Commit graph

1547 commits

Author SHA1 Message Date
href
9b553a1087
media_proxy: CSP, content-disposition
* Adds CSP headers to the media proxy endpoint

* Sends `content-disposition: attachment; …` for non-image/video/audio
content types

The default list can be overwritten with `:media_proxy,
:safe_content_types` in the configuration.

* Also now appends the filename to the proxy URL (fixes some mobile apps,
it was requested a while ago)
2018-11-13 15:58:02 +01:00
shibayashi
87c76a9a2f
Add __Host- prefix when secure flag is enabled 2018-11-13 00:32:38 +01:00
scarlett
0ce5623134 Merge branch 'twitter-api-null-display-name' into 'develop'
Twitter API: Fall back to user.nickname if user has no name

Closes #375

See merge request pleroma/pleroma!444
2018-11-12 17:08:54 +00:00
scarlett
cb6fd73861 Twitter API: Fall back to user.nickname if user has no name 2018-11-12 15:52:13 +00:00
kaniini
54923c2e55 Merge branch 'feature/csp-plug' into 'develop'
migrate CSP management to CSPPlug

See merge request pleroma/pleroma!441
2018-11-12 15:30:42 +00:00
William Pitcock
fe67665e19 rename CSPPlug to HTTPSecurityPlug. 2018-11-12 15:08:02 +00:00
KokaKiwi
1592fa2bea Mastodon API: Fix list streaming 2018-11-11 14:18:15 +01:00
William Pitcock
f516e317ea plugs: add CSPPlug 2018-11-11 06:10:21 +00:00
William Pitcock
419ed3a0ca oauth: fix token decode regression 2018-11-11 05:26:39 +00:00
William Pitcock
97e50f3191 activitypub: transmogrifier: sanitize internal representation details from outgoing objects
this causes JSON-LD parsers to get upset and has also lead to developer confusion from outside
projects which tried to parse our internal data.  accordingly, it seems better to just remove
it.
2018-11-10 12:24:20 +00:00
William Pitcock
f8310114a6 activitypub: object view: sanitize both the activity and the object when an activity is given for rendering 2018-11-10 12:04:09 +00:00
kaniini
c9c1f9dee2 Merge branch 'bugfix/ostatus-as2-reflection' into 'develop'
ostatus: only federate activities concerning note objects

See merge request pleroma/pleroma!437
2018-11-10 11:50:02 +00:00
kaniini
7daa102fa4 Merge branch 'bugfix/local-jsonld-context' into 'develop'
Host LitePub JSON-LD context locally

See merge request pleroma/pleroma!435
2018-11-10 11:37:44 +00:00
William Pitcock
4f87b8362b endpoint: move CORSPlug in front of Plug.Static 2018-11-10 11:23:50 +00:00
William Pitcock
03a9990baf endpoint: fix formatting 2018-11-10 11:18:25 +00:00
William Pitcock
e6d246882d federator: don't federate anything other than Note objects to OStatus 2018-11-10 10:06:10 +00:00
William Pitcock
e4971553c7 activitypub: utils: use same object type list for mention extraction as insertion 2018-11-09 13:40:39 +00:00
William Pitcock
b9871e7e5a activitypub: utils: wrap Note objects in a Create when extracting mentions 2018-11-09 09:01:40 +00:00
William Pitcock
6cadfcb21e activitypub: utils: switch to using new Notification.get_notified_from_activity(). 2018-11-09 09:01:40 +00:00
William Pitcock
6b4064fa5d activitypub: transmogrifier: unify mention extraction 2018-11-08 19:41:36 +00:00
Haelwenn (lanodan) Monnier
2fab32ab61
Pleroma.Web.Endpoint: Whitelist schemas directory 2018-11-08 20:22:12 +01:00
Haelwenn (lanodan) Monnier
934125695d
Move /litepub-1.0.jsonld to /schemas/litepub-0.1.jsonld 2018-11-08 20:21:45 +01:00
William Pitcock
4e93d6ae14 common api: utils: flip to/cc for mentions 2018-11-08 19:17:01 +00:00
William Pitcock
3e33479c05 activitypub: transmogrifier: only consider to users as mention targets 2018-11-08 18:58:27 +00:00
Haelwenn (lanodan) Monnier
abcacec97d
Pleroma.Web.ActivityPub.Utils: Use locally-served JSON-LD Litepub context instead of Github-hosted one 2018-11-08 19:38:38 +01:00
William Pitcock
da16ada424 utils: use litepub @context instead of that huge mess 2018-11-08 16:52:14 +00:00
William Pitcock
f733470037 user view: unify a @context entry that was missed 2018-11-08 16:51:48 +00:00
lambda
59cf7cf235 Merge branch 'small-jsonld-refactor' into 'develop'
Small jsonld refactor

