Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into features/validators_use_ectotypes

This commit is contained in:
lain 2020-08-18 12:38:13 +02:00
commit 548ca43bcf
118 changed files with 762 additions and 492 deletions

View file

@ -17,6 +17,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Configuration: `:media_proxy, whitelist` format changed to host with scheme (e.g. `http://example.com` instead of `example.com`). Domain format is deprecated.
- **Breaking:** Configuration: `:instance, welcome_user_nickname` moved to `:welcome, :direct_message, :sender_nickname`, `:instance, :welcome_message` moved to `:welcome, :direct_message, :message`. Old config namespace is deprecated.
- **Breaking:** LDAP: Fallback to local database authentication has been removed for security reasons and lack of a mechanism to ensure the passwords are synchronized when LDAP passwords are updated.
- **Breaking** Changed defaults for `:restrict_unauthenticated` so that when `:instance, :public` is set to `false` then all `:restrict_unauthenticated` items be effectively set to `true`. If you'd like to allow unauthenticated access to specific API endpoints on a private instance, please explicitly set `:restrict_unauthenticated` to non-default value in `config/prod.secret.exs`.
<details>
<summary>API Changes</summary>
@ -105,6 +106,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Fix edge case where MediaProxy truncates media, usually caused when Caddy is serving content for the other Federated instance.
- Emoji Packs could not be listed when instance was set to `public: false`
- Fix whole_word always returning false on filter get requests
- Migrations not working on OTP releases if the database was connected over ssl
## [Unreleased (patch)]

View file

@ -725,10 +725,12 @@
timeout: 300_000
]
private_instance? = :if_instance_is_private
config :pleroma, :restrict_unauthenticated,
timelines: %{local: false, federated: false},
profiles: %{local: false, remote: false},
activities: %{local: false, remote: false}
timelines: %{local: private_instance?, federated: private_instance?},
profiles: %{local: private_instance?, remote: private_instance?},
activities: %{local: private_instance?, remote: private_instance?}
config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false

View file

@ -1266,11 +1266,14 @@ Loads json generated from `config/descriptions.exs`.
- Params:
- *optional* `page`: **integer** page number
- *optional* `page_size`: **integer** number of log entries per page (default is `50`)
- *optional* `query`: **string** search term
- Response:
``` json
{
"page_size": integer,
"count": integer,
"urls": [
"http://example.com/media/a688346.jpg",
"http://example.com/media/fb1f4d.jpg"
@ -1290,12 +1293,7 @@ Loads json generated from `config/descriptions.exs`.
- Response:
``` json
{
"urls": [
"http://example.com/media/a688346.jpg",
"http://example.com/media/fb1f4d.jpg"
]
}
{ }
```
@ -1311,11 +1309,6 @@ Loads json generated from `config/descriptions.exs`.
- Response:
``` json
{
"urls": [
"http://example.com/media/a688346.jpg",
"http://example.com/media/fb1f4d.jpg"
]
}
{ }
```

View file

@ -11,14 +11,17 @@
config :pleroma, configurable_from_database: true
```
```sh tab="OTP"
./bin/pleroma_ctl config migrate_to_db
```
=== "OTP"
```sh tab="From Source"
mix pleroma.config migrate_to_db
```
```sh
./bin/pleroma_ctl config migrate_to_db
```
=== "From Source"
```sh
mix pleroma.config migrate_to_db
```
## Transfer config from DB to `config/env.exported_from_db.secret.exs`
@ -31,10 +34,12 @@ mix pleroma.config migrate_to_db
To delete transfered settings from database optional flag `-d` can be used. `<env>` is `prod` by default.
```sh tab="OTP"
./bin/pleroma_ctl config migrate_from_db [--env=<env>] [-d]
```
=== "OTP"
```sh
./bin/pleroma_ctl config migrate_from_db [--env=<env>] [-d]
```
```sh tab="From Source"
mix pleroma.config migrate_from_db [--env=<env>] [-d]
```
=== "From Source"
```sh
mix pleroma.config migrate_from_db [--env=<env>] [-d]
```

