summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/mix/tasks/generate_invite_token.ex25
-rw-r--r--lib/pleroma/formatter.ex4
-rw-r--r--lib/pleroma/gopher/server.ex6
-rw-r--r--lib/pleroma/plugs/digest.ex10
-rw-r--r--lib/pleroma/plugs/http_signature.ex10
-rw-r--r--lib/pleroma/upload.ex14
-rw-r--r--lib/pleroma/user.ex1
-rw-r--r--lib/pleroma/user_invite_token.ex40
-rw-r--r--lib/pleroma/web/activity_pub/activity_pub.ex14
-rw-r--r--lib/pleroma/web/endpoint.ex3
-rw-r--r--lib/pleroma/web/mastodon_api/views/account_view.ex14
-rw-r--r--lib/pleroma/web/router.ex9
-rw-r--r--lib/pleroma/web/twitter_api/controllers/util_controller.ex9
-rw-r--r--lib/pleroma/web/twitter_api/twitter_api.ex40
-rw-r--r--lib/pleroma/web/twitter_api/views/user_view.ex14
15 files changed, 190 insertions, 23 deletions
diff --git a/lib/mix/tasks/generate_invite_token.ex b/lib/mix/tasks/generate_invite_token.ex
new file mode 100644
index 000000000..c4daa9a6c
--- /dev/null
+++ b/lib/mix/tasks/generate_invite_token.ex
@@ -0,0 +1,25 @@
+defmodule Mix.Tasks.GenerateInviteToken do
+ use Mix.Task
+
+ @shortdoc "Generate invite token for user"
+ def run([]) do
+ Mix.Task.run("app.start")
+
+ with {:ok, token} <- Pleroma.UserInviteToken.create_token() do
+ IO.puts("Generated user invite token")
+
+ IO.puts(
+ "Url: #{
+ Pleroma.Web.Router.Helpers.redirect_url(
+ Pleroma.Web.Endpoint,
+ :registration_page,
+ token.token
+ )
+ }"
+ )
+ else
+ _ ->
+ IO.puts("Error creating token")
+ end
+ end
+end
diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex
index 0aaf21538..d199c9243 100644
--- a/lib/pleroma/formatter.ex
+++ b/lib/pleroma/formatter.ex
@@ -244,8 +244,8 @@ defmodule Pleroma.Formatter do
subs =
subs ++
- Enum.map(tags, fn {_, tag, uuid} ->
- url = "<a href='#{Pleroma.Web.base_url()}/tag/#{tag}' rel='tag'>##{tag}</a>"
+ Enum.map(tags, fn {tag_text, tag, uuid} ->
+ url = "<a href='#{Pleroma.Web.base_url()}/tag/#{tag}' rel='tag'>#{tag_text}</a>"
{uuid, url}
end)
diff --git a/lib/pleroma/gopher/server.ex b/lib/pleroma/gopher/server.ex
index f6abcd4d0..97a1dea77 100644
--- a/lib/pleroma/gopher/server.ex
+++ b/lib/pleroma/gopher/server.ex
@@ -54,7 +54,7 @@ defmodule Pleroma.Gopher.Server.ProtocolHandler do
String.split(text, "\r")
|> Enum.map(fn text ->
- "i#{text}\tfake\(NULL)\t0\r\n"
+ "i#{text}\tfake\t(NULL)\t0\r\n"
end)
|> Enum.join("")
end
@@ -77,14 +77,14 @@ defmodule Pleroma.Gopher.Server.ProtocolHandler do
link("Post ##{activity.id} by #{user.nickname}", "/notices/#{activity.id}") <>
info("#{like_count} likes, #{announcement_count} repeats") <>
- "\r\n" <>
+ "i\tfake\t(NULL)\t0\r\n" <>
info(
HtmlSanitizeEx.strip_tags(
String.replace(activity.data["object"]["content"], "<br>", "\r")
)
)
end)
- |> Enum.join("\r\n")
+ |> Enum.join("i\tfake\t(NULL)\t0\r\n")
end
def response("") do
diff --git a/lib/pleroma/plugs/digest.ex b/lib/pleroma/plugs/digest.ex
new file mode 100644
index 000000000..9d6bbb085
--- /dev/null
+++ b/lib/pleroma/plugs/digest.ex
@@ -0,0 +1,10 @@
+defmodule Pleroma.Web.Plugs.DigestPlug do
+ alias Plug.Conn
+ require Logger
+
+ def read_body(conn, opts) do
+ {:ok, body, conn} = Conn.read_body(conn, opts)
+ digest = "SHA-256=" <> (:crypto.hash(:sha256, body) |> Base.encode64())
+ {:ok, body, Conn.assign(conn, :digest, digest)}
+ end
+end
diff --git a/lib/pleroma/plugs/http_signature.ex b/lib/pleroma/plugs/http_signature.ex
index 38bcd3a78..9e53371b7 100644
--- a/lib/pleroma/plugs/http_signature.ex
+++ b/lib/pleroma/plugs/http_signature.ex