See merge request pleroma/pleroma!433
2018-11-08 16:23:58 +00:00
lain
34bd411781 Unify json ld header handling. 2018-11-08 16:39:38 +01:00
lain
3b02fd9fb7 Small refactor. 2018-11-08 16:05:28 +01:00
kaniini
4d627a5117 Merge branch 'feature/qvitter-notifications-dismiss' into 'develop'
qvitter notifications: add new "read notifications" API

See merge request pleroma/pleroma!431
2018-11-07 22:33:06 +00:00
kaniini
b451a92d78 Merge branch 'runtime-config' into 'develop'
Runtime configuration

See merge request pleroma/pleroma!430
2018-11-07 22:32:34 +00:00
href
e42f2efae4
/api/v1/accounts/relationships Return an empty array if no id in params
This copies Mastodon API behaviour & fixes Mastalab app.
2018-11-07 16:32:57 +01:00
href
9070588493
Runtime config: MRF changes 2018-11-07 10:40:24 +01:00
William Pitcock
b2105a3131 twitterapi: add notification read endpoint 2018-11-06 23:25:07 +00:00
href
5bb88fd174
Runtime configuration
Related to #85

Everything should now be configured at runtime, with the exception of
the `Pleroma.HTML` scrubbers (the scrubbers used can be
changed at runtime, but their configuration is compile-time) because
it's building a module with a macro.
2018-11-06 19:41:15 +01:00
kaniini
a68c18f0ad Merge branch 'unify-mastodon-oauth' into 'develop'
Unify Mastodon Login with OAuth login.

See merge request pleroma/pleroma!429
2018-11-06 16:18:12 +00:00
kaniini
0f3e78addb Merge branch 'runtime-router' into 'develop'
Runtime configured router

See merge request pleroma/pleroma!426
2018-11-06 15:35:19 +00:00
lain
a8f1e30cb8 Formatting. 2018-11-06 16:05:58 +01:00
lain
4f640c43ed Unify Mastodon Login with OAuth login.
This removes duplication in the login code.
2018-11-06 15:19:11 +01:00
href
2bc924ba45
Get rid of Pleroma.Config in favor of Application
Discussed in https://git.pleroma.social/pleroma/pleroma/merge_requests/426#note_7232
2018-11-06 15:12:53 +01:00
href
013f7ba8c1
Add federating plug & public tests 2018-11-06 14:45:04 +01:00
href
6fe23c5458
Runtime configured router 2018-11-05 15:19:03 +01:00
href
763fc7b44f
Runtime configured emojis
The changes are a bit heavy since the emojis were loaded into module
attributes from filesystem.

This introduces a GenServer using an ETS table to cache in memory the
emojis, and allows a runtime-reload with `Pleroma.Emoji.reload()`.
2018-11-05 13:24:00 +01:00
kaniini
007f1c73b1 Merge branch 'feature/cors-again' into 'develop'
Add CORSPlug to make web-based OAuth easier.

See merge request pleroma/pleroma!420
2018-11-03 15:36:23 +00:00
Haelwenn (lanodan) Monnier
3e50bb667f
Pleroma.Web.MastodonAPI.StatusView: Content isn’t nullable 2018-11-03 14:42:47 +01:00
lain
e954cfcc2c Add CORSPlug to make web-based OAuth easier. 2018-11-03 13:38:01 +01:00
lambda
4bcdbb12a4 Merge branch 'fix_hashtag_search' into 'develop'
Fix hashtag search

