrifier: avoid crashes on non-validation Delte errors ... Happens e.g. for duplicated Deletes. The remaining tombstone object no longer has an actor, leading to an error response during side-effect handling.	2025-01-07 20:27:28 +01:00
Oneric	7ad5f8d3c0	object_validators: only query relevant table for object ... Most of them actually only accept either activities or a non-activity object later; querying both is then a waste of resources and may create false positives.	2025-01-07 20:27:28 +01:00
Oneric	b0387dee14	Gracefully ignore Undo activities referring to unknown objects	2025-01-07 20:27:28 +01:00
Oneric	caa4fbe326	user: avoid database work on superfluous pin ... The only thing this does is changing the updated_at field of the user. Afaict this came to be because prior to pins federating this was split into two functions, one of which created a changeset, the other applying a given changeset. When this was merged the bits were just copied into place.	2025-01-07 20:27:28 +01:00
Oneric	09736431e0	Don't spam logs about deleted users ... User.get_or_fetch_by_(apid|nickname) are the only external users of fetch_and_prepare_user_from_ap_id, thus there’s no point in duplicating logging, expecially not at error level. Currently (duplicated) _not_found errors for users make up the bulk of my logs and are created almost every second. Deleted users are a common occurence and not worth logging outside of debug	2025-01-07 20:27:28 +01:00
Oneric	bcf3e101f6	rich_media: lower log level of update	2025-01-07 20:27:28 +01:00
Oneric	05bbdbf388	nodeinfo: lower log level of regular actions to debug	2025-01-07 20:27:28 +01:00
Oneric	2c75600532	federation/incoming: improve link_resolve retry decision ... To facilitate this ObjectValidator.fetch_actor_and_object is adapted to return an informative error. Otherwise we’d be unable to make an informed decision on retrying or not later. There’s no point in retrying to fetch MRF-blocked stuff or private posts for example.	2025-01-07 20:27:28 +01:00
Oneric	0cd4040db6	Error out earlier on missing mandatory reference ... This is the only user of fetch_actor_and_object which previously just always preteneded to be successful. For all the activity types handled here, we absolutely need the referenced object to be able to process it (other than Announce whether or not processing those activity types for unknown remote objects is desirable in the first place is up for debate) All other users of the similar fetch_actor already properly check success. Note, this currently lumps all reolv failure reasons together, so even e.g. boosts of MRF rejected posts will still exhaust all retries. The following commit improves on this.	2025-01-07 20:27:28 +01:00
Oneric	0ba5c3649d	federator: don't nest {:error, _} tuples ... It makes decisions based on error sources harder since all possible nesting levels need to be checked for. As shown by the return values handled in the receiver worker something else still nests those, but this is a first start.	2025-01-07 20:27:28 +01:00
Oneric	8e5defe6ca	stats: estimate remote user count ... This value is currently only used by Prometheus metrics but (after optimisng the peer query inthe preceeding commit) the most costly part of instance stats.	2025-01-07 20:27:28 +01:00
Oneric	138b1aea2f	stats: use cheaper peers query ... This query is one of the top cost offenders during an instances lifetime. For small instances it was shown to take up 30-50% percent of the total database query time, while for bigger isntaces it still held a spot in the top 3 — alost as or even more expensive overall than timeline queries! The good news is, there’s a cheaper way using the instance table: no need to process each entry, no need to filter NULLs and no need to dedupe. EXPLAIN estimates the cost of the old query as 13272.39 and the cost of the new query as 395.74 for me; i.e. a 33-fold reduction. Results can slightly differ. E.g. we might have an old user predating the instance tables existence and no interaction with since or no instance table entry due to failure to query nodeinfo. Conversely, we might have an instance entry but all known users got deleted since. However, this seems unproblematic in practice and well worth the perf improvment. Given the previous query didn’t exclude unreachable instances neither does the new query.	2025-01-07 20:27:28 +01:00
Oneric	8b5183cb74	stats: fix stat spec	2025-01-07 20:27:28 +01:00
Oneric	cbb0d4b0a8	receiver_worker: log unecpected errors ... This can't handle process crash errors but i hope those get a stacktrace logged by default	2025-01-07 20:27:28 +01:00
Oneric	be2c857845	receiver_worker: don't reattempt invalid documents ... Ideally we’d like to split this up more and count most invalid documents as an error, but silently drop e.g. Deletes for unknown objects. However, this is hard to extract from the changeset and jobs canceled with :discard don’t count as exceptions and I’m not aware of a idiomatic way to cancel further retries while retaining the exception status. Thus at least keep a log, but since superfluous "Delete"s seem kinda frequent, don't log at error, only info level.	2025-01-07 20:27:28 +01:00
Oneric	9f4d3a936f	cosmetic/receiver_worker: reformat error cases ... The next commit adds a multi-statement case and then mix format will enforce this anyway	2025-01-07 20:27:28 +01:00
Oneric	f9724b5879	Don’t reattempt insertion of already known objects ... Might happen if we receive e.g. a Like before the Note arrives in our inbox and we thus already queried the Note ourselves.	2025-01-07 20:27:27 +01:00
Oneric	041dedb86e	Don't reattempt RichMediaBackfill by default ... Retrying seems unlikely to be helpful: - if it timed out, chances are the short delay before reattempting won't give the remote enough time to recover from its outage and a longer delay makes the job pointless as users likely scrolled further already. (Likely this is already be the case after the first 20s timeout) - if the remote data is so borked we couldn't even parse it far enough for an "invalid metadata" error, chances are it will remain borked upon reattempt	2025-01-07 20:27:27 +01:00
Oneric	280652651c	rich_media: don't reattempt parsing on rejected URLs	2025-01-07 20:27:27 +01:00
Oneric	92544e8f99	Don't enqueue a plethora of unnecessary NodeInfoFetcher jobs ... There were two issues leading to needles effort: Most importnatly, the use of AP IDs as "source_url" meant multiple simultaneous jobs got scheduled for the same instance even with the default unique settings. Also jobs were scheduled uncontionally for each processed AP object meaning we incured oberhead from managing Oban jobs even if we knew it wasn't necessary. By comparison the single query to check if an update is needed should be cheaper overall.	2025-01-07 20:27:27 +01:00
Oneric	d283ac52c3	Don't create noop SearchIndexingWorker jobs for passive index	2025-01-07 20:27:27 +01:00
Oneric	ed4019e7a3	workers: make custom filtering ahead of enqueue possible	2025-01-07 20:27:27 +01:00
Oneric	25d24cc5f6	validators/add_remove: don't crash on failure to resolve reference ... It allows for informed error handling and retry/discard job decisions lateron which a future commit will add.	2025-01-07 20:27:27 +01:00
Oneric	ead44c6671	federator: don't fetch the user for no reason ... The return value is never used here; later stages which actually need it fetch the user themselves and it doesn't matter wheter we wait for the fech here or later (if needed at all). Even more, this early fetch always fails if the user was already deleted or never known to begin with, but we get something referencing it; e.g. the very Delete action carrying out the user deletion. This prevents processing of the Delete, but before that it will be reattempted several times, each time attempring to fetch the non-existing profile, wasting resources.	2025-01-07 20:27:27 +01:00
Oneric	4859f38624	add_remove_validator: limit refetch rate to 1 per 5s ... This matches the maximum_age used when processing Move activities	2025-01-07 20:27:27 +01:00
Oneric	0f4a7a185f	Drop ap_enabled indicator from atom feeds	2025-01-07 20:27:27 +01:00
Haelwenn (lanodan) Monnier	c17681ae1e	Purge obsolete ap_enabled indicator ... It was used to migrate OStatus connections to ActivityPub if possible, but support for OStatus was long since dropped, all new actors always AP and if anything wasn't migrated before, their instance is already marked as unreachable anyway. The associated logic was also buggy in several ways and deleted users got set to ap_enabled=false also causing some issues. This patch is a pretty direct port of the original Pleroma MR; follow-up commits will further fix and clean up remaining issues. Changes made (other than trivial merge conflict resolutions): - converted CHANGELOG format - adapted migration id for Akkoma’s timeline - removed ap_enabled from additional tests Ported-from: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3880	2025-01-07 20:27:26 +01:00
floatingghost	ad92e504d7	Update mix.exs	2025-01-06 12:01:53 +00:00
Floatingghost	1ffbaa2924	don't allow a nil inbox to obliterate federation	2025-01-06 11:43:41 +00:00
Floatingghost	2e049037de	force CI build	2025-01-05 17:35:01 +00:00
Floatingghost	a2256b3f9e	add unreleased section	2025-01-05 17:30:32 +00:00
Floatingghost	054396a99e	ARM64	2025-01-05 17:23:52 +00:00
Floatingghost	a846e60d71	and the docs one	2025-01-05 16:39:30 +00:00
Floatingghost	1be18a9f4c	update deprecated CI config	2025-01-05 16:37:54 +00:00
Floatingghost	55fc410f80	bump version number	2025-01-05 16:25:42 +00:00
Floatingghost	ae40ccb8ca	add changelog entry	2025-01-05 16:23:09 +00:00
Floatingghost	7ed52838f4	fix test	2025-01-05 16:22:38 +00:00
floatingghost	fe23660a2d	Merge pull request 'openbsd: update service file' (#866) from Oneric/akkoma:openbsd-rcd-file into develop ... Reviewed-on: #866	2025-01-05 15:44:47 +00:00
Floatingghost	177d420ae7	Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop	2025-01-05 15:44:15 +00:00
Floatingghost	b0f2ed6eaa	Merge remote-tracking branch 'oneric/changelog-3.13.4' into develop	2025-01-05 15:44:06 +00:00
floatingghost	39cef8b8d2	Merge pull request 'Set customize_hostname_check for Swoosh.Adapters.SMTP' (#861) from norm/akkoma:smtp-defaults-fix into develop ... Reviewed-on: #861	2025-01-05 15:43:16 +00:00
floatingghost	3ba743d635	Merge pull request 'Update hashtag prune to account for followed hashtags' (#844) from norm/akkoma:hashtag-prune into develop ... Reviewed-on: #844	2025-01-05 15:41:23 +00:00
Floatingghost	bd02c3d7de	Merge remote-tracking branch 'oneric/custom-source' into develop	2025-01-05 15:40:35 +00:00
floatingghost	8de373fa24	Merge pull request 'Fix various attachment cleanup issues' (#789) from Oneric/akkoma:attachcleanup-overeager into develop ... Reviewed-on: #789	2025-01-05 15:39:48 +00:00
floatingghost	d32c4e89bc	Merge pull request 'FEP-dc88: Formatting Mathematics' (#642) from pounce/akkoma:formatting-mathematics into develop ... Reviewed-on: #642	2025-01-05 15:39:31 +00:00
floatingghost	7c095a6b70	Merge pull request 'do not fetch if :limit_to_local_content is :all or :unauthenticated' (#582) from beerriot/akkoma:develop-no-fetch-with-local-limit into develop ... Reviewed-on: #582	2025-01-05 15:39:13 +00:00
Floatingghost	e0428a8f14	Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop	2025-01-05 15:38:32 +00:00
Floatingghost	e5619c0895	Merge remote-tracking branch 'norm/improve-asdf-install' into develop	2025-01-05 15:38:25 +00:00
floatingghost	833d7661d6	Merge pull request 'update nsfwCensorImage suggestion in config/description.exs' (#837) from norm/akkoma:update-nsfwCensorImage into develop ... Reviewed-on: #837	2025-01-05 15:37:08 +00:00
eviloatmeal	d8c7ed70d0	openbsd: update service file ... Changes suggested and tested by eviloatmeal Fixes: #864	2025-01-03 21:22:38 +01:00
Oneric	e8bf4422ff	Delay attachment deletion ... Otherwise attachments have a high chance to disappear with akkoma-fe’s “delete & redraft” feature when cleanup is enabled in the backend. Since we don't know whether a deletion was intended to be part of a redraft process or even if whether the redraft was abandoned we still have to delete attachments eventually. A thirty minute delay should provide sufficient time for redrafting. Fixes: #775	2025-01-03 20:49:11 +01:00
Oneric	bcfbfbcff5	Don't try to cleanup remote attachments ... The cleanup attachment worker was run for every deleted post, even if it’s a remote post whose attachments we don't even store. This was especially bad due to attachment cleanup involving a particularly heavy query wasting a bunch of database perf for nil. This was uncovered by comparing statistics from #784 and #765 (comment)	2025-01-03 20:48:46 +01:00
Oneric	f2e45d4d4b	Teach admin-fe about custom source URLs ... Matching AkkomaGang/akkoma-fe#421	2025-01-03 20:43:52 +01:00
Oneric	7615a11a1e	changelog: fix shuffled and add missing entries	2025-01-03 20:33:41 +01:00
floatingghost	e3c8c4f24f	Merge pull request 'mrf/object_age: fix handling of non-public objects' (#851) from Oneric/akkoma:mrf-fix-oage into develop ... Reviewed-on: #851	2025-01-03 15:26:11 +00:00
floatingghost	67cdc38296	Merge pull request 'Only proxy HTTP and HTTP urls via Media Proxy' (#860) from nopjmp/akkoma:media-proxy-only-http into develop ... Reviewed-on: #860	2025-01-03 15:25:14 +00:00
floatingghost	89d209f486	Merge pull request 'Fix NodeInfo content-type' (#853) from Oneric/akkoma:nodeinfo-contenttype into develop ... Reviewed-on: #853	2025-01-03 15:24:25 +00:00
floatingghost	087ada3b2e	Merge pull request 'Update supported OTP version to 27 in docs' (#849) from norm/akkoma:docs/otp-27 into develop ... Reviewed-on: #849	2025-01-03 15:23:59 +00:00
floatingghost	91bedcfa68	Merge pull request 'Completely omit id for anonymous objects' (#850) from Oneric/akkoma:ap-anonymous-errata into develop ... Reviewed-on: #850	2025-01-03 15:23:03 +00:00
Norm	f19d5d1380	Set customize_hostname_check for Swoosh.Adapters.SMTP ... This should hopefully fix issues with connecting to SMTP servers with wildcard TLS certificates. Taken from https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl Fixes #660	2024-12-18 14:37:27 -05:00
nopjmp	ff5d197341	Update CHANGELOG.md	2024-12-16 20:35:12 -06:00
nopjmp	7632765b43	Only proxy HTTP and HTTP urls via Media Proxy ... We make an assumption that we are only proxying HTTP/HTTPS hosted media through the media proxy endpoint. Fixes: #859	2024-12-16 20:35:12 -06:00
Oneric	294de939cb	signing_key: refactor nested case into with statement ... The error branches were already effectively identical before. This change is purely cosmetic.	2024-12-08 20:43:57 +00:00
Oneric	7583eceb38	Make SigningKey data migration future-proof ... Bug originally discovered by tudbut	2024-12-08 20:43:10 +00:00
ilja space	2624258cfd	Add "FEP-c16b: Formatting MFM functions" to CHANGELOG.md	2024-12-02 12:35:48 +01:00
ilja space	f646e78b48	Add "FEP-c16b: Formatting MFM functions" to FEDERATION.md	2024-12-01 11:51:34 +01:00
ilja space	d5e9f6be47	Merge branch 'develop' of https://akkoma.dev/AkkomaGang/akkoma into use_fep-c16b_formatting_mfm_functions	2024-12-01 11:16:59 +01:00
Floatingghost	834edfcf96	add changelog	2024-11-26 09:50:04 +00:00
Floatingghost	79b282dea6	bump version	2024-11-26 09:36:20 +00:00
Floatingghost	d1d82782db	add signing key index	2024-11-26 09:35:56 +00:00
Haelwenn (lanodan) Monnier	2b1a252cc7	User: truncate remote user fields instead of rejecting	2024-11-26 09:29:44 +00:00
Calvin Lee	f048e0cf1b	Allow MathML core tags in sanitized content	2024-11-25 23:18:52 +00:00
Oneric	416aebb76a	Fix NodeInfo content-type ... Fixes: #852	2024-11-19 19:25:31 +01:00
Oneric	932810c35e	mrf/object_age: fix handling of non-public objects ... Current logic unconditionally adds public adressing to "cc" and follower adressing to "to" after attempting to strip it from the other one. This creates serious problems: First the bug prompting this investigation and fix, unconditional addition creates duplicates when adressing URIs already were in their intended final field; e.g. this is prominently the case for all "unlisted" posts. Since List.delete only removes the first occurence, this then broke follower-adress stripping later on making the policy ineffective. It’s also just not safe in general wrt to non-public adressing: e.g. pre-existing duplicates didn’t get fully stripped, bespoke adressing modes with only one of public addressing or follower addressing are mangled — and most importantly: any belatedly received DM or follower-only post also got public adressing added! Shockingly this last point was actually asserted as "correct" in tests; it appears to be a mistake from mindless match adjustments while fixing crashes on nil adressing in 10c792110e. Clean up this sloppy logic up, making sure no more duplicates are added by us, all instances of relevant adresses are purged and only readded when they actually existed to begin with.	2024-11-17 00:44:51 +01:00
Norm	4c7ef1e027	Update supported OTP version to 27 in docs ... The minor incompatibility should have been fixed with commit bee10eab5e and PRs #839 and #841.	2024-11-09 18:24:53 -05:00
Oneric	0f9c9aac38	Completely omit id for anonymous objects ... Current AP spec demands anonymous objects to have an id value, but explicitly set it to JSON null. Howeveras it turns out this is incompatible with JSON-LD requiring `@id` to be a string and thus AP spec is incompatible iwth the Ativity Streams spec it is based on. This is an issue for (the few) AP implementers actually performing JSON-LD processing, like IceShrimp.NET. This was uncovered by IceShrimp.NET’s zotan due to our adoption of anonymous objects for emoj in f101886709. The issues is being discussed by W3C, and will most likely be resolved via an errata redefining anonymous objects to completely omit the id field just like transient objects already do. See: https://github.com/w3c/activitypub/issues/476 Fixes: #848	2024-11-09 19:29:29 +01:00
Floatingghost	c0a99df06a	Merge remote-tracking branch 'oneric/varfixes' into develop	2024-10-30 15:15:00 +00:00
floatingghost	0cb4c35ee4	Merge pull request 'Extract keys to their own table, match keyID' (#816) from keys-extraction into develop ... Reviewed-on: #816	2024-10-30 15:08:11 +00:00
Floatingghost	c9b3fcc1d3	allow for OTP code changes in :zip	2024-10-30 14:43:18 +00:00
Floatingghost	11c5838947	standardise local key id generation	2024-10-30 12:44:01 +00:00
Norm	6ed5be61ff	docs: Note that Elixir 1.17 has been tested as working	2024-10-26 18:51:45 -04:00
Floatingghost	180dc8b472	downgrade earmark	2024-10-26 08:50:38 +01:00
Floatingghost	d330c57cda	make sure we correctly match key objects	2024-10-26 08:42:07 +01:00
Floatingghost	bd64d07082	ensure migration actually works	2024-10-26 07:51:41 +01:00
Floatingghost	9d2c558f64	remove unused import	2024-10-26 07:42:43 +01:00
Floatingghost	ac25b051ae	remove previous "allow user routes" functionality	2024-10-26 07:28:43 +01:00
Floatingghost	c5a44a59db	remove unneeded index	2024-10-26 07:00:38 +01:00
Floatingghost	58d5d9d7bf	fix tests, contain object	2024-10-26 06:58:47 +01:00
Floatingghost	b6e8fde4dd	Merge branch 'develop' into keys-extraction	2024-10-26 06:11:29 +01:00
Floatingghost	bee10eab5e	correct minor zip behaviour	2024-10-26 06:11:12 +01:00
Floatingghost	13215f5f06	remove public key field	2024-10-26 05:28:55 +01:00
Floatingghost	430b376ded	mix format	2024-10-26 05:05:48 +01:00
Floatingghost	ccf1007883	Fix about a million tests	2024-10-26 05:05:48 +01:00
Floatingghost	6da783b84d	Fix http signature plug tests	2024-10-26 05:05:48 +01:00
Floatingghost	8f322456a0	Allow unsigned fetches of a user's public key	2024-10-26 05:05:48 +01:00
Floatingghost	9c876cea21	Fix some tests	2024-10-26 05:05:48 +01:00
Floatingghost	9728e2f8f7	adjust logic to use relation :signing_key	2024-10-26 05:05:47 +01:00
Floatingghost	b0f7da9ce0	remove now-unused Keys module	2024-10-26 05:05:28 +01:00
Floatingghost	fc99c694e6	Add signing key modules	2024-10-26 05:05:28 +01:00
Floatingghost	fbb13fde76	Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop	2024-10-26 05:04:27 +01:00
Floatingghost	cbd236aeb5	mix format	2024-10-26 05:04:20 +01:00
floatingghost	71d3bbd7be	Merge pull request 'Fix wrong type when importing emojis' (#841) from tudbut/akkomafixes:emojis into develop ... Reviewed-on: #841	2024-10-26 04:00:12 +00:00
floatingghost	98a3dab10a	Merge pull request 'Fix fs error while unpacking frontends' (#839) from tudbut/akkomafixes:frontends into develop ... Reviewed-on: #839	2024-10-26 03:58:40 +00:00
Norm	88a8086ad3	Use LEFT JOIN instead of UNION for hashtag pruning	2024-10-25 12:26:14 -04:00
Norm	40da4e88ea	Update hashtag prune to account for followed hashtags ... Currently pruning hashtags with the prune_objects task only accounts for whether that hashtag is associated with an object, but this may lead to a foreign key constraint violation if that hashtag has no objects but is followed by a local user. This adds an additional check to see if that hashtag has any followers before proceeding to delete it.	2024-10-25 11:55:37 -04:00
Norm	a2e397a79d	Update asdf install docs in Debian install guide ... Instead of trying to update the version of asdf being used, just point users to the guide on their website. Ideally we'd do this for Elixir and Erlang as well, but new versions of those packages may sometimes have compatibility issues with Akkoma. For now, update those to the latest OTP and Elixir versions known to be comaptible with Akkoma.	2024-10-22 16:01:58 -04:00
Norm	e4332d06b5	update nsfwCensorImage suggestion in config/description.exs ... Turns out this is also used to set the default values in adminfe. However, this URL may break with newer Akkoma-FE versions. Instead, set this to blank so that it falls back to the default NSFW cover image set at build time on Akkoma-FE.	2024-10-20 00:59:52 -04:00
TudbuT	661b7fedb6	fix wrong type when importing emojis	2024-10-18 14:57:31 +02:00
TudbuT	8b5aca9619	fix fs error while unpacking frontends	2024-10-18 14:50:28 +02:00
floatingghost	f101886709	Merge pull request 'Federate emoji as anonymous objects' (#815) from Oneric/akkoma:emoji-id into develop ... Reviewed-on: #815	2024-10-16 14:58:46 +00:00
floatingghost	09fa7227f6	Merge pull request 'Tweak fetch security checks' (#819) from Oneric/akkoma:id-refetch into develop ... Reviewed-on: #819	2024-10-16 14:16:14 +00:00
Oneric	d5b0720596	Allow cross-domain redirects on AP requests ... Since we now remember the final location redirects lead to and use it for all further checks since 3e134b07fa, these redirects can no longer be exploited to serve counterfeit objects. This fixes: - display URLs from independent webapp clients redirecting to the canonical domain - Peertube display URLs for remote content (acting like the above)	2024-10-14 01:42:51 +02:00
Oneric	940792f8ba	Refetch on AP ID mismatch ... As hinted at in the commit message when strict checking was added in 8684964c5d, refetching is more robust than display URL comparison but in exchange is harder to implement correctly. A similar refetch approach is also employed by e.g. Mastodon, IceShrimp and FireFish. To make sure no checks can be bypassed by forcing a refetch, id checking is placed at the very end. This will fix: - Peertube display URL arrays our transmogrifier fails to normalise - non-canonical display URLs from alternative frontends (theoretical; we didnt’t get any actual reports about this) It will also be helpful in the planned key handling overhaul. The modified user collision test was introduced in https://git.pleroma.social/pleroma/pleroma/-/merge_requests/461 and unfortunately the issues this fixes aren’t public. Afaict it was just meant to guard against someone serving faked data belonging to an unrelated domain. Since we now refetch and the id actually is mocked, lookup now succeeds but will use the real data from the authorative server making it unproblematic. Instead modify the fake data further and make sure we don’t end up using the spoofed version.	2024-10-14 01:42:43 +02:00
