r3g_5z
f90552f62e
Drop XSS auditor
...
It's deprecated, removed in some, by all modern browsers and is known
to create XSS vulnerabilities in itself.
Signed-off-by: r3g_5z <june@terezi.dev>
2022-11-19 20:40:20 -05:00
0022fa7d49
Add same optimized join for excluding invisible users
2022-11-19 15:12:24 -05:00
11fc1beba5
Fix reports which do not have a user
...
The check for deactivated users was being applied to report activities.
2022-11-19 15:12:16 -05:00
e1e0d5d759
microblogpub federation fixes ( #288 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#288
2022-11-18 11:14:35 +00:00
2a1f17e3ed
and i yoink ( #275 )
...
Co-authored-by: Mark Felder <feld@feld.me>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#275
2022-11-14 15:07:26 +00:00
89dbc7177b
Chores for 2022.11
2022-11-11 16:12:04 +00:00
ac0c00cdee
Add media sources to connect-src if media proxy is enabled
2022-11-10 17:26:51 +00:00
bab1ab5b6c
strip \r and \r from content-disposition filenames
2022-11-10 11:54:12 +00:00
cc6a076202
Include requested_by in relationship ( #260 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#260
2022-11-10 03:16:32 +00:00
4e8ab0deeb
fix count of poll voters
2022-11-08 13:50:04 +00:00
479aacb1b6
Add fallback for reports that don't have attached activities
2022-11-08 11:01:47 +00:00
7bbaa8f8e0
automatically trim loading *. prefixes on domain blocks
2022-11-07 22:33:18 +00:00
31ad09010e
Fix regex usage in MRF ( #254 )
...
fixes #235
fixes #228
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#254
2022-11-06 23:50:32 +00:00
5123b3a5dd
Add enabled check on /translation/languages
2022-11-06 22:55:26 +00:00
b7e8ce2350
Scrape instance nodeinfo ( #251 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#251
2022-11-06 22:49:39 +00:00
4d0a51221a
Fix typo in CSP Report-To header name
...
The header name was Report-To, not Reply-To.
In any case, that's now being changed to the Reporting-Endpoints HTTP
Response Header.
https://w3c.github.io/reporting/#header
https://github.com/w3c/reporting/issues/177
CanIUse says the Report-To header is still supported by current Chrome
and friends.
https://caniuse.com/mdn-http_headers_report-to
It doesn't have any data for the Reporting-Endpoints HTTP header, but
this article says Chrome 96 supports it.
https://web.dev/reporting-api/
(Even though that's come out one year ago, that's not compatible with
Network Error Logging which's still using the Report-To version of the
API)
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 15:02:13 +01:00
9038da01cc
Merge pull request 'Push.Impl: support edits' ( #244 ) from norm/akkoma:push-support-edits into develop
...
Reviewed-on: AkkomaGang/akkoma#244
2022-11-01 15:14:08 +00:00
cbc693f832
Fix LDAP user registration ( #229 )
...
Simple fix for LDAP user registration. I'm not sure what changed but I managed to get Akkoma running in a debug session and figured out it was missing a match for an extra value at the end. I don't know Elixir all that well so I'm not sure if this was the correct way to do it... but it works. :)
Reviewed-on: AkkomaGang/akkoma#229
Co-authored-by: nullobsi <me@nullob.si>
Co-committed-by: nullobsi <me@nullob.si>
2022-11-01 14:17:55 +00:00
marcin mikołajczak
6486211064
Push.Impl: support edits
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-10-28 01:20:19 -04:00
f36d14818d
Unilateral remove from followers ( #232 )
...
from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3647/
Co-authored-by: marcin mikołajczak <git@mkljczk.pl>
Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#232
2022-10-19 10:01:14 +00:00
edf7d5089f
Merge pull request 'Check that the signature matches the creator' ( #230 ) from domain-blocks into develop
...
Reviewed-on: AkkomaGang/akkoma#230
2022-10-14 11:41:34 +00:00
03662501c3
Check that the signature matches the creator
2022-10-14 11:48:32 +01:00
856c57208b
Ensure deletes are handled after everything else
2022-10-11 14:30:08 +01:00
cb9b0d3720
optimise notifications query
2022-10-11 11:40:43 +01:00
ca9e6ffc55
Use inner lateral join to not get dropped in :total
2022-10-10 16:45:02 +01:00
574f010bc8
Extract deactivated users query to a join
2022-10-10 15:55:58 +01:00
c6e63aaf6b
Backend settings sync ( #226 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#226
2022-10-06 16:22:15 +00:00
561e1f2470
Make backups require its own scope ( #218 )
...
