Magically expressive social media
Find a file
Oneric 11ae8344eb Sanitise Content-Type of media proxy URLs
Just as with uploads and emoji before, this can otherwise be used
to place counterfeit AP objects or other malicious payloads.
In this case, even if we never assign a priviliged type to content,
the remote server can and until now we just mimcked whatever it told us.

Preview URLs already handle only specific, safe content types
and redirect to the external host for all else; thus no additional
sanitisiation is needed for them.

Non-previews are all delegated to the modified ReverseProxy module.
It already has consolidated logic for building response headers
making it easy to slip in sanitisation.

Although proxy urls are prefixed by a MAC built from a server secret,
attackers can still achieve a perfect id match when they are able to
change the contents of the pointed to URL. After sending an posts
containing an attachment at a controlled destination, the proxy URL can
be read back and inserted into the payload. After injection of
counterfeits in the target server the content can again be changed
to something innocuous lessening chance of detection.
2024-03-18 22:33:10 -01:00
.gitea/issue_template Update '.gitea/issue_template/feat.yml' 2022-12-12 04:26:43 +00:00
.woodpecker Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
benchmarks Merge branch 'benchmark-fixes' into 'develop' 2021-12-09 15:38:26 +00:00
ci CI: Use own package as base 2021-12-26 18:05:42 +01:00
config Never automatically assign privileged content types 2024-03-18 22:33:10 -01:00
docker-resources Update docker compose commands to Compose V2 2023-06-18 01:37:40 -04:00
docs Always insert Dedupe upload filter 2024-03-18 22:33:10 -01:00
installation Add NoNewPrivileges to systemd service file for source installs 2023-07-22 02:40:25 -04:00
lib Sanitise Content-Type of media proxy URLs 2024-03-18 22:33:10 -01:00
priv Drop media base_url default and recommend different domain 2024-03-18 22:33:10 -01:00
rel Disable busy waits in the default OTP vm.args configuration. 2024-02-17 13:21:56 +01:00
restarter fix_flaky_transfer_task_test.exs (#237) 2022-11-01 14:31:29 +00:00
scripts document prometheus 2022-12-16 10:24:36 +00:00
test Sanitise Content-Type of media proxy URLs 2024-03-18 22:33:10 -01:00
uploads fix issues with the uploads directory 2019-04-28 06:43:00 +02:00
.buildpacks CI: Add auto-deployment via dokku. 2019-05-31 10:55:35 +02:00
.credo.exs Move Consistency.FileLocation to ./test 2020-10-13 19:57:45 +02:00
.dockerignore Docker builds (#231) 2022-10-16 19:25:54 +00:00
.formatter.exs Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
.gitattributes Don't treat js/css as binary in git anymore 2022-12-23 18:03:14 +00:00
.gitignore Change docs README for new way of building docs 2023-01-26 15:42:53 +01:00
.mailmap Add myself to .mailmap 2021-02-15 13:19:44 +03:00
AGPL-3 LICENSE → AGPL-3 2019-04-01 00:31:21 +02:00
CC-BY-4.0 Add a copy of CC-BY-4.0 to the repo 2020-09-06 11:38:38 +03:00
CC-BY-SA-4.0 CC-BY-SA-4.0: Add a copy of the CC-BY-SA-4.0 license 2019-04-01 00:30:21 +02:00
CHANGELOG.md Always insert Dedupe upload filter 2024-03-18 22:33:10 -01:00
CODE_OF_CONDUCT.md add code of conduct (#129) 2022-08-03 10:55:11 +00:00
COPYING Remove reference to city.jpg in COPYING 2022-11-25 07:29:50 +00:00
coveralls.json exclude file_location check from coveralls 2020-10-13 16:44:01 +03:00
docker-compose.yml Add shm_size to the Database container 2023-08-21 21:50:10 +00:00
docker-entrypoint.sh Docker builds (#231) 2022-10-16 19:25:54 +00:00
Dockerfile Bump builds to OTP26 2023-08-09 14:39:28 +01:00
elixir_buildpack.config Update elixir version in elixir_buildpack.config 2023-03-16 12:54:15 -04:00
mix.exs 2024.02 release 2024-02-24 13:54:21 +00:00
mix.lock don't select ueberauth 0.10.6, as it is broken 2023-12-17 18:59:31 +00:00
Procfile CI: Add auto-deployment via dokku. 2019-05-31 10:55:35 +02:00
README.md Add YunoHost to installation guides 2023-04-03 11:22:53 +02:00
SECURITY.md Update notes on security exploit handling 2024-03-04 17:50:19 +01:00
SIGNING_KEY.pub 2022.09 stable release chores (#206) 2022-09-10 14:44:17 +00:00

akkoma

a smallish microblogging platform, aka the cooler pleroma

English OK 日本語OK

About

This is a fork of Pleroma, which is a microblogging server software that can federate (= exchange messages with) other servers that support ActivityPub. What that means is that you can host a server for yourself or your friends and stay in control of your online identity, but still exchange messages with people on larger servers. Akkoma will federate with all servers that implement ActivityPub, like Friendica, GNU Social, Hubzilla, Mastodon, Misskey, Peertube, and Pixelfed.

Akkoma is written in Elixir and uses PostgreSQL for data storage.

For clients it supports the Mastodon client API with Pleroma extensions (see the API section on https://docs.akkoma.dev/stable/).

Differences with Pleroma

Akkoma is a faster-paced fork, it has a varied and potentially experimental feature set tailored specifically to the corner of the fediverse inhabited by the project creator and contributors.

This should not be considered a one-for-one match with pleroma; it is more opinionated in many ways, and has a smaller community (which is good or bad depending on your view)

For example, Akkoma has:

  • Custom Emoji reactions (compatible with misskey)
  • Misskey-flavoured markdown support
  • Elasticsearch and Meilisearch support for search
  • Mastodon frontend (Glitch-Soc and Fedibird flavours) support
  • Automatic post translation via DeepL or LibreTranslate
  • A multitude of heavy modifications to the Pleroma Frontend (Pleroma-FE)
  • The "bubble" concept, in which instance administrators can choose closely-related instances to make a "community of communities", so to say

And takes a more opinionated stance on issues like Domain blocks, which are enforced far more on Akkoma.

Take a look at the Changelog if you want a full list of recent changes, everything since 3.0 has been Akkoma.

Installation

If you are running Linux (glibc or musl) on x86, the recommended way to install Akkoma is by using OTP releases. OTP releases are as close as you can get to binary releases with Erlang/Elixir. The release is self-contained, and provides everything needed to boot it. The installation instructions are available here.

From Source

If your platform is not supported, or you just want to be able to edit the source code easily, you may install Akkoma from source.

Docker

Docker installation is supported via this setup

Packages

Akkoma is packaged for YunoHost and can be found and installed from the YunoHost app catalogue.

Compilation Troubleshooting

If you ever encounter compilation issues during the updating of Akkoma, you can try these commands and see if they fix things:

  • mix deps.clean --all
  • mix local.rebar
  • mix local.hex
  • rm -r _build

Documentation