floatingghost	3c72b48a05	Merge pull request 'Fix busywait on docker-entrypoint script' (#832) from cevado/akkoma:fix-busy-wait-docker-entrypoint into develop ... Reviewed-on: #832	2024-09-24 23:52:07 +00:00
floatingghost	6475cf127e	Merge pull request 'Overhaul OpenRC service file and disable busy wait by default' (#834) from Oneric/akkoma:openrc-upd into develop ... Reviewed-on: #834	2024-09-24 23:50:48 +00:00
Oneric	a8a231c5b2	Don't busy wait in default from-source service files	2024-09-24 17:36:54 +02:00
Oneric	2901fda29c	openrc: recompile with lower CPU prio	2024-09-24 16:58:54 +02:00
Oneric	bd14440386	openrc: overhaul service file ... - pass env vars the proper™ way - write log to file - drop superfluous command_background - make settings easily overwritable via conf.d to avoid needing to edit the service file directly if e.g. Akkoma was installed to another location	2024-09-24 16:58:35 +02:00
cevado	b312edac4c	Fix busywait on docker-entrypoint script	2024-08-20 19:29:11 -03:00
floatingghost	3bb31117e6	Merge pull request 'Handle domain mutes on the backend' (#804) from domain-mute-backend-processing into develop ... Reviewed-on: #804	2024-08-20 10:32:47 +00:00
Floatingghost	2c5c531c35	readd comment about domain mutes	2024-08-20 11:05:36 +01:00
ilja	90adb3cff5	Fix tests ... There was one test who used MFM and now failed due to the new representation. This is now adapted so it doesn't fail any more. There was another test failing, but I don't see how this could have been affected by the MFM changes... But I did draw in newer dependencies, so I thought maybe a newer EARMARK dependency was now failing, and indeed. By explicitly asking for 1.4.46 (according to mix.lock the version it was before), it now works again. This is what was failing. It seems that earmark 1.4.47 removed everything before the comment, which it should not do. 1) test format_input/3 with markdown raw HTML (Pleroma.Web.CommonAPI.UtilsTest) test/pleroma/web/common_api/utils_test.exs:213 Assertion with == failed code: assert result == ~s"<a href=\"http://example.org/\">OwO</a>" left: "" right: "<a href=\"http://example.org/\">OwO</a>" stacktrace: test/pleroma/web/common_api/utils_test.exs:216: (test)	2024-08-11 14:59:10 +02:00
ilja	f6422cb370	Use FEP-c16b: formatting mfm functions ... See <#381> We can't use the HTML content as-is. [FEP-c16b](https://codeberg.org/fediverse/fep/src/branch/main/fep/c16b/fep-c16b.md) was written to have a "scrubber friendly" way of representing MFM functions in HTML. Here we add support in the backend for the functions Foundkey supports. The front-ends then needs to add support to make sure the HTML representation is turned into a correct view. (I.e. by help of CSS and Javascript) FEP-c16b also has a discovery mechanism to indicate to recieving servers that they can use the `content` directly. This is not implemented in this commit	2024-08-10 20:21:05 +02:00
Oneric	a3101a435b	Fix swagger-ui ... Ever since the browser frontend switcher was introduced in de64c6c54a /akkoma counts as an API prefix and thus gets skipped by frontend plugs breaking the old swagger ui path of /akkoma/swagger-ui. Do the simple thing and change the frontend path to /pleroma/swaggerui which isn't an API path and can't collide with frontend user paths given pleroma is areserved nickname. Reported in https://meta.akkoma.dev/t/view-all-endpoints/269/7 https://meta.akkoma.dev/t/swagger-ui-not-loading/728	2024-06-27 18:29:45 +02:00
Oneric	d488cf476e	Fix voters count field ... Mastodon API demands this be null unless it’s a multi-selection poll. Not abiding by this can mess up display in some clients. Fixes: #190	2024-06-27 18:29:45 +02:00
Oneric	ca182a0ae7	Correctly parse content types with multiple profiles ... Multiple profiles can be specified as a space-separated list and the possibility of additional profiles is explicitly brought up in ActivityStream spec	2024-06-27 18:29:45 +02:00
Oneric	495a1a71e8	strip_metadata: skip BMP files ... Not _yet_ supported as of exiftool 12.87, though at first glance it seems like standard BMP files can't store any metadata besides colour profiles Fixes the specific case from AkkomaGang/akkoma-fe#396 although the frontend shouldn’t get bricked regardless.	2024-06-27 18:29:45 +02:00
Mark Felder	cf19d4901f	Disable Ecto query logging in tests ... The debug logs are very noisy and can be enabled during analysis of a specific error believed to be SQL-related -- Before log capturing those debug messages were still hidden, but with log capturing they show up in the output of failed tests unless disabled. Cherry-picked-from: e628d00a81	2024-06-27 18:29:45 +02:00
Mark Felder	07539f7825	Hide logs during test unless a test fails ... Currently `mix test` prints a slew of logs in the terminal with messages from different tests intermsparsed. Globally enabling capture log hides log messages unless a test fails reducing noise and making it easier to anylse the important (from failed tests) messages. Compiler warnings and a few messages not printed via Logger still show up but its much more readable than before. Ported from: 3aed111a42	2024-06-27 18:29:45 +02:00
Oneric	0ab2f2ab45	ci: retry failed tasks once ... We have a bunch of mysterious sporadic failures which usually disappear when rerunning failed jobs only. Ideally we should locate and fix the cause of those psoradic failures, but until we figure this out retrying once makes CI status less useless.	2024-06-27 18:29:45 +02:00
Oneric	95ed4931f8	docs: note frontend tasks need to be run as akkoma user ... Fixes: #748	2024-06-27 18:29:45 +02:00
Oneric	7cd3954152	Remove superfluous actor key suffix ... Fragments are already always stripped anyway so listing one specific fragment here is unnecessary and potentially confusing. This effectively reverts 4457928e32 but keeps the added bridgy testcase.	2024-06-27 18:29:45 +02:00
Oneric	80a4e30be7	Upgrade captach dep ... Fixes a deprecation warning showing up each mix call when using elixir 1.17	2024-06-27 18:29:45 +02:00
floatingghost	3ff0f46b9f	Merge pull request 'Docs: Improve backup restore + fix warnings' (#554) from ilja/akkoma:docs_db_create_in_separate_commands into develop ... Reviewed-on: #554	2024-06-25 21:33:42 +00:00
Oneric	4ff5293093	Federate emoji as anonymous objects ... Usually an id should point to another AP object and the image file isn’t an AP object. We currently do not provide standalone AP objects for emoji and don't keep track of remote emoji at all. Thus just federate them as anonymous objects, i.e. objects only existing within a parent context and using an explicit null id. IceShrimp.NET previously adopted anonymous objects for remote emoji without any apparent issues. See: 333611f65e Fixes: #694	2024-06-23 20:46:59 +02:00
floatingghost	4f0cb61782	Merge pull request 'Move prune changelog entries to correct version' (#808) from norm/akkoma:prune-changelog into develop ... Reviewed-on: #808	2024-06-23 02:20:36 +00:00
floatingghost	5fdb5d69d2	Merge pull request 'Update Caddyfile' (#809) from norm/akkoma:caddyfile-update into develop ... Reviewed-on: #809	2024-06-23 02:20:24 +00:00
floatingghost	f66135ed08	Merge pull request 'Avoid accumulation of stale data in websockets' (#806) from Oneric/akkoma:websocket_fullsweep into develop ... Reviewed-on: #806 Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>	2024-06-23 02:19:36 +00:00
floatingghost	dc34328f15	Merge pull request 'Fix elixir 1.17 and migration lock warnings' (#810) from Oneric/akkoma:ex1.17-warnings into develop ... Reviewed-on: #810	2024-06-23 02:18:41 +00:00
Oneric	13e2a811ec	Avoid accumulation of stale data in websockets ... We’ve received reports of some specific instances slowly accumulating more and more binary data over time up to OOMs and globally setting ERL_FULLSWEEP_AFTER=0 has proven to be an effective countermeasure. However, this incurs increased cpu perf costs everywhere and is thus not suitable to apply out of the box. Apparently long-lived Phoenix websocket processes are known to often cause exactly this by getting into a state unfavourable for the garbage collector. Therefore it seems likely affected instances are using timeline streaming and do so in just the right way to trigger this. We can tune the garbage collector just for websocket processes and use a more lenient value of 20 to keep the added perf cost in check. Testing on one affected instance appears to confirm this theory Ref.: https://www.erlang.org/doc/man/erlang#ghlink-process_flag-2-idp226 https://blog.guzman.codes/using-phoenix-channels-high-memory-usage-save-money-with-erlfullsweepafter https://git.pleroma.social/pleroma/pleroma/-/merge_requests/4060 Tested-by: bjo	2024-06-22 22:22:33 +02:00
Oneric	1a4238bf98	cosmetic: fix concurrent index creation warnings ... Since those old migrations will now most likely only run during db init, there’s not much point in running them in the background concurrently anyway, so just drop the cncurrent setting rather than disabling migration locks.	2024-06-19 02:25:23 +02:00
Oneric	c3069b9478	cosmetic: fix elixir 1.17 compiler warnings in main application	2024-06-19 01:49:59 +02:00
Norm	51f09531c4	Disable gzip compression in Caddyfile ... Currently Akkoma doesn't have any proper mitigations against BREACH, which exploits the use of HTTP compression to exfiltrate sensitive data. (see: #721 (comment)) To err on the side of caution, disable gzip compression for now until we can confirm that there's some sort of mitigation in place (whether that would be Heal-The-Breach on the Caddy side or any Akkoma-side mitigations).	2024-06-17 23:13:55 -04:00
Norm	962847fdc3	Uncomment media subdomain settings in Caddyfile ... Now that a media subdomain is strongly recommended for security reasons, there is no reason for them to be commented out by default.	2024-06-17 23:12:55 -04:00
Norm	83aab0859a	Move prune changelog entries to correct version	2024-06-17 22:41:40 -04:00
Weblate	eb2b0d26e4	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	91870590ec	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	c442877c25	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	16af0bad55	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	16ee6ed500	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	babf5df0e7	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	5767f59294	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	72ce0b7759	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	0cf9b44179	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	3cf335c4d0	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	1556e2be8e	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	629077dce4	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	50256af6f6	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	c5d36d9679	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	fb4c5b97c7	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	a715cf4b3c	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:04 +00:00
Weblate	693a6486da	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:03 +00:00
Weblate	4e353f0335	Update translation files ... Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-06-17 21:53:03 +00:00
floatingghost	5992e8bb16	Merge pull request 'Update http-signatures dep, allow created header' (#800) from created-pseudoheader into develop ... Reviewed-on: #800	2024-06-17 21:52:59 +00:00
Floatingghost	57273754b7	we may as well handle (expires) as well	2024-06-17 22:30:14 +01:00
floatingghost	59bfdf2ca4	Merge pull request 'Add limit CLI flags to prune jobs' (#655) from Oneric/akkoma:prune-batch into develop ... Reviewed-on: #655	2024-06-17 20:47:53 +00:00
floatingghost	a9e2e31e3b	Merge pull request 'Remove proxy_remote vestiges' (#805) from Oneric/akkoma:purge_proxy_remote into develop ... Reviewed-on: #805	2024-06-17 20:47:11 +00:00
Oneric	bf8f493ffd	Remove proxy_remote vestiges ... Ever since 364b6969eb this setting wasn't used by the backend and a noop. The stated usecase is better served by setting the base_url to a local subdomain and using proxying in nginx/Caddy/...	2024-06-16 01:21:52 +02:00
Floatingghost	3b197503d2	me me stupid person	2024-06-15 15:30:02 +01:00
Floatingghost	c0b2bba55e	revert subdomain change until i can look at why i did that	2024-06-15 15:14:42 +01:00
Floatingghost	4b765b1886	mix format	2024-06-15 15:06:28 +01:00
Floatingghost	cba2c5725f	Filter emoji reaction accounts by domain blocks	2024-06-15 15:05:52 +01:00
Floatingghost	2b96c3b224	Update http-signatures dep, allow created header	2024-06-12 18:40:44 +01:00
floatingghost	b03edb4ff4	Merge pull request 'Fix StealEmoji’s max size check' (#793) from Oneric/akkoma:emojistealer_contentlength into develop ... Reviewed-on: #793	2024-06-12 17:09:05 +00:00
floatingghost	5b75fb2a2f	Merge pull request 'pool timeouts/rich media cherry-picks' (#796) from pool-timeouts into develop ... Reviewed-on: #796	2024-06-12 17:08:06 +00:00
Floatingghost	4d6fb43cbd	No need to spawn() any more	2024-06-12 02:09:24 +01:00
Floatingghost	ad52135bf5	Convert rich media backfill to oban task	2024-06-11 18:06:51 +01:00
Floatingghost	28d357f52c	add diagnostic script	2024-06-10 15:10:47 +01:00
Floatingghost	9c5feb81aa	fix tests	2024-06-09 21:26:29 +01:00
Floatingghost	a360836ce3	fix oembed test	2024-06-09 21:17:12 +01:00
Floatingghost	840c70c4fa	remove prints	2024-06-09 18:52:09 +01:00
Floatingghost	c65379afea	attempt to fix some tests	2024-06-09 18:45:38 +01:00
Floatingghost	16bed0562d	Fix tests	2024-06-09 18:28:00 +01:00
Mark Felder	a801dd7b07	Fix module struct matching	2024-06-09 17:38:28 +01:00
Mark Felder	1e86da43f5	Credo	2024-06-09 17:38:24 +01:00
Mark Felder	411831458c	Credo	2024-06-09 17:38:18 +01:00
Mark Felder	56463b2121	Fix compile warning ... warning: "else" clauses will never match because all patterns in "with" will always match lib/pleroma/web/rich_media/parser/ttl/opengraph.ex:10	2024-06-09 17:38:12 +01:00
Mark Felder	2f5eb79473	Mastodon API: Remove deprecated GET /api/v1/statuses/:id/card endpoint ... Removed back in 2019 https://github.com/mastodon/mastodon/pull/11213	2024-06-09 17:38:06 +01:00
Mark Felder	f4daa90bd8	Remove test validating missing descriptions are returned as an empty string	2024-06-09 17:37:59 +01:00
Mark Felder	688748b531	Improve test description	2024-06-09 17:37:32 +01:00
Mark Felder	2e5aa71176	Rich Media Cards are fetched asynchonously and not guaranteed to be available on first post render	2024-06-09 17:37:22 +01:00
Mark Felder	7ca655a999	Rich Media Cards are cached by URL not per status	2024-06-09 17:36:57 +01:00
Mark Felder	4746f98851	Fix broken Rich Media parsing when the image URL is a relative path	2024-06-09 17:36:28 +01:00
Mark Felder	765c7e98d2	Respect the TTL returned in OpenGraph tags	2024-06-09 17:36:15 +01:00
Mark Felder	ddbe989461	Fix broken tests	2024-06-09 17:35:47 +01:00
Floatingghost	4a3dd5f65e	lost in cherry-pick	2024-06-09 17:34:41 +01:00
Mark Felder	bfe4152385	Increase the :max_body for Rich Media to 5MB ... Websites are increasingly getting more bloated with tricks like inlining content (e.g., CNN.com) which puts pages at or above 5MB. This value may still be too low.	2024-06-09 17:34:29 +01:00
Mark Felder	5da9cbd8a5	RichMedia refactor ... Rich Media parsing was previously handled on-demand with a 2 second HTTP request timeout and retained only in Cachex. Every time a Pleroma instance is restarted it will have to request and parse the data for each status with a URL detected. When fetching a batch of statuses they were processed in parallel to attempt to keep the maximum latency at 2 seconds, but often resulted in a timeline appearing to hang during loading due to a URL that could not be successfully reached. URLs which had images links that expire (Amazon AWS) were parsed and inserted with a TTL to ensure the image link would not break. Rich Media data is now cached in the database and fetched asynchronously. Cachex is used as a read-through cache. When the data becomes available we stream an update to the clients. If the result is returned quickly the experience is almost seamless. Activities were already processed for their Rich Media data during ingestion to warm the cache, so users should not normally encounter the asynchronous loading of the Rich Media data. Implementation notes: - The async worker is a Task with a globally unique process name to prevent duplicate processing of the same URL - The Task will attempt to fetch the data 3 times with increasing sleep time between attempts - The HTTP request obeys the default HTTP request timeout value instead of 2 seconds - URLs that cannot be successfully parsed due to an unexpected error receives a negative cache entry for 15 minutes - URLs that fail with an expected error will receive a negative cache with no TTL - Activities that have no detected URLs insert a nil value in the Cachex :scrubber_cache so we do not repeat parsing the object content with Floki every time the activity is rendered - Expiring image URLs are handled with an Oban job - There is no automatic cleanup of the Rich Media data in the database, but it is safe to delete at any time - The post draft/preview feature makes the URL processing synchronous so the rendered post preview will have an accurate rendering Overall performance of timelines and creating new posts which contain URLs is greatly improved.	2024-06-09 17:33:48 +01:00
Floatingghost	a924e117fd	Add pool timeouts	2024-06-09 17:20:29 +01:00
floatingghost	d1c4b97613	Merge pull request 'Raise minimum PostgreSQL version to 12' (#786) from Oneric/akkoma:psql-min-ver into develop ... Reviewed-on: #786	2024-06-07 16:53:22 +00:00
Oneric	2180d068ae	Raise log level for start failures	2024-06-07 16:21:21 +02:00
Oneric	a3840e7d1f	Raise minimum PostgreSQL version to 12 ... This lets us: - avoid issues with broken hash indices for PostgreSQL <10 - drop runtime checks and legacy codepaths for <11 in db search - always enable custom query plans for performance optimisation PostgreSQL 11 is already EOL since 2023-11-09, so in theory everyone should already have moved on to 12 anyway.	2024-06-07 16:21:09 +02:00
Oneric	b17d3dc6d8	Fix changelog ... Apparently got jumbled during some rebase(s)	2024-06-07 16:20:34 +02:00
floatingghost	f8f364d36d	Merge pull request 'Handle errors from HTTP requests gracefully' (#791) from wp-embeds into develop ... Reviewed-on: #791	2024-06-07 12:58:58 +00:00
floatingghost	329d8fcba8	Merge pull request 'Update PGTune recommendations' (#795) from norm/akkoma:pgtune into develop ... Reviewed-on: #795	2024-06-07 12:57:00 +00:00
Norm	e2860e5292	Update PGTune recommendations ... From experience, setting DB type to "Online transaction processing system" seems to give the most optimal configuration in terms of performance. I also increased the recomended max connections to 25-30 as that leaves some room for maintenance tasks to run without running out of connections. Finally, I removed the example configs since they're probably out of date and I think it's better to direct people to use PGTune instead.	2024-06-06 12:18:51 -04:00
Oneric	df27567d99	mrf/steal_emoji: display download_unknown_size in admin-fe ... Fixes omission in d6d838cbe8	2024-06-05 20:14:10 +02:00
Oneric	be5440c5e8	mrf/steal_emoji: fix size limit check ... Headers are strings, but this expected to already get an int thus always failing the comparison if the header was set. Fixes mistake in d6d838cbe8	2024-06-05 20:11:53 +02:00
Oneric	68fe0a9633	test: fix content-length value type ... All headers are strings, always. In this case it didn't matter atm, but let’s not provide confusing examples.	2024-06-05 19:59:59 +02:00
Floatingghost	0f65dd3ebe	remove pointless logger	2024-06-04 14:34:59 +01:00
Floatingghost	38d09cb0ce	remove now-pointless clause	2024-06-04 14:34:18 +01:00
Floatingghost	c9a03af7c1	Move rescue to the HTTP request itself	2024-06-04 14:30:16 +01:00
Floatingghost	0f7ae0fa21	am i baka	2024-06-04 14:26:33 +01:00
Floatingghost	30e13a8785	Don't error on rich media fail	2024-06-04 14:21:40 +01:00
Floatingghost	778b213945	enqueue pin fetches after changeset validation	2024-06-01 08:25:35 +01:00
Oneric	bed7ff8e89	mix: consistently use shell_info and shell_error ... Logger output being visible depends on user configuration, but most of the prints in mix tasks should always be shown. When running inside a mix shell, it’s probably preferable to send output directly to it rather than using raw IO.puts and we already have shell_* functions for this, let’s use them everywhere.	2024-05-31 17:17:42 +02:00
Oneric	70cd5f91d8	dbprune/activites: prune array activities first ... This query is less costly; if something goes wrong or gets aborted later at least this part will arelady be done.	2024-05-31 17:16:40 +02:00
Oneric	aeaebb566c	dbprune: allow splitting array and single activity prunes ... The former is typically just a few reports; it doesn't make sense to rerun it over and over again in batched prunes or if a full prune OOMed.	2024-05-31 17:16:40 +02:00
Oneric	5751637926	dbprune: use query!	2024-05-31 17:16:40 +02:00
Oneric	24bab63cd8	dbprune: add more logs ... Pruning can go on for a long time; give admins some insight into that something is happening to make it less frustrating and to make it easier which part of the process is stalled should this happen. Again most of the changes are merely reindents; review with whitespace changes hidden recommended.	2024-05-31 17:16:40 +02:00
Oneric	1d4c212441	dbprune: shortcut array activity search ... This brought down query costs from 7,953,740.90 to 47,600.97	2024-05-31 17:16:40 +02:00
Oneric	6e7cbf1885	Test both standalone and flag mode for pruning orphaned activities	2024-05-31 17:16:40 +02:00
Oneric	225f87ad62	Also allow limiting the initial prune_object ... May sometimes be helpful to get more predictable runtime than just with an age-based limit. The subquery for the non-keep-threads path is required since delte_all does not directly accept limit(). Again most of the diff is just adjusting indentation, best hide whitespace-only changes with git diff -w or similar.	2024-05-31 17:16:40 +02:00
Oneric	e64f031167	Log number of deleted rows in prune_orphaned_activities ... This gives feedback when to stop rerunning limited batches. Most of the diff is just adjusting indentation; best reviewed with whitespace-only changes hidden, e.g. `git diff -w`.	2024-05-31 17:16:40 +02:00
Oneric	fa52093bac	Add standalone prune_orphaned_activities CLI task ... This part of pruning can be very expensive and bog down the whole instance to an unusable sate for a long time. It can thus be desireable to split it from prune_objects and run it on its own in smaller limited batches. If the batches are smaller enough and spaced out a bit, it may even be possible to avoid any downtime. If not, the limit can still help to at least make the downtime duration somewhat more predictable.	2024-05-31 17:16:40 +02:00
Oneric	3126d15ffc	refactor: move prune_orphaned_activities into own function ... No logic changes. Preparation for standalone orphan pruning.	2024-05-31 17:16:39 +02:00
floatingghost	8f97c15b07	Merge pull request 'Preserve Meilisearch’s result ranking' (#772) from Oneric/akkoma:search-meili-order into develop ... Reviewed-on: #772	2024-05-31 14:12:05 +00:00
