From bdfd72630f48bb891af34f1849e87cc5bbd3ff51 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Mon, 18 Jan 2021 16:28:36 +0100 Subject: ListController: Fix being unable to add / remove users. --- lib/pleroma/list.ex | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index ff975e7a6..fe5721c34 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -113,11 +113,15 @@ defmodule Pleroma.List do end end - def follow(%Pleroma.List{following: following} = list, %User{} = followed) do + def follow(%Pleroma.List{id: id}, %User{} = followed) do + list = Repo.get(Pleroma.List, id) + %{following: following} = list update_follows(list, %{following: Enum.uniq([followed.follower_address | following])}) end - def unfollow(%Pleroma.List{following: following} = list, %User{} = unfollowed) do + def unfollow(%Pleroma.List{id: id}, %User{} = unfollowed) do + list = Repo.get(Pleroma.List, id) + %{following: following} = list update_follows(list, %{following: List.delete(following, unfollowed.follower_address)}) end -- cgit v1.2.3 From 133644dfa2e46dc48980ae6f835b7aa2758b4250 Mon Sep 17 00:00:00 2001 From: eugenijm Date: Fri, 8 Jan 2021 12:06:04 +0300 Subject: Ability to set the Service-Worker-Allowed header --- lib/pleroma/web/plugs/http_security_plug.ex | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index 4b84f575d..6c959a870 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -23,6 +23,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do defp headers do referrer_policy = Config.get([:http_security, :referrer_policy]) report_uri = Config.get([:http_security, :report_uri]) + service_worker_allowed = Config.get([:http_security, :service_worker_allowed]) headers = [ {"x-xss-protection", "1; mode=block"}, @@ -34,6 +35,13 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do {"content-security-policy", csp_string()} ] + headers = + if service_worker_allowed do + [{"service-worker-allowed", service_worker_allowed} | headers] + else + headers + end + if report_uri do report_group = %{ "group" => "csp-endpoint", -- cgit v1.2.3 From 7fcaa188a0be4bc8e41790ddda9b6789cb318347 Mon Sep 17 00:00:00 2001 From: eugenijm Date: Thu, 21 Jan 2021 14:58:18 +0300 Subject: Allow to define custom HTTP headers per each frontend --- lib/pleroma/web/plugs/http_security_plug.ex | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index 6c959a870..0025b042a 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -20,10 +20,26 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do end end - defp headers do + def primary_frontend do + with %{"name" => frontend} <- Config.get([:frontends, :primary]), + available <- Config.get([:frontends, :available]), + %{} = primary_frontend <- Map.get(available, frontend) do + {:ok, primary_frontend} + end + end + + def custom_http_frontend_headers do + with {:ok, %{"custom-http-headers" => custom_headers}} <- primary_frontend() do + custom_headers + else + _ -> [] + end + end + + def headers do referrer_policy = Config.get([:http_security, :referrer_policy]) report_uri = Config.get([:http_security, :report_uri]) - service_worker_allowed = Config.get([:http_security, :service_worker_allowed]) + custom_http_frontend_headers = custom_http_frontend_headers() headers = [ {"x-xss-protection", "1; mode=block"}, @@ -36,8 +52,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do ] headers = - if service_worker_allowed do - [{"service-worker-allowed", service_worker_allowed} | headers] + if custom_http_frontend_headers do + custom_http_frontend_headers ++ headers else headers end -- cgit v1.2.3 From 003402df401f2bbf46e47017e3b7a2ec27615ea2 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 21 Jan 2021 14:20:13 -0600 Subject: Add ability to invalidate cache entries for Apache --- lib/pleroma/web/media_proxy/invalidation/script.ex | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/media_proxy/invalidation/script.ex b/lib/pleroma/web/media_proxy/invalidation/script.ex index 0f66c2fe3..c447614fa 100644 --- a/lib/pleroma/web/media_proxy/invalidation/script.ex +++ b/lib/pleroma/web/media_proxy/invalidation/script.ex @@ -13,6 +13,7 @@ defmodule Pleroma.Web.MediaProxy.Invalidation.Script do def purge(urls, opts \\ []) do args = urls + |> format_urls(Keyword.get(opts, :url_format)) |> List.wrap() |> Enum.uniq() |> Enum.join(" ") @@ -40,4 +41,22 @@ defmodule Pleroma.Web.MediaProxy.Invalidation.Script do Logger.error("Error while cache purge: #{inspect(error)}") {:error, inspect(error)} end + + def format_urls(urls, :htcacheclean) do + urls + |> Enum.map(fn url -> + uri = URI.parse(url) + + query = + if !is_nil(uri.query) do + "?" <> uri.query + else + "?" + end + + uri.scheme <> "://" <> uri.host <> ":#{inspect(uri.port)}" <> uri.path <> query + end) + end + + def format_urls(urls, _), do: urls end -- cgit v1.2.3 From e5b32aab92444ea1b4c5ec9e5e78cfcc909aaa73 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 21 Jan 2021 14:41:28 -0600 Subject: rename function --- lib/pleroma/web/media_proxy/invalidation/script.ex | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/media_proxy/invalidation/script.ex b/lib/pleroma/web/media_proxy/invalidation/script.ex index c447614fa..87a21166c 100644 --- a/lib/pleroma/web/media_proxy/invalidation/script.ex +++ b/lib/pleroma/web/media_proxy/invalidation/script.ex @@ -13,7 +13,7 @@ defmodule Pleroma.Web.MediaProxy.Invalidation.Script do def purge(urls, opts \\ []) do args = urls - |> format_urls(Keyword.get(opts, :url_format)) + |> maybe_format_urls(Keyword.get(opts, :url_format)) |> List.wrap() |> Enum.uniq() |> Enum.join(" ") @@ -42,7 +42,7 @@ defmodule Pleroma.Web.MediaProxy.Invalidation.Script do {:error, inspect(error)} end - def format_urls(urls, :htcacheclean) do + def maybe_format_urls(urls, :htcacheclean) do urls |> Enum.map(fn url -> uri = URI.parse(url) @@ -58,5 +58,5 @@ defmodule Pleroma.Web.MediaProxy.Invalidation.Script do end) end - def format_urls(urls, _), do: urls + def maybe_format_urls(urls, _), do: urls end -- cgit v1.2.3 From 6bfd497f4afeb4182cc865087e6f4863bc48a4f4 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 22 Jan 2021 09:47:59 -0600 Subject: Include own_votes in the poll data --- lib/pleroma/web/mastodon_api/views/poll_view.ex | 27 +++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/poll_view.ex b/lib/pleroma/web/mastodon_api/views/poll_view.ex index d6b544037..94bc1c139 100644 --- a/lib/pleroma/web/mastodon_api/views/poll_view.ex +++ b/lib/pleroma/web/mastodon_api/views/poll_view.ex @@ -10,6 +10,7 @@ defmodule Pleroma.Web.MastodonAPI.PollView do def render("show.json", %{object: object, multiple: multiple, options: options} = params) do {end_time, expired} = end_time_and_expired(object) {options, votes_count} = options_and_votes_count(options) + {voted, own_votes} = voted_and_own_votes(params, options) %{ # Mastodon uses separate ids for polls, but an object can't have @@ -21,7 +22,8 @@ defmodule Pleroma.Web.MastodonAPI.PollView do votes_count: votes_count, voters_count: voters_count(object), options: options, - voted: voted?(params), + voted: voted, + own_votes: own_votes, emojis: Pleroma.Web.MastodonAPI.StatusView.build_emojis(object.data["emoji"]) } end @@ -67,12 +69,25 @@ defmodule Pleroma.Web.MastodonAPI.PollView do defp voters_count(_), do: 0 - defp voted?(%{object: object} = opts) do - if opts[:for] do - existing_votes = Pleroma.Web.ActivityPub.Utils.get_existing_votes(opts[:for].ap_id, object) - existing_votes != [] or opts[:for].ap_id == object.data["actor"] + defp voted_and_own_votes(%{object: object} = params, options) do + options = options |> Enum.map(fn x -> Map.get(x, :title) end) + + if params[:for] do + existing_votes = + Pleroma.Web.ActivityPub.Utils.get_existing_votes(params[:for].ap_id, object) + + own_votes = + for vote <- existing_votes do + data = Map.get(vote, :object) |> Map.get(:data) + + Enum.find_index(options, fn x -> x == data["name"] end) + end || [] + + voted = existing_votes != [] or params[:for].ap_id == object.data["actor"] + + {voted, own_votes} else - false + {false, []} end end end -- cgit v1.2.3 From 3f3d64acbfe0f8219911cb053e7fdab25137a23a Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Mon, 25 Jan 2021 19:46:36 +0300 Subject: little refactor and tests for voted & own_votes fields in polls --- lib/pleroma/web/mastodon_api/views/poll_view.ex | 35 ++++++++++++++++--------- 1 file changed, 22 insertions(+), 13 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/poll_view.ex b/lib/pleroma/web/mastodon_api/views/poll_view.ex index 94bc1c139..de536c8fb 100644 --- a/lib/pleroma/web/mastodon_api/views/poll_view.ex +++ b/lib/pleroma/web/mastodon_api/views/poll_view.ex @@ -10,9 +10,8 @@ defmodule Pleroma.Web.MastodonAPI.PollView do def render("show.json", %{object: object, multiple: multiple, options: options} = params) do {end_time, expired} = end_time_and_expired(object) {options, votes_count} = options_and_votes_count(options) - {voted, own_votes} = voted_and_own_votes(params, options) - %{ + poll = %{ # Mastodon uses separate ids for polls, but an object can't have # more than one poll