Commit graph

8761 commits

Author SHA1 Message Date
FloatingGhost d3089ec399 Ensure we can update contentMap on update 2023-02-23 11:00:55 +00:00
ilja b4952a81fe Interpret \n as newline for MFM
Markdown doesn't generally consider `\n` a newline,
but Misskey does for MFM.

Now we do to for MFM (and not for Markdown) :)
2023-02-18 19:56:11 +01:00
ilja b71db2f82d create_service_actor is now type Application
This is used for internal fetch and for relay. Both represent the instance and therefore are an aplication.
2023-02-04 21:00:21 +00:00
floatingghost aeb68a0ad1 paginate follow requests (#460)
matches https://docs.joinmastodon.org/methods/follow_requests/#get mostly

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/460
2023-02-04 20:51:17 +00:00
Walter Huf 54fdf3a5de Use any custom WebFinger domain for page metadata 2023-01-22 16:26:41 -08:00
FloatingGhost d394ab0a8a Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop 2023-01-15 18:58:26 +00:00
FloatingGhost 90088cce11 Support TLD wildcards in MRF matches
Fixes #431
2023-01-15 18:57:49 +00:00
floatingghost 63ce25f32c Merge pull request 'Correct og:description tag in static-fe' (#373) from sfr/akkoma:fix/og-description into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/373
2023-01-15 18:15:20 +00:00
sfr 20cd8a0fc4 URL encode remote emoji pack names (#362)
fix #246

Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/362
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2023-01-15 18:14:04 +00:00
Brian Underwood 7ca9ce9d67 fix: Give error message to users when address has already been validated
Plus other errors.
2023-01-12 22:08:10 +01:00
FloatingGhost ff5793198f add inbound language test 2023-01-11 15:42:13 +00:00
FloatingGhost 78c44f31ca fix no-language-specified federation 2023-01-11 15:25:34 +00:00
FloatingGhost 22068f0853 fix unused variable warnings 2023-01-10 10:58:17 +00:00
FloatingGhost cc63a89b5d Fix tests 2023-01-10 10:29:17 +00:00
FloatingGhost f86bf16430 Add language support on /api/v1/statuses 2023-01-10 10:29:17 +00:00
floatingghost 357f80a714 Merge pull request 'Changed references of "Pleroma" to "Akkoma" in email text' (#428) from knova/akkoma:develop into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/428
2023-01-09 22:13:45 +00:00
darkkirb a8cd859ef9 Use actual ISO8601 timestamps for masto API (#425)
Some users post posts with spoofed timestamp, and some clients will have issues with certain dates. Tusky for example crashes if the date is any sooner than 1 BCE (“year zero” in the representation).

I limited the range of what is considered a valid date to be somewhere between the years 1583 and 9999 (inclusive).

The numbers have been chosen because:

- ISO 8601 only allows years before 1583 with “mutual agreement”
- Years after 9999 could cause issues with certain clients as well

Co-authored-by: Charlotte 🦝 Delenk <lotte@chir.rs>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/425
Co-authored-by: darkkirb <lotte@chir.rs>
Co-committed-by: darkkirb <lotte@chir.rs>
2023-01-09 22:12:28 +00:00
knova 13d943667e Changed references of "Pleroma" to "Akkoma" in email text
I know this is probably small peanuts in the grand scheme of things, but it bugged me when I was messing around with my own Akkoma instance.
2023-01-08 03:29:09 +00:00
Charlotte 🦝 Delenk f2b925f32c
exiftool doesn’t support JPEG XL either 2023-01-07 14:49:58 +01:00
ihor b98fe4476c fix "exiftool not support svg files' (#421)
Faced with this issue today, Pleroma responds with status 400 (Bad request) if Exiftool.StripLocation is added to the list of filter modules for uploads. Here is logs:

```
13:27:25.201 [info] POST /api/v1/media

13:27:25.232 request_id=FzdspaAnrA6cyv0APgVR [error] Elixir.Pleroma.Upload.Filter: Filter Elixir.Pleroma.Upload.Filter.Exiftool.StripLocation failed: {:error, "Elixir.Pleroma.Upload.Filter.Exiftool.StripLocation: %ErlangError{original: :enoent}"}

13:27:25.232 request_id=FzdspaAnrA6cyv0APgVR [error] Elixir.Pleroma.Upload store (using Pleroma.Uploaders.Local) failed: "Elixir.Pleroma.Upload.Filter.Exiftool.StripLocation: %ErlangError{original: :enoent}"
```