Floatingghost	3af0c53a86	use proper workers for fetching pins instead of an ad-hoc task (#788) ... Reviewed-on: #788 Co-authored-by: Floatingghost <hannah@coffee-and-dreams.uk> Co-committed-by: Floatingghost <hannah@coffee-and-dreams.uk>	2024-05-31 08:58:52 +00:00
Oneric	fc7e07f424	meilisearch: enable using search_key ... Using only the admin key works as well currently and Akkoma needs to know the admin key to be able to add new entries etc. However the Meilisearch key descriptions suggest the admin key is not supposed to be used for searches, so let’s not. For compatibility with existings configs, search_key remains optional.	2024-05-29 23:17:27 +00:00
Oneric	59685e25d2	meilisearch: show keys by name not description ... This makes show-key’s output match our documentation as of Meilisearch 1.8.0-8-g4d5971f343c00d45c11ef0cfb6f61e83a8508208. Since I’m not sure if older versions maybe only provided description, it will fallback to the latter if no name parameter exists.	2024-05-29 23:17:27 +00:00
Oneric	65aeaefa41	meilisearch: respect meili’s result ranking ... Meilisearch is already configured to return results sorted by a particular ranking configured in the meilisearch CLI task. Resorting the returned top results by date partially negates this and runs counter to what someone with tweaked settings expects. Issue and fix identified by AdamK2003 in #579 But instead of using a O(n^2) resorting, this commit directly retrieves results in the correct order from the database. Closes: #579	2024-05-29 23:17:27 +00:00
Oneric	5d6cb6a459	meilisearch: remove duplicate preload	2024-05-29 23:17:27 +00:00
floatingghost	8afc3bee7a	Merge pull request 'Use /var/tmp for media cache path' (#776) from norm/akkoma:nginx-var-tmp into develop ... Reviewed-on: #776 Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>	2024-05-28 02:05:17 +00:00
floatingghost	72871d4514	Merge pull request 'Drop unused indices' (#767) from Oneric/akkoma:purge-unused-indices into develop ... Reviewed-on: #767	2024-05-28 01:35:18 +00:00
floatingghost	72af38c0e9	Merge pull request 'migrate CI config to v2' (#785) from woodpecker-v2 into develop ... Reviewed-on: #785	2024-05-27 03:32:40 +00:00
Floatingghost	ae19fd90c9	use elixir 1.16 for format checks	2024-05-27 04:07:44 +01:00
Floatingghost	66b3248dd3	mix tests probably shouldn't be async	2024-05-27 04:03:13 +01:00
Floatingghost	73ead8656a	don't allow emoji formatter to be async	2024-05-27 03:25:18 +01:00
Floatingghost	f32a7fd76a	arch is aarch64 now	2024-05-27 03:02:02 +01:00
Floatingghost	4078fd655c	migrate CI config to v2	2024-05-27 02:56:05 +01:00
floatingghost	5bdef8c724	Merge pull request 'Allow for attachment to be a single object in user data' (#783) from single-attachment into develop ... Reviewed-on: #783	2024-05-27 01:44:53 +00:00
floatingghost	cdc918c8f1	Merge pull request 'Document AP and nodeinfo extensions' (#778) from Oneric/akkoma:doc_ap-extensions into develop ... Reviewed-on: #778	2024-05-27 01:34:58 +00:00
Floatingghost	f15eded3e1	Add extra test case for nonsense field, increase timeouts	2024-05-27 02:09:48 +01:00
Oneric	05eda169fe	Document AP and nodeinfo extensions ... And while add it point to this via a top-level FEDERATION.md document as standardised by FEP-67ff. Also add a few missing descriptions to the config cheatsheet and move the recently removed C2S extension into an appropiate subsection.	2024-05-26 19:04:06 +02:00
floatingghost	3ce855cbde	Merge pull request 'Fix Exiftool stderr being read as an image description' (#782) from norm/akkoma:fix-exiftool-description into develop ... Reviewed-on: #782	2024-05-26 16:11:12 +00:00
Floatingghost	da67e69af5	Allow for attachment to be a single object in user data	2024-05-26 17:09:26 +01:00
Norm	c2d3221be3	Fix Exiftool stderr being read as an image description ... Fixes: #773	2024-05-23 14:44:17 -04:00
Floatingghost	5e92f955ac	bump version	2024-05-22 19:42:25 +01:00
Floatingghost	b72127b45a	Merge remote-tracking branch 'oneric-sec/media-owner' into develop	2024-05-22 19:36:10 +01:00
Oneric	9a91299f96	Don't try to handle non-media objects as media ... Trying to display non-media as media crashed the renderer, but when posting a status with a valid, non-media object id the post was still created, but then crashed e.g. timeline rendering. It also crashed C2S inbox reads, so this could not be used to leak private posts.	2024-05-22 20:30:23 +02:00
Oneric	fbd961c747	Drop activity_type override for uploads ... Afaict this was never used, but keeping this (in theory) possible hinders detecting which objects are actually media uploads and which proper ActivityPub objects. It was originally added as part of upload support itself in 02d3dc6869 without being used and `git log -S:activity_type` and `git log -Sactivity_type:` don't find any other commits using this.	2024-05-22 20:30:23 +02:00
Oneric	0c2b33458d	Restrict media usage to owners ... In Mastodon media can only be used by owners and only be associated with a single post. We currently allow media to be associated with several posts and until now did not limit their usage in posts to media owners. However, media update and GET lookup was already limited to owners. (In accordance with allowing media reuse, we also still allow GET lookups of media already used in a post unlike Mastodon) Allowing reuse isn’t problematic per se, but allowing use by non-owners can be problematic if media ids of private-scoped posts can be guessed since creating a new post with this media id will reveal the uploaded file content and alt text. Given media ids are currently just part of a sequentieal series shared with some other objects, guessing media ids is with some persistence indeed feasible. E.g. sampline some public media ids from a real-world instance with 112 total and 61 monthly-active users: 17.465.096 at t0 17.472.673 at t1 = t0 + 4h 17.473.248 at t2 = t1 + 20min This gives about 30 new ids per minute of which most won't be local media but remote and local posts, poll answers etc. Assuming the default ratelimit of 15 post actions per 10s, scraping all media for the 4h interval takes about 84 minutes and scraping the 20min range mere 6.3 minutes. (Until the preceding commit, post updates were not rate limited at all, allowing even faster scraping.) If an attacker can infer (e.g. via reply to a follower-only post not accessbile to the attacker) some sensitive information was uploaded during a specific time interval and has some pointers regarding the nature of the information, identifying the specific upload out of all scraped media for this timerange is not impossible. Thus restrict media usage to owners. Checking ownership just in ActivitDraft would already be sufficient, since when a scheduled status actually gets posted it goes through ActivityDraft again, but would erroneously return a success status when scheduling an illegal post. Independently discovered and fixed by mint in Pleroma 1afde067b1	2024-05-22 20:30:18 +02:00
Floatingghost	842cac2a50	ensure we mock_global	2024-05-22 19:30:03 +01:00
Lain Soykaf	3e1f5e5372	WebFingerControllerTest: Restore host after test.	2024-05-22 19:27:51 +01:00
marcin mikołajczak	3a21293970	Fix tests ... Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2024-05-22 19:27:31 +01:00
marcin mikołajczak	0d66237205	Fix validate_webfinger when running a different domain for Webfinger ... Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2024-05-22 19:20:02 +01:00
Oneric	6ef6b2a289	Apply rate limits to status updates	2024-05-22 20:18:08 +02:00
Oneric	94e9c8f48a	Purge unused media description update on post ... In MastoAPI media descriptions are updated via the media update API not upon post creation or post update. This functionality was originally added about 6 years ago in ba93396649 which was part of https://git.pleroma.social/pleroma/pleroma/-/merge_requests/626 and https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/450. They introduced image descriptions to the front- and backend, but predate adoption of Mastodon API. For a while adding an `descriptions` array on post creation might have continued to work as an undocumented Pleroma extension to Masto API, but at latest when OpenAPI specs were added for those endpoints four years ago in 7803a85d2c, these codepaths ceased to be used. The API specs don’t list a `descriptions` parameter and any unknown parameters are stripped out. The attachments_from_ids function is only called from ScheduledActivity and ActivityDraft.create with the latter only being called by CommonAPI.{post,update} whihc in turn are only called from ScheduledActivity again, MastoAPI controller and without any attachment or description parameter WelcomeMessage. Therefore no codepath can contain a descriptions parameter.	2024-05-22 20:18:08 +02:00
Oneric	873aa9da1c	activity_draft: mark new/2 as private	2024-05-22 20:18:08 +02:00
Oneric	34a48cb87f	scheduled_activity: mark private functions as private ... And remove unused due_activities/1	2024-05-22 20:18:08 +02:00
lain	50403351f4	add impostor test for webfinger	2024-05-22 19:17:34 +01:00
Alex Gleason	a953b1d927	Prevent spoofing webfinger	2024-05-22 19:08:37 +01:00
Norm	bb29c5bed2	Update tor/i2p guide ... Direct users to add in the appropriate headers and update the listening port instead of copy/pasting a config that's already outdated and probably would otherwise have to be synced with the main example nginx config.	2024-05-16 19:08:02 -04:00
Norm	bc46f3da4c	Update mediaproxy howto ... Since the configuration options on the nginx side already exist in the sample config, there's no need to tell users to copy-paste those settings in again.	2024-05-16 19:06:59 -04:00
Norm	7e709768c3	Use /var/tmp for media cache path in apache/nginx configs ... The /var/tmp directory is not mounted as tmpfs unlike /tmp which is mounted as such on some distros like Fedora or Arch. Since there isn't really a benefit to having the cache on tmpfs, this change should allow for a larger cache if needed without worrying about running out of RAM.	2024-05-15 20:42:48 -04:00
floatingghost	76ded10a70	Merge pull request 'Backoff on HTTP requests when 429 is recieved' (#762) from backoff-http into develop ... Reviewed-on: #762	2024-05-11 04:38:47 +00:00
Floatingghost	4457928e32	duct-tape fix for #438 ... we really need to make this less manual	2024-05-11 05:30:18 +01:00
floatingghost	ee03149ba1	Merge pull request 'Fix Exiftool migration id' (#763) from Oneric/akkoma:fix-migration-timeline-exifdesc into develop ... Reviewed-on: #763	2024-05-06 22:51:05 +00:00
Floatingghost	ea6bc8a7c5	add a test for 503-rate-limiting	2024-05-06 23:36:00 +01:00
Floatingghost	bd74693db6	additionally support retry-after values	2024-05-06 23:34:48 +01:00
Oneric	5256678901	Fix Exiftool migration id ... Applying works fine with a 20220220135625 version, but it won’t be rolled back in the right order. Fortunately this action is idempotent so we can just rename and reapply it with a new id. To also not break large-scale rollbacks past 2022 for anyone who already applied it with the old id, keep a stub migration.	2024-05-07 00:16:21 +02:00
floatingghost	fdeecc7b4c	Merge pull request 'Update clients list in docs' (#761) from norm/akkoma:docs-clients-update into develop ... Reviewed-on: #761	2024-05-06 21:33:26 +00:00
floatingghost	51482c4fe8	Merge pull request 'Remove remaining Dokku files' (#766) from norm/akkoma:remove-dokku into develop ... Reviewed-on: #766	2024-05-06 21:33:16 +00:00
Oneric	b7e3d44756	Drop unused indices ... This promotes and expands our existing optional migration. Based on usage statistics from several instances, see: #764 activities_hosts is now retained after all since it’s essential for the "instance" query parameter of *oma’s public timeline to reliably work in a reasonable amount of time. (Although akkoma-fe has no support for this feature and apparently barely anyone uses it.) activities_actor_index was already dropped before in 20221211234352_remove_unused_indices; no need to drop it again. Birthday indices were introduced in pleroma starting with 20220116183110_add_birthday_to_users which is past the last common migration 20210416051708.	2024-05-02 00:08:33 +02:00
Norm	8ae54b260a	Remove remaining Dokku files	2024-04-29 13:45:58 -04:00
Floatingghost	21a81e1111	version bump with translations	2024-04-27 15:10:52 +01:00
Floatingghost	3738ab67bd	Merge remote-tracking branch 'origin/translations' into develop	2024-04-27 15:10:23 +01:00
Floatingghost	7038b60ab5	bump version	2024-04-27 15:08:21 +01:00
Norm	549d580054	Add Enafore to clients list	2024-04-26 15:21:58 -04:00
Floatingghost	010e8c7bb2	where were you when lint fail	2024-04-26 19:28:01 +01:00
Floatingghost	9671cdecdf	changelog entry	2024-04-26 19:10:17 +01:00
Floatingghost	f531484063	Merge branch 'develop' into backoff-http	2024-04-26 19:06:18 +01:00
Floatingghost	ec7e9da734	Correct ttl syntax for new cachex	2024-04-26 19:05:12 +01:00
FloatingGhost	3c384c1b76	Add ratelimit backoff to HTTP get	2024-04-26 19:01:12 +01:00
FloatingGhost	2437a3e9ba	add test for backoff	2024-04-26 19:01:01 +01:00
FloatingGhost	ad7dcf38a8	Add HTTP backoff cache to respect 429s	2024-04-26 19:00:35 +01:00
Weblate	91d9d750c0	Update translation files ... Updated by "Squash Git commits" hook in Weblate. Translation: Pleroma fe/Akkoma Backend (Static pages) Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-static-pages/	2024-04-26 17:49:40 +00:00
Weblate	3c07aa506d	Translated using Weblate (Chinese (Traditional)) ... Currently translated at 100.0% (91 of 91 strings) Co-authored-by: Toot <toothpicker@users.noreply.translate.akkoma.dev> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-static-pages/zh_Hant/ Translation: Pleroma fe/Akkoma Backend (Static pages)	2024-04-26 17:49:40 +00:00
Weblate	64050b0fb5	Update translation files ... Updated by "Squash Git commits" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-errors/ Translation: Pleroma fe/Akkoma Backend (Errors)	2024-04-26 17:49:40 +00:00
Weblate	7babc11475	Update translation files ... Updated by "Squash Git commits" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-errors/ Translation: Pleroma fe/Akkoma Backend (Errors)	2024-04-26 17:49:40 +00:00
Floatingghost	828158ef49	Merge remote-tracking branch 'oneric/fedfix-public-ld' into develop	2024-04-26 18:49:31 +01:00
Floatingghost	c7276713e0	Merge remote-tracking branch 'oneric/changelog-3.13' into develop	2024-04-26 18:43:39 +01:00
floatingghost	310c1b7e24	Merge pull request 'Change nginx cache size to 1 GiB' (#759) from norm/akkoma:nginx-cache-size into develop ... Reviewed-on: #759	2024-04-26 17:40:23 +00:00
floatingghost	7da6f41718	Merge pull request 'Exiftool: Strip all non-essential metadata tags' (#745) from Oneric/akkoma:exiftool-strip-all into develop ... Reviewed-on: #745	2024-04-26 17:38:47 +00:00
floatingghost	53c67993bb	Merge pull request 'Remove unused top level files' (#760) from norm/akkoma:remove-unused-files into develop ... Reviewed-on: #760	2024-04-26 17:24:21 +00:00
Oneric	5bc64c5753	changelog: add note about StripMetadata and ReadDescription order	2024-04-26 18:57:28 +02:00
Oneric	5ee0fb18cb	exiftool: make stripped tags configurable	2024-04-26 18:57:24 +02:00
Norm	771a306dc1	Update clients list in docs ... - Warn that the apps here are not officially supported - Update Kaiteki's social profile - Remove Fedi App - Add Subway Tooter	2024-04-26 04:17:17 -04:00
Norm	5b320616ca	Remove unused top level files ... I don't think anyone really uses the tools that uses these files these days, and they are another thing that needs to be updated every so often.	2024-04-26 02:33:18 -04:00
Norm	72c2d9f009	Change nginx cache size to 1 GiB ... The current 10 GiB cache size is too large to fit into tmpfs for VMs and other machines with smaller RAM sizes. Most non-Debian distros mount /tmp on tmpfs.	2024-04-26 01:43:44 -04:00
Oneric	12db5c23f2	Add missing changelog entries	2024-04-26 00:51:45 +02:00
Oneric	a95af3ee4c	exiftool: strip all non-essential tags ... Documentation was already clear on this only stripping GPS tags. But there are more potentially sensitive metadata tags (e.g. author and possibly description) and the name alone suggests a broader effect. Thus change the filter to strip all metadata except for colourspace info and orientation (technically it strips everything and then readds selected tags). Explicitly stripping CommonIFD0 is needed since -all does not modify IFD0 due to TIFF storing some actual image data there. CommonIFD0 then strips a bunch of commonly used actual metadata tags from IFD0, to my understanding leaving TIFF image data and custom metadata tags intact.	2024-04-25 23:00:42 +02:00
Oneric	163cb1d5e0	exiftool: strip JXL and HEIC ... As of exiftool 12.57 both formats are supported, but EXIF data is optional for JXL and if exiftool doesn’t find a preexisting metadata chunk it will create one and treat it as a minor error resulting in a non-zero exit code. Setting -ignoreMinorErrors avoids failing on such uploads.	2024-04-25 23:00:42 +02:00
Oneric	24e608ab5b	docs: fix typo	2024-04-25 23:00:42 +02:00
Oneric	b0a46c1e2e	Normalise public adressing to fix federation ... Due to JSON-LD compaction the full address of public scope may also occur in shorter forms and the spec requires us to treat them all equivalently. To save us the pain of repeatedly checking for all variants internally, normalise inbound data to just one form. See note at: https://www.w3.org/TR/activitypub/#public-addressing This needs to happen very early, even before the other addressing fixes else an earlier validator will reject the object. This in turn required to move the list-tpye normalisation earlier as well, but since I was unsure about putting empty lists into the data when no such field existed before, I excluded this case and thus the later fixing had to be kept as well. Fixes: #670	2024-04-25 18:45:16 +02:00
floatingghost	b1c6621e66	Merge pull request 'Read image description from EXIF data' (#744) from timorl/akkoma:elseinspe into develop ... Reviewed-on: #744	2024-04-25 12:52:31 +00:00
floatingghost	764dbeded4	Merge pull request 'Accept all standard actor types' (#751) from Oneric/akkoma:all-actor-types into develop ... Reviewed-on: #751	2024-04-24 17:09:02 +00:00
floatingghost	06847ca5f8	Merge pull request 'Update nginx config and install docs to use certbot's nginx plugin' (#752) from norm/akkoma:docs-nginx-certbot into develop ... Reviewed-on: #752	2024-04-24 17:08:39 +00:00
floatingghost	80e1c094c7	Merge pull request 'Don't strip newlines in pre' (#709) from snan/akkoma:pre into develop ... Reviewed-on: #709	2024-04-24 17:00:34 +00:00
floatingghost	4a0e90e8a8	Merge pull request 'ReceiverWorker: Make sure non-{:ok, _} is returned as {:error, …}' (#753) from Oneric/akkoma:receive-worker-return into develop ... Reviewed-on: #753	2024-04-24 17:00:18 +00:00
floatingghost	1e48a37545	Merge pull request 'Remove unused AP C2S endpoints' (#749) from who-wants-to-yeet-c2s-i-want-to-yeet-c2s into develop ... Reviewed-on: #749	2024-04-24 16:59:58 +00:00
Oneric	83f75c3e93	Accept all standard actor types	2024-04-23 18:14:34 +02:00
floatingghost	7d89dba528	Merge pull request 'Fix flaky expires_at tests' (#754) from Oneric/akkoma:test-flaky-expires_at into develop ... Reviewed-on: #754	2024-04-23 15:14:21 +00:00
Floatingghost	92168fa5a1	Merge remote-tracking branch 'origin/develop' into who-wants-to-yeet-c2s-i-want-to-yeet-c2s	2024-04-23 14:37:05 +01:00
Floatingghost	3e199242b0	remove upload_media from AP representation	2024-04-23 14:35:52 +01:00
Norm	0fa3fbf55e	Update OTP install docs to use certbot nginx plugin	2024-04-23 00:02:54 -04:00
Norm	e5f4282cca	Update certbot instructions for Alpine Linux	2024-04-23 00:02:54 -04:00
Norm	cdde95ad8b	Update gentoo install guide to use certbot-nginx	2024-04-23 00:02:54 -04:00
Norm	c493769364	Update Nginx setup docs for Fedora and Red Hat OTP	2024-04-23 00:02:15 -04:00
Norm	39b8e73532	Update docs for Arch Linux nginx setup ... Alongside moving to certbot's nginx plugin, also use conf.d instead of recreating the sites-{available,enabled} setup that Debian/Ubuntu uses. Furthermore, also request a certificate for the media domain at the same time since that's now required.	2024-04-21 18:19:07 -04:00
Norm	5405828ab1	Update debian install docs to use certbot nginx plugin	2024-04-21 18:19:07 -04:00
Norm	3e9643b172	Update nginx config for Certbot's nginx plugin	2024-04-21 18:19:01 -04:00
Oneric	20c22eb159	Fix flaky expires_at tests ... The API parameter is not a timestamp but an offset. If a sufficient amount of time passes between the tests expires_at calculation and the internal calculation during processing of the request the strict equality assertion fails. (Either a direct assertion or indirect via job lookup). To avoid this lower comparison granularity.	2024-04-21 21:08:53 +00:00
Haelwenn (lanodan) Monnier	0c2f200b4d	ReceiverWorker: Make sure non-{:ok, _} is returned as {:error, …} ... Otherwise an error like `{:signature, {:error, {:error, :not_found}}}` ends up considered a success. Cherry-picked-from: a299ddb10e	2024-04-21 20:58:06 +02:00
timorl	3f54945033	Fix the one test that wasn't just being flaky	2024-04-21 19:43:26 +02:00
timorl	09d3ccf770	Read description before stripping metadata	2024-04-19 20:51:54 +02:00
timorl	9da0fe930e	Format, but this time with a non-ancient version of elixir	2024-04-19 18:07:50 +02:00
timorl	2a9db73b4c	Merge branch 'develop' into elseinspe	2024-04-19 17:11:55 +02:00
floatingghost	0fee71f58f	Merge pull request 'Handle failed fetches a bit better' (#743) from failed-fetch-processing into develop ... Reviewed-on: #743	2024-04-19 11:25:14 +00:00
Floatingghost	370576474c	only consider :op and :id args in duplicate checks	2024-04-19 11:39:27 +01:00
Floatingghost	1ed975636b	Keep READ endpoints, purge WRITE	2024-04-19 11:06:01 +01:00
timorl	cd7af81896	Rename StripLocation to StripMetadata for temporal-proofing reasons	2024-04-16 20:37:00 +02:00
Floatingghost	2c7e5b2287	changelog entry	2024-04-16 13:57:05 +01:00
Floatingghost	ddb8a5ef73	yeet AP C2S support ... literally nothing uses C2S AP, and it's another route into core systems which requires analysis and maintenance. A second API is just extra surface for potentially bad things so let's take it out back and obliterate it	2024-04-16 13:55:03 +01:00
Floatingghost	123db1abc4	Merge branch 'develop' into failed-fetch-processing	2024-04-16 12:35:54 +01:00
Floatingghost	b2c29527fb	make xmerl shut up about markup	2024-04-16 10:19:30 +01:00
timorl	59d32c10d9	Formatting	2024-04-16 08:02:13 +02:00
Floatingghost	d2cee15c15	mix format says no	2024-04-16 03:07:28 +01:00
Floatingghost	d70fa16383	oban options should be a keyword list	2024-04-16 02:58:50 +01:00
Floatingghost	5043571084	Enable oban job uniqueness ... by default just prevent job floods with a 1-seconds uniqueness check, but override in RemoteFetcherWorker for 5 minute uniqueness check over all states :infinity is an option we can go for maybe at some point, but that would prevent any refetches so maybe not idk.	2024-04-16 02:53:24 +01:00
Floatingghost	1896ff1ab0	changelog entry	2024-04-16 02:35:59 +01:00
Floatingghost	b7dd739de1	Make sure we return the right format for oban	2024-04-16 02:35:21 +01:00
timorl	b144218dce	Merge branch 'develop' into elseinspe	2024-04-14 20:31:33 +02:00
Floatingghost	2fc25980d1	fix pattern matching in fetch errors	2024-04-13 23:55:26 +01:00
floatingghost	c1f0b6b875	Merge pull request 'Accept body parameters for /api/pleroma/notification_settings' (#738) from Oneric/akkoma:notif-setting-parameters into develop ... Reviewed-on: #738	2024-04-13 22:55:02 +00:00
