Commit graph

5584 commits

Author SHA1 Message Date
sfr
7c4b415929 static-fe overhaul ()
makes static-fe look more like pleroma-fe, with the stylesheets matching pleroma-dark and pleroma-light based on `prefers-color-scheme`.

- [x] navbar
- [x] about sidebar
- [x] background image
- [x] statuses
  - [x] "reply to" or "edited" tags
- [x] accounts
  - [x] show more / show less
  - [x] posts / with replies / media / followers / following
    - [x] followers/following would require user card snippets
  - [x] admin/bot indicators
- [x] attachments
  - [x] nsfw attachments
- [x] fontawesome icons
- [x] clean up and sort css
- [x] add pleroma-light
- [x] replace hardcoded strings

also i forgot
- [x] repeated headers

how it looks + sneak peek at statuses:
![](https://akkoma.dev/attachments/c0d3a025-6987-4630-8eb9-5f4db6858359)

Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: 
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2022-12-07 11:20:53 +00:00
b058df3faa Allow dashes in domain name search 2022-12-06 10:57:10 +00:00
d55de5debf Remerge of hashtag following ()
this time with less idiot

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-12-05 12:58:48 +00:00
ec6bf8c3f7 revert 4a94c9a31e
revert Add ability to follow hashtags ()

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-12-04 20:04:09 +00:00
4a94c9a31e Add ability to follow hashtags ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-12-04 17:36:59 +00:00
6b882a2c0b Purge Rejected Follow requests in daily task ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-12-03 23:17:43 +00:00
8d6cc6cb65 Resolve follow activity from accept/reject without ID ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-12-02 11:12:37 +00:00
db60640c5b Fixing up deletes a bit ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-12-01 15:00:53 +00:00
0cfd5b4e89 Add ability to set a default post expiry ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-11-28 13:34:54 +00:00
ee7059c9cf Spin off imports into n oban jobs 2022-11-27 21:45:41 +00:00
5bb95256ee weirdly no, images should not have classes 2022-11-26 21:15:10 +00:00
c379618b34 Add tests, changelog entry 2022-11-26 20:52:49 +00:00
e3085c495c fix tests broken by relay defaults changing ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-11-26 20:45:47 +00:00
a90c45b7e9 Add Signed Fetch Statistics ()
Close .

Notes:
 - This patch was made on top of Pleroma develop, so I created a separate cachex worker for request signature actions, instead of Akkoma's instance cache. If that is a merge blocker, I can attempt to move logic around for that.
 - Regarding the `has_request_signatures: true -> false` state transition: I think that is a higher level thing (resetting instance state on new instance actor key) which is separate from the changes relevant to this one.

Co-authored-by: Luna <git@l4.pm>
Reviewed-on: 
Co-authored-by: @luna@f.l4.pm <akkoma@l4.pm>
Co-committed-by: @luna@f.l4.pm <akkoma@l4.pm>
2022-11-26 19:22:56 +00:00
2fe1484ed3 http timeout config ()
Ref https://meta.akkoma.dev/t/increase-timeout-on-libretranslate-request-how/156/2

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-11-24 12:27:16 +00:00
ave
1c4ca20ff7 Change follow_operation schema to use type BooleanLike ()
Changes follow_operation schema to use BooleanLike instead of :boolean so that strings like "0" and "1" (used by mastodon.py) can be accepted. Rest of file uses the same. For more info please see https://git.pleroma.social/pleroma/pleroma/-/issues/2999

(I'm also sending this here as I'm not hopeful about upstream not ignoring  it)

Co-authored-by: ave <ave@ave.zone>
Reviewed-on: 
Co-authored-by: ave <ave@noreply.akkoma>
Co-committed-by: ave <ave@noreply.akkoma>
2022-11-24 11:27:01 +00:00
@r3g_5z@plem.sapphic.site
0e4c201f8d HTTP header improvements ()
- Drop Expect-CT

Expect-CT has been redundant since 2018 when Certificate Transparency became mandated and required for all CAs and browsers. This header is only implemented in Chrome and is now deprecated. HTTP header analysers do not check this anymore as this is enforced by default. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT

- Raise HSTS to 2 years and explicitly preload

The longer age for HSTS, the better. Header analysers prefer 2 years over 1 year now as free TLS is very common using Let's Encrypt.
For HSTS to be fully effective, you need to submit your root domain (domain.tld) to https://hstspreload.org. However, a requirement for this is the "preload" directive in Strict-Transport-Security. If you do not have "preload", it will reject your domain.