# This fix solves this problem.

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/421
Co-authored-by: ihor <ikandreew@gmail.com>
Co-committed-by: ihor <ikandreew@gmail.com>
2023-01-05 15:22:48 +00:00
FloatingGhost 336d06b2a8 Significantly tighten HTTP CSP 2023-01-02 15:21:19 +00:00
FloatingGhost 57e51fe62c Migrate Pleroma.Web to phoenix 1.6 formats 2023-01-02 03:29:02 +00:00
FloatingGhost 6e646c4cbc Use a genserver to periodically fetch metrics
Ref https://github.com/beam-telemetry/telemetry_metrics_prometheus_core/issues/52
2023-01-01 18:32:14 +00:00
FloatingGhost c4b46ca460 Add /api/v1/followed_tags 2022-12-31 18:09:34 +00:00
ilja 745e15468e Use same context for quote posts as the post that's being quoted (#379)
See https://akkoma.dev/AkkomaGang/akkoma/pulls/350#issuecomment-6109

When making quotes through Mast-API, they will now have the same context as the quoted post. This also results in them being showed when fetching the thread. I checked Misskey to see how it's there, and they show the quotes there as well, see e.g. <https://mk.toast.cafe/notes/98u1g0tulg>.

An example from Akkoma:

Co-authored-by: ilja <git@ilja.space>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/379
Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-12-31 18:09:27 +00:00
FloatingGhost b8f280b4b5 Rich media doesn't need to be a map 2022-12-31 03:53:52 +00:00
FloatingGhost bf7ff6a337 Put rich media processing in a Task 2022-12-30 20:11:53 +00:00
Sol Fisher Romanoff 1d884fd914
Correct og:description tag in static-fe 2022-12-30 07:14:54 +02:00
FloatingGhost 5d4c291d52 update references to pleroma in docs 2022-12-30 03:43:35 +00:00
floatingghost 9be6caf125 argon2 password hashing (#406)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/406
2022-12-30 02:46:58 +00:00
floatingghost a5e98083f2 Add link verification in profile fields (#405)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/405
2022-12-29 20:56:06 +00:00
FloatingGhost af7c3fab98 Do not crash on invalid atom in configDB 2022-12-21 00:16:39 +00:00
Atsuko Karagi 4a78c431cf Simplified HTTP signature processing 2022-12-19 20:41:48 +00:00
Atsuko Karagi e17c71a389 Respect restrict_unauthenticated in /api/v1/accounts/lookup 2022-12-19 20:32:16 +00:00
ilja c092fc9fd6 Add translation module for Argos Translate (#351)
Argos Translate is a Python module for translation and can be used as a command line tool.

This is also the engine for LibreTranslate, for which we already have a module.
Here we can use the engine directly from our server without doing requests to a third party or having to install our own LibreTranslate webservice (obviously you do have to install Argos Translate).

One thing that's currently still missing from Argos Translate is auto-detection of languages (see <https://github.com/argosopentech/argos-translate/issues/9>). For now, when no source language is provided, we just return the text unchanged, supposedly translated from the target language. That way you get a near immediate response in pleroma-fe when clicking Translate, after which you can select the source language from a dropdown.

Argos Translate also doesn't seem to handle html very well. Therefore we give admins the option to strip the html before translating. I made this an option because I'm unsure if/how this will change in the future.