Floatingghost	18442dcc7e	Fix quote test	2024-04-13 23:05:52 +01:00
Floatingghost	33fb74043d	Bring our adjustments into line with atom-failure	2024-04-13 22:56:04 +01:00
Floatingghost	49ed27cd96	require logger	2024-04-13 22:25:31 +01:00
Floatingghost	7f6e35ece4	formatting	2024-04-12 20:33:33 +01:00
Mark Felder	2e369aef71	Allow the Remote Fetcher to attempt fetching an unreachable instance	2024-04-12 20:33:21 +01:00
Mark Felder	fed7a78c77	Oban jobs should be discarded on permanent errors	2024-04-12 20:33:17 +01:00
Mark Felder	c0532bcae0	Handle 401s as I have observed it in the wild	2024-04-12 20:33:11 +01:00
Mark Felder	f31b262aec	Improve test descriptions	2024-04-12 20:32:38 +01:00
Mark Felder	ff515c05c3	Prevent requeuing Remote Fetcher jobs that exceed thread depth	2024-04-12 20:32:31 +01:00
Mark Felder	7e5004b3e2	Leverage existing atoms as return errors for the object fetcher	2024-04-12 20:32:13 +01:00
Mark Felder	53a9413b95	Formatting	2024-04-12 20:31:40 +01:00
Mark Felder	d69cba1b93	Remove duplicate log messages from Transmogrifier ... Object fetch errors are logged in the fetcher module	2024-04-12 20:31:31 +01:00
Mark Felder	3c54f407c5	Conslidate log messages for object fetcher failures and leverage Logger.metadata	2024-04-12 20:30:38 +01:00
Mark Felder	825ae46bfa	Set Logger level to error	2024-04-12 20:29:33 +01:00
Mark Felder	331710b6bb	RemoteFetcherWorker Oban job tests	2024-04-12 20:29:28 +01:00
Mark Felder	eeed051a0f	Fix detection of user follower collection being private ... We were overzealous with matching on a raw error from the object fetch that should have never been relied on like this. If we can't fetch successfully we should assume that the collection is private. Building a more expressive and universal error struct to match on may be something to consider.	2024-04-12 20:29:11 +01:00
Mark Felder	30d63aaa6e	Revert "Mark instances as unreachable when returning a 403 from an object fetch" ... This reverts commit d472bafec1.	2024-04-12 20:28:56 +01:00
Mark Felder	e2b04fac5a	Skip remote fetch jobs for unreachable instances	2024-04-12 20:28:36 +01:00
Mark Felder	6d368808d3	Remove mistaken duplicate fetch	2024-04-12 20:28:31 +01:00
Mark Felder	160d113b30	Changelogs	2024-04-12 20:28:26 +01:00
Mark Felder	132036f951	Cancel remote fetch jobs for deleted objects	2024-04-12 20:28:21 +01:00
Mark Felder	4ff22a409a	Consolidate the HTTP status code checking into the private get_object/1	2024-04-12 20:28:16 +01:00
Mark Felder	4c29366fe5	Mark instances as unreachable when returning a 403 from an object fetch ... This is a definite sign the instance is blocked and they are enforcing authorized_fetch	2024-04-12 20:27:33 +01:00
Mark Felder	ac4cc619ea	Fix Transmogrifier tests ... These tests relied on the removed Fetcher.fetch_object_from_id!/2 function injecting the error tuple into a log message with the exact words "Object containment failed." We will keep this behavior by generating a similar log message, but perhaps this should do a better job of matching on the error tuple returned by Transmogrifier.handle_incoming/1	2024-04-12 20:26:56 +01:00
Mark Felder	c241b5b09f	Remove Fetcher.fetch_object_from_id!/2 ... It was only being called once and can be replaced with a case statement.	2024-04-12 20:26:28 +01:00
Floatingghost	f8a53fbe2f	bump dependencies	2024-04-12 19:59:30 +01:00
floatingghost	e36c0f96fc	Merge pull request 'Add docker override file to docs and gitignore' (#621) from norm/akkoma:docker-compose-override into develop ... Reviewed-on: #621	2024-04-12 18:50:25 +00:00
floatingghost	6f3c955aa0	Merge pull request 'elixir1.16 testing' (#742) from elixir1.16 into develop ... Reviewed-on: #742	2024-04-12 18:49:33 +00:00
floatingghost	024ffadd80	Merge pull request 'Don't list old accounts as aliases in WebFinger' (#713) from erincandescent/akkoma:no-old-account-alias into develop ... Reviewed-on: #713	2024-04-12 18:34:14 +00:00
floatingghost	e2e4f53585	Merge pull request 'Use standard-compliant Accept header when fetching' (#740) from Oneric/akkoma:fetch_std-accept-hdr into develop ... Reviewed-on: #740	2024-04-12 18:28:26 +00:00
Floatingghost	d910e8d7d1	Add test suite for elixir1.16	2024-04-12 19:13:33 +01:00
Floatingghost	df25d86999	Cleaned up FEP-fffd commits a bit	2024-04-12 18:50:57 +01:00
floatingghost	4887df12d7	Merge pull request 'Allow for url to be a list' (#718) from helge/akkoma:develop into develop ... Reviewed-on: #718	2024-04-12 17:39:38 +00:00
floatingghost	e6ca2b4d2a	Merge pull request 'Fix array-less EmojiReacts' (#739) from Oneric/akkoma:tag-arrayless into develop ... Reviewed-on: #739	2024-04-12 17:26:07 +00:00
floatingghost	6ba80aaff5	Merge pull request 'Check if data is visible before embedding it in OG tags' (#741) from ograph-restrictions into develop ... Reviewed-on: #741	2024-04-12 17:22:59 +00:00
floatingghost	8e60177466	Merge pull request 'MRF.InlineQuotePolicy: Add link to post URL, not ID' (#733) from erincandescent/akkoma:quote-url into develop ... Reviewed-on: #733	2024-04-12 17:02:52 +00:00
Erin Shepherd	75d9e2b375	MRF.InlineQuotePolicy: Add link to post URL, not ID ... "id" is used for the canonical link to the AS2 representation of an object. "url" is typically used for the canonical link to the HTTP representation. It is what we use, for example, when following the "external source" link in the frontend. However, it's not the link we include in the post contents for quote posts. Using URL instead means we include a more user-friendly URL for Mastodon, and a working (in the browser) URL for Threads	2024-04-12 13:23:50 +02:00
Floatingghost	05f8179d08	check if data is visible before embedding it in OG tags ... previously we would uncritically take data and format it into tags for static-fe and the like - however, instances can be configured to disallow unauthenticated access to these resources. this means that OG tags as a vector for information leakage. _technically_ this should only occur if you have both restrict_unauthenticated *AND* you run static-fe, which makes no sense since static-fe is for unauthenticated people in particular, but hey ho.	2024-04-12 05:16:47 +01:00
Oneric	fae0a14ee8	Use standard-compliant Accept header when fetching ... Spec says clients MUST use this header and servers MUST respond to it, while servers merely SHOULD respond to the one we used before. https://www.w3.org/TR/activitypub/#retrieving-objects The old value is kept as a fallback since at least two years ago not every implementation correctly dealt with the spec-compliant variant, see: https://github.com/owncast/owncast/issues/1827 Fixes: #730	2024-04-12 00:22:37 +02:00
Floatingghost	1135935cbe	Merge remote-tracking branch 'oneric/ipv6' into develop	2024-04-11 20:59:49 +01:00
floatingghost	090a77d1af	Merge pull request 'static-fe: don’t squeeze non-square images' (#705) from Oneric/akkoma:staticfe-nonsquare-img into develop ... Reviewed-on: #705	2024-04-11 18:43:03 +00:00
floatingghost	0e066bddae	Merge pull request 'Drop base_url special casing in test env' (#737) from Oneric/akkoma:testenv_drop_baseurl_specialcase into develop ... Reviewed-on: #737	2024-04-11 18:24:09 +00:00
Oneric	bd74ad9ce4	Accept body parameters for /api/pleroma/notification_settings ... This brings it in line with its documentation and akkoma-fe’s expectations. For backwards compatibility URL parameters are still accept with lower priority. Unfortunately this means duplicating parameters and descriptions in the API spec. Usually Plug already pre-merges parameters from different sources into the plain 'params' parameter which then gets forwarded by Phoenix. However, OpenApiSpex 3.x prevents this; 4.x is set to change this https://github.com/open-api-spex/open_api_spex/issues/334 https://github.com/open-api-spex/open_api_spex/issues/92 Fixes: #691 Fixes: #722	2024-04-09 04:11:28 +02:00
Oneric	462225880a	Accept EmojiReacts with non-array tag ... JSON-LD compaction strips the array since it’s just one object Fixes: #720	2024-04-09 04:04:16 +02:00
Oneric	debd686418	Add tests for our own custom emoji format	2024-04-09 03:52:22 +02:00
Oneric	9598137d32	Drop base_url special casing in test env ... 61621ebdbc already explicitly added the uploader base url to config/test.exs and it reduces differences from prod.	2024-04-07 00:20:12 +02:00
floatingghost	b8393ad9ed	Merge pull request 'context: add featured definition' (#717) from erincandescent/akkoma:context-featured into develop ... Reviewed-on: #717	2024-04-03 10:22:09 +00:00
floatingghost	554f19a9ed	Merge pull request 'Refresh Users much more aggressively when processing Move activities' (#714) from erincandescent/akkoma:move-bust-cache into develop ... Reviewed-on: #714	2024-04-03 10:03:14 +00:00
FloatingGhost	9c53a3390e	Ensure we have the emoji base path	2024-04-02 14:12:03 +01:00
FloatingGhost	795524daf1	bump version	2024-04-02 11:36:47 +01:00
FloatingGhost	b5d97e7d85	Don't error out if we're not using the local uploader	2024-04-02 11:36:26 +01:00
FloatingGhost	f592090206	Fix tests that relied on no base_url in the uploader	2024-04-02 11:23:57 +01:00
FloatingGhost	61621ebdbc	Add tests for extra warnings about media subdomains	2024-04-02 10:54:53 +01:00
FloatingGhost	4cd299bd83	Add extra warnings if the uploader is on the same domain as the main application	2024-04-02 10:20:59 +01:00
Erin Shepherd	8fbd771d6e	context: add featured & backgroundUrl definitions ... These were missing from our context, which caused interoperability issues with people who do context processing	2024-04-01 13:39:38 +02:00
Erin Shepherd	464db9ea0b	Don't list old accounts as aliases in WebFinger ... Per the XRD specification: > 2.4. Element <Alias> > > The <Alias> element contains a URI value that is an additional > identifier for the resource described by the XRD. This value > MUST be an absolute URI. The <Alias> element does not identify > additional resources the XRD is describing, **but rather provides > additional identifiers for the same resource.** (http://docs.oasis-open.org/xri/xrd/v1.0/os/xrd-1.0-os.html#element.alias, emphasis mine) In other words, the alias list is expected to link to things which are not just semantically the same, but exactly the same. Old user accounts don't do that This change should not pose a compatibility issue: Mastodon does not list old accounts here (See e1fcb02867/app/serializers/webfinger_serializer.rb (L12)) The use of as:alsoKnownAs is also not quite semantically right here (see https://www.w3.org/TR/did-core/#dfn-alsoknownas, which defines it to be used to refer to identifiers which are interchangable) but that's what DID get for reusing a property definition that Mastodon already squatted long before they got to it	2024-04-01 13:34:58 +02:00
FloatingGhost	2d439034ca	Ensure that spoof-inserted does not time out	2024-03-30 12:55:22 +00:00
FloatingGhost	087d88f787	bump version	2024-03-30 11:45:07 +00:00
FloatingGhost	3650bb0370	Changelog entry	2024-03-30 11:44:34 +00:00
Oneric	ee7d98b093	Update Changelog	2024-03-29 08:35:15 -01:00
Oneric	0648d9ebaa	Add mix tasks to detect spoofed posts and users ... At least as far as we can	2024-03-26 16:05:20 -01:00
Oneric	d441101200	Add mix task to detect uploaded spoof payloads	2024-03-26 16:05:20 -01:00
Oneric	31f90bbb52	Register APNG MIME type ... The newest git HEAD of MIME already knows about APNG, but this hasn’t been released yet. Without this, APNG attachments from remote posts won’t display as images in frontends. Fixes: akkoma#657	2024-03-26 15:44:44 -01:00
Oneric	61ec592d66	Drop obsolete pixelfed workaround ... This pixelfed issue was fixed in 2022-12 in https://github.com/pixelfed/pixelfed/pull/3932 Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>	2024-03-26 15:11:06 -01:00
Oneric	8684964c5d	Only allow exact id matches ... This protects us from falling for obvious spoofs as from the current upload exploit (unfortunately we can’t reasonably do anything about spoofs with exact matches as was possible via emoji and proxy). Such objects being invalid is supported by the spec, sepcifically sections 3.1 and 3.2: https://www.w3.org/TR/activitypub/#obj-id Anonymous objects are not relevant here (they can only exists within parent objects iiuc) and neither is client-to-server or transient objects (as those cannot be fetched in the first place). This leaves us with the requirement for `id` to (a) exist and (b) be a publicly dereferencable URI from the originating server. This alone does not yet demand strict equivalence, but the spec then further explains objects ought to be fetchable _via their ID_. Meaning an object not retrievable via its ID, is invalid. This reading is supported by the fact, e.g. GoToSocial (recently) and Mastodon (for 6+ years) do already implement such strict ID checks, additionally proving this doesn’t cause federation issues in practice. However, apart from canonical IDs there can also be additional display URLs. *omas first redirect those to their canonical location, but *keys and Mastodon directly serve the AP representation without redirects. Mastodon and GTS deal with this in two different ways, but both constitute an effective countermeasure: - Mastodon: Unless it already is a known AP id, two fetches occur. The first fetch just reads the `id` property and then refetches from the id. The last fetch requires the returned id to exactly match the URL the content was fetched from. (This can be optimised by skipping the second fetch if it already matches) 05eda8d193/app/helpers/jsonld_helper.rb (L168) 63f0979799 - GTS: Only does a single fetch and then checks if _either_ the id _or_ url property (which can be an object) match the original fetch URL. This relies on implementations always including their display URL as "url" if differing from the id. For actors this is true for all investigated implementations, for posts only Mastodon includes an "url", but it is also the only one with a differing display URL. 2bafd7daf5 (diff-943bbb02c8ac74ac5dc5d20807e561dcdfaebdc3b62b10730f643a20ac23c24fR222) Albeit Mastodon’s refetch offers higher compatibility with theoretical implmentations using either multiple different display URL or not denoting any of them as "url" at all, for now we chose to adopt a GTS-like refetch-free approach to avoid additional implementation concerns wrt to whether redirects should be allowed when fetching a canonical AP id and potential for accidentally loosening some checks (e.g. cross-domain refetches) for one of the fetches. This may be reconsidered in the future.	2024-03-25 14:05:05 -01:00
Oneric	48b3a35793	Update user reference after fetch ... Since we always followed redirects (and until recently allowed fuzzy id matches), the ap_id of the received object might differ from the iniital fetch url. This lead to us mistakenly trying to insert a new user with the same nickname, ap_id, etc as an existing user (which will fail due to uniqueness constraints) instead of updating the existing one.	2024-03-25 14:05:05 -01:00
Oneric	9061d148be	Ensure object id doesn’t change on refetch	2024-03-25 14:05:05 -01:00
Oneric	3e134b07fa	fetcher: return final URL after redirects from get_object ... Since we reject cross-domain redirects, this doesn’t yet make a difference, but it’s requried for stricter checking subsequent commits will introduce. To make sure (and in case we ever decide to reallow cross-domain redirects) also use the final location for containment and reachability checks.	2024-03-25 14:05:05 -01:00
Oneric	f07eb4cb55	Sanity check fetched user data ... In order to properly process incoming notes we need to be able to map the key id back to an actor. Also, check collections actually belong to the same server. Key ids of Hubzilla and Bridgy samples were updated to what modern versions of those output. If anything still uses the old format, we would not be able to verify their posts anyway.	2024-03-25 14:05:05 -01:00
Oneric	59a142e0b0	Never fetch resource from ourselves ... If it’s not already in the database, it must be counterfeit (or just not exists at all) Changed test URLs were only ever used from "local: false" users anyway.	2024-03-25 14:05:05 -01:00
Oneric	fee57eb376	Move actor check into fetch_and_contain_remote_object_from_id ... This brings it in line with its name and closes an, in practice harmless, verification hole. This was/is the only user of contain_origin making it safe to change the behaviour on actor-less objects. Until now refetched objects did not ensure the new actor matches the domain of the object. We refetch polls occasionally to retrieve up-to-date vote counts. A malicious AP server could have switched out the poll after initial posting with a completely different post attribute to an actor from another server. While we indeed fell for this spoof before the commit, it fortunately seems to have had no ill effect in practice, since the asociated Create activity is not changed. When exposing the actor via our REST API, we read this info from the activity not the object. This at first thought still keeps one avenue for exploit open though: the updated actor can be from our own domain and a third server be instructed to fetch the object from us. However this is foiled by an id mismatch. By necessity of being fetchable and our longstanding same-domain check, the id must still be from the attacker’s server. Even the most barebone authenticity check is able to sus this out.	2024-03-25 14:05:05 -01:00
Oneric	c4cf4d7f0b	Reject cross-domain redirects when fetching AP objects ... Such redirects on AP queries seem most likely to be a spoofing attempt. If the object is legit, the id should match the final domain anyway and users can directly use the canonical URL. The lack of such a check (and use of the initially queried domain’s authority instead of the final domain) was enabling the current exploit to even affect instances which already migrated away from a same-domain upload/proxy setup in the past, but retained a redirect to not break old attachments. (In theory this redirect could, with some effort, have been limited to only old files, but common guides employed a catch-all redirect, which allows even future uploads to be reachable via an initial query to the main domain) Same-domain redirects are valid and also used by ourselves, e.g. for redirecting /notice/XXX to /objects/YYY.	2024-03-25 14:05:05 -01:00
Oneric	baaeffdebc	Update spoofed activity test ... Turns out we already had a test for activities spoofed via upload due to an exploit several years. Back then *oma did not verify content-type at all and doing so was the only adopted countermeasure. Even the added test sample though suffered from a mismatching id, yet nobody seems to have thought it a good idea to tighten id checks, huh Since we will add stricter id checks later, make id and URL match and also add a testcase for no content type at all. The new section will be expanded in subsequent commits.	2024-03-25 14:05:05 -01:00
Oneric	2bcf633dc2	Document Pleroma.Object.Fetcher	2024-03-25 14:05:05 -01:00
Oneric	93ab6a018e	mix: fix docs task	2024-03-18 22:40:43 -01:00
Oneric	c806adbfdb	Refactor Fetcher.get_object for readability ... Apart from slightly different error reasons wrt content-type, this does not change functionality in any way.	2024-03-18 22:40:43 -01:00
Oneric	ddd79ff22d	Proactively harden emoji pack against path traversal ... No new path traversal attacks are known. But given the many entrypoints and code flow complexity inside pack.ex, it unfortunately seems possible a future refactor or addition might reintroduce one. Furthermore, some old packs might still contain traversing path entries which could trigger undesireable actions on rename or delete. To ensure this can never happen, assert safety during path construction. Path.safe_relative was introduced in Elixir 1.14, but fortunately, we already require at least 1.14 anyway.	2024-03-18 22:33:10 -01:00
Oneric	d6d838cbe8	StealEmoji: check remote size before downloading ... To save on bandwith and avoid OOMs with large files. Ofc, this relies on the remote server (a) sending a content-length header and (b) being honest about the size. Common fedi servers seem to provide the header and (b) at least raises the required privilege of an malicious actor to a server infrastructure admin of an explicitly allowed host. A more complete defense which still works when faced with a malicious server requires changes in upstream Finch; see https://github.com/sneako/finch/issues/224	2024-03-18 22:33:10 -01:00
Oneric	6d003e1acd	test/steal_emoji: consolidate configuration setup	2024-03-18 22:33:10 -01:00
Oneric	d1ce5fd911	test/steal_emoji: reduce code duplication with mock macro	2024-03-18 22:33:10 -01:00
Oneric	a4fa2ec9af	StealEmoji: make final paths infeasible to predict ... Certain attacks rely on predictable paths for their payloads. If we weren’t so overly lax in our (id, URL) check, the current counterfeit activity exploit would be one of those. It seems plausible for future attacks to hinge on or being made easier by predictable paths too. In general, letting remote actors place arbitrary data at a path within our domain of their choosing (sans prefix) just doesn’t seem like a good idea. Using fully random filenames would have worked as well, but this is less friendly for admins checking emoji dirs. The generated suffix should still be more than enough; an attacker needs on average 140 trillion attempts to correctly guess the final path.	2024-03-18 22:33:10 -01:00
Oneric	ee5ce87825	test: use pack functions to check for emoji ... The hardocded path and filenames assumptions will be broken with the next commit.	2024-03-18 22:33:10 -01:00
Oneric	d1c4d07404	Convert StealEmoji to pack.json ... This will decouple filenames from shortcodes and allow more image formats to work instead of only those included in the auto-load glob. (Albeit we still saved other formats to disk, wasting space) Furthermore, this will allow us to make final URL paths infeasible to predict.	2024-03-18 22:33:10 -01:00
Oneric	fa98b44acf	Fill out path for newly created packs ... Before this was only filled on loading the pack again, preventing the created pack from being used directly.	2024-03-18 22:33:10 -01:00
Oneric	5b126567bb	StealEmoji: drop superfluous basename ... Since 3 commits ago we restrict shortcodes to a subset of the POSIX Portable Filename Character Set, therefore this can never have a directory component.	2024-03-18 22:33:10 -01:00
Oneric	a8c6c780b4	StealEmoji: use Content-Type and reject non-images ... E.g. *key’s emoji URLs typically don’t have file extensions, but until now we just slapped ".png" at its end hoping for the best. Furthermore, this gives us a chance to actually reject non-images, which before was not feasible exatly due to those extension-less URLs	2024-03-18 22:33:10 -01:00
Oneric	111cdb0d86	Split steal_emoji function for better readability	2024-03-18 22:33:10 -01:00
Norm	af041db6dc	Limit emoji stealer to alphanum, dash, or underscore characters ... As suggested in b387f4a1c1, only steal emoji with alphanumerc, dash, or underscore characters. Also consolidate all validation logic into a single function. === Taken from akkoma#703 with cosmetic tweaks This matches our existing validation logic from Pleroma.Emoji, and apart from excluding the dot also POSIX’s Portable Filename Character Set making it always safe for use in filenames. Mastodon is even stricter also disallowing U+002D HYPEN-MINUS and requiring at least two characters. Given both we and Mastodon reject shortcodes excluded by this anyway, this doesn’t seem like a loss.	2024-03-18 22:33:10 -01:00
