Commit graph

5175 commits

Author SHA1 Message Date
rinpatch
fc4496d4fa rate limiter: disable based on if remote ip was found, not on if the plug was enabled
The current rate limiter disable logic won't trigger when the remote ip
is not forwarded, only when the remoteip plug is not enabled, which is
not the case on most instances since it's enabled by default. This
changes the behavior to warn and disable  when the remote ip was not forwarded,
even if the RemoteIP plug is enabled.

Also closes #1620
2020-03-13 21:41:17 +03:00
rinpatch
3e0f05f08e Merge branch 'bugfix/br-vs-newline' into 'develop'
Formatting: Do not use \n and prefer <br> instead

Closes #1374 and #1375

See merge request pleroma/pleroma!2204
2020-03-13 18:22:55 +00:00
Mark Felder
c6eb1c1b92 Merge branch 'develop' into fix/cache-control-headers 2020-03-13 12:54:06 -05:00
Mark Felder
7321429a2e Lint 2020-03-13 12:42:06 -05:00
Mark Felder
3b1b183b42 Synchronize cache-control header for local media with the mediaproxy 2020-03-13 12:27:50 -05:00
Mark Felder
413177c8f0 Set correct Cache-Control header for local media 2020-03-13 12:02:58 -05:00
Mark Felder
c62195127d Update comment to reflect what the code is actually doing 2020-03-13 11:46:40 -05:00
Mark Felder
ad31d0726a Do not trust remote Cache-Control headers for mediaproxy 2020-03-13 11:30:27 -05:00
rinpatch
096c5c52e0 Merge branch 'revert/cache-control' into 'develop'
Revert "Set better Cache-Control header for static content"

Closes #1613

See merge request pleroma/pleroma!2290
2020-03-13 16:25:10 +00:00
Egor Kislitsyn
fffc382f13
Fix hashtags WebSocket streaming 2020-03-13 19:30:42 +04:00
Haelwenn (lanodan) Monnier
d1379c4de8
Formatting: Do not use \n and prefer <br> instead
It moves bbcode to bbcode_pleroma as the former is owned by kaniini
and transfering ownership wasn't done in a timely manner.

Closes: https://git.pleroma.social/pleroma/pleroma/issues/1374
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1375
2020-03-13 16:07:17 +01:00
802b991814 Merge branch 'exclude-posts-visible-to-admin' into 'develop'
Exclude private and direct statuses visible to the admin when using godmode

Closes #1599

See merge request pleroma/pleroma!2272
2020-03-12 20:29:51 +00:00
Ivan Tashkinov
bd40880fa0 Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
# Conflicts:
#	test/web/activity_pub/activity_pub_controller_test.exs
2020-03-12 12:07:07 +03:00
2019f3b3ff Merge branch 'fix/signup-without-email' into 'develop'
Allow account registration without an email

See merge request pleroma/pleroma!2246
2020-03-11 16:53:05 +00:00
rinpatch
7cdabdc0df Merge branch 'fix/1610-release-compilation-config-fix' into 'develop'
Merging default release config on app start

Closes #1610

See merge request pleroma/pleroma!2288
2020-03-11 15:16:18 +00:00
f92c447bbc Merge branch 'relay-list-change' into 'develop'
Relay list shows hosts without accepted follow

See merge request pleroma/pleroma!2240
2020-03-11 15:10:09 +00:00
rinpatch
c3b9fbd3a7 Revert "Set better Cache-Control header for static content"
On furher investigation it seems like all that did was cause unintuitive
behavior. The emoji request flood that was the reason for introducing it
isn't really that big of a deal either, since Plug.Static only needs to
read file modification time and size to determine the ETag.

Closes #1613
2020-03-11 17:58:25 +03:00
Alexander Strizhakov
fce090c1de
using Pleroma.Config instead of ets 2020-03-11 17:22:50 +03:00
Alexander Strizhakov
193d67cde5
compile fix 2020-03-11 16:43:58 +03:00
Alexander Strizhakov
282a93554f
merging release default config on app start 2020-03-11 16:25:53 +03:00
Ivan Tashkinov
5b696a8ac1 [#1560] Enforced authentication for non-federating instances in StaticFEController. 2020-03-11 14:05:56 +03:00
Ivan Tashkinov
972889550d Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions 2020-03-11 09:15:55 +03:00
Mark Felder
5af798f246 Fix enforcement of character limits 2020-03-10 13:08:00 -05:00
Ivan Tashkinov
5fc92deef3 [#1560] Ensured authentication or enabled federation for federation-related routes. New tests + tests refactoring. 2020-03-09 20:51:44 +03:00
rinpatch
6cf1958b02 moderation log: fix improperly migrated data
Some of the actions used to have a user map as a subject, which was then
changed to an array of user maps. However instead of migrating old data
there was just a hack to transform it every time, moreover this hack
didn't include all possible actions, which resulted in crashes. This
commit fixes the crashes by introducing a proper database migration for old data.