Co-authored-by: ilja <git@ilja.space>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/351
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-12-19 13:06:39 +00:00
floatingghost 233c4bb3ba revert 28ab09d377
revert Remove unused dependencies
2022-12-19 02:34:46 +00:00
FloatingGhost 28ab09d377 Remove unused dependencies 2022-12-19 02:26:04 +00:00
FloatingGhost 3d546409b2 remove now-unused test 2022-12-17 23:21:24 +00:00
FloatingGhost 52d8183787 drop admin scopes on create app instead of rejecting 2022-12-17 23:14:49 +00:00
FloatingGhost dcac8adb3d Add option to modify HTTP pool size 2022-12-16 18:33:00 +00:00
FloatingGhost 7b76fdeed3 update stats every 5 minutes 2022-12-16 17:22:56 +00:00
FloatingGhost b91e671c0d add remote user count for the heck of it 2022-12-16 17:22:26 +00:00
FloatingGhost 1f5bc4d68a remove unused variable 2022-12-16 12:36:34 +00:00
FloatingGhost 9a320ba814 make 2fa UI less awful 2022-12-16 11:50:25 +00:00
FloatingGhost 48d302a60f allow disabling prometheus entirely 2022-12-16 11:17:04 +00:00
FloatingGhost d1a0d93bf7 document prometheus 2022-12-16 10:24:36 +00:00
FloatingGhost c2054f82ab allow users with admin:metrics to read app metrics 2022-12-16 03:32:51 +00:00
FloatingGhost b8be8192fb do not allow non-admins to register tokens with admin scopes
this didn't actually _do_ anything in the past,
the users would be prevented from accessing the resource,
but they shouldn't be able to even create them
2022-12-16 03:25:14 +00:00
FloatingGhost e2320f870e Add prometheus metrics to router 2022-12-15 02:02:07 +00:00
Tim Buchwaldt 29584197bb Measure stats-data 2022-12-15 01:04:56 +00:00
Tim Buchwaldt 63be819661 Take tesla telemetry 2022-12-15 01:04:56 +00:00
Tim Buchwaldt 0995fa1410 Track oban failures 2022-12-15 01:04:56 +00:00
Tim Buchwaldt f8d3383179 Fix oban tags 2022-12-15 01:04:56 +00:00
Tim Buchwaldt a06bb694c1 Listen to loopback 2022-12-15 01:04:56 +00:00
Tim Buchwaldt 1e9c2cd8ef Fix buckets for query timing 2022-12-15 01:04:56 +00:00
Tim Buchwaldt 33243c56e5 Start adding telemetry 2022-12-15 01:04:55 +00:00
floatingghost 07a48b9293 giant massive dep upgrade and dialyxir-found error emporium (#371)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/371
2022-12-14 12:38:48 +00:00
duponin 3e9c0b380a
Return 413 when an actor's banner or background exceeds the size limit 2022-12-12 17:28:14 -05:00
duponin c9304962c3
Uploading an avatar media exceeding max size returns a 413
Until now it was returning a 500 because the upload plug were going
through the changeset and ending in the JSON encoder, which raised
because struct has to @derive the encoder.
2022-12-12 17:28:09 -05:00
FloatingGhost 77e9a52450 allow http AS profile in ld+json header 2022-12-12 19:06:04 +00:00
FloatingGhost 9c71782861 Test removed HTTP adapter 2022-12-11 23:50:31 +00:00
FloatingGhost 503827a3d9 Allow mock in http adapter checking 2022-12-11 23:33:58 +00:00
FloatingGhost f752126427 Remove quack, ensure adapter is finch 2022-12-11 23:22:35 +00:00
FloatingGhost e6da301296 Add diagnostics http 2022-12-11 22:57:18 +00:00
FloatingGhost 9d9c26b833 Ensure Gun is Gone 2022-12-11 19:26:21 +00:00
FloatingGhost affc910372 Remove hackney/gun in favour of finch 2022-12-11 19:19:31 +00:00
FloatingGhost 68894089e8 Do not fetch anything from blocked instances 2022-12-10 00:09:45 +00:00
FloatingGhost a1515f9a60 Add some extra info around possible nils 2022-12-09 23:45:51 +00:00
floatingghost 2144ce5188 Merge pull request 'Magical patches' (#357) from magical-patches into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/357
2022-12-09 21:12:49 +00:00
FloatingGhost 739ed14f54 Revert "mandate published on notes"
This reverts commit e49b583147.
2022-12-09 20:59:26 +00:00
FloatingGhost e49b583147 mandate published on notes
fixes #356
2022-12-09 20:27:54 +00:00
FloatingGhost f5a315f04c Add URL and code to :not_found errors
Ref #355
2022-12-09 20:13:31 +00:00
FloatingGhost bc265bfd54 Underscore unused variable 2022-12-09 20:04:48 +00:00
FloatingGhost dcf58a3c53 Do not pass transient undo-y activities through MRF 2022-12-09 20:01:38 +00:00
FloatingGhost 9db4c2429f Remove FollowBotPolicy 2022-12-09 19:59:27 +00:00
FloatingGhost 6f83ae27aa extend reject MRF to check if originating instance is blocked 2022-12-09 19:57:29 +00:00
sn0w 4c0911592b
Skip posts in indexer where publish date is nil 2022-12-09 20:56:39 +01:00
FloatingGhost d5828f1c5e Merge remote-tracking branch 'ilja/fix_tagpolicy_to_also_work_on_updates' into develop 2022-12-09 10:31:22 +00:00
FloatingGhost 0eaec57d3f mix format 2022-12-09 10:24:38 +00:00
ilja 1f863f0a36 Fix MRF policies to also work with Update
Objects who got updated would just pass through several of the MRF policies, undoing moderation in some situations.
In the relevant cases we now check not only for Create activities, but also Update activities.

I checked which ones checked explicitly on type Create using `grep '"type" => "Create"' lib/pleroma/web/activity_pub/mrf/*`.

The following from that list have not been changed:
* lib/pleroma/web/activity_pub/mrf/follow_bot_policy.ex
    * Not relevant for moderation
* lib/pleroma/web/activity_pub/mrf/keyword_policy.ex
    * Already had a test for Update
* lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
    * In practice only relevant when fetching old objects (e.g. through Like or Announce). These are always wrapped in a Create.
* lib/pleroma/web/activity_pub/mrf/reject_non_public.ex
    * We don't allow changing scope with Update, so not relevant here
2022-12-08 23:22:05 +01:00
ilja ce517ff4e5 Fix tagpolicy to also work with Update
Objects who got updated would just pass the TagPolicy, undoing the moderation that was set in place for the Actor.
Now we check not only for Create activities, but also Update activities.
2022-12-08 21:53:42 +01:00
FloatingGhost cb3ccf5f47 Add check for null reply_to_user 2022-12-07 13:41:12 +00:00
FloatingGhost 1afba64464 Redirect to standard FE if logged in 2022-12-07 13:35:00 +00:00
FloatingGhost c7369d6d03 GOOGLE 2022-12-07 11:41:24 +00:00
sfr 7c4b415929 static-fe overhaul (#236)
makes static-fe look more like pleroma-fe, with the stylesheets matching pleroma-dark and pleroma-light based on `prefers-color-scheme`.

- [x] navbar
- [x] about sidebar
- [x] background image
- [x] statuses
  - [x] "reply to" or "edited" tags
- [x] accounts
  - [x] show more / show less
  - [x] posts / with replies / media / followers / following
    - [x] followers/following would require user card snippets
  - [x] admin/bot indicators
- [x] attachments
  - [x] nsfw attachments
- [x] fontawesome icons
- [x] clean up and sort css
- [x] add pleroma-light
- [x] replace hardcoded strings

also i forgot
- [x] repeated headers

how it looks + sneak peek at statuses:
![](https://akkoma.dev/attachments/c0d3a025-6987-4630-8eb9-5f4db6858359)

Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/236
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2022-12-07 11:20:53 +00:00
floatingghost 09326ffa56 Diagnostics tasks (#348)
a bunch of ways to get query plans to help with debugging

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/348
2022-12-07 11:12:34 +00:00
FloatingGhost b058df3faa Allow dashes in domain name search 2022-12-06 10:57:10 +00:00
floatingghost d55de5debf Remerge of hashtag following (#341)
this time with less idiot

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/341
2022-12-05 12:58:48 +00:00
floatingghost ec6bf8c3f7 revert 4a94c9a31e
revert Add ability to follow hashtags (#336)

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/336
2022-12-04 20:04:09 +00:00
floatingghost 4a94c9a31e Add ability to follow hashtags (#336)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/336
2022-12-04 17:36:59 +00:00
floatingghost 6b882a2c0b Purge Rejected Follow requests in daily task (#334)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/334
2022-12-03 23:17:43 +00:00
FloatingGhost 1409f91d50 Add maskable to logo 2022-12-02 12:00:56 +00:00
floatingghost 94b469cab0 Merge pull request 'Add PWA config' (#329) from pwa into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/329
2022-12-02 11:13:29 +00:00
floatingghost 8d6cc6cb65 Resolve follow activity from accept/reject without ID (#328)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/328
2022-12-02 11:12:37 +00:00
FloatingGhost bbf2e3f445 Add PWA info 2022-12-02 11:10:35 +00:00
floatingghost db60640c5b Fixing up deletes a bit (#327)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/327
2022-12-01 15:00:53 +00:00
floatingghost 0cfd5b4e89 Add ability to set a default post expiry (#321)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/321
2022-11-28 13:34:54 +00:00
FloatingGhost ee7059c9cf Spin off imports into n oban jobs 2022-11-27 21:45:41 +00:00
floatingghost 98a21debf9 normalise markup by default (#316)
why was this _not_ default?

honestly i'm surprised pleroma hasn't exploded yet

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/316
2022-11-26 21:06:20 +00:00
@r3g_5z@plem.sapphic.site 565ead8397 minor-changes (#313)
Only real change here is making MRF rejects log as debug instead of info (https://akkoma.dev/AkkomaGang/akkoma/issues/234)

I don't know if it's the best way to do it, but it seems it's just MRF using this and almost always this is intended.

The rest are just minor docs changes and syncing the restricted nicknames stuff.

I compiled and ran my changes with Docker and they all work.

Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/313
Co-authored-by: @r3g_5z@plem.sapphic.site <june@girlboss.ceo>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@girlboss.ceo>
2022-11-26 19:27:58 +00:00
@luna@f.l4.pm a90c45b7e9 Add Signed Fetch Statistics (#312)
Close #304.

Notes:
 - This patch was made on top of Pleroma develop, so I created a separate cachex worker for request signature actions, instead of Akkoma's instance cache. If that is a merge blocker, I can attempt to move logic around for that.
 - Regarding the `has_request_signatures: true -> false` state transition: I think that is a higher level thing (resetting instance state on new instance actor key) which is separate from the changes relevant to this one.