Oneric	fb54c47f0b	Update example nginx config ... To account for our subdomain recommendations	2024-03-18 22:33:10 -01:00
Oneric	fc36b04016	Drop media proxy same-domain default for base_url ... Even more than with user uploads, a same-domain proxy setup bears significant security risks due to serving untrusted content under the main domain space. A risky setup like that should never be the default.	2024-03-18 22:33:10 -01:00
Oneric	11ae8344eb	Sanitise Content-Type of media proxy URLs ... Just as with uploads and emoji before, this can otherwise be used to place counterfeit AP objects or other malicious payloads. In this case, even if we never assign a priviliged type to content, the remote server can and until now we just mimcked whatever it told us. Preview URLs already handle only specific, safe content types and redirect to the external host for all else; thus no additional sanitisiation is needed for them. Non-previews are all delegated to the modified ReverseProxy module. It already has consolidated logic for building response headers making it easy to slip in sanitisation. Although proxy urls are prefixed by a MAC built from a server secret, attackers can still achieve a perfect id match when they are able to change the contents of the pointed to URL. After sending an posts containing an attachment at a controlled destination, the proxy URL can be read back and inserted into the payload. After injection of counterfeits in the target server the content can again be changed to something innocuous lessening chance of detection.	2024-03-18 22:33:10 -01:00
Oneric	bcc528b2e2	Never automatically assign privileged content types ... By mapping all extensions related to our custom privileged types back to innocuous text/plain, our custom types will never automatically be inserted which was one of the factors making impersonation possible. Note, this does not invalidate the upload and emoji Content-Type restrictions from previous commits. Apart from counterfeit AP objects there are other payloads with standard types this protects against, e.g. *.js Javascript payloads as used in prior frontend injections.	2024-03-18 22:33:10 -01:00
Oneric	e88d0a2853	Fix Content-Type of our schema ... Strict servers fail to process anything from us otherwise. Fixes: akkoma#716	2024-03-18 22:33:10 -01:00
Oneric	ba558c0c24	Limit instance emoji to image types ... Else malicious emoji packs or our EmojiStealer MRF can put payloads into the same domain as the instance itself. Sanitising the content type should prevent proper clients from acting on any potential payload. Note, this does not affect the default emoji shipped with Akkoma as they are handled by another plug. However, those are fully trusted and thus not in needed of sanitisation.	2024-03-18 22:33:10 -01:00
Oneric	0ec62acb9d	Always insert Dedupe upload filter ... This actually was already intended before to eradict all future path-traversal-style exploits and to fix issues with some characters like akkoma#610 in 0b2ec0ccee. However, Dedupe and AnonymizeFilename got mixed up. The latter only anonymises the name in Content-Disposition headers GET parameters (with link_name), _not_ the upload path. Even without Dedupe, the upload path is prefixed by an UUID, so it _should_ already be hard to guess for attackers. But now we actually can be sure no path shenanigangs occur, uploads reliably work and save some disk space. While this makes the final path predictable, this prediction is not exploitable. Insertion of a back-reference to the upload itself requires pulling off a successfull preimage attack against SHA-256, which is deemed infeasible for the foreseeable futures. Dedupe was already included in the default list in config.exs since 28cfb2c37a, but this will get overridde by whatever the config generated by the "pleroma.instance gen" task chose. Upload+delete tests running in parallel using Dedupe might be flaky, but this was already true before and needs its own commit to fix eventually.	2024-03-18 22:33:10 -01:00
Oneric	fef773ca35	Drop media base_url default and recommend different domain ... Same-domain setups enabled now at least two exploits, so they ought to be discouraged and definitely not be the default.	2024-03-18 22:33:10 -01:00
Oneric	bdefbb8fd9	plug/upload_media: query config only once on init	2024-03-18 22:33:10 -01:00
Oneric	f7c9793542	Sanitise Content-Type of uploads ... The lack thereof enables spoofing ActivityPub objects. A malicious user could upload fake activities as attachments and (if having access to remote search) trick local and remote fedi instances into fetching and processing it as a valid object. If uploads are hosted on the same domain as the instance itself, it is possible for anyone with upload access to impersonate(!) other users of the same instance. If uploads are exclusively hosted on a different domain, even the most basic check of domain of the object id and fetch url matching should prevent impersonation. However, it may still be possible to trick servers into accepting bogus users on the upload (sub)domain and bogus notes attributed to such users. Instances which later migrated to a different domain and have a permissive redirect rule in place can still be vulnerable. If — like Akkoma — the fetching server is overly permissive with redirects, impersonation still works. This was possible because Plug.Static also uses our custom MIME type mappings used for actually authentic AP objects. Provided external storage providers don’t somehow return ActivityStream Content-Types on their own, instances using those are also safe against their users being spoofed via uploads. Akkoma instances using the OnlyMedia upload filter cannot be exploited as a vector in this way — IF the fetching server validates the Content-Type of fetched objects (Akkoma itself does this already). However, restricting uploads to only multimedia files may be a bit too heavy-handed. Instead this commit will restrict the returned Content-Type headers for user uploaded files to a safe subset, falling back to generic 'application/octet-stream' for anything else. This will also protect against non-AP payloads as e.g. used in past frontend code injection attacks. It’s a slight regression in user comfort, if say PDFs are uploaded, but this trade-off seems fairly acceptable. (Note, just excluding our own custom types would offer no protection against non-AP payloads and bear a (perhaps small) risk of a silent regression should MIME ever decide to add a canonical extension for ActivityPub objects) Now, one might expect there to be other defence mechanisms besides Content-Type preventing counterfeits from being accepted, like e.g. validation of the queried URL and AP ID matching. Inserting a self-reference into our uploads is hard, but unfortunately *oma does not verify the id in such a way and happily accepts _anything_ from the same domain (without even considering redirects). E.g. Sharkey (and possibly other *keys) seem to attempt to guard against this by immediately refetching the object from its ID, but this is easily circumvented by just uploading two payloads with the ID of one linking to the other. Unfortunately *oma is thus _both_ a vector for spoofing and vulnerable to those spoof payloads, resulting in an easy way to impersonate our users. Similar flaws exists for emoji and media proxy. Subsequent commits will fix this by rigorously sanitising content types in more areas, hardening our checks, improving the default config and discouraging insecure config options.	2024-03-18 22:33:10 -01:00
Sandra Snan	6116f81546	Don't strip newlines in the Atom feed	2024-03-11 12:50:14 +01:00
Oneric	7ef93c0b6d	Add set_content_type to Plug.StaticNoCT	2024-03-04 17:50:20 +01:00
Oneric	dbb6091d01	Import copy of Plug.Static from Plug 1.15.3 ... The following commit will apply the needed patch	2024-03-04 17:50:20 +01:00
Oneric	5d467af6c5	Update notes on security exploit handling	2024-03-04 17:50:19 +01:00
Helge	5d89e0c917	Allow for url to be a list ... This solves interoperability issues, see: - https://git.pleroma.social/pleroma/pleroma/-/issues/3253 - https://socialhub.activitypub.rocks/t/fep-fffd-proxy-objects/3172/30?u=helge - https://data.funfedi.dev/0.1.1/#url-parameter	2024-03-03 09:11:45 +01:00
Erin Shepherd	f18e2ba42c	Refresh Users much more aggressively when processing Move activities ... The default refresh interval of 1 day is woefully inadequate here; users expect to be able to add the alias to their new account and press the move button on their old account and have it work. This allows callers to specify a maximum age before a refetch is triggered. We set that to 5s for the move code, as a nice compromise between Making Things Work and ensuring that this can't be used to hammer a remote server	2024-02-29 21:14:53 +01:00
Oneric	fc95519dbf	Allow fetching over IPv6 ... Mint/Finch disable IPv6 by default preventing us from fetching anything from IPv6-only hosts without this.	2024-02-25 23:50:51 +01:00
FloatingGhost	889b57df82	2024.02 release	2024-02-24 13:54:21 +00:00
Weblate	34ffb92db4	Update translation files ... Updated by "Squash Git commits" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-posix-errors/ Translation: Pleroma fe/Akkoma Backend (Posix Errors)	2024-02-24 13:42:59 +00:00
Weblate	c6dceb1802	Translated using Weblate (Polish) ... Currently translated at 100.0% (47 of 47 strings) Co-authored-by: Weblate <noreply@weblate.org> Co-authored-by: subtype <subtype@hollow.capital> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-posix-errors/pl/ Translation: Pleroma fe/Akkoma Backend (Posix Errors)	2024-02-24 13:42:59 +00:00
Weblate	caaf2deb22	Translated using Weblate (Polish) ... Currently translated at 18.1% (183 of 1006 strings) Translated using Weblate (Polish) Currently translated at 6.6% (67 of 1006 strings) Co-authored-by: Weblate <noreply@weblate.org> Co-authored-by: subtype <subtype@hollow.capital> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/pl/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2024-02-24 13:42:59 +00:00
floatingghost	7d61fb0906	Merge pull request 'Fix static-fe Twitter metadata / URL previews' (#700) from Oneric/akkoma:staticfe-metadata into develop ... Reviewed-on: #700	2024-02-24 13:42:55 +00:00
floatingghost	cdf73e0ac8	Merge pull request 'Better document database differences for Pleroma migrations' (#699) from Oneric/akkoma:doc_pleroma-migration-db into develop ... Reviewed-on: #699	2024-02-24 04:33:43 +00:00
floatingghost	967e6b8ade	Merge pull request 'Docs: Add description for mrf_reject_newly_created_account_notes' (#695) from YokaiRick/akkoma:doc_mrf_reject_acc_notes into develop ... Reviewed-on: #695	2024-02-24 04:31:28 +00:00
Oneric	d7c8e9df27	static-fe: don’t squeeze non-square avatars ... This will crop them to a square matching behaviour of Husky and *key and allowing us to never worry about consistent alignment. Note, akkoma-fe instead displays the full image with inserted spacing.	2024-02-23 23:39:44 +00:00
Oneric	a0daec6ea1	static-fe: don’t squeeze non-square emoji ... Emoji and the navbar items want to let blend in with lines of text, so fix their height and let the width adjust as needed.	2024-02-23 23:39:44 +00:00
Oneric	bff2812a93	More prominently document db migrations in migrations from Pleroma ... By now most instance will run a version past 2022-08 but the guide only documented it for from source installs and Pleroma develop.	2024-02-23 23:54:14 +01:00
Oneric	7964272c98	Document how to avoid data loss on migration from Pleroma	2024-02-23 23:54:09 +01:00
Oneric	c08f49d88e	Add tests for static-fe metadata tags	2024-02-21 00:33:32 +00:00
FloatingGhost	3111181d3c	mix format	2024-02-20 15:09:04 +00:00
floatingghost	2f9aad0e65	Merge pull request '[Security] StealEmojiPolicy: Sanitize shortcodes' (#701) from erincandescent/akkoma:stealemojipolicy-sanitize into develop ... Reviewed-on: #701	2024-02-20 15:08:54 +00:00
Erin Shepherd	b387f4a1c1	Don't steal emoji who's shortcodes have dots or colons in their name ... Mastodon at the very least seems to prevent the creation of emoji with dots in their name (and refuses to accept them in federation). It feels like being cautious in what we accept is reasonable here. Colons are the emoji separator and so obviously should be blocked. Perhaps instead of filtering out things like this we should just do a regex match on `[a-zA-Z0-9_-]`? But that's plausibly a decision for another day Perhaps we should also have a centralised "is this a valid emoji shortcode?" function	2024-02-20 11:33:55 +01:00
Haelwenn (lanodan) Monnier	7d94476dd6	StealEmojiPolicy: Sanitize shortcodes ... Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3245	2024-02-20 11:19:00 +01:00
rick	c25cfe9b7a	fixed spelling	2024-02-19 23:25:20 +01:00
Oneric	41dd37d796	doc/cheatsheet: add missing MRFs ... Or mentions of MRFs in the main list whose options were already documented.	2024-02-19 23:15:47 +01:00
Oneric	9830d54fa1	doc/cheatsheet: sort main MRF list alphabetically ... It is too cumbersome to find a specific policy atm or to check if all are docuemtned yet. Trivial placeholder policies are excluded from this.	2024-02-19 23:15:30 +01:00
Oneric	f254e4f530	doc/cheatsheet: add missing MRF config detail docs ... And remove “on by default” text from individual entries. They are now laready in the “on by default” section.	2024-02-19 23:14:44 +01:00
Oneric	da4190c46e	doc/cheatsheet: split out always active MRFs ... It doesn’t make sense to add/remove them from the policies list	2024-02-19 23:14:24 +01:00
Oneric	7a2d68c3ab	doc/cheatsheet: add link to ActivityExpiration config details	2024-02-19 23:14:07 +01:00
Oneric	8e7a89605d	doc/cheatsheet: move MRF policies key to end of section ... This makes it easier to spot the transparency options	2024-02-19 23:13:48 +01:00
Oneric	1640d19448	doc/cheatsheet: move :activitypub section ahead ... Else it is too easy to mistake for another MRF policy.	2024-02-19 23:13:25 +01:00
Oneric	8f1776a8a7	Purge leftovers from FollowBot MRF ... It was dropped in 9db4c2429f	2024-02-19 23:13:05 +01:00
Oneric	1ec6e193e6	doc: clarify RejectNewlyCreated uses local account discovery	2024-02-19 23:12:41 +01:00
Oneric	37e2a35b86	Fix Twitter metadata ... This partly reverts 1d884fd914 while fixing both the issue it addressed and the issue it caused. The above commit successfully fixed OpenGraph metadata tags which until then always showed the user bio instead of post content by handing the activities AP ID as url to the Metadata builder _instead_ of passing the internal ID as activity_id. However, in doing so the commit instead inflicted this very problem onto Twitter metadata tags which ironically are used by akkoma-fe. This is because while the OpenGraph builder wants an URL as url, the Twitter builder needs the internal ID to build the URL to the embedded player for videos and has no URL property. Thanks to twpol for tracking down this root cause in #644. Now, once identified the problem is simple, but this simplicity invites multiple possible solutions to bikeshed about. 1. Just pass both properties to the builder and let them pick 2. Drop the url parameter from the OpenGraph builder and instead a) build static-fe URL of the post from the ID (like Twitter) b) use the passed-in object’s AP ID as an URL Approach 2a has the disadvantage of hardcoding the expected URL outside the router, which will be problematic should it ever change. Approach 2b is conceptually similar to how the builder works atm. However, the og:url is supposed to be a _permanent_ ID, by changing it we might, afaiui, technically violate OpenGraph specs(?). (Though its real-world consequence may very well be near non-existent.) This leaves just approach 1, which this commit implements. Albeit it too is not without nits to pick, as it leaves the metadata builders with an inconsistent interface. Additionally, this will resolve the subotpimal Discord previews for content-less image posts reported in #664. Discord already prefers OpenGraph metadata, so it’s mostly unaffected. However, it appears when encountering an explicitly empty OpenGraph description and a non-empty Twitter description, it replaces just the empty field with its Twitter counterpart, resulting in the user’s bio slipping into the preview. Secondly, regardless of any OpenGraph tags, Discord uses twitter:card to decide how prominently images should be, but due to the bug the card type was stuck as "summary", forcing images to always remain small. Root cause identified by: twpol Fixes: #644 Fixes: #664	2024-02-19 21:09:43 +00:00
floatingghost	086d6100e1	Merge pull request 'Disable busy waits in the default OTP vm.args configuration.' (#693) from erincandescent/akkoma:otp-tune-vm-busywait into develop ... Reviewed-on: #693	2024-02-19 14:01:14 +00:00
floatingghost	3e24210e9f	Merge pull request 'Prune old Update activities' (#683) from Oneric/akkoma:db-prune-old-updates into develop ... Reviewed-on: #683	2024-02-19 13:59:33 +00:00
floatingghost	551ae69541	Merge pull request 'Fix and provide sane defaults for SMTP' (#686) from Oneric/akkoma:smtp-defaults into develop ... Reviewed-on: #686	2024-02-19 13:39:15 +00:00
YokaiRick	37f9626116	Merge pull request 'Docs: reword description for mrf_reject_newly_created_account_notes for more clarity' (#1) from stefan230/akkoma:doc_mrf_reject_acc_notes_patch into doc_mrf_reject_acc_notes ... Reviewed-on: YokaiRick/akkoma#1	2024-02-17 22:19:32 +00:00
stefan230	b4c832471c	docs/docs/configuration/cheatsheet.md aktualisiert ... fixed up some grammer / wording. removed a setence and made wording more in line with what I could find in Admin-FE (especially wording of "rejecting" vs. dropping)	2024-02-17 22:09:47 +00:00
rick	db49daa4a5	make it clearer what it affects	2024-02-17 22:57:56 +01:00
rick	718104117f	fix link	2024-02-17 22:34:55 +01:00
rick	12e7d0a25c	added doc for mrf_reject_newly_created_account_notes	2024-02-17 22:25:12 +01:00
Oneric	1a7839eaf2	Prune old Update activities ... Once processed they serve no purpose anymore afaict. Therefor, lets prune them like other transient activities to not unnecessarily bloat the table.	2024-02-17 16:57:40 +01:00
Oneric	1ef8b967d2	test: fix typos affecting remove factory ... Apparently nothing used this factory until now	2024-02-17 16:57:40 +01:00
Erin Shepherd	7a0e27a746	Disable busy waits in the default OTP vm.args configuration. ... This vastly reduces idle CPU usage, which should generally be beneficial for most small-to-medium sized instances. Additionally update the documentation to specify how to override the vm.args file for OTP installs	2024-02-17 13:21:56 +01:00
floatingghost	755c75d8a4	Merge pull request 'Clean up warnings (+fallback metrics)' (#685) from Oneric/akkoma:metrics into develop ... Reviewed-on: #685	2024-02-17 11:41:10 +00:00
floatingghost	289f93f5a2	Merge pull request 'Return last_status_at as date, not datetime' (#681) from katafrakt/akkoma:fix-last-status-at into develop ... Reviewed-on: #681	2024-02-17 11:37:19 +00:00
floatingghost	371b258c99	Merge pull request 'Fix SimplePolicy blocking account updates' (#692) from Oneric/akkoma:fix-background_removal into develop ... Reviewed-on: #692	2024-02-17 10:34:16 +00:00
Oneric	3b0714c4fd	Fix SimplePolicy blocking account updates ... This fixes an oversight in e99e2407f3 which added background_removal as a possible SimplePolicy setting. However, it did _not_ add a default value to the base config and as it turns out instance_list doesn’t handle unset options well. In effect this caused federating instances with SimplePolicy enabled but background_removal not explicitly configured to always trip up for outgoing account updates in check_background_removal (and incoming updates from Sharkey). For added ""fun"" this error was able to block account updates made e.g. via /api/v1/accounts/update_credentials. Tests were unaffected since they explicitly override all relevant config options. Set a default to avoid all this (note to self: don’t forget next time, baka!)	2024-02-17 03:10:05 +01:00
floatingghost	34c213f02f	Merge pull request 'Federate user profile background' (#682) from Oneric/akkoma:background-federation into develop ... Reviewed-on: #682	2024-02-16 21:00:10 +00:00
Oneric	e99e2407f3	Add background_removal to SimplePolicy MRF	2024-02-16 16:36:45 +01:00
Oneric	7622aa27ca	Federate user profile background ... Currently our own frontend doesn’t show backgrounds of other users, this property is already publicly readable via REST API and likely was always intended to be shown and federated. Recently Sharkey added support for profile backgrounds and immediately made them federate and be displayed to others. We use the same AP field as Sharkey here which should make it interoperable both ways out-of-the-box. Ref.: 4e64397635	2024-02-16 16:35:51 +01:00
FloatingGhost	0ed815b8a1	Merge branch 'followback' into develop	2024-02-16 13:27:40 +00:00
floatingghost	c5dcd07e08	Merge pull request 'Fix OpenAPI spec for preferred_frontend endpoint' (#680) from katafrakt/akkoma:fix-openapi-spec-for-preferred-frontend into develop ... Reviewed-on: #680	2024-02-16 12:21:00 +00:00
floatingghost	874ee73a87	Merge pull request 'Document Akkoma API' (#678) from Oneric/akkoma:doc-akkomapi into develop ... Reviewed-on: #678	2024-02-16 12:20:11 +00:00
floatingghost	a905223837	Merge pull request 'Check permissions on configuration file, not symlink' (#687) from erincandescent/akkoma:config-stat-symlink into develop ... Reviewed-on: #687	2024-02-16 12:19:08 +00:00
Oneric	cda597a05c	doc: fix Akkoma identification name ... Akkoma stopped pretending to be Pleroma here when the mix project name was changed in c07fcdbf2b.	2024-02-15 16:25:59 +01:00
Oneric	711043f57d	Document bubble timeline API ... It was added in cb6e7359af.	2024-02-15 16:04:33 +01:00
Oneric	6bb455702d	Document Akkoma API	2024-02-15 16:04:33 +01:00
Oneric	7493d8f49d	Document live dashboard	2024-02-15 16:04:33 +01:00
Haelwenn (lanodan) Monnier	cb7eaccecb	Config: Check the permissions of the linked file instead of the symlink↵	2024-02-14 18:30:27 +01:00
Oneric	376f6b15ca	Add ability to auto-approve followbacks ... Resolves: #148	2024-02-13 15:42:37 +01:00
Oneric	13e62b4e51	Fix schema and docs for status_ttl_days and instance ... Fixes misspelling and omission of and example in commit 0cfd5b4e89 which added the status_ttl_property. This was the only place this commit referred to the property as note_ttl_days. Partially fixes the omitted schema update of the instance metadata addition from commit b7e8ce2350. A proper full schema for nodeinfo is still missing.	2024-02-13 15:39:52 +01:00
floatingghost	6fde75e1f0	Merge pull request 'Purge leftovers from chats' (#684) from Oneric/akkoma:cosmetic-purge-chat into develop ... Reviewed-on: #684	2024-02-13 09:13:37 +00:00
Oneric	192480093c	Provide sane defaults for SMTP ... OTP’s default SSL/TLS settings are rather restricitive and in particular do not use system CA certs. In our case using system CA certs is virtually always desired and the lack of it leads to non-obvious errors. Manually configuring system CA certs from in-database config also isn’t straightforward. Furthermore, gen_smtp uses a different set of connection options for direct SSL/TLS and a later TLS upgrade providing additional confusion and complexity in how to configure this. Thus provide some suitable defaults for sending SMTP emails. Everything can still be overriden by admins if necessary. Note: defaults are not appended when validating the config in hopes of improving the error message (as the required relay key is already accessed to generate defaults for optional fields) Fixes: #660	2024-02-12 22:45:57 +01:00
