Merge pull request 'Stop exposing if a user blocks you over the API.' (#553) from XxXCertifiedForkliftDriverXxX/akkoma:feature/hide-blocked_by into develop

Reviewed-on: AkkomaGang/akkoma#553

CHANGELOG.md

@@ -4,6 +4,37 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## 2023.05
+
+## Added
+- Custom options for users to accept/reject private messages
+  - options: everybody, nobody, people\_i\_follow
+- MRF to reject notes from accounts newer than a given age
+  - this will have the side-effect of rejecting legitimate messages if your
+    post gets boosted outside of your local bubble and people your instance
+    does not know about reply to it.
+
+## Fixed
+- Support for `streams` public key URIs
+- Bookmarks are cleaned up on DB prune now
+
+## Security
+- Fixed mediaproxy being a bit of a silly billy
+
+## 2023.04
+
+## Added
+- Nodeinfo keys for unauthenticated timeline visibility
+- Option to disable federated timeline
+- Option to make the bubble timeline publicly accessible
+- Ability to swap between installed standard frontends
+  - *mastodon frontends are still not counted as standard frontends due to the complexity in serving them correctly*. 
+
+### Upgrade Notes
+- Elixir 1.14 is now required. If your distribution does not package this, you can
+  use [asdf](https://asdf-vm.com/). At time of writing, elixir 1.14.3 / erlang 25.3
+  is confirmed to work.
+
 ## 2023.03
 
 ## Fixed
@@ -19,6 +50,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Removed
 - Possibility of using the `style` parameter on `span` elements. This will break certain MFM parameters.
+- Option for "default" image description.
 
 ## 2023.02
 

Dockerfile

@@ -1,4 +1,4 @@
-FROM hexpm/elixir:1.13.4-erlang-24.3.4.5-alpine-3.15.6
+FROM hexpm/elixir:1.14.3-erlang-25.3-alpine-3.17.2
 
 ENV MIX_ENV=prod
 ENV ERL_EPMD_ADDRESS=127.0.0.1

README.md

@@ -54,6 +54,9 @@ If your platform is not supported, or you just want to be able to edit the sourc
 ### Docker
 Docker installation is supported via [this setup](https://docs.akkoma.dev/stable/installation/docker_en/)
 
+### Packages
+Akkoma is packaged for [YunoHost](https://yunohost.org) and can be found and installed from the [YunoHost app catalogue](https://yunohost.org/#/apps).
+
 ### Compilation Troubleshooting
 If you ever encounter compilation issues during the updating of Akkoma, you can try these commands and see if they fix things:
 

config/config.exs

@@ -65,7 +65,6 @@ config :pleroma, Pleroma.Upload,
   link_name: false,
   proxy_remote: false,
   filename_display_max_length: 30,
-  default_description: nil,
   base_url: nil
 
 config :pleroma, Pleroma.Uploaders.Local, uploads: "uploads"
@@ -261,7 +260,8 @@ config :pleroma, :instance,
   privileged_staff: false,
   local_bubble: [],
   max_frontend_settings_json_chars: 100_000,
-  export_prometheus_metrics: true
+  export_prometheus_metrics: true,
+  federated_timeline_available: true
 
 config :pleroma, :welcome,
   direct_message: [
@@ -418,6 +418,8 @@ config :pleroma, :mrf_object_age,
 
 config :pleroma, :mrf_follow_bot, follower_nickname: nil
 
+config :pleroma, :mrf_reject_newly_created_account_notes, age: 86_400
+
 config :pleroma, :rich_media,
   enabled: true,
   ignore_hosts: [],
@@ -745,6 +747,9 @@ config :pleroma, :frontends,
   primary: %{"name" => "pleroma-fe", "ref" => "stable"},
   admin: %{"name" => "admin-fe", "ref" => "stable"},
   mastodon: %{"name" => "mastodon-fe", "ref" => "akkoma"},
+  pickable: [
+    "pleroma-fe/stable"
+  ],
   swagger: %{
     "name" => "swagger-ui",
     "ref" => "stable",
@@ -810,7 +815,7 @@ config :pleroma, :majic_pool, size: 2
 private_instance? = :if_instance_is_private
 
 config :pleroma, :restrict_unauthenticated,
-  timelines: %{local: private_instance?, federated: private_instance?},
+  timelines: %{local: private_instance?, federated: private_instance?, bubble: true},
   profiles: %{local: private_instance?, remote: private_instance?},
   activities: %{local: private_instance?, remote: private_instance?}
 

config/custom_emoji.txt

@@ -0,0 +1,2 @@
+hehe, /emoji/hehe.png, Akkoma
+nothehe, /emoji/nothehe.png, Akkoma

config/description.exs

@@ -969,6 +969,12 @@ config :pleroma, :config_description, [
         key: :export_prometheus_metrics,
         type: :boolean,
         description: "Enable prometheus metrics (at /api/v1/akkoma/metrics)"
+      },
+      %{
+        key: :federated_timeline_available,
+        type: :boolean,
+        description:
+          "Let people view the 'firehose' feed of all public statuses from all instances."
       }
     ]
   },
@@ -2993,6 +2999,11 @@ config :pleroma, :config_description, [
             key: :federated,
             type: :boolean,
             description: "Disallow viewing the whole known network timeline."
+          },
+          %{
+            key: :bubble,
+            type: :boolean,
+            description: "Disallow viewing the bubble timeline."
           }
         ]
       },
@@ -3148,6 +3159,12 @@ config :pleroma, :config_description, [
         description:
           "A map containing available frontends and parameters for their installation.",
         children: frontend_options
+      },
+      %{
+        key: :pickable,
+        type: {:list, :string},
+        description:
+          "A list containing all frontends users can pick as their preference, format is :name/:ref, e.g pleroma-fe/stable."
       }
     ]
   },

config/test.exs

@@ -23,8 +23,7 @@ config :pleroma, :auth, oauth_consumer_strategies: []
 
 config :pleroma, Pleroma.Upload,
   filters: [],
-  link_name: false,
-  default_description: :filename
+  link_name: false
 
 config :pleroma, Pleroma.Uploaders.Local, uploads: "test/uploads"
 

docs/docs/configuration/cheatsheet.md

@@ -562,7 +562,6 @@ the source code is here: [kocaptcha](https://github.com/koto-bank/kocaptcha). Th
 * `proxy_remote`: If you're using a remote uploader, Akkoma will proxy media requests instead of redirecting to it.
 * `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation.
 * `filename_display_max_length`: Set max length of a filename to display. 0 = no limit. Default: 30.
-* `default_description`: Sets which default description an image has if none is set explicitly. Options: nil (default) - Don't set a default, :filename - use the filename of the file, a string (e.g. "attachment") - Use this string
 
 !!! warning
     `strip_exif` has been replaced by `Pleroma.Upload.Filter.Mogrify`.

docs/docs/installation/generic_dependencies.include

@@ -1,8 +1,8 @@
 ## Required dependencies
 
 * PostgreSQL 9.6+
-* Elixir 1.12+ (1.13+ recommended)
-* Erlang OTP 22.2+
+* Elixir 1.14+
+* Erlang OTP 24+
 * git
 * file / libmagic
 * gcc (clang might also work)

docs/docs/installation/yunohost_en.md

@@ -0,0 +1,9 @@
+# Installing on Yunohost
+
+[YunoHost](https://yunohost.org) is a server operating system aimed at self-hosting. The YunoHost community maintains a package of Akkoma which allows you to install Akkoma on YunoHost. You can install it via the normal way through the admin web interface, or through the CLI. More information can be found at [the repo of the package](https://github.com/YunoHost-Apps/akkoma_ynh).
+
+## Questions
+
+Questions and problems related to the YunoHost parts can be done through the [YunoHost channels](https://yunohost.org/en/help).
+
+For questions about Akkoma, check out the [Akkoma community channels](../../#community-channels).

elixir_buildpack.config

@@ -1,2 +1,2 @@
-elixir_version=1.9.4
-erlang_version=22.3.4.1
+elixir_version=1.14.3
+erlang_version=25.3

lib/mix/tasks/pleroma/database.ex

@@ -171,6 +171,21 @@ defmodule Mix.Tasks.Pleroma.Database do
     end
     |> Repo.delete_all(timeout: :infinity)
 
+    if !Keyword.get(options, :keep_threads) do
+      # Without the --keep-threads option, it's possible that bookmarked
+      # objects have been deleted. We remove the corresponding bookmarks.
+      """
+      delete from public.bookmarks
+      where id in (
+        select b.id from public.bookmarks b
+        left join public.activities a on b.activity_id = a.id
+        left join public.objects o on a."data" ->> 'object' = o.data ->> 'id'
+        where o.id is null
+      )
+      """
+      |> Repo.query([], timeout: :infinity)
+    end
+
     if Keyword.get(options, :prune_orphaned_activities) do
       # Prune activities who link to a single object
       """

lib/mix/tasks/pleroma/diagnostics.ex

@@ -82,4 +82,46 @@ defmodule Mix.Tasks.Pleroma.Diagnostics do
     Ecto.Adapters.SQL.explain(Repo, :all, query, analyze: true, timeout: :infinity)
     |> IO.puts()
   end
+
+  def run(["notifications", nickname]) do
+    start_pleroma()
+    user = Repo.get_by!(User, nickname: nickname)
+    account_ap_id = user.ap_id
+    options = %{account_ap_id: user.ap_id}
+
+    query =
+      user
+      |> Pleroma.Notification.for_user_query(options)
+      |> where([n, a], a.actor == ^account_ap_id)
+      |> limit(20)
+
+    Ecto.Adapters.SQL.explain(Repo, :all, query, analyze: true, timeout: :infinity)
+    |> IO.puts()
+  end
+
+  def run(["known_network", nickname]) do
+    start_pleroma()
+    user = Repo.get_by!(User, nickname: nickname)
+
+    params =
+      %{}
+      |> Map.put(:type, ["Create"])
+      |> Map.put(:local_only, false)
+      |> Map.put(:blocking_user, user)
+      |> Map.put(:muting_user, user)
+      |> Map.put(:reply_filtering_user, user)
+      # Restricts unfederated content to authenticated users
+      |> Map.put(:includes_local_public, not is_nil(user))
+      |> Map.put(:restrict_unlisted, true)
+
+    query =
+      Pleroma.Web.ActivityPub.ActivityPub.fetch_activities_query(
+        [Pleroma.Constants.as_public()],
+        params
+      )
+      |> limit(20)
+
+    Ecto.Adapters.SQL.explain(Repo, :all, query, analyze: true, timeout: :infinity)
+    |> IO.puts()
+  end
 end

lib/pleroma/activity.ex

@@ -277,6 +277,13 @@ defmodule Pleroma.Activity do
 
   def get_create_by_object_ap_id_with_object(_), do: nil
 
+  def get_local_create_by_object_ap_id(ap_id) when is_binary(ap_id) do
+    ap_id
+    |> create_by_object_ap_id()
+    |> where(local: true)
+    |> Repo.one()
+  end
+
   @spec create_by_id_with_object(String.t()) :: t() | nil
   def create_by_id_with_object(id) do
     get_by_id_with_opts(id, preload: [:object], filter: [type: "Create"])

lib/pleroma/akkoma/translators/libre_translate.ex

@@ -40,7 +40,7 @@ defmodule Pleroma.Akkoma.Translators.LibreTranslate do
         if Map.has_key?(body, "detectedLanguage") do
           get_in(body, ["detectedLanguage", "language"])
         else
-          from_language
+          from_language || ""
         end
 
       {:ok, detected, translated}

lib/pleroma/instances/instance.ex

@@ -162,7 +162,7 @@ defmodule Pleroma.Instances.Instance do
     %Instance{
       host: Pleroma.Web.Endpoint.host(),
       favicon: Pleroma.Web.Endpoint.url() <> "/favicon.png",
-      nodeinfo: Pleroma.Web.Nodeinfo.NodeinfoController.raw_nodeinfo()
+      nodeinfo: Pleroma.Web.Nodeinfo.Nodeinfo.get_nodeinfo("2.1")
     }
   end
 

lib/pleroma/reverse_proxy.ex

@@ -251,6 +251,7 @@ defmodule Pleroma.ReverseProxy do
     |> Enum.filter(fn {k, _} -> k in @keep_resp_headers end)
     |> build_resp_cache_headers(opts)
     |> build_resp_content_disposition_header(opts)
+    |> build_csp_headers()
     |> Keyword.merge(Keyword.get(opts, :resp_headers, []))
   end
 
@@ -316,6 +317,10 @@ defmodule Pleroma.ReverseProxy do
     end
   end
 
+  defp build_csp_headers(headers) do
+    List.keystore(headers, "content-security-policy", 0, {"content-security-policy", "sandbox"})
+  end
+
   defp header_length_constraint(headers, limit) when is_integer(limit) and limit > 0 do
     with {_, size} <- List.keyfind(headers, "content-length", 0),
          {size, _} <- Integer.parse(size),

lib/pleroma/signature.ex

@@ -17,6 +17,7 @@ defmodule Pleroma.Signature do
       key_id
       |> URI.parse()
       |> Map.put(:fragment, nil)
+      |> Map.put(:query, nil)
       |> remove_suffix(@known_suffixes)
 
     maybe_ap_id = URI.to_string(uri)

lib/pleroma/upload.ex

@@ -65,15 +65,6 @@ defmodule Pleroma.Upload do
         }
   defstruct [:id, :name, :tempfile, :content_type, :width, :height, :blurhash, :path]
 
-  defp get_description(opts, upload) do
-    case {opts[:description], Pleroma.Config.get([Pleroma.Upload, :default_description])} do
-      {description, _} when is_binary(description) -> description
-      {_, :filename} -> upload.name
-      {_, str} when is_binary(str) -> str
-      _ -> ""
-    end
-  end
-
   @spec store(source, options :: [option()]) :: {:ok, Map.t()} | {:error, any()}
   @doc "Store a file. If using a `Plug.Upload{}` as the source, be sure to use `Majic.Plug` to ensure its content_type and filename is correct."
   def store(upload, opts \\ []) do
@@ -82,7 +73,7 @@ defmodule Pleroma.Upload do
     with {:ok, upload} <- prepare_upload(upload, opts),
          upload = %__MODULE__{upload | path: upload.path || "#{upload.id}/#{upload.name}"},
          {:ok, upload} <- Pleroma.Upload.Filter.filter(opts.filters, upload),
-         description = get_description(opts, upload),
+         description = Map.get(opts, :description) || "",
          {_, true} <-
            {:description_limit,
             String.length(description) <= Pleroma.Config.get([:instance, :description_limit])},

lib/pleroma/user.ex

@@ -159,6 +159,11 @@ defmodule Pleroma.User do
     field(:language, :string)
     field(:status_ttl_days, :integer, default: nil)
 
+    field(:accepts_direct_messages_from, Ecto.Enum,
+      values: [:everybody, :people_i_follow, :nobody],
+      default: :everybody
+    )
+
     embeds_one(
       :notification_settings,
       Pleroma.User.NotificationSetting,
@@ -366,21 +371,21 @@ defmodule Pleroma.User do
   def invisible?(_), do: false
 
   def avatar_url(user, options \\ []) do
-    case user.avatar do
-      %{"url" => [%{"href" => href} | _]} ->
-        href
-
-      _ ->
-        unless options[:no_default] do
-          Config.get([:assets, :default_user_avatar], "#{Endpoint.url()}/images/avi.png")
-        end
-    end
+    default = Config.get([:assets, :default_user_avatar], "#{Endpoint.url()}/images/avi.png")
+    do_optional_url(user.avatar, default, options)
   end
 
   def banner_url(user, options \\ []) do
-    case user.banner do
-      %{"url" => [%{"href" => href} | _]} -> href
-      _ -> !options[:no_default] && "#{Endpoint.url()}/images/banner.png"
+    do_optional_url(user.banner, "#{Endpoint.url()}/images/banner.png", options)
+  end
+
+  defp do_optional_url(field, default, options) do
+    case field do
+      %{"url" => [%{"href" => href} | _]} when is_binary(href) ->
+        href
+
+      _ ->
+        unless options[:no_default], do: default
     end
   end
 
@@ -536,7 +541,8 @@ defmodule Pleroma.User do
         :is_discoverable,
         :actor_type,
         :disclose_client,
-        :status_ttl_days
+        :status_ttl_days,
+        :accepts_direct_messages_from
       ]
     )
     |> unique_constraint(:nickname)
@@ -2722,4 +2728,16 @@ defmodule Pleroma.User do
   def following_hashtag?(%User{} = user, %Hashtag{} = hashtag) do
     not is_nil(HashtagFollow.get(user, hashtag))
   end
+
+  def accepts_direct_messages?(
+        %User{accepts_direct_messages_from: :people_i_follow} = receiver,
+        %User{} = sender
+      ) do
+    User.following?(receiver, sender)
+  end
+
+  def accepts_direct_messages?(%User{accepts_direct_messages_from: :everybody}, _), do: true
+
+  def accepts_direct_messages?(%User{accepts_direct_messages_from: :nobody}, _),
+    do: false
 end

lib/pleroma/user_note.ex

@@ -31,7 +31,7 @@ defmodule Pleroma.UserNote do
            UserNote
            |> where(source_id: ^source.id, target_id: ^target.id)
            |> Repo.one() do
-      note.comment
+      note.comment || ""
     else
       _ -> ""
     end

lib/pleroma/web/activity_pub/activity_pub.ex

@@ -1502,13 +1502,22 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
 
   @spec upload(Upload.source(), keyword()) :: {:ok, Object.t()} | {:error, any()}
   def upload(file, opts \\ []) do
-    with {:ok, data} <- Upload.store(file, opts) do
+    with {:ok, data} <- Upload.store(sanitize_upload_file(file), opts) do
       obj_data = Maps.put_if_present(data, "actor", opts[:actor])
 
       Repo.insert(%Object{data: obj_data})
     end
   end
 
+  defp sanitize_upload_file(%Plug.Upload{filename: filename} = upload) when is_binary(filename) do
+    %Plug.Upload{
+      upload
+      | filename: Path.basename(filename)
+    }
+  end
+
+  defp sanitize_upload_file(upload), do: upload
+
   @spec get_actor_url(any()) :: binary() | nil
   defp get_actor_url(url) when is_binary(url), do: url
   defp get_actor_url(%{"href" => href}) when is_binary(href), do: href

lib/pleroma/web/activity_pub/activity_pub_controller.ex

@@ -8,7 +8,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
   alias Pleroma.Activity
   alias Pleroma.Delivery
   alias Pleroma.Object
-  alias Pleroma.Object.Fetcher
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.InternalFetchActor
@@ -293,33 +292,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
     |> json("Invalid HTTP Signature")
   end
 
-  # POST /relay/inbox -or- POST /internal/fetch/inbox
-  def inbox(conn, %{"type" => "Create"} = params) do
-    if FederatingPlug.federating?() do
-      post_inbox_relayed_create(conn, params)
-    else
-      conn
-      |> put_status(:bad_request)
-      |> json("Not federating")
-    end
-  end
-
   def inbox(conn, _params) do
     conn
     |> put_status(:bad_request)
     |> json("error, missing HTTP Signature")
   end
 
-  defp post_inbox_relayed_create(conn, params) do
-    Logger.debug(
-      "Signature missing or not from author, relayed Create message, fetching object from source"
-    )
-
-    Fetcher.fetch_object_from_id(params["object"]["id"])
-
-    json(conn, "ok")
-  end
-
   defp represent_service_actor(%User{} = user, conn) do
     conn
     |> put_resp_content_type("application/activity+json")

lib/pleroma/web/activity_pub/mrf.ex

@@ -147,7 +147,8 @@ defmodule Pleroma.Web.ActivityPub.MRF do
     |> Enum.concat([
       Pleroma.Web.ActivityPub.MRF.HashtagPolicy,
       Pleroma.Web.ActivityPub.MRF.InlineQuotePolicy,
-      Pleroma.Web.ActivityPub.MRF.NormalizeMarkup
+      Pleroma.Web.ActivityPub.MRF.NormalizeMarkup,
+      Pleroma.Web.ActivityPub.MRF.DirectMessageDisabledPolicy
     ])
     |> Enum.uniq()
   end

lib/pleroma/web/activity_pub/mrf/direct_message_disabled_policy.ex

@@ -0,0 +1,65 @@
+defmodule Pleroma.Web.ActivityPub.MRF.DirectMessageDisabledPolicy do
+  @behaviour Pleroma.Web.ActivityPub.MRF.Policy
+
+  alias Pleroma.User
+  require Pleroma.Constants
+
+  @moduledoc """
+  Removes entries from the "To" field from direct messages if the user has requested to not
+  allow direct messages
+  """
+
+  @impl true
+  def filter(
+        %{
+          "type" => "Create",
+          "actor" => actor,
+          "object" => %{
+            "type" => "Note"
+          }
+        } = activity
+      ) do
+    with recipients <- Map.get(activity, "to", []),
+         cc <- Map.get(activity, "cc", []),
+         true <- is_direct?(recipients, cc),
+         sender <- User.get_cached_by_ap_id(actor) do
+      new_to =
+        Enum.filter(recipients, fn recv ->
+          should_include?(sender, recv)
+        end)
+
+      {:ok,
+       activity
+       |> Map.put("to", new_to)
+       |> maybe_replace_object_to(new_to)}
+    else
+      _ ->
+        {:ok, activity}
+    end
+  end
+
+  @impl true
+  def filter(object), do: {:ok, object}
+
+  @impl true
+  def describe, do: {:ok, %{}}
+
+  defp should_include?(sender, receiver_ap_id) do
+    with %User{local: true} = receiver <- User.get_cached_by_ap_id(receiver_ap_id) do
+      User.accepts_direct_messages?(receiver, sender)
+    else
+      _ -> true
+    end
+  end
+
+  defp maybe_replace_object_to(%{"object" => %{"to" => _}} = activity, to) do
+    Kernel.put_in(activity, ["object", "to"], to)
+  end
+
+  defp maybe_replace_object_to(other, _), do: other
+
+  defp is_direct?(to, cc) do
+    !(Enum.member?(to, Pleroma.Constants.as_public()) ||
+        Enum.member?(cc, Pleroma.Constants.as_public()))
+  end
+end

lib/pleroma/web/activity_pub/mrf/reject_newly_created_account_note_policy.ex

@@ -0,0 +1,50 @@
+defmodule Pleroma.Web.ActivityPub.MRF.RejectNewlyCreatedAccountNotesPolicy do
+  @behaviour Pleroma.Web.ActivityPub.MRF.Policy
+
+  alias Pleroma.User
+
+  @moduledoc """
+  Rejects notes from accounts that were created below a certain threshold of time ago
+  """
+  @impl true
+  def filter(
+        %{
+          "type" => type,
+          "actor" => actor
+        } = activity
+      )
+      when type in ["Note", "Create"] do
+    min_age = Pleroma.Config.get([:mrf_reject_newly_created_account_notes, :age])
+
+    with %User{local: false} = user <- Pleroma.User.get_cached_by_ap_id(actor),
+         true <- Timex.diff(Timex.now(), user.inserted_at, :seconds) < min_age do
+      {:reject, "[RejectNewlyCreatedAccountNotesPolicy] Account created too recently"}
+    else
+      _ -> {:ok, activity}
+    end
+  end
+
+  @impl true
+  def filter(object), do: {:ok, object}
+
+  @impl true
+  def describe, do: {:ok, %{}}
+
+  @impl true
+  def config_description do
+    %{
+      key: :mrf_reject_newly_created_account_notes,
+      related_policy: "Pleroma.Web.ActivityPub.MRF.RejectNewlyCreatedAccountNotesPolicy",
+      label: "MRF Reject New Accounts",
+      description: "Reject notes from accounts created too recently",
+      children: [
+        %{
+          key: :age,
+          type: :integer,
+          description: "Time below which to reject (in seconds)",
+          suggestions: [86_400]
+        }
+      ]
+    }
+  end
+end

lib/pleroma/web/activity_pub/publisher.ex

@@ -108,15 +108,28 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
       Config.get([:mrf_simple, :reject], [])
   end
 
+  defp allowed_instances do
+    Config.get([:mrf_simple, :accept])
+  end
+
   def should_federate?(url) do
     %{host: host} = URI.parse(url)
 
-    quarantined_instances =
-      blocked_instances()
+    with allowed <- allowed_instances(),
+         false <- Enum.empty?(allowed) do
+      allowed
       |> Pleroma.Web.ActivityPub.MRF.instance_list_from_tuples()
       |> Pleroma.Web.ActivityPub.MRF.subdomains_regex()
+      |> Pleroma.Web.ActivityPub.MRF.subdomain_match?(host)
+    else
+      _ ->
+        quarantined_instances =
+          blocked_instances()
+          |> Pleroma.Web.ActivityPub.MRF.instance_list_from_tuples()
+          |> Pleroma.Web.ActivityPub.MRF.subdomains_regex()
 
-    !Pleroma.Web.ActivityPub.MRF.subdomain_match?(quarantined_instances, host)
+        not Pleroma.Web.ActivityPub.MRF.subdomain_match?(quarantined_instances, host)
+    end
   end
 
   @spec recipients(User.t(), Activity.t()) :: list(User.t()) | []

lib/pleroma/web/akkoma_api/controllers/frontend_settings_controller.ex

@@ -5,6 +5,16 @@ defmodule Pleroma.Web.AkkomaAPI.FrontendSettingsController do
   alias Pleroma.Akkoma.FrontendSettingsProfile
 
   @unauthenticated_access %{fallback: :proceed_unauthenticated, scopes: []}
+
+  plug(
+    OAuthScopesPlug,
+    @unauthenticated_access
+    when action in [
+           :available_frontends,
+           :update_preferred_frontend
+         ]
+  )
+
   plug(
     OAuthScopesPlug,
     %{@unauthenticated_access | scopes: ["read:accounts"]}
@@ -93,4 +103,22 @@ defmodule Pleroma.Web.AkkomaAPI.FrontendSettingsController do
       |> json(profile.settings)
     end
   end
+
+  @doc "GET /api/v1/akkoma/preferred_frontend/available"
+  def available_frontends(conn, _params) do
+    available = Pleroma.Config.get([:frontends, :pickable])
+
+    conn
+    |> json(available)
+  end
+
+  @doc "PUT /api/v1/akkoma/preferred_frontend"
+  def update_preferred_frontend(
+        %{body_params: %{frontend_name: preferred_frontend}} = conn,
+        _params
+      ) do
+    conn
+    |> put_resp_cookie("preferred_frontend", preferred_frontend)
+    |> json(%{frontend_name: preferred_frontend})
+  end
 end

lib/pleroma/web/akkoma_api/controllers/frontend_switcher.ex

@@ -0,0 +1,20 @@
+defmodule Pleroma.Web.AkkomaAPI.FrontendSwitcherController do
+  use Pleroma.Web, :controller
+  alias Pleroma.Config
+
+  @doc "GET /akkoma/frontend"
+  def switch(conn, _params) do
+    pickable = Config.get([:frontends, :pickable], [])
+
+    conn
+    |> put_view(Pleroma.Web.AkkomaAPI.FrontendSwitcherView)
+    |> render("switch.html", choices: pickable)
+  end
+
+  @doc "POST /akkoma/frontend"
+  def do_switch(conn, params) do
+    conn
+    |> put_resp_cookie("preferred_frontend", params["frontend"])
+    |> html("<meta http-equiv=\"refresh\" content=\"0; url=/\">")
+  end
+end

lib/pleroma/web/akkoma_api/views/frontend_switcher.ex

@@ -0,0 +1,3 @@
+defmodule Pleroma.Web.AkkomaAPI.FrontendSwitcherView do
+  use Pleroma.Web, :view
+end

lib/pleroma/web/api_spec/operations/account_operation.ex

@@ -708,6 +708,16 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
           nullable: true,
           description:
             "Number of days after which statuses will be deleted. Set to -1 to disable."
+        },
+        accepts_direct_messages_from: %Schema{
+          type: :string,
+          enum: [
+            "everybody",
+            "nobody",
+            "people_i_follow"
+          ],
+          nullable: true,
+          description: "Who to accept DMs from"
         }
       },
       example: %{
@@ -729,7 +739,8 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
         also_known_as: ["https://foo.bar/users/foo"],
         discoverable: false,
         actor_type: "Person",
-        status_ttl_days: 30
+        status_ttl_days: 30,
+        accepts_direct_messages_from: "everybody"
       }
     }
   end
@@ -756,7 +767,7 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
           "showing_reblogs" => true,
           "followed_by" => true,
           "blocking" => false,
-          "blocked_by" => true,
+          "blocked_by" => false,
           "muting" => false,
           "muting_notifications" => false,
           "note" => "",
@@ -772,7 +783,7 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
           "showing_reblogs" => true,
           "followed_by" => true,
           "blocking" => false,
-          "blocked_by" => true,
+          "blocked_by" => false,
           "muting" => true,
           "muting_notifications" => false,
           "note" => "",

lib/pleroma/web/api_spec/operations/frontend_settings_operation.ex

@@ -12,7 +12,7 @@ defmodule Pleroma.Web.ApiSpec.FrontendSettingsOperation do
   @spec list_profiles_operation() :: Operation.t()
   def list_profiles_operation() do
     %Operation{
-      tags: ["Retrieve frontend setting profiles"],
+      tags: ["Frontends"],
       summary: "Frontend Settings Profiles",
       description: "List frontend setting profiles",
       operationId: "AkkomaAPI.FrontendSettingsController.list_profiles",
@@ -37,7 +37,7 @@ defmodule Pleroma.Web.ApiSpec.FrontendSettingsOperation do
   @spec get_profile_operation() :: Operation.t()
   def get_profile_operation() do
     %Operation{
-      tags: ["Retrieve frontend setting profile"],
+      tags: ["Frontends"],
       summary: "Frontend Settings Profile",
       description: "Get frontend setting profile",
       operationId: "AkkomaAPI.FrontendSettingsController.get_profile",
@@ -60,7 +60,7 @@ defmodule Pleroma.Web.ApiSpec.FrontendSettingsOperation do
   @spec delete_profile_operation() :: Operation.t()
   def delete_profile_operation() do
     %Operation{
-      tags: ["Delete frontend setting profile"],
+      tags: ["Frontends"],
       summary: "Delete frontend Settings Profile",
       description: "Delete  frontend setting profile",
       operationId: "AkkomaAPI.FrontendSettingsController.delete_profile",
@@ -76,7 +76,7 @@ defmodule Pleroma.Web.ApiSpec.FrontendSettingsOperation do
   @spec update_profile_operation() :: Operation.t()
   def update_profile_operation() do
     %Operation{
-      tags: ["Update frontend setting profile"],
+      tags: ["Frontends"],
       summary: "Frontend Settings Profile",
       description: "Update frontend setting profile",
       operationId: "AkkomaAPI.FrontendSettingsController.update_profile_operation",
@@ -90,6 +90,57 @@ defmodule Pleroma.Web.ApiSpec.FrontendSettingsOperation do
     }
   end
 
+  def available_frontends_operation() do
+    %Operation{
+      tags: ["Frontends"],
+      summary: "Frontend Settings Profiles",
+      description: "List frontend setting profiles",
+      operationId: "AkkomaAPI.FrontendSettingsController.available_frontends",
+      responses: %{
+        200 =>
+          Operation.response("Frontends", "application/json", %Schema{
+            type: :array,
+            items: %Schema{
+              type: :string
+            }
+          })
+      }
+    }
+  end
+
+  def update_preferred_frontend_operation() do
+    %Operation{
+      tags: ["Frontends"],
+      summary: "Frontend Settings Profiles",
+      description: "List frontend setting profiles",
+      operationId: "AkkomaAPI.FrontendSettingsController.available_frontends",
+      requestBody:
+        request_body(
+          "Frontend",
+          %Schema{
+            type: :object,
+            required: [:frontend_name],
+            properties: %{
+              frontend_name: %Schema{
+                type: :string,
+                description: "Frontend name"
+              }
+            }
+          },
+          required: true
+        ),
+      responses: %{
+        200 =>
+          Operation.response("Frontends", "application/json", %Schema{
+            type: :array,
+            items: %Schema{
+              type: :string
+            }
+          })
+      }
+    }
+  end
+
   def frontend_name_param do
     Operation.parameter(:frontend_name, :path, :string, "Frontend name",
       example: "pleroma-fe",

lib/pleroma/web/api_spec/operations/timeline_operation.ex

@@ -70,7 +70,8 @@ defmodule Pleroma.Web.ApiSpec.TimelineOperation do
       operationId: "TimelineController.public",
       responses: %{
         200 => Operation.response("Array of Status", "application/json", array_of_statuses()),
-        401 => Operation.response("Error", "application/json", ApiError)
+        401 => Operation.response("Error", "application/json", ApiError),
+        404 => Operation.response("Error", "application/json", ApiError)
       }
     }
   end

lib/pleroma/web/api_spec/schemas/account_relationship.ex

@@ -13,7 +13,10 @@ defmodule Pleroma.Web.ApiSpec.Schemas.AccountRelationship do
     description: "Relationship between current account and requested account",
     type: :object,
     properties: %{
-      blocked_by: %Schema{type: :boolean},
+      blocked_by: %Schema{
+        type: :boolean,
+        description: "Represents being blocked by this user. Always false."
+      },
       blocking: %Schema{type: :boolean},
       domain_blocking: %Schema{type: :boolean},
       endorsed: %Schema{type: :boolean},

lib/pleroma/web/fallback/redirect_controller.ex

@@ -20,7 +20,7 @@ defmodule Pleroma.Web.Fallback.RedirectController do
   def redirector(conn, _params, code \\ 200) do
     conn
     |> put_resp_content_type("text/html")
-    |> send_file(code, index_file_path())
+    |> send_file(code, index_file_path(conn))
   end
 
   def redirector_with_meta(conn, %{"maybe_nickname_or_id" => maybe_nickname_or_id} = params) do
@@ -33,7 +33,7 @@ defmodule Pleroma.Web.Fallback.RedirectController do
   end
 
   def redirector_with_meta(conn, params) do
-    {:ok, index_content} = File.read(index_file_path())
+    {:ok, index_content} = File.read(index_file_path(conn))
 
     tags = build_tags(conn, params)
     preloads = preload_data(conn, params)
@@ -53,7 +53,7 @@ defmodule Pleroma.Web.Fallback.RedirectController do
   end
 
   def redirector_with_preload(conn, params) do
-    {:ok, index_content} = File.read(index_file_path())
+    {:ok, index_content} = File.read(index_file_path(conn))
     preloads = preload_data(conn, params)
     tags = Metadata.build_static_tags(params)
     title = "<title>#{Pleroma.Config.get([:instance, :name])}</title>"
@@ -77,8 +77,9 @@ defmodule Pleroma.Web.Fallback.RedirectController do
     |> text("")
   end
 
-  defp index_file_path do
-    Pleroma.Web.Plugs.InstanceStatic.file_path("index.html")
+  defp index_file_path(conn) do
+    frontend_type = Pleroma.Web.Plugs.FrontendStatic.preferred_or_fallback(conn, :primary)
+    Pleroma.Web.Plugs.InstanceStatic.file_path("index.html", frontend_type)
   end
 
   defp build_tags(conn, params) do

lib/pleroma/web/mastodon_api/controllers/account_controller.ex

@@ -221,6 +221,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
       |> Maps.put_if_present(:is_discoverable, params[:discoverable])
       |> Maps.put_if_present(:language, Pleroma.Web.Gettext.normalize_locale(params[:language]))
       |> Maps.put_if_present(:status_ttl_days, params[:status_ttl_days], status_ttl_days_value)
+      |> Maps.put_if_present(:accepts_direct_messages_from, params[:accepts_direct_messages_from])
 
     # What happens here:
     #

lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex

@@ -16,7 +16,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
   alias Pleroma.Web.Plugs.RateLimiter
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(:skip_public_check when action in [:public, :hashtag])
+  plug(:skip_public_check when action in [:public, :hashtag, :bubble])
 
   # TODO: Replace with a macro when there is a Phoenix release with the following commit in it:
   # https://github.com/phoenixframework/phoenix/commit/2e8c63c01fec4dde5467dbbbf9705ff9e780735e
@@ -28,19 +28,25 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
   plug(RateLimiter, [name: :timeline, bucket_name: :list_timeline] when action == :list)
   plug(RateLimiter, [name: :timeline, bucket_name: :bubble_timeline] when action == :bubble)
 
-  plug(OAuthScopesPlug, %{scopes: ["read:statuses"]} when action in [:home, :direct, :bubble])
+  plug(OAuthScopesPlug, %{scopes: ["read:statuses"]} when action in [:home, :direct])
   plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :list)
 
   plug(
     OAuthScopesPlug,
     %{scopes: ["read:statuses"], fallback: :proceed_unauthenticated}
-    when action in [:public, :hashtag]
+    when action in [:public, :hashtag, :bubble]
   )
 
+  require Logger
+
   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.TimelineOperation
 
   # GET /api/v1/timelines/home
   def home(%{assigns: %{user: user}} = conn, params) do
+    %{nickname: nickname} = user
+
+    Logger.debug("TimelineController.home: #{nickname}")
+
     followed_hashtags =
       user
       |> User.followed_hashtags()
@@ -58,11 +64,15 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
       |> Map.put(:followed_hashtags, followed_hashtags)
       |> Map.delete(:local)
 
+    Logger.debug("TimelineController.home: #{nickname} - fetching activities")
+
     activities =
       [user.ap_id | User.following(user)]
       |> ActivityPub.fetch_activities(params)
       |> Enum.reverse()
 
+    Logger.debug("TimelineController.home: #{nickname} - rendering")
+
     conn
     |> add_link_headers(activities)
     |> render("index.json",
@@ -75,6 +85,8 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
 
   # GET /api/v1/timelines/direct
   def direct(%{assigns: %{user: user}} = conn, params) do
+    Logger.debug("TimelineController.direct: #{user.nickname}")
+
     params =
       params
       |> Map.put(:type, "Create")
@@ -82,11 +94,15 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
       |> Map.put(:user, user)
       |> Map.put(:visibility, "direct")
 
+    Logger.debug("TimelineController.direct: #{user.nickname} - fetching activities")
+
     activities =
       [user.ap_id]
       |> ActivityPub.fetch_activities_query(params)
       |> Pagination.fetch_paginated(params)
 
+    Logger.debug("TimelineController.direct: #{user.nickname} - rendering")
+
     conn
     |> add_link_headers(activities)
     |> render("index.json",
@@ -96,21 +112,22 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
     )
   end
 
-  defp restrict_unauthenticated?(true = _local_only) do
-    Config.restrict_unauthenticated_access?(:timelines, :local)
-  end
-
-  defp restrict_unauthenticated?(_) do
-    Config.restrict_unauthenticated_access?(:timelines, :federated)
+  defp restrict_unauthenticated?(type) do
+    Config.restrict_unauthenticated_access?(:timelines, type)
   end
 
   # GET /api/v1/timelines/public
   def public(%{assigns: %{user: user}} = conn, params) do
+    Logger.debug("TimelineController.public")
     local_only = params[:local]
+    timeline_type = if local_only, do: :local, else: :federated
+
+    with {:enabled, true} <-
+           {:enabled, local_only || Config.get([:instance, :federated_timeline_available], true)},
+         {:authenticated, true} <-
+           {:authenticated, !(is_nil(user) and restrict_unauthenticated?(timeline_type))} do
+      Logger.debug("TimelineController.public: fetching activities")
 
-    if is_nil(user) and restrict_unauthenticated?(local_only) do
-      fail_on_bad_auth(conn)
-    else
       activities =
         params
         |> Map.put(:type, ["Create"])
@@ -123,6 +140,8 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
         |> Map.put(:includes_local_public, not is_nil(user))
         |> ActivityPub.fetch_public_activities()
 
+      Logger.debug("TimelineController.public: rendering")
+
       conn
       |> add_link_headers(activities, %{"local" => local_only})
       |> render("index.json",
@@ -131,20 +150,32 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
         as: :activity,
         with_muted: Map.get(params, :with_muted, false)
       )
+    else
+      {:enabled, false} ->
+        conn
+        |> put_status(404)
+        |> json(%{error: "Federated timeline is disabled"})
+
+      {:authenticated, false} ->
+        fail_on_bad_auth(conn)
     end
   end
 
   # GET /api/v1/timelines/bubble
   def bubble(%{assigns: %{user: user}} = conn, params) do
-    bubble_instances =
-      Enum.uniq(
-        Config.get([:instance, :local_bubble], []) ++
-          [Pleroma.Web.Endpoint.host()]
-      )
+    Logger.debug("TimelineController.bubble")
 
-    if is_nil(user) do
+    if is_nil(user) and restrict_unauthenticated?(:bubble) do
       fail_on_bad_auth(conn)
     else
+      bubble_instances =
+        Enum.uniq(
+          Config.get([:instance, :local_bubble], []) ++
+            [Pleroma.Web.Endpoint.host()]
+        )
+
+      Logger.debug("TimelineController.bubble: fetching activities")
+
       activities =
         params
         |> Map.put(:type, ["Create"])
@@ -154,6 +185,8 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
         |> Map.put(:instance, bubble_instances)
         |> ActivityPub.fetch_public_activities()
 
+      Logger.debug("TimelineController.bubble: rendering")
+
       conn
       |> add_link_headers(activities)
       |> render("index.json",
@@ -195,7 +228,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
   def hashtag(%{assigns: %{user: user}} = conn, params) do
     local_only = params[:local]
 
-    if is_nil(user) and restrict_unauthenticated?(local_only) do
+    if is_nil(user) and restrict_unauthenticated?(if local_only, do: :local, else: :federated) do
       fail_on_bad_auth(conn)
     else
       activities = hashtag_fetching(params, user, local_only)

lib/pleroma/web/mastodon_api/views/account_view.ex

@@ -124,14 +124,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
           target,
           &User.blocks_user?(&1, &2)
         ),
-      blocked_by:
-        UserRelationship.exists?(
-          user_relationships,
-          :block,
-          target,
-          reading_user,
-          &User.blocks_user?(&1, &2)
-        ),
+      blocked_by: false,
       muting:
         UserRelationship.exists?(
           user_relationships,
@@ -354,6 +347,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
     |> Kernel.put_in([:source, :privacy], user.default_scope)
     |> Kernel.put_in([:source, :pleroma, :show_role], user.show_role)
     |> Kernel.put_in([:source, :pleroma, :no_rich_text], user.no_rich_text)
+    |> Kernel.put_in([:accepts_direct_messages_from], user.accepts_direct_messages_from)
   end
 
   defp maybe_put_settings(data, _, _, _), do: data

lib/pleroma/web/mastodon_api/views/instance_view.ex

@@ -67,6 +67,9 @@ defmodule Pleroma.Web.MastodonAPI.InstanceView do
       "pleroma:api/v1/notifications:include_types_filter",
       "quote_posting",
       "editing",
+      if !Enum.empty?(Config.get([:instance, :local_bubble], [])) do
+        "bubble_timeline"
+      end,
       if Config.get([:media_proxy, :enabled]) do
         "media_proxy"
       end,

lib/pleroma/web/mastodon_api/views/status_view.ex

@@ -21,6 +21,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
   alias Pleroma.Web.MastodonAPI.StatusView
   alias Pleroma.Web.MediaProxy
   alias Pleroma.Web.PleromaAPI.EmojiReactionController
+  require Logger
 
   import Pleroma.Web.ActivityPub.Visibility, only: [get_visibility: 1, visible_for_user?: 2]
 
@@ -87,6 +88,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
   defp reblogged?(_activity, _user), do: false
 
   def render("index.json", opts) do
+    Logger.debug("Rendering index")
     reading_user = opts[:for]
     # To do: check AdminAPIControllerTest on the reasons behind nil activities in the list
     activities = Enum.filter(opts.activities, & &1)
@@ -136,8 +138,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
 
   def render(
         "show.json",
-        %{activity: %{data: %{"type" => "Announce", "object" => _object}} = activity} = opts
+        %{activity: %{id: id, data: %{"type" => "Announce", "object" => _object}} = activity} =
+          opts
       ) do
+    Logger.debug("Rendering reblog #{id}")
     user = CommonAPI.get_user(activity.data["actor"])
     created_at = Utils.to_masto_date(activity.data["published"])
     object = Object.normalize(activity, fetch: false)
@@ -209,7 +213,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
     }
   end
 
-  def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} = opts) do
+  def render("show.json", %{activity: %{id: id, data: %{"object" => _object}} = activity} = opts) do
+    Logger.debug("Rendering status #{id}")
+
     with %Object{} = object <- Object.normalize(activity, fetch: false) do
       user = CommonAPI.get_user(activity.data["actor"])
       user_follower_address = user.follower_address
@@ -428,6 +434,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
   end
 
   def render("history.json", %{activity: %{data: %{"object" => _object}} = activity} = opts) do
+    Logger.debug("Rendering history for #{activity.id}")
     object = Object.normalize(activity, fetch: false)
 
     hashtags = Object.hashtags(object)
@@ -614,6 +621,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
   def render("attachment_meta.json", _), do: nil
 
   def render("context.json", %{activity: activity, activities: activities, user: user}) do
+    Logger.debug("Rendering context for #{activity.id}")
+
     %{ancestors: ancestors, descendants: descendants} =
       activities
       |> Enum.reverse()

lib/pleroma/web/nodeinfo/nodeinfo.ex

@@ -71,7 +71,15 @@ defmodule Pleroma.Web.Nodeinfo.Nodeinfo do
         restrictedNicknames: Config.get([Pleroma.User, :restricted_nicknames]),
         skipThreadContainment: Config.get([:instance, :skip_thread_containment], false),
         privilegedStaff: Config.get([:instance, :privileged_staff]),
-        localBubbleInstances: Config.get([:instance, :local_bubble], [])
+        localBubbleInstances: Config.get([:instance, :local_bubble], []),
+        publicTimelineVisibility: %{
+          federated:
+            !Config.restrict_unauthenticated_access?(:timelines, :federated) &&
+              Config.get([:instance, :federated_timeline_available], true),
+          local: !Config.restrict_unauthenticated_access?(:timelines, :local),
+          bubble: !Config.restrict_unauthenticated_access?(:timelines, :bubble)
+        },
+        federatedTimelineAvailable: Config.get([:instance, :federated_timeline_available], true)
       }
     }
   end

lib/pleroma/web/nodeinfo/nodeinfo_controller.ex

@@ -5,12 +5,8 @@
 defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
   use Pleroma.Web, :controller
 
-  alias Pleroma.Config
-  alias Pleroma.Stats
-  alias Pleroma.User
-  alias Pleroma.Web.Federator.Publisher
-  alias Pleroma.Web.MastodonAPI.InstanceView
   alias Pleroma.Web.Endpoint
+  alias Pleroma.Web.Nodeinfo.Nodeinfo
 
   def schemas(conn, _params) do
     response = %{
@@ -29,101 +25,15 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
     json(conn, response)
   end
 
-  # returns a nodeinfo 2.0 map, since 2.1 just adds a repository field
-  # under software.
-  def raw_nodeinfo do
-    stats = Stats.get_stats()
-
-    staff_accounts =
-      User.all_superusers()
-      |> Enum.map(fn u -> u.ap_id end)
-      |> Enum.filter(fn u -> not Enum.member?(Config.get([:instance, :staff_transparency]), u) end)
-
-    features = InstanceView.features()
-    federation = InstanceView.federation()
-
-    %{
-      version: "2.0",
-      software: %{
-        name: Pleroma.Application.name() |> String.downcase(),
-        version: Pleroma.Application.version()
-      },
-      protocols: Publisher.gather_nodeinfo_protocol_names(),
-      services: %{
-        inbound: [],
-        outbound: []
-      },
-      openRegistrations: Config.get([:instance, :registrations_open]),
-      usage: %{
-        users: %{
-          total: Map.get(stats, :user_count, 0)
-        },
-        localPosts: Map.get(stats, :status_count, 0)
-      },
-      metadata: %{
-        nodeName: Config.get([:instance, :name]),
-        nodeDescription: Config.get([:instance, :description]),
-        private: !Config.get([:instance, :public], true),
-        suggestions: %{
-          enabled: false
-        },
-        staffAccounts: staff_accounts,
-        federation: federation,
-        pollLimits: Config.get([:instance, :poll_limits]),
-        postFormats: Config.get([:instance, :allowed_post_formats]),
-        uploadLimits: %{
-          general: Config.get([:instance, :upload_limit]),
-          avatar: Config.get([:instance, :avatar_upload_limit]),
-          banner: Config.get([:instance, :banner_upload_limit]),
-          background: Config.get([:instance, :background_upload_limit])
-        },
-        fieldsLimits: %{
-          maxFields: Config.get([:instance, :max_account_fields]),
-          maxRemoteFields: Config.get([:instance, :max_remote_account_fields]),
-          nameLength: Config.get([:instance, :account_field_name_length]),
-          valueLength: Config.get([:instance, :account_field_value_length])
-        },
-        accountActivationRequired: Config.get([:instance, :account_activation_required], false),
-        invitesEnabled: Config.get([:instance, :invites_enabled], false),
-        mailerEnabled: Config.get([Pleroma.Emails.Mailer, :enabled], false),
-        features: features,
-        restrictedNicknames: Config.get([Pleroma.User, :restricted_nicknames]),
-        skipThreadContainment: Config.get([:instance, :skip_thread_containment], false),
-        localBubbleInstances: Config.get([:instance, :local_bubble], [])
-      }
-    }
-  end
-
   # Schema definition: https://github.com/jhass/nodeinfo/blob/master/schemas/2.0/schema.json
   # and https://github.com/jhass/nodeinfo/blob/master/schemas/2.1/schema.json
-  def nodeinfo(conn, %{"version" => "2.0"}) do
+  def nodeinfo(conn, %{"version" => version}) when version in ["2.0", "2.1"] do
     conn
     |> put_resp_header(
       "content-type",
       "application/json; profile=http://nodeinfo.diaspora.software/ns/schema/2.0#; charset=utf-8"
     )
-    |> json(raw_nodeinfo())
-  end
-
-  def nodeinfo(conn, %{"version" => "2.1"}) do
-    raw_response = raw_nodeinfo()
-
-    updated_software =
-      raw_response
-      |> Map.get(:software)
-      |> Map.put(:repository, Pleroma.Application.repository())
-
-    response =
-      raw_response
-      |> Map.put(:software, updated_software)
-      |> Map.put(:version, "2.1")
-
-    conn
-    |> put_resp_header(
-      "content-type",
-      "application/json; profile=http://nodeinfo.diaspora.software/ns/schema/2.1#; charset=utf-8"
-    )
-    |> json(response)
+    |> json(Nodeinfo.get_nodeinfo(version))
   end
 
   def nodeinfo(conn, _) do

lib/pleroma/web/o_status/o_status_controller.ex

@@ -36,7 +36,7 @@ defmodule Pleroma.Web.OStatus.OStatusController do
   def object(conn, _params) do
     with id <- Endpoint.url() <> conn.request_path,
          {_, %Activity{} = activity} <-
-           {:activity, Activity.get_create_by_object_ap_id_with_object(id)},
+           {:activity, Activity.get_local_create_by_object_ap_id(id)},
          {_, true} <- {:public?, Visibility.is_public?(activity)},
          {_, false} <- {:local_public?, Visibility.is_local_public?(activity)} do
       redirect(conn, to: "/notice/#{activity.id}")

lib/pleroma/web/plugs/frontend_static.ex

@@ -5,17 +5,23 @@
 defmodule Pleroma.Web.Plugs.FrontendStatic do
   require Pleroma.Constants
 
+  @frontend_cookie_name "preferred_frontend"
+
   @moduledoc """
   This is a shim to call `Plug.Static` but with runtime `from` configuration`. It dispatches to the different frontends.
   """
   @behaviour Plug
 
-  def file_path(path, frontend_type \\ :primary) do
-    if configuration = Pleroma.Config.get([:frontends, frontend_type]) do
-      instance_static_path = Pleroma.Config.get([:instance, :static_dir], "instance/static")
+  defp instance_static_path do
+    Pleroma.Config.get([:instance, :static_dir], "instance/static")
+  end
 
+  def file_path(path, frontend_type \\ :primary)
+
+  def file_path(path, frontend_type) when is_atom(frontend_type) do
+    if configuration = Pleroma.Config.get([:frontends, frontend_type]) do
       Path.join([
-        instance_static_path,
+        instance_static_path(),
         "frontends",
         configuration["name"],
         configuration["ref"],
@@ -26,6 +32,15 @@ defmodule Pleroma.Web.Plugs.FrontendStatic do
     end
   end
 
+  def file_path(path, frontend_type) when is_binary(frontend_type) do
+    Path.join([
+      instance_static_path(),
+      "frontends",
+      frontend_type,
+      path
+    ])
+  end
+
   def init(opts) do
     opts
     |> Keyword.put(:from, "__unconfigured_frontend_static_plug")
@@ -38,7 +53,8 @@ defmodule Pleroma.Web.Plugs.FrontendStatic do
     with false <- api_route?(conn.path_info),
          false <- invalid_path?(conn.path_info),
          true <- enabled?(opts[:if]),
-         frontend_type <- Map.get(opts, :frontend_type, :primary),
+         fallback_frontend_type <- Map.get(opts, :frontend_type, :primary),
+         frontend_type <- preferred_or_fallback(conn, fallback_frontend_type),
          path when not is_nil(path) <- file_path("", frontend_type) do
       call_static(conn, opts, path)
     else
@@ -47,6 +63,31 @@ defmodule Pleroma.Web.Plugs.FrontendStatic do
     end
   end
 
+  def preferred_frontend(conn) do
+    %{req_cookies: cookies} =
+      conn
+      |> Plug.Conn.fetch_cookies()
+
+    Map.get(cookies, @frontend_cookie_name)
+  end
+
+  # Only override primary frontend
+  def preferred_or_fallback(conn, :primary) do
+    case preferred_frontend(conn) do
+      nil ->
+        :primary
+
+      frontend ->
+        if Enum.member?(Pleroma.Config.get([:frontends, :pickable], []), frontend) do
+          frontend
+        else
+          :primary
+        end
+    end
+  end
+
+  def preferred_or_fallback(_conn, fallback), do: fallback
+
   defp enabled?(if_opt) when is_function(if_opt), do: if_opt.()
   defp enabled?(true), do: true
   defp enabled?(_), do: false

lib/pleroma/web/plugs/http_security_plug.ex

@@ -8,6 +8,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
 
   require Logger
 
+  @mix_env Mix.env()
+
   def init(opts), do: opts
 
   def call(conn, _options) do
@@ -114,7 +116,14 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
     style_src = "style-src 'self' '#{nonce_tag}'"
     font_src = "font-src 'self'"
 
-    script_src = "script-src 'self' '#{nonce_tag}'"
+    script_src = "script-src 'self' '#{nonce_tag}' "
+
+    script_src =
+      if @mix_env == :dev do
+        "script-src 'self' 'unsafe-eval' 'unsafe-inline'"
+      else
+        script_src
+      end
 
     report = if report_uri, do: ["report-uri ", report_uri, ";report-to csp-endpoint"]
     insecure = if scheme == "https", do: "upgrade-insecure-requests"

lib/pleroma/web/plugs/instance_static.ex

@@ -12,11 +12,11 @@ defmodule Pleroma.Web.Plugs.InstanceStatic do
   """
   @behaviour Plug
 
-  def file_path(path) do
+  def file_path(path, frontend_type \\ :primary) do
     instance_path =
       Path.join(Pleroma.Config.get([:instance, :static_dir], "instance/static/"), path)
 
-    frontend_path = Pleroma.Web.Plugs.FrontendStatic.file_path(path, :primary)
+    frontend_path = Pleroma.Web.Plugs.FrontendStatic.file_path(path, frontend_type)
 
     (File.exists?(instance_path) && instance_path) ||
       (frontend_path && File.exists?(frontend_path) && frontend_path) ||

lib/pleroma/web/rich_media/parsers/o_embed.ex

@@ -6,8 +6,8 @@ defmodule Pleroma.Web.RichMedia.Parsers.OEmbed do
   def parse(html, _data) do
     with elements = [_ | _] <- get_discovery_data(html),
          oembed_url when is_binary(oembed_url) <- get_oembed_url(elements),
-         {:ok, oembed_data} <- get_oembed_data(oembed_url) do
-      oembed_data
+         {:ok, oembed_data = %{"html" => html}} <- get_oembed_data(oembed_url) do
+      %{oembed_data | "html" => Pleroma.HTML.filter_tags(html)}
     else
       _e -> %{}
     end

lib/pleroma/web/router.ex

@@ -466,6 +466,29 @@ defmodule Pleroma.Web.Router do
     put("/statuses/:id/emoji_reactions/:emoji", EmojiReactionController, :create)
   end
 
+  scope "/akkoma/", Pleroma.Web.AkkomaAPI do
+    pipe_through(:browser)
+
+    get("/frontend", FrontendSwitcherController, :switch)
+    post("/frontend", FrontendSwitcherController, :do_switch)
+  end
+
+  scope "/api/v1/akkoma", Pleroma.Web.AkkomaAPI do
+    pipe_through(:api)
+
+    get(
+      "/api/v1/akkoma/preferred_frontend/available",
+      FrontendSettingsController,
+      :available_frontends
+    )
+
+    put(
+      "/api/v1/akkoma/preferred_frontend",
+      FrontendSettingsController,
+      :update_preferred_frontend
+    )
+  end
+
   scope "/api/v1/akkoma", Pleroma.Web.AkkomaAPI do
     pipe_through(:authenticated_api)
     get("/metrics", MetricsController, :show)
@@ -598,7 +621,6 @@ defmodule Pleroma.Web.Router do
     get("/timelines/home", TimelineController, :home)
     get("/timelines/direct", TimelineController, :direct)
     get("/timelines/list/:list_id", TimelineController, :list)
-    get("/timelines/bubble", TimelineController, :bubble)
 
     get("/announcements", AnnouncementController, :index)
     post("/announcements/:id/dismiss", AnnouncementController, :mark_read)
@@ -653,6 +675,7 @@ defmodule Pleroma.Web.Router do
 
     get("/timelines/public", TimelineController, :public)
     get("/timelines/tag/:tag", TimelineController, :hashtag)
+    get("/timelines/bubble", TimelineController, :bubble)
 
     get("/polls/:id", PollController, :show)
 

lib/pleroma/web/templates/akkoma_api/frontend_switcher/switch.html.eex

@@ -0,0 +1,10 @@
+<h2>Switch Frontend</h2>
+
+<h3>After you submit, you will need to refresh manually to get your new frontend!</h3>
+
+<%= form_for @conn, Routes.frontend_switcher_path(@conn, :do_switch), fn f -> %>
+  <%= select(f, :frontend, @choices) %>
+
+  <%= submit do: "submit" %>
+<% end %>
+

mix.exs

@@ -4,8 +4,8 @@ defmodule Pleroma.Mixfile do
   def project do
     [
       app: :pleroma,
-      version: version("3.7.1"),
-      elixir: "~> 1.12",
+      version: version("3.9.3"),
+      elixir: "~> 1.14",
       elixirc_paths: elixirc_paths(Mix.env()),
       compilers: [:phoenix] ++ Mix.compilers(),
       elixirc_options: [warnings_as_errors: warnings_as_errors()],
@@ -190,7 +190,6 @@ defmodule Pleroma.Mixfile do
       {:mfm_parser,
        git: "https://akkoma.dev/AkkomaGang/mfm-parser.git",
        ref: "912fba81152d4d572e457fd5427f9875b2bc3dbe"},
-      {:poison, ">= 0.0.0"},
 