View file

@ -9,13 +9,18 @@
Replaces embedded objects with references to them in the `objects` table. Only needs to be ran once if the instance was created before Pleroma 1.0.5. The reason why this is not a migration is because it could significantly increase the database size after being ran, however after this `VACUUM FULL` will be able to reclaim about 20% (really depends on what is in the database, your mileage may vary) of the db size before the migration.
```sh tab="OTP"
./bin/pleroma_ctl database remove_embedded_objects [option ...]
```
=== "OTP"
```sh
./bin/pleroma_ctl database remove_embedded_objects [option ...]
```
=== "From Source"
```sh
mix pleroma.database remove_embedded_objects [option ...]
```
```sh tab="From Source"
mix pleroma.database remove_embedded_objects [option ...]
```
### Options
- `--vacuum` - run `VACUUM FULL` after the embedded objects are replaced with their references
@ -27,13 +32,17 @@ This will prune remote posts older than 90 days (configurable with [`config :ple
!!! danger
The disk space will only be reclaimed after `VACUUM FULL`. You may run out of disk space during the execution of the task or vacuuming if you don't have about 1/3rds of the database size free.
```sh tab="OTP"
./bin/pleroma_ctl database prune_objects [option ...]
```
=== "OTP"
```sh tab="From Source"
mix pleroma.database prune_objects [option ...]
```
```sh
./bin/pleroma_ctl database prune_objects [option ...]
```
=== "From Source"
```sh
mix pleroma.database prune_objects [option ...]
```
### Options
- `--vacuum` - run `VACUUM FULL` after the objects are pruned
@ -42,33 +51,45 @@ mix pleroma.database prune_objects [option ...]
Can be safely re-run
```sh tab="OTP"
./bin/pleroma_ctl database bump_all_conversations
```
=== "OTP"
```sh tab="From Source"
mix pleroma.database bump_all_conversations
```
```sh
./bin/pleroma_ctl database bump_all_conversations
```
=== "From Source"
```sh
mix pleroma.database bump_all_conversations
```
## Remove duplicated items from following and update followers count for all users
```sh tab="OTP"
./bin/pleroma_ctl database update_users_following_followers_counts
```
=== "OTP"
```sh tab="From Source"
mix pleroma.database update_users_following_followers_counts
```
```sh
./bin/pleroma_ctl database update_users_following_followers_counts
```
=== "From Source"
```sh
mix pleroma.database update_users_following_followers_counts
```
## Fix the pre-existing "likes" collections for all objects
```sh tab="OTP"
./bin/pleroma_ctl database fix_likes_collections
```
=== "OTP"
```sh tab="From Source"
mix pleroma.database fix_likes_collections
```
```sh
./bin/pleroma_ctl database fix_likes_collections
```
=== "From Source"
```sh
mix pleroma.database fix_likes_collections
```
## Vacuum the database
@ -76,13 +97,17 @@ mix pleroma.database fix_likes_collections
Running an `analyze` vacuum job can improve performance by updating statistics used by the query planner. **It is safe to cancel this.**
```sh tab="OTP"
./bin/pleroma_ctl database vacuum analyze
```
=== "OTP"
```sh tab="From Source"
mix pleroma.database vacuum analyze
```
```sh
./bin/pleroma_ctl database vacuum analyze
```
=== "From Source"
```sh
mix pleroma.database vacuum analyze
```
### Full
@ -91,20 +116,28 @@ and more compact files with an optimized layout. This process will take a long t
it builds the files side-by-side the existing database files. It can make your database faster and use less disk space,
but should only be run if necessary. **It is safe to cancel this.**
```sh tab="OTP"
./bin/pleroma_ctl database vacuum full
```
=== "OTP"
```sh tab="From Source"
mix pleroma.database vacuum full
```
```sh
./bin/pleroma_ctl database vacuum full
```
=== "From Source"
```sh
mix pleroma.database vacuum full
```
## Add expiration to all local statuses
```sh tab="OTP"
./bin/pleroma_ctl database ensure_expiration
```
=== "OTP"
```sh tab="From Source"
mix pleroma.database ensure_expiration
```
```sh
./bin/pleroma_ctl database ensure_expiration
```
=== "From Source"
```sh
mix pleroma.database ensure_expiration
```

View file

@ -4,22 +4,30 @@
## Send digest email since given date (user registration date by default) ignoring user activity status.
```sh tab="OTP"
./bin/pleroma_ctl digest test <nickname> [since_date]
```
=== "OTP"
```sh tab="From Source"
mix pleroma.digest test <nickname> [since_date]
```
```sh
./bin/pleroma_ctl digest test <nickname> [since_date]
```
=== "From Source"
```sh
mix pleroma.digest test <nickname> [since_date]
```
Example:
```sh tab="OTP"
./bin/pleroma_ctl digest test donaldtheduck 2019-05-20
```
=== "OTP"
```sh tab="From Source"
mix pleroma.digest test donaldtheduck 2019-05-20
```
```sh
./bin/pleroma_ctl digest test donaldtheduck 2019-05-20
```
=== "From Source"
```sh
mix pleroma.digest test donaldtheduck 2019-05-20
```

View file

@ -4,21 +4,29 @@
## Send test email (instance email by default)
```sh tab="OTP"
./bin/pleroma_ctl email test [--to <destination email address>]
```
=== "OTP"
```sh tab="From Source"
mix pleroma.email test [--to <destination email address>]
```
```sh
./bin/pleroma_ctl email test [--to <destination email address>]
```
=== "From Source"
```sh
mix pleroma.email test [--to <destination email address>]
```
Example:
```sh tab="OTP"
./bin/pleroma_ctl email test --to root@example.org
```
=== "OTP"
```sh tab="From Source"
mix pleroma.email test --to root@example.org
```
```sh
./bin/pleroma_ctl email test --to root@example.org
```
=== "From Source"
```sh
mix pleroma.email test --to root@example.org
```

View file

@ -4,13 +4,15 @@
## Lists emoji packs and metadata specified in the manifest
```sh tab="OTP"
./bin/pleroma_ctl emoji ls-packs [option ...]
```
=== "OTP"
```sh
./bin/pleroma_ctl emoji ls-packs [option ...]
```
```sh tab="From Source"
mix pleroma.emoji ls-packs [option ...]
```
=== "From Source"
```sh
mix pleroma.emoji ls-packs [option ...]
```
### Options
@ -18,26 +20,30 @@ mix pleroma.emoji ls-packs [option ...]
## Fetch, verify and install the specified packs from the manifest into `STATIC-DIR/emoji/PACK-NAME`
```sh tab="OTP"
./bin/pleroma_ctl emoji get-packs [option ...] <pack ...>
```
=== "OTP"
```sh
./bin/pleroma_ctl emoji get-packs [option ...] <pack ...>
```
```sh tab="From Source"
mix pleroma.emoji get-packs [option ...] <pack ...>
```
=== "From Source"
```sh
mix pleroma.emoji get-packs [option ...] <pack ...>
```
### Options
- `-m, --manifest PATH/URL` - same as [`ls-packs`](#ls-packs)
## Create a new manifest entry and a file list from the specified remote pack file
```sh tab="OTP"
./bin/pleroma_ctl emoji gen-pack PACK-URL
```
=== "OTP"
```sh
./bin/pleroma_ctl emoji gen-pack PACK-URL
```
```sh tab="From Source"
mix pleroma.emoji gen-pack PACK-URL
```
=== "From Source"
```sh
mix pleroma.emoji gen-pack PACK-URL
```
Currently, only .zip archives are recognized as remote pack files and packs are therefore assumed to be zip archives. This command is intended to run interactively and will first ask you some basic questions about the pack, then download the remote file and generate an SHA256 checksum for it, then generate an emoji file list for you.
@ -47,8 +53,9 @@ Currently, only .zip archives are recognized as remote pack files and packs are
## Reload emoji packs
```sh tab="OTP"
./bin/pleroma_ctl emoji reload
```
=== "OTP"
```sh
./bin/pleroma_ctl emoji reload
```
This command only works with OTP releases.

