akkoma/lib/pleroma/web
Oneric d6d838cbe8 StealEmoji: check remote size before downloading
To save on bandwith and avoid OOMs with large files.
Ofc, this relies on the remote server
 (a) sending a content-length header and
 (b) being honest about the size.

Common fedi servers seem to provide the header and (b) at least raises
the required privilege of an malicious actor to a server infrastructure
admin of an explicitly allowed host.

A more complete defense which still works when faced with
a malicious server requires changes in upstream Finch;
see https://github.com/sneako/finch/issues/224
2024-03-18 22:33:10 -01:00
..
activity_pub StealEmoji: check remote size before downloading 2024-03-18 22:33:10 -01:00
admin_api Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
akkoma_api add selection UI 2023-03-28 12:44:52 +01:00
api_spec Merge branch 'followback' into develop 2024-02-16 13:27:40 +00:00
auth Support elixir1.15 2023-08-03 17:44:09 +01:00
common_api Support elixir1.15 2023-08-03 17:44:09 +01:00
fallback ensure we send the right files for preferred fe 2023-03-12 23:59:10 +00:00
federator
feed Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
mailer
mastodon_api Merge pull request 'Return last_status_at as date, not datetime' (#681) from katafrakt/akkoma:fix-last-status-at into develop 2024-02-17 11:37:19 +00:00
media_proxy Use uppercase HTTP HEAD method for media preview proxy request (#128) 2022-07-30 21:58:14 +00:00
metadata Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
mongoose_im argon2 password hashing (#406) 2022-12-30 02:46:58 +00:00
nodeinfo Mix format 2023-04-14 17:56:34 +01:00
o_auth update tests for oauth consumer 2023-12-17 21:48:19 +00:00
o_status Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
pleroma_api Exclude deactivated users from emoji reaction lists 2023-07-17 17:53:03 +01:00
plugs Limit instance emoji to image types 2024-03-18 22:33:10 -01:00
preload/providers
push Support elixir1.15 2023-08-03 17:44:09 +01:00
rich_media Support elixir1.15 2023-08-03 17:44:09 +01:00
static_fe Fix Twitter metadata 2024-02-19 21:09:43 +00:00
templates Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
twitter_api Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
utils
views Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
web_finger giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
api_spec.ex update references to pleroma in docs 2022-12-30 03:43:35 +00:00
common_api.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
controller_helper.ex giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
embed_controller.ex Add embed controller tests 2023-07-17 19:18:21 +01:00
endpoint.ex Fix Content-Type of our schema 2024-03-18 22:33:10 -01:00
federator.ex and i yoink (#275) 2022-11-14 15:07:26 +00:00
gettext.ex
instance_document.ex
manifest_controller.ex
masto_fe_controller.ex Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
media_proxy.ex Drop media proxy same-domain default for base_url 2024-03-18 22:33:10 -01:00
metadata.ex
o_auth.ex
pipelines.ex Remove precompiled javascript (#55) 2022-07-08 13:03:18 +00:00
plug.ex
preload.ex remove unused variable 2022-12-16 12:36:34 +00:00
push.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
rel_me.ex Add more information about failed verifications 2023-03-10 03:51:24 +00:00
router.ex mastodon_api: Add /api/v1/preferences endpoint 2023-08-12 09:28:24 -04:00
streamer.ex Enforce unauth restrictions for public streaming endpoints 2023-06-14 22:45:19 +00:00
swagger.ex remove anonymous function from plug 2022-07-14 11:17:14 +01:00
telemetry.ex Use fallbacks of summary metrics for prometheus 2024-02-12 02:00:09 +01:00
translation_helpers.ex
uploader_controller.ex
web_finger.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
xml.ex Add XML matcher 2023-08-07 11:12:14 +01:00