See merge request pleroma/pleroma!418
2018-11-02 20:05:56 +00:00
Mark Felder
0cca7edbe0 Fix hashtag search
When we lowercase the search it will succesfully do a case insenstive
match. Now #Linux will match #linux and #LINUX whereas previously it
would only match the exact case.
2018-11-02 19:38:57 +00:00
lain
45ebc8dd9a Check for empty string in_reply_to ids. 2018-11-02 17:33:51 +01:00
Haelwenn (lanodan) Monnier
3c7d4ff271
Pleroma.Web.TwitterAPI.ActivityView: Harden TwitterAPI against remnant of prismo 2018-11-01 15:07:27 +01:00
William Pitcock
24ba08de13 twitter api: add support for rendering Page objects 2018-11-01 10:01:35 +00:00
William Pitcock
4d8f076125 mastodon api: add support for rendering Page objects 2018-11-01 10:00:16 +00:00
William Pitcock
9f03b5c4f7 activitypub: transmogrifier: add support for Page objects 2018-11-01 09:59:43 +00:00
kaniini
eba9a62024 Merge branch 'feature/relay-tests' into 'develop'
relay tests

See merge request pleroma/pleroma!411
2018-11-01 09:10:51 +00:00
Haelwenn
40676d7683 Merge branch 'bugfix/prismo.news_article_url' into 'develop'
Bugfix/prismo.news article url

Closes #352

See merge request pleroma/pleroma!410
2018-11-01 09:05:16 +00:00
lain
1e9ced5af4 Test Relay, switch to runtime configuration. 2018-11-01 09:01:43 +00:00
Haelwenn (lanodan) Monnier
b2da5262ea
Pleroma.Web.ActivityPub.Transmogrifier: fix_url when not a string/empty
Thanks prismo.news, I hate it
2018-11-01 09:56:37 +01:00
Haelwenn (lanodan) Monnier
755f166406
Pleroma.Web.MastodonAPI.StatusView: Do not fail when URL isn’t a string 2018-11-01 09:55:38 +01:00
William Pitcock
10f3958468 object: return the deleted object as well 2018-11-01 07:47:50 +00:00
William Pitcock
2bf358d7b4 activitypub: use Object.delete() instead of mutating the database and cache directly 2018-11-01 07:29:12 +00:00
Haelwenn (lanodan) Monnier
558e6a84d6
[Pleroma.Web.CommonAPI]: Delete post cache entry when it’s deleted
Closes: https://git.pleroma.social/pleroma/pleroma/issues/346
2018-11-01 06:52:01 +01:00
William Pitcock
47f76bf4b1 common api: allow self-liking objects
mastodon allows this, for whatever reason.

closes #347.
2018-10-31 22:29:49 +00:00
scarlett
b92e38d2d4 Add user reactivation task. 2018-10-29 23:13:15 +00:00
kaniini
a880e0a527 Merge branch 'feature/upload-limits' into 'develop'
configurable media upload limits

Closes #118

See merge request pleroma/pleroma!401
2018-10-29 20:14:10 +00:00
William Pitcock
676c97b8c7 nodeinfo: expose configured upload limits 2018-10-29 20:07:52 +00:00
William Pitcock
f407831120 common api: prefer formatting attachments using the attachment's name instead of URI 2018-10-29 17:59:24 +00:00
William Pitcock
784b3a615d utils: fix another possible leak with private S3 backends using mediaproxy
same rationale as the other mediaproxy changes
2018-10-29 17:26:15 +00:00
William Pitcock
181f3bb56a mastodon api: enforce upload limits for avatars and banners 2018-10-29 16:43:05 +00:00
William Pitcock
e12489e2fe twitter api: enforce upload limits for avatars, banners and backgrounds 2018-10-29 16:43:05 +00:00
William Pitcock
167d3789a5 activitypub: upload: pass through an upload limit if one is provided 2018-10-29 16:43:05 +00:00
William Pitcock
5c6ec2d9fc twitter/mastodon api: always use mediaproxy URLs in attachments
if using local media, the mediaproxy will not replace the URL anyway.
2018-10-29 15:19:32 +00:00
William Pitcock
72ea54de6e activitypub: fix possible false positives with broken thread filtering 2018-10-28 05:45:33 +00:00
William Pitcock
26eb11c172 activitypub: add support for filtering broken threads out of timelines 2018-10-26 06:16:51 +00:00
William Pitcock
f6cb963df2 activitypub utils: fix recipient check when the message is unaddressed (mastodon) 2018-10-26 01:24:22 +00:00
Haelwenn (lanodan) Monnier
7906dfe5a0
[Pleroma.Web.Nodeinfo.NodeinfoController]: Simplify features strings 2018-10-26 01:06:34 +02:00
Haelwenn (lanodan) Monnier
57330dd91b
[Pleroma.Web.Nodeinfo.NodeinfoController]: Have a list of supported features 2018-10-26 01:06:19 +02:00
William Pitcock
ce70eb8c00 activitypub utils: fix user splicing 2018-10-25 05:24:01 +00:00
William Pitcock
2f1f1a4f30 activitypub: splice users into recipient lists when they receive messages at their personal inbox
closes #343
2018-10-25 05:02:21 +00:00
kaniini
9e9b1bd5ea Merge branch 'bugfix/ap-uri-user-search' into 'develop'
transmogrifier: do not try to contain origin of something which doesn't have one