Pulled from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3721 .
This makes backups require its own scope (`read:backups`) instead of the `read:accounts` scope.
Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Reviewed-on: AkkomaGang/akkoma#218
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-09-19 17:31:35 +00:00
1acd38fe7f
OAuthPlug: use user cache instead of joining
...
As this plug is called on every request, this should reduce load on the
database by not requiring to select on the users table every single
time, and to instead use the by-ID user cache whenever possible.
2022-09-11 19:55:55 +01:00
8683252fc5
Metadata/Utils: use summary as description if set
...
When generating OpenGraph and TwitterCard metadata for a post, the
summary field will be used first if it is set to generate the post
description.
2022-09-11 19:55:38 +01:00
0b14f02ed2
User: generate private keys on user creation
...
This fixes a race condition bug where keys could be regenerated
post-federation, causing activities and HTTP signatures from an user to
be dropped due to key differences.
2022-09-11 19:54:37 +01:00
e88f36f72b
ObjectView: do not fetch an object for its ID
...
Non-Create/Listen activities had their associated object field
normalized and fetched, but only to use their `id` field, which is both
slow and redundant. This also failed on Undo activities, which delete
the associated object/activity in database.
Undo activities will now render properly and database loads should
improve ever so slightly.
2022-09-11 19:52:59 +01:00
a6d85003fe
Remote interaction with posts ( #198 )
...
Grabbed from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3587
Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Reviewed-on: AkkomaGang/akkoma#198
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-09-08 10:19:22 +00:00
2641dcdd15
Post editing ( #202 )
...
Rebased from #103
Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#202
2022-09-06 19:24:02 +00:00
6c80977b06
turn inlineQuotePolicy on by default
2022-09-05 17:22:33 +01:00
1c7d7845c3
fix compilation warnings
2022-09-05 00:39:32 +01:00
1b826eea54
Allow reacting with remote emoji when they exist on the post ( #200 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#200
2022-09-04 23:31:41 +00:00
8e4de118c1
Don't persist local undone follow ( #194 )
...
same deal but backwards this time
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#194
2022-08-31 18:00:36 +00:00
decbca0c91
add seperate source and dest entries in language listing ( #193 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#193
2022-08-30 16:59:33 +00:00
c3fde9577d
Allow listing languages, setting source language ( #192 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#192
2022-08-30 14:58:54 +00:00
df39cab9c1
Automatic status translation ( #187 )
...
Fixes #115
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#187
2022-08-29 19:42:22 +00:00
Tusooa Zhu
95e4018c1a
Disconnect streaming sessions when token is revoked
...
Use Websockex to replace websocket_client
Test that server will disconnect websocket upon token revocation
Lint
Execute session disconnect in background
Refactor streamer test
allow multi-streams
rebase websocket change
2022-08-27 19:07:48 +01:00
772c209914
GTS: cherry-picks and collection usage ( #186 )
...
https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3725?commit_id=61254111e59f02118cad15de49d1e0704c07030e
what is this, a yoink of a yoink? good times
Co-authored-by: Hélène <pleroma-dev@helene.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#186
2022-08-27 18:05:48 +00:00
85137f591f
Add ability to obfuscate domains in MRF transparency
2022-08-27 11:57:57 +01:00
e4f2251e0f
Add support for setting language in instance metadata ( #183 )
...
Reviewed-on: AkkomaGang/akkoma#183
2022-08-25 16:11:21 +00:00
618cf7ff7f
reuse valid oauth tokens ( #182 )
...
Reviewed-on: AkkomaGang/akkoma#182
2022-08-25 14:37:51 +00:00
8d7b63a766
Revert "Fix oauth2 (for real) ( #179 )"
...
This reverts commit aa681d7e15
.
2022-08-21 17:52:02 +01:00
aa681d7e15
Fix oauth2 (for real) ( #179 )
...
Reviewed-on: AkkomaGang/akkoma#179
2022-08-21 16:24:37 +00:00
b0130bfa7b
Revert "oauth2 fixes ( #177 )"
...
This reverts commit 429e2ac832
.
2022-08-21 16:22:15 +01:00
d72f9e39d9
add visibility check on quote ( #178 )
...
Reviewed-on: AkkomaGang/akkoma#178
2022-08-21 15:17:01 +00:00
429e2ac832
oauth2 fixes ( #177 )
...
