Commit graph

1650 commits

Author SHA1 Message Date
5ee0fb18cb exiftool: make stripped tags configurable 2024-04-26 18:57:24 +02:00
a95af3ee4c exiftool: strip all non-essential tags
Documentation was already clear on this only stripping GPS tags.
But there are more potentially sensitive metadata tags (e.g. author
and possibly description) and the name alone suggests a broader effect.

Thus change the filter to strip all metadata except for colourspace info
and orientation (technically it strips everything and then readds
selected tags).

Explicitly stripping CommonIFD0 is needed since -all does not modify
IFD0 due to TIFF storing some actual image data there. CommonIFD0 then
strips a bunch of commonly used actual metadata tags from IFD0, to my
understanding leaving TIFF image data and custom metadata tags intact.
2024-04-25 23:00:42 +02:00
24e608ab5b docs: fix typo 2024-04-25 23:00:42 +02:00
b1c6621e66 Merge pull request 'Read image description from EXIF data' (#744) from timorl/akkoma:elseinspe into develop
Reviewed-on: AkkomaGang/akkoma#744
2024-04-25 12:52:31 +00:00
0fa3fbf55e Update OTP install docs to use certbot nginx plugin 2024-04-23 00:02:54 -04:00
e5f4282cca Update certbot instructions for Alpine Linux 2024-04-23 00:02:54 -04:00
cdde95ad8b Update gentoo install guide to use certbot-nginx 2024-04-23 00:02:54 -04:00
c493769364 Update Nginx setup docs for Fedora and Red Hat OTP 2024-04-23 00:02:15 -04:00
39b8e73532 Update docs for Arch Linux nginx setup
Alongside moving to certbot's nginx plugin, also use conf.d instead of
recreating the sites-{available,enabled} setup that Debian/Ubuntu uses.

Furthermore, also request a certificate for the media domain at the same
time since that's now required.
2024-04-21 18:19:07 -04:00
5405828ab1 Update debian install docs to use certbot nginx plugin 2024-04-21 18:19:07 -04:00
timorl
cd7af81896
Rename StripLocation to StripMetadata for temporal-proofing reasons 2024-04-16 20:37:00 +02:00
timorl
b144218dce
Merge branch 'develop' into elseinspe 2024-04-14 20:31:33 +02:00
e36c0f96fc Merge pull request 'Add docker override file to docs and gitignore' (#621) from norm/akkoma:docker-compose-override into develop
Reviewed-on: AkkomaGang/akkoma#621
2024-04-12 18:50:25 +00:00
d910e8d7d1 Add test suite for elixir1.16 2024-04-12 19:13:33 +01:00
61621ebdbc Add tests for extra warnings about media subdomains 2024-04-02 10:54:53 +01:00
0648d9ebaa Add mix tasks to detect spoofed posts and users
At least as far as we can
2024-03-26 16:05:20 -01:00
d441101200 Add mix task to detect uploaded spoof payloads 2024-03-26 16:05:20 -01:00
d6d838cbe8 StealEmoji: check remote size before downloading
To save on bandwith and avoid OOMs with large files.
Ofc, this relies on the remote server
 (a) sending a content-length header and
 (b) being honest about the size.

Common fedi servers seem to provide the header and (b) at least raises
the required privilege of an malicious actor to a server infrastructure
admin of an explicitly allowed host.

A more complete defense which still works when faced with
a malicious server requires changes in upstream Finch;
see https://github.com/sneako/finch/issues/224
2024-03-18 22:33:10 -01:00
fb54c47f0b Update example nginx config
To account for our subdomain recommendations
2024-03-18 22:33:10 -01:00
fc36b04016 Drop media proxy same-domain default for base_url
Even more than with user uploads, a same-domain proxy setup bears
significant security risks due to serving untrusted content under
the main domain space.

A risky setup like that should never be the default.
2024-03-18 22:33:10 -01:00
0ec62acb9d Always insert Dedupe upload filter
This actually was already intended before to eradict all future
path-traversal-style exploits and to fix issues with some
characters like akkoma#610 in 0b2ec0ccee. However, Dedupe and
AnonymizeFilename got mixed up. The latter only anonymises the name
in Content-Disposition headers GET parameters (with link_name),
_not_ the upload path.

Even without Dedupe, the upload path is prefixed by an UUID,
so it _should_ already be hard to guess for attackers. But now
we actually can be sure no path shenanigangs occur, uploads
reliably work and save some disk space.

While this makes the final path predictable, this prediction is
not exploitable. Insertion of a back-reference to the upload
itself requires pulling off a successfull preimage attack against
SHA-256, which is deemed infeasible for the foreseeable futures.

Dedupe was already included in the default list in config.exs
since 28cfb2c37a, but this will get overridde by whatever the
config generated by the "pleroma.instance gen" task chose.

