From c2d592c9c5db8e0392948d5fc589761f482fc4f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Tue, 18 Sep 2018 11:39:06 +0200 Subject: Assign token to connection --- lib/pleroma/plugs/oauth_plug.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/oauth_plug.ex b/lib/pleroma/plugs/oauth_plug.ex index 0380ce14d..651485e09 100644 --- a/lib/pleroma/plugs/oauth_plug.ex +++ b/lib/pleroma/plugs/oauth_plug.ex @@ -18,10 +18,11 @@ defmodule Pleroma.Plugs.OAuthPlug do end with token when not is_nil(token) <- token, - %Token{user_id: user_id} <- Repo.get_by(Token, token: token), + %Token{user_id: user_id} = token <- Repo.get_by(Token, token: token), %User{} = user <- Repo.get(User, user_id), false <- !!user.info["deactivated"] do conn + |> assign(:token, token) |> assign(:user, user) else _ -> conn -- cgit v1.2.3 From d94ee5cd50005a947c3c3a734b086fd5cd266c8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Tue, 18 Sep 2018 11:56:46 +0200 Subject: Mastodon API: Support push subscription CRUD --- .../web/mastodon_api/mastodon_api_controller.ex | 27 +++++++++ .../mastodon_api/views/push_subscription_view.ex | 14 +++++ lib/pleroma/web/push/subscription.ex | 66 ++++++++++++++++++++++ lib/pleroma/web/router.ex | 5 ++ 4 files changed, 112 insertions(+) create mode 100644 lib/pleroma/web/mastodon_api/views/push_subscription_view.ex create mode 100644 lib/pleroma/web/push/subscription.ex (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 391a79885..7f06ee607 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1138,6 +1138,33 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, %{}) end + def create_push_subscription(%{assigns: %{user: user, token: token}} = conn, params) do + Pleroma.Web.Push.Subscription.delete_if_exists(user, token) + {:ok, subscription} = Pleroma.Web.Push.Subscription.create(user, token, params) + view = PushSubscriptionView.render("push_subscription.json", subscription: subscription) + json(conn, view) + end + + def get_push_subscription(%{assigns: %{user: user, token: token}} = conn, params) do + subscription = Pleroma.Web.Push.Subscription.get(user, token) + view = PushSubscriptionView.render("push_subscription.json", subscription: subscription) + json(conn, view) + end + + def update_push_subscription( + %{assigns: %{user: user, token: token}} = conn, + params + ) do + {:ok, subscription} = Pleroma.Web.Push.Subscription.update(user, token, params) + view = PushSubscriptionView.render("push_subscription.json", subscription: subscription) + json(conn, view) + end + + def delete_push_subscription(%{assigns: %{user: user, token: token}} = conn, params) do + {:ok, _response} = Pleroma.Web.Push.Subscription.delete(user, token) + json(conn, %{}) + end + def errors(conn, _) do conn |> put_status(500) diff --git a/lib/pleroma/web/mastodon_api/views/push_subscription_view.ex b/lib/pleroma/web/mastodon_api/views/push_subscription_view.ex new file mode 100644 index 000000000..a910bb43e --- /dev/null +++ b/lib/pleroma/web/mastodon_api/views/push_subscription_view.ex @@ -0,0 +1,14 @@ +defmodule Pleroma.Web.MastodonAPI.PushSubscriptionView do + use Pleroma.Web, :view + alias Pleroma.Web.MastodonAPI.PushSubscriptionView + + def render("push_subscription.json", %{subscription: subscription}) do + %{ + id: to_string(subscription.id), + endpoint: subscription.endpoint, + alerts: Map.get(subscription.data, "alerts"), + # TODO: generate VAPID server key + server_key: "N/A" + } + end +end diff --git a/lib/pleroma/web/push/subscription.ex b/lib/pleroma/web/push/subscription.ex new file mode 100644 index 000000000..dc8fe9f33 --- /dev/null +++ b/lib/pleroma/web/push/subscription.ex @@ -0,0 +1,66 @@ +defmodule Pleroma.Web.Push.Subscription do + use Ecto.Schema + import Ecto.{Changeset, Query} + alias Pleroma.{Repo, User} + alias Pleroma.Web.OAuth.Token + alias Pleroma.Web.Push.Subscription + + schema "push_subscriptions" do + belongs_to(:user, User) + belongs_to(:token, Token) + field(:endpoint, :string) + field(:key_p256dh, :string) + field(:key_auth, :string) + field(:data, :map, default: %{}) + + timestamps() + end + + @supported_alert_types ~w[follow favourite mention reblog] + + defp alerts(%{"data" => %{"alerts" => alerts}}) do + alerts = Map.take(alerts, @supported_alert_types) + %{"alerts" => alerts} + end + + def create( + %User{} = user, + %Token{} = token, + %{ + "subscription" => %{ + "endpoint" => endpoint, + "keys" => %{"auth" => key_auth, "p256dh" => key_p256dh} + } + } = params + ) do + Repo.insert(%Subscription{ + user_id: user.id, + token_id: token.id, + endpoint: endpoint, + key_auth: key_auth, + key_p256dh: key_p256dh, + data: alerts(params) + }) + end + + def get(%User{id: user_id}, %Token{id: token_id}) do + Repo.get_by(Subscription, user_id: user_id, token_id: token_id) + end + + def update(user, token, params) do + get(user, token) + |> change(data: alerts(params)) + |> Repo.update() + end + + def delete(user, token) do + Repo.delete(get(user, token)) + end + + def delete_if_exists(user, token) do + case get(user, token) do + nil -> {:ok, nil} + sub -> Repo.delete(sub) + end + end +end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index ddfaa8c42..04dc80444 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -171,6 +171,11 @@ defmodule Pleroma.Web.Router do put("/filters/:id", MastodonAPIController, :update_filter) delete("/filters/:id", MastodonAPIController, :delete_filter) + post("/push/subscription", MastodonAPIController, :create_push_subscription) + get("/push/subscription", MastodonAPIController, :get_push_subscription) + put("/push/subscription", MastodonAPIController, :update_push_subscription) + delete("/push/subscription", MastodonAPIController, :delete_push_subscription) + get("/suggestions", MastodonAPIController, :suggestions) get("/endorsements", MastodonAPIController, :empty_array) -- cgit v1.2.3 From 6be0ab1e55e2e9f0c1e6f937631cfd3da899bc79 Mon Sep 17 00:00:00 2001 From: lain Date: Sun, 2 Dec 2018 17:35:32 +0100 Subject: Hide network in ap. --- lib/pleroma/user/info.ex | 1 + lib/pleroma/web/activity_pub/views/user_view.ex | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index 94d403bf7..83fab7e3d 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -24,6 +24,7 @@ defmodule Pleroma.User.Info do field(:topic, :string, default: nil) field(:hub, :string, default: nil) field(:salmon, :string, default: nil) + field(:hide_network, :boolean, default: false) # Found in the wild # ap_id -> Where is this used? diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index aaa777602..869934172 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -82,7 +82,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do query = from(user in query, select: [:ap_id]) following = Repo.all(query) - collection(following, "#{user.ap_id}/following", page) + collection(following, "#{user.ap_id}/following", page, !user.info.hide_network) |> Map.merge(Utils.make_json_ld_header()) end @@ -95,7 +95,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do "id" => "#{user.ap_id}/following", "type" => "OrderedCollection", "totalItems" => length(following), - "first" => collection(following, "#{user.ap_id}/following", 1) + "first" => collection(following, "#{user.ap_id}/following", 1, !user.info.hide_network) } |> Map.merge(Utils.make_json_ld_header()) end @@ -105,7 +105,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do query = from(user in query, select: [:ap_id]) followers = Repo.all(query) - collection(followers, "#{user.ap_id}/followers", page) + collection(followers, "#{user.ap_id}/followers", page, !user.info.hide_network) |> Map.merge(Utils.make_json_ld_header()) end @@ -118,7 +118,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do "id" => "#{user.ap_id}/followers", "type" => "OrderedCollection", "totalItems" => length(followers), - "first" => collection(followers, "#{user.ap_id}/followers", 1) + "first" => collection(followers, "#{user.ap_id}/followers", 1, !user.info.hide_network) } |> Map.merge(Utils.make_json_ld_header()) end @@ -172,7 +172,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do end end - def collection(collection, iri, page, total \\ nil) do + def collection(collection, iri, page, show_items \\ true, total \\ nil) do offset = (page - 1) * 10 items = Enum.slice(collection, offset, 10) items = Enum.map(items, fn user -> user.ap_id end) @@ -183,7 +183,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do "type" => "OrderedCollectionPage", "partOf" => iri, "totalItems" => total, - "orderedItems" => items + "orderedItems" => if(show_items, do: items, else: []) } if offset < total do -- cgit v1.2.3 From 2a639de9b30aacd44b8ba648b872ad6cb7ab1d6c Mon Sep 17 00:00:00 2001 From: lain