View file

@ -3,13 +3,17 @@
{! backend/administration/CLI_tasks/general_cli_task_info.include !}
## Generate a new configuration file
```sh tab="OTP"
./bin/pleroma_ctl instance gen [option ...]
```
=== "OTP"
```sh tab="From Source"
mix pleroma.instance gen [option ...]
```
```sh
./bin/pleroma_ctl instance gen [option ...]
```
=== "From Source"
```sh
mix pleroma.instance gen [option ...]
```
If any of the options are left unspecified, you will be prompted interactively.

View file

@ -7,10 +7,14 @@
Optional params:
* `-s SCOPES` - scopes for app, e.g. `read,write,follow,push`.
```sh tab="OTP"
./bin/pleroma_ctl app create -n APP_NAME -r REDIRECT_URI
```
=== "OTP"
```sh tab="From Source"
mix pleroma.app create -n APP_NAME -r REDIRECT_URI
```
```sh
./bin/pleroma_ctl app create -n APP_NAME -r REDIRECT_URI
```
=== "From Source"
```sh
mix pleroma.app create -n APP_NAME -r REDIRECT_URI
```

View file

@ -4,30 +4,42 @@
## Follow a relay
```sh tab="OTP"
./bin/pleroma_ctl relay follow <relay_url>
```
=== "OTP"
```sh tab="From Source"
mix pleroma.relay follow <relay_url>
```
```sh
./bin/pleroma_ctl relay follow <relay_url>
```
=== "From Source"
```sh
mix pleroma.relay follow <relay_url>
```
## Unfollow a remote relay
```sh tab="OTP"
./bin/pleroma_ctl relay unfollow <relay_url>
```
=== "OTP"
```sh tab="From Source"
mix pleroma.relay unfollow <relay_url>
```
```sh
./bin/pleroma_ctl relay unfollow <relay_url>
```
=== "From Source"
```sh
mix pleroma.relay unfollow <relay_url>
```
## List relay subscriptions
```sh tab="OTP"
./bin/pleroma_ctl relay list
```
=== "OTP"
```sh tab="From Source"
mix pleroma.relay list
```
```sh
./bin/pleroma_ctl relay list
```
=== "From Source"
```sh
mix pleroma.relay list
```

View file

@ -8,10 +8,14 @@ The `robots.txt` that ships by default is permissive. It allows well-behaved sea
If you want to generate a restrictive `robots.txt`, you can run the following mix task. The generated `robots.txt` will be written in your instance [static directory](../../../configuration/static_dir/).
```elixir tab="OTP"
./bin/pleroma_ctl robots_txt disallow_all
```
=== "OTP"
```elixir tab="From Source"
mix pleroma.robots_txt disallow_all
```
```sh
./bin/pleroma_ctl robots_txt disallow_all
```
=== "From Source"
```sh
mix pleroma.robots_txt disallow_all
```

View file

@ -3,13 +3,17 @@
{! backend/administration/CLI_tasks/general_cli_task_info.include !}
## Migrate uploads from local to remote storage
```sh tab="OTP"
./bin/pleroma_ctl uploads migrate_local <target_uploader> [option ...]
```
=== "OTP"
```sh tab="From Source"
mix pleroma.uploads migrate_local <target_uploader> [option ...]
```
```sh
./bin/pleroma_ctl uploads migrate_local <target_uploader> [option ...]
```
=== "From Source"
```sh
mix pleroma.uploads migrate_local <target_uploader> [option ...]
```
### Options
- `--delete` - delete local uploads after migrating them to the target uploader