Upload+delete tests running in parallel using Dedupe might be flaky, but
this was already true before and needs its own commit to fix eventually.
2024-03-18 22:33:10 -01:00
fef773ca35 Drop media base_url default and recommend different domain
Same-domain setups enabled now at least two exploits,
so they ought to be discouraged and definitely not be the default.
2024-03-18 22:33:10 -01:00
cdf73e0ac8 Merge pull request 'Better document database differences for Pleroma migrations' (#699) from Oneric/akkoma:doc_pleroma-migration-db into develop
Reviewed-on: AkkomaGang/akkoma#699
2024-02-24 04:33:43 +00:00
967e6b8ade Merge pull request 'Docs: Add description for mrf_reject_newly_created_account_notes' (#695) from YokaiRick/akkoma:doc_mrf_reject_acc_notes into develop
Reviewed-on: AkkomaGang/akkoma#695
2024-02-24 04:31:28 +00:00
bff2812a93 More prominently document db migrations in migrations from Pleroma
By now most instance will run a version past 2022-08 but the guide
only documented it for from source installs and Pleroma develop.
2024-02-23 23:54:14 +01:00
7964272c98 Document how to avoid data loss on migration from Pleroma 2024-02-23 23:54:09 +01:00
c25cfe9b7a fixed spelling 2024-02-19 23:25:20 +01:00
41dd37d796 doc/cheatsheet: add missing MRFs
Or mentions of MRFs in the main list
whose options were already documented.
2024-02-19 23:15:47 +01:00
9830d54fa1 doc/cheatsheet: sort main MRF list alphabetically
It is too cumbersome to find a specific policy atm
or to check if all are docuemtned yet.
Trivial placeholder policies are excluded from this.
2024-02-19 23:15:30 +01:00
f254e4f530 doc/cheatsheet: add missing MRF config detail docs
And remove “on by default” text from individual entries.
They are now laready in the “on by default” section.
2024-02-19 23:14:44 +01:00
da4190c46e doc/cheatsheet: split out always active MRFs
It doesn’t make sense to add/remove them from the policies list
2024-02-19 23:14:24 +01:00
7a2d68c3ab doc/cheatsheet: add link to ActivityExpiration config details 2024-02-19 23:14:07 +01:00
8e7a89605d doc/cheatsheet: move MRF policies key to end of section
This makes it easier to spot the transparency options
2024-02-19 23:13:48 +01:00
1640d19448 doc/cheatsheet: move :activitypub section ahead
Else it is too easy to mistake for another MRF policy.
2024-02-19 23:13:25 +01:00
8f1776a8a7 Purge leftovers from FollowBot MRF
It was dropped in 9db4c2429f
2024-02-19 23:13:05 +01:00
1ec6e193e6 doc: clarify RejectNewlyCreated uses local account discovery 2024-02-19 23:12:41 +01:00
b4c832471c docs/docs/configuration/cheatsheet.md aktualisiert
fixed up some grammer / wording. removed a setence and made wording more in line with what I could find in Admin-FE (especially wording of "rejecting" vs. dropping)
2024-02-17 22:09:47 +00:00
db49daa4a5 make it clearer what it affects 2024-02-17 22:57:56 +01:00
718104117f fix link 2024-02-17 22:34:55 +01:00
12e7d0a25c added doc for mrf_reject_newly_created_account_notes 2024-02-17 22:25:12 +01:00
7a0e27a746 Disable busy waits in the default OTP vm.args configuration.
This vastly reduces idle CPU usage, which should generally be beneficial
for most small-to-medium sized instances.

Additionally update the documentation to specify how to override the vm.args
file for OTP installs
2024-02-17 13:21:56 +01:00
e99e2407f3 Add background_removal to SimplePolicy MRF 2024-02-16 16:36:45 +01:00
0ed815b8a1 Merge branch 'followback' into develop 2024-02-16 13:27:40 +00:00
cda597a05c doc: fix Akkoma identification name
Akkoma stopped pretending to be Pleroma here when the mix project name
was changed in c07fcdbf2b.
2024-02-15 16:25:59 +01:00
711043f57d Document bubble timeline API
It was added in cb6e7359af.
2024-02-15 16:04:33 +01:00
6bb455702d Document Akkoma API 2024-02-15 16:04:33 +01:00
7493d8f49d Document live dashboard 2024-02-15 16:04:33 +01:00
376f6b15ca Add ability to auto-approve followbacks
Resolves: AkkomaGang/akkoma#148
2024-02-13 15:42:37 +01:00
13e62b4e51 Fix schema and docs for status_ttl_days and instance
Fixes misspelling and omission of and example in commit
0cfd5b4e89 which added the
status_ttl_property. This was the only place this commit
referred to the property as note_ttl_days.

Partially fixes the omitted schema update of the instance metadata addition
from commit b7e8ce2350. A proper full schema
for nodeinfo is still missing.
2024-02-13 15:39:52 +01:00
e97d08ee98 Merge pull request 'MRF transparency: don’t forget to obfuscate short domains' (#676) from Oneric/akkoma:mrf-obfuscation into develop
Reviewed-on: AkkomaGang/akkoma#676
2024-02-05 08:43:43 +00:00