Date: Sun, 2 Dec 2018 17:48:00 +0100 Subject: MastodonApi: Implement hide_network. --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index d19d55044..715a2f1a9 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -502,10 +502,10 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> render(StatusView, "index.json", %{activities: activities, for: user, as: :activity}) end - # TODO: Pagination def followers(conn, %{"id" => id}) do with %User{} = user <- Repo.get(User, id), {:ok, followers} <- User.get_followers(user) do + followers = if(user.info.hide_network, do: [], else: followers) render(conn, AccountView, "accounts.json", %{users: followers, as: :user}) end end @@ -513,6 +513,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def following(conn, %{"id" => id}) do with %User{} = user <- Repo.get(User, id), {:ok, followers} <- User.get_friends(user) do + followers = if(user.info.hide_network, do: [], else: followers) render(conn, AccountView, "accounts.json", %{users: followers, as: :user}) end end -- cgit v1.2.3 From 8c9a4e8b403d4575400f239dd87dab2ae7ecec6c Mon Sep 17 00:00:00 2001 From: lain Date: Sun, 2 Dec 2018 18:14:13 +0100 Subject: TwitterAPI: Implement hide_network. --- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index ff644dd79..a59badfdb 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -343,6 +343,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do def followers(conn, params) do with {:ok, user} <- TwitterAPI.get_user(conn.assigns[:user], params), {:ok, followers} <- User.get_followers(user) do + followers = if(user.info.hide_network, do: [], else: followers) render(conn, UserView, "index.json", %{users: followers, for: conn.assigns[:user]}) else _e -> bad_request_reply(conn, "Can't get followers") @@ -352,6 +353,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do def friends(conn, params) do with {:ok, user} <- TwitterAPI.get_user(conn.assigns[:user], params), {:ok, friends} <- User.get_friends(user) do + friends = if(user.info.hide_network, do: [], else: friends) render(conn, UserView, "index.json", %{users: friends, for: conn.assigns[:user]}) else _e -> bad_request_reply(conn, "Can't get friends") -- cgit v1.2.3 From 826fc446d56b48b67e97144c74bbf74109fb8168 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 4 Dec 2018 18:35:57 +0300 Subject: [#210] TwitterAPI: implemented /api/media/metadata/create to allow uploads description (alt text) setting. --- lib/pleroma/web/router.ex | 1 + lib/pleroma/web/twitter_api/twitter_api_controller.ex | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index d6a9d5779..b7c79d2eb 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -324,6 +324,7 @@ defmodule Pleroma.Web.Router do post("/statusnet/media/upload", TwitterAPI.Controller, :upload) post("/media/upload", TwitterAPI.Controller, :upload_json) + post("/media/metadata/create", TwitterAPI.Controller, :update_media) post("/favorites/create/:id", TwitterAPI.Controller, :favorite) post("/favorites/create", TwitterAPI.Controller, :favorite) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 961250d92..a9e45f91e 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -4,7 +4,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do alias Pleroma.Web.TwitterAPI.{TwitterAPI, UserView, ActivityView, NotificationView} alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI.Utils, as: CommonUtils - alias Pleroma.{Repo, Activity, User, Notification} + alias Pleroma.{Repo, Activity, Object, User, Notification} alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Utils alias Ecto.Changeset @@ -226,6 +226,22 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end end + @doc "https://developer.twitter.com/en/docs/media/upload-media/api-reference/post-media-metadata-create" + def update_media(%{assigns: %{user: _}} = conn, %{"media_id" => id} = data) do + description = get_in(data, ["alt_text", "text"]) || data["name"] || data["description"] + + with %Object{} = object <- Repo.get(Object, id), is_binary(description) do + new_data = Map.put(object.data, "name", description) + + change = Object.change(object, %{data: new_data}) + {:ok, _} = Repo.update(change) + end + + conn + |> put_status(:no_content) + |> json("") + end + def upload(conn, %{"media" => media}) do response = TwitterAPI.upload(media) -- cgit v1.2.3 From 48e6193bf2c6a03068f1c6a96429fadffaa7794b Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 4 Dec 2018 19:24:41 +0300 Subject: [#210] Refactoring. --- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index a9e45f91e..c846dbd60 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -232,9 +232,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do with %Object{} = object <- Repo.get(Object, id), is_binary(description) do new_data = Map.put(object.data, "name", description) - - change = Object.change(object, %{data: new_data}) - {:ok, _} = Repo.update(change) + {:ok, _} = object |> Object.change(%{data: new_data}) |> Repo.update() end conn -- cgit v1.2.3 From 8a1df182cf836eafc2558be32cf58ad07839f46a Mon Sep 17 00:00:00 2001 From: scarlett Date: Tue, 4 Dec 2018 21:39:18 +0000 Subject: Add a MRF Policy for appending re: to identical subjects in replies. --- .../web/activity_pub/mrf/ensure_re_prepended.ex | 37 ++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex b/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex new file mode 100644 index 000000000..3f216010e --- /dev/null +++ b/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex @@ -0,0 +1,37 @@ +defmodule Pleroma.Web.ActivityPub.MRF.EnsureRePrepended do + alias Pleroma.Activity + + @behaviour Pleroma.Web.ActivityPub.MRF + + def filter_by_summary( + %{"summary" => parent_summary} = parent, + %{"summary" => child_summary} = child + ) + when not is_nil(child_summary) and child_summary == parent_summary and + byte_size(child_summary) > 1 do + if not String.starts_with?(child_summary, "re:") do + Map.put(child, "summary", "re: " <> child_summary) + else + child + end + end + + def filter_by_summary(parent, child), do: child + + def filter(%{"type" => activity_type} = object) when activity_type == "Create" do + child = object["object"] + in_reply_to = Activity.get_create_activity_by_object_ap_id(child["inReplyTo"]) + + child = + if(in_reply_to, + do: filter_by_summary(in_reply_to.data["object"], child), + else: child + ) + + object = Map.put(object, "object", child) + + {:ok, object} + end + + def filter(object), do: {:ok, object} +end -- cgit v1.2.3 From a418547bdfc95b72497faa0eb5da69b04f6a8566 Mon Sep 17 00:00:00 2001 From: hakabahitoyo Date: Wed, 5 Dec 2018 16:08:34 +0900 Subject: debug /api/v1/suggestions --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index ea64f163d..f9007a808 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1169,7 +1169,15 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do url = String.replace(api, "{{host}}", host) |> String.replace("{{user}}", user) with {:ok, %{status: 200, body: body}} <- - @httpoison.get(url, [], timeout: timeout, recv_timeout: timeout), + @httpoison.get( + url, + [], + follow_redirect: true, + adapter: [ + timeout: timeout, + recv_timeout: timeout + ] + ), {:ok, data} <- Jason.decode(body) do data2 = Enum.slice(data, 0, limit) -- cgit v1.2.3 From be187f82f798a904755fc754538d560cde901a88 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 5 Dec 2018 11:48:50 +0300 Subject: [#210] Further refactoring. --- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index c846dbd60..c9e845aea 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -226,13 +226,21 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end end - @doc "https://developer.twitter.com/en/docs/media/upload-media/api-reference/post-media-metadata-create" + @doc """ + Updates metadata of uploaded media object. + Derived from [Twitter API endpoint](https://developer.twitter.com/en/docs/media/upload-media/api-reference/post-media-metadata-create). + """ def update_media(%{assigns: %{user: _}} = conn, %{"media_id" => id} = data) do description = get_in(data, ["alt_text", "text"]) || data["name"] || data["description"] - with %Object{} = object <- Repo.get(Object, id), is_binary(description) do + with %Object{} = object <- Repo.get(Object, id), + is_binary(description) do new_data = Map.put(object.data, "name", description) - {:ok, _} = object |> Object.change(%{data: new_data}) |> Repo.update() + + {:ok, _} = + object + |> Object.change(%{data: new_data}) + |> Repo.update() end conn -- cgit v1.2.3 From 848151f7cbf372d008c178d13c9a74942164c955 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 5 Dec 2018 13:37:06 +0300 Subject: [#210] [TwitterAPI] Made actor be stored for uploads. Added ownership check to `update_media` action. Added controller tests for `upload` and `update_media` actions. Refactoring. --- lib/pleroma/web/activity_pub/activity_pub.ex | 3 +- lib/pleroma/web/twitter_api/twitter_api.ex | 8 +++- .../web/twitter_api/twitter_api_controller.ex | 43 ++++++++++++++-------- 3 files changed, 36 insertions(+), 18 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 7e207c620..39692163f 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -574,7 +574,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do def upload(file, opts \\ []) do with {:ok, data} <- Upload.store(file, opts) do - Repo.insert(%Object{data: data}) + obj_data = if opts[:actor], do: Map.put(data, "actor", opts[:actor]), else: data + Repo.insert(%Object{data: obj_data}) end end diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index c19a4f084..b9468ab03 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -93,8 +93,12 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do end end - def upload(%Plug.Upload{} = file, format \\ "xml") do - {:ok, object} = ActivityPub.upload(file) + def ap_upload(%Plug.Upload{} = file, %User{} = user) do + ActivityPub.upload(file, actor: User.ap_id(user)) + end + + def upload(%Plug.Upload{} = file, %User{} = user, format \\ "xml") do + {:ok, object} = ap_upload(file, user) url = List.first(object.data["url"]) href = url["href"] diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index c9e845aea..2f12131e7 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -230,34 +230,47 @@ defmodule Pleroma.Web.TwitterAPI.Controller do Updates metadata of uploaded media object. Derived from [Twitter API endpoint](https://developer.twitter.com/en/docs/media/upload-media/api-reference/post-media-metadata-create). """ - def update_media(%{assigns: %{user: _}} = conn, %{"media_id" => id} = data) do + def update_media(%{assigns: %{user: user}} = conn, %{"media_id" => id} = data) do + object = Repo.get(Object, id) description = get_in(data, ["alt_text", "text"]) || data["name"] || data["description"] - with %Object{} = object <- Repo.get(Object, id), - is_binary(description) do - new_data = Map.put(object.data, "name", description) + {conn, status, response_body} = + cond do + !object -> + {halt(conn), :not_found, ""} - {:ok, _} = - object - |> Object.change(%{data: new_data}) - |> Repo.update() - end + object.data["actor"] != User.ap_id(user) -> + {halt(conn), :forbidden, "You can only update your own uploads."} + + !is_binary(description) -> + {conn, :not_modified, ""} + + true -> + new_data = Map.put(object.data, "name", description) + + {:ok, _} = + object + |> Object.change(%{data: new_data}) + |> Repo.update() + + {conn, :no_content, ""} + end conn - |> put_status(:no_content) - |> json("") + |> put_status(status) + |> json(response_body) end - def upload(conn, %{"media" => media}) do - response = TwitterAPI.upload(media) + def upload(%{assigns: %{user: user}} = conn, %{"media" => media}) do + response = TwitterAPI.upload(media, user) conn |> put_resp_content_type("application/atom+xml") |> send_resp(200, response) end - def upload_json(conn, %{"media" => media}) do - response = TwitterAPI.upload(media, "json") + def upload_json(%{assigns: %{user: user}} = conn, %{"media" => media}) do + response = TwitterAPI.upload(media, user, "json") conn |> json_reply(200, response) -- cgit v1.2.3 From c524c50509d47fe04f2dc48b30ef1c3d6f6d2ffd Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Wed, 5 Dec 2018 17:29:49 +0300 Subject: fix/273 --- lib/pleroma/plugs/oauth_plug.ex | 74 +++++++++++++++++++++++++++++++---------- 1 file changed, 56 insertions(+), 18 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/oauth_plug.ex b/lib/pleroma/plugs/oauth_plug.ex index 630f15eec..75f9209c2 100644 --- a/lib/pleroma/plugs/oauth_plug.ex +++ b/lib/pleroma/plugs/oauth_plug.ex @@ -1,30 +1,68 @@ defmodule Pleroma.Plugs.OAuthPlug do import Plug.Conn - alias Pleroma.User - alias Pleroma.Repo - alias Pleroma.Web.OAuth.Token + import Ecto.Query - def init(options) do - options - end + alias Pleroma.{ + User, + Repo, + Web.OAuth.Token + } + + @realm_reg Regex.compile!("Bearer\:?\s+(.*)$", "i") + + def init(options), do: options def call(%{assigns: %{user: %User{}}} = conn, _), do: conn def call(conn, _) do - token = - case get_req_header(conn, "authorization") do - ["Bearer " <> header] -> header - _ -> get_session(conn, :oauth_token) - end - - with token when not is_nil(token) <- token, - %Token{user_id: user_id} <- Repo.get_by(Token, token: token), - %User{} = user <- Repo.get(User, user_id), - false <- !!user.info.deactivated do - conn - |> assign(:user, user) + with {:ok, token} <- fetch_token(conn), + {:ok, user} <- fetch_user(token) do + assign(conn, :user, user) else _ -> conn end end + + # Gets user by token + # + @spec fetch_user(String.t()) :: {:ok, User.t()} | nil + defp fetch_user(token) do + query = from(q in Token, where: q.token == ^token, preload: [:user]) + + with %Token{user: %{info: %{deactivated: false} = _} = user} <- Repo.one(query) do + {:ok, user} + end + end + + # Gets token from session by :oauth_token key + # + @spec fetch_token_from_session(Plug.Conn.t()) :: :no_token_found | {:ok, String.t()} + defp fetch_token_from_session(conn) do + case get_session(conn, :oauth_token) do + nil -> :no_token_found + token -> {:ok, token} + end + end + + # Gets token from headers + # + @spec fetch_token(Plug.Conn.t()) :: :no_token_found | {:ok, String.t()} + defp fetch_token(%Plug.Conn{} = conn) do + headers = get_req_header(conn, "authorization") + + with :no_token_found <- fetch_token(headers), + do: fetch_token_from_session(conn) + end + + @spec fetch_token(Keyword.t()) :: :no_token_found | {:ok, String.t()} + defp fetch_token([]), do: :no_token_found + + defp fetch_token([token | tail]) do + trimmed_token = String.trim(token) + + case Regex.run(@realm_reg, trimmed_token) do + [_, match] -> {:ok, String.trim(match)} + _ -> fetch_token(tail) + end + end end -- cgit v1.2.3 From 5427d2af3a1bd9a5b571375b4aca2ccd9042b3b9 Mon Sep 17 00:00:00 2001 From: Rin Toshaka Date: Wed, 5 Dec 2018 16:41:50 +0100 Subject: Update mix tasks since User.info.info_changeset is deprecated --- lib/mix/tasks/make_moderator.ex | 14 ++++++-------- lib/mix/tasks/set_admin.ex | 17 ++++++++--------- lib/mix/tasks/set_locked.ex | 18 ++++++++---------- 3 files changed, 22 insertions(+), 27 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/make_moderator.ex b/lib/mix/tasks/make_moderator.ex index 15586dc30..9ea6c45c1 100644 --- a/lib/mix/tasks/make_moderator.ex +++ b/lib/mix/tasks/make_moderator.ex @@ -8,7 +8,7 @@ defmodule Mix.Tasks.SetModerator do """ use Mix.Task - import Mix.Ecto + import Ecto.Changeset alias Pleroma.{Repo, User} def run([nickname | rest]) do @@ -21,14 +21,12 @@ defmodule Mix.Tasks.SetModerator do end with %User{local: true} = user <- User.get_by_nickname(nickname) do - info = - user.info - |> Map.put("is_moderator", !!moderator) + info_cng = User.Info.admin_api_update(user.info, %{is_moderator: !!moderator}) + user_cng = Ecto.Changeset.change(user) + |> put_embed(:info, info_cng) + {:ok, user} = User.update_and_set_cache(user_cng) - cng = User.info_changeset(user, %{info: info}) - {:ok, user} = User.update_and_set_cache(cng) - - IO.puts("Moderator status of #{nickname}: #{user.info["is_moderator"]}") + IO.puts("Moderator status of #{nickname}: #{user.info.is_moderator}") else _ -> IO.puts("No local user #{nickname}") diff --git a/lib/mix/tasks/set_admin.ex b/lib/mix/tasks/set_admin.ex index d5ccf261b..9788e49b9 100644 --- a/lib/mix/tasks/set_admin.ex +++ b/lib/mix/tasks/set_admin.ex @@ -1,5 +1,6 @@ defmodule Mix.Tasks.SetAdmin do use Mix.Task + import Ecto.Changeset alias Pleroma.User @doc """ @@ -9,21 +10,19 @@ defmodule Mix.Tasks.SetAdmin do def run([nickname | rest]) do Application.ensure_all_started(:pleroma) - status = + admin = case rest do - [status] -> status == "true" + [admin] -> admin == "true" _ -> true end with %User{local: true} = user <- User.get_by_nickname(nickname) do - info = - user.info - |> Map.put("is_admin", !!status) + info_cng = User.Info.admin_api_update(user.info, %{is_admin: !!admin}) + user_cng = Ecto.Changeset.change(user) + |> put_embed(:info, info_cng) + {:ok, user} = User.update_and_set_cache(user_cng) - cng = User.info_changeset(user, %{info: info}) - {:ok, user} = User.update_and_set_cache(cng) - - IO.puts("Admin status of #{nickname}: #{user.info["is_admin"]}") + IO.puts("Admin status of #{nickname}: #{user.info.is_admin}") else _ -> IO.puts("No local user #{nickname}") diff --git a/lib/mix/tasks/set_locked.ex b/lib/mix/tasks/set_locked.ex index a154595ca..42d978599 100644 --- a/lib/mix/tasks/set_locked.ex +++ b/lib/mix/tasks/set_locked.ex @@ -8,13 +8,13 @@ defmodule Mix.Tasks.SetLocked do Example: ``mix set_locked lain`` """ - + use Mix.Task - import Mix.Ecto + import Ecto.Changeset alias Pleroma.