Closes #1606
2020-03-07 17:00:58 +03:00
Alexander Strizhakov
474ef512df wait in mix task while pleroma is rebooted 2020-03-07 16:02:55 +03:00
Ivan Tashkinov
027714b519 Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions 2020-03-06 11:48:30 +03:00
Ivan Tashkinov
40765875d4 [#1560] Misc. improvements in ActivityPubController federation state restrictions. 2020-03-05 21:19:21 +03:00
eugenijm
ad22e94f33 Exclude private and direct statuses visible to the admin when using godmode 2020-03-05 15:15:27 +03:00
lain
47604907c9 Merge branch 'proper_error_messages' into 'develop'
MastodonController: Return 404 errors correctly.

See merge request pleroma/pleroma!2270
2020-03-05 11:49:51 +00:00
Haelwenn
927079e2ff Merge branch 'fix/stats-on-startup' into 'develop'
Generate instance stats on startup

Closes #1598

See merge request pleroma/pleroma!2271
2020-03-05 07:25:23 +00:00
Mark Felder
cdb05633a6 Generate instance stats on startup 2020-03-04 13:33:26 -06:00
9b740cfb23 Merge branch 'exclude-reblogs-from-admin-api-by-default' into 'develop'
Exclude reblogs from `GET /api/pleroma/admin/statuses` by default

Closes #1596

See merge request pleroma/pleroma!2267
2020-03-04 18:22:37 +00:00
lain
4bce13fa2f MastodonController: Return 404 errors correctly. 2020-03-04 18:09:06 +01:00
lain
6f7a8c43a2 Merge branch 'fix/no-email-no-fail' into 'develop'
Do not fail when user has no email

See merge request pleroma/pleroma!2249
2020-03-04 12:43:06 +00:00
Mark Felder
05da5f5cca Update Copyrights 2020-03-03 16:44:49 -06:00
Ivan Tashkinov
b6fc98d9cd [#1560] ActivityPubController federation state restrictions adjustments. Adjusted tests. 2020-03-03 22:22:02 +03:00
Ivan Tashkinov
99a6c660a9 Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions 2020-03-02 18:41:12 +03:00
eugenijm
7af431c150 Exclude reblogs from GET /api/pleroma/admin/statuses by default 2020-03-02 16:47:31 +03:00
Egor Kislitsyn
4a45b96a91
Merge branch 'develop' into fix/signup-without-email 2020-03-02 15:35:49 +04:00
Haelwenn
764a50f8a6 Merge branch 'feature/1482-activity_pub_transactions' into 'develop'
ActivityPub actions & side-effects in transaction

Closes #1482

See merge request pleroma/pleroma!2089
2020-03-02 07:58:01 +00:00
Alexander Strizhakov
cc98d010ed
relay list shows hosts without accepted follow 2020-03-02 09:27:20 +03:00
Haelwenn (lanodan) Monnier
6da6540036
Bump copyright years of files changed after 2020-01-07
Done via the following command:
git diff fcd5dd259a --stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02 06:08:45 +01:00
Alexander Strizhakov
34f1d09f3a
spec fix 2020-03-01 12:01:39 +03:00
Alexander Strizhakov
ba87ed7335
fix for compiling 2020-03-01 12:01:39 +03:00
Alexander Strizhakov
32d1e04817
ActivityPub actions & side-effects in transaction 2020-03-01 12:01:39 +03:00
Phil Hagelberg
523f73dccd Fix static FE plug to handle missing Accept header. 2020-02-29 18:53:49 -08:00
rinpatch
b5465bf385 timeline controller: add a TODO for replacing copypaste with a macro 2020-03-01 02:03:46 +03:00
rinpatch
ffcebe7e22 timeline controller: rate limit timelines to 3 requests per 500ms per timeline per ip/user 2020-03-01 01:13:08 +03:00
rinpatch
4d416343fa rate limiter: Fix a race condition
When multiple requests are processed by rate limiter plug at the same
time and the bucket is not yet initialized, both would try to initialize
the bucket resulting in an internal server error.
2020-03-01 01:13:07 +03:00
rinpatch
df2173343a pagination: limit the number of elements returned at one time to 40 2020-03-01 01:11:54 +03:00
rinpatch
19e559fe51 Merge branch 'rate-limiter-runtime-settings' into 'develop'
RateLimiter improvements: runtime configurability, no default limits in tests

