From 00e8f0b07dd3dced84b0317e1c5c4156d249dec4 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 1 Feb 2019 13:10:50 +0100 Subject: Plugs.HTTPSecurityPlug: Add unsafe-eval to script-src when in dev mode This is needed to run dev mode mastofe at the same time --- lib/pleroma/plugs/http_security_plug.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex index 3c8e6a18f..05e935f2c 100644 --- a/lib/pleroma/plugs/http_security_plug.ex +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -43,9 +43,11 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do "media-src 'self' https:", "style-src 'self' 'unsafe-inline'", "font-src 'self'", - "script-src 'self'", "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"), "manifest-src 'self'", + if Mix.env() == :dev do + "script-src 'self' 'unsafe-eval'" + end, if scheme == "https" do "upgrade-insecure-requests" end -- cgit v1.2.3 From da4c662af31a2c45c767f2a9ed136272ee9fc2c8 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 2 Feb 2019 19:06:26 +0100 Subject: Plugs.HTTPSecurityPlug: Add webpacker to connect-src --- lib/pleroma/plugs/http_security_plug.ex | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex index 05e935f2c..057553e24 100644 --- a/lib/pleroma/plugs/http_security_plug.ex +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -34,6 +34,21 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do defp csp_string do scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme] + websocket_url = String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws") + + connect_src = + if Mix.env() == :dev do + "connect-src 'self' http://localhost:3035/ " <> websocket_url + else + "connect-src 'self' " <> websocket_url + end + + script_src = + if Mix.env() == :dev do + "script-src 'self' 'unsafe-eval'" + else + "script-src 'self'" + end [ "default-src 'none'", @@ -43,11 +58,9 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do "media-src 'self' https:", "style-src 'self' 'unsafe-inline'", "font-src 'self'", - "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"), "manifest-src 'self'", - if Mix.env() == :dev do - "script-src 'self' 'unsafe-eval'" - end, + connect_src, + script_src, if scheme == "https" do "upgrade-insecure-requests" end -- cgit v1.2.3 From 1d727cd0691fdedcd78d5ef22c07a1b280531037 Mon Sep 17 00:00:00 2001 From: Karen Konou Date: Tue, 12 Feb 2019 23:25:09 +0100 Subject: added checks for public url and follower collections --- .../web/activity_pub/mrf/hellthread_policy.ex | 23 +++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex index 4c6e612b2..9be382972 100644 --- a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex @@ -14,6 +14,23 @@ defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do |> Map.put("cc", ["https://www.w3.org/ns/activitystreams#Public"]) end + defp get_recipient_count(message) do + recipients = (message["to"] || []) ++ (message["cc"] || []) + + cond do + Enum.member?(recipients, "https://www.w3.org/ns/activitystreams#Public") && + Enum.find(recipients, &String.ends_with?(&1, "/followers")) -> + length(recipients) - 2 + + Enum.member?(recipients, "https://www.w3.org/ns/activitystreams#Public") || + Enum.find(recipients, &String.ends_with?(&1, "/followers")) -> + length(recipients) - 1 + + true -> + length(recipients) + end + end + @impl true def filter(%{"type" => "Create"} = message) do delist_threshold = Pleroma.Config.get([:mrf_hellthread, :delist_threshold]) @@ -24,13 +41,13 @@ defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do Pleroma.Config.get([:mrf_hellthread, :threshold]) ) - recipients = (message["to"] || []) ++ (message["cc"] || []) + recipients = get_recipient_count(message) cond do - length(recipients) > reject_threshold and reject_threshold > 0 -> + recipients > reject_threshold and reject_threshold > 0 -> {:reject, nil} - length(recipients) > delist_threshold and delist_threshold > 0 -> + recipients > delist_threshold and delist_threshold > 0 -> if Enum.member?(message["to"], "https://www.w3.org/ns/activitystreams#Public") or Enum.member?(message["cc"], "https://www.w3.org/ns/activitystreams#Public") do {:ok, delist_message(message)} -- cgit v1.2.3 From b7bc666200d6cd113365af7456b4135c86f1db03 Mon Sep 17 00:00:00 2001 From: hakabahitoyo Date: Wed, 13 Feb 2019 15:46:42 +0900 Subject: bugfix mdii uploader --- lib/pleroma/uploaders/mdii.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/mdii.ex b/lib/pleroma/uploaders/mdii.ex index 320b07abd..190ed9f3a 100644 --- a/lib/pleroma/uploaders/mdii.ex +++ b/lib/pleroma/uploaders/mdii.ex @@ -25,7 +25,7 @@ defmodule Pleroma.Uploaders.MDII do query = "#{cgi}?#{extension}" with {:ok, %{status: 200, body: body}} <- - @httpoison.post(query, file_data, adapter: [pool: :default]) do + @httpoison.post(query, file_data, [], adapter: [pool: :default]) do remote_file_name = String.split(body) |> List.first() public_url = "#{files}/#{remote_file_name}.#{extension}" {:ok, {:url, public_url}} -- cgit v1.2.3 From 88a4de24f9bc6fc73696cb5c986440c2c659b636 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 13 Feb 2019 13:52:27 +0100 Subject: User.follow_all: Respect blocks in both directions. --- lib/pleroma/user.