Purge Rejected Follow requests in daily task #334
5 changed files with 36 additions and 23 deletions
|
|
@ -691,8 +691,8 @@
|
||||||
key: :public,
|
key: :public,
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
description:
|
description:
|
||||||
"Makes the client API in authenticated mode-only except for user-profiles." <>
|
"Switching this on will allow unauthenticated users access to all public resources on your instance" <>
|
||||||
" Useful for disabling the Local Timeline and The Whole Known Network. " <>
|
" Switching it off is useful for disabling the Local Timeline and The Whole Known Network. " <>
|
||||||
" Note: when setting to `false`, please also check `:restrict_unauthenticated` setting."
|
" Note: when setting to `false`, please also check `:restrict_unauthenticated` setting."
|
||||||
},
|
},
|
||||||
%{
|
%{
|
||||||
|
|
@ -2998,8 +2998,7 @@
|
||||||
key: :restrict_unauthenticated,
|
key: :restrict_unauthenticated,
|
||||||
label: "Restrict Unauthenticated",
|
label: "Restrict Unauthenticated",
|
||||||
type: :group,
|
type: :group,
|
||||||
description:
|
description: "Disallow unauthenticated viewing of timelines, user profiles and statuses.",
|
||||||
"Disallow viewing timelines, user profiles and statuses for unauthenticated users.",
|
|
||||||
children: [
|
children: [
|
||||||
%{
|
%{
|
||||||
key: :timelines,
|
key: :timelines,
|
||||||
|
|
@ -3009,12 +3008,12 @@
|
||||||
%{
|
%{
|
||||||
key: :local,
|
key: :local,
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
description: "Disallow view public timeline."
|
description: "Disallow viewing the public timeline."
|
||||||
},
|
},
|
||||||
%{
|
%{
|
||||||
key: :federated,
|
key: :federated,
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
description: "Disallow view federated timeline."
|
description: "Disallow viewing the whole known network timeline."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
@ -3026,29 +3025,29 @@
|
||||||
%{
|
%{
|
||||||
key: :local,
|
key: :local,
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
description: "Disallow view local user profiles."
|
description: "Disallow viewing local user profiles."
|
||||||
},
|
},
|
||||||
%{
|
%{
|
||||||
key: :remote,
|
key: :remote,
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
description: "Disallow view remote user profiles."
|
description: "Disallow viewing remote user profiles."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
%{
|
%{
|
||||||
key: :activities,
|
key: :activities,
|
||||||
type: :map,
|
type: :map,
|
||||||
description: "Settings for statuses.",
|
description: "Settings for posts.",
|
||||||
children: [
|
children: [
|
||||||
%{
|
%{
|
||||||
key: :local,
|
key: :local,
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
description: "Disallow view local statuses."
|
description: "Disallow viewing local posts."
|
||||||
},
|
},
|
||||||
%{
|
%{
|
||||||
key: :remote,
|
key: :remote,
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
description: "Disallow view remote statuses."
|
description: "Disallow viewing remote posts."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -33,7 +33,8 @@ To add configuration to your config file, you can copy it from the base config.
|
||||||
* `federation_incoming_replies_max_depth`: Max. depth of reply-to activities fetching on incoming federation, to prevent out-of-memory situations while fetching very long threads. If set to `nil`, threads of any depth will be fetched. Lower this value if you experience out-of-memory crashes.
|
* `federation_incoming_replies_max_depth`: Max. depth of reply-to activities fetching on incoming federation, to prevent out-of-memory situations while fetching very long threads. If set to `nil`, threads of any depth will be fetched. Lower this value if you experience out-of-memory crashes.
|
||||||
* `federation_reachability_timeout_days`: Timeout (in days) of each external federation target being unreachable prior to pausing federating to it.
|
* `federation_reachability_timeout_days`: Timeout (in days) of each external federation target being unreachable prior to pausing federating to it.
|
||||||
* `allow_relay`: Permits remote instances to subscribe to all public posts of your instance. This may increase the visibility of your instance.
|
* `allow_relay`: Permits remote instances to subscribe to all public posts of your instance. This may increase the visibility of your instance.
|
||||||
* `public`: Makes the client API in authenticated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. Note that there is a dependent setting restricting or allowing unauthenticated access to specific resources, see `restrict_unauthenticated` for more details.
|
* `public`: Allows unauthenticated access to public resources on your instance. This is essentially used as the default value for `:restrict_unauthenticated`.