@@ -19,6 +19,8 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
cond do
signature && String.contains?(signature, user) ->
+ # set (request-target) header to the appropriate value
+ # we also replace the digest header with the one we computed
conn =
conn
|> put_req_header(
@@ -26,6 +28,14 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
String.downcase("#{conn.method}") <> " #{conn.request_path}"
)
+ conn =
+ if conn.assigns[:digest] do
+ conn
+ |> put_req_header("digest", conn.assigns[:digest])
+ else
+ conn
+ end
+
assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn))
signature ->
diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex
index 92a89e296..408a3fc56 100644
--- a/lib/pleroma/upload.ex
+++ b/lib/pleroma/upload.ex
@@ -18,6 +18,8 @@ defmodule Pleroma.Upload do
File.cp!(file.path, result_file)
end
+ strip_exif_data(content_type, result_file)
+
%{
"type" => "Document",
"url" => [
@@ -67,6 +69,8 @@ defmodule Pleroma.Upload do
File.rename(uuidpath, result_file)
end
+ strip_exif_data(content_type, result_file)
+
%{
"type" => "Image",
"url" => [
@@ -80,6 +84,16 @@ defmodule Pleroma.Upload do
}
end
+ def strip_exif_data(content_type, file) do
+ settings = Application.get_env(:pleroma, Pleroma.Upload)
+ do_strip = Keyword.fetch!(settings, :strip_exif)
+ [filetype, ext] = String.split(content_type, "/")
+
+ if filetype == "image" and do_strip == true do
+ Mogrify.open(file) |> Mogrify.custom("strip") |> Mogrify.save(in_place: true)
+ end
+ end
+
def upload_path do
settings = Application.get_env(:pleroma, Pleroma.Upload)
Keyword.fetch!(settings, :uploads)
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index df22d29a8..fa0ea171d 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -398,6 +398,7 @@ defmodule Pleroma.User do
Enum.map(reqs, fn req -> req.actor end)
|> Enum.uniq()
|> Enum.map(fn ap_id -> get_by_ap_id(ap_id) end)
+ |> Enum.filter(fn u -> !following?(u, user) end)
{:ok, users}
end
diff --git a/lib/pleroma/user_invite_token.ex b/lib/pleroma/user_invite_token.ex
new file mode 100644
index 000000000..48ee1019a
--- /dev/null
+++ b/lib/pleroma/user_invite_token.ex
@@ -0,0 +1,40 @@
+defmodule Pleroma.UserInviteToken do
+ use Ecto.Schema
+
+ import Ecto.Changeset
+
+ alias Pleroma.{User, UserInviteToken, Repo}
+
+ schema "user_invite_tokens" do
+ field(:token, :string)
+ field(:used, :boolean, default: false)
+
+ timestamps()
+ end
+
+ def create_token do
+ token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
+
+ token = %UserInviteToken{
+ used: false,
+ token: token
+ }
+
+ Repo.insert(token)
+ end
+
+ def used_changeset(struct) do
+ struct
+ |> cast(%{}, [])
+ |> put_change(:used, true)
+ end
+
+ def mark_as_used(token) do
+ with %{used: false} = token <- Repo.get_by(UserInviteToken, %{token: token}),
+ {:ok, token} <- Repo.update(used_changeset(token)) do
+ {:ok, token}
+ else
+ _e -> {:error, token}
+ end
+ end
+end
diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex
index 464832a1e..ec605b694 100644
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@@ -641,13 +641,23 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
Logger.info("Federating #{id} to #{inbox}")
host = URI.parse(inbox).host
+ digest = "SHA-256=" <> (:crypto.hash(:sha256, json) |> Base.encode64())
+
signature =
- Pleroma.Web.HTTPSignatures.sign(actor, %{host: host, "content-length": byte_size(json)})
+ Pleroma.Web.HTTPSignatures.sign(actor, %{
+ host: host,
+ "content-length": byte_size(json),
+ digest: digest
+ })
@httpoison.post(
