ilja/akkoma
1
0
Fork 0
forked from AkkomaGang/akkoma
Code Issues Pull requests Projects Releases Packages Wiki Activity
14375 commits 9 branches 72 tags 327 MiB
Commit graph

78 commits

Author SHA1 Message Date
Hélène
61254111e5
HttpSignaturePlug: accept standard (request-target) 
The (request-target) used by Pleroma is non-standard, but many HTTP
signature implementations do it this way due to a misinterpretation of
the draft 06 of HTTP signatures: "path" was interpreted as not having
the query, though later examples show that it must be the absolute path
with the query part of the URL as well.

This behavior is kept to make sure most software (Pleroma itself,
Mastodon, and probably others) do not break, but Pleroma now accepts
signatures for a (request-target) containing the query, as expected by
many HTTP signature libraries, and clarified in the draft 11 of HTTP
signatures.

Additionally, the new draft renamed (request-target) to @request-target.
We now support both for incoming requests' signatures.
 2022-08-18 17:01:34 +02:00
Tusooa Zhu
57c030a0a7 Skip cache when /objects or /activities is authenticated 
Ref: fix-local-public
 2022-05-06 10:23:26 +02:00
Tusooa Zhu
e2d24eda57 Allow to skip cache in Cache plug 
Ref: fix-local-public
 2022-05-06 10:23:26 +02:00
Haelwenn
d7c53da77a Merge branch 'from/upstream-develop/tusooa/translate-pages' into 'develop' 
Translate backend-rendered pages

See merge request pleroma/pleroma!3634
 2022-03-20 18:14:37 +00:00
Tusooa Zhu
aca11fb70e
Support multiple locales from userLanguage cookie 2022-03-03 02:31:36 -05:00
Tusooa Zhu
7ea330b4fe
Support multiple locales formally 
elixir gettext current does not fully support fallback to another language [0].
But it might in the future. We adapt it so that all languages in Accept-Language
headers are received by Pleroma.Web.Gettext. User.languages is now a comma-separated
list.

[0]: https://github.com/elixir-gettext/gettext/issues/303
 2022-03-03 02:03:44 -05:00
Tusooa Zhu
8de573b047
Fallback to a variant if the language in general is not supported 
For an example, here, zh is not supported, but zh_Hans and zh_Hant
are. If the user asks for zh, we should choose a variant for them
instead of fallbacking to default.