See merge request pleroma/pleroma!2250
2020-02-29 21:52:33 +00:00
Ivan Tashkinov
c747260989 [#2250] Tiny refactoring per merge request review. 2020-02-29 22:04:09 +03:00
Haelwenn (lanodan) Monnier
3ef2ff3e47
auth_controller.ex: Add admin scope to MastoFE
Related: https://git.pleroma.social/pleroma/pleroma/issues/1265
2020-02-29 01:25:14 +01:00
Ivan Tashkinov
3759b146c4 Apply suggestion to lib/pleroma/plugs/rate_limiter/rate_limiter.ex 2020-02-28 13:33:42 +00:00
f2216287a7 Merge branch 'admin-status-list' into 'develop'
Admin API: `/api/pleroma/admin/statuses` (accepts `godmode` and `local_only`)

Closes #1550

See merge request pleroma/pleroma!2192
2020-02-27 18:11:04 +00:00
Ivan Tashkinov
6f2efb1c45 Runtime configurability of RateLimiter. Refactoring. Disabled default rate limits in tests. 2020-02-27 18:46:05 +03:00
Egor Kislitsyn
cb60a9c42f
Do not fail when user has no email 2020-02-27 17:27:49 +04:00
eugenijm
4ab07cf0d5 Admin API: Exclude boosts from GET /api/pleroma/admin/users/:nickname/statuses and GET /api/pleroma/admin/instance/:instance/statuses 2020-02-26 22:35:57 +03:00
eugenijm
e2a6a40367 Admin API: GET /api/pleroma/admin/statuses - list all statuses (accepts godmode and local_only) 2020-02-26 20:21:38 +03:00
Egor Kislitsyn
f446744a6a
Allow account registration without an email 2020-02-26 20:13:53 +04:00
Egor Kislitsyn
22018adae6
Fix Dialyzer warnings 2020-02-25 18:34:56 +04:00
eugenijm
7ad5c51f23 Admin API: GET /api/pleroma/admin/stats to get status count by visibility scope 2020-02-24 21:46:37 +03:00
lain
81f29e7c6a Merge branch 'bugfix/captcha-nil-answer_data' into 'develop'
Bugfix: return invalid when answer_data is nil

Closes #1585

See merge request pleroma/pleroma!2236
2020-02-24 14:54:22 +00:00
Haelwenn (lanodan) Monnier
f9fe6a9e30
Captcha: return invalid when answer_data is nil 2020-02-24 02:49:53 +01:00
Ivan Tashkinov
0cf1d4fcd0 [#1560] Restricted AP- & OStatus-related routes for non-federating instances. 2020-02-22 19:48:41 +03:00
Ivan Tashkinov
8f0ca19b9c Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation
# Conflicts:
#	CHANGELOG.md
#	config/config.exs
2020-02-22 09:31:43 +03:00
Haelwenn
c5570e0493 Merge branch 'single_emoji_reaction' into 'develop'
Single emoji reaction

Closes #1578

See merge request pleroma/pleroma!2226
2020-02-20 23:50:40 +00:00
lain
3eddd9caa6 Merge branch 'require-signature' into 'develop'
Add an option to require fetches to be signed

Closes #1444

See merge request pleroma/pleroma!2071
2020-02-20 12:13:21 +00:00
lain
c69b04c490 Merge branch 'features/remote-follow-userpage-redirect' into 'develop'
remote_follow_controller.ex: Redirect to the user page on success

Closes #1245

See merge request pleroma/pleroma!2123
2020-02-20 12:04:29 +00:00
Ivan Tashkinov
0c65a8c3d0 Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation
# Conflicts:
#	config/config.exs
2020-02-20 15:00:48 +03:00
lain
e0b2de6385 Merge branch 'feature/new-registrations-digest' into 'develop'
New users digest email

Closes #1514

See merge request pleroma/pleroma!2128
2020-02-20 11:58:37 +00:00
Ivan Tashkinov
3432294657 [#1505] Fixed @spec for Queries.by_object_in_reply_to_id/3 2020-02-20 14:48:46 +03:00
lain
314928333a Pleroma API: Add endpoint to get reaction information on a single emoji 2020-02-19 17:16:45 +01:00
lain
cf8307e71c Merge branch 'fix/status-view/expires_at' into 'develop'
Fix `status.expires_at` type

Closes #1573

See merge request pleroma/pleroma!2222
2020-02-18 14:56:59 +00:00
Ivan Tashkinov
61d9f43e46 Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation 2020-02-18 17:46:09 +03:00
lain
3fa2ac68df Merge branch 'chore/standardize-mrf-behavior' into 'develop'
Standardize @behaviour usage in MRFs

See merge request pleroma/pleroma!2212
2020-02-18 14:36:10 +00:00
lain
c07efd5b42 Merge branch 'need-reboot-flag' into 'develop'
need_reboot flag for adminFE