embedded so object id is fine id: to_string(object.id), @@ -22,10 +21,16 @@ defmodule Pleroma.Web.MastodonAPI.PollView do votes_count: votes_count, voters_count: voters_count(object), options: options, - voted: voted, - own_votes: own_votes, emojis: Pleroma.Web.MastodonAPI.StatusView.build_emojis(object.data["emoji"]) } + + if params[:for] do + # if a user is not authenticated Mastodon doesn't include `voted` & `own_votes` keys in response + {voted, own_votes} = voted_and_own_votes(params, options) + Map.merge(poll, %{voted: voted, own_votes: own_votes}) + else + poll + end end def render("show.json", %{object: object} = params) do @@ -70,21 +75,25 @@ defmodule Pleroma.Web.MastodonAPI.PollView do defp voters_count(_), do: 0 defp voted_and_own_votes(%{object: object} = params, options) do - options = options |> Enum.map(fn x -> Map.get(x, :title) end) - if params[:for] do existing_votes = Pleroma.Web.ActivityPub.Utils.get_existing_votes(params[:for].ap_id, object) - own_votes = - for vote <- existing_votes do - data = Map.get(vote, :object) |> Map.get(:data) - - Enum.find_index(options, fn x -> x == data["name"] end) - end || [] - voted = existing_votes != [] or params[:for].ap_id == object.data["actor"] + own_votes = + if voted do + titles = Enum.map(options, & &1[:title]) + + Enum.reduce(existing_votes, [], fn vote, acc -> + data = vote |> Map.get(:object) |> Map.get(:data) + index = Enum.find_index(titles, &(&1 == data["name"])) + [index | acc] + end) + else + [] + end + {voted, own_votes} else {false, []} -- cgit v1.2.3 From 2cb5c16723b7e65e6e1bfae6bf8319f62d667def Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 25 Jan 2021 18:25:53 -0600 Subject: Credo --- lib/pleroma/web/mastodon_api/views/poll_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/poll_view.ex b/lib/pleroma/web/mastodon_api/views/poll_view.ex index de536c8fb..71bc8b949 100644 --- a/lib/pleroma/web/mastodon_api/views/poll_view.ex +++ b/lib/pleroma/web/mastodon_api/views/poll_view.ex @@ -25,7 +25,7 @@ defmodule Pleroma.Web.MastodonAPI.PollView do } if params[:for] do - # if a user is not authenticated Mastodon doesn't include `voted` & `own_votes` keys in response + # when unauthenticated Mastodon doesn't include `voted` & `own_votes` keys in response {voted, own_votes} = voted_and_own_votes(params, options) Map.merge(poll, %{voted: voted, own_votes: own_votes}) else -- cgit v1.2.3 From 35cad9793d97a732b88b713971e5ce6679d49d93 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Wed, 27 Jan 2021 18:49:08 +0300 Subject: cache headers for emoji and images --- lib/pleroma/web/endpoint.ex | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index 94703cd05..7e197ebc5 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -59,6 +59,18 @@ defmodule Pleroma.Web.Endpoint do # # You should set gzip to true if you are running phoenix.digest # when deploying your static files in production. + plug( + Plug.Static, + at: "/", + from: :pleroma, + only: ["emoji", "images"], + gzip: true, + cache_control_for_etags: "public, max-age=1209600", + headers: %{ + "cache-control" => "public, max-age=1209600" + } + ) + plug( Plug.Static, at: "/", -- cgit v1.2.3 From b794dae98a09cd1e18af60c1239f5c03b7193e57 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Fri, 29 Jan 2021 15:24:22 +0300 Subject: like this --- lib/pleroma/web/endpoint.ex | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index 7e197ebc5..8e274de88 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -23,6 +23,18 @@ defmodule Pleroma.Web.Endpoint do # InstanceStatic needs to be before Plug.Static to be able to override shipped-static files # If you're adding new paths to `only:` you'll need to configure them in InstanceStatic as well # Cache-control headers are duplicated in case we turn off etags in the future + plug( + Pleroma.Web.Plugs.InstanceStatic, + at: "/", + from: :pleroma, + only: ["emoji", "images"], + gzip: true, + cache_control_for_etags: "public, max-age=1209600", + headers: %{ + "cache-control" => "public, max-age=1209600" + } + ) + plug(Pleroma.Web.Plugs.InstanceStatic, at: "/", gzip: true, @@ -59,18 +71,6 @@ defmodule Pleroma.Web.Endpoint do # # You should set gzip to true if you are running phoenix.digest # when deploying your static files in production. - plug( - Plug.Static, - at: "/", - from: :pleroma, - only: ["emoji", "images"], - gzip: true, - cache_control_for_etags: "public, max-age=1209600", - headers: %{ - "cache-control" => "public, max-age=1209600" - } - ) - plug( Plug.Static, at: "/", -- cgit v1.2.3