Varied selection of Pleroma cherry-picks #567

Merged
floatingghost merged 20 commits from XxXCertifiedForkliftDriverXxX/akkoma:cherry-picks into develop 2023-07-27 12:53:57 +00:00
No description provided.
XxXCertifiedForkliftDriverXxX added 20 commits 2023-06-14 22:47:44 +00:00
`context` fields for objects and activities can now be generated based
on the object/activity `inReplyTo` field or its ActivityPub ID, as a
fallback method in cases where `context` fields are missing for incoming
activities and objects.
TwitterCard meta tags are supposed to use the attributes "name" and "content".
OpenGraph tags use the attributes "property" and "content".

Twitter itself is smart enough to detect broken meta tags and discover the TwitterCard
using "property" and "content", but other platforms that only implement parsing of TwitterCards
and not OpenGraph may fail to correctly detect the tags as they're under the wrong attributes.

> "Open Graph protocol also specifies the use of property and content attributes for markup while
> Twitter cards use name and content. Twitter’s parser will fall back to using property and content,
> so there is no need to modify existing Open Graph protocol markup if it already exists." [0]

[0] https://developer.twitter.com/en/docs/twitter-for-websites/cards/guides/getting-started
Set it to `inline` because the vast majority of what's sent is multimedia
content while `attachment` would have the side-effect of triggering a
download dialog.

Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3114
Enforce unauth restrictions for public streaming endpoints
Some checks failed
ci/woodpecker/pr/woodpecker Pipeline failed
c0a01e73cf
Contributor

I think it's better if these are split up into multiple PRs so that it's easier to review.

I think it's better if these are split up into multiple PRs so that it's easier to review.
Author
Contributor

Hello fellow developers,

Having completed the necessary training and certification for forklift operation, I am pleased to present a pull request that includes a series of commits aimed at improving the functionality and security of the Akkoma project.

The first commit in this pull request is all about making sure that threads are predictable when dealing with software like Misskey and Foundkey that don't provide a context field. As a certified forklift driver, I know how important it is to have predictability in your workflow, and this commit ensures that multiple Akkoma instances responding to the same post or thread will all end up in the same batch. Think of it like loading up a pallet onto a forklift - you want to make sure everything is organized and in its right place before you start moving it around. This patch will keep our threads nice and organized!

The second through sixth commits are all part of the same patch and they're all about improving how WebSocket streaming works for new posts, boosts, and other stuff. Basically, they make it so that local-only posts will only show up on the local timeline context, and boosts won't show up on public timelines anymore. This change makes the WebSocket behavior match what we already have in the REST API.

As a certified forklift driver, I can appreciate the importance of proper structure and organization, and the seventh commit is doing just that for the TwitterCard metadata. This is great news for services that don't support OpenGraph metadata or prefer TwitterCard metadata, as it means they'll now generate proper previews for links.

The eighth commit fixes an issue where approving a user when email confirmation is disabled could lead to errors. This is an important fix that will help ensure smooth sailing for users and keep things running smoothly.

The ninth commit corrects a field's type in the OpenAPI specification. As someone who's worked with OpenAPI before, I know how important it is to have accurate and up-to-date documentation, so I really appreciate this change. It might seem like a small detail, but it could make a big difference down the line when people are trying to use this API.

The tenth commit fixes a bug that was causing non-content notifications, like follow requests, to get blocked if there were word filters in place. As someone who's had to deal with pesky bugs like this before, I know how frustrating they can be!

As a certified forklift driver, I appreciate the importance of proper labeling and identification, and the eleventh and twelfth commits add support for creating rel="me" metadata from both user bio and profile fields, which should help improve the identification of users across different platforms.

As an experienced forklift operator with certification, I know that sometimes you need to take things one step at a time, and the thirteenth commit is a great example of that. It's a step towards solving akkoma-fe!319, and it adds support for the with_relationships query argument, which is a Pleroma extension to the Mastodon REST API that's been implemented across other similar REST endpoints. I think this will help improve the consistency and functionality of the codebase!

The fourteenth and fifteenth commits aim to address a bug related to duplicate options in polls, which cannot be properly represented in ActivityStreams2 Core/ActivityPub. These changes will ensure that polls are correctly displayed and avoid any potential issues with duplicate options. I believe that these changes will benefit the project and its users.

The sixteenth and seventeenth commits fix a pesky bug that was causing the Content-Disposition header to be malformed, which could lead to some serious browser and federation issues with Misskey. Trust me, you don't want to be dealing with those kinds of headaches!