See merge request pleroma/pleroma!2188
2020-02-18 14:32:03 +00:00
Egor Kislitsyn
2ef70b55f5
Fix status.expires_at type 2020-02-18 14:52:11 +04:00
rinpatch
472132215e Use floki's new APIs for parsing fragments 2020-02-16 01:55:26 +03:00
Ivan Tashkinov
269d592181 [#1505] Restricted max thread distance for fetching replies on incoming federation (in addition to reply-to depth restriction). 2020-02-15 20:41:38 +03:00
Haelwenn (lanodan) Monnier
1257331291
MastodonAPI.StatusView: Do not use site_name
site_name allow to spoof the origin of the domain and so hacks like:

<!-- served on https://hacktivis.me/tmp/joinmastodon.org.html -->
<meta property="og:image" content="https://hacktivis.me/datalove/img/meme/pleroma/mastodon%2C%20forbidden%20amuse%20yourself.jpeg" />
<meta property="og:title" content="Mastodon: Forbidden Amuse Yourself" />
<meta property="og:site_name" content="joinmastodon.org" />
<meta http-equiv="refresh" content="0; url=http://joinmastodon.org/">
2020-02-15 00:36:09 +01:00
Mark Felder
478619782b Standardize @behaviour usage in MRFs 2020-02-14 11:02:24 -06:00
rinpatch
9906c6fb6f Merge branch 'fix/mrf-transparency-disabling-federation-status' into 'develop'
NodeInfo: Fix federating status not being reported when MRF transparency is disabled

Closes #1568

See merge request pleroma/pleroma!2206
2020-02-13 18:08:43 +00:00
rinpatch
23049a077e NodeInfo: Fix federating status not being reported when MRF
transparency is disabled

Closes #1568
2020-02-13 19:53:39 +03:00
b312c36b8e Merge branch 'develop' into 'fix/rename-no_attachment_links-setting'
# Conflicts:
#   config/description.exs
2020-02-13 14:37:55 +00:00
Egor Kislitsyn
19516af74e
Fix status.expires_in validation 2020-02-12 20:20:44 +04:00
Mark Felder
ff9fd4ca89 Fix the confusingly named and inverted logic of "no_attachment_links"
The setting is now simply "attachment_links" and the boolean value does
what you expect. A double negative is never possible and describing the
functionality is no longer a philospher's worst nightmare.
2020-02-11 15:39:19 -06:00
Egor Kislitsyn
50d9fcbe29
Hotlink logo instead of attachment 2020-02-11 23:33:05 +04:00
237b2068f9 Revert "Merge branch 'feat/floki-fasthtml' into 'develop'"
This reverts merge request !2194
2020-02-11 16:55:18 +00:00
rinpatch
ea1631d7e6 Make Floki use fast_html 2020-02-11 16:17:21 +03:00
lain
24c526a0b1 Merge remote-tracking branch 'origin/develop' into uguu-uwu-notices-bulge 2020-02-11 13:58:36 +01:00
Egor Kislitsyn
6875ccb6bf
Merge branch 'develop' into feature/new-registrations-digest 2020-02-11 13:54:55 +04:00
rinpatch
94e5ca1105 Merge branch 'issue/1383' into 'develop'
[#1383] Switch periodic jobs from quantum to oban

See merge request pleroma/pleroma!2015
2020-02-11 00:04:06 +00:00
Maksim Pechnikov
6813c0302c Merge branch 'develop' into issue/1383 2020-02-10 20:49:20 +03:00
rinpatch
c55301e760 Fix a compilation error under certain circumstances
I've noticed that sometimes when switching from develop to stable and back,
develop fails to compile and rm -r ing the _build and deps dirs doesn't
help at all.

This is due to Admin API controller needing to generate JSON description
of the config at compile time.  Evaluating `config/description.exs`
calls `Generator.list_modules_in_dir/2`, which in turn predicts the
module names of files in the directory and tries to convert the
predicted name to *existing* atoms. Sometimes the compiler will
call that function before compiling the modules in the said directory,
so the conversion will of course fail.

This fixes it by removing the requirement of the atoms being existent.
The function is not subjected to any untrusted user input so this should
be safe. An ideal fix would be to block the compilation of docs before
all modules are compiled and then get a list of compiled elixir modules
under the namespace we want instead of directory hacks, but I have not
been able to figure out how to do that.
2020-02-10 18:41:02 +03:00
Ivan Tashkinov
24e49d14f2 [#1505] Removed wrapping of reply URIs into first element, added comments to transmogrifier tests. 2020-02-09 17:34:48 +03:00
Ivan Tashkinov
6ea3c06d8d [#1505] Minor refactoring. 2020-02-09 14:09:01 +03:00
Ivan Tashkinov
7c3991f59e [#1505] Fixed replies serialization (included objects' ids instead of activities' ids). 2020-02-09 10:17:21 +03:00
Ivan Tashkinov
4e6bbdc7b5 Merge remote-tracking branch 'remotes/origin/develop' into 1505-threads-federation 2020-02-08 19:59:37 +03:00