View file

@ -4,13 +4,17 @@
## Create a user
```sh tab="OTP"
./bin/pleroma_ctl user new <nickname> <email> [option ...]
```
=== "OTP"
```sh tab="From Source"
mix pleroma.user new <nickname> <email> [option ...]
```
```sh
./bin/pleroma_ctl user new <nickname> <email> [option ...]
```
=== "From Source"
```sh
mix pleroma.user new <nickname> <email> [option ...]
```
### Options
@ -22,23 +26,33 @@ mix pleroma.user new <nickname> <email> [option ...]
- `-y`, `--assume-yes`/`--no-assume-yes` - whether to assume yes to all questions
## List local users
```sh tab="OTP"
./bin/pleroma_ctl user list
```
```sh tab="From Source"
mix pleroma.user list
```
=== "OTP"
```sh
./bin/pleroma_ctl user list
```
=== "From Source"
```sh
mix pleroma.user list
```
## Generate an invite link
```sh tab="OTP"
./bin/pleroma_ctl user invite [option ...]
```
```sh tab="From Source"
mix pleroma.user invite [option ...]
```
=== "OTP"
```sh
./bin/pleroma_ctl user invite [option ...]
```
=== "From Source"
```sh
mix pleroma.user invite [option ...]
```
### Options
@ -46,113 +60,168 @@ mix pleroma.user invite [option ...]
- `--max-use NUMBER` - maximum numbers of token uses
## List generated invites
```sh tab="OTP"
./bin/pleroma_ctl user invites
```
```sh tab="From Source"
mix pleroma.user invites
```
=== "OTP"
```sh
./bin/pleroma_ctl user invites
```
=== "From Source"
```sh
mix pleroma.user invites
```
## Revoke invite
```sh tab="OTP"
./bin/pleroma_ctl user revoke_invite <token>
```
```sh tab="From Source"
mix pleroma.user revoke_invite <token>
```
=== "OTP"
```sh
./bin/pleroma_ctl user revoke_invite <token>
```
=== "From Source"
```sh
mix pleroma.user revoke_invite <token>
```
## Delete a user
```sh tab="OTP"
./bin/pleroma_ctl user rm <nickname>
```
```sh tab="From Source"
mix pleroma.user rm <nickname>
```
=== "OTP"
```sh
./bin/pleroma_ctl user rm <nickname>
```
=== "From Source"
```sh
mix pleroma.user rm <nickname>
```
## Delete user's posts and interactions
```sh tab="OTP"
./bin/pleroma_ctl user delete_activities <nickname>
```
```sh tab="From Source"
mix pleroma.user delete_activities <nickname>
```
=== "OTP"
```sh
./bin/pleroma_ctl user delete_activities <nickname>
```
=== "From Source"
```sh
mix pleroma.user delete_activities <nickname>
```
## Sign user out from all applications (delete user's OAuth tokens and authorizations)
```sh tab="OTP"
./bin/pleroma_ctl user sign_out <nickname>
```
```sh tab="From Source"
mix pleroma.user sign_out <nickname>
```
=== "OTP"
```sh
./bin/pleroma_ctl user sign_out <nickname>
```
=== "From Source"
```sh
mix pleroma.user sign_out <nickname>
```
## Deactivate or activate a user
```sh tab="OTP"
./bin/pleroma_ctl user toggle_activated <nickname>
```
```sh tab="From Source"
mix pleroma.user toggle_activated <nickname>
```
=== "OTP"
```sh
./bin/pleroma_ctl user toggle_activated <nickname>
```
=== "From Source"
```sh
mix pleroma.user toggle_activated <nickname>
```
## Deactivate a user and unsubscribes local users from the user
```sh tab="OTP"
./bin/pleroma_ctl user deactivate NICKNAME
```
```sh tab="From Source"
mix pleroma.user deactivate NICKNAME
```
=== "OTP"
```sh
./bin/pleroma_ctl user deactivate NICKNAME
```
=== "From Source"
```sh
mix pleroma.user deactivate NICKNAME
```
## Deactivate all accounts from an instance and unsubscribe local users on it
```sh tab="OTP"
./bin/pleroma_ctl user deactivate_all_from_instance <instance>
```
```sh tab="From Source"
mix pleroma.user deactivate_all_from_instance <instance>
```
=== "OTP"
```sh
./bin/pleroma_ctl user deactivate_all_from_instance <instance>
```
=== "From Source"
```sh
mix pleroma.user deactivate_all_from_instance <instance>
```
## Create a password reset link for user
```sh tab="OTP"
./bin/pleroma_ctl user reset_password <nickname>
```
```sh tab="From Source"
mix pleroma.user reset_password <nickname>
```
=== "OTP"
```sh
./bin/pleroma_ctl user reset_password <nickname>
```
=== "From Source"
```sh
mix pleroma.user reset_password <nickname>
```
## Disable Multi Factor Authentication (MFA/2FA) for a user
```sh tab="OTP"
./bin/pleroma_ctl user reset_mfa <nickname>
```
```sh tab="From Source"
mix pleroma.user reset_mfa <nickname>
```
=== "OTP"
```sh
./bin/pleroma_ctl user reset_mfa <nickname>
```
=== "From Source"
```sh
mix pleroma.user reset_mfa <nickname>
```
## Set the value of the given user's settings
```sh tab="OTP"
./bin/pleroma_ctl user set <nickname> [option ...]
```
```sh tab="From Source"
mix pleroma.user set <nickname> [option ...]
```
=== "OTP"
```sh
./bin/pleroma_ctl user set <nickname> [option ...]
```
=== "From Source"
```sh
mix pleroma.user set <nickname> [option ...]
```
### Options
- `--locked`/`--no-locked` - whether the user should be locked
@ -160,30 +229,45 @@ mix pleroma.user set <nickname> [option ...]
- `--admin`/`--no-admin` - whether the user should be an admin
## Add tags to a user
```sh tab="OTP"
./bin/pleroma_ctl user tag <nickname> <tags>
```
```sh tab="From Source"
mix pleroma.user tag <nickname> <tags>
```
=== "OTP"
```sh
./bin/pleroma_ctl user tag <nickname> <tags>
```
=== "From Source"
```sh
mix pleroma.user tag <nickname> <tags>
```
## Delete tags from a user
```sh tab="OTP"
./bin/pleroma_ctl user untag <nickname> <tags>
```
```sh tab="From Source"
mix pleroma.user untag <nickname> <tags>
```
=== "OTP"
```sh
./bin/pleroma_ctl user untag <nickname> <tags>
```
=== "From Source"
```sh
mix pleroma.user untag <nickname> <tags>
```
## Toggle confirmation status of the user
```sh tab="OTP"
./bin/pleroma_ctl user toggle_confirmed <nickname>
```
```sh tab="From Source"
mix pleroma.user toggle_confirmed <nickname>
```
=== "OTP"
```sh
./bin/pleroma_ctl user toggle_confirmed <nickname>
```
=== "From Source"
```sh
mix pleroma.user toggle_confirmed <nickname>
```

