Commit graph

15913 commits

Author SHA1 Message Date
309d574ff9 Merge branch 'develop' of https://akkoma.dev/AkkomaGang/akkoma into akko.wtf 2025-01-03 14:07:45 -05:00
e3c8c4f24f Merge pull request 'mrf/object_age: fix handling of non-public objects' (#851) from Oneric/akkoma:mrf-fix-oage into develop
Reviewed-on: AkkomaGang/akkoma#851
2025-01-03 15:26:11 +00:00
67cdc38296 Merge pull request 'Only proxy HTTP and HTTP urls via Media Proxy' (#860) from nopjmp/akkoma:media-proxy-only-http into develop
Reviewed-on: AkkomaGang/akkoma#860
2025-01-03 15:25:14 +00:00
89d209f486 Merge pull request 'Fix NodeInfo content-type' (#853) from Oneric/akkoma:nodeinfo-contenttype into develop
Reviewed-on: AkkomaGang/akkoma#853
2025-01-03 15:24:25 +00:00
087ada3b2e Merge pull request 'Update supported OTP version to 27 in docs' (#849) from norm/akkoma:docs/otp-27 into develop
Reviewed-on: AkkomaGang/akkoma#849
2025-01-03 15:23:59 +00:00
91bedcfa68 Merge pull request 'Completely omit id for anonymous objects' (#850) from Oneric/akkoma:ap-anonymous-errata into develop
Reviewed-on: AkkomaGang/akkoma#850
2025-01-03 15:23:03 +00:00
b736086ab6 Set customize_hostname_check for Swoosh.Adapters.SMTP
This should hopefully fix issues with connecting to SMTP servers
with wildcard TLS certificates.

Taken from https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl

Fixes AkkomaGang/akkoma#660
2024-12-17 18:32:20 -05:00
ff5d197341 Update CHANGELOG.md 2024-12-16 20:35:12 -06:00
7632765b43 Only proxy HTTP and HTTP urls via Media Proxy
We make an assumption that we are only proxying HTTP/HTTPS hosted
media through the media proxy endpoint.

Fixes: #859
2024-12-16 20:35:12 -06:00
c738f27e77 Merge remote-tracking branch 'upstream/develop' into akko.wtf 2024-12-15 04:42:20 -05:00
294de939cb signing_key: refactor nested case into with statement
The error branches were already effectively identical before.
This change is purely cosmetic.
2024-12-08 20:43:57 +00:00
7583eceb38 Make SigningKey data migration future-proof
Bug originally discovered by tudbut
2024-12-08 20:43:10 +00:00
7618ac3104 Merge branch 'develop' of https://akkoma.dev/AkkomaGang/akkoma into akko.wtf 2024-11-26 10:31:32 -05:00
834edfcf96 add changelog 2024-11-26 09:50:04 +00:00
79b282dea6 bump version 2024-11-26 09:36:20 +00:00
d1d82782db add signing key index 2024-11-26 09:35:56 +00:00
Haelwenn (lanodan) Monnier
2b1a252cc7 User: truncate remote user fields instead of rejecting 2024-11-26 09:29:44 +00:00
416aebb76a Fix NodeInfo content-type
Fixes: AkkomaGang/akkoma#852
2024-11-19 19:25:31 +01:00
51bebd32f2 Merge remote-tracking branch 'oneric/mrf-fix-oage' into akko.wtf 2024-11-17 00:51:22 -05:00
ce4def63b7 Merge remote-tracking branch 'oneric/attachcleanup-overeager' into akko.wtf 2024-11-17 00:50:06 -05:00
932810c35e mrf/object_age: fix handling of non-public objects
Current logic unconditionally adds public adressing to "cc"
and follower adressing to "to" after attempting to strip it
from the other one. This creates serious problems:

First the bug prompting this investigation and fix,
unconditional addition creates duplicates when adressing
URIs already were in their intended final field; e.g.
this is prominently the case for all "unlisted" posts.
Since List.delete only removes the first occurence,
this then broke follower-adress stripping later on
making the policy ineffective.

It’s also just not safe in general wrt to non-public adressing:
e.g. pre-existing duplicates didn’t get fully stripped,
bespoke adressing modes with only one of public addressing
or follower addressing are mangled — and most importantly:
any belatedly received DM or follower-only post
also got public adressing added!
Shockingly this last point was actually asserted as "correct" in tests;
it appears to be a mistake from mindless match adjustments
while fixing crashes on nil adressing in
10c792110e.

Clean up this sloppy logic up, making sure no more duplicates are
added by us, all instances of relevant adresses are purged and only
readded when they actually existed to begin with.
2024-11-17 00:44:51 +01:00
b31388b5df Delay attachment deletion
Otherwise attachments have a high chance to disappear with akkoma-fe’s
“delete & redraft” feature when cleanup is enabled in the backend. Since
we don't know whether a deletion was intended to be part of a redraft
process or even if whether the redraft was abandoned we still have to
delete attachments eventually.
A thirty minute delay should provide sufficient time for redrafting.

