diff options
Diffstat (limited to 'lib')
21 files changed, 151 insertions, 117 deletions
| diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index 5b844aa41..2ae052069 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -5,6 +5,7 @@  defmodule Pleroma.Application do    import Cachex.Spec    use Application +  require Logger    @name Mix.Project.config()[:name]    @version Mix.Project.config()[:version] @@ -33,6 +34,7 @@ defmodule Pleroma.Application do      Pleroma.HTML.compile_scrubbers()      Pleroma.Config.DeprecationWarnings.warn()      setup_instrumenters() +    load_custom_modules()      # Define workers and child supervisors to be supervised      children = @@ -68,6 +70,28 @@ defmodule Pleroma.Application do      Supervisor.start_link(children, opts)    end +  def load_custom_modules do +    dir = Pleroma.Config.get([:modules, :runtime_dir]) + +    if dir && File.exists?(dir) do +      dir +      |> Pleroma.Utils.compile_dir() +      |> case do +        {:error, _errors, _warnings} -> +          raise "Invalid custom modules" + +        {:ok, modules, _warnings} -> +          if @env != :test do +            Enum.each(modules, fn mod -> +              Logger.info("Custom module loaded: #{inspect(mod)}") +            end) +          end + +          :ok +      end +    end +  end +    defp setup_instrumenters do      require Prometheus.Registry diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 2cae29f35..11513106e 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -10,9 +10,7 @@ defmodule Pleroma.HTML do      dir = Path.join(:code.priv_dir(:pleroma), "scrubbers")      dir -    |> File.ls!() -    |> Enum.map(&Path.join(dir, &1)) -    |> Kernel.ParallelCompiler.compile() +    |> Pleroma.Utils.compile_dir()      |> case do        {:error, _errors, _warnings} ->          raise "Compiling scrubbers failed" diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex index 4d71c91a8..a1bde90f1 100644 --- a/lib/pleroma/object/fetcher.ex +++ b/lib/pleroma/object/fetcher.ex @@ -154,7 +154,7 @@ defmodule Pleroma.Object.Fetcher do    end    def fetch_and_contain_remote_object_from_id(id) when is_binary(id) do -    Logger.info("Fetching object #{id} via AP") +    Logger.debug("Fetching object #{id} via AP")      date = Pleroma.Signature.signed_date() diff --git a/lib/pleroma/plugs/oauth_scopes_plug.ex b/lib/pleroma/plugs/oauth_scopes_plug.ex index 174a8389c..07c0f7fdb 100644 --- a/lib/pleroma/plugs/oauth_scopes_plug.ex +++ b/lib/pleroma/plugs/oauth_scopes_plug.ex @@ -18,16 +18,13 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do      token = assigns[:token]      scopes = transform_scopes(scopes, options) -    matched_scopes = token && filter_descendants(scopes, token.scopes) +    matched_scopes = (token && filter_descendants(scopes, token.scopes)) || []      cond do -      is_nil(token) -> -        maybe_perform_instance_privacy_check(conn, options) - -      op == :| && Enum.any?(matched_scopes) -> +      token && op == :| && Enum.any?(matched_scopes) ->          conn -      op == :& && matched_scopes == scopes -> +      token && op == :& && matched_scopes == scopes ->          conn        options[:fallback] == :proceed_unauthenticated -> diff --git a/lib/pleroma/uploaders/mdii.ex b/lib/pleroma/uploaders/mdii.ex deleted file mode 100644 index c36f3d61d..000000000 --- a/lib/pleroma/uploaders/mdii.ex +++ /dev/null @@ -1,37 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Uploaders.MDII do -  @moduledoc "Represents uploader for https://github.com/hakaba-hitoyo/minimal-digital-image-infrastructure" - -  alias Pleroma.Config -  alias Pleroma.HTTP - -  @behaviour Pleroma.Uploaders.Uploader - -  # MDII-hosted images are never passed through the MediaPlug; only local media. -  # Delegate to Pleroma.Uploaders.Local -  def get_file(file) do -    Pleroma.Uploaders.Local.get_file(file) -  end - -  def put_file(upload) do -    cgi = Config.get([Pleroma.Uploaders.MDII, :cgi]) -    files = Config.get([Pleroma.Uploaders.MDII, :files]) - -    {:ok, file_data} = File.read(upload.tempfile) - -    extension = String.split(upload.name, ".") |> List.last() -    query = "#{cgi}?#{extension}" - -    with {:ok, %{status: 200, body: body}} <- -           HTTP.post(query, file_data, [], adapter: [pool: :default]) do -      remote_file_name = String.split(body) |> List.first() -      public_url = "#{files}/#{remote_file_name}.#{extension}" -      {:ok, {:url, public_url}} -    else -      _ -> Pleroma.Uploaders.Local.put_file(upload) -    end -  end -end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 706aee2ff..2e225415c 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1430,20 +1430,47 @@ defmodule Pleroma.User do    Creates an internal service actor by URI if missing.    Optionally takes nickname for addressing.    """ -  def get_or_create_service_actor_by_ap_id(uri, nickname \\ nil) do -    with user when is_nil(user) <- get_cached_by_ap_id(uri) do -      {:ok, user} = -        %User{ -          invisible: true, -          local: true, -          ap_id: uri, -          nickname: nickname, -          follower_address: uri <> "/followers" -        } -        |> Repo.insert() +  @spec get_or_create_service_actor_by_ap_id(String.t(), String.t()) :: User.t() | nil +  def get_or_create_service_actor_by_ap_id(uri, nickname) do +    {_, user} = +      case get_cached_by_ap_id(uri) do +        nil -> +          with {:error, %{errors: errors}} <- create_service_actor(uri, nickname) do +            Logger.error("Cannot create service actor: #{uri}/.\n#{inspect(errors)}") +            {:error, nil} +          end -      user -    end +        %User{invisible: false} = user -> +          set_invisible(user) + +        user -> +          {:ok, user} +      end + +    user +  end + +  @spec set_invisible(User.t()) :: {:ok, User.t()} +  defp set_invisible(user) do +    user +    |> change(%{invisible: true}) +    |> update_and_set_cache() +  end + +  @spec create_service_actor(String.t(), String.t()) :: +          {:ok, User.t()} | {:error, Ecto.Changeset.t()} +  defp create_service_actor(uri, nickname) do +    %User{ +      invisible: true, +      local: true, +      ap_id: uri, +      nickname: nickname, +      follower_address: uri <> "/followers" +    } +    |> change +    |> unique_constraint(:nickname) +    |> Repo.insert() +    |> set_cache()    end    # AP style @@ -1855,9 +1882,9 @@ defmodule Pleroma.User do        ])      with {:ok, updated_user} <- update_and_set_cache(changeset) do -      if user.is_admin && !updated_user.is_admin do -        # Tokens & authorizations containing any admin scopes must be revoked (revoking all). -        # This is an extra safety measure (tokens' admin scopes won't be accepted for non-admins). +      if user.is_admin != updated_user.is_admin do +        # Admin status change results in change of accessible OAuth scopes, and instead of changing +        #   already issued tokens we revoke them, requiring user to sign in again          global_sign_out(user)        end diff --git a/lib/pleroma/utils.ex b/lib/pleroma/utils.ex new file mode 100644 index 000000000..8d36a0001 --- /dev/null +++ b/lib/pleroma/utils.ex @@ -0,0 +1,12 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Utils do +  def compile_dir(dir) when is_binary(dir) do +    dir +    |> File.ls!() +    |> Enum.map(&Path.join(dir, &1)) +    |> Kernel.ParallelCompiler.compile() +  end +end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 16e6b0057..60c9e7e64 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -1298,28 +1298,26 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do    def fetch_follow_information_for_user(user) do      with {:ok, following_data} <-             Fetcher.fetch_and_contain_remote_object_from_id(user.following_address), -         following_count when is_integer(following_count) <- following_data["totalItems"],           {:ok, hide_follows} <- collection_private(following_data),           {:ok, followers_data} <-             Fetcher.fetch_and_contain_remote_object_from_id(user.follower_address), -         followers_count when is_integer(followers_count) <- followers_data["totalItems"],           {:ok, hide_followers} <- collection_private(followers_data) do        {:ok,         %{           hide_follows: hide_follows, -         follower_count: followers_count, -         following_count: following_count, +         follower_count: normalize_counter(followers_data["totalItems"]), +         following_count: normalize_counter(following_data["totalItems"]),           hide_followers: hide_followers         }}      else -      {:error, _} = e -> -        e - -      e -> -        {:error, e} +      {:error, _} = e -> e +      e -> {:error, e}      end    end +  defp normalize_counter(counter) when is_integer(counter), do: counter +  defp normalize_counter(_), do: 0 +    defp maybe_update_follow_information(data) do      with {:enabled, true} <-             {:enabled, Pleroma.Config.get([:instance, :external_user_synchronization])}, @@ -1339,24 +1337,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do      end    end +  defp collection_private(%{"first" => %{"type" => type}}) +       when type in ["CollectionPage", "OrderedCollectionPage"], +       do: {:ok, false} +    defp collection_private(%{"first" => first}) do -    if is_map(first) and -         first["type"] in ["CollectionPage", "OrderedCollectionPage"] do +    with {:ok, %{"type" => type}} when type in ["CollectionPage", "OrderedCollectionPage"] <- +           Fetcher.fetch_and_contain_remote_object_from_id(first) do        {:ok, false}      else -      with {:ok, %{"type" => type}} when type in ["CollectionPage", "OrderedCollectionPage"] <- -             Fetcher.fetch_and_contain_remote_object_from_id(first) do -        {:ok, false} -      else -        {:error, {:ok, %{status: code}}} when code in [401, 403] -> -          {:ok, true} - -        {:error, _} = e -> -          e - -        e -> -          {:error, e} -      end +      {:error, {:ok, %{status: code}}} when code in [401, 403] -> {:ok, true} +      {:error, _} = e -> e +      e -> {:error, e}      end    end diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index dec5da0d3..5059e3984 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -257,7 +257,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do    # only accept relayed Creates    def inbox(conn, %{"type" => "Create"} = params) do -    Logger.info( +    Logger.debug(        "Signature missing or not from author, relayed Create message, fetching object from source"      ) @@ -270,11 +270,11 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do      headers = Enum.into(conn.req_headers, %{})      if String.contains?(headers["signature"], params["actor"]) do -      Logger.info( +      Logger.debug(          "Signature validation error for: #{params["actor"]}, make sure you are forwarding the HTTP Host header!"        ) -      Logger.info(inspect(conn.req_headers)) +      Logger.debug(inspect(conn.req_headers))      end      json(conn, dgettext("errors", "error")) diff --git a/lib/pleroma/web/activity_pub/mrf/drop_policy.ex b/lib/pleroma/web/activity_pub/mrf/drop_policy.ex index f7831bc3e..4a5709974 100644 --- a/lib/pleroma/web/activity_pub/mrf/drop_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/drop_policy.ex @@ -9,7 +9,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.DropPolicy do    @impl true    def filter(object) do -    Logger.info("REJECTING #{inspect(object)}") +    Logger.debug("REJECTING #{inspect(object)}")      {:reject, object}    end diff --git a/lib/pleroma/web/activity_pub/mrf/mediaproxy_warming_policy.ex b/lib/pleroma/web/activity_pub/mrf/mediaproxy_warming_policy.ex index 26b8539fe..df774b0f7 100644 --- a/lib/pleroma/web/activity_pub/mrf/mediaproxy_warming_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/mediaproxy_warming_policy.ex @@ -18,7 +18,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy do    ]    def perform(:prefetch, url) do -    Logger.info("Prefetching #{inspect(url)}") +    Logger.debug("Prefetching #{inspect(url)}")      url      |> MediaProxy.url() diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index 0cc8fab27..e4e3ab44a 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -48,7 +48,7 @@ defmodule Pleroma.Web.ActivityPub.Publisher do    * `id`: the ActivityStreams URI of the message    """    def publish_one(%{inbox: inbox, json: json, actor: %User{} = actor, id: id} = params) do -    Logger.info("Federating #{id} to #{inbox}") +    Logger.debug("Federating #{id} to #{inbox}")      %{host: host, path: path} = URI.parse(inbox)      digest = "SHA-256=" <> (:crypto.hash(:sha256, json) |> Base.encode64()) @@ -228,7 +228,7 @@ defmodule Pleroma.Web.ActivityPub.Publisher do      public = is_public?(activity)      if public && Config.get([:instance, :allow_relay]) do -      Logger.info(fn -> "Relaying #{activity.data["id"]} out" end) +      Logger.debug(fn -> "Relaying #{activity.data["id"]} out" end)        Relay.publish(activity)      end diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index 99a804568..48a1b71e0 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -9,10 +9,12 @@ defmodule Pleroma.Web.ActivityPub.Relay do    alias Pleroma.Web.ActivityPub.ActivityPub    require Logger +  @relay_nickname "relay" +    def get_actor do      actor =        relay_ap_id() -      |> User.get_or_create_service_actor_by_ap_id() +      |> User.get_or_create_service_actor_by_ap_id(@relay_nickname)      actor    end diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index bbea31682..d32c38a05 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -59,7 +59,7 @@ defmodule Pleroma.Web.Endpoint do    plug(Pleroma.Plugs.TrailingFormatPlug)    plug(Plug.RequestId) -  plug(Plug.Logger) +  plug(Plug.Logger, log: :debug)    plug(Pleroma.Plugs.Parsers) diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index e8a56ebd7..f506a7d24 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -58,7 +58,7 @@ defmodule Pleroma.Web.Federator do    end    def perform(:incoming_ap_doc, params) do -    Logger.info("Handling incoming AP activity") +    Logger.debug("Handling incoming AP activity")      params = Utils.normalize_params(params) @@ -71,13 +71,13 @@ defmodule Pleroma.Web.Federator do        {:ok, activity}      else        %Activity{} -> -        Logger.info("Already had #{params["id"]}") +        Logger.debug("Already had #{params["id"]}")          :error        _e ->          # Just drop those for now -        Logger.info("Unhandled activity") -        Logger.info(Jason.encode!(params, pretty: true)) +        Logger.debug("Unhandled activity") +        Logger.debug(Jason.encode!