       ## dev & test
       {:ex_doc, "~> 0.22", only: :dev, runtime: false},

mix.lock

@@ -15,21 +15,21 @@
   "concurrent_limiter": {:hex, :concurrent_limiter, "0.1.1", "43ae1dc23edda1ab03dd66febc739c4ff710d047bb4d735754909f9a474ae01c", [:mix], [{:telemetry, "~> 0.3", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "53968ff238c0fbb4d7ed76ddb1af0be6f3b2f77909f6796e249e737c505a16eb"},
   "connection": {:hex, :connection, "1.1.0", "ff2a49c4b75b6fb3e674bfc5536451607270aac754ffd1bdfe175abe4a6d7a68", [:mix], [], "hexpm", "722c1eb0a418fbe91ba7bd59a47e28008a189d47e37e0e7bb85585a016b2869c"},
   "cors_plug": {:hex, :cors_plug, "2.0.3", "316f806d10316e6d10f09473f19052d20ba0a0ce2a1d910ddf57d663dac402ae", [:mix], [{:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "ee4ae1418e6ce117fc42c2ba3e6cbdca4e95ecd2fe59a05ec6884ca16d469aea"},
-  "cowboy": {:hex, :cowboy, "2.9.0", "865dd8b6607e14cf03282e10e934023a1bd8be6f6bacf921a7e2a96d800cd452", [:make, :rebar3], [{:cowlib, "2.11.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "2c729f934b4e1aa149aff882f57c6372c15399a20d54f65c8d67bef583021bde"},
+  "cowboy": {:hex, :cowboy, "2.10.0", "ff9ffeff91dae4ae270dd975642997afe2a1179d94b1887863e43f681a203e26", [:make, :rebar3], [{:cowlib, "2.12.1", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "3afdccb7183cc6f143cb14d3cf51fa00e53db9ec80cdcd525482f5e99bc41d6b"},
   "cowboy_telemetry": {:hex, :cowboy_telemetry, "0.3.1", "ebd1a1d7aff97f27c66654e78ece187abdc646992714164380d8a041eda16754", [:rebar3], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "3a6efd3366130eab84ca372cbd4a7d3c3a97bdfcfb4911233b035d117063f0af"},
-  "cowlib": {:hex, :cowlib, "2.11.0", "0b9ff9c346629256c42ebe1eeb769a83c6cb771a6ee5960bd110ab0b9b872063", [:make, :rebar3], [], "hexpm", "2b3e9da0b21c4565751a6d4901c20d1b4cc25cbb7fd50d91d2ab6dd287bc86a9"},
+  "cowlib": {:hex, :cowlib, "2.12.1", "a9fa9a625f1d2025fe6b462cb865881329b5caff8f1854d1cbc9f9533f00e1e1", [:make, :rebar3], [], "hexpm", "163b73f6367a7341b33c794c4e88e7dbfe6498ac42dcd69ef44c5bc5507c8db0"},
   "credo": {:git, "https://github.com/rrrene/credo.git", "1c1b99ea41a457761383d81aaf6a606913996fe7", [ref: "1c1b99ea41a457761383d81aaf6a606913996fe7"]},
   "custom_base": {:hex, :custom_base, "0.2.1", "4a832a42ea0552299d81652aa0b1f775d462175293e99dfbe4d7dbaab785a706", [:mix], [], "hexpm", "8df019facc5ec9603e94f7270f1ac73ddf339f56ade76a721eaa57c1493ba463"},
-  "db_connection": {:hex, :db_connection, "2.4.3", "3b9aac9f27347ec65b271847e6baeb4443d8474289bd18c1d6f4de655b70c94d", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c127c15b0fa6cfb32eed07465e05da6c815b032508d4ed7c116122871df73c12"},
-  "decimal": {:hex, :decimal, "2.0.0", "a78296e617b0f5dd4c6caf57c714431347912ffb1d0842e998e9792b5642d697", [:mix], [], "hexpm", "34666e9c55dea81013e77d9d87370fe6cb6291d1ef32f46a1600230b1d44f577"},
+  "db_connection": {:hex, :db_connection, "2.5.0", "bb6d4f30d35ded97b29fe80d8bd6f928a1912ca1ff110831edcd238a1973652c", [:mix], [{:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c92d5ba26cd69ead1ff7582dbb860adeedfff39774105a4f1c92cbb654b55aa2"},
+  "decimal": {:hex, :decimal, "2.1.1", "5611dca5d4b2c3dd497dec8f68751f1f1a54755e8ed2a966c2633cf885973ad6", [:mix], [], "hexpm", "53cfe5f497ed0e7771ae1a475575603d77425099ba5faef9394932b35020ffcc"},
   "deep_merge": {:hex, :deep_merge, "1.0.0", "b4aa1a0d1acac393bdf38b2291af38cb1d4a52806cf7a4906f718e1feb5ee961", [:mix], [], "hexpm", "ce708e5f094b9cd4e8f2be4f00d2f4250c4095be93f8cd6d018c753894885430"},
-  "dialyxir": {:hex, :dialyxir, "1.2.0", "58344b3e87c2e7095304c81a9ae65cb68b613e28340690dfe1a5597fd08dec37", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "61072136427a851674cab81762be4dbeae7679f85b1272b6d25c3a839aff8463"},
-  "earmark": {:hex, :earmark, "1.4.37", "56ce845c543393aa3f9b294c818c3d783452a4a67e4ab18c4303a954a8b59363", [:mix], [{:earmark_parser, "~> 1.4.31", [hex: :earmark_parser, repo: "hexpm", optional: false]}], "hexpm", "d86d5e12868db86d5321b00e62a4bbcb4150346e4acc9a90a041fb188a5cb106"},
-  "earmark_parser": {:hex, :earmark_parser, "1.4.31", "a93921cdc6b9b869f519213d5bc79d9e218ba768d7270d46fdcf1c01bacff9e2", [:mix], [], "hexpm", "317d367ee0335ef037a87e46c91a2269fef6306413f731e8ec11fc45a7efd059"},
+  "dialyxir": {:hex, :dialyxir, "1.3.0", "fd1672f0922b7648ff9ce7b1b26fcf0ef56dda964a459892ad15f6b4410b5284", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "00b2a4bcd6aa8db9dcb0b38c1225b7277dca9bc370b6438715667071a304696f"},
+  "earmark": {:hex, :earmark, "1.4.38", "ba8fda946c259c6e8f6759d3647d448e9216e2c0afed8c6ae7f8ce1f7072a497", [:mix], [{:earmark_parser, "~> 1.4.32", [hex: :earmark_parser, repo: "hexpm", optional: false]}], "hexpm", "f938e30de4167e7d8f3bf588b01dc041138278dda1e5a13fb9ec89b43dd5ec7f"},
+  "earmark_parser": {:hex, :earmark_parser, "1.4.32", "fa739a0ecfa34493de19426681b23f6814573faee95dfd4b4aafe15a7b5b32c6", [:mix], [], "hexpm", "b8b0dd77d60373e77a3d7e8afa598f325e49e8663a51bcc2b88ef41838cca755"},
   "eblurhash": {:hex, :eblurhash, "1.2.2", "7da4255aaea984b31bb71155f673257353b0e0554d0d30dcf859547e74602582", [:rebar3], [], "hexpm", "8c20ca00904de023a835a9dcb7b7762fed32264c85a80c3cafa85288e405044c"},
-  "ecto": {:hex, :ecto, "3.9.4", "3ee68e25dbe0c36f980f1ba5dd41ee0d3eb0873bccae8aeaf1a2647242bffa35", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "de5f988c142a3aa4ec18b85a4ec34a2390b65b24f02385c1144252ff6ff8ee75"},
+  "ecto": {:hex, :ecto, "3.9.5", "9f0aa7ae44a1577b651c98791c6988cd1b69b21bc724e3fd67090b97f7604263", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "d4f3115d8cbacdc0bfa4b742865459fb1371d0715515842a1fb17fe31920b74c"},
   "ecto_enum": {:hex, :ecto_enum, "1.4.0", "d14b00e04b974afc69c251632d1e49594d899067ee2b376277efd8233027aec8", [:mix], [{:ecto, ">= 3.0.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "> 3.0.0", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:mariaex, ">= 0.0.0", [hex: :mariaex, repo: "hexpm", optional: true]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: true]}], "hexpm", "8fb55c087181c2b15eee406519dc22578fa60dd82c088be376d0010172764ee4"},
-  "ecto_psql_extras": {:hex, :ecto_psql_extras, "0.7.10", "e14d400930f401ca9f541b3349212634e44027d7f919bbb71224d7ac0d0e8acd", [:mix], [{:ecto_sql, "~> 3.4", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.15.7 or ~> 0.16.0", [hex: :postgrex, repo: "hexpm", optional: false]}, {:table_rex, "~> 3.1.1", [hex: :table_rex, repo: "hexpm", optional: false]}], "hexpm", "505e8cd81e4f17c090be0f99e92b1b3f0fd915f98e76965130b8ccfb891e7088"},
+  "ecto_psql_extras": {:hex, :ecto_psql_extras, "0.7.11", "6e20144c1446dcccfcdb4c142c9d8b7992a90a569b1d5958cbea5458550b25f0", [:mix], [{:ecto_sql, "~> 3.4", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.15.7 or ~> 0.16.0 or ~> 0.17.0", [hex: :postgrex, repo: "hexpm", optional: false]}, {:table_rex, "~> 3.1.1", [hex: :table_rex, repo: "hexpm", optional: false]}], "hexpm", "def61f1f92d4f40d51c80bbae2157212d6c0a459eb604be446e47369cbd40b23"},
   "ecto_sql": {:hex, :ecto_sql, "3.9.2", "34227501abe92dba10d9c3495ab6770e75e79b836d114c41108a4bf2ce200ad5", [:mix], [{:db_connection, "~> 2.4.1 or ~> 2.5", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9.2", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.6.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.16.0 or ~> 1.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.1 or ~> 2.2", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "1eb5eeb4358fdbcd42eac11c1fbd87e3affd7904e639d77903c1358b2abd3f70"},
   "elasticsearch": {:git, "https://akkoma.dev/AkkomaGang/elasticsearch-elixir.git", "6cd946f75f6ab9042521a009d1d32d29a90113ca", [ref: "main"]},
   "elixir_make": {:hex, :elixir_make, "0.6.3", "bc07d53221216838d79e03a8019d0839786703129599e9619f4ab74c8c096eac", [:mix], [], "hexpm", "f5cbd651c5678bcaabdbb7857658ee106b12509cd976c2c2fca99688e1daf716"},
@@ -38,7 +38,7 @@
   "ex_aws": {:hex, :ex_aws, "2.1.9", "dc4865ecc20a05190a34a0ac5213e3e5e2b0a75a0c2835e923ae7bfeac5e3c31", [:mix], [{:configparser_ex, "~> 4.0", [hex: :configparser_ex, repo: "hexpm", optional: true]}, {:hackney, "~> 1.9", [hex: :hackney, repo: "hexpm", optional: true]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: true]}, {:jsx, "~> 3.0", [hex: :jsx, repo: "hexpm", optional: true]}, {:sweet_xml, "~> 0.6", [hex: :sweet_xml, repo: "hexpm", optional: true]}], "hexpm", "3e6c776703c9076001fbe1f7c049535f042cb2afa0d2cbd3b47cbc4e92ac0d10"},
   "ex_aws_s3": {:hex, :ex_aws_s3, "2.4.0", "ce8decb6b523381812798396bc0e3aaa62282e1b40520125d1f4eff4abdff0f4", [:mix], [{:ex_aws, "~> 2.0", [hex: :ex_aws, repo: "hexpm", optional: false]}, {:sweet_xml, ">= 0.0.0", [hex: :sweet_xml, repo: "hexpm", optional: true]}], "hexpm", "85dda6e27754d94582869d39cba3241d9ea60b6aa4167f9c88e309dc687e56bb"},
   "ex_const": {:hex, :ex_const, "0.2.4", "d06e540c9d834865b012a17407761455efa71d0ce91e5831e86881b9c9d82448", [:mix], [], "hexpm", "96fd346610cc992b8f896ed26a98be82ac4efb065a0578f334a32d60a3ba9767"},
-  "ex_doc": {:hex, :ex_doc, "0.29.2", "dfa97532ba66910b2a3016a4bbd796f41a86fc71dd5227e96f4c8581fdf0fdf0", [:mix], [{:earmark_parser, "~> 1.4.19", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.14", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1", [hex: :makeup_erlang, repo: "hexpm", optional: false]}], "hexpm", "6b5d7139eda18a753e3250e27e4a929f8d2c880dd0d460cb9986305dea3e03af"},
+  "ex_doc": {:hex, :ex_doc, "0.29.4", "6257ecbb20c7396b1fe5accd55b7b0d23f44b6aa18017b415cb4c2b91d997729", [:mix], [{:earmark_parser, "~> 1.4.31", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.14", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1", [hex: :makeup_erlang, repo: "hexpm", optional: false]}], "hexpm", "2c6699a737ae46cb61e4ed012af931b57b699643b24dabe2400a8168414bc4f5"},
   "ex_machina": {:hex, :ex_machina, "2.7.0", "b792cc3127fd0680fecdb6299235b4727a4944a09ff0fa904cc639272cd92dc7", [:mix], [{:ecto, "~> 2.2 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:ecto_sql, "~> 3.0", [hex: :ecto_sql, repo: "hexpm", optional: true]}], "hexpm", "419aa7a39bde11894c87a615c4ecaa52d8f107bbdd81d810465186f783245bf8"},
   "ex_syslogger": {:hex, :ex_syslogger, "1.5.2", "72b6aa2d47a236e999171f2e1ec18698740f40af0bd02c8c650bf5f1fd1bac79", [:mix], [{:poison, ">= 1.5.0", [hex: :poison, repo: "hexpm", optional: true]}, {:syslog, "~> 1.1.0", [hex: :syslog, repo: "hexpm", optional: false]}], "hexpm", "ab9fab4136dbc62651ec6f16fa4842f10cf02ab4433fa3d0976c01be99398399"},
   "excoveralls": {:hex, :excoveralls, "0.15.1", "83c8cf7973dd9d1d853dce37a2fb98aaf29b564bf7d01866e409abf59dac2c0e", [:mix], [{:hackney, "~> 1.16", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "f8416bd90c0082d56a2178cf46c837595a06575f70a5624f164a1ffe37de07e7"},
@@ -65,7 +65,7 @@
   "mail": {:hex, :mail, "0.2.3", "2c6bb5f8a5f74845fa50ecd0fb45ea16b164026f285f45104f1c4c078cd616d4", [:mix], [], "hexpm", "932b398fa9c69fdf290d7ff63175826e0f1e24414d5b0763bb00a2acfc6c6bf5"},
   "majic": {:hex, :majic, "1.0.0", "37e50648db5f5c2ff0c9fb46454d034d11596c03683807b9fb3850676ffdaab3", [:make, :mix], [{:elixir_make, "~> 0.6.1", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.2", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "7905858f76650d49695f14ea55cd9aaaee0c6654fa391671d4cf305c275a0a9e"},
   "makeup": {:hex, :makeup, "1.1.0", "6b67c8bc2882a6b6a445859952a602afc1a41c2e08379ca057c0f525366fc3ca", [:mix], [{:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "0a45ed501f4a8897f580eabf99a2e5234ea3e75a4373c8a52824f6e873be57a6"},
-  "makeup_elixir": {:hex, :makeup_elixir, "0.16.0", "f8c570a0d33f8039513fbccaf7108c5d750f47d8defd44088371191b76492b0b", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}, {:nimble_parsec, "~> 1.2.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "28b2cbdc13960a46ae9a8858c4bebdec3c9a6d7b4b9e7f4ed1502f8159f338e7"},
+  "makeup_elixir": {:hex, :makeup_elixir, "0.16.1", "cc9e3ca312f1cfeccc572b37a09980287e243648108384b97ff2b76e505c3555", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}, {:nimble_parsec, "~> 1.2.3 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "e127a341ad1b209bd80f7bd1620a15693a9908ed780c3b763bccf7d200c767c6"},
   "makeup_erlang": {:hex, :makeup_erlang, "0.1.1", "3fcb7f09eb9d98dc4d208f49cc955a34218fc41ff6b84df7c75b3e6e533cc65f", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "174d0809e98a4ef0b3309256cbf97101c6ec01c4ab0b23e926a9e17df2077cbb"},
   "meck": {:hex, :meck, "0.9.2", "85ccbab053f1db86c7ca240e9fc718170ee5bda03810a6292b5306bf31bae5f5", [:rebar3], [], "hexpm", "81344f561357dc40a8344afa53767c32669153355b626ea9fcbc8da6b3045826"},
   "metrics": {:hex, :metrics, "1.0.1", "25f094dea2cda98213cecc3aeff09e940299d950904393b2a29d191c346a8486", [:rebar3], [], "hexpm", "69b09adddc4f74a40716ae54d140f93beb0fb8978d8636eaded0c31b6f099f16"},
@@ -77,23 +77,23 @@
   "mogrify": {:hex, :mogrify, "0.9.2", "b360984adea7dd6a55f18028e6327973c58de7f548fdb86c9859848aa904d5b0", [:mix], [], "hexpm", "c18d10fd70ca20e2585301616c89f6e4f7159d92efc9cc8ee579e00c886f699d"},
   "mox": {:hex, :mox, "1.0.2", "dc2057289ac478b35760ba74165b4b3f402f68803dd5aecd3bfd19c183815d64", [:mix], [], "hexpm", "f9864921b3aaf763c8741b5b8e6f908f44566f1e427b2630e89e9a73b981fef2"},
   "nimble_options": {:hex, :nimble_options, "0.5.2", "42703307b924880f8c08d97719da7472673391905f528259915782bb346e0a1b", [:mix], [], "hexpm", "4da7f904b915fd71db549bcdc25f8d56f378ef7ae07dc1d372cbe72ba950dce0"},
-  "nimble_parsec": {:hex, :nimble_parsec, "1.2.3", "244836e6e3f1200c7f30cb56733fd808744eca61fd182f731eac4af635cc6d0b", [:mix], [], "hexpm", "c8d789e39b9131acf7b99291e93dae60ab48ef14a7ee9d58c6964f59efb570b0"},
+  "nimble_parsec": {:hex, :nimble_parsec, "1.3.1", "2c54013ecf170e249e9291ed0a62e5832f70a476c61da16f6aac6dca0189f2af", [:mix], [], "hexpm", "2682e3c0b2eb58d90c6375fc0cc30bc7be06f365bf72608804fb9cffa5e1b167"},
   "nimble_pool": {:hex, :nimble_pool, "0.2.6", "91f2f4c357da4c4a0a548286c84a3a28004f68f05609b4534526871a22053cde", [:mix], [], "hexpm", "1c715055095d3f2705c4e236c18b618420a35490da94149ff8b580a2144f653f"},
   "oban": {:hex, :oban, "2.12.1", "f604d7e6a8be9fda4a9b0f6cebbd633deba569f85dbff70c4d25d99a6f023177", [:mix], [{:ecto_sql, "~> 3.6", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.16", [hex: :postgrex, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "9b1844c2b74e0d788b73e5144b0c9d5674cb775eae29d88a36f3c3b48d42d058"},
-  "open_api_spex": {:hex, :open_api_spex, "3.16.1", "8137c338129d63060b4b04947c6c57429f86267045c479c703a38a6d3f98dee1", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:poison, "~> 3.0 or ~> 4.0 or ~> 5.0", [hex: :poison, repo: "hexpm", optional: true]}, {:ymlr, "~> 2.0 or ~> 3.0", [hex: :ymlr, repo: "hexpm", optional: true]}], "hexpm", "ef6fd778ac121af866b48b75ad4ad256b6ff33949113ea4aa1629af8bfdfdbfb"},
+  "open_api_spex": {:hex, :open_api_spex, "3.16.3", "11bc9798890073e516a97392d5846a235925e48ecbb468cb5b1cc207d5785a3e", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:poison, "~> 3.0 or ~> 4.0 or ~> 5.0", [hex: :poison, repo: "hexpm", optional: true]}, {:ymlr, "~> 2.0 or ~> 3.0", [hex: :ymlr, repo: "hexpm", optional: true]}], "hexpm", "1bcbe6efab88f5d001c2fc377e0bd6058180aa31b68d32962d4926e934b8ecad"},
   "parse_trans": {:hex, :parse_trans, "3.3.1", "16328ab840cc09919bd10dab29e431da3af9e9e7e7e6f0089dd5a2d2820011d8", [:rebar3], [], "hexpm", "07cd9577885f56362d414e8c4c4e6bdf10d43a8767abb92d24cbe8b24c54888b"},
   "phoenix": {:hex, :phoenix, "1.6.16", "e5bdd18c7a06da5852a25c7befb72246de4ddc289182285f8685a40b7b5f5451", [:mix], [{:castore, ">= 0.0.0", [hex: :castore, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 2.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:phoenix_view, "~> 1.0 or ~> 2.0", [hex: :phoenix_view, repo: "hexpm", optional: false]}, {:plug, "~> 1.10", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 2.2", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:plug_crypto, "~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e15989ff34f670a96b95ef6d1d25bad0d9c50df5df40b671d8f4a669e050ac39"},
   "phoenix_ecto": {:hex, :phoenix_ecto, "4.4.0", "0672ed4e4808b3fbed494dded89958e22fb882de47a97634c0b13e7b0b5f7720", [:mix], [{:ecto, "~> 3.3", [hex: :ecto, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.14.2 or ~> 3.0", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:plug, "~> 1.9", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "09864e558ed31ee00bd48fcc1d4fc58ae9678c9e81649075431e69dbabb43cc1"},
   "phoenix_html": {:hex, :phoenix_html, "3.3.1", "4788757e804a30baac6b3fc9695bf5562465dd3f1da8eb8460ad5b404d9a2178", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "bed1906edd4906a15fd7b412b85b05e521e1f67c9a85418c55999277e553d0d3"},
   "phoenix_live_dashboard": {:hex, :phoenix_live_dashboard, "0.7.2", "97cc4ff2dba1ebe504db72cb45098cb8e91f11160528b980bd282cc45c73b29c", [:mix], [{:ecto, "~> 3.6.2 or ~> 3.7", [hex: :ecto, repo: "hexpm", optional: true]}, {:ecto_mysql_extras, "~> 0.5", [hex: :ecto_mysql_extras, repo: "hexpm", optional: true]}, {:ecto_psql_extras, "~> 0.7", [hex: :ecto_psql_extras, repo: "hexpm", optional: true]}, {:mime, "~> 1.6 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:phoenix_live_view, "~> 0.18.3", [hex: :phoenix_live_view, repo: "hexpm", optional: false]}, {:telemetry_metrics, "~> 0.6 or ~> 1.0", [hex: :telemetry_metrics, repo: "hexpm", optional: false]}], "hexpm", "0e5fdf063c7a3b620c566a30fcf68b7ee02e5e46fe48ee46a6ec3ba382dc05b7"},
-  "phoenix_live_view": {:hex, :phoenix_live_view, "0.18.17", "74938b02f3c531bed3f87fe1ea39af6b5b2d26ab1405e77e76b8ef5df9ffa8a1", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix, "~> 1.6.15 or ~> 1.7.0", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 3.3", [hex: :phoenix_html, repo: "hexpm", optional: false]}, {:phoenix_template, "~> 1.0", [hex: :phoenix_template, repo: "hexpm", optional: false]}, {:phoenix_view, "~> 2.0", [hex: :phoenix_view, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.2 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "f4b5710e19a29b8dc93b7af4bab4739c067a3cb759af01ffc3057165453dce38"},
+  "phoenix_live_view": {:hex, :phoenix_live_view, "0.18.18", "1f38fbd7c363723f19aad1a04b5490ff3a178e37daaf6999594d5f34796c47fc", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix, "~> 1.6.15 or ~> 1.7.0", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 3.3", [hex: :phoenix_html, repo: "hexpm", optional: false]}, {:phoenix_template, "~> 1.0", [hex: :phoenix_template, repo: "hexpm", optional: false]}, {:phoenix_view, "~> 2.0", [hex: :phoenix_view, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.2 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "a5810d0472f3189ede6d2a95bda7f31c6113156b91784a3426cb0ab6a6d85214"},
   "phoenix_pubsub": {:hex, :phoenix_pubsub, "2.1.1", "ba04e489ef03763bf28a17eb2eaddc2c20c6d217e2150a61e3298b0f4c2012b5", [:mix], [], "hexpm", "81367c6d1eea5878ad726be80808eb5a787a23dee699f96e72b1109c57cdd8d9"},
   "phoenix_swoosh": {:hex, :phoenix_swoosh, "0.3.4", "615f8f393135de7e0cbb4bd00ba238b1e0cd324b0d90efbaee613c2f02ca5e5c", [:mix], [{:hackney, "~> 1.9", [hex: :hackney, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.4", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.14 or ~> 3.0", [hex: :phoenix_html, repo: "hexpm", optional: false]}, {:swoosh, "~> 1.0", [hex: :swoosh, repo: "hexpm", optional: false]}], "hexpm", "3971221846232021ab5e3c7489fd62ec5bfd6a2e01cae10a317ccf6fb350571c"},
   "phoenix_template": {:hex, :phoenix_template, "1.0.1", "85f79e3ad1b0180abb43f9725973e3b8c2c3354a87245f91431eec60553ed3ef", [:mix], [{:phoenix_html, "~> 2.14.2 or ~> 3.0", [hex: :phoenix_html, repo: "hexpm", optional: true]}], "hexpm", "157dc078f6226334c91cb32c1865bf3911686f8bcd6bcff86736f6253e6993ee"},
   "phoenix_view": {:hex, :phoenix_view, "2.0.2", "6bd4d2fd595ef80d33b439ede6a19326b78f0f1d8d62b9a318e3d9c1af351098", [:mix], [{:phoenix_html, "~> 2.14.2 or ~> 3.0", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:phoenix_template, "~> 1.0", [hex: :phoenix_template, repo: "hexpm", optional: false]}], "hexpm", "a929e7230ea5c7ee0e149ffcf44ce7cf7f4b6d2bfe1752dd7c084cdff152d36f"},
-  "plug": {:hex, :plug, "1.14.0", "ba4f558468f69cbd9f6b356d25443d0b796fbdc887e03fa89001384a9cac638f", [:mix], [{:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4.3 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "bf020432c7d4feb7b3af16a0c2701455cbbbb95e5b6866132cb09eb0c29adc14"},
-  "plug_cowboy": {:hex, :plug_cowboy, "2.6.0", "d1cf12ff96a1ca4f52207c5271a6c351a4733f413803488d75b70ccf44aebec2", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:cowboy_telemetry, "~> 0.3", [hex: :cowboy_telemetry, repo: "hexpm", optional: false]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "073cf20b753ce6682ed72905cd62a2d4bd9bad1bf9f7feb02a1b8e525bd94fa6"},
-  "plug_crypto": {:hex, :plug_crypto, "1.2.4", "34c380ef387cc7e8d537854ddd4b7096c79a4397d53587cb80419c782b03fdbc", [:mix], [], "hexpm", "4de415f03faec94d9da9be8c12cb51e9c98cbf66d732b6df669d4562d8e91acc"},
+  "plug": {:hex, :plug, "1.14.2", "cff7d4ec45b4ae176a227acd94a7ab536d9b37b942c8e8fa6dfc0fff98ff4d80", [:mix], [{:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4.3 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "842fc50187e13cf4ac3b253d47d9474ed6c296a8732752835ce4a86acdf68d13"},
+  "plug_cowboy": {:hex, :plug_cowboy, "2.6.1", "9a3bbfceeb65eff5f39dab529e5cd79137ac36e913c02067dba3963a26efe9b2", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:cowboy_telemetry, "~> 0.3", [hex: :cowboy_telemetry, repo: "hexpm", optional: false]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "de36e1a21f451a18b790f37765db198075c25875c64834bcc82d90b309eb6613"},
+  "plug_crypto": {:hex, :plug_crypto, "1.2.5", "918772575e48e81e455818229bf719d4ab4181fcbf7f85b68a35620f78d89ced", [:mix], [], "hexpm", "26549a1d6345e2172eb1c233866756ae44a9609bd33ee6f99147ab3fd87fd842"},
   "plug_static_index_html": {:hex, :plug_static_index_html, "1.0.0", "840123d4d3975585133485ea86af73cb2600afd7f2a976f9f5fd8b3808e636a0", [:mix], [{:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "79fd4fcf34d110605c26560cbae8f23c603ec4158c08298bd4360fdea90bb5cf"},
   "poison": {:hex, :poison, "5.0.0", "d2b54589ab4157bbb82ec2050757779bfed724463a544b6e20d79855a9e43b24", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "11dc6117c501b80c62a7594f941d043982a1bd05a1184280c0d9166eb4d8d3fc"},
   "poolboy": {:hex, :poolboy, "1.5.2", "392b007a1693a64540cead79830443abf5762f5d30cf50bc95cb2c1aaafa006b", [:rebar3], [], "hexpm", "dad79704ce5440f3d5a3681c8590b9dc25d1a561e8f5a9c995281012860901e3"},
@@ -107,7 +107,7 @@
   "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
   "statistex": {:hex, :statistex, "1.0.0", "f3dc93f3c0c6c92e5f291704cf62b99b553253d7969e9a5fa713e5481cd858a5", [:mix], [], "hexpm", "ff9d8bee7035028ab4742ff52fc80a2aa35cece833cf5319009b52f1b5a86c27"},
   "sweet_xml": {:hex, :sweet_xml, "0.7.3", "debb256781c75ff6a8c5cbf7981146312b66f044a2898f453709a53e5031b45b", [:mix], [], "hexpm", "e110c867a1b3fe74bfc7dd9893aa851f0eed5518d0d7cad76d7baafd30e4f5ba"},
-  "swoosh": {:hex, :swoosh, "1.9.1", "0a5d7bf9954eb41d7e55525bc0940379982b090abbaef67cd8e1fd2ed7f8ca1a", [:mix], [{:cowboy, "~> 1.1 or ~> 2.4", [hex: :cowboy, repo: "hexpm", optional: true]}, {:ex_aws, "~> 2.1", [hex: :ex_aws, repo: "hexpm", optional: true]}, {:finch, "~> 0.6", [hex: :finch, repo: "hexpm", optional: true]}, {:gen_smtp, "~> 0.13 or ~> 1.0", [hex: :gen_smtp, repo: "hexpm", optional: true]}, {:hackney, "~> 1.9", [hex: :hackney, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:mail, "~> 0.2", [hex: :mail, repo: "hexpm", optional: true]}, {:mime, "~> 1.1 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_cowboy, ">= 1.0.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.2 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "76dffff3ffcab80f249d5937a592eaef7cc49ac6f4cdd27e622868326ed6371e"},
+  "swoosh": {:hex, :swoosh, "1.10.2", "77acdc1261de404b893e24224d47459d1b42deb02577c7b31514e0a720f949d6", [:mix], [{:cowboy, "~> 1.1 or ~> 2.4", [hex: :cowboy, repo: "hexpm", optional: true]}, {:ex_aws, "~> 2.1", [hex: :ex_aws, repo: "hexpm", optional: true]}, {:finch, "~> 0.6", [hex: :finch, repo: "hexpm", optional: true]}, {:gen_smtp, "~> 0.13 or ~> 1.0", [hex: :gen_smtp, repo: "hexpm", optional: true]}, {:hackney, "~> 1.9", [hex: :hackney, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:mail, "~> 0.2", [hex: :mail, repo: "hexpm", optional: true]}, {:mime, "~> 1.1 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_cowboy, ">= 1.0.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.2 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "1736faf374ed49c6091845cdfd5b3a68c88c5f2bfd989447d12bffafc0dda03a"},
   "syslog": {:hex, :syslog, "1.1.0", "6419a232bea84f07b56dc575225007ffe34d9fdc91abe6f1b2f254fd71d8efc2", [:rebar3], [], "hexpm", "4c6a41373c7e20587be33ef841d3de6f3beba08519809329ecc4d27b15b659e1"},
   "table_rex": {:hex, :table_rex, "3.1.1", "0c67164d1714b5e806d5067c1e96ff098ba7ae79413cc075973e17c38a587caa", [:mix], [], "hexpm", "678a23aba4d670419c23c17790f9dcd635a4a89022040df7d5d772cb21012490"},
   "telemetry": {:hex, :telemetry, "0.4.3", "a06428a514bdbc63293cd9a6263aad00ddeb66f608163bdec7c8995784080818", [:rebar3], [], "hexpm", "eb72b8365ffda5bed68a620d1da88525e326cb82a75ee61354fc24b844768041"},
@@ -117,7 +117,7 @@
   "telemetry_poller": {:hex, :telemetry_poller, "0.5.1", "21071cc2e536810bac5628b935521ff3e28f0303e770951158c73eaaa01e962a", [:rebar3], [{:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "4cab72069210bc6e7a080cec9afffad1b33370149ed5d379b81c7c5f0c663fd4"},
   "temple": {:git, "https://akkoma.dev/AkkomaGang/temple.git", "066a699ade472d8fa42a9d730b29a61af9bc8b59", [ref: "066a699ade472d8fa42a9d730b29a61af9bc8b59"]},
   "tesla": {:hex, :tesla, "1.4.4", "bb89aa0c9745190930366f6a2ac612cdf2d0e4d7fff449861baa7875afd797b2", [:mix], [{:castore, "~> 0.1", [hex: :castore, repo: "hexpm", optional: true]}, {:exjsx, ">= 3.0.0", [hex: :exjsx, repo: "hexpm", optional: true]}, {:finch, "~> 0.3", [hex: :finch, repo: "hexpm", optional: true]}, {:fuse, "~> 2.4", [hex: :fuse, repo: "hexpm", optional: true]}, {:gun, "~> 1.3", [hex: :gun, repo: "hexpm", optional: true]}, {:hackney, "~> 1.6", [hex: :hackney, repo: "hexpm", optional: true]}, {:ibrowse, "4.4.0", [hex: :ibrowse, repo: "hexpm", optional: true]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: true]}, {:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:poison, ">= 1.0.0", [hex: :poison, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: true]}], "hexpm", "d5503a49f9dec1b287567ea8712d085947e247cb11b06bc54adb05bfde466457"},
-  "timex": {:hex, :timex, "3.7.9", "790cdfc4acfce434e442f98c02ea6d84d0239073bfd668968f82ac63e9a6788d", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.10", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 1.1", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm", "64691582e5bb87130f721fc709acfb70f24405833998fabf35be968984860ce1"},
+  "timex": {:hex, :timex, "3.7.11", "bb95cb4eb1d06e27346325de506bcc6c30f9c6dea40d1ebe390b262fad1862d1", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.20", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 1.1", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm", "8b9024f7efbabaf9bd7aa04f65cf8dcd7c9818ca5737677c7b76acbc6a94d1aa"},
   "trailing_format_plug": {:hex, :trailing_format_plug, "0.0.7", "64b877f912cf7273bed03379936df39894149e35137ac9509117e59866e10e45", [:mix], [{:plug, "> 0.12.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bd4fde4c15f3e993a999e019d64347489b91b7a9096af68b2bdadd192afa693f"},
   "tzdata": {:hex, :tzdata, "1.1.1", "20c8043476dfda8504952d00adac41c6eda23912278add38edc140ae0c5bcc46", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "a69cec8352eafcd2e198dea28a34113b60fdc6cb57eb5ad65c10292a6ba89787"},
   "ueberauth": {:hex, :ueberauth, "0.10.5", "806adb703df87e55b5615cf365e809f84c20c68aa8c08ff8a416a5a6644c4b02", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "3efd1f31d490a125c7ed453b926f7c31d78b97b8a854c755f5c40064bf3ac9e1"},

priv/repo/migrations/20230522213837_add_unfollowed_dm_restrictions.exs

@@ -0,0 +1,9 @@
+defmodule Pleroma.Repo.Migrations.AddUnfollowedDmRestrictions do
+  use Ecto.Migration
+
+  def change do
+    alter table(:users) do
+      add(:accepts_direct_messages_from, :string, default: "everybody")
+    end
+  end
+end

priv/static/static-fe/forms.css

@@ -14,13 +14,13 @@ input {
     padding: 10px;
     margin-top: 5px;
     margin-bottom: 10px;
-    background-color: var(--background-color);
-    color: var(--primary-text-color);
+    background-color: transparent;
+    color: inherit;
     border: 0;
     transition-property: border-bottom;
     transition-duration: 0.35s;
-    border-bottom: 2px solid #2a384a;
-    font-size: 14px;
+    border-bottom: 2px solid var(--faint);
+    font: inherit;
     width: inherit;
     box-sizing: border-box;
 }
@@ -91,26 +91,22 @@ input {
 a.button,
 button {
     width: 100%;
-    background-color: #1c2a3a;
-    color: var(--primary-text-color);
+    background-color: var(--btn);
+    color: var(--btnText);
     border-radius: 4px;
     border: none;
     padding: 10px 16px;
     margin-top: 20px;
     margin-bottom: 20px;
     text-transform: uppercase;
-    font-size: 16px;
-    box-shadow: 0px 0px 2px 0px black,
-        0px 1px 0px 0px rgba(255, 255, 255, 0.2) inset,
-        0px -1px 0px 0px rgba(0, 0, 0, 0.2) inset;
+    box-shadow: var(--btnShadow);
+    font: inherit;
 }
 
 a.button:hover,
 button:hover {
     cursor: pointer;
-    box-shadow: 0px 0px 0px 1px var(--brand-color),
-        0px 1px 0px 0px rgba(255, 255, 255, 0.2) inset,
-        0px -1px 0px 0px rgba(0, 0, 0, 0.2) inset;
+    box-shadow: var(--btnHoverShadow);
 }
 
 .actions {
@@ -155,4 +151,21 @@ button:hover {
 .account-header__nickname {
     font-size: 14px;
     color: var(--muted-text-color);
-}
+}
+
+.oauth {
+    /* Remote interaction /main/ostatus has such hierarchy, and its header and
+     * content do not pad themselves:
+     *   (.panel.oauth (h2)
+     *                 (form (input)
+     *                       (button))) */
+    padding: 1px 1em;
+}
+
+.oauth .container__content {
+    /* Frontend selection /oauth/authorize needs an inverse because its heading
+     * and content have their own background and padding:
+     *   (.panel.oauth (form (.container__content (.panel-heading)
+     *                                            (.panel-content)))) */
+    margin: -1px -1em;
+}

test/mix/tasks/pleroma/database_test.exs

@@ -7,6 +7,7 @@ defmodule Mix.Tasks.Pleroma.DatabaseTest do
   use Oban.Testing, repo: Pleroma.Repo
 
   alias Pleroma.Activity
+  alias Pleroma.Bookmark
   alias Pleroma.Object
   alias Pleroma.Repo
   alias Pleroma.User
@@ -45,21 +46,25 @@ defmodule Mix.Tasks.Pleroma.DatabaseTest do
   end
 
   describe "prune_objects" do
-    test "it prunes old objects from the database" do
+    setup do
       deadline = Pleroma.Config.get([:instance, :remote_post_retention_days]) + 1
 
-      date =
+      old_insert_date =
         Timex.now()
         |> Timex.shift(days: -deadline)
         |> Timex.to_naive_datetime()
         |> NaiveDateTime.truncate(:second)
 
+      %{old_insert_date: old_insert_date}
+    end
+
+    test "it prunes old objects from the database", %{old_insert_date: old_insert_date} do
       insert(:note)
 