Oneric	29f564f700	Use fallbacks of summary metrics for prometheus	2024-02-12 02:00:09 +01:00
Oneric	16197ff57a	Display memory as MB in live dashboard ... With kilobyte the resulting numbers got too large and were cut off in the charts, making them useless. However, even an idle Akkoma server’s memory usage is in the lower hundreths of megabytes, so we don’t need this much precision to begin with for the dashboard. Other metric users might prefer base units and can handle scaling in a smarter way, so keep this configurable.	2024-02-12 02:00:09 +01:00
Oneric	8f8e1ff214	Purge unused function scrub_css ... Commit e9f1897cfd added this private function but it never had any users resulting in warnings each startup	2024-02-12 02:00:09 +01:00
Oneric	18ecae6183	Use fully qualified function capture for telementry event ... Otherwise we get warnings on startup as local captures and anonymous functions are supposedly less performant.	2024-02-12 01:59:18 +01:00
Oneric	a6df71eebb	Don't add summary metrics to prometheus ... The exporter doesn’t support them thus we don't lose anything by this, but it avoids a bunch of warnings each time the server starts up.	2024-02-12 01:59:18 +01:00
Oneric	8cf183cb42	Drop Chat tables ... Chats were removed in 0f132b802d	2024-02-11 05:15:08 +01:00
Oneric	5f7d47dcb7	Drop obolete chat/shoutbox config options ... Their functions were purged in 0f132b802d	2024-02-11 05:15:02 +01:00
Paweł Świątkowski	df21b61829	Return last_status_at as date, not datetime	2024-02-05 21:42:15 +01:00
floatingghost	e97d08ee98	Merge pull request 'MRF transparency: don’t forget to obfuscate short domains' (#676) from Oneric/akkoma:mrf-obfuscation into develop ... Reviewed-on: #676	2024-02-05 08:43:43 +00:00
Paweł Świątkowski	d7d159c49f	Fix OpenAPI spec for preferred_frontend endpoint ... The spec was copied from another endpoint, including the operation id, leading to scrubbing the valid parameters from the request and simply not working.	2024-02-03 14:27:45 +01:00
Oneric	3cd882528e	More prominently document MRF transparency and obfuscation ... And point to the cheat sheet for all other MRF policies and their configuration details.	2024-02-02 14:50:21 +00:00
Oneric	e47c50666d	Fix obfuscation of short domains ... Fixes #645	2024-02-02 14:50:13 +00:00
floatingghost	b4ccddab39	Merge pull request 'Fix OAuth consumer mode' (#668) from tcmal/akkoma:develop into develop ... Reviewed-on: #668	2024-02-02 10:05:42 +00:00
Aria	77000b8ffd	update tests for oauth consumer	2023-12-17 21:48:19 +00:00
Aria	a074be24ca	add bit about frontend configuration to oauth consumer docs	2023-12-17 19:36:27 +00:00
Aria	eb0dbf6b79	fix oauth consumer mode ... the previous code passed a state parameter to ueberauth with info about where to go after the user logged in, etc. since ueberauth 0.7, this parameter is ignored and oauth state is used for actual CSRF reasons. we now set a cookie with the state we need to keep track of, and read it once the callback happens.	2023-12-17 19:27:36 +00:00
Aria	e2f749b5b0	don't select ueberauth 0.10.6, as it is broken ... see https://github.com/ueberauth/ueberauth/issues/194	2023-12-17 18:59:31 +00:00
FloatingGhost	6fb91d79f3	bump deps	2023-12-15 16:32:53 +00:00
FloatingGhost	2858cd81e1	Move changelog into our format	2023-12-15 16:32:41 +00:00
Lain Soykaf	c3098e9c56	UserViewTest: Add basice service actor test.	2023-12-15 16:31:51 +00:00
Yonle	8a0e797cff	ap userview: add outbox field. ... Signed-off-by: Yonle <yonle@lecturify.net>	2023-12-15 16:31:51 +00:00
FloatingGhost	74d5e22fc5	fix robotstxt on OTP	2023-12-15 16:23:20 +00:00
floatingghost	bc22ea50ab	Merge pull request 'docs: Fixed wrong command for robots_txt CLI task' (#632) from yukijoou/akkoma:docs-robotstxt-fix into develop ... Reviewed-on: #632	2023-12-15 16:21:17 +00:00
floatingghost	8ae5364886	Merge pull request 'Add shm_size to the Database container' (#634) from EpicKitty/akkoma:develop into develop ... Reviewed-on: #634	2023-12-15 16:20:45 +00:00
FloatingGhost	6cc523bd23	Correct email links to be absolute URLs	2023-11-02 11:49:03 +00:00
FloatingGhost	fb700a956a	correct link	2023-11-02 11:40:19 +00:00
floatingghost	c12d158491	Merge pull request 'Add more image mimetypes to reverse proxy' (#658) from Seirdy/akkoma:moar-image-types into develop ... Reviewed-on: #658	2023-11-02 11:38:40 +00:00
floatingghost	ed5c930dd9	Merge pull request 'Docs: Add note about Docker installations in backup section' (#631) from y0nei/akkoma:develop into develop ... Reviewed-on: #631	2023-11-02 11:04:39 +00:00
floatingghost	3cca953c58	Merge pull request 'added support for arm64 in pleroma_ctl' (#630) from YokaiRick/akkoma:arm64-pleroma_ctl into develop ... Reviewed-on: #630	2023-11-02 11:03:22 +00:00
Rohan Kumar	36f4f18aa5	Add more image mimetypes to reverse proxy ... Add JPEG-XL, AVIF, and WebP support to the reverse proxy. All three are supported in WebKit browsers; the latter two are supported in Gecko and Blink.	2023-11-01 17:47:52 -07:00
FloatingGhost	033b7b04e0	update captcha version	2023-10-20 13:30:29 +01:00
FloatingGhost	d1af78aba1	changelog	2023-09-15 12:00:45 +01:00
FloatingGhost	3e7446d177	Add various both-ugc-and-tag setups	2023-09-15 11:58:56 +01:00
FloatingGhost	c8e08e9cc3	fix issue with API cascading domain blocks but not honouring them	2023-08-25 11:00:49 +01:00
Koneko Toujou	1b9edcba64	Add shm_size to the Database container	2023-08-21 21:50:10 +00:00
yuki joou	32422a7a04	docs: Fixed wrong command for robots_txt CLI task ... This is according to the error message displayed when trying to run the command in the current version of the docs	2023-08-18 13:25:52 +00:00
y0nei	0617090743	Note about Docker installations in backup section	2023-08-17 16:51:53 +02:00
FloatingGhost	5c164028cf	ensure ap_enabled true if coming back pleroma	2023-08-16 23:11:36 +01:00
FloatingGhost	f7ea0a1248	bump OTP required	2023-08-16 23:01:02 +01:00
FloatingGhost	6139c3346d	Add extra rollbacks to pleroma develop	2023-08-16 22:49:23 +01:00
YokaiRick	6ec5437294	added support for arm64 ... added arm64 support for update. Tested on Arch amd64, Debian arm64 and Alpine amd64	2023-08-16 20:58:21 +00:00
FloatingGhost	98f0820ca4	MIX FORMAT	2023-08-15 23:26:22 +01:00
FloatingGhost	9bc0345e57	AND THAT ONE TOO AND ALL	2023-08-15 23:26:08 +01:00
FloatingGhost	f3cc60b202	INBOX NEEDS TO BE A FULL URL YOU IDIOT AM BAKA I SHOULD JUST COMMIT SUDOKU RIGHT NOW	2023-08-15 23:23:59 +01:00
FloatingGhost	063e3c0d34	Disallow nil hosts in should_federate	2023-08-15 23:12:04 +01:00
FloatingGhost	6cb40bee26	Migrate to phoenix 1.7 (#626) ... Closes #612 Co-authored-by: tusooa <tusooa@kazv.moe> Reviewed-on: #626 Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Co-committed-by: FloatingGhost <hannah@coffee-and-dreams.uk>	2023-08-15 10:22:18 +00:00
floatingghost	7a3529ec1c	Merge pull request 'Docs: nginx dir in /opt/akkoma/installation is gone on otp builds' (#627) from YokaiRick/akkoma:update-docs into develop ... Reviewed-on: #627	2023-08-13 14:37:49 +00:00
YokaiRick	76ba400c6d	nginx subdir is missing in otp builds	2023-08-12 22:09:32 +00:00
YokaiRick	655c282de3	update docs nginx subdir in akkoma/installation is gone	2023-08-12 21:59:30 +00:00
floatingghost	0b32beb051	Merge pull request 'meilisearch: Move published date to lower priority' (#623) from norm/akkoma:meilisearch-order into develop ... Reviewed-on: #623	2023-08-12 14:36:53 +00:00
floatingghost	7bb41bffb3	Merge pull request 'Reload emoji when using mix pleroma.emoji gen-pack and get-packs' (#563) from norm/akkoma:emoji-reload into develop ... Reviewed-on: #563	2023-08-12 14:07:23 +00:00
floatingghost	fd11e4f8cd	Merge pull request 'Update OTP docs to mention arm64 in prerequisites' (#615) from norm/akkoma:docs/otp-arm into develop ... Reviewed-on: #615	2023-08-12 14:05:46 +00:00
FloatingGhost	1bd3012c2d	Fix compiler warnings	2023-08-12 15:03:43 +01:00
floatingghost	2df7707060	Merge pull request 'mastodon_api: Add /api/v1/preferences endpoint' (#625) from redstrate/akkoma:work/redstrate/preferences into develop ... Reviewed-on: #625	2023-08-12 13:59:03 +00:00
Joshua Goins	c22ecac567	mastodon_api: Add /api/v1/preferences endpoint ... Implements the preferences endpoint in the Mastodon API, but returns default values for most of the preferences right now. The only supported preference we can access is default post visibility, and a relevant test is added as well.	2023-08-12 09:28:24 -04:00
Norm	d79c92f9c6	meilisearch: Move published date to lower priority ... Currently, Akkoma sorts by published date first before everything else. This however makes search results pretty bad since Meilisearch uses a bucket sort algorithm in order of the ranking rules specified: https://www.meilisearch.com/docs/learn/core_concepts/relevancy#behavior Since the `published` attribute is a unix timestamp, the resulting buckets are pretty small so the other rules essentially have little to no effect on the rankings of search results. This fixes that issue by moving the `published:desc` rule further down so it still sorts by date, but only after considering everything else. AFAIK attribute and sort doesn't really affect results for Akkoma since the only attribute considered is the `content` attribute and the `sort` parameter isn't used in Akkoma searches. Everything else is made to match more closely to Meilisearch's defaults.	2023-08-11 11:07:14 -04:00
FloatingGhost	7bd4ae5412	Bump builds to OTP26	2023-08-09 14:39:28 +01:00
FloatingGhost	165c2485ff	Merge branch 'otp26' into develop	2023-08-09 14:35:06 +01:00
FloatingGhost	60a07da5ef	Update majic deps	2023-08-09 13:58:10 +01:00
FloatingGhost	73be5c3f30	Bump majic	2023-08-09 13:51:49 +01:00
FloatingGhost	e7788f3c82	bullseye build (you owe me for this one)	2023-08-08 22:42:57 +01:00
Norm	0cb3812ac0	Add docker override file to docs and gitignore ... The docker-compose.yml file is likely to be edited quite extensively by admins when setting up an instance. This would likely cause problems when dealing with updating Akkoma as merge conflicts would likely occur. Docker-compose already has the ability to use override files in addition to the main `docker-compose.yml` file. Admins can instead put any overrides (additional volumes, container for elasticsearch, etc.) into a file that won't be tracked by git and thus won't run into merge conflicts in the future. In particular, the `docker-compose.override.yml` will be checked by docker compose in addition to the main file if it exists and override definitions from the latter with the former.	2023-08-07 13:09:04 -04:00
FloatingGhost	f2da47679d	majic	2023-08-07 17:24:05 +01:00
FloatingGhost	63a5b8506c	update majic	2023-08-07 17:13:34 +01:00
FloatingGhost	c7aeeec232	fix yet another keyword equality check	2023-08-07 17:00:16 +01:00
FloatingGhost	80cbdc8480	changelog	2023-08-07 16:27:23 +01:00
floatingghost	3f1e2b0b3b	Merge pull request 'Fix invalid Date HTTP header when signing fetch requests' (#619) from Clovis/akkoma:fix-503 into develop ... Reviewed-on: #619	2023-08-07 15:23:20 +00:00
FloatingGhost	0c21341156	Fix signature checking	2023-08-07 16:17:17 +01:00
Clovis	fc3cc61768	Fix invalid Date HTTP header when signing fetch requests ... #503	2023-08-07 12:43:42 +00:00
FloatingGhost	7825798e32	Add XML matcher	2023-08-07 11:12:14 +01:00
FloatingGhost	e59fc0677b	Update mime dep	2023-08-07 04:07:42 +01:00
FloatingGhost	650c0c0f62	Allow max_id to be at the end of the querystring	2023-08-06 16:44:25 +01:00
FloatingGhost	7956cfb091	Another keyword.equal? check	2023-08-06 16:36:18 +01:00
FloatingGhost	215b550317	Fix keyword ordering reliance	2023-08-06 16:27:15 +01:00
FloatingGhost	c193b4d507	Remove frankly awful config file test	2023-08-06 16:20:46 +01:00
FloatingGhost	866672b6a7	Add unordered list equality matcher	2023-08-06 15:58:11 +01:00
FloatingGhost	ef422a8385	Put matchers in matchers subpackage	2023-08-06 15:53:04 +01:00
FloatingGhost	9723264fe5	Add URI matchers	2023-08-06 15:51:21 +01:00
FloatingGhost	368b22fd2f	Ensure we can't crash out on unusual logger backend settings	2023-08-06 15:12:57 +01:00
Norm	9a7c30fc90	Update OTP docs to mention arm64 in prerequisites	2023-08-05 10:39:03 -04:00
FloatingGhost	59af68c600	Ensure it doesn't break on elixir1.14	2023-08-05 14:11:27 +01:00
FloatingGhost	ec5db753b9	Prevent elixir compiler from yeeting our modules	2023-08-05 14:03:21 +01:00
FloatingGhost	9b362a6739	Patch version	2023-08-05 13:37:04 +01:00
floatingghost	643e7dd7c1	Merge pull request 'Completely disable xml entity resolution' (#614) from MaeIsBad/akkoma:completely-disable-xml-entity-resolution into develop ... Reviewed-on: #614	2023-08-05 12:36:29 +00:00
mae	d868348fac	Completely disable xml entity resolution	2023-08-05 12:32:05 +00:00
FloatingGhost	cc2614e10b	Bump version	2023-08-05 13:26:42 +01:00
FloatingGhost	31d7cc9a9c	Allow Pleroma.HTTP to connect to raw-HTTP without freaking mint out	2023-08-04 23:51:15 +01:00
FloatingGhost	8670d89316	Remove duplicated path ... Fixes #604	2023-08-04 22:39:11 +01:00
Sandra Snan	2556f44219	Fix typo in frontend management docs	2023-08-04 22:34:39 +01:00
FloatingGhost	b4399574ca	Merge remote-tracking branch 'norm/config-permissions' into develop	2023-08-04 22:31:11 +01:00
Weblate	9bbe8b4e84	Translated using Weblate (Catalan) ... Currently translated at 2.1% (22 of 1006 strings) Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Anonymous <noreply@weblate.org> Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ca/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:57 +00:00
Weblate	7753fbe633	Translated using Weblate (Chinese (Simplified)) ... Currently translated at 0.0% (0 of 1006 strings) Co-authored-by: Anonymous <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/zh_Hans/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	7ae0b2f5bd	Translated using Weblate (English (en_TEST)) ... Currently translated at 0.0% (0 of 1006 strings) Co-authored-by: Anonymous <noreply@weblate.org> Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/en_TEST/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	69c11643f7	Translated using Weblate (Italian) ... Currently translated at 0.0% (0 of 1006 strings) Co-authored-by: Anonymous <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/it/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	d1af8abe85	Translated using Weblate (Japanese) ... Currently translated at 0.0% (0 of 1006 strings) Co-authored-by: Anonymous <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ja/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	7017dc92a8	Translated using Weblate (Russian) ... Currently translated at 0.0% (0 of 1006 strings) Co-authored-by: Anonymous <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ru/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	06f03f8b22	Translated using Weblate (Vietnamese) ... Currently translated at 0.0% (0 of 1006 strings) Co-authored-by: Anonymous <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/vi/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	df03e7c8da	Translated using Weblate (Chinese (Traditional)) ... Currently translated at 0.0% (0 of 1006 strings) Co-authored-by: Anonymous <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/zh_Hant/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	6abee6eb40	Translated using Weblate (Indonesian) ... Currently translated at 0.0% (0 of 1006 strings) Co-authored-by: Anonymous <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/id/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	c2bd73518a	Translated using Weblate (Portuguese (Portugal)) ... Currently translated at 0.0% (0 of 1006 strings) Co-authored-by: Anonymous <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/pt_PT/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	7f23a3de21	Translated using Weblate (Dutch) ... Currently translated at 0.0% (0 of 1006 strings) Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Anonymous <noreply@weblate.org> Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/nl/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	0941896a2e	Translated using Weblate (Polish) ... Currently translated at 0.0% (0 of 1006 strings) Co-authored-by: Anonymous <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/pl/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	3e224d24d8	Translated using Weblate (Ukrainian) ... Currently translated at 0.0% (0 of 1006 strings) Co-authored-by: Anonymous <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/uk/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	16332afb95	Translated using Weblate (Hebrew) ... Currently translated at 0.0% (0 of 1006 strings) Co-authored-by: Anonymous <noreply@weblate.org> Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/he/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	0ec5cbe701	Translated using Weblate (French) ... Currently translated at 0.0% (0 of 1006 strings) Co-authored-by: Anonymous <noreply@weblate.org> Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/fr/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	2b2a6d0b3b	Translated using Weblate (Thai) ... Currently translated at 0.0% (0 of 1006 strings) Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Anonymous <noreply@weblate.org> Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/th/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
Weblate	df885b5475	Translated using Weblate (Spanish) ... Currently translated at 0.1% (2 of 1006 strings) Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Anonymous <noreply@weblate.org> Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/ Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/es/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-08-04 21:24:56 +00:00
FloatingGhost	9c7409808f	Add unit test for external entity loading	2023-08-04 22:24:32 +01:00
Mae	1f54bea564	Prevent XML parser from loading external entities	2023-08-04 22:24:17 +01:00
FloatingGhost	6902ede5b7	remove special case from update script	2023-08-04 20:39:33 +01:00
FloatingGhost	8fd74548ff	Combine ubuntu and debian builds	2023-08-04 20:37:17 +01:00
FloatingGhost	8d4d573cc8	use correct elixir version	2023-08-04 20:16:17 +01:00
Haelwenn (lanodan) Monnier	bfebb92bea	changelog: Entry for config permissions restrictions ... Original: 9f0ad901ed	2023-08-04 14:14:14 -04:00
Haelwenn (lanodan) Monnier	749e9f2229	release_runtime_provider_test: chmod config for hardened permissions ... Git doesn't manages file permissions precisely enough for us. Original: 65ef8f19c5	2023-08-04 14:14:04 -04:00
Haelwenn (lanodan) Monnier	4f57c87be4	instance gen: Reduce permissions of pleroma directories and config files ... Original: 69caedc591	2023-08-04 14:13:50 -04:00
Haelwenn (lanodan) Monnier	ae03513934	Config: Restrict permissions of OTP config file ... Original: 8cc8100120	2023-08-04 14:13:36 -04:00
FloatingGhost	0b2ec0ccee	Enable AnonymizeFilenames on all uploads	2023-08-04 15:37:15 +01:00
FloatingGhost	1a88d9278b	Changelog entry	2023-08-04 15:19:06 +01:00
FloatingGhost	723bd123a0	Correct ordering for block/mutes	2023-08-04 15:18:07 +01:00
FloatingGhost	1dc8cc731c	Merge branch 'elixir1.15' into develop	2023-08-04 15:16:14 +01:00
FloatingGhost	6e293b9280	Bump versions in use in the docs	2023-08-04 14:19:18 +01:00
FloatingGhost	87cc5a2110	Fix uploads test being reliant on being run later	2023-08-04 12:59:33 +01:00
FloatingGhost	64e233ca20	Tag Mock-tests as "mocked" and run them seperately	2023-08-04 12:50:50 +01:00
FloatingGhost	9aaf5c9332	Fix gettext warnings	2023-08-04 12:07:43 +01:00
FloatingGhost	2946bf4011	mix format	2023-08-04 12:04:24 +01:00
FloatingGhost	8cebd74b0a	update typo, sslv3	2023-08-04 12:02:57 +01:00
FloatingGhost	fe8c166b8f	Remove IO.inspects	2023-08-04 12:01:52 +01:00
Mark Felder	7e45343f81	Resolve information disclosure vulnerability through emoji pack archive download endpoint	2023-08-04 11:34:19 +01:00
FloatingGhost	f4fe4fcbcc	More static stuff	2023-08-03 23:00:30 +01:00
FloatingGhost	02071ab9b4	bah	2023-08-03 18:40:13 +01:00
FloatingGhost	d5de05bbe4	scream	2023-08-03 18:10:27 +01:00
FloatingGhost	98cb255d12	Support elixir1.15 ... OTP builds to 1.15 Changelog entry Ensure policies are fully loaded Fix :warn use main branch for linkify Fix warn in tests Migrations for phoenix 1.17 Revert "Migrations for phoenix 1.17" This reverts commit 6a3b2f15b7. Oban upgrade Add default empty whitelist mix format limit test to amd64 OTP 26 tests for 1.15 use OTP_VERSION tag baka just 1.15 Massive deps update Update locale, deps Mix format shell???? multiline??? ? max cases 1 use assert_recieve don't put_env in async tests don't async conn/fs tests mix format FIx some uploader issues Fix tests	2023-08-03 17:44:09 +01:00
FloatingGhost	babb4b9a8f	Merge branch 'metadata_webfinger' into develop	2023-08-02 12:05:43 +01:00
FloatingGhost	b65aafe1e3	Fix tests breaking on config changes	2023-08-02 12:05:30 +01:00
FloatingGhost	a1fc79c214	Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop	2023-08-02 11:35:57 +01:00
floatingghost	4fe80acf8f	Merge pull request '[docs] Improve some installation instructions' (#607) from ilja/akkoma:docs_improve_some_installation_instructions into develop ... Reviewed-on: #607	2023-08-02 09:17:11 +00:00
FloatingGhost	1e66cec654	changelog	2023-08-01 11:26:59 +01:00
FloatingGhost	27cbfb8985	Send a NIL body rather than an empty one with GET/HEAD	2023-08-01 11:26:05 +01:00
ilja	8b63a17b87	In chat we often saw that people copy-pasted the "amd64" flavour while they needed another one. ... Here we make it a generic placeholder which should make accidental copy-pasting of this command happen less. We also had one case of someone who got errors because the SHELL variable wasn't set. This is the case for Alpine. Here I added a line to fill it in when not set.	2023-07-31 15:56:39 +02:00
Walter Huf	c38f1aefb1	Add unit tests for Utils.user_name_string	2023-07-28 07:35:00 -07:00
Walter Huf	1377ec33fe	Add a unit test for custom WebFinger domain	2023-07-27 09:01:46 -07:00
Walter Huf	7ff9c356f4	Merge remote-tracking branch 'upstream/develop' into metadata_webfinger	2023-07-27 07:43:17 -07:00
FloatingGhost	801fe9fe32	Changelog	2023-07-27 14:41:18 +01:00
FloatingGhost	08768776e2	don't release arm64 into the amd64 filename	2023-07-27 14:24:29 +01:00
FloatingGhost	7a6ccf68f0	correct ARM build conditions	2023-07-27 14:21:44 +01:00
FloatingGhost	800c4bc442	correct build conditions	2023-07-27 14:21:12 +01:00
FloatingGhost	b63fca2dd7	only build ARM AMD64 on develop	2023-07-27 14:19:28 +01:00
Weblate	eba3cce77b	Update translation files ... Updated by "Squash Git commits" hook in Weblate. Translation: Pleroma fe/Akkoma Backend (Config Descriptions) Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/	2023-07-27 13:14:05 +00:00
Weblate	99d660c9ad	Update translation files ... Updated by "Squash Git commits" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-errors/ Translation: Pleroma fe/Akkoma Backend (Errors)	2023-07-27 13:14:05 +00:00
Weblate	4c9da36748	Translated using Weblate (Chinese (Simplified)) ... Currently translated at 94.6% (89 of 94 strings) Update translation files Updated by "Squash Git commits" hook in Weblate. Co-authored-by: SevicheCC <sevicheee@outlook.com> Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-errors/zh_Hans/ Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-static-pages/ Translation: Pleroma fe/Akkoma Backend (Errors) Translation: Pleroma fe/Akkoma Backend (Static pages)	2023-07-27 13:14:05 +00:00
Weblate	d8f127f6d5	Update translation files ... Updated by "Squash Git commits" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-errors/ Translation: Pleroma fe/Akkoma Backend (Errors)	2023-07-27 13:14:05 +00:00