Closes #340

See merge request pleroma/pleroma!389
2018-10-25 04:38:46 +00:00
Haelwenn
79b1e4465f Merge branch 'bugfix/233-handle-missing-StatusView' into 'develop'
[Pleroma.Web.MastodonAPI.StatusView]: Add fallback on missing handler for status.json

Closes #233

See merge request pleroma/pleroma!257
2018-10-25 04:35:29 +00:00
William Pitcock
5383887bd4 transmogrifier: do not try to contain origin of something which doesn't have one 2018-10-25 04:27:33 +00:00
Haelwenn (lanodan) Monnier
b386888a0e
[Pleroma.Web.MastodonAPI.MastodonAPIController]: fallback for try_render/4
Better be sure than sorry
2018-10-25 06:21:11 +02:00
William Pitcock
1ed25c963a twitterapi: activity view: add the other in_reply_to fields 2018-10-25 04:04:04 +00:00
Haelwenn (lanodan) Monnier
b112112c11
[Pleroma.Web.MastodonAPI.MastodonAPIController]: Wrap around render/4 2018-10-25 05:52:45 +02:00
Haelwenn (lanodan) Monnier
b0a940d5a2
[Pleroma.Web.MastodonAPI.StatusView]: Remove unused arguments 2018-10-25 05:24:03 +02:00
Haelwenn (lanodan) Monnier
2da0ffeb28
lib/pleroma/web/mastodon_api/mastodon_api_controller.ex: Output an error when render(status.json) gives a nil 2018-10-25 05:24:03 +02:00
Haelwenn (lanodan) Monnier
0c10be8731
[Pleroma.Web.MastodonAPI.StatusView]: Remove nils from lists.json 2018-10-25 05:24:03 +02:00
Haelwenn (lanodan) Monnier
3b0e9287a5
[Pleroma.Web.MastodonAPI.StatusView]: Return nil as fallback for missing views 2018-10-25 05:24:01 +02:00
William Pitcock
fee43ae5e7 twitterapi: activity view: implement in_reply_to_screen_name using the new graph walking helper 2018-10-25 02:59:04 +00:00
scarlett
a253c1466e New frontend options 2018-10-21 12:52:52 +01:00
AkiraFukushima
e8c698af41 Add an endpoint /api/v1/accounts/:id/lists to get lists to which account belongs 2018-10-19 01:46:26 +09:00
scarlett
7562912f6a Use maybe_direct_follow for follow imports 2018-10-17 04:16:11 +01:00
William Pitcock
30efa86c05 common api: enable tag linking in markdown mode 2018-10-14 20:36:11 +00:00
Haelwenn (lanodan) Monnier
eacab0fb05
Delete Tokens and Authorizations on password change
Closes: https://git.pleroma.social/pleroma/pleroma/issues/320
2018-10-14 02:14:54 +02:00
William Pitcock
111841ad34 common api: take the combination of the subject and content for length limit enforcement
closes #315
2018-10-10 07:53:44 +00:00
William Pitcock
08d5ad71b6 nodeinfo: allow opting out of MRF transparency 2018-10-07 01:23:38 +00:00
William Pitcock
7b3fff9af8 {mastodon api, twitter api}: make the follow handshake timeout configurable 2018-10-07 01:05:59 +00:00
William Pitcock
7f530f6f80 mastodon api: relationship view: better handle no pre-existing follow activity 2018-10-05 23:50:13 +00:00
William Pitcock
e69faf550c user: add wait_and_refresh() for async three-way handshake case 2018-10-05 23:40:49 +00:00