|
||||||
|
See `restrict_unauthenticated` for more details.
|
||||||
* `quarantined_instances`: *DEPRECATED* ActivityPub instances where activities will not be sent. They can still reach there via other means, we just won't send them.
|
* `quarantined_instances`: *DEPRECATED* ActivityPub instances where activities will not be sent. They can still reach there via other means, we just won't send them.
|
||||||
* `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML).
|
* `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML).
|
||||||
* `extended_nickname_format`: Set to `true` to use extended local nicknames format (allows underscores/dashes). This will break federation with
|
* `extended_nickname_format`: Set to `true` to use extended local nicknames format (allows underscores/dashes). This will break federation with
|
||||||
|
|
@ -1094,7 +1095,7 @@ config :pleroma, :database_config_whitelist, [
|
||||||
|
|
||||||
### :restrict_unauthenticated
|
### :restrict_unauthenticated
|
||||||
|
|
||||||
Restrict access for unauthenticated users to timelines (public and federated), user profiles and statuses.
|
Restrict access for unauthenticated users to timelines (public and federated), user profiles and posts.
|
||||||
|
|
||||||
* `timelines`: public and federated timelines
|
* `timelines`: public and federated timelines
|
||||||
* `local`: public timeline
|
* `local`: public timeline
|
||||||
|
|
@ -1102,13 +1103,24 @@ Restrict access for unauthenticated users to timelines (public and federated), u
|
||||||
* `profiles`: user profiles
|
* `profiles`: user profiles
|
||||||
* `local`
|
* `local`
|
||||||
* `remote`
|
* `remote`
|
||||||
* `activities`: statuses
|
* `activities`: posts
|
||||||
* `local`
|
* `local`
|
||||||
* `remote`
|
* `remote`
|
||||||
|
|
||||||
Note: when `:instance, :public` is set to `false`, all `:restrict_unauthenticated` items be effectively set to `true` by default. If you'd like to allow unauthenticated access to specific API endpoints on a private instance, please explicitly set `:restrict_unauthenticated` to non-default value in `config/prod.secret.exs`.
|
#### When :instance, :public is `true`
|
||||||
|
|
||||||
Note: setting `restrict_unauthenticated/timelines/local` to `true` has no practical sense if `restrict_unauthenticated/timelines/federated` is set to `false` (since local public activities will still be delivered to unauthenticated users as part of federated timeline).
|
When your instance is in "public" mode, all public resources (users, posts, timelines) are accessible to unauthenticated users.
|
||||||
|
|
||||||
|
Turning any of the `:restrict_unauthenticated` options to `true` will restrict access to the corresponding resources.
|
||||||
|
|
||||||
|
#### When :instance, :public is `false`
|
||||||
|
|
||||||
|
When `:instance, :public` is set to `false`, all of the `:restrict_unauthenticated` options will effectively be set to `true` by default,
|
||||||
|
meaning that only authenticated users will be able to access the corresponding resources.
|
||||||
|
|
||||||
|
If you'd like to allow unauthenticated access to specific resources, you can turn these settings to `false`.
|
||||||
|
|
||||||
|
**Note**: setting `restrict_unauthenticated/timelines/local` to `true` has no practical sense if `restrict_unauthenticated/timelines/federated` is set to `false` (since local public activities will still be delivered to unauthenticated users as part of federated timeline).
|
||||||
|
|
||||||
## Pleroma.Web.ApiSpec.CastAndValidate
|
## Pleroma.Web.ApiSpec.CastAndValidate
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,6 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AcceptRejectValidator do
|
||||||
use Ecto.Schema
|
use Ecto.Schema
|
||||||
|
|
||||||
alias Pleroma.Activity
|
alias Pleroma.Activity
|
||||||
alias Pleroma.Object
|
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
|
|
||||||
import Ecto.Changeset
|
import Ecto.Changeset
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,9 @@ def perform(_job) do
|
||||||
Logger.info("Pruning old deletes")
|
Logger.info("Pruning old deletes")
|
||||||
ActivityPruner.prune_deletes()
|
ActivityPruner.prune_deletes()
|
||||||
|
|
||||||
|
Logger.info("Pruning old follow requests")
|
||||||
|
ActivityPruner.prune_stale_follow_requests()
|
||||||
|
|
||||||
Logger.info("Pruning old undos")
|
Logger.info("Pruning old undos")
|
||||||
ActivityPruner.prune_undos()
|
ActivityPruner.prune_undos()
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue