Merge pull request 'Clean up warnings (+fallback metrics)' (#685) from Oneric/akkoma:metrics into develop

Reviewed-on: AkkomaGang/akkoma#685

.formatter.exs

@@ -1,3 +1,14 @@
 [
-  inputs: ["mix.exs", "{config,lib,test}/**/*.{ex,exs}", "priv/repo/migrations/*.exs", "priv/repo/optional_migrations/**/*.exs", "priv/scrubbers/*.ex"]
+  import_deps: [:ecto, :ecto_sql, :phoenix],
+  subdirectories: ["priv/*/migrations"],
+  plugins: [Phoenix.LiveView.HTMLFormatter],
+  inputs: [
+    "mix.exs",
+    "*.{heex,ex,exs}",
+    "{config,lib,test}/**/*.{heex,ex,exs}",
+    "priv/*/seeds.exs",
+    "priv/repo/migrations/*.exs",
+    "priv/repo/optional_migrations/**/*.exs",
+    "priv/scrubbers/*.ex"
+  ]
 ]

.woodpecker/build-amd64.yml

@@ -1,3 +1,8 @@
+platform: linux/amd64
+
+depends_on:
+  - test
+
 variables:
   - &scw-secrets
     - SCW_ACCESS_KEY
@@ -12,8 +17,6 @@ variables:
       branch:
         - develop
         - stable
-        - refs/tags/v*
-        - refs/tags/stable-*
   - &on-stable
     when:
       event:
@@ -21,14 +24,6 @@ variables:
         - tag
       branch:
         - stable
-        - refs/tags/stable-*
-  - &on-point-release
-    when:
-      event:
-        - push
-      branch:
-        - develop
-        - stable
   - &on-pr-open
     when:
       event:
@@ -39,63 +34,10 @@ variables:
   - &clean "(rm -rf release || true) && (rm -rf _build || true) && (rm -rf /root/.mix)"
   - &mix-clean "mix deps.clean --all && mix clean"
 
-services:
-  postgres:
-    image: postgres:15
-    when:
-      event:
-        - pull_request
-    environment:
-      POSTGRES_DB: pleroma_test
-      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD: postgres
-
 pipeline:
-  lint:
-    <<: *on-pr-open
-    image: akkoma/ci-base:1.14
-    commands:
-    - mix local.hex --force
-    - mix local.rebar --force
-    - mix format --check-formatted
-
-  build:
-    image: akkoma/ci-base:1.14
-    <<: *on-pr-open
-    environment:
-      MIX_ENV: test
-      POSTGRES_DB: pleroma_test
-      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD: postgres
-      DB_HOST: postgres
-    commands:
-      - mix local.hex --force
-      - mix local.rebar --force
-      - mix deps.get
-      - mix compile
-
-  test:
-    image: akkoma/ci-base:1.14
-    <<: *on-pr-open
-    environment:
-      MIX_ENV: test
-      POSTGRES_DB: pleroma_test
-      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD: postgres
-      DB_HOST: postgres
-    commands:
-    - mix local.hex --force
-    - mix local.rebar --force
-    - mix deps.get
-    - mix compile
-    - mix ecto.drop -f -q
-    - mix ecto.create
-    - mix ecto.migrate
-    - mix test --preload-modules --exclude erratic --exclude federated --max-cases 4
-
   # Canonical amd64
-  ubuntu22:
-    image: hexpm/elixir:1.14.3-erlang-25.2.2-ubuntu-jammy-20221130
+  debian-bookworm:
+    image: hexpm/elixir:1.15.4-erlang-26.0.2-debian-bookworm-20230612
     <<: *on-release
     environment:
       MIX_ENV: prod
@@ -108,51 +50,51 @@ pipeline:
       - *tag-build
       - mix deps.get --only prod
       - mix release --path release
-      - zip akkoma-ubuntu-jammy.zip -r release
-
-  release-ubuntu22:
-    image: akkoma/releaser
-    <<: *on-release
-    secrets: *scw-secrets
-    commands:
-      - export SOURCE=akkoma-ubuntu-jammy.zip
-      - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-ubuntu-jammy.zip
-      - /bin/sh /entrypoint.sh
-      - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-amd64-ubuntu-jammy.zip
-      - /bin/sh /entrypoint.sh
-
-  debian-bullseye:
-    image: hexpm/elixir:1.14.3-erlang-25.2.2-debian-bullseye-20230109
-    <<: *on-release
-    environment:
-      MIX_ENV: prod
-      DEBIAN_FRONTEND: noninteractive
-    commands:
-      - apt-get update && apt-get install -y cmake libmagic-dev rclone zip imagemagick libmagic-dev git build-essential gcc make g++ wget
-      - *clean
-      - echo "import Config" > config/prod.secret.exs
-      - *setup-hex
-      - *tag-build
-      - *mix-clean
-      - mix deps.get --only prod
-      - mix release --path release
       - zip akkoma-amd64.zip -r release
 
-  release-debian:
+  release-debian-bookworm:
     image: akkoma/releaser
     <<: *on-release
     secrets: *scw-secrets
     commands:
       - export SOURCE=akkoma-amd64.zip
+      # AMD64
       - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-amd64.zip
       - /bin/sh /entrypoint.sh
-      - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-debian-stable.zip
+      # Ubuntu jammy (currently compatible)
+      - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-amd64-ubuntu-jammy.zip
+      - /bin/sh /entrypoint.sh
+
+  debian-bullseye:
+    image: hexpm/elixir:1.15.4-erlang-26.0.2-debian-bullseye-20230612
+    <<: *on-release
+    environment:
+      MIX_ENV: prod
+      DEBIAN_FRONTEND: noninteractive
+    commands:
+      - apt-get update && apt-get install -y cmake libmagic-dev rclone zip imagemagick libmagic-dev git build-essential g++ wget
+      - *clean
+      - echo "import Config" > config/prod.secret.exs
+      - *setup-hex
+      - *tag-build
+      - mix deps.get --only prod
+      - mix release --path release
+      - zip akkoma-amd64-debian-bullseye.zip -r release
+
+  release-debian-bullseye:
+    image: akkoma/releaser
+    <<: *on-release
+    secrets: *scw-secrets
+    commands:
+      - export SOURCE=akkoma-amd64-debian-bullseye.zip
+      # AMD64
+      - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-amd64-debian-bullseye.zip
       - /bin/sh /entrypoint.sh
 
   # Canonical amd64-musl
   musl:
-    image: hexpm/elixir:1.14.3-erlang-25.2.2-alpine-3.15.6
-    <<: *on-release
+    image: hexpm/elixir:1.15.4-erlang-26.0.2-alpine-3.18.2
+    <<: *on-stable
     environment:
       MIX_ENV: prod
     commands:
@@ -167,31 +109,9 @@ pipeline:
 
   release-musl:
     image: akkoma/releaser
-    <<: *on-release
+    <<: *on-stable
     secrets: *scw-secrets
     commands:
       - export SOURCE=akkoma-amd64-musl.zip
       - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-amd64-musl.zip
       - /bin/sh /entrypoint.sh
-
-  docs:
-    <<: *on-point-release
-    secrets:
-    - SCW_ACCESS_KEY
-    - SCW_SECRET_KEY
-    - SCW_DEFAULT_ORGANIZATION_ID
-    environment:
-      CI: "true"
-    image: python:3.10-slim
-    commands:
-      - apt-get update && apt-get install -y rclone wget git zip
-      - wget https://github.com/scaleway/scaleway-cli/releases/download/v2.5.1/scaleway-cli_2.5.1_linux_amd64
-      - mv scaleway-cli_2.5.1_linux_amd64 scaleway-cli
-      - chmod +x scaleway-cli
-      - ./scaleway-cli object config install type=rclone
-      - cd docs
-      - pip install -r requirements.txt
-      - mkdocs build
-      - zip -r docs.zip site/*
-      - cd site
-      - rclone copy . scaleway:akkoma-docs/$CI_COMMIT_BRANCH/

.woodpecker/build-arm64.yml

@@ -0,0 +1,89 @@
+platform: linux/arm64
+
+depends_on:
+  - test
+
+variables:
+  - &scw-secrets
+    - SCW_ACCESS_KEY
+    - SCW_SECRET_KEY
+    - SCW_DEFAULT_ORGANIZATION_ID
+  - &setup-hex "mix local.hex --force && mix local.rebar --force"
+  - &on-release
+    when:
+      event:
+        - push
+        - tag
+      branch:
+        - stable
+        - develop
+  - &on-stable
+    when:
+      event:
+        - push
+        - tag
+      branch:
+        - stable
+  - &on-pr-open
+    when:
+      event:
+        - pull_request
+
+  - &tag-build "export BUILD_TAG=$${CI_COMMIT_TAG:-\"$CI_COMMIT_BRANCH\"} && export PLEROMA_BUILD_BRANCH=$BUILD_TAG"
+
+  - &clean "(rm -rf release || true) && (rm -rf _build || true) && (rm -rf /root/.mix)"
+  - &mix-clean "mix deps.clean --all && mix clean"
+
+pipeline:
+  # Canonical arm64
+  debian-bookworm:
+    image: hexpm/elixir:1.15.4-erlang-26.0.2-debian-bookworm-20230612
+    <<: *on-release
+    environment:
+      MIX_ENV: prod
+      DEBIAN_FRONTEND: noninteractive
+    commands:
+      - apt-get update && apt-get install -y cmake libmagic-dev rclone zip imagemagick libmagic-dev git build-essential g++ wget
+      - *clean
+      - echo "import Config" > config/prod.secret.exs
+      - *setup-hex
+      - *tag-build
+      - mix deps.get --only prod
+      - mix release --path release
+      - zip akkoma-arm64.zip -r release
+
+  release-debian-bookworm:
+    image: akkoma/releaser:arm64
+    <<: *on-release
+    secrets: *scw-secrets
+    commands:
+      - export SOURCE=akkoma-arm64.zip
+      - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-arm64-ubuntu-jammy.zip
+      - /bin/sh /entrypoint.sh
+      - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-arm64.zip
+      - /bin/sh /entrypoint.sh
+
+  # Canonical arm64-musl
+  musl:
+    image: hexpm/elixir:1.15.4-erlang-26.0.2-alpine-3.18.2
+    <<: *on-stable
+    environment:
+      MIX_ENV: prod
+    commands:
+      - apk add git gcc g++ musl-dev make cmake file-dev rclone wget zip imagemagick
+      - *clean
+      - *setup-hex
+      - *mix-clean
+      - *tag-build
+      - mix deps.get --only prod
+      - mix release --path release
+      - zip akkoma-arm64-musl.zip -r release
+
+  release-musl:
+    image: akkoma/releaser:arm64
+    <<: *on-stable
+    secrets: *scw-secrets
+    commands:
+      - export SOURCE=akkoma-arm64-musl.zip
+      - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-arm64-musl.zip
+      - /bin/sh /entrypoint.sh

.woodpecker/docs.yml

@@ -0,0 +1,69 @@
+platform: linux/amd64
+
+depends_on:
+  - test
+  - build-amd64
+
+variables:
+  - &scw-secrets
+    - SCW_ACCESS_KEY
+    - SCW_SECRET_KEY
+    - SCW_DEFAULT_ORGANIZATION_ID
+  - &setup-hex "mix local.hex --force && mix local.rebar --force"
+  - &on-release
+    when:
+      event:
+        - push
+        - tag
+      branch:
+        - develop
+        - stable
+        - refs/tags/v*
+        - refs/tags/stable-*
+  - &on-stable
+    when:
+      event:
+        - push
+        - tag
+      branch:
+        - stable
+        - refs/tags/stable-*
+  - &on-point-release
+    when:
+      event:
+        - push
+      branch:
+        - develop
+        - stable
+  - &on-pr-open
+    when:
+      event:
+        - pull_request
+
+  - &tag-build "export BUILD_TAG=$${CI_COMMIT_TAG:-\"$CI_COMMIT_BRANCH\"} && export PLEROMA_BUILD_BRANCH=$BUILD_TAG"
+
+  - &clean "(rm -rf release || true) && (rm -rf _build || true) && (rm -rf /root/.mix)"
+  - &mix-clean "mix deps.clean --all && mix clean"
+
+pipeline:
+  docs:
+    <<: *on-point-release
+    secrets:
+    - SCW_ACCESS_KEY
+    - SCW_SECRET_KEY
+    - SCW_DEFAULT_ORGANIZATION_ID
+    environment:
+      CI: "true"
+    image: python:3.10-slim
+    commands:
+      - apt-get update && apt-get install -y rclone wget git zip
+      - wget https://github.com/scaleway/scaleway-cli/releases/download/v2.5.1/scaleway-cli_2.5.1_linux_amd64
+      - mv scaleway-cli_2.5.1_linux_amd64 scaleway-cli
+      - chmod +x scaleway-cli
+      - ./scaleway-cli object config install type=rclone
+      - cd docs
+      - pip install -r requirements.txt
+      - mkdocs build
+      - zip -r docs.zip site/*
+      - cd site
+      - rclone copy . scaleway:akkoma-docs/$CI_COMMIT_BRANCH/

.woodpecker/lint.yml

@@ -0,0 +1,55 @@
+platform: linux/amd64
+
+variables:
+  - &scw-secrets
+    - SCW_ACCESS_KEY
+    - SCW_SECRET_KEY
+    - SCW_DEFAULT_ORGANIZATION_ID
+  - &setup-hex "mix local.hex --force && mix local.rebar --force"
+  - &on-release
+    when:
+      event:
+        - push
+        - tag
+      branch:
+        - develop
+        - stable
+        - refs/tags/v*
+        - refs/tags/stable-*
+  - &on-stable
+    when:
+      event:
+        - push
+        - tag
+      branch:
+        - stable
+        - refs/tags/stable-*
+  - &on-point-release
+    when:
+      event:
+        - push
+      branch:
+        - develop
+        - stable
+  - &on-pr-open
+    when:
+      event:
+        - pull_request
+
+  - &tag-build "export BUILD_TAG=$${CI_COMMIT_TAG:-\"$CI_COMMIT_BRANCH\"} && export PLEROMA_BUILD_BRANCH=$BUILD_TAG"
+
+  - &clean "(rm -rf release || true) && (rm -rf _build || true) && (rm -rf /root/.mix)"
+  - &mix-clean "mix deps.clean --all && mix clean"
+
+pipeline:
+  lint:
+    image: akkoma/ci-base:1.15-otp26
+    <<: *on-pr-open
+    environment:
+      MIX_ENV: test
+    commands:
+      - mix local.hex --force
+      - mix local.rebar --force
+      - mix deps.get
+      - mix compile
+      - mix format --check-formatted

.woodpecker/test.yml

@@ -0,0 +1,93 @@
+platform: linux/amd64
+
+depends_on:
+  - lint
+
+matrix:
+  ELIXIR_VERSION:
+    - 1.14
+    - 1.15
+  OTP_VERSION:
+    - 25
+    - 26
+  include:
+    - ELIXIR_VERSION: 1.14
+      OTP_VERSION: 25
+    - ELIXIR_VERSION: 1.15
+      OTP_VERSION: 25
+    - ELIXIR_VERSION: 1.15
+      OTP_VERSION: 26
+
+variables:
+  - &scw-secrets
+    - SCW_ACCESS_KEY
+    - SCW_SECRET_KEY
+    - SCW_DEFAULT_ORGANIZATION_ID
+  - &setup-hex "mix local.hex --force && mix local.rebar --force"
+  - &on-release
+    when:
+      event:
+        - push
+        - tag
+      branch:
+        - develop
+        - stable
+        - refs/tags/v*
+        - refs/tags/stable-*
+  - &on-stable
+    when:
+      event:
+        - push
+        - tag
+      branch:
+        - stable
+        - refs/tags/stable-*
+  - &on-point-release
+    when:
+      event:
+        - push
+      branch:
+        - develop
+        - stable
+  - &on-pr-open
+    when:
+      event:
+        - pull_request
+
+  - &tag-build "export BUILD_TAG=$${CI_COMMIT_TAG:-\"$CI_COMMIT_BRANCH\"} && export PLEROMA_BUILD_BRANCH=$BUILD_TAG"
+
+  - &clean "(rm -rf release || true) && (rm -rf _build || true) && (rm -rf /root/.mix)"
+  - &mix-clean "mix deps.clean --all && mix clean"
+
+services:
+  postgres:
+    image: postgres:15
+    when:
+      event:
+        - pull_request
+    environment:
+      POSTGRES_DB: pleroma_test_${ELIXIR_VERSION}_${OTP_VERSION}
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+
+pipeline:
+  test:
+    image: akkoma/ci-base:${ELIXIR_VERSION}-otp${OTP_VERSION}
+    <<: *on-pr-open
+    environment:
+      MIX_ENV: test
+      POSTGRES_DB: pleroma_test_${ELIXIR_VERSION}_${OTP_VERSION}
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+      DB_HOST: postgres
+    commands:
+      - mix local.hex --force
+      - mix local.rebar --force
+      - mix deps.get
+      - mix compile
+      - mix ecto.drop -f -q
+      - mix ecto.create
+      - mix ecto.migrate
+      - mkdir -p test/tmp
+      - mix test --preload-modules --exclude erratic --exclude federated --exclude mocked
+      - mix test --preload-modules --only mocked

CHANGELOG.md

@@ -4,6 +4,71 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## Unreleased
+
+## Added
+- Full compatibility with Erlang OTP26
+- handling of GET /api/v1/preferences
+- Akkoma API is now documented
+- ability to auto-approve follow requests from users you are already following
+- The SimplePolicy MRF can now strip user backgrounds from selected remote hosts
+
+## Changed
+- OTP builds are now built on erlang OTP26
+- The base Phoenix framework is now updated to 1.7
+- An `outbox` field has been added to actor profiles to comply with AP spec
+- User profile backgrounds do now federate with other Akkoma instances and Sharkey
+
+## Fixed
+- Documentation issue in which a non-existing nginx file was referenced
+- Issue where a bad inbox URL could break federation
+- Issue where hashtag rel values would be scrubbed
+- Issue where short domains listed in `transparency_obfuscate_domains` were not actually obfuscated
+
+## 2023.08
+
+## Added
+
+- Added a new configuration option to the MediaProxy feature that allows the blocking of specific domains from using the media proxy or being explicitly allowed by the Content-Security-Policy.
+  - Please make sure instances you wanted to block media from are not in the MediaProxy `whitelist`, and instead use `blocklist`.
+- `OnlyMedia` Upload Filter to simplify restricting uploads to audio, image, and video types
+- ARM64 OTP builds
+  - Ubuntu22 builds are available for develop and stable
+  - other distributions are stable only
+- Support for Elixir 1.15
+  - 1.14 is still supported
+  - OTP26 is currently "unsupported". It will probably work, but due to the way
+    it handles map ordering, the test suite will not pass for it as yet.
+
+## Changed
+
+- Alpine OTP builds are now from alpine 3.18, which is OpenSSLv3 compatible.
+  If you use alpine OTP builds you will have to update your local system.
+- Debian OTP builds are now from a base of bookworm, which is OpenSSLv3 compatible.
+  If you use debian OTP builds you will have to update your local system to
+  bookworm (currently: stable).
+- Ubuntu and debian builds are compatible again! (for now...)
+- Blocks/Mutes now return from max ID to min ID, in line with mastodon.
+- The AnonymizeFilename filter is now enabled by default.
+
+## Fixed
+
+- Deactivated users can no longer show up in the emoji reaction list
+- Embedded posts can no longer bypass `:restrict\_unauthenticated`
+- GET/HEAD requests will now work when requesting AWS-based instances.
+
+## Security
+
+- Add `no_new_privs` hardening to OpenRC and systemd service files
+- XML parsers cannot load any entities (thanks @Mae@is.badat.dev!)
+- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories
+
+## Removed
+
+- Builds for debian oldstable (bullseye)
+  - If you are on oldstable you should NOT attempt to update OTP builds without
+    first updating your machine.
+
 ## 2023.05
 
 ## Added
@@ -86,7 +151,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Rich media will now hard-exit after 5 seconds, to prevent timeline hangs
 - HTTP Content Security Policy is now far more strict to prevent any potential XSS/CSS leakages
 - Follow requests are now paginated, matches mastodon API spec, so use the Link header to paginate.
-- `internal.fetch` and `relay` actors are now represented with the actor type `Application`
 
 ### Fixed 
 - /api/v1/accounts/lookup will now respect restrict\_unauthenticated

Dockerfile

@@ -1,4 +1,4 @@
-FROM hexpm/elixir:1.14.3-erlang-25.3-alpine-3.17.2
+FROM hexpm/elixir:1.15.4-erlang-26.0.2-alpine-3.18.2
 
 ENV MIX_ENV=prod
 ENV ERL_EPMD_ADDRESS=127.0.0.1

config/benchmark.exs

@@ -14,7 +14,7 @@ config :pleroma, Pleroma.Captcha,
   method: Pleroma.Captcha.Mock
 
 # Print only warnings and errors during test
-config :logger, level: :warn
+config :logger, level: :warning
 
 config :pleroma, :auth, oauth_consumer_strategies: []
 

config/config.exs

@@ -110,17 +110,6 @@ config :pleroma, :uri_schemes,
     "xmpp"
   ]
 
-websocket_config = [
-  path: "/websocket",
-  serializer: [
-    {Phoenix.Socket.V1.JSONSerializer, "~> 1.0.0"},
-    {Phoenix.Socket.V2.JSONSerializer, "~> 2.0.0"}
-  ],
-  timeout: 60_000,
-  transport_log: false,
-  compress: false
-]
-
 # Configures the endpoint
 config :pleroma, Pleroma.Web.Endpoint,
   url: [host: "localhost"],
@@ -130,10 +119,7 @@ config :pleroma, Pleroma.Web.Endpoint,
       {:_,
        [
          {"/api/v1/streaming", Pleroma.Web.MastodonAPI.WebsocketHandler, []},
-         {"/websocket", Phoenix.Endpoint.CowboyWebSocket,
-          {Phoenix.Transports.WebSocket,
-           {Pleroma.Web.Endpoint, Pleroma.Web.UserSocket, websocket_config}}},
-         {:_, Phoenix.Endpoint.Cowboy2Handler, {Pleroma.Web.Endpoint, []}}
+         {:_, Plug.Cowboy.Handler, {Pleroma.Web.Endpoint, []}}
        ]}
     ]
   ],
@@ -170,6 +156,10 @@ config :mime, :types, %{
   "application/ld+json" => ["activity+json"]
 }
 
+config :mime, :extensions, %{
+  "activity+json" => "application/activity+json"
+}
+
 config :tesla, :adapter, {Tesla.Adapter.Finch, name: MyFinch}
 
 # Configures http settings, upstream proxy etc.
@@ -300,7 +290,6 @@ config :pleroma, :frontend_configurations,
     alwaysShowSubjectInput: true,
     background: "/images/city.jpg",
     collapseMessageWithSubject: false,
-    disableChat: false,
     greentext: false,
     hideFilteredStatuses: false,
     hideMutedPosts: false,
@@ -388,6 +377,7 @@ config :pleroma, :mrf_simple,
   accept: [],
   avatar_removal: [],
   banner_removal: [],
+  background_removal: [],
   reject_deletes: [],
   handle_threads: true
 
@@ -443,7 +433,8 @@ config :pleroma, :media_proxy,
     # Note: max_read_duration defaults to Pleroma.ReverseProxy.max_read_duration_default/1
     max_read_duration: 30_000
   ],
-  whitelist: []
+  whitelist: [],
+  blocklist: []
 
 config :pleroma, Pleroma.Web.MediaProxy.Invalidation.Http,
   method: :purge,
@@ -462,10 +453,6 @@ config :pleroma, :media_preview_proxy,
   image_quality: 85,
   min_content_length: 100 * 1024
 
-config :pleroma, :shout,
-  enabled: true,
-  limit: 5_000
-
 config :phoenix, :format_encoders, json: Jason, "activity+json": Jason
 
 config :phoenix, :json_library, Jason

config/description.exs

@@ -1081,7 +1081,7 @@ config :pleroma, :config_description, [
         key: :level,
         type: {:dropdown, :atom},
         description: "Log level",
-        suggestions: [:debug, :info, :warn, :error]
+        suggestions: [:debug, :info, :warning, :error]
       },
       %{
         key: :ident,
@@ -1114,7 +1114,7 @@ config :pleroma, :config_description, [
         key: :level,
         type: {:dropdown, :atom},
         description: "Log level",
-        suggestions: [:debug, :info, :warn, :error]
+        suggestions: [:debug, :info, :warning, :error]
       },
       %{
         key: :format,
@@ -1558,7 +1558,21 @@ config :pleroma, :config_description, [
       %{
         key: :whitelist,
         type: {:list, :string},
-        description: "List of hosts with scheme to bypass the MediaProxy",
+        description: """
+        List of hosts with scheme to bypass the MediaProxy.\n
+        The media will be fetched by the client, directly from the remote server.\n
+        To allow this, it will Content-Security-Policy exceptions for each instance listed.\n
+        This is to be used for instances you trust and do not want to cache media for.
+        """,
+        suggestions: ["http://example.com"]
+      },
+      %{
+        key: :blocklist,
+        type: {:list, :string},
+        description: """
+        List of hosts with scheme which will not go through the MediaProxy, and will not be explicitly allowed by the Content-Security-Policy.
+        This is to be used for instances where you do not want their media to go through your server or to be accessed by clients.
+        """,
         suggestions: ["http://example.com"]
       }
     ]
@@ -1844,7 +1858,7 @@ config :pleroma, :config_description, [
         key: :log,
         type: {:dropdown, :atom},
         description: "Logs verbose mode",
-        suggestions: [false, :error, :warn, :info, :debug]
+        suggestions: [false, :error, :warning, :info, :debug]
       },
       %{
         key: :queues,

config/test.exs

@@ -16,7 +16,7 @@ config :pleroma, Pleroma.Captcha,
 
 # Print only warnings and errors during test
 config :logger, :console,
-  level: :warn,
+  level: :warning,
   format: "\n[$level] $message\n"
 
 config :pleroma, :auth, oauth_consumer_strategies: []
@@ -81,10 +81,7 @@ config :web_push_encryption, :vapid_details,
     "BLH1qVhJItRGCfxgTtONfsOKDc9VRAraXw-3NsmjMngWSh7NxOizN6bkuRA7iLTMPS82PjwJAr3UoK9EC1IFrz4",
   private_key: "_-XZ0iebPrRfZ_o0-IatTdszYa8VCH1yLN-JauK7HHA"
 
-config :pleroma, Oban,
-  queues: false,
-  crontab: false,
-  plugins: false
+config :pleroma, Oban, testing: :manual
 
 config :pleroma, Pleroma.ScheduledActivity,
   daily_user_limit: 2,

docker-compose.yml

@@ -4,6 +4,7 @@ services:
   db:
     image: akkoma-db:latest
     build: ./docker-resources/database
+    shm_size: 4gb
     restart: unless-stopped
     user: ${DOCKER_USER}
     environment: {

docker-resources/build.sh

@@ -1,4 +1,4 @@
 #!/bin/sh
 
-docker-compose build --build-arg UID=$(id -u) --build-arg GID=$(id -g) akkoma
-docker-compose build --build-arg UID=$(id -u) --build-arg GID=$(id -g) db
+docker compose build --build-arg UID=$(id -u) --build-arg GID=$(id -g) akkoma
+docker compose build --build-arg UID=$(id -u) --build-arg GID=$(id -g) db

docker-resources/manage.sh

@@ -1,3 +1,3 @@
 #!/bin/sh
 
-docker-compose run --rm akkoma $@
+docker compose run --rm akkoma $@

docs/docs/administration/CLI_tasks/frontend.md

@@ -42,7 +42,7 @@ For a frontend configured under the `available` key, it's enough to install it b
 
 This will download the latest build for the pre-configured `ref` and install it. It can then be configured as the one of the served frontends in the config file (see `primary` or `admin`).
 
-You can override any of the details. To install a Pleroma-FE build from a different URL, you could do this:
+You can override any of the details. To install an Akkoma-FE build from a different URL, you could do this:
 
 === "OTP"
 

docs/docs/administration/CLI_tasks/robots_txt.md

@@ -17,5 +17,5 @@ If you want to generate a restrictive `robots.txt`, you can run the following mi
 === "From Source"
 
     ```sh
-    mix pleroma.robotstxt disallow_all
+    mix pleroma.robots_txt disallow_all
     ```

docs/docs/administration/backup.md

@@ -45,3 +45,16 @@
 8. Remove the dependencies that you don't need anymore (see installation guide). Make sure you don't remove packages that are still needed for other software that you have running!
 
 [¹]: We assume the database name and user are both "akkoma". If not, you can find the correct name in your config files.  
+
+## Docker installations
+
+If running behind Docker, it is required to run the above commands inside of a running database container.  
+
+### Example
+Running `docker compose run --rm db pg_dump <...>` will fail and return:
+```
+pg_dump: error: connection to server on socket "/run/postgresql/.s.PGSQL.5432" failed: No such file or directory 
+Is the server running locally and accepting connections on that socket?"
+```
+However, first starting just the database container with `docker compose up db -d`, and then running `docker compose exec db pg_dump -d akkoma --format=custom -f </your/backup/dir/akkoma.pgdump>` will successfully generate a database dump.  
+Then to make the file accessible on the host system you can run `docker compose cp db:</your/backup/dir/akkoma.pgdump> </your/target/location>` to copy if from the container.

docs/docs/administration/monitoring.md

@@ -3,7 +3,7 @@
 If you run akkoma, you may be inclined to collect metrics to ensure your instance is running smoothly,
 and that there's nothing quietly failing in the background.
 
-To facilitate this, akkoma exposes prometheus metrics to be scraped.
+To facilitate this, akkoma exposes a dashboard and prometheus metrics to be scraped.
 
 ## Prometheus
 
@@ -31,3 +31,15 @@ Once you have your token of the form `Bearer $ACCESS_TOKEN`, you can use that in
   - targets:
     - example.com
 ```
+
+## Dashboard
+
+Administrators can access a live dashboard under `/phoenix/live_dashboard`
+giving an overview of uptime, software versions, database stats and more.
+
+The dashboard also includes a variation of the prometheus metrics, however
+they do not exactly match due to respective limitations of the dashboard
+and the prometheus exporter.
+Even more important, the dashboard collects metrics locally in the browser
+only while the page is open and cannot give a view on their past history.
+For proper monitoring it is recommended to set up prometheus.

docs/docs/administration/updating.md

@@ -62,6 +62,6 @@ mix ecto.migrate
 # Start akkoma (replace with your system service manager's equivalent if different)
 sudo systemctl start akkoma
 
-# Update Pleroma-FE frontend to latest stable. For other Frontends see Frontend Configuration doc for more information.
+# Update Akkoma-FE frontend to latest stable. For other Frontends see Frontend Configuration doc for more information.
 mix pleroma.frontend install pleroma-fe --ref stable
 ```

docs/docs/clients.md

@@ -2,6 +2,14 @@
 Note: Additional clients may work, but these are known to work with Akkoma.
 Apps listed here might not support all of Akkoma's features.
 
+## Multiplatform
+### Kaiteki
+- Homepage: <https://kaiteki.app/>
+- Source Code: <https://github.com/Kaiteki-Fedi/Kaiteki>
+- Contact: [@kaiteki@fedi.software](https://fedi.software/@Kaiteki)
+- Platforms: Web, Windows, Linux, Android
+- Features: MastoAPI, Supports multiple backends
+
 ## Desktop
 ### Whalebird
 - Homepage: <https://whalebird.social/>

docs/docs/configuration/cheatsheet.md

@@ -144,6 +144,7 @@ To add configuration to your config file, you can copy it from the base config.
 * `report_removal`: List of instances to reject reports from and the reason for doing so.
 * `avatar_removal`: List of instances to strip avatars from and the reason for doing so.
 * `banner_removal`: List of instances to strip banners from and the reason for doing so.
+* `background_removal`: List of instances to strip user backgrounds from and the reason for doing so.
 * `reject_deletes`: List of instances to reject deletions from and the reason for doing so.
 
 #### :mrf_subchain
@@ -246,11 +247,11 @@ Notes:
 
 ### :frontend_configurations
 
-This can be used to configure a keyword list that keeps the configuration data for any kind of frontend. By default, settings for `pleroma_fe` and `masto_fe` are configured. You can find the documentation for `pleroma_fe` configuration into [Pleroma-FE configuration and customization for instance administrators](https://docs-fe.akkoma.dev/stable/CONFIGURATION/#options).
+This can be used to configure a keyword list that keeps the configuration data for any kind of frontend. By default, settings for `pleroma_fe` and `masto_fe` are configured. You can find the documentation for `pleroma_fe` configuration into [Akkoma-FE configuration and customization for instance administrators](https://docs-fe.akkoma.dev/stable/CONFIGURATION/#options).
 
 Frontends can access these settings at `/api/v1/pleroma/frontend_configurations`
 
-To add your own configuration for Pleroma-FE, use it like this:
+To add your own configuration for Akkoma-FE, use it like this:
 
 ```elixir
 config :pleroma, :frontend_configurations,
@@ -615,6 +616,12 @@ This filter only strips the GPS and location metadata with Exiftool leaving colo
 
 No specific configuration.
 
+#### Pleroma.Upload.Filter.OnlyMedia
+
+This filter rejects uploads that are not identified with Content-Type matching audio/\*, image/\*, or video/\*
+
+No specific configuration.
+
 #### Pleroma.Upload.Filter.Mogrify
 
 * `args`: List of actions for the `mogrify` command like `"strip"` or `["strip", "auto-orient", {"implode", "1"}]`.
@@ -952,6 +959,15 @@ config :ueberauth, Ueberauth,
   ]
 ```
 
+You may also need to set up your frontend to use oauth logins. For example, for `akkoma-fe`:
+
+```elixir
+config :pleroma, :frontend_configurations,
+  pleroma_fe: %{
+    loginMethod: "token"
+  }
+```
+
 ## Link parsing
 
 ### :uri_schemes

docs/docs/configuration/frontend_management.md

@@ -26,7 +26,7 @@ config :pleroma, :frontends,
   }
 ```
 
-This would serve the frontend from the the folder at `$instance_static/frontends/pleroma/stable`. You have to copy the frontend into this folder yourself. You can choose the name and ref any way you like, but they will be used by mix tasks to automate installation in the future, the name referring to the project and the ref referring to a commit.
+This would serve the frontend from the folder at `$instance_static/frontends/pleroma/stable`. You have to copy the frontend into this folder yourself. You can choose the name and ref any way you like, but they will be used by mix tasks to automate installation in the future, the name referring to the project and the ref referring to a commit.
 
 Refer to [the frontend CLI task](../../administration/CLI_tasks/frontend) for how to install the frontend's files
 

docs/docs/configuration/howto_theming_your_instance.md

@@ -6,7 +6,7 @@ To add a custom theme to your instance, you'll first need to get a custom theme,
 
 ### Create your own theme
 
-* You can create your own theme using the Pleroma FE by going to settings (gear on the top right) and choose the Theme tab. Here you have the options to create a personal theme.
+* You can create your own theme using the Akkoma FE by going to settings (gear on the top right) and choose the Theme tab. Here you have the options to create a personal theme.
 * To download your theme, you can do Save preset
 * If you want to upload a theme to customise it further, you can upload it using Load preset
 
@@ -60,7 +60,7 @@ Example of `my-awesome-theme.json` where we add the name "My Awesome Theme"
 
 ### Set as default theme
 
-Now we can set the new theme as default in the [Pleroma FE configuration](https://docs-fe.akkoma.dev/stable/CONFIGURATION).
+Now we can set the new theme as default in the [Pleroma FE configuration](https://docs-fe.akkoma.dev/stable/CONFIGURATION/).
 
 Example of adding the new theme in the back-end config files
 ```elixir
@@ -70,4 +70,4 @@ config :pleroma, :frontend_configurations,
   }
 ```
 
-If you added it in the back-end configuration file, you'll need to restart your instance for the changes to take effect. If you don't see the changes, it's probably because the browser has cached the previous theme. In that case you'll want to clear browser caches. Alternatively you can use a private/incognito window just to see the changes.
+If you added it in the back-end configuration file, you'll need to restart your instance for the changes to take effect. If you don't see the changes, it's probably because the browser has cached the previous theme. In that case you'll want to clear browser caches. Alternatively you can use a private/incognito window just to see the changes.

docs/docs/configuration/mrf.md

@@ -35,6 +35,7 @@ Once `SimplePolicy` is enabled, you can configure various groups in the `:mrf_si
 * `media_removal`: Servers in this group will have media stripped from incoming messages.
 * `avatar_removal`: Avatars from these servers will be stripped from incoming messages.
 * `banner_removal`: Banner images from these servers will be stripped from incoming messages.
+* `background_removal`: User background images from these servers will be stripped from incoming messages.
 * `report_removal`: Servers in this group will have their reports (flags) rejected.
 * `federated_timeline_removal`: Servers in this group will have their messages unlisted from the public timelines by flipping the `to` and `cc` fields.
 * `reject_deletes`: Deletion requests will be rejected from these servers.
@@ -61,6 +62,32 @@ config :pleroma, :mrf_simple,
 
 The effects of MRF policies can be very drastic. It is important to use this functionality carefully. Always try to talk to an admin before writing an MRF policy concerning their instance.
 
+## Hiding or Obfuscating Policies
+
+You can opt out of publicly displaying all MRF policies or only hide or obfuscate selected domains.
+
+To just hide everything set:
+
+```elixir
+config :pleroma, :mrf,
+  ...
+  transparency: false,
+```
+
+To hide or obfuscate only select entries, use:
+
+```elixir
+config :pleroma, :mrf,
+  ...
+  transparency_obfuscate_domains: ["handholdi.ng", "badword.com"],
+  transparency_exclusions: [{"ghost.club", "even a fragment is too spoopy for humans"}]
+```
+
+## More MRF Policies
+
+See the [documentation cheatsheet](cheatsheet.md)
+for all available MRF policies and their options.
+
 ## Writing your own MRF Policy
 
 As discussed above, the MRF system is a modular system that supports pluggable policies. This means that an admin may write a custom MRF policy in Elixir or any other language that runs on the Erlang VM, by specifying the module name in the `policies` config setting.

docs/docs/development/API/akkoma_api.md

@@ -0,0 +1,146 @@
+# Akkoma API
+
+Request authentication (if required) and parameters work the same as for [Pleroma API](pleroma_api.md).
+
+## `/api/v1/akkoma/preferred_frontend/available`
+### Returns the available frontends which can be picked as the preferred choice
+* Method: `GET`
+* Authentication: not required
+* Params: none
+* Response: JSON
+* Example response:
+```json
+["pleroma-fe/stable"]
+```
+
+!!! note
+    There’s also a browser UI under `/akkoma/frontend`
+    for interactively querying and changing this.
+
+## `/api/v1/akkoma/preferred_frontend`
+### Configures the preferred frontend of this session
+* Method: `PUT`
+* Authentication: not required
+* Params:
+    * `frontend_name`: STRING containing one of the available frontends
+* Response: JSON
+* Example response:
+```json
+{"frontend_name":"pleroma-fe/stable"}
+```
+
+!!! note
+    There’s also a browser UI under `/akkoma/frontend`
+    for interactively querying and changing this.
+
+## `/api/v1/akkoma/metrics`
+### Provides metrics for Prometheus to scrape
+* Method: `GET`
+* Authentication: required (admin:metrics)
+* Params: none
+* Response: text
+* Example response:
+```
+# HELP pleroma_remote_users_total
+# TYPE pleroma_remote_users_total gauge
+pleroma_remote_users_total 25
+# HELP pleroma_local_statuses_total
+# TYPE pleroma_local_statuses_total gauge
+pleroma_local_statuses_total 17
+# HELP pleroma_domains_total
+# TYPE pleroma_domains_total gauge
+pleroma_domains_total 4
+# HELP pleroma_local_users_total
+# TYPE pleroma_local_users_total gauge
+pleroma_local_users_total 3
+...
+```
+
+## `/api/v1/akkoma/translation/languages`
+### Returns available source and target languages for automated text translation
+* Method: `GET`
+* Authentication: required
+* Params: none
+* Response: JSON
+* Example response:
+```json
+{
+  "source": [
+    {"code":"LV", "name":"Latvian"},
+    {"code":"ZH", "name":"Chinese (traditional)"},
+    {"code":"EN-US", "name":"English (American)"}
+  ],
+  "target": [
+    {"code":"EN-GB", "name":"English (British)"},
+    {"code":"JP", "name":"Japanese"}
+  ]
+}
+```
+
+## `/api/v1/akkoma/frontend_settings/:frontend_name`
+### Lists all configuration profiles of the selected frontend for the current user
+* Method: `GET`
+* Authentication: required
+* Params: none
+* Response: JSON
+* Example response:
+```json
+[
+  {"name":"default","version":31}
+]
+```
+
+## `/api/v1/akkoma/frontend_settings/:frontend_name/:profile_name`
+### Returns the full selected frontend settings profile of the current user
+* Method: `GET`
+* Authentication: required
+* Params: none
+* Response: JSON
+* Example response:
+```json
+{
+  "version": 31,
+  "settings": {
+    "streaming": true,
+    "conversationDisplay": "tree",
+    ...
+  }
+}
+```
+
+## `/api/v1/akkoma/frontend_settings/:frontend_name/:profile_name`
+### Updates the frontend settings profile
+* Method: `PUT`
+* Authentication: required
+* Params:
+    * `version`: INTEGER
+    * `settings`: JSON object containing the entire new settings
+* Response: JSON
+* Example response:
+```json
+{
+  "streaming": false,
+  "conversationDisplay": "tree",
+  ...
+}
+```
+
+!!! note
+    The `version` field must be increased by exactly one on each update
+
+## `/api/v1/akkoma/frontend_settings/:frontend_name/:profile_name`
+### Drops the specified frontend settings profile
+* Method: `DELETE`
+* Authentication: required
+* Params: none
+* Response: JSON
+* Example response:
+```json
+{"deleted":"ok"}
+```
+
+
+## `/api/v1/timelines/bubble`
+### Returns a timeline for the local and closely related instances
+Works like all other Mastodon-API timeline queries with the documented
+[Akkoma-specific additions and tweaks](./differences_in_mastoapi_responses.md#timelines).

docs/docs/development/API/differences_in_mastoapi_responses.md

@@ -1,6 +1,6 @@
 # Differences in Mastodon API responses from vanilla Mastodon
 
-A Akkoma instance can be identified by "<Mastodon version> (compatible; Pleroma <version>)" present in `version` field in response from `/api/v1/instance`
+A Akkoma instance can be identified by "<Mastodon version> (compatible; Akkoma <version>)" present in `version` field in response from `/api/v1/instance`
 
 ## Flake IDs
 
@@ -8,23 +8,32 @@ Akkoma uses 128-bit ids as opposed to Mastodon's 64 bits. However, just like Mas
 
 ## Timelines
 
+In addition to Mastodon’s timelines, there is also a “bubble timeline” showing
+posts from the local instance and a set of closely related instances as chosen
+by the administrator. It is available under `/api/v1/timelines/bubble`.
+
 Adding the parameter `with_muted=true` to the timeline queries will also return activities by muted (not by blocked!) users.
 
 Adding the parameter `exclude_visibilities` to the timeline queries will exclude the statuses with the given visibilities. The parameter accepts an array of visibility types (`public`, `unlisted`, `private`, `direct`), e.g., `exclude_visibilities[]=direct&exclude_visibilities[]=private`.
 
-Adding the parameter `reply_visibility` to the public and home timelines queries will filter replies. Possible values: without parameter (default) shows all replies, `following` - replies directed to you or users you follow, `self` - replies directed to you.
+Adding the parameter `reply_visibility` to the public, bubble or home timelines queries will filter replies. Possible values: without parameter (default) shows all replies, `following` - replies directed to you or users you follow, `self` - replies directed to you.
 
 Adding the parameter `instance=lain.com` to the public timeline will show only statuses originating from `lain.com` (or any remote instance).
 
-Home, public, hashtag & list timelines accept these parameters:
+All but the direct timeline accept these parameters:
 
 - `only_media`: show only statuses with media attached
-- `local`: show only local statuses
 - `remote`: show only remote statuses
 
+Home, public, hashtag & list timelines further accept:
+
+- `local`: show only local statuses
+
+
 ## Statuses
 
 - `visibility`: has additional possible values `list` and `local` (for local-only statuses)
+- `emoji_reactions`: additional field since Akkoma 3.2.0; identical to `pleroma/emoji_reactions`
 
 Has these additional fields under the `pleroma` object:
 
@@ -36,7 +45,9 @@ Has these additional fields under the `pleroma` object:
 - `spoiler_text`: a map consisting of alternate representations of the `spoiler_text` property with the key being its mimetype. Currently, the only alternate representation supported is `text/plain`
 - `expires_at`: a datetime (iso8601) that states when the post will expire (be deleted automatically), or empty if the post won't expire
 - `thread_muted`: true if the thread the post belongs to is muted
-- `emoji_reactions`: A list with emoji / reaction maps. The format is `{name: "☕", count: 1, me: true}`. Contains no information about the reacting users, for that use the `/statuses/:id/reactions` endpoint.
+- `emoji_reactions`: A list with emoji / reaction maps. The format is `{name: "☕", count: 2, me: true, account_ids: ["UserID1", "UserID2"]}`.
+  The `account_ids` property was added in Akkoma 3.2.0.
+  Further info about all reacting users at once, can be found using the `/statuses/:id/reactions` endpoint.
 - `parent_visible`: If the parent of this post is visible to the user or not.
 - `pinned_at`: a datetime (iso8601) when status was pinned, `null` otherwise.
 
@@ -110,6 +121,12 @@ Has these additional fields under the `pleroma` object:
 - `notification_settings`: object, can be absent. See `/api/v1/pleroma/notification_settings` for the parameters/keys returned.
 - `favicon`: nullable URL string, Favicon image of the user's instance
 
+Has these additional fields under the `akkoma` object:
+
+- `instance`: nullable object with metadata about the user’s instance
+- `status_ttl_days`: nullable int, default time after which statuses are deleted
+- `permit_followback`: boolean, whether follows from followed accounts are auto-approved
+
 ### Source
 
 Has these additional fields under the `pleroma` object:
@@ -214,6 +231,11 @@ Returns: array of Status.
 
 The maximum number of statuses is limited to 100 per request.
 
+## PUT `/api/v1/statuses/:id/emoji_reactions/:emoji`
+
+This endpoint is an extension of the Fedibird Mastodon fork.
+It behaves identical to PUT `/api/v1/pleroma/statuses/:id/reactions/:emoji`.
+
 ## PATCH `/api/v1/accounts/update_credentials`
 
 Additional parameters can be added to the JSON body/Form data:

docs/docs/index.md

@@ -3,7 +3,7 @@
 # Introduction to Akkoma
 ## What is Akkoma?
 Akkoma is a federated social networking platform, compatible with Mastodon and other ActivityPub implementations. It is free software licensed under the AGPLv3.
-It actually consists of two components: a backend, named simply Akkoma, and a user-facing frontend, named Pleroma-FE. It also includes the Mastodon frontend, if that's your thing.
+It actually consists of two components: a backend, named simply Akkoma, and a user-facing frontend, named Akkoma-FE. It also includes the Mastodon frontend, if that's your thing.
 It's part of what we call the fediverse, a federated network of instances which speak common protocols and can communicate with each other.
 One account on an instance is enough to talk to the entire fediverse!
 
@@ -31,11 +31,11 @@ Installation instructions can be found in the installation section of these docs
 ## I got an account, now what?
 Great! Now you can explore the fediverse! Open the login page for your Akkoma instance (e.g. <https://otp.akkoma.dev>) and login with your username and password. (If you don't have an account yet, click on Register)
 
-### Pleroma-FE
-The default front-end used by Akkoma is Pleroma-FE. You can find more information on what it is and how to use it in the [Introduction to Pleroma-FE](https://docs-fe.akkoma.dev/stable/).
+### Akkoma-FE
+The default front-end used by Akkoma is Akkoma-FE. You can find more information on what it is and how to use it in the [Introduction to Akkoma-FE](https://docs-fe.akkoma.dev/stable/).
 
 ### Mastodon interface
-If the Pleroma-FE interface isn't your thing, or you're just trying something new but you want to keep using the familiar Mastodon interface, we got that too!
+If the Akkoma-FE interface isn't your thing, or you're just trying something new but you want to keep using the familiar Mastodon interface, we got that too!
 Just add a "/web" after your instance url (e.g. <https://otp.akkoma.dev/web>) and you'll end on the Mastodon web interface, but with a Akkoma backend! MAGIC!
 The Mastodon interface is from the Glitch-soc fork. For more information on the Mastodon interface you can check the [Mastodon](https://docs.joinmastodon.org/) and [Glitch-soc](https://glitch-soc.github.io/docs/) documentation.
 

docs/docs/installation/debian_based_en.md

@@ -4,7 +4,7 @@
 
 ## Installation
 
-This guide will assume you are on Debian 11 (“bullseye”) or later. This guide should also work with Ubuntu 18.04 (“Bionic Beaver”) and later. It also assumes that you have administrative rights, either as root or a user with [sudo permissions](https://www.digitalocean.com/community/tutorials/how-to-add-delete-and-grant-sudo-privileges-to-users-on-a-debian-vps). If you want to run this guide with root, ignore the `sudo` at the beginning of the lines, unless it calls a user like `sudo -Hu akkoma`; in this case, use `su <username> -s $SHELL -c 'command'` instead.
+This guide will assume you are on Debian 12 (“bookworm”) or later. This guide should also work with Ubuntu 22.04 (“Jammy Jellyfish”) and later. It also assumes that you have administrative rights, either as root or a user with [sudo permissions](https://www.digitalocean.com/community/tutorials/how-to-add-delete-and-grant-sudo-privileges-to-users-on-a-debian-vps). If you want to run this guide with root, ignore the `sudo` at the beginning of the lines, unless it calls a user like `sudo -Hu akkoma`; in this case, use `su <username> -s $SHELL -c 'command'` instead.
 
 {! installation/generic_dependencies.include !}
 
@@ -23,23 +23,7 @@ sudo apt full-upgrade
 sudo apt install git build-essential postgresql postgresql-contrib cmake libmagic-dev
 ```
 
-### Install Elixir and Erlang
-
-* Install Elixir and Erlang (you might need to use backports or [asdf](https://github.com/asdf-vm/asdf) on old systems):
-
-```shell
-sudo apt update
-sudo apt install elixir erlang-dev erlang-nox
-```
-
-
-### Optional packages: [`docs/installation/optional/media_graphics_packages.md`](../installation/optional/media_graphics_packages.md)
-
-```shell
-sudo apt install imagemagick ffmpeg libimage-exiftool-perl
-```
-
-### Install AkkomaBE
+### Create the akkoma user
 
 * Add a new system user for the Akkoma service:
 
@@ -49,7 +33,67 @@ sudo useradd -r -s /bin/false -m -d /var/lib/akkoma -U akkoma
 
 **Note**: To execute a single command as the Akkoma system user, use `sudo -Hu akkoma command`. You can also switch to a shell by using `sudo -Hu akkoma $SHELL`. If you don’t have and want `sudo` on your system, you can use `su` as root user (UID 0) for a single command by using `su -l akkoma -s $SHELL -c 'command'` and `su -l akkoma -s $SHELL` for starting a shell.
 
-* Git clone the AkkomaBE repository from stable-branch and make the Akkoma user the owner of the directory:
+### Install Elixir and Erlang
+
+If your distribution packages a recent enough version of Elixir, you can install it directly from the distro repositories and skip to the next section of the guide:
+
+```shell
+sudo apt install elixir erlang-dev erlang-nox
+```
+
+Otherwise use [asdf](https://github.com/asdf-vm/asdf) to install the latest versions of Elixir and Erlang.
+
+First, install some dependencies needed to build Elixir and Erlang:
+```shell
+sudo apt install curl unzip build-essential autoconf m4 libncurses5-dev libssh-dev unixodbc-dev xsltproc libxml2-utils libncurses-dev
+```
+
+Then login to the `akkoma` user and install asdf:
+```shell
+git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.11.3
+```
+
+Add the following lines to `~/.bashrc`:
+```shell
+. "$HOME/.asdf/asdf.sh"
+# asdf completions
+. "$HOME/.asdf/completions/asdf.bash"
+```
+
+Restart the shell:
+```shell
+exec $SHELL
+```
+
+Next install Erlang:
+```shell
+asdf plugin add erlang https://github.com/asdf-vm/asdf-erlang.git
+export KERL_CONFIGURE_OPTIONS="--disable-debug --without-javac"
+asdf install erlang 25.3.2.5
+asdf global erlang 25.3.2.5
+```
+
+Now install Elixir:
+```shell
+asdf plugin-add elixir https://github.com/asdf-vm/asdf-elixir.git
+asdf install elixir 1.15.4-otp-25
+asdf global elixir 1.15.4-otp-25
+```
+
+Confirm that Elixir is installed correctly by checking the version:
+```shell
+elixir --version
+```
+
+### Optional packages: [`docs/installation/optional/media_graphics_packages.md`](../installation/optional/media_graphics_packages.md)
+
+```shell
+sudo apt install imagemagick ffmpeg libimage-exiftool-perl
+```
+
+### Install AkkomaBE
+
+* Log into the `akkoma` user and clone the AkkomaBE repository from the stable branch and make the Akkoma user the owner of the directory:
 
 ```shell
 sudo mkdir -p /opt/akkoma

docs/docs/installation/docker_en.md

@@ -10,7 +10,7 @@ If you want to migrate from or OTP to docker, check out [the migration guide](./
 
 ### Prepare the system
 
-* Install docker and docker-compose
+* Install docker and docker compose
   * [Docker](https://docs.docker.com/engine/install/) 
   * [Docker-compose](https://docs.docker.com/compose/install/)
   * This will usually just be a repository installation and a package manager invocation.
@@ -26,7 +26,7 @@ echo "DOCKER_USER=$(id -u):$(id -g)" >> .env
 ```
 
 This probably won't need to be changed, it's only there to set basic environment
-variables for the docker-compose file.
+variables for the docker compose file.
 
 ### Building the container
 
@@ -65,9 +65,9 @@ cp config/generated_config.exs config/prod.secret.exs
 We need to run a few commands on the database container, this isn't too bad
 
 ```bash
-docker-compose run --rm --user akkoma -d db 
+docker compose run --rm --user akkoma -d db 
 # Note down the name it gives here, it will be something like akkoma_db_run
-docker-compose run --rm akkoma psql -h db -U akkoma -f config/setup_db.psql
+docker compose run --rm akkoma psql -h db -U akkoma -f config/setup_db.psql
 docker stop akkoma_db_run # Replace with the name you noted down
 ```
 
@@ -84,17 +84,17 @@ We're going to run it in the foreground on the first run, just to make sure
 everything start up.
 
 ```bash
-docker-compose up
+docker compose up
 ```
 
 If everything went well, you should be able to access your instance at http://localhost:4000
 
-You can `ctrl-c` out of the docker-compose now to shutdown the server.
+You can `ctrl-c` out of the docker compose now to shutdown the server.
 
 ### Running in the background
 
 ```bash
-docker-compose up -d
+docker compose up -d
 ```
 
 ### Create your first user
@@ -125,8 +125,8 @@ cp docker-resources/Caddyfile.example docker-resources/Caddyfile
 
 Then edit the TLD in your caddyfile to the domain you're serving on.
 
-Uncomment the `caddy` section in the docker-compose file,
-then run `docker-compose up -d` again.
+Uncomment the `caddy` section in the docker compose file,
+then run `docker compose up -d` again.
 
 #### Running a reverse proxy on the host
 
@@ -152,7 +152,7 @@ git pull
 ./docker-resources/manage.sh mix deps.get
 ./docker-resources/manage.sh mix compile
 ./docker-resources/manage.sh mix ecto.migrate
-docker-compose restart akkoma db
+docker compose restart akkoma db
 ```
 
 #### Further reading

docs/docs/installation/generic_dependencies.include

@@ -2,7 +2,7 @@
 
 * PostgreSQL 9.6+
 * Elixir 1.14+
-* Erlang OTP 24+
+* Erlang OTP 25+
 * git
 * file / libmagic
 * gcc (clang might also work)

docs/docs/installation/migrating_to_akkoma.md

@@ -40,7 +40,7 @@ If you are on pleroma develop, and have updated since 2022-08, you may have issu
 Please roll back the given migrations:
 
 ```bash
-MIX_ENV=prod mix ecto.rollback --migrations-path priv/repo/optional_migrations/pleroma_develop_rollbacks -n3
+MIX_ENV=prod mix ecto.rollback --migrations-path priv/repo/optional_migrations/pleroma_develop_rollbacks -n5
 ```
 
 Then compile, migrate and restart as usual.
@@ -117,4 +117,16 @@ To fix this, run:
     mix pleroma.config delete pleroma frontends
     ```
 
-which will remove the config from the database. Things should work now.
+which will remove the config from the database. Things should work now.
+
+## Migrating back to Pleroma
+
+Akkoma is a hard fork of Pleroma. As such, migrating back is not guaranteed to always work. But if you want to migrate back to Pleroma, you can always try. Just note that you may run into unexpected issues and you're basically on your own. The following are some tips that may help, but note that these are barely tested, so proceed at your own risk.
+
+First you will need to roll back the database migrations. The latest migration both Akkoma and Pleroma still have in common should be 20210416051708, so roll back to that. If you run from source, that should be
+
+```sh
+MIX_ENV=prod mix ecto.rollback --to 20210416051708
+```
+
+Then switch back to Pleroma for updates (similar to how was done to migrate to Akkoma), and remove the front-ends. The front-ends are installed in the `frontends` folder in the [static directory](../configuration/static_dir.md). Once you are back to Pleroma, you will need to run the database migrations again. See the Pleroma documentation for this.

docs/docs/installation/migrating_to_docker_en.md

@@ -10,7 +10,7 @@ You probably should, in the first instance.
 
 ### Prepare the system
 
-* Install docker and docker-compose
+* Install docker and docker compose
     * [Docker](https://docs.docker.com/engine/install/)
     * [Docker-compose](https://docs.docker.com/compose/install/)
     * This will usually just be a repository installation and a package manager invocation.
@@ -46,7 +46,7 @@ For *most* from-source installs it'll already be there.
 And the same with `uploads`, make sure your uploads (if you have them on disk) are
 located at `uploads/` in the akkoma source directory.
 
-If you have them on a different disk, you will need to mount that disk into the docker-compose file,
+If you have them on a different disk, you will need to mount that disk into the docker compose file,
 with an entry that looks like this:
 
 ```yaml
@@ -66,7 +66,7 @@ echo "DOCKER_USER=$(id -u):$(id -g)" >> .env
 ```
 
 This probably won't need to be changed, it's only there to set basic environment
-variables for the docker-compose file.
+variables for the docker compose file.
 
 === "From source"
 
@@ -126,21 +126,21 @@ mkdir pgdata
 Now we can import our database to the container.
 
 ```bash
-docker-compose run --rm --user akkoma -d db 
-docker-compose run --rm akkoma pg_restore -v -U akkoma -j $(grep -c ^processor /proc/cpuinfo) -d akkoma -h db akkoma_backup.sql
+docker compose run --rm --user akkoma -d db 
+docker compose run --rm akkoma pg_restore -v -U akkoma -j $(grep -c ^processor /proc/cpuinfo) -d akkoma -h db akkoma_backup.sql
 ```
 
 ### Reverse proxies
 
 If you're just reusing your old proxy, you may have to uncomment the line in
-the docker-compose file under `ports`. You'll find it.
+the docker compose file under `ports`. You'll find it.
 
 Otherwise, you can use the same setup as the [docker installation guide](./docker_en.md#reverse-proxies).
 
 ### Let's go
 
 ```bash
-docker-compose up -d
+docker compose up -d
 ```
 
 You should now be at the same point as you were before, but with a docker install.

docs/docs/installation/optional/media_graphics_packages.md

@@ -1,19 +1,19 @@
 # Optional software packages needed for specific functionality
 
-For specific Pleroma functionality (which is disabled by default) some or all of the below packages are required:
-  * `ImageMagic`
+For specific Akkoma functionality (which is disabled by default) some or all of the below packages are required:
+  * `ImageMagick`
   * `ffmpeg`
   * `exiftool`
   
 Please refer to documentation in `docs/installation` on how to install them on specific OS.
   
-Note: the packages are not required with the current default settings of Pleroma.
+Note: the packages are not required with the current default settings of Akkoma.
 
 ## `ImageMagick`
 
 `ImageMagick` is a set of tools to create, edit, compose, or convert bitmap images.
 
-It is required for the following Pleroma features:
+It is required for the following Akkoma features:
   * `Pleroma.Upload.Filters.Mogrify`, `Pleroma.Upload.Filters.Mogrifun` upload filters (related config: `Plaroma.Upload/filters` in `config/config.exs`)
   * Media preview proxy for still images (related config: `media_preview_proxy/enabled` in `config/config.exs`)
   
@@ -21,12 +21,12 @@ It is required for the following Pleroma features:
 
 `ffmpeg` is software to record, convert and stream audio and video.
 
-It is required for the following Pleroma features:
+It is required for the following Akkoma features:
   * Media preview proxy for videos (related config: `media_preview_proxy/enabled` in `config/config.exs`)
 
 ## `exiftool`
 
 `exiftool` is media files metadata reader/writer.
 
-It is required for the following Pleroma features:
+It is required for the following Akkoma features:
   * `Pleroma.Upload.Filters.Exiftool` upload filter (related config: `Plaroma.Upload/filters` in `config/config.exs`)

docs/docs/installation/otp_en.md

@@ -5,7 +5,7 @@
 This guide covers a installation using an OTP release. To install Akkoma from source, please check out the corresponding guide for your distro.
 
 ## Pre-requisites
-* A machine running Linux with GNU (e.g. Debian, Ubuntu) or musl (e.g. Alpine) libc and an `x86_64` CPU you have root access to. If you are not sure if it's compatible see [Detecting flavour section](#detecting-flavour) below
+* A machine running Linux with GNU (e.g. Debian, Ubuntu) or musl (e.g. Alpine) libc and an `x86_64` or `arm64` CPU you have root access to. If you are not sure if it's compatible see [Detecting flavour section](#detecting-flavour) below
 * For installing OTP releases on RedHat-based distros like Fedora and Centos Stream, please follow [this guide](./otp_redhat_en.md) instead.
 * A (sub)domain pointed to the machine
 
@@ -15,16 +15,16 @@ While in theory OTP releases are possbile to install on any compatible machine,
 
 ### Detecting flavour
 
-This is a little more complex than it used to be (thanks ubuntu)
-
 Use the following mapping to figure out your flavour:
 
-| distribution  | flavour            | available branches  |
-| ------------- | ------------------ | ------------------- |
-| debian stable | amd64              | develop, stable     |
-| ubuntu focal  | amd64              | develop, stable     |
-| ubuntu jammy  | amd64-ubuntu-jammy | develop, stable     |
-| alpine        | amd64-musl         | stable              |
+| distribution    | architecture       | flavour             | available branches  |
+| --------------- | ------------------ | ------------------- | ------------------- |
+| debian bookworm | amd64              | amd64               | develop, stable     |
+| debian bookworm | arm64              | arm64               | stable              |
+| ubuntu jammy    | amd64              | amd64               | develop, stable     |
+| ubuntu jammy    | arm64              | arm64               | develop, stable     |
+| alpine          | amd64              | amd64-musl          | stable              |
+| alpine          | arm64              | arm64-musl          | stable              |
 
 Other similar distributions will _probably_ work, but if it is not listed above, there is no official
 support.
@@ -118,8 +118,12 @@ Restart PostgreSQL to apply configuration changes:
 adduser --system --shell  /bin/false --home /opt/akkoma akkoma
 
 # Set the flavour environment variable to the string you got in Detecting flavour section.
-# For example if the flavour is `amd64` the command will be
-export FLAVOUR="amd64"
+# For example if the flavour is `amd64-musl` the command will be
+#     export FLAVOUR="amd64-musl"
+export FLAVOUR="<replace-this-with-the-correct-flavour-string>"
+
+# Make sure the SHELL variable is set
+export SHELL="${SHELL:-/bin/sh}"
 
 # Clone the release build into a temporary directory and unpack it
 su akkoma -s $SHELL -lc "
@@ -183,18 +187,18 @@ The location of nginx configs is dependent on the distro
 
 === "Alpine"
     ```
-    cp /opt/akkoma/installation/nginx/akkoma.nginx /etc/nginx/conf.d/akkoma.conf
+    cp /opt/akkoma/installation/akkoma.nginx /etc/nginx/conf.d/akkoma.conf
     ```
 
 === "Debian/Ubuntu"
     ```
-    cp /opt/akkoma/installation/nginx/akkoma.nginx /etc/nginx/sites-available/akkoma.conf
+    cp /opt/akkoma/installation/akkoma.nginx /etc/nginx/sites-available/akkoma.conf
     ln -s /etc/nginx/sites-available/akkoma.conf /etc/nginx/sites-enabled/akkoma.conf
     ```
 
 If your distro does not have either of those you can append `include /etc/nginx/akkoma.conf` to the end of the http section in /etc/nginx/nginx.conf and
 ```sh
-cp /opt/akkoma/installation/nginx/akkoma.nginx /etc/nginx/akkoma.conf
+cp /opt/akkoma/installation/akkoma.nginx /etc/nginx/akkoma.conf
 ```
 
 #### Edit the nginx config

docs/docs/installation/otp_redhat_en.md

@@ -178,7 +178,7 @@ certbot certonly --standalone --preferred-challenges http -d yourinstance.tld
 #### Copy Akkoma nginx configuration to the nginx folder
 
 ```shell
-cp /opt/akkoma/installation/nginx/akkoma.nginx /etc/nginx/conf.d/akkoma.conf
+cp /opt/akkoma/installation/akkoma.nginx /etc/nginx/conf.d/akkoma.conf
 ```
 
 #### Edit the nginx config

docs/theme/partials/source.html

@@ -38,11 +38,11 @@
 {% endif %}
 
 {% if page and page.url.startswith('backend') %}
-  {% set repo_url = "https://git.pleroma.social/pleroma/pleroma" %}
-  {% set repo_name = "pleroma/pleroma" %}
+  {% set repo_url = "https://akkoma.dev/AkkomaGang/akkoma" %}
+  {% set repo_name = "AkkomaGang/akkoma" %}
 {% elif page and page.url.startswith('frontend') %}
-  {% set repo_url = "https://git.pleroma.social/pleroma/pleroma-fe" %}
-  {% set repo_name = "pleroma/pleroma-fe" %}
+  {% set repo_url = "https://akkoma.dev/AkkomaGang/akkoma-fe" %}
+  {% set repo_name = "AkkomaGang/akkoma-fe" %}
 {% else %}
   {% set repo_url = config.repo_url %}
   {% set repo_name = config.repo_name %}

installation/akkoma.service

@@ -8,6 +8,8 @@ Restart=on-failure
 
 ; Uncomment this if you're on Arch Linux
 ; Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl"
+; Uncomment if using asdf to manage Elixir and Erlang
+; Environment="PATH=/var/lib/akkoma/.asdf/shims:/var/lib/akkoma/.asdf/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
 ; Name of the user that runs the Akkoma service.
 User=akkoma
@@ -24,6 +26,8 @@ Environment="HOME=/var/lib/akkoma"
 WorkingDirectory=/opt/akkoma
 ; Path to the Mix binary.
 ExecStart=/usr/bin/mix phx.server
+; If using asdf comment the above line and uncomment the one below instead
+; ExecStart=/var/lib/akkoma/.asdf/shims/mix phx.server
 
 ; Some security directives.
 ; Use private /tmp and /var/tmp folders inside a new file system namespace, which are discarded after the process stops.
@@ -34,6 +38,8 @@ ProtectHome=true
 ProtectSystem=full
 ; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi.
 PrivateDevices=false
+; Ensures that the service process and all its children can never gain new privileges through execve(). 
+NoNewPrivileges=true
 ; Drops the sysadmin capability from the daemon.
 CapabilityBoundingSet=~CAP_SYS_ADMIN
 

installation/caddy/Caddyfile

@@ -4,6 +4,9 @@
 # 1. Replace 'example.tld' with your instance's domain wherever it appears.
 # 2. Copy this section into your Caddyfile and restart Caddy.
 
+# If you are able to, it's highly recommended to have your media served via a separate subdomain for improved security.
+# Uncomment the relevant sectons here and modify the base_url setting for Pleroma.Upload and :media_proxy accordingly.
+
 example.tld  {
   log {
     output file /var/log/caddy/akkoma.log
@@ -14,4 +17,21 @@ example.tld  {
   # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
   # and `localhost.` resolves to [::0] on some systems: see issue #930
   reverse_proxy 127.0.0.1:4000
+
+  # Uncomment if using a separate media subdomain
+  #@mediaproxy path /media/* /proxy/*
+  #handle @mediaproxy {
+  #  redir https://media.example.tld{uri} permanent
+  #}
 }
+
+# Uncomment if using a separate media subdomain
+#media.example.tld {
+#  @mediaproxy path /media/* /proxy/*
+#  reverse_proxy @mediaproxy 127.0.0.1:4000 {
+#    transport http {
+#      response_header_timeout 10s
+#      read_timeout 15s
+#    }
+#  }
+#}

installation/init.d/akkoma

@@ -8,6 +8,7 @@ pidfile="/var/run/akkoma.pid"
 directory=/opt/akkoma
 healthcheck_delay=60
 healthcheck_timer=30
+no_new_privs="yes"
 
 : ${akkoma_port:-4000}
 

lib/mix/tasks/pleroma/database.ex

@@ -359,7 +359,7 @@ defmodule Mix.Tasks.Pleroma.Database do
         )
       end
 
-      shell_info('Done.')
+      shell_info(~c"Done.")
     end
   end
 

lib/mix/tasks/pleroma/emoji.ex

@@ -130,6 +130,7 @@ defmodule Mix.Tasks.Pleroma.Emoji do
         }
 
         File.write!(Path.join(pack_path, "pack.json"), Jason.encode!(pack_json, pretty: true))
+        Pleroma.Emoji.reload()
       else
         IO.puts(IO.ANSI.format([:bright, :red, "No pack named \"#{pack_name}\" found"]))
       end
@@ -235,6 +236,8 @@ defmodule Mix.Tasks.Pleroma.Emoji do
 
       IO.puts("#{pack_file} has been created with the #{name} pack")
     end
+
+    Pleroma.Emoji.reload()
   end
 
   def run(["reload"]) do

lib/mix/tasks/pleroma/instance.ex

@@ -247,16 +247,22 @@ defmodule Mix.Tasks.Pleroma.Instance do
       config_dir = Path.dirname(config_path)
       psql_dir = Path.dirname(psql_path)
 
+      # Note: Distros requiring group read (0o750) on those directories should
+      # pre-create the directories.
       to_create =
         [config_dir, psql_dir, static_dir, uploads_dir]
         |> Enum.reject(&File.exists?/1)
 
       for dir <- to_create do
         File.mkdir_p!(dir)
+        File.chmod!(dir, 0o700)
       end
 
       shell_info("Writing config to #{config_path}.")
 
+      # Sadly no fchmod(2) equivalent in Elixir…
+      File.touch!(config_path)
+      File.chmod!(config_path, 0o640)
       File.write(config_path, result_config)
       shell_info("Writing the postgres script to #{psql_path}.")
       File.write(psql_path, result_psql)
@@ -275,8 +281,7 @@ defmodule Mix.Tasks.Pleroma.Instance do
     else
       shell_error(
         "The task would have overwritten the following files:\n" <>
-          (Enum.map(will_overwrite, &"- #{&1}\n") |> Enum.join("")) <>
-          "Rerun with `--force` to overwrite them."
+          Enum.map_join(will_overwrite, &"- #{&1}\n") <> "Rerun with `--force` to overwrite them."
       )
     end
   end

lib/mix/tasks/pleroma/search/meilisearch.ex

@@ -30,12 +30,12 @@ defmodule Mix.Tasks.Pleroma.Search.Meilisearch do
       meili_put(
         "/indexes/objects/settings/ranking-rules",
         [
-          "published:desc",
           "words",
-          "exactness",
           "proximity",
           "typo",
+          "exactness",
           "attribute",
+          "published:desc",
           "sort"
         ]
       )

lib/mix/tasks/pleroma/user.ex

@@ -11,6 +11,7 @@ defmodule Mix.Tasks.Pleroma.User do
   alias Pleroma.UserInviteToken
   alias Pleroma.Web.ActivityPub.Builder
   alias Pleroma.Web.ActivityPub.Pipeline
+  use Pleroma.Web, :verified_routes
 
   @shortdoc "Manages Pleroma users"
   @moduledoc File.read!("docs/docs/administration/CLI_tasks/user.md")
@@ -113,11 +114,7 @@ defmodule Mix.Tasks.Pleroma.User do
          {:ok, token} <- Pleroma.PasswordResetToken.create_token(user) do
       shell_info("Generated password reset token for #{user.nickname}")
 
-      IO.puts(
-        "URL: #{Pleroma.Web.Router.Helpers.reset_password_url(Pleroma.Web.Endpoint,
-        :reset,
-        token.token)}"
-      )
+      IO.puts("URL: #{~p[/api/v1/pleroma/password_reset/#{token.token}]}")
     else
       _ ->
         shell_error("No local user #{nickname}")
@@ -303,13 +300,7 @@ defmodule Mix.Tasks.Pleroma.User do
          {:ok, invite} <- UserInviteToken.create_invite(options) do
       shell_info("Generated user invite token " <> String.replace(invite.invite_type, "_", " "))
 
-      url =
-        Pleroma.Web.Router.Helpers.redirect_url(
-          Pleroma.Web.Endpoint,
-          :registration_page,
-          invite.token
-        )
-
+      url = url(~p[/registration/#{invite.token}])
       IO.puts(url)
     else
       error ->

lib/phoenix/transports/web_socket/raw.ex

@@ -26,7 +26,6 @@ defmodule Phoenix.Transports.WebSocket.Raw do
       conn
       |> fetch_query_params
       |> Transport.transport_log(opts[:transport_log])
-      |> Transport.force_ssl(handler, endpoint, opts)
       |> Transport.check_origin(handler, endpoint, opts)
 
     case conn do

lib/pleroma/activity.ex

@@ -390,7 +390,8 @@ defmodule Pleroma.Activity do
       active in fragment(
         "SELECT is_active from users WHERE ap_id = ? AND is_active = TRUE",
         activity.actor
-      )
+      ),
+      on: true
     )
   end
 

lib/pleroma/activity/ir/topics.ex

@@ -21,7 +21,7 @@ defmodule Pleroma.Activity.Ir.Topics do
     ["user", "list"] ++ visibility_tags(object, activity)
   end
 
-  defp visibility_tags(object, activity) do
+  defp visibility_tags(object, %{data: %{"type" => type}} = activity) when type != "Announce" do
     case Visibility.get_visibility(activity) do
       "public" ->
         if activity.local do
@@ -31,6 +31,10 @@ defmodule Pleroma.Activity.Ir.Topics do
         end
         |> item_creation_tags(object, activity)
 
+      "local" ->
+        ["public:local"]
+        |> item_creation_tags(object, activity)
+
       "direct" ->
         ["direct"]
 
@@ -39,6 +43,10 @@ defmodule Pleroma.Activity.Ir.Topics do
     end
   end
 
+  defp visibility_tags(_object, _activity) do
+    []
+  end
+
   defp item_creation_tags(tags, object, %{data: %{"type" => "Create"}} = activity) do
     tags ++
       remote_topics(activity) ++ hashtags_to_topics(object) ++ attachment_topics(object, activity)
@@ -63,7 +71,18 @@ defmodule Pleroma.Activity.Ir.Topics do
 
   defp attachment_topics(%{data: %{"attachment" => []}}, _act), do: []
 
-  defp attachment_topics(_object, %{local: true}), do: ["public:media", "public:local:media"]
+  defp attachment_topics(_object, %{local: true} = activity) do
+    case Visibility.get_visibility(activity) do
+      "public" ->
+        ["public:media", "public:local:media"]
+
+      "local" ->
+        ["public:local:media"]
+
+      _ ->
+        []
+    end
+  end
 
   defp attachment_topics(_object, %{actor: actor}) when is_binary(actor),
     do: ["public:media", "public:remote:media:" <> URI.parse(actor).host]

lib/pleroma/application.ex

@@ -53,6 +53,7 @@ defmodule Pleroma.Application do
     Config.DeprecationWarnings.warn()
     Pleroma.Web.Plugs.HTTPSecurityPlug.warn_if_disabled()
     Pleroma.ApplicationRequirements.verify!()
+    load_all_pleroma_modules()
     load_custom_modules()
     Pleroma.Docs.JSON.compile()
     limiters_setup()
@@ -87,7 +88,7 @@ defmodule Pleroma.Application do
     # Go for the default 3 unless we're in test
     max_restarts =
       if @mix_env == :test do
-        100
+        1000
       else
         3
       end
@@ -112,7 +113,7 @@ defmodule Pleroma.Application do
         num
       else
         e ->
-          Logger.warn(
+          Logger.warning(
             "Could not get the postgres version: #{inspect(e)}.\nSetting the default value of 9.6"
           )
 
@@ -144,6 +145,24 @@ defmodule Pleroma.Application do
     end
   end
 
+  def load_all_pleroma_modules do
+    :code.all_available()
+    |> Enum.filter(fn {mod, _, _} ->
+      mod
+      |> to_string()
+      |> String.starts_with?("Elixir.Pleroma.")
+    end)
+    |> Enum.map(fn {mod, _, _} ->
+      mod
+      |> to_string()
+      |> String.to_existing_atom()
+      |> Code.ensure_loaded!()
+    end)
+
+    # Use this when 1.15 is standard
+    # |> Code.ensure_all_loaded!()
+  end
+
   defp cachex_children do
     [
       build_cachex("used_captcha", ttl_interval: seconds_valid_interval()),
@@ -262,6 +281,8 @@ defmodule Pleroma.Application do
     proxy = Pleroma.HTTP.AdapterHelper.format_proxy(proxy_url)
     pool_size = Config.get([:http, :pool_size])
 
+    :public_key.cacerts_load()
+
     config =
       [:http, :adapter]
       |> Config.get([])

lib/pleroma/application_requirements.ex

@@ -34,7 +34,7 @@ defmodule Pleroma.ApplicationRequirements do
   defp check_welcome_message_config!(:ok) do
     if Pleroma.Config.get([:welcome, :email, :enabled], false) and
          not Pleroma.Emails.Mailer.enabled?() do
-      Logger.warn("""
+      Logger.warning("""
       To send welcome emails, you need to enable the mailer.
       Welcome emails will NOT be sent with the current config.
 
@@ -53,7 +53,7 @@ defmodule Pleroma.ApplicationRequirements do
   def check_confirmation_accounts!(:ok) do
     if Pleroma.Config.get([:instance, :account_activation_required]) &&
          not Pleroma.Emails.Mailer.enabled?() do
-      Logger.warn("""
+      Logger.warning("""
       Account activation is required, but the mailer is disabled.
       Users will NOT be able to confirm their accounts with this config.
       Either disable account activation or enable the mailer.

lib/pleroma/config/deprecation_warnings.ex

@@ -28,7 +28,7 @@ defmodule Pleroma.Config.DeprecationWarnings do
       |> Enum.any?(fn {_, v} -> is_list(v) and Enum.any?(v, &is_binary/1) end)
 
     if has_strings do
-      Logger.warn("""
+      Logger.warning("""
       !!!DEPRECATION WARNING!!!
       Your config is using strings in the SimplePolicy configuration instead of tuples. They should work for now, but you are advised to change to the new configuration to prevent possible issues later:
 
@@ -87,7 +87,7 @@ defmodule Pleroma.Config.DeprecationWarnings do
     has_strings = Config.get([:instance, :quarantined_instances], []) |> Enum.any?(&is_binary/1)
 
     if has_strings do
-      Logger.warn("""
+      Logger.warning("""
       !!!DEPRECATION WARNING!!!
       Your config is using strings in the quarantined_instances configuration instead of tuples. They should work for now, but you are advised to change to the new configuration to prevent possible issues later:
 
@@ -124,7 +124,7 @@ defmodule Pleroma.Config.DeprecationWarnings do
     has_strings = Config.get([:mrf, :transparency_exclusions]) |> Enum.any?(&is_binary/1)
 
     if has_strings do
-      Logger.warn("""
+      Logger.warning("""
       !!!DEPRECATION WARNING!!!
       Your config is using strings in the transparency_exclusions configuration instead of tuples. They should work for now, but you are advised to change to the new configuration to prevent possible issues later:
 
@@ -159,7 +159,7 @@ defmodule Pleroma.Config.DeprecationWarnings do
 
   def check_hellthread_threshold do
     if Config.get([:mrf_hellthread, :threshold]) do
-      Logger.warn("""
+      Logger.warning("""
       !!!DEPRECATION WARNING!!!
       You are using the old configuration mechanism for the hellthread filter. Please check config.md.
       """)
@@ -264,7 +264,7 @@ defmodule Pleroma.Config.DeprecationWarnings do
     if warning == "" do
       :ok
     else
-      Logger.warn(warning_preface <> warning)
+      Logger.warning(warning_preface <> warning)
       :error
     end
   end
@@ -274,7 +274,7 @@ defmodule Pleroma.Config.DeprecationWarnings do
     whitelist = Config.get([:media_proxy, :whitelist])
 
     if Enum.any?(whitelist, &(not String.starts_with?(&1, "http"))) do
-      Logger.warn("""
+      Logger.warning("""
       !!!DEPRECATION WARNING!!!
       Your config is using old format (only domain) for MediaProxy whitelist option. Setting should work for now, but you are advised to change format to scheme with port to prevent possible issues later.
       """)

lib/pleroma/config/oban.ex

@@ -23,7 +23,7 @@ defmodule Pleroma.Config.Oban do
           You are using old workers in Oban crontab settings, which were removed.
           Please, remove setting from crontab in your config file (prod.secret.exs): #{inspect(setting)}
           """
-          |> Logger.warn()
+          |> Logger.warning()
 
           List.delete(acc, setting)
         else

lib/pleroma/config/release_runtime_provider.ex

@@ -22,6 +22,20 @@ defmodule Pleroma.Config.ReleaseRuntimeProvider do
 
     with_runtime_config =
       if File.exists?(config_path) do
+        # <https://git.pleroma.social/pleroma/pleroma/-/issues/3135>
+        %File.Stat{mode: mode} = File.stat!(config_path)
+
+        if Bitwise.band(mode, 0o007) > 0 do
+          raise "Configuration at #{config_path} has world-permissions, execute the following: chmod o= #{config_path}"
+        end
+
+        if Bitwise.band(mode, 0o020) > 0 do
+          raise "Configuration at #{config_path} has group-wise write permissions, execute the following: chmod g-w #{config_path}"
+        end
+
+        # Note: Elixir doesn't provides a getuid(2)
+        # so cannot forbid group-read only when config is owned by us
+
         runtime_config = Config.Reader.read!(config_path)
 
         with_defaults

lib/pleroma/config/transfer_task.ex

@@ -110,7 +110,7 @@ defmodule Pleroma.Config.TransferTask do
 
   defp configure({_, :backends, _, merged}) do
     # removing current backends
-    Enum.each(Application.get_env(:logger, :backends), &Logger.remove_backend/1)
+    Enum.each(Application.get_env(:logger, :backends, []), &Logger.remove_backend/1)
 
     Enum.each(merged, &Logger.add_backend/1)
 
@@ -149,7 +149,7 @@ defmodule Pleroma.Config.TransferTask do
         error_msg =
           "updating env causes error, group: #{inspect(group)}, key: #{inspect(key)}, value: #{inspect(value)} error: #{inspect(error)}"
 
-        Logger.warn(error_msg)
+        Logger.warning(error_msg)
 
         nil
     end
@@ -183,12 +183,12 @@ defmodule Pleroma.Config.TransferTask do
       :ok = Application.start(app)
     else
       nil ->
-        Logger.warn("#{app} is not started.")
+        Logger.warning("#{app} is not started.")
 
       error ->
         error
         |> inspect()
-        |> Logger.warn()
+        |> Logger.warning()
     end
   end
 

lib/pleroma/constants.ex

@@ -25,7 +25,7 @@ defmodule Pleroma.Constants do
 
   const(static_only_files,
     do:
-      ~w(index.html robots.txt static static-fe finmoji emoji packs sounds images instance sw.js sw-pleroma.js favicon.png schemas doc embed.js embed.css)
+      ~w(index.html robots.txt static static-fe finmoji emoji packs sounds images instance embed sw.js sw-pleroma.js favicon.png schemas doc)
   )
 
   const(status_updatable_fields,

lib/pleroma/emails/admin_email.ex

@@ -6,10 +6,13 @@ defmodule Pleroma.Emails.AdminEmail do
   @moduledoc "Admin emails"
 
   import Swoosh.Email
-
+  use Pleroma.Web, :mailer
   alias Pleroma.Config
   alias Pleroma.HTML
-  alias Pleroma.Web.Router.Helpers
+
+  use Phoenix.VerifiedRoutes,
+    endpoint: Pleroma.Web.Endpoint,
+    router: Pleroma.Web.Router
 
   defp instance_config, do: Config.get(:instance)
   defp instance_name, do: instance_config()[:name]
@@ -45,7 +48,7 @@ defmodule Pleroma.Emails.AdminEmail do
           statuses
           |> Enum.map(fn
             %{id: id} ->
-              status_url = Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, id)
+              status_url = url(~p[/notice/#{id}])
               "<li><a href=\"#{status_url}\">#{status_url}</li>"
 
             %{"id" => id} when is_binary(id) ->

lib/pleroma/emails/user_email.ex

@@ -6,12 +6,11 @@ defmodule Pleroma.Emails.UserEmail do
   @moduledoc "User emails"
 
   require Pleroma.Web.Gettext
+  use Pleroma.Web, :mailer
 
   alias Pleroma.Config
   alias Pleroma.User
-  alias Pleroma.Web.Endpoint
   alias Pleroma.Web.Gettext
-  alias Pleroma.Web.Router
 
   import Swoosh.Email
   import Phoenix.Swoosh, except: [render_body: 3]
@@ -75,7 +74,7 @@ defmodule Pleroma.Emails.UserEmail do
 
   def password_reset_email(user, token) when is_binary(token) do
     Gettext.with_locale_or_default user.language do
-      password_reset_url = Router.Helpers.reset_password_url(Endpoint, :reset, token)
+      password_reset_url = url(~p[/api/v1/pleroma/password_reset/#{token}])
 
       html_body =
         Gettext.dpgettext(
@@ -108,12 +107,7 @@ defmodule Pleroma.Emails.UserEmail do
         to_name \\ nil
       ) do
     Gettext.with_locale_or_default user.language do
-      registration_url =
-        Router.Helpers.redirect_url(
-          Endpoint,
-          :registration_page,
-          user_invite_token.token
-        )
+      registration_url = url(~p[/registration/#{user_invite_token.token}])
 
       html_body =
         Gettext.dpgettext(
@@ -146,13 +140,7 @@ defmodule Pleroma.Emails.UserEmail do
 
   def account_confirmation_email(user) do
     Gettext.with_locale_or_default user.language do
-      confirmation_url =
-        Router.Helpers.confirm_email_url(
-          Endpoint,
-          :confirm_email,
-          user.id,
-          to_string(user.confirmation_token)
-        )
+      confirmation_url = url(~p[/api/account/confirm_email/#{user.id}/#{user.confirmation_token}])
 
       html_body =
         Gettext.dpgettext(
@@ -342,7 +330,7 @@ defmodule Pleroma.Emails.UserEmail do
       |> Pleroma.JWT.generate_and_sign!()
       |> Base.encode64()
 
-    Router.Helpers.subscription_url(Endpoint, :unsubscribe, token)
+    url(~p[/mailer/unsubscribe/#{token}])
   end
 
   def backup_is_ready_email(backup, admin_user_id \\ nil) do

lib/pleroma/emoji/loader.ex

@@ -59,7 +59,7 @@ defmodule Pleroma.Emoji.Loader do
           Logger.info("Found emoji packs: #{Enum.join(packs, ", ")}")
 
           if not Enum.empty?(files) do
-            Logger.warn(
+            Logger.warning(
               "Found files in the emoji folder. These will be ignored, please move them to a subdirectory\nFound files: #{Enum.join(files, ", ")}"
             )
           end

lib/pleroma/emoji/pack.ex

@@ -287,6 +287,7 @@ defmodule Pleroma.Emoji.Pack do
 
   @spec load_pack(String.t()) :: {:ok, t()} | {:error, :file.posix()}
   def load_pack(name) do
+    name = Path.basename(name)
     pack_file = Path.join([emoji_path(), name, "pack.json"])
 
     with {:ok, _} <- File.stat(pack_file),
@@ -411,10 +412,10 @@ defmodule Pleroma.Emoji.Pack do
   end
 
   defp create_archive_and_cache(pack, hash) do
-    files = ['pack.json' | Enum.map(pack.files, fn {_, file} -> to_charlist(file) end)]
+    files = [~c"pack.json" | Enum.map(pack.files, fn {_, file} -> to_charlist(file) end)]
 
     {:ok, {_, result}} =
-      :zip.zip('#{pack.name}.zip', files, [:memory, cwd: to_charlist(pack.path)])
+      :zip.zip(~c"#{pack.name}.zip", files, [:memory, cwd: to_charlist(pack.path)])
 
     ttl_per_file = Pleroma.Config.get!([:emoji, :shared_pack_cache_seconds_per_file])
     overall_ttl = :timer.seconds(ttl_per_file * Enum.count(files))
@@ -581,7 +582,7 @@ defmodule Pleroma.Emoji.Pack do
     with :ok <- File.mkdir_p!(local_pack.path) do
       files = Enum.map(remote_pack["files"], fn {_, path} -> to_charlist(path) end)
       # Fallback cannot contain a pack.json file
-      files = if pack_info[:fallback], do: files, else: ['pack.json' | files]
+      files = if pack_info[:fallback], do: files, else: [~c"pack.json" | files]
 
       :zip.unzip(archive, cwd: to_charlist(local_pack.path), file_list: files)
     end

lib/pleroma/http.ex

@@ -27,10 +27,10 @@ defmodule Pleroma.HTTP do
           nil | {:ok, Env.t()} | {:error, any()}
   def get(url, headers \\ [], options \\ [])
   def get(nil, _, _), do: nil
-  def get(url, headers, options), do: request(:get, url, "", headers, options)
+  def get(url, headers, options), do: request(:get, url, nil, headers, options)
 
   @spec head(Request.url(), Request.headers(), keyword()) :: {:ok, Env.t()} | {:error, any()}
-  def head(url, headers \\ [], options \\ []), do: request(:head, url, "", headers, options)
+  def head(url, headers \\ [], options \\ []), do: request(:head, url, nil, headers, options)
 
   @doc """
   Performs POST request.
@@ -62,6 +62,13 @@ defmodule Pleroma.HTTP do
     uri = URI.parse(url)
     adapter_opts = AdapterHelper.options(uri, options || [])
 
+    adapter_opts =
+      if uri.scheme == :https do
+        AdapterHelper.maybe_add_cacerts(adapter_opts, :public_key.cacerts_get())
+      else
+        adapter_opts
+      end
+
     options = put_in(options[:adapter], adapter_opts)
     params = options[:params] || []
     request = build_request(method, headers, options, url, body, params)

lib/pleroma/http/adapter_helper.ex

@@ -47,6 +47,17 @@ defmodule Pleroma.HTTP.AdapterHelper do
     |> put_in([:pools, :default, :conn_opts, :proxy], proxy)
   end
 
+  def maybe_add_cacerts(opts, nil), do: opts
+
+  def maybe_add_cacerts(opts, cacerts) do
+    opts
+    |> maybe_add_pools()
+    |> maybe_add_default_pool()
+    |> maybe_add_conn_opts()
+    |> maybe_add_transport_opts()
+    |> put_in([:pools, :default, :conn_opts, :transport_opts, :cacerts], cacerts)
+  end
+
   def add_pool_size(opts, pool_size) do
     opts
     |> maybe_add_pools()
@@ -82,6 +93,16 @@ defmodule Pleroma.HTTP.AdapterHelper do
     end
   end
 
+  defp maybe_add_transport_opts(opts) do
+    transport_opts = get_in(opts, [:pools, :default, :conn_opts, :transport_opts])
+
+    unless is_nil(transport_opts) do
+      opts
+    else
+      put_in(opts, [:pools, :default, :conn_opts, :transport_opts], [])
+    end
+  end
+
   @doc """
   Merge default connection & adapter options with received ones.
   """
@@ -110,7 +131,7 @@ defmodule Pleroma.HTTP.AdapterHelper do
       {:ok, type, uri.host, uri.port}
     else
       e ->
-        Logger.warn("Parsing proxy failed #{inspect(proxy)}, #{inspect(e)}")
+        Logger.warning("Parsing proxy failed #{inspect(proxy)}, #{inspect(e)}")
         {:error, :invalid_proxy}
     end
   end
@@ -120,7 +141,7 @@ defmodule Pleroma.HTTP.AdapterHelper do
       {:ok, type, host, port}
     else
       _ ->
-        Logger.warn("Parsing proxy failed #{inspect(proxy)}")
+        Logger.warning("Parsing proxy failed #{inspect(proxy)}")
         {:error, :invalid_proxy}
     end
   end

lib/pleroma/job_queue_monitor.ex

@@ -15,8 +15,19 @@ defmodule Pleroma.JobQueueMonitor do
 
   @impl true
   def init(state) do
-    :telemetry.attach("oban-monitor-failure", [:oban, :job, :exception], &handle_event/4, nil)
-    :telemetry.attach("oban-monitor-success", [:oban, :job, :stop], &handle_event/4, nil)
+    :telemetry.attach(
+      "oban-monitor-failure",
+      [:oban, :job, :exception],
+      &Pleroma.JobQueueMonitor.handle_event/4,
+      nil
+    )
+
+    :telemetry.attach(
+      "oban-monitor-success",
+      [:oban, :job, :stop],
+      &Pleroma.JobQueueMonitor.handle_event/4,
+      nil
+    )
 
     {:ok, state}
   end

lib/pleroma/maintenance.ex

@@ -20,7 +20,7 @@ defmodule Pleroma.Maintenance do
       "full" ->
         Logger.info("Running VACUUM FULL.")
 
-        Logger.warn(
+        Logger.warning(
           "Re-packing your entire database may take a while and will consume extra disk space during the process."
         )
 

lib/pleroma/migrators/support/base_migrator.ex

@@ -73,7 +73,7 @@ defmodule Pleroma.Migrators.Support.BaseMigrator do
           data_migration.state == :manual or data_migration.name in manual_migrations ->
             message = "Data migration is in manual execution or manual fix mode."
             update_status(:manual, message)
-            Logger.warn("#{__MODULE__}: #{message}")
+            Logger.warning("#{__MODULE__}: #{message}")
 
           data_migration.state == :complete ->
             on_complete(data_migration)
@@ -109,7 +109,7 @@ defmodule Pleroma.Migrators.Support.BaseMigrator do
             Putting data migration to manual fix mode. Try running `#{__MODULE__}.retry_failed/0`.
             """
 
-            Logger.warn("#{__MODULE__}: #{message}")
+            Logger.warning("#{__MODULE__}: #{message}")
             update_status(:manual, message)
             on_complete(data_migration())
 
@@ -125,7 +125,7 @@ defmodule Pleroma.Migrators.Support.BaseMigrator do
 
       defp on_complete(data_migration) do
         if data_migration.feature_lock || feature_state() == :disabled do
-          Logger.warn(
+          Logger.warning(
             "#{__MODULE__}: migration complete but feature is locked; consider enabling."
           )
 

lib/pleroma/notification.ex

@@ -195,6 +195,7 @@ defmodule Pleroma.Notification do
         from([_n, a, o] in query,
           where:
             fragment("not(?->>'content' ~* ?)", o.data, ^regex) or
+              fragment("?->>'content' is null", o.data) or
               fragment("?->>'actor' = ?", o.data, ^user.ap_id)
         )
     end
@@ -695,7 +696,7 @@ defmodule Pleroma.Notification do
     cond do
       opts[:type] == "poll" -> false
       user.ap_id == actor -> false
-      !User.following?(follower, user) -> true
+      !User.following?(user, follower) -> true
       true -> false
     end
   end

lib/pleroma/object/fetcher.ex

@@ -117,6 +117,8 @@ defmodule Pleroma.Object.Fetcher do
   # Note: will create a Create activity, which we need internally at the moment.
   def fetch_object_from_id(id, options \\ []) do
     with %URI{} = uri <- URI.parse(id),
+         # let's check the URI is even vaguely valid first
+         {:scheme, true} <- {:scheme, uri.scheme == "http" or uri.scheme == "https"},
          # If we have instance restrictions, apply them here to prevent fetching from unwanted instances
          {:ok, nil} <- Pleroma.Web.ActivityPub.MRF.SimplePolicy.check_reject(uri),
          {:ok, _} <- Pleroma.Web.ActivityPub.MRF.SimplePolicy.check_accept(uri),
@@ -135,6 +137,9 @@ defmodule Pleroma.Object.Fetcher do
       {:allowed_depth, false} ->
         {:error, "Max thread distance exceeded."}
 
+      {:scheme, false} ->
+        {:error, "URI Scheme Invalid"}
+
       {:containment, _} ->
         {:error, "Object containment failed."}
 

lib/pleroma/object/updater.ex

@@ -129,7 +129,10 @@ defmodule Pleroma.Object.Updater do
     else
       %{updated_object: updated_data} =
         updated_data
-        |> maybe_update_history(original_data, updated: updated, use_history_in_new_object?: false)
+        |> maybe_update_history(original_data,
+          updated: updated,
+          use_history_in_new_object?: false
+        )
 
       updated_data
       |> Map.put("updated", date)

lib/pleroma/reverse_proxy.ex

@@ -61,11 +61,14 @@ defmodule Pleroma.ReverseProxy do
 
   """
   @inline_content_types [
+    "image/avif",
     "image/gif",
     "image/jpeg",
     "image/jpg",
+    "image/jxl",
     "image/png",
     "image/svg+xml",
+    "image/webp",
     "audio/mpeg",
     "audio/mp3",
     "video/webm",

lib/pleroma/signature.ex

@@ -76,6 +76,6 @@ defmodule Pleroma.Signature do
   def signed_date, do: signed_date(NaiveDateTime.utc_now())
 
   def signed_date(%NaiveDateTime{} = date) do
-    Timex.format!(date, "{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT")
+    Timex.lformat!(date, "{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT", "en")
   end
 end

lib/pleroma/upload.ex

@@ -63,6 +63,9 @@ defmodule Pleroma.Upload do
           blurhash: String.t(),
           path: String.t()
         }
+
+  @always_enabled_filters [Pleroma.Upload.Filter.AnonymizeFilename]
+
   defstruct [:id, :name, :tempfile, :content_type, :width, :height, :blurhash, :path]
 
   @spec store(source, options :: [option()]) :: {:ok, Map.t()} | {:error, any()}
@@ -132,7 +135,11 @@ defmodule Pleroma.Upload do
       activity_type: Keyword.get(opts, :activity_type, activity_type),
       size_limit: Keyword.get(opts, :size_limit, size_limit),
       uploader: Keyword.get(opts, :uploader, Pleroma.Config.get([__MODULE__, :uploader])),
-      filters: Keyword.get(opts, :filters, Pleroma.Config.get([__MODULE__, :filters])),
+      filters:
+        Enum.uniq(
+          Keyword.get(opts, :filters, Pleroma.Config.get([__MODULE__, :filters])) ++
+            @always_enabled_filters
+        ),
       description: Keyword.get(opts, :description),
       base_url: base_url()
     }

lib/pleroma/upload/filter.ex

@@ -38,9 +38,9 @@ defmodule Pleroma.Upload.Filter do
       {:ok, :noop} ->
         filter(rest, upload)
 
-      error ->
-        Logger.error("#{__MODULE__}: Filter #{filter} failed: #{inspect(error)}")
-        error
+      {:error, e} ->
+        Logger.error("#{__MODULE__}: Filter #{filter} failed: #{inspect(e)}")
+        {:error, e}
     end
   end
 end

lib/pleroma/upload/filter/analyze_metadata.ex

@@ -28,7 +28,7 @@ defmodule Pleroma.Upload.Filter.AnalyzeMetadata do
       {:ok, :filtered, upload}
     rescue
       e in ErlangError ->
-        Logger.warn("#{__MODULE__}: #{inspect(e)}")
+        Logger.warning("#{__MODULE__}: #{inspect(e)}")
         {:ok, :noop}
     end
   end
@@ -45,7 +45,7 @@ defmodule Pleroma.Upload.Filter.AnalyzeMetadata do
       {:ok, :filtered, upload}
     rescue
       e in ErlangError ->
-        Logger.warn("#{__MODULE__}: #{inspect(e)}")
+        Logger.warning("#{__MODULE__}: #{inspect(e)}")
         {:ok, :noop}
     end
   end

lib/pleroma/upload/filter/only_media.ex

@@ -0,0 +1,20 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Upload.Filter.OnlyMedia do
+  @behaviour Pleroma.Upload.Filter
+  alias Pleroma.Upload
+
+  def filter(%Upload{content_type: content_type}) do
+    [type, _subtype] = String.split(content_type, "/")
+
+    if type in ["image", "video", "audio"] do
+      {:ok, :noop}
+    else
+      {:error, "Disallowed content-type: #{content_type}"}
+    end
+  end
+
+  def filter(_), do: {:ok, :noop}
+end

lib/pleroma/user.ex

@@ -44,6 +44,8 @@ defmodule Pleroma.User do
   alias Pleroma.Web.RelMe
   alias Pleroma.Workers.BackgroundWorker
 
+  use Pleroma.Web, :verified_routes
+
   require Logger
 
   @type t :: %__MODULE__{}
@@ -158,6 +160,7 @@ defmodule Pleroma.User do
     field(:last_status_at, :naive_datetime)
     field(:language, :string)
     field(:status_ttl_days, :integer, default: nil)
+    field(:permit_followback, :boolean, default: false)
 
     field(:accepts_direct_messages_from, Ecto.Enum,
       values: [:everybody, :people_i_follow, :nobody],
@@ -379,6 +382,10 @@ defmodule Pleroma.User do
     do_optional_url(user.banner, "#{Endpoint.url()}/images/banner.png", options)
   end
 
+  def background_url(user) do
+    do_optional_url(user.background, nil, no_default: true)
+  end
+
   defp do_optional_url(field, default, options) do
     case field do
       %{"url" => [%{"href" => href} | _]} when is_binary(href) ->
@@ -463,6 +470,7 @@ defmodule Pleroma.User do
         :avatar,
         :ap_enabled,
         :banner,
+        :background,
         :is_locked,
         :last_refreshed_at,
         :uri,
@@ -542,6 +550,7 @@ defmodule Pleroma.User do
         :actor_type,
         :disclose_client,
         :status_ttl_days,
+        :permit_followback,
         :accepts_direct_messages_from
       ]
     )
@@ -876,7 +885,7 @@ defmodule Pleroma.User do
     end
   end
 
-  defp send_user_approval_email(user) do
+  defp send_user_approval_email(%User{email: email} = user) when is_binary(email) do
     user
     |> Pleroma.Emails.UserEmail.approval_pending_email()
     |> Pleroma.Emails.Mailer.deliver_async()
@@ -884,6 +893,10 @@ defmodule Pleroma.User do
     {:ok, :enqueued}
   end
 
+  defp send_user_approval_email(_user) do
+    {:ok, :skipped}
+  end
+
   defp send_admin_approval_emails(user) do
     all_superusers()
     |> Enum.filter(fn user -> not is_nil(user.email) end)
@@ -966,16 +979,21 @@ defmodule Pleroma.User do
 
   def needs_update?(_), do: true
 
+  # "Locked" (self-locked) users demand explicit authorization of follow requests
+  @spec can_direct_follow_local(User.t(), User.t()) :: true | false
+  def can_direct_follow_local(%User{} = follower, %User{local: true} = followed) do
+    !followed.is_locked || (followed.permit_followback and is_friend_of(follower, followed))
+  end
+
   @spec maybe_direct_follow(User.t(), User.t()) ::
           {:ok, User.t(), User.t()} | {:error, String.t()}
 
-  # "Locked" (self-locked) users demand explicit authorization of follow requests
-  def maybe_direct_follow(%User{} = follower, %User{local: true, is_locked: true} = followed) do
-    follow(follower, followed, :follow_pending)
-  end
-
   def maybe_direct_follow(%User{} = follower, %User{local: true} = followed) do
-    follow(follower, followed)
+    if can_direct_follow_local(follower, followed) do
+      follow(follower, followed)
+    else
+      follow(follower, followed, :follow_pending)
+    end
   end
 
   def maybe_direct_follow(%User{} = follower, %User{} = followed) do
@@ -1325,6 +1343,13 @@ defmodule Pleroma.User do
     |> Repo.all()
   end
 
+  def is_friend_of(%User{} = potential_friend, %User{local: true} = user) do
+    user
+    |> get_friends_query()
+    |> where(id: ^potential_friend.id)
+    |> Repo.exists?()
+  end
+
   def increase_note_count(%User{} = user) do
     User
     |> where(id: ^user.id)
@@ -1489,7 +1514,7 @@ defmodule Pleroma.User do
       unmute(muter, mutee)
     else
       {who, result} = error ->
-        Logger.warn(
+        Logger.warning(
           "User.unmute/2 failed. #{who}: #{result}, muter_id: #{muter_id}, mutee_id: #{mutee_id}"
         )
 
@@ -1599,9 +1624,13 @@ defmodule Pleroma.User do
   def blocks_user?(_, _), do: false
 
   def blocks_domain?(%User{} = user, %User{} = target) do
-    domain_blocks = Pleroma.Web.ActivityPub.MRF.subdomains_regex(user.domain_blocks)
     %{host: host} = URI.parse(target.ap_id)
-    Pleroma.Web.ActivityPub.MRF.subdomain_match?(domain_blocks, host)
+    Enum.member?(user.domain_blocks, host)
+    # TODO: functionality should probably be changed such that subdomains block as well,
+    # but as it stands, this just hecks up the relationships endpoint
+    # domain_blocks = Pleroma.Web.ActivityPub.MRF.subdomains_regex(user.domain_blocks)
+    # %{host: host} = URI.parse(target.ap_id)
+    # Pleroma.Web.ActivityPub.MRF.subdomain_match?(domain_blocks, host)
   end
 
   def blocks_domain?(_, _), do: false
@@ -2006,7 +2035,6 @@ defmodule Pleroma.User do
     %User{
       invisible: true,
       local: true,
-      actor_type: "Application",
       ap_id: uri,
       nickname: nickname,
       follower_address: uri <> "/followers"
@@ -2444,12 +2472,7 @@ defmodule Pleroma.User do
           end
 
         if is_url(raw_value) do
-          frontend_url =
-            Pleroma.Web.Router.Helpers.redirect_url(
-              Pleroma.Web.Endpoint,
-              :redirector_with_meta,
-              nickname
-            )
+          frontend_url = url(~p[/#{nickname}])
 
           possible_urls = [ap_id, frontend_url]
 

lib/pleroma/user/backup.ex

@@ -119,7 +119,7 @@ defmodule Pleroma.User.Backup do
     end
   end
 
-  @files ['actor.json', 'outbox.json', 'likes.json', 'bookmarks.json']
+  @files [~c"actor.json", ~c"outbox.json", ~c"likes.json", ~c"bookmarks.json"]
   def export(%__MODULE__{} = backup) do
     backup = Repo.preload(backup, :user)
     name = String.trim_trailing(backup.file_name, ".zip")

lib/pleroma/web.ex

@@ -27,6 +27,7 @@ defmodule Pleroma.Web do
   alias Pleroma.Web.Plugs.ExpectPublicOrAuthenticatedCheckPlug
   alias Pleroma.Web.Plugs.OAuthScopesPlug
   alias Pleroma.Web.Plugs.PlugHelper
+  require Pleroma.Constants
 
   def controller do
     quote do
@@ -37,7 +38,7 @@ defmodule Pleroma.Web do
       import Pleroma.Web.Gettext
       import Pleroma.Web.TranslationHelpers
 
-      alias Pleroma.Web.Router.Helpers, as: Routes
+      unquote(verified_routes())
 
       plug(:set_put_layout)
 
@@ -184,7 +185,10 @@ defmodule Pleroma.Web do
 
       # Import convenience functions from controllers
       import Phoenix.Controller,
-        only: [get_flash: 1, get_flash: 2, view_module: 1, view_template: 1]
+        only: [view_module: 1, view_template: 1]
+
+      import Phoenix.Flash
+      alias Phoenix.Flash
 
       # Include shared imports and aliases for views
       unquote(view_helpers())
@@ -218,7 +222,7 @@ defmodule Pleroma.Web do
 
   def router do
     quote do
-      use Phoenix.Router
+      use Phoenix.Router, helpers: false
 
       import Plug.Conn
       import Phoenix.Controller
@@ -246,7 +250,24 @@ defmodule Pleroma.Web do
 
       import Pleroma.Web.ErrorHelpers
       import Pleroma.Web.Gettext
-      alias Pleroma.Web.Router.Helpers, as: Routes
+      unquote(verified_routes())
+    end
+  end
+
+  def static_paths, do: Pleroma.Constants.static_only_files()
+
+  def verified_routes do
+    quote do
+      use Phoenix.VerifiedRoutes,
+        endpoint: Pleroma.Web.Endpoint,
+        router: Pleroma.Web.Router,
+        statics: Pleroma.Web.static_paths()
+    end
+  end
+
+  def mailer do
+    quote do
+      unquote(verified_routes())
     end
   end
 

lib/pleroma/web/activity_pub/activity_pub.ex

@@ -1603,6 +1603,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
       uri: get_actor_url(data["url"]),
       ap_enabled: true,
       banner: normalize_image(data["image"]),
+      background: normalize_image(data["backgroundUrl"]),
       fields: fields,
       emoji: emojis,
       is_locked: is_locked,
@@ -1792,6 +1793,11 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
     end)
   end
 
+  def pin_data_from_featured_collection(obj) do
+    Logger.error("Could not parse featured collection #{inspect(obj)}")
+    %{}
+  end
+
   def fetch_and_prepare_featured_from_ap_id(nil) do
     {:ok, %{}}
   end

lib/pleroma/web/activity_pub/activity_pub_controller.ex

@@ -454,7 +454,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
         |> json(message)
 
       e ->
-        Logger.warn(fn -> "AP C2S: #{inspect(e)}" end)
+        Logger.warning(fn -> "AP C2S: #{inspect(e)}" end)
 
         conn
         |> put_status(:bad_request)

lib/pleroma/web/activity_pub/builder.ex

@@ -18,6 +18,8 @@ defmodule Pleroma.Web.ActivityPub.Builder do
   alias Pleroma.Web.CommonAPI.ActivityDraft
   alias Pleroma.Web.Endpoint
 
+  use Pleroma.Web, :verified_routes
+
   require Pleroma.Constants
 
   def accept_or_reject(actor, activity, type) do
@@ -402,6 +404,6 @@ defmodule Pleroma.Web.ActivityPub.Builder do
   end
 
   defp pinned_url(nickname) when is_binary(nickname) do
-    Pleroma.Web.Router.Helpers.activity_pub_url(Pleroma.Web.Endpoint, :pinned, nickname)
+    url(~p[/users/#{nickname}/collections/featured])
   end
 end

lib/pleroma/web/activity_pub/mrf.ex

@@ -70,6 +70,8 @@ defmodule Pleroma.Web.ActivityPub.MRF do
   end
 
   def filter_one(policy, message) do
+    Code.ensure_loaded!(policy)
+
     should_plug_history? =
       if function_exported?(policy, :history_awareness, 0) do
         policy.history_awareness()
@@ -239,7 +241,7 @@ defmodule Pleroma.Web.ActivityPub.MRF do
         if Enum.all?(@required_description_keys, &Map.has_key?(description, &1)) do
           [description | acc]
         else
-          Logger.warn(
+          Logger.warning(
             "#{policy} config description doesn't have one or all required keys #{inspect(@required_description_keys)}"
           )
 

lib/pleroma/web/activity_pub/mrf/simple_policy.ex

@@ -178,6 +178,23 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
 
   defp check_banner_removal(_actor_info, object), do: {:ok, object}
 
+  defp check_background_removal(
+         %{host: actor_host} = _actor_info,
+         %{"backgroundUrl" => _bg} = object
+       ) do
+    background_removal =
+      instance_list(:background_removal)
+      |> MRF.subdomains_regex()
+
+    if MRF.subdomain_match?(background_removal, actor_host) do
+      {:ok, Map.delete(object, "backgroundUrl")}
+    else
+      {:ok, object}
+    end
+  end
+
+  defp check_background_removal(_actor_info, object), do: {:ok, object}
+
   defp extract_context_uri(%{"conversation" => "tag:" <> rest}) do
     rest
     |> String.split(",", parts: 2, trim: true)
@@ -283,7 +300,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
     with {:ok, _} <- check_accept(actor_info),
          {:ok, _} <- check_reject(actor_info),
          {:ok, object} <- check_avatar_removal(actor_info, object),
-         {:ok, object} <- check_banner_removal(actor_info, object) do
+         {:ok, object} <- check_banner_removal(actor_info, object),
+         {:ok, object} <- check_background_removal(actor_info, object) do
       {:ok, object}
     else
       {:reject, nil} -> {:reject, "[SimplePolicy]"}
@@ -314,6 +332,20 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
   def filter(object), do: {:ok, object}
 
   defp obfuscate(string) when is_binary(string) do
+    # Want to strip at least two neighbouring chars
+    # to ensure at least one non-dot char is in the obfuscation area
+    stripped = String.length(string) - 6
+
+    {keepstart, keepend} =
+      if stripped > 1 do
+        {3, 3}
+      else
+        {
+          2 - div(1 - stripped, 2),
+          2 + div(stripped, 2)
+        }
+      end
+
     string
     |> to_charlist()
     |> Enum.with_index()
@@ -322,7 +354,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
         ?.
 
       {char, index} ->
-        if 3 <= index && index < String.length(string) - 3, do: ?*, else: char
+        if keepstart <= index && index < String.length(string) - keepend, do: ?*, else: char
     end)
     |> to_string()
   end
@@ -433,6 +465,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
              key: :banner_removal,
              description: "List of instances to strip banners from and the reason for doing so"
            },
+           %{
+             key: :background_removal,
+             description:
+               "List of instances to strip user backgrounds from and the reason for doing so"
+           },
            %{
              key: :reject_deletes,
              description: "List of instances to reject deletions from and the reason for doing so"

lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex

@@ -41,7 +41,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
             shortcode
 
           e ->
-            Logger.warn("MRF.StealEmojiPolicy: Failed to write to #{file_path}: #{inspect(e)}")
+            Logger.warning("MRF.StealEmojiPolicy: Failed to write to #{file_path}: #{inspect(e)}")
             nil
         end
       else
@@ -53,7 +53,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
       end
     else
       e ->
-        Logger.warn("MRF.StealEmojiPolicy: Failed to fetch #{url}: #{inspect(e)}")
+        Logger.warning("MRF.StealEmojiPolicy: Failed to fetch #{url}: #{inspect(e)}")
         nil
     end
   end

lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex

@@ -14,6 +14,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator do
   import Ecto.Changeset
 
   require Logger
+  require Pleroma.Web.ActivityPub.Transmogrifier
 
   @primary_key false
   @derive Jason.Encoder

lib/pleroma/web/activity_pub/object_validators/common_fixes.ex

@@ -22,7 +22,10 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes do
   end
 
   def fix_object_defaults(data) do
-    context = Utils.maybe_create_context(data["context"] || data["conversation"])
+    context =
+      Utils.maybe_create_context(
+        data["context"] || data["conversation"] || data["inReplyTo"] || data["id"]
+      )
 
     %User{follower_address: follower_collection} = User.get_cached_by_ap_id(data["attributedTo"])
 

lib/pleroma/web/activity_pub/publisher.ex

@@ -115,13 +115,18 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
   def should_federate?(url) do
     %{host: host} = URI.parse(url)
 
-    with allowed <- allowed_instances(),
+    with {nil, false} <- {nil, is_nil(host)},
+         allowed <- allowed_instances(),
          false <- Enum.empty?(allowed) do
       allowed
       |> Pleroma.Web.ActivityPub.MRF.instance_list_from_tuples()
       |> Pleroma.Web.ActivityPub.MRF.subdomains_regex()
       |> Pleroma.Web.ActivityPub.MRF.subdomain_match?(host)
     else
+      # oi!
+      {nil, true} ->
+        false
+
       _ ->
         quarantined_instances =
           blocked_instances()

lib/pleroma/web/activity_pub/side_effects.ex

@@ -109,7 +109,7 @@ defmodule Pleroma.Web.ActivityPub.SideEffects do
          %User{} = followed <- User.get_cached_by_ap_id(followed_user),
          {_, {:ok, _, _}, _, _} <-
            {:following, User.follow(follower, followed, :follow_pending), follower, followed} do
-      if followed.local && !followed.is_locked do
+      if followed.local && User.can_direct_follow_local(follower, followed) do
         {:ok, accept_data, _} = Builder.accept(followed, object)
         {:ok, _activity, _} = Pipeline.common_pipeline(accept_data, local: true)
       end

lib/pleroma/web/activity_pub/transmogrifier.ex

@@ -136,7 +136,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