- Drop X-Download-Options

This is an IE8-era header when Adobe products used to use the IE engine for making outbound web requests to embed webpages in things like Adobe Acrobat (PDFs). Modern apps are using Microsoft Edge WebView2 or Chromium Embedded Framework. No modern browser checks or header analyser check for this.

- Set base-uri to 'none'

This is to specify the domain for relative links (`<base>` HTML tag). pleroma-fe does not use this and it's an incredibly niche tag.

I use all of these myself on my instance by rewriting the headers with zero problems. No breakage observed.

I have not compiled my Elixr changes, but I don't see why they'd break.

Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: 
Co-authored-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
2022-11-20 21:20:06 +00:00
e1e0d5d759 microblogpub federation fixes ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-11-18 11:14:35 +00:00
Haelwenn (lanodan) Monnier
3e0a5851e5 Set instance reachable on fetch 2022-11-15 17:23:47 +00:00
2a1f17e3ed and i yoink ()
Co-authored-by: Mark Felder <feld@feld.me>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-11-14 15:07:26 +00:00
c1127e321b Add configurable timeline per oban job ()
Heavily inspired by https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3777

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-11-13 23:55:51 +00:00
ac0c00cdee Add media sources to connect-src if media proxy is enabled 2022-11-10 17:26:51 +00:00
bab1ab5b6c strip \r and \r from content-disposition filenames 2022-11-10 11:54:12 +00:00
cc6a076202 Include requested_by in relationship ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-11-10 03:16:32 +00:00
479aacb1b6 Add fallback for reports that don't have attached activities 2022-11-08 11:01:47 +00:00
a0b8e3c842 Don't mess with the cache on metadata update 2022-11-08 10:39:01 +00:00
7bbaa8f8e0 automatically trim loading *. prefixes on domain blocks 2022-11-07 22:33:18 +00:00
31ad09010e Fix regex usage in MRF ()
fixes 
fixes 

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-11-06 23:50:32 +00:00
b7e8ce2350 Scrape instance nodeinfo ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-11-06 22:49:39 +00:00
ccdf55acff Fix instance name in email test 2022-11-04 18:42:12 +00:00
4d0a51221a
Fix typo in CSP Report-To header name
The header name was Report-To, not Reply-To.

In any case, that's now being changed to the Reporting-Endpoints HTTP
Response Header.
https://w3c.github.io/reporting/#header
https://github.com/w3c/reporting/issues/177

CanIUse says the Report-To header is still supported by current Chrome
and friends.
https://caniuse.com/mdn-http_headers_report-to

It doesn't have any data for the Reporting-Endpoints HTTP header, but
this article says Chrome 96 supports it.
https://web.dev/reporting-api/

(Even though that's come out one year ago, that's not compatible with
Network Error Logging which's still using the Report-To version of the
API)

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 15:02:13 +01:00
9038da01cc Merge pull request 'Push.Impl: support edits' () from norm/akkoma:push-support-edits into develop
Reviewed-on: 
2022-11-01 15:14:08 +00:00
e44e147b54 Merge pull request 'fix flaky test_user_relationship_test.exs:81' () from ilja/akkoma:fix_flaky_test_user_relationship_test.exs_81 into develop
Reviewed-on: 
2022-11-01 14:44:23 +00:00
d5bbc3eeb2 Merge pull request 'fix flaky test filter_controller_test.exs:200' () from ilja/akkoma:fix_flaky_filter_controller_test.exs_200 into develop
Reviewed-on: 
2022-11-01 14:42:43 +00:00
479542c692 Merge pull request 'fix flaky participation_test.exs' () from ilja/akkoma:fix_erratic_participation_test into develop
Reviewed-on: 
2022-11-01 14:37:06 +00:00
be5044f785 fix_flaky_transfer_task_test.exs ()
There were async calls happening, so they weren't always finished when assert happened.