View file

@ -38,8 +38,8 @@ To add configuration to your config file, you can copy it from the base config.
* `federation_incoming_replies_max_depth`: Max. depth of reply-to activities fetching on incoming federation, to prevent out-of-memory situations while fetching very long threads. If set to `nil`, threads of any depth will be fetched. Lower this value if you experience out-of-memory crashes.
* `federation_reachability_timeout_days`: Timeout (in days) of each external federation target being unreachable prior to pausing federating to it.
* `allow_relay`: Enable Pleromas Relay, which makes it possible to follow a whole instance.
* `public`: Makes the client API in authenticated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. See also: `restrict_unauthenticated`.
* `quarantined_instances`: List of ActivityPub instances where private(DMs, followers-only) activities will not be send.
* `public`: Makes the client API in authenticated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. Note that there is a dependent setting restricting or allowing unauthenticated access to specific resources, see `restrict_unauthenticated` for more details.
* `quarantined_instances`: List of ActivityPub instances where private (DMs, followers-only) activities will not be send.
* `managed_config`: Whenether the config for pleroma-fe is configured in [:frontend_configurations](#frontend_configurations) or in ``static/config.json``.
* `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML).
* `extended_nickname_format`: Set to `true` to use extended local nicknames format (allows underscores/dashes). This will break federation with
@ -1051,6 +1051,8 @@ Restrict access for unauthenticated users to timelines (public and federated), u
* `local`
* `remote`
Note: when `:instance, :public` is set to `false`, all `:restrict_unauthenticated` items be effectively set to `true` by default. If you'd like to allow unauthenticated access to specific API endpoints on a private instance, please explicitly set `:restrict_unauthenticated` to non-default value in `config/prod.secret.exs`.
Note: setting `restrict_unauthenticated/timelines/local` to `true` has no practical sense if `restrict_unauthenticated/timelines/federated` is set to `false` (since local public activities will still be delivered to unauthenticated users as part of federated timeline).
## Pleroma.Web.ApiSpec.CastAndValidate

View file

@ -4,15 +4,19 @@ Static frontend files are shipped with pleroma. If you want to overwrite or upda
You can find the location of the static directory in the [configuration](../cheatsheet/#instance).
```elixir tab="OTP"
config :pleroma, :instance,
static_dir: "/var/lib/pleroma/static/",
```
=== "OTP"
```elixir tab="From Source"
config :pleroma, :instance,
static_dir: "instance/static/",
```
```elixir
config :pleroma, :instance,
static_dir: "/var/lib/pleroma/static/"
```
=== "From Source"
```elixir
config :pleroma, :instance,
static_dir: "instance/static/"
```
Alternatively, you can overwrite this value in your configuration to use a different static instance directory.

View file

@ -8,13 +8,15 @@ You will be running commands as root. If you aren't root already, please elevate
The system needs to have `curl` and `unzip` installed for downloading and unpacking release builds.
```sh tab="Alpine"
apk add curl unzip
```
=== "Alpine"
```sh
apk add curl unzip
```
```sh tab="Debian/Ubuntu"
apt install curl unzip
```
=== "Debian/Ubuntu"
```sh
apt install curl unzip
```
## Moving content out of the application directory
When using OTP releases the application directory changes with every version so it would be a bother to keep content there (and also dangerous unless `--no-rm` option is used when updating). Fortunately almost all paths in Pleroma are configurable, so it is possible to move them out of there.
@ -110,27 +112,29 @@ OTP releases have different service files than from-source installs so they need
**Warning:** The service files assume pleroma user's home directory is `/opt/pleroma`, please make sure all paths fit your installation.
```sh tab="Alpine"
# Copy the service into a proper directory
cp -f ~pleroma/installation/init.d/pleroma /etc/init.d/pleroma
=== "Alpine"
```sh
# Copy the service into a proper directory
cp -f ~pleroma/installation/init.d/pleroma /etc/init.d/pleroma
# Start pleroma
rc-service pleroma start
```
# Start pleroma
rc-service pleroma start
```
```sh tab="Debian/Ubuntu"
# Copy the service into a proper directory
cp ~pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
=== "Debian/Ubuntu"
```sh
# Copy the service into a proper directory
cp ~pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
# Reload service files
systemctl daemon-reload
# Reload service files
systemctl daemon-reload
# Reenable pleroma to start on boot
systemctl reenable pleroma
# Reenable pleroma to start on boot
systemctl reenable pleroma
# Start pleroma
systemctl start pleroma
```
# Start pleroma
systemctl start pleroma
```
## Running mix tasks
Refer to [Running mix tasks](otp_en.md#running-mix-tasks) section from OTP release installation guide.