Co-authored-by: Luna <git@l4.pm>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/312
Co-authored-by: @luna@f.l4.pm <akkoma@l4.pm>
Co-committed-by: @luna@f.l4.pm <akkoma@l4.pm>
2022-11-26 19:22:56 +00:00
floatingghost 2fe1484ed3 http timeout config (#307)
Ref https://meta.akkoma.dev/t/increase-timeout-on-libretranslate-request-how/156/2

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/307
2022-11-24 12:27:16 +00:00
ave 1c4ca20ff7 Change follow_operation schema to use type BooleanLike (#301)
Changes follow_operation schema to use BooleanLike instead of :boolean so that strings like "0" and "1" (used by mastodon.py) can be accepted. Rest of file uses the same. For more info please see https://git.pleroma.social/pleroma/pleroma/-/issues/2999

(I'm also sending this here as I'm not hopeful about upstream not ignoring  it)

Co-authored-by: ave <ave@ave.zone>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/301
Co-authored-by: ave <ave@noreply.akkoma>
Co-committed-by: ave <ave@noreply.akkoma>
2022-11-24 11:27:01 +00:00
floatingghost 6223e2ea3e Merge pull request 'Additional timeline query improvements from upstream' (#291) from norm/akkoma:timeline-query-improvements into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/291
2022-11-20 21:53:24 +00:00
@r3g_5z@plem.sapphic.site 0e4c201f8d HTTP header improvements (#294)
- Drop Expect-CT

Expect-CT has been redundant since 2018 when Certificate Transparency became mandated and required for all CAs and browsers. This header is only implemented in Chrome and is now deprecated. HTTP header analysers do not check this anymore as this is enforced by default. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT

- Raise HSTS to 2 years and explicitly preload

The longer age for HSTS, the better. Header analysers prefer 2 years over 1 year now as free TLS is very common using Let's Encrypt.
For HSTS to be fully effective, you need to submit your root domain (domain.tld) to https://hstspreload.org. However, a requirement for this is the "preload" directive in Strict-Transport-Security. If you do not have "preload", it will reject your domain.

- Drop X-Download-Options

This is an IE8-era header when Adobe products used to use the IE engine for making outbound web requests to embed webpages in things like Adobe Acrobat (PDFs). Modern apps are using Microsoft Edge WebView2 or Chromium Embedded Framework. No modern browser checks or header analyser check for this.

- Set base-uri to 'none'

This is to specify the domain for relative links (`<base>` HTML tag). pleroma-fe does not use this and it's an incredibly niche tag.

I use all of these myself on my instance by rewriting the headers with zero problems. No breakage observed.

I have not compiled my Elixr changes, but I don't see why they'd break.

Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/294
Co-authored-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
2022-11-20 21:20:06 +00:00
r3g_5z f90552f62e
Drop XSS auditor
It's deprecated, removed in some, by all modern browsers and is known
to create XSS vulnerabilities in itself.

Signed-off-by: r3g_5z <june@terezi.dev>
2022-11-19 20:40:20 -05:00
Mark Felder 0022fa7d49
Add same optimized join for excluding invisible users 2022-11-19 15:12:24 -05:00
Mark Felder 11fc1beba5
Fix reports which do not have a user
The check for deactivated users was being applied to report activities.
2022-11-19 15:12:16 -05:00
floatingghost e1e0d5d759 microblogpub federation fixes (#288)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/288
2022-11-18 11:14:35 +00:00
Haelwenn (lanodan) Monnier 3e0a5851e5 Set instance reachable on fetch 2022-11-15 17:23:47 +00:00
floatingghost 2a1f17e3ed and i yoink (#275)
Co-authored-by: Mark Felder <feld@feld.me>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/275
2022-11-14 15:07:26 +00:00
floatingghost c1127e321b Add configurable timeline per oban job (#273)
Heavily inspired by https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3777

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/273
2022-11-13 23:55:51 +00:00
FloatingGhost 89dbc7177b Chores for 2022.11 2022-11-11 16:12:04 +00:00
FloatingGhost ac0c00cdee Add media sources to connect-src if media proxy is enabled 2022-11-10 17:26:51 +00:00
FloatingGhost bab1ab5b6c strip \r and \r from content-disposition filenames 2022-11-10 11:54:12 +00:00
floatingghost cc6a076202 Include requested_by in relationship (#260)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/260
2022-11-10 03:16:32 +00:00
FloatingGhost 0681a26dbb Remove unused pattern 2022-11-08 13:54:43 +00:00
FloatingGhost 4e8ab0deeb fix count of poll voters 2022-11-08 13:50:04 +00:00
FloatingGhost 2e895b6c02 make metdata check a debug log 2022-11-08 11:03:43 +00:00
FloatingGhost 479aacb1b6 Add fallback for reports that don't have attached activities 2022-11-08 11:01:47 +00:00
FloatingGhost a0b8e3c842 Don't mess with the cache on metadata update 2022-11-08 10:39:01 +00:00
FloatingGhost 7bbaa8f8e0 automatically trim loading *. prefixes on domain blocks 2022-11-07 22:33:18 +00:00
floatingghost 31ad09010e Fix regex usage in MRF (#254)
fixes #235
fixes #228