I also fixed some bugs in the erratic tests that were introduced when removing :shout.:shout is a key where restart is needed, and was changed in the test to use :rate_limit (which also requires a restart). But there was a bug in the syntax that didn't get caught because the test was tagged as erratic and therefor didn't fail. Here I fixed it.

During compilation, we had a warning `:logger is used by the current application but the current application does not depend on :logger` which is now fixed as well (see commit message for complete stacktrace).

Co-authored-by: Ilja <ilja@ilja.space>
Reviewed-on: 
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-11-01 14:31:29 +00:00
f1dfd76b98 Fix rate_limiter_test.exs test "it restricts based on config values" ()
Fixes one of the 'erratic' tests

It used a timer to sleep.
But time also goes on when doing other things, so depending on hardware, the timings could be off.
I slightly changed the tests so we still test what we functionally want.
Instead of waiting until the cache expires I now have a function to expire the test and use that.

That means we're not testing any more if the cache really expires after a certain amount of time,
but that's the responsability of the dependency imo, so shouldn't be a problem.

I also changed `Pleroma.Web.Endpoint, :http, :ip` in the tests to `127.0.0.1`
Currently it was set to 8.8.8.8, but I see no reason for that and, while I assume that no calls
are made to it, it may come over as weird or suspicious to people.

Co-authored-by: Ilja <ilja@ilja.space>
Reviewed-on: 
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-11-01 14:25:54 +00:00
1bb8b76311 Fix tests in ldap registration 2022-11-01 14:21:35 +00:00
marcin mikołajczak
6486211064
Push.Impl: support edits
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-10-28 01:20:19 -04:00
ilja
3562eaeedc fix flaky test_user_relationship_test.exs:81
The problem was double. On the one hand, the function didn't actually return what was in the DB.
On the other hand the test was flaky because it used NaiveDateTime.utc_now() so test could fail or pass depending on a difference of microseconds.

Both are fixed now.
2022-10-23 13:31:01 +02:00
Ilja
a59d310982 fix flaky test filter_controller_test.exs:200 2022-10-23 13:07:02 +02:00
ilja
e6ceea3553 fix flaky participation_test.exs
It was tested if the updated_at after marking as "read" was equal as the updated_at at insertion, but that seems wrong.
Firstly, if a record is updated, you expect the updated_at to also update.
Secondly, the insert and update happen almost at the same time, so it's flaky regardless.

Here I make sure it has a much older updated_at during insert so we can clealy see the effect after update.
I also check that the updated_at is actually updated because I expect that this is the expected behaviour and it's also the current behaviour.
2022-10-23 12:33:31 +02:00
f36d14818d Unilateral remove from followers ()
from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3647/

Co-authored-by: marcin mikołajczak <git@mkljczk.pl>
Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-10-19 10:01:14 +00:00
edf7d5089f Merge pull request 'Check that the signature matches the creator' () from domain-blocks into develop
Reviewed-on: 
2022-10-14 11:41:34 +00:00
03662501c3 Check that the signature matches the creator 2022-10-14 11:48:32 +01:00
cb9b0d3720 optimise notifications query 2022-10-11 11:40:43 +01:00
c6e63aaf6b Backend settings sync ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-10-06 16:22:15 +00:00
b2aa82cee5 Fix false error in meilisearch index ()
the schema changed

https://docs.meilisearch.com/reference/api/documents.html#add-or-update-documents

this wasn't breaking anything, it would just report errors that were actually successes

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-09-20 10:36:21 +00:00
561e1f2470 Make backups require its own scope ()
Pulled from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3721.

This makes backups require its own scope (`read:backups`) instead of the `read:accounts` scope.

Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Reviewed-on: 
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-09-19 17:31:35 +00:00
77596a3021
User: search: exclude deactivated users from user search
This way we don't pollute search results with deactivated and deleted users
2022-09-15 21:21:06 -04:00
Tusooa Zhu
2aa8e66527 Fix User.get_or_fetch/1 with usernames starting with http 2022-09-11 20:29:05 +01:00
b4261b0335 Use set of pregenerated RSA keys
Randomness is a huge resource sink, so let's just use
a some that we made earlier
2022-09-11 20:14:58 +01:00
8683252fc5 Metadata/Utils: use summary as description if set
When generating OpenGraph and TwitterCard metadata for a post, the
summary field will be used first if it is set to generate the post
description.
2022-09-11 19:55:38 +01:00
0b14f02ed2 User: generate private keys on user creation
This fixes a race condition bug where keys could be regenerated
post-federation, causing activities and HTTP signatures from an user to
be dropped due to key differences.
2022-09-11 19:54:37 +01:00
e88f36f72b ObjectView: do not fetch an object for its ID
Non-Create/Listen activities had their associated object field
normalized and fetched, but only to use their `id` field, which is both
slow and redundant. This also failed on Undo activities, which delete
the associated object/activity in database.

Undo activities will now render properly and database loads should
improve ever so slightly.
2022-09-11 19:52:59 +01:00
a6d85003fe Remote interaction with posts ()
Grabbed from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3587

Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Reviewed-on: 
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-09-08 10:19:22 +00:00
2641dcdd15 Post editing ()
Rebased from 

Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-09-06 19:24:02 +00:00
6c80977b06 turn inlineQuotePolicy on by default 2022-09-05 17:22:33 +01:00
f6304cfd78 add extra tests for builder 2022-09-05 01:24:40 +01:00
1b826eea54 Allow reacting with remote emoji when they exist on the post ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-09-04 23:31:41 +00:00
7a90d71e8d ensure .exs config is used before default ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-09-02 22:05:39 +00:00
8e4de118c1 Don't persist local undone follow ()
same deal but backwards this time

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-08-31 18:00:36 +00:00
decbca0c91 add seperate source and dest entries in language listing ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-08-30 16:59:33 +00:00
c3fde9577d Allow listing languages, setting source language ()
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-08-30 14:58:54 +00:00
df39cab9c1 Automatic status translation ()
Fixes 

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-08-29 19:42:22 +00:00
Tusooa Zhu
95e4018c1a Disconnect streaming sessions when token is revoked
Use Websockex to replace websocket_client

Test that server will disconnect websocket upon token revocation

Lint

Execute session disconnect in background

Refactor streamer test

allow multi-streams

rebase websocket change
2022-08-27 19:07:48 +01:00
772c209914 GTS: cherry-picks and collection usage ()
https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3725?commit_id=61254111e59f02118cad15de49d1e0704c07030e

what is this, a yoink of a yoink? good times

Co-authored-by: Hélène <pleroma-dev@helene.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: 
2022-08-27 18:05:48 +00:00
85137f591f Add ability to obfuscate domains in MRF transparency 2022-08-27 11:57:57 +01:00
e4f2251e0f Add support for setting language in instance metadata ()
Reviewed-on: 
2022-08-25 16:11:21 +00:00
618cf7ff7f reuse valid oauth tokens ()
Reviewed-on: 
2022-08-25 14:37:51 +00:00
92ba2802fb generate-keys-at-registration-time ()
Reviewed-on: 
2022-08-24 14:36:33 +00:00
8d7b63a766 Revert "Fix oauth2 (for real) ()"
This reverts commit aa681d7e15.
2022-08-21 17:52:02 +01:00
aa681d7e15 Fix oauth2 (for real) ()
Reviewed-on: 
2022-08-21 16:24:37 +00:00
b0130bfa7b Revert "oauth2 fixes ()"
This reverts commit 429e2ac832.
2022-08-21 16:22:15 +01:00
d72f9e39d9 add visibility check on quote ()
Reviewed-on: 
2022-08-21 15:17:01 +00:00
429e2ac832 oauth2 fixes ()
Reviewed-on: 
2022-08-21 14:46:52 +00:00
e9f1897cfd parser MFM server-side ()
Reviewed-on: 
2022-08-18 03:14:48 +00:00
aaf78e2b52 only put linked mfm in source ()
Reviewed-on: 
2022-08-17 09:35:11 +00:00
11ec9daa5b API compatibility with fedibird, frontend config ()
Reviewed-on: 
2022-08-17 00:22:59 +00:00
37a1001b97 add finch outbound proxy support ()
Reviewed-on: 
2022-08-14 23:13:49 +00:00
967c325b0d fix tests 2022-08-11 19:21:43 +01:00
366889f97c remove default emoji file 2022-08-11 19:05:41 +01:00
1245141779 treat rejections in MRF as a reject in federator ()
Reviewed-on: 
2022-08-08 15:47:57 +00:00
b3e4d81362 StatusView: implement pleroma.context field
This field replaces the now deprecated conversation_id field, and now
exposes the ActivityPub object `context` directly via the MastoAPI
instead of relying on StatusNet-era data concepts.
2022-08-07 20:48:08 +01:00
b9bb093600 StatusView: clear MSB on calculated conversation_id
This field seems to be a left-over from the StatusNet era.
If your application uses `pleroma.conversation_id`: this field is
deprecated.