View file

@ -28,15 +28,17 @@ Other than things bundled in the OTP release Pleroma depends on:
* nginx (could be swapped with another reverse proxy but this guide covers only it)
* certbot (for Let's Encrypt certificates, could be swapped with another ACME client, but this guide covers only it)
```sh tab="Alpine"
echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories
apk update
apk add curl unzip ncurses postgresql postgresql-contrib nginx certbot
```
=== "Alpine"
```
echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories
apk update
apk add curl unzip ncurses postgresql postgresql-contrib nginx certbot
```
```sh tab="Debian/Ubuntu"
apt install curl unzip libncurses5 postgresql postgresql-contrib nginx certbot
```
=== "Debian/Ubuntu"
```
apt install curl unzip libncurses5 postgresql postgresql-contrib nginx certbot
```
## Setup
### Configuring PostgreSQL
@ -47,31 +49,35 @@ apt install curl unzip libncurses5 postgresql postgresql-contrib nginx certbot
RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. You can read more about them on the [Configuration page](../configuration/cheatsheet.md#rum-indexing-for-full-text-search). They are completely optional and most of the time are not worth it, especially if you are running a single user instance (unless you absolutely need ordered search results).
```sh tab="Alpine"
apk add git build-base postgresql-dev
git clone https://github.com/postgrespro/rum /tmp/rum
cd /tmp/rum
make USE_PGXS=1
make USE_PGXS=1 install
cd
rm -r /tmp/rum
```
=== "Alpine"
```
apk add git build-base postgresql-dev
git clone https://github.com/postgrespro/rum /tmp/rum
cd /tmp/rum
make USE_PGXS=1
make USE_PGXS=1 install
cd
rm -r /tmp/rum
```
```sh tab="Debian/Ubuntu"
# Available only on Buster/19.04
apt install postgresql-11-rum
```
=== "Debian/Ubuntu"
```
# Available only on Buster/19.04
apt install postgresql-11-rum
```
#### (Optional) Performance configuration
It is encouraged to check [Optimizing your PostgreSQL performance](../configuration/postgresql.md) document, for tips on PostgreSQL tuning.
```sh tab="Alpine"
rc-service postgresql restart
```
=== "Alpine"
```
rc-service postgresql restart
```
```sh tab="Debian/Ubuntu"
systemctl restart postgresql
```
=== "Debian/Ubuntu"
```
systemctl restart postgresql
```
If you are using PostgreSQL 12 or higher, add this to your Ecto database configuration
@ -151,14 +157,16 @@ certbot certonly --standalone --preferred-challenges http -d yourinstance.tld
The location of nginx configs is dependent on the distro
```sh tab="Alpine"
cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/conf.d/pleroma.conf
```
=== "Alpine"
```
cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/conf.d/pleroma.conf
```
```sh tab="Debian/Ubuntu"
cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.conf
ln -s /etc/nginx/sites-available/pleroma.conf /etc/nginx/sites-enabled/pleroma.conf
```
=== "Debian/Ubuntu"
```
cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.conf
ln -s /etc/nginx/sites-available/pleroma.conf /etc/nginx/sites-enabled/pleroma.conf
```
If your distro does not have either of those you can append `include /etc/nginx/pleroma.conf` to the end of the http section in /etc/nginx/nginx.conf and
```sh
@ -175,35 +183,39 @@ nginx -t
```
#### Start nginx
```sh tab="Alpine"
rc-service nginx start
```
=== "Alpine"
```
rc-service nginx start
```
```sh tab="Debian/Ubuntu"
systemctl start nginx
```
=== "Debian/Ubuntu"
```
systemctl start nginx
```
At this point if you open your (sub)domain in a browser you should see a 502 error, that's because Pleroma is not started yet.
### Setting up a system service
```sh tab="Alpine"
# Copy the service into a proper directory
cp /opt/pleroma/installation/init.d/pleroma /etc/init.d/pleroma
=== "Alpine"
```
# Copy the service into a proper directory
cp /opt/pleroma/installation/init.d/pleroma /etc/init.d/pleroma
# Start pleroma and enable it on boot
rc-service pleroma start
rc-update add pleroma
```
# Start pleroma and enable it on boot
rc-service pleroma start
rc-update add pleroma
```
```sh tab="Debian/Ubuntu"
# Copy the service into a proper directory
cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
=== "Debian/Ubuntu"
```
# Copy the service into a proper directory
cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
# Start pleroma and enable it on boot
systemctl start pleroma
systemctl enable pleroma
```
# Start pleroma and enable it on boot
systemctl start pleroma
systemctl enable pleroma
```
If everything worked, you should see Pleroma-FE when visiting your domain. If that didn't happen, try reviewing the installation steps, starting Pleroma in the foreground and seeing if there are any errrors.
@ -223,43 +235,45 @@ $EDITOR path-to-nginx-config
nginx -t
```
```sh tab="Alpine"
# Restart nginx
rc-service nginx restart
=== "Alpine"
```
# Restart nginx
rc-service nginx restart
# Start the cron daemon and make it start on boot
rc-service crond start
rc-update add crond
# Start the cron daemon and make it start on boot
rc-service crond start
rc-update add crond
# Ensure the webroot menthod and post hook is working
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'rc-service nginx reload'
# Ensure the webroot menthod and post hook is working
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'rc-service nginx reload'
# Add it to the daily cron
echo '#!/bin/sh
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "rc-service nginx reload"
' > /etc/periodic/daily/renew-pleroma-cert
chmod +x /etc/periodic/daily/renew-pleroma-cert
# Add it to the daily cron
echo '#!/bin/sh
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "rc-service nginx reload"
' > /etc/periodic/daily/renew-pleroma-cert
chmod +x /etc/periodic/daily/renew-pleroma-cert
# If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert
run-parts --test /etc/periodic/daily
```
# If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert
run-parts --test /etc/periodic/daily
```
```sh tab="Debian/Ubuntu"
# Restart nginx
systemctl restart nginx
=== "Debian/Ubuntu"
```
# Restart nginx
systemctl restart nginx
# Ensure the webroot menthod and post hook is working
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'systemctl reload nginx'
# Ensure the webroot menthod and post hook is working
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'systemctl reload nginx'
# Add it to the daily cron
echo '#!/bin/sh
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"
' > /etc/cron.daily/renew-pleroma-cert
chmod +x /etc/cron.daily/renew-pleroma-cert
# Add it to the daily cron
echo '#!/bin/sh
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"
' > /etc/cron.daily/renew-pleroma-cert
chmod +x /etc/cron.daily/renew-pleroma-cert
# If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert
run-parts --test /etc/cron.daily
```
# If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert
run-parts --test /etc/cron.daily
```
## Create your first user and set as admin
```sh

View file

@ -41,6 +41,10 @@ def run(args \\ []) do
load_pleroma()
{opts, _} = OptionParser.parse!(args, strict: @switches, aliases: @aliases)
if Application.get_env(:pleroma, Pleroma.Repo)[:ssl] do
Application.ensure_all_started(:ssl)
end
opts =
if opts[:to] || opts[:step] || opts[:all],
do: opts,

View file

@ -40,6 +40,10 @@ def run(args \\ []) do
load_pleroma()
{opts, _} = OptionParser.parse!(args, strict: @switches, aliases: @aliases)
if Application.get_env(:pleroma, Pleroma.Repo)[:ssl] do
Application.ensure_all_started(:ssl)
end
opts =
if opts[:to] || opts[:step] || opts[:all],
do: opts,

View file

@ -81,6 +81,16 @@ def delete(key) do
Application.delete_env(:pleroma, key)
end
def restrict_unauthenticated_access?(resource, kind) do
setting = get([:restrict_unauthenticated, resource, kind])
if setting in [nil, :if_instance_is_private] do
!get!([:instance, :public])
else
setting
end
end
def oauth_consumer_strategies, do: get([:auth, :oauth_consumer_strategies], [])
def oauth_consumer_enabled?, do: oauth_consumer_strategies() != []