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 0060d966b..3232cb842 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -311,12 +311,12 @@ defmodule Pleroma.User do end end - @doc "A mass follow for local users. Respects blocks but does not create activities." + @doc "A mass follow for local users. Respects blocks in both directions but does not create activities." @spec follow_all(User.t(), list(User.t())) :: {atom(), User.t()} def follow_all(follower, followeds) do followed_addresses = followeds - |> Enum.reject(fn %{ap_id: ap_id} -> ap_id in follower.info.blocks end) + |> Enum.reject(fn followed -> blocks?(follower, followed) || blocks?(followed, follower) end) |> Enum.map(fn %{follower_address: fa} -> fa end) q = -- cgit v1.2.3 From bef9b9cb669d6c1081eb83c624af89dbf9a8b9da Mon Sep 17 00:00:00 2001 From: Karen Konou Date: Wed, 13 Feb 2019 16:23:09 +0100 Subject: refactored code --- .../web/activity_pub/mrf/hellthread_policy.ex | 82 ++++++++++++---------- 1 file changed, 46 insertions(+), 36 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex index 9be382972..1f09b4e66 100644 --- a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex @@ -7,56 +7,66 @@ defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do @behaviour Pleroma.Web.ActivityPub.MRF defp delist_message(message) do + delist_threshold = Pleroma.Config.get([:mrf_hellthread, :delist_threshold]) follower_collection = User.get_cached_by_ap_id(message["actor"]).follower_address - message - |> Map.put("to", [follower_collection]) - |> Map.put("cc", ["https://www.w3.org/ns/activitystreams#Public"]) - end - - defp get_recipient_count(message) do - recipients = (message["to"] || []) ++ (message["cc"] || []) - - cond do - Enum.member?(recipients, "https://www.w3.org/ns/activitystreams#Public") && - Enum.find(recipients, &String.ends_with?(&1, "/followers")) -> - length(recipients) - 2 - - Enum.member?(recipients, "https://www.w3.org/ns/activitystreams#Public") || - Enum.find(recipients, &String.ends_with?(&1, "/followers")) -> - length(recipients) - 1 + message = + with {:public, recipients} <- get_recipient_count(message) do + if recipients > delist_threshold and delist_threshold > 0 do + message + |> Map.put("to", [follower_collection]) + |> Map.put("cc", ["https://www.w3.org/ns/activitystreams#Public"]) + else + message + end + else + _ -> message + end - true -> - length(recipients) - end + {:ok, message} end - @impl true - def filter(%{"type" => "Create"} = message) do - delist_threshold = Pleroma.Config.get([:mrf_hellthread, :delist_threshold]) - + defp reject_message(message) do reject_threshold = Pleroma.Config.get( [:mrf_hellthread, :reject_threshold], Pleroma.Config.get([:mrf_hellthread, :threshold]) ) - recipients = get_recipient_count(message) - - cond do - recipients > reject_threshold and reject_threshold > 0 -> + with {_, recipients} <- get_recipient_count(message) do + if recipients > reject_threshold and reject_threshold > 0 do {:reject, nil} + else + {:ok, message} + end + end + end - recipients > delist_threshold and delist_threshold > 0 -> - if Enum.member?(message["to"], "https://www.w3.org/ns/activitystreams#Public") or - Enum.member?(message["cc"], "https://www.w3.org/ns/activitystreams#Public") do - {:ok, delist_message(message)} - else - {:ok, message} - end + defp get_recipient_count(message) do + recipients = (message["to"] || []) ++ (message["cc"] || []) + follower_collection = User.get_cached_by_ap_id(message["actor"]).follower_address - true -> - {:ok, message} + if Enum.member?(recipients, "https://www.w3.org/ns/activitystreams#Public") do + recipients + |> List.delete("https://www.w3.org/ns/activitystreams#Public") + |> List.delete(follower_collection) + + {:public, length(recipients)} + else + recipients + |> List.delete(follower_collection) + + {:not_public, length(recipients)} + end + end + + @impl true + def filter(%{"type" => "Create"} = message) do + with {:ok, message} <- reject_message(message), + {:ok, message} <- delist_message(message) do + {:ok, message} + else + _e -> {:reject, nil} end end -- cgit v1.2.3 From 90facd359813197060f6c33f2389fce772550fc3 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 12 Feb 2019 21:28:11 +0000 Subject: user view: add AP C2S oauth endpoints to local user profiles --- lib/pleroma/web/activity_pub/views/user_view.ex | 26 +++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 15e6c1f68..0d880212e 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -15,6 +15,20 @@ defmodule Pleroma.Web.ActivityPub.UserView do import Ecto.Query + def render("endpoints.json", %{user: %{local: true} = _user}) do + %{ + "oauthAuthorizationEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/authorize", + "oauthTokenEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/token" + } + |> Map.merge(render("endpoints.json", nil)) + end + + def render("endpoints.json", _) do + %{ + "sharedInbox" => "#{Pleroma.Web.Endpoint.url()}/inbox" + } + end + # the instance itself is not a Person, but instead an Application def render("user.json", %{user: %{nickname: nil} = user}) do {:ok, user} = WebFinger.ensure_keys_present(user) @@ -22,6 +36,8 @@ defmodule Pleroma.Web.ActivityPub.UserView do public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key) public_key = :public_key.pem_encode([public_key]) + endpoints = render("endpoints.json", %{user: user}) + %{ "id" => user.ap_id, "type" => "Application", @@ -37,9 +53,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do "owner" => user.ap_id, "publicKeyPem" => public_key }, - "endpoints" => %{ - "sharedInbox" => "#{Pleroma.Web.Endpoint.url()}/inbox" - } + "endpoints" => endpoints } |> Map.merge(Utils.make_json_ld_header()) end @@ -50,6 +64,8 @@ defmodule Pleroma.Web.ActivityPub.UserView do public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key) public_key = :public_key.pem_encode([public_key]) + endpoints = render("endpoints.json", %{user: user}) + %{ "id" => user.ap_id, "type" => "Person", @@ -67,9 +83,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do "owner" => user.ap_id, "publicKeyPem" => public_key }, - "endpoints" => %{ - "sharedInbox" => "#{Pleroma.Web.Endpoint.url()}/inbox" - }, + "endpoints" => endpoints, "icon" => %{ "type" => "Image", "url" => User.avatar_url(user) -- cgit v1.2.3 From db8abd958dc2266262def048352466280c12d3a7 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 12 Feb 2019 21:42:32 +0000 Subject: activitypub: user view: fix up endpoints rendering --- lib/pleroma/web/activity_pub/views/user_view.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 0d880212e..44beee728 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -15,12 +15,12 @@ defmodule Pleroma.Web.ActivityPub.UserView do import Ecto.Query - def render("endpoints.json", %{user: %{local: true} = _user}) do + def render("endpoints.json", %{user: %User{local: true} = _user}) do %{ "oauthAuthorizationEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/authorize", "oauthTokenEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/token" } - |> Map.merge(render("endpoints.json", nil)) + |> Map.merge(render("endpoints.json", %{user: nil})) end def render("endpoints.json", _) do -- cgit v1.2.3 From 29e946ace43f5dd3342e2bd3699004e9c56e711d Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 12 Feb 2019 21:49:48 +0000 Subject: activitypub: user view: add oauthRegistrationEndpoint to user profiles --- lib/pleroma/web/activity_pub/views/user_view.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 44beee728..af75546dd 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -18,6 +18,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do def render("endpoints.json", %{user: %User{local: true} = _user}) do %{ "oauthAuthorizationEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/authorize", + "oauthRegistrationEndpoint" => "#{Pleroma.Web.Endpoint.url()}/api/v1/apps", "oauthTokenEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/token" } |> Map.merge(render("endpoints.json", %{user: nil})) -- cgit v1.2.3 From 9bd6ed975ec57f46ff6796fadb8822faec262bbc Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 13 Feb 2019 19:20:41 +0000 Subject: activitypub: user view: use route helpers instead of hardcoded URIs --- lib/pleroma/web/activity_pub/views/user_view.ex | 18 ++++++++---------- lib/pleroma/web/router.ex | 2 +- 2 files changed, 9 insertions(+), 11 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index af75546dd..035463de2 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -12,23 +12,21 @@ defmodule Pleroma.Web.ActivityPub.UserView do alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Transmogrifier alias Pleroma.Web.ActivityPub.Utils + alias Pleroma.Web.Router.Helpers + alias Pleroma.Web.Endpoint import Ecto.Query - def render("endpoints.json", %{user: %User{local: true} = _user}) do + def render("endpoints.json", %{user: %User{nickname: _nickname, local: true} = _user}) do %{ - "oauthAuthorizationEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/authorize", - "oauthRegistrationEndpoint" => "#{Pleroma.Web.Endpoint.url()}/api/v1/apps", - "oauthTokenEndpoint" => "#{Pleroma.Web.Endpoint.url()}/oauth/token" + "oauthAuthorizationEndpoint" => Helpers.o_auth_url(Endpoint, :authorize), + "oauthRegistrationEndpoint" => Helpers.mastodon_api_url(Endpoint, :create_app), + "oauthTokenEndpoint" => Helpers.o_auth_url(Endpoint, :token_exchange), + "sharedInbox" => Helpers.activity_pub_url(Endpoint, :inbox) } - |> Map.merge(render("endpoints.json", %{user: nil})) end - def render("endpoints.json", _) do - %{ - "sharedInbox" => "#{Pleroma.Web.Endpoint.url()}/inbox" - } - end + def render("endpoints.json", _), do: %{} # the instance itself is not a Person, but instead an Application def render("user.json", %{user: %{nickname: nil} = user}) do diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 5b5627ce8..d66a1c2a1 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -468,8 +468,8 @@ defmodule Pleroma.Web.Router do scope "/", Pleroma.Web.ActivityPub do pipe_through(:activitypub) - post("/users/:nickname/inbox", ActivityPubController, :inbox) post("/inbox", ActivityPubController, :inbox) + post("/users/:nickname/inbox", ActivityPubController, :inbox) end scope "/.well-known", Pleroma.Web do -- cgit v1.2.3 From f62c1d6266be1af59aa5e0fe05e438c54c330e74 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Wed, 13 Feb 2019 22:33:22 +0000 Subject: Improve login error for OAuth flow --- lib/pleroma/web/templates/layout/app.html.eex | 26 ++++++++++++++++++++++ .../web/templates/o_auth/o_auth/show.html.eex | 4 ++++ 2 