Reviewed-on: AkkomaGang/akkoma#177
2022-08-21 14:46:52 +00:00
e9f1897cfd
parser MFM server-side ( #172 )
...
Reviewed-on: AkkomaGang/akkoma#172
2022-08-18 03:14:48 +00:00
aaf78e2b52
only put linked mfm in source ( #171 )
...
Reviewed-on: AkkomaGang/akkoma#171
2022-08-17 09:35:11 +00:00
11ec9daa5b
API compatibility with fedibird, frontend config ( #163 )
...
Reviewed-on: AkkomaGang/akkoma#163
2022-08-17 00:22:59 +00:00
55179d4214
set soapbox-fe v2 by default
...
fixes #157
2022-08-11 10:25:03 +01:00
5d23df84c9
Mix format
2022-08-07 20:49:56 +01:00
b3e4d81362
StatusView: implement pleroma.context field
...
This field replaces the now deprecated conversation_id field, and now
exposes the ActivityPub object `context` directly via the MastoAPI
instead of relying on StatusNet-era data concepts.
2022-08-07 20:48:08 +01:00
b9bb093600
StatusView: clear MSB on calculated conversation_id
...
This field seems to be a left-over from the StatusNet era.
If your application uses `pleroma.conversation_id`: this field is
deprecated.
It is currently stubbed instead by doing a CRC32 of the context, and
clearing the MSB to avoid overflow exceptions with signed integers on
the different clients using this field (Java/Kotlin code, mostly; see
Husky and probably other mobile clients.)
This should be removed in a future version of Pleroma. Pleroma-FE
currently depends on this field, as well.
2022-08-07 20:47:59 +01:00
62e179f446
make conversation-id deterministic ( #154 )
...
Reviewed-on: AkkomaGang/akkoma#154
2022-08-06 20:59:15 +00:00
ec162b496b
/notice signing checks on redirect ( #150 )
...
Reviewed-on: AkkomaGang/akkoma#150
2022-08-05 19:31:32 +00:00
0ec3a11895
don't persist undo of follows ( #149 )
...
Reviewed-on: AkkomaGang/akkoma#149
2022-08-05 13:28:56 +00:00
c1e15ff6f8
Transmogrifier: fix reply context fixing
...
Incoming Pleroma replies to a Misskey thread were rejected due to a
broken context fix, which caused them to not be visible until a
non-Pleroma user interacted with the replies.
This fix properly sets the post-fix object context to its parent Create
activity as well, if it was changed.
2022-08-04 12:57:48 +01:00
c9600dbbbf
local-only-fixed ( #138 )
...
Reviewed-on: AkkomaGang/akkoma#138
2022-08-02 14:46:46 +00:00
ca000f8301
Merge mrf_simple-reject with quarantine ( #137 )
...
Reviewed-on: AkkomaGang/akkoma#137
2022-08-02 14:19:24 +00:00
e26388a01c
Support reaching user@sub.domain.tld at user@domain.tld ( #134 )
...
Reviewed-on: AkkomaGang/akkoma#134
Co-authored-by: Joel Beckmeyer <joel@beckmeyer.us>
Co-committed-by: Joel Beckmeyer <joel@beckmeyer.us>
2022-08-02 13:54:22 +00:00
c3eea8dc7d
expose bubble instances via nodeinfo ( #136 )
...
Reviewed-on: AkkomaGang/akkoma#136
2022-08-02 09:11:22 +00:00
19a27ff006
allow small/center tags in misskeymarkdown ( #132 )
...
Reviewed-on: AkkomaGang/akkoma#132
2022-08-01 12:46:52 +00:00
38659e5610
Use uppercase HTTP HEAD method for media preview proxy request ( #128 )
...
Reviewed-on: AkkomaGang/akkoma#128
Co-authored-by: Yukkuri <iamtakingiteasy@eientei.org>
Co-committed-by: Yukkuri <iamtakingiteasy@eientei.org>
2022-07-30 21:58:14 +00:00
db99edacfe
do the same for soapbox
2022-07-29 10:10:12 +01:00
4f6caae209
ensure we can't run the same clause of fix_quote_url more than once
2022-07-29 10:08:40 +01:00
bf3f934275
add guards around fix misskey content
2022-07-29 10:04:04 +01:00
405406601f
Fix emoji qualification ( #124 )
...