(params, pretty: true))          :error      end    end diff --git a/lib/pleroma/web/federator/publisher.ex b/lib/pleroma/web/federator/publisher.ex index fb9b26649..1d045c644 100644 --- a/lib/pleroma/web/federator/publisher.ex +++ b/lib/pleroma/web/federator/publisher.ex @@ -47,7 +47,7 @@ defmodule Pleroma.Web.Federator.Publisher do      Config.get([:instance, :federation_publisher_modules])      |> Enum.each(fn module ->        if module.is_representable?(activity) do -        Logger.info("Publishing #{activity.data["id"]} using #{inspect(module)}") +        Logger.debug("Publishing #{activity.data["id"]} using #{inspect(module)}")          module.publish(user, activity)        end      end) diff --git a/lib/pleroma/web/masto_fe_controller.ex b/lib/pleroma/web/masto_fe_controller.ex index ca261ad6e..9f7e4943c 100644 --- a/lib/pleroma/web/masto_fe_controller.ex +++ b/lib/pleroma/web/masto_fe_controller.ex @@ -20,18 +20,21 @@ defmodule Pleroma.Web.MastoFEController do    plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action != :index)    @doc "GET /web/*path" -  def index(%{assigns: %{user: user}} = conn, _params) do -    token = get_session(conn, :oauth_token) +  def index(%{assigns: %{user: user, token: token}} = conn, _params) +      when not is_nil(user) and not is_nil(token) do +    conn +    |> put_layout(false) +    |> render("index.html", +      token: token.token, +      user: user, +      custom_emojis: Pleroma.Emoji.get_all() +    ) +  end -    if user && token do -      conn -      |> put_layout(false) -      |> render("index.html", token: token, user: user, custom_emojis: Pleroma.Emoji.get_all()) -    else -      conn -      |> put_session(:return_to, conn.request_path) -      |> redirect(to: "/web/login") -    end +  def index(conn, _params) do +    conn +    |> put_session(:return_to, conn.request_path) +    |> redirect(to: "/web/login")    end    @doc "GET /web/manifest.json" diff --git a/lib/pleroma/web/metadata/twitter_card.ex b/lib/pleroma/web/metadata/twitter_card.ex index d6a6049b3..67419a666 100644 --- a/lib/pleroma/web/metadata/twitter_card.ex +++ b/lib/pleroma/web/metadata/twitter_card.ex @@ -31,7 +31,7 @@ defmodule Pleroma.Web.Metadata.Providers.TwitterCard do        if attachments == [] or Metadata.activity_nsfw?(object) do          [            image_tag(user), -          {:meta, [property: "twitter:card", content: "summary_large_image"], []} +          {:meta, [property: "twitter:card", content: "summary"], []}          ]        else          attachments diff --git a/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex b/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex index 69dfa92e3..0bbf84fd3 100644 --- a/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex +++ b/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex @@ -52,7 +52,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIController do    @doc """    Lists the packs available on the instance as JSON. -  The information is public and does not require authentification. The format is +  The information is public and does not require authentication. The format is    a map of "pack directory name" to pack.json contents.    """    def list_packs(conn, _params) do diff --git a/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex b/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex index 8fed3f5bb..772c535a4 100644 --- a/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex +++ b/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex @@ -22,7 +22,14 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do    plug(      OAuthScopesPlug, -    %{scopes: ["read:statuses"]} when action in [:conversation, :conversation_statuses] +    %{scopes: ["read:statuses"]} +    when action in [:conversation, :conversation_statuses, :emoji_reactions_by] +  ) + +  plug( +    OAuthScopesPlug, +    %{scopes: ["write:statuses"]} +    when action in [:react_with_emoji, :unreact_with_emoji]    )    plug( diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index a61f891c7..f08b9d28c 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -20,7 +20,14 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do    plug(      OAuthScopesPlug,      %{scopes: ["follow", "write:follows"]} -    when action in [:do_remote_follow, :follow_import] +    when action == :follow_import +  ) + +  # Note: follower can submit the form (with password auth) not being signed in (having no token) +  plug( +    OAuthScopesPlug, +    %{fallback: :proceed_unauthenticated, scopes: ["follow", "write:follows"]} +    when action == :do_remote_follow    )    plug(OAuthScopesPlug, %{scopes: ["follow", "write:blocks"]} when action == :blocks_import) @@ -255,7 +262,9 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do    end    def delete_account(%{assigns: %{user: user}} = conn, params) do -    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do +    password = params["password"] || "" + +    case CommonAPI.Utils.confirm_current_password(user, password) do        {:ok, user} ->          User.delete(user)          json(conn, %{status: "success"}) | 
