Commit graph

1174 commits

Author SHA1 Message Date
Haelwenn (lanodan) Monnier 2b1a252cc7 User: truncate remote user fields instead of rejecting 2024-11-26 09:29:44 +00:00
Floatingghost c0a99df06a Merge remote-tracking branch 'oneric/varfixes' into develop 2024-10-30 15:15:00 +00:00
Floatingghost c9b3fcc1d3 allow for OTP code changes in :zip 2024-10-30 14:43:18 +00:00
Floatingghost 58d5d9d7bf fix tests, contain object 2024-10-26 06:58:47 +01:00
Floatingghost b6e8fde4dd Merge branch 'develop' into keys-extraction 2024-10-26 06:11:29 +01:00
Floatingghost bee10eab5e correct minor zip behaviour 2024-10-26 06:11:12 +01:00
Floatingghost 430b376ded mix format 2024-10-26 05:05:48 +01:00
Floatingghost ccf1007883 Fix about a million tests 2024-10-26 05:05:48 +01:00
Floatingghost 6da783b84d Fix http signature plug tests 2024-10-26 05:05:48 +01:00
Floatingghost 9c876cea21 Fix some tests 2024-10-26 05:05:48 +01:00
Floatingghost 9728e2f8f7 adjust logic to use relation :signing_key 2024-10-26 05:05:47 +01:00
floatingghost f101886709 Merge pull request 'Federate emoji as anonymous objects' (#815) from Oneric/akkoma:emoji-id into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/815
2024-10-16 14:58:46 +00:00
Oneric d5b0720596 Allow cross-domain redirects on AP requests
Since we now remember the final location redirects lead to
and use it for all further checks since
3e134b07fa, these redirects
can no longer be exploited to serve counterfeit objects.

This fixes:
 - display URLs from independent webapp clients
   redirecting to the canonical domain
 - Peertube display URLs for remote content
   (acting like the above)
2024-10-14 01:42:51 +02:00
Oneric 940792f8ba Refetch on AP ID mismatch
As hinted at in the commit message when strict checking
was added in 8684964c5d,
refetching is more robust than display URL comparison
but in exchange is harder to implement correctly.

A similar refetch approach is also employed by
e.g. Mastodon, IceShrimp and FireFish.

To make sure no checks can be bypassed by forcing
a refetch, id checking is placed at the very end.

This will fix:
 - Peertube display URL arrays our transmogrifier fails to normalise
 - non-canonical display URLs from alternative frontends
   (theoretical; we didnt’t get any actual reports about this)

It will also be helpful in the planned key handling overhaul.

The modified user collision test was introduced in
https://git.pleroma.social/pleroma/pleroma/-/merge_requests/461
and unfortunately the issues this fixes aren’t public.
Afaict it was just meant to guard against someone serving
faked data belonging to an unrelated domain. Since we now
refetch and the id actually is mocked, lookup now succeeds
but will use the real data from the authorative server
making it unproblematic. Instead modify the fake data further
and make sure we don’t end up using the spoofed version.
2024-10-14 01:42:43 +02:00
floatingghost 3bb31117e6 Merge pull request 'Handle domain mutes on the backend' (#804) from domain-mute-backend-processing into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/804
2024-08-20 10:32:47 +00:00
Oneric d488cf476e Fix voters count field
Mastodon API demands this be null unless it’s a multi-selection poll.
Not abiding by this can mess up display in some clients.

Fixes: https://akkoma.dev/AkkomaGang/akkoma/issues/190
2024-06-27 18:29:45 +02:00
Oneric ca182a0ae7 Correctly parse content types with multiple profiles
Multiple profiles can be specified as a space-separated list
and the possibility of additional profiles is explicitly brought up
in ActivityStream spec
2024-06-27 18:29:45 +02:00
Oneric 495a1a71e8 strip_metadata: skip BMP files
Not _yet_ supported as of exiftool 12.87, though
at first glance it seems like standard BMP files
can't store any metadata besides colour profiles

Fixes the specific case from
https://akkoma.dev/AkkomaGang/akkoma-fe/issues/396
although the frontend shouldn’t get bricked regardless.
2024-06-27 18:29:45 +02:00
Mark Felder 07539f7825 Hide logs during test unless a test fails
Currently `mix test` prints a slew of logs in the terminal
with messages from different tests intermsparsed. Globally
enabling capture log hides log messages unless a test fails
reducing noise and making it easier to anylse the important
(from failed tests) messages.

Compiler warnings and a few messages not printed via Logger
still show up but its much more readable than before.

Ported from: 3aed111a42
2024-06-27 18:29:45 +02:00
Oneric 4ff5293093 Federate emoji as anonymous objects
Usually an id should point to another AP object
and the image file isn’t an AP object. We currently
do not provide standalone AP objects for emoji and
don't keep track of remote emoji at all.
Thus just federate them as anonymous objects,
i.e. objects only existing within a parent context
and using an explicit null id.