inbox,
json,
- [{"Content-Type", "application/activity+json"}, {"signature", signature}],
+ [
+ {"Content-Type", "application/activity+json"},
+ {"signature", signature},
+ {"digest", digest}
+ ],
hackney: [pool: :default]
)
end
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index 1a012c1b4..cbedca004 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -35,7 +35,8 @@ defmodule Pleroma.Web.Endpoint do
parsers: [:urlencoded, :multipart, :json],
pass: ["*/*"],
json_decoder: Jason,
- length: Application.get_env(:pleroma, :instance) |> Keyword.get(:upload_limit)
+ length: Application.get_env(:pleroma, :instance) |> Keyword.get(:upload_limit),
+ body_reader: {Pleroma.Web.Plugs.DigestPlug, :read_body, []}
)
plug(Plug.MethodOverride)
diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex
index f33d615cf..cc5261616 100644
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@@ -14,6 +14,18 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
header = User.banner_url(user) |> MediaProxy.url()
user_info = User.user_info(user)
+ emojis =
+ (user.info["source_data"]["tag"] || [])
+ |> Enum.filter(fn %{"type" => t} -> t == "Emoji" end)
+ |> Enum.map(fn %{"icon" => %{"url" => url}, "name" => name} ->
+ %{
+ "shortcode" => String.trim(name, ":"),
+ "url" => MediaProxy.url(url),
+ "static_url" => MediaProxy.url(url),
+ "visible_in_picker" => false
+ }
+ end)
+
%{
id: to_string(user.id),
username: hd(String.split(user.nickname, "@")),
@@ -30,7 +42,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
avatar_static: image,
header: header,
header_static: header,
- emojis: [],
+ emojis: emojis,
fields: [],
source: %{
note: "",
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 19f47dceb..2dadf974c 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -204,9 +204,7 @@ defmodule Pleroma.Web.Router do
get("/statuses/show/:id", TwitterAPI.Controller, :fetch_status)
get("/statusnet/conversation/:id", TwitterAPI.Controller, :fetch_conversation)
- if @registrations_open do
- post("/account/register", TwitterAPI.Controller, :register)
- end
+ post("/account/register", TwitterAPI.Controller, :register)
get("/search", TwitterAPI.Controller, :search)
get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline)
@@ -358,6 +356,7 @@ defmodule Pleroma.Web.Router do
end
scope "/", Fallback do
+ get("/registration/:token", RedirectController, :registration_page)
get("/*path", RedirectController, :redirector)
end
end
@@ -372,4 +371,8 @@ defmodule Fallback.RedirectController do
|> send_file(200, "priv/static/index.html")
end
end
+
+ def registration_page(conn, params) do
+ redirector(conn, params)
+ end
end
diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
index 47fc79350..24ebdf007 100644
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -99,6 +99,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
conn
|> render("followed.html", %{error: false})
else
+ # Was already following user
+ {:error, "Could not follow user:" <> _rest} ->
+ render(conn, "followed.html", %{error: false})
+
_e ->
conn
|> render("follow_login.html", %{
@@ -117,6 +121,11 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
conn
|> render("followed.html", %{error: false})
else
+ # Was already following user
+ {:error, "Could not follow user:" <> _rest} ->
+ conn
+ |> render("followed.html", %{error: false})
+
e ->
Logger.debug("Remote follow failed with error #{inspect(e)}")
diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex
index c23b3c2c4..dbad08e66 100644