{Repo, User} def run([nickname | rest]) do - ensure_started(Repo, []) + Application.ensure_all_started(:pleroma) locked = case rest do @@ -23,14 +23,12 @@ defmodule Mix.Tasks.SetLocked do end with %User{local: true} = user <- User.get_by_nickname(nickname) do - info = - user.info - |> Map.put("locked", !!locked) - - cng = User.info_changeset(user, %{info: info}) - user = Repo.update!(cng) + info_cng = User.Info.profile_update(user.info, %{locked: !!locked}) + user_cng = Ecto.Changeset.change(user) + |> put_embed(:info, info_cng) + {:ok, user} = User.update_and_set_cache(user_cng) - IO.puts("locked status of #{nickname}: #{user.info["locked"]}") + IO.puts("Locked status of #{nickname}: #{user.info.locked}") else _ -> IO.puts("No local user #{nickname}") -- cgit v1.2.3 From c3519132dfdcd5f59c0ebe99fa8ab4b764ac4982 Mon Sep 17 00:00:00 2001 From: Rin Toshaka Date: Wed, 5 Dec 2018 16:44:15 +0100 Subject: Sorry --- lib/mix/tasks/make_moderator.ex | 7 +++++-- lib/mix/tasks/set_admin.ex | 7 +++++-- lib/mix/tasks/set_locked.ex | 9 ++++++--- 3 files changed, 16 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/make_moderator.ex b/lib/mix/tasks/make_moderator.ex index 9ea6c45c1..8dc0a04dd 100644 --- a/lib/mix/tasks/make_moderator.ex +++ b/lib/mix/tasks/make_moderator.ex @@ -22,8 +22,11 @@ defmodule Mix.Tasks.SetModerator do with %User{local: true} = user <- User.get_by_nickname(nickname) do info_cng = User.Info.admin_api_update(user.info, %{is_moderator: !!moderator}) - user_cng = Ecto.Changeset.change(user) - |> put_embed(:info, info_cng) + + user_cng = + Ecto.Changeset.change(user) + |> put_embed(:info, info_cng) + {:ok, user} = User.update_and_set_cache(user_cng) IO.puts("Moderator status of #{nickname}: #{user.info.is_moderator}") diff --git a/lib/mix/tasks/set_admin.ex b/lib/mix/tasks/set_admin.ex index 9788e49b9..ac26516f1 100644 --- a/lib/mix/tasks/set_admin.ex +++ b/lib/mix/tasks/set_admin.ex @@ -18,8 +18,11 @@ defmodule Mix.Tasks.SetAdmin do with %User{local: true} = user <- User.get_by_nickname(nickname) do info_cng = User.Info.admin_api_update(user.info, %{is_admin: !!admin}) - user_cng = Ecto.Changeset.change(user) - |> put_embed(:info, info_cng) + + user_cng = + Ecto.Changeset.change(user) + |> put_embed(:info, info_cng) + {:ok, user} = User.update_and_set_cache(user_cng) IO.puts("Admin status of #{nickname}: #{user.info.is_admin}") diff --git a/lib/mix/tasks/set_locked.ex b/lib/mix/tasks/set_locked.ex index 42d978599..e93a63505 100644 --- a/lib/mix/tasks/set_locked.ex +++ b/lib/mix/tasks/set_locked.ex @@ -8,7 +8,7 @@ defmodule Mix.Tasks.SetLocked do Example: ``mix set_locked lain`` """ - + use Mix.Task import Ecto.Changeset alias Pleroma.{Repo, User} @@ -24,8 +24,11 @@ defmodule Mix.Tasks.SetLocked do with %User{local: true} = user <- User.get_by_nickname(nickname) do info_cng = User.Info.profile_update(user.info, %{locked: !!locked}) - user_cng = Ecto.Changeset.change(user) - |> put_embed(:info, info_cng) + + user_cng = + Ecto.Changeset.change(user) + |> put_embed(:info, info_cng) + {:ok, user} = User.update_and_set_cache(user_cng) IO.puts("Locked status of #{nickname}: #{user.info.locked}") -- cgit v1.2.3 From c4f3c5e939638905f94cdee53db7a0704a80d133 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 5 Dec 2018 20:23:28 +0300 Subject: [#210] Stylistic change. --- lib/pleroma/web/activity_pub/activity_pub.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 39692163f..4eb9d96ab 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -574,7 +574,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do def upload(file, opts \\ []) do with {:ok, data} <- Upload.store(file, opts) do - obj_data = if opts[:actor], do: Map.put(data, "actor", opts[:actor]), else: data + obj_data = (opts[:actor] && Map.put(data, "actor", opts[:actor])) || data Repo.insert(%Object{data: obj_data}) end end -- cgit v1.2.3 From 839526a9134ba85c0a45fe85740d04a54076224c Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Dec 2018 19:22:40 +0100 Subject: TwitterAPI: Add network hiding. --- lib/pleroma/user/info.ex | 3 ++- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index 83fab7e3d..cefe33577 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -135,7 +135,8 @@ defmodule Pleroma.User.Info do :locked, :no_rich_text, :default_scope, - :banner + :banner, + :hide_network ]) end diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index a59badfdb..959312683 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -431,7 +431,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do defp build_info_cng(user, params) do info_params = - ["no_rich_text", "locked"] + ["no_rich_text", "locked", "hide_network"] |> Enum.reduce(%{}, fn key, res -> if value = params[key] do Map.put(res, key, value == "true") -- cgit v1.2.3 From 3b5be09f4544ab1b3f6821fd4bbe047f94ef71ac Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 5 Dec 2018 21:48:21 +0300 Subject: [#210] Stylistic change. --- lib/pleroma/web/activity_pub/activity_pub.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 4eb9d96ab..39692163f 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -574,7 +574,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do def upload(file, opts \\ []) do with {:ok, data} <- Upload.store(file, opts) do - obj_data = (opts[:actor] && Map.put(data, "actor", opts[:actor])) || data + obj_data = if opts[:actor], do: Map.put(data, "actor", opts[:actor]), else: data Repo.insert(%Object{data: obj_data}) end end -- cgit v1.2.3 From 3ccfe226c0e7710c2321b19643a43fcc6458a1e9 Mon Sep 17 00:00:00 2001 From: Vald Date: Thu, 6 Dec 2018 01:05:41 +0530 Subject: added data attrs for user and tag --- lib/pleroma/formatter.ex | 10 +++++++--- lib/pleroma/html.ex | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 1a5c07c8a..5b03e9aeb 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -114,7 +114,7 @@ defmodule Pleroma.Formatter do subs = subs ++ - Enum.map(mentions, fn {match, %User{ap_id: ap_id, info: info}, uuid} -> + Enum.map(mentions, fn {match, %User{id: id, ap_id: ap_id, info: info}, uuid} -> ap_id = if is_binary(info.source_data["url"]) do info.source_data["url"] @@ -125,7 +125,7 @@ defmodule Pleroma.Formatter do short_match = String.split(match, "@") |> tl() |> hd() {uuid, - "@#{short_match}"} + "@#{short_match}"} end) {subs, uuid_text} @@ -147,7 +147,11 @@ defmodule Pleroma.Formatter do subs = subs ++ Enum.map(tags, fn {tag_text, tag, uuid} -> - url = "" + url = + "" + {uuid, url} end) diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 1b920d7fd..271a48b57 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -86,7 +86,7 @@ defmodule Pleroma.HTML.Scrubber.Default do Meta.remove_cdata_sections_before_scrub() Meta.strip_comments() - Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) + Meta.allow_tag_with_uri_attributes("a", ["href", "data-user", "data-tag"], @valid_schemes) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) Meta.allow_tag_with_these_attributes("abbr", ["title"]) -- cgit v1.2.3 From fdac215091332d5f7df818855b62e600870d6786 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Dec 2018 21:14:06 +0100 Subject: TwitterAPI: Show users their own network. --- .../web/twitter_api/twitter_api_controller.ex | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 959312683..591557cca 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -340,20 +340,32 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end end - def followers(conn, params) do - with {:ok, user} <- TwitterAPI.get_user(conn.assigns[:user], params), + def followers(%{assigns: %{user: for_user}} = conn, params) do + with {:ok, user} <- TwitterAPI.get_user(for_user, params), {:ok, followers} <- User.get_followers(user) do - followers = if(user.info.hide_network, do: [], else: followers) + followers = + cond do + for_user && user.id == for_user.id -> followers + user.info.hide_network -> [] + true -> followers + end + render(conn, UserView, "index.json", %{users: followers, for: conn.assigns[:user]}) else _e -> bad_request_reply(conn, "Can't get followers") end end - def friends(conn, params) do + def friends(%{assigns: %{user: for_user}} = conn, params) do with {:ok, user} <- TwitterAPI.get_user(conn.assigns[:user], params), {:ok, friends} <- User.get_friends(user) do - friends = if(user.info.hide_network, do: [], else: friends) + friends = + cond do + for_user && user.id == for_user.id -> friends + user.info.hide_network -> [] + true -> friends + end + render(conn, UserView, "index.json", %{users: friends, for: conn.assigns[:user]}) else _e -> bad_request_reply(conn, "Can't get friends") -- cgit v1.2.3 From 3ea4476445a5e9b6ec1625d7caa537f79254e9d0 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Dec 2018 21:25:06 +0100 Subject: MastodonAPI: Show users their own network. --- .../web/mastodon_api/mastodon_api_controller.ex | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 715a2f1a9..c8b2eae4d 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -502,18 +502,30 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> render(StatusView, "index.json", %{activities: activities, for: user, as: :activity}) end - def followers(conn, %{"id" => id}) do + def followers(%{assigns: %{user: for_user}} = conn, %{"id" => id}) do with %User{} = user <- Repo.get(User, id), {:ok, followers} <- User.get_followers(user) do - followers = if(user.info.hide_network, do: [], else: followers) + followers = + cond do + for_user && user.id == for_user.id -> followers + user.info.hide_network -> [] + true -> followers + end + render(conn, AccountView, "accounts.json", %{users: followers, as: :user}) end end - def following(conn, %{"id" => id}) do + def following(%{assigns: %{user: for_user}} = conn, %{"id" => id}) do with %User{} = user <- Repo.get(User, id), {:ok, followers} <- User.get_friends(user) do - followers = if(user.info.hide_network, do: [], else: followers) + followers = + cond do + for_user && user.id == for_user.id -> followers + user.info.hide_network -> [] + true -> followers + end + render(conn, AccountView, "accounts.json", %{users: followers, as: :user}) end end -- cgit v1.2.3 From 7d5720f2e40015502fe646b86768ab8454f571fe Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Dec 2018 21:31:02 +0100 Subject: Fix merge. --- lib/pleroma/user/info.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index 6829c26f6..7a99787f8 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -136,7 +136,7 @@ defmodule Pleroma.User.Info do :no_rich_text, :default_scope, :banner, - :hide_network + :hide_network, :background ]) end -- cgit v1.2.3 From 194869c7db1d31b139254d3a0c6a449cee0068fe Mon Sep 17 00:00:00 2001 From: Vald Date: Thu, 6 Dec 2018 02:14:56 +0530 Subject: added data attrs to twitter scrubber --- lib/pleroma/html.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 271a48b57..5daaa5e69 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -45,7 +45,7 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do Meta.strip_comments() # links - Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) + Meta.allow_tag_with_uri_attributes("a", ["href", "data-user", "data-tag"], @valid_schemes) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) # paragraphs and linebreaks -- cgit v1.2.3 From 27792b2d77564717e7d4063ab3524ab9e1cb1fb6 Mon Sep 17 00:00:00 2001 From: Hakaba Hitoyo Date: Thu, 6 Dec 2018 11:23:15 +0900 Subject: remove pool and timeout options which duplicate with the default --- lib/pleroma/http/connection.ex | 6 +++++- lib/pleroma/web/activity_pub/activity_pub.ex | 4 +--- lib/pleroma/web/ostatus/ostatus.ex | 9 ++------- lib/pleroma/web/salmon/salmon.ex | 7 +------ lib/pleroma/web/websub/websub.ex | 5 ----- 5 files changed, 9 insertions(+), 22 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/http/connection.ex b/lib/pleroma/http/connection.ex index 5e8f2aabd..66e0d0568 100644 --- a/lib/pleroma/http/connection.ex +++ b/lib/pleroma/http/connection.ex @@ -3,7 +3,11 @@ defmodule Pleroma.HTTP.Connection do Connection for http-requests. """ - @hackney_options [pool: :default] + @hackney_options [ + pool: :default, + timeout: 10000, + recv_timeout: 20000 + ] @adapter Application.get_env(:tesla, :adapter) @doc """ diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 60253a715..03a607f83 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -766,9 +766,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do @httpoison.get( id, [Accept: "application/activity+json"], - follow_redirect: true, - timeout: 10000, - recv_timeout: 20000 + follow_redirect: true ), {:ok, data} <- Jason.decode(body), :ok <- Transmogrifier.contain_origin_from_id(id, data) do diff --git a/lib/pleroma/web/ostatus/ostatus.ex b/lib/pleroma/web/ostatus/ostatus.ex index 67df354db..bc14b8785 100644 --- a/lib/pleroma/web/ostatus/ostatus.ex +++ b/lib/pleroma/web/ostatus/ostatus.ex @@ -350,11 +350,7 @@ defmodule Pleroma.Web.OStatus do @httpoison.get( url, [Accept: "application/atom+xml"], - follow_redirect: true, - adapter: [ - timeout: 10000, - recv_timeout: 20000 - ] + follow_redirect: true ) do Logger.debug("Got document from #{url}, handling...") handle_incoming(body) @@ -369,8 +365,7 @@ defmodule Pleroma.Web.OStatus do Logger.debug("Trying to fetch #{url}") with true <- String.starts_with?(url, "http"), - {:ok, %{body: body}} <- - @httpoison.get(url, [], follow_redirect: true, timeout: 10000, recv_timeout: 20000), + {:ok, %{body: body}} <- @httpoison.get(url, [], follow_redirect: true), {:ok, atom_url} <- get_atom_url(body) do fetch_activity_from_atom_url(atom_url) else diff --git a/lib/pleroma/web/salmon/salmon.ex b/lib/pleroma/web/salmon/salmon.ex index 97251c05e..0e2cfddd0 100644 --- a/lib/pleroma/web/salmon/salmon.ex +++ b/lib/pleroma/web/salmon/salmon.ex @@ -162,12 +162,7 @@ defmodule Pleroma.Web.Salmon do poster.( salmon, feed, - [{"Content-Type", "application/magic-envelope+xml"}], - adapter: [ - timeout: 10000, - recv_timeout: 20000, - pool: :default - ] + [{"Content-Type", "application/magic-envelope+xml"}] ) do Logger.debug(fn -> "Pushed to #{salmon}, code #{code}" end) else diff --git a/lib/pleroma/web/websub/websub.ex b/lib/pleroma/web/websub/websub.ex index 0761b5475..8cb07006f 100644 --- a/lib/pleroma/web/websub/websub.ex +++ b/lib/pleroma/web/websub/websub.ex @@ -264,11 +264,6 @@ defmodule Pleroma.Web.Websub do [ {"Content-Type", "application/atom+xml"}, {"X-Hub-Signature", "sha1=#{signature}"} - ], - adapter: [ - timeout: 10000, - recv_timeout: 20000, - pool: :default ] ) do Logger.info(fn -> "Pushed to #{callback}, code #{code}" end) -- cgit v1.2.3 From 96ba95df2e6690c1c6a58cf087c91eab7af728b4 Mon Sep 17 00:00:00 2001 From: Hakaba Hitoyo Date: Thu, 6 Dec 2018 11:38:33 +0900 Subject: remove follow_redirect options --- lib/pleroma/http/connection.ex | 3 ++- lib/pleroma/reverse_proxy.ex | 2 +- lib/pleroma/web/activity_pub/activity_pub.ex | 3 +-- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 1 - lib/pleroma/web/ostatus/ostatus.ex | 5 ++--- lib/pleroma/web/web_finger/web_finger.ex | 2 +- 6 files changed, 7 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/http/connection.ex b/lib/pleroma/http/connection.ex index 66e0d0568..db46f9e55 100644 --- a/lib/pleroma/http/connection.ex +++ b/lib/pleroma/http/connection.ex @@ -6,7 +6,8 @@ defmodule Pleroma.HTTP.Connection do @hackney_options [ pool: :default, timeout: 10000, - recv_timeout: 20000 + recv_timeout: 20000, + follow_redirect: true ] @adapter Application.get_env(:tesla, :adapter) diff --git a/lib/pleroma/reverse_proxy.ex b/lib/pleroma/reverse_proxy.ex index ad9dc82fe..4ca84152a 100644 --- a/lib/pleroma/reverse_proxy.ex +++ b/lib/pleroma/reverse_proxy.ex @@ -56,7 +56,7 @@ defmodule Pleroma.ReverseProxy do @hackney Application.get_env(:pleroma, :hackney, :hackney) @httpoison Application.get_env(:pleroma, :httpoison, HTTPoison) - @default_hackney_options [{:follow_redirect, true}] + @default_hackney_options [] @inline_content_types [ "image/gif", diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 03a607f83..922ffb946 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -765,8 +765,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do {:ok, %{body: body, status: code}} when code in 200..299 <- @httpoison.get( id, - [Accept: "application/activity+json"], - follow_redirect: true + Accept: "application/activity+json" ), {:ok, data} <- Jason.decode(body), :ok <- Transmogrifier.contain_origin_from_id(id, data) do diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 300bdc04a..fc4f3fdc7 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1185,7 +1185,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do @httpoison.get( url, [], - follow_redirect: true, adapter: [ timeout: timeout, recv_timeout: timeout diff --git a/lib/pleroma/web/ostatus/ostatus.ex b/lib/pleroma/web/ostatus/ostatus.ex index bc14b8785..9f33cd5cd 100644 --- a/lib/pleroma/web/ostatus/ostatus.ex +++ b/lib/pleroma/web/ostatus/ostatus.ex @@ -349,8 +349,7 @@ defmodule Pleroma.Web.OStatus do {:ok, %{body: body, status: code}} when code in 200..299 <- @httpoison.get( url, - [Accept: "application/atom+xml"], - follow_redirect: true + Accept: "application/atom+xml" ) do Logger.debug("Got document from #{url}, handling...") handle_incoming(body) @@ -365,7 +364,7 @@ defmodule Pleroma.Web.OStatus do Logger.debug("Trying to fetch #{url}") with true <- String.starts_with?