Commit graph

5571 commits

Author SHA1 Message Date
336d06b2a8 Significantly tighten HTTP CSP 2023-01-02 15:21:19 +00:00
6e646c4cbc Use a genserver to periodically fetch metrics
Ref https://github.com/beam-telemetry/telemetry_metrics_prometheus_core/issues/52
2023-01-01 18:32:14 +00:00
c4b46ca460 Add /api/v1/followed_tags 2022-12-31 18:09:34 +00:00
745e15468e Use same context for quote posts as the post that's being quoted (#379)
See AkkomaGang/akkoma#350 (comment)

When making quotes through Mast-API, they will now have the same context as the quoted post. This also results in them being showed when fetching the thread. I checked Misskey to see how it's there, and they show the quotes there as well, see e.g. <https://mk.toast.cafe/notes/98u1g0tulg>.

An example from Akkoma:

Co-authored-by: ilja <git@ilja.space>
Reviewed-on: AkkomaGang/akkoma#379
Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-12-31 18:09:27 +00:00
bf7ff6a337 Put rich media processing in a Task 2022-12-30 20:11:53 +00:00
9be6caf125 argon2 password hashing (#406)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#406
2022-12-30 02:46:58 +00:00
a5e98083f2 Add link verification in profile fields (#405)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#405
2022-12-29 20:56:06 +00:00
af7c3fab98 Do not crash on invalid atom in configDB 2022-12-21 00:16:39 +00:00
Atsuko Karagi
4a78c431cf Simplified HTTP signature processing 2022-12-19 20:41:48 +00:00
Atsuko Karagi
e17c71a389 Respect restrict_unauthenticated in /api/v1/accounts/lookup 2022-12-19 20:32:16 +00:00
c092fc9fd6 Add translation module for Argos Translate (#351)
Argos Translate is a Python module for translation and can be used as a command line tool.

This is also the engine for LibreTranslate, for which we already have a module.
Here we can use the engine directly from our server without doing requests to a third party or having to install our own LibreTranslate webservice (obviously you do have to install Argos Translate).

One thing that's currently still missing from Argos Translate is auto-detection of languages (see <https://github.com/argosopentech/argos-translate/issues/9>). For now, when no source language is provided, we just return the text unchanged, supposedly translated from the target language. That way you get a near immediate response in pleroma-fe when clicking Translate, after which you can select the source language from a dropdown.

Argos Translate also doesn't seem to handle html very well. Therefore we give admins the option to strip the html before translating. I made this an option because I'm unsure if/how this will change in the future.

Co-authored-by: ilja <git@ilja.space>
Reviewed-on: AkkomaGang/akkoma#351
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-12-19 13:06:39 +00:00
3d546409b2 remove now-unused test 2022-12-17 23:21:24 +00:00
52d8183787 drop admin scopes on create app instead of rejecting 2022-12-17 23:14:49 +00:00
dcac8adb3d Add option to modify HTTP pool size 2022-12-16 18:33:00 +00:00
584f99b69d fix markdown link 2022-12-16 13:24:18 +00:00
372eea4e7c add changelog entry for custom emoji 2022-12-16 13:20:48 +00:00
20e3cb2b25 fix csp-induced HTML match error 2022-12-16 12:19:24 +00:00
ca70d42541 mix format 2022-12-16 11:18:14 +00:00
48d302a60f allow disabling prometheus entirely 2022-12-16 11:17:04 +00:00
6d8e4d5e05 add test for metrics controller 2022-12-16 10:56:17 +00:00
c2054f82ab allow users with admin:metrics to read app metrics 2022-12-16 03:32:51 +00:00
b8be8192fb do not allow non-admins to register tokens with admin scopes
this didn't actually _do_ anything in the past,
the users would be prevented from accessing the resource,
but they shouldn't be able to even create them
2022-12-16 03:25:14 +00:00
07a48b9293 giant massive dep upgrade and dialyxir-found error emporium (#371)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#371
2022-12-14 12:38:48 +00:00
duponin
3e9c0b380a
Return 413 when an actor's banner or background exceeds the size limit 2022-12-12 17:28:14 -05:00
duponin
c9304962c3
Uploading an avatar media exceeding max size returns a 413
Until now it was returning a 500 because the upload plug were going
through the changeset and ending in the JSON encoder, which raised
because struct has to @derive the encoder.
2022-12-12 17:28:09 -05:00
77e9a52450 allow http AS profile in ld+json header 2022-12-12 19:06:04 +00:00
9c71782861 Test removed HTTP adapter 2022-12-11 23:50:31 +00:00
f752126427 Remove quack, ensure adapter is finch 2022-12-11 23:22:35 +00:00
affc910372 Remove hackney/gun in favour of finch 2022-12-11 19:19:31 +00:00
68894089e8 Do not fetch anything from blocked instances 2022-12-10 00:09:45 +00:00
739ed14f54 Revert "mandate published on notes"
This reverts commit e49b583147.
2022-12-09 20:59:26 +00:00
e49b583147 mandate published on notes
fixes #356
2022-12-09 20:27:54 +00:00
f5a315f04c Add URL and code to :not_found errors
Ref #355
2022-12-09 20:13:31 +00:00
9db4c2429f Remove FollowBotPolicy 2022-12-09 19:59:27 +00:00
6f83ae27aa extend reject MRF to check if originating instance is blocked 2022-12-09 19:57:29 +00:00
ilja
1f863f0a36 Fix MRF policies to also work with Update
Objects who got updated would just pass through several of the MRF policies, undoing moderation in some situations.
In the relevant cases we now check not only for Create activities, but also Update activities.

I checked which ones checked explicitly on type Create using `grep '"type" => "Create"' lib/pleroma/web/activity_pub/mrf/*`.

The following from that list have not been changed:
* lib/pleroma/web/activity_pub/mrf/follow_bot_policy.ex
    * Not relevant for moderation
* lib/pleroma/web/activity_pub/mrf/keyword_policy.ex
    * Already had a test for Update
* lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
    * In practice only relevant when fetching old objects (e.g. through Like or Announce). These are always wrapped in a Create.
* lib/pleroma/web/activity_pub/mrf/reject_non_public.ex
    * We don't allow changing scope with Update, so not relevant here
2022-12-08 23:22:05 +01:00
ilja
ce517ff4e5 Fix tagpolicy to also work with Update
Objects who got updated would just pass the TagPolicy, undoing the moderation that was set in place for the Actor.
Now we check not only for Create activities, but also Update activities.
2022-12-08 21:53:42 +01:00
sfr
7c4b415929 static-fe overhaul (#236)
makes static-fe look more like pleroma-fe, with the stylesheets matching pleroma-dark and pleroma-light based on `prefers-color-scheme`.

- [x] navbar
- [x] about sidebar
- [x] background image
- [x] statuses
  - [x] "reply to" or "edited" tags
- [x] accounts
  - [x] show more / show less
  - [x] posts / with replies / media / followers / following
    - [x] followers/following would require user card snippets
  - [x] admin/bot indicators
- [x] attachments
  - [x] nsfw attachments
- [x] fontawesome icons
- [x] clean up and sort css
- [x] add pleroma-light
- [x] replace hardcoded strings

also i forgot
- [x] repeated headers

how it looks + sneak peek at statuses:
![](https://akkoma.dev/attachments/c0d3a025-6987-4630-8eb9-5f4db6858359)

Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: AkkomaGang/akkoma#236
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2022-12-07 11:20:53 +00:00
b058df3faa Allow dashes in domain name search 2022-12-06 10:57:10 +00:00
d55de5debf Remerge of hashtag following (#341)
this time with less idiot

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#341
2022-12-05 12:58:48 +00:00
ec6bf8c3f7 revert 4a94c9a31e
revert Add ability to follow hashtags (#336)

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#336
2022-12-04 20:04:09 +00:00
4a94c9a31e Add ability to follow hashtags (#336)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#336
2022-12-04 17:36:59 +00:00
6b882a2c0b Purge Rejected Follow requests in daily task (#334)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#334
2022-12-03 23:17:43 +00:00
8d6cc6cb65 Resolve follow activity from accept/reject without ID (#328)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#328
2022-12-02 11:12:37 +00:00
db60640c5b Fixing up deletes a bit (#327)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#327
2022-12-01 15:00:53 +00:00
0cfd5b4e89 Add ability to set a default post expiry (#321)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#321
2022-11-28 13:34:54 +00:00
ee7059c9cf Spin off imports into n oban jobs 2022-11-27 21:45:41 +00:00
5bb95256ee weirdly no, images should not have classes 2022-11-26 21:15:10 +00:00
c379618b34 Add tests, changelog entry 2022-11-26 20:52:49 +00:00
e3085c495c fix tests broken by relay defaults changing (#314)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#314
2022-11-26 20:45:47 +00:00