Weblate	7f57935669	Update translation files ... Updated by "Squash Git commits" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-errors/ Translation: Pleroma fe/Akkoma Backend (Errors)	2023-07-27 13:14:05 +00:00
Weblate	ec74b60d56	Translated using Weblate (Thai) ... Currently translated at 100.0% (0 of 0 strings) Added translation using Weblate (Thai) Co-authored-by: Anonymous <noreply@weblate.org> Co-authored-by: Pongsatorn Paewsoongnern <akkoma@miraiverse.me> Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/th/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions)	2023-07-27 13:14:05 +00:00
Weblate	8fa14bcfe4	Update translation files ... Updated by "Squash Git commits" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-errors/ Translation: Pleroma fe/Akkoma Backend (Errors)	2023-07-27 13:14:05 +00:00
Weblate	412f9656f6	Translated using Weblate (Spanish) ... Currently translated at 0.2% (2 of 994 strings) Update translation files Updated by "Squash Git commits" hook in Weblate. Co-authored-by: Kimberly <kimisaes@gmail.com> Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/es/ Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-errors/ Translation: Pleroma fe/Akkoma Backend (Config Descriptions) Translation: Pleroma fe/Akkoma Backend (Errors)	2023-07-27 13:14:05 +00:00
floatingghost	18bf310543	Merge pull request 'Add arm64 OTP builds' (#596) from arm into develop ... Reviewed-on: #596	2023-07-27 13:14:02 +00:00
FloatingGhost	fa23098093	Merge branch 'develop' into arm	2023-07-27 14:01:11 +01:00
floatingghost	079dcd5b17	Merge pull request 'Document API changes made for fedibird compatibility' (#601) from Oneric/akkoma:doc_fedibird-api into develop ... Reviewed-on: #601	2023-07-27 12:56:45 +00:00
floatingghost	597a97cca9	Merge pull request 'Add no_new_privs hardening to OpenRC and systemd service files' (#575) from norm/akkoma:no-new-privs into develop ... Reviewed-on: #575	2023-07-27 12:54:44 +00:00
floatingghost	6db8ab7c94	Merge pull request 'Varied selection of Pleroma cherry-picks' (#567) from XxXCertifiedForkliftDriverXxX/akkoma:cherry-picks into develop ... Reviewed-on: #567	2023-07-27 12:53:56 +00:00
Oneric	d74542148a	Document API changes made for fedibird compatibility ... Commit 11ec9daa5b (released with 3.2.0) added the fedibird frontend and tweaked and extended Mastodon API for compatibility with it. Document these changes.	2023-07-23 16:15:25 +02:00
Norm	db64556306	Record no_new_privs hardening to changelog	2023-07-22 02:41:35 -04:00
Norm	a86b010e10	Add NoNewPrivileges to systemd service file for source installs ... This setting already exists in the OTP installation directory, but doesn't for the one used by source installs.	2023-07-22 02:40:25 -04:00
Haelwenn (lanodan) Monnier	166ddebdbc	Add no_new_privs to OpenRC service files	2023-07-22 02:40:17 -04:00
FloatingGhost	c79c0fe6cc	add extra flavours to table	2023-07-20 17:45:53 +01:00
FloatingGhost	34601065c3	Mix format	2023-07-20 17:34:05 +01:00
FloatingGhost	394174c0a9	remove postgres from amd64 build	2023-07-20 17:33:41 +01:00
FloatingGhost	d2d2bbe213	bump docker alpine	2023-07-20 17:32:02 +01:00
FloatingGhost	6fe7bdba46	bump alpine version	2023-07-20 17:31:55 +01:00
FloatingGhost	0fa0f60520	fix deps	2023-07-20 17:29:23 +01:00
FloatingGhost	f44babd130	restructure CI	2023-07-20 17:27:58 +01:00
FloatingGhost	827c6b3344	release	2023-07-20 17:13:14 +01:00
FloatingGhost	a91a3f6e60	test on push	2023-07-20 17:02:54 +01:00
FloatingGhost	f7a4147788	split by architecture	2023-07-20 17:02:41 +01:00
FloatingGhost	de1e487695	add potential arm setup	2023-07-20 17:01:29 +01:00
FloatingGhost	33e7ae7637	Allow nil attachments	2023-07-17 20:03:31 +01:00
floatingghost	fa40db6b5a	Merge pull request 'fix ImageMagick typo in media_graphics_packages.md' (#593) from norm/akkoma:media-graphics-typo into develop ... Reviewed-on: #593	2023-07-17 18:49:44 +00:00
floatingghost	ccd8cd6c59	Merge pull request 'Exclude deactivated users from emoji reaction lists' (#592) from active-emoji-reactions into develop ... Reviewed-on: #592	2023-07-17 18:49:15 +00:00
FloatingGhost	900b9b0124	Merge branch 'develop' into active-emoji-reactions	2023-07-17 19:45:43 +01:00
Norm	43aef8b5b1	fix ImageMagick typo in media_graphics_packages.md	2023-07-17 14:44:39 -04:00
FloatingGhost	f1611b6292	Update changelog	2023-07-17 19:19:03 +01:00
FloatingGhost	c63ae73bc0	Add embed controller tests	2023-07-17 19:18:21 +01:00
FloatingGhost	16d2bfef80	Ensure embeds will not be served if unauthenticated users could not see it	2023-07-17 18:24:53 +01:00
FloatingGhost	c8904f15a2	Correct behaviour of mediaproxy blocklist	2023-07-17 18:17:04 +01:00
FloatingGhost	8fe29bf5d2	Exclude deactivated users from emoji reaction lists	2023-07-17 17:53:03 +01:00
floatingghost	452f9e14fb	Merge pull request 'docs: Update Pleroma references to Akkoma in optional packages guide' (#550) from norm/akkoma:docs/media_graphics_packages into develop ... Reviewed-on: #550	2023-07-17 16:47:32 +00:00
floatingghost	5fa1cfc513	Merge pull request 'docs: Add Kaiteki to list of clients' (#548) from norm/akkoma:add-kaiteki into develop ... Reviewed-on: #548	2023-07-17 16:32:38 +00:00
floatingghost	2aac70d690	Merge pull request 'Add config for media subdomain for Caddy' (#555) from norm/akkoma:media-subdomain-caddyfile into develop ... Reviewed-on: #555	2023-07-17 16:30:42 +00:00
floatingghost	3fa65a5c53	Merge pull request 'docs: Update Pleroma-FE references to Akkoma-FE' (#551) from norm/akkoma:docs/akkoma-fe into develop ... Reviewed-on: #551	2023-07-17 16:28:41 +00:00
floatingghost	210df6fe92	Merge pull request 'Fix the /embed endpoint' (#540) from mikihau/akkoma:develop into develop ... Reviewed-on: #540	2023-07-15 20:48:30 +00:00
Bryan Fink	97037c0b53	do not fetch if limit_to_local_content is enabled ... Prior to this change, anyone, authenticated or not, could submit a search query for an activity by URL, and cause the fetcher to go fetch it. That shouldn't happen if `limit_to_local_content` is set to `:all` or if it's set to `:unauthenticated` and the query came from an unauthenticated source.	2023-07-07 12:24:04 -05:00
Norm	8c956bc671	Add OnlyMedia upload filter change to changelog	2023-06-28 01:56:34 +01:00
Mark Felder	5144d6f4ba	Add OnlyMedia Upload Filter to simplify restricting uploads to audio, image, and video types ... Original: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3897	2023-06-28 01:56:14 +01:00
floatingghost	3e4a279a1b	Merge pull request 'Implement blocklists for MediaProxy' (#574) from XxXCertifiedForkliftDriverXxX/akkoma:feature/mediaproxy-blocklist into develop ... Reviewed-on: #574	2023-06-28 00:54:25 +00:00
floatingghost	fc87baf1cf	Merge pull request 'Use OS CA store for Mint HTTP connections' (#573) from XxXCertifiedForkliftDriverXxX/akkoma:fix/use-os-certs into develop ... Reviewed-on: #573	2023-06-28 00:52:26 +00:00
XxXCertifiedForkliftDriverXxX	767e1272b3	Use OS CA store for Mint HTTP connections	2023-06-26 15:50:49 +02:00
XxXCertifiedForkliftDriverXxX	07b478dc49	Implement blocklists for MediaProxy	2023-06-26 15:18:31 +02:00
floatingghost	67cae52b08	Merge pull request 'Add asdf install guide for debian/ubuntu' (#559) from norm/akkoma:asdf into develop ... Reviewed-on: #559	2023-06-26 12:58:01 +00:00
floatingghost	4db42f5ab5	Merge pull request 'Adapt some migrations so they can be rolled back' (#565) from ilja/akkoma:fix_some_migrations_for_rollback into develop ... Reviewed-on: #565	2023-06-26 12:52:22 +00:00
floatingghost	145191ef26	Merge pull request 'Update docker compose commands to Compose V2' (#570) from norm/akkoma:docker-compose into develop ... Reviewed-on: #570	2023-06-26 12:37:38 +00:00
Norm	6674b33d75	update docs with new docker compose commands	2023-06-18 01:44:25 -04:00
Norm	2dfce40117	Update docker compose commands to Compose V2 ... This just replaces all instances of `docker-compose` with `docker compose` in the docker scripts. The old Compose V1 program is unsupported since 2021: https://docs.docker.com/compose/migrate/#will-i-still-be-able-to-use-compose-v1-if-i-really-want-to	2023-06-18 01:37:40 -04:00
tusooa	c0a01e73cf	Enforce unauth restrictions for public streaming endpoints	2023-06-14 22:45:19 +00:00
tusooa	fee6e2aac4	Fix deleting banned users' statuses	2023-06-14 22:45:19 +00:00
Haelwenn (lanodan) Monnier	8669a0abcb	UploadedMedia: Increase readability via ~s sigil	2023-06-14 22:45:19 +00:00
Haelwenn (lanodan) Monnier	37b0d774fa	UploadedMedia: Add missing disposition_type to Content-Disposition ... Set it to `inline` because the vast majority of what's sent is multimedia content while `attachment` would have the side-effect of triggering a download dialog. Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3114	2023-06-14 22:45:19 +00:00
tusooa	1def80c2e7	Fix existing tests	2023-06-14 22:45:19 +00:00
tusooa	3095251e6c	Dedupe poll options	2023-06-14 22:45:19 +00:00
tusooa	79a18f761b	Allow with_relationships param for blocks	2023-06-14 22:45:19 +00:00
kPherox	8fb235e71b	fix: append field values to bio before parsing	2023-06-14 19:44:07 +00:00
kPherox	d6271e7613	feat: build rel me tags with profile fields	2023-06-14 19:44:07 +00:00
Alexander Tumin	5adce547d0	Require related object for notifications to filter on content	2023-06-14 19:41:48 +00:00
tusooa	05e80d1879	Fix block_from_stranger setting	2023-06-14 19:41:44 +00:00
tusooa	1268dbc562	Fix type of admin_account.is_confirmed	2023-06-14 19:38:22 +00:00
tusooa	651979217a	Fix failure when registering a user with no email when approval required	2023-06-14 19:33:58 +00:00
Mark Felder	997551bac9	Fix TwitterCard meta tags ... TwitterCard meta tags are supposed to use the attributes "name" and "content". OpenGraph tags use the attributes "property" and "content". Twitter itself is smart enough to detect broken meta tags and discover the TwitterCard using "property" and "content", but other platforms that only implement parsing of TwitterCards and not OpenGraph may fail to correctly detect the tags as they're under the wrong attributes. > "Open Graph protocol also specifies the use of property and content attributes for markup while > Twitter cards use name and content. Twitter’s parser will fall back to using property and content, > so there is no need to modify existing Open Graph protocol markup if it already exists." [0] [0] https://developer.twitter.com/en/docs/twitter-for-websites/cards/guides/getting-started	2023-06-14 19:30:19 +00:00
Tusooa Zhu	2a290cb331	Lint	2023-06-14 17:20:55 +00:00
Tusooa Zhu	dfd6c96808	Fix SideEffectsTest	2023-06-14 17:20:55 +00:00
Tusooa Zhu	7b9cc9a9b0	Exclude Announce instead of restricting to Create in visibility_tags	2023-06-14 17:20:55 +00:00
Tusooa Zhu	fd38756e92	Do not stream out Announces to public timelines	2023-06-14 17:20:55 +00:00
Tusooa Zhu	5ef7c15d92	Make local-only posts stream in local timeline	2023-06-14 17:18:26 +00:00
Hélène	3227ebf1e1	CommonFixes: more predictable context generation ... `context` fields for objects and activities can now be generated based on the object/activity `inReplyTo` field or its ActivityPub ID, as a fallback method in cases where `context` fields are missing for incoming activities and objects.	2023-06-14 16:22:26 +00:00
Francis Dinh	5e3ca133f2	reword to not mention specific elixir version	2023-06-11 08:46:56 -04:00
ilja	3a13f91fff	Adapt some migrations so they can be rolled back ... This is useful for people who want to migrate back to Pleroma. It's also added in the docs, but also noted that this is barely tested and to be used at their own risk.	2023-06-09 22:02:26 +02:00
Norm	b99053d2c2	Reload emoji when using mix pleroma.emoji gen-pack and get-packs ... I think it makes more sense that the emoji cache gets reloaded in Akkoma if you add or create emoji packs.	2023-06-04 02:43:18 +00:00
Miki Hau	593ddbd796	fix the /embed endpoint	2023-05-31 23:42:08 +00:00
lain	1ae89bddcd	Merge branch 'feature/embeddable-posts' into 'develop' ... Add embeddable posts Closes #1288 See merge request pleroma/pleroma!2319	2023-05-31 23:40:16 +00:00
Francis Dinh	5fe41df8aa	docs: Add Kaiteki to list of clients	2023-05-31 18:19:06 -04:00
Francis Dinh	5ce38591e5	fix typo	2023-05-31 09:03:25 -04:00
Francis Dinh	2482d96782	remove one more java dep	2023-05-31 08:59:03 -04:00
Francis Dinh	f68b047bf7	remove java and gui dependencies	2023-05-31 08:46:05 -04:00
Francis Dinh	48a0145736	add command to restart shell	2023-05-30 21:21:44 -04:00
Francis Dinh	d956dc2f09	Add asdf install guide for debian/ubuntu ... Closes #557	2023-05-30 21:17:26 -04:00
Francis Dinh	40627a94d4	Add config for media subdomain for Caddy ... A recent group of vulnerabilities have been found in Pleroma (and inherited by Akkoma) that involve media files either uploaded by local users or proxied from remote instances (if media proxy is enabled). It is recommended that media files are served on a separate subdomain in order to mitigate this class of vulnerabilities. Based on https://meta.akkoma.dev/t/another-vector-for-the-injection-vulnerability-found/483/2	2023-05-29 14:04:00 -04:00
ilja	3947012691	Fix warnings ... There were two warnings, these are now fixed. I moved the fonts folder into the css folder. Antother option was to change the relative path, but it seems that after changing it in the css file, the path got changed back when rebuilding the site. Maybe it needs to be changed somewhere else, idk, this worked.	2023-05-29 09:10:07 +02:00
ilja	d61b7d4b49	Improve backup restore ... CREATE DATABASE was running in a transaction block with CREATE USER. This isn't allowed (any more?). This is now two separate commands. I also did some other touch-ups including * making it OTP-first, * add backup of static directory because this contains e.g. custom emoji, and * remove the suggestion for using the setup_db.psql file. The reason is because I fear it causes more confusion than what it's worth. * Firstly, OTP installations won't have this file because it's created in /tmp. * Secondly, the instance has been reinstalled and thus a new setup_db.psql with different password may have been created, causing only more confusion.	2023-05-29 09:09:56 +02:00
floatingghost	fb8081e1a3	Merge pull request 'Stop exposing if a user blocks you over the API.' (#553) from XxXCertifiedForkliftDriverXxX/akkoma:feature/hide-blocked_by into develop ... Reviewed-on: #553	2023-05-28 22:02:33 +00:00
XxXCertifiedForkliftDriverXxX	1b560d547a	Stop exposing if a user blocks you over the API.	2023-05-28 23:42:27 +02:00
Francis Dinh	0e5f55deea	more references being updated	2023-05-26 22:54:12 -04:00
Francis Dinh	f0f0c76805	docs: Update Pleroma-FE references to Akkoma-FE ... The frontend got renamed a while back, so the docs should be updated to reflect that.	2023-05-26 22:36:27 -04:00
Francis Dinh	b3fc098b83	docs: Update Pleroma references to Akkoma in optional packages guide ... This apparently slipped past though all of the doc updates from a while back.	2023-05-26 22:26:14 -04:00
FloatingGhost	39b3d92cd8	Bump version	2023-05-26 20:46:38 +01:00
Haelwenn (lanodan) Monnier	70b0f93865	Apply oembed patch	2023-05-26 20:45:57 +01:00
FloatingGhost	a388d2503e	revert uploaded-media	2023-05-26 12:06:41 +01:00
FloatingGhost	7fb9960ccd	Add CSP to mediaproxy links	2023-05-26 11:46:18 +01:00
FloatingGhost	9d83a1e23f	Add csp	2023-05-26 11:41:22 +01:00
FloatingGhost	82ca7a6470	bump version	2023-05-23 14:10:01 +01:00
FloatingGhost	9e9cf58fdf	or not	2023-05-23 13:54:22 +01:00
FloatingGhost	2fc26609f6	ensure we depend on poison	2023-05-23 13:53:54 +01:00
FloatingGhost	8c208f751d	Fix filtering out incorrect addresses	2023-05-23 13:46:25 +01:00
FloatingGhost	037f881187	Fix create processing in direct message disabled	2023-05-23 13:16:20 +01:00
FloatingGhost	ab34680554	switch to using an enum system for DM acceptance	2023-05-23 10:29:08 +01:00
FloatingGhost	d310f99d6a	Add MRFs for direct message manipulation	2023-05-22 23:53:44 +01:00
floatingghost	4e969758e5	Merge pull request 'fix remote interaction form style' (#542) from denys/akkoma:style-remote-interaction into develop ... Reviewed-on: #542	2023-05-22 21:35:51 +00:00
floatingghost	f72d773cc3	Merge pull request 'Make UserNote comment default to the empty string.' (#530) from provable_ascent/akkoma:provable_ascent-patch-1 into develop ... Reviewed-on: #530	2023-05-22 21:33:01 +00:00
floatingghost	3437e11cf7	Merge pull request 'Return empty string in the event of no detected language' (#535) from midnight/akkoma:fix-libretranslate into develop ... Reviewed-on: #535	2023-05-22 21:30:51 +00:00
floatingghost	6225f24f5f	Merge pull request 'Clean up bookmarks after prune_objects' (#544) from ilja/akkoma:clean_up_bookmarks_after_prune_objects into develop ... Reviewed-on: #544	2023-05-22 21:28:48 +00:00
ilja	f49e9e6d4c	Clean up bookmarks after prune_objects ... When doing prune_objects, it's possible that bookmarked objects are deleted. This gave problems when fetching the bookmark TL. Here we clean up the bookmarks during pruning in the case were it's possible that bookmarked objects are deleted.	2023-05-21 13:02:28 +02:00
ilja	c7fb78cc32	Move deadline and old_insert_date to setup ... Several tests for prune_objetcs need a date older than the deadline for pruning, so I moved that to the setup	2023-05-21 12:01:54 +02:00
Denys Nykula	ddf4d8026d	fix remote interaction form style	2023-05-18 22:53:40 +03:00
provable_ascent	3fef9d1b67	Merge branch 'develop' into provable_ascent-patch-1	2023-05-12 02:19:13 +00:00
provable_ascent	9c4203632d	Add user_note_test.exs.	2023-05-12 02:18:24 +00:00
midnight	f1e66b39c7	Return empty string in the event of no detected language	2023-05-08 18:52:19 -04:00
FloatingGhost	145c73076d	Update dependencies	2023-05-08 16:29:25 +01:00
provable_ascent	d8bed0ff63	Make UserNote comment default to the empty string. ... This make the behavior consistent between when UserNote doesn't exist and when comment is null. The current behavior may return null in APIs, which misleads some clients doing feature detection into thinking the server does not support comments. For example, see https://codeberg.org/husky/husky/issues/92	2023-04-27 05:22:12 +00:00
FloatingGhost	b86b3a9e29	Support public key URIs that incomprehensibly have GET args ... Fixes #528	2023-04-25 13:30:20 +01:00
FloatingGhost	d6bed599c8	correct version bump	2023-04-14 18:09:59 +01:00
FloatingGhost	963d29ad8c	2023.04 Release	2023-04-14 18:00:59 +01:00
FloatingGhost	f2b4e7f86b	Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop	2023-04-14 17:56:56 +01:00
FloatingGhost	522221f7fb	Mix format	2023-04-14 17:56:34 +01:00
Atsuko Karagi	1fa3c0b485	Remove support for outdated Create format	2023-04-14 17:46:22 +01:00
Atsuko Karagi	d2b0d86471	HTTP signatures respect allowlist federation	2023-04-14 17:46:06 +01:00
FloatingGhost	f12d3cce39	ensure only pickable frontends can be returned	2023-04-14 17:42:40 +01:00
floatingghost	8c86a06ed1	Merge pull request 'Remove "default" image description' (#493) from ilja/akkoma:remove_default_image_description into develop ... Reviewed-on: #493	2023-04-14 16:27:41 +00:00
FloatingGhost	ba59fdcd54	add changelog entry	2023-04-14 16:56:51 +01:00
FloatingGhost	4c9c959bb3	Merge branch 'develop' into frontend-switcher-9000	2023-04-14 16:56:10 +01:00
FloatingGhost	9e8e7cc13e	Add note telling people to refresh	2023-04-14 16:55:48 +01:00
FloatingGhost	a079ec3a3c	in dev, allow dev FE	2023-04-14 16:36:40 +01:00
FloatingGhost	1b2c24a19e	fix tests	2023-04-14 15:20:55 +01:00
floatingghost	62e22eeff2	Merge pull request 'Update elixir versions' (#512) from norm/akkoma:update-elixir-versions into develop ... Reviewed-on: #512	2023-04-11 09:28:01 +00:00
floatingghost	ca1accc1cf	Merge pull request 'Add YunoHost to installation guides' (#518) from ilja/akkoma:docs_ynh_installation into develop ... Reviewed-on: #518	2023-04-11 09:26:38 +00:00
ilja	d8d9edee98	Add YunoHost to installation guides	2023-04-03 11:22:53 +02:00
FloatingGhost	2a8c1f4192	Add extra diagnostic tasks in	2023-03-29 14:11:00 +01:00
FloatingGhost	66d162bb9e	Add debug logs to timeline rendering to assist debugging	2023-03-29 12:01:16 +01:00
FloatingGhost	d85d1e128a	we don't actually need the object on redirect	2023-03-29 11:44:03 +01:00
floatingghost	ef8f13a158	Merge pull request 'I LOVE OBJECTS!!' (#517) from wowee into develop ... Reviewed-on: #517	2023-03-29 02:33:51 +00:00
sadposter	0151ca1d52	Revert "Remove indexer plugin" ... This reverts commit 1d94f2a424.	2023-03-29 03:32:30 +01:00
sadposter	3f340cbc43	Only even attempt to fetch local activities by object_id ... TODO: PLEASE FOR THE LOVE OF KANATAN CACHE THIS	2023-03-29 03:32:24 +01:00
FloatingGhost	1d94f2a424	Remove indexer plugin	2023-03-29 01:59:19 +01:00
FloatingGhost	de64c6c54a	add selection UI	2023-03-28 12:44:52 +01:00
FloatingGhost	4bbe9c8f5c	Ship with hehe	2023-03-27 10:03:12 +01:00
floatingghost	281c4636fa	Merge pull request 'Show bubble_timeline in the api if any instances are set in it' (#502) from foxing/akkoma:foxing-patch-1 into develop ... Reviewed-on: #502	2023-03-21 10:13:41 +00:00
FloatingGhost	f94e8a3713	add bubble visibility to description	2023-03-18 20:49:43 +00:00
FloatingGhost	dd44387f1a	Add timeline visibility options	2023-03-17 15:33:28 +00:00
Francis Dinh	63870c2c17	Update base image in Dockerfile to newer elixir version	2023-03-16 12:55:04 -04:00
Francis Dinh	3c30666d3f	Update elixir and erlang versions in docs	2023-03-16 12:54:38 -04:00
Francis Dinh	f22bba6359	Update elixir version in elixir_buildpack.config	2023-03-16 12:54:15 -04:00
Francis Dinh	4a5164be93	Update required elixir version in mix.exs to 1.14	2023-03-16 12:53:38 -04:00
FloatingGhost	fe7045632b	also put publicVisibility in preloaded nodeinfo	2023-03-15 22:59:58 +00:00
FloatingGhost	86a5cf3c82	Changelog entry	2023-03-15 22:20:32 +00:00
FloatingGhost	2c9e02429a	mix format	2023-03-15 22:19:52 +00:00
FloatingGhost	9464d50562	Add publicTimelineVisibility to nodeinfo	2023-03-15 22:13:18 +00:00
foxing	bd040fe96a	Merge branch 'develop' into foxing-patch-1	2023-03-13 03:41:15 +00:00
foxing	ba635e97c8	Use enum empty instead	2023-03-13 03:40:20 +00:00
floatingghost	377d1483b6	Merge pull request 'Apply security patch from pleroma to prevent nested file names being uploaded to the server.' (#507) from foxing/akkoma:foxing-patch-2 into develop ... Reviewed-on: #507	2023-03-13 00:29:51 +00:00
floatingghost	c5769bbf6d	Merge pull request 'don't crash on malformed avatar and banner values' (#506) from flisk/akkoma:fix-crash-malformed-avatars-banners into develop ... Reviewed-on: #506	2023-03-13 00:28:16 +00:00
FloatingGhost	643b8c5f15	ensure we send the right files for preferred fe	2023-03-12 23:59:10 +00:00
FloatingGhost	3d964a9970	Add frontend preference route	2023-03-12 23:24:07 +00:00
foxing	c2ae3273d5	Merge branch 'develop' into foxing-patch-2	2023-03-12 19:23:22 +00:00
foxing	3f76de76da	Apply Patch	2023-03-12 19:13:56 +00:00
flisk	0c77be9308	don't crash on malformed avatar and banner values ... weird values in href will cause base64 encoding to fail later down the line, so let's make sure the value we're passing on is somewhat sane, or at the very least a binary this fixes #482	2023-03-12 18:14:05 +01:00
ilja	6c396fcab4	Remove "default" image description ... When no image description is filled in, Pleroma allowed fallbacks. Those were (based on a setting) either the filename, or a fixed description. Neither are good options for image descriptions imo, so here we remove this. Note that there's two tests removed who supposedly tested something else. But examining closer, they didn't seem to test what they claimed to test, so I removed them rather than try to "fix" them.	2023-03-12 08:42:33 +01:00