View file

@ -6,6 +6,10 @@ defmodule Pleroma.Upload.Filter.Mogrifun do
@behaviour Pleroma.Upload.Filter
alias Pleroma.Upload.Filter
@moduledoc """
This module is just an example of an Upload filter. It's not supposed to be used in production.
"""
@filters [
{"implode", "1"},
{"-raise", "20"},

View file

@ -311,10 +311,12 @@ def visible_for(%User{} = user, for_user) do
def visible_for(_, _), do: :invisible
defp restrict_unauthenticated?(%User{local: local}) do
config_key = if local, do: :local, else: :remote
defp restrict_unauthenticated?(%User{local: true}) do
Config.restrict_unauthenticated_access?(:profiles, :local)
end
Config.get([:restrict_unauthenticated, :profiles, config_key], false)
defp restrict_unauthenticated?(%User{local: _}) do
Config.restrict_unauthenticated_access?(:profiles, :remote)
end
defp visible_account_status(user) do

View file

@ -59,12 +59,9 @@ def visible_for_user?(%{data: %{"listMessage" => list_ap_id}} = activity, %User{
end
def visible_for_user?(%{local: local} = activity, nil) do
cfg_key =
if local,
do: :local,
else: :remote
cfg_key = if local, do: :local, else: :remote
if Pleroma.Config.get([:restrict_unauthenticated, :activities, cfg_key]),
if Pleroma.Config.restrict_unauthenticated_access?(:activities, cfg_key),
do: false,
else: is_public?(activity)
end

View file

@ -26,29 +26,40 @@ defmodule Pleroma.Web.AdminAPI.MediaProxyCacheController do
defdelegate open_api_operation(action), to: Spec.MediaProxyCacheOperation
def index(%{assigns: %{user: _}} = conn, params) do
cursor =
:banned_urls_cache
|> :ets.table([{:traverse, {:select, Cachex.Query.create(true, :key)}}])
|> :qlc.cursor()
entries = fetch_entries(params)
urls = paginate_entries(entries, params.page, params.page_size)
urls =
case params.page do
1 ->
:qlc.next_answers(cursor, params.page_size)
render(conn, "index.json",
urls: urls,
page_size: params.page_size,
count: length(entries)
)
end
_ ->
:qlc.next_answers(cursor, (params.page - 1) * params.page_size)
:qlc.next_answers(cursor, params.page_size)
end
defp fetch_entries(params) do
MediaProxy.cache_table()
|> Cachex.stream!(Cachex.Query.create(true, :key))
|> filter_entries(params[:query])
end
:qlc.delete_cursor(cursor)
defp filter_entries(stream, query) when is_binary(query) do
regex = ~r/#{query}/i
render(conn, "index.json", urls: urls)
stream
|> Enum.filter(fn url -> String.match?(url, regex) end)
|> Enum.to_list()
end
defp filter_entries(stream, _), do: Enum.to_list(stream)
defp paginate_entries(entries, page, page_size) do
offset = page_size * (page - 1)
Enum.slice(entries, offset, page_size)
end
def delete(%{assigns: %{user: _}, body_params: %{urls: urls}} = conn, _) do
MediaProxy.remove_from_banned_urls(urls)
render(conn, "index.json", urls: urls)
json(conn, %{})
end
def purge(%{assigns: %{user: _}, body_params: %{urls: urls, ban: ban}} = conn, _) do
@ -58,6 +69,6 @@ def purge(%{assigns: %{user: _}, body_params: %{urls: urls, ban: ban}} = conn, _
MediaProxy.put_in_banned_urls(urls)
end
render(conn, "index.json", urls: urls)
json(conn, %{})
end
end

View file

@ -5,7 +5,11 @@
defmodule Pleroma.Web.AdminAPI.MediaProxyCacheView do
use Pleroma.Web, :view
def render("index.json", %{urls: urls}) do
%{urls: urls}
def render("index.json", %{urls: urls, page_size: page_size, count: count}) do
%{
urls: urls,
count: count,
page_size: page_size
}
end
end

View file

@ -21,6 +21,12 @@ def index_operation do
operationId: "AdminAPI.MediaProxyCacheController.index",
security: [%{"oAuth" => ["read:media_proxy_caches"]}],
parameters: [
Operation.parameter(
:query,
:query,
%Schema{type: :string, default: nil},
"Page"
),
Operation.parameter(
:page,
:query,
@ -36,7 +42,26 @@ def index_operation do
| admin_api_params()
],
responses: %{
200 => success_response()
200 =>
Operation.response(
"Array of banned MediaProxy URLs in Cachex",
"application/json",
%Schema{
type: :object,
properties: %{
count: %Schema{type: :integer},
page_size: %Schema{type: :integer},
urls: %Schema{
type: :array,
items: %Schema{
type: :string,
format: :uri,
description: "MediaProxy URLs"
}
}
}
}
)
}
}
end
@ -61,7 +86,7 @@ def delete_operation do
required: true
),
responses: %{
200 => success_response(),
200 => empty_object_response(),
400 => Operation.response("Error", "application/json", ApiError)
}
}
@ -88,25 +113,9 @@ def purge_operation do
required: true
),
responses: %{
200 => success_response(),
200 => empty_object_response(),
400 => Operation.response("Error", "application/json", ApiError)
}
}
end
defp success_response do
Operation.response("Array of banned MediaProxy URLs in Cachex", "application/json", %Schema{
type: :object,
properties: %{
urls: %Schema{
type: :array,
items: %Schema{
type: :string,
format: :uri,
description: "MediaProxy URLs"
}
}
}
})
end
end

