From 063e3c0d34669bc9bf0ab9ee70e78e6311e191e8 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Tue, 15 Aug 2023 23:12:04 +0100 Subject: [PATCH 1/7] Disallow nil hosts in should_federate --- CHANGELOG.md | 1 + lib/pleroma/web/activity_pub/publisher.ex | 6 +++++- test/pleroma/web/activity_pub/publisher_test.exs | 7 +++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a0b7fcf79..71949e2e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Fixed - Documentation issue in which a non-existing nginx file was referenced +- Issue where a bad inbox URL could break federation ## 2023.08 diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index 3071c1b77..20004c4fa 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -115,13 +115,17 @@ defp allowed_instances do def should_federate?(url) do %{host: host} = URI.parse(url) - with allowed <- allowed_instances(), + with {:nil, false} <- {:nil, is_nil(host)}, + allowed <- allowed_instances(), false <- Enum.empty?(allowed) do allowed |> Pleroma.Web.ActivityPub.MRF.instance_list_from_tuples() |> Pleroma.Web.ActivityPub.MRF.subdomains_regex() |> Pleroma.Web.ActivityPub.MRF.subdomain_match?(host) else + # oi! + {:nil, true} -> + false _ -> quarantined_instances = blocked_instances() diff --git a/test/pleroma/web/activity_pub/publisher_test.exs b/test/pleroma/web/activity_pub/publisher_test.exs index d993ab1d4..87930b7b1 100644 --- a/test/pleroma/web/activity_pub/publisher_test.exs +++ b/test/pleroma/web/activity_pub/publisher_test.exs @@ -487,4 +487,11 @@ test "publish to url with with different ports" do ) end end + + describe "should_federate/1" do + test "should not obliterate itself if the inbox URL is bad" do + url = "/inbox" + refute Pleroma.Web.ActivityPub.Publisher.should_federate?(url) + end + end end From f3cc60b202c398275153a812b091f8b7c1e32015 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Tue, 15 Aug 2023 23:23:59 +0100 Subject: [PATCH 2/7] INBOX NEEDS TO BE A FULL URL YOU IDIOT AM BAKA I SHOULD JUST COMMIT SUDOKU RIGHT NOW --- lib/pleroma/web/activity_pub/views/user_view.ex | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 82b59c47f..558024d42 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -23,11 +23,11 @@ def render("endpoints.json", %{user: %User{nickname: nil, local: true} = _user}) def render("endpoints.json", %{user: %User{local: true} = _user}) do %{ - "oauthAuthorizationEndpoint" => ~p"/oauth/authorize", - "oauthRegistrationEndpoint" => ~p"/api/v1/apps", - "oauthTokenEndpoint" => ~p"/oauth/token", - "sharedInbox" => ~p"/inbox", - "uploadMedia" => ~p"/api/ap/upload_media" + "oauthAuthorizationEndpoint" => url(~p"/oauth/authorize"), + "oauthRegistrationEndpoint" => url(~p"/api/v1/apps"), + "oauthTokenEndpoint" => url(~p"/oauth/token"), + "sharedInbox" => url(~p"/inbox"), + "uploadMedia" => url(~p"/api/ap/upload_media") } end From 9bc0345e5776144374161949de7be4e4e6300932 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Tue, 15 Aug 2023 23:26:08 +0100 Subject: [PATCH 3/7] AND THAT ONE TOO AND ALL --- lib/pleroma/web/activity_pub/views/user_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 558024d42..d58e28c9f 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -18,7 +18,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do import Ecto.Query def render("endpoints.json", %{user: %User{nickname: nil, local: true} = _user}) do - %{"sharedInbox" => ~p"/inbox"} + %{"sharedInbox" => url(~p"/inbox")} end def render("endpoints.json", %{user: %User{local: true} = _user}) do From 98f0820ca455d6adfd7a742ade5a6fcdce0c1c96 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Tue, 15 Aug 2023 23:26:22 +0100 Subject: [PATCH 4/7] MIX FORMAT --- lib/pleroma/web/activity_pub/publisher.ex | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index 20004c4fa..4fe394be6 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -115,7 +115,7 @@ defp allowed_instances do def should_federate?