foxing	e17d8f744e	Merge branch 'develop' into foxing-patch-1	2023-03-11 19:09:14 +00:00
FloatingGhost	58f75ac062	patch version	2023-03-11 18:24:57 +00:00
FloatingGhost	70803d7966	Remove mix.env reference	2023-03-11 18:24:44 +00:00
FloatingGhost	800fe40407	Bump version	2023-03-11 17:26:21 +00:00
FloatingGhost	5ca22c2459	ensure we can't have a null in appends	2023-03-11 17:24:49 +00:00
foxing	19eb826424	Show bubble_timeline in the api if any instances are set in it, do not show if none are set	2023-03-11 03:26:48 +00:00
FloatingGhost	9977588612	we should probably use ||	2023-03-10 18:49:08 +00:00
floatingghost	e124a109c1	Remove _misskey_reaction matching (#500) ... Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #500	2023-03-10 18:46:49 +00:00
floatingghost	592340a49d	Merge pull request 'Fix typo in installation/akkoma.service' (#498) from quad/akkoma:develop into develop ... Reviewed-on: #498	2023-03-10 17:20:33 +00:00
quad	f1e836b183	Fix typo in installation/akkoma.service	2023-03-10 15:51:56 +00:00
FloatingGhost	08dfce98be	Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop	2023-03-10 03:51:45 +00:00
FloatingGhost	b2112302ce	Add more information about failed verifications	2023-03-10 03:51:24 +00:00
foxing	964a855319	Display Quote posts in the api features list to allow external clients to enable compatibility with it. (#496) ... Expose quote posting in the api as a feature. Copies what the quote post PR for pleroma does to allow external clients to enable and disable features based on the feature-set of the instance. As far as I am aware, akkoma doesn't allow you to disable quote posting, so this doesn't need anything fancy and it's just a hard on switch. I tried to get one for the bubble tl to work also, but I'm not quite sure how to do it so that it switches off the feature when the bubble tl is disabled. I would argue that it could and ideally should be done as well though. I also discovered a pretty tame bug in the testing of it, that deleting the DB entry for the bubble tl does not stop the bubble TL from actually working and it will continue to display the panel on the about page, I'll just leave it as a note here. Reviewed-on: #496 Co-authored-by: foxing <foxing@noreply.akkoma> Co-committed-by: foxing <foxing@noreply.akkoma>	2023-03-09 20:40:28 +00:00
FloatingGhost	8a4437d2be	Allow expires_at in filter requests ... Fixes #492	2023-03-09 19:13:14 +00:00
FloatingGhost	87d5e5b06a	Allow moderators to get the admin scope again ... Fixes #463	2023-03-08 17:39:35 +00:00
floatingghost	c8add9d1dc	Merge pull request 'fix invalid proxy_hide_header in example config' (#472) from flisk/akkoma:remote-media-docs-fix into develop ... Reviewed-on: #472	2023-03-02 11:19:46 +00:00
floatingghost	d43c8080d0	Merge pull request 'updating docs: start akko first, then upgrade frontend' (#486) from flisk/akkoma:fix-updating-docs into develop ... Reviewed-on: #486	2023-03-02 11:18:12 +00:00
floatingghost	df03d64dc5	Merge pull request 'Reblog content should be ""' (#489) from masto4-reboost into develop ... Reviewed-on: #489	2023-03-02 11:16:26 +00:00
FloatingGhost	b88e6560e0	Reblog content should be "" ... Fixes #450	2023-03-02 11:04:27 +00:00
flisk	1ab0b3a0e2	match nginx config to install config and extend docs a bit	2023-02-26 23:58:55 +01:00
flisk	cb28b8f0fe	updating docs: start akko first, then upgrade frontend	2023-02-26 23:42:28 +01:00
flisk	531a550184	fix invalid proxy_hide_header in example config	2023-02-26 23:25:46 +01:00
FloatingGhost	45a11aa20f	add changelog entry for MFM	2023-02-26 22:12:31 +00:00
FloatingGhost	f56e3098ef	Merge branch 'delete_orphaned_activities' into develop	2023-02-26 22:11:30 +00:00
floatingghost	fd1dc87eb4	Merge pull request 'update backwards compat notice in admin_api.md' (#473) from flisk/akkoma:update-admin-api-docs into develop ... Reviewed-on: #473	2023-02-26 22:01:57 +00:00
floatingghost	7bd80ccf07	Merge pull request 'update prometheus docs' (#474) from flisk/akkoma:update-prometheus-docs into develop ... Reviewed-on: #474	2023-02-26 22:00:12 +00:00
floatingghost	f7211459ef	Merge pull request 'Rename index for faster database restore' (#455) from ilja/akkoma:rename_index_for_faster_restore into develop ... Reviewed-on: #455	2023-02-26 21:58:56 +00:00
floatingghost	fc842aa7c7	Merge pull request 'Docs: Change docs README for new way of building docs' (#448) from ilja/akkoma:improve_readme_from_docs into develop ... Reviewed-on: #448	2023-02-26 21:49:42 +00:00
FloatingGhost	08d49fba7d	fine then no fun allowed, y'all don't deserve it	2023-02-26 21:25:57 +00:00
ilja	328b4d93b7	Changelog + remove some unneeded comments from the tests	2023-02-26 14:43:19 +01:00
ilja	c1c962e1a8	Add docs for pleroma_ctl database prune_objects --prune-orphaned-activities ... I also added extra info on VACUUM FULL	2023-02-26 14:41:50 +01:00
ilja	57eef6d764	prune_objects can prune orphaned activities who reference an array of objects ... E.g. Flag activities have an array of objects We prune the activity when NONE of the objects can be found Note that the cost of finding and deleting these is ~4x higher than finding and deleting the non-array ones Only string: Delete on activities (cost=506573.48..506580.38 rows=0 width=0) Only Array: Delete on activities (cost=3570359.68..4276365.34 rows=0 width=0) (They are still executed separately, so the total cost is the sum of the two)	2023-02-26 14:41:50 +01:00
ilja	a7ec6e039c	prune_objects can prune orphaned activities ... We add an option to also prune remote activities who don't have existing objects any more they reference. Rn, we only check for activities who only reference one object, not an array or embeded object.	2023-02-26 14:41:50 +01:00
ilja	3b634dcbe7	Remove the note about activities_visibility_index ... We renamed another index is the previous commit so that this work-around isn't needed any more	2023-02-26 14:38:14 +01:00
ilja	8b2adc4fb4	Rename users_ap_id_COALESCE_follower_address_index for faster db restoration ... By default Postgresql first restores the data and then the indexes when dumping and restoring the database. Restoring index activities_visibility_index took a very long time. users_ap_id_COALESCE_follower_address_index was later added because having this could speed up the restoration tremendously. The problem now is that restoration apparently happens in alphabetical order, so this new index wasn't created yet by the time activities_visibility_index needed it. There were several work-arounds which included more complex steps during backup/restore. By renaming this index, it should be restored first and thus activities_visibility_index can make use of it. This speeds up restoration significantly without requiring more complex or unexpected steps from people.	2023-02-26 14:33:17 +01:00
FloatingGhost	9f34294332	Add changelog entry	2023-02-23 11:07:59 +00:00
FloatingGhost	d3089ec399	Ensure we can update contentMap on update	2023-02-23 11:00:55 +00:00
floatingghost	f22c6e4108	Merge pull request 'Update docs about clients' (#484) from mahito1594/akkoma:docs/update-clients-info into develop ... Reviewed-on: #484	2023-02-22 15:44:00 +00:00
Mahito TANNO	3f03f1df9c	docs: update URL hosting husky's sourse code	2023-02-22 22:50:18 +09:00
Mahito TANNO	9dc3f8fcdc	docs: remark that Pinafore is now unmaintained	2023-02-22 22:43:17 +09:00
floatingghost	3744789710	Merge pull request 'update healthcheck route in locale string' (#475) from flisk/akkoma:update-healthcheck-route-reference into develop ... Reviewed-on: #475	2023-02-21 09:44:55 +00:00
floatingghost	ea30d22dfe	Merge pull request 'Interpret \n as newline for MFM' (#478) from ilja/akkoma:newline_remains_newline_in_mfm into develop ... Reviewed-on: #478	2023-02-21 09:43:15 +00:00
ilja	b4952a81fe	Interpret \n as newline for MFM ... Markdown doesn't generally consider `\n` a newline, but Misskey does for MFM. Now we do to for MFM (and not for Markdown) :)	2023-02-18 19:56:11 +01:00
flisk	292f0444d0	update healthcheck route in locale string	2023-02-18 14:59:46 +01:00
flisk	a18b5755b4	run mix gettext.extract ... seems like this hasn't been run in a while. putting this in a separate commit so the changes i'm about to make don't get drowned in all of this stuff.	2023-02-18 14:58:35 +01:00
flisk	da4c87b226	update prometheus docs	2023-02-18 14:39:22 +01:00
flisk	439ec49137	update backwards compat notice in admin_api.md	2023-02-18 14:37:12 +01:00
FloatingGhost	ef279ac53f	build musl on develop	2023-02-15 22:09:31 +00:00
FloatingGhost	b4e37b03d8	use a slightly earlier alpine version	2023-02-15 22:08:55 +00:00
FloatingGhost	f92484fd01	add version in changelog	2023-02-11 11:19:33 +00:00
FloatingGhost	6e07ed6ea9	fix docker tag	2023-02-11 10:58:53 +00:00
FloatingGhost	d2b57a7f9e	bump elixir version in CI	2023-02-11 10:56:53 +00:00
FloatingGhost	439e915531	bump version	2023-02-11 10:48:52 +00:00
ilja	b71db2f82d	create_service_actor is now type Application ... This is used for internal fetch and for relay. Both represent the instance and therefore are an aplication.	2023-02-04 21:00:21 +00:00
floatingghost	aeb68a0ad1	paginate follow requests (#460) ... matches https://docs.joinmastodon.org/methods/follow_requests/#get mostly Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #460	2023-02-04 20:51:17 +00:00
ilja	7f8932304f	typo + remove unneeded file	2023-02-02 14:37:45 +01:00
floatingghost	56c37dc6b3	Merge pull request 'DOCS: Add info on fe to setup of dev env' (#456) from ilja/akkoma:docs_add_fe_to_akkoma_dev into develop ... Reviewed-on: #456	2023-01-30 11:28:28 +00:00
floatingghost	3405623d46	Merge pull request 'Docs: Add more info to the development index file' (#451) from ilja/akkoma:docs_add_some_developer_docs into develop ... Reviewed-on: #451	2023-01-30 11:27:23 +00:00
floatingghost	702979bca3	Merge pull request 'Docs: Changes to pgtune docs' (#449) from ilja/akkoma:docs_small_adition_to_pgtune into develop ... Reviewed-on: #449	2023-01-30 11:25:46 +00:00
ilja	7e3ede02f7	Add info on fe to setup of dev env ... I added info about installing front ends from the development branch I also rearanged the list of exceptions (what's different than "normal" installation) so the order is closer to how you'd encounter things in the installation docs + small fixes	2023-01-29 08:29:06 +01:00
floatingghost	d601ddeb91	Merge pull request 'Make default outgoing-blocks setting off' (#454) from Seirdy/akkoma:outgoing-blocks-default-off into develop ... Reviewed-on: #454	2023-01-27 10:06:49 +00:00
Seirdy	676cc0d0d7	Make default outgoing-blocks setting off ... This should help mitigate negative impacts related to block-retaliation and block-circumvention when blocks become visible to the blocked party. Instances interested in broadcasting blocks can turn this on if they wish. This should have always been the default. See also: AkkomaGang/akkoma-fe#274	2023-01-26 22:01:22 -08:00
ilja	e74e1efe1c	Change docs README for new way of building docs ... Docs used to be a separate repo who cloned pleroma and pelroma-fe. Now the docs are just the BE docs and completely part of the Akkoma repo. I moved back to using venv because that's what I used and cleaner imo since it keeps everything nice in the repo. (Iirc virtualenv stored things in the Home folder or smthng)	2023-01-26 15:42:53 +01:00
ilja	ce6f652a9a	Add more info to the development index file ... Credit where credit is due; I inspired myself by looking at the yunohost docs * https://yunohost.org/en/dev * https://yunohost.org/en/packaging_apps_start I try to be inviting to new developers and guide them in their first steps into Akkoma development. I try to keep the page itself as short as possible and link to relevant places. That way people can quickly skim over parts that they don't need, while people who do need more can simply follow the links.	2023-01-26 13:40:51 +01:00
ilja	377527ea03	Changes to pgtune docs ... I experienced that it may be better to tell pgtune you have lower resoures than what you have when you have other services running. I added that now. I also moved the examples as part of the pgtune section.	2023-01-26 10:11:29 +01:00
Walter Huf	54fdf3a5de	Use any custom WebFinger domain for page metadata	2023-01-22 16:26:41 -08:00
FloatingGhost	153539a246	add changelog entry	2023-01-15 19:02:58 +00:00
FloatingGhost	d394ab0a8a	Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop	2023-01-15 18:58:26 +00:00
FloatingGhost	90088cce11	Support TLD wildcards in MRF matches ... Fixes #431	2023-01-15 18:57:49 +00:00
floatingghost	63ce25f32c	Merge pull request 'Correct og:description tag in static-fe' (#373) from sfr/akkoma:fix/og-description into develop ... Reviewed-on: #373	2023-01-15 18:15:20 +00:00
sfr	20cd8a0fc4	URL encode remote emoji pack names (#362) ... fix #246 Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com> Reviewed-on: #362 Co-authored-by: sfr <sol@solfisher.com> Co-committed-by: sfr <sol@solfisher.com>	2023-01-15 18:14:04 +00:00
floatingghost	0fb2042f2c	Merge pull request 'Remove refences to ARM OTP builds in install guide' (#432) from norm/akkoma:remove-arm-otp into develop ... Reviewed-on: #432	2023-01-15 18:11:53 +00:00
floatingghost	0c8da6466e	Merge pull request 'Update OpenBSD docs' (#414) from lechindianer/akkoma:update-openbsd-docs into develop ... Reviewed-on: #414	2023-01-15 18:09:32 +00:00
floatingghost	975bc6d7e8	Merge pull request 'fix: Give error message to users when address has already been validated' (#435) from cheerfulstoic/akkoma:develop into develop ... Reviewed-on: #435	2023-01-15 18:06:12 +00:00
FloatingGhost	2fc5fb7f5a	Add changelog entry	2023-01-15 18:05:02 +00:00
FloatingGhost	f3c118ca23	Mix format	2023-01-15 18:00:03 +00:00
FloatingGhost	0d342a35e3	add contentMap to schema	2023-01-15 17:59:19 +00:00
Brian Underwood	7ca9ce9d67	fix: Give error message to users when address has already been validated ... Plus other errors.	2023-01-12 22:08:10 +01:00
FloatingGhost	65e8e8fb6d	Merge branch 'language-on-posts' into develop	2023-01-11 15:44:15 +00:00
FloatingGhost	ff5793198f	add inbound language test	2023-01-11 15:42:13 +00:00
FloatingGhost	78c44f31ca	fix no-language-specified federation	2023-01-11 15:25:34 +00:00
floatingghost	260c87006e	revert ae54c06bb4 ... revert Language code on mastoapi statuses (#433) Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #433	2023-01-10 15:00:47 +00:00
floatingghost	ae54c06bb4	Language code on mastoapi statuses (#433) ... Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #433	2023-01-10 13:45:43 +00:00
FloatingGhost	22068f0853	fix unused variable warnings	2023-01-10 10:58:17 +00:00
FloatingGhost	7eebaa7a18	bump mock	2023-01-10 10:48:14 +00:00
FloatingGhost	cc63a89b5d	Fix tests	2023-01-10 10:29:17 +00:00
FloatingGhost	f86bf16430	Add language support on /api/v1/statuses	2023-01-10 10:29:17 +00:00
floatingghost	6965a2f163	Merge pull request 'use postgres 15 in CI' (#411) from ci-postgres-15 into develop ... Reviewed-on: #411	2023-01-09 22:16:43 +00:00
ilja	7695010268	Prune Objects --keep-threads option (#350) ... This adds an option to the prune_objects mix task. The original way deleted all non-local public posts older than a certain time frame. Here we add a different query which you can call using the option --keep-threads. We query from the activities table all context id's where 1. the newest activity with this context is still old 2. none of the activities with this context is is local 3. none of the activities with this context is bookmarked and delete all objects with these contexts. The idea is that posts with local activities (posts, replies, likes, repeats...) may be interesting to keep. Besides that, a post lives in a certain context (the thread), so we keep the whole thread as well. Caveats: * ~~Quotes have a different context. Therefore, when someone quotes a post, it's possible the quoted post will still be deleted.~~ fixed in #379 * Although undocumented (in docs/docs/administration/CLI_tasks/database.md/#prune-old-remote-posts-from-the-database), the 'normal' delete action still kept old remote non-public posts. I added an option to keep this behaviour, but this also means that you now have to explicitly provide that option. **This could be considered a breaking change!** * ~~Note that this removes from the objects table, but not from the activities.~~ See #427 for that. Some statistics from explain analyse: (cost=1402845.92..1933782.00 rows=3810907 width=62) (actual time=2562455.486..2562455.495 rows=0 loops=1) Planning Time: 505.327 ms Trigger for constraint chat_message_references_object_id_fkey: time=651939.797 calls=921740 Trigger for constraint deliveries_object_id_fkey: time=52036.009 calls=921740 Trigger for constraint hashtags_objects_object_id_fkey: time=20665.778 calls=921740 Execution Time: 3287933.902 ms *** **TODO** 1. [x] **Question:** Is it OK to keep it like this in regard to quote posts? If not (ie post quoted by local users should also be kept), should we give quotes the same context as the post they are quoting? (If we don't want to give them the same context, I'll have to see how/if I can do it without being too costly) * See #379 2. [x] **Question:** the "original" query only deletes public posts (this is undocumented, but you can check the code). This new one doesn't care for scope. From the docs I get that the idea is that posts can be refetched when needed. But I have from a trusted source that Pleroma can't refetch non-public posts. I assume that's the reason why they are kept here. I see different options to deal with this 1. ~~We keep it as currently implemented and just don't care about scope with this option~~ 2. ~~We add logic to not delete non-public posts either (I'll have to see how costly that becomes)~~ 3. We add an extra --keep-non-public parameter. This is technically speaking breakage (you didn't have to provide a param before for this, now you do), but I'm inclined to not care much because it wasn't documented nor tested in the first place. 3. [x] See if we can do the query using Elixir 4. [x] Test on a bigger DB to see that we don't run into a timeout 5. [x] Add docs Co-authored-by: ilja <git@ilja.space> Reviewed-on: #350 Co-authored-by: ilja <akkoma.dev@ilja.space> Co-committed-by: ilja <akkoma.dev@ilja.space>	2023-01-09 22:15:41 +00:00
floatingghost	357f80a714	Merge pull request 'Changed references of "Pleroma" to "Akkoma" in email text' (#428) from knova/akkoma:develop into develop ... Reviewed-on: #428	2023-01-09 22:13:45 +00:00
darkkirb	a8cd859ef9	Use actual ISO8601 timestamps for masto API (#425) ... Some users post posts with spoofed timestamp, and some clients will have issues with certain dates. Tusky for example crashes if the date is any sooner than 1 BCE (“year zero” in the representation). I limited the range of what is considered a valid date to be somewhere between the years 1583 and 9999 (inclusive). The numbers have been chosen because: - ISO 8601 only allows years before 1583 with “mutual agreement” - Years after 9999 could cause issues with certain clients as well Co-authored-by: Charlotte 🦝 Delenk <lotte@chir.rs> Reviewed-on: #425 Co-authored-by: darkkirb <lotte@chir.rs> Co-committed-by: darkkirb <lotte@chir.rs>	2023-01-09 22:12:28 +00:00
floatingghost	0d56adc16b	Merge pull request 'exiftool doesn’t support JPEG XL either' (#426) from darkkirb/akkoma:exiftools-no-jxl into develop ... Reviewed-on: #426	2023-01-09 22:10:54 +00:00
Norm	eb55472450	Remove refences to ARM OTP builds in install guide ... Akkoma currently doesn't provide ARM OTP builds unlike Pleroma, so it's best to update the install guide to reflect that. Ref: #424	2023-01-09 20:11:33 +00:00
knova	13d943667e	Changed references of "Pleroma" to "Akkoma" in email text ... I know this is probably small peanuts in the grand scheme of things, but it bugged me when I was messing around with my own Akkoma instance.	2023-01-08 03:29:09 +00:00
Charlotte 🦝 Delenk	f2b925f32c	exiftool doesn’t support JPEG XL either	2023-01-07 14:49:58 +01:00
ihor	b98fe4476c	fix "exiftool not support svg files' (#421) ... Faced with this issue today, Pleroma responds with status 400 (Bad request) if Exiftool.StripLocation is added to the list of filter modules for uploads. Here is logs: ``` 13:27:25.201 [info] POST /api/v1/media 13:27:25.232 request_id=FzdspaAnrA6cyv0APgVR [error] Elixir.Pleroma.Upload.Filter: Filter Elixir.Pleroma.Upload.Filter.Exiftool.StripLocation failed: {:error, "Elixir.Pleroma.Upload.Filter.Exiftool.StripLocation: %ErlangError{original: :enoent}"} 13:27:25.232 request_id=FzdspaAnrA6cyv0APgVR [error] Elixir.Pleroma.Upload store (using Pleroma.Uploaders.Local) failed: "Elixir.Pleroma.Upload.Filter.Exiftool.StripLocation: %ErlangError{original: :enoent}" ``` # This fix solves this problem. Reviewed-on: #421 Co-authored-by: ihor <ikandreew@gmail.com> Co-committed-by: ihor <ikandreew@gmail.com>	2023-01-05 15:22:48 +00:00
FloatingGhost	336d06b2a8	Significantly tighten HTTP CSP	2023-01-02 15:21:19 +00:00
Pascal Schmid	eb1b9c4155	Fix PostgreSQL docs ... Without creating the directory manually and setting it as user home folder the commands afterwards won't be executable.	2023-01-02 13:12:54 +01:00
Pascal Schmid	fcce355112	Delete broken config example ... httpd won't start with the empty types block.	2023-01-02 13:12:20 +01:00
Pascal Schmid	ef1c68a8e9	Format docs	2023-01-02 13:12:17 +01:00
Pascal Schmid	d427c23e56	Use current package config	2023-01-02 12:56:49 +01:00
Pascal Schmid	769b5969a8	Update referenced OpenBSD version	2023-01-02 12:50:30 +01:00
FloatingGhost	57e51fe62c	Migrate Pleroma.Web to phoenix 1.6 formats	2023-01-02 03:29:02 +00:00
FloatingGhost	6a333ade7f	Fix task name for robotstxt ... Fixes #408	2023-01-01 18:54:08 +00:00
floatingghost	798d13d6e9	Merge pull request 'Use a genserver to periodically fetch metrics' (#413) from prom-leak into develop ... Reviewed-on: #413	2023-01-01 18:49:05 +00:00
FloatingGhost	6e646c4cbc	Use a genserver to periodically fetch metrics ... Ref https://github.com/beam-telemetry/telemetry_metrics_prometheus_core/issues/52	2023-01-01 18:32:14 +00:00
FloatingGhost	e03206a9a0	use postgres 15 in CI	2022-12-31 18:29:16 +00:00
floatingghost	6be3383a09	Merge pull request 'Add /api/v1/followed_tags' (#410) from followed-tags into develop ... Reviewed-on: #410	2022-12-31 18:29:09 +00:00
FloatingGhost	c4b46ca460	Add /api/v1/followed_tags	2022-12-31 18:09:34 +00:00
ilja	745e15468e	Use same context for quote posts as the post that's being quoted (#379) ... See #350 (comment) When making quotes through Mast-API, they will now have the same context as the quoted post. This also results in them being showed when fetching the thread. I checked Misskey to see how it's there, and they show the quotes there as well, see e.g. <https://mk.toast.cafe/notes/98u1g0tulg>. An example from Akkoma: Co-authored-by: ilja <git@ilja.space> Reviewed-on: #379 Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk> Co-authored-by: ilja <akkoma.dev@ilja.space> Co-committed-by: ilja <akkoma.dev@ilja.space>	2022-12-31 18:09:27 +00:00
FloatingGhost	b8f280b4b5	Rich media doesn't need to be a map	2022-12-31 03:53:52 +00:00
FloatingGhost	c8f2c4b638	add changelog entry for timeouts	2022-12-31 03:52:52 +00:00
FloatingGhost	bf7ff6a337	Put rich media processing in a Task	2022-12-30 20:11:53 +00:00
Sol Fisher Romanoff	1d884fd914	Correct og:description tag in static-fe	2022-12-30 07:14:54 +02:00
FloatingGhost	5d4c291d52	update references to pleroma in docs	2022-12-30 03:43:35 +00:00
timorl	bca1c43dcb	Add docs about emoji stealing (#364) ... I managed to steal some emoji, but I had to figure out the specifics the hard way. This should make it easier for future criminals. Feel fre