(url, "http"), - {:ok, %{body: body}} <- @httpoison.get(url, [], follow_redirect: true), + {:ok, %{body: body}} <- @httpoison.get(url, []), {:ok, atom_url} <- get_atom_url(body) do fetch_activity_from_atom_url(atom_url) else diff --git a/lib/pleroma/web/web_finger/web_finger.ex b/lib/pleroma/web/web_finger/web_finger.ex index 99c65a6bf..0ff3b8b5f 100644 --- a/lib/pleroma/web/web_finger/web_finger.ex +++ b/lib/pleroma/web/web_finger/web_finger.ex @@ -221,7 +221,7 @@ defmodule Pleroma.Web.WebFinger do def find_lrdd_template(domain) do with {:ok, %{status: status, body: body}} when status in 200..299 <- - @httpoison.get("http://#{domain}/.well-known/host-meta", [], follow_redirect: true) do + @httpoison.get("http://#{domain}/.well-known/host-meta", []) do get_template_from_xml(body) else _ -> -- cgit v1.2.3 From 3e90f688f14310e92fe9343f2680c58d74f71cb6 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 6 Dec 2018 10:26:17 +0300 Subject: [#210] Mastodon: actor storing for media uploads, ownership check to update_media. Refactoring. --- lib/pleroma/object.ex | 9 +++++- lib/pleroma/web/activity_pub/activity_pub.ex | 8 ++++- .../web/mastodon_api/mastodon_api_controller.ex | 34 ++++++++++------------ lib/pleroma/web/twitter_api/twitter_api.ex | 6 +--- .../web/twitter_api/twitter_api_controller.ex | 2 +- 5 files changed, 33 insertions(+), 26 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/object.ex b/lib/pleroma/object.ex index 03a75dfbd..31c8dd5bd 100644 --- a/lib/pleroma/object.ex +++ b/lib/pleroma/object.ex @@ -1,6 +1,6 @@ defmodule Pleroma.Object do use Ecto.Schema - alias Pleroma.{Repo, Object, Activity} + alias Pleroma.{Repo, Object, User, Activity} import Ecto.{Query, Changeset} schema "objects" do @@ -31,6 +31,13 @@ defmodule Pleroma.Object do def normalize(ap_id) when is_binary(ap_id), do: Object.get_by_ap_id(ap_id) def normalize(_), do: nil + # Owned objects can only be mutated by their owner + def authorize_mutation(%Object{data: %{"actor" => actor}}, %User{ap_id: ap_id}), + do: actor == ap_id + + # Legacy objects can be mutated by anybody + def authorize_mutation(%Object{}, %User{}), do: true + if Mix.env() == :test do def get_cached_by_ap_id(ap_id) do get_by_ap_id(ap_id) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 39692163f..aaf9d3854 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -574,7 +574,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do def upload(file, opts \\ []) do with {:ok, data} <- Upload.store(file, opts) do - obj_data = if opts[:actor], do: Map.put(data, "actor", opts[:actor]), else: data + obj_data = + if opts[:actor] do + Map.put(data, "actor", opts[:actor]) + else + data + end + Repo.insert(%Object{data: obj_data}) end end diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 543fdf416..ef204f7f3 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -433,33 +433,31 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> json([]) end - def update_media(%{assigns: %{user: _}} = conn, data) do + def update_media(%{assigns: %{user: user}} = conn, data) do with %Object{} = object <- Repo.get(Object, data["id"]), + true <- Object.authorize_mutation(object, user), true <- is_binary(data["description"]), description <- data["description"] do new_data = %{object.data | "name" => description} - change = Object.change(object, %{data: new_data}) - {:ok, _} = Repo.update(change) + {:ok, _} = + object + |> Object.change(%{data: new_data}) + |> Repo.update() - data = - new_data - |> Map.put("id", object.id) - - render(conn, StatusView, "attachment.json", %{attachment: data}) + attachment_data = Map.put(new_data, "id", object.id) + render(conn, StatusView, "attachment.json", %{attachment: attachment_data}) end end - def upload(%{assigns: %{user: _}} = conn, %{"file" => file} = data) do - with {:ok, object} <- ActivityPub.upload(file, description: Map.get(data, "description")) do - change = Object.change(object, %{data: object.data}) - {:ok, object} = Repo.update(change) - - objdata = - object.data - |> Map.put("id", object.id) - - render(conn, StatusView, "attachment.json", %{attachment: objdata}) + def upload(%{assigns: %{user: user}} = conn, %{"file" => file} = data) do + with {:ok, object} <- + ActivityPub.upload(file, + actor: User.ap_id(user), + description: Map.get(data, "description") + ) do + attachment_data = Map.put(object.data, "id", object.id) + render(conn, StatusView, "attachment.json", %{attachment: attachment_data}) end end diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index b9468ab03..9c485d965 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -93,12 +93,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do end end - def ap_upload(%Plug.Upload{} = file, %User{} = user) do - ActivityPub.upload(file, actor: User.ap_id(user)) - end - def upload(%Plug.Upload{} = file, %User{} = user, format \\ "xml") do - {:ok, object} = ap_upload(file, user) + {:ok, object} = ActivityPub.upload(file, actor: User.ap_id(user)) url = List.first(object.data["url"]) href = url["href"] diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 2f12131e7..c19ee230f 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -239,7 +239,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do !object -> {halt(conn), :not_found, ""} - object.data["actor"] != User.ap_id(user) -> + !Object.authorize_mutation(object, user) -> {halt(conn), :forbidden, "You can only update your own uploads."} !is_binary(description) -> -- cgit v1.2.3 From a09ed0f5afe6336763b47edab0c0d9a629a74ad0 Mon Sep 17 00:00:00 2001 From: Hakaba Hitoyo Date: Thu, 6 Dec 2018 18:41:29 +0900 Subject: avoid mix format bug --- lib/pleroma/web/activity_pub/activity_pub.ex | 2 +- lib/pleroma/web/ostatus/ostatus.ex | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 922ffb946..a1637ccad 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -765,7 +765,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do {:ok, %{body: body, status: code}} when code in 200..299 <- @httpoison.get( id, - Accept: "application/activity+json" + [{:Accept, "application/activity+json"}] ), {:ok, data} <- Jason.decode(body), :ok <- Transmogrifier.contain_origin_from_id(id, data) do diff --git a/lib/pleroma/web/ostatus/ostatus.ex b/lib/pleroma/web/ostatus/ostatus.ex index 9f33cd5cd..53d71440e 100644 --- a/lib/pleroma/web/ostatus/ostatus.ex +++ b/lib/pleroma/web/ostatus/ostatus.ex @@ -349,7 +349,7 @@ defmodule Pleroma.Web.OStatus do {:ok, %{body: body, status: code}} when code in 200..299 <- @httpoison.get( url, - Accept: "application/atom+xml" + [{:Accept, "application/atom+xml"}] ) do Logger.debug("Got document from #{url}, handling...") handle_incoming(body) -- cgit v1.2.3 From 6a6aaa0e1aade45bc2e3b68ee2c4686cc80f46cd Mon Sep 17 00:00:00 2001 From: scarlett Date: Thu, 6 Dec 2018 11:37:29 +0000 Subject: Use object.normalize. --- lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex b/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex index 3f216010e..06fafb3ee 100644 --- a/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex +++ b/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex @@ -1,5 +1,5 @@ defmodule Pleroma.Web.ActivityPub.MRF.EnsureRePrepended do - alias Pleroma.Activity + alias Pleroma.Object @behaviour Pleroma.Web.ActivityPub.MRF @@ -20,11 +20,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.EnsureRePrepended do def filter(%{"type" => activity_type} = object) when activity_type == "Create" do child = object["object"] - in_reply_to = Activity.get_create_activity_by_object_ap_id(child["inReplyTo"]) + in_reply_to = Object.normalize(child["inReplyTo"]) child = if(in_reply_to, - do: filter_by_summary(in_reply_to.data["object"], child), + do: filter_by_summary(in_reply_to.data, child), else: child ) -- cgit v1.2.3 From 04a48286e69704bf83429b85dbcdb70863bdcff1 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 6 Dec 2018 19:29:04 +0700 Subject: Add web push support --- lib/mix/tasks/generate_config.ex | 6 +- lib/mix/tasks/sample_config.eex | 6 + lib/pleroma/application.ex | 3 +- lib/pleroma/notification.ex | 1 + .../web/mastodon_api/mastodon_api_controller.ex | 6 +- lib/pleroma/web/push/push.ex | 126 +++++++++++++++++++++ lib/pleroma/web/push/subscription.ex | 2 +- .../web/twitter_api/controllers/util_controller.ex | 6 +- 8 files changed, 150 insertions(+), 6 deletions(-) create mode 100644 lib/pleroma/web/push/push.ex (limited to 'lib') diff --git a/lib/mix/tasks/generate_config.ex b/lib/mix/tasks/generate_config.ex index 70a110561..58ce3113b 100644 --- a/lib/mix/tasks/generate_config.ex +++ b/lib/mix/tasks/generate_config.ex @@ -14,6 +14,8 @@ defmodule Mix.Tasks.GenerateConfig do resultSql = EEx.eval_file("lib/mix/tasks/sample_psql.eex", dbpass: dbpass) + {web_push_public_key, web_push_private_key} = :crypto.generate_key(:ecdh, :prime256v1) + result = EEx.eval_file( "lib/mix/tasks/sample_config.eex", @@ -21,7 +23,9 @@ defmodule Mix.Tasks.GenerateConfig do email: email, name: name, secret: secret, - dbpass: dbpass + dbpass: dbpass, + web_push_public_key: Base.url_encode64(web_push_public_key, padding: false), + web_push_private_key: Base.url_encode64(web_push_private_key, padding: false) ) IO.puts( diff --git a/lib/mix/tasks/sample_config.eex b/lib/mix/tasks/sample_config.eex index 3881ead26..f2272b10a 100644 --- a/lib/mix/tasks/sample_config.eex +++ b/lib/mix/tasks/sample_config.eex @@ -25,6 +25,12 @@ config :pleroma, Pleroma.Repo, hostname: "localhost", pool_size: 10 +# Configure web push notifications +config :web_push_encryption, :vapid_details, + subject: "mailto:<%= email %>", + public_key: "<%= web_push_public_key %>", + private_key: "<%= web_push_private_key %>" + # Configure S3 support if desired. # The public S3 endpoint is different depending on region and provider, # consult your S3 provider's documentation for details on what to use. diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index a89728471..565e938fd 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -41,7 +41,8 @@ defmodule Pleroma.Application do ), worker(Pleroma.Web.Federator, []), worker(Pleroma.Gopher.Server, []), - worker(Pleroma.Stats, []) + worker(Pleroma.Stats, []), + worker(Pleroma.Web.Push, []) ] ++ if Mix.env() == :test, do: [], diff --git a/lib/pleroma/notification.ex b/lib/pleroma/notification.ex index e0dcd9823..6163413c8 100644 --- a/lib/pleroma/notification.ex +++ b/lib/pleroma/notification.ex @@ -96,6 +96,7 @@ defmodule Pleroma.Notification do notification = %Notification{user_id: user.id, activity: activity} {:ok, notification} = Repo.insert(notification) Pleroma.Web.Streamer.stream("user", notification) + Pleroma.Web.Push.send(notification) notification end end diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 7f06ee607..de5b2696f 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1138,6 +1138,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, %{}) end + alias Pleroma.Web.MastodonAPI.PushSubscriptionView + def create_push_subscription(%{assigns: %{user: user, token: token}} = conn, params) do Pleroma.Web.Push.Subscription.delete_if_exists(user, token) {:ok, subscription} = Pleroma.Web.Push.Subscription.create(user, token, params) @@ -1145,7 +1147,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, view) end - def get_push_subscription(%{assigns: %{user: user, token: token}} = conn, params) do + def get_push_subscription(%{assigns: %{user: user, token: token}} = conn, _params) do subscription = Pleroma.Web.Push.Subscription.get(user, token) view = PushSubscriptionView.render("push_subscription.json", subscription: subscription) json(conn, view) @@ -1160,7 +1162,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, view) end - def delete_push_subscription(%{assigns: %{user: user, token: token}} = conn, params) do + def delete_push_subscription(%{assigns: %{user: user, token: token}} = conn, _params) do {:ok, _response} = Pleroma.Web.Push.Subscription.delete(user, token) json(conn, %{}) end diff --git a/lib/pleroma/web/push/push.ex b/lib/pleroma/web/push/push.ex new file mode 100644 index 000000000..d27750ab6 --- /dev/null +++ b/lib/pleroma/web/push/push.ex @@ -0,0 +1,126 @@ +defmodule Pleroma.Web.Push do + use GenServer + + alias Pleroma.{Repo, User} + alias Pleroma.Web.Push.Subscription + + require Logger + import Ecto.Query + + @types ["Create", "Follow", "Announce", "Like"] + + @gcm_api_key nil + + def start_link() do + GenServer.start_link(__MODULE__, :ok, name: __MODULE__) + end + + def init(:ok) do + case Application.get_env(:web_push_encryption, :vapid_details) do + nil -> + Logger.error( + "VAPID key pair is not found. Please, add VAPID configuration to config. Run `mix web_push.gen.keypair` mix task to create a key pair" + ) + + {:error, %{}} + + _ -> + {:ok, %{}} + end + end + + def send(notification) do + GenServer.cast(Pleroma.Web.Push, {:send, notification}) + end + + def handle_cast( + {:send, %{activity: %{data: %{"type" => type}}, user_id: user_id} = notification}, + state + ) + when type in @types do + actor = User.get_cached_by_ap_id(notification.activity.data["actor"]) + body = notification |> format(actor) |> Jason.encode!() + + Subscription + |> where(user_id: ^user_id) + |> Repo.all() + |> Enum.each(fn record -> + subscription = %{ + keys: %{ + p256dh: record.key_p256dh, + auth: record.key_auth + }, + endpoint: record.endpoint + } + + case WebPushEncryption.send_web_push(body, subscription, @gcm_api_key) do + {:ok, %{status_code: code}} when 400 <= code and code < 500 -> + Logger.debug("Removing subscription record") + Repo.delete!(record) + :ok + + {:ok, %{status_code: code}} when 200 <= code and code < 300 -> + :ok + + {:ok, %{status_code: code}} -> + Logger.error("Web Push Nonification failed with code: #{code}") + :error + + data -> + Logger.error("Web Push Nonification failed with unknown error") + IO.inspect(data) + :error + end + end) + + {:noreply, state} + end + + def handle_cast({:send, _}, state) do + Logger.warn("Unknown notification type") + {:noreply, state} + end + + def format(%{activity: %{data: %{"type" => "Create"}}}, actor) do + %{ + title: "New Mention", + body: "@#{actor.nickname} has mentiond you", + icon: get_avatar_url(actor) + } + end + + def format(%{activity: %{data: %{"type" => "Follow"}}}, actor) do + %{ + title: "New Follower", + body: "@#{actor.nickname} has followed you", + icon: get_avatar_url(actor) + } + end + + def format(%{activity: %{data: %{"type" => "Announce"}}}, actor) do + %{ + title: "New Announce", + body: "@#{actor.nickname} has announced your post", + icon: get_avatar_url(actor) + } + end + + def format(%{activity: %{data: %{"type" => "Like"}}}, actor) do + %{ + title: "New Like", + body: "@#{actor.nickname} has liked your post", + icon: get_avatar_url(actor) + } + end + + def get_avatar_url(%{avatar: %{"type" => "Image", "url" => urls}}) do + case List.first(urls) do + %{"href" => url} -> url + _ -> get_avatar_url(nil) + end + end + + def get_avatar_url(_) do + Pleroma.Web.Endpoint.static_url() <> "/images/avi.png" + end +end diff --git a/lib/pleroma/web/push/subscription.ex b/lib/pleroma/web/push/subscription.ex index dc8fe9f33..cfab7a98e 100644 --- a/lib/pleroma/web/push/subscription.ex +++ b/lib/pleroma/web/push/subscription.ex @@ -1,6 +1,6 @@ defmodule Pleroma.Web.Push.Subscription do use Ecto.Schema - import Ecto.{Changeset, Query} + import Ecto.Changeset alias Pleroma.{Repo, User} alias Pleroma.Web.OAuth.Token alias Pleroma.Web.Push.Subscription diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 886b70f5f..f06020a3e 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -156,13 +156,17 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do |> send_resp(200, response) _ -> + vapid_public_key = + Keyword.get(Application.get_env(:web_push_encryption, :vapid_details), :public_key) + data = %{ name: Keyword.get(@instance, :name), description: Keyword.get(@instance, :description), server: Web.base_url(), textlimit: to_string(Keyword.get(@instance, :limit)), closed: if(Keyword.get(@instance, :registrations_open), do: "0", else: "1"), - private: if(Keyword.get(@instance, :public, true), do: "0", else: "1") + private: if(Keyword.get(@instance, :public, true), do: "0", else: "1"), + vapidPublicKey: vapid_public_key } pleroma_fe = %{ -- cgit v1.2.3 From bac58b152495c3ebf72e3ad1c3102de075fcc366 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 6 Dec 2018 19:56:56 +0700 Subject: show warning if VAPID is not set --- lib/pleroma/web/push/push.ex | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/push/push.ex b/lib/pleroma/web/push/push.ex index d27750ab6..4ac3be8a3 100644 --- a/lib/pleroma/web/push/push.ex +++ b/lib/pleroma/web/push/push.ex @@ -18,11 +18,11 @@ defmodule Pleroma.Web.Push do def init(:ok) do case Application.get_env(:web_push_encryption, :vapid_details) do nil -> - Logger.error( + Logger.warn( "VAPID key pair is not found. Please, add VAPID configuration to config. Run `mix web_push.gen.keypair` mix task to create a key pair" ) - {:error, %{}} + :ignore _ -> {:ok, %{}} @@ -30,7 +30,9 @@ defmodule Pleroma.Web.Push do end def send(notification) do - GenServer.cast(Pleroma.Web.Push, {:send, notification}) + if Application.get_env(:web_push_encryption, :vapid_details) do + GenServer.cast(Pleroma.Web.Push, {:send, notification}) + end