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/254
2022-11-06 23:50:32 +00:00
FloatingGhost 5123b3a5dd Add enabled check on /translation/languages 2022-11-06 22:55:26 +00:00
floatingghost b7e8ce2350 Scrape instance nodeinfo (#251)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/251
2022-11-06 22:49:39 +00:00
Thomas Citharel 4d0a51221a
Fix typo in CSP Report-To header name
The header name was Report-To, not Reply-To.

In any case, that's now being changed to the Reporting-Endpoints HTTP
Response Header.
https://w3c.github.io/reporting/#header
https://github.com/w3c/reporting/issues/177

CanIUse says the Report-To header is still supported by current Chrome
and friends.
https://caniuse.com/mdn-http_headers_report-to

It doesn't have any data for the Reporting-Endpoints HTTP header, but
this article says Chrome 96 supports it.
https://web.dev/reporting-api/

(Even though that's come out one year ago, that's not compatible with
Network Error Logging which's still using the Report-To version of the
API)

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 15:02:13 +01:00
floatingghost 9038da01cc Merge pull request 'Push.Impl: support edits' (#244) from norm/akkoma:push-support-edits into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/244
2022-11-01 15:14:08 +00:00
floatingghost e44e147b54 Merge pull request 'fix flaky test_user_relationship_test.exs:81' (#240) from ilja/akkoma:fix_flaky_test_user_relationship_test.exs_81 into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/240
2022-11-01 14:44:23 +00:00
nullobsi cbc693f832 Fix LDAP user registration (#229)
Simple fix for LDAP user registration. I'm not sure what changed but I managed to get Akkoma running in a debug session and figured out it was missing a match for an extra value at the end. I don't know Elixir all that well so I'm not sure if this was the correct way to do it... but it works. :)

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/229
Co-authored-by: nullobsi <me@nullob.si>
Co-committed-by: nullobsi <me@nullob.si>
2022-11-01 14:17:55 +00:00
marcin mikołajczak 6486211064
Push.Impl: support edits
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-10-28 01:20:19 -04:00
ilja 3562eaeedc fix flaky test_user_relationship_test.exs:81
The problem was double. On the one hand, the function didn't actually return what was in the DB.
On the other hand the test was flaky because it used NaiveDateTime.utc_now() so test could fail or pass depending on a difference of microseconds.

Both are fixed now.
2022-10-23 13:31:01 +02:00
floatingghost f36d14818d Unilateral remove from followers (#232)
from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3647/

Co-authored-by: marcin mikołajczak <git@mkljczk.pl>
Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/232
2022-10-19 10:01:14 +00:00
floatingghost edf7d5089f Merge pull request 'Check that the signature matches the creator' (#230) from domain-blocks into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/230
2022-10-14 11:41:34 +00:00
FloatingGhost 03662501c3 Check that the signature matches the creator 2022-10-14 11:48:32 +01:00
FloatingGhost 856c57208b Ensure deletes are handled after everything else 2022-10-11 14:30:08 +01:00
FloatingGhost cb9b0d3720 optimise notifications query 2022-10-11 11:40:43 +01:00
FloatingGhost 8af50dea36 format 2022-10-10 17:13:42 +01:00
FloatingGhost ca9e6ffc55 Use inner lateral join to not get dropped in :total 2022-10-10 16:45:02 +01:00
FloatingGhost 574f010bc8 Extract deactivated users query to a join 2022-10-10 15:55:58 +01:00
floatingghost c6e63aaf6b Backend settings sync (#226)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/226
2022-10-06 16:22:15 +00:00
floatingghost b2aa82cee5 Fix false error in meilisearch index (#221)
the schema changed

https://docs.meilisearch.com/reference/api/documents.html#add-or-update-documents

this wasn't breaking anything, it would just report errors that were actually successes

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/221
2022-09-20 10:36:21 +00:00
Norm 561e1f2470 Make backups require its own scope (#218)
Pulled from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3721.

This makes backups require its own scope (`read:backups`) instead of the `read:accounts` scope.

Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/218
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-09-19 17:31:35 +00:00
a1batross 77596a3021
User: search: exclude deactivated users from user search
This way we don't pollute search results with deactivated and deleted users
2022-09-15 21:21:06 -04:00
Tusooa Zhu 2aa8e66527 Fix User.get_or_fetch/1 with usernames starting with http 2022-09-11 20:29:05 +01:00
Hélène 1acd38fe7f OAuthPlug: use user cache instead of joining
As this plug is called on every request, this should reduce load on the
database by not requiring to select on the users table every single
time, and to instead use the by-ID user cache whenever possible.
2022-09-11 19:55:55 +01:00
Hélène 3e2d15c71d emoji-test: update to latest 15.0 draft 2022-09-11 19:55:45 +01:00
Hélène 8683252fc5 Metadata/Utils: use summary as description if set
When generating OpenGraph and TwitterCard metadata for a post, the
summary field will be used first if it is set to generate the post
description.
2022-09-11 19:55:38 +01:00
Hélène 0b14f02ed2 User: generate private keys on user creation
This fixes a race condition bug where keys could be regenerated
post-federation, causing activities and HTTP signatures from an user to
be dropped due to key differences.
2022-09-11 19:54:37 +01:00
Hélène e88f36f72b ObjectView: do not fetch an object for its ID
Non-Create/Listen activities had their associated object field
normalized and fetched, but only to use their `id` field, which is both
slow and redundant. This also failed on Undo activities, which delete
the associated object/activity in database.

Undo activities will now render properly and database loads should
improve ever so slightly.
2022-09-11 19:52:59 +01:00
Norm a6d85003fe Remote interaction with posts (#198)
Grabbed from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3587

Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/198
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-09-08 10:19:22 +00:00
floatingghost 2641dcdd15 Post editing (#202)
Rebased from #103

Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/202
2022-09-06 19:24:02 +00:00
FloatingGhost 6c80977b06 turn inlineQuotePolicy on by default 2022-09-05 17:22:33 +01:00
FloatingGhost f6304cfd78 add extra tests for builder 2022-09-05 01:24:40 +01:00
FloatingGhost 1c7d7845c3 fix compilation warnings 2022-09-05 00:39:32 +01:00
floatingghost 1b826eea54 Allow reacting with remote emoji when they exist on the post (#200)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/200
2022-09-04 23:31:41 +00:00
floatingghost 7a90d71e8d ensure .exs config is used before default (#197)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/197
2022-09-02 22:05:39 +00:00
floatingghost 8e4de118c1 Don't persist local undone follow (#194)
same deal but backwards this time

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/194
2022-08-31 18:00:36 +00:00
floatingghost decbca0c91 add seperate source and dest entries in language listing (#193)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/193
2022-08-30 16:59:33 +00:00
floatingghost c3fde9577d Allow listing languages, setting source language (#192)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/192
2022-08-30 14:58:54 +00:00
floatingghost df39cab9c1 Automatic status translation (#187)
Fixes #115

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/187
2022-08-29 19:42:22 +00:00
Tusooa Zhu 95e4018c1a Disconnect streaming sessions when token is revoked
Use Websockex to replace websocket_client

Test that server will disconnect websocket upon token revocation

Lint

Execute session disconnect in background

Refactor streamer test

allow multi-streams

rebase websocket change
2022-08-27 19:07:48 +01:00
floatingghost 772c209914 GTS: cherry-picks and collection usage (#186)
https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3725?commit_id=61254111e59f02118cad15de49d1e0704c07030e

what is this, a yoink of a yoink? good times

Co-authored-by: Hélène <pleroma-dev@helene.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/186
2022-08-27 18:05:48 +00:00
FloatingGhost 85137f591f Add ability to obfuscate domains in MRF transparency 2022-08-27 11:57:57 +01:00
floatingghost e4f2251e0f Add support for setting language in instance metadata (#183)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/183
2022-08-25 16:11:21 +00:00
floatingghost 618cf7ff7f reuse valid oauth tokens (#182)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/182
2022-08-25 14:37:51 +00:00
floatingghost 92ba2802fb generate-keys-at-registration-time (#181)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/181
2022-08-24 14:36:33 +00:00
FloatingGhost 8d7b63a766 Revert "Fix oauth2 (for real) (#179)"
This reverts commit aa681d7e15.
2022-08-21 17:52:02 +01:00
floatingghost aa681d7e15 Fix oauth2 (for real) (#179)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/179
2022-08-21 16:24:37 +00:00
FloatingGhost b0130bfa7b Revert "oauth2 fixes (#177)"
This reverts commit 429e2ac832.
2022-08-21 16:22:15 +01:00
floatingghost d72f9e39d9 add visibility check on quote (#178)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/178
2022-08-21 15:17:01 +00:00
floatingghost 429e2ac832 oauth2 fixes (#177)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/177
2022-08-21 14:46:52 +00:00
floatingghost e9f1897cfd parser MFM server-side (#172)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/172
2022-08-18 03:14:48 +00:00
floatingghost aaf78e2b52 only put linked mfm in source (#171)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/171
2022-08-17 09:35:11 +00:00
floatingghost 11ec9daa5b API compatibility with fedibird, frontend config (#163)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/163
2022-08-17 00:22:59 +00:00
floatingghost 89ffc01c23 only return create objects for ES search (#165)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/165
2022-08-16 23:24:19 +00:00
floatingghost 61641957cb fix compatibility with meilisearch (#164)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/164
2022-08-16 22:56:49 +00:00
floatingghost 37a1001b97 add finch outbound proxy support (#158)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/158
2022-08-14 23:13:49 +00:00
FloatingGhost d3b9cfb03f use :discard instead of cancel 2022-08-11 19:17:50 +01:00
FloatingGhost 55179d4214 set soapbox-fe v2 by default
fixes #157
2022-08-11 10:25:03 +01:00
floatingghost 1245141779 treat rejections in MRF as a reject in federator (#155)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/155
2022-08-08 15:47:57 +00:00
FloatingGhost 5d23df84c9 Mix format 2022-08-07 20:49:56 +01:00
Hélène b3e4d81362 StatusView: implement pleroma.context field
This field replaces the now deprecated conversation_id field, and now
exposes the ActivityPub object `context` directly via the MastoAPI
instead of relying on StatusNet-era data concepts.
2022-08-07 20:48:08 +01:00
Hélène b9bb093600 StatusView: clear MSB on calculated conversation_id
This field seems to be a left-over from the StatusNet era.
If your application uses `pleroma.conversation_id`: this field is
deprecated.

