FoundKeyGang/FoundKey
FoundKeyGang
/
FoundKey
7
19
Fork 22
Code Issues 37 Pull Requests 4 Releases Activity

WIP: Secure mode #31

Closed
norm wants to merge 21 commits from (deleted):feat/secure-fetch into main
pull from: (deleted):feat/secure-fetch
merge into: FoundKeyGang:main
Conversation 9 Commits 21 Files Changed 88 +526 -34

21 Commits

Author SHA1 Message Date
Norm a1b50a5ba5
Set Cache-Control to 'no-store' in private/secure mode
ci/woodpecker/pr/lint-backend Pipeline was successful Details
ci/woodpecker/pr/build Pipeline was successful Details
ci/woodpecker/pr/lint-client Pipeline failed Details
ci/woodpecker/pr/test Pipeline failed Details
2022-08-11 10:06:33 -04:00
Norm ebc34ab09c
Merge branch 'main' into feat/secure-fetch
ci/woodpecker/pr/lint-backend Pipeline was successful Details
ci/woodpecker/pr/build Pipeline was successful Details
ci/woodpecker/pr/lint-client Pipeline failed Details
ci/woodpecker/pr/test Pipeline failed Details
2022-08-10 02:30:34 -04:00
Norm 429cb3ad7b
Remove check for signature in emoji fetch
ci/woodpecker/pr/build Pipeline was successful Details
ci/woodpecker/pr/lint-backend Pipeline was successful Details
ci/woodpecker/pr/lint-client Pipeline failed Details
ci/woodpecker/pr/test Pipeline failed Details
2022-08-01 00:00:35 -04:00
Norm e5595ca31c
Skip rendering private data in privateMode
ci/woodpecker/pr/lint-backend Pipeline was successful Details
ci/woodpecker/pr/build Pipeline was successful Details
ci/woodpecker/pr/lint-client Pipeline failed Details
ci/woodpecker/pr/test Pipeline failed Details 
This reverts commit cfd251d9dc.

Instead of adding a conditional in the Pug templates, just skip
rendering altogether on the affected routes.

From #31:
> I'm not really happy with how the pug templates have
> unless privatemode everywhere. I think it would make more sense to
> not render the template in the first place if you are in private
> mode? I think you should be able to just skip to next in the
> router as if you didn't find something.
 2022-07-31 23:57:38 -04:00
Norm cce01c9a70
security: combine save functions
ci/woodpecker/pr/build Pipeline was successful Details
ci/woodpecker/pr/lint-backend Pipeline was successful Details
ci/woodpecker/pr/lint-client Pipeline failed Details
ci/woodpecker/pr/test Pipeline failed Details
2022-07-31 22:59:21 -04:00
Norm 7485d8d360
Remove deprecated URLs
ci/woodpecker/pr/lint-backend Pipeline was successful Details
ci/woodpecker/pr/build Pipeline was successful Details
ci/woodpecker/pr/lint-client Pipeline failed Details
ci/woodpecker/pr/test Pipeline failed Details
2022-07-31 22:54:12 -04:00
Norm daa286e333 Merge branch 'main' into feat/secure-fetch
ci/woodpecker/pr/lint-backend Pipeline was successful Details
ci/woodpecker/pr/build Pipeline was successful Details
ci/woodpecker/pr/lint-client Pipeline failed Details
ci/woodpecker/pr/test Pipeline failed Details
2022-07-31 22:38:09 +00:00
Norm 5ffa80b27d
Merge remote-tracking branch 'upstream/main' into feat/secure-fetch 2022-07-31 18:34:37 -04:00
Norm 530c7bb5e1 Merge branch 'main' into feat/secure-fetch
ci/woodpecker/pr/lint-backend Pipeline was successful Details
ci/woodpecker/pr/build Pipeline was successful Details
ci/woodpecker/pr/lint-client Pipeline failed Details
ci/woodpecker/pr/test Pipeline failed Details
2022-07-30 23:00:05 +00:00
Norm 66df12df0a
Merge branch 'main' into feat/secure-fetch 2022-07-30 18:59:24 -04:00
Norm 4753b5058c
Translate/remove new comments 2022-07-30 18:59:04 -04:00
Norm c1547c9159 Merge branch 'main' into feat/secure-fetch
ci/woodpecker/pr/lint-backend Pipeline was successful Details
ci/woodpecker/pr/build Pipeline was successful Details
ci/woodpecker/pr/lint-client Pipeline failed Details
ci/woodpecker/pr/test Pipeline failed Details
2022-07-27 21:08:08 +00:00
Norm 55b2aebec4
Remove signToActivityPubGet option
ci/woodpecker/pr/lint-backend Pipeline was successful Details
ci/woodpecker/pr/build Pipeline was successful Details
ci/woodpecker/pr/lint-client Pipeline failed Details
ci/woodpecker/pr/test Pipeline failed Details 
Makes it so that all requests are signed, equivalent to
signToActivityPubGet always being true.
 2022-07-27 02:32:47 -04:00
Norm d27ab85e0f Merge branch 'main' into feat/secure-fetch
ci/woodpecker/pr/lint-backend Pipeline was successful Details
ci/woodpecker/pr/build Pipeline was successful Details
ci/woodpecker/pr/lint-client Pipeline failed Details
ci/woodpecker/pr/test Pipeline failed Details
2022-07-26 19:30:47 +00:00
Norm 664df9a163
Add en-US strings for secure mode 2022-07-26 00:14:28 -04:00
Norm b4582a829f
Fix linter errors 2022-07-26 00:14:28 -04:00
nullobsi cfd251d9dc
Hide private data in pug when private mode is enabled 2022-07-26 00:14:28 -04:00
nullobsi 126b7f4ad7
Add secure mode settings to Security tab 2022-07-26 00:14:28 -04:00
nullobsi 7dc19b861d
In private mode, block access to many public APIs 2022-07-26 00:14:28 -04:00
nullobsi ecf9682747
Add Secure Mode and Private Mode 
- Add instance actor
- Add private mode, which uses an allowlist
- Add Secure Mode, restricts access to blocked instances
 2022-07-26 00:14:28 -04:00
nullobsi faa8f4ccf0
Add migration for allowedHosts, secureMode, privateMode 2022-07-26 00:14:28 -04:00