end def handle_cast( -- cgit v1.2.3 From 3d492795b76cfe3b3616607f815a0effe44c1ce5 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 6 Dec 2018 20:42:00 +0700 Subject: clean up --- lib/pleroma/web/mastodon_api/views/push_subscription_view.ex | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/push_subscription_view.ex b/lib/pleroma/web/mastodon_api/views/push_subscription_view.ex index a910bb43e..68bb45494 100644 --- a/lib/pleroma/web/mastodon_api/views/push_subscription_view.ex +++ b/lib/pleroma/web/mastodon_api/views/push_subscription_view.ex @@ -6,9 +6,7 @@ defmodule Pleroma.Web.MastodonAPI.PushSubscriptionView do %{ id: to_string(subscription.id), endpoint: subscription.endpoint, - alerts: Map.get(subscription.data, "alerts"), - # TODO: generate VAPID server key - server_key: "N/A" + alerts: Map.get(subscription.data, "alerts") } end end -- cgit v1.2.3 From 3dff61ebec4f4b216903d79261ec5cac80e70a08 Mon Sep 17 00:00:00 2001 From: scarlett Date: Thu, 6 Dec 2018 13:48:12 +0000 Subject: Harden re: detection. --- lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex b/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex index 06fafb3ee..a3b9c4616 100644 --- a/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex +++ b/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex @@ -3,13 +3,16 @@ defmodule Pleroma.Web.ActivityPub.MRF.EnsureRePrepended do @behaviour Pleroma.Web.ActivityPub.MRF + @have_re Regex.compile!("^re:[[:space:]]*", [:caseless]) def filter_by_summary( %{"summary" => parent_summary} = parent, %{"summary" => child_summary} = child ) - when not is_nil(child_summary) and child_summary == parent_summary and - byte_size(child_summary) > 1 do - if not String.starts_with?(child_summary, "re:") do + when not is_nil(child_summary) and byte_size(child_summary) > 0 and + not is_nil(parent_summary) and byte_size(parent_summary) > 0 do + if (child_summary == parent_summary and not Regex.match?(@have_re, child_summary)) or + (Regex.match?(@have_re, parent_summary) && + Regex.replace(@have_re, parent_summary, "") == child_summary) do Map.put(child, "summary", "re: " <> child_summary) else child -- cgit v1.2.3 From 79668c08fc566dad6ecb9d2909a23612f91d06ed Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 6 Dec 2018 20:50:20 +0700 Subject: cleanup --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 15 +++++++++++---- lib/pleroma/web/push/push.ex | 1 - 2 files changed, 11 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index dd6b0a361..c9530c748 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -2,13 +2,22 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do use Pleroma.Web, :controller alias Pleroma.{Repo, Object, Activity, User, Notification, Stats} alias Pleroma.Web - alias Pleroma.Web.MastodonAPI.{StatusView, AccountView, MastodonView, ListView, FilterView} + + alias Pleroma.Web.MastodonAPI.{ + StatusView, + AccountView, + MastodonView, + ListView, + FilterView, + PushSubscriptionView + } + alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.CommonAPI alias Pleroma.Web.OAuth.{Authorization, Token, App} alias Pleroma.Web.MediaProxy - alias Comeonin.Pbkdf2 + import Ecto.Query require Logger @@ -1160,8 +1169,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, %{}) end - alias Pleroma.Web.MastodonAPI.PushSubscriptionView - def create_push_subscription(%{assigns: %{user: user, token: token}} = conn, params) do Pleroma.Web.Push.Subscription.delete_if_exists(user, token) {:ok, subscription} = Pleroma.Web.Push.Subscription.create(user, token, params) diff --git a/lib/pleroma/web/push/push.ex b/lib/pleroma/web/push/push.ex index 4ac3be8a3..4e9bc5741 100644 --- a/lib/pleroma/web/push/push.ex +++ b/lib/pleroma/web/push/push.ex @@ -70,7 +70,6 @@ defmodule Pleroma.Web.Push do data -> Logger.error("Web Push Nonification failed with unknown error") - IO.inspect(data) :error end end) -- cgit v1.2.3 From 6f36e903b0a8702ec279df29c1d039cb08a574d4 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 6 Dec 2018 20:55:46 +0700 Subject: use `User.avatar_url` --- lib/pleroma/web/push/push.ex | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/push/push.ex b/lib/pleroma/web/push/push.ex index 4e9bc5741..5a873ec19 100644 --- a/lib/pleroma/web/push/push.ex +++ b/lib/pleroma/web/push/push.ex @@ -68,7 +68,7 @@ defmodule Pleroma.Web.Push do Logger.error("Web Push Nonification failed with code: #{code}") :error - data -> + _ -> Logger.error("Web Push Nonification failed with unknown error") :error end @@ -86,7 +86,7 @@ defmodule Pleroma.Web.Push do %{ title: "New Mention", body: "@#{actor.nickname} has mentiond you", - icon: get_avatar_url(actor) + icon: User.avatar_url(actor) } end @@ -94,7 +94,7 @@ defmodule Pleroma.Web.Push do %{ title: "New Follower", body: "@#{actor.nickname} has followed you", - icon: get_avatar_url(actor) + icon: User.avatar_url(actor) } end @@ -102,7 +102,7 @@ defmodule Pleroma.Web.Push do %{ title: "New Announce", body: "@#{actor.nickname} has announced your post", - icon: get_avatar_url(actor) + icon: User.avatar_url(actor) } end @@ -110,18 +110,7 @@ defmodule Pleroma.Web.Push do %{ title: "New Like", body: "@#{actor.nickname} has liked your post", - icon: get_avatar_url(actor) + icon: User.avatar_url(actor) } end - - def get_avatar_url(%{avatar: %{"type" => "Image", "url" => urls}}) do - case List.first(urls) do - %{"href" => url} -> url - _ -> get_avatar_url(nil) - end - end - - def get_avatar_url(_) do - Pleroma.Web.Endpoint.static_url() <> "/images/avi.png" - end end -- cgit v1.2.3 From d27e3f269f5e93efd91397ada72656120be3db41 Mon Sep 17 00:00:00 2001 From: scarlett Date: Thu, 6 Dec 2018 14:00:41 +0000 Subject: Rename regular expression 'have_re' to 'reply_prefix'. --- lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex b/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex index a3b9c4616..c8c74ede6 100644 --- a/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex +++ b/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex @@ -3,16 +3,16 @@ defmodule Pleroma.Web.ActivityPub.MRF.EnsureRePrepended do @behaviour Pleroma.Web.ActivityPub.MRF - @have_re Regex.compile!("^re:[[:space:]]*", [:caseless]) + @reply_prefix Regex.compile!("^re:[[:space:]]*", [:caseless]) def filter_by_summary( %{"summary" => parent_summary} = parent, %{"summary" => child_summary} = child ) when not is_nil(child_summary) and byte_size(child_summary) > 0 and not is_nil(parent_summary) and byte_size(parent_summary) > 0 do - if (child_summary == parent_summary and not Regex.match?(@have_re, child_summary)) or - (Regex.match?(@have_re, parent_summary) && - Regex.replace(@have_re, parent_summary, "") == child_summary) do + if (child_summary == parent_summary and not Regex.match?(@reply_prefix, child_summary)) or + (Regex.match?(@reply_prefix, parent_summary) && + Regex.replace(@reply_prefix, parent_summary, "") == child_summary) do Map.put(child, "summary", "re: " <> child_summary) else child -- cgit v1.2.3 From 2ae1128d9f7a89aff6ba7fb3d486a00f76dbc28b Mon Sep 17 00:00:00 2001 From: rinpatch Date: Thu, 6 Dec 2018 17:42:07 +0300 Subject: MastoAPI: Fix put_settings --- lib/pleroma/user.ex | 4 ---- lib/pleroma/user/info.ex | 5 +++++ lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 8 +++++--- 3 files changed, 10 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 74ae5ef0d..9da674982 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -62,10 +62,6 @@ defmodule Pleroma.User do |> validate_required([:following]) end - def info_changeset(struct, params \\ %{}) do - raise "NOT VALID ANYMORE" - end - def user_info(%User{} = user) do oneself = if user.local, do: 1, else: 0 diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index 7a99787f8..d81b45b8d 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -149,6 +149,11 @@ defmodule Pleroma.User.Info do ]) end + def mastodon_settings_update(info, params) do + info + |> cast(params, [:settings]) + end + def set_source_data(info, source_data) do params = %{source_data: source_data} diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index eecfc742b..e8dd9db15 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -970,9 +970,11 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do - with new_info <- Map.put(user.info, "settings", settings), - change <- User.info_changeset(user, %{info: new_info}), - {:ok, _user} <- User.update_and_set_cache(change) do + info_cng = User.Info.mastodon_settings_update(user.info, settings) + + with changeset <- User.update_changeset(user), + changeset <- Ecto.Changeset.put_embed(changeset, :info, info_cng), + {:ok, user} <- User.update_and_set_cache(changeset) do conn |> json(%{}) else -- cgit v1.2.3