files changed, 30 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/templates/layout/app.html.eex b/lib/pleroma/web/templates/layout/app.html.eex index 8dd3284d6..520e4b3d5 100644 --- a/lib/pleroma/web/templates/layout/app.html.eex +++ b/lib/pleroma/web/templates/layout/app.html.eex @@ -67,6 +67,32 @@ font-weight: 500; font-size: 16px; } + + .alert-danger { + box-sizing: border-box; + width: 100%; + color: #D8000C; + background-color: #FFD2D2; + border-radius: 4px; + border: none; + padding: 10px; + margin-top: 20px; + font-weight: 500; + font-size: 16px; + } + + .alert-info { + box-sizing: border-box; + width: 100%; + color: #00529B; + background-color: #BDE5F8; + border-radius: 4px; + border: none; + padding: 10px; + margin-top: 20px; + font-weight: 500; + font-size: 16px; + } diff --git a/lib/pleroma/web/templates/o_auth/o_auth/show.html.eex b/lib/pleroma/web/templates/o_auth/o_auth/show.html.eex index de2241ec9..32c458f0c 100644 --- a/lib/pleroma/web/templates/o_auth/o_auth/show.html.eex +++ b/lib/pleroma/web/templates/o_auth/o_auth/show.html.eex @@ -1,5 +1,9 @@ +<%= if get_flash(@conn, :info) do %> +<% end %> +<%= if get_flash(@conn, :error) do %> +<% end %>

OAuth Authorization

<%= form_for @conn, o_auth_path(@conn, :authorize), [as: "authorization"], fn f -> %> <%= label f, :name, "Name or email" %> -- cgit v1.2.3 From 94cbbb0e3a047c1d2851e2214b408dc19f569fbd Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 14 Feb 2019 00:27:35 +0000 Subject: activitypub: transmogrifier: do not attempt to expand pre-existing AS2 tag objects --- lib/pleroma/web/activity_pub/transmogrifier.ex | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 98a2af819..5da65fa39 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -765,12 +765,18 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def add_hashtags(object) do tags = (object["tag"] || []) - |> Enum.map(fn tag -> - %{ - "href" => Pleroma.Web.Endpoint.url() <> "/tags/#{tag}", - "name" => "##{tag}", - "type" => "Hashtag" - } + |> Enum.map(fn + # Expand internal representation tags into AS2 tags. + tag when is_binary(tag) -> + %{ + "href" => Pleroma.Web.Endpoint.url() <> "/tags/#{tag}", + "name" => "##{tag}", + "type" => "Hashtag" + } + + # Do not process tags which are already AS2 tag objects. + tag when is_map(tag) -> + tag end) object -- cgit v1.2.3 From e05bf2940f764e8182edcf58659eeee1db751118 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 14 Feb 2019 00:34:20 +0000 Subject: activitypub: transmogrifier: correctly handle nil inReplyTo value --- lib/pleroma/web/activity_pub/transmogrifier.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 5da65fa39..26b2dd575 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -649,7 +649,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do if object = Object.normalize(id), do: {:ok, object}, else: nil end - def set_reply_to_uri(%{"inReplyTo" => inReplyTo} = object) do + def set_reply_to_uri(%{"inReplyTo" => inReplyTo} = object) when is_binary(inReplyTo) do with false <- String.starts_with?(inReplyTo, "http"), {:ok, %{data: replied_to_object}} <- get_obj_helper(inReplyTo) do Map.put(object, "inReplyTo", replied_to_object["external_url"] || inReplyTo) -- cgit v1.2.3 From e9ef4b8da627e516d5f1a2b742c6dafa65232098 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 14 Feb 2019 01:05:25 +0000 Subject: oauth: never use base64 padding when returning tokens to applications The normal Base64 alphabet uses the equals sign (=) as a padding character. Since Base64 strings are self-synchronizing, padding characters are unnecessary, so don't generate them in the first place. --- lib/pleroma/web/oauth/app.ex | 10 ++++++++-- lib/pleroma/web/oauth/authorization.ex | 2 +- lib/pleroma/web/oauth/oauth_controller.ex | 2 +- lib/pleroma/web/oauth/token.ex | 4 ++-- 4 files changed, 12 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/oauth/app.ex b/lib/pleroma/web/oauth/app.ex index 3e8acde31..8b61bf3a4 100644 --- a/lib/pleroma/web/oauth/app.ex +++ b/lib/pleroma/web/oauth/app.ex @@ -25,8 +25,14 @@ defmodule Pleroma.Web.OAuth.App do if changeset.valid? do changeset - |> put_change(:client_id, :crypto.strong_rand_bytes(32) |> Base.url_encode64()) - |> put_change(:client_secret, :crypto.strong_rand_bytes(32) |> Base.url_encode64()) + |> put_change( + :client_id, + :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false) + ) + |> put_change( + :client_secret, + :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false) + ) else changeset end diff --git a/lib/pleroma/web/oauth/authorization.ex b/lib/pleroma/web/oauth/authorization.ex index 75c9ab9aa..9039b8b45 100644 --- a/lib/pleroma/web/oauth/authorization.ex +++ b/lib/pleroma/web/oauth/authorization.ex @@ -24,7 +24,7 @@ defmodule Pleroma.Web.OAuth.Authorization do end def create_authorization(%App{} = app, %User{} = user) do - token = :crypto.strong_rand_bytes(32) |> Base.url_encode64() + token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false) authorization = %Authorization{ token: token, diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index e4d0601f8..dddfcf299 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -173,7 +173,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do token |> URI.decode() |> Base.url_decode64!