(url) do %{host: host} = URI.parse(url) - with {:nil, false} <- {:nil, is_nil(host)}, + with {nil, false} <- {nil, is_nil(host)}, allowed <- allowed_instances(), false <- Enum.empty?(allowed) do allowed @@ -124,8 +124,9 @@ def should_federate?(url) do |> Pleroma.Web.ActivityPub.MRF.subdomain_match?(host) else # oi! - {:nil, true} -> + {nil, true} -> false + _ -> quarantined_instances = blocked_instances() From 6139c3346d9495c58b67c01447af6344488a0c4b Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Wed, 16 Aug 2023 22:49:23 +0100 Subject: [PATCH 5/7] Add extra rollbacks to pleroma develop --- docs/docs/installation/migrating_to_akkoma.md | 2 +- .../20230422154018_drop_unused_indexes.exs | 74 +++++++++++++++++++ .../20230306112859_instances_add_metadata.exs | 15 ++++ .../20230504173400_remove_user_ap_enabled.exs | 9 +++ 4 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 priv/repo/optional_migrations/20230422154018_drop_unused_indexes.exs create mode 100644 priv/repo/optional_migrations/pleroma_develop_rollbacks/20230306112859_instances_add_metadata.exs create mode 100644 priv/repo/optional_migrations/pleroma_develop_rollbacks/20230504173400_remove_user_ap_enabled.exs diff --git a/docs/docs/installation/migrating_to_akkoma.md b/docs/docs/installation/migrating_to_akkoma.md index 4a58e836e..9c30d9586 100644 --- a/docs/docs/installation/migrating_to_akkoma.md +++ b/docs/docs/installation/migrating_to_akkoma.md @@ -40,7 +40,7 @@ If you are on pleroma develop, and have updated since 2022-08, you may have issu Please roll back the given migrations: ```bash -MIX_ENV=prod mix ecto.rollback --migrations-path priv/repo/optional_migrations/pleroma_develop_rollbacks -n3 +MIX_ENV=prod mix ecto.rollback --migrations-path priv/repo/optional_migrations/pleroma_develop_rollbacks -n5 ``` Then compile, migrate and restart as usual. diff --git a/priv/repo/optional_migrations/20230422154018_drop_unused_indexes.exs b/priv/repo/optional_migrations/20230422154018_drop_unused_indexes.exs new file mode 100644 index 000000000..d8acb1034 --- /dev/null +++ b/priv/repo/optional_migrations/20230422154018_drop_unused_indexes.exs @@ -0,0 +1,74 @@ +defmodule Pleroma.Repo.Migrations.DropUnusedIndexes do + use Ecto.Migration + + @disable_ddl_transaction true + + @disable_migration_lock true + + def up do + drop_if_exists( + index(:activities, ["(data->>'actor')", "inserted_at desc"], name: :activities_actor_index) + ) + + drop_if_exists(index(:activities, ["(data->'to')"], name: :activities_to_index)) + + drop_if_exists(index(:activities, ["(data->'cc')"], name: :activities_cc_index)) + + drop_if_exists(index(:activities, ["(split_part(actor, '/', 3))"], name: :activities_hosts)) + + drop_if_exists( + index(:activities, ["(data->'object'->>'inReplyTo')"], name: :activities_in_reply_to) + ) + + drop_if_exists( + index(:activities, ["((data #> '{\"object\",\"likes\"}'))"], name: :activities_likes) + ) + end + + def down do + create_if_not_exists( + index(:activities, ["(data->>'actor')", "inserted_at desc"], + name: :activities_actor_index, + concurrently: true + ) + ) + + create_if_not_exists( + index(:activities, ["(data->'to')"], + name: :activities_to_index, + using: :gin, + concurrently: true + ) + ) + + create_if_not_exists( + index(:activities, ["(data->'cc')"], + name: :activities_cc_index, + using: :gin, + concurrently: true + ) + ) + + create_if_not_exists( + index(:activities, ["(split_part(actor, '/', 3))"], + name: :activities_hosts, + concurrently: true + ) + ) + + create_if_not_exists( + index(:activities, ["(data->'object'->>'inReplyTo')"], + name: :activities_in_reply_to, + concurrently: true + ) + ) + + create_if_not_exists( + index(:activities, ["((data #> '{\"object\",\"likes\"}'))"], + name: :activities_likes, + using: :gin, + concurrently: true + ) + ) + end +end diff --git a/priv/repo/optional_migrations/pleroma_develop_rollbacks/20230306112859_instances_add_metadata.exs b/priv/repo/optional_migrations/pleroma_develop_rollbacks/20230306112859_instances_add_metadata.exs new file mode 100644 index 000000000..ab8ac83a0 --- /dev/null +++ b/priv/repo/optional_migrations/pleroma_develop_rollbacks/20230306112859_instances_add_metadata.exs @@ -0,0 +1,15 @@ +defmodule Pleroma.Repo.Migrations.InstancesAddMetadata do + use Ecto.Migration + + def down do + alter table(:instances) do + remove_if_exists(:metadata, :map) + end + end + + def up do + alter table(:instances) do + add_if_not_exists(:metadata, :map) + end + end +end diff --git a/priv/repo/optional_migrations/pleroma_develop_rollbacks/20230504173400_remove_user_ap_enabled.exs b/priv/repo/optional_migrations/pleroma_develop_rollbacks/20230504173400_remove_user_ap_enabled.exs new file mode 100644 index 000000000..d00bfd725 --- /dev/null +++ b/priv/repo/optional_migrations/pleroma_develop_rollbacks/20230504173400_remove_user_ap_enabled.exs @@ -0,0 +1,9 @@ +defmodule Pleroma.Repo.Migrations.RemoveUserApEnabled do + use Ecto.Migration + + def change do + alter table(:users) do + remove(:ap_enabled, :boolean, default: false, null: false) + end + end +end From f7ea0a124811fe1475ec43fa463a736c7a5ba20b Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Wed, 16 Aug 2023 23:01:02 +0100 Subject: [PATCH 6/7] bump OTP required --- docs/docs/installation/generic_dependencies.include | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/installation/generic_dependencies.include b/docs/docs/installation/generic_dependencies.include index d8cf9f9da..b23736d85 100644 --- a/docs/docs/installation/generic_dependencies.include +++ b/docs/docs/installation/generic_dependencies.include @@ -2,7 +2,7 @@ * PostgreSQL 9.6+ * Elixir 1.14+ -* Erlang OTP 24+ +* Erlang OTP 25+ * git * file / libmagic * gcc (clang might also work) From 5c164028cf7e45811ddcf8b9cfd3dcab56717827 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Wed, 16 Aug 2023 23:11:36 +0100 Subject: [PATCH 7/7] ensure ap_enabled true if coming back pleroma --- .../20230504173400_remove_user_ap_enabled.exs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/priv/repo/optional_migrations/pleroma_develop_rollbacks/20230504173400_remove_user_ap_enabled.exs b/priv/repo/optional_migrations/pleroma_develop_rollbacks/20230504173400_remove_user_ap_enabled.exs index d00bfd725..f399d9fd7 100644 --- a/priv/repo/optional_migrations/pleroma_develop_rollbacks/20230504173400_remove_user_ap_enabled.exs +++ b/priv/repo/optional_migrations/pleroma_develop_rollbacks/20230504173400_remove_user_ap_enabled.exs @@ -1,9 +1,15 @@ defmodule Pleroma.Repo.Migrations.RemoveUserApEnabled do use Ecto.Migration - def change do + def up do alter table(:users) do - remove(:ap_enabled, :boolean, default: false, null: false) + remove_if_exists(:ap_enabled, :boolean) + end + end + + def down do + alter table(:users) do + add_if_not_exists(:ap_enabled, :boolean, default: true, null: false) end end end