The eighteenth commit fixes a bug that was preventing administrators from deleting posts made by banned users. That's a pretty important fix, if you ask me! We don't want any rogue posts hanging around causing trouble.

Finally, the nineteenth commit is a security fix. As a certified forklift driver, I know how important safety is in any operation, and this commit addresses a security issue. It's always a good practice to prioritize security, especially when dealing with sensitive data or user information.

Let me know if you have any questions or concerns about these changes. As a certified forklift driver, I'm always happy to help with any heavy lifting that might be needed!

Best regards,
XxXCertifiedForkliftDriverXxX

Hello fellow developers, Having completed the necessary training and certification for forklift operation, I am pleased to present a pull request that includes a series of commits aimed at improving the functionality and security of the Akkoma project. The first commit in this pull request is all about making sure that threads are predictable when dealing with software like Misskey and Foundkey that don't provide a `context` field. As a certified forklift driver, I know how important it is to have predictability in your workflow, and this commit ensures that multiple Akkoma instances responding to the same post or thread will all end up in the same batch. Think of it like loading up a pallet onto a forklift - you want to make sure everything is organized and in its right place before you start moving it around. This patch will keep our threads nice and organized! The second through sixth commits are all part of the same patch and they're all about improving how WebSocket streaming works for new posts, boosts, and other stuff. Basically, they make it so that local-only posts will only show up on the local timeline context, and boosts won't show up on public timelines anymore. This change makes the WebSocket behavior match what we already have in the REST API. As a certified forklift driver, I can appreciate the importance of proper structure and organization, and the seventh commit is doing just that for the TwitterCard metadata. This is great news for services that don't support OpenGraph metadata or prefer TwitterCard metadata, as it means they'll now generate proper previews for links. The eighth commit fixes an issue where approving a user when email confirmation is disabled could lead to errors. This is an important fix that will help ensure smooth sailing for users and keep things running smoothly. The ninth commit corrects a field's type in the OpenAPI specification. As someone who's worked with OpenAPI before, I know how important it is to have accurate and up-to-date documentation, so I really appreciate this change. It might seem like a small detail, but it could make a big difference down the line when people are trying to use this API. The tenth commit fixes a bug that was causing non-content notifications, like follow requests, to get blocked if there were word filters in place. As someone who's had to deal with pesky bugs like this before, I know how frustrating they can be! As a certified forklift driver, I appreciate the importance of proper labeling and identification, and the eleventh and twelfth commits add support for creating `rel="me"` metadata from both user bio and profile fields, which should help improve the identification of users across different platforms. As an experienced forklift operator with certification, I know that sometimes you need to take things one step at a time, and the thirteenth commit is a great example of that. It's a step towards solving akkoma-fe!319, and it adds support for the `with_relationships` query argument, which is a Pleroma extension to the Mastodon REST API that's been implemented across other similar REST endpoints. I think this will help improve the consistency and functionality of the codebase! The fourteenth and fifteenth commits aim to address a bug related to duplicate options in polls, which cannot be properly represented in ActivityStreams2 Core/ActivityPub. These changes will ensure that polls are correctly displayed and avoid any potential issues with duplicate options. I believe that these changes will benefit the project and its users. The sixteenth and seventeenth commits fix a pesky bug that was causing the `Content-Disposition` header to be malformed, which could lead to some serious browser and federation issues with Misskey. Trust me, you don't want to be dealing with those kinds of headaches! The eighteenth commit fixes a bug that was preventing administrators from deleting posts made by banned users. That's a pretty important fix, if you ask me! We don't want any rogue posts hanging around causing trouble. Finally, the nineteenth commit is a security fix. As a certified forklift driver, I know how important safety is in any operation, and this commit addresses a security issue. It's always a good practice to prioritize security, especially when dealing with sensitive data or user information. Let me know if you have any questions or concerns about these changes. As a certified forklift driver, I'm always happy to help with any heavy lifting that might be needed! Best regards, XxXCertifiedForkliftDriverXxX

im gonna need to take a while to actually look through this stuff

a lot

im gonna need to take a while to actually look through this stuff a lot

i've poked around, it all looks ok

in the future it may be easier to review in smaller chunks, but hey it's here now and it all works so shruggles

thank forklift

i've poked around, it all looks ok in the future it may be easier to review in smaller chunks, but hey it's here now and it all works so shruggles thank forklift
floatingghost merged commit 6db8ab7c94 into develop 2023-07-27 12:53:57 +00:00
floatingghost deleted branch cherry-picks 2023-07-27 12:53:57 +00:00
Sign in to join this conversation.
No description provided.