Commit graph

61 commits

Author SHA1 Message Date
0ec62acb9d Always insert Dedupe upload filter
This actually was already intended before to eradict all future
path-traversal-style exploits and to fix issues with some
characters like akkoma#610 in 0b2ec0ccee. However, Dedupe and
AnonymizeFilename got mixed up. The latter only anonymises the name
in Content-Disposition headers GET parameters (with link_name),
_not_ the upload path.

Even without Dedupe, the upload path is prefixed by an UUID,
so it _should_ already be hard to guess for attackers. But now
we actually can be sure no path shenanigangs occur, uploads
reliably work and save some disk space.

While this makes the final path predictable, this prediction is
not exploitable. Insertion of a back-reference to the upload
itself requires pulling off a successfull preimage attack against
SHA-256, which is deemed infeasible for the foreseeable futures.

Dedupe was already included in the default list in config.exs
since 28cfb2c37a, but this will get overridde by whatever the
config generated by the "pleroma.instance gen" task chose.

Upload+delete tests running in parallel using Dedupe might be flaky, but
this was already true before and needs its own commit to fix eventually.
2024-03-18 22:33:10 -01:00
fef773ca35 Drop media base_url default and recommend different domain
Same-domain setups enabled now at least two exploits,
so they ought to be discouraged and definitely not be the default.
2024-03-18 22:33:10 -01:00
Haelwenn (lanodan) Monnier
4f57c87be4
instance gen: Reduce permissions of pleroma directories and config files
Original: 69caedc591
2023-08-04 14:13:50 -04:00
07a48b9293 giant massive dep upgrade and dialyxir-found error emporium (#371)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#371
2022-12-14 12:38:48 +00:00
6b882a2c0b Purge Rejected Follow requests in daily task (#334)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#334
2022-12-03 23:17:43 +00:00
d2a185c013 Documentation updates for stable release (#73)
Reviewed-on: AkkomaGang/akkoma#73
2022-07-15 12:27:16 +00:00
7dfc3f3d0e Change default Postgres user/DB to akkoma 2022-07-12 12:41:30 -04:00
Alex Gleason
29d80b39f2
Add Phoenix LiveDashboard
Co-authored-by: Egor Kislitsyn <egor@kislitsyn.com>
2021-12-15 19:05:27 -05:00
aaceb042c5 fix format 2021-01-28 10:20:25 +00:00
1547a2fda4 mix: instance: ensure all needed folders are created before generating config 2021-01-28 09:39:53 +00:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
2021-01-13 07:49:50 +01:00
rinpatch
7133c0c5ea instance.gen: Warn that stripping exif requires exiftool
And default to no if it is not installed

Closes #2343
2020-12-12 20:38:51 +03:00
rinpatch
6aece536eb instance.gen task: Only show files which will be actually overwritten 2020-12-12 20:35:38 +03:00
Haelwenn (lanodan) Monnier
e2f573d68b
pleroma.instance: Fix Exiftool module name 2020-11-14 22:31:01 +01:00
rinpatch
cc45c69fff Remove release_env
While taking a final look at instance.gen before releasing I noticed
that the release_env task outputs messages in broken english. Upon
further inspection it seems to have even more severe issues which, in
my opinion, warrant it's at least temporary removal:
- We do not explain what it actually does, anywhere. Neither the task
 docs nor instance.gen, nor installation instructions.
- It does not respect FHS on OTP releases (uses /opt/pleroma/config even
 though we store the config in /etc/pleroma/config.exs).
- It doesn't work on OTP releases, which is the main reason it exists.
Neither systemd nor openrc service files for OTP include it.
- It is not mentioned in install guides other than the ones for Debian
and OTP releases.
2020-11-08 11:56:09 +03:00
Maksim Pechnikov
2030ffd490 fix test 2020-10-15 22:31:52 +03:00
Maksim Pechnikov
cf53e300f8 added generate the release env to pleroma.instance gen 2020-10-15 22:31:00 +03:00
Mark Felder
6c61ef14c3 Support enabling upload filters during instance gen 2020-10-12 11:19:48 -05:00
Mark Felder
d23804f191 Use the Pleroma.Config alias 2020-07-09 10:53:51 -05:00
Maksim Pechnikov
c96f425cb0 fixed mix pleroma.instance gen 2020-05-20 21:30:41 +03:00
Haelwenn (lanodan) Monnier
6da6540036
Bump copyright years of files changed after 2020-01-07
Done via the following command:
git diff fcd5dd259a --stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02 06:08:45 +01:00
rinpatch
3bbfebd1c2 instance.gen task: make example instance name less confusing
See https://git.pleroma.social/pleroma/pleroma/merge_requests/2245#note_52217
2020-02-26 00:32:34 +03:00
rinpatch
359faa8645 instance.gen task: remind to transfer the config to the database after
migrations
2020-02-25 22:13:08 +03:00
rinpatch
cfa28dee32 instance.gen task: make instance name default to the domain 2020-02-25 21:59:37 +03:00
rinpatch
5e4fe0e8f7 instance.gen task: fix crash when using custom static directory
Closes #1082
2020-02-24 23:42:24 +03:00
rinpatch
e00403af23 Mix tasks: derive moduledoc from doc files 2019-10-03 14:00:23 +03:00
rinpatch
6435ba83cd Move instance CLI task docs to a text file 2019-10-03 09:06:06 +03:00
Haelwenn (lanodan) Monnier
447514dfa2
Bump copyright years of files changed in 2019
Done via the following command:
git diff 1e6c102bfc --stat --name-only | cat - | xargs sed -i 's/2017-2018 Pleroma Authors/2017-2019 Pleroma Authors/'
2019-09-18 23:21:11 +02:00
Roman Chvanikov
eae991b06a merge develop 2019-07-12 18:08:27 +03:00
Sachin Joshi
6d0ae264fc add listener port and ip option for 'pleroma.instance gen' and enable its test 2019-07-10 01:46:49 +05:45
Roman Chvanikov
371d39e160 Merge develop 2019-07-09 21:21:09 +03:00
Haelwenn (lanodan) Monnier
977c2d0448
tasks/pleroma/instance.ex: Change :upload_dir to :uploads_dir
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1058
2019-07-05 06:19:27 +02:00
Roman Chvanikov
657277ffc0 Resolve conflicts 2019-06-29 00:52:50 +03:00
lain
2286f62a36 Merge branch 'release-docs' into 'develop'
Docs on OTP releases