       %{id: note_remote_public_id} =
         :note
         |> insert()
-        |> Ecto.Changeset.change(%{updated_at: date})
+        |> Ecto.Changeset.change(%{updated_at: old_insert_date})
         |> Repo.update!()
 
       note_remote_non_public =
@@ -69,7 +74,7 @@ defmodule Mix.Tasks.Pleroma.DatabaseTest do
 
       note_remote_non_public
       |> Ecto.Changeset.change(%{
-        updated_at: date,
+        updated_at: old_insert_date,
         data: note_remote_non_public_data |> update_in(["to"], fn _ -> [] end)
       })
       |> Repo.update!()
@@ -83,21 +88,37 @@ defmodule Mix.Tasks.Pleroma.DatabaseTest do
       refute Object.get_by_id(note_remote_non_public_id)
     end
 
-    test "with the --keep-non-public option it still keeps non-public posts even if they are not local" do
-      deadline = Pleroma.Config.get([:instance, :remote_post_retention_days]) + 1
+    test "it cleans up bookmarks", %{old_insert_date: old_insert_date} do
+      user = insert(:user)
+      {:ok, old_object_activity} = CommonAPI.post(user, %{status: "yadayada"})
 
-      date =
-        Timex.now()
-        |> Timex.shift(days: -deadline)
-        |> Timex.to_naive_datetime()
-        |> NaiveDateTime.truncate(:second)
+      Repo.one(Object)
+      |> Ecto.Changeset.change(%{updated_at: old_insert_date})
+      |> Repo.update!()
 
+      {:ok, new_object_activity} = CommonAPI.post(user, %{status: "yadayada"})
+
+      {:ok, _} = Bookmark.create(user.id, old_object_activity.id)
+      {:ok, _} = Bookmark.create(user.id, new_object_activity.id)
+
+      assert length(Repo.all(Object)) == 2
+      assert length(Repo.all(Bookmark)) == 2
+
+      Mix.Tasks.Pleroma.Database.run(["prune_objects"])
+
+      assert length(Repo.all(Object)) == 1
+      assert length(Repo.all(Bookmark)) == 1
+      refute Bookmark.get(user.id, old_object_activity.id)
+    end
+
+    test "with the --keep-non-public option it still keeps non-public posts even if they are not local",
+         %{old_insert_date: old_insert_date} do
       insert(:note)
 
       %{id: note_remote_id} =
         :note
         |> insert()
-        |> Ecto.Changeset.change(%{updated_at: date})
+        |> Ecto.Changeset.change(%{updated_at: old_insert_date})
         |> Repo.update!()
 
       note_remote_non_public =
@@ -107,7 +128,7 @@ defmodule Mix.Tasks.Pleroma.DatabaseTest do
 
       note_remote_non_public
       |> Ecto.Changeset.change(%{
-        updated_at: date,
+        updated_at: old_insert_date,
         data: note_remote_non_public_data |> update_in(["to"], fn _ -> [] end)
       })
       |> Repo.update!()
@@ -120,16 +141,10 @@ defmodule Mix.Tasks.Pleroma.DatabaseTest do
       refute Object.get_by_id(note_remote_id)
     end
 
-    test "with the --keep-threads and --keep-non-public option it keeps old threads with non-public replies even if the interaction is not local" do
+    test "with the --keep-threads and --keep-non-public option it keeps old threads with non-public replies even if the interaction is not local",
+         %{old_insert_date: old_insert_date} do
       # For non-public we only check Create Activities because only these are relevant for threads
       # Flags are always non-public, Announces from relays can be non-public...
-      deadline = Pleroma.Config.get([:instance, :remote_post_retention_days]) + 1
-
-      old_insert_date =
-        Timex.now()
-        |> Timex.shift(days: -deadline)
-        |> Timex.to_naive_datetime()
-        |> NaiveDateTime.truncate(:second)
 
       remote_user1 = insert(:user, local: false)
       remote_user2 = insert(:user, local: false)
@@ -212,15 +227,9 @@ defmodule Mix.Tasks.Pleroma.DatabaseTest do
       assert length(Repo.all(Object)) == 2
     end
 
-    test "with the --keep-threads option it deletes old threads with no local interaction" do
-      deadline = Pleroma.Config.get([:instance, :remote_post_retention_days]) + 1
-
-      old_insert_date =
-        Timex.now()
-        |> Timex.shift(days: -deadline)
-        |> Timex.to_naive_datetime()
-        |> NaiveDateTime.truncate(:second)
-
+    test "with the --keep-threads option it deletes old threads with no local interaction", %{
+      old_insert_date: old_insert_date
+    } do
       remote_user = insert(:user, local: false)
       remote_user2 = insert(:user, local: false)
 
@@ -261,15 +270,9 @@ defmodule Mix.Tasks.Pleroma.DatabaseTest do
       assert length(Repo.all(Object)) == 0
     end
 
-    test "with the --keep-threads option it keeps old threads with local interaction" do
-      deadline = Pleroma.Config.get([:instance, :remote_post_retention_days]) + 1
-
-      old_insert_date =
-        Timex.now()
-        |> Timex.shift(days: -deadline)
-        |> Timex.to_naive_datetime()
-        |> NaiveDateTime.truncate(:second)
-
+    test "with the --keep-threads option it keeps old threads with local interaction", %{
+      old_insert_date: old_insert_date
+    } do
       remote_user = insert(:user, local: false)
       local_user = insert(:user, local: true)
 
@@ -326,15 +329,9 @@ defmodule Mix.Tasks.Pleroma.DatabaseTest do
       assert length(Repo.all(Object)) == 4
     end
 
-    test "with the --keep-threads option it keeps old threads with bookmarked posts" do
-      deadline = Pleroma.Config.get([:instance, :remote_post_retention_days]) + 1
-
-      old_insert_date =
-        Timex.now()
-        |> Timex.shift(days: -deadline)
-        |> Timex.to_naive_datetime()
-        |> NaiveDateTime.truncate(:second)
-
+    test "with the --keep-threads option it keeps old threads with bookmarked posts", %{
+      old_insert_date: old_insert_date
+    } do
       remote_user = insert(:user, local: false)
       local_user = insert(:user, local: true)
 

test/pleroma/signature_test.exs

@@ -114,6 +114,11 @@ defmodule Pleroma.SignatureTest do
                {:ok, "https://example.com/users/1234"}
     end
 
+    test "it deduces the actor ID for streams" do
+      assert Signature.key_id_to_actor_id("https://example.com/users/1234?operation=getkey") ==
+               {:ok, "https://example.com/users/1234"}
+    end
+
     test "it calls webfinger for 'acct:' accounts" do
       with_mock(Pleroma.Web.WebFinger,
         finger: fn _ -> {:ok, %{"ap_id" => "https://gensokyo.2hu/users/raymoo"}} end

test/pleroma/translators/libre_translate_test.exs

@@ -133,5 +133,20 @@ defmodule Pleroma.Akkoma.Translators.LibreTranslateTest do
       assert {:error, "libre_translate: request failed (code 400)"} =
                LibreTranslate.translate("ギュギュ握りつぶしちゃうぞ", nil, "zoop")
     end
+
+    test "should work when no detected language is received" do
+      Tesla.Mock.mock(fn
+        %{method: :post, url: "http://libre.translate/translate"} ->
+          %Tesla.Env{
+            status: 200,
+            body:
+              Jason.encode!(%{
+                translatedText: "I will crush you"
+              })
+          }
+      end)
+
+      assert {:ok, "", "I will crush you"} = LibreTranslate.translate("ギュギュ握りつぶしちゃうぞ", nil, "en")
+    end
   end
 end

test/pleroma/upload_test.exs

@@ -54,7 +54,7 @@ defmodule Pleroma.UploadTest do
       assert result ==
                %{
                  "id" => result["id"],
-                 "name" => "image.jpg",
+                 "name" => "",
                  "type" => "Document",
                  "mediaType" => "image/jpeg",
                  "url" => [
@@ -154,19 +154,6 @@ defmodule Pleroma.UploadTest do
                  "e30397b58d226d6583ab5b8b3c5defb0c682bda5c31ef07a9f57c1c4986e3781.jpg"
     end
 
-    test "copies the file to the configured folder without deduping" do
-      File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg")
-
-      file = %Plug.Upload{
-        content_type: "image/jpeg",
-        path: Path.absname("test/fixtures/image_tmp.jpg"),
-        filename: "an [image.jpg"
-      }
-
-      {:ok, data} = Upload.store(file)
-      assert data["name"] == "an [image.jpg"
-    end
-
     test "fixes incorrect content type when base64 is given" do
       params = %{
         img: "data:image/png;base64,#{Base.encode64(File.read!("test/fixtures/image.jpg"))}"
@@ -184,7 +171,7 @@ defmodule Pleroma.UploadTest do
       }
 
       {:ok, data} = Upload.store(params)
-      assert String.ends_with?(data["name"], ".jpg")
+      assert String.ends_with?(List.first(data["url"])["href"], ".jpg")
     end
 
     test "copies the file to the configured folder with anonymizing filename" do

test/pleroma/user_note_test.exs

@@ -0,0 +1,39 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.UserNoteTest do
+  alias Pleroma.UserNote
+
+  use Pleroma.DataCase, async: false
+  import Pleroma.Factory
+
+  describe "show/2" do
+    setup do
+      {:ok, users: insert_list(2, :user)}
+    end
+
+    test "if record does not exist, returns empty string", %{users: [user1, user2]} do
+      comment = UserNote.show(user1, user2)
+
+      assert comment == ""
+    end
+
+    test "if record exists with comment == nil, returns empty string", %{users: [user1, user2]} do
+      UserNote.create(user1, user2, nil)
+
+      comment = UserNote.show(user1, user2)
+
+      assert comment == ""
+    end
+
+    test "if record exists with non-nil comment, returns comment", %{users: [user1, user2]} do
+      expected_comment = "hello"
+      UserNote.create(user1, user2, expected_comment)
+
+      comment = UserNote.show(user1, user2)
+
+      assert comment == expected_comment
+    end
+  end
+end

test/pleroma/user_test.exs

@@ -2509,6 +2509,16 @@ defmodule Pleroma.UserTest do
     assert User.avatar_url(user, no_default: true) == nil
   end
 
+  test "avatar object with nil in href" do
+    user = insert(:user, avatar: %{"url" => [%{"href" => nil}]})
+    assert User.avatar_url(user) != nil
+  end
+
+  test "banner object with nil in href" do
+    user = insert(:user, banner: %{"url" => [%{"href" => nil}]})
+    assert User.banner_url(user) != nil
+  end
+
   test "get_host/1" do
     user = insert(:user, ap_id: "https://lain.com/users/lain", nickname: "lain")
     assert User.get_host(user) == "lain.com"
@@ -2746,4 +2756,35 @@ defmodule Pleroma.UserTest do
       assert user.followed_hashtags |> Enum.count() == 0
     end
   end
+
+  describe "accepts_direct_messages?/2" do
+    test "should return true if the recipient follows the sender and has set accept to :people_i_follow" do
+      recipient =
+        insert(:user, %{
+          accepts_direct_messages_from: :people_i_follow
+        })
+
+      sender = insert(:user)
+
+      refute User.accepts_direct_messages?(recipient, sender)
+
+      CommonAPI.follow(recipient, sender)
+
+      assert User.accepts_direct_messages?(recipient, sender)
+    end
+
+    test "should return true if the recipient has set accept to :everyone" do
+      recipient = insert(:user, %{accepts_direct_messages_from: :everybody})
+      sender = insert(:user)
+
+      assert User.accepts_direct_messages?(recipient, sender)
+    end
+
+    test "should return false if the receipient set accept to :nobody" do
+      recipient = insert(:user, %{accepts_direct_messages_from: :nobody})
+      sender = insert(:user)
+
+      refute User.accepts_direct_messages?(recipient, sender)
+    end
+  end
 end

test/pleroma/web/activity_pub/activity_pub_controller_test.exs

@@ -662,35 +662,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert_receive {:mix_shell, :info, ["https://relay.mastodon.host/actor"]}
     end
 
-    @tag capture_log: true
-    test "without valid signature, " <>
-           "it only accepts Create activities and requires enabled federation",
-         %{conn: conn} do
-      data = File.read!("test/fixtures/mastodon-post-activity.json") |> Jason.decode!()
-      non_create_data = File.read!("test/fixtures/mastodon-announce.json") |> Jason.decode!()
-
-      conn = put_req_header(conn, "content-type", "application/activity+json")
-
-      clear_config([:instance, :federating], false)
-
-      conn
-      |> post("/inbox", data)
-      |> json_response(403)
-
-      conn
-      |> post("/inbox", non_create_data)
-      |> json_response(403)
-
-      clear_config([:instance, :federating], true)
-
-      ret_conn = post(conn, "/inbox", data)
-      assert "ok" == json_response(ret_conn, 200)
-
-      conn
-      |> post("/inbox", non_create_data)
-      |> json_response(400)
-    end
-
     test "accepts Add/Remove activities", %{conn: conn} do
       object_id = "c61d6733-e256-4fe1-ab13-1e369789423f"
 

test/pleroma/web/activity_pub/activity_pub_test.exs

@@ -1303,33 +1303,19 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
       %{test_file: test_file}
     end
 
+    test "strips / from filename", %{test_file: file} do
+      file = %Plug.Upload{file | filename: "../../../../../nested/bad.jpg"}
+      {:ok, %Object{} = object} = ActivityPub.upload(file)
+      [%{"href" => href}] = object.data["url"]
+      assert Regex.match?(~r"/bad.jpg$", href)
+      refute Regex.match?(~r"/nested/", href)
+    end
+
     test "sets a description if given", %{test_file: file} do
       {:ok, %Object{} = object} = ActivityPub.upload(file, description: "a cool file")
       assert object.data["name"] == "a cool file"
     end
 
-    test "it sets the default description depending on the configuration", %{test_file: file} do
-      clear_config([Pleroma.Upload, :default_description])
-
-      clear_config([Pleroma.Upload, :default_description], nil)
-      {:ok, %Object{} = object} = ActivityPub.upload(file)
-      assert object.data["name"] == ""
-
-      clear_config([Pleroma.Upload, :default_description], :filename)
-      {:ok, %Object{} = object} = ActivityPub.upload(file)
-      assert object.data["name"] == "an_image.jpg"
-
-      clear_config([Pleroma.Upload, :default_description], "unnamed attachment")
-      {:ok, %Object{} = object} = ActivityPub.upload(file)
-      assert object.data["name"] == "unnamed attachment"
-    end
-
-    test "copies the file to the configured folder", %{test_file: file} do
-      clear_config([Pleroma.Upload, :default_description], :filename)
-      {:ok, %Object{} = object} = ActivityPub.upload(file)
-      assert object.data["name"] == "an_image.jpg"
-    end
-
     test "works with base64 encoded images" do
       file = %{
         img: data_uri()

test/pleroma/web/activity_pub/mrf/direct_message_disabled_policy_test.exs

@@ -0,0 +1,52 @@
+defmodule Pleroma.Web.ActivityPub.MRF.DirectMessageDisabledPolicyTest do
+  use Pleroma.DataCase
+  import Pleroma.Factory
+
+  alias Pleroma.Web.ActivityPub.MRF.DirectMessageDisabledPolicy
+  alias Pleroma.User
+
+  describe "strips recipients" do
+    test "when the user denies the direct message" do
+      sender = insert(:user)
+      recipient = insert(:user, %{accepts_direct_messages_from: :nobody})
+
+      refute User.accepts_direct_messages?(recipient, sender)
+
+      message = %{
+        "actor" => sender.ap_id,
+        "to" => [recipient.ap_id],
+        "cc" => [],
+        "type" => "Create",
+        "object" => %{
+          "type" => "Note",
+          "to" => [recipient.ap_id]
+        }
+      }
+
+      assert {:ok, %{"to" => [], "object" => %{"to" => []}}} =
+               DirectMessageDisabledPolicy.filter(message)
+    end
+
+    test "when the user does not deny the direct message" do
+      sender = insert(:user)
+      recipient = insert(:user, %{accepts_direct_messages_from: :everybody})
+
+      assert User.accepts_direct_messages?(recipient, sender)
+
+      message = %{
+        "actor" => sender.ap_id,
+        "to" => [recipient.ap_id],
+        "cc" => [],
+        "type" => "Create",
+        "object" => %{
+          "type" => "Note",
+          "to" => [recipient.ap_id]
+        }
+      }
+
+      assert {:ok, message} = DirectMessageDisabledPolicy.filter(message)
+      assert message["to"] == [recipient.ap_id]
+      assert message["object"]["to"] == [recipient.ap_id]
+    end
+  end
+end

test/pleroma/web/activity_pub/mrf/reject_newly_created_account_note_policy_test.exs