It is currently stubbed instead by doing a CRC32 of the context, and
clearing the MSB to avoid overflow exceptions with signed integers on
the different clients using this field (Java/Kotlin code, mostly; see
Husky and probably other mobile clients.)

This should be removed in a future version of Pleroma. Pleroma-FE
currently depends on this field, as well.
2022-08-07 20:47:59 +01:00
floatingghost 62e179f446 make conversation-id deterministic (#154)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/154
2022-08-06 20:59:15 +00:00
floatingghost ec162b496b /notice signing checks on redirect (#150)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/150
2022-08-05 19:31:32 +00:00
floatingghost 0ec3a11895 don't persist undo of follows (#149)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/149
2022-08-05 13:28:56 +00:00
floatingghost a82fb2acc1 Merge pull request 'Update default paths' (#141) from norm/akkoma:update-default-paths into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/141
2022-08-05 11:42:14 +00:00
Hélène c1e15ff6f8 Transmogrifier: fix reply context fixing
Incoming Pleroma replies to a Misskey thread were rejected due to a
broken context fix, which caused them to not be visible until a
non-Pleroma user interacted with the replies.

This fix properly sets the post-fix object context to its parent Create
activity as well, if it was changed.
2022-08-04 12:57:48 +01:00
floatingghost 456c97fda9 Merge pull request 'remove unneeded function' (#143) from compile-fix into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/143
2022-08-03 11:12:05 +00:00
floatingghost 842ab82ef0 Merge pull request 'Allow users to create backups without providing email address' (#140) from norm/akkoma:backup-without-email into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/140
2022-08-03 11:11:53 +00:00
Norm 2c40d565fa Fix config path lookup (#139)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/139
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-08-03 10:52:21 +00:00
FloatingGhost 359510eebc remove unneeded function 2022-08-03 11:50:48 +01:00
Francis Dinh 8bfd01b9c7
Update default paths 2022-08-03 01:05:53 -04:00
Tusooa Zhu f08241c8ab
Allow users to create backups without providing email address
Ref: backup-without-email
2022-08-02 22:16:54 -04:00
floatingghost c9600dbbbf local-only-fixed (#138)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/138
2022-08-02 14:46:46 +00:00
floatingghost ca000f8301 Merge mrf_simple-reject with quarantine (#137)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/137
2022-08-02 14:19:24 +00:00
Joel Beckmeyer e26388a01c Support reaching user@sub.domain.tld at user@domain.tld (#134)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/134
Co-authored-by: Joel Beckmeyer <joel@beckmeyer.us>
Co-committed-by: Joel Beckmeyer <joel@beckmeyer.us>
2022-08-02 13:54:22 +00:00
floatingghost c3eea8dc7d expose bubble instances via nodeinfo (#136)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/136
2022-08-02 09:11:22 +00:00
floatingghost 19a27ff006 allow small/center tags in misskeymarkdown (#132)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/132
2022-08-01 12:46:52 +00:00
Yukkuri 38659e5610 Use uppercase HTTP HEAD method for media preview proxy request (#128)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/128
Co-authored-by: Yukkuri <iamtakingiteasy@eientei.org>
Co-committed-by: Yukkuri <iamtakingiteasy@eientei.org>
2022-07-30 21:58:14 +00:00