It is currently stubbed instead by doing a CRC32 of the context, and
clearing the MSB to avoid overflow exceptions with signed integers on
the different clients using this field (Java/Kotlin code, mostly; see
Husky and probably other mobile clients.)

This should be removed in a future version of Pleroma. Pleroma-FE
currently depends on this field, as well.
2022-08-07 20:47:59 +01:00
62e179f446 make conversation-id deterministic ()
Reviewed-on: 
2022-08-06 20:59:15 +00:00
ec162b496b /notice signing checks on redirect ()
Reviewed-on: 
2022-08-05 19:31:32 +00:00
0ec3a11895 don't persist undo of follows ()
Reviewed-on: 
2022-08-05 13:28:56 +00:00
c1e15ff6f8 Transmogrifier: fix reply context fixing
Incoming Pleroma replies to a Misskey thread were rejected due to a
broken context fix, which caused them to not be visible until a
non-Pleroma user interacted with the replies.

This fix properly sets the post-fix object context to its parent Create
activity as well, if it was changed.
2022-08-04 12:57:48 +01:00
456c97fda9 Merge pull request 'remove unneeded function' () from compile-fix into develop
Reviewed-on: 
2022-08-03 11:12:05 +00:00
359510eebc remove unneeded function 2022-08-03 11:50:48 +01:00
Tusooa Zhu
f08241c8ab
Allow users to create backups without providing email address
Ref: backup-without-email
2022-08-02 22:16:54 -04:00
c9600dbbbf local-only-fixed ()
Reviewed-on: 
2022-08-02 14:46:46 +00:00
ca000f8301 Merge mrf_simple-reject with quarantine ()
Reviewed-on: 
2022-08-02 14:19:24 +00:00
e26388a01c Support reaching user@sub.domain.tld at user@domain.tld ()
Reviewed-on: 
Co-authored-by: Joel Beckmeyer <joel@beckmeyer.us>
Co-committed-by: Joel Beckmeyer <joel@beckmeyer.us>
2022-08-02 13:54:22 +00:00
c3eea8dc7d expose bubble instances via nodeinfo ()
Reviewed-on: 
2022-08-02 09:11:22 +00:00
19a27ff006 allow small/center tags in misskeymarkdown ()
Reviewed-on: 
2022-08-01 12:46:52 +00:00
38659e5610 Use uppercase HTTP HEAD method for media preview proxy request ()
Reviewed-on: 
Co-authored-by: Yukkuri <iamtakingiteasy@eientei.org>
Co-committed-by: Yukkuri <iamtakingiteasy@eientei.org>
2022-07-30 21:58:14 +00:00
405406601f Fix emoji qualification ()
Reviewed-on: 
2022-07-28 12:02:36 +00:00
2796a9acaf backend-i18n ()
Reviewed-on: 
2022-07-27 21:56:59 +00:00