(padding: false) - |> Base.url_encode64() + |> Base.url_encode64(padding: false) end defp get_app_from_request(conn, params) do diff --git a/lib/pleroma/web/oauth/token.ex b/lib/pleroma/web/oauth/token.ex index b0bbeeb69..ca9e718ac 100644 --- a/lib/pleroma/web/oauth/token.ex +++ b/lib/pleroma/web/oauth/token.ex @@ -31,8 +31,8 @@ defmodule Pleroma.Web.OAuth.Token do end def create_token(%App{} = app, %User{} = user) do - token = :crypto.strong_rand_bytes(32) |> Base.url_encode64() - refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64() + token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false) + refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false) token = %Token{ token: token, -- cgit v1.2.3 From 64620d8980e3e93791d3f880296be2060ffc4d39 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 14 Feb 2019 02:41:21 +0000 Subject: activitypub: user view: do not expose oAuth endpoints for instance users --- lib/pleroma/web/activity_pub/views/user_view.ex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 035463de2..b363a3dc4 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -17,7 +17,11 @@ defmodule Pleroma.Web.ActivityPub.UserView do import Ecto.Query - def render("endpoints.json", %{user: %User{nickname: _nickname, local: true} = _user}) do + def render("endpoints.json", %{user: %User{nickname: nil, local: true} = _user}) do + %{"sharedInbox" => Helpers.activity_pub_url(Endpoint, :inbox)} + end + + def render("endpoints.json", %{user: %User{local: true} = _user}) do %{ "oauthAuthorizationEndpoint" => Helpers.o_auth_url(Endpoint, :authorize), "oauthRegistrationEndpoint" => Helpers.mastodon_api_url(Endpoint, :create_app), -- cgit v1.2.3 From ee2fa1a31475259575a267e67cf5d7da04a30616 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 14 Feb 2019 03:01:39 +0000 Subject: activitypub: user view: remove totalInbox from user inbox view It is not really feasible to quickly calculate the totalItems value and it shouldn't be trusted anyway. --- lib/pleroma/web/activity_pub/views/user_view.ex | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index b363a3dc4..1e16f7ebb 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -224,7 +224,6 @@ defmodule Pleroma.Web.ActivityPub.UserView do "id" => "#{iri}?max_id=#{max_id}", "type" => "OrderedCollectionPage", "partOf" => iri, - "totalItems" => -1, "orderedItems" => collection, "next" => "#{iri}?max_id=#{min_id}" } @@ -233,7 +232,6 @@ defmodule Pleroma.Web.ActivityPub.UserView do %{ "id" => iri, "type" => "OrderedCollection", - "totalItems" => -1, "first" => page } |> Map.merge(Utils.make_json_ld_header()) -- cgit v1.2.3 From 6542b8629203cd3b3ef4f0a08a5ad67451366a72 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 14 Feb 2019 03:02:45 +0000 Subject: activitypub: user view: remove totalItems from user outbox (this is based on a counter in User.Info, but the counter is not reliable.) --- lib/pleroma/web/activity_pub/views/user_view.ex | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 1e16f7ebb..506fa5ea3 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -177,7 +177,6 @@ defmodule Pleroma.Web.ActivityPub.UserView do "id" => "#{iri}?max_id=#{max_id}", "type" => "OrderedCollectionPage", "partOf" => iri, - "totalItems" => info.note_count, "orderedItems" => collection, "next" => "#{iri}?max_id=#{min_id}" } @@ -186,7 +185,6 @@ defmodule Pleroma.Web.ActivityPub.UserView do %{ "id" => iri, "type" => "OrderedCollection", - "totalItems" => info.note_count, "first" => page } |> Map.merge(Utils.make_json_ld_header()) -- cgit v1.2.3 From 5307c211b8ca00def779221ecbde2cc4bea6d2d5 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 14 Feb 2019 03:03:41 +0000 Subject: activitypub: user view: report totalItems=0 for follows/followers when hidden --- lib/pleroma/web/activity_pub/views/user_view.ex | 37 +++++++++++++++++++------ 1 file changed, 29 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 506fa5ea3..dd1ab3d2b 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -104,8 +104,14 @@ defmodule Pleroma.Web.ActivityPub.UserView do query = User.get_friends_query(user) query = from(user in query, select: [:ap_id]) following = Repo.all(query) + total = + if !user.info.hide_follows do + length(following) + else + 0 + end - collection(following, "#{user.ap_id}/following", page, !user.info.hide_follows) + collection(following, "#{user.ap_id}/following", page, !user.info.hide_follows, total) |> Map.merge(Utils.make_json_ld_header()) end @@ -113,11 +119,17 @@ defmodule Pleroma.Web.ActivityPub.UserView do query = User.get_friends_query(user) query = from(user in query, select: [:ap_id]) following = Repo.all(query) + total = + if !user.info.hide_follows do + length(following) + else + 0 + end %{ "id" => "#{user.ap_id}/following", "type" => "OrderedCollection", - "totalItems" => length(following), + "totalItems" => total, "first" => collection(following, "#{user.ap_id}/following", 1, !user.info.hide_follows) } |> Map.merge(Utils.make_json_ld_header()) @@ -127,8 +139,14 @@ defmodule Pleroma.Web.ActivityPub.UserView do query = User.get_followers_query(user) query = from(user in query, select: [:ap_id]) followers = Repo.all(query) + total = + if !user.info.hide_followers do + length(followers) + else + 0 + end - collection(followers, "#{user.ap_id}/followers", page, !user.info.hide_followers) + collection(followers, "#{user.ap_id}/followers", page, !user.info.hide_followers, total) |> Map.merge(Utils.make_json_ld_header()) end @@ -136,20 +154,23 @@ defmodule Pleroma.Web.ActivityPub.UserView do query = User.get_followers_query(user) query = from(user in query, select: [:ap_id]) followers = Repo.all(query) + total = + if !user.info.hide_followers do + length(followers) + else + 0 + end %{ "id" => "#{user.ap_id}/followers", "type" => "OrderedCollection", - "totalItems" => length(followers), - "first" => collection(followers, "#{user.ap_id}/followers", 1, !user.info.hide_followers) + "totalItems" => total, + "first" => collection(followers, "#{user.ap_id}/followers", 1, !user.info.hide_followers, total) } |> Map.merge(Utils.make_json_ld_header()) end def render("outbox.json", %{user: user, max_id: max_qid}) do - # XXX: technically note_count is wrong for this, but it's better than nothing - info = User.user_info(user) - params = %{ "limit" => "10" } -- cgit v1.2.3 From 72ba5b4ab73ff725b91888e38af612082f8df5ad Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 14 Feb 2019 03:13:07 +0000 Subject: activitypub: user view: formatting --- lib/pleroma/web/activity_pub/views/user_view.ex | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index dd1ab3d2b..c8e154989 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -104,6 +104,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do query = User.get_friends_query(user) query = from(user in query, select: [:ap_id]) following = Repo.all(query) + total = if !user.info.hide_follows do length(following) @@ -119,6 +120,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do query = User.get_friends_query(user) query = from(user in query, select: [:ap_id]) following = Repo.all(query) + total = if !user.info.hide_follows do length(following) @@ -139,6 +141,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do query = User.get_followers_query(user) query = from(user in query, select: [:ap_id]) followers = Repo.all(query) + total = if !user.info.hide_followers do length(followers) @@ -154,6 +157,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do query = User.get_followers_query(user) query = from(user in query, select: [:ap_id]) followers = Repo.all(query) + total = if !user.info.hide_followers do length(followers) @@ -165,7 +169,8 @@ defmodule Pleroma.Web.ActivityPub.UserView do "id" => "#{user.ap_id}/followers", "type" => "OrderedCollection", "totalItems" => total, - "first" => collection(followers, "#{user.ap_id}/followers", 1, !user.info.hide_followers, total) + "first" => + collection(followers, "#{user.ap_id}/followers", 1, !user.info.hide_followers, total) } |> Map.merge(Utils.make_json_ld_header()) end -- cgit v1.2.3 From 907306174b082cccd823894c855194a4fc1e8305 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 14 Feb 2019 15:55:21 +0700 Subject: fix S3 links encoding in Mediaproxy --- lib/pleroma/web/media_proxy/media_proxy.ex | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index 1e9da7283..39a725a69 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -19,11 +19,16 @@ defmodule Pleroma.Web.MediaProxy do else secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base] + # Must preserve `%2F` for compatibility with S3 (https://git.pleroma.social/pleroma/pleroma/issues/580) + replacement = get_replacement(url, ":2F:") + # The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice. base64 = url + |> String.replace("%2F", replacement) |> URI.decode() |> URI.encode() + |> String.replace(replacement, "%2F") |> Base.url_encode64(@base64_opts) sig = :crypto.hmac(:sha, secret, base64) @@ -60,4 +65,12 @@ defmodule Pleroma.Web.MediaProxy do |> Enum.filter(fn value -> value end) |> Path.join() end + + defp get_replacement(url, replacement) do + if String.contains?(url, replacement) do + get_replacement(url, replacement <> replacement) + else + replacement + end + end end -- cgit v1.2.3 From 56862f4ce1275689416661847b0734129f5471ae Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 14 Feb 2019 19:42:33 +0000 Subject: activitypub: clean up logging statements a little --- lib/pleroma/web/activity_pub/activity_pub.ex | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index c46d8233e..ab2872f56 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -818,8 +818,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do if object = Object.get_cached_by_ap_id(id) do {:ok, object} else - Logger.info("Fetching #{id} via AP") - with {:ok, data} <- fetch_and_contain_remote_object_from_id(id), nil <- Object.normalize(data), params <- %{ @@ -851,7 +849,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end def fetch_and_contain_remote_object_from_id(id) do - Logger.info("Fetching #{id} via AP") + Logger.info("Fetching object #{id} via AP") with true <- String.starts_with?(id, "http"), {:ok, %{body: body, status: code}} when code in 200..299 <- -- cgit v1.2.3 From da44cdd3812fabb777c738b162c704de22e4b2f4 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 14 Feb 2019 19:58:24 +0000 Subject: user: search: use get_or_fetch() instead of get_or_fetch_by_nickname() get_or_fetch() handles the nickname verses URI differences transparently. --- lib/pleroma/user.