         |> Map.drop(["conversation", "inReplyToAtomUri"])
       else
         e ->
-          Logger.warn("Couldn't fetch reply@#{inspect(in_reply_to_id)}, error: #{inspect(e)}")
+          Logger.warning("Couldn't fetch reply@#{inspect(in_reply_to_id)}, error: #{inspect(e)}")
           object
       end
     else
@@ -159,7 +159,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
         |> Map.put("quoteUri", quoted_object.data["id"])
       else
         e ->
-          Logger.warn("Couldn't fetch quote@#{inspect(quote_url)}, error: #{inspect(e)}")
+          Logger.warning("Couldn't fetch quote@#{inspect(quote_url)}, error: #{inspect(e)}")
           object
       end
     else
@@ -920,8 +920,13 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
 
   def prepare_attachments(object) do
     attachments =
-      object
-      |> Map.get("attachment", [])
+      case Map.get(object, "attachment", []) do
+        [_ | _] = list -> list
+        _ -> []
+      end
+
+    attachments =
+      attachments
       |> Enum.map(fn data ->
         [%{"mediaType" => media_type, "href" => href} = url | _] = data["url"]
 

lib/pleroma/web/activity_pub/utils.ex

@@ -16,10 +16,11 @@ defmodule Pleroma.Web.ActivityPub.Utils do
   alias Pleroma.Web.ActivityPub.Visibility
   alias Pleroma.Web.AdminAPI.AccountView
   alias Pleroma.Web.Endpoint
-  alias Pleroma.Web.Router.Helpers
 
   import Ecto.Query
 
+  use Pleroma.Web, :verified_routes
+
   require Logger
   require Pleroma.Constants
 
@@ -124,19 +125,15 @@ defmodule Pleroma.Web.ActivityPub.Utils do
   end
 
   def generate_activity_id do
-    generate_id("activities")
+    url(~p[/activities/#{UUID.generate()}])
   end
 
   def generate_context_id do
-    generate_id("contexts")
+    url(~p[/contexts/#{UUID.generate()}])
   end
 
   def generate_object_id do
-    Helpers.o_status_url(Endpoint, :object, UUID.generate())
-  end
-
-  def generate_id(type) do
-    "#{Endpoint.url()}/#{type}/#{UUID.generate()}"
+    url(~p[/objects/#{UUID.generate()}])
   end
 
   def get_notified_from_object(%{"type" => type} = object) when type in @supported_object_types do
@@ -154,7 +151,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do
     Notification.get_notified_from_activity(%Activity{data: object}, false)
   end
 
-  def maybe_create_context(context), do: context || generate_id("contexts")
+  def maybe_create_context(context), do: context || generate_context_id()
 
   @doc """
   Enqueues an activity for federation if it's local

lib/pleroma/web/activity_pub/views/user_view.ex

@@ -12,22 +12,22 @@ defmodule Pleroma.Web.ActivityPub.UserView do
   alias Pleroma.Web.ActivityPub.ObjectView
   alias Pleroma.Web.ActivityPub.Transmogrifier
   alias Pleroma.Web.ActivityPub.Utils
-  alias Pleroma.Web.Endpoint
-  alias Pleroma.Web.Router.Helpers
+
+  require Pleroma.Web.ActivityPub.Transmogrifier
 
   import Ecto.Query
 
   def render("endpoints.json", %{user: %User{nickname: nil, local: true} = _user}) do
-    %{"sharedInbox" => Helpers.activity_pub_url(Endpoint, :inbox)}
+    %{"sharedInbox" => url(~p"/inbox")}
   end
 
   def render("endpoints.json", %{user: %User{local: true} = _user}) do
     %{
-      "oauthAuthorizationEndpoint" => Helpers.o_auth_url(Endpoint, :authorize),
-      "oauthRegistrationEndpoint" => Helpers.app_url(Endpoint, :create),
-      "oauthTokenEndpoint" => Helpers.o_auth_url(Endpoint, :token_exchange),
-      "sharedInbox" => Helpers.activity_pub_url(Endpoint, :inbox),
-      "uploadMedia" => Helpers.activity_pub_url(Endpoint, :upload_media)
+      "oauthAuthorizationEndpoint" => url(~p"/oauth/authorize"),
+      "oauthRegistrationEndpoint" => url(~p"/api/v1/apps"),
+      "oauthTokenEndpoint" => url(~p"/oauth/token"),
+      "sharedInbox" => url(~p"/inbox"),
+      "uploadMedia" => url(~p"/api/ap/upload_media")
     }
   end
 
@@ -46,6 +46,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do
       "following" => "#{user.ap_id}/following",
       "followers" => "#{user.ap_id}/followers",
       "inbox" => "#{user.ap_id}/inbox",
+      "outbox" => "#{user.ap_id}/outbox",
       "name" => "Pleroma",
       "summary" =>
         "An internal service actor for this Pleroma instance.  No user-serviceable parts inside.",
@@ -111,6 +112,8 @@ defmodule Pleroma.Web.ActivityPub.UserView do
     }
     |> Map.merge(maybe_make_image(&User.avatar_url/2, "icon", user))
     |> Map.merge(maybe_make_image(&User.banner_url/2, "image", user))
+    # Yes, the key is named ...Url eventhough it is a whole 'Image' object
+    |> Map.merge(maybe_insert_image("backgroundUrl", User.background_url(user)))
     |> Map.merge(Utils.make_json_ld_header())
   end
 
@@ -286,7 +289,12 @@ defmodule Pleroma.Web.ActivityPub.UserView do
   end
 
   defp maybe_make_image(func, key, user) do
-    if image = func.(user, no_default: true) do
+    image = func.(user, no_default: true)
+    maybe_insert_image(key, image)
+  end
+
+  defp maybe_insert_image(key, image) do
+    if image do
       %{
         key => %{
           "type" => "Image",

lib/pleroma/web/admin_api/controllers/admin_api_controller.ex

@@ -17,9 +17,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   alias Pleroma.Web.AdminAPI
   alias Pleroma.Web.AdminAPI.AccountView
   alias Pleroma.Web.AdminAPI.ModerationLogView
-  alias Pleroma.Web.Endpoint
   alias Pleroma.Web.Plugs.OAuthScopesPlug
-  alias Pleroma.Web.Router
 
   @users_page_size 50
 
@@ -256,7 +254,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
     conn
     |> json(%{
       token: token.token,
-      link: Router.Helpers.reset_password_url(Endpoint, :reset, token.token)
+      link: url(~p[/api/v1/pleroma/password_reset/#{token.token}])
     })
   end
 

lib/pleroma/web/api_spec/operations/account_operation.ex

@@ -410,7 +410,7 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
       operationId: "AccountController.blocks",
       description: "View your blocks. See also accounts/:id/{block,unblock}",
       security: [%{"oAuth" => ["read:blocks"]}],
-      parameters: pagination_params(),
+      parameters: [with_relationships_param() | pagination_params()],
       responses: %{
         200 => Operation.response("Accounts", "application/json", array_of_accounts())
       }
@@ -451,6 +451,20 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
     }
   end
 
+  def preferences_operation do
+    %Operation{
+      tags: ["Account Preferences"],
+      description: "Preferences defined by the user in their account settings.",
+      summary: "Preferred common behaviors to be shared across clients.",
+      operationId: "AccountController.preferences",
+      security: [%{"oAuth" => ["read:accounts"]}],
+      responses: %{
+        200 => Operation.response("Preferences", "application/json", Account),
+        401 => Operation.response("Error", "application/json", ApiError)
+      }
+    }
+  end
+
   def identity_proofs_operation do
     %Operation{
       tags: ["Retrieve account information"],
@@ -709,6 +723,12 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
           description:
             "Number of days after which statuses will be deleted. Set to -1 to disable."
         },
+        permit_followback: %Schema{
+          allOf: [BooleanLike],
+          nullable: true,
+          description:
+            "Whether follow requests from accounts the user is already following are auto-approved (when locked)."
+        },
         accepts_direct_messages_from: %Schema{
           type: :string,
           enum: [
@@ -740,6 +760,7 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
         discoverable: false,
         actor_type: "Person",
         status_ttl_days: 30,
+        permit_followback: true,
         accepts_direct_messages_from: "everybody"
       }
     }

lib/pleroma/web/api_spec/operations/admin/status_operation.ex

@@ -143,7 +143,7 @@ defmodule Pleroma.Web.ApiSpec.Admin.StatusOperation do
           }
         },
         tags: %Schema{type: :string},
-        is_confirmed: %Schema{type: :string}
+        is_confirmed: %Schema{type: :boolean}
       }
     }
   end

lib/pleroma/web/api_spec/operations/frontend_settings_operation.ex

@@ -111,9 +111,9 @@ defmodule Pleroma.Web.ApiSpec.FrontendSettingsOperation do
   def update_preferred_frontend_operation() do
     %Operation{
       tags: ["Frontends"],
-      summary: "Frontend Settings Profiles",
-      description: "List frontend setting profiles",
-      operationId: "AkkomaAPI.FrontendSettingsController.available_frontends",
+      summary: "Update preferred frontend setting",
+      description: "Store preferred frontend in cookies",
+      operationId: "AkkomaAPI.FrontendSettingsController.update_preferred_frontend",
       requestBody:
         request_body(
           "Frontend",
@@ -132,9 +132,11 @@ defmodule Pleroma.Web.ApiSpec.FrontendSettingsOperation do
       responses: %{
         200 =>
           Operation.response("Frontends", "application/json", %Schema{
-            type: :array,
-            items: %Schema{
-              type: :string
+            type: :object,
+            properties: %{
+              frontend_name: %Schema{
+                type: :string
+              }
             }
           })
       }

lib/pleroma/web/api_spec/operations/instance_operation.ex

@@ -137,7 +137,7 @@ defmodule Pleroma.Web.ApiSpec.InstanceOperation do
         "background_upload_limit" => 4_000_000,
         "background_image" => "/static/image.png",
         "banner_upload_limit" => 4_000_000,
-        "description" => "Pleroma: An efficient and flexible fediverse server",
+        "description" => "Akkoma: The cooler fediverse server",
         "email" => "lain@lain.com",
         "languages" => ["en"],
         "max_toot_chars" => 5000,
@@ -160,7 +160,7 @@ defmodule Pleroma.Web.ApiSpec.InstanceOperation do
         "urls" => %{
           "streaming_api" => "wss://lain.com"
         },
-        "version" => "2.7.2 (compatible; Pleroma 2.0.50-536-g25eec6d7-develop)"
+        "version" => "2.7.2 (compatible; Akkoma 3.9.3-232-g6fde75e1-develop)"
       }
     }
   end

lib/pleroma/web/api_spec/schemas/account.ex

@@ -112,7 +112,18 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Account do
       akkoma: %Schema{
         type: :object,
         properties: %{
-          note_ttl_days: %Schema{type: :integer}
+          instance: %Schema{
+            type: :object,
+            nullable: true,
+            properties: %{
+              name: %Schema{type: :string},
+              favicon: %Schema{type: :string, format: :uri, nullable: true},
+              # XXX: proper nodeinfo schema
+              nodeinfo: %Schema{type: :object, nullable: true}
+            }
+          },
+          status_ttl_days: %Schema{type: :integer, nullable: true},
+          permit_followback: %Schema{type: :boolean}
         }
       },
       source: %Schema{
@@ -205,6 +216,18 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Account do
           "pleroma-fe" => %{}
         }
       },
+      "akkoma" => %{
+        "instance" => %{
+          "name" => "ihatebeinga.live",
+          "favicon" => "https://ihatebeinga.live/favicon.png",
+          "nodeinfo" =>
+            %{
+              # XXX: nodeinfo schema
+            }
+        },
+        "status_ttl_days" => nil,
+        "permit_followback" => true
+      },
       "source" => %{
         "fields" => [],
         "note" => "foobar",

lib/pleroma/web/api_spec/schemas/status.ex

@@ -232,7 +232,7 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Status do
           source: %Schema{
             nullable: true,
             oneOf: [
-              %Schema{type: :string, example: 'plaintext content'},
+              %Schema{type: :string, example: ~c"plaintext content"},
               %Schema{
                 type: :object,
                 properties: %{

lib/pleroma/web/auth/ldap_authenticator.ex

@@ -110,7 +110,7 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do
         }
 
         params =
-          case List.keyfind(attributes, 'mail', 0) do
+          case List.keyfind(attributes, ~c"mail", 0) do
             {_, [mail]} -> Map.put_new(params, :email, :erlang.list_to_binary(mail))
             _ -> params
           end

lib/pleroma/web/common_api.ex

@@ -88,7 +88,7 @@ defmodule Pleroma.Web.CommonAPI do
 
   def delete(activity_id, user) do
     with {_, %Activity{data: %{"object" => _, "type" => "Create"}} = activity} <-
-           {:find_activity, Activity.get_by_id(activity_id)},
+           {:find_activity, Activity.get_by_id(activity_id, filter: [])},
          {_, %Object{} = object, _} <-
            {:find_object, Object.normalize(activity, fetch: false), activity},
          true <- User.superuser?(user) || user.ap_id == object.data["actor"],
@@ -467,7 +467,7 @@ defmodule Pleroma.Web.CommonAPI do
       remove_mute(user, activity)
     else
       {what, result} = error ->
-        Logger.warn(
+        Logger.warning(
           "CommonAPI.remove_mute/2 failed. #{what}: #{result}, user_id: #{user_id}, activity_id: #{activity_id}"
         )
 

lib/pleroma/web/common_api/utils.ex

@@ -144,6 +144,8 @@ defmodule Pleroma.Web.CommonAPI.Utils do
       when is_list(options) do
     limits = Config.get([:instance, :poll_limits])
 
+    options = options |> Enum.uniq()
+
     with :ok <- validate_poll_expiration(expires_in, limits),
          :ok <- validate_poll_options_amount(options, limits),
          :ok <- validate_poll_options_length(options, limits) do
@@ -179,10 +181,15 @@ defmodule Pleroma.Web.CommonAPI.Utils do
   end
 
   defp validate_poll_options_amount(options, %{max_options: max_options}) do
-    if Enum.count(options) > max_options do
-      {:error, "Poll can't contain more than #{max_options} options"}
-    else
-      :ok
+    cond do
+      Enum.count(options) < 2 ->
+        {:error, "Poll must contain at least 2 options"}
+
+      Enum.count(options) > max_options ->
+        {:error, "Poll can't contain more than #{max_options} options"}
+
+      true ->
+        :ok
     end
   end
 
@@ -317,13 +324,13 @@ defmodule Pleroma.Web.CommonAPI.Utils do
       format_asctime(date)
     else
       _e ->
-        Logger.warn("Date #{date} in wrong format, must be ISO 8601")
+        Logger.warning("Date #{date} in wrong format, must be ISO 8601")
         ""
     end
   end
 
   def date_to_asctime(date) do
-    Logger.warn("Date #{date} in wrong format, must be ISO 8601")
+    Logger.warning("Date #{date} in wrong format, must be ISO 8601")
     ""
   end
 

lib/pleroma/web/embed_controller.ex

@@ -11,22 +11,31 @@ defmodule Pleroma.Web.EmbedController do
 
   alias Pleroma.Web.ActivityPub.Visibility
 
-  plug(:put_layout, :embed)
-
   def show(conn, %{"id" => id}) do
-    with %Activity{local: true} = activity <-
-           Activity.get_by_id_with_object(id),
-         true <- Visibility.is_public?(activity.object) do
+    with {:activity, %Activity{} = activity} <-
+           {:activity, Activity.get_by_id_with_object(id)},
+         {:local, true} <- {:local, activity.local},
+         {:visible, true} <- {:visible, Visibility.visible_for_user?(activity, nil)} do
       {:ok, author} = User.get_or_fetch(activity.object.data["actor"])
 
       conn
       |> delete_resp_header("x-frame-options")
       |> delete_resp_header("content-security-policy")
+      |> put_view(Pleroma.Web.EmbedView)
       |> render("show.html",
         activity: activity,
         author: User.sanitize_html(author),
         counts: get_counts(activity)
       )
+    else
+      {:activity, _} ->
+        render_error(conn, :not_found, "Post not found")
+
+      {:local, false} ->
+        render_error(conn, :unauthorized, "Federated posts cannot be embedded")
+
+      {:visible, false} ->
+        render_error(conn, :unauthorized, "Not authorized to view this post")
     end
   end