@@ -0,0 +1,45 @@
+defmodule Pleroma.Web.ActivityPub.MRF.RejectNewlyCreatedAccountNotesPolicyTest do
+  use Pleroma.DataCase
+  import Pleroma.Factory
+
+  alias Pleroma.Web.ActivityPub.MRF.RejectNewlyCreatedAccountNotesPolicy
+
+  describe "reject notes from new accounts" do
+    test "rejects notes from accounts created more recently than `age`" do
+      clear_config([:mrf_reject_newly_created_account_notes, :age], 86_400)
+      sender = insert(:user, %{inserted_at: Timex.now(), local: false})
+
+      message = %{
+        "actor" => sender.ap_id,
+        "type" => "Create"
+      }
+
+      assert {:reject, _} = RejectNewlyCreatedAccountNotesPolicy.filter(message)
+    end
+
+    test "does not reject notes from accounts created longer ago" do
+      clear_config([:mrf_reject_newly_created_account_notes, :age], 86_400)
+      a_day_ago = Timex.shift(Timex.now(), days: -1)
+      sender = insert(:user, %{inserted_at: a_day_ago, local: false})
+
+      message = %{
+        "actor" => sender.ap_id,
+        "type" => "Create"
+      }
+
+      assert {:ok, _} = RejectNewlyCreatedAccountNotesPolicy.filter(message)
+    end
+
+    test "does not affect local users" do
+      clear_config([:mrf_reject_newly_created_account_notes, :age], 86_400)
+      sender = insert(:user, %{inserted_at: Timex.now(), local: true})
+
+      message = %{
+        "actor" => sender.ap_id,
+        "type" => "Create"
+      }
+
+      assert {:ok, _} = RejectNewlyCreatedAccountNotesPolicy.filter(message)
+    end
+  end
+end

test/pleroma/web/activity_pub/mrf_test.exs

@@ -102,7 +102,13 @@ defmodule Pleroma.Web.ActivityPub.MRFTest do
       clear_config([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.NoOpPolicy])
 
       expected = %{
-        mrf_policies: ["NoOpPolicy", "HashtagPolicy", "InlineQuotePolicy", "NormalizeMarkup"],
+        mrf_policies: [
+          "NoOpPolicy",
+          "HashtagPolicy",
+          "InlineQuotePolicy",
+          "NormalizeMarkup",
+          "DirectMessageDisabledPolicy"
+        ],
         mrf_hashtag: %{
           federated_timeline_removal: [],
           reject: [],
@@ -118,7 +124,13 @@ defmodule Pleroma.Web.ActivityPub.MRFTest do
       clear_config([:mrf, :policies], [MRFModuleMock])
 
       expected = %{
-        mrf_policies: ["MRFModuleMock", "HashtagPolicy", "InlineQuotePolicy", "NormalizeMarkup"],
+        mrf_policies: [
+          "MRFModuleMock",
+          "HashtagPolicy",
+          "InlineQuotePolicy",
+          "NormalizeMarkup",
+          "DirectMessageDisabledPolicy"
+        ],
         mrf_module_mock: "some config data",
         mrf_hashtag: %{
           federated_timeline_removal: [],

test/pleroma/web/activity_pub/transmogrifier/note_handling_test.exs

@@ -316,7 +316,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.NoteHandlingTest do
     test "it correctly processes messages with non-array to field" do
       data =
         File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
+        |> Jason.decode!()
         |> Map.put("to", "https://www.w3.org/ns/activitystreams#Public")
         |> put_in(["object", "to"], "https://www.w3.org/ns/activitystreams#Public")
 
@@ -333,7 +333,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.NoteHandlingTest do
     test "it correctly processes messages with non-array cc field" do
       data =
         File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
+        |> Jason.decode!()
         |> Map.put("cc", "http://mastodon.example.org/users/admin/followers")
         |> put_in(["object", "cc"], "http://mastodon.example.org/users/admin/followers")
 
@@ -346,7 +346,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.NoteHandlingTest do
     test "it correctly processes messages with weirdness in address fields" do
       data =
         File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
+        |> Jason.decode!()
         |> Map.put("cc", ["http://mastodon.example.org/users/admin/followers", ["¿"]])
         |> put_in(["object", "cc"], ["http://mastodon.example.org/users/admin/followers", ["¿"]])
 
@@ -412,7 +412,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.NoteHandlingTest do
 
       activity =
         File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
+        |> Jason.decode!()
         |> Kernel.put_in(["object", "replies"], replies)
 
       %{activity: activity}

test/pleroma/web/mastodon_api/controllers/media_controller_test.exs

@@ -124,6 +124,23 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
 
       assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
     end
+
+    test "Do not allow nested filename", %{conn: conn, image: image} do
+      image = %Plug.Upload{
+        image
+        | filename: "../../../../../nested/file.jpg"
+      }
+
+      desc = "Description of the image"
+
+      media =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/v1/media", %{"file" => image, "description" => desc})
+        |> json_response_and_validate_schema(:ok)
+
+      refute Regex.match?(~r"/nested/", media["url"])
+    end
   end
 
   describe "Update media description" do

test/pleroma/web/mastodon_api/controllers/timeline_controller_test.exs

@@ -408,6 +408,25 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
 
       assert [] = result
     end
+
+    test "should return 404 if disabled" do
+      clear_config([:instance, :federated_timeline_available], false)
+
+      result =
+        build_conn()
+        |> get("/api/v1/timelines/public")
+        |> json_response_and_validate_schema(404)
+
+      assert %{"error" => "Federated timeline is disabled"} = result
+    end
+
+    test "should not return 404 if local is specified" do
+      clear_config([:instance, :federated_timeline_available], false)
+
+      build_conn()
+      |> get("/api/v1/timelines/public?local=true")
+      |> json_response_and_validate_schema(200)
+    end
   end
 
   defp local_and_remote_activities do
@@ -1036,9 +1055,8 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
   end
 
   describe "bubble" do
-    setup do: oauth_access(["read:statuses"])
-
-    test "filtering", %{conn: conn, user: user} do
+    test "filtering" do
+      %{conn: conn, user: user} = oauth_access(["read:statuses"])
       clear_config([:instance, :local_bubble], [])
       # our endpoint host has a port in it so let's set the AP ID
       local_user = insert(:user, %{ap_id: "https://localhost/users/user"})
@@ -1060,7 +1078,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
 
       assert local_activity.id in one_instance
 
-      # If we have others, also include theirs 
+      # If we have others, also include theirs
       clear_config([:instance, :local_bubble], ["example.com"])
 
       two_instances =
@@ -1072,6 +1090,20 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
       assert local_activity.id in two_instances
       assert remote_activity.id in two_instances
     end
+
+    test "restrict_unauthenticated with bubble timeline", %{conn: conn} do
+      clear_config([:restrict_unauthenticated, :timelines, :bubble], true)
+
+      conn
+      |> get("/api/v1/timelines/bubble")
+      |> json_response_and_validate_schema(:unauthorized)
+
+      clear_config([:restrict_unauthenticated, :timelines, :bubble], false)
+
+      conn
+      |> get("/api/v1/timelines/bubble")
+      |> json_response_and_validate_schema(200)
+    end
   end
 
   defp create_remote_activity(user) do

test/pleroma/web/mastodon_api/update_credentials_test.exs

@@ -396,6 +396,34 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
       assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
     end
 
+    test "Strip / from upload files", %{user: user, conn: conn} do
+      new_image = %Plug.Upload{
+        content_type: "image/jpeg",
+        path: Path.absname("test/fixtures/image.jpg"),
+        filename: "../../../../nested/an_image.jpg"
+      }
+
+      assert user.avatar == %{}
+
+      res =
+        patch(conn, "/api/v1/accounts/update_credentials", %{
+          "avatar" => new_image,
+          "header" => new_image,
+          "pleroma_background_image" => new_image
+        })
+
+      assert user_response = json_response_and_validate_schema(res, 200)
+      assert user_response["avatar"]
+      assert user_response["header"]
+      assert user_response["pleroma"]["background_image"]
+      refute Regex.match?(~r"/nested/", user_response["avatar"])
+      refute Regex.match?(~r"/nested/", user_response["header"])
+      refute Regex.match?(~r"/nested/", user_response["pleroma"]["background_image"])
+
+      user = User.get_by_id(user.id)
+      refute user.avatar == %{}
+    end
+
     test "requires 'write:accounts' permission" do
       token1 = insert(:oauth_token, scopes: ["read"])
       token2 = insert(:oauth_token, scopes: ["write", "follow"])
@@ -699,4 +727,56 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
       assert account["source"]["pleroma"]["actor_type"] == "Person"
     end
   end
+
+  describe "Updating direct message settings" do
+    setup do: oauth_access(["write:accounts"])
+    setup :request_content_type
+
+    test "changing to :everybody", %{conn: conn} do
+      account =
+        conn
+        |> patch("/api/v1/accounts/update_credentials", %{
+          accepts_direct_messages_from: "everybody"
+        })
+        |> json_response_and_validate_schema(200)
+
+      assert account["accepts_direct_messages_from"]
+      assert account["accepts_direct_messages_from"] == "everybody"
+      assert Pleroma.User.get_by_ap_id(account["url"]).accepts_direct_messages_from == :everybody
+    end
+
+    test "changing to :nobody", %{conn: conn} do
+      account =
+        conn
+        |> patch("/api/v1/accounts/update_credentials", %{accepts_direct_messages_from: "nobody"})
+        |> json_response_and_validate_schema(200)
+
+      assert account["accepts_direct_messages_from"]
+      assert account["accepts_direct_messages_from"] == "nobody"
+      assert Pleroma.User.get_by_ap_id(account["url"]).accepts_direct_messages_from == :nobody
+    end
+
+    test "changing to :people_i_follow", %{conn: conn} do
+      account =
+        conn
+        |> patch("/api/v1/accounts/update_credentials", %{
+          accepts_direct_messages_from: "people_i_follow"
+        })
+        |> json_response_and_validate_schema(200)
+
+      assert account["accepts_direct_messages_from"]
+      assert account["accepts_direct_messages_from"] == "people_i_follow"
+
+      assert Pleroma.User.get_by_ap_id(account["url"]).accepts_direct_messages_from ==
+               :people_i_follow
+    end
+
+    test "changing to an unsupported value", %{conn: conn} do
+      conn
+      |> patch("/api/v1/accounts/update_credentials", %{
+        accepts_direct_messages_from: "unsupported"
+      })
+      |> json_response(400)
+    end
+  end
 end

test/pleroma/web/mastodon_api/views/account_view_test.exs

@@ -269,8 +269,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
     }
 
     with_mock(
-      Pleroma.Web.Nodeinfo.NodeinfoController,
-      raw_nodeinfo: fn -> %{version: "2.0"} end
+      Pleroma.Web.Nodeinfo.Nodeinfo,
+      get_nodeinfo: fn _ -> %{version: "2.0"} end
     ) do
       assert expected ==
                AccountView.render("show.json", %{user: user, skip_visibility_check: true})
@@ -397,7 +397,22 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
       expected =
         Map.merge(
           @blank_response,
-          %{following: false, blocking: true, blocked_by: true, id: to_string(other_user.id)}
+          %{following: false, blocking: true, blocked_by: false, id: to_string(other_user.id)}
+        )
+
+      test_relationship_rendering(user, other_user, expected)
+    end
+
+    test "blocks are not visible to the blocked user" do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      {:ok, _user_relationship} = User.block(other_user, user)
+
+      expected =
+        Map.merge(
+          @blank_response,
+          %{following: false, blocking: false, blocked_by: false, id: to_string(other_user.id)}
         )
 
       test_relationship_rendering(user, other_user, expected)

test/pleroma/web/node_info_test.exs

@@ -292,4 +292,38 @@ defmodule Pleroma.Web.NodeInfoTest do
       assert response["metadata"]["federation"]["mrf_simple_info"] == expected_config
     end
   end
+
+  describe "public timeline visibility" do
+    test "shows public timeline visibility", %{conn: conn} do
+      clear_config([:restrict_unauthenticated, :timelines], %{local: false, federated: false})
+
+      response =
+        conn
+        |> get("/nodeinfo/2.1.json")
+        |> json_response(:ok)
+
+      assert response["metadata"]["publicTimelineVisibility"]["local"] == true
+      assert response["metadata"]["publicTimelineVisibility"]["federated"] == true
+
+      clear_config([:restrict_unauthenticated, :timelines], %{local: true, federated: false})
+
+      response =
+        conn
+        |> get("/nodeinfo/2.1.json")
+        |> json_response(:ok)
+
+      assert response["metadata"]["publicTimelineVisibility"]["local"] == false
+      assert response["metadata"]["publicTimelineVisibility"]["federated"] == true
+
+      clear_config([:restrict_unauthenticated, :timelines], %{local: false, federated: true})
+
+      response =
+        conn
+        |> get("/nodeinfo/2.1.json")
+        |> json_response(:ok)
+
+      assert response["metadata"]["publicTimelineVisibility"]["local"] == true
+      assert response["metadata"]["publicTimelineVisibility"]["federated"] == false
+    end
+  end
 end

test/pleroma/web/plugs/frontend_static_plug_test.exs

@@ -83,6 +83,7 @@ defmodule Pleroma.Web.Plugs.FrontendStaticPlugTest do
       "main",
       "ostatus_subscribe",
       "oauth",
+      "akkoma",
       "objects",
       "activities",
       "notice",

test/pleroma/web/plugs/mapped_signature_to_identity_plug_test.exs

@@ -69,6 +69,47 @@ defmodule Pleroma.Web.Plugs.MappedSignatureToIdentityPlugTest do
     assert %{valid_signature: false} == conn.assigns
   end
 
+  test "allowlist federation: it considers a mapped identity to be valid when the associated instance is allowed" do
+    clear_config([:activitypub, :authorized_fetch_mode], true)
+
+    clear_config([:mrf_simple, :accept], [
+      {"mastodon.example.org", "anime is allowed"}
+    ])
+
+    on_exit(fn ->
+      Pleroma.Config.put([:activitypub, :authorized_fetch_mode], false)
+      Pleroma.Config.put([:mrf_simple, :accept], [])
+    end)
+
+    conn =
+      build_conn(:post, "/doesntmattter", %{"actor" => "http://mastodon.example.org/users/admin"})
+      |> set_signature("http://mastodon.example.org/users/admin")
+      |> MappedSignatureToIdentityPlug.call(%{})
+
+    assert conn.assigns[:valid_signature]
+    refute is_nil(conn.assigns.user)
+  end
+
+  test "allowlist federation: it considers a mapped identity to be invalid when the associated instance is not allowed" do
+    clear_config([:activitypub, :authorized_fetch_mode], true)
+
+    clear_config([:mrf_simple, :accept], [
+      {"misskey.example.org", "anime is allowed"}
+    ])
+
+    on_exit(fn ->
+      Pleroma.Config.put([:activitypub, :authorized_fetch_mode], false)
+      Pleroma.Config.put([:mrf_simple, :accept], [])
+    end)
+
+    conn =
+      build_conn(:post, "/doesntmattter", %{"actor" => "http://mastodon.example.org/users/admin"})
+      |> set_signature("http://mastodon.example.org/users/admin")
+      |> MappedSignatureToIdentityPlug.call(%{})
+
+    assert %{valid_signature: false} == conn.assigns
+  end
+
   @tag skip: "known breakage; the testsuite presently depends on it"
   test "it considers a mapped identity to be invalid when the identity cannot be found" do
     conn =

test/pleroma/web/rich_media/parser_test.exs

@@ -129,7 +129,7 @@ defmodule Pleroma.Web.RichMedia.ParserTest do
               }}
   end
 
-  test "parses OEmbed" do
+  test "parses OEmbed and filters HTML tags" do
     assert Parser.parse("http://example.com/oembed") ==
              {:ok,
               %{
@@ -139,7 +139,7 @@ defmodule Pleroma.Web.RichMedia.ParserTest do
                 "flickr_type" => "photo",
                 "height" => "768",
                 "html" =>
-                  "<a data-flickr-embed=\"true\" href=\"https://www.flickr.com/photos/bees/2362225867/\" title=\"Bacon Lollys by \u202E\u202D\u202Cbees\u202C, on Flickr\"><img src=\"https://farm4.staticflickr.com/3040/2362225867_4a87ab8baf_b.jpg\" width=\"1024\" height=\"768\" alt=\"Bacon Lollys\"></a><script async src=\"https://embedr.flickr.com/assets/client-code.js\" charset=\"utf-8\"></script>",
+                  "<a href=\"https://www.flickr.com/photos/bees/2362225867/\" title=\"Bacon Lollys by \u202E\u202D\u202Cbees\u202C, on Flickr\"><img src=\"https://farm4.staticflickr.com/3040/2362225867_4a87ab8baf_b.jpg\" width=\"1024\" height=\"768\" alt=\"Bacon Lollys\"/></a>",
                 "license" => "All Rights Reserved",
                 "license_id" => 0,
                 "provider_name" => "Flickr",