Reviewed-on: AkkomaGang/akkoma#124
2022-07-28 12:02:36 +00:00
2796a9acaf
backend-i18n ( #121 )
...
Reviewed-on: AkkomaGang/akkoma#121
2022-07-27 21:56:59 +00:00
645f0390bc
Prepare for ubuntu22 murdering openssl ( #120 )
...
Reviewed-on: AkkomaGang/akkoma#120
2022-07-27 21:48:13 +00:00
a3501cab86
ensure quote fetching obeys max thread distance ( #119 )
...
Reviewed-on: AkkomaGang/akkoma#119
2022-07-26 17:28:47 +00:00
0a55c37182
don't error out if the featured collection has a string ID
2022-07-26 15:08:35 +01:00
1f6deb0ef4
include local instance in bubble timeline ( #117 )
...
Reviewed-on: AkkomaGang/akkoma#117
2022-07-26 12:22:49 +00:00
90c4785b89
remove public post quarantine exception ( #114 )
...
Reviewed-on: AkkomaGang/akkoma#114
2022-07-26 11:09:13 +00:00
1419eee5df
Quote posting ( #113 )
...
Reviewed-on: AkkomaGang/akkoma#113
2022-07-25 16:30:06 +00:00
cb6e7359af
add bubble timeline ( #100 )
...
Reviewed-on: AkkomaGang/akkoma#100
2022-07-22 14:55:38 +00:00
0c542e58aa
Remove instrumentors ( #98 )
...
Reviewed-on: AkkomaGang/akkoma#98
2022-07-21 11:32:17 +00:00
0f132b802d
purge chat and shout endpoints
2022-07-21 11:29:28 +01:00
07ea4d73e1
update mastofe paths ( #95 )
...
Reviewed-on: AkkomaGang/akkoma#95
2022-07-20 20:13:50 +00:00
3b8bf8464f
update features array
2022-07-20 15:43:41 +01:00
729f45ccd2
purge ldap authenticator ( #92 )
...
Reviewed-on: AkkomaGang/akkoma#92
2022-07-20 12:49:13 +00:00
dc9f66749c
remove all endpoints marked as deprecated ( #91 )
...
Reviewed-on: AkkomaGang/akkoma#91
2022-07-20 12:00:58 +00:00
cf0ad02ea9
Remove scrobbling support
2022-07-19 15:07:45 +01:00
54ed8760ff
Merge branch 'from/upstream-develop/tusooa/server-announcements' into 'develop' ( #85 )
...
Reviewed-on: AkkomaGang/akkoma#85
2022-07-18 13:08:36 +00:00
5b4d77eaa7
maintenance: dependency upgrade ( #81 )
...
Reviewed-on: AkkomaGang/akkoma#81
2022-07-18 00:56:35 +00:00
d598c7a834
remove anonymous function from plug
2022-07-14 11:17:14 +01:00
4aee900ae8
fix compilation
2022-07-14 10:48:27 +01:00
37ae047e16
Add swaggerUI options ( #66 )
...
Reviewed-on: AkkomaGang/akkoma#66
2022-07-13 15:09:35 +00:00
Tusooa Zhu
4c5bc3e9f7
Pass remote follow avatar into media proxy
2022-07-12 15:44:38 -04:00
8215434c65
also resolve @full@tags in mfm ( #62 )
...
Reviewed-on: AkkomaGang/akkoma#62
2022-07-11 13:48:43 +00:00
ff6c8455fb
[ #58 ] ensure all users are linked in MFM content ( #61 )
...
Reviewed-on: AkkomaGang/akkoma#61
2022-07-11 11:48:29 +00:00
5ad256f170
[ #58 ] pre-link MFM content ( #59 )
...
Reviewed-on: AkkomaGang/akkoma#59
2022-07-10 17:06:25 +00:00
82fa766ed7
Remove precompiled javascript ( #55 )
...
Reviewed-on: AkkomaGang/akkoma#55
2022-07-08 13:03:18 +00:00
bc6bfe383f
Add configurable theme color ( #53 )
...
Reviewed-on: AkkomaGang/akkoma#53
2022-07-06 20:00:43 +00:00
364b6969eb
Use finch everywhere ( #33 )
...
Reviewed-on: AkkomaGang/akkoma#33
2022-07-04 16:30:38 +00:00
sfr
058bf96798
implement Move activities ( #45 )
...
Reviewed-on: AkkomaGang/akkoma#45
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2022-07-04 16:29:39 +00:00