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 3232cb842..29d2b3d89 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -731,7 +731,7 @@ defmodule Pleroma.User do # Strip the beginning @ off if there is a query query = String.trim_leading(query, "@") - if resolve, do: User.get_or_fetch_by_nickname(query) + if resolve, do: get_or_fetch(query) fts_results = do_search(fts_search_subquery(query), for_user) -- cgit v1.2.3 From d943c90249e0a598e57a0dbdf41d387b53916092 Mon Sep 17 00:00:00 2001 From: Karen Konou Date: Fri, 15 Feb 2019 12:47:50 +0100 Subject: Add tests, change default config values, fix a bug --- lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex index 1f09b4e66..95211c596 100644 --- a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex @@ -47,14 +47,16 @@ defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do follower_collection = User.get_cached_by_ap_id(message["actor"]).follower_address if Enum.member?(recipients, "https://www.w3.org/ns/activitystreams#Public") do - recipients - |> List.delete("https://www.w3.org/ns/activitystreams#Public") - |> List.delete(follower_collection) + recipients = + recipients + |> List.delete("https://www.w3.org/ns/activitystreams#Public") + |> List.delete(follower_collection) {:public, length(recipients)} else - recipients - |> List.delete(follower_collection) + recipients = + recipients + |> List.delete(follower_collection) {:not_public, length(recipients)} end -- cgit v1.2.3 From dca6bee2f7eba1dc366cc65d3087f20678549739 Mon Sep 17 00:00:00 2001 From: Karen Konou Date: Fri, 15 Feb 2019 13:43:14 +0100 Subject: Rename test, add check for follower collection when delisting --- lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex index 95211c596..1fd7b9c67 100644 --- a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex @@ -10,17 +10,22 @@ defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do delist_threshold = Pleroma.Config.get([:mrf_hellthread, :delist_threshold]) follower_collection = User.get_cached_by_ap_id(message["actor"]).follower_address + follower_collection? = Enum.member?(message["to"] ++ message["cc"], follower_collection) + message = - with {:public, recipients} <- get_recipient_count(message) do - if recipients > delist_threshold and delist_threshold > 0 do + case recipients = get_recipient_count(message) do + {:public, _} when follower_collection? and recipients > delist_threshold -> message |> Map.put("to", [follower_collection]) |> Map.put("cc", ["https://www.w3.org/ns/activitystreams#Public"]) - else + + {:public, _} when recipients > delist_threshold -> + message + |> Map.put("to", []) + |> Map.put("cc", ["https://www.w3.org/ns/activitystreams#Public"]) + + _ -> message - end - else - _ -> message end {:ok, message} -- cgit v1.2.3 From c2e0a0c8d44f8697160d4597db45c5c4afd0d8a6 Mon Sep 17 00:00:00 2001 From: Karen Konou Date: Fri, 15 Feb 2019 14:05:20 +0100 Subject: Readd threshold is not 0 check, optmization? --- .../web/activity_pub/mrf/hellthread_policy.ex | 32 +++++++++++++--------- 1 file changed, 19 insertions(+), 13 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex index 1fd7b9c67..8ab1dd4e5 100644 --- a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex @@ -6,20 +6,20 @@ defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do alias Pleroma.User @behaviour Pleroma.Web.ActivityPub.MRF - defp delist_message(message) do - delist_threshold = Pleroma.Config.get([:mrf_hellthread, :delist_threshold]) + defp delist_message(message, threshold) when threshold > 0 do follower_collection = User.get_cached_by_ap_id(message["actor"]).follower_address follower_collection? = Enum.member?(message["to"] ++ message["cc"], follower_collection) message = case recipients = get_recipient_count(message) do - {:public, _} when follower_collection? and recipients > delist_threshold -> + {:public, _} + when follower_collection? and recipients > threshold -> message |> Map.put("to", [follower_collection]) |> Map.put("cc", ["https://www.w3.org/ns/activitystreams#Public"]) - {:public, _} when recipients > delist_threshold -> + {:public, _} when recipients > threshold -> message |> Map.put("to", []) |> Map.put("cc", ["https://www.w3.org/ns/activitystreams#Public"]) @@ -31,15 +31,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do {:ok, message} end - defp reject_message(message) do - reject_threshold = - Pleroma.Config.get( - [:mrf_hellthread, :reject_threshold], - Pleroma.Config.get([:mrf_hellthread, :threshold]) - ) + defp delist_message(message, _threshold), do: {:ok, message} + defp reject_message(message, threshold) when threshold > 0 do with {_, recipients} <- get_recipient_count(message) do - if recipients > reject_threshold and reject_threshold > 0 do + if recipients > threshold do {:reject, nil} else {:ok, message} @@ -47,6 +43,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do end end + defp reject_message(message, _threshold), do: {:ok, message} + defp get_recipient_count(message) do recipients = (message["to"] || []) ++ (message["cc"] || []) follower_collection = User.get_cached_by_ap_id(message["actor"]).follower_address @@ -69,8 +67,16 @@ defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do @impl true def filter(%{"type" => "Create"} = message) do - with {:ok, message} <- reject_message(message), - {:ok, message} <- delist_message(message) do + reject_threshold = + Pleroma.Config.get( + [:mrf_hellthread, :reject_threshold], + Pleroma.Config.get([:mrf_hellthread, :threshold]) + ) + + delist_threshold = Pleroma.Config.get([:mrf_hellthread, :delist_threshold]) + + with {:ok, message} <- reject_message(message, reject_threshold), + {:ok, message} <- delist_message(message, delist_threshold) do {:ok, message} else _e -> {:reject, nil} -- cgit v1.2.3 From d812a347ca936dba764eb223fde029d83ca3fba0 Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 16 Feb 2019 16:42:34 +0100 Subject: Add optional welcome message. --- lib/pleroma/user.ex | 1 + lib/pleroma/user/welcome_message.ex | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 lib/pleroma/user/welcome_message.ex (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 29d2b3d89..3c6a9953d 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -261,6 +261,7 @@ defmodule Pleroma.User do def register(%Ecto.Changeset{} = changeset) do with {:ok, user} <- Repo.insert(changeset), {:ok, user} <- autofollow_users(user), + {:ok, _} <- Pleroma.User.WelcomeMessage.post_welcome_message_to_user(user), {:ok, _} <- try_send_confirmation_email(user) do {:ok, user} end diff --git a/lib/pleroma/user/welcome_message.ex b/lib/pleroma/user/welcome_message.ex new file mode 100644 index 000000000..6a0ec084f --- /dev/null +++ b/lib/pleroma/user/welcome_message.ex @@ -0,0 +1,33 @@ +defmodule Pleroma.User.WelcomeMessage do + alias Pleroma.User + alias Pleroma.Web.CommonAPI + import Ecto.Query + + def post_welcome_message_to_user(user) do + with %User{} = sender_user <- welcome_user(), + message when is_binary(message) <- welcome_message() do + CommonAPI.post(sender_user, %{ + "visibility" => "direct", + "status" => "@#{user.nickname}\n#{message}" + }) + else + _ -> {:ok, nil} + end + end + + defp welcome_user() do + if nickname = Pleroma.Config.get([:instance, :welcome_user_nickname]) do + from(u in User, + where: u.local == true, + where: u.nickname == ^nickname + ) + |> Pleroma.Repo.one() + else + nil + end + end + + defp welcome_message() do + Pleroma.Config.get([:instance, :welcome_message]) + end +end -- cgit v1.2.3 From 269d3e1ca6c1d01feb995a108852963ce5bc32fc Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 16 Feb 2019 17:24:48 +0100 Subject: WelcomeMessage: Get rid of Ecto reference. --- lib/pleroma/user/welcome_message.ex | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user/welcome_message.ex b/lib/pleroma/user/welcome_message.ex index 6a0ec084f..8018ac22f 100644 --- a/lib/pleroma/user/welcome_message.ex +++ b/lib/pleroma/user/welcome_message.ex @@ -1,7 +1,6 @@ defmodule Pleroma.User.WelcomeMessage do alias Pleroma.User alias Pleroma.Web.CommonAPI - import Ecto.Query def post_welcome_message_to_user(user) do with %User{} = sender_user <- welcome_user(), @@ -16,14 +15,12 @@ defmodule Pleroma.User.WelcomeMessage do end defp welcome_user() do - if nickname = Pleroma.Config.get([:instance, :welcome_user_nickname]) do - from(u in User, - where: u.local == true, - where: u.nickname == ^nickname - ) - |> Pleroma.Repo.one() + with nickname when is_binary(nickname) <- + Pleroma.Config.get([:instance, :welcome_user_nickname]), + %User{local: true} = user <- User.get_cached_by_nickname(nickname) do + user else - nil + _ -> nil end end -- cgit v1.2.3 From 96c725328b556833d59de23093fb4aeba9bb5684 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sat, 16 Feb 2019 20:38:25 +0300 Subject: Remove a limit on attachments in Mastodon API and document the changes in responses from vanilla mastodon --- lib/pleroma/web/mastodon_api/views/status_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 69f5f992c..a49b381c9 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -166,7 +166,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do sensitive: sensitive, spoiler_text: object["summary"] || "", visibility: get_visibility(object), - media_attachments: attachments |> Enum.take(4), + media_attachments: attachments, mentions: mentions, tags: build_tags(tags), application: %{ -- cgit v1.2.3 From 8f98d970c105bec3205c6ce524750583ad5fb502 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sun, 17 Feb 2019 13:46:40 +0300 Subject: Fix recipient count in hellthread policy --- lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex index 8ab1dd4e5..6736f3cb9 100644 --- a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex @@ -12,14 +12,14 @@ defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do follower_collection? = Enum.member?(message["to"] ++ message["cc"], follower_collection) message = - case recipients = get_recipient_count(message) do - {:public, _} + case get_recipient_count(message) do + {:public, recipients} when follower_collection? and recipients > threshold -> message |> Map.put("to", [follower_collection]) |> Map.put("cc", ["https://www.w3.org/ns/activitystreams#Public"]) - {:public, _} when recipients > threshold -> + {:public, recipients} when recipients > threshold -> message |> Map.put("to", []) |> Map.put("cc", ["https://www.w3.org/ns/activitystreams#Public"]) -- cgit v1.2.3