--- a/lib/pleroma/web/twitter_api/twitter_api.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api.ex
@@ -1,11 +1,13 @@
defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
- alias Pleroma.{User, Activity, Repo, Object}
+ alias Pleroma.{UserInviteToken, User, Activity, Repo, Object}
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.TwitterAPI.UserView
alias Pleroma.Web.{OStatus, CommonAPI}
import Ecto.Query
+ @instance Application.get_env(:pleroma, :instance)
@httpoison Application.get_env(:pleroma, :httpoison)
+ @registrations_open Keyword.get(@instance, :registrations_open)
def create_status(%User{} = user, %{"status" => _} = data) do
CommonAPI.post(user, data)
@@ -120,6 +122,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
end
def register_user(params) do
+ tokenString = params["token"]
+
params = %{
nickname: params["nickname"],
name: params["fullname"],
@@ -129,17 +133,33 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
password_confirmation: params["confirm"]
}
- changeset = User.register_changeset(%User{}, params)
+ # no need to query DB if registration is open
+ token =
+ unless @registrations_open || is_nil(tokenString) do
+ Repo.get_by(UserInviteToken, %{token: tokenString})
+ end
- with {:ok, user} <- Repo.insert(changeset) do
- {:ok, user}
- else
- {:error, changeset} ->
- errors =
- Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end)
- |> Jason.encode!()
+ cond do
+ @registrations_open || (!is_nil(token) && !token.used) ->
+ changeset = User.register_changeset(%User{}, params)
+
+ with {:ok, user} <- Repo.insert(changeset) do
+ !@registrations_open && UserInviteToken.mark_as_used(token.token)
+ {:ok, user}
+ else
+ {:error, changeset} ->
+ errors =
+ Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end)
+ |> Jason.encode!()
+
+ {:error, %{error: errors}}
+ end
+
+ !@registrations_open && is_nil(token) ->
+ {:error, "Invalid token"}
- {:error, %{error: errors}}
+ !@registrations_open && token.used ->
+ {:error, "Expired token"}
end
end
diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex
index 9c8460378..7d0f0e703 100644
--- a/lib/pleroma/web/twitter_api/views/user_view.ex
+++ b/lib/pleroma/web/twitter_api/views/user_view.ex
@@ -1,6 +1,7 @@
defmodule Pleroma.Web.TwitterAPI.UserView do
use Pleroma.Web, :view
alias Pleroma.User
+ alias Pleroma.Formatter
alias Pleroma.Web.CommonAPI.Utils
alias Pleroma.Web.MediaProxy
@@ -28,9 +29,19 @@ defmodule Pleroma.Web.TwitterAPI.UserView do
user_info = User.get_cached_user_info(user)
+ emoji =
+ (user.info["source_data"]["tag"] || [])
+ |> Enum.filter(fn %{"type" => t} -> t == "Emoji" end)
+ |> Enum.map(fn %{"icon" => %{"url" => url}, "name" => name} ->
+ {String.trim(name, ":"), url}
+ end)
+
+ bio = HtmlSanitizeEx.strip_tags(user.bio)
+
data = %{
"created_at" => user.inserted_at |> Utils.format_naive_asctime(),
- "description" => HtmlSanitizeEx.strip_tags(user.bio),
+ "description" => bio,
+ "description_html" => bio |> Formatter.emojify(emoji),
"favourites_count" => 0,
"followers_count" => user_info[:follower_count],
"following" => following,
@@ -39,6 +50,7 @@ defmodule Pleroma.Web.TwitterAPI.UserView do
"friends_count" => user_info[:following_count],
"id" => user.id,
"name" => user.name,
+ "name_html" => HtmlSanitizeEx.strip_tags(user.name) |> Formatter.emojify(emoji),
"profile_image_url" => image,
"profile_image_url_https" => image,
"profile_image_url_profile_size" => image,
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 00:00:58 +0000