See merge request pleroma/pleroma!1315
2019-06-28 15:26:09 +00:00
rinpatch
3ac5ecbac1 Support RUM indexes in the config generator 2019-06-22 12:54:16 +03:00
rinpatch
ee4e7c6570 Remove the getting started steps from pleroma.instance gen task
They are not compatible with every platform, different for OTP releases
and may become outdated. We are better off just telling people to refer
to the installation guides for their particular platform
2019-06-22 02:07:05 +03:00
rinpatch
452d5d3231 Merge branch 'develop' into release-docs 2019-06-22 02:00:18 +03:00
rinpatch
e76115989a Move config templates to priv so they can be found in releases 2019-06-21 19:54:04 +03:00
rinpatch
89fead9250 Default DB configuration to false and set the default database name to
`pleroma` instead of `pleroma_dev`
2019-06-21 06:42:04 +03:00
rinpatch
69070e641d Allow setting upload/static directories in the config generator 2019-06-20 03:59:16 +03:00
rinpatch
fe3a830b80 Remove a useless binding from config template call 2019-06-20 02:34:19 +03:00
rinpatch
8c7a382027 Rename Pleroma.Mix.Tasks.Common -> Mix.Pleroma and import it's functions
instead of aliasing

This seems to be the convention for functions that can be reused between
different mix tasks in all Elixir projects I've seen and it gets rid on
an error message when someone runs mix pleroma.common

Also in this commit by accident:
- Move benchmark task under a proper namespace
- Insert a space after the prompt
2019-06-20 02:08:02 +03:00
Alexander Strizhakov
c2ca1f22a2 it is changed in compile time
we can't change module attributes and endpoint settings in runtime
2019-06-14 15:45:05 +00:00
rinpatch
d7ec0898e5 Make mix tasks work in a release 2019-06-08 17:40:40 +03:00
Roman Chvanikov
64a2c6a041 Digest emails 2019-04-20 19:42:19 +07:00
Alex S
fe13a1d78c adding notify_email setting for trigger emails 2019-04-10 17:57:41 +07:00
Sachin Joshi
cd41584ac4 Generate permissive or restrictive robots.txt in the config generator 2019-04-03 22:12:58 +05:45
Haelwenn (lanodan) Monnier
f94cc6d824
Mix.Tasks.Pleroma.Instance: Generate signing_salt
Closes: https://git.pleroma.social/pleroma/pleroma/issues/533
2019-01-21 01:16:41 +01:00
spctrl
ab9cda315f Change 'name' to 'instance_name' so option is used when running non-interactive 2018-12-29 12:43:54 +01:00
William Pitcock
69ad1039ba mix tasks: add legal boilerplate 2018-12-23 20:56:42 +00:00