IceShrimp.NET previously adopted anonymous objects
for remote emoji without any apparent issues. See:
333611f65e

Fixes: https://akkoma.dev/AkkomaGang/akkoma/issues/694
2024-06-23 20:46:59 +02:00
floatingghost 5992e8bb16 Merge pull request 'Update http-signatures dep, allow created header' (#800) from created-pseudoheader into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/800
2024-06-17 21:52:59 +00:00
Floatingghost 57273754b7 we may as well handle (expires) as well 2024-06-17 22:30:14 +01:00
Oneric bf8f493ffd Remove proxy_remote vestiges
Ever since 364b6969eb
this setting wasn't used by the backend and a noop.
The stated usecase is better served by setting the base_url
to a local subdomain and using proxying in nginx/Caddy/...
2024-06-16 01:21:52 +02:00
Floatingghost c0b2bba55e revert subdomain change until i can look at why i did that 2024-06-15 15:14:42 +01:00
Floatingghost 4b765b1886 mix format 2024-06-15 15:06:28 +01:00
Floatingghost cba2c5725f Filter emoji reaction accounts by domain blocks 2024-06-15 15:05:52 +01:00
Floatingghost 2b96c3b224 Update http-signatures dep, allow created header 2024-06-12 18:40:44 +01:00
floatingghost b03edb4ff4 Merge pull request 'Fix StealEmoji’s max size check' (#793) from Oneric/akkoma:emojistealer_contentlength into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/793
2024-06-12 17:09:05 +00:00
Floatingghost ad52135bf5 Convert rich media backfill to oban task 2024-06-11 18:06:51 +01:00
Floatingghost 9c5feb81aa fix tests 2024-06-09 21:26:29 +01:00
Floatingghost 16bed0562d Fix tests 2024-06-09 18:28:00 +01:00
Mark Felder 2f5eb79473 Mastodon API: Remove deprecated GET /api/v1/statuses/:id/card endpoint
Removed back in 2019

https://github.com/mastodon/mastodon/pull/11213
2024-06-09 17:38:06 +01:00
Mark Felder f4daa90bd8 Remove test validating missing descriptions are returned as an empty string 2024-06-09 17:37:59 +01:00
Mark Felder 688748b531 Improve test description 2024-06-09 17:37:32 +01:00
Mark Felder 2e5aa71176 Rich Media Cards are fetched asynchonously and not guaranteed to be available on first post render 2024-06-09 17:37:22 +01:00
Mark Felder 7ca655a999 Rich Media Cards are cached by URL not per status 2024-06-09 17:36:57 +01:00
Mark Felder 765c7e98d2 Respect the TTL returned in OpenGraph tags 2024-06-09 17:36:15 +01:00
Mark Felder ddbe989461 Fix broken tests 2024-06-09 17:35:47 +01:00
Floatingghost a924e117fd Add pool timeouts 2024-06-09 17:20:29 +01:00
Oneric a3840e7d1f Raise minimum PostgreSQL version to 12
This lets us:
 - avoid issues with broken hash indices for PostgreSQL <10
 - drop runtime checks and legacy codepaths for <11 in db search
 - always enable custom query plans for performance optimisation

PostgreSQL 11 is already EOL since 2023-11-09, so
in theory everyone should already have moved on to 12 anyway.
2024-06-07 16:21:09 +02:00
Oneric be5440c5e8 mrf/steal_emoji: fix size limit check
Headers are strings, but this expected to already get an int
thus always failing the comparison if the header was set.

Fixes mistake in d6d838cbe8
2024-06-05 20:11:53 +02:00
Oneric 68fe0a9633 test: fix content-length value type
All headers are strings, always.
In this case it didn't matter atm,
but let’s not provide confusing examples.
2024-06-05 19:59:59 +02:00
Floatingghost c9a03af7c1 Move rescue to the HTTP request itself 2024-06-04 14:30:16 +01:00
Floatingghost 30e13a8785 Don't error on rich media fail 2024-06-04 14:21:40 +01:00
floatingghost 8f97c15b07 Merge pull request 'Preserve Meilisearch’s result ranking' (#772) from Oneric/akkoma:search-meili-order into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/772
2024-05-31 14:12:05 +00:00
Floatingghost 3af0c53a86 use proper workers for fetching pins instead of an ad-hoc task (#788)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/788
Co-authored-by: Floatingghost <hannah@coffee-and-dreams.uk>
Co-committed-by: Floatingghost <hannah@coffee-and-dreams.uk>
2024-05-31 08:58:52 +00:00
Oneric 65aeaefa41 meilisearch: respect meili’s result ranking
Meilisearch is already configured to return results sorted by a
particular ranking configured in the meilisearch CLI task.
Resorting the returned top results by date partially negates this and
runs counter to what someone with tweaked settings expects.

Issue and fix identified by AdamK2003 in
https://akkoma.dev/AkkomaGang/akkoma/pulls/579
But instead of using a O(n^2) resorting, this commit directly
retrieves results in the correct order from the database.

Closes: https://akkoma.dev/AkkomaGang/akkoma/pulls/579
2024-05-29 23:17:27 +00:00
Floatingghost 66b3248dd3 mix tests probably shouldn't be async 2024-05-27 04:03:13 +01:00
Floatingghost 73ead8656a don't allow emoji formatter to be async 2024-05-27 03:25:18 +01:00
Floatingghost f15eded3e1 Add extra test case for nonsense field, increase timeouts 2024-05-27 02:09:48 +01:00