Some browsers (e.g. Firefox) does not allow users to customize
their language codes. For example, there is no zh-Hans, but only
zh, zh-CN, zh-TW, zh-HK, etc. This provides a workaround for
those users suffering from bad design decisions.
 2022-03-02 19:59:11 -05:00
Tusooa Zhu
e644f8dea5
Allow user to register with custom language 2022-03-02 01:41:13 -05:00
Tusooa Zhu
0149ea4538
Send emails i18n'd using backend-stored user language 2022-03-01 22:19:13 -05:00
Sean King
17aa3644be
Copyright bump for 2022 2022-02-25 23:11:42 -07:00
Tusooa Zhu
9f4c5743e8
Make lint happy 2022-02-21 19:12:32 -05:00
Tusooa Zhu
0fd3695b9c
Prefer userLanguage cookie over Accept-Language header in detecting locale 
https://git.pleroma.social/pleroma/pleroma-meta/-/issues/60
 2022-02-21 18:02:19 -05:00
Alex Gleason
138f5a4517
EnsureStaffPrivilegedPlug: don't let non-moderators through 2021-12-27 17:18:26 -06:00
Alibek Omarov
f02715c4b2 Fix lint errors 2021-12-27 03:42:03 +03:00
Alibek Omarov
cd1041c3a4 API: optionally restrict moderators from accessing sensitive data 2021-12-27 02:27:48 +03:00
Alex Gleason
44ede0657f
Merge remote-tracking branch 'pleroma/develop' into staff-plug 2021-08-04 11:48:57 -05:00
Alex Gleason
9bc1e79c56
Moderators: add UserIsStaffPlug 2021-07-12 21:57:52 -05:00
Alex Gleason
595bca24ad
Merge remote-tracking branch 'pleroma/develop' into cycles-frontend-static 2021-05-30 12:12:58 -05:00
Alex Gleason
721c966842
FrontendStatic: make Router a runtime dep 
Speeds up recompilation by removing compile-time cycles
 2021-05-30 12:12:16 -05:00
Alex Gleason
39127f15eb
Merge remote-tracking branch 'pleroma/develop' into cycles-router-api-routes 2021-05-28 13:51:21 -05:00
Alex Gleason
c23b81e399
Pleroma.Web.get_api_routes/0 --> Pleroma.Web.Router.get_api_routes/0 
Reduce recompilation time by breaking compile-time cycles
 2021-05-28 13:51:01 -05:00
Sean King
2b4f958b2a
Add opting out of Google FLoC to HTTPSecurityPlug headers 2021-04-18 14:00:18 -06:00
Mark Felder
1552179792 Improved recursion through the api route list 2021-02-25 10:07:29 -06:00
Mark Felder
cea31df6a6 Attempt to filter out API calls from FrontendStatic plug 2021-02-24 15:27:53 -06:00
rinpatch
2ab9499258 OAuthScopesPlug: remove transform_scopes in favor of explicit admin scope definitions 
Transforming scopes is no longer necessary since we are dropping
support for accessing admin api without `admin:` prefix in scopes.
 2021-02-17 21:37:23 +03:00
Ivan Tashkinov
df89b5019b [#2510] Improved support for app-bound OAuth tokens. Auth-related refactoring. 2021-02-11 15:02:50 +03:00
Egor Kislitsyn
793fc77b16
Add active user count 2021-01-27 18:20:06 +04:00
eugenijm
7fcaa188a0 Allow to define custom HTTP headers per each frontend 2021-01-21 21:55:23 +03:00
eugenijm
133644dfa2 Ability to set the Service-Worker-Allowed header 2021-01-21 21:55:11 +03:00
Lain Soykaf
39f3683a06 Pbkdf2: Use it everywhere. 2021-01-14 15:06:16 +01:00
lain
9106048c61 Password: Replace Pbkdf2 with Password. 2021-01-13 15:11:11 +01:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021 
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
 2021-01-13 07:49:50 +01:00
Mark Felder
86dcfb4eb9 More places we should be using Upload.base_url 2021-01-08 17:32:42 -06:00
Mark Felder
d69c78ceb9 Remove configurability of upload proxy opts, simplify 2021-01-05 15:06:00 -06:00
lain
713612c377 Cachex: Make caching provider switchable at runtime. 
Defaults to Cachex.
 2020-12-18 17:44:46 +01:00
Ivan Tashkinov
e9859b68fc [#3112] Ensured presence and consistency of :user and :token assigns (EnsureUserTokenAssignsPlug). Refactored auth info dropping functions. 2020-12-06 13:59:10 +03:00
Ivan Tashkinov
50e47a215f Merge remote-tracking branch 'remotes/origin/develop' into auth-improvements 2020-11-28 21:51:27 +03:00
Alexander Strizhakov
6aadb1cb40
digest algorithm is taken from header 2020-11-27 08:10:52 +03:00
Ivan Tashkinov
12a5981cc3 Session token setting on token exchange. Auth-related refactoring. 2020-11-25 21:47:23 +03:00
Ivan Tashkinov
ccc2cf0e87 Session-based OAuth auth fixes (token expiration check), refactoring, tweaks. 2020-11-21 19:47:25 +03:00
Ivan Tashkinov
04f6b48ac1 Auth subsystem refactoring and tweaks. 
Added proper OAuth skipping for SessionAuthenticationPlug. Integrated LegacyAuthenticationPlug into AuthenticationPlug. Adjusted tests & docs.
 2020-10-31 13:38:35 +03:00
Maksim Pechnikov
d28f72a55a FrontStatic plug: excluded invalid url 2020-10-27 22:59:27 +03:00
Alexander Strizhakov
b081080dd9
fixes after rebase 2020-10-13 16:44:02 +03:00
Alexander Strizhakov
1d0e130cb3
fixes after rebase 2020-10-13 16:44:02 +03:00
Alexander Strizhakov
9f4fe5485b
alias alphabetically order 2020-10-13 16:43:59 +03:00
Alexander Strizhakov
3ef4e9d170
AdminSecretAuthenticationPlug module name 2020-10-13 16:43:58 +03:00
Alexander Strizhakov
c497558d43
AuthenticationPlug module name 2020-10-13 16:43:58 +03:00
Alexander Strizhakov
c1777e7479
BasicAuthDecoderPlug module name 2020-10-13 16:43:58 +03:00
Alexander Strizhakov
970932689f
DigestPlug rename 2020-10-13 16:43:57 +03:00
Alexander Strizhakov
66e0b0065b
Cache plug module name 2020-10-13 16:43:57 +03:00