View file

@ -8,6 +8,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
import Pleroma.Web.ControllerHelper,
only: [add_link_headers: 2, add_link_headers: 3]
alias Pleroma.Config
alias Pleroma.Pagination
alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
alias Pleroma.Plugs.OAuthScopesPlug
@ -89,11 +90,11 @@ def direct(%{assigns: %{user: user}} = conn, params) do
end
defp restrict_unauthenticated?(true = _local_only) do
Pleroma.Config.get([:restrict_unauthenticated, :timelines, :local])
Config.restrict_unauthenticated_access?(:timelines, :local)
end
defp restrict_unauthenticated?(_) do
Pleroma.Config.get([:restrict_unauthenticated, :timelines, :federated])
Config.restrict_unauthenticated_access?(:timelines, :federated)
end
# GET /api/v1/timelines/public

View file

@ -9,28 +9,31 @@ defmodule Pleroma.Web.MediaProxy do
alias Pleroma.Web.MediaProxy.Invalidation
@base64_opts [padding: false]
@cache_table :banned_urls_cache
def cache_table, do: @cache_table
@spec in_banned_urls(String.t()) :: boolean()
def in_banned_urls(url), do: elem(Cachex.exists?(:banned_urls_cache, url(url)), 1)
def in_banned_urls(url), do: elem(Cachex.exists?(@cache_table, url(url)), 1)
def remove_from_banned_urls(urls) when is_list(urls) do
Cachex.execute!(:banned_urls_cache, fn cache ->
Cachex.execute!(@cache_table, fn cache ->
Enum.each(Invalidation.prepare_urls(urls), &Cachex.del(cache, &1))
end)
end
def remove_from_banned_urls(url) when is_binary(url) do
Cachex.del(:banned_urls_cache, url(url))
Cachex.del(@cache_table, url(url))
end
def put_in_banned_urls(urls) when is_list(urls) do
Cachex.execute!(:banned_urls_cache, fn cache ->
Cachex.execute!(@cache_table, fn cache ->
Enum.each(Invalidation.prepare_urls(urls), &Cachex.put(cache, &1, true))
end)
end
def put_in_banned_urls(url) when is_binary(url) do
Cachex.put(:banned_urls_cache, url(url), true)
Cachex.put(@cache_table, url(url), true)
end
def url(url) when is_nil(url) or url == "", do: nil

View file

@ -16,7 +16,7 @@ def generate_terms(params) do
end
def build_public_tag(acc, params) do
if Pleroma.Config.get([:restrict_unauthenticated, :timelines, :federated], true) do
if Pleroma.Config.restrict_unauthenticated_access?(:timelines, :federated) do
acc
else
Map.put(acc, @public_url, public_timeline(params))

View file

@ -16,8 +16,8 @@ defmodule Pleroma.Workers.Cron.ClearOauthTokenWorker do
def perform(_job) do
if Config.get([:oauth2, :clean_expired_tokens], false) do
Token.delete_expired_tokens()
else
:ok
end
:ok
end
end

View file

@ -37,9 +37,9 @@ def perform(_job) do
)
|> Repo.all()
|> send_emails
else
:ok
end
:ok
end
def send_emails(users) do

View file

@ -55,11 +55,9 @@ def perform(_job) do
|> Repo.all()
|> Enum.map(&Pleroma.Emails.NewUsersDigestEmail.new_users(&1, users_and_statuses))
|> Enum.each(&Pleroma.Emails.Mailer.deliver/1)
else
:ok
end
else
:ok
end
:ok
end
end

View file

@ -23,9 +23,9 @@ defmodule Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker do
def perform(_job) do
if Config.get([ActivityExpiration, :enabled]) do
Enum.each(ActivityExpiration.due_expirations(@interval), &delete_activity/1)
else
:ok
end
after
:ok
end
def delete_activity(%ActivityExpiration{activity_id: activity_id}) do
@ -41,7 +41,7 @@ def delete_activity(%ActivityExpiration{activity_id: activity_id}) do
{:user, _} ->
Logger.error(
"#{__MODULE__} Couldn't delete expired activity: not found actorof ##{activity_id}"
"#{__MODULE__} Couldn't delete expired activity: not found actor of ##{activity_id}"
)
end
end

View file

@ -12,5 +12,6 @@ defmodule Pleroma.Workers.Cron.StatsWorker do
@impl Oban.Worker
def perform(_job) do
Pleroma.Stats.do_collect()
:ok
end
end

View file

@ -0,0 +1,7 @@
defmodule Pleroma.Repo.Migrations.AddInvisibleIndexToUsers do
use Ecto.Migration
def change do
create(index(:users, [:invisible]))
end
end

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -1 +1 @@
<!DOCTYPE html><html><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge,chrome=1"><meta name=renderer content=webkit><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Admin FE</title><link rel="shortcut icon" href=favicon.ico><link href=chunk-elementUI.1abbc9b8.css rel=stylesheet><link href=chunk-libs.686b5876.css rel=stylesheet><link href=app.01bdb34a.css rel=stylesheet></head><body><div id=app></div><script type=text/javascript src=static/js/runtime.0a70a9f5.js></script><script type=text/javascript src=static/js/chunk-elementUI.fba0efec.js></script><script type=text/javascript src=static/js/chunk-libs.b8c453ab.js></script><script type=text/javascript src=static/js/app.f220ac13.js></script></body></html>
<!DOCTYPE html><html><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge,chrome=1"><meta name=renderer content=webkit><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Admin FE</title><link rel="shortcut icon" href=favicon.ico><link href=chunk-elementUI.1abbc9b8.css rel=stylesheet><link href=chunk-libs.5cf7f50a.css rel=stylesheet><link href=app.61bb0915.css rel=stylesheet></head><body><div id=app></div><script type=text/javascript src=static/js/runtime.ba9393f3.js></script><script type=text/javascript src=static/js/chunk-elementUI.2de79b84.js></script><script type=text/javascript src=static/js/chunk-libs.76802be9.js></script><script type=text/javascript src=static/js/app.86bfcdf3.js></script></body></html>

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show more