Fixes: AkkomaGang/akkoma#775
2024-11-17 00:41:23 +01:00
615ac14d6d Don't try to cleanup remote attachments
The cleanup attachment worker was run for every deleted post,
even if it’s a remote post whose attachments we don't even store.
This was especially bad due to attachment cleanup involving a
particularly heavy query wasting a bunch of database perf for nil.

This was uncovered by comparing statistics from
AkkomaGang/akkoma#784 and
AkkomaGang/akkoma#765 (comment)
2024-11-17 00:40:54 +01:00
34f650bc26 Merge remote-tracking branch 'oneric/mrf-fix-oage' into akko.wtf 2024-11-16 11:53:32 -05:00
5a3c6a6896 mrf/object_age: fix handling of non-public objects
Currently logic unconditionally adds public adressing to "cc"
and follower adressing to "to" after attempting to strip it
from the other one. This is horrible for two reasons:

First the bug prompting this investigation and fix,
this creates duplicates when adressing URIs already
were in their intended final field; e.g. prominently
the case for all "unlisted" posts.
Since List.delete only removes the first occurence,
this then broke follower-adress stripping later on.

It’s also not safe in general wrt to non-public adressing:
e.g. pre-existing duplicates didn’t get fully stripped,
bespoke adressing modes with only one of public addressing
or follower addressing — and most importantly:
any belatedly received DM also got public adressing added!
Shockingly this last point was actually checked as "correct" in tests
albeit this appears to be a mistake from mindless match adjustments
from when genuine crashes on nil adressing lists got fixed in
10c792110e.

Clean up this sloppy logic up, making sure all instances of relevant
adresses are purged and only readded when they actually existed to begin
with. To avoid problems with any List.delete usages remaining in other
places, also ensure we never create duplicate entries.
2024-11-16 03:19:41 +01:00
54b1678639 Merge remote-tracking branch 'oneric/ap-anonymous-errata' into akko.wtf 2024-11-14 17:18:01 -05:00
4c7ef1e027 Update supported OTP version to 27 in docs
The minor incompatibility should have been fixed with commit
bee10eab5e and PRs #839 and #841.
2024-11-09 18:24:53 -05:00
0f9c9aac38 Completely omit id for anonymous objects
Current AP spec demands anonymous objects to have an id value,
but explicitly set it to JSON null. Howeveras it turns out this is
incompatible with JSON-LD requiring `@id` to be a string and thus AP
spec is incompatible iwth the Ativity Streams spec it is based on.
This is an issue for (the few) AP implementers actually performing
JSON-LD processing, like IceShrimp.NET.
This was uncovered by IceShrimp.NET’s zotan due to our adoption of
anonymous objects for emoj in f101886709.

The issues is being discussed by W3C, and will most likely be resolved
via an errata redefining anonymous objects to completely omit the id
field just like transient objects already do. See:
https://github.com/w3c/activitypub/issues/476

Fixes: AkkomaGang/akkoma#848
2024-11-09 19:29:29 +01:00
67f3ee45b4 Merge branch 'develop' of https://akkoma.dev/AkkomaGang/akkoma into akko.wtf 2024-10-31 19:01:11 -04:00
c0a99df06a Merge remote-tracking branch 'oneric/varfixes' into develop 2024-10-30 15:15:00 +00:00
0cb4c35ee4 Merge pull request 'Extract keys to their own table, match keyID' (#816) from keys-extraction into develop
Reviewed-on: AkkomaGang/akkoma#816
2024-10-30 15:08:11 +00:00
c9b3fcc1d3 allow for OTP code changes in :zip 2024-10-30 14:43:18 +00:00
11c5838947 standardise local key id generation 2024-10-30 12:44:01 +00:00
ef22f3a92b Merge branch 'develop' of https://akkoma.dev/AkkomaGang/akkoma into akko.wtf 2024-10-28 19:39:50 -04:00
180dc8b472 downgrade earmark 2024-10-26 08:50:38 +01:00
d330c57cda make sure we correctly match key objects 2024-10-26 08:42:07 +01:00
bd64d07082 ensure migration actually works 2024-10-26 07:51:41 +01:00
9d2c558f64 remove unused import 2024-10-26 07:42:43 +01:00
ac25b051ae remove previous "allow user routes" functionality 2024-10-26 07:28:43 +01:00
c5a44a59db remove unneeded index 2024-10-26 07:00:38 +01:00
58d5d9d7bf fix tests, contain object 2024-10-26 06:58:47 +01:00
b6e8fde4dd Merge branch 'develop' into keys-extraction 2024-10-26 06:11:29 +01:00
bee10eab5e correct minor zip behaviour 2024-10-26 06:11:12 +01:00
13215f5f06 remove public key field 2024-10-26 05:28:55 +01:00
430b376ded mix format 2024-10-26 05:05:48 +01:00
ccf1007883 Fix about a million tests 2024-10-26 05:05:48 +01:00
6da783b84d Fix http signature plug tests 2024-10-26 05:05:48 +01:00
8f322456a0 Allow unsigned fetches of a user's public key 2024-10-26 05:05:48 +01:00
9c876cea21 Fix some tests 2024-10-26 05:05:48 +01:00
9728e2f8f7 adjust logic to use relation :signing_key 2024-10-26 05:05:47 +01:00